From 0778befa60efddc7626ea4937a5cb1c9dfcfadc1 Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Mon, 29 Jul 2024 10:57:46 -0700
Subject: [PATCH 01/20] add entity slicing rfc Signed-off-by: oflatt
 <oflatt@gmail.com>

---
 text/0073-entity-slicing.md | 562 ++++++++++++++++++++++++++++++++++++
 1 file changed, 562 insertions(+)
 create mode 100644 text/0073-entity-slicing.md

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
new file mode 100644
index 00000000..e6692502
--- /dev/null
+++ b/text/0073-entity-slicing.md
@@ -0,0 +1,562 @@
+# RFC: Entity Slicing using Data Tries
+
+## Related Issues
+
+- Reference Issues: [#592](https://github.com/cedar-policy/cedar/issues/592)
+- Implementation PR(s): (leave this empty)
+
+## Timeline
+
+* Start Date: 2024-06-17
+* Date Entered FCP:
+* Date Accepted:
+* Date Landed:
+
+## Summary
+
+This RFC proposes a new API for finding an **entity slice**: a subset of the entity store needed for a particular request.
+Specifically, we propose a new function with signature `(Schema, Policies) -> EntityManifest`. There are more details on the `EntityManifest` later in this document, but the key idea is to store data paths **indexed by the request type**. The `Policies` must validate against the `Schema` in strict mode.
+
+The rest of this document follows the following format:
+
+* **Motivation**
+* **Example**- example policies show what data paths are needed for what request types.
+* **Example Usage**- we’ll show an example use-case for the entity manifest to put the design in context.
+* **Data Structure-** we’ll give details of the entity manifest data structure.
+* **Computing the Entity Manifest-** we’ll describe the static analysis used to generate the entity manifest.
+* **SimplifiedEntityLoader API**- we’ll describe a simple way to use the entity manifest.
+* **Drawbacks**- the entity manifest has several limitations to discuss.
+
+## Motivation
+
+Applications using Cedar need to provide entity data along with an authorization request. However, it is cost-prohibitive to provide all of an application’s data on every request, so users will want to provide a minimum amount, a *slice*. This proposal demonstrates a way to provide a **sound** slice: users provide a subset of the data, but get the same answer as if the full dataset had been provided.
+
+The design of entity slicing in this document is meant to achieve several goals:
+
+1. **Easy to use**- Leveraging entity slicing should be easy for Cedar users in a variety of settings
+2. **Performant**- Implementing the slice constraints improves performance without introducing too much overhead.
+3. **Flexible**- Entity slicing should work on a variety of data storage formats.
+
+
+
+## Example
+
+Here is a schema involving users and documents:
+
+```
+entity User in [User];
+
+entity Metadata = {
+   owner: User,
+   time: String,
+};
+
+entity Document = {
+  metadata: Metadata,
+  readers: Set<User>,
+};
+
+action Read, Edit appliesTo {
+  principal: [User],
+  resource: [Document],
+};
+```
+
+
+Here are a couple cedar policies conforming to the schema:
+
+```
+// allow documents to be read by anyone in the readers set
+permit(
+  principal,
+  action == Action::"Read",
+  resource
+)
+when
+{
+  resource.readers.contains(principal)
+};
+
+// allow documents to be read and edited by owners
+permit(
+  principal,
+  action in [Action::"Read", Action::"Edit"],
+  resource
+)
+when
+{
+  resource.metadata.owner == principal
+};
+
+// allow read if the user's ancestor is a global admin
+permit(
+  principal,
+  action in [Action::"Read"],
+  resource
+)
+when
+{
+  principal in User::"GlobalAdmin"
+};
+```
+
+Now, we would like to answer the question: given a request that a **User** would like to **Read** a **Document,** what data is required?
+
+To answer the request correctly, Cedar requires two data paths and one entity’s ancestors in the entity store:
+
+```
+Request type: (User, Read, Document)
+Data required:
+   resource.readers
+   resource.metadata.owner
+   principal.**ancestors** (where ancestors are the ancestors in the entity hierarchy)
+```
+
+On the other hand, if the **User** would like to **Edit** a **Document**, we only need one piece of data:
+
+```
+Request type: (User, Edit, Document)
+Data required:
+  resource.metadata.owner
+```
+
+
+
+## Example Usage
+
+
+The image above shows an example usage of the entity manifest. On the left, a client has access to the entity data and a cached entity manifest. On the right, a server stores the schema and policies.
+
+When a client would like to answer a cedar `Request`, it first consults the cached entity manifest to load the entity slice. Then, it sends the entity slice and the request to the server. The server returns the authorization result.
+
+However, the server or client must take care to ensure that the client’s entity manifest is up-to-date. Since the entity manifest is computed based on the schema and policies, is must be re-computed whenever the schema or policies change. There are multiple ways to ensure that the cache is up to date, one being to tag each entity manifest uniquely and check on each request.
+
+Looking to the future, we hope to provide several options and guidence for how to use the entity manifest:
+
+1. Use the `SimplifiedEntityLoader` api (see later section).
+2. Use a specialized entity loader when the format of the database sufficiently matches the schema.
+3. Write custom entity loading that leverages the entity manifest.
+
+
+
+## Data structure
+
+This document proposes the **Entity Manifest**, a data structure that specifies the data needed for each type of request. To reduce redundant access paths, the manifest is stored as a Trie.
+
+```
+type EntityManifest = HashMap<RequestType, RequestEntityManifest>
+```
+
+`RequestType` stores the type of the principal, action, and resource. This allows entity slicing to be specific to the type of the request, greatly reducing the amount of data required. (The context type can be inferred from the action UID)
+
+```
+pub struct RequestType {
+    pub principal: EntityType,
+    pub action: EntityUID,
+    pub resource: EntityType,
+}
+```
+
+
+The `RequestEntityManifest` is a trie storing all the access paths required for the given request type. Access paths all start with Cedar variables and entity literals:
+
+```
+/// The root of an entity slice.
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Hash)]
+pub enum EntityRoot {
+    /// Literal entity ids
+    Literal(EntityUID),
+    /// A Cedar variable
+    Var(Var),
+}
+
+
+/// a [`RequestEntityManifest`] is a trie that specifies what data to load
+#[serde_as]
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+pub struct RequestEntityManifest {
+    #[serde_as(as = "Vec<(_, _)>")]
+    /// The data that needs to be loaded, organized by root
+    pub trie: HashMap<EntityRoot, AccessTrie>,
+}
+```
+
+
+Finally, we have the `AccessTrie` data structure, which stores the access paths trie. These paths can also request parents in the entity hierarchy. Note: in the implementation, the entity slice also stores optional type annotations.
+
+```
+pub struct AccessTrie {
+    /// Child data of this entity slice.
+    pub children: HashMap<SmolStr, Box<AccessTrie>>,
+    /// If the parents in the entity hierarchy are required.
+    pub parents_required: bool
+}
+```
+
+
+
+
+## Computing the Entity Manifest: High Level
+
+Computing the entity manifest has two parts: **calculating access paths** and **merging** **access paths.**
+For calculating access paths, we write a static analysis that finds all the relevant access paths in the policies. Cedar has only four variables (`principal`, `resource`, `action`, and  `context` ), so all data is loaded starting with a variable or entity literal.
+For merging access paths, we define a method for merging access paths, sharing common prefixes in a Trie.
+
+The high-level algorithm looks like this:
+
+1. First, perform Cedar type-checking to get type-annotated policies that are specific to the type of the request. 
+2. For each type of request
+    1. For each policy with that request type
+        1. **Compute access paths**
+    2. **Merge** all of the access paths into a single entity slice trie
+
+
+The merge operator for access paths is straightforward. First, convert all access paths directly to a Trie, where the fields in the path are the edges in the Trie. Then, use the standard merge operator on Tries.
+
+
+## Computing access paths
+
+This section proposes a simple static analysis that soundly computes all of the necessary access paths for a cedar expression.
+While it’s possible to soundly handle all Cedar expressions, we simplify the problem by rejecting Cedar programs unless they follow the following grammar:
+
+
+```
+<expr> = <datapath-expr>
+         <datapath-expr> in <expr>
+         <expr> + <expr>
+         if <expr> { <expr> } { <expr> }
+         ... all other cedar operators not mentioned by datapath-expr
+         
+<datapath-expr> = <datapath-expr>.<field>
+                  <datapath-expr> has <field>
+                  <variable>
+                  <entity literal>
+                  
+<variable> = principal 
+             resource
+             action
+             context
+                  
+```
+
+
+The grammar partitions cedar expressions into **datapath expressions** and all other cedar operators. The partition is reasonable since, in practice, users do not interleave datapath expressions with other operators.
+Here are examples of cedar expressions rejected by this grammar:
+
+
+```
+{ "myfield": principal.name }.myfield
+(if principal.ismanager then { "myfield" : 2 } else { "myfield": 3 }).myfield
+(if principal has mobilePhone then principal.mobilePhone else principal.workPhone).zipCode
+```
+
+
+Now that we have this partition, computing all the access paths is fairly simple:
+
+1. First, find all access path expressions. These can be translated into access paths directly.
+2. Second, handle all instances of equality between records. For equality between records (`==`) or set containment where the elements are records (`.contains`, `.containsAny`, and `.containsAll`)
+        1. Find all access paths that are children of these operators
+            1. Following the schema, fully load all fields for the leaf of the access path
+3. Finally, handle instances where the ancestors in the entity hierarchy are required. Annotate the left-hand-side of the `in` operator with the `parents_required` flag.
+
+## 
+
+## SimplifiedEntityLoader API
+
+Having the entity manifest enables different data loading strategies that are less precise, but easy to implement.
+The easiest is the `SimpleEntityLoader`  api shown here. Users need only write a function for loading entities via their IDs, and Cedar handles determining which entities need to be loaded.
+
+
+```
+/// Implement this trait to efficiently load entities based on
+/// the entity manifest.
+/// This entity loader is called "Simple" for two reasons:
+/// 1) First, it is not synchronous- `load_entity` is called multiple times.
+/// 2) Second, it is not precise- the entity manifest only requires some
+/// fields to be loaded.
+pub trait SimpleEntityLoader {
+    /// Simple entity loaders must implement `load_entity`,
+    /// a function that loads an entities based on their EntityUIDs.
+    /// For each element of `entity_ids`, returns the corresponding
+    /// [`Entity`] in the output vector.
+    fn load_entity(&mut self, entity_ids: &[&EntityUID]) -> Vec<Entity>;
+    
+    /// Loads all the entities needed for a request
+    /// using the `load_entity` function.
+    fn load(
+        &mut self,
+        schema: &Schema,
+        entity_manifest: &EntityManifest,
+        request: &Request,
+    ) -> Result<Entities, EntityManifestError> {
+      ...
+    }
+}
+```
+
+
+
+
+## Drawbacks
+
+### Risk in unverified code
+
+Increasing the complexity of the Cedar API with entity manifests provides new places for users to make mistakes. For example, using an outdated entity manifest can result in unsound entity slices. Another example would be a user writing a buggy implementation of entity loading using the manifest.
+
+
+### Full Cedar Language Support
+
+The current analysis does not support the full Cedar language (see the **Computing Access Paths** section). With some effort, the implementation could be extended to support all of Cedar by more carefully tracking access paths through different types of Cedar operations. However, it’s unclear just how tricky this will be.
+
+Along a similar note, all Cedar changes in the future will need a corresponding change in the static analysis, making it harder to extend Cedar. For example, any operations that apply to records will need careful consideration.
+
+
+### Supporting Partial Loading of Sets
+
+As written, entity manifests in this RFC do not support loading only parts of a Cedar Set, or only some of the parents in the entity hierarchy. This is because sets are loaded on the leaves of the access trie, with no way to specify which elements are requested.
+
+To support this feature, we recommend that we take a constraint-based approach. Constraints would be attached to nodes in the access trie, specifying which elements of sets or the parent hierarchy are needed. Constraints form a small query language, so this would increase the complexity of the entity manifest.
+
+
+
+
+
+# Extended examples
+
+## Paths needed in document_cloud example
+
+```
+Action::"CreateDocument"
+[
+ context.is_authenticated
+]
+
+Action::"ViewDocument"
+PrincipalType1
+ResourceType1
+[
+  principal.blocked
+  resource.owner.blocked
+  resource.viewACL
+  resource.private
+  resource.publicAccess
+  resrouce.isPrivate
+  context.is_authenticated
+]
+
+Action::"ModifyDocument"
+[
+  principal.blocked
+  resource.owner.blocked
+  resource.modifyACL
+  resource.isPrivate
+  context.is_authenticated
+]
+
+action::"EditIsPrivate"
+[
+  principal.blocked
+  resource.owner.blocked
+  resource.isPrivate
+  context.is_authenticated
+]
+
+action::"AddToShareACL"
+[
+  principal.blocked
+  resource.owner.blocked
+  resource.manageACL
+  resource.isPrivate
+  context.is_authenticated
+]
+
+action::"EditPublicAccess"
+[
+  principal.blocked
+  resource.owner.blocked
+  resource.manageACL
+  resource.isPrivate
+  context.is_authenticated
+]
+
+action::"CreateGroup"
+[
+  resource.isPrivate
+  context.is_authenticated
+]
+
+action::"ModifyGroup"
+[
+  resource.owner
+  resource.isPrivate
+  context.is_authenticated
+]
+
+action::"DeleteGroup"
+[
+  resource.owner
+  resource.isPrivate
+  context.is_authenticated
+]
+```
+
+
+
+
+## Paths needed in tags_n_roles
+
+```
+Action::"Role-A Actions"
+principal.allowedTagsForRole
+principal.allowedTagsForRole["Role-A"]
+principal.allowedTagsForRole["Role-A"]["stage"]
+principal.allowedTagsForRole["Role-A"].production_status
+principal.allowedTagsForRole["Role-A"]["country"]
+
+resource.tags
+resource.tags["production_status"]
+resource.tags.country
+resource.tags.stage
+```
+
+
+
+
+```
+Action::"Role-B Actions"
+principal.allowedTagsForRole
+principal.allowedTagsForRole["Role-B"]
+principal.allowedTagsForRole["Role-B"]["stage"]
+principal.allowedTagsForRole["Role-B"].production_status
+principal.allowedTagsForRole["Role-B"]["country"]
+
+resource.tags
+resource.tags["production_status"]
+resource.tags.country
+resource.tags.stage
+
+```
+
+
+
+## Paths needed in github_example
+
+using "parents" as cedar's ancestor relation- requires all ancestors transitively
+
+
+```
+Action::"pull"
+resource.readers.parents
+
+
+Action::"fork"
+resource.readers.parents
+
+Action::"delete_issue"
+resource.repo.readers.parents
+resource.reporter
+
+Action::"assign_issue"
+resource.repo.triagers
+
+Action::"push"
+resource.writers
+
+Action::"edit_issue"
+resource.repo.writers
+
+Action::"delete_issue"
+resource.repo.maintainers
+
+Action::"add_reader" ect
+resource.admins.parents
+```
+
+
+
+## Paths needed in tax_preparer
+
+```
+Action::"viewDocument"
+principal.assigned_orgs ;; could constrain this one to only pull a single element if we run resource first
+principal.location
+resource.owner.organization
+resource.serviceline
+resource.location
+
+context.consent.client
+context.conset.team_region_list
+
+;; ad-hoc rules luckily don't require more information
+```
+
+
+
+## Paths needed in sales_orgs
+
+```
+Action::"ExternalPrezViewActions"
+resource.viewers ;; opportunity to use constraints to pull in only principal in the set
+
+Action::"InternalPrezViewActions"
+principal.job
+resource.viewers ;; similar constraint opportunity
+
+Action::"PrezEditActions"
+resource.owner
+resource.editors
+
+Action::"grantViewAccessToPresentation"
+context.target.job
+context.target.customerId
+principal.job
+principal.customerId
+
+Action::"grantEditAccessToPresentation"
+context.target.job
+
+Action::"MarketTemplateViewActions"
+resource.viewerMarkets
+
+Action::"InternalTemplateViewActions"
+principal.job
+resource.viewers ;; could limit to principal in the set
+
+Action::"TemplateEditActions"
+resource.owner
+resource.editors
+resource.editorMarkets
+
+Action::"grantViewAccessToTemplate"
+context.targetUser.job
+context.targetUser.customerId 
+principal.job 
+principal.customerId
+
+Action::"grantEditAccessToTemplate"
+context.targetUser.job
+```
+
+
+
+
+## Paths needed in hotel_chains
+
+```
+Action::"viewReservation" ect
+principal.viewPermissions.hotelReservations ;; opportunity for set constraint
+principal.viewPermissions.propertyReservations ;;  opportunity for set constraint
+principal.hotelAdminPermissions ;;  opportunity for set constraint
+principal.propertyAdminPermissions ;;  opportunity for set constraint
+
+
+Action::"viewProperty" ect
+principal.viewPermissions.hotelReservations ;; opportunity for set constraint
+principal.viewPermissions.propertyReservations ;;  opportunity for set constraint
+principal.hotelAdminPermissions ;;  opportunity for set constraint
+principal.propertyAdminPermissions ;;  opportunity for set constraint
+```
+
+
+
+

From d33585dfbcb1c32043a37b58c30a73d79f1b3467 Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Tue, 30 Jul 2024 12:56:42 -0700
Subject: [PATCH 02/20] Update 0073-entity-slicing.md

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index e6692502..3818a251 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -3,7 +3,7 @@
 ## Related Issues
 
 - Reference Issues: [#592](https://github.com/cedar-policy/cedar/issues/592)
-- Implementation PR(s): (leave this empty)
+- Implementation PR(s): [#1102](https://github.com/cedar-policy/cedar/pull/1102)
 
 ## Timeline
 

From 0b89ff35081072dcc6a734eebeb4c9b2b94f85c1 Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:34:50 -0700
Subject: [PATCH 03/20] Update text/0073-entity-slicing.md

Co-authored-by: Craig Disselkoen <craigdissel@gmail.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index 3818a251..652d942b 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -63,7 +63,7 @@ action Read, Edit appliesTo {
 ```
 
 
-Here are a couple cedar policies conforming to the schema:
+Here are a couple Cedar policies conforming to the schema:
 
 ```
 // allow documents to be read by anyone in the readers set

From d634187cc55df29c50d687db7b5a62eb6518cc9c Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:35:01 -0700
Subject: [PATCH 04/20] Update text/0073-entity-slicing.md

Co-authored-by: Craig Disselkoen <craigdissel@gmail.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index 652d942b..8b4c78e1 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -131,7 +131,7 @@ When a client would like to answer a cedar `Request`, it first consults the cach
 
 However, the server or client must take care to ensure that the client’s entity manifest is up-to-date. Since the entity manifest is computed based on the schema and policies, is must be re-computed whenever the schema or policies change. There are multiple ways to ensure that the cache is up to date, one being to tag each entity manifest uniquely and check on each request.
 
-Looking to the future, we hope to provide several options and guidence for how to use the entity manifest:
+Looking to the future, we hope to provide several options and guidance for how to use the entity manifest:
 
 1. Use the `SimplifiedEntityLoader` api (see later section).
 2. Use a specialized entity loader when the format of the database sufficiently matches the schema.

From 01905a4cdfead18eee0463e0770dcbf358439a36 Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:35:06 -0700
Subject: [PATCH 05/20] Update text/0073-entity-slicing.md

Co-authored-by: Craig Disselkoen <craigdissel@gmail.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index 8b4c78e1..6ec11a49 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -276,7 +276,7 @@ The easiest is the `SimpleEntityLoader`  api shown here. Users need only write a
 /// fields to be loaded.
 pub trait SimpleEntityLoader {
     /// Simple entity loaders must implement `load_entity`,
-    /// a function that loads an entities based on their EntityUIDs.
+    /// a function that loads entities based on their `EntityUID`s.
     /// For each element of `entity_ids`, returns the corresponding
     /// [`Entity`] in the output vector.
     fn load_entity(&mut self, entity_ids: &[&EntityUID]) -> Vec<Entity>;

From e20d942980c487efb2fe07c34f958191452e83cd Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:35:11 -0700
Subject: [PATCH 06/20] Update text/0073-entity-slicing.md

Co-authored-by: Craig Disselkoen <craigdissel@gmail.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index 6ec11a49..9f48bac8 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -279,7 +279,7 @@ pub trait SimpleEntityLoader {
     /// a function that loads entities based on their `EntityUID`s.
     /// For each element of `entity_ids`, returns the corresponding
     /// [`Entity`] in the output vector.
-    fn load_entity(&mut self, entity_ids: &[&EntityUID]) -> Vec<Entity>;
+    fn load_entity(&mut self, entity_ids: impl IntoIterator<Item = &EntityUID>) -> impl Iterator<Item = Entity>;
     
     /// Loads all the entities needed for a request
     /// using the `load_entity` function.

From 31903b77add23e183d3c969d57d4857c4a4b705d Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:35:19 -0700
Subject: [PATCH 07/20] Update text/0073-entity-slicing.md

Co-authored-by: Craig Disselkoen <craigdissel@gmail.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index 9f48bac8..baf4befe 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -273,7 +273,7 @@ The easiest is the `SimpleEntityLoader`  api shown here. Users need only write a
 /// This entity loader is called "Simple" for two reasons:
 /// 1) First, it is not synchronous- `load_entity` is called multiple times.
 /// 2) Second, it is not precise- the entity manifest only requires some
-/// fields to be loaded.
+/// fields to be loaded, but this loader always loads all fields.
 pub trait SimpleEntityLoader {
     /// Simple entity loaders must implement `load_entity`,
     /// a function that loads entities based on their `EntityUID`s.

From afbb92a3cc6f6c716853debee70b6828dac795a9 Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:35:28 -0700
Subject: [PATCH 08/20] Update text/0073-entity-slicing.md

Co-authored-by: Craig Disselkoen <craigdissel@gmail.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index baf4befe..046df61c 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -147,7 +147,7 @@ This document proposes the **Entity Manifest**, a data structure that specifies
 type EntityManifest = HashMap<RequestType, RequestEntityManifest>
 ```
 
-`RequestType` stores the type of the principal, action, and resource. This allows entity slicing to be specific to the type of the request, greatly reducing the amount of data required. (The context type can be inferred from the action UID)
+`RequestType` stores the principal type, resource type, and action UID. This allows entity slicing to be specific to the type of the request, greatly reducing the amount of data required. (The context type can be inferred from the action UID and schema.)
 
 ```
 pub struct RequestType {

From da15abc1995023997064671ce9683084dedf1599 Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:35:41 -0700
Subject: [PATCH 09/20] Update text/0073-entity-slicing.md

Co-authored-by: Craig Disselkoen <craigdissel@gmail.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index 046df61c..48d274d7 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -240,7 +240,7 @@ While it’s possible to soundly handle all Cedar expressions, we simplify the p
 ```
 
 
-The grammar partitions cedar expressions into **datapath expressions** and all other cedar operators. The partition is reasonable since, in practice, users do not interleave datapath expressions with other operators.
+The grammar partitions Cedar expressions into **datapath expressions** and all other Cedar operators. The partition is reasonable since, in practice, users do not interleave datapath expressions with other operators.
 Here are examples of cedar expressions rejected by this grammar:
 
 

From 3d6b22d6d98718ddd2c27781c5d650c319e29ed9 Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:35:53 -0700
Subject: [PATCH 10/20] Update text/0073-entity-slicing.md

Co-authored-by: Craig Disselkoen <craigdissel@gmail.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index 48d274d7..edc717f7 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -241,7 +241,7 @@ While it’s possible to soundly handle all Cedar expressions, we simplify the p
 
 
 The grammar partitions Cedar expressions into **datapath expressions** and all other Cedar operators. The partition is reasonable since, in practice, users do not interleave datapath expressions with other operators.
-Here are examples of cedar expressions rejected by this grammar:
+Here are examples of Cedar expressions rejected by this grammar:
 
 
 ```

From 3d0365e2dac32d3705667390bfdc7fa38db74aef Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:37:03 -0700
Subject: [PATCH 11/20] Changes based on great feedback from @cdisselkoen

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073-entity-slicing.md |  54 +++++++++++++++++++-----------------
 text/0073/clientserver.png  | Bin 0 -> 73924 bytes
 2 files changed, 29 insertions(+), 25 deletions(-)
 create mode 100644 text/0073/clientserver.png

diff --git a/text/0073-entity-slicing.md b/text/0073-entity-slicing.md
index edc717f7..7bcbdef2 100644
--- a/text/0073-entity-slicing.md
+++ b/text/0073-entity-slicing.md
@@ -14,8 +14,12 @@
 
 ## Summary
 
-This RFC proposes a new API for finding an **entity slice**: a subset of the entity store needed for a particular request.
-Specifically, we propose a new function with signature `(Schema, Policies) -> EntityManifest`. There are more details on the `EntityManifest` later in this document, but the key idea is to store data paths **indexed by the request type**. The `Policies` must validate against the `Schema` in strict mode.
+This RFC proposes a new API for describing an **entity slice**: a subset of the entity store needed for a particular request.
+This RFC doesn't handle loading the entity slice itself,
+instead proposing a data structure called an Entity Manifest.
+The Entity manifest describes what entity data is needed 
+independent of how it is stored.
+Specifically, we propose a new function with signature `(Schema, Policies) -> EntityManifest`. The `Policies` must validate against the `Schema` in strict mode.
 
 The rest of this document follows the following format:
 
@@ -88,16 +92,12 @@ when
   resource.metadata.owner == principal
 };
 
-// allow read if the user's ancestor is a global admin
+// allow read if the user is a global admin
 permit(
-  principal,
+  principal in User::"GlobalAdmin",
   action in [Action::"Read"],
   resource
-)
-when
-{
-  principal in User::"GlobalAdmin"
-};
+);
 ```
 
 Now, we would like to answer the question: given a request that a **User** would like to **Read** a **Document,** what data is required?
@@ -124,10 +124,11 @@ Data required:
 
 ## Example Usage
 
+![A client communicates with a Cedar Server](clientserver.png)
 
 The image above shows an example usage of the entity manifest. On the left, a client has access to the entity data and a cached entity manifest. On the right, a server stores the schema and policies.
 
-When a client would like to answer a cedar `Request`, it first consults the cached entity manifest to load the entity slice. Then, it sends the entity slice and the request to the server. The server returns the authorization result.
+When a client would like to answer a Cedar `Request`, it first consults the cached entity manifest to load the entity slice. Then, it sends the entity slice and the request to the server. The server returns the authorization result.
 
 However, the server or client must take care to ensure that the client’s entity manifest is up-to-date. Since the entity manifest is computed based on the schema and policies, is must be re-computed whenever the schema or policies change. There are multiple ways to ensure that the cache is up to date, one being to tag each entity manifest uniquely and check on each request.
 
@@ -182,14 +183,14 @@ pub struct RequestEntityManifest {
 ```
 
 
-Finally, we have the `AccessTrie` data structure, which stores the access paths trie. These paths can also request parents in the entity hierarchy. Note: in the implementation, the entity slice also stores optional type annotations.
+Finally, we have the `AccessTrie` data structure, which stores the access paths trie. These paths can also request ancestors in the entity hierarchy. Note: in the implementation, the entity slice also stores optional type annotations.
 
 ```
 pub struct AccessTrie {
     /// Child data of this entity slice.
     pub children: HashMap<SmolStr, Box<AccessTrie>>,
-    /// If the parents in the entity hierarchy are required.
-    pub parents_required: bool
+    /// If the ancestors in the entity hierarchy are required.
+    pub ancestors_required: bool
 }
 ```
 
@@ -216,7 +217,7 @@ The merge operator for access paths is straightforward. First, convert all acces
 
 ## Computing access paths
 
-This section proposes a simple static analysis that soundly computes all of the necessary access paths for a cedar expression.
+This section proposes a simple static analysis that soundly computes all of the necessary access paths for a Cedar expression.
 While it’s possible to soundly handle all Cedar expressions, we simplify the problem by rejecting Cedar programs unless they follow the following grammar:
 
 
@@ -225,7 +226,7 @@ While it’s possible to soundly handle all Cedar expressions, we simplify the p
          <datapath-expr> in <expr>
          <expr> + <expr>
          if <expr> { <expr> } { <expr> }
-         ... all other cedar operators not mentioned by datapath-expr
+         ... all other Cedar operators not mentioned by datapath-expr
          
 <datapath-expr> = <datapath-expr>.<field>
                   <datapath-expr> has <field>
@@ -240,7 +241,10 @@ While it’s possible to soundly handle all Cedar expressions, we simplify the p
 ```
 
 
-The grammar partitions Cedar expressions into **datapath expressions** and all other Cedar operators. The partition is reasonable since, in practice, users do not interleave datapath expressions with other operators.
+The grammar partitions Cedar expressions into **datapath expressions** and all other Cedar operators.
+On the LHS of `in`, `.`, and `has`, expressions involving `in`, `+`, `if-then-else`, and most other Cedar functions/operators are not allowed; only Cedar variables, entity literals, and `.` or `has` expressions are allowed.
+
+The partition is reasonable since, in practice, users do not interleave datapath expressions with other operators.
 Here are examples of Cedar expressions rejected by this grammar:
 
 
@@ -253,11 +257,11 @@ Here are examples of Cedar expressions rejected by this grammar:
 
 Now that we have this partition, computing all the access paths is fairly simple:
 
-1. First, find all access path expressions. These can be translated into access paths directly.
+1. First, find all datapath expressions. These can be translated into access paths directly.
 2. Second, handle all instances of equality between records. For equality between records (`==`) or set containment where the elements are records (`.contains`, `.containsAny`, and `.containsAll`)
         1. Find all access paths that are children of these operators
             1. Following the schema, fully load all fields for the leaf of the access path
-3. Finally, handle instances where the ancestors in the entity hierarchy are required. Annotate the left-hand-side of the `in` operator with the `parents_required` flag.
+3. Finally, handle instances where the ancestors in the entity hierarchy are required. Annotate the left-hand-side of the `in` operator with the `ancestors_required` flag.
 
 ## 
 
@@ -268,7 +272,7 @@ The easiest is the `SimpleEntityLoader`  api shown here. Users need only write a
 
 
 ```
-/// Implement this trait to efficiently load entities based on
+/// Implement this trait to load entities based on
 /// the entity manifest.
 /// This entity loader is called "Simple" for two reasons:
 /// 1) First, it is not synchronous- `load_entity` is called multiple times.
@@ -313,7 +317,7 @@ Along a similar note, all Cedar changes in the future will need a corresponding
 
 ### Supporting Partial Loading of Sets
 
-As written, entity manifests in this RFC do not support loading only parts of a Cedar Set, or only some of the parents in the entity hierarchy. This is because sets are loaded on the leaves of the access trie, with no way to specify which elements are requested.
+As written, entity manifests in this RFC do not support loading only parts of a Cedar Set, or only some of the ancestors in the entity hierarchy. This is because sets are loaded on the leaves of the access trie, with no way to specify which elements are requested.
 
 To support this feature, we recommend that we take a constraint-based approach. Constraints would be attached to nodes in the access trie, specifying which elements of sets or the parent hierarchy are needed. Constraints form a small query language, so this would increase the complexity of the entity manifest.
 
@@ -441,19 +445,19 @@ resource.tags.stage
 
 ## Paths needed in github_example
 
-using "parents" as cedar's ancestor relation- requires all ancestors transitively
+using "ancestors" as Cedar's ancestor relation- requires all ancestors transitively
 
 
 ```
 Action::"pull"
-resource.readers.parents
+resource.readers.ancestors
 
 
 Action::"fork"
-resource.readers.parents
+resource.readers.ancestors
 
 Action::"delete_issue"
-resource.repo.readers.parents
+resource.repo.readers.ancestors
 resource.reporter
 
 Action::"assign_issue"
@@ -469,7 +473,7 @@ Action::"delete_issue"
 resource.repo.maintainers
 
 Action::"add_reader" ect
-resource.admins.parents
+resource.admins.ancestors
 ```
 
 
diff --git a/text/0073/clientserver.png b/text/0073/clientserver.png
new file mode 100644
index 0000000000000000000000000000000000000000..756ea4cb623c3d5fb4da67d1655187057b1b5726
GIT binary patch
literal 73924
zcmeFZby!qi)IT~i3{naR0@5HV(gM;03?U%`0wRs1fOIob1B!^mAdRGi0us_42GSwY
zt)%1tQd0K}GsgFKpZE9N`~S=H;2h35d+)W@{;b|($Q?DsbHsGSAQ0%BvXZ<e2z15^
z1cE3Lo&oO2-dLgnfzC?W$jRMNmXl+-<Kp<h#?BH1QVNOHA<)%oqfRx5iiBH(p;=ER
zp<oVh){|b@bwXiT3YM6Ql!4C~jqW<Fnt|zSI5SM}KSd1dLA~#DU%R$!_P(%A8Emv0
zyWVv)-|c@Qwv{Hh(9MH~{Hz?I6chXq63NF+-V%JKuO;jC7v%{gA(^&UIzyrSr?BvF
z=)1EO{(S2WAo)RK_ZXX_(vwDN9;W*r@IfI#qL10X&CB_agX*HVC}=?Nm<?(zVtIkH
zT)pQ%f>@2Oebgg1<oHNST&Lp@eX%F73LiuzM5>sKk9;IC`y*(aJLlCTL2+p$J2@m>
zCU}@n+Mj~#yW2DSSK)+aiBfDc1S$EAHV@9)xQOb>>GIPcG>9ma<Ppg>CsyLeo^3tR
zq`%%h)#fo^pyo>w>>Mi?S3WP0f5y4!I-B?zGy7-KgkCP*&opjT+~8I=MbSB5;Z6`t
zCny#~QC<KSpZ~=Ap>9#>O4<t!LQ}c3I)vidcbe3m=rVr~@=<mQ?0Zn^rCHZUqo2m{
zfIs#S5uv-LGrt^gLnI`(-#?|xiffyHJ7eY3g=ZY(2Gqn+nXLDMhn1s}$X}Jw8pU)y
zXDU0dGGn=6Aj{B0^Yjeo&*Bfaot5hP8gASd5WR2bT7hIN_;f&0LizE+{(Jo@2E?Hg
zudc-X*4uRb-&8)!lXeHSkP+YOWL%yniKd7VXO_ng*mzzndNYRRZCOj#KH`<YB!iiV
zvT2|Tcd8+XCQFvN=K|HItDN6Ig}R7-D}L^Uwq&7r2PaR*<H)Bqp=bpMR!lxM_R3x)
z0yD6j(L<6k#CA?UyMREEr&7Yt?@?ZoiaZ-m60^H0!#dkYTKv3}tu<zsx?OQL@D2IG
zW5P&+qU=qL53G)D(?k}~6Lfb#EXhpQW9`9{^?jKgiH}ciXGOgreUxQ;R-fW=h|H(!
zW`tizMLr!lF~cZQ@l4#CX{&~&VGU!HsTAUbD8eD4lqX}9_|4zbGQuD!cckSLL&KO|
z0}SL;Jz?a#K}&aNhd!PQU|TzLblus1afGpi+j6`lzt_L-c<iiS75y!V5<%K4WNZYH
z_Wn${4n=EHS(iGtQTrO7Uh>B{4&LeMIo6Z5NFx|~mc~;YGz?y0@F1>5GB(qJ7$pLP
z%nFA2X_@qm)Mww?_8Qc|QVnz1_JSMVOK^2$eX9Ok-LfB=QG}G%-ibJqubg3HCUegN
zoI=z{=p$~>>P{!)>F(i<2jB74sB4(~)YeG<%y`+;VUiiNmwNHyMbXU^5@~Rgl=|Kt
z^Ktix!1NnAD&$shwWjl{z>k*f5FZumCiX5+0*J(fWMPIFh9n~dy=P(ggp`jYzS^`{
z`c0hXF^9>S1d>~DTHQ1E9&eja4ikF>N}5PpgB0I$I8hryR;R_QNOaU`yuiPjB+#@n
z<P@?ut)GF-p6jxbKI8fTKa4cFOcA1}`NHio$@xo~7H0&=IOOiJEWhAU5-K4R3rm*e
zWnpZ!pJnZPT&E!Q>SEs0rS#7^LgEyb>9=n{ROMST^%gD42vbnJGD8{Kiw<Q>l0n9@
zMVTp!BxTHa37oHk6HOy7;+dQB>(a%AgcR%Pa@>p1HZ9kstn1M!R?DY3ct+_=r`E#w
zjhOUfv=grsZCViD=b;&ijYoC(jnAb&9iSbdobR7a!_imY5t$R}J>hslAuDDo@s0f3
zS)aHX!u4nJ8BAZEE)u0R-!&t37I)@%#w(8SiW-*jxxK>vLg~z9f+#+Yr=M7<B5x@z
zE7dBqE9od1Wsz~_alYm(<YeWv;gpRvi*<=L;%w0_%z<g`-yXbd@S?tr-+~E2hu}ca
zSBLl{j^8}K{Uu}gjt@sj3`4tNyZ$YnxwCUjbK!Y;dDVIG50mrY?h#A+1NC_e+RS-=
zcfZ~%)iKWv*NV>L(HMK>p}ATyO3xYlQ1x8;YYmbdm7Ib8ul)r5WJ@>P+1)F|)qN`-
z1wE?&MYSDIXK{|}-0RQK@Jrz?;dpfMLXU*nUJkzGR*jhF?jr8`_)<jZpxj!YSD#;h
zUq7_m!^Wt0Y4ECzfh~dUR@s8B<A7AbQNq(N+}7N5@xrKzaF3^h*>e5GUrd*07h`^`
ze6jiZ<Lkhn`&ZS$lsto1-nT2Y$i9{inlI1&;29Vz@|0WudVR*U)AZ0Z^yvU;t-wnC
zvC|RAx4|#hFXh<%Nd1i4W0S{*kLS*uJF|PvS<d^T=tqvH^yhjm?vM`At_dbf)Vb{)
zfAb8x!{(jomH9)#AY4EESGa1JT=>n;%VFyDyDt|Lp$W4I`2u1Nedf0Ww*{#Z3I!xh
ze<c^HSoLi!+Wz4ADJ95OdR;Jggt}C?v}ay;UU|NG-hF<T=Nk3d(A%Nf)LqoRaj)Yv
z;sm*Exz}}H6kNPFa?duuTd%&dqFAli*kr<F!amdSV+BV^ZgI7hO8ItWik*R_cUOdU
z%e#*9F_R$&)M)LP)tJukeGfPzi~&kY&mgWquHY3;9+5-m{8gjt#Sh&@-I={!<sOc{
z+~M5!KjxG=Uf8h3qhKPNNu{-}sawJewY;Oe-*}sORe6hyR*k9)sS1Y_G!%ovUP|UU
z_j8F5h%}5TR2r<^*uA!kzt**OUlJzyiK(1PGBqysM`~=U2(5US?q{>l2);m_^dY;V
zOk?JH$vTp{UGI~*nZ@Yk(vCOYWnI?Ci}sn!2QLp?d@A=metkLWI}$!{|CO}wdieH`
z8DAHQhEx#1%t!fM6KWIr@KW%a1A-w_rFD9OdhCzirT3=yrB|4&PG?PTzbBLJlq->a
zDEmuxLhem)>RGlYH=pp3)wT&ga2**~X>jU6Cw}8O|L{D~`DHeyo1==)*^)APbI>`l
z8oL<<89`sp@v}T-EESmd%U4~Q9cFX>R5e`nyz0#c?}p&_o-4f+SFf(z@`}HhP<3O&
zA<91LMy{A18^X}Vee)nDJ%)-S#atmGQEXl_&oqyvoIgA!F1bRoz~2r%JYZh?xf;bq
z>uFxswU;}?cl&yBq{z2n`S6hB5Q09U9~?hw`x>3hM75KT&w40WDlo@48-4VBPcmKb
zeH-n&&$ZVh;47$O;bFD^prCW9ZKsE~XN~F|bQ!<M<%5gxTwPCi+r$fr$oMFo_@bz^
zRDazZo=&QY+X9I<+%<z+W$s>DN?wsfY|lzLKk=%Cz6guILA}_-ynipZ;3v(GkFt#)
zo_`?Iih9G4kSC-qTJHYxsO;v~RH~p0N5YJ0-6@l>k9MEOY00bvtQ-=9I@=QlU}I)G
zha*O=vI{H8Dv3!FySru!->I4%7qUBTUpm74yAN9$pB!syWf))Lt*&medjC3TPxk$X
zikq3#1qMG0VssuAcUI@ut#p{JeGhG{Ijq?k3b>M}G8*@Yd!j0=>UP!2XP1*X2_5T#
zYx)~rmi_I&w0~-6znv^ht@<TfZLt4ZC`PDHD8-g-NVu@nu+nZKetTrONC$eaUz<*w
zH_xXrpz>S$XJmMJQkY1r{jV~;cl(2Jy*%66gW7WjAqFIsQWJ4?tK*JgQ+bv24t!(B
z?!iuq3*CDuJOil%1GQluJOwhgSwfPvEvpVwlx1&<2a7#aQjCp8jNj?h?Cv-G^cC4r
zTyd0Y620TyyJRxQI{K>bQI?;+?|nHBIV<yr<}KgQAG=hgRD&Z#8AqJ^SFD@)C(Kn)
zS`j_cQcf9*@+Zn)+9tL1-Y|)%+ckJU>il8L<IH1kb*Vd9n%-sSr`UWo<$`YybN#gM
zH}uWV%}-UB;+G6249Jewjt^b|Chu2AYCQc|{b-W7f+s`ccmKKmf%LalMa4x%HB7$s
zGYWm-1|lsJD|OAa1HKaLJ8va|Jf)^mTv1L%KO5$cHVG8S@{ZpfWEOtS+#3Fv9$bK;
zV4Cpl^ga9@GTRnkxUZh8-jS9l^>)o;Rce&7@9VM8%2pvw22Gl`%5nd%(#`DEj>rD^
zhXbP`uZxyr_Xe7ln;p+iu6Ql)R8&h>oV>3+^h}$I_q)FLZi{VZrdpjNE!8)5Gw7$~
zs!nZ@>eQu%3Hny%i{#Fq81{=mXSiM_5;ZL|g6?R6)88M_TIQRbu=71L>)}+KmNso>
z(lCaBa)M6Qo$Jx-^H)LMmG4(+`iCwOz`3cA@_fh$I-$D+yAL;gv-8QnNtw8=422z@
zMLRw>>)DqZm#&1rUOMCFaDv}x=W~5giBu2BC!SmCDnC$F1#tq`gdixG4ulU}fq`Es
zF#Vrv1@JWx-syb^2o!7sg5us$13oc7k-#rz4E7T*>M4i-_=^Jg^-72Qe*279I^OSV
zh!XG&B%>v#tPFf=nY&n8I=EUpx(N$?{0`h8a#GTB1%arqV1B{MnwQbQ{6jW(b=`DT
zZ;P8d+Vh%PIGS1Vdf7W+<^jRH#DPnDOE*&%FMB%&S8*@NOQ&y$1J{__e3w{GUvaaQ
zyripohegiO#gavs_d4(OOH#xvEG#e=iwEMG@(Q@&z+aM=tliw4#QFF<Jw16n1$iA^
ztoZoF#Kicn3-AdD@BnY{xFQ_fOucv<T-mUb{GLbN($(C>#>vgb(SZdsuc?`%yPM>t
zOPGcJ{9x&{^s@Q8l7lObEr3Bj%o9F--s^mS<_3nsFn7i8*mzmm>B-yJ12O~FkP;HT
z0Xu#F|MleWivNt%{X3FhSV;Kaq5nMkKZk0&TDr(N+5>C4N&Vd~+~9v7;s(O_Fs%P0
z3ap$@?*f9BB8Kt(*)%C)!p(-ez&<kA$g5*M0hD2Wz?Xr4u3<kh*WRA;$tBSs5FDf|
zFLT!myfQ(MOx=96x54MBC?Pt%$oOq`@%aUg9qTZDI`fYd;bvqWhxGK<IO%Gy?wpBB
zyE@DtH=J>){+jlW`br7WQO5C&DMa^#ce_+isd~MYm2?l+yoVL=Gbvc-k+v^YYcP|(
zabAj$1qp)ukN*^&&yhj42>IT;c^(b|L&^V#f6_o;rZbTLc^X2NX#p?<#=CqyFZBPi
z8X@_#>Dm7)J-n1GO*18=nKl0-#h3?RrqBPkRsNTl|8dLzcbonv;QX&-{#P>prv(1j
z&iqei`2QuDX^jBZ`0z;2&tW^(%QnLQxQaDuz@)DoXYTxGF8DZP^-(J8<A{};k?amK
z9`b*^Px>z?A^L8bq@u##d%#tmHXPrpKbS?m+yjq5@$VxRUcmD>7Z+3hvnJq={J?@u
znfkJkEk{SnB!B%{-4!^p#o$QQ_P_p4rRgksR>*<<%GeP3Y_WyzKYoy93!e~e;m52Y
z_aFDjas~1L`DVRMr0sj+I_0c#h(OS#zh*a*4j?MmIs5K^$IRd#;=%Gtpa_A6jvSVM
z2#y1MT4*5tf8K5~fV>AY4Lk~jP150&QUCGIP4y6{*Z7!cKf|9}7-=XeHSsoO5?^kO
zCg+l1`-c>2fD{|kd6xgmf1c<G2|DK`#cW&MafZS_&-O^jr#FU7X#X=gIuf1*LYc9&
z&b)dL*ZM0vLv}!%?nVkhe{TV@4wxmB2PV%XpH+?!%KpdUN7@0jv{7fn{>$hUh#CZz
z#{oqc_Px4G`DfuKEr3zjz{HKeyki*6p>U#`*6=2u&2=#+`tvd<;5Io+Q#4UMobm5&
zV`zCu{_ILqW}af?8#?h2xqtSETmcDEzj!g~Kcs^v@XgMluaO19YEZ<Z!GA2mG)9UJ
zKRA{`{@lWd__7{LDhQPakx9Mm32kQmD|PZ<5I9w|cNqUKfxuO-49g@4^-w~FiBSP$
z{}*IVrNI7+>@vCkgKL0Q3UZ~(O_`)Bk?dd}kDLEMUIrkB2vQ>P4}t*5-wTij&@}-?
zjE^4l)BjnxX%&N)$;bW7e{Nx>dZxuf3ubb+4um;-fNK9CJrW48QlaQ!s{g$1R0=PF
zz}k^4s3b+mKXf`}Vo2YibN{clMzKV80)in01mi}0^B)LI-$8;<a@R`!SrCv~4bf$Z
zrc58g%|+o`)?|O!g1;svpKj|<eP#R)Kv|IR=lGiEr!};%wnl%C$n^RLOlJYXoW=X+
z206Sb6Ov1ezNQukV`98}<F8m)>;bX#DRc$=7cQL?N|s2)@)#EN2iqd$GJk~Ls{+t%
ze57pqpVz@HkX%x9&U5lv=W#}he~cK*Re%zH=NJD~qh3W8Mle(M%}B*GemRxDGYKdH
zP@MmXFZ6dk3^@8YBMSkzT#!jE^WY(n`$G#F*dZn|Hv!du76cxyK>KK?HCotP&4);`
z{*f;^5Wc7GjSrLjcSGypHFz-MFc#Eu@VRq;vDiuuP)^%-{x05sURSDwyF<P1(i3fF
z)xHs9`m;sI2tbT(E83$^{-YS8<T(K8d2}*N1dQ_3|7^%5APERTe!Tk6Epj;ADq!g>
z`kGE4OdQ2K`t;9Ckq-e{a;abY{O4^JIs7~TExLr87K_vA`hTH8%LhlY&(uC6{zuCJ
zaOIwFeFBJ)RwlLoCtvp8XNx>=q~iK<w)@{1fGfCez-=OQ4l%_n(U_{;U%9}W?g0qk
zAqn}<+sI=`;)Q9AQ7GakvuhdoACa*j0I@__C00be?o3#a7>uDMu~_QdXKhIlsCV&h
zJwt)r{Oiy&j3Zo4rY4Q4gTK;`B`xlpG_4LQP@g_6qiih$p&(aVGbgTR$|zHtsIj!A
zU%=QTuiHp5aJ_gkNd4*Vn;NGrvRU%FHZ*DGBY-xf0%R$p=j`!WW{(C1o=lEYa$m!*
zp7FXnLAaS9`RRTU$#wSW?ep*h!14twQJScw|5`B@69A{`mi0vroqXppyv|<aEOB3T
zb93z0(Pw+vhuMAmSQRE$OV6^lZ+dMsHncz3^)qVK7E+PKHQ&tWxu0<95M!do`66?{
zOjlF@$2${B{fW0J8NTvhB>=Of<Vnc=iK+2WF|gK$6n`SL1-vnrq>4R_ncV}-NY%M<
z$_0`%lNiGV0ko4u%Kg=wxYa-@5whAQ_V*K#Oc%*-oCib8s9I-1C|UN_%+=mZQ$I*2
z(VpqMXP6Zt&jWv0$cu>PLBULlx7&IytU<c#B;IJh2i-Se-&cGsj|I|q%Hel*FC7(Y
zktpIFCo6TI!j&Lk{M|S3*92ZM=VVfs7+4u3w1LU8ZpFErIta}x04I4Clw9#3bu&Ny
z^`lR&Cvmxg3k2f@nStU^H?!9k1enPK9#Y?-@%$DjIX<A(mGbc$W^gdXfe@YZ8ZZ*W
zuPi#e!1GXnhES~kN6G<zG00|%(t}ek;3YM`4Fv>p5MRwXo@=i0?$n>82Ow+S88q76
zf~)i!NkSh%lyos>LO`vF2h4=87|A~Kl#J@R3{ouM;=9)87%@zX1C!<zbr7PndMDT7
zY}W>rSw(N2#sqh3ku^D5%qJ#f0jUqysW~w#JfU*ZLMjRcvZxOiTF9LtzRn&QkRls<
zia||IfbClddlL30^NuL5?~xq}=!+GfXgR<bs5fOp4Ew9gW^#al&r7Yz9tc-tpa_`A
zZKDyBd8pxt{arfDYb?ruBrg;7$?!wH7+9L4n%639CyOXUSrDh9b)&pP<1zjv)1au2
z3Gk6Oo5I0Nmg<p;@#k~yOC(VC7OC5u$JiUV8D^S!8hb|w?8_4d2eO9kmx{$=PuS=&
zPmxy8L%yYc^RYAA>!yc89fGTGUSS4ZC9V=`%H$^6wD|sP(;+2+674Yc)#VfiR=|9s
zuFr*N0O&W{Z62J+1~)~VBUc870b)7ioc5P_6XhjMCWkSFImTcS02~YeI2ffF>NNok
zRKS%)x}gb_PV*O3cp<Q2Yy7!$$3be#fif9PEuRT+2H_G3^nQQ6pvMi*E%~eFTo|ZQ
zfGY{SE)dJ4#+*Gz?9S4ZjKsTKg4Hq;HsG&wx002iUf-Y0(1<&KC_ZHo1ZgCWxllmm
zuAx)n8_pM0i?~RKVeuEf8zK6dP$29FvxKqqC0B?sGq~*3+p}l@NT8s~A5R0RGepSo
z(z9y4?%7&xGm>xym5^Y>27>rOjvL2WTW1J9Uc%6I25ba@J%7%kPIu;PFq-H(dlMXM
z1Obx<i2s2ylKo8M^jHzeK^hxk-`@OMKt5JpEGFz2fmLj^3QJt+!>Gb6$s%AI#i58O
zX@zUWw*Z84lEj_Did^Y6$Q80-OEK+i-Lg7F`l=Oc^x+W5{HJ8jz*+<a(n1G=uvbV2
z09AHdh60PN#+%&<Ur4XCK80HVY+X8dhYe8zEC>^Zob$Nnp~)e@gwwPBtSxLK49FMQ
z;41(MJ@l{sh;IamT*0V^D0we`Q|3#1HBvw!uM@UXXaj`h$XnpJv;nyMqyTXFoQB3l
z134Uq(I_OG7+RIC0_MDlaUa5v8o-)r5p52;i7N90)|6b3Rsy?qk?#P$x`~L;^6$RO
z@<K?HaO@U?Xxuo?yvD>TP2{~|O_|~eEMy;H=P}#!#r*y$9HA6|EpAF=2B%(EGi(hC
zV8sRx0XK-9Wa1U<NC6X-dZAYm7#quiVh{HC5dJ`o#Z;CUN4P04R|X};bTR*CV<gv#
zf5hxuWqI383hXWuX2}7jyMQ}&BX#{wT{Ju6cLo5}b(g1uK&U14K$tPzKuBe*Siq-q
zSk(pvSO9xZt``MTk0hgUkzvWlI?hNi#IV;A&VC0-R(ds?xPZ+;KoMmOACw(0xI&cK
zv*9>iFzyP*3TBd~KOw0e#DAOx7~#eOZk+ptyAwOvdblsS+5yvOH>m*A1Va&SjBRZ;
zG_H^~=d26ZX*5{@RjB6#r`|WJiY#Sj$-+^gjG;o)@eU0zT&Bqu7;Xg&zgXSohzAT8
z$;KJ_C?3Fk<y-?ZeY9u~LkL(b5~h)Qu00{8(8TUb>t*l>NsZ^{h&Y)eZ%fVX9E?s(
zbAtJR{Uta*>pXB>6=9i3sU*fv@DDtoniSLguueW9s3(Mgz!nRCi##MkMg#}aM19pI
zj7PDkL+%^p09m4?k5ROdOdyc_xH}@|8}a6$<72_t3=YWiI*IOXS1#be=Iw_O;bY3C
zjiqlbbY-#eUO*VNi5YKZZE!m)5~%|146(-$N8`-v+y+-Q6#|H3<;B`|mPlD};S8s<
zB;zzc-|U4ToyOiQ^wh=Q4>bd#GRjN5K6^KqkHc0Vv{EaFF-$#OK}nQV4i0!gNFUHo
z?6rSD9*vjFXpm?q?g~j9m*_utYQX|pF*N@25^nk^=)rb^XNoalfF?MQqZ`v_d|}_b
z!$9g@^c8@jWFzD8V7GugVfXk75NFg&y=gvu^%npqmhU4Vl-QT|f*#uk!K$IBdr)_!
zsnj!bw-PZivrRO<s5uJ=nvaBhcH`c9(t^S~v~FM>oBYD1!9_hpUII<#lTW+6J%1h$
z{GNfsM6G=zNBH1aguR#$J$w*}QS$`I{Jur+i~89V{>(0m<A+xPAU$Bb<$Ag(jL*dQ
zBf?p&$ra3WGWHH<%Op?8Kp-sc#(A6UM_zbGg48XTD=?TlhRj33GEDwdzHy0^y>Iwz
zh_DiPjf`J_!f2-X{c}Is56`0)_^|gM5qcd}tSHqhA=#ry$ACox?tlYfuddc)U1v{M
zQST$gt^>iZ6K9{!1)&hEZ)#E%W1z=)CRmY!8KIp-VtkWvjJYR-X!$-<j0-T~GfCB|
zif)-~3D4~$swy7J5yURnjo-N}!q-LQ#o1)8=HRp&vE_eZ7MmV4sX~q`EsGMRCsno8
zZH&5XS^TD>G#?NHx#l_iPGv|S?2%g`Ldrr7jylew!h#t};sppt5X`g{FK*b1Pv$*%
z>Z!?rEU2xj_xJ{T86o<~Xk;KDXL-u$IttZR#<4_7Cq-!u6`cB0p-0P;tRS%4c9(yt
zKR&_^cM3+H@OezqO6UVldM@Jmn|E=B1li>A8Ry|mln~>jYrVx<Vl+#`Z_BWWJs`6p
zfTv4MANky63B<9nEa4(|lf0qHx<D?~;(I!PeR33NA<nB`z?>NftTLH%@UbHKL4odb
zPhtm1c$l@EM%seStylyBZ&3WP)=R#Mx;@NUnFlb)M-bze+)n<E+U3YClURHetPH$l
znp9jNqXb@i*%36yZG8$@&SU|ZRV4)*v3v|pVSf2uj^nl+BB#`b6GE6}*aT}lD_#;`
zC-}gv9n}KH*mD+s=^bop+*AOW7fM<?owAcC9A^?MBNUgyPhAWM!cXk=gGS<ub?5S{
z2KK27JX~X^Vq+jopgaRbFqmk&Qg1P|Cc}k1p~2Wn0ZSLe7=WWVMnHXsMNdCs)4oVk
z0IkVujl&_I9n>7oPlsG>_5i4FszxFr08c;8Js}3zjY`oLY);8i3hi7LN?CxGk)ji#
zX%98oOOH)8=&}6vT`@T}YgvwVoEJI|PIU{1MLY&UjL%<ZKUe3M+SY$8+~W_#+z-h#
z_^|J5a!m(`f$i~NS`Rv-S>+V>6bPefbB}^$e_+LGQGyiP-{~IyB9P->bi43j`_cn7
zCuh|d0W)GiPGlqr3$%f-L?M9Z*8JmiVeFv0@km6$>*Zu*1(?a9xv<b*fPn^Um^vx0
z^Uc@6HWZNTrJpZj680mg=#YhRngDww!dEsNYv*%F!4pMa%g&*%ztCVjF%-Rug-9a1
z$z)W)!-@yTd!27h=pKG@*Px3Og95><F?_cTuhRYcf>h=9#cgcug+&Nb(?euUi_!Jy
zp{kS%I}#E?Y>zdu*oHR=LFTiP3M(xXmkF;{XAl)L0u(AmAQ254n?{*!FK*{w0G$1n
zxg%CiZj{%HzPKfyZeHjG_k%Y|-dI|nsW%-qN9eGR6QVzfIGkqf&lCYShF%h5XDYQ=
zH$UT*K&e#0J%`=vX*Dor=gy+9hkWbyx9&fUxIqDTi93I7a@^lA_PI?zq>#&?7lT3B
z6JqjNA|Yif;)Qy*hpyaMO2%2!0m*uRQ#l0Z+ah1FJ!vVeo?)gg$C?ioBgni(QUt)3
zphX7POL7b*fygdlfpKkCxxqe*B9Zc0)<<FNRCQb?#z{Yf+0%`X!3M?k2dJ1hY$=jl
zxv4Ip7BP%3;4{4cqU2#^I0)robn7ty$}5ohYM`w9OFT?0;HRGJWgJnLO^oBQGg-A-
zvRSnMM0_aqnE2TfT7wG#9)VNRs_9ixAoUxp6_{0WDX+6r5^iR74>wxOLl1>?f0v}R
z;6q~IRlpFKB*?`zViCnc&Yiw2==pezwyt|y;~n8La2x&z9~j<~<ZApYUkn#FIZ*aG
ztHIv_2AWHFead-Enr8{y;)Fi}?6dGhDu#r%LTgz&j7Dk#_W5yDG`ssCkUDn9;cAOO
zgi^=!)kY280U|?Lef^e3kE{K$>_h0|RHL^$UO#i_84tgD6UmMf@K3^oXksWrbH@I3
zx5IzeEvA7~8Q5)NbVAQ44>rbgKk&*t#xWIX0X71J5+3qLC_gA!TBF5n=b@TbDs9-e
z7Fp6~l9BhoOs<=OAQb7zxHTSD9olGmH_W<2q7dQzyR%8j7VM{$IH1}FNaf5hY>J;f
zlJ5R3tTF&qMe%NoGMH|DSUu^_k;YDuOWC`T{rpQ=ClO!aiwtF~4y1u(QfCcZ8&n!N
zu3$GWJqhUm7(%EQP#s~Hdm0g0_jxtz-PA};xWp)6UQX#$rnt`D@AfFy>;~P{I-EM?
zFoCy{KS>}ccCFM{oaJs|gR&+P$ozIZ@9Bh{@f;M>8y}?QMo%jONcbV7#;8;51<-_$
z&waGX@byj5Pj2gLLJ#{1bKwX?&<amMWcb)lJF3wxx}Z6m6`=&oxeLJiN+2v``-&?h
zWWQJhOAui6it2%0fG#SD#<hUtjPlz+Fzr2wyx#;TUV3Lbazn4t?)mTd>UQqETgx&?
z_Ut-m8sj2|h&sf{m#A1Oy76Kzw;wN4Hv58AEH>IxJd%_FLrg=GKzR;|_`WVb5B*+g
zu8z~F%jsi)a(bf4r#Jef6-Q4Kd?b7YBHnP9|0M*RYAriZD%mK*Lo2bAlR#>0?03hQ
zwozUxt%~>cQEM_RKv3P9{js-5Joii?7nPg$@kDbQS8^1L2Oh~@yvE)XoxtpkRnciG
z@Wec{j0k<U+V08iL@9M*Y=&1az+}UYl>p(VYw2Un$<gza)6N+&$FTR{)F{aV%h5WX
zhL-X<i=oJ0+YfIoR3Q4&{R)unxhy^5DAoA#q#bBhX%tg{#t;K<Jqi5*>AjNL+q_I-
z9Fhd{*HXz@S}FZS1lh?O8NIRKn7)D`gb?jz^Rw?BRtn_g6TI`uZX94H_FF%CC>f>`
z&7hu4OcK)RmqrxQ7qY+wvw4CfH+hnnYwPBPk6+&d>ZuQXIgFmLsQY9B*FFxX1s<SE
zFa&i=q6ENDe*U&M)^MY%kPbAiYBkXy6lM0$1!o|(w-uV5C3X46k<zI>qFJV1Sm*z|
zyjvF2m&)oH?NGebO6k2$IUO<)CW$rK=nM>;p<Z>O&uwr4854Eys#&+P4v>&yBvlOc
z5~oEy^fvR7ej7zV#uT&Vkj7$pz?FaFBuHPVG)r#zS6{BGugz3O>dL4$Jg$iA1=X@g
z+x+UmVX1<V!(>&2o5K{GI8401J(o2pY`U)uVNl>g${+DHPtS;huPAa~CDgK~!R2jd
z-6OHS0&}^xw(cm#+MSL-%jUs~>7ab>7azqJR2)(mI3(`q4L0=Ul>~0R-IgEAU3;#%
zZTl6bqc74CyOK|*X{h<I&ftywJgvP3>Z2C(Kt#pU%wL8QS)pb2#?^+#&UX}GyU~0T
zhtgC&WBPX=7H-l6Q~?I!lY%0WU6{`Whb3(smaaR08}N@R!<O9xhVdWx?#DR35!z~L
zX(%PxofhX1l;DX2p@`+{P8K)7=fu``*0amFuQzFZ^m;yqVE2r1^&fjrlTSGOZ76mi
z$)h8)h%Zuz-gC^pqVJ_}9*?K-WCtO|oSw~mAn|oyDVvnKoixkMPJ6{$Tc6#1lZ^MB
zihVXeiVG$gx;zR<M#y^G9z8#}+A(N$Fs=BF_1x?W`d|8p`@-$N`ir=29~Vc4dF(8I
zk>{13xnnbMW2n*E7SU2DfOs@6n^<j<Waw#3GoyhhD6oG)?PsjP?J320@n=X(nmwUB
z1ps1Yb|?CU8aUY?787umI;0u~6d!g44RE*MTHq86j?YIMtHt!Cu>+jfsLbb{3{B<D
zRxlpSZhGS}e;Lfu;HjSb&eT_L&c=1WDyZ*hZgZvTrogur)e614@8-H+NoH#p+mEe2
z_}(WZk?q^@t3kr%?kE>C&kOad`9dNc*$T)7bw6+_*Ls>A%(z>s>1(+;9%AuV9!T9u
z@4>4!>o>$}VO59MOIzRhFYr$AdP<8Z9(&l3(fa6az1u$&$&tu@DlPR@I>Zu60WdZb
zhH_02WOu=J6p+tOxw`lT=W?dSusktgd1|piDozv#{2HC?%hYPnZnN2{Y@KT9tQ;H&
zZ2wxC&WU>DGq%z^W;yV5qOZy8lWtm}YL=cKqb)PlZ1sFVu4Y+j=PfM~vCk8-d?<#?
z`{y8!B_zTn^amYA*n-RQ*1f~@o75T$p#+vd2S~XrMeMWr{O3u*VXqZ^p0`9>@l<Uq
zH^;&y9zSe-wYr(*Sb4RfrJYCD__C*@pn;lXO?a}e*<6Z}D&0NWJjmU5T_;-~QAxg@
z!uxNE!{8YZC?bQzr7+Y%9+#bw=UnKuQA2{rGO<w=7z$%g{|XquZu7p55Y1m(K%2Aw
zZ4yrqBVB9r8|r6|2!QWtpcHHOLlR5+ywW1}i5l1}w|43`r-%2!2$yAxj&n3_(E;@@
z6KmV7D2Lirn7NAw2R<m{8ML{})#%$SN!~ymO+gaHJwq=B3kOP!G$<AwIozS=LRCjD
zfz$;?5!MGV#LDZuU0ML_1$BFV=`u4<%V)!8M%#WBc+Z8lEqBfDA4k;8JN+;k9<DUR
z8CnwwF2XDzCs()7>vn(PJB)QAAc!_Zyo-o@I(JD2SC)e}u|dQEclkr$YJKvxY-x2T
zq~d^yipJaoi@U9r%F*~s*4Vrp(M9jGqgIq}CtWiIB<<@6-WY{GYB=NsxphRBTI`QT
zMILEaFRd|@t{f3?&en~wKjYN#?VphCndFD-AJoUsk9bnI>u8BQi4ppV!gu++p}jt&
zL959)t*juSzBr}na06mAZ}s!7tMB><|4`=9l_pBnXREmv039=qcQraKGn~c<@N}$(
zK@Q@CaDD=fM5<wod8jfU##5NnOo!YJ9iaE@7)HgntCLg`SlEu{RMffbns9ZkZP*Vg
zn6vH`+vw1vY{ts$i}+MZ4@VV1IeGctqcmy7AC|0lGoA=^&P}tZbK=3;9xj|W+L}v!
z`zT2@vdvWlV~hyL6u4%JNT6PUH+9u3K{8C<&fV@iytpzI5}t#lQ1&1mSI{EwHH5zj
z6=OGQ&Wgvln-HO<tuK{t?Wb1z-nz0?pA;$Tp7UDXvfSL*wJq454$?YP8TZP6#qJ8~
zk#ohyapI+^N0n;l=GKR{iz|FLKk6gqJ~p+)>(Pe?6*AJd$_?$71C&oI-;<!9ABY)R
zmmJM2)xWbojoA7+S7JTajdZJ}g1|gDv$72UIOK>f)ZC%O)xzLS#_%^{K*Mdv_coBt
zp4Kz1xliHlV1|V|l)&qr!|)YHpOV{4gWWH7c$VAveP0s5I8_JGUFz{|2UGc^IV)|C
z^*i3V)<UzIOE!D_PcEG#HGHY;aP~E5?ebr9SUn!E4V~@a2v|=q7N#TlaTa~KG({(6
zKo3yQ0)H)^j*hUFQH&|~5wXo=5WTZMTr++9RK7*LKm{dWGkF;zsf%ld2B5JBCYtK8
z!{+xOuqwV=O@eFR&D)Q}G;aB)PJ?=45C*f~inj`$_va;ALLG?b_WTO+%LHap#D*kq
zs0uq4`RJfV(eYo2XY;3^4J0k2@85r5E9!}FbFJ8ONp;oqu3qei*cLUSQrN%F+m{bM
zrU4qQ$`2%BSKSxfUzi`1opp$EG?IMj(79)cG1IJLMCd1xk$1uYgOZ098`9Q$_q#j#
z0^jW=5Pncr7mfT@LOS9_H~xhz?}VQ&m`LFZa1=s8OiXBY<J(d8V`oLw{=QG2K4Rl2
zujRGTVX&IZP6%UXSIHD1q(ETpjLYVTrXlBv&jHPdf&N;D6fSPbH#&MOeJ^85Rvdt>
z-J6joev&U+tJ&Qnc^T<mDuew`wwsA*cbnUhHy|)DL%szPh|t^BrVZo4k6&<NE7{W&
z;1o<0R%Owvp^DQkrPNdHx{D(fb86$BZ>>n&3mpar?RRee)rP_kqgEyjXk&={+(rb~
zxnqjnIK10zDRJs+y5}+xSvbhs(^#q0kdR!bSY~w6>ZVufT&dk~B3ovnAu#sC->`f<
z*WP#kXj<4s_9QMUI>pkyFh}&-$Fu|vt|1-#PC~RUjN2j-P_y&h?zA^pa*44xrR7ck
znhZ3#&obNHCBwB`qWCb-rDVh!GSpX~8$I&1l96Lo|L#QdR=c9gY&4OrZ>&`QyBFi0
zUFYxNO&&dpt=k@Pv6YMqVyh93^DfLIzUnLJ`xth#9%LH2IGFqD@Tf*=(BtG$?x$&q
zKn1Cj=uQJoySd%_i=)M_U~ay9B~c@4Co{kJDy=nj6pTkyMum$?{M-*I_Iq|?2RV!U
zkyb;gM=oEUg&f~}7X~jU@{(-*SY0^!l!*XWB67#V*?9t;`2pu&BLNcvSTt^&%z;2s
zP2zR9q4R@R+HK`Yp7iVA6W0tJfdH}YhFN5}{aA#r%fMo;rm<h|E!Udf25rgxg#tzW
z5tT5|=PRD-G0%y)+Vt<BP_^qt_1WGn3itG#kPDTc8D)lkO`QMP9vnIs%{-{L-xX9-
zUOJa*OB!G3hq^_=%ayo#17*7_BHDXnts{1`=%nyn$u9!0enu&)sb47!VJV}WD12xX
z$MhTv*+Pv)#N~Eu`5NwsMbV<<JsU=xQ5hx#0B`lRF7oo#dRZlbORRAq^`mhHAc47-
zo2a$D_pUbeNST_OD~?V`KDE{yS@!UyZTWJzdR#lfiGg{6gwY*KN&f}7jm>zQncw6u
zpTxR@frqXGyOkaV+|}DrOnpTLUy(nj({H0^<_7I2*@mPAcvwtg3|a`+41K*?y`2I(
zZrzg@yU`O1MBWz7HF+(C`yv@yV=x2|opW)BHo0!4)wTilN`K7J$E{|go9&>bJ2BDE
z-;JKOw=~znY9Mm%v-AA}FAf=2%HT$28uY`+U{|BQU<!O(c3Xh8`elr-Z=A)!@dFXS
zG)-an@sHb&_H8Y?UAVza+RFyKOIKTd<`Q!sqQ7269CoGoo}=r1n>)^5rURcj7BPQZ
zxBtV1V^r@!_FIq!D)6a`T^hB(I~~D&hj|6WkH=RAJ<6TtiB@N$zLK3&(gJ4^N!!O2
z+{||IGHo#2dDGqZ%5uQGv$ONPOd^mLY_?B4&i3fC6AV49vQDboo1_@2^DS~)?^h~>
zm6kH})ijh(7!vZTWV2_cWEQRRNRn*&ZtqPe4G8$#46x1g8_D_$LUe*FY)$UTDKv`f
zJm4LEP;fF=rsgu}D6YF)O6?HcGNsEx5GL`ORM0MFw?qg-AA09;ixQA`aIKz3-rqHC
zQvjgwOgEnb1$C(%Ys%sGaX^t!v!TTS<;nTpA7;F_De<Bbe-cl(CdBIE!Rp0Dq7F{<
zw+mD7=BQjo>Z2_e3Xd9uC7p~Me|+JP&hlN7<WCCS*@v7}r5hxzBC&3-<Jm+5;nzV<
zdS|HTIbuSk1loS{sglz0F`o}UD}e$!X%l*W{&&Z&dp}XH;8K}WD@#F*_bU>QiIkCI
z0w`gJDR!|Dy}n68{oGo+&K~NIsuQnDt?pMRUViU+C6T^=X0#;C*WcI}NC>u~6ITun
zCNo?1+jY1&rv}Jwzu-}L7e)rjy@1xofP_<#(h{2@rN?7I@{=y9><kVh3>eK=NU#3z
zCpO4@xcB{8KwpOQz|7ZFU#nL>Lhg@?HqUK6Y`@?0<9n@Oi;b;RQkC#5DO0&)i}1E(
z%*Jrp({0-zo?G|{4JpMMeiHA>V_SHyWsV}&h3b9ZQ*xR21`;!b?|X$9dfj5r)v4T6
zqp2<FcL=H2`b<*WPIRP?KfvNvZs#8~e*6<v;$uHOA<DTxS@|<s&3;qXQ$TZ`hb!tu
zPdDlCJoB^$J#V#D#>%zavz_=B7We^|NxV1!i^kjbIQTm@<>}SM#uRj9cVGTK*Rz8O
zF-Iz|UyoHTf}?KhX{`^?y7p)^?7q(t_Z70Qhe<eSd|FEJxJ_UEy;GK}C))9dd#Y#D
zqTp@N`}(Ag$SIFV;Vu`vwLyNtRp~pdq4!oJLrO(DM7|0?*RMP%dw6e1^q$oZ52cUD
zS_CN*Y>~vQZu7lnTR{>JnbFkHsHEYY*J`VF)jQ*|Kc-3(`*XFot19ZV=SrHYX69CV
zboL+|MU#R`FK^_}aIODvCJFzgeWoZMZ;$8GSa*$r(XpGXx0nrFWm(s+`8lz$uQ_aT
zt-eTy7WHCmp|MTh;ZEc0vl1dV5?<SV_N~5keAG<L<v2!N4J4&_`P<tDyRGjC-smlJ
zvjAtCil7M5q3lPOHKeeB|3$cX12|BrnC7hf`*0Z0|HfGVmz@|yEVV^PYsqc8*wU>#
z=0-+M5HM(Gq@KT<YY$cKXS`aw^JMDH(~Yd+IMro3&%^!~#B6Aj!yeC})*2pfADOd?
z1cCy&F8!GuOZ40MHvOJmuO~_hsy6GTj3k7eE==>IvfCd5b%4#Kff$z=4NDcB_&p}Q
z2M(wfwig~1)@FM*a_zmI@%6rjh%Yrd$?%n?&fj;h)ToV%T^%W{G`#0HPSuAJIjK%!
z7^+;FQ2qkZc`$N#lO+*iOt|S(s51ZT6|UU;llnBLLQR^-4*t$5!!cY6cabQY^>ICU
z^5innC%S3nK2syDFk%)-&lb>fz0_8COJz9WBcCK&I=P!heCghRI;AWJU&9?;1CH~Z
z<}%7-@4mr*yH1YNWQN}oh+ZiW-_HYam!AD_B(KY6(fYMfoqN0@QsQ#L_G9!2_KHhD
z^EBl#EO}W|)ae>7+v|d!25Xrk(^+D;Dann1=)HQefXejmoW=z<nWLK@jPS0oOLWBl
zm?NX<cq5%p(uik3t`v<dlws<2x1obG;FSCvZqoP2ETZ3&CY^4wemAhmS2jPf0jJpN
zMn~8y;zLjFOn1C9LA)5>?p#49js(JA;=7&2h;xhOyAyVF6;8u=nV#LnbQ~}x(eIRi
z;p`3pVN&u|N)!+op&u5!9EdFpz7bP$M724?H)i2zgV^h|lS!w8x{&}gzI`h5i4|KA
zbIQe9CPQ(;+}|g;KVhROd`vX;f}JVg@J#vaOIPA6l@1YnksIqLg^^d@s(j~o?n@5G
z%t(AXBl!RGjF@vW=+{VIjI1UZ8q07^3@@y#D0>J^m~kPfQ~9Z^!~-!2-Yh2Ouj5LW
z!(hR)g^vf<6}yM^C7(tQX0dmG@86M}M%jXxFiIXcW(02<gE)`@WNz*3Wp86e`RNii
zjMROUT8G=3^dRhVPyQ|koEmHyJ5pc9RS%=E!m7LBVuNdn6YfDzGmvbk7a*)t)(Vkh
zk0tUJM28Tbhke+?M^H1WQ$0}6uUGf`&0IZpwa0%~<4BitQru=(5O<8Yua9jM!eLmb
zhgd=1{XQ#OrGJ`LGQK~B5GI13r0l&?mH8;bHD&iR9}hOZWHH7GMuK?wcbsg<b(-R-
znVbR|10P4C#S7yak}cKU1~c)4xNgfcESnUxL@U3);#GJ7gED1;>p$k?Ltucwke&dR
z)^bv33>Q*1R8+76Qo4)v03i`)cK&PzCKy_Pru}7;HQgM?X4rjw>=|pg0CxAI!_Ldl
z;<f`gnt>^xH3|M%@)$Ua<9WBox$vw1VV^8kj!{>z`)CnP-2OW&96EKa(3C$*0%k}I
zE1yY#OI+XdHda2DT`lfV<ARVX*;C0*W75e>sCeimeSg%k<jY$HFZD{i*TMUKgI9Bb
zipUkn=n_A80@!5<u_1)rov(&iS}4e|y9~h#Fv1E1-jsr^v4Ankgpg1-u4l0Ml2vHO
z#T%QEVmWG_?Cc{!`>RE+z+>`o@2p<2LwtE5b=?DsUaxy)6lhr|MfZyf;ssB6!m+%u
zWaBK~k2|lNa6oF6Kb6y-03auhV_3^i8&*jYx?ACNLJTwlmTT1eHs3s2_O%i>Rw&0h
zZocu@9JoKx?9w7A-JTIEp@nFD$akR5UKXvQUPO#O>u>gy`@R9y^hSnqxhFA|QV3Ef
zP=XlcYIN%<c@Qq*&Bnr`j3MI&G0q5GI*oX9Q|5)Q*53}9Jt@!;QJkzhv2JU3VH(#c
zPY`eng~2@hHn}b+hM*?<6~!wZtylN^2twydLzeU18EG=`z3Qwp%%#2SRgH<)avJ6h
z7q-u<V@|CCD>z|OKBk2uH8mX5z4F+~%4zhpx0&Nv9meQ>w^Kr02m&L^zTV{e+Bvv=
zda~<EN7Y+vO#9`qHuU4*#<8upN>QMX?E$7lw6{K}yF4$;ZTa%RVrj}6%=G4J;;7V8
z5OOF`BCkbkh=1+(CgO}_@{aia@9Hi+wh~H=F}vS8fG)*Ixm9E5A;Px*!&O?8brQe7
zLBG$&gNyE6-}-9b6+7-mO<1~Yv?`m1iofz#sh%xU>$_G|kw02xz=ZH^$R8_XzwFO#
z`E(`OlnAH_sHqC%>)j;)ry*$olzmHH-Xj3i{8Ta2uvLYbvZ1!$Us)JE#e0?(#@=1H
z4^%<aU&9{pq?+9BO6DH%Prt-153_vAlmAi#C}AcHgg!8vpW%ZfUYZ`5j@Vo<jOWOV
ze1xq7MDAnZ)pod{a1O^jOWP@eUtye}rVql67%fkUHUpZML}TZHBUO9^o_D343OlmC
zC>dd8(`tuREQ=l8Ob?tcM?y};g~pf<js{p8F?x2eEiN@!IBI2udjzP)ao?})(0K)P
zE&@Hy&7!-*IhkKon8tGpRul*v$Hg<B&2htM&R9k&-|8r<QI`Ey``qU9#{%E0(;%A;
z9HZ<8p|^Z(mWC(9g<?j9O0z$CeHyR3(tK}Hx8p+Qt(4Kh-Euj}!tO@yx4r2>gI%uK
zMxlnergePQ6Z4WKpS^Aya;L4V&|!KhHs&#3YxD{+i62lGoSBfjBH(D_{4APNVw4f~
z;`WCD)$kzFf~7Xrf@PJj3hov|sdy!(%S?%-UbPx&N8db3`)mg~qewqDq>T2*?<h#G
z{kOxD@57BbJGng_A@I%6N<=^jSKI<iV1+ikecc8pvvi#IdyX+<8*|F{kPBfmW9_}t
z9y{7*nAE@7S8MjC`B?jY<MOp?cNbaCHxSm$`zh@76?f~o7HYO?T9xtigJ;WC_7FFV
z$M@YVds|M1IoDNDJ&~~rcVv9ccwCdti;BNiSD9*9I>BangeQfs7}!JwcP2A0^Hsif
zOv5x{&XK8C?w~4qixerV55wfLwZ9sU<x6<PwtbzUe%jBf4;*_^MhD!zzW7{FqQmi5
zCGq5}feyHWNZKKWe<uD`+ZrA#BCIMd+0#W)Y`2op=Y4MES%p9s#LsPfeuBo8_DibL
z;6RC3-}Y*?#$wz-FLI?=teMdix^)eE{sTA%eeYE3TQT<eIiEW4C6!|^f%`&7;9Rpn
zx>f13*irlOZ_XIgwsbDmv+i)Uk4a$f-Te7oevv#0IZUIYa>?H=_WEH6?I5Fkahw>U
z`vIojw{=~>ru!<}^^MYUrn+><4K`ls&ReO%{-KAyoj$gbeX{6=Z=2mlHAZWG4r)#F
zO7{0?Gwnr4B+7hK$Ng;7rx+z3=vOtq4VQ>^@Vb26Yv6BJC)24`???7Q$J~f>Xqd^D
zt6bsuP{Osl;oxp}ZE9{@NDLftJuSb<ui2iSKLY@Oe2VoOOc=k>9M4V#PMv<aGUD0f
zNub#A+1&?avo$64g)kkqV+)$=&m3z7LdacvhrV|a{=yob`1}5Td(Nep23bRv()%#o
zjzhaXal}SpKtoGG?uU*YomNbJ2uOsEgDc}4k6lH?3LOU+rBQXo@T)zOcJ^eIk<sSk
z`>s7EZEtlt+6DaeUUV9lO?a-zjm;@fIjCN4@tU0ooV)2VBv@MD^N>|DDaB3)(Lb|w
z?7aNq^UNG4bI_Z<eyhxlXZ7x%Q?!Bfd`I#jPluO9@_seCo2bO<er)q1V2gVKeOya>
zY%4aDDzz1Q3j;P<ffOZ4sq`?f;jT=oEmH#LO^J?tUtM$|=zU64!-63V_81t(7(SuF
zdfPp}2e{MCgw~v=@eS{33EKw|hzDCr;bQi0ylQ9q`D@K=Z6bYkS^gy!b*HBH<9h@B
z+X6c?+4t^DXJ|>ZiLtw17YTiII5d#?rgiXp`|ghfdIclbs-L`eD+W9xMptQ2$rcX8
z`}96`ClX$VKr2&F)OrKue{^Z8dwB7FjH6z?>-_dXL>y2{^IhhQbZ?u8wm1oZCq*)b
zXRRc2gFq4@nEwj^>b}rvF0x%JjBV;1Q`j2u+;GrU=@u<a$)BpxX-KG(GBGF<RvarN
z)_Py`wwtr8U0Wt!(KwA=nuoijZ<KDGy5=V;_?9%=up4?>Mr^lYeXc2>-IE=EDxeH;
zV2p5D@mb#R$|K+2tEA^$yo%?oJ<+v2@~M2Yk08LloU}F23P9i!5261*?SNBRs@*~?
zmhTI=uf-wr--GeXH-Mt*Y%D77%&Zm{*~GA7jfb^$_SEhs!~RD6>R^q&6J3}F;xQ`4
z8oBV~m}gFb?V71yKO;w`F`<wA%TeJ)^aGc%E0SGyn*(Lr4T_O^MCYjkQRi2Uq~G7X
zY3o|H`hJ~Ma}LuAaVF5vc4|3EXxX+m9rx8%`RuPlb?E)8BCpo}E_xx3-HI0VnQLRJ
zt1=&Ag6Sk~`}?ZDAV#Km9zb*Ne36w(y}(jsKDC;>ykew;`)VC<+VE86p6u{({I<8%
zrvZ5l&fbQwH*M{m9C1rS>lLqvrlZ@)Z0BOhR@eJPZQxwhYjuV9g3_2O?=&P<yw}$u
z8K9lcHHTg{uHC(stMzuXn}O<C)nP*$D~gK5ud&Cd=lC*792G$s+ju*!tz?kI-ZNoW
zw`>*Q93K{Y!I^bfLNtfU-aBc&dUItJFW)?W{GE!!Be$pJO!luZIVVuiE3o@ADe3m(
z2fhMJ;pT?-!#8ikTgvPOnDAR#ydhA}54&OuHE7}A&5-~&mPP0e5AN79%QP4pwb1;D
zS~S*^_39oe4u7}{`o6zQ-SMl-8?q@+a&6CQZJ_$a_{k7kepaQ_{j2MK<)c_OHCh_K
z1r}~59T)UxtZyytUD-@qAA0#VBM|O*5oM)?ve8N_Xg-*2KX@Zb+Iyq(El1ImcbRtT
z|IwI=wVwP^vAa5{t6=P0rTugHM30l%&%oU?qMWre(1_V@Wr4D8jN`FE2jK21qSz*Q
zEG*4rBmgh*qBh3W2zO2w*f==OOXU5Ey@Cr3(LnlwX$yv7{U#A9`gUUFO(x;VOp0Z8
zefaxE*tT)JmBZT_Z;SDGuDSasM&Hu1NAZ9IE@76RGg}-GX0NqdfJRT`HyZcK!Ksr6
zv3#QDS44HImh!tldpnIjoxR)g%coC#-(gT;*;nL!Vg^ES%<q@8{oJNt9)uTF2Z*bO
z$Y;eE&3`nc&eX5}G-a$=n&b7H|M3CM{?yOjUApGGgo#F1;7;t1Je~i)x1fCxd2CHz
zGn9=mhWuWTAb*oq=F?Ucwlm75hvN4ngC%ct)wurX?(lAVA^B2&tkB=0CV!-AOy9F4
zeeD=PEH6+|j;k06Rk>w}X<o4|I(u=tmVwj&O?#g$k-D$pr^j^MT`*02JXZ!0TNcqq
z8Invg*-H*0HOn@KQ%3-ZC2x~0h+C=6;?Aps&z~yMb>K`dCQgSpxnjK*4C}Rmfpg-O
zBx*mdEu{E7i+z7qe&Frf$uF*D{hhf!u(9XcwX^dr$&HPlInhHw|1_=6IBpi4EQeAF
ztcAvc$1?DpGVD*5tAjRcW$g0>6oC^do%fekj$|Ib2|ejm?v^TkTz+zlM^)19g+fL5
z#C_M?Ul?m_o$PaAA8DI$0U*;Y5$T%Z%H@JhU#8u$YT@O3<0~!~hg~~$8*8VHejfyI
z+}YE1q^z*c$!Z`)fxdDz7UPH-#Y(cro%}>>TZ)<aUTjQh*Qd3NlF!J#so0*|eLU7m
zbYyT#&BGF{M5UqOeCH`WD%ijV8r7+OD&U3Weq&zo@+NMzRG(!lOde?~IVy{08%;$3
zbzVt#xw47jHGY8BVt1fTJ6zX_&Hj<`xL|+o#ck~QU~)9JMN|`sMYprupFWc*{Y9Px
z(>2khmmjk|P0gnsmI-wE9{U}g2f|u5S8a!*7Vhfl7`ZI<_^S;!sC=pc^MpBp(H^}R
z_~^+*E0?$O*!*^WhB0HK{PC8rHaUlWQl>qbUvRI){eqZEX)+(OD0io%ppV4#ZN5Vc
zruK;4W$n#DtBwM9YI2q;%7cs3hBURb-nfpUHcra!7rr`R6%&T*FI!*}iE;924Vjoy
z$0IdTrZPwKGLxs(@%~75{ls}G_H)*jb?k56R&!D=*hR@mCaHK-Y(z252zqaL&~ATV
zu=OsXuJN$D29$VPIJ<pd$%*6zU0*6Z#j*lmK63X<McLrmoI3vxUvC{2)fcr53yugP
zAt)%FqNF07gLF$bDBTUi(1?T}-K|p6(lLZ|cQ?}AJ;Zwk@b^65`(D@ghktl3&YZp1
zUVE*3t#z-xr}%|CIvdF}IO*`?+4C1%M8o2$En4|1O%D}Y;R*0P6<I*udq)6L{-1tX
zrbjnf+15bHShhQMlg+Kkq`ozo5m`vd3D;B7!5fnUrb9s?GVC*ZMU(0$I{tWFZw^}I
zGb&{*lgwYZ?8wQ(49nu4?y`@FCd6@<n<Uefni{qTI4Ff^y(`bEOPW}2$8ChGiMM0!
z4rL`V6wL6dt`Bz?2Jf}dNG^F_=M|20`-nhUm$(+f?1?o-BQ{8r8C{N}Brzy!kEV$4
zrvVuJUBZ{i*^WP-X#juTG~1oH@xPdaFK@CUBn3g*6aP{;KM`b>?K|lM(5Q1Xx{a=7
z;SYry=5q+te7u%vu25gbn?76f2(<`*C)>GP+Isi>(pjfT5>P9*{}5Q)o9i>VxW|s?
z&vpFC=d4zbNkd_Na`|wqF!F5Ulbgrq`-015ZU#%X?bEmb&T5ddy?`8+)}$K=)FO&d
zuDji)adjnQ6Drfh2j!B^0BeUp)dUDw=-%O*7muWta!xoZeb{wzQk(!%s!_c!^CFHk
zjsYylWoy4<2$aJ8PLT!RSc+|ZauJBIi#F%+>agPW^NG%K^DDqin}@RVYmvNRGhNmf
z2g+wZNzmE<r+U_=*F_&vw~a$q5uxf~lP}p7QgdswcK?5JdUs)lwP&lz>p+#A&^q3u
z)Tn83aDCS%)t|v~7rhtI=D*8~BRWUMrMbBT`v?2Fl?QPtu4^(O#FB9%NI^a`TKfh=
z!!?%?uAM+t<CSdfk)&8v#1~P^bxNNtLUlDs$C!2zO5^B=B<d}VkqGnDpk*V;em*(K
zn=Ec4z;+;DV22!JubM~q`{Hnp0UqJej=_mc_!f8e4Ey09hnjTJ%!|;=A?{!{!lRzN
z2uc8H<2_q^%dfC(5$4z0!>)3c^A&*3P2AyjTJye<w@Cy~mD_CFLX?~&_dnB(gGlh1
zDt-adz7%s*6<Gq8@%t@qqOF=87Y4%2^W)<q?lQ=a3=L_JNTN=@YMhH_vO$+Ekvvvj
zw341}?CEiq4KiP1Wsry-14!i?SeW=)zw#t~e1EXvrzcA$9lQ3JlFaHTt?4n4l(vNr
z@&{BEcU<El_HBYemS}wz%txI7q9hD=Ww-O@IXZ6eG{*p{0GCIJjJ4c$$ZSHYXXf+j
z+jC#%7Fwi1knlmX#EtL;u{-eQBygK})P7!A0(1@EBqERznOSsW)!1h*Ya0Ggy@obL
z)uic^XS|JKbE{W|?hZpo_-L?985(=G<~39x<C<pGIR@T)u}rX#Dznw4FmG2#&abV4
zOQS5;LyJ|Ij^eI(R2Ip`(lw{k?)PtS+o%h8;IrCA)!?lXsq2NTrMg7rk37uzHBp+H
z^0YD2+-kJC9$X0p->O=s-+6HTs7Yk`ZXh-%X7GxgMEE3VucG**R+~B@h}-2efByuL
z1<V7w&MT;rIIeaMvBI%s4_WW@$#HD+o6V1YagamuWTmc7on#7D`S{G@p~)aU`<x~5
zyA<c@Ns83O|0-fDseZs>FCI~@R4uB>-?7@O&~GbEC;bxeyX+MiB70UD+A>b{X3fAm
z+)Mn(&dxOg?s81*f36)rQCj30vcvU3o17X(H@k+DFMhPXEC!3N6xsceu{o~6n8UvP
zXq+ZmFK2<{^<W)e{Z7u=DV&wr@IwBY-i9fMJ6;{AAAuZ%OozMnAJ{8?pi#%BLO7H1
zoZpXXvqYPeo(r%X)uxsvIQpqhZW(1{!IIS3SSR$VMa7~%UC25{ZpJu>{FZ%?ce;uI
zNtKuFm5i0ik+(HP&z{>HRX;Rs;I0z^`}Z@1@|JlCe3f#3;PpG+(F=c@;Q8+J;=i(8
zZ%7i#=(djLJW=%n5W+bD0m4a;NA$k}yP@jV;ERsRNx=RICl`SqKM}5#dx<mgKgJtm
zv<6D-Q!dh08x=W0Fm=l}Bm%7ukqRDRPl-$S+T}|I(WT#IMpJK77WPCx?wXpAKokhZ
z4}Rf~I!lD*#evFGTW?TLFa2uNP;IU|TVsY^Ck&5pp`$v9d(O$MJ15v_t((8TJ4s^t
zu6#7Pn#Ow<q+lx{R_<32EAwq8J`39zC_;X#H2S@$Z*&&GZ(Oao3_x!nf*nvK3TA%N
zW(+vFtSz9_l691Bf4ed4ac+xpGL#WO6W>i*(UbDV%dy1Xq|C*A{(QZ!-hQ;=P#Tb2
zo+~E8$33ZTgoIRp3QXBe7MOC)ThUv@2gbkk^Q+9XCJ*nj=p1-AwSv?*MENCI5%np_
z0GRPqOSHWQ@AZV-OHx@?y3UcvwD}K_U%@R1DawulRj!bCqPID2@WZ>Gd_!S!*Q|ir
zM0JDEeE+KjfcGDuZd1*&XnsxHXlM@&zDthQ-|7b1w$@z}8yM_z>%Z}C>SGA{K9vd}
zX<OdZsFq5`+YXEy=z7ck3>nY4IobfB3%$2#)xrPDNQi?TAmK)9B~(2QGU;vq(yuqQ
z$WJ_!o?r=(^HY}a!C(tIXeDR3QmXGJ16|B(yYjYC1@^Q>r>6)S7^3h5IAX{DnTjpo
zzo}Z^j>vP2Hq(mSVN#&dg`hc+>;&tn2ZJRZSXNfRi0p&{J@q!HlwNvNy2yhG=nw&r
z!_6q0LT*+LAwe8`z{yp7s;0Ki4^#=hyw&PmfX#KoT4#4Rd5c_z%xYIe1vC<v#HvWz
z7MZmLYr)f<jIuVzRV)+u)#vkK>|;_fu^#V6ZjLkIhr~X&89fGao}|H+lnn7hQSqFt
zX%%Tw0B0q&>m2IRbUB9TzxaPArVEG*=Rnfls>k8$qoO)S<aL-^XNE)2&XB{mony71
z?#627u645&4h4#eL__IuC5Ya8F|k`yj)w8TQ3N>u2zq3jrgM@3Fkuwd)Iym6Q#8hA
zn6hVFDhyc1MB&M$R$<{H+iAv0*ZQw}Ag3Xp)lSNX5~<Y__08?wK&tZ@W(aZ7J4E>v
z9E#Z30@B4=K#@4w2hlc6W`bBzkrxmF06k^siN>Jo6Y}@*01-ZCHsqbjG>ZyA4PapX
z)|&RvL*gW+vmuIG|F~gmzb=l@K(zg8jy@NG5|f|YZYU#P1`Ofv^521Q-L~B%N#A-0
zFFfg)b3cB!_yd<2Adu`*{Vk0ta=ItWgOn@?<cBjY*Q_*r@Mm?XQe@SwU_m!S0t%Wy
z*{kG#s#o*40K87oC_0(fj4_w%=(I<A*2q~Viw>aq;DG@rWD)ulfFHwba%>1)7&HLt
z{PfXU?FiIoOn$3F48BxBV6rMt=gkQ<pwe6{yGd4RW+*yKE)m?E18LK<x}Z-e-zn~X
zA?vyFyFtWumQ{2t`sBhTa51nQ<YaCmCUnm$_LgbsbW;>Y)H(gNfNivCm^I;Tr<JY$
znjQDS5H1Hv#W5;pn#1LnY!$!>j`FccJMIMS^lzdOCnf<v!^`w`m&vkXQeg&xt3als
z9pT(eJJfy<%funU?7(_LlB7>OgY1VR+fK+lK;Axv#@DaXd&RqX|E$SDJg<(?r_@YM
zmhnoE#w1#&6{4aXXR~q1MCaI+L&`9m{<Y-3SK3YS7v%Tfe$YjTFF_^S4zOFLZ<dV0
z|M=5kMYvDLQ>9C!Y9}%j2elR+AT~}lU}O+mjwwiUVqF~Rs599mpHB+l2H6j}JLHs|
z|B89bb;bkld4FcQ?i-p5D4QagX&0~PcrBLkDegP{Gj*e#YqYFy%V>Au9$8wHpr~~C
z&!j0!Qe;77WZ#>_1XtvLLrX-*p0crw%1=z(7@+R9$<~;gnk|drzverHr>GSGjB5SH
zk(w3{7a-l*o9FDR5!m9;;NI$SdUVEY(1T|OxkC7z<lCxa2#qg&&|x+>`bp{;{Kzd$
z(r>pu2|(k_7BhHp0OL%psHzFV9_$=#g}b1|n-@P4HPUTs@Ug(qRtO&s^O(8Xv4yU5
zDv>uK=0%>w%@X=9*vd@Pb0msBm15E{vIA1g)~>&B_Q!P-I3#Th78(GiLTD;Q>EKjL
zTFmQu#K8t+Hh{bNN|^Bz1UQ@z>0MH|t5bZkB(*;Z^vA1ZAyy`p)h9<1FRrHvI6sh_
zHcXi>gl*k-W{Zk=Sjv{X8OFpq6mzA+j};t8H@IT;PUQ@t#ZEv`7C}``eqO{fkb~Us
zKK^cDB@a>1(}xGILZBt=B=;R#_O=$kxHH^md>KJJw`ZzDJz$B<^L4ebK;>3%{ccLS
zhzdG3LT~L;*E{Mf^Q#s)Ex8_CIa~g?u>6n^D!4rk0sHd5RbV54Yzx7O1~O_jot?c7
z8FMe5WKLKCY<FYWO_y7r#O;vOF{BB+!BJq*g`Zpf3Fp2w81T|-`lygvErn9=MrsGY
z?jU^osIu;jvty?oRBSg+1Gl!By_tG|hK(i%NKuHI;yyAtB4^^m((@948-!280ekKB
z9B^(;sL{)tfL=WA`I{{~SL*Um60m9Ht?odB%9)}1YU-dM^Eve|u<XIb#8l0KQ3C*I
zoJ4PjHS?mpWJnJgOLJ7i*}kLP;;4d2rK9c&*5H^B(Uh1-V7vck<fkPT={xtV$W1=%
zBH%n4?C?lx>^bol3=hoy7Y!T-iWto<U?UqQ^*iu-9O4FWhbWbh*ON*YNVpi&oQ_DQ
z$;+if0|NfE7WwE?-5wNk2QP;6=*hl^c%D=DD3l+TTl7t(PcCh*ERR`A8d4x7>zj%&
z2Hv~rxc_+5XQ2iE40zf{c%Kl&7HdYZb!(-P!}6l0O42zIH!(88@8ItcJh%OI$E)&5
zi@3oq*mq3!zwkH))C%Rf383y}^{@mp%cFAdXEPyb0;3uG7TS39<`<{?JkmiLO%F*&
zqyXX*&e2R;P5Q&dOu&7ZOS|@hl<REQr_&1$cV>hp%G!>mduD#SGt3qw1VEzNF&FB9
zPNdF~GYy07a0*UqvN9cBRx3@>V9uYFLwOMkl!{Ak09$YKowoJbHDCbUIQQD3<@*?A
z)t|$Max@eix5k--sSOZ*Dvk$I+@+?uxvHWfYHvY*hGDAKOgfqAb9A9k*ROh7*Bjk_
zoOHaSqHa+FU0Xkux(umjMz*{GxZ<S$(J#Qi04)0<LQ49tW=s~ZU`;r6UllZ;2LksD
zo$mn3J3bI;|1+4mn84eYY3H!A?BIx<$!TuZ$iWaZ8lbnv$W=Dqf<v(_V+*cdU!;3x
zKhK4z!s;81hDM;2gl7b;i#bNOA?aD_uWVoLU*-mt$x_+84>OQbB^oXFDPcjjVhzen
zR8;ggpDdKEWm&#IG$mOQl5p{})MpE|Lhe=#Es4B_UU;D*AFUg9j>(Bi=Eb)tN%pPe
zm~0@bVV~s{iV3VdSC;vKGpobZQ53U{jj|pSvvQI#Oh`;mjNA5z6C=u-<LYBubqMms
zC_dd{@mDi9d?QEb=fTZ&_&hvt@jyIkhuU<sDEaX_?JwhbdZ}|-f+I1xGvt5`VG{oI
znc372pvZNgLwv7H>C%3`LR+U!^r+o<$oc%T>YaqRxyb*Apm9UsK?SM>xT|4nK!C|y
z<M&JFCo=8#H`_n-f<C@qg<QgPPQ{lA_@7I)(rC?=Drr!-&Gx+g%r=@b%c_6%XZB<L
zK1Jn5-1tE1_b?vottVFruAPI+R$+C7v-JyS7gwunwnu6{<S^}%-4cKPY==}GF-mbT
z`2H>AHGTsC65#lWOJ|m_Co!bUDf$ev2xg{rGo~4D6#5>D)BJRA9YYOlkr4m$wD5Em
zZm-djua@nsq@6w-6Ash4=q$<Ex$6##Ds~@~>ETb07%Hl~cf!=@0fjy3a<=ZO{tX%Z
zRTflLResHA!=%Hr?^ofG_w+<y{E63N1PQkX?e%|HSrH9;Dyzu46K931{P5|Kl+fJQ
zzn5tWlhvUVh740Lv8tJS`*F$NI|h@JCjrtZZE%~ta-KkWVI$16ruOlA=2Nk_8T(H3
z21)$3OML6Qa-W&YwC$40#pJIogRJjo>CB^_Z0`uN6On6Sp<R-%+~Bnq1+Gm#%cEj5
zbQ9DHfP#mx{g$LbL!@40UUwN^!4KJOA`4}UKwg$0JUJT#LodWx2-8O()xFTYZ6iGA
zlD&$O1jfymoa?n4AijjMov5(h?&$88yy-AL$0Oo*?q5sZTBcl2e`gDG#DL{>Ris~R
zuNY0DEI5-)h>2jKUoOdwHBgvW+!ib6QWq)ojc}3GZ@5fpdjCZP-{n2$g1JSJSGXX@
zgr&jKWK#=cO0Of9&BI$~PB{%^O~g(h7Q-)LJCg+jv*j>|DV4V~tAZMZyZar5n5owe
zf*Cp@Z6~<T|IYHqFHbr8l#C$LP5{G-2NAT`EnV_8Q%A{?7P`p$PF`Nbw^Jai-!Vr6
z$;Byw12Ua<&neSj-3x#CQc9GyT|LB=TAnhEYx$>h{Ym{ydU9O~X%mk2P#8vkrIJ5u
zP<@}K)k(za(jRixbzzY3%^jM5y-nWfxb?XGsb~YDS#Jp4?)|Yj5L8yPt-q2hU!eiI
zPHx&_B`Ab{Ga={S26v+WSt3u=dg7B{<Q|9ZEpF3oO>m9qGC)1>o&I$GIj`m9O1LPG
z<9zT{1D<a253X9X9Mdtk*%_1SlQOTyOo!Z=5)Dfyr>X*BL78nbd;-}q)T=JFBCTyG
z-ysZQ&3AnSU=TXN>#=eE_VNp$OG>}%G@X2n>(qxO00h#!qXoraiDZX()_KMsUYGAl
zX~RT6UmncXwOwae9rh*<7y!zlh~k83$m6%<m5*N<MKg)1+Bz=<dJM|nvH4CpPXleW
zvvzLilkAVjWvKxwH2s21d{Wt@;!iE^E#@4Z{c89TZCuSSu}Hy8wj)Gt{Va8lxy`yh
zKH-}NOl4wfBG0m21%euvvH&j)t<_41%^8_R6bZJtPc$~J&;ymX{hcA<9`4ak`lN3N
z3~r5g)IHBpz|&W_fUNWFAlGs(M#yR{-n1mOg$4GOqhy<y@Q#k9ODpAe(b@d4%a%cM
zoJ++~h=r0>=4|;e+`cZUvj1c;JX(5PqHbGS=<>*;HTZn{`hxh!PH`U4N)r<tPsI%x
z_kffgxEyBi4U8LNegbf+0f1vXwe0uMji1t?8k5~(UJMi}Y4D$?ZB`#7TL>VKF*i%+
zE>yhdko>d_JqUSp$GzTX9$bnt++|u~2Z|q;evIOc@ojf?<s#F^Bx}#1m&KYa>l~zi
zTXx>nfjOeAoauIO%@#OGbiQZGe|Tt0Tdp}IXgd7ZEp6(gn5_dKdE;nmww-g*l*R<g
zFrbQ)nrf!uZAoo2mA}V)kBrQC>+SGk0XwuG4g?$3uls;Q3aZC<bu^@{TQ8@rk~gaP
zqNisgO332D2>{`Gk>S$9V{EOiz_~7`DisJ@HVmvxE<%>`^LHk)8Dwg$u7L#f#le<N
zS_Rb`@F2j?n8o6`tn=g71sQI-Pi1X80~I}IkJ{gz-GrlIF(Qv2ja%04&^UR^xYt|g
z5hJnR=FnQZDZ{ELv8nn-D*B3DY`%9mUJ>K!>mcJh2>1n5nF4|W`fdT=#oU5wo>h01
z;@#qHWyR($pa;SK=D}xo)_y&z!&R1Vm9Oq0TEj63SqX}oEB`nuV^_>|Wp=Iha-mK`
z@8$Rv?`1`q?b(YT<&c<drkDfEgpaTg4+<m_4~*z1)<9+-NFU%O{Euwrmc(s7b31>7
z9%!yC73PY{4m_ek&LkRE&*#f|Gr!Q@Z96p0kRq*aG}T|MK4eRuvVM`DxBg-cUN*sJ
zWfC?8pC{t{$Wz+bzJef<DEVsauB<$3fjKAVyQ;|Umdza@junVWbT_sxss<tt=t<5n
z(puHo1D4=t|MwmQj|O8b{n&t?(ws#PGqf6A*6q9>P>B0@E18PGk{v_K(99X_)rz<~
zABPuyJxDsz(MigPCa!|!xW)3WcK@&L*`lArvgugedi0jc4jRUXEaH3uUh4JKA)q#w
zZg3y@69UzvPl~Z2@>iIkYQEPp)~)qqHsW{%AqFw_xWiIEJ<qS44}7NGc48dlH<R5S
zE~f4%6GD!19WEAn5dxTa3JActuE#>QJ78^_>PTj?um!TSx%me&kxgo(ZF8+Jy2I!U
zbP36YNMl`%xj{y|nJT(-Dd!AteRTztN*)6G3~G4rYN){e%5@Y=pi%*Ls{_5fDx{2}
z_9jGqWJfbeW+aIe8UYgb2U7ERJXY?R44155ve8~6iYZqy%M;tCqcTx@f(xT^1%!|t
zj?0T90O13UiF|y={Vz=%tb&7Tn&0bQNF7QiD#s1kTP?61ap2e(x)W4BaW42W*4ivP
zrnN`|{>_<&v9HKPt8!}~xlHyas)}>_HuKp^g%7jdRhhL~?jd60v`@C-$6ou7&L;T{
zU+loXUcNn~Ea2)oCN9%!VcL68m)kN)|7r(+`>|U{FH;LK7&116l$M%;fi8|(A%E+R
z^NBtKr#-rO-Bro4#(&KS+O6?M2;QxAz&%-v1wVExUh8iF&kxPGrvn4Fm?3HeO5;>3
zgpFyGLqjy-eJqpHTN5v2!CU1(PjsnZl`ql4j^0Xp2~<OH;1U;g_tfn7H_vxB*^ts$
zO(22eS>vff(~Pz~7V?li)7gO@R@wW@#TGOKnFkDSB)aU{tM2^`4o1bxS9?H*s<`lK
zj;@=5BH)3Q&;SoiJH2gVOgr7a@?39b5ibE6L2c&Pktf>|pej_cGXwN0ww>ftUMD#m
z9avFzqE@KgArF$TL&N~`K&pxFAQp6akRGrTy@dV^vYU2*FpR)V{gjUuNy|xI43z8`
zSwzyzo>Nots(+qNVnNiZLMLnS7xK44WvjOyGya0axV~_3*qPH$#o+G*ETK;toaPIx
zjfl%M{OK0`L2m~$;wVaBgA*koQiW6$bIpjY{q<XH*Ys$h9;cm)cf67xICyWY5Qvzg
z0f46+&t{9a8V9q7eRKX4Y!RASRcA&g2+Vd}&JI85w7#rIX37jmvW#x?axD_qn$G5s
z#?mH~ZDDA1DYUq_V4*o%6;vgx4!FE*&*$~pVILS~qQ@k}wvM|^7izMd{$fN91Kpw`
z?gqBbxN=uB!tcMk6Tb){94m0-0dKS=5ZBwRbS}qg*y{Hhl0)uiy&pPoDxculW|(nA
zQOPxHMQMRYoTJcm4z}bS%t}pShi|6<%z7Pf15n}(q{?l+p%iRBsAfa#WOt&~(Dl;7
zT)~un-yu|egW=GH^RiID3^4&!vOwq1@@tsp%$co{Snc{1pwN-IJCpT6@axSaXza7$
zs6SYJEG+i-yK74^O6UW=fmKC7ddw{r-}=A4LTQYZo8QH-@t1fHiuxwPoFa&gVfg-W
zSpVv3CN9Q#P^{d2F@O5co){gqJJN!aeJs-)4k?HGrfcp6+QTkN<?csrmkz^ORhd0!
z(+90JE7ety4hYI~9bSibfqFVDHOJeQftqMl5KHP_DMFLVlfNyL%x3i>ftp6{ct%ga
zWM4q`9cUls&_3PMWd<dp9&U%x*=>_ry1-#r3=u{9r#g{ie5+x7TVVQeM-|Ks3WaY$
z)R%nQZo284d><^K(nZJWPZRNfNfQhk1}%Fdhs2?dV($WJC2vkE|L+fwvHfYiUQsu{
z-d-hMk_#}XalzREl3L51xR$TNk1f<WvX$VYGD)zBq7><jm5Gjz1<R9$D@n?I#>QDE
z8U>6j(e)d8%GB4j)~UItr~bnE@Aw0YfsDy}WUeL9tKBbe?!A41ECT|_+piCdG!0!`
z&Z|rJ+sou9UEEQpF`L3IAdRskwkO?}7uMu5D?$tC$&`HV^@Ev4`EqlGcq^}Vn;h=r
zWAA=LjJNmucT`}!R9?TR5aT7Ck^5?J>4Jk*^YVK%6>Mu=yJf(_CpbG064~J`TMz_G
zS*t8#emQ;tPP~ty$znlUG#4f}z}TyPDi7buc5~`(Rp2N1bVeb;fY1K-FIHN1M^!Sc
z=c3EJ!WaA;Z8Z}2`ybpE)FwmVM9>fS%VS9D-Vf1?FYDD4YAl9G9>+J=YQc#8sV93(
zpv+9fleGm>+X*!j$_7Qp6SQx?JatNJBlGj*2iX&Joe84mVS9oVQH97~%h=Em^b`50
z28+nfr|W=f9Smg8W`f)-hE)jQJ;4cOLt~>E`5(d%BOl5+D@z)LOxyo(JqSSV%!|R>
z35~(u`4)lyTymP%;;B<tYYN{K(}DKY5Ph)LMo;gE$ro(YCrC-Q$WNW#KXr<I<RygK
z#fn1g!?v->sNo`J$gh*=|4263h8tV5Y<iYZXIHA^>~m(x=C@p0zUU$*Y8u+58l{KC
z?CMe@+BDv;b~(ZXFp)ff*dg}74_lr5p4TtzK3>EWXv64#y3mVe((Db%BA4q-av!sX
zOmla2h8sEO=b0ax)>^Ds$q6KPUHx!~JFM~RG}!M|X<>Z<k+uT<6>!8=#qM>fk5>%4
zr$3!OQ~L<y+1pTW1zt4QsENuV@^N6y-L~6+mp&wkPk{l#x9^ph#bZ>t;`ir9&t*0y
zuKr$57g_hS@oNSS#^u)71Z`-2n9F+Tt$>>51t?1;%iR1kY){V?kiATR!c;$pwT0#&
zXSBtXFbGKnq`txuu|i6$2U~BAV8ZK6Q6bG9PC&@KDd)^FPaz`$%KzduFIOqExNycr
zEA4pY^?~|XwMmOz(n1Qix;i;7sTR4;klUdmyqfDPavg_X<^MB-xedyyj+zC=BDXG{
zkHv0nls_iDRExHJF*eEGZJ!ec4tMf#y(-oj(+_iD5F63XJW-glq3|X`z5-ISZ&t9#
zOWxl@mLvaeCZ9MjqexNFBdeuX*(2CPHizLwlkqsJ7QdwQmCNxF!~XI>mBI8o-ce-~
zXV%#=4j1h=$Amu2S5<t`lLfUfNo^-H7b)$rywa{DQ?2AJkC{p8>!anEUe%}1Kfl^7
zJ|KJnY5=mOiT55P{}v*4d`~8TOnjixcCi*Sennw4Il~P7*kjtN6H9d(@P)(<p*dPR
zB$do7SAX#m*j^+ET{V@6r!A3Vf!ZfF4kaG($moX({vk!?!dSi_|DucvCZh$}O93nJ
zRpPJ(o~1|M>eBWMR879yxQE}aQa3RCbF;a;ypwKcGdl{QJdgKGYqd5a*MM9!(b>^q
z9jmx7W>jLd3klpzitp;2kNG(JedoJn>a8v;A+MBiqkMAgmv^S-_5SZ?$Y?mR?k8j~
z+-*cBGd(URGWY8`PbOy$<X0WZqRn9$(g|&n#Vuli%iZ%`Dv|@zu7^zfXIa@Cm81BG
z@w@Xs;)yVHd-X6l(bk#T7F8%7p-N&9svg06$ggqx7!b<86pEUMJgv)FLhSX|i{=fy
z_LKb3yI$QDCY^Em>yy#@rTbF7rBUSC-Q{LUMVx16b(m2|J|j%=Bu=)a=F?g)>zu9A
z>^Gj*@l5vIPw9-LQ64wW!4>w=Noq|LAk)0F_9~m77(h4_Zz?=$yQ+<TZxt_P<}8ZJ
z=7qWW$xB|Wl($ERd2@A$CP*w=i~B5TSw7UYoZ#hy`fE;QCN=xU%#Ocis;OzDIFX-g
z0SKm<@^fb+Q4jWO2$@QLB^@6Uj8`wD2?G^SZ0vrMH=-VZu3?J-t!&~p0o++a?@uS!
zpLYJ;!Qerq^}-vMUh-*e5j)7uz{B<6@<_^^cIA;tZok_si3%Bk8;m=QC$6wMaoYWs
zaNZ*QZh^CAw~=Rp$r>d}+8!Pu=|O7P58Mq?Dt*DKciTMrSECFnmH6BmX-Md2#yks+
zsOY4yhbwszmwpjU`}zi~VUzjW4D2t2AF#f1wOb>B9v|gJpHvY0SDHXNmGIk$NAcCn
zKQz-HJ?qU1Fzw_m09kI9x<F_jB)=7ewOv9q&E>dPPMTXhODrR#I`0Dx=@UXFDW-xd
zFp*H5z~GoPj%H%4&*Y1=_FtDmA@`TzVhEcPKAYh~uU#lR@-(Kxc@V1wBeagNzk8tU
zXOa3#o<lFiWL|s-Q-qy`fxpVZ7DuKOJ~Xd*u`(_-U9I?~4J0_}S7<sZadbkRqd?-t
zR3+1*C1vji+n>xbmXIe8+#TI1y}{4#B;f1cD1ur+)>o%O7{?0zwWZA?p*5aWj4)|X
z$dcEW<3+g?d>wZanimiYpmjZK`(W`zg*3F1$+AopQ0C<ft%RxN{msTys>x*)F;Yt&
z-Ldj^r7+R8ylk$~j~eX9>K|WxR(!;Rj}J6>UmN@q&f9kz`5c7DiHr*NWODLHLIvML
zW(C=c0edrRt=sr|lsr0h+S_Rs+iOZ$t&qveH2F*)Zlku_!Zu!(nJY51dTl1+5F=i$
zTBj(75#!-1maM93-XDfggciV4HNTDc*wQ4xyh#B!*p?3I@Xc#o`e8H@*IYI#_t$8H
z=RGP2VPoz&VtZHKbA0sDAn^}zi=k)vm^q5->~9N~PF-OVrN<n~1lQ=1Bb;gjrFy}S
z-$uK_w)aT}epqy#OY5yzF-+3coi*YGPHlm^EMV>BM=?1fj^$%NKz>0OI7W3J=u@`M
zT`P-5IJ@-^Lm7SZEeFcKOXqH#^jhT`XHMnS7;0q!ewocTH=B=!AHIdM@D6^e1931P
zrBFUC)==*?#~;P+1K7ddoLX?yI<k9ShuElao`887=Xt8fR%kBteqL|c41+xf6RkS8
zaf`;r*p1F68h;-DDCG`#w6EWQ;kGzXyR~H*sD3tItCJfo*eWwQ(>tW8@nT`vb#kQ8
zxuIW>tMmRWv8wF6>-ms}RrrZAiM{(DdzwcVQjB(JULUagUeo-+=lOxk`R$7*H}X2}
zLdw-ax~;gJ`};>j0~YB9M#65kQ<ZL#?H0q;{f<`G1}PUSIVoz%fMvFulyOt$g{-5R
z00;0`LKF%4^5D5bj$2GIynY=9C-t^+DL=|tYX{nU&7NrVSnhgWsLEx=?Ul-3E|8Kq
z&3=^Ek%w%L%y41oB&W;IwKJbX|JDWJDTTfx&2B3;-y$D(_^w%$z#jDj-@)I4EDPm&
zA(P4Burt@s40TlmoLQe}>E_K3;2dYPFPsQFSyPB}Snk6a?cIY1X9hwxFE}hNhMVB$
zGE7vGZt=TZ8mH4?iJ}Uj-8m*_%Q_+ASi0#)z-{I3WglyDC!D&rm8GJyD$ATJRSqnG
zJ6mTz*cq^9_L%hN){73~I0BeJz&pn^_Sru-fO6*s$mf4QL4J+>!DU%0>CFcb?Sa=1
z7>=cf$!uHRnHdZo<3>N6!fcu<Q$TsVJ}F~3^G>zv0YRXR_@i3hquxTKBCTS@&AbAp
zDCCd<yNzL={UkH^kjnTR6sYn{@e`QQb6<Ak)VEB1@kBvDJCi=*ihD??`k`Rei20`w
z=I1O(ZVsw?oZmU#(tQNQKd%#T-P@xhU;tB@9h>cJhp)^|%orC-b(KcR0seu|q0eb<
zX7XX%sGr6OP4?`F$!pko?^u$kS4z@s8yU9#?UX>A1HUnlNuGT0u7_E!(~S~#=4RE{
zS91gt6@+ruF-7Yp%m)wb05+jaD@a!GTY+_kOofnoX^DHc{DBnnwXD1LYg`iT?J+7P
z7qh3C>T`0EotMi$<j~-GwF3nFZZ94r$79ZUEFy4TpytZoHz2aP*IsX40vOwg0D0mS
zx*omReNxeZ_j6VKyo+%5lc<-bpLgmD0Xq*J7%MmqWWrI1-mWYw>HxqK1&Q_q)2u3z
zfwgxC-|^&8(K+r)K@x#!E_a=;>k0|zGeFfq*a0$;=WGIhXpn2FRyvZ{@!IFy0r|Y#
zpID&jZOdsXaK$SaV^UJ;p%f^;|F(Q<eR8H)k}i&=EamZL#MprS(c}ofipxnC`!T+$
z@x2wFn)ReCJg3NDgipk>Bn<5va5jZj*$hT!8xjEl15y%-UDzf#(f1yRhZ4ICVfuTk
zw7G>p1sZH|-SZoG|M8<7cje`THX2i-rP0uN9yMTw9Rah~we9F#WZ!e^%?a(-FQk>&
zHFn!xwL?^oYc_|}^q^%+!8tBe`<O{*)bsqkU^1~g|1Gco2^};b^xdO?t&n;Wf%@?6
zO{P~hB)|Ra$(9Z7$e!0L+8zu?LFZ=eXwjJ!ZP8XzwR-`tgN~xbv7MxH#GN%*a2Jy}
zxV8IiEheZOMhf6B(_9#IUZrO0UmCR<G@nxfJ%oEAC%^VOv`aJgnLK!yElG(>E%&?5
zHuM{#<+)GH4J3LOZSF79-RBycQE5<krnC>^w~XR{kzivBCd)>suW%{W9w9Oi4uWID
z0rjn3v(qa5@;cgK>;8oVsn^fXJZI~DjLc48_?P8FQ<H6Cc*o)r#Id8b#g%=Sk{ED<
zsel_4y1bm&&1YVVzAC&l+bEao9ON%I&Y@Q?Dz6<os?5L8y#Iq7#0<V&_s1aYf-m4u
zRD0tXhNQ_Au}PqwUr@OS@NX;S?!Dr)5eZJo{dP&rz`M|~SO)E;E>Jocqgl-CRc!BH
z__}5@+0!m|BuT`2kMT`_8Z@tns=%RaQJ<alA~!l>DXL{Q=4yLN=OuuZl7=`sYKm00
zVuoJVrL$O#DE26)1Qr&&L7BJ2EY;VLZJhm_pNHWlt?NU%w2~~iv_GC7@%nPTEr_?o
z3*3j;3g`qHz`Zn}24OOK1T6X+kRzo^7_Hg^BAm%$_d2#HPXDcuU((qb?W%{FzkF;I
zM2b$r;jE5H#Q6+fuzc)J<PM;~ZeW+=9`Sd^@<WVAi^|#*pvQ?s+;U-kSX#JlqTO~}
z`#F0-*Vw3Bw^7??5{t2iH=Y>?T~-h)1jT&l1K89w)Gs%&qdfWA#Q2-0BC{1^)PH}M
zd8=}JEG!>T?w%n~1~7yBR_0&sfj&!;ts-VnAC&Z64ewADlYj{^F*3kz2?049PNYXX
za>4qpes_-|5s=s4k=zo1yd+OhZGiwJSTu>~39CTxlD|EYB?2pY-UGcCyj{?~FT}og
zkH~-{Vu78e{Z;@AM20PmEFg`*{f0al^9~>MIG?2$qyHN+5EdhH8hbP%eUJVP*%J*h
z<Tr*=-oTH8$@~#RCPz)Y7yrCT6_f0x)aTprf&Y+wSCH{U#v;e~_vZg)xxOQ^8BP;5
zVe)t-s=-fP6Mb&q`~oBq5R)ZG=j*zA1SSJc)WTSn&-6k8B9#u%=g6m-6}U@cQqw17
z&9>_^-;r+S3W$pTHX*QJl=dCiFu?o)bN~ie3vckn{ycwxg!;u7`~k6r-s3WRv9i1>
zBvJ)G|8F%IZdcb77KMvIU5M9z0x?&;rsDZye)4-jhz&xlZfi<yQ2Yp4lkHIK0@Ka<
zfXQ<2?1|Y^UH02Y_mJ}ulCs0_@<sg6W8^qQfJ^?kh9Y!L^|%A;@a_v_bNsiTy$Hdd
z0oMBFG5F7oVmw#x0yN;g2wB99l+mL-6B620F*yjj0O2DP1N;Y|`vP{FL}A4i?e1OA
zD}+L>&1yISs&^_*rhs_Y{n(Vn!H70GRh+N@m<i%5e_!4#kZgtCla0Ga*wz5qx;_#8
z!~_}mlkd^smk3#z?%B<gdr37F`7NhD`X^Kt8~_4=y=a2G8gp(&0>}#$1)*2<WC1`#
z4^~A><3_-X+%Ozh*dTFdJ<VrehujXE<H^m-tywW)fcD-z{SF8p#csk8Cs^PfvI%);
z4`BV1O6*Pab;5g8gX#5&?)2XHHV7t>{*1%^@4I4&h`rEMvn-C7mooC21R&|cBGGvU
zFZ<@Aa^+Nvf1{Q{05@RNxKEn6|INAW72?Y;9<+A?nUg+TF;PS)zuHLk6f=!7S`Z1D
z^4}jC16vNEm_d&0SpOF9J8)P4ie1$a#ue~njd~7(c-a~LuEXkpJ36%sZ}#rxs@oZh
zmajIEA_j?=GXZeE#m9U(BPim(;QOEpMEq@XkEfi6X3mJ-#ghKfzb_+(h{zT(6G&7O
z{ja&0yoo_`uf|2j?(_51K`irmlb9;c9$j?fJip_=-5$zu`!dcBBpEO>H$nsBBK8x@
z8qU-&(YX<ic=7^zr`+T(3aF=|e?ky`_xc>Yy9adPZ?IBs^YGsn-{9U#uPe-d>)%pV
z0G!v4J<skDJc#zB-Og356gW0_rTopN8><bfzDeoO@ii<4jTREUoGpCz@0S2m5Q%&0
z0o<&8eH|^EIPvc~?aibIAD@a&wvvW}e}{sAThB8st%9l)zDsCG_;AT&$yxpQ94Y@p
zr)H?80%m6Ihb<Nw3aW*&ZO&}ZY)x-ZYumD)%<j0rii?XW>x|mEH$7J3D2$o}aEMsr
zPZZVrx5GuLjWOcyA(LT0_L>-$P)N#7&vI@KkHpsbf=S$-@r>}D@y2%U$D+V&Ba~xP
zi9CX|0h2wN%i`IxzS)CgA*D<2EOXO1-Ju_9P+Db{;NYaT^tHf~{<XpWqX;~Fl`j)4
zGU)@<0rHMLChE0(NizB?uQ>vqk~<%K#Z+YE43i0{V9(6`!I}^P@_y8NO7{D-w>)x;
zI49%0BJdUVD<Wj}Y1Y_fM%ApR!L@1}Z2ryi(}|)Ms)q~)89Uz@i8cCENP_}|6OHZ2
zajc7(@O9sPU_lj=2K#a*4xzkX0F(KmwjIiRM+GH6U$1;SFq9^brkJIP#uXVR?H7_9
z5T@KYE(I%-qQ?`3=nQ%?u4xX__+J%tWhTLc;ng&P`ZWaNhv#}*r5WF@-S1yA+r>CC
zn0;S?vi{l`J}O=2JwAUwQAAhORP9^Z*|&<cRl*i)akA&19~mC`Yf6W<Ddh<%<LCed
zHUUx`irtT}KZ9ZK!A#rMNo2c10S1c&ei}^8<lAktDik$7mPbosRy6Amk^7~9(QC3C
zh)xRtpbw<)OmokxRZry$$cw~+PVT_DUGWP)aXGY0%f>T0U$Q)otGYeE?)S@S8>m+L
z)dlr+v0ilFd7fya#xKdrax?X4u7F|Gu4McX1Cq}4YrL&=Ex0%S%c_!WFvEKKhxhLj
z<vSO2qZ%RC7MZDPoQ%U<uHzhq26co40|r_-YRb!Ud-EP<ku|5~=HEgHL#AiG^jN5<
zRoc;>uuSvnmJN8gQn3m(2P(-htY>~$!F%>gWGOr#^aI7)<Y1CcIc5I5$#8+dku=d<
zW83aC)?d9!Bwi~(Q<eNg&nk`+!RTv2CjQMQPA@Nhhq)&gDiq^h^TPiARG&C%OvUdD
zu4yeX1AV3;8~n)V^vH=>9`)C}jQlu3$NIy3d{DAjVerL~^+GyF6Y&{boTa2MsFnz0
zONdzD4+C-@VY+;|^0O?{W*o&*S8>|pShD4?Oyf~6+!9+oE@@m6oPm%Ecz^C=JC5>G
zN>c25UJcY_gWO1{JU){#6xoOJ)HthyD==KxV_VxUEvTn<TuDbe<tIt_da6a1K({`_
zwau)>cO4_)D+v_$EIzg0OpeO_a)j0w`i#8i6YnQd+~tFc+_q;jD0usG;#AJ9uEs@D
zF2k3fk(xYlv}l*CZpGMsFYK_%w#AW+s)u13C5MtNTT>j%CiJy$WeC$CBC!9oUh8W!
z0bd5ggrJqQ8vdJv?1rFeg_;DpE!y<^8Cs=hZ`@cMim_#x?`JTyftaN*k<oabb>d}W
zJ#-imI;mUU$|%&yV-o8ch^8L=D5Fl<EY^59FVlEDihFMO?K$7)_!sMvHvZgC^t+xH
zNc?i+Y}xy9_EzY-$ddffjxWkku4VSD^2*l`!@6fXSQ)7JKnD(U*WW2!FIVtA(4!bn
zsRPD4VcEOO@tHWWw>rerfRbYxU+rqr)eh`TR8cg4jbgZ%zq%}7R~^|q^HUFeMwcwm
zkw(hiKV-sPJ;2>QxbgRm(5c?_!Xfee()r8Q^k8U4>R4b#<fvU;@3=6jt6q2ChS&Rm
z-)5cYT*?_p<t+WCoO<or&I`q*697F^m{PY{zT$kUJ7y$9gDEey^dt^~KUl?ZrIMF4
zT8lI7;YO+Zsee0+QW*uq)$WPKEG}n`sD3OF2*+uRPjJUd+=4JlL8_Uq#2G6teQQu}
z)Lm>v8k|v|2-(2KWdL=}V~!HKy;IMnk>wSHzQ(i>O?D>}lzhL|$y`EeaSw?bBoQO^
zo&BNX_eWXHTU08?95q+%CJmkbd5cK6?Qi_h$Hb`aAz}MJLT2uU0b5=;hAvhjUf4Hx
zfwO^ku-?<B7mslQFQ4n_8?E1Hz9(kFd4$nQBr8h|HNIVCUF#Q^QCTNZ4$o8+CchA-
z_D87nGm^R#aI_B=y}`GN9p5N6<US<k^E-V2n@%-od`d805Y)TaPq8~zx+EPl^mCFi
zC#Uqtq)?p(XL{c!r?=)nQ8fE??VowQogcVEJ3deXbR92km7(+vro)O0`9UJwZ8)1b
zzk~}WQD#y5SH&EO*Vz=&Ya1aab!xI6UE_Hnv_roiN8IN|#)9<_If*I+9c`rK{fLu1
zHW@_)i2`ENv<B@ee!|_Q1}t13JNhJZp^E!&goSI;*7<sf_i!?XvPSC{DQboI+&C;=
zA#?fJW3?W&!W3nT4zjD*+<>v(iX7{s{1o&VGEnjq59BGyi)CvRCm>CM?XP|(Lko8M
zx_QGea(T^y2M4-|(++32LZ90Q-R6^tx;J?t`+`>PwZ0kX*X52_I^JwY<Hk>%hR#un
zmhQ8&rAfk^j%O?FR&)JT3sXmQc>Pj)m2fRbTKERV8Qxb=PKhtnPX5wLxIau6l~$gz
zDYnPO{*6X<sh?XXH=VN+D>gzQ5aqS~0d;9}t>#(IJm0A!?<F50atQt}Y>G`(9`SS>
z<9*Z+c$e7OB+>g~%6U1!=s!Vv8f7i?M`G%)R3AI>4<TKARM3Gu(R?uaT$s-W=<`}<
zz6$b-&tMR)nAofLI<@xs%QFc%T&DAn)JrDd-qXk39sOI^Ig(l8!dbn)IrB>&A%~c~
z3VVX;3HAr+$3q0>&<fwR9agC6`$xw3|8;sx63ipGhHiMweN3E65XG}SJmTNIo#Fz?
z%A@GWq#E$kl_fZ$zG~SLeGJDDPWXfStN*?WYdVPqtx5aTMU`0RkPn#Sd<p}9IE|aJ
zAai*846V~-FW!D@g2-um8*ivk4a#ud7Z$-{+8_bAKFPp?XBEE`o&i^H8jzD%1pIPy
z0`}L~6Q{A4=e$`(cKfR`e=`{1k(WwtwVMPRHq02yy3^79BkmsanB@=L-c8UGTpl@`
z0|JpboYWk_<JjsfvIWDye*(bX@#4DL{o1gak4FN|HuDl&Rb<G31$y)uw*ycJRDPtm
zWi4!{hFP7T8KB}e?A$*JMNT}d1t}D@kG`h5H5e#P^jyTW+SmvknMVFl)>Q&a$WvHM
zMhGV~^YX34MZ@>;H->v35n)XaiA_rSvY!!NB+IRGSf5f6^Cae3FBc^YNoO?u+>3mz
znUFUX`(qChPxJLzn?p{F@<hGmz#-HmE*`ns#toxT;-~)@lkw=)LWy9-*J8Wa@nY1$
zqEEC+!<B98*B!1CYmL*1oY#{~1(NLAi#GK~J=b}xn{v2fbAP3$6NV+9@Ii53r`x}!
zh99Pmmnd!46tQig7Sb{0G-6EVK;gv(SvY8l3KiH33;8)4FF?8EJ50mTAt_ISKaXoA
zjO$nz{<KldF*V87$YU9PdPy%?^4dZrgTj7OmOo3mexHa`=S%#M_)Bd8h0^!p!cv`W
zU3e}+1_Kg>C0bj(GVsI+;O1YpX(uR{&{UIK`0LU$Gsxp)le2-ktW(II?sb_jQEXI_
zyM<Gm{Syg~w+6x&JDysN!+2${Q{)qif>#ETy<1JreC<2hy57>z<g_DA`q40T3-e<h
zmbcIi7C-rM{KT!c>({3|X2k;M@cBmPtr1Gylr%~S_~s*?a(}mI%gU0nXbZBpvXcIu
z)Ciaq9n=)$Pl+uy_4iS#l}O@vT0v+;%se(EZ3k0s8cgHHnN1kb;SCN2jbWTqmOCF8
zT)JFY5*#d@li3~cEbEit_iz%8z8Zrj4#U2IlHq}s_MIpOSx$u<6HGJwc{8p}D}EtM
z&D@cU40IpTi>O!i9Z4*nx`<glwd@-VN!<Ulk85jZxs~~R3K<ETLlT?;#Rrktn+18Q
z>7y#otwFUN)?FO#Q|oAxTlcnA+7ELMH+QykDHb_>R!%1PNUk4wYWn5m>O;sCJ39^?
zN_KXPd++%$!+Fu!4^bT*F^%4Q8SD5J^1a6CR11SV^PKcfQ{=0^DJ(w;siWw#g)H!M
ztWm0qz%^SZ=7!gkn@LR#!$~S5qsefS7R>n5#+O?YDxMo}Y*bYw_~^QJlj(bFVP9Ti
z>|{`v<2d!0>3q%SEXdfm)si%S^t<oq%*x~tHs;q%A8#$sd;QU(057XIaN)3QbF!H4
zh^O2)erN~URIyZIuXUA;_XCC&qvx>N5@=>Zm)M0>JguEnJt3dCkiHHH+&|*`dITkE
z=Mvs=uar?+-Y)4K*Gg|*D*SlfEV=SZ_odE(L>|qodV@epYbab@9@er{;zB5No_Ucr
zilYviT4gdF;fbwXnLx1@@S`=2{M*&A{f*jXEj26Q)j_Q2$3s@mUsSFl{H}I-lOAS|
zAACh;KlhKP2~6|ewp=@yeHs`tdkIUzE8x|~p81CryWew{TSiJW?pWn%$)52B)t=iW
zI0kvzAp<rhv7AKqDGCxd;K0${ir?hoP8v+O0S=s|3;`5pEOml?%f1JbVPhgMb3X8p
zI+>F^aO>IHiX`pgVI;ES$T$0Sz;OwGc%;>Ggg=r-$e7LWCCQ12D6olV`$$%K5RH8C
zx5n9w%5dtnL(cL6ZzH~k`46V+vGpiFg1^gC>fN|T0HXYJXP?b?V#Pn<z4-jh>5zYn
z9yM2{b9bVt_i>bp4-dB?8nEI*r%u_j@75=Zesae3nrTD#PB#K0UCxU*=K-W_O6Q-r
z%n6*L;SJ9j?>za6e{JSE;zfDZeEo5cS%r7GfD6pzRw7Yz=)zWP<h9btUp~<EW18i<
zqN`|Um(%?Ok4x0N<*LH+-Lb6ujL<dXlq6~3CHGKc%%4G(+|O&Tn}}hpDjpW;uj?%K
zB=T2CbGL@2j-WP)GttX#kRc=2B%Np8`Qx3(3YC$%EWi;1rs^~v&4C3arbMtm1a!6f
z@t-EzX3X_iYtE{56}T|mte}0DV~HsRX4>_K!DF(byjN<!{bnxf9M;oEq4U2P6&Wil
z@U9y~>5Tu<TIqDEBl9DbpQGc;>ExC`Gi2=ynuAj)qBJI(11gYGd4FbAhU8ATs!lSs
z(J~#(61Z_8^g<_f!eF%$rf#g8Ltw>s&_S1s{mU=vj{;leb2pYQ${|KgyHIWH?IUZD
zECQA6KHb$9c=DTW+u994B^|V{M5#ZnAfkpSyq++rKQcPOi|479WZ0I-1`_z`vLeni
z7}iigP?X2|rOBe|!><8bG6^U}3gH2VTg|B!ii_52UrDvnLDcE6iQigOh)N*Vo;unN
znYjDl6|)^p(DjT<ohJLrh&!EU0vT|n;H@6)F<Whl#0sOZgGk<WFVNV1RS{FfV+<T~
z2)~M@21SncJbD!aDG<3R1(BY|47hgdD6ED6;A*gy-$ME4A%6$a5Bvv-%V)r`PKSTL
z_XNOLdo~n%fQwb^qxXGKbP_^ZEv??KlpW-rzF_#`!}(tIH^LMBIrv*nxCWpt!lpuY
zejUL<{GH;i{Uy-}`33d%4mWoj*ONBRr!>lW03_CStq2l09ZPZl%;vw;^g`6G34Q(N
zkaF(D$8zKKdipVg#POuKxVre{UPp@pKD{1ED@kp2_tqtc$h74v8`X*kZZ}8h6PN@c
zpXGzCWhGs#Qnu=g6*hX@{JJtUxx#POXl)j`q3ch;s*7tU4Ln?~EFPS!R$`puxxo^&
zQ9EV9=tcsc#?S53Lxu{%gtp=%Q$c^@LmxVOx6o5&y2)&{(%$!20pb9*iW&H6ru1Q>
z2e&I<L+4PP>lslV(?LKiVM_eVDW5Ybk~af+R}DF#Gk6qH?scyj6IGJ8aOloE0G1Hr
z;XKe?%4_Lj>ANZk?TD%j`DJptSyH$64scXG-dNjoxW4v#=Y$Z&-0g|i6G|`%lN7pd
zr)qRwemm08Lce386FWRtoByR)*wz%ciq$~-N>G-p4-r#2tD}lCdx70J!#9Gfyuboa
zoZwl(iaA9_bvleOD+LR6vuRL%G{u+?%Qlw1e=G7WyB02n1E&i~+uD?u^J<k3R-uJ7
zcr%ROGd_0hpbUAh%$)?q3;HpC+n$(;*T`9#dyGu>G37P{JKkb+lPGTc)9K)mxDEGt
z+lXB!%VN>5UBJtq>;C*YzC7XOWres4r;Fbh-7?Cw_S*|@$n~#E`wth^>sT}ig9)7@
zfyniXCM2(_FPqiRWpn-Cl3pOY6`kT_2<cu8Xt`HTxvZMk<yag-W5;ulL!ixV6AUjJ
zmf~%&C|Fatbot|e0O$kLvlwM7*D~d5eMW*0b1z)2Bu$x`zAh0Cu5Hwn_0txHe7h3E
zgFdb)k1F!>C*Z$=V;pvNX|1Q*vK^>cq3F5TX)Bizjpe*PGFA|02*`Jt=V$uc&=vL|
z7oR4N`SC|6^z7c>kP5rNN9x*jJre*>@4W8tt^43CT~3~EO346Rj!TQ~NL&t|Lpv9&
zC>$h}IWN58%&{gd1YN`*@aE)SY_;oZZ#8b!Sq<^z<lb+A4eO}hgY8uLsza-*-3}L{
z8q#MzG2~Z`4QBTaA4OfYTXtKzI&&>82k`UFzd3nw^yA}s0->7_!}WZR(&~={f}EI+
zWT^tTviRjZj_(!xbG0p!r%YS&(vqnt7ic`rNHK%6e8w5GyoEzNHpe$H<qjSN8xAVR
zGe||xYC_n@%CT(kIs~rK&0!J(Ztpr;GPWXI$3g}!HHB``-JgI~;&3y}w05agrqsfX
zV9O7hv%3)b((|{%-LiWjcb!$K8W+A9!?HAuS>Oo-f2HZ@mhQ7h5!U71vkA&iT#kY_
zM>}?(WHHIUvh2>wGxu@AzK3LX8%C*4axQNJwut+l_LWoA{(yYS$SBrAukLj$8sBlq
z+q&OGobH?qY6*2Z0r8m;_zTNLc|u4qXgoXl;xp1le${+sX>N##l2`Kfv?lCI(p<TX
zv38Th@HpG)k4}r!^NFaA=)GLW`KWi?C(vU$`A(<Z3=w;AquyHKUbGm9*+B3Zj+4{(
z20Hs=B90%1D-M?0{5~SQV<Le@dm$%6{iKFhu1u<v2?s?*>BL?u)0w<ELaJ2HPnUI5
z5-5tm?Ap22uiP9-skI+C9K3t?<)giCmm7IsvXnC;QQ725SFf5DzpJEP)$dfJ-gr@M
zt?#)a`%$$Df%}K%vv?DEQMyb0p@p3#W|>Ir=Yh~(+Wf{{teCIQ<Vb8pbqeezm2liD
zpZ_1mz5=SMu3c9UNs)~R2uKS^m-HqiL_k2KTS2--T1r4lz@WQ3rMp4t?nb&>`pyOV
zo%7#&$2s2^TZaRgYt8v~Jn!7nF^kwSoz9;9;~N$y)e*mWxK2=)8f)TO1;%|dLz#bu
zwXq&%+3XKj@vo-X9u_~Cj;q@f-AWy(4iWFD(#~cXr%~dYMGbU&?omF2I+J0EgZgx0
zmN&uT<2c)o>F0H;kpE$))ez@J$f|j;a`5zAC_WxdV<ZFppt2^RUa_d=4u%q`g2s1?
z$(WQNrG|vA`HAR8E3b*j*5k}!u1iz-CSrciib1J<q97-M>;<Q@z}M@_Yb#sFEj)3@
z{Jn|AC`JSJNl|88i$f<T<o~a|c$HS4=UVbnKk|^4^^)a+;eCM2_N+<pUhT8n3@84W
zy@MWHX_u}0Nz1>Q%gRmZ<?761o0~B%gT&wUa}LhqpRXT2w;4|v8n3GDjxUfhI?$h|
zyU&r6R~S)Ew{1B#-Yl6$WJ4e0a#v?m^qY!OrYPL`aTO62UZ?hxCi89Ns;{-mzA?D)
zn$<Uf^UlIGB+j{b8zw>I?3XW0ExOv<Lfw&KcWHh7o~0^HC|3_Uz30sPB&VHNY7{Nm
zxM`9@6;r5FJMzt_cmtDm<B%uE?S}i(ruh@%D2Mlm(=<x85t@q`s^O|K>P6mDk#iH>
z-y`E<tm7|U=IBTeo<65x%*t{4zTB&fZ#-;^xM+K8e0pM)Qez1{!&ms>dZuDr*j^z$
z$Aw?}@M}B=pv?N%b~91_hI@g}wMQwskf9ufGt&Rzt><JaR^C~@HL7(j!dAc5AdbHK
zWcY9<i&<Qk?}Y*E5h@~PlVq&8g^47bdCw-_aOYrpeA$1x^!_3n#Lvh^tC-2?)`+!*
zH4mkbe!jVzeUTw>^G$&>P*>m_U#|D)Z)wF(=+<6NsFoe0Kq_q2vgTY`c#qhb!-IJT
zDD%>FU}0tMY81!ff4fTj=f@3khVgc025>=?$M;%afiK72y{pY|!T!W2==_&%28utH
zYR&MN8cNm*t&4W+%|~UlO0dd`Sv7m=3t#HY4Fv4>@5iVSt0K(>ppQxuk)p86^i_9v
zbKL$=)P#q??o?eT531)UGvzX47qnFp@8e!SJ+e@aQIFZ&92IJJp0FcY9#%cx?4P)6
z&uvW-o$j>5pk?P1i+?)4j8%Dd93fOv8l_C;-m1(axVoN}C+N+*rWSIdwedP5m+m!}
z%{TG;;N}p1djZ_`;$aJZ<F1yqF^RZ6#}RSQQROXS4}+IOI~t_4zPbFhA1%?8v@5yP
z*X<5gN6&MMey|{&9fa9RxA%Q^QZq`C!E-`&wkYua9Qxy4{<!#WR_$}4bM^T(Ef#0b
zcB7YE5n8L$p&o6svhU`Q0@i{P!br`-;#AIt<LY$rJU%+-e+sqOuAY-<hapHo`2+)z
zFOiop**z<7`cE~gkM#XlggdVaTkq_AR$HP@-zsn+hoHD4lGTxjbm4FDnpc$JDblGo
z82BzK(){7I9^f@kM%b}#yLw#AYXA*$n$rwiog~*>PjXcLe42g|rGEPO0R<@fBi{XN
zG<D0JCca#k#$EMIc;)VmYKlWzD@X3**T2p=THqVUewQH7r_=UXZhyC{GXeOx`xuLm
zbE_lS-GZSn(_Us=a{o86bn%)+Gn<yn%GNKI!eI<}boU-sNh;ofd@;lH*?UZB?JC*I
zAuK{rrAg0&xeWv?$DqRDbta=^;Om1Jq!yZ8*fMm!oem_6N>^omR@0zoS8%8Kys<IH
z_PNelA}n)%CLo~5kq@(K&(&mQ`j%5j>t<yxg633pg)-g*jZ0Lue=6ft)&`cY%&+9`
zh`0lr^Pz9V>9!$#V>v{z(ND`AYQlWO!#-NvYuNZ^!Ppy%$q54$2LG=~G<k`j+{T^h
zH!08%ak6G%eu!;Lbu_XOTZ^*gTpfE6y>`wKHui!Bu{$ShFd>RLBS%28yQ<Q2$gBWw
zw%8N(_e0Pz=rXv8t@;Q_82H=1<tQ(mif|@{OQ_ED+|DcAqN;{j+*!Bh2JDd#B0O(x
zsN(MATO+ef>cc=*(vzSb;h5HP4)1y13Z5YAmwDcvPG|l$n>*)d@Dnq%kxG%c*VY~O
zA!{!dhXmL~AA(Yx(6w7ddTh7;5NP5p^6l-_V5ksJCZ1T==w$qfXreivXUc=QdsvAn
zqISyOejjnH;3#~Enh$7IVO_t7&$F906n!AF+F!4f3dvUIl1!OBa?<dQIJzvL-+pJJ
zDQ9Xw?e<j)zffKeU2z8OjZ@{#Y$3#MP#j2FV@fy5lCHVC;)SA>GI+W8^qtIjTg}(I
zSR(?F6%qR36L@cRN^ivulUm3gWYQQNY;&b&%jZ0<=INQI8JVto+0G(FHgKVX*B*=O
z^fU+j;o(^a(Qv=Et94<}gr%Hx#r&?L8oO3x(bvU1I8-5(L5jVu9A~HK&AuajwDAP#
z9;7F)`hJkjd@O5Zd@}v%wo}VX#(}Uo2|be+`X_f*`wDJ3AM~cH2)mU?3JYztZ!kG1
ze8o#3AbXLIG?FqhxTKH<o|#m}y+iS9-HL)Q2ny2YQXURCM5}}BD>7=2o94iArsd;1
zqcCGSl3gx**Ogh$fn*uKuS3QpB&!o@S*VC0-3mng@p$V)-TaUJw=|sow_*11Lrzzo
zJaoCLqt4a_GyGH01xl5;O#MTBckjKWYBz-=Lk*=%<;DIk=hmMLED=Ww`IOu5aOb*k
zgoXOB=E`mhyxo&AX%F}&iPsr)?=k?-z4h!RoaX4U8O~|-2+y52Z~FP<hm1Fr<BX=W
zqrWr1Oj7#^Dja9cr0UD<f+d7=6L|Jd;XQt89FMX>td4$+zI!wuY@34>%s?V5uLTz;
z6)VMxlvv+n4sQ&&&>^{p<zhjbGZs9X&MSjFdx1p4b^7C<a=r*N%=k-%8;<+Z#Trr1
zWrc&%=UbG1D}I5;@gUF$=h8>IVJS5+n;LKN)a{9GHah6=m~%G8+-I+O)2VpMhD7r7
zw*TTiZudXk6xQI=&-R!3QdO>~HY7_!4+80z7U5kI)g8BmvF#_q)roF<VE{ife(h%p
z%xsTwBE^tV;UrPYOx>q5_DX~s{O>-TRI>zi+>DbDG*8axhoA1*zuhKfE9Am}pY2x<
zbH>v<+G}lIz;#iiV`@aQ-BuIP*!7RB&NRr})1I#+J~mR}(z_`n)7|<VbEPQ?-F(6&
zm@UXb)J-;S>#0P_uJUhD|2kc*68=RHZ5>tdA7f(f)Pf>x>ZMH%^%<UWs^{<bUxEtZ
z&L_9|nI?Xl;YK~m^d3j-mUoVn8xF-CT<55l^=G*yKrkB6wyb2}e4!pWvSl1at2iT7
z3WC2B|Iv+CGm$VJ0?$(%`-yc*e4AY1a|`2a#mjSxp?*?pTa)2Mh~5R`Q9b1w@T^wk
zstUJ~Evpi>9t{@;?REe>)Z=?9JU)5Pu8bdw>jyzxe^t*m9o1|Z%5)|`4Ei)A7KI*J
zH)6mmSL{b(XGYn=n3l5EM|&;Vi?dfW2QCxjcKGk6g&fGpFs_T+Z&pH>iW(W%L=)@2
z*}%Ow@59@_7u&i9A25&KT*$yn)mCe_lC7x@H?Pj-EH+b+k!WB(*dpQazC(IY?I+yX
zIy~Aj6;>y&UN-6|wWRN_tbJB$iKXcvgUQ&=s*S#*QzKV}`f&T5sa9ZYWmZaPD}2gn
zWnQsu*MxD`l#K9JY$&F@;hS1cHTjwgCnD#ItU~^;Mc#~v3?#S9OK&OWsYpt(TCF}k
zF{%(>$4Koqia16MKfe&5(TL93nV&QL;mnw!Ie%8uHmc|6Ds|*@5$U{I6f}{OG_lIO
zSe;dKVnQ!{Z02uMFR(dse$*9oa>W2M!myOrN5y@{r+L4*PP*{dicGBIB_`iEX1J;|
zs%=fH`NN6sJGx43Y+;HQoZs<N)aU*{33Z6M5$)SB5zYPiG-&pvxfsAV9>Hdy{3;qI
zGWLw>hC9tmMh{0ZN`%6+&tK-l`o9*hG-#GvVd<ppahEPyb_{enM1ONEr`j&#C=G16
z@Z$9ldI-Dr!*?AOJO}Ep*w9GPcA&$4%wBW!we(!9_Cn7o9<I2jF(C0i!nJUz{Y<s}
zNG@y<w>X5kYE|zyO8eliz%Kp68YGggo~kXsn$Mu_ld-ius>Qs16Af;srK-FxH$OTo
zLR_}8r_>l1uqu<%U18)OiVJmel@DLM9JgHlAyEO6*0%P-Wl>{c@1+)-uPY1Q{LHJ0
zTrS3(_4_;rs@hBHOgTxWA2Oz#w$={zmo(NwC_qa&L7CJjjas=&@T@dO;KHboylYrY
zr-0j7q4M?yUohi)Ol7N-T1%I_+uH+6+r6e0OULDb>vL~lo3b-jg+T+^Fa4$*z9)VB
z;#D*yV&JQ&sTPa}^{6OG4W*^KPu?sNT_DBoh`^oPtuCvNBUT!`5-ZPDvNUcZy&>#q
zb}Og&?mG*!D@$08!ZtF`pl^02aN2xkHWzO604X+{m4lE_AF&E+$En*kk#2#X-hPva
zBkV9OPGQk2p#zGISrNIGtYlUfLhI%iE5ljr(B5DnzPt{M#M_t%HIh0gM3PbA`lX^l
zsHLLg3=?-p&*f~trb&J~VvTrsSTDgqnD>;RtG+D!B|A$YsE#vjsD+S}C44yvpFLa4
zj(NOU8Ss(2#*%LP)5RN(PSuj>&sbZXjr32M)>Xv(gMgJEp4tBv$JJ|hx!E(OLsQq@
z?~fah#8?S8AKvdC%!w7XfKO@pvthsi4;a}=5%z`!1iL3BaB7Z9YA@sp)wyc844Pf^
zynad)Sf%E9w3i=^eN-SX=9UJvYCn8`E>w8^Vc4AS&SNV><;I$qO185C6WYJsa^;Kf
z@t?IJ^186q=GtCXTUUY<#QXr8$$QUHyUaS9LCGcq#rkwrHi-|8*BQG$`Du)cHji4q
zO9>Hc@1!;ie)`A^_w*V6$*OQ;VVUJqsGVIHN?A;V)ByUjlRaFM`LJE6qbi07v)Ace
zH7vwI)Qw$92SwSrBgV(hI|A+E7FA_<lNW;BHHi_eGIDw3g(3TYgV+fuh*d5_ihZ>-
zlu3R$Tuo?WtQ9-gd>Zw5XKHSqluOm+L5_e2J8Bc#wGGoLr->Rf$0O*o)$c=^)o+`w
z*A60uX<IE%e&soSy?@lF$T)nacoPF74+Hx{yZI=KBCQihwW!J`zsLN_81m>|4BKC=
z{+6~IoVOoSQTZ~C3u5M(@AI2a{m;1%9k*JspUtfFrcz+84?fR9-{7&2p1ROs%o%^H
z;Hyi-Z!Zt7Vu;TU{df~}#w|7ZiXX{#ADY!a*?2Xq8h7zkf4Nc&XD(f}`i<VG1Awm>
zjwMz{8gi~C3=LFi(J`vJ`hemKA8^MB3(eYh_^GsphV$f}`V(<j-C|U8epY#>q}zxf
z91-^=j?vlYT(xyS>6OR({Fn4UG8G;@(T!bA&f%3OUF1)}%N2MQ)l^G)hsNJI!dQV$
z4F6ra&UPhyvl3HBHub^qiT|i8`|uJzxxzWG6aI#Pr3Q9LMQN_ku(pai_J_A`W$Cj9
zK(}oRL+@ysZ;5ExB7g`aGPCnzdnPZovR0S0qtCa}YE4sDqz-%Q8%GBu&n7F@B9TGO
zu{9+wazt__Lz&W7%e8}&4EgPO>Y{fc2b9JR<ut`u!cf!78V|&#Z+j1ZrU9`m1I(=s
z2Se#8kqG&AXV#LjQ|oTkWu8N&(ZV8SgM1?zIa0LTq8opA7P;sL^p83&cTX>6&Rzqo
zR~x*mljni*kDR}T^qA?R>T`zzln{p4x+e>6QWhadU<xqmx^7ux_TXEA{+D_tPt5V4
z9(j-eeC0cSeS5zzgxzeohyk;_wJ^;~4OXc%A3|l)$F^L~DivZ_smJ$Io-wE!z<c_(
zPu16wg17gZomM)#haH>81FqDZyB498Q%S38ZBMIEjK!WS&Rrn35tI|Y|7>pBUF&LV
zyM10r5HTA3&FQJb&)gv8#@>h9mNDAP(~*&b(u!GmF%DR%=icC3u@m0@^lhRDa$Hs}
z2yiK4<j9W5p1LdCN;^j1)am(~JCjyxU{9HC)k^4BD}Coc2=xO}(>VFPeVd`mj(OXC
zLN@vteBPzvJkcZVX&*@+TymKpfX7K{Ho+<%(*C`cx8uPl|1v|TB<t<4&uFmAL)SR^
z%F8JpYd%*K;SEY-%CC}CJ>DJ__mPKJ`E7IXNVit#;a}();$ma?vyn*lkP~rgriFmP
zNfG#H4TDVXt={+WyARzhfdgdR?<5QGXaztWo!A?|+HN7<08CA5Sa9r94O>I_YFx_Y
zcf{ZAV~6R8zXX}v*hVX{$#5t=RYwep+R_R4(5jn1(mSeU3A^Kib=%7A2I_BWvi>Rz
z#2^cz);FdEJA)TAl$Ctur<tAJM%yELW7aY*_cyBEEqt23KN7pDB-Pi}gQDcO>mAKF
zEir1lHxSmm^_u4PhVa5y|FtBerZT;vcayJ0qQ7C#fReJjEz?p!_fXI60^Yh|pw6=f
zOv@?}$f)=#7lFDoZ&yB#(4?fQjMj@6p}~JPbmCW*&WG^WVpWe<ikq7}Un)H+OD}Aj
z2i*|X8(P9uh+XfI`j<K!mh(_1`#<nLJ}CR`IF}<<WK?Naeqz9_ks>VNn5ZnDNi)$l
z$|K_&!Y-e-5zp+I#X2R`0{RAeg(iGj=gD?P`if~r{)av4@<T?YF=tMtd!^I^0*Q*x
zk&Kn;r5m?QXpx3Qor}od3zs!JnY0mBh-WXp#<zd3f(Dm8GLzAK=M0sNo@tgF{<w!<
zg7)Kac;Tes!`r?>Pki_^p6qvi?(p;m$-YiF;Lv?efk<=zIvf0fc#s3Jzkjv3^#spO
z>)4)yxMLd+?E^?h`Mu{)Dp^4~%3O*>l3N*NZBkv==x{{B=^yxJ(GrG&>gI-ZorV5p
zv1Aa(tSR*xj)l3~Gr)3Vw4%#iN~K=*Mb{GAKU<F|5HC~TwaL$~C-UB-LlpqA0nYh$
z+|kq{1_6Hiq@#9+i<5Jyg3{*8^8zu4DTsXvY(wWuUG!_d{LhSyS*!XMa<Q%7n<wT{
zp~D_&vbjSI=p2&c#Vxb_(LAG2*&Qurc>LV_s}_k>(CBIJ9FhuwIiX-~<*t)9uGF3z
zM9oEhYCK6Y`}V!bEK4(`NFeez)nkAA`I<?gNj2qU0Rv6hohino=2x<=+_R)V4sG}P
zuyV_COZmAPx9CE16EV5a;u;1$e<T2fD)E?f%bB+I)c1AvxrnG$&epl>_mSJaxt(Ka
zIN6_9@$l~N-vX|^`$3kcEhY1vG|t5JhdkP#!Rf%VY?6ncW#EAO6UsgH59FJsI8&TU
zjG`=$ODzYV%(9uKl^8$m><+j{Tx`xo*(xt_hh?=n<SfqClCOF4*IZguru(-p5DS`=
z23d{?od@)%i|0FwI&1M4roY>=!AzIfc+;pQ5}{K(*e310a_KUiS*G|Nbb=x)OIUS6
z1^|3EUG>ot_s-Hzp<L|3VU_Uu)Y1}R-%JA!WSqOygJ`1fK6+&3z2;T3GQj%`3(9Vf
zk;t~=Y21WfA+9^m`H>8!>lW_n1pYc_C9Kt*<qxWbZK;49eVMEA)uPobs4$9&L_iKZ
zE^C!`3%RUgJsMu&-1EE*cS`m>vB#Df?NmXCy!po6t!5HOqZ(y4P%ehhPpq<beY;bP
z8r%H86YW&h5Rrf>Nru2iPrUD7AmB0lUO3+QR({V=n{diB`rLDIF$T{(Z}(^@KT`oh
zt0cXZ*tuKwh*<CojaHz(1OI%oDO0OV?8!;^dFKVUGm7)$!TBJixFLyf2dl{q%b5_-
zDp~YOTi&lWbn#`s9$L6ycR3Z`!@jh8K4LMx$>8y-f#Q}ECEwQ&T_5G~RZmy4@$pXo
z+7VwIhTqNQgLRTQagO>QL)ydQC3P;N`*mRS7uv@aUMQL;3roh1=MmZy%5-6m`o2&^
z7sNMS$~Tiat7*SZbM8_mdC>ZvI%qk!{7kKs!z0$AwKPj03qD|PORq#;j70VDUIGry
zo@e|w=_+IT9&BS*)}`*_on#NQhEvmx3A>K9>9PxgN@veFw1MgU<G0+w0*T%Jd$arj
zk{B)PCEaHhe$6Fpa~6?<wddDS`?#@cr1L8iE|{h04d!0rS-+L0TeO=jhWnl2o92da
z;CxX5dp&Pp1+_dxh{X!S-D8do%5S&Q%4l@@J{BXtmcSFy>ScYW)dt;`WGPweOv^K3
z=OX`N>ZYaUfE|~3vrEav6o)5UDd!gc`DWN!6G~PK7Rte)@O>m9p<D>avTq2pd^Y3p
zBnERcnZ#8$!Ll`Efd&5|3W6Q#?X6)yH7<s%H=#62mD^AKyn`0E<mP42ex&51?N?Wj
z9KgE^jkiZxr3}r+zBJ@24TJ@SEz4OnAQ}lh@#mX(wBL!y%7~7D0Q>y;1`-KcfFHH{
z4OFCub)@k%N2WAp+OPIF(Gl2%z%>|h*LJGOkmhNj2W3y@Yr25tVKpcFN)=5Op|bc!
z1Vk^fnF-sFWsr0mH@hCL>CaM|SK0;$y~BA1)9#lhoKm#bY}Fp%-=2fVWi2IErrgqY
z0vdBmmYGwM;kK3c&qRxsr<cO?z`RaC=xOKFAJ|AjWV>i^dwI%=WNXEgL<rYMna7mu
ztTW|v6G^D<51j05oY3w`ozTqBDd`OLEJ?Kq5LDqgjm_v)AS1aW(!gj!y<8tDg(yB_
z%nj~Dys`DuQ{)a})z;uQJI;PW&}&~?DIKjW{%@e=K0l$?zI+;_`_lATWF(Lto#D9E
z&BtMFez<}9Lp=VyBt=0OfsOXs&a_3mw*KbVyaYpRR8RNoAnElo*^iepi0irsNv}1F
zNoA(qf9B#f5G>{vif2L7urar(s5H2lgDx_qElJO%Z#ax9%IuDfRg|cNxvROYN5Us&
z7Zfd(_EtvR!h<4x5ftbsP_ynS(muEHMo6@f><#Ea1vnL9Fc6dmi%)t6{hP}2+>0Y)
z822EUH(Q49Iq1F951hnX!hEQ&nI<aVEux7LQs)(u+0)3yHME-lcJDPI8=hb+Aq)vU
zKxn7QK9akLK7{T|{J?CKYe}y`Z8EN!^NV~wq`5ht8UkmM9XdvVn%}w@&d04vRG%(A
zWgv{k^5f4QlJWV?#JMOZsm7SmfOA511OSfRWlzol^kN?;{bd3Y2l&>o_ef=LHpqFu
z#NeL?2xADvyIq(2<b`68n?(iPAs~KE*igc6`@}|Zncg6F+rCBOh~8<IA|Z6d;>_U0
z6OMMDYSpfu)lTslYi0DTyEevhTI;p)!7_gCCubojv^4lxb`xwl&pmib!<!rhzL0I^
zWA<?AR?{S&1N&Ql7evPlJa81q7=up%0KNjniXB<2HDpBvaT546!6Ez2YVjQZhNxdz
zqx6&MclGf<fDt95MiZLxl_*T=y<SWPyLX)=eON`bM}>p~`jACJ!Gga&pQ!L8rNqQ*
z5>Qs^p?`q_*kkw*)G-KiKJt28y~s^y_PRuoW_bdWyoCU2b<pRLC{&9@$JQOdCpMb9
zb5m^k(}}qkGT7O@yAZ-1iKH0_AGBAYdw*ID=zL_Eph<XjB(lHb3O<u*lyVcVP2w$D
z%;QAc0Z)V}!TTS(*c1NQtB&uroE8jN_bUB)`wavy(DmdAAK-C+28!=g%TZk$zBJIm
z+`#Fd2wv|I{GI;?Tvw?i&il_=Bf!q^Z!M2*4SarvXLldrL?6Kh>E2C5GBRSY^}dLE
zm;jasJ;FU7`?@+~I*CN^ha5LhMd={Ye`({syN0_mcZXeM`cqS^2QRQhqBp_%-d9uu
zz!F^1nZo0G?_YY;UO-jO>!%_@y@T8v1!6XGy=0p#ul76BH}%sY(@YLHFYmK0_xKN&
zMG3BXmzcemQ1ORyHxLtWK7+|RUd&@_A3Q5>M)w+8S65LCK)MDn)+K9SMxp%YRiD3H
zzn<;zMG@Lx*4HsZ+jk-Ii@GO0cP9$N87Br0`o9kl-MP)}(f`u@&*Fj+k6!&h5A?Bu
zxUMr1>=H$4Hg|^$*||SY!U_jk!2k$fAnHN%&o2KcbNDBJslO*jIEJL|+q7DJF$-Zc
zu{rIDzU5(y{M8b76z6Nv1b^2tT_1a0jd%qjWIPNlIh6J(ab!rEj@bP2h_6OujXi0M
zfO9I$#53^;S;dtwn@f479rn^~vS99aZttW0LI(^L1Ps|7zt8wd8ZjKBHFdJr7>3Gq
z{qTlK_0NK+_bA-|b6$t8DKdWf1=>D55BZ?Fq9(LcH;*})vGO~Z5&>I@1_Hsdl)bQ<
z7N~FKo#O#WPb&7Gq<>_JXuH%f>vD;`d4>_i-iG3?0&0gKt&z<>&?*|{{Aa`_`5E?j
z_umnl7=dWCynjY)s`}<3CwM-TG|SLeTy<U`XuWt_@6BS*5Wi}XjUC<wzx@Z%;Qdw*
zf5r<aJ0QijPOCgK;v?UFW?}!B#S}`_yf9zh(|@orcZX7Z`cp%oHyw~)Q6xYP?AOQ&
z6m4kljOAj-IGNV=_@9|?8nwY=r790e(?X)|;E#wW+b;e&KvLCs{0SK><hnZV+s5Q0
z=^Z5m;;;Rcy-8Z8u9~t&n@Fg4$Y!KimSsSHsZ44ng=tJ}V$|wf>h2O#EL9me;3j`a
z^L@{-x#b;%E(LQdY%im5-&U{RHWpz*B5)JB4G|SzM1OBwfuM=loa`i3n|+=dQUMj9
z54yg{Ttant?q8edS8#Sn9+C?%y*h#KV6P-{psak0>%Uh|Gjo&tVLm(louktr%Oz4o
z5;$Nz?BO4?w~l20+#GRz-llKcJdlV-78TCyEjLrHls&h6H9w*#7G?V&<*0V*m1^q}
zsj)N|Su#GNIWO}~l^IXa%tD}X$n5sqd%)m?=O}Q=7~m37UMQrrfA29DpU0Tx*ewSS
zw<~)8)Q@^KM(JPHXeK^=I~8Sy01|q#4|N_|Kw+^_^_jX(8v|pj{6a0bAE?c`#Fnt*
zmz-WS%Cfpxc=5T`dO-&U7r<Qgm2g6tK0Hr~adUVDO7h~zyi_kL^)c|xFqDbWgBg}j
z8&8W9hcMgex($H$y_(}#`!mNuOGW#oWP?BTc7^Q*-)6{^M64E;H+ci;sr?R>+{=u_
zMCs;q{gjsi$|`0PE}kD<%c8+79frsTTon&GkDBZT446JtQOI4!m$bQPQ(JkPdDYN5
z1&N&k>2DAN_ND9x#k30ft5|;nzaz4}X7TLz5Apod?(LA90=S>T<NC4&8a|pJ(6C`P
zWg1`a@Y<-kL>&s9?GhYuoaF&Fbp|La=$+xb7p(hs7l#GQl%n}SjU^EgtLCj|o<<gB
zI6P<fE#(xG)6~p12+&r#=vU<m5?c@!^9pVI%C<Nw<cQnh=#fz|PjdA1tf08cAMyox
zEzK`HO@TqX<IMh%mn9O20QkOhRCw;3s6Oknx-N}q%}j0A*NhdLA0m;3T|1|xb!#;&
ze5}EjooI0PoCdvEySI5Jl0zDc0=x#mbV8BrsjYb1eTr8GujKD@H;~hLg6nEVxb?IP
z-_knHb?G-59B?z9AqegaQAmzQq&zKmVKOwAK`zea0zh0hPe=(R3`x|bzsgO_eoV3$
zV-vg!e1w}DKG>DkGZ+HsB63IgPdl02tVk5MVY~!&`<0R<edA$sWEOneZ`8Yh6)&!d
zm86Di0PDfFWXtd6U&Q?-jUF{DOK!_pveknoZRvx9A+tL8NCb>c{;GTdO&@sOFOZJj
z+wHo)I~zhb=*7n-KvI!`t(X^1x+sl_Qd>Ik`LJ&G+q-SclDn;XTp3Z%eZ}T|!<6#C
z2to>&u=1rF%+XRaLaEH^UrNz4MpwvD`3mZZ5@Jm*Paq>f+#nqtLwWzO>cdi}J8^pC
zBYFNI3qE1l+G^42eO_e-_2|e!sRRIZ34U1-{#NkZkkf3^`qNM<F*eiG+v-@WHtAw7
zfuvV$3rji3#lFpR>AHL93R0*VrhCMvqUWU#6i@mHbd~#*8)0`!WKN#X&HKOj#{1I`
zGgIl2#EzBNBT9Dlb=(jMdM-Wt1C#T@2l_-qnQD=%O7uBp)9rW9`fc_4LN!&31kaOs
zcygbRy@7m|@JDPff**97`LsP;N%<m)ZNTYZgPCVp(Qt$iA00%Q#kqx-e!WczEzbU@
zx1*>Q-FO7he1;Jf#5!<H{CTvAcWUqY?#%JmvyRmqmHpPn(<9l7b<HAB?erQveSdg#
zArdEpX{~OeNSiW{_FmGejW<@x=?)3L6I#ltsYn0WWcc()-d3e?KXxDi7JrH;AVt@W
zcKhZYAgBOpoifgO=J5}C-u-$w$^Mo}(?-UoVxf;$=f>BWgGU(TNz}Q?{3vjzh5g!c
zY|Vj;Ol37~Y?G2VJ=R-`{sI8Vy^#bQRnD9q52?%^{Gn$OnB=7I-gSK{t?|TPNqvhW
zm`v+XmasSAt0bOc>?o6{H$ommPwWvsYN&JR5blaZ!B=rt02cS97+RkHi}Gjt+~2y^
z$e;sSnuO;923#v*che>m)GenHg4?^Du#EBL8r38Q)^;76+JAMTU?^C;uZhIVli-@}
z%N5D_7AbeCzp%U+dypaN5LA~sHNW>ITYewpjPDN#NS3GHOAuG=%&GZ3N_GXLyL7PG
zH6Eu(IC%i-w?U9byKV&U#De*_aSUhq7A=2Hpgi{=2X^ZTf!>ejbt@WY{$X8mo`fMk
z&vi&iF7gN8YxE`&PLeO?Fs!N&?<o_<v+8s$OD*rjVlWQ~#47IX0WL{58sHgkVrK<0
zEx!;W&G9-G86%K7>=T#gB3RYoaxGmfP3R~nZh=CQnLh)FF46%}1(J0ubuE71T*w*{
z>sO0zuRc^#|IPQi8IFMiaA<c0Vpsb=Rg`2eZ((nc<k{Pw9f-9R*O&&{pJ8^B{V<BP
z4&72leq;QkFl-Bld15#{Ov`}e)9sqd6ufSa;xGX<FffbZ*>I6V!+YN|3M%1((aK)G
zH76VX)&CBj2j%O9)G>;Ix8;cXPT%jRYZoLdzQmsyd}ZNUpmh7i(TdKVhxvf7HQV@D
zR(v5gJ!eXP&rv9m`JS>i7{E$OwRw4ar-sRXUgmIRJ&UoXkMa%@;+5}B&taPk)0}v%
zo?y{7pxcWF%=8D42BeW0B{2}7amV<}5>AD@Y=3C{h{WEgW>#16&~4|3nRL4Iw_P<t
zSA@eGJ43<6MW*MkMcDQ<R4&a$qz!4L&m$%FpT{jW(c2;tk9(nf1z3C1jIp27Imc#?
ztk;D$8k~WP#Jcv<a9c4{q{oOdD4b&+scsIi_}WeZV+TE9y;(X2s-NtS<{lS%y6ujs
zA}s7~4mMGLJWdoXe={%SseEhYzX0qVdTS_8WcJQ%4w+6YUl=q`5*oPBEj>OU;q?b2
z;Vb^b4cD{9OR78UC*KAi8;rVa)YJ++TF<+em9$w-?b>`VjMe7kPUORyD!CwhQgdAx
z4rmv~WAX*QZ0UU<$)p(!A|?YB%*Ks%Fm%-^7A|j|$tcViwq{Y1HbyN_NZe;joMNo=
zv$C8y23zX$Nj3NMniL(^YVc<=C1cDrNq{xboUqbVG814x{<R{houN(XJH|mPj@BSH
zyIR!v*sz05CXqOa#8|p>EyZ}a!zn`LZmqOWlwQ*tw+%V+!Tu%HUn?{<=zQ<@gAYL}
z1!I6h`Fb{=k|mud6R)EHBtyMh)EQ&~6yOREFuaVkik*WL-O=p8(PhBA-&4i1t+5em
zpno6!s%k{Lqjrr@aB&_>?f8?|?B~CC0W>OT(e?|K<#0JA&71;AxQS(ic`U}-v{`!g
z&6L+%#}<O4a%EqR)+gJ$H*x6$ZPBpk7QW)(D$iOq43;@g98TN@UB$~7@%Xc20xqCU
zT?K;`^Uz+yuX7RijevW=AH(xsYiA3h7u2o7ba5g}44L)fc+H;akRYXV{l$|LF-(AY
z^9nGky=tbHZ(VzT;6cZaX<6}V)+%j!<H`K&w-FBO_YMfz)T<Y4IKwtfU`<$~o&9i?
z*%0ze#)&mWrqjq6`1i_^vq-OO&|a38$^8;A>|sFJvA&cG7s`A7z4WB@ETw(U#(VkL
zioPfjd3yZidwzw$P>bhjd6#2Pvzn$@PAGXY9${9O;tpoTCW{6AozTxgUVl5kZysz?
zlBO0UxVV`p>mt*ST(=P!imOdk9G{4$gXDDhdvkh&Lb_%<t)*O!<^plGSbRK7wa=o^
zuFregd?1(S1sEm)BT~p40`?y+U`$&Bji&T?<68G@l_pW&@@feP&J0lxlzSNrj$em9
zpY+ll=58a(K<TS>-=?875k0VuC}4WniFOqek?h3?sO;S<x%I-O2*;8QzgDVjxkjyH
zZ$NkckaGW*dMv+X=N`XIt9g$DNv>em){BUf=>e7Xqcv<LP-o_o7C4=yOXKMFa;_dn
z4gM%NR0ToTd(Xc7TK-9Iw8GnMoUp2cH7lSztUN`q?fsQYfIsG~^&VFVW^iqJb$yqG
zNQACQfC!Yn;aw}WX~Y9xod6KU>ZYADyH@!D82hVd#w1AFopA>1@o0kfN+Ic3RcFuC
zjWy_1tCO!06D{ZR;2PG&@6MPX%2+BLcI(!#cfM=#+ov>dV|`*O{jC+IguA>l)j9ZP
zfB0<D&xDbYLa44|$`^cfGYHF$G6L1m&N%Mm{eBU|rW10<mAq)ltyKFJhxFbF?c>#Y
z&ear(^@2;yz1Lwxf=f@!^_||<d~+QWoxWURglhq4G(Q**lSzCK(ZK&|dbY5*o>sg<
zj>b9;wTMgJ#ccQTbhAG;FU@`%zTMf}5cD=x!1wMVb7KqEif~Hz=2DaJZ0B5iet&l6
z+zoda#3l>`5d}D*)Z85+BxiQI3Mx7@pb74PO``E~FH+J$Y{}H+)RDjRNkDmUSZT|W
zQt;RT$N9+OVj{S|ib|<{;O?IFLHKs#(;cQaX^uwRQAhp!REzJAK1GX&7rqUCw^*K^
zXGe6=7k-4g_}tsItfL(_S}g;@m&daDff4xF@{-!KW1efbHh2Ol;w#`>p}G1)(?A8*
zr$7-4`p<?1)kWB)onpdK5dPo`s!wJpc3#%hZl=I3Brm()cVDn-pwJ|KC^yyiAfs`>
z!)G27B<Y1f2FjM(7>AY3@$KtO?Nzd!e~{Xe1XMTuFT+Rqu<ccfev4+4yu{KnKL5OZ
zbN$y$2(xyOfU;AQ@g*5eNe|l|4yr=#XsrH`^+~qFF;8BiBrm<+b~PAfG*lr@lC{9S
zqmafKAa69{oKxJols&?HsIO+G5}G$Ta0{9?_Ds+$zE9s``~i><N88NdQ0DtsmArHi
zJL(8Igwd37O5%{t_T@9B+3z&m$Vuk{dDd%CAC(`$6FTmdse|Jigzaiy6et?ubr+i`
zFi1$RrMv+5A7DyPk|}M$&kygKkr-ZV??UjEqvP^m`a_>$-WGvz2`ir5DbmAwHnkdZ
zSDOF_ruDVSkF}4h>^1-hD?_y(r0V<2Ss2A8d<d?`l{~eWwt;48n9o3&=@qE|KyA+6
zk}^b4$Z~kq=;W~--@FRLfGwX}aQ2uN>{MTDbD{R6&0B(L@cpx!u_2UkmnEtU+EeDw
z7DW~E)l0s?Q6|R1p&%x!zbS)gC2b`(&r$_R$K7kPXvd0WKAG*au7E8TyAur}7IOy4
z-aEsaT)9h24Pp7K7$fV8(q`T`=Bw=PT^DV|CbGr13v*)Q@}u$cSaVV3`%m~zvv4Yl
zqTmgb=~e<&DBWqb$-UsZ55~fS!C}{d1Ij&*Fq<4n=e)!9oL^fe^m~P6$O!aMl$||x
ze`BZM(Pn-ph_b7f5-&g;<pm{;ufK?we}}PjH*XaASBt@^nqv6p<|Pl7d#WB_R%E3(
zN@!nJ2MAnpNLL=>mdz$czH41LC{o{YE!48!F*9IVXU42#B?SltMhkk``)Y`!|B!Se
zsm%vUS%t1kq&HexHbx%4A{pVvCfIK}!$jO);WovisX4QzciuV06JY})41qq3NXks{
zn2M2W3Z7-n^O({1&f7g6%!S&9yWh3_^RZFAoX4s4Lipbe=wz?A&}*o1K1)&35lq_E
z2?|#zNYF8UnMnN{s?h5{F-M0d1e*-U8aL-v#v@NU=s6#JojP^oKj#@PL<w}H4Cb{W
zIno?<W7^Wv?3CfNp8joi$P`&(pI6WEfTk>2O3`t<<*Axln!DYF1><>Tozo>v+A*24
zDOBX6NuttK1YudCMcYVHFEtdFL4|a(M@hFM(88DIF2*8h;Erdk24N%02L2_a*^xC%
z4uhDa%hkungrG(i=QzGp{&y$^TqFPog`JDO>!N<zl1Dvs;Y0Mo)1wo$dOV1v{I!_+
zfo5`MqM%sx8)y$CrKBSBO6zw)o}TUbLC6!3w4+;zPWgktg8^0lKv8#Z=aoRB39o&`
zAJ@oZemgsi)sgI~p^x6;%<;rdK}KKzA|byvTU~M0u3DV?_fyp8alV5OPdv^~cim{q
z-?2Iu>5VYD(+s?g*{3q^z~#^EtsZvd{PN&*koUwSws%20-Dd8seX-JI6j3i=)n3Z*
zmoE|0q|%em+23tqY*l?H(X?}KU5FeOL7@0R@EPUD-BR7pPy#X9f!_`s<Xva^5|V&J
zs5E^KN*}}s7k)?rwO_K`ttol`3-lFdzqLumOzISO`AHKLnZy|k27X;$cipV5K{(Hg
zTB582<M1gVMCX-eT$R+P66>1qo%N~aD^iBv`ex9|kWg$iM54BDCf9heYv<%b)bT()
zho%e2{^51{t~<T?j6ejb<0cWnwa!mFsuEWme;rfvq!SIHt9ROeM>AFG6~tIsxLhzC
zeO$b-B>eiaM>=2`jDhhGEwJS6FVi)}&@`a~+;W0K#2u3S*dJZ;ItNa}W#rpsa=En#
zDH*hFdfj`*K6$BddixgFT6a*Tl9F0|8dKCE8t+{A_T9W#ak^a28|Nati@6}i$jimQ
z(CW!{>?lKX9GA}<4^Y^?uf))raHx+uAR7tQ;X|=y%@}@;RRPmxJ^*!rt4|WAAcdBO
z6k7epf;gZ1i^aK<lB3E5a?PRQNW2sfo%uh$rFIQ0KeRj7%)WCXR93&#*rhR|9f@LY
z`Yg<LXTV_FNy;b$mLC1!Vi#-pZ0P5MaS8R$pa@O&XWnpmkZi`oP5ma3tH%xNg5LZO
z-fJ4=@4-w6Pq!rHMPk}C#@_OWz!0N4M(HAb=@TnTFiABUCtisSBH~j&J^y|u9o-fH
z+I9E!cUYXHDl(V42;-@u{gwQB@{zz4<tD@UXBk16=_f>`q$wS`<!YS*&NW~*zD;`;
zC$nx|sa)pdF4wO`DU*KC<>?*UzZxXY6lp6~x9MXWzO|~vEPaXNalFT;z&SEkq|$I%
zX1P?Vi0ZmXwXWN=npi8H<^N8V0u}K!<bRkL+|bG8efW-h25VGNsfE4(3d)JTYR$}$
zQyBk{L5CFkVfNF@UsSMljfv+?>r7`kv?hjQ6qih6P!dj3-8sLhc_~m25s+~2Lcms|
zC1U&+^QC3C#YRU#=Rq^nxq5}TS|#<76&ESC?(nJK{f9F{buH6mb)N<^>b_BNvRCPD
zGgxzu6;FOYaN0&{lkYrB@g4^y71~uQ{^LWPii7WC10`}iRDs%y)BJDm5DPd;O6hU|
zQvMnDEko0t&A6oBD?Zoe^$Q@0>o?oywpc)LT$opUxA@7fGa4O!QC6;)tLc=PLtyJl
zZ`_}r?I;mcQ}elGvrU_7UI~byGg6r#)*nP~CEpdI_e92cl*Q}mp-EEn_~<)%sZTdh
z%b?0*wA3?n4k8~uk~8D!{U$ObsAV*T^v0fGb~3X^2lTF6uw*@i@~y4dd2DZ8{EF!;
zTGlq$NCuZB4dgoC0#~gfXpT0{519=#;T9R%T%h<}Yw8jD#cE#8W3hGOU%$4)T%UAW
zoOc$)6x}ic>C!G*`W_QOivrBPC+kTa3PLF|=LIstqD~AtoFP%;^4H@y#9K>drKZ(&
zIFDqDyYOu?DGoJ_vbFlM7f#cq_WZ_H?`sjTpLr~dIn%hm8i^YZtUWXm7PJ2rU)Z{b
z6WTw=v9d}9T!Uu8mVYbb$d8?Nqn~Qs&Ws7D?>RI1LYPz)e7_fdXeH$;ZQ~gKwsz1b
zPS1fLrF|KkoVfo*B`4WV%<eQkVr((Yd{9C=HP3RM_vij@qgk<fCZC{|S+f&QMr#5k
z%}R~j-XrF2@3B<s1_C4v0H%7?rT6$&EOAo|qIe)8IA>z`4VT*N02KGuNX$()H)6#4
zj%Mct^}MHdt1ncXHiimt$_MOzoAQQOtNHh%Na6*h`RZJ#QLt+H4{aTo#9|0uv<OR%
z8@=1vV3vjk<U_!9WK~$CovBW-achPbE6kT4qNmk5K>>vv6i{9P7@jU2D!imK(6d0a
zF2_Bf_K90W8nJt8mE^(~WqhA%slbTBm$@6E8xLiR$w=I!L3!$~za#RiRek}K!e6S+
zQ)o`M9EV^AC>@ODuFkhP)USH%&oza7<StBS{gc9r5aNm2lg452DfQ0fAdyr~OwbLR
z%I1<`7){8W3q^3`y4!K4Z067znXzD)n-6BFHGgd)5;EthWP3)xZ5nTW@X&GIs=H1L
z*S;)pT_#TwSZ2z&vnt=3Q#)_lfE%cu;1nL^mWAjB7cjd93490O8-F~zQL8<q<W;BJ
ziEJlScL#yS+RF79fH~wQD#B!GbEyi|nj5V}rV7Pt#k=|rRvyoZbfYAJU|rrltqc}O
zeP=^5Me?EHK|!SJZtK@`ueD=dMXBD#Jcjsrn!Tfy17#GhrPBJYg5r<=A3DPGCB`Ep
za6Fx8UBz=%oGr=Dlj|8H0BL!c`4EGSo8kUgc^C=*9p`Ftg=y3_D6C7E;&Y%2a>R-e
z8%=xf8k3Y-$Qw0kf$db1f2k?pN8KccJA0C4?DbVa(FX(5IGFWzAGfrvOe`C0oY^!%
z(6K1v*-a;hP~WX<1Z>Vo(o*`@Psf5+2-v#$p-&b7nPyuKY{6)(@i?cspfFCFdFp|B
z(2JbRl$BNM%>G-%a75fRqTP#^YURC!zRBt~ga<E7jJ23ULbC-$r_T!~^W~^qoA(vA
z^cA#6p7HOuum8c*CQQBT0yidzK#1DkTuq!7O3V@Vs{9xZ{dgOgWmVIkX_<uTK0too
zpZe+h$4xOlT-bDAS_h<C+oyVF_fX+Orj{s3>rfQB^j&>VB5NJK8q!iF&P)?t{*LsV
z#mxIVGrjh3=F3R)Q*C17>Es96bgcxlBIm4Am5N8$2_V8(n3?_5dAe;m!OU*gmse=l
zyLq!UL)h4Ab*chU)AhC40x|g7JtMtAxuKo2YR8*{^;fknQ*#_>l=2jG1mvI06j<0L
ze<DX*bPt$JwSX~?$2pq#hQfQugrpuJ+9JjN882KRm2X(5_@o?{Ezuso)WV=Rw+?BE
zbNzq9Qk&6Zi?w!aDL?3SALos|4+r0geRE^XZX&A;!lGt==~Ac)w;Ggts?WLbD^?Eq
zofeiaD!qFv)0Ls=SJrfH&KbA$jCC0Ar{M_zyf`;hH&$U+rRUrm0U%V*VhDt)T7IwD
zUm$}7<xbo~Evr-)gytRQeGBQ%)znOhBK9q#BJE^mRk%BJ^+7|dBYUvK$4HbeGH^2q
zxIsBdjC@lxX%I}R-f(|L<~Gf2LJ!)+`W}2_ue{wHm`K_t{FOm}6Wki6`m>NGOATd^
z!|r{RK~4J9sr8h(<5t!IG{4{N<$-N)kK6sbK87|!fmLMcf@zbGHL5S@*A~5L+8y%_
z3y~PzQxmLBP$Iq$Lax*gb-G22xk5tZb-A@*EN7Ax6YoB9kY*~sfdMR@x`Yyp4|5@x
zq*V-l9caD16q0yGZqRP`vSbo|;I-ps*3iQ=cdN=^lw+Ed)trD)(@rIBK#u$VAw%Eu
z6DxKw(%5aGT2n*8CRlgjj)fLiwJJ0qIWxPo{?<B4qniJSg!c)Nmt{Y=d&l|!b9jRE
zw?F+s7Uj7#*XsTcvw)Se!<Iqe6Se`C%Fj+9IBAf5d$G#KA)w0O>N<mLf$y~HtZk5$
za$eI%aR=$_s@<Fy^Ti%(PUfN7EgO*P_~0S_KL1{F4~fKtv+O3KEovF<wxvV#w3~X=
zi>RkhnF(rEzed?b3Y>BTxcu%OH!F2v>gYzM+}^fc7mlueu7Eeihe!-`CZRMnyZ`HG
zh6mB!_=}|xH7{(?uta?(lnTWWZi`Pps8F%|p2E|~uyhdb<k~ua3&t_qNLWFe`n$uk
z-<Fe<p_eDT_S@_(&+zpQZcbl<>oNpTxRg%2wqGtXUrs!|JZi<Ga-z{2@9fvu;>*hx
zAJ%*!@2{T#;W|ati__x~FGk{ibm4puy92I`ObFl$1fz-KhV_{qA4AA5(9On^8LX;J
z{1;|UJofb5%_mBU($&}e29`2U+BSIT5Brycl-Ir)zowZGW<2W4Rm5fW#F&0KcHR`_
zzmh1UxIENu?Br_-4HvI3pcwATMuoVfDURGjEtaW5TLgXcdk5+3iYQEewH+toWtyh|
zSNg^_A}vo+x&AcO-$agM)-g!)djysiNv#&DT47VH#AU}cy^@C4NPWkx8D452W#RtR
zH-#sBsZA1cL4@+<+9kOEbqVf$R5;5?uP1|@m3Ypz_w4#dm;<tm)_>{BSUVgUzf&DH
zZhPNdW$ZmoZi=@#l6qF+rC_(WxU^9<p8xIR-om*jz=9&!7^-!daA4IIzQ(#geOVd<
zF7kVm{&Di`IN`-&sd;AsW=QKT&`**@WDCe3+y4ESmEuVqKO+3uT-Z>n>>~0+7<GY4
z^jxT4t=3O?=+@d`CUw=5R{?EQ&GE?)a#DQ!=s%H@BiG1Dn{NUVO&?WXWC1)B?iEB*
zKWb!6-0;m<{T!y#{VR~<@ZDuZnKG}JOvApDu~sqm+donAlINJev;|ATPO)O}5a-Yu
zNjNKv)sRIpzD3gJ31ulT$@%amKSx#RnZ4w})-7WUY4?BMbitqI#X3SF&Sq^G1``|9
zJ2Q6R_7F<Hf-tlt#>aY>$-hXJy8}+yab?Ff|Jw1p(4de6mA{{}%gx$v`B7<+fz8Ah
z>9WqU1vavwY}4{vr+iu6zn$`QXaZ_($D$OPSj9T+*0k^)5$`#sCCY9+zI?G%YTi+B
za3Bt_i*?tMPm*M2bqn-<-0Dy~c!@%}PSxl($oL*YxF>f+Xa+2|F5c?}tSJUIGb;zR
z_<OMHw!-dwq(yaaMM4S#f^hu_{bTGOvzvp&^Y=dpM5*tZ?>E@45s2V7dqLfzUL$$$
zV;Rm0p71&7u_yXMAzIF@>k#c4LiL|k?FN$RUHk8L@~cCcUqes&wK@AsFHMJYA@v1D
z7K-|qzVe7n_`X?-H-}zvEtnqHf(gpASD#PU`(qu$QwG1oiMp-DLJB$*XggMttLzO1
z8(<<o#e-m!Gxq6S=#-D%U%|cNQnv_&CU!b+6+owip(C8RsP_LaPlhg>fU2sD3vB?$
z{{!IoIj(2~Te<QO6ed1=Ukq^v06s|w`O30U{IP7%E1)P6RLjD_jf7X#GFbkT_}3e3
z@77Xm9tp%QZ-0^BpZ^q7<RG3JK=TC&IvWJJ@+kj7wwiIPi5LsR6FP348T4Rk^#6&b
z*JROggH}Id!*7at_8oZ@5kQD2p+l<UA_j2~O#tL6L}dgR3&6BJ2Rt%V*MNHZSD&UE
zSGX`8CU77fv;lxj5YoRo5Yzv3pzG)PAVBn`sMmnmQPiWS-vmh=0}Kcj_-=)5mBM=B
zKd-%kK#33mr753EnsNWU7T{+9K#xUvWbs4URZSBRtw0otPlrDKPdvXSFYA>6zK+D0
zlX=}IJ_@b9mKX1Ty*2_`3+j8&+UHmA{r79bp|vl>BcRO)c}_F0X#prLl$-n|>VJ3V
ze`WWYNgp@?lRi)f?p|?N1iY98ZxIGAzQWe{2dbw6{3pbwwl*IC>$oQM=TL~nA0FQY
ztCIu1U#*S;I#(5u&I+?vxXb;|Y9xv)$&)2BnHTs=Y`1ri)ZzwPk!{|)XA}&oxi=7p
zAj8y&{BI@X)@vXkP!k(EB*@)?XzC;V+f!Rc0g9EOQMy8>$(M!5olW*HMFd~Q`pE<u
zjpi@VE4qQ$g*J249!c<TWwSvK?0S~M|2;?}g~;r$cKs)h{NH(H3GtabokAAcHEIlG
z;RuAU<G^brzk&Gl+K1gY^QZqS?C$r;pcK{&?Aj{o(e6!%gGZ>)uBra*t|uPjHxY9g
zQ7}W#w2XsZ9PzJT%m}^M|KTpA_3qn{o##;h<9)8J#sB3ru8#t{2}wvf#ANdqq9l-H
z!(6V&b^G5k`9<d~D;k9l_E%VL^gw9Wsv`fATuk>MCVP>@Ub(CfG*HaF2(!-~odG`d
znp187*$L(4Psiu}f<1-EkgwWRL%;xipz>aV&KJLZMQi?lOY0A;Kp|hH&t4(lfWs)b
zI9=!l1E6QU_56QXiokzuzxG4LfX}^FXfo=nhNdx#51))LIX|>Z(L3%c7w712ZlS{6
zQD^^4`6RERQ<A~V|5DPX+mO|j`GjoMipH3Hb?6_Iu&i2bTLuL8);m<m|JdwT*Af;l
z`;US*J%HBQ2B28AGSMbO^5y=63g!>i=76<-espCwuFMF^Il(`BUWE2ss0;VuvwcL4
zd9`N&ca_ugw>sFUa2Z2##y`Yv;=DevP9<~F0VE5MIDCU7<Q5xQQ;d+OB`NgGL~kL6
za~GasbR?3rrq5S=2S3#T2o#7>1>-@zZ~u_cM-}oEX9U=Dfr7kcR}k@DaWW;B+7AV{
z!Nlwz@&jr2k-k1}lRoLwEJ$e~y-kJU)<U+2O~mwUS0>SYnF@wct6i^#f+(B+Yx}|9
zZIk@jcHU)T^WSanLEAoNqi!PBR)Af<Syt$9I`0Jok~_^kNBb)nF|=&}$h+G1pk1%p
zKb(I8mG(yCVRjv&mRAO77xwx1h+csnTrV6#2Ep#Yrf;}IO*`Q3W!LxBi|+j;_skX0
z!7)jAqPJh@N^pKrlC5op5ru+FIFQADAzaZF_#f~RD18}OE;OY2a}+l>=!PtwVpW*k
zALH&;h4kj^{B64$%zlEx7rJX4`UtsP)9c5ycCYY1yT*YeWa6<8AN9@oyU_1Fq#_&N
z3X9SQFQ%6M1wzFup1uX$8sKQeH*5Tc{s{<vL+0zwTp-p>$}2qsOZ&IN#;L(lPPt!y
z(fzyEp@jI9i(lwJOI2W>^;m#dHq`kbLxhn)`>}h9duLB*1`S2=7ic11zxB`3E&)HK
zf0ly2O(XPH(wp;m5DA`13Voc;vy4E#f^KU6IoW5>1%`OEdmvl%UsC}9{ZHBf%*U%&
z6MtSSdb*{|-HGT<6aDTB=$u{|kRM{#YFK_kt#;)Aq20Xl5PFQYNVYk`!tz!0wmTiJ
zWFM%WC%&Ze?~7m;Z4F%N37#(Ps}Z50NDWL!MHR(yHv}5aWq=BwrT%pGM?Qr}{_vom
zx%VpWghT=%3MtVBB1WqF7X}^F+gEo<CHN%>xOR>M5T}}jPa~8B@gw%0oa*J-B%}av
zDWM?zO2)v>3P4R6k_na7azpxmWI~vX5XBm1*W-{BAOtQfII$PCqx*8-BK-s^fjW&a
zv~}W2Ia-4Aa#O$pYPACi?+fdo!pZ9zldefm2Ga%F0LnSO1zrA&e?}c{pu)t)0qyTN
znmxX|d_6DTVKAs20k98Df-`$0(9KKPXre%XY@{Y?Z~mPcx)Q)QKsul}H@o`Y21xU-
zP7cd|2$S~U@!<>AZwf%AVfj@PI*@C{6IZN}e?nHxZI#mP<bwp_0BV>t2n2FayNLlg
zXZ<w(lJk#K{W0=?+WQW!rkbc-iQ%QG^dd;JP(?sQ6aqv+ks_f9Lg-bgBGPLF!9r7{
zh*CtPDoAfq1OX8Qk<dFxC-fqOa_1y~e(T;}aM#CLtaWlSW$$M{d(WOZb0%`o!^6Es
zE8$55Ze<^L6njYVlHcGZc(?L8*jV{e4?5LU4~u#~QoGb&Fg6~SB2#0j*|FG1Zcm!=
zAMCjTm!3~0r9U`ap*k`2{C-T4B(Av7$9dBf5Lg5CM2<mTI0EPpU~G)gn}lc0s)vA;
z`M26(%rbgc`q8(N!5)Q<5wKh(y)9~0<YIRWI;!T!Osblf*9n}|gNNW%ett#pHqYM1
zR<(Z*)*d4r=;W2DAQw-MP-z#4O3q+Z5;&;^*0{h+W6-Y9JMIjEtO`PGDH=Hemn0)S
zV>@h{p@r3^b_6>0BvvVTY&-B0?t4fOKOTEG;qK+!M`@l@FRo3kOo`>YG}21OMvg{C
zHD=!`xX}JlJJwoT;F_-Kd{Vx_t9%O`CLBt3D$<bCq&5pYR|CIb@RX)!Wb)^8TfI-y
zG<JiYD!Y8uw5nXJ04FMLfYZsa`};U;f*}K}OwoI9Q;Yw_={YhPa+`oV#t6enxS{6<
z_IBozM>y*PL|Q#3&sw+hMF#e@DP{JS+9^!FDvG|-IgV^u&d?mpWaDcM3VoC8dA<34
zW^=k~k-lD#5)(><H`M?i*2XuyX4irlHC)G%GhLdS(@n^DDVz?Ds!+&PZ7nm(dUq|8
znl_c)%T*b-gPoGP^9y^kr$FYOPtf<3Zy#^wr?vR>s|;?H8<cgB#dh3GVa6A=C)N2B
zgzm%^DU_W%$t2ysw|TRNk`FiDUA5+2KiS@pc{k|MB{R$Q1wpFGbeSLN&NaD#AJ$GF
zRH;8-8l(w&_Kk;Ts?z9@A~kq?NStdxzC>fN=SW!<K|KeKRE*?$0Xe9?h)6D<7VPtR
z%UQ9we90|oUx|>7`_i=(u67X$F7Hm~+`lG0=W7z5E2&W4k&u14^1s!Rj0(C)aFmU9
zs)ZUj|9?gCbM;vsY3LZ_!O?Po+Ou75(q0!$Yf~PuZVuefFibxk;@;C1+JE(k`%myc
zyT%jPt~gU@`BQBE?5gfpaQM}GaQM~xeotIm`vsdRpRrPXB~jL{%;Vx8Ba-@yD9tB+
zx8DBZT=&A;P;q7Ud{|tP-Boh1pxrLWo=xrnc7hr%K7OnZd%lIg)rBSQ&)QFD<iYMo
zXf_9)XueI^iz|m<=V%{eznu8W9(^R(mNK%+ZZ}g-!ayIL37sI>n!6elIpZU7A-S<s
zyKN3S=Yw!2^+)Q-Yn0xIps<9dGlsPqCAN;WH(&4UfX7pl1r0VU>Mz69z!Bci4#cN-
z7c(z%GOa45o-}Px*=AM5W+`4)qL~}gPGwKIViv_eCBuS!B@iw6R(iQgdHE~lTl$^?
z)<16YI&#uot37e1?Ju&W0|$IEPPJ#~E4jZk_zrg9X*z8~=UM#6Jq})w*DK^UC{B>N
zZlQEWt+#G04XlqB+%|olnn2TVj8po3tz#9ZR7C>sbUpqQPFeQKdRT0|`lX}*Wb%&B
zHJA)J;<+&?mSk__PXe=fXqakkolyJx8WA&v{0KC}J^Syv_9G?ZzM*EV9NP-M>T@ld
z#}b6rVjHqG+B~YIyX836&3CkGZ$DvxhKdNEzT_t-UG)v4?Tf$VoeZpfhFACjEpo61
zZHh-sg57yGos~ZZ6ghp$)XT<^-M>w-%YCf*;JjBmhr|k<&Uf(>?bu&8|CpTGMwq3#
z{J`klQflo*xm@_VSUY2C(cF|L=!AVerb&0V`ezo{XEtzT*SO@qouNs-(PLp@RlRHI
z+IXqyFP<|;XtIVRixxhZZ#s9VvaZMF2x-q+QY}8~{Q=XZ%BfV(qKVPAZ&J&vzf4Ik
zKQgbAZ0uh}&mV=9-pf?LOQys~vax+s9E5*jV88bYnS2yPl44t9bDcYI)=tHgXwEhA
zOO}h6_2^e3`Bah0Yagz<FM(4E96eKX;=G?Q$hLG{q4!xBAe-1btyz!bRK0NO8Jo5O
zn`Ms6V9UAMT6ZhmZFti|hU^q|(&MYoGh05Yx~_ty&>JD6%lX$lCqMGftf)V5oDf(6
zTNVn6sVjStl|Opk>sR6*C}gPf`&zWT60^DkPATBGOO=QQd+0BK1!Dp4j&=jpx!odH
zVPmJrM{!j~SIHk=Czqgrd!451dc?)W9iZfG+n!ZuP&jtdR+*7m_-kp*Y#|l3T4sRZ
z*T9d_ww)b`%2Y8Lf(5s17&A|jJk;VodA(Yw@8$iYrp1rq#D<$B1}!QankB3(2bSXp
z5!4&aZyG%Z*4N|R#}{@c-sFjY#?3m2U(ILM8&frR#r=@AlPOA7&)0cGYKq@^`b49O
zUeh6siUbBHr+JL#dhaAag6gY}?V;sD`W+&HdDA?eGFL5b3p%F#`zO2^arerf$TO#k
zjHU3S5|4W4yu7r$2X<zbYaBkC{LYBU;a00y>Ixs>tn_yHlUd2>{a&eJj*YqHXeGYz
z`Oxptgfbzo?M<?!+Tq9k69Lo}_=OI<eNE_bv8$scSF&xSCHSZ`Ri$=gKaEXIpe^Ed
z=W42L*osuy@E%EytG{|>|HS>|NPDx~ET<r?Fd0m3)cg6@o!Lm~&TL=4t;Ok8vuC#D
zz6v!9mHEd*y`x%hm(6P1S{dZqYn7uPy-ItDR2ekN`9k4lIzzk4P0((UGWmh(nV~1^
zmo&v70JxBeD41wm6NTF*w&5vzaa9wp$R?0m*t?-=yaF8HAT%6Ioz1Qjc6hw}><9gd
zG;vv~s{@NcouQ?$Gw4eflW$ktHyC{y^}IK-fbx#YS;W20dtY8D<Xdk4h?WSf+>Z9t
zn|FOxF860P$gtBR;ih@ZP{~Td9Jy@i%oFwH`ihPDRE`rqcU${9W@Yufor+DiYksWj
zzTVxe9<5f*D|D#vT^LRX^RPtW+ZDS@qq8oZGuIh1&z_xrGbZR@tBTUv_5CwGiT)z4
z<F%Nu`(RdPcx4xHzg-RQ6q<XhuE*K4Rs%1iQqND*wytA)6&By+A@2<-?T7pf<B!v%
za2t_s#s&kc11KgVkhZ)|SL0=z^G(SFKDiBZ48Lh(E?nDKA1vneT6@NZp6}(AabFwx
zG;b(XWNEOVGe|vH?)*E-y8B@ccda=|%V(Y06EcgHOhw=EeLC}$(Y|BN9eCT3{z`Xa
zx0#vokl5(*?k;k@imf<&b*0bxmxVs3(Rm}6CKJ!Vyg|o1Hf7lt<4N+Ze}u)(Q@^UT
zDPHhC_2t*2kcEjpSB?(7^(Eg5F|WCVdFu*U+b>zeHS_Gc>$%x|v>jfnbK|)Z!ri=Q
zrKb`*T(0rTxYSbDv`ZkmdOkchusKB^N%I(o7v#A>f>J4edyZgsE_=+&=5#p1k<-Rn
z0pdNJeB}yPUBqQ>6sM%#^TUjn@GEjPqEzd)xMj42G>iS<g`MN)yD2L-l<`3ZR`XqY
z>#_5@r@dD4iV6p;=&xOUsx!OuV!^jXI;CJ+o}}diyX6J@Q5Us8wWrqYKX%G2c8#aj
zOlMvUbm(7+SnD>a*A<J^8EA^_E;d4su70CO1-V|#y7b+!a<$`dwW5QUg_C5N$3!`^
zVW(H!PmVHs&$^#s64JCj*^6i6W}P<|vyatR`c#fTSZmQ`?x&ga8M6AZUb$?u{F>+E
zBT`<OrS8??o_SepPsTm~i+Dk%OC+eX(r-D40Qe9ASmboDzCi@w<yo4UhBx7<zeBbA
zs^Gc3x!&V)l{7AHqHzAwQLFfV)`7(@Hr1Nw>+yD)r;{gnh8kubV7bdA<X-t3mMF{E
zU<cPS?UzU=%4a^^!}_wgH#g_XqM7GD&o|s_&Fu_4yzc4lRFJLjX#^e{N(8J;(3Jml
zJA_(05zia%b<t~N_Fc{Aa>E{d2~VD8Pi_5ZW=>Un`{8Pe%FjZ4-z_a$HcRlBCk_go
zJ(IOhf;c=Sy=HSc0~3m*nbRKkcP)JmLvwY^XR~182+@^?k`T!cVXVms?w(#Jni@sW
z+7I~zCYsPh;jT1$=h{(~#7=au1tV_kqS-ZA{E0K3Oh3_~{Su!|S_e$V*Lt&>8=~y`
zH?J;tUvll2rTg@GDyC%Eo0s#A18c6;me*7)zUDpi=W|UlIR;KU30{`o#dG69)k$)$
zoX)QccfGqm4tGd#P$x(_DB9qKeQY%UtT5X<lylCkKM^l_lx?t%v~h2xAVI0;On=~9
zUhn+GNQ$VLBf;|$B2_!>jj1<ERhn_5sy8W!+Pr{+<KpR;USeCH9*?QwEZ=>+z-d%q
zW8*v6yKuv8^VRcAM?I<@p0zi5nwN|RyFXqo>f5<<$+vx7Z~j>TLmP$L61zoj{BG8x
zkC`^P8wnND^~28wKT8;$X>#BA@M+V(J`h*f%QW8SvOYRYHQ0sqxQJq+jC0u$AGVV9
z&2m>Rsx)-epRrDH*zHBJlC*#WQ+R_BW)pp=9rT|sb@h5<Vcs$=gFd*q1qq|lcLkp(
z<!Q^3EYQBiupD3CqnZj;Vk+Kv9-?-1MD0GBq3rgwql0JMJJ0)@|Lr?QQ5sCSOYdE5
zJ3qB-#hEvY!v$|0U2_$UoYuV*|Hw`RBP4js;<}GB>$7qA%)T0T0p4c_i?_8RtF(?@
z;GLJvy*2nGe%Ps%Ec6K3TqUm1UN_OHe>12$CkWTxm$I!Z)g3JBHE&ZrOyy#8uJLNZ
z(RBoE=%qWoc-{n$i(Ac{`fbG;X(h!QE%Jf$_I=g3jfqs`34T+o7Hye2n+JV4lCh#P
z@Dbn8@u<(+bOfSJQxJ(Zu$Wr6N3<~5t;@h#D_yM@IUiRkI`qhHb)d(K)>f$p`xvy1
z#P8#CIv!H+$n>}c{>U`)3cOkPXLoxPHw;enx6aZ%og5=D)a{xbR|7?ogx6wM#H&e`
zErTK(!>om3`GzhphTww+eP(V*p#>#)>I@y1XR;HRcX}7e3bTL3?$m`)2gp{=7J~SD
zvP|So`{idfebO%WKOBng{FuF;^w=Q!nw}6HCd143sK0WR*b!&^X`)>ifL#P$`SEfd
z()~2~Rm8LTvo(jV_07EqX<)qkZawhmOx6+QP(zlE4~DJl+pDGiTPLj6?D3CC72<x{
zI2Q7%l~(b#7@o*IbjEjkAi-B+>(3nTQc=VXJ6k~C_E1Z;E@#QxlAF)NO*8zgYVpUY
zgPIfQ?KfL%hL?>hc|TNo|6aS(-7Z$SyC!#?^roN;7#A1GsKYYwJD!ynyk^(KIK+j0
z#nz&1@D~u;;`%%uV=dFi%WM~`rK>Ne3ZD?iPdifwDDO^%E=<z*W?6q{niFxle#w02
z+%R*P*R@NQ!|}sL4qhT&)623P1qS;jRr05`Fq;^Ru7iIEzamE%5pO6bTART%r>NXg
z=yKl>N68yXiBEZ*HWDMldDG=YpVT!CI=KAFvpA(wfmoT0TF9d6aOp3c?Y@|><8M|I
ze7rZ_F2e2)CM=7}wSU)~k4{5{altFu(X)V5c)(Dow|+c9nx4bUTsfv>J2;$FqPGYq
zYf}S7^!T3hJIAm3I?joj%-4x|_86gATUa-7PL=HOY)(=IPddEEOFj<gFIV)t$*A{k
zclS`1Ex1xs2b~Z}wQDYHm@TxIwZqy>#90RRyLRWSdL`IS^`JQ@eLWgB)q5Fo*b3fC
zv{I3~NxG`<81N5G*_u-jROb5m#~1T-d(tUGhJHcijQM5a-SC&lTd46Rj375kBgkxw
z&8a7wgGTkwm`-8O;zs8D-9Ae@vl(v*dQQn@@nLZ?drz60g*&mnC4%~EV^YdT-I_PE
z$$}(Kh`WBDMl8>E+*_-6pmgmkbFX$r$?mid|LL5Uu<mws@VunIkp5cXN8`YoMK-cP
zBPsipI8ytq;mROJU-!mh=jG#NO#|F-+()kb5Oi8{*WBLzCB9zz&`KaVAc_j;V!0#z
zuP$6ePu5t#+d_7oX)FXi9xEkgke~u%66VR>lO&U^4PLFkxo7OwC~Qk5nwzP)Gx43R
zMmnVT1EV{;>sP~J-#0EdY$6b!+?HQ>SO1DQX5Bnky839LLbjY6vG7y#<7y9Yt{`S-
zY3s}n!TTVfZj9idxVd&VVRl>DrLTgP1;;s1>^5J=C?aK%cfCB`LEn3MwGQ_)YpbV!
zI5kAjQ?fi)Fly(|wnCt8NN@63c9_9p&Arv5)Z-3lUuvKBb0)RFYS7Le!;hG&6@<&h
zy(T<m?LM~M9qFoBr{t}iiZmINcI9v`P_5X>J37PJzwK6>q7IH&^c69m?=`wM+fyXQ
zUg_tT>clxV_#77Bd_9UVkdVM&@pr<&#=cgUkf(&SACm^>=yLNe_8sl{WIL5^vhhnZ
zDFZDL+0f!1fat%Yn>q;V6`%XCwiJz{vAn<&?=@ZGctx%VKj@x{s|n33q(-xGgB(VN
zjny|cI~s?`JAMyQFjf*;B;L55Gy3894|I(5`c_AsP*;4TRT%zte>0A;Y@Q|Fp$}u%
zaZD^0qslZLd{nW{?$1c@E3qP~JlBD@8*>vVS<b=>J2NW+xpVRs<`tgvt!WOUm#@6K
zIllB~+^WVqBvFv+J&z}2&g%~+8b|1879PxnZQ<3c+Pc5d5wm-)fQ&GTU|fy4eQV+U
zcE;h6ThT$@<H8h96R0g@TTaM&JkhPw5|EU@t+}GYQ+?{QndrIH97sq|6FU+-KfCMp
z+A@~sdL)W@-VqS4QkCb@FEsqSt%d48$)2*#3q&sw(KfCL@nya!o131iv+x^7yY!oG
z2aFGiG63*qZ#$L5ypS`*(V^-wQos!6{tS*N38>r~FofVs5hdc$AIO!Ngg!iY{Rj~`
zCld*h0i+2K#p*oxXHzC5?}sq7n3r|%T<tUT3+5r+^FK%PWQPkJc96^2zQh6~Ff&pO
zwiEPA!8nt7FusOoA*}~ZEY@F&VsfuV67$_(^fz!`0_h;s4=t$GuE@CQ$rGadcbcxP
z$#RpLQo+~P?DTwZ9lv&6{kqSw-`WN04}z2cff5~H=|^w8JR0fC$x6?M)^;bz&vg{T
z0Je!B?w)w9cZE1yJm3ybXcD^YVRAdq;~Fzs%PP`KP5GN<oQ$R>unq$w&4S9gC|_nu
zHy+pAmjpXtZ*kR%Vv=F;k(pWK%-N-gSutP57%5*zgD_1TF>`=Rk|RDXZr<CiD=_K)
zrCGD|KJ~%v%+kDNj1V`<8L##Os4Mcy&(G?798EBV%A6TL!8mDU$fss7MN$Mu#_jd6
zv^9Fdu-!nq6vUsxx?uj1c}d0R$ZaK%GYWvP$TKf(28+N$pF!>EbKxT~NDUH{i=RiD
zX}@er4~lSKk_u~Ktn#gGgXL2ID0hn~t#SRfu(!ENBC~WaF)zp`)j&imof~Q(yU^z(
zfunxcLG-sI*v9)Vei>h@lh3x^e8ctd{1OcVO|&!Ia8yg0jsI4;8%*(1C=)?ov6>x5
zs~-M>%5BMWj<qRmjZ76s$eEDcu#E=&??qN@Hc`~~FAK8@j!FY@Gx)iNUX>04<?YOm
z5*tw1YoO1mD3lXrM?_MS>i2q&fm6fNPv))F=@K{0k8-0<vZo&h=Db5r?v^5R<p0$~
zu78`f>&ze8c1uFjA|=Q;vf2Pd1SeY*M0Ej}^UgWJUkY{br+0LtiAI&<YF|z}eK_8W
zrUq199L6dUt41O-qD@ilb8BN88_#<S3NmAWV8{Zv273%&8S~OS!VG57C;;ICC)d*C
z8WY8wKFkqquCwf)(m~){q7ek6v&T-eeAI?tbhy<?_GRDzG*HYdlR3}xGcKZlINddX
zYjDutI6u^ItZD0oZDm(_W4)FX5kxDJ!=|S$UX7=v(gcmB#rn<X&3QJ(AlJ1!h&fR@
zRkGKyNZTs2g_Emc@7IV1oP%prFqBDQ7Hux0SRG7{LAY~;FAd3e?^MiuXWGjk(o&Gq
zX0V3;5a$}Q#>rGa9+=IzD^^)M;LJ0oC<8BxMzMuk-C3HBFu3*EaNktO=|UJwZAwKk
zb8kLeBT!9)`CChZ20Q(Yi;xOlL)CUY8oM#poDeiLF}JyP->Vj4jl105ZRt0Nx!3i^
z$N?s^kS>u>4&LowRo#)cQc08&wjs)ng-?s{gg>at+lz=~{!HoK7Yc$1KtJGxoEGh2
zeY;}i<=n-LZoQ46=;imZ&Y#EWxYQIuD9W)H<56pB>>-$dOB^E^OmUih!JI6aOfY3F
z2g^Y)?$0=+&&lYIxaj7H*A(tN>p75v=KxwgT@Mh&j93;z{zn4iC&yZ-aBcY23%h9i
zxnzBqpby_UAVP^ps+1Hr%2l=FB+{=+gcOdbT@9gNkjNt?l(}&w@f<*w4AK2%l39x1
z>vREzAU*@V2)TBXAR7Hmv#*H>h{%%cH(xk)myJFq{`E&986rui?+<7_^Q$+$7AgC5
zT9ttCQ!4COv}CPC%0RVy8}@n!kgw_!eEPhadSUi_;X%|KVM=R@K?=d*3uf#ocoTdK
zm($RDiE?omvfva!E4T-p$e|AU1VMN3Q_JE&-c6n%yq!mW9Xw^iQjma;+AWM^oLKuw
zU`}~J$LV_Yaw0iIF_POFsWB=!1#wc0%efap?f<ydQolUSmG;h#6v`lm1e#Q2e;wQ!
z#Q&hz__?}`x0-v+MnSMg7Tw*xWx<H<y?-RIy>LeS4cI&f04#S77R3x~*%GsPQ|7eM
z805#lv9@WzuJY4R8ojA3M?2B!X!!WTslE2e@DPpmK1sseA}=rwcw~GDwz2+(Q&gp8
zFs5py&z8v3jFaIBg6(%z6173J<Qn&9z&9DujW-+VN1AC$6BImz;fF67O=G9z?I~aU
zVw#vh`JC2dO@9bXBO-+H`gyfVOsHb~`i5()C}xVS=LNy4U-{HJMKL`fdS|hW)}!Kx
zc65Nf<}8=6z3pm|7rr-c&VEFq!|1<}eGNd2-f4ntSOvzUa!oe+$$m8nxi8lb9b!78
zD1SwZg2>*B7|AdSEQrs?WTGwV*J!mkiR^t{709-G&eq3V^WLheL#U>m(C=4D-|mAi
zS9Fk7nxWaEnENLpuM(JJN}IL}C~-J`wyKegPd|#iv0hD@AYs)Ce5vtM-pBr2OOL>7
zh2LA=>NjZ0|0o50^C>{hm}x8Rcw4F@A~eqsUDJdd>#dSlND|hV8?@+{haz$%3yFX7
z2AvmaBc*$HBQYl2>in5T(1BV7h;s-{GuW7}z!L&aN0h5#kmLnN-E#fURi2f4ZMa8G
z+h5NJ-_xW$M#}sg>#+5o7vXLh`hj~6Zf~r|3u-rBW&$J5Xc_~dN0GCbt-iEoGg!ef
zx7@=mLtj71_^c@twDq7*Tb6e5j1Y9NnNZ*BxS#yDKMO40KED)Q@2X35S<r9}1q*#w
z$EgBpxATEp0nO#EX84#4YJ&U5+)ms+Z|kp5&vw+>-iKq%#m=9u2w*>bmTPDVH9s+E
zQ3u}~&D0|5U+5=_p;aeA)g)~Xl&MZ$KXwcX)m%uf>zFnA%Psv+-UTgTM7dEXw%-Dm
zPZosQ7-XfN49nCYI+ZLum?Bu4apCi1tIxavcgv*zS1Cf%G|vFE`f>9)Y|6g*opRsW
zvP@!u<lD3~3*ZPc!S)#Bu5F|WLGkZ&B0M678dYtUBLP`QYfcmNc&t+OMBkkK{1xW_
z1bt!*Z~_b+@U%0gs%jwDqEKrB!3(taoScO|ruY;bVW!`Mnq)dFDcTe-=Fr4CK*$nE
zVE#-8IaitUSaag)GaTxhCNakHo#YzgPZBS84xvzK`JqivJTU=Q2bY`ynbRl7s}dwn
zbqRNkZ@^T42f_zy>>nYdhq|GN8v!CN&li5j=b{)oQAVPVdN2S*E+_h>`lIj^aaKzY
zkmp~6qJY}ERcE@q|C=*g1gpR!0<niMJ(T2b|8=g`!T+<eLlJw90Jcy)e`=W&af)d)
z<;~BKQ=<Na+D8BseN}1r!c*L+!8?p9e#n~u34ffM8O(pRP=WyW&vV8qi3abM^Ziou
zZaO`oFXi_;OH4+*!4E-pl3}?S`F|g$``k~*6`l-oxP^Xe72}2RHR1wgFvSDkBjj$S
zpYC7nBz<v<7z7l7&Por1(^$As@^NnkK&GIFtP*=OC&nXk!qxK(fFI*Q$wJT9F%OGB
zR}Rp(oG&!GeGf}vV1HMfAQUo@4Kw@YN%xb!afOTGI!1*n*iT+l{Qb7pag^lb?gBp*
zGj4z*G(iqO><n-m?(P+X(89`9fxx$^TcufLhbu)_H>4(X_LwGYC|CDwJVVdl+?#5(
z(SK9@eepwCZpq?{cg%qnRuw{Lb@T6eJn9zEBjHBn8@w|GGRp&*`$Et2i0J!zLhFB+
z2c#hRs&pVlw0*MK9SaS&V)eU7e1u^K!$lie4L8TO3-(0Cs@z0=i_i<R25#lgK(lZ}
zqineX;8d6cWu#D&EyAOwWxKKoi*MyHsI-xN3w|RY%Ai3EEbL?z6`drIIIYaDF?+@n
zPVPS4yRN6|hjakC4s3k~Z{Z_f#eRn<jFE&eOzk8^NM9;Nl#wA`L(D~fB(2-IS})W+
z?Rp7R?wrsAR-cC|A8kDQ<)6wR5b$Leks{9AF5JD(E7)w;tAxA-hdMva56*d4beYL#
zJM;V1#kivsG->I6e!R`05<E0km1&GnnXkNnHCr;Y3op%Mx9?lwN;w0b=@<;0RsW_*
z_ra792q-W)ypG*@F8T!#@||ma<lLy107{UKUI)UsN%h7cKYPEkga|C+MPdfqo;gf{
zYAEz6(LA3v0@Y9a1v5j9<kp?t%X^fHl*bwwX_kWB#{G*<IjKP7-RG*5Rh^K8yQ&Pp
z_mU?6i-a;5%ncA(Rw{vKd!LV=Og`7!4vde_SEwbX|88&|$tR6jJ-T25goxCNNP`C;
zdQ0W1=-W-w&%=|z3`o9L{NvN(^mo)_2+gqqm|65wsoXYgamiUNRZj_INP|npeJx=}
zYxOhOSp*=sf0KlL>Agd($q3R7BsWm#QSk>tkYZ#8uKnj2!@`koUbBh@h3J;4<1`ih
z5EYR|q)YV0w!E)7yRkjd=$ryR6$Y9#&u^!O`0stX9SPXN2m+ki+h&bh0CF0>(*ScC
zohd;oHznS<&s9%Ury<9Qk+zEOExM^{MVM8|^MogSEeMkAw(APLJgwH!_2ff#hIX7}
z5CRsT!Txa?j2IYGfYwuYT|$Hz0c@mE7$kQK#8TUI_S1D_;ja|CwU52C4iA#<R%w|z
zer@z9Wbq@qT(a(s8Lb@C=JR>R^>$t7!K*p&Y1Sojx9^e<UqZ=kF>sKt{j$V|H>2P~
zu*4ISP(R*>hTnX?M3mPBN_T%oEVy^u<1HOt>ug@&-2$~h+napham5zdyqqP%=51z&
z<7{84@oFwiry|+qI7m>kVSE-~YRIJuKy_SurUwk4*bFqtXv4$ezikTaGPXENWKr8V
z6kAmHSiD88eYc;9DqmVi-AGwP$;kT73q#`5++qHP!uCvzT~WR0kR-zUI$_Yqt|3XT
z`o%S>JY7Th<~g;ZaD}S2b-C}y0R3nRKuk?5Qy2r+;Q`?KbZJgIISK07$>t|p(TE6A
z8OIKNLhhRQ9i|%-QJy<7MgAb8FXAq?T$MY_k2l0jTM*P$ivo3XPe&3Iy#|QM(8@Yj
z3c}VV%4U8;*kdUqZy|NNed>F{nzITt0Y-WQP87Ic5Z@ZcOC(bb>K>ehIa9d95jiIu
zr@<s1;|77;D`9;dTnm6PEbXeWvylP`>R@gJbY)3GvR~yOX`!JODchT(LoVfqtOc1D
z<BUi<6oVmDu)18UKx@s3cj#VXDoDVJOHBo&Li_UxsHhy%jmy7j7mjQU<$6MBLY@H?
z)w%%+?h_QciLryF2O?k`3YUm2?Uj1~B>>vrJr1g>QzWwh>Lf{i)e0oEwAZ9MnCd6Z
zaYXKA?O-OQ!c_o76w`G;1C{@26bIsn%h9%j79;6z@B<OG<`y(f{uS}aO%TX0ct{-p
z!Kcg>2`Sw{`}V}Y1(Sujh7>Eq3c~k#QKP~z02EO|$8LoXr=7&Uko=%$4HiaXstK^5
z@kh2pOg*CTocNGyPs&7AP|$iMLT@jnfRjJqR~v&^X2FXN`BxYCL%;efdr$$wy+PiB
z+Pfc=^dBJy-ER*X1S(nuV)m;V$G~nK0o<rTn9dUOg*_D8!NQwXW+gUizht5xvK`U|
z(_A3%4~B5-b6i8|8zhMvdoW_Kq!|prE*i3|1$z??qN&FyfS>1S(d}18Cc|z)w0zEi
z%pm44L{ebLL54x=@>JkJ@R!1Bk07{xDg~j`_P}20Ad%6)>Eej#7`V;CO9REe<DC|k
z2mFFAkYr$nOU9CSK+s<dk0CN9yEok>3`YB<H@N}Hf-=q@6ii}zEDj3Fdv~Rs_@`%h
z5`ag(on3$!et_U2d>9shcuS(kpwC}&1NZd?U9aNRs19zX@YA4ykgqHidiEaD6Y&uT
zBR%$0oA|4J6^-S&QXt;`5>7d&3|$!CCn0J1Ed#C0?D-%PEO7#S{QYmzA4m>Ls=WYH
ziPJY~_q8L}LURQ|1#xCKh>J~oU5VTPEpip$_U02HR9a(9pm?7~P5sx8ARx5>f6_|j
zEDi(;6cTBIgq$5H^8ITW;MUMoD6T>SS`;Mok0GHrA_xV5G=JRx@K*|u&C*TE-`v-R
zhR?{D1q8s<EgvmnDzo>E1{hhBd-8e?$nrC<DiLCNi$Thv{ca#5VXuR}UuSiw?cc;q
zksmn^`c_E|vOTaE6ly#GgQmOZ_4Xcx0mzWXYEa+ERKn<aKs9k@V4ST(KfMl`oP+;I
z3us<CLq%MG*=Glm9E2{C{ZEH5=SVl%p>nh2nFoZ10P*vy7d`M-Wa49_ETqcw_)q5!
z>Vk`Dp&`n6kM+t9!qO)6jfz~N5s=V|HO_>7Ul`~<RtqTI7TRgMe-kqR--IOen4w1>
z)CN5#ssbBIt`-&^@aLs~nhTUN6nHZH8z3>sz!4Q)v+EAzUO^{9#%`M*(2)68%3ok+
zmE0DscM#7+PGfSR;Uiq~r~Ut6<Q3ozq*6B{4{nao^PK{g`P!LnO<bwoW6N#Ocg|X{
z$3fp(s)?NtcT3LcnCz<v$?$&#=NsyY(V$?&2<_XO2lfLOlVQLcWV4j^M=qMQoT>*9
z<{{LqH=&GdUn3+W<Q0+3zo1QCH<pB0!KOQN;7ia2l80-^@x<R-V7E;xgimUy+S&cq
zpl0cSYoG2)k3G<kCJgx;6r@L0rtdwXBld3!X!dnLZhCL?3gDwV#vYP!tW59lfzN>p
z5fR|ARcW}#`%;61rau69tRyFQ4{_~l4@gsBZBxUJgRzTC#14}V*(U$4-QE@vf&!Qx
z5TC6($5@FIW2g@mOaoL<#IvsAz+T|Knh?OJU{l%d;3gf-Boy-LCiVY%F@UGa4<rkR
z9~QFxwHFRX{|HFw!u@yDg=|Dz+h>Q?KlTi<qHb&pI5~ByFzKKh@NIYum`CIsYd;uv
zG1e6MK?o@S{jdd6`CFN^*2E=^{iY5BNRPbfJNCDgV5V<!@m^VeywMB9we0;)B>@7G
z4Kc*$08o8nKNt@3HNORygP;TC!#o9HL!ieo;~;E=$0Ioa0KaC?LI;Bp#E)(O{=q6E
z)M6qT=In21;y`_-i}-Y8zw>D>FpkOz+noBBIQvRK7=^zCs;AFkS^lE=FTFwA#~{aE
z$-Q{s*!ykoH=_s?d@-#WLY#B{&)Nk3|F01Hko_+b|NkMe%lT?#>~O{krQad&r+7_O
KKI^LS!~X+>r`hBH

literal 0
HcmV?d00001


From 08727fc8fbd03e49588271f4a2b87d8f2cea812a Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:38:41 -0700
Subject: [PATCH 12/20] fix image

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/{ => 0073}/0073-entity-slicing.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename text/{ => 0073}/0073-entity-slicing.md (100%)

diff --git a/text/0073-entity-slicing.md b/text/0073/0073-entity-slicing.md
similarity index 100%
rename from text/0073-entity-slicing.md
rename to text/0073/0073-entity-slicing.md

From 9ba753cad1365aa1aab8b7f2c914772146e38d08 Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 10:41:45 -0700
Subject: [PATCH 13/20] avoid synchronous

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0073/0073-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0073/0073-entity-slicing.md b/text/0073/0073-entity-slicing.md
index 7bcbdef2..bb309f5b 100644
--- a/text/0073/0073-entity-slicing.md
+++ b/text/0073/0073-entity-slicing.md
@@ -275,7 +275,7 @@ The easiest is the `SimpleEntityLoader`  api shown here. Users need only write a
 /// Implement this trait to load entities based on
 /// the entity manifest.
 /// This entity loader is called "Simple" for two reasons:
-/// 1) First, it is not synchronous- `load_entity` is called multiple times.
+/// 1) First, it may cause database consistency challenges- `load_entity` is called multiple times.
 /// 2) Second, it is not precise- the entity manifest only requires some
 /// fields to be loaded, but this loader always loads all fields.
 pub trait SimpleEntityLoader {

From 4dcbff908bf7ea5df82eb9c001b137cd355216a4 Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Thu, 1 Aug 2024 11:48:46 -0700
Subject: [PATCH 14/20] re-name to 0074

Signed-off-by: oflatt <oflatt@gmail.com>
---
 .../0074-entity-slicing.md}                         |   0
 text/{0073 => 0074}/clientserver.png                | Bin
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename text/{0073/0073-entity-slicing.md => 0074/0074-entity-slicing.md} (100%)
 rename text/{0073 => 0074}/clientserver.png (100%)

diff --git a/text/0073/0073-entity-slicing.md b/text/0074/0074-entity-slicing.md
similarity index 100%
rename from text/0073/0073-entity-slicing.md
rename to text/0074/0074-entity-slicing.md
diff --git a/text/0073/clientserver.png b/text/0074/clientserver.png
similarity index 100%
rename from text/0073/clientserver.png
rename to text/0074/clientserver.png

From 7b63a128f67cec2aff599d5fc9834a373fd70a91 Mon Sep 17 00:00:00 2001
From: Oliver Flatt <oflatt@gmail.com>
Date: Mon, 26 Aug 2024 10:01:40 -0700
Subject: [PATCH 15/20] Update text/0074/0074-entity-slicing.md

Co-authored-by: Kesha Hietala <khieta@amazon.com>
Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0074/0074-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0074/0074-entity-slicing.md b/text/0074/0074-entity-slicing.md
index bb309f5b..2d3193d2 100644
--- a/text/0074/0074-entity-slicing.md
+++ b/text/0074/0074-entity-slicing.md
@@ -130,7 +130,7 @@ The image above shows an example usage of the entity manifest. On the left, a cl
 
 When a client would like to answer a Cedar `Request`, it first consults the cached entity manifest to load the entity slice. Then, it sends the entity slice and the request to the server. The server returns the authorization result.
 
-However, the server or client must take care to ensure that the client’s entity manifest is up-to-date. Since the entity manifest is computed based on the schema and policies, is must be re-computed whenever the schema or policies change. There are multiple ways to ensure that the cache is up to date, one being to tag each entity manifest uniquely and check on each request.
+However, the server or client must take care to ensure that the client’s entity manifest is up-to-date. Since the entity manifest is computed based on the schema and policies, it must be re-computed whenever the schema or policies change. There are multiple ways to ensure that the cache is up to date, one being to tag each entity manifest uniquely and check on each request.
 
 Looking to the future, we hope to provide several options and guidance for how to use the entity manifest:
 

From d7ff80fda049ade21a72085314de2c9c44f69e4c Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Mon, 26 Aug 2024 10:16:45 -0700
Subject: [PATCH 16/20] generalized version

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0074/0074-entity-slicing.md | 78 +++++++++++++++-----------------
 1 file changed, 36 insertions(+), 42 deletions(-)

diff --git a/text/0074/0074-entity-slicing.md b/text/0074/0074-entity-slicing.md
index 2d3193d2..03e260c7 100644
--- a/text/0074/0074-entity-slicing.md
+++ b/text/0074/0074-entity-slicing.md
@@ -217,53 +217,54 @@ The merge operator for access paths is straightforward. First, convert all acces
 
 ## Computing access paths
 
-This section proposes a simple static analysis that soundly computes all of the necessary access paths for a Cedar expression.
-While it’s possible to soundly handle all Cedar expressions, we simplify the problem by rejecting Cedar programs unless they follow the following grammar:
-
-
-```
-<expr> = <datapath-expr>
-         <datapath-expr> in <expr>
-         <expr> + <expr>
-         if <expr> { <expr> } { <expr> }
-         ... all other Cedar operators not mentioned by datapath-expr
-         
-<datapath-expr> = <datapath-expr>.<field>
-                  <datapath-expr> has <field>
-                  <variable>
-                  <entity literal>
-                  
-<variable> = principal 
-             resource
-             action
-             context
-                  
+This section proposes a simple static analysis that soundly computes all of the necessary access paths for a Cedar expression. 
+Given a Cedar expression, the analysis produces a pair (`HashMap<EntityRoot, AccessTrie>`, `WrappedAccessPaths`).
+The first value is the accumulated trie of data that needs to be loaded.
+The second value is the "live" access paths that need to be considered for the particular expression.
+
+`WrappedAccessPaths` represents multiple potential access paths, soundly over-approximating the execution of a cedar expression.
+Since Cedar expressions may be record literals, the access paths are wrapped in corresponding record literals in the analysis:
+
+```rust
+/// This allows the Entity Manifest to soundly handle
+/// data that is wrapped in record or set literals.
+#[derive(Debug, Clone, PartialEq, Eq, Default)]
+pub(crate) enum WrappedAccessPaths {
+    /// No access paths are needed.
+    #[default]
+    Empty,
+    /// A single access path, starting with a cedar variable.
+    AccessPath(AccessPath),
+    /// The union of two [`WrappedAccessPaths`], denoting that
+    /// all access paths from both are required.
+    /// This is useful for join points in the analysis (`if`, set literals, ect)
+    Union(Box<WrappedAccessPaths>, Box<WrappedAccessPaths>),
+    /// A record literal, each field having access paths.
+    RecordLiteral(HashMap<SmolStr, Box<WrappedAccessPaths>>),
+    /// A set literal containing access paths.
+    /// Used to note that this type is wrapped in a literal set.
+    SetLiteral(Box<WrappedAccessPaths>),
+}
 ```
 
+The analysis is bottom-up traveral of cedar expressions.
+Most operators are strait-forward to analyze, but there are some special cases to get right:
 
-The grammar partitions Cedar expressions into **datapath expressions** and all other Cedar operators.
-On the LHS of `in`, `.`, and `has`, expressions involving `in`, `+`, `if-then-else`, and most other Cedar functions/operators are not allowed; only Cedar variables, entity literals, and `.` or `has` expressions are allowed.
-
-The partition is reasonable since, in practice, users do not interleave datapath expressions with other operators.
-Here are examples of Cedar expressions rejected by this grammar:
-
-
-```
-{ "myfield": principal.name }.myfield
-(if principal.ismanager then { "myfield" : 2 } else { "myfield": 3 }).myfield
-(if principal has mobilePhone then principal.mobilePhone else principal.workPhone).zipCode
-```
+1. For entity or struct dereferences, be sure to add to all `WrappedAccessPaths`.
+2. For equality between records (`==` or `.contains`, `.containsAny`, and `.containsAll`), all fields in the type need to be added to the access paths.
+3. For if statements, the `Union` variant should be used to ensure both
+control-flow cases are covered.
+4. Whenever the `WrappedAccessPaths` are dropped, it's important to add them to the accumulated answer.
 
 
 Now that we have this partition, computing all the access paths is fairly simple:
 
 1. First, find all datapath expressions. These can be translated into access paths directly.
-2. Second, handle all instances of equality between records. For equality between records (`==`) or set containment where the elements are records (`.contains`, `.containsAny`, and `.containsAll`)
+2. Second, handle all instances of equality between records. 
         1. Find all access paths that are children of these operators
             1. Following the schema, fully load all fields for the leaf of the access path
 3. Finally, handle instances where the ancestors in the entity hierarchy are required. Annotate the left-hand-side of the `in` operator with the `ancestors_required` flag.
 
-## 
 
 ## SimplifiedEntityLoader API
 
@@ -308,13 +309,6 @@ pub trait SimpleEntityLoader {
 Increasing the complexity of the Cedar API with entity manifests provides new places for users to make mistakes. For example, using an outdated entity manifest can result in unsound entity slices. Another example would be a user writing a buggy implementation of entity loading using the manifest.
 
 
-### Full Cedar Language Support
-
-The current analysis does not support the full Cedar language (see the **Computing Access Paths** section). With some effort, the implementation could be extended to support all of Cedar by more carefully tracking access paths through different types of Cedar operations. However, it’s unclear just how tricky this will be.
-
-Along a similar note, all Cedar changes in the future will need a corresponding change in the static analysis, making it harder to extend Cedar. For example, any operations that apply to records will need careful consideration.
-
-
 ### Supporting Partial Loading of Sets
 
 As written, entity manifests in this RFC do not support loading only parts of a Cedar Set, or only some of the ancestors in the entity hierarchy. This is because sets are loaded on the leaves of the access trie, with no way to specify which elements are requested.

From bf5d5254f9eb18acd3ee76b475ba6c8fb9884fa7 Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Mon, 26 Aug 2024 10:20:00 -0700
Subject: [PATCH 17/20] add links to examples

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0074/0074-entity-slicing.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/text/0074/0074-entity-slicing.md b/text/0074/0074-entity-slicing.md
index 03e260c7..7b870ee4 100644
--- a/text/0074/0074-entity-slicing.md
+++ b/text/0074/0074-entity-slicing.md
@@ -321,7 +321,7 @@ To support this feature, we recommend that we take a constraint-based approach.
 
 # Extended examples
 
-## Paths needed in document_cloud example
+## Paths needed in [document_cloud](https://github.com/cedar-policy/cedar-examples/blob/release/3.2.x/cedar-example-use-cases/document_cloud/policies.cedar) example
 
 ```
 Action::"CreateDocument"
@@ -401,7 +401,7 @@ action::"DeleteGroup"
 
 
 
-## Paths needed in tags_n_roles
+## Paths needed in [tags_n_roles](https://github.com/cedar-policy/cedar-examples/blob/main/cedar-example-use-cases/tags_n_roles/policies.cedar)
 
 ```
 Action::"Role-A Actions"
@@ -437,7 +437,7 @@ resource.tags.stage
 
 
 
-## Paths needed in github_example
+## Paths needed in [github_example](https://github.com/cedar-policy/cedar-examples/tree/main/cedar-example-use-cases/github_example)
 
 using "ancestors" as Cedar's ancestor relation- requires all ancestors transitively
 
@@ -472,7 +472,7 @@ resource.admins.ancestors
 
 
 
-## Paths needed in tax_preparer
+## Paths needed in [tax_preparer](https://github.com/cedar-policy/cedar-examples/tree/main/cedar-example-use-cases/tax_preprarer)
 
 ```
 Action::"viewDocument"
@@ -490,7 +490,7 @@ context.conset.team_region_list
 
 
 
-## Paths needed in sales_orgs
+## Paths needed in [sales_orgs](https://github.com/cedar-policy/cedar-examples/tree/main/cedar-example-use-cases/sales_orgs)
 
 ```
 Action::"ExternalPrezViewActions"
@@ -538,7 +538,7 @@ context.targetUser.job
 
 
 
-## Paths needed in hotel_chains
+## Paths needed in [hotel_chains](https://github.com/cedar-policy/cedar-examples/tree/main/cedar-example-use-cases/hotel_chains)
 
 ```
 Action::"viewReservation" ect

From f97fcddf592e575bd9cfe4e9b3520efe71fcfa08 Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Mon, 26 Aug 2024 10:20:45 -0700
Subject: [PATCH 18/20] clarify option 2

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0074/0074-entity-slicing.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/text/0074/0074-entity-slicing.md b/text/0074/0074-entity-slicing.md
index 7b870ee4..1ed1c85b 100644
--- a/text/0074/0074-entity-slicing.md
+++ b/text/0074/0074-entity-slicing.md
@@ -135,7 +135,7 @@ However, the server or client must take care to ensure that the client’s entit
 Looking to the future, we hope to provide several options and guidance for how to use the entity manifest:
 
 1. Use the `SimplifiedEntityLoader` api (see later section).
-2. Use a specialized entity loader when the format of the database sufficiently matches the schema.
+2. Use a specialized entity loader when the format of the database sufficiently matches the schema. For example, Cedar could provide an SQL database data loader.
 3. Write custom entity loading that leverages the entity manifest.
 
 

From ca306d5cab8888ef118b640cf8bd3edfdcb8a472 Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Mon, 26 Aug 2024 10:29:53 -0700
Subject: [PATCH 19/20] nit

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0074/0074-entity-slicing.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/text/0074/0074-entity-slicing.md b/text/0074/0074-entity-slicing.md
index 1ed1c85b..3c18160f 100644
--- a/text/0074/0074-entity-slicing.md
+++ b/text/0074/0074-entity-slicing.md
@@ -276,18 +276,18 @@ The easiest is the `SimpleEntityLoader`  api shown here. Users need only write a
 /// Implement this trait to load entities based on
 /// the entity manifest.
 /// This entity loader is called "Simple" for two reasons:
-/// 1) First, it may cause database consistency challenges- `load_entity` is called multiple times.
+/// 1) First, it may cause database consistency challenges- `load_entities` is called multiple times.
 /// 2) Second, it is not precise- the entity manifest only requires some
 /// fields to be loaded, but this loader always loads all fields.
 pub trait SimpleEntityLoader {
-    /// Simple entity loaders must implement `load_entity`,
+    /// Simple entity loaders must implement `load_entities`,
     /// a function that loads entities based on their `EntityUID`s.
     /// For each element of `entity_ids`, returns the corresponding
     /// [`Entity`] in the output vector.
-    fn load_entity(&mut self, entity_ids: impl IntoIterator<Item = &EntityUID>) -> impl Iterator<Item = Entity>;
+    fn load_entities(&mut self, entity_ids: impl IntoIterator<Item = &EntityUID>) -> impl Iterator<Item = Entity>;
     
     /// Loads all the entities needed for a request
-    /// using the `load_entity` function.
+    /// using the `load_entities` function.
     fn load(
         &mut self,
         schema: &Schema,

From 5ab6a62ccb6f0d24f66d46e7116dbd014466b028 Mon Sep 17 00:00:00 2001
From: oflatt <oflatt@gmail.com>
Date: Wed, 28 Aug 2024 12:54:08 -0600
Subject: [PATCH 20/20] move load fn out

Signed-off-by: oflatt <oflatt@gmail.com>
---
 text/0074/0074-entity-slicing.md | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/text/0074/0074-entity-slicing.md b/text/0074/0074-entity-slicing.md
index 3c18160f..590f6430 100644
--- a/text/0074/0074-entity-slicing.md
+++ b/text/0074/0074-entity-slicing.md
@@ -285,17 +285,17 @@ pub trait SimpleEntityLoader {
     /// For each element of `entity_ids`, returns the corresponding
     /// [`Entity`] in the output vector.
     fn load_entities(&mut self, entity_ids: impl IntoIterator<Item = &EntityUID>) -> impl Iterator<Item = Entity>;
-    
-    /// Loads all the entities needed for a request
-    /// using the `load_entities` function.
-    fn load(
-        &mut self,
-        schema: &Schema,
-        entity_manifest: &EntityManifest,
-        request: &Request,
-    ) -> Result<Entities, EntityManifestError> {
-      ...
-    }
+}
+
+/// Loads all the entities needed for a request
+/// using the `load_entities` function.
+fn load(
+    &mut loader: SimpleEntityLoader,
+    schema: &Schema,
+    entity_manifest: &EntityManifest,
+    request: &Request,
+) -> Result<Entities, EntityManifestError> {
+  ...
 }
 ```