From 89fb4d62b356dc023c8022a34649713aafb5b97c Mon Sep 17 00:00:00 2001 From: Alex Clarke Date: Thu, 18 Jun 2026 11:53:45 -0600 Subject: [PATCH] docs: Added documentation for the new sandbox mode --- Agents.md | 60 ++++++ Custom-Tools.md | 70 +++++++ Environment-Variables.md | 16 ++ Home.md | 1 + MCP-Servers.md | 55 ++++- Sandboxes.md | 313 ++++++++++++++++++++++++++++ Sharing-Configurations.md | 57 ++++- Tools.md | 32 ++- Vault.md | 83 ++++++++ _Sidebar.md | 5 + images/repl/command-passthrough.png | Bin 0 -> 64048 bytes 11 files changed, 682 insertions(+), 10 deletions(-) create mode 100644 Sandboxes.md create mode 100644 images/repl/command-passthrough.png diff --git a/Agents.md b/Agents.md index 28cf42c..4eac3e9 100644 --- a/Agents.md +++ b/Agents.md @@ -21,6 +21,10 @@ coyote --info | grep 'agents_dir' | awk '{print $2}' If you're looking for more example agents, refer to the [built-in agents](https://github.com/Dark-Alex-17/coyote/blob/main/assets/agents). +> **Running an agent inside a [Docker Sandbox](Sandboxes)?** If the agent needs external binaries (`pandoc`, `usql`, +> etc.) or specific network domains, ship a per-agent `sbx-mixin.yaml` alongside its `config.yaml`. See +> [Sandbox Support](#sandbox-support) at the bottom of this page. + --- # Directory Structure @@ -796,3 +800,59 @@ Coyote writes these built-in agents to your agents directory on first run and ne edits you make to them are preserved across Coyote updates. To discard your local changes and reinstall the built-in agents from the current Coyote build, run `coyote --install agents` (or `.install agents` in the REPL). Agents you created yourself are not affected. + +# Sandbox Support + +If you run Coyote inside a [Sandbox](Sandboxes), agents that need external binaries or specific network domains +must ship a per-agent `sbx-mixin.yaml` alongside their `config.yaml` (or `graph.yaml`). Coyote discovers these +automatically on every `coyote --sandbox`. No flags or registration required. + +Layout: + +``` +/agents// +├── config.yaml +├── tools.sh +└── sbx-mixin.yaml # ← gets auto-applied alongside the embedded base kit +``` + +## Example + +A custom agent that uses `httpie` to call an internal API: + +```yaml +# /agents/internal-api-agent/sbx-mixin.yaml +schemaVersion: "1" +kind: mixin +name: agent-internal-api +description: Installs httpie and allows access to our internal API host + +network: + allowedDomains: + - "internal-api.example.com:443" + +commands: + install: + - command: | + sudo apt-get update + sudo apt-get install -y httpie + user: "1000" + description: Install httpie for the internal-api-agent +``` + +See [Sandboxes: Extending the Sandbox](Sandboxes#extending-the-sandbox-auto-discovered-mixins) for the full discovery +path table and the [official sbx mixin reference](https://docs.docker.com/ai/sandboxes/customize/kits/) for the schema. + +## Sandbox caveats + +- **Per-agent mixins are applied on _every_ `coyote --sandbox` regardless of which agent you invoke.** Mixin discovery + is global by design (matches Coyote's "everything in the config dir is live" model). Users with many agents pay + the install cost for all of their mixins once on first-run; subsequent attaches are instant. +- **Agents that spawn sub-agents need the spawned agents' mixin requirements too.** Either co-locate them in the + parent agent's mixin or rely on each spawned agent shipping its own; both work. +- **Built-in agents shipped via `coyote --install agents` may project new `sbx-mixin.yaml` files into your config + on update.** Re-running the sandbox after such an install surfaces them in the verbose log with the extra + installs/domains they bring. Not a bug, just visibility. +- **The `sql` agent's `usql` install is in the base kit, not a per-agent mixin.** Same for `pandoc` (used by + `fetch_url_via_curl`). Both ship with every Coyote sandbox automatically. See `assets/sbx-kit/spec.yaml` for the + full base prereq list. diff --git a/Custom-Tools.md b/Custom-Tools.md index 8a143ef..fd5471e 100644 --- a/Custom-Tools.md +++ b/Custom-Tools.md @@ -24,6 +24,76 @@ Once you've created your custom tool, remember to add it to the `visible_tools` to enable it globally. See the [Tools](Tools#enablingdisabling-global-tools) documentation for more information on how Coyote utilizes the `visible_tools` array. +## Sandbox Support + +If you run Coyote inside a [Sandbox](Sandboxes), custom tools need to declare their external binary and network +dependencies in an `sbx-mixin.yaml` next to the tool. Otherwise the tool fails silently inside the sandbox even though +it works on your host. + +Two layouts work: + +**Per-tool mixin:** Co-located with the tool itself, applies whenever any sandbox is launched. Use this when the tool +is meaningful as a portable unit you'd share via [Sharing Configurations](Sharing-Configurations): + +``` +/functions// +├── tools.sh +└── sbx-mixin.yaml +``` + +**Global custom-tools mixin:** Covers all your custom tools at once. Use this when several tools share the same +binary/domain needs and you don't want to duplicate: + +``` +/functions/sbx-mixin.yaml +``` + +Both are auto-discovered by Coyote on every `coyote --sandbox`. No flags or registration required. + +### Example: a custom tool that uses `httpie` + +``` +/functions/my-httpie-tool/ +├── tools.sh +└── sbx-mixin.yaml +``` + +`sbx-mixin.yaml`: + +```yaml +schemaVersion: "1" +kind: mixin +name: my-httpie-tool +description: Adds httpie + access to example-api.com for the my-httpie-tool custom tool + +network: + allowedDomains: + - "example-api.com:443" + +commands: + install: + - command: | + sudo apt-get update + sudo apt-get install -y httpie + user: "1000" + description: Install httpie for use by my-httpie-tool +``` + +See [Sandboxes: Extending the Sandbox](Sandboxes#extending-the-sandbox-auto-discovered-mixins) for the full discovery +path table and the [official sbx mixin reference](https://docs.docker.com/ai/sandboxes/customize/kits/) for the schema. + +### Sandbox caveats + +- **Custom tools that shell out to host-installed binaries fail in the sandbox** unless those binaries are also + installed by the tool's mixin (or a global mixin, or the base kit). +- **Custom tools that hit external APIs fail on DNS resolution** if the domain isn't in any `allowedDomains` block. + The sandbox proxy denies all unlisted traffic. +- **Mixin install steps run as UID 1000 (the `agent` user) with passwordless sudo.** Don't assume root home paths; + use `~/` or explicit `/home/agent/` if you need a known location. +- **When sharing a custom tool, ship its `sbx-mixin.yaml` alongside it.** Without it, recipients will hit silent + sandbox failures with no obvious cause. See [Sharing Configurations: Sandbox Implications](Sharing-Configurations#sandbox-implications) + for the security implications of a shared mixin. + ## Environment Variables All tools have access to the following environment variables that provide context about the current execution environment: diff --git a/Environment-Variables.md b/Environment-Variables.md index 2674bd0..7fb80ab 100644 --- a/Environment-Variables.md +++ b/Environment-Variables.md @@ -83,6 +83,22 @@ You can also customize the location of full agent configurations using the follo | `_INSTRUCTIONS` | Customize the `instructions` for the agent; e.g. `SQL_INSTRUCTIONS` | | `_VARIABLES` | Customize the `variables` used for the agent (in JSON format of `[{"key1": "value1", "key2": "value2"}]`);
e.g. `SQL_VARIABLES` | +# Sandbox Related Variables +The following variable controls Coyote's [Sandbox mode](Sandboxes): + +| Environment Variable | Description | Default Value | +|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------| +| `COYOTE_SANDBOX_KIT` | Override the path to the sbx kit used by `coyote --sandbox`. When set, Coyote skips extracting its embedded kit and passes this directory to `sbx create --kit` instead. Use for kit development, hardening, or pointing at a fork of the embedded kit. | `coyote --info \| grep sbx_kit_dir \| awk '{print $2}'` (extracted) | + +**Notes:** + +- If `COYOTE_SANDBOX_KIT` points to a non-existent path, `coyote --sandbox` aborts with an error before any sandbox is + created. +- The path is passed verbatim to `sbx create --kit`; it must be a valid sbx kit (containing `spec.yaml`), not just any + directory. +- No environment variables map to the new sandbox-mode CLI flags (`--fresh`, `--no-mixins`). These are intentionally + CLI-only. They're one-time per-invocation decisions, not configuration knobs. + # Logging Related Variables The following variables can be used to change the log level of Coyote or the location of the log file: diff --git a/Home.md b/Home.md index 96cd58f..6925b6d 100644 --- a/Home.md +++ b/Home.md @@ -27,6 +27,7 @@ Coming from [AIChat](https://github.com/sigoden/aichat)? Follow the [migration g * [REPL](REPL): Interactive Read-Eval-Print Loop for conversational interactions with LLMs and Coyote. * [Custom REPL Prompt](REPL-Prompt): Customize the REPL prompt to provide useful contextual information. * [Vault](Vault): Securely store and manage sensitive information such as API keys and credentials. +* [Sandboxes](Sandboxes): Launch Coyote inside an isolated [Docker Sandbox](https://docs.docker.com/ai/sandboxes/) with one command. Host config and vault credentials are projected in automatically; everything else is delegated to the `sbx` CLI. * [Shell Integrations](Shell-Integrations): Seamlessly integrate Coyote with your shell environment for enhanced command-line assistance. * [Function Calling](Tools#Tools): Leverage function calling capabilities to extend Coyote's functionality with custom tools * [Creating Custom Tools](Custom-Tools): You can create your own custom tools to enhance Coyote's capabilities. diff --git a/MCP-Servers.md b/MCP-Servers.md index 525225e..a8bfd99 100644 --- a/MCP-Servers.md +++ b/MCP-Servers.md @@ -36,15 +36,19 @@ shell-style expansion. Every server entry **must** include a `"type"` field set to one of: `"stdio"`, `"http"`, or `"sse"`. +> **Running inside a [Docker Sandbox](Sandboxes)?** MCP servers often need extra network allowances beyond what the base +> kit provides. See [Sandbox Compatibility](#sandbox-compatibility) at the bottom of this page for details and +> common gotchas. + ## Transport Types Coyote supports three MCP transport types: -| Type | Use Case | -|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `stdio` | Spawns a local subprocess and communicates over stdin/stdout | -| `http` | Connects to a remote server via [Streamable HTTP](https://modelcontextprotocol.io/docs/concepts/transports#streamable-http) | -| `sse` | Connects to a remote server via the legacy [HTTP+SSE](https://modelcontextprotocol.io/docs/concepts/transports#http-with-sse) transport (deprecated in the MCP spec; prefer `http` where the server supports it) | +| Type | Use Case | +|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `stdio` | Spawns a local subprocess and communicates over stdin/stdout | +| `http` | Connects to a remote server via [Streamable HTTP](https://modelcontextprotocol.io/docs/concepts/transports#streamable-http) | +| `sse` | Connects to a remote server via the legacy [HTTP+SSE](https://modelcontextprotocol.io/docs/concepts/transports#http-with-sse) transport (deprecated in the MCP spec; prefer `http` where the server supports it) | ## Stdio Servers @@ -214,3 +218,44 @@ The values for `mapping_mcp_servers` are inherited from the [global configuratio For more information about agents, refer to the [Agents](Agents) documentation. For a full example configuration for an agent, see the [Agent Configuration Example](https://github.com/Dark-Alex-17/coyote/blob/main/config.agent.example.yaml) file. + +# Sandbox Compatibility + +If you run Coyote inside a [Sandbox](Sandboxes), MCP servers often need extra setup beyond what works on your +host because the sandbox's network proxy denies all unlisted domains. + +The bundled `assets/functions/sbx-mixin.yaml` (installed via `coyote --install functions`) already allowlists the +defaults shipped in the built-in `mcp.json`: github MCP (`api.githubcopilot.com`), atlassian MCP (`mcp.atlassian.com`), +ddg-search MCP (`duckduckgo.com` + subdomains), plus the npm registry and Docker registries that npx/uvx-based MCP +servers pull from. + +For your own MCP servers, add the relevant domains to a user-level `sbx-mixin.yaml`. Brief example: + +```yaml +# ~/.config/coyote/sbx-mixin.yaml +schemaVersion: "1" +kind: mixin +name: my-mcp-domains +network: + allowedDomains: + - "api.example-mcp.com:443" + - "auth.example-mcp.com:443" +``` + +See [Sandboxes: Extending the Sandbox](Sandboxes#extending-the-sandbox-auto-discovered-mixins) for the full discovery +path table. + +## Sandbox caveats + +- **Containerized MCP servers (`docker run -i ...`) require their image registry to be in `allowedDomains`.** The + sandbox's nested Docker daemon needs to pull the image. Declare `ghcr.io`, `registry-1.docker.io`, and + `auth.docker.io` (or whichever registry you pull from) explicitly. The built-in `functions/sbx-mixin.yaml` already + covers these for the defaults. +- **OAuth-based remote MCP servers (e.g. Atlassian via `mcp-remote`) need the OAuth host's domain too.** Failures + here often look like indefinite hangs at "Authorizing..." with no useful error. +- **Host file mounts do not survive into the sandbox.** Only the project workspace is mounted. If your MCP server + reads secrets from a file on the host (e.g. `~/.config//credentials`), copy it in via `sbx cp` before + starting Coyote, or inject the secret as an env var via the [Vault](Vault) instead. +- **The `npx`/`uvx` MCP server install pulls from public registries on first run.** That can take 30+ seconds + inside a fresh sandbox while it downloads and compiles. This is normal. Subsequent attaches reuse the cached + install. diff --git a/Sandboxes.md b/Sandboxes.md new file mode 100644 index 0000000..fe3a3d2 --- /dev/null +++ b/Sandboxes.md @@ -0,0 +1,313 @@ +# Sandboxes + +Coyote can launch itself inside an isolated **Docker Sandbox** (`sbx`) with one command. This gives you a disposable, +hypervisor-isolated environment where Coyote runs against your project workspace without having access to the rest of +your host machine. + +Sandbox mode is powered by [Docker Sandboxes](https://docs.docker.com/ai/sandboxes/). Coyote does not implement its own +container layer. It delegates everything to the `sbx` CLI: lifecycle, isolation, networking, image management, and +process supervision. Coyote's only job is to orchestrate the bootstrap (build a sandbox of the right shape, copy your +config + vault credentials in, attach you to a running session) and then get out of the way. + +## Quick Start + +Install the `sbx` CLI first ([Docker Sandboxes install guide](https://docs.docker.com/ai/sandboxes/get-started/)). Then from any directory: + +```bash +# Sandbox named after the current directory's basename +coyote --sandbox + +# Or with an explicit name +coyote --sandbox my-project + +# Create without copying your host config (clean-slate sandbox) +coyote --sandbox throwaway --fresh + +# Skip all sbx mixin discovery and application (debugging / minimum sandbox) +coyote --sandbox --no-mixins + +# True bare-bones, isolated sandbox with fresh Coyote install +coyote --sandbox --fresh --no-mixins +``` + +The first run takes a few minutes (building the Coyote sandbox image, installing Rust/uv/build deps, compiling +`coyote-ai`). Subsequent attaches to the same sandbox are instant: Your config, vault state, sessions, OAuth tokens, +and installed tools persist inside the sandbox until you `sbx rm` it. + +Re-running `coyote --sandbox [NAME]` with the same name **re-attaches** to the existing sandbox silently rather than +creating a fresh one. `--fresh` and `--no-mixins` are ignored on re-attach (they only affect new sandbox creation). + +> **Tip:** Inside the sandbox REPL, prefix any line with `!` to run a shell command without going through `sbx exec +> -- ` to modify the sandbox state; .e.g, `!apt-get update`, `!git pull`, `!cargo build`, etc. Output +> streams to your terminal, Ctrl-C interrupts long-running commands, and you don't spend any tokens because no output is +> sent to the LLM. See [REPL - `!`](REPL#command---run-an-arbitrary-shell-command) for details. + +## What `--sandbox` actually does + +Coyote bundles a pre-built [sbx kit](https://docs.docker.com/ai/sandboxes/customize/kits/) (its sandbox manifest) directly inside the binary. When you run `--sandbox`, +it executes this sequence: + +```bash +# 1. Extract the embedded base kit to your local cache (skipped on hash-match) +coyote --info | grep -i "sbx_kit_dir" | awk '{print $2}' + +# 2. Discover mixins: +# - Walk known discovery paths for user-authored sbx-mixin.yaml files +# - Inspect your secrets_provider type; if non-Local, also extract the +# matching built-in vault-provider mixin to: +# $XDG_CACHE_HOME/coyote/sbx-vault-mixins// + +# 3. Log what's about to be applied (info! and println!). See "Verbose +# mixin log" below. + +# 4. Check if a sandbox with this name already exists +sbx ls + +# 5. If not, create it with the base kit + every discovered mixin layered on +sbx create \ + --kit /sbx-kit/ \ + --kit \ + --kit \ + --kit \ + coyote --name . + +# 6. Copy your host config into the sandbox (skipped if --fresh) +sbx exec sh -c "sudo mkdir -p /home/agent/.config && sudo chown agent:agent /home/agent/.config" +sbx cp ~/.config/coyote/ :/home/agent/.config/ + +# 7. Copy your vault password file, if a local provider is configured (skipped if --fresh) +sbx exec sh -c "sudo mkdir -p && sudo chown agent:agent " +sbx cp : + +# 8. Hand control to sbx (Coyote's process is replaced) +exec sbx run --kit /sbx-kit/ +``` + +Once `sbx run` takes over, Coyote on the host exits and your terminal is connected to Coyote inside the sandbox. All +signals (Ctrl-C, etc.) flow straight through. + +> Coyote handles steps 1–3, 6, 7, and the `--name` argument of step 5. Everything else is `sbx` doing its job. + +### Verbose mixin log + +Before `sbx create` runs, Coyote emits a single block to both the log and stdout naming every mixin about to be applied: + +``` +Applying 3 sbx mixin(s): + (adds: 1 install, 6 domains) + ~/.config/coyote/functions/sbx-mixin.yaml (adds: 0 installs, 20 domains) + ~/.config/coyote/agents/my-python-dev/sbx-mixin.yaml (adds: 1 install, 1 domain) +``` + +If zero mixins were discovered, you'll see `No sbx mixins discovered.` in the log (no terminal noise). If you launched +with `--no-mixins`, you'll see `Mixin discovery disabled via --no-mixins.` instead. + +Skim this log on first launch and after installing any [shared configuration bundle](Sharing-Configurations). It's your +audit point for what each mixin grants in terms of installs and network domain allowances. + +## Lifecycle: use the sbx CLI + +Coyote intentionally does not wrap sandbox lifecycle commands. Use `sbx` directly as it's the single source of truth: + +| Task | Command | +|---------------------------------------|-------------------------------------------------------------------| +| List sandboxes | `sbx ls` | +| Open a shell in a running sandbox | `sbx exec ` | +| Run a one-off command in a sandbox | `sbx exec ` | +| Copy files in/out | `sbx cp ` (use `:/path` to reference a sandbox) | +| Stop a sandbox without removing it | `sbx stop ` | +| Remove a sandbox (destroys all state) | `sbx rm ` | +| Forward a port to the host | `sbx ports ` | +| Diagnose problems | `sbx diagnose` | + +Run `sbx --help` for the full surface. None of these are reimplemented in Coyote. + +## Vault Behavior + +Coyote's sandbox bootstrap is aware of your [vault](Vault) configuration and behaves differently depending on which provider you've chosen: + +### Local provider (default) + +Coyote resolves your `vault_password_file` (or `secrets_provider.password_file`) from your host config and copies it into the sandbox at the matching location. The path is rewritten when it lives under `$HOME` (so `~/.coyote_password` on your host becomes `/home/agent/.coyote_password` in the sandbox), but kept verbatim for absolute paths outside `$HOME` (so `/etc/coyote/.coyote_password` is copied to `/etc/coyote/.coyote_password` inside the sandbox). No further action is needed — your vault works on first launch. + +Additionally, at vault initialization time *inside* the sandbox, Coyote auto-retranslates any `vault_password_file` (or `secrets_provider.password_file`) that points to a host home path (`/home//...`, `/Users//...`, or `C:\Users\\...`) to the corresponding `/home/agent/...` path. This means custom password-file locations under your host's home directory (e.g. `/home/atusa/.config/coyote/.password`, `/Users/atusa/...`, or `C:\Users\atusa\...`) resolve correctly in the sandbox without any config rewriting — your config stays pristine. An `INFO`-level log line is emitted whenever this translation kicks in, so you can verify the resolution if needed. + +#### Host OS support for the password file copy + +| Host OS | Password file under `$HOME`/`%USERPROFILE%` | Password file outside `$HOME`/`%USERPROFILE%` | +|---------|--------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Linux | Copied to `/home/agent/` | Copied verbatim (e.g. `/etc/coyote/.password` -> `/etc/coyote/.password`) | +| macOS | Copied to `/home/agent/` | Copied verbatim | +| Windows | Copied to `/home/agent/` (with backslashes normalized to forward slashes) | **Refused with a clear error**. Windows paths outside `%USERPROFILE%` (e.g. `C:\Program Files\Coyote\vault.txt`) can't be projected into a Linux sandbox. Move the file under your user profile (`C:\Users\\...`). | + +### Non-Local provider (auto-installed CLI mixin) + +If `secrets_provider.type` is anything other than `local`, Coyote automatically applies a built-in mixin that +**installs the corresponding provider CLI** inside the sandbox. The mixin also allowlists the domains the CLI needs to +authenticate: + +| Provider | CLI installed | Auto-applied mixin | +|-----------------------|---------------|-----------------------------------------| +| `one_password` | `op` | `` | +| `azure_key_vault` | `az` | `` | +| `gopass` | `gopass` | `` | +| `aws_secrets_manager` | `aws` (v2) | `` | +| `gcp_secret_manager` | `gcloud` | `` | + +The mixin installs the CLI but **does not log you in** — see the next section. + +### Re-Authenticating Your Vault in a Sandbox + +After the sandbox is created, you must authenticate the provider CLI inside the sandbox once. Either use the [built-in +REPL command passthrough](REPL#command---run-an-arbitrary-shell-command) to execute the login command in the sandbox +when already open to the REPL, or use the Docker sbx CLI directly via `sbx exec `: + +| Provider | First-time sandbox auth | +|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `local` | Nothing (password file auto-copied) | +| `one_password` |
  • **Command Passthrough:** `> !op signin`
  • **Docker Sbx CLI:** `sbx exec op signin`
| +| `azure_key_vault` |
  • **Command Passthrough:** `> !az login`
  • **Docker Sbx CLI:** `sbx exec az login`
| +| `gopass` |
  • **Command Passthrough:** `> !gopass clone ` (or `!gopass setup`)
  • **Docker Sbx CLI:** `sbx exec gopass clone ` (or `gopass setup`)
| +| `aws_secrets_manager` |
  • **Command Passthrough:** `> !aws configure sso` (or `!aws sso login --profile `)
  • **Docker Sbx CLI:** `sbx exec aws configure sso` (or `aws sso login --profile `)
| +| `gcp_secret_manager` |
  • **Command Passthrough:** `> !gcloud auth application-default login`
  • **Docker Sbx CLI:** `sbx exec gcloud auth application-default login`
| + +These commands authenticate **once per sandbox**, meaning credentials persist on the sandbox filesystem until you +`sbx rm `. + +If you forget to re-auth, the vault will fail to decrypt the first time Coyote needs a secret inside the sandbox, and +you'll see a clear error from `gman` pointing at the right login command. + +### Manual credential transfer (alternative) + +If you'd rather not re-authenticate inside the sandbox, you can transfer your host credentials directly: + +```bash +sbx cp ~/.aws :/home/agent/.aws +sbx cp ~/.config/gcloud :/home/agent/.config/gcloud +``` + +This is faster but bleeds host state into the sandbox. It's your call. Coyote intentionally doesn't do this automatically. + +## Extending the Sandbox: Auto-Discovered Mixins + +To add applications, network allowances, environment variables, or files to your sandbox beyond what the base kit +provides, drop an `sbx-mixin.yaml` file at any of these locations and Coyote will discover and apply it automatically +on every `coyote --sandbox`: + +| Discovery path | Purpose | +|------------------------------------------------|-----------------------------------------------------------| +| `/sbx-mixin.yaml` | Top-level user mixin. Applies to every sandbox you launch | +| `>/functions/sbx-mixin.yaml` | Mixin for global custom tools | +| `/functions//sbx-mixin.yaml` | Per-custom-tool mixin (alphabetical) | +| `/agents//sbx-mixin.yaml` | Per-agent mixin (alphabetical), applied for every sandbox | +| `/.coyote/sbx-mixin.yaml` | Workspace mixin (walk-up search from cwd) | + +> Coyote does not recursively scan for `sbx-mixin.yaml` anywhere else. These five paths are the whole surface, meaning +> anything outside is ignored. + +The `` walk follows the same convention as [Memory](Memory): Coyote walks up from your current directory +looking for the first ancestor containing `.coyote/sbx-mixin.yaml`. Use this to ship per-project sandbox extensions in +your repo. + +### Mixin file format + +Mixins are standard sbx kit YAML with `kind: mixin`. Here's a complete working example that adds `ruff` to every +sandbox: + +```yaml +# /sbx-mixin.yaml +schemaVersion: "1" +kind: mixin +name: my-python-tooling +description: Install the ruff Python linter for use in any sandbox + +network: + allowedDomains: + - "files.pythonhosted.org:443" + - "pypi.org:443" + +commands: + install: + - command: "uv tool install ruff" + user: "1000" + description: Install ruff via uv +``` + +After saving this file, your next `coyote --sandbox` automatically applies it. See the [official sbx kit reference](https://docs.docker.com/ai/sandboxes/customize/kits/) +for the full mixin schema. + +### Built-in mixins Coyote ships + +Coyote already ships mixins for the most common needs. They get auto-applied whenever they're relevant — you don't need to do anything to enable them: + +- **Built-in tools mixin** (auto-applied when `coyote --install functions` has run). Allowlists the domains used by + every built-in global tool and the default MCP server set: Wikipedia, arxiv, jina, wttr, WolframAlpha, Perplexity, + Tavily, Twilio, github MCP, atlassian MCP, ddg-search MCP, npm registry, Docker registries. +- **Vault provider mixins** (auto-applied when `secrets_provider.type` matches). See [Vault Behavior](#vault-behavior) above. + One for each of 1Password, Azure, gopass, AWS, and GCP. + +You can list everything that's about to be applied via the [verbose mixin log](#verbose-mixin-log) on every launch. + +### Sharing mixins with others + +A mixin in `/agents//sbx-mixin.yaml` travels with the agent if you publish it via the [Sharing Configurations](Sharing-Configurations) +mechanism. See that page for the security implications. Installing a bundle that ships an `sbx-mixin.yaml` grants the +included install commands and network domains the next time you `coyote --sandbox`. + +## Custom Kit Override + +If you want to point Coyote at a completely different kit instead of the embedded one (e.g. for development, hardening, +or a fork), set `COYOTE_SANDBOX_KIT`: + +```bash +COYOTE_SANDBOX_KIT=./my-fork-of-coyote-kit/ coyote --sandbox +``` + +When this environment variable is set, Coyote skips the embedded-kit extraction entirely and passes the override path +straight to `sbx`. Use this sparingly. The embedded kit is what every documented `coyote --sandbox` workflow assumes. + +## Nesting + +Sandbox mode refuses to start a sandbox if `$IS_SANDBOX` is already set. The bundled kit exports `IS_SANDBOX=1` inside +every Coyote sandbox, so running `coyote --sandbox` from within a sandbox is a no-op error because you're already in one. + +## Troubleshooting + +If something looks wrong, these are your three debugging flags: + +| Flag | Effect | Use when… | +|----------------------|-------------------------------------------------------------|---------------------------------------------------------------------------| +| `--no-mixins` | Skips all mixin discovery (built-in vault + user-authored) | A mixin is causing `sbx create` to fail and you want to bisect | +| `--fresh` | Skips host config + vault password file copy | You suspect your host config is contaminating the sandbox; isolation test | +| `COYOTE_SANDBOX_KIT` | Points at an alternate base kit instead of the embedded one | Developing a fork of the kit or hardening for a specific environment | + +### Common failures + +- **A mixin causes `sbx create` to abort.** Re-run with `--no-mixins` to confirm the base kit works. Then check the + verbose mixin log to identify which mixin was being applied when it failed. Open that mixin file and inspect its + `commands.install` block. +- **A malformed `sbx-mixin.yaml` aborts launch before `sbx create` runs.** Coyote fails fast with a parse error naming + the file. Fix the YAML or temporarily move it aside. +- **Vault decryption fails inside the sandbox.** You forgot to re-auth your non-Local provider. See + [Re-Authenticating Your Vault in a Sandbox](#re-authenticating-your-vault-in-a-sandbox). +- **A custom tool fails with `command not found`.** The tool's required binary isn't installed in the sandbox. Add it + to the matching mixin (per-tool, per-agent, or top-level user mixin). See [Custom Tools](Custom-Tools#sandbox-support). +- **A network request from inside the sandbox hangs or fails.** The domain isn't in any `allowedDomains` block. Add it + to a user mixin. The sandbox's proxy denies all unlisted traffic silently. + +## When not to use sandbox mode + +- **You only need filesystem isolation, not network or process isolation**. sandbox mode trades a few minutes of + first-run setup and ongoing VM overhead (one Docker daemon per sandbox) for full hypervisor isolation. If you only + want to restrict which files Coyote can touch, the existing per-tool permission model is lighter weight. +- **Fast one-off shell commands**. Sandbox attach is fast on warm sandboxes, but cold-start (image + kit installs) + takes minutes. Plain `coyote --execute "..."` on the host is faster for trivial work. +- **You need to interact with host-only resources** (the host's clipboard, host system services, certain GUI + integrations). Sandboxes can't see the host beyond the mounted workspace and the proxy-mediated network. + +## See Also + +- [Docker Sandboxes: Official Docs](https://docs.docker.com/ai/sandboxes/) +- [Vault](Vault): How Coyote resolves the password file that gets copied in +- [Environment Variables](Environment-Variables): Including `COYOTE_SANDBOX_KIT` +- [Clients](Clients#authentication): Auth flows you may need to redo inside the sandbox for OAuth providers diff --git a/Sharing-Configurations.md b/Sharing-Configurations.md index 9a6c075..8f167bc 100644 --- a/Sharing-Configurations.md +++ b/Sharing-Configurations.md @@ -1,5 +1,5 @@ -Coyote ships with a built-in mechanism for installing and sharing configurations (i.e. agents, roles, macros, tools, and MCP -servers) directly from any git repository. This makes it easy to: +Coyote ships with a built-in mechanism for installing and sharing configurations (i.e. agents, roles, macros, tools, and +MCP servers) directly from any git repository. This makes it easy to: - Sync your Coyote setup across multiple machines. - Share your work with teammates or the community. @@ -36,6 +36,11 @@ or from inside the Coyote REPL: That's it. Coyote clones the repo to a temp directory, scans for recognized asset categories, and installs each into the matching subdirectory of your user config. The temp clone is removed on completion. +> ⚠️ **Heads up: Sandbox implications.** If you use [Sandbox mode](Sandboxes) and the bundle includes any +> `sbx-mixin.yaml` files, installing it grants those mixins network access and install privileges inside your +> sandboxes the next time you `coyote --sandbox`. See [Sandbox Implications](#sandbox-implications) at the bottom of +> this page before installing bundles from sources you don't fully trust. + --- ## Expected repository layout @@ -344,3 +349,51 @@ Add them via `coyote --add-secret ` (CLI) or `.vault add ` (REPL). S ### `git` binary not found Coyote shells out to the system `git` binary. Install git for your platform and ensure it's on your `PATH`. + +--- + +## Sandbox Implications + +If you use Coyote's [Sandbox mode](Sandboxes), installing a shared bundle that contains any `sbx-mixin.yaml` +files is a **privilege escalation event**. Those mixins are auto-discovered and applied silently on your next +`coyote --sandbox`, granting: + +- **Network access** to every domain listed in the mixin's `network.allowedDomains`. +- **Install commands** run with passwordless sudo inside the sandbox (the agent user has full sudo). +- **Environment variables** set in `environment.variables`. + +This is fine for bundles you trust (your own configs, your team's shared repo). It can be dangerous for bundles from +unknown sources. + +### Before installing a bundle from a source you don't fully trust + +1. **Grep the repo for `sbx-mixin.yaml` files** and read each one: + ```sh + git clone --depth 1 https://github.com// /tmp/audit + find /tmp/audit -name 'sbx-mixin.yaml' -exec cat {} + + ``` +2. **Look specifically at**: + - `network.allowedDomains`: What domains are being added to the sandbox's allowlist? + - `commands.install`: What commands run with passwordless sudo? Do they pull from a recognized source + (apt repo, official installer, signed release) or arbitrary URLs? + - `environment.variables`: Do any look like credential exfiltration vectors (`*_API_URL` pointing at unknown + hosts, `LD_PRELOAD`, etc.)? +3. **First-run with `--no-mixins` to verify the bundle's non-sandbox features work** without granting any sandbox + elevation: + ```sh + coyote --sandbox skeptical-test --fresh --no-mixins + ``` + Then re-launch without `--no-mixins` once you've reviewed and accepted the mixins. + +### Runtime audit + +Every `coyote --sandbox` prints a [verbose mixin log](Sandboxes#verbose-mixin-log) listing each mixin about to be +applied along with its install/domain counts. Skim it the first time a bundle's mixin is applied. If something looks +off, abort with Ctrl-C (only safe before `sbx create` starts running install commands; once installs begin, use +`sbx rm ` after to clean up). + +### When sharing your own bundle + +If you publish a config repo, **document any `sbx-mixin.yaml` files in your `README.md`**. Explain what they add to +the sandbox and why. Users who land on your repo will trust you more if you make the privilege grants explicit +instead of letting them discover via grep. diff --git a/Tools.md b/Tools.md index 58079db..eaa31b0 100644 --- a/Tools.md +++ b/Tools.md @@ -13,8 +13,8 @@ coyote --info | grep functions_dir | awk '{print $2}' The following tools are built-in to Coyote by default, and their default enabled/disabled status is indicated. More about how tools can be enabled/disabled can be found in the [Configuration](#configuration) section below. -| Tool | Description | Enabled/Disabled | -|-------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------| +| Tool | Description | Enabled/Disabled | +|--------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------| | [`demo_py.py`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/demo_py.py) | Demonstrates how to create a tool using Python and how to use comments. | 🔴 | | [`demo_sh.sh`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/demo_sh.sh) | Demonstrate how to create a tool using Bash and how to use comment tags. | 🔴 | | [`demo_ts.ts`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/demo_ts.ts) | Demonstrates how to create a tool using TypeScript and how to use JSDoc comments. | 🔴 | @@ -41,7 +41,7 @@ be enabled/disabled can be found in the [Configuration](#configuration) section | [`search_wolframalpha.sh`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/search_wolframalpha.sh) | Get an answer to a question using Wolfram Alpha. The input query should be
in English. Use it to answer user questions that require computation, detailed
facts, data analysis, or complex queries. | 🔴 | | [`send_mail.sh`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/send_mail.sh) | Send an email. | 🔴 | | [`send_twilio.sh`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/send_twilio.sh) | Send SMS or Twilio Messaging Channels messages using the Twilio API. | 🔴 | -| [`web_search_coyote.sh`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/web_search_coyote.sh) | Perform a web search to get up-to-date information or additional context.
Use this when you need current information or feel a search could provide
a better answer. | 🔴 | +| [`web_search_coyote.sh`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/web_search_coyote.sh) | Perform a web search to get up-to-date information or additional context.
Use this when you need current information or feel a search could provide
a better answer. | 🔴 | | [`web_search_perplexity.sh`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/web_search_perplexity.sh) | Perform a web search using the Perplexity API to get up-to-date
information or additional context. Use this when you need current
information or feel a search could provide a better answer. | 🔴 | | [`web_search_tavily.sh`](https://github.com/Dark-Alex-17/coyote/blob/main/assets/functions/tools/web_search_tavily.sh) | Perform a web search using the Tavily API to get up-to-date
information or additional context. Use this when you need current
information or feel a search could provide a better answer. | 🔴 | @@ -52,6 +52,32 @@ preserved across Coyote updates. To discard local changes and reinstall the buil run `coyote --install functions` (or `.install functions` in the REPL). Tools you created yourself are not affected, and your `mcp.json` is left untouched. Use `coyote --install mcp_config` to reset that separately. +## Sandbox Compatibility + +If you run Coyote inside a [Sandbox](Sandboxes), tools that need extra binaries or network access only work when +they're declared in an [`sbx-mixin.yaml`](Sandboxes#extending-the-sandbox-auto-discovered-mixins) somewhere on the discovery path. Coyote ships two relevant pre-built +mixins: + +- **Base kit prerequisites:** The sandbox base kit already installs `jq`, `curl`, `git`, `uv`, `pandoc`, `bzip2`, and + `usql` for you. Built-in tools that depend on these need no further setup. +- **`assets/functions/sbx-mixin.yaml`:** When projected into your config via `coyote --install functions`, this mixin + allowlists the network domains the built-in tools and default MCP servers reach: Wikipedia, arxiv, jina, wttr, + WolframAlpha, Perplexity, Tavily, Twilio, github MCP, atlassian MCP, ddg-search MCP, npm registry, and common Docker + registries. + +For tools you wrote yourself, see [Custom Tools — Sandbox Support](Custom-Tools#sandbox-support). + +### Sandbox caveats + +- Built-in tools that hit external services (e.g. `fetch_url_via_curl.sh`, the search tools, the weather tools) will + fail silently inside a sandbox unless their domains are declared in some mixin. The bundled global tools mixin + covers the built-in defaults; custom tools must extend. +- Tool failures inside the sandbox often look like generic command failures or DNS errors. Check the [sandbox proxy + log](Sandboxes#troubleshooting) before assuming the tool itself is broken. +- If a tool needs a binary that's not in the base kit _and_ not in any mixin, it will fail with `command not found` + even though it works fine on your host. Add the install step to the appropriate mixin and re-run + `coyote --sandbox ` after `sbx rm `. + # Configuration Tools can be used in a handful of contexts: * Inside a session diff --git a/Vault.md b/Vault.md index 216cef1..6c7bdef 100644 --- a/Vault.md +++ b/Vault.md @@ -123,6 +123,89 @@ Once the provider is set up, the wizard continues with your LLM/API provider sel If you set up Coyote with one provider and later want to switch, just edit your `config.yaml` to change (or add) the `secrets_provider` block. +# Vault in Sandboxes + +If you run Coyote inside a [Docker Sandbox](Sandboxes), your vault provider determines what (if anything) you need to do +to make it usable in the sandbox. + +## Local provider + +Nothing is required. Coyote auto-copies your vault password file into the sandbox at the matching location during +`coyote --sandbox`. Your existing config and encrypted vault.yml come along for the ride. See +[Sandboxes — Vault Behavior](Sandboxes#vault-behavior) for the exact path-rewriting rules. + +If your `vault_password_file` (or `secrets_provider.password_file`) is set to a path under your *host's* home +directory (e.g. `/home/atusa/.config/coyote/.password`, `/Users/atusa/...` on macOS, or `C:\Users\atusa\...` +on Windows), Coyote inside the sandbox automatically retranslates that path to the corresponding +`/home/agent/...` location at vault initialization time. So your existing config doesn't need to be edited, +and a `coyote --info` inside the sandbox will still show the original path you configured. You'll see an +`INFO`-level log line noting the translation if it happens. This means custom password-file locations work +transparently in the sandbox. + +### Windows-host limitation + +On Windows hosts, the password file must live under `%USERPROFILE%` (i.e. `C:\Users\\...`). If your +configured `vault_password_file` points anywhere outside the user profile (e.g. `C:\Program Files\Coyote\vault.txt`), +`coyote --sandbox` will refuse to start with a clear error directing you to move the file. The Linux sandbox +has no way to faithfully represent paths under `C:\Program Files\` or other Windows-only locations, so the file +copy can't proceed. + +Linux and macOS hosts have no such restriction. Vault files outside the home directory are copied verbatim +into the sandbox at the same absolute path (e.g. `/etc/coyote/.password` → `/etc/coyote/.password` inside +the sandbox). + +## Non-Local providers (one-time re-authentication needed) + +For every other provider, Coyote auto-applies a built-in **sbx mixin** that installs the corresponding CLI inside the +sandbox. The mixin does **not** log you in! You must re-authenticate once per sandbox lifetime: + +| Provider | First-time sandbox auth | +|-----------------------|--------------------------------------------------------------------------------------| +| `local` | Nothing (password file auto-copied) | +| `one_password` | `sbx exec op signin` | +| `azure_key_vault` | `sbx exec az login` | +| `gopass` | `sbx exec gopass clone ` (or `gopass setup`) | +| `aws_secrets_manager` | `sbx exec aws configure sso` (or `aws sso login --profile `) | +| `gcp_secret_manager` | `sbx exec gcloud auth application-default login` | + +Replace `` with whatever you passed to `coyote --sandbox ` (or the basename of your project +directory if you used the no-argument form). + +### From inside the running Coyote REPL (alternative) + +When `coyote --sandbox` is already running and you're at the REPL prompt inside the sandbox, you can run the auth +command directly with the [`!` shell pass-through](REPL#command---run-an-arbitrary-shell-command) without opening a second terminal: + +``` +> !op signin +> !az login +> !gopass clone +> !aws configure sso +> !gcloud auth application-default login +``` + +The output streams to your REPL, Ctrl-C cancels, and you stay in the conversation. This is usually quicker than +exiting Coyote to run `sbx exec ` from your host shell. Use `sbx exec` when you're not +already inside the REPL, or when you want to launch an interactive sub-shell to step through a complex login flow. + +## Things to know + +- **Re-auth is per-sandbox, not per-Coyote-launch.** Once you authenticate, credentials persist inside the sandbox + filesystem until you `sbx rm `. Reopening the sandbox later does not re-prompt. +- **`sbx rm ` wipes all cached credentials.** The next `coyote --sandbox ` creates a fresh + sandbox that requires re-auth. +- **The built-in mixin installs the CLI but does not pre-configure it.** Users with multiple AWS profiles, Azure + subscriptions, GCP projects, or 1Password accounts must run the same `aws configure` / `az account set` / + `gcloud config set` / `op account add` they would on a fresh host. +- **gopass with self-hosted git remotes:** the built-in mixin only allows `github.com` and `gitlab.com` for cloning + your store. If you host the store elsewhere (Bitbucket, self-hosted GitLab, etc.), add the relevant host to your + own top-level `~/.config/coyote/sbx-mixin.yaml` under `network.allowedDomains`. Without this, `gopass clone` will + fail with a network error. +- **Manual credential transfer is supported as an alternative.** If you'd rather not re-authenticate inside the + sandbox, you can `sbx cp ~/.aws :/home/agent/.aws` (or equivalent) before starting Coyote. Coyote + intentionally does _not_ do this automatically. Re-auth inside the sandbox keeps host state out of the sandbox by + default. The choice is yours. + # Motivation Coyote is intended to be highly configurable and adaptable to many different use cases. This means that users of Coyote should be able to share configurations for agents, tools, roles, etc. with other users or even entire teams. diff --git a/_Sidebar.md b/_Sidebar.md index fd6d150..e8a1c1d 100644 --- a/_Sidebar.md +++ b/_Sidebar.md @@ -65,4 +65,9 @@ ## Configuration - [Environment Variables](Environment-Variables) - [Vault](Vault) +- [Sandboxes](Sandboxes) + - [Quick Start](Sandboxes#quick-start) + - [What `--sandbox` does](Sandboxes#what---sandbox-actually-does) + - [Vault Behavior](Sandboxes#vault-behavior) + - [Extending with Mixins](Sandboxes#extending-the-sandbox) - [Themes](Themes) diff --git a/images/repl/command-passthrough.png b/images/repl/command-passthrough.png new file mode 100644 index 0000000000000000000000000000000000000000..6bfce5696aebd064ad7c1cf67947ceb02fd48956 GIT binary patch literal 64048 zcmb@uWmH_ty8Rv8-Ge&`79hAg3GUXo1$TFMXb2WG0fM``HLk(k-QDfqdmle%?{n{c z$NQ(R?HY$P9DLkF2;^=Q6@UT=CmCCPDt@H|9*0%=$@2Tp zZ-hH#{mykzxGy)|VfCV!w^Z4*u%^ z+)F5>!yR}V4YW$;*4(K(MyDCw9ldGDtTq6e_KFQe%&6IG6<*^pGnZWPPRio};hD{k z$9Xnd{Fvwo2R^s6H)tdRBJLZ8Zf92v>S+~4)#zBRIAo5;=x4RQS?D5}ESFI6Z_`}$ zdiL=?QnmD3mq$aBa`YrUTvwcqpmj`MHoi+&Bh}v^EY~*+d^0E40{TjLF=MwxKypv$DF_+bpZpfhwL^!&V=N^hw z7w!o9*}~9VX+v7s?3-pi^8kC&FRr+~qLBI1q4+CTC_$}D@RHwnAHSmL^=`Nd`0Wj_ zlIpvFJTzW1A9OsBp7b_7G+yPTYn^KY9(ir`EkO@lyokT<|xjx!PWT_nT zj90Mu*ennoUrkB>%I5BEpG4L{=7Vv|T(kjLI(gJ1%y3xv?LDAWoNmvu96zhA6?qF> zT|a27))3HexZ^B-+CIG>#JW8HG_KW zZb-tv@en<-m>?2e{i0FoH}#UCZl67#cJ`(8@f!ztLMv)Ihwe5+m&detV}-t+iGHbh za%@?RDZXrMbko_TWU^$FP~jv)-~qXAD^l%XXNxg`qUmWX9rw-7D%SUy9uv6g_*tl( z2xEGGlBw&4P?+=8!CePNXI6Y^7>)3A!h1*GGJbnl8aBcprum74>GTekL~UURQ>4FL znwHF7t0fXgrmyz!+VxkyIDJ^k=t}YaA-sEjuw0)J165dRdpLVJXHVFzc1M{iy_3%= z%2DAgdi84g5#PLX-l%PRm(v{c=AtQSwoWnbnb)K9QE@&2=0fW&4=T$LH0w~9R(;5I z=&6Bl&cj?cgYtAIeNFeB`XTwr&*X|r#^so+dz)r^($-5vDimFR-%H#I^Jz@}RdG>d?$Sk(5eDP~Fh09gLzt-{=`}hppzOjfVFXt3;Q-)ehHjCZS zD-!_~jJQoM5|q{oazf2+^LFPxN056hkG&^AB?LI7kP9nHP~|mg1q@+zR?b2XqalUV zTaUm|rLh=r)zL#M!?^^vM)ULK1#fDZzwLrWa86 z89RuLIn1=TB9L$CW#a&~a$LWLa6Mlv+Rao~a2Sybt4rUtDWNT{79E9YIOUbD_PGwT zuD{JlzTrwoJ7>S-O{>-A4PWs@8E57Uj+7wQ%GuRs-sGA*XST|FR@rm6ZN?~aHcy&F z1f`JKZPecCE1%n%2t8DPa)i%h09lQ35^f+@j}XznjAZK|C+9`m=P6=cl}nH*(LQ~D z=VN*I-isbqPMwp?JFNWeY+t64>#n-?nC8RkB8&$Kr|FqH`vl-O!mAav- zAb<4b1HjBgD4zI!JHm2a z%31N0*gH2{K^`;fiSW4UrRUuFarv8rR$Cy-^;_~asB4E>5s|~&GdAUud5>%R?6xKk zuGu|Vr&(p@=gir<`tEM^Z*p1pjd`$PD*WQgC6<)cWkS);wZhG=y23Ib&hcsrIy$I{ zPMSn(g(}lJQ5g`;o^oZ>zRNqGJbbpT*UwPtg{$a`y53N1t2VIpNeAtq?9m9@M0Sg? zo>SGNVrH^$Op=Pb9TL}eP3!b`d74NXY{zT$Rx$H3Uly#%tTb7y1?~rVd-aSi7IN-q z569PjL4K_Nb;*sCUZ=M{h9v!~Sqmck{`qF*?%bGTa7(G16t%C))_Yuicvf?iu8hr; zXh7JbnN^-WBe9?p+#4!+%2^eyn}qAvXw)8%>zp zu(skLz)al?g+)Q10JNqbxY;j`n%}#K3#IL(la%A#bT`$FXv%zqJ&zF2N zB6(_%K~6k+jJMa>bpZREr!GbkW~ECM|Kag4D%?h88ZbRAY?*xW!;}uPbQ${B+d)ez zG8B!t&){9B98cgaaWxkafcwp1%HoLw|vV_JgW z%1gU+(`uUNlCY@V)FPy3nD}+jb(*&v_fBS$U0FKHyH)_TbzJ89eLoi{uqNxZj&SP1 zd)T_5Aa;kouCtu803LGC)@mO~sx&35usy_RoT)WoJKcD&a_T;c(OVuk_a$0a_U*>l zY??VV2@6($T>C}c!keq2ZT=OjAaD7bpKoonTLi5M-V#5c$VxN{OyA`o^6@&ItV3E- zLJTZ0BVKHo>{)KTo5V`5OR1rRyLirei|jhxweQ!V?C?aqqlGg}qu%6%85#AX87MXP=IagFiF^yJB`Z52_(l)D~{p7$~- zzG)r+7Q1&>2}wZ?pJo(pVRuA;JG`k zBizl#M_*aPk+EHYq%hSvIc-?lxj?t#B-Rsn> z)wO$_Tv=nz=4A8piC=f>+So@ z_vSIjN)Kb$9_ISgt$F*K1{=h+;}Fss-N4L_?;M@`t_MeeD(6qnNeNvM^H*ara-Z@4ta0bxi| z&0h*wOtfRb94mMQ+L*{N$FJgD>oe;kS z``ES)I^|y5mFYrRsUu+~k$&uHf{mCZMyb5qR>yc6ecXFgGs=T1K7ejyOfwiALa~e3 zzl!DbK+$8j4HuT7t(UWG8B8w!*wL7Lu&zOwXXIT>K*QQ8?5Xe2e7h>KM;~op(B_a4 zCzB!Qj;ZyYfH3#DrG7a?fn&`$ zy~f!noJZE+{JS>xIdH=}tvoy9;_}60%RJWI%?^n#Dy^zmW1Df}vJtV51mw#XGWDdC zki4~V(HoAgKIIR!sGDV|xP<^nToG1`BZA@n1T0BIMT^UH$c+Ee;U#9aD*BB9D%`%W zg2nDb2&0@(M5Z6O?qLJr$!kMb{8Wsz>O~&a9=d|>gG#mddk&LdI~-?Syvyfw8Cq~p zHSmhR$H~B3PM-9RTQH5t@9rj0T&l==P!l?zR|yR{*1p}2>6{Eg?}3m z>F;L@GaDP)F%pw=iL~QB=l~6>RMd)rLnB%11WD4(@^(`H_CcwU2~yx)YvtBwa3^u@ z?9<7>t|~`p#O7B`cGZ))(f8~5lx1*iB$&S5LNi9z7TQW6ym*2lVbGTR{OtYRbwT=p ze=NBr8~G|PLDyhaquklD50v|O^*Yn9YMbA#aEcoia^geDn2hg(zOwRmjr*YAR0!OU zM0g5CoI}*j%4;nOpX<8f)VH03NYczZl*h5$_$#teF2o)NU1*2stl1eB1jl~H{<@tk zz@NcJEe)yi1HXM^rNb|M6`z=r4N&&M%#NJdy%yPOn~N;GHvb@K&UEY zjN@H=l6ye;i=(c5kZw~TzaEP4TGAIlV_fJ{x@DN|Zs>_x;?O%NrAlLB4l3LqH8uDM zKS)xye|yw&N7;DE?0KNqoy^}S-KxJvL4^{G)5+?gFbgz0ybtGz73-KN<#KyqonWmd zqj&d<`oNs=OVJ3tbKo^!#-BOrmGYcF8o3YhW1D?Go8;o0JLg9CxkJj2P3!|_+`o9Le$6QO`?5BF zfWj30HI0@wYMNb9f_&li4igPJ+id%gF$TrMyB1=6pk9G0nf&-P1D<530Lwxqk@D>a z(((CQ1)3ot!zC6gWTGg8NGxDBSkbS~8QsP90aNuNF5&@z6)p_JYN+tvoCguybtwN) zGen{q(kp%nqxd-Qdi459!wP3L-&+4&4@f1#?fMPOh{+05c<*JfKLPJff{!dU7S(|& zXBfB8K>FL20$*o*N&iwLEeQTc|K!gG^f(D^G_5tW^>E#`J}g-V;T!#}xb9Xr9l2ZM zflHD#Ht>MQ1`at@0By)My=NpI^C&Ib%ut_WXo||mmZ32|q(XRX9=grBK?k=LZ!Nur zsE{6ZPj1r)le7%WS6JoAdFdUKn5h+4+rD+_dE+QHAAt7Grrp0~Z{7~?OR`ze2p*Rg zTIwtRa97ih*KrOr=M#-CZ!P>7y%CYoV}LO=Nw32y)7wdm$}S6?yc-zpyrK1)%dVp^ z$Nqk1;eq9}2JBkwO#qC?AjQ_b7(`*&W}`t@3ycPS6+xvd3P5F^LHX+)s6v3PRSp&* z=io~-7Y7L4g`2=0q28|aEySm_dn~5qPu;!mY`&NsBA@Kp+U(g8u-*({Mi-$|sk}#i+~Ry~_UqnQTEBgT8EC{DKDLIEBP8h#^zGu-v=U&qFhA&I4em1`W3jFZX>iYm#wD& zZ8&K{*OC!{b+~INTcQT8oqZR%(syxh?_>*)0hu|Iql5-8OFPLI`V6g?BgSCK2$7l0+k2>xBA=`RNT2 z_Rx821y3t9Tz;YK(U9_SpQgp4ZrCMozGJAbNQ!J$m zBaDf9SQ=a02g6toA;a1XoUcklWC(jfD=*p@X_{eG@qB=la}>UktCB#Jz+KcyU0;N) zzBY;G!Do;;n(wC{ro;`~eAfj43Q#P#L_}e(KD$ zrUVcY)+TaovMV^W$%jc3?%}lZ!sirsCi0LDyBbEIfQ`GhC&HU-O=T zTXAx|ghaw(q{)dhQ`l-obrM-uWdzU*{|7Ee;YQ+DHTMX)(!Hh^TE-F{E+(E~;CDJo zOl2L$&h7BEIZMc$P#Dl+-GSj)lK@QxQ+`aXGzOq)m@8uVGV<4$QW(pkL!2S_`MT|# z$b~#QubrY(x4(?T<5s)wE_hF-**wy9-U1Mlb!9nCXUScFD176-AI?Q6fCXC4Sm!Yo zpkn3DHse+=*OeG0)*VCdUKNNG*L4}JvKHvvNpOUBVY@_7q82?gtYub7(LZ8-*JH%j zF-_gde%r{sU9j$w8me(`f0y>G0t7aFVk0|;qd4+-w}IE-uigl3Q@4sBi@SKUU3kbM zV%G5lvw{^D;;<9Ke!WMg1n2;PLIJLiz~VpZntp`%g60XHmO zIo_^HmNOMEtt$FbKlsI^p%uFJRla~0ilg57;kxIka0!$s4>ks<@M#zAONO)LQLnO-aX1# zCPMF%NaV?P!6`OdNRyRE!#NC6D@24aD?kjKsy23JcM--p!U z;=J`jx(j6CV`KXKZI@7BQNALVMozaC7(fNZgPQst9}-{;4pXA07axZKfm z?LVgjcVi`lHk{zQ3MZ%-j&o)pz*V0bcvnB`UQ*m~s})_7ZWmQ&*IQ4Ed3JbU1eCbz zm{=i==T$tbR@Kflg3DTEwQuJm9T(Pd;`P(2DdPZ`4Rgf@K0SFcx;Iqhwws3PTj;Ql z{1TsDGLb=dCJFcZscnCDWs+-RDy(+#hQL5K)!O%ftdl76xb=KE1upWB2fl`d}-nX3Q~bVkTi z`J1q5$bavFiu}_8EZ}k>jmwC$XVe4)biajcKxK7_coJLTbGtI|n;M?3N>(}zO5KfW zMj92eE+stqbsiVFe>M4{Q*r}?WSR`}9|7Vtc=5tIHXo7{2l17Egv10}jp+u&zzCFf zqxy4DXFxl~k|&~z$w}7~`4G^}o`tV)CCWZj-BPt+~$5 zhuX4K)4gnq6INJzGLmM5fyVGTVpbH<<(`TyL>BjQK>el~OgOtlfLKCSC2HBfI4AFa zb52?<2-psc5(u`ZzPZ@1KUpK62>OIwc;4E{|9o0E;`6X0y+w32s#17#MPBnXoELPh zu*?o#7`xwlbi_2~r7h?R`CHE>L$}sMv1d%q%HammYUXp)lo=<=9kJj&M3aJ2%boEO z+PD^zdXha#F;=gQg~>P{$*Q+ETK;vAaT_wzW1&}}Z_16!A7H1F>QAgJP_%ORN#uZT zMBOS0t720QtjiVMD{YkRD<59~;qDOOvrs?qY{?zgKLZ4=i2-7pmHdxfxC{wou6@uN z0-8x^_1yV!g!Sl|&!QMvq_MwN7Vv_#YM5p;N{aIcnhH{zqsY@y;rXchRy#AMnc`u2 zZ2s0+n(?=sz_+Rdq}WdP2FyiuhMGf z3bXQkR}VUGUzOOAI4z3#x`@+hFV01vF>heu8(E6N09Pgv!H4?lIEzISy%xdyBga{l z_F3zx$g0S*p}>VtmcTm3Uh$Q#)&x75eJhyEM79uSKG^+dhf8n+h7=V&+_Qao zE~PsHnBta8!N~|lLfGeGo4x+T-BKpZ73Yc|{qXL@IA{;+ZR}G}&z|KEHMLSLJl>MO zS9J6kC`hWFhDvM5Zoa(DDhL1D7H=sgI?*PVz7hMN*Gh^d0nBaya^o8OVvhD$47#cl zZgzz2uLJ;UpgbNN*X?=FM9#U?klNu|!|0vEF2T{g0R`VtqVx9OZ4<3z?rWCbbcX|_ zW+!|Esb1JC)}UwKUYvRHpy*R*%Qz@l7->7{2VNQh_uyPYAhyW^F_7H0J?lc-XW?*4 zI!H0imV$W)Plosx%&1N%h21Jj0yU$k;54U*ruD8F0kDB|{g9G%i4Prm>}C*1<#aAQ z*8@q#v|n7!sL2AZFIG3fgUYAMs3rWnBJml)qSYQE-FQOZA109?eb{v~QVY| zpSX`h$;9HLFC>5VONaMliesTy@WYu6BT6krK=^LQMy7lPocHzJodIspNcft9WhqsB zzeLRvRKE<0P7M01>apY8Nc7)(0iFu=roU!s)iUAEl@&{zt+&3=oTz(kKarCZdc(9{ z)flevESk(=prpj^9eL7yH6dd;!RLTQ?XBoRkQ$$~M{0U7n4FivPD&KcWES7>7rIhu zJ=toM=`J_R1+Fp&GrU9m0m@)uqJSHh=ix%N^7M`nkE69y^?(x>cfj7F60Wl0;S-xK zj%C?NP)=U>IUps(%JID(k~G6heeGAU%o5`}5w#_b;XR|$y7WxH?lrLZ6|sLigKXd{ zU~k2bQLzq>X@mW}L?vVj>+rm>`Juja&T2OmQR--vSgtu1qk;NuIA?A{;!sf6Ff@?{ z4@ue1lfO*TA!{r1d;V>KZM4pX;ZV1y0;1a?QkKrVi}pUc@rALYlp^pn$I1yQZFE(6 z^G;{5kX!u4lNp04%R2y@6H^HbYGBRa-iZ(Y7tYGe^k;hD@4)rX27m>_1g9n=xrAot z^(MJpwdcwXz(aRY9PHf?!sISQEkXq5je#zR&Frgl#awM@dc?lRk= z*q{su8=kZCn$%_~m7m__QI59DSZjWUy~s8LEvLWZv})^E_tfe;05OyhK9E{FD(~vU zNH@qMfzFFH`x`SNOS(ZCCyPJdPTHr;jWUe6as-tLXyB7~21j{e4_yLXTzCUQdHwS% z0kXA`z@~6WCF@>CP>?%P#Rp?H!_$Liu1m5SOkt`b!({`$I$i1R@)Z~Pyuvl#7RK zUTrhC&`gn)5%?%e%P&=0|E@C>ci4`;u0EYY#t%3Gx!WIJ1GWGNJ2!O(qul>c z8uYZ~CPP;)rmk&irv5%iFCCfUZD&rE27^w$YxjL|+H{@ByG7w&EQ@r4rc|3C!i^$* zgfYTolYgAKAj*|wMY30FL40BR(!RN^63Y#B?NUR}VOP*4v;I=6qsq!>2Xn zp_A7@VrgQ~P;J@E%e|npnCMohuBFLZqs~x9{fJcGp!Oq{5h8p)iRiVDIi>>U; znQn4aw`w4n(qp6kl$x>LGl6&JaF{MX(PCx_W)q6!rV@~zSv2k=$ztF`XP(2Tz(2gN zX_`e9x;SV$Gv{4T180x$ouCfBX_ialD#eiRY+mXl;)ZhMpSM_-8XPcrlYL;((uz=L zjlDHkHRXt{)nQ_wyz28Q%}3~D78pt;gsK9@>a>9`98DG%Cc3Uc0J<(c2)QDcLO3ea zqdqH<&pr$y4^>&YGi2b7@7k~1f|s7AI8hk$7eecEJq1TKx(T&=L(3+io5sE-93kwO za9-;RW`C@Av`gY+=p@NYya*d@t7&yc?Y`hDJpylZ(5sBzl@f0qGNyOL^96DcN(pi{ z`!tit0aK}8w`l!*zM>s1YOz-{NO*~0rTUhv_NvWB=<{etXQ?C*vmJ&_!tJ|bKFQg^ zb~giMM?vXuc-uhphKLorIo?T<9*Frl1uJ$EcQO{6!XxB8pC+34TrF?d{Ytdv3}T=f zH6^VDPx@;qEunK_XJj=^&(Z$*w?&ry0pk4lo-J=WE?zj|EQjWWKlJU=uUa1Ho6254 zAr+&>M53}$(G7-mtEfxcxl?f6r25?(be`3fS`Z#Sq;xc;^UN@b+wHS%(y@*)iwH`S z_gW2!M>Il&ufj=xMXczXRmuVMM9b-JX-s3~6!{q+b0GCyI$*Fb|1{0yQs*VZA!Fvp zFawzxHZ-#VLWe`eXe6%~b`Pe9`nmg+(_QPw4C9hBs;tuFE4a6b0+xr}Cb}$mEm@t~ z)b#@@+jFsF&)=vgUvX58aaY*wMVcRO#1UXct>CI=O-nVy7lJ-QVfvDFl_gX7_-ju$ ze*t^f*bwiwAqJIajeSa$*12Q`sJ%FXI38l(~;-bJx zf;N)Es!jN}gb@u#Mt6Be)0Dc|hFcqep43LDL<;k7`7=EV?z9>%yaag4KY=()J*8Xi z6`iYCF4OK5KmLJgcjkigQ8E8Payd5*tqKHoSXJbREt5_3cG8>NiK?64AJ7-*3SmZd z)-4@suxY@bCrITk^Z9f0L)(2LhHC64y}{`NvXbFQ&lrdrVtkg4j6**#Sn)tEbP;+V zbhNf>=jEWR50Mqdw}eWH;(x<4_rU`d@z-{7V1FC4sNob%kYwLx2j_{0XtZ!iT{VyB zt|v8;+cQ3zromgEG`g8r=s|F~iCYGN`q0QD?-4)?mU=^$-@#SG;4MV>BsqNk=dTqt zv08BYAIK7gHdb{{!~6a(lH?=rn|}ka?gj;sLn%XhJ(@j#^Hi5d({|TjR>Pmy=!}{C zz~PaM8eF{X#yNh?*B3U4DR(N!B%7Yj$>g}CZ!nqzP{u*-=5>dKfzXZ&b+^5-wAG3< z$rLYkTuI)Ck!^;{7aG%{FlyUVKV0k=V!9u;oQ_fejVA}NRHR}{a-u28Z#F)q#kn1S z2w1w`Lw9<6(GE$bh9re{4qvtDkN?4(u*x{}!*U_4jY|}ZDdDZYq&*YwDA#$-7-N18+9_W^!PZZr5=m4nj9NscpYE(7TCGhj6TVoE zk<+_VdL0!X04R?sa#1JYr2xsNb|KC}?>U~B7JAX(kX|J0PT$QXHX2E-3nOGF?tbkikX;7bw(oz z?5jru6pc&gVWfMW0iWlfnc+FR=S_vZ=dnBZF)48Ux`a&+xd5>LOdC@W@T- z?JE~xwF|8}rvRIKam9$Af2b zL3u|T(bcPjA3)s$w~knz74{1Pp-(#+9>-JCh+6DUtS}s%>oMM6CnsZcXwx688PvK z?S9cWW-~bzOgkTZQa8d;DFp5~GCp{%kQ)y$ujl)O3{D1ag5!lOHdbkGSYr1ZO8xCpz_#$ zyGtQ-zD0Ua(61gi13V;PLvHzK-N)W5monomuX1CnEUj2ku?5wm^h<=L1;h@#Mty}} zqz$^MA?%{6f!&rBIy8qyqpU%EqC9$+yEUW%=$|+SNfRlUsc}7VWraF!h|*c;$?WN2 z@sb3Y44LR61f6yf;YY{yux4Z6-hxtr&+UqYKDl;{ z(!Gz*A)`fzcb;4)FVgjnV#!Z$nqrcb0C%qttzJ$SI{u<~toHS}@S66EA97-A7aaZq zI!Z7jzR9_U{WuI_iYcXq%}O~ zL$K=|zA2=9^MjJ^15F>z>gClrQX7FcG^57^q{>;D5?%)cO;>4q`OMI$27Y+r#ZN}B z(|~5|sOi3R@Vanuf{e$+OFCXGJc&Y3q^t=1s-fb^q|2_FmHIwEZ>sJAU8EnWSLiR~ z+1>vC%&7kkvGbtf+XgHUSOyWxNYVV$GH$RDoR=>bm_&3xIx%5Q(veNur@QE;5Zj{? z+*8vvdSWGKCmE&}Tks@*#?|>?K2HvaTM=JB{@DFo32me^oF+EK@U)`gK#gMXVA@(f zbYR!a;KAI%?ar-qEyr$%_#e2XG)1J~z%ipxqT%oS+GcbLn?rByjQ`8a?FXd8keL6QeegXLhvJ`6z~}X1Ldd)dy#dGMU7PQqBa` zwx)l`HWWtCX7ZxhC2V9ukA{_^oGJr4^5}cZ!$fr_ERYq`UW+BpLk+x5A1+B~cjM5Qr-ueKM=+m(OlP*Hlt#5cN^zvEzond;){`YjrL6In?W!|o`jqc5y*9%La z4GDrUAqH%jOxN<<{oaq%!Zah^x7w^#m9|>jxnFC)=)C<3dJ6(Wm>@HQ!tr%`9aGA@ zJBA%66`c>kM(52(u#=qy%fuI+>wWaD_IpU4)d!%;8E^7j&48h>8@+ z>%ECz=Nhlr+~!oA8)yze@dFNEDE8itXswx__>-lC!Gx(fJ7heLSKV^JRsFc?*Uy)K z0%nq*scK;nyelR7$to8{BL)B_Kxiis+t+^$$a>72C&*+5?rfm-mUBkT!(fi*&oPe) z%?T~X=+2o_J()dZCofd04wUeuDULj{u$*m54s)wzMvvsY zFV}%=@VbC<>C0o?PRLeB^=lPG4&D5!&}Z0Q&7F)hRLLbja4AnucK*xy#vFSo9Q1zm z#17pxI4tuA;>Q_L43}e6!!}o=q}s0UsssJusiux{Y%_TAY^O0c%J1i?2HK=Me+2ckusfI_I|u9aRAlF2Un zQkC-*t;4Ruy{U+@!**Vy=}!A`gAizOg1D3e3j`*4=ssPn4}uK%D|M=PbTij1{?6Ra zB{~t$OD4UF#+iCSK1m``^GT7|j!>BGXh}3U`myCdB^o2rVq5wvi)bZO!PMRwH)eO6 z!lEhCeK(4H8dVCWUs}F<{_Gq6$qDi-`6YSW00#e1qv?T3&?xs8CN=*cD5TJ~lsYDo zZ!DdA)<3Sfv7(--f4W7%H8kbc4|vD63k7o9|9KGvuSF9h^7bbs@mmI7*q!8_lW_R~2 z1|a$-Fi6Mlh{Ih^bFMn_E2iFokcnuaGZ{J)#rfI$gz%g1Dh}4%?6iS?RS78g=3|qL zAav1dmgFA}2O7-`kF0$wBbzDHs)~BT*O2l0$aUMgeW{%yVfkVd$2$na`<+VzV=?}K z4YbFIO&J1U1odGBc_sYMpFL9W*B@;8LsY<`SH$JakxO7-pK%QCbInC4N<2^M*B_Bdw{OV-G|<+Z+MPPTW6d z^8T}$TM#z-|EA{t0+=Ey?5W`H@9(uP>NAD6jLTxRsG z^%c+$FV9*VKVyYHOM9_!ACYd^lIpP+BvC8w#=&be;lRo3Nobkk8dIYIF?N2=yBOh- zsu2_Y-!+}-$xSOXy8J>^w`C~C)~ICY_etO@&YMatA&)RgATe6E-={?&HE+1a2NgFbNqB zhO-6o@C7ruE7BT>=Q&;Vt8yrS8rhO(=KUKl`G^9@kppwu7x1@{NQxQ-5 z`&Q3}e5IE&783r3SkK_*;*(+7^*=&bJj7s3D!&@Q5|K{;P>0T75bK4t)v!!9V~Tv2 z8d#%gZT3vO?T1s?L~Me>dP?-MD_yATcZE0N)1(ounlVxsi<;C|{RO@&-T~;ckIAGf z*JbhvKhH&3J8R>UsV)hHSJZUp?@zHB{n(lNXI<#j@;L@t{k{x}kx z_4>@g%ITr*{9&mKK8C()pkq)@^-Y9eU2KJ#VL!it z7bjc(3*QA6Zch1w9|%lmTr^6HCG7N%x$)wU7>H7*u_)T!Ku*u*z&s7k5<)h}zQRZg z970K2Vs!J<8cnad15fUe<#v$Y?*1d>WyHfokLNbF7`hd}nrrF0L?n4fO5b%%DLmZs z4JoFAzv=o2Ua==wR^`03Ab!Z;Y=7g;u0WfH$43(Lc?)8qSpvNizCeCKnV`_t3&>tq z{0NiXNMPOPS|-N>qbTm}sh=+UA25M3$a^?9uLSDGco-aQSS8}9_}C1cjQgi4b7fVV z;23lS>oaOUuzt1tAWfJi{DZ}%>{ibccmr?hXgpMaK56!^$~D=`e~_RnKDLsRyq}s& z4>V=PmMZBZr#OD^GI|efV-2$w3HU&_hX!Dl1*QHt2;5stnaekwnOE?h(|6``9Je1O z*y>~OGt&n7YkfS!qZ<6l)wG7?REZ-rS4JNKSJw4}!BJ%LdjT=w*nQ_tzUMWPHR%H{ zLN!n4s}j+YpmC)65dvb-(XO||ue%h#Tl1wMjJpuqS3!;&{A&f{&aDR=f;`sUOL_x&VVBDEA&9q{+Yt#qU=8wjxiP4H=6Wq3woG zkNPO7n%79{1^pgaFzbmZGJt~TENNzl8-q%ke>TvLiApSy1jQWZn(<5AyesCZE=1$C ziZP3Ed;0=padv-#NBicSki06%QvI|V2eD_Osfmk*3JSome_xsXY!a*lh|+>+*X5XA zI1L#yaRJ}9mwjj|Y9@xodgWyTtZWH=INC}ndD;ik!or6s6>j#Qbh6PR zj-y!)lqbH5{Xwy{D)C#Iy5Bb}u#ObY;BbIysU;DmPzBL^M>RbHxwB#PU^SC!Yd-tm z4_W>h^ZPp#oP_waYFrzHZ}OLr;EDU=BlVbNb0+7*OE#BED8JL@cCi|mu)R0t z;gSAYmhqMv96=jcKj1e5ejBJcYs(<~wX!W>sHW-Ep#pRV}{UzdGo z$7m6y#`ux0w9nvf7%qbIBT<6XM)CPxxg3zFQ`Sq&3~;QB;{m{s~l zh)dn*87hBpOBx3L?94CYTHHMxA}CEQuHMKI&jmFM;OF>CE58E6i>c3$0`jjPaXg+m ziMQL^GfG(;jChRAk_>YraiBSLSbW5ZF5=aU!ZaO&Dw}D}1a-qz_HEB9v4p9VDyyJZ zqul2*OJ7afzwRdgQ)F+f6Uh+47Zonf?|2JI+`CD|}b~pZLzli*=q(^iN`fp_YFV6U^DH`#ZkN zWcV-mt}dRHOs6M)r8hpRG-a-INs zaNvI{f8*}L-p=3|dr)S~kQb?M!*w2|gs_N%lb{{Xr^Nv;w5?*cu@3&9kluu&EPB*J z#8I(ejy#GL+mKD0M$;|BOB`-?%^k-}TnT8lm7eySiSIBWvt;9{vYK1Y>FmE|6{m(+ zoS)FMb8&!fdmN7+5l^}e5^Y_%!gxWRHzc`9E3+t40|ZW=Xig_nP`a(@ zDJIbPwTay0obKuXvJ#r(uH_5MyPu?v8}5zRrb+jddHc&peRCy#IwgyM$#{z#%nv$)v$@pN%!8#YIwMKbL zEYANfxyx)VhTLq2yGj{zQV4}>FH$;o{+>yUp6WSc?=-v+z)sHyjFER=-e{7MRFT7o zr!X`4l6+Hv(QGvQw2HwZZSSqZ1lmdA)QK@{$J?;k5&VxlWbqAe+GZ#^^@v|LX;{VK z&oI3;HRtbpo;`W+nD5XOGMh*!onT8G*0?UAw^*vzyS9xwE+QKown?Q-Su>y~!-IbQ zG^|yhMzCS?;#V^1!}!R7Z9m_4CM#JwD^P2yv%}I@W;XI~FiueC@x5I-x?2^rI_~vU zO9h`ZaIMo?7;;dFLqC^az8+Z=dAbh}GFWJITy-==xkCL$|{dJf5+jTDdaNQL)Dobk1w%A?-%FCGsAPSbxE;=n;0%EK(KBfX8t0fSdE z-$%FF5B-^y;0>}9sSWF~Q?dUk$}+m_>&!+rA6_#pVS~T{=s3#VH+jP_ta-rl`?yi2 zD)++;FDYrcj3^5h86)F=cs1K7Z{x{iG4r&2OcQ1IVWty@99QycG2#sFwJfcMVR zfO({^yVm;m80IVHEhTiudydOL*RiTV4I?Tkv3mkE%+DfRH|L$RNHhAU?&1Yf-3u&< zMvTJ+v5KY%%4Q2a!I$+c4X=0PgQv?N{=|#W*z>(k? z>Y~f>+g+-D7dZtNo+3Y$%r+P!Y~#UZJ0Toj(J zQM`>kp6{#F{{h{|OH;s)xC62tHQ(xG3^IFF=-%z4tf`;z*G`-1c^m1>&qk!7scr7^ zE8XSpB5Y%W4QLWte3$X}peBhd;ai$KZyy&hT>%Y*<}vhqWyO z#i%;N*`BCPDB8uG7Y-H=;z_Hu;b$^+MmH=MI*Y%Ni!NKs4aDEEbA4fr0l0|zN) ziZN}^WyC-YV!) z-=Na}H-z&bFw}CoY0jXw%&f0PTrYmP#FyzT$r;n;$!jg$%=BUjoD$ zu_f`m0+{L`;TN5I&N@_61iK_^qre`EyUWL<2M-~uL%%k?Qz0#IOwq&gS?9-FGh^N~ zeGguwHI8RIhWipUqEd16+w>?^-(BIRT{bTBP*^Zz8)5JCz@F(L>XldK8yD_|Tg}4? z8RHFNxTk)ak{?3}!0@U+wL7qZV6sV#ff${suvmlPK4KrVvU0U)f^)NnaYy1z*~!t;X9xcgXmZ%)oMRuldIk9=rmjolx!&mT9p zy2FKkkBDmYSz8D(|F?uFB-ZEO6QY#}QW2dee^rqiDNOVU8-`Pech^dLI;1@4&)` zl(?lGWcrCB7iO4)X|S{Qt2X*aDXT4(bx6@~11Tl=TUd_bzoJb04>7i4Xz7#5+ zsRTA~cgMqi4EEfx)fp-cb(qL~65s<$d~SYlXrw>*6fLt|lo+vry3oVH`oFH+HQF{A zY?2c6SFta5lvoMdIg+ocIB{>tsFp9pn~E0=?fjG&|MP+lFfipOy^}aO06>(MGM+n|&h`I;-uZ z8r)riRfxm6p@_qu5GWzy%blnO*J`a-Tj)9$yeL=nY(KZtkO2~$ruN8?iSC?;4QE7{ z$=lEzS0dahCtU8T3T6P3;2_Dv8GwCTguurXr&**#$=+>@8g zBQxddf2`?r?Yn!-EIC_4fI1dGhdy~FF|!5vNZ&zc}BFQN6nqtB`=f7`R z-)p9=8F`b{SSz3npPOG-8DzYaWNH|&3&g=?ps~55ZxA$Bp)HMvJ$*zbf|BVShdM!!SvP2)1DFOdAoReH854Q_m=Ka%$N&j*oo*^?NQM2lF3Gw; zp2;jNdvctK*XzGft$`JiMgPbpY;$g!d`*sRO;8%&i}TMmEH!9+RB=y_{%^U9Fwf|zm+zDXZowT16Ut-#)azv6#jUO&S_! z;jB(jopw|KaB*@qXHHGNBWKAi#kKK+i~X@Ne#)RXL!QVPhW^KgkJwbUkQX&=XUEAoOAz_rzIoG*9L9}y5qaK) zYI>^_lG=ND-Vf*-9#JBi%XoxtrmH7TT)8Bg*KY?R*xA75L#sMdiI!0}etSf*AQ!OI zuu}j?o4aOFoKFN*xul$ZZB=|@NotoQ)(a)7+lg`Zr9LZaIy|}Q3p}LDk4@aJD6-ZH zQ=znSH5-_&EE#2MfAm$z-Q}s&?{Sdt_MQxeXJb4Za-=VJyR&5zamWm>WoWh*9~#wF&qIeLy}2&ecUlN4!eq+bt7~z~>lZ5(hlPWO_7Z0? z?px~6BcwHS6y_$zP#D@Bd6H}%;>t1%k+0AkNT z=S_KZtjTMhL5p&aB!rgA$o^JaaH)SDoKl>>6uzHyBEKz}-A9=DJvWc|-314sJvnYV zP8{5tPfQ-2<|d;II%#wP#dzX6+H~73M=R8Jdg_6*s#2Hfzy`L>ZHd$;S+6XB-X)S9 z?22cNcmdp<|KJp?(@g*1V!?O&4Pyt?BjbnoZHcQG4RVjNIKF`#q*1bSTnr`X+&#rn#jH60=NqT zrjm)WJw9#39{s>q^lagb@AtRw9Xoj4JN&)=TITCTOx#T2-B3_R%&I*^*i&SD?VjPA z$CFi_RQFX42%^HFi^aF|06v@S7Gf-kBiq-C4|L{!OAN({Sw zCpfMCrklpJIA+QzD^6$*? zEXOs(G@hwa=Y5V>O;Q5h9Sq^u{9*<<~3qr2?(#)tx_syUSLNub7C zy9H*23aZ_Ej?nwl3xc|kQioeI+=sAR6N+e7P*H0lybCkdHLz+BO96T}Qj#ROv_UIt z0$T6G87yotm-*5v?G{Cd%a=pLfq_-qKUA#Jx4&BPt2U%S#v*2r1ck^V`uFso&2|Uc zamzO+b=m`Ids+Ps;vW-+NhznY0Ib=qC!yV{#xIXRxfYMC%MMa)6GM4!0o5X^e{Qs0 zQir|6g7`dmey)K9zmk0P8%y-p;`&T1F}EK4t09y6vgPdEl(}us7+co~-_WIE8UM1o z9=@w#JGR?;@XLrHbBRaTr8!ALbYQkD(CruN*u8!=93xqx{>N6L;^oD${q6Q`lRX49 zY*SGp<>LuY>hKGvU<#(jsE0zudK zEeKv0Yd4NiU>!Jk#UpUj0Yypj6Zn^~-2-~A_Hliafvcgm;RomT^Y)n4XzwBprd)fq zV3s+UW1UWGnoi)j5h%rkjIdh^wPZTt%CEoqRVfI7KCOy^O5WGNWGYS7Ah2w@eC3eC zdu2tQJR-+HVTIf9MIb2XmSujqJUppIGd1_9Lnmm;@@0W~SbIxI6=O%9y^Fqrc>3J$ z$9gO6x3hPb#oaMhU~t0#fa*$?5jm2YtxzFWMNLaOO*ET_R$%6p1Z^`ur%~bTKw%K< zgeP6Dk*Sg?{sv^AcGJ~*1W14?hdkE$PzHu;|00=ozuS9Khu#pw%HgwSP#~?7)GTWg zYWOXawEEy-GRw&nE?T|oFWNz#6uAXn5VpN^`=H5FoPn^Oy%2xAcyVMHq(dLk$nrBI z7oVIX6_QoRhZ91S_5xk(jo3I&&U%5=1HQp0O9Rw{2{nc66(|MG0%Ff%CI-U+U1Y=Y zU5QJuFXCwU$2{?GTuoY(1Y+pa>-(3~*|(>0;P3X(laIGd8W_7uuK~h*B*-TDH>Bg~ zktW?fwKYrWB!{qD!PsA(+u*w%JQDp6rh;7z4#=u1Wq(`x2R445g3Xb3rS~qZL4epV zR;Z1M=%~5ZofDm59BY${Qx5|Y=j*(#u~lT*>qE0;VazAu zQY)ovV&iH(H?C{T=D(nAky+af(yqHxKzkub+qPaX#7OS>#O4xaW?Y5mHiFimkaf97 zE_MYlf$lBb;`;M4?;E(@-n^Nw$0qA+Z4@~@BoXrnYFjus#vgVxga+GeTyN|!EAx%O z)|NbCVQV2K;XBo3r=7WAnJFS=Ma3&HM9TrmKfc3T(1h=A=%zV7+M*hS-1 zyy;<_H1d7-ie=79!RJVuZ~ovND)}9Yxgu5mC|(lcvG#E}?=8U7^ysr}W@Z5^?qyCr zlxtP#A5TR9Wp8Eq4wG~$>si?;d~vFen^~rlLr?s?@cd$gy=QXVVZPqdv{kJH!|Nbs zt~wKLce+rLLt;9HPTNP4X{#F>l6yeD~qKFcnXSDwHNo=vHGTME}XFp+K6@NJV97 zU3Ki4nvp7-QVAlzD|kS=C#Jlj%dN{SE7WLmD7Ca`_QdBVvrQDZCmO8x;dpgYVs={l zjv0Dl4R3By?WfdhBpo~=j`^tqRd4sr16WbcAG1He0lWl>-omMTY8jd5MS{)rJ~5lC zx83dEKldQjtW3RrFk57+5FE3k-Q_Z3U#JkfHTBx%BNZ|f{QV!M5N9szmp`~sC-OLo ze>Y+^`u4PCXTv*jm)LT<{mUj4`=W`UVnTPjZ{Q7=b+XWj4G|Rh=YI$V;f4L42>#{A z%WrYS|MA6DC8B=Fn=>=I?N;`XNYb~noyjewVH9PBlgEB`7#dS9@KB?#;yH9%W+m^E zsc}qb`Wi1N;I;jM2ns2WGZCDzNQ5Das$bdnMHdL2-!)ahd0h|+ZLuXeFG!u%=J>lT zsaJ#+k=cCRG(6^k+O$&87^N6fnY{c^DZ$moK@#Rc39p+M`t6 z?!?m7l21Rj7LYwHVIekG-tVc!+%mGA;>}Ene>j}LJj~vl|!5$f+{w8en#vlY}m4ZQAu6k#beTF!AfNd<_Sae$x=h1<3|YirX4POKPH+|3}{ z16yfqxke5I$bU2nU_-<3RzSujTqUvYL)nTP5y-?)SWA{}&-oFH;F1ONTY+(2;g9*0 zQFw=1aKO8$^;xUN>2KlRXE?+{j&2O?EO!Z&kuxTz9K4-Xg~fPyVq?Wy`#%haX~p%= zRT$M5sPZ~1>HV8Wx2VP7!w=H0b39v#ec$Y7dx~_c3hYz3 z$S6e;JET^J-G^}8YDX=%^*1nG8?oh&i3qK8d37aT1Mj&%Js0s<77eGf>eD~v=xk*7 z4_2I-k&u;c`(qN~HA!!Ac#)&kx;sgNHf~y+wu14$hQ%Vc6CV69Xx2`gAF9JiQW>V( zFJuAre3CjgVq^2`AKKmbS6dYt)n-uwV~NJ~$24u6aSGaSCl_hJtTGebVSS8^VHp_q zqv9FtvsWPc6L`(X*=YHx!MQk&!79*T!ygb*a#0b?9BuVnx!R)`O$nH zc6mJDO^QP&p`Q+EVkL>Szt#{)i`;U>1UQ&WE$o}uY^G4qe-Bj02OS=K&~VYl%P!fb z3cGRLv|4btsMNqWEkPZPZm5L9AAY3%2p_^Fn0{nA9c-Q-5XCHB3Ga<5tm>78 zC%#tf!W@$z@!C|>42C%3{%cRuutY`O26^W8L*&jl1}c#v^Hwj7TB`@-rQ4(6jI?jp z1Mjq7%^R`Oz{LKE6e0%`h+VSY+orH4a~B3ljgeKx(rrH-N_fTN^5==uE;H%PyTjMi z;+EhBDscOux@0ZU{>Pzw?h*#V`RT9oEd1c$bnmw8c-9RI?TRoosU8LAq;7?u%Wpw? zse3#EkAcVpm%nhv{6V*4S|u9E-Sh^v2l<9EmQ1~-9lFA ze|M+CjOLv@*o*N(a8pLe?!ZyQAXLQ;NBK`J>-ch8&cODZaK<#9w%hlWh)1F=`n}|9WIij(U_9$HZq@A{W|OK2-jJpqI&72vL=l8$a(8uNKrwLv)rE1jRe?PX1zvnc7~iw3;La)* zJbP4=bk`=)J%j`7uYXUGeA`4hPf%VztToz<^TyL`oXJJ^`tp{0`+tPs!?{W^h*oZ4 z|pErMrqb)smu-TcZnt(}{5t z-1I&1W>k*lt98-Z0OKlvbhV7(pUABK_P--@XXftn%MufeWKG2H>3com0~Rn{_~M>S zxjw3PsvtGEr7b&8TTySZ>0%GB=%!`NTdXB?=T#jfI*>sEf!z&yljliD~m8sHgd4efyyVz-X)X%FKoPGxJwDs zV^gt4O(Tk}AW0t#>`P-lR~1QUVLO%CBtrr@^NGIm!LU(rjnot%5aGy1J^mqmQ`~mq z;D?rK@mHRH{ZBky`7fRxJ27%m&Hb-DjV1h7o;GWX@<3B^&-Z_*?rBP*3gb%x<+4l- zLhwNJxBF?tj;+|LyZUwQKAv2htcP&2IkL4fpU;(tW(zWBVLN{k?gNl?c1?7>XV#j_YK7RGro^0!ueZ8~OzTeP3lcWPoEB4UK=26q=cVsoN@Rqm+p+v{kb+6H z$Z!F(_57uO&7O-zXNE4*eHjXA8~*`h5<*9aTMgGelw}Y zOCMi|x_OtxcG?`taquFej55-vFlS;W9$63PymDn^WJAAHI(w=x^FV~<3Q9)wDj%^F zCAH%8tAfxq%69F)QTr;EB?dUQ&~f?Al4cP;!WZ6yvmg7#v+GAM*s8{Uho zgzRewsIZ!GeoeEV*XS8gNL3g&J%i=HxgyAw6g_heih4`cC_5Iozsc=JwQV1=p^U_~ z21n*@_#`OSLw7W#AZw=$n~KcgdujaG{4o#3nSsP%C5ObGSO`O#(JbvX#qBbhNtoL> z4#yx_FkN?;aTRLtr8ANFQ60*K5DCQ-eNI(V@LCb+0~S-7{|2U^!-Rlh@Qk3ilY|NTRmz11{(O7 zazF0Zn~7%h)H_k{JLq3LA#*7Qs3}I+WlP6ILLAB7jd?Se3w?9J4SZUG6w_59L~oV;Ha*@wL;A+qgL) z{1&CW@yo%bC6j4l4n9PGGu3#*R;;6n4+9MhnrFR#>((Xn^x%K-vSTdL3lkb;iMDFJdYPBCjAK;;F#d0~ZS-&GDahO# zStiM)SL_an9JFHJp1q=%u_eklq-R$BqfSHSZi(qz`e1!hWipxR$o{?9zf03~8(!*%$T0COlRX8`g2a~5#Skw56hNJn06FjZ4B&7driei zdat`#3=ag|n%v-?v|u^*kwm2wLLp2nlvj)+0Dz5)Pz71pxS^yLi#~LM3p{oovOsHJ z=h_%$8)rNsu4E|%2A?*px9-6i;)B?mTOCo!`WxId;ZdYY(dyk#aJB5aI2eTJ{jwoE zBE=B>ELN{5s0V=YxIY$?n6%ykH?hss9KmZ#EGMkoja}6g-{bMhxhx1R4G!tZEY0&g ztS7-OJhBc(eH!>{YLCNZ?2hk**ZV02de6R>4BP*k&JBbB8TZv1aa0x^?(FzkM>VA6 z@~$06cj8aaWoUq3_7KL)?ogXgk;4~_moD(3!Gzv2LFyz*a$`D~{HoeOXsb>diNu1Q zDw|D@f4Az?S!E9|{=5|zq>fB}5ohPO6EC~tJ!zw%SFi0oD-FyB z7o*vwp-cJAUnbJDfwg=6N;tCxImP(p*f82hq&Vm7Ed6U81;Huj(i!5az%Oe3afGE- zk9SCu=a*9Nk3XQEpDSU`?`buWTaZh;de7#=XT{=e+n%e3#F8^?TgA;FbozxKSAHkB zjnX)ri(vdX9TX>Pucpagb-1@ri14@SR=IgmWUqHQ8I2aph_bZ69RkGWm#kl_BrpQK zGS|Pc!qu-REC)p^A)Fh^yo_#w0j$28dWb2)+1oemmwQNg=AkFRhTZb;}%hq+X|Jayj`e-8oY~~k$Y^Zd@ zPOJ4xA+)Kxf+-YLi5G{Vy_4&{L8{H?YyIkVRRY6Vu?j<|s5Dq#dS83TqO3@A6(j3T z3AT{DG}-1wZ?gG!W_|gN`viS49mBh_O)DHQCsy3U5-DVtON%o|@Jvr1WI8vm-`A z{vD>y*Bm`70eAk7G4+z>_7i$bWle0PfX{;xvV~u|I9||ZmjA9MtWjws9ohZjGIs3n@j3Hg zapuDGn!e<)ejS516%sS7+~i7+q-DPEl$XwNa)q&^5gnEen(F2G^j@K^xLuBE3l9!) z0qr^VvchN0ue;?~A}C*va+dH&N-(%LI(-1kxJFJ97dy`%$~t>uXcldYxrMu{?zQ>j zx-G`v@p|By&s#7*WXR?-D2W;kR>K9J%bl1^h`h|cTQ-XHyyQ&pgO_N)!t$7bxcrIk zAMfK>JlK>KTgU)rq|l13=B`{y*j;Ot=!>Ndz1{kq5;a|#9lruD!!I+$<#-eCDh#ho zM+iN4LcShP0&HHUw{%aCDV58(o%fcNh+urXai;kGNY_qnY4 zwTdccIlF(HB+-VcCjoOOCdEUaF^zfM?&5l2k)5=%PETc1cwPE@_Ewx`x*sgf(h#*T zLtGCMcTLW0$w*sAMH(GpN_w7gp=5O19da(d^9VR=>PXAW){!AfpI;n|k%YgOyLeEO zRM&+Ohm5{3CJoQ3345v!lcD6pfBB#d2t$rd4?S86wO$Dx{?iLH*8__GfL`CLVORK< zhm{Ima+jfLy~~~2bhaoq%fm64)eDd=y$SiXQBFE%ch{c{Z`P{*88d6D7TrMdcE4Bk zC-;UxPauTkD%p23%}-elAsJC@#=s&IQFrtdO{QR2UGGA z8HG}VgydWbb{(Iq0_caLA*HycNZ$?=Gc^kk%fjH@%U}UON?f`fyzm|RL0N4mb?k8Q zF7}dqt12|enp|~4y@-pPZ-5cZsshec$*%JYHnz?14y`aodPD?m; z0rjK{f+rML$n7yP7M4&dmvV<^i+^2DfEOTNTKzXod@`S3DUAEl(#*+FdE{ktr&$Qv z?a!XXd-_UHb2sRg^7;uaPJR5!K;=xGVB<*3!PD{G(UXLl1Kx0_$jdOngHc+NetkY0 z(PnxVwyp>hK_;j^Nx5zAqkC$0CKlFU|F^;-Jbk6?Iz|#=pMfDu>|GP^w0LwZD`4|- zF?#b|4txRw1o=VSf$VCUtFurXb@Yw2=MYfIFU*Xs}GkBxjFdiQH3KKix5o8 zoQiH#azx|lkc6vvTF{3l8591SmgN-)0LJnB8|i}oO1f0=0WUhxLGzWpr$=yX_i^y- zp)CC69!d5JKB*)TX#XFHx7aZQZ{F&koN?HeVb+jryC+1@%!58(4_YaG`YDJHy&iM6 z)eYv{A=YM^$_rrGFf?;hB_hy|M2I1aT5$&xma<4@3_jJ>`}Rb8Q|Nt=+Eddavd5fs zBOa}GYazEkGWxPZP+41-O`k#ybzh1Z{KgyF>u4$hEZ0%ovH|3;{@xd_#x_QoEA)RpY1m+NFB6jTuTLAHkz7k4f{4Q$BBC^ldOU-^0_a4tpczwm7SIs=(@ z;_*q@?m0@Bv(6b;;2n#9>?es-d+n_jld8s!L%h|wUD?1(o5kbM2tarP@KE-5UHsUQ zDG?y0Dkw4_?Z!BpB_U&0Hx#6uYC+7lP0z+ncZ+$AdTlVuehZAx^;RTA@R|(9t0h

!iij6rNmqK+U#fPS(H!S+5_?+QL5t ztB~QxF+07Df9cyLj2Gt`{ww?bn0n9Ug;b04J=(yUQJci$ivIHT3nwG_3Znirw1Py8 z!oPc7C*8IPsoWTTbNIqTlM}+pd#UG-TsXAlbpC z=SYaYjd1RAqT)0$=HgT#dsTYYw0MviLwKNloG=CZF|^0)3E zHF0`n!Rhs^Wxr&vdi?HRrXXjRseKa<@0}Epd3l5D8q@90AfrPU<|6x55x%FWcW?ai zGUkPhZy`_qc3>au$Se}aqW_e;E=sgh^b%Z&=g8D?v`!Z+)J)&7u{kH1)?`Ej`hWQ{ zr>LB+xrCTd>7S{by+bhh`K*_sDF>(Pnc0MkYo(McC-nCeawLla^IdPEQH`X?RJTvL zfWGZ>2dY11;zYD_Yv)x5s>gF0S>3jHR4jU@HvS(N9IPVy%jmqV+f*)_P3?aWS5Aal z_zi=n)PKX^cEGO~JSqPV7|gBqPZ<1WB>5!SaqQtt%Jf9PTWgJB=47TxqsJxwH2|Am z7Tj0dB=`X2c_o~^hT85S`|>%KjMT1Howt3d>ohs4Mp=-PUgB-)%1<%7Bt{_fDO9)f zP^Az8bU8g5_3+3?8hqaD4m2{1&3`CpF1AF7T+-ZRR8VUjT@7=mH4FNeX*ChDiGNuc;q&KHec6h5{stehhA){u}|3OmXAfLJ0NXIw0`$#{v(d%jeyTC zkQDnpiHoL!>B|AS%;X2{VbpT47~P&1L`Z$ zx@yo&*-aiW#blAmbS;*m2n0r$?*w{`YPt<^Hbfo?Ef4hW}zM5xJWw3#X02iNFw-JD+8J#K0ddtiK!}uVGG2~-$nci z%C1;Lr0IYiZ!Q!_XM%nC)62sN<>c$#>B-jy)5|hv)BXun`F}9F+#_^yVhsd{E2c~J zQjZqNOnz}XbQTek_8KL`IWb<(T3cRZ^p;{Qn+_mYqBj(#Sm*Hwvv=#Vp3PwqcdrZJ(8Yd{KgI^TLGV=kdQ-k+~^CZ}Kb~(*Uw`UXqz7 zfie@HQaYn~k>(5T7l&_y=spwM*&BF(j16Ce=N`4i@qM_L1+$(7pEKW`V#Sd_*3%Ey zmz!WB`a3$dQQ`TmeopD!5x9!kvFnBjE^*&J|HJ+6;69q4ien7JOT7L2x$v8rWvxq~ z`}{Yp7|qhn#hJ(XuZqWg!i%FyVrlPnxM7~dU30W>FZ}>qpN9fH59K}Ma>`x`On<2snJO5j%m?IX+RJ>Qm|M~ zjpA|JhCF2GRN047N+6o6UVG94E_BO9v1p{CzrVaj%32S$u=T4}R;j)Vc!2a3XxA>o zrN2Saz*g#&>#})&qx+kZpnpy#o05bRoI@Q3V)YEogUYWMZC&l#GSYr_0y09@CHD$8 zE>q9)rx4&3&v~=7WQlf@Yc(lRSVYGrJ|3HGrXVI&N6<7dd$`W{qA9UrA|Zao|LfL8v{A=7WtYly_=x$qU$qzq$A7n`9=(vE<1AW4e@4@$#Y`)rNe+S zCLysM>MNUqOK1es3bN|v-bd*gT}9f#GAb{-WS_$yMkty%Lh)x#dXsZ3BAFwNP}UlA zkn19Sbw@^|_WC)j!d7!)^e8m(hkRy;AQ;xIU%4M5zos~Xx%)pyW?Dr@23d`fA20KY zFZN!n3|O$=Y7xzA-Oo;Li;RtZ5zxkQ&f=OrGl?7e1*l(yzIB5 zuQ#@&J}yyBrr~El=3CD?bh7oM#oOvFS1e3OYidnhR2{j*4&1t*Y7GDZ2xH zeS_T-rrt-1d7-0)F#eQceWL~j#nkTF_MS{6(BXqOG`K~Y6j|Qd@H|mrVV+xNehxK$ zr8mpSvce!(pJ(AnmWGqI^6^v`;bmQehGM0|rqkxwiZ8K>_;&Ni%kuLS1lT23>aKKL zY^c}*1TsVuN!j5Yme`L93*M@Q0L6*^G@@hr?AHjl6wJ?FUasl#7q? zbqAaY0U;ysS@b0me-d&?!#@%-Tm64P$og)6D%o~xa38jMdF|bFb(uYKI!!Q096>OAFiph z_G9D8t>T*YzBL|HCS55kb0?{FnT>NcgL7{4XO*Va1U?U$S_QNrsCK=mFLkysre7rA*t@$vDU;NQ`kGAN|YJ@YpYg?SuY z8aED@89vMkfy>4OwwbPAE9`JW>D&`vEmNyCAnWN2sl-T}*^uD>BQ8(dfNIXg{5>5* z))qcSJz#j%b{|8Ra$}U<4!Q(WXsEwmk9487VJP#wMcg{1-z<`a04>|qmz^4iET>`d z+vWW1))4U3i;n}=X$t;A&(r^VdTwqvyZs;W`ETOZRh!XEU*gR;3x%%B2+SQ`!=pXM z*Azxg8orV8zb?C0N^t|XvR&upkA0R;2yvNE^OkJ6Ui)*-WM01g<3N3fEiFs43+Ig{ z{hEh5Qui)TAi=8fSrWQemM9l%%Fw*qbXY8Zs@^j3(1K0W(1JYcq-j4-eLS*{#L5A9 zd<35?Jj&O+rL!|fnwxhku%CipZxl-d(byx$aW>XW)-XN4AU8cHDlxYP?cRT`a1(4b zIYJH55nCyc`L)2Gy9yfn;q;KF$>37n-PL_Qg?Ry2peBOc3~`kD#FZsfJ-3pwrIbOo z+MkBX^ef)hl$=BVZeJ7D)h>pN?U7981lZG>!P@f5O!Xz;={7;}8Aogm#e$>^>KU6B zN`}Q|(Z!CVBp4b3O-_Axb6>kVu!ZPfbS+ABgS_@zW*VE~bR_!6REPg>bo`_BYsM~) z_jcNx*&y|1DRj>DE9hsk-zhl_`roq8@hiuu4~B0cK)*$w+YtZs(L?|FMJw9yBIrVN zxPvvRm6=|&*-QB#^^5;MRNemxW%xg#YMJ<4Lr8hf{_B)at{Z4>DlKcrs68=jy{svL z+1Cg+6|LecRxyV%w)JIT6?N#_Z3i@t@>pfy8_`2j6lcrjxW+ib>!ful^<@3UTJlA> zJE90QPfS@A4H4^U6pvu6A98&}kYF?KtTQ;MQu_Bq&3ild41ZVS^$ua`;>P=bq@GbA z`lCOKKZiXIlET5CbaXGJT8m44QYa>$Z)N*lxqcP#l_VTHDE1`;hKqTm`tl~cF@bQ| z9D^|{;b3Oymi3nPCU&1}q1Qo%<|I?(K*}(|6Y75y(6gGq3TV(j3g}SM&Aq`d?e07C ztfx`IPp9Mw=8>Q6PqhxD=N4Pbe2IIsf|!pTXEl^MjtQ%vlHCH&zz=Nlf1r1gj_fZz zzoPe4pSaK#U(_5t4_8czczlT$jwDQ@uITEeS+#(Vx?|zk6vx>tpe)ym`?6^(?`YuD zH2P#U(z|@dtMy8)Oc%Mwz?)qxzzIdJu5v?f-a;lTk+l|MvzO=`RMlX!Vr9 zbLTY(Z-E4yT@@Bd*;~HqP>e2=VYxub*07#B)~rw4=khkYqz1=n>aYGeO0rCuAP`tq z7VB9lVnY0uU4DI#wklbm(ne*bA4Oq-~dB(}IFYhZ?Jg{;d9D zL-l;w(S4_`GD67_>+n(c_&>qtS1+3~se1)*^)!y6fy=O%15)aZ_Em@e4#@2|AY)@)3_nd+FLK#>%e?*)uG)rse zVq8<|1S|0Y&5WTkGv`sF56w1po!kr6@D2l{@bC^()~S1`@i7vhUF{6WOLMy8k-91D zsDjMh^Pv*4L`?`UxtH$frV^^Ggm-olLi*O zuUo3$RbTFf$!MrARfR@ZQo;J&S-SbL-h(c2I+2wzIa0l9+`)R+nAh*6-v4tm{O>eu zJRr^xPFj-qd_zhwG*16@B&DuY^>(GSW(Voh5~3PSqv;rd_Ja z6+z>;QuF>xuQXw%Mu!mwuQnKSC~%P@ZSH=h zGFwO2tJ!xz`@BpSrDP|uX6pflrFNc@CpT;6NTmJH%sKSXMCo^Xu2dgf5_uW+#cmir z@|qO^*c`rOLplYX?U7tl+!;|tM@JjTSvha+)Vz5K*D^q1Ypl;$74wFC^eN_ahIhJ1 z9cq#nu-zGAI}7?YHqDp8$W&#%^jsePJ*=BRyNFZ%y^oY|PXvC^6Nz_3OUy2aIt&Vs zJrTG^w$C0v%msbmTuXL*^*YPSA$ni&ES=iT(42IC3q{8#>LQfS=cv^ACIK$1msiM@ z#Gk3sL8gdrXi-Co{&fP>_)9JMjn?uhZWdk>(Bo?C6AmXK$Bs2CVj# z;FPcAGB=DYO7MOWJ;SlqbCB8pJa>#p!#7@O+9*^A7F4?&E%_<} z0t)C+Io#Oqzg;mIKA2RLxQPR2MP8S9EL@SKG5;mK9B&rb>g&wqli8&4ONp=!R}Pil z=)p{qz|(hJ%9VW3#!FgC^#N7_?yOt#sG||qE+%w=5-`1hf=cyLL;b))e}RWGVkkai z`vcs*qhD_Qt$meCnV^v~LMk^u7Vnv1-09|mDFm6|qz$;fp3Cce5e_@m8ei0a|39l; zECW$kWq| zeKzxzPko`Gk~rTzsVj!)Ga?!P`WsgRdvkp0f+x2pL#|p5Nu$`12t72jXi@4nhXq~y zmsrv|4pg^_r8b)?>@$;rL)d!75?5QXf<(zRqGlE>v$m!ForH;q z-aFX*t&uAcB+KR*Bq^}m^RKqADlZyPOm9hqX}i<gWrGJHl!S3_pL7i0#H>LXa%GE&=~(`P&TZO|5bZt{})%*=1W;ex`>lk9yeiM zwWi7u&%`BseHT-uuTu1%IauJYjM)doTH%XYru$Bq^aWK{NjLK&kg%RNA*y`!IA~pLlXp`d}h4_4g(_I@xc}oXj zdH#U6$`zu1>sfhSSPOrU^L`hl4Y&NcxA@L&TH2^N>agzDJ2|4Y$56C-kqb*47-kT$ zf%;ZzEtDD>_4E$xXDFt)j)Qr|;Xo4by*UT-0BaZGlMaFRNJK)FPrjY6I zWHIF+NkQC-AMAx88^n;5VRf-gc#q_uUZ$PONDTp(MwPO_xSi1|_3SME1>=bSD>>x7 z?k=ambI>=zy*0Ia*5;PwPXnP=$b%1fB)uGV{E49&**6}1$ad)Oa*ipqO#~{P*Yn)7 z(tfKcyYsJEPtY9DrAFon=sLk?-*Ww%&V{J@J)XQa0qt-n2bK(1AOO95Rg}4t+q!@C zoI4eJy^BV$KR7mf6Rz@jjv2YlG&Fn?Ty;zK7TEosh>f(jSk!TSK#7P^XewHxg+L1D z*)!r_O@LB$&NN`*tTs|DwU*S+qP}nwryK` zuJtW^|M}Lx&%gJ@xjDDvvd=mC=udl});e&A(;q6f zRZ?F^Uj1dfu_Ernkqc5}oK0qeDWEbrT2@jTVa@0;*JiM|a)=lg8K}(Qbzw z&p}4}T>goBb+K>^9F(eK+)e7XsihN~KOEP(?(pnXGhNVIvu)aA>subHGV50E=X6H> zTd%R*J++qbk-}SJ99nvc>)U8D<-7qtf0}1cLWKRiPRX#KJsUf4K$An%UAf-ZbboeL z(c=BNmwdg#>orz8U)+(ZtO!>=0LsIKg=ydI@W>NHG@-2A98>4utBATv-j-81f)m?^;wTzV_e@`mqw&C0`P9d>5j zG2M$V996out*~HGAm?wvfLPn_6saZJ(v;Zyh;!J`B&w$;BN4S~St6|20t<}rIR=sG z$zzqX_=p=uo&Go$D<i3M6k}>n@UeS+>-2RGNFq?4O(c_#mZMoV9v6A z-y2;*T4>9R5gr{L&f#xiFR&qKgwq_3{SoakErjI~#1XQP)H^2I`=c)#J(8Rb`MR<_ zW-c_|h&-as6tvA>FK23j(VDAxpz@Y2%i@j#!hsXg-p28KkvHnpJfFVBU804%70SgP zKz@A_o+3$R=lN}zN8dGHNa?%$l!*fK;vf~~+6-!LG$-5=f|1@1=#Q46A?ju>r-)P; z)Z%!ph8m38&=}slsovSdH!51Yp~(;VM*}qvl5+tKSi8mA9y#SW-`uX<1Np8l@Vmoq zf-SH%_ZJc>g&V=-$PV+jfwB{`r`q#W&Awn(Er(OsC5?7tNl=_xLra~{$SeM2PF7z% zi+a^l7KYfuPoe!w^m)LgA_TT)Sx2rH`C1CTg!l+3M+1hJ^2fLA{0z1$@!DR2?H{`$$Vo0t!=l4_vHMFC*Bieu>=nkvq7!Uh}}m0>#ROC^m2~ z5biz@vDwrCCf6S6D?0hJIK0Y3+_xD=Xe9KB`IC;KAK=-}nZcOh>2gB#m?G?6FEUvo zz>JrQi~*fkm$DDoF_T%z}xuTQR=iTk>6=DW5i=8p=MZjDY+9_K6YeKj-j z%9?E-^3TSDf{hcFyD`&ssl+(ygTt4^i*GI&4zjv0Xm2u!d}5Hf)BS80cXoGez7TaV zaL#?H=NtOkd`W{96NHBTBYUc`=0$NPk99{!s^-9Xq$_K%J*Fd45N>INN<;J^)=xLJ zP;>3la5S!@?MtU$2c6!e5$WYBB7XI1?pLmLoz^=_wzno9);$Tgd8V{$${z2Vg=FPh zTXI0aD?YXcWl4e5K$3)kC2Ve(7^fPlsPsok?y~Xx#7M|H=+%MP1+fS8Ji2`hl$BTv zC=#J;o4cJ}rqXQw4;7RVc7gE4#sVi0fmEVPupT%IEZ1bk;;O z!vw9&h(FpTHr4pSIlI*pAij$m6vs`)%c@Tg3=Gf{rgm#PvZS$}EIz4!+gP+G>!)DZn z2OQ)OoNe+9L!v&DioJYwFiHeq+b6?Q;db;d$<{foO~F=`e)EK|XKszM4;_u6aQql@TAYcQy!-(xr) z=XDX!*~zGcfv|G7ZAQjhLF!Iwnn1>2wnQ<=;4X{TK7TN=xnru@K=QyuLtbC5Afil(g z6e87igBA_R-V!oUDzgqm18R)<0Au7idhe67c?NMpX^wZ*BNY3Osk$B>NWa7qvX|z!ZdVtcT{nfuL-@*d{ttbe8r-(8yno{ z%W_Q>AG~YggCWSL8_hv0F)IZf=u=TBBWV@~DjWlBE!q6F$I|!XWlKZHDF=ime^t6W zyzq4DV7J7@c9cTvRSFLeeMCDtneqRX-PjYt#16By7~ebSiuUv8#~=<^%~b!h{CQit zm-J_tw<~E2`T)Wx*bM z7Ilnvk1mj-I=VU+uk|;nQ&d~NR|dAaDy{}UQUK)AvDzq32Qy+#4XnMA-N-og@iLPq zNG0>54>Mi-5Y8<}g^^h%PAXHRB>OY?zJ&}DTGD}+wRFtN4`a@)z>%|QKS{2I?Wy_b zgA~TWd{WZdS-`I(8Hprw6cXq=;Tqo*$X~n{o1XGWQS+~+di|p9I9dKH<6TXEz3tCIKcrs&B=zX^uvw6__F0tX(3#pV9{YcRIf^h48#5~Jj zQi@rE4hm0K=TV+HZ`Pk5&a((Ii`Ih=y$zz7n-}7U|Nb3_I~D;G$1AtyVdmk8fC5as zvs+iwugvJo>r6RTVjC>zqEB1`-g8lJ@+On&UU{rETVul#W082*aNW(d9rcEEeOBxe zUM~(!G2jB2ryk^BQT@Xs;fr1I-5k>cntnson4UbVBd)8mZ6|t^HU@g5N;CjZ*^p9T zB}Pd2Kvo$reNjOh2lkIY=@MgK7R9~jex~NIQPj|vGhaudUtG%cH&AsR2tsx zAyQqE;Hnsrdt-90vg1<{=qh2}{Y77`6B9@69YyN?YO}XMigb6KSouVkM5z60+zlpY za-b)7@SD~c1`1>lgZrqqY&p4nmOMp6qR3O>r;>DzgvjElh5ZOVIW#;R>IW)yteq!( z2Kh3xKHK`a$GEu2 z!8pAYn8y3#!~IokKU&z1eC&~7Na+XTbH4H*BSNM{4|YGQ#>Eugh99!H+^|!sh@wbE zPV($A#9*swSN+jl#Z1KLR=X36l2_L?BxhZPH+b+1lkUwm?iOgaH&sBbyla8_6^ zJpyZ5ufc>urdVK}15pR;%!#f$#`(5(_i|m@RWCtJjynsK;>OK%;uW*`;vOI(Oy0+` zW7>n;MYO3qzQ=(W6C-^dI>X*41jbs5E>mxd@9t9+jy* zAzaXQxxJTJgy8$-DFy59AhPaT(8qDi7j*=C*qbV~DkmKDKvwihvgIDUm{ zpS{Tx>r*nCcDEhpH^+_QZ81T$rrS13dB5Y`DP5%YLugUzamCNI3e31yaLIb(HURSA zm`}rx8NP37=~d^WWmvMTBnGppQ_f-ewM)#r*e-3|amBg!n<%f&+g#V~uTqw@V3YB} z9z!9s&w%)3^Gh#gZs>9N5RIy2Ms^C! z0ntnYley6~-l)h=%nldOvEm_J$sZ%10eIY#FI(z98F7fB?;bgC*tOh=p49?}d;31g zGURKTsXxy|K|l67|59WxTB8;PXp;K#sCP z;B{>EfC^d=cxwCtK3D0aS_*SY-jgAvHb#Ii;=CMFFe4OCfxh(!j_t7j#^bZIGrl21 z&fq$P1g}v^B)S5U=tSb1gU_2KLxq3DYBs(xzQ>ent=V4|6sa#EjRjG0hE3~`ctd=g z??16Pj%>`P?IyX>*;`^F{K#Q5Sj+d#j{#j2ny%@mi0wvAT!}>fLhT0f9v=N?(WhaE z?eHtVnji}n4>I-bsR_+d(%XDz(-N!RcRl+BmL{*sosBJlU{n=5b2 z8>huenQ0|GP-5AWYZzHPZFl!zH7Dur`(eE5yLmkqV`Z`oYN;||(9_Qn4yl)wc+4h2 zd3c{4;fo*`lQ#F-lPkk~R!Kn0XgM)9+Whc00*Z^X_5^uMh=i%ZzTF%uB1yEzT!6usL5=TvH#ImPR?+i)W|0;YP4Ndni8ZrRM7U3*?KOn;|?yD z*-T4|OsXK*7aAgYd7@T>f_;!pGlxI7p!-*;>Ise_wF#HoXV)u62K;9U(^VH!ClJ$Q z;SKXI!axMN?yC;MQTHYuGD^4OtM{dcP`*!lC0=ZEg6?jv?^&Ks{>~O}&nWXgFlZ1p z2T^;%6z8mF0LD%lDl8P8+7h)Xr76qNIGypTLnbUuFi>1FQZ=j(vG^My9r{TG%PxyP z>QicJqz*e{Hy064Z!xLjZ<)oEdtFAh+3{V5$tM1vuqQN<%-YK%bO6tFd4q_Ik|iKQ z7>QSR()Fd+QQBj+^J_Zi7B;lTk@ME*V`WZ{WQMQ6*Kc9tRR4u6vz(UMRM5&v_p+6G zPbul}pG`x4uQ36;;G@v=oueY#;^}^<%hlJ>`RIESs5<{hT$Ol{4hsip;qmWwsSp%4 zA-j@=FNlHru1*oNwnnf!rvB&wyJ6w1D9Y$O&^*xV+s;>*wCwvFhW{RYFgdkDDrFTZ z7B~V$4MU&ii55|?%Kz{k5231z%?B(*8F%BNFwaA_N(b>lUrJF;Dtchjry^6(L_~E z*xH1Ar-TAwI%N+v)ZQq~7D%dX3djEvO%$`R0hWX9D9gr@q8j_Q5MFwLONXjZfzEwC%e z_xd|Eh88RCAvrPECidmgIG83H_v&a!QFL=KTfwV^JIBmDR;pt+wuBB>4C69Nt_B2D z>68j|LaAQVqU@tb^WqlEkU#3aK_EL)1P<`A@Cd{sI@`f)mMStsuLqyaM?PRc=3uV~ zHtSQb`j>6AI581pDFMCW6%dN(7*}q%qoS=|Rk59y7Y^Fr3jq-*W0=Z=Vu5?ZK5sKh z6yMmq`~U&fVhL-#m34K-!;{QPHZyE7W-?fHP(&7M)+sV7f)(}pM1y7H%`JThjcko^ z(LzdbADhgl^c=}n#lt8UhDD691gN1%JaJZ%;|D^@{Jr!4h$af?i;f{o%d{AINrl4ouVgi(>2{YUKO5M0fKTc_%+51wWl2Ai*cab3^h#e@ z^Kev7v;h3zR`>oyYuUY+CuVe8(YNa|lF?z@p@&4l`y~F%pMBlsK8H;3W;tMm$>NNET*&CHn)_@ z!4wUb=xpWM+h%hdTG7vH)qmnBEqMB0IQohIPaMSs|7RQpxBzify*L$rFCN% z6iI%aAWmb)&|o!t-M+xf3PdHPBSbWrh`sHtj)uf^(Z#z79Xf(^p8Y(e9+O_+fsU!4 zl9bUB7${w$3MvVun@4hp(JmjC1h4!Qy9XV>FZ_*W#}MJS52${tj8x?gHuMVDO315{ zY`k;*(Q8Gs5Pno>;`sB$+METm?5ALS?ZF;qe2E1yeKCSrxqCe?@vt3ze`_muMiWD< z#pLxotwZ8EyN86-D@aOovVfXajD{-^Wf>Y{6??Xn6^}zESI#7JurR0`HCk8|*GPTu zo+x^eq#0B=%<5~d0EASdb#f_*Yg;qSv9gxGuIY))9}u*SdN!eGiI@$!ue2cF)>rS7g2pLBgv3+lkxe}tq2I2(x>x$ z)F;1JoGxlCVbMyBiKC3&n#`6#o%taLyKkz?Hue)iS;^wBhY?CHqe;jW@qd?px;jhp zEP1zp{J19ckx#K5efoWX%+#rpMr24IM&znc{Fbp>4w1TV%tvd#Oxs?={pSGx=!H%B zxCC-mW5#0|p`!#yc_ZJ{KIT((+)et|;I%8JTGP+YT3U8tHwo4lYo%aqH0}&e-KtmH z`O~>K&SnNR_O8D1G!~FZ`AXZ1+1!Ko=Qa6Z;(p2<%_W?r-ra>MyrFvCaVN}9Pcs-W zZJP`c1v$tij|ZqP#|5&D&zEu!;VFX>dRBDZpPro}wy%-SR@(`s^L3YVlub5s`x>nz zo*7LtC#D2D|&&!xM=2*D6b> zGGC>=1Rk8y!B=a!YA%z19c&MG6fir*fwO~YooX8&4QZxKXpnKLix{bKOiyHG2h!reJZGHBZdq0MBFZl)18l!R=|TMAPh9O@B?P(=n9qw~*v|tmA15%H8#eBZM$`u?bk56`D`|X$g@*P{ncv*+&JG*itTFqpVH5uF#*;j8|I! z9wznUuL)CR|5pz^eGCq()O-McB&a`4pqzVJ`xs*=-+h(+)oj$DDF67_4!hDA258XS^aY?>bf z(aNzZ1GwKSZDxN}5fT=UMYY*;mCoipE_Phw)@jhRBIF;mWA7)f7n{{Q($rR$RBH5< zF4&p9Vg|rSElS7+#WP0|b~BOvJ|Y?MdWA z1vim&2BmUDTl&zAGhxV_qOfRQU*6Q79SR9{o8GIOqJL)4Mk!9h|CU_Cbj;ShCBdTp z4N^TNe~UpA?fw;mmWe~=s9PEX^c#Pw*XFv}q6H?MLzbO}HM=udl@-9A+uOq!EJeab zdA*JteTWECs>)o~lD}Gi3xI-#(NM)QR$}e`;8mbY>JPu{N}!hT6_iZ47UHG|AK&aYGf& z<}^-(%;~x?>y}bbHa$WyKQR57Q6S!A=(FVRLwF{i+{UUmLp~!seQxxNgjwkpPM4d2 z4@q(AEqb6?Al_mKyzVf2M3j)16-U34H{bVUFl^LLn)>RGO8s^WjFy1EQcfkPqxkqp zw=HuHwMCyv?V2Te3kcP~NC#(z*D?N+rxq}uowdY42Gbt8qi~r`W4xbMBNVvKcX;80 zpLtoQ7ig+CtU3e<0F%G~l#veKz)2MQ=$V<^F}%@w^B-wv&r!F(_x3W4oNk7USHzN}F87L9&OU^O^P}VXJG(lOihpA^ zI62b@ld&}B3S9di66Bn3Aq{ZVBKd{_)5g0REUvEX*ik-jB;cCIs1q1wu0Ei_iGzLr zH%hD*^{c5Soa?ir5wU1Qd=R2uDj{jZ-qNpCypF_*YR zdhH|6Nff4K^yflO^+lRB)oYt7;LO2;`>2Ikzf}IS805U7)x;jCu%D0x+s`#+X;7T8L&Jl z2)2EMD}1vn_0tVAM|pXqxCyRfDADHUT)`i8!FE-m6`%D6^w$k&=@p(Lp@PtLO5qKA`U5 zjFIWOp$D8S-aqR3pdj-foDlD0FPO(JO=3&J~8@S zVwhW)LwzIbi4(dQ=JIolE&C2zVII=^8LlZjW?Kk+rHlZxlJ~)#5ws z`82DDj?@y8u=*`Q+mNzPXXw+P%OnjWcps1#v+v#B(@Jmixms-T@hIkLiF@?-+MJeS zqiD1a&FVp0z4VSA&o?C1hRwrjhu8W2zM5e9@l)+-JR7W}9?ockFuoV`qvNs~{+Rev zakFD_U~=_|fvD6GlohFPmF#iW(WP=LkgD;4N@^NtV~Rs)lI#W1Xu2yeb z|JQ_vwL$fJ4yib)lA>_iz;y5|kwXnl2?IM6H?f7w_V1>>Vi!P zq@MCuFBT0IL_(ZUS0UVI5&J+)V;i)dYP#U)YidZSPrwbji34s`rhHrL!5ZRkthlrC zz5Uc`_tJkuQ>WJ8l-^CT%KtXMn<2N7WUlF8iK#5bEJjftY-Lfj0 zQhyaiou%rzJdCIpMiWD{J&YUrer{HO{h)~wd`~rVYE<8*`yd6^lnx<6V*)Vu;A@I& z3!Qv3yMd_k-6M~xbjK+jas?kGc0g|Wd8p(K&S#Y*H}d=Y4ahm|?TAHha5DpRCpB;G z>`9~#E>CJu*+>%1+Ua%-0k0t^j{6Ci$|*A$NJ!lWcpNZ4^O&k7h071yIOXE+7Sle> z7Bb-y>kYEs08(MslL{2-b_j=o`=!2|1;3lLG&xEvg}kpzN*!HJUS*`BN%P?V@YCXRLXIqn@0zxeMgbU zDv3m?e*`+t37>S2$nERAfEx3|^_`RctQ=UUaC1YgdbK;SsG{k4k^^{#)&RD$+T_W? z+Hlpx(!5B;-#%T7=5Il6+=)o3;+>;hQ!=EYLSq=1K%S!fh^lVmZuTP4rn4Wrfpy%AQ(K#o9n|sr61Rq;j_X zYM*#wftzT0DL9VL|K0uZuXmwOn7-CELpdCHf+vU|Q8>-B`9dDp$h{j*?x$=lOuI6a zS)I7EZz{G@`@LQbyN#bbKeafEFN!m6cd2SNpYk6v!z%{BeRjs01b#Imna>QBs)l%w z?qWjOOeBp<@Kwe6HSni@cdpge6u;VC4KX)tgE5sMIP{jR8b@Ci8yUzZP*&rk!_xCw zn=-=!7^1DfB|zm6#Wc(ntG6(sLBf8U&&v#N_9J-u|0WRx28x}Q9sg2H>pm$bDnR|7 z2EKhPc&-qY|MqaaJ#W2|(=kV9sT@~%@+}d}8H+ID3_K?E-=K=|%%w?4;olY0N;kki z#B$7y(qHlZA2c*rJUB8rUJ;JM(>AkFnUXPqBx-M(TvPE3V zwnwH!N}R>oC*Tz)!A=c)kumH&QzVJC zpp)Q9K zXy^Lfu-g1LTohdXl>t?hwk93Xm(>*D>w%-0NhMpDYU@PXcMZpSFs7&ll!5eT?hNim z;d7JIA*^^(U7Q_}nutG#L2zJhEBrqtRMnQ^QI7vcaP@tQl1&>5(yWw)>aSV_eyP}Z zkwu>*G=C2Qw@m)~An@>yAaLQ3vT2Mx&`6ATCeIbxinq!dsy?Kv7`K~9sp52lg7)ZY zaIU9{vIQoM)cFp8Kz8&Mt*HgX3PYo=ketoUV6ybAh;J`tjHL~6p>V-ioDMto8ymU7 z9P8Fp)xfMNz}KC{%a$^Xx5dAwU~cD{O;*%O*9^ zif^!GB*(mfCzuRGn$A9U#rBqv8D#BgS;Nh9NgJ!V@QO*o8n%m4q7_Ij+mEBp<#Cz? zr!)Q(0o9L=1_Ia5?-sxg3GsFtC*yv`!S%rd`}>cwId1^pvfkT@iuLy~)`KYG;bKO4cE4Le=)#|;q3Y|WH2n!v zYhjUDJby=bq8+nxjs|KTWXA#;aBq1gmr1~Qa8ZA1>Sk_O9~~$wSv7W57JdYO+wPoT zK?mHqE*d*|YALnH>nd9;U=3GYL>)y4Z=LY@_O@Za#+(02Uu&#ry#+a3sO1Xt!j|ml z=q1@TvUPbQ0C^hUS2)A#!p4R%X$J1Dz&5@JY0Z2B+mD{3@QoBE^ls=)36~EPiVn%P zKezkeN!)67dZMC5ez!1MY2o+HhB*bAM??s#+P0EjFA7( zM0?#_+dAD&6-{eBK3R^$-;^11Xq|4%g#F5nSAEx#>7!j8ysSPn$VoNWfBCi)bJm9f zm6LMtNF6dvMn@MQ@cCmOe`Cwv^yT;S5BfT?Tx)guGcpuNZ2oMdf}0QB()|z8sHM^H zzuBVtA2a_`R4uy1#`mS=fVG}(DTxz-hc-h{mvMV>;D|jzo5dURm+-!5S7Pn^UN}B{ zbkBGa1gEaAN_Nx%ATd)yJdu4#>_?o-!8H<3&T=~ho4Q;{4Jj(;+r$;FvBJlH63ZIc zreWQG8N8A1t2>QTwdrR-6BXAMwv-|!Chq>}0Pj6pYtco8BHAbzFw0~w$xS(E`=2mZ zD(&LZ;>_CcH~DqqK24WYBY+gCt{d9k z-Tx#t>V0A|fgzd*MzO^C>5Nu|7Ivz@lyvR>-Wg%P%)cYWJx@w(Y~aV|Ph>k1$c3N@ z7~B4JMs%!I&4sQmh$}ghOG5N%_5oJ&>&hU_&w8cFFCKJF+9F%>nZTR2xf4*61dY&X zLr`bj&5`5p!lKb8`VK9gT1vd=y2}~g?T6wwHoWU6q0Se7 zBiOare{G85D|+Txc67&B{&vK6|BZDw0l%bP-KZ0HAI&MkE+lmpar_&r(c9Qh_->Wt zs<=(=d}QYxdk%=v?Hk$658l}I%##%V9lp6-C7PRFQKTKP`VA!>q?k@HB;1pa?gsGQ zWDx;n(%a}r-+yIyg>I^RzssFrr-Bsf^qU#dYOt7RUq$(8Eg+hFkxgVVV1q#AIuCPi z=Fh)TBqOzP2JiUsyCm%Gf1<K`7@~@VP9y!ttwLWD?6WE>! zjc`mf$ptGoNo7zp&U<%FtQF9J0&@ptjlVu1;G; zJYpj`aN(-@s^za)scTL>EKGU7oGiMG9F`uq!SHH@kla`M=HSq^4oc zVCxwtDgH>{nAs9uN ztnjS*oPKvXdD72}9)WRO@n2kZ!$ca|eIF(NfYJIT^w9jRY<1s8+&SXC)`|K9#b3^- z>mSZ&2oTt=K?ZAAF}wiYY1+cIti0XZU&2D<2fe?t8QEF!TSGj}r1Gz86B){WQ&s<> zF8-B0c~zh07bh@!0#lsFBq15kcHVY=By}XV#^gDQ-TwU>7d|0%fHZ`6oCsVrY@JrP zU|Vm$Tw{19mM@Y;^JHtR3#pC@1dG3&o$TE~pD{LYfHzi#?GsVk{IdE2`Q-2kD)BLe6>cR6{HNvk-qf6psh(_> zO_@lslavkJN|Q64hcDT^3P~r;(e^UKPt#>RF>#iJgP69KW+VJ#UhJ>mon=)OZ`~PQ z!!4qW(3kCU{!BQ-eFRBUbw)+XH?&1UhgQSmyS#TKwUF%HG4aM|s!VVB%74liU!F{+ z?L0d#$&2K6QEh0>rOvgJ&gHmJC&Q3H(Xyu+2{0obYED}Tv#p! zS7MJv;q#`_=JE>&bFRz!@{k8`k4rVrMtV8hfeC(-j6+Z|Cw3>(305x z&o{w)-TA7`7M#ZO{u_o5snqH5)8~c-9G+4?&Jd^FUAEPlF;mr^G5T?n^&3kx>Xs@X zQE}V2`W~w(a>|&>;)jb*Y$Y2 zFR@%@M^j=v4QanVj#8i4EU-_g|N7xZ=Q%Qz04i5*U`s*aZ>ZlSm(QG_@|XMxRh2fk z2W5|w69_cMA+)pGA*rX^_9g%3klhPHtVljrV(OD3N2Y$E{ z)Bib!`F)42Y)w>O$Yu~BB#y9u|Mb53<9~5JpRx#zjEgNocZp7FbwB&@9!I42*+shn zC?j@aRBenY(t-VLt^ZOzj|^=43k$9k6nIdDe!Hs0rnxYS=X}nY!8mGf3fMly$v-Rn zhvSLURd^v=BvPzP9VoFq&)~nG5BiSshxOUDET0CL*_4^T z#g8B7%eD8PLX%N?Jf*)!`#HdG%ser{=hE&g);>D_;1ol}^+oj~-c~s54|ukFINc`u zBGq23gM%&#?((*;d$*QLv}sl5ZYcQrf=u0dkH^aOrkz6VVT~XZ`p&pB8K7dn-rBR` zj$e%Ll@gy`ZW@!NFB4zGaQPWE=C=D(0kZ-uG|(Z-P`xFbP%eNM?R z*1BiEH{{iJu!_M(POjmZw0UfZq=T{s`)g(V@*vPbE^%L0@sCE#r~Pk2{W^Y|1MH|E zgJ^UL(2+K5^Q~2x1(!J6_zmgjcn#sVyPri_-iHSu&UX8~xy9m-=r$g^u5UcH7}h-N z{KYuub6&Uat1lysFBnI&<9?t&c@OB9vu5XY-85fq&d~nIM$d+9TkVvXO$MXLFJ9Ow z$vGs47zl*QubjGR_T~Xz>DpZorGH_)b&e)FHk+=y(~f75>c!$Y?pfk~zySU>&#bb5 z1{H)gKD{3(66kT^RVPOEygG}wbDjSd>~5O$&e*oZJ>s%t6RVY4kKYggCex~;Qw(03 z?iOP>duBNAd0)LzN&Yw>Nivi3RxNX3SXrt$i??x1o|aqYXIEIvJDic9mgyI(`Q6)Y z)lxp%=-oBM^?tp7%>7)y+c*4T&z=Pqr-G~%uQ47>hO0ZGAI~UOA+Pm*ZM>yFJ=4n+ zEAh5SH8rCjpLV5m(fz#D!efK5?csi!xqgbg&edlvTtWX-e|+kA(rgz=^ft{cLGzwh znosKbTvB$%CCT)jdw_F1*;{$Ko-UkbedLvCZL6_Ky!srsw{TYwK27_pHdW_vts>;K z*TQ&u67`iG?WOUJ$J+UZ>eARh=bn)4e|3L`w!dxdg&qrqTa(yji^#3>XBwAt)uQ0l zxVz&`k~13^Q88o!KxOMx*0HW{G{3D6GwY&Jj79d{rJ&})HKC}(-wc} zM59creNdatTIEYML?*VqIB)$EySQv}S#~=ynV5jv9gCH?<;A=dg(p9ygqBkB?D*gC zoEpO845ikyIK4iV-Ee+#>nGn_h$F2s)RWjQwr(Ey`lJZ#O%W=h_0uBo zxYE3n#O~LJ^(aCwKX~}?Bdm9KzCZKMy)1J@yj34tCHKj23*LAle7>`Af`=lI|RF^3GRyI{sL(84lABDypM5aV0G3>(NAcYlJ{Yf_7Yft!n7i%luIc^o* z&Bx(H4Ns&Uj!b7mFUqc(oy!~X=k@fs!vQ|Rla|-m~CDKa2T7>ZfZlip?JPhr*-(i!Zak7G&t%enJtg?h>*vwV4}4{;NF;J*CueC8cewu>m}&;EW7)mD5*Pv{4c zKTH*ow%-c;8Wq2Di40^TR2D6HMty5Ze+=iAlBePnhfDK_(9U(Tt-R3u3~g2exi?uL z#dYCIKRb-sgK{e(K~?Sg~jOPOxvGdXRl)y=NocW(1e_r z()|{m9RFDTZz?m92(ORvzk+k2pg&4CMLz3?jfy@wS=Tqbldmtrhht@0)Hq{LKJz$S z*SYX10$E02op`LXXpSYaKvyZ60xdePJUG5L?iu!Wp5t#X! zNz(F_&5qOw>CNwyqC5Te;L};*F$xK7MtN@cY?TG7zCG+vK|FO38bMO8rw#3^q|n9* z$<@8LLLGgDGM%cvD*vhOu~>MzmRp{vtUEh4?Q7?|nrfM^Q2N|5N3_TZ&=!3ou1`G$ z-g`*~Qpk}h_d$!op2bpzq(R9$j_}4ERNfaBOs!-rFo*ZY7f_q4qpXtfG#Czh~$hQT7`^xh* zvl5pFSz+Es*f%U)ib_RNIlxH?Qdr z%06F?{-gOCW5LNa6yMI;j)pwAg!+@id`^dI3r6JTxE~7mibhuVQ6hC6ZiQmh+!#iU zI-RNtmUe9cw;q-2{@!$P4wusrsWr7k14Q-L=z$YHPY$r#wWXfi*6oYxDgpDs{M)*J zwVcDfM=p;!9T`F~`P{^ze9tc7=ArM56D@ch(JyH}|JdfSWy-^F98+mYSLl7u^#B?=I)z?4d=~JoZ<9BYkR+wGS815s@P5qZT6Ra1A|zLv z^({;`Z#s+K9+Ua=JEIItfe!@^zW1%4aJ~}fx~m%5B`m0r9N=57bZ3#nff$DxC#sBIFibOf(3U$rMpi-h#H{Ioms_ie$ML7zKMZ;>)vx}%$CcGsqfdMoiAYiTn-4>xgDA!PxV=QFb-Z<+HyNEbcDBgA)h@65JPCAUMGZ?(PK5 zqCo-+f#4e4-C+p}!C@2JJ-9D!ci;E>|GIUn?)|IoR9DT^OixW$PoL*J=b4^9N;!M{ z8cH{wpVrNSc!f(2ZWlKyx|*pH)WnoGsQ5LMt#;2QH##01@xEa%NEAGbSG7CcBQSc7 z{l5^6>+~DfP2EZ&L*L~)JpAtz$QeL?VsD==$I!&0_YOAFI<2bbMy&+r3?S~yrjjBejDC*w+@j|-^K-d|!wI#8?fThy z^1=t(PPkg7&eMu$J2juEXuBv5JCRAw_LZ2Bzx&_7@lV_0Pr}5~U*Op9~- zLlgO;9?sTTm0vv$uk~7W!B@8Y>)lMseUMlo0S!wjU7n}H+{b-cb^0ro+ zZS0lY(IIw1s6Uf}}mKer_17VhX* z1;^jRrpUzMomUL8SvR=pGfNR&=82dH*vP|EkLdVPG@p{trzL2p1ASTlvE((X%P^W| zE)BoGWY0>5&F|cAky6buZ!CA7CG{!`49+th{YagNxKg9({;`3PYZD(t`Qcpb(RDBQ zWO6pqRU8}Z9{K48a3souZeRuM*HPuo0jab-ZoX+?> z#`-ktDs-U(k7z|Rw7+n0*v$1-AaM2_LGpO$B~e`ELF`Q;y%<JvY%`c5Cg?$+$!Rvmr)kiFiFj+jfg-43OFZCqn)Q8K zh3Hwk?rNLD)%rD*X+zw$^ogGXnrmxCM_wI#y^;E7(In3iPT=^WJL3aIS$T=UZ z-OU+7ZpZ@67wQM|8@RQ~M7C*@(2Whq7cNPm=xsBkZhM(KmytWY+c}=d;Dv4V*-~vz z4_ubN7qmZBivHZ`N2PbD`kr}>VI_5uO_Vk!7X6()aC;Fbu;Oaa;7RE6?K1qxpD}YAfvAfIKza>TW0fz_E*o4jZD z(oIu2AHg>@Y_62qDn-0Y<|recK9DW$$3$+q$v!re9Ib{&bwF8RS`KX>?LrN0^kc^o zhlfEk14uZllUcGDo+D_4Q5sdMH)dB<*Cq#>Pj6$?)~h)EJ)6#_&VQdB6<=>|(x3kN z-RXM^c6j4_T7B}}h=C|Pw0Jcwi|(T&FC!0(yNH-j!kM>XeMwuo`P$nPuA z$avMP-df%Llam(rsMjXNQu+Jk2iyl@H)vh=XE^uU=i{eyHc!8xC6ynS_()(eg;p`@ zjhkMX_a~GBscC7&j>Z>;b&7ELq*AuVA&52OZ`8xLd7u=u1OjN|msa&TrIb{zV z)GJM*2&=2FPA|{n%@rT2-R?sPPLHTneDD7r%l<{-4`S)~E;<0SI{)~y_(>SNon$Tp z9N9+Q|8t6IU7cP#VTPOR=rQz=AN24j{lf=O=1={%MgKt+&~bAxdpj+!k)(rh^czO?6>FTj?K?r0K6p=Y;>T$Wd%| z4+#G2O(XgUV7-dz)MZQzAobplpp#)Wd!S}>T@Bim_)#@JhgI+vk%jh0n9b!RpyTod z>C@eMXI#qYt5G=LsVTU(WOLy)MD}S|?4#-q1@3di<0F@&?E~%O*>XE_2`HhsryG?9 zr<)f+p85&E8%omHKAuMemTHzSN;|o6WYDR=g}3yW5<^z$F&AV^91I}!;*nNVe7Dq2 z5#b?#Q($QZ?tO!M{+i`DaiP}!oGVsrxOk27FE9*^81@Di_9hmW9E98<3!feX@4rU_ z$VUBh0+%WDzbnO30!lHnkK;bKN6!0zJ>9U4YWT51!igbCx>^ikE|G?ZOr<7h#-nr* zW|R?TjOyf|n^3bAgZPHE?ez>zW1N-IB5oE?Te|qa59lQYCD$A}n}QMi@Tr4;?x2+C zhG6%1&wCQ4%TzOL?PwHq_@Qzr05Ka$*2titn%>m0uQS#tAru-3Pi2vL4yiE*t2q7G zYskzFze;~3oWkuXsSIDzltj8sQ~EMV$m%{jo|-V7QzvlRe`!l42orN6?Z7tATj<`` z@G#+zxDso(g0_S(uSVX1Pqas6_a1d9*)9lDu)0NqI6UvBnGVyRpKNWz z6c~~DJj13oqX#_DZ}a}Q6Uv-&__KjUtky`B-YGv@E_QNp!q`5KYg|re2fNSO8hUHy zJS_!fN102xUgh+Hc{QU=+pBF0m;Es{*pr%mQ&!xIafQl>i1eJyPW02B{r82B+^pfE zYI5JpY)h@Q5LT_9)E-%w*)0S53u)_>@}=y--jD22UxpOM4zdWR)glx!6$jgKFDnm0 zo%J$r!cSE6@JEYEPh>G87`0!2qGgj5i}*@1JhtaB%ZsKMB=Cm{wXRreXA?bu8NCtC zHI6<0c%2}wi?KH6nHGqJ>6=ii^LdTVXVQiDzx&Zm9>5`34T!_@H|?q=U4IWbzU|L5 z4z>YZqYj6mCLaAHA_mKvuNHkE{FoW(=$57;rf{c$d5DoG%$|2>g?UjAA*m(xIr_o@ zy0z~11;saTGR6C|QN4Uu5blWY3+V!fjUjCFnEF>%!ei5PQgZ~PpoSPK{@9)#bxiXz z%tikhoSA~=m<4V%5UIL8V$k~8>{rfQV?nI!4oypmR*YX!fhUodVaj78%T;j|S?v!LGzb1pQK!Q~It28UkZozr<2Ran4iF$~5H%@SO ze1#R&f2{5tPg=opn_^!)!I+$ZZT5&*XYXIX zu*YEI2+OAT5iOZbs-cq{fBejG3Q{lsHE)k)q@98#28@=l56cu?Qy>f+2WaEn?$=DR z(h}}Lb!2Tz?Rmz2uLFq4A_eSlMjg!P1qr(nB?elpusjbhYCe$XaBtIlOX50xeWTJz zm7NH<_SfnDAWj{p!NTW1w#0h4ID80ieql;~6bg;R5JnNnkvLy83oDufZC`ck9Cc>>)?nFWZQ=CzO>Q1PLL`i%Qf7=75}Qc8SW7M;+9-m zgQ2fJ@*m4fJrAvu8X}{&%6YbMy9B3^z#V;*r_3&i`-uJuit-CKTBG9?olUs*qM&cW z)T9Y*{(C5Vx-u-#Q!-6zAhg*XyJCMY*FhL{jUmgXkIND-5v#zXMbU84_pppt8ftceg*u0##VNUH({{Z~tEqe^1yw*9m7tx=jHpl+l}mb3!iZJT zhF&kolQ>Sz4OHcwDFHaL|7%Q9m}4{ZUn`78Rt0g_;cP*}(f%y1{SH}O0D=jY|LpYN zzW4_?cW*PnQbVE88p5vVebY*Zh+2^|-UmW#f5<-&8DZA-l9>l`rqI*0|K{E3I84k! zd*^WejF0O-mv7L&bx4{2TeG$MU)29UApC#Ec}+3E7RY2JZc=pkN3fPmE~@Z1a;A$u za?C^jyp;yxxS^vuzQBaWg6H#X7>p(@`fsqCe(6HoH!(Foies((aSCiRzA>!e-RX$`iSX$ZEXYYVG5*TEI7Y#R>={;Ua?mLzLKFu~`gyww zk1#u%bi*orZ#NwSvg&)##+yX!NSuRa5B zEN+?<@yh4U|BI(7^eJLNN#M75`JUQGYQdW_{g+D3VvyXXf)36tlf$&un|JhK@Fs$` zN(ZyFPvVPzUL^TioxNI}oy6a83Itl=_`^Kxgaf1#An}^b6nGD@FlEaMjYx0Sr=*s*g^cNajNX(&(uinQ(cNz5#NsS z&y3ZeSexzO03VK9x&`a}UX@eFLf<04`CdOwj%*K+jaE38!#DJF8Nh`N_63C-bC`Mt zQ5~Bkh8-SYgoHWNFB>Cn8(mk2# zY)T>UNwWlsXcVx-|Bg_|e|$Ckxwh|F|1TPWdF8K{Ym~w<=p`}a<@r@W-T(L{bh}Wi$^yxzG)Yl4IW_T*L+tFy z76U;^|IGlrf;>ib`7w$LCldH809}ciEo@w2k8stt4NlyDxIry>dW76STMISIXLDbS zui%Yh$%y?1DJAWqXH{q_@KNZiRLXmc6rjf@T7hwb8ikLVWt9l#hOCAd+G^=Xl+op4 zvuZ|vzoeJ#elI*Ly+G7Dle-n{kS4+I4pTD3_-mBH?LiO`4g^o;``0Z8Kv=E~G83y2bWVyx{NjGJM{T93RNyfYNX5t$H zUikJK4qR!UEvaby)nh@Ypqdub5Dn_+~Ak`WieAix3>wJ^sNnWN$^=L)+}h*Zv!dLy zlHId1{w5H}e+&>}?H|?wHsqgVbR5b`NB_ zpkWrDvh`Xd3!#WO{(N2^3S?v?!T_RFSbx$ffy#oJvGXJl$A55B=QR^Psy-cMV`;V1 zT@HJMW+WaO{vc^%Cx4eg!?)7s(Oakgy!OC=*!F7Rd&N55;w!X7n=-KZvOI6K>#|;N zUGausW02gM!le;yn9anGg>n@Bhh*wylquWrav>x6%qe?;?%%a`Mpoj|>x~|D4|Lzu zE9_zU1si%}j`r~vyKe5ro+c%`6S7tv%?YNTSjBypHpNVHjf#tnw(%Mb#j$epTK5*z zWBX`1lJ<83l&F{b{Jb^9wOCGjkv^FfTMo?pG*EH;UyO8cvL5<$1>yC0KBDFl9^}LH z?oc5&<88zFvEPTDt|ly?ArmeqMUR9Xjl18r0u`iW1TG90()wxo9FYDPJ+S#J=1&Ea?enVsIR++&`tk}$MgigiMxml=l(pXM_o2nXp z;iA!(_YcOT<2uncD1G&D>%!sd`b{aXmb)vFiIgsfic)7ZNA}tOR+65pM&In*YR@qx zc2~E230+60Iw2r1-u^c%fi5Qp*5GeL7zll)}{w<3SzXs!b~v`84HS8Sj(! z9qWuza{sZTe7^i{M^>=@PN9)au8~c?k;1x4hqRC>{JHFKiSa_+^t4 zhdCk&7%s(FtIT zdLo5fTtV#dG&7neI3{2w@fbU_1W@Z#+2LvY6R^gRu6%30Yqe3m@EJc9$ zn$aTeD9OfD${;mn|94isqR|kuB}?DvYH*<)Kh1=Fp0OCKc9AKwWBYPa6#tYS24v-Lc{>mVK* zWOY*Nx)h=6kY{Hx*^*`hGLU^yW5*)86ASUzBeyGs^06p8A`|U&Q!i%Z8E(Em@E6PI zWBKMq6>U>0&WrvtfWq;sfu20)-a)621pIig3MT z9$l6R3eC;HvapU=N=d_kZ9BW9{XZNt2_Q#4jjFerRUTzf?_P^2R87IMyU!8sS+d7tucja)(^D2DCU#1a#bo>;r;lioPc8b0r>6M)UYv8aEL+7%gIK>`7#V-k zOZzl>z6=5*Ri;4p8NpC1}jQDR;N6brfg!# zo1>R26D7+7qE{^fF`=fFQl|&F{q-s9bMH^NWC=pnS33+)4$ER8v+RhUZ{ad-9FN@2 zO4GpEbo6bO<<N2IaR%_@%s24v|oHZeK4>JGk+>Ae8$joO6Ev;g6 z7A-%%x(+k{z~Fzdv555GmpklTj>%^JlZfyk2^Bs0hRCouvu|K`T3V9vPI-k^RfX0n zt%eeNm@I&Ut1OIGXUOXjVlsh5F{GXrONs`b1T3xF)$l9;oQ9=s_jP(C+Dt6XyUv^` zGw@|*XP&`+P1SrLQ1Bl83;BZe9jjZ=R_q{V8u;|*xvhcWZvHa*Mn}f#(QI#NUF=ny z4Fio+_>G9h!6wu8;~_|R9(BJYL{$O6;<|EA7`u>Bk{t+l(gP@1U0*z-WhMp5Ruj2S zCW1u#Fz0EhO}lJx`N#!xg2ANh;pNu+h&uvlTehFqCwhZR9&{baTBgRj7{)jcK@il< zX#D{yW)jf0p!KEtJ8SBT6oKoKI_J>vTV=lCd`*TZU(Sg^AF3of zI5B>r6X%}+pIxc60c+lDBpE|o-IXlLlk|BA^m+K^CZ<#lggA9_U(YsJOC|?1{-|HM z72Xv*i$bS56nKkgzPu{MoF#pRHsdWtqfW$HP$~;1m}AP;a)c?fggWFuCTgmN?7POY)G+TwEsV9=--;8h=@}m&9Y?N_ zLP*7!Z0i{3uvgR_P$j2~V}s?CiDpW@3a8O{?7D9qLmJAAyX<{? z_{1((LL4)8|3rbPR^WF&zLVXAa?%98$}Df+A+_3T{|m9e<{=RKU`XNM7eowM(0*A- zV{5mL_d}@JFGGl@T3#Xv3EIMt;J0ehmy-c#;iyhTIh8 LRAsAxrXl|eq*#8o literal 0 HcmV?d00001