From 3a9fff29ccb2a3a3f7e4d5a563d15ae92ce0f998 Mon Sep 17 00:00:00 2001 From: Steve Tooke Date: Mon, 4 Mar 2024 09:54:03 +0000 Subject: [PATCH] Update Docs for Trails (#132) * Remove hidden:true flag from attest leaf commands and use hidden flag in root attest command * Start updating tutorial docs for Trails * Update name of cyber-dojo microservice from shas to version-reporter * Fix 'kosli create environment' command in tutorials/simulating_a_devops_system.md * Fix content of tutorials/simulating_a_devops_system.md to match actual output * Fix content of tutorials/tracing_a_production_incident_back_to_git_commits.md to match actual output * Split create-flow and create-trail into separate sections in tutorials/get_familiar_with_Kosli.md * More updates to tutorials/get_familiar_with_Kosli.md * Add comment to tutorials/get_familiar_with_Kosli.md * Start to update top-level overview pages * Add comment to md files re descriptions of what a Flow is needing to live at top-level only * Start adding overview text at top of what-is-kosli file * Trigger deploy of branch on netlify * Add workflow for deployment of branch docs * Add workflow for branch deployment of docs * edit docs branch deploy workflow * Only use link checker on production branch * Update netlify config to ignore branch previews * Revert "Add workflow for branch deployment of docs" This reverts commit 72e64460ed2310ff2630ad622d01449237b61581. * Restore github token in workflow * Restore property in workflow * Document deployment of staging docs * redo intor and getting started sections * update attestation binding * more tweaks * update docs * Reviewed getting started Co-authored-by: Jon Jagger Co-authored-by: Sami Alajrami Co-authored-by: Simon Castagna Co-authored-by: Tore Martin Hagen * Replace distribution -> deployents Co-authored-by: Jon Jagger Co-authored-by: Sami Alajrami Co-authored-by: Simon Castagna Co-authored-by: Tore Martin Hagen * Fix merge issues with get_familiar_with_Kosli * Update to getting started: attestations page * Update attestations doc * Minor edits * Explain that template file is optional in getting started * Better section title --------- Co-authored-by: JonJagger Co-authored-by: Simon Castagna Co-authored-by: Sami Alajrami Co-authored-by: Tore Martin Hagen Co-authored-by: Jon Jagger --- .github/workflows/publish_branch_docs.yml | 7 +- charts/k8s-reporter/README.md | 7 +- docs.kosli.com/config.yaml | 2 +- docs.kosli.com/content/_index.md | 6 +- .../content/getting_started/approvals.md | 42 +- .../content/getting_started/artifacts.md | 54 +-- .../content/getting_started/attestations.md | 160 +++++++ .../content/getting_started/environments.md | 292 +------------ .../content/getting_started/evidence.md | 412 ------------------ .../content/getting_started/flows.md | 62 +-- .../content/getting_started/install.md | 2 +- .../content/getting_started/next.md | 8 +- .../content/getting_started/overview.md | 4 +- .../content/getting_started/trails.md | 33 ++ docs.kosli.com/content/helm/_index.md | 2 +- docs.kosli.com/content/search/_index.md | 5 - ...ng_a_git_commit_to_runtime_environments.md | 2 +- .../tutorials/get_familiar_with_Kosli.md | 148 +++++-- ...production_incident_back_to_git_commits.md | 13 +- .../content/understand_kosli/concepts.md | 27 +- .../layouts/partials/docs/footer.html | 2 +- docs.kosli.com/netlify.toml | 2 + .../static/images/kosli_concepts.png | Bin 0 -> 461381 bytes simulation_commands.bash | 47 +- 24 files changed, 464 insertions(+), 875 deletions(-) create mode 100644 docs.kosli.com/content/getting_started/attestations.md delete mode 100644 docs.kosli.com/content/getting_started/evidence.md create mode 100644 docs.kosli.com/content/getting_started/trails.md delete mode 100644 docs.kosli.com/content/search/_index.md create mode 100644 docs.kosli.com/static/images/kosli_concepts.png diff --git a/.github/workflows/publish_branch_docs.yml b/.github/workflows/publish_branch_docs.yml index 2f5d9c1fe..b72be7c7a 100644 --- a/.github/workflows/publish_branch_docs.yml +++ b/.github/workflows/publish_branch_docs.yml @@ -1,3 +1,6 @@ +# This workflow deploys the docs from any branch to https://staging-docs--kosli-docs.netlify.app/ +# It has to be triggered manually in github actions from the branch that must be deployed + name: publish branch docs on: @@ -36,5 +39,5 @@ jobs: # docs.kosli.com/assets/metadata.json are not present, but we use CLEAR_GLOBS_FILE to preserve # their versions pushed to docs-main during last release - hence CLEAR_GLOBS_FILE in # publish_docs.yml, to prevent removing them before copying - # CLEAR_GLOBS_FILE: ".clear-files" - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CLEAR_GLOBS_FILE: ".clear-files" + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/charts/k8s-reporter/README.md b/charts/k8s-reporter/README.md index 579937da7..92808208b 100644 --- a/charts/k8s-reporter/README.md +++ b/charts/k8s-reporter/README.md @@ -4,7 +4,7 @@ title: Kubernetes Reporter Helm Chart # k8s-reporter -![Version: 1.3.1](https://img.shields.io/badge/Version-1.3.1-informational?style=flat-square) +![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) A Helm chart for installing the Kosli K8S reporter as a cronjob. The chart allows you to create a Kubernetes cronjob and all its necessary RBAC to report running images to Kosli at a given cron schedule. @@ -13,6 +13,7 @@ The chart allows you to create a Kubernetes cronjob and all its necessary RBAC t - A Kubernetes cluster - Helm v3.0+ +- Create a secret for the Kosli API token which will be used for reporting. You can create a secret by running: `kubectl create secret generic --from-literal==` ## Installing the chart @@ -57,7 +58,7 @@ helm upgrade [RELEASE-NAME] kosli/k8s-reporter | fullnameOverride | string | `""` | overrides the fullname used for the created k8s resources. It has higher precedence than `nameOverride` | | image.pullPolicy | string | `"IfNotPresent"` | the kosli reporter image pull policy | | image.repository | string | `"ghcr.io/kosli-dev/cli"` | the kosli reporter image repository | -| image.tag | string | `"v2.0.0"` | the kosli reporter image tag, overrides the image tag whose default is the chart appVersion. | +| image.tag | string | `"v2.7.2"` | the kosli reporter image tag, overrides the image tag whose default is the chart appVersion. | | kosliApiToken.secretKey | string | `""` | the name of the key in the secret data which contains the kosli API token | | kosliApiToken.secretName | string | `""` | the name of the secret containing the kosli API token | | nameOverride | string | `""` | overrides the name used for the created k8s resources. If `fullnameOverride` is provided, it has higher precedence than this one | @@ -74,5 +75,5 @@ helm upgrade [RELEASE-NAME] kosli/k8s-reporter | serviceAccount.name | string | `""` | the name of the service account to use. If not set and create is true, a name is generated using the fullname template | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) diff --git a/docs.kosli.com/config.yaml b/docs.kosli.com/config.yaml index 383d89990..127d07ca0 100644 --- a/docs.kosli.com/config.yaml +++ b/docs.kosli.com/config.yaml @@ -23,4 +23,4 @@ Params: caches: getjson: dir: :cacheDir/:project - maxAge: 30s \ No newline at end of file + maxAge: 30s diff --git a/docs.kosli.com/content/_index.md b/docs.kosli.com/content/_index.md index 7642b629c..d9fcdb78b 100644 --- a/docs.kosli.com/content/_index.md +++ b/docs.kosli.com/content/_index.md @@ -1,7 +1,7 @@ --- title: Welcome to Kosli Docs seo_title: Welcome to Kosli Docs -description: Don’t spend hours searching for broken commits and manual changes. Get to the bottom of incidents faster with Kosli. +description: Record all of the changes in your software and business processes so you can prove compliance and maintain security without slowing down. hideToC: true hero: @@ -12,7 +12,7 @@ hero: alt_text: Kosli artie reading a book paragraph: > - Don’t spend hours searching for broken commits and manual changes. Get to the bottom of incidents faster with Kosli. Track and query every change from commit through to production. See the artifacts your CI pipelines are producing and how your environments are changing from the command line or browser. + Record all of the changes in your software and business processes so you can prove compliance and maintain security without slowing down. Track and query every change from the command line or browser. sections: title: Dive right in… @@ -20,7 +20,7 @@ sections: - title: What is Kosli image: /images/home/home-concepts.svg alt_text: Introducing Kosli icon - description: Read about what Kosli consists of and what it offers + description: Understand what Kosli is and how it works link_text: View > url: /understand_kosli/what_is_kosli/ - title: Kosli environments diff --git a/docs.kosli.com/content/getting_started/approvals.md b/docs.kosli.com/content/getting_started/approvals.md index a18f93105..7496390bd 100644 --- a/docs.kosli.com/content/getting_started/approvals.md +++ b/docs.kosli.com/content/getting_started/approvals.md @@ -1,44 +1,12 @@ --- -title: "Part 8: Approvals" +title: "Part 9: Approvals" bookCollapseSection: false -weight: 280 +weight: 300 --- -# Part 8: Approvals +# Part 9: Approvals -Whenever an artifact is ready to be deployed to a given [environment](/getting_started/environments/), an additional approval may be created in Kosli. An approval can be requested which will require a manually action, or reported automatically. This will be recorded into Kosli so the decision made outside of your CI system won't be lost. +When an artifact is ready to be deployed to a given [environment](/getting_started/environments/), an approval may be reported to Kosli. An approval can be requested which will require a manual action, or reported automatically. This will be recorded in Kosli so the decision made outside your CI system won't be lost. When an approval is created for an artifact to a specific environment with the `--environment` flag, Kosli will generate a list of commits to be approved. By default, this list will contain all commits between `HEAD` and the commit of the most recent artifact coming from the same [flow](/getting_started/flows/) found in the given environment. The list can also be specified by providing values for `--newest-commit` and `--oldest-commit`. If you are providing these commits yourself, keep in mind that `--oldest-commit` has to be an ancestor of `--newest-commit`. - -## Example - -{{< tabs "approvals" "col-no-wrap" >}} - -{{< tab "v2" >}} -``` -$ kosli report approval project-a-app.bin \ - --artifact-type file \ - --environment production \ - --flow project-a - -approval created for artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` - -See [kosli report approval](/client_reference/kosli_report_approval/) and [kosli request approval](/client_reference/kosli_request_approval/) for more details. -{{< /tab >}} - -{{< tab "v0.1.x" >}} -``` -$ kosli pipeline approval report project-a-app.bin \ - --artifact-type file \ - --newest-commit $(git rev-parse HEAD) \ - --oldest-commit $(git rev-parse HEAD~1) \ - --pipeline project-a - -approval created for artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` - -See [kosli pipeline approval report](/legacy_ref/v0.1.41/kosli_pipeline_approval_report/) and [kosli pipeline approval request](/legacy_ref/v0.1.41/kosli_pipeline_approval_request/) for more details. -{{< /tab >}} - -{{< /tabs >}} +See [request approval](/client_reference/kosli_request_approval/) and [report approval](/client_reference/kosli_report_approval/) for usage details and examples. diff --git a/docs.kosli.com/content/getting_started/artifacts.md b/docs.kosli.com/content/getting_started/artifacts.md index 41ff5f085..60c0a8cd9 100644 --- a/docs.kosli.com/content/getting_started/artifacts.md +++ b/docs.kosli.com/content/getting_started/artifacts.md @@ -5,55 +5,39 @@ weight: 260 --- # Part 6: Artifacts -## Report artifacts +In software processes, you typically generate one or more artifacts that are deployed or distributed, such as docker images, archives, binaries, etc. You can ensure traceability for the creation of these artifacts by attesting them to Kosli, thereby establishing a binary provenance for each one. -To report an artifact to Kosli, you need its SHA256 fingerprint. You can either provide the fingerprint yourself, or let Kosli CLI calculate it for you - we'll need the artifact available while running the reporting command to do that. -You also need to provide the name of the Kosli flow you want to report the artifact to. +## Binary provenance -You should also have long enough git history in your local git repo clone to let Kosli calculate the artifact's changelog (the list of commits from the new artifact back to the previous artifact reported to the same Kosli flow). -If you use shallow clone in your CI, Kosli won't be able to generate the changelog but the artifact reporting will **NOT** fail. Kosli collects the changelog commits on best-effort basis. +Binary provenance for artifacts refers to the ability to trace and verify the origins, history, and journey of the artifacts throughout their lifecycle. This involves recording immutable attestations about the artifact creation, risk controls performed on it, deployments, and execution/usage. -The fingerprint (SHA256 checksum of the file/directory/docker image) of the artifact will be stored in Kosli. The fingerprint can't be changed, it becomes a unique identifier of the artifact in Kosli, used - among other things - to connect it with the data reported from your runtime environments. +Artifacts are uniquely identified by their SHA256 fingerprints. When attesting an artifact to Kosli, you have the option to either provide the fingerprint manually or allow Kosli CLI to calculate it automatically for you. -Fingerprints of all the **running** artifacts, recorded with the Kosli CLI are also stored and **compared with** fingerprints of the artifacts you have built and **reported** to Kosli so you always know if you're running things you have built or if you have no provenance for them. +By leveraging the artifact's fingerprint, Kosli can establish connections between the creation of the artifact and its runtime-related events, such as when the artifact starts or ceases execution within a specific environment. -Some of the required flags will be automatically resolved if you're using one of the [supported CI systems](/integrations/ci_cd/). +By establishing and maintaining binary provenance for artifacts, Kosli enables you to: -### Example +1. **Track Changes**: Trace how your Flow artifacts change over time. +2. **Identify Sources**: Understand where your artifacts originated from, which can help in identifying vulnerabilities or issues. +3. **Monitor Compliance**: Ensure that the artifacts adhere to your compliance requirements. +4. **Enable Audits**: Access audit packages on demand allowing audits and investigations into the software supply chain. +5. **Enhance Trust**: Build trust among users, customers, and stakeholders by providing transparent and verified information about the software's history. -{{< tabs "commands" "col-no-wrap" >}} +## Attesting artifacts -{{< tab "v2" >}} -``` -$ kosli report artifact project-a-app.bin \ - --artifact-type file \ - --build-url https://exampleci.com \ - --commit-url https://github.com/ProjectA/ProjectAApp/commit/e67f2f2b121f9325ebf166b7b3c707f73cb48b14 \ - --git-commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 \ - --flow project-a - -artifact project-a-app.bin was reported with fingerprint: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -See [kosli report artifact](/client_reference/kosli_report_artifact/) for more details. - -{{< /tab >}} +To attest an artifact, you can run a command similar to the one below: -{{< tab "v0.1.x" >}} -``` -$ kosli pipeline artifact report creation project-a-app.bin \ +```shell +$ kosli attest artifact project-a-app.bin \ --artifact-type file \ --build-url https://exampleci.com \ --commit-url https://github.com/ProjectA/ProjectAApp/commit/e67f2f2b121f9325ebf166b7b3c707f73cb48b14 \ --git-commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 \ - --pipeline project-a - -artifact project-a-app.bin was reported with fingerprint: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf + --flow project-a \ + --trail trail-1 \ + --name backend ``` -See [kosli pipeline artifact report creation](/legacy_ref/v0.1.41/kosli_pipeline_artifact_report_creation/) for more details. - -{{< /tab >}} - -{{< /tabs >}} +See [kosli attest artifact](/client_reference/kosli_attest_artifact/) for more details. diff --git a/docs.kosli.com/content/getting_started/attestations.md b/docs.kosli.com/content/getting_started/attestations.md new file mode 100644 index 000000000..5f17ecc14 --- /dev/null +++ b/docs.kosli.com/content/getting_started/attestations.md @@ -0,0 +1,160 @@ +--- +title: "Part 7: Attestations" +bookCollapseSection: false +weight: 270 +--- +# Part 7: Attestations + +Attestations are how you record the facts your care about in your software supply chain. They are the evidence that you have performed certain activities, such as running tests, security scans, or ensuring that a certain requirement is met. + +Kosli allows you to report different types of attestations about artifacts and trails. For some types, Kosli will process the evidence you provide and conclude whether the evidence proves compliance or otherwise. + +Let's take a look at how to make attestations to Kosli. + +The following template is expecting 4 attestations, one for each `name`. + +```yml +version: 1 +trail: + attestations: + - name: jira-ticket + type: jira + artifacts: + - name: backend + attestations: + - name: unit-tests + type: junit + - name: security-scan + type: snyk +``` + +It expects `jira-ticket` on the trail, the `backend` artifact, with `unit-tests` and `security-scan` attached to it. When you make an attestation, you have the choice of what `name` to attach it to: + +## Make the `jira-ticket` attestation to a trail + +The `jira-ticket` attestation belongs to a single trail and is not linked to a specific artifact. In this example, the id of the trail is the git commit. + +```shell +$ kosli attest jira \ + --flow backend-ci \ + --trail $(git rev-parse HEAD) \ + --name jira-ticket + ... +``` + +## Make the `unit-test` attestation to the `backend` artifact + +Some attestations are attached to a specific artifact, like the unit tests for the `backend` artifact. Often, evidence like unit tests are created before the artifact is built. To attach the evidence to the artifact before its creation, use `backend` (the artifact's `name` from the template), as well as `unit-tests` (the attestation's `name` from the template). + +```shell +$ kosli attest junit \ + --name backend.unit-tests \ + --flow backend-ci \ + --trail $(git rev-parse HEAD) \ + ... +``` + +This attestation belongs to any artifact attested with the matching `name` from the template (in this example `backend`) and a matching git commit. + +## Make the `backend` artifact attestation + +Once the artifact has been built, it can be attested with the following command. + +```shell +$ kosli attest artifact my_company/backend:latest \ + --artifact-type docker \ + --flow backend-ci \ + --trail $(git rev-parse HEAD) \ + --name backend + ... +``` + +The Kosli CLI will calculate the fingerprint of the docker image called `my_company/backend:latest` and attest it as the `backend` artifact `name` in the trail. + +{{< hint info >}} +### Automatically gather git commit and CI environment information +In all attestation commands the Kosli CLI will automatically gather the git commit and other information from the current git repository and the [CI environment](https://docs.kosli.com/integrations/ci_cd/). This is how the git commit is used to match attestation to artifacts. +{{< /hint >}} + +## Make the `security-scan` attestation to the `backend` artifact + +Often, evidence like snyk reports are created after the artifact is built. In this case, you can attach the evidence to the artifact after its creation. Use `backend` (the artifact's `name` from the template), as well as `security-scan` (the attestation's `name` from the template) to name the attestation. + +The following attestation will only belong to the artifact `my_company/backend:latest` attested above and its fingerprint, in this case calculated by the Kosli CLI. + +```shell +$ kosli attest snyk \ + --artifact-type docker my_company/backend:latest \ + --name backend.security-scan \ + --flow backend-ci \ + --trail $(git rev-parse HEAD) + ... +``` + +{{< hint info >}} +### Attestation immutability + +Attestations are append-only immutable records. You can report the same attestation multiple times, and each report will be recorded. However, only the latest version of the attestation is considered when evaluating trail or artifact compliance. +{{< /hint >}} + +## Evidence Vault + +Along with attestations data, you can attach additional supporting evidence files. These will be securely stored in Kosli's **Evidence Vault** and can easily be retrieved when needed. Alternatively, you can store the evidence files in your own preferred storage and only attach links to it in the Kosli attestation. + +{{< hint info >}} + +For `JUnit` attestations (see below), Kosli automatically stores the JUnit XML results files in the Evidence Vault. You can disable this by setting `--upload-results=false` + +{{< /hint >}} + +## Attestation types + +Currently, we support the following types of evidence: + +### Pull requests + +If you use GitHub, Bitbucket, Gitlab or Azure DevOps you can use Kosli to verify if a given git commit comes from a pull/merge request. + +{{< hint warning >}} +Currently, the status of the PR does NOT impact the compliance status of the attestation. +{{< /hint >}} + +If there is no pull request for the commit, the attestation will be reported as `non-compliant`. You can choose to short-circuit execution in case pull request is missing by using the `--assert` flag. + +See the CLI reference for the following commands for more details and examples: + +- [attest Github PR ](/client_reference/kosli_attest_pullrequest_github/) +- [attest Bitbucket PR ](/client_reference/kosli_attest_pullrequest_bitbucket/) +- [attest Gitlab PR ](/client_reference/kosli_attest_pullrequest_gitlab/) +- [attest Azure Devops PR ](/client_reference/kosli_attest_pullrequest_azure/) + + +### JUnit test results + +If you produce your test results in JUnit format, you can attest the test results to Kosli. Kosli will analyze the JUnit results and determine the compliance status based on whether any tests have failed and/or errored or not. + +See [attest JUnit results to an artifact or a trail](/client_reference/kosli_attest_junit/) for usage details and examples. + +### Snyk security scans + +You can report results of a Snyk security scan to Kosli and it will analyze the Snyk scan results and determine the compliance status based on whether vulnerabilities where found or not. + +See [attest Snyk results to an artifact or a trail](/client_reference/kosli_attest_snyk/) for usage details and examples. + +### Jira issues + +You can use the Jira attestation to verify that a git commit or branch contains a reference to a Jira issue and that an issue with the same reference does exist in Jira. + +If Jira reference is found in a commit message, that reference will be reported as evidence. If the reference is not found in the commit message, Kosli CLI will check if it's a part of a branch name. + +Kosli CLI will also verify and report if the detected issue reference is found and accessible on Jira (reported as compliant) or not (reported as non compliant). + +See [attest Jira issue to an artifact or a trail](/client_reference/kosli_attest_jira/) for usage details and examples. + +### Generic + +If Kosli doesn't support the type of the attestation you'd like to attach, you can use the generic type. + +Use `--compliant=false` if you want to report a given evidence as non-compliant. + +See [report generic attestation to an artifact or a trail](/client_reference/kosli_attest_generic/) for usage details and examples. \ No newline at end of file diff --git a/docs.kosli.com/content/getting_started/environments.md b/docs.kosli.com/content/getting_started/environments.md index 095794e0c..60077306a 100644 --- a/docs.kosli.com/content/getting_started/environments.md +++ b/docs.kosli.com/content/getting_started/environments.md @@ -1,299 +1,55 @@ --- -title: "Part 4: Environments" +title: "Part 8: Environments" bookCollapseSection: false -weight: 240 +weight: 280 --- -# Part 4: Environments +# Part 8: Environments -Recording the status of runtime environments is one of the fundamental features of Kosli. Kosli records the status of runtime environments by detecting artifacts running in any given environment and reporting the information. +Kosli environments allow you to record the artifacts running in your runtime environments and how they change. Every time an environment change (or a set of changes) is reported, Kosli creates a new environment snapshot containing the status of the environment at a given point in time. ## Create an environment -A Kosli *environment* stores snapshots containing information about the software artifacts running in your runtime environments. - -Before you start reporting what's running in your environments you need to create an environment in Kosli and make sure it matches the type of the environment you'll be reporting, e.g. `docker` or `k8s`. You can see all the available environment types in the help text for the `--environment-type` flag in the [`kosli create environment`](/client_reference/kosli_create_environment/) command. +You can create Kosli environments in the app, via CLI or via the API. When you create an environment, you give it a name, a description and select its type. {{< hint warning >}} -In all the commands below we skip required `--api-token` and `--org` flags - these can be easily configured via [config file](/getting_started/install/#assigning-flags-via-config-files) or [environment variables](/getting_started/install/#assigning-flags-via-environment-variables) so you don't have type them over and over again. +Make sure that type of Kosli environment matches the type of the environment you'll be reporting from. {{< /hint >}} +### Via CLI -### Example - -#### CLI -{{< tabs "create env" "col-no-wrap" >}} +To create an environment via CLI, you would run a command like this: -{{< tab "v2" >}} ```shell {.command} $ kosli create environment quickstart \ --environment-type docker \ --description "quickstart environment for tutorial" - -environment quickstart was created -``` -{{< /tab >}} - -{{< tab "v0.1.x" >}} -```shell {.command} -$ kosli environment declare \ - --name quickstart \ - --environment-type docker \ - --description "quickstart environment for tutorial" - -environment quickstart was created -``` -{{< /tab >}} - -{{< /tabs >}} - - -You can verify that the Kosli environment called *quickstart* was created: - -{{< tabs "ls env" "col-no-wrap" >}} - -{{< tab "v2" >}} -```shell {.command} -$ kosli ls environments - -NAME TYPE LAST REPORT LAST MODIFIED -quickstart docker 2022-11-01T15:30:56+01:00 -``` -{{< /tab >}} - -{{< tab "v0.1.x" >}} -```shell {.command} -$ kosli environment ls - -NAME TYPE LAST REPORT LAST MODIFIED -quickstart docker 2022-11-01T15:30:56+01:00 ``` -{{< /tab >}} -{{< /tabs >}} +See [kosli create environment](/client_reference/kosli_create_environment/) for CLI usage details and examples. - -#### UI +### Via UI You can also create an environment directly from [app.kosli.com](https://app.kosli.com). -Make sure you've selected the organization you want to use (`docs-demo` here) and click on "Environments". You'll find an "Add new environment" button there +- Make sure you've selected the organization you want to use from the orgs dropdown in the top left corner. +- Click on `Environments` in the left navigation menu. +- Click the `Add new environment` button +- Fill in the environment name and description and select a type, then click `Save Environment`. -{{
}} After the new environment is created you'll be redirected to its page - with "No events have been found for [...]" message. Once you start reporting your actual runtime environment to Kosli you'll see all the events (such as which artifacts started or stopped running) listed on that page. -## Report an environment - -There is range of `kosli snapshot [...]` commands, allowing you to report a variety of environments. To record the current status of your environment you simply run one of them. You can do it manually but typically environment reports run automatically, e.g. via a cron job or scheduled CI job. - -Whenever an environment report is received, if the received list of running artifacts is different to a previous report, a new snapshot is created. Snapshots are immutable and can't be tampered with. - -After you started reporting, you can - at any point - check exactly what is running in your environment using the CLI command: - -{{< tabs "get env" "col-no-wrap" >}} - -{{< tab "v2" >}} -```shell {.command} -$ kosli get snapshot quickstart - -COMMIT ARTIFACT FLOW RUNNING_SINCE REPLICAS -9f14efa Name: nginx:1.21 N/A 18 hours ago 1 - Fingerprint: 2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 -``` -{{< /tab >}} - -{{< tab "v0.1.x" >}} -```shell {.command} -$ kosli environment get quickstart - -COMMIT ARTIFACT FLOW RUNNING_SINCE REPLICAS -9f14efa Name: nginx:1.21 N/A 18 hours ago 1 - Fingerprint: 2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 -``` -{{< /tab >}} - -{{< /tabs >}} - - - -Or in the UI, by clicking on the name of the environment (after selecting "Environments" in the left hand side menu): - -{{
}} - - -{{< tabs "env-reports" "col-no-wrap" >}} - -{{< tab "docker" >}} -## Record docker environment - -Run `kosli snapshot docker` to report running containers data from docker host to Kosli. - -**Where to run:** The command has to be run on the actual docker host, to be able to detect running containers. - -### Example - -```shell {.command} -$ kosli snapshot docker docs-demo-docker - -[1] containers were reported to environment quickstart -``` - -More details in [kosli snapshot docker](/client_reference/kosli_snapshot_docker/) reference -for v0.1.x: [kosli environment report docker](/legacy_ref/v0.1.41/kosli_environment_report_docker/) -{{< /tab >}} - -{{< tab "ecs" >}} -## Record ecs environment - -Run `kosli snapshot ecs` to report images data from AWS ECS cluster to Kosli. - -**Were to run:** The command can be run anywhere. -To authenticate to AWS, you can either: -1. provide the AWS static credentials via flags or by exporting the equivalent KOSLI env vars (e.g. KOSLI_AWS_KEY_ID) -2. export the AWS env vars (e.g. AWS_ACCESS_KEY_ID). -3. Use a shared config/credentials file under the $HOME/.aws - -Option 1 takes highest precedence, while option 3 is the lowest. - - -### Example - -```shell {.command} -$ kosli snapshot ecs ecs-prod \ - --cluster prod-cluster - --aws-key-id *** \ - --aws-secret-key *** \ - --aws-region eu-central-1 - -[2] containers were reported to environment ecs-prod -``` - -More details in [kosli snapshot ecs](/client_reference/kosli_snapshot_ecs/) reference -for v0.1.x: [kosli environment report ecs](/legacy_ref/v0.1.41/kosli_environment_report_ecs/) -{{< /tab >}} - -{{< tab "k8s" >}} -## Record k8s environment - -Run `kosli snapshot k8s` to report images data from specific namespace(s) or entire cluster to Kosli. You can also select multiple namespaces to report from (using `--namespace` and comma separated list when running a command) or use `--exclude-namespace` to report from a whole cluster except the namespaces from the comma spearated list given to the flag - -**Were to run:** The command can be run anywhere and requires `kubeconfig` file to be able to connect to the cluster (you can skip providing the location of `kubeconfig` if it resides in default `$HOME/.kube/config` folder). - -You can also choose to run it from within the cluster - use our [helm chart](/helm/) to install the reporter as a cron job. `kubeconfig` won't be need in that case. - -### Example - -``` -# report what is running in an entire cluster using kubeconfig at $HOME/.kube/config: -kosli snapshot k8s yourEnvironmentName \ - --api-token yourAPIToken \ - --org yourOrgName - -# report what is running in a given namespace using kubeconfig at a custom path: -kosli snapshot k8s yourEnvironmentName \ - --kubeconfig /path/to/kubeconfig \ - --namespace your-namespace \ - --api-token yourAPIToken \ - --org yourOrgName - -``` - -More details in [kosli snapshot k8s](/client_reference/kosli_snapshot_k8s/) reference -for v0.1.x: [kosli environment report k8s](/legacy_ref/v0.1.41/kosli_environment_report_k8s/) -{{< /tab >}} - -{{< tab "lambda" >}} -## Record lambda environment - -Run `kosli snapshot lambda` to report artifact from AWS Lambda to Kosli. - -**Were to run:** The command can be run anywhere. -To authenticate to AWS, you can either: -1. provide the AWS static credentials via flags or by exporting the equivalent KOSLI env vars (e.g. KOSLI_AWS_KEY_ID) -2. export the AWS env vars (e.g. AWS_ACCESS_KEY_ID). -3. Use a shared config/credentials file under the $HOME/.aws - -Option 1 takes highest precedence, while option 3 is the lowest. - -### Example - -```shell {.command} -$ kosli snapshot lambda lambda-prod \ - --function-name reporter-kosli-prod \ - --aws-key-id *** \ - --aws-secret-key *** \ - --aws-region eu-central-1 - -reporter-app-prod lambda function was reported to environment lambda-prod -``` - -More details in [kosli snapshot lambda](/client_reference/kosli_snapshot_lambda/) reference -for v0.1.x: [kosli environment report lambda](/legacy_ref/v0.1.41/kosli_environment_report_lambda/) -{{< /tab >}} - -{{< tab "s3" >}} -## Record s3 environment - -Run `kosli snapshot s3` to report artifact from AWS S3 bucket to Kosli. - -**Were to run:** The command can be run anywhere. -To authenticate to AWS, you can either: -1. provide the AWS static credentials via flags or by exporting the equivalent KOSLI env vars (e.g. KOSLI_AWS_KEY_ID) -2. export the AWS env vars (e.g. AWS_ACCESS_KEY_ID). -3. Use a shared config/credentials file under the $HOME/.aws - -Option 1 takes highest precedence, while option 3 is the lowest. - -### Example - -```shell {.command} -$ kosli snapshot s3 s3-prod \ - --bucket app-public \ - --aws-key-id *** \ - --aws-secret-key *** \ - --aws-region eu-central-1 - -bucket app-public was reported to environment s3-prod -``` - -More details in [kosli snapshot s3](/client_reference/kosli_snapshot_s3/) reference -for v0.1.x: [kosli environment report s3](/legacy_ref/v0.1.41/kosli_environment_report_s3/) -{{< /tab >}} - -{{< tab "server" >}} -## Record server environment - -Run `kosli snapshot server` to report directory or file artifacts from the given list of paths to Kosli. - -**Were to run:** The command has to be run on the actual server (physical or vm), to be able to detect artifacts. - -Use `--paths` flag to provide a comma separated list of directories and files you want to be reported. Keep in mind that each directory will be treated as a single artifact and in order to make sure they are correctly identified in Kosli they should also be reported to Kosli flow as a single artifact. - -For example, if you provide a following list: `--paths /home/server/web, /home/monitor.exe, /home/server/calculator` kosli will calculate fingerprints and report as running 3 artifacts to Kosli: -* directory `web` -* directory `calculator` -* file `monitor.exe` - -And it will try to find matching artifacts reported to any flow belonging to the same organization as the environment. - -### Example - -```shell {.command} -$ kosli snapshot server docs-demo-server --paths build/index.html - -[1] artifacts were reported to environment docs-demo-server -``` - -More details in [kosli snapshot server](/client_reference/kosli_snapshot_server/)reference -for v0.1.x: [kosli environment report server](/legacy_ref/v0.1.41/kosli_environment_report_server/) -{{< /tab >}} - -{{< /tabs >}} - - - - +## Snapshoting an environment +There is range of `kosli snapshot [...]` commands, allowing you to report a variety of environments. To record the current status of your environment you simply run one of them. While you can do it manually, typically you would run the commands automatically, e.g. via a cron job or scheduled CI job. +Whenever an environment report is received, if the received list of running artifacts is different than what is in the latest snapshot, a new snapshot is created. Snapshots are immutable and can't be tampered with. +Currently, the following environment types are supported: +- Kubernetes: see [kosli snapshot kubernetes](/client_reference/kosli_snapshot_k8s/) for usage details and examples. +- Docker: see [kosli snapshot docker](/client_reference/kosli_snapshot_docker/) for usage details and examples. +- Physical/Virtual Server: see [kosli snapshot server](/client_reference/kosli_snapshot_server/) for usage details and examples. +- AWS Simple Storage Service (S3): see [kosli snapshot s3](/client_reference/kosli_snapshot_s3/) for usage details and examples. +- AWS Lambda: see [kosli snapshot lambda](/client_reference/kosli_snapshot_lambda/) for usage details and examples. +- AWS Elastic Container Service (ECS): see [kosli snapshot ecs](/client_reference/kosli_snapshot_ecs/) for usage details and examples. diff --git a/docs.kosli.com/content/getting_started/evidence.md b/docs.kosli.com/content/getting_started/evidence.md deleted file mode 100644 index 2cb2452d8..000000000 --- a/docs.kosli.com/content/getting_started/evidence.md +++ /dev/null @@ -1,412 +0,0 @@ ---- -title: "Part 7: Evidence" -bookCollapseSection: false -weight: 270 ---- -# Part 7: Evidence - -Whenever an event related to required evidence happens you should report it to Kosli. -You can report evidence against either a git commit or an artifact. - -{{< hint info >}} - -For Kosli to know which evidence you are reporting you need to provide evidence name (using `--name` flag) that matches one of the names defined in a [flow template](/getting_started/flows/#create-a-flow). - -{{< /hint >}} - -## Commit evidence vs Artifact evidence - -Some types of evidence naturally belong to an **artifact** - e.g. *unit test* or *snyk scan*. Some relate to the source code itself and you can report these on a **commit** - e.g. *code coverage* or *pull request*. - -It's up to you to decide and if you want to attach it all to an artifact it'll work fine. But if you produce multiple artifacts from the same commit you can choose to report a commit evidence that will be **automatically** attached to all **artifacts** reported to **ALL or selected flows** built from that commit. That way you won't have to report the same evidence multiple times to each artifact separately. - -{{< hint info >}} - -Evidence reported against a git commit will be automatically attached to: -* either **ALL** artifacts (in **ALL flows**) produced from that git commit (when `--flows` flag is **not** provided) -* or **only** artifacts produced from that git commit **reported to flows** provided in `--flows` flag (in a comma separated list format). - -If a given named evidence is reported multiple times, it is the compliance status of the -last reported version of the evidence that is considered the compliance state of that evidence. - -{{< /hint >}} - -## Does Kosli store evidence? - -When you report evidence to Kosli, we store related files in the Evidence Vault. That way you will always have an easy access to the evidence whenever you need it, e.g. in case of an audit. Fingerpints of each evidence file stored in vault will be saved alongside the evidence, which lets you confirm at any time that the evidence wasn't tampered with (or detect tampering). - -### What exactly Kosli stores? - -Depending on the evidence type we will store: -* for **junit** evidence type: archived directory containing junit test result and the fingerprint of the directory; you can provide the path to the directory using `--results-dir` flag -* for **snyk** evidence type: archived snyk results (in json format) and the fingerprint of the json file; you can provide the path to the snyk results json file using `--snyk-results` flag -* for **generic** evidence type: archived directories and/or files containing evidence and the fingerprint of the directories/files; you can provide a comma-separated list of paths to evidence directories/files using `--evidence-path` - -### Can I opt out from storing evidence? - -You can opt out from storing evidence in Kosli Vault by reporting a **generic** evidence without using the optional `--evidence-paths` flag. Kosli won't be able to determine compliance status, so the responsibility of determining that falls on you. To report evidence as non-compliant use `--compliant=false`, otherwise - for compliant evidence - you can skip the flag (it is set to compliant by default). - -You can record the location of evidence files, e.g. if you store them on your own or use another external service to do that, using `--evidence-url` flag, and record the fingerprint of evidence files using `--evidence-fingerprint` - -{{< hint info >}} - -`--evidence-url` and `--evidence-fingerprint` are only useful if you didn't use `--results-dir`, `--snyk-results` or `--evidence-path` to upload evidence to Kosli Vault - -{{< /hint >}} - - -Currently we support following types of evidence: - -## Pull request evidence - -If you use GitHub, Bitbucket or Gitlab you can use Kosli to verify if the merge commit you used to build your artifact comes from a pull request. Remember to add the pull request evidence to your flow template and use the same label for `--name` you provided in a `template` - -> note that -currently- the status of the PR does NOT impact the compliance status of the evidence. - -If there is no pull request for a given commit, the evidence will be reported as incompliant and the pipeline will continue. You can choose to fail the pipeline altogether in case pull request is missing by using the `--assert` flag. - -There are six different pull request commands - -For GitHub: [report PR evidence to an artifact](/client_reference/kosli_report_evidence_artifact_pullrequest_github/) -or [report PR evidence to a commit](/client_reference/kosli_report_evidence_commit_pullrequest_github/) along with the regular flags, you need to provide: -* `--github-org` -* `--github-token` your Github personal access token with permissions to read PRs. - - -For Bitbucket: [report PR evidence to an artifact](/client_reference/kosli_report_evidence_artifact_pullrequest_bitbucket/) -or [report PR evidence to a commit](/client_reference/kosli_report_evidence_commit_pullrequest_bitbucket/) along with the regular flags, you need to provide: -* `--bitbucket-password` - you need to use an api token which is the "App password" you create under "Personal Settings", keep in mind that api tokens you create under "Manage account" won't work for basic auth -* `--bitbucket-username` - you cannot user your email address you use to log in, you have an actual username under "Personal Settings" -* `--bitbucket-workspace` - -For Gitlab: -[report PR evidence to an artifact](/client_reference/kosli_report_evidence_artifact_pullrequest_gitlab/) -or [report PR evidence to a commit](/client_reference/kosli_report_evidence_commit_pullrequest_gitlab/) along with the regular flags, you need to provide: -* `--gitlab-org` -* `--gitlab-token` your Gitlab personal access token with permissions to read Merge requests. -### Example - -{{< tabs "gh-pr-example" "col-no-wrap" >}} - -{{< tab "Artifact v2" >}} -``` -$ kosli report evidence artifact pullrequest github project-a-app.bin \ - --artifact-type file \ - --build-url https://exampleci.com \ - --name pull-request \ - --flow project-a \ - --github-token *** \ - --github-org ProjectA \ - --repository repoB \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -github pull request evidence is reported to artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -For more details see: -[kosli report evidence artifact pullrequest github](/client_reference/kosli_report_evidence_artifact_pullrequest_github/) -[kosli report evidence artifact pullrequest bitbucket](/client_reference/kosli_report_evidence_artifact_pullrequest_bitbucket/) -[kosli report evidence artifact pullrequest gitlab](/client_reference/kosli_report_evidence_artifact_pullrequest_gitlab/) -{{< /tab >}} - -{{< tab "Artifact v0.1.x" >}} -``` -$ kosli pipeline artifact report evidence github-pullrequest project-a-app.bin \ - --artifact-type file \ - --build-url https://exampleci.com \ - --name pull-request \ - --pipeline project-a \ - --github-token *** \ - --github-org ProjectA \ - --repository repoB \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -github pull request evidence is reported to artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -For more details see: -[kosli pipeline artifact report evidence github-pullrequest](/legacy_ref/v0.1.41/kosli_pipeline_artifact_report_evidence_github-pullrequest/) -[kosli pipeline artifact report evidence bitbucket-pullrequest](/legacy_ref/v0.1.41/kosli_pipeline_artifact_report_evidence_bitbucket-pullrequest/) -[kosli pipeline artifact report evidence gitlab-mergerequest](/legacy_ref/v0.1.41/kosli_pipeline_artifact_report_evidence_gitlab-mergerequest/) -{{< /tab >}} - -{{< tab "Commit v2" >}} -``` -$ kosli report evidence commit github-pullrequest \ - --build-url https://exampleci.com \ - --name pull-request \ - --flow project-a \ - --github-token *** \ - --github-org ProjectA \ - --repository repoB \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -github pull request evidence is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -For more details see: -[kosli report evidence commit pullrequest github](/client_reference/kosli_report_evidence_commit_pullrequest_github/) -[kosli report evidence commit pullrequest bitbucket](/client_reference/kosli_report_evidence_commit_pullrequest_bitbucket/) -[kosli report evidence commit pullrequest github](/client_reference/kosli_report_evidence_commit_pullrequest_gitlab/) -{{< /tab >}} - -{{< tab "Commit v0.1.x" >}} -``` -$ kosli commit report evidence github-pullrequest \ - --build-url https://exampleci.com \ - --name pull-request \ - --pipelines project-a \ - --github-token *** \ - --github-org ProjectA \ - --repository repoB \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -github pull request evidence is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -For more details see: -[kosli commit report evidence github-pullrequest](/legacy_ref/v0.1.41/kosli_commit_report_evidence_github-pullrequest/) -[kosli commit report evidence bitbucket-pullrequest](/legacy_ref/v0.1.41/kosli_commit_report_evidence_bitbucket-pullrequest/) -[kosli commit report evidence gitlab-mergerequest](/legacy_ref/v0.1.41/kosli_commit_report_evidence_gitlab-mergerequest/) -{{< /tab >}} - -{{< /tabs >}} - -## JUnit test evidence - -If you produce your test results in JUnit format, you can [report JUnit evidence to an artifact](/client_reference/kosli_report_evidence_artifact_junit/) or -[report JUnit evidence to a commit](/client_reference/kosli_report_evidence_commit_junit/). These commands will analyze the JUnit results and determine if the evidence is compliant or not. -Remember to add the JUnit test evidence to your flow template and use the same label for `--name` you provided in a `template`. - -Use `--results-dir` flag to provide the location of the folder with your XML JUnit test results - -### Example - -{{< tabs "junit-example" "col-no-wrap" >}} - -{{< tab "Artifact v2" >}} -``` -$ kosli report evidence artifact junit project-a-app.bin \ - --flow project-a \ - --artifact-type file \ - --build-url https://exampleci.com \ - --name unit-test \ - --results-dir tests - -junit test evidence is reported to artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -See [kosli report evidence artifact junit](/client_reference/kosli_report_evidence_artifact_junit/) for more details -{{< /tab >}} - -{{< tab "Artifact v1.0.x" >}} -``` -$ kosli pipeline artifact report evidence junit project-a-app.bin \ - --pipeline project-a \ - --artifact-type file \ - --build-url https://exampleci.com \ - --name unit-test \ - --results-dir tests - -junit test evidence is reported to artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -See [kosli pipeline artifact report evidence junit](/legacy_ref/v0.1.41/kosli_pipeline_artifact_report_evidence_junit/) for more details -{{< /tab >}} - -{{< tab "Commit v2" >}} -``` -$ kosli report evidence commit junit \ - --flow project-a \ - --build-url https://exampleci.com \ - --name unit-test \ - --results-dir tests \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -junit test evidence is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -See [kosli report evidence commit junit](/client_reference/kosli_report_evidence_commit_junit/) for more details -{{< /tab >}} - -{{< tab "Commit v0.1.x" >}} -``` -$ kosli commit report evidence junit \ - --pipelines project-a \ - --build-url https://exampleci.com \ - --name unit-test \ - --results-dir tests \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -junit test evidence is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -See [kosli commit report evidence junit](/legacy_ref/v0.1.41/kosli_commit_report_evidence_junit/) for more details -{{< /tab >}} - - -{{< /tabs >}} - -## Snyk scan evidence - -To report results of a Snyk security scan, you can [report Snyk evidence to an artifact](/client_reference/kosli_report_evidence_artifact_snyk/) or -[report Snyk evidence to a commit](/client_reference/kosli_report_evidence_commit_snyk/). These commands will analyze the Snyk scan results and determine if the evidence is compliant or not. -Remember to add the snyk scan evidence to your flow template and use the same label for `--name` you provided in a `template`. - -Use `--scan-results` flag to provide the location of the json file with your snyk scan results - -### Example - -{{< tabs "snyk-example" "col-no-wrap" >}} - -{{< tab "Artifact v2" >}} -``` -$ kosli report evidence artifact snyk project-a-app.bin \ - --pipeline project-a \ - --artifact-type file \ - --build-url https://exampleci.com \ - --name snyk \ - --scan-results snyk_scam.json - -snyk scan evidence is reported to artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -See [kosli report evidence artifact snyk](/client_reference/kosli_report_evidence_artifact_snyk/) for more details -{{< /tab >}} - -{{< tab "Artifact v1.0.x" >}} -``` -$ kosli pipeline artifact report evidence snyk project-a-app.bin \ - --pipeline project-a \ - --artifact-type file \ - --build-url https://exampleci.com \ - --name snyk \ - --scan-results snyk_scam.json - -snyk scan evidence is reported to artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -See [kosli pipeline artifact report evidence snyk](/legacy_ref/v0.1.41/kosli_pipeline_artifact_report_evidence_snyk/) for more details -{{< /tab >}} - -{{< tab "Commit v2" >}} -``` -$ kosli report evidence commit snyk \ - --flow project-a \ - --build-url https://exampleci.com \ - --name snyk \ - --scan-results snyk_scam.json \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -snyk scan evidence is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -See [kosli report evidence commit snyk](/client_reference/kosli_report_evidence_commit_snyk/) for more details -{{< /tab >}} - -{{< tab "Commit v0.1.x" >}} -``` -$ kosli commit report evidence snyk \ - --pipelines project-a \ - --build-url https://exampleci.com \ - --name snyk \ - --scan-results snyk_scam.json \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -snyk scan evidence is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -See [kosli commit report evidence snyk](/legacy_ref/v0.1.41/kosli_commit_report_evidence_snyk/) for more details -{{< /tab >}} - -{{< /tabs >}} - -## Jira evidence - -To verify that Jira issue reference is a part of a commit message or a branch name, and report it to Kosli, you can use [kosli report evidence commit jira](/client_reference/kosli_report_evidence_commit_jira/) command. - -If Jira reference is found in a commit message, that reference will be reported as evidence. If the reference is not found in the commit message, Kosli CLI will check if it's a part of a branch name. - -Kosli CLI will also verify and report if the detected issue reference is found and accessible on Jira (reported as compliant) or not (reported as non compliant). - - -### Example - -{{< tabs "jira-example" "col-no-wrap" >}} - -{{< tab "Commit v2" >}} -``` -$ kosli report evidence commit jira \ - --commit yourGitCommitSha1 \ - --name yourEvidenceName \ - --jira-base-url https://kosli.atlassian.net \ - --jira-username user@domain.com \ - --jira-api-token yourJiraAPIToken \ - --flows yourFlowName \ - --build-url https://exampleci.com \ - --api-token yourAPIToken \ - --org yourOrgName - -snyk scan evidence is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -See [kosli report evidence commit jira](/client_reference/kosli_report_evidence_commit_jira/) for more details -{{< /tab >}} - -{{< /tabs >}} - -## Generic evidence - -If Kosli doesn't support the type of the evidence you'd like to attach, you can [report Generic evidence to an artifact](/client_reference/kosli_report_evidence_artifact_generic/) or -[report Generic evidence to a commit](/client_reference/kosli_report_evidence_commit_generic/). -Remember to add the evidence to your flow template and use the same label for `--name` you provided in a `template`. - -Use `--compliant=false` if you want to report a given evidence as non-compliant. -### Example - -{{< tabs "generic-example" "col-no-wrap" >}} - -{{< tab "Artifact v2">}} -``` -$ kosli report evidence artifact generic project-a-app.bin \ - --flow project-a \ - --artifact-type file \ - --build-url https://exampleci.com \ - --name code-coverage \ - --compliant=false - -generic evidence 'code-coverage' is reported to artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -See [kosli report evidence artifact generic](/client_reference/kosli_report_evidence_artifact_generic/) for more details -{{< /tab >}} - -{{< tab "Artifact v0.1.x">}} -``` -$ kosli pipeline artifact report evidence generic project-a-app.bin \ - --pipeline project-a \ - --artifact-type file \ - --build-url https://exampleci.com \ - --name code-coverage \ - --compliant=false - -generic evidence 'code-coverage' is reported to artifact: 53c97572093cc107c0caa2906d460ccd65083a4c626f68689e57aafa34b14cbf -``` -See [kosli pipeline artifact report evidence generic](/legacy_ref/v0.1.41/kosli_pipeline_artifact_report_evidence_generic/) for more details -{{< /tab >}} - -{{< tab "Commit v2" >}} -``` -$ kosli report evidence commit generic \ - --flow project-a \ - --build-url https://exampleci.com \ - --name code-coverage \ - --compliant=false \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -generic evidence 'code-coverage' is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -See [kosli report evidence commit generic](/client_reference/kosli_report_evidence_commit_generic/) for more details -{{< /tab >}} - -{{< tab "Commit v0.1.x" >}} -``` -$ kosli commit report evidence generic \ - --pipelines project-a \ - --build-url https://exampleci.com \ - --name code-coverage \ - --compliant=false \ - --commit e67f2f2b121f9325ebf166b7b3c707f73cb48b14 - -generic evidence 'code-coverage' is reported to commit: e67f2f2b121f9325ebf166b7b3c707f73cb48b14 -``` -See [kosli commit report evidence generic](/legacy_ref/v0.1.41/kosli_commit_report_evidence_generic/) for more details -{{< /tab >}} - -{{< /tabs >}} diff --git a/docs.kosli.com/content/getting_started/flows.md b/docs.kosli.com/content/getting_started/flows.md index a83561b71..e97f44416 100644 --- a/docs.kosli.com/content/getting_started/flows.md +++ b/docs.kosli.com/content/getting_started/flows.md @@ -1,49 +1,57 @@ --- -title: "Part 5: Flows" +title: "Part 4: Flows" bookCollapseSection: false -weight: 250 +weight: 240 --- -# Part 5: Flows +# Part 4: Flows -Kosli allows you to connect the development world (commits, builds, tests, approvals, deployments) with what’s happening in operations. There is a variety of commands that let you report all the necessary information to Kosli and - relying on automatically calculated fingerprints of your artifacts - match it with the environments. +A Kosli Flow represents a business or software process that requires change tracking. It allows you to monitor changes across all steps within a process or focus specifically on a subset of critical steps. -{{< hint warning >}} -In all the commands below we skip required `--api-token` and `--org` flags - these can be easily configured via [config file](/getting_started/install/#assigning-flags-via-config-files) or [environment variables](/getting_started/install/#assigning-flags-via-environment-variables) so you don't have type them over and over again. +{{< hint info >}} +In all the commands below we skip the required `--api-token` and `--org` flags for brevity. These can be set as described [here](/getting_started/install#assigning-flags-via-config-files). {{< /hint >}} ## Create a flow -To report artifacts to Kosli you need to create a Kosli [flow](/understand_kosli/concepts/#flow) first. When you create a flow you also define a template - a list of types of evidence (controls) you need to be reported in order for the artifact to become compliant. Use the `--template` flag to provide the list of controls. +To create a Flow, you can run: -When reporting evidence for a specific control you use a name in the template to identify which evidence you are reporting. +```shell +$ kosli create flow process-a --description "My SW delivery process" \ + --use-empty-template +``` -It is a normal practice to include `kosli create flow` command in the same CI pipeline you use to build the artifact you want to report to that Kosli flow. None of the previously reported artifacts will be overwritten or lost. And if you change the template, by adding or removing required evidence, it won't affect the compliance status of existing artifacts. +## Flow template -### Example +When creating a Flow, you can optionally provide a `Flow Template`. This template defines the necessary steps within the business or software process represented by a Kosli Flow. The compliance of Flow trails and artifacts will be assessed using the template. -{{< tabs "commands" "col-no-wrap" >}} +A Flow template is a YAML file following the syntax outlined in the [flow template spec](/template_ref). -{{< tab "v2" >}} -``` -$ kosli create flow project-a \ - --description "Project A artifacts" \ - --template artifact,unit-test,pull-request,snyk,code-coverage +Here is an example, `sw-delivery-template.yml`: -flow 'project-a' was created +```yml +version: 1 +trail: + attestations: + - name: jira-ticket + type: jira + artifacts: + - name: backend + attestations: + - name: unit-tests + type: junit ``` -{{< /tab >}} -{{< tab "v0.1.x" >}} -``` -$ kosli pipeline declare \ - --pipeline project-a \ - --description "Project A artifacts" \ - --template artifact,unit-test,pull-request,snyk,code-coverage +### Create a Flow with a template -pipeline 'project-a' created +To create a Flow with a template, you can run: + +```shell +$ kosli create flow process-a --description "My SW delivery process" \ + --template-file sw-delivery-template.yml ``` -{{< /tab >}} -{{< /tabs >}} +## Update a Flow + +Rerunning the command with different description or template file will update the Flow. See [kosli create flow](/client_reference/kosli_create_flow/) for more details. diff --git a/docs.kosli.com/content/getting_started/install.md b/docs.kosli.com/content/getting_started/install.md index 152174971..dd2a964b3 100644 --- a/docs.kosli.com/content/getting_started/install.md +++ b/docs.kosli.com/content/getting_started/install.md @@ -163,4 +163,4 @@ to list environments with `org` and `api-token` in the configuration file you wo ``` $ kosli environment ls --config-file=kosli-conf -``` \ No newline at end of file +``` diff --git a/docs.kosli.com/content/getting_started/next.md b/docs.kosli.com/content/getting_started/next.md index 4c0dc5524..ca1c21a9d 100644 --- a/docs.kosli.com/content/getting_started/next.md +++ b/docs.kosli.com/content/getting_started/next.md @@ -1,12 +1,12 @@ --- -title: "Part 9: Next Steps" +title: "Part 10: Next Steps" bookCollapseSection: false -weight: 300 +weight: 310 --- -# Part 9: Next Steps +# Part 10: Next Steps In the previous chapters, you explored Kosli Flows and Environments and have reported some data to Kosli. The next steps would be to harness the benefits of your hard work. Here are a few areas to look at next: - [Querying Kosli](/tutorials/querying_kosli/) -- [Setup Notifications on Environment changes](/integrations/actions/) +- [Setup Actions on Environment changes](/integrations/actions/) - [Integrate Slack and Kosli](/integrations/slack/) diff --git a/docs.kosli.com/content/getting_started/overview.md b/docs.kosli.com/content/getting_started/overview.md index bc7a749bc..116396054 100644 --- a/docs.kosli.com/content/getting_started/overview.md +++ b/docs.kosli.com/content/getting_started/overview.md @@ -9,4 +9,6 @@ The "Getting Started" section encompasses the steps you can follow to implement {{< hint success >}} If you're eager to start using Kosli right away, check our ["Get familiar with Kosli"](/tutorials/get_familiar_with_kosli/) tutorial that allows you to quickly try out Kosli features without the need to spin up a separate environment. No CI required. -{{< /hint >}} \ No newline at end of file +{{< /hint >}} + +The guide initially presents steps associated with **Flows** followed by **Environments**. However, if preferred, you can commence with Environments before exploring Flows. The guide allows flexibility in the order of exploration based on individual preferences. diff --git a/docs.kosli.com/content/getting_started/trails.md b/docs.kosli.com/content/getting_started/trails.md new file mode 100644 index 000000000..4b530e451 --- /dev/null +++ b/docs.kosli.com/content/getting_started/trails.md @@ -0,0 +1,33 @@ +--- +title: "Part 5: Trails" +bookCollapseSection: false +weight: 250 +--- +# Part 5: Trails + +Every time you execute a process represented by a Kosli Flow, you would initiate a `trail` to record the changes made during that specific execution. + +You have the flexibility to determine the boundaries of what you consider a single execution of your process. For instance, in a software delivery process, an execution instance might be defined by: + +- **Git commits**: the trail represents changes recorded from a single commit (as reported from CI). +- **Pull requests**: the trail represents changes recorded throughout the life of a single pull request (can span multiple commits). +- **Jira or Github issues**: the trail represents changes recorded throughout the life of a single ticket/issue (can span multiple pull requests and commits). + +Each trail must possess a unique name within the Flow. This name typically follows a custom pattern, depending on how you define the scope of a single process execution. + +## Begin a trail + +To begin a Trail, you can run a command similar to the one below: + +```shell +$ kosli begin trail trail-1 --flow process-1 --description "My first trail" +``` + +Rerunning the command with different description or template file will update the Trail. + +See [kosli begin trail](/client_reference/kosli_begin_trail/) for more details. + +{{< hint info >}} +You can overwrite the flow template for each trail using `--template-file`. +By default, the trail inherits the template from its Flow. +{{< /hint >}} diff --git a/docs.kosli.com/content/helm/_index.md b/docs.kosli.com/content/helm/_index.md index 5883796bd..c110b0fce 100644 --- a/docs.kosli.com/content/helm/_index.md +++ b/docs.kosli.com/content/helm/_index.md @@ -75,5 +75,5 @@ helm upgrade [RELEASE-NAME] kosli/k8s-reporter | serviceAccount.name | string | `""` | the name of the service account to use. If not set and create is true, a name is generated using the fullname template | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/docs.kosli.com/content/search/_index.md b/docs.kosli.com/content/search/_index.md deleted file mode 100644 index 6068231c0..000000000 --- a/docs.kosli.com/content/search/_index.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Search -bookhidden: true -bookToC: false ---- \ No newline at end of file diff --git a/docs.kosli.com/content/tutorials/following_a_git_commit_to_runtime_environments.md b/docs.kosli.com/content/tutorials/following_a_git_commit_to_runtime_environments.md index aa5aa8196..cbadc4667 100644 --- a/docs.kosli.com/content/tutorials/following_a_git_commit_to_runtime_environments.md +++ b/docs.kosli.com/content/tutorials/following_a_git_commit_to_runtime_environments.md @@ -70,7 +70,7 @@ nginx Reverse proxy public repler REPL for Python images public runner Test runner public saver Group/Kata model+persistence public -shas UX for git+image shas public +version-reporter UX for git+image version-reporter public web UX for practicing TDD public ``` diff --git a/docs.kosli.com/content/tutorials/get_familiar_with_Kosli.md b/docs.kosli.com/content/tutorials/get_familiar_with_Kosli.md index a8dc3ff80..0ae43ddec 100644 --- a/docs.kosli.com/content/tutorials/get_familiar_with_Kosli.md +++ b/docs.kosli.com/content/tutorials/get_familiar_with_Kosli.md @@ -6,13 +6,15 @@ weight: 505 # Get familiar with Kosli -> The following guide is the easiest and quickest way to try Kosli out and understand it's features. +> The following guide is the easiest and quickest way to try Kosli out and understand its features. It is made to run from your local machine, but the same concepts and steps apply to using Kosli in a production setup. In this tutorial, you'll learn how Kosli allows you to follow a source code change to runtime environments. -You'll set up a `docker` environment, use Kosli to record build and deployment events, and track what artifacts are running in your runtime environment. +You'll set up a `docker` environment, use Kosli to record build and deployment events, and track what +artifacts are running in your runtime environment. -This tutorial uses the `docker` Kosli environment type, but the same steps can be applied to other supported environment types. +This tutorial uses the `docker` Kosli environment type, but the same steps can be applied to +other supported environment types. {{< hint info >}} As you go through the guide you can also check your progress from @@ -49,41 +51,86 @@ To follow the tutorial, you will need to: cd quickstart-docker-example ``` -## Step 2: Create a Kosli flow +## Step 2: Create a Kosli Flow -A Kosli *flow* stores information about what happens in your build system. -The output of the build system is called an *artifact* in Kosli. An artifact could be, for example, -an application binary, a docker image, a directory, or a file. + -Start by creating a new Kosli flow: +The Flow's yml template-file exists in the git repository. +Confirm this yml file exists by catting it: ```shell {.command} -kosli create flow quickstart-nginx \ - --description "Flow for quickstart nginx image" +cat kosli.yml ``` -You can confirm that the Kosli flow was created by running: +You will see the following output, specifying the existence of an Artifact named `nginx`: + + +```plaintext {.light-console} +version: 1 + +trail: + artifacts: + - name: nginx +``` + +Create a Kosli *Flow* called `quickstart-nginx` using this yml template-file: + +```shell {.command} +kosli create flow2 quickstart-nginx \ + --description "Flow for quickstart nginx image" \ + --template-file kosli.yml +``` + +Confirm the Kosli Flow called `quickstart-nginx` was created: + ```shell {.command} kosli list flows ``` -which should produce the following output: + +which will produce the following output: + ```plaintext {.light-console} NAME DESCRIPTION VISIBILITY quickstart-nginx Flow for quickstart nginx image private ``` {{< hint info >}} -In the web interface you can select the *Flows* option on the left. -It will show you that you have a *quickstart-nginx* flow. -If you select the flow it will show that no artifacts have +In the web interface you can select *Flows* on the left. +It will show you that you have a *quickstart-nginx* Flow. +If you select the Flow it will show that no Artifacts have been reported yet. {{< /hint >}} -## Step 3: Create a Kosli environment -A Kosli *environment* stores snapshots containing information about -the software artifacts you are running in your runtime environment. +## Step 3: Create a Kosli Trail + +Create a Kosli *Trail*, in the `quickstart-nginx` Flow, whose +name is the repository's current git-commit: -Create a Kosli environment: +```shell {.command} +GIT_COMMIT=$(git rev-parse HEAD) +kosli begin trail ${GIT_COMMIT} \ + --flow quickstart-nginx +``` + + + +## Step 4: Create a Kosli environment + + + +Create a Kosli *Environment* called `quickstart` whose type is `docker`: ```shell {.command} kosli create environment quickstart \ @@ -91,7 +138,7 @@ kosli create environment quickstart \ --description "quickstart environment for tutorial" ``` -You can verify that the Kosli environment was created: +You can verify that the Kosli *Environment* was created: ```shell {.command} kosli list environments @@ -105,16 +152,16 @@ quickstart docker 2022-11-01T15:30:56+01:00 {{< hint info >}} If you refresh the *Environments* web page in your Kosli account, it will show you that you have a *quickstart* environment and that -no reports have been received. +no snapshot reports have been received yet. {{< /hint >}} -## Step 4: Report artifacts to Kosli +## Step 5: Attest an Artifact to Kosli -Typically, you would build an artifact in your CI system. -The quickstart-docker repository contains a `docker-compose.yml` file which uses an [nginx](https://nginx.org/) docker image -which you will be using as your artifact in this tutorial instead. +Typically, you would build an Artifact in your CI system, in response to a git-commit. +The quickstart-docker repository contains a `docker-compose.yml` file which uses an [nginx](https://nginx.org/) +docker image which you will be using as your Artifact in this tutorial instead. -Pull the docker image - the Kosli CLI needs the artifact to be locally present to +Pull the docker image - the Kosli CLI needs the Artifact to be locally present to generate a "fingerprint" to identify it: ```shell {.command} @@ -131,20 +178,35 @@ REPOSITORY TAG IMAGE ID CREATED SIZE nginx 1.21 8f05d7383593 5 months ago 134MB ``` -Now you can report the artifact to Kosli. -This tutorial uses a dummy value for the `--build-url` flag, in a real installation -this would be a defaulted link to a build service (e.g. Github Actions). +Now report the artifact to Kosli using the `kosli attest artifact` command. + +Note: +- The `--name` flag has the value `nginx` which is the (only) artifact +name defined in the `kosli.yml` file from step 2. +- The `--build-url` and `--commit-url` flags have dummy values; +in a real call these would get default values (e.g. from Github Actions). ```shell {.command} -kosli report artifact nginx:1.21 \ +GIT_COMMIT=$(git rev-parse HEAD) +kosli attest artifact nginx:1.21 \ + --name nginx \ --flow quickstart-nginx \ + --trail ${GIT_COMMIT} \ --artifact-type docker \ --build-url https://example.com \ --commit-url https://github.com/kosli-dev/quickstart-docker-example/commit/9f14efa0c91807da9a8b1d1d6332c5b3aa24a310 \ - --git-commit 9f14efa0c91807da9a8b1d1d6332c5b3aa24a310 + --git-commit $(git rev-parse HEAD) ``` -You can verify that you have reported the artifact in your *quickstart-nginx* flow: + + +You can verify that you have reported the Artifact in your *quickstart-nginx* flow: ```shell {.command} kosli list artifacts --flow quickstart-nginx @@ -156,28 +218,33 @@ COMMIT ARTIFACT Fingerprint: 2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 ``` -## Step 5: Report what is running in your environment +## Step 6: Report what is running in your environment First, run the artifact: ```shell {.command} docker-compose up -d ``` -You can confirm the container is running: +Confirm the container is running: + ```shell {.command} docker ps ``` The output should include an entry similar to this: + ```plaintext {.light-console} CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6330e545b532 nginx:1.21 "/docker-entrypoint.…" 35 seconds ago Up 34 seconds 0.0.0.0:8080->80/tcp quickstart-nginx ``` Report all the docker containers running on your machine to Kosli: + ```shell {.command} kosli snapshot docker quickstart ``` + You can confirm this has created an environment snapshot: + ```shell {.command} kosli list snapshots quickstart ``` @@ -187,6 +254,7 @@ SNAPSHOT FROM TO DURATION ``` You can get a detailed view of all the docker containers included in the snapshot report: + ```shell {.command} kosli get snapshot quickstart ``` @@ -208,15 +276,15 @@ that there is now a timestamp for *Last Change At* column. Select the *quickstart* link on left for a detailed view of what is currently running. {{< /hint >}} -## Step 6: Searching Kosli +## Step 7: Searching Kosli -Now that you have reported your artifact and what's running in our runtime environment, -you can use the `kosli search` command to find everything Kosli knows about an artifact or a git commit. +Now that you have reported your Artifact and what's running in your runtime environment, +you can use the `kosli search` command to find everything Kosli knows about an Artifact or a git-commit. -For example, you can give Kosli search the git commit SHA which you used when you reported the artifact: +For example, you can give Kosli search the git-commit whose CI run built and deployed the Artifact: ```shell {.command} -kosli search 9f14efa0c91807da9a8b1d1d6332c5b3aa24a310 +kosli search 9f14efa ``` ```plaintext {.light-console} @@ -235,4 +303,4 @@ History: Started running in quickstart#1 environment Tue, 01 Nov 2022 15:55:49 CET ``` -Visit the [Kosli Querying](/tutorials/querying_kosli/) guide to learn more about the search command. +Visit the [Kosli Querying](/tutorials/querying_kosli/) guide to learn more about the search command. \ No newline at end of file diff --git a/docs.kosli.com/content/tutorials/tracing_a_production_incident_back_to_git_commits.md b/docs.kosli.com/content/tutorials/tracing_a_production_incident_back_to_git_commits.md index 11bd38725..6039e493b 100644 --- a/docs.kosli.com/content/tutorials/tracing_a_production_incident_back_to_git_commits.md +++ b/docs.kosli.com/content/tutorials/tracing_a_production_incident_back_to_git_commits.md @@ -39,15 +39,19 @@ Get a log of this environment's changes: kosli log env aws-prod ``` -You will see more than 177 snapshots because +At the time this tutorial was written the output of this command +displayed the first page of 177 snapshots. +You will see the first page of considerably more than 177 snapshots because `aws-prod` has moved on since this incident (it has been resolved with new -commits which have created new deployments). To get the same output as we have -you can set the interval for the command: +commits which have created new deployments). +To limit the output you can set the interval for the command: ```shell {.command} -kosli log env aws-prod --interval 175..177 +kosli log env aws-prod --interval 176..177 ``` +The output should be: + ```plaintext {.light-console} SNAPSHOT EVENT FLOW DEPLOYMENTS #177 Artifact: 274425519734.dkr.ecr.eu-central-1.amazonaws.com/creator:31dee35 creator #87 @@ -59,7 +63,6 @@ SNAPSHOT EVENT Fingerprint: 860ad172ace5aee03e6a1e3492a88b3315ecac2a899d4f159f43ca7314290d5a Description: 1 instance started running (from 0 to 1). Reported at: Tue, 06 Sep 2022 16:52:28 CEST -... ``` These two snapshots belong to the same blue-green deployment. diff --git a/docs.kosli.com/content/understand_kosli/concepts.md b/docs.kosli.com/content/understand_kosli/concepts.md index 9c4655ae8..f5b78aad7 100644 --- a/docs.kosli.com/content/understand_kosli/concepts.md +++ b/docs.kosli.com/content/understand_kosli/concepts.md @@ -5,11 +5,9 @@ weight: 130 # Concepts -This section helps you understand the concepts Kosli is built on. - +{{
}} ## Organization @@ -21,34 +19,34 @@ When signing up for Kosli, a personal organization is automatically created for A Kosli flow represents a business or software process for which you want to track changes and monitor compliance. - +Each trail must have a unique identifier of your choice, based on your process and domain. Example identifiers include git commits or pull request numbers. #### Artifact -Kosli artifacts represent the software artifacts generated from every execution of a software delivery process depicted as a Flow. These artifacts play a crucial role in enabling **Binary Provenance**, providing a comprehensive chain of custody that records the origin, history, distribution, and execution details of each artifact. +Kosli artifacts represent the software artifacts generated from every execution, portrayed as a Trail, of your software process depicted as a Flow. These artifacts play a crucial role in enabling **Binary Provenance**, providing a comprehensive chain of custody that records the origin, history, distribution, and execution details of each artifact. Each artifact is distinctly identified by its SHA256 fingerprint. Utilizing this fingerprint, Kosli can effectively link the creation of the artifact with its runtime-related events, such as when the artifact starts or concludes execution within a specific environment. -#### Evidence +#### Attestation -An evidence is a declaration about whether a particular Artifact or Git Commit adheres to a certain requirement or not. It is normally reported after performing a specific risk control or quality check (e.g. running tests). The evidence encompasses the procedure's results +An attestation is a declaration about whether a particular Artifact or Trail adheres to a certain requirement or not. It is normally reported after performing a specific risk control or quality check (e.g. running tests). The attestation encompasses the procedure's results -Kosli supports reporting specific types of evidence (e.g., a snyk scan) and a generic one for other use cases. +Kosli supports reporting specific types of attestations (e.g., a snyk scan) and a generic one for other use cases. ##### Evidence Vault -Evidence in Kosli has the capability to contain additional files attached to them. This supporting evidence is securely stored within Kosli's evidence vault and is retrievable on demand. +Attestations in Kosli have the capability to contain additional evidence files attached to them. This supporting evidence is securely stored within Kosli's evidence vault and is retrievable on demand. ## Audit package -During an audit process, Kosli enables you to download an audit package for an artifact. This package comprises a tar file containing metadata related to the selected resource, alongside any evidence files that have been attached. The audit package serves as a comprehensive collection of information aiding in audit-related investigations or reviews. +During an audit process, Kosli enables you to download an audit package for a trail, artifact, or an individual attestation. This package comprises a tar file containing metadata related to the selected resource, alongside any evidence files that have been attached. The audit package serves as a comprehensive collection of information aiding in audit-related investigations or reviews. - +A flow template defines the expected attestations for flow trails and artifacts to be considered compliant. While each flow has its own template, each trail in a flow can override the flow template with its own. ## Environment @@ -72,3 +70,4 @@ In each snapshot, Kosli links the running artifacts to the Flows that produced t Running artifacts that come from 3rd party sources, can be `allow-listed` in an environment to make them compliant. + diff --git a/docs.kosli.com/layouts/partials/docs/footer.html b/docs.kosli.com/layouts/partials/docs/footer.html index c8b0b8b41..a75c338f0 100644 --- a/docs.kosli.com/layouts/partials/docs/footer.html +++ b/docs.kosli.com/layouts/partials/docs/footer.html @@ -6,7 +6,7 @@

Get started for FREE!
- Sign up GitHub.
+ Sign up with GitHub.
Easy!

diff --git a/docs.kosli.com/netlify.toml b/docs.kosli.com/netlify.toml index ca0840b40..aae128d53 100644 --- a/docs.kosli.com/netlify.toml +++ b/docs.kosli.com/netlify.toml @@ -19,3 +19,5 @@ [[context.production.plugins]] package = "netlify-plugin-checklinks" + [context.production.plugins.inputs] + skipPatterns = [".netlify.app"] \ No newline at end of file diff --git a/docs.kosli.com/static/images/kosli_concepts.png b/docs.kosli.com/static/images/kosli_concepts.png new file mode 100644 index 0000000000000000000000000000000000000000..4574f1ab35a2c102431fc8e57ed7e1c7cdb5fa9c GIT binary patch literal 461381 zcmeFaby!r}{s)X8f`oJlf`lRsA|Wjyh*E;mA>D{W*Ek{~Eeg`DAT8Y?DU#AXNcYeK z48y#`IoG)N=zY)o+~YjY`~2n)AIFV*@3lVb6W_J=noWSJvOFQ)c{~gZ48mIqvUf2s zXf`k~2#9gdAdiUP8M7n*Az>vWqk2n5=A!B&2XiZ1GYkxcfJjXoE%i3aMBSG!q%2RJ ze)DwlGzr_OH&1({Axaw3q!%Nov2HYnar%-#}%X!7vLT%N%AUQcF2)kkmgAFnXOP!;_^67WdP8Dr}y_H^_`Nsqga@Dlp5h#zBK?K!PX zXJ7lAhJxZuGGPM39%3)$V5zzGRtK?)$WQ+;vj8|Hm3mQmVGgi;QQ|a)K^sK?KE_2w z_o7T}CbnmUmH`i*5c9m8zH>bvU7ZBjZO zs61i$0jCy!GFAa|*bD<+!Ko%t!}xPv?4(3STvHhWOR zux0M!mOtPF_qJchKH~)+pS#07dTw3_jDzt4`dVIz`zhNuG^VJS8G_VhE7b6S;}J=; zEOSbXE?qpq_kx?r@TQ(btjy4)K6xkXp6I3~$jYLaNK{Mr^c3X=j?+aD*M&Q0Mx=T^ z5B1>W&x(T{V>MkQ+W^%(p*bIZWrd`{g!2j}P`U}{pmFBNw8l#n_aMJ9=g5-is%ed1 zA<6YAwkG$B^99FljzWrUHy+8oU4xUhN?~eV)U+cp1skjaXzzmaJtG zn=n!(`J$;6ia+c+I*gMM`N|s($3Hx?E^#dka{M&osd58zgR?Z%mpzsn1^XGCjW?+J zi8T6|;H^4SuT}f7p^Y`kA{s5u550}TL>qNh(GN`ZBCPYY1Ca zxY@@1vDS1YNj_^dtCApF!3J*PJzJ4ZG!!Q=z76miBpO)w09fo!9A;X*=t3zPkkA@x zO!zpo#3)2d)a6c~zvd9x$nyC>O6GP}oMqf&5{JbuMUEJV*39tAzTBi{ebQxbd8|Rx z&rSsw`LiE)JvBTnk-#-85}Yb}UF15}MR@H;LqmsDGcciS23%AKL4;AQa|Q<|%xghf z2V)p=h5?Zdi5I}~5s5e@Jk%8V9Dk0ETby`GSDH}5%A+1P`jm|@1M3u?7>EZKgYhD1 z6Uda8#5@UmsDkL7s2b!(As| zs$_<0tR#}tjEovjpDi-BJjXWn7iJ`AqCG3s@Pe9!=9bJ=5=N#Q=1kk+S4}S!o*D_% zV1|WXo@IGNza(qVOcZV~E3kF8S(QQqUqF`Y^XDsAW~nKbbRwrZWiyiH7BQXJD$nIg zLz8zGZ|yL7Tv(GfOva+FkKnt|ak{9Lni@Z->F#@iJHeeTiUp5y@Uoj@zj)UMIzR9p zmXCkl_fW*1Nb?~teHdVqZQs`GZ0#wq-_VTR{=Fl{$uJe(}=MW5h+loXguNz+Lc zap#_1c-r{1Z$o?eay2t)fQT$dDy7B1ZL#jh^LCpigSupk)a&=Y98r3F*(Ym7d>Av zw~1{zZC%}RdBlG}S`l{?lX{~d)lF^s%1DHJgmZ+>C#z55pJ>g@%+$?X=Pb=YTY7WO zpI{N)Y?2zs?@}|3vm5T-x)=VA^WI42Bk8%)Pqgfj*0*-wrmNz=yPY}EuilT-Pn31- z9?rc|b`|GPYd`CnWr~3)Yf}Myf%H+?5~h+zCBD{C{fGT+%deL?okI_8cky;F@5U`- zoxc{scRu{Q`}y0~Tx{Zp7C*CC=~$n!+`2|(Y2PRI_8|J%=MGEG^HG9Hr3o&vgSm43 zg}uf$W;T&lYXi$Y%R__xE`!QFiRt<&-gl~Q+PGiXG=2L65os(5?3YO{Uqm{M#(lIr`lCjQd3TVCLlf&$OS7SQp(d z@&TA^KirO)7npbD{76X<#2HjVX~8wAtD}8chr8JJ{c1sPiLow)_JGzzQMwLHOQj&M zu-06r_`&e(ux)XLZO~}tu=&XSVS_@MHNCadF0^YR@+3Da!bn52&O7%RG$&daS{j-l zdTz8bcBBlaeE2eFx&4_fO*2?R^e`?h$RuyZrM1fBTIebuCY)`2sZ;6 zL#Rq*H?twXVIt%l*y0YYxgdaO`)yKM(lF#b*z+}x4du#H$$5rZ!(}i@G7T}qd&a37 z$yP?@MoLD&7q@$YlgU0jo$8sQ_#ia$%$B<xSa93#`j39SLr>FGpFr-uPNQEp95Furd@5k7w_a5)rMrT9ed1oi|rI zb+C1R+vC9CDDudH#(;){-{We{RZX)!^8?dJi`}zYPY9oAj(ix2D*`Xb&aZaRbSQP? zwyS@--EKo_jR$yY_bTMFO58YGAz9?}%5=9o+Wc<~>DVX3!)8@JI&k(pk=$A%wQ1vd z>F+n`N8!hie)*2Lu#!paLmimY*iul2BnKYnq1_n?U(qz@^tKLneuggNu2B)%m;{L` z=g^UOY(VA0na&A;u&X>4laS`nW{x0mmr6Xiy8hvZaqKYQ*~7Q#vL&*5j{qqP4V^(7 za!=$g1hsM-)a~oC4f=w(rsOqc2;u9A5WV zbutSIE$3$LeaT+d?9+_O^QkiLjoqH>nu{B{JE%D5l8di9R6gki-`X`4G_@-?_@b$% zX{B0Gz6HNI*}@U$B{X0!IIdTE&`0^7b_e{YVF9dyervC(nkxqB=gG?8%h6 zG~3ppgoXtDDr1+DdsX)|A%ep-IcIXi`*+rFO#s~U5tA)Cu+dy+5oa@4y+m8>0<3Qj zEKKZ?ynAuRXpJ#QCeq)^|Mp7w;nFUgP@7Ocq%9;tiBT!HGqKY@Oqg!Oy?@rSnQzUc zJyboEM_6L`ZvWMX(oU%m)A_d6+*dk~L`4zjT&~L88K=c1fCXlEyhyv)*rTqM@z2}z z3vt}M+}HG+YP7)Xy*~S{QD7q1a+iL?M^*i9Bk)Inh4QW$O|QK8>Sf?=hrnJ*&=7N; z>*Vt~#})JC&OF^}UGXx2LtUl1+rsul1r!&m2+0QX0F5@1mx%X?yZ@<=ius$qVM%?q_JB?XRiysY3`J%+Ww z5-97gYaMCbd9Rw;kjc0NhXioxIaxw6wqiSmx>L?(54G8qEx&s5g?~zlz~jLxy2}72{gDWLj_(1Y!E@BQ)pg>0`3j5E8R_ zJSnatVA#4ZP)O+1aM=a>y5w3Nb__KQjOp=HA}*^BX-Bi$_9E{xH+a{-p2}ZxUz!3( zdvzbkOiCt!GzMsnypE}C`n)vwFNTjJCltbFTDQ!VlrWI93JhF~Q~p*Mr;(pdA^)65 z{=vY&Ove0rgk~cd>+5F%;*%c&U*Ar~z>vbYC3{1|?bPaon(e@lH_irtNAT3E>DyTP zSriZ1bMXo9CYXEUYM)QLiSLfbYo#_&e2K^`Oz`|#u@j+7ziDh>pu6r8R`O-*ZOmD= zH@b2<_qTd_%1LS3E)!xU^j>ljcq7a*TnkH*tjNpvrQIK^t;GQz_wLpp5Qw9$>vi3m zFrm{_r!Y_B5?_>hjDh}u2I2oFOpx-xeA{1oWXR*4k*z~WbT9jD2&0DR-LX2j!9Am7 zaz(7PIc#s6^+`du0TOyr)RNoi8TQMw8`pO~<$aoSz3CF6IG1R)X7^x8p3;AC5Szc_ zL1hJT`OdmRx!dMlVZ@&316$i-X!rWD2Uu^lF&4F2?BD^hV0sz5b$d24%NO<}c7<^v z6s|yF z!E=6*;VnsfX(=Zz(8J~ur_Olg+-?#A;J`dsd|6C0kb%+C(&8h$5A`f7Gz?tE4((+4ujN{ySY4{Ds(Dp54RP2eX`=QAi=7Rgu^YDL zHn-;ErJCsPl_I?@;45Xb@jH{k|mc#ppP;;{&J{HTxqlfQ`%ltm| zmTn3hy3iAReqZQxYhB>Dfe6L5$G8!ukjCTgl*ZP^bT0S-iF2+lnaEJyCm@5zag;l? zGQsZkM^gpqM4Kb!U-CAxbBUe~Bxy<5AndD(9w$#G;55`u=r(E=Jxm)dnSluUEu2FX zu4}I)IH0;43YbE79(PZTlr@w(h$kd{UF*b>2S<;JdxMw zfpA?|H>-hTSAfY3q&y=)lYl62g|ON~q=`3Wze>0=@{X2ua5HV>#!-oFoK8M_ytt z^gnT&j+a^R-yXFCdtAovac4y8H@sUPzct{CXo=0%`H}^)y8PhlRHIScG(bA&=PLfO znHcc15Tawb#r>v0UiV`~Pu*I3&cK>x?_!JYX#uA%30`52`6byraXe@Cnl{qBx@^7T z`OnZd^QMmO`X49etvHOkN&`#IgHc=I5Jz)>URUV2r4NOCxw^Tm;|hyV2fKDhy7I+a zOjAHyZNYRNWe(?obXYdVQe908e97i;LrDRN^gWY}A%{6eVfk}nuf2J?8HS{7&Rvk8 zuPl>LrHut@zAp6x!x!pi>t@dLiCtM|+~XZMR)HI9PSEk)x$z_h zAhNsVT2xa!mm>Gs7HPQ~MV(g*4^>b*Qv;2VU+JEo4T<+$Y-lFZ=YBS(x0Y30 zHsA+s;^RxcY*6wreqS_nY_}dfooIo12Q4HvU!&9VI!~*y_2|Y{XoRAV|KG7IVR89Mq(q+WG=9+ZytIQ=whz>bHp|{%JJu9 z7BbGY$51~7lN7IG$Q3$RshS|nvR8+Ym)}-R7=}cuY)-|;$`P!@csWlN zh(LBVwd)dGb7GG?j%vm6Hyue(JF!U~IsK`#G$j?br001_%6zIRhAm@XhPt!=0Y6z# zK4k;{^;OnT@ZLWE1Nb~^V=V*RlYYFfWWDb}>s}{WMr;AtF&Fs&1K8dO9qgoS^jJS? z5R&PhQSqk=gUi!P6mNd0lI|YFS#F`IsL%n+&8x|vnCRvtmR7Gr?zl4Ouh@4>+bBOn zrl|A~s5MVS--{|Awr&6zfR^}|ypR20SV!@Un_%IFaEU8ceqtWHqi)6zo3^O0*MFJa!WH@cBMRtI&qc>wbiziH6~Z4 zom&>Xr6&Pt#SMp@Dt^fFt`H+3$*-#K+Yrct!htKht7rN?k6V^ zkccyYtXM8ou4})-IW^GYI_YQ@Qf~0p+j0Mn3s3~V`MT5o+~^A{V5?E$ux9o2d2i7b ztUzNU73d&NgSYkzq zZ}inI_-$B16N&4Pj7zZ}cd|!nDa`*2VZ87wC^;<4+qhn}+8A8WP5rU&mEV3-P19&1 zXS~JMK#9H5^Dm-~w(%B-B6(IKn!2zL3Xba_&FZZ#kPoQ`~hw?c{sLb15 zcd^>UnI89A!R2QwP1z;`TdLZlf}8hbfUT3rkm!=}lgNR__W6ed5jGY0T6FnQ>o{@E zWc2MgOo}md)rnWb_B?Ap^C!6Xqk4Ud9kivv6FcYboa3?Rs!iNIJUr}d$9871=>_t! zFF!0%JQin{&g0l^q7s$_*Y*KdxZIoAb|Xt_?$&z-ZSro~ts2a&NT0M(E?95O6BgXl z?B8je&#$QyyL$c^*qukCJq=!BQF|7(Ytp=Zm~Uee9}3QUt}S*Q@9oJ=l=aB0 zK1LKTV_iPWLN=v725pNv&P)>d(i`jIx8+>Q;qFxv+!JB&h(A!*@LaC66!NXh)BOPXF&Ob%8pnm zHUhI4J}hm64nWGN$Ge?Po^xHJIz?iRFHcDf2>A??C^CD>WR`Gn>d;89a4{Aa`>Wc= znQ`}#p_ZUViTJ^U{=Bi?+zEsaX3H3ZYl?V+xfXBpePpe`NLr4QTs-&SfrFNl?j_D+ z(~r_#^9R7RJyhqbKW1aTKkw0@D(*mSZ?54|Qe%Q1wD%VFz6Jssb0MYroe-x!Rl}3g z75n?AQ0(Nm9Z%{PAL3Gl`tb^m>mI)1fp#|F6G5Q$2=&qk_N)R9sa3*2mBM{%<*KJ>=qYg#x`@o%u) z?dol<6L#}%4q?!@KYEFMpEGP7HwdBUrgBQ;5{lbp8D0ORl$g@HkQAv)+S2)Jl zsM)uLrZ<}2D5E!;(!YglXbt}sSpQnj|HQG;l>RN)qbdDcU`10Jy`$$hJ^TMFwa^;= zKc?Y*;NE)l$qSYrL<5K1rgZO~q9Z?rsx6zK>c?0~M^Eukb-%A0)9ab1>KD{rp?oJX zy1S@Q7kYG2QQ)Gr`+KI~|B=aPGNZ}-HMagSB+%MLYxkc|VzgELV*>pzibrb~tzEQs z|3{^vt?GXS@Nb=twkot$p{?p~N#)mpkG87+5x~E7I@+qxR)w~zzaI!XD|095Z>vXhLp{)vSRewt=zpk^;R`ovu__t0+TNT=>&{p-gr1F2&stiBs zRDXRJz+W&xyY&CaoxgQD+NIGhjdtn3C6&K8)VH(HR`m^v-}nJ-RcNb1Th;$4FtkyDig@D@oM=etj7$&0Y^dsGf%Yr6_hOXu-T3R3?FViwpqNr`X)U2E|vNl zyoaihRPQ+$E#)}-v+mB!gWfUWSHID}fA5B3KtdGhko(21Ai}ex3bz@F&Q?WF<;?8X zi759Tyf!GR5CuRdE2@h4p~p9`R=JvYT?Zd{7scHPz0UCWd8T?(>QvHI>rqs{)JbXv zn|#B{3s32vw}<~1N_@h-GNpb~i57*a|Hp7xRzJp+2vJEv@$Z6`dMrhA3ft?`J1dm` zYR?cV)%uK0wrhW%jsH+uUSUpttU@DThl^rXCvRfn?O&7dyZjIJ zA*!LiW`MMhmW-a?RY3l-Kgq#JHJSAnqx`LKE%;Za`u53V|6g3@pQl~~2~thLv4W_E zy2lM^ALo;#$^JeY|CuI&t|HYGq1N{d)li@3LE6WRx+SU;;vzbXf2sF>xJ*EYG0H@R z4r5e7jSk~~*d>0Qc<3-j71Zc3M%iQnJu^lX)aaS#LiCuboVVw`!s@zGxGQD5Zs8Q5FMJTr_ z{^nrKeegv&!3fMr2LG#Tm%ptytD2mGgb65jz3`uhJAP!q=wtnA{_heVLt97R%1Zr+ z|Dyg>$wkKcQN$`OA(=PXT{Bd8{dmNshZP+VQ-4J4eti#pTp$fnu0sN(EXbxEBo~*6hNy%f+rBuZ?r*)%>^i@IF5|!k68d@Cw>GKd(Id ztp~n5$d+vYY@dBQavGQ5-Q#I-tXQo+rmu~n#sv*NE6eXZ*W`33^$YS^w24w*z6}yV zF|x%VWrvx|3-AI*HZtC?Xx9^;bpz6+n&z)+P;6*x1Jh1Uky64==c#6HMlgcEwGVmJ z8+#f&VkqXSqKb<=FYsC%%hxMOH6jN?Pz;1cS_^GGb?c4QHy-@!=J{}KD-8j}FDSq(d(&u|}OoR#9##^KQ@6-jEQSEoOnK3kAoEAAD z;>Q`Lukc`iMo(_2#Qsc>7!oEE=Rx+3&X&>0!FhHm$NdZYR9|&`K=cWR*olQ*n=emM z@X|i{CPyhSrUiHYdKJ+H;zfBRDJ4BdzZnDZJ7we%=fRtws5XwHA=8}SZ(NBS;vC(Z zO+P**0iDC-e|3SoQuYTu*qt`GU!NgZK|Lr{EqTsnzBBIYos+GQ0LQ&9_z*M%o0*#H z5B>(k8TESDjM03_&7!;Y88_RA@xI*_MISU+kt>?WZhsTPcaD9P#&0Bs0e{%c_WrX#;Sjtv$jDS!DcfPcjiI-0+iDc?)9-!kIpX#ULre>X{VG=In9 zd;R~lD*h*rpraX8NTZ_}W%hyl+oSncQ-5?EqvQB@847yg`ga82&r3!0!ZoT^+|Ucx zs6tu_y>N}P3grLd!nKxun$|z{h*3)oG;-VF4H=J~;sSSV_)WoFrW*H=}EB6G9x{p;3vKfB+9_D$b zDF=T67PW?NdsnFGL1|$sZ-N#qI1)D2YhaIBMZK-r#bLgU6+`wl-kzg-$7>Zs@pJ^B zwgr_pNr+k5b<@E-aJ0*WP^@R?tzVlA$oh1ms1Ik&PJ5g685lxM;;2B}YWsCAeoL@G zm)1&$sQt%vaCiyen)=koeJ%T`O}eJ-_j;|j>!R;;i+ggG!Dt;uUQ3jlSgZ@Merx}a z2&l?~uAJuI>=^kZLtC>wTI|@F^{Lfv>+!3;s6JmXZ0!kKQ;V)A!@<47WAJ#B6DXAI zH0}-uah=II#G>8Coc^*}#VD_vo9kz0&)>Jn4+yGnE4(pYvY5JrLr|IHt!X_=SDc zh>IzpvmAMpoAtl!X_!4L=6bZ`bcCZatFKcED4VPmFMHhW2PpEh2`b2Y_qe<8t?7s; zw+??O$iZ#sV_`0B-A;q)7ygnN6^L5B#R$Ix#?O#=eb;Djn$~JHGv@7TVRr4Fm!+>U zzy2-wF_NCjh+~;C*IYsy@?J~d&2S7*?di)t`_|`0JIoW7$K0oIMxLN%gYm<{$UD{G~

WhV6X8r6p*ZYPk`BHVE`FkneCqo9nwe2N2&}{onNyT4vtm!PxN|g zvYBWP1N`#a=&HH(vrY>ojZ6HRS%e=gksG#(>r+@&GMarL1lJy)Y=lZ?0u4}vm{9*) z1Kt%#*=9MLdfoYwcz!_vdD^c_)#b|%5BoJduIgGGHPynM@s-4W@xPNJ>Obx}sHpSj zQzU^#-F|U3qqEq8 zIr;+yWrQQ6Pkk{!9{931;*lOZd!_Wo|KVUp?#R6i+Vq+= z-?u6u@6U(%syj&`Ox%mNd0ywoEnq+C@($BR{|wnum_0c0#2|P&$8Y}|0lqiYn(h6z z_lmmOW*Dy9PS=VxO<6K7@qR*me@CPfqAVS7y%bz1D1I2@x?qsKY-)?)viNZ+w9XR>sy|>&DlXNsoWTTD;?hwglwxDu?QRI`3gs$;B_H-Z+2-(O z8kA{GjJ*YObud^`4OV%K0RmB|GT9la+Zg|N{YB1)Uyf`&c5HBZ8x1QBHxs)w@_t0; zFTLxzF;xJRu{d+0!)Me~)?T<55kMxdXStj0bHbjAcLoF#r2DP{X+ zw@u#Xt(!`2A=AGT?)wE)4UAx&Hg|Iv=Py9V3;5P5Ok^f6Eg-SziK=hnx5&M|cj?`U zzD4kJ*1bmV{XpAgmiH^QpNs9`Eh2s_ub<%|ok=TDsW|odj~hw=N9*+>K4FczKfZ$UzfwwZC%XPV9+OO}n4=xvD2Yo7}b$ExyA=}8-b^H%y2iR=`}TD!Y)v2AO7cJ;m_YB@L|b!k*_`kW7B z?%HvENc&c|?_8jE9dc+a1Ce_il-eSMzh{^!Cem@Yt4a$ms_IPbWM)=`6kSe|EU;u? z=n!;EmQi(wKHd}VnP!?$pMUc+#(5XXsJ zU%o_)?K%C&2$*4;^VEd5AbCmF9j{*;wC@dAwV&zZc#Nl|Qrz6u1w2b|_R>OQ3!25lpp?6IE!|AWiD=>4);;B?qej`st@{&I>8&&G}l52sEwtKg33 zP7(7`ii#bL2M@+CI`pTWoOpPV)q@kV@0AWy$|sj!R77si$crBTaeD^n1C>^pkICV- zH*6sgD*IMiAy<(|-KiVL|%s@ks+=SOG=GU`jA4l0H|rebTA4o{+9297WhWE^RwrnK6_x-Q1 zWRXVK?A#RDuZhY&-*w`t)Oer)8NS=Ez7?QI?;pgZ>grC{R94CWC&nsLbtlCIId50p zoUg52s2S_6+@-a-0DR?(KQ`eBWgG9CWeH69C9J%%nC><~HbV~4y6Q-8PQv*j*>di! z9R!>>31}}pJbj7u=RMRS1q~mWdCV)uiU2MpRPDFuB{6IB1zwRZKvsX3XiTC-&UPbb z4VBh30PuU4d!s(vv3LE%x3LnfW=z}`!L2;eR|)ZyOjk4@;wsGr?t?FDqx-|oHu z6iMj9gF1;Ar{&s}IjB?}+g`JqEG+5Eb*R{z=3(tiGZfu;4ag-bQ0rentfvgN=G93c zrwvOR`&#Sp_RkBUVQVoQ?_Y@;C9#?`=BNO_WQ)h_U4Qe#F6tj|{iiTID4(Z_BjEe8 zu}5tIqli?PT zxAkpwTEL*1m#;bmv0Y6isVi-*W~V2g;hIvpUiHB?=3Hy)lLK2v*Jp&>4%27?=;tsx80 zZE&K!q&W2YV6HsG%jR>88+X#j9MRmGn=@LjRjj(YtLEZm0&bH!51OJ}n+~dBy3qOD zpt3x!p&>VJCZN0gQO)x()0Ny!&OZvtvF9Fj2b` z)J6^rHII9=w%_O3yRPDsmz~NlWG3gqofy|S!OI?arupXGf)ov&*03-J4o=}>I`7F? z3T~Zc=J{$*NNq8)u6nz!1N=F6|CG?{I~NDRp}|1@3y2S7`cN9XP=w}@yRp5}W}o4{ zwWgofpt+4@Tv_mJzKJ;koT#-B+#pp$C)qtJD<&teho}!tkc$Fz*CD6v4HB+iwkq~< zb7C~u9>!9tu7nm2^8xKH1~xX0s%A8h zsVSHW>ZZj?P9E_kcD0Oer>qAKcQ^86OlD*5)6E3!BcB6Z0-Yg2UCRz07ED8 z?B;eQ5qdi#E0uSfhIGJzkDD8k>2>N&%M&eT-NZZ^&cS6jb zBq`t}Mi{NG%@2?~yEAnX#Qt?oz~gjHeVwM8x~)@IV8q^TK9*`{zrm;fdaRctXzhPV4{#2kUP`%a5(ns`Dk?JN9=Y0uw!lf4-{xOxzbDZRzd5Y6&h+wcGhTYr-SRwEu-&Ky+4d&4Kugom3<(zxGY4lK(MElzRw4YBzQ?u<>5g9S&?QP53I9KQrvLZ zX#tjHsLNSY8Yu+Q(hS_q(@Kjq8+9W1vxwJg<1IhVJ8^fAGo1&`Em{R_gLg0Z z7hy^id>%BG&%hK8vWp&=bhYIy8E!GCu`e9R>{c!)YaLu$2%8j&H74Ww{)Mf-#u^Cm z#|sYMb;*6uB*nBsoFe!VcH!tTvq;0s8KZ7rLZWs2S?p07r?br0yOJvuL))-;j%bz^ zC+TP+(ysIhZ1B2c0P^OQZ=PPdtPnFCAB9l{Cys*|;rPl%>|rq9SjA`sHMJ-yNT=7X zMU2!`-CwJ*f!MpQ9dl(CLGyHM2C@tX*2|A#Ai6o2B=|?S!sJ{%uKQnM+J<|&nyd9> zWZ8{Za#d7;g^lj?=RWNGEQ9m1m1B(WRja-_;3mOCiRmD-mBn#NzK{8~35(-i>)T=U zp5-?2yLuK5KWDYkXI$BraSFBSLLl{cg$|N{(yaMttvWIHE`P(MTk9)kt>I$Vm9p#% zgkI;i1=(<#2A$Ro*R$%O#CBa~aZ$V=^zx!yVS3g|#QC_df9Z(5$e)<-eUvF`RDuc)#;;6yGu+WYDX3?+%$t#E{F!2-LcmR*BPv~1t+z> zTy7~Hr6T7mw9i|ESJi}3Yc@Srzdz9uwHCG_xENnEE@{@PY!`Gu?=cU)TUBKboHbN2 zSG)7pQmsD&4k)M@8q!i};#e7FVoOaT;$U5< z_OQWrh%5VL`*TkR)%Mw07i26N1t4F-SR~6`-1mLT^H2gi)lG#xy#L}#psa5AYG&5G zOCut$sb-flYIYBuhSqs5#4nF#)HD`o_Sy_>=jkdQpqkULx@0vS4QPKRoLdF7uSV+F~erhz}*RN#JcUs zR%COlcD`exx3c8E1a=PjltVN#UQJvc%)rOFghNIMl6D)*+Nc5au z4##}1uIjt!G`A2Y^~Q~WgH&SG1Sa`ro!G6)nU!2d^2Xj*K!%N*E+p+w`i^)@x-nUm zIj)p)4yp}?&dGTR+9zBY6R^H_FMh1&m)X4Z{E9fFcP7F>}&UX3C&BxIz`Jx z3+DjV^Z9L0rNf6ab*0lAiprJwHY;p)TRP%bJl5+E;>r_=5IYmL-9q`+;BhF-uNvr~ zKc43PC9O+VDQ+la*IN=I`bdNU@R_dlMlFM*e$xKla-#C3^(A}cLm#eJahm3al}K^# zW)-o?O^=(bf;1(gi}v=gTHz)0z1`-b_Lb${07J-(uo-w^!vL^^oh#7nk^1i5(eYw6 zcLGk(!QR5U+G=)DZr8$?b9Y5!cxdartQ|V3O>KW+JrHt(3jSk`_fs6R{Q`L!gbvr(u_Ol2Ab4V+XOZ9bEPBdas*Zf( z^RI=U_dS?A5@nJxucq?6D!W5-(Eb>XR1>SgYJz-OBd3-9K2Dm zFB3OA`xHXMKbgtvZSEyhv6}?>Z&A+`xgYV)bJ&n<2VsiyX=;y^n=#SM#QVI3VoJ1b z)z%b87e%?5b=(tJa1PM2;<2H=pY(j_nN1c(Zy3F|ur5r-vFCw%oc~XkwYJ%M3|P_? z6kjP~k_Q;3epF_e&$JF7XMK4bQF5h2?fwSyVJRu*z?CTgOL#HIe0;f&JEfl(WufzB zk{}j^2Rbb7)`qvWA0^*^k|6e3<6hA0jqvAJ^0c$$3X9|w14qc=Ga};fcFA)Z^=1<5 zNeZzMmB7G~41-2)pFqmJDg=DtHUzW?O+Y*{zK<~0+dS{HmitM3-t%gmeI`tFKERXt z(7B2=t-G}dPIOr^HW@4hd0C}SDB=QhW z0-x~-;4_1IuZB_jm|=T09L}B)@U8dj20Z>YqoX^g%u*SS0yb zf%lq3e7rV@-WGs{srY=m+>~s?DCH!W=2aIsheZYK*uSvKMO>AJKlp6vq)1FFBSSY6eT+3ptJwC3 z%-#u`I^jgI7Gwdc*y>~--?p$WP`lszA+zht+oZIMYSvv>;)`q#KJ_}{*YFuvvB4f5 zd^REC*?CD9_EXlMK12NcDUZqo%+ zN$MDCFwNbp*Su0|n7}>R<*szWM!D5}lo(lJ`9!iSkkThOzP@7gDv+c3Dsv0PW<{0_ zF+BC7$~`@{L)q{b{Uw3$n$qdx%)pvvJ!G}($UtDCq$YcLS}W7@;*m!HHsu*du59DT z2gKMWOfB~ZkSVNQQdPne*sDRabKWo%5DasGrSAZ%2DP7Nu1u3&Fjm@xoV$yRMlDBp z_F+F<{DszF>Lgtq)wE}<^(KU%LFOdPK*y(hfr@Jm^ff>9SqlS{hC^g(!qE$KAApcD zxes`iP$i8e$&qGiz`9(arbDxB`5tzkq3bYLi!dPMLoZ_=4@1{9>q~X#Ql@f4#sWN5~-sV;|H!=

Q3+Q%sT_qs<)6SSmx&H}hHnhiZiTV@|u#>7V= zB)T(RJ8PVJ<&I=Q=aq|Oa$dDSNLR14xSGOz9b$E9b-R@f|)3_mT`(!p|5)~Gc<=4fT!XNjluY6n*+iYjopa3%w_s~pT$3GjHyCH5~`y2N;s?%s=~7p>{&bn2z+X0 z2u_F@jr{7t=6UXiQ$q~1Kz~F`N6ihTK9AfZMxWg4*}`+DJ@#m}UPML{W6zE4j@6CerkW&Ym6 zB+pLVmEt}duWT*dCZE094WCWNE}P+9ev7j5yL1=v%4JurUQiY^XmC~lCT~EJx(+@` zP%T_2D7Vkm<>YN~sCD5CnwG68e$LujqC(MfYXY_gfOvnY*$XS0luwEGnQrG3#-q3Z zgmk|JS81sn?Rdb=x#l4Z(_WtX>Uwd{<rRL-+9ngRj;xqakXDy=hbW$7z+Zlc6g+~GQ6DOro#8RC6~V0-CFYzZHN_-uj4twLwca8r(#Kxaz!!0YPGPe;QH z1uV1~Q}+rczrFJ3Ct>=IRCp)ITl&MA5>FpxNla#+stkTzt8DWepC;3m8FA} zig6$G$p-HpR6p;iYY+O!*^b}kRJutxhwYULE{F;B3=`p{=l{*z(ct6sV1F!rI-u|7rvqgt&u*K?#Ef1q13aA0 zJjWToM?5~~2y6Y;%U|AWxZQE(=Zd{=ciR?^(&u%pi0m^{F^#fkx1c(a%)qigu^h{C zmtGr)&z1i|k$F!l%qXQ?!_&H4@Jt#2c4;H&7YvP=hdvecUA9{`ma~o%sW~bwgu7@?m7FIat!$Vb0 z>3>}F39HZkv;-+BiMm=|X%7VDrH{zcoU`>UF0>2Dp{LmKao+NIbrI9}J!B@l(Q0Db zYw3E|a3U8$$4lsTiz-FGV4mq3w`#m8f4o8? zLTK4-=% zYMLI~%;dm>gp`L^UfyeXdA|b90-d?~lI5Kuag17a;W|elTv{>x1{<}8(g1^!H>3aM zXrE9?8zsuk4%VxlIT_kf_Zljax^J1V3bllDR_Ns1usr)@+f)$JveL0%BT@0n9e7!O zJG-aL^=w3Z@QBpG7?zaEsvKX)Y;&ilB{P2{w@zq%{fL-}JUbWUONwXs+fj|!sU;^{ zIle1vbAyweF^i{LFfV}YNR3)FzlHA&HzW#QPDdqCYiuM+-l9Xh3 z31yO4-t|>!ICGYeT%wLLzmJM^@M_X;L4q|d@c8G!`{`@P zxVz7tof$Jp0u9?r-thdxp;Eqr&&aysJl#$>ei9$c1@Wq?u2FrVyIg$qsP|^6d&yfL z{?Cg{%2wU=T2;3fK`a%|_H6&u4_tIjHK4 z9(D0Px3}#>HQ&UnNJ&-+qgO7Rvy3#|Fwdaj{PQk=7B%OxJUu71&}#k1MZ_~a5tWzT z`noD!5F?!}nkOk(ZW?!(&1M>Sc1OwLT}yENl+x&pPA_|S*n>V{>mjpnqtEM_+@u}6 z4J*r(Y2_`}9oa4`FsXP?cI95zxc!w*aR`e$(rb(Hv{xpW4zJ)XYY@_d6Ydz8#nL!o(lbCEcH$TmZs%%icVT)5bTg>vVxk3~OhI@dz zWvzxXF_XVcxm+e~r}D(*?yW*4znclh_2kEeYVI;V`LWUesxmNn{8&%KVY+M(?oWL2 z<{7NA^|3WIbv_|SJmV3rlvW;eL?)}kcC!HpT#`(jCEsH8VEswBP|PT$^7=v#bab$e z-F7n8n?QK8=wJrtign|UHBr|BCy|n0_%=4}D`^%BMWxrTY>MJ^RETGeU3wR~sJ}4p z0+9cg<_*pM{`F}&c%N-?oTN`nC-;KAkiT(wis-F4OXJl=#eI?HCmvh37V&NrSo!BX zpP<1Cleg@W{WC50EkE|(2R3bJfPUn0LkreQAqB^EpU~6HR1{d!4$KU9U(#mhZa7tt zsyJtVDaWc#-)f>XGsnir|v#j#plt;y=5)t zyJ=IW5;m9A-ZWco)OMJ$n0)?u`TC`S5rpi`Af3EhN3N9ZryEsO)?^sE#|?jUySgha z2u?br7D_Fgd^J+7QZF|Sghb!6Xyc(9DjEpZ8tQGfmE+Kl=?i_3Xq!ZZ{>g?RU zUxtUo2vzPuTNbPkNAVP}*p0KTWUa@tnJT0cbt0k(`KN^M@^vGPh4mHM!re5j_ z8R^XP&g)T4^B!g5rAz}v&)j6Hr^*~%tCW*Z2>2Fy+l6O!_*Qi(q$7?Fk^t5{`B)(M<)-Yja0TcqX<5IgG? zpABj!lD2M$?1dW1CHB!L&6UkqijPS&yzS%lyu3Og%!yOWYpxOzqnkS6veOfgt1K?| zcSg-Nq@xf5I0EL~2AzZL5J|6KG2`VyNMBvV^5V>9L9;#I;bs761`2TxEyfJb=UW{_ zm7`O?U{0^Z2u4>$kv=P{9h)n0_u)Fi8P}dp!a7H<@d+aI45T}S9w zH0ep7>UpP7Rp4`i?`f}+zaa}3M7l$p{BzH~!k^vHhir4J*Ft85*C?}QdTVe;%2+(_ zbC;@q{G<}Sb#VpJ&+8{p1_H0nSMbHU&aGS8R!nVFST0@NR@#LzlTOJ-teHe-o857) z^e-xVPg&QKQ%o3L@-nj5a1q|LLeNFmIB!DaAUb{LPAaR%>(il0{kNb`N^Ah+r-~G1 zvnK3iP1Qe2rYk8c(i2`(BAMZx84np*?*{OyCr8!x`7vT6t)e@2akTM-g<|((Zk(ED zX`9Xxh7uuy$Ywl-_~IT~ZBSh_+b)OqQUb%V*uo(DmV4T3hHyu?I-L)Rn8T5h*&FcW z!Vk3}lbhYbvZVZ;sx@C`eMh~$4injfoF=*Y*h{h0*_KEl*uA4uu9oD zchqaxay8s(&F=R7IImhceHwCy^UzuJK-A~Zv{<1W;8=s~WBwVdV8F)K_H z$mV%QhOlSl7;5h9b8w!{{+w}^L$d;I7F2)C<7PEsEpd2^OZe%53}(5W)=Zl_4B@&)pE@9q zZTOVR@5#CbYnL{X>b{nQ4kI@5?ru3v3s{`+6^w)%m~O{JT`Nrav~qV=*+?diMk0tS zu--g*w+-l^vJLAdeeFehY~fAX#<%-c3Qi2P)an#0e!TGo>-C53WDVt0a_2pHl{Q?Y zk7OdlRw+@MjhOIL7z5|ga&qL!Fr>_frJCv`jy&|Bg2+ZnPKJb1CKTzb`6s2*s}1Y) zg;_^Pu~fCyxE;x)e!Wm^T;D-3f9IPx|LEb6%D`MgTgwY`r^|dUwvz#+mZJizLoHz@ z`ZX%`9{aU3Or2y)I?nVChkdj)5xUwt?>P&PLe`^4UPJ{qgTlzN6I;z$v}K~%cU=Np zWPM+=b(1beYDo;^KQ@!wVq=btu;r)cWU##hMXZg_hCe$4j9Ko`sF5(Yym+a1K=OLn z^F=yqOP&xvk`7>r14?R6IE_!SZH7PknzpgTTE7iR_FzZbY3(yu$k8TO4?#J%FisP- z+3?p2kV{EpK}R75MyFZZGC&Dc?}b`QxJ0(RWyMSO9O?Sw6Z?N;48D!|056PJi$hjT z*(pX<2104h;QQzbTWW@wQ+h_UUf|WERG%l+`5;#L$v69WACPrEo+$+0r%H)R@O%K3 zgQ@G?5~^=QefN-Rg-Lr-nPpai#jg#j(m)SoXycHY-Zqc%)ssR;aYZ%HDw#uAd`||F z#PV$R>7ya1ZJfN8RV3G>U**}0gsZwn^^l{%40Wv!0pgImEei8?}X+ncu` z$bF?g#9SBdBFyiQMcVNH2ovlQwzm>}C!b}$i(X=VmddHl<72N*Vv zs3r&QfT(wJ#$nEERi#6p(^*w)PdK!}-S=(YM9^hqlTaf&6FhnPKa$0G)`4UJxr~}r zIh*eZfkqZ{B7J$wE4Ak;xU*!YdjhBgt!TWKjUiskOku?y4aJM$Gq1=suj7E(&@N|SFpWKBDiKG%W@<|!j5`R56+%`QLU_xW7pX$l`p=ce`J@!5E;K)F zj>xDb(T}W7Um7(wHTkM^OrvKF`TZK6-O=-64tdmF46-v)UTWpI( zF4An8h^;$%E^Dc_A)96<;~Yz_W!GE)oMTf1Wy22jbb48|^Fh#ym_n{feD9Qq(~l_w znVZY=q}NfZ^q|*>Tf7^=#G+3B_(eUDsdaX|s47K{w3UsS^XXBL(GB-3(~c(U08#v( zLh+XeT~VwG+m>6=R3J|$c5k?Gc;BN1h+ zym?fDIHIp}({1kDvJ(rd9?jW4RBR-Mx+ln(p7zC?78U@>|FTXbgc^%;1_~#c!)-7e zlw8b|*D}`c{Jf{V!DozU%wFCi$z`GK7Gjp4hXcR#fNd)D3`No zJfN5nCP*n-@u8{;m<9!lPu5cZ0T@4+@QS1^NPL1g=ArsjxzUkAhqsyiz!1`V{Sk0P z^&y3dw=+v#yrN#($UT25KX1sYoxOij2G&FHnb#W{jWP-IYq^Q#wlv9+U;Xe8#s`w| z)PSg+gVn%2Skh5*N*pxT9qO~1f=j{;t1IF$_>>;muJV?Yn$^-5q~v7^BnMFHRyJZ4 zTP-}Q;`Lp3{q!iofBz);F{t|nqIlkOWMvZc0y(Y@P(NEk=6PW9;DU8XoR$R~b<9+E zA7;G2F_oa*1&>ym8argwWUz?7!}DGHDMBa-PMZA0WZ=z-7ycNR#L|;rKb3z&xSL}UvGQs;yl_j>U>o;+_8W27T~{eUHmPwmvJlumdguPgW)!A@k^Ec zYf_}b2JDjwJ~|gFvIp@LNnWkidH6nd72&*ag~sLTbnck{h(jbYc`bxA0I4mQ)mx%@ zEyQ6QXiK)V1)=mlDmX1H_r%=Zdv>8EPP z5)rf>(rT=pi=ydC3e+x|ZKt}^xU~L=wSv+1s0NJO*&0-+vP3K>%Hve)tuIn2f8l%L zGS8H1vXMSAxi;r0vTf@aHa-vQQx;hQi!8(IPNOpv)DcrXvn5gZ6keb#$uyio8Yl?RKqN;$q!hCb9YGJmQZz6fFL7t-ci2N8gk%zdRpiIV9HlL~UTkZ8+F zaH&fQBSrCk8d+q&4j)9iuci=AI`~sY5D>B|chJaewSrwLB_Mcarqb)0fuY0jqER>kQlXNHSNFP zG#nS=OW|_BGKji_4j}RJ9;$34gom*~@oqWKeTTFzc96w#7Ed@t~f{dgbS%#&6Den#alEDRK_gnx zckI!WDPi}!|L0#`6HZp<=#^^K#H_A37SgoS?myYVayYb zXkWEAU6(9=oUSKg&^`1rZB$$R3uxh(TprO#33tB0P9f~s5R%iAM(4=u`c|%Yzrm4g z^mH-`y1<$U+($0?iL?0QSZD7q5qgF+gYeNd_!ReZ##1a)g&(+0OKun}ewck0o#3<@ z~d@aw5qdbEoMy?XcB zdq*|3voRp!cMI7olw`lARe5Pac(yN+Z2X!J+T|1?9wPJ$;nk6!N(2*qpsFs!Q{$1cq+GsWOCeT-}E*fW~w|HTnzFSz`U-sjX_{G33-$S*tRM zlpZh#le4ZV67MdIO1yS7(aE!T-JZPq9n(ZE4P5mV>T#&|zLb7lWT9lr`OU(im8Ms5 zW$vA!!)o(uOVh?ryk=+TT?JRKE%t8BWQ|yUo;;Q=&^fm`8M&F05*|v|M%Yj+T-W~k z`+>7yZ7H%0USqW*7Vj%dmUJ5$Amx5TYG*-u04!TyC(Y_h`RR0qIwBLyM zongYA72Ox;(iPPZkw`gz6f~hh_?+QtG=ve+{_2%kC2$>C`Vu@Psf7Ha%A+2M3QJn8 zVQ@#CYUVa2<=D?oDebc;_s&KFWfD5xaN3X3Mo0T0+;2Vad<29JYQw?4DNr)+R$}s% zKG%fc?TdwKD^A@)OPd1Fh4#()Q23~OR@n}ZC*qm6dju-GjmkAtUKlJD$JsO^{!WEs14Mm8P&Du|7 zjVaR($G=f45BtbX$gHx^>tMter*c*fJ^`TcQW$1@WSQE=mm<^B(RzcG?}3#w_BuVs zQ_IhJ&X!loIB(|MtSf)1_^u;(c-GY=^>d(;pktz&BwnjfB-z~cGDZo=cZYz~G4$;R z0}E_=BU{|z$#yoOE-U8ga%scT+B1x}@qvP@q|Vtc){bp*(i|1##~rDN(wdgXq8Aj% zW7~(9?)H?oF&3J3gKBSdxy_L_G!;jWmO#`9jt#86Z~`p?ReFrhGMVChR|x{Na^B#L zixLiNdo2@}Ytw$Th&O4#JD@~zQQ}F4v&(-nEr0mkWG7UsT$qX`S-PlnKMCNq&j#^g zoshct28MPLiBd;vNm)Jg9XaEOLc`MGjmsJK^gh#{8a~It`^eV@6wGY3X;{w#6#k(cB&GI@i=T!6=31UYNNPZDV zVPqJ``YM;4?5)a1%;^RM)SWXZ%kGK~d{TQFO5R`N+&Dt33OeXtpL^Su&7|I9_AX)M zrk8PLM7YW+gr8WpVhzaG!|vm0rVd=S5_8I6nK;_nwmCz?CA>`Yx3fiaNGAh&gVa#I#GLscyLe@=+J#6Rpz{OMSKYTR7U zBwBO@s?eD*>4@hmj|xR(2+Nu6!w;_F<6avo4Q`xEuhdS+H?rO<(`hjMn6Non2w|v!8f&4Z% zw-Bsu1r=^rJ7Ia>8La<`P^uNyX3W-?io&q<%Q_{rp~mI}J{YG6Z;9P~C4Q(yDpa*3 zG061EIFXq5TkQ=R{`CsC=m{TsDV^^5TcqW-*+~s}?e*Xh1ZY_UgF6;S;l=%}(#oS_Wm+1#}6BWn94NWvQ`Co=A zEE7M9e}CGTF`2rkpQ?OeN%EVE9dN=a%Md62Ad%I!dD*r0MDA3&VvzEs!DUOw_;OA& z0glSZc?HmOb+h>_LmPRyr9#ycg?Y4k=71BnsI;MwdRYh();LKQy|k=|oEToAAyJvo zly1!sh4jC5^5MBbJnJ#UZ@?Z=4o-0O7Iuus2^8n1lc-F3v!8Hre!GxJ?3~aw4BFJP zx{K%O@hwvA>ScQO&xVEPAM`wxqgQM1%@+}pF#SN8Am+eU!NZ|Gj{1TPuKG0!;dPS< zTS)>90j_zA&G0;?rJ~Ftqv1Z=f~&`EFOdR!13d|@e&ZCCRzPFX84VhLnck%bl^KZs zf{b$#ZLf4DYldQE!9ltHmFWn+%NqKiQ}r`@l`{1so1sEFW|f=~t&fatDQIJW`=tb- z+Wr(J0c37Tca*?MEsM&zk#|Z}K_FAYE!I9Vf#?_VW7mkeCr9|0(#g#nGbX zfF+n=L|(>^zn%s)#Q;ZP81U|9`aXH6`ON-q+I3^cVtb`*PPrqB0hxCFe$Do;lbW++ zg(qp>Df`*Qw$UG`OMro5P#vwBI(>~~R=p!lGKAhQUNXK_Naaia212;MIL-nQg)bL> zPtM|;Unas_V=8l&i;Q_dVZaUrCC-RK((m_mtH56J5$1Aj*BiiLAPMNAIsb)v&vo97~9PM%LpDr(!o8E2L!gyvEsu?GexdpG8Gm#HI)gRD8^xT|4vBdi=4*}WU{kHeAYlFc$)4WR$J^KZ zWW$NX*CV}6KsW+g${RwhiK_!ZynIcu%O%GLaZmAgT- z$+JCU$IPFynxMX-2uf)ZG!d_8k1Piy5nbk=%CHpjGbysZJHVUcl;z-Kw>c60L2m7m z!?6qt_Y+f<+TMuL;Zc4Ywu)#qBDCBE8tw_Z3Kd@k$Kl>5vj$Jntz2ubBE8`zPP@3A zqkNPLN51x0x#JaH-cH)W=UG9-?Gqrw+o8Ve@};w$-~@HDYAM17(caP6Fxc0tkN%q*Bn=P|aFaHj*3P`y zUbjIqrK-r-S*rK`2J(1B0gps$%UKAqiHE9p+aYMLt&2-6I0j>FVI~6#*oPjTPC)9H zGldvI`XkythY7t(BgFQ)~jlGl6Ji? z?z{C$YM}tF`SQWC(fEjy`hwPaUT3HCJt55;78Gomi^LjcfIEcoS?)wm;~dZTMDGj?(f5&c!qE>&9Ifq0qd^jo{aM|mTM zJJTjr#R$5Rv^=rvLK+XC>ny$@PT9O-8EMqhhAtu8nX-A+GGhHnt%4IDhUQbdKzci1 zzV!)vMPXdFO)nTdCvH}z=R`x7ZGTRIhg8n3?}qx89}fnacwC_s99z@QavWI{(@U%@ zX>~mrNo#+X-q2wnyC!`(kxPMQ8k+0lXATY#Ei|_!t{SuMYi-zC%2K0`I^McQGd;^R zlHshd6g=p$wApm@71BoiIl&hu{Dyf09P_APV}W*Mk~ZceX`mB3U^7o>GtqTxDu}Gt zKV`O7!6va|Q$$F6Zj3%0t*(2V75|Y?!Vooq#@HwOH)(%R;iXWh;Fj7gIt+CuWH1(6 zFZiFEpfO&r%XVF1IsF^`t~EkiS%10>C;^e(py-0|(22BWYd)|Wo)iqTq6^_N zC3kuF!D$%d(Fe_)pwTvmQ2R-eYRD6I9Y3v%X(?p2RO-jJ0AN>J+i&r)e(l>Gt$Q-1mCPh;#!TgRuRPjoMm6zUB*037!zVRHH z63T{LM)gvVkyQ?9$?MNsKzc^#J4^xLBcqTnx)>4E2j@AFx9>a>nVlqSaGjkbiHy>6 zX?>w=JUhqQK9W{mmlXl`)c-H8h@kG>kH!>yLwA^Kchl2H>I}d>lgbX*X*=CqwWT&_ zW)!M^jbAmp)Idt729EZ2g7Ybm+2bD7v=`GayugSNTIWH+Yxp#DnNryA8mo&kTq18s zsN;G6!CpeyCvUH{%`q2KPo17Ea&G_;_B{PeNg$g9xnEBJ5S5;<`du0>bq%$$14hb}o|) zH-$l$4Z}5oD3Y{t+GOIiH-_b$LFCo$TFcqZ9!A;%kgLYL5dq!$UIhA^O|6i~q6q=l z9IE&n?c0f^_)kTQ$UR46SqE0qlEW-eL?zXR%@4m1t{Depr7*t!TTWG15zxSAJiw&F z-rmKy!a7|NrOPM5I`Wn-?#Eqr%FoMJ-mV)CHO)88{7nzz;Eaz#f4w+rNhq4^+^hfu zrGncg4;R}7?)sJ&u)r0?W{_`R{{|wxD_cIV3ThDtbOfZ(QSxp~4qXMAtCk#2|J|4j zotVejz{g7;a709-eEpw(C_pxny;C7DPhe-i?d`H&MgpT0;PeaT$ zYyNl4d07n9X<^FyyTlPXFLq>B;L{Eu&j=29LB@8Ds6QV0nhsE>RhuiQm~EG2>jAJI zw`a;Ttait2pfn|x1E`ZTKi#g&);nN7&MyzC@$G^@eK$o58BnLzf;)nLNV0-_T2G~ko5=FZ_gd0r0xggL7AO@Z&vr*@$aPO&lF_O9dBb- zcR<4T-0^M!pgniITlNE)rrwK=zr&zAM*6+zc(?3_$X;~31OD%axKLzQqT^Pw4~ReS z0{GF+_FVIBsn(ur-ZB617s1|h&ASEe_gwRC*^fQfyn9)g-{YELTMd01^KJHlH~w%P z=G*t2Hu}CYF(H&ZJ#B<2mG0v!MT5cp&rf;aQ%GUqu}K74;ayf^>3Su;an3;3(C`?a zRjkPK%nC-DiFAX4g|vn>xTdg_55m%?f60Ej-vUk0RIe~{gqt;&^uxrxuU#6t$?%OAXcOoKbw@Z4kRSXQLwj9e-KbC-< z^TKSZBKI2ZyFn(9q)z398mUAWPmfNcb@0O;;Rracc;OWUQ4pwJg{@dnakZn?L#_jU zak6ARL2B+IFgZx@ZT-+ZTprvM}@Xl@Ovj~P*7UHdEot*uqp2BY1y-c;&>BE!JC z>IL(uZ(`1-48~52>VENrU)Z#ciR;pzBc*=AsQ1+n8W`&)8sOYGH2L-STTC-O0S%B` zRt>bl2V!AQ61Id^pI2gDAu)HM4CvNF$y6Iyvu0@hBQpAdb-RmCO;N`KbW6bm6bEb^ z(H({68yFsj(`oQpeV?qAX=6L|3$~6iW}8N5v&Q;KS$7F23twnWdGyO z)r;t!1h3*9Yq^`l41?rlWLP3+>39iN8hKd9b=2!{@<1DEmEgK*-387yum0r*d$VB& z3^*a6G+Cqtx|p6&rK6DRq7b`-ToyREPcPvdZ+fZ!Fp6|;2Np{>*n>KnDw4`3}|Ll?lUOOdp8JsXr&#hcSW8Bb*#HdK~o&Cbl%2`AX-F<=M+8g@}CL&7loL zthzCq*xE2Dge}buh_is1h-yY1u-XT&Y<4c>i?}yGY}clY5|>mT@C)CaWVOo!O~>24 z9jf|-`+6vfH=3`vXOe%FY;maXrnUX@Kr?G;j9f%jOe<Yh88N2OJ2a{kO;1_)_4Fntb7xHng2sOwB)`9h0H62^@CJLA#hO46) z`Q~cd8K=2TLn(E4lna3p0fpi^#4+jG=VVQO+I9Y++1z=k2WA*GWnh4hSlFQi^&Tu6w{WArpfqwx*!iC?16GK+zS&+l zdV?FqWt9E+%eY;bHr>bD&<|BRVMQ^6e|x;tDSc zKpBs}tN?9@`#{9Stl7(#D56xb*uZ=VxSx;^Pkxk)w6M{&;!6doiC0 z@CTYXjly?biLkL}a1QNy(DDULI~I~9yW2`cgNeC}`FPhGO&!3rUuxB3c1M;_s=eoS zcfkWf_uTHT;Hy2i`@5YE%20e8dC%>BBgIZWi0rxDe}qN z--JN+qTO8}GMHj7+Wi44_}#8>FWTJ&BGZWMMZ3EZnCvB)|2I_j4>8GJlKHn*>VC|H zy(IH45E-0G-b*s?LK$u^$-E0h#;4g!GXJI!?`HwdUXpnihzzFKOEUlNSnmgs&R&vv z7l;gQxZF!J{}|=|R*bioWZnfL?%jCs)(89a&(ziZ(v<2~OfA zCuM4&KC@pYHVz(*bP-(jor#E|J%OUrPU#UJxIf0KUaK8N`fTNaT>Qw1_7cZNL^q<4 zU%+L3@ZE61+ACpO(-NB*RrF61?U3j;(xo;x$D^MeG$c@cwA}OLTEwBrDs?-#8vaX> zs1^T|;QyR(&|yFuO2m*FT8|;=Y4h`Ca6|t0jy|4ts7pN1xcOU2@|g%68s)a6Ldiia z0S|N8RXe#l4Uwpwr+@;WKv?y#7#alvkrcRU*U-dxXKUvd;6>C?l&g{V-B;j7nNx9R z^ISF@OZzq#we44;?M<7KcSr`%xp{>Qe}I!O4-3uB1Ya6}+;@Ddn}hre(#|eHw+(|o zqc6M;b$87_m+W6zEOaZ~*7cQz)(RC&j?(M}K~r{Mt6mjFR-$nmKD%hetLWJgnFC8F zSz2t;8=JCL{hzlO=uoDAX*k_m(L(HRSHr;Jho>RF9&_!}4Xs4y>JDd*Gz@EzccjGj z>>jtyO(&Budkp7V21qK69GmFx`PdrP@aUrLbYwqoNdvE(Wa78$HAEyaLKWf@j340j z6gx6{_c1>jBBO3_IbNtW^+Qs;OvWhLgq6NBnr~}d88B zuFtls(~!aUkS&t8h`!{DT&I342)b!74ulKg>HcDZD?(d{)TLMbI5I~CGM5SZ(Io13 zG8K9p+c^H>;Zw9k_oD;bT)la-57P!?dT zJ2ic~t>8z4(1FOOfXQdc4-OkwFD?yJIDR zt99Hd4sN@HJy*LeX?~;K+;g=%E!camb~jw$o~zwy47ulOciK`Q@x-31-DwQD7uD{x zrTB_l_M+MyiUR)R-d$z&dzlAuiMzIw6?ctu6y*^`c$w`GLc()HZELGNjAOeR>t9@?5l9ec91uwPUH7#sk}h|bxSXUEXykUaj6Nyk zRqE)k?mDl+QQL0$?W;*Y@~(fPMR2K*Iymni_vrQUUnJ?@irEtO`tU4u5=&W(yq%nU z%`bL#LDlh$ldUf9#n^jwnorx%?E&jE<{?lwwmd$+Biu#1mwf)fd zW3SF|a%nw~%wqNvZlSnaCzHjTy)VAdWyFq2h7=JpwgP>p=C=N>&vCj=OFSaZ3Xu4b z;96v?RYG$6>F@%4Ng`?`$_#xt-7Ef*f+0b&e_Sg|m4`~66zX5TQt1?uvBgL3GV3+F zf;f2e%cDHoQ4YReY(o%v0?bScxgswL9Noq)w6tOB3CracVR(`js4zdf;TVN8bByXl z9C;rn{5j^A9&Q-?=BGa*lOwbyjt?lXAYv3M4_s=}$)Zz(>=SCW(nOK$e-kKOE(}Yk z0Hoe!#Vm#Nz#^LfSzpF+EyS-Oiqzwv{Frck{s@|Ee8l!X;%eTn4SD;vW>Av)5&M(| zVofv9l(hcPBYHcgkb(z)BRA;k^Zi~HNL49^GVGiN1--}vGGK+b$K%mThOozE zsC+KU=HA?10vGphBNDVanK5Gp) z%YpXxxs#3I{ZxIXF08fEGAdyW!)r^AH7ym&9o6#fHb-=s!cN3@T@4()bNVOa{`5~} zCsTQlJ(83Y$x>+ZZclJE;Cr5Bk({MQd;8p}rw``^Y=;c(rasI%zBkK8OdcxQkTbYb z?8Rs~Jg&;K(Ik>9 z7DjB-OBRxROWz(u)a%&(1d*lAf`&QcLM~1;O{GxR9c{BBcQ&I3Caqz~53|~8VNzWw zRazb~dh_h_>d3qo5=A4;02hs@KWs%h?iiiPNUn&hKbz>ULfB}I(Hx!f=AbVVzwIqZ+tWwDm5L(ifpTur8IeDmeB_b8FMKs^8a(8aggS*sK zn>=~Bda%URCEKMu^jL1Na0kWW!cr0oCG-AfZY4r=2!esVGnFL{GPawkG<*Dhtoov`RB_<|H2Ts#QUN|! z^%rc9M=YbwdBdp5!wzSt-G16otGFQa%u!81y}SE;GshwaKQXhHVDO&}>YJnlDSzGt zfF`|v+UUPR0$4SsX~Qy|A1l%Pk2|^APS1=z7lvosh>@Tx*7w3O!8%Z~oS0Jb5oIXO z7s50u`>=ytY%FA)87^Lo@i|=kcqTFW8sW%%o0M7YffWJAAw%&?rpIT2+c4{xKPdMQ zcwxHi7{={sxcxrJ%+)qsRmEDXeHROT&l>bS{%t_^vzISCg^eCQucCnVy)@nZIK=hqh2zFKnK^a+ zYd7!k)%LuI*eag6`FTW_7yI+(prDpu!6n;bM&r(GF5~`>ylW0~_0oCMYmWwJrt`e; zq+C8ZS=rHRvh??7Yv^>H7?Bxx`Cf!enlQaJ8MWoUi&d&c8_t6Zbd{HHzrKs# zxB|VnPsnSZ^RJ=hU((ENb}34m%Iq(cg$AKve7IjW%5C3UGWtBOTtXBv7BYq?6MoL% zX@U1zZe6#o011(dPYwa^9Z5@C@~3JbWbKiT$skk)Xxvg~15L{Q&ANW(uHD6fK#O`M zDWNob;-vXI#Nmb8xAWmec{368!H~SGbCVGpa*EDQ>*EXYOFjQeXty_6 z=%Q|@39Wn5{h}W2ZB;X&P$>rmiDl~O;XXis)yJi7Qe z036#p+!v0(dBl0yQm16jvQV>q8yA5--@n}wek6$Bm)kTeQG<@tHg@%qBAuIkqEC4E z$(6~@5?h(9?B{TWDG?7QaUV{}`X){$V(&8A7lFz6Egv&eUL*mA+7;DJw6mig&$OV#}3j0OT zPcFqq!T|CkFR>8>d5$v_UC%HVd3J$B*ojxbx#>GCg{UvR-xJZox@9Wk_P+DgH6B6Y zTW{Y^@MXW-g|!@40cLYJISI`!oqs4YSbL2}_zY8S%t>Vhq8;ZA)EEbQrmD>$_%Ir~ z@G$%M7O&)f$?(EUPF%N=a@1H}?2DK&EM_dU8CkBzv-{_{r(fRC%NroQcYd@bRvRE9YIc$g5v!o%JKh3+xNZt%Of*7 z$CKWpZ6{G#7eF0i*`vKn3n0Dtioc&Ie`)dge#frqwZu@g7k6w?EP$19Z-$PeadLv? z8qfTE{4iYo#d}VUMYpT-1qnjK2hiTwsf9s5f$&ew#~MxY&yBj<)Rg# zVfi>CM;9Jn;*CXeafnj#S@}#u|5gkL1#zkP`5}=K_0J}_89hn*rQW-kYEpz2>7>Pa z?G#thXz&ro*fUxGFj~6zsXdh58$O0u;^1wdAAnfd-CRUwiM(~F63F|SK_C#pH&^Sw zAb`T*-<0QfKi~&}SR}ViBL_u@3*I8OF18)Exn_0qb-)t~JCCh2<|modWfA{VS^6JV zZODey(5#4jRGqN#8U{$*zPEig6TaB`2tkkd)4{ybJdcL+c1k6#Q9$dmn4`W6dzuJ7 z*CUPqu_}#@)H)QjxuFLN!$Fix?M=jU2OU6MZ1#bRn|-BlH;y_E5!=yBnDmFQkM%Y# zDz?QOt6SfkdbSibri8lUqm!7N>I4ol_MJ6qFRg9)vQDp&lNC_vaCh*dlicU=PA=D8 zoNqDPBtyT=~o2hr@5^&4-IpVieWTFFHX}``k#_Vx^09N%!>j7by&pG8I#u z=vZV7ssGSPxr93wfnp}~2?HplVSny4Ot@8yl2Wu8ey3DIjd6{uM>A_ZQ49D+mYscg z!wM>LS~{&L=&)l*@;lnmL;+KJF8|D1l!yKw)b-!ceheH`m1tM7M)NS=t!$^3@gWx2 zJnz%qx3?F_omq!SJ|K0|g3>PJa=xeCITj#WQF!|5JFY+fM@OC}15#T#EA0Z@{Z100 z-axjhKEDqp{XYxZahJNM#=AxFJvH7fO4IDA@opK;J#V}#lwRj>Tq2_TWDmz#$FaD@ zcz)9RyvV^T7+A_3q8Le^c{{F)tKtk%!uF*s-s^Upfie_GoW<#OH&RB@dXJ9 z!oG^h@k`E|>k$p}%G5l|Qb-@I08k&~j&mJaAiF!rQwuLVE-8+8U-9gL+2Qxs$^a+;5dwmAMPyLz6^2i|_mti}>48%^|%{%fJ@aQY38G3{?j7vZd#sG+Hj$xa-D@Yj2v#Q$zBwy!x(QT zfF`t`jv2INJq#b$$&>~ypCO&rvywIyX3E-e8%0$KJ!| z0>M1{X&bZ_^X+!>T_pFz&AcGw;l9g9l{hKaTA(kpV3w`$a9K0=yuY@~=0fJ3^6^`4 zV^{CN&f{nn+3+seme|z6&MRFntSz536JK{eUgR8=8&&X29L5FBn#2RSzr|yWro(0m z0?s>So-@EC$e(S3YK>(Tnc>ZboHHOIGL(6FZv6`T&4iDiw>H~LjI8Xtl9dwlZ!fE! zqH^5&kePJ*TifQg`H4q+aDPYj3YN6Ste8|#gZ z!!a`U`l;#%;(Hoz)CGtx(sC}JHi|;>ILbUyTc7}e`;BJb` zsI=tH2m1FVL&XiR)baS?zQP+)CYqSWBU$Z*cIeETpgRR=hZOiDg`v?O{>b=_oj z-190t^?A}S2o828Ex@cKT>5A;|Gll)=4BCI+%SGu23rV0@%-F;N(`X6s+zxCe;ngCY>0s z1QCB0{W5UZ;B-mGKNIaBmY_NRHSBAen2&VRFT%CMc<@^Yd6@MOT=)L5xl<{ScTWz1 zQ}yaB)L}sD_#?`Rjjq*4pbW8|tL!OU)8Gie-Eq`%q@G-M^9~14ulasD#y=or*-*Sd zE8Q@>YWTFl_4X%nn1UbWnlSI^rf0_ZmTAe_wf5lHLIMXK9}y;(0M)PWBbVD&4drA$Tiyn`LF0wfYdAE!S!x<+}EF8$cu$08KahwH6Zy- z$k9lDrLWF;h^F|7+(gqFJt}KB6g1zg808l|u5a6+IK?yVk28>-#{rJEAcRrpi{=Kp zyNQLQ>K!E}Xdm@XE3OhxE*^2grK56DyB&OW4svf|7JH7`r%G~a~L^Q>Br z$lCYcIYxKuSxuS|?Cw)hEHh;m3ApI*6R^gp$aBZ^_>0jnUBm{FoeZurbW8MW<(N%n zD(fF1#4M76wPiSP4RX$vuh1;@OfBnKk&xl`_B3{<$~Xoc#~jt+IH$Q5$6S)kNI@G>_{vb1To<&3-()h+5b6 zvH#WUYd*4%n`4^!YaWzKs|sp(eXL@R?YsTU$M0KjF5ZiH^5uJc0?#jf+#FP17<%bY zYh2?QIPU#3nTtsWUkawom&nYyZCO66M67=~TdPZvZ0W*R#f-WIZgPdb3@*`DtS;YA zcaq!5CHupUwClxqWv42#C&omL1-f>Vr(B%D>%1D5b}fixY0Ou0zK}31--aTd^)&Yg zCx@B8gqElfP3n)?OwmT;&~dk0w8y9uK0wWR-l^s)YTtZHuYQ={2m?0YRFHD)&jAfD zK2XLV$iFFmYA-tPLj_8pk@L%%>STE$|A=y=!(G=b7S9^zFhyM2V5^UsjNoUsW7La! zpPAy~xgIJEht|qbluNBDp0N)dF%CiX*17nFGGARcV z893&1U&oRJnh(>6-*cSHUg&cRi*{2EkkIn*K3gLMwGI|@Y)@$x3FLbHGRNUVtB!7W ziSyi#0-GkxZ@%|!BWzW9z|pi%0?34-h1|vhNi-@Hh9f-VYR>b4W6Koa373#FZ+E;l zq`I}m`mR6s=og!Slwxq^+N-I26GR5zYMvP(ib^o*EX7~4LXkTz1;IiF~F7 z2SatU7Mj=yZaz*7JrcsZL+CexMrX?g>CwMMEplE-yh1CR&2;-gRab1hx|aDh4!3MZ zjG&vaVbO#UyR2M=s96yn4)Ka4B_f@{M%No^N+%Z>Wig=d8rk9$R{EFYA1dM}E61VM zf7cVQ5Iklc7L>!TU^8=edU4dkoD-MWbg%#?LyKk3bOlCMF1kLUX&X=({DFL?G`!{> z^`6+1DhL(LRYsijE^_*YKrnwtUUML@!bWeUe6~cVdaLuvNs6$Od4F>=g*U>f> zEeYYru_L>sT~ThA${XU0p^5K*h5ao`#VrOQaUTf+@b|$AJs{E$&I&A>sq2UxMX8Gw z@n_ZNA8)xGc`p>NLND774ae`A{rfWY3XuSDjX7n*V6jq?3X$aVGW0}qZ8tmFy7gXg z-F_wM$iuAPoQxejJnw2HhspMwOH}{l@wfPyKZFu%zs$q8l)5qwX)-gF!EA4amKn(t zZM2nCNChQNe1K`v|01>N}p4=kwjEO5u{%5B+Tk-l6YP9OIsnX?_1;Uk`F8}zCkG*fO2nD$RDH+4%a^?iPw>b81>m9nLHG{yB zY)j7-x*FMJ6JZNYC*Qoqe*?&>r9XApDsVWqYkq$I^Q`Xjkcp_R$K%jBur6Gbfy#M_ z6au}D)&8fT3m(P?UWI(-66Odfc_J~W!p$?+$v7aU;qaW{9YFsBZ0xlU>pL(! zoxwlqpWBVLWhAVmb}klr@SRmmP+A(Ub8o>8j?}1~SmF&_I5$0un$+m)UaW_oe8|gO zezi*@mDfiT$wW1d;rSt70`K~lIZEefBqe8o)U8LjdCYoBDP6N8#710ede(wCQ?c&` z<8`*_`FvO}REhq0=EBrMuk~!pYynLA5v;br{SgP#rz^6kKa4+HV}_f!!q-1+OLdXq zY6`e~%`a@a$?HM)kO0#Wrk3IKQ?#2bWb$+R!PFeD9&&M<9Vh@9+(mAPEklwadvT#H z;^XZy!0M<{Z#jO}|Na%cklp6`G(nO2gvuG~87JHXAkx1#<(}vl)3`z|7Oqd5Wd5TD zC?KfJRrSaD*N{VcfUv462w%&~=Yiyhx`#Qcp6`TcW~F5c$lkC3MZv5DV&p~nn~ z$aO(Aag{+no!X3N%SH*I#8A?SxP4dnM}vS{aDe6QIl<7Gq4of6DhRY3R-_BM?cP_K zg;&uVP4gwfbHq2oB8{mv4c2pP?pCCP_@bGJw&V*}t&g?I&mZ3Yd?PMUs!Fj1PN#v= zSJu~6yEj8rLUFu~py4x3-sV_2)#m*o$bQH375XI64z~TvKnAs3nY!R~5k*Bf&vx~0PV(MOtM6kh@#Y85``$Oj}a{ z|;5mgTt2FUnO9)bf z1Z5I>gC25#ZcJONiCX2kUW=hd8LEel!6iNAcwkn)FEypXo*a)Bd<01^8QYud=3;ew z_A*bk68EY#ZE1wV_(w0zmk{r#?_}6dbyVwO(w^oXeT!JwoLIKW&)$VPN#&6Rf9z3aI10il0;J8ThZBb zR=Zv-{qvkffCqyqk%^BI5eTZ2d@-&5xg8kYhM{Rm1 zYKeSv0gZ35if-gSn`$Y|V$k4+GIh?#G|N1WxDQuJS|c@HVO)Dg-;Uajd6BcZ!1pXr zNt-Tlr>l=Q8;s4(T&ike?wW_M5Q4pziFyicWuCTdQ}%g9d0mqS*-UTBHB`8vRuF_}K9tqcJcmiq?lGIoz&s0muiab4)vIgq`MIq`N5x+koyy&{6BL z{<{}|o;P`=*4RKu%1qL9RNl?cx4P^72P!ZY@Jv5AUUZv0V(W)?Z}9F(3b@=90|s(m z*^{&H_Ga}*DUbwAG%}{pV;EayF&KwgThI_K*1nd_s6nM#SSfiLHQ~mZNtYer8LTAx zmIQsWam3$A@b;L9oy z@;d|)L5nSUVoL@I1IVd`O4QDhY*sP7jle$r%}N&}9``d)@5s${S{rs8-~m_+J;Kny z;^V8Z?6eQ0EfL%lH*CpD2PkEIBq*QQ=C2&%v89lTnK!GgpMi^Yfvwr@AbBul_HSI; zwF|{mzKl!;(U>i_8wjHr3m13827-mW#>%xc-`PXj?=tfZYdl*k6}b#mv$VW09ezA@ zT-a>x>gqD_V#i&H$+BA!92PKB^~O}$yW-hLgW7!Q6xf646wmSpDXw04kYS!NwFC^f z#&e1CERT0qtJzpVfWmE`VFKW^TWk#fg!Mms>!Y_;8gFuK{&`T}CebL|%=PnrTL=4f;{)4E%Wt>Jo$5NI3ZlkxjCU}?WnQ7QRdT4lvD-{)iV=88l3`G zaqq-@u0hKPyUY@R5>OH@)S^kubTM=hYU!8z39}>^Q=|fwO<-$iD4vury8tz(g6-Qk4ax- z#GVjmqfZL+8v1iD0VMhYAlYo`YJ`S@%2nC9Xms?!Xuup;ry7gNl47*U4Ko1JW4j zRH&vpnmMSBuFz0%H?D;5PXfa~PHP>$4tNxfY5H<3^vtG^G5@F*zS11SvW1q5_KR6H z8MA&lR~oJOF1>+kr0_9>3s{m9=y(swt*?x}R!M7ftu3aQ+t(APSHo0<2s9qNpDjxRpSaDc|^0{EZ|== zx|VU&WF+4Ua{-O$_4iLw0U{!;zr5+OIA~fypFS9 z@`~Xs?)<}Tpn+4Cw#sUw_wec5KXjgOoV#TyTE(eEA9+6g)0xbw`ub~k`@W}&%0*wg z@#y&z896`GmSBLMHN@ zv*S&FBS2mmU>B%?!R~?bt}X|H`4NXS_PEvRpm3grd=hi5*U_6UVTI7(-DgUm=bHJ} zHI=Z^p@b?KR0xfPf44LSLKGIGZ&Gknvv@N;lh@*$;muYT)tIB8x z7lTb&)#itKPxyrps-(>m&R5th)sc-w3;ENK#`MQh#3!pi>}GVg$LA?`Af_nq=J*Yd zjkfSVzO&X z%wDU1-)=aE3$Fd*ieIY4FkZb3OOhUe6?$@vDouhm!R|MFA^N}$n2hqGBCVU_@;6jV z%BzfyOeWS7IvHW|R7bT~ZcG4==9Iw$Jk{h!^MffDFpkNN^*W{MS=jSIZmt!u*x((`3^n{CJGFs8vz8}qg6&gvK|478n z^1UW*Uh2C>**k7ft*MzZIo>*YMt|eWx=A8cvcl)&r)>G!Bj@W$i1TKfNoH+U<5k_DF*Nq6N6 zMkE#bNK^&B8rd^#mNWy=(Z~@q!26^xjo--tqZ@uX^LE;Ic>ZN?{H?n(GtueScn))$ zVZz{1yX4!-ZTeJ_;EnfcOOfW=D9&NgN8l&dx2p%i87%)^@_&v(b{7iNifi*VpWCE4 zu--73IiB+-@Eek*rdl)CTNEsf5Dw2&R5sV(AWstFgd9Fn!B9NVH9+)2+aZ=3TnD1(&5$bi9gf`b%=?_okWtv zu>3yLrZ1n$`8B&$vOzrAgz}&no1BJasWd%q&^%k{Cwn+c>+-1-@rB6<9g- z6UmYZj881=7rF~{nk~$K(5EgDGryZBGzPLj+5`>K-}rWuE`xl55f%!(R0?=*{^LCi zHpnbS4R5;440}vx*gea^zzBP7QZ?Z-vDbh>*Yyqh=Os?f84_cISa^8m6oFxvTkN(e zZ|)ei`lPg=hBPj@(+*_GeiNVuUGt=SRTH8(1WZve1;*(p;!-`$zBZjiXP%oXXIdKN z80ab@_l)PUCmcT>XQv;GCsd~}eMqZQ9uCW*I#m(|<*FNZN;Q$~s8m{p zPW34*d!PM0>97K;9_3k`HSsNI`>T}ETC#&=15UIU;iwTvc02@kEBZtgXmp-tjt+7why+@YUcr z%*4I)yVX$=@}1iKdohxUv+id)cf+r;ir=1?a{FUvUwxp(x*{9BvQloBu)vsdVRCTQ zQ$uH@zD`uHQk*=-_Y+=TTul8(=)fdnrl*ruVQOZDDY#}Xr)ZL>!fZL61PTm$1-Du6?YtOs?9+q9k*7`ltMsjNvzBdZ`TjWF51W)>5@`}xmVbJu z%=VMw{`LYiur^hHxlj54HbDG0)%m~Ng$~&5tOms;7)YmUMhJN)da^l|f092!$OnhDk3EPl+<~8ZeS6ED z$?V^!OyxR;jcd$uogZDGy|asxbbQU6RUl{iRtvUf$Z zx7kVi*M?~;Dl1Mtm_BG0Ka7+^4ov^HD6baTfd~Dy3;#+1P9GTT2q1pye&${YAI{G{ z=7j-+`vc(Q6r6*0T$g}?Vg#~R{Kf?FFG1UpZB}xuP2zykj5z*Taewo+yK0~S05ugT z46b_Xu9WFNxJbbo7(2s1t? zs1as-U@i*bjSmWHgf~90NE6|W4+?5TP`#@-`LD!;2&(rmVBa?DKm^qX73pCkg6e~U z8WB_dwPMt3D^5GI?rOQc&Qkkx>VI zwon$gJk?dsdJjMMsa`$Zg)6A8ua6d1k}-l`5+UI*VG5~~muAc^QRrm&wguXh!)#;1 zr`8Xb2<8DQbqmRYp8H;!`%irdf&wf)S2$D>_n+VQo&PIIfZ@yK#xVZfNPpXSX^S3p zAOTR*J?@o0C^q;vKJ51Z%D^kb)fcvC7#u}fvHKn0=RS;0-Pv?K4#XUpPKm3v{3+M^ zVPwC_QP}|Ke%+lY?44luza};WLbN%X+X}eWw(I)6H@8u~+EloS80v5G-~Zjs>i}ro zl$JMqYoq=J@Ry_pl#kS%!{2-cjEBdt`I-n8>clzU;nCCqO_IUwrn~9^a~6`#@1gwF zyq90K7Se}ulw&f@V)Fj8ioOA^*PFlsdV&P()=^lYp7ZOYzucNh&oI1#O7TlaH$(V$ z%-4UxLvrIGm>=*KZ65C~85sx__vdatyv2zedbppia_fYS$GXo_7@Uk9-DXR@N;|+_ zTiZj>wrT#K{(?9ln72#4II;WXDe?#(GvGPvAt(ADckG z>wF+w3pU^&Gv1C>q&zOmPqss!_3BGlAHeDQNbdtDXfY&Cz=_=-#R2boUP%DoEzjxS zli8JU_VphWp8(T3k&jTX2Mh3Ey9f8M0pIOuaf{zpHTMkOb&^L2cn^dJk5(fD3@7oy z1Lk)3AT0P`IOJd{TEo(p_}{$%Hh5-)u>b#2*a!h50m2!D+5$NR#ah=}?Z zJKHW)+a3N03r1M*?lfo%-9%V0!h*L@jokrruqhKFibh1yh$#ARM|8ILCPHS}2+8~nkCI=fKkti+%+g(}u zWS2H6-hPL1pU}B`5jeEHmOZnoblkSuK47WoCA7wnDOPYpWV233ra~RXOF=U=Q!0z| zJsvZ){gY`nIzN)oQvNw*c7sg+W;k&D^}jupd7h#Fj(=w91=4KF8kVWe4t?YeLczN} z=oVBg0!`-j&|%rM-M_tfn{RIVS0XboWG){H>w5~TSkVRMBMfXYv%vr4{UxE9w&8J2 z;y$Xq2V|{r!9KvW8&wR4_J=U=xm+W(_ALfd@o}$la%FZ{d;oN~ z^l2M$@$v)Ry;yIkebC(nI(r<^*>%0!Mn*gP3nAHqP%nfUZ|dH*rn${Iee386p~eU` z-eZa6Jgu^Cv4n_*sOXMfh2SpM}c` z5JAPC=yaQm2A;nVYz&tk{%vXRKhPu87@@|9*ccHT|H%pvY>Z%IL~Q)u*cdW{VmPd% z#FDhyG(91V59dq~R6K&C^)i9~@x(iJ6Qe13j~{vhYy!dXWxU8Gy95{aU{N-&<8qk-77V>bWF@lAn;%T8hLp#ap*u=-4+?&s*bc7^`($OWkb8Vx7XV+vy8ehGkciULp-u;Cw z1MI}o(%AoE7h>2^Yqsuiq~w_Uzk31fFC70L>^!2wyRgLH`4J)EJ&u33WW=rQ8KKe$ zmEJ|fL5i?pgbn}B?0fPHg0%LRoPP@G|Dg@vZ&5Y~+qfU87`5@jm#C>0tRQ}u*_<~= zy^eo44U_ea&m2FJ3KLSaUH&$1?yf{^756}`_G_w+`p9Wdl9*+y)%ctNr;)7c0ndn< z`4W2lS>w-z1#1s1jn9DN&So{I^VKPG519zXL$^u7c0+_e(F86)eJBfl?W%?x0c;Cn zzD(IVhPShq)6h6)`Y?>-X`Oy%8rJfp$6&V0$qxRCJl3{IUroLmz%84 z2sO<>LgPBX5;(do#`S%s1z>;5mY4;VW*HLU=GERPsuG7sFiK6_e9ww;(OG+1qJ_rK zXv~@>FVW~1KtEFkUMENyG(P(NL;s&YZFw=M;(XLTTAD-1!Oc zt}lF8fps;LcZ}55ql6r4W98X4bBORe-V@~mxPi$dG41izId(iQbEcWm`8HqMhH#PI z+LT`Bl9Exh89i1ZNt?CBO02!KZ-xqByW>8qLuuu9dOLYZBO#FL z&o9Ad)|$%v(6dmwGyR`Dj_q1_f7XvaK47KV(x>M2ZKQccF=CrOrFGBCJb18L8m32= z5cd$El7S^R`dHh(C%pwx5{D|D3(8362H{I*Lp^lsC%e8iQL}S*?-hA$^B&OrN#N9J zo>B9QKiQ_T1_{>uDgLy*1kuanaq{|zbBPib4;d%U677bbFBZz zfC3v9hnY00S<3crhk1hRJKU&_jl9S^>UAQ#%)wgTAhEn*(kfx#iT$H8kJN=BT(Y-A zJ&GpaVwn@LVlC5?f0p#$wf1*FzMSrNYi@#ZaF|SWGU`}LOtIL6=M}ZthG>-!2LH5U z4dfYE(;As)=QM`t#ovXBqWAdnJaV`7vdyVIo7`G6`SW!-7mX(~VyuTCB7ZKZm&$cij!tSWzr^3XtIDHD-mz9{ zqqilu28%`#)a?_79mFxOM<>EIp_1P6|cy|Ziv-SyK0LS#w8uA>p zW}yNHB2#`LVA>+g+q3@trnzCjM%!=k(n+)e-H!`U zH4u{txHWG+h_`<@Bi{g))}viHD!dIQ`|=mB4nUS+g(G}BAoyK1=sYm)>`3sG;y0Ds zN08UP6`TT)Wp&pK`F^O+Hf93C1~lu&i|aW1+`r%CC?*GxrOv~}0|>c(Q3!+^-ZE+5 zW7R{r;REu=2seB{{utqg_n0DnVdjmzgmA+Ll@1IRZd(FMO=2X1Z^9?`+p1$n^>M8aXmN85m6!Rh=uMv<(z1IgYtW~%DT2Ql zR;EZWy>*e+OKw{VOrz&*nxZonV-~C6nbiut0U52f;o?aSrcL|ocZy(?L;%nm9rY?> z_K1YMD1#sC)0(zYPdpz;NGp^!5r^%>zi)-uqV;ru^FF~O1{%f-aOCc@WRuzTwk1?t z;)U|0@w_Hps$15X`r(SkoYs=bY>=Tb&07?Gqd~w0ay3=~gjL zb#&*E!-wOhuAx#EurDog(VwWB;zgpv&e%*Y%fuTw&2e6v=}u|KN9xiibM!<*tfZ_b8D>+fvNFvWdzXU78e@xbf_3V8wZErNs$y9c}G_2HN)Z z30c`1z~HTsZ@Jr6rp8N;3YOf!m`ONxbKO48B3w8|7JPR$2eqsB?d3=kMyur&{ zQ*nz!Ud^4HsaPp^BsLROO?+v~Hp>fv(m_QpN#bK)*9TfJxPCXo*s7Vo+V#{+V1%~K zH`Q}}j#9r42xf02zaTPHvc+!w@VvSf$!2CWQgLbZ-H~HT(RO_eF?_o9e4^k;%zC!5 zN$=|Ze%Ge6^S+rw^JfCOdrv?kV~pH?ZQ2%qft<(_Ej!N@@^91$h8%z*GN2er>{)ZK zv5dGE8;|W=v7TLIU`qL*b`uLYYYSv?}UuWq+9RSUAcTkuYQmoK|m+N^S zdpN+^xh?eRCxabE(n86d(sJ;A1S#vGcA3@BSq>~tk66mqx4gaZJqIiNTngjL*|Tzf zX@(gQr(;cO=9+8l%WZ`5yFB&!RwjtS@uF=j89Fy@CmL6xr3&D*9S}_-!I2GZfKO0c z^aXSUlyoR?&5ac)a#iQ%EaVJn;`%X4tEu;D4EQ^&T3VYIc>tzYJTrnR^T5;jsP{{* z>hVP{`SkFi_*^QYxp~2nvn6zy*Wv;x?ng$8wGElbud*9tOpm5ODLI-w%F^yg8O*{* zZuhSNb1?AAX~2$ut>v4l=vW$BPhvo=OnF=jpi|{hyeDwJE16_8F~hbqG8DDg70f#kSMV9Yw8}n33+zvA? zJBC5nFv5oa8%Tjx)nF&2yJ zKi1Bw!lp^7(!6?x@wUt5i{Lbqt1uqunY(A+6wg=8X18B<%l+@mcanrX=5>FJ6m(Wb z0=^V>@8)NaD)53tEqUt>d?Ccy!zkR$@!{*$y}j$xcI3$W3BY;maqNMwbYVt9x7Ae; z{&T5(Z><$%4B*^(SoXk|GU+1Y&i(l0ci>fpP5|fpBOi%(WQDs3EPkL~8jE_!yuKoR z7w`I;d^{foch2#cIv0FJroB_H$dh6n65YC&4;p7jj7wu^Sl_JogmwQyMq=c_kch9f zk_U}5D!y0;4)Lq$y^|b#L>qhua18D-Q3s7PHeE1;l9P1k?}k+2>(jQ50pWn*4ykve z69@OM$59ySdon8iGx~rf@Ow5=?eUxNgJVSpN+Wl$Vffx_O@9{7wG- zo55p%3LOaMSF}7_YCQc5y4z=627;z*(SELPqGTIo`1kIAF!9H3X#R4O%k$4K-xk83k3-&PLrW5J6>qfUSy;@s z5pJrozpJ5w3#8nP^9$qV+Vo3{;S=zZQb+wUEbn&fv6jVN)|~V3wVpQ#D59z=cOSGS zkV*hG2~D~*GWeSL6YbqzfK-7ZY9Zw7E;wpyyWXa8yx{=Or3(6R&e+@0H#YrzA>gW> zgWNZ4^|=Gx`dxkh^b1G`z}YvWVUO$_el2+pP%G{c!UNdu_18A}0ytkaNjklEl7r9e zae*Q#)lrr`J9uhSCEBDZR{@;W`&6mnq`N=q3*4|>!UKxc$Mrekeqc8~c0<3_0moHb zS}48Yr#NI z{=kdX2nYNtk?xb=5e^t$X5Xd7BOLI-xF&=H-ld|#`8dJ>!wJ+bX&m8zcL^Yzk0UZ* zIDy(FjUzJPT>=R2 z=R^R(0P54(uL@Z=G^BwAIw~H?nD9E=0s+BMV7QJ! zp@ZnQEt`uPu4eDxgMfx3I=j89?G5w@$?mgaBh(n7#(QI`KfOM}W)U{Kb(r!~P2jvh z5EO!-5CpaJh#JAh2sTEr@fL~W_C5&VdJwJ$;d&6R2QDl4v!7imYilj4lWny^;t^(K zoEE&3&n&EZ)WZK2w%21nM}f*NFP_1aSncDCo}jn!KP+o;FMKz=q^c86ou7uO&y4L% zCj2nc zv%MxCj1>uiSqK6VxxyQ7%TSBw0l?8}lJVY$$Pj?b*$!x!Ee#M~(PSobkXD;|R% z1Lmr?GF+@xFjf^}Jo(f@-3$AsgUHJlVJ{O#hVPEh-+_+34jG%Iba=yFs}Q7=J8KqS zFVdPQvhN-OLW7JvSBg{-x(?X$^J9;c98TeR5`Vq-Vjcq=s`JpK40-O$7?>d6v-ao$ z)`d<17e=nYc}1gZfsO+oQZtT^u>~Syj5Jqyrs>l)XidJ13yDwSHnU9w&$rdfSzBlh z^;_+CPl7p-``+=LiQY)IyaOnz*D53p#!^|sGs9xPx_BA~6{VSZO9?-RbH{;S*zTvC z;ktMm1BB;~xXx@mxQ79X1f?+yeB^F|mt*nW=KF}V_d+0+U6xHr9L@9w&E6-s^<4xo zqDCUuCmT9&=^by)`@Tfe+UKRces3NJ*>?M4d3}cDjs`N=sz)BbEWY^>bQ|8V5%FK} z`iN4#>NY8Yxl-s@5y5V^<$b@t3vv#lG^l%Cc;ljY&_}#a_JUe-eQ`=Wdola=QQa516vkFmc?H`?+kQX?&ko&eUYPlj6vZx2cg-PMK3X@M zDyh9ChdH}t*48o#=G4;m{(5tJicA0fVuRpS-ccgofh@6N8ySwB_URot196uG+vyni zjxGf0o&q8@;Ru~|@;ptI_|d@ZnM{bmT)$Y`p`cVSk&}pQ@@!FXUSY{zu@o#7m6n$#WArFk-W*v5ZsicYrr%ghNQg73JklwmM zU?RC3=XezGU#^&_J#(Op*=DV{WbWhD+K7pY$`cz+ks%Dim}OJIy9%O$nf%p>T)Y|> z$8)4f>|rD?Vux=^a{bc%{~>hxJoYLb3vj$<-pa~@)8Ywa+XN9GQTnv7&TLdIUKJ!t z(HBnLd@lL^2}Il@pTkHLPWs`o2Gy~)(ieFgcj{Cxw=9&dzaNz4hsW$TWm=kl-~QHEN^l#v zapeITPP$#TzL{3A05afL9r<7bBCWzj_$-b<@F3!jNqL^5VssRf$7X`Ev*%kw)XF%P z9;>+{V1?aElPfRI^V+o!VIEmdaQyt#MFL6~MCv@BLZgRClDR;xQhba)K>Ti{pxtr^ zlrZaS1m_5}$1afNez?*g-VYaTpE_04dqx(b_brB;Q&jBMz5hlH*tDyMkxtWLufD#! z#o>ek)ML%BExgUIZ>Mm$4*&$J_=WHOwBcZDA6Idw+rac)>Iyy*zE(p~59<+g)|x6O^}(R%@z=xqG?0!q(Kz=F`=THK9K=k}fKKUBv*l)8tYzT&BfO zaZZ~i!Sc|zx|Eut^=2~j8k&+^rta;*Pk$9qfxe%fYvo_PtKJ(J_tEm~u53Wpymgvfb<0M1^;HiMZvWNu-FmitY=WF8k$wqt? zZ#%h!ixs@>CdflH8s|H+G2~1pzlsHZnklhcR_Sn($scHnE1^f? z6)$(PsV-gX==89lEnV&-sb}S9e-hJvT?FH;mF&8rnl~JHD~o=7isYJsGr=L8r>bju z3uFN+DMTFAq=eNxtzD8@1R>L&guP6z{g|B_inT;ZU2QhkJ8sm z!m{x|0nifCl}}nGvvmrOD|*HP=hTPw$Bm*m!bj)1oP_2B2?jk+W||auvlm$5r-;~O5{M;_Vz8>W@r>nz zN|WTy0J**&M?~!M=+G$I(_>g#m_z%&O_yXGWGTAU*L{OCWr#omRK*4GfsAtG&MRN^ zfXI~YTA$b|b!S<98>+CIUqNAUwo_VIjI=uURm(AVpzUY1<=crB2ZykZENdM-3qE%S z!=tT+$Z)7lPVmCaM#1inwV(nc2*?{Kp!BZt$X7E)Ys0RaR}v`|uN>EAStF-_}Eq85UjhFWS5CIq5k|7=sW&1 z5GOrXGs#h`+>?qnoxF635fc_tfgH~|ISq!IZz`Rt^Q>D7_`OCIPXg(8jq~&d9@#Hw zZvc_4)VWaMb-_d`fIKO`-e{k-268FtVzb~!toK0gfVv+lJtc_0fZw>f$NZ5x4d=(+ ze@cTw#1r73`mQi|N2I(M3AgF=yUxC2FjPUAIG=IO z)Fow8J^A)Pe(ZvG&K{*pFRoIu?30K$Sk0v)pm`0kr>8dj6nO;%M3?7}76?TYz6vw} zlFvyxZA>$FGnMg=lb%7-88Dy%xYCWw5jfYa6@-53eskkVMf)@!=16GIxBHgEfujm{ z?_KxI^xZGf|3pRXFhEzAJ6^rrkcIgnI|IoxP*Lw|y?1;>XK`o-s0=z4r;@>Pj%v|k zA9>Bam@1#Y43?LmB<$zGR_(vHR?~V2-Yp|-0C0oVuPf&vkicm`EuttR3^%HUalg|M z6(9i6oW61)yt@t)2mv9bN}rT&=iqvP z#T$GT#eSxTM*}a{T+L-HPzans@~o2|P}gq?{Z%%Zo?~H38ZQqbq4NWRKLL&_)9a2U z(ipT>GO(yj`NS3r3_uY1i$H;qiGh~BKq}<;_UbbLT}r^7Yq3^3kRAwnr+{oivMVZT zUF&&KFapk<5sb_2eKIMr7*WG!tA6R6D4oF!lCYa5{s*Q-^wOW2yl)qmzyNgBvhuF$ z#t7m>GIPhYx-*GIWZlWTLihsjLSp(I#`>#2V_CzeuK^p%+_=BF_)Sq6d5**?$}TxMrhie4z~MHd;$H7Kk!% zm>Y-?ZyfKYO5rjWweZoI6AjU;tzHI#^_$1XtNv*GyEfWd8epi-PZY=xe!AtiA&~FX zG8)p;-`csEMzDhjW|Hl?>#(0Xq-302i)vEhjDq}&%l1DzxO4;%sD?4Bz&i1X2?9CJ z$0N2!v4~H!XHO4xLV=1w0Ou92?~gdqMjO*ZDfMA3XWMK?j0d^c-6#{&lF6B94e8n( zHTQpq>bI{UOIM?BQ*F?uACDo`Qq(uHffDA2QFDNfElrzOOWoJ9dO$Bjbi_@bEssAx z%{8G9b}cIG<%HFHT5~Q3lGaH2L$Y<7U;Q$GynSu=2FC__bZz$)9=` z4CJwMZ|kih*UzKiEkpgn;8Vtt<_uH-8JkR6pDY*`c&|u2`+T*j1>*ZUfKU3;?^fWUc%1YEcKPuJb`Pe}Lo;;larC_Lggc>sg>8}u6x4=?|k zMLIT;!3Xu;QI(h>kUe}Kx%J}!wx{`3`7WLW2=bJs+urr%*Y|IQByR>9z%c1J;(s-6 zxEHGU_7+f7;P;{3kge~En<@*Jo3RojR>uGT@HX(SZ{AB+w)5& z?M<91mV^`4OFEOJx1(pl99|sAnt&?(%2-jS%`|O-Z8TgQ{#6l}OWeQ9d zgHGhl^{yD3_TMES;^4~GvK6+q&SF;M|h=_U(Y)s_cD#$>O@M&`>E-f5lkaY%<%H*@ie_Bi614; z!Z8K}Okf52C{?7h>6}%#q57X}l{Jxy+K7*H@uLbHPyU8J?8|9#y!DyP@x_6K8N1Hv z3*VsK20;SxdKB%093VCv0)8Z0bMCfx><){3JQpF9QsLR`SUD@YeP>ptprS5Dwj&%S z(qkTr_SlL-`QNLX!l>&|$M~OCt#C0;$ybYhF zEsbs%Xm&VZn`hdsFIsyHR2&sC4F`0@gYzn`j=OU1lZwl4Qu;QgXT?`ldLwI z$oSWBC};xj*?A5N!z`+EgqIB)%0n&~lOIJgSSZCWNDXQbYeS7D7ki2{Zm}8{LLSAT zRGrDm#6)wKh(jKHMPYb?S;k3_Ud|*RS-E4nJh9ITBiLJAU`LG?2d5huU1MSL$#5n3XwnQF zMfVmu`6}rG+MKJ5O*3<6#hVaVO}4sel1AujQ4nb zF_y^Cs@MR`Wi^h&WE)!Eumu_ghuB{~wK8e^>^!e*+-zfx?9Bzh@E8n0&>0@0nI-M| z6qp4$91L;@WD684Ck6=M(xnYLy=iBpE{wHIifWC9=Zr`&o`9VRVsf4{wN)*ct7o+T zdg%OGRlX3rVct^a+Kjn5sqB?HhF{lzZ0_fH4NyxH+zp!62La&e*jD!#_fN|(o}^Qn zOe#&fakQy99_>MUF8%at+o1?CA(mgJy5c53}Wny7+CZI4azO5I|RxoVj zuW&QqVP}S$i5ZR6>O>A4HJpddv5lE0?IgU(W4(wQ+iQwwFjWu#ASI47n^iWg@wYn^%*By z`czUeskPa3gTQ>^O{MUcoK-3md<89=>WM zD(`nAA_{7GVbtE14P}vmmCpr+irTuY4nRerapY}0iX|7R zrSX?mzVOCb9>r?r*A3e)d&(@~cq)661nM@2ZY9IZ0+r&& z!yD(9<6ByE^unhLbEanshmK`1HZ5gjq0jL9TRdtPY6q(}ezAUEvHZY7^o%Z3(#*KY zbGs|C;jc&|UtbWS9%}Xd^mPt8*QTDs5vrzj)Wn^KRfdNr0QsmLDO%q51+d35;DKnSM@*w3W;I7rYGSZnxQGUf(Gn|&21D`wD%HqB7@r!=KZrtNUFSwnM2Za@vQGA$K~rfV zRI;xngcwW6He^ZGAE)H%eP7qP&UwGjIoG+) zCElpMCA8!r12Xk|SJ3;u1x1^|=|)3-E(!G>;i`X;KXRv_TKum#@Q6oW((zRjLC#&B zr(1G!ds+MKc_R}V^dlie6|qrmw@YOsC3Y3mI>DVw4a7my1w6F!Was>STAnIoob~sa zpQ>$MeBW`iFPOVW<7GpXA-)pDc;qDk1fYoCw{OppWFC?fY|3I)U2EM6L7xBtQyp>_ zWZRNpHk-E;#ggQ>cNn@t@&VvWnEJ;|Lc5PUm?|7Rsd9h8=HNcEovH~PhAs#l@0;a$ zpw*%E(cnj}piYH-I21ED0m7_w5QVdK)5Wkm`MQUvD)9D1g+;2Lju6f5BJW3OWN5!g z)L@XQNK1W>=DcRLM@TQ1)xP}$Plq#;z1^0|I8`}$ij$p9?Kdva7C_+Z^j5+OC5B-% zK3HgwNXsZhjzugz$wlopxH@tEy~BW|L0=vx*`4~ak=$Z@pM(~?TvsSh?Su*3FTesujA6V}Sr z?78*6IHP02BUHo_#0pG(=P(xS-Hy)hGuG}^T~=6epTk&O>Xm;nUItF9#&AHaFCP+i zWh@Mu7@@i-xAUGVobslkA$>Iv$UH#hbZYE-8^(4j9w7U^*}*mK+4UiYXzgnQrt_Wa zUb6Q+ABq* zmc=<|ubd`t7ee_FOnrxDd>CkB;8XU-q=RHPy_s_ksn`uTMwBughBEO+4z3@MWdWJV z?~}UM$ENIET0R{F;oRlZxfBxds3CgJCQQTVg`?>~#y|>u2aY}d_lDJv8;J6m2YU2J zTNOGfn_)i)ggI7BN5W3qxa-Af*mJEK`|u>bydF8@!6Ap|4qpYWPpOz8T)b8fpEK>J zSfq&p!sifbE(#B~m@d&&o+tOvm54@1!-%o2d*BL^P{C1oM?m05h6K?zV%3Rc{)#N_iF!xoL4uQ7$tCr7htwjiRQCMMS{lZX} zR>eBz!nlLe8NYYh^B;Rq$uB9q)N>u@!fu8Qo0}YTlt^c#YJbz-p?gnwj#z6`O?56{ zaDh|l6C@~VozdRKbYD%Lb4{7+PHDqKwLs*0*w955PI=B?Hv16%V{Qmj>%p66GfUl> z>uFGa1`?X7EWBLOzEB=p)J!D0h2o~YQz!O(cer$={H@80BuemL#EI5}2n)b%fwS5f zOqi9ST1J#wdQgt`ae zqNaI9#n%75puR2LyZ~J2N_^d_7X;pxfh?{uuSZn-Q5)EgKL2f0J0~ zfr_6Q+Fv3~>VtQma4lM4hF_kAFxL29yeo$U0@GXwrpaJn*s+hDxRW+|tRsSmg;hX% z-|H$W!;=}&&I=eDGcygIjFp!NK&Nr^&4>T|fz}%;Kg88+C?o#yilX6qCu*qhfMfYz zPuW{_1lH&8$IPtC007u1(M{@?sdYL9!f-Y)rhtEs-X+nVSFlqGa1myN0LGn5l68+j zxRozgM)Zq?ehCzUTBM~Iz0xBx?>c*D#wPA8#LoRK86HL14HF~&yf=31v^{MQhRci2 zUAlafLlAk3EpU{IPs!>fR+TLz?!LJMpWSy!TYO699o)PhhUzVaD9Fq0ubJ_bj{}kN z$liPC@&|$Jtq=~KXcqj0L#mY}fiG=BAoi6ukHJVQLeb)$d2Cxj&!K|q75QG`HxJ(M zC8!$lWs@B?P(MK5mK>T!?L2T>w{1r4q&|J)UfKA}M|WQOkY9T)c=o(M(UB|n^c9~9 z(!Ml^KdF&I!sDeUx&PoTvq`q>>`bP8!Pl-@$i8t}kUBl^Tuysol}pF@O{cxdaJRkb zRNf-`0?T4I(2+2*2kjbdL|#0d+h?roJ$zpB!qI^dMErneN&S;t;%8-ayW4AD2A`lG z+XEx4$a_`6S1KqQVd-oQ&rMp%-EXPjmCq^h+!WC>S)Uz{k8Uq{%H*n>HzH)rAe!hk zb0*)dt@;|*WeYvNJ$dH*Hhk_ZZ}N^2(Tg|?PD!6@ZDlL9o5g!7jfkwik*0Ue#X54e zRfsn1%Bw3Lv4k^i&eMLkQI;>H8ns#~KLjI^IA|fO@CihoZr4d&^j2`hEUu(b(BIN* z3knty?iBnPwl;x zV^39vd+5CjlbPNLHtyYn< z`O;L)H~p#SEArI6W|j2R`!J1JbmR*{WB0XktlIQCLcp1d&((l4(}(M(q6oFw_Npwq zzFuX#$^uITxf^MDwp15Rm7@DdU!QfgMAQ_Z^Yf=590?xpdOa#0ypMDyUGVt@lRhTWLB82eo67^u*8UGd zpJ%i=&8x;(FSNcxiFzd1lE|kJYdOk!Hq<)2IWRzYt_pl7;OMpY*^svC+am*mPmb+= zH?7}}Jj` z@+%;VEz-ofSAiG2MQnh z7ca_lHlM)Lev|d!X`Y1#5oPe~2g24Wuu)qix_wytj>T*FjC$p4LiD|3H=>?OO_EBI zzZOi%x*n8?XJv5{(TI)YBE06~oOEA}zutwCvBlT2>2^oc`ZdtdWLf3yVqKzx0!uDITrEiMyZ11b4 z8z`9e9ag;-XDZ)PYQFAHsYrH)FRC?7=jGM<%VXN*qz6;Xew`qg-T$X6pQ9fh}wv zx?Ke7Pq|Zb@;;v++luS)^=F`hd(PWP;g|afxE$vuW^oK$8jDN*SFp}|5vW3@yp}LB#AQ;pRe>jBi{*_;`p#cypD?oYC z>kitUiU{~k>t~K&A+;M8bG1nvlEYK{;&lx{guFP1r8$ORL8s`NF}23aXA7eB$d0%6 zW%DqaMPYGqwM%lmJ@0on9x#0(2Uvf!f3fq+B$8*1SsA-Pmx+6@H-mRVFNJmT@4DxR z01u4R@cPe`C0vPk)k8hMSelpGw(i@TDt$(*j}m2oZ?UyveBk(UfXAkax+MucW^TyU zH_(b9n455QbuQyYpOvB3J6*}*ES?d^Q<%t2G^UBI@H4OL-JcyB9lE0P(uk#-btpsX zj8t8{WlQ!=R)05N$rvL510d4R6>c4uYcWKWYn_H*(~`I*@2)eZWSHMRBPZ~%G<$43 zW^5r11@pdO*%nO;nSkH6?*dSx9e&?=Ye`I?RV?k-wRLl!_)EOIMDfb4ZN$D()MMdh zCtQB)lxM%0$Ybx?!ED0y_ku6QD7>==yR;WDjeJ9)(&_SgM>Jj@hk>O>#-ZXkO)uas zbv-~M92)Iu^@^vKrIpdYg{<_t$y~2y;j6b}U3ddwj}NWz!K7ULf-PQaWgr+|BwlfM zaFJPFKgWK=QFsf8Mc-fq?5nt4do368P3Ldx>+h!A3wZuR@~c2h@C*+3&RZ*bpMmNf z&uj9Zj<)VXU$DYnbG{!V5yD8A*wPzZMgWx}Eo}0q6o7$_RKDS#ov@*=4G0KAdsC|h^L9oho!_{;g4 zC7oN*#Drr!)*@7SwM>tWukc*PD;7oxnT%ef{ed$L4p}AdVd8sT@5P4r z1{k4eI333lvrGrG*{L|I#>bwcD-{MK01{Gc%BJ+|n2T-m0}Q#bdXlwNcENauu+FQC65=^cp=ZC9YoP#1%bywLB9U;ODV=9lfG>(S%L&ceQhWuyWmhkf+}88KVm`70!i>o;M!bGI7# zDi|bdh`Q&4X>}SS)Ip-5Ktz+`BY(N=>r45i0yE)GhLL7b-S+W1ZugogWWH3T?%`LJ zpN4_Ni=|-VUC-EEE%L2|N&oqfine}>z|B0e_vqOv@+b7hFN>_7r_uJ%H2=4CE9P~oZtgE*g(J?~esFP!Wy z(D6uA^Yh`euS)WZby2)sk_<-gguKZr@xPPV8>Dtt>ggN89c+7V9M&j&d6I$JL->ps zsYcU_rnmMO24UkDGxdEmaxH?7ycfy6xl*+|PTgld>(2OMggdKgeT zAS}?tICuhRE<|0B?r5EL!Yrkq4 zKmnfb@O(UYm|Gq@I@?3>TwDg+oAHHIzEsjLe-(R#fKlPpT1Scrxq_c>-UUyfs9<}FKV<#_q>}`>Ozv$G7_oxgipUxvev^z9OA3sL+uSKU_ z(UVlYUsPPT!Vg<_iUB>GL;{YO<)YF3tz=~t&pHWzU@%SsjYM?7f3C=V!3hQfN_k}WE_3yxG&e}bGRyU z9}rxcH#5$e)Xjs!gB5O#-k&&JPm|KPlp2`=>nmHt#-_tZTUE*P$)UXLXl!Kt$9CJf>=Sr3Ath*kGc#0PG9 zAm3?r`IbI8fsgFmU7iO}DXjRLa=82|tr}_a!5!>WxuIy?4y#KzA|8jo$}mur@626H zwoXuJD~o@M)wzT;jaILiFsOO9BLWQa`fONatF4}q%95URYKF2PL;EiD!-`@7!r{? z3eL}#ElgB~S9Tw2FXSW=Zhxq)G!aBN%euFlUdP1WTMi)12vO=FVAYmTW2$s&J};)WlVu ztn!`~?W>W8=E##X-SQYXK)sgkyA8dpYE~o6BeJe1Oh;W5g$(w}a-rUX2Xr+(CiN>@ z6F2n3_@==^+kkWbdo-3nyF$MC=&noF0Q9QG%>O^*{w#>C|LS>ymaCbvq@8Kh57!YShuNU}7D!;6XZg5GqvHnr||F`|zE` zW?!O2mMnoDNR8r}%HI3!BYdP~Q_Axiq|EDFLu5OZvx#*J`-ll7cWiOddx zf_F2E{t05-DET{C*Zmv$5=~C85$@1(tkZ9w16e7M-fxuSyw7;uR8_DN$7wVoCyPh| zdG1L@yt2;G;(RIbJn>`gEm@tx6^b*y3q{+>*i#hVxT+)%nhH~LI zdhL+$U?7Sk3u_!Vhpg%p6-@KBvX+KbA9#~|hkMck9Y0sfu8;`qL=3m$e6LP8o74H{ zO1GpYU5%Y7YSceB5B*0^T(9T+-3#DU) zX$h-Z=D3?68|X5ut9=B!Lez(yUMmAjz(rgf%kBJ{lpc#^C8vXQ1n-4alv zAMyU2N6Zvrp<$#cc|1*l^mvnRDqK1-%b5$$j(NFUWIx2jTnoJdVsn(B5U$h{jrLxW zO&)3@a(DCdDV+P8sLu9g6)#>U`6l4(z;nej1ziYPt&eeVkgi`XY>)bSKZp(D{m#oi z|H@67{;X@i2A|70Ydl%ral&vQy-gHRb=FO!D7CuOqdzpogjzMi#g6USDb-N-CIvhrWe0+n0^3cmuyR)0yB`?H`n9U~Bplk_$nBeD$t zfj|1u<@)LypW%)LDu!Td|6@dG23r3C1=t&DpM z;qosX+6PiVx5P3Vek9-WJ?Q$X0{<=EFBmlt=(#4lFzx%*Uv8tqx#7B51aQ1G{}sCl zKe878Kbo=r`e2Ob-<0sP*6a{oQt~u@v?_|*K}&OND1l`CiJ5-`?s?B@dJdgImosEX;WoCN2OnLWakHl_88aB@Ty|jud?gS zr}}A4B?WL@n2n-Teqe84tMC543NislKv@qr+x&Lj`eVkw3p)Rp@mJC92Vh~VruN5- ze;bVaVdEci?tbRsKWzLn()%Hc_`}BE_f~#LnBRT)k5m0c%Hq4S+A95hW9|Mp)xXWt z`{PvqHc|hHjeimrw)*FPoa*fa=Py>_k5m2IJiR|o^=}jPAE){oj@cKs|0|yP<5d3} zr}_l>k_xt%d|~|Sl@!of0@f?jqP#cPOSk*F^mpn9LUC<$ z>`SMf`~-{QHoHPRLn*OSt_%<|MD5ThvN)go8*PFfpO{Ws_qrIehy{;TE5fl5juuz2)Rxj zzT+pfDD-$buqsjg4gX@2P(!F|MVH%m^!#7EbPIElbOuf`jMh5}u>YF)L6QkS8Z(0) zm1%pj#jPZLF8pCc#W}ISUxC9oV3)kL*ttSQtaE*7%u)!nG)1%pG2p&!a!$Yd+Uat> zUnXcBj_ClFo?@G^A1bwk3IeKV&X?ZzyLBO!57v`Aye5eJlR{y6YlBhNUy_fvc-e)-Zd+Z{%VKB;SgUb@zfxj?`)y$Qvg8X^` zeI92h0Th!py)WRCiCU5_Ra*+h(}`nLEGG~iQ(2?-G1~3HBZnU2WS@UdA6xnQ08-ak zF2CQ$yNj1K3rBFoM9o+o;v3vBEMhbz*K*8Yzw&lMXRIdRNY+*71>lA>tfOzZboLhJ z+S;2Kgsa?M+%%x|6fVP+h(zM7S-4wAU6l5-YMcc1weVOJqAy`*0tB1W{OA!ZPGaJz zD>}cV=gGHL2?`=r9qf#C(?*zHBQh(0Fix-dF47{!1_4du{yeheLYr}&aK-ZTmL%z3~OAj;? zfZiwU8es-if==Eq8 zJIcc4|5&ddQ0mG5e_&IO*#Nw5u1|{CvOD{WteF}Io8=?F64N9zg^M~0o9U*SZ(DD`qmw)%^fMI65#ATZvQ`UeU1UD<@bN!&&T6>>SWuG{dP%9 z1FA(mlNa{8>ERMCfUy|){qFo9BK}Q0@rQ`FH(L74$Xg`hKH@^%zk31v@<1c@4=Mjh z{$_Iy{HF56{vqXGuDxG>;U7}|k-+O`9Kb)M{D+jcM*@m}qT`?7ny=&H*I(H1Cp!K; zaQP=X{_Ohx4C#DbjW@0#^iOpBO*iyMpkbp-zy88MY3kpVfZ3R)=3$4@iO*et^atja z#|5mtoH<78GQB$jyf)oOC!klek&$cFdNEXb_qD}WDwf`bpzhj_xcSj8G&dn+EmNhv zUu|dp2zm|3243x;_6CY7V>|FzVwT#NOJ*u*t;zcXOWmWVu<>1^K*`TY1Z;gnk7-Fb z9zqOjSUBH0X5xZC7TY4q8N^u&N8Hz9cJBhOE$0^3I5+*8t0%t!B(VZOGBLH${bNJD z2^JgVLs6KA`#X}D$v!djjFkYIqMQVw4Szexn!aWV1q91`@h*bC&@{cQ?2ZI2=+z|p zW`N$drhaYYfC?soz1Fx0mYxMlCoyYt4eMJ_xqqgOy>J9>v^e}yDtiOyrr#-<%Tgsrd@IQSZtNIN0z$(SRqTUeDa-t?5D&9 zPsYDf_{!aY>FAkA-R-Owki7L59Z*vUd|H#}{t?_r#+}&wKab=s-oWi8Le$}~R__h# zyg`tg1LIa6z6M+_m9@W28)vU?mGzrR==#K57Zg-Kf0LQw5Osgnt5-%B`@}>~L4Jfa zuQJ$7>2Sl>{j4i`Rwo}`K+$}DEun)U|MX+a0DBF%2Vn zOR%K{v7Sil9UGg+O0wgPI+yrMEHu@b(qWO618FJ6$67D((r&8m(mtZZ#%x`0_6pvkwb6sFrOVI^sWhpI}A?V4XT z7&Y~}8v)M;u4cr&y}q4Ki{0;>3KQupAzTnL#bJ)p z_3k6G{k9)p6`N5KK<9dDO2lrYpp~>6&2^CFvoKVcY@PulS6G%Ho)8B{PC4@Omt3l)2_ZAPMMCD+lAfq)f>ggVlxN^`2{MhLbB4%-8oS4l#Gt#y@y^S*xP!-j9v0xirCryq-b1O^kv z2WKHx#gnZ|=e*_%;5qXlE{MT1luVx?ke(ekAy4yxJiyTqU0;Tka*r6d&{lk3_rLT* z1qlG%o(V6{ox&vI6cZd%^hreu2%^`A_&iNrgnV!+d_slZdl52P<9tmm#&dBTATP>% zGUH7utt3N$A`XY7js?Kvp?eAZ38#|MQ*u6+boS~)=X{U!z(-<;;SCfU1hLf_NG{-c znx0yrWPR`r1pVSgk}Y_sR5xeA-`=PV|2A;>$zi+!{;&J;Ukq|96WQ`J&A6-Lrq0gYq%@ZXqku;|Ztv3>I;d9Dpq9CWQ^i~jBpA7TV<>?FM3^e>cn%d7b{xhduX z6$kk%VCUccVIH81DuU!t;ekn}nI$lqRKkq?Bg&0U~^4aY5hb}n056(|EB z>Dwizwlf0y>OdTE=Sd5SoqjtpodfuJAJjJdtE1XRL>U8`T`N0#O@0pje$xp45b>-n*>e&hls!C7k!OMe-dN<5b_owJVF}I}S2x$!!qZ+rRM|{`% z%seSw9&3LBF|x?HAfo6xCcMZtBt{>e-?=tA;bA0TIGKHS9!-i}v?!Ox_IQtaEMJmY zj!bLw&{@p5yV%u$&9@yN-x<^GRs_d}!{52?-hnpWWx}ctH%S6pZllpg0R@~*ZLJ-r zfLKg~!^T*wKd6ax)N#eum9yW^`);>gxv4nCj11Beo3@BAO~wO?6V9_ZxdSZ_rX7N! zzNP!DBpT}>+^>WM!)&6j+~2iB;wHEUVm@s(Ec0@QHmQz+jxO03^9Pj=0}hyjJW$@?a*!i*^RSXo>Y-#9yG| z0j;boS@G>ax75NeJ153Q33*Y>s7dIv5G=}4zvoNSbd%ppcnP$|QCN4300a5Jt_>AO zdR*(I(2a?^j;YRIpKrbj9~+I2+C~jLf!mHhQ>Vm+6Nu~?{U=lp@!SrGyb~~8L9VyO z&^pAU$XsMfAVo%fU2_Dr$T>N%7O(e+&Z&9%>+)RgNAQ=Qxuszp%H^;pYFR?M?;wkOZtMo0mYC#9S65}u{t0bv#r zZdcc;@7H~~dmF7n6?ZM{Q$N9v8&SLW>gf4u=!i^bI_su4_%8L%lL~cDr&$Z1=?%Y* z$(Qb{+lOC^+^0wcvNOu2yWq@b7>^C=4sm(b>wm_jQf8frkzg6H@`KJwpt|7{c=Yhg zV`$*WXY;?jw`@y6M+xrKp)?f7En`%#GHGX)!>SfBZ_fV5n&sfPMaKbY&Myewi3)=q z&3~YD- z-4$eggc~>Yo@dk1&)AZ@=hTNg`7WK70{}>_&JLN(yJYArr1Svs z?%rKrgfxIR5pcl3k2r&d&>X;`aHymTlkk9c?tyJ%*g$xdW4il3Sozb{d}dq?+WxN! zTOm;`mq|_C>yQ~|b@7H%(maQAj-Z3IW!jTQN|WwlF?UjJBFJxDS>Yv|b)BC|<%wxu z>{wW@RqvpAzJeJ}+1~UR)CYHEL9?tj4uzq*cvM`{99)wkZM_4tm(FW7ouS_o%5Bec z8Ibbju9L0sIlJ=FxHYc;G3rL|-smpfi)X}%i08|E*Tor&oMqKZAYrgk`R4kT+7L{; zFsb-9rUc&V0dTm$sYL$~4v*Uy7h$PP7n$=Ndm`!=kg{OWd_Y6;yRe$5Zb+ThDb&2O zh60SP9oS%2B9ul3kaq{3g}7A~9KOmwxgG(FdO8eFlxb1`{*A@7kM@z_-nu4a$ntZ$7ERAwo?=8vJ~GKSyoSURwc!D53y|6qkdr7OaYp|G3o#_$7z z)K13*Q^J5Qf4m zw8Dm@Yt@4-!(6YhHZu?`zK9IR#3j3yC`puzv{>&IrH+3x3?`3{LWaVkXjeQ=f>uT+ z*2K`+xxQK3r76H-Y5|FeCcB-dKepCMIAP<;X=rQiLqwb2e3sjA{@o5LjFSL>DdB1+ zd8FtdV{H??=J=46GyKjn&(tej@W3!j0=kSNQzn3N9G#;c zZPTzE!3dmoTw4w9o4rTv#MdPj3LB0d2ETfOp|;{1bFM``S4!K)%o`6Cz?b$03nVxI z2+fn+i!wiUfklkZd+F2{1LnbwEYkXEOn3<=97}H|o*t!%sn-&CVF*v?kV0oSH9;ol z%$BPl0u&CoE-~AMB}ssL61F!^3itk4RVd)34`nZ0(kLRg%|Ujf#awgnhQT>-T~HUq z5sW9Oc1)hmPeZsR)dOLa%dQ|DiSayta%#)~Zh~}0XU`XNdU@8Fys1TA(@EWQ6a3%L zNPiz7VI%##k4<4tlE1RyHMC7yD-Bj>RO0l{$FEh_U8}Ve8fMS+ug!^`M{DUQ``AlZFy|8X^#(y+38b_+TcjltI$NUr_ zdcOW>?N}5hJm`gEpd{7E<&kZ4pRNMCJuHFJCq8b}z9DyUKlU-069_RHu#g*Vxsr1o z!&cyxr)~|mLp3;zAGx*Yz^Z7He`5gF%7o^cbX>g{T1TUM67^2cl#g=&RtAMBFtXUUb6R!MY(s-A_haSne9Q z1rMY(6RdDe*mlAZ#@JDrFzdrlf-e{kg~F<-^AS$?JQFwh60P^UrDupF?yjHVy;&5mE+dL} zlQtCQv3DStPKOTH%UuX+fhn>42OnO*7B%T^x;5diz$QR0Hm(8YCG@R zOrQsLDfiwD#%*gsh4<)a2Dq%%M$!s;R~BZFJhX6n%%Bgi{-B(s8V*wu71Hb?B9?hk zB-mCo6%LmilN!6oc?ZZS1P-&qJe$?zEP*70*Tm;KGMsY#N(skO1A=XN`A!;mX~PaE zdAG6>y?n9&Kor$Lq+vXl)XY|=o)mSYcxs4@)Edse?lBdbDmiu$wRA0pH=v~sdHQjs z*KG`SPc2OxQS(Vq9P0gc-VHa*1;}=4koE#jSIG9v1s~&r$vJ>igi`f8J71e5BUW zciTZGV5DO*mMx*Mb`cSX#Q4YxHqFg!Y0-m)8_L%ca6ycHhzAt!V38t^R#hv$l#=rj z1L#cAFICeopkZT@Z!gK;ypTO-G%%+3F69{U4s?(VokeOXq@}&BXwh-mOcToEj(RF; zDx`L-{D}pJ8Q(Eic?w}f$TZ@I-OjtfJOlr=51eA!WE|zgu zHG?lG*;;Ag#n&QVE`Vu%EeL!uV|(DjL%!WtKX$`|?)emH$lDkV=ROnTOuedib$2x% zh{nv$SDPQi*^j_9QpHSS!@7y5Z6C9y&t5H$4?(APL54aauCVce;!fn5C_y_%!0$Xh z^{V@o(DixLk{^3R-B{GXiRHaa@2pmN|2uIi^7T}2z4Ed6QlTq0Kn|jJm_jih!xno{ znay?$Ql2>-&1#;LTN{Rwx%MJwan(RU5L9-xTErS&J*IBnGAsg$7f#;Bu5pqe$?E~U zA4#GRA27N?Pi9!S$(6bzM5N|0e+-b(#JD+6nh&RF(rs9B`*j_ zs(?^wVs#M5!~v=pzY8FL5&UiltKm=;WWf+VJ6gfd#tUjveEEh4+Bpo?i277Q_={QW zKdSIn2LRmR{YtdJ>qVG8C9a}4VK{0SulMZePQq9e>~xgqfwXk>OcrPZ$w7$W%3&0k zL}NYou3yW7vmv}4^_qi?2b86lJuFEdf}w662>R8OyFqWEKrO`HYvGS@&=6nZ?Mv!= zS=Gw2M~)MA{#lWz3E<9{jCahp)T!q(1C@c#9#F{W;-v3fxF!|`TX5&`-TR-U;9Fz( zu6dX312KBVSOCTFA`-6RxQqqZSTTH}-jyTW-O#q)9SAiN#2c=G)R|=Fs0o0&!ePM9 zgY8V4ru^gV4)O~{MRRuU6rr$%iIJJBxWxFBc-$mrEUhr=zg^q_$*HuzdjWhCc%kw{ ztJ6YfKAD#KF`)nEM|R-p0x;O*&DDXc z3%8^Ehh$PJ->BZ48w&+8{XRUPrl_RJlrY#-ojR&;_jTQ2%e@ioBHvy>1F&x}oGa2tLqg&M9H~X16c8d`>*YKQULUqR-3ZBk(j8@* z1FSu1j`EggDybh*qAN31=wt#MKOyf%J7BpdX^$?_iHf+4Z?HP3EI|&I16S|Qyl3X{ zt;KygE=$vu14OwVp3{x&o6L~JObWmR_K8mg@e!Y59fN)Nk1F0(_XZ*pfYidrWNG7E zAf}yFV+9hgcq@p-d8#eZjX){1{>|9xf+>91G^#AHR{enP^W5962=$^zPST%^cr$po zPd_~%L+d~3WxM!_LEPPYvD0~?n>2dj;08IhlfPQa(H>yIodT--^iMb#nf)Jb;|OK+&Qk3-4+#CJen5DbJwUu!tDl=kbEFkCVb;!m#$2UHbt(ta{5E zb{*5+QwNzu**7@XA=l3e)T{5E%3GRPUs>o{#vi6gHiC~uL|t*Z3YWfOSN9AL9S*xV zZoirSZ;+>AR0$yXQupK|JC6J_^AFEI{ile?iJb2jtU+%8PBeKlM?7#9cq}y#M;(hb zaS;ua+xyx^76_&nocVy=*`ss1=iGMPNjG8VCwjIrlR|DM<72*ey|4;`i{t)w1naM{v>8~N(Dgy^A!MXl z5G*nw2$Xtmm|bE&#eXx-XFUBM_vzT4RUz!87gZgow&)ccyB4=Zj5Sy&ur6NdDwv7r ziR2ddk-)@x9rjw4!S??>;7{)ZPWfTSSG{)g?{?x!i@>gVp~r{OC@<`l)i&&`1Ol|C zyO)T2lRdoWXL~WlzCG^Kh(PgUBa11AZZYF>ZS?!0Biu*3v+9o5M@#XWq&eZuw$z*3 zhCn!vw-;5bizZg+0^*oZprUb2Rn>pHZ(p8MD!Muq#lXii*q$eh)Pn767IF31vK*in z3DzsIeZ>J@3kuj7qyWbOlzF!eaCDIa{uu-mBTFQru&C=;^Y!B0l*l^ldNC%u%$@S= zX3#}1wPW|vvr`lTKn6edJhUd|ZlLD9sQn#HGo3Fo>{F>8z~;qM#Did}Cv$s3U>&rU z#Wi9eb*DQLxN5}FR1#Tb;f5V zb3v2D2oYfdC6+^GD!t~oyCEHm8#Lo8*Yq%hxOL9JbhMBZWV0fJq&=rfShDXu$K`C8 z_Cj1~W@Zve>r%j?&~eyAxH{5q2S#h^-LNjE{l#%mgr8d1Lw9)nx`V1|H%zX#t$4E7 z2s75hkE9r4M^+78StP+!$Jwg_sPZM^{_iyY{vR@;7b4}AePU$9Zx%jJVi%=`(pvja021#BSpl&2_cCT2|?d#dkJ z&;}<$G6t`XK^!|x=Shwo!OnYCdd7 zj#H~LVrgcqIB(#PTyKk1IToGLn3G}{7a)H3m3yL(nvftX=*Ybs_!&5yArNNGvAoQd z2w7Y4I%qpD1&Y#6#D^9YkYanie9iQniw42!uV1%MPkPfE`Q>msju@Vvq7y*~S8uSZ4so=HxBT;0C)CC28*x zaMNU&_?%Ju(M+WkCQ#XNNw{7?wR#t3c^tDtoC~i8KN{O%jIvschFFfMHg(OaHodGw zWd}g~K-o0gxTkWT8L;if=a#@WGEg*OVoD0*VzY1=R6~HIk0PYI`JYS#FK zUge5Vfs4RkNeQBh@4C2&^xqD$a$Mkenvpj72xiO71sXVo%)eZX5m{-{N_>jS!7Di0 zdkkb5G+v|tAB$Q$6oq;O;~mTT&MjeEhorC161s=rXfGcFJQWwjN0tn!mRG%amGj8* zgNs#HDAKM9`6@6NW?KaA;B0{icgE%%x9UNmB|6r_D#&KDA57<8l7y>OxfByab!S^D z*IU2-kxd|bYYXro{rXPGL0bQJz+yZIDhWZ7(s@xg7UsVpeYIX)=*qeF2sXpQ0UC%v zzBKZ|SR7E#TYj3r`XSr5WZw0B$W52Q6kjI~#9MU_KDw-dGz@i?wEH&hyoX*W*&$B$ zx+54^po%?_wTxUaA22)SHZ^)6&to(MBFATd34c=*tgBpu1Yt8NT|K7Qrk|cu1Mq6z z4Ztfm6EUeo-B|&tsD(|K;%9`*lL^RFdRH#)@ShKPXq41xuPaxE(>{WApWu9Xo<1J3RtMr>ZP3OKCR{a%4jM-@(YUuAWqU2f-SxH{C2j6i93GJuHoz%20xQ~Vye=kL810ZUtP*~Wt=k|uZurmL>$ zR|6?7NhQ1xb!~rakBOUJHaVjHe6!%!+^C5rf_WKr66;=P|%G&HQ!QkbCx5?i#gU+=YY-g?X9-O24#NcCA zS91>#XzA%*Rkfq2h%UZ=Dtf3V84@pi4s*$#D_%uF6&_xung%~1b%oAok4}utOW{x% z_?z$xnk#SBHPN!E5jmJksaEq_gQ4#W@Ec2WND)ATo&8$4Q&bguPkWKh%)NZSkZC@0rF3#(s*Mb1gDNBKQtc)n zYm=ZMw)m-}PXkn5G{ExzXRJ<%$w>rPO~>}UkNH`S`i4+}aFQ2rT#gHp3;|0=Zw}># z9TQ*Yf9mQO&uO#P@**6m0}R$!iF7syxX<$iuptRJ1hz9NM}wLpZ%774jiXzF-XblI z#9X6%0IQRp`oNXW3hGi{IR4G=Z8eDbrpTcj0NVx*y(b6KG0=PXAA=JzORJ7lf^bb5 zglTXM6DUu1%rR;<2w7;C;`9QdyDB1dcs_x7TF5ISpAn;FIS}|UX0Foh!fzc)>F|mE z0Z0Bvy_g570MKUAM3n-*0Z(Sh1V=x{_n}aBS3O=`t$fU6VQnwbTV!wf&1>|ao9S9} z>`>m>`3Q+hIej6hFDTVh53bg+^epN+B-`FjT?p!k8OwQ^_@iU^0du>`4ruN*nM4~v zbMK#+9%Jku9ld*`Jy{(Zs9BDw(F>VyVp@^A=fCEDN_J zFkwueNTS=}@-;g~aE!7PkSxiV^;k)k={C zvRWpch5jB@$oKsND3(vr0|=AvdDzxNFECQ?4*9F)ey8X`@P*0c)?nDOiMUCn^)R@$ zXmT4xOV5C#HU53^I9l6-L$4v#gYhQ}C7~v7D$$w&A4l6X!2)V}h0FxgVe*$$IklFL zUheHj_DmcH^=K?5)9t{FRW`EK5LgX^F*M!VxwTpd=&TQ2#x8&)(!D>C1ShQxxD~JN zg+h!U@&?4uG^$j7HmH=mIu!`Ig87fisU`Dv6J+b!UT6 z6L!y6P2hIV)%|_~nKqODE)tvTh`*lWvYL`kcy)bZ=V*H$(OfVl5X!PX@cPi$BiNIx zXbpAvY^ZXYsuM2bn&3aH3lrv+7YhvP@px#yE z@)?f)sw>67W<+r`aKR%ePo66vzhJOt2fJ&nU?Q8f$=EPbcs{n(fxrs)DPc8}@uRQQ~H%=^@ARHuT-$#a-cE;p1I5@2=b-y|bw2g~A^Ez(x+5VG_mP71~ugR5K1#uX{AO}7s3x^DPm?o6YtMcF(1F0JE&w?Yx6EzAEO6#nB{F&i^WU{ zSWx-SbTL58%%mEt42i=nQoRY1=*#Rto-3n<8}=3{cLmf#{s0z14WH7EwS*s4YRD~| zr^J)X83aG+%eDqEU%S~&h+uUhKdEo)B^#3Z768Ybx0ggDq~wjbY|n(uR_;VHv(_gB z5=|`Eu+Iu$2m`q!;g4t)7AmrbQZ8kgfBjL?6 zdLB_-eLlfp$`pq9|Izm4@lfyI|2H>nDruppD9ILDER`&+icq#G z+o(kL$ZpWwZs{gb3?WMiF&J614c!)7NS4X282dWbvHs3`rh8MjOnv+O{rlw&E z8O7Fy0uU4}_n;x4Y}q>|JRa<~>UbWD~U~g{@|Rx5g$``w)oR;*;sWWQ4!p4K_w~(P6c%@Isu~-jA^E8&Ui7XwsTXlORyI zhD*KzXNdRKAAWi?u81@{dGx7>nfZBa+i%OML5@q9t;EpGtWwx&2*2}I`TclQDa3IJ z;ukl$nC_|rbyJ(Mo_V{W0vh!(hX|gw*op2Ppu#Q+HFhh>6DRJal+u4G!{D$AM*;;RjZ zE7CC|Etha)recbn%2K)#XsXl-v>|ulI)%C#Xt?^ zY{k)VHXpHlpWi~B4--Y=aY8CtY0>xM!A}Rqa|L`WLs@w;APEd2SO3aA-W zAs2ABWpj=ol`|wec16=0(uk90ubI8!0xIW*?4;gSd=l1-kuIP6?Wdm6iz>6*z1z(s z&9b^6*_7EXXFEobNV(k5U5siN;?8uTa%w;88zFZbJ>&ixBt3hVVH5X$%*G)4M~ zl$dW!99B`18ZsJWvYMgX!mN`6mE%V^oq@0GDZywi4nN0062DQe@$vb$wleCf=bmam z)D^2PPwaXyc}B08bmpC1A1~Uj)HN=FY__9w|JYr^{`Le0#%3*|gqS>H`Cv65ij`u! zFgaMU*wv0hh^)j8vNpzHR;cKXERq_s8#!9FHi-LFc%eUL#S&fWJBp^$Z;LFO$`Y_x z5k}yJIet+#-{sw&&$6Andm9@sRm+ClG_a z+m*QVSdz`mK|T9|dXA?N6o3DF){4T(|GhX4G?EbeUKf4qA#HAr<|!-QRto{ zvH5b2L&`*5hHLw;uE`T;B8URM=}!7s;f{|}WXH)G6YT}mpz7S=1~PtlscKyqM!6e3 z(MQpo_%pg!l^8XWF3mt=4I}GqJRt%dGT0*vgXDTzx9CwV$KIoojj!DF{$H+4XcYh_{@9+n_piLH z#cULbrLOCOi%{z>gvJ&Aob&sS5E$qpfE2u^^;mXB9kuvoOHGLbM(^HL3{Jdc*!eDD z*ho$7C`I#~ct!V7;=AAzC)O3BPE=H~Fu47CB#K>dcq`zcuH81Lv9i|KLU6HCMc z_h)l#L7%uC@oZ}={@LB_Rd2VVPppevKkuLW=C)2j#~_sDcZ4kRZci1L$S7LnL)hJR z-;{%b>oP2YG(ge)3$c0ys90aY2vMrgg*%zw*9SDcgT;a2K6|3&cUX&|Xkt3YVEJOe zczMcmGkKnrFcTsA6J!nJt@o%)<@$@&bSN1N?!lk6nmvccYkTBbV7Kc~?CM@ROhXLk z?yu#nlUJ6IuADuGRGh(?E$IL7^6!?)y$>de*c4SXN1Ep>+eIrhKqU>#$l>LKFiilFRk304r z1}6=AIfSrML#bV|{XYyNoO9#TOK7$HiL>}J&7hz=?Wr06+okWg>?ro}`MK9C1Z0+C zBPQ9D{Ts7eyOr6R9N2saqNbrH!jR#&2y@`ZrZKrV)HQa>GX0zThbTI}{wKV`lr^-9 ze|cY{V4ta}w5#N+($SuO&Ir6*zLsfO@N!v?n#F;muDQFhpZ?25bI#*ikHe4$bmHnT3YM^R*`w-%B`Da&NO6W;?o8TjTTUA&0FvEfrFSjn>gtlx-C(~ zz-p#Ro06(hV4St2fF$Z1+OX{>ox~0$1T$7qLDb^1451Z%K2)buc7kVk8?T9GDG1oM zT#yHSxJz4yXlQU8ygD^f?YA~D$3pwuhkVLvuA4USJa^vDW92TJRijQn_fNn4kV)A{ z7P!LOTFsL0N;iTK!%L_L%ZtVAdmJuzK{!W*2W=JX7%c~3PuV*~2H*3gxA0<#uKrOB zg}T#>^=X$eKbvw%!hwaY!ruGH+L0LY{)_`%{)7WZKQ z$!o?kz`kG`A*Wlx6?q+Q#s{0%AkC(FXSaaHUniDqZ18p*3wITyffCp#e9VWJ#TAnp zr<$&dG96wbUUP3w7}9Kvgw;RpPmC;~!3|nT{fOy1>t;vNdWxx%9JHRq(V$YwMAP8$ zXVXQbXN{@7+tI1Yy15K)ekaG}tKRG3sKO<&ll=-C8}adG)0V=Q$Ms)EEUuGXw*_4n zTs8hDrfToVpmU=i!F6$sm(=Yd``Rq7Eoj^d*O&HWvm-sr(oKIZVbZg8UAjw7f7l$?}wmyM&as z)7lag&DtXsT?)i^K^~@zwxR)Bxm{$j2ieM2x}6-#HFTTl+Im^t;I5ZduaDO&PKup+ zHOVV)D;I^2_3)CE5=dsl?(rq|UlJ)6&m#4vKVT{lkI|FK1t zH;7bE=q5Ou=v5lCG|6|ze*8Ri3&)5A)kR(xe)R5{dKcP-YO^VGieRe6SB zA_H$Xz6N2uf2KKP`X;}^8jf?5tqX&`l`w^Us0E&Jvg>KEUUJMyT{)VUs%Xs4r}ggV zg7%KBv_PzjVi;5=p0lyc#U^qK&(~}BP{aEW)cAvsp((i68#U&P9Qvku@ddBTc(*eb z7;v5i*cUErtSi?D99c?x^_O;+llaiCC;Xq@!Qgh~Yh(cwY30BPyIWL}-N1##T)Q&~b_F+DB3W*O~A{vCzY%u5S24!)>d#=t;-7L@g;>DH1>YNHdL zW-Sqb2f)onB(94s0`a zH<-@AnuPXvFbFV znRhAxvw|-;Ka-A%N-`tPG`^r$;+lxo0)Cjt{gIgNdjyPez+tk~5bkh}DFd@M_xhq} z3CNjy{qG1-`E9GX|F^q2-P{)fYJk`B5`NplJADe-E;})T6p3u>ThaxnTk3+*QF@fr z{w4?V!Yy}IMy)n3<3sOeyJn~PEJY%YP{lx;d6basl z%dfyTIr+P#LFcxGK^x@U#NFV6h}5;xMWnS|BRw?=#En{~RP|qX4Yxg%p-A{U%K)rV zCOPy`MKCq!yt~U!Kn0x;m-E3J$`iYrLf-8;Qi~GKEo_A{^NH$iO|lZP)okyAS+|X) zX=iK7#N={soV<@IB>7O27ywdtBbwm#3-$dV){EHQ*LjY2T)Wv;r5TlX{&iE3!E4VP zGX9OZgr11e4m7#cv8Z&Sh}0NDJ!i)n-Se`MZ)s0M$ZSvWZ1S^Kvn?M|SwSogmviD5 zHohUnPG@@PpM>5ZPDpSAZ|4wkqNK8<3ifH)_OPD-`AAkDxEC8t|tnl8W7&W`M=J2e_J z5{!RkO5sC$?pQu3gr-OwNnkfCf>yhvoiFilajPxLjg6!J(r-}wQF`K~cSeHJQzV=yi>u=oD+STQ~!cgSp^I~;g z1smM#pStkVi7vaDH5^ZkT&UXDe4i^& zaL;{qi&}SJT*p{zUmj9VP20A`<}0xm_4=9F5sZ#KyH}XL1mE9ZtYltahHx01UA6kSNtz-Hi5!C+&yNT9CVF9d zuS$K0ph#?SW7hG$OSs03`YqTI|gYoz7Pt(;^RtxU$RsWW6PBpD8Cnjg?2Zqz?@^uZzv zO7n|f-lk6$J=0S0eB9xP96Z7P$bSPJ*KU}L# zKw3YjTtP-Ew`Mp7-Y;d}{IBH}0%U(0QMDdEwrDNQPq>`7Vn>cI%}+R%p%1Mst*yen z)K>k5wbY45)hj6VSq&zOq>8rCn67lITKbPESsD!*Oi6oi*{%#6HEWPl9?9 zZgZReG}mr{boSQQPnN>RPV&(Ggf-^o#i?{ZAufl{la(x7va1jkbVV>SHilx?&d=uJ zpme%2{|wV4D{oMbd1kAbuTNRP(gM=%b^RlJZza*Ly~aO5gT`Zl1sI*GYDL1X=q?&u z^-8Scdu=iv4Orz~!Ebv%Uph&(ns0~ZSF{BxplEBnPCkc^9Y5ae;SI&CH9}7)YC&f) zL$Swd@~1 zlEF(vZj(w+c00+Aw5fGMvfIm|7lLZv->A;Li0gX$DrQAzS9<^wZ_qFv(Ba#q9sJGY z(7&53L^{MW?h4$5k8MEwft_tMf53!RY2718zDG#eE{HZMiAXVxDkbHF;kL(yJw$BA zC0so!*|4zNs z+E=9vD7p(yg75{dIGKS6pBmlD-`f#?>(R<4Psic#dM&b9ZA}p=WhSyeRFOE^=27nI z;Q9Mm#W2sAY8Lb0b)d;QE9#hNPX9F0(dp)pPM-lV$2a?|H@=n}pIdYzuO1UszaKI3 z)v3^YTl$i0wy|B?;Vwa&UrwcoB5~(Rd{zM}-j_SNUwcU6PJ-V2qV01V!oqtSt{;Mr z`DD-y`kUZ_#HrU)gAvPFnvx75hKP%nTYPF+MxRO@pfuZWx zjZY5IepF|U+TOI<2bX?4n^AW3^KHhifv%#xftsXI!xh|R@mxdNqEt?Yci+v1Sy@my zQ6$UHf8bl&JAMdm>cs7XZ16Dwc>^o4j}fd}ff-~k6U&g5rU9`-llZz&E4lb@UE=FK z1e55sL!b|b>YL(CmO1xsO`P5NsIVw40Q9a_`!q$fy*|Gy(~S5!woG>Zubq31c>{pK zRlrP{92x53RA`6t=~vvL^AW&0qzEPo)L4_+mN9L0;%ibWeN6V; zKlOzm+(QtCt1p~FqPS&jj>bUQb9zgO;oD;u{?iM;Y37`T?_22DZ|Vd-ne(hjeOZr> z2aPw(Zt}EBBYxPPh$t z_H8OgIb>;v`Vq9Z%P5CswVDOp>ir2i@?k+b5Vveye5#lH1@{T_V17y_iWn6FjqhI~ zg2Y@Ms6wuPSB#>ZiBVOl4DdnQ!P6*vJS7SKrTjxCZ|C`u!y1E+*Sl8Rt{BdO#JAB+p@-ItX5fal-s`l;N03%y#%^K)6#hUGn{*e;jDBk zJb9*&GYi21l%o5R4h5AViuW!-yzP|fI*MkOVMT`$z5BcX72~TMK~NjQ-AEAn)>HZ{ zh&uy8Q*4h&--SpX$M}a9D%vI&?dZEEg>>I-{Mu4U6>}vjrx6cjq*jyIRZ99$=F!;{ zOJ&I(OKx!SAvCN|(mP003^C_)9f6hXKg~S9$2NB{iSdZz&mU$r={M=Idc0@bqrek_ zP*9RM0bS{vBQ<%^k;>xnZeP^W1Vzv$ov{qSF}_gRFkWpRjG%d#unujDOQtTl0k8>; z1jw(`Mv=tgRZNaOj*y9{2ymG^b|sn;5tpfN1nQv}axiv_Z~$S8U3>$IczpiY=?m5F zvpzNn$QdNL5S)+{S{$hWM#VGAe27|EjwjmX? zKO3SzRXsUEPo3k$r4I!wjPW+gtUniVGR=qJwwMq6F>-fWenJ!3kB~#n&00BonRG`6 z9hB!Hv$3(_K74&)M>O}R4lT%bQmS%(qLJwF4qEtq*XFuiwLKDk`@8p3aBa)M2mMar zHUer8F?gZ*CH*#{Ey@cm5a?ae!oFNNxg{U;FDkRX?fc*Y>9FOAm)n$zP;$S6SAB<` zl)CbUG$|Lxonqrqr_z8<%F77_2+r+ReCuP|Ze@BahkO{-G(93~uDpFC7MpWrtV5cF zAwR?`&i@@>@ZvC!j&7Bm;DI)H3;x8!N%kzF9T9a{; z+r}_CvqN?b)VS@~#kn21I=@2Qg>_~oX5SefuYlA(E-h~am29eiC8Je1;Kb1alx%X* zQ#ERlwJEi72b%guC|{8*oF7A0zjB9Kq=1T?-}0|l28Sc!bRFWy<5+0X^AnptSN2L7 zd4-teT!s5OI}(G5zn3vhgoN;=NxeR5t^4}H#Ci+38wQ$4Lfgv+CO$KZ7HIz0aQGo|MJ@5^%l%fiTf@)-g7bb{|!5y zd7=ZZ`@lD^Mvp+ZGI~G7*Yy8qgXftX`i~sgrx^ESVbQ)!?!i8AA`SKbz=&{%|66X+vLQCk zI=yUcAiKJxAHcSq3R%p%xpo_xeDRW=0$>&MjkA{B4k74uk1*mUoO1w)SxBpN)vLbl zGh0?*hXUC0lf_Lr~g(QpT?}k#P z9^TEL}U&3IC zS?y_}Y0&6+P7!ImO`=x-Euri(r62uQ7KZ{JQ?2eq!y3gh+8#Ztcm#O3NU|CQ8O z{)H|>?y3#5gznCCf0h0+)_#+f&+kv%BgF9Ud^7V2b^Z9B*wE)-cm4_Qf=F*;e3C9tDn^9xjzQ^t?%tuxf<^$>n6Fq}a2m1R z+kZa{$woi(&D}+)%~y(26{$sbHcpiyXs0)VB%x1Cx^JmPhYvCsPIO!iNzL6kdK&is z1Q4Fo=aL9eO?{#Y!p`9?PLw?H^+Ch z>s218(Bi4Wq{cV7e)lB*<9+4*!~2k=C(*ZACp^#dOFD+UD_R%t zN6_UDP-r;ZF3ifzfFhXZ1d{*W$9@!v-fZakZ=C04Te*)7*K8)0a`sRaT@N{t_|Z;f zR>56kZL!qOqxX4a}}oKjUH=N8HI8Kq|KX*F2FX)ihT+u-6= zJiI%Xn?{)b?Ul3ZFCJ-^b9=d5c+C!5EnK`a`KAxo);w+=>TlY7H+Ohk=1~N86;8?g zM|*cZuM9N0>l#xW6MMx;Ecf@@vG}eBW3FLMLt~fs^z!HX7NPFw6}P{k;8Y1V2Tah^ zqVm53=MO%7e6B8#T`KY7G@?|R@8u2V+>FQykQHdnkC0}I=D)ty*Lnj5XFargZzksA z+sAkAI1W&Hay1FIDfcff;<$7JT|eE{T$k2(im0v5=M;hAtMNa-66Z|3h1FW}AL;m> zaX2pDT<*ap=Pri5w)fC#rhfNT<%W;&O2o{2J1%UZ3PpIwXl+5q*hk&IQi$5%dJ@pj zim7`pKEQWla1S3XV-OY#8C)%ULdzEZ20c&h6*mhF$s%W6YbtH*gR1U&%En>VH8hrc z`Vz`@cD`Srg7$vzZk^a`UU@gKHRGml&2M3qz|5C(*t3iu?Wu>U^^%9YZj?5Dj#SLA z%CMQtvQDc9N2Tq!p3Fq$sTv1fN_yJOht68&PtC^QYDgNf_XryMPq*!B#lIm&0q8#R z-Cw)Q$~B2am8TK*j=AdotFKzbu`|#3vJDrK7Lzx_=H%QA*nC8skbxf3wp@2gsW0b# zn0w{CHpveqYE%+U?=u^bsv+c62)W_CK(R{~T9i2CpS2im`r}euYCBf)>1hxGc#5>ml zc%umMxn-MLmTk=CEFTt1S0Yk6?qkU1(YmUEW<;A2d&~LHagMO=jLMVlS2!?n`OTX5 z(u=X%dHY=xsVB&0SCToyd-yI|G z&9rEI_@6BTaG9jk-e9wQ>CWSo;H|i%Gg$ z<55&aJa=SBlph9H&GF+bqgdI6i1KisMRN=5BpYILU8NrtmSzIm?oz575J8Bj4W328 zY2qH+u|uS|bzPVp)SvWDXdB;^ufvEqR~s|fUt%)sPkN0u&FNdT=9vuF&7r@|Z>ox- z_GCxzOBM#CZBc}3MyMLmrnla{U3T)t&1sHwmumF}mL9p=duOlpkv5qfg?HdKNTj5` ze-+)Z#Lu5#sS)?%ROLnMF5MVQ+3->=;c8JD+ojzVQ*u;&fDrB9(j*2ghew5EyMbUj z6NojoLO zJFQ;9f$i}OQqzX zXlYqZT0^M{h_mCut{#eHP}834_2t=M9U8sIU*#9)j;#Q+A-Bw(@lNUDejfr^l6Y2( z2i@&e{}hs$7FO+rBS0tASg?uK*J&TBD+Z9YZq#K)B;e+PpfLR}Z${EcKsbJ<|LDes zO@qIgrO9Tlv35>s+m7ZJ=0O*xMcuqsh+?xa*ZgyfaQuDeoR|%6r@MIgs9h5KyIS-5lGL5FbBxd=s}JK>6`Q&bmCwl z4OP7gV#J0HKFOl-xYj{F#NcidMjFiC0Ww|!XXX~Avou6-U2uKru70QrRA(G01rK^S z2CvTf@-5DA(#~`@A*OnCX~$S;&>OSZ)TYW5bcho`R(`lhhE-cQGZBB&eImurv~pKk zUUc#fi9l2RU?rmH#wjZ)*qv8|CObgI&U1v>1A|q=UhRudVR!a}CQ``mN@BIPd_Jf- zDTIHW2kbgzcX@*}KW3ZgWtY{~vdZl~C1->7&|BCi?nAv4XKFmLkA&fQG2=N6Bb&vL zHoyapypMJf0G{(_eptP|1Ftz``ZY3w+d_gmQJQzEoh z>))4cZ1CEDg4xvb&5lh#%n`*37_^%vf~~<>t2H zC;bXhV^LZ^-tUyLWa?v!u1eQ~jHQ_2y@!Z4-P*G4IB-&NEhnI6lt8{>L@kO&?F-c) z+Vp748e1~#c!fzS%Lg|6S+gB^_HVQDhK$*KPxRN-zYnh&`Y_GKJsG|eI6&ea{)OX3 z|0Q8~wFM0Mxh2OO-d2!|t_>SSC9q&26o6{2=n9Hml^QX@xo1L!XuodwC$hbBu5hlH zepeA;Rbb7Xf0l1WKCv@1ueXLLgv01C<_0n7gG@Zc`ZO}(c7NfXFV&!#MWHu(Vr@Y+G6S%c_MpO z3KhyK!q7VqanXUMfqy*3IkAv9S~X#+HMo;0Ujept+s+FxU2`1XR{ZM(R#Y-(g|S|X z%Fk|V&0ZphwQc%r@14FQ4?>4?y*IrBb&xV~y4Iu>pK>P+Z%nCw#S_$ms%z*^sBv#c zXROCmzR%DCO=}u#NhpYmL}}P!k{MJ`zO2bI=NwksIjR-FCd%r0%nasTDq2c4wwVZL0bA^C_%d$#b7k^BE*F9MKkyHg0S#C%)+s6|wN0)V z#gSC~>_JSiTycQ8E#J;rX~-O`PA$C%T0ZVWdjdQYv(w#r?9Uz$io+%Y8GM=Znw@#k zQrawtEahEd8gjo`nQiY{LLyeZsMQOra-LrDW)BZ~dc2w#i>V5^I_<%67;{HIrtaM7 z5wAi|pj8{7JhF1F2IfwG5KWulv?f4W1IF62h3f}534SWi$I)#cF^Yf4OVOB1N`UlP z$+7nk7${&aLFnbSw+xAb^<+-_aSXZv zyHoA4l0871iI4Z2Oaq*(1(Jw_Ql?^t6&Lm*wbn?45vEw)48m(|^$c1uB56&>L;%Ya zZ*ng4SR8{Znqw%b!+m3@JH(OBM>tTm|CZ^M=vz*rbb?BYr4?hR3N~^vI zqQB+D&Dme@(gW_2lMXGuC85?**zJ2*`w765JaVk>8Stq{DP!INZ>ycLNn|j9a4TN& zH$dl~gTGd$Ab{Pa!iH%Ghq;3A)wkL544hnSHk|p=xIc$_cB3nvB(sCYw0@lhL)rE* z-|Farz#Pjf60-%Jk&D^Vr1s~IwZ@Ll=116 zG>1l@j1IdPxd(;my#W0>K(AQY>BKX5D08fJo+w0W#BrG?desBwdQ7=9=OJqBHHBtI zmA(ncs}WNM)W^VC&WTx<3%;b7$W$c+aduXwuf&)o3rPX0)W7CeI!;RtOq@G#g%a}E zxOJQBv#8=lW*Zu{6{JDJ*Q=90w; z_+8G-1NvUzy1A|Z*KLK~X2LNlXBqKEh(if##W4mn1bOmIWy@2_s_QVLjlp5B%G1-_ z8fl!_^3AvMqQj0&5o!#s+2v-x0}YFI-}SM&5tpB{B@teQ7G>N<0kk<=;-mcb7nqqo zg6NHj+nUaM9vjb|dr5NJ^Rat&>v>B38UCkM0q}Yvqf!&#f!eY4Gthr?lm<448TtkK zsZGgE*G%2Q@{SsaCQ41ZrnikXT9&!ZS_CK&?aPJ7&QgWa(*=QIT+sGm{hk6;Mvn5s z-BiVgEacFKcnnVX@%->T#nq0(FC5!irB9Rm59$ zJQ7Z2z6R-?@mFGEmV2j6Uy@dCbsN!t8K1+)O1&?y1P^;DIV~O@wy-3ttLWS1115{8 zZ#<||l%a>RVY0;aeM7Ac!5Sqzp*c0~yuoJR42KckH1_8@4kn+I;gFme+jyh#H=XNYcO(c z!|y-IJa3re<0Zf7cMS2~il}Qpad6)>hEJ56smV7BAE(7uNpoCso*kH((i?+D)*KTR zK+LE#6!phZaOg6d{ZBFE%J`{LAvASlNA#Mp5W<5U4;V1v{{@!8_srpq$cR}e^^cd$ zl5_LjgQl(7I%xcIsSIcd<|x29hAw<7wk~;rsMwnu0~82_rZtUOL};C(9+FLe)GMBe+BvLADUz7^<$LWP=YR&RzQAH#ShuL z=tN&kQB1 zA^(YO9LDQ3US|I9^?3@*+aOg|KL5w&IF;W%V4>9j_Hyhz2t7?g>IRK1I=sVcE$#=sgwY_u8GOXj}_ z@JYRy()roiD>h3d4nJX1whG?tjX(q`FMvenKj{TPz4cD*wDS%joQq|QdV|pWrlb%f zRw)JxgxU2GS#10YRen0k4=Y-3Mx|eX?os>26F^cj0VE~Y0dROI3_Ol#8cX;D0yuQ7 zW(+ul>chbjjUT7g`d4+#{Xw3O$vB$LV=->6&cVRRNq|^%t`$Oe4nOkrEkJSHsy+kr zkctg4jj%|&hnKuALWFqob-Uh@$NoV4nZ$r}a~Z$^q6ZcU|2S{VH-oY8Q`q*ht=oMM zdE%eMMR~CHN23xEf58GAin{MtaePdPX)&+%%&&f)9EbeFt)O^~Uo@eAEVL|Jl$*Vi z>tjoiPWT2uHtkMTBC2&4*tg#$^dbYLXy|7%fIZiimZ*Q?xky_Bke@ou7TRFxx!3aL zYt-O{yOxO868NSHVIY40Xe@Xr)=+GOhw`x~HY%J}YV7nEMt6=zl@!v3j;0}_LjIld zVhjOMtybw3I{ciIG5mb_KupSD(fl>}FZcD0+ZH&|4E&Pi4To;UJh@HN*qt0Zz$>~` zzLacs_f}aZBrX$RI>T{DxW-U+BDqNBOc~V77o*w;KvcNCvbHpWa0EXWIKIo5gwfpq6M{rGy3g-VR7o*FEanv zE@FeE<|?D$Z=A~aMdKSE?l_I~zd}L+;#CW*6T$LgC7v1x%}M4G(ZOSi#CQFgcliAX z8?*e&;9tY^$&Szk^VE#`U|&9l9MS!F{s*)EBs`esv~kz-Z-;?chAUv}e8H#i<~ozP z1{a(mXN zdNKI=&#&S;e{OgO4F>b1U3o`tD!4q4I%zFm|A0YMh&KHOwe10flu6&o&Q{^El~JxU z^+UL{go^pI;|8Y?tPMGB!!Mm4M0%mjr7FC@#M1bZ!o||lkK{7EclFDJl*$BO~2@H4HH=oIfDq+$k0PX#a?qx zyFwJFtH8)wil(V?#S?rbCh}qTS_Vs0h9#DFSe#_|8s;wOzaNGrwz#kpQEX7Ak6@=?}@V682LZh?V?0JeYEY2D>Vu%?6UJBRn$ zRo^36+cM}d$Cg7Fz9ENsB|}e|!4g3o{)3hTe#5r5bfKMLBq8(*LwwCeOHuTTKvIe? zrmC{{gBgzSf!^}aH9C-5?ML`v*GtR1fA^}f+n{cH;?atg^LOVke&=&k_QWmuPxJ$c zAyBu=F{^{@Yxj8KND(QK&M$3;dGBmiOiIkOpTC7nel@(~ZRLwRe#*vuP3txLW(dk9KieEn}eZF;>-Rl1QHpPJJZbM`!I{-q}<%8 z=_=#DP0LVWX$%;^<)rrf)PI|oJPZ@$E)z(YBaC8sj~$9_Nv zbs(j3a1Sk|l8GSo#M4q?IjT&p-G6HmTk*({(TXa-us{$6c&@O_nVBwiMr``WRp6Ri zwLi-L53c#Z&Anlx*(Z(`t9tW>HV~dPOGFltIKx-u`V;U5P?)?xg4&zrsZWrNgk?n} zO>e!XLXze|YG&8dZfWWdks|#T)}!5)_p8g@zlx3wxOQC#{jo#kW#0<(Y) zW*geGyw&V!aTIW^od=4lo}|ubO6r-D0CX^)h{1@k`x0J>2D=HNgBeqeEm_~JeuQh? zuPPt|7Az#843l16+w3It_I*gm-}Lab)>RaZ4{0?^Ez7hbo23FT^HrTY>hkEqTzQpQL&VVY2p7Ygz0Z#y=+dI?iYZY*Eu^^MpiDXh>@lL{eL$nRucZGTA>&9E z3c8WSbCrl~t9$hk&Oq9S9p@iWET0O>SEJ7P`usl3oa6k?Z9Lm{*`Cwd@p9+ya-wT# zCHk}DI93!48(H>130+9yyS>8Ak6?cWI2$`B^eA?EhJ(PR*^|@<#H9STgE?QF{Wybc zDGov;^|LQH$TUsu7t@$a;?@F^{1k#D_cnWqIQhG5Eck&Kso{r|25r&f{_|VW zb;zlnPR9MJzi$wq_u=46s%@`DRRf5xqkV2>k~Cz6*?mC|2Pn(o2(Qiqvi)L(D%tEQ z@bB8!41*Z#*bd!5lG7SQc259mafC5AS2g5ZEwYn-^;~zXqZtr~PEwVtwJrb0;m4Ut zF2ZMs3Ge=6)-r_z&?p&uSAH~#ncN+lp8#yhvEdlKkpTuIDGUD>SsQtvIYH7k8B`~W zF!4pk(W#mZ?l}~@b34$}hRWbKgc<6^0ju9f+8$hrOK3h-|v z$_{Z8koC3}1u-ybN5G^V;*44TtE&uQsSiE!Kvfzo8O$79%k?`729NWhr?+*V*Q5e< zV3%s1JNIO=h1Td;KyK~?!o-dW`vE5Qoq7B%ZTk==b_PMx7f1H>hp~+ic^-SPafGOB z!vz6AP_5oHIDomIIPb%oCV-jp6X*R~t7%FV;YT>{f5#-52Os`b1;3u&ePocgLZOk~ zebjnbBP9o;S=qy;h$FDQ6|Pky3Ym^B0atNJ$2to^^g0Qhn6G#E)d9UlViQTlzF&3y zPkn+PQ9SmsCi-uOY#=kNOZ|SXp|Ny5vVrf=yNkRai{51IjiY&Gw!hJ5TLRBN9Jby z7WTNV6W7+ByD+UJk79Xf!sM$32!{WZX|GA z=`gcI=J#f=tR6WgQY#&0?kG%R&)RQ;?(}h zpqurPvi)_KEAP38wY7(h9U-=D)z1P!hS!+| zI9B#ufjw!jeN?54T^-#EHua`@Ud8l2YOk?_nk$5@pJos0f!o^sCnlHv%d-sRsNfXH z+w$PH0tV0VKbQFRitnwSw-r-&b2|+FoAB!v1ZId*vNiNJN2sbW8v7UmE_1~O+Mqm! z3;3@B{`@Z*Frac3G;(nR!fLR`4e2Gv!*i^9k!1-ASVtBAC77`{7SQ61-OgKx9_|px|!ZT;pko=9g3n=;rJ7u`+0W0>V zxZ#UFMw>AskjKD)EC!(i%nSP8_)f<){#C|8q^XnXtM{u5NoIsxXjGyW#RFOj2=2ZO zq$*{^%fW ztsZ}fsMdROL;F3#?ujQ1SRz)PL1-e>IMLr0DF*s-u0$rL($nJc-2FYzp|jx%JL)W; zI=}7M747%N;Hp%s7<_BqI=I_}%Z~Fi(*1x^lsBfMPeMe}2M^KECtPxE*po0L(f8Oz z=abZ;6zjl^I>g;38d3Rvgp*tWg-^-wt9^{Xc;?9IL1V-GDW@Me#qb<@T6}UcD>E5s z%}dZqR*7XoIz)^124HaI`5G`JP(xb%bw(@xwrrI4bxdUKhIR&YWY|qmk*Qfw7JA|qqaxNdj@*Q%=+NHUNvzlC5IQ+J%Y0W+-26&Q_D{LXfk^IUe3 zJl=l2W>wfjf{~-@r}^Spxfg)9^nwF@zW6_Fd-OIp{Qmh>j|LpCYNQtmnXzTMYTVO( zwyk3Kthpo%liMN-Zo1qgX31Oh)GPNVSQRf3=nJCH68yjD_&3ZeS%G9@$YDBH1<9xP zyK_rFMrJh*Kde*-F5?ho7%%;G74$Nr*VTczVWk2hv_6`crP(u+xs$K%rfvFo#R(4R zeRuAx3p%dTBNMDg-wYmM2m5*b3dw3(Q8eB0@(Tr8P1Jncr!E<0`1I)9w_QNN*}5dj zJ-}RS`uj1958-j0@AQXO;YoHOM(TzLu~oYgiyQ(okUz&nD7n$wv)k}u`9LU1bOp1} zZKZu&(A9Ip!1Dhn{BM^$Q03k3JF_DwwM=DFr>V$6=ZC)}D)H)UvN))-`=R&EiKmP4#Tj zCEl_ce8OBrdNTFON)-CI&S2*k&i9JV<*Y4%zWv)|c-w__*0pV+X$qg1JhSA72MB1+ zqCMP=6@FK!#xGoUTMQKB`xEYR88C_xzjnUq*N2^27%Jy^|74n+!%)wQ$vV0I!Y^8` z>AG9m-VOnm7B!-YMSX;>`EUMIB0zANrBEiwE)&l*Px#=v9X2#x(R(?m4DAwYM8@XN zBY*G0HN?Q?T&39@3!2Tj;hFa}S;{wqx!xI4_P??+j-7f9!pASX5j4wjd~i5(0v#fTE;?A|*8zC@mme79C2* z01k?BL_kGA8bv^Ikdz)32}wapy1To-wZZcq&wI{$)T6V1e|+YquhH1@^|B^O!+})gJ7ZB4~dh;>Vqt+K(Me7E**kbnEPT68GKz!_F zZxU!4QIlGn1lN{=p1j>TP^0)ZPa7m@ky`hV+Z-cVqBOjlfb8BEGudS73GF2qvS8v+ z1wMW$L;K@Dd&A$`EgpU|F$gJZoi_`8S>jcn${ebcQ*H0o#BTssLIRA^2K9k}p!#ee z9MB~k-#8d7t=9Mh`WoTgI+msEy|t;PQNSH8h*p;&KA zy>N{`x4+nelcB42=eWb*slw5wcu&lK?~es1e4sAwz~dw-Fou##uhQ;Y_G@ds&%crcR4j6j;49XeXH*Mearb@Zt@>t$b(rK z3IfQCOH?EFrcKYU^L8=lZ?y&6@|sCUnv^4&V)l}MT5(vPz88E-%r4*IST#7oA(|sw z{2bVy`ii6S2lj{mA*F9F>p$!J@)wjGSmz+vq!0bOItRfk(*Kbxe}6>n@?B1Wr(`om z=IySuH)qV=AvJ1_*aRbw)REr%*=EJ}u@^);D9g=onmR)=9FU0E`*3<~o_pK8b?Oz@ zc*syK)+gUDZReJ3S=29VZDLT(1}UAnMaZ}2$A6K2MZp%vTBf8ZsPLdCiIN9aICI;B z4B8ZKl^gViXS$Q87%g#Pt21*|ui6C%1Ap|CW89&ihPCfny(ue5oxfxcC_Dlw+62qc z!P1-!iA{uoJ^ZhEm#;povWdFfR@T5%X$zA=x8Ya4a4Gt4lpi=9QTT?vOba@IhA})6 z+PfUk+B?k!@-}H%lYbt>{$JeXM;$^h4-?5y#LLot!BIl4=AOx&T@&izymsJgB8X66 zceVZaGDXEhzn~=jhgFmDH1CkcaZUqZv$x^RWq20I_;yQps}j)a*j*Li3UG@ZT`-&Div}K8u>$*tcGnPq%qK7>blo zY<1wujjHY912;ZC2yg@kC#)|9P|W8axVeI6nj_`qVn#)lHPkVeG+ZJZ|1MkpQC0rM zB*5_is^>Sp1@(rIex0?8Wu5))L|E_)!%8tpu#cB*# z>dE_=sh$8oCqZT34_tFqr_k3u)(-00PvU9$z*Y3o76Y*vzd`Qz=QQL77hBdY^=BeE%b6H`8zc2$(KHx-jbG?i`q zVH`g~z@vwF!g%Jc%(fGP9eQdPY17}Er(`eH=gliS?;?7f6F(-}FD#xb`a=RsrAWpY z@JH4|?1Y`fTKY`(d(oe2JZ-?LC|IT8eRJ|QlnBJUY^8oC51&SzHX;}`qra*AEaY?IBeZ`PXiL~0-Dv4aK1 znYr{(RfXFVM8VUP!PQ;Esw9STWbpyJGj93bR=o?L!0d9`+g=kVjm6Jx)jNJj5C8Uu z?@-$doAwezWhvAgVc5!%sD1+yByx&KL{ziG%JE4}v1^Hy&WutI$2dVR2Rfz}79S@% zsE3mGIK~ETD|$m9N2atiR`$f3ejA4fBCBdV%G&Z_jl~*o)O(#wKmkG0b*?n9BY9_mrIq$IL@{a9kDmVJAYH^Bwkxo1sT*kE! zXZ}4e`qMuXaSD$FNw@$0V_-GpiXF(T4GUjr_w;zwcjS)!%@X-ccZv zqQ^E|0JHiI>AjI$y%1j2F_Y}VnZ+SEp19l`L1E=W9u8v6>$A`71tk98930; z1T05i)TIJEO-~v%z8(T>nv-nOksoEgr&T6;>Jd7FStuQu9u-gbOWyxm3S{4*)}gec zEgi_3hT2WUDmt~QG3Gsdy2q?9eQW&SS6J~a1cW=pS8^aNbP~#uDlV zSy$qa)Z5ypvJDqMr)Z<$aW7dQrf4BmZD1da1(?(v|M?!(1M7v|#cZOB#w$)4d8hI- zs1v4Lo*?T!-u!_JXZ{BEzU5iJI|LrV(TN>AhmQcQL}X(;m)S%C5$UGfFlul549y&5 zx^S?VUwRl?Ow|5c(^J2H=}#FIs)<;wgSYvkNeHkeQOKGc^&RBp6Kxrm0V|OsYmS%C z{~TQU@V-Vx!$Y0ie_2TWUioak3MK)FDX{J}AJ{H{!ozQ!3NtUgFK>!6cc_|oHAin> zG`3(q!*0x{d&Y5+^w)%jZ!9o%H%J6jy6caEr}0zS-xQA;^Qk&Ppd)sEa52x;@e$fq z|54=Q`YFFi7K0!3oquOdJPyFPnZ>W{0+yr~fhj#DRW(M6Y%-}J7Fiw#Y8wt<(VaEm zkswU$F?rAy0t+r-4if^k^{DZk18Up(MQv4S1lhf!^7(P?U^8j>8(QkL$LM2@R^J+@ z_%%ZG1-#MV@zpwr%w|y8FUm@Bk6Ac)Gz3!*=sV3M>wvIUm0wtqK7HxABvd~6h86sj zqixzL&t6Dxyi#7^X^fE=--2r* z5$XZHI5M=R^iBO@`K3qkLlmI-TD{V7ZEeaACpmR(4c7K4r@;* zofd{s`|Sek3dXVCNItq-kILBn(2tsLVDV(`uTZy^8aP>YY8`aE1V81#96T+vgX!(*O_}0M)Nrtnr>|}iit*BeJ%Hql6Y?nE+fQ^_*85$TipvSIo9y<|4m0Uq zEiDqX8$rHTP}sO@0P7y_1!8OMfZh`b5TD~$jqS;+yuOS0K_Kc_mH9)(3mgR3^a$^x ze@PtwN+Ev>Q--GiMcWe{u?=JrpQr?d&JVs{4WfRXLx|$qs=de3wTC0quzb4cgR0D~ zOR&(h>W4sGyLO#n1IvAR2xJ?6Cfc7PFw;(po{!Nh(HG_SGwELB{DGTpe?p81Uf|>> zc!}MCMMStk(Uf~k^>w44Eb+>MI9n)vABSxIl)7B!iMRAn zHYQ`yI9upFEEzPpELe{rr4n?nnkA7)PH;DsfsDFdFrnBKU+=Y^L9<|FZ!89agTJ%C ze+<&!0>8h0;X)2DXEzX#Q9{IOVaJMNE$XMqbS>sqrfR3s6FS@D2{K9>;--;5dv?V4 zEgOXb__OoQG#z-6x5S{-AxHYwA3bpzALP%w)C-w(-M3M#1U*|MZp)a0#dZwkfv)EC zpF2*MABt^0)6g@ zso*BcEdy*5wdyKzWKLo$KE*vIyl5eD(Zjk{b2a~b825KQ?mO%+5_mcVovUvNHuNz-AfZrzi=l;&F#W`DKKfAz@&Mj#}jm)_8c>8beQ zqJ|kK-1*oix?I-Z_QV(XvFPqFeax-@s|4`R-$M&=4GM(=AnQcw6MED0YX-fgqh1&c zUULU$&Tz=*?`}M-TmBt#{^!Shmz;RqfTJ@-oP?S!vYW0IbX4}@E|L)X=uZa6e2{!1 zg?FWggVA?26(IM+{;FPq6z4Zl@jAe=A__2N+gHP952LQ5#F_@D%cla@WIMDFwv|U# zzO|L)m#h>)2+~pZh#W{dm%w@PW`Km9#M@j80c#o%-pGSnL+9ZT3&9dZmQ_Dkffw^Q zdIL1UCL>D@yv&P61ccVUn*}#tJMJsc;=BP)c@=v@`AgpZn`DgkC~zvhliYw~Fh0ag zb|c=ir(Zw?v?p+b>j#?`qQWuP7l-WJVz6&C(EIX0Rn}9cI-tjl;6a7c6L6?yRqWU= zuA%!FnV2~#EsiRisv9Sehb5XL^dSCzyD=9Gexda6i+yfWC$#htxGd>AUjWzk6>+Z; zaFwYRP>O)u2L`u7oq{6hmFeB!S@=6b=%cJxSQXw#nJISkFhJ_Xp<;T3sd9td2vvn@M!S;#X(ESOv?67oVW`@C@HI6=T2} zI^RYv=(18oW3bMqOCyWqmC?Hd?q}%Xghx{|dq9I(z;8PU=;X>6#Rn0$O_E2#8MKc| z<#Pos=s(58A$JLvYQiEN@&Qhe*;ufXL8udf8N4VJa}SS1)zTNAWqU!nFOp9vI{92) zAUfHL6{^`|eNCwIz_rc>`D*~-B*$VVBW2qsL{Mdf-V6n6+W9(~3##;}USzM(N0_Ml zYh_@_(he(Nb{y4#?|+$qLGN}iH}~ix^tSC(xi5N=gcj!(u`U%z@P*{Sj*CK+Av?Z| z&mw;}ub&ftm_UwHXZ?^ansbH22VV_Q1XFih$^F^-eMYLAjBrCGSSw+T~vm65H!4pceNSpSVOB^Nj6V7o+_O z!68h+LatQF&jJfoi98~`5TbrnZDeWeibEu=AFV%9{2uT5QQ2f$rWAQV*~kgAhDX;vD!B@ zhMF0~j8zN7i$RkU=|8*U{Ch}9L@uz{-ilUe5y$cU^`6`e>*fR*cqo0vD=X0e@`0&d zSlTjMP^SUnQn}gg0>*luM9uAD2$G*hgOo4$qNnPB)~aI zk(W(i(FGp<*KH?w-uX-WPV3Ob+>wIK3+)b(gzP_?q%+D%Qle5;`M;f*O^D$dud=F}gbe6_0Y zszLp`zAyO&z;n;nD#A0F^wry4qXe{eU({`QUh@y(Fg^xg{wO+11#Z(Sfg0-kQrkh{ zB;pt4h??9Ar4b;@Q`CEvIc1`|yW|j~t~%`jaLeE3fBfk8{>X13!~rp05^{j1 z8Yc;C=ep|>x@hq|Tc7lB6eS!|Y3eP5X)B~V05~>+QE23riYA#LQgAVW>j_%jOEdL< z%I`*~0S}gPxN-+4zc}lAuR=CoGQ1$_kv~l&LD@ z6fZGXG6!t9f*;*7tuSn)*6>3U4J!uUY|VJb z(K*GTwFPq8Gl+~L1sixq$xMJ%sBi5y0akH`Ms4J-#i^}c#3LgD8c$Q0!Qn8zw2{nk zsO9U@nJnSaH;u~W)6Rs~;?Ym~?}B~!^Pnz6S{lo19oM3A!~%Hl8jK+~Y@GtqsTM zqh3C~MMb6!uu_EHHju!V>y@}`YE^!kDj*5y%>IqIS$PdtsS3B0mF6mexuUn*6%EV+1KOB5FaQ#*&;0EvBAr(d8v5 z*4+*3g!Zq&;6tWRzjm7%Js|K1L6nKWJHLdEBA_rw?TG*LV%^bqL}Hk2Wx6__nRIuN zvf5uL1Cs~$;h8+}fD--(La|Us@*TmR9JbLBGN%Sjf;K9(k*H6rLhB_BS$7Joh;jqb z`wdRs#(D(W2y&{R-)}|uFdS+R=yZIpnBX*wpg>(x*O=92>Sbqodh00RzNeOO)I($- zD>f>>NCS*ijeBBPbJ%s71SLz*w%F5EJ7x2+P~aVbO0P-dg*I4rqTWJS0Q_}Sa(D<7 zaf&cWy@S%)a?~#`=L*UPnJy6Xk~;B&>L(qTrub;VTHZd8dIn@e%c{p#gb+k)lfSl| zeye)n|G13<2$Von=xW4!j-0(HlT1a85$&Ur8*8#c*(`ouIcxy~(}}KgSJTGKKFm#(Kg9++vp*;Et~$I_mJIosCiSE>h1D(8tq$p-eZ#I zrMt94%OCB+Vh_vaH$42?fN<_D>^lO&5do#zNVN5+O7e5R<_BOLB6M}O_y2kv;weUW zoi0JIm!GMcMc6saDEgrLi6e}{vR-G7!4W_EK+0a#!knZFwwZEFv>8l~YWFwqm?@PD zH^_*8+pI+WFf>+91+{$ z#cZjP@pyuzK9jnfe0WlO#5UmP#~DvT_XuAmXj?rY6H9D%wj-3j%&Ah^4{f!>b)Fi` zU^!RK{Ool--_Lh!vAZ4m8W)+N|uc?F~XV;(0PQ8cecpfHbpb$Tf2~ddY z1SnS6384`5) zQxV*~cD+PcDY@odAAU+oR-gb3-USY%f(GGj6}Lm`y1D6Jd^#_t;z&kDVm@8JUh4yn zMB}gOzt?9Hrjh-VcL9GNSm>Pv(vc{%fzCq-qF(5j)|XaNW5OTbsn%wtlZ_0OUT_M< z@GolEMUTV53BhC-0J_BLA_Uw7r(*6Liaw>%tEk^(z3@Sj(-Uj1|9Jl z6usYruloY=3GMjdR_Ml}0 z;ELBH%1)2@Abae3A;iW5bzBL;B)#lKDk@%%@ir7mZV$F2OSBOb*4?EoT%D zfhFDFfm}Ez<(YS-A?sxdB2&3v;!Tw7)Fp=wcQkh>`t4}e&tBZ|U5OY!kuj z><+;>#ze@Kdvuxk*-H6CO##_i`uS3`1N5+f5Hl!kRvj*SxdS}y+MdSM!%@STybMFH z^}+t+{CV{}%bxf!=ih=&`s2^~jQy%m^^f19cN}Us>py{#3WPq&b3@yqsAqd*%unqOzT#8}U>F(|QAD>_(4a%Id zk8q@mPhE1t?`~EE#bZ0 z%J_f*N39o&oZ3(9!t$PFjIQck=!;XooRikON#ZV8`-s1gQ#8o+K zMAh#?LbQ+Za(a+b76gtz7oWf9*O_R@J9ww?gz3T4T+%V=+bM=M3zqoJd6F?jI)!5& zF|tS5EDHQ1tQRiUtqwg@Ec>1>{pp|SAtstAomKGy@Uglhq3TeQ_z2qKKmm6$FWI=! zL5@1EIVzPgWnOS-SFGzb9c1UDy|t_ z^^tBZCvUW2;>yW?M6O>IKO!Q4@421%2<;pCK%9p0-jmWbbf)9;Z4drb9j@iNvKM=t z=Q4Di2Zz3K0ROL%AnGvC+J)*5K%9Cf@KbMlp!4Y~Zb~>k42|^Qk8cADDlT+vMT=S6 zz>>xzo&)KeHH`vj!$SuFQwEu&RmjH!FWlotDjD*0=Hlmi9NW>Kv$J6-Yci@MZpj~i zZ3$#e>xHRXrU)?i>Jy9$2)H1VQ};W;WAsuf^-RV&vH31$VCX?@6YDv;~}s~>`AsOCB3RiRcC_O(R3gJ^>7#Lh$r0;%v>4srk| z?-D#hc1-xGj(t@r<4D7Ag^Qx{4h5C+b)m47S6SH^!L5vXY0xP?Nrd$V6b%d#Bl~Tf zA3UzGVBmV|RG%r85m57~)P;|v!I*HQ!C15v;wM-a7HSHgrp)f;DdcFn%GJuktB_%G2`lNFveBNX5BwnicG}%Kc8}pLY;Ruq+tVz}@ zSJ4G+@zyP;jf0*|gz3r^x~$gpSc$*V4d>{Cio`$b+25|hJU9{y8CiO3OBMN7`X2wdxfDP?QkSl7t57*ic@1=g2E6 zFUDp_38Xr|CK5BYP4XdWMEfisU5;PXi0*>tED2_25JIkOwS#U9-pQ3LOg7Qvy8Gah zzITy^`~vjnwDQ(F#}~>h@s`tDdi%paqr*+?VL7Y-Q%DGiHWF`tIPk99M5b+8cNR<; zNEP#~KkBEf%NCAASO-T1r|L4$`>ZY{dlkT7Qy|D*K&21Gh`CJm2xg2cTPSVhgEv%A zc2!Jki^U#uBE9j1b0hnAjH%C(Hlp2Mu4>HcXEDHl4tV%66!xTSpUDoe8LgRB-d zkIEDj0A}XVzRKA(o9YqZ6GPLJn$Jfzws@w{FQ;EZWN=?I_cGt0>y~@}@-n|~JL1=R z=}-a=Aa5JmbIKs=e-NRK@kQ;zgqyhV%*Z$#fECauy{>RiV@*h3aW zMXkp1xxvTmK!LsG{$@KD8ESOKi(!tWx z!bgV{eICoJ*(($kY|;$CLu;K<4s4YK*>JAQo=N>RLzI}PHppf`7Be>z$Dvm+R4HKq z3+T^qRG+$4_1?wCX2W89cfUpoKNoEi)xEQjyJS*m=Zd~i{nj!6sd&H8lU;>M+8A29#Hu+HqXb{0n1?LYxRVMWv~(FI?|cs%u5;cJTXrieXu2*ZLMFB7g$~;>%?61 zxrbG*eO2wNOkK;a;gb^K3+f~zfd|eakGZCGgv}X-XBBbk6%>i;#=s&`y;=MN1PfYP ztFf({z2u#Tt54f}?(Q+h6XPuDKV05lAbw{Fxo%4_Ha)gjD&Xp9eoACG_5Cuy#JSfz zt_4{I_M8d*Eb*~o}C>W zG|9RgEH-E0!Ix_!S|waBp@JVAeC&@f@RAV_?6*|#G)lkrnL!YIYD%eLDad`LeQ>fp zK9XJL6dBBNW_-xSh+zrUI)zg(cD)*>U>HDi;}JLyh6h7%5DkxJA?`Hx02hg$f z7aXJhZ#%@r<3DCn{=L!Ry!m%;{`WHcK1;-TFwTRqVQV-K#)ee?&Zlu6jPqb@*c#4* zu_0BQ2ZKE-xDnc~CYk@vB7O~`;XD}U!M~!0^;aq4Jov9N!Nw;z55|U6{|<3+Ec(~P zoWGOp*WZlmEPX8vELL}Z0HRUruk4CXY}vAf=-o1nt-T9){xabKcy|DT3wpUaF#U2|&^;0`8QJDb6XTO2 zi8%(ok^np_u*2IfW@m|l^<9BZ707RND5;&=4zG}j$X}BPPGtF#z`oPc?bg=tx5OuZ zMP2_#3=^Y`K~;rnG5*N!{0h6HBG|t`rBV&kq0E06?-=l+u^xO_j^p_%?nE$lU}BQp zNdH&}Jg{|x=0=AV3k^848(swy0?=@$w*E>2u&e-;1H4E$3jsH1;6g7fn#P4*Si%D? z^uj{2aG@6#(7=UWT*BF7)C;FD~@{jbr?fS>Uo>T-N*75cad5ps+D!b@&we;O}Pve8-p#E)3(s z@OPNWkD5Ae2>-BVS?JGI;Y&3e%^YqP% z`v0b@^qSR02%}LGSU3b>+o5qZludlnVRZTmI6*#OP`LlGQNQfrb zLR;>_!sWgKrH8j~Z3*9>9kC6TM&MVmomCrgOMbA2ANI3(_7e~+^i&h_eI+Q_cz9w$)~9x1Nt6Gx zexQ&IoT;YN4E7UxgoubHN}rJ!!-CIWHDypWgaivu8RZ1Rn-OKiBT7%ud{6{x?W2UtzaaRq9)&;wVX{u)cMnZ@7=)Ucrku0Rb}i3wMr z#%dh=BLkHRvcLKJSpfe(7ORuR?j8EQ|1$Fw^S;T0mzSbnENdpn>=AZF^37L&h(^RugcaRy4y+YyhiwhX5}-d=Pt=yN!C@l$3H&L`Q$w;u zw?ET^Nelxtpi#J5bD@9JIa{d&T@PMaY4xBguN^yY)y~y+VVn*&f^`P0WiS7^3mXq) zKd6U3*u}O(#hp0G+4B4g9%1ZNnp5V@Z_sq8?hKcMpBNXnw-nwAQ_Kk z5O!a9!KYtYKfVClAdEUREbx5S{mr-EOZ;LY%$LDBDcLvX&VsdEtrSd3s>TC4I)F$c z*l?QxVbmaR=&teDtx@FRu~*D)!-ObA*P!W`+sv$+(=peMJbddEEoX;*F?hx7pjhj4 z`f;oR+8^vJjS~zOn6XoCBHI=sYvJ4&Io84$u1;T=L{YB*z?H76IcVc~*N!Nt*vqe0 zpGFSt7K3SmN6(9(9{n*tp)1&2C>zc4E*V;H^`oZb@81))hrri-LWRj8FXGW7y3)5dmNr%6f0()W+L` zpcC@WX-Hv~&VAw2IV4P0iwFSIjn+HrQ#RKijM5=48jR9NHA!=WNemI%KqaG6fsz~c z;iw)#v-PIqt3I7Iua}|l0NGYnMvTFh;IR@&20VKBfEmh!c$`NG=J5|56dT;R?Q0jq zrc?%!!8jo4Z4K`))>&QFDQZ(f)n%1S#JIaliDvSP4`J6V!NU*iChw>{c)o1oL8uV| zu_eJP&x!K01cSAW%D4u-G&o7xK`*(qf& zpSP>_oWe(C3bkukx7!W-0CQs0#6%P72SXY*3>2Y)e|t}xQZY@JQosaU9>hVeR^Vor zdwMhI^&FmfV_g_XW)=6cMMKd;o^GGT>zP4uxNyZ#Nl!a?TIP3JKqcs4oD4#Z=!Jt~ zrEkA>G_2xn84$^XtmrR+EsIDi#7mIxz%eWSfcy3N-r4U}`Oj)O&wg%*#D~dwN_6zJ z=cw7g45~im227q=j%Yj(Z8^y9zObL$RG)+iHqSYF5Cowej6NI88JO(sMA$S<3Oh&q zmB+HglZ!K{2_F=9!elT#EFi@x2z%+VVGk#0&ZACrk4q4Z8;#Z43+$C8nlw5*2~%t) z*aNw;VHfGftCz?#y3Z56P}k9Y%2`!r3Xh%ai~vy?&orBf61WP&X9v-9b%%G2i7l1E zU*HDITA|$n;?36TYm!jHkD}j0j!0eVJEoQQj2fQ!TO9)`MN4U~yw5>k=FE6w?R4Qn z4h7q-BDGM&ab!-iOf+l^Y2h^DmQOhTrZHS(B&+~L?X_U=RhvBZTGPu8xjfWewZW@O zd{|b=7tG8CrGOZcm;RfTnE2gK7g@VT?cC=Rh+n-g1H`1MGQ{lI8#8#!l$`c3u#?-L z%nYDx7_~yEXkS%IHib@Y;1F?;@{mW*E3Cp}umiUs8q27$nPgd?)mwTn5$27^$U09v z8OUC~3od!6L4MQhxE&%#s00Eak57XMQgj|yqDia{if#R9d=H)y8iE%rq(Zr6GyYyD zCK_i`a_ZDMjocIT`phOlz%nyJ;Zcxx@G^SY%0RL&QAXIy(|b{L`ARYk$v zyt|~YtNdQTX=J{m68{mlYi0z@EHPI{1{nJI8QPZYE+!_4HO8t4({zvT_xbovva8!i z{I}BB*sNI&zu~UvE32J}npXz)1q-J%e16&FhgBlA>BWfg9iT{@7Z&>zdYGenN0(`# z)3{{F@{0iZkL~GIAzlkJsUGO|{WoXpR-IL1OxP!8c&pyGsm@n8WjM{RPTnrgXYiA{ z-nMGXrFf%?1D(&GslU`_oSQPAo+W9q;yAALR6gEe42pVKf1PR};3A=^X}dRoTTKgu zd4TMKu9qhr!jke3#A+vXW{jsfMGtiGT6XA#1cew6E>=9Ncy)C-!@p|#MRmZT_@SX=tG4p&U1}VLqfcp#~ZT@>)yT7?DA@u=Q?Td zkUrz;Tyy*W`^GkBG>=B!^C@?qPvcwkyx^F!pVJD4`f3WzQwNTu>`7DtuVwvppO=UY z->e?SXUjF{x-$``GjcW0ZZNgDsPW@fX%!KE+oPWYGkZ=uAHQsAY+UNQvNpirAL7gW zf+vC{3>lZ0<>hN@x_+-nx*dkK6Oj+3V3xSh77iPW=4r$i-M@vm(aS{8IqzPu`ERf1 zg6?j2aBX$%(9tdq0Va~`08^0s{ZOW~$dqPfh zzSmu2H%_-Qt1t_()+C#MKDqz8^Z2#(vbZKO?Ap|Z|2Y6}FO6r2gCGm#vis%sf*10U znS?`mBag_#sf>^F+a_>MKYDa~(l^HCQ+>;RmQnEu{oI9`GFj>6_f_G)ImO!vIMbSD7YB0(21<`$UpIe6b=7Wi> zQ`Tku?L4uL0SLVTk5t2?awLnUDN5oO!+HOTxKKEzc?+R?eZQo>f)Z~w8mBJ%(b~ymE<&L zOxIRh|Caentp&R#SbY=V^8uE0MhKsGreP!*By(LsZAW~aNZ(U0nyPEMF8I*e5O=EZ z;KIUL896!b_#_Y|pR2@EeyD3NAD&^?_6pQvhGxr~95St5H!g=SYxsX;k662#y-$4J6oD0vy&aK;TOeq%*lBJ%U z8!z@wPv~Fl4>MXc?ZIerhC9Fzpf^y58dQbRp*CEQEy)yaSLz)#h{+`Y#YP$G z0@O|@7#tH)|5STzq%ohDwhBk#O0gDl^~N z>C-z+IuhAVPS>^C@ji2}1EPE8SG&iGiUSJB$Si&n&}nyCbd1t9FSu$@t7=Eni69fT zU+**@7V)%DCnk8uo%*)6)PmL(lB9asz(*DQDt6TYhcz?(h`8JhoMJ}56ZEXpdA zI4LW||Ae^LnR`Bk^5Kh3QJx%Y>pjKd_YX946CSK%;1eE}GNEhBzTW0A?3A`7leeF9 zNL2YLK#R;Ee!BvVR`S>aVb3MB$h+sJyjRUuTSC7x^|6d4T*YE@ap7)PIu`-)5OOMd5$5@7){WOiFGp9_OW+ zX+EOKy+SvVjqK&wUmi<7;$HZIG2qp!t0a|=$D$aY+HSqH=jg(IofSi7F=-twft31FQ<_BI*qZ(o0B6SJ`N?QR>tdc?-Arx*A}@GlP@u3 zL!7#oL0qRGy~iNV>RL}ni|){Pw-ddWljp4$au3qxD8-R+gBEdhOR?*N<9>PQ_et7z z@5$($tV`Rqhng&NX;RJW)>US+Sk{x%VlcJhCbw zMZfH+5TJ6k-`i}OewRg_O`A>k`zymIDm5$Sp(IPVy)`|7$G>i*fqOi9B4{~3Q#j0i zD)zejyq3dST4li=6OomYF#l)rs`<4;Ckc17x)fJJ|Cyyiyhp0wUYb7~*=>X=h>h1h zn|&bG;;7ouH4>%gADEiww9PMo>7fe~TcJV5Ld6pvMaHtm##hn8m*V$bEuLG%6Ps_d zva8J+>?=VDXo?LN-c}y2ty)Q-l-~7;4m73dO`H1t^ni~Ak`Tnz8FM&@hAng|P1cgm zrl<%DWY&{#=jA@v$UTdFB_i~qKm|~Ry*Z(w3cM7V0;|Tc46_)wq@y&CS`}=UK2)*Fs-rf4w87{+&~e zK}<1V3nHr{R%JT;?(+{G?AMxelFpmxk}e=VC??J3Acy^ztG{w*g%m8Zo;8X z(SGik-pT!Op7?_TzMvjpYgL%uU~Lwus^gs4`+0sWJAN?rKy&8%Mz!gVaDa7GZ^SFM zx&(36_f<^VF<-HsIbYl4Cv}9~ui*7cg1TBov$x2!0i*awZuVoGL&ll?+*AjJrQPRWxR6q(zt|ERoIlW1oG#zz z=;x>c;KYv-u+5B4O`1=<4XL8jx|+jlRp=t>O@f5YaE0I|*79@u7#`j>@1W&sFm^p| z!&8WRQo^LZMn8b1I(w5h^Y?7q8GOX&49nW0 z+D$E8o}Fv2abtTqmD?;r6m#QQ@w~|A z6S*vAY0CEU#rI3?pHV5)8t>d?=Dog#UX{K(|6=~$UH%Hf)iezg(-Ad5=Tv;S+g%qP z6?3^-%=H37>gDP*BP@kaI`BD5MU;axO%hk zy7dsx%|nL>(X<374=RvN28NCn8V5AciXwZa<~a&la)y&QEGlx^UO6}C4i|aS=s0Fg zrbM>a=3C_E+kJc(;BDR*=@~^HY;1G2Q(66noAtW*+G^DGy`&bcHOJG~%x)MyYFBg= zQzRIA5v1W2zOr!dmC0}ITHQGS@#k;P3$z8zi;f!n3eBU|4aQy04Cjss-&$uk`p}~$ z;B~Q2`EjaaC4+hs?GyWY9j+s!k&&dSvh~akm+u`*p^=`}cc6ajpFeo|{7SS@=@qh? zJ#J=CrJs3L>{elY)PH$6Er0wOlQZ*_pbmoqnMZlk4whuVFNJK*V|i)e>u@>xKR5%q;{9;oXy2 zuhTa>)Yl2c7LrqF%1S)eMvSQRr7t`+M+k~+G(!x8-yyw=z88G6SJP} zc6V)esv3H8+FjrkA_+lUZWNVgxm4F;#HMCwX(?idOh;{99`iI4nl?%QY+UOFgU-lV z4+Enm4=??aKcKuQ&ZF3;r)lWS#e{??YHO8t6^k`x^@mkSCeB%Z8lIIWsZ!8d=$8T**c+IH|+TcfYh8=-6t~7OAqY;;qYAiSyd~$o9$un&XJi(#^Ce zs=1kw&i?N4uq6#?!t#pHs!)McC)Kg1*e3%M~z$9iU)7&u#HiAULXSEp*MvTb2S*BM7ToLPdSimnX0?ea&GE%-CeadEA*{AfNR>t?HX zDkeDPp%U+}ird9ESB0EFttF$SMasHXYjr8?XlB%PNy>Y=VaR^GRJK>X)_g zUDxZ-?^{|H`6^=Tj32o?OuE31YZh3&v`KlDu3D{zs<`sLMD5l7Vwad( z2VsePeqc~rd2#O3Mn2j~Nn4Jurbu2^l``RJ*EZUgZyT3{Y4oCKX8ugq=If@Vu|v;j zd)H()OZTe+hr^2JAJiW}b+gD7y(-UB4-Raib{fkP9;*;z%Z;HlJF*h<@$)pvFd2by znztAnp0Mu-7&MFQ8I^`|>pIHw2gRB*IU6_&V;tujD()-USIudD&hLKY>KHp}l4SG7 z(fOE;(5mtNM!R;682hA%4aSx8wx{Q;$n=cTF(_Q{j?$ffgJ63dtAo}}?O9oQ%jbL& z`yNd|qzrZO{mi8kAsR)+iGM`ke9Zof{YG_UEAA9Ll zZ&}=Ml4rgs>uIoX!vxS!J_jb|nar}VlAdCl=!;gJwaQ25-<)hUHbQ4*nQTQWhNc=+ z+8#OoQqv%v4Ex~&;R?0%(aW|PkRccbU=}LMICe}L1sGZ+@aFSf>6*&<*hd-l@X6vL zNmjhrG@1OlL=_PX%c#|Q04ZOK0Y3?OT*I(gQ%vW!lW3wBj8VB6uI+99peWNJ$6=;F zubqWDjjmcde@mX@Wgpfdmw@QWX}t)lORSr7K*|@vq=(Ek6ek_(aP^ysu(Xv)N|svH zcNzU*In8_Gc!4F=rhD_nMqa*oQgipyaNUwnyYa9bt74UXhI@8?GBr;X_1W)i#MT(w zw4#4?uyw7qefjp?a4Oa)I67bhF95@r8`22gDDvqdJmkmQCpF|6J14@F-*Uw0lqFu1 zMDfI%sch z-oi3>PdEosVvQ#vo1;cSJ6@27YZe8IUQP%gtZ9|MHjdcd3^Wl5h*HZlm3>}Ym*@ER zo1{tqj+QVjdX`;9@~}W3{p<>rW)cG z!t!?Qowh?W@maznS^Z-zuT-|{+m7EilXX+_zJ7}5x>3cDh|N-Z%9E_IlVdGHe!?++ zR#DYa24t?Hb`|M6MUWHEN=V8tT)r^xy4aC@8mSU*#Q8>9;1hqpznB0EhJ~gW%L;@% z6+;b*%&M#_n>>k-uqfkf%UqMkn>TJGfjW*T>*7p(yU?-Rcbx7axt8qWnEp1=QL>2( zlAkjzEXGQ`!x#EnUYV1DR!fh$kgyX!Nuq<8U2geSU-esxI%<`UReVl;BiZk4=$bwm zN8SV}gV$aErJ9_e)5st~xkMSA#Axfe^gBwj<1JY!J$&uMHre`k2VkH<&Ifru(ZpDv z-w2G=oGAHr@?(7aZ;mB;NC#x6$2(`ULEA5F&zjN=en?^)IE;>(2ui;b(o{=FcFf<${SR9)%%A9>Z*AJ6j;6J zoW4FJb6Lp2?qQ|P&`d#*ue?Z@6WO4*;;oCsDMqSJ3ms>g@*$d%byqstuA6&(=;Kom z)0b1pUkZcFz4W)&ULyYeEPypp@6d&@I6hJ2#GCU6CF0WuO;@SrQrnhY zJNH%fZabWq5pxs!u^-h2ZR^pTA3U)UFt?$oMjqqqw5=F{^u+JkA-*(eJwXzK?9o(h zlJN`I8H8^h&s+*@wd?h!K5)L1jqT16?v-A@T6EvGVyadrQIM&BG~8qDTQBwO_@I@I zG~NlePch}3?!EhkmPT7{1Z8DS-vnXl`l%CK_Q9|LSY!idZwswgb zX$>Upg8PA6Ro93)48NFX9&arTPOS+a>*eqfOPT7AYv*iT-`6iaxt8Q8NCrc|vewdz z=oW6=>^jUuV!+reG4iA18OGM@#QIWp%~AfR4T9Vw_BR$}M*5u~Av)sN%Q@nII)krOCF3Vog#lmiP`GB{f ziXK&t6%8pjHFy*A!sWQJ)dZD@X3w&dhH$K7wkU2 zpX>SbuR9mt)~h3WI7obsLff|ST^5YUPcQ8i*f=Z6lujD**EYh z;?*tk@FK2DL#+`LVP~zOFrdhrGydU#Ndtmd;=(g_htZ~YRsFkc^27;0AlIFWQ*H&N z6MiW7Ka4cwQ~*^+bayEWy{;7s4Z!(s;a3(6$pzcC{E& z6W%`8Vr4gG32G$IbV3h3Cnl)3-pW_2mucJmk9j&7;_C9DNC^4>=}c zTOK{$xw6#Hy?U}JU+uB+lg+*^F_Bg_6%-7}#EvF=#A;Kj?HJ!nH}ct^-x!S`Mg%!^ zYvqPI$3#4%qP03>W>r427I~B)#tOwhDtfNFP7wp823O6;ke_I1&>|;lcKQ3lvlpK!8uUELer>%MANhGnO5*_}Cw^#-I(Mf?O4>ZJ zuKH1mw@yK9d%tY_!s_b4))*@kF__;wA&$DZ8OtIP@o(RzP!c{=l#ynm?wNj3Z=`6% z+nlkp2+L(o7Ds%;M#O6ux+)h2e88UV0UM!Vws4|OuwZ!&Lq z2`ACcbe>|WFS0p+-^_ey+jgcsTp3sSOsJ@7+v$$owEB3dd~+)&*0~jmc*joVmnu;k z)f!YAC2bY{RpyiqTC=O5X=s{I&M`-oCuv;QH=Gl-Ms*%_oJ~z)I01;Ga!CWGEq~M$v~lM{ zKWq*Pt};D5jpX+_8{)*#RTH%)WG5hZQjqpo`qie)ealU7?aq|qjOI1o0gumse*2QvV*!SV2;r~sBOrGw+5K-cKZ?RfFw z9oSEDHqkXf?q;NjsA%+;@^An6yx5$ot@fgxCmc;?KtVDI?m7+& z%59e4md*m6X4;;CYy_PH-!o{-a;mn}RsT!$$Kj$O1TIWG6T#swUkI2V)B&K>2_2M5KsxFOF9IG&JhKa zE~Obly1U`GXOMHw{XEZmzvrC$%=Ns#&x?PJgLv(0?X|w^yJD}+SQI~*KnYQg_B6?% z#VxY1o%8n#d6;ZB!L7Wu0fJh=9tTQ&o(Ju8!(`n!XF|VVBJvGNJVxGi=W*iYcpy5L zpuF2`Dd(V2+MPH5tEz?L)d0#2NPU&@MXaHuBVe19{R~Bh2lV)~A<|ZUpsfQZWNj(|e& z`MlW((1(uZI`(mJyfXo3EJoQNV+2MqU@?4mv^+61h0tF)vg)j8nX~k&H1p0kINzFL zdeB&;ZqX#TBMolE_%jAfW=1?TDJuZfiwYrg$3mC^1qXHq6vR>_D8KNX30E$;;t9b4 z6$~Bvh$(1hQ`?@w+G&GqB=L35J&p8b~q_X^1tajp|sJB*A6eFO^&i$bTdi1wB2#OYV>K}$q|;4tFw$eCid{J5wTJ}5dG zu%=;yxf7G>wfPR#OEae*>*vn7H&9Joc#&i}pBFUvSD-zJA&4cwBO0WD<69faq}e$- z&qJ}3sd;u)XH>Qi-f1~nrN*~&S|0*LQztp3v-upo^Ca;IVzZDJV5c z&fqq;#Cz34D96(4M5nS5ksmZEGXSfFcn3SOU)%1e1>y|(^~=J{R`EK3surG0g=VD4 zewg{O6DG|@a3t!~xgO4Ad7lCLYHcA*^%`nFfOu}Pf1==!I1i$0pFe!DtK2Fd$ z4Ke~C4MtnWKYbT{4(opvr4i$q;vgC~C7HbeI9WT76f~s)V58^3;bD~~FQpx2xDbod zx&kcNe{PIoM@qX8hdX$0B|fCn8M}iZz~Nv5@r}N^7xq2gc`IHoj=E)U%#19OW!I9G zTC03%(D%bX1R2IZ1YN_-mGFdLol*+=W-=0MMz|Bjzy8mW(Xa!@Q?=Xw^;?`Ue^- zn%({{hb;ae3fw+l@g`s_H;V;rA=j<5;K88LaVG_e+n4;~J|dF9pv1(n+CSQ9V^~w}-+_OL@pLgu4KucpW_WtSDr3Zx<{glR%7=f`^1 z32H>t6{Os+93q%k*>va2bIWTk3#DYGYtt`era8Ce-Qxqdvl4M!Cc+wp{%3r(GACvIdd_Wz{!MU{GSraWBMomOMP$9F zG<8F3OMbs7^Vi|EdP%dAjnx(MEofStfTHSv*)q+??}uQ)0db7@LuA;p8>vz~%ud-# zAsGQ5hii2(;p4^Dmsk6#ysr1w(>Stla;wHkeF3V1G^r70RECV%&aiNVC%D2l)LwT> z?vcEvPsXtkzp<0~>~|(OpRW23TC_khGZpl;fQyWJn?JuB-zjtUdWsW&&0q1Y{sdPS zl35%0%+Ju{W|E&*8{w5VOG2id>H8OI<{M(p%hY#tCS^mcr20r51 zxKm0VCzO4YdMTx^Wy;a@zPW2K&@0TsqLtM?Y(L0~&Yu^l?-I5)oQhaIofo_=GAx1} znx}4A`X7;c1RpqHVa%N{iuLE>t%SEiZj3&OVJ?nv?RVzPAv}}hadfj!FP;J+n%mRk zC9K2^QLe`(3Z$qxL@3TAj$Q4r$4Ecc)> zmnw{nuKPjO2Pf;FCvXpHq80UTs!bNs_Wce~!&M{`p2gTpmgB!Jk9488TJ`qtS!3;k zN4#*Eo7_}S>%8SS?&n+rS;Ghn6q)h4EU?9GL>fh&16{1%wCw0uY#Q4~R!`y(LIJ1g z^0W(5Wd9Kc{dq)bC{eACzBc}-`kJy@2Q8m zWGxXEh2XE;DhzEJ)0qsaXM;+6=7IJ&Z4sJdBiS|i-VRym(ssY5LH;!hQyO%``o|A8 zi^|gW6LOlYema`Y)&00vnnQ0CbA#084tuVsgic(@Kvq(alFfZzZp$D8q= zN8(}LSK|{5c2~%KC7U~suX$BV6)J142EAQ|n)&QI&^v}l&o#ua@PT6gB`rhzrz`)7jows8uH_S_TYo zvnW|wS(cI1@Zl^SF*K@4s&N)zn%dXPo!Dc@HgCkAE*FKkW=&BzYzO%F$3Vms#L*y% z7+q(`xr}-35fi^{5pTYx?G=3e(E#ku-q1QQY1>k&oVmj$9g$n&l z2%Nb*$QT+WrEACq`?9uVWR4x1QXt>kDvV!d(;ekcVPno1ixyG3B))TL5bmpA3kASn zbj2<&VrZPWC1KHW^h|hW*-uWUxm$4}-DVLdZiX;h^wz#i*E_v=2Tl(%tE-2>8n7n(_uDcg#cPEY^~X^C-AOkbbb~Vt=qb@@o1} z-Ff`$tY`4f$<8j)7c=36vyE#qbY;#QXC^+v+YdvtJ!5l-YG< z?3kQIhY!h@c3roafqT1Wb#V?Xl$^i^&OW=p^B^QX$C>x8lS$inJ?&_B=S&7@AU{PM z!_8(I%(1=hfr`B#ccoLD^_1j&0V`hrE3|6{tF#gxG`mB{b_)y%DVr483E=OONF-FR zf2=7PPIAYmPZ{ly-JYti!(rX*4^^Xd7&rlt^5|-gBxV~l7!k|5vdmXpvI5Rx5XJDU zC{(9n7gB)6hQozCu+B%FNW!ZA`A55(H#{{D?vIkIeq;vGtPZv?u#Q+HFE)Ldat=ZG zuu(1U5mGN`*rF8@KwIzt3n&q|7J@Msgb(p8fMGxqS$JOdigb0NJ^P`G@SNm9!myqu z=rP9eMULb3IA@GYD>qysaUcjh+4T?-VUQa60%1bbjeyjl__tqX8Wy1Ur56|bM> zh5coyh1ei##$6#E&l;IDB)1QE+wq}1hQ1wF| z4^Hj`*kgF26um0(eWrviuklwTUjLOM%^yJVukR)NEa0n5KD#$lfW(aTqH=3MY~&FV zAdx}$F)K3cjk{2&$iHMl5~x1{4)eK^5mw0X-cpyQ+k}K;0%Eqp3P> zG1XqGx|MkS-7{`Buh3->AqW^ZuE45QflcEhNFAmnkKk2-WRd^+2sB13{tld`9DVy_ z=dO>1*N?0M&j_U)30V8oc!b?d6B_zMYVSI<7zoeb_|TxNnL2n5`v-A7z^aVSS!)Ft2-ci7~!j1IQyLn77GiQ(8=dh z5t4x7Y97o&Y}9~m8g8ayS$gp~K)GO=PNQFhv`vdxK_=Dguo_g;H~$#piie304%h6ViZ$>KJ`^qoqK{SOV6uScAH53yp*JbWI|BfE$`+zyM zg6AyQ6np2yVi$tyIcIMBlF>D=!UC#fgN5ux>b+3DFJ~ejZc3_`jGT^DtDFjs2q!0{jeb%Fv6Wjcj!Q;O<1VJ?cF@=c>b%vu(VfK84 z4{_vanhiC=spH&?rDe8p^ibT(hS!y6(Aq){4h~^pDBamGykIJa(U~`beegvET7iWt zYg@}lzN6BfBfhD;24 zFfV@>z^d_BS4b?e%5dGgrEv)6aDu^s>|vTelCZWANr0DD^!>~kE8Ol-I67`n>F$5zjMG{B4f~Q} zF>{(CvE2IFANY*&o32h1vrN{s6HMdgdOdFnD?N&mwR6p+2hM-e)aJ9S(y5liy-PyW z5qGt;5B}n31sc6$UHjg0q^TJf(^)MxWvV*PwT#BKCaT_V`WZA-<`x{@A`W9!)OXk{ z$Z}q2>tkR~wKm(3@SGv@-iIhBny7m0bd7Jz@s!wB%tErYW!xuT)21KndUNYqr<3Dx&wpev zwe%Z~a@YU?&JKzj3hzFya8Rt|<^~oeBqs7VFD#S?{s5B)FvH~MuZe(vPfdH3kVBL7sBEA20dQ3&%(S*xl+Wno-iktfFPSo zB(se;-QV9bH|b57yml6Ot{%n!jO2T(v}?V&G3-RZY$>pV?Fb zOWOLzwi2(L_;V@$SF<0EnGC}1cwVd?|9w3y0P8EkWKLveCKQNtt;1wiEWByOlt#$= z;EjBiJv)fhl`*mUJV)$(XKs_F8Vk4aTA2qAukF^s^4{KH99jQjaj{^qnGtFbnTR+y2}p;{)T^ zhQhxh;=dXQ6f?{uT5vAfPoG)US=;2abq>N_0E}=WcUUg>@2M6&g|H(@=?Q3}-MCk1 zm|C~oF1Fd_t@v&YpT1#0Z)=q{DVMQ6RIan6D5hk+V!5x+c68)urNu4&`9bT5Qp>t@ z!s!bpPo5-u6=Y@~jn~>%Q4sTEWR$NzrA_iN$aa3ftIa^k>YERn|47v2(VuWNC(aZ` z`7n7Vq)^oo#rToKsdCzxRv*^+EH0$P*krt|Yg?9it|zZl|MO@2+c${?cBz4>n(*4J z_s$bDZ#1t`nb2HTT3?z9;%#-I%20bM!fscXa97d_F68-W8lr@x7kn9r8LmsWbZDwpB;hIL&R zx7t>Gk=7gQW!$gkz3k8R)b>qm;GAUX;}g2f3@jvyIi)9aKeW)?U#ai4Ll0~brseyO zr78>&!E8ZT_+2M!dfb8Xk#eHyL#C9Yvo9K65iWlvdHm9uOjU)X@mp9*-+j$=xz7z_ z_mBguw6*@vhIs09C(k{GD z)2f|gCS6!sf=sl}34m90rTX|9a>(jwG+57?>5`0Vp_E-L<0QKW+J(s@R@nLHk5JTV z-d68RqF}8n4_l6K9Lx(Z8n(*L%*M z4Y6*f8SxGT{jMf_Me&W1OGnJst9&GjeZA*@q#0}_WCYEGcW`Hy&dQ1i^V*i!Rb#;& zr`Rnn1^kH3)9z@D#x*R$wwIM#-zA{V9M^cfFM_b~0`ZlTr*HXPPH^=@$aY9(_B&Z|5c z2_OvfsB-lA1*hqxh;4r4>v-viAT}b7le+Hpp@swm>hS>Xtfwly30E$Ja4tuQ=AG%mjiV_uO_YkZDF?>u;YUzuIMYTvCX zwo$R{Jlrnxv`PXcr|E@?DMYS5e>PP!rlmr&mOK$;tuov^uBp@9OhruVJ^`#JUhHH9 zGNOWj{?H&QYM9!xzQ9MQf8vfpA9)viX*g%rM$!ID3o|d!K%#nM~P8|Y4yj~lWSCmy7gW;vysROt$ofA zoUiaMvd_N2W?W*=YmeaTI<$Ph%-Ll6li`>f_w2+s6){#-eBJLLPzJ|Z*>D<6Jb6X_ey;)^sg0eU+D;&-~RU4Yk>}zZhgl;+(0Ps z3Z@x+c3Yl$gN{XSD_8!=<-$BRMG;}`{-)^|UTTV>TxS|p-r|z~)Eauxo^lcXm{W9l zb^YP+i^w3oq9yx$S2DXf;PjDQC4`)-@7%YZca_|?*lJA)C!8`eBNLeSYL(~fu~-u- zGxvn4m&{LYYR*(|%GKYbJ`r_^EM29gY$o4qs-hvJVwM2e0X$69?2`95As;hwVB%qx zPQ9n86K7n{k%&8`^NB2579AzK!!78@ms=Vn)c*-!N!6|JnlOX2KeBt@uV}X{!B-_z z)}2kZxjp)>TwHG4=H;7q{BE-1yFH4`{)pV-SkTd_DWom^#_94vhPURv+C^Kc2X6K7 zbsOUoEkA>h-;t~&we1-Lh%C$L@PeRWH*d!rSI5dOpHShW_vR@#bJ+bf+NL>ZLOR%1Cf2e z&mV`kep@H&vQGcWzue$M(3I9F6~b|`2QhwItQ;YDZ`uG!BAKp=caXQ4-eDx)l4@J@ zj*sqPJ(K&}6}Y4`*l@6$)kW?kMxicT1 zeN$x#U_;%f%Ppm~I3uv&GR0TM!MTsg-s*Ghn>UBQr-vD63Md+cgo=cC$}*th6ApLV z8Y-#xZ4#1qWNac#_BGOIT2;-gZNH@#k5w^W9;u^_Hn}uFZ=``D?FmO&gb6ZS{ zDA04*Ak~3!dYNpq*uhRI_b(hj{d*E#$U(^!>y(V`COKHu^+lM@#l>B`G>10PBiX)& zs+^fA=-MLmXC`j{>Ka*T5$HiXdCJvB={Em81P{r@u#(rbO+2)#B}~hzSFLl*O5By! zgDk_;))*v=K*oEaHYF!U>~yl5mSc&VnG&6n<_YD^`R;|{3$iRGua+;mC6gGFy;oVF z_Fa_^7b<>joLq0#ooRfz-h$bYqbv;PVaFrXL(r?PY4KoumvVrdE+%mhl(XeKRK}ZQ zv8CL1nmpc3t*v#OhKb4ZiOf{(6$Q%XXV0c&0m@j%zYpEGH?^7hDDc}vXnZ^sWxrpc zMno4Icd{xA99b>U89h$}xMPlm#Z>OCtiEo|eTqsU7glK~;N;6OX@mq?*QpCww{tUI z=l{AY9haFCqvwF}*DT5h+iACS>GLqh({n06`kM534KOm>HNFo zD7r#L{AfRLixhE?Flp+{sLtm;Z$t)spGjtJzixQ?tBH%hAQ;3TMczF@D&%i-?@|5u^ms#U zD=*7lPIayfd$>B%6iU&`bu!iu*}9&loHw%2``8m2?1W5T7!kG_SuNYTFI@HG#XR-t zQ0hl>4NC;g8kFx<6IF@dovg2ei?%*__ahGY=MT=v*YBbVf2d6#7j0vpA!{IyNVFbq z77l9mAfalKqSdKOtG_w@4xeuEE9J1ipl#ZUYtedIzg4Orc|cblYsm0V3Ad3};bto7 z@D|)3G#GIQMbu6A3cKq&>a`Gr`Wdv59@aM0(9qFk_5RZ1@jlK2`JXQOX{IZr@E5u1 zv{S&ps|PV3`I2=F+iu$@6qV4ilDTMVuz~xQ zqy;3fbT?5QXH4fL!h@vC$yr*RlYPTc;n;;^FYHaaq84bGPl#$u$%NITLML;=I>KQI%05sVOvP1!f(MCkDq17#KhX zv*NJv_>f$xERxNj5@|2cGZ1ZWq3JpDR`NbeIYJqv0nHO10z>K(VZF$cNP3lEm-6At z64L20XK=q7jkFx$bYyI#1^ zl^ap_*!~BbNgrYLYS-|z3}A)@>zU_wX91)qI8v_9AlR-Ob-uG_V<|G!*QfI~>v~<{ zmw)K!M{Tnk;ZXD=y|%dhE06z^a7Q}_ZSo}b-@y3MISE7{c-3r~Cvg>c{N!2dvXp*R z5*uDzg5-so-r#clA&Od^LNTremlw@}wIRwbadADe9}Uk+leY_gS(c7f4oMp=B|z>A z(^v=TR-R4S!h_ek2|^B$dcF=vAUc~GbWEFRo+LL1v!O0*RV?Z+<^HJfjYx1^v_FIJ z%_L2W=9>u`LRUr$cHv$Q3z@)9bw%OXm>f8&iHPme-Fu_N-1E|uFM0zr8q>CkYOEx}yVvg6^f=zg_(u=6WrYE8OUTsGnh7 z+{>5EqZoYitH^toxoiZgt{w&*-50~Zt5DL-VzrBN zF^pNGk`Ng0OwV=Kghgz^U}MF1ogQTfnl>mYxnFzqs1Bve$`uO^>vDFzmM z9@6w#uQQ;qw5@t&<>kG@GeKV;M|gHjHHI031eRnsYyXxa-U!80j^c2SOW&^qQ$CqZ ze!J{sRXbKLJBj;lRq=Yv3DH%CEG#f;97Aa1pJIENd_$$c@%v*6MkJjt(0z}3(dCIP zlM8Zvj~IpTgkb_EVW&$Zq@E2Sgr%d4cGENP(Vt(s^n(aF#}?s7KI*+I*)D$KF|3hT zql%6tyrku`B>%~oI_jzy(ez8#g{y_mBXwowSqzFSTj&eKgPz<82MLd>MedT}Uud+; z6#qdU-mnehU)-jg+_`gu1lSdLfuMew*s6I*LZN49*s zCC3#cy{hTO$zJ;iP8X3MKmNfN__7tfDqJP^9|5;H+hTvO_ z4)wR}gzZ9%>8RHMKHp9IddTuta{^6i#N48}6z}Wn-((?)F?P(DKsY~djeUY2b=FVw z#Pz3-4;@Lfa2z9ad&%_n--MLzc; zjL69&@M^yVYiIUGx+>I#^P6l>L~LnJbrHlzC>%9+r^~f02~kn8qV7#uZWK}4R z^H!+k*OV>cO#8vGnyd`aoMu$?y~Wl+l1o`wtH{f7|JB(eY~Krm)t6m03DxnW2D2Tc ze7z&CYv)otmmh>vEgx}PULBj}{pij`;$X78P2)J8hx61S>4+U@Jt!7m+-W`V!L-^F zu6t@MG`ly=@iED}9)mTn%m6OxolEHo2PEFJAs||fB%XOp@8+?F`KCTv3OL{NW@a#G zrZMXorX~Q{*sR$f-s2#Fj(q)|3RH5}V^3|VkaCcJ;s#Ouuk;;Y7EmAvzt z+y}}LS}Mby2VMsU6$V_K4FREH^irx>y^6}PSAq4k)K?|EZHjE2^V9B)+*3HOfa9%U zZU++!Pl97aDDI5+bS0~@ku8FdtvAf`wVxk(`F_!5?<_GC6LC+GV>6R2zY8_!hIuB8 zciSebh6U*BC#ACNY;Nk2g9?s=%w0aIXjS(1jwz25HomkSO9dIsWUb0mi<3PyX%}P}H|Q6P)YY1c z+t(?^`EuGiK|?~Fi;pTgqGGH3*2nrEY{XwZJ1{krp`zs3o=U;2!t$c^@Gd`(>7UOz zJwEeiqGBBCKaWp=0D0P=MM-$OmC3!`U!~nLx_kW+E$)%H6NG^_>qLpzYPt~9jB~EN zg*oeTJgT(%N|csaCGlgcJHa5GktLu#|C!zuK%8_Fq=1t>ZgX9l}AD7@m8=&k^b>*%d#SiLv zNqsq&=yLAamks_aJk2?G8T*u5?v%8-D>=xBP+h(<`;yP!Be&)8Lwc8l2ld}C3vOeI zL;UBM3`ZWPFx787luuACVj|<=eN)Ws$Zq1RA8eHEDw(J9l=Ju`ds%Wn4ZD-r{Eu&i zxv%Yc>s**&F3}}4np}!_7ird4bgGl{dssiZmpHG7yF`!L>zCv&Kmab6d*j^Np2D#< zh&WG{XS?`T*0kw3o0X|)lpDSz-Tb*khC1e2(KSWkz#ro>P)vi8_3X%ZuC*c=&^G(x{6-`Ry1;nJi^DiwUh>B8~Zq42_J;L8o%~8uPud!rU^kc5 zvvPGb+ZsU-xlLQ#V9#smJ6W(?TkJgalrGzJN)3&$OEulOHTXB%$H512ehm8^YF47g z*ny2&Z?k(BIQr7#4vX0G3tU=g>SOR2U^sLSG*6ao+1W@ul2P)S3I6t0KUA&E$i!4O ztoo>X;$kJ5@D`@nWg=w86#i22{i@c}l?`l>EGWn_ZEfqhoyg1sfrg~DP7k#Gy|co# z&sHep-!^AVe`8X9+LP5(CiK`ln5ZYQR(nAn%RJILLcQG?p57lHTJlgYFYJ&$p~j9% z%t*7-QAf{C(^QoOo-u0m|BkM20v2uaq7 zoTfe#b~Fi${n-_{P$8YXWNgteJDK6J#IxsKS07`luQrKlpN-srdD@g{87AKrmW;ZT zy=vmlaF_9lO9xr#u_%6Y{S}Rpe0v36n}nQe-0q(z^DV`?m969(iypX1ZMSOV#P@T> zMH>#dC4UlDId9lDcFWuL@S#H=Jn+bP>-_9D!`Qmw0(w8R)^8Z}@R%3pPJe@&J01mx zm6x5W1D8C`WZTB0;ZUG676GL(17QEtUZ3+wL|JCu%|SaZrv$5052Xt?b~#(OZjQWCua9 zdn@gf)g_*+oD$QzWoeT6Yeq_V@jTkr19!**=fc=rm`qrarY>o-PBKF`JM}bQC=Xaa zpt;NsLe->CaE!-#)=Kr9YY>ih_}JsLr6qcEO}?f6_*tpitTqLQTSwKkG)R@W$6HF1 zGwy4e4u-LW7?zZHln}JmPL<9cdHVNeKdx*~bQfFPsyunHw_exajfb72BHiV*jTC>7H)q+1V8T1OeS}*)wYa#kyg~`!{R?2R*dK1pNl>2QQ#$ z?&k|vD-AgqZI-2KE3t(SvE;ai1l$aO7jI5E>v6KLvlzy7O{FZE$6nk(<&~`w&M5gyi=@;&h zQu6|a_))8JHAKCA7#AADcu^iCMcZ0mp0rm>_NKt73CKc_@4Rr8gZ@{S;YxO0v3K4~ z@BZxwEU-mN>u24}uAzsakDah|A7`M&y_^ToTSP4WNl2fcc@mP?PYlr+=@P;VGo#fXCb6d>#_+FcFPf&FQ^ZrV z6ZmWI0>t|F)L8rpjM(MWY0v9e*YW<*TtLOaw_J52_sbgSanBgBAh-@zP#|U?j5%?H zKoTFSAd5*w_LQ%c5c?y!LzirqmmnII8V4+c2Y#jxyQ-5288K5vPr7e-p<#CqkYlGj zVh!l;$@x$H7DAK=s6%tsWB}%$kKwD?jkRjETkbcEN6+UvLt+-el#0F03l2}QJnKHj zBR#pn{Q&OT}c4AzURRfKRC8I9U9O>yMG_{2Y(ZO{*+l@!lNwCNL2jh z$s5=LK0DE^c5`NLHg*yLR(1s`K1eKsP=rFUcYqEnZA3iT2}`L%j0(sy%k>Lb)98oF zH2wvpZXmLY84ZZOzeb%Ogddi>N&$^1LN7$3h9yqv?FfS$ucAs*{`Kr^6l&;GpWYTU zG-4m(83rUoPGe7*MJgebdt<)DH}>(6CWm_WWg+P3ac>w{075MT)Ls=mi^lp(!~oup zCExWHLp*vlduE81AbxB=zUYmE=dtr%c^J8Rd``%oA~|2zg#WDh1uL;jpeVt9+=At< z{aZ<*VPs~=DG@w{l1Vg7*`8)(c#Bzr+wKG5j6&Hb( za#VcR!ES{mMjf6VizxAitJyPDP3S;ED@f^HD}yMoDuW0cW5^MwOar$rca3}uh9~`? zKCUT_&NTe%)tQ{can2hFaC)1?BW$ciBk z#VjM3qD@3`tm&tIouDf7lqOniIHZ8)Z`=Q0djmEtAdl#BIJS0Ez-cuZFg2YqE$p&2 zSVGb!2F)Ub&H~y=Zjgl?NNOalUqq8p(5ZUvcAZjWjorQB)0QJ@5b0?;8*r@EZ3n6gr%7;VaNh1A#*$N4&g(rd=@Mrsm+0rkv zPBWhu<$%UsNJpLmO_hJu$cWLa$Qy{o%@+Y-j4?zv&!!hpKe)H_5Slpgk+>niQk(n! zd{;0mNRIfH^LfBGE(I$poCTqQ*%^^?m>5)?_z;Hq$lkby*@CaE07GuM^IE!n8-`IM z=faiyAq(K;F`0}O0rO`&C<3CTlu6!`atSJg{&V51h4Cv<5m0esK43WQjEtNZ#P~^( z=Olb5D}dWMLggs18zhVts)_qH7)QfYX`+Gw4B&AW)fo=@0d2K?CC)sZ|6uq%rwi`u zXghgA9Ws#Q3AoXLZNtvuR3yGF{nD59IVxM7zN+RHM1ax~Ctq>amjfVU`JJhz`nGH7DFZvM~pmZGY(@8Ba8dN)Pc!N z@SIF-jpC@kA6*pRDuo)tFs0o{3uhlj-T_#3tL?PF^0M;?(~lCba~)SITcVY>a0$OA8sE)r!(G;(HVK8z3Hh1Y^*84dgs zR8^C=A=nS_2qQUwVy5J8utk$K=E&>!XRQrO9IO=}m=}hz3j?qTr>I{DVBWUD0P*=s zP@|eJ8D-XDW9kwA)4v$ri~r^jM#$Tv*3o5NL%crrz1i0eFnTR+RFjRbf4kxZO<8R}jEZ??Lb9i;cn2^M+{FIJB7k~4Yv%4rsH`UN z%a581KSK-C#{JO_4DO+3f!6xi&oX0C!bnQL2+kRK(mdObS?2AX+(jpe)mEs&e!Or} zP=>~Pk&A^3K$`n(bS01v8txV`UQL~>_44%$gUW&kPcs13JwZW>rRm^OH$FprQEf|! z3$cQZ66He`VK0(%6}G%Baqnk#pc4h+Z(oBQBgrIsWl<;N@?$CUeCbM2`Q7ow7qd&{ zV%6jjErzZb_~3o+l1NDEFvHyNJ4Q_kS`a)9X?oT|3PXm>KT+I;AH@^MhjK1ND&}`jTmPi!S_|Km^ealQlhvI#`TtuB&clJ$ev{g`4 zz01!)UKu+E2j@)YUsBP8p<0m?tGC+2N->HQ)1FMRcDDdjok4HTpdM7A8L5CF;NHWB z#_V>t>oa`>=TyCni|C5Vm*H)rOJkoi!)1_V;fuwf23z||8LG?z6DG58=M~>h$yuHm z|EQ_miNXPtos^z2Zt1D>bFWe{U(eEBd&N#b!LT6`;u^m6$$Gz7QSWQVA@js7gd*C=uh_B1zjHYV=;CV~fRal@Rk%N5 z`Cne^CLm-fcGu{87Djtg9X1*xiW8jsN}=+kjW z(~J@#|Mc5~#qGdz+nFvvRD1i~d{jX(A@L3pTNwTQ+kZxB|D9@Pf(E>AqL)`8NxS~R zLq$phw|G26^53lu7joEh#}Glto;$|9@nQ_*{~~w%&j@7C1w#ZK}|M53_iRk~?(0BFlKNj#V zMc+$A|6`*3w|lc!7ly_YKH94b|64u$=OUT^k0+v6+@0-TbxM$W>|bG*CsW36Bt3U7 zq3I#Hz&_aO!LEHS2hjVz5cM9saaAsaQNt7O@S9M=cFMxpUS8?v42A*O_8&Ok2Hde5 z+MKW5|Bv@_Ai6*u{pZ&ILem5TsPB5WnL*wav-iSK!Qb8vL*&r^_f#5jh}gwbsfNj$ z!;t)+!}C8EL783dHE9>*?kW4J?Og+!W3DObbd4#C?ld0%x&Pvyuml7H+1SJZwJvla0hBjX6+KRC0PSI)7M_V$|_NTdD3m{-E{73^8T|1DM^-U)NxZ?e#zMt9CEeINL9LsDKM J?TY^6{{vWO)K&lh literal 0 HcmV?d00001 diff --git a/simulation_commands.bash b/simulation_commands.bash index 24e60343a..654b5649d 100644 --- a/simulation_commands.bash +++ b/simulation_commands.bash @@ -1,57 +1,76 @@ create_git_repo_in_tmp() { # Create base directories - pushd /tmp + pushd /tmp &> /dev/null mkdir try-kosli cd try-kosli - mkdir code server build + mkdir -p code server build # Create version 1 of the source code echo "1" > code/web.src echo "1" > code/db.src + # Create kosli yml template files + { + echo 'version: 1' + echo + echo 'trail:' + echo ' artifacts:' + echo ' - name: web' + } > code/web.yml + + { + echo 'version: 1' + echo + echo 'trail:' + echo ' artifacts:' + echo ' - name: db' + } > code/db.yml + # Create a git repository of the source code cd code git init --quiet git config user.name gettingFamiliarWithKosli git config user.email gettingFamiliar@kosli.com - git add *src + git add *src *yml git commit -m "Version one of web and database" - popd + popd &> /dev/null } simulate_build() { - pushd /tmp/try-kosli + pushd /tmp/try-kosli &> /dev/null echo "web version $(cat code/web.src)" > build/web_$(cat code/web.src).bin echo "database version $(cat code/db.src)" > build/db_$(cat code/db.src).bin - popd + popd &> /dev/null } simulate_deployment() { - pushd /tmp/try-kosli - rm -f server/web_*; cp build/web_$(cat code/web.src).bin server/ - rm -f server/db_*; cp build/db_$(cat code/db.src).bin server/ - popd + pushd /tmp/try-kosli &> /dev/null + rm -f server/web_*.bin + cp build/web_$(cat code/web.src).bin server/ + rm -f server/db_*.bin + cp build/db_$(cat code/db.src).bin server/ + popd &> /dev/null } update_web_src() { - pushd /tmp/try-kosli/code + pushd /tmp/try-kosli/code &> /dev/null let nextNum=$(cat web.src)+1 echo "${nextNum}" > web.src git add web.src git commit -m "Version ${nextNum} of web" - popd + popd &> /dev/null } update_db_src() { - pushd /tmp/try-kosli/code + pushd /tmp/try-kosli/code &> /dev/null let nextNum=$(cat db.src)+1 echo "${nextNum}" > db.src git add db.src git commit -m "Version ${nextNum} of db" - popd + popd &> /dev/null }