@push.rocks/smartproxy 22.4.2 → 23.0.0

package/dist_ts/proxies/smart-proxy/smart-proxy.js

@@ -1,746 +1,349 @@
 import * as plugins from '../../plugins.js';
 import { logger } from '../../core/utils/logger.js';
-import { connectionLogDeduplicator } from '../../core/utils/log-deduplicator.js';
-// Importing required components
-import { ConnectionManager } from './connection-manager.js';
-import { SecurityManager } from './security-manager.js';
-import { TlsManager } from './tls-manager.js';
-import { HttpProxyBridge } from './http-proxy-bridge.js';
-import { TimeoutManager } from './timeout-manager.js';
-import { PortManager } from './port-manager.js';
+// Rust bridge and helpers
+import { RustProxyBridge } from './rust-proxy-bridge.js';
+import { RustBinaryLocator } from './rust-binary-locator.js';
+import { RoutePreprocessor } from './route-preprocessor.js';
+import { SocketHandlerServer } from './socket-handler-server.js';
+import { RustMetricsAdapter } from './rust-metrics-adapter.js';
+// Route management
 import { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js';
-import { RouteConnectionHandler } from './route-connection-handler.js';
-import { NFTablesManager } from './nftables-manager.js';
-// Certificate manager
-import { SmartCertManager } from './certificate-manager.js';
-// Import mutex for route update synchronization
-import { Mutex } from './utils/mutex.js';
-// Import route validator
 import { RouteValidator } from './utils/route-validator.js';
-// Import route orchestrator for route management
-import { RouteOrchestrator } from './route-orchestrator.js';
-// Import ACME state manager
-import { AcmeStateManager } from './acme-state-manager.js';
-// Import metrics collector
-import { MetricsCollector } from './metrics-collector.js';
+import { Mutex } from './utils/mutex.js';
 /**
- * SmartProxy - Pure route-based API
+ * SmartProxy - Rust-backed proxy engine with TypeScript configuration API.
  *
- * SmartProxy is a unified proxy system that works with routes to define connection handling behavior.
- * Each route contains matching criteria (ports, domains, etc.) and an action to take (forward, redirect, block).
- *
- * Configuration is provided through a set of routes, with each route defining:
- * - What to match (ports, domains, paths, client IPs)
- * - What to do with matching traffic (forward, redirect, block)
- * - How to handle TLS (passthrough, terminate, terminate-and-reencrypt)
- * - Security settings (IP restrictions, connection limits)
- * - Advanced options (timeout, headers, etc.)
+ * All networking (TCP, TLS, HTTP reverse proxy, connection management, security,
+ * NFTables) is handled by the Rust binary. TypeScript is only:
+ * - The npm module interface (types, route helpers)
+ * - The thin IPC wrapper (this class)
+ * - Socket-handler callback relay (for JS-defined handlers)
+ * - Certificate provisioning callbacks (certProvisionFunction)
  */
 export class SmartProxy extends plugins.EventEmitter {
-    /**
-     * Constructor for SmartProxy
-     *
-     * @param settingsArg Configuration options containing routes and other settings
-     * Routes define how traffic is matched and handled, with each route having:
-     * - match: criteria for matching traffic (ports, domains, paths, IPs)
-     * - action: what to do with matched traffic (forward, redirect, block)
-     *
-     * Example:
-     * ```ts
-     * const proxy = new SmartProxy({
-     *   routes: [
-     *     {
-     *       match: {
-     *         ports: 443,
-     *         domains: ['example.com', '*.example.com']
-     *       },
-     *       action: {
-     *         type: 'forward',
-     *         target: { host: '10.0.0.1', port: 8443 },
-     *         tls: { mode: 'passthrough' }
-     *       }
-     *     }
-     *   ],
-     *   defaults: {
-     *     target: { host: 'localhost', port: 8080 },
-     *     security: { ipAllowList: ['*'] }
-     *   }
-     * });
-     * ```
-     */
     constructor(settingsArg) {
         super();
-        this.connectionLogger = null;
-        this.isShuttingDown = false;
-        // Certificate manager for ACME and static certificates
-        this.certManager = null;
-        // Global challenge route tracking
-        this.globalChallengeRouteActive = false;
-        // Track port usage across route updates
-        this.portUsageMap = new Map();
-        // Set reasonable defaults for all settings
+        this.socketHandlerServer = null;
+        this.stopping = false;
+        // Apply defaults
         this.settings = {
             ...settingsArg,
             initialDataTimeout: settingsArg.initialDataTimeout || 120000,
             socketTimeout: settingsArg.socketTimeout || 3600000,
-            inactivityCheckInterval: settingsArg.inactivityCheckInterval || 60000,
             maxConnectionLifetime: settingsArg.maxConnectionLifetime || 86400000,
             inactivityTimeout: settingsArg.inactivityTimeout || 14400000,
             gracefulShutdownTimeout: settingsArg.gracefulShutdownTimeout || 30000,
-            noDelay: settingsArg.noDelay !== undefined ? settingsArg.noDelay : true,
-            keepAlive: settingsArg.keepAlive !== undefined ? settingsArg.keepAlive : true,
-            keepAliveInitialDelay: settingsArg.keepAliveInitialDelay || 10000,
-            maxPendingDataSize: settingsArg.maxPendingDataSize || 10 * 1024 * 1024,
-            disableInactivityCheck: settingsArg.disableInactivityCheck || false,
-            enableKeepAliveProbes: settingsArg.enableKeepAliveProbes !== undefined ? settingsArg.enableKeepAliveProbes : true,
-            enableDetailedLogging: settingsArg.enableDetailedLogging || false,
-            enableTlsDebugLogging: settingsArg.enableTlsDebugLogging || false,
-            enableRandomizedTimeouts: settingsArg.enableRandomizedTimeouts || false,
             maxConnectionsPerIP: settingsArg.maxConnectionsPerIP || 100,
             connectionRateLimitPerMinute: settingsArg.connectionRateLimitPerMinute || 300,
             keepAliveTreatment: settingsArg.keepAliveTreatment || 'extended',
             keepAliveInactivityMultiplier: settingsArg.keepAliveInactivityMultiplier || 6,
             extendedKeepAliveLifetime: settingsArg.extendedKeepAliveLifetime || 7 * 24 * 60 * 60 * 1000,
-            httpProxyPort: settingsArg.httpProxyPort || 8443,
         };
-        // Normalize ACME options if provided (support both email and accountEmail)
+        // Normalize ACME options
         if (this.settings.acme) {
-            // Support both 'email' and 'accountEmail' fields
             if (this.settings.acme.accountEmail && !this.settings.acme.email) {
                 this.settings.acme.email = this.settings.acme.accountEmail;
             }
-            // Set reasonable defaults for commonly used fields
             this.settings.acme = {
-                enabled: this.settings.acme.enabled !== false, // Enable by default if acme object exists
+                enabled: this.settings.acme.enabled !== false,
                 port: this.settings.acme.port || 80,
                 email: this.settings.acme.email,
                 useProduction: this.settings.acme.useProduction || false,
                 renewThresholdDays: this.settings.acme.renewThresholdDays || 30,
-                autoRenew: this.settings.acme.autoRenew !== false, // Enable by default
+                autoRenew: this.settings.acme.autoRenew !== false,
                 certificateStore: this.settings.acme.certificateStore || './certs',
                 skipConfiguredCerts: this.settings.acme.skipConfiguredCerts || false,
                 renewCheckIntervalHours: this.settings.acme.renewCheckIntervalHours || 24,
                 routeForwards: this.settings.acme.routeForwards || [],
-                ...this.settings.acme // Preserve any additional fields
+                ...this.settings.acme,
             };
         }
-        // Initialize component managers
-        this.timeoutManager = new TimeoutManager(this);
-        this.securityManager = new SecurityManager(this);
-        this.connectionManager = new ConnectionManager(this);
-        // Create the route manager with SharedRouteManager API
-        // Create a logger adapter to match ILogger interface
-        const loggerAdapter = {
-            debug: (message, data) => logger.log('debug', message, data),
-            info: (message, data) => logger.log('info', message, data),
-            warn: (message, data) => logger.log('warn', message, data),
-            error: (message, data) => logger.log('error', message, data)
-        };
-        // Validate initial routes
-        if (this.settings.routes && this.settings.routes.length > 0) {
+        // Validate routes
+        if (this.settings.routes?.length) {
             const validation = RouteValidator.validateRoutes(this.settings.routes);
             if (!validation.valid) {
                 RouteValidator.logValidationErrors(validation.errors);
                 throw new Error(`Initial route validation failed: ${validation.errors.size} route(s) have errors`);
             }
         }
+        // Create logger adapter
+        const loggerAdapter = {
+            debug: (message, data) => logger.log('debug', message, data),
+            info: (message, data) => logger.log('info', message, data),
+            warn: (message, data) => logger.log('warn', message, data),
+            error: (message, data) => logger.log('error', message, data),
+        };
+        // Initialize components
         this.routeManager = new RouteManager({
             logger: loggerAdapter,
             enableDetailedLogging: this.settings.enableDetailedLogging,
-            routes: this.settings.routes
+            routes: this.settings.routes,
         });
-        // Create other required components
-        this.tlsManager = new TlsManager(this);
-        this.httpProxyBridge = new HttpProxyBridge(this);
-        // Initialize connection handler with route support
-        this.routeConnectionHandler = new RouteConnectionHandler(this);
-        // Initialize port manager
-        this.portManager = new PortManager(this);
-        // Initialize NFTablesManager
-        this.nftablesManager = new NFTablesManager(this);
-        // Initialize route update mutex for synchronization
+        this.bridge = new RustProxyBridge();
+        this.preprocessor = new RoutePreprocessor();
+        this.metricsAdapter = new RustMetricsAdapter(this.bridge, this.settings.metrics?.sampleIntervalMs ?? 1000);
         this.routeUpdateLock = new Mutex();
-        // Initialize ACME state manager
-        this.acmeStateManager = new AcmeStateManager();
-        // Initialize metrics collector with reference to this SmartProxy instance
-        this.metricsCollector = new MetricsCollector(this, {
-            sampleIntervalMs: this.settings.metrics?.sampleIntervalMs,
-            retentionSeconds: this.settings.metrics?.retentionSeconds
-        });
-        // Initialize route orchestrator for managing route updates
-        this.routeOrchestrator = new RouteOrchestrator(this.portManager, this.routeManager, this.httpProxyBridge, this.nftablesManager, null, // certManager will be set later
-        loggerAdapter);
-    }
-    /**
-     * Helper method to create and configure certificate manager
-     * This ensures consistent setup including the required ACME callback
-     */
-    async createCertificateManager(routes, certStore = './certs', acmeOptions, initialState) {
-        const certManager = new SmartCertManager(routes, certStore, acmeOptions, initialState);
-        // Always set up the route update callback for ACME challenges
-        certManager.setUpdateRoutesCallback(async (routes) => {
-            await this.updateRoutes(routes);
-        });
-        // Connect with HttpProxy if available
-        if (this.httpProxyBridge.getHttpProxy()) {
-            certManager.setHttpProxy(this.httpProxyBridge.getHttpProxy());
-        }
-        // Set the ACME state manager
-        certManager.setAcmeStateManager(this.acmeStateManager);
-        // Pass down the global ACME config if available
-        if (this.settings.acme) {
-            certManager.setGlobalAcmeDefaults(this.settings.acme);
-        }
-        // Pass down the custom certificate provision function if available
-        if (this.settings.certProvisionFunction) {
-            certManager.setCertProvisionFunction(this.settings.certProvisionFunction);
-        }
-        // Pass down the fallback to ACME setting
-        if (this.settings.certProvisionFallbackToAcme !== undefined) {
-            certManager.setCertProvisionFallbackToAcme(this.settings.certProvisionFallbackToAcme);
-        }
-        await certManager.initialize();
-        return certManager;
-    }
-    /**
-     * Initialize certificate manager
-     */
-    async initializeCertificateManager() {
-        // Extract global ACME options if any routes use auto certificates
-        const autoRoutes = this.settings.routes.filter(r => r.action.tls?.certificate === 'auto');
-        if (autoRoutes.length === 0 && !this.hasStaticCertRoutes()) {
-            logger.log('info', 'No routes require certificate management', { component: 'certificate-manager' });
-            return;
-        }
-        // Prepare ACME options with priority:
-        // 1. Use top-level ACME config if available
-        // 2. Fall back to first auto route's ACME config
-        // 3. Otherwise use undefined
-        let acmeOptions;
-        if (this.settings.acme?.email) {
-            // Use top-level ACME config
-            acmeOptions = {
-                email: this.settings.acme.email,
-                useProduction: this.settings.acme.useProduction || false,
-                port: this.settings.acme.port || 80
-            };
-            logger.log('info', `Using top-level ACME configuration with email: ${acmeOptions.email}`, { component: 'certificate-manager' });
-        }
-        else if (autoRoutes.length > 0) {
-            // Check for route-level ACME config
-            const routeWithAcme = autoRoutes.find(r => r.action.tls?.acme?.email);
-            if (routeWithAcme?.action.tls?.acme) {
-                const routeAcme = routeWithAcme.action.tls.acme;
-                acmeOptions = {
-                    email: routeAcme.email,
-                    useProduction: routeAcme.useProduction || false,
-                    port: routeAcme.challengePort || 80
-                };
-                logger.log('info', `Using route-level ACME configuration from route '${routeWithAcme.name}' with email: ${acmeOptions.email}`, { component: 'certificate-manager' });
-            }
-        }
-        // Validate we have required configuration
-        if (autoRoutes.length > 0 && !acmeOptions?.email) {
-            throw new Error('ACME email is required for automatic certificate provisioning. ' +
-                'Please provide email in either:\n' +
-                '1. Top-level "acme" configuration\n' +
-                '2. Individual route\'s "tls.acme" configuration');
-        }
-        // Use the helper method to create and configure the certificate manager
-        this.certManager = await this.createCertificateManager(this.settings.routes, this.settings.acme?.certificateStore || './certs', acmeOptions);
-    }
-    /**
-     * Check if we have routes with static certificates
-     */
-    hasStaticCertRoutes() {
-        return this.settings.routes.some(r => r.action.tls?.certificate &&
-            r.action.tls.certificate !== 'auto');
     }
     /**
-     * Start the proxy server with support for both configuration types
+     * Start the proxy.
+     * Spawns the Rust binary, configures socket relay if needed, sends routes, handles cert provisioning.
      */
     async start() {
-        // Don't start if already shutting down
-        if (this.isShuttingDown) {
-            logger.log('warn', "Cannot start SmartProxy while it's in the shutdown process");
-            return;
-        }
-        // Validate the route configuration
-        const configWarnings = this.routeManager.validateConfiguration();
-        // Also validate ACME configuration
-        const acmeWarnings = this.validateAcmeConfiguration();
-        const allWarnings = [...configWarnings, ...acmeWarnings];
-        if (allWarnings.length > 0) {
-            logger.log('warn', `${allWarnings.length} configuration warnings found`, { count: allWarnings.length });
-            for (const warning of allWarnings) {
-                logger.log('warn', `${warning}`);
-            }
-        }
-        // Get listening ports from RouteManager
-        const listeningPorts = this.routeManager.getListeningPorts();
-        // Initialize port usage tracking using RouteOrchestrator
-        this.portUsageMap = this.routeOrchestrator.updatePortUsageMap(this.settings.routes);
-        // Log port usage for startup
-        logger.log('info', `SmartProxy starting with ${listeningPorts.length} ports: ${listeningPorts.join(', ')}`, {
-            portCount: listeningPorts.length,
-            ports: listeningPorts,
-            component: 'smart-proxy'
-        });
-        // Provision NFTables rules for routes that use NFTables
-        for (const route of this.settings.routes) {
-            if (route.action.forwardingEngine === 'nftables') {
-                await this.nftablesManager.provisionRoute(route);
-            }
-        }
-        // Initialize and start HttpProxy if needed - before port binding
-        if (this.settings.useHttpProxy && this.settings.useHttpProxy.length > 0) {
-            await this.httpProxyBridge.initialize();
-            await this.httpProxyBridge.start();
-        }
-        // Start port listeners using the PortManager BEFORE initializing certificate manager
-        // This ensures all required ports are bound and ready when adding ACME challenge routes
-        await this.portManager.addPorts(listeningPorts);
-        // Initialize certificate manager AFTER port binding is complete
-        // This ensures the ACME challenge port is already bound and ready when needed
-        await this.initializeCertificateManager();
-        // Connect certificate manager with HttpProxy if both are available
-        if (this.certManager && this.httpProxyBridge.getHttpProxy()) {
-            this.certManager.setHttpProxy(this.httpProxyBridge.getHttpProxy());
-        }
-        // Now that ports are listening, provision any required certificates
-        if (this.certManager) {
-            logger.log('info', 'Starting certificate provisioning now that ports are ready', { component: 'certificate-manager' });
-            await this.certManager.provisionAllCertificates();
-        }
-        // Start the metrics collector now that all components are initialized
-        this.metricsCollector.start();
-        // Set up periodic connection logging and inactivity checks
-        this.connectionLogger = setInterval(() => {
-            // Immediately return if shutting down
-            if (this.isShuttingDown)
+        // Spawn Rust binary
+        const spawned = await this.bridge.spawn();
+        if (!spawned) {
+            throw new Error('RustProxy binary not found. Set SMARTPROXY_RUST_BINARY env var, install the platform package, ' +
+                'or build locally with: cd rust && cargo build --release');
+        }
+        // Handle unexpected exit (only emits error if not intentionally stopping)
+        this.bridge.on('exit', (code, signal) => {
+            if (this.stopping)
                 return;
-            // Perform inactivity check
-            this.connectionManager.performInactivityCheck();
-            // Log connection statistics
-            const now = Date.now();
-            let maxIncoming = 0;
-            let maxOutgoing = 0;
-            let tlsConnections = 0;
-            let nonTlsConnections = 0;
-            let completedTlsHandshakes = 0;
-            let pendingTlsHandshakes = 0;
-            let keepAliveConnections = 0;
-            let httpProxyConnections = 0;
-            // Get connection records for analysis
-            const connectionRecords = this.connectionManager.getConnections();
-            // Analyze active connections
-            for (const record of connectionRecords.values()) {
-                // Track connection stats
-                if (record.isTLS) {
-                    tlsConnections++;
-                    if (record.tlsHandshakeComplete) {
-                        completedTlsHandshakes++;
-                    }
-                    else {
-                        pendingTlsHandshakes++;
-                    }
-                }
-                else {
-                    nonTlsConnections++;
-                }
-                if (record.hasKeepAlive) {
-                    keepAliveConnections++;
-                }
-                if (record.usingNetworkProxy) {
-                    httpProxyConnections++;
-                }
-                maxIncoming = Math.max(maxIncoming, now - record.incomingStartTime);
-                if (record.outgoingStartTime) {
-                    maxOutgoing = Math.max(maxOutgoing, now - record.outgoingStartTime);
-                }
-            }
-            // Get termination stats
-            const terminationStats = this.connectionManager.getTerminationStats();
-            // Log detailed stats
-            logger.log('info', 'Connection statistics', {
-                activeConnections: connectionRecords.size,
-                tls: {
-                    total: tlsConnections,
-                    completed: completedTlsHandshakes,
-                    pending: pendingTlsHandshakes
-                },
-                nonTls: nonTlsConnections,
-                keepAlive: keepAliveConnections,
-                httpProxy: httpProxyConnections,
-                longestRunning: {
-                    incoming: plugins.prettyMs(maxIncoming),
-                    outgoing: plugins.prettyMs(maxOutgoing)
-                },
-                terminationStats: {
-                    incoming: terminationStats.incoming,
-                    outgoing: terminationStats.outgoing
-                },
-                component: 'connection-manager'
-            });
-        }, this.settings.inactivityCheckInterval || 60000);
-        // Make sure the interval doesn't keep the process alive
-        if (this.connectionLogger.unref) {
-            this.connectionLogger.unref();
-        }
+            logger.log('error', `RustProxy exited unexpectedly (code=${code}, signal=${signal})`, { component: 'smart-proxy' });
+            this.emit('error', new Error(`RustProxy exited (code=${code}, signal=${signal})`));
+        });
+        // Check if any routes need TS-side handling (socket handlers, dynamic functions)
+        const hasHandlerRoutes = this.settings.routes.some((r) => (r.action.type === 'socket-handler' && r.action.socketHandler) ||
+            r.action.targets?.some((t) => typeof t.host === 'function' || typeof t.port === 'function'));
+        // Start socket handler relay server (but don't tell Rust yet - proxy not started)
+        if (hasHandlerRoutes) {
+            this.socketHandlerServer = new SocketHandlerServer(this.preprocessor);
+            await this.socketHandlerServer.start();
+        }
+        // Preprocess routes (strip JS functions, convert socket-handler routes)
+        const rustRoutes = this.preprocessor.preprocessForRust(this.settings.routes);
+        // Build Rust config
+        const config = this.buildRustConfig(rustRoutes);
+        // Start the Rust proxy
+        await this.bridge.startProxy(config);
+        // Now that Rust proxy is running, configure socket handler relay
+        if (this.socketHandlerServer) {
+            await this.bridge.setSocketHandlerRelay(this.socketHandlerServer.getSocketPath());
+        }
+        // Handle certProvisionFunction
+        await this.provisionCertificatesViaCallback();
+        // Start metrics polling
+        this.metricsAdapter.startPolling();
+        logger.log('info', 'SmartProxy started (Rust engine)', { component: 'smart-proxy' });
     }
     /**
-     * Extract domain configurations from routes for certificate provisioning
-     *
-     * Note: This method has been removed as we now work directly with routes
-     */
-    /**
-     * Stop the proxy server
+     * Stop the proxy.
      */
     async stop() {
-        logger.log('info', 'SmartProxy shutting down...');
-        this.isShuttingDown = true;
-        this.portManager.setShuttingDown(true);
-        // Stop certificate manager
-        if (this.certManager) {
-            await this.certManager.stop();
-            logger.log('info', 'Certificate manager stopped');
-        }
-        // Stop NFTablesManager
-        await this.nftablesManager.stop();
-        logger.log('info', 'NFTablesManager stopped');
-        // Stop the connection logger
-        if (this.connectionLogger) {
-            clearInterval(this.connectionLogger);
-            this.connectionLogger = null;
-        }
-        // Stop all port listeners
-        await this.portManager.closeAll();
-        logger.log('info', 'All servers closed. Cleaning up active connections...');
-        // Clean up all active connections
-        await this.connectionManager.clearConnections();
-        // Stop HttpProxy
-        await this.httpProxyBridge.stop();
-        // Clear ACME state manager
-        this.acmeStateManager.clear();
-        // Stop metrics collector
-        this.metricsCollector.stop();
-        // Clean up ProtocolDetector singleton
-        const detection = await import('../../detection/index.js');
-        detection.ProtocolDetector.destroy();
-        // Flush any pending deduplicated logs
-        connectionLogDeduplicator.flushAll();
-        logger.log('info', 'SmartProxy shutdown complete.');
-    }
-    /**
-     * Updates the domain configurations for the proxy
-     *
-     * Note: This legacy method has been removed. Use updateRoutes instead.
-     */
-    async updateDomainConfigs() {
-        logger.log('warn', 'Method updateDomainConfigs() is deprecated. Use updateRoutes() instead.');
-        throw new Error('updateDomainConfigs() is deprecated - use updateRoutes() instead');
-    }
-    /**
-     * Verify the challenge route has been properly removed from routes
-     */
-    async verifyChallengeRouteRemoved() {
-        const maxRetries = 10;
-        const retryDelay = 100; // milliseconds
-        for (let i = 0; i < maxRetries; i++) {
-            // Check if the challenge route is still in the active routes
-            const challengeRouteExists = this.settings.routes.some(r => r.name === 'acme-challenge');
-            if (!challengeRouteExists) {
-                try {
-                    logger.log('info', 'Challenge route successfully removed from routes');
-                }
-                catch (error) {
-                    // Silently handle logging errors
-                    console.log('[INFO] Challenge route successfully removed from routes');
-                }
-                return;
-            }
-            // Wait before retrying
-            await plugins.smartdelay.delayFor(retryDelay);
-        }
-        const error = `Failed to verify challenge route removal after ${maxRetries} attempts`;
+        logger.log('info', 'SmartProxy shutting down...', { component: 'smart-proxy' });
+        this.stopping = true;
+        // Stop metrics polling
+        this.metricsAdapter.stopPolling();
+        // Remove exit listener before killing to avoid spurious error events
+        this.bridge.removeAllListeners('exit');
+        // Stop Rust proxy
         try {
-            logger.log('error', error);
+            await this.bridge.stopProxy();
+        }
+        catch {
+            // Ignore if already stopped
         }
-        catch (logError) {
-            // Silently handle logging errors
-            console.log(`[ERROR] ${error}`);
+        this.bridge.kill();
+        // Stop socket handler relay
+        if (this.socketHandlerServer) {
+            await this.socketHandlerServer.stop();
+            this.socketHandlerServer = null;
         }
-        throw new Error(error);
+        logger.log('info', 'SmartProxy shutdown complete.', { component: 'smart-proxy' });
     }
     /**
-     * Update routes with new configuration
-     *
-     * This method replaces the current route configuration with the provided routes.
-     * It also provisions certificates for routes that require TLS termination and have
-     * `certificate: 'auto'` set in their TLS configuration.
-     *
-     * @param newRoutes Array of route configurations to use
-     *
-     * Example:
-     * ```ts
-     * proxy.updateRoutes([
-     *   {
-     *     match: { ports: 443, domains: 'secure.example.com' },
-     *     action: {
-     *       type: 'forward',
-     *       target: { host: '10.0.0.1', port: 8443 },
-     *       tls: { mode: 'terminate', certificate: 'auto' }
-     *     }
-     *   }
-     * ]);
-     * ```
+     * Update routes atomically.
      */
     async updateRoutes(newRoutes) {
         return this.routeUpdateLock.runExclusive(async () => {
-            try {
-                logger.log('info', `Updating routes (${newRoutes.length} routes)`, {
-                    routeCount: newRoutes.length,
-                    component: 'smart-proxy'
-                });
+            // Validate
+            const validation = RouteValidator.validateRoutes(newRoutes);
+            if (!validation.valid) {
+                RouteValidator.logValidationErrors(validation.errors);
+                throw new Error(`Route validation failed: ${validation.errors.size} route(s) have errors`);
             }
-            catch (error) {
-                // Silently handle logging errors
-                console.log(`[INFO] Updating routes (${newRoutes.length} routes)`);
+            // Preprocess for Rust
+            const rustRoutes = this.preprocessor.preprocessForRust(newRoutes);
+            // Send to Rust
+            await this.bridge.updateRoutes(rustRoutes);
+            // Update local route manager
+            this.routeManager.updateRoutes(newRoutes);
+            // Update socket handler relay if handler routes changed
+            const hasHandlerRoutes = newRoutes.some((r) => (r.action.type === 'socket-handler' && r.action.socketHandler) ||
+                r.action.targets?.some((t) => typeof t.host === 'function' || typeof t.port === 'function'));
+            if (hasHandlerRoutes && !this.socketHandlerServer) {
+                this.socketHandlerServer = new SocketHandlerServer(this.preprocessor);
+                await this.socketHandlerServer.start();
+                await this.bridge.setSocketHandlerRelay(this.socketHandlerServer.getSocketPath());
             }
-            // Update route orchestrator dependencies if cert manager changed
-            if (this.certManager && !this.routeOrchestrator.getCertManager()) {
-                this.routeOrchestrator.setCertManager(this.certManager);
+            else if (!hasHandlerRoutes && this.socketHandlerServer) {
+                await this.socketHandlerServer.stop();
+                this.socketHandlerServer = null;
             }
-            // Delegate the complex route update logic to RouteOrchestrator
-            const updateResult = await this.routeOrchestrator.updateRoutes(this.settings.routes, newRoutes, {
-                acmePort: this.settings.acme?.port || 80,
-                acmeOptions: this.certManager?.getAcmeOptions(),
-                acmeState: this.certManager?.getState(),
-                globalChallengeRouteActive: this.globalChallengeRouteActive,
-                createCertificateManager: this.createCertificateManager.bind(this),
-                verifyChallengeRouteRemoved: this.verifyChallengeRouteRemoved.bind(this)
-            });
-            // Update settings with the new routes
+            // Update stored routes
             this.settings.routes = newRoutes;
-            // Update global state from orchestrator results
-            this.globalChallengeRouteActive = updateResult.newChallengeRouteActive;
-            // Update port usage map from orchestrator
-            this.portUsageMap = updateResult.portUsageMap;
-            // If certificate manager was recreated, update our reference
-            if (updateResult.newCertManager) {
-                this.certManager = updateResult.newCertManager;
-                // Update the orchestrator's reference too
-                this.routeOrchestrator.setCertManager(this.certManager);
-            }
+            // Handle cert provisioning for new routes
+            await this.provisionCertificatesViaCallback();
+            logger.log('info', `Routes updated (${newRoutes.length} routes)`, { component: 'smart-proxy' });
         });
     }
     /**
-     * Manually provision a certificate for a route
+     * Provision a certificate for a named route.
      */
     async provisionCertificate(routeName) {
-        if (!this.certManager) {
-            throw new Error('Certificate manager not initialized');
-        }
-        const route = this.settings.routes.find(r => r.name === routeName);
-        if (!route) {
-            throw new Error(`Route ${routeName} not found`);
-        }
-        await this.certManager.provisionCertificate(route);
+        await this.bridge.provisionCertificate(routeName);
     }
-    // Port usage tracking methods moved to RouteOrchestrator
     /**
-     * Force renewal of a certificate
+     * Force renewal of a certificate.
      */
     async renewCertificate(routeName) {
-        if (!this.certManager) {
-            throw new Error('Certificate manager not initialized');
-        }
-        await this.certManager.renewCertificate(routeName);
+        await this.bridge.renewCertificate(routeName);
     }
     /**
-     * Get certificate status for a route
+     * Get certificate status for a route (async - calls Rust).
      */
-    getCertificateStatus(routeName) {
-        if (!this.certManager) {
-            return undefined;
-        }
-        return this.certManager.getCertificateStatus(routeName);
+    async getCertificateStatus(routeName) {
+        return this.bridge.getCertificateStatus(routeName);
     }
     /**
-     * Get proxy metrics with clean API
-     *
-     * @returns IMetrics interface with grouped metrics methods
+     * Get the metrics interface.
      */
     getMetrics() {
-        return this.metricsCollector;
+        return this.metricsAdapter;
     }
     /**
-     * Validates if a domain name is valid for certificate issuance
+     * Get statistics (async - calls Rust).
      */
-    isValidDomain(domain) {
-        // Very basic domain validation
-        if (!domain || domain.length === 0) {
-            return false;
-        }
-        // Check for wildcard domains (they can't get ACME certs)
-        if (domain.includes('*')) {
-            logger.log('warn', `Wildcard domains like "${domain}" are not supported for automatic ACME certificates`, { domain, component: 'certificate-manager' });
-            return false;
-        }
-        // Check if domain has at least one dot and no invalid characters
-        const validDomainRegex = /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
-        if (!validDomainRegex.test(domain)) {
-            logger.log('warn', `Domain "${domain}" has invalid format for certificate issuance`, { domain, component: 'certificate-manager' });
-            return false;
-        }
-        return true;
+    async getStatistics() {
+        return this.bridge.getStatistics();
     }
     /**
-     * Add a new listening port without changing the route configuration
-     *
-     * This allows you to add a port listener without updating routes.
-     * Useful for preparing to listen on a port before adding routes for it.
-     *
-     * @param port The port to start listening on
-     * @returns Promise that resolves when the port is listening
+     * Add a listening port at runtime.
      */
     async addListeningPort(port) {
-        return this.portManager.addPort(port);
+        await this.bridge.addListeningPort(port);
     }
     /**
-     * Stop listening on a specific port without changing the route configuration
-     *
-     * This allows you to stop a port listener without updating routes.
-     * Useful for temporary maintenance or port changes.
-     *
-     * @param port The port to stop listening on
-     * @returns Promise that resolves when the port is closed
+     * Remove a listening port at runtime.
      */
     async removeListeningPort(port) {
-        return this.portManager.removePort(port);
+        await this.bridge.removeListeningPort(port);
     }
     /**
-     * Get a list of all ports currently being listened on
-     *
-     * @returns Array of port numbers
+     * Get all currently listening ports (async - calls Rust).
      */
-    getListeningPorts() {
-        return this.portManager.getListeningPorts();
+    async getListeningPorts() {
+        if (!this.bridge.running)
+            return [];
+        return this.bridge.getListeningPorts();
     }
     /**
-     * Get statistics about current connections
-     */
-    getStatistics() {
-        const connectionRecords = this.connectionManager.getConnections();
-        const terminationStats = this.connectionManager.getTerminationStats();
-        let tlsConnections = 0;
-        let nonTlsConnections = 0;
-        let keepAliveConnections = 0;
-        let httpProxyConnections = 0;
-        // Analyze active connections
-        for (const record of connectionRecords.values()) {
-            if (record.isTLS)
-                tlsConnections++;
-            else
-                nonTlsConnections++;
-            if (record.hasKeepAlive)
-                keepAliveConnections++;
-            if (record.usingNetworkProxy)
-                httpProxyConnections++;
-        }
-        return {
-            activeConnections: connectionRecords.size,
-            tlsConnections,
-            nonTlsConnections,
-            keepAliveConnections,
-            httpProxyConnections,
-            terminationStats,
-            acmeEnabled: !!this.certManager,
-            port80HandlerPort: this.certManager ? 80 : null,
-            routeCount: this.settings.routes.length,
-            activePorts: this.portManager.getListeningPorts().length,
-            listeningPorts: this.portManager.getListeningPorts()
-        };
-    }
-    /**
-     * Get a list of eligible domains for ACME certificates
+     * Get eligible domains for ACME certificates (sync - reads local routes).
      */
     getEligibleDomainsForCertificates() {
         const domains = [];
-        // Get domains from routes
-        const routes = this.settings.routes || [];
-        for (const route of routes) {
+        for (const route of this.settings.routes || []) {
             if (!route.match.domains)
                 continue;
-            // Skip routes without TLS termination or auto certificates
             if (route.action.type !== 'forward' ||
                 !route.action.tls ||
                 route.action.tls.mode === 'passthrough' ||
                 route.action.tls.certificate !== 'auto')
                 continue;
-            const routeDomains = Array.isArray(route.match.domains)
-                ? route.match.domains
-                : [route.match.domains];
-            // Skip domains that can't be used with ACME
-            const eligibleDomains = routeDomains.filter(domain => !domain.includes('*') && this.isValidDomain(domain));
-            domains.push(...eligibleDomains);
+            const routeDomains = Array.isArray(route.match.domains) ? route.match.domains : [route.match.domains];
+            const eligible = routeDomains.filter((d) => !d.includes('*') && this.isValidDomain(d));
+            domains.push(...eligible);
         }
-        // Legacy mode is no longer supported
         return domains;
     }
     /**
-     * Get NFTables status
+     * Get NFTables status (async - calls Rust).
      */
     async getNfTablesStatus() {
-        return this.nftablesManager.getStatus();
+        return this.bridge.getNftablesStatus();
     }
+    // --- Private helpers ---
     /**
-     * Validate ACME configuration
+     * Build the Rust configuration object from TS settings.
      */
-    validateAcmeConfiguration() {
-        const warnings = [];
-        // Check for routes with certificate: 'auto'
-        const autoRoutes = this.settings.routes.filter(r => r.action.tls?.certificate === 'auto');
-        if (autoRoutes.length === 0) {
-            return warnings;
-        }
-        // Check if we have ACME email configuration
-        const hasTopLevelEmail = this.settings.acme?.email;
-        const routesWithEmail = autoRoutes.filter(r => r.action.tls?.acme?.email);
-        if (!hasTopLevelEmail && routesWithEmail.length === 0) {
-            warnings.push('Routes with certificate: "auto" require ACME email configuration. ' +
-                'Add email to either top-level "acme" config or individual route\'s "tls.acme" config.');
-        }
-        // Check for port 80 availability for challenges
-        if (autoRoutes.length > 0) {
-            const challengePort = this.settings.acme?.port || 80;
-            const portsInUse = this.routeManager.getListeningPorts();
-            if (!portsInUse.includes(challengePort)) {
-                warnings.push(`Port ${challengePort} is not configured for any routes but is needed for ACME challenges. ` +
-                    `Add a route listening on port ${challengePort} or ensure it's accessible for HTTP-01 challenges.`);
-            }
-        }
-        // Check for mismatched environments
-        if (this.settings.acme?.useProduction) {
-            const stagingRoutes = autoRoutes.filter(r => r.action.tls?.acme?.useProduction === false);
-            if (stagingRoutes.length > 0) {
-                warnings.push('Top-level ACME uses production but some routes use staging. ' +
-                    'Consider aligning environments to avoid certificate issues.');
-            }
-        }
-        // Check for wildcard domains with auto certificates
-        for (const route of autoRoutes) {
-            const domains = Array.isArray(route.match.domains)
-                ? route.match.domains
-                : [route.match.domains];
-            const wildcardDomains = domains.filter(d => d?.includes('*'));
-            if (wildcardDomains.length > 0) {
-                warnings.push(`Route "${route.name}" has wildcard domain(s) ${wildcardDomains.join(', ')} ` +
-                    'with certificate: "auto". Wildcard certificates require DNS-01 challenges, ' +
-                    'which are not currently supported. Use static certificates instead.');
+    buildRustConfig(routes) {
+        return {
+            routes,
+            defaults: this.settings.defaults,
+            acme: this.settings.acme
+                ? {
+                    enabled: this.settings.acme.enabled,
+                    email: this.settings.acme.email,
+                    useProduction: this.settings.acme.useProduction,
+                    port: this.settings.acme.port,
+                    renewThresholdDays: this.settings.acme.renewThresholdDays,
+                    autoRenew: this.settings.acme.autoRenew,
+                    certificateStore: this.settings.acme.certificateStore,
+                    renewCheckIntervalHours: this.settings.acme.renewCheckIntervalHours,
+                }
+                : undefined,
+            connectionTimeout: this.settings.connectionTimeout,
+            initialDataTimeout: this.settings.initialDataTimeout,
+            socketTimeout: this.settings.socketTimeout,
+            maxConnectionLifetime: this.settings.maxConnectionLifetime,
+            gracefulShutdownTimeout: this.settings.gracefulShutdownTimeout,
+            maxConnectionsPerIp: this.settings.maxConnectionsPerIP,
+            connectionRateLimitPerMinute: this.settings.connectionRateLimitPerMinute,
+            keepAliveTreatment: this.settings.keepAliveTreatment,
+            keepAliveInactivityMultiplier: this.settings.keepAliveInactivityMultiplier,
+            extendedKeepAliveLifetime: this.settings.extendedKeepAliveLifetime,
+            acceptProxyProtocol: this.settings.acceptProxyProtocol,
+            sendProxyProtocol: this.settings.sendProxyProtocol,
+        };
+    }
+    /**
+     * For routes with certificate: 'auto', call certProvisionFunction if set.
+     * If the callback returns a cert object, load it into Rust.
+     * If it returns 'http01', let Rust handle ACME.
+     */
+    async provisionCertificatesViaCallback() {
+        const provisionFn = this.settings.certProvisionFunction;
+        if (!provisionFn)
+            return;
+        for (const route of this.settings.routes) {
+            if (route.action.tls?.certificate !== 'auto')
+                continue;
+            if (!route.match.domains)
+                continue;
+            const domains = Array.isArray(route.match.domains) ? route.match.domains : [route.match.domains];
+            for (const domain of domains) {
+                if (domain.includes('*'))
+                    continue;
+                try {
+                    const result = await provisionFn(domain);
+                    if (result === 'http01') {
+                        // Rust handles ACME for this domain
+                        continue;
+                    }
+                    // Got a static cert object - load it into Rust
+                    if (result && typeof result === 'object') {
+                        const certObj = result;
+                        await this.bridge.loadCertificate(domain, certObj.publicKey, certObj.privateKey);
+                        logger.log('info', `Certificate loaded via provision function for ${domain}`, { component: 'smart-proxy' });
+                    }
+                }
+                catch (err) {
+                    logger.log('warn', `certProvisionFunction failed for ${domain}: ${err.message}`, { component: 'smart-proxy' });
+                    // Fallback to ACME if enabled
+                    if (this.settings.certProvisionFallbackToAcme !== false) {
+                        logger.log('info', `Falling back to ACME for ${domain}`, { component: 'smart-proxy' });
+                    }
+                }
             }
         }
-        return warnings;
+    }
+    isValidDomain(domain) {
+        if (!domain || domain.length === 0)
+            return false;
+        if (domain.includes('*'))
+            return false;
+        const validDomainRegex = /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
+        return validDomainRegex.test(domain);
     }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnQtcHJveHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9wcm94aWVzL3NtYXJ0LXByb3h5L3NtYXJ0LXByb3h5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFDNUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQ3BELE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxNQUFNLHNDQUFzQyxDQUFDO0FBRWpGLGdDQUFnQztBQUNoQyxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUM1RCxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDeEQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBQzlDLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUN6RCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDdEQsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ2hELE9BQU8sRUFBRSxrQkFBa0IsSUFBSSxZQUFZLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQztBQUN6RixPQUFPLEVBQUUsc0JBQXNCLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUN2RSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFFeEQsc0JBQXNCO0FBQ3RCLE9BQU8sRUFBRSxnQkFBZ0IsRUFBb0IsTUFBTSwwQkFBMEIsQ0FBQztBQVE5RSxnREFBZ0Q7QUFDaEQsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBRXpDLHlCQUF5QjtBQUN6QixPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFFNUQsaURBQWlEO0FBQ2pELE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBRTVELDRCQUE0QjtBQUM1QixPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUUzRCwyQkFBMkI7QUFDM0IsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFHMUQ7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsTUFBTSxPQUFPLFVBQVcsU0FBUSxPQUFPLENBQUMsWUFBWTtJQWlDbEQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQThCRztJQUNILFlBQVksV0FBK0I7UUFDekMsS0FBSyxFQUFFLENBQUM7UUE5REYscUJBQWdCLEdBQTBCLElBQUksQ0FBQztRQUMvQyxtQkFBYyxHQUFZLEtBQUssQ0FBQztRQVl4Qyx1REFBdUQ7UUFDaEQsZ0JBQVcsR0FBNEIsSUFBSSxDQUFDO1FBRW5ELGtDQUFrQztRQUMxQiwrQkFBMEIsR0FBWSxLQUFLLENBQUM7UUFVcEQsd0NBQXdDO1FBQ2hDLGlCQUFZLEdBQTZCLElBQUksR0FBRyxFQUFFLENBQUM7UUFvQ3pELDJDQUEyQztRQUMzQyxJQUFJLENBQUMsUUFBUSxHQUFHO1lBQ2QsR0FBRyxXQUFXO1lBQ2Qsa0JBQWtCLEVBQUUsV0FBVyxDQUFDLGtCQUFrQixJQUFJLE1BQU07WUFDNUQsYUFBYSxFQUFFLFdBQVcsQ0FBQyxhQUFhLElBQUksT0FBTztZQUNuRCx1QkFBdUIsRUFBRSxXQUFXLENBQUMsdUJBQXVCLElBQUksS0FBSztZQUNyRSxxQkFBcUIsRUFBRSxXQUFXLENBQUMscUJBQXFCLElBQUksUUFBUTtZQUNwRSxpQkFBaUIsRUFBRSxXQUFXLENBQUMsaUJBQWlCLElBQUksUUFBUTtZQUM1RCx1QkFBdUIsRUFBRSxXQUFXLENBQUMsdUJBQXVCLElBQUksS0FBSztZQUNyRSxPQUFPLEVBQUUsV0FBVyxDQUFDLE9BQU8sS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLElBQUk7WUFDdkUsU0FBUyxFQUFFLFdBQVcsQ0FBQyxTQUFTLEtBQUssU0FBUyxDQUFDLENBQUMsQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxJQUFJO1lBQzdFLHFCQUFxQixFQUFFLFdBQVcsQ0FBQyxxQkFBcUIsSUFBSSxLQUFLO1lBQ2pFLGtCQUFrQixFQUFFLFdBQVcsQ0FBQyxrQkFBa0IsSUFBSSxFQUFFLEdBQUcsSUFBSSxHQUFHLElBQUk7WUFDdEUsc0JBQXNCLEVBQUUsV0FBVyxDQUFDLHNCQUFzQixJQUFJLEtBQUs7WUFDbkUscUJBQXFCLEVBQ25CLFdBQVcsQ0FBQyxxQkFBcUIsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUMsSUFBSTtZQUM1RixxQkFBcUIsRUFBRSxXQUFXLENBQUMscUJBQXFCLElBQUksS0FBSztZQUNqRSxxQkFBcUIsRUFBRSxXQUFXLENBQUMscUJBQXFCLElBQUksS0FBSztZQUNqRSx3QkFBd0IsRUFBRSxXQUFXLENBQUMsd0JBQXdCLElBQUksS0FBSztZQUN2RSxtQkFBbUIsRUFBRSxXQUFXLENBQUMsbUJBQW1CLElBQUksR0FBRztZQUMzRCw0QkFBNEIsRUFBRSxXQUFXLENBQUMsNEJBQTRCLElBQUksR0FBRztZQUM3RSxrQkFBa0IsRUFBRSxXQUFXLENBQUMsa0JBQWtCLElBQUksVUFBVTtZQUNoRSw2QkFBNkIsRUFBRSxXQUFXLENBQUMsNkJBQTZCLElBQUksQ0FBQztZQUM3RSx5QkFBeUIsRUFBRSxXQUFXLENBQUMseUJBQXlCLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUk7WUFDM0YsYUFBYSxFQUFFLFdBQVcsQ0FBQyxhQUFhLElBQUksSUFBSTtTQUNqRCxDQUFDO1FBRUYsMkVBQTJFO1FBQzNFLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUN2QixpREFBaUQ7WUFDakQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDakUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQztZQUM3RCxDQUFDO1lBRUQsbURBQW1EO1lBQ25ELElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHO2dCQUNuQixPQUFPLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsT0FBTyxLQUFLLEtBQUssRUFBRSwwQ0FBMEM7Z0JBQ3pGLElBQUksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRTtnQkFDbkMsS0FBSyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUs7Z0JBQy9CLGFBQWEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxhQUFhLElBQUksS0FBSztnQkFDeEQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLElBQUksRUFBRTtnQkFDL0QsU0FBUyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFNBQVMsS0FBSyxLQUFLLEVBQUUsb0JBQW9CO2dCQUN2RSxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsSUFBSSxTQUFTO2dCQUNsRSxtQkFBbUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxLQUFLO2dCQUNwRSx1QkFBdUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyx1QkFBdUIsSUFBSSxFQUFFO2dCQUN6RSxhQUFhLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsYUFBYSxJQUFJLEVBQUU7Z0JBQ3JELEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsaUNBQWlDO2FBQ3hELENBQUM7UUFDSixDQUFDO1FBRUQsZ0NBQWdDO1FBQ2hDLElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDL0MsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNqRCxJQUFJLENBQUMsaUJBQWlCLEdBQUcsSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVyRCx1REFBdUQ7UUFDdkQscURBQXFEO1FBQ3JELE1BQU0sYUFBYSxHQUFHO1lBQ3BCLEtBQUssRUFBRSxDQUFDLE9BQWUsRUFBRSxJQUFVLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUM7WUFDMUUsSUFBSSxFQUFFLENBQUMsT0FBZSxFQUFFLElBQVUsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsT0FBTyxFQUFFLElBQUksQ0FBQztZQUN4RSxJQUFJLEVBQUUsQ0FBQyxPQUFlLEVBQUUsSUFBVSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxPQUFPLEVBQUUsSUFBSSxDQUFDO1lBQ3hFLEtBQUssRUFBRSxDQUFDLE9BQWUsRUFBRSxJQUFVLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUM7U0FDM0UsQ0FBQztRQUVGLDBCQUEwQjtRQUMxQixJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM1RCxNQUFNLFVBQVUsR0FBRyxjQUFjLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDdkUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDdEIsY0FBYyxDQUFDLG1CQUFtQixDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDdEQsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsVUFBVSxDQUFDLE1BQU0sQ0FBQyxJQUFJLHVCQUF1QixDQUFDLENBQUM7WUFDckcsQ0FBQztRQUNILENBQUM7UUFFRCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksWUFBWSxDQUFDO1lBQ25DLE1BQU0sRUFBRSxhQUFhO1lBQ3JCLHFCQUFxQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCO1lBQzFELE1BQU0sRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU07U0FDN0IsQ0FBQyxDQUFDO1FBR0gsbUNBQW1DO1FBQ25DLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDdkMsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLGVBQWUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVqRCxtREFBbUQ7UUFDbkQsSUFBSSxDQUFDLHNCQUFzQixHQUFHLElBQUksc0JBQXNCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFL0QsMEJBQTBCO1FBQzFCLElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxXQUFXLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFekMsNkJBQTZCO1FBQzdCLElBQUksQ0FBQyxlQUFlLEdBQUcsSUFBSSxlQUFlLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFakQsb0RBQW9EO1FBQ3BELElBQUksQ0FBQyxlQUFlLEdBQUcsSUFBSSxLQUFLLEVBQUUsQ0FBQztRQUVuQyxnQ0FBZ0M7UUFDaEMsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztRQUUvQywwRUFBMEU7UUFDMUUsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksZ0JBQWdCLENBQUMsSUFBSSxFQUFFO1lBQ2pELGdCQUFnQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLGdCQUFnQjtZQUN6RCxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxnQkFBZ0I7U0FDMUQsQ0FBQyxDQUFDO1FBRUgsMkRBQTJEO1FBQzNELElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLGlCQUFpQixDQUM1QyxJQUFJLENBQUMsV0FBVyxFQUNoQixJQUFJLENBQUMsWUFBWSxFQUNqQixJQUFJLENBQUMsZUFBZSxFQUNwQixJQUFJLENBQUMsZUFBZSxFQUNwQixJQUFJLEVBQUUsZ0NBQWdDO1FBQ3RDLGFBQWEsQ0FDZCxDQUFDO0lBQ0osQ0FBQztJQU9EOzs7T0FHRztJQUNLLEtBQUssQ0FBQyx3QkFBd0IsQ0FDcEMsTUFBc0IsRUFDdEIsWUFBb0IsU0FBUyxFQUM3QixXQUFpQixFQUNqQixZQUFpRDtRQUVqRCxNQUFNLFdBQVcsR0FBRyxJQUFJLGdCQUFnQixDQUFDLE1BQU0sRUFBRSxTQUFTLEVBQUUsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBRXZGLDhEQUE4RDtRQUM5RCxXQUFXLENBQUMsdUJBQXVCLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRSxFQUFFO1lBQ25ELE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxDQUFDLENBQUMsQ0FBQztRQUVILHNDQUFzQztRQUN0QyxJQUFJLElBQUksQ0FBQyxlQUFlLENBQUMsWUFBWSxFQUFFLEVBQUUsQ0FBQztZQUN4QyxXQUFXLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsWUFBWSxFQUFFLENBQUMsQ0FBQztRQUNoRSxDQUFDO1FBRUQsNkJBQTZCO1FBQzdCLFdBQVcsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUV2RCxnREFBZ0Q7UUFDaEQsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3ZCLFdBQVcsQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3hELENBQUM7UUFFRCxtRUFBbUU7UUFDbkUsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7WUFDeEMsV0FBVyxDQUFDLHdCQUF3QixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsQ0FBQztRQUM1RSxDQUFDO1FBRUQseUNBQXlDO1FBQ3pDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQywyQkFBMkIsS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUM1RCxXQUFXLENBQUMsOEJBQThCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1FBQ3hGLENBQUM7UUFFRCxNQUFNLFdBQVcsQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUMvQixPQUFPLFdBQVcsQ0FBQztJQUNyQixDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMsNEJBQTRCO1FBQ3hDLGtFQUFrRTtRQUNsRSxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FDakQsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsV0FBVyxLQUFLLE1BQU0sQ0FDckMsQ0FBQztRQUVGLElBQUksVUFBVSxDQUFDLE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsRUFBRSxDQUFDO1lBQzNELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDBDQUEwQyxFQUFFLEVBQUUsU0FBUyxFQUFFLHFCQUFxQixFQUFFLENBQUMsQ0FBQztZQUNyRyxPQUFPO1FBQ1QsQ0FBQztRQUVELHNDQUFzQztRQUN0Qyw0Q0FBNEM7UUFDNUMsaURBQWlEO1FBQ2pELDZCQUE2QjtRQUM3QixJQUFJLFdBQW1GLENBQUM7UUFFeEYsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxLQUFLLEVBQUUsQ0FBQztZQUM5Qiw0QkFBNEI7WUFDNUIsV0FBVyxHQUFHO2dCQUNaLEtBQUssRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxLQUFLO2dCQUMvQixhQUFhLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsYUFBYSxJQUFJLEtBQUs7Z0JBQ3hELElBQUksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRTthQUNwQyxDQUFDO1lBQ0YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsa0RBQWtELFdBQVcsQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxxQkFBcUIsRUFBRSxDQUFDLENBQUM7UUFDbEksQ0FBQzthQUFNLElBQUksVUFBVSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNqQyxvQ0FBb0M7WUFDcEMsTUFBTSxhQUFhLEdBQUcsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztZQUN0RSxJQUFJLGFBQWEsRUFBRSxNQUFNLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxDQUFDO2dCQUNwQyxNQUFNLFNBQVMsR0FBRyxhQUFhLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUM7Z0JBQ2hELFdBQVcsR0FBRztvQkFDWixLQUFLLEVBQUUsU0FBUyxDQUFDLEtBQUs7b0JBQ3RCLGFBQWEsRUFBRSxTQUFTLENBQUMsYUFBYSxJQUFJLEtBQUs7b0JBQy9DLElBQUksRUFBRSxTQUFTLENBQUMsYUFBYSxJQUFJLEVBQUU7aUJBQ3BDLENBQUM7Z0JBQ0YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsb0RBQW9ELGFBQWEsQ0FBQyxJQUFJLGlCQUFpQixXQUFXLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUscUJBQXFCLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZLLENBQUM7UUFDSCxDQUFDO1FBRUQsMENBQTBDO1FBQzFDLElBQUksVUFBVSxDQUFDLE1BQU0sR0FBRyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsS0FBSyxFQUFFLENBQUM7WUFDakQsTUFBTSxJQUFJLEtBQUssQ0FDYixpRUFBaUU7Z0JBQ2pFLG1DQUFtQztnQkFDbkMscUNBQXFDO2dCQUNyQyxpREFBaUQsQ0FDbEQsQ0FBQztRQUNKLENBQUM7UUFFRCx3RUFBd0U7UUFDeEUsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyx3QkFBd0IsQ0FDcEQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQ3BCLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLGdCQUFnQixJQUFJLFNBQVMsRUFDakQsV0FBVyxDQUNaLENBQUM7SUFDSixDQUFDO0lBRUQ7O09BRUc7SUFDSyxtQkFBbUI7UUFDekIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FDbkMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsV0FBVztZQUN6QixDQUFDLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEtBQUssTUFBTSxDQUNwQyxDQUFDO0lBQ0osQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLEtBQUs7UUFDaEIsdUNBQXVDO1FBQ3ZDLElBQUksSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDREQUE0RCxDQUFDLENBQUM7WUFDakYsT0FBTztRQUNULENBQUM7UUFFRCxtQ0FBbUM7UUFDbkMsTUFBTSxjQUFjLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1FBRWpFLG1DQUFtQztRQUNuQyxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMseUJBQXlCLEVBQUUsQ0FBQztRQUN0RCxNQUFNLFdBQVcsR0FBRyxDQUFDLEdBQUcsY0FBYyxFQUFFLEdBQUcsWUFBWSxDQUFDLENBQUM7UUFFekQsSUFBSSxXQUFXLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzNCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEdBQUcsV0FBVyxDQUFDLE1BQU0sK0JBQStCLEVBQUUsRUFBRSxLQUFLLEVBQUUsV0FBVyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7WUFDeEcsS0FBSyxNQUFNLE9BQU8sSUFBSSxXQUFXLEVBQUUsQ0FBQztnQkFDbEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsR0FBRyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQ25DLENBQUM7UUFDSCxDQUFDO1FBRUQsd0NBQXdDO1FBQ3hDLE1BQU0sY0FBYyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztRQUU3RCx5REFBeUQ7UUFDekQsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUVwRiw2QkFBNkI7UUFDN0IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNEJBQTRCLGNBQWMsQ0FBQyxNQUFNLFdBQVcsY0FBYyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFO1lBQzFHLFNBQVMsRUFBRSxjQUFjLENBQUMsTUFBTTtZQUNoQyxLQUFLLEVBQUUsY0FBYztZQUNyQixTQUFTLEVBQUUsYUFBYTtTQUN6QixDQUFDLENBQUM7UUFFSCx3REFBd0Q7UUFDeEQsS0FBSyxNQUFNLEtBQUssSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ3pDLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDakQsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUNuRCxDQUFDO1FBQ0gsQ0FBQztRQUVELGlFQUFpRTtRQUNqRSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN4RSxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDeEMsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ3JDLENBQUM7UUFFRCxxRkFBcUY7UUFDckYsd0ZBQXdGO1FBQ3hGLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDLENBQUM7UUFFaEQsZ0VBQWdFO1FBQ2hFLDhFQUE4RTtRQUM5RSxNQUFNLElBQUksQ0FBQyw0QkFBNEIsRUFBRSxDQUFDO1FBRTFDLG1FQUFtRTtRQUNuRSxJQUFJLElBQUksQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLEVBQUUsRUFBRSxDQUFDO1lBQzVELElBQUksQ0FBQyxXQUFXLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsWUFBWSxFQUFFLENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBRUQsb0VBQW9FO1FBQ3BFLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDREQUE0RCxFQUFFLEVBQUUsU0FBUyxFQUFFLHFCQUFxQixFQUFFLENBQUMsQ0FBQztZQUN2SCxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztRQUNwRCxDQUFDO1FBRUQsc0VBQXNFO1FBQ3RFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUU5QiwyREFBMkQ7UUFDM0QsSUFBSSxDQUFDLGdCQUFnQixHQUFHLFdBQVcsQ0FBQyxHQUFHLEVBQUU7WUFDdkMsc0NBQXNDO1lBQ3RDLElBQUksSUFBSSxDQUFDLGNBQWM7Z0JBQUUsT0FBTztZQUVoQywyQkFBMkI7WUFDM0IsSUFBSSxDQUFDLGlCQUFpQixDQUFDLHNCQUFzQixFQUFFLENBQUM7WUFFaEQsNEJBQTRCO1lBQzVCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUN2QixJQUFJLFdBQVcsR0FBRyxDQUFDLENBQUM7WUFDcEIsSUFBSSxXQUFXLEdBQUcsQ0FBQyxDQUFDO1lBQ3BCLElBQUksY0FBYyxHQUFHLENBQUMsQ0FBQztZQUN2QixJQUFJLGlCQUFpQixHQUFHLENBQUMsQ0FBQztZQUMxQixJQUFJLHNCQUFzQixHQUFHLENBQUMsQ0FBQztZQUMvQixJQUFJLG9CQUFvQixHQUFHLENBQUMsQ0FBQztZQUM3QixJQUFJLG9CQUFvQixHQUFHLENBQUMsQ0FBQztZQUM3QixJQUFJLG9CQUFvQixHQUFHLENBQUMsQ0FBQztZQUU3QixzQ0FBc0M7WUFDdEMsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsY0FBYyxFQUFFLENBQUM7WUFFbEUsNkJBQTZCO1lBQzdCLEtBQUssTUFBTSxNQUFNLElBQUksaUJBQWlCLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQztnQkFDaEQseUJBQXlCO2dCQUN6QixJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztvQkFDakIsY0FBYyxFQUFFLENBQUM7b0JBQ2pCLElBQUksTUFBTSxDQUFDLG9CQUFvQixFQUFFLENBQUM7d0JBQ2hDLHNCQUFzQixFQUFFLENBQUM7b0JBQzNCLENBQUM7eUJBQU0sQ0FBQzt3QkFDTixvQkFBb0IsRUFBRSxDQUFDO29CQUN6QixDQUFDO2dCQUNILENBQUM7cUJBQU0sQ0FBQztvQkFDTixpQkFBaUIsRUFBRSxDQUFDO2dCQUN0QixDQUFDO2dCQUVELElBQUksTUFBTSxDQUFDLFlBQVksRUFBRSxDQUFDO29CQUN4QixvQkFBb0IsRUFBRSxDQUFDO2dCQUN6QixDQUFDO2dCQUVELElBQUksTUFBTSxDQUFDLGlCQUFpQixFQUFFLENBQUM7b0JBQzdCLG9CQUFvQixFQUFFLENBQUM7Z0JBQ3pCLENBQUM7Z0JBRUQsV0FBVyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLEdBQUcsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUMsQ0FBQztnQkFDcEUsSUFBSSxNQUFNLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztvQkFDN0IsV0FBVyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLEdBQUcsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUMsQ0FBQztnQkFDdEUsQ0FBQztZQUNILENBQUM7WUFFRCx3QkFBd0I7WUFDeEIsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUV0RSxxQkFBcUI7WUFDckIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsdUJBQXVCLEVBQUU7Z0JBQzFDLGlCQUFpQixFQUFFLGlCQUFpQixDQUFDLElBQUk7Z0JBQ3pDLEdBQUcsRUFBRTtvQkFDSCxLQUFLLEVBQUUsY0FBYztvQkFDckIsU0FBUyxFQUFFLHNCQUFzQjtvQkFDakMsT0FBTyxFQUFFLG9CQUFvQjtpQkFDOUI7Z0JBQ0QsTUFBTSxFQUFFLGlCQUFpQjtnQkFDekIsU0FBUyxFQUFFLG9CQUFvQjtnQkFDL0IsU0FBUyxFQUFFLG9CQUFvQjtnQkFDL0IsY0FBYyxFQUFFO29CQUNkLFFBQVEsRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQztvQkFDdkMsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDO2lCQUN4QztnQkFDRCxnQkFBZ0IsRUFBRTtvQkFDaEIsUUFBUSxFQUFFLGdCQUFnQixDQUFDLFFBQVE7b0JBQ25DLFFBQVEsRUFBRSxnQkFBZ0IsQ0FBQyxRQUFRO2lCQUNwQztnQkFDRCxTQUFTLEVBQUUsb0JBQW9CO2FBQ2hDLENBQUMsQ0FBQztRQUNMLENBQUMsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLHVCQUF1QixJQUFJLEtBQUssQ0FBQyxDQUFDO1FBRW5ELHdEQUF3RDtRQUN4RCxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNoQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDaEMsQ0FBQztJQUNILENBQUM7SUFFRDs7OztPQUlHO0lBRUg7O09BRUc7SUFDSSxLQUFLLENBQUMsSUFBSTtRQUNmLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDZCQUE2QixDQUFDLENBQUM7UUFDbEQsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUM7UUFDM0IsSUFBSSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFdkMsMkJBQTJCO1FBQzNCLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUM5QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2QkFBNkIsQ0FBQyxDQUFDO1FBQ3BELENBQUM7UUFFRCx1QkFBdUI7UUFDdkIsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2xDLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHlCQUF5QixDQUFDLENBQUM7UUFFOUMsNkJBQTZCO1FBQzdCLElBQUksSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDMUIsYUFBYSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1lBQ3JDLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxJQUFJLENBQUM7UUFDL0IsQ0FBQztRQUVELDBCQUEwQjtRQUMxQixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDbEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsdURBQXVELENBQUMsQ0FBQztRQUU1RSxrQ0FBa0M7UUFDbEMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUVoRCxpQkFBaUI7UUFDakIsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksRUFBRSxDQUFDO1FBRWxDLDJCQUEyQjtRQUMzQixJQUFJLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxFQUFFLENBQUM7UUFFOUIseUJBQXlCO1FBQ3pCLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUU3QixzQ0FBc0M7UUFDdEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxNQUFNLENBQUMsMEJBQTBCLENBQUMsQ0FBQztRQUMzRCxTQUFTLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxFQUFFLENBQUM7UUFFckMsc0NBQXNDO1FBQ3RDLHlCQUF5QixDQUFDLFFBQVEsRUFBRSxDQUFDO1FBRXJDLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLCtCQUErQixDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxLQUFLLENBQUMsbUJBQW1CO1FBQzlCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHlFQUF5RSxDQUFDLENBQUM7UUFDOUYsTUFBTSxJQUFJLEtBQUssQ0FBQyxrRUFBa0UsQ0FBQyxDQUFDO0lBQ3RGLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQywyQkFBMkI7UUFDdkMsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDO1FBQ3RCLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQyxDQUFDLGVBQWU7UUFFdkMsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFVBQVUsRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ3BDLDZEQUE2RDtZQUM3RCxNQUFNLG9CQUFvQixHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLEtBQUssZ0JBQWdCLENBQUMsQ0FBQztZQUV6RixJQUFJLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztnQkFDMUIsSUFBSSxDQUFDO29CQUNILE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGtEQUFrRCxDQUFDLENBQUM7Z0JBQ3pFLENBQUM7Z0JBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztvQkFDZixpQ0FBaUM7b0JBQ2pDLE9BQU8sQ0FBQyxHQUFHLENBQUMseURBQXlELENBQUMsQ0FBQztnQkFDekUsQ0FBQztnQkFDRCxPQUFPO1lBQ1QsQ0FBQztZQUVELHVCQUF1QjtZQUN2QixNQUFNLE9BQU8sQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ2hELENBQUM7UUFFRCxNQUFNLEtBQUssR0FBRyxrREFBa0QsVUFBVSxXQUFXLENBQUM7UUFDdEYsSUFBSSxDQUFDO1lBQ0gsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDN0IsQ0FBQztRQUFDLE9BQU8sUUFBUSxFQUFFLENBQUM7WUFDbEIsaUNBQWlDO1lBQ2pDLE9BQU8sQ0FBQyxHQUFHLENBQUMsV0FBVyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ2xDLENBQUM7UUFDRCxNQUFNLElBQUksS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3pCLENBQUM7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQXNCRztJQUNJLEtBQUssQ0FBQyxZQUFZLENBQUMsU0FBeUI7UUFDakQsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLFlBQVksQ0FBQyxLQUFLLElBQUksRUFBRTtZQUNsRCxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsb0JBQW9CLFNBQVMsQ0FBQyxNQUFNLFVBQVUsRUFBRTtvQkFDakUsVUFBVSxFQUFFLFNBQVMsQ0FBQyxNQUFNO29CQUM1QixTQUFTLEVBQUUsYUFBYTtpQkFDekIsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2YsaUNBQWlDO2dCQUNqQyxPQUFPLENBQUMsR0FBRyxDQUFDLDJCQUEyQixTQUFTLENBQUMsTUFBTSxVQUFVLENBQUMsQ0FBQztZQUNyRSxDQUFDO1lBRUQsaUVBQWlFO1lBQ2pFLElBQUksSUFBSSxDQUFDLFdBQVcsSUFBSSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxjQUFjLEVBQUUsRUFBRSxDQUFDO2dCQUNqRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUMxRCxDQUFDO1lBRUQsK0RBQStEO1lBQy9ELE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FDNUQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQ3BCLFNBQVMsRUFDVDtnQkFDRSxRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsSUFBSSxJQUFJLEVBQUU7Z0JBQ3hDLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxFQUFFLGNBQWMsRUFBRTtnQkFDL0MsU0FBUyxFQUFFLElBQUksQ0FBQyxXQUFXLEVBQUUsUUFBUSxFQUFFO2dCQUN2QywwQkFBMEIsRUFBRSxJQUFJLENBQUMsMEJBQTBCO2dCQUMzRCx3QkFBd0IsRUFBRSxJQUFJLENBQUMsd0JBQXdCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQztnQkFDbEUsMkJBQTJCLEVBQUUsSUFBSSxDQUFDLDJCQUEyQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7YUFDekUsQ0FDRixDQUFDO1lBRUYsc0NBQXNDO1lBQ3RDLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLFNBQVMsQ0FBQztZQUVqQyxnREFBZ0Q7WUFDaEQsSUFBSSxDQUFDLDBCQUEwQixHQUFHLFlBQVksQ0FBQyx1QkFBdUIsQ0FBQztZQUV2RSwwQ0FBMEM7WUFDMUMsSUFBSSxDQUFDLFlBQVksR0FBRyxZQUFZLENBQUMsWUFBWSxDQUFDO1lBRTlDLDZEQUE2RDtZQUM3RCxJQUFJLFlBQVksQ0FBQyxjQUFjLEVBQUUsQ0FBQztnQkFDaEMsSUFBSSxDQUFDLFdBQVcsR0FBRyxZQUFZLENBQUMsY0FBYyxDQUFDO2dCQUMvQywwQ0FBMEM7Z0JBQzFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQzFELENBQUM7UUFDSCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxTQUFpQjtRQUNqRCxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3RCLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsQ0FBQztRQUN6RCxDQUFDO1FBRUQsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksS0FBSyxTQUFTLENBQUMsQ0FBQztRQUNuRSxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksS0FBSyxDQUFDLFNBQVMsU0FBUyxZQUFZLENBQUMsQ0FBQztRQUNsRCxDQUFDO1FBRUQsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLG9CQUFvQixDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRCx5REFBeUQ7SUFFekQ7O09BRUc7SUFDSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsU0FBaUI7UUFDN0MsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxDQUFDLENBQUM7UUFDekQsQ0FBQztRQUVELE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxvQkFBb0IsQ0FBQyxTQUFpQjtRQUMzQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3RCLE9BQU8sU0FBUyxDQUFDO1FBQ25CLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQyxXQUFXLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxVQUFVO1FBQ2YsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUM7SUFDL0IsQ0FBQztJQUVEOztPQUVHO0lBQ0ssYUFBYSxDQUFDLE1BQWM7UUFDbEMsK0JBQStCO1FBQy9CLElBQUksQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNuQyxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCx5REFBeUQ7UUFDekQsSUFBSSxNQUFNLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDekIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMEJBQTBCLE1BQU0scURBQXFELEVBQUUsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLHFCQUFxQixFQUFFLENBQUMsQ0FBQztZQUN4SixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFFRCxpRUFBaUU7UUFDakUsTUFBTSxnQkFBZ0IsR0FBRywrRkFBK0YsQ0FBQztRQUN6SCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7WUFDbkMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsV0FBVyxNQUFNLCtDQUErQyxFQUFFLEVBQUUsTUFBTSxFQUFFLFNBQVMsRUFBRSxxQkFBcUIsRUFBRSxDQUFDLENBQUM7WUFDbkksT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsSUFBWTtRQUN4QyxPQUFPLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNJLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxJQUFZO1FBQzNDLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOzs7O09BSUc7SUFDSSxpQkFBaUI7UUFDdEIsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLGlCQUFpQixFQUFFLENBQUM7SUFDOUMsQ0FBQztJQUVEOztPQUVHO0lBQ0ksYUFBYTtRQUNsQixNQUFNLGlCQUFpQixHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUNsRSxNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1FBRXRFLElBQUksY0FBYyxHQUFHLENBQUMsQ0FBQztRQUN2QixJQUFJLGlCQUFpQixHQUFHLENBQUMsQ0FBQztRQUMxQixJQUFJLG9CQUFvQixHQUFHLENBQUMsQ0FBQztRQUM3QixJQUFJLG9CQUFvQixHQUFHLENBQUMsQ0FBQztRQUU3Qiw2QkFBNkI7UUFDN0IsS0FBSyxNQUFNLE1BQU0sSUFBSSxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO1lBQ2hELElBQUksTUFBTSxDQUFDLEtBQUs7Z0JBQUUsY0FBYyxFQUFFLENBQUM7O2dCQUM5QixpQkFBaUIsRUFBRSxDQUFDO1lBQ3pCLElBQUksTUFBTSxDQUFDLFlBQVk7Z0JBQUUsb0JBQW9CLEVBQUUsQ0FBQztZQUNoRCxJQUFJLE1BQU0sQ0FBQyxpQkFBaUI7Z0JBQUUsb0JBQW9CLEVBQUUsQ0FBQztRQUN2RCxDQUFDO1FBRUQsT0FBTztZQUNMLGlCQUFpQixFQUFFLGlCQUFpQixDQUFDLElBQUk7WUFDekMsY0FBYztZQUNkLGlCQUFpQjtZQUNqQixvQkFBb0I7WUFDcEIsb0JBQW9CO1lBQ3BCLGdCQUFnQjtZQUNoQixXQUFXLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxXQUFXO1lBQy9CLGlCQUFpQixFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSTtZQUMvQyxVQUFVLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTTtZQUN2QyxXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDLE1BQU07WUFDeEQsY0FBYyxFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsaUJBQWlCLEVBQUU7U0FDckQsQ0FBQztJQUNKLENBQUM7SUFFRDs7T0FFRztJQUNJLGlDQUFpQztRQUN0QyxNQUFNLE9BQU8sR0FBYSxFQUFFLENBQUM7UUFFN0IsMEJBQTBCO1FBQzFCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxJQUFJLEVBQUUsQ0FBQztRQUUxQyxLQUFLLE1BQU0sS0FBSyxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQzNCLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU87Z0JBQUUsU0FBUztZQUVuQywyREFBMkQ7WUFDM0QsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxTQUFTO2dCQUMvQixDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBRztnQkFDakIsS0FBSyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLGFBQWE7Z0JBQ3ZDLEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLFdBQVcsS0FBSyxNQUFNO2dCQUFFLFNBQVM7WUFFdEQsTUFBTSxZQUFZLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQztnQkFDckQsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTztnQkFDckIsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUUxQiw0Q0FBNEM7WUFDNUMsTUFBTSxlQUFlLEdBQUcsWUFBWSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUNuRCxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FDcEQsQ0FBQztZQUVGLE9BQU8sQ0FBQyxJQUFJLENBQUMsR0FBRyxlQUFlLENBQUMsQ0FBQztRQUNuQyxDQUFDO1FBRUQscUNBQXFDO1FBRXJDLE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxpQkFBaUI7UUFDNUIsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLFNBQVMsRUFBRSxDQUFDO0lBQzFDLENBQUM7SUFFRDs7T0FFRztJQUNLLHlCQUF5QjtRQUMvQixNQUFNLFFBQVEsR0FBYSxFQUFFLENBQUM7UUFFOUIsNENBQTRDO1FBQzVDLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUNqRCxDQUFDLENBQUMsTUFBTSxDQUFDLEdBQUcsRUFBRSxXQUFXLEtBQUssTUFBTSxDQUNyQyxDQUFDO1FBRUYsSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzVCLE9BQU8sUUFBUSxDQUFDO1FBQ2xCLENBQUM7UUFFRCw0Q0FBNEM7UUFDNUMsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxLQUFLLENBQUM7UUFDbkQsTUFBTSxlQUFlLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztRQUUxRSxJQUFJLENBQUMsZ0JBQWdCLElBQUksZUFBZSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN0RCxRQUFRLENBQUMsSUFBSSxDQUNYLG9FQUFvRTtnQkFDcEUsdUZBQXVGLENBQ3hGLENBQUM7UUFDSixDQUFDO1FBRUQsZ0RBQWdEO1FBQ2hELElBQUksVUFBVSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUMxQixNQUFNLGFBQWEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ3JELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUV6RCxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDO2dCQUN4QyxRQUFRLENBQUMsSUFBSSxDQUNYLFFBQVEsYUFBYSx1RUFBdUU7b0JBQzVGLGlDQUFpQyxhQUFhLG9EQUFvRCxDQUNuRyxDQUFDO1lBQ0osQ0FBQztRQUNILENBQUM7UUFFRCxvQ0FBb0M7UUFDcEMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUUsQ0FBQztZQUN0QyxNQUFNLGFBQWEsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQzFDLENBQUMsQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxhQUFhLEtBQUssS0FBSyxDQUM1QyxDQUFDO1lBQ0YsSUFBSSxhQUFhLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUM3QixRQUFRLENBQUMsSUFBSSxDQUNYLDhEQUE4RDtvQkFDOUQsNkRBQTZELENBQzlELENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztRQUVELG9EQUFvRDtRQUNwRCxLQUFLLE1BQU0sS0FBSyxJQUFJLFVBQVUsRUFBRSxDQUFDO1lBQy9CLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUM7Z0JBQ2hELENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU87Z0JBQ3JCLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFMUIsTUFBTSxlQUFlLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztZQUM5RCxJQUFJLGVBQWUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQy9CLFFBQVEsQ0FBQyxJQUFJLENBQ1gsVUFBVSxLQUFLLENBQUMsSUFBSSw0QkFBNEIsZUFBZSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRztvQkFDN0UsNkVBQTZFO29CQUM3RSxxRUFBcUUsQ0FDdEUsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO1FBRUQsT0FBTyxRQUFRLENBQUM7SUFDbEIsQ0FBQztDQUVGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic21hcnQtcHJveHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9wcm94aWVzL3NtYXJ0LXByb3h5L3NtYXJ0LXByb3h5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFDNUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBRXBELDBCQUEwQjtBQUMxQixPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDekQsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDN0QsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDNUQsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDakUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFFL0QsbUJBQW1CO0FBQ25CLE9BQU8sRUFBRSxrQkFBa0IsSUFBSSxZQUFZLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQztBQUN6RixPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDNUQsT0FBTyxFQUFFLEtBQUssRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBT3pDOzs7Ozs7Ozs7R0FTRztBQUNILE1BQU0sT0FBTyxVQUFXLFNBQVEsT0FBTyxDQUFDLFlBQVk7SUFXbEQsWUFBWSxXQUErQjtRQUN6QyxLQUFLLEVBQUUsQ0FBQztRQU5GLHdCQUFtQixHQUErQixJQUFJLENBQUM7UUFHdkQsYUFBUSxHQUFHLEtBQUssQ0FBQztRQUt2QixpQkFBaUI7UUFDakIsSUFBSSxDQUFDLFFBQVEsR0FBRztZQUNkLEdBQUcsV0FBVztZQUNkLGtCQUFrQixFQUFFLFdBQVcsQ0FBQyxrQkFBa0IsSUFBSSxNQUFNO1lBQzVELGFBQWEsRUFBRSxXQUFXLENBQUMsYUFBYSxJQUFJLE9BQU87WUFDbkQscUJBQXFCLEVBQUUsV0FBVyxDQUFDLHFCQUFxQixJQUFJLFFBQVE7WUFDcEUsaUJBQWlCLEVBQUUsV0FBVyxDQUFDLGlCQUFpQixJQUFJLFFBQVE7WUFDNUQsdUJBQXVCLEVBQUUsV0FBVyxDQUFDLHVCQUF1QixJQUFJLEtBQUs7WUFDckUsbUJBQW1CLEVBQUUsV0FBVyxDQUFDLG1CQUFtQixJQUFJLEdBQUc7WUFDM0QsNEJBQTRCLEVBQUUsV0FBVyxDQUFDLDRCQUE0QixJQUFJLEdBQUc7WUFDN0Usa0JBQWtCLEVBQUUsV0FBVyxDQUFDLGtCQUFrQixJQUFJLFVBQVU7WUFDaEUsNkJBQTZCLEVBQUUsV0FBVyxDQUFDLDZCQUE2QixJQUFJLENBQUM7WUFDN0UseUJBQXlCLEVBQUUsV0FBVyxDQUFDLHlCQUF5QixJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJO1NBQzVGLENBQUM7UUFFRix5QkFBeUI7UUFDekIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3ZCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsWUFBWSxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ2pFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUM7WUFDN0QsQ0FBQztZQUNELElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHO2dCQUNuQixPQUFPLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsT0FBTyxLQUFLLEtBQUs7Z0JBQzdDLElBQUksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksRUFBRTtnQkFDbkMsS0FBSyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUs7Z0JBQy9CLGFBQWEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxhQUFhLElBQUksS0FBSztnQkFDeEQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLElBQUksRUFBRTtnQkFDL0QsU0FBUyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFNBQVMsS0FBSyxLQUFLO2dCQUNqRCxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsSUFBSSxTQUFTO2dCQUNsRSxtQkFBbUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxLQUFLO2dCQUNwRSx1QkFBdUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyx1QkFBdUIsSUFBSSxFQUFFO2dCQUN6RSxhQUFhLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsYUFBYSxJQUFJLEVBQUU7Z0JBQ3JELEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJO2FBQ3RCLENBQUM7UUFDSixDQUFDO1FBRUQsa0JBQWtCO1FBQ2xCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDakMsTUFBTSxVQUFVLEdBQUcsY0FBYyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3ZFLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ3RCLGNBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQ3RELE1BQU0sSUFBSSxLQUFLLENBQUMsb0NBQW9DLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSx1QkFBdUIsQ0FBQyxDQUFDO1lBQ3JHLENBQUM7UUFDSCxDQUFDO1FBRUQsd0JBQXdCO1FBQ3hCLE1BQU0sYUFBYSxHQUFHO1lBQ3BCLEtBQUssRUFBRSxDQUFDLE9BQWUsRUFBRSxJQUFVLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUM7WUFDMUUsSUFBSSxFQUFFLENBQUMsT0FBZSxFQUFFLElBQVUsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsT0FBTyxFQUFFLElBQUksQ0FBQztZQUN4RSxJQUFJLEVBQUUsQ0FBQyxPQUFlLEVBQUUsSUFBVSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxPQUFPLEVBQUUsSUFBSSxDQUFDO1lBQ3hFLEtBQUssRUFBRSxDQUFDLE9BQWUsRUFBRSxJQUFVLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUM7U0FDM0UsQ0FBQztRQUVGLHdCQUF3QjtRQUN4QixJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksWUFBWSxDQUFDO1lBQ25DLE1BQU0sRUFBRSxhQUFhO1lBQ3JCLHFCQUFxQixFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCO1lBQzFELE1BQU0sRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU07U0FDN0IsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLGVBQWUsRUFBRSxDQUFDO1FBQ3BDLElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxpQkFBaUIsRUFBRSxDQUFDO1FBQzVDLElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSxrQkFBa0IsQ0FDMUMsSUFBSSxDQUFDLE1BQU0sRUFDWCxJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sRUFBRSxnQkFBZ0IsSUFBSSxJQUFJLENBQ2hELENBQUM7UUFDRixJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksS0FBSyxFQUFFLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7T0FHRztJQUNJLEtBQUssQ0FBQyxLQUFLO1FBQ2hCLG9CQUFvQjtRQUNwQixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDMUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsTUFBTSxJQUFJLEtBQUssQ0FDYixnR0FBZ0c7Z0JBQ2hHLHlEQUF5RCxDQUMxRCxDQUFDO1FBQ0osQ0FBQztRQUVELDBFQUEwRTtRQUMxRSxJQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxJQUFtQixFQUFFLE1BQXFCLEVBQUUsRUFBRTtZQUNwRSxJQUFJLElBQUksQ0FBQyxRQUFRO2dCQUFFLE9BQU87WUFDMUIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsdUNBQXVDLElBQUksWUFBWSxNQUFNLEdBQUcsRUFBRSxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsQ0FBQyxDQUFDO1lBQ3BILElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLElBQUksS0FBSyxDQUFDLDBCQUEwQixJQUFJLFlBQVksTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDO1FBQ3JGLENBQUMsQ0FBQyxDQUFDO1FBRUgsaUZBQWlGO1FBQ2pGLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUNoRCxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ0osQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxnQkFBZ0IsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQztZQUM5RCxDQUFDLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxDQUFDLElBQUksS0FBSyxVQUFVLElBQUksT0FBTyxDQUFDLENBQUMsSUFBSSxLQUFLLFVBQVUsQ0FBQyxDQUM5RixDQUFDO1FBRUYsa0ZBQWtGO1FBQ2xGLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztZQUNyQixJQUFJLENBQUMsbUJBQW1CLEdBQUcsSUFBSSxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDdEUsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDekMsQ0FBQztRQUVELHdFQUF3RTtRQUN4RSxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFN0Usb0JBQW9CO1FBQ3BCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsVUFBVSxDQUFDLENBQUM7UUFFaEQsdUJBQXVCO1FBQ3ZCLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFckMsaUVBQWlFO1FBQ2pFLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDO1FBQ3BGLENBQUM7UUFFRCwrQkFBK0I7UUFDL0IsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLEVBQUUsQ0FBQztRQUU5Qyx3QkFBd0I7UUFDeEIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUVuQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxrQ0FBa0MsRUFBRSxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxJQUFJO1FBQ2YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNkJBQTZCLEVBQUUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztRQUNoRixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQztRQUVyQix1QkFBdUI7UUFDdkIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUVsQyxxRUFBcUU7UUFDckUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV2QyxrQkFBa0I7UUFDbEIsSUFBSSxDQUFDO1lBQ0gsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ2hDLENBQUM7UUFBQyxNQUFNLENBQUM7WUFDUCw0QkFBNEI7UUFDOUIsQ0FBQztRQUNELElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFbkIsNEJBQTRCO1FBQzVCLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDdEMsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQztRQUNsQyxDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsK0JBQStCLEVBQUUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsWUFBWSxDQUFDLFNBQXlCO1FBQ2pELE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDbEQsV0FBVztZQUNYLE1BQU0sVUFBVSxHQUFHLGNBQWMsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDNUQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDdEIsY0FBYyxDQUFDLG1CQUFtQixDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDdEQsTUFBTSxJQUFJLEtBQUssQ0FBQyw0QkFBNEIsVUFBVSxDQUFDLE1BQU0sQ0FBQyxJQUFJLHVCQUF1QixDQUFDLENBQUM7WUFDN0YsQ0FBQztZQUVELHNCQUFzQjtZQUN0QixNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLGlCQUFpQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRWxFLGVBQWU7WUFDZixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBRTNDLDZCQUE2QjtZQUM3QixJQUFJLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUUxQyx3REFBd0Q7WUFDeEQsTUFBTSxnQkFBZ0IsR0FBRyxTQUFTLENBQUMsSUFBSSxDQUNyQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQ0osQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxnQkFBZ0IsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQztnQkFDOUQsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxJQUFJLEtBQUssVUFBVSxJQUFJLE9BQU8sQ0FBQyxDQUFDLElBQUksS0FBSyxVQUFVLENBQUMsQ0FDOUYsQ0FBQztZQUVGLElBQUksZ0JBQWdCLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztnQkFDbEQsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksbUJBQW1CLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO2dCQUN0RSxNQUFNLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDdkMsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDO1lBQ3BGLENBQUM7aUJBQU0sSUFBSSxDQUFDLGdCQUFnQixJQUFJLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO2dCQUN6RCxNQUFNLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDdEMsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUNsQyxDQUFDO1lBRUQsdUJBQXVCO1lBQ3ZCLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLFNBQVMsQ0FBQztZQUVqQywwQ0FBMEM7WUFDMUMsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLEVBQUUsQ0FBQztZQUU5QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxtQkFBbUIsU0FBUyxDQUFDLE1BQU0sVUFBVSxFQUFFLEVBQUUsU0FBUyxFQUFFLGFBQWEsRUFBRSxDQUFDLENBQUM7UUFDbEcsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsb0JBQW9CLENBQUMsU0FBaUI7UUFDakQsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFpQjtRQUM3QyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLG9CQUFvQixDQUFDLFNBQWlCO1FBQ2pELE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxVQUFVO1FBQ2YsT0FBTyxJQUFJLENBQUMsY0FBYyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxhQUFhO1FBQ3hCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUNyQyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsSUFBWTtRQUN4QyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLG1CQUFtQixDQUFDLElBQVk7UUFDM0MsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLG1CQUFtQixDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxpQkFBaUI7UUFDNUIsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTztZQUFFLE9BQU8sRUFBRSxDQUFDO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7T0FFRztJQUNJLGlDQUFpQztRQUN0QyxNQUFNLE9BQU8sR0FBYSxFQUFFLENBQUM7UUFDN0IsS0FBSyxNQUFNLEtBQUssSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sSUFBSSxFQUFFLEVBQUUsQ0FBQztZQUMvQyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPO2dCQUFFLFNBQVM7WUFDbkMsSUFDRSxLQUFLLENBQUMsTUFBTSxDQUFDLElBQUksS0FBSyxTQUFTO2dCQUMvQixDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBRztnQkFDakIsS0FBSyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLGFBQWE7Z0JBQ3ZDLEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLFdBQVcsS0FBSyxNQUFNO2dCQUV2QyxTQUFTO1lBRVgsTUFBTSxZQUFZLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ3RHLE1BQU0sUUFBUSxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDdkYsT0FBTyxDQUFDLElBQUksQ0FBQyxHQUFHLFFBQVEsQ0FBQyxDQUFDO1FBQzVCLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsaUJBQWlCO1FBQzVCLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO0lBQ3pDLENBQUM7SUFFRCwwQkFBMEI7SUFFMUI7O09BRUc7SUFDSyxlQUFlLENBQUMsTUFBc0I7UUFDNUMsT0FBTztZQUNMLE1BQU07WUFDTixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRO1lBQ2hDLElBQUksRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUk7Z0JBQ3RCLENBQUMsQ0FBQztvQkFDRSxPQUFPLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsT0FBTztvQkFDbkMsS0FBSyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUs7b0JBQy9CLGFBQWEsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxhQUFhO29CQUMvQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSTtvQkFDN0Isa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsa0JBQWtCO29CQUN6RCxTQUFTLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsU0FBUztvQkFDdkMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCO29CQUNyRCx1QkFBdUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyx1QkFBdUI7aUJBQ3BFO2dCQUNILENBQUMsQ0FBQyxTQUFTO1lBQ2IsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUI7WUFDbEQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxrQkFBa0I7WUFDcEQsYUFBYSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYTtZQUMxQyxxQkFBcUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLHFCQUFxQjtZQUMxRCx1QkFBdUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLHVCQUF1QjtZQUM5RCxtQkFBbUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLG1CQUFtQjtZQUN0RCw0QkFBNEIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLDRCQUE0QjtZQUN4RSxrQkFBa0IsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLGtCQUFrQjtZQUNwRCw2QkFBNkIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLDZCQUE2QjtZQUMxRSx5QkFBeUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLHlCQUF5QjtZQUNsRSxtQkFBbUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLG1CQUFtQjtZQUN0RCxpQkFBaUIsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQjtTQUNuRCxDQUFDO0lBQ0osQ0FBQztJQUVEOzs7O09BSUc7SUFDSyxLQUFLLENBQUMsZ0NBQWdDO1FBQzVDLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUM7UUFDeEQsSUFBSSxDQUFDLFdBQVc7WUFBRSxPQUFPO1FBRXpCLEtBQUssTUFBTSxLQUFLLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUN6QyxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLFdBQVcsS0FBSyxNQUFNO2dCQUFFLFNBQVM7WUFDdkQsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTztnQkFBRSxTQUFTO1lBRW5DLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUVqRyxLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO2dCQUM3QixJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDO29CQUFFLFNBQVM7Z0JBRW5DLElBQUksQ0FBQztvQkFDSCxNQUFNLE1BQU0sR0FBbUMsTUFBTSxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7b0JBRXpFLElBQUksTUFBTSxLQUFLLFFBQVEsRUFBRSxDQUFDO3dCQUN4QixvQ0FBb0M7d0JBQ3BDLFNBQVM7b0JBQ1gsQ0FBQztvQkFFRCwrQ0FBK0M7b0JBQy9DLElBQUksTUFBTSxJQUFJLE9BQU8sTUFBTSxLQUFLLFFBQVEsRUFBRSxDQUFDO3dCQUN6QyxNQUFNLE9BQU8sR0FBRyxNQUF1QyxDQUFDO3dCQUN4RCxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUMvQixNQUFNLEVBQ04sT0FBTyxDQUFDLFNBQVMsRUFDakIsT0FBTyxDQUFDLFVBQVUsQ0FDbkIsQ0FBQzt3QkFDRixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxpREFBaUQsTUFBTSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztvQkFDOUcsQ0FBQztnQkFDSCxDQUFDO2dCQUFDLE9BQU8sR0FBUSxFQUFFLENBQUM7b0JBQ2xCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLG9DQUFvQyxNQUFNLEtBQUssR0FBRyxDQUFDLE9BQU8sRUFBRSxFQUFFLEVBQUUsU0FBUyxFQUFFLGFBQWEsRUFBRSxDQUFDLENBQUM7b0JBRS9HLDhCQUE4QjtvQkFDOUIsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLDJCQUEyQixLQUFLLEtBQUssRUFBRSxDQUFDO3dCQUN4RCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw0QkFBNEIsTUFBTSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztvQkFDekYsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRU8sYUFBYSxDQUFDLE1BQWM7UUFDbEMsSUFBSSxDQUFDLE1BQU0sSUFBSSxNQUFNLENBQUMsTUFBTSxLQUFLLENBQUM7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUNqRCxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFDdkMsTUFBTSxnQkFBZ0IsR0FDcEIsK0ZBQStGLENBQUM7UUFDbEcsT0FBTyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDdkMsQ0FBQztDQUNGIn0=