@serve.zone/dcrouter 13.17.0 → 13.17.2

package/dist_ts/classes.dcrouter.js

@@ -0,0 +1,1852 @@
+import * as plugins from './plugins.js';
+import * as paths from './paths.js';
+// Certificate types are available via plugins.tsclass
+// Import the email server and its configuration from smartmta
+import { UnifiedEmailServer, } from '@push.rocks/smartmta';
+import { logger } from './logger.js';
+import { StorageBackedCertManager } from './classes.storage-cert-manager.js';
+import { CertProvisionScheduler } from './classes.cert-provision-scheduler.js';
+// Import unified database
+import { DcRouterDb, CacheCleaner, ProxyCertDoc, AcmeCertDoc } from './db/index.js';
+// Import migration runner and app version
+import { createMigrationRunner } from '../dist_ts_migrations/index.js';
+import { commitinfo } from './00_commitinfo_data.js';
+import { OpsServer } from './opsserver/index.js';
+import { MetricsManager } from './monitoring/index.js';
+import { RadiusServer } from './radius/index.js';
+import { RemoteIngressManager, TunnelManager } from './remoteingress/index.js';
+import { VpnManager } from './vpn/index.js';
+import { RouteConfigManager, ApiTokenManager, ReferenceResolver, DbSeeder, TargetProfileManager } from './config/index.js';
+import { SecurityLogger, ContentScanner, IPReputationChecker } from './security/index.js';
+import { augmentRoutesWithHttp3 } from './http3/index.js';
+import { DnsManager } from './dns/manager.dns.js';
+import { AcmeConfigManager } from './acme/manager.acme-config.js';
+import { EmailDomainManager } from './email/classes.email-domain.manager.js';
+export class DcRouter {
+    options;
+    resolvedPaths;
+    // Core services
+    smartProxy;
+    smartAcme;
+    dnsServer;
+    emailServer;
+    radiusServer;
+    opsServer;
+    metricsManager;
+    // Compatibility shim for smartmta's DkimManager which calls dcRouter.storageManager.set()
+    storageManager = {
+        get: async (_key) => null,
+        set: async (_key, _value) => {
+            // DKIM keys from smartmta — logged but not yet migrated to smartdata
+            logger.log('debug', `storageManager.set() called (compat shim) for key: ${_key}`);
+        },
+    };
+    // Unified database (smartdata + LocalSmartDb or external MongoDB)
+    dcRouterDb;
+    cacheCleaner;
+    // Remote Ingress
+    remoteIngressManager;
+    tunnelManager;
+    // VPN
+    vpnManager;
+    // Programmatic config API
+    routeConfigManager;
+    apiTokenManager;
+    referenceResolver;
+    targetProfileManager;
+    // Domain / DNS management (DB-backed providers, domains, records)
+    dnsManager;
+    // ACME configuration (DB-backed singleton, replaces tls.contactEmail)
+    acmeConfigManager;
+    emailDomainManager;
+    // Auto-discovered public IP (populated by generateAuthoritativeRecords)
+    detectedPublicIp = null;
+    // DNS query logging rate limiter state
+    dnsLogWindowSecond = 0; // epoch second of current window
+    dnsLogWindowCount = 0; // queries logged this second
+    dnsBatchCount = 0;
+    dnsBatchTimer = null;
+    // Certificate status tracking from SmartProxy events (keyed by domain)
+    certificateStatusMap = new Map();
+    // Certificate provisioning scheduler with per-domain backoff
+    certProvisionScheduler;
+    // Service lifecycle management
+    serviceManager;
+    serviceSubjectSubscription;
+    smartAcmeReady = false;
+    // TypedRouter for API endpoints
+    typedrouter = new plugins.typedrequest.TypedRouter();
+    // Seed routes assembled during setupSmartProxy, passed to RouteConfigManager for DB seeding
+    seedConfigRoutes = [];
+    seedEmailRoutes = [];
+    seedDnsRoutes = [];
+    // Environment access
+    qenv = new plugins.qenv.Qenv('./', '.nogit/');
+    constructor(optionsArg) {
+        // Set defaults in options
+        this.options = {
+            ...optionsArg
+        };
+        // Resolve all data paths from baseDir
+        this.resolvedPaths = paths.resolvePaths(this.options.baseDir);
+        // Initialize service manager and register all services
+        this.serviceManager = new plugins.taskbuffer.ServiceManager({
+            name: 'dcrouter',
+            startupTimeoutMs: 120_000,
+            shutdownTimeoutMs: 30_000,
+        });
+        this.registerServices();
+    }
+    /**
+     * Register all dcrouter services with the ServiceManager.
+     * Services are started in dependency order, with failure isolation for optional services.
+     */
+    registerServices() {
+        // OpsServer: critical, no dependencies — provides visibility
+        this.serviceManager.addService(new plugins.taskbuffer.Service('OpsServer')
+            .critical()
+            .withStart(async () => {
+            this.opsServer = new OpsServer(this);
+            await this.opsServer.start();
+        })
+            .withStop(async () => {
+            await this.opsServer?.stop();
+        })
+            .withRetry({ maxRetries: 0 }));
+        // DcRouterDb: optional, no dependencies — unified database for all persistence
+        if (this.options.dbConfig?.enabled !== false) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('DcRouterDb')
+                .optional()
+                .withStart(async () => {
+                await this.setupDcRouterDb();
+            })
+                .withStop(async () => {
+                if (this.cacheCleaner) {
+                    this.cacheCleaner.stop();
+                    this.cacheCleaner = undefined;
+                }
+                if (this.dcRouterDb) {
+                    await this.dcRouterDb.stop();
+                    DcRouterDb.resetInstance();
+                    this.dcRouterDb = undefined;
+                }
+            })
+                .withRetry({ maxRetries: 2, baseDelayMs: 1000, maxDelayMs: 5000 }));
+        }
+        // MetricsManager: optional, depends on OpsServer
+        this.serviceManager.addService(new plugins.taskbuffer.Service('MetricsManager')
+            .optional()
+            .dependsOn('OpsServer')
+            .withStart(async () => {
+            this.metricsManager = new MetricsManager(this);
+            await this.metricsManager.start();
+        })
+            .withStop(async () => {
+            if (this.metricsManager) {
+                await this.metricsManager.stop();
+                this.metricsManager = undefined;
+            }
+        })
+            .withRetry({ maxRetries: 1, baseDelayMs: 1000 }));
+        // DnsManager: optional, depends on DcRouterDb — owns DB-backed DNS state
+        // (providers, domains, records). Must run before SmartProxy so ACME DNS-01
+        // wiring can look up providers.
+        if (this.options.dbConfig?.enabled !== false) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('DnsManager')
+                .optional()
+                .dependsOn('DcRouterDb')
+                .withStart(async () => {
+                this.dnsManager = new DnsManager(this.options);
+                await this.dnsManager.start();
+            })
+                .withStop(async () => {
+                if (this.dnsManager) {
+                    await this.dnsManager.stop();
+                    this.dnsManager = undefined;
+                }
+            })
+                .withRetry({ maxRetries: 1, baseDelayMs: 500 }));
+        }
+        // AcmeConfigManager: optional, depends on DcRouterDb — owns the singleton
+        // ACME configuration (accountEmail, useProduction, etc.). Must run before
+        // SmartProxy so setupSmartProxy() can read the ACME config from the DB.
+        // On first boot, seeds from legacy `tls.contactEmail` / `smartProxyConfig.acme`.
+        if (this.options.dbConfig?.enabled !== false) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('AcmeConfigManager')
+                .optional()
+                .dependsOn('DcRouterDb')
+                .withStart(async () => {
+                this.acmeConfigManager = new AcmeConfigManager(this.options);
+                await this.acmeConfigManager.start();
+            })
+                .withStop(async () => {
+                if (this.acmeConfigManager) {
+                    await this.acmeConfigManager.stop();
+                    this.acmeConfigManager = undefined;
+                }
+            })
+                .withRetry({ maxRetries: 1, baseDelayMs: 500 }));
+        }
+        // Email Domain Manager: optional, depends on DcRouterDb
+        if (this.options.dbConfig?.enabled !== false) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('EmailDomainManager')
+                .optional()
+                .dependsOn('DcRouterDb')
+                .withStart(async () => {
+                this.emailDomainManager = new EmailDomainManager(this);
+            })
+                .withStop(async () => {
+                this.emailDomainManager = undefined;
+            }));
+        }
+        // SmartProxy: critical, depends on DcRouterDb + DnsManager + AcmeConfigManager (if enabled)
+        const smartProxyDeps = [];
+        if (this.options.dbConfig?.enabled !== false) {
+            smartProxyDeps.push('DcRouterDb');
+            smartProxyDeps.push('DnsManager');
+            smartProxyDeps.push('AcmeConfigManager');
+        }
+        this.serviceManager.addService(new plugins.taskbuffer.Service('SmartProxy')
+            .critical()
+            .dependsOn(...smartProxyDeps)
+            .withStart(async () => {
+            await this.setupSmartProxy();
+        })
+            .withStop(async () => {
+            if (this.smartProxy) {
+                this.smartProxy.removeAllListeners();
+                await this.smartProxy.stop();
+                this.smartProxy = undefined;
+            }
+        })
+            .withRetry({ maxRetries: 0 }));
+        // SmartAcme: optional, depends on SmartProxy — aggressive retry for rate limits.
+        // Always registered when the DB is enabled; setupSmartProxy() decides whether
+        // to actually instantiate SmartAcme based on whether any DnsProviderDoc exists.
+        // If `this.smartAcme` is unset by the time this service starts, withStart is a no-op.
+        if (this.options.dbConfig?.enabled !== false) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('SmartAcme')
+                .optional()
+                .dependsOn('SmartProxy')
+                .withStart(async () => {
+                if (this.smartAcme) {
+                    await this.smartAcme.start();
+                    this.smartAcmeReady = true;
+                    logger.log('info', 'SmartAcme DNS-01 provider is now ready');
+                    // Re-trigger certificate provisioning for all auto-cert routes.
+                    // During startup, certProvisionFunction returned 'http01' (SmartAcme not ready),
+                    // but Rust ACME is disabled when certProvisionFunction is set — so all domains
+                    // failed silently (SmartProxy doesn't emit certificate-failed for this path).
+                    // Calling updateRoutes() re-triggers provisionCertificatesViaCallback internally,
+                    // which calls certProvisionFunction again — now with smartAcmeReady === true.
+                    if (this.routeConfigManager) {
+                        // Go through RouteConfigManager to get the full merged route set
+                        // and serialize via the route-update mutex (prevents stale overwrites)
+                        logger.log('info', 'Re-triggering certificate provisioning via RouteConfigManager');
+                        this.routeConfigManager.applyRoutes().catch((err) => {
+                            logger.log('warn', `Failed to re-trigger cert provisioning: ${err?.message || err}`);
+                        });
+                    }
+                    else if (this.smartProxy) {
+                        // No RouteConfigManager (DB disabled) — re-send current routes to trigger cert provisioning
+                        if (this.certProvisionScheduler) {
+                            this.certProvisionScheduler.clear();
+                        }
+                        const currentRoutes = this.smartProxy.routeManager.getRoutes();
+                        logger.log('info', `Re-triggering certificate provisioning for ${currentRoutes.length} routes`);
+                        this.smartProxy.updateRoutes(currentRoutes).catch((err) => {
+                            logger.log('warn', `Failed to re-trigger cert provisioning: ${err?.message || err}`);
+                        });
+                    }
+                }
+            })
+                .withStop(async () => {
+                this.smartAcmeReady = false;
+                if (this.smartAcme) {
+                    await this.smartAcme.stop();
+                    this.smartAcme = undefined;
+                }
+            })
+                .withRetry({ maxRetries: 20, baseDelayMs: 5000, maxDelayMs: 3_600_000, backoffFactor: 2 }));
+        }
+        // ConfigManagers: optional, depends on SmartProxy + DcRouterDb
+        // Requires DcRouterDb to be enabled (document classes need the database)
+        if (this.options.dbConfig?.enabled !== false) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('ConfigManagers')
+                .optional()
+                .dependsOn('SmartProxy', 'DcRouterDb')
+                .withStart(async () => {
+                // Initialize reference resolver first (profiles + targets)
+                this.referenceResolver = new ReferenceResolver();
+                await this.referenceResolver.initialize();
+                // Initialize target profile manager
+                this.targetProfileManager = new TargetProfileManager();
+                await this.targetProfileManager.initialize();
+                this.routeConfigManager = new RouteConfigManager(() => this.smartProxy, () => this.options.http3, this.options.vpnConfig?.enabled
+                    ? (route, routeId) => {
+                        if (!this.vpnManager || !this.targetProfileManager) {
+                            // VPN not ready yet — deny all until re-apply after VPN starts
+                            return [];
+                        }
+                        return this.targetProfileManager.getMatchingClientIps(route, routeId, this.vpnManager.listClients());
+                    }
+                    : undefined, this.referenceResolver, 
+                // Sync routes to RemoteIngressManager whenever routes change,
+                // then push updated derived ports to the Rust hub binary
+                (routes) => {
+                    if (this.remoteIngressManager) {
+                        this.remoteIngressManager.setRoutes(routes);
+                    }
+                    if (this.tunnelManager) {
+                        this.tunnelManager.syncAllowedEdges();
+                    }
+                });
+                this.apiTokenManager = new ApiTokenManager();
+                await this.apiTokenManager.initialize();
+                await this.routeConfigManager.initialize(this.seedConfigRoutes, this.seedEmailRoutes, this.seedDnsRoutes);
+                // Seed default profiles/targets if DB is empty and seeding is enabled
+                const seeder = new DbSeeder(this.referenceResolver);
+                await seeder.seedIfEmpty(this.options.dbConfig?.seedOnEmpty, this.options.dbConfig?.seedData);
+            })
+                .withStop(async () => {
+                this.routeConfigManager = undefined;
+                this.apiTokenManager = undefined;
+                this.referenceResolver = undefined;
+                this.targetProfileManager = undefined;
+            })
+                .withRetry({ maxRetries: 2, baseDelayMs: 1000 }));
+        }
+        // Email Server: optional, depends on SmartProxy
+        if (this.options.emailConfig) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('EmailServer')
+                .optional()
+                .dependsOn('SmartProxy')
+                .withStart(async () => {
+                await this.setupUnifiedEmailHandling();
+            })
+                .withStop(async () => {
+                if (this.emailServer) {
+                    if (this.emailServer.deliverySystem) {
+                        this.emailServer.deliverySystem.removeAllListeners();
+                    }
+                    this.emailServer.removeAllListeners();
+                    await this.emailServer.stop();
+                    this.emailServer = undefined;
+                }
+            })
+                .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }));
+        }
+        // DNS Server: optional, depends on SmartProxy
+        if (this.options.dnsNsDomains && this.options.dnsNsDomains.length > 0 && this.options.dnsScopes && this.options.dnsScopes.length > 0) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('DnsServer')
+                .optional()
+                .dependsOn('SmartProxy')
+                .withStart(async () => {
+                await this.setupDnsWithSocketHandler();
+            })
+                .withStop(async () => {
+                // Flush pending DNS batch log
+                if (this.dnsBatchTimer) {
+                    clearTimeout(this.dnsBatchTimer);
+                    if (this.dnsBatchCount > 0) {
+                        logger.log('info', `DNS: ${this.dnsBatchCount} queries processed (final flush)`, { zone: 'dns' });
+                    }
+                    this.dnsBatchTimer = null;
+                    this.dnsBatchCount = 0;
+                    this.dnsLogWindowSecond = 0;
+                    this.dnsLogWindowCount = 0;
+                }
+                if (this.dnsServer) {
+                    this.dnsServer.removeAllListeners();
+                    await this.dnsServer.stop();
+                    this.dnsServer = undefined;
+                }
+            })
+                .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }));
+        }
+        // RADIUS Server: optional, no dependency on SmartProxy
+        if (this.options.radiusConfig) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('RadiusServer')
+                .optional()
+                .withStart(async () => {
+                await this.setupRadiusServer();
+            })
+                .withStop(async () => {
+                if (this.radiusServer) {
+                    await this.radiusServer.stop();
+                    this.radiusServer = undefined;
+                }
+            })
+                .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }));
+        }
+        // Remote Ingress: optional, depends on SmartProxy
+        if (this.options.remoteIngressConfig?.enabled) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('RemoteIngress')
+                .optional()
+                .dependsOn('SmartProxy')
+                .withStart(async () => {
+                await this.setupRemoteIngress();
+            })
+                .withStop(async () => {
+                if (this.tunnelManager) {
+                    await this.tunnelManager.stop();
+                    this.tunnelManager = undefined;
+                }
+                this.remoteIngressManager = undefined;
+            })
+                .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }));
+        }
+        // VPN Server: optional, depends on SmartProxy
+        if (this.options.vpnConfig?.enabled) {
+            this.serviceManager.addService(new plugins.taskbuffer.Service('VpnServer')
+                .optional()
+                .dependsOn('SmartProxy')
+                .withStart(async () => {
+                await this.setupVpnServer();
+            })
+                .withStop(async () => {
+                if (this.vpnManager) {
+                    await this.vpnManager.stop();
+                    this.vpnManager = undefined;
+                }
+            })
+                .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }));
+        }
+        // Wire up aggregated events for logging
+        this.serviceSubjectSubscription = this.serviceManager.serviceSubject.subscribe((event) => {
+            const level = event.type === 'failed' ? 'error' : event.type === 'retrying' ? 'warn' : 'info';
+            logger.log(level, `Service '${event.serviceName}': ${event.type}`, {
+                state: event.state,
+                ...(event.error ? { error: event.error } : {}),
+                ...(event.attempt ? { attempt: event.attempt } : {}),
+            });
+        });
+    }
+    async start() {
+        await this.checkSystemLimits();
+        logger.log('info', 'Starting DcRouter Services');
+        await this.serviceManager.start();
+        this.logStartupSummary();
+    }
+    /**
+     * Detect OS-level resource limits and warn if they are too low for production use.
+     * This is detection only — no attempts to raise limits.
+     */
+    async checkSystemLimits() {
+        try {
+            const fs = new plugins.smartfs.SmartFs(new plugins.smartfs.SmartFsProviderNode());
+            const limitsContent = await fs.file('/proc/self/limits').encoding('utf8').read();
+            const nofileLine = limitsContent.split('\n').find((line) => line.startsWith('Max open files'));
+            if (nofileLine) {
+                const parts = nofileLine.split(/\s{2,}/);
+                const softLimit = parseInt(parts[1], 10);
+                const hardLimit = parseInt(parts[2], 10);
+                if (softLimit < 65536) {
+                    logger.log('warn', `File descriptor soft limit is ${softLimit} (hard: ${hardLimit}). ` +
+                        `For production use, set --ulimit nofile=65536:65536 on the container runtime.`);
+                }
+                else {
+                    logger.log('info', `File descriptor limits: soft=${softLimit}, hard=${hardLimit}`);
+                }
+            }
+        }
+        catch {
+            // Non-Linux or /proc not available — silently skip
+        }
+    }
+    /**
+     * Log comprehensive startup summary
+     */
+    logStartupSummary() {
+        logger.log('info', 'DcRouter Started Successfully');
+        // Metrics summary
+        if (this.metricsManager) {
+            logger.log('info', 'Metrics Service: SmartMetrics active, SmartProxy stats active, real-time tracking enabled');
+        }
+        // SmartProxy summary
+        if (this.smartProxy) {
+            const routeCount = this.options.smartProxyConfig?.routes?.length || 0;
+            const acmeEnabled = this.options.smartProxyConfig?.acme?.enabled || false;
+            const acmeMode = acmeEnabled
+                ? `email=${this.options.smartProxyConfig.acme.email || 'not set'}, mode=${this.options.smartProxyConfig.acme.useProduction ? 'production' : 'staging'}`
+                : 'disabled';
+            logger.log('info', `SmartProxy Service: ${routeCount} routes, ACME: ${acmeMode}`);
+        }
+        // Email service summary
+        if (this.emailServer && this.options.emailConfig) {
+            const ports = this.options.emailConfig.ports || [];
+            const domainCount = this.options.emailConfig.domains?.length || 0;
+            const domainNames = this.options.emailConfig.domains?.map(d => `${d.domain} (${d.dnsMode || 'default'})`).join(', ') || 'none';
+            logger.log('info', `Email Service: ports=[${ports.join(', ')}], hostname=${this.options.emailConfig.hostname || 'localhost'}, domains=${domainCount} [${domainNames}], DKIM initialized`);
+        }
+        // DNS service summary
+        if (this.dnsServer && this.options.dnsNsDomains && this.options.dnsScopes) {
+            logger.log('info', `DNS Service: nameservers=[${this.options.dnsNsDomains.join(', ')}], authoritative for ${this.options.dnsScopes.length} domains [${this.options.dnsScopes.join(', ')}], UDP:53, DoH enabled`);
+        }
+        // RADIUS service summary
+        if (this.radiusServer && this.options.radiusConfig) {
+            const vlanStats = this.radiusServer.getVlanManager().getStats();
+            logger.log('info', `RADIUS Service: auth=${this.options.radiusConfig.authPort || 1812}, acct=${this.options.radiusConfig.acctPort || 1813}, clients=${this.options.radiusConfig.clients?.length || 0}, VLANs=${vlanStats.totalMappings}, accounting=${this.options.radiusConfig.accounting?.enabled ? 'enabled' : 'disabled'}`);
+        }
+        // VPN summary
+        if (this.vpnManager && this.options.vpnConfig?.enabled) {
+            const subnet = this.vpnManager.getSubnet();
+            const wgPort = this.options.vpnConfig.wgListenPort ?? 51820;
+            const clientCount = this.vpnManager.listClients().length;
+            logger.log('info', `VPN Service: subnet=${subnet}, wg=:${wgPort}, clients=${clientCount}`);
+        }
+        // Remote Ingress summary
+        if (this.tunnelManager && this.options.remoteIngressConfig?.enabled) {
+            const edgeCount = this.remoteIngressManager?.getAllEdges().length || 0;
+            const connectedCount = this.tunnelManager.getConnectedCount();
+            logger.log('info', `Remote Ingress: tunnel port=${this.options.remoteIngressConfig.tunnelPort || 8443}, edges=${edgeCount} registered/${connectedCount} connected`);
+        }
+        // Database summary
+        if (this.dcRouterDb) {
+            logger.log('info', `Database: ${this.dcRouterDb.isEmbedded() ? 'embedded' : 'external'}, db=${this.dcRouterDb.getDbName()}, cleaner=${this.cacheCleaner?.isActive() ? 'active' : 'inactive'} (${(this.options.dbConfig?.cleanupIntervalHours || 1)}h interval)`);
+        }
+        // Service status summary from ServiceManager
+        const health = this.serviceManager.getHealth();
+        const statuses = health.services;
+        const running = statuses.filter(s => s.state === 'running').length;
+        const failed = statuses.filter(s => s.state === 'failed').length;
+        const retrying = statuses.filter(s => s.state === 'starting' || s.state === 'degraded').length;
+        if (failed > 0) {
+            const failedNames = statuses.filter(s => s.state === 'failed').map(s => `${s.name}: ${s.lastError || 'unknown'}`);
+            logger.log('warn', `DcRouter started in degraded mode — ${running} running, ${failed} failed: ${failedNames.join('; ')}`);
+        }
+        else if (retrying > 0) {
+            logger.log('info', `DcRouter started — ${running} running, ${retrying} still initializing`);
+        }
+        else {
+            logger.log('info', `All ${running} services are running`);
+        }
+    }
+    /**
+     * Set up the unified database (smartdata + LocalSmartDb or external MongoDB)
+     */
+    async setupDcRouterDb() {
+        logger.log('info', 'Setting up DcRouterDb...');
+        const dbConfig = this.options.dbConfig || {};
+        // Initialize DcRouterDb singleton
+        this.dcRouterDb = DcRouterDb.getInstance({
+            mongoDbUrl: dbConfig.mongoDbUrl,
+            storagePath: dbConfig.storagePath || this.resolvedPaths.defaultTsmDbPath,
+            dbName: dbConfig.dbName || 'dcrouter',
+            debug: false,
+        });
+        await this.dcRouterDb.start();
+        // Run any pending data migrations before anything else reads from the DB.
+        // This must complete before ConfigManagers loads profiles.
+        const migration = await createMigrationRunner(this.dcRouterDb.getDb(), commitinfo.version);
+        const migrationResult = await migration.run();
+        if (migrationResult.stepsApplied.length > 0) {
+            logger.log('info', `smartmigration: ${migrationResult.currentVersionBefore ?? 'fresh'} → ${migrationResult.currentVersionAfter} ` +
+                `(${migrationResult.stepsApplied.length} step(s) applied in ${migrationResult.totalDurationMs}ms)`);
+        }
+        else if (migrationResult.wasFreshInstall) {
+            logger.log('info', `smartmigration: fresh install stamped to ${migrationResult.currentVersionAfter}`);
+        }
+        // Start the cache cleaner for TTL-based document cleanup
+        const cleanupIntervalMs = (dbConfig.cleanupIntervalHours || 1) * 60 * 60 * 1000;
+        this.cacheCleaner = new CacheCleaner(this.dcRouterDb, {
+            intervalMs: cleanupIntervalMs,
+            verbose: false,
+        });
+        this.cacheCleaner.start();
+        logger.log('info', `DcRouterDb ready (${this.dcRouterDb.isEmbedded() ? 'embedded' : 'external'})`);
+    }
+    /**
+     * Set up SmartProxy with direct configuration and automatic email routes
+     */
+    async setupSmartProxy() {
+        logger.log('info', 'Setting up SmartProxy...');
+        // Clean up any existing SmartProxy instance (e.g. from a retry)
+        if (this.smartProxy) {
+            this.smartProxy.removeAllListeners();
+            this.smartProxy = undefined;
+        }
+        // Assemble seed routes from constructor config — these will be seeded into DB
+        // by RouteConfigManager.initialize() when the ConfigManagers service starts.
+        this.seedConfigRoutes = (this.options.smartProxyConfig?.routes || []);
+        logger.log('info', `Found ${this.seedConfigRoutes.length} routes in config`);
+        this.seedEmailRoutes = [];
+        if (this.options.emailConfig) {
+            this.seedEmailRoutes = this.generateEmailRoutes(this.options.emailConfig);
+            logger.log('debug', 'Email routes generated', { routes: JSON.stringify(this.seedEmailRoutes) });
+        }
+        this.seedDnsRoutes = [];
+        if (this.options.dnsNsDomains && this.options.dnsNsDomains.length > 0) {
+            this.seedDnsRoutes = this.generateDnsRoutes();
+            logger.log('debug', `DNS routes for nameservers ${this.options.dnsNsDomains.join(', ')}`, { routes: JSON.stringify(this.seedDnsRoutes) });
+        }
+        // Combined routes for SmartProxy bootstrap (before DB routes are loaded)
+        let routes = [
+            ...this.seedConfigRoutes,
+            ...this.seedEmailRoutes,
+            ...this.seedDnsRoutes,
+        ];
+        // Build the ACME options for SmartProxy from the DB-backed AcmeConfigManager.
+        // If no config exists or it's disabled, SmartProxy's own ACME is turned off
+        // and dcrouter's SmartAcme / certProvisionFunction are not wired.
+        const dbAcme = this.acmeConfigManager?.getConfig();
+        const acmeConfig = dbAcme && dbAcme.enabled
+            ? {
+                accountEmail: dbAcme.accountEmail,
+                enabled: true,
+                useProduction: dbAcme.useProduction,
+                autoRenew: dbAcme.autoRenew,
+                renewThresholdDays: dbAcme.renewThresholdDays,
+            }
+            : undefined;
+        if (acmeConfig) {
+            logger.log('info', `ACME config: accountEmail=${acmeConfig.accountEmail}, useProduction=${acmeConfig.useProduction}, autoRenew=${acmeConfig.autoRenew}`);
+        }
+        else {
+            logger.log('info', 'ACME config: disabled or not yet configured in DB');
+        }
+        // Configure DNS-01 challenge if any DnsProviderDoc exists in the DB AND
+        // ACME is enabled. The DnsManager dispatches each challenge through the
+        // unified createRecord()/deleteRecord() path — works for both dcrouter-hosted
+        // zones and provider-managed zones. Only domains under management get certs.
+        let challengeHandlers = [];
+        if (acmeConfig &&
+            this.dnsManager &&
+            (await this.dnsManager.hasAnyManagedDomain())) {
+            logger.log('info', 'Configuring DNS-01 challenge for ACME via DnsManager (managed domains)');
+            const convenientDnsProvider = this.dnsManager.buildAcmeConvenientDnsProvider();
+            const dns01Handler = new plugins.smartacme.handlers.Dns01Handler(convenientDnsProvider);
+            challengeHandlers.push(dns01Handler);
+        }
+        // HTTP/3 augmentation (enabled by default unless explicitly disabled)
+        if (this.options.http3?.enabled !== false) {
+            const http3Config = { enabled: true, ...this.options.http3 };
+            routes = augmentRoutesWithHttp3(routes, http3Config);
+            logger.log('info', 'HTTP/3: Augmented qualifying HTTPS routes with QUIC/H3 configuration');
+        }
+        // If we have routes or need a basic SmartProxy instance, create it
+        if (routes.length > 0 || this.options.smartProxyConfig) {
+            logger.log('info', 'Setting up SmartProxy with combined configuration');
+            // Track cert entries loaded from cert store so we can populate certificateStatusMap after start
+            const loadedCertEntries = [];
+            // Create SmartProxy configuration with sensible gateway defaults.
+            // User's smartProxyConfig overrides these defaults via spread.
+            const smartProxyConfig = {
+                // --- dcrouter gateway defaults ---
+                maxConnectionsPerIP: 100,
+                connectionRateLimitPerMinute: 600,
+                socketTimeout: 120_000,
+                inactivityTimeout: 120_000,
+                keepAlive: true,
+                noDelay: true,
+                gracefulShutdownTimeout: 30_000,
+                // --- user overrides ---
+                ...this.options.smartProxyConfig,
+                // --- deep-merge defaults.security so user can override maxConnections ---
+                defaults: {
+                    ...this.options.smartProxyConfig?.defaults,
+                    security: {
+                        maxConnections: 50_000,
+                        ...this.options.smartProxyConfig?.defaults?.security,
+                    },
+                },
+                // --- always set by dcrouter (after spread) ---
+                routes,
+                acme: acmeConfig,
+                certStore: {
+                    loadAll: async () => {
+                        const docs = await ProxyCertDoc.findAll();
+                        const certs = [];
+                        for (const doc of docs) {
+                            certs.push({ domain: doc.domain, publicKey: doc.publicKey, privateKey: doc.privateKey, ca: doc.ca });
+                            loadedCertEntries.push({ domain: doc.domain, publicKey: doc.publicKey, validUntil: doc.validUntil, validFrom: doc.validFrom });
+                        }
+                        return certs;
+                    },
+                    save: async (domain, publicKey, privateKey, ca) => {
+                        let validUntil;
+                        let validFrom;
+                        try {
+                            const x509 = new plugins.crypto.X509Certificate(publicKey);
+                            validUntil = new Date(x509.validTo).getTime();
+                            validFrom = new Date(x509.validFrom).getTime();
+                        }
+                        catch { /* PEM parsing failed */ }
+                        let doc = await ProxyCertDoc.findByDomain(domain);
+                        if (!doc) {
+                            doc = new ProxyCertDoc();
+                            doc.domain = domain;
+                        }
+                        doc.publicKey = publicKey;
+                        doc.privateKey = privateKey;
+                        doc.ca = ca || '';
+                        doc.validUntil = validUntil || 0;
+                        doc.validFrom = validFrom || 0;
+                        await doc.save();
+                    },
+                    remove: async (domain) => {
+                        const doc = await ProxyCertDoc.findByDomain(domain);
+                        if (doc) {
+                            await doc.delete();
+                        }
+                    },
+                },
+            };
+            // Initialize cert provision scheduler
+            this.certProvisionScheduler = new CertProvisionScheduler();
+            // If we have DNS challenge handlers, create SmartAcme instance and wire certProvisionFunction
+            // Note: SmartAcme.start() is NOT called here — it runs as a separate optional service
+            // via the ServiceManager, with aggressive retry for rate-limit resilience.
+            if (challengeHandlers.length > 0) {
+                // Stop old SmartAcme if it exists (e.g., during updateSmartProxyConfig)
+                if (this.smartAcme) {
+                    this.smartAcmeReady = false;
+                    await this.smartAcme.stop().catch(err => logger.log('error', 'Error stopping old SmartAcme', { error: String(err) }));
+                }
+                // Safe non-null: challengeHandlers.length > 0 implies both dnsManager
+                // and acmeConfig exist (enforced above).
+                this.smartAcme = new plugins.smartacme.SmartAcme({
+                    accountEmail: dbAcme.accountEmail,
+                    certManager: new StorageBackedCertManager(),
+                    environment: dbAcme.useProduction ? 'production' : 'integration',
+                    challengeHandlers: challengeHandlers,
+                    challengePriority: ['dns-01'],
+                });
+                const scheduler = this.certProvisionScheduler;
+                smartProxyConfig.certProvisionFunction = async (domain, eventComms) => {
+                    // If SmartAcme is not yet ready (still starting or retrying), fall back to HTTP-01
+                    if (!this.smartAcmeReady) {
+                        eventComms.warn(`SmartAcme not yet initialized, falling back to http-01 for ${domain}`);
+                        return 'http01';
+                    }
+                    // Check backoff before attempting provision
+                    if (await scheduler.isInBackoff(domain)) {
+                        const info = await scheduler.getBackoffInfo(domain);
+                        const msg = `Domain ${domain} is in backoff (${info?.failures} failures), retry after ${info?.retryAfter}`;
+                        eventComms.warn(msg);
+                        throw new Error(msg);
+                    }
+                    try {
+                        // smartacme v9 handles concurrency, per-domain dedup, and rate limiting internally
+                        eventComms.log(`Attempting DNS-01 via SmartAcme for ${domain}`);
+                        eventComms.setSource('smartacme-dns-01');
+                        const isWildcardDomain = domain.startsWith('*.');
+                        const cert = await this.smartAcme.getCertificateForDomain(domain, {
+                            includeWildcard: !isWildcardDomain,
+                        });
+                        // Parse real X509 expiry from PEM (defense-in-depth over SmartAcme's estimate)
+                        let realValidUntil = cert.validUntil;
+                        if (cert.publicKey) {
+                            try {
+                                const x509 = new plugins.crypto.X509Certificate(cert.publicKey);
+                                realValidUntil = new Date(x509.validTo).getTime();
+                            }
+                            catch { /* fallback to SmartAcme's value */ }
+                        }
+                        if (realValidUntil) {
+                            eventComms.setExpiryDate(new Date(realValidUntil));
+                        }
+                        const result = {
+                            id: cert.id,
+                            domainName: cert.domainName,
+                            created: cert.created,
+                            validUntil: realValidUntil,
+                            privateKey: cert.privateKey,
+                            publicKey: cert.publicKey,
+                            csr: cert.csr,
+                        };
+                        // Success — clear any backoff
+                        await scheduler.clearBackoff(domain);
+                        return result;
+                    }
+                    catch (err) {
+                        // Record failure for backoff tracking
+                        await scheduler.recordFailure(domain, err.message);
+                        eventComms.warn(`SmartAcme DNS-01 failed for ${domain}: ${err.message}, falling back to http-01`);
+                        return 'http01';
+                    }
+                };
+            }
+            // When remoteIngress is enabled, the hub binary forwards tunneled connections
+            // to SmartProxy with PROXY protocol v1 headers to preserve client IPs.
+            if (this.options.remoteIngressConfig?.enabled) {
+                smartProxyConfig.acceptProxyProtocol = true;
+                smartProxyConfig.proxyIPs = ['127.0.0.1'];
+            }
+            // VPN uses socket mode with PP v2 — SmartProxy must accept proxy protocol from localhost
+            if (this.options.vpnConfig?.enabled) {
+                smartProxyConfig.acceptProxyProtocol = true;
+                if (!smartProxyConfig.proxyIPs) {
+                    smartProxyConfig.proxyIPs = [];
+                }
+                if (!smartProxyConfig.proxyIPs.includes('127.0.0.1')) {
+                    smartProxyConfig.proxyIPs.push('127.0.0.1');
+                }
+            }
+            // Create SmartProxy instance
+            logger.log('info', `Creating SmartProxy instance: routes=${smartProxyConfig.routes?.length}, acme=${smartProxyConfig.acme?.enabled}, certProvisionFunction=${!!smartProxyConfig.certProvisionFunction}`);
+            this.smartProxy = new plugins.smartproxy.SmartProxy(smartProxyConfig);
+            // Set up event listeners
+            this.smartProxy.on('error', (err) => {
+                logger.log('error', `SmartProxy error: ${err.message}`, { stack: err.stack });
+            });
+            // Always listen for certificate events — emitted by both ACME and certProvisionFunction paths
+            // Events are keyed by domain for domain-centric certificate tracking
+            this.smartProxy.on('certificate-issued', (event) => {
+                logger.log('info', `Certificate issued for ${event.domain} via ${event.source}, expires ${event.expiryDate}`);
+                const routeNames = this.findRouteNamesForDomain(event.domain);
+                this.certificateStatusMap.set(event.domain, {
+                    status: 'valid', routeNames,
+                    expiryDate: event.expiryDate, issuedAt: new Date().toISOString(),
+                    source: event.source,
+                });
+            });
+            // Note: smartproxy v27.5.0 emits only 'certificate-issued' and 'certificate-failed'.
+            // Renewals come through 'certificate-issued' (with optional isRenewal? in the payload).
+            // The vestigial 'certificate-renewed' event from common-types.ts is never emitted.
+            this.smartProxy.on('certificate-failed', (event) => {
+                logger.log('error', `Certificate failed for ${event.domain} (${event.source}): ${event.error}`);
+                const routeNames = this.findRouteNamesForDomain(event.domain);
+                this.certificateStatusMap.set(event.domain, {
+                    status: 'failed', routeNames, error: event.error,
+                    source: event.source,
+                });
+            });
+            // Start SmartProxy
+            logger.log('info', 'Starting SmartProxy...');
+            await this.smartProxy.start();
+            logger.log('info', 'SmartProxy started successfully');
+            // Populate certificateStatusMap for certs loaded from store at startup
+            for (const entry of loadedCertEntries) {
+                if (!this.certificateStatusMap.has(entry.domain)) {
+                    const routeNames = this.findRouteNamesForDomain(entry.domain);
+                    let expiryDate;
+                    let issuedAt;
+                    // Use validUntil/validFrom from stored proxy-certs data if available
+                    if (entry.validUntil) {
+                        expiryDate = new Date(entry.validUntil).toISOString();
+                    }
+                    if (entry.validFrom) {
+                        issuedAt = new Date(entry.validFrom).toISOString();
+                    }
+                    // Try SmartAcme AcmeCertDoc metadata as secondary source
+                    if (!expiryDate) {
+                        try {
+                            const cleanDomain = entry.domain.replace(/^\*\.?/, '');
+                            const domParts = cleanDomain.split('.');
+                            const baseDomain = domParts.length > 2 ? domParts.slice(-2).join('.') : cleanDomain;
+                            const certDoc = await AcmeCertDoc.findByDomain(baseDomain)
+                                || (baseDomain !== cleanDomain ? await AcmeCertDoc.findByDomain(cleanDomain) : null);
+                            if (certDoc?.validUntil) {
+                                expiryDate = new Date(certDoc.validUntil).toISOString();
+                            }
+                            if (certDoc?.created && !issuedAt) {
+                                issuedAt = new Date(certDoc.created).toISOString();
+                            }
+                        }
+                        catch { /* no metadata available */ }
+                    }
+                    // Fallback: parse X509 from PEM to get expiry
+                    if (!expiryDate && entry.publicKey) {
+                        try {
+                            const x509 = new plugins.crypto.X509Certificate(entry.publicKey);
+                            expiryDate = new Date(x509.validTo).toISOString();
+                            if (!issuedAt) {
+                                issuedAt = new Date(x509.validFrom).toISOString();
+                            }
+                        }
+                        catch { /* PEM parsing failed */ }
+                    }
+                    this.certificateStatusMap.set(entry.domain, {
+                        status: 'valid',
+                        routeNames,
+                        expiryDate,
+                        issuedAt,
+                        source: 'cert-store',
+                    });
+                }
+            }
+            if (loadedCertEntries.length > 0) {
+                logger.log('info', `Populated certificate status for ${loadedCertEntries.length} store-loaded domain(s)`);
+            }
+            logger.log('info', `SmartProxy started with ${routes.length} routes`);
+        }
+    }
+    /**
+     * Generate SmartProxy routes for email configuration
+     */
+    generateEmailRoutes(emailConfig) {
+        const emailRoutes = [];
+        // Create routes for each email port
+        for (const port of emailConfig.ports) {
+            // Create a descriptive name for the route based on the port
+            let routeName = 'email-route';
+            let tlsMode = 'passthrough';
+            // Handle different email ports differently
+            switch (port) {
+                case 25: // SMTP
+                    routeName = 'smtp-route';
+                    tlsMode = 'passthrough'; // STARTTLS handled by email server
+                    break;
+                case 587: // Submission
+                    routeName = 'submission-route';
+                    tlsMode = 'passthrough'; // STARTTLS handled by email server
+                    break;
+                case 465: // SMTPS
+                    routeName = 'smtps-route';
+                    tlsMode = 'terminate'; // Terminate TLS and re-encrypt to email server
+                    break;
+                default:
+                    routeName = `email-port-${port}-route`;
+                    tlsMode = 'passthrough';
+                    // Check if we have specific settings for this port
+                    if (this.options.emailPortConfig?.portSettings &&
+                        this.options.emailPortConfig.portSettings[port]) {
+                        const portSettings = this.options.emailPortConfig.portSettings[port];
+                        // If this port requires TLS termination, set the mode accordingly
+                        if (portSettings.terminateTls) {
+                            tlsMode = 'terminate';
+                        }
+                        // Override the route name if specified
+                        if (portSettings.routeName) {
+                            routeName = portSettings.routeName;
+                        }
+                    }
+                    break;
+            }
+            // Create forward action to route to internal email server ports
+            const defaultPortMapping = {
+                25: 10025, // SMTP
+                587: 10587, // Submission
+                465: 10465 // SMTPS
+            };
+            const portMapping = this.options.emailPortConfig?.portMapping || defaultPortMapping;
+            const internalPort = portMapping[port] || port + 10000;
+            let action = {
+                type: 'forward',
+                targets: [{
+                        host: 'localhost', // Forward to internal email server
+                        port: internalPort
+                    }],
+                tls: {
+                    mode: tlsMode
+                }
+            };
+            // For TLS terminate mode, add certificate info
+            if (tlsMode === 'terminate' && action.tls) {
+                action.tls.certificate = 'auto';
+            }
+            // Create the route configuration
+            const routeConfig = {
+                name: routeName,
+                match: {
+                    ports: [port]
+                },
+                action: action
+            };
+            // Add the route to our list
+            emailRoutes.push(routeConfig);
+        }
+        return emailRoutes;
+    }
+    /**
+     * Generate SmartProxy routes for DNS configuration
+     */
+    generateDnsRoutes() {
+        if (!this.options.dnsNsDomains || this.options.dnsNsDomains.length === 0) {
+            return [];
+        }
+        const dnsRoutes = [];
+        // Create routes for DNS-over-HTTPS paths
+        const dohPaths = ['/dns-query', '/resolve'];
+        // Use the first nameserver domain for DoH routes
+        const primaryNameserver = this.options.dnsNsDomains[0];
+        for (const path of dohPaths) {
+            const dohRoute = {
+                name: `dns-over-https-${path.replace('/', '')}`,
+                match: {
+                    ports: [443], // HTTPS port for DoH
+                    domains: [primaryNameserver],
+                    path: path
+                },
+                action: {
+                    type: 'socket-handler',
+                    socketHandler: this.createDnsSocketHandler()
+                }
+            };
+            dnsRoutes.push(dohRoute);
+        }
+        return dnsRoutes;
+    }
+    /**
+     * Check if a domain matches a pattern (including wildcard support)
+     * @param domain The domain to check
+     * @param pattern The pattern to match against (e.g., "*.example.com")
+     * @returns Whether the domain matches the pattern
+     */
+    isDomainMatch(domain, pattern) {
+        domain = domain.toLowerCase();
+        pattern = pattern.toLowerCase();
+        if (domain === pattern)
+            return true;
+        // Routing-glob: *example.com matches example.com, sub.example.com, *.example.com
+        if (pattern.startsWith('*') && !pattern.startsWith('*.')) {
+            const baseDomain = pattern.slice(1); // *nevermind.cloud → nevermind.cloud
+            if (domain === baseDomain || domain === `*.${baseDomain}`)
+                return true;
+            if (domain.endsWith(baseDomain) && domain.length > baseDomain.length)
+                return true;
+        }
+        // Standard wildcard: *.example.com matches sub.example.com and example.com
+        if (pattern.startsWith('*.')) {
+            const suffix = pattern.slice(2);
+            if (domain === suffix)
+                return true;
+            return domain.endsWith(suffix) && domain.length > suffix.length;
+        }
+        return false;
+    }
+    /**
+     * Find ALL route names that match a given domain
+     */
+    findRouteNamesForDomain(domain) {
+        if (!this.smartProxy)
+            return [];
+        const names = [];
+        for (const route of this.smartProxy.routeManager.getRoutes()) {
+            if (!route.match.domains || !route.name)
+                continue;
+            const routeDomains = Array.isArray(route.match.domains)
+                ? route.match.domains
+                : [route.match.domains];
+            for (const pattern of routeDomains) {
+                if (this.isDomainMatch(domain, pattern)) {
+                    names.push(route.name);
+                    break; // This route already matched, no need to check other patterns
+                }
+            }
+        }
+        return names;
+    }
+    async stop() {
+        logger.log('info', 'Stopping DcRouter services...');
+        // Unsubscribe from service events before stopping services
+        if (this.serviceSubjectSubscription) {
+            this.serviceSubjectSubscription.unsubscribe();
+            this.serviceSubjectSubscription = undefined;
+        }
+        // ServiceManager handles reverse-dependency-ordered shutdown
+        await this.serviceManager.stop();
+        // Clear backoff cache in cert scheduler
+        if (this.certProvisionScheduler) {
+            this.certProvisionScheduler.clear();
+            this.certProvisionScheduler = undefined;
+        }
+        this.certificateStatusMap.clear();
+        // Reset security singletons to allow GC
+        SecurityLogger.resetInstance();
+        ContentScanner.resetInstance();
+        IPReputationChecker.resetInstance();
+        logger.log('info', 'All DcRouter services stopped');
+    }
+    /**
+     * Update SmartProxy configuration
+     * @param config New SmartProxy configuration
+     */
+    async updateSmartProxyConfig(config) {
+        // Stop existing SmartProxy if running
+        if (this.smartProxy) {
+            this.smartProxy.removeAllListeners();
+            await this.smartProxy.stop();
+            this.smartProxy = undefined;
+        }
+        // Update configuration
+        this.options.smartProxyConfig = config;
+        // Start new SmartProxy with updated configuration (rebuilds seed routes)
+        await this.setupSmartProxy();
+        // Re-seed and re-apply all routes after SmartProxy restart
+        if (this.routeConfigManager) {
+            await this.routeConfigManager.initialize(this.seedConfigRoutes, this.seedEmailRoutes, this.seedDnsRoutes);
+        }
+        logger.log('info', 'SmartProxy configuration updated');
+    }
+    /**
+     * Set up unified email handling with pattern-based routing
+     * This implements the consolidated emailConfig approach
+     */
+    async setupUnifiedEmailHandling() {
+        if (!this.options.emailConfig) {
+            throw new Error('Email configuration is required for unified email handling');
+        }
+        // Apply port mapping if behind SmartProxy
+        const portMapping = this.options.emailPortConfig?.portMapping || {
+            25: 10025, // SMTP
+            587: 10587, // Submission
+            465: 10465 // SMTPS
+        };
+        // Transform domains if they are provided as strings
+        let transformedDomains = this.options.emailConfig.domains;
+        if (transformedDomains && transformedDomains.length > 0) {
+            // Check if domains are strings (for backward compatibility)
+            if (typeof transformedDomains[0] === 'string') {
+                transformedDomains = transformedDomains.map((domain) => ({
+                    domain,
+                    dnsMode: 'external-dns',
+                    dkim: {
+                        selector: 'default',
+                        keySize: 2048,
+                        rotateKeys: false,
+                        rotationInterval: 90
+                    }
+                }));
+            }
+        }
+        // Create config with mapped ports
+        const emailConfig = {
+            ...this.options.emailConfig,
+            domains: transformedDomains,
+            ports: this.options.emailConfig.ports.map(port => portMapping[port] || port + 10000),
+            hostname: 'localhost' // Listen on localhost for SmartProxy forwarding
+        };
+        // Create unified email server
+        this.emailServer = new UnifiedEmailServer(this, emailConfig);
+        // Set up error handling
+        this.emailServer.on('error', (err) => {
+            logger.log('error', `UnifiedEmailServer error: ${err.message}`);
+        });
+        // Start the server
+        await this.emailServer.start();
+        // Wire delivery events to MetricsManager and logger
+        if (this.metricsManager && this.emailServer.deliverySystem) {
+            this.emailServer.deliverySystem.on('deliveryStart', (item) => {
+                this.metricsManager.trackEmailReceived(item?.from);
+                logger.log('info', `Email delivery started: ${item?.from} → ${item?.to}`, { zone: 'email' });
+            });
+            this.emailServer.deliverySystem.on('deliverySuccess', (item) => {
+                this.metricsManager.trackEmailSent(item?.to);
+                logger.log('info', `Email delivered to ${item?.to}`, { zone: 'email' });
+            });
+            this.emailServer.deliverySystem.on('deliveryFailed', (item, error) => {
+                this.metricsManager.trackEmailFailed(item?.to, error?.message);
+                logger.log('warn', `Email delivery failed to ${item?.to}: ${error?.message}`, { zone: 'email' });
+            });
+        }
+        if (this.metricsManager && this.emailServer) {
+            this.emailServer.on('bounceProcessed', () => {
+                this.metricsManager.trackEmailBounced();
+                logger.log('warn', 'Email bounce processed', { zone: 'email' });
+            });
+        }
+        logger.log('info', `Email server started on ports: ${emailConfig.ports.join(', ')}`);
+    }
+    /**
+     * Update the unified email configuration
+     * @param config New email configuration
+     */
+    async updateEmailConfig(config) {
+        // Stop existing email components
+        await this.stopUnifiedEmailComponents();
+        // Update configuration
+        this.options.emailConfig = config;
+        // Start email handling with new configuration
+        await this.setupUnifiedEmailHandling();
+        logger.log('info', 'Unified email configuration updated');
+    }
+    /**
+     * Stop all unified email components
+     */
+    async stopUnifiedEmailComponents() {
+        try {
+            // Stop the unified email server which contains all components
+            if (this.emailServer) {
+                // Remove listeners before stopping to prevent leaks on config update cycles
+                if (this.emailServer.deliverySystem) {
+                    this.emailServer.deliverySystem.removeAllListeners();
+                }
+                this.emailServer.removeAllListeners();
+                await this.emailServer.stop();
+                logger.log('info', 'Unified email server stopped');
+                this.emailServer = undefined;
+            }
+            logger.log('info', 'All unified email components stopped');
+        }
+        catch (error) {
+            logger.log('error', `Error stopping unified email components: ${error.message}`);
+            throw error;
+        }
+    }
+    /**
+     * Update domain rules for email routing
+     * @param rules New domain rules to apply
+     */
+    async updateEmailRoutes(routes) {
+        // Validate that email config exists
+        if (!this.options.emailConfig) {
+            throw new Error('Email configuration is required before updating routes');
+        }
+        // Update the configuration
+        this.options.emailConfig.routes = routes;
+        // Update the unified email server if it exists
+        if (this.emailServer) {
+            this.emailServer.updateEmailRoutes(routes);
+        }
+        logger.log('info', `Email routes updated with ${routes.length} routes`);
+    }
+    /**
+     * Get statistics from all components
+     */
+    getStats() {
+        const stats = {
+            emailServer: this.emailServer?.getStats()
+        };
+        return stats;
+    }
+    /**
+     * Register DNS records with the DNS server
+     * @param records Array of DNS records to register
+     */
+    registerDnsRecords(records) {
+        if (!this.dnsServer)
+            return;
+        // Register a separate handler for each record
+        // This ensures multiple records of the same type (like NS records) are all served
+        for (const record of records) {
+            // Register handler for this specific record
+            this.dnsServer.registerHandler(record.name, [record.type], (question) => {
+                // Check if this handler matches the question
+                if (question.name === record.name && question.type === record.type) {
+                    return {
+                        name: record.name,
+                        type: record.type,
+                        class: 'IN',
+                        ttl: record.ttl || 300,
+                        data: this.parseDnsRecordData(record.type, record.value)
+                    };
+                }
+                return null;
+            });
+        }
+        logger.log('info', `Registered ${records.length} DNS handlers (one per record)`);
+    }
+    /**
+     * Parse DNS record data based on record type
+     * @param type DNS record type
+     * @param value DNS record value
+     * @returns Parsed data for the DNS response
+     */
+    parseDnsRecordData(type, value) {
+        switch (type) {
+            case 'A':
+                return value; // IP address as string
+            case 'MX':
+                const [priority, exchange] = value.split(' ');
+                return { priority: parseInt(priority), exchange };
+            case 'TXT':
+                return value;
+            case 'NS':
+                return value;
+            case 'SOA':
+                // SOA format: primary-ns admin-email serial refresh retry expire minimum
+                const parts = value.split(' ');
+                return {
+                    mname: parts[0],
+                    rname: parts[1],
+                    serial: parseInt(parts[2]),
+                    refresh: parseInt(parts[3]),
+                    retry: parseInt(parts[4]),
+                    expire: parseInt(parts[5]),
+                    minimum: parseInt(parts[6])
+                };
+            default:
+                return value;
+        }
+    }
+    /**
+     * Set up DNS server with socket handler for DoH
+     */
+    async setupDnsWithSocketHandler() {
+        if (!this.options.dnsNsDomains || this.options.dnsNsDomains.length === 0) {
+            throw new Error('dnsNsDomains is required for DNS server setup');
+        }
+        if (!this.options.dnsScopes || this.options.dnsScopes.length === 0) {
+            throw new Error('dnsScopes is required for DNS server setup');
+        }
+        const primaryNameserver = this.options.dnsNsDomains[0];
+        logger.log('info', `Setting up DNS server with primary nameserver: ${primaryNameserver}`);
+        // Get VM IP address for UDP binding
+        const networkInterfaces = plugins.os.networkInterfaces();
+        let vmIpAddress = '0.0.0.0'; // Default to all interfaces
+        // Try to find the VM's internal IP address
+        for (const [_name, interfaces] of Object.entries(networkInterfaces)) {
+            if (interfaces) {
+                for (const iface of interfaces) {
+                    if (!iface.internal && iface.family === 'IPv4') {
+                        vmIpAddress = iface.address;
+                        break;
+                    }
+                }
+            }
+        }
+        // Create DNS server instance with manual HTTPS mode
+        this.dnsServer = new plugins.smartdns.dnsServerMod.DnsServer({
+            udpPort: 53,
+            udpBindInterface: vmIpAddress,
+            httpsPort: 443, // Required but won't bind due to manual mode
+            manualHttpsMode: true, // Enable manual HTTPS socket handling
+            dnssecZone: primaryNameserver,
+            primaryNameserver: primaryNameserver, // Automatically generates correct SOA records
+            // For now, use self-signed cert until we integrate with Let's Encrypt
+            httpsKey: '',
+            httpsCert: ''
+        });
+        // Start the DNS server (UDP only)
+        await this.dnsServer.start();
+        logger.log('info', `DNS server started on UDP ${vmIpAddress}:53`);
+        // Wire DNS query events to MetricsManager and logger with adaptive rate limiting
+        if (this.metricsManager && this.dnsServer) {
+            const flushDnsBatch = () => {
+                if (this.dnsBatchCount > 0) {
+                    logger.log('info', `DNS: ${this.dnsBatchCount} queries processed (rate limited)`, { zone: 'dns' });
+                    this.dnsBatchCount = 0;
+                }
+                this.dnsBatchTimer = null;
+            };
+            this.dnsServer.on('query', (event) => {
+                // Metrics tracking
+                for (const question of event.questions) {
+                    this.metricsManager?.trackDnsQuery(question.type, question.name, false, event.responseTimeMs, event.answered);
+                }
+                // Adaptive logging: individual logs up to 2/sec, then batch
+                const nowSec = Math.floor(Date.now() / 1000);
+                if (nowSec !== this.dnsLogWindowSecond) {
+                    this.dnsLogWindowSecond = nowSec;
+                    this.dnsLogWindowCount = 0;
+                }
+                if (this.dnsLogWindowCount < 2) {
+                    this.dnsLogWindowCount++;
+                    const summary = event.questions.map(q => `${q.type} ${q.name}`).join(', ');
+                    logger.log('info', `DNS query: ${summary} (${event.responseTimeMs}ms, ${event.answered ? 'answered' : 'unanswered'})`, { zone: 'dns' });
+                }
+                else {
+                    this.dnsBatchCount++;
+                    if (!this.dnsBatchTimer) {
+                        this.dnsBatchTimer = setTimeout(flushDnsBatch, 5000);
+                    }
+                }
+            });
+        }
+        // Validate DNS configuration
+        await this.validateDnsConfiguration();
+        // Generate and register authoritative records
+        const authoritativeRecords = await this.generateAuthoritativeRecords();
+        // Generate email DNS records
+        const emailDnsRecords = await this.generateEmailDnsRecords();
+        // Initialize DKIM for all email domains
+        await this.initializeDkimForEmailDomains();
+        // Load DKIM records from JSON files (they should now exist)
+        const dkimRecords = await this.loadDkimRecords();
+        // Combine all records: authoritative, email, DKIM, and user-defined
+        const allRecords = [...authoritativeRecords, ...emailDnsRecords, ...dkimRecords];
+        if (this.options.dnsRecords && this.options.dnsRecords.length > 0) {
+            allRecords.push(...this.options.dnsRecords);
+        }
+        // Apply proxy IP replacement if configured
+        await this.applyProxyIpReplacement(allRecords);
+        // Register all DNS records
+        if (allRecords.length > 0) {
+            this.registerDnsRecords(allRecords);
+            logger.log('info', `Registered ${allRecords.length} DNS records (${authoritativeRecords.length} authoritative, ${emailDnsRecords.length} email, ${dkimRecords.length} DKIM, ${this.options.dnsRecords?.length || 0} user-defined)`);
+        }
+        // Hand the DnsServer to DnsManager so DB-backed local records on
+        // dcrouter-hosted domains get registered too.
+        if (this.dnsManager && this.dnsServer) {
+            await this.dnsManager.attachDnsServer(this.dnsServer);
+        }
+    }
+    /**
+     * Create DNS socket handler for DoH
+     */
+    createDnsSocketHandler() {
+        return async (socket) => {
+            if (!this.dnsServer) {
+                logger.log('error', 'DNS socket handler called but DNS server not initialized');
+                socket.end();
+                return;
+            }
+            // Prevent uncaught exception from socket 'error' events
+            socket.on('error', (err) => {
+                logger.log('error', `DNS socket error: ${err.message}`);
+                if (!socket.destroyed) {
+                    socket.destroy();
+                }
+            });
+            logger.log('debug', 'DNS socket handler: passing socket to DnsServer');
+            try {
+                // Use the built-in socket handler from smartdns
+                // This handles HTTP/2, DoH protocol, etc.
+                await this.dnsServer.handleHttpsSocket(socket);
+            }
+            catch (error) {
+                logger.log('error', `DNS socket handler error: ${error.message}`);
+                if (!socket.destroyed) {
+                    socket.destroy();
+                }
+            }
+        };
+    }
+    /**
+     * Validate DNS configuration
+     */
+    async validateDnsConfiguration() {
+        if (!this.options.dnsNsDomains || !this.options.dnsScopes) {
+            return;
+        }
+        logger.log('info', 'Validating DNS configuration...');
+        // Check if email domains with internal-dns are in dnsScopes
+        if (this.options.emailConfig?.domains) {
+            for (const domainConfig of this.options.emailConfig.domains) {
+                if (domainConfig.dnsMode === 'internal-dns' &&
+                    !this.options.dnsScopes.includes(domainConfig.domain)) {
+                    logger.log('warn', `Email domain '${domainConfig.domain}' with internal-dns mode is not in dnsScopes. It should be added to dnsScopes.`);
+                }
+            }
+        }
+        // Validate user-provided DNS records are within scopes
+        if (this.options.dnsRecords) {
+            for (const record of this.options.dnsRecords) {
+                const recordDomain = this.extractDomain(record.name);
+                const isInScope = this.options.dnsScopes.some(scope => recordDomain === scope || recordDomain.endsWith(`.${scope}`));
+                if (!isInScope) {
+                    logger.log('warn', `DNS record for '${record.name}' is outside defined scopes [${this.options.dnsScopes.join(', ')}]`);
+                }
+            }
+        }
+    }
+    /**
+     * Generate email DNS records for domains with internal-dns mode
+     */
+    async generateEmailDnsRecords() {
+        const records = [];
+        if (!this.options.emailConfig?.domains) {
+            return records;
+        }
+        // Filter domains with internal-dns mode
+        const internalDnsDomains = this.options.emailConfig.domains.filter(domain => domain.dnsMode === 'internal-dns');
+        for (const domainConfig of internalDnsDomains) {
+            const domain = domainConfig.domain;
+            const ttl = domainConfig.dns?.internal?.ttl || 3600;
+            const mxPriority = domainConfig.dns?.internal?.mxPriority || 10;
+            // MX record - points to the domain itself for email handling
+            records.push({
+                name: domain,
+                type: 'MX',
+                value: `${mxPriority} ${domain}`,
+                ttl
+            });
+            // SPF record - using sensible defaults
+            const spfRecord = 'v=spf1 a mx ~all';
+            records.push({
+                name: domain,
+                type: 'TXT',
+                value: spfRecord,
+                ttl
+            });
+            // DMARC record - using sensible defaults
+            const dmarcPolicy = 'none'; // Start with 'none' policy for monitoring
+            const dmarcEmail = `dmarc@${domain}`;
+            records.push({
+                name: `_dmarc.${domain}`,
+                type: 'TXT',
+                value: `v=DMARC1; p=${dmarcPolicy}; rua=mailto:${dmarcEmail}`,
+                ttl
+            });
+            // Note: DKIM records will be generated later when DKIM keys are available
+            // They require the DKIMCreator which is part of the email server
+        }
+        logger.log('info', `Generated ${records.length} email DNS records for ${internalDnsDomains.length} internal-dns domains`);
+        return records;
+    }
+    /**
+     * Load DKIM records from JSON files
+     * Reads all *.dkimrecord.json files from the DNS records directory
+     */
+    async loadDkimRecords() {
+        const records = [];
+        try {
+            // Ensure paths are imported
+            const dnsDir = this.resolvedPaths.dnsRecordsDir;
+            // Check if directory exists
+            if (!plugins.fs.existsSync(dnsDir)) {
+                logger.log('debug', 'No DNS records directory found, skipping DKIM record loading');
+                return records;
+            }
+            // Read all files in the directory
+            const files = plugins.fs.readdirSync(dnsDir);
+            const dkimFiles = files.filter(f => f.endsWith('.dkimrecord.json'));
+            logger.log('info', `Found ${dkimFiles.length} DKIM record files`);
+            // Load each DKIM record
+            for (const file of dkimFiles) {
+                try {
+                    const filePath = plugins.path.join(dnsDir, file);
+                    const fileContent = plugins.fs.readFileSync(filePath, 'utf8');
+                    const dkimRecord = JSON.parse(fileContent);
+                    // Validate record structure
+                    if (dkimRecord.name && dkimRecord.type === 'TXT' && dkimRecord.value) {
+                        records.push({
+                            name: dkimRecord.name,
+                            type: 'TXT',
+                            value: dkimRecord.value,
+                            ttl: 3600 // Standard DKIM TTL
+                        });
+                        logger.log('info', `Loaded DKIM record for ${dkimRecord.name}`);
+                    }
+                    else {
+                        logger.log('warn', `Invalid DKIM record structure in ${file}`);
+                    }
+                }
+                catch (error) {
+                    logger.log('error', `Failed to load DKIM record from ${file}: ${error.message}`);
+                }
+            }
+        }
+        catch (error) {
+            logger.log('error', `Failed to load DKIM records: ${error.message}`);
+        }
+        return records;
+    }
+    /**
+     * Initialize DKIM keys for all configured email domains
+     * This ensures DKIM records are available immediately at startup
+     */
+    async initializeDkimForEmailDomains() {
+        if (!this.options.emailConfig?.domains || !this.emailServer) {
+            return;
+        }
+        logger.log('info', 'Initializing DKIM keys for email domains...');
+        // Get DKIMCreator instance from email server (public in smartmta)
+        const dkimCreator = this.emailServer.dkimCreator;
+        if (!dkimCreator) {
+            logger.log('warn', 'DKIMCreator not available, skipping DKIM initialization');
+            return;
+        }
+        // Ensure necessary directories exist
+        paths.ensureDataDirectories(this.resolvedPaths);
+        // Generate DKIM keys for each email domain
+        for (const domainConfig of this.options.emailConfig.domains) {
+            try {
+                // Generate DKIM keys for all domains, regardless of DNS mode
+                // This ensures keys are ready even if DNS mode changes later
+                await dkimCreator.handleDKIMKeysForDomain(domainConfig.domain);
+                logger.log('info', `DKIM keys initialized for ${domainConfig.domain}`);
+            }
+            catch (error) {
+                logger.log('error', `Failed to initialize DKIM for ${domainConfig.domain}: ${error.message}`);
+            }
+        }
+        logger.log('info', 'DKIM initialization complete');
+    }
+    /**
+     * Generate authoritative DNS records (NS only) for all domains in dnsScopes
+     * SOA records are now automatically generated by smartdns with primaryNameserver setting
+     */
+    async generateAuthoritativeRecords() {
+        const records = [];
+        if (!this.options.dnsNsDomains || !this.options.dnsScopes) {
+            return records;
+        }
+        // Determine the public IP for nameserver A records
+        let publicIp = null;
+        // Use proxy IPs if configured (these should be public IPs)
+        if (this.options.proxyIps && this.options.proxyIps.length > 0) {
+            publicIp = this.options.proxyIps[0]; // Use first proxy IP
+            logger.log('info', `Using proxy IP for nameserver A records: ${publicIp}`);
+        }
+        else if (this.options.publicIp) {
+            // Use explicitly configured public IP
+            publicIp = this.options.publicIp;
+            this.detectedPublicIp = publicIp;
+            logger.log('info', `Using configured public IP for nameserver A records: ${publicIp}`);
+        }
+        else {
+            // Auto-discover public IP using smartnetwork
+            try {
+                logger.log('info', 'Auto-discovering public IP address...');
+                const smartNetwork = new plugins.smartnetwork.SmartNetwork();
+                const publicIps = await smartNetwork.getPublicIps();
+                if (publicIps.v4) {
+                    publicIp = publicIps.v4;
+                    this.detectedPublicIp = publicIp;
+                    logger.log('info', `Auto-discovered public IPv4: ${publicIp}`);
+                }
+                else {
+                    logger.log('warn', 'Could not auto-discover public IPv4 address');
+                }
+            }
+            catch (error) {
+                logger.log('error', `Failed to auto-discover public IP: ${error.message}`);
+            }
+            if (!publicIp) {
+                logger.log('warn', 'No public IP available. Nameserver A records require either proxyIps, publicIp, or successful auto-discovery.');
+            }
+        }
+        // Generate A records for nameservers if we have a public IP
+        if (publicIp) {
+            for (const nsDomain of this.options.dnsNsDomains) {
+                records.push({
+                    name: nsDomain,
+                    type: 'A',
+                    value: publicIp,
+                    ttl: 3600
+                });
+            }
+            logger.log('info', `Generated A records for ${this.options.dnsNsDomains.length} nameservers`);
+        }
+        // Generate NS records for each domain in scopes
+        for (const domain of this.options.dnsScopes) {
+            // Add NS records for all nameservers
+            for (const nsDomain of this.options.dnsNsDomains) {
+                records.push({
+                    name: domain,
+                    type: 'NS',
+                    value: nsDomain,
+                    ttl: 3600
+                });
+            }
+            // SOA records are now automatically generated by smartdns DnsServer
+            // with the primaryNameserver configuration option
+        }
+        logger.log('info', `Generated ${records.length} total records (A + NS) for ${this.options.dnsScopes.length} domains`);
+        return records;
+    }
+    /**
+     * Extract the base domain from a DNS record name
+     */
+    extractDomain(recordName) {
+        // Handle wildcards
+        if (recordName.startsWith('*.')) {
+            recordName = recordName.substring(2);
+        }
+        return recordName;
+    }
+    /**
+     * Apply proxy IP replacement logic to DNS records
+     */
+    async applyProxyIpReplacement(records) {
+        if (!this.options.proxyIps || this.options.proxyIps.length === 0) {
+            return; // No proxy IPs configured, skip replacement
+        }
+        // Get server's public IP
+        const serverIp = await this.detectServerPublicIp();
+        if (!serverIp) {
+            logger.log('warn', 'Could not detect server public IP, skipping proxy IP replacement');
+            return;
+        }
+        logger.log('info', `Applying proxy IP replacement. Server IP: ${serverIp}, Proxy IPs: ${this.options.proxyIps.join(', ')}`);
+        let proxyIndex = 0;
+        for (const record of records) {
+            if (record.type === 'A' &&
+                record.value === serverIp &&
+                record.useIngressProxy !== false) {
+                // Round-robin through proxy IPs
+                const proxyIp = this.options.proxyIps[proxyIndex % this.options.proxyIps.length];
+                logger.log('info', `Replacing A record for ${record.name}: ${record.value} → ${proxyIp}`);
+                record.value = proxyIp;
+                proxyIndex++;
+            }
+        }
+    }
+    /**
+     * Detect the server's public IP address
+     */
+    async detectServerPublicIp() {
+        try {
+            const smartNetwork = new plugins.smartnetwork.SmartNetwork();
+            const publicIps = await smartNetwork.getPublicIps();
+            if (publicIps.v4) {
+                return publicIps.v4;
+            }
+            return null;
+        }
+        catch (error) {
+            logger.log('warn', `Failed to detect public IP: ${error.message}`);
+            return null;
+        }
+    }
+    /**
+     * Set up Remote Ingress hub for edge tunnel connections
+     */
+    async setupRemoteIngress() {
+        if (!this.options.remoteIngressConfig?.enabled) {
+            return;
+        }
+        logger.log('info', 'Setting up Remote Ingress hub...');
+        // Initialize the edge registration manager
+        this.remoteIngressManager = new RemoteIngressManager();
+        await this.remoteIngressManager.initialize();
+        // Pass current bootstrap routes so the manager can derive edge ports initially.
+        // Once RouteConfigManager applies the full DB set, the onRoutesApplied callback
+        // will push the complete merged routes here.
+        const bootstrapRoutes = [...this.seedConfigRoutes, ...this.seedEmailRoutes, ...this.seedDnsRoutes];
+        this.remoteIngressManager.setRoutes(bootstrapRoutes);
+        // If ConfigManagers finished before us, re-apply routes
+        // so the callback delivers the full DB set to our newly-created remoteIngressManager.
+        if (this.routeConfigManager) {
+            await this.routeConfigManager.applyRoutes();
+        }
+        // Resolve TLS certs for tunnel: explicit paths > ACME for hubDomain > self-signed (Rust default)
+        const riCfg = this.options.remoteIngressConfig;
+        let tlsConfig;
+        // Priority 1: Explicit cert/key file paths
+        if (riCfg.tls?.certPath && riCfg.tls?.keyPath) {
+            try {
+                const certPem = plugins.fs.readFileSync(riCfg.tls.certPath, 'utf8');
+                const keyPem = plugins.fs.readFileSync(riCfg.tls.keyPath, 'utf8');
+                tlsConfig = { certPem, keyPem };
+                logger.log('info', 'Using explicit TLS cert/key for RemoteIngress tunnel');
+            }
+            catch (err) {
+                logger.log('warn', `Failed to read RemoteIngress TLS cert/key files: ${err.message}`);
+            }
+        }
+        // Priority 2: Existing cert from SmartProxy cert store for hubDomain
+        if (!tlsConfig && riCfg.hubDomain) {
+            try {
+                const stored = await ProxyCertDoc.findByDomain(riCfg.hubDomain);
+                if (stored?.publicKey && stored?.privateKey) {
+                    tlsConfig = { certPem: stored.publicKey, keyPem: stored.privateKey };
+                    logger.log('info', `Using stored ACME cert for RemoteIngress tunnel TLS: ${riCfg.hubDomain}`);
+                }
+            }
+            catch { /* no stored cert, fall through */ }
+        }
+        if (!tlsConfig) {
+            logger.log('info', 'No TLS cert configured for RemoteIngress tunnel — using auto-generated self-signed');
+        }
+        // Create and start the tunnel manager
+        this.tunnelManager = new TunnelManager(this.remoteIngressManager, {
+            tunnelPort: riCfg.tunnelPort ?? 8443,
+            targetHost: '127.0.0.1',
+            tls: tlsConfig,
+        });
+        await this.tunnelManager.start();
+        const edgeCount = this.remoteIngressManager.getAllEdges().length;
+        logger.log('info', `Remote Ingress hub started on port ${this.options.remoteIngressConfig.tunnelPort || 8443} with ${edgeCount} registered edge(s)`);
+    }
+    /**
+     * Set up VPN server for VPN-based route access control.
+     */
+    async setupVpnServer() {
+        if (!this.options.vpnConfig?.enabled) {
+            return;
+        }
+        logger.log('info', 'Setting up VPN server...');
+        this.vpnManager = new VpnManager({
+            subnet: this.options.vpnConfig.subnet,
+            wgListenPort: this.options.vpnConfig.wgListenPort,
+            dns: this.options.vpnConfig.dns,
+            serverEndpoint: this.options.vpnConfig.serverEndpoint,
+            initialClients: this.options.vpnConfig.clients,
+            destinationPolicy: this.options.vpnConfig.destinationPolicy,
+            forwardingMode: this.options.vpnConfig.forwardingMode,
+            bridgeLanSubnet: this.options.vpnConfig.bridgeLanSubnet,
+            bridgePhysicalInterface: this.options.vpnConfig.bridgePhysicalInterface,
+            bridgeIpRangeStart: this.options.vpnConfig.bridgeIpRangeStart,
+            bridgeIpRangeEnd: this.options.vpnConfig.bridgeIpRangeEnd,
+            onClientChanged: () => {
+                // Re-apply routes so profile-based ipAllowLists get updated
+                // (serialized by RouteConfigManager's mutex — safe as fire-and-forget)
+                this.routeConfigManager?.applyRoutes().catch((err) => {
+                    logger.log('warn', `Failed to re-apply routes after VPN client change: ${err?.message || err}`);
+                });
+            },
+            getClientDirectTargets: (targetProfileIds) => {
+                if (!this.targetProfileManager)
+                    return [];
+                return this.targetProfileManager.getDirectTargetIps(targetProfileIds);
+            },
+            getClientAllowedIPs: async (targetProfileIds) => {
+                const subnet = this.options.vpnConfig?.subnet || '10.8.0.0/24';
+                const ips = new Set([subnet]);
+                if (!this.targetProfileManager)
+                    return [...ips];
+                const allRoutes = this.routeConfigManager?.getRoutes() || new Map();
+                const { domains, targetIps } = this.targetProfileManager.getClientAccessSpec(targetProfileIds, allRoutes);
+                // Add target IPs directly
+                for (const ip of targetIps) {
+                    ips.add(`${ip}/32`);
+                }
+                // Resolve DNS A records for matched domains (with caching)
+                for (const domain of domains) {
+                    const stripped = domain.replace(/^\*\./, '');
+                    const resolvedIps = await this.resolveVpnDomainIPs(stripped);
+                    for (const ip of resolvedIps) {
+                        ips.add(`${ip}/32`);
+                    }
+                }
+                return [...ips];
+            },
+        });
+        await this.vpnManager.start();
+        // Re-apply routes now that VPN clients are loaded — ensures vpnOnly routes
+        // get correct profile-based ipAllowLists
+        await this.routeConfigManager?.applyRoutes();
+    }
+    /** Cache for DNS-resolved IPs of VPN-gated domains. TTL: 5 minutes. */
+    vpnDomainIpCache = new Map();
+    /**
+     * Resolve a domain's A record(s) for VPN AllowedIPs, with a 5-minute cache.
+     */
+    async resolveVpnDomainIPs(domain) {
+        const cached = this.vpnDomainIpCache.get(domain);
+        if (cached && cached.expiresAt > Date.now()) {
+            return cached.ips;
+        }
+        try {
+            const { promises: dnsPromises } = await import('dns');
+            const ips = await dnsPromises.resolve4(domain);
+            this.vpnDomainIpCache.set(domain, { ips, expiresAt: Date.now() + 5 * 60 * 1000 });
+            // Evict oldest entries if cache exceeds 1000 entries
+            if (this.vpnDomainIpCache.size > 1000) {
+                const firstKey = this.vpnDomainIpCache.keys().next().value;
+                if (firstKey)
+                    this.vpnDomainIpCache.delete(firstKey);
+            }
+            return ips;
+        }
+        catch (err) {
+            logger.log('warn', `VPN: Failed to resolve ${domain} for AllowedIPs: ${err.message}`);
+            return cached?.ips || []; // Return stale cache on failure, or empty
+        }
+    }
+    // VPN security injection is now handled dynamically by RouteConfigManager.applyRoutes()
+    // via the getVpnAllowList callback — no longer a separate method here.
+    /**
+     * Set up RADIUS server for network authentication
+     */
+    async setupRadiusServer() {
+        if (!this.options.radiusConfig) {
+            return;
+        }
+        logger.log('info', 'Setting up RADIUS server...');
+        this.radiusServer = new RadiusServer(this.options.radiusConfig);
+        await this.radiusServer.start();
+        logger.log('info', `RADIUS server started on ports ${this.options.radiusConfig.authPort || 1812} (auth) and ${this.options.radiusConfig.acctPort || 1813} (acct)`);
+    }
+    /**
+     * Update RADIUS configuration at runtime
+     */
+    async updateRadiusConfig(config) {
+        // Stop existing RADIUS server if running
+        if (this.radiusServer) {
+            await this.radiusServer.stop();
+            this.radiusServer = undefined;
+        }
+        // Update configuration
+        this.options.radiusConfig = config;
+        // Start with new configuration
+        await this.setupRadiusServer();
+        logger.log('info', 'RADIUS configuration updated');
+    }
+}
+export default DcRouter;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5kY3JvdXRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3RzL2NsYXNzZXMuZGNyb3V0ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxjQUFjLENBQUM7QUFDeEMsT0FBTyxLQUFLLEtBQUssTUFBTSxZQUFZLENBQUM7QUFFcEMsc0RBQXNEO0FBRXRELDhEQUE4RDtBQUM5RCxPQUFPLEVBQ0wsa0JBQWtCLEdBSW5CLE1BQU0sc0JBQXNCLENBQUM7QUFDOUIsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNyQyxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsTUFBTSxtQ0FBbUMsQ0FBQztBQUM3RSxPQUFPLEVBQUUsc0JBQXNCLEVBQUUsTUFBTSx1Q0FBdUMsQ0FBQztBQUMvRSwwQkFBMEI7QUFDMUIsT0FBTyxFQUFFLFVBQVUsRUFBMEIsWUFBWSxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFDNUcsMENBQTBDO0FBQzFDLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxNQUFNLDJCQUEyQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUVyRCxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDakQsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBQ3ZELE9BQU8sRUFBRSxZQUFZLEVBQTRCLE1BQU0sbUJBQW1CLENBQUM7QUFDM0UsT0FBTyxFQUFFLG9CQUFvQixFQUFFLGFBQWEsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQy9FLE9BQU8sRUFBRSxVQUFVLEVBQTBCLE1BQU0sZ0JBQWdCLENBQUM7QUFDcEUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLGVBQWUsRUFBRSxpQkFBaUIsRUFBRSxRQUFRLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUMzSCxPQUFPLEVBQUUsY0FBYyxFQUFFLGNBQWMsRUFBRSxtQkFBbUIsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQzFGLE9BQU8sRUFBcUIsc0JBQXNCLEVBQUUsTUFBTSxrQkFBa0IsQ0FBQztBQUM3RSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDbEQsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDbEUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0seUNBQXlDLENBQUM7QUErTTdFLE1BQU0sT0FBTyxRQUFRO0lBQ1osT0FBTyxDQUFtQjtJQUMxQixhQUFhLENBQXdDO0lBRTVELGdCQUFnQjtJQUNULFVBQVUsQ0FBaUM7SUFDM0MsU0FBUyxDQUErQjtJQUN4QyxTQUFTLENBQTJDO0lBQ3BELFdBQVcsQ0FBc0I7SUFDakMsWUFBWSxDQUFnQjtJQUM1QixTQUFTLENBQWE7SUFDdEIsY0FBYyxDQUFrQjtJQUV2QywwRkFBMEY7SUFDbkYsY0FBYyxHQUFRO1FBQzNCLEdBQUcsRUFBRSxLQUFLLEVBQUUsSUFBWSxFQUFFLEVBQUUsQ0FBQyxJQUFJO1FBQ2pDLEdBQUcsRUFBRSxLQUFLLEVBQUUsSUFBWSxFQUFFLE1BQWMsRUFBRSxFQUFFO1lBQzFDLHFFQUFxRTtZQUNyRSxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxzREFBc0QsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUNwRixDQUFDO0tBQ0YsQ0FBQztJQUVGLGtFQUFrRTtJQUMzRCxVQUFVLENBQWM7SUFDeEIsWUFBWSxDQUFnQjtJQUVuQyxpQkFBaUI7SUFDVixvQkFBb0IsQ0FBd0I7SUFDNUMsYUFBYSxDQUFpQjtJQUVyQyxNQUFNO0lBQ0MsVUFBVSxDQUFjO0lBRS9CLDBCQUEwQjtJQUNuQixrQkFBa0IsQ0FBc0I7SUFDeEMsZUFBZSxDQUFtQjtJQUNsQyxpQkFBaUIsQ0FBcUI7SUFDdEMsb0JBQW9CLENBQXdCO0lBRW5ELGtFQUFrRTtJQUMzRCxVQUFVLENBQWM7SUFFL0Isc0VBQXNFO0lBQy9ELGlCQUFpQixDQUFxQjtJQUN0QyxrQkFBa0IsQ0FBc0I7SUFFL0Msd0VBQXdFO0lBQ2pFLGdCQUFnQixHQUFrQixJQUFJLENBQUM7SUFFOUMsdUNBQXVDO0lBQy9CLGtCQUFrQixHQUFXLENBQUMsQ0FBQyxDQUFDLGlDQUFpQztJQUNqRSxpQkFBaUIsR0FBVyxDQUFDLENBQUMsQ0FBRSw2QkFBNkI7SUFDN0QsYUFBYSxHQUFXLENBQUMsQ0FBQztJQUMxQixhQUFhLEdBQXlDLElBQUksQ0FBQztJQUVuRSx1RUFBdUU7SUFDaEUsb0JBQW9CLEdBQUcsSUFBSSxHQUFHLEVBT2pDLENBQUM7SUFFTCw2REFBNkQ7SUFDdEQsc0JBQXNCLENBQTBCO0lBRXZELCtCQUErQjtJQUN4QixjQUFjLENBQW9DO0lBQ2pELDBCQUEwQixDQUFxQztJQUNoRSxjQUFjLEdBQUcsS0FBSyxDQUFDO0lBRTlCLGdDQUFnQztJQUN6QixXQUFXLEdBQUcsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBRTVELDRGQUE0RjtJQUNwRixnQkFBZ0IsR0FBc0MsRUFBRSxDQUFDO0lBQ3pELGVBQWUsR0FBc0MsRUFBRSxDQUFDO0lBQ3hELGFBQWEsR0FBc0MsRUFBRSxDQUFDO0lBRTlELHFCQUFxQjtJQUNiLElBQUksR0FBRyxJQUFJLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxTQUFTLENBQUMsQ0FBQztJQUV0RCxZQUFZLFVBQTRCO1FBQ3RDLDBCQUEwQjtRQUMxQixJQUFJLENBQUMsT0FBTyxHQUFHO1lBQ2IsR0FBRyxVQUFVO1NBQ2QsQ0FBQztRQUVGLHNDQUFzQztRQUN0QyxJQUFJLENBQUMsYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUU5RCx1REFBdUQ7UUFDdkQsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLE9BQU8sQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO1lBQzFELElBQUksRUFBRSxVQUFVO1lBQ2hCLGdCQUFnQixFQUFFLE9BQU87WUFDekIsaUJBQWlCLEVBQUUsTUFBTTtTQUMxQixDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssZ0JBQWdCO1FBQ3RCLDZEQUE2RDtRQUM3RCxJQUFJLENBQUMsY0FBYyxDQUFDLFVBQVUsQ0FDNUIsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUM7YUFDeEMsUUFBUSxFQUFFO2FBQ1YsU0FBUyxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQ3BCLElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDckMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQy9CLENBQUMsQ0FBQzthQUNELFFBQVEsQ0FBQyxLQUFLLElBQUksRUFBRTtZQUNuQixNQUFNLElBQUksQ0FBQyxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUM7UUFDL0IsQ0FBQyxDQUFDO2FBQ0QsU0FBUyxDQUFDLEVBQUUsVUFBVSxFQUFFLENBQUMsRUFBRSxDQUFDLENBQ2hDLENBQUM7UUFFRiwrRUFBK0U7UUFDL0UsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxPQUFPLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDN0MsSUFBSSxDQUFDLGNBQWMsQ0FBQyxVQUFVLENBQzVCLElBQUksT0FBTyxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDO2lCQUN6QyxRQUFRLEVBQUU7aUJBQ1YsU0FBUyxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNwQixNQUFNLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUMvQixDQUFDLENBQUM7aUJBQ0QsUUFBUSxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNuQixJQUFJLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztvQkFDdEIsSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDekIsSUFBSSxDQUFDLFlBQVksR0FBRyxTQUFTLENBQUM7Z0JBQ2hDLENBQUM7Z0JBQ0QsSUFBSSxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7b0JBQ3BCLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDN0IsVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDO29CQUMzQixJQUFJLENBQUMsVUFBVSxHQUFHLFNBQVMsQ0FBQztnQkFDOUIsQ0FBQztZQUNILENBQUMsQ0FBQztpQkFDRCxTQUFTLENBQUMsRUFBRSxVQUFVLEVBQUUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLElBQUksRUFBRSxDQUFDLENBQ3JFLENBQUM7UUFDSixDQUFDO1FBRUQsaURBQWlEO1FBQ2pELElBQUksQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUM1QixJQUFJLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDO2FBQzdDLFFBQVEsRUFBRTthQUNWLFNBQVMsQ0FBQyxXQUFXLENBQUM7YUFDdEIsU0FBUyxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQ3BCLElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDL0MsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ3BDLENBQUMsQ0FBQzthQUNELFFBQVEsQ0FBQyxLQUFLLElBQUksRUFBRTtZQUNuQixJQUFJLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNqQyxJQUFJLENBQUMsY0FBYyxHQUFHLFNBQVMsQ0FBQztZQUNsQyxDQUFDO1FBQ0gsQ0FBQyxDQUFDO2FBQ0QsU0FBUyxDQUFDLEVBQUUsVUFBVSxFQUFFLENBQUMsRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FDbkQsQ0FBQztRQUVGLHlFQUF5RTtRQUN6RSwyRUFBMkU7UUFDM0UsZ0NBQWdDO1FBQ2hDLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsT0FBTyxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUM1QixJQUFJLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQztpQkFDekMsUUFBUSxFQUFFO2lCQUNWLFNBQVMsQ0FBQyxZQUFZLENBQUM7aUJBQ3ZCLFNBQVMsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDcEIsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQy9DLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNoQyxDQUFDLENBQUM7aUJBQ0QsUUFBUSxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNuQixJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztvQkFDcEIsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDO29CQUM3QixJQUFJLENBQUMsVUFBVSxHQUFHLFNBQVMsQ0FBQztnQkFDOUIsQ0FBQztZQUNILENBQUMsQ0FBQztpQkFDRCxTQUFTLENBQUMsRUFBRSxVQUFVLEVBQUUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUNsRCxDQUFDO1FBQ0osQ0FBQztRQUVELDBFQUEwRTtRQUMxRSwwRUFBMEU7UUFDMUUsd0VBQXdFO1FBQ3hFLGlGQUFpRjtRQUNqRixJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLE9BQU8sS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUM3QyxJQUFJLENBQUMsY0FBYyxDQUFDLFVBQVUsQ0FDNUIsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQztpQkFDaEQsUUFBUSxFQUFFO2lCQUNWLFNBQVMsQ0FBQyxZQUFZLENBQUM7aUJBQ3ZCLFNBQVMsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDcEIsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksaUJBQWlCLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUM3RCxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN2QyxDQUFDLENBQUM7aUJBQ0QsUUFBUSxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNuQixJQUFJLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO29CQUMzQixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDcEMsSUFBSSxDQUFDLGlCQUFpQixHQUFHLFNBQVMsQ0FBQztnQkFDckMsQ0FBQztZQUNILENBQUMsQ0FBQztpQkFDRCxTQUFTLENBQUMsRUFBRSxVQUFVLEVBQUUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUNsRCxDQUFDO1FBQ0osQ0FBQztRQUVELHdEQUF3RDtRQUN4RCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLE9BQU8sS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUM3QyxJQUFJLENBQUMsY0FBYyxDQUFDLFVBQVUsQ0FDNUIsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxvQkFBb0IsQ0FBQztpQkFDakQsUUFBUSxFQUFFO2lCQUNWLFNBQVMsQ0FBQyxZQUFZLENBQUM7aUJBQ3ZCLFNBQVMsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDcEIsSUFBSSxDQUFDLGtCQUFrQixHQUFHLElBQUksa0JBQWtCLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDekQsQ0FBQyxDQUFDO2lCQUNELFFBQVEsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDbkIsSUFBSSxDQUFDLGtCQUFrQixHQUFHLFNBQVMsQ0FBQztZQUN0QyxDQUFDLENBQUMsQ0FDTCxDQUFDO1FBQ0osQ0FBQztRQUVELDRGQUE0RjtRQUM1RixNQUFNLGNBQWMsR0FBYSxFQUFFLENBQUM7UUFDcEMsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxPQUFPLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDN0MsY0FBYyxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUNsQyxjQUFjLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQ2xDLGNBQWMsQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQztRQUMzQyxDQUFDO1FBQ0QsSUFBSSxDQUFDLGNBQWMsQ0FBQyxVQUFVLENBQzVCLElBQUksT0FBTyxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDO2FBQ3pDLFFBQVEsRUFBRTthQUNWLFNBQVMsQ0FBQyxHQUFHLGNBQWMsQ0FBQzthQUM1QixTQUFTLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDcEIsTUFBTSxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7UUFDL0IsQ0FBQyxDQUFDO2FBQ0QsUUFBUSxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQ25CLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO2dCQUNwQixJQUFJLENBQUMsVUFBVSxDQUFDLGtCQUFrQixFQUFFLENBQUM7Z0JBQ3JDLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDN0IsSUFBSSxDQUFDLFVBQVUsR0FBRyxTQUFTLENBQUM7WUFDOUIsQ0FBQztRQUNILENBQUMsQ0FBQzthQUNELFNBQVMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUNoQyxDQUFDO1FBRUYsaUZBQWlGO1FBQ2pGLDhFQUE4RTtRQUM5RSxnRkFBZ0Y7UUFDaEYsc0ZBQXNGO1FBQ3RGLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsT0FBTyxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUM1QixJQUFJLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQztpQkFDeEMsUUFBUSxFQUFFO2lCQUNWLFNBQVMsQ0FBQyxZQUFZLENBQUM7aUJBQ3ZCLFNBQVMsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDcEIsSUFBSSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7b0JBQ25CLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztvQkFDN0IsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUM7b0JBQzNCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHdDQUF3QyxDQUFDLENBQUM7b0JBRTdELGdFQUFnRTtvQkFDaEUsaUZBQWlGO29CQUNqRiwrRUFBK0U7b0JBQy9FLDhFQUE4RTtvQkFDOUUsa0ZBQWtGO29CQUNsRiw4RUFBOEU7b0JBQzlFLElBQUksSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUM7d0JBQzVCLGlFQUFpRTt3QkFDakUsdUVBQXVFO3dCQUN2RSxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwrREFBK0QsQ0FBQyxDQUFDO3dCQUNwRixJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBUSxFQUFFLEVBQUU7NEJBQ3ZELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDJDQUEyQyxHQUFHLEVBQUUsT0FBTyxJQUFJLEdBQUcsRUFBRSxDQUFDLENBQUM7d0JBQ3ZGLENBQUMsQ0FBQyxDQUFDO29CQUNMLENBQUM7eUJBQU0sSUFBSSxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7d0JBQzNCLDRGQUE0Rjt3QkFDNUYsSUFBSSxJQUFJLENBQUMsc0JBQXNCLEVBQUUsQ0FBQzs0QkFDaEMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEtBQUssRUFBRSxDQUFDO3dCQUN0QyxDQUFDO3dCQUNELE1BQU0sYUFBYSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxDQUFDO3dCQUMvRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw4Q0FBOEMsYUFBYSxDQUFDLE1BQU0sU0FBUyxDQUFDLENBQUM7d0JBQ2hHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLGFBQWEsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQVEsRUFBRSxFQUFFOzRCQUM3RCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwyQ0FBMkMsR0FBRyxFQUFFLE9BQU8sSUFBSSxHQUFHLEVBQUUsQ0FBQyxDQUFDO3dCQUN2RixDQUFDLENBQUMsQ0FBQztvQkFDTCxDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDLENBQUM7aUJBQ0QsUUFBUSxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNuQixJQUFJLENBQUMsY0FBYyxHQUFHLEtBQUssQ0FBQztnQkFDNUIsSUFBSSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7b0JBQ25CLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDNUIsSUFBSSxDQUFDLFNBQVMsR0FBRyxTQUFTLENBQUM7Z0JBQzdCLENBQUM7WUFDSCxDQUFDLENBQUM7aUJBQ0QsU0FBUyxDQUFDLEVBQUUsVUFBVSxFQUFFLEVBQUUsRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDLENBQzdGLENBQUM7UUFDSixDQUFDO1FBRUQsK0RBQStEO1FBQy9ELHlFQUF5RTtRQUN6RSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLE9BQU8sS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUM3QyxJQUFJLENBQUMsY0FBYyxDQUFDLFVBQVUsQ0FDNUIsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQztpQkFDN0MsUUFBUSxFQUFFO2lCQUNWLFNBQVMsQ0FBQyxZQUFZLEVBQUUsWUFBWSxDQUFDO2lCQUNyQyxTQUFTLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ3BCLDJEQUEyRDtnQkFDM0QsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksaUJBQWlCLEVBQUUsQ0FBQztnQkFDakQsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBRTFDLG9DQUFvQztnQkFDcEMsSUFBSSxDQUFDLG9CQUFvQixHQUFHLElBQUksb0JBQW9CLEVBQUUsQ0FBQztnQkFDdkQsTUFBTSxJQUFJLENBQUMsb0JBQW9CLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBRTdDLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLGtCQUFrQixDQUM5QyxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUNyQixHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssRUFDeEIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsT0FBTztvQkFDN0IsQ0FBQyxDQUFDLENBQUMsS0FBNEUsRUFBRSxPQUFnQixFQUFFLEVBQUU7d0JBQ2pHLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsSUFBSSxDQUFDLG9CQUFvQixFQUFFLENBQUM7NEJBQ25ELCtEQUErRDs0QkFDL0QsT0FBTyxFQUFFLENBQUM7d0JBQ1osQ0FBQzt3QkFDRCxPQUFPLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxvQkFBb0IsQ0FDbkQsS0FBSyxFQUFFLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLFdBQVcsRUFBRSxDQUM5QyxDQUFDO29CQUNKLENBQUM7b0JBQ0gsQ0FBQyxDQUFDLFNBQVMsRUFDYixJQUFJLENBQUMsaUJBQWlCO2dCQUN0Qiw4REFBOEQ7Z0JBQzlELHlEQUF5RDtnQkFDekQsQ0FBQyxNQUFNLEVBQUUsRUFBRTtvQkFDVCxJQUFJLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO3dCQUM5QixJQUFJLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLE1BQWUsQ0FBQyxDQUFDO29CQUN2RCxDQUFDO29CQUNELElBQUksSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO3dCQUN2QixJQUFJLENBQUMsYUFBYSxDQUFDLGdCQUFnQixFQUFFLENBQUM7b0JBQ3hDLENBQUM7Z0JBQ0gsQ0FBQyxDQUNGLENBQUM7Z0JBQ0YsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLGVBQWUsRUFBRSxDQUFDO2dCQUM3QyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBQ3hDLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLFVBQVUsQ0FDdEMsSUFBSSxDQUFDLGdCQUEyRixFQUNoRyxJQUFJLENBQUMsZUFBMEYsRUFDL0YsSUFBSSxDQUFDLGFBQXdGLENBQzlGLENBQUM7Z0JBRUYsc0VBQXNFO2dCQUN0RSxNQUFNLE1BQU0sR0FBRyxJQUFJLFFBQVEsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsQ0FBQztnQkFDcEQsTUFBTSxNQUFNLENBQUMsV0FBVyxDQUN0QixJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxXQUFXLEVBQ2xDLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLFFBQVEsQ0FDaEMsQ0FBQztZQUNKLENBQUMsQ0FBQztpQkFDRCxRQUFRLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ25CLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxTQUFTLENBQUM7Z0JBQ3BDLElBQUksQ0FBQyxlQUFlLEdBQUcsU0FBUyxDQUFDO2dCQUNqQyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsU0FBUyxDQUFDO2dCQUNuQyxJQUFJLENBQUMsb0JBQW9CLEdBQUcsU0FBUyxDQUFDO1lBQ3hDLENBQUMsQ0FBQztpQkFDRCxTQUFTLENBQUMsRUFBRSxVQUFVLEVBQUUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUNuRCxDQUFDO1FBQ0osQ0FBQztRQUVELGdEQUFnRDtRQUNoRCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDN0IsSUFBSSxDQUFDLGNBQWMsQ0FBQyxVQUFVLENBQzVCLElBQUksT0FBTyxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDO2lCQUMxQyxRQUFRLEVBQUU7aUJBQ1YsU0FBUyxDQUFDLFlBQVksQ0FBQztpQkFDdkIsU0FBUyxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNwQixNQUFNLElBQUksQ0FBQyx5QkFBeUIsRUFBRSxDQUFDO1lBQ3pDLENBQUMsQ0FBQztpQkFDRCxRQUFRLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ25CLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO29CQUNyQixJQUFLLElBQUksQ0FBQyxXQUFtQixDQUFDLGNBQWMsRUFBRSxDQUFDO3dCQUM1QyxJQUFJLENBQUMsV0FBbUIsQ0FBQyxjQUFjLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztvQkFDaEUsQ0FBQztvQkFDRCxJQUFJLENBQUMsV0FBVyxDQUFDLGtCQUFrQixFQUFFLENBQUM7b0JBQ3RDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDOUIsSUFBSSxDQUFDLFdBQVcsR0FBRyxTQUFTLENBQUM7Z0JBQy9CLENBQUM7WUFDSCxDQUFDLENBQUM7aUJBQ0QsU0FBUyxDQUFDLEVBQUUsVUFBVSxFQUFFLENBQUMsRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxNQUFNLEVBQUUsQ0FBQyxDQUN2RSxDQUFDO1FBQ0osQ0FBQztRQUVELDhDQUE4QztRQUM5QyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLE1BQU0sR0FBRyxDQUFDLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3JJLElBQUksQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUM1QixJQUFJLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQztpQkFDeEMsUUFBUSxFQUFFO2lCQUNWLFNBQVMsQ0FBQyxZQUFZLENBQUM7aUJBQ3ZCLFNBQVMsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDcEIsTUFBTSxJQUFJLENBQUMseUJBQXlCLEVBQUUsQ0FBQztZQUN6QyxDQUFDLENBQUM7aUJBQ0QsUUFBUSxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNuQiw4QkFBOEI7Z0JBQzlCLElBQUksSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO29CQUN2QixZQUFZLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDO29CQUNqQyxJQUFJLElBQUksQ0FBQyxhQUFhLEdBQUcsQ0FBQyxFQUFFLENBQUM7d0JBQzNCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLFFBQVEsSUFBSSxDQUFDLGFBQWEsa0NBQWtDLEVBQUUsRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztvQkFDcEcsQ0FBQztvQkFDRCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQztvQkFDMUIsSUFBSSxDQUFDLGFBQWEsR0FBRyxDQUFDLENBQUM7b0JBQ3ZCLElBQUksQ0FBQyxrQkFBa0IsR0FBRyxDQUFDLENBQUM7b0JBQzVCLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxDQUFDLENBQUM7Z0JBQzdCLENBQUM7Z0JBQ0QsSUFBSSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7b0JBQ25CLElBQUksQ0FBQyxTQUFTLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztvQkFDcEMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDO29CQUM1QixJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQztnQkFDN0IsQ0FBQztZQUNILENBQUMsQ0FBQztpQkFDRCxTQUFTLENBQUMsRUFBRSxVQUFVLEVBQUUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLE1BQU0sRUFBRSxDQUFDLENBQ3ZFLENBQUM7UUFDSixDQUFDO1FBRUQsdURBQXVEO1FBQ3ZELElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUM5QixJQUFJLENBQUMsY0FBYyxDQUFDLFVBQVUsQ0FDNUIsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUM7aUJBQzNDLFFBQVEsRUFBRTtpQkFDVixTQUFTLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ3BCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDakMsQ0FBQyxDQUFDO2lCQUNELFFBQVEsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDbkIsSUFBSSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7b0JBQ3RCLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDL0IsSUFBSSxDQUFDLFlBQVksR0FBRyxTQUFTLENBQUM7Z0JBQ2hDLENBQUM7WUFDSCxDQUFDLENBQUM7aUJBQ0QsU0FBUyxDQUFDLEVBQUUsVUFBVSxFQUFFLENBQUMsRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxNQUFNLEVBQUUsQ0FBQyxDQUN2RSxDQUFDO1FBQ0osQ0FBQztRQUVELGtEQUFrRDtRQUNsRCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsbUJBQW1CLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDOUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxVQUFVLENBQzVCLElBQUksT0FBTyxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDO2lCQUM1QyxRQUFRLEVBQUU7aUJBQ1YsU0FBUyxDQUFDLFlBQVksQ0FBQztpQkFDdkIsU0FBUyxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNwQixNQUFNLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ2xDLENBQUMsQ0FBQztpQkFDRCxRQUFRLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ25CLElBQUksSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO29CQUN2QixNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxFQUFFLENBQUM7b0JBQ2hDLElBQUksQ0FBQyxhQUFhLEdBQUcsU0FBUyxDQUFDO2dCQUNqQyxDQUFDO2dCQUNELElBQUksQ0FBQyxvQkFBb0IsR0FBRyxTQUFTLENBQUM7WUFDeEMsQ0FBQyxDQUFDO2lCQUNELFNBQVMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxDQUFDLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsTUFBTSxFQUFFLENBQUMsQ0FDdkUsQ0FBQztRQUNKLENBQUM7UUFFRCw4Q0FBOEM7UUFDOUMsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUNwQyxJQUFJLENBQUMsY0FBYyxDQUFDLFVBQVUsQ0FDNUIsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUM7aUJBQ3hDLFFBQVEsRUFBRTtpQkFDVixTQUFTLENBQUMsWUFBWSxDQUFDO2lCQUN2QixTQUFTLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ3BCLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQzlCLENBQUMsQ0FBQztpQkFDRCxRQUFRLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ25CLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO29CQUNwQixNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLENBQUM7b0JBQzdCLElBQUksQ0FBQyxVQUFVLEdBQUcsU0FBUyxDQUFDO2dCQUM5QixDQUFDO1lBQ0gsQ0FBQyxDQUFDO2lCQUNELFNBQVMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxDQUFDLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsTUFBTSxFQUFFLENBQUMsQ0FDdkUsQ0FBQztRQUNKLENBQUM7UUFFRCx3Q0FBd0M7UUFDeEMsSUFBSSxDQUFDLDBCQUEwQixHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFO1lBQ3ZGLE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxJQUFJLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssVUFBVSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQztZQUM5RixNQUFNLENBQUMsR0FBRyxDQUFDLEtBQVksRUFBRSxZQUFZLEtBQUssQ0FBQyxXQUFXLE1BQU0sS0FBSyxDQUFDLElBQUksRUFBRSxFQUFFO2dCQUN4RSxLQUFLLEVBQUUsS0FBSyxDQUFDLEtBQUs7Z0JBQ2xCLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEtBQUssRUFBRSxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDOUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUUsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO2FBQ3JELENBQUMsQ0FBQztRQUNMLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVNLEtBQUssQ0FBQyxLQUFLO1FBQ2hCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7UUFDL0IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNEJBQTRCLENBQUMsQ0FBQztRQUNqRCxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDbEMsSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7SUFDM0IsQ0FBQztJQUVEOzs7T0FHRztJQUNLLEtBQUssQ0FBQyxpQkFBaUI7UUFDN0IsSUFBSSxDQUFDO1lBQ0gsTUFBTSxFQUFFLEdBQUcsSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLE9BQU8sQ0FBQyxPQUFPLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxDQUFDO1lBQ2xGLE1BQU0sYUFBYSxHQUFHLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQVksQ0FBQztZQUMzRixNQUFNLFVBQVUsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLElBQVksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUM7WUFDdkcsSUFBSSxVQUFVLEVBQUUsQ0FBQztnQkFDZixNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUN6QyxNQUFNLFNBQVMsR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUN6QyxNQUFNLFNBQVMsR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUN6QyxJQUFJLFNBQVMsR0FBRyxLQUFLLEVBQUUsQ0FBQztvQkFDdEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsaUNBQWlDLFNBQVMsV0FBVyxTQUFTLEtBQUs7d0JBQ3BGLCtFQUErRSxDQUFDLENBQUM7Z0JBQ3JGLENBQUM7cUJBQU0sQ0FBQztvQkFDTixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxnQ0FBZ0MsU0FBUyxVQUFVLFNBQVMsRUFBRSxDQUFDLENBQUM7Z0JBQ3JGLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUFDLE1BQU0sQ0FBQztZQUNQLG1EQUFtRDtRQUNyRCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ssaUJBQWlCO1FBQ3ZCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLCtCQUErQixDQUFDLENBQUM7UUFFcEQsa0JBQWtCO1FBQ2xCLElBQUksSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDJGQUEyRixDQUFDLENBQUM7UUFDbEgsQ0FBQztRQUVELHFCQUFxQjtRQUNyQixJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNwQixNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLE1BQU0sRUFBRSxNQUFNLElBQUksQ0FBQyxDQUFDO1lBQ3RFLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLEVBQUUsSUFBSSxFQUFFLE9BQU8sSUFBSSxLQUFLLENBQUM7WUFDMUUsTUFBTSxRQUFRLEdBQUcsV0FBVztnQkFDMUIsQ0FBQyxDQUFDLFNBQVMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxnQkFBaUIsQ0FBQyxJQUFLLENBQUMsS0FBSyxJQUFJLFNBQVMsVUFBVSxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFpQixDQUFDLElBQUssQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsU0FBUyxFQUFFO2dCQUMzSixDQUFDLENBQUMsVUFBVSxDQUFDO1lBQ2YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsdUJBQXVCLFVBQVUsa0JBQWtCLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDcEYsQ0FBQztRQUVELHdCQUF3QjtRQUN4QixJQUFJLElBQUksQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQ25ELE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxNQUFNLElBQUksQ0FBQyxDQUFDO1lBQ2xFLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFDLE9BQU8sSUFBSSxTQUFTLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxNQUFNLENBQUM7WUFDL0gsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUseUJBQXlCLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsUUFBUSxJQUFJLFdBQVcsYUFBYSxXQUFXLEtBQUssV0FBVyxxQkFBcUIsQ0FBQyxDQUFDO1FBQzVMLENBQUM7UUFFRCxzQkFBc0I7UUFDdEIsSUFBSSxJQUFJLENBQUMsU0FBUyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDMUUsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNkJBQTZCLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLE1BQU0sYUFBYSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDbk4sQ0FBQztRQUVELHlCQUF5QjtRQUN6QixJQUFJLElBQUksQ0FBQyxZQUFZLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNuRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLGNBQWMsRUFBRSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2hFLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHdCQUF3QixJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxRQUFRLElBQUksSUFBSSxVQUFVLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLFFBQVEsSUFBSSxJQUFJLGFBQWEsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDLFdBQVcsU0FBUyxDQUFDLGFBQWEsZ0JBQWdCLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQztRQUNsVSxDQUFDO1FBRUQsY0FBYztRQUNkLElBQUksSUFBSSxDQUFDLFVBQVUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUN2RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzNDLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFlBQVksSUFBSSxLQUFLLENBQUM7WUFDNUQsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUM7WUFDekQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsdUJBQXVCLE1BQU0sU0FBUyxNQUFNLGFBQWEsV0FBVyxFQUFFLENBQUMsQ0FBQztRQUM3RixDQUFDO1FBRUQseUJBQXlCO1FBQ3pCLElBQUksSUFBSSxDQUFDLGFBQWEsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLG1CQUFtQixFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ3BFLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxXQUFXLEVBQUUsQ0FBQyxNQUFNLElBQUksQ0FBQyxDQUFDO1lBQ3ZFLE1BQU0sY0FBYyxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUM5RCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwrQkFBK0IsSUFBSSxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLElBQUksSUFBSSxXQUFXLFNBQVMsZUFBZSxjQUFjLFlBQVksQ0FBQyxDQUFDO1FBQ3RLLENBQUM7UUFFRCxtQkFBbUI7UUFDbkIsSUFBSSxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDcEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsYUFBYSxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLFVBQVUsUUFBUSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxhQUFhLElBQUksQ0FBQyxZQUFZLEVBQUUsUUFBUSxFQUFFLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsVUFBVSxLQUFLLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsb0JBQW9CLElBQUksQ0FBQyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ25RLENBQUM7UUFFRCw2Q0FBNkM7UUFDN0MsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUMvQyxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBQ2pDLE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsS0FBSyxLQUFLLFNBQVMsQ0FBQyxDQUFDLE1BQU0sQ0FBQztRQUNuRSxNQUFNLE1BQU0sR0FBRyxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEtBQUssS0FBSyxRQUFRLENBQUMsQ0FBQyxNQUFNLENBQUM7UUFDakUsTUFBTSxRQUFRLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxLQUFLLEtBQUssVUFBVSxJQUFJLENBQUMsQ0FBQyxLQUFLLEtBQUssVUFBVSxDQUFDLENBQUMsTUFBTSxDQUFDO1FBRS9GLElBQUksTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2YsTUFBTSxXQUFXLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxLQUFLLEtBQUssUUFBUSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxLQUFLLENBQUMsQ0FBQyxTQUFTLElBQUksU0FBUyxFQUFFLENBQUMsQ0FBQztZQUNsSCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx1Q0FBdUMsT0FBTyxhQUFhLE1BQU0sWUFBWSxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUM1SCxDQUFDO2FBQU0sSUFBSSxRQUFRLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsc0JBQXNCLE9BQU8sYUFBYSxRQUFRLHFCQUFxQixDQUFDLENBQUM7UUFDOUYsQ0FBQzthQUFNLENBQUM7WUFDTixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxPQUFPLE9BQU8sdUJBQXVCLENBQUMsQ0FBQztRQUM1RCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLGVBQWU7UUFDM0IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMEJBQTBCLENBQUMsQ0FBQztRQUUvQyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7UUFFN0Msa0NBQWtDO1FBQ2xDLElBQUksQ0FBQyxVQUFVLEdBQUcsVUFBVSxDQUFDLFdBQVcsQ0FBQztZQUN2QyxVQUFVLEVBQUUsUUFBUSxDQUFDLFVBQVU7WUFDL0IsV0FBVyxFQUFFLFFBQVEsQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxnQkFBZ0I7WUFDeEUsTUFBTSxFQUFFLFFBQVEsQ0FBQyxNQUFNLElBQUksVUFBVTtZQUNyQyxLQUFLLEVBQUUsS0FBSztTQUNiLENBQUMsQ0FBQztRQUVILE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUU5QiwwRUFBMEU7UUFDMUUsMkRBQTJEO1FBQzNELE1BQU0sU0FBUyxHQUFHLE1BQU0scUJBQXFCLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsRUFBRSxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0YsTUFBTSxlQUFlLEdBQUcsTUFBTSxTQUFTLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDOUMsSUFBSSxlQUFlLENBQUMsWUFBWSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM1QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFDZixtQkFBbUIsZUFBZSxDQUFDLG9CQUFvQixJQUFJLE9BQU8sTUFBTSxlQUFlLENBQUMsbUJBQW1CLEdBQUc7Z0JBQzlHLElBQUksZUFBZSxDQUFDLFlBQVksQ0FBQyxNQUFNLHVCQUF1QixlQUFlLENBQUMsZUFBZSxLQUFLLENBQ25HLENBQUM7UUFDSixDQUFDO2FBQU0sSUFBSSxlQUFlLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDM0MsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNENBQTRDLGVBQWUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLENBQUM7UUFDeEcsQ0FBQztRQUVELHlEQUF5RDtRQUN6RCxNQUFNLGlCQUFpQixHQUFHLENBQUMsUUFBUSxDQUFDLG9CQUFvQixJQUFJLENBQUMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDO1FBQ2hGLElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxZQUFZLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRTtZQUNwRCxVQUFVLEVBQUUsaUJBQWlCO1lBQzdCLE9BQU8sRUFBRSxLQUFLO1NBQ2YsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLFlBQVksQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUUxQixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxxQkFBcUIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxVQUFVLEdBQUcsQ0FBQyxDQUFDO0lBQ3JHLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxlQUFlO1FBQzNCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDBCQUEwQixDQUFDLENBQUM7UUFFL0MsZ0VBQWdFO1FBQ2hFLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3BCLElBQUksQ0FBQyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztZQUNyQyxJQUFJLENBQUMsVUFBVSxHQUFHLFNBQVMsQ0FBQztRQUM5QixDQUFDO1FBRUQsOEVBQThFO1FBQzlFLDZFQUE2RTtRQUM3RSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLE1BQU0sSUFBSSxFQUFFLENBQXNDLENBQUM7UUFDM0csTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsU0FBUyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxtQkFBbUIsQ0FBQyxDQUFDO1FBRTdFLElBQUksQ0FBQyxlQUFlLEdBQUcsRUFBRSxDQUFDO1FBQzFCLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUM3QixJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQzFFLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLHdCQUF3QixFQUFFLEVBQUUsTUFBTSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNsRyxDQUFDO1FBRUQsSUFBSSxDQUFDLGFBQWEsR0FBRyxFQUFFLENBQUM7UUFDeEIsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDdEUsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUM5QyxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSw4QkFBOEIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsRUFBRSxNQUFNLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQzVJLENBQUM7UUFFRCx5RUFBeUU7UUFDekUsSUFBSSxNQUFNLEdBQXNDO1lBQzlDLEdBQUcsSUFBSSxDQUFDLGdCQUFnQjtZQUN4QixHQUFHLElBQUksQ0FBQyxlQUFlO1lBQ3ZCLEdBQUcsSUFBSSxDQUFDLGFBQWE7U0FDdEIsQ0FBQztRQUVGLDhFQUE4RTtRQUM5RSw0RUFBNEU7UUFDNUUsa0VBQWtFO1FBQ2xFLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUNuRCxNQUFNLFVBQVUsR0FDZCxNQUFNLElBQUksTUFBTSxDQUFDLE9BQU87WUFDdEIsQ0FBQyxDQUFDO2dCQUNFLFlBQVksRUFBRSxNQUFNLENBQUMsWUFBWTtnQkFDakMsT0FBTyxFQUFFLElBQUk7Z0JBQ2IsYUFBYSxFQUFFLE1BQU0sQ0FBQyxhQUFhO2dCQUNuQyxTQUFTLEVBQUUsTUFBTSxDQUFDLFNBQVM7Z0JBQzNCLGtCQUFrQixFQUFFLE1BQU0sQ0FBQyxrQkFBa0I7YUFDOUM7WUFDSCxDQUFDLENBQUMsU0FBUyxDQUFDO1FBQ2hCLElBQUksVUFBVSxFQUFFLENBQUM7WUFDZixNQUFNLENBQUMsR0FBRyxDQUNSLE1BQU0sRUFDTiw2QkFBNkIsVUFBVSxDQUFDLFlBQVksbUJBQW1CLFVBQVUsQ0FBQyxhQUFhLGVBQWUsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUNySSxDQUFDO1FBQ0osQ0FBQzthQUFNLENBQUM7WUFDTixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxtREFBbUQsQ0FBQyxDQUFDO1FBQzFFLENBQUM7UUFFRCx3RUFBd0U7UUFDeEUsd0VBQXdFO1FBQ3hFLDhFQUE4RTtRQUM5RSw2RUFBNkU7UUFDN0UsSUFBSSxpQkFBaUIsR0FBVSxFQUFFLENBQUM7UUFDbEMsSUFDRSxVQUFVO1lBQ1YsSUFBSSxDQUFDLFVBQVU7WUFDZixDQUFDLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLEVBQzdDLENBQUM7WUFDRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx3RUFBd0UsQ0FBQyxDQUFDO1lBQzdGLE1BQU0scUJBQXFCLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyw4QkFBOEIsRUFBRSxDQUFDO1lBQy9FLE1BQU0sWUFBWSxHQUFHLElBQUksT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFDLHFCQUFxQixDQUFDLENBQUM7WUFDeEYsaUJBQWlCLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7UUFFRCxzRUFBc0U7UUFDdEUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxPQUFPLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDMUMsTUFBTSxXQUFXLEdBQWlCLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDM0UsTUFBTSxHQUFHLHNCQUFzQixDQUFDLE1BQU0sRUFBRSxXQUFXLENBQUMsQ0FBQztZQUNyRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxzRUFBc0UsQ0FBQyxDQUFDO1FBQzdGLENBQUM7UUFFRCxtRUFBbUU7UUFDbkUsSUFBSSxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDdkQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsbURBQW1ELENBQUMsQ0FBQztZQUV4RSxnR0FBZ0c7WUFDaEcsTUFBTSxpQkFBaUIsR0FBd0YsRUFBRSxDQUFDO1lBRWxILGtFQUFrRTtZQUNsRSwrREFBK0Q7WUFDL0QsTUFBTSxnQkFBZ0IsR0FBMEM7Z0JBQzlELG9DQUFvQztnQkFDcEMsbUJBQW1CLEVBQUUsR0FBRztnQkFDeEIsNEJBQTRCLEVBQUUsR0FBRztnQkFDakMsYUFBYSxFQUFFLE9BQU87Z0JBQ3RCLGlCQUFpQixFQUFFLE9BQU87Z0JBQzFCLFNBQVMsRUFBRSxJQUFJO2dCQUNmLE9BQU8sRUFBRSxJQUFJO2dCQUNiLHVCQUF1QixFQUFFLE1BQU07Z0JBQy9CLHlCQUF5QjtnQkFDekIsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQjtnQkFDaEMsMkVBQTJFO2dCQUMzRSxRQUFRLEVBQUU7b0JBQ1IsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLFFBQVE7b0JBQzFDLFFBQVEsRUFBRTt3QkFDUixjQUFjLEVBQUUsTUFBTTt3QkFDdEIsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLFFBQVEsRUFBRSxRQUFRO3FCQUNyRDtpQkFDRjtnQkFDRCxnREFBZ0Q7Z0JBQ2hELE1BQU07Z0JBQ04sSUFBSSxFQUFFLFVBQVU7Z0JBQ2hCLFNBQVMsRUFBRTtvQkFDVCxPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7d0JBQ2xCLE1BQU0sSUFBSSxHQUFHLE1BQU0sWUFBWSxDQUFDLE9BQU8sRUFBRSxDQUFDO3dCQUMxQyxNQUFNLEtBQUssR0FBa0YsRUFBRSxDQUFDO3dCQUNoRyxLQUFLLE1BQU0sR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDOzRCQUN2QixLQUFLLENBQUMsSUFBSSxDQUFDLEVBQUUsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLEVBQUUsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTLEVBQUUsVUFBVSxFQUFFLEdBQUcsQ0FBQyxVQUFVLEVBQUUsRUFBRSxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDOzRCQUNyRyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsRUFBRSxNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVMsRUFBRSxVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVUsRUFBRSxTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7d0JBQ2pJLENBQUM7d0JBQ0QsT0FBTyxLQUFLLENBQUM7b0JBQ2YsQ0FBQztvQkFDRCxJQUFJLEVBQUUsS0FBSyxFQUFFLE1BQWMsRUFBRSxTQUFpQixFQUFFLFVBQWtCLEVBQUUsRUFBVyxFQUFFLEVBQUU7d0JBQ2pGLElBQUksVUFBOEIsQ0FBQzt3QkFDbkMsSUFBSSxTQUE2QixDQUFDO3dCQUNsQyxJQUFJLENBQUM7NEJBQ0gsTUFBTSxJQUFJLEdBQUcsSUFBSSxPQUFPLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsQ0FBQzs0QkFDM0QsVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQzs0QkFDOUMsU0FBUyxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQzt3QkFDakQsQ0FBQzt3QkFBQyxNQUFNLENBQUMsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO3dCQUNwQyxJQUFJLEdBQUcsR0FBRyxNQUFNLFlBQVksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLENBQUM7d0JBQ2xELElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQzs0QkFDVCxHQUFHLEdBQUcsSUFBSSxZQUFZLEVBQUUsQ0FBQzs0QkFDekIsR0FBRyxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7d0JBQ3RCLENBQUM7d0JBQ0QsR0FBRyxDQUFDLFNBQVMsR0FBRyxTQUFTLENBQUM7d0JBQzFCLEdBQUcsQ0FBQyxVQUFVLEdBQUcsVUFBVSxDQUFDO3dCQUM1QixHQUFHLENBQUMsRUFBRSxHQUFHLEVBQUUsSUFBSSxFQUFFLENBQUM7d0JBQ2xCLEdBQUcsQ0FBQyxVQUFVLEdBQUcsVUFBVSxJQUFJLENBQUMsQ0FBQzt3QkFDakMsR0FBRyxDQUFDLFNBQVMsR0FBRyxTQUFTLElBQUksQ0FBQyxDQUFDO3dCQUMvQixNQUFNLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztvQkFDbkIsQ0FBQztvQkFDRCxNQUFNLEVBQUUsS0FBSyxFQUFFLE1BQWMsRUFBRSxFQUFFO3dCQUMvQixNQUFNLEdBQUcsR0FBRyxNQUFNLFlBQVksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLENBQUM7d0JBQ3BELElBQUksR0FBRyxFQUFFLENBQUM7NEJBQ1IsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7d0JBQ3JCLENBQUM7b0JBQ0gsQ0FBQztpQkFDRjthQUNGLENBQUM7WUFFRixzQ0FBc0M7WUFDdEMsSUFBSSxDQUFDLHNCQUFzQixHQUFHLElBQUksc0JBQXNCLEVBQUUsQ0FBQztZQUUzRCw4RkFBOEY7WUFDOUYsc0ZBQXNGO1lBQ3RGLDJFQUEyRTtZQUMzRSxJQUFJLGlCQUFpQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDakMsd0VBQXdFO2dCQUN4RSxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztvQkFDbkIsSUFBSSxDQUFDLGNBQWMsR0FBRyxLQUFLLENBQUM7b0JBQzVCLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FDdEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsOEJBQThCLEVBQUUsRUFBRSxLQUFLLEVBQUUsTUFBTSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FDNUUsQ0FBQztnQkFDSixDQUFDO2dCQUNELHNFQUFzRTtnQkFDdEUseUNBQXlDO2dCQUN6QyxJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksT0FBTyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUM7b0JBQy9DLFlBQVksRUFBRSxNQUFPLENBQUMsWUFBWTtvQkFDbEMsV0FBVyxFQUFFLElBQUksd0JBQXdCLEVBQUU7b0JBQzNDLFdBQVcsRUFBRSxNQUFPLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLGFBQWE7b0JBQ2pFLGlCQUFpQixFQUFFLGlCQUFpQjtvQkFDcEMsaUJBQWlCLEVBQUUsQ0FBQyxRQUFRLENBQUM7aUJBQzlCLENBQUMsQ0FBQztnQkFFSCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsc0JBQXNCLENBQUM7Z0JBQzlDLGdCQUFnQixDQUFDLHFCQUFxQixHQUFHLEtBQUssRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLEVBQUU7b0JBQ3BFLG1GQUFtRjtvQkFDbkYsSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQzt3QkFDekIsVUFBVSxDQUFDLElBQUksQ0FBQyw4REFBOEQsTUFBTSxFQUFFLENBQUMsQ0FBQzt3QkFDeEYsT0FBTyxRQUFRLENBQUM7b0JBQ2xCLENBQUM7b0JBRUQsNENBQTRDO29CQUM1QyxJQUFJLE1BQU0sU0FBUyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO3dCQUN4QyxNQUFNLElBQUksR0FBRyxNQUFNLFNBQVMsQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7d0JBQ3BELE1BQU0sR0FBRyxHQUFHLFVBQVUsTUFBTSxtQkFBbUIsSUFBSSxFQUFFLFFBQVEsMkJBQTJCLElBQUksRUFBRSxVQUFVLEVBQUUsQ0FBQzt3QkFDM0csVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQzt3QkFDckIsTUFBTSxJQUFJLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztvQkFDdkIsQ0FBQztvQkFFRCxJQUFJLENBQUM7d0JBQ0gsbUZBQW1GO3dCQUNuRixVQUFVLENBQUMsR0FBRyxDQUFDLHVDQUF1QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO3dCQUNoRSxVQUFVLENBQUMsU0FBUyxDQUFDLGtCQUFrQixDQUFDLENBQUM7d0JBQ3pDLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQzt3QkFDakQsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBVSxDQUFDLHVCQUF1QixDQUFDLE1BQU0sRUFBRTs0QkFDakUsZUFBZSxFQUFFLENBQUMsZ0JBQWdCO3lCQUNuQyxDQUFDLENBQUM7d0JBQ0gsK0VBQStFO3dCQUMvRSxJQUFJLGNBQWMsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDO3dCQUNyQyxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQzs0QkFDbkIsSUFBSSxDQUFDO2dDQUNILE1BQU0sSUFBSSxHQUFHLElBQUksT0FBTyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO2dDQUNoRSxjQUFjLEdBQUcsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDOzRCQUNwRCxDQUFDOzRCQUFDLE1BQU0sQ0FBQyxDQUFDLG1DQUFtQyxDQUFDLENBQUM7d0JBQ2pELENBQUM7d0JBQ0QsSUFBSSxjQUFjLEVBQUUsQ0FBQzs0QkFDbkIsVUFBVSxDQUFDLGFBQWEsQ0FBQyxJQUFJLElBQUksQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDO3dCQUNyRCxDQUFDO3dCQUNELE1BQU0sTUFBTSxHQUFHOzRCQUNiLEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRTs0QkFDWCxVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7NEJBQzNCLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTzs0QkFDckIsVUFBVSxFQUFFLGNBQWM7NEJBQzFCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTs0QkFDM0IsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTOzRCQUN6QixHQUFHLEVBQUUsSUFBSSxDQUFDLEdBQUc7eUJBQ2QsQ0FBQzt3QkFFRiw4QkFBOEI7d0JBQzlCLE1BQU0sU0FBUyxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQzt3QkFDckMsT0FBTyxNQUFNLENBQUM7b0JBQ2hCLENBQUM7b0JBQUMsT0FBTyxHQUFZLEVBQUUsQ0FBQzt3QkFDdEIsc0NBQXNDO3dCQUN0QyxNQUFNLFNBQVMsQ0FBQyxhQUFhLENBQUMsTUFBTSxFQUFHLEdBQWEsQ0FBQyxPQUFPLENBQUMsQ0FBQzt3QkFDOUQsVUFBVSxDQUFDLElBQUksQ0FBQywrQkFBK0IsTUFBTSxLQUFNLEdBQWEsQ0FBQyxPQUFPLDJCQUEyQixDQUFDLENBQUM7d0JBQzdHLE9BQU8sUUFBUSxDQUFDO29CQUNsQixDQUFDO2dCQUNILENBQUMsQ0FBQztZQUNKLENBQUM7WUFFRCw4RUFBOEU7WUFDOUUsdUVBQXVFO1lBQ3ZFLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsRUFBRSxPQUFPLEVBQUUsQ0FBQztnQkFDOUMsZ0JBQWdCLENBQUMsbUJBQW1CLEdBQUcsSUFBSSxDQUFDO2dCQUM1QyxnQkFBZ0IsQ0FBQyxRQUFRLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUM1QyxDQUFDO1lBRUQseUZBQXlGO1lBQ3pGLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsT0FBTyxFQUFFLENBQUM7Z0JBQ3BDLGdCQUFnQixDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQztnQkFDNUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsRUFBRSxDQUFDO29CQUMvQixnQkFBZ0IsQ0FBQyxRQUFRLEdBQUcsRUFBRSxDQUFDO2dCQUNqQyxDQUFDO2dCQUNELElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7b0JBQ3JELGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7Z0JBQzlDLENBQUM7WUFDSCxDQUFDO1lBRUQsNkJBQTZCO1lBQzdCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHdDQUF3QyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsTUFBTSxVQUFVLGdCQUFnQixDQUFDLElBQUksRUFBRSxPQUFPLDJCQUEyQixDQUFDLENBQUMsZ0JBQWdCLENBQUMscUJBQXFCLEVBQUUsQ0FBQyxDQUFDO1lBRXpNLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1lBRXRFLHlCQUF5QjtZQUN6QixJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxHQUFHLEVBQUUsRUFBRTtnQkFDbEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUscUJBQXFCLEdBQUcsQ0FBQyxPQUFPLEVBQUUsRUFBRSxFQUFFLEtBQUssRUFBRSxHQUFHLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQztZQUNoRixDQUFDLENBQUMsQ0FBQztZQUVILDhGQUE4RjtZQUM5RixxRUFBcUU7WUFDckUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsb0JBQW9CLEVBQUUsQ0FBQyxLQUFpRCxFQUFFLEVBQUU7Z0JBQzdGLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDBCQUEwQixLQUFLLENBQUMsTUFBTSxRQUFRLEtBQUssQ0FBQyxNQUFNLGFBQWEsS0FBSyxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUM7Z0JBQzlHLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQzlELElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRTtvQkFDMUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxVQUFVO29CQUMzQixVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVUsRUFBRSxRQUFRLEVBQUUsSUFBSSxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUU7b0JBQ2hFLE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTTtpQkFDckIsQ0FBQyxDQUFDO1lBQ0wsQ0FBQyxDQUFDLENBQUM7WUFFSCxxRkFBcUY7WUFDckYsd0ZBQXdGO1lBQ3hGLG1GQUFtRjtZQUVuRixJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQyxvQkFBb0IsRUFBRSxDQUFDLEtBQWlELEVBQUUsRUFBRTtnQkFDN0YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsMEJBQTBCLEtBQUssQ0FBQyxNQUFNLEtBQUssS0FBSyxDQUFDLE1BQU0sTUFBTSxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQztnQkFDaEcsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDOUQsSUFBSSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsTUFBTSxFQUFFO29CQUMxQyxNQUFNLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsS0FBSyxDQUFDLEtBQUs7b0JBQ2hELE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTTtpQkFDckIsQ0FBQyxDQUFDO1lBQ0wsQ0FBQyxDQUFDLENBQUM7WUFFSCxtQkFBbUI7WUFDbkIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsd0JBQXdCLENBQUMsQ0FBQztZQUM3QyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDOUIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsaUNBQWlDLENBQUMsQ0FBQztZQUV0RCx1RUFBdUU7WUFDdkUsS0FBSyxNQUFNLEtBQUssSUFBSSxpQkFBaUIsRUFBRSxDQUFDO2dCQUN0QyxJQUFJLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztvQkFDakQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztvQkFDOUQsSUFBSSxVQUE4QixDQUFDO29CQUNuQyxJQUFJLFFBQTRCLENBQUM7b0JBRWpDLHFFQUFxRTtvQkFDckUsSUFBSSxLQUFLLENBQUMsVUFBVSxFQUFFLENBQUM7d0JBQ3JCLFVBQVUsR0FBRyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7b0JBQ3hELENBQUM7b0JBQ0QsSUFBSSxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7d0JBQ3BCLFFBQVEsR0FBRyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7b0JBQ3JELENBQUM7b0JBRUQseURBQXlEO29CQUN6RCxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7d0JBQ2hCLElBQUksQ0FBQzs0QkFDSCxNQUFNLFdBQVcsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLENBQUM7NEJBQ3ZELE1BQU0sUUFBUSxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7NEJBQ3hDLE1BQU0sVUFBVSxHQUFHLFFBQVEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxXQUFXLENBQUM7NEJBQ3BGLE1BQU0sT0FBTyxHQUFHLE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUM7bUNBQ3JELENBQUMsVUFBVSxLQUFLLFdBQVcsQ0FBQyxDQUFDLENBQUMsTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQzs0QkFDdkYsSUFBSSxPQUFPLEVBQUUsVUFBVSxFQUFFLENBQUM7Z0NBQ3hCLFVBQVUsR0FBRyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7NEJBQzFELENBQUM7NEJBQ0QsSUFBSSxPQUFPLEVBQUUsT0FBTyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7Z0NBQ2xDLFFBQVEsR0FBRyxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7NEJBQ3JELENBQUM7d0JBQ0gsQ0FBQzt3QkFBQyxNQUFNLENBQUMsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO29CQUN6QyxDQUFDO29CQUVELDhDQUE4QztvQkFDOUMsSUFBSSxDQUFDLFVBQVUsSUFBSSxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7d0JBQ25DLElBQUksQ0FBQzs0QkFDSCxNQUFNLElBQUksR0FBRyxJQUFJLE9BQU8sQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQzs0QkFDakUsVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQzs0QkFDbEQsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO2dDQUNkLFFBQVEsR0FBRyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7NEJBQ3BELENBQUM7d0JBQ0gsQ0FBQzt3QkFBQyxNQUFNLENBQUMsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO29CQUN0QyxDQUFDO29CQUVELElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRTt3QkFDMUMsTUFBTSxFQUFFLE9BQU87d0JBQ2YsVUFBVTt3QkFDVixVQUFVO3dCQUNWLFFBQVE7d0JBQ1IsTUFBTSxFQUFFLFlBQVk7cUJBQ3JCLENBQUMsQ0FBQztnQkFDTCxDQUFDO1lBQ0gsQ0FBQztZQUNELElBQUksaUJBQWlCLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNqQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvQ0FBb0MsaUJBQWlCLENBQUMsTUFBTSx5QkFBeUIsQ0FBQyxDQUFDO1lBQzVHLENBQUM7WUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwyQkFBMkIsTUFBTSxDQUFDLE1BQU0sU0FBUyxDQUFDLENBQUM7UUFDeEUsQ0FBQztJQUNILENBQUM7SUFJRDs7T0FFRztJQUNLLG1CQUFtQixDQUFDLFdBQXVDO1FBQ2pFLE1BQU0sV0FBVyxHQUFzQyxFQUFFLENBQUM7UUFFMUQsb0NBQW9DO1FBQ3BDLEtBQUssTUFBTSxJQUFJLElBQUksV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ3JDLDREQUE0RDtZQUM1RCxJQUFJLFNBQVMsR0FBRyxhQUFhLENBQUM7WUFDOUIsSUFBSSxPQUFPLEdBQUcsYUFBYSxDQUFDO1lBRTVCLDJDQUEyQztZQUMzQyxRQUFRLElBQUksRUFBRSxDQUFDO2dCQUNiLEtBQUssRUFBRSxFQUFFLE9BQU87b0JBQ2QsU0FBUyxHQUFHLFlBQVksQ0FBQztvQkFDekIsT0FBTyxHQUFHLGFBQWEsQ0FBQyxDQUFDLG1DQUFtQztvQkFDNUQsTUFBTTtnQkFFUixLQUFLLEdBQUcsRUFBRSxhQUFhO29CQUNyQixTQUFTLEdBQUcsa0JBQWtCLENBQUM7b0JBQy9CLE9BQU8sR0FBRyxhQUFhLENBQUMsQ0FBQyxtQ0FBbUM7b0JBQzVELE1BQU07Z0JBRVIsS0FBSyxHQUFHLEVBQUUsUUFBUTtvQkFDaEIsU0FBUyxHQUFHLGFBQWEsQ0FBQztvQkFDMUIsT0FBTyxHQUFHLFdBQVcsQ0FBQyxDQUFDLCtDQUErQztvQkFDdEUsTUFBTTtnQkFFUjtvQkFDRSxTQUFTLEdBQUcsY0FBYyxJQUFJLFFBQVEsQ0FBQztvQkFDdkMsT0FBTyxHQUFHLGFBQWEsQ0FBQztvQkFFeEIsbURBQW1EO29CQUNuRCxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLFlBQVk7d0JBQzFDLElBQUksQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO3dCQUNwRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7d0JBRXJFLGtFQUFrRTt3QkFDbEUsSUFBSSxZQUFZLENBQUMsWUFBWSxFQUFFLENBQUM7NEJBQzlCLE9BQU8sR0FBRyxXQUFXLENBQUM7d0JBQ3hCLENBQUM7d0JBRUQsdUNBQXVDO3dCQUN2QyxJQUFJLFlBQVksQ0FBQyxTQUFTLEVBQUUsQ0FBQzs0QkFDM0IsU0FBUyxHQUFHLFlBQVksQ0FBQyxTQUFTLENBQUM7d0JBQ3JDLENBQUM7b0JBQ0gsQ0FBQztvQkFDRCxNQUFNO1lBQ1YsQ0FBQztZQUVELGdFQUFnRTtZQUNoRSxNQUFNLGtCQUFrQixHQUEyQjtnQkFDakQsRUFBRSxFQUFFLEtBQUssRUFBSSxPQUFPO2dCQUNwQixHQUFHLEVBQUUsS0FBSyxFQUFHLGFBQWE7Z0JBQzFCLEdBQUcsRUFBRSxLQUFLLENBQUcsUUFBUTthQUN0QixDQUFDO1lBRUYsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsV0FBVyxJQUFJLGtCQUFrQixDQUFDO1lBQ3BGLE1BQU0sWUFBWSxHQUFHLFdBQVcsQ0FBQyxJQUFJLENBQUMsSUFBSSxJQUFJLEdBQUcsS0FBSyxDQUFDO1lBRXZELElBQUksTUFBTSxHQUFRO2dCQUNoQixJQUFJLEVBQUUsU0FBUztnQkFDZixPQUFPLEVBQUUsQ0FBQzt3QkFDUixJQUFJLEVBQUUsV0FBVyxFQUFFLG1DQUFtQzt3QkFDdEQsSUFBSSxFQUFFLFlBQVk7cUJBQ25CLENBQUM7Z0JBQ0YsR0FBRyxFQUFFO29CQUNILElBQUksRUFBRSxPQUFjO2lCQUNyQjthQUNGLENBQUM7WUFFRiwrQ0FBK0M7WUFDL0MsSUFBSSxPQUFPLEtBQUssV0FBVyxJQUFJLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDMUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDO1lBQ2xDLENBQUM7WUFFRCxpQ0FBaUM7WUFDakMsTUFBTSxXQUFXLEdBQW9DO2dCQUNuRCxJQUFJLEVBQUUsU0FBUztnQkFDZixLQUFLLEVBQUU7b0JBQ0wsS0FBSyxFQUFFLENBQUMsSUFBSSxDQUFDO2lCQUNkO2dCQUNELE1BQU0sRUFBRSxNQUFNO2FBQ2YsQ0FBQztZQUVGLDRCQUE0QjtZQUM1QixXQUFXLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ2hDLENBQUM7UUFFRCxPQUFPLFdBQVcsQ0FBQztJQUNyQixDQUFDO0lBRUQ7O09BRUc7SUFDSyxpQkFBaUI7UUFDdkIsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6RSxPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBc0MsRUFBRSxDQUFDO1FBRXhELHlDQUF5QztRQUN6QyxNQUFNLFFBQVEsR0FBRyxDQUFDLFlBQVksRUFBRSxVQUFVLENBQUMsQ0FBQztRQUU1QyxpREFBaUQ7UUFDakQsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUV2RCxLQUFLLE1BQU0sSUFBSSxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQzVCLE1BQU0sUUFBUSxHQUFvQztnQkFDaEQsSUFBSSxFQUFFLGtCQUFrQixJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsRUFBRTtnQkFDL0MsS0FBSyxFQUFFO29CQUNMLEtBQUssRUFBRSxDQUFDLEdBQUcsQ0FBQyxFQUFFLHFCQUFxQjtvQkFDbkMsT0FBTyxFQUFFLENBQUMsaUJBQWlCLENBQUM7b0JBQzVCLElBQUksRUFBRSxJQUFJO2lCQUNYO2dCQUNELE1BQU0sRUFBRTtvQkFDTixJQUFJLEVBQUUsZ0JBQXVCO29CQUM3QixhQUFhLEVBQUUsSUFBSSxDQUFDLHNCQUFzQixFQUFFO2lCQUN0QzthQUNULENBQUM7WUFFRixTQUFTLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzNCLENBQUM7UUFFRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSyxhQUFhLENBQUMsTUFBYyxFQUFFLE9BQWU7UUFDbkQsTUFBTSxHQUFHLE1BQU0sQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUM5QixPQUFPLEdBQUcsT0FBTyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBRWhDLElBQUksTUFBTSxLQUFLLE9BQU87WUFBRSxPQUFPLElBQUksQ0FBQztRQUVwQyxpRkFBaUY7UUFDakYsSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQ3pELE1BQU0sVUFBVSxHQUFHLE9BQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxxQ0FBcUM7WUFDMUUsSUFBSSxNQUFNLEtBQUssVUFBVSxJQUFJLE1BQU0sS0FBSyxLQUFLLFVBQVUsRUFBRTtnQkFBRSxPQUFPLElBQUksQ0FBQztZQUN2RSxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLElBQUksTUFBTSxDQUFDLE1BQU0sR0FBRyxVQUFVLENBQUMsTUFBTTtnQkFBRSxPQUFPLElBQUksQ0FBQztRQUNwRixDQUFDO1FBRUQsMkVBQTJFO1FBQzNFLElBQUksT0FBTyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQzdCLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDaEMsSUFBSSxNQUFNLEtBQUssTUFBTTtnQkFBRSxPQUFPLElBQUksQ0FBQztZQUNuQyxPQUFPLE1BQU0sQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLElBQUksTUFBTSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDO1FBQ2xFLENBQUM7UUFFRCxPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRDs7T0FFRztJQUNJLHVCQUF1QixDQUFDLE1BQWM7UUFDM0MsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVO1lBQUUsT0FBTyxFQUFFLENBQUM7UUFDaEMsTUFBTSxLQUFLLEdBQWEsRUFBRSxDQUFDO1FBQzNCLEtBQUssTUFBTSxLQUFLLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQztZQUM3RCxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSTtnQkFBRSxTQUFTO1lBQ2xELE1BQU0sWUFBWSxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUM7Z0JBQ3JELENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQU87Z0JBQ3JCLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDMUIsS0FBSyxNQUFNLE9BQU8sSUFBSSxZQUFZLEVBQUUsQ0FBQztnQkFDbkMsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsRUFBRSxDQUFDO29CQUN4QyxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztvQkFDdkIsTUFBTSxDQUFDLDhEQUE4RDtnQkFDdkUsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRU0sS0FBSyxDQUFDLElBQUk7UUFDZixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwrQkFBK0IsQ0FBQyxDQUFDO1FBRXBELDJEQUEyRDtRQUMzRCxJQUFJLElBQUksQ0FBQywwQkFBMEIsRUFBRSxDQUFDO1lBQ3BDLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUM5QyxJQUFJLENBQUMsMEJBQTBCLEdBQUcsU0FBUyxDQUFDO1FBQzlDLENBQUM7UUFFRCw2REFBNkQ7UUFDN0QsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRWpDLHdDQUF3QztRQUN4QyxJQUFJLElBQUksQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1lBQ2hDLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNwQyxJQUFJLENBQUMsc0JBQXNCLEdBQUcsU0FBUyxDQUFDO1FBQzFDLENBQUM7UUFFRCxJQUFJLENBQUMsb0JBQW9CLENBQUMsS0FBSyxFQUFFLENBQUM7UUFFbEMsd0NBQXdDO1FBQ3hDLGNBQWMsQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUMvQixjQUFjLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDL0IsbUJBQW1CLENBQUMsYUFBYSxFQUFFLENBQUM7UUFFcEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsK0JBQStCLENBQUMsQ0FBQztJQUN0RCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksS0FBSyxDQUFDLHNCQUFzQixDQUFDLE1BQTZDO1FBQy9FLHNDQUFzQztRQUN0QyxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNwQixJQUFJLENBQUMsVUFBVSxDQUFDLGtCQUFrQixFQUFFLENBQUM7WUFDckMsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzdCLElBQUksQ0FBQyxVQUFVLEdBQUcsU0FBUyxDQUFDO1FBQzlCLENBQUM7UUFFRCx1QkFBdUI7UUFDdkIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsR0FBRyxNQUFNLENBQUM7UUFFdkMseUVBQXlFO1FBQ3pFLE1BQU0sSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBRTdCLDJEQUEyRDtRQUMzRCxJQUFJLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQzVCLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLFVBQVUsQ0FDdEMsSUFBSSxDQUFDLGdCQUEyRixFQUNoRyxJQUFJLENBQUMsZUFBMEYsRUFDL0YsSUFBSSxDQUFDLGFBQXdGLENBQzlGLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsa0NBQWtDLENBQUMsQ0FBQztJQUN6RCxDQUFDO0lBSUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLHlCQUF5QjtRQUNyQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUM5QixNQUFNLElBQUksS0FBSyxDQUFDLDREQUE0RCxDQUFDLENBQUM7UUFDaEYsQ0FBQztRQUVELDBDQUEwQztRQUMxQyxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxXQUFXLElBQUk7WUFDL0QsRUFBRSxFQUFFLEtBQUssRUFBSSxPQUFPO1lBQ3BCLEdBQUcsRUFBRSxLQUFLLEVBQUcsYUFBYTtZQUMxQixHQUFHLEVBQUUsS0FBSyxDQUFHLFFBQVE7U0FDdEIsQ0FBQztRQUVGLG9EQUFvRDtRQUNwRCxJQUFJLGtCQUFrQixHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQztRQUMxRCxJQUFJLGtCQUFrQixJQUFJLGtCQUFrQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN4RCw0REFBNEQ7WUFDNUQsSUFBSSxPQUFPLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxLQUFLLFFBQVEsRUFBRSxDQUFDO2dCQUM5QyxrQkFBa0IsR0FBSSxrQkFBMEIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFjLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBQ3hFLE1BQU07b0JBQ04sT0FBTyxFQUFFLGNBQXVCO29CQUNoQyxJQUFJLEVBQUU7d0JBQ0osUUFBUSxFQUFFLFNBQVM7d0JBQ25CLE9BQU8sRUFBRSxJQUFJO3dCQUNiLFVBQVUsRUFBRSxLQUFLO3dCQUNqQixnQkFBZ0IsRUFBRSxFQUFFO3FCQUNyQjtpQkFDRixDQUFDLENBQUMsQ0FBQztZQUNOLENBQUM7UUFDSCxDQUFDO1FBRUQsa0NBQWtDO1FBQ2xDLE1BQU0sV0FBVyxHQUErQjtZQUM5QyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVztZQUMzQixPQUFPLEVBQUUsa0JBQWtCO1lBQzNCLEtBQUssRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLElBQUksR0FBRyxLQUFLLENBQUM7WUFDcEYsUUFBUSxFQUFFLFdBQVcsQ0FBQyxnREFBZ0Q7U0FDdkUsQ0FBQztRQUVGLDhCQUE4QjtRQUM5QixJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksa0JBQWtCLENBQUMsSUFBSSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1FBRTdELHdCQUF3QjtRQUN4QixJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxHQUFVLEVBQUUsRUFBRTtZQUMxQyxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSw2QkFBNkIsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDbEUsQ0FBQyxDQUFDLENBQUM7UUFFSCxtQkFBbUI7UUFDbkIsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDO1FBRS9CLG9EQUFvRDtRQUNwRCxJQUFJLElBQUksQ0FBQyxjQUFjLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUMzRCxJQUFJLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxFQUFFLENBQUMsZUFBZSxFQUFFLENBQUMsSUFBUyxFQUFFLEVBQUU7Z0JBQ2hFLElBQUksQ0FBQyxjQUFlLENBQUMsa0JBQWtCLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNwRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwyQkFBMkIsSUFBSSxFQUFFLElBQUksTUFBTSxJQUFJLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUMvRixDQUFDLENBQUMsQ0FBQztZQUNILElBQUksQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDLElBQVMsRUFBRSxFQUFFO2dCQUNsRSxJQUFJLENBQUMsY0FBZSxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQzlDLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHNCQUFzQixJQUFJLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUMxRSxDQUFDLENBQUMsQ0FBQztZQUNILElBQUksQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLEVBQUUsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDLElBQVMsRUFBRSxLQUFVLEVBQUUsRUFBRTtnQkFDN0UsSUFBSSxDQUFDLGNBQWUsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLEVBQUUsRUFBRSxFQUFFLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztnQkFDaEUsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNEJBQTRCLElBQUksRUFBRSxFQUFFLEtBQUssS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDbkcsQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsY0FBYyxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUM1QyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxpQkFBaUIsRUFBRSxHQUFHLEVBQUU7Z0JBQzFDLElBQUksQ0FBQyxjQUFlLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztnQkFDekMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsd0JBQXdCLEVBQUUsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUNsRSxDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxrQ0FBa0MsV0FBVyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRDs7O09BR0c7SUFDSSxLQUFLLENBQUMsaUJBQWlCLENBQUMsTUFBa0M7UUFDL0QsaUNBQWlDO1FBQ2pDLE1BQU0sSUFBSSxDQUFDLDBCQUEwQixFQUFFLENBQUM7UUFFeEMsdUJBQXVCO1FBQ3ZCLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQztRQUVsQyw4Q0FBOEM7UUFDOUMsTUFBTSxJQUFJLENBQUMseUJBQXlCLEVBQUUsQ0FBQztRQUV2QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxxQ0FBcUMsQ0FBQyxDQUFDO0lBQzVELENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQywwQkFBMEI7UUFDdEMsSUFBSSxDQUFDO1lBQ0gsOERBQThEO1lBQzlELElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO2dCQUNyQiw0RUFBNEU7Z0JBQzVFLElBQUssSUFBSSxDQUFDLFdBQW1CLENBQUMsY0FBYyxFQUFFLENBQUM7b0JBQzVDLElBQUksQ0FBQyxXQUFtQixDQUFDLGNBQWMsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO2dCQUNoRSxDQUFDO2dCQUNELElBQUksQ0FBQyxXQUFXLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztnQkFDdEMsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUM5QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw4QkFBOEIsQ0FBQyxDQUFDO2dCQUNuRCxJQUFJLENBQUMsV0FBVyxHQUFHLFNBQVMsQ0FBQztZQUMvQixDQUFDO1lBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsc0NBQXNDLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBQUMsT0FBTyxLQUFjLEVBQUUsQ0FBQztZQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSw0Q0FBNkMsS0FBZSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDNUYsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7T0FHRztJQUNJLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxNQUFxQjtRQUNsRCxvQ0FBb0M7UUFDcEMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDOUIsTUFBTSxJQUFJLEtBQUssQ0FBQyx3REFBd0QsQ0FBQyxDQUFDO1FBQzVFLENBQUM7UUFFRCwyQkFBMkI7UUFDM0IsSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQztRQUV6QywrQ0FBK0M7UUFDL0MsSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDckIsSUFBSSxDQUFDLFdBQVcsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUM3QyxDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNkJBQTZCLE1BQU0sQ0FBQyxNQUFNLFNBQVMsQ0FBQyxDQUFDO0lBQzFFLENBQUM7SUFFRDs7T0FFRztJQUNJLFFBQVE7UUFDYixNQUFNLEtBQUssR0FBUTtZQUNqQixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVcsRUFBRSxRQUFRLEVBQUU7U0FDMUMsQ0FBQztRQUVGLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVEOzs7T0FHRztJQUNLLGtCQUFrQixDQUFDLE9BQXlFO1FBQ2xHLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUztZQUFFLE9BQU87UUFFNUIsOENBQThDO1FBQzlDLGtGQUFrRjtRQUNsRixLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQzdCLDRDQUE0QztZQUM1QyxJQUFJLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsUUFBUSxFQUFFLEVBQUU7Z0JBQ3RFLDZDQUE2QztnQkFDN0MsSUFBSSxRQUFRLENBQUMsSUFBSSxLQUFLLE1BQU0sQ0FBQyxJQUFJLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7b0JBQ25FLE9BQU87d0JBQ0wsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJO3dCQUNqQixJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUk7d0JBQ2pCLEtBQUssRUFBRSxJQUFJO3dCQUNYLEdBQUcsRUFBRSxNQUFNLENBQUMsR0FBRyxJQUFJLEdBQUc7d0JBQ3RCLElBQUksRUFBRSxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsS0FBSyxDQUFDO3FCQUN6RCxDQUFDO2dCQUNKLENBQUM7Z0JBRUQsT0FBTyxJQUFJLENBQUM7WUFDZCxDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxjQUFjLE9BQU8sQ0FBQyxNQUFNLGdDQUFnQyxDQUFDLENBQUM7SUFDbkYsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ssa0JBQWtCLENBQUMsSUFBWSxFQUFFLEtBQWE7UUFDcEQsUUFBUSxJQUFJLEVBQUUsQ0FBQztZQUNiLEtBQUssR0FBRztnQkFDTixPQUFPLEtBQUssQ0FBQyxDQUFDLHVCQUF1QjtZQUN2QyxLQUFLLElBQUk7Z0JBQ1AsTUFBTSxDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUM5QyxPQUFPLEVBQUUsUUFBUSxFQUFFLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxRQUFRLEVBQUUsQ0FBQztZQUNwRCxLQUFLLEtBQUs7Z0JBQ1IsT0FBTyxLQUFLLENBQUM7WUFDZixLQUFLLElBQUk7Z0JBQ1AsT0FBTyxLQUFLLENBQUM7WUFDZixLQUFLLEtBQUs7Z0JBQ1IseUVBQXlFO2dCQUN6RSxNQUFNLEtBQUssR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUMvQixPQUFPO29CQUNMLEtBQUssRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDO29CQUNmLEtBQUssRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDO29CQUNmLE1BQU0sRUFBRSxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO29CQUMxQixPQUFPLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztvQkFDM0IsS0FBSyxFQUFFLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7b0JBQ3pCLE1BQU0sRUFBRSxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO29CQUMxQixPQUFPLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztpQkFDNUIsQ0FBQztZQUNKO2dCQUNFLE9BQU8sS0FBSyxDQUFDO1FBQ2pCLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMseUJBQXlCO1FBQ3JDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDekUsTUFBTSxJQUFJLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFFRCxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ25FLE1BQU0sSUFBSSxLQUFLLENBQUMsNENBQTRDLENBQUMsQ0FBQztRQUNoRSxDQUFDO1FBRUQsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN2RCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxrREFBa0QsaUJBQWlCLEVBQUUsQ0FBQyxDQUFDO1FBRTFGLG9DQUFvQztRQUNwQyxNQUFNLGlCQUFpQixHQUFHLE9BQU8sQ0FBQyxFQUFFLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztRQUN6RCxJQUFJLFdBQVcsR0FBRyxTQUFTLENBQUMsQ0FBQyw0QkFBNEI7UUFFekQsMkNBQTJDO1FBQzNDLEtBQUssTUFBTSxDQUFDLEtBQUssRUFBRSxVQUFVLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztZQUNwRSxJQUFJLFVBQVUsRUFBRSxDQUFDO2dCQUNmLEtBQUssTUFBTSxLQUFLLElBQUksVUFBVSxFQUFFLENBQUM7b0JBQy9CLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxJQUFJLEtBQUssQ0FBQyxNQUFNLEtBQUssTUFBTSxFQUFFLENBQUM7d0JBQy9DLFdBQVcsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDO3dCQUM1QixNQUFNO29CQUNSLENBQUM7Z0JBQ0gsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQsb0RBQW9EO1FBQ3BELElBQUksQ0FBQyxTQUFTLEdBQUcsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUM7WUFDM0QsT0FBTyxFQUFFLEVBQUU7WUFDWCxnQkFBZ0IsRUFBRSxXQUFXO1lBQzdCLFNBQVMsRUFBRSxHQUFHLEVBQUUsNkNBQTZDO1lBQzdELGVBQWUsRUFBRSxJQUFJLEVBQUUsc0NBQXNDO1lBQzdELFVBQVUsRUFBRSxpQkFBaUI7WUFDN0IsaUJBQWlCLEVBQUUsaUJBQWlCLEVBQUUsOENBQThDO1lBQ3BGLHNFQUFzRTtZQUN0RSxRQUFRLEVBQUUsRUFBRTtZQUNaLFNBQVMsRUFBRSxFQUFFO1NBQ2QsQ0FBQyxDQUFDO1FBRUgsa0NBQWtDO1FBQ2xDLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUM3QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2QkFBNkIsV0FBVyxLQUFLLENBQUMsQ0FBQztRQUVsRSxpRkFBaUY7UUFDakYsSUFBSSxJQUFJLENBQUMsY0FBYyxJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUMxQyxNQUFNLGFBQWEsR0FBRyxHQUFHLEVBQUU7Z0JBQ3pCLElBQUksSUFBSSxDQUFDLGFBQWEsR0FBRyxDQUFDLEVBQUUsQ0FBQztvQkFDM0IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsUUFBUSxJQUFJLENBQUMsYUFBYSxtQ0FBbUMsRUFBRSxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO29CQUNuRyxJQUFJLENBQUMsYUFBYSxHQUFHLENBQUMsQ0FBQztnQkFDekIsQ0FBQztnQkFDRCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQztZQUM1QixDQUFDLENBQUM7WUFFRixJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxLQUE0RCxFQUFFLEVBQUU7Z0JBQzFGLG1CQUFtQjtnQkFDbkIsS0FBSyxNQUFNLFFBQVEsSUFBSSxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7b0JBQ3ZDLElBQUksQ0FBQyxjQUFjLEVBQUUsYUFBYSxDQUNoQyxRQUFRLENBQUMsSUFBSSxFQUNiLFFBQVEsQ0FBQyxJQUFJLEVBQ2IsS0FBSyxFQUNMLEtBQUssQ0FBQyxjQUFjLEVBQ3BCLEtBQUssQ0FBQyxRQUFRLENBQ2YsQ0FBQztnQkFDSixDQUFDO2dCQUVELDREQUE0RDtnQkFDNUQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLENBQUM7Z0JBQzdDLElBQUksTUFBTSxLQUFLLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO29CQUN2QyxJQUFJLENBQUMsa0JBQWtCLEdBQUcsTUFBTSxDQUFDO29CQUNqQyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsQ0FBQyxDQUFDO2dCQUM3QixDQUFDO2dCQUVELElBQUksSUFBSSxDQUFDLGlCQUFpQixHQUFHLENBQUMsRUFBRSxDQUFDO29CQUMvQixJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztvQkFDekIsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUMzRSxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxjQUFjLE9BQU8sS0FBSyxLQUFLLENBQUMsY0FBYyxPQUFPLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsWUFBWSxHQUFHLEVBQUUsRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztnQkFDMUksQ0FBQztxQkFBTSxDQUFDO29CQUNOLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztvQkFDckIsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQzt3QkFDeEIsSUFBSSxDQUFDLGFBQWEsR0FBRyxVQUFVLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxDQUFDO29CQUN2RCxDQUFDO2dCQUNILENBQUM7WUFDSCxDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCw2QkFBNkI7UUFDN0IsTUFBTSxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztRQUV0Qyw4Q0FBOEM7UUFDOUMsTUFBTSxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyw0QkFBNEIsRUFBRSxDQUFDO1FBRXZFLDZCQUE2QjtRQUM3QixNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1FBRTdELHdDQUF3QztRQUN4QyxNQUFNLElBQUksQ0FBQyw2QkFBNkIsRUFBRSxDQUFDO1FBRTNDLDREQUE0RDtRQUM1RCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztRQUVqRCxvRUFBb0U7UUFDcEUsTUFBTSxVQUFVLEdBQUcsQ0FBQyxHQUFHLG9CQUFvQixFQUFFLEdBQUcsZUFBZSxFQUFFLEdBQUcsV0FBVyxDQUFDLENBQUM7UUFDakYsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFVBQVUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbEUsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUVELDJDQUEyQztRQUMzQyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUUvQywyQkFBMkI7UUFDM0IsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzFCLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUNwQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxjQUFjLFVBQVUsQ0FBQyxNQUFNLGlCQUFpQixvQkFBb0IsQ0FBQyxNQUFNLG1CQUFtQixlQUFlLENBQUMsTUFBTSxXQUFXLFdBQVcsQ0FBQyxNQUFNLFVBQVUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUUsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUN0TyxDQUFDO1FBRUQsaUVBQWlFO1FBQ2pFLDhDQUE4QztRQUM5QyxJQUFJLElBQUksQ0FBQyxVQUFVLElBQUksSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3RDLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ3hELENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxzQkFBc0I7UUFDNUIsT0FBTyxLQUFLLEVBQUUsTUFBMEIsRUFBRSxFQUFFO1lBQzFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ3BCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDBEQUEwRCxDQUFDLENBQUM7Z0JBQ2hGLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDYixPQUFPO1lBQ1QsQ0FBQztZQUVELHdEQUF3RDtZQUN4RCxNQUFNLENBQUMsRUFBRSxDQUFDLE9BQU8sRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO2dCQUN6QixNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxxQkFBcUIsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7Z0JBQ3hELElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxFQUFFLENBQUM7b0JBQ3RCLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDbkIsQ0FBQztZQUNILENBQUMsQ0FBQyxDQUFDO1lBRUgsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsaURBQWlELENBQUMsQ0FBQztZQUV2RSxJQUFJLENBQUM7Z0JBQ0gsZ0RBQWdEO2dCQUNoRCwwQ0FBMEM7Z0JBQzFDLE1BQU8sSUFBSSxDQUFDLFNBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDMUQsQ0FBQztZQUFDLE9BQU8sS0FBYyxFQUFFLENBQUM7Z0JBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDZCQUE4QixLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFDN0UsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsQ0FBQztvQkFDdEIsTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNuQixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUMsQ0FBQztJQUNKLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyx3QkFBd0I7UUFDcEMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUMxRCxPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGlDQUFpQyxDQUFDLENBQUM7UUFFdEQsNERBQTREO1FBQzVELElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDdEMsS0FBSyxNQUFNLFlBQVksSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDNUQsSUFBSSxZQUFZLENBQUMsT0FBTyxLQUFLLGNBQWM7b0JBQ3ZDLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO29CQUMxRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxpQkFBaUIsWUFBWSxDQUFDLE1BQU0sZ0ZBQWdGLENBQUMsQ0FBQztnQkFDM0ksQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQsdURBQXVEO1FBQ3ZELElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUM1QixLQUFLLE1BQU0sTUFBTSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBQzdDLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUNyRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FDcEQsWUFBWSxLQUFLLEtBQUssSUFBSSxZQUFZLENBQUMsUUFBUSxDQUFDLElBQUksS0FBSyxFQUFFLENBQUMsQ0FDN0QsQ0FBQztnQkFFRixJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7b0JBQ2YsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsbUJBQW1CLE1BQU0sQ0FBQyxJQUFJLGdDQUFnQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUN6SCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMsdUJBQXVCO1FBQ25DLE1BQU0sT0FBTyxHQUFxRSxFQUFFLENBQUM7UUFFckYsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ3ZDLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLENBQUM7UUFFRCx3Q0FBd0M7UUFDeEMsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUNoRSxNQUFNLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEtBQUssY0FBYyxDQUM1QyxDQUFDO1FBRUYsS0FBSyxNQUFNLFlBQVksSUFBSSxrQkFBa0IsRUFBRSxDQUFDO1lBQzlDLE1BQU0sTUFBTSxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUM7WUFDbkMsTUFBTSxHQUFHLEdBQUcsWUFBWSxDQUFDLEdBQUcsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLElBQUksQ0FBQztZQUNwRCxNQUFNLFVBQVUsR0FBRyxZQUFZLENBQUMsR0FBRyxFQUFFLFFBQVEsRUFBRSxVQUFVLElBQUksRUFBRSxDQUFDO1lBRWhFLDZEQUE2RDtZQUM3RCxPQUFPLENBQUMsSUFBSSxDQUFDO2dCQUNYLElBQUksRUFBRSxNQUFNO2dCQUNaLElBQUksRUFBRSxJQUFJO2dCQUNWLEtBQUssRUFBRSxHQUFHLFVBQVUsSUFBSSxNQUFNLEVBQUU7Z0JBQ2hDLEdBQUc7YUFDSixDQUFDLENBQUM7WUFFSCx1Q0FBdUM7WUFDdkMsTUFBTSxTQUFTLEdBQUcsa0JBQWtCLENBQUM7WUFDckMsT0FBTyxDQUFDLElBQUksQ0FBQztnQkFDWCxJQUFJLEVBQUUsTUFBTTtnQkFDWixJQUFJLEVBQUUsS0FBSztnQkFDWCxLQUFLLEVBQUUsU0FBUztnQkFDaEIsR0FBRzthQUNKLENBQUMsQ0FBQztZQUVILHlDQUF5QztZQUN6QyxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsQ0FBQywwQ0FBMEM7WUFDdEUsTUFBTSxVQUFVLEdBQUcsU0FBUyxNQUFNLEVBQUUsQ0FBQztZQUNyQyxPQUFPLENBQUMsSUFBSSxDQUFDO2dCQUNYLElBQUksRUFBRSxVQUFVLE1BQU0sRUFBRTtnQkFDeEIsSUFBSSxFQUFFLEtBQUs7Z0JBQ1gsS0FBSyxFQUFFLGVBQWUsV0FBVyxnQkFBZ0IsVUFBVSxFQUFFO2dCQUM3RCxHQUFHO2FBQ0osQ0FBQyxDQUFDO1lBRUgsMEVBQTBFO1lBQzFFLGlFQUFpRTtRQUNuRSxDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsYUFBYSxPQUFPLENBQUMsTUFBTSwwQkFBMEIsa0JBQWtCLENBQUMsTUFBTSx1QkFBdUIsQ0FBQyxDQUFDO1FBQzFILE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7O09BR0c7SUFDSyxLQUFLLENBQUMsZUFBZTtRQUMzQixNQUFNLE9BQU8sR0FBcUUsRUFBRSxDQUFDO1FBRXJGLElBQUksQ0FBQztZQUNILDRCQUE0QjtZQUM1QixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQztZQUVoRCw0QkFBNEI7WUFDNUIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7Z0JBQ25DLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDhEQUE4RCxDQUFDLENBQUM7Z0JBQ3BGLE9BQU8sT0FBTyxDQUFDO1lBQ2pCLENBQUM7WUFFRCxrQ0FBa0M7WUFDbEMsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLEVBQUUsQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDN0MsTUFBTSxTQUFTLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO1lBRXBFLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLFNBQVMsU0FBUyxDQUFDLE1BQU0sb0JBQW9CLENBQUMsQ0FBQztZQUVsRSx3QkFBd0I7WUFDeEIsS0FBSyxNQUFNLElBQUksSUFBSSxTQUFTLEVBQUUsQ0FBQztnQkFDN0IsSUFBSSxDQUFDO29CQUNILE1BQU0sUUFBUSxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQztvQkFDakQsTUFBTSxXQUFXLEdBQUcsT0FBTyxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxDQUFDO29CQUM5RCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO29CQUUzQyw0QkFBNEI7b0JBQzVCLElBQUksVUFBVSxDQUFDLElBQUksSUFBSSxVQUFVLENBQUMsSUFBSSxLQUFLLEtBQUssSUFBSSxVQUFVLENBQUMsS0FBSyxFQUFFLENBQUM7d0JBQ3JFLE9BQU8sQ0FBQyxJQUFJLENBQUM7NEJBQ1gsSUFBSSxFQUFFLFVBQVUsQ0FBQyxJQUFJOzRCQUNyQixJQUFJLEVBQUUsS0FBSzs0QkFDWCxLQUFLLEVBQUUsVUFBVSxDQUFDLEtBQUs7NEJBQ3ZCLEdBQUcsRUFBRSxJQUFJLENBQUMsb0JBQW9CO3lCQUMvQixDQUFDLENBQUM7d0JBRUgsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMEJBQTBCLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO29CQUNsRSxDQUFDO3lCQUFNLENBQUM7d0JBQ04sTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsb0NBQW9DLElBQUksRUFBRSxDQUFDLENBQUM7b0JBQ2pFLENBQUM7Z0JBQ0gsQ0FBQztnQkFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO29CQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxtQ0FBbUMsSUFBSSxLQUFNLEtBQWUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO2dCQUM5RixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLGdDQUFpQyxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztJQUVEOzs7T0FHRztJQUNLLEtBQUssQ0FBQyw2QkFBNkI7UUFDekMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUM1RCxPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDZDQUE2QyxDQUFDLENBQUM7UUFFbEUsa0VBQWtFO1FBQ2xFLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsV0FBVyxDQUFDO1FBQ2pELElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqQixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx5REFBeUQsQ0FBQyxDQUFDO1lBQzlFLE9BQU87UUFDVCxDQUFDO1FBRUQscUNBQXFDO1FBQ3JDLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLENBQUM7UUFFaEQsMkNBQTJDO1FBQzNDLEtBQUssTUFBTSxZQUFZLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDNUQsSUFBSSxDQUFDO2dCQUNILDZEQUE2RDtnQkFDN0QsNkRBQTZEO2dCQUM3RCxNQUFNLFdBQVcsQ0FBQyx1QkFBdUIsQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLENBQUM7Z0JBQy9ELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDZCQUE2QixZQUFZLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUN6RSxDQUFDO1lBQUMsT0FBTyxLQUFjLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsaUNBQWlDLFlBQVksQ0FBQyxNQUFNLEtBQU0sS0FBZSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDM0csQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw4QkFBOEIsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRDs7O09BR0c7SUFDSyxLQUFLLENBQUMsNEJBQTRCO1FBQ3hDLE1BQU0sT0FBTyxHQUFxRSxFQUFFLENBQUM7UUFFckYsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUMxRCxPQUFPLE9BQU8sQ0FBQztRQUNqQixDQUFDO1FBRUQsbURBQW1EO1FBQ25ELElBQUksUUFBUSxHQUFrQixJQUFJLENBQUM7UUFFbkMsMkRBQTJEO1FBQzNELElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzlELFFBQVEsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLHFCQUFxQjtZQUMxRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw0Q0FBNEMsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUM3RSxDQUFDO2FBQU0sSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2pDLHNDQUFzQztZQUN0QyxRQUFRLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUM7WUFDakMsSUFBSSxDQUFDLGdCQUFnQixHQUFHLFFBQVEsQ0FBQztZQUNqQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx3REFBd0QsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUN6RixDQUFDO2FBQU0sQ0FBQztZQUNOLDZDQUE2QztZQUM3QyxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsdUNBQXVDLENBQUMsQ0FBQztnQkFDNUQsTUFBTSxZQUFZLEdBQUcsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksRUFBRSxDQUFDO2dCQUM3RCxNQUFNLFNBQVMsR0FBRyxNQUFNLFlBQVksQ0FBQyxZQUFZLEVBQUUsQ0FBQztnQkFFcEQsSUFBSSxTQUFTLENBQUMsRUFBRSxFQUFFLENBQUM7b0JBQ2pCLFFBQVEsR0FBRyxTQUFTLENBQUMsRUFBRSxDQUFDO29CQUN4QixJQUFJLENBQUMsZ0JBQWdCLEdBQUcsUUFBUSxDQUFDO29CQUNqQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxnQ0FBZ0MsUUFBUSxFQUFFLENBQUMsQ0FBQztnQkFDakUsQ0FBQztxQkFBTSxDQUFDO29CQUNOLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDZDQUE2QyxDQUFDLENBQUM7Z0JBQ3BFLENBQUM7WUFDSCxDQUFDO1lBQUMsT0FBTyxLQUFjLEVBQUUsQ0FBQztnQkFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsc0NBQXVDLEtBQWUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQ3hGLENBQUM7WUFFRCxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7Z0JBQ2QsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsK0dBQStHLENBQUMsQ0FBQztZQUN0SSxDQUFDO1FBQ0gsQ0FBQztRQUVELDREQUE0RDtRQUM1RCxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQ2IsS0FBSyxNQUFNLFFBQVEsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksRUFBRSxDQUFDO2dCQUNqRCxPQUFPLENBQUMsSUFBSSxDQUFDO29CQUNYLElBQUksRUFBRSxRQUFRO29CQUNkLElBQUksRUFBRSxHQUFHO29CQUNULEtBQUssRUFBRSxRQUFRO29CQUNmLEdBQUcsRUFBRSxJQUFJO2lCQUNWLENBQUMsQ0FBQztZQUNMLENBQUM7WUFDRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwyQkFBMkIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsTUFBTSxjQUFjLENBQUMsQ0FBQztRQUNoRyxDQUFDO1FBRUQsZ0RBQWdEO1FBQ2hELEtBQUssTUFBTSxNQUFNLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUM1QyxxQ0FBcUM7WUFDckMsS0FBSyxNQUFNLFFBQVEsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksRUFBRSxDQUFDO2dCQUNqRCxPQUFPLENBQUMsSUFBSSxDQUFDO29CQUNYLElBQUksRUFBRSxNQUFNO29CQUNaLElBQUksRUFBRSxJQUFJO29CQUNWLEtBQUssRUFBRSxRQUFRO29CQUNmLEdBQUcsRUFBRSxJQUFJO2lCQUNWLENBQUMsQ0FBQztZQUNMLENBQUM7WUFFRCxvRUFBb0U7WUFDcEUsa0RBQWtEO1FBQ3BELENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxhQUFhLE9BQU8sQ0FBQyxNQUFNLCtCQUErQixJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxNQUFNLFVBQVUsQ0FBQyxDQUFDO1FBQ3RILE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7T0FFRztJQUNLLGFBQWEsQ0FBQyxVQUFrQjtRQUN0QyxtQkFBbUI7UUFDbkIsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7WUFDaEMsVUFBVSxHQUFHLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDdkMsQ0FBQztRQUNELE9BQU8sVUFBVSxDQUFDO0lBQ3BCLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxPQUFvRztRQUN4SSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2pFLE9BQU8sQ0FBQyw0Q0FBNEM7UUFDdEQsQ0FBQztRQUVELHlCQUF5QjtRQUN6QixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1FBQ25ELElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNkLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGtFQUFrRSxDQUFDLENBQUM7WUFDdkYsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2Q0FBNkMsUUFBUSxnQkFBZ0IsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUU1SCxJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUM7UUFDbkIsS0FBSyxNQUFNLE1BQU0sSUFBSSxPQUFPLEVBQUUsQ0FBQztZQUM3QixJQUFJLE1BQU0sQ0FBQyxJQUFJLEtBQUssR0FBRztnQkFDbkIsTUFBTSxDQUFDLEtBQUssS0FBSyxRQUFRO2dCQUN6QixNQUFNLENBQUMsZUFBZSxLQUFLLEtBQUssRUFBRSxDQUFDO2dCQUNyQyxnQ0FBZ0M7Z0JBQ2hDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDakYsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMEJBQTBCLE1BQU0sQ0FBQyxJQUFJLEtBQUssTUFBTSxDQUFDLEtBQUssTUFBTSxPQUFPLEVBQUUsQ0FBQyxDQUFDO2dCQUMxRixNQUFNLENBQUMsS0FBSyxHQUFHLE9BQU8sQ0FBQztnQkFDdkIsVUFBVSxFQUFFLENBQUM7WUFDZixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxvQkFBb0I7UUFDaEMsSUFBSSxDQUFDO1lBQ0gsTUFBTSxZQUFZLEdBQUcsSUFBSSxPQUFPLENBQUMsWUFBWSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQzdELE1BQU0sU0FBUyxHQUFHLE1BQU0sWUFBWSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBRXBELElBQUksU0FBUyxDQUFDLEVBQUUsRUFBRSxDQUFDO2dCQUNqQixPQUFPLFNBQVMsQ0FBQyxFQUFFLENBQUM7WUFDdEIsQ0FBQztZQUVELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUFDLE9BQU8sS0FBYyxFQUFFLENBQUM7WUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsK0JBQWdDLEtBQWUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQzlFLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxrQkFBa0I7UUFDOUIsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsbUJBQW1CLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDL0MsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxrQ0FBa0MsQ0FBQyxDQUFDO1FBRXZELDJDQUEyQztRQUMzQyxJQUFJLENBQUMsb0JBQW9CLEdBQUcsSUFBSSxvQkFBb0IsRUFBRSxDQUFDO1FBQ3ZELE1BQU0sSUFBSSxDQUFDLG9CQUFvQixDQUFDLFVBQVUsRUFBRSxDQUFDO1FBRTdDLGdGQUFnRjtRQUNoRixnRkFBZ0Y7UUFDaEYsNkNBQTZDO1FBQzdDLE1BQU0sZUFBZSxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsR0FBRyxJQUFJLENBQUMsZUFBZSxFQUFFLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ25HLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxTQUFTLENBQUMsZUFBd0IsQ0FBQyxDQUFDO1FBRTlELHdEQUF3RDtRQUN4RCxzRkFBc0Y7UUFDdEYsSUFBSSxJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztZQUM1QixNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUM5QyxDQUFDO1FBRUQsaUdBQWlHO1FBQ2pHLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsbUJBQW1CLENBQUM7UUFDL0MsSUFBSSxTQUEwRCxDQUFDO1FBRS9ELDJDQUEyQztRQUMzQyxJQUFJLEtBQUssQ0FBQyxHQUFHLEVBQUUsUUFBUSxJQUFJLEtBQUssQ0FBQyxHQUFHLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDOUMsSUFBSSxDQUFDO2dCQUNILE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxFQUFFLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxDQUFDO2dCQUNwRSxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsRUFBRSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztnQkFDbEUsU0FBUyxHQUFHLEVBQUUsT0FBTyxFQUFFLE1BQU0sRUFBRSxDQUFDO2dCQUNoQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxzREFBc0QsQ0FBQyxDQUFDO1lBQzdFLENBQUM7WUFBQyxPQUFPLEdBQVksRUFBRSxDQUFDO2dCQUN0QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvREFBcUQsR0FBYSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDbkcsQ0FBQztRQUNILENBQUM7UUFFRCxxRUFBcUU7UUFDckUsSUFBSSxDQUFDLFNBQVMsSUFBSSxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDbEMsSUFBSSxDQUFDO2dCQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sWUFBWSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUM7Z0JBQ2hFLElBQUksTUFBTSxFQUFFLFNBQVMsSUFBSSxNQUFNLEVBQUUsVUFBVSxFQUFFLENBQUM7b0JBQzVDLFNBQVMsR0FBRyxFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsU0FBUyxFQUFFLE1BQU0sRUFBRSxNQUFNLENBQUMsVUFBVSxFQUFFLENBQUM7b0JBQ3JFLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHdEQUF3RCxLQUFLLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQztnQkFDaEcsQ0FBQztZQUNILENBQUM7WUFBQyxNQUFNLENBQUMsQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO1FBQ2hELENBQUM7UUFFRCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDZixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvRkFBb0YsQ0FBQyxDQUFDO1FBQzNHLENBQUM7UUFFRCxzQ0FBc0M7UUFDdEMsSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLGFBQWEsQ0FBQyxJQUFJLENBQUMsb0JBQW9CLEVBQUU7WUFDaEUsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVLElBQUksSUFBSTtZQUNwQyxVQUFVLEVBQUUsV0FBVztZQUN2QixHQUFHLEVBQUUsU0FBUztTQUNmLENBQUMsQ0FBQztRQUNILE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUVqQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsb0JBQW9CLENBQUMsV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDO1FBQ2pFLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHNDQUFzQyxJQUFJLENBQUMsT0FBTyxDQUFDLG1CQUFtQixDQUFDLFVBQVUsSUFBSSxJQUFJLFNBQVMsU0FBUyxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3ZKLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxjQUFjO1FBQzFCLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUNyQyxPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDBCQUEwQixDQUFDLENBQUM7UUFFL0MsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQztZQUMvQixNQUFNLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsTUFBTTtZQUNyQyxZQUFZLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsWUFBWTtZQUNqRCxHQUFHLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsR0FBRztZQUMvQixjQUFjLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsY0FBYztZQUNyRCxjQUFjLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsT0FBTztZQUM5QyxpQkFBaUIsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxpQkFBaUI7WUFDM0QsY0FBYyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLGNBQWM7WUFDckQsZUFBZSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLGVBQWU7WUFDdkQsdUJBQXVCLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsdUJBQXVCO1lBQ3ZFLGtCQUFrQixFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLGtCQUFrQjtZQUM3RCxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0I7WUFDekQsZUFBZSxFQUFFLEdBQUcsRUFBRTtnQkFDcEIsNERBQTREO2dCQUM1RCx1RUFBdUU7Z0JBQ3ZFLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxXQUFXLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtvQkFDbkQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsc0RBQXNELEdBQUcsRUFBRSxPQUFPLElBQUksR0FBRyxFQUFFLENBQUMsQ0FBQztnQkFDbEcsQ0FBQyxDQUFDLENBQUM7WUFDTCxDQUFDO1lBQ0Qsc0JBQXNCLEVBQUUsQ0FBQyxnQkFBMEIsRUFBRSxFQUFFO2dCQUNyRCxJQUFJLENBQUMsSUFBSSxDQUFDLG9CQUFvQjtvQkFBRSxPQUFPLEVBQUUsQ0FBQztnQkFDMUMsT0FBTyxJQUFJLENBQUMsb0JBQW9CLENBQUMsa0JBQWtCLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztZQUN4RSxDQUFDO1lBQ0QsbUJBQW1CLEVBQUUsS0FBSyxFQUFFLGdCQUEwQixFQUFFLEVBQUU7Z0JBQ3hELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLE1BQU0sSUFBSSxhQUFhLENBQUM7Z0JBQy9ELE1BQU0sR0FBRyxHQUFHLElBQUksR0FBRyxDQUFTLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztnQkFFdEMsSUFBSSxDQUFDLElBQUksQ0FBQyxvQkFBb0I7b0JBQUUsT0FBTyxDQUFDLEdBQUcsR0FBRyxDQUFDLENBQUM7Z0JBRWhELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxTQUFTLEVBQUUsSUFBSSxJQUFJLEdBQUcsRUFBRSxDQUFDO2dCQUVwRSxNQUFNLEVBQUUsT0FBTyxFQUFFLFNBQVMsRUFBRSxHQUFHLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxtQkFBbUIsQ0FDMUUsZ0JBQWdCLEVBQUUsU0FBUyxDQUM1QixDQUFDO2dCQUVGLDBCQUEwQjtnQkFDMUIsS0FBSyxNQUFNLEVBQUUsSUFBSSxTQUFTLEVBQUUsQ0FBQztvQkFDM0IsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLENBQUM7Z0JBQ3RCLENBQUM7Z0JBRUQsMkRBQTJEO2dCQUMzRCxLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO29CQUM3QixNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQztvQkFDN0MsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsUUFBUSxDQUFDLENBQUM7b0JBQzdELEtBQUssTUFBTSxFQUFFLElBQUksV0FBVyxFQUFFLENBQUM7d0JBQzdCLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO29CQUN0QixDQUFDO2dCQUNILENBQUM7Z0JBRUQsT0FBTyxDQUFDLEdBQUcsR0FBRyxDQUFDLENBQUM7WUFDbEIsQ0FBQztTQUNGLENBQUMsQ0FBQztRQUVILE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUU5QiwyRUFBMkU7UUFDM0UseUNBQXlDO1FBQ3pDLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixFQUFFLFdBQVcsRUFBRSxDQUFDO0lBQy9DLENBQUM7SUFFRCx1RUFBdUU7SUFDL0QsZ0JBQWdCLEdBQUcsSUFBSSxHQUFHLEVBQWdELENBQUM7SUFFbkY7O09BRUc7SUFDSyxLQUFLLENBQUMsbUJBQW1CLENBQUMsTUFBYztRQUM5QyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2pELElBQUksTUFBTSxJQUFJLE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUM7WUFDNUMsT0FBTyxNQUFNLENBQUMsR0FBRyxDQUFDO1FBQ3BCLENBQUM7UUFDRCxJQUFJLENBQUM7WUFDSCxNQUFNLEVBQUUsUUFBUSxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ3RELE1BQU0sR0FBRyxHQUFHLE1BQU0sV0FBVyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUMvQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUNsRixxREFBcUQ7WUFDckQsSUFBSSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxHQUFHLElBQUksRUFBRSxDQUFDO2dCQUN0QyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLENBQUMsSUFBSSxFQUFFLENBQUMsS0FBSyxDQUFDO2dCQUMzRCxJQUFJLFFBQVE7b0JBQUUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUN2RCxDQUFDO1lBQ0QsT0FBTyxHQUFHLENBQUM7UUFDYixDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDBCQUEwQixNQUFNLG9CQUFxQixHQUFhLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUNqRyxPQUFPLE1BQU0sRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDLENBQUMsMENBQTBDO1FBQ3RFLENBQUM7SUFDSCxDQUFDO0lBRUQsd0ZBQXdGO0lBQ3hGLHVFQUF1RTtJQUV2RTs7T0FFRztJQUNLLEtBQUssQ0FBQyxpQkFBaUI7UUFDN0IsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDL0IsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2QkFBNkIsQ0FBQyxDQUFDO1FBRWxELElBQUksQ0FBQyxZQUFZLEdBQUcsSUFBSSxZQUFZLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUNoRSxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsS0FBSyxFQUFFLENBQUM7UUFFaEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsa0NBQWtDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLFFBQVEsSUFBSSxJQUFJLGVBQWUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsUUFBUSxJQUFJLElBQUksU0FBUyxDQUFDLENBQUM7SUFDckssQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLGtCQUFrQixDQUFDLE1BQTJCO1FBQ3pELHlDQUF5QztRQUN6QyxJQUFJLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDL0IsSUFBSSxDQUFDLFlBQVksR0FBRyxTQUFTLENBQUM7UUFDaEMsQ0FBQztRQUVELHVCQUF1QjtRQUN2QixJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksR0FBRyxNQUFNLENBQUM7UUFFbkMsK0JBQStCO1FBQy9CLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7UUFFL0IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsOEJBQThCLENBQUMsQ0FBQztJQUNyRCxDQUFDO0NBQ0Y7QUFRRCxlQUFlLFFBQVEsQ0FBQyJ9