npm - @push.rocks/smartproxy - Versions diffs - 21.1.7 → 22.6.0 - Mend

@push.rocks/smartproxy 21.1.7 → 22.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/dist_ts/proxies/smart-proxy/smart-proxy.js CHANGED Viewed

@@ -1,747 +1,349 @@
 import * as plugins from '../../plugins.js';
 import { logger } from '../../core/utils/logger.js';
-import { connectionLogDeduplicator } from '../../core/utils/log-deduplicator.js';
-// Importing required components
-import { ConnectionManager } from './connection-manager.js';
-import { SecurityManager } from './security-manager.js';
-import { TlsManager } from './tls-manager.js';
-import { HttpProxyBridge } from './http-proxy-bridge.js';
-import { TimeoutManager } from './timeout-manager.js';
-import { PortManager } from './port-manager.js';
+// Rust bridge and helpers
+import { RustProxyBridge } from './rust-proxy-bridge.js';
+import { RustBinaryLocator } from './rust-binary-locator.js';
+import { RoutePreprocessor } from './route-preprocessor.js';
+import { SocketHandlerServer } from './socket-handler-server.js';
+import { RustMetricsAdapter } from './rust-metrics-adapter.js';
+// Route management
 import { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js';
-import { RouteConnectionHandler } from './route-connection-handler.js';
-import { NFTablesManager } from './nftables-manager.js';
-// Certificate manager
-import { SmartCertManager } from './certificate-manager.js';
-// Import mutex for route update synchronization
-import { Mutex } from './utils/mutex.js';
-// Import route validator
 import { RouteValidator } from './utils/route-validator.js';
-// Import route orchestrator for route management
-import { RouteOrchestrator } from './route-orchestrator.js';
-// Import ACME state manager
-import { AcmeStateManager } from './acme-state-manager.js';
-// Import metrics collector
-import { MetricsCollector } from './metrics-collector.js';
+import { Mutex } from './utils/mutex.js';
 /**
- * SmartProxy - Pure route-based API
+ * SmartProxy - Rust-backed proxy engine with TypeScript configuration API.
  *
- * SmartProxy is a unified proxy system that works with routes to define connection handling behavior.
- * Each route contains matching criteria (ports, domains, etc.) and an action to take (forward, redirect, block).
- *
- * Configuration is provided through a set of routes, with each route defining:
- * - What to match (ports, domains, paths, client IPs)
- * - What to do with matching traffic (forward, redirect, block)
- * - How to handle TLS (passthrough, terminate, terminate-and-reencrypt)
- * - Security settings (IP restrictions, connection limits)
- * - Advanced options (timeout, headers, etc.)
+ * All networking (TCP, TLS, HTTP reverse proxy, connection management, security,
+ * NFTables) is handled by the Rust binary. TypeScript is only:
+ * - The npm module interface (types, route helpers)
+ * - The thin IPC wrapper (this class)
+ * - Socket-handler callback relay (for JS-defined handlers)
+ * - Certificate provisioning callbacks (certProvisionFunction)
  */
 export class SmartProxy extends plugins.EventEmitter {
-    /**
-     * Constructor for SmartProxy
-     *
-     * @param settingsArg Configuration options containing routes and other settings
-     * Routes define how traffic is matched and handled, with each route having:
-     * - match: criteria for matching traffic (ports, domains, paths, IPs)
-     * - action: what to do with matched traffic (forward, redirect, block)
-     *
-     * Example:
-     * ```ts
-     * const proxy = new SmartProxy({
-     *   routes: [
-     *     {
-     *       match: {
-     *         ports: 443,
-     *         domains: ['example.com', '*.example.com']
-     *       },
-     *       action: {
-     *         type: 'forward',
-     *         target: { host: '10.0.0.1', port: 8443 },
-     *         tls: { mode: 'passthrough' }
-     *       }
-     *     }
-     *   ],
-     *   defaults: {
-     *     target: { host: 'localhost', port: 8080 },
-     *     security: { ipAllowList: ['*'] }
-     *   }
-     * });
-     * ```
-     */
     constructor(settingsArg) {
         super();
-        this.connectionLogger = null;
-        this.isShuttingDown = false;
-        // Certificate manager for ACME and static certificates
-        this.certManager = null;
-        // Global challenge route tracking
-        this.globalChallengeRouteActive = false;
-        // Track port usage across route updates
-        this.portUsageMap = new Map();
-        // Set reasonable defaults for all settings
+        this.socketHandlerServer = null;
+        this.stopping = false;
+        // Apply defaults
         this.settings = {
             ...settingsArg,
             initialDataTimeout: settingsArg.initialDataTimeout || 120000,
             socketTimeout: settingsArg.socketTimeout || 3600000,
-            inactivityCheckInterval: settingsArg.inactivityCheckInterval || 60000,
             maxConnectionLifetime: settingsArg.maxConnectionLifetime || 86400000,
             inactivityTimeout: settingsArg.inactivityTimeout || 14400000,
             gracefulShutdownTimeout: settingsArg.gracefulShutdownTimeout || 30000,
-            noDelay: settingsArg.noDelay !== undefined ? settingsArg.noDelay : true,
-            keepAlive: settingsArg.keepAlive !== undefined ? settingsArg.keepAlive : true,
-            keepAliveInitialDelay: settingsArg.keepAliveInitialDelay || 10000,
-            maxPendingDataSize: settingsArg.maxPendingDataSize || 10 * 1024 * 1024,
-            disableInactivityCheck: settingsArg.disableInactivityCheck || false,
-            enableKeepAliveProbes: settingsArg.enableKeepAliveProbes !== undefined ? settingsArg.enableKeepAliveProbes : true,
-            enableDetailedLogging: settingsArg.enableDetailedLogging || false,
-            enableTlsDebugLogging: settingsArg.enableTlsDebugLogging || false,
-            enableRandomizedTimeouts: settingsArg.enableRandomizedTimeouts || false,
-            allowSessionTicket: settingsArg.allowSessionTicket !== undefined ? settingsArg.allowSessionTicket : true,
             maxConnectionsPerIP: settingsArg.maxConnectionsPerIP || 100,
             connectionRateLimitPerMinute: settingsArg.connectionRateLimitPerMinute || 300,
             keepAliveTreatment: settingsArg.keepAliveTreatment || 'extended',
             keepAliveInactivityMultiplier: settingsArg.keepAliveInactivityMultiplier || 6,
             extendedKeepAliveLifetime: settingsArg.extendedKeepAliveLifetime || 7 * 24 * 60 * 60 * 1000,
-            httpProxyPort: settingsArg.httpProxyPort || 8443,
         };
-        // Normalize ACME options if provided (support both email and accountEmail)
+        // Normalize ACME options
         if (this.settings.acme) {
-            // Support both 'email' and 'accountEmail' fields
             if (this.settings.acme.accountEmail && !this.settings.acme.email) {
                 this.settings.acme.email = this.settings.acme.accountEmail;
             }
-            // Set reasonable defaults for commonly used fields
             this.settings.acme = {
-                enabled: this.settings.acme.enabled !== false, // Enable by default if acme object exists
+                enabled: this.settings.acme.enabled !== false,
                 port: this.settings.acme.port || 80,
                 email: this.settings.acme.email,
                 useProduction: this.settings.acme.useProduction || false,
                 renewThresholdDays: this.settings.acme.renewThresholdDays || 30,
-                autoRenew: this.settings.acme.autoRenew !== false, // Enable by default
+                autoRenew: this.settings.acme.autoRenew !== false,
                 certificateStore: this.settings.acme.certificateStore || './certs',
                 skipConfiguredCerts: this.settings.acme.skipConfiguredCerts || false,
                 renewCheckIntervalHours: this.settings.acme.renewCheckIntervalHours || 24,
                 routeForwards: this.settings.acme.routeForwards || [],
-                ...this.settings.acme // Preserve any additional fields
+                ...this.settings.acme,
             };
         }
-        // Initialize component managers
-        this.timeoutManager = new TimeoutManager(this);
-        this.securityManager = new SecurityManager(this);
-        this.connectionManager = new ConnectionManager(this);
-        // Create the route manager with SharedRouteManager API
-        // Create a logger adapter to match ILogger interface
-        const loggerAdapter = {
-            debug: (message, data) => logger.log('debug', message, data),
-            info: (message, data) => logger.log('info', message, data),
-            warn: (message, data) => logger.log('warn', message, data),
-            error: (message, data) => logger.log('error', message, data)
-        };
-        // Validate initial routes
-        if (this.settings.routes && this.settings.routes.length > 0) {
+        // Validate routes
+        if (this.settings.routes?.length) {
             const validation = RouteValidator.validateRoutes(this.settings.routes);
             if (!validation.valid) {
                 RouteValidator.logValidationErrors(validation.errors);
                 throw new Error(`Initial route validation failed: ${validation.errors.size} route(s) have errors`);
             }
         }
+        // Create logger adapter
+        const loggerAdapter = {
+            debug: (message, data) => logger.log('debug', message, data),
+            info: (message, data) => logger.log('info', message, data),
+            warn: (message, data) => logger.log('warn', message, data),
+            error: (message, data) => logger.log('error', message, data),
+        };
+        // Initialize components
         this.routeManager = new RouteManager({
             logger: loggerAdapter,
             enableDetailedLogging: this.settings.enableDetailedLogging,
-            routes: this.settings.routes
+            routes: this.settings.routes,
         });
-        // Create other required components
-        this.tlsManager = new TlsManager(this);
-        this.httpProxyBridge = new HttpProxyBridge(this);
-        // Initialize connection handler with route support
-        this.routeConnectionHandler = new RouteConnectionHandler(this);
-        // Initialize port manager
-        this.portManager = new PortManager(this);
-        // Initialize NFTablesManager
-        this.nftablesManager = new NFTablesManager(this);
-        // Initialize route update mutex for synchronization
+        this.bridge = new RustProxyBridge();
+        this.preprocessor = new RoutePreprocessor();
+        this.metricsAdapter = new RustMetricsAdapter(this.bridge, this.settings.metrics?.sampleIntervalMs ?? 1000);
         this.routeUpdateLock = new Mutex();
-        // Initialize ACME state manager
-        this.acmeStateManager = new AcmeStateManager();
-        // Initialize metrics collector with reference to this SmartProxy instance
-        this.metricsCollector = new MetricsCollector(this, {
-            sampleIntervalMs: this.settings.metrics?.sampleIntervalMs,
-            retentionSeconds: this.settings.metrics?.retentionSeconds
-        });
-        // Initialize route orchestrator for managing route updates
-        this.routeOrchestrator = new RouteOrchestrator(this.portManager, this.routeManager, this.httpProxyBridge, this.nftablesManager, null, // certManager will be set later
-        loggerAdapter);
-    }
-    /**
-     * Helper method to create and configure certificate manager
-     * This ensures consistent setup including the required ACME callback
-     */
-    async createCertificateManager(routes, certStore = './certs', acmeOptions, initialState) {
-        const certManager = new SmartCertManager(routes, certStore, acmeOptions, initialState);
-        // Always set up the route update callback for ACME challenges
-        certManager.setUpdateRoutesCallback(async (routes) => {
-            await this.updateRoutes(routes);
-        });
-        // Connect with HttpProxy if available
-        if (this.httpProxyBridge.getHttpProxy()) {
-            certManager.setHttpProxy(this.httpProxyBridge.getHttpProxy());
-        }
-        // Set the ACME state manager
-        certManager.setAcmeStateManager(this.acmeStateManager);
-        // Pass down the global ACME config if available
-        if (this.settings.acme) {
-            certManager.setGlobalAcmeDefaults(this.settings.acme);
-        }
-        // Pass down the custom certificate provision function if available
-        if (this.settings.certProvisionFunction) {
-            certManager.setCertProvisionFunction(this.settings.certProvisionFunction);
-        }
-        // Pass down the fallback to ACME setting
-        if (this.settings.certProvisionFallbackToAcme !== undefined) {
-            certManager.setCertProvisionFallbackToAcme(this.settings.certProvisionFallbackToAcme);
-        }
-        await certManager.initialize();
-        return certManager;
-    }
-    /**
-     * Initialize certificate manager
-     */
-    async initializeCertificateManager() {
-        // Extract global ACME options if any routes use auto certificates
-        const autoRoutes = this.settings.routes.filter(r => r.action.tls?.certificate === 'auto');
-        if (autoRoutes.length === 0 && !this.hasStaticCertRoutes()) {
-            logger.log('info', 'No routes require certificate management', { component: 'certificate-manager' });
-            return;
-        }
-        // Prepare ACME options with priority:
-        // 1. Use top-level ACME config if available
-        // 2. Fall back to first auto route's ACME config
-        // 3. Otherwise use undefined
-        let acmeOptions;
-        if (this.settings.acme?.email) {
-            // Use top-level ACME config
-            acmeOptions = {
-                email: this.settings.acme.email,
-                useProduction: this.settings.acme.useProduction || false,
-                port: this.settings.acme.port || 80
-            };
-            logger.log('info', `Using top-level ACME configuration with email: ${acmeOptions.email}`, { component: 'certificate-manager' });
-        }
-        else if (autoRoutes.length > 0) {
-            // Check for route-level ACME config
-            const routeWithAcme = autoRoutes.find(r => r.action.tls?.acme?.email);
-            if (routeWithAcme?.action.tls?.acme) {
-                const routeAcme = routeWithAcme.action.tls.acme;
-                acmeOptions = {
-                    email: routeAcme.email,
-                    useProduction: routeAcme.useProduction || false,
-                    port: routeAcme.challengePort || 80
-                };
-                logger.log('info', `Using route-level ACME configuration from route '${routeWithAcme.name}' with email: ${acmeOptions.email}`, { component: 'certificate-manager' });
-            }
-        }
-        // Validate we have required configuration
-        if (autoRoutes.length > 0 && !acmeOptions?.email) {
-            throw new Error('ACME email is required for automatic certificate provisioning. ' +
-                'Please provide email in either:\n' +
-                '1. Top-level "acme" configuration\n' +
-                '2. Individual route\'s "tls.acme" configuration');
-        }
-        // Use the helper method to create and configure the certificate manager
-        this.certManager = await this.createCertificateManager(this.settings.routes, this.settings.acme?.certificateStore || './certs', acmeOptions);
-    }
-    /**
-     * Check if we have routes with static certificates
-     */
-    hasStaticCertRoutes() {
-        return this.settings.routes.some(r => r.action.tls?.certificate &&
-            r.action.tls.certificate !== 'auto');
     }
     /**
-     * Start the proxy server with support for both configuration types
+     * Start the proxy.
+     * Spawns the Rust binary, configures socket relay if needed, sends routes, handles cert provisioning.
      */
     async start() {
-        // Don't start if already shutting down
-        if (this.isShuttingDown) {
-            logger.log('warn', "Cannot start SmartProxy while it's in the shutdown process");
-            return;
-        }
-        // Validate the route configuration
-        const configWarnings = this.routeManager.validateConfiguration();
-        // Also validate ACME configuration
-        const acmeWarnings = this.validateAcmeConfiguration();
-        const allWarnings = [...configWarnings, ...acmeWarnings];
-        if (allWarnings.length > 0) {
-            logger.log('warn', `${allWarnings.length} configuration warnings found`, { count: allWarnings.length });
-            for (const warning of allWarnings) {
-                logger.log('warn', `${warning}`);
-            }
-        }
-        // Get listening ports from RouteManager
-        const listeningPorts = this.routeManager.getListeningPorts();
-        // Initialize port usage tracking using RouteOrchestrator
-        this.portUsageMap = this.routeOrchestrator.updatePortUsageMap(this.settings.routes);
-        // Log port usage for startup
-        logger.log('info', `SmartProxy starting with ${listeningPorts.length} ports: ${listeningPorts.join(', ')}`, {
-            portCount: listeningPorts.length,
-            ports: listeningPorts,
-            component: 'smart-proxy'
-        });
-        // Provision NFTables rules for routes that use NFTables
-        for (const route of this.settings.routes) {
-            if (route.action.forwardingEngine === 'nftables') {
-                await this.nftablesManager.provisionRoute(route);
-            }
-        }
-        // Initialize and start HttpProxy if needed - before port binding
-        if (this.settings.useHttpProxy && this.settings.useHttpProxy.length > 0) {
-            await this.httpProxyBridge.initialize();
-            await this.httpProxyBridge.start();
-        }
-        // Start port listeners using the PortManager BEFORE initializing certificate manager
-        // This ensures all required ports are bound and ready when adding ACME challenge routes
-        await this.portManager.addPorts(listeningPorts);
-        // Initialize certificate manager AFTER port binding is complete
-        // This ensures the ACME challenge port is already bound and ready when needed
-        await this.initializeCertificateManager();
-        // Connect certificate manager with HttpProxy if both are available
-        if (this.certManager && this.httpProxyBridge.getHttpProxy()) {
-            this.certManager.setHttpProxy(this.httpProxyBridge.getHttpProxy());
-        }
-        // Now that ports are listening, provision any required certificates
-        if (this.certManager) {
-            logger.log('info', 'Starting certificate provisioning now that ports are ready', { component: 'certificate-manager' });
-            await this.certManager.provisionAllCertificates();
-        }
-        // Start the metrics collector now that all components are initialized
-        this.metricsCollector.start();
-        // Set up periodic connection logging and inactivity checks
-        this.connectionLogger = setInterval(() => {
-            // Immediately return if shutting down
-            if (this.isShuttingDown)
+        // Spawn Rust binary
+        const spawned = await this.bridge.spawn();
+        if (!spawned) {
+            throw new Error('RustProxy binary not found. Set SMARTPROXY_RUST_BINARY env var, install the platform package, ' +
+                'or build locally with: cd rust && cargo build --release');
+        }
+        // Handle unexpected exit (only emits error if not intentionally stopping)
+        this.bridge.on('exit', (code, signal) => {
+            if (this.stopping)
                 return;
-            // Perform inactivity check
-            this.connectionManager.performInactivityCheck();
-            // Log connection statistics
-            const now = Date.now();
-            let maxIncoming = 0;
-            let maxOutgoing = 0;
-            let tlsConnections = 0;
-            let nonTlsConnections = 0;
-            let completedTlsHandshakes = 0;
-            let pendingTlsHandshakes = 0;
-            let keepAliveConnections = 0;
-            let httpProxyConnections = 0;
-            // Get connection records for analysis
-            const connectionRecords = this.connectionManager.getConnections();
-            // Analyze active connections
-            for (const record of connectionRecords.values()) {
-                // Track connection stats
-                if (record.isTLS) {
-                    tlsConnections++;
-                    if (record.tlsHandshakeComplete) {
-                        completedTlsHandshakes++;
-                    }
-                    else {
-                        pendingTlsHandshakes++;
-                    }
-                }
-                else {
-                    nonTlsConnections++;
-                }
-                if (record.hasKeepAlive) {
-                    keepAliveConnections++;
-                }
-                if (record.usingNetworkProxy) {
-                    httpProxyConnections++;
-                }
-                maxIncoming = Math.max(maxIncoming, now - record.incomingStartTime);
-                if (record.outgoingStartTime) {
-                    maxOutgoing = Math.max(maxOutgoing, now - record.outgoingStartTime);
-                }
-            }
-            // Get termination stats
-            const terminationStats = this.connectionManager.getTerminationStats();
-            // Log detailed stats
-            logger.log('info', 'Connection statistics', {
-                activeConnections: connectionRecords.size,
-                tls: {
-                    total: tlsConnections,
-                    completed: completedTlsHandshakes,
-                    pending: pendingTlsHandshakes
-                },
-                nonTls: nonTlsConnections,
-                keepAlive: keepAliveConnections,
-                httpProxy: httpProxyConnections,
-                longestRunning: {
-                    incoming: plugins.prettyMs(maxIncoming),
-                    outgoing: plugins.prettyMs(maxOutgoing)
-                },
-                terminationStats: {
-                    incoming: terminationStats.incoming,
-                    outgoing: terminationStats.outgoing
-                },
-                component: 'connection-manager'
-            });
-        }, this.settings.inactivityCheckInterval || 60000);
-        // Make sure the interval doesn't keep the process alive
-        if (this.connectionLogger.unref) {
-            this.connectionLogger.unref();
-        }
+            logger.log('error', `RustProxy exited unexpectedly (code=${code}, signal=${signal})`, { component: 'smart-proxy' });
+            this.emit('error', new Error(`RustProxy exited (code=${code}, signal=${signal})`));
+        });
+        // Check if any routes need TS-side handling (socket handlers, dynamic functions)
+        const hasHandlerRoutes = this.settings.routes.some((r) => (r.action.type === 'socket-handler' && r.action.socketHandler) ||
+            r.action.targets?.some((t) => typeof t.host === 'function' || typeof t.port === 'function'));
+        // Start socket handler relay server (but don't tell Rust yet - proxy not started)
+        if (hasHandlerRoutes) {
+            this.socketHandlerServer = new SocketHandlerServer(this.preprocessor);
+            await this.socketHandlerServer.start();
+        }
+        // Preprocess routes (strip JS functions, convert socket-handler routes)
+        const rustRoutes = this.preprocessor.preprocessForRust(this.settings.routes);
+        // Build Rust config
+        const config = this.buildRustConfig(rustRoutes);
+        // Start the Rust proxy
+        await this.bridge.startProxy(config);
+        // Now that Rust proxy is running, configure socket handler relay
+        if (this.socketHandlerServer) {
+            await this.bridge.setSocketHandlerRelay(this.socketHandlerServer.getSocketPath());
+        }
+        // Handle certProvisionFunction
+        await this.provisionCertificatesViaCallback();
+        // Start metrics polling
+        this.metricsAdapter.startPolling();
+        logger.log('info', 'SmartProxy started (Rust engine)', { component: 'smart-proxy' });
     }
     /**
-     * Extract domain configurations from routes for certificate provisioning
-     *
-     * Note: This method has been removed as we now work directly with routes
-     */
-    /**
-     * Stop the proxy server
+     * Stop the proxy.
      */
     async stop() {
-        logger.log('info', 'SmartProxy shutting down...');
-        this.isShuttingDown = true;
-        this.portManager.setShuttingDown(true);
-        // Stop certificate manager
-        if (this.certManager) {
-            await this.certManager.stop();
-            logger.log('info', 'Certificate manager stopped');
-        }
-        // Stop NFTablesManager
-        await this.nftablesManager.stop();
-        logger.log('info', 'NFTablesManager stopped');
-        // Stop the connection logger
-        if (this.connectionLogger) {
-            clearInterval(this.connectionLogger);
-            this.connectionLogger = null;
-        }
-        // Stop all port listeners
-        await this.portManager.closeAll();
-        logger.log('info', 'All servers closed. Cleaning up active connections...');
-        // Clean up all active connections
-        await this.connectionManager.clearConnections();
-        // Stop HttpProxy
-        await this.httpProxyBridge.stop();
-        // Clear ACME state manager
-        this.acmeStateManager.clear();
-        // Stop metrics collector
-        this.metricsCollector.stop();
-        // Clean up ProtocolDetector singleton
-        const detection = await import('../../detection/index.js');
-        detection.ProtocolDetector.destroy();
-        // Flush any pending deduplicated logs
-        connectionLogDeduplicator.flushAll();
-        logger.log('info', 'SmartProxy shutdown complete.');
-    }
-    /**
-     * Updates the domain configurations for the proxy
-     *
-     * Note: This legacy method has been removed. Use updateRoutes instead.
-     */
-    async updateDomainConfigs() {
-        logger.log('warn', 'Method updateDomainConfigs() is deprecated. Use updateRoutes() instead.');
-        throw new Error('updateDomainConfigs() is deprecated - use updateRoutes() instead');
-    }
-    /**
-     * Verify the challenge route has been properly removed from routes
-     */
-    async verifyChallengeRouteRemoved() {
-        const maxRetries = 10;
-        const retryDelay = 100; // milliseconds
-        for (let i = 0; i < maxRetries; i++) {
-            // Check if the challenge route is still in the active routes
-            const challengeRouteExists = this.settings.routes.some(r => r.name === 'acme-challenge');
-            if (!challengeRouteExists) {
-                try {
-                    logger.log('info', 'Challenge route successfully removed from routes');
-                }
-                catch (error) {
-                    // Silently handle logging errors
-                    console.log('[INFO] Challenge route successfully removed from routes');
-                }
-                return;
-            }
-            // Wait before retrying
-            await plugins.smartdelay.delayFor(retryDelay);
-        }
-        const error = `Failed to verify challenge route removal after ${maxRetries} attempts`;
+        logger.log('info', 'SmartProxy shutting down...', { component: 'smart-proxy' });
+        this.stopping = true;
+        // Stop metrics polling
+        this.metricsAdapter.stopPolling();
+        // Remove exit listener before killing to avoid spurious error events
+        this.bridge.removeAllListeners('exit');
+        // Stop Rust proxy
         try {
-            logger.log('error', error);
+            await this.bridge.stopProxy();
+        }
+        catch {
+            // Ignore if already stopped
         }
-        catch (logError) {
-            // Silently handle logging errors
-            console.log(`[ERROR] ${error}`);
+        this.bridge.kill();
+        // Stop socket handler relay
+        if (this.socketHandlerServer) {
+            await this.socketHandlerServer.stop();
+            this.socketHandlerServer = null;
         }
-        throw new Error(error);
+        logger.log('info', 'SmartProxy shutdown complete.', { component: 'smart-proxy' });
     }
     /**
-     * Update routes with new configuration
-     *
-     * This method replaces the current route configuration with the provided routes.
-     * It also provisions certificates for routes that require TLS termination and have
-     * `certificate: 'auto'` set in their TLS configuration.
-     *
-     * @param newRoutes Array of route configurations to use
-     *
-     * Example:
-     * ```ts
-     * proxy.updateRoutes([
-     *   {
-     *     match: { ports: 443, domains: 'secure.example.com' },
-     *     action: {
-     *       type: 'forward',
-     *       target: { host: '10.0.0.1', port: 8443 },
-     *       tls: { mode: 'terminate', certificate: 'auto' }
-     *     }
-     *   }
-     * ]);
-     * ```
+     * Update routes atomically.
      */
     async updateRoutes(newRoutes) {
         return this.routeUpdateLock.runExclusive(async () => {
-            try {
-                logger.log('info', `Updating routes (${newRoutes.length} routes)`, {
-                    routeCount: newRoutes.length,
-                    component: 'smart-proxy'
-                });
+            // Validate
+            const validation = RouteValidator.validateRoutes(newRoutes);
+            if (!validation.valid) {
+                RouteValidator.logValidationErrors(validation.errors);
+                throw new Error(`Route validation failed: ${validation.errors.size} route(s) have errors`);
             }
-            catch (error) {
-                // Silently handle logging errors
-                console.log(`[INFO] Updating routes (${newRoutes.length} routes)`);
+            // Preprocess for Rust
+            const rustRoutes = this.preprocessor.preprocessForRust(newRoutes);
+            // Send to Rust
+            await this.bridge.updateRoutes(rustRoutes);
+            // Update local route manager
+            this.routeManager.updateRoutes(newRoutes);
+            // Update socket handler relay if handler routes changed
+            const hasHandlerRoutes = newRoutes.some((r) => (r.action.type === 'socket-handler' && r.action.socketHandler) ||
+                r.action.targets?.some((t) => typeof t.host === 'function' || typeof t.port === 'function'));
+            if (hasHandlerRoutes && !this.socketHandlerServer) {
+                this.socketHandlerServer = new SocketHandlerServer(this.preprocessor);
+                await this.socketHandlerServer.start();
+                await this.bridge.setSocketHandlerRelay(this.socketHandlerServer.getSocketPath());
             }
-            // Update route orchestrator dependencies if cert manager changed
-            if (this.certManager && !this.routeOrchestrator.getCertManager()) {
-                this.routeOrchestrator.setCertManager(this.certManager);
+            else if (!hasHandlerRoutes && this.socketHandlerServer) {
+                await this.socketHandlerServer.stop();
+                this.socketHandlerServer = null;
             }
-            // Delegate the complex route update logic to RouteOrchestrator
-            const updateResult = await this.routeOrchestrator.updateRoutes(this.settings.routes, newRoutes, {
-                acmePort: this.settings.acme?.port || 80,
-                acmeOptions: this.certManager?.getAcmeOptions(),
-                acmeState: this.certManager?.getState(),
-                globalChallengeRouteActive: this.globalChallengeRouteActive,
-                createCertificateManager: this.createCertificateManager.bind(this),
-                verifyChallengeRouteRemoved: this.verifyChallengeRouteRemoved.bind(this)
-            });
-            // Update settings with the new routes
+            // Update stored routes
             this.settings.routes = newRoutes;
-            // Update global state from orchestrator results
-            this.globalChallengeRouteActive = updateResult.newChallengeRouteActive;
-            // Update port usage map from orchestrator
-            this.portUsageMap = updateResult.portUsageMap;
-            // If certificate manager was recreated, update our reference
-            if (updateResult.newCertManager) {
-                this.certManager = updateResult.newCertManager;
-                // Update the orchestrator's reference too
-                this.routeOrchestrator.setCertManager(this.certManager);
-            }
+            // Handle cert provisioning for new routes
+            await this.provisionCertificatesViaCallback();
+            logger.log('info', `Routes updated (${newRoutes.length} routes)`, { component: 'smart-proxy' });
         });
     }
     /**
-     * Manually provision a certificate for a route
+     * Provision a certificate for a named route.
      */
     async provisionCertificate(routeName) {
-        if (!this.certManager) {
-            throw new Error('Certificate manager not initialized');
-        }
-        const route = this.settings.routes.find(r => r.name === routeName);
-        if (!route) {
-            throw new Error(`Route ${routeName} not found`);
-        }
-        await this.certManager.provisionCertificate(route);
+        await this.bridge.provisionCertificate(routeName);
     }
-    // Port usage tracking methods moved to RouteOrchestrator
     /**
-     * Force renewal of a certificate
+     * Force renewal of a certificate.
      */
     async renewCertificate(routeName) {
-        if (!this.certManager) {
-            throw new Error('Certificate manager not initialized');
-        }
-        await this.certManager.renewCertificate(routeName);
+        await this.bridge.renewCertificate(routeName);
     }
     /**
-     * Get certificate status for a route
+     * Get certificate status for a route (async - calls Rust).
      */
-    getCertificateStatus(routeName) {
-        if (!this.certManager) {
-            return undefined;
-        }
-        return this.certManager.getCertificateStatus(routeName);
+    async getCertificateStatus(routeName) {
+        return this.bridge.getCertificateStatus(routeName);
     }
     /**
-     * Get proxy metrics with clean API
-     *
-     * @returns IMetrics interface with grouped metrics methods
+     * Get the metrics interface.
      */
     getMetrics() {
-        return this.metricsCollector;
+        return this.metricsAdapter;
     }
     /**
-     * Validates if a domain name is valid for certificate issuance
+     * Get statistics (async - calls Rust).
      */
-    isValidDomain(domain) {
-        // Very basic domain validation
-        if (!domain || domain.length === 0) {
-            return false;
-        }
-        // Check for wildcard domains (they can't get ACME certs)
-        if (domain.includes('*')) {
-            logger.log('warn', `Wildcard domains like "${domain}" are not supported for automatic ACME certificates`, { domain, component: 'certificate-manager' });
-            return false;
-        }
-        // Check if domain has at least one dot and no invalid characters
-        const validDomainRegex = /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
-        if (!validDomainRegex.test(domain)) {
-            logger.log('warn', `Domain "${domain}" has invalid format for certificate issuance`, { domain, component: 'certificate-manager' });
-            return false;
-        }
-        return true;
+    async getStatistics() {
+        return this.bridge.getStatistics();
     }
     /**
-     * Add a new listening port without changing the route configuration
-     *
-     * This allows you to add a port listener without updating routes.
-     * Useful for preparing to listen on a port before adding routes for it.
-     *
-     * @param port The port to start listening on
-     * @returns Promise that resolves when the port is listening
+     * Add a listening port at runtime.
      */
     async addListeningPort(port) {
-        return this.portManager.addPort(port);
+        await this.bridge.addListeningPort(port);
     }
     /**
-     * Stop listening on a specific port without changing the route configuration
-     *
-     * This allows you to stop a port listener without updating routes.
-     * Useful for temporary maintenance or port changes.
-     *
-     * @param port The port to stop listening on
-     * @returns Promise that resolves when the port is closed
+     * Remove a listening port at runtime.
      */
     async removeListeningPort(port) {
-        return this.portManager.removePort(port);
+        await this.bridge.removeListeningPort(port);
     }
     /**
-     * Get a list of all ports currently being listened on
-     *
-     * @returns Array of port numbers
+     * Get all currently listening ports (async - calls Rust).
      */
-    getListeningPorts() {
-        return this.portManager.getListeningPorts();
+    async getListeningPorts() {
+        if (!this.bridge.running)
+            return [];
+        return this.bridge.getListeningPorts();
     }
     /**
-     * Get statistics about current connections
-     */
-    getStatistics() {
-        const connectionRecords = this.connectionManager.getConnections();
-        const terminationStats = this.connectionManager.getTerminationStats();
-        let tlsConnections = 0;
-        let nonTlsConnections = 0;
-        let keepAliveConnections = 0;
-        let httpProxyConnections = 0;
-        // Analyze active connections
-        for (const record of connectionRecords.values()) {
-            if (record.isTLS)
-                tlsConnections++;
-            else
-                nonTlsConnections++;
-            if (record.hasKeepAlive)
-                keepAliveConnections++;
-            if (record.usingNetworkProxy)
-                httpProxyConnections++;
-        }
-        return {
-            activeConnections: connectionRecords.size,
-            tlsConnections,
-            nonTlsConnections,
-            keepAliveConnections,
-            httpProxyConnections,
-            terminationStats,
-            acmeEnabled: !!this.certManager,
-            port80HandlerPort: this.certManager ? 80 : null,
-            routeCount: this.settings.routes.length,
-            activePorts: this.portManager.getListeningPorts().length,
-            listeningPorts: this.portManager.getListeningPorts()
-        };
-    }
-    /**
-     * Get a list of eligible domains for ACME certificates
+     * Get eligible domains for ACME certificates (sync - reads local routes).
      */
     getEligibleDomainsForCertificates() {
         const domains = [];
-        // Get domains from routes
-        const routes = this.settings.routes || [];
-        for (const route of routes) {
+        for (const route of this.settings.routes || []) {
             if (!route.match.domains)
                 continue;
-            // Skip routes without TLS termination or auto certificates
             if (route.action.type !== 'forward' ||
                 !route.action.tls ||
                 route.action.tls.mode === 'passthrough' ||
                 route.action.tls.certificate !== 'auto')
                 continue;
-            const routeDomains = Array.isArray(route.match.domains)
-                ? route.match.domains
-                : [route.match.domains];
-            // Skip domains that can't be used with ACME
-            const eligibleDomains = routeDomains.filter(domain => !domain.includes('*') && this.isValidDomain(domain));
-            domains.push(...eligibleDomains);
+            const routeDomains = Array.isArray(route.match.domains) ? route.match.domains : [route.match.domains];
+            const eligible = routeDomains.filter((d) => !d.includes('*') && this.isValidDomain(d));
+            domains.push(...eligible);
         }
-        // Legacy mode is no longer supported
         return domains;
     }
     /**
-     * Get NFTables status
+     * Get NFTables status (async - calls Rust).
      */
     async getNfTablesStatus() {
-        return this.nftablesManager.getStatus();
+        return this.bridge.getNftablesStatus();
     }
+    // --- Private helpers ---
     /**
-     * Validate ACME configuration
+     * Build the Rust configuration object from TS settings.
      */
-    validateAcmeConfiguration() {
-        const warnings = [];
-        // Check for routes with certificate: 'auto'
-        const autoRoutes = this.settings.routes.filter(r => r.action.tls?.certificate === 'auto');
-        if (autoRoutes.length === 0) {
-            return warnings;
-        }
-        // Check if we have ACME email configuration
-        const hasTopLevelEmail = this.settings.acme?.email;
-        const routesWithEmail = autoRoutes.filter(r => r.action.tls?.acme?.email);
-        if (!hasTopLevelEmail && routesWithEmail.length === 0) {
-            warnings.push('Routes with certificate: "auto" require ACME email configuration. ' +
-                'Add email to either top-level "acme" config or individual route\'s "tls.acme" config.');
-        }
-        // Check for port 80 availability for challenges
-        if (autoRoutes.length > 0) {
-            const challengePort = this.settings.acme?.port || 80;
-            const portsInUse = this.routeManager.getListeningPorts();
-            if (!portsInUse.includes(challengePort)) {
-                warnings.push(`Port ${challengePort} is not configured for any routes but is needed for ACME challenges. ` +
-                    `Add a route listening on port ${challengePort} or ensure it's accessible for HTTP-01 challenges.`);
-            }
-        }
-        // Check for mismatched environments
-        if (this.settings.acme?.useProduction) {
-            const stagingRoutes = autoRoutes.filter(r => r.action.tls?.acme?.useProduction === false);
-            if (stagingRoutes.length > 0) {
-                warnings.push('Top-level ACME uses production but some routes use staging. ' +
-                    'Consider aligning environments to avoid certificate issues.');
-            }
-        }
-        // Check for wildcard domains with auto certificates
-        for (const route of autoRoutes) {
-            const domains = Array.isArray(route.match.domains)
-                ? route.match.domains
-                : [route.match.domains];
-            const wildcardDomains = domains.filter(d => d?.includes('*'));
-            if (wildcardDomains.length > 0) {
-                warnings.push(`Route "${route.name}" has wildcard domain(s) ${wildcardDomains.join(', ')} ` +
-                    'with certificate: "auto". Wildcard certificates require DNS-01 challenges, ' +
-                    'which are not currently supported. Use static certificates instead.');
+    buildRustConfig(routes) {
+        return {
+            routes,
+            defaults: this.settings.defaults,
+            acme: this.settings.acme
+                ? {
+                    enabled: this.settings.acme.enabled,
+                    email: this.settings.acme.email,
+                    useProduction: this.settings.acme.useProduction,
+                    port: this.settings.acme.port,
+                    renewThresholdDays: this.settings.acme.renewThresholdDays,
+                    autoRenew: this.settings.acme.autoRenew,
+                    certificateStore: this.settings.acme.certificateStore,
+                    renewCheckIntervalHours: this.settings.acme.renewCheckIntervalHours,
+                }
+                : undefined,
+            connectionTimeout: this.settings.connectionTimeout,
+            initialDataTimeout: this.settings.initialDataTimeout,
+            socketTimeout: this.settings.socketTimeout,
+            maxConnectionLifetime: this.settings.maxConnectionLifetime,
+            gracefulShutdownTimeout: this.settings.gracefulShutdownTimeout,
+            maxConnectionsPerIp: this.settings.maxConnectionsPerIP,
+            connectionRateLimitPerMinute: this.settings.connectionRateLimitPerMinute,
+            keepAliveTreatment: this.settings.keepAliveTreatment,
+            keepAliveInactivityMultiplier: this.settings.keepAliveInactivityMultiplier,
+            extendedKeepAliveLifetime: this.settings.extendedKeepAliveLifetime,
+            acceptProxyProtocol: this.settings.acceptProxyProtocol,
+            sendProxyProtocol: this.settings.sendProxyProtocol,
+        };
+    }
+    /**
+     * For routes with certificate: 'auto', call certProvisionFunction if set.
+     * If the callback returns a cert object, load it into Rust.
+     * If it returns 'http01', let Rust handle ACME.
+     */
+    async provisionCertificatesViaCallback() {
+        const provisionFn = this.settings.certProvisionFunction;
+        if (!provisionFn)
+            return;
+        for (const route of this.settings.routes) {
+            if (route.action.tls?.certificate !== 'auto')
+                continue;
+            if (!route.match.domains)
+                continue;
+            const domains = Array.isArray(route.match.domains) ? route.match.domains : [route.match.domains];
+            for (const domain of domains) {
+                if (domain.includes('*'))
+                    continue;
+                try {
+                    const result = await provisionFn(domain);
+                    if (result === 'http01') {
+                        // Rust handles ACME for this domain
+                        continue;
+                    }
+                    // Got a static cert object - load it into Rust
+                    if (result && typeof result === 'object') {
+                        const certObj = result;
+                        await this.bridge.loadCertificate(domain, certObj.publicKey, certObj.privateKey);
+                        logger.log('info', `Certificate loaded via provision function for ${domain}`, { component: 'smart-proxy' });
+                    }
+                }
+                catch (err) {
+                    logger.log('warn', `certProvisionFunction failed for ${domain}: ${err.message}`, { component: 'smart-proxy' });
+                    // Fallback to ACME if enabled
+                    if (this.settings.certProvisionFallbackToAcme !== false) {
+                        logger.log('info', `Falling back to ACME for ${domain}`, { component: 'smart-proxy' });
+                    }
+                }
             }
         }
-        return warnings;
+    }
+    isValidDomain(domain) {
+        if (!domain || domain.length === 0)
+            return false;
+        if (domain.includes('*'))
+            return false;
+        const validDomainRegex = /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
+        return validDomainRegex.test(domain);
     }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnQtcHJveHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9wcm94aWVzL3NtYXJ0LXByb3h5L3NtYXJ0LXByb3h5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFDNUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQ3BELE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxNQUFNLHNDQUFzQyxDQUFDO0FBRWpGLGdDQUFnQztBQUNoQyxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUM1RCxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDeEQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBQzlDLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUN6RCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDdEQsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ2hELE9BQU8sRUFBRSxrQkFBa0IsSUFBSSxZQUFZLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQztBQUN6RixPQUFPLEVBQUUsc0JBQXNCLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUN2RSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFFeEQsc0JBQXNCO0FBQ3RCLE9BQU8sRUFBRSxnQkFBZ0IsRUFBb0IsTUFBTSwwQkFBMEIsQ0FBQztBQVE5RSxnREFBZ0Q7QUFDaEQsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBRXpDLHlCQUF5QjtBQUN6QixPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFFNUQsaURBQWlEO0FBQ2pELE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBRTVELDRCQUE0QjtBQUM1QixPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUUzRCwyQkFBMkI7QUFDM0IsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFHMUQ7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsTUFBTSxPQUFPLFVBQVcsU0FBUSxPQUFPLENBQUMsWUFBWTtJQWlDbEQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQThCRztJQUNILFlBQVksV0FBK0I7UUFDekMsS0FBSyxFQUFFLENBQUM7UUE5REYscUJBQWdCLEdBQTBCLElBQUksQ0FBQztRQUMvQyxtQkFBYyxHQUFZLEtBQUssQ0FBQztRQVl4Qyx1REFBdUQ7UUFDaEQsZ0JBQVcsR0FBNEIsSUFBSSxDQUFDO1FBRW5ELGtDQUFrQztRQUMxQiwrQkFBMEIsR0FBWSxLQUFLLENBQUM7UUFVcEQsd0NBQXdDO1FBQ2hDLGlCQUFZLEdBQTZCLElBQUksR0FBRyxFQUFFLENBQUM7UUFvQ3pELDJDQUEyQztRQUMzQyxJQUFJLENBQUMsUUFBUSxHQUFHO1lBQ2QsR0FBRyxXQUFXO1lBQ2Qsa0JBQWtCLEVBQUUsV0FBVyxDQUFDLGtCQUFrQixJQUFJLE1BQU07WUFDNUQsYUFBYSxFQUFFLFdBQVcsQ0FBQyxhQUFhLElBQUksT0FBTztZQUNuRCx1QkFBdUIsRUFBRSxXQUFXLENBQUMsdUJBQXVCLElBQUksS0FBSztZQUNyRSxxQkFBcUIsRUFBRSxXQUFXLENBQUMscUJBQXFCLElBQUksUUFBUTtZQUNwRSxpQkFBaUIsRUFBRSxXQUFXLENBQUMsaUJBQWlCLElBQUksUUFBUTtZQUM1RCx1QkFBdUIsRUFBRSxXQUFXLENBQUMsdUJBQXVCLElBQUksS0FBSztZQUNyRSxPQUFPLEVBQUUsV0FBVyxDQUFDLE9BQU8sS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLElBQUk7WUFDdkUsU0FBUyxFQUFFLFdBQVcsQ0FBQyxTQUFTLEtBQUssU0FBUyxDQUFDLENBQUMsQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxJQUFJO1lBQzdFLHFCQUFxQixFQUFFLFdBQVcsQ0FBQyxxQkFBcUIsSUFBSSxLQUFLO1lBQ2pFLGtCQUFrQixFQUFFLFdBQVcsQ0FBQyxrQkFBa0IsSUFBSSxFQUFFLEdBQUcsSUFBSSxHQUFHLElBQUk7WUFDdEUsc0JBQXNCLEVBQUUsV0FBVyxDQUFDLHNCQUFzQixJQUFJLEtBQUs7WUFDbkUscUJBQXFCLEVBQ25CLFdBQVcsQ0FBQyxxQkFBcUIsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUMsSUFBSTtZQUM1RixxQkFBcUIsRUFBRSxXQUFXLENBQUMscUJBQXFCLElBQUksS0FBSztZQUNqRSxxQkFBcUIsRUFBRSxXQUFXLENBQUMscUJBQXFCLElBQUksS0FBSztZQUNqRSx3QkFBd0IsRUFBRSxXQUFXLENBQUMsd0JBQXdCLElBQUksS0FBSztZQUN2RSxrQkFBa0IsRUFDaEIsV0FBVyxDQUFDLGtCQUFrQixLQUFLLFNBQVMsQ0FBQyxDQUFDLENBQUMsV0FBVyxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxJQUFJO1lBQ3RGLG1CQUFtQixFQUFFLFdBQVcsQ0FBQyxtQkFBbUIsSUFBSSxHQUFHO1lBQzNELDRCQUE0QixFQUFFLFdBQVcsQ0FBQyw0QkFBNEIsSUFBSSxHQUFHO1lBQzdFLGtCQUFrQixFQUFFLFdBQVcsQ0FBQyxrQkFBa0IsSUFBSSxVQUFVO1lBQ2hFLDZCQUE2QixFQUFFLFdBQVcsQ0FBQyw2QkFBNkIsSUFBSSxDQUFDO1lBQzdFLHlCQUF5QixFQUFFLFdBQVcsQ0FBQyx5QkFBeUIsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsSUFBSTtZQUMzRixhQUFhLEVBQUUsV0FBVyxDQUFDLGFBQWEsSUFBSSxJQUFJO1NBQ2pELENBQUM7UUFFRiwyRUFBMkU7UUFDM0UsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3ZCLGlEQUFpRDtZQUNqRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFlBQVksSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNqRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDO1lBQzdELENBQUM7WUFFRCxtREFBbUQ7WUFDbkQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEdBQUc7Z0JBQ25CLE9BQU8sRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxPQUFPLEtBQUssS0FBSyxFQUFFLDBDQUEwQztnQkFDekYsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksSUFBSSxFQUFFO2dCQUNuQyxLQUFLLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsS0FBSztnQkFDL0IsYUFBYSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLGFBQWEsSUFBSSxLQUFLO2dCQUN4RCxrQkFBa0IsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsSUFBSSxFQUFFO2dCQUMvRCxTQUFTLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsU0FBUyxLQUFLLEtBQUssRUFBRSxvQkFBb0I7Z0JBQ3ZFLGdCQUFnQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLGdCQUFnQixJQUFJLFNBQVM7Z0JBQ2xFLG1CQUFtQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLEtBQUs7Z0JBQ3BFLHVCQUF1QixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLHVCQUF1QixJQUFJLEVBQUU7Z0JBQ3pFLGFBQWEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxhQUFhLElBQUksRUFBRTtnQkFDckQsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxpQ0FBaUM7YUFDeEQsQ0FBQztRQUNKLENBQUM7UUFFRCxnQ0FBZ0M7UUFDaEMsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLGNBQWMsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMvQyxJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksZUFBZSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ2pELElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLGlCQUFpQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBRXJELHVEQUF1RDtRQUN2RCxxREFBcUQ7UUFDckQsTUFBTSxhQUFhLEdBQUc7WUFDcEIsS0FBSyxFQUFFLENBQUMsT0FBZSxFQUFFLElBQVUsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksQ0FBQztZQUMxRSxJQUFJLEVBQUUsQ0FBQyxPQUFlLEVBQUUsSUFBVSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxPQUFPLEVBQUUsSUFBSSxDQUFDO1lBQ3hFLElBQUksRUFBRSxDQUFDLE9BQWUsRUFBRSxJQUFVLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUM7WUFDeEUsS0FBSyxFQUFFLENBQUMsT0FBZSxFQUFFLElBQVUsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksQ0FBQztTQUMzRSxDQUFDO1FBRUYsMEJBQTBCO1FBQzFCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzVELE1BQU0sVUFBVSxHQUFHLGNBQWMsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUN2RSxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUN0QixjQUFjLENBQUMsbUJBQW1CLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUN0RCxNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxVQUFVLENBQUMsTUFBTSxDQUFDLElBQUksdUJBQXVCLENBQUMsQ0FBQztZQUNyRyxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxZQUFZLENBQUM7WUFDbkMsTUFBTSxFQUFFLGFBQWE7WUFDckIscUJBQXFCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUI7WUFDMUQsTUFBTSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTTtTQUM3QixDQUFDLENBQUM7UUFHSCxtQ0FBbUM7UUFDbkMsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN2QyxJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksZUFBZSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRWpELG1EQUFtRDtRQUNuRCxJQUFJLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxzQkFBc0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUUvRCwwQkFBMEI7UUFDMUIsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLFdBQVcsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUV6Qyw2QkFBNkI7UUFDN0IsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVqRCxvREFBb0Q7UUFDcEQsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBRW5DLGdDQUFnQztRQUNoQyxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1FBRS9DLDBFQUEwRTtRQUMxRSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUU7WUFDakQsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsZ0JBQWdCO1lBQ3pELGdCQUFnQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLGdCQUFnQjtTQUMxRCxDQUFDLENBQUM7UUFFSCwyREFBMkQ7UUFDM0QsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksaUJBQWlCLENBQzVDLElBQUksQ0FBQyxXQUFXLEVBQ2hCLElBQUksQ0FBQyxZQUFZLEVBQ2pCLElBQUksQ0FBQyxlQUFlLEVBQ3BCLElBQUksQ0FBQyxlQUFlLEVBQ3BCLElBQUksRUFBRSxnQ0FBZ0M7UUFDdEMsYUFBYSxDQUNkLENBQUM7SUFDSixDQUFDO0lBT0Q7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLHdCQUF3QixDQUNwQyxNQUFzQixFQUN0QixZQUFvQixTQUFTLEVBQzdCLFdBQWlCLEVBQ2pCLFlBQWlEO1FBRWpELE1BQU0sV0FBVyxHQUFHLElBQUksZ0JBQWdCLENBQUMsTUFBTSxFQUFFLFNBQVMsRUFBRSxXQUFXLEVBQUUsWUFBWSxDQUFDLENBQUM7UUFFdkYsOERBQThEO1FBQzlELFdBQVcsQ0FBQyx1QkFBdUIsQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLEVBQUU7WUFDbkQsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xDLENBQUMsQ0FBQyxDQUFDO1FBRUgsc0NBQXNDO1FBQ3RDLElBQUksSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLEVBQUUsRUFBRSxDQUFDO1lBQ3hDLFdBQVcsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQ2hFLENBQUM7UUFFRCw2QkFBNkI7UUFDN0IsV0FBVyxDQUFDLG1CQUFtQixDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBRXZELGdEQUFnRDtRQUNoRCxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDdkIsV0FBVyxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDeEQsQ0FBQztRQUVELG1FQUFtRTtRQUNuRSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztZQUN4QyxXQUFXLENBQUMsd0JBQXdCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO1FBQzVFLENBQUM7UUFFRCx5Q0FBeUM7UUFDekMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLDJCQUEyQixLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQzVELFdBQVcsQ0FBQyw4QkFBOEIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLDJCQUEyQixDQUFDLENBQUM7UUFDeEYsQ0FBQztRQUVELE1BQU0sV0FBVyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQy9CLE9BQU8sV0FBVyxDQUFDO0lBQ3JCLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyw0QkFBNEI7UUFDeEMsa0VBQWtFO1FBQ2xFLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUNqRCxDQUFDLENBQUMsTUFBTSxDQUFDLEdBQUcsRUFBRSxXQUFXLEtBQUssTUFBTSxDQUNyQyxDQUFDO1FBRUYsSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxFQUFFLENBQUM7WUFDM0QsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMENBQTBDLEVBQUUsRUFBRSxTQUFTLEVBQUUscUJBQXFCLEVBQUUsQ0FBQyxDQUFDO1lBQ3JHLE9BQU87UUFDVCxDQUFDO1FBRUQsc0NBQXNDO1FBQ3RDLDRDQUE0QztRQUM1QyxpREFBaUQ7UUFDakQsNkJBQTZCO1FBQzdCLElBQUksV0FBbUYsQ0FBQztRQUV4RixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLEtBQUssRUFBRSxDQUFDO1lBQzlCLDRCQUE0QjtZQUM1QixXQUFXLEdBQUc7Z0JBQ1osS0FBSyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUs7Z0JBQy9CLGFBQWEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxhQUFhLElBQUksS0FBSztnQkFDeEQsSUFBSSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksSUFBSSxFQUFFO2FBQ3BDLENBQUM7WUFDRixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxrREFBa0QsV0FBVyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsU0FBUyxFQUFFLHFCQUFxQixFQUFFLENBQUMsQ0FBQztRQUNsSSxDQUFDO2FBQU0sSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2pDLG9DQUFvQztZQUNwQyxNQUFNLGFBQWEsR0FBRyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3RFLElBQUksYUFBYSxFQUFFLE1BQU0sQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFLENBQUM7Z0JBQ3BDLE1BQU0sU0FBUyxHQUFHLGFBQWEsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQztnQkFDaEQsV0FBVyxHQUFHO29CQUNaLEtBQUssRUFBRSxTQUFTLENBQUMsS0FBSztvQkFDdEIsYUFBYSxFQUFFLFNBQVMsQ0FBQyxhQUFhLElBQUksS0FBSztvQkFDL0MsSUFBSSxFQUFFLFNBQVMsQ0FBQyxhQUFhLElBQUksRUFBRTtpQkFDcEMsQ0FBQztnQkFDRixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvREFBb0QsYUFBYSxDQUFDLElBQUksaUJBQWlCLFdBQVcsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxxQkFBcUIsRUFBRSxDQUFDLENBQUM7WUFDdkssQ0FBQztRQUNILENBQUM7UUFFRCwwQ0FBMEM7UUFDMUMsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxLQUFLLEVBQUUsQ0FBQztZQUNqRCxNQUFNLElBQUksS0FBSyxDQUNiLGlFQUFpRTtnQkFDakUsbUNBQW1DO2dCQUNuQyxxQ0FBcUM7Z0JBQ3JDLGlEQUFpRCxDQUNsRCxDQUFDO1FBQ0osQ0FBQztRQUVELHdFQUF3RTtRQUN4RSxJQUFJLENBQUMsV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLHdCQUF3QixDQUNwRCxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFDcEIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLElBQUksU0FBUyxFQUNqRCxXQUFXLENBQ1osQ0FBQztJQUNKLENBQUM7SUFFRDs7T0FFRztJQUNLLG1CQUFtQjtRQUN6QixPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUNuQyxDQUFDLENBQUMsTUFBTSxDQUFDLEdBQUcsRUFBRSxXQUFXO1lBQ3pCLENBQUMsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLFdBQVcsS0FBSyxNQUFNLENBQ3BDLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsS0FBSztRQUNoQix1Q0FBdUM7UUFDdkMsSUFBSSxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7WUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNERBQTRELENBQUMsQ0FBQztZQUNqRixPQUFPO1FBQ1QsQ0FBQztRQUVELG1DQUFtQztRQUNuQyxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLHFCQUFxQixFQUFFLENBQUM7UUFFakUsbUNBQW1DO1FBQ25DLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyx5QkFBeUIsRUFBRSxDQUFDO1FBQ3RELE1BQU0sV0FBVyxHQUFHLENBQUMsR0FBRyxjQUFjLEVBQUUsR0FBRyxZQUFZLENBQUMsQ0FBQztRQUV6RCxJQUFJLFdBQVcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDM0IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsR0FBRyxXQUFXLENBQUMsTUFBTSwrQkFBK0IsRUFBRSxFQUFFLEtBQUssRUFBRSxXQUFXLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUN4RyxLQUFLLE1BQU0sT0FBTyxJQUFJLFdBQVcsRUFBRSxDQUFDO2dCQUNsQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxHQUFHLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDbkMsQ0FBQztRQUNILENBQUM7UUFFRCx3Q0FBd0M7UUFDeEMsTUFBTSxjQUFjLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBRTdELHlEQUF5RDtRQUN6RCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXBGLDZCQUE2QjtRQUM3QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsY0FBYyxDQUFDLE1BQU0sV0FBVyxjQUFjLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUU7WUFDMUcsU0FBUyxFQUFFLGNBQWMsQ0FBQyxNQUFNO1lBQ2hDLEtBQUssRUFBRSxjQUFjO1lBQ3JCLFNBQVMsRUFBRSxhQUFhO1NBQ3pCLENBQUMsQ0FBQztRQUVILHdEQUF3RDtRQUN4RCxLQUFLLE1BQU0sS0FBSyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDekMsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDLGdCQUFnQixLQUFLLFVBQVUsRUFBRSxDQUFDO2dCQUNqRCxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ25ELENBQUM7UUFDSCxDQUFDO1FBRUQsaUVBQWlFO1FBQ2pFLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3hFLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUN4QyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDckMsQ0FBQztRQUVELHFGQUFxRjtRQUNyRix3RkFBd0Y7UUFDeEYsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUMsQ0FBQztRQUVoRCxnRUFBZ0U7UUFDaEUsOEVBQThFO1FBQzlFLE1BQU0sSUFBSSxDQUFDLDRCQUE0QixFQUFFLENBQUM7UUFFMUMsbUVBQW1FO1FBQ25FLElBQUksSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLFlBQVksRUFBRSxFQUFFLENBQUM7WUFDNUQsSUFBSSxDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7UUFFRCxvRUFBb0U7UUFDcEUsSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDckIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNERBQTRELEVBQUUsRUFBRSxTQUFTLEVBQUUscUJBQXFCLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZILE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1FBQ3BELENBQUM7UUFFRCxzRUFBc0U7UUFDdEUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssRUFBRSxDQUFDO1FBRTlCLDJEQUEyRDtRQUMzRCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsV0FBVyxDQUFDLEdBQUcsRUFBRTtZQUN2QyxzQ0FBc0M7WUFDdEMsSUFBSSxJQUFJLENBQUMsY0FBYztnQkFBRSxPQUFPO1lBRWhDLDJCQUEyQjtZQUMzQixJQUFJLENBQUMsaUJBQWlCLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztZQUVoRCw0QkFBNEI7WUFDNUIsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ3ZCLElBQUksV0FBVyxHQUFHLENBQUMsQ0FBQztZQUNwQixJQUFJLFdBQVcsR0FBRyxDQUFDLENBQUM7WUFDcEIsSUFBSSxjQUFjLEdBQUcsQ0FBQyxDQUFDO1lBQ3ZCLElBQUksaUJBQWlCLEdBQUcsQ0FBQyxDQUFDO1lBQzFCLElBQUksc0JBQXNCLEdBQUcsQ0FBQyxDQUFDO1lBQy9CLElBQUksb0JBQW9CLEdBQUcsQ0FBQyxDQUFDO1lBQzdCLElBQUksb0JBQW9CLEdBQUcsQ0FBQyxDQUFDO1lBQzdCLElBQUksb0JBQW9CLEdBQUcsQ0FBQyxDQUFDO1lBRTdCLHNDQUFzQztZQUN0QyxNQUFNLGlCQUFpQixHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUVsRSw2QkFBNkI7WUFDN0IsS0FBSyxNQUFNLE1BQU0sSUFBSSxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO2dCQUNoRCx5QkFBeUI7Z0JBQ3pCLElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO29CQUNqQixjQUFjLEVBQUUsQ0FBQztvQkFDakIsSUFBSSxNQUFNLENBQUMsb0JBQW9CLEVBQUUsQ0FBQzt3QkFDaEMsc0JBQXNCLEVBQUUsQ0FBQztvQkFDM0IsQ0FBQzt5QkFBTSxDQUFDO3dCQUNOLG9CQUFvQixFQUFFLENBQUM7b0JBQ3pCLENBQUM7Z0JBQ0gsQ0FBQztxQkFBTSxDQUFDO29CQUNOLGlCQUFpQixFQUFFLENBQUM7Z0JBQ3RCLENBQUM7Z0JBRUQsSUFBSSxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7b0JBQ3hCLG9CQUFvQixFQUFFLENBQUM7Z0JBQ3pCLENBQUM7Z0JBRUQsSUFBSSxNQUFNLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztvQkFDN0Isb0JBQW9CLEVBQUUsQ0FBQztnQkFDekIsQ0FBQztnQkFFRCxXQUFXLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsR0FBRyxHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO2dCQUNwRSxJQUFJLE1BQU0sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO29CQUM3QixXQUFXLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsR0FBRyxHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO2dCQUN0RSxDQUFDO1lBQ0gsQ0FBQztZQUVELHdCQUF3QjtZQUN4QixNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBRXRFLHFCQUFxQjtZQUNyQixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx1QkFBdUIsRUFBRTtnQkFDMUMsaUJBQWlCLEVBQUUsaUJBQWlCLENBQUMsSUFBSTtnQkFDekMsR0FBRyxFQUFFO29CQUNILEtBQUssRUFBRSxjQUFjO29CQUNyQixTQUFTLEVBQUUsc0JBQXNCO29CQUNqQyxPQUFPLEVBQUUsb0JBQW9CO2lCQUM5QjtnQkFDRCxNQUFNLEVBQUUsaUJBQWlCO2dCQUN6QixTQUFTLEVBQUUsb0JBQW9CO2dCQUMvQixTQUFTLEVBQUUsb0JBQW9CO2dCQUMvQixjQUFjLEVBQUU7b0JBQ2QsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDO29CQUN2QyxRQUFRLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUM7aUJBQ3hDO2dCQUNELGdCQUFnQixFQUFFO29CQUNoQixRQUFRLEVBQUUsZ0JBQWdCLENBQUMsUUFBUTtvQkFDbkMsUUFBUSxFQUFFLGdCQUFnQixDQUFDLFFBQVE7aUJBQ3BDO2dCQUNELFNBQVMsRUFBRSxvQkFBb0I7YUFDaEMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsdUJBQXVCLElBQUksS0FBSyxDQUFDLENBQUM7UUFFbkQsd0RBQXdEO1FBQ3hELElBQUksSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2hDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNoQyxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7O09BSUc7SUFFSDs7T0FFRztJQUNJLEtBQUssQ0FBQyxJQUFJO1FBQ2YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNkJBQTZCLENBQUMsQ0FBQztRQUNsRCxJQUFJLENBQUMsY0FBYyxHQUFHLElBQUksQ0FBQztRQUMzQixJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUV2QywyQkFBMkI7UUFDM0IsSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDckIsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzlCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDZCQUE2QixDQUFDLENBQUM7UUFDcEQsQ0FBQztRQUVELHVCQUF1QjtRQUN2QixNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDbEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUseUJBQXlCLENBQUMsQ0FBQztRQUU5Qyw2QkFBNkI7UUFDN0IsSUFBSSxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUMxQixhQUFhLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7WUFDckMsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksQ0FBQztRQUMvQixDQUFDO1FBRUQsMEJBQTBCO1FBQzFCLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUNsQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx1REFBdUQsQ0FBQyxDQUFDO1FBRTVFLGtDQUFrQztRQUNsQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBRWhELGlCQUFpQjtRQUNqQixNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFbEMsMkJBQTJCO1FBQzNCLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUU5Qix5QkFBeUI7UUFDekIsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksRUFBRSxDQUFDO1FBRTdCLHNDQUFzQztRQUN0QyxNQUFNLFNBQVMsR0FBRyxNQUFNLE1BQU0sQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1FBQzNELFNBQVMsQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUVyQyxzQ0FBc0M7UUFDdEMseUJBQXlCLENBQUMsUUFBUSxFQUFFLENBQUM7UUFFckMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsK0JBQStCLENBQUMsQ0FBQztJQUN0RCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxtQkFBbUI7UUFDOUIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUseUVBQXlFLENBQUMsQ0FBQztRQUM5RixNQUFNLElBQUksS0FBSyxDQUFDLGtFQUFrRSxDQUFDLENBQUM7SUFDdEYsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLDJCQUEyQjtRQUN2QyxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7UUFDdEIsTUFBTSxVQUFVLEdBQUcsR0FBRyxDQUFDLENBQUMsZUFBZTtRQUV2QyxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsVUFBVSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDcEMsNkRBQTZEO1lBQzdELE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksS0FBSyxnQkFBZ0IsQ0FBQyxDQUFDO1lBRXpGLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO2dCQUMxQixJQUFJLENBQUM7b0JBQ0gsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsa0RBQWtELENBQUMsQ0FBQztnQkFDekUsQ0FBQztnQkFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO29CQUNmLGlDQUFpQztvQkFDakMsT0FBTyxDQUFDLEdBQUcsQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO2dCQUN6RSxDQUFDO2dCQUNELE9BQU87WUFDVCxDQUFDO1lBRUQsdUJBQXVCO1lBQ3ZCLE1BQU0sT0FBTyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDaEQsQ0FBQztRQUVELE1BQU0sS0FBSyxHQUFHLGtEQUFrRCxVQUFVLFdBQVcsQ0FBQztRQUN0RixJQUFJLENBQUM7WUFDSCxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM3QixDQUFDO1FBQUMsT0FBTyxRQUFRLEVBQUUsQ0FBQztZQUNsQixpQ0FBaUM7WUFDakMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxXQUFXLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDbEMsQ0FBQztRQUNELE1BQU0sSUFBSSxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDekIsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09Bc0JHO0lBQ0ksS0FBSyxDQUFDLFlBQVksQ0FBQyxTQUF5QjtRQUNqRCxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsWUFBWSxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQ2xELElBQUksQ0FBQztnQkFDSCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvQkFBb0IsU0FBUyxDQUFDLE1BQU0sVUFBVSxFQUFFO29CQUNqRSxVQUFVLEVBQUUsU0FBUyxDQUFDLE1BQU07b0JBQzVCLFNBQVMsRUFBRSxhQUFhO2lCQUN6QixDQUFDLENBQUM7WUFDTCxDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDZixpQ0FBaUM7Z0JBQ2pDLE9BQU8sQ0FBQyxHQUFHLENBQUMsMkJBQTJCLFNBQVMsQ0FBQyxNQUFNLFVBQVUsQ0FBQyxDQUFDO1lBQ3JFLENBQUM7WUFFRCxpRUFBaUU7WUFDakUsSUFBSSxJQUFJLENBQUMsV0FBVyxJQUFJLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGNBQWMsRUFBRSxFQUFFLENBQUM7Z0JBQ2pFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQzFELENBQUM7WUFFRCwrREFBK0Q7WUFDL0QsTUFBTSxZQUFZLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUM1RCxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFDcEIsU0FBUyxFQUNUO2dCQUNFLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxJQUFJLElBQUksRUFBRTtnQkFDeEMsV0FBVyxFQUFFLElBQUksQ0FBQyxXQUFXLEVBQUUsY0FBYyxFQUFFO2dCQUMvQyxTQUFTLEVBQUUsSUFBSSxDQUFDLFdBQVcsRUFBRSxRQUFRLEVBQUU7Z0JBQ3ZDLDBCQUEwQixFQUFFLElBQUksQ0FBQywwQkFBMEI7Z0JBQzNELHdCQUF3QixFQUFFLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO2dCQUNsRSwyQkFBMkIsRUFBRSxJQUFJLENBQUMsMkJBQTJCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQzthQUN6RSxDQUNGLENBQUM7WUFFRixzQ0FBc0M7WUFDdEMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEdBQUcsU0FBUyxDQUFDO1lBRWpDLGdEQUFnRDtZQUNoRCxJQUFJLENBQUMsMEJBQTBCLEdBQUcsWUFBWSxDQUFDLHVCQUF1QixDQUFDO1lBRXZFLDBDQUEwQztZQUMxQyxJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQyxZQUFZLENBQUM7WUFFOUMsNkRBQTZEO1lBQzdELElBQUksWUFBWSxDQUFDLGNBQWMsRUFBRSxDQUFDO2dCQUNoQyxJQUFJLENBQUMsV0FBVyxHQUFHLFlBQVksQ0FBQyxjQUFjLENBQUM7Z0JBQy9DLDBDQUEwQztnQkFDMUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDMUQsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLG9CQUFvQixDQUFDLFNBQWlCO1FBQ2pELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDdEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFFRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxLQUFLLFNBQVMsQ0FBQyxDQUFDO1FBQ25FLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSxLQUFLLENBQUMsU0FBUyxTQUFTLFlBQVksQ0FBQyxDQUFDO1FBQ2xELENBQUM7UUFFRCxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsb0JBQW9CLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVELHlEQUF5RDtJQUV6RDs7T0FFRztJQUNJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFpQjtRQUM3QyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3RCLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsQ0FBQztRQUN6RCxDQUFDO1FBRUQsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLGdCQUFnQixDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRDs7T0FFRztJQUNJLG9CQUFvQixDQUFDLFNBQWlCO1FBQzNDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDdEIsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLFVBQVU7UUFDZixPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQztJQUMvQixDQUFDO0lBRUQ7O09BRUc7SUFDSyxhQUFhLENBQUMsTUFBYztRQUNsQywrQkFBK0I7UUFDL0IsSUFBSSxDQUFDLE1BQU0sSUFBSSxNQUFNLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ25DLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELHlEQUF5RDtRQUN6RCxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN6QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwwQkFBMEIsTUFBTSxxREFBcUQsRUFBRSxFQUFFLE1BQU0sRUFBRSxTQUFTLEVBQUUscUJBQXFCLEVBQUUsQ0FBQyxDQUFDO1lBQ3hKLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELGlFQUFpRTtRQUNqRSxNQUFNLGdCQUFnQixHQUFHLCtGQUErRixDQUFDO1FBQ3pILElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUNuQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxXQUFXLE1BQU0sK0NBQStDLEVBQUUsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLHFCQUFxQixFQUFFLENBQUMsQ0FBQztZQUNuSSxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFZO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0ksS0FBSyxDQUFDLG1CQUFtQixDQUFDLElBQVk7UUFDM0MsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLGlCQUFpQjtRQUN0QixPQUFPLElBQUksQ0FBQyxXQUFXLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztJQUM5QyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxhQUFhO1FBQ2xCLE1BQU0saUJBQWlCLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGNBQWMsRUFBRSxDQUFDO1FBQ2xFLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLG1CQUFtQixFQUFFLENBQUM7UUFFdEUsSUFBSSxjQUFjLEdBQUcsQ0FBQyxDQUFDO1FBQ3ZCLElBQUksaUJBQWlCLEdBQUcsQ0FBQyxDQUFDO1FBQzFCLElBQUksb0JBQW9CLEdBQUcsQ0FBQyxDQUFDO1FBQzdCLElBQUksb0JBQW9CLEdBQUcsQ0FBQyxDQUFDO1FBRTdCLDZCQUE2QjtRQUM3QixLQUFLLE1BQU0sTUFBTSxJQUFJLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUM7WUFDaEQsSUFBSSxNQUFNLENBQUMsS0FBSztnQkFBRSxjQUFjLEVBQUUsQ0FBQzs7Z0JBQzlCLGlCQUFpQixFQUFFLENBQUM7WUFDekIsSUFBSSxNQUFNLENBQUMsWUFBWTtnQkFBRSxvQkFBb0IsRUFBRSxDQUFDO1lBQ2hELElBQUksTUFBTSxDQUFDLGlCQUFpQjtnQkFBRSxvQkFBb0IsRUFBRSxDQUFDO1FBQ3ZELENBQUM7UUFFRCxPQUFPO1lBQ0wsaUJBQWlCLEVBQUUsaUJBQWlCLENBQUMsSUFBSTtZQUN6QyxjQUFjO1lBQ2QsaUJBQWlCO1lBQ2pCLG9CQUFvQjtZQUNwQixvQkFBb0I7WUFDcEIsZ0JBQWdCO1lBQ2hCLFdBQVcsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLFdBQVc7WUFDL0IsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJO1lBQy9DLFVBQVUsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxNQUFNO1lBQ3ZDLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLGlCQUFpQixFQUFFLENBQUMsTUFBTTtZQUN4RCxjQUFjLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxpQkFBaUIsRUFBRTtTQUNyRCxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0ksaUNBQWlDO1FBQ3RDLE1BQU0sT0FBTyxHQUFhLEVBQUUsQ0FBQztRQUU3QiwwQkFBMEI7UUFDMUIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDO1FBRTFDLEtBQUssTUFBTSxLQUFLLElBQUksTUFBTSxFQUFFLENBQUM7WUFDM0IsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTztnQkFBRSxTQUFTO1lBRW5DLDJEQUEyRDtZQUMzRCxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBSSxLQUFLLFNBQVM7Z0JBQy9CLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxHQUFHO2dCQUNqQixLQUFLLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssYUFBYTtnQkFDdkMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsV0FBVyxLQUFLLE1BQU07Z0JBQUUsU0FBUztZQUV0RCxNQUFNLFlBQVksR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDO2dCQUNyRCxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPO2dCQUNyQixDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBRTFCLDRDQUE0QztZQUM1QyxNQUFNLGVBQWUsR0FBRyxZQUFZLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQ25ELENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUNwRCxDQUFDO1lBRUYsT0FBTyxDQUFDLElBQUksQ0FBQyxHQUFHLGVBQWUsQ0FBQyxDQUFDO1FBQ25DLENBQUM7UUFFRCxxQ0FBcUM7UUFFckMsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLGlCQUFpQjtRQUM1QixPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsU0FBUyxFQUFFLENBQUM7SUFDMUMsQ0FBQztJQUVEOztPQUVHO0lBQ0sseUJBQXlCO1FBQy9CLE1BQU0sUUFBUSxHQUFhLEVBQUUsQ0FBQztRQUU5Qiw0Q0FBNEM7UUFDNUMsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQ2pELENBQUMsQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLFdBQVcsS0FBSyxNQUFNLENBQ3JDLENBQUM7UUFFRixJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDNUIsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQztRQUVELDRDQUE0QztRQUM1QyxNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLEtBQUssQ0FBQztRQUNuRCxNQUFNLGVBQWUsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBRTFFLElBQUksQ0FBQyxnQkFBZ0IsSUFBSSxlQUFlLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3RELFFBQVEsQ0FBQyxJQUFJLENBQ1gsb0VBQW9FO2dCQUNwRSx1RkFBdUYsQ0FDeEYsQ0FBQztRQUNKLENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzFCLE1BQU0sYUFBYSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLElBQUksSUFBSSxFQUFFLENBQUM7WUFDckQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1lBRXpELElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxFQUFFLENBQUM7Z0JBQ3hDLFFBQVEsQ0FBQyxJQUFJLENBQ1gsUUFBUSxhQUFhLHVFQUF1RTtvQkFDNUYsaUNBQWlDLGFBQWEsb0RBQW9ELENBQ25HLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztRQUVELG9DQUFvQztRQUNwQyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLGFBQWEsRUFBRSxDQUFDO1lBQ3RDLE1BQU0sYUFBYSxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FDMUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsSUFBSSxFQUFFLGFBQWEsS0FBSyxLQUFLLENBQzVDLENBQUM7WUFDRixJQUFJLGFBQWEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzdCLFFBQVEsQ0FBQyxJQUFJLENBQ1gsOERBQThEO29CQUM5RCw2REFBNkQsQ0FDOUQsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO1FBRUQsb0RBQW9EO1FBQ3BELEtBQUssTUFBTSxLQUFLLElBQUksVUFBVSxFQUFFLENBQUM7WUFDL0IsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQztnQkFDaEQsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTztnQkFDckIsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUUxQixNQUFNLGVBQWUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO1lBQzlELElBQUksZUFBZSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDL0IsUUFBUSxDQUFDLElBQUksQ0FDWCxVQUFVLEtBQUssQ0FBQyxJQUFJLDRCQUE0QixlQUFlLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHO29CQUM3RSw2RUFBNkU7b0JBQzdFLHFFQUFxRSxDQUN0RSxDQUFDO1lBQ0osQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDO0NBRUYifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnQtcHJveHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9wcm94aWVzL3NtYXJ0LXByb3h5L3NtYXJ0LXByb3h5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFDNUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBRXBELDBCQUEwQjtBQUMxQixPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDekQsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDN0QsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDNUQsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDakUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFFL0QsbUJBQW1CO0FBQ25CLE9BQU8sRUFBRSxrQkFBa0IsSUFBSSxZQUFZLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQztBQUN6RixPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDNUQsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBT3pDOzs7Ozs7Ozs7R0FTRztBQUNILE1BQU0sT0FBTyxVQUFXLFNBQVEsT0FBTyxDQUFDLFlBQVk7SUFXbEQsWUFBWSxXQUErQjtRQUN6QyxLQUFLLEVBQUUsQ0FBQztRQU5GLHdCQUFtQixHQUErQixJQUFJLENBQUM7UUFHdkQsYUFBUSxHQUFHLEtBQUssQ0FBQztRQUt2QixpQkFBaUI7UUFDakIsSUFBSSxDQUFDLFFBQVEsR0FBRztZQUNkLEdBQUcsV0FBVztZQUNkLGtCQUFrQixFQUFFLFdBQVcsQ0FBQyxrQkFBa0IsSUFBSSxNQUFNO1lBQzVELGFBQWEsRUFBRSxXQUFXLENBQUMsYUFBYSxJQUFJLE9BQU87WUFDbkQscUJBQXFCLEVBQUUsV0FBVyxDQUFDLHFCQUFxQixJQUFJLFFBQVE7WUFDcEUsaUJBQWlCLEVBQUUsV0FBVyxDQUFDLGlCQUFpQixJQUFJLFFBQVE7WUFDNUQsdUJBQXVCLEVBQUUsV0FBVyxDQUFDLHVCQUF1QixJQUFJLEtBQUs7WUFDckUsbUJBQW1CLEVBQUUsV0FBVyxDQUFDLG1CQUFtQixJQUFJLEdBQUc7WUFDM0QsNEJBQTRCLEVBQUUsV0FBVyxDQUFDLDRCQUE0QixJQUFJLEdBQUc7WUFDN0Usa0JBQWtCLEVBQUUsV0FBVyxDQUFDLGtCQUFrQixJQUFJLFVBQVU7WUFDaEUsNkJBQTZCLEVBQUUsV0FBVyxDQUFDLDZCQUE2QixJQUFJLENBQUM7WUFDN0UseUJBQXlCLEVBQUUsV0FBVyxDQUFDLHlCQUF5QixJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJO1NBQzVGLENBQUM7UUFFRix5QkFBeUI7UUFDekIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3ZCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsWUFBWSxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ2pFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUM7WUFDN0QsQ0FBQztZQUNELElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHO2dCQUNuQixPQUFPLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsT0FBTyxLQUFLLEtBQUs7Z0JBQzdDLElBQUksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRTtnQkFDbkMsS0FBSyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUs7Z0JBQy9CLGFBQWEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxhQUFhLElBQUksS0FBSztnQkFDeEQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLElBQUksRUFBRTtnQkFDL0QsU0FBUyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFNBQVMsS0FBSyxLQUFLO2dCQUNqRCxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsSUFBSSxTQUFTO2dCQUNsRSxtQkFBbUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxLQUFLO2dCQUNwRSx1QkFBdUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyx1QkFBdUIsSUFBSSxFQUFFO2dCQUN6RSxhQUFhLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsYUFBYSxJQUFJLEVBQUU7Z0JBQ3JELEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJO2FBQ3RCLENBQUM7UUFDSixDQUFDO1FBRUQsa0JBQWtCO1FBQ2xCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDakMsTUFBTSxVQUFVLEdBQUcsY0FBYyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3ZFLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ3RCLGNBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQ3RELE1BQU0sSUFBSSxLQUFLLENBQUMsb0NBQW9DLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSx1QkFBdUIsQ0FBQyxDQUFDO1lBQ3JHLENBQUM7UUFDSCxDQUFDO1FBRUQsd0JBQXdCO1FBQ3hCLE1BQU0sYUFBYSxHQUFHO1lBQ3BCLEtBQUssRUFBRSxDQUFDLE9BQWUsRUFBRSxJQUFVLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUM7WUFDMUUsSUFBSSxFQUFFLENBQUMsT0FBZSxFQUFFLElBQVUsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsT0FBTyxFQUFFLElBQUksQ0FBQztZQUN4RSxJQUFJLEVBQUUsQ0FBQyxPQUFlLEVBQUUsSUFBVSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxPQUFPLEVBQUUsSUFBSSxDQUFDO1lBQ3hFLEtBQUssRUFBRSxDQUFDLE9BQWUsRUFBRSxJQUFVLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUM7U0FDM0UsQ0FBQztRQUVGLHdCQUF3QjtRQUN4QixJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksWUFBWSxDQUFDO1lBQ25DLE1BQU0sRUFBRSxhQUFhO1lBQ3JCLHFCQUFxQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCO1lBQzFELE1BQU0sRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU07U0FDN0IsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLGVBQWUsRUFBRSxDQUFDO1FBQ3BDLElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxpQkFBaUIsRUFBRSxDQUFDO1FBQzVDLElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSxrQkFBa0IsQ0FDMUMsSUFBSSxDQUFDLE1BQU0sRUFDWCxJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxnQkFBZ0IsSUFBSSxJQUFJLENBQ2hELENBQUM7UUFDRixJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksS0FBSyxFQUFFLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7T0FHRztJQUNJLEtBQUssQ0FBQyxLQUFLO1FBQ2hCLG9CQUFvQjtRQUNwQixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDMUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsTUFBTSxJQUFJLEtBQUssQ0FDYixnR0FBZ0c7Z0JBQ2hHLHlEQUF5RCxDQUMxRCxDQUFDO1FBQ0osQ0FBQztRQUVELDBFQUEwRTtRQUMxRSxJQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxJQUFtQixFQUFFLE1BQXFCLEVBQUUsRUFBRTtZQUNwRSxJQUFJLElBQUksQ0FBQyxRQUFRO2dCQUFFLE9BQU87WUFDMUIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsdUNBQXVDLElBQUksWUFBWSxNQUFNLEdBQUcsRUFBRSxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsQ0FBQyxDQUFDO1lBQ3BILElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLElBQUksS0FBSyxDQUFDLDBCQUEwQixJQUFJLFlBQVksTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDO1FBQ3JGLENBQUMsQ0FBQyxDQUFDO1FBRUgsaUZBQWlGO1FBQ2pGLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUNoRCxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ0osQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxnQkFBZ0IsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQztZQUM5RCxDQUFDLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksS0FBSyxVQUFVLElBQUksT0FBTyxDQUFDLENBQUMsSUFBSSxLQUFLLFVBQVUsQ0FBQyxDQUM5RixDQUFDO1FBRUYsa0ZBQWtGO1FBQ2xGLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztZQUNyQixJQUFJLENBQUMsbUJBQW1CLEdBQUcsSUFBSSxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDdEUsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDekMsQ0FBQztRQUVELHdFQUF3RTtRQUN4RSxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0Usb0JBQW9CO1FBQ3BCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsVUFBVSxDQUFDLENBQUM7UUFFaEQsdUJBQXVCO1FBQ3ZCLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFckMsaUVBQWlFO1FBQ2pFLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDO1FBQ3BGLENBQUM7UUFFRCwrQkFBK0I7UUFDL0IsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLEVBQUUsQ0FBQztRQUU5Qyx3QkFBd0I7UUFDeEIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUVuQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxrQ0FBa0MsRUFBRSxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxJQUFJO1FBQ2YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNkJBQTZCLEVBQUUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztRQUNoRixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQztRQUVyQix1QkFBdUI7UUFDdkIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUVsQyxxRUFBcUU7UUFDckUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV2QyxrQkFBa0I7UUFDbEIsSUFBSSxDQUFDO1lBQ0gsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ2hDLENBQUM7UUFBQyxNQUFNLENBQUM7WUFDUCw0QkFBNEI7UUFDOUIsQ0FBQztRQUNELElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFbkIsNEJBQTRCO1FBQzVCLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDdEMsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQztRQUNsQyxDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsK0JBQStCLEVBQUUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsWUFBWSxDQUFDLFNBQXlCO1FBQ2pELE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDbEQsV0FBVztZQUNYLE1BQU0sVUFBVSxHQUFHLGNBQWMsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDNUQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDdEIsY0FBYyxDQUFDLG1CQUFtQixDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDdEQsTUFBTSxJQUFJLEtBQUssQ0FBQyw0QkFBNEIsVUFBVSxDQUFDLE1BQU0sQ0FBQyxJQUFJLHVCQUF1QixDQUFDLENBQUM7WUFDN0YsQ0FBQztZQUVELHNCQUFzQjtZQUN0QixNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLGlCQUFpQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRWxFLGVBQWU7WUFDZixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBRTNDLDZCQUE2QjtZQUM3QixJQUFJLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUUxQyx3REFBd0Q7WUFDeEQsTUFBTSxnQkFBZ0IsR0FBRyxTQUFTLENBQUMsSUFBSSxDQUNyQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ0osQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxnQkFBZ0IsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQztnQkFDOUQsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxJQUFJLEtBQUssVUFBVSxJQUFJLE9BQU8sQ0FBQyxDQUFDLElBQUksS0FBSyxVQUFVLENBQUMsQ0FDOUYsQ0FBQztZQUVGLElBQUksZ0JBQWdCLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztnQkFDbEQsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksbUJBQW1CLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO2dCQUN0RSxNQUFNLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDdkMsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDO1lBQ3BGLENBQUM7aUJBQU0sSUFBSSxDQUFDLGdCQUFnQixJQUFJLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO2dCQUN6RCxNQUFNLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDdEMsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUNsQyxDQUFDO1lBRUQsdUJBQXVCO1lBQ3ZCLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLFNBQVMsQ0FBQztZQUVqQywwQ0FBMEM7WUFDMUMsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLEVBQUUsQ0FBQztZQUU5QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxtQkFBbUIsU0FBUyxDQUFDLE1BQU0sVUFBVSxFQUFFLEVBQUUsU0FBUyxFQUFFLGFBQWEsRUFBRSxDQUFDLENBQUM7UUFDbEcsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsb0JBQW9CLENBQUMsU0FBaUI7UUFDakQsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFpQjtRQUM3QyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLG9CQUFvQixDQUFDLFNBQWlCO1FBQ2pELE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxVQUFVO1FBQ2YsT0FBTyxJQUFJLENBQUMsY0FBYyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxhQUFhO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsSUFBWTtRQUN4QyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLG1CQUFtQixDQUFDLElBQVk7UUFDM0MsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLG1CQUFtQixDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxpQkFBaUI7UUFDNUIsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTztZQUFFLE9BQU8sRUFBRSxDQUFDO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7T0FFRztJQUNJLGlDQUFpQztRQUN0QyxNQUFNLE9BQU8sR0FBYSxFQUFFLENBQUM7UUFDN0IsS0FBSyxNQUFNLEtBQUssSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sSUFBSSxFQUFFLEVBQUUsQ0FBQztZQUMvQyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPO2dCQUFFLFNBQVM7WUFDbkMsSUFDRSxLQUFLLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxTQUFTO2dCQUMvQixDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBRztnQkFDakIsS0FBSyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLGFBQWE7Z0JBQ3ZDLEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLFdBQVcsS0FBSyxNQUFNO2dCQUV2QyxTQUFTO1lBRVgsTUFBTSxZQUFZLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ3RHLE1BQU0sUUFBUSxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDdkYsT0FBTyxDQUFDLElBQUksQ0FBQyxHQUFHLFFBQVEsQ0FBQyxDQUFDO1FBQzVCLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsaUJBQWlCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO0lBQ3pDLENBQUM7SUFFRCwwQkFBMEI7SUFFMUI7O09BRUc7SUFDSyxlQUFlLENBQUMsTUFBc0I7UUFDNUMsT0FBTztZQUNMLE1BQU07WUFDTixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRO1lBQ2hDLElBQUksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUk7Z0JBQ3RCLENBQUMsQ0FBQztvQkFDRSxPQUFPLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsT0FBTztvQkFDbkMsS0FBSyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUs7b0JBQy9CLGFBQWEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxhQUFhO29CQUMvQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSTtvQkFDN0Isa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsa0JBQWtCO29CQUN6RCxTQUFTLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsU0FBUztvQkFDdkMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCO29CQUNyRCx1QkFBdUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyx1QkFBdUI7aUJBQ3BFO2dCQUNILENBQUMsQ0FBQyxTQUFTO1lBQ2IsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUI7WUFDbEQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0I7WUFDcEQsYUFBYSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYTtZQUMxQyxxQkFBcUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQjtZQUMxRCx1QkFBdUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLHVCQUF1QjtZQUM5RCxtQkFBbUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLG1CQUFtQjtZQUN0RCw0QkFBNEIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLDRCQUE0QjtZQUN4RSxrQkFBa0IsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQjtZQUNwRCw2QkFBNkIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLDZCQUE2QjtZQUMxRSx5QkFBeUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLHlCQUF5QjtZQUNsRSxtQkFBbUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLG1CQUFtQjtZQUN0RCxpQkFBaUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQjtTQUNuRCxDQUFDO0lBQ0osQ0FBQztJQUVEOzs7O09BSUc7SUFDSyxLQUFLLENBQUMsZ0NBQWdDO1FBQzVDLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUM7UUFDeEQsSUFBSSxDQUFDLFdBQVc7WUFBRSxPQUFPO1FBRXpCLEtBQUssTUFBTSxLQUFLLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUN6QyxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLFdBQVcsS0FBSyxNQUFNO2dCQUFFLFNBQVM7WUFDdkQsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTztnQkFBRSxTQUFTO1lBRW5DLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUVqRyxLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO2dCQUM3QixJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDO29CQUFFLFNBQVM7Z0JBRW5DLElBQUksQ0FBQztvQkFDSCxNQUFNLE1BQU0sR0FBbUMsTUFBTSxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7b0JBRXpFLElBQUksTUFBTSxLQUFLLFFBQVEsRUFBRSxDQUFDO3dCQUN4QixvQ0FBb0M7d0JBQ3BDLFNBQVM7b0JBQ1gsQ0FBQztvQkFFRCwrQ0FBK0M7b0JBQy9DLElBQUksTUFBTSxJQUFJLE9BQU8sTUFBTSxLQUFLLFFBQVEsRUFBRSxDQUFDO3dCQUN6QyxNQUFNLE9BQU8sR0FBRyxNQUF1QyxDQUFDO3dCQUN4RCxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUMvQixNQUFNLEVBQ04sT0FBTyxDQUFDLFNBQVMsRUFDakIsT0FBTyxDQUFDLFVBQVUsQ0FDbkIsQ0FBQzt3QkFDRixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxpREFBaUQsTUFBTSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztvQkFDOUcsQ0FBQztnQkFDSCxDQUFDO2dCQUFDLE9BQU8sR0FBUSxFQUFFLENBQUM7b0JBQ2xCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLG9DQUFvQyxNQUFNLEtBQUssR0FBRyxDQUFDLE9BQU8sRUFBRSxFQUFFLEVBQUUsU0FBUyxFQUFFLGFBQWEsRUFBRSxDQUFDLENBQUM7b0JBRS9HLDhCQUE4QjtvQkFDOUIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLDJCQUEyQixLQUFLLEtBQUssRUFBRSxDQUFDO3dCQUN4RCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsTUFBTSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztvQkFDekYsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRU8sYUFBYSxDQUFDLE1BQWM7UUFDbEMsSUFBSSxDQUFDLE1BQU0sSUFBSSxNQUFNLENBQUMsTUFBTSxLQUFLLENBQUM7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUNqRCxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFDdkMsTUFBTSxnQkFBZ0IsR0FDcEIsK0ZBQStGLENBQUM7UUFDbEcsT0FBTyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDdkMsQ0FBQztDQUNGIn0=