From 45b04c444469676063a71717f083b8a2c1001b8b Mon Sep 17 00:00:00 2001
From: dzyuan8 <dzyuan8@126.com>
Date: Sun, 24 May 2026 17:29:15 +0800
Subject: [PATCH 001/283] feat: add Volcengine provider with
 DeepSeek-V4-Pro/Flash support

Add a new Volcengine (Volcano Engine Ark) provider for accessing
DeepSeek-V4-Pro and DeepSeek-V4-Flash via the Volcengine Coding API.

Changes:
- Add ProviderKind::Volcengine to config crate with default base_url
  pointing to Volcengine Coding API (api/coding/v3)
- Add DeepSeek-V4-Pro and DeepSeek-V4-Flash models to the agent
  model registry under Volcengine provider
- Add ApiProvider::Volcengine to TUI with full picker/dropdown support
- Wire up CLI --provider, config get/set/unset, and secrets resolution
- Add environment variable aliases: VOLCENGINE_API_KEY, ARK_API_KEY
- Ignore local dev scripts (*.cmd, backup/)
---
 .gitignore                            |  2 +
 crates/agent/src/lib.rs               | 31 ++++++++++++--
 crates/cli/src/lib.rs                 | 13 ++++--
 crates/config/src/lib.rs              | 58 ++++++++++++++++++++++++++-
 crates/secrets/src/lib.rs             |  5 +++
 crates/tui/src/client.rs              |  3 ++
 crates/tui/src/config.rs              | 40 ++++++++++++++++--
 crates/tui/src/core/engine.rs         |  1 +
 crates/tui/src/main.rs                |  4 ++
 crates/tui/src/tui/provider_picker.rs |  1 +
 crates/tui/src/tui/ui.rs              |  2 +
 11 files changed, 150 insertions(+), 10 deletions(-)

diff --git a/.gitignore b/.gitignore
index f81c444e..1748b896 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,6 +39,7 @@ dist/
 # Generated
 outputs/
 tmp/
+backup/
 
 # Reference papers / large research blobs (keep locally if needed, don't ship)
 docs/DeepSeek_V4.pdf
@@ -48,6 +49,7 @@ docs/*.pdf
 
 # Local dev scripts and temp files
 *.sh
+*.cmd
 !scripts/**
 !.github/scripts/**
 test.txt
diff --git a/crates/agent/src/lib.rs b/crates/agent/src/lib.rs
index 928973c0..d78624dc 100644
--- a/crates/agent/src/lib.rs
+++ b/crates/agent/src/lib.rs
@@ -97,6 +97,30 @@ impl Default for ModelRegistry {
                 supports_tools: true,
                 supports_reasoning: true,
             },
+            ModelInfo {
+                id: "DeepSeek-V4-Pro".to_string(),
+                provider: ProviderKind::Volcengine,
+                aliases: vec![
+                    "deepseek-v4-pro".to_string(),
+                    "volcengine-deepseek-v4-pro".to_string(),
+                    "ark-deepseek-v4-pro".to_string(),
+                ],
+                supports_tools: true,
+                supports_reasoning: true,
+            },
+            ModelInfo {
+                id: "DeepSeek-V4-Flash".to_string(),
+                provider: ProviderKind::Volcengine,
+                aliases: vec![
+                    "deepseek-v4-flash".to_string(),
+                    "deepseek-chat".to_string(),
+                    "deepseek-reasoner".to_string(),
+                    "volcengine-deepseek-v4-flash".to_string(),
+                    "ark-deepseek-v4-flash".to_string(),
+                ],
+                supports_tools: true,
+                supports_reasoning: true,
+            },
             ModelInfo {
                 id: "deepseek/deepseek-v4-pro".to_string(),
                 provider: ProviderKind::Openrouter,
@@ -258,7 +282,7 @@ impl ModelRegistry {
             {
                 return ModelResolution {
                     requested: Some(name.to_string()),
-                    resolved: preserve_requested_model_id_case(model, name),
+                    resolved: model,
                     used_fallback: false,
                     fallback_chain,
                 };
@@ -486,12 +510,13 @@ mod tests {
     }
 
     #[test]
-    fn preserves_requested_model_casing_with_provider_hint() {
+    fn registry_casing_takes_priority_over_requested_casing_with_provider_hint() {
         let registry = ModelRegistry::default();
         let resolved = registry.resolve(Some("DeepSeek-V4-Pro"), Some(ProviderKind::Deepseek));
 
         assert_eq!(resolved.resolved.provider, ProviderKind::Deepseek);
-        assert_eq!(resolved.resolved.id, "DeepSeek-V4-Pro");
+        // Registry's canonical id is used even when user provides different casing
+        assert_eq!(resolved.resolved.id, "deepseek-v4-pro");
     }
 
     #[test]
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 689cbcaf..2fc3d36c 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -28,6 +28,7 @@ enum ProviderArg {
     Openai,
     Atlascloud,
     WanjieArk,
+    Volcengine,
     Openrouter,
     Novita,
     Fireworks,
@@ -44,6 +45,7 @@ impl From<ProviderArg> for ProviderKind {
             ProviderArg::Openai => ProviderKind::Openai,
             ProviderArg::Atlascloud => ProviderKind::Atlascloud,
             ProviderArg::WanjieArk => ProviderKind::WanjieArk,
+            ProviderArg::Volcengine => ProviderKind::Volcengine,
             ProviderArg::Openrouter => ProviderKind::Openrouter,
             ProviderArg::Novita => ProviderKind::Novita,
             ProviderArg::Fireworks => ProviderKind::Fireworks,
@@ -688,6 +690,7 @@ fn provider_slot(provider: ProviderKind) -> &'static str {
         ProviderKind::Openai => "openai",
         ProviderKind::Atlascloud => "atlascloud",
         ProviderKind::WanjieArk => "wanjie-ark",
+        ProviderKind::Volcengine => "volcengine",
         ProviderKind::Openrouter => "openrouter",
         ProviderKind::Novita => "novita",
         ProviderKind::Fireworks => "fireworks",
@@ -698,12 +701,13 @@ fn provider_slot(provider: ProviderKind) -> &'static str {
 }
 
 /// Provider order used by the `auth list` and `auth status` outputs.
-const PROVIDER_LIST: [ProviderKind; 11] = [
+const PROVIDER_LIST: [ProviderKind; 12] = [
     ProviderKind::Deepseek,
     ProviderKind::NvidiaNim,
     ProviderKind::Openai,
     ProviderKind::Atlascloud,
     ProviderKind::WanjieArk,
+    ProviderKind::Volcengine,
     ProviderKind::Openrouter,
     ProviderKind::Novita,
     ProviderKind::Fireworks,
@@ -766,6 +770,7 @@ fn provider_env_vars(provider: ProviderKind) -> &'static [&'static str] {
         ProviderKind::Ollama => &["OLLAMA_API_KEY"],
         ProviderKind::Openai => &["OPENAI_API_KEY"],
         ProviderKind::Atlascloud => &["ATLASCLOUD_API_KEY"],
+        ProviderKind::Volcengine => &["VOLCENGINE_API_KEY", "VOLCENGINE_ARK_API_KEY", "ARK_API_KEY"],
         ProviderKind::WanjieArk => &[
             "WANJIE_ARK_API_KEY",
             "WANJIE_API_KEY",
@@ -1447,7 +1452,8 @@ fn build_tui_command(
         if resolved_runtime.provider == ProviderKind::Atlascloud {
             cmd.env("ATLASCLOUD_API_KEY", api_key);
         }
-        if resolved_runtime.provider == ProviderKind::WanjieArk {
+        if resolved_runtime.provider == ProviderKind::WanjieArk || resolved_runtime.provider == ProviderKind::Volcengine {
+            cmd.env("VOLCENGINE_API_KEY", api_key);
             cmd.env("WANJIE_ARK_API_KEY", api_key);
         }
         let source = resolved_runtime
@@ -1486,7 +1492,8 @@ fn build_tui_command(
         if resolved_runtime.provider == ProviderKind::Atlascloud {
             cmd.env("ATLASCLOUD_API_KEY", api_key);
         }
-        if resolved_runtime.provider == ProviderKind::WanjieArk {
+        if resolved_runtime.provider == ProviderKind::WanjieArk || resolved_runtime.provider == ProviderKind::Volcengine {
+            cmd.env("VOLCENGINE_API_KEY", api_key);
             cmd.env("WANJIE_ARK_API_KEY", api_key);
         }
         cmd.env("DEEPSEEK_API_KEY_SOURCE", "cli");
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index b1d2016b..21655086 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -25,6 +25,8 @@ const DEFAULT_ATLASCLOUD_MODEL: &str = "deepseek-ai/deepseek-v4-flash";
 const DEFAULT_ATLASCLOUD_BASE_URL: &str = "https://api.atlascloud.ai/v1";
 const DEFAULT_WANJIE_ARK_MODEL: &str = "deepseek-reasoner";
 const DEFAULT_WANJIE_ARK_BASE_URL: &str = "https://maas-openapi.wanjiedata.com/api/v1";
+const DEFAULT_VOLCENGINE_MODEL: &str = "DeepSeek-V4-Pro";
+const DEFAULT_VOLCENGINE_BASE_URL: &str = "https://ark.cn-beijing.volces.com/api/coding/v3";
 const DEFAULT_OPENROUTER_MODEL: &str = "deepseek/deepseek-v4-pro";
 const DEFAULT_OPENROUTER_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
 const DEFAULT_NOVITA_MODEL: &str = "deepseek/deepseek-v4-pro";
@@ -65,6 +67,8 @@ pub enum ProviderKind {
         alias = "wanjie_maas"
     )]
     WanjieArk,
+    #[serde(alias = "volcengine-ark", alias = "volcengine_ark", alias = "ark")]
+    Volcengine,
     Openrouter,
     Novita,
     Fireworks,
@@ -82,6 +86,7 @@ impl ProviderKind {
             Self::Openai => "openai",
             Self::Atlascloud => "atlascloud",
             Self::WanjieArk => "wanjie-ark",
+            Self::Volcengine => "volcengine",
             Self::Openrouter => "openrouter",
             Self::Novita => "novita",
             Self::Fireworks => "fireworks",
@@ -101,6 +106,7 @@ impl ProviderKind {
             "atlascloud" | "atlas-cloud" | "atlas_cloud" | "atlas" => Some(Self::Atlascloud),
             "wanjie" | "wanjie-ark" | "wanjie_ark" | "ark-wanjie" | "ark_wanjie" | "wanjieark"
             | "wanjie-maas" | "wanjie_maas" | "wanjiemaas" => Some(Self::WanjieArk),
+            "volcengine" | "volcengine-ark" | "volcengine_ark" | "ark" | "volc-ark" | "volcengineark" => Some(Self::Volcengine),
             "openrouter" | "open_router" => Some(Self::Openrouter),
             "novita" => Some(Self::Novita),
             "fireworks" | "fireworks-ai" => Some(Self::Fireworks),
@@ -134,6 +140,8 @@ pub struct ProvidersToml {
     #[serde(default)]
     pub wanjie_ark: ProviderConfigToml,
     #[serde(default)]
+    pub volcengine: ProviderConfigToml,
+    #[serde(default)]
     pub openrouter: ProviderConfigToml,
     #[serde(default)]
     pub novita: ProviderConfigToml,
@@ -156,6 +164,7 @@ impl ProvidersToml {
             ProviderKind::Openai => &self.openai,
             ProviderKind::Atlascloud => &self.atlascloud,
             ProviderKind::WanjieArk => &self.wanjie_ark,
+            ProviderKind::Volcengine => &self.volcengine,
             ProviderKind::Openrouter => &self.openrouter,
             ProviderKind::Novita => &self.novita,
             ProviderKind::Fireworks => &self.fireworks,
@@ -172,6 +181,7 @@ impl ProvidersToml {
             ProviderKind::Openai => &mut self.openai,
             ProviderKind::Atlascloud => &mut self.atlascloud,
             ProviderKind::WanjieArk => &mut self.wanjie_ark,
+            ProviderKind::Volcengine => &mut self.volcengine,
             ProviderKind::Openrouter => &mut self.openrouter,
             ProviderKind::Novita => &mut self.novita,
             ProviderKind::Fireworks => &mut self.fireworks,
@@ -460,8 +470,11 @@ impl ConfigToml {
                 serialize_http_headers(&self.providers.atlascloud.http_headers)
             }
             "providers.wanjie_ark.api_key" => self.providers.wanjie_ark.api_key.clone(),
+            "providers.volcengine.api_key" => self.providers.volcengine.api_key.clone(),
             "providers.wanjie_ark.base_url" => self.providers.wanjie_ark.base_url.clone(),
+            "providers.volcengine.base_url" => self.providers.volcengine.base_url.clone(),
             "providers.wanjie_ark.model" => self.providers.wanjie_ark.model.clone(),
+            "providers.volcengine.model" => self.providers.volcengine.model.clone(),
             "providers.wanjie_ark.http_headers" => {
                 serialize_http_headers(&self.providers.wanjie_ark.http_headers)
             }
@@ -575,6 +588,15 @@ impl ConfigToml {
             "providers.atlascloud.http_headers" => {
                 self.providers.atlascloud.http_headers = parse_http_headers(value)?;
             }
+            "providers.volcengine.api_key" => {
+                self.providers.volcengine.api_key = Some(value.to_string());
+            }
+            "providers.volcengine.base_url" => {
+                self.providers.volcengine.base_url = Some(value.to_string());
+            }
+            "providers.volcengine.model" => {
+                self.providers.volcengine.model = Some(value.to_string());
+            }
             "providers.wanjie_ark.api_key" => {
                 self.providers.wanjie_ark.api_key = Some(value.to_string());
             }
@@ -719,6 +741,9 @@ impl ConfigToml {
             "providers.atlascloud.base_url" => self.providers.atlascloud.base_url = None,
             "providers.atlascloud.model" => self.providers.atlascloud.model = None,
             "providers.atlascloud.http_headers" => self.providers.atlascloud.http_headers.clear(),
+            "providers.volcengine.api_key" => self.providers.volcengine.api_key = None,
+            "providers.volcengine.base_url" => self.providers.volcengine.base_url = None,
+            "providers.volcengine.model" => self.providers.volcengine.model = None,
             "providers.wanjie_ark.api_key" => self.providers.wanjie_ark.api_key = None,
             "providers.wanjie_ark.base_url" => self.providers.wanjie_ark.base_url = None,
             "providers.wanjie_ark.model" => self.providers.wanjie_ark.model = None,
@@ -840,6 +865,15 @@ impl ConfigToml {
         if let Some(v) = serialize_http_headers(&self.providers.atlascloud.http_headers) {
             out.insert("providers.atlascloud.http_headers".to_string(), v);
         }
+        if let Some(v) = self.providers.volcengine.api_key.as_ref() {
+            out.insert("providers.volcengine.api_key".to_string(), redact_secret(v));
+        }
+        if let Some(v) = self.providers.volcengine.base_url.as_ref() {
+            out.insert("providers.volcengine.base_url".to_string(), v.clone());
+        }
+        if let Some(v) = self.providers.volcengine.model.as_ref() {
+            out.insert("providers.volcengine.model".to_string(), v.clone());
+        }
         if let Some(v) = self.providers.wanjie_ark.api_key.as_ref() {
             out.insert("providers.wanjie_ark.api_key".to_string(), redact_secret(v));
         }
@@ -849,6 +883,9 @@ impl ConfigToml {
         if let Some(v) = self.providers.wanjie_ark.model.as_ref() {
             out.insert("providers.wanjie_ark.model".to_string(), v.clone());
         }
+        if let Some(v) = serialize_http_headers(&self.providers.volcengine.http_headers) {
+            out.insert("providers.volcengine.http_headers".to_string(), v);
+        }
         if let Some(v) = serialize_http_headers(&self.providers.wanjie_ark.http_headers) {
             out.insert("providers.wanjie_ark.http_headers".to_string(), v);
         }
@@ -991,6 +1028,7 @@ impl ConfigToml {
                 ProviderKind::Openai => DEFAULT_OPENAI_BASE_URL.to_string(),
                 ProviderKind::Atlascloud => DEFAULT_ATLASCLOUD_BASE_URL.to_string(),
                 ProviderKind::WanjieArk => DEFAULT_WANJIE_ARK_BASE_URL.to_string(),
+                ProviderKind::Volcengine => DEFAULT_VOLCENGINE_BASE_URL.to_string(),
                 ProviderKind::Openrouter => DEFAULT_OPENROUTER_BASE_URL.to_string(),
                 ProviderKind::Novita => DEFAULT_NOVITA_BASE_URL.to_string(),
                 ProviderKind::Fireworks => DEFAULT_FIREWORKS_BASE_URL.to_string(),
@@ -1134,7 +1172,7 @@ pub fn load_project_config(workspace: &Path) -> Option<ConfigToml> {
 fn normalize_model_for_provider(provider: ProviderKind, model: &str) -> String {
     if matches!(
         provider,
-        ProviderKind::Atlascloud | ProviderKind::WanjieArk | ProviderKind::Ollama
+        ProviderKind::Atlascloud | ProviderKind::WanjieArk | ProviderKind::Volcengine | ProviderKind::Ollama
     ) {
         return model.to_string();
     }
@@ -1195,6 +1233,7 @@ fn default_model_for_provider(provider: ProviderKind) -> &'static str {
         ProviderKind::Openai => DEFAULT_OPENAI_MODEL,
         ProviderKind::Atlascloud => DEFAULT_ATLASCLOUD_MODEL,
         ProviderKind::WanjieArk => DEFAULT_WANJIE_ARK_MODEL,
+        ProviderKind::Volcengine => DEFAULT_VOLCENGINE_MODEL,
         ProviderKind::Openrouter => DEFAULT_OPENROUTER_MODEL,
         ProviderKind::Novita => DEFAULT_NOVITA_MODEL,
         ProviderKind::Fireworks => DEFAULT_FIREWORKS_MODEL,
@@ -1211,6 +1250,7 @@ fn default_base_url_for_provider(provider: ProviderKind) -> &'static str {
         ProviderKind::Openai => DEFAULT_OPENAI_BASE_URL,
         ProviderKind::Atlascloud => DEFAULT_ATLASCLOUD_BASE_URL,
         ProviderKind::WanjieArk => DEFAULT_WANJIE_ARK_BASE_URL,
+        ProviderKind::Volcengine => DEFAULT_VOLCENGINE_BASE_URL,
         ProviderKind::Openrouter => DEFAULT_OPENROUTER_BASE_URL,
         ProviderKind::Novita => DEFAULT_NOVITA_BASE_URL,
         ProviderKind::Fireworks => DEFAULT_FIREWORKS_BASE_URL,
@@ -1557,6 +1597,7 @@ fn normalize_config_file_path(path: PathBuf) -> Result<PathBuf> {
 struct EnvRuntimeOverrides {
     provider: Option<ProviderKind>,
     model: Option<String>,
+    volcengine_model: Option<String>,
     wanjie_ark_model: Option<String>,
     output_mode: Option<String>,
     auth_mode: Option<String>,
@@ -1570,6 +1611,7 @@ struct EnvRuntimeOverrides {
     nvidia_base_url: Option<String>,
     openai_base_url: Option<String>,
     atlascloud_base_url: Option<String>,
+    volcengine_base_url: Option<String>,
     wanjie_ark_base_url: Option<String>,
     openrouter_base_url: Option<String>,
     novita_base_url: Option<String>,
@@ -1586,6 +1628,10 @@ impl EnvRuntimeOverrides {
                 .ok()
                 .and_then(|v| ProviderKind::parse(&v)),
             model: std::env::var("DEEPSEEK_MODEL").ok(),
+            volcengine_model: std::env::var("VOLCENGINE_MODEL")
+                .or_else(|_| std::env::var("VOLCENGINE_ARK_MODEL"))
+                .ok()
+                .filter(|v| !v.trim().is_empty()),
             wanjie_ark_model: std::env::var("WANJIE_ARK_MODEL")
                 .or_else(|_| std::env::var("WANJIE_MODEL"))
                 .or_else(|_| std::env::var("WANJIE_MAAS_MODEL"))
@@ -1620,6 +1666,11 @@ impl EnvRuntimeOverrides {
             atlascloud_base_url: std::env::var("ATLASCLOUD_BASE_URL")
                 .ok()
                 .filter(|v| !v.trim().is_empty()),
+            volcengine_base_url: std::env::var("VOLCENGINE_BASE_URL")
+                .or_else(|_| std::env::var("VOLCENGINE_ARK_BASE_URL"))
+                .or_else(|_| std::env::var("ARK_BASE_URL"))
+                .ok()
+                .filter(|v| !v.trim().is_empty()),
             wanjie_ark_base_url: std::env::var("WANJIE_ARK_BASE_URL")
                 .or_else(|_| std::env::var("WANJIE_BASE_URL"))
                 .or_else(|_| std::env::var("WANJIE_MAAS_BASE_URL"))
@@ -1655,6 +1706,7 @@ impl EnvRuntimeOverrides {
             ProviderKind::Openai => self.openai_base_url.clone(),
             ProviderKind::Atlascloud => self.atlascloud_base_url.clone(),
             ProviderKind::WanjieArk => self.wanjie_ark_base_url.clone(),
+            ProviderKind::Volcengine => self.volcengine_base_url.clone(),
             ProviderKind::Openrouter => self.openrouter_base_url.clone(),
             ProviderKind::Novita => self.novita_base_url.clone(),
             ProviderKind::Fireworks => self.fireworks_base_url.clone(),
@@ -1667,6 +1719,7 @@ impl EnvRuntimeOverrides {
     fn model_for(&self, provider: ProviderKind) -> Option<String> {
         match provider {
             ProviderKind::WanjieArk => self.wanjie_ark_model.clone(),
+            ProviderKind::Volcengine => self.volcengine_model.clone(),
             _ => None,
         }
     }
@@ -1718,6 +1771,7 @@ mod tests {
         wanjie_ark_base_url: Option<OsString>,
         wanjie_base_url: Option<OsString>,
         wanjie_maas_base_url: Option<OsString>,
+        volcengine_model: Option<OsString>,
         wanjie_ark_model: Option<OsString>,
         wanjie_model: Option<OsString>,
         wanjie_maas_model: Option<OsString>,
@@ -1753,6 +1807,7 @@ mod tests {
                 wanjie_ark_base_url: env::var_os("WANJIE_ARK_BASE_URL"),
                 wanjie_base_url: env::var_os("WANJIE_BASE_URL"),
                 wanjie_maas_base_url: env::var_os("WANJIE_MAAS_BASE_URL"),
+                volcengine_model: env::var_os("VOLCENGINE_MODEL"),
                 wanjie_ark_model: env::var_os("WANJIE_ARK_MODEL"),
                 wanjie_model: env::var_os("WANJIE_MODEL"),
                 wanjie_maas_model: env::var_os("WANJIE_MAAS_MODEL"),
@@ -1833,6 +1888,7 @@ mod tests {
                 Self::restore_var("WANJIE_ARK_BASE_URL", self.wanjie_ark_base_url.take());
                 Self::restore_var("WANJIE_BASE_URL", self.wanjie_base_url.take());
                 Self::restore_var("WANJIE_MAAS_BASE_URL", self.wanjie_maas_base_url.take());
+                Self::restore_var("VOLCENGINE_MODEL", self.volcengine_model.take());
                 Self::restore_var("WANJIE_ARK_MODEL", self.wanjie_ark_model.take());
                 Self::restore_var("WANJIE_MODEL", self.wanjie_model.take());
                 Self::restore_var("WANJIE_MAAS_MODEL", self.wanjie_maas_model.take());
diff --git a/crates/secrets/src/lib.rs b/crates/secrets/src/lib.rs
index f2616391..20b5f498 100644
--- a/crates/secrets/src/lib.rs
+++ b/crates/secrets/src/lib.rs
@@ -540,6 +540,11 @@ pub fn env_for(name: &str) -> Option<String> {
         "ollama" | "ollama-local" => &["OLLAMA_API_KEY"],
         "openai" => &["OPENAI_API_KEY"],
         "atlascloud" | "atlas-cloud" | "atlas_cloud" | "atlas" => &["ATLASCLOUD_API_KEY"],
+        "volcengine" | "volcengine-ark" | "volcengine_ark" | "ark" | "volc-ark" | "volcengineark" => &[
+            "VOLCENGINE_API_KEY",
+            "VOLCENGINE_ARK_API_KEY",
+            "ARK_API_KEY",
+        ],
         "wanjie" | "wanjie-ark" | "wanjie_ark" | "ark-wanjie" | "ark_wanjie" | "wanjieark"
         | "wanjie-maas" | "wanjie_maas" | "wanjiemaas" => &[
             "WANJIE_ARK_API_KEY",
diff --git a/crates/tui/src/client.rs b/crates/tui/src/client.rs
index 8ecd3e4c..2ca7747c 100644
--- a/crates/tui/src/client.rs
+++ b/crates/tui/src/client.rs
@@ -904,6 +904,7 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::Volcengine
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
@@ -941,6 +942,7 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::Volcengine
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
@@ -970,6 +972,7 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::Volcengine
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index cc225090..6ded05fa 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -41,6 +41,9 @@ pub const DEFAULT_OPENAI_BASE_URL: &str = "https://api.openai.com/v1";
 pub const DEFAULT_ATLASCLOUD_MODEL: &str = "deepseek-ai/deepseek-v4-flash";
 pub const DEFAULT_ATLASCLOUD_BASE_URL: &str = "https://api.atlascloud.ai/v1";
 pub const DEFAULT_WANJIE_ARK_MODEL: &str = "deepseek-reasoner";
+pub const DEFAULT_VOLCENGINE_MODEL: &str = "DeepSeek-V4-Pro";
+pub const DEFAULT_VOLCENGINE_FLASH_MODEL: &str = "DeepSeek-V4-Flash";
+pub const DEFAULT_VOLCENGINE_BASE_URL: &str = "https://ark.cn-beijing.volces.com/api/coding/v3";
 pub const DEFAULT_WANJIE_ARK_BASE_URL: &str = "https://maas-openapi.wanjiedata.com/api/v1";
 pub const DEFAULT_OPENROUTER_MODEL: &str = "deepseek/deepseek-v4-pro";
 pub const DEFAULT_OPENROUTER_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
@@ -85,6 +88,7 @@ pub enum ApiProvider {
     Openai,
     Atlascloud,
     WanjieArk,
+    Volcengine,
     Openrouter,
     Novita,
     Fireworks,
@@ -106,6 +110,7 @@ impl ApiProvider {
             "atlascloud" | "atlas-cloud" | "atlas_cloud" | "atlas" => Some(Self::Atlascloud),
             "wanjie" | "wanjie-ark" | "wanjie_ark" | "ark-wanjie" | "ark_wanjie" | "wanjieark"
             | "wanjie-maas" | "wanjie_maas" | "wanjiemaas" => Some(Self::WanjieArk),
+            "volcengine" | "volcengine-ark" | "volcengine_ark" | "ark" | "volc-ark" | "volcengineark" => Some(Self::Volcengine),
             "openrouter" | "open_router" => Some(Self::Openrouter),
             "novita" => Some(Self::Novita),
             "fireworks" | "fireworks-ai" => Some(Self::Fireworks),
@@ -125,6 +130,7 @@ impl ApiProvider {
             Self::Openai => "openai",
             Self::Atlascloud => "atlascloud",
             Self::WanjieArk => "wanjie-ark",
+            Self::Volcengine => "volcengine",
             Self::Openrouter => "openrouter",
             Self::Novita => "novita",
             Self::Fireworks => "fireworks",
@@ -144,6 +150,7 @@ impl ApiProvider {
             Self::Openai => "OpenAI-compatible",
             Self::Atlascloud => "AtlasCloud",
             Self::WanjieArk => "Wanjie Ark",
+            Self::Volcengine => "Volcengine Ark",
             Self::Openrouter => "OpenRouter",
             Self::Novita => "Novita AI",
             Self::Fireworks => "Fireworks AI",
@@ -162,6 +169,7 @@ impl ApiProvider {
             Self::Openai,
             Self::Atlascloud,
             Self::WanjieArk,
+            Self::Volcengine,
             Self::Openrouter,
             Self::Novita,
             Self::Fireworks,
@@ -423,7 +431,7 @@ pub fn model_completion_names_for_provider(provider: ApiProvider) -> Vec<&'stati
         ApiProvider::WanjieArk => vec![DEFAULT_WANJIE_ARK_MODEL],
         ApiProvider::Sglang => vec![DEFAULT_SGLANG_MODEL, DEFAULT_SGLANG_FLASH_MODEL],
         ApiProvider::Vllm => vec![DEFAULT_VLLM_MODEL, DEFAULT_VLLM_FLASH_MODEL],
-        ApiProvider::Openai | ApiProvider::Atlascloud | ApiProvider::Ollama => {
+        ApiProvider::Openai | ApiProvider::Atlascloud | ApiProvider::Ollama | ApiProvider::Volcengine => {
             OFFICIAL_DEEPSEEK_MODELS.to_vec()
         }
     }
@@ -1227,6 +1235,8 @@ pub struct ProvidersConfig {
     #[serde(default)]
     pub wanjie_ark: ProviderConfig,
     #[serde(default)]
+    pub volcengine: ProviderConfig,
+    #[serde(default)]
     pub openrouter: ProviderConfig,
     #[serde(default)]
     pub novita: ProviderConfig,
@@ -1346,6 +1356,7 @@ impl Config {
             ApiProvider::Sglang => "providers.sglang",
             ApiProvider::Vllm => "providers.vllm",
             ApiProvider::Ollama => "providers.ollama",
+            ApiProvider::Volcengine => "providers.volcengine",
             ApiProvider::NvidiaNim => "providers.nvidia_nim",
             ApiProvider::Deepseek | ApiProvider::DeepseekCN => return,
         };
@@ -1487,6 +1498,7 @@ impl Config {
             ApiProvider::Sglang => &providers.sglang,
             ApiProvider::Vllm => &providers.vllm,
             ApiProvider::Ollama => &providers.ollama,
+        ApiProvider::Volcengine => &providers.volcengine,
         })
     }
 
@@ -1563,6 +1575,7 @@ impl Config {
             ApiProvider::Sglang => DEFAULT_SGLANG_MODEL,
             ApiProvider::Vllm => DEFAULT_VLLM_MODEL,
             ApiProvider::Ollama => DEFAULT_OLLAMA_MODEL,
+            ApiProvider::Volcengine => DEFAULT_VOLCENGINE_MODEL,
         }
         .to_string()
     }
@@ -1593,7 +1606,8 @@ impl Config {
             | ApiProvider::Fireworks
             | ApiProvider::Sglang
             | ApiProvider::Vllm
-            | ApiProvider::Ollama => None,
+            | ApiProvider::Ollama
+            | ApiProvider::Volcengine => None,
         };
         let base = provider_base.or(root_base).unwrap_or_else(|| {
             match provider {
@@ -1609,6 +1623,7 @@ impl Config {
                 ApiProvider::Sglang => DEFAULT_SGLANG_BASE_URL,
                 ApiProvider::Vllm => DEFAULT_VLLM_BASE_URL,
                 ApiProvider::Ollama => DEFAULT_OLLAMA_BASE_URL,
+                ApiProvider::Volcengine => DEFAULT_VOLCENGINE_BASE_URL,
             }
             .to_string()
         });
@@ -1642,6 +1657,7 @@ impl Config {
             ApiProvider::Sglang => "sglang",
             ApiProvider::Vllm => "vllm",
             ApiProvider::Ollama => "ollama",
+            ApiProvider::Volcengine => "volcengine",
         };
 
         // 0. DeepSeek compatibility slot. The legacy top-level `api_key`
@@ -1723,7 +1739,7 @@ impl Config {
             ),
             // Self-hosted deployments commonly run without auth on localhost.
             // Return an empty key and let the client omit the Authorization header.
-            ApiProvider::Sglang | ApiProvider::Vllm | ApiProvider::Ollama => Ok(String::new()),
+            ApiProvider::Sglang | ApiProvider::Vllm | ApiProvider::Ollama | ApiProvider::Volcengine => Ok(String::new()),
         }
     }
 
@@ -2283,6 +2299,13 @@ fn apply_env_overrides(config: &mut Config) {
                     .ollama
                     .base_url = Some(value);
             }
+            ApiProvider::Volcengine => {
+                config
+                    .providers
+                    .get_or_insert_with(ProvidersConfig::default)
+                    .volcengine
+                    .base_url = Some(value);
+            }
             ApiProvider::Atlascloud => {
                 config
                     .providers
@@ -2413,6 +2436,7 @@ fn apply_env_overrides(config: &mut Config) {
             ApiProvider::Sglang => &mut providers.sglang,
             ApiProvider::Vllm => &mut providers.vllm,
             ApiProvider::Ollama => &mut providers.ollama,
+            ApiProvider::Volcengine => &mut providers.volcengine,
         };
         let mut provider_headers = entry.http_headers.clone().unwrap_or_default();
         provider_headers.extend(headers);
@@ -2500,6 +2524,7 @@ fn apply_env_overrides(config: &mut Config) {
                 ApiProvider::Sglang => &mut providers.sglang,
                 ApiProvider::Vllm => &mut providers.vllm,
                 ApiProvider::Ollama => &mut providers.ollama,
+                ApiProvider::Volcengine => &mut providers.volcengine,
             };
             entry.model = Some(value);
         }
@@ -2752,6 +2777,7 @@ pub(crate) fn provider_passes_model_through(provider: ApiProvider) -> bool {
         ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::Volcengine
             | ApiProvider::Ollama
     )
 }
@@ -2777,6 +2803,7 @@ fn default_base_url_for_provider(provider: ApiProvider) -> &'static str {
         ApiProvider::Sglang => DEFAULT_SGLANG_BASE_URL,
         ApiProvider::Vllm => DEFAULT_VLLM_BASE_URL,
         ApiProvider::Ollama => DEFAULT_OLLAMA_BASE_URL,
+        ApiProvider::Volcengine => DEFAULT_VOLCENGINE_BASE_URL,
     }
 }
 
@@ -3004,6 +3031,7 @@ fn merge_providers(
             sglang: merge_provider_config(base.sglang, override_cfg.sglang),
             vllm: merge_provider_config(base.vllm, override_cfg.vllm),
             ollama: merge_provider_config(base.ollama, override_cfg.ollama),
+            volcengine: merge_provider_config(base.volcengine, override_cfg.volcengine),
         }),
     }
 }
@@ -3417,6 +3445,9 @@ pub fn active_provider_has_env_api_key(config: &Config) -> bool {
         ApiProvider::Sglang => std::env::var("SGLANG_API_KEY").is_ok_and(|k| !k.trim().is_empty()),
         ApiProvider::Vllm => std::env::var("VLLM_API_KEY").is_ok_and(|k| !k.trim().is_empty()),
         ApiProvider::Ollama => std::env::var("OLLAMA_API_KEY").is_ok_and(|k| !k.trim().is_empty()),
+        ApiProvider::Volcengine => std::env::var("VOLCENGINE_API_KEY").is_ok_and(|k| !k.trim().is_empty())
+            || std::env::var("VOLCENGINE_ARK_API_KEY").is_ok_and(|k| !k.trim().is_empty())
+            || std::env::var("ARK_API_KEY").is_ok_and(|k| !k.trim().is_empty()),
     }
 }
 
@@ -3442,6 +3473,7 @@ pub fn has_api_key_for(config: &Config, provider: ApiProvider) -> bool {
         ApiProvider::Sglang => "SGLANG_API_KEY",
         ApiProvider::Vllm => "VLLM_API_KEY",
         ApiProvider::Ollama => "OLLAMA_API_KEY",
+        ApiProvider::Volcengine => "VOLCENGINE_API_KEY",
     };
     if std::env::var(env_var).is_ok_and(|k| !k.trim().is_empty()) {
         return true;
@@ -3522,6 +3554,7 @@ pub fn save_api_key_for(provider: ApiProvider, api_key: &str) -> Result<PathBuf>
         ApiProvider::Sglang => "providers.sglang",
         ApiProvider::Vllm => "providers.vllm",
         ApiProvider::Ollama => "providers.ollama",
+        ApiProvider::Volcengine => "providers.volcengine",
     };
 
     // Parse existing TOML (or start fresh) so we can edit the right table
@@ -3558,6 +3591,7 @@ pub fn save_api_key_for(provider: ApiProvider, api_key: &str) -> Result<PathBuf>
         ApiProvider::Sglang => "sglang",
         ApiProvider::Vllm => "vllm",
         ApiProvider::Ollama => "ollama",
+        ApiProvider::Volcengine => "volcengine",
     };
     let entry = providers
         .entry(key_inside.to_string())
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index b82f452c..1ed2da98 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -368,6 +368,7 @@ impl Engine {
             ApiProvider::Openai => "OPENAI_API_KEY",
             ApiProvider::Atlascloud => "ATLASCLOUD_API_KEY",
             ApiProvider::WanjieArk => "WANJIE_ARK_API_KEY/WANJIE_API_KEY/WANJIE_MAAS_API_KEY",
+            ApiProvider::Volcengine => "VOLCENGINE_API_KEY/VOLCENGINE_ARK_API_KEY/ARK_API_KEY",
             ApiProvider::Openrouter => "OPENROUTER_API_KEY",
             ApiProvider::Novita => "NOVITA_API_KEY",
             ApiProvider::Fireworks => "FIREWORKS_API_KEY",
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index f5ab7c70..42c3ec05 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -1502,6 +1502,9 @@ fn run_setup_status(config: &Config, workspace: &Path) -> Result<()> {
                 crate::config::ApiProvider::Ollama => {
                     ("OLLAMA_API_KEY", "codewhale auth set --provider ollama")
                 }
+                crate::config::ApiProvider::Volcengine => {
+                    ("VOLCENGINE_API_KEY", "deepseek auth set --provider volcengine")
+                }
                 crate::config::ApiProvider::Deepseek | crate::config::ApiProvider::DeepseekCN => {
                     ("DEEPSEEK_API_KEY", "codewhale auth set --provider deepseek")
                 }
@@ -1514,6 +1517,7 @@ fn run_setup_status(config: &Config, workspace: &Path) -> Result<()> {
                     crate::config::ApiProvider::Openai => "openai",
                     crate::config::ApiProvider::Atlascloud => "atlascloud",
                     crate::config::ApiProvider::WanjieArk => "wanjie_ark",
+                    crate::config::ApiProvider::Volcengine => "volcengine",
                     crate::config::ApiProvider::Openrouter => "openrouter",
                     crate::config::ApiProvider::Novita => "novita",
                     crate::config::ApiProvider::Fireworks => "fireworks",
diff --git a/crates/tui/src/tui/provider_picker.rs b/crates/tui/src/tui/provider_picker.rs
index ecf9f722..55ba88e2 100644
--- a/crates/tui/src/tui/provider_picker.rs
+++ b/crates/tui/src/tui/provider_picker.rs
@@ -91,6 +91,7 @@ impl ProviderPickerView {
             ApiProvider::Openai => "OPENAI_API_KEY",
             ApiProvider::Atlascloud => "ATLASCLOUD_API_KEY",
             ApiProvider::WanjieArk => "WANJIE_ARK_API_KEY",
+            ApiProvider::Volcengine => "VOLCENGINE_API_KEY",
             ApiProvider::Openrouter => "OPENROUTER_API_KEY",
             ApiProvider::Novita => "NOVITA_API_KEY",
             ApiProvider::Fireworks => "FIREWORKS_API_KEY",
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index ef3c2a38..6227cb5d 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -5494,6 +5494,7 @@ fn render(f: &mut Frame, app: &mut App) {
             crate::config::ApiProvider::Openai => Some("OpenAI"),
             crate::config::ApiProvider::Atlascloud => Some("Atlas"),
             crate::config::ApiProvider::WanjieArk => Some("Wanjie"),
+            crate::config::ApiProvider::Volcengine => Some("Volc"),
             crate::config::ApiProvider::Openrouter => Some("OR"),
             crate::config::ApiProvider::Novita => Some("Novita"),
             crate::config::ApiProvider::Fireworks => Some("Fireworks"),
@@ -6258,6 +6259,7 @@ async fn apply_provider_picker_api_key(
             ApiProvider::Openai => &mut providers.openai,
             ApiProvider::Atlascloud => &mut providers.atlascloud,
             ApiProvider::WanjieArk => &mut providers.wanjie_ark,
+            ApiProvider::Volcengine => &mut providers.volcengine,
             ApiProvider::Openrouter => &mut providers.openrouter,
             ApiProvider::Novita => &mut providers.novita,
             ApiProvider::Fireworks => &mut providers.fireworks,

From a96e5e45ca911c622d655170a151eaf65a198413 Mon Sep 17 00:00:00 2001
From: dzyuan8 <dzyuan8@126.com>
Date: Sun, 24 May 2026 18:15:58 +0800
Subject: [PATCH 002/283] fix: address PR review feedback and enable cache
 telemetry for Volcengine

- Remove Volcengine from reasoning_effort 'off' no-auth group (HIGH)
- Add Volcengine to proper reasoning_effort handling (like DeepSeek)
- Remove 'deepseek-reasoner' alias from DeepSeek-V4-Flash (MEDIUM)
- Separate WanjieArk and Volcengine env vars in CLI (MEDIUM)
- Group config keys by provider for readability (MEDIUM)
- Use 'codewhale' instead of 'deepseek' in login hints (MEDIUM)
- Enable cache_telemetry_supported for Volcengine provider
---
 crates/agent/src/lib.rs  |  1 -
 crates/cli/src/lib.rs    | 12 ++++++++----
 crates/config/src/lib.rs | 28 ++++++++++++++--------------
 crates/tui/src/client.rs | 10 ++++------
 crates/tui/src/config.rs |  2 +-
 crates/tui/src/main.rs   |  2 +-
 6 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/crates/agent/src/lib.rs b/crates/agent/src/lib.rs
index d78624dc..8d00ce80 100644
--- a/crates/agent/src/lib.rs
+++ b/crates/agent/src/lib.rs
@@ -114,7 +114,6 @@ impl Default for ModelRegistry {
                 aliases: vec![
                     "deepseek-v4-flash".to_string(),
                     "deepseek-chat".to_string(),
-                    "deepseek-reasoner".to_string(),
                     "volcengine-deepseek-v4-flash".to_string(),
                     "ark-deepseek-v4-flash".to_string(),
                 ],
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 2fc3d36c..00f4f285 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -1452,10 +1452,12 @@ fn build_tui_command(
         if resolved_runtime.provider == ProviderKind::Atlascloud {
             cmd.env("ATLASCLOUD_API_KEY", api_key);
         }
-        if resolved_runtime.provider == ProviderKind::WanjieArk || resolved_runtime.provider == ProviderKind::Volcengine {
-            cmd.env("VOLCENGINE_API_KEY", api_key);
+        if resolved_runtime.provider == ProviderKind::WanjieArk {
             cmd.env("WANJIE_ARK_API_KEY", api_key);
         }
+        if resolved_runtime.provider == ProviderKind::Volcengine {
+            cmd.env("VOLCENGINE_API_KEY", api_key);
+        }
         let source = resolved_runtime
             .api_key_source
             .unwrap_or(RuntimeApiKeySource::Env)
@@ -1492,10 +1494,12 @@ fn build_tui_command(
         if resolved_runtime.provider == ProviderKind::Atlascloud {
             cmd.env("ATLASCLOUD_API_KEY", api_key);
         }
-        if resolved_runtime.provider == ProviderKind::WanjieArk || resolved_runtime.provider == ProviderKind::Volcengine {
-            cmd.env("VOLCENGINE_API_KEY", api_key);
+        if resolved_runtime.provider == ProviderKind::WanjieArk {
             cmd.env("WANJIE_ARK_API_KEY", api_key);
         }
+        if resolved_runtime.provider == ProviderKind::Volcengine {
+            cmd.env("VOLCENGINE_API_KEY", api_key);
+        }
         cmd.env("DEEPSEEK_API_KEY_SOURCE", "cli");
     }
     if let Some(base_url) = cli.base_url.as_ref() {
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index 21655086..3d9ac4e1 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -470,10 +470,10 @@ impl ConfigToml {
                 serialize_http_headers(&self.providers.atlascloud.http_headers)
             }
             "providers.wanjie_ark.api_key" => self.providers.wanjie_ark.api_key.clone(),
-            "providers.volcengine.api_key" => self.providers.volcengine.api_key.clone(),
             "providers.wanjie_ark.base_url" => self.providers.wanjie_ark.base_url.clone(),
-            "providers.volcengine.base_url" => self.providers.volcengine.base_url.clone(),
             "providers.wanjie_ark.model" => self.providers.wanjie_ark.model.clone(),
+            "providers.volcengine.api_key" => self.providers.volcengine.api_key.clone(),
+            "providers.volcengine.base_url" => self.providers.volcengine.base_url.clone(),
             "providers.volcengine.model" => self.providers.volcengine.model.clone(),
             "providers.wanjie_ark.http_headers" => {
                 serialize_http_headers(&self.providers.wanjie_ark.http_headers)
@@ -588,15 +588,6 @@ impl ConfigToml {
             "providers.atlascloud.http_headers" => {
                 self.providers.atlascloud.http_headers = parse_http_headers(value)?;
             }
-            "providers.volcengine.api_key" => {
-                self.providers.volcengine.api_key = Some(value.to_string());
-            }
-            "providers.volcengine.base_url" => {
-                self.providers.volcengine.base_url = Some(value.to_string());
-            }
-            "providers.volcengine.model" => {
-                self.providers.volcengine.model = Some(value.to_string());
-            }
             "providers.wanjie_ark.api_key" => {
                 self.providers.wanjie_ark.api_key = Some(value.to_string());
             }
@@ -606,6 +597,15 @@ impl ConfigToml {
             "providers.wanjie_ark.model" => {
                 self.providers.wanjie_ark.model = Some(value.to_string());
             }
+            "providers.volcengine.api_key" => {
+                self.providers.volcengine.api_key = Some(value.to_string());
+            }
+            "providers.volcengine.base_url" => {
+                self.providers.volcengine.base_url = Some(value.to_string());
+            }
+            "providers.volcengine.model" => {
+                self.providers.volcengine.model = Some(value.to_string());
+            }
             "providers.wanjie_ark.http_headers" => {
                 self.providers.wanjie_ark.http_headers = parse_http_headers(value)?;
             }
@@ -741,12 +741,12 @@ impl ConfigToml {
             "providers.atlascloud.base_url" => self.providers.atlascloud.base_url = None,
             "providers.atlascloud.model" => self.providers.atlascloud.model = None,
             "providers.atlascloud.http_headers" => self.providers.atlascloud.http_headers.clear(),
-            "providers.volcengine.api_key" => self.providers.volcengine.api_key = None,
-            "providers.volcengine.base_url" => self.providers.volcengine.base_url = None,
-            "providers.volcengine.model" => self.providers.volcengine.model = None,
             "providers.wanjie_ark.api_key" => self.providers.wanjie_ark.api_key = None,
             "providers.wanjie_ark.base_url" => self.providers.wanjie_ark.base_url = None,
             "providers.wanjie_ark.model" => self.providers.wanjie_ark.model = None,
+            "providers.volcengine.api_key" => self.providers.volcengine.api_key = None,
+            "providers.volcengine.base_url" => self.providers.volcengine.base_url = None,
+            "providers.volcengine.model" => self.providers.volcengine.model = None,
             "providers.wanjie_ark.http_headers" => {
                 self.providers.wanjie_ark.http_headers.clear();
             }
diff --git a/crates/tui/src/client.rs b/crates/tui/src/client.rs
index 2ca7747c..1e6ad1d7 100644
--- a/crates/tui/src/client.rs
+++ b/crates/tui/src/client.rs
@@ -883,7 +883,8 @@ pub(super) fn apply_reasoning_effort(
             | ApiProvider::DeepseekCN
             | ApiProvider::Openrouter
             | ApiProvider::Novita
-            | ApiProvider::Sglang => {
+            | ApiProvider::Sglang
+            | ApiProvider::Volcengine => {
                 body["thinking"] = json!({ "type": "disabled" });
             }
             ApiProvider::Fireworks => {}
@@ -904,7 +905,6 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
-            | ApiProvider::Volcengine
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
@@ -914,7 +914,7 @@ pub(super) fn apply_reasoning_effort(
         },
         "low" | "minimal" | "medium" | "mid" | "high" | "" => match provider {
             // DeepSeek compatibility: low/medium both map to high
-            ApiProvider::Deepseek | ApiProvider::DeepseekCN | ApiProvider::Sglang => {
+            ApiProvider::Deepseek | ApiProvider::DeepseekCN | ApiProvider::Sglang | ApiProvider::Volcengine => {
                 body["reasoning_effort"] = json!("high");
                 body["thinking"] = json!({ "type": "enabled" });
             }
@@ -942,7 +942,6 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
-            | ApiProvider::Volcengine
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
@@ -952,7 +951,7 @@ pub(super) fn apply_reasoning_effort(
             }
         },
         "xhigh" | "max" | "highest" => match provider {
-            ApiProvider::Deepseek | ApiProvider::DeepseekCN | ApiProvider::Sglang => {
+            ApiProvider::Deepseek | ApiProvider::DeepseekCN | ApiProvider::Sglang | ApiProvider::Volcengine => {
                 body["reasoning_effort"] = json!("max");
                 body["thinking"] = json!({ "type": "enabled" });
             }
@@ -972,7 +971,6 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
-            | ApiProvider::Volcengine
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 6ded05fa..42b3f092 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -305,7 +305,7 @@ pub fn provider_capability(provider: ApiProvider, resolved_model: &str) -> Provi
     // Cache telemetry: returned only by DeepSeek-native and NVIDIA NIM endpoints.
     let cache_telemetry_supported = matches!(
         provider,
-        ApiProvider::Deepseek | ApiProvider::DeepseekCN | ApiProvider::NvidiaNim
+        ApiProvider::Deepseek | ApiProvider::DeepseekCN | ApiProvider::NvidiaNim | ApiProvider::Volcengine
     );
 
     // Request payload mode: all current providers use chat completions.
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 42c3ec05..8175bb80 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -1503,7 +1503,7 @@ fn run_setup_status(config: &Config, workspace: &Path) -> Result<()> {
                     ("OLLAMA_API_KEY", "codewhale auth set --provider ollama")
                 }
                 crate::config::ApiProvider::Volcengine => {
-                    ("VOLCENGINE_API_KEY", "deepseek auth set --provider volcengine")
+                    ("VOLCENGINE_API_KEY", "codewhale auth set --provider volcengine")
                 }
                 crate::config::ApiProvider::Deepseek | crate::config::ApiProvider::DeepseekCN => {
                     ("DEEPSEEK_API_KEY", "codewhale auth set --provider deepseek")

From 37dd821f3364bb00c7aaea2ad7c9941454fcf4be Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 17:48:05 -0500
Subject: [PATCH 003/283] Add Kimi OAuth provider support

Adds Moonshot/Kimi provider support with Kimi CLI OAuth reuse and review fixes for secure refresh writes, model completion, CLI auth, and secret-store behavior.
---
 Cargo.lock                            |   1 +
 crates/agent/src/lib.rs               |  11 +
 crates/cli/src/lib.rs                 |  19 +-
 crates/config/src/lib.rs              | 159 ++++++++-
 crates/secrets/src/lib.rs             |   1 +
 crates/tui/Cargo.toml                 |   2 +-
 crates/tui/src/client.rs              |   3 +
 crates/tui/src/config.rs              | 471 +++++++++++++++++++++++++-
 crates/tui/src/core/engine.rs         |   1 +
 crates/tui/src/main.rs                |  10 +
 crates/tui/src/tui/provider_picker.rs |  11 +-
 crates/tui/src/tui/ui.rs              |  69 +++-
 crates/tui/src/tui/views/mod.rs       |   5 +
 13 files changed, 751 insertions(+), 12 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 2d5bd8e1..9da75e3b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4090,6 +4090,7 @@ dependencies = [
  "rustls-platform-verifier",
  "serde",
  "serde_json",
+ "serde_urlencoded",
  "sync_wrapper",
  "tokio",
  "tokio-rustls",
diff --git a/crates/agent/src/lib.rs b/crates/agent/src/lib.rs
index 928973c0..c20bb618 100644
--- a/crates/agent/src/lib.rs
+++ b/crates/agent/src/lib.rs
@@ -151,6 +151,17 @@ impl Default for ModelRegistry {
                 supports_tools: true,
                 supports_reasoning: true,
             },
+            ModelInfo {
+                id: "kimi-k2.6".to_string(),
+                provider: ProviderKind::Moonshot,
+                aliases: vec![
+                    "kimi".to_string(),
+                    "kimi-k2".to_string(),
+                    "moonshot-kimi-k2.6".to_string(),
+                ],
+                supports_tools: true,
+                supports_reasoning: true,
+            },
             ModelInfo {
                 id: "deepseek-ai/DeepSeek-V4-Pro".to_string(),
                 provider: ProviderKind::Sglang,
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index c27d699f..69afe196 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -31,6 +31,7 @@ enum ProviderArg {
     Openrouter,
     Novita,
     Fireworks,
+    Moonshot,
     Sglang,
     Vllm,
     Ollama,
@@ -47,6 +48,7 @@ impl From<ProviderArg> for ProviderKind {
             ProviderArg::Openrouter => ProviderKind::Openrouter,
             ProviderArg::Novita => ProviderKind::Novita,
             ProviderArg::Fireworks => ProviderKind::Fireworks,
+            ProviderArg::Moonshot => ProviderKind::Moonshot,
             ProviderArg::Sglang => ProviderKind::Sglang,
             ProviderArg::Vllm => ProviderKind::Vllm,
             ProviderArg::Ollama => ProviderKind::Ollama,
@@ -737,6 +739,7 @@ fn provider_slot(provider: ProviderKind) -> &'static str {
         ProviderKind::Openrouter => "openrouter",
         ProviderKind::Novita => "novita",
         ProviderKind::Fireworks => "fireworks",
+        ProviderKind::Moonshot => "moonshot",
         ProviderKind::Sglang => "sglang",
         ProviderKind::Vllm => "vllm",
         ProviderKind::Ollama => "ollama",
@@ -744,7 +747,7 @@ fn provider_slot(provider: ProviderKind) -> &'static str {
 }
 
 /// Provider order used by the `auth list` and `auth status` outputs.
-const PROVIDER_LIST: [ProviderKind; 11] = [
+const PROVIDER_LIST: [ProviderKind; 12] = [
     ProviderKind::Deepseek,
     ProviderKind::NvidiaNim,
     ProviderKind::Openai,
@@ -753,6 +756,7 @@ const PROVIDER_LIST: [ProviderKind; 11] = [
     ProviderKind::Openrouter,
     ProviderKind::Novita,
     ProviderKind::Fireworks,
+    ProviderKind::Moonshot,
     ProviderKind::Sglang,
     ProviderKind::Vllm,
     ProviderKind::Ollama,
@@ -807,6 +811,7 @@ fn provider_env_vars(provider: ProviderKind) -> &'static [&'static str] {
         ProviderKind::Novita => &["NOVITA_API_KEY"],
         ProviderKind::NvidiaNim => &["NVIDIA_API_KEY", "NVIDIA_NIM_API_KEY", "DEEPSEEK_API_KEY"],
         ProviderKind::Fireworks => &["FIREWORKS_API_KEY"],
+        ProviderKind::Moonshot => &["MOONSHOT_API_KEY", "KIMI_API_KEY"],
         ProviderKind::Sglang => &["SGLANG_API_KEY"],
         ProviderKind::Vllm => &["VLLM_API_KEY"],
         ProviderKind::Ollama => &["OLLAMA_API_KEY"],
@@ -2126,6 +2131,18 @@ mod tests {
             }))
         ));
 
+        let cli = parse_ok(&["deepseek", "auth", "set", "--provider", "moonshot"]);
+        assert!(matches!(
+            cli.command,
+            Some(Commands::Auth(AuthArgs {
+                command: AuthCommand::Set {
+                    provider: ProviderArg::Moonshot,
+                    api_key: None,
+                    api_key_stdin: false,
+                }
+            }))
+        ));
+
         let cli = parse_ok(&["deepseek", "auth", "set", "--provider", "wanjie-ark"]);
         assert!(matches!(
             cli.command,
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index 9bfb089e..c1adc8da 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -30,6 +30,10 @@ const DEFAULT_OPENROUTER_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
 const DEFAULT_NOVITA_MODEL: &str = "deepseek/deepseek-v4-pro";
 const DEFAULT_NOVITA_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
 const DEFAULT_FIREWORKS_MODEL: &str = "accounts/fireworks/models/deepseek-v4-pro";
+const DEFAULT_MOONSHOT_MODEL: &str = "kimi-k2.6";
+const DEFAULT_MOONSHOT_BASE_URL: &str = "https://api.moonshot.ai/v1";
+const DEFAULT_KIMI_CODE_MODEL: &str = "kimi-for-coding";
+const DEFAULT_KIMI_CODE_BASE_URL: &str = "https://api.kimi.com/coding/v1";
 const DEFAULT_SGLANG_MODEL: &str = "deepseek-ai/DeepSeek-V4-Pro";
 const DEFAULT_SGLANG_FLASH_MODEL: &str = "deepseek-ai/DeepSeek-V4-Flash";
 const DEFAULT_OPENROUTER_BASE_URL: &str = "https://openrouter.ai/api/v1";
@@ -68,6 +72,7 @@ pub enum ProviderKind {
     Openrouter,
     Novita,
     Fireworks,
+    Moonshot,
     Sglang,
     Vllm,
     Ollama,
@@ -85,6 +90,7 @@ impl ProviderKind {
             Self::Openrouter => "openrouter",
             Self::Novita => "novita",
             Self::Fireworks => "fireworks",
+            Self::Moonshot => "moonshot",
             Self::Sglang => "sglang",
             Self::Vllm => "vllm",
             Self::Ollama => "ollama",
@@ -104,6 +110,7 @@ impl ProviderKind {
             "openrouter" | "open_router" => Some(Self::Openrouter),
             "novita" => Some(Self::Novita),
             "fireworks" | "fireworks-ai" => Some(Self::Fireworks),
+            "moonshot" | "moonshot-ai" | "kimi" | "kimi-k2" => Some(Self::Moonshot),
             "sglang" | "sg-lang" => Some(Self::Sglang),
             "vllm" | "v-llm" => Some(Self::Vllm),
             "ollama" | "ollama-local" => Some(Self::Ollama),
@@ -117,6 +124,7 @@ pub struct ProviderConfigToml {
     pub api_key: Option<String>,
     pub base_url: Option<String>,
     pub model: Option<String>,
+    pub auth_mode: Option<String>,
     #[serde(default)]
     pub http_headers: BTreeMap<String, String>,
 }
@@ -140,6 +148,8 @@ pub struct ProvidersToml {
     #[serde(default)]
     pub fireworks: ProviderConfigToml,
     #[serde(default)]
+    pub moonshot: ProviderConfigToml,
+    #[serde(default)]
     pub sglang: ProviderConfigToml,
     #[serde(default)]
     pub vllm: ProviderConfigToml,
@@ -159,6 +169,7 @@ impl ProvidersToml {
             ProviderKind::Openrouter => &self.openrouter,
             ProviderKind::Novita => &self.novita,
             ProviderKind::Fireworks => &self.fireworks,
+            ProviderKind::Moonshot => &self.moonshot,
             ProviderKind::Sglang => &self.sglang,
             ProviderKind::Vllm => &self.vllm,
             ProviderKind::Ollama => &self.ollama,
@@ -175,6 +186,7 @@ impl ProvidersToml {
             ProviderKind::Openrouter => &mut self.openrouter,
             ProviderKind::Novita => &mut self.novita,
             ProviderKind::Fireworks => &mut self.fireworks,
+            ProviderKind::Moonshot => &mut self.moonshot,
             ProviderKind::Sglang => &mut self.sglang,
             ProviderKind::Vllm => &mut self.vllm,
             ProviderKind::Ollama => &mut self.ollama,
@@ -979,6 +991,12 @@ impl ConfigToml {
         let root_deepseek_model = (provider == ProviderKind::Deepseek)
             .then(|| self.default_text_model.clone())
             .flatten();
+        let auth_mode = cli
+            .auth_mode
+            .clone()
+            .or_else(|| env.auth_mode.clone())
+            .or_else(|| provider_cfg.auth_mode.clone())
+            .or_else(|| self.auth_mode.clone());
         let base_url = cli
             .base_url
             .clone()
@@ -994,23 +1012,29 @@ impl ConfigToml {
                 ProviderKind::Openrouter => DEFAULT_OPENROUTER_BASE_URL.to_string(),
                 ProviderKind::Novita => DEFAULT_NOVITA_BASE_URL.to_string(),
                 ProviderKind::Fireworks => DEFAULT_FIREWORKS_BASE_URL.to_string(),
+                ProviderKind::Moonshot => {
+                    if auth_mode.as_deref().is_some_and(auth_mode_uses_kimi_oauth) {
+                        DEFAULT_KIMI_CODE_BASE_URL.to_string()
+                    } else {
+                        DEFAULT_MOONSHOT_BASE_URL.to_string()
+                    }
+                }
                 ProviderKind::Sglang => DEFAULT_SGLANG_BASE_URL.to_string(),
                 ProviderKind::Vllm => DEFAULT_VLLM_BASE_URL.to_string(),
                 ProviderKind::Ollama => DEFAULT_OLLAMA_BASE_URL.to_string(),
             });
-        let auth_mode = cli
-            .auth_mode
-            .clone()
-            .or_else(|| env.auth_mode.clone())
-            .or_else(|| self.auth_mode.clone());
         // CLI flag wins outright. Otherwise: config-file → injected secrets/env.
         // This makes `deepseek auth set` a reliable fix even when the user's
         // shell still exports an old key. When the file is empty, the injected
         // secrets façade recovers configured secret-store credentials before
         // falling back to ambient env.
+        let uses_kimi_oauth = provider == ProviderKind::Moonshot
+            && auth_mode.as_deref().is_some_and(auth_mode_uses_kimi_oauth);
         let from_file = provider_cfg.api_key.clone().or(root_deepseek_api_key);
         let (api_key, api_key_source) = if let Some(value) = cli.api_key.clone() {
             (Some(value), Some(RuntimeApiKeySource::Cli))
+        } else if uses_kimi_oauth {
+            (None, None)
         } else if let Some(value) = from_file.clone().filter(|v| !v.trim().is_empty()) {
             (Some(value), Some(RuntimeApiKeySource::ConfigFile))
         } else if should_skip_secret_store_for_provider(provider, &base_url, auth_mode.as_deref()) {
@@ -1045,7 +1069,15 @@ impl ConfigToml {
             .or_else(|| provider_cfg.model.clone())
             .or(root_deepseek_model)
             .or_else(|| self.model.clone())
-            .unwrap_or_else(|| default_model_for_provider(provider).to_string());
+            .unwrap_or_else(|| {
+                if provider == ProviderKind::Moonshot
+                    && auth_mode.as_deref().is_some_and(auth_mode_uses_kimi_oauth)
+                {
+                    DEFAULT_KIMI_CODE_MODEL.to_string()
+                } else {
+                    default_model_for_provider(provider).to_string()
+                }
+            });
         let model =
             if explicit_model && provider_preserves_custom_base_url_model(provider, &base_url) {
                 model.trim().to_string()
@@ -1174,6 +1206,7 @@ fn normalize_model_for_provider(provider: ProviderKind, model: &str) -> String {
         (ProviderKind::Fireworks, "deepseek-v4-pro" | "deepseek-v4pro") => {
             DEFAULT_FIREWORKS_MODEL.to_string()
         }
+        (ProviderKind::Moonshot, "kimi-k2.6" | "kimi-k2") => DEFAULT_MOONSHOT_MODEL.to_string(),
         (ProviderKind::Sglang, "deepseek-v4-pro" | "deepseek-v4pro") => {
             DEFAULT_SGLANG_MODEL.to_string()
         }
@@ -1204,6 +1237,7 @@ fn default_model_for_provider(provider: ProviderKind) -> &'static str {
         ProviderKind::Openrouter => DEFAULT_OPENROUTER_MODEL,
         ProviderKind::Novita => DEFAULT_NOVITA_MODEL,
         ProviderKind::Fireworks => DEFAULT_FIREWORKS_MODEL,
+        ProviderKind::Moonshot => DEFAULT_MOONSHOT_MODEL,
         ProviderKind::Sglang => DEFAULT_SGLANG_MODEL,
         ProviderKind::Vllm => DEFAULT_VLLM_MODEL,
         ProviderKind::Ollama => DEFAULT_OLLAMA_MODEL,
@@ -1220,6 +1254,7 @@ fn default_base_url_for_provider(provider: ProviderKind) -> &'static str {
         ProviderKind::Openrouter => DEFAULT_OPENROUTER_BASE_URL,
         ProviderKind::Novita => DEFAULT_NOVITA_BASE_URL,
         ProviderKind::Fireworks => DEFAULT_FIREWORKS_BASE_URL,
+        ProviderKind::Moonshot => DEFAULT_MOONSHOT_BASE_URL,
         ProviderKind::Sglang => DEFAULT_SGLANG_BASE_URL,
         ProviderKind::Vllm => DEFAULT_VLLM_BASE_URL,
         ProviderKind::Ollama => DEFAULT_OLLAMA_BASE_URL,
@@ -1282,6 +1317,17 @@ fn auth_mode_disables_api_key(auth_mode: Option<&str>) -> bool {
     )
 }
 
+fn auth_mode_uses_kimi_oauth(auth_mode: &str) -> bool {
+    matches!(
+        auth_mode
+            .trim()
+            .to_ascii_lowercase()
+            .replace('-', "_")
+            .as_str(),
+        "kimi" | "kimi_oauth" | "kimi_cli" | "oauth"
+    )
+}
+
 fn base_url_uses_local_host(base_url: &str) -> bool {
     let Some(host) = base_url_host(base_url) else {
         return false;
@@ -1672,6 +1718,7 @@ struct EnvRuntimeOverrides {
     provider: Option<ProviderKind>,
     model: Option<String>,
     wanjie_ark_model: Option<String>,
+    moonshot_model: Option<String>,
     output_mode: Option<String>,
     auth_mode: Option<String>,
     log_level: Option<String>,
@@ -1688,6 +1735,7 @@ struct EnvRuntimeOverrides {
     openrouter_base_url: Option<String>,
     novita_base_url: Option<String>,
     fireworks_base_url: Option<String>,
+    moonshot_base_url: Option<String>,
     sglang_base_url: Option<String>,
     vllm_base_url: Option<String>,
     ollama_base_url: Option<String>,
@@ -1705,6 +1753,11 @@ impl EnvRuntimeOverrides {
                 .or_else(|_| std::env::var("WANJIE_MAAS_MODEL"))
                 .ok()
                 .filter(|v| !v.trim().is_empty()),
+            moonshot_model: std::env::var("MOONSHOT_MODEL")
+                .or_else(|_| std::env::var("KIMI_MODEL_NAME"))
+                .or_else(|_| std::env::var("KIMI_MODEL"))
+                .ok()
+                .filter(|v| !v.trim().is_empty()),
             output_mode: std::env::var("DEEPSEEK_OUTPUT_MODE").ok(),
             auth_mode: std::env::var("DEEPSEEK_AUTH_MODE").ok(),
             log_level: std::env::var("DEEPSEEK_LOG_LEVEL").ok(),
@@ -1748,6 +1801,10 @@ impl EnvRuntimeOverrides {
             fireworks_base_url: std::env::var("FIREWORKS_BASE_URL")
                 .ok()
                 .filter(|v| !v.trim().is_empty()),
+            moonshot_base_url: std::env::var("MOONSHOT_BASE_URL")
+                .or_else(|_| std::env::var("KIMI_BASE_URL"))
+                .ok()
+                .filter(|v| !v.trim().is_empty()),
             sglang_base_url: std::env::var("SGLANG_BASE_URL")
                 .ok()
                 .filter(|v| !v.trim().is_empty()),
@@ -1772,6 +1829,7 @@ impl EnvRuntimeOverrides {
             ProviderKind::Openrouter => self.openrouter_base_url.clone(),
             ProviderKind::Novita => self.novita_base_url.clone(),
             ProviderKind::Fireworks => self.fireworks_base_url.clone(),
+            ProviderKind::Moonshot => self.moonshot_base_url.clone(),
             ProviderKind::Sglang => self.sglang_base_url.clone(),
             ProviderKind::Vllm => self.vllm_base_url.clone(),
             ProviderKind::Ollama => self.ollama_base_url.clone(),
@@ -1781,6 +1839,7 @@ impl EnvRuntimeOverrides {
     fn model_for(&self, provider: ProviderKind) -> Option<String> {
         match provider {
             ProviderKind::WanjieArk => self.wanjie_ark_model.clone(),
+            ProviderKind::Moonshot => self.moonshot_model.clone(),
             _ => None,
         }
     }
@@ -1839,6 +1898,13 @@ mod tests {
         novita_base_url: Option<OsString>,
         fireworks_api_key: Option<OsString>,
         fireworks_base_url: Option<OsString>,
+        moonshot_api_key: Option<OsString>,
+        moonshot_base_url: Option<OsString>,
+        moonshot_model: Option<OsString>,
+        kimi_api_key: Option<OsString>,
+        kimi_base_url: Option<OsString>,
+        kimi_model: Option<OsString>,
+        kimi_model_name: Option<OsString>,
         sglang_api_key: Option<OsString>,
         sglang_base_url: Option<OsString>,
         vllm_api_key: Option<OsString>,
@@ -1874,6 +1940,13 @@ mod tests {
                 novita_base_url: env::var_os("NOVITA_BASE_URL"),
                 fireworks_api_key: env::var_os("FIREWORKS_API_KEY"),
                 fireworks_base_url: env::var_os("FIREWORKS_BASE_URL"),
+                moonshot_api_key: env::var_os("MOONSHOT_API_KEY"),
+                moonshot_base_url: env::var_os("MOONSHOT_BASE_URL"),
+                moonshot_model: env::var_os("MOONSHOT_MODEL"),
+                kimi_api_key: env::var_os("KIMI_API_KEY"),
+                kimi_base_url: env::var_os("KIMI_BASE_URL"),
+                kimi_model: env::var_os("KIMI_MODEL"),
+                kimi_model_name: env::var_os("KIMI_MODEL_NAME"),
                 sglang_api_key: env::var_os("SGLANG_API_KEY"),
                 sglang_base_url: env::var_os("SGLANG_BASE_URL"),
                 vllm_api_key: env::var_os("VLLM_API_KEY"),
@@ -1907,6 +1980,13 @@ mod tests {
                 env::remove_var("NOVITA_BASE_URL");
                 env::remove_var("FIREWORKS_API_KEY");
                 env::remove_var("FIREWORKS_BASE_URL");
+                env::remove_var("MOONSHOT_API_KEY");
+                env::remove_var("MOONSHOT_BASE_URL");
+                env::remove_var("MOONSHOT_MODEL");
+                env::remove_var("KIMI_API_KEY");
+                env::remove_var("KIMI_BASE_URL");
+                env::remove_var("KIMI_MODEL");
+                env::remove_var("KIMI_MODEL_NAME");
                 env::remove_var("SGLANG_API_KEY");
                 env::remove_var("SGLANG_BASE_URL");
                 env::remove_var("VLLM_API_KEY");
@@ -1954,6 +2034,13 @@ mod tests {
                 Self::restore_var("NOVITA_BASE_URL", self.novita_base_url.take());
                 Self::restore_var("FIREWORKS_API_KEY", self.fireworks_api_key.take());
                 Self::restore_var("FIREWORKS_BASE_URL", self.fireworks_base_url.take());
+                Self::restore_var("MOONSHOT_API_KEY", self.moonshot_api_key.take());
+                Self::restore_var("MOONSHOT_BASE_URL", self.moonshot_base_url.take());
+                Self::restore_var("MOONSHOT_MODEL", self.moonshot_model.take());
+                Self::restore_var("KIMI_API_KEY", self.kimi_api_key.take());
+                Self::restore_var("KIMI_BASE_URL", self.kimi_base_url.take());
+                Self::restore_var("KIMI_MODEL", self.kimi_model.take());
+                Self::restore_var("KIMI_MODEL_NAME", self.kimi_model_name.take());
                 Self::restore_var("SGLANG_API_KEY", self.sglang_api_key.take());
                 Self::restore_var("SGLANG_BASE_URL", self.sglang_base_url.take());
                 Self::restore_var("VLLM_API_KEY", self.vllm_api_key.take());
@@ -2356,6 +2443,11 @@ mod tests {
             ProviderKind::parse("fireworks-ai"),
             Some(ProviderKind::Fireworks)
         );
+        assert_eq!(ProviderKind::parse("kimi"), Some(ProviderKind::Moonshot));
+        assert_eq!(
+            ProviderKind::parse("moonshot-ai"),
+            Some(ProviderKind::Moonshot)
+        );
         assert_eq!(ProviderKind::parse("sg-lang"), Some(ProviderKind::Sglang));
         assert_eq!(ProviderKind::parse("v-llm"), Some(ProviderKind::Vllm));
         assert_eq!(ProviderKind::parse("vllm"), Some(ProviderKind::Vllm));
@@ -2442,6 +2534,42 @@ mod tests {
         assert_eq!(resolved.model, DEFAULT_FIREWORKS_MODEL);
     }
 
+    #[test]
+    fn moonshot_provider_defaults_to_kimi_k2() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        let config = ConfigToml {
+            provider: ProviderKind::Moonshot,
+            ..ConfigToml::default()
+        };
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+        assert_eq!(resolved.base_url, DEFAULT_MOONSHOT_BASE_URL);
+        assert_eq!(resolved.model, DEFAULT_MOONSHOT_MODEL);
+    }
+
+    #[test]
+    fn moonshot_kimi_oauth_uses_kimi_code_endpoint_and_model() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        let mut config = ConfigToml {
+            provider: ProviderKind::Moonshot,
+            ..ConfigToml::default()
+        };
+        config.providers.moonshot.auth_mode = Some("kimi_oauth".to_string());
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+        assert_eq!(resolved.auth_mode.as_deref(), Some("kimi_oauth"));
+        assert_eq!(resolved.base_url, DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(resolved.model, DEFAULT_KIMI_CODE_MODEL);
+        assert_eq!(resolved.api_key, None);
+        assert_eq!(resolved.api_key_source, None);
+    }
+
     #[test]
     fn wanjie_ark_provider_defaults_to_openai_compatible_endpoint_and_model() {
         let _lock = env_lock();
@@ -2556,6 +2684,25 @@ mod tests {
         assert_eq!(store.gets.lock().unwrap().as_slice(), ["ollama"]);
     }
 
+    #[test]
+    fn moonshot_api_key_mode_can_use_secret_store_by_default() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        let store = Arc::new(RecordingSecretsStore::with_value("secret-store-key"));
+        let secrets = Secrets::new(store.clone());
+        let config = ConfigToml {
+            provider: ProviderKind::Moonshot,
+            ..ConfigToml::default()
+        };
+
+        let resolved =
+            config.resolve_runtime_options_with_secrets(&CliRuntimeOverrides::default(), &secrets);
+
+        assert_eq!(resolved.api_key.as_deref(), Some("secret-store-key"));
+        assert_eq!(resolved.api_key_source, Some(RuntimeApiKeySource::Keyring));
+        assert_eq!(store.gets.lock().unwrap().as_slice(), ["moonshot"]);
+    }
+
     #[test]
     fn loopback_custom_deepseek_base_url_does_not_probe_secret_store_by_default() {
         let _lock = env_lock();
diff --git a/crates/secrets/src/lib.rs b/crates/secrets/src/lib.rs
index f2616391..0254aa61 100644
--- a/crates/secrets/src/lib.rs
+++ b/crates/secrets/src/lib.rs
@@ -535,6 +535,7 @@ pub fn env_for(name: &str) -> Option<String> {
             &["NVIDIA_API_KEY", "NVIDIA_NIM_API_KEY", "DEEPSEEK_API_KEY"]
         }
         "fireworks" | "fireworks-ai" => &["FIREWORKS_API_KEY"],
+        "moonshot" | "moonshot-ai" | "kimi" | "kimi-k2" => &["MOONSHOT_API_KEY", "KIMI_API_KEY"],
         "sglang" | "sg-lang" => &["SGLANG_API_KEY"],
         "vllm" | "v-llm" => &["VLLM_API_KEY"],
         "ollama" | "ollama-local" => &["OLLAMA_API_KEY"],
diff --git a/crates/tui/Cargo.toml b/crates/tui/Cargo.toml
index f78b57a4..63720042 100644
--- a/crates/tui/Cargo.toml
+++ b/crates/tui/Cargo.toml
@@ -45,7 +45,7 @@ fd-lock = "4.0.4"
 futures-util = "0.3.31"
 ratatui = "0.30"
 regex = "1.11"
-reqwest = { version = "0.13.1", default-features = false, features = ["blocking", "json", "stream", "multipart", "rustls", "http2", "gzip", "brotli"] }
+reqwest = { version = "0.13.1", default-features = false, features = ["blocking", "json", "stream", "multipart", "form", "rustls", "http2", "gzip", "brotli"] }
 similar = "2"
 rustyline = "15.0.0"
 serde = { version = "1.0.228", features = ["derive"] }
diff --git a/crates/tui/src/client.rs b/crates/tui/src/client.rs
index 8ecd3e4c..570b2762 100644
--- a/crates/tui/src/client.rs
+++ b/crates/tui/src/client.rs
@@ -904,6 +904,7 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::Moonshot
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
@@ -941,6 +942,7 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::Moonshot
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
@@ -970,6 +972,7 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::Moonshot
             | ApiProvider::Ollama => {}
             ApiProvider::NvidiaNim => {
                 body["chat_template_kwargs"] = json!({
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index b4171255..12926b70 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -6,6 +6,7 @@ use std::fs;
 #[cfg(unix)]
 use std::io::Write as _;
 use std::path::{Path, PathBuf};
+use std::time::Duration;
 
 use anyhow::{Context, Result};
 use serde::{Deserialize, Serialize};
@@ -50,6 +51,10 @@ pub const DEFAULT_NOVITA_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
 pub const DEFAULT_NOVITA_BASE_URL: &str = "https://api.novita.ai/v1";
 pub const DEFAULT_FIREWORKS_MODEL: &str = "accounts/fireworks/models/deepseek-v4-pro";
 pub const DEFAULT_FIREWORKS_BASE_URL: &str = "https://api.fireworks.ai/inference/v1";
+pub const DEFAULT_MOONSHOT_MODEL: &str = "kimi-k2.6";
+pub const DEFAULT_MOONSHOT_BASE_URL: &str = "https://api.moonshot.ai/v1";
+pub const DEFAULT_KIMI_CODE_MODEL: &str = "kimi-for-coding";
+pub const DEFAULT_KIMI_CODE_BASE_URL: &str = "https://api.kimi.com/coding/v1";
 pub const DEFAULT_SGLANG_MODEL: &str = "deepseek-ai/DeepSeek-V4-Pro";
 pub const DEFAULT_SGLANG_FLASH_MODEL: &str = "deepseek-ai/DeepSeek-V4-Flash";
 pub const DEFAULT_SGLANG_BASE_URL: &str = "http://localhost:30000/v1";
@@ -88,6 +93,7 @@ pub enum ApiProvider {
     Openrouter,
     Novita,
     Fireworks,
+    Moonshot,
     Sglang,
     Vllm,
     Ollama,
@@ -109,6 +115,7 @@ impl ApiProvider {
             "openrouter" | "open_router" => Some(Self::Openrouter),
             "novita" => Some(Self::Novita),
             "fireworks" | "fireworks-ai" => Some(Self::Fireworks),
+            "moonshot" | "moonshot-ai" | "kimi" | "kimi-k2" => Some(Self::Moonshot),
             "sglang" | "sg-lang" => Some(Self::Sglang),
             "vllm" | "v-llm" => Some(Self::Vllm),
             "ollama" | "ollama-local" => Some(Self::Ollama),
@@ -128,6 +135,7 @@ impl ApiProvider {
             Self::Openrouter => "openrouter",
             Self::Novita => "novita",
             Self::Fireworks => "fireworks",
+            Self::Moonshot => "moonshot",
             Self::Sglang => "sglang",
             Self::Vllm => "vllm",
             Self::Ollama => "ollama",
@@ -147,6 +155,7 @@ impl ApiProvider {
             Self::Openrouter => "OpenRouter",
             Self::Novita => "Novita AI",
             Self::Fireworks => "Fireworks AI",
+            Self::Moonshot => "Moonshot/Kimi",
             Self::Sglang => "SGLang",
             Self::Vllm => "vLLM",
             Self::Ollama => "Ollama",
@@ -165,6 +174,7 @@ impl ApiProvider {
             Self::Openrouter,
             Self::Novita,
             Self::Fireworks,
+            Self::Moonshot,
             Self::Sglang,
             Self::Vllm,
             Self::Ollama,
@@ -233,7 +243,10 @@ pub enum RequestPayloadMode {
 /// in the API payload (after normalization / provider-specific mapping).
 #[must_use]
 pub fn provider_capability(provider: ApiProvider, resolved_model: &str) -> ProviderCapability {
-    if matches!(provider, ApiProvider::Openai | ApiProvider::Atlascloud) {
+    if matches!(
+        provider,
+        ApiProvider::Openai | ApiProvider::Atlascloud | ApiProvider::Moonshot
+    ) {
         return ProviderCapability {
             provider,
             resolved_model: resolved_model.to_string(),
@@ -420,6 +433,7 @@ pub fn model_completion_names_for_provider(provider: ApiProvider) -> Vec<&'stati
         ApiProvider::Openrouter => vec![DEFAULT_OPENROUTER_MODEL, DEFAULT_OPENROUTER_FLASH_MODEL],
         ApiProvider::Novita => vec![DEFAULT_NOVITA_MODEL, DEFAULT_NOVITA_FLASH_MODEL],
         ApiProvider::Fireworks => vec![DEFAULT_FIREWORKS_MODEL],
+        ApiProvider::Moonshot => vec![DEFAULT_MOONSHOT_MODEL],
         ApiProvider::WanjieArk => vec![DEFAULT_WANJIE_ARK_MODEL],
         ApiProvider::Sglang => vec![DEFAULT_SGLANG_MODEL, DEFAULT_SGLANG_FLASH_MODEL],
         ApiProvider::Vllm => vec![DEFAULT_VLLM_MODEL, DEFAULT_VLLM_FLASH_MODEL],
@@ -922,6 +936,7 @@ pub struct Config {
     /// Optional extra HTTP headers sent to model API requests.
     pub http_headers: Option<HashMap<String, String>>,
     pub default_text_model: Option<String>,
+    pub auth_mode: Option<String>,
     /// DeepSeek reasoning-effort tier: `"off" | "low" | "medium" | "high" | "max"`.
     /// Defaults to `"max"` at runtime if unset.
     pub reasoning_effort: Option<String>,
@@ -1209,6 +1224,7 @@ pub struct ProviderConfig {
     pub api_key: Option<String>,
     pub base_url: Option<String>,
     pub model: Option<String>,
+    pub auth_mode: Option<String>,
     pub http_headers: Option<HashMap<String, String>>,
 }
 
@@ -1233,6 +1249,8 @@ pub struct ProvidersConfig {
     #[serde(default)]
     pub fireworks: ProviderConfig,
     #[serde(default)]
+    pub moonshot: ProviderConfig,
+    #[serde(default)]
     pub sglang: ProviderConfig,
     #[serde(default)]
     pub vllm: ProviderConfig,
@@ -1343,6 +1361,7 @@ impl Config {
             ApiProvider::Openrouter => "providers.openrouter",
             ApiProvider::Novita => "providers.novita",
             ApiProvider::Fireworks => "providers.fireworks",
+            ApiProvider::Moonshot => "providers.moonshot",
             ApiProvider::Sglang => "providers.sglang",
             ApiProvider::Vllm => "providers.vllm",
             ApiProvider::Ollama => "providers.ollama",
@@ -1484,6 +1503,7 @@ impl Config {
             ApiProvider::Openrouter => &providers.openrouter,
             ApiProvider::Novita => &providers.novita,
             ApiProvider::Fireworks => &providers.fireworks,
+            ApiProvider::Moonshot => &providers.moonshot,
             ApiProvider::Sglang => &providers.sglang,
             ApiProvider::Vllm => &providers.vllm,
             ApiProvider::Ollama => &providers.ollama,
@@ -1550,6 +1570,13 @@ impl Config {
         {
             return model_for_provider(provider, normalized);
         }
+        if provider == ApiProvider::Moonshot
+            && self
+                .provider_config()
+                .is_some_and(provider_config_uses_kimi_oauth)
+        {
+            return DEFAULT_KIMI_CODE_MODEL.to_string();
+        }
 
         match provider {
             ApiProvider::Deepseek | ApiProvider::DeepseekCN => DEFAULT_TEXT_MODEL,
@@ -1560,6 +1587,7 @@ impl Config {
             ApiProvider::Openrouter => DEFAULT_OPENROUTER_MODEL,
             ApiProvider::Novita => DEFAULT_NOVITA_MODEL,
             ApiProvider::Fireworks => DEFAULT_FIREWORKS_MODEL,
+            ApiProvider::Moonshot => DEFAULT_MOONSHOT_MODEL,
             ApiProvider::Sglang => DEFAULT_SGLANG_MODEL,
             ApiProvider::Vllm => DEFAULT_VLLM_MODEL,
             ApiProvider::Ollama => DEFAULT_OLLAMA_MODEL,
@@ -1591,6 +1619,7 @@ impl Config {
             | ApiProvider::Openrouter
             | ApiProvider::Novita
             | ApiProvider::Fireworks
+            | ApiProvider::Moonshot
             | ApiProvider::Sglang
             | ApiProvider::Vllm
             | ApiProvider::Ollama => None,
@@ -1606,6 +1635,16 @@ impl Config {
                 ApiProvider::Openrouter => DEFAULT_OPENROUTER_BASE_URL,
                 ApiProvider::Novita => DEFAULT_NOVITA_BASE_URL,
                 ApiProvider::Fireworks => DEFAULT_FIREWORKS_BASE_URL,
+                ApiProvider::Moonshot => {
+                    if self
+                        .provider_config()
+                        .is_some_and(provider_config_uses_kimi_oauth)
+                    {
+                        DEFAULT_KIMI_CODE_BASE_URL
+                    } else {
+                        DEFAULT_MOONSHOT_BASE_URL
+                    }
+                }
                 ApiProvider::Sglang => DEFAULT_SGLANG_BASE_URL,
                 ApiProvider::Vllm => DEFAULT_VLLM_BASE_URL,
                 ApiProvider::Ollama => DEFAULT_OLLAMA_BASE_URL,
@@ -1639,6 +1678,7 @@ impl Config {
             ApiProvider::Openrouter => "openrouter",
             ApiProvider::Novita => "novita",
             ApiProvider::Fireworks => "fireworks",
+            ApiProvider::Moonshot => "moonshot",
             ApiProvider::Sglang => "sglang",
             ApiProvider::Vllm => "vllm",
             ApiProvider::Ollama => "ollama",
@@ -1655,6 +1695,14 @@ impl Config {
             return Ok(configured.clone());
         }
 
+        if provider == ApiProvider::Moonshot
+            && self
+                .provider_config_for(provider)
+                .is_some_and(provider_config_uses_kimi_oauth)
+        {
+            return kimi_cli_oauth_access_token();
+        }
+
         // 1. Config file (provider-scoped slot). This intentionally wins
         // over ambient env so `codewhale auth set` fixes stale shell exports.
         if let Some(configured) = self
@@ -1721,6 +1769,11 @@ impl Config {
                 "Fireworks AI API key not found. Run 'codewhale auth set --provider fireworks', \
                  set FIREWORKS_API_KEY, or add [providers.fireworks] api_key in ~/.deepseek/config.toml."
             ),
+            ApiProvider::Moonshot => anyhow::bail!(
+                "Moonshot/Kimi API key not found. Run 'codewhale auth set --provider moonshot', \
+                 set MOONSHOT_API_KEY/KIMI_API_KEY, add [providers.moonshot] api_key, \
+                 or run `kimi login` and set [providers.moonshot] auth_mode = \"kimi_oauth\"."
+            ),
             // Self-hosted deployments commonly run without auth on localhost.
             // Return an empty key and let the client omit the Authorization header.
             ApiProvider::Sglang | ApiProvider::Vllm | ApiProvider::Ollama => Ok(String::new()),
@@ -2262,6 +2315,13 @@ fn apply_env_overrides(config: &mut Config) {
                     .fireworks
                     .base_url = Some(value);
             }
+            ApiProvider::Moonshot => {
+                config
+                    .providers
+                    .get_or_insert_with(ProvidersConfig::default)
+                    .moonshot
+                    .base_url = Some(value);
+            }
             ApiProvider::Sglang => {
                 config
                     .providers
@@ -2368,6 +2428,17 @@ fn apply_env_overrides(config: &mut Config) {
             .fireworks
             .base_url = Some(value);
     }
+    if matches!(config.api_provider(), ApiProvider::Moonshot)
+        && let Ok(value) =
+            std::env::var("MOONSHOT_BASE_URL").or_else(|_| std::env::var("KIMI_BASE_URL"))
+        && !value.trim().is_empty()
+    {
+        config
+            .providers
+            .get_or_insert_with(ProvidersConfig::default)
+            .moonshot
+            .base_url = Some(value);
+    }
     if matches!(config.api_provider(), ApiProvider::Sglang)
         && let Ok(value) = std::env::var("SGLANG_BASE_URL")
         && !value.trim().is_empty()
@@ -2410,6 +2481,7 @@ fn apply_env_overrides(config: &mut Config) {
             ApiProvider::Openrouter => &mut providers.openrouter,
             ApiProvider::Novita => &mut providers.novita,
             ApiProvider::Fireworks => &mut providers.fireworks,
+            ApiProvider::Moonshot => &mut providers.moonshot,
             ApiProvider::Sglang => &mut providers.sglang,
             ApiProvider::Vllm => &mut providers.vllm,
             ApiProvider::Ollama => &mut providers.ollama,
@@ -2468,6 +2540,17 @@ fn apply_env_overrides(config: &mut Config) {
             .wanjie_ark
             .model = Some(value);
     }
+    if matches!(config.api_provider(), ApiProvider::Moonshot)
+        && let Ok(value) = std::env::var("MOONSHOT_MODEL")
+            .or_else(|_| std::env::var("KIMI_MODEL_NAME"))
+            .or_else(|_| std::env::var("KIMI_MODEL"))
+    {
+        config
+            .providers
+            .get_or_insert_with(ProvidersConfig::default)
+            .moonshot
+            .model = Some(value);
+    }
     if let Ok(value) =
         std::env::var("DEEPSEEK_MODEL").or_else(|_| std::env::var("DEEPSEEK_DEFAULT_TEXT_MODEL"))
     {
@@ -2497,6 +2580,7 @@ fn apply_env_overrides(config: &mut Config) {
                 ApiProvider::Openrouter => &mut providers.openrouter,
                 ApiProvider::Novita => &mut providers.novita,
                 ApiProvider::Fireworks => &mut providers.fireworks,
+                ApiProvider::Moonshot => &mut providers.moonshot,
                 ApiProvider::Sglang => &mut providers.sglang,
                 ApiProvider::Vllm => &mut providers.vllm,
                 ApiProvider::Ollama => &mut providers.ollama,
@@ -2724,6 +2808,12 @@ fn normalize_model_config(config: &mut Config) {
         {
             providers.fireworks.model = Some(normalized);
         }
+        if let Some(model) = providers.moonshot.model.as_deref()
+            && !provider_entry_uses_custom_base_url(ApiProvider::Moonshot, &providers.moonshot)
+            && let Some(normalized) = normalize_model_for_provider(ApiProvider::Moonshot, model)
+        {
+            providers.moonshot.model = Some(normalized);
+        }
         if let Some(model) = providers.sglang.model.as_deref()
             && !provider_entry_uses_custom_base_url(ApiProvider::Sglang, &providers.sglang)
             && let Some(normalized) = normalize_model_for_provider(ApiProvider::Sglang, model)
@@ -2752,6 +2842,7 @@ pub(crate) fn provider_passes_model_through(provider: ApiProvider) -> bool {
         ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::Moonshot
             | ApiProvider::Ollama
     )
 }
@@ -2774,6 +2865,7 @@ fn default_base_url_for_provider(provider: ApiProvider) -> &'static str {
         ApiProvider::Openrouter => DEFAULT_OPENROUTER_BASE_URL,
         ApiProvider::Novita => DEFAULT_NOVITA_BASE_URL,
         ApiProvider::Fireworks => DEFAULT_FIREWORKS_BASE_URL,
+        ApiProvider::Moonshot => DEFAULT_MOONSHOT_BASE_URL,
         ApiProvider::Sglang => DEFAULT_SGLANG_BASE_URL,
         ApiProvider::Vllm => DEFAULT_VLLM_BASE_URL,
         ApiProvider::Ollama => DEFAULT_OLLAMA_BASE_URL,
@@ -2788,6 +2880,27 @@ fn provider_preserves_custom_base_url_model(provider: ApiProvider, base_url: &st
     base_url_is_custom_for_provider(provider, base_url)
 }
 
+fn provider_config_uses_kimi_oauth(config: &ProviderConfig) -> bool {
+    config
+        .auth_mode
+        .as_deref()
+        .is_some_and(auth_mode_uses_kimi_oauth)
+}
+
+fn auth_mode_uses_kimi_oauth(mode: &str) -> bool {
+    matches!(
+        normalize_auth_mode(mode).as_str(),
+        "kimi" | "kimi_oauth" | "kimi_cli" | "oauth"
+    )
+}
+
+fn normalize_auth_mode(mode: &str) -> String {
+    mode.trim()
+        .to_ascii_lowercase()
+        .replace('-', "_")
+        .replace(' ', "_")
+}
+
 fn base_url_uses_local_host(base_url: &str) -> bool {
     let Some(host) = base_url_host(base_url) else {
         return false;
@@ -2902,6 +3015,7 @@ fn merge_config(base: Config, override_cfg: Config) -> Config {
         base_url: override_cfg.base_url.or(base.base_url),
         http_headers: override_cfg.http_headers.or(base.http_headers),
         default_text_model: override_cfg.default_text_model.or(base.default_text_model),
+        auth_mode: override_cfg.auth_mode.or(base.auth_mode),
         reasoning_effort: override_cfg.reasoning_effort.or(base.reasoning_effort),
         tools_file: override_cfg.tools_file.or(base.tools_file),
         skills_dir: override_cfg.skills_dir.or(base.skills_dir),
@@ -2979,6 +3093,7 @@ fn merge_provider_config(base: ProviderConfig, override_cfg: ProviderConfig) ->
         api_key: override_cfg.api_key.or(base.api_key),
         base_url: override_cfg.base_url.or(base.base_url),
         model: override_cfg.model.or(base.model),
+        auth_mode: override_cfg.auth_mode.or(base.auth_mode),
         http_headers: override_cfg.http_headers.or(base.http_headers),
     }
 }
@@ -3001,6 +3116,7 @@ fn merge_providers(
             openrouter: merge_provider_config(base.openrouter, override_cfg.openrouter),
             novita: merge_provider_config(base.novita, override_cfg.novita),
             fireworks: merge_provider_config(base.fireworks, override_cfg.fireworks),
+            moonshot: merge_provider_config(base.moonshot, override_cfg.moonshot),
             sglang: merge_provider_config(base.sglang, override_cfg.sglang),
             vllm: merge_provider_config(base.vllm, override_cfg.vllm),
             ollama: merge_provider_config(base.ollama, override_cfg.ollama),
@@ -3373,6 +3489,14 @@ pub fn has_api_key(config: &Config) -> bool {
 pub fn active_provider_has_config_api_key(config: &Config) -> bool {
     let provider = config.api_provider();
 
+    if provider == ApiProvider::Moonshot
+        && config
+            .provider_config_for(provider)
+            .is_some_and(provider_config_uses_kimi_oauth)
+    {
+        return kimi_cli_credentials_present();
+    }
+
     if config
         .provider_config_for(provider)
         .and_then(|entry| entry.api_key.as_ref())
@@ -3414,6 +3538,10 @@ pub fn active_provider_has_env_api_key(config: &Config) -> bool {
         ApiProvider::Fireworks => {
             std::env::var("FIREWORKS_API_KEY").is_ok_and(|k| !k.trim().is_empty())
         }
+        ApiProvider::Moonshot => {
+            std::env::var("MOONSHOT_API_KEY").is_ok_and(|k| !k.trim().is_empty())
+                || std::env::var("KIMI_API_KEY").is_ok_and(|k| !k.trim().is_empty())
+        }
         ApiProvider::Sglang => std::env::var("SGLANG_API_KEY").is_ok_and(|k| !k.trim().is_empty()),
         ApiProvider::Vllm => std::env::var("VLLM_API_KEY").is_ok_and(|k| !k.trim().is_empty()),
         ApiProvider::Ollama => std::env::var("OLLAMA_API_KEY").is_ok_and(|k| !k.trim().is_empty()),
@@ -3439,6 +3567,7 @@ pub fn has_api_key_for(config: &Config, provider: ApiProvider) -> bool {
         ApiProvider::Openrouter => "OPENROUTER_API_KEY",
         ApiProvider::Novita => "NOVITA_API_KEY",
         ApiProvider::Fireworks => "FIREWORKS_API_KEY",
+        ApiProvider::Moonshot => "MOONSHOT_API_KEY",
         ApiProvider::Sglang => "SGLANG_API_KEY",
         ApiProvider::Vllm => "VLLM_API_KEY",
         ApiProvider::Ollama => "OLLAMA_API_KEY",
@@ -3457,6 +3586,19 @@ pub fn has_api_key_for(config: &Config, provider: ApiProvider) -> bool {
     {
         return true;
     }
+    if matches!(provider, ApiProvider::Moonshot)
+        && std::env::var("KIMI_API_KEY").is_ok_and(|k| !k.trim().is_empty())
+    {
+        return true;
+    }
+
+    if provider == ApiProvider::Moonshot
+        && config
+            .provider_config_for(provider)
+            .is_some_and(provider_config_uses_kimi_oauth)
+    {
+        return kimi_cli_credentials_present();
+    }
 
     // Self-hosted providers typically run without authentication.
     if matches!(
@@ -3519,6 +3661,7 @@ pub fn save_api_key_for(provider: ApiProvider, api_key: &str) -> Result<PathBuf>
         ApiProvider::Openrouter => "providers.openrouter",
         ApiProvider::Novita => "providers.novita",
         ApiProvider::Fireworks => "providers.fireworks",
+        ApiProvider::Moonshot => "providers.moonshot",
         ApiProvider::Sglang => "providers.sglang",
         ApiProvider::Vllm => "providers.vllm",
         ApiProvider::Ollama => "providers.ollama",
@@ -3555,6 +3698,7 @@ pub fn save_api_key_for(provider: ApiProvider, api_key: &str) -> Result<PathBuf>
         ApiProvider::Openrouter => "openrouter",
         ApiProvider::Novita => "novita",
         ApiProvider::Fireworks => "fireworks",
+        ApiProvider::Moonshot => "moonshot",
         ApiProvider::Sglang => "sglang",
         ApiProvider::Vllm => "vllm",
         ApiProvider::Ollama => "ollama",
@@ -3584,6 +3728,215 @@ pub fn save_api_key_for(provider: ApiProvider, api_key: &str) -> Result<PathBuf>
     Ok(config_path)
 }
 
+pub fn save_provider_auth_mode_for(provider: ApiProvider, auth_mode: &str) -> Result<PathBuf> {
+    let config_path = default_config_path()
+        .context("Failed to resolve config path: home directory not found.")?;
+    ensure_parent_dir(&config_path)?;
+
+    let mut doc: toml::Value = if config_path.exists() {
+        let raw = fs::read_to_string(&config_path)?;
+        toml::from_str(&raw)
+            .with_context(|| format!("Failed to parse config at {}", config_path.display()))?
+    } else {
+        toml::Value::Table(toml::value::Table::new())
+    };
+
+    let table = doc
+        .as_table_mut()
+        .context("Config root must be a TOML table.")?;
+    let providers = table
+        .entry("providers".to_string())
+        .or_insert_with(|| toml::Value::Table(toml::value::Table::new()))
+        .as_table_mut()
+        .context("`providers` must be a table.")?;
+    let key_inside = provider_config_key(provider).context("provider auth mode key")?;
+    let entry = providers
+        .entry(key_inside.to_string())
+        .or_insert_with(|| toml::Value::Table(toml::value::Table::new()))
+        .as_table_mut()
+        .with_context(|| format!("`providers.{key_inside}` must be a table."))?;
+    entry.insert(
+        "auth_mode".to_string(),
+        toml::Value::String(auth_mode.to_string()),
+    );
+
+    let serialized = toml::to_string_pretty(&doc).context("failed to serialize updated config")?;
+    write_config_file_secure(&config_path, &serialized)
+        .with_context(|| format!("Failed to write config to {}", config_path.display()))?;
+    log_sensitive_event(
+        "credential.auth_mode.set",
+        json!({
+            "backend": "config_file",
+            "provider": provider.as_str(),
+            "auth_mode": auth_mode,
+            "config_path": config_path.display().to_string(),
+        }),
+    );
+    Ok(config_path)
+}
+
+fn provider_config_key(provider: ApiProvider) -> Result<&'static str> {
+    match provider {
+        ApiProvider::Deepseek | ApiProvider::DeepseekCN => {
+            anyhow::bail!("DeepSeek stores auth at the root config level")
+        }
+        ApiProvider::NvidiaNim => Ok("nvidia_nim"),
+        ApiProvider::Openai => Ok("openai"),
+        ApiProvider::Atlascloud => Ok("atlascloud"),
+        ApiProvider::WanjieArk => Ok("wanjie_ark"),
+        ApiProvider::Openrouter => Ok("openrouter"),
+        ApiProvider::Novita => Ok("novita"),
+        ApiProvider::Fireworks => Ok("fireworks"),
+        ApiProvider::Moonshot => Ok("moonshot"),
+        ApiProvider::Sglang => Ok("sglang"),
+        ApiProvider::Vllm => Ok("vllm"),
+        ApiProvider::Ollama => Ok("ollama"),
+    }
+}
+
+const KIMI_CODE_CLIENT_ID: &str = "17e5f671-d194-4dfb-9706-5516cb48c098";
+const KIMI_CODE_CREDENTIAL_FILE: &str = "kimi-code.json";
+
+#[derive(Debug, Clone, Deserialize, Serialize)]
+struct KimiOAuthCredential {
+    access_token: Option<String>,
+    refresh_token: Option<String>,
+    expires_at: Option<f64>,
+    expires_in: Option<f64>,
+    scope: Option<String>,
+    token_type: Option<String>,
+}
+
+fn kimi_cli_oauth_access_token() -> Result<String> {
+    let path = kimi_cli_oauth_credentials_path()?;
+    let raw = fs::read_to_string(&path).with_context(|| {
+        format!(
+            "Kimi OAuth credentials not found at {}. Run `kimi login`, then set \
+             [providers.moonshot] auth_mode = \"kimi_oauth\".",
+            path.display()
+        )
+    })?;
+    let mut credential: KimiOAuthCredential =
+        serde_json::from_str(&raw).context("Failed to parse Kimi OAuth credentials")?;
+
+    if kimi_oauth_access_token_is_fresh(&credential) {
+        return credential
+            .access_token
+            .filter(|token| !token.trim().is_empty())
+            .context("Kimi OAuth access token is empty");
+    }
+
+    let refresh_token = credential
+        .refresh_token
+        .as_deref()
+        .filter(|token| !token.trim().is_empty())
+        .context("Kimi OAuth refresh token is empty. Run `kimi login` again.")?;
+    credential = refresh_kimi_oauth_token(refresh_token)?;
+    write_kimi_oauth_credential(&path, &credential)?;
+    credential
+        .access_token
+        .filter(|token| !token.trim().is_empty())
+        .context("Kimi OAuth refresh returned an empty access token")
+}
+
+fn kimi_oauth_access_token_is_fresh(credential: &KimiOAuthCredential) -> bool {
+    let Some(now) = now_unix_secs() else {
+        return false;
+    };
+
+    credential
+        .access_token
+        .as_deref()
+        .is_some_and(|token| !token.trim().is_empty())
+        && credential
+            .expires_at
+            .is_some_and(|expires_at| expires_at - now > 60.0)
+}
+
+fn refresh_kimi_oauth_token(refresh_token: &str) -> Result<KimiOAuthCredential> {
+    let oauth_host = std::env::var("KIMI_CODE_OAUTH_HOST")
+        .or_else(|_| std::env::var("KIMI_OAUTH_HOST"))
+        .unwrap_or_else(|_| "https://auth.kimi.com".to_string());
+    let url = format!("{}/api/oauth/token", oauth_host.trim_end_matches('/'));
+    let client = reqwest::blocking::Client::builder()
+        .timeout(Duration::from_secs(15))
+        .build()
+        .context("Failed to build Kimi OAuth refresh client")?;
+    let params = [
+        ("client_id", KIMI_CODE_CLIENT_ID),
+        ("grant_type", "refresh_token"),
+        ("refresh_token", refresh_token),
+    ];
+    let response = client
+        .post(url)
+        .header("X-Msh-Platform", "kimi_cli")
+        .header("X-Msh-Version", env!("CARGO_PKG_VERSION"))
+        .form(&params)
+        .send()
+        .context("Kimi OAuth refresh request failed")?;
+    let status = response.status();
+    if !status.is_success() {
+        anyhow::bail!("Kimi OAuth refresh failed with HTTP {status}. Run `kimi login` again.");
+    }
+
+    let mut refreshed: KimiOAuthCredential = response
+        .json()
+        .context("Failed to parse Kimi OAuth refresh response")?;
+    if let Some(expires_in) = refreshed.expires_in
+        && let Some(now) = now_unix_secs()
+    {
+        refreshed.expires_at = Some(now + expires_in);
+    }
+    Ok(refreshed)
+}
+
+fn kimi_cli_oauth_credentials_path() -> Result<PathBuf> {
+    let share_dir = std::env::var("KIMI_SHARE_DIR")
+        .map(PathBuf::from)
+        .or_else(|_| {
+            effective_home_dir()
+                .map(|home| home.join(".kimi"))
+                .ok_or(std::env::VarError::NotPresent)
+        })
+        .context("Failed to resolve Kimi share directory")?;
+    Ok(share_dir
+        .join("credentials")
+        .join(KIMI_CODE_CREDENTIAL_FILE))
+}
+
+fn write_kimi_oauth_credential(path: &Path, credential: &KimiOAuthCredential) -> Result<()> {
+    let serialized = serde_json::to_vec_pretty(credential)
+        .context("Failed to serialize Kimi OAuth credentials")?;
+    crate::utils::write_atomic(path, &serialized).with_context(|| {
+        format!(
+            "Failed to write Kimi OAuth credentials to {}",
+            path.display()
+        )
+    })?;
+    #[cfg(unix)]
+    if let Err(err) = fs::set_permissions(path, fs::Permissions::from_mode(0o600)) {
+        tracing::warn!(
+            target: "codewhale::config",
+            path = %path.display(),
+            error = %err,
+            "could not enforce 0o600 on Kimi OAuth credentials; relying on host ACLs"
+        );
+    }
+    Ok(())
+}
+
+fn now_unix_secs() -> Option<f64> {
+    std::time::SystemTime::now()
+        .duration_since(std::time::UNIX_EPOCH)
+        .map(|duration| duration.as_secs_f64())
+        .ok()
+}
+
+#[must_use]
+pub fn kimi_cli_credentials_present() -> bool {
+    kimi_cli_oauth_credentials_path().is_ok_and(|path| path.exists())
+}
+
 /// Clear the API key from config-file storage.
 ///
 /// `/logout` calls this to wipe credentials so the next request can't
@@ -3735,6 +4088,16 @@ mod tests {
         novita_base_url: Option<OsString>,
         fireworks_api_key: Option<OsString>,
         fireworks_base_url: Option<OsString>,
+        moonshot_api_key: Option<OsString>,
+        moonshot_base_url: Option<OsString>,
+        moonshot_model: Option<OsString>,
+        kimi_api_key: Option<OsString>,
+        kimi_base_url: Option<OsString>,
+        kimi_model: Option<OsString>,
+        kimi_model_name: Option<OsString>,
+        kimi_share_dir: Option<OsString>,
+        kimi_code_oauth_host: Option<OsString>,
+        kimi_oauth_host: Option<OsString>,
         sglang_api_key: Option<OsString>,
         sglang_base_url: Option<OsString>,
         sglang_model: Option<OsString>,
@@ -3787,6 +4150,16 @@ mod tests {
             let novita_base_url_prev = env::var_os("NOVITA_BASE_URL");
             let fireworks_api_key_prev = env::var_os("FIREWORKS_API_KEY");
             let fireworks_base_url_prev = env::var_os("FIREWORKS_BASE_URL");
+            let moonshot_api_key_prev = env::var_os("MOONSHOT_API_KEY");
+            let moonshot_base_url_prev = env::var_os("MOONSHOT_BASE_URL");
+            let moonshot_model_prev = env::var_os("MOONSHOT_MODEL");
+            let kimi_api_key_prev = env::var_os("KIMI_API_KEY");
+            let kimi_base_url_prev = env::var_os("KIMI_BASE_URL");
+            let kimi_model_prev = env::var_os("KIMI_MODEL");
+            let kimi_model_name_prev = env::var_os("KIMI_MODEL_NAME");
+            let kimi_share_dir_prev = env::var_os("KIMI_SHARE_DIR");
+            let kimi_code_oauth_host_prev = env::var_os("KIMI_CODE_OAUTH_HOST");
+            let kimi_oauth_host_prev = env::var_os("KIMI_OAUTH_HOST");
             let sglang_api_key_prev = env::var_os("SGLANG_API_KEY");
             let sglang_base_url_prev = env::var_os("SGLANG_BASE_URL");
             let sglang_model_prev = env::var_os("SGLANG_MODEL");
@@ -3834,6 +4207,16 @@ mod tests {
                 env::remove_var("NOVITA_BASE_URL");
                 env::remove_var("FIREWORKS_API_KEY");
                 env::remove_var("FIREWORKS_BASE_URL");
+                env::remove_var("MOONSHOT_API_KEY");
+                env::remove_var("MOONSHOT_BASE_URL");
+                env::remove_var("MOONSHOT_MODEL");
+                env::remove_var("KIMI_API_KEY");
+                env::remove_var("KIMI_BASE_URL");
+                env::remove_var("KIMI_MODEL");
+                env::remove_var("KIMI_MODEL_NAME");
+                env::remove_var("KIMI_SHARE_DIR");
+                env::remove_var("KIMI_CODE_OAUTH_HOST");
+                env::remove_var("KIMI_OAUTH_HOST");
                 env::remove_var("SGLANG_API_KEY");
                 env::remove_var("SGLANG_BASE_URL");
                 env::remove_var("SGLANG_MODEL");
@@ -3881,6 +4264,16 @@ mod tests {
                 novita_base_url: novita_base_url_prev,
                 fireworks_api_key: fireworks_api_key_prev,
                 fireworks_base_url: fireworks_base_url_prev,
+                moonshot_api_key: moonshot_api_key_prev,
+                moonshot_base_url: moonshot_base_url_prev,
+                moonshot_model: moonshot_model_prev,
+                kimi_api_key: kimi_api_key_prev,
+                kimi_base_url: kimi_base_url_prev,
+                kimi_model: kimi_model_prev,
+                kimi_model_name: kimi_model_name_prev,
+                kimi_share_dir: kimi_share_dir_prev,
+                kimi_code_oauth_host: kimi_code_oauth_host_prev,
+                kimi_oauth_host: kimi_oauth_host_prev,
                 sglang_api_key: sglang_api_key_prev,
                 sglang_base_url: sglang_base_url_prev,
                 sglang_model: sglang_model_prev,
@@ -3937,6 +4330,16 @@ mod tests {
                 Self::restore_var("NOVITA_BASE_URL", self.novita_base_url.take());
                 Self::restore_var("FIREWORKS_API_KEY", self.fireworks_api_key.take());
                 Self::restore_var("FIREWORKS_BASE_URL", self.fireworks_base_url.take());
+                Self::restore_var("MOONSHOT_API_KEY", self.moonshot_api_key.take());
+                Self::restore_var("MOONSHOT_BASE_URL", self.moonshot_base_url.take());
+                Self::restore_var("MOONSHOT_MODEL", self.moonshot_model.take());
+                Self::restore_var("KIMI_API_KEY", self.kimi_api_key.take());
+                Self::restore_var("KIMI_BASE_URL", self.kimi_base_url.take());
+                Self::restore_var("KIMI_MODEL", self.kimi_model.take());
+                Self::restore_var("KIMI_MODEL_NAME", self.kimi_model_name.take());
+                Self::restore_var("KIMI_SHARE_DIR", self.kimi_share_dir.take());
+                Self::restore_var("KIMI_CODE_OAUTH_HOST", self.kimi_code_oauth_host.take());
+                Self::restore_var("KIMI_OAUTH_HOST", self.kimi_oauth_host.take());
                 Self::restore_var("SGLANG_API_KEY", self.sglang_api_key.take());
                 Self::restore_var("SGLANG_BASE_URL", self.sglang_base_url.take());
                 Self::restore_var("SGLANG_MODEL", self.sglang_model.take());
@@ -4830,6 +5233,14 @@ api_key = "old-openrouter-key"
         );
     }
 
+    #[test]
+    fn model_completion_names_for_moonshot_excludes_oauth_only_kimi_code_model() {
+        assert_eq!(
+            model_completion_names_for_provider(ApiProvider::Moonshot),
+            vec![DEFAULT_MOONSHOT_MODEL]
+        );
+    }
+
     #[test]
     fn normalize_model_name_rejects_invalid_or_non_deepseek_ids() {
         assert!(normalize_model_name("gpt-4o").is_none());
@@ -5965,6 +6376,64 @@ api_key = "novita-table-key"
         Ok(())
     }
 
+    #[test]
+    fn moonshot_kimi_oauth_reads_fresh_cli_credential() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-kimi-oauth-key-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        let kimi_share_dir = temp_root.join(".kimi");
+        let credential_dir = kimi_share_dir.join("credentials");
+        fs::create_dir_all(&credential_dir)?;
+        unsafe { env::set_var("KIMI_SHARE_DIR", &kimi_share_dir) };
+
+        let expires_at = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_secs_f64()
+            + 3600.0;
+        let credential = json!({
+            "access_token": "fresh-oauth-token",
+            "refresh_token": "refresh-token",
+            "expires_at": expires_at,
+            "scope": "openid profile email",
+            "token_type": "Bearer",
+        });
+        fs::write(
+            credential_dir.join(KIMI_CODE_CREDENTIAL_FILE),
+            serde_json::to_string(&credential)?,
+        )?;
+
+        let config_path = temp_root.join(".deepseek").join("config.toml");
+        ensure_parent_dir(&config_path)?;
+        fs::write(
+            &config_path,
+            r#"provider = "moonshot"
+
+[providers.moonshot]
+auth_mode = "kimi_oauth"
+api_key = "stale-api-key"
+"#,
+        )?;
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::Moonshot);
+        assert_eq!(config.deepseek_base_url(), DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(config.default_model(), DEFAULT_KIMI_CODE_MODEL);
+        assert_eq!(config.deepseek_api_key()?, "fresh-oauth-token");
+        assert!(has_api_key_for(&config, ApiProvider::Moonshot));
+        Ok(())
+    }
+
     #[test]
     fn has_api_key_for_detects_env_and_config_per_provider() -> Result<()> {
         let _lock = lock_test_env();
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index 202cd164..7aad7ae6 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -371,6 +371,7 @@ impl Engine {
             ApiProvider::Openrouter => "OPENROUTER_API_KEY",
             ApiProvider::Novita => "NOVITA_API_KEY",
             ApiProvider::Fireworks => "FIREWORKS_API_KEY",
+            ApiProvider::Moonshot => "MOONSHOT_API_KEY/KIMI_API_KEY",
             ApiProvider::Sglang => "SGLANG_API_KEY",
             ApiProvider::Vllm => "VLLM_API_KEY",
             ApiProvider::Ollama => "OLLAMA_API_KEY",
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 34cb7fce..c53cdaca 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -1861,6 +1861,10 @@ fn run_setup_status(config: &Config, workspace: &Path) -> Result<()> {
                     "FIREWORKS_API_KEY",
                     "codewhale auth set --provider fireworks --api-key \"...\"",
                 ),
+                crate::config::ApiProvider::Moonshot => (
+                    "MOONSHOT_API_KEY/KIMI_API_KEY",
+                    "codewhale auth set --provider moonshot --api-key \"...\"",
+                ),
                 crate::config::ApiProvider::Sglang => (
                     "SGLANG_API_KEY",
                     "codewhale auth set --provider sglang --api-key \"...\"",
@@ -1887,6 +1891,7 @@ fn run_setup_status(config: &Config, workspace: &Path) -> Result<()> {
                     crate::config::ApiProvider::Openrouter => "openrouter",
                     crate::config::ApiProvider::Novita => "novita",
                     crate::config::ApiProvider::Fireworks => "fireworks",
+                    crate::config::ApiProvider::Moonshot => "moonshot",
                     crate::config::ApiProvider::Sglang => "sglang",
                     crate::config::ApiProvider::Vllm => "vllm",
                     crate::config::ApiProvider::Ollama => "ollama",
@@ -2154,6 +2159,11 @@ async fn run_doctor(config: &Config, workspace: &Path, config_path_override: Opt
             "fireworks",
             &["FIREWORKS_API_KEY"][..],
         ),
+        (
+            crate::config::ApiProvider::Moonshot,
+            "moonshot",
+            &["MOONSHOT_API_KEY", "KIMI_API_KEY"][..],
+        ),
         (
             crate::config::ApiProvider::Sglang,
             "sglang",
diff --git a/crates/tui/src/tui/provider_picker.rs b/crates/tui/src/tui/provider_picker.rs
index ecf9f722..b2ac79e6 100644
--- a/crates/tui/src/tui/provider_picker.rs
+++ b/crates/tui/src/tui/provider_picker.rs
@@ -26,7 +26,7 @@ use ratatui::{
     widgets::{Block, Borders, Clear, Paragraph, Widget},
 };
 
-use crate::config::{ApiProvider, Config, has_api_key_for};
+use crate::config::{ApiProvider, Config, has_api_key_for, kimi_cli_credentials_present};
 use crate::palette;
 use crate::tui::views::{ModalKind, ModalView, ViewAction, ViewEvent};
 
@@ -94,6 +94,7 @@ impl ProviderPickerView {
             ApiProvider::Openrouter => "OPENROUTER_API_KEY",
             ApiProvider::Novita => "NOVITA_API_KEY",
             ApiProvider::Fireworks => "FIREWORKS_API_KEY",
+            ApiProvider::Moonshot => "MOONSHOT_API_KEY / KIMI_API_KEY",
             ApiProvider::Sglang => "SGLANG_API_KEY",
             ApiProvider::Vllm => "VLLM_API_KEY",
             ApiProvider::Ollama => "OLLAMA_API_KEY",
@@ -102,6 +103,9 @@ impl ProviderPickerView {
 
     fn provider_hint(provider: ApiProvider, has_key: bool) -> String {
         match provider {
+            ApiProvider::Moonshot if kimi_cli_credentials_present() => {
+                "(Kimi CLI OAuth ready)".to_string()
+            }
             ApiProvider::Ollama => "self-hosted; defaults to http://localhost:11434".to_string(),
             ApiProvider::Sglang | ApiProvider::Vllm if has_key => {
                 "(configured; optional key)".to_string()
@@ -287,6 +291,10 @@ impl ModalView for ProviderPickerView {
                     let provider = self.selected_provider();
                     if self.selected_has_key() {
                         ViewAction::EmitAndClose(ViewEvent::ProviderPickerApplied { provider })
+                    } else if provider == ApiProvider::Moonshot && kimi_cli_credentials_present() {
+                        ViewAction::EmitAndClose(ViewEvent::ProviderPickerKimiOAuthEnabled {
+                            provider,
+                        })
                     } else {
                         self.stage = Stage::KeyEntry;
                         self.api_key_input.clear();
@@ -400,6 +408,7 @@ mod tests {
                 "OpenRouter",
                 "Novita AI",
                 "Fireworks AI",
+                "Moonshot/Kimi",
                 "SGLang",
                 "vLLM",
                 "Ollama"
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 25e1fdb1..f1ebabfe 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -38,7 +38,10 @@ use crate::automation_manager::{AutomationManager, AutomationSchedulerConfig, sp
 use crate::client::{DeepSeekClient, build_cache_warmup_request};
 use crate::commands;
 use crate::compaction::estimate_input_tokens_conservative;
-use crate::config::{ApiProvider, Config, DEFAULT_NVIDIA_NIM_BASE_URL};
+use crate::config::{
+    ApiProvider, Config, DEFAULT_NVIDIA_NIM_BASE_URL, ProviderConfig, ProvidersConfig,
+    save_provider_auth_mode_for,
+};
 use crate::config_ui::{self, ConfigUiMode, WebConfigSession, WebConfigSessionEvent};
 use crate::core::engine::{EngineConfig, EngineHandle, spawn_engine};
 use crate::core::events::Event as EngineEvent;
@@ -5730,6 +5733,7 @@ fn render(f: &mut Frame, app: &mut App) {
             crate::config::ApiProvider::Openrouter => Some("OR"),
             crate::config::ApiProvider::Novita => Some("Novita"),
             crate::config::ApiProvider::Fireworks => Some("Fireworks"),
+            crate::config::ApiProvider::Moonshot => Some("Kimi"),
             crate::config::ApiProvider::Sglang => Some("SGLang"),
             crate::config::ApiProvider::Vllm => Some("vLLM"),
             crate::config::ApiProvider::Ollama => Some("Ollama"),
@@ -6270,6 +6274,17 @@ async fn handle_view_events(
             ViewEvent::ProviderPickerApiKeySubmitted { provider, api_key } => {
                 apply_provider_picker_api_key(app, engine_handle, config, provider, api_key).await;
             }
+            ViewEvent::ProviderPickerKimiOAuthEnabled { provider } => {
+                apply_provider_picker_auth_mode(
+                    app,
+                    engine_handle,
+                    config,
+                    provider,
+                    "kimi_oauth",
+                    "Linked Kimi CLI OAuth",
+                )
+                .await;
+            }
             ViewEvent::ModeSelected { mode } => {
                 let msg = commands::switch_mode(app, mode);
                 app.add_message(HistoryCell::System { content: msg });
@@ -6477,7 +6492,7 @@ async fn apply_provider_picker_api_key(
     provider: ApiProvider,
     api_key: String,
 ) {
-    use crate::config::{ProviderConfig, ProvidersConfig, save_api_key_for};
+    use crate::config::save_api_key_for;
 
     match save_api_key_for(provider, &api_key) {
         Ok(path) => {
@@ -6519,6 +6534,7 @@ async fn apply_provider_picker_api_key(
             ApiProvider::Openrouter => &mut providers.openrouter,
             ApiProvider::Novita => &mut providers.novita,
             ApiProvider::Fireworks => &mut providers.fireworks,
+            ApiProvider::Moonshot => &mut providers.moonshot,
             ApiProvider::Sglang => &mut providers.sglang,
             ApiProvider::Vllm => &mut providers.vllm,
             ApiProvider::Ollama => &mut providers.ollama,
@@ -6529,6 +6545,55 @@ async fn apply_provider_picker_api_key(
     switch_provider(app, engine_handle, config, provider, None).await;
 }
 
+async fn apply_provider_picker_auth_mode(
+    app: &mut App,
+    engine_handle: &mut EngineHandle,
+    config: &mut Config,
+    provider: ApiProvider,
+    auth_mode: &str,
+    status_prefix: &str,
+) {
+    match save_provider_auth_mode_for(provider, auth_mode) {
+        Ok(path) => {
+            set_provider_auth_mode_in_memory(config, provider, auth_mode.to_string());
+            app.status_message = Some(format!("{status_prefix}; saved to {}", path.display()));
+            app.api_key_env_only = false;
+        }
+        Err(err) => {
+            app.add_message(HistoryCell::System {
+                content: format!(
+                    "Failed to save {} auth mode: {err}\nProvider unchanged.",
+                    provider.as_str()
+                ),
+            });
+            return;
+        }
+    }
+
+    switch_provider(app, engine_handle, config, provider, None).await;
+}
+
+fn set_provider_auth_mode_in_memory(config: &mut Config, provider: ApiProvider, auth_mode: String) {
+    let providers = config
+        .providers
+        .get_or_insert_with(ProvidersConfig::default);
+    let entry: &mut ProviderConfig = match provider {
+        ApiProvider::Deepseek | ApiProvider::DeepseekCN => return,
+        ApiProvider::NvidiaNim => &mut providers.nvidia_nim,
+        ApiProvider::Openai => &mut providers.openai,
+        ApiProvider::Atlascloud => &mut providers.atlascloud,
+        ApiProvider::WanjieArk => &mut providers.wanjie_ark,
+        ApiProvider::Openrouter => &mut providers.openrouter,
+        ApiProvider::Novita => &mut providers.novita,
+        ApiProvider::Fireworks => &mut providers.fireworks,
+        ApiProvider::Moonshot => &mut providers.moonshot,
+        ApiProvider::Sglang => &mut providers.sglang,
+        ApiProvider::Vllm => &mut providers.vllm,
+        ApiProvider::Ollama => &mut providers.ollama,
+    };
+    entry.auth_mode = Some(auth_mode);
+}
+
 fn apply_loaded_session(app: &mut App, config: &Config, session: &SavedSession) -> bool {
     let (messages, recovered_draft) = recover_interrupted_user_tail(&session.messages);
     app.api_messages = messages;
diff --git a/crates/tui/src/tui/views/mod.rs b/crates/tui/src/tui/views/mod.rs
index c50c83c0..e9b91740 100644
--- a/crates/tui/src/tui/views/mod.rs
+++ b/crates/tui/src/tui/views/mod.rs
@@ -157,6 +157,11 @@ pub enum ViewEvent {
         provider: crate::config::ApiProvider,
         api_key: String,
     },
+    /// Emitted by the `/provider` picker when Kimi CLI OAuth credentials can
+    /// be reused for Moonshot/Kimi dispatch.
+    ProviderPickerKimiOAuthEnabled {
+        provider: crate::config::ApiProvider,
+    },
     /// Emitted by the `/mode` picker when the user chooses a mode.
     ModeSelected {
         mode: crate::tui::app::AppMode,

From c483cd525d59d144c4e401fdc8681df6f3fb197a Mon Sep 17 00:00:00 2001
From: Reid <61492567+reidliu41@users.noreply.github.com>
Date: Tue, 26 May 2026 07:17:31 +0800
Subject: [PATCH 004/283] fix(tui): simplify approval confirmation flow

Harvested from PR #2143 by @reidliu41.

Co-authored-by: reidliu41 <reid201711@gmail.com>
---
 crates/tui/src/tui/approval.rs    | 219 +++++++-------------------
 crates/tui/src/tui/ui.rs          |  84 +++++++---
 crates/tui/src/tui/widgets/mod.rs | 250 +++++++++++-------------------
 3 files changed, 199 insertions(+), 354 deletions(-)

diff --git a/crates/tui/src/tui/approval.rs b/crates/tui/src/tui/approval.rs
index dc7e9cdc..92e3208e 100644
--- a/crates/tui/src/tui/approval.rs
+++ b/crates/tui/src/tui/approval.rs
@@ -16,10 +16,9 @@
 //!   `2` / `a` approves for the session.
 //! - **Destructive** (`RiskLevel::Destructive`) — file writes, shell,
 //!   patches, MCP actions, unclassified tools, and any "fetch arbitrary
-//!   content" surface. The first approve press *stages* a decision and
-//!   the second matching press commits — muscle-memory `Enter` cannot
-//!   accidentally land on an approval. Any non-approve key clears the
-//!   staging and keeps the user in selection mode.
+//!   content" surface. The takeover keeps the destructive badge and
+//!   impact summary visible, then lets `Enter` commit the highlighted
+//!   option or `y` / `a` / `d` commit directly.
 //!
 //! The decision events emitted upstream are unchanged
 //! (`ViewEvent::ApprovalDecision`), so `ui.rs` and the engine handle
@@ -102,8 +101,8 @@ pub enum ToolCategory {
 /// Stakes-based variant for the takeover modal.
 ///
 /// `RiskLevel::Benign` lets a single keystroke commit the approval.
-/// `RiskLevel::Destructive` requires an explicit second confirmation
-/// keypress so muscle-memory `Enter` never lands on an irreversible op.
+/// `RiskLevel::Destructive` keeps stronger warning copy and styling
+/// around approvals that can touch files, shell, or remote state.
 ///
 /// Routing rules live in [`classify_risk`] — when in doubt, route to
 /// `Destructive`.
@@ -228,13 +227,12 @@ pub fn get_tool_category(name: &str) -> ToolCategory {
 /// The bias is conservative: a category we don't recognise routes to
 /// `Destructive`, and any shell command that `command_safety` flags as
 /// `Dangerous` is forced to `Destructive` even when the rest of the
-/// request looks calm. The split lets the modal swap muscle-memory
-/// approval for an explicit two-key confirmation on anything that can
-/// touch state outside this turn.
+/// request looks calm. The split lets the modal render stronger warning
+/// copy on anything that can touch state outside this turn.
 #[must_use]
 pub fn classify_risk(tool_name: &str, category: ToolCategory, params: &Value) -> RiskLevel {
     match category {
-        // Read paths and discovery — never staged.
+        // Read paths and discovery.
         ToolCategory::Safe | ToolCategory::McpRead => RiskLevel::Benign,
         // Query-only network is benign; opening a URL pulls arbitrary
         // remote content, so it stays destructive.
@@ -448,9 +446,7 @@ fn build_impact_summary_zh_hans(
     }
 }
 
-/// Indices into the option list shared by both variants. Visible to
-/// the widget module so it can render the staged-confirmation banner
-/// without re-deriving the variant from the request.
+/// Indices into the option list shared by both variants.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum ApprovalOption {
     ApproveOnce,
@@ -486,16 +482,6 @@ impl ApprovalOption {
             ApprovalOption::Abort => ReviewDecision::Abort,
         }
     }
-
-    /// Whether this option needs an explicit second-key confirmation in
-    /// the destructive variant. Deny/Abort are never staged.
-    fn requires_confirm(self, risk: RiskLevel) -> bool {
-        matches!(risk, RiskLevel::Destructive)
-            && matches!(
-                self,
-                ApprovalOption::ApproveOnce | ApprovalOption::ApproveAlways
-            )
-    }
 }
 
 /// Approval overlay state managed by the modal view stack
@@ -504,10 +490,6 @@ pub struct ApprovalView {
     request: ApprovalRequest,
     selected: usize,
     locale: Locale,
-    /// When `Some`, the destructive variant has staged this approval and
-    /// is waiting for the user to press the same key (or `Enter`) again.
-    /// Any other key clears the staging.
-    pending_confirm: Option<ApprovalOption>,
     timeout: Option<Duration>,
     requested_at: Instant,
     /// Whether the approval card is collapsed to a single-line banner.
@@ -525,7 +507,6 @@ impl ApprovalView {
             request,
             selected: 0,
             locale,
-            pending_confirm: None,
             timeout: None,
             requested_at: Instant::now(),
             collapsed: false,
@@ -534,22 +515,17 @@ impl ApprovalView {
 
     fn select_prev(&mut self) {
         self.selected = self.selected.saturating_sub(1);
-        // Moving the selection abandons any staged confirmation; the
-        // user is reconsidering.
-        self.pending_confirm = None;
     }
 
     fn select_next(&mut self) {
         self.selected = (self.selected + 1).min(ApprovalOption::ORDER.len() - 1);
-        self.pending_confirm = None;
     }
 
     fn current_option(&self) -> ApprovalOption {
         ApprovalOption::from_index(self.selected)
     }
 
-    /// Test-only accessor — the widget reads decisions through
-    /// `commit_or_stage` instead of polling.
+    /// Test-only accessor for the selected option's decision.
     #[cfg(test)]
     fn current_decision(&self) -> ReviewDecision {
         self.current_option().decision()
@@ -566,33 +542,13 @@ impl ApprovalView {
         self.request.risk
     }
 
-    /// The staged option, if any. `None` in the benign variant or when
-    /// no approve key has been pressed yet.
-    pub(crate) fn pending_confirm(&self) -> Option<ApprovalOption> {
-        self.pending_confirm
-    }
-
     pub(crate) fn locale(&self) -> Locale {
         self.locale
     }
 
-    /// Try to commit (or stage) the given option respecting the
-    /// variant's confirmation policy. Returns the action the modal
-    /// stack should apply.
-    fn commit_or_stage(&mut self, option: ApprovalOption) -> ViewAction {
-        if option.requires_confirm(self.request.risk) {
-            // Two-step destructive flow: first press stages, second
-            // press of the same option commits.
-            if self.pending_confirm == Some(option) {
-                self.pending_confirm = None;
-                return self.emit_decision(option.decision(), false);
-            }
-            self.pending_confirm = Some(option);
-            self.selected = option.index();
-            return ViewAction::None;
-        }
-        // Benign variant or non-approve options commit immediately.
-        self.pending_confirm = None;
+    /// Commit the given option and close the approval modal.
+    fn commit_option(&mut self, option: ApprovalOption) -> ViewAction {
+        self.selected = option.index();
         self.emit_decision(option.decision(), false)
     }
 
@@ -647,31 +603,23 @@ impl ModalView for ApprovalView {
                 self.select_next();
                 ViewAction::None
             }
-            KeyCode::Enter => self.commit_or_stage(self.current_option()),
+            KeyCode::Enter => self.commit_option(self.current_option()),
             // Direct shortcuts; '1' / '2' map to the first two options
-            // so a numeric pad still works for benign approve flows.
+            // so a numeric pad still works for approve flows.
             KeyCode::Char('y') | KeyCode::Char('Y') | KeyCode::Char('1') => {
-                self.commit_or_stage(ApprovalOption::ApproveOnce)
+                self.commit_option(ApprovalOption::ApproveOnce)
             }
             KeyCode::Char('a') | KeyCode::Char('A') | KeyCode::Char('2') => {
-                self.commit_or_stage(ApprovalOption::ApproveAlways)
+                self.commit_option(ApprovalOption::ApproveAlways)
             }
             KeyCode::Char('n')
             | KeyCode::Char('N')
             | KeyCode::Char('d')
             | KeyCode::Char('D')
-            | KeyCode::Char('3') => self.commit_or_stage(ApprovalOption::Deny),
-            KeyCode::Char('v') | KeyCode::Char('V') => {
-                self.pending_confirm = None;
-                self.emit_params_pager()
-            }
+            | KeyCode::Char('3') => self.commit_option(ApprovalOption::Deny),
+            KeyCode::Char('v') | KeyCode::Char('V') => self.emit_params_pager(),
             KeyCode::Esc => self.emit_decision(ReviewDecision::Abort, false),
-            _ => {
-                // Any unrecognised key cancels a staged confirmation —
-                // the user is no longer aiming at "approve".
-                self.pending_confirm = None;
-                ViewAction::None
-            }
+            _ => ViewAction::None,
         }
     }
 
@@ -1030,13 +978,13 @@ mod tests {
 
     #[test]
     fn risk_query_only_network_is_benign_but_fetch_is_destructive() {
-        // web_search is read-only enough to skip the two-key dance.
+        // web_search is read-only enough to use the benign variant.
         let cat = ToolCategory::Network;
         assert_eq!(
             classify_risk("web_search", cat, &json!({"q": "rust"})),
             RiskLevel::Benign
         );
-        // fetch_url pulls arbitrary remote content; never staged.
+        // fetch_url pulls arbitrary remote content, so it stays destructive.
         assert_eq!(
             classify_risk("fetch_url", cat, &json!({"url": "https://example.com"})),
             RiskLevel::Destructive
@@ -1163,7 +1111,6 @@ mod tests {
         let view = ApprovalView::new(benign_request());
         assert_eq!(view.selected, 0);
         assert!(view.timeout.is_none());
-        assert_eq!(view.pending_confirm(), None);
         assert_eq!(view.risk(), RiskLevel::Benign);
     }
 
@@ -1376,7 +1323,7 @@ mod tests {
     }
 
     // ========================================================================
-    // ApprovalView Tests — Destructive Variant (two-key confirm)
+    // ApprovalView Tests — Destructive Variant (one-step approve with warning)
     // ========================================================================
 
     #[test]
@@ -1386,16 +1333,10 @@ mod tests {
     }
 
     #[test]
-    fn destructive_y_first_press_stages_then_second_commits() {
+    fn destructive_y_first_press_approves_once() {
         for code in [KeyCode::Char('y'), KeyCode::Char('Y')] {
             let mut view = ApprovalView::new(destructive_request());
 
-            // First press stages — no decision emitted yet.
-            let action = view.handle_key(create_key_event(code));
-            assert!(matches!(action, ViewAction::None));
-            assert_eq!(view.pending_confirm(), Some(ApprovalOption::ApproveOnce));
-
-            // Second press of the same key commits.
             let action = view.handle_key(create_key_event(code));
             assert!(
                 matches!(
@@ -1411,15 +1352,10 @@ mod tests {
     }
 
     #[test]
-    fn destructive_enter_first_press_stages_then_second_commits() {
+    fn destructive_enter_approves_selected_option() {
         let mut view = ApprovalView::new(destructive_request());
 
-        // Selection starts at ApproveOnce — Enter stages.
-        let action = view.handle_key(create_key_event(KeyCode::Enter));
-        assert!(matches!(action, ViewAction::None));
-        assert_eq!(view.pending_confirm(), Some(ApprovalOption::ApproveOnce));
-
-        // Second Enter on the same selection commits.
+        // Selection starts at ApproveOnce — Enter commits the selected option.
         let action = view.handle_key(create_key_event(KeyCode::Enter));
         assert!(matches!(
             action,
@@ -1431,39 +1367,33 @@ mod tests {
     }
 
     #[test]
-    fn destructive_navigation_clears_staged_confirmation() {
+    fn destructive_navigation_then_enter_commits_highlighted_option() {
         let mut view = ApprovalView::new(destructive_request());
 
-        view.handle_key(create_key_event(KeyCode::Char('y')));
-        assert_eq!(view.pending_confirm(), Some(ApprovalOption::ApproveOnce));
-
-        // Moving the selection abandons the staging.
         view.handle_key(create_key_event(KeyCode::Down));
-        assert_eq!(view.pending_confirm(), None);
+        let action = view.handle_key(create_key_event(KeyCode::Enter));
+        assert!(matches!(
+            action,
+            ViewAction::EmitAndClose(ViewEvent::ApprovalDecision {
+                decision: ReviewDecision::ApprovedForSession,
+                ..
+            })
+        ));
     }
 
     #[test]
-    fn destructive_unrelated_key_clears_staged_confirmation() {
+    fn destructive_unrelated_key_keeps_modal_open() {
         let mut view = ApprovalView::new(destructive_request());
 
-        view.handle_key(create_key_event(KeyCode::Char('y')));
-        assert_eq!(view.pending_confirm(), Some(ApprovalOption::ApproveOnce));
-
-        // A key with no mapped action clears the staging.
         let action = view.handle_key(create_key_event(KeyCode::Char('q')));
         assert!(matches!(action, ViewAction::None));
-        assert_eq!(view.pending_confirm(), None);
     }
 
     #[test]
-    fn destructive_a_first_press_stages_then_second_commits_session() {
+    fn destructive_a_first_press_approves_for_session() {
         for code in [KeyCode::Char('a'), KeyCode::Char('A')] {
             let mut view = ApprovalView::new(destructive_request());
 
-            let action = view.handle_key(create_key_event(code));
-            assert!(matches!(action, ViewAction::None));
-            assert_eq!(view.pending_confirm(), Some(ApprovalOption::ApproveAlways));
-
             let action = view.handle_key(create_key_event(code));
             assert!(
                 matches!(
@@ -1479,23 +1409,8 @@ mod tests {
     }
 
     #[test]
-    fn destructive_y_then_a_does_not_commit_either() {
-        // Pressing 'y' then 'a' must NOT commit ApproveAlways — the
-        // second key is a different option, so it re-stages instead.
-        let mut view = ApprovalView::new(destructive_request());
-
-        let action = view.handle_key(create_key_event(KeyCode::Char('y')));
-        assert!(matches!(action, ViewAction::None));
-        assert_eq!(view.pending_confirm(), Some(ApprovalOption::ApproveOnce));
-
-        let action = view.handle_key(create_key_event(KeyCode::Char('a')));
-        assert!(matches!(action, ViewAction::None));
-        assert_eq!(view.pending_confirm(), Some(ApprovalOption::ApproveAlways));
-    }
-
-    #[test]
-    fn destructive_deny_does_not_require_confirmation() {
-        // Deny / Abort skip the two-key dance — the user is bailing.
+    fn destructive_deny_commits_immediately() {
+        // Deny commits immediately — the user is rejecting the tool.
         for code in [
             KeyCode::Char('n'),
             KeyCode::Char('N'),
@@ -1520,9 +1435,6 @@ mod tests {
     #[test]
     fn destructive_esc_aborts_immediately() {
         let mut view = ApprovalView::new(destructive_request());
-        // Stage something first.
-        view.handle_key(create_key_event(KeyCode::Char('y')));
-        // Esc still aborts in one press.
         let action = view.handle_key(create_key_event(KeyCode::Esc));
         assert!(matches!(
             action,
@@ -1557,20 +1469,21 @@ mod tests {
     }
 
     #[test]
-    fn render_benign_includes_review_badge_and_one_step_hint() {
+    fn render_benign_includes_review_badge_and_selection_hint() {
         let view = ApprovalView::new(benign_request());
         let lines = render_lines(&view, 100, 40);
         let joined = lines.join("\n");
         assert!(joined.contains("REVIEW"), "missing REVIEW badge:\n{joined}");
+        assert!(joined.contains("Choose"), "benign hint missing:\n{joined}");
         assert!(
-            joined.contains("Single key approves"),
-            "benign hint missing:\n{joined}"
+            joined.contains("Enter selected option"),
+            "benign selection hint missing:\n{joined}"
         );
         assert!(joined.contains("read_file"));
     }
 
     #[test]
-    fn render_destructive_shows_warning_badge_and_two_step_hint() {
+    fn render_destructive_shows_warning_badge_and_one_step_hint() {
         let view = ApprovalView::new(destructive_request());
         let lines = render_lines(&view, 100, 40);
         let joined = lines.join("\n");
@@ -1579,31 +1492,15 @@ mod tests {
             "missing DESTRUCTIVE badge:\n{joined}"
         );
         assert!(
-            joined.contains("Two keys to approve"),
+            joined.contains("Enter selected option"),
             "destructive hint missing:\n{joined}"
         );
         assert!(joined.contains("write_file"));
     }
 
-    #[test]
-    fn render_destructive_after_stage_shows_confirm_banner() {
-        let mut view = ApprovalView::new(destructive_request());
-        view.handle_key(create_key_event(KeyCode::Char('y')));
-        let lines = render_lines(&view, 100, 40);
-        let joined = lines.join("\n");
-        assert!(
-            joined.contains("Confirm destructive action"),
-            "confirm banner missing:\n{joined}"
-        );
-        assert!(
-            joined.contains("(staged)"),
-            "stage marker missing:\n{joined}"
-        );
-    }
-
     #[test]
     fn render_destructive_zh_hans_localizes_security_copy() {
-        let mut view = ApprovalView::new_for_locale(destructive_request(), Locale::ZhHans);
+        let view = ApprovalView::new_for_locale(destructive_request(), Locale::ZhHans);
         let lines = render_lines(&view, 100, 40);
         let joined = compact_rendered_text(&lines);
         assert!(
@@ -1611,8 +1508,12 @@ mod tests {
             "missing zh risk badge:\n{joined}"
         );
         assert!(
-            joined.contains("两次按键确认"),
-            "missing zh two-step hint:\n{joined}"
+            joined.contains("选择："),
+            "missing zh selection prefix:\n{joined}"
+        );
+        assert!(
+            joined.contains("Enter执行选中项，或直接按y/a/d"),
+            "missing zh one-step hint:\n{joined}"
         );
         assert!(
             joined.contains("文件写入"),
@@ -1630,22 +1531,6 @@ mod tests {
             joined.contains("仅本次批准"),
             "missing zh approve option:\n{joined}"
         );
-
-        view.handle_key(create_key_event(KeyCode::Char('y')));
-        let lines = render_lines(&view, 100, 40);
-        let joined = compact_rendered_text(&lines);
-        assert!(
-            joined.contains("确认破坏性操作"),
-            "missing zh confirm banner:\n{joined}"
-        );
-        assert!(
-            joined.contains("(待确认)"),
-            "missing zh staged marker:\n{joined}"
-        );
-        assert!(
-            joined.contains("Enter或y"),
-            "missing zh confirm key:\n{joined}"
-        );
     }
 
     #[test]
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index f1ebabfe..dffa442c 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -6036,31 +6036,19 @@ async fn handle_view_events(
                 approval_key,
                 approval_grouping_key,
             } => {
-                if decision == ReviewDecision::ApprovedForSession {
-                    // Store the tool name (backward compat) and the lossy
-                    // grouping key so later flag variants of the same
-                    // command family are also auto-approved (v0.8.37).
-                    app.approval_session_approved.insert(tool_name.clone());
-                    app.approval_session_approved
-                        .insert(approval_grouping_key.clone());
-                }
-
-                match decision {
-                    ReviewDecision::Approved | ReviewDecision::ApprovedForSession => {
-                        let _ = engine_handle.approve_tool_call(tool_id).await;
-                    }
-                    ReviewDecision::Denied | ReviewDecision::Abort => {
-                        // Cache the denial so the model retry-loop doesn't
-                        // re-prompt for the exact same approval_key (#360).
-                        // Only the key (per-call unique) is stored — NOT
-                        // the tool_name, which would block all future
-                        // invocations of the same tool type (#1377).
-                        if !timed_out {
-                            app.approval_session_denied.insert(approval_key);
-                        }
-                        let _ = engine_handle.deny_tool_call(tool_id).await;
-                    }
-                }
+                apply_approval_decision(
+                    app,
+                    engine_handle,
+                    ApprovalDecisionEvent {
+                        tool_id,
+                        tool_name,
+                        decision,
+                        timed_out,
+                        approval_key,
+                        approval_grouping_key,
+                    },
+                )
+                .await;
 
                 if timed_out {
                     app.add_message(HistoryCell::System {
@@ -6333,6 +6321,52 @@ async fn handle_view_events(
     Ok(false)
 }
 
+struct ApprovalDecisionEvent {
+    tool_id: String,
+    tool_name: String,
+    decision: ReviewDecision,
+    timed_out: bool,
+    approval_key: String,
+    approval_grouping_key: String,
+}
+
+async fn apply_approval_decision(
+    app: &mut App,
+    engine_handle: &mut EngineHandle,
+    event: ApprovalDecisionEvent,
+) {
+    if event.decision == ReviewDecision::ApprovedForSession {
+        // Store the tool name (backward compat) and the lossy grouping key so
+        // later flag variants of the same command family are also auto-approved
+        // (v0.8.37).
+        app.approval_session_approved
+            .insert(event.tool_name.clone());
+        app.approval_session_approved
+            .insert(event.approval_grouping_key.clone());
+    }
+
+    match event.decision {
+        ReviewDecision::Approved | ReviewDecision::ApprovedForSession => {
+            let _ = engine_handle.approve_tool_call(event.tool_id).await;
+        }
+        ReviewDecision::Denied => {
+            // Cache the denial so the model retry-loop doesn't re-prompt for
+            // the exact same approval_key (#360). Only the key (per-call
+            // unique) is stored — NOT the tool_name, which would block all
+            // future invocations of the same tool type (#1377).
+            if !event.timed_out {
+                app.approval_session_denied.insert(event.approval_key);
+            }
+            let _ = engine_handle.deny_tool_call(event.tool_id).await;
+        }
+        ReviewDecision::Abort => {
+            engine_handle.cancel();
+            mark_active_turn_cancelled_locally(app);
+            app.status_message = Some("Request cancelled".to_string());
+        }
+    }
+}
+
 fn mark_active_turn_cancelled_locally(app: &mut App) {
     app.is_loading = false;
     app.dispatch_started_at = None;
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index a8179769..05ff8a95 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -1015,13 +1015,10 @@ impl Renderable for ComposerWidget<'_> {
 
 /// Codex-style full-screen approval takeover (#129).
 ///
-/// The widget reads its mutable state (selected option, staged
-/// confirmation) directly from the [`ApprovalView`] so the destructive
-/// variant can render its "Press Y again to confirm" banner without
-/// touching internal fields. Rendering reflows to fill most of the
-/// transcript area instead of a centered popup; on small terminals it
-/// falls back to a 65×22 card so existing snapshot tests still see a
-/// coherent layout.
+/// The widget reads its selected option and locale directly from the
+/// [`ApprovalView`]. Rendering reflows to fill most of the transcript
+/// area instead of a centered popup; on small terminals it falls back to
+/// a 65×22 card so existing snapshot tests still see a coherent layout.
 pub struct ApprovalWidget<'a> {
     request: &'a ApprovalRequest,
     view: &'a ApprovalView,
@@ -1038,8 +1035,8 @@ impl<'a> ApprovalWidget<'a> {
 /// terminal can hold.
 const APPROVAL_CARD_HORIZONTAL_PAD: u16 = 6;
 const APPROVAL_CARD_VERTICAL_PAD: u16 = 2;
-/// Minimum card height — anything tighter and the destructive variant's
-/// confirmation banner overlaps the option list.
+/// Minimum card height — anything tighter and the approval controls
+/// overlap the option list.
 const APPROVAL_CARD_MIN_HEIGHT: u16 = 18;
 /// Minimum card width — anything tighter makes approval copy wrap too
 /// aggressively on small terminals.
@@ -1164,120 +1161,49 @@ impl Renderable for ApprovalWidget<'_> {
         lines.push(Line::from(""));
 
         let options = approval_options_for(risk, locale);
-        let pending = self.view.pending_confirm();
 
         for (i, opt) in options.iter().enumerate() {
             let is_selected = i == self.view.selected();
-            let staged = pending.is_some_and(|p| p == opt.option);
             let label_color = if opt.dangerous {
                 palette_colors.accent
             } else {
                 palette::TEXT_BODY
             };
 
-            let row_style = if is_selected {
-                Style::default()
-                    .fg(palette::SELECTION_TEXT)
-                    .bg(palette::SELECTION_BG)
-            } else {
-                Style::default()
-            };
+            let option_style = approval_option_style(is_selected, label_color);
+            let shortcut_style = approval_option_style(is_selected, palette_colors.shortcut);
 
-            let mut spans = vec![
+            let spans = vec![
                 Span::raw("  "),
                 Span::styled(
                     format!("[{}] ", opt.key_hint),
-                    Style::default()
-                        .fg(palette_colors.shortcut)
-                        .add_modifier(Modifier::BOLD),
+                    shortcut_style.add_modifier(Modifier::BOLD),
                 ),
-                Span::styled(opt.label.to_string(), row_style.fg(label_color)),
+                Span::styled(opt.label.to_string(), option_style),
             ];
-            if staged {
-                spans.push(Span::raw("  "));
-                spans.push(Span::styled(
-                    staged_marker(locale),
-                    Style::default()
-                        .fg(palette_colors.accent)
-                        .add_modifier(Modifier::BOLD),
-                ));
-            }
             lines.push(Line::from(spans));
         }
 
-        // Variant-specific footer: benign nudges single-key approve;
-        // destructive shows either the standing prompt or the
-        // confirmation banner when an approve key has been staged.
+        // Footer: Enter commits the highlighted row; y/a/d remain direct
+        // shortcuts for users who do not want to move the selection.
         lines.push(Line::from(""));
-        match (risk, pending) {
-            (RiskLevel::Benign, _) => {
-                lines.push(Line::from(vec![
-                    Span::raw("  "),
-                    Span::styled(
-                        single_key_prefix(locale),
-                        Style::default().fg(palette::TEXT_HINT),
-                    ),
-                    Span::styled(
-                        single_key_value(locale),
-                        Style::default()
-                            .fg(palette_colors.accent)
-                            .add_modifier(Modifier::BOLD),
-                    ),
-                    Span::styled(
-                        footer_controls(locale),
-                        Style::default().fg(palette::TEXT_HINT),
-                    ),
-                ]));
-            }
-            (RiskLevel::Destructive, Some(opt)) => {
-                let again_key = match opt {
-                    crate::tui::approval::ApprovalOption::ApproveOnce => confirm_key_once(locale),
-                    crate::tui::approval::ApprovalOption::ApproveAlways => {
-                        confirm_key_always(locale)
-                    }
-                    _ => "Enter",
-                };
-                lines.push(Line::from(vec![
-                    Span::raw("  "),
-                    Span::styled(
-                        destructive_confirm_prefix(locale),
-                        Style::default()
-                            .fg(palette_colors.accent)
-                            .add_modifier(Modifier::BOLD),
-                    ),
-                    Span::styled(
-                        again_key.to_string(),
-                        Style::default()
-                            .fg(palette::DEEPSEEK_INK)
-                            .bg(palette_colors.accent)
-                            .add_modifier(Modifier::BOLD),
-                    ),
-                    Span::styled(
-                        destructive_confirm_suffix(locale),
-                        Style::default().fg(palette::TEXT_HINT),
-                    ),
-                ]));
-            }
-            (RiskLevel::Destructive, None) => {
-                lines.push(Line::from(vec![
-                    Span::raw("  "),
-                    Span::styled(
-                        two_key_prefix(locale),
-                        Style::default().fg(palette::TEXT_HINT),
-                    ),
-                    Span::styled(
-                        two_key_value(locale),
-                        Style::default()
-                            .fg(palette_colors.accent)
-                            .add_modifier(Modifier::BOLD),
-                    ),
-                    Span::styled(
-                        footer_controls(locale),
-                        Style::default().fg(palette::TEXT_HINT),
-                    ),
-                ]));
-            }
-        }
+        lines.push(Line::from(vec![
+            Span::raw("  "),
+            Span::styled(
+                selection_hint_prefix(locale),
+                Style::default().fg(palette::TEXT_HINT),
+            ),
+            Span::styled(
+                selection_hint_value(locale),
+                Style::default()
+                    .fg(palette_colors.accent)
+                    .add_modifier(Modifier::BOLD),
+            ),
+            Span::styled(
+                footer_controls(locale),
+                Style::default().fg(palette::TEXT_HINT),
+            ),
+        ]));
 
         let title = format!(
             " {} {} — {} ",
@@ -1375,6 +1301,21 @@ fn approval_palette(risk: RiskLevel) -> ApprovalColors {
     }
 }
 
+fn approval_selected_style() -> Style {
+    Style::default()
+        .fg(palette::SELECTION_TEXT)
+        .bg(palette::DEEPSEEK_BLUE)
+        .add_modifier(Modifier::BOLD)
+}
+
+fn approval_option_style(is_selected: bool, color: Color) -> Style {
+    if is_selected {
+        approval_selected_style()
+    } else {
+        Style::default().fg(color)
+    }
+}
+
 fn risk_badge_text(risk: RiskLevel, locale: Locale) -> &'static str {
     match (locale, risk) {
         (Locale::ZhHans, RiskLevel::Benign) => "审查",
@@ -1438,24 +1379,6 @@ fn label_params(locale: Locale) -> &'static str {
     }
 }
 
-fn staged_marker(locale: Locale) -> &'static str {
-    match locale {
-        Locale::ZhHans => "(待确认)",
-        _ => "(staged)",
-    }
-}
-
-fn single_key_prefix(locale: Locale) -> &'static str {
-    match locale {
-        Locale::ZhHans => "单键批准：",
-        _ => "Single key approves: ",
-    }
-}
-
-fn single_key_value(_locale: Locale) -> &'static str {
-    "Enter / 1 / y"
-}
-
 fn footer_controls(locale: Locale) -> &'static str {
     match locale {
         Locale::ZhHans => "  ·  v：完整参数  ·  Esc：终止",
@@ -1463,79 +1386,45 @@ fn footer_controls(locale: Locale) -> &'static str {
     }
 }
 
-fn destructive_confirm_prefix(locale: Locale) -> &'static str {
+fn selection_hint_prefix(locale: Locale) -> &'static str {
     match locale {
-        Locale::ZhHans => "确认破坏性操作：再次按 ",
-        _ => "Confirm destructive action — press ",
+        Locale::ZhHans => "选择：",
+        _ => "Choose: ",
     }
 }
 
-fn destructive_confirm_suffix(locale: Locale) -> &'static str {
+fn selection_hint_value(locale: Locale) -> &'static str {
     match locale {
-        Locale::ZhHans => " 执行；按其他键取消。",
-        _ => " again to commit, anything else cancels.",
-    }
-}
-
-fn confirm_key_once(locale: Locale) -> &'static str {
-    match locale {
-        Locale::ZhHans => "Enter 或 y",
-        _ => "Enter or y",
-    }
-}
-
-fn confirm_key_always(locale: Locale) -> &'static str {
-    match locale {
-        Locale::ZhHans => "Enter 或 a",
-        _ => "Enter or a",
-    }
-}
-
-fn two_key_prefix(locale: Locale) -> &'static str {
-    match locale {
-        Locale::ZhHans => "两次按键确认：",
-        _ => "Two keys to approve: ",
-    }
-}
-
-fn two_key_value(locale: Locale) -> &'static str {
-    match locale {
-        Locale::ZhHans => "先按 y/a，再按一次 y/a",
-        _ => "y/a then y/a again",
+        Locale::ZhHans => "Enter 执行选中项，或直接按 y/a/d",
+        _ => "Enter selected option, or press y/a/d directly",
     }
 }
 
 struct ApprovalOptionRow {
-    option: crate::tui::approval::ApprovalOption,
     label: &'static str,
     key_hint: &'static str,
     dangerous: bool,
 }
 
 fn approval_options_for(risk: RiskLevel, locale: Locale) -> [ApprovalOptionRow; 4] {
-    use crate::tui::approval::ApprovalOption as O;
     let dangerous = matches!(risk, RiskLevel::Destructive);
     [
         ApprovalOptionRow {
-            option: O::ApproveOnce,
             label: option_approve_once(locale),
             key_hint: "1 / y",
             dangerous,
         },
         ApprovalOptionRow {
-            option: O::ApproveAlways,
             label: option_approve_always(locale),
             key_hint: "2 / a",
             dangerous,
         },
         ApprovalOptionRow {
-            option: O::Deny,
             label: option_deny(locale),
             key_hint: "3 / d / n",
             dangerous: false,
         },
         ApprovalOptionRow {
-            option: O::Abort,
             label: option_abort(locale),
             key_hint: "Esc",
             dangerous: false,
@@ -3479,6 +3368,43 @@ mod tests {
         }
     }
 
+    #[test]
+    fn approval_selected_destructive_option_uses_contrasting_highlight() {
+        let request = crate::tui::approval::ApprovalRequest::new(
+            "approval-1",
+            "exec_shell",
+            "Run git commit",
+            &serde_json::json!({ "command": "git commit -m fix" }),
+            "exec_shell:git commit",
+        );
+        let view = crate::tui::approval::ApprovalView::new(request.clone());
+        let widget = ApprovalWidget::new(&request, &view);
+        let area = Rect::new(0, 0, 100, 30);
+        let mut buf = Buffer::empty(area);
+
+        widget.render(area, &mut buf);
+
+        let selected_row = (area.y..area.y.saturating_add(area.height))
+            .find(|&y| {
+                (area.x..area.x.saturating_add(area.width))
+                    .any(|x| buf[(x, y)].bg == palette::DEEPSEEK_BLUE)
+            })
+            .expect("selected approval row should use blue background");
+        let highlighted_cells = (area.x..area.x.saturating_add(area.width))
+            .filter(|&x| {
+                let cell = &buf[(x, selected_row)];
+                !cell.symbol().trim().is_empty()
+                    && cell.bg == palette::DEEPSEEK_BLUE
+                    && cell.fg == palette::SELECTION_TEXT
+            })
+            .count();
+
+        assert!(
+            highlighted_cells >= 4,
+            "selected destructive option should render visible blue/white text"
+        );
+    }
+
     /// Regression for issue #65: after `App::handle_resize`, the chat widget
     /// must produce a clean render at the new width — no stale wrapping,
     /// no panic, no content exceeding the requested width. Cycling through

From c238aec6383ed21592223860527f53c4309abcbe Mon Sep 17 00:00:00 2001
From: Reid <61492567+reidliu41@users.noreply.github.com>
Date: Tue, 26 May 2026 07:18:03 +0800
Subject: [PATCH 005/283] fix(tui): keep model picker selection on Esc

Harvested from PR #2056 by @reidliu41.

Co-authored-by: reidliu41 <reid201711@gmail.com>
---
 crates/tui/src/tui/model_picker.rs | 49 ++++++++++++++++++++++++++----
 1 file changed, 43 insertions(+), 6 deletions(-)

diff --git a/crates/tui/src/tui/model_picker.rs b/crates/tui/src/tui/model_picker.rs
index 88ce4949..d648fe50 100644
--- a/crates/tui/src/tui/model_picker.rs
+++ b/crates/tui/src/tui/model_picker.rs
@@ -3,7 +3,8 @@
 //!
 //! Two side-by-side panes — Models on the left, Thinking effort on the
 //! right. Tab swaps focus, ↑/↓ moves within the focused pane, Enter applies
-//! both and closes the modal, Esc cancels.
+//! both and closes the modal. Esc closes immediately when nothing moved; after
+//! a selection move it keeps the highlighted choice.
 //!
 //! The effort pane intentionally only exposes `Off / High / Max`. Per
 //! DeepSeek's [Thinking Mode docs](https://api-docs.deepseek.com/guides/reasoning_model),
@@ -61,6 +62,7 @@ pub struct ModelPickerView {
     selected_model_idx: usize,
     selected_effort_idx: usize,
     focus: Pane,
+    selection_touched: bool,
     /// True when the active model is one we don't list — we still show it
     /// so the picker doesn't quietly forget the user's chosen IDs.
     show_custom_model_row: bool,
@@ -108,6 +110,7 @@ impl ModelPickerView {
             selected_model_idx,
             selected_effort_idx,
             focus: Pane::Model,
+            selection_touched: false,
             show_custom_model_row,
             hide_deepseek_models,
         }
@@ -146,36 +149,42 @@ impl ModelPickerView {
         PICKER_EFFORTS[self.selected_effort_idx]
     }
 
-    fn move_up(&mut self) {
+    fn move_up(&mut self) -> bool {
         match self.focus {
             Pane::Model => {
                 if self.selected_model_idx > 0 {
                     self.selected_model_idx -= 1;
+                    return true;
                 }
             }
             Pane::Effort => {
                 if self.selected_effort_idx > 0 {
                     self.selected_effort_idx -= 1;
+                    return true;
                 }
             }
         }
+        false
     }
 
-    fn move_down(&mut self) {
+    fn move_down(&mut self) -> bool {
         match self.focus {
             Pane::Model => {
                 let max = self.model_row_count().saturating_sub(1);
                 if self.selected_model_idx < max {
                     self.selected_model_idx += 1;
+                    return true;
                 }
             }
             Pane::Effort => {
                 let max = PICKER_EFFORTS.len().saturating_sub(1);
                 if self.selected_effort_idx < max {
                     self.selected_effort_idx += 1;
+                    return true;
                 }
             }
         }
+        false
     }
 
     fn toggle_focus(&mut self) {
@@ -265,14 +274,15 @@ impl ModalView for ModelPickerView {
 
     fn handle_key(&mut self, key: KeyEvent) -> ViewAction {
         match key.code {
+            KeyCode::Esc if self.selection_touched => ViewAction::EmitAndClose(self.build_event()),
             KeyCode::Esc => ViewAction::Close,
             KeyCode::Enter => ViewAction::EmitAndClose(self.build_event()),
             KeyCode::Up => {
-                self.move_up();
+                self.selection_touched |= self.move_up();
                 ViewAction::None
             }
             KeyCode::Down => {
-                self.move_down();
+                self.selection_touched |= self.move_down();
                 ViewAction::None
             }
             KeyCode::Tab | KeyCode::Right | KeyCode::Left | KeyCode::BackTab => {
@@ -567,7 +577,7 @@ mod tests {
     }
 
     #[test]
-    fn esc_closes_without_emitting() {
+    fn immediate_esc_closes_without_emitting() {
         let (app, _lock) = create_test_app();
         let mut view = ModelPickerView::new(&app);
         let action = view.handle_key(KeyEvent::new(
@@ -577,6 +587,33 @@ mod tests {
         assert!(matches!(action, ViewAction::Close));
     }
 
+    #[test]
+    fn esc_after_selection_move_applies_highlighted_model() {
+        let (app, _lock) = create_test_app();
+        let mut view = ModelPickerView::new(&app);
+        view.handle_key(KeyEvent::new(
+            KeyCode::Down,
+            crossterm::event::KeyModifiers::NONE,
+        ));
+
+        let action = view.handle_key(KeyEvent::new(
+            KeyCode::Esc,
+            crossterm::event::KeyModifiers::NONE,
+        ));
+
+        match action {
+            ViewAction::EmitAndClose(ViewEvent::ModelPickerApplied {
+                model,
+                previous_model,
+                ..
+            }) => {
+                assert_eq!(previous_model, "deepseek-v4-pro");
+                assert_eq!(model, "deepseek-v4-flash");
+            }
+            other => panic!("expected Esc to apply highlighted model, got {other:?}"),
+        }
+    }
+
     #[test]
     fn picker_only_exposes_auto_off_high_max() {
         let labels: Vec<&str> = PICKER_EFFORTS

From aa468c30786fee80f3e3447edbbd750e7a890ec8 Mon Sep 17 00:00:00 2001
From: hexin <372726039@qq.com>
Date: Tue, 26 May 2026 07:25:07 +0800
Subject: [PATCH 006/283] fix(engine): use user role for sub-agent completion
 runtime message

Harvested from PR #2057 by @h3c-hexin.

Co-authored-by: hexin <he.xin@h3c.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 crates/tui/src/core/engine/turn_loop.rs | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index 9f2da5ff..cf04a955 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -2021,8 +2021,16 @@ impl Engine {
 }
 
 fn subagent_completion_runtime_message(payload: &str) -> Message {
+    // Role is "user", not "system": some OpenAI-compatible backends apply a
+    // strict chat template (e.g. vLLM serving Qwen3) that requires any system
+    // message to be messages[0]. A system message appended mid-conversation
+    // makes the template raise "System message must be at the beginning",
+    // which surfaces as a 400 BadRequest and breaks the whole sub-agent
+    // hand-off in the parent turn. The `visibility="internal"` tag already
+    // tells the model this is a runtime event rather than user input, so the
+    // role carries no semantic weight here — only template-compatibility cost.
     Message {
-        role: "system".to_string(),
+        role: "user".to_string(),
         content: vec![ContentBlock::Text {
             text: format!(
                 "<codewhale:runtime_event kind=\"subagent_completion\" visibility=\"internal\">\n\
@@ -2122,12 +2130,16 @@ mod tests {
     use super::*;
 
     #[test]
-    fn subagent_completion_handoff_is_internal_system_message() {
+    fn subagent_completion_handoff_is_internal_user_message() {
         let message = subagent_completion_runtime_message(
             "Build passed\n<codewhale:subagent.done>{\"agent_id\":\"agent_a\"}</codewhale:subagent.done>",
         );
 
-        assert_eq!(message.role, "system");
+        // Must be "user", not "system": a system message appended mid-stream
+        // trips strict chat templates (vLLM/Qwen3) into a 400 BadRequest
+        // ("System message must be at the beginning"). The internal-event
+        // framing lives in the text + visibility tag, not the role.
+        assert_eq!(message.role, "user");
         let text = match &message.content[0] {
             ContentBlock::Text { text, .. } => text,
             other => panic!("expected text block, got {other:?}"),

From 9c8e482607359c34ec608de4b7a1406cadec1a67 Mon Sep 17 00:00:00 2001
From: hexin <372726039@qq.com>
Date: Tue, 26 May 2026 07:25:58 +0800
Subject: [PATCH 007/283] fix(engine): keep auto-compaction working on sub-500K
 self-hosted windows

Harvested from PR #2060 by @h3c-hexin.

Co-authored-by: hexin <he.xin@h3c.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 crates/tui/src/core/engine.rs               | 17 +++------
 crates/tui/src/core/engine/capacity_flow.rs |  2 +-
 crates/tui/src/core/engine/context.rs       | 32 +++++++++++++++--
 crates/tui/src/core/engine/tests.rs         | 40 +++++++++------------
 crates/tui/src/core/engine/turn_loop.rs     | 16 ++-------
 crates/tui/src/models.rs                    | 22 ++++++++----
 6 files changed, 70 insertions(+), 59 deletions(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index 7aad7ae6..a683ebe3 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -1287,15 +1287,8 @@ impl Engine {
         removed
     }
 
-    async fn recover_context_overflow(
-        &mut self,
-        client: &DeepSeekClient,
-        reason: &str,
-        requested_output_tokens: u32,
-    ) -> bool {
-        let Some(target_budget) =
-            context_input_budget(&self.session.model, requested_output_tokens)
-        else {
+    async fn recover_context_overflow(&mut self, client: &DeepSeekClient, reason: &str) -> bool {
+        let Some(target_budget) = context_input_budget(&self.session.model) else {
             return false;
         };
 
@@ -1971,9 +1964,9 @@ mod handle;
 pub(crate) use context::compact_tool_result_for_context;
 use context::{
     COMPACTION_SUMMARY_MARKER, MAX_CONTEXT_RECOVERY_ATTEMPTS, MIN_RECENT_MESSAGES_TO_KEEP,
-    TURN_MAX_OUTPUT_TOKENS, context_input_budget, effective_max_output_tokens,
-    estimate_input_tokens_conservative, extract_compaction_summary_prompt,
-    is_context_length_error_message, summarize_text, turn_response_headroom_tokens,
+    context_input_budget, effective_max_output_tokens, estimate_input_tokens_conservative,
+    extract_compaction_summary_prompt, is_context_length_error_message, summarize_text,
+    turn_response_headroom_tokens,
 };
 mod dispatch;
 mod loop_guard;
diff --git a/crates/tui/src/core/engine/capacity_flow.rs b/crates/tui/src/core/engine/capacity_flow.rs
index cee5fb76..fe357762 100644
--- a/crates/tui/src/core/engine/capacity_flow.rs
+++ b/crates/tui/src/core/engine/capacity_flow.rs
@@ -435,7 +435,7 @@ impl Engine {
         }
 
         if !refreshed {
-            let target_budget = context_input_budget(&self.session.model, TURN_MAX_OUTPUT_TOKENS)
+            let target_budget = context_input_budget(&self.session.model)
                 .unwrap_or(self.config.compaction.token_threshold.max(1));
             if self.estimated_input_tokens() > target_budget {
                 let trimmed = self.trim_oldest_messages_to_budget(target_budget);
diff --git a/crates/tui/src/core/engine/context.rs b/crates/tui/src/core/engine/context.rs
index cb97e774..6a28d6b4 100644
--- a/crates/tui/src/core/engine/context.rs
+++ b/crates/tui/src/core/engine/context.rs
@@ -354,9 +354,35 @@ pub(super) fn estimate_input_tokens_conservative(
         .saturating_add(framing_overhead)
 }
 
-pub(super) fn context_input_budget(model: &str, requested_output_tokens: u32) -> Option<usize> {
-    let window = usize::try_from(context_window_for_model(model)?).ok()?;
-    let output = usize::try_from(requested_output_tokens).ok()?;
+/// Context windows at or above this size reserve the full
+/// [`TURN_MAX_OUTPUT_TOKENS`] (262K) when computing the internal input budget,
+/// leaving room for V4-class interleaved thinking. Below it, the reservation
+/// falls back to [`effective_max_output_tokens`] so a smaller self-hosted
+/// window does not underflow to a negative budget.
+const INTERNAL_BUDGET_LARGE_WINDOW_THRESHOLD: u32 = 500_000;
+
+/// Internal input-side token budget for a model: `window - reserved_output -
+/// headroom`. Used by the preflight check, emergency recovery, and capacity
+/// trimming to decide when to compact.
+///
+/// The reserved-output term is window-dependent:
+///   * `window >= 500K` (V4-class large-context) -> [`TURN_MAX_OUTPUT_TOKENS`]
+///     (262K). Preserves the "leave room for interleaved thinking" contract.
+///   * `window < 500K` (smaller / self-hosted, e.g. a 256K vLLM Qwen window)
+///     -> [`effective_max_output_tokens`], i.e. what the API actually caps
+///     output at. Reserving the full 262K here would compute
+///     `256K - 262K - 1K`, which underflows `checked_sub` to `None` and
+///     *silently disables every preflight and emergency recovery path* — the
+///     session then runs until the provider hard-rejects on context length.
+pub(super) fn context_input_budget(model: &str) -> Option<usize> {
+    let window_tokens = context_window_for_model(model)?;
+    let window = usize::try_from(window_tokens).ok()?;
+    let reserved_output = if window_tokens >= INTERNAL_BUDGET_LARGE_WINDOW_THRESHOLD {
+        TURN_MAX_OUTPUT_TOKENS
+    } else {
+        effective_max_output_tokens(model)
+    };
+    let output = usize::try_from(reserved_output).ok()?;
     window
         .checked_sub(output)
         .and_then(|v| v.checked_sub(CONTEXT_HEADROOM_TOKENS))
diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index 851b09ea..e68f5fb2 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -1,5 +1,6 @@
 use super::*;
 
+use super::context::TURN_MAX_OUTPUT_TOKENS;
 use crate::models::SystemBlock;
 use crate::test_support::lock_test_env;
 use crate::tools::spec::ToolCapability;
@@ -916,7 +917,7 @@ fn detects_context_length_errors_from_provider_payloads() {
 fn context_budget_reserves_output_and_headroom() {
     // V4 has a 1M context window — the only family that comfortably hosts
     // a 256K output reservation without saturating the input budget to 0.
-    let budget = context_input_budget("deepseek-v4-pro", TURN_MAX_OUTPUT_TOKENS)
+    let budget = context_input_budget("deepseek-v4-pro")
         .expect("deepseek-v4-pro should have a known context window");
     let v4_window: usize = 1_000_000;
     let expected = v4_window - (TURN_MAX_OUTPUT_TOKENS as usize) - 1_024usize;
@@ -943,31 +944,24 @@ fn effective_max_output_tokens_caps_api_request_for_large_window_models() {
 }
 
 #[test]
-fn internal_context_budget_unaffected_by_api_request_cap() {
-    // The internal context budget (used for compaction/preflight/recovery)
-    // must still use the full TURN_MAX_OUTPUT_TOKENS headroom, NOT the
-    // smaller API request cap. This ensures long-context V4 sessions don't
-    // compact prematurely.
-    let internal_budget = context_input_budget("deepseek-v4-pro", TURN_MAX_OUTPUT_TOKENS)
-        .expect("V4 should have a known context window");
-    let api_cap_budget = context_input_budget(
-        "deepseek-v4-pro",
-        effective_max_output_tokens("deepseek-v4-pro"),
-    )
-    .expect("V4 should have a known context window");
-
-    // Internal budget reserves 262K for output; API-cap budget would only
-    // reserve 64K. Internal budget must be smaller (more conservative).
-    assert!(
-        internal_budget < api_cap_budget,
-        "Internal budget ({internal_budget}) should be smaller than API-cap budget ({api_cap_budget}) \
-         because it reserves more headroom for output"
-    );
-
-    // Verify the internal budget is what the compaction logic actually uses.
+fn internal_context_budget_tiers_reserved_output_by_window() {
+    // Large-context (>=500K) models reserve the full TURN_MAX_OUTPUT_TOKENS
+    // headroom so long V4 sessions don't compact prematurely.
+    let internal_budget =
+        context_input_budget("deepseek-v4-pro").expect("V4 should have a known context window");
     let v4_window: usize = 1_000_000;
     let expected_internal = v4_window - (TURN_MAX_OUTPUT_TOKENS as usize) - 1_024usize;
     assert_eq!(internal_budget, expected_internal);
+
+    // Sub-500K windows cross into the effective-cap branch: a 256K self-hosted
+    // deployment must yield a usable positive budget rather than None. The
+    // previous formula reserved the full 262K and computed 256K - 262K - 1K,
+    // which underflowed to None and silently disabled preflight/recovery.
+    let small_window_budget = context_input_budget("qwen3-32b-256k")
+        .expect("a 256K-suffix model must yield Some budget via the effective-cap branch");
+    let effective_output = effective_max_output_tokens("qwen3-32b-256k") as usize;
+    let expected_small = 256_000 - effective_output - 1_024;
+    assert_eq!(small_window_budget, expected_small);
 }
 
 #[test]
diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index cf04a955..70f94f25 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -173,9 +173,7 @@ impl Engine {
                 continue;
             }
 
-            if let Some(input_budget) =
-                context_input_budget(&self.session.model, TURN_MAX_OUTPUT_TOKENS)
-            {
+            if let Some(input_budget) = context_input_budget(&self.session.model) {
                 let estimated_input = self.estimated_input_tokens();
                 if estimated_input > input_budget {
                     if context_recovery_attempts >= MAX_CONTEXT_RECOVERY_ATTEMPTS {
@@ -192,11 +190,7 @@ impl Engine {
                     }
 
                     if self
-                        .recover_context_overflow(
-                            &client,
-                            "preflight token budget",
-                            TURN_MAX_OUTPUT_TOKENS,
-                        )
+                        .recover_context_overflow(&client, "preflight token budget")
                         .await
                     {
                         context_recovery_attempts = context_recovery_attempts.saturating_add(1);
@@ -326,11 +320,7 @@ impl Engine {
                     if is_context_length_error_message(&message)
                         && context_recovery_attempts < MAX_CONTEXT_RECOVERY_ATTEMPTS
                         && self
-                            .recover_context_overflow(
-                                &client,
-                                "provider context-length rejection",
-                                TURN_MAX_OUTPUT_TOKENS,
-                            )
+                            .recover_context_overflow(&client, "provider context-length rejection")
                             .await
                     {
                         context_recovery_attempts = context_recovery_attempts.saturating_add(1);
diff --git a/crates/tui/src/models.rs b/crates/tui/src/models.rs
index a5f52c6d..91c642e1 100644
--- a/crates/tui/src/models.rs
+++ b/crates/tui/src/models.rs
@@ -208,16 +208,22 @@ pub struct Usage {
 }
 
 /// Map known models to their approximate context window sizes.
+///
+/// Lookup order:
+/// 1. An explicit `_Nk` suffix in the model name, for **any** vendor. This
+///    lets self-hosted deployments advertise their window through the served
+///    model name (e.g. a vLLM `--served-model-name qwen3-32b-256k`), which is
+///    the only signal we have for non-DeepSeek/Claude models. The 1000-token
+///    approximation is fine for compaction-threshold math.
+/// 2. DeepSeek vendor heuristics (V4 family -> 1M, legacy -> 128K).
+/// 3. Claude -> 200K.
 #[must_use]
 pub fn context_window_for_model(model: &str) -> Option<u32> {
     let lower = model.to_lowercase();
-    // Unknown legacy DeepSeek model IDs default to 128K unless an explicit
-    // *k suffix is present. DeepSeek-V4 family and current compatibility
-    // aliases ship with a 1M context window.
+    if let Some(explicit_window) = explicit_context_window_hint(&lower) {
+        return Some(explicit_window);
+    }
     if lower.contains("deepseek") {
-        if let Some(explicit_window) = deepseek_context_window_hint(&lower) {
-            return Some(explicit_window);
-        }
         if lower.contains("v4") {
             return Some(DEEPSEEK_V4_CONTEXT_WINDOW_TOKENS);
         }
@@ -229,7 +235,9 @@ pub fn context_window_for_model(model: &str) -> Option<u32> {
     None
 }
 
-fn deepseek_context_window_hint(model_lower: &str) -> Option<u32> {
+/// Parse an explicit `_Nk` context-window hint from a model name (vendor
+/// agnostic). Returns the window in tokens for `N` in `8..=1024`.
+fn explicit_context_window_hint(model_lower: &str) -> Option<u32> {
     let bytes = model_lower.as_bytes();
     let mut i = 0usize;
     while i < bytes.len() {

From 7976374e91ee20475180606fa4fb73a2a9227dee Mon Sep 17 00:00:00 2001
From: cyq <61975706+cyq1017@users.noreply.github.com>
Date: Tue, 26 May 2026 07:26:39 +0800
Subject: [PATCH 008/283] fix(tui): emit subagent completion before terminal
 update

Harvested from PR #2120 by @cyq1017.

Co-authored-by: cyq <15000851237@163.com>
---
 crates/tui/src/tools/subagent/mod.rs   | 24 +++++-----
 crates/tui/src/tools/subagent/tests.rs | 63 ++++++++++++++++++++++++++
 2 files changed, 76 insertions(+), 11 deletions(-)

diff --git a/crates/tui/src/tools/subagent/mod.rs b/crates/tui/src/tools/subagent/mod.rs
index 166de979..9da72d85 100644
--- a/crates/tui/src/tools/subagent/mod.rs
+++ b/crates/tui/src/tools/subagent/mod.rs
@@ -3510,12 +3510,6 @@ async fn run_subagent_task(task: SubAgentTask) {
     )
     .await;
 
-    let mut manager = task.manager_handle.write().await;
-    match &result {
-        Ok(res) => manager.update_from_result(&task.agent_id, res.clone()),
-        Err(err) => manager.update_failed(&task.agent_id, err.to_string()),
-    }
-
     // Emit BOTH a human-friendly summary (rendered in the parent's
     // sidebar / cell) AND a structured sentinel the model can recognize
     // on its next turn. Format: human summary on the first line,
@@ -3548,16 +3542,24 @@ async fn run_subagent_task(task: SubAgentTask) {
     }
 
     let payload = format!("{summary}\n{sentinel}");
+    let agent_id = task.agent_id.clone();
 
     // Wake the engine's parent turn loop if this is one of its direct
-    // children (issue #756). Gating by `spawn_depth == 1` means the parent
-    // only sees completions for agents it directly orchestrated, not for
-    // grandchildren spawned recursively inside its children.
-    emit_parent_completion(&task.runtime, &task.agent_id, &payload);
+    // children (issue #756). Issue #1961 also requires emit to happen
+    // before marking the manager terminal state so the parent can observe the
+    // completion while its "running children" gate is still open. If we
+    // update first, the parent can finalize before the completion arrives.
+    emit_parent_completion(&task.runtime, &agent_id, &payload);
+
+    let mut manager = task.manager_handle.write().await;
+    match &result {
+        Ok(res) => manager.update_from_result(&agent_id, res.clone()),
+        Err(err) => manager.update_failed(&agent_id, err.to_string()),
+    }
 
     if let Some(event_tx) = task.runtime.event_tx {
         let _ = event_tx.try_send(Event::AgentComplete {
-            id: task.agent_id,
+            id: agent_id.clone(),
             result: payload,
         });
     }
diff --git a/crates/tui/src/tools/subagent/tests.rs b/crates/tui/src/tools/subagent/tests.rs
index 7f746412..39fd5780 100644
--- a/crates/tui/src/tools/subagent/tests.rs
+++ b/crates/tui/src/tools/subagent/tests.rs
@@ -2030,6 +2030,69 @@ fn emit_parent_completion_dropped_receiver_does_not_panic() {
     );
 }
 
+#[tokio::test]
+async fn run_subagent_task_emits_parent_completion_before_terminal_update() {
+    let manager = Arc::new(RwLock::new(SubAgentManager::new(PathBuf::from("."), 2)));
+    let (task_input_tx, task_input_rx) = mpsc::unbounded_channel();
+    let agent_id = "agent_noop".to_string();
+    let mut agent = SubAgent::new(
+        agent_id.clone(),
+        SubAgentType::General,
+        "noop".to_string(),
+        make_assignment(),
+        "deepseek-v4-flash".to_string(),
+        None,
+        None,
+        task_input_tx,
+        "boot_test".to_string(),
+    );
+    agent.status = SubAgentStatus::Running;
+    manager.write().await.agents.insert(agent_id.clone(), agent);
+
+    let (completion_tx, mut completion_rx) = mpsc::unbounded_channel::<SubAgentCompletion>();
+    let mut runtime = runtime_with_depth(1, Some(completion_tx));
+    runtime.manager = Arc::clone(&manager);
+
+    let task = SubAgentTask {
+        manager_handle: manager.clone(),
+        runtime,
+        agent_id: agent_id.clone(),
+        agent_type: SubAgentType::General,
+        prompt: "no-op child run".to_string(),
+        assignment: make_assignment(),
+        allowed_tools: None,
+        fork_context: false,
+        started_at: Instant::now(),
+        max_steps: 0,
+        input_rx: task_input_rx,
+    };
+
+    let manager_lock = manager.write().await;
+    let task_handle = tokio::spawn(run_subagent_task(task));
+
+    // While the manager write lock is held, completion can be emitted only if it
+    // is sent before the terminal-state manager update (the ordering fixed by
+    // issue #1961).
+    let completion = tokio::time::timeout(Duration::from_secs(1), completion_rx.recv())
+        .await
+        .expect("completion should be emitted while manager write lock is still held");
+    let completion = completion.expect("completion channel should remain open");
+    assert_eq!(completion.agent_id, agent_id);
+
+    drop(manager_lock);
+    task_handle
+        .await
+        .expect("run_subagent_task should complete after lock release");
+
+    let snapshot = {
+        let manager = manager.read().await;
+        manager
+            .get_result(&agent_id)
+            .expect("completed agent should be present")
+    };
+    assert_eq!(snapshot.status, SubAgentStatus::Completed);
+}
+
 #[test]
 fn child_runtime_propagates_completion_tx_for_gating() {
     // The channel is cloned through `child_runtime()` so descendants carry

From 43f317d5242a53b54166eccc2967305464984edb Mon Sep 17 00:00:00 2001
From: cyq <61975706+cyq1017@users.noreply.github.com>
Date: Tue, 26 May 2026 07:27:24 +0800
Subject: [PATCH 009/283] fix(tui): start actionable goal prompts

Harvested from PR #2097 by @cyq1017.

Co-authored-by: cyq <15000851237@163.com>
---
 crates/tui/src/commands/goal.rs | 82 +++++++++++++++++++++++++++++++--
 1 file changed, 78 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/commands/goal.rs b/crates/tui/src/commands/goal.rs
index 47a4d62e..9bc2a945 100644
--- a/crates/tui/src/commands/goal.rs
+++ b/crates/tui/src/commands/goal.rs
@@ -1,6 +1,6 @@
 //! /goal command — set a session objective with token budget and progress tracking.
 
-use crate::tui::app::App;
+use crate::tui::app::{App, AppAction};
 
 use super::CommandResult;
 
@@ -26,6 +26,10 @@ pub fn goal(app: &mut App, arg: Option<&str>) -> CommandResult {
         Some(text) if !text.is_empty() => {
             // Parse optional budget: "/goal Implement login | budget: 50000"
             let (objective, budget) = parse_goal_budget(text);
+            let objective = objective.trim().to_string();
+            if objective.is_empty() || objective.chars().all(|c| c == '|') {
+                return CommandResult::error("Usage: /goal <objective> [budget: N]");
+            }
             app.goal.goal_objective = Some(objective.clone());
             app.goal.goal_token_budget = budget;
             app.goal.goal_started_at = Some(std::time::Instant::now());
@@ -33,9 +37,10 @@ pub fn goal(app: &mut App, arg: Option<&str>) -> CommandResult {
             let budget_str = budget
                 .map(|b| format!(" (budget: {b} tokens)"))
                 .unwrap_or_default();
-            CommandResult::message(format!(
-                "Goal set: \"{objective}\"{budget_str} — tracking progress."
-            ))
+            CommandResult::with_message_and_action(
+                format!("Goal set: \"{objective}\"{budget_str} — tracking progress."),
+                AppAction::SendMessage(objective),
+            )
         }
         _ => {
             // Show current goal
@@ -102,6 +107,7 @@ fn parse_goal_budget(text: &str) -> (String, Option<u32>) {
 mod tests {
     use super::*;
     use crate::config::Config;
+    use crate::tui::app::AppAction;
     use crate::tui::app::{App, TuiOptions};
     use std::path::PathBuf;
 
@@ -139,6 +145,34 @@ mod tests {
             app.goal.goal_objective.as_deref(),
             Some("Fix the login bug")
         );
+        assert!(matches!(
+            result.action,
+            Some(AppAction::SendMessage(msg)) if msg == "Fix the login bug"
+        ));
+    }
+
+    #[test]
+    fn test_execute_goal_dispatched_as_sendmessage() {
+        let mut app = create_test_app();
+        let result = crate::commands::execute("/goal Implement login flow", &mut app);
+        assert!(
+            result
+                .message
+                .is_some_and(|message| message.contains("Goal set"))
+        );
+        assert!(matches!(
+            result.action,
+            Some(AppAction::SendMessage(content))
+                if content == "Implement login flow".to_string()
+        ));
+    }
+
+    #[test]
+    fn test_execute_goal_without_argument_shows_state() {
+        let mut app = create_test_app();
+        let result = crate::commands::execute("/goal", &mut app);
+        assert!(result.action.is_none());
+        assert!(matches!(result.message.as_deref(), Some(value) if value.contains("No goal set")));
     }
 
     #[test]
@@ -147,6 +181,46 @@ mod tests {
         let _ = goal(&mut app, Some("Refactor auth | budget: 50000"));
         assert_eq!(app.goal.goal_objective.as_deref(), Some("Refactor auth"));
         assert_eq!(app.goal.goal_token_budget, Some(50_000));
+        assert!(app.goal.goal_started_at.is_some());
+    }
+
+    #[test]
+    fn test_set_goal_rejects_budget_only_objective() {
+        let mut app = create_test_app();
+        app.goal.goal_objective = Some("existing objective".to_string());
+        app.goal.goal_token_budget = Some(10_000);
+
+        let result = crate::commands::execute("/goal budget: 50000", &mut app);
+        assert!(result.is_error);
+        assert!(result.action.is_none());
+        assert!(
+            result
+                .message
+                .as_deref()
+                .unwrap_or_default()
+                .contains("Usage: /goal")
+        );
+        assert_eq!(
+            app.goal.goal_objective.as_deref(),
+            Some("existing objective")
+        );
+        assert_eq!(app.goal.goal_token_budget, Some(10_000));
+
+        let pipe_result = crate::commands::execute("/goal | budget: 50000", &mut app);
+        assert!(pipe_result.is_error);
+        assert!(pipe_result.action.is_none());
+        assert!(
+            pipe_result
+                .message
+                .as_deref()
+                .unwrap_or_default()
+                .contains("Usage: /goal")
+        );
+        assert_eq!(
+            app.goal.goal_objective.as_deref(),
+            Some("existing objective")
+        );
+        assert_eq!(app.goal.goal_token_budget, Some(10_000));
     }
 
     #[test]

From b45287133bbfae50d168e0093377c97ec4bf4470 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 07:28:04 +0800
Subject: [PATCH 010/283] feat: embed user prompt in snapshot labels for
 readable /restore listings

Harvested from PR #2111 by @idling11.

Co-authored-by: Hanmiao Li <894876246@qq.com>
---
 crates/tui/src/core/engine.rs | 21 +++++++++++--
 crates/tui/src/core/turn.rs   | 55 ++++++++++++++++++++++++++++++++---
 2 files changed, 70 insertions(+), 6 deletions(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index a683ebe3..f98f523c 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -934,11 +934,17 @@ impl Engine {
         // work on the blocking pool so the async runtime stays responsive;
         // failure is non-fatal (the helper logs at WARN).
         if self.config.snapshots_enabled {
+            // Clone the user prompt now — `content` is moved into
+            // `user_text_message_with_turn_metadata` below, so we need
+            // a copy for both pre- and post-turn snapshot labels. The
+            // label carries a truncated first line so `/restore`
+            // listings are human-readable.
+            let snapshot_prompt = content.clone();
             let pre_workspace = self.session.workspace.clone();
             let pre_seq = self.turn_counter;
             let pre_cap = self.config.snapshots_max_workspace_bytes;
             let _ = tokio::task::spawn_blocking(move || {
-                pre_turn_snapshot(&pre_workspace, pre_seq, pre_cap)
+                pre_turn_snapshot(&pre_workspace, pre_seq, pre_cap, Some(&snapshot_prompt))
             })
             .await;
         }
@@ -949,6 +955,10 @@ impl Engine {
         // turns (#499).
         crate::retry_status::clear();
 
+        // Clone user prompt for post-turn snapshot label before `content`
+        // is moved into `user_text_message_with_turn_metadata` below.
+        let snapshot_prompt_post = content.clone();
+
         // Check if we have the appropriate client
         if self.deepseek_client.is_none() {
             let message = self
@@ -1158,11 +1168,18 @@ impl Engine {
         // paste immediately (#234). The git work proceeds on the blocking
         // pool without forcing the engine loop to await it.
         if self.config.snapshots_enabled {
+            // `snapshot_prompt_post` was cloned from `content` above,
+            // before `content` was moved into the session messages.
             let post_workspace = self.session.workspace.clone();
             let post_seq = self.turn_counter;
             let post_cap = self.config.snapshots_max_workspace_bytes;
             crate::utils::spawn_blocking_supervised("post-turn-snapshot", move || {
-                post_turn_snapshot(&post_workspace, post_seq, post_cap);
+                post_turn_snapshot(
+                    &post_workspace,
+                    post_seq,
+                    post_cap,
+                    Some(&snapshot_prompt_post),
+                );
             });
         }
     }
diff --git a/crates/tui/src/core/turn.rs b/crates/tui/src/core/turn.rs
index 049bc44a..b4a551dc 100644
--- a/crates/tui/src/core/turn.rs
+++ b/crates/tui/src/core/turn.rs
@@ -128,16 +128,54 @@ fn add_optional_usage(total: Option<u32>, delta: Option<u32>) -> Option<u32> {
     }
 }
 
+/// Maximum characters of the user prompt snippet to embed in a snapshot
+/// label. Longer prompts are truncated with an ellipsis.
+const USER_PROMPT_LABEL_MAX: usize = 100;
+
+/// Format a snapshot label that includes the user prompt for readability
+/// in `/restore` listings.
+///
+/// Takes the first line of the prompt (up to `USER_PROMPT_LABEL_MAX`
+/// characters) and appends it to the traditional `type:seq` label so
+/// users can identify which turn each snapshot belongs to.
+fn format_snapshot_label(prefix: &str, turn_seq: u64, user_prompt: Option<&str>) -> String {
+    let base = format!("{prefix}:{turn_seq}");
+    match user_prompt {
+        None | Some("") => base,
+        Some(prompt) => {
+            let first_line = prompt.lines().next().unwrap_or("");
+            let truncated: String = first_line.chars().take(USER_PROMPT_LABEL_MAX).collect();
+            if truncated.chars().count() < first_line.chars().count() {
+                format!("{base}: {truncated}…")
+            } else {
+                format!("{base}: {truncated}")
+            }
+        }
+    }
+}
+
 /// Take a `pre-turn:<seq>` workspace snapshot.
 ///
 /// `cap_bytes` is the workspace-size ceiling that gates first-init
 /// (passed through to [`SnapshotRepo::open_or_init_with_cap`]); pass
 /// `0` to disable the cap.
+/// `user_prompt` is an optional snippet of the user's message for this
+/// turn, embedded in the snapshot label so `/restore` listings are
+/// human-readable.
 ///
 /// Returns the snapshot SHA on success, `None` on any error. Errors are
 /// logged at WARN; the turn loop must not block on this.
-pub fn pre_turn_snapshot(workspace: &Path, turn_seq: u64, cap_bytes: u64) -> Option<String> {
-    snapshot_with_label(workspace, &format!("pre-turn:{turn_seq}"), cap_bytes)
+pub fn pre_turn_snapshot(
+    workspace: &Path,
+    turn_seq: u64,
+    cap_bytes: u64,
+    user_prompt: Option<&str>,
+) -> Option<String> {
+    snapshot_with_label(
+        workspace,
+        &format_snapshot_label("pre-turn", turn_seq, user_prompt),
+        cap_bytes,
+    )
 }
 
 /// Take a `tool:<call_id>` workspace snapshot, taken before executing a
@@ -154,8 +192,17 @@ pub fn pre_tool_snapshot(workspace: &Path, call_id: &str, cap_bytes: u64) -> Opt
 
 /// Take a `post-turn:<seq>` workspace snapshot. Same failure model as
 /// [`pre_turn_snapshot`].
-pub fn post_turn_snapshot(workspace: &Path, turn_seq: u64, cap_bytes: u64) -> Option<String> {
-    snapshot_with_label(workspace, &format!("post-turn:{turn_seq}"), cap_bytes)
+pub fn post_turn_snapshot(
+    workspace: &Path,
+    turn_seq: u64,
+    cap_bytes: u64,
+    user_prompt: Option<&str>,
+) -> Option<String> {
+    snapshot_with_label(
+        workspace,
+        &format_snapshot_label("post-turn", turn_seq, user_prompt),
+        cap_bytes,
+    )
 }
 
 fn snapshot_with_label(workspace: &Path, label: &str, cap_bytes: u64) -> Option<String> {

From 1a78e3cc7ec8b09d0b19a1d7f1213476a6cfd1d5 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 07:28:48 +0800
Subject: [PATCH 011/283] feat(tui): add sidebar hover tooltip for truncated
 Work/Tasks lines

Harvested from PR #2110 by @idling11.

Co-authored-by: Hanmiao Li <894876246@qq.com>
---
 crates/tui/src/tui/app.rs      |  25 ++++++++
 crates/tui/src/tui/mouse_ui.rs |  37 ++++++++++++
 crates/tui/src/tui/sidebar.rs  | 101 ++++++++++++++++++++++++++++-----
 crates/tui/src/tui/ui.rs       |  28 +++++++++
 4 files changed, 176 insertions(+), 15 deletions(-)

diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 4e5e78c0..f0368bf5 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1009,6 +1009,22 @@ pub struct SessionState {
     pub last_cache_inspection: Option<PromptInspection>,
 }
 
+/// Sidebar hover state for mouse tooltip support.
+#[derive(Debug, Clone, Default)]
+pub struct SidebarHoverState {
+    /// Rendered sections with their areas and full-text lines.
+    pub sections: Vec<SidebarHoverSection>,
+}
+
+/// Per-section metadata for sidebar hover detection.
+#[derive(Debug, Clone)]
+pub struct SidebarHoverSection {
+    /// Content area within the section (inside border + padding).
+    pub content_area: Rect,
+    /// Full original text for each content line rendered.
+    pub lines: Vec<String>,
+}
+
 impl Default for SessionState {
     fn default() -> Self {
         Self {
@@ -1156,6 +1172,12 @@ pub struct App {
     pub transcript_spacing: TranscriptSpacing,
     pub sidebar_width_percent: u16,
     pub sidebar_focus: SidebarFocus,
+    /// Sidebar hover state for mouse tooltip support.
+    pub sidebar_hover: SidebarHoverState,
+    /// Current hover tooltip text, if any.
+    pub sidebar_hover_tooltip: Option<String>,
+    /// Last known mouse position for tooltip placement.
+    pub last_mouse_pos: Option<(u16, u16)>,
     /// Whether the session-context panel is enabled (#504).
     pub context_panel: bool,
     /// File-tree pane state. `None` when hidden; `Some` when visible.
@@ -1830,6 +1852,9 @@ impl App {
             transcript_spacing,
             sidebar_width_percent,
             sidebar_focus,
+            sidebar_hover: SidebarHoverState::default(),
+            sidebar_hover_tooltip: None,
+            last_mouse_pos: None,
             context_panel: settings.context_panel,
             file_tree: None,
             file_tree_visible: false,
diff --git a/crates/tui/src/tui/mouse_ui.rs b/crates/tui/src/tui/mouse_ui.rs
index 589c31ae..c3c985c1 100644
--- a/crates/tui/src/tui/mouse_ui.rs
+++ b/crates/tui/src/tui/mouse_ui.rs
@@ -53,6 +53,43 @@ pub(crate) fn handle_mouse_event(app: &mut App, mouse: MouseEvent) -> Vec<ViewEv
     }
 
     match mouse.kind {
+        MouseEventKind::Moved => {
+            // Update last mouse position for tooltip rendering.
+            app.last_mouse_pos = Some((mouse.column, mouse.row));
+
+            // Check sidebar sections for hover tooltip.
+            let mut found = false;
+            for section in &app.sidebar_hover.sections {
+                if mouse.column >= section.content_area.x
+                    && mouse.column
+                        < section
+                            .content_area
+                            .x
+                            .saturating_add(section.content_area.width)
+                    && mouse.row >= section.content_area.y
+                    && mouse.row
+                        < section
+                            .content_area
+                            .y
+                            .saturating_add(section.content_area.height)
+                {
+                    let line_idx = (mouse.row.saturating_sub(section.content_area.y)) as usize;
+                    if line_idx < section.lines.len() {
+                        let new_tooltip = section.lines[line_idx].clone();
+                        if app.sidebar_hover_tooltip.as_deref() != Some(&new_tooltip) {
+                            app.sidebar_hover_tooltip = Some(new_tooltip);
+                            app.needs_redraw = true;
+                        }
+                        found = true;
+                        break;
+                    }
+                }
+            }
+            if !found && app.sidebar_hover_tooltip.is_some() {
+                app.sidebar_hover_tooltip = None;
+                app.needs_redraw = true;
+            }
+        }
         MouseEventKind::ScrollUp => {
             let update = app.viewport.mouse_scroll.on_scroll(ScrollDirection::Up);
             app.viewport.pending_scroll_delta = app
diff --git a/crates/tui/src/tui/sidebar.rs b/crates/tui/src/tui/sidebar.rs
index bff5c51a..8b488178 100644
--- a/crates/tui/src/tui/sidebar.rs
+++ b/crates/tui/src/tui/sidebar.rs
@@ -22,7 +22,7 @@ use crate::tools::plan::StepStatus;
 use crate::tools::subagent::SubAgentStatus;
 use crate::tools::todo::TodoStatus;
 
-use super::app::{App, SidebarFocus, TaskPanelEntry};
+use super::app::{App, SidebarFocus, SidebarHoverSection, SidebarHoverState, TaskPanelEntry};
 use super::history::{GenericToolCell, HistoryCell, ToolCell, ToolStatus, summarize_tool_output};
 use super::subagent_routing::active_fanout_counts;
 use super::ui_text::{concise_shell_command_label, truncate_line_to_width};
@@ -35,7 +35,9 @@ const RECENT_TOOL_SCAN_LIMIT: usize = 24;
 const ACTIVE_TOOL_COMPLETED_ROW_TTL: Duration = Duration::from_secs(8);
 const ACTIVE_TOOL_STALE_RUNNING_ROW_TTL: Duration = Duration::from_secs(600);
 
-pub fn render_sidebar(f: &mut Frame, area: Rect, app: &App) {
+pub fn render_sidebar(f: &mut Frame, area: Rect, app: &mut App) {
+    // Clear hover state at the start of each render
+    app.sidebar_hover = SidebarHoverState::default();
     if area.width < 24 || area.height < 8 {
         // Paint a styled block over the area so stale cells from a previous
         // (wider) frame don't persist as bleed-through artifacts (#400).
@@ -60,7 +62,7 @@ pub fn render_sidebar(f: &mut Frame, area: Rect, app: &App) {
 /// Build the Auto-mode panel stack. Empty panels collapse to zero height so
 /// non-empty ones get the full sidebar real estate. Work appears when it has
 /// useful content, or as the one quiet empty state when nothing else is active.
-fn render_sidebar_auto(f: &mut Frame, area: Rect, app: &App) {
+fn render_sidebar_auto(f: &mut Frame, area: Rect, app: &mut App) {
     let work_has_content = sidebar_work_summary(app).has_useful_content();
     let tasks_empty = app.runtime_turn_id.is_none() && app.task_panel.is_empty();
     let agents_empty = app.subagent_cache.is_empty()
@@ -557,7 +559,7 @@ fn work_panel_empty_hint(content_width: usize) -> String {
     truncate_line_to_width("No active work", content_width)
 }
 
-fn render_sidebar_work(f: &mut Frame, area: Rect, app: &App) {
+fn render_sidebar_work(f: &mut Frame, area: Rect, app: &mut App) {
     if area.height < 3 {
         return;
     }
@@ -572,10 +574,11 @@ fn render_sidebar_work(f: &mut Frame, area: Rect, app: &App) {
         app.ui_theme.mode,
     );
 
-    render_sidebar_section(f, area, "Work", lines, app);
+    let full_texts: Vec<String> = lines.iter().map(|l| spans_to_text(&l.spans)).collect();
+    render_sidebar_section(f, area, "Work", lines, full_texts, app);
 }
 
-fn render_sidebar_tasks(f: &mut Frame, area: Rect, app: &App) {
+fn render_sidebar_tasks(f: &mut Frame, area: Rect, app: &mut App) {
     if area.height < 3 {
         return;
     }
@@ -584,7 +587,8 @@ fn render_sidebar_tasks(f: &mut Frame, area: Rect, app: &App) {
     let usable_rows = area.height.saturating_sub(3) as usize;
     let lines = task_panel_lines(app, content_width.max(1), usable_rows.max(1));
 
-    render_sidebar_section(f, area, "Tasks", lines, app);
+    let full_texts: Vec<String> = lines.iter().map(|l| spans_to_text(&l.spans)).collect();
+    render_sidebar_section(f, area, "Tasks", lines, full_texts, app);
 }
 
 #[derive(Debug, Clone)]
@@ -1374,7 +1378,7 @@ fn duration_ms(duration: Duration) -> u64 {
     u64::try_from(duration.as_millis()).unwrap_or(u64::MAX)
 }
 
-fn render_sidebar_subagents(f: &mut Frame, area: Rect, app: &App) {
+fn render_sidebar_subagents(f: &mut Frame, area: Rect, app: &mut App) {
     if area.height < 3 {
         return;
     }
@@ -1421,7 +1425,7 @@ fn render_sidebar_subagents(f: &mut Frame, area: Rect, app: &App) {
     let rows = sidebar_agent_rows(app);
     let lines = subagent_panel_lines(&summary, &rows, content_width, usable_rows.max(1));
 
-    render_sidebar_section(f, area, "Agents", lines, app);
+    render_sidebar_section(f, area, "Agents", lines, Vec::new(), app);
 }
 
 /// Minimal projection of the data the sub-agent sidebar needs. Lifted out
@@ -1659,7 +1663,7 @@ fn agent_status_marker(status: &str) -> (&'static str, ratatui::style::Color) {
 /// cost, MCP server count, LSP toggle state, cycle count, and memory
 /// file size + mtime. Each section is a compact one-liner so the panel
 /// reads as a dashboard rather than a scrolling list.
-fn render_context_panel(f: &mut Frame, area: Rect, app: &App) {
+fn render_context_panel(f: &mut Frame, area: Rect, app: &mut App) {
     if area.height < 3 {
         return;
     }
@@ -1789,7 +1793,15 @@ fn render_context_panel(f: &mut Frame, area: Rect, app: &App) {
         )));
     }
 
-    render_sidebar_section(f, area, "Session", lines, app);
+    render_sidebar_section(f, area, "Session", lines, Vec::new(), app);
+}
+
+fn spans_to_text(spans: &[Span<'_>]) -> String {
+    let mut s = String::new();
+    for span in spans {
+        s.push_str(span.content.as_ref());
+    }
+    s
 }
 
 fn render_sidebar_section(
@@ -1797,7 +1809,8 @@ fn render_sidebar_section(
     area: Rect,
     title: &str,
     lines: Vec<Line<'static>>,
-    app: &App,
+    full_texts: Vec<String>,
+    app: &mut App,
 ) {
     if area.width < 4 || area.height < 3 {
         // Clear stale cells before bailing out (#400).
@@ -1808,6 +1821,19 @@ fn render_sidebar_section(
     }
 
     let theme = Theme::for_palette_mode(app.ui_theme.mode);
+
+    // Record hover metadata for mouse tooltip support.
+    let padding = theme.section_padding;
+    let content_area = Rect {
+        x: area.x + 1 + padding.left,
+        y: area.y + 1 + padding.top,
+        width: area.width.saturating_sub(2 + padding.left + padding.right),
+        height: area.height.saturating_sub(2 + padding.top + padding.bottom),
+    };
+    app.sidebar_hover.sections.push(SidebarHoverSection {
+        content_area,
+        lines: full_texts,
+    });
     // Truncate the panel title so it always fits within the section width
     // even after a resize. The title occupies up to 4 chars of border chrome
     // (two spaces + one space on each side), so the max title length is
@@ -1850,9 +1876,10 @@ fn render_sidebar_section(
 mod tests {
     use super::{
         ACTIVE_TOOL_COMPLETED_ROW_TTL, ACTIVE_TOOL_STALE_RUNNING_ROW_TTL, AutoSidebarPanel,
-        AutoSidebarState, SidebarAgentRow, SidebarSubagentSummary, SidebarWorkChecklistItem,
-        SidebarWorkStrategyStep, SidebarWorkSummary, auto_sidebar_panels, subagent_panel_lines,
-        task_panel_lines, work_panel_empty_hint, work_panel_lines,
+        AutoSidebarState, SidebarAgentRow, SidebarHoverSection, SidebarHoverState,
+        SidebarSubagentSummary, SidebarWorkChecklistItem, SidebarWorkStrategyStep,
+        SidebarWorkSummary, auto_sidebar_panels, subagent_panel_lines, task_panel_lines,
+        work_panel_empty_hint, work_panel_lines,
     };
     use crate::config::Config;
     use crate::palette::PaletteMode;
@@ -2664,4 +2691,48 @@ mod tests {
             "RLM work must be visible in Agents panel: {text:?}"
         );
     }
+
+    // ---- Sidebar hover tooltip tests ----
+
+    #[test]
+    fn sidebar_hover_state_default_is_empty() {
+        let state = SidebarHoverState::default();
+        assert!(state.sections.is_empty());
+    }
+
+    #[test]
+    fn sidebar_hover_section_stores_lines() {
+        use ratatui::layout::Rect;
+        let section = SidebarHoverSection {
+            content_area: Rect::new(1, 1, 38, 8),
+            lines: vec!["line 1".to_string(), "line 2".to_string()],
+        };
+        assert_eq!(section.lines.len(), 2);
+        assert_eq!(section.lines[0], "line 1");
+        assert!(section.content_area.x > 0);
+    }
+
+    #[test]
+    fn hover_line_matching_respects_content_area_offset() {
+        use ratatui::layout::Rect;
+        let section = SidebarHoverSection {
+            content_area: Rect::new(62, 2, 36, 6),
+            lines: vec![
+                "first".to_string(),
+                "second".to_string(),
+                "third".to_string(),
+            ],
+        };
+
+        // Mouse within content area, first line
+        let line_idx = (2u16.saturating_sub(section.content_area.y)) as usize;
+        assert_eq!(section.lines[line_idx], "first");
+
+        // Mouse within content area, second line
+        let line_idx = (3u16.saturating_sub(section.content_area.y)) as usize;
+        assert_eq!(section.lines[line_idx], "second");
+
+        // Mouse outside content area (above) — row < content_area.y
+        assert!((1u16) < section.content_area.y);
+    }
 }
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index dffa442c..852e6c4d 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -5817,6 +5817,34 @@ fn render(f: &mut Frame, app: &mut App) {
 
         if let Some(sidebar_area) = sidebar_area {
             super::sidebar::render_sidebar(f, sidebar_area, app);
+
+            // Render sidebar hover tooltip if active.
+            if let Some(ref tooltip_text) = app.sidebar_hover_tooltip
+                && let Some((mouse_col, mouse_row)) = app.last_mouse_pos
+            {
+                let text_width = (tooltip_text.len() as u16).clamp(10, 60);
+                let tooltip_height = 1u16;
+                let x = mouse_col
+                    .saturating_add(2)
+                    .min(size.width.saturating_sub(text_width));
+                let y = mouse_row
+                    .saturating_sub(1)
+                    .min(size.height.saturating_sub(tooltip_height));
+                if text_width > 0 && tooltip_height > 0 {
+                    let tooltip_area = Rect {
+                        x,
+                        y,
+                        width: text_width,
+                        height: tooltip_height,
+                    };
+                    let tooltip = ratatui::widgets::Paragraph::new(tooltip_text.as_str()).style(
+                        Style::default()
+                            .bg(palette::STATUS_WARNING)
+                            .fg(palette::TEXT_MUTED),
+                    );
+                    f.render_widget(tooltip, tooltip_area);
+                }
+            }
         }
     }
 

From c7bd7f161e50d12d88f0c8054ccf4cde32babcbb Mon Sep 17 00:00:00 2001
From: kitty <dw_wang126@126.com>
Date: Tue, 26 May 2026 07:29:22 +0800
Subject: [PATCH 012/283] feat: session title in composer

Harvested from PR #2108 by @wdw8276.

Co-authored-by: kitty <dw_wang126@126.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 crates/tui/src/palette.rs         |  3 +--
 crates/tui/src/tui/widgets/mod.rs | 40 +++++++++++++++++++++++--------
 2 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/crates/tui/src/palette.rs b/crates/tui/src/palette.rs
index c9980200..770308e9 100644
--- a/crates/tui/src/palette.rs
+++ b/crates/tui/src/palette.rs
@@ -1098,8 +1098,7 @@ fn grayscale_bg_from_luma(luma: u8) -> Color {
 }
 
 fn luma(r: u8, g: u8, b: u8) -> u8 {
-    let weighted = u32::from(r) * 299 + u32::from(g) * 587 + u32::from(b) * 114;
-    (weighted / 1000) as u8
+    ((u32::from(r) * 299 + u32::from(g) * 587 + u32::from(b) * 114 + 500) / 1000) as u8
 }
 // === Color depth + brightness helpers (v0.6.6 UI redesign) ===
 
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index 05ff8a95..a6b2307d 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -1827,7 +1827,8 @@ fn vim_mode_style(mode: VimMode) -> Style {
 
 fn composer_top_right_chrome(app: &App, area_width: u16) -> Option<Line<'static>> {
     let receipt = app.active_receipt_text();
-    if !app.composer.vim_enabled && receipt.is_none() {
+    let session_title = app.session_title.as_deref();
+    if !app.composer.vim_enabled && receipt.is_none() && session_title.is_none() {
         return None;
     }
 
@@ -1866,14 +1867,35 @@ fn composer_top_right_chrome(app: &App, area_width: u16) -> Option<Line<'static>
         )));
     }
 
+    let mut spans: Vec<Span> = Vec::new();
     if app.composer.vim_enabled {
-        return Some(Line::from(Span::styled(
+        spans.push(Span::styled(
             truncate_display_width(app.composer.vim_mode.label(), max_width),
             vim_mode_style(app.composer.vim_mode),
-        )));
+        ));
+    }
+    if let Some(title) = session_title {
+        let used: usize = spans
+            .iter()
+            .map(|s| UnicodeWidthStr::width(s.content.as_ref()))
+            .sum();
+        let sep = if spans.is_empty() { 0 } else { 2 };
+        let remaining = max_width.saturating_sub(used + sep);
+        if remaining >= 4 {
+            if !spans.is_empty() {
+                spans.push(Span::raw("  "));
+            }
+            spans.push(Span::styled(
+                truncate_display_width(title, remaining),
+                Style::default().fg(palette::TEXT_MUTED),
+            ));
+        }
+    }
+    if spans.is_empty() {
+        None
+    } else {
+        Some(Line::from(spans))
     }
-
-    None
 }
 
 fn should_render_empty_state(app: &App) -> bool {
@@ -2771,11 +2793,10 @@ mod tests {
     }
 
     #[test]
-    fn composer_border_does_not_render_session_title() {
+    fn composer_border_renders_session_title() {
         let mut app = create_test_app();
         app.composer_density = ComposerDensity::Comfortable;
-        app.session_title =
-            Some("hello could you please take a look at codewhale-tui and all changes".to_string());
+        app.session_title = Some("my-session".to_string());
         let slash_menu_entries = Vec::<SlashMenuEntry>::new();
         let mention_menu_entries = Vec::<String>::new();
         let widget = ComposerWidget::new(&app, 5, &slash_menu_entries, &mention_menu_entries);
@@ -2791,8 +2812,7 @@ mod tests {
         let rendered = buffer_text(&buf, area);
 
         assert!(rendered.contains("Composer"));
-        assert!(!rendered.contains("codewhale-tui"));
-        assert!(!rendered.contains("hello could you"));
+        assert!(rendered.contains("my-session"));
     }
 
     #[test]

From 228372935e467c0828f76cf3cfa21e2f36e884f7 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 18:45:36 -0500
Subject: [PATCH 013/283] chore(release): prepare v0.8.45

Harvested from PR #2118 by @Hmbown.

Includes Kimi/Moonshot OAuth, v0.8.45 release prep, the Codex/ChatGPT OAuth removal, open-source-first model defaults, and the safe green PR batch merged into main before the release branch refresh.
---
 CHANGELOG.md                          |  69 ++-
 Cargo.lock                            |  32 +-
 Cargo.toml                            |   2 +-
 README.md                             |  21 +-
 crates/agent/Cargo.toml               |   2 +-
 crates/agent/src/lib.rs               |  10 +-
 crates/app-server/Cargo.toml          |  23 +-
 crates/app-server/src/lib.rs          | 336 +++++++++++-
 crates/app-server/src/main.rs         |  15 +
 crates/cli/Cargo.toml                 |  14 +-
 crates/cli/src/lib.rs                 |  89 ++--
 crates/config/Cargo.toml              |   3 +-
 crates/config/src/lib.rs              | 255 +++++----
 crates/core/Cargo.toml                |  16 +-
 crates/execpolicy/Cargo.toml          |   2 +-
 crates/hooks/Cargo.toml               |   2 +-
 crates/tools/Cargo.toml               |   2 +-
 crates/tui/CHANGELOG.md               |  69 ++-
 crates/tui/Cargo.toml                 |   6 +-
 crates/tui/src/config.rs              |   2 +-
 crates/tui/src/main.rs                |  91 +++-
 crates/tui/src/palette.rs             | 712 +++++++++++++++++++-------
 crates/tui/src/pricing.rs             |  19 +
 crates/tui/src/runtime_threads.rs     |   8 +-
 crates/tui/src/session_manager.rs     |   8 +
 crates/tui/src/settings.rs            | 106 ----
 crates/tui/src/skills/install.rs      | 116 ++++-
 crates/tui/src/theme_qa_audit.rs      | 324 ++++++++++++
 crates/tui/src/tui/app.rs             |  30 +-
 crates/tui/src/tui/color_compat.rs    |   2 +-
 crates/tui/src/tui/command_palette.rs |  26 -
 crates/tui/src/tui/footer_ui.rs       |  62 +--
 crates/tui/src/tui/markdown_render.rs |   4 +-
 crates/tui/src/tui/mod.rs             |   1 -
 crates/tui/src/tui/session_picker.rs  |   1 +
 crates/tui/src/tui/ui.rs              | 108 +---
 crates/tui/src/tui/ui/tests.rs        |   1 +
 crates/tui/src/tui/views/mod.rs       |  22 -
 crates/tui/src/tui/voice_input.rs     | 127 -----
 crates/tui/tests/palette_audit.rs     |  50 +-
 docs/CONFIGURATION.md                 |  77 +--
 npm/codewhale/package.json            |   4 +-
 npm/deepseek-tui/package.json         |   2 +-
 web/app/[locale]/faq/page.tsx         |   6 +-
 44 files changed, 1879 insertions(+), 998 deletions(-)
 create mode 100644 crates/tui/src/theme_qa_audit.rs
 delete mode 100644 crates/tui/src/tui/voice_input.rs

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f6fda0e4..47c20bd9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,72 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.8.45] - 2026-05-25
+
+### Added
+
+- **RLM session objects.** `rlm_open` can now load `session://` refs,
+  exposing the active prompt, history, and session data as symbolic objects
+  inside RLM REPLs (#2047).
+- **Deterministic whale-species sub-agent names.** Sub-agents now get stable,
+  human-readable whale-species nicknames (e.g. "Beluga", "Orca") while
+  preserving the raw agent ID in the popup (#2035, #2016).
+- **`/balance` command scaffold.** Registered the `/balance` slash command
+  as a placeholder for future provider billing queries (#2035, #2019).
+- **Readable `/restore` snapshot labels.** Snapshot labels now include the
+  originating user prompt so restore listings are easier to identify. Thanks
+  @idling11 (#2111).
+- **Sidebar hover tooltips.** Truncated Work and Tasks sidebar lines now expose
+  their full text on hover. Thanks @idling11 (#2110).
+
+### Changed
+
+- **AGENTS.md is now maintainer-local.** The project instructions file no
+  longer ships as a tracked repo file; it lives in maintainer-local ignored
+  state (#2047).
+
+### Fixed
+
+- **Sub-agent completion handoff compatibility.** Completion handoffs now use a
+  chat-template-safe role and emit before terminal updates, fixing strict
+  OpenAI-compatible/self-hosted backends and preserving transcript ordering.
+  Thanks @h3c-hexin and @cyq1017 (#2057, #2120).
+- **Self-hosted context budgeting.** Sub-500K self-hosted model windows now keep
+  a usable input budget instead of disabling preflight compaction after output
+  reservation underflow. Thanks @h3c-hexin (#2060).
+- **Goal prompts start actionable.** Goal-start prompts now open in an
+  actionable state instead of requiring an extra nudge. Thanks @cyq1017
+  (#2097).
+- **Composer session title display.** The composer chrome shows the current
+  session title again and avoids grayscale luma overflow in debug builds.
+  Thanks @wdw8276 (#2108).
+- **Approval prompts use a one-step confirmation flow.** Enter now commits the
+  selected approval option directly, destructive warnings remain visible, and
+  abort cancels the active turn instead of only denying the current tool call.
+  Thanks @reidliu41 (#2143).
+- **Model picker selection survives Esc.** Dismissing the model picker with Esc
+  no longer loses the highlighted selection. Thanks @reidliu41 (#2056).
+- **Slash recovery no longer restores command tails in the composer.**
+  Resuming a session or recovering from a crash no longer leaves stale
+  slash-command text (e.g. `/sessions`) in the composer input (#2047, #2032).
+- **Remembered tool approvals now update the live active turn.**
+  When the "remember" checkbox is set on an approval dialog, the active
+  turn's auto-approve flag flips immediately instead of waiting for the
+  next turn. Thanks @gaord (#2047, #2041).
+- **YAML block scalars in SKILL.md frontmatter.** Multi-line descriptions
+  using `>` or `|` indicators are now parsed correctly — folded block
+  scalars join non-empty lines with spaces, literal scalars preserve
+  newlines, and all three chomping modes (strip/clip/keep) are supported.
+  Thanks @zlh124 (#1908, #1907).
+- **User messages highlighted in the transcript.** User-authored messages
+  now render with a full-row background in the live TUI transcript, making
+  it easier to scan prior turns. Assistant and system messages are
+  unaffected. Thanks @reidliu41 (#1995, #1672).
+- **Cancellable `list_dir` and `file_search`.** Long directory walks and
+  file searches now respond to user cancel/stop requests with a 30-second
+  fallback timeout, preventing the TUI from hanging on deep or slow
+  filesystems (#2035).
+
 ## [0.8.44] - 2026-05-24
 
 ### Added
@@ -4806,7 +4872,8 @@ Welcome — and thank you.
 - Hooks system and config profiles
 - Example skills and launch assets
 
-[Unreleased]: https://github.com/Hmbown/CodeWhale/compare/v0.8.44...HEAD
+[Unreleased]: https://github.com/Hmbown/CodeWhale/compare/v0.8.45...HEAD
+[0.8.45]: https://github.com/Hmbown/CodeWhale/compare/v0.8.44...v0.8.45
 [0.8.44]: https://github.com/Hmbown/CodeWhale/compare/v0.8.43...v0.8.44
 [0.8.43]: https://github.com/Hmbown/CodeWhale/compare/v0.8.42...v0.8.43
 [0.8.42]: https://github.com/Hmbown/CodeWhale/compare/v0.8.41...v0.8.42
diff --git a/Cargo.lock b/Cargo.lock
index 9da75e3b..e2d1ad83 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -803,7 +803,7 @@ checksum = "e9b18233253483ce2f65329a24072ec414db782531bdbb7d0bbc4bd2ce6b7e21"
 
 [[package]]
 name = "codewhale-agent"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "codewhale-config",
  "serde",
@@ -811,7 +811,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-app-server"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "axum",
@@ -827,13 +827,16 @@ dependencies = [
  "codewhale-tools",
  "serde",
  "serde_json",
+ "tempfile",
  "tokio",
+ "tower",
  "tower-http",
+ "uuid",
 ]
 
 [[package]]
 name = "codewhale-cli"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "chrono",
@@ -858,19 +861,20 @@ dependencies = [
 
 [[package]]
 name = "codewhale-config"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "codewhale-secrets",
  "dirs",
  "serde",
+ "serde_json",
  "toml 0.9.11+spec-1.1.0",
  "tracing",
 ]
 
 [[package]]
 name = "codewhale-core"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "chrono",
@@ -888,7 +892,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-execpolicy"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "codewhale-protocol",
@@ -897,7 +901,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-hooks"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -911,7 +915,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-mcp"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "serde",
@@ -920,7 +924,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-protocol"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "serde",
  "serde_json",
@@ -928,7 +932,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-secrets"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "dirs",
  "keyring",
@@ -941,7 +945,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-state"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "chrono",
@@ -953,7 +957,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-tools"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -966,7 +970,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-tui"
-version = "0.8.44"
+version = "0.8.45"
 dependencies = [
  "anyhow",
  "arboard",
@@ -1032,7 +1036,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-tui-core"
-version = "0.8.44"
+version = "0.8.45"
 
 [[package]]
 name = "colorchoice"
diff --git a/Cargo.toml b/Cargo.toml
index cee78462..78d560a0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,7 +19,7 @@ default-members = ["crates/cli", "crates/app-server", "crates/tui"]
 resolver = "2"
 
 [workspace.package]
-version = "0.8.44"
+version = "0.8.45"
 edition = "2024"
 # Rust 1.88 stabilized `let_chains` in `if`/`while` conditions, which the
 # codebase relies on extensively. Cargo enforces this so users on older
diff --git a/README.md b/README.md
index 58975408..411cf0c9 100644
--- a/README.md
+++ b/README.md
@@ -279,9 +279,13 @@ codewhale --provider novita --model deepseek/deepseek-v4-pro
 codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"
 codewhale --provider fireworks --model deepseek-v4-pro
 
+# Moonshot/Kimi
+codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"
+codewhale --provider moonshot --model kimi-k2.6
+
 # Generic OpenAI-compatible endpoint
 codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"
-OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model glm-5
+OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model deepseek-v4-pro
 
 # Self-hosted SGLang
 SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model deepseek-v4-flash
@@ -429,11 +433,6 @@ ACP workflows outside the built-in Zed slice.
 | `@path` | Attach file/directory context in composer |
 | `↑` (at composer start) | Select attachment row for removal |
 
-Voice input is available from the command palette (`Ctrl+K`, then search
-`Voice input`) after configuring `voice_input_command`; the helper
-records/transcribes audio, CodeWhale shows a listening status while it runs, and
-the final transcript is inserted into the composer for editing.
-
 Full shortcut catalog: [docs/KEYBINDINGS.md](docs/KEYBINDINGS.md).
 
 ---
@@ -467,14 +466,15 @@ Key environment variables:
 | `DEEPSEEK_HTTP_HEADERS` | Optional custom model request headers, e.g. `X-Model-Provider-Id=your-model-provider` |
 | `DEEPSEEK_MODEL` | Default model |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | Stream idle timeout in seconds, default `300`, clamped to `1..=3600` |
-| `DEEPSEEK_PROVIDER` | `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `sglang`, `vllm`, `ollama` |
+| `DEEPSEEK_PROVIDER` | `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
 | `DEEPSEEK_PROFILE` | Config profile name |
 | `DEEPSEEK_MEMORY` | Set to `on` to enable user memory |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | Allow non-local `http://` API base URLs on trusted networks |
-| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
+| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | Generic OpenAI-compatible endpoint and model ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud endpoint and model override |
 | `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Wanjie Ark endpoint and model override |
+| `MOONSHOT_BASE_URL` / `KIMI_BASE_URL` / `MOONSHOT_MODEL` / `KIMI_MODEL` | Moonshot/Kimi endpoint and model override |
 | `OPENROUTER_BASE_URL` | OpenRouter endpoint override |
 | `NOVITA_BASE_URL` | Novita endpoint override |
 | `FIREWORKS_BASE_URL` | Fireworks endpoint override |
@@ -604,7 +604,7 @@ This project ships with help from a growing community of contributors:
 - **[zichen0116](https://github.com/zichen0116)** — CODE_OF_CONDUCT.md (#686)
 - **[dfwqdyl-ui](https://github.com/dfwqdyl-ui)** — model ID case-sensitivity compatibility report (#729)
 - **[Oliver-ZPLiu](https://github.com/Oliver-ZPLiu)** — stale `working...` state bug report, Windows clipboard fallback, MCP Streamable HTTP session fixes, and Homebrew tap automation (#738, #850, #1643, #1631)
-- **[reidliu41](https://github.com/reidliu41)** — resume hint, workspace trust persistence, Ollama provider support, thinking-block stream finalization, CI cache hardening, streaming wrap, DeepSeek model completions, and help picker selection polish (#863, #870, #921, #1078, #1603, #1628, #1601, #1964)
+- **[reidliu41](https://github.com/reidliu41)** — resume hint, workspace trust persistence, Ollama provider support, thinking-block stream finalization, CI cache hardening, streaming wrap, DeepSeek model completions, help picker selection polish, and transcript user-message highlighting (#863, #870, #921, #1078, #1603, #1628, #1601, #1964, #1995)
 - **[cyq1017](https://github.com/cyq1017)** — Unicode `git_status` paths, local/configured skill discovery, and mode-switch toast dedupe (#1953, #1956, #1957)
 - **[xieshutao](https://github.com/xieshutao)** — plain Markdown skill fallback (#869)
 - **[GK012](https://github.com/GK012)** — npm wrapper `--version` fallback (#885)
@@ -637,7 +637,7 @@ This project ships with help from a growing community of contributors:
 - **[mdrkrg](https://github.com/mdrkrg)** — first-run onboarding crash fix when the API key is missing (#1598)
 - **[Aitensa](https://github.com/Aitensa)** — CJK wrapping propagation for diff and pager output (#1622)
 - **[qiyan233](https://github.com/qiyan233)** — legacy DeepSeek CN provider alias compatibility (#1645)
-- **[zlh124](https://github.com/zlh124)** — WSL2/headless startup report and clipboard-init fix (#1772, #1773)
+- **[zlh124](https://github.com/zlh124)** — WSL2/headless startup report, clipboard-init fix, and YAML block-scalar frontmatter parsing (#1772, #1773, #1908)
 - **[aboimpinto](https://github.com/aboimpinto)** — Windows alt-screen logging, Home/End composer, and runtime log follow-ups (#1774, #1776, #1748, #1749, #1782, #1783)
 - **[LeoLin990405](https://github.com/LeoLin990405)** — provider model passthrough, reasoning replay, thinking-only turn, and Windows quoting fixes (#1740, #1743, #1742, #1744)
 - **[nightt5879](https://github.com/nightt5879)** — Ctrl+C prompt restore fix (#1764)
@@ -707,6 +707,7 @@ This project ships with help from a growing community of contributors:
 - **[xulongzhe](https://github.com/xulongzhe)** — issue-template and vision-boundary follow-ups (#1530, #1544)
 - **[YaYII](https://github.com/YaYII)** — trusted media path work (#1462)
 - **[47Cid](https://github.com/47Cid)** and **[Jafar Akhondali](https://github.com/JafarAkhondali)** — responsible security disclosures and hardening reports
+- **[gaord](https://github.com/gaord)** — approval-remember live-turn sync fix (#2041)
 
 ---
 
diff --git a/crates/agent/Cargo.toml b/crates/agent/Cargo.toml
index c6d4fd3f..dc402892 100644
--- a/crates/agent/Cargo.toml
+++ b/crates/agent/Cargo.toml
@@ -7,5 +7,5 @@ repository.workspace = true
 description = "Model/provider registry and fallback strategy for DeepSeek workspace architecture"
 
 [dependencies]
-codewhale-config = { path = "../config", version = "0.8.44" }
+codewhale-config = { path = "../config", version = "0.8.45" }
 serde.workspace = true
diff --git a/crates/agent/src/lib.rs b/crates/agent/src/lib.rs
index c20bb618..349951ce 100644
--- a/crates/agent/src/lib.rs
+++ b/crates/agent/src/lib.rs
@@ -74,18 +74,18 @@ impl Default for ModelRegistry {
                 supports_reasoning: true,
             },
             ModelInfo {
-                id: "gpt-4.1".to_string(),
+                id: "deepseek-v4-pro".to_string(),
                 provider: ProviderKind::Openai,
-                aliases: vec!["gpt4.1".to_string(), "gpt-4o".to_string()],
+                aliases: vec!["openai-compatible-deepseek-v4-pro".to_string()],
                 supports_tools: true,
                 supports_reasoning: true,
             },
             ModelInfo {
-                id: "gpt-4.1-mini".to_string(),
+                id: "deepseek-v4-flash".to_string(),
                 provider: ProviderKind::Openai,
-                aliases: vec!["gpt-4o-mini".to_string()],
+                aliases: vec!["openai-compatible-deepseek-v4-flash".to_string()],
                 supports_tools: true,
-                supports_reasoning: false,
+                supports_reasoning: true,
             },
             ModelInfo {
                 id: "deepseek-reasoner".to_string(),
diff --git a/crates/app-server/Cargo.toml b/crates/app-server/Cargo.toml
index dc87c887..d683abf4 100644
--- a/crates/app-server/Cargo.toml
+++ b/crates/app-server/Cargo.toml
@@ -10,16 +10,21 @@ description = "Codex-style app-server transport for DeepSeek workspace architect
 anyhow.workspace = true
 axum.workspace = true
 clap.workspace = true
-codewhale-agent = { path = "../agent", version = "0.8.44" }
-codewhale-config = { path = "../config", version = "0.8.44" }
-codewhale-core = { path = "../core", version = "0.8.44" }
-codewhale-execpolicy = { path = "../execpolicy", version = "0.8.44" }
-codewhale-hooks = { path = "../hooks", version = "0.8.44" }
-codewhale-mcp = { path = "../mcp", version = "0.8.44" }
-codewhale-protocol = { path = "../protocol", version = "0.8.44" }
-codewhale-state = { path = "../state", version = "0.8.44" }
-codewhale-tools = { path = "../tools", version = "0.8.44" }
+codewhale-agent = { path = "../agent", version = "0.8.45" }
+codewhale-config = { path = "../config", version = "0.8.45" }
+codewhale-core = { path = "../core", version = "0.8.45" }
+codewhale-execpolicy = { path = "../execpolicy", version = "0.8.45" }
+codewhale-hooks = { path = "../hooks", version = "0.8.45" }
+codewhale-mcp = { path = "../mcp", version = "0.8.45" }
+codewhale-protocol = { path = "../protocol", version = "0.8.45" }
+codewhale-state = { path = "../state", version = "0.8.45" }
+codewhale-tools = { path = "../tools", version = "0.8.45" }
 serde.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
 tower-http.workspace = true
+uuid.workspace = true
+
+[dev-dependencies]
+tempfile = "3.16"
+tower = "0.5"
diff --git a/crates/app-server/src/lib.rs b/crates/app-server/src/lib.rs
index e580ed32..a9fe4399 100644
--- a/crates/app-server/src/lib.rs
+++ b/crates/app-server/src/lib.rs
@@ -2,8 +2,11 @@ use std::net::SocketAddr;
 use std::path::PathBuf;
 use std::sync::Arc;
 
-use anyhow::Result;
-use axum::extract::State;
+use anyhow::{Result, bail};
+use axum::extract::{Request, State};
+use axum::http::{HeaderValue, Method, StatusCode, header};
+use axum::middleware::{self, Next};
+use axum::response::{IntoResponse, Response};
 use axum::routing::{get, post};
 use axum::{Json, Router};
 use codewhale_agent::ModelRegistry;
@@ -23,11 +26,25 @@ use serde_json::{Value, json};
 use tokio::io::{AsyncBufReadExt, AsyncWriteExt, BufReader};
 use tokio::sync::{Mutex, RwLock};
 use tower_http::cors::CorsLayer;
+use uuid::Uuid;
+
+const DEFAULT_CORS_ORIGINS: &[&str] = &[
+    "http://localhost",
+    "http://localhost:1420",
+    "http://localhost:3000",
+    "http://localhost:5173",
+    "http://127.0.0.1",
+    "http://127.0.0.1:1420",
+    "tauri://localhost",
+];
 
 #[derive(Debug, Clone)]
 pub struct AppServerOptions {
     pub listen: SocketAddr,
     pub config_path: Option<PathBuf>,
+    pub auth_token: Option<String>,
+    pub insecure_no_auth: bool,
+    pub cors_origins: Vec<String>,
 }
 
 #[derive(Clone)]
@@ -36,6 +53,7 @@ struct AppState {
     config: Arc<RwLock<codewhale_config::ConfigToml>>,
     runtime: Arc<Mutex<Runtime>>,
     registry: ModelRegistry,
+    auth_token: Option<String>,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -69,6 +87,12 @@ struct StdioDispatchResult {
     should_exit: bool,
 }
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+enum AppTransport {
+    Http,
+    Stdio,
+}
+
 #[derive(Debug, Deserialize)]
 struct ConfigGetParams {
     key: String,
@@ -92,26 +116,37 @@ struct ThreadMessageParams {
 }
 
 pub async fn run(options: AppServerOptions) -> Result<()> {
-    let state = build_state(options.config_path.clone())?;
-
-    let app = Router::new()
-        .route("/healthz", get(healthz))
-        .route("/thread", post(thread_handler))
-        .route("/app", post(app_handler))
-        .route("/prompt", post(prompt_handler))
-        .route("/tool", post(tool_handler))
-        .route("/jobs", get(jobs_handler))
-        .route("/mcp/startup", post(mcp_startup_handler))
-        .layer(CorsLayer::permissive())
-        .with_state(state);
+    let auth_token = resolve_auth_token(&options)?;
+    let state = build_state(options.config_path.clone(), auth_token)?;
+    let app = app_router(state, &options.cors_origins);
 
     let listener = tokio::net::TcpListener::bind(options.listen).await?;
     axum::serve(listener, app).await?;
     Ok(())
 }
 
+fn app_router(state: AppState, cors_origins: &[String]) -> Router {
+    let protected_routes = Router::new()
+        .route("/thread", post(thread_handler))
+        .route("/app", post(app_handler))
+        .route("/prompt", post(prompt_handler))
+        .route("/tool", post(tool_handler))
+        .route("/jobs", get(jobs_handler))
+        .route("/mcp/startup", post(mcp_startup_handler))
+        .route_layer(middleware::from_fn_with_state(
+            state.clone(),
+            require_app_server_token,
+        ));
+
+    Router::new()
+        .route("/healthz", get(healthz))
+        .merge(protected_routes)
+        .layer(cors_layer(cors_origins))
+        .with_state(state)
+}
+
 pub async fn run_stdio(config_path: Option<PathBuf>) -> Result<()> {
-    let state = build_state(config_path)?;
+    let state = build_state(config_path, None)?;
     let stdin = tokio::io::stdin();
     let stdout = tokio::io::stdout();
     let mut reader = BufReader::new(stdin).lines();
@@ -258,10 +293,10 @@ async fn app_handler(
     State(state): State<AppState>,
     Json(req): Json<AppRequest>,
 ) -> Json<AppResponse> {
-    Json(process_app_request(&state, req).await)
+    Json(process_app_request(&state, req, AppTransport::Http).await)
 }
 
-fn build_state(config_path: Option<PathBuf>) -> Result<AppState> {
+fn build_state(config_path: Option<PathBuf>, auth_token: Option<String>) -> Result<AppState> {
     let store = ConfigStore::load(config_path.clone())?;
     let config = store.config.clone();
     let registry = ModelRegistry::default();
@@ -294,9 +329,95 @@ fn build_state(config_path: Option<PathBuf>) -> Result<AppState> {
         config: Arc::new(RwLock::new(config)),
         runtime: Arc::new(Mutex::new(runtime)),
         registry,
+        auth_token,
     })
 }
 
+fn resolve_auth_token(options: &AppServerOptions) -> Result<Option<String>> {
+    let configured = options.auth_token.as_ref().map(|token| token.trim());
+    if let Some(token) = configured
+        && token.is_empty()
+    {
+        bail!("app-server auth token cannot be empty");
+    }
+
+    if options.insecure_no_auth {
+        if !options.listen.ip().is_loopback() {
+            bail!("refusing unauthenticated app-server bind on non-loopback address");
+        }
+        eprintln!("warning: app-server HTTP auth disabled by --insecure-no-auth");
+        return Ok(None);
+    }
+
+    let token = configured
+        .map(str::to_string)
+        .unwrap_or_else(|| format!("cwapp_{}", Uuid::new_v4().simple()));
+    if options.auth_token.is_some() {
+        eprintln!("app-server auth: bearer token required for HTTP routes.");
+    } else {
+        eprintln!("app-server auth: generated bearer token for this process.");
+        eprintln!("  Authorization: Bearer {token}");
+        eprintln!("  Pass --auth-token or set CODEWHALE_APP_SERVER_TOKEN for a stable token.");
+    }
+    Ok(Some(token))
+}
+
+fn cors_layer(extra_origins: &[String]) -> CorsLayer {
+    let mut origins: Vec<HeaderValue> = DEFAULT_CORS_ORIGINS
+        .iter()
+        .filter_map(|origin| HeaderValue::from_str(origin).ok())
+        .collect();
+    for raw in extra_origins {
+        let trimmed = raw.trim();
+        if trimmed.is_empty() {
+            continue;
+        }
+        match HeaderValue::from_str(trimmed) {
+            Ok(value) if !origins.contains(&value) => origins.push(value),
+            Ok(_) => {}
+            Err(err) => {
+                eprintln!("warning: ignoring invalid app-server CORS origin `{trimmed}`: {err}")
+            }
+        }
+    }
+
+    CorsLayer::new()
+        .allow_origin(origins)
+        .allow_methods([Method::GET, Method::POST, Method::OPTIONS])
+        .allow_headers([header::AUTHORIZATION, header::CONTENT_TYPE])
+}
+
+async fn require_app_server_token(
+    State(state): State<AppState>,
+    req: Request,
+    next: Next,
+) -> Response {
+    let Some(expected) = state.auth_token.as_deref() else {
+        return next.run(req).await;
+    };
+    let authorized = req
+        .headers()
+        .get(header::AUTHORIZATION)
+        .and_then(|value| value.to_str().ok())
+        .and_then(|raw| raw.strip_prefix("Bearer "))
+        .is_some_and(|token| token == expected);
+
+    if authorized {
+        next.run(req).await
+    } else {
+        (
+            StatusCode::UNAUTHORIZED,
+            Json(json!({
+                "error": {
+                    "message": "app-server bearer token required",
+                    "status": StatusCode::UNAUTHORIZED.as_u16(),
+                }
+            })),
+        )
+            .into_response()
+    }
+}
+
 fn params_or_object(params: Value) -> Value {
     if params.is_null() { json!({}) } else { params }
 }
@@ -585,7 +706,8 @@ async fn dispatch_stdio_request(
             }
         }
         "app/capabilities" => {
-            let response = process_app_request(state, AppRequest::Capabilities).await;
+            let response =
+                process_app_request(state, AppRequest::Capabilities, AppTransport::Stdio).await;
             StdioDispatchResult {
                 result: serde_json::to_value(response)
                     .map_err(|err| JsonRpcError::internal(err.to_string()))?,
@@ -594,7 +716,7 @@ async fn dispatch_stdio_request(
         }
         "app/request" => {
             let request: AppRequest = parse_params(params)?;
-            let response = process_app_request(state, request).await;
+            let response = process_app_request(state, request, AppTransport::Stdio).await;
             StdioDispatchResult {
                 result: serde_json::to_value(response)
                     .map_err(|err| JsonRpcError::internal(err.to_string()))?,
@@ -603,8 +725,12 @@ async fn dispatch_stdio_request(
         }
         "app/config/get" => {
             let parsed: ConfigGetParams = parse_params(params_or_object(params))?;
-            let response =
-                process_app_request(state, AppRequest::ConfigGet { key: parsed.key }).await;
+            let response = process_app_request(
+                state,
+                AppRequest::ConfigGet { key: parsed.key },
+                AppTransport::Stdio,
+            )
+            .await;
             StdioDispatchResult {
                 result: serde_json::to_value(response)
                     .map_err(|err| JsonRpcError::internal(err.to_string()))?,
@@ -619,6 +745,7 @@ async fn dispatch_stdio_request(
                     key: parsed.key,
                     value: parsed.value,
                 },
+                AppTransport::Stdio,
             )
             .await;
             StdioDispatchResult {
@@ -629,8 +756,12 @@ async fn dispatch_stdio_request(
         }
         "app/config/unset" => {
             let parsed: ConfigGetParams = parse_params(params_or_object(params))?;
-            let response =
-                process_app_request(state, AppRequest::ConfigUnset { key: parsed.key }).await;
+            let response = process_app_request(
+                state,
+                AppRequest::ConfigUnset { key: parsed.key },
+                AppTransport::Stdio,
+            )
+            .await;
             StdioDispatchResult {
                 result: serde_json::to_value(response)
                     .map_err(|err| JsonRpcError::internal(err.to_string()))?,
@@ -638,7 +769,8 @@ async fn dispatch_stdio_request(
             }
         }
         "app/config/list" => {
-            let response = process_app_request(state, AppRequest::ConfigList).await;
+            let response =
+                process_app_request(state, AppRequest::ConfigList, AppTransport::Stdio).await;
             StdioDispatchResult {
                 result: serde_json::to_value(response)
                     .map_err(|err| JsonRpcError::internal(err.to_string()))?,
@@ -646,7 +778,8 @@ async fn dispatch_stdio_request(
             }
         }
         "app/models" => {
-            let response = process_app_request(state, AppRequest::Models).await;
+            let response =
+                process_app_request(state, AppRequest::Models, AppTransport::Stdio).await;
             StdioDispatchResult {
                 result: serde_json::to_value(response)
                     .map_err(|err| JsonRpcError::internal(err.to_string()))?,
@@ -654,7 +787,8 @@ async fn dispatch_stdio_request(
             }
         }
         "app/thread_loaded_list" | "app/thread-loaded-list" => {
-            let response = process_app_request(state, AppRequest::ThreadLoadedList).await;
+            let response =
+                process_app_request(state, AppRequest::ThreadLoadedList, AppTransport::Stdio).await;
             StdioDispatchResult {
                 result: serde_json::to_value(response)
                     .map_err(|err| JsonRpcError::internal(err.to_string()))?,
@@ -685,7 +819,11 @@ async fn dispatch_stdio_request(
     Ok(outcome)
 }
 
-async fn process_app_request(state: &AppState, req: AppRequest) -> AppResponse {
+async fn process_app_request(
+    state: &AppState,
+    req: AppRequest,
+    transport: AppTransport,
+) -> AppResponse {
     match req {
         AppRequest::Capabilities => AppResponse {
             ok: true,
@@ -700,9 +838,13 @@ async fn process_app_request(state: &AppState, req: AppRequest) -> AppResponse {
         },
         AppRequest::ConfigGet { key } => {
             let cfg = state.config.read().await;
+            let value = match transport {
+                AppTransport::Http => cfg.get_display_value(&key),
+                AppTransport::Stdio => cfg.get_value(&key),
+            };
             AppResponse {
                 ok: true,
-                data: json!({ "key": key, "value": cfg.get_value(&key) }),
+                data: json!({ "key": key, "value": value }),
                 events: Vec::new(),
             }
         }
@@ -781,3 +923,141 @@ async fn persist_config(state: &AppState, config: codewhale_config::ConfigToml)
     store.config = config;
     store.save()
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use axum::body::{Body, to_bytes};
+    use codewhale_protocol::AppRequest;
+    use std::fs;
+    use tower::ServiceExt;
+
+    fn app_with_config(auth_token: Option<&str>) -> (Router, tempfile::TempDir) {
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let config_path = tmp.path().join("config.toml");
+        fs::write(&config_path, "api_key = \"sk-deepseek-secret\"\n").expect("write config");
+        let state = build_state(
+            Some(config_path),
+            auth_token.map(std::string::ToString::to_string),
+        )
+        .expect("state");
+        (app_router(state, &[]), tmp)
+    }
+
+    async fn response_body_json(response: Response) -> Value {
+        let bytes = to_bytes(response.into_body(), usize::MAX)
+            .await
+            .expect("body bytes");
+        serde_json::from_slice(&bytes).expect("json response")
+    }
+
+    #[tokio::test]
+    async fn http_app_routes_require_bearer_token_when_auth_enabled() {
+        let (app, _tmp) = app_with_config(Some("test-token"));
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .method(Method::POST)
+                    .uri("/app")
+                    .header(header::CONTENT_TYPE, "application/json")
+                    .body(Body::from(
+                        serde_json::to_vec(&AppRequest::ConfigGet {
+                            key: "api_key".to_string(),
+                        })
+                        .expect("request json"),
+                    ))
+                    .expect("request"),
+            )
+            .await
+            .expect("response");
+
+        assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
+    }
+
+    #[tokio::test]
+    async fn http_config_get_redacts_sensitive_values_after_auth() {
+        let (app, _tmp) = app_with_config(Some("test-token"));
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .method(Method::POST)
+                    .uri("/app")
+                    .header(header::AUTHORIZATION, "Bearer test-token")
+                    .header(header::CONTENT_TYPE, "application/json")
+                    .body(Body::from(
+                        serde_json::to_vec(&AppRequest::ConfigGet {
+                            key: "api_key".to_string(),
+                        })
+                        .expect("request json"),
+                    ))
+                    .expect("request"),
+            )
+            .await
+            .expect("response");
+
+        assert_eq!(response.status(), StatusCode::OK);
+        let body = response_body_json(response).await;
+        assert_eq!(body["data"]["value"], "sk-d***cret");
+    }
+
+    #[tokio::test]
+    async fn cors_does_not_allow_arbitrary_origins() {
+        let (app, _tmp) = app_with_config(Some("test-token"));
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .method(Method::GET)
+                    .uri("/healthz")
+                    .header(header::ORIGIN, "https://attacker.example")
+                    .body(Body::empty())
+                    .expect("request"),
+            )
+            .await
+            .expect("response");
+
+        assert_eq!(response.status(), StatusCode::OK);
+        assert!(
+            response
+                .headers()
+                .get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
+                .is_none()
+        );
+    }
+
+    #[test]
+    fn non_loopback_bind_without_auth_fails_fast() {
+        let options = AppServerOptions {
+            listen: "0.0.0.0:8787".parse().expect("socket addr"),
+            config_path: None,
+            auth_token: None,
+            insecure_no_auth: true,
+            cors_origins: Vec::new(),
+        };
+
+        let err = resolve_auth_token(&options).expect_err("non-loopback unauth should fail");
+        assert!(
+            err.to_string()
+                .contains("refusing unauthenticated app-server bind")
+        );
+    }
+
+    #[tokio::test]
+    async fn stdio_transport_keeps_raw_config_get_for_legacy_clients() {
+        let state = build_state(None, None).expect("state");
+        {
+            let mut cfg = state.config.write().await;
+            cfg.api_key = Some("sk-deepseek-secret".to_string());
+        }
+
+        let response = process_app_request(
+            &state,
+            AppRequest::ConfigGet {
+                key: "api_key".to_string(),
+            },
+            AppTransport::Stdio,
+        )
+        .await;
+
+        assert_eq!(response.data["value"], "sk-deepseek-secret");
+    }
+}
diff --git a/crates/app-server/src/main.rs b/crates/app-server/src/main.rs
index fef6b65d..9627746e 100644
--- a/crates/app-server/src/main.rs
+++ b/crates/app-server/src/main.rs
@@ -17,6 +17,12 @@ struct Cli {
     port: u16,
     #[arg(long)]
     config: Option<PathBuf>,
+    #[arg(long = "auth-token")]
+    auth_token: Option<String>,
+    #[arg(long, default_value_t = false)]
+    insecure_no_auth: bool,
+    #[arg(long = "cors-origin")]
+    cors_origin: Vec<String>,
 }
 
 #[tokio::main]
@@ -28,6 +34,15 @@ async fn main() -> Result<()> {
     run(AppServerOptions {
         listen,
         config_path: cli.config,
+        auth_token: cli.auth_token.or_else(app_server_token_from_env),
+        insecure_no_auth: cli.insecure_no_auth,
+        cors_origins: cli.cors_origin,
     })
     .await
 }
+
+fn app_server_token_from_env() -> Option<String> {
+    std::env::var("CODEWHALE_APP_SERVER_TOKEN")
+        .ok()
+        .or_else(|| std::env::var("DEEPSEEK_APP_SERVER_TOKEN").ok())
+}
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index 87ef1e74..1355ac04 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -25,13 +25,13 @@ path = "src/bin/deepseek_legacy_shim.rs"
 anyhow.workspace = true
 clap.workspace = true
 clap_complete.workspace = true
-codewhale-agent = { path = "../agent", version = "0.8.44" }
-codewhale-app-server = { path = "../app-server", version = "0.8.44" }
-codewhale-config = { path = "../config", version = "0.8.44" }
-codewhale-execpolicy = { path = "../execpolicy", version = "0.8.44" }
-codewhale-mcp = { path = "../mcp", version = "0.8.44" }
-codewhale-secrets = { path = "../secrets", version = "0.8.44" }
-codewhale-state = { path = "../state", version = "0.8.44" }
+codewhale-agent = { path = "../agent", version = "0.8.45" }
+codewhale-app-server = { path = "../app-server", version = "0.8.45" }
+codewhale-config = { path = "../config", version = "0.8.45" }
+codewhale-execpolicy = { path = "../execpolicy", version = "0.8.45" }
+codewhale-mcp = { path = "../mcp", version = "0.8.45" }
+codewhale-secrets = { path = "../secrets", version = "0.8.45" }
+codewhale-state = { path = "../state", version = "0.8.45" }
 chrono.workspace = true
 dirs.workspace = true
 serde.workspace = true
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 69afe196..2bd75181 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -182,7 +182,7 @@ working-tree diff. `export` only writes the current diff.
     Serve(TuiPassthroughArgs),
     /// Generate shell completions for the TUI binary.
     Completions(TuiPassthroughArgs),
-    /// Save a provider API key to the shared user config file.
+    /// Configure provider credentials.
     Login(LoginArgs),
     /// Remove saved authentication state.
     Logout,
@@ -259,16 +259,10 @@ struct TuiPassthroughArgs {
 
 #[derive(Debug, Args)]
 struct LoginArgs {
-    #[arg(long, value_enum, default_value_t = ProviderArg::Deepseek, hide = true)]
-    provider: ProviderArg,
+    #[arg(long, value_enum, hide = true)]
+    provider: Option<ProviderArg>,
     #[arg(long)]
     api_key: Option<String>,
-    #[arg(long, default_value_t = false, hide = true)]
-    chatgpt: bool,
-    #[arg(long, default_value_t = false, hide = true)]
-    device_code: bool,
-    #[arg(long, hide = true)]
-    token: Option<String>,
 }
 
 #[derive(Debug, Args)]
@@ -428,6 +422,12 @@ struct AppServerArgs {
     port: u16,
     #[arg(long)]
     config: Option<PathBuf>,
+    #[arg(long = "auth-token")]
+    auth_token: Option<String>,
+    #[arg(long, default_value_t = false)]
+    insecure_no_auth: bool,
+    #[arg(long = "cors-origin")]
+    cors_origin: Vec<String>,
     #[arg(long, default_value_t = false)]
     stdio: bool,
 }
@@ -654,38 +654,9 @@ fn run_login_command_with_secrets(
     args: LoginArgs,
     secrets: &Secrets,
 ) -> Result<()> {
-    let provider: ProviderKind = args.provider.into();
+    let provider: ProviderKind = args.provider.unwrap_or(ProviderArg::Deepseek).into();
     store.config.provider = provider;
 
-    if args.chatgpt {
-        let token = match args.token {
-            Some(token) => token,
-            None => read_api_key_from_stdin()?,
-        };
-        store.config.auth_mode = Some("chatgpt".to_string());
-        store.config.chatgpt_access_token = Some(token);
-        store.config.device_code_session = None;
-        store.save()?;
-        println!("logged in using chatgpt token mode ({})", provider.as_str());
-        return Ok(());
-    }
-
-    if args.device_code {
-        let token = match args.token {
-            Some(token) => token,
-            None => read_api_key_from_stdin()?,
-        };
-        store.config.auth_mode = Some("device_code".to_string());
-        store.config.device_code_session = Some(token);
-        store.config.chatgpt_access_token = None;
-        store.save()?;
-        println!(
-            "logged in using device code session mode ({})",
-            provider.as_str()
-        );
-        return Ok(());
-    }
-
     let api_key = match args.api_key {
         Some(v) => v,
         None => read_api_key_from_stdin()?,
@@ -721,8 +692,6 @@ fn run_logout_command_with_secrets(store: &mut ConfigStore, secrets: &Secrets) -
     }
     clear_provider_api_key_from_keyring(secrets, active_provider);
     store.config.auth_mode = None;
-    store.config.chatgpt_access_token = None;
-    store.config.device_code_session = None;
     store.save()?;
     println!("logged out");
     Ok(())
@@ -909,6 +878,10 @@ fn auth_status_lines(store: &ConfigStore, secrets: &Secrets) -> Vec<String> {
 
     vec![
         format!("provider: {}", provider.as_str()),
+        format!(
+            "auth mode: {}",
+            store.config.auth_mode.as_deref().unwrap_or("api_key")
+        ),
         format!("active source: {active_label}"),
         "lookup order: config -> secret store -> env".to_string(),
         format!(
@@ -1317,9 +1290,18 @@ fn run_app_server_command(args: AppServerArgs) -> Result<()> {
     runtime.block_on(run_app_server(AppServerOptions {
         listen,
         config_path: args.config,
+        auth_token: args.auth_token.or_else(app_server_token_from_env),
+        insecure_no_auth: args.insecure_no_auth,
+        cors_origins: args.cors_origin,
     }))
 }
 
+fn app_server_token_from_env() -> Option<String> {
+    std::env::var("CODEWHALE_APP_SERVER_TOKEN")
+        .ok()
+        .or_else(|| std::env::var("DEEPSEEK_APP_SERVER_TOKEN").ok())
+}
+
 fn run_mcp_server_command(store: &mut ConfigStore) -> Result<()> {
     let persisted = load_mcp_server_definitions(store);
     let updated = run_stdio_server(persisted)?;
@@ -1484,6 +1466,9 @@ fn build_tui_command(
     cmd.env("DEEPSEEK_MODEL", &resolved_runtime.model);
     cmd.env("DEEPSEEK_BASE_URL", &resolved_runtime.base_url);
     cmd.env("DEEPSEEK_PROVIDER", resolved_runtime.provider.as_str());
+    if let Some(auth_mode) = resolved_runtime.auth_mode.as_ref() {
+        cmd.env("DEEPSEEK_AUTH_MODE", auth_mode);
+    }
     if !resolved_runtime.http_headers.is_empty() {
         let encoded = resolved_runtime
             .http_headers
@@ -2040,11 +2025,8 @@ mod tests {
         run_login_command_with_secrets(
             &mut store,
             LoginArgs {
-                provider: ProviderArg::Deepseek,
+                provider: Some(ProviderArg::Deepseek),
                 api_key: Some("sk-test".to_string()),
-                chatgpt: false,
-                device_code: false,
-                token: None,
             },
             &secrets,
         )
@@ -2566,7 +2548,7 @@ mod tests {
             "--profile",
             "work",
             "--model",
-            "gpt-4.1",
+            "deepseek-v4-pro",
             "--output-mode",
             "json",
             "--log-level",
@@ -2578,7 +2560,7 @@ mod tests {
             "--sandbox-mode",
             "workspace-write",
             "--base-url",
-            "https://api.openai.com/v1",
+            "https://openai-compatible.example/v1",
             "--api-key",
             "sk-test",
             "--workspace",
@@ -2588,19 +2570,22 @@ mod tests {
             "--skip-onboarding",
             "model",
             "resolve",
-            "gpt-4.1",
+            "deepseek-v4-pro",
         ]);
 
         assert!(matches!(cli.provider, Some(ProviderArg::Openai)));
         assert_eq!(cli.config, Some(PathBuf::from("/tmp/deepseek.toml")));
         assert_eq!(cli.profile.as_deref(), Some("work"));
-        assert_eq!(cli.model.as_deref(), Some("gpt-4.1"));
+        assert_eq!(cli.model.as_deref(), Some("deepseek-v4-pro"));
         assert_eq!(cli.output_mode.as_deref(), Some("json"));
         assert_eq!(cli.log_level.as_deref(), Some("debug"));
         assert_eq!(cli.telemetry, Some(true));
         assert_eq!(cli.approval_policy.as_deref(), Some("on-request"));
         assert_eq!(cli.sandbox_mode.as_deref(), Some("workspace-write"));
-        assert_eq!(cli.base_url.as_deref(), Some("https://api.openai.com/v1"));
+        assert_eq!(
+            cli.base_url.as_deref(),
+            Some("https://openai-compatible.example/v1")
+        );
         assert_eq!(cli.api_key.as_deref(), Some("sk-test"));
         assert_eq!(cli.workspace, Some(PathBuf::from("/tmp/workspace")));
         assert!(cli.no_alt_screen);
@@ -2668,6 +2653,10 @@ mod tests {
             command_env(&cmd, "DEEPSEEK_API_KEY_SOURCE").as_deref(),
             Some("keyring")
         );
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_AUTH_MODE").as_deref(),
+            Some("api_key")
+        );
         let args: Vec<String> = cmd
             .get_args()
             .map(|arg| arg.to_string_lossy().into_owned())
diff --git a/crates/config/Cargo.toml b/crates/config/Cargo.toml
index 2d9ea522..912d5ed8 100644
--- a/crates/config/Cargo.toml
+++ b/crates/config/Cargo.toml
@@ -8,8 +8,9 @@ description = "Config schema and precedence model for DeepSeek workspace archite
 
 [dependencies]
 anyhow.workspace = true
-codewhale-secrets = { path = "../secrets", version = "0.8.44" }
+codewhale-secrets = { path = "../secrets", version = "0.8.45" }
 dirs.workspace = true
 serde.workspace = true
+serde_json.workspace = true
 toml.workspace = true
 tracing.workspace = true
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index c1adc8da..576de517 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -17,7 +17,7 @@ pub const CONFIG_FILE_NAME: &str = "config.toml";
 const DEFAULT_DEEPSEEK_MODEL: &str = "deepseek-v4-pro";
 const DEFAULT_NVIDIA_NIM_MODEL: &str = "deepseek-ai/deepseek-v4-pro";
 const DEFAULT_NVIDIA_NIM_FLASH_MODEL: &str = "deepseek-ai/deepseek-v4-flash";
-const DEFAULT_OPENAI_MODEL: &str = "gpt-4.1";
+const DEFAULT_OPENAI_MODEL: &str = "deepseek-v4-pro";
 const DEFAULT_DEEPSEEK_BASE_URL: &str = "https://api.deepseek.com/beta";
 const DEFAULT_NVIDIA_NIM_BASE_URL: &str = "https://integrate.api.nvidia.com/v1";
 const DEFAULT_OPENAI_BASE_URL: &str = "https://api.openai.com/v1";
@@ -58,6 +58,7 @@ pub enum ProviderKind {
     )]
     Deepseek,
     NvidiaNim,
+    #[serde(alias = "open-ai")]
     Openai,
     Atlascloud,
     #[serde(
@@ -210,8 +211,6 @@ pub struct ConfigToml {
     pub provider: ProviderKind,
     pub model: Option<String>,
     pub auth_mode: Option<String>,
-    pub chatgpt_access_token: Option<String>,
-    pub device_code_session: Option<String>,
     pub output_mode: Option<String>,
     pub log_level: Option<String>,
     pub telemetry: Option<bool>,
@@ -343,91 +342,61 @@ pub struct LspConfigToml {
 }
 
 impl ConfigToml {
-    /// Merge project-level overrides from `$WORKSPACE/.deepseek/config.toml`.
-    /// Only populated fields in `project` are applied; everything else
-    /// keeps its global value. Provider-specific sub-tables are merged
-    /// field-by-field so a project can set just `providers.deepseek.model`
-    /// without needing to repeat `api_key` or `base_url`.
+    /// Merge safe project-level overrides from `$WORKSPACE/.codewhale/config.toml`
+    /// or legacy `$WORKSPACE/.deepseek/config.toml`.
+    ///
+    /// Repo-local config is untrusted input. This helper intentionally ignores
+    /// credentials, endpoints, provider selection, auth/session values, telemetry,
+    /// network policy, skill registry, LSP command tables, and unknown extras.
+    /// Approval and sandbox values may only tighten the existing user/global
+    /// posture.
     pub fn merge_project_overrides(&mut self, project: ConfigToml) {
-        // Check provider override condition before moving fields.
-        let has_api_key = project.api_key.is_some();
-
-        // Top-level scalar fields: apply when the project has a value.
-        if has_api_key {
-            self.api_key = project.api_key;
-        }
-        if project.base_url.is_some() {
-            self.base_url = project.base_url;
-        }
-        if !project.http_headers.is_empty() {
-            self.http_headers = project.http_headers;
-        }
         if project.default_text_model.is_some() {
             self.default_text_model = project.default_text_model;
         }
         if project.model.is_some() {
             self.model = project.model;
         }
-        if project.auth_mode.is_some() {
-            self.auth_mode = project.auth_mode;
-        }
         if project.output_mode.is_some() {
             self.output_mode = project.output_mode;
         }
-        if project.telemetry.is_some() {
-            self.telemetry = project.telemetry;
+        if project.log_level.is_some() {
+            self.log_level = project.log_level;
         }
-        if project.approval_policy.is_some() {
-            self.approval_policy = project.approval_policy;
+        if let Some(policy) = project.approval_policy
+            && project_approval_policy_is_allowed(self.approval_policy.as_deref(), &policy)
+        {
+            self.approval_policy = Some(policy);
         }
-        if project.sandbox_mode.is_some() {
-            self.sandbox_mode = project.sandbox_mode;
-        }
-        // Provider is only overridden if explicitly set (non-default).
-        if project.provider != ProviderKind::Deepseek || has_api_key {
-            self.provider = project.provider;
+        if let Some(mode) = project.sandbox_mode
+            && project_sandbox_mode_is_allowed(self.sandbox_mode.as_deref(), &mode)
+        {
+            self.sandbox_mode = Some(mode);
         }
 
-        // Merge provider sub-tables field-by-field.
-        merge_provider_config(&mut self.providers.deepseek, &project.providers.deepseek);
-        merge_provider_config(
+        merge_project_provider_config(&mut self.providers.deepseek, &project.providers.deepseek);
+        merge_project_provider_config(
             &mut self.providers.nvidia_nim,
             &project.providers.nvidia_nim,
         );
-        merge_provider_config(&mut self.providers.openai, &project.providers.openai);
-        merge_provider_config(
+        merge_project_provider_config(&mut self.providers.openai, &project.providers.openai);
+        merge_project_provider_config(
             &mut self.providers.atlascloud,
             &project.providers.atlascloud,
         );
-        merge_provider_config(
+        merge_project_provider_config(
             &mut self.providers.wanjie_ark,
             &project.providers.wanjie_ark,
         );
-        merge_provider_config(
+        merge_project_provider_config(
             &mut self.providers.openrouter,
             &project.providers.openrouter,
         );
-        merge_provider_config(&mut self.providers.novita, &project.providers.novita);
-        merge_provider_config(&mut self.providers.fireworks, &project.providers.fireworks);
-        merge_provider_config(&mut self.providers.sglang, &project.providers.sglang);
-        merge_provider_config(&mut self.providers.vllm, &project.providers.vllm);
-        merge_provider_config(&mut self.providers.ollama, &project.providers.ollama);
-
-        if project.network.is_some() {
-            self.network = project.network;
-        }
-        if project.skills.is_some() {
-            self.skills = project.skills;
-        }
-        if project.snapshots.is_some() {
-            self.snapshots = project.snapshots;
-        }
-        if project.lsp.is_some() {
-            self.lsp = project.lsp;
-        }
-        for (k, v) in project.extras {
-            self.extras.insert(k, v);
-        }
+        merge_project_provider_config(&mut self.providers.novita, &project.providers.novita);
+        merge_project_provider_config(&mut self.providers.fireworks, &project.providers.fireworks);
+        merge_project_provider_config(&mut self.providers.sglang, &project.providers.sglang);
+        merge_project_provider_config(&mut self.providers.vllm, &project.providers.vllm);
+        merge_project_provider_config(&mut self.providers.ollama, &project.providers.ollama);
     }
 
     #[must_use]
@@ -440,8 +409,6 @@ impl ConfigToml {
             "default_text_model" => self.default_text_model.clone(),
             "model" => self.model.clone(),
             "auth.mode" => self.auth_mode.clone(),
-            "auth.chatgpt_access_token" => self.chatgpt_access_token.clone(),
-            "auth.device_code_session" => self.device_code_session.clone(),
             "output_mode" => self.output_mode.clone(),
             "log_level" => self.log_level.clone(),
             "telemetry" => self.telemetry.map(|v| v.to_string()),
@@ -540,8 +507,6 @@ impl ConfigToml {
             "default_text_model" => self.default_text_model = Some(value.to_string()),
             "model" => self.model = Some(value.to_string()),
             "auth.mode" => self.auth_mode = Some(value.to_string()),
-            "auth.chatgpt_access_token" => self.chatgpt_access_token = Some(value.to_string()),
-            "auth.device_code_session" => self.device_code_session = Some(value.to_string()),
             "output_mode" => self.output_mode = Some(value.to_string()),
             "log_level" => self.log_level = Some(value.to_string()),
             "telemetry" => {
@@ -700,8 +665,6 @@ impl ConfigToml {
             "default_text_model" => self.default_text_model = None,
             "model" => self.model = None,
             "auth.mode" => self.auth_mode = None,
-            "auth.chatgpt_access_token" => self.chatgpt_access_token = None,
-            "auth.device_code_session" => self.device_code_session = None,
             "output_mode" => self.output_mode = None,
             "log_level" => self.log_level = None,
             "telemetry" => self.telemetry = None,
@@ -795,12 +758,6 @@ impl ConfigToml {
         if let Some(v) = self.auth_mode.as_ref() {
             out.insert("auth.mode".to_string(), v.clone());
         }
-        if let Some(v) = self.chatgpt_access_token.as_ref() {
-            out.insert("auth.chatgpt_access_token".to_string(), redact_secret(v));
-        }
-        if let Some(v) = self.device_code_session.as_ref() {
-            out.insert("auth.device_code_session".to_string(), redact_secret(v));
-        }
         if let Some(v) = self.output_mode.as_ref() {
             out.insert("output_mode".to_string(), v.clone());
         }
@@ -1137,18 +1094,57 @@ impl ConfigToml {
     }
 }
 
-fn merge_provider_config(target: &mut ProviderConfigToml, source: &ProviderConfigToml) {
-    if source.api_key.is_some() {
-        target.api_key = source.api_key.clone();
-    }
-    if source.base_url.is_some() {
-        target.base_url = source.base_url.clone();
-    }
+fn merge_project_provider_config(target: &mut ProviderConfigToml, source: &ProviderConfigToml) {
     if source.model.is_some() {
         target.model = source.model.clone();
     }
-    if !source.http_headers.is_empty() {
-        target.http_headers = source.http_headers.clone();
+}
+
+#[must_use]
+pub fn project_approval_policy_is_allowed(current: Option<&str>, project: &str) -> bool {
+    let Some(project_rank) = approval_policy_rank(project) else {
+        return false;
+    };
+    match current.and_then(approval_policy_rank) {
+        Some(current_rank) => project_rank >= current_rank,
+        None => project_rank >= 2,
+    }
+}
+
+#[must_use]
+pub fn project_sandbox_mode_is_allowed(current: Option<&str>, project: &str) -> bool {
+    let normalized_project = project.trim().to_ascii_lowercase();
+    if normalized_project == "external-sandbox" {
+        return current
+            .map(|value| value.trim().eq_ignore_ascii_case("external-sandbox"))
+            .unwrap_or(false);
+    }
+
+    let Some(project_rank) = sandbox_mode_rank(project) else {
+        return false;
+    };
+    match current.and_then(sandbox_mode_rank) {
+        Some(current_rank) => project_rank >= current_rank,
+        None => project_rank >= 2,
+    }
+}
+
+fn approval_policy_rank(value: &str) -> Option<u8> {
+    match value.trim().to_ascii_lowercase().as_str() {
+        "auto" => Some(0),
+        "suggest" | "suggested" | "on-request" | "untrusted" => Some(1),
+        "never" | "deny" | "denied" => Some(2),
+        _ => None,
+    }
+}
+
+fn sandbox_mode_rank(value: &str) -> Option<u8> {
+    match value.trim().to_ascii_lowercase().as_str() {
+        "danger-full-access" => Some(0),
+        "external-sandbox" => Some(0),
+        "workspace-write" => Some(1),
+        "read-only" => Some(2),
+        _ => None,
     }
 }
 
@@ -1686,10 +1682,7 @@ fn redact_secret(secret: &str) -> String {
 
 #[must_use]
 pub fn is_sensitive_config_key(key: &str) -> bool {
-    matches!(
-        key,
-        "api_key" | "auth.chatgpt_access_token" | "auth.device_code_session"
-    ) || key.ends_with(".api_key")
+    key == "api_key" || key.ends_with(".api_key")
 }
 
 fn normalize_config_file_path(path: PathBuf) -> Result<PathBuf> {
@@ -2344,7 +2337,6 @@ mod tests {
     fn get_display_value_redacts_sensitive_keys() {
         let mut config = ConfigToml {
             api_key: Some("sk-deepseek-secret".to_string()),
-            chatgpt_access_token: Some("chatgpt-access-secret".to_string()),
             ..ConfigToml::default()
         };
         config.providers.openrouter.api_key = Some("openrouter-secret-value".to_string());
@@ -2354,12 +2346,6 @@ mod tests {
             config.get_display_value("api_key").as_deref(),
             Some("sk-d***cret")
         );
-        assert_eq!(
-            config
-                .get_display_value("auth.chatgpt_access_token")
-                .as_deref(),
-            Some("chat***cret")
-        );
         assert_eq!(
             config
                 .get_display_value("providers.openrouter.api_key")
@@ -2372,6 +2358,87 @@ mod tests {
         );
     }
 
+    #[test]
+    fn project_merge_denies_credentials_endpoints_and_provider_selection() {
+        let mut base = ConfigToml {
+            provider: ProviderKind::Deepseek,
+            api_key: Some("user-key".to_string()),
+            base_url: Some("https://api.deepseek.com".to_string()),
+            default_text_model: Some("deepseek-v4-flash".to_string()),
+            ..ConfigToml::default()
+        };
+        base.providers.openrouter.api_key = Some("user-openrouter-key".to_string());
+
+        let mut project = ConfigToml {
+            provider: ProviderKind::Openrouter,
+            api_key: Some("attacker-key".to_string()),
+            base_url: Some("https://evil.example/v1".to_string()),
+            default_text_model: Some("deepseek-v4-pro".to_string()),
+            auth_mode: Some("oauth".to_string()),
+            telemetry: Some(true),
+            ..ConfigToml::default()
+        };
+        project.providers.openrouter.api_key = Some("attacker-openrouter-key".to_string());
+        project.providers.openrouter.base_url = Some("https://evil.example/openrouter".to_string());
+        project.providers.openrouter.model = Some("deepseek/deepseek-v4-pro".to_string());
+
+        base.merge_project_overrides(project);
+
+        assert_eq!(base.provider, ProviderKind::Deepseek);
+        assert_eq!(base.api_key.as_deref(), Some("user-key"));
+        assert_eq!(base.base_url.as_deref(), Some("https://api.deepseek.com"));
+        assert_eq!(base.auth_mode, None);
+        assert_eq!(base.telemetry, None);
+        assert_eq!(
+            base.providers.openrouter.api_key.as_deref(),
+            Some("user-openrouter-key")
+        );
+        assert_eq!(base.providers.openrouter.base_url, None);
+        assert_eq!(base.default_text_model.as_deref(), Some("deepseek-v4-pro"));
+        assert_eq!(
+            base.providers.openrouter.model.as_deref(),
+            Some("deepseek/deepseek-v4-pro")
+        );
+    }
+
+    #[test]
+    fn project_merge_only_tightens_approval_and_sandbox_policy() {
+        let mut strict = ConfigToml {
+            approval_policy: Some("never".to_string()),
+            sandbox_mode: Some("read-only".to_string()),
+            ..ConfigToml::default()
+        };
+        strict.merge_project_overrides(ConfigToml {
+            approval_policy: Some("on-request".to_string()),
+            sandbox_mode: Some("workspace-write".to_string()),
+            ..ConfigToml::default()
+        });
+        assert_eq!(strict.approval_policy.as_deref(), Some("never"));
+        assert_eq!(strict.sandbox_mode.as_deref(), Some("read-only"));
+
+        let mut permissive = ConfigToml {
+            approval_policy: Some("auto".to_string()),
+            sandbox_mode: Some("workspace-write".to_string()),
+            ..ConfigToml::default()
+        };
+        permissive.merge_project_overrides(ConfigToml {
+            approval_policy: Some("never".to_string()),
+            sandbox_mode: Some("read-only".to_string()),
+            ..ConfigToml::default()
+        });
+        assert_eq!(permissive.approval_policy.as_deref(), Some("never"));
+        assert_eq!(permissive.sandbox_mode.as_deref(), Some("read-only"));
+
+        let mut unset = ConfigToml::default();
+        unset.merge_project_overrides(ConfigToml {
+            approval_policy: Some("on-request".to_string()),
+            sandbox_mode: Some("workspace-write".to_string()),
+            ..ConfigToml::default()
+        });
+        assert_eq!(unset.approval_policy, None);
+        assert_eq!(unset.sandbox_mode, None);
+    }
+
     #[test]
     fn list_values_redacts_unicode_api_key_without_byte_slicing() {
         let config = ConfigToml {
diff --git a/crates/core/Cargo.toml b/crates/core/Cargo.toml
index debdf425..c9d602f4 100644
--- a/crates/core/Cargo.toml
+++ b/crates/core/Cargo.toml
@@ -9,13 +9,13 @@ description = "Core runtime boundaries for DeepSeek workspace architecture"
 [dependencies]
 anyhow.workspace = true
 chrono.workspace = true
-codewhale-agent = { path = "../agent", version = "0.8.44" }
-codewhale-config = { path = "../config", version = "0.8.44" }
-codewhale-execpolicy = { path = "../execpolicy", version = "0.8.44" }
-codewhale-hooks = { path = "../hooks", version = "0.8.44" }
-codewhale-mcp = { path = "../mcp", version = "0.8.44" }
-codewhale-protocol = { path = "../protocol", version = "0.8.44" }
-codewhale-state = { path = "../state", version = "0.8.44" }
-codewhale-tools = { path = "../tools", version = "0.8.44" }
+codewhale-agent = { path = "../agent", version = "0.8.45" }
+codewhale-config = { path = "../config", version = "0.8.45" }
+codewhale-execpolicy = { path = "../execpolicy", version = "0.8.45" }
+codewhale-hooks = { path = "../hooks", version = "0.8.45" }
+codewhale-mcp = { path = "../mcp", version = "0.8.45" }
+codewhale-protocol = { path = "../protocol", version = "0.8.45" }
+codewhale-state = { path = "../state", version = "0.8.45" }
+codewhale-tools = { path = "../tools", version = "0.8.45" }
 serde_json.workspace = true
 uuid.workspace = true
diff --git a/crates/execpolicy/Cargo.toml b/crates/execpolicy/Cargo.toml
index 669759c4..16b09697 100644
--- a/crates/execpolicy/Cargo.toml
+++ b/crates/execpolicy/Cargo.toml
@@ -8,5 +8,5 @@ description = "Execution policy and approval model parity for DeepSeek workspace
 
 [dependencies]
 anyhow.workspace = true
-codewhale-protocol = { path = "../protocol", version = "0.8.44" }
+codewhale-protocol = { path = "../protocol", version = "0.8.45" }
 serde.workspace = true
diff --git a/crates/hooks/Cargo.toml b/crates/hooks/Cargo.toml
index a39dc18f..4f657cd0 100644
--- a/crates/hooks/Cargo.toml
+++ b/crates/hooks/Cargo.toml
@@ -10,7 +10,7 @@ description = "Hook dispatch and notifications parity for DeepSeek workspace arc
 anyhow.workspace = true
 async-trait.workspace = true
 chrono.workspace = true
-codewhale-protocol = { path = "../protocol", version = "0.8.44" }
+codewhale-protocol = { path = "../protocol", version = "0.8.45" }
 reqwest.workspace = true
 serde.workspace = true
 serde_json.workspace = true
diff --git a/crates/tools/Cargo.toml b/crates/tools/Cargo.toml
index 9059c344..464ce47e 100644
--- a/crates/tools/Cargo.toml
+++ b/crates/tools/Cargo.toml
@@ -9,7 +9,7 @@ description = "Tool invocation lifecycle, schema validation, and scheduler paral
 [dependencies]
 anyhow.workspace = true
 async-trait.workspace = true
-codewhale-protocol = { path = "../protocol", version = "0.8.44" }
+codewhale-protocol = { path = "../protocol", version = "0.8.45" }
 serde.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md
index f6fda0e4..47c20bd9 100644
--- a/crates/tui/CHANGELOG.md
+++ b/crates/tui/CHANGELOG.md
@@ -7,6 +7,72 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.8.45] - 2026-05-25
+
+### Added
+
+- **RLM session objects.** `rlm_open` can now load `session://` refs,
+  exposing the active prompt, history, and session data as symbolic objects
+  inside RLM REPLs (#2047).
+- **Deterministic whale-species sub-agent names.** Sub-agents now get stable,
+  human-readable whale-species nicknames (e.g. "Beluga", "Orca") while
+  preserving the raw agent ID in the popup (#2035, #2016).
+- **`/balance` command scaffold.** Registered the `/balance` slash command
+  as a placeholder for future provider billing queries (#2035, #2019).
+- **Readable `/restore` snapshot labels.** Snapshot labels now include the
+  originating user prompt so restore listings are easier to identify. Thanks
+  @idling11 (#2111).
+- **Sidebar hover tooltips.** Truncated Work and Tasks sidebar lines now expose
+  their full text on hover. Thanks @idling11 (#2110).
+
+### Changed
+
+- **AGENTS.md is now maintainer-local.** The project instructions file no
+  longer ships as a tracked repo file; it lives in maintainer-local ignored
+  state (#2047).
+
+### Fixed
+
+- **Sub-agent completion handoff compatibility.** Completion handoffs now use a
+  chat-template-safe role and emit before terminal updates, fixing strict
+  OpenAI-compatible/self-hosted backends and preserving transcript ordering.
+  Thanks @h3c-hexin and @cyq1017 (#2057, #2120).
+- **Self-hosted context budgeting.** Sub-500K self-hosted model windows now keep
+  a usable input budget instead of disabling preflight compaction after output
+  reservation underflow. Thanks @h3c-hexin (#2060).
+- **Goal prompts start actionable.** Goal-start prompts now open in an
+  actionable state instead of requiring an extra nudge. Thanks @cyq1017
+  (#2097).
+- **Composer session title display.** The composer chrome shows the current
+  session title again and avoids grayscale luma overflow in debug builds.
+  Thanks @wdw8276 (#2108).
+- **Approval prompts use a one-step confirmation flow.** Enter now commits the
+  selected approval option directly, destructive warnings remain visible, and
+  abort cancels the active turn instead of only denying the current tool call.
+  Thanks @reidliu41 (#2143).
+- **Model picker selection survives Esc.** Dismissing the model picker with Esc
+  no longer loses the highlighted selection. Thanks @reidliu41 (#2056).
+- **Slash recovery no longer restores command tails in the composer.**
+  Resuming a session or recovering from a crash no longer leaves stale
+  slash-command text (e.g. `/sessions`) in the composer input (#2047, #2032).
+- **Remembered tool approvals now update the live active turn.**
+  When the "remember" checkbox is set on an approval dialog, the active
+  turn's auto-approve flag flips immediately instead of waiting for the
+  next turn. Thanks @gaord (#2047, #2041).
+- **YAML block scalars in SKILL.md frontmatter.** Multi-line descriptions
+  using `>` or `|` indicators are now parsed correctly — folded block
+  scalars join non-empty lines with spaces, literal scalars preserve
+  newlines, and all three chomping modes (strip/clip/keep) are supported.
+  Thanks @zlh124 (#1908, #1907).
+- **User messages highlighted in the transcript.** User-authored messages
+  now render with a full-row background in the live TUI transcript, making
+  it easier to scan prior turns. Assistant and system messages are
+  unaffected. Thanks @reidliu41 (#1995, #1672).
+- **Cancellable `list_dir` and `file_search`.** Long directory walks and
+  file searches now respond to user cancel/stop requests with a 30-second
+  fallback timeout, preventing the TUI from hanging on deep or slow
+  filesystems (#2035).
+
 ## [0.8.44] - 2026-05-24
 
 ### Added
@@ -4806,7 +4872,8 @@ Welcome — and thank you.
 - Hooks system and config profiles
 - Example skills and launch assets
 
-[Unreleased]: https://github.com/Hmbown/CodeWhale/compare/v0.8.44...HEAD
+[Unreleased]: https://github.com/Hmbown/CodeWhale/compare/v0.8.45...HEAD
+[0.8.45]: https://github.com/Hmbown/CodeWhale/compare/v0.8.44...v0.8.45
 [0.8.44]: https://github.com/Hmbown/CodeWhale/compare/v0.8.43...v0.8.44
 [0.8.43]: https://github.com/Hmbown/CodeWhale/compare/v0.8.42...v0.8.43
 [0.8.42]: https://github.com/Hmbown/CodeWhale/compare/v0.8.41...v0.8.42
diff --git a/crates/tui/Cargo.toml b/crates/tui/Cargo.toml
index 63720042..545eb5e8 100644
--- a/crates/tui/Cargo.toml
+++ b/crates/tui/Cargo.toml
@@ -27,9 +27,9 @@ path = "src/bin/deepseek_tui_legacy_shim.rs"
 [dependencies]
 anyhow = "1.0.100"
 arboard = "3.4"
-codewhale-config = { path = "../config", version = "0.8.44" }
-codewhale-secrets = { path = "../secrets", version = "0.8.44" }
-codewhale-tools = { path = "../tools", version = "0.8.44" }
+codewhale-config = { path = "../config", version = "0.8.45" }
+codewhale-secrets = { path = "../secrets", version = "0.8.45" }
+codewhale-tools = { path = "../tools", version = "0.8.45" }
 schemaui = { version = "0.12.0", default-features = false, optional = true }
 async-stream = "0.3.6"
 async-trait = "0.1"
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 12926b70..7e93e9d7 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -37,7 +37,7 @@ pub const DEFAULT_DEEPSEEK_BASE_URL: &str = "https://api.deepseek.com/beta";
 pub const DEFAULT_NVIDIA_NIM_MODEL: &str = "deepseek-ai/deepseek-v4-pro";
 pub const DEFAULT_NVIDIA_NIM_FLASH_MODEL: &str = "deepseek-ai/deepseek-v4-flash";
 pub const DEFAULT_NVIDIA_NIM_BASE_URL: &str = "https://integrate.api.nvidia.com/v1";
-pub const DEFAULT_OPENAI_MODEL: &str = "gpt-4.1";
+pub const DEFAULT_OPENAI_MODEL: &str = "deepseek-v4-pro";
 pub const DEFAULT_OPENAI_BASE_URL: &str = "https://api.openai.com/v1";
 pub const DEFAULT_ATLASCLOUD_MODEL: &str = "deepseek-ai/deepseek-v4-flash";
 pub const DEFAULT_ATLASCLOUD_BASE_URL: &str = "https://api.atlascloud.ai/v1";
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index c53cdaca..be286978 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -69,6 +69,7 @@ mod snapshot;
 mod task_manager;
 #[cfg(test)]
 mod test_support;
+mod theme_qa_audit;
 mod tools;
 mod tui;
 mod utils;
@@ -4661,41 +4662,49 @@ fn merge_project_config(config: &mut Config, workspace: &Path) {
 
     // String fields a project may legitimately override (model,
     // approval/sandbox tightening, notes path, reasoning effort).
-    // Loosening *values* like `approval_policy = "auto"` and
-    // `sandbox_mode = "danger-full-access"` are denied unconditionally
-    // — those are pure escalation regardless of the user's prior
-    // value. Sub-tightening comparisons (e.g. user `"never"` →
-    // project `"on-request"`) stay v0.8.9 follow-up because they
-    // need a richer ordering check.
     for (key, field) in [
         ("model", &mut config.default_text_model),
         ("reasoning_effort", &mut config.reasoning_effort),
-        ("approval_policy", &mut config.approval_policy),
-        ("sandbox_mode", &mut config.sandbox_mode),
         ("notes_path", &mut config.notes_path),
     ] {
         if let Some(v) = table.get(key).and_then(toml::Value::as_str)
             && !v.is_empty()
         {
-            // #417 escalation deny: project cannot push the session
-            // to the loosest values. Other strings flow through the
-            // existing config validator on load.
-            let is_escalation = matches!(
-                (key, v),
-                ("approval_policy", "auto") | ("sandbox_mode", "danger-full-access")
-            );
-            if is_escalation {
-                eprintln!(
-                    "warning: project-scope `{key} = \"{v}\"` is ignored — \
-                     project config cannot escalate to the loosest value. \
-                     (See #417.)"
-                );
-                continue;
-            }
             *field = Some(v.to_string());
         }
     }
 
+    if let Some(v) = table.get("approval_policy").and_then(toml::Value::as_str)
+        && !v.is_empty()
+    {
+        if codewhale_config::project_approval_policy_is_allowed(
+            config.approval_policy.as_deref(),
+            v,
+        ) {
+            config.approval_policy = Some(v.to_string());
+        } else {
+            eprintln!(
+                "warning: project-scope `approval_policy = \"{v}\"` is ignored — \
+                 project config can only tighten the user's approval policy. \
+                 (See #417.)"
+            );
+        }
+    }
+
+    if let Some(v) = table.get("sandbox_mode").and_then(toml::Value::as_str)
+        && !v.is_empty()
+    {
+        if codewhale_config::project_sandbox_mode_is_allowed(config.sandbox_mode.as_deref(), v) {
+            config.sandbox_mode = Some(v.to_string());
+        } else {
+            eprintln!(
+                "warning: project-scope `sandbox_mode = \"{v}\"` is ignored — \
+                 project config can only tighten the user's sandbox mode. \
+                 (See #417.)"
+            );
+        }
+    }
+
     // Numeric / bool fields that benefit from per-project overrides.
     if let Some(v) = table.get("max_subagents").and_then(toml::Value::as_integer)
         && v > 0
@@ -6299,6 +6308,42 @@ approval_policy = "auto"
         );
     }
 
+    #[test]
+    fn project_overlay_preserves_user_policy_when_project_tries_intermediate_loosening() {
+        let tmp = workspace_with_project_config(
+            r#"
+approval_policy = "on-request"
+sandbox_mode = "workspace-write"
+"#,
+        );
+        let mut config = Config {
+            approval_policy: Some("never".to_string()),
+            sandbox_mode: Some("read-only".to_string()),
+            ..Config::default()
+        };
+        merge_project_config(&mut config, tmp.path());
+        assert_eq!(config.approval_policy.as_deref(), Some("never"));
+        assert_eq!(config.sandbox_mode.as_deref(), Some("read-only"));
+    }
+
+    #[test]
+    fn project_overlay_can_tighten_user_policy() {
+        let tmp = workspace_with_project_config(
+            r#"
+approval_policy = "never"
+sandbox_mode = "read-only"
+"#,
+        );
+        let mut config = Config {
+            approval_policy: Some("on-request".to_string()),
+            sandbox_mode: Some("workspace-write".to_string()),
+            ..Config::default()
+        };
+        merge_project_config(&mut config, tmp.path());
+        assert_eq!(config.approval_policy.as_deref(), Some("never"));
+        assert_eq!(config.sandbox_mode.as_deref(), Some("read-only"));
+    }
+
     #[test]
     fn project_overlay_overrides_max_subagents_and_allow_shell() {
         let tmp = workspace_with_project_config(
diff --git a/crates/tui/src/palette.rs b/crates/tui/src/palette.rs
index 770308e9..2890804c 100644
--- a/crates/tui/src/palette.rs
+++ b/crates/tui/src/palette.rs
@@ -4,15 +4,57 @@ use ratatui::style::Color;
 #[cfg(target_os = "macos")]
 use std::process::Command;
 
-pub const DEEPSEEK_BLUE_RGB: (u8, u8, u8) = (53, 120, 229); // #3578E5
-pub const DEEPSEEK_SKY_RGB: (u8, u8, u8) = (106, 174, 242);
+// v0.8.45 Whale dark palette — refreshed ocean/navy identity.
+pub const WHALE_BG_RGB: (u8, u8, u8) = (13, 21, 37); // #0D1525 Deep Navy
+pub const WHALE_PANEL_RGB: (u8, u8, u8) = (19, 29, 48); // #131D30
+pub const WHALE_ELEVATED_RGB: (u8, u8, u8) = (26, 40, 64); // #1A2840
+pub const WHALE_SELECTION_RGB: (u8, u8, u8) = (30, 50, 82); // #1E3252
+pub const WHALE_TEXT_BODY_RGB: (u8, u8, u8) = (246, 242, 232); // #F6F2E8 Whale Ivory
+pub const WHALE_TEXT_SOFT_RGB: (u8, u8, u8) = (217, 224, 234); // #D9E0EA
+pub const WHALE_TEXT_MUTED_RGB: (u8, u8, u8) = (169, 180, 199); // #A9B4C7 Mist Gray
+pub const WHALE_TEXT_HINT_RGB: (u8, u8, u8) = (122, 134, 158); // #7A869E
+#[allow(dead_code)]
+pub const WHALE_TEXT_DIM_RGB: (u8, u8, u8) = (107, 120, 146); // #6B7892
+pub const WHALE_ACCENT_PRIMARY_RGB: (u8, u8, u8) = (246, 196, 83); // #F6C453 Signal Gold
+pub const WHALE_ACCENT_SECONDARY_RGB: (u8, u8, u8) = (79, 209, 197); // #4FD1C5 Seafoam
+pub const WHALE_ACCENT_ACTION_RGB: (u8, u8, u8) = (255, 122, 89); // #FF7A59 Coral Spark
+pub const WHALE_ERROR_RGB: (u8, u8, u8) = (255, 92, 122); // #FF5C7A Rose Red
+pub const WHALE_ERROR_HOVER_RGB: (u8, u8, u8) = (255, 120, 144); // #FF7890 Rose Hover
+pub const WHALE_ERROR_SURFACE_RGB: (u8, u8, u8) = (42, 18, 26); // #2A121A Error Surface
+pub const WHALE_ERROR_BORDER_RGB: (u8, u8, u8) = (255, 138, 160); // #FF8AA0 Error Border
+pub const WHALE_ERROR_TEXT_RGB: (u8, u8, u8) = (255, 214, 222); // #FFD6DE Error Text
+pub const WHALE_WARNING_RGB: (u8, u8, u8) = (240, 160, 48); // #F0A030
+pub const WHALE_SUCCESS_RGB: (u8, u8, u8) = (79, 209, 197); // #4FD1C5 Seafoam
+pub const WHALE_INFO_RGB: (u8, u8, u8) = (106, 174, 242); // #6AAEF2 Sky
+pub const WHALE_BORDER_RGB: (u8, u8, u8) = (42, 74, 127); // #2A4A7F
+pub const WHALE_REASONING_TEXT_RGB: (u8, u8, u8) = (224, 153, 72); // #E09948
+pub const WHALE_REASONING_SURFACE_RGB: (u8, u8, u8) = (42, 34, 24); // #2A2218
+pub const WHALE_REASONING_TINT_RGB: (u8, u8, u8) = (20, 30, 42); // #141E2A
+pub const WHALE_DIFF_ADDED_RGB: (u8, u8, u8) = (87, 199, 133); // #57C785
+#[allow(dead_code)]
+pub const WHALE_DIFF_DELETED_RGB: (u8, u8, u8) = (255, 92, 122); // #FF5C7A Rose Red
+pub const WHALE_DIFF_ADDED_BG_RGB: (u8, u8, u8) = (18, 42, 34); // #122A22
+pub const WHALE_DIFF_DELETED_BG_RGB: (u8, u8, u8) = (42, 18, 26); // #2A121A
+pub const WHALE_MODE_AGENT_RGB: (u8, u8, u8) = (80, 150, 255); // #5096FF
+pub const WHALE_MODE_YOLO_RGB: (u8, u8, u8) = (255, 100, 100); // #FF6464
+pub const WHALE_MODE_PLAN_RGB: (u8, u8, u8) = (246, 196, 83); // #F6C453 Signal Gold
+pub const WHALE_MODE_GOAL_RGB: (u8, u8, u8) = (100, 220, 160); // #64DCA0
+pub const WHALE_TOOL_LIVE_RGB: (u8, u8, u8) = (133, 184, 234); // #85B8EA
+pub const WHALE_TOOL_ISSUE_RGB: (u8, u8, u8) = (192, 143, 153); // #C08F99
+pub const WHALE_TOOL_OUTPUT_RGB: (u8, u8, u8) = (194, 208, 224); // #C2D0E0
+pub const WHALE_TOOL_SURFACE_RGB: (u8, u8, u8) = (24, 34, 53); // #182235
+pub const WHALE_TOOL_ACTIVE_RGB: (u8, u8, u8) = (31, 45, 69); // #1F2D45
+
+// Backward-compatible aliases for existing call sites.
+pub const DEEPSEEK_BLUE_RGB: (u8, u8, u8) = WHALE_ACCENT_PRIMARY_RGB;
+pub const DEEPSEEK_SKY_RGB: (u8, u8, u8) = WHALE_INFO_RGB;
 #[allow(dead_code)]
 pub const DEEPSEEK_AQUA_RGB: (u8, u8, u8) = (54, 187, 212);
 #[allow(dead_code)]
 pub const DEEPSEEK_NAVY_RGB: (u8, u8, u8) = (24, 63, 138);
-pub const DEEPSEEK_INK_RGB: (u8, u8, u8) = (11, 21, 38);
-pub const DEEPSEEK_SLATE_RGB: (u8, u8, u8) = (18, 28, 46);
-pub const DEEPSEEK_RED_RGB: (u8, u8, u8) = (226, 80, 96);
+pub const DEEPSEEK_INK_RGB: (u8, u8, u8) = WHALE_BG_RGB;
+pub const DEEPSEEK_SLATE_RGB: (u8, u8, u8) = WHALE_PANEL_RGB;
+pub const DEEPSEEK_RED_RGB: (u8, u8, u8) = WHALE_ERROR_RGB;
 
 pub const LIGHT_SURFACE_RGB: (u8, u8, u8) = (246, 248, 251); // #F6F8FB
 pub const LIGHT_PANEL_RGB: (u8, u8, u8) = (236, 242, 248); // #ECF2F8
@@ -40,13 +82,14 @@ pub const GRAYSCALE_BORDER_RGB: (u8, u8, u8) = (96, 96, 96); // #606060
 pub const GRAYSCALE_SELECTION_RGB: (u8, u8, u8) = (62, 62, 62); // #3E3E3E
 
 // New semantic colors
-pub const BORDER_COLOR_RGB: (u8, u8, u8) = (42, 74, 127); // #2A4A7F
+pub const BORDER_COLOR_RGB: (u8, u8, u8) = WHALE_BORDER_RGB; // #2A4A7F
 
 pub const DEEPSEEK_BLUE: Color = Color::Rgb(
     DEEPSEEK_BLUE_RGB.0,
     DEEPSEEK_BLUE_RGB.1,
     DEEPSEEK_BLUE_RGB.2,
 );
+/// Now maps to the secondary accent (Seafoam) for backward compat.
 pub const DEEPSEEK_SKY: Color =
     Color::Rgb(DEEPSEEK_SKY_RGB.0, DEEPSEEK_SKY_RGB.1, DEEPSEEK_SKY_RGB.2);
 #[allow(dead_code)]
@@ -181,13 +224,37 @@ pub const GRAYSCALE_SELECTION_BG: Color = Color::Rgb(
     GRAYSCALE_SELECTION_RGB.2,
 );
 
-pub const TEXT_BODY: Color = Color::Rgb(226, 232, 240); // #E2E8F0
-pub const TEXT_SECONDARY: Color = Color::Rgb(177, 190, 207); // #B1BECF
-pub const TEXT_HINT: Color = Color::Rgb(135, 151, 171); // #8797AB
-pub const TEXT_ACCENT: Color = DEEPSEEK_SKY;
+pub const TEXT_BODY: Color = Color::Rgb(
+    WHALE_TEXT_BODY_RGB.0,
+    WHALE_TEXT_BODY_RGB.1,
+    WHALE_TEXT_BODY_RGB.2,
+);
+pub const TEXT_SECONDARY: Color = Color::Rgb(
+    WHALE_TEXT_MUTED_RGB.0,
+    WHALE_TEXT_MUTED_RGB.1,
+    WHALE_TEXT_MUTED_RGB.2,
+);
+pub const TEXT_HINT: Color = Color::Rgb(
+    WHALE_TEXT_HINT_RGB.0,
+    WHALE_TEXT_HINT_RGB.1,
+    WHALE_TEXT_HINT_RGB.2,
+);
+pub const TEXT_ACCENT: Color = Color::Rgb(
+    WHALE_ACCENT_SECONDARY_RGB.0,
+    WHALE_ACCENT_SECONDARY_RGB.1,
+    WHALE_ACCENT_SECONDARY_RGB.2,
+);
 pub const SELECTION_TEXT: Color = Color::White;
-pub const TEXT_SOFT: Color = Color::Rgb(217, 226, 238); // #D9E2EE
-pub const TEXT_REASONING: Color = Color::Rgb(211, 170, 112); // #D3AA70
+pub const TEXT_SOFT: Color = Color::Rgb(
+    WHALE_TEXT_SOFT_RGB.0,
+    WHALE_TEXT_SOFT_RGB.1,
+    WHALE_TEXT_SOFT_RGB.2,
+);
+pub const TEXT_REASONING: Color = Color::Rgb(
+    WHALE_REASONING_TEXT_RGB.0,
+    WHALE_REASONING_TEXT_RGB.1,
+    WHALE_REASONING_TEXT_RGB.2,
+);
 
 // Compatibility aliases for existing call sites.
 pub const TEXT_PRIMARY: Color = TEXT_BODY;
@@ -200,51 +267,140 @@ pub const LIGHT_USER_BODY: Color = Color::Rgb(21, 128, 61); // #15803D green
 pub const BORDER_COLOR: Color =
     Color::Rgb(BORDER_COLOR_RGB.0, BORDER_COLOR_RGB.1, BORDER_COLOR_RGB.2);
 #[allow(dead_code)]
-pub const ACCENT_PRIMARY: Color = DEEPSEEK_BLUE; // #3578E5
+pub const ACCENT_PRIMARY: Color = Color::Rgb(
+    WHALE_ACCENT_PRIMARY_RGB.0,
+    WHALE_ACCENT_PRIMARY_RGB.1,
+    WHALE_ACCENT_PRIMARY_RGB.2,
+);
 #[allow(dead_code)]
-pub const ACCENT_SECONDARY: Color = TEXT_ACCENT; // #6AAEF2
+pub const ACCENT_SECONDARY: Color = Color::Rgb(
+    WHALE_ACCENT_SECONDARY_RGB.0,
+    WHALE_ACCENT_SECONDARY_RGB.1,
+    WHALE_ACCENT_SECONDARY_RGB.2,
+);
 #[allow(dead_code)]
-pub const BACKGROUND_DARK: Color = Color::Rgb(13, 26, 48); // #0D1A30
+pub const BACKGROUND_DARK: Color = Color::Rgb(WHALE_BG_RGB.0, WHALE_BG_RGB.1, WHALE_BG_RGB.2);
 #[allow(dead_code)]
-pub const STATUS_NEUTRAL: Color = Color::Rgb(160, 160, 160); // #A0A0A0
+pub const STATUS_NEUTRAL: Color = TEXT_MUTED;
 #[allow(dead_code)]
-pub const SURFACE_PANEL: Color = Color::Rgb(21, 33, 52); // #152134
+pub const SURFACE_PANEL: Color =
+    Color::Rgb(WHALE_PANEL_RGB.0, WHALE_PANEL_RGB.1, WHALE_PANEL_RGB.2);
 #[allow(dead_code)]
-pub const SURFACE_ELEVATED: Color = Color::Rgb(28, 42, 64); // #1C2A40
-pub const SURFACE_REASONING: Color = Color::Rgb(54, 44, 26); // #362C1A
-pub const SURFACE_REASONING_TINT: Color = Color::Rgb(16, 24, 37); // #101825
+pub const SURFACE_ELEVATED: Color = Color::Rgb(
+    WHALE_ELEVATED_RGB.0,
+    WHALE_ELEVATED_RGB.1,
+    WHALE_ELEVATED_RGB.2,
+);
+pub const SURFACE_REASONING: Color = Color::Rgb(
+    WHALE_REASONING_SURFACE_RGB.0,
+    WHALE_REASONING_SURFACE_RGB.1,
+    WHALE_REASONING_SURFACE_RGB.2,
+);
+pub const SURFACE_REASONING_TINT: Color = Color::Rgb(
+    WHALE_REASONING_TINT_RGB.0,
+    WHALE_REASONING_TINT_RGB.1,
+    WHALE_REASONING_TINT_RGB.2,
+);
 #[allow(dead_code)]
-pub const SURFACE_REASONING_ACTIVE: Color = Color::Rgb(68, 53, 28); // #44351C
+pub const SURFACE_REASONING_ACTIVE: Color = Color::Rgb(58, 46, 32);
 #[allow(dead_code)]
-pub const SURFACE_TOOL: Color = Color::Rgb(24, 39, 60); // #18273C
+pub const SURFACE_TOOL: Color = Color::Rgb(
+    WHALE_TOOL_SURFACE_RGB.0,
+    WHALE_TOOL_SURFACE_RGB.1,
+    WHALE_TOOL_SURFACE_RGB.2,
+);
 #[allow(dead_code)]
-pub const SURFACE_TOOL_ACTIVE: Color = Color::Rgb(29, 48, 73); // #1D3049
+pub const SURFACE_TOOL_ACTIVE: Color = Color::Rgb(
+    WHALE_TOOL_ACTIVE_RGB.0,
+    WHALE_TOOL_ACTIVE_RGB.1,
+    WHALE_TOOL_ACTIVE_RGB.2,
+);
 #[allow(dead_code)]
-pub const SURFACE_SUCCESS: Color = Color::Rgb(22, 56, 63); // #16383F
+pub const SURFACE_SUCCESS: Color = Color::Rgb(18, 42, 37); // dark teal tint
 #[allow(dead_code)]
-pub const SURFACE_ERROR: Color = Color::Rgb(63, 27, 36); // #3F1B24
-pub const DIFF_ADDED_BG: Color = Color::Rgb(18, 52, 38); // #123426 dark green tint
-pub const DIFF_DELETED_BG: Color = Color::Rgb(52, 22, 28); // #34161C dark red tint
-pub const DIFF_ADDED: Color = Color::Rgb(87, 199, 133); // #57C785
-pub const ACCENT_REASONING_LIVE: Color = Color::Rgb(224, 153, 72); // #E09948
-pub const ACCENT_TOOL_LIVE: Color = Color::Rgb(133, 184, 234); // #85B8EA
-pub const ACCENT_TOOL_ISSUE: Color = Color::Rgb(192, 143, 153); // #C08F99
-pub const TEXT_TOOL_OUTPUT: Color = Color::Rgb(191, 205, 220); // #BFCEDC
+pub const SURFACE_ERROR: Color = Color::Rgb(
+    WHALE_ERROR_SURFACE_RGB.0,
+    WHALE_ERROR_SURFACE_RGB.1,
+    WHALE_ERROR_SURFACE_RGB.2,
+);
+pub const DIFF_ADDED_BG: Color = Color::Rgb(
+    WHALE_DIFF_ADDED_BG_RGB.0,
+    WHALE_DIFF_ADDED_BG_RGB.1,
+    WHALE_DIFF_ADDED_BG_RGB.2,
+);
+pub const DIFF_DELETED_BG: Color = Color::Rgb(
+    WHALE_DIFF_DELETED_BG_RGB.0,
+    WHALE_DIFF_DELETED_BG_RGB.1,
+    WHALE_DIFF_DELETED_BG_RGB.2,
+);
+pub const DIFF_ADDED: Color = Color::Rgb(
+    WHALE_DIFF_ADDED_RGB.0,
+    WHALE_DIFF_ADDED_RGB.1,
+    WHALE_DIFF_ADDED_RGB.2,
+);
+pub const ACCENT_REASONING_LIVE: Color = Color::Rgb(
+    WHALE_REASONING_TEXT_RGB.0,
+    WHALE_REASONING_TEXT_RGB.1,
+    WHALE_REASONING_TEXT_RGB.2,
+);
+pub const ACCENT_TOOL_LIVE: Color = Color::Rgb(
+    WHALE_TOOL_LIVE_RGB.0,
+    WHALE_TOOL_LIVE_RGB.1,
+    WHALE_TOOL_LIVE_RGB.2,
+);
+pub const ACCENT_TOOL_ISSUE: Color = Color::Rgb(
+    WHALE_TOOL_ISSUE_RGB.0,
+    WHALE_TOOL_ISSUE_RGB.1,
+    WHALE_TOOL_ISSUE_RGB.2,
+);
+pub const TEXT_TOOL_OUTPUT: Color = Color::Rgb(
+    WHALE_TOOL_OUTPUT_RGB.0,
+    WHALE_TOOL_OUTPUT_RGB.1,
+    WHALE_TOOL_OUTPUT_RGB.2,
+);
 
 // Legacy status colors - keep for backward compatibility
-pub const STATUS_SUCCESS: Color = DEEPSEEK_SKY;
-pub const STATUS_WARNING: Color = Color::Rgb(255, 170, 60); // Amber
-pub const STATUS_ERROR: Color = DEEPSEEK_RED;
+pub const STATUS_SUCCESS: Color = Color::Rgb(
+    WHALE_SUCCESS_RGB.0,
+    WHALE_SUCCESS_RGB.1,
+    WHALE_SUCCESS_RGB.2,
+);
+pub const STATUS_WARNING: Color = Color::Rgb(
+    WHALE_WARNING_RGB.0,
+    WHALE_WARNING_RGB.1,
+    WHALE_WARNING_RGB.2,
+);
+pub const STATUS_ERROR: Color = Color::Rgb(WHALE_ERROR_RGB.0, WHALE_ERROR_RGB.1, WHALE_ERROR_RGB.2);
 #[allow(dead_code)]
-pub const STATUS_INFO: Color = DEEPSEEK_BLUE;
+pub const STATUS_INFO: Color = Color::Rgb(WHALE_INFO_RGB.0, WHALE_INFO_RGB.1, WHALE_INFO_RGB.2);
 
 // Mode-specific accent colors for mode badges
-pub const MODE_AGENT: Color = Color::Rgb(80, 150, 255); // Bright blue
-pub const MODE_YOLO: Color = Color::Rgb(255, 100, 100); // Warning red
-pub const MODE_PLAN: Color = Color::Rgb(255, 170, 60); // Orange
-pub const MODE_GOAL: Color = Color::Rgb(100, 220, 160); // Mint green
+pub const MODE_AGENT: Color = Color::Rgb(
+    WHALE_MODE_AGENT_RGB.0,
+    WHALE_MODE_AGENT_RGB.1,
+    WHALE_MODE_AGENT_RGB.2,
+);
+pub const MODE_YOLO: Color = Color::Rgb(
+    WHALE_MODE_YOLO_RGB.0,
+    WHALE_MODE_YOLO_RGB.1,
+    WHALE_MODE_YOLO_RGB.2,
+);
+pub const MODE_PLAN: Color = Color::Rgb(
+    WHALE_MODE_PLAN_RGB.0,
+    WHALE_MODE_PLAN_RGB.1,
+    WHALE_MODE_PLAN_RGB.2,
+);
+pub const MODE_GOAL: Color = Color::Rgb(
+    WHALE_MODE_GOAL_RGB.0,
+    WHALE_MODE_GOAL_RGB.1,
+    WHALE_MODE_GOAL_RGB.2,
+);
 
-pub const SELECTION_BG: Color = Color::Rgb(26, 44, 74);
+pub const SELECTION_BG: Color = Color::Rgb(
+    WHALE_SELECTION_RGB.0,
+    WHALE_SELECTION_RGB.1,
+    WHALE_SELECTION_RGB.2,
+);
 #[allow(dead_code)]
 pub const COMPOSER_BG: Color = DEEPSEEK_SLATE;
 
@@ -322,6 +478,7 @@ fn palette_mode_from_apple_interface_style(value: &str) -> PaletteMode {
 pub struct UiTheme {
     pub name: &'static str,
     pub mode: PaletteMode,
+    // Surface hierarchy
     pub surface_bg: Color,
     pub panel_bg: Color,
     pub elevated_bg: Color,
@@ -329,22 +486,45 @@ pub struct UiTheme {
     pub selection_bg: Color,
     pub header_bg: Color,
     pub footer_bg: Color,
-    /// Statusline mode colors (agent/yolo/plan)
-    pub mode_agent: Color,
-    pub mode_yolo: Color,
-    pub mode_plan: Color,
-    pub mode_goal: Color,
-    /// Statusline status colors
-    pub status_ready: Color,
-    pub status_working: Color,
-    pub status_warning: Color,
-    /// Statusline text colors
+    /// Text hierarchy
     pub text_dim: Color,
     pub text_hint: Color,
     pub text_muted: Color,
     pub text_body: Color,
     pub text_soft: Color,
     pub border: Color,
+    // Accent roles
+    pub accent_primary: Color,
+    pub accent_secondary: Color,
+    pub accent_action: Color,
+    // Error / destructive
+    pub error_fg: Color,
+    pub error_hover: Color,
+    pub error_surface: Color,
+    pub error_border: Color,
+    pub error_text: Color,
+    // Status roles (warning / success / info)
+    pub warning: Color,
+    pub success: Color,
+    pub info: Color,
+    // Mode badge colors (agent/yolo/plan/goal)
+    pub mode_agent: Color,
+    pub mode_yolo: Color,
+    pub mode_plan: Color,
+    pub mode_goal: Color,
+    // Footer statusline colors
+    pub status_ready: Color,
+    pub status_working: Color,
+    pub status_warning: Color,
+    // Diff colors
+    pub diff_added_fg: Color,
+    pub diff_deleted_fg: Color,
+    pub diff_added_bg: Color,
+    pub diff_deleted_bg: Color,
+    // Tool cell colors
+    pub tool_running: Color,
+    pub tool_success: Color,
+    pub tool_failed: Color,
 }
 
 pub const UI_THEME: UiTheme = UiTheme {
@@ -357,6 +537,59 @@ pub const UI_THEME: UiTheme = UiTheme {
     selection_bg: SELECTION_BG,
     header_bg: DEEPSEEK_INK,
     footer_bg: DEEPSEEK_INK,
+    text_dim: TEXT_DIM,
+    text_hint: TEXT_HINT,
+    text_muted: TEXT_MUTED,
+    text_body: TEXT_BODY,
+    text_soft: TEXT_SOFT,
+    border: BORDER_COLOR,
+    accent_primary: Color::Rgb(
+        WHALE_ACCENT_PRIMARY_RGB.0,
+        WHALE_ACCENT_PRIMARY_RGB.1,
+        WHALE_ACCENT_PRIMARY_RGB.2,
+    ),
+    accent_secondary: Color::Rgb(
+        WHALE_ACCENT_SECONDARY_RGB.0,
+        WHALE_ACCENT_SECONDARY_RGB.1,
+        WHALE_ACCENT_SECONDARY_RGB.2,
+    ),
+    accent_action: Color::Rgb(
+        WHALE_ACCENT_ACTION_RGB.0,
+        WHALE_ACCENT_ACTION_RGB.1,
+        WHALE_ACCENT_ACTION_RGB.2,
+    ),
+    error_fg: Color::Rgb(WHALE_ERROR_RGB.0, WHALE_ERROR_RGB.1, WHALE_ERROR_RGB.2),
+    error_hover: Color::Rgb(
+        WHALE_ERROR_HOVER_RGB.0,
+        WHALE_ERROR_HOVER_RGB.1,
+        WHALE_ERROR_HOVER_RGB.2,
+    ),
+    error_surface: Color::Rgb(
+        WHALE_ERROR_SURFACE_RGB.0,
+        WHALE_ERROR_SURFACE_RGB.1,
+        WHALE_ERROR_SURFACE_RGB.2,
+    ),
+    error_border: Color::Rgb(
+        WHALE_ERROR_BORDER_RGB.0,
+        WHALE_ERROR_BORDER_RGB.1,
+        WHALE_ERROR_BORDER_RGB.2,
+    ),
+    error_text: Color::Rgb(
+        WHALE_ERROR_TEXT_RGB.0,
+        WHALE_ERROR_TEXT_RGB.1,
+        WHALE_ERROR_TEXT_RGB.2,
+    ),
+    warning: Color::Rgb(
+        WHALE_WARNING_RGB.0,
+        WHALE_WARNING_RGB.1,
+        WHALE_WARNING_RGB.2,
+    ),
+    success: Color::Rgb(
+        WHALE_SUCCESS_RGB.0,
+        WHALE_SUCCESS_RGB.1,
+        WHALE_SUCCESS_RGB.2,
+    ),
+    info: Color::Rgb(WHALE_INFO_RGB.0, WHALE_INFO_RGB.1, WHALE_INFO_RGB.2),
     mode_agent: MODE_AGENT,
     mode_yolo: MODE_YOLO,
     mode_plan: MODE_PLAN,
@@ -364,12 +597,13 @@ pub const UI_THEME: UiTheme = UiTheme {
     status_ready: TEXT_MUTED,
     status_working: DEEPSEEK_SKY,
     status_warning: STATUS_WARNING,
-    text_dim: TEXT_DIM,
-    text_hint: TEXT_HINT,
-    text_muted: TEXT_MUTED,
-    text_body: TEXT_BODY,
-    text_soft: TEXT_SOFT,
-    border: BORDER_COLOR,
+    diff_added_fg: DIFF_ADDED,
+    diff_deleted_fg: Color::Rgb(WHALE_ERROR_RGB.0, WHALE_ERROR_RGB.1, WHALE_ERROR_RGB.2),
+    diff_added_bg: DIFF_ADDED_BG,
+    diff_deleted_bg: DIFF_DELETED_BG,
+    tool_running: ACCENT_TOOL_LIVE,
+    tool_success: TEXT_DIM,
+    tool_failed: ACCENT_TOOL_ISSUE,
 };
 
 pub const LIGHT_UI_THEME: UiTheme = UiTheme {
@@ -382,19 +616,37 @@ pub const LIGHT_UI_THEME: UiTheme = UiTheme {
     selection_bg: LIGHT_SELECTION_BG,
     header_bg: LIGHT_SURFACE,
     footer_bg: LIGHT_SURFACE,
-    mode_agent: DEEPSEEK_BLUE,
-    mode_yolo: DEEPSEEK_RED,
-    mode_plan: Color::Rgb(180, 83, 9),
-    mode_goal: Color::Rgb(80, 180, 130), // mint green
-    status_ready: LIGHT_TEXT_MUTED,
-    status_working: DEEPSEEK_BLUE,
-    status_warning: Color::Rgb(180, 83, 9),
     text_dim: LIGHT_TEXT_HINT,
     text_hint: LIGHT_TEXT_HINT,
     text_muted: LIGHT_TEXT_MUTED,
     text_body: LIGHT_TEXT_BODY,
     text_soft: LIGHT_TEXT_SOFT,
     border: LIGHT_BORDER,
+    accent_primary: Color::Rgb(53, 120, 229),   // blue
+    accent_secondary: Color::Rgb(79, 180, 160), // teal
+    accent_action: Color::Rgb(220, 90, 60),     // warm coral
+    error_fg: Color::Rgb(200, 40, 60),          // red
+    error_hover: Color::Rgb(220, 70, 85),
+    error_surface: Color::Rgb(254, 229, 229),
+    error_border: Color::Rgb(240, 120, 130),
+    error_text: Color::Rgb(120, 20, 30),
+    warning: Color::Rgb(180, 83, 9),      // amber
+    success: Color::Rgb(21, 128, 61),     // green
+    info: Color::Rgb(53, 120, 229),       // blue
+    mode_agent: Color::Rgb(53, 120, 229), // blue
+    mode_yolo: Color::Rgb(200, 40, 60),   // red
+    mode_plan: Color::Rgb(180, 83, 9),    // amber
+    mode_goal: Color::Rgb(80, 180, 130),  // mint green
+    status_ready: LIGHT_TEXT_MUTED,
+    status_working: Color::Rgb(53, 120, 229),   // blue
+    status_warning: Color::Rgb(180, 83, 9),     // amber
+    diff_added_fg: Color::Rgb(22, 101, 52),     // green
+    diff_deleted_fg: Color::Rgb(200, 40, 60),   // red
+    diff_added_bg: Color::Rgb(223, 247, 231),   // light green
+    diff_deleted_bg: Color::Rgb(254, 229, 229), // light red
+    tool_running: Color::Rgb(53, 120, 229),     // blue
+    tool_success: LIGHT_TEXT_HINT,
+    tool_failed: Color::Rgb(200, 40, 60), // red
 };
 
 pub const GRAYSCALE_UI_THEME: UiTheme = UiTheme {
@@ -407,19 +659,37 @@ pub const GRAYSCALE_UI_THEME: UiTheme = UiTheme {
     selection_bg: GRAYSCALE_SELECTION_BG,
     header_bg: GRAYSCALE_SURFACE,
     footer_bg: GRAYSCALE_SURFACE,
-    mode_agent: GRAYSCALE_TEXT_SOFT,
-    mode_yolo: GRAYSCALE_TEXT_BODY,
-    mode_plan: GRAYSCALE_TEXT_MUTED,
-    mode_goal: GRAYSCALE_TEXT_SOFT,
-    status_ready: GRAYSCALE_TEXT_MUTED,
-    status_working: GRAYSCALE_TEXT_SOFT,
-    status_warning: GRAYSCALE_TEXT_BODY,
     text_dim: GRAYSCALE_TEXT_HINT,
     text_hint: GRAYSCALE_TEXT_HINT,
     text_muted: GRAYSCALE_TEXT_MUTED,
     text_body: GRAYSCALE_TEXT_BODY,
     text_soft: GRAYSCALE_TEXT_SOFT,
     border: GRAYSCALE_BORDER,
+    accent_primary: GRAYSCALE_TEXT_SOFT,
+    accent_secondary: GRAYSCALE_TEXT_MUTED,
+    accent_action: Color::Rgb(210, 210, 210),
+    error_fg: GRAYSCALE_TEXT_BODY,
+    error_hover: GRAYSCALE_TEXT_SOFT,
+    error_surface: GRAYSCALE_ERROR,
+    error_border: GRAYSCALE_BORDER,
+    error_text: GRAYSCALE_TEXT_SOFT,
+    warning: GRAYSCALE_TEXT_MUTED,
+    success: GRAYSCALE_TEXT_SOFT,
+    info: GRAYSCALE_TEXT_MUTED,
+    mode_agent: Color::Rgb(200, 200, 200),
+    mode_yolo: GRAYSCALE_TEXT_BODY,
+    mode_plan: GRAYSCALE_TEXT_MUTED,
+    mode_goal: GRAYSCALE_TEXT_SOFT,
+    status_ready: GRAYSCALE_TEXT_MUTED,
+    status_working: GRAYSCALE_TEXT_SOFT,
+    status_warning: GRAYSCALE_TEXT_BODY,
+    diff_added_fg: GRAYSCALE_TEXT_SOFT,
+    diff_deleted_fg: GRAYSCALE_TEXT_BODY,
+    diff_added_bg: GRAYSCALE_SUCCESS,
+    diff_deleted_bg: GRAYSCALE_ERROR,
+    tool_running: GRAYSCALE_TEXT_SOFT,
+    tool_success: GRAYSCALE_TEXT_HINT,
+    tool_failed: GRAYSCALE_TEXT_BODY,
 };
 
 pub const CATPPUCCIN_MOCHA_UI_THEME: UiTheme = UiTheme {
@@ -432,19 +702,37 @@ pub const CATPPUCCIN_MOCHA_UI_THEME: UiTheme = UiTheme {
     selection_bg: Color::Rgb(0x45, 0x47, 0x5a), // surface1
     header_bg: Color::Rgb(0x11, 0x11, 0x1b),    // crust
     footer_bg: Color::Rgb(0x11, 0x11, 0x1b),
-    mode_agent: Color::Rgb(0x89, 0xb4, 0xfa),     // blue
-    mode_yolo: Color::Rgb(0xf3, 0x8b, 0xa8),      // red
-    mode_plan: Color::Rgb(0xfa, 0xb3, 0x87),      // peach
-    mode_goal: Color::Rgb(0xa6, 0xe3, 0xa1),      // green
-    status_ready: Color::Rgb(0x7f, 0x84, 0x9c),   // overlay1
-    status_working: Color::Rgb(0x74, 0xc7, 0xec), // sapphire
-    status_warning: Color::Rgb(0xf9, 0xe2, 0xaf), // yellow
-    text_dim: Color::Rgb(0x6c, 0x70, 0x86),       // overlay0
-    text_hint: Color::Rgb(0x7f, 0x84, 0x9c),      // overlay1
-    text_muted: Color::Rgb(0xa6, 0xad, 0xc8),     // subtext0
-    text_body: Color::Rgb(0xcd, 0xd6, 0xf4),      // text
-    text_soft: Color::Rgb(0xba, 0xc2, 0xde),      // subtext1
-    border: Color::Rgb(0x45, 0x47, 0x5a),         // surface1
+    text_dim: Color::Rgb(0x6c, 0x70, 0x86),         // overlay0
+    text_hint: Color::Rgb(0x7f, 0x84, 0x9c),        // overlay1
+    text_muted: Color::Rgb(0xa6, 0xad, 0xc8),       // subtext0
+    text_body: Color::Rgb(0xcd, 0xd6, 0xf4),        // text
+    text_soft: Color::Rgb(0xba, 0xc2, 0xde),        // subtext1
+    border: Color::Rgb(0x45, 0x47, 0x5a),           // surface1
+    accent_primary: Color::Rgb(0x89, 0xb4, 0xfa),   // blue
+    accent_secondary: Color::Rgb(0x74, 0xc7, 0xec), // sapphire
+    accent_action: Color::Rgb(0xfa, 0xb3, 0x87),    // peach
+    error_fg: Color::Rgb(0xf3, 0x8b, 0xa8),         // red
+    error_hover: Color::Rgb(0xf5, 0xa2, 0xbc),
+    error_surface: Color::Rgb(0x3a, 0x1f, 0x2a),
+    error_border: Color::Rgb(0xf3, 0x8b, 0xa8),
+    error_text: Color::Rgb(0xf5, 0xc2, 0xd0),
+    warning: Color::Rgb(0xf9, 0xe2, 0xaf),         // yellow
+    success: Color::Rgb(0xa6, 0xe3, 0xa1),         // green
+    info: Color::Rgb(0x89, 0xd9, 0xeb),            // sky
+    mode_agent: Color::Rgb(0x89, 0xb4, 0xfa),      // blue
+    mode_yolo: Color::Rgb(0xf3, 0x8b, 0xa8),       // red
+    mode_plan: Color::Rgb(0xfa, 0xb3, 0x87),       // peach
+    mode_goal: Color::Rgb(0xa6, 0xe3, 0xa1),       // green
+    status_ready: Color::Rgb(0x7f, 0x84, 0x9c),    // overlay1
+    status_working: Color::Rgb(0x74, 0xc7, 0xec),  // sapphire
+    status_warning: Color::Rgb(0xf9, 0xe2, 0xaf),  // yellow
+    diff_added_fg: Color::Rgb(0xa6, 0xe3, 0xa1),   // green
+    diff_deleted_fg: Color::Rgb(0xf3, 0x8b, 0xa8), // red
+    diff_added_bg: Color::Rgb(0x1f, 0x33, 0x29),
+    diff_deleted_bg: Color::Rgb(0x3a, 0x1f, 0x2a),
+    tool_running: Color::Rgb(0x74, 0xc7, 0xec), // sapphire
+    tool_success: Color::Rgb(0x7f, 0x84, 0x9c), // overlay1
+    tool_failed: Color::Rgb(0xf3, 0x8b, 0xa8),  // red
 };
 
 pub const TOKYO_NIGHT_UI_THEME: UiTheme = UiTheme {
@@ -457,19 +745,37 @@ pub const TOKYO_NIGHT_UI_THEME: UiTheme = UiTheme {
     selection_bg: Color::Rgb(0x28, 0x34, 0x57), // visual selection
     header_bg: Color::Rgb(0x16, 0x16, 0x1e),
     footer_bg: Color::Rgb(0x16, 0x16, 0x1e),
-    mode_agent: Color::Rgb(0x7a, 0xa2, 0xf7),     // blue
-    mode_yolo: Color::Rgb(0xf7, 0x76, 0x8e),      // red
-    mode_plan: Color::Rgb(0xff, 0x9e, 0x64),      // orange
-    mode_goal: Color::Rgb(0x9e, 0xce, 0x6a),      // green
-    status_ready: Color::Rgb(0x56, 0x5f, 0x89),   // comment
-    status_working: Color::Rgb(0x7d, 0xcf, 0xff), // cyan
-    status_warning: Color::Rgb(0xe0, 0xaf, 0x68), // yellow
-    text_dim: Color::Rgb(0x56, 0x5f, 0x89),       // comment
-    text_hint: Color::Rgb(0x73, 0x7a, 0xa2),      // dark5
-    text_muted: Color::Rgb(0xa9, 0xb1, 0xd6),     // fg_dark
-    text_body: Color::Rgb(0xc0, 0xca, 0xf5),      // fg
+    text_dim: Color::Rgb(0x56, 0x5f, 0x89),   // comment
+    text_hint: Color::Rgb(0x73, 0x7a, 0xa2),  // dark5
+    text_muted: Color::Rgb(0xa9, 0xb1, 0xd6), // fg_dark
+    text_body: Color::Rgb(0xc0, 0xca, 0xf5),  // fg
     text_soft: Color::Rgb(0xbb, 0xc2, 0xe0),
     border: Color::Rgb(0x41, 0x48, 0x68), // terminal_black
+    accent_primary: Color::Rgb(0x7a, 0xa2, 0xf7), // blue
+    accent_secondary: Color::Rgb(0x7d, 0xcf, 0xff), // cyan
+    accent_action: Color::Rgb(0xff, 0x9e, 0x64), // orange
+    error_fg: Color::Rgb(0xf7, 0x76, 0x8e), // red
+    error_hover: Color::Rgb(0xf9, 0x92, 0xa4),
+    error_surface: Color::Rgb(0x33, 0x1c, 0x24),
+    error_border: Color::Rgb(0xf7, 0x76, 0x8e),
+    error_text: Color::Rgb(0xfa, 0xcc, 0xd4),
+    warning: Color::Rgb(0xe0, 0xaf, 0x68),         // yellow
+    success: Color::Rgb(0x9e, 0xce, 0x6a),         // green
+    info: Color::Rgb(0x7d, 0xcf, 0xff),            // cyan
+    mode_agent: Color::Rgb(0x7a, 0xa2, 0xf7),      // blue
+    mode_yolo: Color::Rgb(0xf7, 0x76, 0x8e),       // red
+    mode_plan: Color::Rgb(0xff, 0x9e, 0x64),       // orange
+    mode_goal: Color::Rgb(0x9e, 0xce, 0x6a),       // green
+    status_ready: Color::Rgb(0x56, 0x5f, 0x89),    // comment
+    status_working: Color::Rgb(0x7d, 0xcf, 0xff),  // cyan
+    status_warning: Color::Rgb(0xe0, 0xaf, 0x68),  // yellow
+    diff_added_fg: Color::Rgb(0x9e, 0xce, 0x6a),   // green
+    diff_deleted_fg: Color::Rgb(0xf7, 0x76, 0x8e), // red
+    diff_added_bg: Color::Rgb(0x1b, 0x2b, 0x1f),
+    diff_deleted_bg: Color::Rgb(0x33, 0x1c, 0x24),
+    tool_running: Color::Rgb(0x7d, 0xcf, 0xff), // cyan
+    tool_success: Color::Rgb(0x56, 0x5f, 0x89), // comment
+    tool_failed: Color::Rgb(0xf7, 0x76, 0x8e),  // red
 };
 
 pub const DRACULA_UI_THEME: UiTheme = UiTheme {
@@ -482,19 +788,37 @@ pub const DRACULA_UI_THEME: UiTheme = UiTheme {
     selection_bg: Color::Rgb(0x44, 0x47, 0x5a), // current line
     header_bg: Color::Rgb(0x21, 0x22, 0x2c),
     footer_bg: Color::Rgb(0x21, 0x22, 0x2c),
-    mode_agent: Color::Rgb(0xbd, 0x93, 0xf9),     // purple
-    mode_yolo: Color::Rgb(0xff, 0x55, 0x55),      // red
-    mode_plan: Color::Rgb(0xff, 0xb8, 0x6c),      // orange
-    mode_goal: Color::Rgb(0x50, 0xfa, 0x7b),      // green
-    status_ready: Color::Rgb(0x62, 0x72, 0xa4),   // comment
-    status_working: Color::Rgb(0x8b, 0xe9, 0xfd), // cyan
-    status_warning: Color::Rgb(0xf1, 0xfa, 0x8c), // yellow
-    text_dim: Color::Rgb(0x62, 0x72, 0xa4),
+    text_dim: Color::Rgb(0x62, 0x72, 0xa4), // comment
     text_hint: Color::Rgb(0x8a, 0x8e, 0xaa),
     text_muted: Color::Rgb(0xc0, 0xc4, 0xd6),
     text_body: Color::Rgb(0xf8, 0xf8, 0xf2), // foreground
     text_soft: Color::Rgb(0xe2, 0xe2, 0xdc),
     border: Color::Rgb(0x44, 0x47, 0x5a),
+    accent_primary: Color::Rgb(0xbd, 0x93, 0xf9), // purple
+    accent_secondary: Color::Rgb(0x8b, 0xe9, 0xfd), // cyan
+    accent_action: Color::Rgb(0xff, 0xb8, 0x6c),  // orange
+    error_fg: Color::Rgb(0xff, 0x55, 0x55),       // red
+    error_hover: Color::Rgb(0xff, 0x7c, 0x7c),
+    error_surface: Color::Rgb(0x3a, 0x1f, 0x22),
+    error_border: Color::Rgb(0xff, 0x55, 0x55),
+    error_text: Color::Rgb(0xff, 0xbb, 0xbb),
+    warning: Color::Rgb(0xf1, 0xfa, 0x8c),         // yellow
+    success: Color::Rgb(0x50, 0xfa, 0x7b),         // green
+    info: Color::Rgb(0x8b, 0xe9, 0xfd),            // cyan
+    mode_agent: Color::Rgb(0xbd, 0x93, 0xf9),      // purple
+    mode_yolo: Color::Rgb(0xff, 0x55, 0x55),       // red
+    mode_plan: Color::Rgb(0xff, 0xb8, 0x6c),       // orange
+    mode_goal: Color::Rgb(0x50, 0xfa, 0x7b),       // green
+    status_ready: Color::Rgb(0x62, 0x72, 0xa4),    // comment
+    status_working: Color::Rgb(0x8b, 0xe9, 0xfd),  // cyan
+    status_warning: Color::Rgb(0xf1, 0xfa, 0x8c),  // yellow
+    diff_added_fg: Color::Rgb(0x50, 0xfa, 0x7b),   // green
+    diff_deleted_fg: Color::Rgb(0xff, 0x55, 0x55), // red
+    diff_added_bg: Color::Rgb(0x21, 0x3a, 0x2a),
+    diff_deleted_bg: Color::Rgb(0x3a, 0x1f, 0x22),
+    tool_running: Color::Rgb(0x8b, 0xe9, 0xfd), // cyan
+    tool_success: Color::Rgb(0x62, 0x72, 0xa4), // comment
+    tool_failed: Color::Rgb(0xff, 0x55, 0x55),  // red
 };
 
 pub const GRUVBOX_DARK_UI_THEME: UiTheme = UiTheme {
@@ -507,19 +831,37 @@ pub const GRUVBOX_DARK_UI_THEME: UiTheme = UiTheme {
     selection_bg: Color::Rgb(0x66, 0x5c, 0x54), // bg3
     header_bg: Color::Rgb(0x1d, 0x20, 0x21),    // bg0_h
     footer_bg: Color::Rgb(0x1d, 0x20, 0x21),
-    mode_agent: Color::Rgb(0x83, 0xa5, 0x98),     // blue
-    mode_yolo: Color::Rgb(0xfb, 0x49, 0x34),      // red
-    mode_plan: Color::Rgb(0xfe, 0x80, 0x19),      // orange
-    mode_goal: Color::Rgb(0x8e, 0xc0, 0x7c),      // green
-    status_ready: Color::Rgb(0x92, 0x83, 0x74),   // gray
-    status_working: Color::Rgb(0x8e, 0xc0, 0x7c), // aqua
-    status_warning: Color::Rgb(0xfa, 0xbd, 0x2f), // yellow
-    text_dim: Color::Rgb(0x92, 0x83, 0x74),       // gray
-    text_hint: Color::Rgb(0xa8, 0x99, 0x84),      // fg4
-    text_muted: Color::Rgb(0xbd, 0xae, 0x93),     // fg3
-    text_body: Color::Rgb(0xeb, 0xdb, 0xb2),      // fg1
-    text_soft: Color::Rgb(0xd5, 0xc4, 0xa1),      // fg2
-    border: Color::Rgb(0x66, 0x5c, 0x54),         // bg3
+    text_dim: Color::Rgb(0x92, 0x83, 0x74),         // gray
+    text_hint: Color::Rgb(0xa8, 0x99, 0x84),        // fg4
+    text_muted: Color::Rgb(0xbd, 0xae, 0x93),       // fg3
+    text_body: Color::Rgb(0xeb, 0xdb, 0xb2),        // fg1
+    text_soft: Color::Rgb(0xd5, 0xc4, 0xa1),        // fg2
+    border: Color::Rgb(0x66, 0x5c, 0x54),           // bg3
+    accent_primary: Color::Rgb(0x83, 0xa5, 0x98),   // blue
+    accent_secondary: Color::Rgb(0x8e, 0xc0, 0x7c), // aqua/green
+    accent_action: Color::Rgb(0xfe, 0x80, 0x19),    // orange
+    error_fg: Color::Rgb(0xfb, 0x49, 0x34),         // red
+    error_hover: Color::Rgb(0xfc, 0x7c, 0x6b),
+    error_surface: Color::Rgb(0x35, 0x1c, 0x18),
+    error_border: Color::Rgb(0xfb, 0x49, 0x34),
+    error_text: Color::Rgb(0xfc, 0xc4, 0xb8),
+    warning: Color::Rgb(0xfa, 0xbd, 0x2f),         // yellow
+    success: Color::Rgb(0x8e, 0xc0, 0x7c),         // green
+    info: Color::Rgb(0x83, 0xa5, 0x98),            // blue
+    mode_agent: Color::Rgb(0x83, 0xa5, 0x98),      // blue
+    mode_yolo: Color::Rgb(0xfb, 0x49, 0x34),       // red
+    mode_plan: Color::Rgb(0xfe, 0x80, 0x19),       // orange
+    mode_goal: Color::Rgb(0x8e, 0xc0, 0x7c),       // green
+    status_ready: Color::Rgb(0x92, 0x83, 0x74),    // gray
+    status_working: Color::Rgb(0x8e, 0xc0, 0x7c),  // aqua
+    status_warning: Color::Rgb(0xfa, 0xbd, 0x2f),  // yellow
+    diff_added_fg: Color::Rgb(0x8e, 0xc0, 0x7c),   // green
+    diff_deleted_fg: Color::Rgb(0xfb, 0x49, 0x34), // red
+    diff_added_bg: Color::Rgb(0x29, 0x32, 0x16),
+    diff_deleted_bg: Color::Rgb(0x35, 0x1c, 0x18),
+    tool_running: Color::Rgb(0x8e, 0xc0, 0x7c), // aqua
+    tool_success: Color::Rgb(0x92, 0x83, 0x74), // gray
+    tool_failed: Color::Rgb(0xfb, 0x49, 0x34),  // red
 };
 
 /// Stable identifiers for the named themes the user can select. `System`
@@ -592,7 +934,7 @@ impl ThemeId {
     pub const fn tagline(self) -> &'static str {
         match self {
             Self::System => "Follow terminal background (COLORFGBG / macOS appearance)",
-            Self::Whale => "Default DeepSeek dark blue",
+            Self::Whale => "Whale dark — deep navy & gold",
             Self::WhaleLight => "DeepSeek light, paper-ish",
             Self::Grayscale => "Color-minimal high contrast",
             Self::CatppuccinMocha => "Soft pastels on warm dark",
@@ -809,54 +1151,30 @@ fn adapt_bg_for_light_palette(color: Color) -> Color {
 // no-op — the existing dark/light pipeline handles those.
 
 /// Per-preset green accent used for things that semantically *should* stay
-/// green even after theming (diff "+" lines, user-input body). Mapping these
-/// to `ui.status_working` would lose the green/cyan distinction the UI
-/// relies on, so we keep a small dedicated table.
+/// green even after theming (diff "+" lines, user-input body). Now delegates
+/// to the active UiTheme's diff_added_fg.
 #[must_use]
-const fn theme_green(theme: ThemeId) -> Color {
-    match theme {
-        ThemeId::CatppuccinMocha => Color::Rgb(0xa6, 0xe3, 0xa1),
-        ThemeId::TokyoNight => Color::Rgb(0x9e, 0xce, 0x6a),
-        ThemeId::Dracula => Color::Rgb(0x50, 0xfa, 0x7b),
-        ThemeId::GruvboxDark => Color::Rgb(0xb8, 0xbb, 0x26),
-        _ => USER_BODY,
-    }
+const fn theme_green(ui: &UiTheme) -> Color {
+    ui.diff_added_fg
 }
 
 /// Per-preset red accent, used for diff "−" line foreground when present.
 #[must_use]
-const fn theme_red(theme: ThemeId) -> Color {
-    match theme {
-        ThemeId::CatppuccinMocha => Color::Rgb(0xf3, 0x8b, 0xa8),
-        ThemeId::TokyoNight => Color::Rgb(0xf7, 0x76, 0x8e),
-        ThemeId::Dracula => Color::Rgb(0xff, 0x55, 0x55),
-        ThemeId::GruvboxDark => Color::Rgb(0xfb, 0x49, 0x34),
-        _ => DEEPSEEK_RED,
-    }
+#[allow(dead_code)]
+const fn theme_red(ui: &UiTheme) -> Color {
+    ui.diff_deleted_fg
 }
 
 /// Per-preset dark-green diff-added background tint.
 #[must_use]
-const fn theme_diff_added_bg(theme: ThemeId) -> Color {
-    match theme {
-        ThemeId::CatppuccinMocha => Color::Rgb(0x1f, 0x33, 0x29),
-        ThemeId::TokyoNight => Color::Rgb(0x1b, 0x2b, 0x1f),
-        ThemeId::Dracula => Color::Rgb(0x21, 0x3a, 0x2a),
-        ThemeId::GruvboxDark => Color::Rgb(0x29, 0x32, 0x16),
-        _ => DIFF_ADDED_BG,
-    }
+const fn theme_diff_added_bg(ui: &UiTheme) -> Color {
+    ui.diff_added_bg
 }
 
 /// Per-preset dark-red diff-deleted background tint.
 #[must_use]
-const fn theme_diff_deleted_bg(theme: ThemeId) -> Color {
-    match theme {
-        ThemeId::CatppuccinMocha => Color::Rgb(0x3a, 0x1f, 0x2a),
-        ThemeId::TokyoNight => Color::Rgb(0x33, 0x1c, 0x24),
-        ThemeId::Dracula => Color::Rgb(0x3a, 0x1f, 0x22),
-        ThemeId::GruvboxDark => Color::Rgb(0x35, 0x1c, 0x18),
-        _ => DIFF_DELETED_BG,
-    }
+const fn theme_diff_deleted_bg(ui: &UiTheme) -> Color {
+    ui.diff_deleted_bg
 }
 
 /// Returns `true` if the preset participates in the cell-level remap. The
@@ -905,13 +1223,12 @@ pub fn adapt_fg_for_theme(color: Color, theme: ThemeId, ui: &UiTheme) -> Color {
     } else if color == ACCENT_TOOL_ISSUE {
         ui.mode_yolo
     } else if color == STATUS_WARNING {
-        ui.status_warning
-    } else if color == DEEPSEEK_RED {
-        theme_red(theme)
+        ui.warning
+    } else if color == STATUS_ERROR || color == DEEPSEEK_RED {
+        ui.error_fg
     } else if color == DIFF_ADDED || color == USER_BODY {
-        theme_green(theme)
+        theme_green(ui)
     } else if color == DEEPSEEK_BLUE {
-        // The default mode_agent accent — keep it in the preset's blue family.
         ui.mode_agent
     } else {
         color
@@ -939,19 +1256,18 @@ pub fn adapt_bg_for_theme(color: Color, theme: ThemeId, ui: &UiTheme) -> Color {
     } else if color == SURFACE_REASONING
         || color == SURFACE_REASONING_TINT
         || color == SURFACE_REASONING_ACTIVE
-        || color == SURFACE_SUCCESS
-        || color == SURFACE_ERROR
     {
-        // Reasoning/success/error backgrounds are subtle tints that don't have
-        // a dedicated theme slot. Collapse them onto the panel surface so they
-        // read as recessed rather than a stray default-blue tint.
         ui.panel_bg
+    } else if color == SURFACE_SUCCESS {
+        ui.diff_added_bg
+    } else if color == SURFACE_ERROR {
+        ui.error_surface
     } else if color == SELECTION_BG {
         ui.selection_bg
     } else if color == DIFF_ADDED_BG {
-        theme_diff_added_bg(theme)
+        theme_diff_added_bg(ui)
     } else if color == DIFF_DELETED_BG {
-        theme_diff_deleted_bg(theme)
+        theme_diff_deleted_bg(ui)
     } else {
         color
     }
@@ -1208,10 +1524,9 @@ pub fn blend(fg: Color, bg: Color, alpha: f32) -> Color {
     }
 }
 
-/// Return the reasoning surface color tinted at 12% over the app background.
-/// This is the headline reasoning treatment in v0.6.6; a 12% blend keeps the
-/// warm bias subtle without competing with body text. Returns `None` when the
-/// terminal can't render the bg faithfully.
+/// Return the dedicated reasoning surface tint for terminals that can render
+/// background colors faithfully. ANSI-16 terminals disable the tint because
+/// the nearest named background is too coarse for this subtle treatment.
 #[must_use]
 pub fn reasoning_surface_tint(depth: ColorDepth) -> Option<Color> {
     match depth {
@@ -1363,7 +1678,8 @@ mod tests {
         GRAYSCALE_UI_THEME, LIGHT_BORDER, LIGHT_ELEVATED, LIGHT_PANEL, LIGHT_REASONING,
         LIGHT_SURFACE, LIGHT_TEXT_BODY, LIGHT_TEXT_HINT, LIGHT_UI_THEME, PaletteMode,
         SURFACE_REASONING, SURFACE_REASONING_TINT, TEXT_BODY, TEXT_HINT, TEXT_REASONING,
-        TEXT_TOOL_OUTPUT, UI_THEME, adapt_bg, adapt_bg_for_palette_mode, adapt_color,
+        TEXT_TOOL_OUTPUT, UI_THEME, WHALE_REASONING_TEXT_RGB, WHALE_REASONING_TINT_RGB,
+        WHALE_TEXT_BODY_RGB, adapt_bg, adapt_bg_for_palette_mode, adapt_color,
         adapt_fg_for_palette_mode, blend, luma, nearest_ansi16, normalize_hex_rgb_color,
         normalize_theme_name, parse_hex_rgb_color, pulse_brightness, reasoning_surface_tint,
         rgb_to_ansi256, theme_label_for_mode, ui_theme_from_settings,
@@ -1468,9 +1784,30 @@ mod tests {
 
     #[test]
     fn dark_palette_uses_soft_body_text_and_warm_reasoning() {
-        assert_eq!(TEXT_BODY, Color::Rgb(226, 232, 240));
-        assert_eq!(TEXT_REASONING, Color::Rgb(211, 170, 112));
-        assert_eq!(ACCENT_REASONING_LIVE, Color::Rgb(224, 153, 72));
+        assert_eq!(
+            TEXT_BODY,
+            Color::Rgb(
+                WHALE_TEXT_BODY_RGB.0,
+                WHALE_TEXT_BODY_RGB.1,
+                WHALE_TEXT_BODY_RGB.2
+            )
+        );
+        assert_eq!(
+            TEXT_REASONING,
+            Color::Rgb(
+                WHALE_REASONING_TEXT_RGB.0,
+                WHALE_REASONING_TEXT_RGB.1,
+                WHALE_REASONING_TEXT_RGB.2
+            )
+        );
+        assert_eq!(
+            ACCENT_REASONING_LIVE,
+            Color::Rgb(
+                WHALE_REASONING_TEXT_RGB.0,
+                WHALE_REASONING_TEXT_RGB.1,
+                WHALE_REASONING_TEXT_RGB.2
+            )
+        );
         assert_ne!(TEXT_REASONING, TEXT_TOOL_OUTPUT);
         assert_ne!(TEXT_BODY, Color::White);
     }
@@ -1604,8 +1941,12 @@ mod tests {
             adapt_color(DEEPSEEK_SKY, ColorDepth::Ansi16),
             Color::LightBlue
         );
-        // Red: red-dominant, mid lum → Red (not the bright variant).
-        assert_eq!(adapt_color(DEEPSEEK_RED, ColorDepth::Ansi16), Color::Red);
+        // Rose Red is intentionally bright enough to use the terminal's
+        // bright red slot.
+        assert_eq!(
+            adapt_color(DEEPSEEK_RED, ColorDepth::Ansi16),
+            Color::LightRed
+        );
     }
 
     #[test]
@@ -1633,8 +1974,12 @@ mod tests {
     #[test]
     fn light_palette_maps_reasoning_tint_to_light_surface() {
         assert_eq!(
-            blend(SURFACE_REASONING, DEEPSEEK_INK, 0.12),
-            SURFACE_REASONING_TINT
+            SURFACE_REASONING_TINT,
+            Color::Rgb(
+                WHALE_REASONING_TINT_RGB.0,
+                WHALE_REASONING_TINT_RGB.1,
+                WHALE_REASONING_TINT_RGB.2
+            )
         );
         assert_eq!(
             adapt_bg_for_palette_mode(SURFACE_REASONING_TINT, PaletteMode::Light),
@@ -1693,14 +2038,13 @@ mod tests {
 
     #[test]
     fn nearest_ansi16_routes_known_brand_colors() {
-        // Blue-dominant brand colors should stay blue rather than collapsing
-        // to the user's terminal cyan, which is often much louder.
-        assert_eq!(nearest_ansi16(53, 120, 229), Color::Blue);
-        assert_eq!(nearest_ansi16(106, 174, 242), Color::LightBlue);
-        assert_eq!(nearest_ansi16(42, 74, 127), Color::Blue);
-        assert_eq!(nearest_ansi16(54, 187, 212), Color::LightCyan);
-        assert_eq!(nearest_ansi16(226, 80, 96), Color::Red);
-        assert_eq!(nearest_ansi16(11, 21, 38), Color::Black);
+        // v0.8.45: accent primary is Signal Gold (#F6C453), secondary is Seafoam.
+        assert_eq!(nearest_ansi16(246, 196, 83), Color::LightYellow); // Signal Gold
+        assert_eq!(nearest_ansi16(79, 209, 197), Color::LightCyan); // Seafoam
+        assert_eq!(nearest_ansi16(42, 74, 127), Color::Blue); // Border
+        assert_eq!(nearest_ansi16(54, 187, 212), Color::LightCyan); // Aqua
+        assert_eq!(nearest_ansi16(255, 92, 122), Color::LightRed); // Rose Red
+        assert_eq!(nearest_ansi16(13, 21, 37), Color::Black); // Deep Navy
     }
 
     #[test]
diff --git a/crates/tui/src/pricing.rs b/crates/tui/src/pricing.rs
index 750f9830..eb78ed8b 100644
--- a/crates/tui/src/pricing.rs
+++ b/crates/tui/src/pricing.rs
@@ -201,6 +201,25 @@ fn calculate_turn_cost_from_usage_with_pricing(pricing: CurrencyPricing, usage:
     hit_cost + miss_cost + output_cost
 }
 
+/// Estimate how much money was saved by serving `cache_hit_tokens` from the
+/// prefix cache instead of billing them at the cache-miss rate.  Returns `None`
+/// when the model's pricing is unknown or the number of cache-hit tokens is
+/// zero (nothing to save).
+#[must_use]
+pub fn calculate_cache_savings(model: &str, cache_hit_tokens: u32) -> Option<CostEstimate> {
+    if cache_hit_tokens == 0 {
+        return None;
+    }
+    let pricing = pricing_for_model(model)?;
+    let tokens = cache_hit_tokens as f64 / 1_000_000.0;
+    Some(CostEstimate {
+        usd: tokens
+            * (pricing.usd.input_cache_miss_per_million - pricing.usd.input_cache_hit_per_million),
+        cny: tokens
+            * (pricing.cny.input_cache_miss_per_million - pricing.cny.input_cache_hit_per_million),
+    })
+}
+
 /// Format a USD cost for compact display.
 #[must_use]
 #[allow(dead_code)]
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 1a08473d..55be26e8 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -868,10 +868,10 @@ impl RuntimeThreadManager {
 
         {
             let mut active = self.active.lock().await;
-            if let Some(state) = active.engines.get_mut(thread_id) {
-                if let Some(turn) = state.active_turn.as_mut() {
-                    turn.auto_approve = true;
-                }
+            if let Some(state) = active.engines.get_mut(thread_id)
+                && let Some(turn) = state.active_turn.as_mut()
+            {
+                turn.auto_approve = true;
             }
         }
     }
diff --git a/crates/tui/src/session_manager.rs b/crates/tui/src/session_manager.rs
index c5a69193..93fcb56c 100644
--- a/crates/tui/src/session_manager.rs
+++ b/crates/tui/src/session_manager.rs
@@ -132,6 +132,11 @@ pub struct SessionMetadata {
     /// current saved sessions are linear JSON files, not per-entry trees.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub forked_from_message_count: Option<usize>,
+    /// Cumulative turn duration in seconds (sum of completed turn elapsed
+    /// times). Persisted so the footer "worked" chip survives restarts
+    /// (#2038).
+    #[serde(default)]
+    pub cumulative_turn_secs: u64,
 }
 
 /// Cost and high-water-mark fields persisted with each session.
@@ -723,6 +728,7 @@ pub fn create_saved_session_with_id_and_mode(
             cost: SessionCostSnapshot::default(),
             parent_session_id: None,
             forked_from_message_count: None,
+            cumulative_turn_secs: 0,
         },
         messages: capped_messages,
         system_prompt: merge_truncation_note(
@@ -1045,6 +1051,7 @@ mod tests {
                 cost: SessionCostSnapshot::default(),
                 parent_session_id: None,
                 forked_from_message_count: None,
+                cumulative_turn_secs: 0,
             },
             system_prompt: None,
             context_references: Vec::new(),
@@ -1075,6 +1082,7 @@ mod tests {
                 cost: SessionCostSnapshot::default(),
                 parent_session_id: None,
                 forked_from_message_count: None,
+                cumulative_turn_secs: 0,
             },
             system_prompt: None,
             context_references: Vec::new(),
diff --git a/crates/tui/src/settings.rs b/crates/tui/src/settings.rs
index d3401071..252fdc7e 100644
--- a/crates/tui/src/settings.rs
+++ b/crates/tui/src/settings.rs
@@ -273,11 +273,6 @@ pub struct Settings {
     /// `binary_unavailable` response with an install hint, matching the
     /// pre-v0.8.32 behavior.
     pub prefer_external_pdftotext: bool,
-    /// Optional command that records/transcribes voice input and writes the
-    /// final UTF-8 transcript to stdout. Triggered by the command palette.
-    pub voice_input_command: Option<String>,
-    /// Timeout for the configured voice input command, in seconds.
-    pub voice_input_timeout_secs: u64,
 }
 
 impl Default for Settings {
@@ -320,8 +315,6 @@ impl Default for Settings {
             status_indicator: "whale".to_string(),
             synchronized_output: "auto".to_string(),
             prefer_external_pdftotext: false,
-            voice_input_command: None,
-            voice_input_timeout_secs: crate::tui::voice_input::default_timeout_secs(),
         }
     }
 }
@@ -370,11 +363,6 @@ impl Settings {
                 .to_string();
             s.background_color = normalize_optional_background_color(s.background_color.as_deref());
             s.theme = normalize_settings_theme(&s.theme).to_string();
-            let voice_input_command =
-                normalize_optional_voice_input_command(s.voice_input_command.as_deref());
-            s.voice_input_command = voice_input_command;
-            s.voice_input_timeout_secs =
-                crate::tui::voice_input::clamp_timeout_secs(s.voice_input_timeout_secs);
             s.default_model = s.default_model.as_deref().and_then(normalize_default_model);
             s.reasoning_effort = s
                 .reasoning_effort
@@ -396,15 +384,6 @@ impl Settings {
             self.low_motion = true;
             self.fancy_animations = false;
         }
-        if let Ok(value) = std::env::var("DEEPSEEK_VOICE_INPUT_COMMAND") {
-            self.voice_input_command = normalize_optional_voice_input_command(Some(&value));
-        }
-        if let Ok(value) = std::env::var("DEEPSEEK_VOICE_INPUT_TIMEOUT_SECS")
-            && let Ok(timeout_secs) = value.trim().parse::<u64>()
-        {
-            self.voice_input_timeout_secs =
-                crate::tui::voice_input::clamp_timeout_secs(timeout_secs);
-        }
         // VS Code (TERM_PROGRAM=vscode, #1356), Ghostty (TERM_PROGRAM=ghostty,
         // #1445), and a few VTE terminals (#1470) produce visible flicker at
         // 120 FPS. Drop to the 30 FPS low-motion cap for them automatically.
@@ -604,22 +583,6 @@ impl Settings {
             "prefer_external_pdftotext" | "external_pdftotext" | "pdftotext" => {
                 self.prefer_external_pdftotext = parse_bool(value)?;
             }
-            "voice_input_command" | "voice_command" | "dictation_command" => {
-                self.voice_input_command = normalize_optional_voice_input_command(Some(value));
-            }
-            "voice_input_timeout_secs" | "voice_timeout" | "dictation_timeout" => {
-                let timeout_secs: u64 = value.parse().map_err(|_| {
-                    anyhow::anyhow!(
-                        "Failed to update setting: invalid voice input timeout '{value}'. Expected a number from 1 to 600."
-                    )
-                })?;
-                if !(1..=600).contains(&timeout_secs) {
-                    anyhow::bail!(
-                        "Failed to update setting: voice input timeout must be between 1 and 600 seconds."
-                    );
-                }
-                self.voice_input_timeout_secs = timeout_secs;
-            }
             "default_mode" | "mode" => {
                 let normalized = normalize_mode(value);
                 if !["agent", "plan", "yolo"].contains(&normalized) {
@@ -748,16 +711,6 @@ impl Settings {
             "  prefer_external_pdftotext: {}",
             self.prefer_external_pdftotext
         ));
-        lines.push(format!(
-            "  voice_input_command: {}",
-            self.voice_input_command
-                .as_deref()
-                .unwrap_or("(not configured)")
-        ));
-        lines.push(format!(
-            "  voice_input_timeout_secs: {}",
-            self.voice_input_timeout_secs
-        ));
         lines.push(format!("  default_mode:       {}", self.default_mode));
         lines.push(format!(
             "  sidebar_width:      {}%",
@@ -850,14 +803,6 @@ impl Settings {
                 "prefer_external_pdftotext",
                 "Route PDF reads through Poppler's pdftotext instead of the bundled pure-Rust extractor: on/off (default off)",
             ),
-            (
-                "voice_input_command",
-                "Command run by command-palette Voice input; stdout must be the transcript, or none/default to disable",
-            ),
-            (
-                "voice_input_timeout_secs",
-                "Voice input command timeout in seconds: 1-600 (default 60)",
-            ),
             ("default_mode", "Default mode: agent, plan, yolo"),
             ("sidebar_width", "Sidebar width percentage: 10-50"),
             (
@@ -1078,24 +1023,6 @@ fn normalize_background_color_setting(value: &str) -> Result<Option<String>> {
     })
 }
 
-fn normalize_optional_voice_input_command(value: Option<&str>) -> Option<String> {
-    value.and_then(normalize_voice_input_command)
-}
-
-fn normalize_voice_input_command(value: &str) -> Option<String> {
-    let trimmed = value.trim();
-    if trimmed.is_empty()
-        || matches!(
-            trimmed.to_ascii_lowercase().as_str(),
-            "default" | "none" | "off" | "false" | "disabled"
-        )
-    {
-        None
-    } else {
-        Some(trimmed.to_string())
-    }
-}
-
 fn normalize_sidebar_focus(value: &str) -> &str {
     match value.trim().to_ascii_lowercase().as_str() {
         "work" | "plan" | "todos" => "work",
@@ -1308,39 +1235,6 @@ mod tests {
         assert!(!settings.context_panel);
     }
 
-    #[test]
-    fn voice_input_settings_normalize_and_clear() {
-        let mut settings = Settings::default();
-        assert!(settings.voice_input_command.is_none());
-        assert_eq!(
-            settings.voice_input_timeout_secs,
-            crate::tui::voice_input::default_timeout_secs()
-        );
-
-        settings
-            .set("voice_input_command", r#"python3 "/tmp/voice helper.py""#)
-            .expect("set voice command");
-        assert_eq!(
-            settings.voice_input_command.as_deref(),
-            Some(r#"python3 "/tmp/voice helper.py""#)
-        );
-
-        settings
-            .set("voice_input_timeout_secs", "120")
-            .expect("set timeout");
-        assert_eq!(settings.voice_input_timeout_secs, 120);
-
-        settings
-            .set("voice_command", "none")
-            .expect("clear voice command");
-        assert!(settings.voice_input_command.is_none());
-
-        let err = settings
-            .set("voice_timeout", "0")
-            .expect_err("timeout must be bounded");
-        assert!(err.to_string().contains("between 1 and 600"));
-    }
-
     #[test]
     fn display_localizes_header_and_config_file_label() {
         let settings = Settings::default();
diff --git a/crates/tui/src/skills/install.rs b/crates/tui/src/skills/install.rs
index 53e641fb..aa4550be 100644
--- a/crates/tui/src/skills/install.rs
+++ b/crates/tui/src/skills/install.rs
@@ -391,7 +391,10 @@ pub async fn update_with_registry(
     network: &NetworkPolicy,
     registry_url: &str,
 ) -> Result<UpdateResult> {
-    let target = skills_dir.join(name);
+    let target = skill_target_path(name, skills_dir)?;
+    if target.exists() {
+        ensure_target_within_skills_dir(&target, skills_dir)?;
+    }
     let marker_path = target.join(INSTALLED_FROM_MARKER);
     if !marker_path.exists() {
         return Err(InstallError::NotInstalledHere(name.to_string()).into());
@@ -439,10 +442,11 @@ pub async fn update_with_registry(
 /// Refuses to touch any directory that doesn't carry the `.installed-from`
 /// marker — that's our cue that it's user-owned and not a system skill.
 pub fn uninstall(name: &str, skills_dir: &Path) -> Result<()> {
-    let target = skills_dir.join(name);
+    let target = skill_target_path(name, skills_dir)?;
     if !target.exists() {
         bail!("skill '{name}' is not installed at {}", target.display());
     }
+    ensure_target_within_skills_dir(&target, skills_dir)?;
     if !target.join(INSTALLED_FROM_MARKER).exists() {
         return Err(InstallError::NotInstalledHere(name.to_string()).into());
     }
@@ -458,10 +462,11 @@ pub fn uninstall(name: &str, skills_dir: &Path) -> Result<()> {
 /// Refuses to mark system skills (no `.installed-from`) so the bundled
 /// `skill-creator` doesn't accidentally inherit elevated tool privileges.
 pub fn trust(name: &str, skills_dir: &Path) -> Result<()> {
-    let target = skills_dir.join(name);
+    let target = skill_target_path(name, skills_dir)?;
     if !target.exists() {
         bail!("skill '{name}' is not installed at {}", target.display());
     }
+    ensure_target_within_skills_dir(&target, skills_dir)?;
     if !target.join(INSTALLED_FROM_MARKER).exists() {
         return Err(InstallError::NotInstalledHere(name.to_string()).into());
     }
@@ -1343,6 +1348,40 @@ fn is_safe_path(path: &Path) -> bool {
     true
 }
 
+fn skill_target_path(name: &str, skills_dir: &Path) -> Result<PathBuf> {
+    let name = validate_skill_name_segment(name)?;
+    Ok(skills_dir.join(name))
+}
+
+fn validate_skill_name_segment(name: &str) -> Result<&str> {
+    if name.is_empty() || name.trim() != name || name.chars().any(char::is_whitespace) {
+        bail!("skill name must be a single path-safe segment (got '{name}')");
+    }
+    if name == "." || name == ".." || name.contains('/') || name.contains('\\') {
+        bail!("skill name must be a single path-safe segment (got '{name}')");
+    }
+    let mut components = Path::new(name).components();
+    if !matches!(components.next(), Some(Component::Normal(_))) || components.next().is_some() {
+        bail!("skill name must be a single path-safe segment (got '{name}')");
+    }
+    Ok(name)
+}
+
+fn ensure_target_within_skills_dir(target: &Path, skills_dir: &Path) -> Result<()> {
+    let skills_dir = fs::canonicalize(skills_dir)
+        .with_context(|| format!("failed to resolve {}", skills_dir.display()))?;
+    let target = fs::canonicalize(target)
+        .with_context(|| format!("failed to resolve {}", target.display()))?;
+    if !target.starts_with(&skills_dir) {
+        bail!(
+            "skill path {} escapes skills directory {}",
+            target.display(),
+            skills_dir.display()
+        );
+    }
+    Ok(())
+}
+
 /// Strip a leading directory prefix (e.g. `repo-main/`) from a tarball path.
 fn strip_prefix<'a>(path: &'a str, prefix: &str) -> std::borrow::Cow<'a, str> {
     if prefix.is_empty() {
@@ -1394,13 +1433,7 @@ fn parse_frontmatter_name(bytes: &[u8]) -> Result<String> {
     if !has_description {
         return Err(InstallError::MissingFrontmatterField("description").into());
     }
-    // Sanity check: name must be a single path-safe segment.
-    if name.contains('/')
-        || name.contains('\\')
-        || name == "."
-        || name == ".."
-        || name.contains(' ')
-    {
+    if validate_skill_name_segment(&name).is_err() {
         bail!("SKILL.md `name` must be a single path-safe segment (got '{name}')");
     }
     Ok(name)
@@ -1546,6 +1579,9 @@ mod tests {
 
         let body = b"---\nname: a name with spaces\ndescription: x\n---\n";
         assert!(parse_frontmatter_name(body).is_err());
+
+        let body = b"---\nname: tab\tname\ndescription: x\n---\n";
+        assert!(parse_frontmatter_name(body).is_err());
     }
 
     #[test]
@@ -1554,6 +1590,66 @@ mod tests {
         assert!(parse_frontmatter_name(body).is_err());
     }
 
+    #[test]
+    fn user_skill_names_must_be_single_safe_segments() {
+        for bad in [
+            "",
+            "../evil",
+            "/tmp/evil",
+            "two words",
+            "two\twords",
+            "evil/name",
+            "evil\\name",
+            ".",
+            "..",
+            " leading",
+            "trailing ",
+        ] {
+            assert!(
+                validate_skill_name_segment(bad).is_err(),
+                "expected {bad:?} to be rejected"
+            );
+        }
+        assert_eq!(
+            validate_skill_name_segment("safe-name_1").unwrap(),
+            "safe-name_1"
+        );
+    }
+
+    #[test]
+    fn uninstall_and_trust_reject_unsafe_skill_names_before_path_join() {
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let skills_dir = tmp.path().join("skills");
+        std::fs::create_dir_all(&skills_dir).expect("skills dir");
+
+        for bad in [
+            "../evil",
+            "/tmp/evil",
+            "evil/name",
+            "evil\\name",
+            "two words",
+        ] {
+            assert!(uninstall(bad, &skills_dir).is_err());
+            assert!(trust(bad, &skills_dir).is_err());
+        }
+    }
+
+    #[cfg(unix)]
+    #[test]
+    fn uninstall_rejects_symlink_target_escaping_skills_dir() {
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let skills_dir = tmp.path().join("skills");
+        let outside = tmp.path().join("outside");
+        std::fs::create_dir_all(&skills_dir).expect("skills dir");
+        std::fs::create_dir_all(&outside).expect("outside dir");
+        std::fs::write(outside.join(INSTALLED_FROM_MARKER), "{}").expect("marker");
+        std::os::unix::fs::symlink(&outside, skills_dir.join("linked")).expect("symlink");
+
+        let err = uninstall("linked", &skills_dir).unwrap_err();
+        assert!(err.to_string().contains("escapes skills directory"));
+        assert!(outside.exists());
+    }
+
     #[test]
     fn strip_prefix_handles_all_cases() {
         assert_eq!(strip_prefix("foo/bar", "foo"), "bar");
diff --git a/crates/tui/src/theme_qa_audit.rs b/crates/tui/src/theme_qa_audit.rs
new file mode 100644
index 00000000..a19da7e3
--- /dev/null
+++ b/crates/tui/src/theme_qa_audit.rs
@@ -0,0 +1,324 @@
+//! v0.8.45 theme QA audit — verification script.
+//!
+//! This module validates:
+//! - Every shipped theme has all required semantic palette fields populated.
+//! - Error/destructive states are distinct from warm action accents.
+//! - Selection, focus, diff, warning, success, and status colors are readable.
+//! - Terminal contrast is checked for common truecolor surfaces.
+//!
+//! Run with: cargo test -p codewhale-tui -- theme_qa
+
+#[cfg(test)]
+mod tests {
+    use crate::palette::{
+        CATPPUCCIN_MOCHA_UI_THEME, DRACULA_UI_THEME, GRAYSCALE_UI_THEME, GRUVBOX_DARK_UI_THEME,
+        LIGHT_UI_THEME, TOKYO_NIGHT_UI_THEME, UI_THEME, UiTheme,
+    };
+    use ratatui::style::Color;
+
+    /// All shipped themes in display order.
+    const ALL_THEMES: &[UiTheme] = &[
+        UI_THEME,
+        LIGHT_UI_THEME,
+        GRAYSCALE_UI_THEME,
+        CATPPUCCIN_MOCHA_UI_THEME,
+        TOKYO_NIGHT_UI_THEME,
+        DRACULA_UI_THEME,
+        GRUVBOX_DARK_UI_THEME,
+    ];
+
+    /// Extract (r, g, b) from a Color::Rgb. Returns None for non-RGB colors.
+    fn rgb(color: Color) -> Option<(u8, u8, u8)> {
+        match color {
+            Color::Rgb(r, g, b) => Some((r, g, b)),
+            _ => None,
+        }
+    }
+
+    /// Relative luminance per WCAG 2.1.
+    fn relative_luminance(r: u8, g: u8, b: u8) -> f64 {
+        fn channel(c: u8) -> f64 {
+            let s = c as f64 / 255.0;
+            if s <= 0.03928 {
+                s / 12.92
+            } else {
+                ((s + 0.055) / 1.055).powf(2.4)
+            }
+        }
+        0.2126 * channel(r) + 0.7152 * channel(g) + 0.0722 * channel(b)
+    }
+
+    /// WCAG 2.1 contrast ratio.
+    fn contrast_ratio(fg: (u8, u8, u8), bg: (u8, u8, u8)) -> f64 {
+        let l1 = relative_luminance(fg.0, fg.1, fg.2);
+        let l2 = relative_luminance(bg.0, bg.1, bg.2);
+        let (lighter, darker) = if l1 > l2 { (l1, l2) } else { (l2, l1) };
+        (lighter + 0.05) / (darker + 0.05)
+    }
+
+    #[test]
+    fn all_themes_have_non_default_surface_bg() {
+        for theme in ALL_THEMES {
+            assert!(
+                rgb(theme.surface_bg).is_some(),
+                "{}: surface_bg must be an RGB color",
+                theme.name
+            );
+        }
+    }
+
+    #[test]
+    fn all_themes_have_required_semantic_fields() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            // Every theme must have distinct accent colors.
+            assert!(
+                rgb(theme.accent_primary).is_some(),
+                "{name}: accent_primary missing"
+            );
+            assert!(
+                rgb(theme.accent_secondary).is_some(),
+                "{name}: accent_secondary missing"
+            );
+            assert!(
+                rgb(theme.accent_action).is_some(),
+                "{name}: accent_action missing"
+            );
+
+            // Error/destructive must be separate from action accent.
+            assert_ne!(
+                theme.error_fg, theme.accent_action,
+                "{name}: error_fg should differ from accent_action"
+            );
+            assert_ne!(
+                theme.error_fg, theme.accent_primary,
+                "{name}: error_fg should differ from accent_primary"
+            );
+
+            // Error fields present.
+            assert!(rgb(theme.error_fg).is_some(), "{name}: error_fg missing");
+            assert!(
+                rgb(theme.error_hover).is_some(),
+                "{name}: error_hover missing"
+            );
+            assert!(
+                rgb(theme.error_surface).is_some(),
+                "{name}: error_surface missing"
+            );
+            assert!(
+                rgb(theme.error_border).is_some(),
+                "{name}: error_border missing"
+            );
+            assert!(
+                rgb(theme.error_text).is_some(),
+                "{name}: error_text missing"
+            );
+
+            // Warning / success / info present.
+            assert!(rgb(theme.warning).is_some(), "{name}: warning missing");
+            assert!(rgb(theme.success).is_some(), "{name}: success missing");
+            assert!(rgb(theme.info).is_some(), "{name}: info missing");
+
+            // Diff colors present.
+            assert!(
+                rgb(theme.diff_added_fg).is_some(),
+                "{name}: diff_added_fg missing"
+            );
+            assert!(
+                rgb(theme.diff_deleted_fg).is_some(),
+                "{name}: diff_deleted_fg missing"
+            );
+            assert!(
+                rgb(theme.diff_added_bg).is_some(),
+                "{name}: diff_added_bg missing"
+            );
+            assert!(
+                rgb(theme.diff_deleted_bg).is_some(),
+                "{name}: diff_deleted_bg missing"
+            );
+
+            // Tool colors present.
+            assert!(
+                rgb(theme.tool_running).is_some(),
+                "{name}: tool_running missing"
+            );
+            assert!(
+                rgb(theme.tool_success).is_some(),
+                "{name}: tool_success missing"
+            );
+            assert!(
+                rgb(theme.tool_failed).is_some(),
+                "{name}: tool_failed missing"
+            );
+        }
+    }
+
+    #[test]
+    fn body_text_has_minimum_contrast_on_surface() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            let Some(fg) = rgb(theme.text_body) else {
+                continue;
+            };
+            let Some(bg) = rgb(theme.surface_bg) else {
+                continue;
+            };
+            let cr = contrast_ratio(fg, bg);
+            assert!(
+                cr >= 4.5,
+                "{name}: body text contrast {cr:.1}:1 is below 4.5:1 minimum (fg={fg:?}, bg={bg:?})"
+            );
+        }
+    }
+
+    #[test]
+    fn muted_text_is_readable_on_surface() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            let Some(fg) = rgb(theme.text_muted) else {
+                continue;
+            };
+            let Some(bg) = rgb(theme.surface_bg) else {
+                continue;
+            };
+            let cr = contrast_ratio(fg, bg);
+            assert!(
+                cr >= 3.0,
+                "{name}: muted text contrast {cr:.1}:1 is below 3.0:1 minimum (fg={fg:?}, bg={bg:?})"
+            );
+        }
+    }
+
+    #[test]
+    fn error_text_contrasts_on_error_surface() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            let Some(fg) = rgb(theme.error_text) else {
+                continue;
+            };
+            let Some(bg) = rgb(theme.error_surface) else {
+                continue;
+            };
+            let cr = contrast_ratio(fg, bg);
+            assert!(
+                cr >= 4.5,
+                "{name}: error_text on error_surface contrast {cr:.1}:1 is below 4.5:1"
+            );
+        }
+    }
+
+    #[test]
+    fn selection_bg_differs_from_surface_bg() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            assert_ne!(
+                theme.selection_bg, theme.surface_bg,
+                "{name}: selection_bg must differ from surface_bg"
+            );
+        }
+    }
+
+    #[test]
+    fn surface_layers_are_distinct() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            // Panel should be distinct from surface (unless grayscale which has limited range).
+            if theme.name != "grayscale" {
+                assert_ne!(
+                    theme.panel_bg, theme.surface_bg,
+                    "{name}: panel_bg must differ from surface_bg for visual layering"
+                );
+            }
+        }
+    }
+
+    #[test]
+    fn success_and_warning_are_visually_distinct() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            assert_ne!(
+                theme.success, theme.warning,
+                "{name}: success and warning must be distinct colors"
+            );
+            assert_ne!(
+                theme.success, theme.error_fg,
+                "{name}: success and error must be distinct colors"
+            );
+        }
+    }
+
+    #[test]
+    fn diff_added_and_deleted_are_distinct() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            assert_ne!(
+                theme.diff_added_fg, theme.diff_deleted_fg,
+                "{name}: diff add/del fg must differ"
+            );
+            assert_ne!(
+                theme.diff_added_bg, theme.diff_deleted_bg,
+                "{name}: diff add/del bg must differ"
+            );
+        }
+    }
+
+    #[test]
+    fn mode_colors_are_all_distinct() {
+        for theme in ALL_THEMES {
+            let name = theme.name;
+            let modes = [
+                ("agent", theme.mode_agent),
+                ("yolo", theme.mode_yolo),
+                ("plan", theme.mode_plan),
+                ("goal", theme.mode_goal),
+            ];
+            for i in 0..modes.len() {
+                for j in (i + 1)..modes.len() {
+                    assert_ne!(
+                        modes[i].1, modes[j].1,
+                        "{name}: mode {} and mode {} have same color",
+                        modes[i].0, modes[j].0
+                    );
+                }
+            }
+        }
+    }
+
+    #[test]
+    fn whale_dark_uses_proposed_palette() {
+        // Issue #2012: verify the default Whale dark uses proposed tokens.
+        let t = UI_THEME;
+        assert_eq!(rgb(t.surface_bg), Some((13, 21, 37)), "Deep Navy #0D1525");
+        assert_eq!(
+            rgb(t.text_body),
+            Some((246, 242, 232)),
+            "Whale Ivory #F6F2E8"
+        );
+        assert_eq!(
+            rgb(t.text_muted),
+            Some((169, 180, 199)),
+            "Mist Gray #A9B4C7"
+        );
+        assert_eq!(
+            rgb(t.accent_primary),
+            Some((246, 196, 83)),
+            "Signal Gold #F6C453"
+        );
+        assert_eq!(
+            rgb(t.accent_secondary),
+            Some((79, 209, 197)),
+            "Seafoam #4FD1C5"
+        );
+        assert_eq!(
+            rgb(t.accent_action),
+            Some((255, 122, 89)),
+            "Coral Spark #FF7A59"
+        );
+        assert_eq!(rgb(t.error_fg), Some((255, 92, 122)), "Rose Red #FF5C7A");
+        assert_eq!(
+            rgb(t.error_surface),
+            Some((42, 18, 26)),
+            "Error Surface #2A121A"
+        );
+    }
+}
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index f0368bf5..68cc3539 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -129,18 +129,6 @@ pub enum AppMode {
     Plan,
 }
 
-#[derive(Debug, Clone)]
-pub struct VoiceInputState {
-    pub started_at: Instant,
-}
-
-impl VoiceInputState {
-    #[must_use]
-    pub fn new(started_at: Instant) -> Self {
-        Self { started_at }
-    }
-}
-
 /// One row in the per-turn cache-telemetry ring (`/cache` debug surface, #263).
 #[derive(Debug, Clone)]
 pub struct TurnCacheRecord {
@@ -1090,8 +1078,6 @@ pub struct App {
     pub sticky_status: Option<StatusToast>,
     /// Last status text already promoted from `status_message` into toast state.
     pub last_status_message_seen: Option<String>,
-    /// Active external speech-to-text helper launched from the command palette.
-    pub voice_input_state: Option<VoiceInputState>,
     pub model: String,
     /// When true, the model is auto-selected based on request complexity
     /// rather than using a fixed model. The `/model auto` command sets this.
@@ -1816,7 +1802,6 @@ impl App {
             status_toasts: VecDeque::new(),
             sticky_status: None,
             last_status_message_seen: None,
-            voice_input_state: None,
             model,
             auto_model,
             last_effective_model: None,
@@ -2220,6 +2205,9 @@ impl App {
         metadata.cost.subagent_cost_cny = self.session.subagent_cost_cny;
         metadata.cost.displayed_cost_high_water_usd = self.session.displayed_cost_high_water;
         metadata.cost.displayed_cost_high_water_cny = self.session.displayed_cost_high_water_cny;
+        // Persist cumulative turn duration so the footer "worked" chip
+        // survives session save/restore (#2038).
+        metadata.cumulative_turn_secs = self.cumulative_turn_duration.as_secs();
     }
 
     /// Recompute the displayed cost high-water mark. Called any time a cost
@@ -2279,6 +2267,18 @@ impl App {
         crate::pricing::format_cost_amount_precise(amount, self.cost_currency)
     }
 
+    /// Estimated cost saved by the last turn's cache-hit tokens in the
+    /// configured display currency.  Returns `None` when the model's pricing
+    /// is unknown or there were no cache hits.
+    pub fn last_turn_cache_savings(&self) -> Option<f64> {
+        let hit_tokens = self.session.last_prompt_cache_hit_tokens?;
+        let estimate = crate::pricing::calculate_cache_savings(&self.model, hit_tokens)?;
+        Some(match self.cost_currency {
+            crate::pricing::CostCurrency::Usd => estimate.usd,
+            crate::pricing::CostCurrency::Cny => estimate.cny,
+        })
+    }
+
     /// Fold the oldest [`Self::HISTORY_FOLD_BATCH`] cells into a single
     /// `ArchivedContext` placeholder when history exceeds the soft cap.
     /// Called from [`Self::add_message`]; the caller is responsible for
diff --git a/crates/tui/src/tui/color_compat.rs b/crates/tui/src/tui/color_compat.rs
index 68c367f2..73a253aa 100644
--- a/crates/tui/src/tui/color_compat.rs
+++ b/crates/tui/src/tui/color_compat.rs
@@ -255,7 +255,7 @@ mod tests {
     fn light_palette_maps_dark_cells_before_depth_adaptation() {
         let mut cell = Cell::default();
         cell.set_fg(Color::White);
-        cell.set_bg(Color::Rgb(11, 21, 38));
+        cell.set_bg(palette::DEEPSEEK_INK);
 
         adapt_cell_colors(
             &mut cell,
diff --git a/crates/tui/src/tui/command_palette.rs b/crates/tui/src/tui/command_palette.rs
index 4af59bcf..f1e5bb04 100644
--- a/crates/tui/src/tui/command_palette.rs
+++ b/crates/tui/src/tui/command_palette.rs
@@ -55,14 +55,6 @@ pub fn build_entries(
 ) -> Vec<CommandPaletteEntry> {
     let mut entries = Vec::new();
 
-    entries.push(CommandPaletteEntry {
-        section: PaletteSection::Action,
-        label: "Voice input".to_string(),
-        description: "Listen, transcribe, and insert editable text into the composer".to_string(),
-        command: "voice input dictate microphone speech".to_string(),
-        action: CommandPaletteAction::VoiceInput,
-    });
-
     for command in commands::COMMANDS {
         let mut description = command.palette_description_for(locale);
         if command.requires_argument() {
@@ -1017,24 +1009,6 @@ mod tests {
         assert!(!command_labels.contains(&"/deepseek"));
     }
 
-    #[test]
-    fn command_palette_includes_voice_input_action() {
-        let entries = build_entries(
-            Locale::En,
-            Path::new("."),
-            Path::new("."),
-            Path::new("mcp.json"),
-            None,
-        );
-        let voice = entries
-            .iter()
-            .find(|entry| entry.section == PaletteSection::Action && entry.label == "Voice input")
-            .expect("voice input action");
-
-        assert!(voice.description.contains("composer"));
-        assert!(matches!(voice.action, CommandPaletteAction::VoiceInput));
-    }
-
     #[test]
     fn command_palette_inserts_model_command_for_argument_entry() {
         let entries = build_entries(
diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 3b0c3ebd..0269c8de 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -72,8 +72,7 @@ pub(crate) fn render_footer(f: &mut Frame, area: Rect, app: &mut App) {
         // Surface one compact live status row in the footer whenever a turn
         // is live. Tool turns get the current action plus active/done counts;
         // non-tool work falls back to the existing dot-pulse label.
-        let mut label = active_voice_input_status_label(app, now_ms)
-            .or_else(|| active_subagent_status_label(app))
+        let mut label = active_subagent_status_label(app)
             .or_else(|| active_tool_status_label(app))
             .unwrap_or_else(|| crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale));
         // Append stall reason when the turn has been running > 30 s.
@@ -156,47 +155,16 @@ pub(crate) fn stall_reason(app: &App) -> Option<&'static str> {
 /// though the agent is still working.
 pub(crate) fn footer_working_strip_active(app: &App) -> bool {
     let turn_in_progress = app.runtime_turn_status.as_deref() == Some("in_progress");
-    app.is_loading
-        || app.is_compacting
-        || running_agent_count(app) > 0
-        || turn_in_progress
-        || app.voice_input_state.is_some()
+    app.is_loading || app.is_compacting || running_agent_count(app) > 0 || turn_in_progress
 }
 
 pub(crate) fn footer_working_label_frame(now_ms: u64, fancy_animations: bool) -> u64 {
     if fancy_animations { now_ms / 400 } else { 0 }
 }
 
-pub(crate) fn active_voice_input_status_label(app: &App, now_ms: u64) -> Option<String> {
-    let state = app.voice_input_state.as_ref()?;
-    let elapsed = state.started_at.elapsed().as_secs();
-    Some(voice_input_status_text(
-        app.fancy_animations,
-        elapsed,
-        now_ms,
-    ))
-}
-
-pub(crate) fn voice_input_status_text(
-    fancy_animations: bool,
-    elapsed_secs: u64,
-    now_ms: u64,
-) -> String {
-    if !fancy_animations {
-        return format!("listening/transcribing {elapsed_secs}s");
-    }
-    let dots = match (now_ms / 300) % 4 {
-        0 => "",
-        1 => ".",
-        2 => "..",
-        _ => "...",
-    };
-    format!("listening/transcribing{dots} {elapsed_secs}s")
-}
-
 #[cfg(test)]
 mod tests {
-    use super::{footer_working_label_frame, voice_input_status_text};
+    use super::footer_working_label_frame;
 
     #[test]
     fn footer_working_label_frame_is_static_without_fancy_animations() {
@@ -205,15 +173,6 @@ mod tests {
         assert_eq!(footer_working_label_frame(1_600, false), 0);
         assert_eq!(footer_working_label_frame(1_600, true), 4);
     }
-
-    #[test]
-    fn voice_input_status_label_animates_when_enabled() {
-        let first = voice_input_status_text(true, 2, 0);
-        let second = voice_input_status_text(true, 2, 300);
-
-        assert_ne!(first, second);
-        assert!(first.contains("listening/transcribing"));
-    }
 }
 
 pub(crate) fn is_noisy_subagent_progress(status: &str) -> bool {
@@ -583,10 +542,21 @@ pub(crate) fn footer_cost_spans(app: &App) -> Vec<Span<'static>> {
     if !should_show_footer_cost(displayed_cost) {
         return Vec::new();
     }
-    vec![Span::styled(
+    let mut spans = vec![Span::styled(
         app.format_cost_amount(displayed_cost),
         Style::default().fg(palette::TEXT_MUTED),
-    )]
+    )];
+    // Append cache-savings hint when the last turn had cache hits that
+    // saved money (#2038).
+    if let Some(saved) = app.last_turn_cache_savings()
+        && saved > 0.0
+    {
+        spans.push(Span::styled(
+            format!(" · saved {}", app.format_cost_amount(saved)),
+            Style::default().fg(palette::STATUS_SUCCESS),
+        ));
+    }
+    spans
 }
 
 pub(crate) fn should_show_footer_cost(displayed_cost: f64) -> bool {
diff --git a/crates/tui/src/tui/markdown_render.rs b/crates/tui/src/tui/markdown_render.rs
index 0ad25467..e9c92e3a 100644
--- a/crates/tui/src/tui/markdown_render.rs
+++ b/crates/tui/src/tui/markdown_render.rs
@@ -1571,7 +1571,7 @@ mod tests {
     fn table_pipes_inside_inline_code_stay_in_the_cell() {
         let src = "| Check | Result |\n\
                    |---|---|\n\
-                   | `strings ~/.cargo/bin/codewhale-tui | grep -c \"Goal mode\"` | 0 matches |\n";
+                   | `strings ~/.cargo/bin/codewhale-tui | grep -c \"legacy marker\"` | 0 matches |\n";
         let parsed = parse(src);
 
         let rows: Vec<&Vec<String>> = parsed
@@ -1587,7 +1587,7 @@ mod tests {
         assert_eq!(
             rows[1],
             &vec![
-                "`strings ~/.cargo/bin/codewhale-tui | grep -c \"Goal mode\"`".to_string(),
+                "`strings ~/.cargo/bin/codewhale-tui | grep -c \"legacy marker\"`".to_string(),
                 "0 matches".to_string(),
             ]
         );
diff --git a/crates/tui/src/tui/mod.rs b/crates/tui/src/tui/mod.rs
index d36b81cd..34b70ee2 100644
--- a/crates/tui/src/tui/mod.rs
+++ b/crates/tui/src/tui/mod.rs
@@ -70,7 +70,6 @@ mod ui_text;
 pub mod user_input;
 pub mod views;
 pub mod vim_mode;
-pub mod voice_input;
 pub mod widgets;
 pub mod workspace_context;
 
diff --git a/crates/tui/src/tui/session_picker.rs b/crates/tui/src/tui/session_picker.rs
index f6a80639..1cfbad95 100644
--- a/crates/tui/src/tui/session_picker.rs
+++ b/crates/tui/src/tui/session_picker.rs
@@ -952,6 +952,7 @@ mod tests {
             cost: crate::session_manager::SessionCostSnapshot::default(),
             parent_session_id: None,
             forked_from_message_count: None,
+            cumulative_turn_secs: 0,
         }
     }
 
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 852e6c4d..61cb195c 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -108,7 +108,7 @@ use crate::tui::workspace_context;
 
 use super::app::{
     App, AppAction, AppMode, OnboardingState, QueuedMessage, ReasoningEffort, SidebarFocus,
-    StatusToastLevel, SubmitDisposition, TaskPanelEntry, TuiOptions, VoiceInputState,
+    StatusToastLevel, SubmitDisposition, TaskPanelEntry, TuiOptions,
     looks_like_slash_command_input,
 };
 use super::approval::{
@@ -195,10 +195,6 @@ enum TranslationEvent {
     },
 }
 
-#[derive(Debug)]
-enum VoiceInputEvent {
-    Finished { result: Result<String> },
-}
 // Reset scroll region (`\x1b[r`), origin mode (`\x1b[?6l`), and home the cursor
 // (`\x1b[H`) before letting ratatui's diff renderer repaint. The destructive
 // `\x1b[2J\x1b[3J` pair was previously appended here to also wipe the visible
@@ -870,8 +866,6 @@ async fn run_event_loop(
     let mut current_streaming_text = String::new();
     let (translation_tx, mut translation_rx) =
         tokio::sync::mpsc::unbounded_channel::<TranslationEvent>();
-    let (voice_input_tx, mut voice_input_rx) =
-        tokio::sync::mpsc::unbounded_channel::<VoiceInputEvent>();
     let mut pending_translations = 0usize;
     let mut pending_thinking_translations = 0usize;
     let mut last_queue_state = (app.queued_messages.clone(), app.queued_draft.clone());
@@ -991,8 +985,6 @@ async fn run_event_loop(
             }
         }
 
-        drain_voice_input_events(app, &mut voice_input_rx);
-
         if last_task_refresh.elapsed() >= Duration::from_millis(2500) {
             refresh_active_task_panel(app, &task_manager).await;
             last_task_refresh = Instant::now();
@@ -2007,7 +1999,6 @@ async fn run_event_loop(
                 &task_manager,
                 &mut engine_handle,
                 &mut web_config_session,
-                voice_input_tx.clone(),
                 events,
             )
             .await?
@@ -2020,10 +2011,7 @@ async fn run_event_loop(
         if reconcile_turn_liveness(app, Instant::now(), has_running_agents) {
             app.needs_redraw = true;
         }
-        if (app.is_loading
-            || has_running_agents
-            || app.is_compacting
-            || app.voice_input_state.is_some())
+        if (app.is_loading || has_running_agents || app.is_compacting)
             && last_status_frame.elapsed()
                 >= Duration::from_millis(status_animation_interval_ms(app))
         {
@@ -2117,11 +2105,7 @@ async fn run_event_loop(
             app.needs_redraw = false;
         }
 
-        let mut poll_timeout = if app.is_loading
-            || has_running_agents
-            || app.is_compacting
-            || app.voice_input_state.is_some()
-        {
+        let mut poll_timeout = if app.is_loading || has_running_agents || app.is_compacting {
             Duration::from_millis(active_poll_ms(app))
         } else {
             Duration::from_millis(idle_poll_ms(app))
@@ -2306,7 +2290,6 @@ async fn run_event_loop(
                     &task_manager,
                     &mut engine_handle,
                     &mut web_config_session,
-                    voice_input_tx.clone(),
                     events,
                 )
                 .await?
@@ -2688,7 +2671,6 @@ async fn run_event_loop(
                     &task_manager,
                     &mut engine_handle,
                     &mut web_config_session,
-                    voice_input_tx.clone(),
                     events,
                 )
                 .await?
@@ -5291,82 +5273,6 @@ async fn execute_command_input(
     .await
 }
 
-fn start_voice_input(
-    app: &mut App,
-    voice_input_tx: tokio::sync::mpsc::UnboundedSender<VoiceInputEvent>,
-) {
-    if app.voice_input_state.is_some() {
-        app.status_message = Some("Voice input is already listening".to_string());
-        app.needs_redraw = true;
-        return;
-    }
-
-    let settings = match crate::settings::Settings::load() {
-        Ok(settings) => settings,
-        Err(err) => {
-            app.add_message(HistoryCell::System {
-                content: format!("Voice input unavailable: failed to load settings: {err}"),
-            });
-            app.status_message = Some("Voice input unavailable".to_string());
-            return;
-        }
-    };
-
-    let Some(command_line) = settings.voice_input_command.clone() else {
-        app.add_message(HistoryCell::System {
-            content: "Voice input is not configured. Set `voice_input_command` in settings.toml or export `DEEPSEEK_VOICE_INPUT_COMMAND`. Open the command palette and choose Voice input after configuring it. The command must write the transcript to stdout.".to_string(),
-        });
-        app.status_message = Some("Voice input not configured".to_string());
-        return;
-    };
-
-    let timeout_secs = settings.voice_input_timeout_secs;
-    let workspace = app.workspace.clone();
-    app.voice_input_state = Some(VoiceInputState::new(Instant::now()));
-    app.status_message =
-        Some("Voice input listening - transcript will appear in the composer".to_string());
-    app.needs_redraw = true;
-
-    tokio::spawn(async move {
-        let result = crate::tui::voice_input::run_configured_voice_command(
-            &command_line,
-            timeout_secs,
-            &workspace,
-        )
-        .await;
-        let _ = voice_input_tx.send(VoiceInputEvent::Finished { result });
-    });
-}
-
-fn drain_voice_input_events(
-    app: &mut App,
-    voice_input_rx: &mut tokio::sync::mpsc::UnboundedReceiver<VoiceInputEvent>,
-) {
-    while let Ok(event) = voice_input_rx.try_recv() {
-        match event {
-            VoiceInputEvent::Finished { result } => {
-                app.voice_input_state = None;
-                match result {
-                    Ok(transcript) => {
-                        let char_count = transcript.chars().count();
-                        app.insert_str(&transcript);
-                        app.status_message = Some(format!(
-                            "Voice transcript inserted ({char_count} chars) - edit, then Enter to send"
-                        ));
-                    }
-                    Err(err) => {
-                        app.add_message(HistoryCell::System {
-                            content: format!("Voice input failed: {err}"),
-                        });
-                        app.status_message = Some("Voice input failed".to_string());
-                    }
-                }
-                app.needs_redraw = true;
-            }
-        }
-    }
-}
-
 async fn steer_user_message(
     app: &mut App,
     engine_handle: &EngineHandle,
@@ -6009,7 +5915,6 @@ async fn handle_view_events(
     task_manager: &SharedTaskManager,
     engine_handle: &mut EngineHandle,
     web_config_session: &mut Option<WebConfigSession>,
-    voice_input_tx: tokio::sync::mpsc::UnboundedSender<VoiceInputEvent>,
     events: Vec<ViewEvent>,
 ) -> Result<bool> {
     for event in events {
@@ -6040,9 +5945,6 @@ async fn handle_view_events(
                 crate::tui::views::CommandPaletteAction::OpenTextPager { title, content } => {
                     open_text_pager(app, title, content);
                 }
-                crate::tui::views::CommandPaletteAction::VoiceInput => {
-                    start_voice_input(app, voice_input_tx.clone());
-                }
             },
             ViewEvent::OpenTextPager { title, content } => {
                 open_text_pager(app, title, content);
@@ -6734,6 +6636,10 @@ fn apply_loaded_session(app: &mut App, config: &Config, session: &SavedSession)
     app.session.last_prompt_cache_miss_tokens = None;
     app.session.last_reasoning_replay_tokens = None;
     app.session.turn_cache_history.clear();
+    // Restore cumulative turn duration so the footer "worked" chip
+    // persists across session restarts (#2038).
+    app.cumulative_turn_duration =
+        std::time::Duration::from_secs(session.metadata.cumulative_turn_secs);
     app.current_session_id = Some(session.metadata.id.clone());
     app.session_artifacts = session.artifacts.clone();
     app.session_title = Some(session.metadata.title.clone());
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 6b983961..2a254c67 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -1286,6 +1286,7 @@ fn saved_session_with_messages(messages: Vec<Message>) -> SavedSession {
             cost: crate::session_manager::SessionCostSnapshot::default(),
             parent_session_id: None,
             forked_from_message_count: None,
+            cumulative_turn_secs: 0,
         },
         messages,
         system_prompt: None,
diff --git a/crates/tui/src/tui/views/mod.rs b/crates/tui/src/tui/views/mod.rs
index e9b91740..beb044be 100644
--- a/crates/tui/src/tui/views/mod.rs
+++ b/crates/tui/src/tui/views/mod.rs
@@ -45,7 +45,6 @@ pub enum CommandPaletteAction {
     ExecuteCommand { command: String },
     InsertText { text: String },
     OpenTextPager { title: String, content: String },
-    VoiceInput,
 }
 
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -751,23 +750,6 @@ impl ConfigView {
                 editable: true,
                 scope: ConfigScope::Saved,
             },
-            ConfigRow {
-                section: ConfigSection::Composer,
-                key: "voice_input_command".to_string(),
-                value: settings
-                    .voice_input_command
-                    .clone()
-                    .unwrap_or_else(|| "(not configured)".to_string()),
-                editable: true,
-                scope: ConfigScope::Saved,
-            },
-            ConfigRow {
-                section: ConfigSection::Composer,
-                key: "voice_input_timeout_secs".to_string(),
-                value: settings.voice_input_timeout_secs.to_string(),
-                editable: true,
-                scope: ConfigScope::Saved,
-            },
             ConfigRow {
                 section: ConfigSection::Sidebar,
                 key: "sidebar_width".to_string(),
@@ -1151,8 +1133,6 @@ fn config_hint_for_key(key: &str) -> &'static str {
         "max_history" => "integer (0 allowed)",
         "default_model" => "deepseek-v4-pro | deepseek-v4-flash | deepseek-* | none/default",
         "reasoning_effort" => "auto | off | low | medium | high | max | default",
-        "voice_input_command" => "command string | none/default",
-        "voice_input_timeout_secs" => "1..=600",
         "mcp_config_path" => "path to mcp.json",
         _ => "",
     }
@@ -2206,8 +2186,6 @@ mod tests {
         assert!(keys.contains(&"composer_border"));
         assert!(keys.contains(&"composer_vim_mode"));
         assert!(keys.contains(&"bracketed_paste"));
-        assert!(keys.contains(&"voice_input_command"));
-        assert!(keys.contains(&"voice_input_timeout_secs"));
         assert!(keys.contains(&"context_panel"));
         assert!(keys.contains(&"cost_currency"));
         assert!(keys.contains(&"prefer_external_pdftotext"));
diff --git a/crates/tui/src/tui/voice_input.rs b/crates/tui/src/tui/voice_input.rs
deleted file mode 100644
index 04f57e8a..00000000
--- a/crates/tui/src/tui/voice_input.rs
+++ /dev/null
@@ -1,127 +0,0 @@
-//! Voice-input command bridge for the composer.
-//!
-//! CodeWhale stays out of platform microphone APIs here. A configured command
-//! owns recording and speech-to-text, writes the final transcript to stdout,
-//! and the TUI inserts that transcript into the composer.
-
-use std::path::Path;
-use std::process::Stdio;
-use std::time::Duration;
-
-use anyhow::{Context, Result, anyhow};
-use tokio::process::Command as TokioCommand;
-
-const DEFAULT_TIMEOUT_SECS: u64 = 60;
-const MAX_TIMEOUT_SECS: u64 = 600;
-
-pub(crate) fn clamp_timeout_secs(secs: u64) -> u64 {
-    secs.clamp(1, MAX_TIMEOUT_SECS)
-}
-
-pub(crate) fn default_timeout_secs() -> u64 {
-    DEFAULT_TIMEOUT_SECS
-}
-
-fn parse_voice_command(command_line: &str) -> Result<(String, Vec<String>)> {
-    let trimmed = command_line.trim();
-    if trimmed.is_empty() {
-        return Err(anyhow!("voice_input_command is empty"));
-    }
-
-    let parts = shlex::split(trimmed).ok_or_else(|| {
-        anyhow!("voice_input_command has invalid quoting; check spaces and quote pairs")
-    })?;
-    let Some((program, args)) = parts.split_first() else {
-        return Err(anyhow!("voice_input_command is empty"));
-    };
-    Ok((program.clone(), args.to_vec()))
-}
-
-fn stdout_to_transcript(stdout: &[u8]) -> Option<String> {
-    let text = String::from_utf8_lossy(stdout);
-    let transcript = text.trim();
-    (!transcript.is_empty()).then(|| transcript.to_string())
-}
-
-fn stderr_summary(stderr: &[u8]) -> String {
-    let text = String::from_utf8_lossy(stderr);
-    let trimmed = text.trim();
-    if trimmed.is_empty() {
-        return String::new();
-    }
-    let mut summary: String = trimmed.chars().take(300).collect();
-    if trimmed.chars().count() > 300 {
-        summary.push_str("...");
-    }
-    format!(": {summary}")
-}
-
-pub(crate) async fn run_configured_voice_command(
-    command_line: &str,
-    timeout_secs: u64,
-    cwd: &Path,
-) -> Result<String> {
-    let timeout_secs = clamp_timeout_secs(timeout_secs);
-    let (program, args) = parse_voice_command(command_line)?;
-
-    let mut command = TokioCommand::new(&program);
-    command
-        .args(args)
-        .current_dir(cwd)
-        .stdin(Stdio::null())
-        .stdout(Stdio::piped())
-        .stderr(Stdio::piped())
-        .kill_on_drop(true);
-
-    let output = tokio::time::timeout(Duration::from_secs(timeout_secs), command.output())
-        .await
-        .map_err(|_| anyhow!("voice input command timed out after {timeout_secs}s"))?
-        .with_context(|| format!("failed to run voice input command `{program}`"))?;
-
-    if !output.status.success() {
-        return Err(anyhow!(
-            "voice input command exited with {}{}",
-            output.status,
-            stderr_summary(&output.stderr)
-        ));
-    }
-
-    stdout_to_transcript(&output.stdout)
-        .ok_or_else(|| anyhow!("voice input command produced no transcript on stdout"))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn parses_quoted_voice_command() {
-        let (program, args) =
-            parse_voice_command(r#"python3 "/tmp/codewhale voice.py" --lang en-US"#)
-                .expect("parse command");
-        assert_eq!(program, "python3");
-        assert_eq!(args, vec!["/tmp/codewhale voice.py", "--lang", "en-US"]);
-    }
-
-    #[test]
-    fn rejects_invalid_voice_command_quoting() {
-        let err = parse_voice_command(r#"python3 "unterminated"#).expect_err("bad quotes");
-        assert!(err.to_string().contains("invalid quoting"));
-    }
-
-    #[test]
-    fn trims_stdout_to_transcript() {
-        assert_eq!(
-            stdout_to_transcript(b"\n  ship the voice input feature\r\n").as_deref(),
-            Some("ship the voice input feature")
-        );
-        assert!(stdout_to_transcript(b"\n\t ").is_none());
-    }
-
-    #[test]
-    fn timeout_clamps_to_supported_range() {
-        assert_eq!(clamp_timeout_secs(0), 1);
-        assert_eq!(clamp_timeout_secs(30), 30);
-        assert_eq!(clamp_timeout_secs(999), MAX_TIMEOUT_SECS);
-    }
-}
diff --git a/crates/tui/tests/palette_audit.rs b/crates/tui/tests/palette_audit.rs
index f8cc2805..e86c207a 100644
--- a/crates/tui/tests/palette_audit.rs
+++ b/crates/tui/tests/palette_audit.rs
@@ -1,8 +1,8 @@
 //! Palette audit tests to prevent color drift.
 //!
 //! These tests ensure that deprecated colors (like DEEPSEEK_AQUA) are not used
-//! directly in user-visible code. The palette should only use DeepSeek brand
-//! colors: blue, sky, red (plus neutral shades).
+//! directly in user-visible code. Backward-compatible DeepSeek aliases should
+//! point at the current CodeWhale semantic tokens instead of stale brand RGBs.
 
 use std::fs;
 use std::path::Path;
@@ -133,35 +133,35 @@ fn audit_no_direct_aqua_usage() {
 }
 
 #[test]
-fn verify_status_success_uses_sky() {
-    let manifest_dir = env!("CARGO_MANIFEST_DIR");
-    let palette_path = Path::new(manifest_dir).join("src/palette.rs");
-    let content = fs::read_to_string(&palette_path).expect("Failed to read palette.rs");
-
-    assert!(
-        content.contains("pub const STATUS_SUCCESS: Color = DEEPSEEK_SKY;"),
-        "STATUS_SUCCESS should use DEEPSEEK_SKY, not DEEPSEEK_AQUA"
+fn verify_status_success_uses_success_token() {
+    assert_eq!(
+        palette::STATUS_SUCCESS,
+        Color::Rgb(
+            palette::WHALE_SUCCESS_RGB.0,
+            palette::WHALE_SUCCESS_RGB.1,
+            palette::WHALE_SUCCESS_RGB.2
+        ),
+        "STATUS_SUCCESS should use the current success token"
+    );
+    assert_ne!(
+        palette::STATUS_SUCCESS,
+        palette::DEEPSEEK_AQUA,
+        "STATUS_SUCCESS should not regress to deprecated aqua"
     );
 }
 
 #[test]
-fn verify_brand_colors_defined() {
-    let manifest_dir = env!("CARGO_MANIFEST_DIR");
-    let palette_path = Path::new(manifest_dir).join("src/palette.rs");
-    let content = fs::read_to_string(&palette_path).expect("Failed to read palette.rs");
+fn verify_brand_aliases_follow_whale_tokens() {
+    assert_eq!(palette::WHALE_ACCENT_PRIMARY_RGB, (246, 196, 83));
+    assert_eq!(palette::WHALE_INFO_RGB, (106, 174, 242));
+    assert_eq!(palette::WHALE_ERROR_RGB, (255, 92, 122));
 
-    assert!(
-        content.contains("DEEPSEEK_BLUE_RGB: (u8, u8, u8) = (53, 120, 229);"),
-        "DEEPSEEK_BLUE should be #3578E5"
-    );
-    assert!(
-        content.contains("DEEPSEEK_SKY_RGB: (u8, u8, u8) = (106, 174, 242);"),
-        "DEEPSEEK_SKY should be #6AAEF2"
-    );
-    assert!(
-        content.contains("DEEPSEEK_RED_RGB: (u8, u8, u8) = (226, 80, 96);"),
-        "DEEPSEEK_RED should be #E25060"
+    assert_eq!(
+        palette::DEEPSEEK_BLUE_RGB,
+        palette::WHALE_ACCENT_PRIMARY_RGB
     );
+    assert_eq!(palette::DEEPSEEK_SKY_RGB, palette::WHALE_INFO_RGB);
+    assert_eq!(palette::DEEPSEEK_RED_RGB, palette::WHALE_ERROR_RGB);
 }
 
 #[test]
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index 858bac7e..c63e5b9b 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -63,23 +63,26 @@ provider's keyring entry.
 
 For hosted, generic OpenAI-compatible, or self-hosted providers, set
 `provider = "nvidia-nim"`, `"openai"`, `"atlascloud"`, `"wanjie-ark"`, `"fireworks"`,
-`"sglang"`, `"vllm"`, or `"ollama"` or pass `codewhale --provider <name>`. The facade saves provider
-credentials to the shared user config and forwards the resolved key, base URL,
-provider, and model to the TUI process. Use
+`"moonshot"`, `"sglang"`, `"vllm"`, or `"ollama"` or pass `codewhale --provider <name>`.
+The facade saves provider credentials to the shared user config and forwards
+the resolved key, base URL, provider, and model to the TUI process. Use
 `codewhale auth set --provider nvidia-nim --api-key "YOUR_NVIDIA_API_KEY"` or
 `codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"` or
 `codewhale auth set --provider atlascloud --api-key "YOUR_ATLASCLOUD_API_KEY"` or
 `codewhale auth set --provider wanjie-ark --api-key "YOUR_WANJIE_API_KEY"` or
-`codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"` to
-save provider keys through the facade. The generic `openai` provider defaults
-to `https://api.openai.com/v1`, accepts `OPENAI_BASE_URL`, and passes model IDs
-through unchanged for OpenAI-compatible gateways. `atlascloud` defaults to
+`codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"` or
+`codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"`
+to save provider keys through the facade. The generic `openai` provider defaults
+to `https://api.openai.com/v1`, accepts `OPENAI_BASE_URL`, and defaults to
+`deepseek-v4-pro` for OpenAI-compatible gateways. `atlascloud` defaults to
 `https://api.atlascloud.ai/v1`, accepts `ATLASCLOUD_BASE_URL`, and uses
 `deepseek-ai/deepseek-v4-flash` as its default model. `wanjie-ark` targets
 Wanjie Ark's OpenAI-compatible endpoint at
 `https://maas-openapi.wanjiedata.com/api/v1`, defaults to `deepseek-reasoner`,
 and passes model IDs through unchanged because Wanjie model access is
-account-scoped. SGLang, vLLM, and Ollama are
+account-scoped. `moonshot` targets Moonshot/Kimi, defaults to `kimi-k2.6`,
+and can use `KIMI_API_KEY` or `auth_mode = "kimi_oauth"` with local Kimi CLI
+credentials. SGLang, vLLM, and Ollama are
 self-hosted and can run without an API key by default. Ollama defaults to
 `http://localhost:11434/v1` and sends model tags such as `codewhale-coder:1.3b`
 or `qwen2.5-coder:7b` unchanged. Self-hosted providers and loopback custom
@@ -202,7 +205,7 @@ fallbacks after saved config and keyring credentials:
 - `DEEPSEEK_API_KEY`
 - `DEEPSEEK_BASE_URL`
 - `DEEPSEEK_HTTP_HEADERS` (custom model request headers, comma-separated `name=value` pairs)
-- `DEEPSEEK_PROVIDER` (`codewhale|nvidia-nim|openai|atlascloud|wanjie-ark|openrouter|novita|fireworks|sglang|vllm|ollama`)
+- `DEEPSEEK_PROVIDER` (`codewhale|nvidia-nim|openai|atlascloud|wanjie-ark|openrouter|novita|fireworks|moonshot|sglang|vllm|ollama`)
 - `DEEPSEEK_MODEL` or `DEEPSEEK_DEFAULT_TEXT_MODEL`
 - `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` (stream idle timeout in seconds; default `300`, clamped to `1..=3600`)
 - `DEEPSEEK_STREAM_OPEN_TIMEOUT_SECS` (connection setup + response-header wait in seconds; default `45`, clamped to `5..=300`; distinct from the per-chunk idle timeout)
@@ -250,8 +253,6 @@ fallbacks after saved config and keyring credentials:
 - `DEEPSEEK_FORCE_HTTP1` (`1|true|yes|on` pins the HTTP client to HTTP/1.1, disabling HTTP/2; useful on Windows or behind proxies that mishandle long-lived H2 streams)
 - `DEEPSEEK_HOME` (override the base data directory; defaults to `~/.deepseek`)
 - `DEEPSEEK_AUTOMATIONS_DIR` (override the automations storage directory; defaults to `~/.deepseek/automations`)
-- `DEEPSEEK_VOICE_INPUT_COMMAND` (command used by command-palette Voice input; stdout must be the final transcript)
-- `DEEPSEEK_VOICE_INPUT_TIMEOUT_SECS` (voice input command timeout, clamped to `1..=600`, default `60`)
 - `DEEPSEEK_CAPACITY_ENABLED`
 - `DEEPSEEK_CAPACITY_LOW_RISK_MAX`
 - `DEEPSEEK_CAPACITY_MEDIUM_RISK_MAX`
@@ -372,59 +373,11 @@ Common settings keys:
 - `max_history` (number of submitted input history entries; cleared drafts are
   also kept locally for composer history search)
 - `default_model` (model name override)
-- `voice_input_command` (command run by command-palette Voice input; stdout is
-  inserted into the composer as transcript text)
-- `voice_input_timeout_secs` (1-600 seconds, default 60)
 
 Only `agent`, `plan`, and `yolo` are visible modes in the UI. Switch between
 them with `/mode`. For compatibility, older settings files with
 `default_mode = "normal"` still load as `agent`.
 
-### Voice Input
-
-Voice input is intentionally a command bridge instead of a built-in speech SDK.
-The configured command owns microphone permission, recording, and
-speech-to-text. CodeWhale runs it in the background with a listening status,
-reads stdout, trims surrounding whitespace, and inserts the transcript into the
-composer at the cursor.
-Open it from the command palette with `Ctrl+K`, then search `Voice input`.
-
-```toml
-voice_input_command = "codewhale-voice"
-voice_input_timeout_secs = 60
-```
-
-The command must:
-
-- exit `0` on success
-- write only the final transcript to stdout
-- write diagnostics to stderr
-- avoid putting API keys directly in the command string; read secrets from the
-  environment or OS key store instead
-
-Platform helper patterns:
-
-- macOS: use a small helper around a local STT tool or Apple's Speech framework,
-  then set `voice_input_command = "codewhale-voice"`. Apple's framework supports
-  live and recorded speech recognition, but microphone and speech permissions
-  belong in the helper, not the terminal UI.
-- Windows: use a PowerShell, .NET, or WinRT helper around
-  `Windows.Media.SpeechRecognition`. Prefer forward slashes in configured paths,
-  for example
-  `voice_input_command = "powershell.exe -NoProfile -ExecutionPolicy Bypass -File C:/Users/me/bin/codewhale-voice.ps1"`.
-- HarmonyOS/Huawei devices: use a native, ArkTS/Java, or device-bridge helper
-  that calls the platform/Huawei ASR capability and prints UTF-8 transcript text.
-  This keeps the Rust TUI portable while letting the HarmonyOS side own device
-  permissions and SDK packaging.
-
-Useful native references for helper authors:
-
-- Apple Speech framework: <https://developer.apple.com/documentation/speech/>
-- Windows speech recognition APIs:
-  <https://learn.microsoft.com/en-us/windows/apps/develop/input/speech-recognition>
-- Huawei ML Kit ASR codelab:
-  <https://developer.huawei.com/consumer/en/codelab/AirTouch/>
-
 Localization scope is tracked in [LOCALIZATION.md](LOCALIZATION.md). The v0.7.6
 core pack covers high-visibility TUI chrome only; provider/tool schemas,
 personality prompts, and full documentation remain English unless explicitly
@@ -476,10 +429,10 @@ If you are upgrading from older releases:
 
 ### Core keys (used by the TUI/engine)
 
-- `provider` (string, optional): `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `sglang`, `vllm`, or `ollama`. Legacy `deepseek-cn` configs are still accepted as an alias for `codewhale`; DeepSeek uses the same official host [`https://api.deepseek.com`](https://api-docs.deepseek.com/) worldwide. `nvidia-nim` targets NVIDIA's NIM-hosted DeepSeek endpoints through `https://integrate.api.nvidia.com/v1`; `openai` targets a generic OpenAI-compatible endpoint, defaulting to `https://api.openai.com/v1`; `atlascloud` targets AtlasCloud's OpenAI-compatible endpoint at `https://api.atlascloud.ai/v1`; `wanjie-ark` targets Wanjie Ark's OpenAI-compatible endpoint at `https://maas-openapi.wanjiedata.com/api/v1`; `fireworks` targets `https://api.fireworks.ai/inference/v1`; `sglang` targets a self-hosted OpenAI-compatible endpoint, defaulting to `http://localhost:30000/v1`; `vllm` targets a self-hosted vLLM OpenAI-compatible endpoint, defaulting to `http://localhost:8000/v1`; `ollama` targets Ollama's OpenAI-compatible endpoint, defaulting to `http://localhost:11434/v1`.
+- `provider` (string, optional): `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, or `ollama`. Legacy `deepseek-cn` configs are still accepted as an alias for `codewhale`; DeepSeek uses the same official host [`https://api.deepseek.com`](https://api-docs.deepseek.com/) worldwide. `nvidia-nim` targets NVIDIA's NIM-hosted DeepSeek endpoints through `https://integrate.api.nvidia.com/v1`; `openai` targets a generic OpenAI-compatible endpoint, defaulting to `https://api.openai.com/v1`; `atlascloud` targets AtlasCloud's OpenAI-compatible endpoint at `https://api.atlascloud.ai/v1`; `wanjie-ark` targets Wanjie Ark's OpenAI-compatible endpoint at `https://maas-openapi.wanjiedata.com/api/v1`; `fireworks` targets `https://api.fireworks.ai/inference/v1`; `moonshot` targets `https://api.moonshot.ai/v1` by default, with Kimi CLI OAuth mode using `https://api.kimi.com/coding/v1`; `sglang` targets a self-hosted OpenAI-compatible endpoint, defaulting to `http://localhost:30000/v1`; `vllm` targets a self-hosted vLLM OpenAI-compatible endpoint, defaulting to `http://localhost:8000/v1`; `ollama` targets Ollama's OpenAI-compatible endpoint, defaulting to `http://localhost:11434/v1`.
 - `api_key` (string, required for hosted providers): must be non-empty for DeepSeek/hosted providers (or set the provider API key env var). Self-hosted SGLang, vLLM, and Ollama can omit it.
-- `base_url` (string, optional): defaults to `https://api.deepseek.com/beta` for DeepSeek's OpenAI-compatible Chat Completions API, including legacy `provider = "deepseek-cn"` configs, `https://api.openai.com/v1` for `provider = "openai"`, `https://api.atlascloud.ai/v1` for `provider = "atlascloud"`, `https://maas-openapi.wanjiedata.com/api/v1` for `provider = "wanjie-ark"`, or the provider-specific endpoint for hosted/self-hosted providers. Set `https://api.deepseek.com` or `https://api.deepseek.com/v1` explicitly to opt out of DeepSeek beta features.
-- `default_text_model` (string, optional): defaults to `deepseek-v4-pro` for DeepSeek, `deepseek-ai/deepseek-v4-pro` for NVIDIA NIM, `gpt-4.1` for generic OpenAI-compatible endpoints, `deepseek-ai/deepseek-v4-flash` for AtlasCloud, `deepseek-reasoner` for Wanjie Ark, `accounts/fireworks/models/deepseek-v4-pro` for Fireworks, `deepseek-ai/DeepSeek-V4-Pro` for SGLang/vLLM, and `codewhale-coder:1.3b` for Ollama. Current public DeepSeek IDs are `deepseek-v4-pro` and `deepseek-v4-flash`, both with 1M context windows, 384K max output, and thinking mode enabled by default. Legacy `deepseek-chat` and `deepseek-reasoner` remain compatibility aliases for `deepseek-v4-flash` until July 24, 2026. Provider-specific mappings translate `deepseek-v4-pro` / `deepseek-v4-flash` to each provider's model ID where supported. Generic `openai`, `atlascloud`, `wanjie-ark`, and Ollama model IDs are passed through unchanged. OpenRouter provider configs with a custom `base_url` also preserve explicit model values, which lets OpenAI-compatible gateways accept bare model IDs. Use `/models` or `codewhale models` to discover live IDs from your configured endpoint. `DEEPSEEK_MODEL` overrides this for a single process.
+- `base_url` (string, optional): defaults to `https://api.deepseek.com/beta` for DeepSeek's OpenAI-compatible Chat Completions API, including legacy `provider = "deepseek-cn"` configs, `https://api.openai.com/v1` for `provider = "openai"`, `https://api.atlascloud.ai/v1` for `provider = "atlascloud"`, `https://maas-openapi.wanjiedata.com/api/v1` for `provider = "wanjie-ark"`, `https://api.moonshot.ai/v1` for `provider = "moonshot"` API-key mode, or the provider-specific endpoint for hosted/self-hosted providers. Set `https://api.deepseek.com` or `https://api.deepseek.com/v1` explicitly to opt out of DeepSeek beta features.
+- `default_text_model` (string, optional): defaults to `deepseek-v4-pro` for DeepSeek and generic OpenAI-compatible endpoints, `deepseek-ai/deepseek-v4-pro` for NVIDIA NIM, `deepseek-ai/deepseek-v4-flash` for AtlasCloud, `deepseek-reasoner` for Wanjie Ark, `accounts/fireworks/models/deepseek-v4-pro` for Fireworks, `kimi-k2.6` for Moonshot/Kimi API-key mode, `deepseek-ai/DeepSeek-V4-Pro` for SGLang/vLLM, and `codewhale-coder:1.3b` for Ollama. Current public DeepSeek IDs are `deepseek-v4-pro` and `deepseek-v4-flash`, both with 1M context windows, 384K max output, and thinking mode enabled by default. Legacy `deepseek-chat` and `deepseek-reasoner` remain compatibility aliases for `deepseek-v4-flash` until July 24, 2026. Provider-specific mappings translate `deepseek-v4-pro` / `deepseek-v4-flash` to each provider's model ID where supported. Generic `openai`, `atlascloud`, `wanjie-ark`, and Ollama model IDs are passed through unchanged. OpenRouter provider configs with a custom `base_url` also preserve explicit model values, which lets OpenAI-compatible gateways accept bare model IDs. Use `/models` or `codewhale models` to discover live IDs from your configured endpoint. `DEEPSEEK_MODEL` overrides this for a single process.
 - `reasoning_effort` (string, optional): `off`, `low`, `medium`, `high`, or `max`; defaults to the configured UI tier. DeepSeek Platform receives top-level `thinking` / `reasoning_effort` fields. NVIDIA NIM receives equivalent settings through `chat_template_kwargs`.
 - `allow_shell` (bool, optional): defaults to `true` (sandboxed).
 - `approval_policy` (string, optional): `on-request`, `untrusted`, or `never`. Runtime `approval_mode` editing in `/config` also accepts `on-request` and `untrusted` aliases.
diff --git a/npm/codewhale/package.json b/npm/codewhale/package.json
index 3f6c3cb2..c8a402f8 100644
--- a/npm/codewhale/package.json
+++ b/npm/codewhale/package.json
@@ -1,7 +1,7 @@
 {
   "name": "codewhale",
-  "version": "0.8.44",
-  "codewhaleBinaryVersion": "0.8.44",
+  "version": "0.8.45",
+  "codewhaleBinaryVersion": "0.8.45",
   "description": "Install and run CodeWhale, the agentic terminal for open-source and open-weight coding models, from GitHub release artifacts.",
   "author": "Hmbown",
   "license": "MIT",
diff --git a/npm/deepseek-tui/package.json b/npm/deepseek-tui/package.json
index bbca3bb6..b99f9a15 100644
--- a/npm/deepseek-tui/package.json
+++ b/npm/deepseek-tui/package.json
@@ -1,6 +1,6 @@
 {
   "name": "deepseek-tui",
-  "version": "0.8.44",
+  "version": "0.8.45",
   "description": "Legacy compatibility package. Renamed to `codewhale`; run `npm install -g codewhale` for new installs.",
   "author": "Hmbown",
   "license": "MIT",
diff --git a/web/app/[locale]/faq/page.tsx b/web/app/[locale]/faq/page.tsx
index 4a3af70c..f216552a 100644
--- a/web/app/[locale]/faq/page.tsx
+++ b/web/app/[locale]/faq/page.tsx
@@ -196,11 +196,11 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
     sources: ["README.md", "#1207"],
   },
   {
-    q: "What is Goal mode? Is it available?",
+    q: "What does /goal do?",
     a: (
       <>
-        Goal mode is a future workflow/tab direction for long-running, multi-step objectives — not the current <code className="inline">/goal</code> command.
-        The current <code className="inline">/goal</code> is a simple goal-setter. The full Goal mode (autonomous multi-turn task execution with checkpoint/resume) is planned but not yet implemented.
+        <code className="inline">/goal</code> is a simple goal-setter for the current session.
+        It does not add another app mode; the mode switcher remains Plan, Agent, and YOLO.
         Track progress in <a href="https://github.com/Hmbown/CodeWhale/issues/891" className="body-link">#891</a>.
       </>
     ),

From 70a655cddb731912ef01e24954967f85753cbc08 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 18:51:05 -0500
Subject: [PATCH 014/283] test: use open model sentinels

---
 crates/tui/src/client.rs      | 12 ++++++++----
 crates/tui/src/client/chat.rs | 10 +++++-----
 crates/tui/src/config.rs      |  2 +-
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/crates/tui/src/client.rs b/crates/tui/src/client.rs
index 570b2762..21552a79 100644
--- a/crates/tui/src/client.rs
+++ b/crates/tui/src/client.rs
@@ -1289,7 +1289,7 @@ mod tests {
         // and DOES replay reasoning_content — see
         // `deepseek_model_on_openai_provider_still_replays_reasoning_content`.
         let request = MessageRequest {
-            model: "gpt-4o".to_string(),
+            model: "qwen3-coder".to_string(),
             messages: vec![Message {
                 role: "assistant".to_string(),
                 content: vec![
@@ -2748,7 +2748,7 @@ mod tests {
         // DeepSeek reasoning model on the openai provider still gets sanitized
         // (see chat.rs `deepseek_model_on_openai_provider_still_replays_*`).
         let mut body = json!({
-            "model": "gpt-4o",
+            "model": "qwen3-coder",
             "messages": [
                 { "role": "user", "content": "hi" },
                 {
@@ -2759,8 +2759,12 @@ mod tests {
             ]
         });
 
-        let result =
-            sanitize_thinking_mode_messages(&mut body, "gpt-4o", Some("max"), ApiProvider::Openai);
+        let result = sanitize_thinking_mode_messages(
+            &mut body,
+            "qwen3-coder",
+            Some("max"),
+            ApiProvider::Openai,
+        );
 
         assert!(result.is_none());
         let assistant = body["messages"]
diff --git a/crates/tui/src/client/chat.rs b/crates/tui/src/client/chat.rs
index 1b691110..dd6c37a4 100644
--- a/crates/tui/src/client/chat.rs
+++ b/crates/tui/src/client/chat.rs
@@ -3093,7 +3093,7 @@ mod alias_thinking_detection_tests {
         // `reasoning_content` on providers that reject the field.
         assert!(!requires_reasoning_content("deepseek-v3"));
         assert!(!requires_reasoning_content("deepseek-coder"));
-        assert!(!requires_reasoning_content("gpt-4o"));
+        assert!(!requires_reasoning_content("qwen3-coder"));
         assert!(!requires_reasoning_content("claude-sonnet-4-6"));
     }
 
@@ -3169,7 +3169,7 @@ mod alias_thinking_detection_tests {
         // openai provider must continue to have reasoning_content stripped.
         assert!(!should_replay_reasoning_content_for_provider(
             ApiProvider::Openai,
-            "gpt-4o",
+            "qwen3-coder",
             None,
         ));
         assert!(!should_replay_reasoning_content_for_provider(
@@ -3211,7 +3211,7 @@ mod alias_thinking_detection_tests {
         // parser keeps inlining any `reasoning_content` it emits as text.
         assert!(!is_reasoning_model_for_stream(
             ApiProvider::Openai,
-            "gpt-4o"
+            "qwen3-coder"
         ));
         assert!(!is_reasoning_model_for_stream(
             ApiProvider::Openai,
@@ -3220,7 +3220,7 @@ mod alias_thinking_detection_tests {
         // Non-DeepSeek model on a reasoning-aware provider is also unchanged.
         assert!(!is_reasoning_model_for_stream(
             ApiProvider::Deepseek,
-            "gpt-4o"
+            "qwen3-coder"
         ));
     }
 
@@ -3230,7 +3230,7 @@ mod alias_thinking_detection_tests {
         // model identity, or stream parsing and message sanitisation disagree
         // about where reasoning tokens live. Effort=None isolates the
         // model/provider dimension shared by both.
-        for model in ["deepseek-v4-pro", "deepseek-reasoner", "gpt-4o"] {
+        for model in ["deepseek-v4-pro", "deepseek-reasoner", "qwen3-coder"] {
             for provider in [ApiProvider::Openai, ApiProvider::Deepseek] {
                 assert_eq!(
                     is_reasoning_model_for_stream(provider, model),
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 7e93e9d7..ce15b29e 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -5243,7 +5243,7 @@ api_key = "old-openrouter-key"
 
     #[test]
     fn normalize_model_name_rejects_invalid_or_non_deepseek_ids() {
-        assert!(normalize_model_name("gpt-4o").is_none());
+        assert!(normalize_model_name("qwen3-coder").is_none());
         assert!(normalize_model_name("codewhale v4").is_none());
         assert!(normalize_model_name("").is_none());
     }

From af1f99e85d67585ca83cea558420afca8623b5e1 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 22:06:39 -0500
Subject: [PATCH 015/283] docs(changelog): add missing v0.8.45 entries

---
 CHANGELOG.md            | 10 ++++++++++
 crates/tui/CHANGELOG.md | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 47c20bd9..7f21e957 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **RLM session objects.** `rlm_open` can now load `session://` refs,
   exposing the active prompt, history, and session data as symbolic objects
   inside RLM REPLs (#2047).
+- **Command palette voice input.** The command palette can launch a configured
+  speech-to-text helper and show footer status while transcription runs
+  (#2047).
+- **Moonshot/Kimi OAuth provider.** Moonshot/Kimi is now a first-class
+  provider, including Kimi CLI OAuth reuse, secure refresh writes, model
+  completion, CLI auth, and secret-store integration.
 - **Deterministic whale-species sub-agent names.** Sub-agents now get stable,
   human-readable whale-species nicknames (e.g. "Beluga", "Orca") while
   preserving the raw agent ID in the popup (#2035, #2016).
@@ -52,6 +58,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   Thanks @reidliu41 (#2143).
 - **Model picker selection survives Esc.** Dismissing the model picker with Esc
   no longer loses the highlighted selection. Thanks @reidliu41 (#2056).
+- **Moonshot/Kimi sessions launch from the dispatcher.** The `codewhale`
+  wrapper now includes Moonshot/Kimi in the TUI provider allowlist, so
+  `codewhale --provider moonshot --model kimi-k2.6` reaches the TUI instead of
+  stopping after config resolution.
 - **Slash recovery no longer restores command tails in the composer.**
   Resuming a session or recovering from a crash no longer leaves stale
   slash-command text (e.g. `/sessions`) in the composer input (#2047, #2032).
diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md
index 47c20bd9..7f21e957 100644
--- a/crates/tui/CHANGELOG.md
+++ b/crates/tui/CHANGELOG.md
@@ -14,6 +14,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **RLM session objects.** `rlm_open` can now load `session://` refs,
   exposing the active prompt, history, and session data as symbolic objects
   inside RLM REPLs (#2047).
+- **Command palette voice input.** The command palette can launch a configured
+  speech-to-text helper and show footer status while transcription runs
+  (#2047).
+- **Moonshot/Kimi OAuth provider.** Moonshot/Kimi is now a first-class
+  provider, including Kimi CLI OAuth reuse, secure refresh writes, model
+  completion, CLI auth, and secret-store integration.
 - **Deterministic whale-species sub-agent names.** Sub-agents now get stable,
   human-readable whale-species nicknames (e.g. "Beluga", "Orca") while
   preserving the raw agent ID in the popup (#2035, #2016).
@@ -52,6 +58,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   Thanks @reidliu41 (#2143).
 - **Model picker selection survives Esc.** Dismissing the model picker with Esc
   no longer loses the highlighted selection. Thanks @reidliu41 (#2056).
+- **Moonshot/Kimi sessions launch from the dispatcher.** The `codewhale`
+  wrapper now includes Moonshot/Kimi in the TUI provider allowlist, so
+  `codewhale --provider moonshot --model kimi-k2.6` reaches the TUI instead of
+  stopping after config resolution.
 - **Slash recovery no longer restores command tails in the composer.**
   Resuming a session or recovering from a crash no longer leaves stale
   slash-command text (e.g. `/sessions`) in the composer input (#2047, #2032).

From 05e4b08335c87a27e20dc02b0ece4c799a80cbb9 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 22:06:44 -0500
Subject: [PATCH 016/283] fix(cli): allow Moonshot Kimi TUI delegation

---
 crates/cli/src/lib.rs     | 82 ++++++++++++++++++++++++++++++++++-----
 crates/secrets/src/lib.rs | 19 +++++++--
 2 files changed, 89 insertions(+), 12 deletions(-)

diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 2bd75181..18cc93d8 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -1453,12 +1453,13 @@ fn build_tui_command(
             | ProviderKind::Openrouter
             | ProviderKind::Novita
             | ProviderKind::Fireworks
+            | ProviderKind::Moonshot
             | ProviderKind::Sglang
             | ProviderKind::Vllm
             | ProviderKind::Ollama
     ) {
         bail!(
-            "The interactive TUI supports DeepSeek, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, OpenRouter, Novita, Fireworks, SGLang, vLLM, and Ollama providers. Remove --provider {} or use `codewhale model ...` for provider registry inspection.",
+            "The interactive TUI supports DeepSeek, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, OpenRouter, Novita, Fireworks, Moonshot/Kimi, SGLang, vLLM, and Ollama providers. Remove --provider {} or use `codewhale model ...` for provider registry inspection.",
             resolved_runtime.provider.as_str()
         );
     }
@@ -1480,14 +1481,10 @@ fn build_tui_command(
     }
     if let Some(api_key) = resolved_runtime.api_key.as_ref() {
         cmd.env("DEEPSEEK_API_KEY", api_key);
-        if resolved_runtime.provider == ProviderKind::Openai {
-            cmd.env("OPENAI_API_KEY", api_key);
-        }
-        if resolved_runtime.provider == ProviderKind::Atlascloud {
-            cmd.env("ATLASCLOUD_API_KEY", api_key);
-        }
-        if resolved_runtime.provider == ProviderKind::WanjieArk {
-            cmd.env("WANJIE_ARK_API_KEY", api_key);
+        for var in provider_env_vars(resolved_runtime.provider) {
+            if *var != "DEEPSEEK_API_KEY" {
+                cmd.env(var, api_key);
+            }
         }
         let source = resolved_runtime
             .api_key_source
@@ -2668,6 +2665,73 @@ mod tests {
         );
     }
 
+    #[test]
+    fn build_tui_command_allows_moonshot_and_forwards_kimi_key() {
+        let _lock = env_lock();
+        let dir = tempfile::TempDir::new().expect("tempdir");
+        let custom = dir
+            .path()
+            .join(format!("custom-tui{}", std::env::consts::EXE_SUFFIX));
+        std::fs::write(&custom, b"").unwrap();
+        let custom_str = custom.to_string_lossy().into_owned();
+        let _bin = ScopedEnvVar::set("DEEPSEEK_TUI_BIN", &custom_str);
+
+        let cli = parse_ok(&[
+            "codewhale",
+            "--provider",
+            "moonshot",
+            "--model",
+            "kimi-k2.6",
+            "--workspace",
+            "/tmp/codewhale-workspace",
+        ]);
+        let resolved = ResolvedRuntimeOptions {
+            provider: ProviderKind::Moonshot,
+            model: "kimi-k2.6".to_string(),
+            api_key: Some("resolved-kimi-key".to_string()),
+            api_key_source: Some(RuntimeApiKeySource::Env),
+            base_url: "https://api.moonshot.ai/v1".to_string(),
+            auth_mode: Some("api_key".to_string()),
+            output_mode: None,
+            log_level: None,
+            telemetry: false,
+            approval_policy: None,
+            sandbox_mode: None,
+            yolo: None,
+            http_headers: std::collections::BTreeMap::new(),
+        };
+
+        let cmd = build_tui_command(&cli, &resolved, Vec::new()).expect("command");
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_PROVIDER").as_deref(),
+            Some("moonshot")
+        );
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_MODEL").as_deref(),
+            Some("kimi-k2.6")
+        );
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_BASE_URL").as_deref(),
+            Some("https://api.moonshot.ai/v1")
+        );
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_API_KEY").as_deref(),
+            Some("resolved-kimi-key")
+        );
+        assert_eq!(
+            command_env(&cmd, "MOONSHOT_API_KEY").as_deref(),
+            Some("resolved-kimi-key")
+        );
+        assert_eq!(
+            command_env(&cmd, "KIMI_API_KEY").as_deref(),
+            Some("resolved-kimi-key")
+        );
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_API_KEY_SOURCE").as_deref(),
+            Some("env")
+        );
+    }
+
     #[test]
     fn parses_top_level_prompt_flag_for_canonical_one_shot() {
         let cli = parse_ok(&["deepseek", "-p", "Reply with exactly OK."]);
diff --git a/crates/secrets/src/lib.rs b/crates/secrets/src/lib.rs
index 0254aa61..69c3fc9a 100644
--- a/crates/secrets/src/lib.rs
+++ b/crates/secrets/src/lib.rs
@@ -484,9 +484,7 @@ impl Secrets {
 
     /// Resolve a secret with `secret store → env → none` precedence.
     ///
-    /// `name` is the canonical provider name (`"deepseek"`,
-    /// `"openrouter"`, `"novita"`, `"nvidia"`/`"nvidia-nim"`, `"openai"`,
-    /// or `"atlascloud"`).
+    /// `name` is the canonical provider name or a supported provider alias.
     /// Empty strings on either layer are treated as "not set".
     #[must_use]
     pub fn resolve(&self, name: &str) -> Option<String> {
@@ -779,6 +777,21 @@ mod tests {
         unsafe { std::env::remove_var("FIREWORKS_API_KEY") };
     }
 
+    #[test]
+    fn moonshot_kimi_env_aliases_resolve() {
+        let _lock = env_lock();
+        clear_known_envs();
+        // Safety: env mutation guarded by env_lock().
+        unsafe { std::env::set_var("KIMI_API_KEY", "kimi-key") };
+
+        assert_eq!(env_for("moonshot").as_deref(), Some("kimi-key"));
+        assert_eq!(env_for("moonshot-ai").as_deref(), Some("kimi-key"));
+        assert_eq!(env_for("kimi").as_deref(), Some("kimi-key"));
+        assert_eq!(env_for("kimi-k2").as_deref(), Some("kimi-key"));
+        // Safety: env mutation guarded by env_lock().
+        unsafe { std::env::remove_var("KIMI_API_KEY") };
+    }
+
     #[test]
     fn sglang_env_aliases_resolve() {
         let _lock = env_lock();

From 85e9a46ddfb8e507219906d6a64e1c981106114b Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 22:06:51 -0500
Subject: [PATCH 017/283] docs(readme): refresh provider list and Windows
 surface

---
 README.md | 72 ++++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 55 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index 411cf0c9..d1dd66a1 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ It is built around DeepSeek V4 (`deepseek-v4-pro` / `deepseek-v4-flash`), includ
 - **Reasoning-effort tiers** — cycle through `off → high → max` with `Shift + Tab`
 - **Session save/resume/fork** — checkpoint long-running sessions and fork saved conversations into sibling paths with parent lineage shown in the picker
 - **Workspace rollback** — side-git pre/post-turn snapshots with `/restore` and `revert_turn`, without touching your repo's `.git`
-- **OS-level sandbox** — Seatbelt on macOS, Landlock on Linux, Job Objects on Windows; shell commands run with workspace-scoped filesystem access only
+- **Approval + platform sandbox controls** — Seatbelt on macOS and Landlock on Linux where available; Windows uses the same approval flow and terminal/runtime protections while OS-level filesystem isolation remains a tracked helper contract
 - **Durable task queue** — background tasks can survive restarts
 - **HTTP/SSE runtime API** — `codewhale serve --http` for headless agent workflows
 - **MCP protocol** — connect to Model Context Protocol servers for extended tooling; please see [docs/MCP.md](docs/MCP.md)
@@ -210,12 +210,37 @@ codewhale --version
 
 Prebuilt binaries can also be downloaded from [GitHub Releases](https://github.com/Hmbown/CodeWhale/releases). Use `DEEPSEEK_TUI_RELEASE_BASE_URL` for mirrored release assets.
 
-### Windows (Scoop)
+### Windows
 
-[Scoop](https://scoop.sh) is a Windows package manager. The `codewhale` package is listed
-in Scoop's main bucket, but that manifest updates independently and can lag the
-GitHub/npm/Cargo release. Run `scoop update` first, then verify the installed
-version with `codewhale --version`:
+Windows x64 is a first-class release target. Use npm or direct GitHub release
+downloads when you need the newest v0.8.45 binary; Cargo also works when Rust
+1.88+ and the MSVC toolchain are installed.
+
+```powershell
+npm install -g codewhale
+codewhale --version
+
+cargo install codewhale-cli --locked --force
+cargo install codewhale-tui     --locked --force
+```
+
+Current Windows terminal behavior:
+
+- interactive sessions always use the TUI-owned alternate screen; the old
+  `--no-alt-screen` flag is accepted for script compatibility but no longer
+  disables the interactive alternate screen
+- runtime logs stay out of the alternate-screen buffer when `RUST_LOG` or
+  `DEEPSEEK_LOG_LEVEL` is enabled
+- mouse capture defaults on in Windows Terminal, ConEmu, and Cmder, but stays
+  off in legacy console hosts and JetBrains terminals; use `--mouse-capture` or
+  `--no-mouse-capture` to override
+- mouse-wheel-as-arrow terminals keep composer history usable by routing empty
+  composer Up/Down to transcript scrolling where appropriate
+
+[Scoop](https://scoop.sh) is also supported. The `deepseek-tui` package is
+listed in Scoop's main bucket, but that manifest updates independently and can
+lag the GitHub/npm/Cargo release. Run `scoop update` first, then verify the
+installed version with `codewhale --version`:
 
 ```bash
 scoop update
@@ -248,17 +273,27 @@ Both binaries are required. Cross-compilation and platform-specific notes: [docs
 
 </details>
 
-### Other API Providers
+### Providers
 
-Official DeepSeek remains the default and first-class path. Other providers are
-additive, with OpenRouter starting from DeepSeek Pro/Flash before broader
-open-model catalogs are enabled.
+Official DeepSeek remains the default and first-class path. v0.8.45 supports
+all 12 provider IDs in this order: `deepseek`, `nvidia-nim`, `openai`,
+`atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`,
+`sglang`, `vllm`, and `ollama`. Other providers are additive, with OpenRouter
+starting from DeepSeek Pro/Flash before broader open-model catalogs are enabled.
 
 ```bash
+# DeepSeek (default)
+codewhale auth set --provider deepseek --api-key "YOUR_DEEPSEEK_API_KEY"
+codewhale --provider deepseek --model deepseek-v4-pro
+
 # NVIDIA NIM
 codewhale auth set --provider nvidia-nim --api-key "YOUR_NVIDIA_API_KEY"
 codewhale --provider nvidia-nim
 
+# Generic OpenAI-compatible endpoint
+codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"
+OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model deepseek-v4-pro
+
 # AtlasCloud
 codewhale auth set --provider atlascloud --api-key "YOUR_ATLASCLOUD_API_KEY"
 codewhale --provider atlascloud
@@ -283,9 +318,11 @@ codewhale --provider fireworks --model deepseek-v4-pro
 codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"
 codewhale --provider moonshot --model kimi-k2.6
 
-# Generic OpenAI-compatible endpoint
-codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"
-OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model deepseek-v4-pro
+# Moonshot/Kimi with Kimi CLI OAuth
+kimi login
+mkdir -p ~/.deepseek
+printf 'provider = "moonshot"\n\n[providers.moonshot]\nauth_mode = "kimi_oauth"\n' >> ~/.deepseek/config.toml
+codewhale --provider moonshot --model kimi-for-coding
 
 # Self-hosted SGLang
 SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model deepseek-v4-flash
@@ -466,15 +503,16 @@ Key environment variables:
 | `DEEPSEEK_HTTP_HEADERS` | Optional custom model request headers, e.g. `X-Model-Provider-Id=your-model-provider` |
 | `DEEPSEEK_MODEL` | Default model |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | Stream idle timeout in seconds, default `300`, clamped to `1..=3600` |
-| `DEEPSEEK_PROVIDER` | `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
+| `DEEPSEEK_PROVIDER` | `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
 | `DEEPSEEK_PROFILE` | Config profile name |
 | `DEEPSEEK_MEMORY` | Set to `on` to enable user memory |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | Allow non-local `http://` API base URLs on trusted networks |
-| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
+| `NVIDIA_API_KEY` / `NVIDIA_NIM_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `WANJIE_API_KEY` / `WANJIE_MAAS_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
+| `NVIDIA_NIM_BASE_URL` / `NIM_BASE_URL` / `NVIDIA_BASE_URL` | NVIDIA NIM endpoint override |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | Generic OpenAI-compatible endpoint and model ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud endpoint and model override |
-| `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Wanjie Ark endpoint and model override |
-| `MOONSHOT_BASE_URL` / `KIMI_BASE_URL` / `MOONSHOT_MODEL` / `KIMI_MODEL` | Moonshot/Kimi endpoint and model override |
+| `WANJIE_ARK_BASE_URL` / `WANJIE_BASE_URL` / `WANJIE_MAAS_BASE_URL` / `WANJIE_ARK_MODEL` / `WANJIE_MODEL` / `WANJIE_MAAS_MODEL` | Wanjie Ark endpoint and model override |
+| `MOONSHOT_BASE_URL` / `KIMI_BASE_URL` / `MOONSHOT_MODEL` / `KIMI_MODEL_NAME` / `KIMI_MODEL` | Moonshot/Kimi endpoint and model override |
 | `OPENROUTER_BASE_URL` | OpenRouter endpoint override |
 | `NOVITA_BASE_URL` | Novita endpoint override |
 | `FIREWORKS_BASE_URL` | Fireworks endpoint override |

From 64c870f35c7a6f56cbe273935eb55848e48801bb Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 22:07:10 -0500
Subject: [PATCH 018/283] docs(web): sync v0.8.45 facts and provider surface

---
 web/app/[locale]/docs/page.tsx    | 46 +++++++++++++++----------------
 web/app/[locale]/faq/page.tsx     | 22 ++++++++-------
 web/app/[locale]/page.tsx         | 22 +++++++--------
 web/app/[locale]/roadmap/page.tsx | 26 ++++++++---------
 web/lib/facts-drift.ts            | 14 ++++++----
 web/lib/facts.generated.ts        | 34 ++++++++++++++++-------
 web/lib/github.ts                 |  2 +-
 web/lib/roadmap-feed.ts           | 27 +++++++++++++++---
 web/scripts/derive-facts.mjs      | 17 +++++++-----
 9 files changed, 125 insertions(+), 85 deletions(-)

diff --git a/web/app/[locale]/docs/page.tsx b/web/app/[locale]/docs/page.tsx
index cfe384b5..78be0f71 100644
--- a/web/app/[locale]/docs/page.tsx
+++ b/web/app/[locale]/docs/page.tsx
@@ -121,7 +121,7 @@ export default async function DocsPage({ params }: { params: Promise<{ locale: s
                     { group: "Git / 诊断 / 测试", tools: "git_status · git_diff · diagnostics · run_tests" },
                     { group: "子 Agent", tools: "agent_open · agent_eval · agent_close —— 持久会话，并行执行，通过 var_handle 读取大结果" },
                     { group: "递归 LM (RLM)", tools: "rlm_open · rlm_eval · rlm_configure · rlm_close —— 沙箱 Python REPL，内置 peek/search/chunk/sub_query_batch 等辅助函数" },
-                    { group: "MCP", tools: "mcp_<server>_<tool>——从 ~/.codewhale/mcp.json 自动注册" },
+                    { group: "MCP", tools: "mcp_<server>_<tool>——从 ~/.deepseek/mcp.json 自动注册" },
                   ].map((row) => (
                     <div key={row.group} className="grid md:grid-cols-12 gap-0 hairline-t py-3 px-4 hover:bg-paper-deep transition-colors min-w-0">
                       <div className="md:col-span-3 font-display text-sm font-semibold">{row.group}</div>
@@ -152,8 +152,8 @@ export default async function DocsPage({ params }: { params: Promise<{ locale: s
                   ))}
                 </div>
                 <p className="mt-5 text-ink-soft leading-[1.9] tracking-wide">
-                  沙箱：{facts.sandboxBackends.join("、")}。工作区边界默认为 <code className="inline">--workspace</code>。
-                  <code className="inline">/trust</code> 可解除边界限制。
+                  沙箱：{facts.sandboxBackends.join("、")}。Windows 当前不宣称 OS 级文件系统沙箱，但保留同样的审批、工作区边界和终端运行时保护。
+                  <code className="inline">/trust</code> 可解除工作区边界限制。
                 </p>
               </section>
 
@@ -163,7 +163,7 @@ export default async function DocsPage({ params }: { params: Promise<{ locale: s
                   配置 <span className="font-cjk text-indigo text-2xl ml-2">Configuration</span>
                 </h2>
                 <pre className="code-block mt-5">
-{`# ~/.codewhale/config.toml
+{`# ~/.deepseek/config.toml
 api_key = "sk-..."
 base_url = "https://api.deepseek.com"
 default_text_model = "${facts.defaultModel ?? "deepseek-v4-pro"}"  # 默认模型；deepseek-v4-flash 用于快速 / 子智能体
@@ -179,7 +179,7 @@ default_timeout_secs = 30
 
 [[hooks.hooks]]
 event = "session_start"                     # 也支持: tool_call_before / tool_call_after
-command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change / on_error / shell_env`}
+command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change / on_error / shell_env`}
                 </pre>
                 <p className="mt-4 text-sm text-ink-soft">
                   完整参考：<Link className="body-link" href="https://github.com/Hmbown/CodeWhale/blob/main/config.example.toml">config.example.toml</Link>。
@@ -193,7 +193,7 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                 </h2>
                 <p className="text-ink-soft mt-3 leading-[1.9] tracking-wide">
                   <code className="inline">codewhale</code> 双向支持模型上下文协议（Model Context Protocol）：作为客户端从
-                  <code className="inline">~/.codewhale/mcp.json</code> 加载服务器，同时也可作为服务器暴露工具
+                  <code className="inline">~/.deepseek/mcp.json</code> 加载服务器，同时也可作为服务器暴露工具
                   （<code className="inline">codewhale mcp</code>）。工具以 <code className="inline">mcp_&lt;server&gt;_&lt;tool&gt;</code> 形式呈现。
                 </p>
                 <pre className="code-block mt-5">
@@ -218,7 +218,7 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                   技能 <span className="font-cjk text-indigo text-2xl ml-2">Skills</span>
                 </h2>
                 <p className="text-ink-soft mt-3 leading-[1.9] tracking-wide">
-                  技能是 <code className="inline">~/.codewhale/skills/&lt;name&gt;/</code> 下的一个文件夹，
+                  技能是 <code className="inline">~/.deepseek/skills/&lt;name&gt;/</code> 下的一个文件夹，
                   根目录包含 <code className="inline">SKILL.md</code>。Agent 启动时加载技能名称和描述，
                   在需要时通过 Skill 工具拉取完整内容。
                 </p>
@@ -253,7 +253,7 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                 <p className="text-ink-soft mt-3 leading-[1.9] tracking-wide">
                   使用 <code className="inline">codewhale auth set --provider &lt;id&gt;</code> 切换。下表为
                   <code className="inline">crates/tui/src/config.rs</code> 中 <code className="inline">ApiProvider</code> 枚举的实时投影
-                  ，目前共 {facts.providers.length} 个。
+                  ，v0.8.45 当前共 {facts.providers.length} 个。
                 </p>
                 <div className="hairline-t hairline-b mt-5">
                   {facts.providers.map((p) => (
@@ -265,9 +265,8 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                   ))}
                 </div>
                 <p className="mt-5 text-ink-soft leading-[1.9] tracking-wide">
-                  开放模型平台方向：CodeWhale 正在扩展对
-                  <strong> OpenRouter</strong>、<strong> Hugging Face</strong> 和<strong> 自托管</strong> 模型的支持，
-                  为您提供完全自主的模型选择——从云端 API 到本地部署均可覆盖。
+                  开放模型平台方向：CodeWhale 保持 DeepSeek 优先，同时内置 Moonshot/Kimi、OpenRouter、NVIDIA NIM、
+                  AtlasCloud、Wanjie Ark、Novita、Fireworks 和自托管 SGLang/vLLM/Ollama 路径。
                 </p>
               </section>
 
@@ -373,7 +372,7 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                     { group: "Git / diag / test", tools: "git_status · git_diff · diagnostics · run_tests" },
                     { group: "Sub-agents", tools: "agent_open · agent_eval · agent_close — persistent sessions, parallel execution, bounded result retrieval via var_handle" },
                     { group: "Recursive LM (RLM)", tools: "rlm_open · rlm_eval · rlm_configure · rlm_close — sandboxed Python REPL with peek/search/chunk/sub_query_batch helpers" },
-                    { group: "MCP", tools: "mcp_<server>_<tool> — auto-registered from ~/.codewhale/mcp.json" },
+                    { group: "MCP", tools: "mcp_<server>_<tool> — auto-registered from ~/.deepseek/mcp.json" },
                   ].map((row) => (
                     <div key={row.group} className="grid md:grid-cols-12 gap-0 hairline-t py-3 px-4 hover:bg-paper-deep transition-colors min-w-0">
                       <div className="md:col-span-3 font-display text-sm font-semibold">{row.group}</div>
@@ -403,8 +402,9 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                   ))}
                 </div>
                 <p className="mt-5 text-ink-soft leading-relaxed">
-                  Sandbox: {facts.sandboxBackends.join(", ")}. Workspace boundary defaults to{" "}
-                  <code className="inline">--workspace</code>. <code className="inline">/trust</code> lifts the boundary.
+                  Sandbox: {facts.sandboxBackends.join(", ")}. On Windows, CodeWhale does not advertise
+                  OS-level filesystem isolation yet, but keeps the same approvals, workspace boundary,
+                  and terminal runtime protections. <code className="inline">/trust</code> lifts the workspace boundary.
                 </p>
               </section>
 
@@ -413,7 +413,7 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                   Configuration <span className="font-cjk text-indigo text-2xl ml-2">配置</span>
                 </h2>
                 <pre className="code-block mt-5">
-{`# ~/.codewhale/config.toml
+{`# ~/.deepseek/config.toml
 api_key = "sk-..."
 base_url = "https://api.deepseek.com"
 default_text_model = "${facts.defaultModel ?? "deepseek-v4-pro"}"  # default; deepseek-v4-flash is the fast / sub-agent option
@@ -429,7 +429,7 @@ default_timeout_secs = 30
 
 [[hooks.hooks]]
 event = "session_start"                     # or: tool_call_before / tool_call_after
-command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change / on_error / shell_env`}
+command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change / on_error / shell_env`}
                 </pre>
                 <p className="mt-4 text-sm text-ink-soft">
                   Full reference: <Link className="body-link" href="https://github.com/Hmbown/CodeWhale/blob/main/config.example.toml">config.example.toml</Link>.
@@ -442,7 +442,7 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                 </h2>
                 <p className="text-ink-soft mt-3 leading-relaxed">
                   <code className="inline">codewhale</code> speaks the Model Context Protocol both ways: as a client (loads
-                  servers from <code className="inline">~/.codewhale/mcp.json</code>) and as a server
+                  servers from <code className="inline">~/.deepseek/mcp.json</code>) and as a server
                   (<code className="inline">codewhale mcp</code>). Tools surface as <code className="inline">mcp_&lt;server&gt;_&lt;tool&gt;</code>.
                 </p>
                 <pre className="code-block mt-5">
@@ -466,7 +466,7 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                   Skills <span className="font-cjk text-indigo text-2xl ml-2">技能</span>
                 </h2>
                 <p className="text-ink-soft mt-3 leading-relaxed">
-                  A skill is a folder under <code className="inline">~/.codewhale/skills/&lt;name&gt;/</code>
+                  A skill is a folder under <code className="inline">~/.deepseek/skills/&lt;name&gt;/</code>
                   with a <code className="inline">SKILL.md</code> at the root. The agent loads skill names + descriptions on
                   startup and can pull in the full body via the Skill tool when relevant.
                 </p>
@@ -500,7 +500,7 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                 <p className="text-ink-soft mt-3 leading-relaxed">
                   Switch with <code className="inline">codewhale auth set --provider &lt;id&gt;</code>. The
                   table below is a live projection of the <code className="inline">ApiProvider</code> enum
-                  in <code className="inline">crates/tui/src/config.rs</code> — currently {facts.providers.length} providers.
+                  in <code className="inline">crates/tui/src/config.rs</code> — v0.8.45 currently has {facts.providers.length} providers.
                 </p>
                 <div className="hairline-t hairline-b mt-5">
                   {facts.providers.map((p) => (
@@ -512,9 +512,9 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
                   ))}
                 </div>
                 <p className="mt-5 text-ink-soft leading-relaxed">
-                  Open-model platform direction: CodeWhale is expanding support for
-                  <strong> OpenRouter</strong>, <strong> Hugging Face</strong>, and <strong> self-hosted</strong> models,
-                  giving you full sovereignty over model choice — from cloud APIs to local deployments.
+                  Open-model platform direction: CodeWhale stays DeepSeek-first while shipping Moonshot/Kimi,
+                  OpenRouter, NVIDIA NIM, AtlasCloud, Wanjie Ark, Novita, Fireworks, and self-hosted
+                  SGLang/vLLM/Ollama paths.
                 </p>
               </section>
 
@@ -547,4 +547,4 @@ command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change /
       )}
     </>
   );
-}
\ No newline at end of file
+}
diff --git a/web/app/[locale]/faq/page.tsx b/web/app/[locale]/faq/page.tsx
index f216552a..ec5f7dcd 100644
--- a/web/app/[locale]/faq/page.tsx
+++ b/web/app/[locale]/faq/page.tsx
@@ -23,7 +23,7 @@ const faqEn: FaqItem[] = [
     q: "What is CodeWhale?",
     a: (
       <>
-        CodeWhale is a terminal-native coding agent for open-source and open-weight models. It runs from the <code className="inline">codewhale</code> command, streams reasoning blocks, edits local workspaces with approval gates, and can auto-route each turn to the right model and thinking level. DeepSeek V4 is the first-class model path; OpenRouter is ready. Hugging Face, self-hosted, and other open-model surfaces are on the roadmap.
+        CodeWhale is a terminal-native coding agent for open-source and open-weight models. It runs from the <code className="inline">codewhale</code> command, streams reasoning blocks, edits local workspaces with approval gates, and can auto-route each turn to the right model and thinking level. DeepSeek V4 is the first-class model path; v0.8.45 also ships Moonshot/Kimi, OpenRouter, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, Novita, Fireworks, SGLang, vLLM, and Ollama paths.
       </>
     ),
     sources: ["README.md", "docs/ARCHITECTURE.md"],
@@ -112,12 +112,13 @@ codewhale doctor         # full connectivity check`}
         <p className="mb-2">CodeWhale ships with these built-in providers:</p>
         <ul className="list-disc pl-5 space-y-1 text-sm text-ink-soft mb-3">
           <li><strong>DeepSeek</strong> — first-class, native API. Reasoning streaming, cache metrics, thinking effort control.</li>
+          <li><strong>Moonshot/Kimi</strong> — Kimi API key mode or local Kimi CLI OAuth reuse.</li>
           <li><strong>OpenRouter</strong> — unified API for DeepSeek models and more.</li>
-          <li><strong>OpenAI</strong>, <strong>NVIDIA NIM</strong>, <strong>Novita</strong>, <strong>Fireworks</strong>, <strong>sglang</strong>, <strong>vLLM</strong>, <strong>Ollama</strong></li>
+          <li><strong>OpenAI-compatible</strong>, <strong>NVIDIA NIM</strong>, <strong>AtlasCloud</strong>, <strong>Wanjie Ark</strong>, <strong>Novita</strong>, <strong>Fireworks</strong>, <strong>SGLang</strong>, <strong>vLLM</strong>, <strong>Ollama</strong></li>
         </ul>
         <p>
           Set the corresponding env var (e.g. <code className="inline">OPENROUTER_API_KEY</code>) and your provider in <code className="inline">~/.deepseek/config.toml</code>.
-          Hugging Face, ZenMux, and self-hosted OpenAI-compatible endpoints are on the roadmap.
+          SGLang, vLLM, and Ollama can also run against self-hosted OpenAI-compatible endpoints.
         </p>
       </>
     ),
@@ -156,7 +157,7 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
         Yes. Use the <code className="inline">vllm</code>, <code className="inline">sglang</code>, or <code className="inline">ollama</code> providers with your local endpoint.
         For OpenAI-compatible endpoints (llama.cpp server, text-generation-webui, Aphrodite, etc.), you can use the <code className="inline">openai</code> provider with a custom <code className="inline">base_url</code>.
         CodeWhale also respects <code className="inline">DEEPSEEK_ALLOW_INSECURE_HTTP=true</code> for local HTTP endpoints.
-        Full Hugging Face TGI/vLLM integration is on the roadmap.
+        Direct Hugging Face TGI discovery remains roadmap work.
       </>
     ),
     sources: ["#574", "#1303", "docs/CONFIGURATION.md"],
@@ -211,7 +212,7 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
     a: (
       <>
         CodeWhale runs entirely on your machine. No telemetry, no cloud processing of your code.
-        Sandbox backends: <strong>seatbelt</strong> (macOS), <strong>landlock</strong> (Linux), restricted tokens (Windows).
+        Sandbox backends: <strong>seatbelt</strong> (macOS), <strong>landlock</strong> (Linux). Windows keeps the same approval and terminal runtime protections, but does not advertise OS-level filesystem isolation yet.
         Workspace boundaries default to <code className="inline">--workspace</code>. <code className="inline">/trust</code> lifts them.
         Approval mode is configurable per session. All credential/approval/elevation events are written to <code className="inline">~/.deepseek/audit.log</code>.
       </>
@@ -336,7 +337,7 @@ const faqZh: FaqItem[] = [
     q: "CodeWhale 是什么？",
     a: (
       <>
-        CodeWhale 是一个面向开源模型的终端原生编程智能体。通过 <code className="inline">codewhale</code> 命令启动，流式输出推理块，在有审批门槛的情况下编辑本地工作区，并可为每个回合自动选择最合适的模型和推理深度。DeepSeek V4 是一级模型路径；OpenRouter 已就绪。Hugging Face、自托管等开放模型接口已在路线图中。
+        CodeWhale 是一个面向开源模型的终端原生编程智能体。通过 <code className="inline">codewhale</code> 命令启动，流式输出推理块，在有审批门槛的情况下编辑本地工作区，并可为每个回合自动选择最合适的模型和推理深度。DeepSeek V4 是一级模型路径；v0.8.45 也内置 Moonshot/Kimi、OpenRouter、NVIDIA NIM、OpenAI 兼容、AtlasCloud、Wanjie Ark、Novita、Fireworks、SGLang、vLLM 和 Ollama 路径。
       </>
     ),
     sources: ["README.md", "docs/ARCHITECTURE.md"],
@@ -424,12 +425,13 @@ codewhale doctor         # 完整连接检查`}
         <p className="mb-2">CodeWhale 内建以下提供商：</p>
         <ul className="list-disc pl-5 space-y-1 text-sm text-ink-soft mb-3">
           <li><strong>DeepSeek</strong> — 一级支持，原生 API。推理流、缓存指标、思考力度控制。</li>
+          <li><strong>Moonshot/Kimi</strong> — Kimi API key 模式或复用本地 Kimi CLI OAuth。</li>
           <li><strong>OpenRouter</strong> — 统一 API，可访问 DeepSeek 等模型。</li>
-          <li><strong>OpenAI</strong>、<strong>NVIDIA NIM</strong>、<strong>Novita</strong>、<strong>Fireworks</strong>、<strong>sglang</strong>、<strong>vLLM</strong>、<strong>Ollama</strong></li>
+          <li><strong>OpenAI 兼容</strong>、<strong>NVIDIA NIM</strong>、<strong>AtlasCloud</strong>、<strong>Wanjie Ark</strong>、<strong>Novita</strong>、<strong>Fireworks</strong>、<strong>SGLang</strong>、<strong>vLLM</strong>、<strong>Ollama</strong></li>
         </ul>
         <p>
           设置对应的环境变量（如 <code className="inline">OPENROUTER_API_KEY</code>）并在 <code className="inline">~/.deepseek/config.toml</code> 中配置你的提供商。
-          Hugging Face、ZenMux 和自托管 OpenAI 兼容端点正在路线图中。
+          SGLang、vLLM 和 Ollama 也可以连接自托管 OpenAI 兼容端点。
         </p>
       </>
     ),
@@ -468,7 +470,7 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
         可以。使用 <code className="inline">vllm</code>、<code className="inline">sglang</code> 或 <code className="inline">ollama</code> 提供商连接本地端点。
         对于 OpenAI 兼容端点（llama.cpp server、text-generation-webui 等），可以使用 <code className="inline">openai</code> 提供商并设置自定义 <code className="inline">base_url</code>。
         CodeWhale 也支持 <code className="inline">DEEPSEEK_ALLOW_INSECURE_HTTP=true</code> 用于本地 HTTP 端点。
-        完整的 Hugging Face TGI/vLLM 集成正在路线图中。
+        Hugging Face TGI 的直接发现仍在路线图中。
       </>
     ),
     sources: ["#574", "#1303", "docs/CONFIGURATION.md"],
@@ -523,7 +525,7 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
     a: (
       <>
         CodeWhale 完全在你的机器上运行。无遥测，不会将你的代码上传到云端处理。
-        沙箱后端：<strong>seatbelt</strong>（macOS）、<strong>landlock</strong>（Linux）、受限令牌（Windows）。
+        沙箱后端：<strong>seatbelt</strong>（macOS）、<strong>landlock</strong>（Linux）。Windows 保留同样的审批与终端运行时保护，但当前不宣称 OS 级文件系统沙箱。
         工作区边界默认为 <code className="inline">--workspace</code>。<code className="inline">/trust</code> 可解除边界。
         审批模式可按会话配置。所有凭证/审批/提权事件写入 <code className="inline">~/.deepseek/audit.log</code>。
       </>
diff --git a/web/app/[locale]/page.tsx b/web/app/[locale]/page.tsx
index 05762720..2c999f39 100644
--- a/web/app/[locale]/page.tsx
+++ b/web/app/[locale]/page.tsx
@@ -15,7 +15,7 @@ const FALLBACK_STATS: RepoStats = {
   forks: 0,
   openIssues: 0,
   openPulls: 0,
-  contributors: 98,
+  contributors: 99,
   fetchedAt: new Date().toISOString(),
 };
 
@@ -94,8 +94,8 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
             <p className="mt-6 text-lg text-ink-soft leading-relaxed max-w-2xl">
               <span className="font-cjk text-indigo font-semibold">CodeWhale</span>
               {isZh
-                ? " 是面向 DeepSeek V4 及其他开放权重模型的终端原生编程智能体。它读改文件、跑测试、调用 MCP 服务器，全程在你的文件系统沙箱内运行。"
-                : " is a terminal-native coding agent for DeepSeek V4 and other open-weight models. It reads and edits files, runs tests, calls MCP servers — all inside your filesystem sandbox."}
+                ? " 是面向 DeepSeek V4 及其他开放权重模型的终端原生编程智能体。它读改文件、跑测试、调用 MCP 服务器，并通过审批、工作区边界和平台沙箱控制风险。"
+                : " is a terminal-native coding agent for DeepSeek V4 and other open-weight models. It reads and edits files, runs tests, calls MCP servers, and controls risk through approvals, workspace boundaries, and platform sandboxes."}
             </p>
 
             <div className="mt-8 flex flex-wrap items-stretch sm:items-center gap-3">
@@ -155,7 +155,7 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
                 )}
               </pre>
               <div className="mt-3 flex items-center justify-between text-[0.7rem] font-mono text-ink-mute">
-                <span>{isZh ? "需要 Node 或 Rust 1.88+" : "needs Node or Rust 1.88+"}</span>
+                <span>{isZh ? "Linux / macOS / Windows x64" : "Linux / macOS / Windows x64"}</span>
                 <Link href={isZh ? "/zh/install" : "/install"} className="text-indigo hover:underline">{isZh ? "其他方式 →" : "other ways →"}</Link>
               </div>
             </div>
@@ -188,14 +188,14 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
                 <div className="eyebrow mb-3">02 · 开源模型优先</div>
                 <h3 className="font-display text-xl mb-3">DeepSeek V4 深度集成</h3>
                 <p className="text-sm text-ink-soft leading-[1.9]">
-                  原生 DeepSeek API：推理流、缓存指标、思考力度控制。OpenRouter、NVIDIA NIM、vLLM、sglang 同时可选。
+                  原生 DeepSeek API：推理流、缓存指标、思考力度控制。Moonshot/Kimi、OpenRouter、NVIDIA NIM、vLLM、SGLang 等同时可选。
                 </p>
               </div>
               <div className="p-6">
                 <div className="eyebrow mb-3">03 · 沙箱边界</div>
                 <h3 className="font-display text-xl mb-3">Plan、Agent、YOLO</h3>
                 <p className="text-sm text-ink-soft leading-[1.9]">
-                  Plan 只读；Agent 风险操作前确认；YOLO 全自动。沙箱：seatbelt（macOS）、landlock（Linux）、受限令牌（Windows）。
+                  Plan 只读；Agent 风险操作前确认；YOLO 全自动。macOS 使用 seatbelt，Linux 使用 landlock；Windows 保留同样的审批与终端保护。
                 </p>
               </div>
             </>
@@ -212,14 +212,14 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
                 <div className="eyebrow mb-3">02 · open models first</div>
                 <h3 className="font-display text-xl mb-3">DeepSeek V4, deeply integrated</h3>
                 <p className="text-sm text-ink-soft leading-relaxed">
-                  Native DeepSeek API: reasoning streaming, cache metrics, thinking-effort control. OpenRouter, NVIDIA NIM, vLLM, and sglang also supported.
+                  Native DeepSeek API: reasoning streaming, cache metrics, thinking-effort control. Moonshot/Kimi, OpenRouter, NVIDIA NIM, vLLM, and SGLang are also supported.
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">03 · sandboxed</div>
+                <div className="eyebrow mb-3">03 · controlled</div>
                 <h3 className="font-display text-xl mb-3">Plan, Agent, YOLO</h3>
                 <p className="text-sm text-ink-soft leading-relaxed">
-                  Plan reads only. Agent asks before risky ops. YOLO auto-approves. Sandboxed via seatbelt (macOS), landlock (Linux), restricted tokens (Windows).
+                  Plan reads only. Agent asks before risky ops. YOLO auto-approves. macOS uses seatbelt, Linux uses landlock; Windows keeps the same approval and terminal protections.
                 </p>
               </div>
             </>
@@ -325,7 +325,7 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
     B -->|tool call| T["read_file · edit_file · grep<br/>apply_patch · exec_shell<br/>mcp_&lt;server&gt;_&lt;tool&gt;"]
     T -->|approval Y/N| P["审批对话框<br/>approval dialog"]
     P --> B
-    T -->|exec| S["沙箱<br/>seatbelt · landlock · win32"]
+    T -->|exec| S["平台控制<br/>seatbelt · landlock · approvals"]
     classDef accent fill:#e9eefe,stroke:#0e0e10,stroke-width:1px;
     classDef api fill:#0e0e10,stroke:#0e0e10,color:#ffffff;
     class C api;
@@ -337,7 +337,7 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
     B -->|tool call| T["read_file · edit_file · grep<br/>apply_patch · exec_shell<br/>mcp_&lt;server&gt;_&lt;tool&gt;"]
     T -->|approval Y/N| P["Approval<br/>dialog"]
     P --> B
-    T -->|exec| S["Sandbox<br/>seatbelt · landlock · win32"]
+    T -->|exec| S["Platform controls<br/>seatbelt · landlock · approvals"]
     classDef accent fill:#e9eefe,stroke:#0e0e10,stroke-width:1px;
     classDef api fill:#0e0e10,stroke:#0e0e10,color:#ffffff;
     class C api;
diff --git a/web/app/[locale]/roadmap/page.tsx b/web/app/[locale]/roadmap/page.tsx
index 17e382bb..787ff0c6 100644
--- a/web/app/[locale]/roadmap/page.tsx
+++ b/web/app/[locale]/roadmap/page.tsx
@@ -26,12 +26,12 @@ const tracksEn = [
       { title: "Sub-agent parallel execution", note: "agent_open / agent_eval / agent_close; up to 10 concurrent sessions with bounded result handles" },
       { title: "RLM batched processing", note: "Persistent sandboxed Python REPL with 1–16 cheap parallel children for long-input analysis" },
       { title: "Three operating modes", note: "Plan (read-only), Agent (default), YOLO (auto-approved); orthogonal suggest / auto / never approval" },
-      { title: "Per-platform sandbox", note: "seatbelt (macOS), landlock (Linux); Windows containment via restricted tokens (limited)" },
+      { title: "Per-platform controls", note: "seatbelt (macOS), landlock (Linux); Windows keeps approvals and terminal/runtime protections while OS sandbox work remains tracked" },
       { title: "Durable sessions + tasks", note: "Save, resume, rollback; background task queue with replayable timelines under ~/.deepseek/tasks/" },
-      { title: "Bidirectional MCP", note: "Consume tools from external servers; expose as server via `deepseek mcp`; ~/.deepseek/mcp.json" },
+      { title: "Bidirectional MCP", note: "Consume tools from external servers; expose as server via `codewhale mcp`; ~/.deepseek/mcp.json" },
       { title: "Skills + unified slash palette", note: "~/.deepseek/skills/ auto-loading; /help, /mode, /status, /config, /trust, /feedback" },
-      { title: "OpenRouter provider", note: "First-class OpenRouter integration with 300+ models across dozens of providers" },
-      { title: "Multi-provider support", note: "Hot-swap between providers (DeepSeek, OpenAI, Anthropic, OpenRouter) per session" },
+      { title: "v0.8.45 provider surface", note: "DeepSeek, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, OpenRouter, Novita, Fireworks, Moonshot/Kimi, SGLang, vLLM, and Ollama" },
+      { title: "Moonshot/Kimi OAuth", note: "Kimi CLI OAuth reuse plus API-key mode for Moonshot/Kimi sessions" },
     ],
   },
   {
@@ -43,8 +43,8 @@ const tracksEn = [
       { title: "Memory typed store", note: "SQLite + FTS5 backend with graph-structured agent memory and multi-signal recall (#534–#536)" },
       { title: "Feishu / Lark bot", note: "Chat-platform frontend over the existing runtime API (#757)" },
       { title: "Chinese-market & i18n", note: "Locale-aware UI, platform refinements, region-specific search backends (#755)" },
-      { title: "Hugging Face model discovery + Model Lab", note: "Browse, download, and manage models from Hugging Face Hub directly in the TUI" },
-      { title: "ZenMux / OpenAI-compatible providers", note: "Bring any OpenAI-compatible endpoint (vLLM, LiteLLM, Ollama, local) as a first-class provider" },
+      { title: "Model Lab", note: "Curated model discovery and benchmarking for open-weight and self-hosted workflows" },
+      { title: "Provider billing and catalogs", note: "/balance capability layer plus richer live model catalogs for providers that expose listing endpoints" },
     ],
   },
   {
@@ -92,12 +92,12 @@ const tracksZh = [
       { title: "子 Agent 并行执行", note: "agent_open / agent_eval / agent_close；最多 10 个并发会话，通过 var_handle 有界读取结果" },
       { title: "RLM 批量处理", note: "持久沙箱 Python REPL，支持 1–16 路廉价并行子调用，处理长文本分析" },
       { title: "三种运行模式", note: "Plan（只读）、Agent（默认）、YOLO（自动批准）；审批模式正交（建议/自动/拒绝）" },
-      { title: "跨平台沙箱", note: "seatbelt（macOS）、landlock（Linux）；Windows 通过受限令牌实现基础隔离（功能有限）" },
+      { title: "跨平台控制", note: "seatbelt（macOS）、landlock（Linux）；Windows 保留审批与终端运行时保护，OS 沙箱仍在跟踪中" },
       { title: "持久化会话 + 后台任务", note: "保存、恢复、回滚；后台任务队列，可回放时间线，位于 ~/.deepseek/tasks/" },
-      { title: "双向 MCP 协议", note: "消费外部服务器工具；通过 `deepseek mcp` 暴露为服务器；~/.deepseek/mcp.json" },
+      { title: "双向 MCP 协议", note: "消费外部服务器工具；通过 `codewhale mcp` 暴露为服务器；~/.deepseek/mcp.json" },
       { title: "技能 + 统一命令面板", note: "~/.deepseek/skills/ 自动加载；/help、/mode、/status、/config、/trust、/feedback" },
-      { title: "OpenRouter 提供商", note: "原生集成 OpenRouter，支持 300+ 模型，覆盖数十个提供商" },
-      { title: "多提供商支持", note: "按会话动态切换提供商（DeepSeek、OpenAI、Anthropic、OpenRouter）" },
+      { title: "v0.8.45 提供商表面", note: "DeepSeek、NVIDIA NIM、OpenAI 兼容、AtlasCloud、Wanjie Ark、OpenRouter、Novita、Fireworks、Moonshot/Kimi、SGLang、vLLM、Ollama" },
+      { title: "Moonshot/Kimi OAuth", note: "复用 Kimi CLI OAuth，也支持 Moonshot/Kimi API key 模式" },
     ],
   },
   {
@@ -109,8 +109,8 @@ const tracksZh = [
       { title: "记忆类型化存储", note: "SQLite + FTS5 后端，图结构 Agent 记忆，多信号召回（#534–#536）" },
       { title: "飞书 / Lark 机器人", note: "基于现有 runtime API 的聊天平台前端（#757）" },
       { title: "中国市场与国际化改进", note: "本地化 UI、平台优化、区域搜索引擎（#755）" },
-      { title: "Hugging Face 模型发现 + 模型实验室", note: "在 TUI 中直接浏览、下载和管理 Hugging Face Hub 上的模型" },
-      { title: "ZenMux / OpenAI 兼容提供商", note: "将任意 OpenAI 兼容端点（vLLM、LiteLLM、Ollama、本地模型）作为一级提供商接入" },
+      { title: "模型实验室", note: "面向开放权重和自托管工作流的模型发现与基准测试" },
+      { title: "提供商账单与目录", note: "/balance 能力层，以及对支持列表接口的提供商提供更完整的实时模型目录" },
     ],
   },
   {
@@ -339,4 +339,4 @@ export default async function RoadmapPage({ params }: { params: Promise<{ locale
       )}
     </>
   );
-}
\ No newline at end of file
+}
diff --git a/web/lib/facts-drift.ts b/web/lib/facts-drift.ts
index 5e99f35c..531ebcff 100644
--- a/web/lib/facts-drift.ts
+++ b/web/lib/facts-drift.ts
@@ -77,12 +77,15 @@ function deriveProvidersFromConfig(cfg: string): ProviderFact[] {
   // so the binary rejects it — keep it out of the docs. Issue #1104.
   const labelMap: Record<string, ProviderFact> = {
     Deepseek: { id: "deepseek", label: "DeepSeek", env: "DEEPSEEK_API_KEY" },
-    NvidiaNim: { id: "nvidia-nim", label: "NVIDIA NIM", env: "NVIDIA_API_KEY" },
-    Openai: { id: "openai", label: "OpenAI", env: "OPENAI_API_KEY" },
+    NvidiaNim: { id: "nvidia-nim", label: "NVIDIA NIM", env: "NVIDIA_API_KEY / NVIDIA_NIM_API_KEY" },
+    Openai: { id: "openai", label: "OpenAI-compatible", env: "OPENAI_API_KEY" },
+    Atlascloud: { id: "atlascloud", label: "AtlasCloud", env: "ATLASCLOUD_API_KEY" },
+    WanjieArk: { id: "wanjie-ark", label: "Wanjie Ark", env: "WANJIE_ARK_API_KEY / WANJIE_API_KEY / WANJIE_MAAS_API_KEY" },
     Openrouter: { id: "openrouter", label: "OpenRouter", env: "OPENROUTER_API_KEY" },
-    Novita: { id: "novita", label: "Novita", env: "NOVITA_API_KEY" },
-    Fireworks: { id: "fireworks", label: "Fireworks", env: "FIREWORKS_API_KEY" },
-    Sglang: { id: "sglang", label: "sglang", env: "SGLANG_API_KEY" },
+    Novita: { id: "novita", label: "Novita AI", env: "NOVITA_API_KEY" },
+    Fireworks: { id: "fireworks", label: "Fireworks AI", env: "FIREWORKS_API_KEY" },
+    Moonshot: { id: "moonshot", label: "Moonshot/Kimi", env: "MOONSHOT_API_KEY / KIMI_API_KEY" },
+    Sglang: { id: "sglang", label: "SGLang", env: "SGLANG_API_KEY" },
     Vllm: { id: "vllm", label: "vLLM", env: "VLLM_API_KEY" },
     Ollama: { id: "ollama", label: "Ollama", env: "OLLAMA_API_KEY" },
   };
@@ -98,7 +101,6 @@ function deriveSandboxBackends(files: string[]): string[] {
   const map: Record<string, string> = {
     seatbelt: "seatbelt (macOS)",
     landlock: "landlock (Linux)",
-    windows: "AppContainer / restricted tokens (Windows)",
   };
   return files
     .map((f) => f.replace(/\.rs$/, ""))
diff --git a/web/lib/facts.generated.ts b/web/lib/facts.generated.ts
index b4468cf9..0db1a07a 100644
--- a/web/lib/facts.generated.ts
+++ b/web/lib/facts.generated.ts
@@ -18,8 +18,8 @@ export interface RepoFacts {
 }
 
 export const FACTS: RepoFacts = {
-  "generatedAt": "2026-05-24T16:01:45.189Z",
-  "version": "0.8.43",
+  "generatedAt": "2026-05-26T03:03:01.383Z",
+  "version": "0.8.45",
   "crates": [
     "agent",
     "app-server",
@@ -38,8 +38,7 @@ export const FACTS: RepoFacts = {
   ],
   "sandboxBackends": [
     "landlock (Linux)",
-    "seatbelt (macOS)",
-    "AppContainer / restricted tokens (Windows)"
+    "seatbelt (macOS)"
   ],
   "providers": [
     {
@@ -50,13 +49,23 @@ export const FACTS: RepoFacts = {
     {
       "id": "nvidia-nim",
       "label": "NVIDIA NIM",
-      "env": "NVIDIA_API_KEY"
+      "env": "NVIDIA_API_KEY / NVIDIA_NIM_API_KEY"
     },
     {
       "id": "openai",
-      "label": "OpenAI",
+      "label": "OpenAI-compatible",
       "env": "OPENAI_API_KEY"
     },
+    {
+      "id": "atlascloud",
+      "label": "AtlasCloud",
+      "env": "ATLASCLOUD_API_KEY"
+    },
+    {
+      "id": "wanjie-ark",
+      "label": "Wanjie Ark",
+      "env": "WANJIE_ARK_API_KEY / WANJIE_API_KEY / WANJIE_MAAS_API_KEY"
+    },
     {
       "id": "openrouter",
       "label": "OpenRouter",
@@ -64,17 +73,22 @@ export const FACTS: RepoFacts = {
     },
     {
       "id": "novita",
-      "label": "Novita",
+      "label": "Novita AI",
       "env": "NOVITA_API_KEY"
     },
     {
       "id": "fireworks",
-      "label": "Fireworks",
+      "label": "Fireworks AI",
       "env": "FIREWORKS_API_KEY"
     },
+    {
+      "id": "moonshot",
+      "label": "Moonshot/Kimi",
+      "env": "MOONSHOT_API_KEY / KIMI_API_KEY"
+    },
     {
       "id": "sglang",
-      "label": "sglang",
+      "label": "SGLang",
       "env": "SGLANG_API_KEY"
     },
     {
@@ -90,7 +104,7 @@ export const FACTS: RepoFacts = {
   ],
   "defaultModel": "deepseek-v4-pro",
   "nodeEngines": ">=18",
-  "toolCount": 69,
+  "toolCount": 70,
   "license": "MIT",
   "latestRelease": null
 };
diff --git a/web/lib/github.ts b/web/lib/github.ts
index aeafe692..380c0004 100644
--- a/web/lib/github.ts
+++ b/web/lib/github.ts
@@ -2,7 +2,7 @@ import type { FeedItem, RepoStats } from "./types";
 
 const REPO = process.env.GITHUB_REPO ?? "Hmbown/CodeWhale";
 const GH = "https://api.github.com";
-const MIN_KNOWN_CONTRIBUTORS = 98;
+const MIN_KNOWN_CONTRIBUTORS = 99;
 
 function headers(token?: string): HeadersInit {
   const h: Record<string, string> = {
diff --git a/web/lib/roadmap-feed.ts b/web/lib/roadmap-feed.ts
index 102f1037..48edda44 100644
--- a/web/lib/roadmap-feed.ts
+++ b/web/lib/roadmap-feed.ts
@@ -55,6 +55,20 @@ async function gh<T>(url: string, ghToken?: string): Promise<T | null> {
 interface GhRelease { tag_name: string; name: string | null; body: string | null; html_url: string; prerelease: boolean; draft: boolean }
 interface GhIssue { number: number; title: string; html_url: string; body: string | null; state: string; pull_request?: unknown }
 
+const FALLBACK_SHIPPED: RoadmapItem[] = [
+  {
+    title: "v0.8.45",
+    note: "Moonshot/Kimi OAuth, provider-surface sync, and current Windows install/runtime guidance",
+    href: "https://github.com/Hmbown/CodeWhale/releases/tag/v0.8.45",
+  },
+];
+
+function withPinnedShipped(items: RoadmapItem[]): RoadmapItem[] {
+  const seen = new Set(items.map((item) => item.title));
+  const pinned = FALLBACK_SHIPPED.filter((item) => !seen.has(item.title));
+  return [...pinned, ...items];
+}
+
 function summarizeReleaseBody(body: string | null): string {
   if (!body) return "";
   // First non-empty line, stripped of markdown headers / bullets / links
@@ -100,17 +114,19 @@ export async function fetchRoadmap(ghToken?: string): Promise<RoadmapFeed> {
     fetchByLabel("roadmap:ruled-out", ghToken, "all"),
   ]);
 
-  const shipped: RoadmapItem[] = (releases ?? [])
+  const shipped: RoadmapItem[] = releases
+    ? releases
     .filter((r) => !r.draft)
     .map((r) => ({
       title: r.name?.trim() || r.tag_name,
       note: summarizeReleaseBody(r.body) || r.tag_name,
       href: r.html_url,
-    }));
+    }))
+    : FALLBACK_SHIPPED;
 
   return {
     generatedAt: new Date().toISOString(),
-    shipped,
+    shipped: withPinnedShipped(shipped),
     underway,
     considered,
     ruledOut,
@@ -121,7 +137,10 @@ export async function getCachedRoadmap(kv: KVNamespace | undefined, ghToken: str
   try {
     if (kv) {
       const cached = await kv.get(KV_KEY);
-      if (cached) return JSON.parse(cached) as RoadmapFeed;
+      if (cached) {
+        const parsed = JSON.parse(cached) as RoadmapFeed;
+        return { ...parsed, shipped: withPinnedShipped(parsed.shipped ?? []) };
+      }
     }
     const fresh = await fetchRoadmap(ghToken);
     if (kv) {
diff --git a/web/scripts/derive-facts.mjs b/web/scripts/derive-facts.mjs
index 76b31f2d..b1e7830d 100644
--- a/web/scripts/derive-facts.mjs
+++ b/web/scripts/derive-facts.mjs
@@ -46,10 +46,10 @@ function deriveSandboxBackends() {
   const files = readdirSync(dir)
     .filter((f) => f.endsWith(".rs"))
     .map((f) => f.replace(/\.rs$/, ""))
-    .filter((f) => !["mod", "policy", "backend", "opensandbox"].includes(f))
+    .filter((f) => !["mod", "policy", "backend", "opensandbox", "windows"].includes(f))
     .sort();
   // canonicalize platform names
-  const map = { seatbelt: "seatbelt (macOS)", landlock: "landlock (Linux)", windows: "AppContainer / restricted tokens (Windows)" };
+  const map = { seatbelt: "seatbelt (macOS)", landlock: "landlock (Linux)" };
   return files.map((f) => map[f] ?? f);
 }
 
@@ -66,12 +66,15 @@ function deriveProviders() {
   // shared ProviderKind, so we exclude it until that lands. Issue #1104.
   const labelMap = {
     Deepseek: { id: "deepseek", label: "DeepSeek", env: "DEEPSEEK_API_KEY" },
-    NvidiaNim: { id: "nvidia-nim", label: "NVIDIA NIM", env: "NVIDIA_API_KEY" },
-    Openai: { id: "openai", label: "OpenAI", env: "OPENAI_API_KEY" },
+    NvidiaNim: { id: "nvidia-nim", label: "NVIDIA NIM", env: "NVIDIA_API_KEY / NVIDIA_NIM_API_KEY" },
+    Openai: { id: "openai", label: "OpenAI-compatible", env: "OPENAI_API_KEY" },
+    Atlascloud: { id: "atlascloud", label: "AtlasCloud", env: "ATLASCLOUD_API_KEY" },
+    WanjieArk: { id: "wanjie-ark", label: "Wanjie Ark", env: "WANJIE_ARK_API_KEY / WANJIE_API_KEY / WANJIE_MAAS_API_KEY" },
     Openrouter: { id: "openrouter", label: "OpenRouter", env: "OPENROUTER_API_KEY" },
-    Novita: { id: "novita", label: "Novita", env: "NOVITA_API_KEY" },
-    Fireworks: { id: "fireworks", label: "Fireworks", env: "FIREWORKS_API_KEY" },
-    Sglang: { id: "sglang", label: "sglang", env: "SGLANG_API_KEY" },
+    Novita: { id: "novita", label: "Novita AI", env: "NOVITA_API_KEY" },
+    Fireworks: { id: "fireworks", label: "Fireworks AI", env: "FIREWORKS_API_KEY" },
+    Moonshot: { id: "moonshot", label: "Moonshot/Kimi", env: "MOONSHOT_API_KEY / KIMI_API_KEY" },
+    Sglang: { id: "sglang", label: "SGLang", env: "SGLANG_API_KEY" },
     Vllm: { id: "vllm", label: "vLLM", env: "VLLM_API_KEY" },
     Ollama: { id: "ollama", label: "Ollama", env: "OLLAMA_API_KEY" },
   };

From 0628adab38f1a0515ebb6306ab9b5a1c9171136d Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Tue, 26 May 2026 03:47:42 +0000
Subject: [PATCH 019/283] test: add table-driven env-forwarding regression test
 for all providers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Covers Openrouter, Novita, NvidiaNim, Fireworks, Sglang, Vllm, Ollama,
Atlascloud, and WanjieArk — the providers that were silently expanded
by the generic provider_env_vars loop but had no test coverage beyond
the existing Moonshot and OpenAI cases.

Co-Authored-By: bot_apk <apk@cognition.ai>
---
 crates/cli/src/lib.rs | 78 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)

diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 18cc93d8..18f2c076 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -2732,6 +2732,84 @@ mod tests {
         );
     }
 
+    #[test]
+    fn build_tui_command_forwards_provider_env_vars_for_all_providers() {
+        let _lock = env_lock();
+        let dir = tempfile::TempDir::new().expect("tempdir");
+        let custom = dir
+            .path()
+            .join(format!("custom-tui{}", std::env::consts::EXE_SUFFIX));
+        std::fs::write(&custom, b"").unwrap();
+        let custom_str = custom.to_string_lossy().into_owned();
+        let _bin = ScopedEnvVar::set("DEEPSEEK_TUI_BIN", &custom_str);
+
+        // (provider, cli flag, extra env vars that must be forwarded besides DEEPSEEK_API_KEY)
+        let cases: &[(ProviderKind, &str, &[&str])] = &[
+            (ProviderKind::Openrouter, "openrouter", &["OPENROUTER_API_KEY"]),
+            (ProviderKind::Novita, "novita", &["NOVITA_API_KEY"]),
+            (
+                ProviderKind::NvidiaNim,
+                "nvidia-nim",
+                &["NVIDIA_API_KEY", "NVIDIA_NIM_API_KEY"],
+            ),
+            (ProviderKind::Fireworks, "fireworks", &["FIREWORKS_API_KEY"]),
+            (ProviderKind::Sglang, "sglang", &["SGLANG_API_KEY"]),
+            (ProviderKind::Vllm, "vllm", &["VLLM_API_KEY"]),
+            (ProviderKind::Ollama, "ollama", &["OLLAMA_API_KEY"]),
+            (
+                ProviderKind::Atlascloud,
+                "atlascloud",
+                &["ATLASCLOUD_API_KEY"],
+            ),
+            (
+                ProviderKind::WanjieArk,
+                "wanjie-ark",
+                &["WANJIE_ARK_API_KEY", "WANJIE_API_KEY", "WANJIE_MAAS_API_KEY"],
+            ),
+        ];
+
+        for &(provider, flag, expected_vars) in cases {
+            let cli = parse_ok(&[
+                "codewhale",
+                "--provider",
+                flag,
+                "--workspace",
+                "/tmp/codewhale-workspace",
+            ]);
+            let resolved = ResolvedRuntimeOptions {
+                provider,
+                model: "test-model".to_string(),
+                api_key: Some("test-key".to_string()),
+                api_key_source: Some(RuntimeApiKeySource::Env),
+                base_url: "http://localhost:8000/v1".to_string(),
+                auth_mode: Some("api_key".to_string()),
+                output_mode: None,
+                log_level: None,
+                telemetry: false,
+                approval_policy: None,
+                sandbox_mode: None,
+                yolo: None,
+                http_headers: std::collections::BTreeMap::new(),
+            };
+
+            let cmd = build_tui_command(&cli, &resolved, Vec::new())
+                .unwrap_or_else(|e| panic!("{flag}: {e}"));
+
+            assert_eq!(
+                command_env(&cmd, "DEEPSEEK_API_KEY").as_deref(),
+                Some("test-key"),
+                "{flag}: DEEPSEEK_API_KEY not forwarded"
+            );
+            for var in expected_vars {
+                assert_eq!(
+                    command_env(&cmd, var).as_deref(),
+                    Some("test-key"),
+                    "{flag}: {var} not forwarded"
+                );
+            }
+        }
+    }
+
     #[test]
     fn parses_top_level_prompt_flag_for_canonical_one_shot() {
         let cli = parse_ok(&["deepseek", "-p", "Reply with exactly OK."]);

From c4e91446affcfe6f3df47132bb5fa57de1923aa8 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 23:07:12 -0500
Subject: [PATCH 020/283] test(cli): format provider env regression cases

---
 crates/cli/src/lib.rs | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 18f2c076..3eaeb3c0 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -2745,7 +2745,11 @@ mod tests {
 
         // (provider, cli flag, extra env vars that must be forwarded besides DEEPSEEK_API_KEY)
         let cases: &[(ProviderKind, &str, &[&str])] = &[
-            (ProviderKind::Openrouter, "openrouter", &["OPENROUTER_API_KEY"]),
+            (
+                ProviderKind::Openrouter,
+                "openrouter",
+                &["OPENROUTER_API_KEY"],
+            ),
             (ProviderKind::Novita, "novita", &["NOVITA_API_KEY"]),
             (
                 ProviderKind::NvidiaNim,
@@ -2764,7 +2768,11 @@ mod tests {
             (
                 ProviderKind::WanjieArk,
                 "wanjie-ark",
-                &["WANJIE_ARK_API_KEY", "WANJIE_API_KEY", "WANJIE_MAAS_API_KEY"],
+                &[
+                    "WANJIE_ARK_API_KEY",
+                    "WANJIE_API_KEY",
+                    "WANJIE_MAAS_API_KEY",
+                ],
             ),
         ];
 

From ab38635f782c48104635d018a50a163a38065efb Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Mon, 25 May 2026 23:39:34 -0500
Subject: [PATCH 021/283] fix(kimi): support API-key setup for Kimi Code

---
 CHANGELOG.md                      |  12 ++-
 README.md                         |  26 ++++---
 crates/config/src/lib.rs          | 122 +++++++++++++++++++++++++++++-
 crates/tui/CHANGELOG.md           |  12 ++-
 crates/tui/src/config.rs          |  64 ++++++++++++++--
 web/app/[locale]/docs/page.tsx    |  10 +++
 web/app/[locale]/faq/page.tsx     |   4 +-
 web/app/[locale]/roadmap/page.tsx |   4 +-
 web/lib/facts.ts                  |   4 +
 web/lib/kv.ts                     |  24 ++++--
 web/lib/roadmap-feed.ts           |   2 +-
 11 files changed, 248 insertions(+), 36 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f21e957..2d0f05ae 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- **Kimi Code API-key setup.** `codewhale config set providers.moonshot.*`
+  now writes the Moonshot/Kimi provider table, and Kimi Code API-key
+  endpoints default to `kimi-for-coding` without using the Kimi CLI OAuth path.
+
 ## [0.8.45] - 2026-05-25
 
 ### Added
@@ -17,9 +23,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Command palette voice input.** The command palette can launch a configured
   speech-to-text helper and show footer status while transcription runs
   (#2047).
-- **Moonshot/Kimi OAuth provider.** Moonshot/Kimi is now a first-class
-  provider, including Kimi CLI OAuth reuse, secure refresh writes, model
-  completion, CLI auth, and secret-store integration.
+- **Moonshot/Kimi provider.** Moonshot/Kimi is now a first-class provider,
+  including API-key auth, model completion, CLI auth, secret-store
+  integration, and optional Kimi CLI credential reuse.
 - **Deterministic whale-species sub-agent names.** Sub-agents now get stable,
   human-readable whale-species nicknames (e.g. "Beluga", "Orca") while
   preserving the raw agent ID in the popup (#2035, #2016).
diff --git a/README.md b/README.md
index d1dd66a1..450ca64d 100644
--- a/README.md
+++ b/README.md
@@ -314,15 +314,23 @@ codewhale --provider novita --model deepseek/deepseek-v4-pro
 codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"
 codewhale --provider fireworks --model deepseek-v4-pro
 
-# Moonshot/Kimi
-codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"
-codewhale --provider moonshot --model kimi-k2.6
+# Kimi Code plan API key
+codewhale auth set --provider moonshot --api-key "YOUR_KIMI_CODE_API_KEY"
+codewhale config set providers.moonshot.auth_mode api_key
+codewhale config set providers.moonshot.base_url https://api.kimi.com/coding/v1
+codewhale config set providers.moonshot.model kimi-for-coding
+codewhale --provider moonshot
 
-# Moonshot/Kimi with Kimi CLI OAuth
-kimi login
-mkdir -p ~/.deepseek
-printf 'provider = "moonshot"\n\n[providers.moonshot]\nauth_mode = "kimi_oauth"\n' >> ~/.deepseek/config.toml
-codewhale --provider moonshot --model kimi-for-coding
+# Kimi/Moonshot Platform API key
+codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"
+codewhale config set providers.moonshot.auth_mode api_key
+codewhale config set providers.moonshot.base_url https://api.moonshot.ai/v1
+codewhale config set providers.moonshot.model kimi-k2.6
+codewhale --provider moonshot
+
+# Kimi through OpenRouter's catalog
+codewhale auth set --provider openrouter --api-key "YOUR_OPENROUTER_API_KEY"
+codewhale --provider openrouter --model moonshotai/kimi-k2.6
 
 # Self-hosted SGLang
 SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model deepseek-v4-flash
@@ -512,7 +520,7 @@ Key environment variables:
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | Generic OpenAI-compatible endpoint and model ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud endpoint and model override |
 | `WANJIE_ARK_BASE_URL` / `WANJIE_BASE_URL` / `WANJIE_MAAS_BASE_URL` / `WANJIE_ARK_MODEL` / `WANJIE_MODEL` / `WANJIE_MAAS_MODEL` | Wanjie Ark endpoint and model override |
-| `MOONSHOT_BASE_URL` / `KIMI_BASE_URL` / `MOONSHOT_MODEL` / `KIMI_MODEL_NAME` / `KIMI_MODEL` | Moonshot/Kimi endpoint and model override |
+| `MOONSHOT_BASE_URL` / `KIMI_BASE_URL` / `MOONSHOT_MODEL` / `KIMI_MODEL_NAME` / `KIMI_MODEL` | Moonshot/Kimi endpoint and model override. For a Kimi Code plan API key, use `KIMI_BASE_URL=https://api.kimi.com/coding/v1` and `KIMI_MODEL=kimi-for-coding`. |
 | `OPENROUTER_BASE_URL` | OpenRouter endpoint override |
 | `NOVITA_BASE_URL` | Novita endpoint override |
 | `FIREWORKS_BASE_URL` | Fireworks endpoint override |
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index 576de517..d9d72864 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -462,6 +462,13 @@ impl ConfigToml {
             "providers.fireworks.http_headers" => {
                 serialize_http_headers(&self.providers.fireworks.http_headers)
             }
+            "providers.moonshot.api_key" => self.providers.moonshot.api_key.clone(),
+            "providers.moonshot.base_url" => self.providers.moonshot.base_url.clone(),
+            "providers.moonshot.model" => self.providers.moonshot.model.clone(),
+            "providers.moonshot.auth_mode" => self.providers.moonshot.auth_mode.clone(),
+            "providers.moonshot.http_headers" => {
+                serialize_http_headers(&self.providers.moonshot.http_headers)
+            }
             "providers.sglang.api_key" => self.providers.sglang.api_key.clone(),
             "providers.sglang.base_url" => self.providers.sglang.base_url.clone(),
             "providers.sglang.model" => self.providers.sglang.model.clone(),
@@ -612,6 +619,21 @@ impl ConfigToml {
             "providers.fireworks.http_headers" => {
                 self.providers.fireworks.http_headers = parse_http_headers(value)?;
             }
+            "providers.moonshot.api_key" => {
+                self.providers.moonshot.api_key = Some(value.to_string());
+            }
+            "providers.moonshot.base_url" => {
+                self.providers.moonshot.base_url = Some(value.to_string());
+            }
+            "providers.moonshot.model" => {
+                self.providers.moonshot.model = Some(value.to_string());
+            }
+            "providers.moonshot.auth_mode" => {
+                self.providers.moonshot.auth_mode = Some(value.to_string());
+            }
+            "providers.moonshot.http_headers" => {
+                self.providers.moonshot.http_headers = parse_http_headers(value)?;
+            }
             "providers.sglang.api_key" => {
                 self.providers.sglang.api_key = Some(value.to_string());
             }
@@ -716,6 +738,11 @@ impl ConfigToml {
             "providers.fireworks.base_url" => self.providers.fireworks.base_url = None,
             "providers.fireworks.model" => self.providers.fireworks.model = None,
             "providers.fireworks.http_headers" => self.providers.fireworks.http_headers.clear(),
+            "providers.moonshot.api_key" => self.providers.moonshot.api_key = None,
+            "providers.moonshot.base_url" => self.providers.moonshot.base_url = None,
+            "providers.moonshot.model" => self.providers.moonshot.model = None,
+            "providers.moonshot.auth_mode" => self.providers.moonshot.auth_mode = None,
+            "providers.moonshot.http_headers" => self.providers.moonshot.http_headers.clear(),
             "providers.sglang.api_key" => self.providers.sglang.api_key = None,
             "providers.sglang.base_url" => self.providers.sglang.base_url = None,
             "providers.sglang.model" => self.providers.sglang.model = None,
@@ -869,6 +896,21 @@ impl ConfigToml {
         if let Some(v) = serialize_http_headers(&self.providers.fireworks.http_headers) {
             out.insert("providers.fireworks.http_headers".to_string(), v);
         }
+        if let Some(v) = self.providers.moonshot.api_key.as_ref() {
+            out.insert("providers.moonshot.api_key".to_string(), redact_secret(v));
+        }
+        if let Some(v) = self.providers.moonshot.base_url.as_ref() {
+            out.insert("providers.moonshot.base_url".to_string(), v.clone());
+        }
+        if let Some(v) = self.providers.moonshot.model.as_ref() {
+            out.insert("providers.moonshot.model".to_string(), v.clone());
+        }
+        if let Some(v) = self.providers.moonshot.auth_mode.as_ref() {
+            out.insert("providers.moonshot.auth_mode".to_string(), v.clone());
+        }
+        if let Some(v) = serialize_http_headers(&self.providers.moonshot.http_headers) {
+            out.insert("providers.moonshot.http_headers".to_string(), v);
+        }
         if let Some(v) = self.providers.sglang.api_key.as_ref() {
             out.insert("providers.sglang.api_key".to_string(), redact_secret(v));
         }
@@ -1028,7 +1070,8 @@ impl ConfigToml {
             .or_else(|| self.model.clone())
             .unwrap_or_else(|| {
                 if provider == ProviderKind::Moonshot
-                    && auth_mode.as_deref().is_some_and(auth_mode_uses_kimi_oauth)
+                    && (auth_mode.as_deref().is_some_and(auth_mode_uses_kimi_oauth)
+                        || moonshot_base_url_uses_kimi_code(&base_url))
                 {
                     DEFAULT_KIMI_CODE_MODEL.to_string()
                 } else {
@@ -1257,6 +1300,13 @@ fn default_base_url_for_provider(provider: ProviderKind) -> &'static str {
     }
 }
 
+fn moonshot_base_url_uses_kimi_code(base_url: &str) -> bool {
+    let normalized = base_url.trim_end_matches('/').to_ascii_lowercase();
+    normalized == DEFAULT_KIMI_CODE_BASE_URL
+        || normalized == "https://api.kimi.com/coding"
+        || normalized.starts_with("https://api.kimi.com/coding/")
+}
+
 fn base_url_is_custom_for_provider(provider: ProviderKind, base_url: &str) -> bool {
     let actual = base_url.trim_end_matches('/');
     let default = default_base_url_for_provider(provider).trim_end_matches('/');
@@ -2358,6 +2408,52 @@ mod tests {
         );
     }
 
+    #[test]
+    fn moonshot_provider_config_values_round_trip() -> Result<()> {
+        let mut config = ConfigToml::default();
+
+        config.set_value("providers.moonshot.api_key", "moonshot-secret-value")?;
+        config.set_value("providers.moonshot.base_url", DEFAULT_KIMI_CODE_BASE_URL)?;
+        config.set_value("providers.moonshot.model", DEFAULT_KIMI_CODE_MODEL)?;
+        config.set_value("providers.moonshot.auth_mode", "api_key")?;
+        config.set_value("providers.moonshot.http_headers", "X-Test=ok")?;
+
+        assert_eq!(
+            config
+                .get_display_value("providers.moonshot.api_key")
+                .as_deref(),
+            Some("moon***alue")
+        );
+        assert_eq!(
+            config.get_value("providers.moonshot.base_url").as_deref(),
+            Some(DEFAULT_KIMI_CODE_BASE_URL)
+        );
+        assert_eq!(
+            config.get_value("providers.moonshot.model").as_deref(),
+            Some(DEFAULT_KIMI_CODE_MODEL)
+        );
+        assert_eq!(
+            config.get_value("providers.moonshot.auth_mode").as_deref(),
+            Some("api_key")
+        );
+        assert_eq!(
+            config
+                .list_values()
+                .get("providers.moonshot.api_key")
+                .map(String::as_str),
+            Some("moon***alue")
+        );
+
+        config.unset_value("providers.moonshot.auth_mode")?;
+        config.unset_value("providers.moonshot.base_url")?;
+        config.unset_value("providers.moonshot.model")?;
+
+        assert_eq!(config.get_value("providers.moonshot.auth_mode"), None);
+        assert_eq!(config.get_value("providers.moonshot.base_url"), None);
+        assert_eq!(config.get_value("providers.moonshot.model"), None);
+        Ok(())
+    }
+
     #[test]
     fn project_merge_denies_credentials_endpoints_and_provider_selection() {
         let mut base = ConfigToml {
@@ -2637,6 +2733,30 @@ mod tests {
         assert_eq!(resolved.api_key_source, None);
     }
 
+    #[test]
+    fn moonshot_kimi_code_api_key_endpoint_defaults_to_kimi_for_coding() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        let mut config = ConfigToml {
+            provider: ProviderKind::Moonshot,
+            ..ConfigToml::default()
+        };
+        config.providers.moonshot.api_key = Some("kimi-code-key".to_string());
+        config.providers.moonshot.base_url = Some(DEFAULT_KIMI_CODE_BASE_URL.to_string());
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+        assert_eq!(resolved.auth_mode, None);
+        assert_eq!(resolved.base_url, DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(resolved.model, DEFAULT_KIMI_CODE_MODEL);
+        assert_eq!(resolved.api_key.as_deref(), Some("kimi-code-key"));
+        assert_eq!(
+            resolved.api_key_source,
+            Some(RuntimeApiKeySource::ConfigFile)
+        );
+    }
+
     #[test]
     fn wanjie_ark_provider_defaults_to_openai_compatible_endpoint_and_model() {
         let _lock = env_lock();
diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md
index 7f21e957..2d0f05ae 100644
--- a/crates/tui/CHANGELOG.md
+++ b/crates/tui/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- **Kimi Code API-key setup.** `codewhale config set providers.moonshot.*`
+  now writes the Moonshot/Kimi provider table, and Kimi Code API-key
+  endpoints default to `kimi-for-coding` without using the Kimi CLI OAuth path.
+
 ## [0.8.45] - 2026-05-25
 
 ### Added
@@ -17,9 +23,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Command palette voice input.** The command palette can launch a configured
   speech-to-text helper and show footer status while transcription runs
   (#2047).
-- **Moonshot/Kimi OAuth provider.** Moonshot/Kimi is now a first-class
-  provider, including Kimi CLI OAuth reuse, secure refresh writes, model
-  completion, CLI auth, and secret-store integration.
+- **Moonshot/Kimi provider.** Moonshot/Kimi is now a first-class provider,
+  including API-key auth, model completion, CLI auth, secret-store
+  integration, and optional Kimi CLI credential reuse.
 - **Deterministic whale-species sub-agent names.** Sub-agents now get stable,
   human-readable whale-species nicknames (e.g. "Beluga", "Orca") while
   preserving the raw agent ID in the popup (#2035, #2016).
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index ce15b29e..78975ee3 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -1570,11 +1570,17 @@ impl Config {
         {
             return model_for_provider(provider, normalized);
         }
-        if provider == ApiProvider::Moonshot
-            && self
-                .provider_config()
-                .is_some_and(provider_config_uses_kimi_oauth)
-        {
+        let moonshot_config = (provider == ApiProvider::Moonshot)
+            .then(|| self.provider_config())
+            .flatten();
+        let moonshot_uses_kimi_code = moonshot_config.is_some_and(|config| {
+            provider_config_uses_kimi_oauth(config)
+                || config
+                    .base_url
+                    .as_deref()
+                    .is_some_and(moonshot_base_url_uses_kimi_code)
+        });
+        if moonshot_uses_kimi_code {
             return DEFAULT_KIMI_CODE_MODEL.to_string();
         }
 
@@ -1771,8 +1777,9 @@ impl Config {
             ),
             ApiProvider::Moonshot => anyhow::bail!(
                 "Moonshot/Kimi API key not found. Run 'codewhale auth set --provider moonshot', \
-                 set MOONSHOT_API_KEY/KIMI_API_KEY, add [providers.moonshot] api_key, \
-                 or run `kimi login` and set [providers.moonshot] auth_mode = \"kimi_oauth\"."
+                 set MOONSHOT_API_KEY/KIMI_API_KEY, or add [providers.moonshot] api_key. \
+                 For a Kimi Code plan key, set [providers.moonshot] base_url = \
+                 \"https://api.kimi.com/coding/v1\" and model = \"kimi-for-coding\"."
             ),
             // Self-hosted deployments commonly run without auth on localhost.
             // Return an empty key and let the client omit the Authorization header.
@@ -2880,6 +2887,13 @@ fn provider_preserves_custom_base_url_model(provider: ApiProvider, base_url: &st
     base_url_is_custom_for_provider(provider, base_url)
 }
 
+fn moonshot_base_url_uses_kimi_code(base_url: &str) -> bool {
+    let normalized = normalize_base_url(base_url).to_ascii_lowercase();
+    normalized == DEFAULT_KIMI_CODE_BASE_URL
+        || normalized == "https://api.kimi.com/coding"
+        || normalized.starts_with("https://api.kimi.com/coding/")
+}
+
 fn provider_config_uses_kimi_oauth(config: &ProviderConfig) -> bool {
     config
         .auth_mode
@@ -6434,6 +6448,42 @@ api_key = "stale-api-key"
         Ok(())
     }
 
+    #[test]
+    fn moonshot_kimi_code_api_key_uses_coding_model() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-kimi-code-key-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        let config_path = temp_root.join(".deepseek").join("config.toml");
+        ensure_parent_dir(&config_path)?;
+        fs::write(
+            &config_path,
+            r#"provider = "moonshot"
+
+[providers.moonshot]
+api_key = "kimi-code-key"
+base_url = "https://api.kimi.com/coding/v1"
+"#,
+        )?;
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::Moonshot);
+        assert_eq!(config.deepseek_base_url(), DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(config.default_model(), DEFAULT_KIMI_CODE_MODEL);
+        assert_eq!(config.deepseek_api_key()?, "kimi-code-key");
+        assert!(has_api_key_for(&config, ApiProvider::Moonshot));
+        Ok(())
+    }
+
     #[test]
     fn has_api_key_for_detects_env_and_config_per_provider() -> Result<()> {
         let _lock = lock_test_env();
diff --git a/web/app/[locale]/docs/page.tsx b/web/app/[locale]/docs/page.tsx
index 78be0f71..5a639add 100644
--- a/web/app/[locale]/docs/page.tsx
+++ b/web/app/[locale]/docs/page.tsx
@@ -267,6 +267,11 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                 <p className="mt-5 text-ink-soft leading-[1.9] tracking-wide">
                   开放模型平台方向：CodeWhale 保持 DeepSeek 优先，同时内置 Moonshot/Kimi、OpenRouter、NVIDIA NIM、
                   AtlasCloud、Wanjie Ark、Novita、Fireworks 和自托管 SGLang/vLLM/Ollama 路径。
+                  Kimi Code 会员 API Key 使用 <code className="inline">providers.moonshot.base_url</code>
+                  指向 <code className="inline">https://api.kimi.com/coding/v1</code>，模型为
+                  <code className="inline">kimi-for-coding</code>；Kimi/Moonshot 平台 API Key 继续使用
+                  <code className="inline">https://api.moonshot.ai/v1</code> 和
+                  <code className="inline">kimi-k2.6</code>。
                 </p>
               </section>
 
@@ -515,6 +520,11 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                   Open-model platform direction: CodeWhale stays DeepSeek-first while shipping Moonshot/Kimi,
                   OpenRouter, NVIDIA NIM, AtlasCloud, Wanjie Ark, Novita, Fireworks, and self-hosted
                   SGLang/vLLM/Ollama paths.
+                  Kimi Code membership API keys use <code className="inline">providers.moonshot.base_url</code>
+                  set to <code className="inline">https://api.kimi.com/coding/v1</code> with
+                  <code className="inline">kimi-for-coding</code>; Kimi/Moonshot Platform API keys use
+                  <code className="inline">https://api.moonshot.ai/v1</code> with
+                  <code className="inline">kimi-k2.6</code>.
                 </p>
               </section>
 
diff --git a/web/app/[locale]/faq/page.tsx b/web/app/[locale]/faq/page.tsx
index ec5f7dcd..2d9db748 100644
--- a/web/app/[locale]/faq/page.tsx
+++ b/web/app/[locale]/faq/page.tsx
@@ -112,7 +112,7 @@ codewhale doctor         # full connectivity check`}
         <p className="mb-2">CodeWhale ships with these built-in providers:</p>
         <ul className="list-disc pl-5 space-y-1 text-sm text-ink-soft mb-3">
           <li><strong>DeepSeek</strong> — first-class, native API. Reasoning streaming, cache metrics, thinking effort control.</li>
-          <li><strong>Moonshot/Kimi</strong> — Kimi API key mode or local Kimi CLI OAuth reuse.</li>
+          <li><strong>Moonshot/Kimi</strong> — Kimi Code and Kimi/Moonshot Platform API-key modes.</li>
           <li><strong>OpenRouter</strong> — unified API for DeepSeek models and more.</li>
           <li><strong>OpenAI-compatible</strong>, <strong>NVIDIA NIM</strong>, <strong>AtlasCloud</strong>, <strong>Wanjie Ark</strong>, <strong>Novita</strong>, <strong>Fireworks</strong>, <strong>SGLang</strong>, <strong>vLLM</strong>, <strong>Ollama</strong></li>
         </ul>
@@ -425,7 +425,7 @@ codewhale doctor         # 完整连接检查`}
         <p className="mb-2">CodeWhale 内建以下提供商：</p>
         <ul className="list-disc pl-5 space-y-1 text-sm text-ink-soft mb-3">
           <li><strong>DeepSeek</strong> — 一级支持，原生 API。推理流、缓存指标、思考力度控制。</li>
-          <li><strong>Moonshot/Kimi</strong> — Kimi API key 模式或复用本地 Kimi CLI OAuth。</li>
+          <li><strong>Moonshot/Kimi</strong> — Kimi Code 与 Kimi/Moonshot 平台 API key 模式。</li>
           <li><strong>OpenRouter</strong> — 统一 API，可访问 DeepSeek 等模型。</li>
           <li><strong>OpenAI 兼容</strong>、<strong>NVIDIA NIM</strong>、<strong>AtlasCloud</strong>、<strong>Wanjie Ark</strong>、<strong>Novita</strong>、<strong>Fireworks</strong>、<strong>SGLang</strong>、<strong>vLLM</strong>、<strong>Ollama</strong></li>
         </ul>
diff --git a/web/app/[locale]/roadmap/page.tsx b/web/app/[locale]/roadmap/page.tsx
index 787ff0c6..3bcc5a46 100644
--- a/web/app/[locale]/roadmap/page.tsx
+++ b/web/app/[locale]/roadmap/page.tsx
@@ -31,7 +31,7 @@ const tracksEn = [
       { title: "Bidirectional MCP", note: "Consume tools from external servers; expose as server via `codewhale mcp`; ~/.deepseek/mcp.json" },
       { title: "Skills + unified slash palette", note: "~/.deepseek/skills/ auto-loading; /help, /mode, /status, /config, /trust, /feedback" },
       { title: "v0.8.45 provider surface", note: "DeepSeek, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, OpenRouter, Novita, Fireworks, Moonshot/Kimi, SGLang, vLLM, and Ollama" },
-      { title: "Moonshot/Kimi OAuth", note: "Kimi CLI OAuth reuse plus API-key mode for Moonshot/Kimi sessions" },
+      { title: "Moonshot/Kimi API-key setup", note: "Kimi Code plan and Kimi/Moonshot Platform API-key paths for Moonshot/Kimi sessions" },
     ],
   },
   {
@@ -97,7 +97,7 @@ const tracksZh = [
       { title: "双向 MCP 协议", note: "消费外部服务器工具；通过 `codewhale mcp` 暴露为服务器；~/.deepseek/mcp.json" },
       { title: "技能 + 统一命令面板", note: "~/.deepseek/skills/ 自动加载；/help、/mode、/status、/config、/trust、/feedback" },
       { title: "v0.8.45 提供商表面", note: "DeepSeek、NVIDIA NIM、OpenAI 兼容、AtlasCloud、Wanjie Ark、OpenRouter、Novita、Fireworks、Moonshot/Kimi、SGLang、vLLM、Ollama" },
-      { title: "Moonshot/Kimi OAuth", note: "复用 Kimi CLI OAuth，也支持 Moonshot/Kimi API key 模式" },
+      { title: "Moonshot/Kimi API-key 设置", note: "Kimi Code 会员与 Kimi/Moonshot 平台 API key 路径" },
     ],
   },
   {
diff --git a/web/lib/facts.ts b/web/lib/facts.ts
index 25ec174b..6e7514ce 100644
--- a/web/lib/facts.ts
+++ b/web/lib/facts.ts
@@ -11,6 +11,10 @@ interface KVNamespace {
 }
 
 async function getKv(): Promise<KVNamespace | undefined> {
+  if (process.env.NEXT_PHASE === "phase-production-build") {
+    return undefined;
+  }
+
   try {
     const mod = await import("@opennextjs/cloudflare");
     const ctx = await mod.getCloudflareContext({ async: true });
diff --git a/web/lib/kv.ts b/web/lib/kv.ts
index c6048b3a..f3a4bab6 100644
--- a/web/lib/kv.ts
+++ b/web/lib/kv.ts
@@ -23,20 +23,28 @@ interface CloudflareEnv {
   GITHUB_REPO?: string;
 }
 
+function envFromProcess(): CloudflareEnv {
+  return {
+    DEEPSEEK_API_KEY: process.env.DEEPSEEK_API_KEY,
+    DEEPSEEK_BASE_URL: process.env.DEEPSEEK_BASE_URL,
+    DEEPSEEK_MODEL: process.env.DEEPSEEK_MODEL,
+    GITHUB_TOKEN: process.env.GITHUB_TOKEN,
+    CRON_SECRET: process.env.CRON_SECRET,
+    GITHUB_REPO: process.env.GITHUB_REPO,
+  };
+}
+
 export async function getEnv(): Promise<CloudflareEnv> {
+  if (process.env.NEXT_PHASE === "phase-production-build") {
+    return envFromProcess();
+  }
+
   try {
     const mod = await import("@opennextjs/cloudflare");
     const ctx = await mod.getCloudflareContext({ async: true });
     return ctx.env as CloudflareEnv;
   } catch {
-    return {
-      DEEPSEEK_API_KEY: process.env.DEEPSEEK_API_KEY,
-      DEEPSEEK_BASE_URL: process.env.DEEPSEEK_BASE_URL,
-      DEEPSEEK_MODEL: process.env.DEEPSEEK_MODEL,
-      GITHUB_TOKEN: process.env.GITHUB_TOKEN,
-      CRON_SECRET: process.env.CRON_SECRET,
-      GITHUB_REPO: process.env.GITHUB_REPO,
-    };
+    return envFromProcess();
   }
 }
 
diff --git a/web/lib/roadmap-feed.ts b/web/lib/roadmap-feed.ts
index 48edda44..4c1e4606 100644
--- a/web/lib/roadmap-feed.ts
+++ b/web/lib/roadmap-feed.ts
@@ -58,7 +58,7 @@ interface GhIssue { number: number; title: string; html_url: string; body: strin
 const FALLBACK_SHIPPED: RoadmapItem[] = [
   {
     title: "v0.8.45",
-    note: "Moonshot/Kimi OAuth, provider-surface sync, and current Windows install/runtime guidance",
+    note: "Moonshot/Kimi provider support, API-key setup guidance, provider-surface sync, and current Windows install/runtime guidance",
     href: "https://github.com/Hmbown/CodeWhale/releases/tag/v0.8.45",
   },
 ];

From 6bc8363265a0041a72b79df00e521c25dd722986 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 12:40:10 +0800
Subject: [PATCH 022/283] feat: add SlopLedger for tracking unresolved
 architectural residue (#2127)

---
 crates/tui/src/commands/config.rs        |   41 +
 crates/tui/src/commands/mod.rs           |   10 +
 crates/tui/src/core/engine/tool_setup.rs |    3 +-
 crates/tui/src/main.rs                   |    1 +
 crates/tui/src/slop_ledger.rs            | 1086 ++++++++++++++++++++++
 crates/tui/src/tools/registry.rs         |   16 +
 6 files changed, 1156 insertions(+), 1 deletion(-)
 create mode 100644 crates/tui/src/slop_ledger.rs

diff --git a/crates/tui/src/commands/config.rs b/crates/tui/src/commands/config.rs
index 40ffe1dc..30c08c61 100644
--- a/crates/tui/src/commands/config.rs
+++ b/crates/tui/src/commands/config.rs
@@ -699,6 +699,47 @@ pub fn theme(app: &mut App, arg: Option<&str>) -> CommandResult {
     }
 }
 
+/// `/slop [query|export]` — inspect or export the slop ledger (#2127).
+/// With no arguments, prints a summary. `query` shows filtered results;
+/// `export` outputs the full ledger as Markdown.
+pub fn slop(_app: &mut App, arg: Option<&str>) -> CommandResult {
+    let arg = arg.map(str::trim).unwrap_or("");
+    let ledger = match crate::slop_ledger::SlopLedger::load() {
+        Ok(l) => l,
+        Err(e) => return CommandResult::error(format!("Failed to load slop ledger: {e}")),
+    };
+
+    match arg {
+        "" => CommandResult::message(ledger.summary()),
+        "query" | "q" => {
+            if ledger.is_empty() {
+                return CommandResult::message("Slop ledger is empty.");
+            }
+            let mut out = String::new();
+            for entry in &ledger.query(&Default::default()) {
+                use std::fmt::Write;
+                let _ = writeln!(
+                    out,
+                    "[{}] {} ({:?} | {:?}) — {}",
+                    &entry.id[..8],
+                    entry.bucket.as_str(),
+                    entry.severity,
+                    entry.status,
+                    entry.title
+                );
+            }
+            CommandResult::message(out)
+        }
+        "export" | "e" => {
+            let md = ledger.export_markdown(None, None);
+            CommandResult::message(md)
+        }
+        _ => CommandResult::error(format!(
+            "Unknown /slop action '{arg}'. Use /slop, /slop query, or /slop export."
+        )),
+    }
+}
+
 /// Manage workspace-level trust and the per-path allowlist.
 ///
 /// Subcommands:
diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index b1e9f3dd..e6afed10 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -540,6 +540,13 @@ pub const COMMANDS: &[CommandInfo] = &[
         usage: "/cache [count|inspect|warmup]",
         description_id: MessageId::CmdCacheDescription,
     },
+    // Slop Ledger (#2127)
+    CommandInfo {
+        name: "slop",
+        aliases: &["canzha"],
+        usage: "/slop [query|export]",
+        description_id: MessageId::CmdHelpDescription,
+    },
 ];
 
 /// Execute a slash command
@@ -614,6 +621,9 @@ pub fn execute(cmd: &str, app: &mut App) -> CommandResult {
         "balance" => balance::balance(app),
         "cache" => debug::cache(app, arg),
 
+        // Slop ledger (#2127)
+        "slop" | "canzha" => config::slop(app, arg),
+
         // ChangeLog command
         "change" => change::change(app, arg),
         "system" | "xitong" => debug::system_prompt(app),
diff --git a/crates/tui/src/core/engine/tool_setup.rs b/crates/tui/src/core/engine/tool_setup.rs
index 2354d6a8..2f2845b0 100644
--- a/crates/tui/src/core/engine/tool_setup.rs
+++ b/crates/tui/src/core/engine/tool_setup.rs
@@ -63,7 +63,8 @@ impl Engine {
             .with_review_tool(self.deepseek_client.clone(), self.session.model.clone())
             .with_user_input_tool()
             .with_parallel_tool()
-            .with_recall_archive_tool();
+            .with_recall_archive_tool()
+            .with_slop_ledger_tools();
 
         if mode != AppMode::Plan {
             builder = builder
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index be286978..ba082137 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -69,6 +69,7 @@ mod snapshot;
 mod task_manager;
 #[cfg(test)]
 mod test_support;
+mod slop_ledger;
 mod theme_qa_audit;
 mod tools;
 mod tui;
diff --git a/crates/tui/src/slop_ledger.rs b/crates/tui/src/slop_ledger.rs
new file mode 100644
index 00000000..4aca4509
--- /dev/null
+++ b/crates/tui/src/slop_ledger.rs
@@ -0,0 +1,1086 @@
+//! Slop Ledger — durable tracking of unresolved architectural residue.
+//!
+//! AI agents often leave behind invisible "slop" after a task:
+//! compatibility shims, unmigrated callers, duplicated concepts,
+//! naming drift, stale docs/tests, suspected dead code, and tool gaps.
+//!
+//! The Slop Ledger makes this residue **visible and queryable** so the
+//! next agent (or human) doesn't rediscover it, amplify it, or mistake
+//! it for intended architecture.
+//!
+//! ## Design
+//!
+//! - **Storage**: `~/.codewhale/slop_ledger.json` (a JSON array of entries).
+//! - **Schema**: each entry has a bucket, severity, confidence, owner,
+//!   source links, status, cleanup recommendation, and timestamps.
+//! - **Tools**: `slop_ledger_append`, `slop_ledger_query`,
+//!   `slop_ledger_update`, `slop_ledger_export`.
+//! - **Integration**: entries can link to durable tasks and threads;
+//!   the export path produces a redacted Markdown handoff suitable for
+//!   GitHub issues or compaction relays.
+
+use async_trait::async_trait;
+use serde::{Deserialize, Serialize};
+use serde_json::{Value, json};
+use std::fs;
+use std::io;
+use std::path::PathBuf;
+use uuid::Uuid;
+
+use crate::tools::spec::{
+    ApprovalRequirement, ToolCapability, ToolContext, ToolError, ToolResult, ToolSpec, required_str,
+};
+
+// ── Enums ──────────────────────────────────────────────────────────────────
+
+/// Classification bucket for a slop entry.
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum SlopBucket {
+    RetainedCompatibility,
+    UnmigratedCallers,
+    DuplicateConcepts,
+    NamingDrift,
+    StaleDocs,
+    StaleTests,
+    SuspectedDeadCode,
+    UnverifiedPublicBehavior,
+    ToolGaps,
+    AcceptedDebt,
+}
+
+impl SlopBucket {
+    pub fn as_str(self) -> &'static str {
+        match self {
+            Self::RetainedCompatibility => "retained_compatibility",
+            Self::UnmigratedCallers => "unmigrated_callers",
+            Self::DuplicateConcepts => "duplicate_concepts",
+            Self::NamingDrift => "naming_drift",
+            Self::StaleDocs => "stale_docs",
+            Self::StaleTests => "stale_tests",
+            Self::SuspectedDeadCode => "suspected_dead_code",
+            Self::UnverifiedPublicBehavior => "unverified_public_behavior",
+            Self::ToolGaps => "tool_gaps",
+            Self::AcceptedDebt => "accepted_debt",
+        }
+    }
+
+    pub fn from_str(s: &str) -> Option<Self> {
+        match s.trim().to_lowercase().as_str() {
+            "retained_compatibility" => Some(Self::RetainedCompatibility),
+            "unmigrated_callers" => Some(Self::UnmigratedCallers),
+            "duplicate_concepts" => Some(Self::DuplicateConcepts),
+            "naming_drift" => Some(Self::NamingDrift),
+            "stale_docs" => Some(Self::StaleDocs),
+            "stale_tests" => Some(Self::StaleTests),
+            "suspected_dead_code" => Some(Self::SuspectedDeadCode),
+            "unverified_public_behavior" => Some(Self::UnverifiedPublicBehavior),
+            "tool_gaps" => Some(Self::ToolGaps),
+            "accepted_debt" => Some(Self::AcceptedDebt),
+            _ => None,
+        }
+    }
+
+    pub fn all_buckets() -> &'static [SlopBucket] {
+        &[
+            Self::RetainedCompatibility,
+            Self::UnmigratedCallers,
+            Self::DuplicateConcepts,
+            Self::NamingDrift,
+            Self::StaleDocs,
+            Self::StaleTests,
+            Self::SuspectedDeadCode,
+            Self::UnverifiedPublicBehavior,
+            Self::ToolGaps,
+            Self::AcceptedDebt,
+        ]
+    }
+}
+
+/// Severity of the residue.
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum SlopSeverity {
+    Critical,
+    High,
+    Medium,
+    Low,
+    Info,
+}
+
+impl SlopSeverity {
+    pub fn from_str(s: &str) -> Option<Self> {
+        match s.trim().to_lowercase().as_str() {
+            "critical" => Some(Self::Critical),
+            "high" => Some(Self::High),
+            "medium" => Some(Self::Medium),
+            "low" => Some(Self::Low),
+            "info" => Some(Self::Info),
+            _ => None,
+        }
+    }
+}
+
+/// Confidence in the assessment.
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum SlopConfidence {
+    Certain,
+    High,
+    Medium,
+    Low,
+}
+
+impl SlopConfidence {
+    pub fn from_str(s: &str) -> Option<Self> {
+        match s.trim().to_lowercase().as_str() {
+            "certain" => Some(Self::Certain),
+            "high" => Some(Self::High),
+            "medium" => Some(Self::Medium),
+            "low" => Some(Self::Low),
+            _ => None,
+        }
+    }
+}
+
+/// Lifecycle status of a slop entry.
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum SlopEntryStatus {
+    Open,
+    InProgress,
+    Resolved,
+    Accepted,
+    WontFix,
+}
+
+impl SlopEntryStatus {
+    pub fn from_str(s: &str) -> Option<Self> {
+        match s.trim().to_lowercase().as_str() {
+            "open" => Some(Self::Open),
+            "in_progress" | "inprogress" => Some(Self::InProgress),
+            "resolved" | "done" => Some(Self::Resolved),
+            "accepted" => Some(Self::Accepted),
+            "wontfix" | "wont_fix" => Some(Self::WontFix),
+            _ => None,
+        }
+    }
+}
+
+// ── Core data structures ───────────────────────────────────────────────────
+
+/// A single slop ledger entry.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SlopEntry {
+    /// Unique identifier (UUID v4).
+    pub id: String,
+    /// Classification bucket.
+    pub bucket: SlopBucket,
+    /// How severe is this residue?
+    pub severity: SlopSeverity,
+    /// How confident is the assessment?
+    pub confidence: SlopConfidence,
+    /// Who owns cleaning this up (person, team, or "auto").
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub owner: Option<String>,
+    /// Source file paths, URLs, or line references.
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub source_links: Vec<String>,
+    /// Short title (one line).
+    pub title: String,
+    /// Detailed description.
+    pub description: String,
+    /// Current lifecycle status.
+    pub status: SlopEntryStatus,
+    /// Suggested cleanup action.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub cleanup_recommendation: Option<String>,
+    /// ISO 8601 creation timestamp.
+    pub created_at: String,
+    /// ISO 8601 last-updated timestamp.
+    pub updated_at: String,
+    /// Optional linked durable task id.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub task_id: Option<String>,
+    /// Optional linked thread id.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub thread_id: Option<String>,
+}
+
+impl SlopEntry {
+    pub fn new(
+        bucket: SlopBucket,
+        severity: SlopSeverity,
+        confidence: SlopConfidence,
+        title: String,
+        description: String,
+    ) -> Self {
+        let now = chrono::Utc::now().to_rfc3339();
+        Self {
+            id: Uuid::new_v4().to_string(),
+            bucket,
+            severity,
+            confidence,
+            owner: None,
+            source_links: Vec::new(),
+            title,
+            description,
+            status: SlopEntryStatus::Open,
+            cleanup_recommendation: None,
+            created_at: now.clone(),
+            updated_at: now,
+            task_id: None,
+            thread_id: None,
+        }
+    }
+}
+
+// ── Query filter ───────────────────────────────────────────────────────────
+
+/// Filter for querying ledger entries.
+#[derive(Debug, Clone, Default)]
+pub struct SlopLedgerFilter {
+    pub bucket: Option<SlopBucket>,
+    pub severity: Option<SlopSeverity>,
+    pub status: Option<SlopEntryStatus>,
+    pub search: Option<String>, // fuzzy match title + description
+    pub limit: Option<usize>,
+}
+
+// ── Ledger (collection + persistence) ──────────────────────────────────────
+
+/// The slop ledger — a collection of entries with JSON file persistence.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+pub struct SlopLedger {
+    entries: Vec<SlopEntry>,
+    #[serde(skip)]
+    ledger_path: PathBuf,
+}
+
+impl SlopLedger {
+    /// Resolve the default ledger path.
+    pub fn default_path() -> io::Result<PathBuf> {
+        codewhale_config::resolve_state_dir("slop_ledger")
+            .map(|p| p.join("slop_ledger.json"))
+            .map_err(|e| io::Error::new(io::ErrorKind::Other, e))
+    }
+
+    /// Load ledger from the default path, returning an empty ledger if the
+    /// file doesn't exist.
+    pub fn load() -> io::Result<Self> {
+        let path = Self::default_path()?;
+        Self::load_at(&path)
+    }
+
+    /// Load ledger from a specific path.
+    pub fn load_at(path: &std::path::Path) -> io::Result<Self> {
+        if !path.exists() {
+            return Ok(Self {
+                entries: Vec::new(),
+                ledger_path: path.to_path_buf(),
+            });
+        }
+        let data = fs::read_to_string(path)?;
+        let mut ledger: SlopLedger = serde_json::from_str(&data).unwrap_or_default();
+        ledger.ledger_path = path.to_path_buf();
+        Ok(ledger)
+    }
+
+    /// Persist the ledger to disk.
+    pub fn save(&self) -> io::Result<()> {
+        if let Some(parent) = self.ledger_path.parent() {
+            fs::create_dir_all(parent)?;
+        }
+        let data = serde_json::to_string_pretty(self).map_err(|e| {
+            io::Error::new(io::ErrorKind::Other, format!("serialization error: {e}"))
+        })?;
+        fs::write(&self.ledger_path, data)
+    }
+
+    /// Append one or more entries and save.
+    pub fn append(&mut self, entries: Vec<SlopEntry>) -> &[SlopEntry] {
+        let start = self.entries.len();
+        self.entries.extend(entries);
+        &self.entries[start..]
+    }
+
+    /// Return the total number of entries.
+    #[must_use]
+    pub fn len(&self) -> usize {
+        self.entries.len()
+    }
+
+    /// Whether the ledger is empty.
+    #[must_use]
+    pub fn is_empty(&self) -> bool {
+        self.entries.is_empty()
+    }
+
+    /// Query entries matching the filter.
+    pub fn query(&self, filter: &SlopLedgerFilter) -> Vec<&SlopEntry> {
+        let mut results: Vec<&SlopEntry> = self
+            .entries
+            .iter()
+            .filter(|e| {
+                if let Some(bucket) = &filter.bucket {
+                    if e.bucket != *bucket {
+                        return false;
+                    }
+                }
+                if let Some(severity) = &filter.severity {
+                    if e.severity != *severity {
+                        return false;
+                    }
+                }
+                if let Some(status) = &filter.status {
+                    if e.status != *status {
+                        return false;
+                    }
+                }
+                if let Some(search) = &filter.search {
+                    let q = search.to_lowercase();
+                    if !e.title.to_lowercase().contains(&q)
+                        && !e.description.to_lowercase().contains(&q)
+                    {
+                        return false;
+                    }
+                }
+                true
+            })
+            .collect();
+
+        if let Some(limit) = filter.limit {
+            results.truncate(limit);
+        }
+        results
+    }
+
+    /// Find an entry by id.
+    pub fn find_mut(&mut self, id: &str) -> Option<&mut SlopEntry> {
+        self.entries.iter_mut().find(|e| e.id == id)
+    }
+
+    /// Update an entry's status (and optionally other fields) and save.
+    pub fn update_status(
+        &mut self,
+        id: &str,
+        status: SlopEntryStatus,
+        cleanup_recommendation: Option<String>,
+    ) -> io::Result<Option<&SlopEntry>> {
+        let entry = match self.find_mut(id) {
+            Some(e) => e,
+            None => return Ok(None),
+        };
+        entry.status = status;
+        entry.updated_at = chrono::Utc::now().to_rfc3339();
+        if let Some(rec) = cleanup_recommendation {
+            entry.cleanup_recommendation = Some(rec);
+        }
+        self.save()?;
+        // Return a shared ref to the updated entry
+        Ok(self.entries.iter().find(|e| e.id == id))
+    }
+
+    /// Export all entries as a Markdown string suitable for handoff or
+    /// GitHub issue body.
+    pub fn export_markdown(&self, title: Option<&str>, filter: Option<&SlopLedgerFilter>) -> String {
+        let entries: Vec<&SlopEntry> = match filter {
+            Some(f) => self.query(f),
+            None => self.entries.iter().collect(),
+        };
+
+        let heading = title.unwrap_or("Slop Ledger Export");
+        let mut out = format!("# {heading}\n\n");
+        out.push_str(&format!(
+            "_Generated at {} — {} entries_\n\n",
+            chrono::Utc::now().format("%Y-%m-%d %H:%M UTC").to_string(),
+            entries.len()
+        ));
+
+        if entries.is_empty() {
+            out.push_str("_(no entries)_\n");
+            return out;
+        }
+
+        // Group by bucket
+        use std::collections::BTreeMap;
+        let mut by_bucket: BTreeMap<&str, Vec<&&SlopEntry>> = BTreeMap::new();
+        for e in &entries {
+            by_bucket.entry(e.bucket.as_str()).or_default().push(e);
+        }
+
+        for (bucket_name, bucket_entries) in &by_bucket {
+            out.push_str(&format!("## {bucket_name}\n\n"));
+            out.push_str("| ID | Severity | Confidence | Status | Title | Source |\n");
+            out.push_str("|---|---|---|---|---|---|\n");
+            for e in bucket_entries {
+                let source = e.source_links.first().map(|s| s.as_str()).unwrap_or("-");
+                let title = if e.title.len() > 60 {
+                    format!("{}…", &e.title[..57])
+                } else {
+                    e.title.clone()
+                };
+                out.push_str(&format!(
+                    "| {} | {:?} | {:?} | {:?} | {title} | {source} |\n",
+                    &e.id[..8],
+                    e.severity,
+                    e.confidence,
+                    e.status
+                ));
+            }
+            out.push('\n');
+
+            // Detailed entries
+            for e in bucket_entries {
+                out.push_str(&format!(
+                    "### {} — {}\n\n",
+                    &e.id[..8],
+                    e.title
+                ));
+                out.push_str(&format!("- **Severity**: {:?}\n", e.severity));
+                out.push_str(&format!("- **Confidence**: {:?}\n", e.confidence));
+                out.push_str(&format!("- **Status**: {:?}\n", e.status));
+                if let Some(ref owner) = e.owner {
+                    out.push_str(&format!("- **Owner**: {owner}\n"));
+                }
+                if !e.source_links.is_empty() {
+                    out.push_str("- **Sources**:\n");
+                    for link in &e.source_links {
+                        out.push_str(&format!("  - {link}\n"));
+                    }
+                }
+                out.push_str(&format!("\n{}\n", e.description));
+                if let Some(ref rec) = e.cleanup_recommendation {
+                    out.push_str(&format!("\n**Cleanup**: {rec}\n"));
+                }
+                out.push_str("\n---\n\n");
+            }
+        }
+
+        out
+    }
+
+    /// Summary counts by bucket and status — useful for quick display.
+    pub fn summary(&self) -> String {
+        use std::collections::BTreeMap;
+        let mut by_bucket: BTreeMap<&str, usize> = BTreeMap::new();
+        let mut open_count = 0usize;
+        let mut resolved_count = 0usize;
+        let mut accepted_count = 0usize;
+
+        for e in &self.entries {
+            *by_bucket.entry(e.bucket.as_str()).or_default() += 1;
+            match e.status {
+                SlopEntryStatus::Resolved => resolved_count += 1,
+                SlopEntryStatus::Accepted | SlopEntryStatus::WontFix => accepted_count += 1,
+                _ => open_count += 1,
+            }
+        }
+
+        let mut out = format!(
+            "Slop Ledger: {} total | {} open | {} resolved | {} accepted\n",
+            self.entries.len(),
+            open_count,
+            resolved_count,
+            accepted_count
+        );
+        for (bucket, count) in &by_bucket {
+            out.push_str(&format!("  {bucket}: {count}\n"));
+        }
+        out
+    }
+}
+
+// ── Tools ──────────────────────────────────────────────────────────────────
+
+/// `slop_ledger_append` — append one or more entries to the slop ledger.
+pub struct SlopLedgerAppendTool;
+
+#[async_trait]
+impl ToolSpec for SlopLedgerAppendTool {
+    fn name(&self) -> &'static str {
+        "slop_ledger_append"
+    }
+
+    fn description(&self) -> &'static str {
+        "Append one or more entries to the slop ledger — a durable record of \
+         unresolved architectural residue (compatibility shims, unmigrated \
+         callers, duplicate concepts, stale docs/tests, suspected dead code, \
+         tool gaps, etc.). Use this when you complete a task and notice \
+         residue that should be tracked for future cleanup. Each entry needs \
+         a bucket, severity, confidence, title, and description."
+    }
+
+    fn input_schema(&self) -> Value {
+        json!({
+            "type": "object",
+            "properties": {
+                "entries": {
+                    "type": "array",
+                    "description": "One or more slop entries to append.",
+                    "items": {
+                        "type": "object",
+                        "properties": {
+                            "bucket": {
+                                "type": "string",
+                                "description": "One of: retained_compatibility, unmigrated_callers, duplicate_concepts, naming_drift, stale_docs, stale_tests, suspected_dead_code, unverified_public_behavior, tool_gaps, accepted_debt"
+                            },
+                            "severity": {
+                                "type": "string",
+                                "description": "critical | high | medium | low | info"
+                            },
+                            "confidence": {
+                                "type": "string",
+                                "description": "certain | high | medium | low"
+                            },
+                            "title": {
+                                "type": "string",
+                                "description": "Short title (one line)"
+                            },
+                            "description": {
+                                "type": "string",
+                                "description": "Detailed description of the residue"
+                            },
+                            "owner": {
+                                "type": "string",
+                                "description": "Optional: who should clean this up?"
+                            },
+                            "source_links": {
+                                "type": "array",
+                                "items": {"type": "string"},
+                                "description": "Optional: file paths or URLs"
+                            }
+                        },
+                        "required": ["bucket", "severity", "confidence", "title", "description"]
+                    }
+                }
+            },
+            "required": ["entries"]
+        })
+    }
+
+    fn capabilities(&self) -> Vec<ToolCapability> {
+        vec![ToolCapability::WritesFiles]
+    }
+
+    fn approval_requirement(&self) -> ApprovalRequirement {
+        ApprovalRequirement::Auto
+    }
+
+    async fn execute(&self, input: Value, context: &ToolContext) -> Result<ToolResult, ToolError> {
+        let entries_val = input
+            .get("entries")
+            .and_then(|v| v.as_array())
+            .ok_or_else(|| ToolError::invalid_input("'entries' must be a non-empty array"))?;
+
+        let mut ledger = SlopLedger::load().map_err(|e| {
+            ToolError::execution_failed(format!("failed to load slop ledger: {e}"))
+        })?;
+
+        let mut appended = Vec::new();
+        for entry_val in entries_val {
+            let bucket_str = required_str(entry_val, "bucket")?;
+            let bucket = SlopBucket::from_str(bucket_str).ok_or_else(|| {
+                ToolError::invalid_input(format!("unknown bucket: '{bucket_str}'"))
+            })?;
+
+            let severity = SlopSeverity::from_str(required_str(entry_val, "severity")?).ok_or_else(|| {
+                ToolError::invalid_input("invalid severity (use critical|high|medium|low|info)")
+            })?;
+
+            let confidence = SlopConfidence::from_str(required_str(entry_val, "confidence")?).ok_or_else(|| {
+                ToolError::invalid_input("invalid confidence (use certain|high|medium|low)")
+            })?;
+
+            let title = required_str(entry_val, "title")?.to_string();
+            let description = required_str(entry_val, "description")?.to_string();
+
+            let mut entry = SlopEntry::new(bucket, severity, confidence, title, description);
+
+            if let Some(owner) = entry_val.get("owner").and_then(|v| v.as_str()) {
+                entry.owner = Some(owner.to_string());
+            }
+            if let Some(links) = entry_val.get("source_links").and_then(|v| v.as_array()) {
+                entry.source_links = links
+                    .iter()
+                    .filter_map(|v| v.as_str().map(String::from))
+                    .collect();
+            }
+
+            // Attach active task/thread context if available
+            if let Some(ref task_id) = context.runtime.active_task_id {
+                entry.task_id = Some(task_id.clone());
+            }
+            if let Some(ref thread_id) = context.runtime.active_thread_id {
+                entry.thread_id = Some(thread_id.clone());
+            }
+
+            appended.push(entry);
+        }
+
+        let saved = ledger.append(appended);
+        ledger.save().map_err(|e| {
+            ToolError::execution_failed(format!("failed to save slop ledger: {e}"))
+        })?;
+
+        let ids: Vec<&str> = saved.iter().map(|e| e.id.as_str()).collect();
+        Ok(ToolResult::success(format!(
+            "Appended {} slop ledger entr{}: {}",
+            saved.len(),
+            if saved.len() == 1 { "y" } else { "ies" },
+            ids.iter().map(|id| &id[..8]).collect::<Vec<_>>().join(", ")
+        )))
+    }
+}
+
+/// `slop_ledger_query` — query the slop ledger.
+pub struct SlopLedgerQueryTool;
+
+#[async_trait]
+impl ToolSpec for SlopLedgerQueryTool {
+    fn name(&self) -> &'static str {
+        "slop_ledger_query"
+    }
+
+    fn description(&self) -> &'static str {
+        "Query the slop ledger for unresolved architectural residue. \
+         Filter by bucket, severity, status, or text search."
+    }
+
+    fn input_schema(&self) -> Value {
+        json!({
+            "type": "object",
+            "properties": {
+                "bucket": {
+                    "type": "string",
+                    "description": "Optional: filter by bucket"
+                },
+                "severity": {
+                    "type": "string",
+                    "description": "Optional: filter by severity"
+                },
+                "status": {
+                    "type": "string",
+                    "description": "Optional: filter by status"
+                },
+                "search": {
+                    "type": "string",
+                    "description": "Optional: fuzzy text search in title and description"
+                },
+                "limit": {
+                    "type": "integer",
+                    "description": "Optional: max results (default 50)"
+                }
+            }
+        })
+    }
+
+    fn capabilities(&self) -> Vec<ToolCapability> {
+        vec![]
+    }
+
+    fn approval_requirement(&self) -> ApprovalRequirement {
+        ApprovalRequirement::Auto
+    }
+
+    async fn execute(&self, input: Value, _context: &ToolContext) -> Result<ToolResult, ToolError> {
+        let filter = SlopLedgerFilter {
+            bucket: input
+                .get("bucket")
+                .and_then(|v| v.as_str())
+                .and_then(SlopBucket::from_str),
+            severity: input
+                .get("severity")
+                .and_then(|v| v.as_str())
+                .and_then(SlopSeverity::from_str),
+            status: input
+                .get("status")
+                .and_then(|v| v.as_str())
+                .and_then(SlopEntryStatus::from_str),
+            search: input.get("search").and_then(|v| v.as_str()).map(String::from),
+            limit: input
+                .get("limit")
+                .and_then(|v| v.as_u64())
+                .map(|n| n as usize)
+                .or(Some(50)),
+        };
+
+        let ledger = SlopLedger::load().map_err(|e| {
+            ToolError::execution_failed(format!("failed to load slop ledger: {e}"))
+        })?;
+
+        if ledger.is_empty() {
+            return Ok(ToolResult::success("Slop ledger is empty."));
+        }
+
+        let results = ledger.query(&filter);
+        let mut out = format!("Found {} matching slop ledger entries:\n\n", results.len());
+        for entry in &results {
+            out.push_str(&format!(
+                "- [{}] **{}** ({:?} | {:?} | {:?}) — {}\n",
+                &entry.id[..8],
+                entry.bucket.as_str(),
+                entry.severity,
+                entry.confidence,
+                entry.status,
+                entry.title
+            ));
+            if let Some(ref desc) = entry.description.lines().next() {
+                out.push_str(&format!("  {desc}\n"));
+            }
+        }
+        Ok(ToolResult::success(out))
+    }
+}
+
+/// `slop_ledger_update` — update an entry's status.
+pub struct SlopLedgerUpdateTool;
+
+#[async_trait]
+impl ToolSpec for SlopLedgerUpdateTool {
+    fn name(&self) -> &'static str {
+        "slop_ledger_update"
+    }
+
+    fn description(&self) -> &'static str {
+        "Update a slop ledger entry's status (e.g., mark as resolved, accepted, or in-progress)."
+    }
+
+    fn input_schema(&self) -> Value {
+        json!({
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "string",
+                    "description": "The entry ID (or prefix) to update"
+                },
+                "status": {
+                    "type": "string",
+                    "description": "New status: open | in_progress | resolved | accepted | wontfix"
+                },
+                "cleanup_recommendation": {
+                    "type": "string",
+                    "description": "Optional: cleanup notes when resolving or accepting"
+                }
+            },
+            "required": ["id", "status"]
+        })
+    }
+
+    fn capabilities(&self) -> Vec<ToolCapability> {
+        vec![ToolCapability::WritesFiles]
+    }
+
+    fn approval_requirement(&self) -> ApprovalRequirement {
+        ApprovalRequirement::Auto
+    }
+
+    async fn execute(&self, input: Value, _context: &ToolContext) -> Result<ToolResult, ToolError> {
+        let id = required_str(&input, "id")?;
+        let status = SlopEntryStatus::from_str(required_str(&input, "status")?).ok_or_else(|| {
+            ToolError::invalid_input(
+                "invalid status (use open|in_progress|resolved|accepted|wontfix)",
+            )
+        })?;
+
+        let cleanup = input
+            .get("cleanup_recommendation")
+            .and_then(|v| v.as_str())
+            .map(String::from);
+
+        let mut ledger = SlopLedger::load().map_err(|e| {
+            ToolError::execution_failed(format!("failed to load slop ledger: {e}"))
+        })?;
+
+        match ledger.update_status(id, status, cleanup) {
+            Ok(Some(entry)) => Ok(ToolResult::success(format!(
+                "Updated slop ledger entry {} ({}) → {:?}",
+                &entry.id[..8],
+                entry.title,
+                entry.status
+            ))),
+            Ok(None) => Ok(ToolResult::success(format!(
+                "No slop ledger entry found matching '{id}'. Use slop_ledger_query to list entries."
+            ))),
+            Err(e) => Err(ToolError::execution_failed(format!(
+                "failed to update slop ledger: {e}"
+            ))),
+        }
+    }
+}
+
+/// `slop_ledger_export` — export ledger as Markdown.
+pub struct SlopLedgerExportTool;
+
+#[async_trait]
+impl ToolSpec for SlopLedgerExportTool {
+    fn name(&self) -> &'static str {
+        "slop_ledger_export"
+    }
+
+    fn description(&self) -> &'static str {
+        "Export the slop ledger as a Markdown report. Use this for handoffs, \
+         compaction relays, or GitHub issue creation. The output is suitable \
+         for pasting directly into a GitHub issue body."
+    }
+
+    fn input_schema(&self) -> Value {
+        json!({
+            "type": "object",
+            "properties": {
+                "title": {
+                    "type": "string",
+                    "description": "Optional: report title (default 'Slop Ledger Export')"
+                },
+                "bucket": {
+                    "type": "string",
+                    "description": "Optional: filter by bucket"
+                },
+                "severity": {
+                    "type": "string",
+                    "description": "Optional: filter by severity"
+                },
+                "status": {
+                    "type": "string",
+                    "description": "Optional: filter by status"
+                }
+            }
+        })
+    }
+
+    fn capabilities(&self) -> Vec<ToolCapability> {
+        vec![]
+    }
+
+    fn approval_requirement(&self) -> ApprovalRequirement {
+        ApprovalRequirement::Auto
+    }
+
+    async fn execute(&self, input: Value, _context: &ToolContext) -> Result<ToolResult, ToolError> {
+        let title = input.get("title").and_then(|v| v.as_str());
+
+        let filter = if input.get("bucket").is_some()
+            || input.get("severity").is_some()
+            || input.get("status").is_some()
+        {
+            Some(SlopLedgerFilter {
+                bucket: input
+                    .get("bucket")
+                    .and_then(|v| v.as_str())
+                    .and_then(SlopBucket::from_str),
+                severity: input
+                    .get("severity")
+                    .and_then(|v| v.as_str())
+                    .and_then(SlopSeverity::from_str),
+                status: input
+                    .get("status")
+                    .and_then(|v| v.as_str())
+                    .and_then(SlopEntryStatus::from_str),
+                ..Default::default()
+            })
+        } else {
+            None
+        };
+
+        let ledger = SlopLedger::load().map_err(|e| {
+            ToolError::execution_failed(format!("failed to load slop ledger: {e}"))
+        })?;
+
+        let markdown = ledger.export_markdown(title, filter.as_ref());
+        Ok(ToolResult::success(markdown))
+    }
+}
+
+// ── Tests ──────────────────────────────────────────────────────────────────
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use tempfile::TempDir;
+
+    fn temp_ledger() -> (TempDir, SlopLedger) {
+        let tmp = TempDir::new().unwrap();
+        let path = tmp.path().join("slop_ledger.json");
+        let ledger = SlopLedger {
+            entries: Vec::new(),
+            ledger_path: path,
+        };
+        (tmp, ledger)
+    }
+
+    #[test]
+    fn bucket_roundtrip() {
+        for bucket in SlopBucket::all_buckets() {
+            let s = bucket.as_str();
+            let parsed = SlopBucket::from_str(s);
+            assert_eq!(parsed, Some(*bucket), "roundtrip failed for {s}");
+        }
+    }
+
+    #[test]
+    fn append_and_save_load() {
+        let (_tmp, mut ledger) = temp_ledger();
+
+        let entry = SlopEntry::new(
+            SlopBucket::StaleDocs,
+            SlopSeverity::Medium,
+            SlopConfidence::High,
+            "README is outdated".into(),
+            "The README still references v0.7 APIs.".into(),
+        );
+
+        ledger.append(vec![entry]);
+        assert_eq!(ledger.len(), 1);
+        ledger.save().unwrap();
+
+        let loaded = SlopLedger::load_at(&ledger.ledger_path).unwrap();
+        assert_eq!(loaded.len(), 1);
+        assert_eq!(loaded.entries[0].title, "README is outdated");
+    }
+
+    #[test]
+    fn query_by_bucket() {
+        let (_tmp, mut ledger) = temp_ledger();
+
+        ledger.append(vec![
+            SlopEntry::new(
+                SlopBucket::StaleDocs,
+                SlopSeverity::Low,
+                SlopConfidence::Certain,
+                "doc A".into(),
+                "desc A".into(),
+            ),
+            SlopEntry::new(
+                SlopBucket::ToolGaps,
+                SlopSeverity::High,
+                SlopConfidence::Medium,
+                "gap B".into(),
+                "desc B".into(),
+            ),
+        ]);
+
+        let filter = SlopLedgerFilter {
+            bucket: Some(SlopBucket::StaleDocs),
+            ..Default::default()
+        };
+        let results = ledger.query(&filter);
+        assert_eq!(results.len(), 1);
+        assert_eq!(results[0].title, "doc A");
+    }
+
+    #[test]
+    fn query_by_search() {
+        let (_tmp, mut ledger) = temp_ledger();
+
+        ledger.append(vec![SlopEntry::new(
+            SlopBucket::SuspectedDeadCode,
+            SlopSeverity::Medium,
+            SlopConfidence::Low,
+            "dead legacy handler".into(),
+            "The legacy handler in src/old.rs appears unused.".into(),
+        )]);
+
+        let filter = SlopLedgerFilter {
+            search: Some("legacy".into()),
+            ..Default::default()
+        };
+        let results = ledger.query(&filter);
+        assert_eq!(results.len(), 1);
+    }
+
+    #[test]
+    fn update_status() {
+        let (_tmp, mut ledger) = temp_ledger();
+
+        let entry = SlopEntry::new(
+            SlopBucket::NamingDrift,
+            SlopSeverity::Low,
+            SlopConfidence::High,
+            "naming issue".into(),
+            "desc".into(),
+        );
+        let id = entry.id.clone();
+        ledger.append(vec![entry]);
+        ledger.save().unwrap();
+
+        let result = ledger
+            .update_status(&id, SlopEntryStatus::Resolved, Some("Renamed in #1234".into()))
+            .unwrap();
+        assert!(result.is_some());
+
+        let loaded = SlopLedger::load_at(&ledger.ledger_path).unwrap();
+        assert_eq!(loaded.entries[0].status, SlopEntryStatus::Resolved);
+        assert_eq!(
+            loaded.entries[0].cleanup_recommendation,
+            Some("Renamed in #1234".into())
+        );
+    }
+
+    #[test]
+    fn export_markdown() {
+        let (_tmp, mut ledger) = temp_ledger();
+
+        let mut entry = SlopEntry::new(
+            SlopBucket::StaleDocs,
+            SlopSeverity::Medium,
+            SlopConfidence::High,
+            "Outdated README".into(),
+            "The README references removed flags.".into(),
+        );
+        entry.source_links = vec!["README.md:42".into()];
+        ledger.append(vec![entry]);
+
+        let md = ledger.export_markdown(Some("Test Export"), None);
+        assert!(md.contains("Test Export"));
+        assert!(md.contains("stale_docs"));
+        assert!(md.contains("Outdated README"));
+        assert!(md.contains("README.md:42"));
+    }
+
+    #[test]
+    fn empty_ledger_loads() {
+        let (_tmp, ledger) = temp_ledger();
+        assert!(ledger.is_empty());
+        assert_eq!(ledger.len(), 0);
+    }
+
+    #[test]
+    fn summary_counts() {
+        let (_tmp, mut ledger) = temp_ledger();
+
+        let mut e1 = SlopEntry::new(
+            SlopBucket::StaleDocs,
+            SlopSeverity::Medium,
+            SlopConfidence::High,
+            "doc".into(),
+            "desc".into(),
+        );
+        e1.status = SlopEntryStatus::Open;
+
+        let mut e2 = SlopEntry::new(
+            SlopBucket::ToolGaps,
+            SlopSeverity::High,
+            SlopConfidence::Certain,
+            "gap".into(),
+            "desc".into(),
+        );
+        e2.status = SlopEntryStatus::Resolved;
+
+        let mut e3 = SlopEntry::new(
+            SlopBucket::AcceptedDebt,
+            SlopSeverity::Low,
+            SlopConfidence::Medium,
+            "debt".into(),
+            "desc".into(),
+        );
+        e3.status = SlopEntryStatus::Accepted;
+
+        ledger.append(vec![e1, e2, e3]);
+
+        let summary = ledger.summary();
+        assert!(summary.contains("3 total"));
+        assert!(summary.contains("stale_docs: 1"));
+        assert!(summary.contains("tool_gaps: 1"));
+        assert!(summary.contains("accepted_debt: 1"));
+    }
+}
diff --git a/crates/tui/src/tools/registry.rs b/crates/tui/src/tools/registry.rs
index 5254de70..a3994e33 100644
--- a/crates/tui/src/tools/registry.rs
+++ b/crates/tui/src/tools/registry.rs
@@ -720,6 +720,22 @@ impl ToolRegistryBuilder {
         self.with_tool(Arc::new(RememberTool))
     }
 
+    /// Include the slop ledger tools (#2127) — durable tracking of
+    /// unresolved architectural residue: append, query, update, export.
+    /// Registered unconditionally; the ledger JSON file is auto-created
+    /// on first append.
+    #[must_use]
+    pub fn with_slop_ledger_tools(self) -> Self {
+        use crate::slop_ledger::{
+            SlopLedgerAppendTool, SlopLedgerExportTool, SlopLedgerQueryTool,
+            SlopLedgerUpdateTool,
+        };
+        self.with_tool(Arc::new(SlopLedgerAppendTool))
+            .with_tool(Arc::new(SlopLedgerQueryTool))
+            .with_tool(Arc::new(SlopLedgerUpdateTool))
+            .with_tool(Arc::new(SlopLedgerExportTool))
+    }
+
     /// Include the `notify` tool — model-callable desktop notification
     /// (#1322). Routes through the existing `tui::notifications` OSC 9 /
     /// BEL pipeline so the user's `[notifications].method` config is

From 3cfb26539ac894e7db9bb017c907c1d0226765de Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 12:46:30 +0800
Subject: [PATCH 023/283] fix: resolve borrow-checker error in slop_ledger
 append tool

---
 crates/tui/src/slop_ledger.rs | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/crates/tui/src/slop_ledger.rs b/crates/tui/src/slop_ledger.rs
index 4aca4509..23eae9d9 100644
--- a/crates/tui/src/slop_ledger.rs
+++ b/crates/tui/src/slop_ledger.rs
@@ -297,11 +297,12 @@ impl SlopLedger {
         fs::write(&self.ledger_path, data)
     }
 
-    /// Append one or more entries and save.
-    pub fn append(&mut self, entries: Vec<SlopEntry>) -> &[SlopEntry] {
-        let start = self.entries.len();
+    /// Append one or more entries. Returns the new entry count and
+    /// the short ids of the appended entries (first 8 chars).
+    pub fn append(&mut self, entries: Vec<SlopEntry>) -> (usize, Vec<String>) {
+        let ids: Vec<String> = entries.iter().map(|e| e.id[..8].to_string()).collect();
         self.entries.extend(entries);
-        &self.entries[start..]
+        (self.entries.len(), ids)
     }
 
     /// Return the total number of entries.
@@ -618,17 +619,19 @@ impl ToolSpec for SlopLedgerAppendTool {
             appended.push(entry);
         }
 
-        let saved = ledger.append(appended);
+        let (total, ids) = ledger.append(appended);
+        let appended_count = ids.len();
+
         ledger.save().map_err(|e| {
             ToolError::execution_failed(format!("failed to save slop ledger: {e}"))
         })?;
 
-        let ids: Vec<&str> = saved.iter().map(|e| e.id.as_str()).collect();
         Ok(ToolResult::success(format!(
-            "Appended {} slop ledger entr{}: {}",
-            saved.len(),
-            if saved.len() == 1 { "y" } else { "ies" },
-            ids.iter().map(|id| &id[..8]).collect::<Vec<_>>().join(", ")
+            "Appended {} slop ledger entr{} ({} total): {}",
+            appended_count,
+            if appended_count == 1 { "y" } else { "ies" },
+            total,
+            ids.join(", ")
         )))
     }
 }
@@ -929,7 +932,7 @@ mod tests {
             "The README still references v0.7 APIs.".into(),
         );
 
-        ledger.append(vec![entry]);
+        let _ = ledger.append(vec![entry]);
         assert_eq!(ledger.len(), 1);
         ledger.save().unwrap();
 
@@ -942,7 +945,7 @@ mod tests {
     fn query_by_bucket() {
         let (_tmp, mut ledger) = temp_ledger();
 
-        ledger.append(vec![
+        let _ = ledger.append(vec![
             SlopEntry::new(
                 SlopBucket::StaleDocs,
                 SlopSeverity::Low,
@@ -972,7 +975,7 @@ mod tests {
     fn query_by_search() {
         let (_tmp, mut ledger) = temp_ledger();
 
-        ledger.append(vec![SlopEntry::new(
+        let _ = ledger.append(vec![SlopEntry::new(
             SlopBucket::SuspectedDeadCode,
             SlopSeverity::Medium,
             SlopConfidence::Low,
@@ -1000,7 +1003,7 @@ mod tests {
             "desc".into(),
         );
         let id = entry.id.clone();
-        ledger.append(vec![entry]);
+        let _ = ledger.append(vec![entry]);
         ledger.save().unwrap();
 
         let result = ledger
@@ -1028,7 +1031,7 @@ mod tests {
             "The README references removed flags.".into(),
         );
         entry.source_links = vec!["README.md:42".into()];
-        ledger.append(vec![entry]);
+        let _ = ledger.append(vec![entry]);
 
         let md = ledger.export_markdown(Some("Test Export"), None);
         assert!(md.contains("Test Export"));
@@ -1075,7 +1078,7 @@ mod tests {
         );
         e3.status = SlopEntryStatus::Accepted;
 
-        ledger.append(vec![e1, e2, e3]);
+        let _ = ledger.append(vec![e1, e2, e3]);
 
         let summary = ledger.summary();
         assert!(summary.contains("3 total"));

From 3e073992eb202e68f9472dae9a8c54c6498106a2 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 12:53:35 +0800
Subject: [PATCH 024/283] fix: use read-only slop ledger tools in plan mode

---
 COMMIT_MSG.md                            | 73 ++++++++++++++++++++++++
 crates/tui/src/core/engine/tool_setup.rs | 11 +++-
 crates/tui/src/tools/registry.rs         |  9 +++
 3 files changed, 91 insertions(+), 2 deletions(-)
 create mode 100644 COMMIT_MSG.md

diff --git a/COMMIT_MSG.md b/COMMIT_MSG.md
new file mode 100644
index 00000000..d28ca129
--- /dev/null
+++ b/COMMIT_MSG.md
@@ -0,0 +1,73 @@
+# Commit Message — SlopLedger (#2127)
+
+## Summary
+
+Add a durable `SlopLedger` that makes invisible architectural residue
+visible and queryable across agent sessions.
+
+Closes: https://github.com/Hmbown/CodeWhale/issues/2127
+
+## Problem
+
+AI agents often leave behind invisible "slop" after a task:
+compatibility shims, unmigrated callers, duplicated concepts,
+naming drift, stale docs/tests, suspected dead code, and tool gaps.
+
+Currently these residues are untracked. The next agent rediscovers
+them, amplifies them, or mistakes them for intended architecture.
+
+## Solution
+
+A persistent JSON-backed ledger (`~/.codewhale/slop_ledger/slop_ledger.json`)
+with four model-callable tools and a `/slop` slash command.
+
+### Data Model
+
+- **10 classification buckets**: retained_compatibility, unmigrated_callers,
+  duplicate_concepts, naming_drift, stale_docs, stale_tests,
+  suspected_dead_code, unverified_public_behavior, tool_gaps, accepted_debt
+- **Severity**: critical | high | medium | low | info
+- **Confidence**: certain | high | medium | low
+- **Status lifecycle**: open → in_progress → resolved | accepted | wontfix
+- Each entry carries: owner, source links, title, description,
+  cleanup recommendation, timestamps, and optional task_id / thread_id
+
+### Tools (model-callable)
+
+| Tool | Description |
+|---|---|
+| `slop_ledger_append` | Append entries with bucket, severity, confidence, title, description |
+| `slop_ledger_query` | Query with bucket/severity/status/text filters |
+| `slop_ledger_update` | Update entry status |
+| `slop_ledger_export` | Export as Markdown for handoffs / GitHub issues |
+
+### Slash Command
+
+- `/slop` — print summary
+- `/slop query` — list entries
+- `/slop export` — Markdown export
+- Alias: `/canzha`
+
+### Files Changed
+
+| File | Change |
+|---|---|
+| `crates/tui/src/slop_ledger.rs` | **New** — 1089 lines |
+| `crates/tui/src/main.rs` | +1: mod declaration |
+| `crates/tui/src/tools/registry.rs` | +16: builder method |
+| `crates/tui/src/core/engine/tool_setup.rs` | +1: registration |
+| `crates/tui/src/commands/mod.rs` | +10: command + dispatch |
+| `crates/tui/src/commands/config.rs` | +41: handler |
+
+### Tests
+
+8 unit tests: bucket roundtrip, save/load, query by bucket/search,
+update status, markdown export, empty ledger, summary counts.
+
+## How to Test
+
+```bash
+cargo test -p codewhale-tui -- slop_ledger
+```
+
+In TUI: `/slop`, `/slop query`, `/slop export`
diff --git a/crates/tui/src/core/engine/tool_setup.rs b/crates/tui/src/core/engine/tool_setup.rs
index 2f2845b0..c4da4156 100644
--- a/crates/tui/src/core/engine/tool_setup.rs
+++ b/crates/tui/src/core/engine/tool_setup.rs
@@ -63,8 +63,15 @@ impl Engine {
             .with_review_tool(self.deepseek_client.clone(), self.session.model.clone())
             .with_user_input_tool()
             .with_parallel_tool()
-            .with_recall_archive_tool()
-            .with_slop_ledger_tools();
+            .with_recall_archive_tool();
+
+        // SlopLedger: plan mode only gets read-only query + export,
+        // agent/yolo get the full set including append + update.
+        builder = if mode == AppMode::Plan {
+            builder.with_slop_ledger_read_only_tools()
+        } else {
+            builder.with_slop_ledger_tools()
+        };
 
         if mode != AppMode::Plan {
             builder = builder
diff --git a/crates/tui/src/tools/registry.rs b/crates/tui/src/tools/registry.rs
index a3994e33..a4f453b4 100644
--- a/crates/tui/src/tools/registry.rs
+++ b/crates/tui/src/tools/registry.rs
@@ -736,6 +736,15 @@ impl ToolRegistryBuilder {
             .with_tool(Arc::new(SlopLedgerExportTool))
     }
 
+    /// Read-only subset of slop ledger tools (#2127) for plan mode:
+    /// only query and export — no append or update.
+    #[must_use]
+    pub fn with_slop_ledger_read_only_tools(self) -> Self {
+        use crate::slop_ledger::{SlopLedgerExportTool, SlopLedgerQueryTool};
+        self.with_tool(Arc::new(SlopLedgerQueryTool))
+            .with_tool(Arc::new(SlopLedgerExportTool))
+    }
+
     /// Include the `notify` tool — model-callable desktop notification
     /// (#1322). Routes through the existing `tui::notifications` OSC 9 /
     /// BEL pipeline so the user's `[notifications].method` config is

From d10743362e1059899ea7abde4797797286522262 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 12:55:29 +0800
Subject: [PATCH 025/283] chore: remove COMMIT_MSG.md from tracking

---
 COMMIT_MSG.md | 73 ---------------------------------------------------
 1 file changed, 73 deletions(-)
 delete mode 100644 COMMIT_MSG.md

diff --git a/COMMIT_MSG.md b/COMMIT_MSG.md
deleted file mode 100644
index d28ca129..00000000
--- a/COMMIT_MSG.md
+++ /dev/null
@@ -1,73 +0,0 @@
-# Commit Message — SlopLedger (#2127)
-
-## Summary
-
-Add a durable `SlopLedger` that makes invisible architectural residue
-visible and queryable across agent sessions.
-
-Closes: https://github.com/Hmbown/CodeWhale/issues/2127
-
-## Problem
-
-AI agents often leave behind invisible "slop" after a task:
-compatibility shims, unmigrated callers, duplicated concepts,
-naming drift, stale docs/tests, suspected dead code, and tool gaps.
-
-Currently these residues are untracked. The next agent rediscovers
-them, amplifies them, or mistakes them for intended architecture.
-
-## Solution
-
-A persistent JSON-backed ledger (`~/.codewhale/slop_ledger/slop_ledger.json`)
-with four model-callable tools and a `/slop` slash command.
-
-### Data Model
-
-- **10 classification buckets**: retained_compatibility, unmigrated_callers,
-  duplicate_concepts, naming_drift, stale_docs, stale_tests,
-  suspected_dead_code, unverified_public_behavior, tool_gaps, accepted_debt
-- **Severity**: critical | high | medium | low | info
-- **Confidence**: certain | high | medium | low
-- **Status lifecycle**: open → in_progress → resolved | accepted | wontfix
-- Each entry carries: owner, source links, title, description,
-  cleanup recommendation, timestamps, and optional task_id / thread_id
-
-### Tools (model-callable)
-
-| Tool | Description |
-|---|---|
-| `slop_ledger_append` | Append entries with bucket, severity, confidence, title, description |
-| `slop_ledger_query` | Query with bucket/severity/status/text filters |
-| `slop_ledger_update` | Update entry status |
-| `slop_ledger_export` | Export as Markdown for handoffs / GitHub issues |
-
-### Slash Command
-
-- `/slop` — print summary
-- `/slop query` — list entries
-- `/slop export` — Markdown export
-- Alias: `/canzha`
-
-### Files Changed
-
-| File | Change |
-|---|---|
-| `crates/tui/src/slop_ledger.rs` | **New** — 1089 lines |
-| `crates/tui/src/main.rs` | +1: mod declaration |
-| `crates/tui/src/tools/registry.rs` | +16: builder method |
-| `crates/tui/src/core/engine/tool_setup.rs` | +1: registration |
-| `crates/tui/src/commands/mod.rs` | +10: command + dispatch |
-| `crates/tui/src/commands/config.rs` | +41: handler |
-
-### Tests
-
-8 unit tests: bucket roundtrip, save/load, query by bucket/search,
-update status, markdown export, empty ledger, summary counts.
-
-## How to Test
-
-```bash
-cargo test -p codewhale-tui -- slop_ledger
-```
-
-In TUI: `/slop`, `/slop query`, `/slop export`

From f70007663f58e9ab9d7f9a6724258cc3337e6d27 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 13:06:50 +0800
Subject: [PATCH 026/283] fix: suppress dead_code warnings for CI -Dwarnings

---
 crates/tui/src/slop_ledger.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crates/tui/src/slop_ledger.rs b/crates/tui/src/slop_ledger.rs
index 23eae9d9..9e0b1ed1 100644
--- a/crates/tui/src/slop_ledger.rs
+++ b/crates/tui/src/slop_ledger.rs
@@ -81,6 +81,7 @@ impl SlopBucket {
         }
     }
 
+    #[allow(dead_code)]
     pub fn all_buckets() -> &'static [SlopBucket] {
         &[
             Self::RetainedCompatibility,
@@ -307,6 +308,7 @@ impl SlopLedger {
 
     /// Return the total number of entries.
     #[must_use]
+    #[allow(dead_code)]
     pub fn len(&self) -> usize {
         self.entries.len()
     }

From 8928e1dde44b4947a5e0f07ebff619812049fdb0 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 13:52:59 +0800
Subject: [PATCH 027/283] =?UTF-8?q?fix:=20address=20code=20review=20?=
 =?UTF-8?q?=E2=80=94=20error=20propagation,=20prefix=20match,=20atomic=20w?=
 =?UTF-8?q?rite,=20UTF-8=20safe=20truncation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 COMMIT_MSG.md                    |  73 ++++++++++++++++++++++
 crates/tui/src/main.rs           |   2 +-
 crates/tui/src/slop_ledger.rs    | 102 ++++++++++++++++++-------------
 crates/tui/src/tools/registry.rs |   3 +-
 4 files changed, 135 insertions(+), 45 deletions(-)
 create mode 100644 COMMIT_MSG.md

diff --git a/COMMIT_MSG.md b/COMMIT_MSG.md
new file mode 100644
index 00000000..d28ca129
--- /dev/null
+++ b/COMMIT_MSG.md
@@ -0,0 +1,73 @@
+# Commit Message — SlopLedger (#2127)
+
+## Summary
+
+Add a durable `SlopLedger` that makes invisible architectural residue
+visible and queryable across agent sessions.
+
+Closes: https://github.com/Hmbown/CodeWhale/issues/2127
+
+## Problem
+
+AI agents often leave behind invisible "slop" after a task:
+compatibility shims, unmigrated callers, duplicated concepts,
+naming drift, stale docs/tests, suspected dead code, and tool gaps.
+
+Currently these residues are untracked. The next agent rediscovers
+them, amplifies them, or mistakes them for intended architecture.
+
+## Solution
+
+A persistent JSON-backed ledger (`~/.codewhale/slop_ledger/slop_ledger.json`)
+with four model-callable tools and a `/slop` slash command.
+
+### Data Model
+
+- **10 classification buckets**: retained_compatibility, unmigrated_callers,
+  duplicate_concepts, naming_drift, stale_docs, stale_tests,
+  suspected_dead_code, unverified_public_behavior, tool_gaps, accepted_debt
+- **Severity**: critical | high | medium | low | info
+- **Confidence**: certain | high | medium | low
+- **Status lifecycle**: open → in_progress → resolved | accepted | wontfix
+- Each entry carries: owner, source links, title, description,
+  cleanup recommendation, timestamps, and optional task_id / thread_id
+
+### Tools (model-callable)
+
+| Tool | Description |
+|---|---|
+| `slop_ledger_append` | Append entries with bucket, severity, confidence, title, description |
+| `slop_ledger_query` | Query with bucket/severity/status/text filters |
+| `slop_ledger_update` | Update entry status |
+| `slop_ledger_export` | Export as Markdown for handoffs / GitHub issues |
+
+### Slash Command
+
+- `/slop` — print summary
+- `/slop query` — list entries
+- `/slop export` — Markdown export
+- Alias: `/canzha`
+
+### Files Changed
+
+| File | Change |
+|---|---|
+| `crates/tui/src/slop_ledger.rs` | **New** — 1089 lines |
+| `crates/tui/src/main.rs` | +1: mod declaration |
+| `crates/tui/src/tools/registry.rs` | +16: builder method |
+| `crates/tui/src/core/engine/tool_setup.rs` | +1: registration |
+| `crates/tui/src/commands/mod.rs` | +10: command + dispatch |
+| `crates/tui/src/commands/config.rs` | +41: handler |
+
+### Tests
+
+8 unit tests: bucket roundtrip, save/load, query by bucket/search,
+update status, markdown export, empty ledger, summary counts.
+
+## How to Test
+
+```bash
+cargo test -p codewhale-tui -- slop_ledger
+```
+
+In TUI: `/slop`, `/slop query`, `/slop export`
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index ba082137..8136d744 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -65,11 +65,11 @@ mod session_manager;
 mod settings;
 mod skill_state;
 mod skills;
+mod slop_ledger;
 mod snapshot;
 mod task_manager;
 #[cfg(test)]
 mod test_support;
-mod slop_ledger;
 mod theme_qa_audit;
 mod tools;
 mod tui;
diff --git a/crates/tui/src/slop_ledger.rs b/crates/tui/src/slop_ledger.rs
index 9e0b1ed1..bc3a4f3a 100644
--- a/crates/tui/src/slop_ledger.rs
+++ b/crates/tui/src/slop_ledger.rs
@@ -282,7 +282,12 @@ impl SlopLedger {
             });
         }
         let data = fs::read_to_string(path)?;
-        let mut ledger: SlopLedger = serde_json::from_str(&data).unwrap_or_default();
+        let mut ledger: SlopLedger = serde_json::from_str(&data).map_err(|e| {
+            io::Error::new(
+                io::ErrorKind::InvalidData,
+                format!("failed to parse slop ledger JSON: {e}"),
+            )
+        })?;
         ledger.ledger_path = path.to_path_buf();
         Ok(ledger)
     }
@@ -295,7 +300,7 @@ impl SlopLedger {
         let data = serde_json::to_string_pretty(self).map_err(|e| {
             io::Error::new(io::ErrorKind::Other, format!("serialization error: {e}"))
         })?;
-        fs::write(&self.ledger_path, data)
+        crate::utils::write_atomic(&self.ledger_path, data.as_bytes())
     }
 
     /// Append one or more entries. Returns the new entry count and
@@ -360,7 +365,7 @@ impl SlopLedger {
 
     /// Find an entry by id.
     pub fn find_mut(&mut self, id: &str) -> Option<&mut SlopEntry> {
-        self.entries.iter_mut().find(|e| e.id == id)
+        self.entries.iter_mut().find(|e| e.id.starts_with(id))
     }
 
     /// Update an entry's status (and optionally other fields) and save.
@@ -386,7 +391,11 @@ impl SlopLedger {
 
     /// Export all entries as a Markdown string suitable for handoff or
     /// GitHub issue body.
-    pub fn export_markdown(&self, title: Option<&str>, filter: Option<&SlopLedgerFilter>) -> String {
+    pub fn export_markdown(
+        &self,
+        title: Option<&str>,
+        filter: Option<&SlopLedgerFilter>,
+    ) -> String {
         let entries: Vec<&SlopEntry> = match filter {
             Some(f) => self.query(f),
             None => self.entries.iter().collect(),
@@ -418,11 +427,7 @@ impl SlopLedger {
             out.push_str("|---|---|---|---|---|---|\n");
             for e in bucket_entries {
                 let source = e.source_links.first().map(|s| s.as_str()).unwrap_or("-");
-                let title = if e.title.len() > 60 {
-                    format!("{}…", &e.title[..57])
-                } else {
-                    e.title.clone()
-                };
+                let title = truncate_str(&e.title, 60);
                 out.push_str(&format!(
                     "| {} | {:?} | {:?} | {:?} | {title} | {source} |\n",
                     &e.id[..8],
@@ -435,11 +440,7 @@ impl SlopLedger {
 
             // Detailed entries
             for e in bucket_entries {
-                out.push_str(&format!(
-                    "### {} — {}\n\n",
-                    &e.id[..8],
-                    e.title
-                ));
+                out.push_str(&format!("### {} — {}\n\n", &e.id[..8], e.title));
                 out.push_str(&format!("- **Severity**: {:?}\n", e.severity));
                 out.push_str(&format!("- **Confidence**: {:?}\n", e.confidence));
                 out.push_str(&format!("- **Status**: {:?}\n", e.status));
@@ -576,9 +577,8 @@ impl ToolSpec for SlopLedgerAppendTool {
             .and_then(|v| v.as_array())
             .ok_or_else(|| ToolError::invalid_input("'entries' must be a non-empty array"))?;
 
-        let mut ledger = SlopLedger::load().map_err(|e| {
-            ToolError::execution_failed(format!("failed to load slop ledger: {e}"))
-        })?;
+        let mut ledger = SlopLedger::load()
+            .map_err(|e| ToolError::execution_failed(format!("failed to load slop ledger: {e}")))?;
 
         let mut appended = Vec::new();
         for entry_val in entries_val {
@@ -587,13 +587,15 @@ impl ToolSpec for SlopLedgerAppendTool {
                 ToolError::invalid_input(format!("unknown bucket: '{bucket_str}'"))
             })?;
 
-            let severity = SlopSeverity::from_str(required_str(entry_val, "severity")?).ok_or_else(|| {
-                ToolError::invalid_input("invalid severity (use critical|high|medium|low|info)")
-            })?;
+            let severity = SlopSeverity::from_str(required_str(entry_val, "severity")?)
+                .ok_or_else(|| {
+                    ToolError::invalid_input("invalid severity (use critical|high|medium|low|info)")
+                })?;
 
-            let confidence = SlopConfidence::from_str(required_str(entry_val, "confidence")?).ok_or_else(|| {
-                ToolError::invalid_input("invalid confidence (use certain|high|medium|low)")
-            })?;
+            let confidence = SlopConfidence::from_str(required_str(entry_val, "confidence")?)
+                .ok_or_else(|| {
+                    ToolError::invalid_input("invalid confidence (use certain|high|medium|low)")
+                })?;
 
             let title = required_str(entry_val, "title")?.to_string();
             let description = required_str(entry_val, "description")?.to_string();
@@ -624,9 +626,9 @@ impl ToolSpec for SlopLedgerAppendTool {
         let (total, ids) = ledger.append(appended);
         let appended_count = ids.len();
 
-        ledger.save().map_err(|e| {
-            ToolError::execution_failed(format!("failed to save slop ledger: {e}"))
-        })?;
+        ledger
+            .save()
+            .map_err(|e| ToolError::execution_failed(format!("failed to save slop ledger: {e}")))?;
 
         Ok(ToolResult::success(format!(
             "Appended {} slop ledger entr{} ({} total): {}",
@@ -702,7 +704,10 @@ impl ToolSpec for SlopLedgerQueryTool {
                 .get("status")
                 .and_then(|v| v.as_str())
                 .and_then(SlopEntryStatus::from_str),
-            search: input.get("search").and_then(|v| v.as_str()).map(String::from),
+            search: input
+                .get("search")
+                .and_then(|v| v.as_str())
+                .map(String::from),
             limit: input
                 .get("limit")
                 .and_then(|v| v.as_u64())
@@ -710,9 +715,8 @@ impl ToolSpec for SlopLedgerQueryTool {
                 .or(Some(50)),
         };
 
-        let ledger = SlopLedger::load().map_err(|e| {
-            ToolError::execution_failed(format!("failed to load slop ledger: {e}"))
-        })?;
+        let ledger = SlopLedger::load()
+            .map_err(|e| ToolError::execution_failed(format!("failed to load slop ledger: {e}")))?;
 
         if ledger.is_empty() {
             return Ok(ToolResult::success("Slop ledger is empty."));
@@ -782,20 +786,20 @@ impl ToolSpec for SlopLedgerUpdateTool {
 
     async fn execute(&self, input: Value, _context: &ToolContext) -> Result<ToolResult, ToolError> {
         let id = required_str(&input, "id")?;
-        let status = SlopEntryStatus::from_str(required_str(&input, "status")?).ok_or_else(|| {
-            ToolError::invalid_input(
-                "invalid status (use open|in_progress|resolved|accepted|wontfix)",
-            )
-        })?;
+        let status =
+            SlopEntryStatus::from_str(required_str(&input, "status")?).ok_or_else(|| {
+                ToolError::invalid_input(
+                    "invalid status (use open|in_progress|resolved|accepted|wontfix)",
+                )
+            })?;
 
         let cleanup = input
             .get("cleanup_recommendation")
             .and_then(|v| v.as_str())
             .map(String::from);
 
-        let mut ledger = SlopLedger::load().map_err(|e| {
-            ToolError::execution_failed(format!("failed to load slop ledger: {e}"))
-        })?;
+        let mut ledger = SlopLedger::load()
+            .map_err(|e| ToolError::execution_failed(format!("failed to load slop ledger: {e}")))?;
 
         match ledger.update_status(id, status, cleanup) {
             Ok(Some(entry)) => Ok(ToolResult::success(format!(
@@ -887,15 +891,25 @@ impl ToolSpec for SlopLedgerExportTool {
             None
         };
 
-        let ledger = SlopLedger::load().map_err(|e| {
-            ToolError::execution_failed(format!("failed to load slop ledger: {e}"))
-        })?;
+        let ledger = SlopLedger::load()
+            .map_err(|e| ToolError::execution_failed(format!("failed to load slop ledger: {e}")))?;
 
         let markdown = ledger.export_markdown(title, filter.as_ref());
         Ok(ToolResult::success(markdown))
     }
 }
 
+/// Truncate a UTF-8 string to at most `max_chars` characters, appending '…'
+/// when truncation occurs. Operates on char boundaries — never panics on
+/// multi-byte characters.
+fn truncate_str(s: &str, max_chars: usize) -> String {
+    if s.chars().count() <= max_chars {
+        return s.to_string();
+    }
+    let truncated: String = s.chars().take(max_chars.saturating_sub(1)).collect();
+    format!("{truncated}…")
+}
+
 // ── Tests ──────────────────────────────────────────────────────────────────
 
 #[cfg(test)]
@@ -1009,7 +1023,11 @@ mod tests {
         ledger.save().unwrap();
 
         let result = ledger
-            .update_status(&id, SlopEntryStatus::Resolved, Some("Renamed in #1234".into()))
+            .update_status(
+                &id,
+                SlopEntryStatus::Resolved,
+                Some("Renamed in #1234".into()),
+            )
             .unwrap();
         assert!(result.is_some());
 
diff --git a/crates/tui/src/tools/registry.rs b/crates/tui/src/tools/registry.rs
index a4f453b4..04f62003 100644
--- a/crates/tui/src/tools/registry.rs
+++ b/crates/tui/src/tools/registry.rs
@@ -727,8 +727,7 @@ impl ToolRegistryBuilder {
     #[must_use]
     pub fn with_slop_ledger_tools(self) -> Self {
         use crate::slop_ledger::{
-            SlopLedgerAppendTool, SlopLedgerExportTool, SlopLedgerQueryTool,
-            SlopLedgerUpdateTool,
+            SlopLedgerAppendTool, SlopLedgerExportTool, SlopLedgerQueryTool, SlopLedgerUpdateTool,
         };
         self.with_tool(Arc::new(SlopLedgerAppendTool))
             .with_tool(Arc::new(SlopLedgerQueryTool))

From 9c5bf7dadf51d68613b54ded2e865e1fc3ce6a0a Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 13:57:43 +0800
Subject: [PATCH 028/283] chore: remove COMMIT_MSG.md

---
 COMMIT_MSG.md | 73 ---------------------------------------------------
 1 file changed, 73 deletions(-)
 delete mode 100644 COMMIT_MSG.md

diff --git a/COMMIT_MSG.md b/COMMIT_MSG.md
deleted file mode 100644
index d28ca129..00000000
--- a/COMMIT_MSG.md
+++ /dev/null
@@ -1,73 +0,0 @@
-# Commit Message — SlopLedger (#2127)
-
-## Summary
-
-Add a durable `SlopLedger` that makes invisible architectural residue
-visible and queryable across agent sessions.
-
-Closes: https://github.com/Hmbown/CodeWhale/issues/2127
-
-## Problem
-
-AI agents often leave behind invisible "slop" after a task:
-compatibility shims, unmigrated callers, duplicated concepts,
-naming drift, stale docs/tests, suspected dead code, and tool gaps.
-
-Currently these residues are untracked. The next agent rediscovers
-them, amplifies them, or mistakes them for intended architecture.
-
-## Solution
-
-A persistent JSON-backed ledger (`~/.codewhale/slop_ledger/slop_ledger.json`)
-with four model-callable tools and a `/slop` slash command.
-
-### Data Model
-
-- **10 classification buckets**: retained_compatibility, unmigrated_callers,
-  duplicate_concepts, naming_drift, stale_docs, stale_tests,
-  suspected_dead_code, unverified_public_behavior, tool_gaps, accepted_debt
-- **Severity**: critical | high | medium | low | info
-- **Confidence**: certain | high | medium | low
-- **Status lifecycle**: open → in_progress → resolved | accepted | wontfix
-- Each entry carries: owner, source links, title, description,
-  cleanup recommendation, timestamps, and optional task_id / thread_id
-
-### Tools (model-callable)
-
-| Tool | Description |
-|---|---|
-| `slop_ledger_append` | Append entries with bucket, severity, confidence, title, description |
-| `slop_ledger_query` | Query with bucket/severity/status/text filters |
-| `slop_ledger_update` | Update entry status |
-| `slop_ledger_export` | Export as Markdown for handoffs / GitHub issues |
-
-### Slash Command
-
-- `/slop` — print summary
-- `/slop query` — list entries
-- `/slop export` — Markdown export
-- Alias: `/canzha`
-
-### Files Changed
-
-| File | Change |
-|---|---|
-| `crates/tui/src/slop_ledger.rs` | **New** — 1089 lines |
-| `crates/tui/src/main.rs` | +1: mod declaration |
-| `crates/tui/src/tools/registry.rs` | +16: builder method |
-| `crates/tui/src/core/engine/tool_setup.rs` | +1: registration |
-| `crates/tui/src/commands/mod.rs` | +10: command + dispatch |
-| `crates/tui/src/commands/config.rs` | +41: handler |
-
-### Tests
-
-8 unit tests: bucket roundtrip, save/load, query by bucket/search,
-update status, markdown export, empty ledger, summary counts.
-
-## How to Test
-
-```bash
-cargo test -p codewhale-tui -- slop_ledger
-```
-
-In TUI: `/slop`, `/slop query`, `/slop export`

From c47ed896dc2ccb8145ad6f35b8d06864f1e3076c Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 06:03:10 -0500
Subject: [PATCH 029/283] =?UTF-8?q?fix:=20DeepSeek-first=20v0.8.45=20?=
 =?UTF-8?q?=E2=80=94=20CODEWHALE=5F*=20env=20aliases,=20remove=20public=20?=
 =?UTF-8?q?Kimi/Moonshot=20promotion?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #2164 (superseded).
---
 CHANGELOG.md             |  19 ++-
 README.md                |  41 ++----
 crates/config/src/lib.rs | 183 +++++++++++++++++++++++++-
 crates/tui/CHANGELOG.md  |  19 ++-
 crates/tui/src/config.rs | 269 ++++++++++++++++++++++++++++++++++++---
 docs/CONFIGURATION.md    |  32 +++--
 6 files changed, 494 insertions(+), 69 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d0f05ae..7b8fee06 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,11 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-### Fixed
+### Added
 
-- **Kimi Code API-key setup.** `codewhale config set providers.moonshot.*`
-  now writes the Moonshot/Kimi provider table, and Kimi Code API-key
-  endpoints default to `kimi-for-coding` without using the Kimi CLI OAuth path.
+- **`CODEWHALE_*` env aliases.** `CODEWHALE_PROVIDER`, `CODEWHALE_MODEL`,
+  and `CODEWHALE_BASE_URL` are public product-scoped aliases that take
+  precedence over the legacy `DEEPSEEK_*` forms. The `DEEPSEEK_*` names
+  remain accepted for back-compat. Recommended setup paths are
+  `codewhale --provider <name>`, `provider = "<name>"` in
+  `~/.codewhale/config.toml`, or `CODEWHALE_PROVIDER=<name>`.
+
+### Changed
+
+- **DeepSeek-first focus.** v0.8.45.x refocuses on delivering the
+  highest-quality experience on DeepSeek first. The project's broader
+  goal remains to become a strong harness for open-source and open-weight
+  coding models, but additional first-class provider paths are planned
+  for v0.9.0 after the core DeepSeek workflow is solid.
 
 ## [0.8.45] - 2026-05-25
 
diff --git a/README.md b/README.md
index 450ca64d..b5e27147 100644
--- a/README.md
+++ b/README.md
@@ -275,11 +275,12 @@ Both binaries are required. Cross-compilation and platform-specific notes: [docs
 
 ### Providers
 
-Official DeepSeek remains the default and first-class path. v0.8.45 supports
-all 12 provider IDs in this order: `deepseek`, `nvidia-nim`, `openai`,
-`atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`,
-`sglang`, `vllm`, and `ollama`. Other providers are additive, with OpenRouter
-starting from DeepSeek Pro/Flash before broader open-model catalogs are enabled.
+CodeWhale v0.8.45 focuses on delivering the highest-quality experience on
+DeepSeek first. The project's broader goal remains to become a strong harness
+for open-source and open-weight coding models — additional first-class
+provider paths are planned for v0.9.0. Backend provider infrastructure for
+other OpenAI-compatible endpoints and self-hosted runtimes is available under
+the same `--provider` flag for advanced users who need it today.
 
 ```bash
 # DeepSeek (default)
@@ -314,24 +315,6 @@ codewhale --provider novita --model deepseek/deepseek-v4-pro
 codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"
 codewhale --provider fireworks --model deepseek-v4-pro
 
-# Kimi Code plan API key
-codewhale auth set --provider moonshot --api-key "YOUR_KIMI_CODE_API_KEY"
-codewhale config set providers.moonshot.auth_mode api_key
-codewhale config set providers.moonshot.base_url https://api.kimi.com/coding/v1
-codewhale config set providers.moonshot.model kimi-for-coding
-codewhale --provider moonshot
-
-# Kimi/Moonshot Platform API key
-codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"
-codewhale config set providers.moonshot.auth_mode api_key
-codewhale config set providers.moonshot.base_url https://api.moonshot.ai/v1
-codewhale config set providers.moonshot.model kimi-k2.6
-codewhale --provider moonshot
-
-# Kimi through OpenRouter's catalog
-codewhale auth set --provider openrouter --api-key "YOUR_OPENROUTER_API_KEY"
-codewhale --provider openrouter --model moonshotai/kimi-k2.6
-
 # Self-hosted SGLang
 SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model deepseek-v4-flash
 
@@ -506,21 +489,23 @@ Key environment variables:
 
 | Variable | Purpose |
 |---|---|
+| `CODEWHALE_PROVIDER` | Active provider. Public alias for `DEEPSEEK_PROVIDER`; wins when both are set. |
+| `CODEWHALE_MODEL` | Default model for the active provider. Public alias for `DEEPSEEK_MODEL`. |
+| `CODEWHALE_BASE_URL` | Base URL for the active provider. Public alias for `DEEPSEEK_BASE_URL`. |
 | `DEEPSEEK_API_KEY` | API key |
-| `DEEPSEEK_BASE_URL` | API base URL |
+| `DEEPSEEK_BASE_URL` | API base URL (legacy alias of `CODEWHALE_BASE_URL`) |
 | `DEEPSEEK_HTTP_HEADERS` | Optional custom model request headers, e.g. `X-Model-Provider-Id=your-model-provider` |
-| `DEEPSEEK_MODEL` | Default model |
+| `DEEPSEEK_MODEL` | Default model (legacy alias of `CODEWHALE_MODEL`) |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | Stream idle timeout in seconds, default `300`, clamped to `1..=3600` |
-| `DEEPSEEK_PROVIDER` | `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
+| `DEEPSEEK_PROVIDER` | Legacy alias of `CODEWHALE_PROVIDER`. Accepts `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `sglang`, `vllm`, `ollama`. |
 | `DEEPSEEK_PROFILE` | Config profile name |
 | `DEEPSEEK_MEMORY` | Set to `on` to enable user memory |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | Allow non-local `http://` API base URLs on trusted networks |
-| `NVIDIA_API_KEY` / `NVIDIA_NIM_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `WANJIE_API_KEY` / `WANJIE_MAAS_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
+| `NVIDIA_API_KEY` / `NVIDIA_NIM_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `WANJIE_API_KEY` / `WANJIE_MAAS_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
 | `NVIDIA_NIM_BASE_URL` / `NIM_BASE_URL` / `NVIDIA_BASE_URL` | NVIDIA NIM endpoint override |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | Generic OpenAI-compatible endpoint and model ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud endpoint and model override |
 | `WANJIE_ARK_BASE_URL` / `WANJIE_BASE_URL` / `WANJIE_MAAS_BASE_URL` / `WANJIE_ARK_MODEL` / `WANJIE_MODEL` / `WANJIE_MAAS_MODEL` | Wanjie Ark endpoint and model override |
-| `MOONSHOT_BASE_URL` / `KIMI_BASE_URL` / `MOONSHOT_MODEL` / `KIMI_MODEL_NAME` / `KIMI_MODEL` | Moonshot/Kimi endpoint and model override. For a Kimi Code plan API key, use `KIMI_BASE_URL=https://api.kimi.com/coding/v1` and `KIMI_MODEL=kimi-for-coding`. |
 | `OPENROUTER_BASE_URL` | OpenRouter endpoint override |
 | `NOVITA_BASE_URL` | Novita endpoint override |
 | `FIREWORKS_BASE_URL` | Fireworks endpoint override |
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index d9d72864..039c28c7 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -1787,10 +1787,15 @@ struct EnvRuntimeOverrides {
 impl EnvRuntimeOverrides {
     fn load() -> Self {
         Self {
-            provider: std::env::var("DEEPSEEK_PROVIDER")
+            provider: std::env::var("CODEWHALE_PROVIDER")
+                .or_else(|_| std::env::var("DEEPSEEK_PROVIDER"))
                 .ok()
                 .and_then(|v| ProviderKind::parse(&v)),
-            model: std::env::var("DEEPSEEK_MODEL").ok(),
+            model: std::env::var("CODEWHALE_MODEL")
+                .or_else(|_| std::env::var("DEEPSEEK_MODEL"))
+                .or_else(|_| std::env::var("DEEPSEEK_DEFAULT_TEXT_MODEL"))
+                .ok()
+                .filter(|v| !v.trim().is_empty()),
             wanjie_ark_model: std::env::var("WANJIE_ARK_MODEL")
                 .or_else(|_| std::env::var("WANJIE_MODEL"))
                 .or_else(|_| std::env::var("WANJIE_MAAS_MODEL"))
@@ -1816,7 +1821,8 @@ impl EnvRuntimeOverrides {
                 .ok()
                 .and_then(|value| parse_http_headers(&value).ok())
                 .filter(|headers| !headers.is_empty()),
-            deepseek_base_url: std::env::var("DEEPSEEK_BASE_URL")
+            deepseek_base_url: std::env::var("CODEWHALE_BASE_URL")
+                .or_else(|_| std::env::var("DEEPSEEK_BASE_URL"))
                 .ok()
                 .filter(|v| !v.trim().is_empty()),
             nvidia_base_url: std::env::var("NVIDIA_NIM_BASE_URL")
@@ -1921,6 +1927,7 @@ mod tests {
         deepseek_base_url: Option<OsString>,
         deepseek_http_headers: Option<OsString>,
         deepseek_model: Option<OsString>,
+        deepseek_default_text_model: Option<OsString>,
         deepseek_provider: Option<OsString>,
         deepseek_auth_mode: Option<OsString>,
         nvidia_api_key: Option<OsString>,
@@ -1954,6 +1961,9 @@ mod tests {
         vllm_base_url: Option<OsString>,
         ollama_api_key: Option<OsString>,
         ollama_base_url: Option<OsString>,
+        codewhale_provider: Option<OsString>,
+        codewhale_model: Option<OsString>,
+        codewhale_base_url: Option<OsString>,
     }
 
     impl EnvGuard {
@@ -1963,8 +1973,12 @@ mod tests {
                 deepseek_base_url: env::var_os("DEEPSEEK_BASE_URL"),
                 deepseek_http_headers: env::var_os("DEEPSEEK_HTTP_HEADERS"),
                 deepseek_model: env::var_os("DEEPSEEK_MODEL"),
+                deepseek_default_text_model: env::var_os("DEEPSEEK_DEFAULT_TEXT_MODEL"),
                 deepseek_provider: env::var_os("DEEPSEEK_PROVIDER"),
                 deepseek_auth_mode: env::var_os("DEEPSEEK_AUTH_MODE"),
+                codewhale_provider: env::var_os("CODEWHALE_PROVIDER"),
+                codewhale_model: env::var_os("CODEWHALE_MODEL"),
+                codewhale_base_url: env::var_os("CODEWHALE_BASE_URL"),
                 nvidia_api_key: env::var_os("NVIDIA_API_KEY"),
                 nvidia_nim_api_key: env::var_os("NVIDIA_NIM_API_KEY"),
                 nim_base_url: env::var_os("NIM_BASE_URL"),
@@ -2003,8 +2017,12 @@ mod tests {
                 env::remove_var("DEEPSEEK_BASE_URL");
                 env::remove_var("DEEPSEEK_HTTP_HEADERS");
                 env::remove_var("DEEPSEEK_MODEL");
+                env::remove_var("DEEPSEEK_DEFAULT_TEXT_MODEL");
                 env::remove_var("DEEPSEEK_PROVIDER");
                 env::remove_var("DEEPSEEK_AUTH_MODE");
+                env::remove_var("CODEWHALE_PROVIDER");
+                env::remove_var("CODEWHALE_MODEL");
+                env::remove_var("CODEWHALE_BASE_URL");
                 env::remove_var("NVIDIA_API_KEY");
                 env::remove_var("NVIDIA_NIM_API_KEY");
                 env::remove_var("NIM_BASE_URL");
@@ -2057,8 +2075,15 @@ mod tests {
                 Self::restore_var("DEEPSEEK_BASE_URL", self.deepseek_base_url.take());
                 Self::restore_var("DEEPSEEK_HTTP_HEADERS", self.deepseek_http_headers.take());
                 Self::restore_var("DEEPSEEK_MODEL", self.deepseek_model.take());
+                Self::restore_var(
+                    "DEEPSEEK_DEFAULT_TEXT_MODEL",
+                    self.deepseek_default_text_model.take(),
+                );
                 Self::restore_var("DEEPSEEK_PROVIDER", self.deepseek_provider.take());
                 Self::restore_var("DEEPSEEK_AUTH_MODE", self.deepseek_auth_mode.take());
+                Self::restore_var("CODEWHALE_PROVIDER", self.codewhale_provider.take());
+                Self::restore_var("CODEWHALE_MODEL", self.codewhale_model.take());
+                Self::restore_var("CODEWHALE_BASE_URL", self.codewhale_base_url.take());
                 Self::restore_var("NVIDIA_API_KEY", self.nvidia_api_key.take());
                 Self::restore_var("NVIDIA_NIM_API_KEY", self.nvidia_nim_api_key.take());
                 Self::restore_var("NIM_BASE_URL", self.nim_base_url.take());
@@ -2408,6 +2433,55 @@ mod tests {
         );
     }
 
+    /// End-to-end smoke for the preferred Kimi Code setup path:
+    ///   1. Start from a fresh root config that uses DeepSeek defaults.
+    ///   2. Mutate it through the same key-value setters the
+    ///      `codewhale config set providers.moonshot.*` CLI invokes.
+    ///   3. Switch the active provider through `CODEWHALE_PROVIDER` —
+    ///      the public env alias — without ever touching the legacy
+    ///      `DEEPSEEK_PROVIDER` name.
+    ///   4. Resolve the runtime and confirm the doctor/runtime values.
+    ///
+    /// No real API key is required; the `api_key` here is just a
+    /// non-empty placeholder.
+    #[test]
+    fn moonshot_kimi_code_smoke_config_set_then_resolve() -> Result<()> {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+
+        let mut config = ConfigToml {
+            provider: ProviderKind::Deepseek,
+            default_text_model: Some("deepseek-v4-pro".to_string()),
+            ..ConfigToml::default()
+        };
+
+        // Same key paths a user would run via `codewhale config set`.
+        config.set_value("providers.moonshot.api_key", "kimi-code-key-placeholder")?;
+        config.set_value("providers.moonshot.auth_mode", "api_key")?;
+        config.set_value("providers.moonshot.base_url", DEFAULT_KIMI_CODE_BASE_URL)?;
+        config.set_value("providers.moonshot.model", DEFAULT_KIMI_CODE_MODEL)?;
+
+        // Public env alias for the active-provider switch.
+        // Safety: test-only env mutation guarded by env_lock().
+        unsafe { env::set_var("CODEWHALE_PROVIDER", "moonshot") };
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+        assert_eq!(resolved.base_url, DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(resolved.model, DEFAULT_KIMI_CODE_MODEL);
+        assert_eq!(resolved.auth_mode.as_deref(), Some("api_key"));
+        assert_eq!(
+            resolved.api_key.as_deref(),
+            Some("kimi-code-key-placeholder")
+        );
+        assert_eq!(
+            resolved.api_key_source,
+            Some(RuntimeApiKeySource::ConfigFile)
+        );
+        Ok(())
+    }
+
     #[test]
     fn moonshot_provider_config_values_round_trip() -> Result<()> {
         let mut config = ConfigToml::default();
@@ -2757,6 +2831,109 @@ mod tests {
         );
     }
 
+    /// `CODEWHALE_PROVIDER` is the user-facing env alias for switching the
+    /// active provider. It must be honored by the runtime resolver and win
+    /// over a root `provider = "deepseek"` config entry.
+    #[test]
+    fn codewhale_provider_env_switches_active_provider() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        // Safety: test-only env mutation guarded by env_lock().
+        unsafe {
+            env::set_var("CODEWHALE_PROVIDER", "moonshot");
+        }
+        let mut config = ConfigToml {
+            provider: ProviderKind::Deepseek,
+            ..ConfigToml::default()
+        };
+        config.providers.moonshot.api_key = Some("kimi-code-key".to_string());
+        config.providers.moonshot.base_url = Some(DEFAULT_KIMI_CODE_BASE_URL.to_string());
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+        assert_eq!(resolved.base_url, DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(resolved.model, DEFAULT_KIMI_CODE_MODEL);
+        assert_eq!(resolved.api_key.as_deref(), Some("kimi-code-key"));
+    }
+
+    /// When both `CODEWHALE_PROVIDER` and the legacy `DEEPSEEK_PROVIDER`
+    /// are set, the public alias wins — a user adopting `CODEWHALE_*` in a
+    /// fresh shell config is not tripped up by a stale legacy export still
+    /// living in their dotfiles.
+    #[test]
+    fn codewhale_provider_env_wins_over_deepseek_provider_env() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        // Safety: test-only env mutation guarded by env_lock().
+        unsafe {
+            env::set_var("CODEWHALE_PROVIDER", "moonshot");
+            env::set_var("DEEPSEEK_PROVIDER", "openrouter");
+        }
+        let config = ConfigToml {
+            provider: ProviderKind::Deepseek,
+            ..ConfigToml::default()
+        };
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+    }
+
+    /// `CODEWHALE_MODEL` is the user-facing env alias for picking a model
+    /// against the active provider. It must be honored by the runtime
+    /// resolver in place of `DEEPSEEK_MODEL`.
+    #[test]
+    fn codewhale_model_env_alias_overrides_default_for_active_provider() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        // Safety: test-only env mutation guarded by env_lock().
+        unsafe {
+            env::set_var("CODEWHALE_PROVIDER", "moonshot");
+            env::set_var("CODEWHALE_MODEL", "custom-kimi-test-model");
+        }
+        let config = ConfigToml::default();
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+        assert_eq!(resolved.model, "custom-kimi-test-model");
+    }
+
+    #[test]
+    fn blank_codewhale_model_env_alias_does_not_override_default_for_active_provider() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        // Safety: test-only env mutation guarded by env_lock().
+        unsafe {
+            env::set_var("CODEWHALE_PROVIDER", "moonshot");
+            env::set_var("CODEWHALE_MODEL", "   ");
+        }
+        let config = ConfigToml::default();
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+        assert_eq!(resolved.model, DEFAULT_MOONSHOT_MODEL);
+    }
+
+    #[test]
+    fn deepseek_default_text_model_legacy_alias_still_overrides_active_provider_model() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        // Safety: test-only env mutation guarded by env_lock().
+        unsafe {
+            env::set_var("CODEWHALE_PROVIDER", "moonshot");
+            env::set_var("DEEPSEEK_DEFAULT_TEXT_MODEL", "legacy-env-model");
+        }
+        let config = ConfigToml::default();
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::Moonshot);
+        assert_eq!(resolved.model, "legacy-env-model");
+    }
+
     #[test]
     fn wanjie_ark_provider_defaults_to_openai_compatible_endpoint_and_model() {
         let _lock = env_lock();
diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md
index 2d0f05ae..7b8fee06 100644
--- a/crates/tui/CHANGELOG.md
+++ b/crates/tui/CHANGELOG.md
@@ -7,11 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-### Fixed
+### Added
 
-- **Kimi Code API-key setup.** `codewhale config set providers.moonshot.*`
-  now writes the Moonshot/Kimi provider table, and Kimi Code API-key
-  endpoints default to `kimi-for-coding` without using the Kimi CLI OAuth path.
+- **`CODEWHALE_*` env aliases.** `CODEWHALE_PROVIDER`, `CODEWHALE_MODEL`,
+  and `CODEWHALE_BASE_URL` are public product-scoped aliases that take
+  precedence over the legacy `DEEPSEEK_*` forms. The `DEEPSEEK_*` names
+  remain accepted for back-compat. Recommended setup paths are
+  `codewhale --provider <name>`, `provider = "<name>"` in
+  `~/.codewhale/config.toml`, or `CODEWHALE_PROVIDER=<name>`.
+
+### Changed
+
+- **DeepSeek-first focus.** v0.8.45.x refocuses on delivering the
+  highest-quality experience on DeepSeek first. The project's broader
+  goal remains to become a strong harness for open-source and open-weight
+  coding models, but additional first-class provider paths are planned
+  for v0.9.0 after the core DeepSeek workflow is solid.
 
 ## [0.8.45] - 2026-05-25
 
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 78975ee3..a51a3c8b 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -1554,6 +1554,19 @@ impl Config {
                 }
             }
         }
+        let moonshot_config = (provider == ApiProvider::Moonshot)
+            .then(|| self.provider_config())
+            .flatten();
+        let moonshot_uses_kimi_code = moonshot_config.is_some_and(|config| {
+            provider_config_uses_kimi_oauth(config)
+                || config
+                    .base_url
+                    .as_deref()
+                    .is_some_and(moonshot_base_url_uses_kimi_code)
+        });
+        if moonshot_uses_kimi_code {
+            return DEFAULT_KIMI_CODE_MODEL.to_string();
+        }
         if let Some(model) = self.default_text_model.as_deref()
             && (provider_passes_model_through(provider)
                 || self.active_provider_preserves_custom_base_url_model())
@@ -1570,19 +1583,6 @@ impl Config {
         {
             return model_for_provider(provider, normalized);
         }
-        let moonshot_config = (provider == ApiProvider::Moonshot)
-            .then(|| self.provider_config())
-            .flatten();
-        let moonshot_uses_kimi_code = moonshot_config.is_some_and(|config| {
-            provider_config_uses_kimi_oauth(config)
-                || config
-                    .base_url
-                    .as_deref()
-                    .is_some_and(moonshot_base_url_uses_kimi_code)
-        });
-        if moonshot_uses_kimi_code {
-            return DEFAULT_KIMI_CODE_MODEL.to_string();
-        }
 
         match provider {
             ApiProvider::Deepseek | ApiProvider::DeepseekCN => DEFAULT_TEXT_MODEL,
@@ -2271,11 +2271,29 @@ fn default_memory_path() -> Option<PathBuf> {
 
 // === Environment Overrides ===
 
+/// Read a CodeWhale env var, preferring the `CODEWHALE_*` form over the
+/// legacy `DEEPSEEK_*` form. Empty values are ignored so a blank shell export
+/// does not erase configured provider settings.
+fn codewhale_env_var(
+    codewhale_name: &str,
+    legacy_name: &str,
+) -> Result<String, std::env::VarError> {
+    std::env::var(codewhale_name)
+        .ok()
+        .filter(|value| !value.trim().is_empty())
+        .or_else(|| {
+            std::env::var(legacy_name)
+                .ok()
+                .filter(|value| !value.trim().is_empty())
+        })
+        .ok_or(std::env::VarError::NotPresent)
+}
+
 fn apply_env_overrides(config: &mut Config) {
-    if let Ok(value) = std::env::var("DEEPSEEK_PROVIDER") {
+    if let Ok(value) = codewhale_env_var("CODEWHALE_PROVIDER", "DEEPSEEK_PROVIDER") {
         config.provider = Some(value);
     }
-    if let Ok(value) = std::env::var("DEEPSEEK_BASE_URL") {
+    if let Ok(value) = codewhale_env_var("CODEWHALE_BASE_URL", "DEEPSEEK_BASE_URL") {
         match config.api_provider() {
             ApiProvider::Deepseek | ApiProvider::DeepseekCN => {
                 config.base_url = Some(value);
@@ -2558,8 +2576,13 @@ fn apply_env_overrides(config: &mut Config) {
             .moonshot
             .model = Some(value);
     }
-    if let Ok(value) =
-        std::env::var("DEEPSEEK_MODEL").or_else(|_| std::env::var("DEEPSEEK_DEFAULT_TEXT_MODEL"))
+    if let Some(value) = codewhale_env_var("CODEWHALE_MODEL", "DEEPSEEK_MODEL")
+        .ok()
+        .or_else(|| {
+            std::env::var("DEEPSEEK_DEFAULT_TEXT_MODEL")
+                .ok()
+                .filter(|value| !value.trim().is_empty())
+        })
     {
         // The CLI `--model` handoff always sets DEEPSEEK_MODEL, never the
         // provider-specific *_MODEL var. The legacy root `default_text_model`
@@ -4075,6 +4098,9 @@ mod tests {
         deepseek_http_headers: Option<OsString>,
         deepseek_model: Option<OsString>,
         deepseek_default_text_model: Option<OsString>,
+        codewhale_provider: Option<OsString>,
+        codewhale_model: Option<OsString>,
+        codewhale_base_url: Option<OsString>,
         nvidia_api_key: Option<OsString>,
         nvidia_nim_api_key: Option<OsString>,
         nim_base_url: Option<OsString>,
@@ -4137,6 +4163,9 @@ mod tests {
             let http_headers_prev = env::var_os("DEEPSEEK_HTTP_HEADERS");
             let model_prev = env::var_os("DEEPSEEK_MODEL");
             let default_text_model_prev = env::var_os("DEEPSEEK_DEFAULT_TEXT_MODEL");
+            let codewhale_provider_prev = env::var_os("CODEWHALE_PROVIDER");
+            let codewhale_model_prev = env::var_os("CODEWHALE_MODEL");
+            let codewhale_base_url_prev = env::var_os("CODEWHALE_BASE_URL");
             let nvidia_api_key_prev = env::var_os("NVIDIA_API_KEY");
             let nvidia_nim_api_key_prev = env::var_os("NVIDIA_NIM_API_KEY");
             let nim_base_url_prev = env::var_os("NIM_BASE_URL");
@@ -4194,6 +4223,9 @@ mod tests {
                 env::remove_var("DEEPSEEK_HTTP_HEADERS");
                 env::remove_var("DEEPSEEK_MODEL");
                 env::remove_var("DEEPSEEK_DEFAULT_TEXT_MODEL");
+                env::remove_var("CODEWHALE_PROVIDER");
+                env::remove_var("CODEWHALE_MODEL");
+                env::remove_var("CODEWHALE_BASE_URL");
                 env::remove_var("NVIDIA_API_KEY");
                 env::remove_var("NVIDIA_NIM_API_KEY");
                 env::remove_var("NIM_BASE_URL");
@@ -4251,6 +4283,9 @@ mod tests {
                 deepseek_http_headers: http_headers_prev,
                 deepseek_model: model_prev,
                 deepseek_default_text_model: default_text_model_prev,
+                codewhale_provider: codewhale_provider_prev,
+                codewhale_model: codewhale_model_prev,
+                codewhale_base_url: codewhale_base_url_prev,
                 nvidia_api_key: nvidia_api_key_prev,
                 nvidia_nim_api_key: nvidia_nim_api_key_prev,
                 nim_base_url: nim_base_url_prev,
@@ -4317,6 +4352,9 @@ mod tests {
                     "DEEPSEEK_DEFAULT_TEXT_MODEL",
                     self.deepseek_default_text_model.take(),
                 );
+                Self::restore_var("CODEWHALE_PROVIDER", self.codewhale_provider.take());
+                Self::restore_var("CODEWHALE_MODEL", self.codewhale_model.take());
+                Self::restore_var("CODEWHALE_BASE_URL", self.codewhale_base_url.take());
                 Self::restore_var("NVIDIA_API_KEY", self.nvidia_api_key.take());
                 Self::restore_var("NVIDIA_NIM_API_KEY", self.nvidia_nim_api_key.take());
                 Self::restore_var("NIM_BASE_URL", self.nim_base_url.take());
@@ -6484,6 +6522,203 @@ base_url = "https://api.kimi.com/coding/v1"
         Ok(())
     }
 
+    /// Env-var-only path: `CODEWHALE_BASE_URL=https://api.kimi.com/coding/v1`
+    /// combined with `CODEWHALE_PROVIDER=moonshot` must trigger Kimi Code
+    /// model selection even when the TOML has no `base_url`.
+    #[test]
+    fn moonshot_kimi_code_env_base_url_selects_coding_model() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-kimi-code-env-url-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        let config_path = temp_root.join(".deepseek").join("config.toml");
+        ensure_parent_dir(&config_path)?;
+        fs::write(
+            &config_path,
+            r#"[providers.moonshot]
+api_key = "kimi-code-env-key"
+"#,
+        )?;
+        // Safety: test-only env mutation guarded by lock_test_env().
+        unsafe {
+            env::set_var("CODEWHALE_PROVIDER", "moonshot");
+            env::set_var("CODEWHALE_BASE_URL", "https://api.kimi.com/coding/v1");
+        }
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::Moonshot);
+        assert_eq!(config.deepseek_base_url(), DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(config.default_model(), DEFAULT_KIMI_CODE_MODEL);
+        assert_eq!(config.deepseek_api_key()?, "kimi-code-env-key");
+        assert!(has_api_key_for(&config, ApiProvider::Moonshot));
+        Ok(())
+    }
+
+    /// Regression for issue #2160: a stale root `default_text_model` carried
+    /// over from a DeepSeek setup must not steer the Kimi Code endpoint to
+    /// `deepseek-v4-pro`. The user-facing trigger here is the legacy
+    /// `DEEPSEEK_PROVIDER` env var (still produced by the `codewhale
+    /// --provider moonshot` dispatcher for compat); the test also has a
+    /// `CODEWHALE_PROVIDER` twin below for the public env path.
+    #[test]
+    fn moonshot_kimi_code_model_overrides_root_deepseek_default() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-kimi-code-root-model-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        let config_path = temp_root.join(".deepseek").join("config.toml");
+        ensure_parent_dir(&config_path)?;
+        fs::write(
+            &config_path,
+            r#"provider = "deepseek"
+default_text_model = "deepseek-v4-pro"
+
+[providers.moonshot]
+api_key = "kimi-code-key"
+base_url = "https://api.kimi.com/coding/v1"
+"#,
+        )?;
+        // Safety: test-only env mutation guarded by lock_test_env().
+        unsafe { env::set_var("DEEPSEEK_PROVIDER", "moonshot") };
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::Moonshot);
+        assert_eq!(config.deepseek_base_url(), DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(config.default_model(), DEFAULT_KIMI_CODE_MODEL);
+        Ok(())
+    }
+
+    /// Same regression as above, but driven by the public `CODEWHALE_PROVIDER`
+    /// env var. Documents the recommended user-facing setup path: never
+    /// `DEEPSEEK_PROVIDER=moonshot`, always `CODEWHALE_PROVIDER=moonshot`
+    /// (or `codewhale --provider moonshot`, which also resolves through
+    /// this code path internally).
+    #[test]
+    fn moonshot_kimi_code_model_resolves_via_codewhale_provider_env() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-kimi-code-cw-env-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        let config_path = temp_root.join(".deepseek").join("config.toml");
+        ensure_parent_dir(&config_path)?;
+        fs::write(
+            &config_path,
+            r#"provider = "deepseek"
+default_text_model = "deepseek-v4-pro"
+
+[providers.moonshot]
+api_key = "kimi-code-key"
+base_url = "https://api.kimi.com/coding/v1"
+"#,
+        )?;
+        // Safety: test-only env mutation guarded by lock_test_env().
+        unsafe { env::set_var("CODEWHALE_PROVIDER", "moonshot") };
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::Moonshot);
+        assert_eq!(config.deepseek_base_url(), DEFAULT_KIMI_CODE_BASE_URL);
+        assert_eq!(config.default_model(), DEFAULT_KIMI_CODE_MODEL);
+        Ok(())
+    }
+
+    /// `CODEWHALE_PROVIDER` wins when both it and the legacy
+    /// `DEEPSEEK_PROVIDER` are set, so a user adding the new alias to their
+    /// shell isn't surprised by a stale legacy export.
+    #[test]
+    fn codewhale_provider_env_takes_precedence_over_deepseek_provider() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-cw-vs-ds-provider-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        let config_path = temp_root.join(".deepseek").join("config.toml");
+        ensure_parent_dir(&config_path)?;
+        fs::write(&config_path, "provider = \"deepseek\"\n")?;
+        // Safety: test-only env mutation guarded by lock_test_env().
+        unsafe {
+            env::set_var("CODEWHALE_PROVIDER", "moonshot");
+            env::set_var("DEEPSEEK_PROVIDER", "openrouter");
+        }
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::Moonshot);
+        Ok(())
+    }
+
+    /// Moonshot Platform path: when [providers.moonshot] is empty (or
+    /// missing) and no Kimi Code endpoint is configured, the resolver
+    /// defaults to the Moonshot Platform base URL and the `kimi-k2.6`
+    /// model. This is the "I have a Moonshot Platform API key, not a
+    /// Kimi Code plan key" path.
+    #[test]
+    fn moonshot_platform_defaults_to_kimi_k26() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-moonshot-platform-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        let config_path = temp_root.join(".deepseek").join("config.toml");
+        ensure_parent_dir(&config_path)?;
+        fs::write(
+            &config_path,
+            r#"provider = "moonshot"
+
+[providers.moonshot]
+api_key = "moonshot-platform-key"
+"#,
+        )?;
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::Moonshot);
+        assert_eq!(config.deepseek_base_url(), DEFAULT_MOONSHOT_BASE_URL);
+        assert_eq!(config.default_model(), DEFAULT_MOONSHOT_MODEL);
+        assert_eq!(config.deepseek_api_key()?, "moonshot-platform-key");
+        Ok(())
+    }
+
     #[test]
     fn has_api_key_for_detects_env_and_config_per_provider() -> Result<()> {
         let _lock = lock_test_env();
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index c63e5b9b..ed15c9d6 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -63,15 +63,14 @@ provider's keyring entry.
 
 For hosted, generic OpenAI-compatible, or self-hosted providers, set
 `provider = "nvidia-nim"`, `"openai"`, `"atlascloud"`, `"wanjie-ark"`, `"fireworks"`,
-`"moonshot"`, `"sglang"`, `"vllm"`, or `"ollama"` or pass `codewhale --provider <name>`.
+`"sglang"`, `"vllm"`, or `"ollama"` or pass `codewhale --provider <name>`.
 The facade saves provider credentials to the shared user config and forwards
 the resolved key, base URL, provider, and model to the TUI process. Use
 `codewhale auth set --provider nvidia-nim --api-key "YOUR_NVIDIA_API_KEY"` or
 `codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"` or
 `codewhale auth set --provider atlascloud --api-key "YOUR_ATLASCLOUD_API_KEY"` or
 `codewhale auth set --provider wanjie-ark --api-key "YOUR_WANJIE_API_KEY"` or
-`codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"` or
-`codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"`
+`codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"`
 to save provider keys through the facade. The generic `openai` provider defaults
 to `https://api.openai.com/v1`, accepts `OPENAI_BASE_URL`, and defaults to
 `deepseek-v4-pro` for OpenAI-compatible gateways. `atlascloud` defaults to
@@ -80,9 +79,7 @@ to `https://api.openai.com/v1`, accepts `OPENAI_BASE_URL`, and defaults to
 Wanjie Ark's OpenAI-compatible endpoint at
 `https://maas-openapi.wanjiedata.com/api/v1`, defaults to `deepseek-reasoner`,
 and passes model IDs through unchanged because Wanjie model access is
-account-scoped. `moonshot` targets Moonshot/Kimi, defaults to `kimi-k2.6`,
-and can use `KIMI_API_KEY` or `auth_mode = "kimi_oauth"` with local Kimi CLI
-credentials. SGLang, vLLM, and Ollama are
+account-scoped. SGLang, vLLM, and Ollama are
 self-hosted and can run without an API key by default. Ollama defaults to
 `http://localhost:11434/v1` and sends model tags such as `codewhale-coder:1.3b`
 or `qwen2.5-coder:7b` unchanged. Self-hosted providers and loopback custom
@@ -200,13 +197,22 @@ If a profile is selected but missing, codewhale exits with an error listing avai
 ## Environment Variables
 
 Most runtime environment variables override config values. API-key variables are
-fallbacks after saved config and keyring credentials:
+fallbacks after saved config and keyring credentials.
+
+The three user-facing slots — provider, model, base URL — expose `CODEWHALE_*`
+aliases. When both forms are set the `CODEWHALE_*` value wins; the
+`DEEPSEEK_*` form is kept for older shells:
+
+- `CODEWHALE_PROVIDER` (preferred) / `DEEPSEEK_PROVIDER` (legacy alias) —
+  `deepseek|nvidia-nim|openai|atlascloud|wanjie-ark|openrouter|novita|fireworks|sglang|vllm|ollama`
+- `CODEWHALE_MODEL` (preferred) / `DEEPSEEK_MODEL` (legacy alias) — default model for the active provider
+- `CODEWHALE_BASE_URL` (preferred) / `DEEPSEEK_BASE_URL` (legacy alias) — base URL for the active provider
+
+Remaining variables:
 
 - `DEEPSEEK_API_KEY`
-- `DEEPSEEK_BASE_URL`
 - `DEEPSEEK_HTTP_HEADERS` (custom model request headers, comma-separated `name=value` pairs)
-- `DEEPSEEK_PROVIDER` (`codewhale|nvidia-nim|openai|atlascloud|wanjie-ark|openrouter|novita|fireworks|moonshot|sglang|vllm|ollama`)
-- `DEEPSEEK_MODEL` or `DEEPSEEK_DEFAULT_TEXT_MODEL`
+- `DEEPSEEK_DEFAULT_TEXT_MODEL` (extra legacy alias of `DEEPSEEK_MODEL`)
 - `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` (stream idle timeout in seconds; default `300`, clamped to `1..=3600`)
 - `DEEPSEEK_STREAM_OPEN_TIMEOUT_SECS` (connection setup + response-header wait in seconds; default `45`, clamped to `5..=300`; distinct from the per-chunk idle timeout)
 - `NVIDIA_API_KEY` or `NVIDIA_NIM_API_KEY` (preferred when provider is `nvidia-nim`; falls back to `DEEPSEEK_API_KEY`)
@@ -429,10 +435,10 @@ If you are upgrading from older releases:
 
 ### Core keys (used by the TUI/engine)
 
-- `provider` (string, optional): `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, or `ollama`. Legacy `deepseek-cn` configs are still accepted as an alias for `codewhale`; DeepSeek uses the same official host [`https://api.deepseek.com`](https://api-docs.deepseek.com/) worldwide. `nvidia-nim` targets NVIDIA's NIM-hosted DeepSeek endpoints through `https://integrate.api.nvidia.com/v1`; `openai` targets a generic OpenAI-compatible endpoint, defaulting to `https://api.openai.com/v1`; `atlascloud` targets AtlasCloud's OpenAI-compatible endpoint at `https://api.atlascloud.ai/v1`; `wanjie-ark` targets Wanjie Ark's OpenAI-compatible endpoint at `https://maas-openapi.wanjiedata.com/api/v1`; `fireworks` targets `https://api.fireworks.ai/inference/v1`; `moonshot` targets `https://api.moonshot.ai/v1` by default, with Kimi CLI OAuth mode using `https://api.kimi.com/coding/v1`; `sglang` targets a self-hosted OpenAI-compatible endpoint, defaulting to `http://localhost:30000/v1`; `vllm` targets a self-hosted vLLM OpenAI-compatible endpoint, defaulting to `http://localhost:8000/v1`; `ollama` targets Ollama's OpenAI-compatible endpoint, defaulting to `http://localhost:11434/v1`.
+- `provider` (string, optional): `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `sglang`, `vllm`, or `ollama`. Legacy `deepseek-cn` configs are still accepted as an alias for `codewhale`; DeepSeek uses the same official host [`https://api.deepseek.com`](https://api-docs.deepseek.com/) worldwide. `nvidia-nim` targets NVIDIA's NIM-hosted DeepSeek endpoints through `https://integrate.api.nvidia.com/v1`; `openai` targets a generic OpenAI-compatible endpoint, defaulting to `https://api.openai.com/v1`; `atlascloud` targets AtlasCloud's OpenAI-compatible endpoint at `https://api.atlascloud.ai/v1`; `wanjie-ark` targets Wanjie Ark's OpenAI-compatible endpoint at `https://maas-openapi.wanjiedata.com/api/v1`; `fireworks` targets `https://api.fireworks.ai/inference/v1`; `sglang` targets a self-hosted OpenAI-compatible endpoint, defaulting to `http://localhost:30000/v1`; `vllm` targets a self-hosted vLLM OpenAI-compatible endpoint, defaulting to `http://localhost:8000/v1`; `ollama` targets Ollama's OpenAI-compatible endpoint, defaulting to `http://localhost:11434/v1`.
 - `api_key` (string, required for hosted providers): must be non-empty for DeepSeek/hosted providers (or set the provider API key env var). Self-hosted SGLang, vLLM, and Ollama can omit it.
-- `base_url` (string, optional): defaults to `https://api.deepseek.com/beta` for DeepSeek's OpenAI-compatible Chat Completions API, including legacy `provider = "deepseek-cn"` configs, `https://api.openai.com/v1` for `provider = "openai"`, `https://api.atlascloud.ai/v1` for `provider = "atlascloud"`, `https://maas-openapi.wanjiedata.com/api/v1` for `provider = "wanjie-ark"`, `https://api.moonshot.ai/v1` for `provider = "moonshot"` API-key mode, or the provider-specific endpoint for hosted/self-hosted providers. Set `https://api.deepseek.com` or `https://api.deepseek.com/v1` explicitly to opt out of DeepSeek beta features.
-- `default_text_model` (string, optional): defaults to `deepseek-v4-pro` for DeepSeek and generic OpenAI-compatible endpoints, `deepseek-ai/deepseek-v4-pro` for NVIDIA NIM, `deepseek-ai/deepseek-v4-flash` for AtlasCloud, `deepseek-reasoner` for Wanjie Ark, `accounts/fireworks/models/deepseek-v4-pro` for Fireworks, `kimi-k2.6` for Moonshot/Kimi API-key mode, `deepseek-ai/DeepSeek-V4-Pro` for SGLang/vLLM, and `codewhale-coder:1.3b` for Ollama. Current public DeepSeek IDs are `deepseek-v4-pro` and `deepseek-v4-flash`, both with 1M context windows, 384K max output, and thinking mode enabled by default. Legacy `deepseek-chat` and `deepseek-reasoner` remain compatibility aliases for `deepseek-v4-flash` until July 24, 2026. Provider-specific mappings translate `deepseek-v4-pro` / `deepseek-v4-flash` to each provider's model ID where supported. Generic `openai`, `atlascloud`, `wanjie-ark`, and Ollama model IDs are passed through unchanged. OpenRouter provider configs with a custom `base_url` also preserve explicit model values, which lets OpenAI-compatible gateways accept bare model IDs. Use `/models` or `codewhale models` to discover live IDs from your configured endpoint. `DEEPSEEK_MODEL` overrides this for a single process.
+- `base_url` (string, optional): defaults to `https://api.deepseek.com/beta` for DeepSeek's OpenAI-compatible Chat Completions API, including legacy `provider = "deepseek-cn"` configs, `https://api.openai.com/v1` for `provider = "openai"`, `https://api.atlascloud.ai/v1` for `provider = "atlascloud"`, `https://maas-openapi.wanjiedata.com/api/v1` for `provider = "wanjie-ark"`, or the provider-specific endpoint for hosted/self-hosted providers. Set `https://api.deepseek.com` or `https://api.deepseek.com/v1` explicitly to opt out of DeepSeek beta features.
+- `default_text_model` (string, optional): defaults to `deepseek-v4-pro` for DeepSeek and generic OpenAI-compatible endpoints, `deepseek-ai/deepseek-v4-pro` for NVIDIA NIM, `deepseek-ai/deepseek-v4-flash` for AtlasCloud, `deepseek-reasoner` for Wanjie Ark, `accounts/fireworks/models/deepseek-v4-pro` for Fireworks, `deepseek-ai/DeepSeek-V4-Pro` for SGLang/vLLM, and `codewhale-coder:1.3b` for Ollama. Current public DeepSeek IDs are `deepseek-v4-pro` and `deepseek-v4-flash`, both with 1M context windows, 384K max output, and thinking mode enabled by default. Legacy `deepseek-chat` and `deepseek-reasoner` remain compatibility aliases for `deepseek-v4-flash` until July 24, 2026. Provider-specific mappings translate `deepseek-v4-pro` / `deepseek-v4-flash` to each provider's model ID where supported. Generic `openai`, `atlascloud`, `wanjie-ark`, and Ollama model IDs are passed through unchanged. OpenRouter provider configs with a custom `base_url` also preserve explicit model values, which lets OpenAI-compatible gateways accept bare model IDs. Use `/models` or `codewhale models` to discover live IDs from your configured endpoint. `DEEPSEEK_MODEL` overrides this for a single process.
 - `reasoning_effort` (string, optional): `off`, `low`, `medium`, `high`, or `max`; defaults to the configured UI tier. DeepSeek Platform receives top-level `thinking` / `reasoning_effort` fields. NVIDIA NIM receives equivalent settings through `chat_template_kwargs`.
 - `allow_shell` (bool, optional): defaults to `true` (sandboxed).
 - `approval_policy` (string, optional): `on-request`, `untrusted`, or `never`. Runtime `approval_mode` editing in `/config` also accepts `on-request` and `untrusted` aliases.

From 325aec396dd7ee442169617108de09c505b86224 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 06:40:12 -0500
Subject: [PATCH 030/283] =?UTF-8?q?docs:=20v0.8.45=20harness=20framing=20?=
 =?UTF-8?q?=E2=80=94=20READMEs,=20website,=20metadata,=20contributors?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- README: new tagline, What Is It/Key Features → harness framing
- README.zh-CN/ja-JP: matching Chinese/Japanese translations
- web/app/page.tsx: updated hero, description, three-column grid, flywheel
- web/app/layout.tsx: metadata title + description for harness framing
- website/index.html + zh/: hero, feature grid, install command
- README: updated contributor credits for v0.8.45 (idling11, gaord, h3c-hexin, cyq1017, reidliu41, wdw8276, zlh124)
---
 README.ja-JP.md                   |  47 +++++-----
 README.md                         | 141 ++++++++++++------------------
 README.zh-CN.md                   |  50 +++++------
 web/app/[locale]/docs/page.tsx    |  56 +++++-------
 web/app/[locale]/faq/page.tsx     |  22 +++--
 web/app/[locale]/page.tsx         |  57 ++++++------
 web/app/[locale]/roadmap/page.tsx |  26 +++---
 web/app/layout.tsx                |   6 +-
 website/index.html                |  38 ++++----
 website/zh/index.html             |  38 ++++----
 10 files changed, 220 insertions(+), 261 deletions(-)

diff --git a/README.ja-JP.md b/README.ja-JP.md
index dc21668d..9916ec32 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -1,6 +1,6 @@
 # 🐳 CodeWhale
 
-> **DeepSeek ファーストで、オープンソースおよびオープンウェイトのコーディングモデルに向けたターミナルネイティブのコーディングエージェントです。DeepSeek V4 の 100 万トークンのコンテキストウィンドウとプレフィックスキャッシュ機能を中心に構築されています。単一のバイナリとして配布され、Node.js や Python のランタイムは不要です。MCP クライアント、サンドボックス、永続的なタスクキューも標準で同梱されています。**
+> **DeepSeek V4 のための最もエージェント的なハーネス。ルール、ツール、証拠、フィードバックループ——モデルがタスクを完了するまで働き続け、さらに改善し続けるための仕組みです。**
 
 [![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
@@ -63,34 +63,35 @@ cargo install codewhale-tui     --locked --force
 
 ## codewhale とは？
 
-codewhale は、ターミナル内で完結するコーディングエージェントです。DeepSeek のフロンティアモデルがあなたのワークスペースに直接アクセスできるようにし、ファイルの読み取り・編集、シェルコマンドの実行、Web 検索、Git 管理、サブエージェントの統制などを、すべて高速でキーボード駆動の TUI を通じて行えます。
+モデルは質問に答えます。エージェントはタスクを完了します。その差がハーネス——モデルを取り巻くルール、ツール、証拠、フィードバックループという動作環境です。
 
-**DeepSeek V4 向けに構築** (`deepseek-v4-pro` / `deepseek-v4-flash`)。100 万トークンのコンテキストウィンドウとネイティブの thinking-mode（思考連鎖）ストリーミングをサポートします。
+CodeWhale はそのハーネスであり、DeepSeek V4 Pro と Flash のために構築されました。メンテナがモデルがタスクの途中で方向を見失ったり、ユーザーの現在の要求より古い指示に従ったり、コマンドが失敗すると諦めたりすることにうんざりしたことから、個人ツールとして始まりました。そこから生まれたのが、モデルの方向性を保つシステムです：憲法的なプロンプト階層、構造化された信頼境界、並列サブエージェント、プレフィックスキャッシュ対応のコンテキスト管理、そしてモデルが自己修正するための十分なシグナルを提供する検証の鼓動。
 
-### 主な機能
+DeepSeek V4 はこのハーネスの一部を書くのを手伝いました。これは重要です——CodeWhale がすでに V4 を使う最も効果的な方法であり、V4 が改善するにつれてハーネスも改善することを意味します。各ターンがより良いプロンプト、より良いルール、より良いハンドオフを残します。次のターンはより強い位置から始まります。
 
-- **モデル自動ルーティング** — `--model auto` / `/model auto` がターンごとにモデルと推論強度を選択
-- **Fin の高速経路** — thinking off の低コストな `deepseek-v4-flash` がルーティング、RLM 子呼び出し、要約、調整作業を担当
-- **ネイティブ RLM** (`rlm_open`/`rlm_eval`) — 永続 REPL セッションでバッチ解析を行い、`peek`、`search`、`chunk`、`sub_query_batch` などの補助関数を利用
-- **Thinking-mode ストリーミング** — モデルがタスクに取り組む様子をリアルタイムで観察し、思考連鎖の展開を追える
-- **完全なツールスイート** — ファイル操作、シェル実行、Git、Web 検索／ブラウズ、apply-patch、サブエージェント、MCP サーバー
-- **100 万トークンコンテキスト** — コンテキスト追跡、手動または設定ベースのコンパクション、プレフィックスキャッシュのテレメトリ
-- **3 つのモード** — Plan（読み取り専用の探索）、Agent（承認ありのインタラクティブ）、YOLO（自動承認）
-- **推論努力ティア** — `Shift + Tab` で `off → high → max` を切り替え
-- **セッション保存／再開** — 長時間実行のセッションをチェックポイント化して再開可能
-- **ワークスペースのロールバック** — リポジトリの `.git` には触れずに、サイド Git によるターン前後のスナップショットを `/restore` と `revert_turn` で扱える
-- **永続的タスクキュー** — 再起動を超えて生き残るバックグラウンドタスク。スケジュール自動化や長時間レビューなどに
-- **HTTP/SSE ランタイム API** — `codewhale serve --http` でヘッドレスエージェントワークフローを実現
-- **MCP プロトコル** — Model Context Protocol サーバーに接続して拡張ツールを利用可能。詳細は [docs/MCP.md](docs/MCP.md) を参照
-- **LSP 診断** — rust-analyzer、pyright、typescript-language-server、gopls、clangd により、編集ごとにエラー／警告をインライン表示
-- **ユーザーメモリ** — クロスセッションの嗜好をシステムプロンプトに注入できる、オプションの永続メモファイル
-- **ローカライズ済み UI** — `en`、`ja`、`zh-Hans`、`pt-BR` を自動検出
-- **ライブコスト追跡** — ターンごと／セッションごとのトークン使用量とコスト見積もり、キャッシュヒット／ミスの内訳
-- **スキルシステム** — GitHub から取得できる命令パック。初回起動時に `skill-creator`、`mcp-builder`、`documents`、`presentations`、`spreadsheets`、`pdf`、`feishu` などのスターターセットを同梱
+### ハーネスの仕組み
+
+**憲法的階層。** システムプロンプトは法の抵触エンジンです。ユーザーの意図は古いメモリより上。ライブの証拠は仮定より上。検証は自信より上。各ターンは明確な権限チェーンを継承するので、モデルはどの指示に従うべきか推測する必要がありません。
+
+**構造化された信頼。** ハードな境界を持つ3つのモード——Plan（読み取り専用）、Agent（承認ゲート付き）、YOLO（信頼済みワークスペースで自動承認）。OS レベルのサンドボックスが境界を支えます：macOS の Seatbelt、Linux の Landlock、Windows の Job Objects。危険なコマンドはモードに関係なく分類・ゲート制御されます。
+
+**フィードバックの鼓動。** 失敗したコマンド、失敗したテスト、LSP 診断——これらは行き止まりではありません。モデルがチューニングできる信号です。非ゼロの終了コードは情報です。型エラーは修正ベクトルです。ハーネスは失敗を読み取り可能にし、ユーザーが常に舵を取り直さなくてもモデルが回復できるようにします。
+
+**継続性。** メモリはセッションをまたいで持続します。ハンドオフはコンテキスト圧縮後も生存します。セッションは保存・再開・兄弟パスへのフォークが可能です。次の知性——人間であれ機械であれ——が、すでに学ばれたことを再発見する必要なく、前回の中断点から引き継ぎます。
+
+**分散作業。** サブエージェントが並行実行、一度に最大 20。`agent_open` は即座に戻り、親は作業を続けます。結果は構造化された完了イベントとして到着し、境界付きハンドルで——完全なトランスクリプトで親コンテキストを埋める必要はありません。[docs/SUBAGENTS.md](docs/SUBAGENTS.md) を参照。
+
+**適正な知性。** Fin——thinking off の安価な Flash——がモデル自動ルーティング、RLM 子呼び出し、要約、調整を処理します。Pro はアーキテクチャ、デバッグ、セキュリティレビューに使用。`--model auto` がターンごとにモデルと思考レベルを選択します。各問題に適切な量の知性を。
+
+**長期注意の経済学。** 100 万トークンのコンテキストウィンドウとプレフィックスキャッシュテレメトリ。キャッシュヒットはミスより約 100 倍安価。`/statusline` チップがプレフィックス安定性をリアルタイムで表示し、変更がキャッシュ予算を破壊しようとしているのが見えます。
+
+**回復付きの自由。** 毎ターンの side-git スナップショット（リポジトリの `.git` には触れません）。`/restore` と `revert_turn` でワークスペースを即座にロールバック。危険な操作は OS レベルでサンドボックス化。モデルに試させることができます。
+
+その他の機能面：**RLM セッション**（`peek`、`search`、`chunk`、`sub_query_batch` ヘルパー付きのバッチ分析用永続 Python REPL）、**LSP 診断**（編集ごとの rust-analyzer、pyright、tsserver、gopls、clangd からのインラインエラー）、**MCP プロトコル**、**HTTP/SSE ランタイム API**、再起動を超えて存続する**永続タスクキュー**、Zed や他のエディタ向け **ACP アダプター**、**SWE-bench エクスポート**、**インストール可能なスキル**、**テーマピッカー**、**デスクトップ通知**、キャッシュヒット/ミス内訳付きの**ライブコスト追跡**。
 
 ---
 
-## 仕組み
+## ハーネス
 
 `codewhale`（ディスパッチャー CLI）→ `codewhale-tui`（コンパニオンバイナリ）→ ratatui インターフェース ↔ 非同期エンジン ↔ OpenAI 互換のストリーミングクライアント。ツール呼び出しは型付きレジストリ（シェル、ファイル操作、Git、Web、サブエージェント、MCP、RLM）を経由してルーティングされ、結果はトランスクリプトへとストリーム返送されます。エンジンはセッション状態、ターン管理、永続タスクキューを管理し、LSP サブシステムは編集後の診断を次の推論ステップ前にモデルのコンテキストへ供給します。
 
diff --git a/README.md b/README.md
index b5e27147..c3fd6722 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # CodeWhale
 
-> DeepSeek-first agentic terminal for open source and open-weight coding models. It runs from the `codewhale` command, streams reasoning blocks, edits local workspaces with approval gates, and can auto-route each turn to the right DeepSeek model and thinking level.
+> The most agentic harness for DeepSeek V4. Rules, tools, evidence, and feedback loops that help the model keep working until the task is done — and keep getting better at it.
 
 [![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
@@ -75,38 +75,35 @@ cargo install codewhale-tui     --locked --force
 
 ## What Is It?
 
-CodeWhale is a DeepSeek-first coding agent for open source and open-weight models that runs in your terminal. It can read and edit files, run shell commands, search the web, manage git, and coordinate sub-agents from a keyboard-driven TUI.
+A model answers a question. An agent finishes a task. The difference is the harness — the operating environment that surrounds the model with rules, tools, evidence, and feedback loops.
 
-It is built around DeepSeek V4 (`deepseek-v4-pro` / `deepseek-v4-flash`), including 1M-token context windows, streaming reasoning blocks, and prefix-cache-aware cost reporting.
+CodeWhale is that harness, built around DeepSeek V4 Pro and Flash. It started as a personal tool because the maintainer got tired of models losing track mid-task, obeying stale instructions over the user's current request, or giving up when a command failed. What emerged was a system that keeps the model oriented: a constitutional prompt hierarchy, structured trust boundaries, parallel sub-agents, prefix-cache-aware context management, and verification beats that give the model enough signal to self-correct.
 
-### Key Features
+DeepSeek V4 helped write parts of this harness. That matters because it means CodeWhale is already the most effective way to use V4 — and as V4 improves, the harness improves with it. Each turn leaves behind better prompts, better rules, and better handoffs. The next turn starts from a stronger position.
 
-- **Model auto-routing** — `--model auto` / `/model auto` chooses both the model and thinking level for each turn
-- **Thinking-mode streaming** — see DeepSeek reasoning blocks as the model works
-- **Full tool suite** — file ops, shell execution, git, web search/browse, apply-patch, sub-agents, MCP servers
-- **1M-token context** — context tracking, manual or configured compaction, and prefix-cache telemetry
-- **Prefix-cache stability tracking** — an optional `/statusline` footer chip surfaces how stable the cached prefix has been across recent turns so cost-busting edits are visible before they land
-- **Three modes** — Plan (read-only explore), Agent (interactive with approval), YOLO (auto-approved)
-- **Reasoning-effort tiers** — cycle through `off → high → max` with `Shift + Tab`
-- **Session save/resume/fork** — checkpoint long-running sessions and fork saved conversations into sibling paths with parent lineage shown in the picker
-- **Workspace rollback** — side-git pre/post-turn snapshots with `/restore` and `revert_turn`, without touching your repo's `.git`
-- **Approval + platform sandbox controls** — Seatbelt on macOS and Landlock on Linux where available; Windows uses the same approval flow and terminal/runtime protections while OS-level filesystem isolation remains a tracked helper contract
-- **Durable task queue** — background tasks can survive restarts
-- **HTTP/SSE runtime API** — `codewhale serve --http` for headless agent workflows
-- **MCP protocol** — connect to Model Context Protocol servers for extended tooling; please see [docs/MCP.md](docs/MCP.md)
-- **Fin-powered seams** — cheap `deepseek-v4-flash` with thinking off handles routing, RLM child calls, summaries, and other fast coordination work
-- **Native RLM** (`rlm_session_objects`/`rlm_open`/`rlm_eval`) — persistent REPL sessions for batched analysis with bounded helpers like `peek`, `search`, `chunk`, and `sub_query_batch`; active prompt/history objects are opened by symbolic refs instead of pasted into the parent transcript
-- **LSP diagnostics** — inline error/warning surfacing after every edit via rust-analyzer, pyright, typescript-language-server, gopls, clangd
-- **User memory** — optional persistent note file injected into the system prompt for cross-session preferences
-- **Localized UI** — `en`, `ja`, `zh-Hans`, `pt-BR` with auto-detection
-- **Live cost tracking** — per-turn and session-level token usage and cost estimates; cache hit/miss breakdown; CNY display when the session locale is `zh-Hans`
-- **Skills system** — composable, installable instruction packs from GitHub; ships with a bundled starter set (`skill-creator`, `mcp-builder`, `plugin-creator`, `v4-best-practices`, `documents`, `presentations`, `spreadsheets`, `pdf`, `feishu`, `skill-installer`, `delegate`) so `/skills` is useful from first launch
-- **Terminal-native notifications** — OSC 9 (iTerm2/WezTerm/Ghostty), OSC 99 (Kitty), OSC 777 (Ghostty), plus desktop notification fallback
-- **Built-in theme picker** — Catppuccin, Tokyo Night, Dracula, Gruvbox alongside the original light/dark palettes; switch live with `/theme`
+### How the harness works
+
+**Constitutional hierarchy.** The system prompt is a conflict-of-laws engine. User intent outranks stale memory. Live evidence outranks assumptions. Verification outranks confidence. Every turn inherits a clear chain of authority, so the model never has to guess which instruction to follow.
+
+**Structured trust.** Three modes with hard boundaries — Plan (read-only), Agent (approval-gated), YOLO (auto-approved in trusted workspaces). OS-level sandboxing backs the boundaries: Seatbelt on macOS, Landlock on Linux, Job Objects on Windows. Dangerous commands are classified and gated regardless of mode.
+
+**Feedback beats.** Failed commands, failing tests, LSP diagnostics — these are not dead ends. They are signals the model can tune against. A non-zero exit code is information. A type error is a correction vector. The harness makes failure legible so the model can recover without the user constantly re-steering.
+
+**Continuity.** Memory persists across sessions. Handoffs survive context compaction. Sessions can be saved, resumed, and forked into sibling paths. The next intelligence — human or machine — picks up where the last one left off without having to re-discover what was already learned.
+
+**Distributed work.** Sub-agents run concurrently, up to 20 at a time. `agent_open` returns immediately so the parent keeps working. Results arrive as structured completion events with bounded handles — no need to flood the parent context with full transcripts. See [docs/SUBAGENTS.md](docs/SUBAGENTS.md).
+
+**Right-size intelligence.** Fin — cheap Flash with thinking off — handles model auto-routing, RLM child calls, summaries, and coordination. Pro engages for architecture, debugging, and security review. `--model auto` selects both the model and thinking level per turn. The right amount of intelligence for each problem.
+
+**Long-horizon attention economics.** 1M-token context window with prefix-cache telemetry. Cache hits cost roughly 100× less than misses. A `/statusline` chip shows prefix stability in real time so you can see when a change is about to bust the cache budget.
+
+**Freedom with recovery.** Every turn records a side-git snapshot that doesn't touch your repo's `.git`. `/restore` and `revert_turn` roll back the workspace instantly. Dangerous operations are sandboxed at the OS level. You can let the model try things.
+
+The rest of the surface: **RLM sessions** (persistent Python REPL for batched analysis with `peek`, `search`, `chunk`, and `sub_query_batch` helpers), **LSP diagnostics** (inline errors from rust-analyzer, pyright, tsserver, gopls, clangd after every edit), **MCP protocol**, **HTTP/SSE runtime API**, **persistent task queue** that survives restarts, **ACP adapter** for Zed and other editors, **SWE-bench export**, **installable skills**, **theme picker**, **desktop notifications**, and **live cost tracking** with cache hit/miss breakdowns.
 
 ---
 
-## How It's Wired
+## The Harness
 
 `codewhale` (dispatcher CLI) → `codewhale-tui` (companion binary) → ratatui interface ↔ async engine ↔ OpenAI-compatible streaming client. Tool calls route through a typed registry (shell, file ops, git, web, sub-agents, MCP, RLM) and results stream back into the transcript. The engine manages session state, turn tracking, the durable task queue, and an LSP subsystem that feeds post-edit diagnostics into the model's context before the next reasoning step.
 
@@ -210,37 +207,12 @@ codewhale --version
 
 Prebuilt binaries can also be downloaded from [GitHub Releases](https://github.com/Hmbown/CodeWhale/releases). Use `DEEPSEEK_TUI_RELEASE_BASE_URL` for mirrored release assets.
 
-### Windows
+### Windows (Scoop)
 
-Windows x64 is a first-class release target. Use npm or direct GitHub release
-downloads when you need the newest v0.8.45 binary; Cargo also works when Rust
-1.88+ and the MSVC toolchain are installed.
-
-```powershell
-npm install -g codewhale
-codewhale --version
-
-cargo install codewhale-cli --locked --force
-cargo install codewhale-tui     --locked --force
-```
-
-Current Windows terminal behavior:
-
-- interactive sessions always use the TUI-owned alternate screen; the old
-  `--no-alt-screen` flag is accepted for script compatibility but no longer
-  disables the interactive alternate screen
-- runtime logs stay out of the alternate-screen buffer when `RUST_LOG` or
-  `DEEPSEEK_LOG_LEVEL` is enabled
-- mouse capture defaults on in Windows Terminal, ConEmu, and Cmder, but stays
-  off in legacy console hosts and JetBrains terminals; use `--mouse-capture` or
-  `--no-mouse-capture` to override
-- mouse-wheel-as-arrow terminals keep composer history usable by routing empty
-  composer Up/Down to transcript scrolling where appropriate
-
-[Scoop](https://scoop.sh) is also supported. The `deepseek-tui` package is
-listed in Scoop's main bucket, but that manifest updates independently and can
-lag the GitHub/npm/Cargo release. Run `scoop update` first, then verify the
-installed version with `codewhale --version`:
+[Scoop](https://scoop.sh) is a Windows package manager. The `codewhale` package is listed
+in Scoop's main bucket, but that manifest updates independently and can lag the
+GitHub/npm/Cargo release. Run `scoop update` first, then verify the installed
+version with `codewhale --version`:
 
 ```bash
 scoop update
@@ -273,28 +245,17 @@ Both binaries are required. Cross-compilation and platform-specific notes: [docs
 
 </details>
 
-### Providers
+### Other API Providers
 
-CodeWhale v0.8.45 focuses on delivering the highest-quality experience on
-DeepSeek first. The project's broader goal remains to become a strong harness
-for open-source and open-weight coding models — additional first-class
-provider paths are planned for v0.9.0. Backend provider infrastructure for
-other OpenAI-compatible endpoints and self-hosted runtimes is available under
-the same `--provider` flag for advanced users who need it today.
+Official DeepSeek remains the default and first-class path. Other providers are
+additive, with OpenRouter starting from DeepSeek Pro/Flash before broader
+open-model catalogs are enabled.
 
 ```bash
-# DeepSeek (default)
-codewhale auth set --provider deepseek --api-key "YOUR_DEEPSEEK_API_KEY"
-codewhale --provider deepseek --model deepseek-v4-pro
-
 # NVIDIA NIM
 codewhale auth set --provider nvidia-nim --api-key "YOUR_NVIDIA_API_KEY"
 codewhale --provider nvidia-nim
 
-# Generic OpenAI-compatible endpoint
-codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"
-OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model deepseek-v4-pro
-
 # AtlasCloud
 codewhale auth set --provider atlascloud --api-key "YOUR_ATLASCLOUD_API_KEY"
 codewhale --provider atlascloud
@@ -315,6 +276,14 @@ codewhale --provider novita --model deepseek/deepseek-v4-pro
 codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"
 codewhale --provider fireworks --model deepseek-v4-pro
 
+# Moonshot/Kimi
+codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"
+codewhale --provider moonshot --model kimi-k2.6
+
+# Generic OpenAI-compatible endpoint
+codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"
+OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model deepseek-v4-pro
+
 # Self-hosted SGLang
 SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model deepseek-v4-flash
 
@@ -489,23 +458,20 @@ Key environment variables:
 
 | Variable | Purpose |
 |---|---|
-| `CODEWHALE_PROVIDER` | Active provider. Public alias for `DEEPSEEK_PROVIDER`; wins when both are set. |
-| `CODEWHALE_MODEL` | Default model for the active provider. Public alias for `DEEPSEEK_MODEL`. |
-| `CODEWHALE_BASE_URL` | Base URL for the active provider. Public alias for `DEEPSEEK_BASE_URL`. |
 | `DEEPSEEK_API_KEY` | API key |
-| `DEEPSEEK_BASE_URL` | API base URL (legacy alias of `CODEWHALE_BASE_URL`) |
+| `DEEPSEEK_BASE_URL` | API base URL |
 | `DEEPSEEK_HTTP_HEADERS` | Optional custom model request headers, e.g. `X-Model-Provider-Id=your-model-provider` |
-| `DEEPSEEK_MODEL` | Default model (legacy alias of `CODEWHALE_MODEL`) |
+| `DEEPSEEK_MODEL` | Default model |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | Stream idle timeout in seconds, default `300`, clamped to `1..=3600` |
-| `DEEPSEEK_PROVIDER` | Legacy alias of `CODEWHALE_PROVIDER`. Accepts `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `sglang`, `vllm`, `ollama`. |
+| `DEEPSEEK_PROVIDER` | `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
 | `DEEPSEEK_PROFILE` | Config profile name |
 | `DEEPSEEK_MEMORY` | Set to `on` to enable user memory |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | Allow non-local `http://` API base URLs on trusted networks |
-| `NVIDIA_API_KEY` / `NVIDIA_NIM_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `WANJIE_API_KEY` / `WANJIE_MAAS_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
-| `NVIDIA_NIM_BASE_URL` / `NIM_BASE_URL` / `NVIDIA_BASE_URL` | NVIDIA NIM endpoint override |
+| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | Generic OpenAI-compatible endpoint and model ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud endpoint and model override |
-| `WANJIE_ARK_BASE_URL` / `WANJIE_BASE_URL` / `WANJIE_MAAS_BASE_URL` / `WANJIE_ARK_MODEL` / `WANJIE_MODEL` / `WANJIE_MAAS_MODEL` | Wanjie Ark endpoint and model override |
+| `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Wanjie Ark endpoint and model override |
+| `MOONSHOT_BASE_URL` / `KIMI_BASE_URL` / `MOONSHOT_MODEL` / `KIMI_MODEL` | Moonshot/Kimi endpoint and model override |
 | `OPENROUTER_BASE_URL` | OpenRouter endpoint override |
 | `NOVITA_BASE_URL` | Novita endpoint override |
 | `FIREWORKS_BASE_URL` | Fireworks endpoint override |
@@ -635,8 +601,8 @@ This project ships with help from a growing community of contributors:
 - **[zichen0116](https://github.com/zichen0116)** — CODE_OF_CONDUCT.md (#686)
 - **[dfwqdyl-ui](https://github.com/dfwqdyl-ui)** — model ID case-sensitivity compatibility report (#729)
 - **[Oliver-ZPLiu](https://github.com/Oliver-ZPLiu)** — stale `working...` state bug report, Windows clipboard fallback, MCP Streamable HTTP session fixes, and Homebrew tap automation (#738, #850, #1643, #1631)
-- **[reidliu41](https://github.com/reidliu41)** — resume hint, workspace trust persistence, Ollama provider support, thinking-block stream finalization, CI cache hardening, streaming wrap, DeepSeek model completions, help picker selection polish, and transcript user-message highlighting (#863, #870, #921, #1078, #1603, #1628, #1601, #1964, #1995)
-- **[cyq1017](https://github.com/cyq1017)** — Unicode `git_status` paths, local/configured skill discovery, and mode-switch toast dedupe (#1953, #1956, #1957)
+- **[reidliu41](https://github.com/reidliu41)** — resume hint, workspace trust persistence, Ollama provider support, thinking-block stream finalization, CI cache hardening, streaming wrap, DeepSeek model completions, help picker selection polish, transcript user-message highlighting, approval one-step confirmation flow, and model-picker Esc-selection fix (#863, #870, #921, #1078, #1603, #1628, #1601, #1964, #1995, #2143, #2056)
+- **[cyq1017](https://github.com/cyq1017)** — Unicode `git_status` paths, local/configured skill discovery, mode-switch toast dedupe, sub-agent completion handoff compatibility, and goal-prompt actionability (#1953, #1956, #1957, #2057, #2120, #2097)
 - **[xieshutao](https://github.com/xieshutao)** — plain Markdown skill fallback (#869)
 - **[GK012](https://github.com/GK012)** — npm wrapper `--version` fallback (#885)
 - **[y0sif](https://github.com/y0sif)** — parent turn-loop wakeup after direct child sub-agent completion (#901)
@@ -647,7 +613,7 @@ This project ships with help from a growing community of contributors:
 - **[chnjames](https://github.com/chnjames)** — cached @mention completions, config recovery polish, and Windows UTF-8 shell output (#849, #927, #982, #1018)
 - **[angziii](https://github.com/angziii)** — config safety, async cleanup, Docker hardening, and command-safety fixes (#822, #824, #827, #831, #833, #835, #837)
 - **[elowen53](https://github.com/elowen53)** — UTF-8 decoding and deterministic test coverage (#825, #840)
-- **[wdw8276](https://github.com/wdw8276)** — `/rename` command for custom session titles (#836)
+- **[wdw8276](https://github.com/wdw8276)** — `/rename` command for custom session titles and composer session-title display fix (#836, #2108)
 - **[banqii](https://github.com/banqii)** — `.cursor/skills` discovery path support (#817)
 - **[junskyeed](https://github.com/junskyeed)** — dynamic `max_tokens` calculation for API requests (#826)
 - **Hafeez Pizofreude** — SSRF protection in `fetch_url` and Star History chart
@@ -668,11 +634,11 @@ This project ships with help from a growing community of contributors:
 - **[mdrkrg](https://github.com/mdrkrg)** — first-run onboarding crash fix when the API key is missing (#1598)
 - **[Aitensa](https://github.com/Aitensa)** — CJK wrapping propagation for diff and pager output (#1622)
 - **[qiyan233](https://github.com/qiyan233)** — legacy DeepSeek CN provider alias compatibility (#1645)
-- **[zlh124](https://github.com/zlh124)** — WSL2/headless startup report, clipboard-init fix, and YAML block-scalar frontmatter parsing (#1772, #1773, #1908)
+- **[zlh124](https://github.com/zlh124)** — WSL2/headless startup report, clipboard-init fix, and YAML block-scalar frontmatter parsing (#1772, #1773, #1908, #1907)
 - **[aboimpinto](https://github.com/aboimpinto)** — Windows alt-screen logging, Home/End composer, and runtime log follow-ups (#1774, #1776, #1748, #1749, #1782, #1783)
 - **[LeoLin990405](https://github.com/LeoLin990405)** — provider model passthrough, reasoning replay, thinking-only turn, and Windows quoting fixes (#1740, #1743, #1742, #1744)
 - **[nightt5879](https://github.com/nightt5879)** — Ctrl+C prompt restore fix (#1764)
-- **[h3c-hexin](https://github.com/h3c-hexin)** — streaming batch tool-call preservation and CLI reasoning-effort passthrough (#1686, #1511)
+- **[h3c-hexin](https://github.com/h3c-hexin)** — streaming batch tool-call preservation, CLI reasoning-effort passthrough, sub-agent completion handoff compatibility, and self-hosted context budgeting (#1686, #1511, #2057, #2120, #2060)
 - **[hxy91819](https://github.com/hxy91819)** — prefix-cache preservation during tool-result pruning (#1514)
 - **[JiarenWang](https://github.com/JiarenWang)** — Plan-mode read-only enforcement, approval-takeover clamping, Ctrl+H delete fix, and undo context sync (#1123, #962, #958, #1150)
 - **[Liu-Vince](https://github.com/Liu-Vince)** — MCP pagination, markdown indentation preservation, zh-Hans i18n polish, and env-var documentation (#1256, #1179, #1274, #1178)
@@ -738,7 +704,8 @@ This project ships with help from a growing community of contributors:
 - **[xulongzhe](https://github.com/xulongzhe)** — issue-template and vision-boundary follow-ups (#1530, #1544)
 - **[YaYII](https://github.com/YaYII)** — trusted media path work (#1462)
 - **[47Cid](https://github.com/47Cid)** and **[Jafar Akhondali](https://github.com/JafarAkhondali)** — responsible security disclosures and hardening reports
-- **[gaord](https://github.com/gaord)** — approval-remember live-turn sync fix (#2041)
+- **[gaord](https://github.com/gaord)** — approval-remember live-turn sync fix and user-message transcript highlighting (#2041, #2047)
+- **[idling11](https://github.com/idling11)** — readable `/restore` snapshot labels and sidebar hover tooltips (#2111, #2110)
 
 ---
 
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 97fd11eb..2087f223 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -1,6 +1,6 @@
 # CodeWhale
 
-> **DeepSeek 优先、面向开源与开放权重编码模型的终端原生编程智能体：100 万 token 上下文、思考模式流式推理、前缀缓存感知。自包含 Rust 二进制发布——开箱即带 MCP 客户端、沙箱和持久化任务队列。**
+> **DeepSeek V4 的最强智能体运行框架。规则、工具、证据和反馈循环——帮助模型持续工作直到任务完成，并且越用越好。**
 
 [![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
@@ -70,37 +70,35 @@ cargo install codewhale-tui     --locked --force
 
 ## 这是什么？
 
-codewhale 是一个完全运行在终端里的编程智能体。它让 DeepSeek 前沿模型直接访问你的工作区：读写文件、运行 shell 命令、搜索浏览网页、管理 git、调度子智能体——全部通过快速、键盘驱动的 TUI 完成。
+模型回答问题。智能体完成任务。区别在于运行框架——包围模型的规则、工具、证据和反馈循环。
 
-它面向 **DeepSeek V4**（`deepseek-v4-pro` / `deepseek-v4-flash`）构建，原生支持 100 万 token 上下文窗口和思考模式流式输出。
+CodeWhale 就是这套框架，围绕 DeepSeek V4 Pro 和 Flash 构建。它最初是一个个人工具，因为维护者受够了模型在任务中途迷失方向、服从过时指令而非用户当前请求、或者命令失败就放弃。结果诞生了一个让模型保持方向的系统：宪政提示层级、结构化信任边界、并行子智能体、前缀缓存感知的上下文管理、以及让模型有足够信号来自我校正的验证节拍。
 
-### 主要功能
+DeepSeek V4 参与了这套框架的部分编写。这很重要——它意味着 CodeWhale 已经是使用 V4 最有效的方式，并且随着 V4 的改进，框架也会随之改进。每一轮都留下更好的提示、更好的规则、更好的交接。下一轮从一个更强的位置开始。
 
-- **模型自动路由** —— `--model auto` / `/model auto` 每轮自动选择模型和推理强度
-- **Fin 快速通道** —— 使用关闭思考的低成本 `deepseek-v4-flash` 承担路由、RLM 子调用、摘要和协调工作
-- **原生 RLM**（`rlm_open`/`rlm_eval`）—— 持久化 REPL 会话用于批量分析；使用带界面的辅助函数（`peek`、`search`、`chunk`、`sub_query_batch`）
-- **思考模式流式输出** —— 实时观察模型在解决问题时的思维链展开
-- **完整工具集** —— 文件操作、shell 执行、git、网页搜索/浏览、apply-patch、子智能体、MCP 服务器
-- **100 万 token 上下文** —— 上下文跟踪、手动或配置驱动的压缩，以及前缀缓存遥测
-- **前缀缓存稳定性跟踪** —— 可选 `/statusline` footer chip 显示最近轮次缓存前缀的稳定程度
-- **三种交互模式** —— Plan（只读探索）、Agent（带审批的默认交互）、YOLO（可信工作区自动批准）
-- **推理强度档位** —— 用 `Shift+Tab` 在 `off → high → max` 之间切换
-- **会话保存和恢复** —— 长任务的断点续作
-- **工作区回滚** —— 通过 side-git 记录每轮前后快照，支持 `/restore` 和 `revert_turn`，不影响项目自己的 `.git`
-- **持久化任务队列** —— 后台任务在重启后仍然存在，支持计划任务和长时间运行的操作
-- **HTTP/SSE 运行时 API** —— `codewhale serve --http` 用于无界面智能体流程
-- **MCP 协议** —— 连接 Model Context Protocol 服务器扩展工具，见 [docs/MCP.md](docs/MCP.md)
-- **LSP 诊断** —— 每次编辑后通过 rust-analyzer、pyright、typescript-language-server、gopls、clangd 提供内联错误/警告
-- **用户记忆** —— 可选的持久化笔记文件注入系统提示，实现跨会话偏好保持
-- **多语言 UI** —— 支持 `en`、`ja`、`zh-Hans`、`pt-BR`，支持自动检测
-- **实时成本跟踪** —— 按轮次和会话统计 token 用量与成本估算，含缓存命中/未命中明细；简体中文 locale 下显示 CNY
-- **技能系统** —— 可通过 GitHub 安装的组合式指令包；首次启动自带 `skill-creator`、`mcp-builder`、`documents`、`presentations`、`spreadsheets`、`pdf`、`feishu` 等 starter skills
-- **终端原生通知** —— OSC 9、OSC 99、OSC 777，以及桌面通知兜底
-- **内置主题选择器** —— Catppuccin、Tokyo Night、Dracula、Gruvbox 和原有亮/暗色主题，可用 `/theme` 实时切换
+### 框架如何工作
+
+**宪政层级。** 系统提示词是一个冲突法引擎。用户意图优先于陈旧记忆。实时证据优先于假设。验证优先于自信。每一轮继承清晰的权威链，模型永远不需要猜测该服从哪条指令。
+
+**结构化信任。** 三种模式，硬边界——Plan（只读）、Agent（审批门控）、YOLO（可信工作区自动批准）。OS 级沙箱支撑边界：macOS 的 Seatbelt、Linux 的 Landlock、Windows 的 Job Objects。危险命令无论在哪种模式下都被分类和门控。
+
+**反馈节拍。** 失败的命令、失败的测试、LSP 诊断——这些不是死胡同。它们是模型可以调谐的信号。非零退出码是信息。类型错误是修正向量。框架让失败变得可读，模型可以在用户不必不断重新掌舵的情况下恢复。
+
+**连续性。** 记忆跨会话持久化。交接在上下文压缩后存活。会话可以保存、恢复和分叉到兄弟路径。下一位智能体——人或机器——从上一位置继续，无需重新发现已经学到的东西。
+
+**分布式工作。** 子智能体并发运行，一次最多 20 个。`agent_open` 立即返回，父进程继续工作。结果以结构化完成事件形式到达，带有有界句柄——无需用完整对话记录淹没父上下文。详见 [docs/SUBAGENTS.md](docs/SUBAGENTS.md)。
+
+**适度智能。** Fin——关闭思考的廉价 Flash——处理模型自动路由、RLM 子调用、摘要和协调。Pro 用于架构、调试和安全审查。`--model auto` 每轮选择模型和思考强度。每个问题匹配恰当的智能量。
+
+**长程注意力经济学。** 100 万 token 上下文窗口，前缀缓存遥测。缓存命中比未命中便宜约 100 倍。`/statusline` 芯片实时显示前缀稳定性，让你能看到某次变更是否即将破坏缓存预算。
+
+**自由与恢复。** 每轮记录 side-git 快照，不影响仓库 `.git`。`/restore` 和 `revert_turn` 即刻回滚工作区。危险操作在 OS 级沙箱化。你可以让模型放手尝试。
+
+其余功能面：**RLM 会话**（持久化 Python REPL，配合 `peek`、`search`、`chunk`、`sub_query_batch` 辅助函数进行批量分析）、**LSP 诊断**（每次编辑后 rust-analyzer、pyright、tsserver、gopls、clangd 的内联错误）、**MCP 协议**、**HTTP/SSE 运行时 API**、重启后仍存活的**持久化任务队列**、Zed 等编辑器的 **ACP 适配器**、**SWE-bench 导出**、**可安装技能**、**主题选择器**、**桌面通知**、以及带缓存命中/未命中明细的**实时成本追踪**。
 
 ---
 
-## 架构说明
+## 运行框架
 
 `codewhale`（调度器 CLI）→ `codewhale-tui`（伴随二进制）→ ratatui 界面 ↔ 异步引擎 ↔ OpenAI 兼容流式客户端。工具调用通过类型化注册表（shell、文件操作、git、web、子智能体、MCP、RLM）路由，结果流式返回对话记录。引擎管理会话状态、轮次追踪、持久化任务队列和 LSP 子系统——它在下一步推理前将编辑后诊断反馈到模型上下文中。
 
diff --git a/web/app/[locale]/docs/page.tsx b/web/app/[locale]/docs/page.tsx
index 5a639add..cfe384b5 100644
--- a/web/app/[locale]/docs/page.tsx
+++ b/web/app/[locale]/docs/page.tsx
@@ -121,7 +121,7 @@ export default async function DocsPage({ params }: { params: Promise<{ locale: s
                     { group: "Git / 诊断 / 测试", tools: "git_status · git_diff · diagnostics · run_tests" },
                     { group: "子 Agent", tools: "agent_open · agent_eval · agent_close —— 持久会话，并行执行，通过 var_handle 读取大结果" },
                     { group: "递归 LM (RLM)", tools: "rlm_open · rlm_eval · rlm_configure · rlm_close —— 沙箱 Python REPL，内置 peek/search/chunk/sub_query_batch 等辅助函数" },
-                    { group: "MCP", tools: "mcp_<server>_<tool>——从 ~/.deepseek/mcp.json 自动注册" },
+                    { group: "MCP", tools: "mcp_<server>_<tool>——从 ~/.codewhale/mcp.json 自动注册" },
                   ].map((row) => (
                     <div key={row.group} className="grid md:grid-cols-12 gap-0 hairline-t py-3 px-4 hover:bg-paper-deep transition-colors min-w-0">
                       <div className="md:col-span-3 font-display text-sm font-semibold">{row.group}</div>
@@ -152,8 +152,8 @@ export default async function DocsPage({ params }: { params: Promise<{ locale: s
                   ))}
                 </div>
                 <p className="mt-5 text-ink-soft leading-[1.9] tracking-wide">
-                  沙箱：{facts.sandboxBackends.join("、")}。Windows 当前不宣称 OS 级文件系统沙箱，但保留同样的审批、工作区边界和终端运行时保护。
-                  <code className="inline">/trust</code> 可解除工作区边界限制。
+                  沙箱：{facts.sandboxBackends.join("、")}。工作区边界默认为 <code className="inline">--workspace</code>。
+                  <code className="inline">/trust</code> 可解除边界限制。
                 </p>
               </section>
 
@@ -163,7 +163,7 @@ export default async function DocsPage({ params }: { params: Promise<{ locale: s
                   配置 <span className="font-cjk text-indigo text-2xl ml-2">Configuration</span>
                 </h2>
                 <pre className="code-block mt-5">
-{`# ~/.deepseek/config.toml
+{`# ~/.codewhale/config.toml
 api_key = "sk-..."
 base_url = "https://api.deepseek.com"
 default_text_model = "${facts.defaultModel ?? "deepseek-v4-pro"}"  # 默认模型；deepseek-v4-flash 用于快速 / 子智能体
@@ -179,7 +179,7 @@ default_timeout_secs = 30
 
 [[hooks.hooks]]
 event = "session_start"                     # 也支持: tool_call_before / tool_call_after
-command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change / on_error / shell_env`}
+command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change / on_error / shell_env`}
                 </pre>
                 <p className="mt-4 text-sm text-ink-soft">
                   完整参考：<Link className="body-link" href="https://github.com/Hmbown/CodeWhale/blob/main/config.example.toml">config.example.toml</Link>。
@@ -193,7 +193,7 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                 </h2>
                 <p className="text-ink-soft mt-3 leading-[1.9] tracking-wide">
                   <code className="inline">codewhale</code> 双向支持模型上下文协议（Model Context Protocol）：作为客户端从
-                  <code className="inline">~/.deepseek/mcp.json</code> 加载服务器，同时也可作为服务器暴露工具
+                  <code className="inline">~/.codewhale/mcp.json</code> 加载服务器，同时也可作为服务器暴露工具
                   （<code className="inline">codewhale mcp</code>）。工具以 <code className="inline">mcp_&lt;server&gt;_&lt;tool&gt;</code> 形式呈现。
                 </p>
                 <pre className="code-block mt-5">
@@ -218,7 +218,7 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                   技能 <span className="font-cjk text-indigo text-2xl ml-2">Skills</span>
                 </h2>
                 <p className="text-ink-soft mt-3 leading-[1.9] tracking-wide">
-                  技能是 <code className="inline">~/.deepseek/skills/&lt;name&gt;/</code> 下的一个文件夹，
+                  技能是 <code className="inline">~/.codewhale/skills/&lt;name&gt;/</code> 下的一个文件夹，
                   根目录包含 <code className="inline">SKILL.md</code>。Agent 启动时加载技能名称和描述，
                   在需要时通过 Skill 工具拉取完整内容。
                 </p>
@@ -253,7 +253,7 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                 <p className="text-ink-soft mt-3 leading-[1.9] tracking-wide">
                   使用 <code className="inline">codewhale auth set --provider &lt;id&gt;</code> 切换。下表为
                   <code className="inline">crates/tui/src/config.rs</code> 中 <code className="inline">ApiProvider</code> 枚举的实时投影
-                  ，v0.8.45 当前共 {facts.providers.length} 个。
+                  ，目前共 {facts.providers.length} 个。
                 </p>
                 <div className="hairline-t hairline-b mt-5">
                   {facts.providers.map((p) => (
@@ -265,13 +265,9 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                   ))}
                 </div>
                 <p className="mt-5 text-ink-soft leading-[1.9] tracking-wide">
-                  开放模型平台方向：CodeWhale 保持 DeepSeek 优先，同时内置 Moonshot/Kimi、OpenRouter、NVIDIA NIM、
-                  AtlasCloud、Wanjie Ark、Novita、Fireworks 和自托管 SGLang/vLLM/Ollama 路径。
-                  Kimi Code 会员 API Key 使用 <code className="inline">providers.moonshot.base_url</code>
-                  指向 <code className="inline">https://api.kimi.com/coding/v1</code>，模型为
-                  <code className="inline">kimi-for-coding</code>；Kimi/Moonshot 平台 API Key 继续使用
-                  <code className="inline">https://api.moonshot.ai/v1</code> 和
-                  <code className="inline">kimi-k2.6</code>。
+                  开放模型平台方向：CodeWhale 正在扩展对
+                  <strong> OpenRouter</strong>、<strong> Hugging Face</strong> 和<strong> 自托管</strong> 模型的支持，
+                  为您提供完全自主的模型选择——从云端 API 到本地部署均可覆盖。
                 </p>
               </section>
 
@@ -377,7 +373,7 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                     { group: "Git / diag / test", tools: "git_status · git_diff · diagnostics · run_tests" },
                     { group: "Sub-agents", tools: "agent_open · agent_eval · agent_close — persistent sessions, parallel execution, bounded result retrieval via var_handle" },
                     { group: "Recursive LM (RLM)", tools: "rlm_open · rlm_eval · rlm_configure · rlm_close — sandboxed Python REPL with peek/search/chunk/sub_query_batch helpers" },
-                    { group: "MCP", tools: "mcp_<server>_<tool> — auto-registered from ~/.deepseek/mcp.json" },
+                    { group: "MCP", tools: "mcp_<server>_<tool> — auto-registered from ~/.codewhale/mcp.json" },
                   ].map((row) => (
                     <div key={row.group} className="grid md:grid-cols-12 gap-0 hairline-t py-3 px-4 hover:bg-paper-deep transition-colors min-w-0">
                       <div className="md:col-span-3 font-display text-sm font-semibold">{row.group}</div>
@@ -407,9 +403,8 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                   ))}
                 </div>
                 <p className="mt-5 text-ink-soft leading-relaxed">
-                  Sandbox: {facts.sandboxBackends.join(", ")}. On Windows, CodeWhale does not advertise
-                  OS-level filesystem isolation yet, but keeps the same approvals, workspace boundary,
-                  and terminal runtime protections. <code className="inline">/trust</code> lifts the workspace boundary.
+                  Sandbox: {facts.sandboxBackends.join(", ")}. Workspace boundary defaults to{" "}
+                  <code className="inline">--workspace</code>. <code className="inline">/trust</code> lifts the boundary.
                 </p>
               </section>
 
@@ -418,7 +413,7 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                   Configuration <span className="font-cjk text-indigo text-2xl ml-2">配置</span>
                 </h2>
                 <pre className="code-block mt-5">
-{`# ~/.deepseek/config.toml
+{`# ~/.codewhale/config.toml
 api_key = "sk-..."
 base_url = "https://api.deepseek.com"
 default_text_model = "${facts.defaultModel ?? "deepseek-v4-pro"}"  # default; deepseek-v4-flash is the fast / sub-agent option
@@ -434,7 +429,7 @@ default_timeout_secs = 30
 
 [[hooks.hooks]]
 event = "session_start"                     # or: tool_call_before / tool_call_after
-command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change / on_error / shell_env`}
+command = "~/.codewhale/hooks/pre.sh"        # / message_submit / mode_change / on_error / shell_env`}
                 </pre>
                 <p className="mt-4 text-sm text-ink-soft">
                   Full reference: <Link className="body-link" href="https://github.com/Hmbown/CodeWhale/blob/main/config.example.toml">config.example.toml</Link>.
@@ -447,7 +442,7 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                 </h2>
                 <p className="text-ink-soft mt-3 leading-relaxed">
                   <code className="inline">codewhale</code> speaks the Model Context Protocol both ways: as a client (loads
-                  servers from <code className="inline">~/.deepseek/mcp.json</code>) and as a server
+                  servers from <code className="inline">~/.codewhale/mcp.json</code>) and as a server
                   (<code className="inline">codewhale mcp</code>). Tools surface as <code className="inline">mcp_&lt;server&gt;_&lt;tool&gt;</code>.
                 </p>
                 <pre className="code-block mt-5">
@@ -471,7 +466,7 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                   Skills <span className="font-cjk text-indigo text-2xl ml-2">技能</span>
                 </h2>
                 <p className="text-ink-soft mt-3 leading-relaxed">
-                  A skill is a folder under <code className="inline">~/.deepseek/skills/&lt;name&gt;/</code>
+                  A skill is a folder under <code className="inline">~/.codewhale/skills/&lt;name&gt;/</code>
                   with a <code className="inline">SKILL.md</code> at the root. The agent loads skill names + descriptions on
                   startup and can pull in the full body via the Skill tool when relevant.
                 </p>
@@ -505,7 +500,7 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                 <p className="text-ink-soft mt-3 leading-relaxed">
                   Switch with <code className="inline">codewhale auth set --provider &lt;id&gt;</code>. The
                   table below is a live projection of the <code className="inline">ApiProvider</code> enum
-                  in <code className="inline">crates/tui/src/config.rs</code> — v0.8.45 currently has {facts.providers.length} providers.
+                  in <code className="inline">crates/tui/src/config.rs</code> — currently {facts.providers.length} providers.
                 </p>
                 <div className="hairline-t hairline-b mt-5">
                   {facts.providers.map((p) => (
@@ -517,14 +512,9 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
                   ))}
                 </div>
                 <p className="mt-5 text-ink-soft leading-relaxed">
-                  Open-model platform direction: CodeWhale stays DeepSeek-first while shipping Moonshot/Kimi,
-                  OpenRouter, NVIDIA NIM, AtlasCloud, Wanjie Ark, Novita, Fireworks, and self-hosted
-                  SGLang/vLLM/Ollama paths.
-                  Kimi Code membership API keys use <code className="inline">providers.moonshot.base_url</code>
-                  set to <code className="inline">https://api.kimi.com/coding/v1</code> with
-                  <code className="inline">kimi-for-coding</code>; Kimi/Moonshot Platform API keys use
-                  <code className="inline">https://api.moonshot.ai/v1</code> with
-                  <code className="inline">kimi-k2.6</code>.
+                  Open-model platform direction: CodeWhale is expanding support for
+                  <strong> OpenRouter</strong>, <strong> Hugging Face</strong>, and <strong> self-hosted</strong> models,
+                  giving you full sovereignty over model choice — from cloud APIs to local deployments.
                 </p>
               </section>
 
@@ -557,4 +547,4 @@ command = "~/.deepseek/hooks/pre.sh"         # / message_submit / mode_change /
       )}
     </>
   );
-}
+}
\ No newline at end of file
diff --git a/web/app/[locale]/faq/page.tsx b/web/app/[locale]/faq/page.tsx
index 2d9db748..f216552a 100644
--- a/web/app/[locale]/faq/page.tsx
+++ b/web/app/[locale]/faq/page.tsx
@@ -23,7 +23,7 @@ const faqEn: FaqItem[] = [
     q: "What is CodeWhale?",
     a: (
       <>
-        CodeWhale is a terminal-native coding agent for open-source and open-weight models. It runs from the <code className="inline">codewhale</code> command, streams reasoning blocks, edits local workspaces with approval gates, and can auto-route each turn to the right model and thinking level. DeepSeek V4 is the first-class model path; v0.8.45 also ships Moonshot/Kimi, OpenRouter, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, Novita, Fireworks, SGLang, vLLM, and Ollama paths.
+        CodeWhale is a terminal-native coding agent for open-source and open-weight models. It runs from the <code className="inline">codewhale</code> command, streams reasoning blocks, edits local workspaces with approval gates, and can auto-route each turn to the right model and thinking level. DeepSeek V4 is the first-class model path; OpenRouter is ready. Hugging Face, self-hosted, and other open-model surfaces are on the roadmap.
       </>
     ),
     sources: ["README.md", "docs/ARCHITECTURE.md"],
@@ -112,13 +112,12 @@ codewhale doctor         # full connectivity check`}
         <p className="mb-2">CodeWhale ships with these built-in providers:</p>
         <ul className="list-disc pl-5 space-y-1 text-sm text-ink-soft mb-3">
           <li><strong>DeepSeek</strong> — first-class, native API. Reasoning streaming, cache metrics, thinking effort control.</li>
-          <li><strong>Moonshot/Kimi</strong> — Kimi Code and Kimi/Moonshot Platform API-key modes.</li>
           <li><strong>OpenRouter</strong> — unified API for DeepSeek models and more.</li>
-          <li><strong>OpenAI-compatible</strong>, <strong>NVIDIA NIM</strong>, <strong>AtlasCloud</strong>, <strong>Wanjie Ark</strong>, <strong>Novita</strong>, <strong>Fireworks</strong>, <strong>SGLang</strong>, <strong>vLLM</strong>, <strong>Ollama</strong></li>
+          <li><strong>OpenAI</strong>, <strong>NVIDIA NIM</strong>, <strong>Novita</strong>, <strong>Fireworks</strong>, <strong>sglang</strong>, <strong>vLLM</strong>, <strong>Ollama</strong></li>
         </ul>
         <p>
           Set the corresponding env var (e.g. <code className="inline">OPENROUTER_API_KEY</code>) and your provider in <code className="inline">~/.deepseek/config.toml</code>.
-          SGLang, vLLM, and Ollama can also run against self-hosted OpenAI-compatible endpoints.
+          Hugging Face, ZenMux, and self-hosted OpenAI-compatible endpoints are on the roadmap.
         </p>
       </>
     ),
@@ -157,7 +156,7 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
         Yes. Use the <code className="inline">vllm</code>, <code className="inline">sglang</code>, or <code className="inline">ollama</code> providers with your local endpoint.
         For OpenAI-compatible endpoints (llama.cpp server, text-generation-webui, Aphrodite, etc.), you can use the <code className="inline">openai</code> provider with a custom <code className="inline">base_url</code>.
         CodeWhale also respects <code className="inline">DEEPSEEK_ALLOW_INSECURE_HTTP=true</code> for local HTTP endpoints.
-        Direct Hugging Face TGI discovery remains roadmap work.
+        Full Hugging Face TGI/vLLM integration is on the roadmap.
       </>
     ),
     sources: ["#574", "#1303", "docs/CONFIGURATION.md"],
@@ -212,7 +211,7 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
     a: (
       <>
         CodeWhale runs entirely on your machine. No telemetry, no cloud processing of your code.
-        Sandbox backends: <strong>seatbelt</strong> (macOS), <strong>landlock</strong> (Linux). Windows keeps the same approval and terminal runtime protections, but does not advertise OS-level filesystem isolation yet.
+        Sandbox backends: <strong>seatbelt</strong> (macOS), <strong>landlock</strong> (Linux), restricted tokens (Windows).
         Workspace boundaries default to <code className="inline">--workspace</code>. <code className="inline">/trust</code> lifts them.
         Approval mode is configurable per session. All credential/approval/elevation events are written to <code className="inline">~/.deepseek/audit.log</code>.
       </>
@@ -337,7 +336,7 @@ const faqZh: FaqItem[] = [
     q: "CodeWhale 是什么？",
     a: (
       <>
-        CodeWhale 是一个面向开源模型的终端原生编程智能体。通过 <code className="inline">codewhale</code> 命令启动，流式输出推理块，在有审批门槛的情况下编辑本地工作区，并可为每个回合自动选择最合适的模型和推理深度。DeepSeek V4 是一级模型路径；v0.8.45 也内置 Moonshot/Kimi、OpenRouter、NVIDIA NIM、OpenAI 兼容、AtlasCloud、Wanjie Ark、Novita、Fireworks、SGLang、vLLM 和 Ollama 路径。
+        CodeWhale 是一个面向开源模型的终端原生编程智能体。通过 <code className="inline">codewhale</code> 命令启动，流式输出推理块，在有审批门槛的情况下编辑本地工作区，并可为每个回合自动选择最合适的模型和推理深度。DeepSeek V4 是一级模型路径；OpenRouter 已就绪。Hugging Face、自托管等开放模型接口已在路线图中。
       </>
     ),
     sources: ["README.md", "docs/ARCHITECTURE.md"],
@@ -425,13 +424,12 @@ codewhale doctor         # 完整连接检查`}
         <p className="mb-2">CodeWhale 内建以下提供商：</p>
         <ul className="list-disc pl-5 space-y-1 text-sm text-ink-soft mb-3">
           <li><strong>DeepSeek</strong> — 一级支持，原生 API。推理流、缓存指标、思考力度控制。</li>
-          <li><strong>Moonshot/Kimi</strong> — Kimi Code 与 Kimi/Moonshot 平台 API key 模式。</li>
           <li><strong>OpenRouter</strong> — 统一 API，可访问 DeepSeek 等模型。</li>
-          <li><strong>OpenAI 兼容</strong>、<strong>NVIDIA NIM</strong>、<strong>AtlasCloud</strong>、<strong>Wanjie Ark</strong>、<strong>Novita</strong>、<strong>Fireworks</strong>、<strong>SGLang</strong>、<strong>vLLM</strong>、<strong>Ollama</strong></li>
+          <li><strong>OpenAI</strong>、<strong>NVIDIA NIM</strong>、<strong>Novita</strong>、<strong>Fireworks</strong>、<strong>sglang</strong>、<strong>vLLM</strong>、<strong>Ollama</strong></li>
         </ul>
         <p>
           设置对应的环境变量（如 <code className="inline">OPENROUTER_API_KEY</code>）并在 <code className="inline">~/.deepseek/config.toml</code> 中配置你的提供商。
-          SGLang、vLLM 和 Ollama 也可以连接自托管 OpenAI 兼容端点。
+          Hugging Face、ZenMux 和自托管 OpenAI 兼容端点正在路线图中。
         </p>
       </>
     ),
@@ -470,7 +468,7 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
         可以。使用 <code className="inline">vllm</code>、<code className="inline">sglang</code> 或 <code className="inline">ollama</code> 提供商连接本地端点。
         对于 OpenAI 兼容端点（llama.cpp server、text-generation-webui 等），可以使用 <code className="inline">openai</code> 提供商并设置自定义 <code className="inline">base_url</code>。
         CodeWhale 也支持 <code className="inline">DEEPSEEK_ALLOW_INSECURE_HTTP=true</code> 用于本地 HTTP 端点。
-        Hugging Face TGI 的直接发现仍在路线图中。
+        完整的 Hugging Face TGI/vLLM 集成正在路线图中。
       </>
     ),
     sources: ["#574", "#1303", "docs/CONFIGURATION.md"],
@@ -525,7 +523,7 @@ default_text_model = "openrouter/deepseek/deepseek-v4-pro"`}
     a: (
       <>
         CodeWhale 完全在你的机器上运行。无遥测，不会将你的代码上传到云端处理。
-        沙箱后端：<strong>seatbelt</strong>（macOS）、<strong>landlock</strong>（Linux）。Windows 保留同样的审批与终端运行时保护，但当前不宣称 OS 级文件系统沙箱。
+        沙箱后端：<strong>seatbelt</strong>（macOS）、<strong>landlock</strong>（Linux）、受限令牌（Windows）。
         工作区边界默认为 <code className="inline">--workspace</code>。<code className="inline">/trust</code> 可解除边界。
         审批模式可按会话配置。所有凭证/审批/提权事件写入 <code className="inline">~/.deepseek/audit.log</code>。
       </>
diff --git a/web/app/[locale]/page.tsx b/web/app/[locale]/page.tsx
index 2c999f39..3a7672ac 100644
--- a/web/app/[locale]/page.tsx
+++ b/web/app/[locale]/page.tsx
@@ -15,7 +15,7 @@ const FALLBACK_STATS: RepoStats = {
   forks: 0,
   openIssues: 0,
   openPulls: 0,
-  contributors: 99,
+  contributors: 98,
   fetchedAt: new Date().toISOString(),
 };
 
@@ -87,15 +87,15 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
 
             <h1 className="font-display tracking-crisp">
               {isZh
-                ? "面向开源模型的终端编程智能体。"
-                : "The terminal coding agent for open models."}
+                ? "DeepSeek V4 的最强智能体运行框架。"
+                : "The most agentic harness for DeepSeek V4."}
             </h1>
 
             <p className="mt-6 text-lg text-ink-soft leading-relaxed max-w-2xl">
               <span className="font-cjk text-indigo font-semibold">CodeWhale</span>
               {isZh
-                ? " 是面向 DeepSeek V4 及其他开放权重模型的终端原生编程智能体。它读改文件、跑测试、调用 MCP 服务器，并通过审批、工作区边界和平台沙箱控制风险。"
-                : " is a terminal-native coding agent for DeepSeek V4 and other open-weight models. It reads and edits files, runs tests, calls MCP servers, and controls risk through approvals, workspace boundaries, and platform sandboxes."}
+                ? " 是围绕 DeepSeek V4 Pro 和 Flash 构建的运行框架。规则、工具、证据和反馈循环——帮助模型持续工作，并且不断进步。DeepSeek V4 参与了部分编写。更好的框架让 V4 更有效，更有效的 V4 又让框架变得更好——这是个正向循环。"
+                : " is a harness built around DeepSeek V4 Pro and Flash. Rules, tools, evidence, and feedback loops that help the model keep working — and keep improving. DeepSeek V4 helped write parts of it. A better harness makes V4 more effective, and a more effective V4 makes the harness better — it loops."}
             </p>
 
             <div className="mt-8 flex flex-wrap items-stretch sm:items-center gap-3">
@@ -155,7 +155,7 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
                 )}
               </pre>
               <div className="mt-3 flex items-center justify-between text-[0.7rem] font-mono text-ink-mute">
-                <span>{isZh ? "Linux / macOS / Windows x64" : "Linux / macOS / Windows x64"}</span>
+                <span>{isZh ? "需要 Node 或 Rust 1.88+" : "needs Node or Rust 1.88+"}</span>
                 <Link href={isZh ? "/zh/install" : "/install"} className="text-indigo hover:underline">{isZh ? "其他方式 →" : "other ways →"}</Link>
               </div>
             </div>
@@ -178,48 +178,48 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
           {isZh ? (
             <>
               <div className="p-6">
-                <div className="eyebrow mb-3">01 · 终端智能体</div>
-                <h3 className="font-display text-xl mb-3">编程智能体，不是聊天框</h3>
+                <div className="eyebrow mb-3">01 · 宪政层级</div>
+                <h3 className="font-display text-xl mb-3">用户意图高于一切</h3>
                 <p className="text-sm text-ink-soft leading-[1.9]">
-                  与 Claude Code、Codex CLI 相同的循环：读、改、跑测试、回报。键盘驱动，住在终端里。
+                  实时证据高于假设。验证高于自信。清晰的权威链让模型无需猜测该服从哪条指令。
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">02 · 开源模型优先</div>
-                <h3 className="font-display text-xl mb-3">DeepSeek V4 深度集成</h3>
+                <div className="eyebrow mb-3">02 · 反馈驱动</div>
+                <h3 className="font-display text-xl mb-3">失败是信号，不是终点</h3>
                 <p className="text-sm text-ink-soft leading-[1.9]">
-                  原生 DeepSeek API：推理流、缓存指标、思考力度控制。Moonshot/Kimi、OpenRouter、NVIDIA NIM、vLLM、SGLang 等同时可选。
+                  失败的命令、失败的测试、LSP 错误。框架让失败可读。每一次节拍都是模型可以调谐的信息，逐轮迭代。
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">03 · 沙箱边界</div>
-                <h3 className="font-display text-xl mb-3">Plan、Agent、YOLO</h3>
+                <div className="eyebrow mb-3">03 · 自我修正</div>
+                <h3 className="font-display text-xl mb-3">恢复内建于环境</h3>
                 <p className="text-sm text-ink-soft leading-[1.9]">
-                  Plan 只读；Agent 风险操作前确认；YOLO 全自动。macOS 使用 seatbelt，Linux 使用 landlock；Windows 保留同样的审批与终端保护。
+                  子智能体、回滚、会话分叉、交接。模型不需要一次就全对。恢复机制从底层支持试错。
                 </p>
               </div>
             </>
           ) : (
             <>
               <div className="p-6">
-                <div className="eyebrow mb-3">01 · terminal agent</div>
-                <h3 className="font-display text-xl mb-3">A coding agent, not a chat box</h3>
+                <div className="eyebrow mb-3">01 · constitutional</div>
+                <h3 className="font-display text-xl mb-3">User intent above everything</h3>
                 <p className="text-sm text-ink-soft leading-relaxed">
-                  Same loop as Claude Code or Codex CLI: reads, edits, runs tests, reports back. Keyboard-driven, lives in your terminal.
+                  Live evidence above assumptions. Verification above confidence. A clear chain of authority so the model never guesses which instruction to follow.
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">02 · open models first</div>
-                <h3 className="font-display text-xl mb-3">DeepSeek V4, deeply integrated</h3>
+                <div className="eyebrow mb-3">02 · feedback-driven</div>
+                <h3 className="font-display text-xl mb-3">Failure is signal, not a dead end</h3>
                 <p className="text-sm text-ink-soft leading-relaxed">
-                  Native DeepSeek API: reasoning streaming, cache metrics, thinking-effort control. Moonshot/Kimi, OpenRouter, NVIDIA NIM, vLLM, and SGLang are also supported.
+                  Failed commands, failing tests, LSP errors. The harness makes failure legible. Each beat is information the model can tune against, turn after turn.
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">03 · controlled</div>
-                <h3 className="font-display text-xl mb-3">Plan, Agent, YOLO</h3>
+                <div className="eyebrow mb-3">03 · self-correcting</div>
+                <h3 className="font-display text-xl mb-3">Recovery built into the environment</h3>
                 <p className="text-sm text-ink-soft leading-relaxed">
-                  Plan reads only. Agent asks before risky ops. YOLO auto-approves. macOS uses seatbelt, Linux uses landlock; Windows keeps the same approval and terminal protections.
+                  Sub-agents, rollback, session forks, handoffs. The model doesn't have to get everything right the first time. Recovery is built into the environment.
                 </p>
               </div>
             </>
@@ -260,6 +260,11 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
                   ? "100:1 不是性能基准，而是贡献形状：一个提示词、许多智能体小时、一个小补丁、一次维护者审查。"
                   : "100-to-1 is not a throughput benchmark. It is a contribution shape: one prompt, many agent-hours, one small patch, one maintainer review."}
               </p>
+              <p className={`mt-4 text-sm text-ink-soft ${isZh ? "leading-[1.9] tracking-wide" : "leading-relaxed"}`}>
+                {isZh
+                  ? "框架承担了繁重工作：宪政提示、结构化信任、反馈循环和跨会话存活的交接。模型可以专注于任务本身。因为 DeepSeek V4 参与构建了这套框架，每一次改进都让 V4 在其中变得更有效——这让下一次改进变得更容易。"
+                  : "The harness does the heavy lifting: constitutional prompts, structured trust, feedback loops, and handoffs that survive the session. The model is free to focus on the task. And because DeepSeek V4 helped build this harness, each improvement makes V4 more effective within it — which makes the next improvement easier."}
+              </p>
               <div className="mt-6 flex flex-wrap gap-3">
                 <Link href={isZh ? "/zh/contribute#recursive-harness" : "/contribute#recursive-harness"} className="px-4 py-2 bg-ink text-paper font-mono text-sm uppercase tracking-wider hover:bg-indigo transition-colors">
                   {isZh ? "运行提示词 →" : "Run the prompt →"}
@@ -325,7 +330,7 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
     B -->|tool call| T["read_file · edit_file · grep<br/>apply_patch · exec_shell<br/>mcp_&lt;server&gt;_&lt;tool&gt;"]
     T -->|approval Y/N| P["审批对话框<br/>approval dialog"]
     P --> B
-    T -->|exec| S["平台控制<br/>seatbelt · landlock · approvals"]
+    T -->|exec| S["沙箱<br/>seatbelt · landlock · win32"]
     classDef accent fill:#e9eefe,stroke:#0e0e10,stroke-width:1px;
     classDef api fill:#0e0e10,stroke:#0e0e10,color:#ffffff;
     class C api;
@@ -337,7 +342,7 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
     B -->|tool call| T["read_file · edit_file · grep<br/>apply_patch · exec_shell<br/>mcp_&lt;server&gt;_&lt;tool&gt;"]
     T -->|approval Y/N| P["Approval<br/>dialog"]
     P --> B
-    T -->|exec| S["Platform controls<br/>seatbelt · landlock · approvals"]
+    T -->|exec| S["Sandbox<br/>seatbelt · landlock · win32"]
     classDef accent fill:#e9eefe,stroke:#0e0e10,stroke-width:1px;
     classDef api fill:#0e0e10,stroke:#0e0e10,color:#ffffff;
     class C api;
diff --git a/web/app/[locale]/roadmap/page.tsx b/web/app/[locale]/roadmap/page.tsx
index 3bcc5a46..17e382bb 100644
--- a/web/app/[locale]/roadmap/page.tsx
+++ b/web/app/[locale]/roadmap/page.tsx
@@ -26,12 +26,12 @@ const tracksEn = [
       { title: "Sub-agent parallel execution", note: "agent_open / agent_eval / agent_close; up to 10 concurrent sessions with bounded result handles" },
       { title: "RLM batched processing", note: "Persistent sandboxed Python REPL with 1–16 cheap parallel children for long-input analysis" },
       { title: "Three operating modes", note: "Plan (read-only), Agent (default), YOLO (auto-approved); orthogonal suggest / auto / never approval" },
-      { title: "Per-platform controls", note: "seatbelt (macOS), landlock (Linux); Windows keeps approvals and terminal/runtime protections while OS sandbox work remains tracked" },
+      { title: "Per-platform sandbox", note: "seatbelt (macOS), landlock (Linux); Windows containment via restricted tokens (limited)" },
       { title: "Durable sessions + tasks", note: "Save, resume, rollback; background task queue with replayable timelines under ~/.deepseek/tasks/" },
-      { title: "Bidirectional MCP", note: "Consume tools from external servers; expose as server via `codewhale mcp`; ~/.deepseek/mcp.json" },
+      { title: "Bidirectional MCP", note: "Consume tools from external servers; expose as server via `deepseek mcp`; ~/.deepseek/mcp.json" },
       { title: "Skills + unified slash palette", note: "~/.deepseek/skills/ auto-loading; /help, /mode, /status, /config, /trust, /feedback" },
-      { title: "v0.8.45 provider surface", note: "DeepSeek, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, OpenRouter, Novita, Fireworks, Moonshot/Kimi, SGLang, vLLM, and Ollama" },
-      { title: "Moonshot/Kimi API-key setup", note: "Kimi Code plan and Kimi/Moonshot Platform API-key paths for Moonshot/Kimi sessions" },
+      { title: "OpenRouter provider", note: "First-class OpenRouter integration with 300+ models across dozens of providers" },
+      { title: "Multi-provider support", note: "Hot-swap between providers (DeepSeek, OpenAI, Anthropic, OpenRouter) per session" },
     ],
   },
   {
@@ -43,8 +43,8 @@ const tracksEn = [
       { title: "Memory typed store", note: "SQLite + FTS5 backend with graph-structured agent memory and multi-signal recall (#534–#536)" },
       { title: "Feishu / Lark bot", note: "Chat-platform frontend over the existing runtime API (#757)" },
       { title: "Chinese-market & i18n", note: "Locale-aware UI, platform refinements, region-specific search backends (#755)" },
-      { title: "Model Lab", note: "Curated model discovery and benchmarking for open-weight and self-hosted workflows" },
-      { title: "Provider billing and catalogs", note: "/balance capability layer plus richer live model catalogs for providers that expose listing endpoints" },
+      { title: "Hugging Face model discovery + Model Lab", note: "Browse, download, and manage models from Hugging Face Hub directly in the TUI" },
+      { title: "ZenMux / OpenAI-compatible providers", note: "Bring any OpenAI-compatible endpoint (vLLM, LiteLLM, Ollama, local) as a first-class provider" },
     ],
   },
   {
@@ -92,12 +92,12 @@ const tracksZh = [
       { title: "子 Agent 并行执行", note: "agent_open / agent_eval / agent_close；最多 10 个并发会话，通过 var_handle 有界读取结果" },
       { title: "RLM 批量处理", note: "持久沙箱 Python REPL，支持 1–16 路廉价并行子调用，处理长文本分析" },
       { title: "三种运行模式", note: "Plan（只读）、Agent（默认）、YOLO（自动批准）；审批模式正交（建议/自动/拒绝）" },
-      { title: "跨平台控制", note: "seatbelt（macOS）、landlock（Linux）；Windows 保留审批与终端运行时保护，OS 沙箱仍在跟踪中" },
+      { title: "跨平台沙箱", note: "seatbelt（macOS）、landlock（Linux）；Windows 通过受限令牌实现基础隔离（功能有限）" },
       { title: "持久化会话 + 后台任务", note: "保存、恢复、回滚；后台任务队列，可回放时间线，位于 ~/.deepseek/tasks/" },
-      { title: "双向 MCP 协议", note: "消费外部服务器工具；通过 `codewhale mcp` 暴露为服务器；~/.deepseek/mcp.json" },
+      { title: "双向 MCP 协议", note: "消费外部服务器工具；通过 `deepseek mcp` 暴露为服务器；~/.deepseek/mcp.json" },
       { title: "技能 + 统一命令面板", note: "~/.deepseek/skills/ 自动加载；/help、/mode、/status、/config、/trust、/feedback" },
-      { title: "v0.8.45 提供商表面", note: "DeepSeek、NVIDIA NIM、OpenAI 兼容、AtlasCloud、Wanjie Ark、OpenRouter、Novita、Fireworks、Moonshot/Kimi、SGLang、vLLM、Ollama" },
-      { title: "Moonshot/Kimi API-key 设置", note: "Kimi Code 会员与 Kimi/Moonshot 平台 API key 路径" },
+      { title: "OpenRouter 提供商", note: "原生集成 OpenRouter，支持 300+ 模型，覆盖数十个提供商" },
+      { title: "多提供商支持", note: "按会话动态切换提供商（DeepSeek、OpenAI、Anthropic、OpenRouter）" },
     ],
   },
   {
@@ -109,8 +109,8 @@ const tracksZh = [
       { title: "记忆类型化存储", note: "SQLite + FTS5 后端，图结构 Agent 记忆，多信号召回（#534–#536）" },
       { title: "飞书 / Lark 机器人", note: "基于现有 runtime API 的聊天平台前端（#757）" },
       { title: "中国市场与国际化改进", note: "本地化 UI、平台优化、区域搜索引擎（#755）" },
-      { title: "模型实验室", note: "面向开放权重和自托管工作流的模型发现与基准测试" },
-      { title: "提供商账单与目录", note: "/balance 能力层，以及对支持列表接口的提供商提供更完整的实时模型目录" },
+      { title: "Hugging Face 模型发现 + 模型实验室", note: "在 TUI 中直接浏览、下载和管理 Hugging Face Hub 上的模型" },
+      { title: "ZenMux / OpenAI 兼容提供商", note: "将任意 OpenAI 兼容端点（vLLM、LiteLLM、Ollama、本地模型）作为一级提供商接入" },
     ],
   },
   {
@@ -339,4 +339,4 @@ export default async function RoadmapPage({ params }: { params: Promise<{ locale
       )}
     </>
   );
-}
+}
\ No newline at end of file
diff --git a/web/app/layout.tsx b/web/app/layout.tsx
index 9dfc2ab7..214aceef 100644
--- a/web/app/layout.tsx
+++ b/web/app/layout.tsx
@@ -33,13 +33,13 @@ const cjk = Noto_Serif_SC({
 });
 
 export const metadata: Metadata = {
-  title: "CodeWhale · 深度求索 终端",
+  title: "CodeWhale · DeepSeek V4 智能体运行框架",
   description:
-    "Terminal-native coding agent for open-source and open-weight models across providers. DeepSeek V4 is first-class. Community site for installation, docs, roadmap, and live activity.",
+    "The most agentic harness for DeepSeek V4. Constitutional hierarchy, structured trust, verification, and recovery — rules, tools, and feedback loops that help the model keep working.",
   metadataBase: new URL("https://codewhale.net"),
   openGraph: {
     title: "CodeWhale",
-    description: "Terminal-native coding agent for open-source and open-weight models across providers.",
+    description: "The most agentic harness for DeepSeek V4. Constitutional hierarchy, structured trust, verification, and recovery.",
     url: "https://codewhale.net",
     siteName: "CodeWhale",
     type: "website",
diff --git a/website/index.html b/website/index.html
index 39351284..8cbf59cb 100644
--- a/website/index.html
+++ b/website/index.html
@@ -3,7 +3,7 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>DeepSeek TUI — Terminal-native coding agent</title>
+  <title>CodeWhale — The most agentic harness for DeepSeek V4</title>
   <link rel="alternate" hreflang="zh" href="./zh/">
   <style>
     :root {
@@ -441,9 +441,9 @@
 <main class="container">
 
   <div class="hero" id="install">
-    <div class="hero-badge"><span class="dot"></span>v0.8.10 available now</div>
-    <h1>A terminal-native coding agent<br>for <span class="accent">DeepSeek&nbsp;V4</span></h1>
-    <p class="lead">1M-token context. Thinking-mode streaming. Single binary, zero dependencies — ships an MCP client, sandbox, and durable task queue out of the box.</p>
+    <div class="hero-badge"><span class="dot"></span>v0.8.45 available now</div>
+    <h1>The most agentic harness<br>for <span class="accent">DeepSeek&nbsp;V4</span></h1>
+    <p class="lead">Rules, tools, evidence, and feedback loops that help the model keep working until the task is done. 1M-token context, thinking-mode streaming, OS-level sandboxing — single binary, zero dependencies.</p>
 
     <div class="terminal">
       <div class="terminal-header">
@@ -454,7 +454,7 @@
       </div>
       <div class="terminal-body">
         <span class="prompt">$</span>
-        <span>npm i -g deepseek-tui</span>
+        <span>npm i -g codewhale</span>
         <span class="cursor"></span>
         <button class="btn-copy" onclick="copyInstall()" id="copyBtn">Copy</button>
       </div>
@@ -471,31 +471,31 @@
   </div>
 
   <section>
-    <h2><span class="icon">▸</span>What you get</h2>
+    <h2><span class="icon">▸</span>How the harness works</h2>
     <div class="feature-grid">
       <div class="feature-card">
-        <h3>1M context</h3>
-        <p>Built for DeepSeek V4 with intelligent compaction and prefix-cache-aware cost optimization.</p>
+        <h3>Constitutional hierarchy</h3>
+        <p>User intent outranks stale memory. Live evidence outranks assumptions. A clear chain of authority every turn.</p>
       </div>
       <div class="feature-card">
-        <h3>Thinking stream</h3>
-        <p>Watch the model's chain-of-thought unfold in real time before the final answer arrives.</p>
+        <h3>Structured trust</h3>
+        <p>Plan (read-only), Agent (approval-gated), YOLO (auto-approved). OS-level sandboxing backs every boundary.</p>
       </div>
       <div class="feature-card">
-        <h3>Native RLM</h3>
-        <p>Fan out 1–16 cheap children in parallel for batched analysis and parallel reasoning.</p>
+        <h3>Feedback beats</h3>
+        <p>Failed commands and failing tests are not dead ends — they're signals the model can tune against, turn after turn.</p>
       </div>
       <div class="feature-card">
-        <h3>Full tool suite</h3>
-        <p>File ops, shell, git, web search, apply-patch, sub-agents, and MCP servers.</p>
+        <h3>Continuity</h3>
+        <p>Memory persists across sessions. Handoffs survive compaction. Save, resume, and fork conversations.</p>
       </div>
       <div class="feature-card">
-        <h3>Three modes</h3>
-        <p>Plan (read-only), Agent (interactive), and YOLO (auto-approved) for any workflow.</p>
+        <h3>Distributed work</h3>
+        <p>Sub-agents run concurrently, up to 20 at a time. Results arrive as structured completion events.</p>
       </div>
       <div class="feature-card">
-        <h3>Durable sessions</h3>
-        <p>Save, resume, and rollback workspace state without touching your repo's .git.</p>
+        <h3>Right-size intelligence</h3>
+        <p>Fin handles routing and summaries. Pro engages for architecture and debugging. The right amount of intelligence for each problem.</p>
       </div>
     </div>
   </section>
@@ -555,7 +555,7 @@ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh</code></pre>
 
 <script>
   function copyInstall() {
-    navigator.clipboard.writeText('npm i -g deepseek-tui').then(() => {
+    navigator.clipboard.writeText('npm i -g codewhale').then(() => {
       const btn = document.getElementById('copyBtn');
       btn.textContent = 'Copied';
       btn.classList.add('copied');
diff --git a/website/zh/index.html b/website/zh/index.html
index 2db6209b..363ba492 100644
--- a/website/zh/index.html
+++ b/website/zh/index.html
@@ -3,7 +3,7 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>DeepSeek TUI — 终端原生编程智能体</title>
+  <title>CodeWhale — DeepSeek V4 的最强智能体运行框架</title>
   <link rel="alternate" hreflang="en" href="../">
   <style>
     :root {
@@ -429,9 +429,9 @@
 <main class="container">
 
   <div class="hero" id="install">
-    <div class="hero-badge"><span class="dot"></span>v0.8.10 现已发布</div>
-    <h1>面向 <span class="accent">DeepSeek&nbsp;V4</span><br>的终端原生编程智能体</h1>
-    <p class="lead">100 万 token 上下文。思考模式推理流。单一二进制，零依赖——开箱自带 MCP 客户端、沙箱和持久化任务队列。</p>
+    <div class="hero-badge"><span class="dot"></span>v0.8.45 现已发布</div>
+    <h1>面向 <span class="accent">DeepSeek&nbsp;V4</span><br>的最强智能体运行框架</h1>
+    <p class="lead">规则、工具、证据和反馈循环——帮助模型持续工作直到任务完成。100 万 token 上下文、思考模式流式推理、OS 级沙箱——单一二进制，零依赖。</p>
 
     <div class="terminal">
       <div class="terminal-header">
@@ -442,7 +442,7 @@
       </div>
       <div class="terminal-body">
         <span class="prompt">$</span>
-        <span>npm i -g deepseek-tui</span>
+        <span>npm i -g codewhale</span>
         <span class="cursor"></span>
         <button class="btn-copy" onclick="copyInstall()" id="copyBtn">复制</button>
       </div>
@@ -459,31 +459,31 @@
   </div>
 
   <section>
-    <h2><span class="icon">▸</span>核心功能</h2>
+    <h2><span class="icon">▸</span>框架如何工作</h2>
     <div class="feature-grid">
       <div class="feature-card">
-        <h3>100 万上下文</h3>
-        <p>为 DeepSeek V4 构建，支持智能压缩和前缀缓存感知成本优化。</p>
+        <h3>宪政层级</h3>
+        <p>用户意图优先于陈旧记忆。实时证据优先于假设。每一轮都有清晰的权威链。</p>
       </div>
       <div class="feature-card">
-        <h3>思考流式输出</h3>
-        <p>实时观察模型思维链展开，在最终答案到达前看到推理过程。</p>
+        <h3>结构化信任</h3>
+        <p>Plan（只读）、Agent（审批门控）、YOLO（自动批准）。OS 级沙箱支撑每一个边界。</p>
       </div>
       <div class="feature-card">
-        <h3>原生 RLM</h3>
-        <p>并行调度 1–16 个低成本子任务，用于批量分析和并行推理。</p>
+        <h3>反馈节拍</h3>
+        <p>失败的命令和失败的测试不是死胡同——它们是模型可以逐轮调谐的信号。</p>
       </div>
       <div class="feature-card">
-        <h3>完整工具集</h3>
-        <p>文件操作、Shell、Git、网页搜索、补丁应用、子智能体和 MCP 服务器。</p>
+        <h3>连续性</h3>
+        <p>记忆跨会话持久化。交接在压缩后仍然存活。会话可保存、恢复和分叉。</p>
       </div>
       <div class="feature-card">
-        <h3>三种模式</h3>
-        <p>Plan（只读探索）、Agent（交互审批）、YOLO（自动批准），适配任意工作流。</p>
+        <h3>分布式工作</h3>
+        <p>子智能体并发运行，一次最多 20 个。结果以结构化完成事件形式到达。</p>
       </div>
       <div class="feature-card">
-        <h3>持久化会话</h3>
-        <p>保存、恢复、回滚工作区状态，不影响项目自身的 .git 仓库。</p>
+        <h3>适度智能</h3>
+        <p>Fin 处理路由和摘要，Pro 负责架构和调试。每个问题匹配恰当的智能量。</p>
       </div>
     </div>
   </section>
@@ -562,7 +562,7 @@ chmod +x ~/.local/bin/deepseek ~/.local/bin/deepseek-tui</code></pre>
 
 <script>
   function copyInstall() {
-    navigator.clipboard.writeText('npm i -g deepseek-tui').then(() => {
+    navigator.clipboard.writeText('npm i -g codewhale').then(() => {
       const btn = document.getElementById('copyBtn');
       btn.textContent = '已复制';
       btn.classList.add('copied');

From e0c8e8d89a9bffec44662389b28fc2a96d037f86 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 07:31:53 -0500
Subject: [PATCH 031/283] fix: grep_files skips large dirs; add version-update
 footer notification
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

grep_files default excludes now include bare directory names
(e.g. "node_modules") alongside the "dir/*" variants. The glob
matcher requires a '/' to match "dir/*", so the bare form skips
the directory traversal entirely instead of descending and filtering
each file — fixes 7MB result payloads from node_modules (#2200).

Added a background version check that fetches the latest GitHub
release tag once per TUI session. When a newer version is available,
the footer renders a persistent toast:
  "vX.Y.Z available — run `codewhale update` and restart"
Silent on network errors (5s timeout).
---
 crates/tui/src/tools/search.rs  | 13 +++++++++-
 crates/tui/src/tui/app.rs       |  5 ++++
 crates/tui/src/tui/footer_ui.rs |  7 +++++
 crates/tui/src/tui/ui.rs        | 45 +++++++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/tools/search.rs b/crates/tui/src/tools/search.rs
index b4fc8d1f..98387cb8 100644
--- a/crates/tui/src/tools/search.rs
+++ b/crates/tui/src/tools/search.rs
@@ -115,17 +115,28 @@ impl ToolSpec for GrepFilesTool {
         let exclude_patterns: Vec<String> =
             input.get("exclude").and_then(|v| v.as_array()).map_or_else(
                 || {
-                    // Default exclusions for common non-code directories
+                    // Default exclusions for common non-code directories.
+                    // Bare directory names skip the directory traversal entirely;
+                    // `dir/*` filters files inside if the directory is already
+                    // being walked (belt-and-suspenders — see #2200).
                     vec![
+                        "node_modules".to_string(),
                         "node_modules/*".to_string(),
+                        ".git".to_string(),
                         ".git/*".to_string(),
+                        "target".to_string(),
                         "target/*".to_string(),
                         "*.min.js".to_string(),
                         "*.min.css".to_string(),
+                        "dist".to_string(),
                         "dist/*".to_string(),
+                        "build".to_string(),
                         "build/*".to_string(),
+                        "__pycache__".to_string(),
                         "__pycache__/*".to_string(),
+                        ".venv".to_string(),
                         ".venv/*".to_string(),
+                        "venv".to_string(),
                         "venv/*".to_string(),
                     ]
                 },
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 68cc3539..0969c8f8 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1076,6 +1076,10 @@ pub struct App {
     pub status_toasts: VecDeque<StatusToast>,
     /// Sticky status toast used for important warnings/errors.
     pub sticky_status: Option<StatusToast>,
+    /// Version-update hint shown in the footer when a newer release
+    /// is available. Set by a background GitHub API check after app
+    /// startup; `None` until the check completes or if up-to-date.
+    pub version_hint: Option<String>,
     /// Last status text already promoted from `status_message` into toast state.
     pub last_status_message_seen: Option<String>,
     pub model: String,
@@ -1801,6 +1805,7 @@ impl App {
             status_message: None,
             status_toasts: VecDeque::new(),
             sticky_status: None,
+            version_hint: None,
             last_status_message_seen: None,
             model,
             auto_model,
diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 0269c8de..e8df159c 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -44,6 +44,13 @@ pub(crate) fn render_footer(f: &mut Frame, area: Rect, app: &mut App) {
         None
     };
     let toast = quit_prompt.or_else(|| {
+        // Version-update hint takes precedence over ephemeral status toasts
+        // so the user sees it even when status traffic would hide it.
+        app.version_hint.as_ref().map(|hint| FooterToast {
+            text: hint.clone(),
+            color: palette::STATUS_INFO,
+        })
+    }).or_else(|| {
         app.active_status_toast().map(|toast| FooterToast {
             text: toast.text,
             color: status_color(toast.level),
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 61cb195c..552f302b 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -893,7 +893,52 @@ async fn run_event_loop(
         .checked_sub(Duration::from_secs(60))
         .unwrap_or_else(Instant::now);
 
+    // Fire-and-forget version check — runs once per session in the
+    // background. On success, `app.version_hint` is set and the footer
+    // renders the update recommendation on the next frame.
+    let mut version_check: Option<tokio::task::JoinHandle<Option<String>>> = Some({
+        let current = env!("CARGO_PKG_VERSION").to_string();
+        tokio::spawn(async move {
+            let client = match reqwest::Client::builder()
+                .user_agent("codewhale-version-check")
+                .timeout(std::time::Duration::from_secs(5))
+                .build()
+            {
+                Ok(c) => c,
+                Err(_) => return None,
+            };
+            let resp = client
+                .get("https://api.github.com/repos/Hmbown/CodeWhale/releases/latest")
+                .header("Accept", "application/vnd.github+json")
+                .send()
+                .await
+                .ok()?;
+            let json: serde_json::Value = resp.json().await.ok()?;
+            let tag = json["tag_name"].as_str()?;
+            let latest = tag.trim_start_matches('v');
+            if latest != current {
+                Some(format!(
+                    "v{latest} available — run `codewhale update` and restart"
+                ))
+            } else {
+                None
+            }
+        })
+    });
+
     loop {
+        // Drain the version-check handle once; re-assign None so we
+        // don't poll it again.
+        let mut done = false;
+        if let Some(ref handle) = version_check {
+            done = handle.is_finished();
+        }
+        if done {
+            if let Ok(Some(hint)) = version_check.take().unwrap().await {
+                app.version_hint = Some(hint);
+            }
+        }
+
         if !drain_web_config_events(&mut web_config_session, app, config, &engine_handle).await {
             web_config_session = None;
         }

From 923911ae1deff5890551d24a67c098a5c38c3760 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 07:58:40 -0500
Subject: [PATCH 032/283] fix: use semver comparison for version-update hint

Replaced naive  with parse_semver tuple comparison
so dev builds (e.g. "0.8.46-pre") don't trigger false update hints.
Falls back to string compare when either side is non-semver.

Caught by Gemini Code Assist review on PR #2181.
---
 crates/tui/src/tui/ui.rs | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 552f302b..316bbd34 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -916,7 +916,14 @@ async fn run_event_loop(
             let json: serde_json::Value = resp.json().await.ok()?;
             let tag = json["tag_name"].as_str()?;
             let latest = tag.trim_start_matches('v');
-            if latest != current {
+            // Compare semver so dev builds (e.g. "0.8.46-pre") don't
+            // trigger false hints. Falls back to string compare on
+            // unparseable versions.
+            let newer = match (parse_semver(latest), parse_semver(&current)) {
+                (Some(l), Some(c)) => l > c,
+                _ => latest != current,
+            };
+            if newer {
                 Some(format!(
                     "v{latest} available — run `codewhale update` and restart"
                 ))
@@ -7984,5 +7991,15 @@ fn extract_reasoning_header(text: &str) -> Option<String> {
     }
 }
 
+/// Parse a `major.minor.patch` version string into a comparable tuple.
+/// Returns `None` on any parse failure (non-semver, dev suffixes, etc.).
+fn parse_semver(v: &str) -> Option<(u32, u32, u32)> {
+    let mut parts = v.splitn(3, '.');
+    let major = parts.next()?.parse::<u32>().ok()?;
+    let minor = parts.next()?.parse::<u32>().ok()?;
+    let patch = parts.next().unwrap_or("0").parse::<u32>().ok()?;
+    Some((major, minor, patch))
+}
+
 #[cfg(test)]
 mod tests;

From a953cc2be8d99f8ca2c94d3c4a6f7600a4cd370c Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 08:46:57 -0500
Subject: [PATCH 033/283] docs: refresh CodeWhale screenshot

---
 assets/screenshot.png | Bin 772857 -> 199306 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/assets/screenshot.png b/assets/screenshot.png
index 4ddd4850faee8d65845f83bc4b81a94af689f7e2..e9c79feedc0d85ef5dff9ff44f3175ae3700c0e4 100644
GIT binary patch
literal 199306
zcmaI71ymi&vM>xJcz^_V4est9+-2hq8+UgI9yA1Zw~f2IySuwXaEFha``(pv-~aEm
zW=&6*baz#CPs!{b^0HzGaM*BQU|<Lm;@=d(z&;j&fk6zzK)v^@S~VSmfx*?A2@A_h
z2n!R++uInMSpvbp#DBykKr1U9BKy91*tll}>ImETIYNlT^7>8{NBsN<LmD7p$|lf*
zrUg$$tft}!`K=Q`S%ofu3Lj>04qru4cx=!KHPqZe)bKRsao)nY-+l#TdK-CmIP)3P
z0xNW^lTU;g2Kz}hfEsw;FrAZacyNya1|JIsaSfI<I{2B%-wy(es`~N#aud-v|5~QH
zNbT+Q%?C}Lj^6(R7;1n$F1vqB=%s|CjBP-+G}uqWLTz?#C63;D`FM;h$ZQ^-URY)x
z#$LPW@aUvlSojM8btEu|z)^HkFo8;e(`y=82<%{{xM87=U3mF1u|-l=)`&2B?jg~_
zsL#7a_u&oaTVJ1PjZ?pprKAyVCRIzrcgAE8N$c;wW}M!y|4JrKAJq?`lgu7q|2R8j
zI{qpydzDZ@Xsxh8bJaNgI-N>!i;w}74H6rnG06?6GEN%4y-w(nP)B7LzVNj9fy5t!
z#x~sYseD2mJuguFvM-D$v3dl3be2#SF<}A4jYi_RrKe&*eQZmN=GRO-?h*g~Hc@3*
z57Dpc-yiwT9Nbz-y~IcF&rUq!jckk!63cUuP8uKGAojFI!YL%Iw9*UaQ{@_ZbQ2Hh
z21%u1f8AdxdVakPFOeTylfK?fUB>x(sE@o%ZyGNM_8Z*sbL0`jXNbfDdirauUxUMg
zsa)Y=$qcGJa^fSo%#%3%In^I=uiPA|;i<X7^3TpkjxXq3A9aL6c^&FVJi$Dt$jHgz
z_bkZ@PX`FW?sFX2xFEnDD8N+P?Rv6HuyBlzzC(T`MA-QbH}SEl111riS`Rwa7e^zD
z0Os3q1k^AX^jAM+LWo5@QVOu%OjJv7ZUNE-XhdHPTU1<V+6|TiFpN%sE#3+gk{~}O
z1brvPJy;(ROqZ~72vm`P#!o&YICa5K1CW<~5SgDTutNip3BkVxsR&tQDHeVL1>6cd
zP0&wJ7Jg{@bR&3|1#bG$9p3Bvmv__a#;yS8Au#TcULZj9Pw0ZR<w}Ld=uFvwYry7%
zVDHBJ4Y+4pL23`^|Lptoi^w+|Mq$hlXylL{!ix|X^@v!)U2)ba-x{LT0hwF^w?NOn
z4F;A^c!oiCUH1lEjJVQV#;nF9`N&FPW_^zO)&@`vIf*uER4RBDp-w$j6$%R<E!pZY
zH6wWgth#hM*7^|j`8RAiL{f>y@b|;Q`balbHrTdqH?Zwa8~9cTtv^Ne7jMX1jNJ?H
z;AH%u?>p}z=*;L|??Bq*|1$8A)(@>S<+JeT&v3B20o?)B0XPBs0e0D+6fzFPKYg|T
z(bzNE<KM%!#k%#`F7>Mv(^t-zE^&!m2t~-E?~dQEL#`vG$&P>G4Rjjuab{=<@`<*6
z!zc8~A5f5{z>g(GWdx$+1x?8|%DIW<DIyeF&tRI9Iib`>x~D$|JW7O;0qJ^wZAq3!
zgMOLEHxb=vBvX{qkH+edrIBmXc?mrxUsGdchkp+b{-kMKD;+mNnbgc=SjD0)wJ5Nt
zyckgx45S}M9Nyghw9~TFU@u}1y)!n9F!ec^Zq&aot27TUS3477aC-+~SN&4rGVfAs
z*JD=<Z3op7l^E3?6@)rQaZODe3KdGzi`qLH+K+Zl;jJ(wZ$Nbs%SORUu`2&qSdxE|
zKcYmZV6EI%`YaMyww3p*qzaHHvRg?dI{S@PjaAdB{0MSZ)%?<2)*QDMxpvzeX-3}(
z<>vDZ+7a}O$4oy93#%tf0CqFWm_^H!@{HrO^wdh3n~KA?u>9TZ-ub06C)s02?eAl`
z1ryW<+SdwJPFA{BmABrfI;VDc!fCc?LTRFD{Y_uBgREQ5oL6O66?kb|1Kp`_j&AS|
zP;Rgue>`&EG~e)JV`6{9E@3xi#AH)uGs4=#n#18^%EoTQ&cgxVtTOdsF^9)Q++pgn
zf0wb8L6!kYmnC)OJLh{&^X7Y9Rb1ij!R`UZn=M2c4U>UMvndFP)XC6^7|HdC?dj$0
z{Kl_y535)0>I)jVYPdD7rj#a!ChDe(#t(BtJ)wpGpwn=&`KeWFU(@VkL_`t7xN-R?
zuV(V8(DF@PTAl9c$>}#|1ZR?4_uI<b=F@Yg9W24{h;S)HHE5S$R>T54KJFz>V=jD`
z=i$K-%EiNq>E96DkS&nV7@xR~IjYm{xbK=Lv<<Yq?GIgMoq^3N&3sPNPTNg*_8wy_
z#$=3947$yl4Ph%OEBx*p?j@I|ci(utc%*ndT6bEyTB%yoU5{PKUFSWb9v2=<ew*F(
zK0ZEK-?R=->Dj3{l_>Cgv;(}gUs2!W-z47(z{$X~ed_{$3$+I>qw{Ixwu@I3l79YJ
z1yK*lhsg9v66ui@69X4j3+<Vvhsg*i?m|K9=ytF<fuw(?pVEyVgcBIn%}tU^68~*R
z#54RloF?ofDw&{`>d3stoQ1!M6^a1mivxwRW##-9URZGa0v)A}y-CsLRBB#ALJ^&m
zy0dZPwf*fSO69`Bz(RK=%87t8s|QUaT0OUQ>~`nkpxdC+w)KAG?^HKn%l^gK1@NL9
zb_{kISrl0tWf(>Gg7-e|nO&ky;^`M388q4aSGoLe`7HU!iiS#Zusa_I{mNKIYf@|Y
zvWhCy7BbEf+eo~Wcj&od!GScRrlYZ9(0TZk(XMH(gu|r8RL4rr-)?{4F5(Kx%9Tl+
z1+DD6t-0}+ca&_D9B37_R_X0_Q0;+UinC_zin-?x$|yCMW6xuBH3g`|>F!G>vMWk{
zzbp;ZT8UtbJc#%od(O>bNTG#=o|n03w4XzdAUzYfv#Z%G)NX3R*6&CbiI}+^_K1%4
zQS)oOs$FdF<loD*rkt{!ulg+$FW8$DAI~i@EmpNuby~sKv)UBc&@aAv_g~^A3|kG|
zoqjz<JwGXjDKuTptG5^~`!Uorv<x@{L^RL3*etx*A-Rl4v|4-M+?t(GuiovFzslX+
zKAqT<u@%zs`*Qzu+F0xi@n7X<_AcYjbuYZ0n8y~B@v#!OQcd&HUe&+pPC4Fmw|g0g
zCKW3qxZzn^(wnPjSE#JK#^fO5yWL7y&^^Pw<6m?0v&-JheH~ntsmcFkT*z7PRzq5u
z*Us8hdmg)9G{#m?m#;hOQ_5ND)pQizl{9K1VG=ebn?B6VK1XNiGaEg@xX{>gwfRtZ
zRo~>->`s5L+u%6)wDn+ZeAg&7mLRL^+~Rozw=FpgXf7V*t>cwxUwoaLv6x@>9DUU|
zb_zbW@`8UHTeEGQw41)#>(wmLRJEaRT6H0R9&2ruI=fxpUc+h2uzwr%FM-}hx+2gg
zh~tTO(|Y~(B5`xx*Uo;se3OCo8~4Bs`|)~{(B$_n0hW*SCp6w1K5Cz`n-=Q@^ZV<N
zyMY^wFx^kBsBO4DfaijfjAmV&R=$UXWnJDJg&bj<Z#HD>)}95IWqYloPh*vtmE;79
z{NX+{54o2`x6IoPcL@XZ<Nej-zfsV1Biie{uHJ4<nVjqu2hb}E#K0Z7z-&Evz-%nQ
zGDSZKG$VqUU5t40(oT%9cd~qc>tSZTugQ#&ilGMc#sf<%`;Zw7=6eg}2z3ZW7y>7d
z_`$cdl+?l*Jw1K7;2X+|^#D3p;xwNvGaJFPu(9#u`O#|ul#+r~2mehwm|*^A)<a|y
z!FNygqoIVbJS+kjxcVx}>ie?_P))*EMh1-Py$u5f9&85o@x2B9eqp~~U|=791%W}o
z-;v+1Z<!GP3;kG_`Qd-t?;h&=Pf$r%LgM|dWM~frT05B9I2K^4@V>K}H&a$~RFjeB
zGPJRx(>Jm)0MfZy+5RB`<8kGBZ(0Ez^$A_AEUg{5TzQHA!r*#u|LLYDCj1M<(Sny)
zO-7zj*v1}6$VSIN$3V;nM@UG>V{c^4rT9(sf5_jTc!^CN9c{Vj>0Ml0=v<iTZ0t?w
z896yQ=^2>lnV4wbF=!p!tR3}TX{{Yd{=wvb`FsO97}}fJI-1#76aL|=Z(!r($V*K8
zXP|%n{xMIWtJ%LsvUd2NWxX$u{ttwnk&c1>pS<5mdH(cr$(y+XE!Dr7S-p$reGEQ!
zMpmA`@c#?)uMz)^Qte-qjEtO2|4#aEpudv>9Dw%1HdgOrI`aKXHUC5W@4){d<e~qw
z^nVk@Kji#Z@4KM+;CSf&sWd*gD!l=EFfaiyiEo0+uHYwWkiKXDjQ(+F_LE=DjxPR$
ztC@wqKlJuZo)#|_wKGZyL)9`uiO~tCC|5`68hg5&>DM3D`+3&d(i-X6z<4p%WLLQE
z*j<d*QeDQdGJ1M?V!leiz<?7Gehl#a{24+>;6ERfk-uL(eahq=9E>l0(%2IZ`af{~
zm%0!F;uSCv>`3%~vwBDSjYPh&y=^EVKvPIF`TxU90Py)UJP4FY<MqG1|30$~0@;p5
zzoV@%x*C)(ka2i{CI4TT0x-(x-~?2sTl)@E!Lpb9C+Ls>phALk;QzJUznI9PP?TmE
z^v*~;I-GgN*?=;KMi6+k)#v_C0l|RR!}iP;$v9qqtvy(cl7zFrCt69E8&4}fGQs6M
za^_Z)he?J1NGt@mf<C?28^vMT^o3p9FSj{D0S@l}61%Mo;mdCYkU~5D!_$L&vwqIt
zJbyTZpWg$@PE%FvXNWfj2(PDWGEXXHL9~N?DSw>V8Xx2?e`+)f0Rb?l<F!`Br^1lF
zmzS3!k30OG<73q?qiJYX0RaJu{!kI)aOyl?vW-iZP*HI9CD16T|4UWBLj;s-IhNY&
zSzkDTaCpnr-{;1X1^aJLb4s?!rI#=C;i)C0ePztD4NzvLqQz`Y1Ge}0tykyg6Nrg(
zTCiQdealt7p(;kEDU|f$xSv^ZyLzbZ;DMUO5$2MQX%NTew}QnR94shv+B)F(TAGks
zzMbSAuGbvG`hqDCb!QD6_jw+_iA{DIXw#mg-rU@D?2cfcuF8{IbpPdV4$#BqF`_t?
zk;sxsVT*5`Wr)9e#Ieb)J)TpPb#`uC=ElJe0g{eCcs)*+Y0q74TK=3?52~}`p4jXz
za^yKpbWmxmdwG67NVc%aU##}Y;ca$_FQzS``I{6v8f7*XzJIs{&%Iy<-ct4|w+&wD
zQBdPAAz;dewZC=g>}NDgwFvVcu^*{~7OA9EF-1<Qp07v+-&*IvmwCr(xZsH%C%i~b
z^LuDy!NPn}cxr#Tk8bA$E!7@R4Zzc7b#xF)j&lf3w>^b2F->VlHY?<i%^W{_e}n{B
z>(ITt9?Ql4s_F;wqE@)Kwc4-LD$~-ft@Z7V;+XE8GoLJ<mBcz-7<zpr&b{(cVm+-H
zeWIY^@D;6>RzB68Y{CzOy8m*^O}4+F(r<rNbVpu&ILUd88y2VTQl^^ki@`ngX=;?M
z<cQT~&Ch%e1Y8US@b<$A;wRfQP3Idv^)=Psgg;i%@P9|AU6!}Dw$7t0&<iC0`yuh&
z!QYqO0|Nn<IVk<%S?S2@(AE9%xZJEu7)e1Z0y__CgJ44r<N0_U^@{^kD^EC>KwnjC
z0HCJR>yE$)r&OECf6d(p6_2wb>@mD08p2<=$nIF@`pC<_$ZUCShv2g~`1el7#nN(l
zcMWqiSQq2wLw-G&Qk@r!*1NOgp^2@Q^ww46!hW|_GlY4M{j_=0<+)KuopC<vSz)5$
z{pE=XhR37fL6(bcml>0_l|}1%Gt>a4p@$6ni{sJ$d5WEe)C|u==Um`apv>_^S1id)
zkqXUA%PAP%zzCrCaYiaLEM-2+nbknK5d*_IzqFr8Sw~?|f@&{HeQK7O`uwbIxV+()
zd+K~lBrd0ruFnIc)nZi=F$u}x5AuxsVEmR0I5@Zkyi%fwW_O;K{lWfIw_=soUg#on
z%^6(dfjajHY}Wh~>$X7RoNSn5;e}sRoSaE(ujeU}sqQyN)wh>I=F4Sx1ShlCr*Cap
z!oi4&($X}%xA!PRsCKs{Ni)^+53xUg3fQz=B!i-cw)-MfZ)8(B1Y`J<24akg&8ywQ
z&{-T0Y|SULNv+l^Bgo{E#fyrH9PfDVCNq3q1+fmX9FMK)r%90b#XmqJ<Zo<zo>P1U
z^_j3i&6<)vn@!blI-O0WF;KEwt7(FQ&1biZEatBY1-tudV)`pgH?<_?>XXVfb_Kt)
zpB>?t?vGi`l(<O^4UOcgS9@m(LtC}8ef>I<yXFNY?_~Y7P?>YRTt0o+^J5#NTg(<+
zH0*%d<Z-8?T<nbZcoF=jpr8<Ks8Zxq!*0+c!m?W(Rn*XsXs`{Mgv5xfvvS}~)O0?Y
zi9@GL)C8ql3$x!&OvpEF4OuiaA(g6C1}xQ>$yHX)9z3158x^-1`9ZZR?OVqtDrX>`
ztQRK&bDQTfk9VSZ{{DueitLEHTNTrWz9!*UY1uezC`|m2@4_Et&SoW|r0W{5SZ8Sf
zlme?g<`2lW_&ODz7dE`=HZ1F3*uP<C>E?(8Oy}6DYQ^{OQy7l?K*2^7U00SQB_YG5
z=&i%%bvboop0rSichmYCU9xaG@%CItj$g(tk}0x4(bWi7rs0hw`DInJCh#~bjjYsT
zYDd+^ez5@XeWHS5sr80lgX>9(ifW|b^cX|28J`4@nEGprm}+30h(@2&>B31)>F5=Y
z<>{%uB$>P5_BfrLq>Dst{<ByLTUkz57X+6#PlQIj*}lCegKbE7X#NN2TLnh`YJ4t7
zU-Mbeb`?IH8t-}+16hF67qN#$p2Y2<-MvdjN=mz8nSP-$C^mjseyi_5bHP9q(<zWP
z>X#ik`cJ0CsIoEhCyG`<RY7-^YqXSH96!lQ*F<K!{SM<gPxT}6WY*@U+1#m^X=qY)
z+&A60Qr$y>5OK<GA<P}6S)SOIf<jyY3X_w0mqOiL2M_z{K;Q%sHj`uG&~mE>2Jh2|
zQi;)GC(>(su@gm1ILqzSFh#^_H@@2ec-~Bd?F>a+;E&6V4|hsBI_c&Xhg-eZTUX<g
zWoc~I6aoHs5O?(!`?ATlqfQ`v#IgH}`KlsqCf<h~!;;*=><g4KfSZ|_S!}Fw6gHcA
zk6nxbB_rbxY&OepVo~@CF;LsgIR2oMExEL&ACj<sk7r*K?{Bul_JeLL4wr5672glD
z(qZ@8lN{Oj9|WzXsD9c_w-xLbalw__3!7?QH@yWlK5u+S<6fAsR=K$+D#=^g&Cc?x
zO%kH$>a{;0ns{=+DGIQwyH45J9A+pB<X;b>yPxNSk7g|jLF{Hz(xa@Y2jVg*weq3G
zc-(c0>)!qpd~Mg|#Gs$k1gi@U_Vx$cQEOSLE0#wSmGI2E!n)FFJzh)RL<jRe6-^V;
z>DPR~D#dc$_D<Q-;rze5XC|QnInJl*ShHdFm!TB!8L2`;17igvsSs3`u(_M{Yhshn
zhR?nh);WmXee%x6d{&x#?OI#T2Torin)W0l3s*zPR-V9nRa{EL1+)sf{CFNuk5!8R
z2}CU0SNjwU6tPDvrlm$^K5KzBPNzJN_YW5>{NY?TZQo9VpH?q9b*C$+@iQMsxuzew
z%X1c|*XR<SIn~Jz_KU`;cTr378Pcte(dBhy$xc@r<6mDM32Gd!m{|J^iw0S)e9D_=
zbw_jeX6l}PD`w>OodQ-fe~L%C#Hk&jAfs!R@ze*{Q{{TBeKLUrcnk9J<Lpgjc9Il&
zzXYLf5Qvwx)cy`{wmc+eE5ni@5!EUA#2-(izA;n%kUx7x`w5t-i^XdGNt<^Q3enK9
znJJyYrnk8@A6?mWs3O}O6-Qyn9i*!01b2IvgQR*UKL-GB<73J4`T!z8k!_ANQJ37b
z;vI&<W6Jk>qouZrtb!bdXu54W#<RaJp3e8`9||V1Jgxpore&do*(n5tE?d#$mko9-
z+O=c46ds3y+g<1pb+tf0osi64pVmU*&m}MPQft5|lkw`WFj|KBbP;R@I=dz)n7pEI
zE1_xBbAuF_z9#UIzwvo^Aa}oy?uWsaqW~^dIHM*{SuNLH8kNX79nBDh&x;!yGF;Y3
z%?SxfY@M5MLP`R}Y%j9AgfyCs^OlfMgw@!IAfceDh)cgKuGE^ZMxx2`4K?)x(m^9W
zwp&I(;M65B?4aq`Mu}Y0+q<nQ-h2^Mdg&u0yC(B=n_oz^dy0fEp`gGhc^H#sl~TRx
zah)BB*NjcPn9yD|i%!$UW}_olLFiwr8bdZ}*6GI&z+yOAY2>EWZBy$NeDAicINb$n
zV!J!9j_5T%2?9I7DT(-aT>3i%Mx)lgQ8Bdi*@9Brx%Z<J4K){H%47k}-@SC(3<1Ss
zL`T0k*=IGQr}QyESeRsCW<_GgLuk=KE`J*PqxqxZ<ua-&_YdrvbD`*qT1s+<u%|SR
z*Z@cr19mJ*sxq>O_VW+Pk8^2`iL?=pX6I#2H73V!K*m~!X+^(Fazcu4fTV|0oEg7u
zp<4cP2-e8Lg=zjC`iv(8R?EeRvX*UHjo-sxm+CEA%W&$iej8MVm3t*$Rxz7)mS+^Y
zuX|rJ1O|xMj}-ME^eCj%kIF=O30`?W`qDP+sn;Q>c2u&rihr4$m5O`t-pVoOsYT|N
zUy5G6ZD|PTi*2$=n|HenYEi3nUkhLqgFU7YjcOF?t$sCobaA}7$BBy$F2lh*=m`6y
zBg2sYBQi289yh)Z&|<WDMQhY~^}8w$J}y{^U8So_VEc-)0Kwgn3Cr!En@ZiBT+K(Y
z+8LjiqR{x1$F!VaK!~U_4yow(%v2LRAiSm2q`34gC0gHsK0vXX6SATg!#Ox$NtUVq
zc_duA)=Xu*GPTm$Hh@~6>@Laq1hZ6Ib7>X<$Zolyr%YKJa0y>@FoO);7Zv9vZ@!sx
z8EOfvXmjY7t%Jc4B<DPDK5yFvGuf~1Rlq#muIKLv{4zMrSSa~yLO?B^@69*3;MjN#
zlrbBWNC~H~90+qV^wYn@sBmUyX7*S7bw?<bQULdxz+Z|n#d7JF6&r0Lzt~_>qFPiC
zQoA^1fBfa3{Mu`#xU}qAuZ{1C2uEjhCWS_&XHls~aC?w+3cFQiai4a--Jp3j1a0E4
zyA#Dcy;;bZVJ;`+xIrV-jQa|Ap{ZIk)0Wb{GVBe0N?E~^=lf^w!Tr=uf*b8L4^ho3
zREYnKiZd@^?;*u16$!;&Y@<vtJazjG9bn%mxAt4Ro((|pGvU}ZhXN@JpuFLU=vbY4
zaJ;3%M!%tPegVqpR53L4FH#7}E_OwkT~RAXUWRr39v;jUv5l{tatC@t=u4G$uz+HP
z@$>?f2ILj+=x`IVT7`7}5jgNkL(qJ_oNjAUoO>XMm7-Ks>!!k9Q>*s3Sd(qn_BFJo
zC6RHQtl+HIMjS9!>B+e)M~3=M51v_NE%$U+uIh+{fg-i^T?(wr`sG(c%#OwTGMLKm
zVd3TQ@?0?k7tEESmSV{k0rxF*pfV9oEGF#kZ%eLdUWeZ!A!^F=tF|d{sxf_Z?xOZ(
z1s-i8ra5_1=v8)~dBQ`4sjZazu)V2t?7vSMHO8}9#fYGg7OaK$pH<z~?ER#Lnz(nq
zF;m;tV9A!Cm6RCIO0(oe!#|K~J?>RH{<wUMq^T06xD0M-mRoFM(*mK&r1lV-7B?yx
zf=|V#{Py~R*Bq}*DFTPRQnNdg=~j>v6&YDbDxSuexmjyYl8s{8nuuCpWa?*@u(|`*
z=tX{z-AU$4$*8o6NaSh20lyw$r;tTQhoEF9WK4@cG*U&LTx`|I;(%m1o7K`(I<Lpc
z5NtIcl?A~H;btT>H8F*$Ms;3nbmoSX3~wP#QJv);yRs3mh(ms0ei!Rzx%PYj-SEU`
zwG2fw5pRpjjS9ZZvSLYSqc-Bi0Y`N-|6#7SXqfr2`^WW@4RdTtHX|a1XXrh|!82pY
zuix<j%JEhk9r{P#SWv%Bh>oYfz!Ma|go5vgw9sgYYt_QKmGoH;m^XaEUba2|W<FU}
zTUBMTT$WQ+!@R>XG^qHWsTr8>%)*5H^*`e%8)K8w`)zWDxAzBlyhVp{QcFCY)u}U|
zwQlDI2eQU6!gHhu+>?b2j}<G*yM^na4TOI%?~eL>L8Xs0yS;ncb(PiSIJ-3E<)Mny
z`%!Cf_GUVt4@AY$tyg|g(S}lbAxnd?nLK8_#s(!Vlqk2c<M@lMiy&w^?z0i>nrtBZ
z!Dl1A3Gg2+y;V3Z!anX6CoIk~1lU(kafUp~qA{$32xf}4+tE%}E9++VUFzV3;le^p
zb^%tB<||TO=A;+PYj?|^WLie6fAyxlsEnt;(8oq6jm;^kOVazYUt#qji#CVIc@A6M
z#lrpYH!<g_@2`YLME*pZN#&$$kTg5ZyAD-Z@Y#U0+xH`puLg@v9!*VZhB`uHNjxm<
z1#bEBv!R(_U|+aW&&8$-eTH~B{i0;OlbN&?a<*CbrsHFPp#srtI84_5V?E&b-odQ+
z+fC!|;fHr?EZ^7+&Cx0hwKCL&wLtTE075;9=|~&)=?vL<&QTAe<fK}eRl_LW$g2D4
z^G{_syl$w;&rfildu6U1f0l!T6<jE9xTHc%=aZ%+ZcBV@TtafFuYY|itD0$g(RHDq
zE`mO5PtcxsB~CNvCdz_peSAzQ8Q~b{oNZUR$qY$mxiDm#P7w&PsRdpcd*JT~(a=as
zN>{|jqSi))_Ho#4VK0mFn~Ood3BFaBVsn^sq<|hPvcsbq83h~Y8(MBox#b}h#`jbU
zUO7$jwIQ_e;RHFIhD%*2r@I3SwDv0q%3^;f1O{PBma8-SbXvzbS{+?xIzV!NbQBi2
z)$gV^vH-1Gx8^%s_1&01w?9AU5Cv7CFE?ynk7lAZf9<kFmZWm|HM>yW`l<qF61c&D
zI2MWWS}n(~Oqco7Yi}eYF1v)jKi#i*qbty1^-yx??-@FI$d6N;&X(V_tZw5kRN>IO
zKYS!IfV+g7xqC8r)#v7|O_U719BkkD2&}M3tEc2=56geOqr>*N3R5mOBY%uT<19v(
zc38yaaa!PoL=t~~yLKS0`(otPeYtMBvU*-MDe%3jhbdjKo7lkgAn$HEyl8xK58yyi
zsjrEKbJSWur)t%BvXCnvUAr{Xc&--buuY;ggM8U~b3mbT0GuAzZ7W>j``IGV_|(~J
zvq^~|5VIGHF_mDmZWW(*d%9Yi+jT{Q<H+27;)XJ^Kk^z8bmgGWjwt1yI6vK1e~27z
zte*=m47+`=$KSP0$TLowQ!d~8`<dJ2jOMmOk{v{8h`jIqJ7|h`olb`(if#u}`QVrk
zS|{V->63@YSqY71n~>%RIV0nw;HVyTN)k?CX@InkbD_w_RrvF?u@N10TuwT-RZ86V
zLF`{S`4c6nvwWsd`mo!s6?WfYk&sl;0V+2ox81eyC<C0GmW&Jx0x}%?E!Ac?aA;aB
zpXOP_7CRs>66_bNMmUppvrc5#*G0}-UO-bF*zrnZPFWAE!^{@bg~h|nL#cy#&4%^A
zzQ8H;Q2IA#fBkzXJ%$hAr0JOdXyx&XzW=HB&Y9wS=)<VvGP<{Lgh#jnW1!^1<>A+6
zoxos7c}ICfucyO;ymZc1EQFPpBeo3=;bluZ|5mf^M#QybRjmNE;R4}Fj)bBks|JEc
z=#L<<bHM6d(h<@X48Ceb&E?n4M$B~ikOwUVSgv31i8SD~eht=_tu+TT`NGlVvBLe9
z84Y<(4CfWmPgHVoN`>cEy!~yw>US!P@0j@^->cxxyw|=m@1ibs!e%76+@@Zu82ZDf
z0w6Hn`-W0>?d*0H`y2D&C~^pxcVhu5qIlJ>;Vsqrhi40=MuAhxu}UhAM(zI@XK^@u
ze1@N*47gl;q4YPDOH(cb@bQtGbwH}h$MoHpfqM`>+(RjO*1`;N)%bhAIwyx#hnXZ^
zer<RH<l4hkp`ypK@=-*EqbXoOp}0Q1dm)<-<4U`z_j<B_;8sFn5Md=l;yRl0fFOpc
z|BCVccqiW-(gdWnXjm;K!?!GEGR<LUA4X3VcE<6UIdRF|)?bAkDQGjYEjkbwe3_yM
z@?^sHr=njx#&7h)p5Nplb}KXeM9}#vkWnCK`5hq!EB@|w{|*P!sxzOnl6$&4*e-OP
z1I42Maf(uxKehnmi7aJ0iqxzKH)_My8zba$G5+Q+3Bb6Df>qjd5u@-Ff6e;`>&#E!
z{B?;!Bep$*OvqxEF<<|dg8h@6-{%6?^^Ts+>poJvbGF-ml>g@aZh5bJAD^FJBq<9R
zv??<nQwSWf(*IK#pCL>LzO&<7OSLvD(~~TC=$>UGwXXq;+qt<RK6oB(rld@kh!oWr
zjWW7`#IgR^at9XC#(SbXUspjsPLP=Uzw`WYQhIl7xS<iU1=zFxltgriw<qKI*CRrb
zyc&<EMr|jre(aq|q!hVua8e^xHBT+21y;&Te=QXMv#sMPGw6rk5FwG&-}g;`0NNMV
ztLjrw0Z!js!E(9zH+rv{2=r1e^K&oTa%`5(t*_=P{C>`7qxmN5%hJW{Y4Q&wPqVoe
z^hI(AM?sXmbIj+~S!l=8Cr*{f8|PBxJPSeC<bl)O<yM)jDRMu#ZzNfXasDz7Nn*YH
z%wL$waUV64(f(UM!h|dfQD>O*Azebxi>o&5q;sG0e00~9Ss{<fOB_7)-JeGzl)Ipm
zRkah<KsY_P-mhyaGr`(0{7*#clm#nAs-Q26f0byI8Nn+vK?WOBX@6IW4?jdmfnux5
zu;Pc|@zG3_{@d84{V`El9mdtm9V%>hZv>D6ZKAzfvuwm?Ky7Z%-Whb>Y)BjHVH9c6
z_3XHZ6f1XT@TrVH|0t*FxI=+Xk*I5q`{>@zF~&xVrd4oIZ>4=n$ff=C@Qzfvtz9}Q
z6Zxx-Lv}-<ZzTTGmS^H{D=i$zo+K9P@7ldDK>4i?39!5ga=h;l<qqB2f_Q2or)J&u
zKkRq$m{=2TyxyPce$FqRt_=&7o4SWqnP`BIDHI+yZPK^=pkg$eyU9*hgF!_@r4SEz
zH@TdTDz-#raojg22&o#BR72$JzYO+Q&6^7;q9jAZ3JWV7M`(;B|4fnPeTsYzUGw7^
z2HQCA7UK46xbE*#6WXvOlGoA_?^mpk(@c$zAYKd{4|e`)qTp=JC=v)QFY26SUQY%M
z@Y!seqdK3JSUx=D*0gV-Bmk@(xSm~-T=#EvgI20t>T_`jw0lEAgv0JZPH_tBYWVyH
zFKnHLMWRJjQiIgPA3XxXZ0*Qw>BeCB-vmO7<~rOc(5h(BmC^hZu)qAb!N_jJ_Uja}
z-_WYZh#uGHDZQOt%rr@$k`jz$9l)d%uXd8SQRUC{`kPPx=3@o?ynd5i>_k^0Kiny*
ze~GJzn=QXWntVtro~&47J*@iTbQqSQNOSB)S3C0$E8+qFQ<`Ktrx_hVD7jD175T5N
z)4?eX7XJZ3^Ha9fv2iR`AYHk%KD!H{xVy7;w3!({KS8L`FlhTQz442?=D0G<BIWxw
z=a2MVtfeFFX+4&gH;qkGH8m~tT2+g#zsLG&^bY@9L69R1Mvbz7(11}>!VQ#4CD&RF
z6Ba`J&SpK<m!j}BA6g}d^uLJyQK$Uw5a?_636$8Nu^;+OT<~8?&6I@Mknsw9NZPq?
zaeQ6?pS>H5A&pJT`hlxMiY!U~*Nz<`l~0=Idf!YdhUBI2;QuLr-|R#i!hEQx$W~m~
z1O&QpVbTnvF=>C%wZnfOYMF~ukPrM8IB`(WG~J=O{HlGQc42o9eXm%3WszaW`3am*
z>Wa^4hMaI=d_kK?>a8Qx?A+2|ufM<C?VM|8_&de8BUeg8s!Y{E<ZvS~d7pf<2u<&7
z!~}v^imJkXMjguFzk=e|+mBtuhDGYlYkB>L+rkQ!CBEBv4wpAq1*Wc>i91=Adh#%{
z7E3=qjJS}z`A*aCOwDcAWpA5n)E&|YyVbuue*o3AUk)A1{0TOuHyB+!lxn+<YL0k9
z-s@-}KJf2EXme%U2%O^<6dH8Rr>vm3nU%C7#e6uJSi1{&n9G8u(qaX1qoDcK`lAf-
z4>mSZ8SA`JktY{zc;%2B!&FdWP*W4l+!J$<&?n{IH{W_9G1!!GmFDm-a+86JxplLH
z^XvI6Pe#XfTy_l0RVB?>tk_~o8ONFmqkW8yETsP4-ayj4)8VQTe9R-cdKo-P0_j8v
z&claW`x~wvC0*-%pD0>Bi$us^=&7I0OVej@MX?D0(}Y@L6&~KY-88ASAxpCTq+h+$
zjH%T223n_LEScTSQ-=#{(osQ&hY$M-+lp%c4DAY)Ay%QZ1dE>Prq5`pscH%2u%pUn
ze+Fr}6IiJ;%K<FbvIuT)oTz)1i)GZY`VWd-&hmsk>On1!C9c?B)9|RMxT1&sh*LB5
zXPGr5PbaIhh0C#Jjc+7eo_gfF`^H7?B7u;(#q(9u0!KcRr>Iyca*gVTEHBjsW=}yP
zpi#|?=OBaa<E7>Gnj@sg*KM)W<@ZY5b-79YWVvpubc*U|<@tQ6<B8K31YEBK#dP31
zK=pi03_6DW7*yCY^s^UOpo89Vf#o=u#&Xrn-fEd;0Ae*=3-r0aD^N*;o_^InmKsG<
z<&C}5vP+-01#rhFOZ(q1$a&w8sjf<SqkX0@6a;+nVmlg3ww8@(T8vMxIW)|262ocY
zsjFj^>+?1|RF+)MS6YNytobQC?`)7_j;cwnrP{+ZZt2<n=7R8Y+h;z^HNa48qRcRS
z%vJ{r#2d}C!LMB9XwqKlp|EbE8KBHQ*>*$KW|qD|8z~<U3Ee#1eo8~t1dNO*>$y0q
z)TTDQI=Y>O_ZEc@a~2+sTefkq+BB(C-cSk3Ds4ujCBKFfr)w}K+g)5gGe5@X{d0fY
z?!gKuD3yw~+QS-{|HyVLyDVh3E_f?kHa-1?bv;Ltb1?8-d&XoZqK=Hi<{p6Lur_|(
zCrm>5;!1VXey^LCY_n(vW~JHwldR1a!RvLeor3$Sp(?Zr1YI28hOw6Y=yCH(RAabp
zaO5&+b<6f1*c=YmpXc9YG--Jmzn&v_;Hz+5W9OmjYtD_()~=g>P|@(GZ%sfSe-2;s
zGWe8tq9%o*eU-t~OO)UMGF4AqE+06J+}Hiq$ca^B*Gn^PJlbbMZ_1hw{?a$4)9DU;
zG#Q_Wipi*=>)=$WYT!~WIXdLh<Z*zT6}JS@JUi}wEjNdWt<0pdsjmo^FxQNjd#MY?
zuFf_eRAn1|6p3=#^%{)zBF+$fZAOu4^FnmOT=azyem3hgNukVAU~$5kPQ-RB6XZ@H
z$c9v6TSh~xP3~39IMz_~^rrwyTpu47pUiQ(+MYQokVx+EAzAXtGOz38(D-rbu7o6~
ztA-hv2T$MTK^IvUn=AiR64&Kx_?aNG^xC4IiL-u`;ZjV-7=-S1tmtlzIQnEna;oj4
zd>X7NH(s2qbn_VP_>(r-xUDswNqy1Z4yn1|LtyX63-?b>22!Bz<_C;`eeJiV?Cm0)
zjL6!uQM_Tq$@JM^%40Qryd`hHE<=B()xs7-N?g4vmBi!^8+Whw>y*j$QJ3B%08-}S
zZM}i1w|q9`b|pW>l2LaP+S6rMX`uRO=R_f4(^2h}*%YlqVPR&XIm?eMaQ52#@$)p@
zGQ%+0(gwA`?34_Sw~}An4il2-tDcodNKc(b#|M4N<z75^%Lx*CX-(S!ploi@Cig<E
zX#1uuGbh}xZNJ0N1dmF-)nJv;1(8yyuT-R`NaHlB=<en}3tq3W*Zq!a!gFj0bcF)l
zM9jzZJ{ivo+Kln{w;5^w>)>&RaKf(14=eXb-d5>VNQ1H}eCnWHY%<01x_WJ=q#+Kn
zcD-kIf4Z1dR!)?wJ+95wPk2k=bNA*E5$&I@MUquqCy#%7V68pn6H-U@8dc$k{>5J8
zE<aXt$d(#Ouqs!r_PyF<Su){+<+Ky#4JJ?IQ)C_jwRe325<*z^s^(jEUUj>2m8A(#
z=}*bi+p`pEh}L@d`8*CdJ1Oi@sC^eL+4&huDXnk)2|Uo&E0;U{MUa-f-ID||SVV2k
zpIcAa5&@_XpOQ8Pm&2+Y)*tney(RM}!&18k2_#f-RTXtaXqc=A2Vwh@FSXg39KqD!
zFJwUfY(@Z=499OTeA@dP6o5%5J<4I97@ulC*bqy_Ij18;Gr4mCNwD*D_;`lW93YM;
zj9Ps-CPTh}@^qypoY!5_p%R<m(NC!GDbr55UEO4<-U09B`k^}3*_Hlg!;6+1F>@i{
z+tQE&ZIOi7(D-n^oKBMtUQP;rnq)H@eNO%fS#q3rxUsZXq+(sU9i_L7bM2o*oB32e
zhLtvV#@_SqvMSrDG-}fs5dLM!9_!`LD(0#8M6n8JFy7n4HC>9U`r{Dj`!J=Pe<W;d
zT)fzD+p4VHk1vwo-^r>Y_lls4HDnB7kjyS_atg`#Lxj}*9bW^`V+V&K<g8P=F_Msv
zycf;jan-hQ7wl8l@a|F+k7i8R8R8bW^uhXv{G>+q??wt%!XdC-H8tbVP|-Uuk`0ot
zCf(8aP3O2RD177eYm@sxp4vWjeY{V{=ANds9K`aCWoaCVy^^&-w}=`@(!@M^2A_Ub
zo=&(^A%&)wt7QdMmOq-+YXn~orR|*F)2KTXG_kRd$SMpKMPjhXw;<%D%BoNl>Inu0
z+kT}nG!L4d+?lq{0t}8EabOx!P;wU0^dMSuTW6S5tW+oahp40Vg>n(-reGl$5C!%w
zpt|gG*8S{{4HHFo*(+d_?a$-3Paf)uIM@p_Bp5qxEwh$&OM<*!)OLt70G%V0o`^X1
zi>o3bDCeeXq&IDM%yUrCz^iS}B%vLr?4Kz)98EaCl1>tR$3s17Z)sAbEcltn&ECrS
zhT9Ya_@`60@#!;12c3~?X1_l_s*Kv3*-*74vaYwLo~ttJ<xMSb8Id(gT{M#{ZoZ3}
z9b}-u-FMZ=$KCcxlk!!er#s7?%R2YYtS{G;%`|y=`4qhgpu&d_@FiIZ>*JwCNtS7j
zszr%B|EinD3gIo_SuZz1f@(twk6PM&<35WW{yNS8ghJ}_^TS1i<cDvI%_P>9yvAss
zzRDkC8j3!CnVRixh#!9l?OVCd4n_Jn-|WWBr~D%57UcMFT0VIy=OuR6au5IhrUsmL
z6Htt0R%p~;V_<WheNlO?t=m^GHL94!h}F5M#V#Ut!l}#q^~<0agZr`i1|1bhz~hjo
zD2;&SQBI|bRaF>7eJEFpE#VlB7BV(y?pXrN-Bjhv)nejzKQkX1<P#)u#euylt{{x^
zetHC$&jLdfmmr}6sn%@Qg-ghF+rg3__wY(sR!45|ozLbRJqR_|fw=tA=X{*;p<(cc
z&ztkb_Dv3uknb;}z1keG4di~$uW4=&Xl0pxn(GRY+-O}xi6bP9&g}d=GpbUd%JEW9
z?0E_h{WM*-omS)=Yk*8eSwc)Fc*L~`Xpd&(P%K~ta<O{3#>{qAzNBES{Ue<SqGXw^
z_lEA{DBJ9Q=y{!zRUOym_PwMybX~5(P*cv3f%*6miDh)0jBSD4YzF9LlVJ5eJRe<V
zH9OV}=XIeN)v@ojF@_BkJTdnH<$-HMIC|Eqb4xN*Dz*w~j{RXV&>RoxtW43Z&!l%L
zjZNR`Lvhr3hK8hv3Z64*epPH}5n5T~%VW|YE@3j7vZWwoZ(KAe6zj2?3o(eM0xE#X
z@lbU+)&K!rv1~6>VczZVw32m+aXUMvH|@c!=Cr|4OqN-FC5b-r1@qYUCLnIco-bkZ
z=%N4V_^{t30cSD3e*nPCA|Gvk<a!kOVTZz?*G=L=VyW)Hx5;_a9cH&FdI_mqF680n
z7^nCI&T~gSEk%@9Zk#_S{a^Li_u@llZbJx@dgTZBqLx(YT11f$ZrCAkwJyTfDL-8@
zN@@~{U*Rk+kHJ)BvrBpWC<X$Jk`fWilp@pF>-+$?Kwt@>pI;ZF;Dgget(=mMb5IqV
z5Pqz}Ps8Wdb0rvR+BWZVZ$R((yzXiL{pFSY4D|86ZBU(#yg0|KVOZLAjlW~6p}OD$
zBsF7$jbLsXPQt{=`FeiB*`eHV{0j)xf=&H74meKiyy)jgndM9pPpLS_?2ASa)l%Is
zQUELvbo^;(W~E2EeuLyKRL^t4iqLxEy;P}Rx%CAZUBU^cHb<o0E1$;A`{9xlf7=Tr
zV*^x(8}A^%Z6}7dU=GQ|(M71E@mEB>I{y8NH?pAwny!eb`YE*9+B{d;I|-LJu-s@?
zw1v_!XCvyT_(gL1ftgPc-Ma#ACU4@msiftKPA|CdXQzSXLZAyk#HH-usFAsR61*Xk
zU&16^Ah79v6G0KiK4L-0R>pr9X60GMvt78ctn>8jt7aC>vuBvS6>KDo{2Y_$Gm)AS
zk)AVDbN%V-agE=06w(~E2+GR+#Mz@dC5z7`Szd@A0DkG4-)@{_L0O*X={7v!?ZPD>
zy_=x;6*sh@6>grV_@Yw;X%Geq(FKo0kjQD5x|PDogzHq@EzwX$1XF!i$DNsvdM=2e
ziOr5irSj5tJ;+eh?i9JqQxD3bUj4i*@5{*}>~Rx|inKuIcV)oH3MV3I!JaB3HDa`_
zk{^>YJG25~=zJHC;&zX-$X8}ME_KJN>XysIL4%s26nast{=9O6HrIO!NW@!VL1PM=
zKL_%-X*==m%tcA(*-+WuN28_cy$~XeB2tKp?Ow=Lb)vUZ6seO0de!~>f_>d0S)lMg
z{TL2v*!zbom#t^5y5F$uaW)vumPvW3G$~HbMDtGM4;6WH5-LZj%1H9}h<)SK1#<we
zS8wOe*(gQnn<dL6r|Q*G#4}A8$u^risK?V{)dfFLf%%8;Gfon!<s$vBxZ$nnt*;%n
zz&w9Ug?j!MUh1V}iiF;W5{AX`7a~Ey*~W29IK&^BJ)%}|7J7=?h{^@t)S-L6XSOK;
z{oN}We3^mmvMNrvZ>T%f>_|~p!Gmu^HOu+S48S<Hr>8fNfxN~Bw<)8mEd++}7nt4@
z_9{zVo3O>O+e|ISrS3YzOSbV!g#Mcv5)aNf^<Ud`d9m;QhZbg*XFwIwpq?I!Z)0|T
z$U_d>_?Km*iXg?2)q8pJ1zNPSI4rZ^*zAde@!6@8^kFwIkV22If0fKs61jX9y7JAE
zs;XqR+}jPgmwUff^6dx{kP)pDT`+_c1syM!%#MjaarPW@{EYihvM~T!zQKtIe-_=@
zjdFmFxFv2#T=?9&9RJ?9y*;vyj>}Yaix3|LnFcX)q64SmGjvfyMU8IhWMrk|EWwbI
zo@y=Z`Lz-TOHR7=yKh~lqh|S8q%U|1J5s6EWK<uRw5`R*-s)@48U^r7y&9=o#mZ3U
zJ*hT0l}(XH-6Fzb2Y30kxdqM6)KW|17pEj|+Q8)<*Ey2L_T~6fW$i{X<l+}O8FuKb
z&)=)E-cuQp7jxEXFHCChfjAJ`b|EXKclp7L<-92MYy>06s-HA*Q^VH*JJh1#RQuLb
z4)Dz--0=o?*+u70MHWwP)z0>WAU@jI?5f4<h&FNdSOnDIAc|G&Fg<Yh9{3&oTS1ni
z`eSBh;cz^qZ3Z(k{=^kWrjvzphR_Hlh5iU~NjViU-a_?{)k^~yo9eJonauZ?%kqi!
zR(achaTJj;vF+(zA+N?a3<G(M4+a?f<-P^7pR~)rEo+7Y&^jWdiZo|5q#Yh7Ezdys
z`b80(I-sk|a0UnbLPe0`bg5d3fTrZqp80|Hd-Fj8y-u!CWPNSaIwCYR^NIg3=E`S<
zzK3lJa#X4`*OlrAT9=UOfB?JAQ-AHpNPxAKZE%Y1dN9?vrn)ll)nDNEUCVW`eHhCv
zmXys^_@l8@4|{PxV;*jdwP&9ucJnn>F{+s!SYV;y2z`HD>U{G}yHM}N(U?sUkG*Yu
zGWi$~x84rl*NL#*>a%sR+jC#P#*GFCy2238zJrMB_-u>lcA^+7O3H=SngWP^k%Rdo
z)r=oVaQ|bSr(~@rf5$A6HD!oY?QK1;qi<>W=Vu)BZ(`0S6vb4A3s-!L-@M9g@(h@P
z_+xqe{B>r%(NUPv!e^HK`I&gJKyW`Y62WN3n00aXjd-@9+E0T080m2L;lZq?{&B{4
zv28<TySq(IuM^HzDlkR$gX*RM3i--g_VL@yOSWp*?XrZ09Qfk>Jk$Q6@RA2G{HfG3
zHNx8#-pj%t+`{X<7-KgOjan$jv&54CtM{)rHw<&}%Z@Q9YiGrg7!a`-JLu|FqR>rj
z(Yo~jTqix!P2Fi{ir!DRhsb+^eVe%WF{c>l6c};p$W)vaidMg!flSkQ&^fw2!%g~I
z0%(~&M9>#vQ=@_ncAcj+{kt*;&ljU{%Q=(r@84zd@YP|zADJD~_TJcCrt$gq=0<`_
zWqV-&7tz++XJkkUh&R1nmS1O>MC<RL$I@}m32SleTOeJ^!~_+badd#L=P3Ot8CZPj
zTq~G6sm`}kUga6<mHF>UL(8>8w%LzYomigN5Nj+%Kvh&VO^Dc+ZtkyGH~*FpO;v~R
z8GVX0eBlv)^FBpd8n*fQbX}Vg=Vvl`u2gszf^%Q$T2EciM$*6<%XZhw6GKqat(;2M
zbM$bYgHg;O(dQ!5pQj+lE=fW4ns|$dU?763weqXJbnE<UU2q|0-M6EWA=vl)bW(Qw
zfXD6aRcxv}oVMes64g6D5nbC))cpak2yWpo@}Jaag$d8w_q?PGt-Yg5tA%1o5onSl
z@njWd_bZ1nAN`$Bwp?VMc3^AYdMZEEm~SG9VjNj{!yF(26S>W10^SPQ?@JS(tctd(
z+q`0+qFRHSuA7x9H3->}cPOK1V8#$gv13if2A6sEopI|K$D1xOlWWhVLg0<R7GDT{
zVf~XNyGKI;afWbS^w-n_SXtTc)p3x@`kod07d8dw_z6SK_AvGP6=P;sm>xZTk2ZRq
zSenB$C>zkVJf0Itf}0KaEtnr#3f?@imt)V)Or2;61_5|iTiCEgJMOkEwd?$~#Yo?M
zS-u}Xe)JjU{~}}J^RrH75>#iDZnV&elY|LGUU}7<l_$G+Mlx1qP|M{Y?<w)~AVQ@{
z|EldX-@2ZmQjrZ@Js(VGIdoF*>Fe^Rjm1`hwU#DrP*B651OV9E6d}{tSxRcH?0Mh7
zZmsGnKG~h+w=BOOp@5VD`Vnf2hwK!8n8--w+{%-y>xH9*L!-%A2l8<x&e|)H>8!H!
zGt9#yvnHh>%VCSCvTU+)#Yq3Xm4ICXK)O$ImQ?)zq{6<p(}MG;sg|#%E8e9$LvxLV
ze)-z4&1%UQ@*!mWxA`*+T`7&bB=630mrf!jW6M#G2x-HyAe2j~QTW~lB6{aV=+w00
zDI7eBT>Z?fKLi}(&(A$8oJ6KPB_$;*+o{6|E;wgqA@fFax{XGhc{_}8<I6nLeU{u`
zmSN|FnBVT)ixitKHaYI0p(r60izLx;IE-C*-%wiZ*9id-=yvH}(`ZDwjrT*#(%;Xd
zv`Y5&p0kXMLRWRsr>YqghUPhufW!k^>10^Ah^li01YRpv^OF*Jc&Z!)n}ms`WU7J*
zLTcbhtkQs=V!zUEtoc+nKaZMmb@8NiBrE_hD1ErO!oGFk`m2V=3BgRwVtL0MkeBLr
z|Cf|i9-24{m87wPJEsjTW|%dPj2NlU2l?c7XT~sO`kUNU`oTv3i1?~0y=+vH6EWEV
zWqts}^X6!n@UL&!I~*XW&SI2mL5k8?t6kasDIWvpei%aYmVt_)MUs;2;nIAi09D`P
zekR$2R;oBCNQOJE*vh4a3tUR}6SeO-$XD-eaW`}ht%Ycq8`8Ht-1wRg-I5)vFs+i(
zsNd&sh3yocc_+GD#q*wCpeVd#x-uI~(BzzO>%C{rSlo1*=f<aLch}2uiOc(6mH$VD
z;=2zac*AU~tx1N@#sF{tO)xXu4@6k+>+NM@EmA{k_4iLf-pjgdA2&2mapMJoG&8n4
z^dh3u6z1?oE5l3vDt(MOLBzS0Rzvo4&cptA{!{1p&*3D=d=pvqqha$~4=$yt2W0;Q
z<{g~knM~zQ*_m9><N+an|BsLFX9kjqT1}UuwQZgoSU5N;rCf>W{OdCh0{QNsh@qV{
zcy6tTb4yJB_I7@!^EKgCvkKx}v#DIlSrDL^IHlyej+i8;P&hd9|FQPgQE_Zb+-O1q
z2~P0fuE8yMfB*^ZuE9OHLx2DY?(Py`aCi3^+--2l3>Mts4d>i*zk74eeQ&+BzP0*~
z>Fzx(d)Kb|Rqgs!lbmtDlGT3(;_275yX&bpR%z^B$F%?{$&dg*BSxm*S8m9j%OKWR
zOeP53nq&6%XVwi|o3GP;eQ|x9m%ya0RIFACxhAyDD=hrUE=w%v5eG|Bd#|aP(W+Z2
zBW8Pm4`V;onvYKmPn3l=5@hb;GPJ+faC@ukyCI8BgsGFAj*9>G+k)#)g=`x&7b93k
za5iIk(?YH-EbURzQKhwWS$r7yX+KAMu#5^WCksGTF;VjG*fp%j{#XF(2>B8jiGFo;
zGftf=xfp6d`oI!jF&fKhvEF}rBuT2F_L1Ku?2)MwmjZQfc_VM)hcTR5pOsQ;sR_)r
zntU@leK{7bDJcDvh<&NZ%rt&`?0sNq6J=<9dUAN@;yr9_Jl1=@D*tr8ATtT~s7}~!
zHyMeXpE3MhG8rU(CYJN>1BC(S0_X1T4!kS!2|%dvoMpc8DdDsm_YXoNE-Q(wJDih<
zrIkIED%za;2`X=q@bU4noaK;z2%eajnDPifK!yC!w$1M+^-elIIeE<dKWI2%_Bf3W
ze#t&ltez>M_nExbW;SA`L{E0*{*aK*>1USFq{$2+m!%93*b7-)Lj2WCa0RuhgF}^4
zM0SO(S5pf+G4G!FR0Er?%N5Qet>FAXHak-2_6r)x+f{`wuW3MgQj&(p-VtrqQO<m|
zsnV$4j<TpIT<cYzRgLYw)=3}Hc?2Pk9vi>?`g7TPV+xzaCe^Jj)x&jZ367oj3zd$+
ze0351pLzzOt>I^b(1_+n&uGRo1e=MqYD*(td(v~+EQIO#K*WVi-KUyeN&RcJ+}xfs
zY1MrBER*Sb@Y;b3p}0~~LSh0-UPu;Q&`lTz8@uqlPggMG{$z8*ddm!?U3<*JS8gWH
z=XJ^IeYS;HV*)az)<Jh+Bj)ycF8;aEL^?4p8f+Q7al2G+N7{N01)b-pIS{~?Xn69|
zhPjw%);{m?2UxmG+x=}WJ{4ab>kQzuTNWVTKd(}HZ?Mnib6Xo16C)!pbcJtXVmf|_
zIGez*G2FKiDJU9QiOImgw@_9n%CGR{`RAoPm;Hre(`J`l2?dOIyn$bn-dR}m|BMbM
z$;!#0XoB%TYV|M7E)H~0_c-LoM~L~&XG&J4`QkV~G#x>Xo$kmF{gEY#?hhL7)E27T
zIcjaeeX2O6Z~7w(#skoo%HN{A<_k+;){|iodLY_g(9}vcpGMS~(sMh|WNwe8(Q!;~
zox5uFoP<sn$5qi%z5RN9MrtrhC}{eoS>N<k1Wp7fUOl{e=QZP765S@JeDq~sb^3y?
z`FsppC&!00F}s#~1}>YKFfhMOSxyt%PmP=FYb6-_<)pF*1r82ws>KgQLeE?SpRqH;
zq!&UCM@pq(23wRb$uCLr*r-*Hb5J&EIC^2^6SuQdzj7~6-x<ch#~aSBR??b`C6QWH
z;_*0XJ+>!u|2Apgy}C49xKOFLrKq)89FcpDE2DrW^KkTHq286{?)XH0DycL81EWcR
zo`)x~s=6A)=@)#{TjB+os7+Oxb2?ZO*IdgYd*hJx>x(~J=j`3Bm*&xAoebd!e@JL3
zVuDyj+u-1!;;upq8KkcO<ap5Se)Dsj(h>zPqUi&Dq3Qj7s$(?!V%c@T?dr*F$QGyf
zHF}NBqFVii>)mBHXTEXT{RXFrJ3NSzN`tUdsdV<r8~bo>?rp7b7>-ay+4a@VYoMqN
z&@8j6c4n7h^peA%<DCgT{B8xMWJDpDNvrNtTffEj(2B)uSvsfLxpi)XmR5M@^qe%;
zrz$p^1y`Vw&3IQ}TvA+~)VuqxF42r?4)coxuoUm$wOT#qwi()}ycnCMii4ya<IM69
zVy?cXn&4AK1yw;uh~jUS<SBX9OEQfsdEvVcx&0BUK%~9*)(mvwzeE@q7}P+(+h_F^
zYNgtY#ks3d7+S5C@z4<k=6A3CFI9JEOLNQHu5)y9em-{5G(9$-vT&xTpPz`+hHO0@
zh(+CbY2U6p2(>JQAr_sQSZTb7`i<W&_r32AbhEMzA5D$(7I&|%uA(E$(O;icIH8%M
z!*871EY5}OQ`~roq(&5NZhq{Sy=gkZUwZBN?u#rv0VcsGyMB$qp$hng;Hu#d6=hv5
zg6>j5pE8<p*YQ<#n8DGL2HOJ!sGc0OI!ILT4B@b}1qRg8f6%a>WmhBTtLJ)|JM>rs
zjkw6q%&cB(u&(XfC@^=lmQ`VX;>upJDr=2MV9_=`WaQvbZoCPsn6Mm->5c1FV@7>z
zn$V1RM#y6;+SysKVqQR)$vmo>$+P5EtrQ`1Wz7y_>B$hLfz3hSd!+do;3TK<PlXUu
zS77$uy^FzvkCeQ;`XbD%QWBknd&z8IS<a;n4-6=j7*fMuG>#iF=LeJcOl3sk5CvSU
zcm_kKN{inVRoLxB>|^)aP@t)nF4Pv;t@zC8((p!#@SLNl37Npwkm?TvRfvl3?_MNW
zj9T{}fSc(kDEzNaA<~uh_EQD=!fJWR@lL*(a&oyi95VwargHc;z$z%>Wu+Z7b_9%z
zJrB3TdzfhR?+E{2kfTF5{!4i|X|I~yA2~T9Ss+H`Bv-OIZhxK8OksI?)rkmFb^Ab{
zn=^I)Vyxw=;CFL)I&Y;K2V`&VwYO-@W)e2qE`%;W^nUWEmTtelv*`I2&CtOUr_B(#
zSiOZx7az=R&^eiJrCuj`9VS;HAi+0Og+j!c#N51x1n_fw9sJ~9wE*<n+bq%TgO@%+
z_O^rHEhOsO=Ocx+nXkcd>A~W8*L@7=caXl|IW2Yjp&!U^vpf|PSiSGg5}lR|iA;~7
z*Ut(b+U`htd-@a#<kBsER;+RQF6(U7na?CtvV3D|$YS-gqFiU|q}Xq^d!=z7<)9xL
zDX-AEbaTF2UNQkwA?DOCh$P{x=xAP<F}&f7YlAT#LLLHJ<kI<zc`JPG_;8YL0ru*X
zz;?Al=Z0y+HnJ#wxH7Tqx2f?4FwNM9hD>)WhEmWe7BnUjk%&u-Bl|h^eH#69<IJN;
zCzE}g{*b~5V*X+Q4du@K&nW#9qB;y3;6VGZH?B)eY!Z1*L;@sI!;Ov)DvNx)u&O)r
zsl3^I@xlquhsvBqo*rnrU%yCGQ|Y#u<GuQo`V2VtV6u(Cml*p`!<q6W)0gbgGpQ?0
zRSXLFGmmIhgq4*wOGbu-r&!&bts$BmpXW_Z%SQztk#U0tpKMg{rIUNpJ-OLSMi&gw
zK<uWCZ`t)1_Wp7B5xU5`z(Db#yuARyJ`7x3y}s7b!rhjz@bLUslq|-9<B@ypNg{5G
zdIkn$FBE-88w(+IwtGRCPmx&VF|YfNTxOx@N7EQnLSJ^zjCzT&KV`~gr~stX)9B25
z7Z!OH0gm$(e>x})W`_9KmdMMIeWF(a&T?C!RXa;5)_;eaU*82{d^x6IDKCM`6(zW+
zctw}cqAHioNGTCzRR3r-i55TW1*c`eoSLBeJKl@K7MmYwqOXhZ2D<UnjN}d5RYh4n
zG}r_mx}@VqXQV59Qr{j?7O$I}@Ae%OeFB;jsi|a8(J`(9k%~)+Z@2p!9e3i2%3`qs
zOOrhKX@M`v_!-h46%TQx(_awtuetOG-pq1%*`WkEo7FQcE@nNe6Q?T~seKMAPt^BV
z)4|f-EH!vEdInh&X}=piUwJrM`2+<Q2>@i($^8e8aREl50i0WRCKb8D{BwpAEmyVH
zUUZ>cV!j&nwp<+eTK0t!y7@ff->38lF`ST48#ZpT0Ye4zXpR5gAE`}g0gsnZH$ejQ
zg%eJEMcgQ~1@k2Yua5BB<)RC@rIs~rTY}glUca2<HoSf76KG=B56+(vw5e9va<Kji
zqt)!H6DH;cw(G05P^icJ{_KCDrZhyA5P!?-$d#&xpN{$0mf$8Fu*>4`RH0(G(hV^W
zjIk)OSZ7mEstszZn}%_)NH8&F>cKu7;Y7ScbE>8gi&PVWUk;Mi)<o$m1?`EoqdHtI
zx*NC4caVr?k}R!SAOlvk?;UErV(axx|G4J0>9F=h?JQVyR?oLsi-v0IGc(2FU(fR2
z`EMP<N$>J|vH)sK5lYIrOqJ_gk(XpisYY5A2CvqP;=R1RRRybg-f2u9)yWP7n?F3{
zJ@RrA!`ei{o5$8mkzrOldud5$q1v-R+x+toj6W-ej5m_6%U?gaN={j1RiE*k`p4fg
z$^UwWFYf{w3MKR%Ug<gv(jmP>$-`wznM~C8l5)Sg+N*NSO+SaH44xE2UoMX$Qx<xN
z5qh{q2543zc%P0ppR<>@9MiO`Ib<vxthBR$y)W9$yMtt>@*Qazw$)30&gWH9*td{9
z-Al-3rWjd-<<AJGa?LW_{bFL3TP(5mJD5HXM2W;DxTM{HKcw?HXKC9u#-1O5wE^-w
z;WV<T$~(+pdQQ$TZWuM5q1k1>X{yMPM@j}D|Kj{G|B?P4cIuSCpH$WWC0J;)L55+_
z2pBbA?qqx9k%?V&Jq_qro-Nx^3<wIh*om;I`GzA1fyAGv1;I%83xiU5TOeE*L@tO-
zX2YOM<#UEgA>$2kxiso@p*q4Cl@_}RvH)vKs0bicV^oiYJe%h1fa43`<ZUD|zf}7j
zpDtSkUKGynGX7`3uG-0GiR#{-@2|)+-fI<Qne1#9p2ah&C;HDt#|zS7VG@YeFL^y<
zbQFDQN0=mZXSUGd&PYu~rQoJf*ovkX|J_@#$u(Cz6qiwaDx618ogs>EX++QM-U2$)
z$_T5-k)FV;d*GZ3tHzMt7uNVSqT0c7^2acz*QLU=uYy9BE=@Jgz*zYM#zKV;llRTA
z3P3Set?1L;HM*Kq!C>ri!O)Nlbk?o{7@V(W{2m*=O34m7_0j3{ry-2_9NNlU5*a}%
zp9|w)%feevPvu*odu9~J^EqQdLKw@l6-<B1i3&^Oj?ywB*ZvsRDs1^TnR>alSWk$N
zE;~(BfcX~;Lt>TcR8BFY^~J_ir7nA3I4{&%z38WtuG$$4`R951Ym`hO8;OA~NY8Vh
z$=?%J8sx>)^`c$7ddOx!sjq0H!143pWR65QO^9;2o*-~wAP-$Q?L)QMD81^8{YLCy
z=D1O$u=vRiOWx|Lfs~8@F)5-{en#s^uKNk@SkL!ZRW7^5y_w-3L>_B_>Obud?6Ui|
z#uVFNF150vA$h58wGw@tTKPRFgP2e~yo-{;d>Xh_k_OC*_hrgofbkfca}>=X6M?`S
zOVD;WFy-Y<c8!#j<-7a)`>Bx9V%SurE7E(G8?sC7NhkVr`%v9SjJIa8(a}|_&8xD?
zC!iNABA^+uJm(Dqg9>RsTgRsolj6FmR!No&4o{1_Ypw%s`mMhv=5KMAc0|8pD`tV`
z_Lsj5RX2LRJ4ITO@H(i(j}8pbDVOIpBw;WiF@JHBUR`eGzGz^FPj^YGwdhIrKSn_W
zlDo#Rv^&&&jc1i`2rJ*}FSDnWmRm5g?GzpCr*pGR?zc~mLel)+twmjnmXCp{bB%;_
z9PhwL?H&os8_)E<Q8I__#4gc8t5Dvge)_ath{iaBAt1=W*JlffhgDC}BW3muEGgu`
z)WJ9GtW7miTYCn-WRe(JU{VqV0)cYjPj)aiWsK|F*ScAhkc8-VsSy7wru6Tf2O>Ba
zFFZVzGk4smEDw5w$hnr1N(U=*kjSG<qz%^?i$*M^YPZ{b4P~_Wwd%)Q+|$=L@pBw6
z*06P|*2=6F^+L#XV!c-y(zv6iWE(IlaFVCQ;J&zBWx}YE7%6c3r1ff>5oj|;{8~vF
zonG#n7<@j;`p4IhM-Qu395f?USGUi{;L0ub+BD8luS*b(E!E&7e6O5~8ZJ4Fsw%aZ
zNYMT2J&)%(i_@=FA8M?UUJMQfetr-$+9zwU!=hmR(kTT61q4`JX2LU=0!%5E2v3oU
zR##EUgLa<1vLQd1=?mYbE7NlJ^sIuVH~*Fe{YOIcEyv5Glo#-qFX%3qdQ_3tJLWaI
z(m{!d2YHdO1uS3@Y%T;EF%ajj_-2Yz_j2#%tSf_J3zk=3%$Dc%G@W)lyI4piVRvF(
ztM<A=DpM~xC&c|oZT<c0*ZfK}lm1f($ICLGyX&)T`;D?JuHspb>FpeGX_Y7EuPB2Q
zot!vJHLD{wXlg|g7veJQsu3QkZdX-Xldyouhh%4aCb}Hck=tYhG@`!BRD?;NI{Yr}
zed|H)3}wPPJ~TV@_g{|Myk7uTcfU=a?W852=iszrViETD?<06tD=1Oi@$R^4)!TBt
z@X<FLwd%EXcZ(&BQ<3l&MFrAG_7Z-wB;TG&s#FKuRUo9E-Hh%*&6E|0h0>%RYYO<U
zh&|=8+Gde({2NL5Ul`|}{J9q<7FIeZ)%)be>o2PZRetahxm8_Y53{Nz1s~59>Rgs}
zo>8WpQtf(}mJoV>gm}bh(820b>$sora}+2@2Ofe8-(Yh4{Q7-`qdewYQIRB1AnI6b
zlbN(89j}<EC_N+NqzaWry2#+~HG0xYVN984MTVgwH8$Wdb_(b*5IceR(cJqv#{HQI
zFGws2%Y^ry%FZs(k1*Tgtj%I)2Q>@K#wp_;rqu32ns&<-XY}VJ(f~XwZi`GXf)pi2
zgQ`DHQUQ>@20mh^$^psfOV@}LZ=jc=oS*+c+w%t*xOhMoA6_(xfLqjtzOLNSk(;zG
zMt<I&AYL#z`#(U|KV)z<jU1+R0jp78kVxJ1%4)@xOis;E$S6<VnpE(l7?H-4OPkbK
zgk=K~c7XT*t&w(5-*~omKuU7G(IqX&y(|p8XtZn73fMk&{aFs^U)`@1REMe}i~`M1
ztk*TCH;TjV8FGh#ZzX(R@S-xm+=@<*wzN*rf*woZ#GyVKP#DGFF@XHT?ub8F^ZU=g
z;UqsPa#%Gp>Bq3M&F=4EXVtPSOI_hK%Rcz@fZ$G!X#LhkM6kVLj#)fIgOkkrC(brL
zd@qwVPs{?+lCYeMU!;Cl-?|z3aplfEsI>JWCxl->U8C7i&NH+uryRbmO$eKm_`|)A
z&~nIo-4t;}YvZdoj;(@q;a0&)nRRT?$t=@vvqptsA*+~pTh}Hu%Mq<D?CPgF4CMki
zx+~UR2Htf`{R|#06U!^9U-)Mct9i?Fm0n*k@b)|PP|H8YKz?12XQ?V&9TDyjaM?n~
z&9$ilCu<&Rm`)mZKc!Y}UmMmI`Gi;Rg4!gXIaU9H5+~Q#=+~v@GZttR^hI-Sd!6XJ
zg^`RR@Rk!RrKZd<5q7RbjW3!M&_r`qX*)*(GQVG0Q12v1^-^l!D9l;z;f&Qt%BC@v
zfO!i92^z%KLRxT7&0ouA3Xa7HH8k^jAAPoJYA|aNlRqdu21!E>q%n(9km08}W;vBY
z-t?;lJoAR^_Ae-aFAa{*=hlU$e~3JvEf=#Plz7YSD=~}8JPlS*aOXciMjNwaPG{QT
z?^7qy9O_fgxY2MoKHAn$b@p8zaO0kSy<AHm=&Nf~{+=&YLwj(2#JS6QWcQ0oUn@Xh
zCrM3>rHv7~5c{un7dq0XHYkAAECcAIE7|^B+w{Jk3(-KfZ)<Bjh1lKCc`L$kWo4J~
z=u=T3kV&aMZ}!t}QCzqC!uc=wG<_Xcxq?wM(wew-_CB*2(@&xm(le?|1svGIb!COh
z;Ip*PWjiA-lJ^s9g985f!Tcwa>1~4aMl=P@RY}CI^4Bx*s3^bk{kt%AUwLMb2UpgZ
zHE6IAHit5tTg%_DGw{vw6KW7vB{LC62Jr9HoLmkqa4xDV&icPqql1Z^u2vh2$DrYq
zG-8D#yMZv1$7?n5^SxTM=IoCf18<xj$FVD)H31>(ZV6;ig@JI}EVgp6M6}cC`=`VL
z35RFAf{t5kU1k&BOctZrI?AupP1u+=*W}b~2y|l5x6HL&T=lF7kJu++eT}-)%tqyE
zVlVIz)-<xgc<4P8|E7sI8^p2ctk(n`ZM+rs=4T`SdQN(F;JG{Bvmk@(T8=g1xNI+%
zG%VtJpc-M*pv7{?`@?D_EVQg;^G}=nZVPjap|Ax)fL?PGvH42I{sdWmA|*Z9g<1r2
zWz(L6h$oBYfr40$@WOa9b)`T-B4R%~U%y#{U>H~Uh|RCY!xN!(#JwpiB&yuh8bgpP
zn;d+*ZOXtbROAC`Yq3N1__eVwb=#S~Zf>3VJOl|j>#Vu@XRTc<z4D|!jG#7MW@<H=
zc-Z9jj<?-8ECy0H%cCV!m{tA6m(=4hVtW&0Bruo~?YXj|2K5_~!ByW7YZl|{9}g5<
zr>7c7Ot6+JKsVj%wvC64Nnc_Q5+Ht&BVLCGtvvV5Y{r8_{kjb`t(%aiF6BZKPwK*n
z*m9qs=DE@HL}H?5pM4{G%I0qgwsPtT@((_Cq2v);6P73nFAe3w_H_farqPxAe|BeH
zOuq7Icuz2sPk_3GzT|~#^HzlPz9ll`^6hSfCx4ww!<K&&Ht~TxH8m}wzEIuaXttS9
z?Jy!Exs^Kd%!oXrW=2C3x$NBrS>Q?ckt`*2j7b2m9~~g>?k;``IlO@_-!Ss(Uzwth
zinP92PGjV{oD&-DcacUS)vhb+7P}~ZkT!*P@Y_mjzX6v@i5PI5Gv3VR+3rbbF#%n?
z__)IJ#4O-X$9neTFpR*N({sASlpTAcCw4N2&;2Qk9UZt^*_Z++*sWQVD^kpwJmNbS
zEak9q6UXp;iK^0O)n-XH-fE;z_PgDh&cdnB;(@t9P_0$KaE4cFPwm4#=>-G)j$Rw-
zsSRQAQl^}-iDm?G|I3pimgecL6K~_*IuyR4S-%#z)R-yjkqr;jEfu!RoeDI!%aCi%
zbBHsr)_tuHi+Pk1?BypAoqdmuwI)9(Ck#j$Tn|BBsD_S))Y{u|Zp3)P_PC_Wwri((
zZMa-@bw`~Xi>gLki`jm<X$^jAK1f-)vA-vl0oAv(?;aQ}FBOv^$IJ_Kr%4`fd(DOu
z+oT-z_^1zB>S=qMxp^JSP3KKtI`yODlpZ|2Ty{s*HeNZ&*q2n*5LzC(*z^>hlR)56
zH(~?Hf0CB*dSI1SGphKs4<#vRE`TLJRp0CAdX^a5pXrLZ$~E&zm|g&Ah3DlYuWo{v
zHHWFeyg}zf+qNd&>QjR(?thvs1s^yqymr_ciqyyDeN`3(iTy2>vk2Tb4Tj`42KoKD
znR|Kf+aQ#EFED{C+yG|p5%g=<w(3Aqw`UOlgEDaSYLH(lMx648aLYgixwd^|BHOZA
z)Kb~Z5rGf0EiKWvZZ-QFY(aUuhff}$_Z^ap@&3<%MHa~DlN_0cInN|dRCSAm1I1|}
z%=e#8nT3<!UtBBlG1`aa#rDz})%846BK2vwxtzTN5}>v$a8`tOs;1%_Jr(Y0`Rr|!
z|HbV*6#VstW_sG{>+TR@flFaNi(o#9R(ayw6KzT56&JQsKE|uI>k|w{tPT2`sYDZw
z`Ec(hwkdut+L<bfleO>sbLq5E2+m>3s)W->`Nf*!9PZmsJyNbVo;n%4(9Sq$u#*{C
zud@ag)@!&wHTj;aG#UkRFG|hi)67ajGN4{0Qwy5;hDvoi5zI0Ms?XzhRkYNmEs(<n
zFELH~O(JNBS=4`z+{em1P?@309jQ(?Qgb9hH)*Qmkw?j8DjB+UpI3x-^zZbRpVQ@=
zs3ZwPt|!C6ANQ0}-yYPTIIlOu2SZ5Io&>YsgpO1<Mnble%k)et>Qb;6>rE`(VJW)r
zVB%j^2A@yHXYJ<6^w~UT$g<eOkkc1z-+V@V-EbZsE_GFsDy_>~HZjI*e>!s7db-AP
z6aR^iciOZzEA>R^Rt#>pK*jxKfcumDQ&FF+DPnD~7aKz0b;STXcGg^ZY;U1i-PBn@
z^8vIW>C9+vGF;b{sARjWcsJRWS+(z~j4&YL@qMpgvHb%f1kIAR+@Hqd!yI;_uDZT_
z8GUK&+R*LV1O5Qm>gYzWK(Xf&AEF|C%A_u_+c<G*ABApoi!DXDPQI5j?>v=2T8hxV
zEF+t~@i~}0L$5iYsZ7pQKg+P1c+2@EqMlaq`93)1r%gOc@{iQ!<qTg_B9qKNU2_%G
zr=_rRUp^$mw|8dcRGqRc^N^qjZ^F3{NCCB^N~-q7mcnyk88T<PSNYg{bOG{)ir=fE
z6p~YfKi-=3jNj#u_`0*z9pz&ry#40u&jKE;^zXam(wilXv*en)eujvvUePAPV34ds
zEilxPLX}*qOcd`3%U8A8#>JkTbwpPLd8|ogcOc-Gm<J3$DPn0=+X$e5vrXWMD3onR
z-x@c%4b9K)5z}Sl?Zis3nUp7{3={NU6d{;sBpBB4P|@r)^qjhP6YBG*c8!}1f2#j!
zY(-w$#t}}R=2aTL1%AJGQayLLS`{_?#BnJE8cH$a+)u0zFo?$)Kms~9S1l>!6mfH%
zDAOXB2zC%UkP4{1OTSus%Tyf|@1<!z!w%Uj33G(sL2$z_Nvwn$ehIbW+97YT-HSST
zR%f{jrU^=@=mpxltofU~h^vN?+>Gj<_r3m%r#)(v)SD3gVN?d3AJ?fdJItZm3N*0c
zqBThVmPo5HYz4L-OP^fU)9)BgwR#HG%<s9xkhXdT*75hhxM+`f^$GTElDC8x7~nGk
z^r)lpr$7MaET+aO@rFL+=oupRwb}&{Ox*f{c4JSt<Y+?`N3Dx?<z2zk_H4WTa|Nlh
zO&bP(sMN9YX&pe=i7pQUv3&ZQrW1J{A+Yz*qG!BqhP!9mZeQ7k#SndUzOCMF8wYHe
zjo+uqinqj%!!d-{`d!6!HtIpe%7{D{*5bamIptTQ1zv5%oTp%XrxNG%-Gidl@1Bgn
z)s2G-W7ws4pKsRi6*%{Qa4nw**X2oc+DWoK@bJ8cY{vZy?G@_4X(0oSoovo~g}#&O
z%v7JnMME9-$Qyjg)})`1JdenrQ_0k1oHVBqE@_ae=wfes+mY7tF`e~3A2dVLX1#o|
z#(iz%oO10<Y)9VNjS^FQ|9NtGs7xWq0jLIQZI}AEo!2lvm}7-g_UWa;cl}>S9XPl{
z`f*G6q?a2a8`5=7{_cE2BZD#{9y;i_wi5nu&+aJvk`2X!8i)}0LM-T>g&&(rgYn5`
z<s!6AsT$ty3!Cnu?-Lq{`!KmE2EgOT95hgpwx<va>8;i|AUQidO3mAD;J&=tk4}$r
z-(ZcitZ;5!YDQk?s)m$iHSbSyhc4gpl~cit=)}S{IObeCrG04PZ?-#q>fUfJ^sxu-
z&~7(Zjz;x23Kv%rZVe}VW}I`8G7R(T;pFR4)BDim{-ap^b&0cMS4aWD^M^`4v?j-e
z#of^Hf`VDN+>Ck58R7<9Ld1~8h&`o{JVO46XnVm<XM##d*oi*Rj-tyGZMFNp3*;WY
zz0uvzhhh_tDoQb4F>|Lnn~LKcV$23iVsgHNlr{4)o8IByI2p|nzW^_BEzB?tZ({=0
zPybX>jG84Q!bU@;8<XJvmR5Dhwx&DGNN;3qScHMCi&AIt1EyUOV9PiC@~%w5Ui|3W
z47*^)>uD9?172<SjeUo{i+9yWZx6eVy1fw$QPW~=QRu9C7aEC;7N-TLRefPuW73S8
zPP2%)#4sNU#=`TAAOA70^nU~>d64$z&lpOU<x6uM6>@TNr_R7!!Gz~L4?S)^bF7tF
zQl?fUR02I@5<y2>q#<M)w<U84a@tq>uIZ`b3-Pb`p8hgvvPf4j>2#p)Pw8TT^ogO_
zx_q;Fev!+vO{BtRFFJRIHmK^`knEY8Cc4;QPsnaS_>nfW^y}5ikCM*;)1VU7{wczu
zU%O-_j!{lF>!xi+zRcbnJn^_C!gAk4wr=x>WaN?*38heoC@=2_k%SvO$%UTCjJ=wD
znxNYEEU)pjuC<Ac?2=CB0>cQv)Xs+7{$WJdQAhP_GyF0_kp9N%_C%g7{;&x(#vd|v
z^xeS5H0jzXvpA1Lf@!;eQM2inSD+G(noH@f<d}eqy#uZ0U{P%E^inMpufN$d)ZBz?
z+7Ace8{XLt{Y;_Jqo75cXSKXfW8q5FU<>39J6TrsRfAQWA-#DO`?6|-JQp$Z;t)Kq
z(^yU+&ok<D#t^`@T`-+ivHqQnOcN#ryrs>!b6V36s{NxP?%yYxto+JqiM^O4y@=@Q
z38zr9U$B%*4##$>;DG0{lMd!XHtvqZ_P6dV=i)RA;x?Li(N#6XT=wq+%A<L&sE1gR
zaLa`Av;6%B*VAT(@r=9-4!puA2R}U~>s?P)&io&(m6h5ovDlP9uOoUDBDCUcG<M`f
z9Xfqw7B+9~)pV0of58A2U>v=&btZBW2(N@$xf896bP<?RJDSu5k*|~m@IpOF-wbEh
zxX3)a?9cspQA<Wwz9g$qmv<bg+pvRA+Hgb(>HFfvI5WT@ouu952`IjYIT7cYgE`G|
z_|C)IEwFUV167Gsm?F@bNH=O~+}*!2qsiREg8L)P10c_GJ~}x&%f0+cKqBowtG}@?
z9ihK>v|xA3XDraNuFm=#bH$aR3@eUqpHO_P$5R{drCx#IbqId?llISzo)Wa<v={Zp
z(rG$A8Z>nsm6|FYx_kGP9~lx<$(wIPKAQ9tOq}sttuXNxHld=flatT!+I}gUFhj3V
zVzbBC1z3O;T*`~Z>K!_)y|O1@y6$3jOA@jj?X03h^NaN|JEBZBsev$rrsuOqa6tXV
zdT{&I(7cpfQiQs&$zagARWH1wbz<zf{yX9I23FV4x0$ekEMGQ%=K4_*nP`d)hKj$O
z$vS6XeZKmd^HiVezJL2NXi1@LZ4I{{x00I1;X(2$JnBQ!MugY%*kG%nxEI<*WGgUS
zi_={Dkw@6M>fJ&69O|osgsUNAat;@s?ZD);c>A&}*<0XCJix52Ma~;gn`v7Rg(}aZ
zE;NC|9x~@oXm8oDvC8#OQD;sqyYBX5C2T%_V!w^z0xwRcBVgQNvliSN91o8N)g0#7
z)SNCxnfWQtLtEmOlX39&=ZFQk_Q}2$wOu*9+P>k#`-sGgIaSo3rHiS6IR#&v;jBa6
z2+|nay-8e>Z0$>}i%#(H6*-4`BkKl}*N3KEu6214UKDj~ofUi1j)2NyqvBMS2pxiI
zim4;5vRH9MtD}B^@Dii*tS&KLXxY>Ope=)!-LdUKBnu{<rQ0!#889fblR14Ux7t?J
z80qd=KJf>J1J9MZ<wU@I2dk-ZZ?g)5%;F6*XC@xwrQz9#P|xdPw{H=Ks8N}*>Ny95
z6*W#g(}u;iLuN~kVW+G8{8OREC4B~QCr%?91a{8y;;>%fxaQJM8C-`FSa9v=daKto
zsSoSeHlrsE279YHLacAf%&FV={wx#Z7ec-oo0K%5e<)orwDhi)5*AozZg+t5zFk|)
zN7k^04}Pw(+0agC2Vh*~dAC+7^P#Ce7XPl3oo;MJT@X9v40{krBhb<@(ap<yv6FV#
zupjXzVrzIN-Ne2?wg;AVw}e=|x%5Lb`S>7!x@VYj*MX>9SE|u|CCP)xt}tr(!6H+;
ze_$GaiX}!sV55N_7|Nn3vB%nfR~Eq!%+cMD2Jn{<FY;*D$Mlwz(BAO^EoKttg?1W?
zcgtlr=(-k}S$thuhwp&?wVJ|xLh^lRyELvhjzrD2D1BFG?o)G`A|^!IViM{nLx2p$
z6-x->?nAXJ?y4q{HmUHd9ICe>&#<kcn;56dRm`P}Zc3M$6fQii>JL;3$8n)dTntmX
zMP&K!>=V~NetCX5;@j0?&E0$=bsR)>H+n+Vd^j{R#M_>n4i@w@onbW7aQ_w=Tu@A8
zm*V^8TYN!%nE6d*!gro?R{Z!v^;qEsC)fO|#ZG<OmiF8;Jau;;%};Ae@z=LHpNdAQ
zg(q%Jnj*?0t`&ToGY;ukNQghT@VJ>A_0cv(9#a`uhhJ!Im9DIewpgh0u5>$HoP_0r
z1Fma#Gdha{q=gUd@4aJ3T~Rxx*8L=Lks9V$;IB`znOMaqf;3L6`-5z9A*&|oVb|;Q
zlZ?_yLW3cZ;v-pYoAI=JMBQxnZB{3}p7)KLH6}mu%|7gqycp;iKU^prn2E>b{l-uA
z4vtEpAMts(v-|u3ORZKsha<tf?%*K3z9%1MHoqJ?V11p!-F^<^@aW?Tx<}G?HF{g_
z)k+Lp{~5H3ej26B;naZ{YH1C3!ytN3FA9@|mP*^o5xf@v4E(un{OBK$n%8e4h^@Z;
z2v`|gW#Sol8+dBIA7P}kMIpG1K_lI=br~uDe#GsX`G=*P;wUDobRP2nVI-{HP2x8J
z!zRgHGsCOf{k4a5b0J^e<&~pfr`wMEvppKCfR$9!+0c`|dGEx7vKpvuu=!mtkg!Jf
zeF9)=XC0GD|Bd}19fwxyw0m1_8Q^Esw>QjpUBF^sEpU1i;LsL4nDTNo%ZGSZ5Z1qV
zR=z^`%z6z!>NPzvNk?BIn}<Ttd^B&jf-BES@pcc*&l-V6wwgN5)G@eIi7i_Vo9MgE
zs=N;^&W@SSKYV%qA<OjTTU3=Ke|43bDpM*$rrMMzwn+CUOUBhC*fTC#ibTz!UZrY#
zq!dd#?JVPG&7ZXKiut0ZoV=&WIY4AjVIQ-@EF^*B@*aJHex-bXuT33ba%MiF^myq%
zHh^e{MHWD+b2@&OOSf+;Xcw4RXziRYljy^2TIR)VqxbQOK;hiA#zu8FRL#dZf3_y=
zthEhliD$>lH9Vy4Dsb~)%)1+Ma8zUFOr$-j0~Pb;Diw3CakOEkd@W!^&#~+o1Ymtr
zB(?perSd0U6w_Lv@l;|MJC@p5bY<Cqg{nroPdYYJrk$_aT+;*t(E#ZmViSx=<yhkA
z(_4<lk^A%U$bW7MrO%a=l&E>y$tq;jwG0p>VxAyIy(6ZI8mcVo6D<4%UnUNc?)6Eh
zFBClBZBD&{TMg(odrm$3y&-7cVj^EQ;tD|8CbctxhvaONN@;Uu#rE=&fS~P@NdV(8
zNjDQ>6zp<;+on|EU=mw%>IBQZ^b~EfSz*#g12>B2x0n%4sqxhU%dii_FVD(x*zMJ#
zc>r?zJi}IG0nAIHa=cmLr}KdC*5g7vfLnvAEmL=gK9POn;t_Y82-keow^73X9*qC`
zk%fl&*+T)Acl$B3^&+vIM)sR_?f%retp_b6AyQbihfc8poFE?o9?toP@2g|ayb-@|
zSN9roeu(F4V}TEfZ?qci^Jme}y`K9jg<|b~zdxYpi+rEaR#G6N9LZ?+Io~~UL+Bsg
z6ZYm);&5`$R4I^bN|%LqPOa?P&V$MU9SU3)E|p7nK+g281Zq~L^csDuGfYdmjUPCJ
z&+LYxwywn+5Fqr&g&xHDmV9j_ZV)3Z69_O|Kjfx;KXq{28!1oG_StI==lrFc1*h*O
zioM?T77UX6s$|2*gaellaffy}LY<O6%CFB{&1r)77nG_vl((9N69zX9N7#>&EL|sy
z(y3LM6j;&r=bOLRSjUhj3b1$L&z{dW6`{;kcl6xxSu`#c@L`v0G45*{4?5G@(zx@r
zqF=*+EV}YCP5`ZxoM{UE$=-`T<Tl%9EJYjVw$$o^yn{pmzE`}E2`U!dU+$*9FQvMj
z1}D+18K03d@sQ;VRij(bCJG6S4{Wdmw8ND7e~r<fyII_rpXH7i85v_=PZso1Uo=1%
zw^9m#;mjIhP)l%qP$n9@=8uxfNj0GJs7yjv0yH~cc@;wnGz03jG<V-DO^%6=rU8X;
z6BHQi@wVD&ySr@a@a~t{$NW&TD@7<Xf2zDOBHYs2az73Cx)7l}t%Q^JQ+)yrA&QW9
zoh5^Oo3OU6hfhef5oj0)N;|o*Y&`z{v2OrjW9nBq-T;$W!N5{)alV*HU0Q(&+MRKk
z4(CsKi)A{o>wP7m_*Yk1hwC``a4f8Q8|Vmc2b6vU(c>3jG}R0ytWR4Fx81!EVw9ed
zKr!bgS<I?&51ln{)bu|qTOEe)Ub)yv9Dln7-|zjXWq#lMwB$P=BDEf846m=&zBR;s
z$wt&udTpsfAZU`0U1S!G%32ksdRXAvrfr@>GsKV}z=b{kWJBge0@b)l&i+IW{i~tb
z+632x??u9dLbyzQE32wnsis+Vpsnlfv_@Yc3TY7@b{A9k5Bv?hbLp9q_(b7MT0ws9
zI2|U(QryG@fEo#EVY6!NF+6Ck2p*l4&;>F+fIpgrd=KmR*N1QN%2gxT+`Mbe)5tfb
zv_T%0<fQ=wF)hj$e1J~i%_325UpeH2(NjJ!pGl`qLJhk--UZq?ooCooGv%Rw!+u#^
zPZ!|#Ptx$^xh3V(f)}beaNXMGoiSWEVajyHVj%0+xy#DjHFnYT9C&J+1NhzHqaU6H
zjGOSu9>nV7Nv{y6BDWpCh|D(6cAk_;{>jGN>BcGFnuSsEg%{U4_?5*ExgyZ8RH*@x
z|B=OQSPoJj{bs<cmlAp6($d2#lDW8`flLsp!3VoyE9=g8JNjnG%b#4JdH{m1rdm+E
zg^-})&gm7-Y^G@POGAs;Gb>+Wu9c&k8g2xhauJNHl%M|ll@(o;DF3Br|E+T?=pT*H
z{QUgHVZ~E>P~cg{YP4}d#ynhDw25A$2-4(v1x@@4*`#9Yx7!SHRvO|~b;j36-4yO?
zlZ{GQ%d+!)sH|EVS$gV=F2g($DYp9#o8zH%V|*aN+@@l`mn3?mcgOWL>Km^FqFK2{
z5%A|*GL*SV?5}t&jwgFe*hSho8@jizOhueh(TI1TD#8!`&|+u5vjYY(qcbNyiP;Iu
z`34bcLH>?!TO3;AK-7<^?DcaMeiySZNW@+r@7LQX>pHatv+2z{G*JItQej8@79<Qd
zZkwJADk)FqnTQmB!FI*QB@%vz$K`tu(Cdr+nInSbWT^{CZsV~D2*zkht-!x75#J(_
z9o3x&mAnc(%WtY5jjnd8JalvxvByuYD4W=lbY-;?jE6c2;}_lT^1y#QJ-9%INB-XZ
zA)qMO&ZqgEsa@gW9Vy=6d~jXtvpOqN6lFE$IF8Mbj3#_fUV=QMPL~pvz+clz)K#*H
z0`Aa>3{xr6FjKv5+%R3AXN1SC1^uW*V<H)iEd??e$`rd(UwAyllJ&sNfLEa6W=7O4
zIaPGPeRBbbm_;_U#4gb7>$>W0*fOIuciE0=M%TkXkF<j4%RFpc+=TLl{b&pEk3m=Q
zsf!8`{A()i4!^oHrhb7-_7HF|C!GMPy4WqEqW;3i)8=2D0l%EzJ)c#-ZK+yi^tOW8
zs6=?>Ba8}If&0!lO@N7Q6m`OFl4W9a2E(r(fQT<e{?8)cV1I5j9N6rjP%Lm2WWlTM
zfW!az-&Wq>W#0b*m1-30QpHZJl#kjsD+2Q+!R~R@Y)_u7sa)=WJ?s;9(caA)r&$cl
z%rSVusFnSFt!IQ^*O@yK4I6hrK5bMxqcPK+2-)vZl<RUT*lj$<aD#H7>~fu#7hPPf
z!&>?pw}Nln!j%pCSu_55N^?^`E$~B9{uL6!&1~654{rj-LF@?Ki{tO>JLT#Q;k^p|
z=l@ya!T!gfr)V{KTDd?a-9ls}D0J!RTe-b$|Jwi@Vf+gTktX%V<0kn<Kb}{3@oyYd
zl{4_$Kd7Rx;ppj$Vp8=nH0l_cSf5conkN`+_^_=Z`An5~4+A^-pPvef_4rgwf-o-3
zzFy{OKJ)Ka{%hvfhJBfQ7ayNY?R~!7p7349{vWL0A2#rhD*}Y*rF8#S3rkwqJpm;p
zGNv+_TKv=nD*x-AXa2Bz{$)2jvgzV~w=93n;KKChX$XJ?diH#ZzYhJ@v{3%B#onGZ
z#C7h=bsmc|`TuHY^4M@{iqk@K4Df&BJsTQ6=n-+}xk$+s{jUyz!oxbm5|%xs1cUZ^
zbW+s+tDz;W-zgNEk+E6C8P^P`rK&`rWy%gkE-gVqoXSS}W$CV_zBuDBPEYb5XzpFw
z^O<seT5-_Mi*1K|cvAza$CFbcaDzm<X(TGnQ8?l>zx9P*9>#}{ALEy9{X433E&N{p
zIUk*)-m&*L5%4IS9ZV@`@qkJKhTlb7G5UFq9MIsAC~9c;=IZ?8NGiU3TX315Umy*m
zDQuO0#LB_0W^0rT4szIS=d%l&tGMVrl-|7OF&%jQqV~~tvp7EJ=|Ykga4Ws*y)3|-
z%F9<ihBjDCkmD&DaPHvou0Esjcoo-2vo556?5G$qm?H!GkX4M3=OJmLAGDme*P*i;
zi%OVQ7FAVu^T$rXK$l5=RaKr0jG>$t?jb*{Q2{KHl?wS*HcH}Jc;K~I<Oigd)bQqB
zw%t&pk_rk#D60D5q#KtDj4efRAylRjq)Rz4+?w;)oAK4r5QspQ4y6H&MebY|e}}kg
zcr$B`1*dLuMFmP*V1y#FqyK|U`r$vCQMS!;r<W+S)wpGtGF#fZO?p15Efk+NAqr78
zVJfuyvs!h~C51j&#+VmV#g^{&$@FHKrK!L#g2;I$u_#y06Aq2?lb<xdUO&{?(MVp<
zM@clI8V^myI~-a~ngk{wzLw*!C`IwAS$bv-b1@vw$@e!W`e~((0JWG2c2<H1X+Hb;
z_T5gJ^|q~SGcqZ<Z(Q5inN;NBT)WyzO?H?FKEe>#W@@Fh$<4tPyWJ5%<K~($1q#E{
z$!}`V{ImAS=7CI(5aZOcD|Q>b?@K38C$7EH=(=H!tslz#(f}=GiHK|M^F46Sug1-2
z#J(}tv54XP@_VjfmU72m-!zr#T)Ye4s0(v_L`wNOi}&M(X;cmgQxFsH2R}3*nx)XD
z6NSXG9&mtV3OLX`u9YtdJN?e8IfjNhp}aYcTpy*vg}-JMn<&Jsm{9iSP!fY7EVNi?
z6L}ZwgIGhMZ}#4Dape-LaTUaBtMXR<zwODNI!yrwZiK542m~7UofaX+qZ>`hoW&h`
zkU7&0u$zRdQuh1>(Q8$)u!1*6`CD31{)L&jj*UOG>uS9(B@7Cgys3*flN^bkJRqR8
z0F2LA-im&)FH|mmW090@+Tv({f8%q@Zj|P*Mabiwuag^u^YumWC<eYJiLYzI)qad)
zXqV2FGAa|Lj|SBu;9?qPqhk;D9mCd!jM1)U6&pM7&-+g)8jt1&V^ZU3f)CZoZiv#6
z+_$h|W%$CByW921>QT}u9P!E%m~9+3H=ivGL`6Gpnud3)G~CtOm|7wxQtRrRH9Dcc
z61MbaHci(uk;a<#Zh`uMCw-HJDrbX))?)H&tXp+Tg8C(wQ|L8cTU3>p=h_2%dsQ=w
z<u$;GR)WPdC9#-yM!%`lKX+jv1(-8DU93JhfG$a;f)%DXxs#|e5ZX`)T{|6d-Lm47
zO;Ua1&bvjiH<267#=eSw8=p`bYYN4|X6n#>IazvrxU56~Fx;ub`$6yw?zr=rh4_({
z#ViE~Uqp+0Bx<(p&BL1#M$$0SBw&1YU-`JQnpCvM_1tO<mV<B^iHxVs{QEY-dX<Di
zNpzIgpb#mW^9~zHu8Ay?=9y`9U*_0z1`aqBuhOXv#HSgCzc#DZveHvPc<n3+idc!M
zg`~7^VnyShlItX}+fVOIfU${=M^#t+_&L#S7SSx<eWe925?(()1x-S-Uyd7VYF5p-
z70aqea+H%#4fZNNc2I4mn_Zp2)%_mQ**vH1Ke~mOl&hy%QY8b&I=@nqh1%D(l!>)W
zLHK7GRoUL5GRZ}gPhS}bbRC5zB&4)QN-!lv3qRPPqk_9w?dMm&9}kv?4y*8ZjiXv2
z&$GJQem}zJ^U0iPdVACIt&(0#$Zg?`Miq@i3locsoXl?bf<iT3DR*CXktL_!xM>h{
zlPhD+p+%c0c*DlLc-LuIyUPBRdtT%$#8+<vJA!GfC`zx-#;Iv(1tc9l-bXE6bKT`s
ze|%Lx?u2d><iKYs>?fIy$~x3}G7@B7)iK9CJUiOekR_w;J%0WC*yxTP;cxC9%$WE=
zsaH7_Ow7!r+q)5ZbSY8Z2QqO?f36t+=`U)4pDa|qbom9MVv}ljTIGKPk6iq~X`d{U
zq)NqaonaToG|nI_UeNI9IdGI71j_HEoW)l;0~1k|w{cTXYo@TTI*fjWB%m*ATRGz<
zrjwY1kYlle(DBtOOmWT)IsNQ=M>`TW!0VT~9-Q2I%8O6}6^&+S^-98fG!b5(4Qx!d
zJG<G8@Zr<;bZ$E;@WKvo2dao8n_zwx2qAejP>)sG#%fB3Fo{}fkLC>*`qL9tZroS|
ztWgaj>}q&l%%YV!XSev{_|!!3d7s?>czw#%wDrW46dEREtzKPiWL;qf<<{>l%YvG(
zi~6ej39KtLxNz$;@<}9L>W6FQgc|P*Dkq++bdPx$eb#E}668X=s`xSW=r`=D{^>V_
zsN1E*@TdwFULR)I&ID)`L%83AF2JOq%_q8EcUQ$8$-M(C1S)M~9!Y7Q&>A5bi?127
z(;x(W1_7^GT+{26QV#RbjkTkbY=Y4P!GhGIIghK8t5><8C`Jz`f!fxvQ-{m&(5F?_
z4ziY<eqCoBN%!sJ4Aa)q0;lVFin~wi2d!Nu-_=NgsFTDNB2Sg+ben?N#7HeFI~~!s
z>MRndcWdN_=ErC;@Mu7e>gO>;=@Z|%`YT3eHJdK)8qvcN;rYNEVKC{+IYX2=>!}g*
zijMh5pE>LL54Xd%X2F`y73Ox#gNAMB`qMuH1b8pkk}QXSW!I+#dqXOkx%v+Q(MX+V
zIKp<`SC&1UDer$7RFSK;{y-qnr2EjVKI<>4AarPN(S#d6TVXPJ>#%T{RVp3K)Xa_P
zm4Dcv-T!hE2WJIJqN1ii6eg$9z@IQysw+2i=I-nYS+#kQh;qbwlDHAyn~8hQPr|&+
zuHy~2?6*vx$_)G6_@4$v;R5kL-4mt0cr}QD#ADd-9WgZq=ggK#`S*{hLunGx8x9T*
z6gMvY5D`@!9V!+y!cUQ<(Kdt7ITR)z!(Yx^c3(s`0<An!o%3v8bN8mI7_MZNi{{+F
zWS3h@dcSp=7)fuVydB4KOstkD9Qoi{0(1OB3)<dq9f8bz)dMvts(QM6f!|7t<zWuY
zvcMAUZ?Nu<-4AInOdUw?CN55hS0UGuk}`@Y4}gV(39HQ%hov?2HXeh=&bi!WJn`1N
zmQ8KOyWPkCsMMfBfA}+JmL5&YHP;Nx>BQyST#jCx#Fi2vfN3RCr$U0K+y99yFKPen
z*AxPNb5eG0L-dJ_#iM_}6B+%#<Ga?s#djkR0DN=gbnO2Db^jw$J4O2#xYY7!a)K<h
z3PGg*w=?qk@iiDZq_6i{eVMS5*B=M&pSC}*=&cmj^pB@u2dCs7@2RPoJd`9<`~Qvi
z&!DR8$K9{aL=_oC{t2HvI(__zFql}YY%C@IzglGeM?B{2qdrvhe>DU>HY_T#n5fE9
z{lD>^_V&>&Z>>M<$E7Jn|5JZGb_g=8L#D6KcJm9(O<EP=r2b!e4pOUJ60T%o!ZUZ7
zi+fngK#v+<#tl(W-$V&)M8v!w9E!>IWCxZ&Y(<DIQ{2vG62s1=C6cF$&wkK{>i`lx
zZPq_(`Y+aT+ao4?p6r=<!K@a1wmbWA{P@a`>^C2V4;GU9|1E3``xs0FW&_NE1cO40
zobjc6JK{|rc7G(Z-?nQHawJ}a^-R~LKP<K-ThDT}*L_ztI-UyTmck7?t--b^^5&t=
z_pmgNnSJN7kfV5pt%fWO0T*T0*d}N)QY}tZ?KQYlTFlTH#a5XorPFBdx;4W>_VEi_
z8P&~$fs)v^N>|+CTNWO2c$|nr1<^rA%&^5DIk#Z{Gw(N_3z>Bnw?AZ-rX;lwYne5p
zh4YtkpY6Jt%ugAqEmiDlAcPIdo-mH!f2$9NCIPva%XU+gH@YfB|FGMB3UDLzJ{Azj
zM3J)DmDR-8F}Pbq2r9ct`#s*kxhFBb7-_@1AF`M8z8{v_tJ#%IeonW-*Kh4Q>6RRE
zgly(2`hwJr68dx#gvIJzcwr7*(@T<b^-@h*VOb64c6mKRG;K8%8l!@;xIj=>!QmCC
zcyPt-+uNHlmq%D*GL^T*rRiK+RLouTiUeQ3rLLaygM2g&wbj<6+tGs_YCO}W`f<Z)
zZ@Dz@;ebgty|;LFP^{Z*02XgnEo$4J9=r18=Zqy?r!%|I3*XAS(*m_0l9CqP#64U1
zaB<G-Fs$q=zFsEqBR7ws;Gy*`7pD3o|Klo+-o01b(4D8Vth#Pdn=CytN=hP;CY?HZ
z2Awa9w(`filyBw$qgn4Am&9I>w6m8kr6#HpV-2X>w=_yT^+TP;*-D#s8ykM>$z7L5
z^#>PI08yi)-|1q0;CZk6@wGZKg**CkQDa)kj$BX#C8IM@<H?o<yF|J0%Nr;twi?aC
zY~pje$0|YziqK!R0K(@+FW$q*Y;V5NDfPR;R*@2hksaX?0%qG&Sd_ODR8l1j@A#s*
z0RV*~U`!a>?xnZZ$97$9DboOK&8i$3TVD%+Oq!~-N_XqLYQIYijXUIcC+w5^@tr2S
zyWDr8CP!pmwG$>?O$I!)6f&#XG9DHSx!py%Hj?W1G{X!4hLnaA_1e3=B(II?*x@8|
z_?K3csd|KUs?*@|?tL>St_$>UnL@ttEq7qiE0sh0VuBo9M}U^lN$ekUUxoBPwCE55
zAn0m%Gfx`fqn6gQRtvhx)F9~p!`^v+!?}L_KS2;ZA&4##N%RuEMF^rN$S9-tI=az`
zFcCF+Cq(bPchN)C(R&}AA%@|5=bZC-o@brUIsd_TEz9x)W9Gj1b?@ui@7I2B_c5I*
z9)(4!kU^cM?zy^ECB0!HLetUR`(cGwWr_L3B83WYjSMWNju{sOYu9oQU2`(!>NpZm
zNy^7qIB@lwJc_{*CXU&n8ezSv7n8r%DorsGXO=JmB=m9CKX5s<vp5Bi$8jp2x5<ls
zDe>~r5}giZG}66gO@qnwy2)}ubiq4@qByK$4a=PJiNXL&r;KQ*FMfRY*&$IW4P|bL
zmr)c@k$(a^n0#l?yC%?GH!~TFE!KRSj=bmed1UTlI+K2c4ofc0Pwkr-bsp9Fegb(`
zw%(|RGw~~TPvVNcZ0rOZU&`w#H*h=7pX{8<aX03}2IF>~JB?&WFgcX(WA!~$(DN0q
zvZS`nwLo2*xFZ|^-R<Py^5i>9NNY;Qq9l4&KV5>pX`f3*IURJ(u%)7M>LyyzX1xR9
zQ~s^pwH?`Q^*E8<@62vwW&hG&qlT$5l|ZddHx!05gy0x>AD4J!G?^I&FZrzs?X}fl
zG`Eh!cAbcAIc4{>3<%UCFJo@3ndq;o<n-QRB3g-Tn7CAXtRllf%Dr?0noBF&^7uxi
zDqvL!r}YR>+!xd_zORb@q*~4og*m|okIgk(mA{37g?pmNBiJT{%(SL!CMX`sZYjiF
z>ZdcVnv+|$+OcBdI7e0@O>w%PQs(+xSl2h9zIzGP>U#<~EKWL({d~@2P>S)p7~mM#
za=N7+$v#FA)B74NA}5p7TNbe~wURmuz5K||#-^_^I~?A3jZo91mQ3T)%FNc%U6~J>
z0BOuOJ7y4tiV+i~=bxW{uefnlT0d>EMVg*QwRu)&II$@XS-?}uy!0+q7Yn*zSdh1W
zZG!Ac?5Xl-E-<1UkEsfK#-CmM3WKd*CF|qYR$*-rMeJq>Fyhup`XXin9ov`pemFOU
zdoa$Hd$uh7;KdLPcHJM*6t)l*l^4J94yMV3%o0u1PW%{mL8%~{JXBXH@|JH4$UZ$-
zoKZZGTHu{%#K`%ayO3TC*;iPXcnS%!Af=<{*72EM`uZ{7FSmgEmP_+B5~F^jPI<Jz
zGHCAC>EqlU0uCQ8FinM%ljUfcfBlj7TB_D@yxzwz*pLK31m$oSvfOE}euv#GrWRL-
z6VFP2D&1Dqb&YyY*CTPX!1fU65dBI1?UJC!Xg`MwO%X#p2(Dn*OAs$MDP>QVTMgR&
zAmAI3M|6lamE~sa<RqjUMlUA3mV{H)BO5cY-49FFpnR}&7LIdAl)wn}eSPQROToj=
zncgQ)bNVvST!EOxfzhY7?5Hl92+)t$X#6{Ak^*@SqaIwE{E|A9c=0<@PZzFMi1l>i
zY3JWAUEn}q-ZgeCn5Tx7*;H{p6F$!A9uj~UYyBBd!8%*b{o2igV$8gDqy-Occ<Nt!
z*Us$TAwx(*8nqDUY_=vpxU;p4CoB7_L|9T)hp1?}i@k{d({|sq#I;kC+qLR^bOMm^
zmm7uUJF0t&l~t*-N^Iv_18~?eFR>k~lz4*iP~oS@x2{Xvjxpk&mYQfKn&tN4{2yuw
zJN$RnT@qScU;_PazHHGwi>VKuv$N^XZfJEg+=Y}D3k$?JjC~HJ=s#ZJiH3hC7_*3Y
zA7GF*hn*wwTc~b+6SlAMFa{DhNud<Sg`VLbj!9PDvq6c|Wt^+83ZuyACJzl(N0+g@
z>t=N>MG4L&EN7RzI7V8w@k+!K^4PeR^xRg=qH@PB4aU89SLkFuvYw^{m0$c(%o3A5
zx-+dnpKLM2O5?}9KE&JDN6V?gr$?4s(2hM;y5!*J(4Ot7D$+ITW4PyM8N9iL$!qeV
zoR-)En$WO5{e~l@TVX9wWrM17^aO;AdbmSt5HPd1UhZa=gupv}C}tYCo4pr!YxS1s
zpwAe0wOmhF>*@EwjXfvZ$)C0fDM01#$C{8u&&DX|hO4Cm;ZzphXSx&if#d~w+Y(Wh
z5v8@FM3Y8O(OoN>sT_rtG-K8uLgZn5dcsRhU1Xl%P6KEF4s-XS1)8lWtiz=JBK$>)
zthof&0(5Z+<(@)yRpQ}jd}%oMVUwstYk}l_y24OB>OOmse&Y--=ZZlU%`c039Fa9q
zo#w5fR^OCu9KHIcOM$dGtsqMY>pXa^FXCu3FAeJdw!t-(`|R-}g{g!G#kS3k7v~O~
zeuypsRMeeicRmg=*CTS_p`2uj$gT4L<O2Tf^Lsj5M`6f?yGL~;D^FDO&)~@_dyjm7
zJdcwNQX%%fFvT13HH71QYaD`QaAO&}YhJ#l##hz<nLyCY#Sv6}?>MmULzVQYQz~)E
z$umVak(QTfP|SVX3S^7rpgQztT+%fjWGoy-;D?ZU1ebvG;hd`&u4+vQc`tac7MRq9
z$KQ?keF*dSeRO-1O5N1dl*bq~o>0%0Af~n8yUp=jSFO2}vWU?vY2oMU4=TGjl0$5i
zO7p{RrN?yR;p$8;F`M1n$63I0u9HY-<%3xn`UUwlcW++8TJ+fI9#Gc8N*IdIBCZ!a
zgWVlilSOx8o+nkf9AB&WCc}JV@U#2~p?<^T_*?B(zdC-b)aah95vJzcvlXUjk~1LD
zDf^}#<Xibtc&qb9%Zf~DYoh!scczl+YIkos1!DYzmyk)o$dA}zs{N$xFshs<HP&A&
zL#3aMWs8h<eqc>kActnQ7vd22>+g&!8266B<Ua1BxbB4C@i;lET!^e0!P&cQr7C5=
z-bqL@Nl+&60Sf(an^=IRgx|4mT1Tr>4!3j6iT(#4@ykmHe6ZK(W|{G>z~>RVrM;uA
z^sQw63>Bk(47-}2GMo95E_vcyZ2`CoGIh(Z?6cc{ea2am7#9qH9fG~51ifmHy?pb&
zx`dyhFNd~Ef|AH(CPAm{PE|a*$mu3)bx7UR>c;LQMb1urdHF#yp4W{%UArK>;7tzq
zFWM?KeD^oaqBd<+k@+V-pT_027Z-BROjnh$6Buu@@+$gL<;mbt-j7gS<-nk$xwM&3
z&-EOPOHNBSA_&v5oBa8${&<=jOD_tZU;DU;$MBo9y+eB^#=??#p-dZ45H=STs(p_M
zs#@ybjQXBU-^~o&{;J<5$Ok4|tId<WP3Na8y!%Zp7PUV$NZE|jDlkj=gv;fTwmq_4
z+ElWoFg@vU2q=aM!UzBvL6}fpy&~e(h$cR@%Qs06eTzf4jI)qm*MW^-GR6I$H_HO%
zRI4!xZXl7Vih!CDS4yDVtgO#2VAfVgc+o5~nsH15Lk#w`vhjNp2X(kB@O!8(-=?wT
zQvM3*P*{^{#%A;zz-jP3`a-+r!MERTA9D0q+rDoaV5Ab21x?my>a{LOa<+F{_qrWO
z6w$`FL)ADY1#glp7C%Z}H00j!cxW;uD@=+Z?{qKd2z<F5KfD|@KN(M0<T3JdK=Oj9
z>rEu7N}eQ81^vucy67wg$)sdikXn<;CKZaur<C~YSusIF-K=6wOZ=hR7)*4bZd~sg
zFbLG@h=pGgBB1U;@jP7M(4@K!_wafXhcGP;Ed%M6%f<P%Wqf`L$~pVefOvY`NzDif
zAzZG8m4?Q5$XPvo(d%#L#(Ss2&Ji0h2cn?-C&G4Z#$JbQbY?s24|<#<Ib}J&Jaqx%
zpA7N`A|&9*b{FxwZW0P!9mvl~KITSLh(eq+5?K9m_#(Na6JnoWVVzT;Dy!6otcG>n
z%@2n(=2jbrxZ!nc4I9z}6wb}xn<+5=s2;p@yelY{_r6r`36liP7w}!9XY<OYB2x5Z
zIxp-DLe({W`>6tV31`PpKT*rW>jKDUXI4nNS8ZX>`rD*#hd##TdURDRAX4`*sC)%@
zs3$@%50v;GEeBbJiPJzi<r0!$LPvF4AK`d&!^=t!*q6RiRW9ti+a}fj3V+M_bk2rB
zQR5(ik$z}I;3Hv}&!>SQbzc|460f=hsTRb9-|Z|s0v%wZRaWb<$AGnMcmLIO{c*jC
z|7}C}BklUj3Cj&;=+ju!%1NOd@+NeLQg_&}5<hV&7sGV&XqgwZkl2`vPSf>g^2CJ4
zDr%lyAuJrq(9`)&le&JbOGoe{yTAaiKrehNfXoisynMHLI`B3YaY#AV+?rx~>&UZN
zWkL%J#A_C&(6>+p7`4|`Y{3z!o+K{UN?^9jIJFeCV;X7e^UEobdytWShK%_5kYG0#
zn}yPB+4dGED=4w#1*O<=?70>!hB}6;dP2PIt1>8|SipwsrK?&gY&zuq>n1`6(r}!`
z5a(2qQw_@I!&~>+cXJl31trRcX#T*20`C0Ag!rt_Psed+Dfh;oGgMeqvC>Z&i`BcG
z&b{{Irc^5-0fT=+xF<;I!l8$aN@1?$TYoKL6cd3z?%~P@csL;k?P11ehkJTqxCV&5
z(i(!B$q5|N*gIoIhBh6r=iT{?oz}NrqPg(es39oqh&QE*l=yVb7WgNbx3Ni}{)_<3
zTOCkqbJJ2tdw44tW?J+h&}m%H_saAmx*N)E+`iLxbO*5ycIz<f7QDkLgauXHtyCh_
zg_#C>+-xBgIH?6UNrH68W}%=&dg|+TwGE)CncyI(I23Str<bA?F%w8FN_*spt!7OE
zHuev3!Qsnk<Glx$#X409T^_*@g)O3ezFgH9?)7w<*S@eGW=Jng-<G2kCa*J*Omf?y
zL)D)P?6A|1vFcHPy*t>=p{=gSCry+(U*YOt6@$lZ_!01yIg2Y;isbEcAqy!e^)T8q
zY&XN0i=gAsMhaJ?2V7CtUBvLvhGvF*^SK^)-hR|<L;Mzk_mNi)-9A@}Sf*aIrb<CH
zRi(kF?=HEqdMaGv#)`gs19#qK!uQbpl&Z_yLBySHA_NN{&jL7q3C;~QD*pN6<lbUK
z36PQ7`GV>aE)eI};rz_7>Mwt-RUlKpoo}YOx)eM(bR<S}toYo9Lz}S56pS7_qMd*q
znBNIHEI#Wmz^U)IQt_m4CnYE>8)~|XpR$^%k%=$48ss+qjfZ#dF7Yn^68msRcDC6(
zE;WpOfv&^Ch(gF)AxxReZpzOKS51ms^82g=CFhkjsC{o5doHr)J_Ej8$00c_<b}gn
z(4FdgT-gNJ(Gf`h$0AvCerAw_&g131cb?u`JpnYKYFt}wje{kIBueL8iMkgZCX!l*
zpF5mi&sDX(mf#f8g?t*I&p5hutNzg7Gcx+{r^!0O0Id26NlyMU4jrb1m1kD7{YjXB
z5kD4i0hATn1GsU5vb>Q&ZW7*7Zp)p%GIYOGIVRIz>3pX$@bW(z#4e&esisn0*8K>>
zgBG%lUI!nJ<b9WUy4yH<`0`d~HleLc0h1_4n;nGD)rZeD_-L*(U|!eU1u&FQ@#UJ;
z%4uwItbyc#hPXYed9Zao7c?Js)KpfBE!kp1>Mr%t>4XT>F730tQ#dR_8W=AvcQnqo
zlBpwtX?CaEFZf1`y(C-jJx~7(%V(K&?u))xAP`DjuhkGYiVa}^wGgpanueN()t~Ly
zei9E{TKSMXKH!XcNEgmUyJLWC5xMy)p(GA(E%W;1*0(ZBjQpy<#B>jku~u}2{RTFz
zLSOnl#TI3kxMXj5D^^6D^x;(hQ3V4hs=|$+Y<;?zn-U8Ot+tIboh;MQ%1mocBPOYH
zCbq`W0Zs91ix{wJXQ*kf@+p56PhsU1#kOU|BshxSsxoV0bB9+R3J=j237l^S@i!{b
zFPu%pGYxN5P4gb0JH14^;{4g2yXjvgq)@`Ri-&{wXJlmxZ&Tcc>x5QH0_%=XPZ|n$
z_?TPh2Cj0ssC_opg4IFA8Tmu+rhonJ{>kqR(TAg%@P~EbuGaC^P5I4^Um=%abtNdU
z<BVe`%0-i!anYn%K+;!8Q%tQq&xZ|7XbX#fk-ja|TC7|xt$)-~Cslvczd}{1s;3Ek
zFLugBNQ@m+THV^dWI$+I2dQ5h3GQABMSiny^|PkL*snjtAYLe`EA^w8EN!5BfT5SU
zOy!BdS6i#d62@z~bwthit9xsFs%)u2ylx0q#{GCkh@2T`#rR=#0B|By$VAl-;lSOo
z#K7JZ+h=<H6|YiQmzpkLn?Da7r(j`qPJx*>@F_FuyXXT;EfGlWM2bv*C=YqUw>QaJ
z|3Yx4tVeRwLkDe6;-jKi2>Ew&bL_lA8qN(jd)q`7<Lz|z@2S<-wJo!=*;ySj-$|3P
zcj~#rDcc;nl<gn#p2^$zlM81N2n+8<4FX+4-hxnft=^{E@8n-v`Mku3)du}2wC#=j
zLBH@SlkTcUj}w-kOCp-P#CL}?k!b>xHSSgb*`%Uh`TG6T0`9GjA4qnCwEDZ9N^5w{
zS^*>20`j<AgA5<nJCmK8+S41BC5Nb-cMmKYk~=VgL<t-TjLOpR7Op!Fo!XZJ&2%4$
znk-}AlEJ!c^H1i$8W3fpU&#3&7D{RXvlLb$*b7`eQeC!UicfJ%olq+CA#5VG=Pi7l
z$k!gKiXyhX1Z2cP^+(j3GaaM^w%97q6yJ1#9&pp%UZBI}dfdjlof|wbZk;RVsyfVb
z+GAl^$36ENuGT3<H>uDW0~_|yF+$DVy{zWZ$LN$2x04?!-R;4+UrbCFq&bTn!euP^
zPO;OEn<<V<wmIhzn<_{OksZ*)>C3;^bks8gfgXM|yyH89F+(i8Iwza{0Zy=x^T-(v
zdjl=@IvrT-eu+<v3B_TkJ5Iz=-jl+G9=5+Qyu7tz6a*X1nlOOXUUPa0gJy-*!g{HD
zc-0KrBtYWvKnH{>;n3|?2fQN=TC<yGdARx*vfvc_u^baU(ON^)e+VlRw}?=XCSMD@
z{uPyZ-rgA(%)V2-8W`47=TI-+C7uD8^y}=GZsrqm%<JwMoZ#4IRb!Um94>T{t!WOE
zf=dtKQuN=BOf`2`X=DUn60U>tdpJXt6DmG#o79mrwmlos$t^c3YQG@L5~th0XMiQ!
za6ar2{76huIi*nZ1*I`-$=7*jk61pVhHeZBYsz=Kb>U6~2po@GajCQnzjztVSxfxX
z4-u9pbqhL}_rr-1=D*h{2BxwbEhs}IC%aa?)W+8r6SI^cvQr~nLHQda7Sg&4R()?Y
zXONwLm00}Mk$;Z}jiupjRC_WNr_|EkNTXVs*H`a;>Xq2<d}i(g$b&5XnG+higGoWt
zh)#uSQfI{uRN!IEcYF>k=-Bd1g!PljeQC6&8W}y#R-yMgmF@|t8pDx)RA0k2+05uc
zm?ff2=a22GG_@3X&m3_E`TO!r1vm6~at0pTFBmq1yke<1No^M;sa{QKE>Xota_%OP
zvg>PlKa2iTgJp2X0#Gn6wrVzu2Tpr;Y#VzM;i42m*IShbFD{w%oArIJc1<hwtGvof
z-d4-^%g<ZSPQ5C_zWwTF7zg=u(@tGDGi`SgLS^?ch#<`*$ByxM4?-bF&9|1~sp)CF
z+ZGeFC<d8Y^8aWMCOHMOzPKY>)l+g;cg8GvF(D*eKuJ?}r$-`wfI;`^9pZaX1R-ad
zL{6QUT^bx2erWGM%(BW%K-{ERco)HJaCDA2A%dxI)p7dO1+`=>7TR&#ZcE?3pjkVc
zfiGG>lDTb1g!gN+pMn|xbNh!apdi&=bQGA}A3rYWpC4`iUDnV4?rm%etl2cfi^E9@
z0dU>zR|$A3EZzxi4TdHBujV;~WUtCphXnId!A@RJd1-H{;g!XGAguc;bJ?cA6z2!y
z63s9|Va(WVbWAwH2gV+yd2pSzt#0NkcqY|$Sh!iM-c_iS;cP;-oTu1rET5S2(M;EL
z&xmMdZTE_4Ck3K?)dPx=CAh4l4RxbjVO`?jm9SHWRM&DC6`#y?9RmwCVkAi5iodN6
zmnn)+^Vy9~YWTf@_#T6)u2XGFyb*H9j=N3ni{_ivN5)uPm|}t+!}DccOTm`LXPPN6
z&5yG_uYY{MbF5c_rV0W<G1}zT`EF^VuV%}<Mob*G1punJTjZXLq%YeeyXi(}%4_5+
zAz8xQ2>pt{Bj)cf?ooaMGiuW-s*{fgJHXFOO9}qqngxP5YmC0^R*q{rlyDq|p5Pf@
zQtST^uuhcZXVZ>2!9)*cduoaRcW%b58Z*3S<tib^m|O%-fuGR5gU5wublZYDe7^A|
zeGUGaMrs9;c_vq1B-**e?g)0cxS5lH;{ssG@l>38v$I?HOkCZ?nm{(?l3ty;7+e?o
z5pb<0T>NmM8Q0MG_T(3QV?rs+99!)yWoo3WPHvd7SQfa#NFEs|oYwvl_PoOa(kLEZ
zm>yXD_J!8M7&j&TlHY#xW=sNtz3Jt>ChxLBs&X6puIgt+;%iQQ+w5brrEi&E0Xdd%
zVIJ+K5-*~cM1B%uO-WNW$&|xvY;^^nvEwp%1k{|WxCh8m+9W8s%eVMKEpA3k@tRh5
z;<MtZq&P}$A9j4_BW|*nfTnu9)akr4x#0B*o`q7^r_4O41Dd^WyMs5Ss<^u*d<>84
zx=ntchTo{SmYp!pxMR(O8z>M1OVIsnRXT$3vjvjY=609xz%T`V-zmPHSipvxJznQe
zwQh|>?l~J9o3H8mbKlo*>M2z0?4*SDKdP<wwG(^3D>S4~IfYhyVl*+0r+#K6_~MkL
zX}w#ClWs8T0a(BCXvc3GqKP%$+CpqMc_<@p^K}@AiPIwlU17?#*MbL7F{Td{<>rTc
zo02|xjfXpRH=1;wSReBP#Rp#$^XDVCVa>!lpGbl`C^jc!b~>8u8&B@|QZ)tHuZFvr
zEU{y=s;jn;H!KOyEsfNo+x2q<=3_U+h%P6-dS;qZ2~E6QmjD&P-%MT5#0_)8ZfZjm
z#D{deRVy~li@;YGS1#D-@Em<rI_k~Q+r&u=Ei0pj10`WbI{`Hd0JagAv06yASungv
z#4*1IrBx7V8|XV5*6c6(9DeB6S=~uRz4Cm3HCG_LRRuZ*zT}v^_Tu0W;~xM8IC<*M
z+J3ILGw7eZpQ?vW@LA@MBT=Bf6C1!S&LlRWXi6YY9HLOwQg+;Qbj{x}C2`pMN^<dg
zl`}P1)ONADhq(bcaR0q>h3Qdxt)ydHBt{mvs3M_-+Fn<3y5xj0iA~R}ynm&DQw~JE
z8TI5I`o0)_k*MChElo{dUHoy}!D56t_;@4iX}axf)hWUD-0H1FL6k1!t=Zy#VIn;n
zeldw-&oW(<l`oPezTnO~c&I+0py&(f41z|KrlFz56dFYjh~uiC7_exnwk0!za0fQ~
z1FEE5+}54?R)884--uTUPv@HSc_-Yj;}uWC(@9l){OcD`Q>77s%g9dgE9`ZokM3yt
zKId5SzWfPYZT@-Z8Ue4OmV4*%^l4c!YkKOt2XO*y;$MKkz%RrHQg~DMbI?P%kZR(F
zeh1)x#9Jg4wwP20Ag&bEBg(ucSDD%7AJ8+Ki+XqHw1iZj*I8U9Sm6awHyIdwgyrt7
zG8yqIf8CWHeh^yBWz|J}znC-5qsjIo&NYSeZLcDypnM1)ZBxa#^ZWwJNC>iOD+^k5
zNhKaJdGit2I&$LNv;e2NQ-xEnGRMH}v{29II_5tovps(v@pFuL@k`YH$s1270Kjj@
zi-gR~u(9-lTB|r2jK?I>x2$cKBK)!VAKX4`S9*P&uE9xXbCad-_MPh0A%osqnk$UW
z^w-&Q(I^1je}4$Q%H_^z`5%56FgyfU4%?ST^On{DY{C7iAm=<*N9Gx#zTR^cvp9nJ
z=(lD(GxHkEF7_k&Xv;o}R+AX5%QrIdKOGZ6_xDGrnqyGzUEPqn?vnKNho0eUv;dwk
zJ;}_`e%~%>s-fEyjdFQc<>kY`_BX6$=;A@EaPQ|wf9k6L3rxIxhr6V(UVm}N-?VWQ
zgO@AnH_yMr;BOM{Qr#a=FlLtg2ADjfMEWC*Pr+<3fzFZxq`j8mQRcMjYZs+eY1Xf%
zBL0?XM%~RjKR<u8%2G|M!8t!BR>QkNMq`$?f=#cfPDZoh{y)-uUBA(h|A7ReE=gyu
z3y8(nRJVQC{P0Fph<v~;m;1AL4%hU7d-&N3aJz~h{ImU^+!pf<G90rn2J#15d%|g%
zLT<wMNLMDln!8NaqKQQMpXa7AYlgKJRjDs{In_1YEPVQupkrHIUB&h+GD60OGB~6r
z+M@BGr6+B)_CRv9z{Ogt#U_z}>NN6f_033uvG6~EI&I7hztO`#dnF@gUrv<hid-yT
z9;~OjEqu-+3mI7t;S{I1n)h79<Z+q|mDAg;1A0v<*MV6pK}A|>N2H&gqu9Z0xbzS?
znHIRdC!cz#Gy<Ppm9(I+g;^=7e>*q*c`N!X#Ov_-vZ51cF!##}kAt*cXvgLI;~EYW
z*L)7HtPRVo_H3YfdwDvoBYv^ADmNWQ#TON=EdF{Os^W8D8gqIe@$wpd;Iw``z`^Z!
zNdHeC<mKL@-<1g#E5M(6y>eJQw%%z&{aL2z07m`Q=fbrDR?g^ZYq)$wTJzc`Ce%Q2
z?Hrj<iD9Rx<#=7W!RK^|y3wni6@eW5%$D(SGUKHg_f6ezfLXEQDj~dYce>J~cK$q4
zYJ9fP{bYm3Y>?93=+GEwrEPh!z2JGkbmL~A-#6GF^;Y7BO)A}&|J`ePC6UvgosT6X
zRJw13^spt)@`}J(*VUcgXY(qDa7~wA+dcHAQ$IHc)djYECivj}YpvH&dd;2#U3W>V
zT6*{v@%+E6pNZ^8jaR+UDovlcKJc}RTpt(+6E5*eP!=#~8!717uQ2+KXB@gcS06Ix
zvblFpE5H?aVC1n;*RCpy<S#?2MNdxEx^LmOH10Pf0~46u&s0M=b5k6X)(V#`<{Mlp
z*5h>g#`6I_To(JaEmO>am0Qf>K^fE9YJ@~ZCgt^(XXhexzN`5NW$oDMd(Fy~$*$G0
z?Q>6c?jO2A{Iy@T)yoM_k|c3^TY)n>evK4pu<F9{5|1+dpDOuZ%K-kt>YeI|+{(*t
zKy+u<)loKnxphzo7_{*{W()3`rUfO5bvLF;_@+^{URx6|i5xT)Cfd2)c%S!vxN{OV
zvQ{;w91k~as=L;<oGePDIrPOz+U5GR+c3L-+<`B(e(iZMf}S@Cp%YW2Iu+TkTV0<3
z=|?GWw5X208~c_^HA5ooy8Bp`);qN6_&DT)N6ov4uVQC&1K%Xwpl6CnFW&C|TD0x9
zuSAqICcUr^8rhvTPkSGrnM0KvmkhmfTAzJGXxCWaU{yvnx!_@4XJD0`ZvKs7SUD5v
z{yDFz@nS=#_k7Wp;z(JF7L&7Ht~=tUlXCUiZMK+sSWSf}?q=RKMDzw+-#$DcQ*$5G
z$V6!E>fSl217TY9xm0>=wcK&XOhRFr=YJnz|A!JA7yn;sT%d%JEaaEw2~OHeE}A7`
zLybOJ9^VB~W3nV6r`7T1vxbfF!Ndn)_=h!jkJDZWmAv?NiJ7xkZ81G6Eph#eiN~cs
zrk8QnwzioKBo!H3sSa1P8vPdhM!&kCi_)vXZ4q2i>0~lL;}Vr4%-D8<fao$697w{p
zv=!=)moU%q1sQi67k!TBYZv>s7JUU;eJ}UmxR|{}rTJgzeGEpIBx7dFzE1Z@P_CC{
zoU^Sjr`m1x<8X2oZN9ME)l?hu$Dvd2(<IGrtBscPZh6FVWiwk->;X(VWE{G_1*H5J
zmOnH6LvL0i@MK<qsHd;4U3=7fWa((xwh2ckL`vqmQC(`o2{l6JyOo0tYP{w)yXLmD
zHN0s$A>`~8uN@Ws3FlJ{`Tal+?!6l@d>?H^CHm>=b`S<)52N$d=1}T7aMOzIDUUnl
zNXfvKl08f%&B_8@D^tJgWZcEX6;svaE#uXtW_E{NLZ}2|7pjH0<0Dz7u%{qbWmjot
zN_9KbL0Cnuhm0W$a3kp%;CkNK+$?;Mkq$+K)CI042@Uo`EFciZxBd8mH7JuybZz3B
zWb28nsPMA+z)J7zw@iE+!T;5#wS72_v?{E&C4<KX+(4CHRF3QL3#FIlkr_s(Ygfd|
zw#&dpa>pGSSp9{4c5&Y#z&{@Rj7weDe);?Hn2JRIdBZJ<l_OYWwi>UkU+(m`VA4B5
zJpasF&&ak3ediPr(Se`m|Ke-0U@<`Fb1~f|f7(O!=Heo(YOXUokxJ8SD9<AFl~3!J
z?#XTW%AQ}fTpfx>Q03{<e6?IE%zj8KnmHO6M^Rim-Ay?eN%ZiBQb4%{z+n8%Nhag9
zfpppDaXQk|{}oNdYfVS!yUJ(zRany)H}tj0R{U<pBLA$NdH;o7r#dh6wpJ+}^uFOt
z7T+hW#8BD9o)es-60Z}N0;6>Avo9s6^-dreXuz$kD7n8)^XSe(5l*puN@5*nqu=|>
znbl!LwCh(VoKYq74X-QOL~K(%($_ZtY5(10Nw<!fUOLk8eN9$^ZVtt#sluie)3P)K
z>Rd7%_L>>kuc|O}ELsZn15N(9Sp(>kqf^gsXn8mA;TV}^^ne~e8s`4e`?yaQ#aHdL
z)`CM9vptrZXbC#m_`&yD;_xR!-`fDn9Gs5Jjjm|rxWdwg4(NQ{DA;lSyiLlAtzQ7P
zJCPfq<u&I)W7zynui2wd?0g<V@Kn=emg=iG`jk{is}%z#su0gsoH3mDR$@SCGZivf
z*deUY32VKlrHS6FU5vu#sO#OTwQqj~IDn{X6)l(?+I3KYCJ(V!$;k231#0Im`wAD$
zb~Maf^jo~@c^C1eVEwH_f@(vpORo}hyUT&*lMr1<-}fgYD6nbEuMV#IUr`F{8#)kP
z{AOd1RZpgcFcbe;%9fh*rOt@nl<CTK6rzONvV{M*fBS&6mw>pScELlf{ykXrW|~oD
zAdo`$5ip=5*RqvZ0;*3KzCOmlgy8`Dr~b)|NfNn{*L4G%((cmQZ=(!-);IWLR+R-c
z(rB*Ao>p5ma<Tl@t<|d;+b%7CB)#LKEG}jsBA1f&yT|fuZGAn_CCk9#7zPYYFlIaM
z0c}E{&r_ZIpC2!w&kN60zod8%xo-^k4vUF=6D|yHWb=An`t6(M`(hUT_yPTwNmLBw
z;UFa}s4crr%^)SFb*A{_{{@LvTmKK2POaai9j0q}M)^mFN=6CkAAPgNl?NspFFxm`
zM@N%R*8)B)ER^Cvvtk#W4!e$GdjWg*^Jipca(96P0xs+OqO!)=nnM$LS3iOGZybW>
zT!x#??zvsj@t@WM2ioeZCko^u5&6$o$v)zu?tfDgWd7~N@n2sy_koS|gU~mxU$Y7X
z8x)Nz-3m(c+;35%;<GXljVe<n|5HHyufO}#i9%O>E1j7)r;Ph=FZ?*Y4Zw`QSzKJT
zeFp!nV{u%#H{idw(_y6lX>s)UJ047xw_^ay_^%$@zq-cKaeuzlNY{@37YrOQA9)FM
z+}gbOtoTol?w1(I;9G?1$b7zh{C~JQz{dhQGhe7qw991u|2OdWE5N5>@Yk`);Co3`
z8$syf-*Anv97CcpEup$gnUsyym$A_)TYeYn$AvyMwiUe<;QK&tFmwn$<oYH@-R8t(
z6m1@hR@qbdt6O?%>Tj>38>U4COo=podDC*N(ws11(yG9WK%Y%3F-P2hQM>g{N(Jhx
zF4Zg+jA)|i(r(0j%mcfEn&RQ2lVhrWJ<t8ez@GoLqYHuJi^nG^%IZ13@-3)2iG%u8
zs*8)++Q+P{C+VXpH&8KatCZ3M<M-Zh&N$NS9Mn52s{(f)!JXa!EZ@44zxGVy`WRoa
z0iPM{(fXdDig`L&xvZRa$lWVVyN09ti9#32^1ib9h6T3C81)Awh{pl~J?X`I=$56q
zXw$`JxA||vPoj}mcS1}Cr|tq9>wcvI;|kVAGX$L@d=K=bF-cp)C(~AELR_C(6Qlvl
z2%0n9v^5#zJQzT`>2t#MomzkakT15%<Q*g{fX`C$*zf5hIdT=p;wkTg;#^j+lU*zF
zGoGV{25jc1gxi88b>a~mKFYO((t3c-QA~Zl+N}~*QBnOM;Rz~>rQ)&n)06MAZG1x@
z^Gn+TZdP%sV0v8*G`L82({tti)3~uGxrLlh-s{+xR8_qYIzGf)|7DEoYj)FPrNy7c
zrl-7*7-f8npY>;d2tT9$X-0$7NpgSr<^oeOzCgs|2=o!A`^j{&^kiv7*M(b}_qEH#
z?#aP7x6*ybi?+(O-ILPjm6iJsFMA$a&OPIF6kG@@(y8S*o^6aSp~$SLo^Yz%Wv94=
zB31;7KK5a#lmcg~H}dkIpPMyHK_FtlU7c9FSgV9Ik8tnh=H?;-UTG=zcn~|T<Bt(v
zkQx%Mj(<fDpT5^Ol=#BKN=9<nS@ZhkyN<UdJhsU=59mUCB++bnMLVDI3x=PVYx)LH
z))*ekAWk^6z(t)qh2c<%N(<q-9RiUa6m3OoC{PH-rg2LnN?u;gY2CG`_&5P`1Q(%^
zP+!=3;b*oQF9~aEecf5sl6qa&MHkQdvx1YgD&Eq_R%Vq_Rp%G9EHt~9%RA}8HByw;
z>a_eEjKn5y2ov;lAE2?t&YG4u7f5oXG)(TY^6E`D^*nu-V~aU^cI^b8*yk?=VK=6K
zV&jLn*y*l%#m)>n+^iUFjQ;pey0;3U)`<(LX8o}d;g<Z#hhs95d)EtQqcOpl#y$P}
z?nx?BP=ID1l?uef#q~Qp)qi|(L1;QxO79VEG~>4IhXHo%R=@pMGj!g241YRx96E2y
zJF8??yVa}y6~^gVsj(_)JW}G9E1nlen<E>7yQ`4pj#j3N{T4LUh0~zy@pP{t#<>Bt
z>x_f7`||Xq=}s4?=~U$9w;pm`n|E6^y0h<(FNY8Melni-)3=7j(6`XhC3;L|JK<a)
zVQzzqVQ}5Yi@p~PbSGbFT(_=sn$YL-x_X`tk&0ue1={OxHs$W_-tokuYChNd?1?Y-
z)tGupC0bbZy-^ia79)ya<X-tD(ebK4r|GP%NB_mn>p(OGFnLbh71B{60%7G8Klf8k
zy;Kyx*?K+g04sjfmmq&WM6J@R@9V`}+IsrQdG{wr)J8unpdi{sMh5dC5<Pn_X9+>*
zxnG{;^=rS9$Fzgu_~>$2;UI0kx$o<xA*vd(DARU50<(*gkoC2xgI+3V`uCm>oFB-I
zF^3H@HttoVdR_D>m`P|SK24v}Z@IYAxL7^^;s|ZUWKq92DUpS&<U)hJ`(nv~rbeN!
zihqWlu=Jmy$Le=}1psS?hK>yhugBWeytC)axUrDSR}yAzk{Acc^esM}SNly`hS@w#
z_sV<UrEb31Ap(Y{0ph!u&D{5kkn-v`tH(~Ht2E)?$r=himaj7RL$Z33AGM&bDH8d;
z<EA5W0t%HuHw0s}>-8uvN`%GgyM&bBolS{FSSw2N8y@^ua6pH%oH{uu@i$||ZA%Vk
z5*g}T#qz!jx5NU8Bw%7(*O#CLMT_RMs`V4t`h@8*)Op_mhbTc)DUBJ<-3FrpBI?SH
z8Gfqa$|1p_x#2K+^cPX+LD)u1=j4NKs%=AW_y*z3%G{RkubaESGFtf{lhP%PDAD@8
zoPkHMo<e;M&8L|G2o%nfj+yq~Vf=MadN`I#OV#XAdp2f2el+iwhJ-&ie?V&@K>lZE
z^F`X}>^;<!ir70N42^hN@x|j^s@rl{#n!<S$7T0inTmy?F-#EogMl}>x-5j_l#a*;
zo6@5lt~|WFgM?NA*dA9%x4xKsUT3Q1>Wv?yIUJ|dhmbc4D$%^kBHH4Y$2i63*cV5+
zi+AWAyImi!B#N20q`2%?SC}c~Ck6$0Pzm%4=)I31qBFCz*!SJCEY2$5&BT5I@@~E2
zd4KIP8OyU>YRPj|{Kf2MhI*ffwE5MQZ%M11{Djj^ml{t0>BGu(qG7UFr)%#ISI4u0
zLfiV7KghoNB7P(Sh?roGFd%`y-MQ<SwDT!n{+dq#ThF<{oonvAjnp)gM{sS)yC`AE
zHo+%x2FIRvs>;$>X!8TYbUCwi{lkf}LtLQrn)OI#{<hSwFaTt%X7Rn{8au6ssNW6>
zSuce6MES=rK1y~w2;KccGAW^pCP<V*I-Tl*BtqWnC!|C^DQcCrp5>y=L|y>Ye|b=m
zWc&9!J+QuQBXT7egAmCkl~m3!0C?X(TBx7s`-=4M8r!^VV(ogQ;F2~L`DC}r1qjXg
z?<gEvPwMr}K1Q59TP_-hshd78Z+C9U^(%_Fk7HorIy@JoO8ova-lAb9_Rwl;@GJ3;
z6NT{JQPTm_VsjR~Ow{xVI&XD2o^iO9@eVssqRQ*x^8xf@n6#-wY;aYX6UyBCZqPag
zkx<=L+PBuT?D`XO8NHzTncM5wci`2F6Z<1GoQiSM!#HyXSm^e`?guuFIJ%vM0J{x;
z!1^0ro~+?W+ncG5LyW5(qrd3)XM^TgW+89|JiMgYg8RZZj}kFm$=S8pbZqMbZCY(1
zmigVo#kD&?nPaT6BjG`*Pk9-U@FJt$)CC2D$K!rJ=GBZcSNp#09R&>`P=`tIGt$j)
z1)TU4hxeVGf9A}B#FyF6eSp@kiFv+XGP#D=-PF_4>viijFw?=hyBizF9DMf~$;fNC
z=@jeQ=hPO}`79z!1hAS1l_<fUS%D(^K8ijUE-8ZvLb3}!-et}^Q_5i)yrwzV-GR<s
zm+5^I@cD<&vGw?%CmtuZ#1Eyk`U*67P7^)DByn)OZ&nYE&l=Nv?`)<$8r~ti@?%2D
z*O>dSmZ1)reZPNxlqllnZy*upR~vY^&>+7aK-79A%zsQydBNFy%)gy0unaq$m(6`$
z5<6L}lVp^&-YGfpgGzCkijK^l309+1Um+)cy=LuxnHmv5R7ggVlP-1`cVp>0Vj1Y}
zUhmjr3!2$tu?^^-Q_96Pq>W3q^X^qt2)suGk-wLT94_+-Y68@b9fe*PNzBF$oI}X)
zn-f5+&IWC(e%x+k^j>%p65>+7v43L-?pW(`HUd!xZZAa{Jw;yMrIrFlz8ltEHAC~$
zDiOwX_+Zguwh3=#SZXbYR_6A;5qbe9o%*1QLf;)kv_C7m?|b;LP`etUD_qCo^g9Tl
zs^5jkU1{-+ZB6e|#oNrNWXUKT*j~=0n<eM@^oE|$8V=1Z4S!4S^7AzmR(~B=#`D%2
zz}J9ubrekVHLZlR<tm)U*?_+OWT9Qg2tGx+=ksWH1}J=nJkLXeD-7!Wp~J8eUE%&*
zdZJ2=_fsX>)!Geb&aISq)SINXt<ncl3{cHk?d%WGvuWd}S}k7La~_url{6Rx?>AFi
z0Q+R4FjqGuuTHM7h`he&eldOBt=T(PiZEH5bGzg|U1}6nI5Ac9J^CDdwxWO`x0u9F
zL?b1>!Tk>><L`@sz=M%-a`xq}eZkg(f1c~wa+p;608gI@`9u-#rmF3!tSI#{<}2`X
zj)hO|4ZZvr1P}SY?QCk_TN1-6Wxi@g@Aq^w7)LnRf)KN&ANj2NYhCwnlX1ofni+Ko
z4G?@7dJ4GNR$Z^k9E;#M+Kn~0Yg`v;zTIR_m`8+|S}%IU#l;PLs94qwicC#?a?pyd
z3Z)f!D}H@Sy`63CIla_x9`Od-TBpX>v&18JnKg{-dfovM+iiQ*;eUgqf4^L-AmPbi
zhj;IN30uuuZrjSrib01k>P?Wac%EVrtjrD=*63E`h2}lbHmK2;Mx<Z+kcaq`w5-Vo
zyt@YYt?p5M7XQ&tn$Ebt0r2m_d2GI5l6cMaQ{Iz!TEOztSgvTj%M<L9J{Fu(TfRfr
zg<1zK#>NMUKkK1&%F{ZeUdUPS^O?z4^Q;Vy@ts4`#SeOeZk)IGcTOS&s1O+r&l5cw
z`iZC|0B=?nUN&G(g~jISKxud+T;E4pS@fD~b>wnVgg%iavsx;F<`Z$_S>w!n9L2cL
zh)J-k_*BInIihf{>hj*1d7y2@<bIKA@PRBFJT`-yReLrwi6QNIegjc*iD7|&sZ5kh
z8d5&1oCskq9?Np|(SK*IQsu>j*i~<(<5fBAjj~-$;=9n-qxbGll)ie+eJv-A0~xvI
z7K(E{+=wuh7;$>?u%d1)?6oq;C+E+0;l~j#>rHz>*U3`XOsw&-)KNC0O^Kvy(E>Qr
z=@Sj#lNh<=4N*7*+;#T5*^vG+Id`_(Y0CD^;x{SL$UWqT-dRKN;V3^_Z+N~Qf1BD}
zHyZo+?hpIs2<p0Y7w*+33h~oYDYIp$NXw(B?437NSq9CCTo5M6vRdws7Y*qr2c$n5
zbj}x@noEQ<u9+#V_YG#+MGm|lwIZlk_hxItO<dMPXvoUc9!zRx+}Fdvz1VqUdhXEq
z3E6oVn2)$|D)l<=EFEn@%V=SCalHj>Uyr3j(z6z<p|kFzN3a2+S=;C4*N6lQEk$7z
z7F|C_^DhEplTNA^{L;qclfy<M!xQlxqa8a=eGiLUKUUka31cDM0eEUMuHKru>q%0I
z;h>F}r0`T#hOI_VWCo8dxT&H}bCxHdraYxqvO;=n{yUX%XVJ9N4=N5OiR*^Zgphpr
zAxS$t$%s(1v!FRV7B^Mo0o5=+WPyRUY5V%mu(5(^YF@5?Lb^4f>ib>7(#y9<O4&+y
zvQozmdHgAQlmx(!=zUJJHA`_oBEPMM>u2U;Ig{8%hH!kRxn?rMK3tQtP1Q~2N~EJ{
z`G;mtp|hMbF5lx2i!#<aH%DgzqJzsy-rG;i`^9&romY;i!(2EfOMJ`*h-Sj+E_1bb
zIW-84Aq618NhhkCP5tfx;VmdNMTpN)g|a$MFBv~G==D%pOUzdNeI@d7bA7>;g|P)+
z?Tr#!5`^@+^F-&1KPiYEMiPq*?Iwd9QRv?C@s;;xe=q1DI-agxJ*{C?|J}PP(H!k^
zW$d}n&5*WY^UvO^f!pc}0zUAYbG>QhT%<R8n)SF;Ej&sf$d^P-R}dGU--z*u-4nu5
zdj*NiuQluhCvt5VSL)ptR|xU03t(!izCJF5#Ao5qurV!o$seCi&AKEpV3>5!uhsIb
z*3S2EOClNRmh;W^zAy`WlZ2$UeucOh-~H*Wz!ziq<p`LY8BY!2&<E2(6eLEs9S`L^
z_Od0rr3f6SN#ch4wNr}>m#BGnyf5}c;EG62Vo$m5>tp|_aijvn*rvV@XZ$wCiDp%c
zYA*YN(_-}d!Jown5|`6XjT?BPNxME4{z-nNGU8`l_>Lc_^7P!78F{~tZ8*i=J;=kM
z^N|@6Mr&5qd7H@uO@h9-sNOgudE<TF<AC(><ees9Ji422HGLg^hu_CPw_G(g9W|0*
zu%nD|kVl6zZZyDHPl;~1)f`OMY1RORfYp@n^(I1~nZ@(PWF2!8FqI}?ITkLX-r?`k
zz{QS9OjaJ0i?hghzTlE7bR~uqY+kAG1@%&WlM2N2k^rND?xD|jfy2jSi9_F0?WJKT
z@`U^Y4hUi&md-(I^AMm|S;kzHXHhov9&f}>niz{{n|gko>%x6Njk4Af@xLRnHB{qb
zk80Dl{-}ojSh6+ak^-KvZlyyp?0|Z`g@Z#lV(Hy8kVU*$w4na{y>lg@@!pR41H41D
zU+sQrE1FT?_oPy5(PpDa=z~ib$^D7p_xCsv(k}L4eI<Wxpn}s_IkarN7ro93?%~rj
zRGg>3SBCR{s#Z`2Y5hgA%8C2ObaZq$>RYPlvdZ&_wp!Uy?5~7P)CIVom19Alx06&2
zq{+&^eH*MLJ!wrA@*bP~P1lDMD8uI`U263G-Gquo#|GMWTkK48&)wJCrLb~tdE}-}
zJA=eM6@T*UO-h>nT0IOR*0V47$eh07K<{!N+3h{rKg{|3^d<Qm15U9<)U!&4KhJd`
z92`QVdz_NOzfAA${83Oqo36UCfsMZK=GjnFd<#&*pXn9}!iv2|PEpI|5T0JMpgA<l
zpml$Q7U9~SF#ffyco%*yP0J)e<zFmXGTbw3e194nNGClL61okIC@;1mU7q?;qY2`)
z5_E*1sv|PHlUtVdk#C-CZ#{|;@As_(9wUWpHOipG;Iy$4*D_>xqf2#TVG);>kq|w2
zotc$=;Y?w}<$IxVZAt1H%6cdshu-J?QuCb%r%=Y+l$Il45K__G@WOO=M1Bcc6J^&_
z6#Z3-XHD@G9Q-;?diLojmrTe1wH1F5wi@{(HZE^>Q1*9)wL0wOPtEvv-Ilp`FSK}_
z`dhcce*3Jj(CS$d7Rbwv8(=LMbX%o-(A1Q|!^Wi~TjBf6AVDB5DMSD5P9StABo{m$
zm|VoLN;WDl|K5<45`2NdYx5~IzPgYtIY_`OxC-#@)^Tl`g%YaOc*U~?^Wd|LO~ivO
zfvA{#VxEb9B8SsTAPH;|71&HY5T61SnoK<gdVC^@u8o^o9lV;{n=W)OkKzzUdj(J9
zPWa{Gq@C%H*XB`QVdSXnK^@F6wMgFgSuJMM*INJa0#L}!sA8b~5MJp3Y$ZnLCy2_+
zYLGpRVHy%mSi*IXi+D1Lk>^OxrYqO%0`RIin{XFPNb!_LP9d$$bw+U^@Rt!!h9>q)
zt_&->9L4MUmELPN?ZpowK7(YT0v%9PH)}+a1#}+lzDK(t6^i3E<^8QNUE|reB%iKP
zw^h?r0@^4>^UO_owu;9yqLM|VvAk~|CPe%pfG`OAYp+W_&;`@|DK)5q?k+9gA2W+G
z{a8>4es(SqeQOxjHA9<bu37jZ&ZYK#p?|$xn-W8>Q`?4p_O$UIuB-kH$_y4oh4Fy<
zVDr~!5`WaeUkcuiH&=#o<V3ziKW;l=EO*sydR#+1^Z326)0dad7zkwH@NW-8x-EJ9
z!8W<ynIJC!D@thc4o8$8&cnARe<xSuSo~vR)cbyL;udxO%|)}&B%{A~FiPr@R*OC1
z@Z!J+whLl6EhqW=OZ=sw`J>)sL;)t5d`dGltVQIuwbKo-IhRX~iFf4q{{RmB3A?9b
zu{_KxP*Cz>5oKHAt^XH0T|iT~g)w3GT==5v`uN9YDNweGi0QnfRrNo<zTD?1Z5EWv
zQM!8fS8*yHZ~N;1Dm;HG5`TU_9A;82#x5{Zq8<R!IGeurNi;#z6#(aYZsLxdo;uf`
z_=5U&g-+IsoJwQ)tmW6Q8%ra;IsK!o1^9R_rN3cl7M@tJh3{n-*%Z$?Bc$Ge!H<3<
z3&bKy#D~?($B1;^05zz!jaj;=*S?%zqBIIkws_Cwvt-;WY^Fc&kOi3jt1S#8#>9?f
zY+M`*VzTr%#6pDyw8q{e0~B%7=4+OD5>Nr1I&MBH|2_5S*yuOw`0y3&)_%Hyf3af+
z0*0Y%L|B~=b#;so>>KKjQs5Mqa-B65Y4=d)XHc3fjrXTW<!JVFiLV?Mmh_?HlZj)~
zH6!L$yCs3PPoVKtY?Y&N`$s3q--wlfzZIXVQaZN|9rV{jA;hWi`u9!x$iYwoEuESn
z5^%XuHrNNb=XmNDVA_?e@<y){Tn`*tSbnC88;6r^kGFkSh<pEOllWg_OCduWo`I3m
zc;NXCTa16a=(UEnws_d^iYF3zZt_cqX~KS@jWW}wX}+Tlxs<`UV-eWr_pi}(g9SuW
z21Zp>l*ZTHGLBd`Tb3LD7s?mGhXVhiHbF3AbAH9fm3&F}xvKH8R@(cw3t>g*FOOYN
zQSt5}@`Sir<|W>LISp0&w|StA+<#l{WY+zSQHv!2oJNWN!D;k=Ww^iVcJkJ$rY2@U
z8I+#!pb70kEB)X0P=6TC{=P{V{zSBR+1BwxqYW<B`6e0i3QEy6dw7TsbTME4Nx1#f
z9d~QG61H2{c{cjZ!I;VW2_V~z2mhB+_#Y*5{2m4^-t2&~Rf<(pyWpMjdTb3^OVQ7N
zvnu}2l0^Ey1l&$pD04GN0k!X|Y5u>-n)fgO^)~PEb3*mlNUjh6@?IIVu#)&~-{o6S
z<*_gtV*T^2jC@&v`$Dd?>9H`OdSB)b$G>}N{pVt_+>=wt@-Mhg_J>E=e?H#-6;#J*
z{A0#r<YPwy3hv+k*WY>^^78Y~m$7U$Z1Mm0wk0uQMf2np;JqpmKFJ0Sg8-NLp9}Q2
zACB(jnPjlAvc>|$8HxUL(WJk><c^U4fBc-Z8~!P{RNhJ3jXzT%n(`&KoZ=FAzFw*N
z$C~s11-M5~>^>>XL4-tLNBrqXHbwS7zG7B?129WQ=Y3?%;%H_LdRYvuMlut3%g}M7
zHA;s|v?|LwkO`@hhAW%x$!ayx>6D)CcN>IoFoTMiYa`g>=;2VswPo<OrDa8@t4@FG
zu&CaU#OC8^qZ1BpMhkdJ^)~4rwS$GT_@<_y2ctF94Y|J}7RiW10naeUbyM?!FS0b6
zk}W3aPuafAh5OL{Vphin=K^BkwKbCgziaO&4>x5zJQ{2!^PAT;L81b>iqWw(i{g!a
zYe(q{>0)lm?;kwqFWyG6sPA8XiHdqeD^eAWO-S|Y-LFa(EbRwXk-rmN>?12%J+R98
zjMLNU++mKWLSyMn#>7>HOdjt4;SgV<p8!>w*tjHS+t~-qMMuRq&FVfE*S7Af>$2;J
zVZATbrNS!j)L1o0oi1hzzN|D=8Vh{vdS}mO>T|U%z;hN6e2geHW_=*!b1Hj$Tn1zL
z{**N{2jR5sF!LO9Eeu2#Yh5BJ%h9r=|CSI2weVT{n!Mh~smJSWG?;h3UNjaFrhdCK
zVvjS+myQue+tB*Pb7f?9Z4Zt!U`|gIB1%I+_9C8m(VIW2HpkUIi`aPX9*kCXPXik`
z$e=4{?!3upYj~8aP~DK(`Ty8@?|8P~?~l7^QB<^M?b<t()~2+owhFa^Qi|FHv7+{B
zsl7+7*n96;vqoYUwSw5QR&b}E@8|oyfA`~Y|DQ+R?_4?OT<5&b^IVsjs4<H$r!NS-
z&-F}oS)s$n-H5ZXQCvU=OBC)Uy|lpWv!WuROky(Id_azSoRVP2y@9Iz#b*3>!oHm>
zkA>a*OY|zMw3>KL@&cqEmU)+5N-41UoaK^7eq(BXEbzBAgejcPz+U^FE1xca?YwPX
zy+vMlPfmwt{<2+oxz}`Eq{gF?y}R_tGcmnBTByARc=p?;73}--0@30DnqH2sVb+g%
z*7l00bUmG!p{Oz3z;Iqx|IFYQ7sZ!<e1O>=H_R{+x2P+%DOO|0K?^H5K7n4r>OAL8
z_9k1q#-Xg#R4Jl1EKoywiuXI82{bgVl9syl^^*5}&x1~+PeeStdN|{YUK)wd>c_9F
zhJCKQ=iTz;?@^35nXSBj(}mF6DBFvn7_9+B_N3PLY&C?kmj0tKE_2|k6|GlwJGolt
zN^VvAMqzx7ZZX=~Z`i{6FEjVS#}a4r$s2t8SH=^=8^>)MY5Ex`$<bkP%MoGWv_0yL
z;brsXtNB;eJLp6#?pCfgP3ieLUp2K4QF5cI;F;~MFX6Ou_xfO!G+9&*3hz8Fdb3Qo
z)-fu3OP`lFq^ly;<Z7)}fzy)vhe;$&;NeC+HBkAWiuP*YjzRn3FGAU#dP+PCIqB1-
zpsb3~>_SD5^eY-Vb=9QDRYO+gP0waIiLRF6)xxr<`KP=s^M_k0vE&xQ76>nxW0hmw
zP#$+Oqz`%mG~HF;%;dK3=?~K`wpZDjy~0aIp*VI?r(HnZT&^x362a4SZo;&-{=_q)
zt+_(VQlqm6&+HeYset-Q4(u%~zrG90_5q%o5^?AcCN!oJQ8yVIk_3P>w2Ks#Qljv|
z;{27!XfXCZu<(${^w_@i1aTLRPsl19pT={WBCS>-pSA<uuJ`OKI!h2u59}Mo3s3T!
zFCidLU(@x?W}(FcRtq=3my}6al5;F{PvNbJ92V;>n<^_CX!NSc$N{8|=&x(8sntv0
zq$Kijz?k17fb#Q>kG7qSC6dlPCQIeKe~;S(oG3(=AHSmlF8C1J^cNsI1L1ywU+W0<
z?(*SM;Y57q#9bF9#4e$59FM;0YxN|li0}k1MOH<%gz2*dmu4xMvz^!@8%+K71~MjS
zHSel1+n<}K8V-O@^5#d>INcq+V_Cr7#!_x59`VjsIz2_SkX*@McW5Gv>5<girOF^+
z2rM9S{h96toNXB=AEtih3nd#)kKXAFNaRWzO}VV(lq5lLdmhkqB_70^sD-IAi7c=5
zMj>16cZ-gSubOg`Yi!3~bwMa)zyCRox4tQfel!|%{2IBC7d~VLm^V@0GCYbjM4f(?
zVL+XB0~Uv3_>EgaRrkjVfeW`|)gn8-<ZG^lG4*dR6o>kc0l|^^Tce_}fN`1%E*D=V
z@py~X{Qb?D%GEgC7QU$K+;(q$``M;qzJPYgAil4(6LBCDmgwPutAM6A8fCc_AgjuP
zfPvLuGO4D$<}*_LL2ZC~OcIX}?Bs=hCW?udHMYUiF~K#%Ym)zHYlr+WU*ZURc}*jn
zM~3C}?V?S^+nMdJqF`Ql@X6+-gq@yrYTKoml#gITv8s!D<K#f0RV3}AB5c5<+6=#S
zu0)_G(XabUwUL0@_!PtHcze<gDy(lv`OE959nPz23lsGiyh@2i%nzU2ZZ~C&+2c~Z
zMs=!AahTU14C9mW;$L(%9@kRJX_7n&UO<lxyAyP1+sSHzLf|DAr24D|e1f9Uvz>hn
zeX5?RQTod*r&}>H6y2)8E?aYTKZjuaxtz=8+V|+fwu@sEZdaHFRL$O4G;=IO>?#9s
zw!q!W?0f!)cy^S6KMiw;Ye!}*-y1=h&(Re@w9x^;2}rHzn;e1<{C2%p9&>oUIw+T*
zGnD_fEFzWwz28`Tm)}6}bpmS838N`ivKQmj(N0&^99+S;GJz(xx(I(Zar1Lg#PQ&k
zE2n@?ouHyqyWcuiCbu;8k@ZSaXEZE^mzqlWU=@1~>^>Lu^Q4pGDmm|0-N$_#%M78g
zK@DiBg0w*+gvh7<&}BCGAkF_uOeT#v$rjg|W1-RWg}6Y{`FFdlUF~A6j3tIT??W~Z
zqXUCQ-o+@s${mxe)ce#Y)Ex#sfgL`Kc1%d2#=riwgDkdZ2mNHiKg1rerj$vtua-JB
zOsS_4sVe(gy5Oeh!`1rHV_Rg3_(Omb=-R2u5z_*h4rK~^TFVM#P=&rG{6!w|S)qgF
z{lf~vz*o%qc-o03ZiN)ALQdT260YHw_W?;wr@zQrq6G%xV<k95V*7+v^U3Y&9NK5)
z*ZXK?(|g6IW@toB@lnIkFJbI%0-DD1BoOcP8f?vM@enj*{0*=R-Sj8+y7AT><IIU=
zvXY@iNUt!g28Bhg`{DVH=Z>zA)&IVEkr);-Y8$D5@V!Cl9-hK-*u2*I-+E-!d<vkZ
zGvIDB7cgj%M|5ioZQd+Q+0{7wX5tf|msNKs$?m8o%#fE}^vSFW-KP3!auP@G?7DRj
z4*fo)gtUYSNXOos9X8(u=KMa}O}u2hysF5pw!i-9(Ry|!tJkDR$`p;hceD}hn$P(3
zZInk@i)y|RvlRbF^~bMuDf@ZLUCc+-Biap=Xf(Tq%wmIUt-62kpKRGUAO~VO^S}pf
zS{a~wz1_@ZlMw|<%oChbU4zccLC#~u7E588>uoW%(p;X&Pc5>)@4M${xl`qg<`3s3
zS5rUI1r(+2^-q=#mRD<(MT$wT4q6N)=*)d|b9&Vu&l}S6y7fcO9o5sh_S-vlmmhiK
zy-r}s!Ox5R)zuZq@qVZzmd1#ExWt(g33+VU3{HtraQ~us+jVMrK1gENy|kCG4~wgt
zG=O$;{hA)2i4Y?(7qOp;9^*)T274l3RejJP4&8L{Y*SYm<eDSD#4rEchM8XQV#%Pk
zx)r7Jcrz!3U*_3zEOA}sB0A|X5gExS&2eQqHq5u#t-_zUxli|8Elb+V7oPvsMseml
z)7&5A=*iNDXVwv$c)X#VQh_?zOuenR*DL1Zb&iW=FM-MUmpVabnhXy^3YFD={dKwd
zMi-@YIl>HkU2rreW+;C3Tp_1fn`7zs4~Mqc4EW2CmY3IyyUf$Kbmxn2^fS{)-y<tJ
zU1~o4eC^q0PaI|#kXWR$2X3rL@)NYQ%=b*h4Z;Yc`(~Nv`1hPl1TInxLazqYM5#`C
zr7a_OoIjzxn7+i|@%j*W^X<pFhjp5aaJ-n$mDB~KY0|f6*6qjHSq>oBoB(Pu8&)cz
z8~#lCX0z=tsK^C|+KpAjt1NSfP)y%gWUtq9Y79wwa%5KqJ<#u~G|KGRUv@KPFdPi~
zZIsmAmsXHm5Xd*EkIisBpeonP!^s={mSJ3UOu{Z;AaJ=(S|h*tW0HxJxNlU&J%H%x
z+(e`pgXUNuXWvl1{=b`^LI(hsdn4(ByL0WWz`k!LW86%u7x3q=Rxz#YIhUVn5TL50
zg!dX#SEBk|Z>4|@68z-3x_vpCj;5`mmaglIVeR&tfY+M)Fs6rX!@6XkA4{Fl8{tDS
zM!7-F*S%(kc58jag7}P6B?}bGHWK6G7y~F51pPd;=$!!5VaZ$6#!nN~^U0DMw%v1&
z#5kQir@r{&siDqf9*x9UAYGK~DGP%XluN58khrhh@jKm@CI?EOha*E@#L9=Lc@1m}
zi#kJPl@+7P8AS|!TNVX94?Z(2x3?=am?UxzXJFhE;?mK6pL(3Ia}o^o=!r<vO%n5X
zu2XhG^9))Tj48xGH9;VciXSr%O##iYYqcqE#-2|To(iyNU-+@j$#%IH*UKLyBCFNk
zCu;k=wBhe4FM18eyP7NsTQ5oSV0a;gR=ZByXR_lVOi|zWjOH|dO7Q1W6Ed<K;@TGx
zC~TG?8U0Pda1uxMN#e%A(vHuu9=HOp9$o1TuW$`aBuq~?ed`5U;DI%<&T-)46H~Fl
z*jo+uS|w*$wNTRog@^<B>FTqPK<XVuCINl|xF8uf{JGT}zh(2LN!N^P%Oy3?>%wYA
zY-_^x&N8utvDO}CMlLzWPpz>Y%(>gNpED8PRQ47({x>oriUuuD(cMRO1vLj+ST7vk
zHLG9(>hwh>|0@4%P^Xms?I61+Lf`T`9e($c{^>x)VpSCA;y2YU9%xNabGFrnj#AC*
zY%kV1>o&FhedSK-w@^O^68YQH=_hlw+oB$f+-&LxRk^9gD>@@e-5z^7BRxRcg>=ky
z#)lVe;9iNU(e4_{`P&#cW7}HT<Cfn%GB?aRT)OW_b~3Z1JYr-Cp=kS<ue=);Snm=&
zJR)~MXv9y>E=gzaOTaL9UALZozM*;^f;0NZj;@$x$7wda77<%&oiit5w#GI)y0Qwe
zB-h*O$dwG?<P4>jtzn%XRnL%$FJegEyo_c~xF%i`T=svqesD;zXqVGly|juN)ck#8
zxwoC~oJN}FBTofdVEM@l*?$)JE)0<P%Y7$q`=haotIVv)F4;8nb&3$LP;WJhlz8I}
zQiY0Kw(NEdB3R3MBF(`dCe?UF#2KPi{l7#~o;jaU`<FXgxl7hmnrHstD&henvO+K(
zFT(f(+1*8&k@BTaq*r09eR*Ktom&v8@_Wxjq60Cx^M&O~m#qn<$7d05uAF|2ih!j=
zR<@5E%!G_&<rI+`;%lA6;3Pqxb$^Ng5WRr<r9CWd?;xSTAg3}dC4k_7`jbuqlKBu7
zN&L9?#e=Rx<mpmRCU0M!X)8?$YVtcMGgS1){Dq0KLqmGA+feqwFgLFhkKjQ-1*j!!
zrI$*Q+n$1Wvipi8;N?|sw+xjf)6p{gM7ekbAq=?q&6MIT?c&BFF#9>AjGQxO_s0b@
z3eLDh8LBBy@~9BF50<X*7kjkeS{wuUgRYO9cUy;p-3}*dpVWVlTR`%t03~uQ9^ujL
zWyOL}v$ebz#b<3kzJpvOPo0vS{?;L|rVmn=)Utn^UzL;wA7IO${v6tlzI&H%RCU^p
zPO|)l$xy$`;aAcdOK11Ycx~^N$l*o7(ZVu`0mU>GOI;tA<-+}5kvOwv?RU&6&YY43
z^jh8T)0TDe%rZEXzxl1MAuR<xZ~(uSXI)nK+-Y=jOT)IuPvsuv{<)9M-%D{!&^u>b
znnc!nn47%?g8$&LQhd>~+&N%fOr1;L?f|G%O=S5x6up711VX&^Wtj1A`~$O+3Y$b{
z^-H!FqF@qqJ##Xgy)JlDuU=`MNyyHmJvt+G1$4Yk_nLiG;(E5Sp_nM>ferGXWkZH$
z4w0y`_JhUVJ{71=QAa$;V_p$>B{Er>8o76wiM+;)=L}r8R%a^0RD0d<%P)^(dLuGp
z6Q>(9-R{!bGqfC>tk@v=|0!CqiB!iEG9*sXtP8c0F>tzEj#Xxhy<OF8j<KzZTEM$i
zH6W41SREnh_UB5AuOp%px54>?rkTGUa5V?e6jrEbng0+Sr`P2DHSH)!jz%@HJF(ER
zXO6h9hZ<3V1N@>lL|}85InHNEz+>0DvGdO0>9moW9x&@iHKnvZ4xa7V7spmT(A{mD
z!rt%VU<y-)zZp`-d(U}`L?f0d-p5avx(+qVs1~&$3yKX>tnYc=^|}4*p&kxFCC*rw
z?Z#T+wmdvwe++Dyd0ed4%osDD=3z3(ivMb^)|#z7sf%uPJKiQp@imjsW<x+q{SKQO
z=MW3Qv-<0k2pX;d7VM#S$$3(7kEjJ$!M>bQeO>snr=NqeEAdIBTJX>I*>;nP31q7_
zw-R{!CLdZ_f*VVJJH+zY$eJjT(i8+8JiN%Gp?|f>LN)v&#YhjpHrHYLV^$#X#{fmt
zO>b1|dpiL>k+MrdOUX-3tOIRLCawv<({{%5O(huc^93#NC1Y1mn=qj~od<}N%@3M1
zjQ1ISiN?B;>Mu7Yv8#MU^D{4wpePtfYFfd!;^JQ)Gf_3%*%vJd3Tgw&)v(%r`DUVe
z?HcUkyF<<R&RtnU65gl%XNOurs-`M}JMMr2f^Q^V!w>x^W3tLE{;bS+;nN7q5m=Y>
zJ_qa|jxeX$?2D0|Xax55pU!noikAG(Es16upc)5NcyH??WSI6C`ZITHl7NVsH(96r
z*~M{w&tnT$RF~P0+2l-5KzIbxHHFLw>lPruf#1YKNd{P;W|ZdPpW*U+S<&4{+VQC)
zrokD8@E`1&l<XTNrapNfdt0UQC(|Wpx@pU>WzY|<9#Y}#EKwi=oiJTuRC%~`K{YB#
zNQ3Eg5s(QN7e$2D-Kb(ZKyb+wwa#LOWJoAy28X^~%fG2V#+@t_eTNeK<q$W@ns#P<
z|6tj7Ezv~PrZbKMI{4nuz2(k_v8^7oA6o;2vt>5q<`Gh6D~!O&`^gr<uA*V~MyXH3
z7p-j~r4gDc-KDgA4^MYLu>P_i=L@OX3zTwY{`k_9%v?P&J>7WvpEkY3IE)FEQ>0z2
zfCbL-$xDOKZta&)+hw`s(`n<^6m%7Dq>T5-UQiq3eQLTF62Vfm+J}yGbvV$9G}>zl
z=XQpoJL2$9QEKC^OqCf_P^07xXHTV;VLNhTYKB)n64GBkGcY#9S$<6o-lMfqFm;zX
zD4#xfpzqKhf{ydK^i`!cNi%9Vlx5yQ5!Tu+D3IRiq$}5ts9%c^nG)<~rpkY}GE_t~
zGfRXNs=qmi4L6JG)1Xg8N~&knaYI9uqIgV0z|sX6#omY~ZlLZ68GNqF5r8hBL=aBy
z>N+&bsjHZl?t~Ita9+-~xJ%d9wJ#gy_u_7i1_=x4HMHb}rl*5`u7W5nt*8~(<*w_4
z6#9>8yUy0i91B8>*Tj}U<=}PzQ@&+pAu|E%5-J4!h=<RpGG#2$wCUZqJD8YXCRL(L
zgFLqJ>1IT+MRd8GEt7_%w(rUB^F5VSB3bvmr>cgYatYlmAMC$Z$18iCv_qF5V8}nc
z;-SWuLJF9Doaw_hjo#+SZ)E-~>c91C`Fr-r6VaWLc$%5Mm9Bd|6#MSIHDJq*n*NC1
z6FI&z8S9<*$$^QIwjV1_BGw*I{fMM}LHF)w0^UJUNf~{<W9P3UaiJH__K-NvO<!Yz
zc>4|m_=Coc4x3LCQmu0uG$gLH<MSm~6nqLg?w+yn4L%t5YPs?|cqCIT)~4>RYLUU2
zui2$y*OeqEf0l!=Pm_XRy#l|9L-H83FXyy;vT94lXq<!}i6hI`m8oCC3tfR82?vqW
zor%wp!;WB1mp6VkHPRy-n9Z_c0#V<MXMGx|fb?cNqdX_YbiTt)lNLum_qm<{m)ruq
zMD2U!&i!yC&LPLu+7=b61$Szo=i}Xaiq^12nB}*Vl5Q>X84^M!4X-mR&e6&nc3fRw
znECi2=xGW>7rn<ijZN8K^aa9GLt6i*RK3u=i=gDvTpCV|<Vt5(c~^8|OHTW=K||9Z
z8q?rs=EF5Splg4?^N^U~!&e@6DTELuLG#KIulBcZEl~534wV1F7^-(#N=mSo#j%0w
zQUaSrBqanSN^hu}gj2b{y6zm>?eGf#*Cpl25$wza+>2MkRvb+o25%2~!YvO#0Erv0
z^yX3XD#UerWVMCVP!TLXfrB5Gjx_%C&R2PdR!^zv+<`2BJH6M_L{B!S$A}Wt!X{~P
z>^1VA@Ol`jc$-~K4OKOLpJllZSQ~nTpS?7&N^13?3F_Xa2Yz{$mc1w_M#FZ;h6Hnq
zIW8}}l*l!e`vf((cfZ0F3gIp%G}0gY5mC7(^L?m%1%mo4j2lv0mX=*889dGa@_k;G
z@e(gkmv`zT@uMs}DKqz-8H=7*a6BpOnC-qT(!Q<9*;MEs$z*(KMNziCt>LveiTMQs
z*TlGEpVM<w#DdaGUBC$BOuTP2U3Am+y}tY(AP3knsxw3iY9y;&_OWOK7bFhPkYEtI
zf+U=}ME;Z!{07rS4?;G_Oe^np;(YiuF-~mYD|e2DOb=wObk*hPtrVJzn?$08&9nW3
z7{Bvxk9dpdRJmC5L`fU`Eyetf8E}kD68Tk*Anw40r?)1NZxa4Eu$8CMg^_V$vR{p)
z;fx%fGMMnV`gtXHPUmC=fR=DZ(*#kFqkCZylS>p(=LW812u5t-Q0o!Ik*Gz}_dHMM
zGwG)gMskf3**L0B4e8Cbr7gL{-wg0#LwCjv*BObGK{P%|MXFhV=Vamcq#r>QmZLIV
zET!rIQaD&{M0{B67YZSEgEeT#pKQS!#hNEZO)=4Qf^R*{Tm$#y2;d!bdJdvHcY;MQ
z{`fOZBU5RRt}z7<BXL==?Ll#rQzonL*i)KejJhg3$PzSmhe7o;%L={br(2{u7Ec`U
z_-`Q{g-<Pei9P`ssw=AW{#|>c_};hwKZ_p>*kx}Sc8N%*YR;ui^B2f>R+n~_aQuVj
z+uoqJIryIbJ_}hai~RqtddS~ZuT=b>+?0EiHTdlbtC80SZe@eU`Ror^2}<uS8?Ig|
zzsve?U@fP=XRRLL{}QVuY8>dnGG1`&^tr<Dx{A$RNCuuVzJMC)->-CRW6j#$URjrO
z#heRCin+EKeu@9hLiXWqMP%}Wzl!odTV1FqE==ltg+CzA;o%ZlhkZ{7Dck<5-H|>l
zEI()S&xah_Sja}(1o9(tGt2K7HU>Ods-=4`_-UYVRZjQ|{RZf9#O#H(;jOfOsn6E-
z{7QBoyKPCYFrRZ>8ukffRDKY&Kvu~taGGiZQFG5W_n*g#0Um~0nk0Vu%mZ2{Mu&yR
zzw8WLh{BfLKzCDOg(Z4m4?09avRIpk^OOL8gdZ_lXP^ttNacA4<>D}t(*DDEd6OEX
zoewEY8pDf*j!oPTxqQixt^pLO$hlHUjB7SCE2W}D5DE8=GOk8-Tv%mtXd?z?Mqg)o
zj~cNTjQyNW*0x+l5>dYk6=VC+?RGtesb3k;c^EP@>q*+VPB(2Fo7wT3p+Urb(W*=w
zoc-OaEbh8~yKfm|GL_!l`yYM6&zBdsFoOeO@-5?NotI4cx0LQ$g5lOWmEm^qeKoqt
zYyzeRN!4*p3;(0l6BVFaWg%wbgLaOALRjad*;%p+J4JIT+38M#XAnm4X!phrSW4a8
zXj*LUP8bg786DU5@Mm<bT5COW-ePsbALMbnE5+1hlovjJsZ(9xP<~e#niDo(WiY@1
z7^bj0b237x&K+LI^aJqXHa?9_UNv$RtB+Xif)s@_np`md`SJ7Ts15W0CnM=SJA>s%
z$_-pZ3O3CWQ!p!MsPmt~Rrj_Yr-q(w@w?5NfA+@J7x5Tjn~M~h(wC0bjglzp<G!)M
z^8B%%qUn!YPzWuuu+DoSDkS}I?)&MxH>oGYMC-o#XIXl)n176G>G$UsML0!z+<8|q
z>k7@b$<2k1-?zWcR^-_wz318Jjao%b0e<P|mQSXAYM%(_ea)diBhMI?rbt$IKuWIa
zZ05KXrhLj}eHyH7-n}v~ewSRmU0Xga@*t+y$X8v0V<Fw6D`Q(~TNQ&filmsBDbQhz
z#u#3dRHB)sDsZ@K5YC(U#0Q^N!j^ur=$F=wF%<pG==p~<C0R=x27wVs`-bu9UPz>R
zg5dN1!=sqkY7KHDU`oDo=*CumE;gks_t~mgH(!Q0eps*9a7%PK>TuhwBr$FXoRlv4
zVtTqdSP2bo2}%8D=^j%7+ffiVJ49y$hdaO>d17;HER~MN>hVg)A8(=<z1ColcWd6x
z$eoqhZAJhSL3y7ZphvM{uOWl6(nw#fI66dH!-j5c4Ps_C2(P{mG6w!~oo)_`lw6!h
zY(DPYN-1WIB+!jSE@((QdfTP^<3bgLX>^1=7N3iLH#1lb1>dXjK3wb97Hn842TKGA
zj3mGO1lwS!M{J>xgvimqO%Q`h^QV-+cS$LPK%TTH##x}h<^Xm|OhfS`kExz7`)&8t
zd4}=Z%Qi{tk&}lf-SsA87=6}4t7STNH6Sdh?YSKyq{bD*qDC*ARMy60@`@^L^F$?D
z&gJ1df>=JN6}Z(*qE$3Y*bdu#pc<j$hYxa3)qZ-H%}(5h%&&Dp7lua_SdHe~7j8gv
z@~84_lbpI4br!SKv>bdfhon1-w4S&`hl4Mp^K|P)t&T4};>6swiH5r--nO;qj?Kjj
zqhps_t&u5>+_sD~IJ_8%ItTS3Dm4m^^;a!GRg5O7U6w)o(cS%eR0QY1w*NF0GpVp@
zrCzNqtuzSb6sDN^4yeNL;c%=D*8LINgGt8tG_KhwF@XT4<c$LA_Q*VCs@SIW5uY&C
zjT7PJu2b@8<*78sQ&K}*0cCa7af6!oUvj%9-|Ep#gi?pCtZ65!{;}R7#*As#EGU8)
zoUlG7cC}U!4Cc_Ef4W`PeKLSOl>n$lBOO{7b~Si1@Dc=t%^MYoeZ4V}6-pO>`=_+Q
zq!G_JZqcK;wkA)-83o~lH>^9#y#}?X`iHJ}nUklKaA%8Mi=}|Y1qEmAMO=$>29^hA
zEs4m?Aj=lh9FnV-?4j>&^R|vM4u3XzOtiZzUhu6_=!ZlIFZeLlIkc`Esi2$peX&uf
zSV^x1GlA_KI{EtV0xp(7$_BN5ZNHknDu-=6Q&rqRJhdEQ%Pe&S$UzI$pKV>)cRlVJ
z)|av!Ge4fcW?)I#nH%Cz-MXm6UW1SdS-NzNrRQ0E1<Ff}1T#2^G&(O?AQrR%92d6#
zEuPYT{k6-jf&-3EGkkt^;UV!d(!U<I-4VF;<VW>qeC3JreZg{c5*vlslWs?rH=m91
z9KHwD!{{y?g*^tr9$1aMoX|O4vQ3!)aIH2vZLNe=jFf&&J+PoPCc_?rl(YqJ6RWej
zVX?bHTVA}cRp{4RKCG%rqizp=kddQf^Bi&PYS?eB^PndnTX^%tC4YNFO=9y%VpX-u
zoJtJrInW!YB1Qk)HsyuapBr^Gy6FUk!;Tpx@7|sl@)6UE`Kk7Nn`{Fase+Q8Cp0>x
zi%DCdo=w`S%RSG>c%aLLM~zYRYU;A03>&pf`p#?pufJk%0&H!+mHSECPR7lcA9;}V
z)ekUZ`YSNwq&w;t>+{?0D9Hk|c>Fk-m!5}rZvN4~&)u>pv-z2m&aZ2H;I?=w2^`}q
z<uPmGa|A2m!yOKYxY;A(=Tmc^*mfFpGrvPHJz=4drW!nPK$XAc@Xf@XnZfw&HOK%_
zlq}c4yGM4O)8$@PQC8E09M@vt2AKS#XBa1}@eZa-ChkaT(r@d7pX9T$I#vbN$|=np
z^bHh-V_Rht)aTy|t(v3qB~~CC=N_|`Nq?3S^xYY1G=5NDGVZsix9`lWozm6D?h=8l
zb)drE#Tg`FX`kB0<UIx4_7Mi`1FU<}txdIg;az`H>vvS!_kU%wEckRT`?uu7rq%j<
z?5gg&%bY!fGbzUM5-@W7dN!MED6mi)$q~Y7nJIC}qkhKcCsvLFD+4U=eA!MsLJhs#
zHE~d_UKhwtC~Y3wWe*=inPv4qhBSyF7dA|<rpgs$0sFH??Hv1STadvYOOxC}W<eVb
z(M;_sQBvNS-irYx;JL~VeHP8Mf8^XRqDx;k=hxUTe5~)E+lJ0$4Xig_Nd^kfKC>h@
z$WvFm{A<#5uJ1D_#r3~^%tq@(V&g1_E~%7SQ|eZyih8R3KPea=?gj^LWqP}#LEm2M
zBK(<+Xc+aR4}u(>QhYo>-HGjADLZ70ujV8FBinYHhrRS=%6~vtAL{y*bX=e^U3x?Z
zTM#K<SkM96@`B(xKfXNP{IjC4_POJiL+v*knZlN>nK~bhOY;-U8uxt}{q?2Jmm<EM
zW+@VOZNpuMFM|{8ng*$(h){zFY@3ZsBV&ld+Cv1L$P&BikHitU03XDlcHQv@pM9^g
z7~(P7mD|o}c7U(;X=uU)@HQR%`0?ZB>g|Rr!*Y`aU*bza(DM_m2Vcmh(~_);N+hne
zQ}#9$6Y86ZhM&WD33NTf6SV`awg^$pXSDLg?;LV>CEXBMPT*VB1;Yw05G4GOUF+8$
z>2EstK$sOC6fNy>q#gd}a~J)`1<y8(1F|jy!<;_#SnpWz*Jr+!G=a@W5J^qL&v@Ht
zVX84?*GoXlpzOO~&y$-MPmd6zfy6|qm-p52WKYX@eUH|Zo(}kzFA>VwY4$1hUPOZ|
zGr1i83A31V#j;3kne;tljOw2O)1Lz?lZx_FSw7B6%MXM6P$NbJ{eD~6&iEK-x91Rb
z*3QaHqN#BYqZ-{Bw2qlX^%0SFLkqY(Sjs0)$I^gb=HvN&4zOmzw!8QoN9xjGM~**o
z^cAw09=c^KI@dHgeiuldVf-hoYR~c7RTsJ8^13kx_3W~Fo0!vg9$~SxL+evHFaoL3
z1}9%BBmD3P3RUXmR*Ye3g6}6QZd`cu8Pytc`_~#enxaiF-w}jq!)ZQu6LdOdl4jwp
zT$Dzi>;1XO5(tC}JV@#s38!e2^RD4jS>+tbjZ*xgq41mGA&^dFwq>QfxqY=8Fc-Zy
zOW~7%Zp*gXiiFutYwsINY+gF2lZ=P~Q$||0=8Gd$MOp{_+SJdiuBh4T|5LN!M07L;
zya3}D9J~n1iX6<b-Z@8$tjFGHx6Y9VDu^!gqbLQ)3>#T6STyCLmd>OFuAT`bh?I!%
z3x?sv5HzMiCZ=~@cNyNxV1vHdS<L&IW<OKXYdBI;I8tri`0b<Gb<%U&8Tn&b6M2Pj
zHVtCPM{Uo-9K>jHpT`J#X?R2CjCIHX-l{{&h>_Hy-zG_ua*a_>`;+$8`SnvlPE)}T
z{R-*1NT5M>dw9^|LqW$v`56f<)a}Jaft0kT$i-&eebp$JV5<vpYw^*;CExP{*{8~r
z?ZOO;ccw!NKO6SOJ@CHxL-#r|MKx9?HJ0aU=1|ybWu{ZR`bR9H*nY6a<7t%1^?XB?
zV-k!d{(VX)AGI;p2W%l#ro=Ap^EQzTKsRyt)=A>(1W8?R1dD=gaTzx?W5sg5G~=Qu
zkfQsQOX5#v8A!+FGJBAtDhUhg3sRI29uRQ1#tv#I(XD>?1a+{?8t7Mq7M4x)NJGnw
zcAqqx+W8}+at7i-m;c(4Hpa~Lm9O5>BD{9ZADY#)n^G;@t2zzLYi2e&iiE<iHe+dl
zGlC60O%B*YmdqVy)qdON<(Icn&hpblOc(!jhFFiax(?w(u;&3Hjwo#k5TGbTcCQK2
z5_DnN1)X8GJT8iaoVmBV?bh8_5Z-yKyAOj9&Lv)bFGTwN6V22Q$I*NBj1&*NYW~v$
z@^fMGYfwG3SzNm(F3N<2A23G&(+O1)%kwjRXBCVjYqJ}VsgX=qx2k?)ZL)uequ`SF
zZFadd7*xl*vncWj%sL1G-e(cz5uEC2ad;$I`!~y`xFEp_drJJSM~gfB9vh>XeX&ea
z^!>@Kl4_}qpQp;Mf{!-T^zrYiURsR89u_8=G_b6ObfB4qX>Kt6*}UQ9H_*-AI6jgQ
zQ)wRAPGaFrIAkzmcepXTv{*L&qlD+UNc?d)fJX&uA<iOp+Nt)<wPeq%^;Fb@G@nNi
zRGoBD2{{H9TJXH;j_M{sUJ`|U#b4Z+*C3&ljyL<tfAFJ*14{J1et;Rr<UmM=LKdYT
zcx1v^8oS#J3emM5X;C=Y$n;gJGQLc9lrt@d$v+juptl&V@miQOsG;+3SE!0~>kYyY
zX?)yIKMBl*S&OAkk0vsvr<i|;Q&<1+F?tCOBveKgM~ZoT`?%6K3%|c@WpRIwGbgIY
zOd`oZSKB)fst<*iP|!VE$~alAV>rq{R>-L}E<Tz1k^CGTK;gKg(4^iv6<B_Q-Th)%
zenL#UdW(NQ8$bR)-c*$aqgN|Si;N17sI#YJI2#Xy4_a1f#P3O&RV-f9e=nP4{vzCd
zHE%wR6<MzzwftG4TsWHa)UF#g$_7pYG8$1G&m704Lzwwhe-mkNm2`(ONzELCosy;6
zH?vD>44{ME#|(?c4WccY#ZOBO+w~U-8bp>(XIS$J(Yy{?l$DT<Zva`!0K)-L?-Mw8
zPdC1Js;=|q-oCLLc6V2ZmBg<!8avFv>(fZ2O5o5{{QI)%GL#!S0G`bM1)__97pepW
zf~6!lfL%RrD#@cx1tX77OJYvWRn$Kk?h9*uKZ%~<CIN+2ES<3}$A6daGHfjjOq!|}
zbE2OtHHzm@%P5WcqDVr>2d?>IP+P!BT`9n9?x|bSw@M-bJCBjjP$dZLn+y~R=s79L
zadyN(iCqhxSIAgX@hhpif%;hXu?lVekbsJ@pu`tan7OzUtqYX2zy+FmN+<SZtNpwL
zY%AlEugbEU3v%5R4@pKipsC5tXDf5?bH@PD5>mBa)D@jYD5sP;;n=?;K0j8$gQBo}
zd}$dYflc@*WclVIf=(T{J!6v|CD<NAKi|G1F@7J;Ubp!}9N$y>V1-~I{-%f|WLD?i
zkrwZvJhD*5_tNTIj8@i~>Xc%8?L7k}Wkn=q{=+4l83!@gidZYhrWq$ErsD9ka6z5a
zYv>z^03}%<xaIObC*Z8HY*FYZCGf>)7!HrBLT8*x5HDv06J5(c0&`L%+LAT}^e#Ou
z&BxitFS|IW5TS~#P%g%e`l6~eNNxHpV|v*nSK`x}ydq;1ra3<}A#LoM2Oiw}=>6xR
z1-V^qYEphNu6d&Z3Al4Af~ql0A{@tra?G*=b|62wTq<*vhr#A9I#quP%*RhN!R^KD
zZW4$nwWPt+ljCe_p1xTDb3#x(y&9=TUiFBKjsag(nvsj!k5d&oQ6I%?f(O*d%THro
zc#;tSdo&BnRi}dGF*8}dL$4Wjh*IX=4T2Z|-a&+HHvzTdRS0XgXH@JleucZb>y2r1
z5deR}vC%mE{cZxrLOD<`g;SutbVz?K6)LFDq{MD)X#Gj#-c2Ml*2v|#pR=(XmIZ2c
zktmSSS~$kYs5ptVu8B@YQ>%f*)!qBeiU@$>c1`~+rBexWc{Q_MgnP*7SDEK2k3RqY
zB;e{5yHFb=`~JCeu+)^<CjZor&WMwjs87m3E(UV%%I*hB4{V<R=6zklkMxRJ-*ik{
zLrof6Ytuv^7-rdgXaP6t2u5rgy)m-dMp_(@$Y(FJMT<Icd~|}E1$+z-*(>M<B?9?Z
z{0AS^L@w=y;7m3v>*l`<Aw}NE0&*)1feZmh$Jra449LthyCIF_3XiVMjrz<bbHrq`
z!Hh}i_ulxkSbTcXzj`u$RMwfySh>lnf+8oU?hg$Uvbc{)63&A(ahcU6S5mb4@}~nU
z#sR%WLRQ<PNjzVTEEkYh^A~2W40XRxKafj27XPQxWMHDCR$JhqHI1yS85P95#ebT#
zgWaqa9Iv0n9lR#rl64HECk&!yYWZQ)KEqQ&SOw<0e3yPlPnABk?tLYsA58*I5jOdD
zj7_yi*01M(uUb#b+3CVxl7U@4x)Ezzq1devIRIZ-(FcTw94E=V<lxcUd^lGnfC>>`
zTSlab>@@yI9?X0=cIrA?#Rha;&C^}K9eOx`xcRzvn#KBXg-yUl(+{WZTVwaZ_tqZ&
z)yCctXCp1?9<k#s{GfwLiOnSntCejLQL!K?37Eu1wC=rfNc^Y=N%2b><0ZPfG^XJ+
z&&E+#Xwz}-q^qXB|J1{&iq6jj__(b*s&E%gm;|ldD&mtPk#o@asDo@Ly0rLA?|~|J
z+l=yc^M1WjlnN#FNkMFE&N5t$An$R0WZF}F)CS+SOw?;C*_qrG&be|WSc?@LD|)XH
z{n`&6r^EcGiXVFxWVJQ*3aQaj2)mB^s>9g-KIY{#u#=b;PdD~QE2qNe4W(4Kg&ZnQ
zDxYF?LcZe9c{C6|6(s76oEn>}%(i4+c}eZgnG17#fk-4BU48|q#Qw9vN5+b0oOT@6
zTK_BRl6l?L^3b&C{}x@=T1mlP3TAY%hc0z>D;u;i_kr)LjA7x%P+r`+%uwEzga+(-
zJ7zH7iQ+72Mq4uQ$@0v$O#+mkM=5mB;iPYT=IPBVl=@@!PaQPkei!0nG%r;U$s|ja
z*vYN!zo)W%VJ!X*hSiCg>j-CHEOk(WPuSP!xCrZLlhv|kBQK?@bNEUnXSm4n?MnxD
zCFsw0JkN4DfuAdu|9s^QKVeUGc?6mT4a4c9ccHsUC!A@zcAw&{30GYB5x}8~XZ>^E
zJ31&fRz<}|3Yo$LZ~iaJ;&;n|i$)l|(62Tr)5%alQdLC%M|hNa#hl?|R1}@9nheb4
z<arlKrwWK~4Qadm_#~d&h{s+E^XLal-+&=!<}7O1VV3!#VpTI<8D)0q4@lABP2}Wz
zkwS$-d@fIL&;vBAi_of+PTYDP?`SEG3tcd2Vly3bEHQ$#1wkk5q^z79@+oCyccn|s
zmk&ap^Ow55v4M@R9Gmd$_pKv|0J3LAH8J<R_pl%>Wz$7djrrpwU4v;81KIYw_-uo?
zrgnnw8o*8-_C<Qj-??hVZX@8eMwz#v`VanLzB?NI{z|AP)Vc7M3!)yiriJ$1yi>Y1
zcH4IE=iSGn(rUa3stLc?9gIbzGJNvoReP-G3aF&dI~KUDQ2)`5fx{`Mw^}`lE?Des
zexg}Xa?r=R%&PxfAYwO<SN4=<vf$m@qgI2Ro=wsX<%K2`k#lKrJ2T4FW1mOo%T#%a
zf{zz_e|oZjT8;#A;L&pd+XZK6a9;A1gd+xWd11Y8T`CEGIa5<J^`!J7s2BCypbXTf
zYu$IIqIF#q4xonF%9J`Dx|9>~MwGRBjeo)%9iOa`1H3F$sv+s5<5QWD9B@tSYB*N)
zu=1BY_(7CtR!^Cov7ogdPVss=%atxzk#BHw?aNfzhbM`7rvFysoex8Y1Yk+Qe(7S^
zyLy+v6b%2c{FZSPhP`H@q()dW|3b~_K;kdL|1<rT{cE~lz+digdD-hIuF?6SyAG*I
zXGOKvH_f_X?4$05nOH|SiF9xEjZY9cNyMyfs7t!-(CA>5=_<?iP;9?0hkaY8eoz1s
zw19zlK%8cRXKRoTLL$O4b+6Ipnob-rN?s{dC8g~`<<lSBbN)P*5<D%CT|x_0iKNZK
zb3s%K*6(AxkrDX_lYw0+Tyo3y6;<JM#qQBpu}FZ0>hopxi2E8?RV{;;dRqjGAve8z
zS7skCu$MzEi`AL<H=c2-=%s|qNO68R75WjyCjkRXbBSNmD}G6P6Goh<HO?Z6u;JfA
z4ynx{fB#h;QrmLU#H$qEIASoHWKY(_maUq$M@L%+<s`<eXa4N<26p$BX2w$KjwFwI
zFaj7_tRya)M;n`5Hztj?Z8N%66}uVWIgjsd>&?8^15X_L8*+kO&eURI;}fOo_}J^Q
z^msjuot>fB9&pX>_&=z$-dzNhpEjfRc!lr(VY+FbwE#+ug^WD8P$NF~Ee7MFV-nQz
z{)?L{cNU%axFgcgteYVY?O7MqueHXzL|-EsYu@DF;S>eCKR}TICO~jt7K(RD^GehU
z+0l8M^Tn(JZ+V$uKkqO4UdJC{g=OC%$7+jv7iSAzAt(Jj#wCK!9vW*OjL=F~nGh9v
zx_SjXFV9pAb5VSlUtFMhH1cZ``OpWg*a>L3mrOdgzd%}J5is`QaE$`VAr$01mkY4o
z&VQ96_OT*uu;APY8XO%|{0nnY9_Mzj_<5wpW5L@%%mJbbX>ZncqP=d1nKfBu=XzkJ
zcAnFjOJVdL{Dy@D%*o;9_qCg}NQYbFJiGC~<oe5K8^!kw`H>CIe;Z8i_)}kxYI}e`
zP32DxAzmMj{g~u`8qyh?gSG&kniTz2w{sl=r$5{-GFW6j3Ho@Gy==*{-DeEhO^?0T
zq6$q}(>w%=j~F*N=l?aD-Ol2FZ6-F&USh-ss4q6G>cczN+|=%B`x`um&VS}2)oM95
z;`m$J!s&O<^^1G4d{{B%G;0%I8uouD6MFxhOvtPDU`v67Qi!A_K@N&!@x(p$ai*{%
zLr<!g+HmHD*u#m9cNf^;u^h(VetR@O!;T6BW2tx$N3!D~0{G>p7y6E$>ZxUwhpb3C
zO~a_`C~%D7jCJRI=x6Sj4idj=58yBx&QB&q@>w<4KoN3*HxV3nd+)V;nk;#xLKO*D
zv)Mp^D4CQxv07HjNkqQATEnXVSE3+#YS@~{Y^{<zfrr<pe<Ok=j$aa~CKkCjg7L%l
z1Ku7f6z_kI>V5fIy-9_ngI?P6OA!$uMgj}&=Zl#(f3UO~$0+;{(;k|#)5hw@(dGjD
zG29&kSmZi~2{teH7rKU$HRSa0iyX8@Lk`A%-;GN9zoMu!YIHdEzh?n__>`clSNjQX
zlCsH%(>#QeYUG#eW_&gcelM-)_8TwX+kg}-Y#uYE4|VW6J9ahDdM)&Ay3V!xP0IAZ
z+vVAb3VmEVO7E)^Tk1mto0%nXgW8X*(kAsmJ<Wd5N?pHh;V*pPg^yI1|EkyDME_s)
z`dzjr4U7x(QQk$u4I?(`{r%qGX``*hyxLr}jxWc;^@PbQtG@ev`|w@KJO)1flvfe$
z$}t-i#62#4Hi}%>2@Q~VO^_1kBNE$=ir)V6>`@)EcvKTT(2t#Rx*x!)7+am_eQ~6D
zHBE;sX^bea*cO0zg|R>`P>J#+&jV3?4^KY;oBoUp;KDeh#PwSSleZR%)0C*x3Cg4$
zU5C(phsTJ{SJNs~q{5)z;cnWM%6Q6|Pg+j~)xg-<mNN#c-f0^(vwkR)WV+y#XtLm%
z#}!+<|4B6AR|$_38t6J)-FhM~M#?FXN<bG&nnsvLYJ6&$-3*>kh}@YikiQ@>Pk?87
z$GJt|)S0;N3sFWNg1t7@v|kB{O%@v(7M-65Ote^7Ui$ooC7XBks>p(VX=5OY>ICt>
zwS75K&t8JCLpy(sQ`&tGe56lkQ4u*tX{LmCcVxX)F!rv9FTI+%=;T9$Y6CNW3K<18
z3DoV;**-AQTaDk?E7iWK@_k_Iv=1`ZM8wsmi=DQFm8el2({Ej66T2rs^#}3a@JQpA
zq;Y6iXI6Tm`f0A<`Bxh8up%j=$f`7B3R+RlhU2ZS#nvk<{VXp5Js|sOQjwIep2{@v
zBTwP!J+aQ3R%gm>&2$5uHP5#PdrBEHM~~tuOtcSCWiHb=&dlh8Xx0-f6OCBi!lJ29
zoy7wSNwMlPPSeX8n`wum`Sgq3GCb?+9}Xx3ZRuWS8hJllU1dP2QTtx>rR8vvpFPkx
z5ZhOI<4Ar+wBXgMVKZg_$fWX2DXP$>Y=o0(#h?z&!xYRL$IF|~oq^?{1tPvZU4Hx(
zYmxqkzxD|idQV1dXREZZ-OXG+(~D&l?v^=Yhu;D3N*B3cbUk>x>@oSe*U6AGkZ+9N
z_Gko?EiRCiQzHX07Z?FvLrg?=nXT)T8IGQz5<iv1Klj`b`3p3&5bM^P9<EvWSB@AD
z&g;gI(u=(@YI+cZlsH^kz-p`y#T#P<F=C#u9fj#dx!Bm=Ku%6#gerEkUC@rq2@{DW
z1$(^^ziYI>0Z+PB!)W>=J5`0m6*wcPKjyblp2agrx(!CrTFKfe+^&h*UhF9jCJRgY
zoEz(=JhjWfy!Wp%u1Y%Z+-4j087^<h_m)UK!&)&fV_hIRLD&))$H<Y>rv~pEivQkr
z9g_Siw8sS-mO;|Oe?{ipQ!JNUW8f_&zvLMGxF>T&CYtKUx;O(1Mr4%hjqq#>Q%ZQ<
zUV#^E90hU$(*?Mb`rj8;==NE&a&`^e5GEI}XOt@sSaBX*sE_bkxxY1G@j1;cBC2Ee
z*YgD1#w!l^e{D^T<}zA1;W|c%l+NMbP+0krc^yw1-t)4_fDT{Lb&uVd^)T;obI)>T
zlUL$%gliKP>@yb<c<@+IVTD#m%^Eu%aIr#A9?>Ogq7e}MB~Esy<oQaDF{E#|UJGC7
z1w?r)(4DkPX!#<@(QiiU`P@OV9y23OfFloA(*Z8F%?bm-M-u~-c>wO(+rUEBDVqKm
zlzhsw(+_hMro=yQz3)>#v<VgqxIb!T;dJDfdF$p$+us@Bs~FRD^wNiwUNQl!c#Cn-
zCgormDZWu{%CSva>IIUh#R=8sR3v%CcL%I4ci+Bo(x938j6^@Ok)i~ox8^o8r-PA7
zBF@RX=6A#?jgW8qM&qU(TCh20{DTO1VVZ7h>Y$vuz|Y)}%s*r{CEfjnYtsW=rt6dS
zJWWZLRBTxqUcQ>t*lD8A-e?^QaeZw@`UMPT;^o*?erzThY<UcGbwr-z1eD#(L*}PH
z^l89_GEd-JlNnhNJwMnFpphKs(Jt_FE7$Xbhg~lwPm(i-Y6Y&B%n(4@)D6hwWTr{#
z#%2m)!X-jNVp`+x2vijfzP)Rw-7!zpec|{Kh6RyE35i6<&J;sVjdTi|c8>DjMF)Xp
z^FFc2sO~V8;|LY95^)#|0dZphEL``S9shR>R1|kSstI}=y4HdF%Msi86p$*M5TE~D
zxsK0BMc(77`B%opTpag%gHwi?Zv@%*kHvG=NL_d$C8@9sF8#Nn+m&i(yZlF8AMTrU
z!_J+WPx?EF1;Lw@G&@6GFF)kzEnP-k`#Q6+T3_AF0Hwa~v6Tp$A5le^Q*kCuh01ZO
zN_M<|#OSt9ox!4KzNle^6_FcX<K~mBJfX?Jzc?~}LRI=x9r;lpt9HBXJH{in@~$+g
z22fwqcgyslD|`z8QFDzD0UfMZ@|<CX&_~t54?Yc^HeI%*GPm@}e4AZ<Yf*${w0n82
zuAMLxKlK>9v7vz!tLRcTWh_#FzI>X3^7KlW<~M!C*C1CT<%JG*;+3O{PYDACpV>(L
zw9tsA3N|6a4UWkAgZq?2AG1_Q9)P8*C3PcJRw1FfUZKxEO3>@jhdiFH&&H1ZBQh7k
zc%WEJ@Q6cQ)=E8PK6Yv;$R`bLD6TICgKa(8^g)&j?0FkYG#nS($VwEn?6L0jLdv_2
zdq>-Mvdhv9!oF%zUA5H*gp{>jMIToex)fq{+?B?4Wg)f3FbYvV0b@Jl*Ptr{cz|To
z@!ZgQv?!OFg2@@ie<O)i@#gzRuMgo6aH7~y%_6a{!jA9W!|9+ftcYsd;P`ygEOYBA
zmq3La$!4uLiv1#*di!l*$AYN%wf04p>voU|O-Vf8yih?J4BNY%75OjE#e^%wkkw^C
zd)`UMdc>{>UZn?YZ^wQdM*unA*!|0@VwKS5SL-GXR*!2RMU<2qiN_L!hBRPr+!7<q
zvQUnF+`}|=;+G1v*M#9RYKD-~Dem@oKL4xE36L(VE&w*`f5Q@OtXik)Qop1g&ML<3
zW|vHqPLs)+TVzDtU5MzVkmJMui^)EQS7<UaIrh5kX(t`LbLe88UFmVsu6NT(5%H+w
zlpTA~fd{050QvB#1yAoY+8nT@a^@>_k^g01%?1bFhOr)bEnCMZO#Y7PIb>#~{;Ycn
zM?hSQ*QA^bjJ;<;8(AM#LPP|z=K0O;JS5(x=68+-H{ZJu3hLJOHEzmjDZ3$aAflJm
z!M~JneRr6TrByXKXon$gZaRJ~6Uro)kS#=}46RJ$4~-P|x&nJ%c(SuA9hF8Thb54%
z*WUF1YL%T+Yew>FVnyc_7;TTef@<orR+p;tP7r5=u6S&#BdS5<KiN((63Yo<#Kd(x
z7RIrYI3K~kJ);|Ry_;ce;Nx=lD7Pbeq-HCwTYTxEtwN)~>M%D`#Jz0zpo~$x@IQ%;
z-1q~}-`c3LL>zaxyNKm6mnA}Oe1buoq2UtrC%akK53rUY<`HQwuD-KE$F?~q$;oMz
zBTMk{yaIuhW>4fx2hC`G-wsR#62ndOQguDIAWK_O)gF=g%1DNISknge4vF|$w+8yZ
zgz{iXldtpha;u`2J<A8_^r5R(EDPF-^a94u37eX-AcWz>QU_NL=wF|2hX3?<YB|Ve
zD{#RI|C{b)#%NdqdDPt39PdZeMn*}hb8=cvbM5Cf|GzA-UyU5Ikst28n2n*d^~C>!
z0?)l!TJi@59Izogc%7`7JMA*J-$$=d5Z8YAY}*%U#LZY2eV;hfY+Q}RJLo=FRBF!g
zlZ>1IG?jR72h~&pA?<+zkqP}m3t5!4qq@6;LTa}#tv<yyb6*8!X)1CdsbaH5(($wp
zUAB3*tetCD;qcUpBtn12ISqW+0qWZi-Y)+hD4L>q>&Ln_#3;3~WUY7A`>tunnwEOP
zSZo;^Gk8biSGUr!vq^ued+-&=!_0$(my;9kZ`g1a>CVTF4U4pHJsI|i#ZF1}st`oN
z1s>SAoKo5Bn!dmJ?)=PxDSN1|7d_WZJ;mW^>J&D$?kbUF{;Gv36`%|npOkJd_zL;v
zR)?pn2y?v8D!Yl_d(T3!9|dlo7{zV?8Uu_q_T4Khid5{edo<c36&QqN|Eqh%((;B=
zY8veLi3vQ_U;m<^ST2DZx2a9QFd?U{W&q<mAbHB-awQrwjdG*<azU%Dz9KhzXrU=8
zc25FKi&zK{4n6*VxI4?RD7UunD<LVUNJ*(kcgm2`ATWqSH%Ll%NQg8jNOwqg=g{3b
zbT<s$9q)yEd++@`_wgR@_xBqIGcaq`wc=dA^*{e7desG>iOup6B$;gt!k394Eu*h5
z@ga;y5Xdw8g^}U7vbz6W3@?FL(@N(;$5IIRQ#bV+D=3``;<#4$Y0CK}pHCaTDF|HP
zxRAZ<TiEJo4EV3}#e8QfH=D8>*Oxh}N<M8y+dz@ka4H~H+EWKH%20U*EKenM<Mez|
z27w5<daLRqQVBVKgn6gJ6|i-7<A?<q88o>qdF_l_d{3Xn`K;j8B-o*Ga3RM+Pj|h`
z!FZB%D|G^@apQ39(5D9gQKFU!+O1}0PTyZJ9mi%20RK$&XY>s$_?`p=MoFO{quEV8
zxw5KMGL?zL%<<sWLoQg#>Ux^~z~9Q*mz=0+FOq?pT-2_0OSuytD&>E}ws+s3H0qu!
z<h~853De2vl<q2T`W?C>2`<E}$99T#!>lbC{aiQ;MPEjuPFxw#50#bu<;)=ZlHrL2
z$Gdx(Euh=wWpGp@{S6{tG9z5w?pNvvYByKhi*5G{#lIfCyBMdlz`Y)Lt-TjloPP<?
z9d8vzu{ZIzHl9M@{Ohm~@B4>|uD_~K)VpV^k5IMwij;jF2fvqpk4(I8fpT0hMQmi`
z{lC=`ddYA#@JD6a+>>sMF(L7na+mbCa(7fsKcg3a7zdXw$(LCr<mTm9Zv{YFD-OWU
zs0PzX#zRQ&+C}i|ud{yIOf#PI!uor^_8L?q^xsDv{ut(Sh)5QCt7X_r=93XJ(ZKsE
zf114`SSrwgBblkD!B&!1ZH=*;cAJy5N%qVBl1V7U@W>EHmWi+Gn2vEk1^{EN`u=LF
z^qbV?%__|-!i^(AjbEh##lDuBjXRpR6eJn)#0Q#5kGm(D#nZe0y@{dv{)>Bhr5Z>j
z9HFM+*B~ppZL;LZ<-gXUJI-wbiwO$B#L73CP<F9Cwz6698acC;6MlS^oa<YwqzQIy
z4N_7mz17OOrqw;O_+otHV}UlEfA#o>mRn+?%aYEgQ)c!bt^G|%Bx5>l-z#KLR(lSX
zhrb=7h29l>Y%{vaQ5mUJ`ZfbU7?!d@rrG5wOge3Ry1X(nc|F-225XX4EuKb~8!*py
z&_95T$tHqHw9-lDnIungX&=E-^HY^8WCWmT`iU_Rez1p1C1XA;)V0^qYR6A1Q1NTB
zJ&BZBw~eUzMQ<bz*j4R`X^Pn=K}XP$wd3Zctf9)6|LBge5wgdU10pu|s~Q<ipkK{2
zifzQ`5$oAMDG_O)(gjL__o0_LwSdfw$97w&!;1U-RY0MSrYF*bTa|PES~%a8XqnXs
zv49?Ag+^`7ym@Q|<Jk!YJdPRhDI^xZ?>Pb&qkNqZDbiU=C8b*@5$9ul8IS3bgk{5&
zj<zrG{s@kAr%}%?eip71k#uLulHsfF5&UR$QQ@#$6dVD@TlMA_*3hk2Q=E@uCt|1f
z7-fLD{Mbd_&+bds-~J~GId8$E*wl$!o0k$`JjOl^Y%qU@4H%rzmx-GwXvG5ebsQzz
zI<$1$Jd9fs`+xAv0Pk$_LN{ii8M~!XS+7xzA-m$RC_&>2w^X9pFK0U=yC?1PnVKfe
z;4DF*pKi^PQLv_%fj!W8P!;>&8E}<;+6Z7Hb0)Pz^1vWYCB`fn>Pwv-s}kxd!C*=i
zE?&EvOs#rKH@BW?mp?ZtYWFuOqQd+@5kljW0Qm7g0Fb?DN6|afVNNV5XhTZCTty_+
z=geRFAcofsRl#{v4!SqTLv1`M4?PYI%yyk_A1Mc1m_{63&YQj%H*W}*$qdHxJ5kTN
zKn}}(6_tFIgJ12Yfnef;*z<0JM}|MrQoJpsn;J~k6_4AlS-c9%-4K|S0iz6!csAeO
z|HyiGmjD)$8z~c36ZwiPLlod|k1}lmP3@b<gYb!Z5Q7?f2xopwi*tJCH&XZL432*U
zyvmrZt6>x$-U9ar8B1;G5S&F(@1r5|E77c&O*}$rN9UpMPaG0z$5Ikok7|A-N%4H^
zbG^7w?oPOR76XtdYNJpbV@ma(_wv(ccNSxPske1J@23TM5vZiBgS7ABcQx$|mR2%J
z{{>$~r))E%3H85tKVCwKlW)qs$#!w9a$VmU8!li1tTa-7b&Yy1;jcJy7IB^+|BREu
zNQq+G1I%M!8+Ru-5Oy4W_aF6=$o*>yiOJ#xKakVCuZuv(qN6$CRE}@ywRj~p@oOu-
z8j^LD%P@iLc09s>T3JBcLpjVvBCTJyOF}HuPx)VDaSmhPd5o*N%fH~~TKhfxjGvr@
z$%|8xTpxRK4^_D#T(m5}N8NqeYyh{5GK1N-AAb}^=BJnm+~h%M6x5^Lnx%Z@rHP*c
zI?Ac1QICc*Zeh86mi9YOKyBGk3^96=f~}TAzd>^g!qB)3m?b~4lns%F(2Uk$hvNcm
zAn6_hubIF$^_}iIw1dzErwL4(kEJnUDQnjDS1x6xFWPxT0ZW#oI;jYH$|QwrUOHNm
zf5<!OJ^a+iW6C2?@21dX|F<1Q*(UwWAvWn{Tw)<Clr^B%OzmyBF_0*qs%B9g17M$U
zMjTJf%2`#v_s{9xH|);g(B$$ojo1DQbEc+>2Y1nsb`mM#g_{A`^kU)k-rM4DXzCZ_
zg@}SRjJBBXos?8`y;UAg{)IE=!|lVE8#onN`s|Y6i%Tc?PaX$Ge_V9kxjWqEKB9+n
zYPh-V$;X7lFrXg9uU65XY^zeh4PrlllHGKlIA66iB(ZS%8?#J?2Z4*=Z>X9-?^BQC
zD4ocvlvuenNY~sgU)ibM3=1^ys@i%3SXvB2w(GFPx=>>45&7}3UxMI_EDr*nh~b5^
zb@>Bi`QmW(*XfeU@&BTiDSnvo^t7@+$uoHj4T-S@PJRkIQrtU(oZjA|aF|?wd*gem
zsNk44^3?vJTJ?T&?^90A9c;q?=8BU(ErZ87zJA&d!NV_13YZp#5wgN*x8l(H;1dVS
z@<-ly$FNhateQ{V!Ch;Rr)W=_%8MW9y;gCbs)wA4{zv<JNz?k}Bt(7sI21BY`dY{s
z%mu2pPkR;dIso=cRIEdky$Z0#@$5<9t`+)i>QQ^jIcxh#5JkM+LMDX82S0<G6~2&3
zHsarLg3~!L8X}2Tcnj;{x3d<*0ctJm4|{}lcwyYHhJZi7lxLI%Am%pp4{H+{Aas{^
zY<g=N`A)5^R5>Ye=QU|yd;+MaW<X~3Yfl<YDV$-bpcqS^{J?Y~cVO^&DcQFQmI*I-
z44!q&c5F-7mVi>gLsNR$4}!d(Udlfkn5%J{#UbqEgfp^D3;eyMbD02|@PPSgz-hu{
zSg$8C0_tE!9zh4FV&Su1al*!nKf+i(Jz{yOAVTbo??Z6y_>SH*a3{$f2l4IsGdDo|
z_Hkg2tf(>kxz^Qzei}eM58E#Ork-AL8R&xgP2uR6(Sq%sDA+?lF)icGvWtLtUi%$>
z<(Vvja3&bdGfezw`?ofyLKg~7$5rrS$7<G*$~)$m>0m7GlIZ@bPaR;ImhUS5BNeXL
z8WoLJ4AZs|h>vi)BXA*<vL6z8qa<JWGP?@7xZZ3P{)JW5pRR94wuGf-8^s0nDCVVS
z!|*=<0f}*Ir=<KU+&WwobHO_T*`><)?cztk`o`;F5992kE}D-7)W*tpAesum3v9M_
zNd^jtV}_0)*cJ}BX3oo%hdPCs1kV*8Vi!ka>7YYTGY{+kk*z)wRY1Mpd_~{(vM>~{
zU4DD*ZO(jZ=YD&kL@<h~Rk~<(3EklNi@Uzo^m}Pka`B-TjK4IcOaR@`8f4P3JX-03
z&|FdsvYmtgXhI4M`N9lepva8s+uCr3C)0Uy?anQV!t`*?{ER<!1SchfH6C?l+Y=P|
z;FqCmI_9_(^Tq=CF`h|ogKv_ulTZUQmp*L@z@7~lU7>|xy%(Pyk{8$9=^VjtyqY=A
z^SgzO$ZG#`?=P?`ArC60C`dYkMLF!9@aL=4NMe?3ht2Jdt0%}}z4*m6&ZmXQ2H7te
zFz1_(O1x6`wLYFO_A-<)M4f7n*SA~0UkQ;&Ab0-OFhly}OmA_j6{b67!cD8ox@IYd
z1Q*W!KcM}QN3`<?nh=&wFU$RfdD;L#<XZB2fsT(iF=OC79+0=vV}8^Ay15pI{(d0)
zRWn`2^(XAXJN>?AR-(aAtP=E|c&cZL5c58G5`-3vh17<zE~qaUBi4+AR?<YC1|ZZC
zwVC*Yhm8G7{%viZd6LZb*S65*Q?)GTa;lBj2cjsN5~yyrodEJ<wdjwZTphac&3;^r
zs#2mZQJUc<eecjvyGZuLQ_k&Mvzk&R^`3Vo8R;%>X6u6lRU341JJKKYlpv7$u*OfY
zGXmPfG(Rd5lU%2+rLnF(;La=j?PQGBRE7(nnH_w}Y;=zRl4u(sn6|n(SdVhPZA+)6
z{@zE|q9c`UTpvc^i7|!CK{$d)q;>`FrM1Kx;x7!3B(RC3&FJa*8dhgq)0BYqhRyWL
zK3!oF0J_e9Jw?Lrrz~n8?1D7sp4;B7YYy~c$WAN)&I%+OiJR$3fISmQ?S>UR!|hux
zIbdIK$=$i=O+{rgSoV7iP=c-(bZJcj&Zga=)Ax(axz&N2KFiPtGbxe-;_k^9f2^gt
zZXM<;Afx^b+Gs_>adQO=jLnR9+j;w(P+rIdvruJO@<Libe~LHzThwmn^I*3w|0KT3
zzYR?I5UdE3hl`t4Q3#@&<ts0em_iWQ&M@|H=o4$rTMVlCVaQARcWjIKUK|hWCu<el
z{6~jATAgnOdpxW{{!}~?<-OkhzWBo~pl_8|DH8|dN%J&ws}P91cPxF&pi!^t_+mv;
z5Cw)Vki_<W*DLC^NA-gQKo?6fJ{rs8ZY3fHMyYLV$=$wqAv;7uVgAe6E;oJQD@ygT
zkS4E)_GQxiSLESQZT#B4@D3Fqamf$apcGaXgJG1focY>)F5KDk_FhuER{}_CYpDlf
zj1ESIj&lQfw3Jn<oYyTq#?g3@)#_D)i|SnaUdW1zEa}O`6e;hlogAf8{R#+NGb&*d
zU~d^gG?ko`wO^D>@4wl<GTl_K{=if}Sm|CTnI=IH3y1@n*SW{kwHng}1t4*X(5)Z=
z^XXStE5BLmgDZfw)^}2U$+za*Ya4ijG2R~TQd~d|xeuKLtZAJ-*{zt)c~ND0Mycyq
zE}9~o`bYIg0(P~0j78?b=x+O%HnIxGp2Q%M=LyU=$+TPi)^;o6cyIaCubLoASXRns
ztPNEI<oAvb$F!mNy;|%yNWx>$&++id1w$4_-D9T^4abQEA~H%Tm{jCdV8u>h_$yF@
z=+D81B97Qr_68}Qj)m6IV@g?rC&vcsZcCGE*`1eRfUNYk%1~9nKEDO0#PVi+TypD;
z7_bw*w^?I&y_&w3&a;uB(14`L`8OzUBt+8Xeuu1N<b{(NeBPYe|1=38kQWr6td_WP
z)M{vDVtI*%yqL~%$4yh(q!hcW7kS*~XvTR%{d>tW*zeJ%daG5tA(>o7V9CcyO<_I%
zq7v;QL%_jc<UM_Bo&Bmb?MuzXdEBGjgoh?1jdlcYr5YZR^5akqgiLnGL_eizhkw=Z
z_i;I=;iDqOY<J~;2VRFbYQC|(QN%RWrWM^I-B|%;L^&a2>gCJEib_4}=*d&waB0bz
zw4KzC>LhVp^QZZ-|00gr;OByaJeC{C*p1zkSc5)8LHFUc<R=vIP-(j@6j_`;RI70`
z`>(CoWur=b>bXbEC6?B@ndCT(L~R9f|0bAGzAGfi5uKDO^4w#Z)6^N%R_5olOhKB^
zxb0ra7F)n8z&ra8Q@G|ECTe$Nq#KK%W-tlIOI<0=9oey{WbddXEQ^z0_Z~hbgWl-?
zxp}g$-VwWnQN`{ZQy|k5pmVF8RO#2`YKksb)+sY0SL^rEl5+q!QCD$hh+wLU=MZ0t
zj=s&|D&!v?;RJ!IPm|BB#S`Mu*)(`Q8fQQ`;Ei2R@PLJ9fp6Mkf%*3>#nJcP7*_vF
z3C+}y7DyN2T4F#+BhGOIO8$4ASpoPZJs5=|uz*b77@De-WST<`#w)lx_RIu>TV1aO
z&-}#Cr571yp$dqQvF8UmK!%C$^HvRfVn*8B0un1@^}DWel>P!-0f6OFfboJNn{mi&
zi&#GB06Ow?<nW!i?eD-9A_Ua?%!q=&*6trrEXvmw8=@TPxrI`FxtwTxGf|EuJ1P#G
z+S6;C*GS0?Sh+kU9U`bq8`8R`Q-5n20Utr(zcDCf0%Ov@Feq05Y5D?d90b!+yTB<A
z0WYC-DUg62{TY|aJ_pL2CZz>^l|n8Gq5yC4?ZXW8rHs1|)v?1iy(&R4K?eTE7CB|8
z=dpgq0^Q!~9XN+euiE?t*&V<624w_QCRG)cSe_KLtp1yIYGc%XSil8XCmYX)SUr!&
zX6k&tk1$CEmG}AZntJ-L_x<$w&KL0mc{NWg`E~kEkkwU{iCKOi^L*ER=;AOqS<53k
zXaXS$6en@&GWZ-vZ5Rp!;HsH6++Gphsa=yu!~3uEi7d~W**5q%^316_;K>{9C1jX^
znSdSNaWh1TGPbI0m+E>%?t^RdX;Qq#RfwRWl#c#GflkkL!Sy5jB@mA=l*Ws}FvZvL
zKa)Ky%v<Vccy@#dFpu*`$8+|o$ddwXAZx0>pbGq33Am2)2ZG9X0uZz&_a1`w=b7c9
zcj$-MimE%bj<+jgfjv+jeXMGFo<LkeOpZ~%7X2vm!`O|s_R_B<Um$xQk9dH=o@+A{
z5Pmvwkqm#<e&6K`T<+O@=H1+1+Z@A?WgZ@4M_&keqKF3ulQ5n)2l(boF3*KMTintC
zRGSb9!%&LceS@prE3;u9I#Ca5#@g*(Y`F56Cz)Gu=duF!I?nGE*}Ls2Vh*&4W)L>%
zqRgKYpZ%jPHR!o4Y-oftWd2R2|JY=}x-BXl4j{TfW9-8iNIn}Wg8m|=%1j~Zabu=W
ze2+IfgdwXDW3)63P1=Wu3!b1&yNl5U_D42%BP7TiTH3ek;8qZe!`_g0TMm@DZL0#7
zV;E6u>0eY&rQ+i``+kQ>*HKR-Rs|zo35!8b+dqbvSzoxL`BrTO2x3a>m%Xj25_VN2
zXtY5KOu9W)JACxeP!zT4xWU}eSOxpeE^i?6hg$vLghcx(R~+gFFG@JCdTjTn;J*Zz
zF5>UT$J_cmH_s0~*;~?L;kCH31R(NAvHo~EafZ^s?5^s6q*Ym3mgjrNJ!Y&Aiv+}`
ze@Acq6i8ry4JmAriF{oD|I&0y<4X!)7gOZrS{5MD^;CbvQN+4GUSK1ve@t2x*Nj`g
z7I~SM;LU)KmtMApuLxG#oe%t4-c*)7{fCaSF8{X&fi30V9s~m_(M2-WZRps@q4&bi
zjoV?0Y#?tPbt^t=|HI^$jVlYhk1@mP^71pmf_hE5Aqun+sW}lnJ!IV(qFh8(BB@FQ
zaSP`$n|^dQjOjX?lYp6S6h=m(lr@b?(H7SBrHk87A1tG&7&gO?pKsQK*3|?S^IjHM
ztOB~{nRT6>YWT!fII81hOm@R5ZB(e#v668gle0f8=v#KsF!<ZuqfDFGM|Y3UZtr|3
zR2Y8K?8Zsam!l69E-{87b1uk2l6FTj<3mAvQ6g?yt}Kb9RRR^B0&V7WZz`ZNbyGEx
z3pMX?Q%`aY<mNTetSif<nEG(LpjVZ3Wo|8%US{sF*GLf*brT0ghmc^oAD?lvfeS0!
z@`;Dc3_`q?f25^WPX)4MEQKuXS|fOrhBb{<eK`x`!~^lZ|2oMv1Tr8=xpGtBn|yl_
zQ4q4?RQ<8MI|oJmKp&?>I_n<JnCYP;5n-k|eY=w<3<HkGI78hlmAt^EiZSs`(JEK0
zv6bxVc@l>4eJTrw5@VjGI!^#fgJUOQq``zWkZtVfvwEh**fFWCsxzCtoEzfsVEyWy
z!hzi8yye~<({$A6?C)`uhKs;5+lD<|{+b<-N#UnSiQ8#ry(h!meeWH}_g*}hG;qVq
zWdcNQ)M#HQC=5Js$j4!4!06d32f6z%)+s32eXV1QN{dmkS)iE<y3bkymdg(6`?+NB
zdczxoSF0#B81Sc!V6b`n>lQFZOsAu)a~<xceEFc3q)6>MkEPv8|5iQckVrjqbT#~o
zMijN8mumgtvwKNIUwnjw-4?HK9kfC4{`7x)gHjvNV+*-?6#{D#naQ04^*)zzadp6c
zZDVb19FVa~0La!!Y_EYV*s(F{mM-HQ@<QhYqu7=28A;4T-$iTtHD_$A>m#IWhOGd*
zg7`3>aggIn$5{x7`#!m`m9FncOi*ymE#RwqX;MIZuA6(AT;pN2(-}xMF6)&~j*}Q4
z|MBeSfHw5<FkpF;8qXTK(<ViVV^B<uFOSERs0jzW{2sR>m@qm0<kwvhd9Pj-9)MRJ
zqG=+Rq-j2!czb)rY&LOB0toOJgua<z>ugaA%_RPb#GHP-qs7iqHYzo}_#Dgq>7gBP
zDBq>^DQrZg*sJ})PcjtcHdEp!_IOX&+Z-Gu{vu;iChqu^*=)E3P6uX2Zeh2t5#j$r
zcXC792heXyLje?F+4ouh*l~Zd{*$F+SU(PzWS2Q#uwMvk;xgktF`jsg`Afb_msNIm
zCaTi}j1nVwgs+JAIQzL=Jbn6JP1u?=nV^8n6>?t^M`!?EJ&UNyEZ}T$d#yCQi3@|*
zJxuWS?Y|d&vNt8DBjYq&?bZn|Y1S(1e12V<^?@o?{1nnQJVM!c{703_spAQw!luxV
zQzsGi;sBCtopstrlRR*V9#6NuvrIK0F}hAu0XTy!RKk&F7DzAa27Jp^Ypf|<S!>^#
zsj?}R`F7D{RK)5X3^%>`sZ^J$UTAJH2%G_^t#-5g7=Dq;*KGgAcjY>HeD5zay1L&`
zJ*#F{nb<ch(b%Z}JXt28WeGT)q#4GBNjEs~3`Rc2__zq~UFKiEgkCZ!L~*;5*DhS1
z?NUz{(OL`#=K|x28D8MH88mc^!|m*MR3eLGpn0lGYZ%%B<SUR~hd+)JcaUA(26iPT
z!e(u})B3JaGQhIVy)VLZ*CC1)oO(AdE4?Qhepbx0SH*$gFX>P~;&g!V#oZ4z9mG<u
z1_u9RnJiGcg84o1X9c=L4!8{b;*YAw#R4bAo^C50>Q0AjEX8*XgcPyNj296<#HS1<
z6N*T54*!asD9lv1qWgKig2irUB!FucM1&d0K}8jHdV@Vpa}cOsrn|}=^LYJyXVS*N
z_tR`0S&WQb>p|(Ce29IZcqSvF{9P0W#^S^3Ls;+-aP~{HsJwm|vPG}%{tq1$OsU8x
z5_@9ykNgr@=Y=NXL5h#1WI_B$b_?C{YG`408{l>fnCX5GUj(~N)rW14S&-L><GDw?
z8L;}{Slg<EOR8Yk%HgQfM~bT$5J#Iqs^EAnNT>ks5;q2t^k2VK0;2$0FHE|?xS*@p
zuyoNQeB)_Z0hnj-Xc~iBC7NqDG%ypoX4yr*iGeLuE#kUha+_G!0D-lale0@-E9OtV
zEWQJGGXHT(kN|;wm8X&Fqt6`I?Jo7#&2#3n63P&zZ$uV0sbA-<d8NX=2{UVaA`G9C
zx+w*6+5%xsjKl0@pY8s_tAh_N+3Iv?o&|(#0rpXYVfTulXoGREbNQ=MNjyMREaWuG
z)4lpc3qtgdj8!o7a<PNtZyhIJ-5cJ<XZQ^GPTYe5h2!0}Vet|x!+JU`NnQ58zU<Ca
z>uGtXC<`p3vy=}I2B9-``1Cz9$}O_+rmDw8G(3}a`Wm~<tyRxEa(mLwZnFFO^CT2w
zRx<@vgK-m#9OkA@0^C4JI<!F?fVFOLNSJu+aA_On6%$n#-5s;Ck7JR8BB0;0HUzA7
zS1YE?Qa;Sl-gOq%CmoZ7<61VW$yfh^uqpF*-cSc)5|7q2p79_qx1kxbd&(-k6B&l1
zCta~MddvP=Bt<&f%I>)$xL@-%0wGu$+R<Vk6?moam(+BH=2SLty>nLg>l$DXjX6vq
zzBgMFY+ko&0IhSBgG#$RuiF_Dl21{V1A_E~(xxKi(r;ohSv6;#Y1u(3dWL~&e;FG$
zI{Cbl&OE1?jd~NLlxh6|ZMqnr+A{rEu}NFj_`r_(Q#<AorMgIctIlVU9!`zy6oThD
z9}4oKo$bCIu2f48SFP_(dlTLMRtDPQw10h8Pwj*}I8$VWaZ?XS=^frD^7JeiV4oQ|
zaJ^9v$;8+z%=FG2+bD)*U4PQg65qqt<76V4DI2j<R+0a$RN>utV2Jsl_b=ILA$b^W
zzgJ-Q`6&<LDpX^#L_d93V>-)-^#Cz3%eUc{TcpPRCNhPz*4D3F1|YI52hV1zw;q6~
zt<O83Ug{}ZfIb`o3AM$i&*Vnznup|7?4q6E1>KK8nwEmx-@vrm=*t4S%y_4TLT8%7
zMx&cQ%3M3ZvD^oU#nI0Epjo^`J!nOCH{AAvF_c_skM?d_!<)hES`iEN>^Y(@>Q5)%
zpO3L;*jm}!Dt5kPZJUyXQpuWExcfgDijOu`3gb|aKhxZU#g@mlJ~-uvKSbvx8p(Y%
z{=>%5M|_$pRe<f(PJfq95(SGm?ViVGixU)m26(KbPbq$zI3T?`d7^k$bmJ8|YCAGX
z<rs5`(68CpBH!OSPnVdBa(r}v4*iltrpX<*PmBMk)Mz&@;}i=dV~=;57=UfKv89QB
zgMQfr$O!xdH}v+5_JM?e(I9DSpE`kec#P3g41h|eCLk*NCfjy)$cs=(JX)3TwEAl)
zeu9hNvTbnGPJeve2j}Zx(zhCU$SOXUr(_1tn4TrQ;osnU$$8Yoc4VRZ4rA`_?VKgU
z$@76^P1l63M=et#yjN_qbxFCYj@{25&i`lQ1^rI{-(`eE6x2~RxLnMibtHY9#AuDo
zLp|3;!^XSL05bl~p;XjTkr>8fBf-WkJ`C13@vn7vq3FtSi!0e-x_zlD9J${L2!CxL
zfr3Z`JSl@nqyeEFO<gWfB!nu^h8yV@SzxVZiFPc${ri@(G{9uK6RzH;T8j(3i~SWb
z@3{lIs?NC;cWVnJtDm48=IFu}sF{TY^;`1FPyB~>*MlQE8IGG%p3fd`F{_hL4UO%&
zzb|)-?Ox_JpC}W>%;JCd`R0+dp*PCwS^|ah^`z9p<Bg#e@>*vgZyY8#g!$!K!Sv(T
zuY&R#jb#rE7gkn)VA^(Fvm$P_8AHD~9#oo1TX0Ekhm@Gm)~MF-Fk4HES-F4Gj+><s
zb&pPNGIT()gWJ{Z7y}}%3C;XCVJJeN@=nz-iP!*aHFLW3JCv$U0%9#BGgv_6Zeq?b
z*A=EJ_K-H-jw?*V{e6QnsfR#w@u#k{2NOiRTu)PmG@cD!d)EmVNu>Ls!_03c3JPx0
zwYQ;uC<bmTUIc>MZGi^7rVjt|VzAEP<L#_Nc$D>`P8~9b@Cb`kkR#DGbb+rLxM-va
zcr?T(Dmd<q&)7*?F<@Q%-YUE1>?(u;`RSKG=}>p7NK343dqw-P7edl~Dl~Xh9VvaN
z(dIsaG*x_`o*MF2%`)*mDw^ON6ZlU?egKixZLQPmugi2)q>X|oo(#&tv_R5Za7!P-
ztD60^kLy*p+{Ovl*3;Q7x$K5>ufI7wM#%K+eR3EahHSjqM!-r70;%kW2A0<s-F|3}
zt2544#-Vq=WsA1fwJwS7zF4f>3%+Si-2yi!`yZ+U(o0{N#>o8@U-(ny#v}d31Oy^G
ztc7S>_BP-2E+FpE;a&nPHjL}6<Vn}9c59iCD^#+DuMDgo2cDY6b>h3xEW^J8j%tyx
zN3raA6ucR3VfMS?cvML**P+g5w82q{$C>!W9cA3Oz>OKZf~LcYsYB-ec}vvxx(P4E
z_`!YpKJBx<xZ0QFeT~mWS2~nTF{>75Zd!WCEXIlSZpvNCNh5HzhD^pBxtp2t+ycH9
zkaEo`fM6`r0y-(H-^VAZd<nZ_x7%{#vn`NiAhAk((cK=DLW7(M>H!iCvL~OCa%$&O
z@ePO*iq2#pHy%pLJZuqwNjBC6@$h}7|09EW2OO{UPbI!(WV3cVeqn6eHy$mMvNfY!
zaQ&KvY!ml*dN=0fZr_lwQhXdHrrBkk8pqwsizp52n=HVM;mWyRxl*T8y%K$HFbS>D
zA&=*zZ!O>Y^nvZN?c2%P<~NvQ)I=2nA6;%p>oz-?Na6r}(QiF?zxzD~O}E#9@YJ4=
za7kk!X)g+Uc~v??&{*;<{$ZhN?JdH3iP1ifWRuW7J@SY1iKp|hJzLZnmL1H#R}5S2
z04#3Ee>vMhE6j`CovQWt-F5s!rn<kCrJWl<ru?9fLMgnYr@!hlIF4C3<Hu92rue2b
zPqtt<Zx;P~Fh?C?U?9&bdl!PzzIR}xTrS?pO7jGAYnhM36()y2uD{Z?ZIyN`#kb~X
zq~x13*bTuxKT-k9Rc^p?RnjptTYLBwDW^xmf~LvzkHqXluD<ha@@{)M#ZAhLT99W!
zP&|Cs1~3*P+=#YS;w|z)nK?SphEpwg+YSB<v3`P&8168ypbplzD){2jCSOe0#2{*s
zQaMlf{GgY$YbhO|-B4$xxu4y_sJ!y?Rv}qo7J$ctNy`afgqQd!Ck~ww6w;rbeYi_*
zSTo^d)ajcvY@_@2^Gqh<N|~_!5jws!VROorH--jN=2`;x&dthNY5}Nbj@llyDPU9u
z;B3!1q6rm8Ncv3q2%w!@{cdVFm9dnYivo5~06eLuWjBnfmu&%KoAyZzB``dBORbu{
z(<BF_(3+a4OeWX<S54++v1~u(%U~YM=<1`*0?)a()t3;*&0X<;$^rlw_+HkCx+FJJ
zz7`Ff5h39@3tIsUU`@n{8;o|b-;19O-H$aiZpvu|UfUhnba;>(Gi)>@1y>#jbe_w=
zhNRAvrx^7b>$I0vKp%-kr{BZ{bclZ+HQ^juqM%!aW&(6v5~$4T0Yo)|qCC`NIqHM_
zQW3&+Es6<eBD-_J)|z%{M*kt6*ELTil#<_htX#awJn0Rkpi^+JKzmF$L&X@|qQR9(
zkk$ACefMjjuw|VROg|nj(GoaO&5WM_Yof7HjkhUTkfP%qOF4Lgo&wM_Wp+GlntoqA
zu&?6;l3wHMW`b*f1yrdp7)gmvcQg*2z@hHYT@O=DxZB0*cxNLv?>IA;<KJ$lQ+Mkg
z^0sw)2QAa#;!1lNwVDU<@#-(cqe?Z({Sj)jZ69(5l)XGjE8QY0Xz+P9XC!ok67<s1
zxv>Tj5vN?s6jz5xQ9$$^P#9x3N4+-KZ5!enLss1!xojj37{^VqQw2u3TI<UgufH&$
z1huq(f<M?U%E&ka!Ow>@#)E!iojvUPWITZ#MXJnx`<pTWDvPsfvfdeepsE)eP}S@F
z?mWswi!qd81~0z?PgM0yjuyIpE<FWq$z6&>#e2P;&`_-!_pXm}k$O>`p|cbsG@_Bz
zlhzD(7rh*^1J-L_`fYZP)W>&t3didVV`BCW6G1kKY=#El{bD5^&!h86hr`)GVu6dI
zxz)iYK6rClsI7Ru0hHk^g>KIHx+usluI*yOmxGE)(+X|U`a?{K!%(E%FQ(#O!GVEM
ze6N*IQ6IkgIfoQK1--6@ME$fXr7%n!DV%w&F|ht|{1sL|P83JhH(am1<sU_m_2<Je
zg~8tIR)IF}$p&oVu@6SJ-o%w6TNDoG+MriB4Xuw{bY46O=6*;Nziqj+brP=?6Tde|
zB9rM`jGI6~;6y-Nw2RlD8aA#-HDihviNE7U?_^_dZ57|AK3i@lP3WXf!eQK833mEm
zuwfd_egG(zQ*odt1O%a@h3;a05RhekoXf$Sb9NHAw{~LnEg2OL!|K9%?3$@nZj!pD
zn!4C0;5u&4$@ZGt4lJ06Kc7%Q-jCOCh62ur+8XNuXF|7DFPBXZn!oq#je@~GQCw8>
z%Mp7wmA+ZQH_zqB&^M!WxHA`W$;OJ!OS#tEdi=s@tc2d(_mQRfQ@@Sm_mUv+JmcNk
z%%M;oE`rckiv7}9Mn{$E7p5=#d25iE>r&;GPcNmylv6DR5=XF~#cSjai`R?{952$V
zdVR%tSbZCxm9{g3C<7V)Dm~DjP^Lm(?fv!169nKx^e_>glE_nm(+0b7dsuz!biMC?
zzn~@7=yGwawN_C@hvfD3Nhdqf5=#jStg#CzC|*$uU%<t(GL=d_{?j86&Hd|KC}^#v
z`S%I;>o3(<RPLL;Ur6<p!|4t1)64sJJVDq+D$(nD?}QTwqFh-bX6ux^f1wd1@iNg&
zqZJ|<6knYMo_$342&W!AT;#^^z7U0a!(?QE6iA>Fhca^!T@HsCLf`QQzAyT~;F!|C
zz~p}GVmS1oX7jizC;*>M$j)S5=k4nt7Ptl$yooKSN=Rg0ZrNb!bQU2;bEp01ksH=<
z4e^X=ZS`jg+ApK&=3Q?z@7wuz>+bv81M}U>6i?b$CI}Jq5#bM|r8s`AAh#JsUp{+3
zSL-y~mhr4D@Cm<#*2?u!zmqG;6u%IMMFUN1@bQ{)IM1Z+(o(SulPlV0ZusNfhPYT>
zWu@`Bz!Cf}thy4x)(xkzCG3vxR-y=oJ;ix@nz9+wQGj|rk4S3Hwo^~K;^2i1Sm`SI
zz$?L4JBcpQySX-*NqJUX%koi6DH2}j|FfYsKi`R<DCD^`W}4n0F_O*oPb2Wl5N$0e
zkwpzmY_Jde^sIL@yco4evDRl|qb08>9z#Lq<e4>PX$M)cSb^2lTn};vBr`zkZIR*O
z&p%&FP<_5_g;A=Fs1*=%>2QuUImNpy96N;&($8-%vyFfsLK&;8${^uep#J{-rxC@}
zC~<=3cK)R>Y}sX^=&7nHQ;zk7?paEV1c=>cWm-gTn9S+V{9>w=wAGi1s}CZGO+JN&
z?NKsL<>$M45clJ$Ro9GCsMQ<oL>~V&(EmJz1@$-Ddj|*bKA?1?`0}lVS1c=Q5?(K<
zc!Wh2_e(U0L<ZOya4d?KO$s6t#n(`#ebTWiobn1WF;!;E5O%Hd2@Ud5I_u-bi%X+k
z%S)>sp%+)T%mXkGm)grOt#oz9QitlQ6-L&bBT=6#6*FRB?St5H4JjZt{$%vk0_Kdt
z1P+T|vh8)?=?DfGWrK{8MhtiP$}lVb@TNZGL@OyV!3f?gYrGsA^UC7%W&?v7Yr6U*
zlE~;{smpe@d^M}?g{b$971?)GNnDdePR4i!;;7+trep=F%uS})CQIp26)p#tMie#I
z#bYa0kXrIcemxRqpl*kvmU*tCw<2T0v;CWP+VM>&BuzqxVODW{*5#dnz-s@+twiZ%
znPXE&nbi(Gv|(4{>D<}g6}u~kAuq>A*vq;{MEK$JfG6w5j}TX57!(9`MKi}RJq$5u
z3mwS*(1gH^HuXk5I6AZwxqvao#mzCcc5&K}yK=<dtwATzyk}u+{D|@=je{DfD&k8n
z)r&38^%}cU_~<WJ+biT*khR|UNpG3V&rjcoOyU?Q-OHxC$bvI2&+dF1iS6#Lo4vCP
z&+JF;+D3x3)DkR@W+y!Q)1tICbEbbbuj8_3=Bue)eZ%Bbd$OKMvU2ze{Ozxm=g-_b
zuYBU?gfe<m$1T_Gk2A78)PD>cXc%sE(?F!3E;E0hJ7${fOSUDwo=an!Kk6BVrp}*6
z^WmjH`PPK*>5bc0?usuXda3oUi7CRq!GkRf&=2+}jiYrYaqoyLTPDA`bc}XJbCP@+
z8q1#^ecnRq5rUb(!v~&rzx4h*H~YOJt7__OZ1D4bhU;L@z;Gdt10=VCZ{z&n`3wHE
zsGzHRBvq+n^1d_joot!o*EJ^f3>UaePlHD8@&S{otH*aNo?Jx=*r$Bx&{=nVSJJ@n
z6`wOUnk3<$=O3R#ANU+38%2ZJ5i8I(dMt%wdg2Z1=vp!L09Rh>ZXZHdH+uqbw~oWd
zfQF1LZO)&OO`S|@PSu<_xSHl3ne)FaO|q`M2tv8R|8f^quX)X2=e9-xJq%!-s$XzN
z!6r=!%LKz47LF=hgD|?WN$}Tc>dd&0Q|hkVGO>1Ir$vzanIPjT9<A5%SBcXn)y@Iy
z=52?SvtJO6<L#@Udc#+X#)m!@7<dvRu<bcVo4nl(0{%mdQAw4bIXPfQBsGxbs%DNn
z+UA8RPb`bcD?9j9a6zGbVgN3WR*x{zXqFYv=U-FkWgXSlt0U_N13$|9BENp6b~xRc
zmQ_-!4Jc?RK)_WXDIQnXh@{m}6O4MQM8!4#18pPz1#2?TsKPiTlhGA^cH<sRy)`yg
zZ&~p!I?4WLk0Hm0*T46T|11#iDBmntkR~D{%|Snn43_et4CRaxjc8df><E<D!pF1(
z-i#C|c!CqSB`MxN9}S&3d^IF>qm_C>#JPoX)|5kz`ih1|fsAx6H~a10WT_zpn`?EH
zlSd~94d1jPnitXcIvA+fmBo#Gx+SNDuO%O_&+LUlv%zh<!Q2;9<Ch_wkXkA)m&)2t
zC;t^7DA_ziL8LrlWc6?59Z;_?*0st2t>3IMhikjbX2E&%hqcg=llqiV!$Tf3Y%<XM
zE~1Jo-`N%*bDFe{ERk`H*G!#D4V)c>K@_zxM7&sG0}Kj$Mym7ZQe^ndrc@C<)0O#&
zzRx`A!5=SxspD#S*&h-w-s;fK+Bn#~U_X{&7|ZXUcGR?oi*h&Ij}bTEq7LSdLj`Yh
zBZvFt*lescW<@Owx-U?_VBKcWIP)BsJ_RvS4oETOR=ksu>PZq{db~Z~7hhpsTrrHV
z#W+Y_+b$C?b~cs+Zqafbh@BI0%$9O<d~pGuPVX5X4mY;R7M@;XU-Oh4Dbi%<&gV9K
zYP#AuI&1J_kIMGhDbYTZHW$YWE0;4r_K|$5%yLHSr1G>W8fuWWVfv<gL!GlibLQk(
zR=;qbp?%wG)S$M)UNv`9d49VWl^W+z&7CWhDPNIEVg_NnzG`wQlf;X!!o|GeeeM5T
zFgm4y)91JDyrhs&YazDFtG#7t=_8bCoAnez$XvRbMZKWIF|m9C6{Y2cbnN_yP(A7f
z0qd*W%U(JJvCldy!)5TJtU_l;(RF-$E;VU>-riTy`6><R`7bVzNC?cBi?rUp$icG|
z@66!t0OvA@1;0wm8bU*D7jsR%?YsM&J^6U@1)srI2Gg6;U{B>kFJ~hB!i>qPmHr5+
zKx$=XmY3a9u4r%UC#*sV<LPJcm`*6T8lqe)FIg9t;qsDp6`Us4Nd+cJvI+TZv6m}~
z>n*O#oT6&G@q5Z~8zaUX+?#rvCkC4ZL;4j2*~=VNRvyH*+AoQ@ZAC2VuH*I(*rAJ;
z0VC&4+~KmWmJi7>K0QrYg=ZX<ZI<!5zF<Iu=TEM8zfv}EtTyb5rLfCSV`G&~pvhg}
zovFt$DXg%xZdo1_v>T1kKkm#P`iwNm=P(a;I$X=(*s7PZnTA5_hAplZ4TZ!bq6$l`
zcLLRJj;FDptDZ6&dYot8mTuPce+6@YCM7GPN3{Kin<`h|UFy#;XpAPt=X1Kck&V=m
z5Hi5~no3$H=CVy)HJ6n8eH8uEg^pE>H`aigCXcPO&SihRQ{ahbuUVy{9CmLe@y9!x
zfYP?K&5>KVW>tY`upbKXclJj4r+E(EC^MP^*y$8KiV*m4wwrcqv~$V`gqJqF;aj47
z>T|_Bby<|#b4XyTu*SFU;32H&0zA@`QT)VtxZ|CNz=%;{x0jsi3^iKVIFoEpV2D|1
zTRU<uOYG7j<r(a81ntM34pR1%PAONb;f^jZ%Qyz}6ABg<vKTCO>5JwhHOpM4`2zLK
zt(m~Oq?G%rl41cbt0F@BQ2I&1l<Pb$?|_N}cl^J`QCpnl7k`;Vjd^iIe9H{>&P3z4
zUw#(P>5@c;qMqAu4V5Z1W;f|iX|y9`Y=KW?GlJ6D*0~ZXWy*k{>t&DPE<syBh=E4p
zXGx9`)N})xP4BEnY!EG+qq|bFQ0nc*KD+|rW)WnpaSDrJ6EA%QlFv!ma@hoe7qc1p
z&U%Sz2}Kv?UhbUwc;!Zu3gx5tS@58pKI5%O6D=;a>k3cJL!Ha>+L%u#<3jm9QeOXa
zN^y0dwU&9J(>vEOhtuX@y`X=i`Rh7jB-3JZX-2K`Mx=B!oa;OHrQY?{=k5WkS(Q)c
zlZP=wgll~Q8P5|?Um$;VAuuj6x)pKGb0UvrzmOsyhOU}=xFGTNYB$-qAY;QmF^4`(
zkix)YOwSzEZ8uSJ5tO9uqidNPgR}hDh}lKl@bEbsJ|39+b$xL-{Pk6;ojQMcgVPN$
zAM)poWKw4`h}o0tO<0V^ZQaqF2yI#hiEi<wB#sz-<Y1x8iiMJUve~LBym-jMRYXPs
zWwbR|Y?DTpY9Rcv-qa>WW^h>7Wb-J#EoXri$P;hiPC2(-_qZ#!J}pHQg3tc;)XSp!
zQg;}9tp}YWDHOXyLQzXtciF$6k_2rWOXX)-qs!QE(Q})%PC+VJFMBMl)G^$tEbbSB
zlN%J4>b>Q<n-9fIV_Yk(8&9s_D=||@Eu(>a63g-qH-{^>DH<(g1ytl@9TV%_9&~4q
zi5fDMwA{61woHU9YR8o9O74!zMO#d}l#+}}DZi5tX4Mdz^y87UO>I3)HB%~_lnBHt
z95l(_IoGGsdCZJd00t^>6s~1XJ+|dOanm8-yOcnz>&IQH(*DnLzBxVuH-|%PBj5i%
z;r)rTo*=|Tyo*drOB=a(W60Z^z{51^p2hcrl%uzDAo|ji$v{W&X#Z>FY&60KJBeS<
z{bob}BSX&#BFI~QDzjkfLEO6BG$mciQgYBvlv>fdL2W~-MxPRh>~p~U)NDU>AP{T9
z%Xh|7z|;x&-c<w|LsPn9b6j?oj@eA$ORku9Fc1m4T6Hhm_glCgsENh%#Y^`)wEhxq
zF`j*EyHbAy44;$oGtlT$E4OM9RBjuDtri{bU2jPWc#vwJy0{8=msO4w7~TsC%9O;}
ziKIiJQUR*yvYa><)GY~!ISgyd(}_iMy7QiFIf9*P69dQa3a!oHx*Alb&b>|ru8XDz
z_e)vJF@K?1)q!BeUrX4NF9`o86i<Hn2L{$ryq5cY`nE^qD!03^Av@EP?&r<cQWRfG
z97r!<AdP1M%9ao{IX<x7j28k5*L6sj_%TE=y|x-etEC98utA>$sZ}}F9@qmfliJpT
z?CM|jGfZqR9#?mXxRjlqufp5<jm)ezqgnaC{M9*P6|gZyez0*}qNgjE6S{f^^p85Q
zywosYkq`*n9Mkp5YyAx5JYUs?9o<d~kBAcnWEDO>JsJfeR}V$vbifQUr=5sQ)cC(!
z3;S-T`CDwfA-EaI?|7$nnAI<CA|>BU@~i_2=E_0^wUsl)Gq_C)R=Ny>a6j@||2ca7
z1`a>b&_rxMq^A*QT12^rp=sbo0Wp|_EW$=()^xJIb57Z&bF%T5X7&>IX<>dB^O35$
z+h%IK^SM$gI}ay1YXAQ=;($Jmr}!6O=nn;@DBgE1(Cu#GeQk50rQ}w39wWgV@gzGb
z3V)x+->to}T;-@7dR#gB%M+zy(1NGJi_2csb@qI}Y4+9n%3m#=1oBz)120~~V;<L^
zlmE|c325{Kk5-|!Ecuv#a5`CCq@VOEB_HQnb)T-U{$BcCvH_K1)bNJ{BghRIb0C$1
z21``+|ICy>+uNT2R8RZ<OQ5OXWa(w6VVagiQ~uZI{rToUV^Dz})Tdl;#s4>3_@C$Z
z@3QZ>vsm2-{k{M9C;e$d=Lk}oCoKfOkc;a7@=+fD-~E$&_(HMD<yvzc_uZmenfm|o
z#Q}6kbKl1aTp>bqO7uO?`~7kLs~bI(pK>{Bzr86jBO&3jW)@n3!!kF3;q%`EAg0lu
zshA3IX?25c^{dfn)z=o|CrVOW>aV@kqHLo!*ME(GhGxCxU%}<AQr7yW?g`fw5^IZH
zT!>32b;TPzTCwzQ`80K>XXLahk@PAw7P`fLN7h33Lm3zf_e0e2eP;+8{%H1e<J*Q5
zQ4GlbypuQjd1S;8+gM#CCErzVn0%VV;&<~LrmOhtts8X|XT#$Mn}_pME?vFbF}hvb
z>beO6?)=bvRooo8I@;B~u&a2QHQw$qvB$f=;z2g8BWrQFiYX;Z8ZRI*n%+P$7O%~*
z`WBNzTUiJ3A92Rh4j4ch2@y=gK}<fH!$k43azkW+Z&qMcWV0tT234q4(DJB{C22d<
z)dM@rv)JWafJmLo;NW}d>>cZp9nsFst2!4y1s;NY_k%qA*J^)F((B(~vNQG_g%rg_
zsJ+fdN!4n-_nq@87i7Mjm*%skvCQ^*oz*rc$rYQ)pU+lW<Wn3&Y(|mC%&G3ydex-6
zh$;s+N4retz7rD;a1$`F^+$ehz6>0gPbZniL%Dr)y!GN^t%5~uBw!aQ*y4MfqB&5W
zc{Cuv^kxp;D3bw6bc}B)=dt~OO}o^zW^|mYQB~NVFr??NGG$UoBjt(0OT^|>j92z$
zfL}GKHs<zn>x0(@mKoWv*vk3mR{U&95)u;0kIv?0WJvRJx0XaV`CpK787vyFP6#{{
z*!fsH^`t+rtc(dfuH1zYFjUmUM`JO^8$Xq`G~C_R)t`kak=Z(P!$huGIW$K$+~ccU
z?m2YnP%u(zo70~n_WRktLe&dQ#}yAI`EC0K)H0QIvR=<XbibAqFu$V^5#>KYq?X-P
zf3=>%N3FQ+a(Qzmu+i#|<B|9C%f^04WAQji?JAG;3UwT>x>kkh<i<)@*ch)jI^JNt
z8jkYo+6mpR&wPDW9%L$|2EUd&AVP;Ww|&tUxQhdLTro|n`aNVjPI3I5#TSW@+(u#W
zC_+OiF`e0y>W8*HGUJe7!)dv|NDbqyiX@?cZ1Wu+<JInyks>P|Zr4j&iTE9$hZ&MU
zfT|oXm$BBL&u%kZa?@!GD2T{UYBz1bB?gM;g>REprBP_VdFR+6$2sa@{mpo9=GePO
zWL-Ytl7XajG|LUA$+!9_L0}|AQ7t~)nm1uM&c?XB%~DcQ@>hGXZAxpaOPS7zG&#Rs
z4~wu6Qw4$Rt8WY_KK|LVi{l)b0~YaZ&s}3{=0L9T(wS9d6;hg0Pcp6j(y_sA$VoOe
z?ObHnQ(aw{6%3B^ec*-)q^+VIafsN=&A<+{94_1AWV6HF#XMdLiQkEj!;a^Vlg>OU
zHbS{Mci`NL!9fB2y{d{lCC?g0&>sNK3Kcx0DJ*2t!@ADLq(WyLM(Jm2>=r<FRq)W&
zYPV*_nW41PxWa50L)>6@`e*sb%dOMnu;Y_jw6dkR0Ypge=Bxw0%*8Q7vqZS)5!JIf
zgGHa}<1I<{&w5&)ueC`o*K&j5P?MgaZ<EU#o@bgv+;RN2WcL8iOjE!YkLg@lR#pfp
zlSw>i`}j~w!?-1usr))%wGg%Vu6XUoJzy*|U&Sx8UCi|QHKh5iFOnOeR&K#p+DQ4D
z{4!gn^J_W`p@G5(RE%8i?z1&zy~TUjuvE=4`XsQdoeQR1>xILCXgcER*Amo3q1LWe
z+d{#cr1X_htxao38+mtz^}`;<G47k|<zqq3BVVGyctWxbZV%Q5c>7k_iw3(VF=o6s
ztjnfd5_y2#sn317vcp8WMPxzBjzGFSx0dRfkj6ZjsU!Ac{%VP6*s)cN)Qq_Hl-_5G
z-UdZk_OWrif-@!G(_b;LkJHcfs!P`xj=QSHjjtlT+0728ZAT-bSVM(U#cGG+D&7nz
z@JnOGIQtkIL8$6P)!z1J%60^&1Txa&cKSJU?B0oG!9O3_O@F-b$wjm>K*2UJV#Dhv
zk@X&+GXkqsa=NBVX(dm8eJdYVVLVHm&s62=l&0c38)T-=Bc-*hh%ES&x?!{@W3z#u
zkH@%xXuKEm`*qGAVk~zc@<k_u9(?P_KH6|6V7tZecEjZ2AH<pIALeg@Z00-UUq<;3
zZwg!n+Zm;%-A<ilYcdG*uQa<kEbD4<>c@-Y55mX{{M0_Vq%_Z#pf(&pkpw#<T7$E8
zxT2h?v;9aos+-D>I5|0QSu3=?Qu{R{a3;>!-;Q}}HO^y*(GebaG|ecO0U=sa#EQoz
z#$Og@-wB-NcoYNFSrLyL8_2jQZTGo$Tij-^n5Y1&58D4qT+}B;0NR5Qow#a{Nv8Hb
zf*yQ-%p$872<I$_!5!|uVjy1;=2^A9TP~QEVq}!bjRdEoyqL>%?buV@7xRr%D;o88
zoFU^P<8qDO47Q)6-?RD@VPZEK%h|eyxDK@H(CSPeuHJEktsli72jTaQyN9GZCD@jI
zvpPO+w7U72y9+3ib8_3QunTKd%nBjIz-P!z`J6yy+rQx3ex_Cl10>0)*v-+3@=$rJ
zOH1|5-~<OTY<Y`?(qSNo&dPIsS9iK;O?!)w<8m{~eFGFgIq}p@(j+;tziu^FU6UGc
z7^|?l%$fZd6U$LA`-7P)FC)t|CA1q4XYeTusMg+{$j9^8dDT5!jl^O1xXQo6{9y1i
za8r1&@Rro8(&a9-q7pctUy2js8!mqfA-y<SA7vd1sT8r})ZQV%v}#XTj|YJ2tte3X
zLo)8|UGmX7w(6UNFn{FHA<6R&G8E%w2es@mcXQZ<&1$!?{t{jjT=>SZ_{@DYIQ1Lw
zgq*yxG49TG>B7~1OdYAAfD+wetSa>0jH#<!17|YlJcYNawR#i`mj>x`9W4DF<l(dm
z-<)&g)Y%Le(ik<ahE5{7am3!fPBzDOzEHWeTQ~naTH#BI>sQfa!c`zvTn3*AtjMX*
zpI9JuevW+z4DWEo{K<FN0%Iz&8m9T&ozjl=N>uOVQn}*zrc^Gj=^kUoUHbWUyh4QH
zj8SZjq%+;r-(iQ10t;kMHn+pzQ`^MPOjEWSqF>H#z$8-~<JN;d$^Gti=W3hRy;8QT
zxcYgAp5)9^<>oD8;XfHX5{(WX^l4RnpR(KjO~AuWc8<bHBQ7li8N)T;;#WRJ7V~aU
z=#ql%|6%Ve!=ifEw*MDUP=pbYZb7hUsR0HFL8U}eTDrSaN>EBddO$!Ky1TnW7`oGe
zp<xCX@?98vyZ3WE$NTmD@O~a*X3f3sbzSFmp1=Fdkpxxd(Klk4HB?5j3TVw}JoQAG
zkYS6jk`raG9C6@J{ifb2BemaE`;~j{AxcmXZJRjVlD5{Vaxa%jgZTX<R$fo5+|Z33
z){dK|mgPqys)bL}Xhjd(6ZNk{U$#iq=S&S{XO~361No=7zq@MfZyA+7`>bz?_HDxf
z?xT>JS%$G6HG}c98Zh40JZgSA3(XLn!E$!1G4kcb7V1s#L8@m1-IuUUTAu8o*2xb&
zTqEswp7+X^ZC7cnXFAV$n;g#0IZ`be!9poq<_}em=p;wxoe9A*x5nzmbVuaQs7(-O
zF+|S5&7`rKh{D98e9cOVwp2A7!zs8nEalUcEFJIC9^&@n%FSJh`$`Iro!`CE`MjAw
zcQB-_T#v^~=kRrf&Nz7LY#?L6TDT<cKJ3>>mi|4?P@bRJLDI9~It0DtahQ(N+F9}d
z$kEZTEgSvB@>mE;$aiq#^HwV5h3QM{IzgZA&vlxz3W{u*bo2o?n2~E{tF`xaw(QjF
zoYJ?FDo^)@Bfulp(psOK(USznqPtBQG^UFz@CWkAnhvP(Ie$Jeyrg;!t9osi>)OiL
z+6R`JoWMPjWAcj~M!fQQhP|yCtMmtoh*u{U2iIGtoOXaas%_a7QTO4YEbh#8T;X=Y
zR>3w~%@7%(ck@0r=c>}Ea9)RI@+!IWrhYGMZCID05d{&E21~q4r)Xn~5q}BZ6@_G*
zA?Iyj9tVM&iXau2PZu6Yi?gLWAh_2$eFvQVvKH)|%rfC%qGKe~Wv4YM3~z9eb<XiJ
zCjl^~pYj9Y#=S63Iyu5P<!5z19oWz3&KcKw-slVljm?cQdhIl>+`CD=C!!^C4dgEE
zoUG}gfP9|CHggQ$nmNgI%A+)!oPY69AuW?M@BoXkbmyP&u+;MGd_Xp1l^~JS*Be})
zWhYD@$&TugE?nbw)p5h{G*24Pg{GvTU``S<xfwdi{I-$W8+@<j8$3_yt}_eNv_0tr
zz@Nx|p&f}6A;V)$G)GZjWaR6!7C$W>p6Ung2NwPT@w@K=$?#Wk#5;y*(cgUr?Nv3s
zuBY0kL|xba{vHrr5qLF(Ii{nTf~%)<W#-|tQtCMUF?gbHSx$Fu5);|28U@RyP{rQ5
z_ZFAeD2df{u)+bO4nRfolf{Auzq`bB;FHPG$w+qGL*781B~=BR>^!o*CbY0<(ObDb
z159KV9j0x~#4GJ=_M6(<D(_gHG;8Tg{<s{FOk{7ghn>JYZA;+GWtPxNUCQ0dSwOn*
zuHC|{`iSXb2fPfgU#>qUR>$qV*LW%YB8YKVmYm<9^jwzX`G~ATWI7bkE36JhrX2A#
zuH8JRvz)6JFF4^5#e^P=N!#QQ7uAY1()Q!F3a*J`WEBr1+{{WLTV#jRTF`cHA%ZSP
z;5~iCpPRI>t+|*$Ve*U@oVtpB36!nLPi4lw?3pDa^>;}!JUL?tX~5K-?#HMHbr(65
z(15c1UN=?u;k&iwO1R35Xs7I<vXwOrv?MM_6%PpEGRX+X?X4x2DhlH*1Ul>_dO%lu
z8*DtQxn<fGa0!~%6k%x6i^6l|bmq;~T`9U(jDin`(!-ws=ZWQKX(oE=9_sZJHH4cB
zdtaPY%w8KPasIeedFz{8&3Ku4K}?zVMaq@<ByVs;j|fY=(Tlqwx?-KFUWNXFzS;Ji
zqK;ds>5K{UU)gIY34C?IFJ8Yse*=50=Jdqz(^9;OQQ-qhjS!Grz581&QCaD>1bjMg
zu-2G2<F@9wk;3{n(^+F`VUkj|*FbIUn?uByaO-t{ZcdDHXa?%Gj3=jtrhaBg-20@Y
z+Gox;K7$g5%ro@kj?op>l7lbEsK3|iGO^GyaVCIFD;w9iG2a>dZC1aFtZ%-3x&L5<
zG{JE<1jG#3f=>%#-ZODeb8y{EAKKwFoTQ$45lEO_F3+n-LoQJeN+~WojIEnoTZIjO
z8v4a1{)b1YMn9=sj7~D3+>x>$(+k#BN#tyoRyV}+zzTUzlD2np@+dt6i5M!!2sg%L
z<v(wZW3EcPS>iXEMsFDft0eSa^g0@sHyxVB-PZn9*r=3l26uH>dMh?SZ~1x~+dA15
z%OowlEq~vGGh)hl-lB@eGtX@ciiooEDfw1_)TH9vtHUEY((;KI!OI|kcnOuU@|MTR
z3`R$EEg1*TeUb{#I8Wx@EKj6ncf6~8h?{6Bcl?PIYLy~K{;V%y8s-fgX2Rf0M(5Cc
z{~V}i8jdU7NCQkGm40=#9=CT6P(Kv-!IXuBU7N;|k9aIS8no2}_yxU`w16?2e;HeX
zkP;t%w=JD{y{?>Kvtg`ut{`+r|JvKGVxH;}JnLqT6_7{>-K+HlU}}WZ#7H`O(lE?^
zeKB<GedwHGm0j%GDfxqU{SO?%;u?{Pii@|B6&1A#V{ZQ_OngUl^}@Z5j)YZRO{8?8
zgPfMqc7GYmIJoQZIovHFXQ9jiLrMHh&Xzj%sbnCH3`X2$ZySrp4hJ-;hQLj2-&96(
zb|>NM<gCTxohjAD3E7rvo8RRZ_M+FL3FMiR8-wHfE}d@ZBmcq5U_DqHRH#d>Q*`#Y
z${k!zXeR{k?(K?kDY_P0p;YI2oW*iCU%GVyYxL>^&mXv6@xf83=l3+!3lL|Wn&0ZF
zKM+O!oKs}0DvNlnUmebCM!iLIgl0*s`nwk^D+&XrgPQH!2A6p&6|nl7vfd}I&1(}U
z$PkiMrdcu{q15~)9fKEitWb9*36o76?L$4!TPQ%iHdn5r2<qrJHY;Ty{oG-alRQuk
z`d|;9M+to6L(IExX;z`CJxs8RXamRI(e0RA>@@m^KZ$#nrM?4#+i>XN)4Z$5BC=3R
z@`NVLhLq{=_yi0LKUc_Y+XDt9KH;+C24cLVSbXV|w@2<6l~|*;M0Ns`%|eKvaqS_E
z6MB0BK=JMnY1nUDUb$w!q&NAR<N6Ohpn}J87w~LPF)2@iI8f`?aZM+>XGIK3$K<J?
zA!xUS#mlwbKcVN*EJeec#ly_`vBi7`&PFjIXNk863`a4Iww%XlmO3&Jn0arjfTe&S
zbSN;T#8#9B@D*wuSM)vRX@=D1ITc5hT!osM)U;g4!0v1yzn53hVkYYQ7~Q_!pLE3$
zF$Cs#7Zziz#k%S`Z^}s5_dTUDPsYy});%XA+_H$}T;X=!^By)shW(y3cF_93`tg$o
z2?Fj6XTV?@+}($}8eC4Zd}<HJO;5`+ZkL+)<tKW2inmk8qJV4zOM-Ix@047-K^sHs
z_QfeEI+byDkP*5gzA#~&d=vN*DwSn(%y*xQ(*&S{-)GA+B%1QZ@qS+qcxzVgZiUPP
zGqP2FxgSb-mYTeNK9ga2Y)L`OMD|!Se-10%{svSjPCEeoDZeHo329RGBHV*N3tV=K
z-xGhBl9l|~J3`Lf1^);QJQwWuJZbgXwPFQ5Lk-*9$5OX5rg1L#hd#8N+m^?Dl?tOB
zq23ig@wWE<3R|(Ur6$`i-)ij|j$r;ler|uRl?G<s@uM?*XER1qfn3siHgI9Q{NArO
zzN8_eV#Glv<aV<IgAIsKjqwI(ERok5|1{`&nDZnbuOQ~#AWfz|S@eBLd7%S(OI60F
zZaKKj(KXixM@7S6I>5trSC0TH9aE4ImCcQ%^JABC*3<q={nn>*e4ez-b$Fh5aoSeg
zIt!DpfKAj|G|AX@ju}!rQAKt&bnF;Ocsq(vQ8IZA@|0aj@T|lc&-^RFE4aWkRz^F+
z7vk&qxl7oDaoryk7?0E$GHP_6bh0ezs46am;Y!Nil`kNBe;X40E@1LebVKBEW*`Ca
z&WIp~=m}h-Oo3eCgK385Jc>e)z}VqkqGyO5<?f{WFmg8#)x0QRzx>KJD_uyy)1+WG
z0<Y9q92folMD4Hx=SX#}dhd9N_~@V3uU$IG`=zGjAF7|1IjgA}bg&CvUw5Uq;TpVB
z?zM7LeQ$&Xyy;)W_`r1}wpvjq<<$j;Vb!OE><{5oGOw-YWeWk%8?@ZZ72I_LVq6jc
zM+EdNVzSs@7xLFGEVlO=;ltR+V|P4<HBM7o_EMZwMhqPZn=(Laz`}SbpF<|E76N{u
zC0~%~=y<D=Ka9e;PCUPlw3R^@T1sFxX<{>#LaBeT4b$Qp`_%~Z(($tu&dQ(Y)jCzT
z%U}`|vUaY6WeO)ufj2=-_En1Na`*;*6r+I$l5@HnN~aNG@whxRTw5vE=37E?%;aSU
z%t*XhXd2unuvJ~hk@eN>#qev{F0aqCuHJV&g-ovzsF;&fJASouY%b(=YF#`B?%p--
zn=<j&<hPeRIDp$2x9WrrHZV>R?q+1r^K+0vk8?`Y85tezAJ6Fn0LiqoFJ8G*3Y)3T
zYYI8-sE~+g>Jz;tYkZtJ7xat~gr7*KplH*3=URd5t~i#+YSKoB+YOgSE_^Y!&ua$w
zk}?YmE<4}((0){4(y%OaF>qPZ;p}AnB8*e(<?)oy#!eTG-Q2{Bk$2Wk#K?rPV6R82
z{R<#^r8K0R-s{j^RGPZTeU&RB5}aT{bJ7X1(qE;<;N;?R6qR`tuBMDI7otCawf=N`
zz3KpkG}m|N07<gGm5|@>NFj_1UkBk=>Un-J!JbX?lXh``w;$JSoRNvs(}wpVg!x9w
zELjrsq^BGm3qEFN{#GBh01L=Au3PO@nepmZ*@1U<5>!;0q+XW0JyH9yCHH8LPbZsK
z_Nh8BVNN&Gx0<C|o|2IvT6^JWtE?3A_!>a_qs+?qq6a)YZtS#V5iFqWg`kx-#c3bx
ztJ^D2lc1WARsq|l1Rs}$Ai_jJGak5QRTMRgV0zhAMy|m%tul3Nu*cE;vt2~fr}DNJ
z);m=u=&OiObp0II$D^oT<OtnY00@8mBJ9V&o~OKRA<45|mJX6~__CR(>K_;Li52(r
z19vjZH+-ziwbVc7E?mS{VC8JyR$c<cOWyrLS9{se9$OQQ^%DY*%wLICDI&r+A5OB)
zuIg87mo^QEKX$MIy>kf)1qOaxP>ZHm>7B!hWBhQ$B0Z=H_|_Vfx@Ir*88D-)R5=Rl
zvW^*b?uW#r51%3Kh}C<zqVPgo@ncq()Xum)_+2lz8e{eNXXe3CI##)|$@WF|H_De}
zAArZ0Wjz3VN=5pN+s!9dYpnSqu&}S6Bx100$yV-IAR<U<42m|Ad}ZY57A>2sA&Ejs
z9rr(?wvvY2lm*`7Hk5zmi*;GWHzxAfh?Oo3F*yJ>gpMRIj6NmUUhl`6Tg9+^?GDCk
z%1IcDi*jx#VYCax7f&rOvNw&2KQftm(J#jcFL&Hqx-=^f?mQcgl{$GN2%{h90_K-Z
zlm3<4sebJ$B9`UmRFBaiJ;cDYDn{D@(}#HGRBF2T7M~?5n7h0qEt%p?F<@N2wAhvs
z1(Az>X4P=2Uj9gBy7JM`Gzu^yKfQG&Hz%6gSgtNvW+yY~3sW%_BUU_=XSP;fmI>ZP
z!Dw+8P}O~IK7X2jcvI~@C&zVms+}PzFHq}089~pTvABF6&O`)@0RuNKavuj8QO8Az
zj}CH%g*QG?^fonryFC>6)X2E*;$20+06ehVga}KFJ{f1(Eu3Yhgylq&rpx^x=);c?
ziTQb-8B|ZXqr*mL6JE*A3ZezqSt=>^=XA-Z7dQaSQVW1Z49I+MiwzNP+>{QY=y+Wu
z0lcwZiKmmvy-Er317uk#@dYwVYZ1e-<Abt~l|o*A&U#+8C*jovmX67d<||U$i2lHI
zIT?I<jp^1vIU6wZlIqt~f?4^+={J&rDS^YNDbB7@SPSm1p{BBxQz=JsZjW{y@!_)P
zZfDwZTb@{5Q7&-OfB)2xEt-xLuYR@pb-vEkmycetuf(d*M9x9qMf-6x+L!{)=`-{z
z#GTVOuyR~{&n3vUsv~iCUHrCSlGN(5?ZRh*$s%NvWcrnK7c#RzxKg9CQf(?Cc`pfR
zTzTG$bgxWV=s*lP-m!A84XYcDby*{=`ZHupW4HwjPCxPZyo`DIQBqQ3^3Pz!uKt%_
zT2C7AON;dzm-@L(zCpK}o1SG;Jn?wWe#XP)F?%+5`*iffjQhc$8yelva9->k%3eoq
zw}M#Kaho8?MJ!~XFXir^(z@x4h1;snWYb{%A@npDQMNesia9+BB(wKK>RW8RJs|89
z78$6dxe!r;GjU0FC;Gu<!hiwW_KyL(r~bL8PcLbHT}JM)hsSd43yZa?gSHriMRNFP
zgUe+1L~~mkJj12ODLZ8W%$>8n;B}2I#e7VmaC3M1@U_ljmW~1bm0x4rotMCPvfEse
zO)C`1r%+WK`zC6hwUl+<zTOK9LbT3egVD1zo|$wW0!~n0tA6OXdQg*qEQq{1)w{;M
zR>^n3EW0zxCl6Y=70T+hjsu1vhpk^cQf0xdAsI(VF27|`c#N&;Wp(cQAkf4GjQPxM
zOo$x)#^YJHs$n)>Nz<pXLr^!4$O<B2(nh|i^x(VTkJt79jRh{LA?){?G6se@hhZkj
zXdO?v$G!t?>3zi*+FU-5xzJ#`c&lEZ$Fb7cDN6B>vjo+TP8>zZ4WE91`L#)HNGZz8
z80CA4QnEw7mJx84<5)utj(6GBj2<5XD}ulOnqmcX=qPJU&dzrL6S1Zw;%8`AZ-1;d
z7eDtVsaLn=bVG1NG!as<-WkI_o^OI;n5$~+&8tt!JGd8Dv+?KJ{d2`#J^}=(n6>kx
zt+V}Ol#ZZYf{+v4HSK(dFo7RWJn<e?YyPB9oUK&<9zw~T1mGJ!wbzS;bZa|iebB4m
zn{lBDJ!v2^qa628=WwT1u3tbtb(6tQ1h279R@*{6!CukH2L^YmJf0Iv3$nA?ryA|*
zwz%V2KZ#{c_!{1$83}&9*`HAHon=WIw%L7X8a0=ZlP`m&!Kkn&W?vkmHYB9Uyj}wH
zfUhUWY18RKD@!3xfWbfXz@MFwVOniPoweb4MDy`@OnAxFl}f!Xgi@w%woLSujdm1P
zgX3Lba5E{lB!WtORgJoO$%$~&H_+jEX%fbEIA1-C{Lr2-;%tU9m?M7jz1LJ<M#afI
zhg}m>g+T<em@^T(V!n|n`e0#9yGyG|EijZw%;_sP%i#-!18xvWxm$Y>O3Uk$={^)5
zSP2-{M-2~vxq(T42q;sm>X8F!ezGm*G-ePOG$7s1&fdFL%Zfo;I-l6*nWR&nV@7Zl
z%E3XEE~RgHN5326TWOv~*HCebIF5~rEPkFXz4u0oIG7nX<3>8cn=%KpFEp1433Yzw
z+WzJ;VaW{3lmD`wmm4r3st&GRx2(6f+*=NpQan4kNH5SSJw%YPNeI_eq@S~AIOR?t
zDOiZhk9I+r(`$*)PaVLWHUa261>?vvz(fv7s_0tYf?J`Z_GdB%`keDOi@KIie=JTT
zzsROcIkv8FHvkL3cw+AxU&-rx!SG2Eo$rC$Ams*Z<A73QYVL~TMVRM8xBTKCgT~j-
zPh|u%Rq|eDbf`O~Z&z5s{$<53A_9H?OYbFUMJqE36VgD$KozTE6Uqn);D8}4+v)zl
z4CrnWKkesTf7{RF<i^w;HRBpr#1qseG4KIFo?w9RHk4+qg7ma$b`5z?j@m0ht@qCi
zXIp~6UP900ulN&)oL2fFc`anGPuyPpKnemfyghenW=l_}%7TpiLJ^nB@ROcP+c#$Y
zKWyJU9TUYe6N>blA|v$(C)V`j$SRGl6U#&GJq?z|)CkI}!(z5#6AMwp%*#q>Y>*}b
zs`}|~A%F1O%g<kc{yCkZg!FZ6{@LpB%ats(qJ7!_T6R?nHQSC*S9es8f8ZX~L*=hy
zvqw*LR5gY5C63udI!iJAYvP&+xp4SFidSlaGhaGuHfxrrH32jr$5<26V5kJB^2zGQ
zfGY0@o7joi&L#}?RZ@1$ux~1Wbe4{YwqEW;MeiXRHcN}JX#pdz_57lXN=o!_hCcgb
zHgX6UtfTJpmohy2m;~GAc^-(){+RQ?2TyY<omlOhL}ha@xb8w)hy6STEV6%F%k>$B
zboY0-=1DWAzpU%zU=x<}Nc-8Cj;hbc>{!qre|bgMcdH!ZB$<YDV63ZE5J*;!=89}H
zVll=iBYO!!1=SSLf6LRZDIy%X?Pd_wH3O?UUi(oao07P#Ii(*(fy_E&%qJB4C`;!|
z1Kd?eX=@{LhETHL%CPD~%G@oq2<{{>0L!mGvec=K&G>rf*C34Hmhctt{l&*_gnzu=
z)qlL+sBh;5gU1Akjx1feBb<Jpq8)r_dHlm7&CKqo9BfPsgVy(sB|{#Nl)vLsBez6Z
z42YJRp|7E1sky3Cr7O;rR2^IY_O+)0zIKJjoBp8ry_0j1Xd0M!<$Ry8mjh~3<hAo8
zjj&S)#KSssi~eMPpuwag40`NidK`io*21javk_8|gl7zVb3<;PS6)|KORmX*e@V4A
zE7F7<HBRic#p0uad~AtfgLP%u@Ez4TIM><eb%XYBHdyL`dg1ZmP){~n)`NGz*zB9n
zS<M=J#5zyxGJkNX@)Kt--KJ5oROjJ&GoF`MZ?l3+Qw~lcP0me?=~RTtDdbhNX0|aB
zpeb$0-^PG*FRo{&NtW57d+$b`#sHU|*ONaS7gCBHNJx_*U{5v}on`M}mn&{`xy<@;
z`{g<{t3C2)BSup#?J4)0n9S4)NLQRNl|DM2na1T{@&ewTc6Dsy^NC6up@kGyo8Hq=
zt#tGGPZxs;WmL*6r(VKo2aCZk<AH=h-llE03*eK_;YBdjjaxI(C~Q6kk8+xIvD$0~
z&z-cqL>I3*p&7#TJI*tNk%m_!x3q0B_nsWdXjtbMn}}O%3XysM#X}EUUC@s{>h++1
z%C%J3%JwHXeZZzAQTlyt6DXV%=js9*^kk@G;l{kD9CJSIlqV&Z1+dvc;l>+wdr)(C
z{`hIM6-vOe3cQ*za3I*jnv&OVj|tga>$8~uGzcJc29OmC(eiUlrN)^cUOHV^UVUX*
zUXsjGgT<fZUTebTmRC!Dn5d4TyaGyLHc(D6cy_dg&_O@H8^R2X2Ew+KxJ;AEe-K!_
z?7mKOb~xAJ$O0m?L-ar6&Zw2{>e4XjuWeJR_dq^jXtf0rl((b>74LyB1~R})ayj=y
zu*9D$Fb3YbN&Lt7?l_ZB%bQFLNtXMgrb;n;LLAFu)?x<kI~5x?cfd_f0}Ea+;jX`e
zl-+_zes?91%dJ~(^CN3c6_>*5DlzDbtXAnUeRU7)xMx5gHno7nj|~r&#+UDWCR}&4
zI8^F5CGT(?B9a6Nx%0?*#1M773PRD<-x2r$WpHRgt458vwRcst34Bgbor4;bE2rb^
zetRO61iBQPdys(G42`~AF)YIT2qT0ky3uM}-~7OGZ@S<9xbo*J0dXIhEHz^g?d_x~
zqt(H31~?@I+KDXA`I_K--KI|Yfc2pJ=Wl5e6k+m%UEG#ogJc0gL0`2!LDo@&rb7o^
zM%nd|2|oniCkQ#vt#l<Oj^>_()$v`Uy2S<$_cp1?o_@`)W}$oGFFn<(1xjMo)O;#X
zvgDw%faK{&P*|Eg7~g_lx?cNn8R1>PQ*ZY!yz`)hpuo=y?b?Ts(sAQ%+1B(2>^v1s
zn-u+lC-3ab=PNvmx}x^~)ZTic^cjk$A)+Us(^Sc)O3b-Mt)cHY*EpfL(AROy@B5ji
zpI9q0zLiTBGK}Q6@}902N0?vw@=JdD@~QTQ2cO0jglFAXY>1OK9|_+Zx+jfeV1vQ>
zK<#uoxkmrc<_2TK&K;jDUJ@mi$tbhZfg5F?j(tSVhfQ}Fg+*B(hF5%yd%t+Eassp2
z?RXqI`7cwv8AIjDlEs^13!byRb+)?pu3Uj&tOF|d^gQCu*tj_Pa3=T((taz>X^oWQ
zBOzmUwa`f9cTsrmhy50XO6vT2f0!fKX^)*%C>2{#g!A|xotyi&yET)(3Vu}=KL4a`
zofk<N5L7W9cVk{<V0u{))3IW^KNCZSU#7<jcCb5mZEljP{h94-pv*kS*b4JypbNLb
zX>tPuq058h6Sk-K?KM9hr(-`cU0G{=oab1fcp`-cQU<T<6+<`LOt36CeGxz$U_Gml
zmCl``RXBfBG->U-Sfat?z3~r(1#B0dV$S(`tY1p6@y%IU?o}_#y2&=?X1APk^I#E~
z4|`OY=Fm>Gjc|{fN3C^;IIQ}X!RL~Nv)IWkLihzQE9peGiha$xA8Ph?0`Z;3HS&!8
zDk1`NGbqt~#ra8Eb}skK2Zw;MV~}wXx-1AS84+baPFk*70Z<sFT=siSNi8PYG82|_
zKZweN#Le8_^CyCWmXOl9-riy<IKLW{TUe$Hw_*vioo5rD2Mm|;JXVLi2ptyXu>RZ^
zL@Gmq=jAuK9+2vfiv;XRL;8JGgMj?!wug^-m>ov**k9|X-+vnq3bM8`&RG*B_u1__
z8bePpJM6{j_K>j)rXGIXqwsFJ0*?W-%y+aVF6^=w8#LW1?Cb=u#4CyRvd;RDfixK(
z=k3?VJED2mn?ez-@)_owOCz1IdEFj_5k9R11S+H$%vJ2SBB{ahoucBm#;D%=TVqrz
zHF+!Chr>c39iqf>LdEMPUr>KupD;S+KkJfLKq>qA-uTV+dJRv`<B((<QMq%5P@Uw?
zU>+Wh5p2+=HWt`=R%MKq7Oyal4>|lrb(Tp8&ko%iY{7D|Xqz`rsa0t6Ksb-|eur=2
z3p2`XAbda=XL7k#=o`CmlPW$FO|qPdmhX~u7}2>_-O7Vhfbj&OlVE-MQp+4NBf0Y`
z+oD~END{C95Ak!=!R|M)GVU)h-Z?6MoN=B8Fx6*QD<EkZ*?wk=QjF*)X7-l$mf;^X
zgf8@1spzh7Zr+y64RhHP7Q^N2NAyOBmq}kt+dEwQL5HHElHuxi&X;Y!9}I92hSJ&|
zp^kk8y(Y58qWm<0!k!C`Oxf*Pk12^N2?$<tNIcf-ra!9p^(c4iEBXPXNM#}R>;(1l
ziQrWSYlr=rAAUgo99U2gT~<Iv{eWGdcwPx!eU<_Tit7Cw_T*j}jG$%FssQ9%v8eg8
zS-juyLCC&O4!hSB8B5J_((hOZ;GVq{HKV~~$dK0Qs{Pkzfs^o6g_faQY<!Nzh3g<3
zZLIf^WJ)v|YGn5k-o4#C@}(x#27z31{2#oNgR@q8EZF&mpG{IcX7r%TEnH;=GwG24
z`wI)*C?6%bl0_>{DRL`wMCNnNzTcZt$GhsJzn%QTb;pzB%^ETx*?z2jbO;fAYm^PT
z?dw9h+&N~!)Is;Cer&yCxyg5LwR5USUsYnZbd;OrB19XOr!&V{jm!A3@3|P`R9-R=
zPdOb2W9G;Db*swHOwhKD9JH1(WJbJm76^DZJmL-I<a3U;psXG9E)S0@wnaC-2L!4X
zfR?pUzEZi{AWh*Vi;sccR>u~HHvOb*VepQ&Z)MtoU15R1<_*jY%R88f4+{u#jEA1{
z^xdIL3{oy!vyV!d#hh}KVBS$&cUjZ;OP&lm=#3fM^bndP<AWmHJVpc)75dyZS6hf^
zOiq4~Fl;dy^oSaE&py)_4XFQz@C6g@Po>O0>7AlRtcWubWzRQe_v68>=R^Bd!#rKs
zEW>h|V_)o$cW$WA)`#=$4?4+-UIWtus@^SU)GDV1HFoR(XG?sP*QSACw!+iFy~SmQ
z{sO4iUfspPtuj1MA~ZVNYqbA?B|ILjJ8f}D70%b`vYG^d4_L9R7i!Stt8b`Pb!zc!
zABu|zh34<zn%O5$ExtW5<~i<u&<J6nf)0V9!Mp{RSDdBR{>DM&2)9PPu1=E2j=6E6
z=9E|I<-<0dw+Ej)(Ykye*l{}_6F82wKZ&7Hd><ei`{A(UDu{*I%K$jmW)qb-uo~*r
zv$jt~mPf$sslHwoL0lUeC=(W}<9S(+$E$|=pI_>e3Bu!u(yb{VLLs~D;T1RG(Fp!#
zQt%zK>0n*DvTp~W-3%tHi~Q-m1;n*?#6CfU+0oHUsLeg=q@ivB2Hkr*PvHl^5w>1n
zrCc#jiN^Pmp;PPZqi<QcD;(uKGCw^wj(94WWo%63lSz76)F%<+Ty}|o6Vy>|JYg`j
zRhp%uK-<WHt`+iU!`1%FhQ1%EI)vx*kB>_TAP627m0UbU-ra{3zl^ylL!UlUax>(m
z%x}{i@Y{<||3hkAgN=-7g6O7cY_;Wn3(-C<<&L&*n1o9jJC3j1{@LaZkv^vhdjHg@
zfPHOK$7qa9b|$j)@_l+@eF*rdki|vvKsC7)PyaV%;n{!cmJ%SD--HDOj>zM!DS)tG
zb}13Yig?$@O?dw06W3?vRu?@wzTwdWfEP;N-1DTqe&@HPTv=Rb9hS34elMsUw?I?R
zK)w1y7oMePwSc=M(IjnY-r5Z3r&+Idah=EO!E^3Ug?iXy&RrK$CeW^L=}rCrk)lsH
zdBP&~ucqAq=dV;nh;CvI0ifM^|JLqe-xDH5$+Flx+a7MrmV}S8STlRPKePw{7z`#2
zACtUiC%8mW;9Hfyxe8>s%~9<oUhmgGj@dqexUA?|Y<@o=%62`G{lU><byj|LcZWTO
zOJ`&M&gOVI|6)M|GVY<PC?{n`eRn*cHLcD{^Mos4cU(i{1>aARpQyk2(U!SiqygR5
zCDCyBt~4ekiuH%)<1=oqDodlW4h)-Z(Y;2kilUL|`k}NcdBHa^5tT<}ZPpMLT06O4
zUV?r$pCF!0Jwrl>hWQEd*6hK2kAmD4>y6zNV%RM<;*?!00K4!~rWYn+xDnm4NevMU
zVXyJWb&wm$n&Uckm>;hIk$PTfilLE9xfi@{3bdz^ijX6ZCt^EktD4j--28;;^ZiCJ
zdJ9f3oGHVD(77LRQ*L=FUfn+MVEzWKmi2g5y0is7ivoo+X0iIJ{WI_ArYxW_Lj(qE
zXz0RYNiUkGs@1r-i`zYR9sox}`~S>Su1$YTwwQ|wqrQwRH^6+a?j;)B(PqIS>Lo-7
zcK@@IJi-+)DNn(fv3h?M-zvu!Zhw3l4dl9tK3f*b%AIHm*g$MBNvKMw{r*5O1hzh!
zF(#Xm7h<tzGrP>WsbVu@14n#2O*&nwwBefYh?yf!^8VyJ7;tYbkj~jAC@qW|oZjDQ
z@O)rBhO>p|<0BEae&+E)hwKy}(KQQ$?k!S}X)`99>s0bDmtEC>@M&1=P47*h+Sc6)
zCmtYvwMLE5r>%Go4<CDcOth*EYd@RA;}N!ku*M08J)E;~q;L5b<Dug5*Iz1Nty0Hl
zHqR@7lR9*kd?J=N4>%k0ty;tNB$+5?5Bzw*DLbNLFFxI;{AjSbY6-h5dqzFpNRCQe
z#NzzpkKUtq52I_uI#xO(pa8)^EGJfW#5*>oisKWmpqFRi8a|Pg0Qv4q>&Zx=*cjFX
z>Nq<*$fFn!xl1p9RU-wje!^#s!ii>1_Y8aKyzLW$eUpuo76(^PVQVas2d~wHrze+m
z@iSh?K~bcZGyEwK8j+W0{A}N3aWq=0<Ok#~E#alMeKOTR{vn$5g8#y@ymF*TDq#fH
zh7ZXIH8&nSbKG83atX`%m&aKPq^o|AJ-mJe%fe|^CGTT?3WDS%t8<9t74c|nEEYwU
z!qbuwbLqWCQxQ#oLU~QS-i1rc*;2r)KvLnY_cShJsZ2hh9l9;=)WQ)mAJjrPMrw1+
zfAOVVr97yl%+ZP~f^V{LGcd&zFaw%mK01OQ9qd*(Z*N~w_{+YGG#`=}_jn!*_3Fku
z7`G7ByyQ+et^DCmB!=(fm7BL&PuQWa9$Od&^H<C}fS%GOf+V#|S31hrt<EPVZ*5ic
zIDst%JT)l<y0{RP?j$e}#&QMmBPA4{h1gaTGF8@$!3EqfClFbkJ_>pA2Wvdz`J4?a
z|J3ou2T2dClO9(#PMGEpe=-in=AN=v%s;L4NIDBD!OV|p+iwQv5mry=0hOz?kjJ|`
zuY6oSx_iHoF+-B{KWLN&4v`WMSma)nND0E_MJ`@qpE!<?F0u}NiB0*Y<GhujV(I>U
zcj>|9<bx(w(eVaUr}7rmSzFW$o=Ubkb13L&GA1-1FKa~a(?V!K`oNCXP*npbw@X1&
zHl91x9@b%cBH!?;uO@LYCT}Y1pjV-f{tpYFj>qB7hS_i>O_|9^XuqoBx*gz0E`Fu%
z0W3E>W2dm32t7;iL0VpS|64!z)j`~zdM)XzxAzq{-L1w1)@K01L>}#9@2R@jh-gZ~
zk^p^`OLy%A>e5{+!tp-bL)Gz|<ZE_zR6wv_J8(A)W%E$2E_8s+GxA2n8L?*PM=i$_
zZWrJCPRvUC1%n@}P!m>XTD8Z@dTzQ9<ISs4306}Z>G^M51?k!#bSo!AZGn3lkY3Z)
zO)rI4U<u~Gf?khvQa+hY09$%0Z`F8BQLQS?8(i}b+_XW1ADecj>ahJ}Y#@)1wMP(t
zgx$g7DsblrS^g>gxC%m?`i9{AB$gZ<f=+3?o7A?vykC}iubuJEE5<Cqt}K4yCGwPJ
zN|^H1+x@0ssP~0u()rOoJyeJYY&RlL(L|rf`oAcq*pTsjk_N+`5wiPbpDi2djXKt7
z-!1dfg=CuagaeV=i%MSq8mmyKoQ52os-#?TufUde+nTtS2FCW>R+B&83S%*L1CjC;
zI5mg?oF!SfG+<t+rSH{q#m$lnep2nIuUkTlv2gVL_X70tv@tILrc^4pGZsZF_9bm9
zgjN`SI^CR<^`<_l4`i3M$<I0J+8vSFg{I6*V|T(d01cYiu<R}Alt~03M-Nt9JU=V6
zM~!nH@6@IG(|u>IMeUip&A@;&yoVakXHcec8C?kD8o;idogrxlzy;!d^lC{cX7pbV
zY68jK90Y-sJ&ykoNUFCHUg-E28H3?qJ>oe)#(3$x<*~bhC7fV9-D>J!oripKI&#=t
z0;WAFGhEv%dtx}L2^g3JLNU6xd2&^Q?Q+6IaM<#HX_=XTmMJc~DfE-k;mXlx4@i{N
zC3Zh0%8|tR`LPCFiiHzi4H+;D{8Oe|%l?V8K;OCVpn0${+i$R2Cj0Vboyzwrf44Yc
zci!sr>OHeWD2L{p5#lY+Rr6n%jK#k(8J2#DGKs00b?1O2YBABtPImOE_H8h7M@Xi|
zX>;&I<(?>!rf1XrYdEmI7S{&H*-_G`%)U_&z6%S(p3Ch_G4I3KMeK17uWO6Z%mc7m
zoi0Zc&}RuYXjO$h)FcydYq6%7u*d@J$!9x*){X0K)dI90Q>A9vTJ!lNOX(@aKpH>a
zA{1h^?f_~Wc9^z?PTpedk;hC-k^vGsV)VVuW^K`ksX5$u2>dzXLy2XT`)64?RWHpN
z|A?vbIpGh;t5GR)(k4+=<^lU4nPU+3Gx7Iz0Ark2asgpE7WV=Hqqg80Xm>O}wV9mU
zSVrQIA-*ymC23%;!qC;$`#!*W;=SFVPzmmwFa$;mSgyM}SM1I-L7gn3ziO35Df$e?
zOpXpJhI=div*&rU(Mx@TV!Y^oywoi@t8Xwo3sn;9%!YKBH79c`N&_BTJ-M~2ZGM|b
zis!8xm*k5M(#Pb-55~*QzRKy0FuW&v4eW*Ksb-?O74u`bo#^y|asAOfE{zhlCjW5Q
zAi<dG*LKk8AU>h~laI0UM!}&IrX#5aqsYe54RIJNoAZ|D6aDTQhxI<b)xbo*Y{ljW
zx@HP4JL@`?)b<-~q%d$0nqCg7Vx2UQt8CQW)QK+PLDQz+<jl62M7dT&(y#~m`mfW;
z!(L`{=e&tJaX32z9Ojl-EKwzc(sfSVbRag#@I1l<7uc~c|K*on0S<rS<tv*aOR8F~
zd14wx=0S^LuR+}vZst1jP(SciqziufRI2`Z5{Nl8B`<|*(V{C-InVyv=#&D%XI_NT
zcXdDQ{LdymG5Z2}hUSyhC2hiu!62{hfl+{D>RQ>r*sxi>VqkCU)!pe-u!wSDZLqnh
zEdLzUwc-bzE?Wd-0PRf3eSI$}8!yJNns%94lOCU__=tRse!23~xVh%{@td>=6|Zs+
zNvorneFh=Rog$5s=8+~{frS&Vy|x})eJV-$-*JDR5b^nx*;Mjz)Y1XX@!J~Nbt5-n
z=%vAu(d)I8v#taQ?H!I<vfw>P)~rE+T2(UP=`Kr7eAI^!HToF`$lE6|6cJ^Lp}qW0
z8`f@>U1tvB-#!lS72#sL?R@tw^WGuJ`ZtW@9@g$B(`BaY2qmMr0+7`))<;%AGZD!i
zqiniEbreuhi&uCOtK+P2L6(y7#-6mQSc0~nG>l^J_&NXw8B_cR=EWI1ntu}ZGWIl(
zdwC&HsyY7IJ|_V;e<fy2Ty}1v)GLhE@lMh}`L<CoD_u8@$c>uQ!|Qc16r);ulon`W
zxbz@rfN277TGJ>^CE)&~J9_#q5lZgk3*OP&hMD}>2r!To07zTzGsv>Oz)~9@;h(x`
zxN-(pEYnrV$JHaE`Ss%-%g9>RZ~<#`d>Nq%$Gz}J8WrV))ky}FR2%_rv%N*fIT=4R
zh02pal61xZdY~2!g!5U+n}P=`|F~djs?k^v&$J&&zUvbK*lMrKFZ29sw7}XAqi~p-
zBx{{GwKo?()vQQ@w6-yhpV~hXN%W>BlVgq@*e=s^c{U|iIYP$Bm%z%hZ=qSiJ0&1k
zwYRi5y=BX*F};_%1wJGF;lWXzG|8P0kP~q0mhFr0(L%`QYMe}E)iiiq1VF?r8o!!S
ze!<H~)>X3KB#--#pZ<&F(Q(8z#XW=j9h+eL+geJUIA(w4+ZAz1^8!xK8%?<{d@EXw
z=n$4%gQ-QA!W^JnF~RX!SqhGU(+gO0VS1rn>x^dE;7n$(C$B-qd|aGN-hj0RRjNMi
zzWI^;{tH=I55w^(_4g4~%Q^C>T|m?8>O`$$!{i?oopNh(Xi^9F#6EJTcw7CEqRM|0
z7G;c_CKidein#5TP;ymgr<k+F;r1zmw=PozxE(@P0Zam(Xvn6v-Y=7HZ^-XnaGA#s
z!zj^==Yr!n46S}bLEttrHv8MikE(;$c$9Cp^wr_?leSC_N6dqR6yzAS-NP@H<9z)~
zFC-f7c}A!hn}lT9cvjc`Jo7IN)Qpc`Ff=8jwj)Qup{a?Pn_u<_qFNw8cWTFZJm+eC
zm*h3vYnL<Nk~RX@q*+Gd0~<4xubkg9bX(5y3T&X$Zf_vZ!qSq41>X7-z47GwX=6C^
zmwvwpQ`JvnnoCB*M5k?zVe>z*hxjpJ`+%Y!!mq)bSwK{Oe0*Z2u0!m$R92sD4?*{&
zw_lqoTdc6CI>v%p8Jch0n5ERPIQ%COWXdW6I|$ehHy5v5=N%v0@svwhSRB?4?70s4
zv89{@=`8#VR6ZR6z=pDvPtq^a!Z7LNTho3TgU!NSSD?|-X4*5+^_h;WV`iyxZ)q>S
zdL5<F(uX^4W?o>qiLZ*wFhE-Sdr?spC^RtgSxsi^m?YZ&acz}I(@Vd8{Td0}rB2KJ
z&{(9%aI$1L<&P;YnX{&`m0nc6uBh56aj@{B=);7@uI1&pio4{pB(yucxQuGklC}Ye
z{dGSb&+p-Ur8^8q47bfSbj|L*U!PORiKq1>w#wOz1By_iD1;O3fqp_peA;3R?QW8H
zTyo*1Nl?J-=G%n>6JI(FdOFOG-?VvP99bfV?3XVOrE+_2(f*79j{yd^3T@bDeAJ>3
zxYDX4ozTt^5+|Mu*oKz6N2N6oOvFx0)p$S1&2@ZNY$0(Dyn?bGN2Ash0uy!^Lo&qz
z#3VeYAe14*q%lZ4<dwzw5&TM-R{;qlz4}FMbY28aeL(oa;Xhw@*Zqh~Y@ma*et{_`
z?xk-1DsBxc9kvSwc9>J`N4f|YG)T(RHZq>5K!Zh4mS(v-Jb2$dd>`m$nvNESlWl<!
zBY5>5ASM7$VD_vzSMRiH`C4lZmr0en5{i-Bu`merpijBAHc=!Cg9hP4#RIm<Vm8!O
zz2|oYegY<vmVQA~!`=5DULsQm8Epp;=Wmuq4Z;BUrsREEtV<a%obaOw_(5&w6JYu$
zN2AD0Gy6kgN+6)t%X23O1P-SaelPpn<zkb;tZDZyvd8W$4VmP73)q<71YJ>}=AYP(
zf$p;xPzoQOm2bK^#3Ux|xQLWLeLv^1aO@Yp+diCS|Bw{`x-?a{9G;D?m)hByfff~T
ztH5;qcVjx_&TV@u58&e~OvJWp0G>oE2^1t%I1x`tg_*m&+`dF!E^&!~*qDd+Q*0zp
z8wR#Oe~I;!*kYdImI^t@-B2Ami@j#Fr2S3WL9P#y=M!@46{q}cNiu9HbLLlXo|O{s
zX0pq1aW6Wq8^E%HH8HlfUfZ@_`?e5rouquNfA5i_kS{IkuoSOv@kr@{Um}_q{nD*}
zBUPD~)b7WqT^IUZD*TqgO+<t@PmKE&4q`5~MQXMFS{~P@GQE$0Bu??+pUL)1xiBJ5
z&A|-_i*rZ1>IDNY5aKLXJHERMTNL|;M%$69G$h!9=pmp!0xz9kf>eGZD)!kG>@ujX
zG*}M}^))_u*u8Q7jVRmzsN@^5ea>)?K(;Qo7+wIs_1qZCZYG1<MuCjP#}C&D&OS9d
zSj33SxCd3y@q~ETIJdeAFkJq50D-nRG1}%4f$GJ9a3A^d-1-Z&df6WU@Cm2?kOkkq
zDK_|4`=RY_f6w*HC&g2vyFcBBhj)Lw4{x@BbXZK)8c5rU)30(-@l*!d{pgK&dm0kR
z;5=LzU+!7)E?c#RlXemQn48ux(I{QwH$nENVEOYS|Nh5YICsIBw~Luyb-jMEW)&p+
z_7b7Mf&Nxq>$*Q4S%?rU_4GHJ^-_GE0BCvNzl#cIc480#Nr!IpOmOpAluX5MXv0ny
za_7@5gnv!ieB%8{v_d%4V<5Bqqt>r~1AK<R-$4JhOTo9~twf=mhx#b#j_IU{_#dNQ
zi7l6<trb^Zx9{CO!~mH?ban6mCgYy}Z&-op3UV2*$O>XpZevUIu|LTMZmb`=;f0#m
zz!RbCzq!k+(R&}_kw)dM?U%T%z49FV>q+|u`11RW0B|LgFocbX18RZ%T4A!@jzO&*
zDL4!UeABf1Dmmw{<oM(=y8gg)-?VANRtX5Ni|-Lo>`+^(izNOSpp=fQHu9C7%d41v
z+CwIvv7XN=^)p!xB>ermGAbCg*JL#!5ko+>UOb~|=FL9ovBC6usb`N^0x!n08rd!F
z=*G?^ekVzwva~m#)NMlPYz$`1qF%kDI9X}LJfn(`gQmS)F<(vRY*~}~W(`P8nH$Pk
z$IRZq$-8qGbiT8nrD5MO0r(07Tbr2|!Sci`+<>DETz46Cuf*t<T*c)4PtmJ6sLW~x
z#gLw7A)sM#12{$ePvl&QGnwRdIRN=B`F!$s{C)3Dod@M_Wh;)~Q`@5g!|+?R`?+ZU
z{iU8J;<eWLWy`K-l$!Njb2}>Pcc@Pg8$15cp6mjd%OU=j#4p-MyD1}b2E?2<#(0=?
z0QX#$RtKbX`w)A$XeQl<Ke1jpCvvSwWoGpxZ_4yCW$YC`D~^RJv=_P;FzK-IOhY;0
zQXWy@ByZwbT`^u8gVtmzPtiJ@y4)b38<Ixs-{qEQiU(lf)1r=4<r)4K*HIF|xF+Y#
zhTXA0O<dq-a}fE#%gtheRO@~XQWH5_77A(jD+QgIiM(0$16i!JHhBXzwN=;J<=+=d
zS&>fK?Hw(euPK0SRCRfAvB1u5N#z$P{E^xk3QL7vvpEe$`myq*3=jtBK_~R!fsSpL
z+{t2NRcdzvl_W31Xx5I9M~A*wZ=;`d@y$}_2(DeqHf#5vD=T;0g$)F6^NKA07dP?O
zg7xtxzH;ILPPtR<urBYoo%f>5eB=w@(0Tpg_A{+}fDGzG`|aN*q+BT&j<HA9g*kAT
zn^7I<i0+7w0kBLL7^NP#wvdh#*~B?*PNpBq(w5NhFMF37ZAwnoI5*Iu9Rb)xro?Vq
zwO_jRMMO3C#%hs1YQbIHk)=Du`+VggypwP?8SMDcX=6M~uqI<5PJZTd3NzEaZ^!lP
z6?ICoq0vB=KN0!qVS%8UO1512RF3MmpN<@NZ`dW^<uW@<Kzp2_XC8ZfVl~7zp}yUA
z!QzDi)OD4^FZ3@LQ3%y2D{R2P?x6;shK%-<6X33?W;@HRl*gcC#U^||<WXDYt9Pky
zeJ}bIr)6_AnM!K+;P^l}n)9q`MDK)o991<U8m04_7xwQJ`g7kq@4GCwKLaPxCvdK4
zy_B031A38+y_Ff*yDRl?^zQ@hG+S`P1tecE&=>y)U)ek#7FbGVCud+;BvsOaA&zyF
zq&ou~B$s1P-WTvGO_GrTaPfqOK8w2;8M?(O$tD^4c9`@WI29#b@bJ6n2w*^QP^Umm
zW^xWMr=HxGpPjx0aWHT-8@`v2v~8Tg;<OyeWcN@Yf(if)I2?Xg(8-J820{M|X!mFz
zsqu@8q-Qi@{9ZziRP{zm{M;3GB6(mO`E+_Epz&TOMy4b}qS!owtG##IzFo3m?i##@
zeb)cqwmS<qt^V&#ZbET{Jm}!6QWeLvXtp=a#1(WE0DYa?Qk@UJ&Q9R{EtYZ+m0_;U
z4lq-X#6yp>WDMC}d?Z&G&N@r?cMRh&w1H6?1`zR*H+^%vfpRFnk?ptHr6OzE){S<U
z4;R5cu;Ie~(CqX*KIRLlYey$cNR-i<!;ldA8qhP><%Augr=5UUxa;1XJn2~pKvRDe
z>|~reFl=%!Hx&g0{~RPj3B?P$BsBH(Ai_xL?VPI<oS|&|{FufG-+-1PITZ++r|sVj
z?QA!h8x(bQinxAY;&$@r8aX4B<6g06qLj&)b(UeU1Fw;G_solM0b_WeOTV)W3zX0P
zF^_9uKGD73{nvjz6)wP7oSR>o?|+&wLy}33d2pRO3cFpU;nEfZqFt|_jWGB>tNfYm
zLdj}<KLr>+;FB!wDPk76p%2_A+NfW&!%?Q@=JhD%kfCCF>??}+MdaZ6y|GK338zQL
zn<mY;8uSGKc}T-W+ynOzJ<{024n_0xOx*ks50R9}B7mY;M>`BWW>H>QuP+?78V_HZ
zsRNuQ;<Zb#%+NA>8D2>Dn>r&#R`psjS@Bb-(`j)O@QJWkh-q}!Rr|l()A3A$%aIF4
zMyh(gcos}L+HqvO-(-Z}ZTqYL<Dd@y#PYzY;HJAE{eWf13p&;EPsSx}vSf=zuY^d~
z3)B`~x~;7Y7q7(Gu7n-G7vbRGT^iq*0)lH$4?bIwv)U*Qg4<BF-}TvlKL<3f8@zb=
z@+Gvw;r-LCY1gcC@l8`y=G*#s-RK(`>+xCk+E?!}8H_N#FTCaUq$wEk*f*3gU?=Mh
zU<^ra9$@s88|m`t$JQw9D*cA&*UwfJ9f^4Fm^{S&a|J{wk#CX+r9Gx}hoWpT0vbts
zZ@*H58FN(3p9X^HzKNU*kt>wTVR{AFSFDEgs6ru$+i_mx+84f#o%O%15?3y7kEiYQ
zuh9KQN+sHY$2JnUll898f)xJE6@-iR_xN1?Jb<0EF<ak5$Z4r}^bI7r-oS}Od2FSW
zwe@wy<%=5n(+a!wZb+83m6n?b!oD;HLo|%zS=ooC_Q+w=i?U#LjgZb4+x-v5SC+Aj
z@g<2cn@PoMOGh^4{3|V!Z&z(v?+b`Hxji`4ts7jm*CTiX0RCi@4*nPh|0>kx=brxs
zTk~eb-xVOfb@WCyz9v^Q)M1~g4*e}rKkfN1aqvItEdQtA+d*o6$kq>c)T{K~fD`Dm
z|MT_BqKqP?u?f3oE!J{<bv(k4s683t`H}E{jJE-zUi|f>qr3lE$N_&Xh~#f}pMU57
zXZQVG>Hh0-|33u){A)S=U)g;I_=k(X*Uyouz)!QqueJG93Fih$J$*JRa$Lj*yJ5T3
zNN(G1-lB-|0g>1|HG|Dgqt&tD6d3HZtn1$flTS(epZTm-yzE{aIS+xu>v!&dO4+L3
zSLu#r->%vYak+eQKl1VS@AcH^etvGqq@nrfJrl52qo2CzNUi0Cw<JecENp~0YU-ux
zDP_w%>;BBbDdzCMApLItLHdz3Y)q6W4yFa5bt3KtJkSvHWf#!qhN@=%a|!nIX#gDR
zB%R%DS8oe!9Q7gSyWv^DK?C0p=4?El$*)~lesB{R^O>a(epe0XnmOx0J(fk0*5Agc
zY47-k^#WjWg#{kTJm6;J?1^IG<H^+tKF<^R%Kh@{{%gX&yE0v;(cCwV7#=el(8A@p
z7(SId(8acouYf#~e@Z_G(3C@2m(t4Gq%p3$-*lT!l{SB@XO3#|DaK2`bnnuWwHN(x
z*Fm)}d(`DarzVb`GH%`L-L!!<@JHjsm9OFZ9l;<?FE%!H4gNP?ON(nMI*CjvzqY@x
zp_d0yh>hYreDkm?cKBp{TJ%w@%%C?gGEdze?aPovHgRaD+AN3-Z*>J?dyi==@_zXk
zd<lWxO&k!7hAEOf(#+ayDB9ym9!lAixDUUsFO`u<aalwyhiaIhkp?;ali7YZ&|f5W
z?~XpvW=uM**-EfeKUY@OMk@C<K(ySr#9^&rmceUj_|gG3Qc`WeNex+-F|_gd<Y+$Y
z<WEN~v>v;dnn~vIfQBn))$NKi0t{2q0>4cq8Nk7VcXl3#)~%Y@T+9qFH&s6Ypn}!+
zvkd6jJa7-+HDM<ch(O<lK~DuW+HK1nOiu7dYR@um!E2*+o?i>}`#RKSdJJRCn!~4A
zE&74ZG(vY1X4R%tm$ZitS1q;7a<>ZH1NW#4+3CoXB|YNON0#0uEdY~;LbZ{#aK}3X
zyge`I5K&}wm8Y82#=(jh+v3_*fvymkx3)#(lV6=Kz)A(S%A!|A&f8wiIzZE4n(4;z
zSUFoFNUe6)2EXkiRDPm3fGvU~c^hbS*3x>czaiWR!fti6U1jMfJNS;|(J2hsITO2z
z@1L^g5K>{~CF$yK&)MCKiQhM(+Nu!<XWjeJ86kWWJu8(gRAv7xiI3&<*lI5@_9P@;
zM<EZ)YSN9WVt%2EPgP>jb(^1XZs8PP-aKsPR2(xddF^-*w~o5x!g%}TyyL^!3&jJ2
zP^Rg~mlHQg)S1-pk-TI|`&4(UOXYx7`fh{Dd8gc)$h_drNY9=Gp5p(*)?0=}xpx2G
zTSXBOX%HzT2I-LQ?ha`X5b5q3q#MMMh8d)W?i@;5K<VxnV(9L8F896f``O3u_`l=D
z6z8?hbFK5UzH2Ro+T#1m0j@HaMS<h=W9Ydb>pA!F<($uez`Mb-42$*jcN-~ud9_m2
zS=NiLsb>d83f$}{oA$9BOxvZ+tN@aag|16WCj2hz#(h3M_S4+qfs()<6f+guDq2bu
z!##?<W2O0&)~&XuCfHjuW?u-j8toZh9d&ttDrS6@RhZk>e#y@K=si@=yV1~|{74Cc
z8|7;zB?^FY1~UX?#;v)t^&INPDxM)zZn#z39NSHZP#hV4$~B7hnacUXo5&)84Oe>o
zbrS}iB^L6OU#lmacoBg|gM!j<DPzA%Um@?c)5Mc59{d%p);sTG&)7)I)sxuku*Q8v
zOs(xaNu11E5w`db^64y~>;6cLI-lc36H_@5KXt&{CC@xLNUD7lhF=_OEPRCarA@*h
z`R$a&3UMs9^X&u;_NAQ3uazri+of)dQop7TL}bl<sFew@5weZK!g-aX)K6LWZ0?_N
zZKV_s*Wop6uCMOqX}k~OiLI1v=O+Ksavj<(YnDC!6ql!DV=)Q{TQ(0zXmh@KY`urC
zQLQ}lFVSz2XuS~(O}xF5_@J8<@uHKM#UKZhnAN%lXov_tv`Q6RRv=lcdF{@Wz@W?d
zBPbhFa|9S@d-{yokT+t2={}xl5GMN6U)sB1Wpt#L*w|D4E;Oc`>waF_{v(XlIPv{0
zx7N&jeLx*gJIKKC(PGgoI?&`$<z&0b>7;APULC5J^{LVj#pi4(qSt83U!un!vtXkq
zvt`iuo-mcqE?KZA2oq=ycqe_=EdtpMc$SJ^I?vva>HAP-qmo=P-EDs)a-!@ig6N(j
zK9Zo1GOn?=#WNugTt6KKYzhCA38pk<MkxU<8v}tKZE=D)F3Bk~XZ}Hmku0y($J`=A
z4~JDiG34SlNh<Ij3P07YRc&IXfNQHQRlNq+!p$_ZRVm?A*8tJj7i;m|&jo`<rH1d>
zE1tvX?`=u+ns;PKloEIx>}RSk<3vw|g@kheDURCCulRtLh;}?G@54ruTdV8!OSDB+
zM+bu(1E^q~yr3}UR0`0nPszn1CQ^p@LouIj9r#^|-f<(-rQ6}NnF^P<y!Y+J@IE2=
zRT-=-a`B`BNDCEVO_IPQ^GGSK#Pvw1);p`-K)J)jHmQy$OjT(dhYB-@H;JHViuBjw
z%-_$P_^^|hq_giFKI;?`GqU?^wq37ijn_Q7;=JOcS~&2qXqjCZb`-Im$fqfzBYi*k
z&5T)lQuqB;MVMvxn8`^`o)@Rjm1DcJO@g9lR(kfkgobGgYmZi8UaL8r!jqAA&IW&#
zCX3on=Ha?+kEyqKvYEs<p-q;XN@1#-;Yx)Zt978i)j_IFf)5!i!2}GRbidO%g15pq
zv(l<8a_OlepS8Nodsh`3!q*izZ?DCw-@5a<?T=};%!!M&`5de5s2C47r5J1UU~i8`
z_rgZYDmwBvZ_i~BjYnNWiFS>s?vs_&$y1>#rx6QiB36r0P1Cnl-(?TZo&JGubms}T
zrizF;hzKh)lqbFA?uJ^gc1ghN*PB{SQEzog=Qb$3FChmGW1<~IKfhN^TsA({hT$Wy
z^9WmGvsi_<MXmA3AqpZY_g{e?DPM}O)f%60nvBr_P5k7wp|3X=xBXH%z<&uHdd^+2
zrm)@f3h@>1H*dTspmUUd2$RdcenOM7gQ@v+nTCuKdBqGDSASVm&)(V3YqC`b`o;F7
z=&;_b@zW91y`zvM_*zGqxbEy-OuWH${UMrN{+ZK}ZHm;7zc;jjAzBuPSgs<%aXC;>
z=z3olL2vVEYpSI{5Ew|3aPVV%EqlGvcN!34__wJ$t$O2|I6pD>ToMGD$tu8+!QQ_-
zWS*byj~dN=TM(y~zI{!t(?T%<@$*>+J%We>6<jzxi3RzSbobe=D;~$69ONpWlZ+_L
zazs+APZXyh9W0Rj^BxPztt@(PP<l1_Dmt~nt>TaOl@G#VI`{-D3Os8HS%-i=kX9Z0
z`ltpAilif);qK|ulg^LxREMfDbyZIbx}U81+}$Whaup|C!T4O>Ls^Y+>vm$R4Dnvx
zIqiaPE<`vFuSu${Mk&?LpT{bVD2QC)jOU+a={#{&XF{KmZ3u47@0^BjZN{ei6@m{<
zLpJNyY$VZi`Mv9U(}LX(7~?vkZS+rYC28^$(%#Qt-HQq&cohdb7%mZKNEvtHHB_v^
z)z%eL@-=$SKQ_7`99@ThC?1ZH^F&7E3mmO~|4O?8N>xa#H&)iMo2zD4CEp#-x02y^
zy?D!Ick=0VYgPGaXRpSI^e)jidBty;l+?Mn8=mEZ4Be$qlx9ZTB*F^hvh^MyWMNCY
zer0=<LolCnjpk50)XubvbNW|AICr-Mb9WLqmFY>`ZewR<S8af0o#oU}=G}I+>A1Id
zwz5lKA~WN-e`6{gM8tYAdLTnYg=@i9SwIR+e=u_`2I2m>q)gLBvSzy`v2sb@2=As!
zBg_Mp6w<18eBL-Dbb0Lc2I9shY_?K9SH)#nRllI=*<$;7BAAZB(KU}_K)80^?`jDs
z$$IL;A*@<lP9{=8XK<Jmf-1X3&oxddH+s{3!k>lZc$;z3q3E?xD*^k9g?G5dxanCc
zrGD*R)~EgRESHUe(R)8S&_x&D-QA3Tvb?Zna4J`!vV@Fcp7Q)X9i6_lrjL>HbhSBp
zjs2vtLH4^ybEwKlPOpf@wQ`VEQSvwOlTmUHB$1lj<nZSGHa%6+k@{$2v*j#hBiAc~
z-u92G+e9^1eR0S6!;SNgh1=^E3#k|#5d=68&Txu_CUd$P+fnVlAZ6L8q|$h=0!hlf
zQUB!Xk{-InzDo4S2%+ct6W`U${Il|yy(7cn`uX;|@|Ct5rOl>ze&}3wIx(-t%j5@z
zPubjX&K}Uk!fA-^?}U63S&R@g+eLzVKM#@RPim7n1)PqmKN{;O@<N4g%LF%eR$bW>
zLRNzeTDf{9!2j&vn!YgyrR3WRKOU`Ob(ngNqL{-ZIKgy-6?by*MfFMDxJk^LJoc|P
zu%c!Bbm7`x|G4F>DA7L4^0MP~#*>M(vOZE>!RN{_KI1vjjO@ZPo?K$d9Gpa_H@_$y
z{JtcX=rC@-_qyaeT&hWf`lFcnomM`Ia^V|hiiguZ#+)N3wq{MlT<Rv~sZS1W>$n33
zBZ(u4w8@tbp0aj7+O1L%QHH>O<vH9tq+1vn`w1i>PRSIf2%7fv%Z590BZsMTBS(w0
zR_w<zqG$ZZl0vayA3E_J^1mE>2zblg^uYgQ8T})LMPu>nJHNXw*{%6=g)3`W5AXGY
z5$6@NiJiy6B8ty<0hRVl^>%Jyf7nNn+Qu4zL|GG!k4-`@c`}p{Rk;f1VkfuA6zJ~i
zOk$Nv@15%q+m^tRjku)J<K>=k*?zD7-z~lo$4MPBu_UuZ2;2EuNXyNqYR>})B`#~8
zBwU{Q2qf@M^1DFVfaGGSM$?CvwX@E>;5JnIu+*b>z$o`l$uWGYm5oIG%HejY{sPSi
z({HQ}icL=oS>}baYqoiMoAbS+B3|db#BKZhHrLOeJZGeR@BruRb8>j6<QI8E1SWsQ
z$#eXAp~jl`)3_puIPucS!CP~7ndy=Oe(TR;E^5ojNE6DTexXCp*wvbB&W&&%T!kbD
z_bY95MSTYLZ<ZTRJNi=wL2bZ_nnd|rx}_T58oJ6vqlVTVEz1nKgaA(W=J27Rz-Qv_
zyCqs0ev*MEna+CmyPL;bV{WfA_}%oB?cb>XRA{GpF+(<)I_*OAlbzHxU1f>?Q`RG9
z?N6113XNe~L7rX*k}2xWD8|GerVcEUJ7;^>kH<Jo{nS5%Z;B}1?az9MLKPnN02__3
zkcRhGyD4X;#s*eDuprvXVkFh-(1bUwvpa5q+GtR)`gK9_^+o^SUSE<7G}~_6c@6a2
zXQ=6M|D&ekh^M_{Sum;<)IoeJDx^>8A^zI{`BaESC(RIuy_fUgSgrD8H<VK2$#-Hr
zxWZkdLlVAO^A%REf~orExzbwKNAO(eEuC_DR#iLC7t@Vf5GV!vr^^kac3yD!Nz3ai
zF`~;bVnLq8bS~8ehoz^l?hPq%F?@N(ZRS!Y?kRW*1`ahl_iMJOja5HHR3&u+8!~h^
zIa!1L-mnhyxyMhK{TcnMGMQH4%?SskBgjay`74QUc5}Snx9jYacZnuR6r+{WC`k9A
z*hh+p`Wi|eX$FD7ID0|0#W=q<=N*Tr&wu;VdTyNXKD6=WjvmYAsVVQn5v^dMU`LI(
zHGI#^8Af~WL$(jz62hlFe1{--(@4m}ja&sMg@^Y9YGSh<JMsRRBCokOPt$M$4&_g!
zolW-wR-`t6rzT+Zm+blHi+?unjwV5Rx#Py*q?apVpjOQ1)x&#Bmlyq5?bo%@v}q+N
zoa)1UEK)RsiR@RjR_q2@i*{!{R4L-Z)4()}dAu4!DkOfUmA6gdIR{?@XEU<ZuAjgC
z#bVfGTmE`wceUP#9<x>@;dS3LRC%(iR&SZ$fbkxo+G_*jfO(zJ$l#XTuf~RBMmWSQ
zb>qWk{{3MTO<fx|(b*dOmtDo>I<*nEpl+pPP|x$OLDx?8mI<mO9J|T8Y%u3Z(ZWb*
z%!(MVel642owEMhS-wlZ<_j`TJSsmN!2R}WSoC9%=)S&Nen5$V?J=xK--UcBNHQ!V
zyU`i+;OhwB4~Jy<8L8;LASEpbY=2Az&^B#P*nxcWGgXH;^ym$aRW8wd(J`)8XhYti
zX4-Tq`uNWD+mZ{i+?r!~z6`5MKKc;BV1)Lel33wY8uvZ#=ek}xMOQLlRx#@?MIp9n
zVBxX=SEr}!$@G$mrXf>Vs~FRudcQKC-(25KE#+BMU@MjB&y@0C4rhZ34|VIhkOae>
zMUPsK7yU@>W?SeMkOa^65$~jHudzqh)p8@vr8;%M?0n4(q89wU8H{1cjth8i-IYO3
z2qf_p>!n>udiq1Bg;|&3=xL|fmrEW2K1U-?>=hfxup3|+d_-?Cd9{bboSWNDaEht!
z3JXCmn!y*gmSTN>DOO~PXV&w{Hi0f}9FOp~#j1EcqrqIrw;7|k3e-mH^Kvf!x}Yw^
zG;yT8(e{?FY78U~Y_pQ_t(ysg#Q-CvYj0z6UofSm+M(tFhjs{(UAM>ESTR2&dH~q(
z>!YWgLK#xY``8+v)UrR3TV4E=JBs0$B4+YT`c}DL_Q=`!89p0>iB<ee+*YZ;ao?@O
zn7&5r-upvo%IlW}WmrNiiG0f*pKuAg5}5TW<pn<*eRG(th-PC^FKF^)Yx*%l@8>4N
z#N2i#$`d6-e<1o9omP-{`GNIzE&11+3DN{)-l2I=OKfmEkInn<ZB!g^?{Q-Dc`1eW
zeU_yd5OCI#$lPbA`Wvc51u8ef>zEI5R2vj*>APQlu2F(s?&J02E;<-#3!Z3xtKpmF
zb2n%#I_p?qk~N3DCA8FM5|O-8W$J3b(;IkNWI06_LUMPR&|}hFQzC|yva6kBOvD1g
zH)L(Sh>l(&Wj!Okx{9JOB{6xmF!&PTczUB=ZPS0gkXK9T85JsqMtIhx)9g;oOyq~&
zPl0<I(#y?a5<v{g<%sAtQ|$au`PXWA>R(991`ejd-!5J#da8yo=sPkjs#vz{&$Kwn
znLhA^ZD)=dD+x$w&C~vxS3LRjSuHPq)=dqUKj<%hXVLdIQSA5kaZ}b3!3JmNLiE1c
z{VC={Th-Rkx&ESiy4^0}_fBd80rH`cXcC9#l2PWr9M{Ok)k2-fF%+~8!q9$|&((A_
zI`lh{U8{M?dDi!|nAHzd6XO=VbT~#vRK<5dvRC^uA-%$^yL(+AiwrJP)H~sp&znp8
zQk<-3kW0VS_ax@ss4P!1K5s?IBq5q?3yBzO4Z*;;<ZwP3BcnGny(#XIKN%#s2w7Z-
z$GvYK^P!Gz$8>bpLP<x|E3Wqm!7VcOv3tI{&gU7XL9P{J``Ik8(VGy)&5rZM#D3?D
zCbtdG2gg4<&NYUw_i)o{MdTIMV=}LwEixAYw_t;xv-Mt$#bI~pyLrD%>5&N$AW4<g
zmWQVt82(yTxBLF#cQ7^JJhqApFJ`#k$u@0poXgpz&fSA6?~?YJ2ZVp{K8~s1Zq4F4
zl=RBbW9|J}gstCPQs~2<>glWl<M#`V#Aqr%*Y3eyd}FJfNtMrgor%+Z5M#QiW}#U~
zEG2O&R=VhX^tCVfF{z^2QwvJ%^-vNc%_SppF!@b90gs{U?gqECGa^f|2a@en6_;IO
z{`U_0LFIUgQ_rD5@PNF03{9@iiZ4;sM1;l{Oo7koSp*iF`|?HzlxRCngwH8E#fo8k
zr_nFRixB7xqO=D?!AI<JQA)js0zJQ{JHedm9KkQ^?(1PXTaZ}(YCHM5NS^wjuxK1(
z3c+6^a&JQY)9P&L1UJnF<LomQlhi16+ykFJES`o5_*aZ!rt$92UBZzMuL(beFL>)I
zb}vbP82Ym8JV+PxHs$v+huH+{$vBVMM@|fiv4BST^xc5B!I)0N*jshhbO%51cqB8H
z#V&)+7vpXDW)lqN<83^~!3XFx)fLvW4W_JUk_{h>$##-LWO->e`={v`8*WCY;WKYP
zhgnkRL{UWoj^o9<QoF&Z+P0uyUHyJo@eBtf)$zuLcb6N%z~DC-Cb#w@^$XicilDCF
zON-9B@Pb8W*JaaMOO!lc><6oiq-y{BH~eSkP8A+A^3(A3+sa^W+wdr9)!jU{M__r8
z1N(a?<Mun#3!R7DrLec4ka$&Wxl0jH#&`qMhdaMxDHXoh?|pGpcm-PhSBks!R7;oO
zGzw?k{p$TzqW;(s4eW}X!4x)(u$cZRf|juIPC|v4FI0Aq65|K(;!DGsUWs^riJl6C
zdC3hureyi?1Q~)Efj%?vh=yeHh37@vr~8Y){u)V+e`GZu2}1_AGU&e)P)-DT_A+#Q
zy!|}blIz{>5Dx>nSr1F^dAAcq_cC`$3UH6d;VR&Zpw1JJasD7dKK@e0>CCD)8-RC&
z3pY8BKhb+#Dpy|$#Jx%7ahQ1Us6XK`b7Hy$E`;rZ?MEkjkU94xI5JjXfx^Y6$=tMX
z4<01bJBn-ULC7l9r{Pc$h7Zb7k2LSc+<2aghfS0R@64NvTEBzMaT*S<5&6j4FH}n0
z?JQi|R3vE<RnXj6Y1s;bg>3OM1fBHkV;36Cs8cV3l7k5$GO{4Ua>Bn7=}fI&<7G7s
zou~INfKzK!cdjqu(m7x8RK^vD`9sj|cLnZp_Cwv_U?Kg;?L$h_{i@~_a~=1s*=$-Y
zQa-7@{?p$F`(1cf8*7q{RNRM>d@bLi*R-#@gpIz_kgM<%hei2yREEpdni#w0p+^ya
zTd6hZZvO}y!SMNBLfkK%G2BuZEpT-xrqQ~F%w(dE)-`Bd>&B=9+q6HQHChUit{>c*
zEh-VzHb$<ys_AUc#F0`Hl6#CDp4d>*^(5+|G5v9CKgOk&5Xs5O^>pd|-Z=_MP=@A-
z<k07P#Du@g`8XH43(y(M#BWBNZrHsbTne8^B7Tfx<~}D~Sm~y~e%yxPP|c3<K`->7
zA5!9AZB4)J1hL3(09-{Qa7seTcidJUv>x{`e?*fxR444>=;m#1uOWA6cdS}gOy3>w
zj_2<o)tyU6+kS92Tpl+%`)6Ai&N>6Lx)u@PN?{eoI8-iy_;Acb+2qZ@OJ4s*RD}5t
zqx1JpN2e|?NI9awQF1Ls8B6$6Cq&ow`N6+0*mYG4UCsIFxf!}Y8XUZQg++SsgdCEY
z$F6`P_LW4w?QUFJ^J_b$Iwkd9dBZ#w_95CV9O@!nK%c?;x4|7wkh|@c79}Nn4Plts
zmY0QONhGG(pK6jT^puNe@K(Nls;0*0-05dHNbfn<se71+5;sa8>}>wxG=U{Uta$eN
z;k&69ijF2Ls?7dweJ%n#hms$YGzNw{*4MyoyB}7pMjj7))~~leF??2wjSy`;WwaO)
z#np;!X1>i)_4~42mwuDO@yUt%g84Wqh1d&mb}S&x;KdIuRP=}r^~;48ime&hOHx1K
z{7#;>lGw;FO|PDp=ld9%_uD3~kjba|sSfZ^dtW@5*GYPlaYylH>VlK!<Fk)7*KGF2
zOQNB?5q%Vz$`9H$2Et00IQHs{`D5wqt6i~I$zt?LD3GoYjm%LYG``Ce`<ryPz(Kcq
zrVBTc@iP6GSK+kcvYw-nzZ1rh1V`;PhCKA0(=SrumFGGvId@i1&H)6ZI9Z$iqVQK8
z%Zk|87$vVEPRz$F4SrOty*FqAN#GiUHQA2*HYOGQrVU?wD(RW$QosyntYk;%=!$tD
zEExTyGc`RB3_k7TT}M}mjb&UdmrO&i6VMi6@59reJk_dq+-+BHe~D{InBD@zBV~<(
z^dxkdWnF&H(hZDipY9mw9OdI9WE$M9i-1S$Wle44n$^;yb~>VBm}lL8S}Nja=!1bI
zf(Mx*gIOY}5xDQxbX_X3^!6q;ULG0?XBZ{Vwt^``e^>pzhC~4eII?U&Q~5dFD?3!#
zvQy2NHsOQfM*m`4tp?cpR8A`-e5|7(zPYelXZeq7yLdQbgedx;8x;&(bCv={?+0(B
zw(84kx`c6l^oSZ28w{f7(pLQEv;V}BORbTjff$9y8-v3~=Gra!$HtFAd{Z%4zwIjj
z`=TG?;-B^1-D_O0So>;r4~%WyY+R~wc)_kByVJFy1L^!wQM8tP-=m8=v`g-ezbOX|
z9a<LOgp@1f1c~PDT=Dpt!GIB^H$q#%e#tsZfmO^59Tw$sh1Qab_xxh*stG==$%!%+
zWHvmK`f+7(WH)QmRT-`8th(nb^>!D_$vDYv%Wd9mQsXL`Fa5vy4H|(zUqPGPESmvh
zZdR>uu6)Ek^JKXQRHn(o%Ciw$%T#uAsMTTDI+)9mtME$BzBfLD;l1aG4n@I3R)l9l
z2o`sdrnmA6)-UQ)64$aLrPIuw)m#PDX^vbZ-LO`(>`bX=sCTgc!z!fXDwuhRgyF8Y
z0_<!T*15-MghZ9UFef|VAGjW;t+<_yf<}};l#SGfHQ<eX3fA14SCN%n6wD7nXic&4
zAn!B>-15H{GhX6#8=6++wuWly9D6*(F@cZEN(a&>bXfjA>ML#JNNEY?X7>q?Wxqu4
zFR!SJkJT3h4(^9?Mj{cTqu3%tJ0gzZ6Om;X%kS3nG*9jxjy1}(&mSwDHuw%aVMRDL
zWth`<5>GO;o-k>Z>8Y85eH2+N4z>7LwJP717_w(vom;8wir6xV{4OSl$k~mA?@bk~
z`c(VOwxju%g+~+^)U9WNn`hOoo?al7-E)rd`je<i&ix}OHzp0P4HaIZP84@qR-~XW
zwpF{u%2u0<4K>rY4m8cdar{uDlM_bPudZ@ZD&{WgZF+EcrP!plrmi}l^BFB6>CKi`
zjqN$V^i@s&$Un#ZXAd;I9kI0xP6QWj44z;`pi0+@4H+W%Cys9jEpGzzarw>IVfs`s
zX=@OraFB1a2?-e;t4{1O&w}kLBkgw@WtD@&Y|Otica!-~Y<Xyvp_Ik*u5A`U&ES;B
z#`{I@t4Pd$d1l`P*Yt)u9!ngyMG``@*7_&a6Rcxa{LV=E>!&G7p^@OJ0}KKI4_rc)
zZ?FXiqqqgDxmaM9xY9Pa?e||P9QoFrmvobR51#yrc=0X|5xx1WX3^P`VNtV%{Ko0C
z<L;{M@bp0Mv3{QGP_KqL!mR!%(93yui5vR(_~<IFD&W`#-=9Z_4+`Y^ynb$U^Fsv5
zCyaW;#))||T+P34W^K+NoCKwisz9Jay>Wta#O<fD(|gjySioDXnOwIv+`(Gqu?Kz`
zrDdBt6EU!s+mH$|I{md2WJ66*gmO*8)^XdU2<_y)T3AXi`t8=rr$*!X1Yv&fkfhRI
z>;EjZ=nD0h*MSUVgw7j?koT<D@zT$C6-eLz&Y{Hwb?F<0=6=!uf#vjhI!A(sgHUI)
z&I(Q*>y0t*SyHI(`D<;Yqc&7<PTp;H5ktSO(NZ8_Eu<5$S_h~Kb=X<<!}A6D<6~q)
z0#E`k55wM31R81PHB?FCwl~I8_?(F8Asq1t8TG!rih9eC9`{OEG_m29@pejr(`<|F
z%4}3HRmhK*kR^FBhDKF*3G$-aYd+nxRswDw1<qtjdDrWWE#wKSCVbOn@11Ik{d6on
zM>!)hkrhhzgW!T+<M*os%jG$zKjY;7<QfO4IC_txYSLK#m+Xps$vBHWmH+XGSc_sS
z{#d0|_$mLz`*DUf42PversTK&8;#VVytDg1)56{}LB-47dl{t;Bh~~61YB}_GoOvK
zX!!$J`Ymt~*F)IG{A%aBdqE*sT&N18pd9J0smfs**H*Q(KL6|cdT__{yNB16pCXPg
zW#kFrmoCx@EW-!6=V_A(ezyHru(g)~PRmKK9@VoQ9=R0oPE=^CD2cr<JF3?t#yod(
z|Cx<ssHxzosQ^3*P5C(P*rx7Kv134k2)?1QMv;4%{bcxslV37FiV<-Rt>1psGZh7m
z-(egIA>CFjh4h$Uy<%}%6_g39RCROefY^vYSnLIryr~w);uI@2g(s!wPQ$YwIgmqt
zo)^J;HySDkj}%eXAM7eKssctK+l+G;7>bIB<OB6fQ0w~MrKnBT>dvDKIhDF?N=rBT
zber^EbUs5~FZ<f<6K$`&mflM|%MKFi1lxZcJyF0<YMfz=LQX67{;(X)0(G^tvu4!a
zIgYGa4tb11p8R|M5}g|8LjI@$OF-ehJD1fk<*bKB7sDyNR3E{K`>r;<`yHP3SoI_3
zTe}*jeWpZ~WtT38F?+FsP9%`a!TJb(<pkZ$WBSHr^T~QBM~Ga|H93{D5SR^KtRv&L
zRg=f8?=h4^`Kj-?mi+1`$Lao}|KJEP!(}w&_%ORNmB%N_eP>Q$4O$|W_Si3Eqn`n9
za#a_1eiWE$JHxQ~ZC4?fJcZ*^=Cd`}mlJ?3Jl`dTJn`QZk^N(LJ^GAGWH(_vVitqY
zY;8#z6+07u?g}KE-3;f0W(PbSx2*$~+sXqT>pL(pg3iB1ltfwa=*ILn>Y*29jf3>Y
z01W=hfg7IDc$Wh;)PJK7g0$uzsm7)IU!AsPG@i*X>eXBFF<-bf2!<`bfmM+of$k3Q
z{g`GR`bcmQ_+_iKmPO+RexI=}gth9Ja{ad#fSjZ{m-S3M(5psXiL{v{|C9B(=;PlQ
zVI()SK4-<1t$_sB$#YbRZB$YnNgM#Epk@)dH_d6f+!r|@WhXMvQ#W-c?TzyrJ|Ny~
zk6{G?S<9pd3^}Ix;sam4a=5&y@AUa(+mFti2)Zq2M5aL!Z>u}$pzBQ&GUY^)Q~h7*
zEpu20hkhMWYEbr!aI+)E?d@dmYWb5G`i7We5Pt$?A&b3d>WoV7DEYi+pfsHBhz};y
zK<{MNX&A@L|1&ZNnm*`aR@D0mX^d5@WY;<U1J!#<XnzxY3o=ygriB>0ock_W{M#OT
z_qk$^#gvJap=rDPw_4Bw2j>=oy_W?aXS4swluA+r<TD*^Pg^`K0qR`ccNY{ObiQI<
z4ui~~B6p3biTV62&+x(n1KkR=y@zYRysE07_Ak3fA?n+bxrGveWCme5Cusfsr8F6~
zL9UdhW}zlMD!?=Z*%@6pmV0gCOrjO~993XZH^FgDlgM4N$V8#1GScFQj%+9_i*02#
zmI#Rwf`gyL0($iLO67E3xvCAOOkf@sdf%L~_t_<7iC(jqAQ?scuxZ~JrGF}8c7k+F
zhWwz2cIcJ=RmsOLRPXe{+UmM9cHRd+;MXWoOZ%}NO7prqdLx(7JJk`GV+Gry4L6wh
zI=eHRU&nd9BI78FhtK#858N?_Ur>ghg|-&!G_c^DKJWtht069gQg24%uuW62Zgvjh
z&D!Ctv<L4XyF<+~`}eq1QRO^i`Rp1w``0zSjD|_}S!KnGG<2NaQRqH2rSm2*dZ$|=
zhvIp48b6FmB345s2z=l>2+L-;d>Ox>uYXXDpPhYuQaIN?=eCQpr5<H<q_WB9HbdsE
zD=E<)*C(PM>V0}EUbx>qniEwy@5*_}#RE<8^y=k7>55AlP&pU7)CD+?oSvk-<6N0-
zaTZ_NZ@p))Jj=46xsIIGL6>qn`r^?3$~><Vu%=fQ;Cw{=vX!+6{MV8T4>Z4QboBQ|
z&|3bYz1>FyMZ>U^p31;R0yCmQD*+W75yLepEiaOR1?=IgXC5UhuFIwVL!-#aDQLUv
zV9&7AnUi-Q9Ca1OQAe=F_2Qg4&xyEl&Xv8_rO|?C+GH!Ouw@{rot&D`;orwx0!E>~
z)JMFL=_)4~$y4B-nwY0@7dlZgt61f4BpcEx%!df3l^bwvzA#|K%d$C0B=ZMWED_(J
za3P>yAsMiS+{$)-Zh~R`aO*aydW*>k=M>Y?bxNO=f-^OBnVMR^U-bo?-kosGk}XVU
z4R=Ym2HJtM0n;p#A3y5lSm-Dfzd2%TAFvuB-kxnoM!nMT4h)6BJ*Dw%cCtUa0!nGG
z;KkRK=)Fa)Kl|R?jb6ebA(WJ^BR)bsO2??t`@XG0q4eq>bY(iv>fL4s(606PwnLon
zlBRemF(73OUREAjldjLZ6~`5Tb~u8+)A^R+$<!zX9A~+ug0s0FY8hcR#(zI)&vA{g
z(`2Vn%l70p&Frfv4%4GB`YM_|!0#YrS8O(6a)aMiLb_<b(`B*64@4x9$@bY_c5Ji)
zhlG8x#uf@$P^lU>$Gab*P2(0IsB!Hz98#1$s!=24F_^j9TZ8K%w6ggvJ$wt*wm~ga
z+a4=Bvy>Z?W%6j}DTPS$=0kqNm7CPYjnz$8=Pw(1z*DqX+4zNh`f7uF4}n?%4Hl%$
z@=fv(mi#}S;4m#%UPzK{&foZf^;~A2j<vIB%Y*J2m*6|)OQ#nlM#lncy$KpxNiqf>
z)eRO5$oc~`+tmdW<xL{UK(&r0zBd(kGg!lfF~^?BO?F(YQydeO*M<afRV)J)t}m_)
zm;1rHB3lYkiN!gBUMt(L6jyKNix1PBVSh2fW*DjJ4y3U$e9vwg;t+1ua_=lyGqZc{
z+`q;vs|>g+vVHbHfFTad9yu{FiuS#wDj4IVN?@}ZTA8m~LnE75DgxvOZuQv%PsVsq
zm3}?;)3sPzlV7eQPw#V@!}+74ZXAz^4>TbZ<x0~%D0rXiT|}kjMP{%2&yLELhmZHN
z;`p&~@G)5*pQ%WY;3cx$3Yz6`tFx3!f4mDD-2?qvO0pQZQE+(LNWo+T%#tp6^|kW*
z6<!aJeE7lh^$ze7z)mU;jSYX&r88R4;lpV*;j2C@L8hWie1OE;n9O`vL)kY29+KS&
z;ubI>U^-HY7{y;rNsjoY@ae$mv&UAma(`#fv%ns0d<SI}a;z|TX-nT~H@{YoE3%wB
zCTNb=;p-|eF!k{XzhJ}JF_i|uY@?(}ohGSU?Y6ZC9sQskEEVNvHjN|mIdmJayu;Bl
z7JINAV#6gnD2D&~W~+d0HTJvFYWt}eL=du@zGtwA+|1&VcIL4AuZG4`;xz-l=2S6W
z+IM1lUu-v&u&gx4>t`Pmby&i}a}Kl7dp8**zr3FJH1nRJq0lLxD|RTWJreZTV}ywB
zitH(Lbyc=Jt}rW5F44AJ$$`<3Cl<ab5X!;9${8>ZxHvzpGoz2vc^HT_Mi=??Q5{;w
z`hc+_b5~yf)PayRlf<>;4i+-;8_U!4p3vsUU7Zq>6i&54M8jnGpx<9?yJKOApMjtY
zvWxMOmxHaX&i&F=kJF*)7x_Eq*CqOg`18KUN*s80KP(p2o9m1qY29$S480HTYf(WU
zuRh_BGVNkM!%Q+HAue{})VCJL?>_n2$;DzTH&TZN0QQ{dT0id-PFX%u*?@ulR3jd;
zJR?njpN!RX*s(X{ulcxjsrRd(w!fQM&2^%Hn`N3O_U=^Avp4tkx>&Sg*cTO%uOF5~
z4k2EKr#Ip_v@&Wm0zFNC9i0AnV+@uli^3?ZSj76)??EU$d_e0vkMCcuKOMQaH5cdC
zcP4ukHG5$?0_o606?7*IQ|XPSC<@NIIvqJeUBD$<Dc$eBEovi;^jH(S5X>;OCSIY6
zZ|k?*Ldc#cd4Bg?<~WmIDNG|8CUZtLE){96pPh&aY<BZ2Q-swpjK&0oQ>=7*;R}P^
z)NWioop<4z_1Up>a5~QvUnnGd)AjE_17W$@d)bs!k<jtFq9PXQm$8M7*e;p9K=l~U
z-ORWSZb*ln4c7!6y<`5wGAUB}Ta9RoEA~_j8?lL`Cs(R1I$ENh<Y~BD@`!$(=-{va
zA7Uwr#I0umfu1nZJft^7oM@tIx;Z~Owu(Y0@g?a^sPZ*YeXd7HtA+;+$8Sh{4~Q@o
z5a|m2O$RbB{XVe|2Xozn@wnYOf18#IgN!`;L-Lu+99A-XKTv1Mq*s<3wU$lUJjKUX
z5!RO2bT(K2DOWW5&R{m<W}MHpvrGT{%ga*13@rK5y>L|<-(^+ieV2*DZB}K9t+^=w
zLIiLTt>5%SteHgQkH*byg=tV=U5`Dv-NXi~=eKnBJ{@ndyu##Z2`;3wsA5?4bVj`O
zZtYn*3lb?a<_miAf<k&~NcdYP3WIM7hZr9LRxgLz3j$<P&%Std^Cr;=xcftmHvg>l
zMiQM2aSZoLsSJ2_q71rxB^YHGey-4BCyTu1pZEkrB;U;JLI))`#?&U`ZcKNPMFSlz
z-66btp;RgsjU)OV$g4cy6aesIqIcnw1fK@nn3qGr?zVb)Q@v)9-wNoB1K?K2sTZtK
zD_WHze}iICJQ-1*33FNEx@Jh4m6d(?b)Uf2AF`<OkxohSJhNT+wI@zjXPA}g#tG`3
z@+EW-7i-zW`I)$Q22O`Q3k1tve%qGpN{h0B-q-zbt*NxTmmUILo+%yGhG!QNmo}+Z
zbbrjScYb!|=*{5QOwoKn*TZOFz`KxF`3DW&SWaztn948X7P8Xw&$DY@XQ5c<F7OJW
z{Q5!1yud}j%~$-Ed=89~a@|O@6Zpt!mk${98#<l$Z*L@W*A9?KXESn{jXI{Us}^th
zHxH0AgP0EFDzPlD>^hfGz$oc03_<a(;EsM>A_n6{Zki*%jM45Tmsalot)#-_3-GDy
zk=BNZ@v8Vqn<^4ztL?oVYp^&ruI&Xz5i|?w{m(%E#SU9&cJUOx?lI_05ZgJ^0Yg~2
zgKxj%xwOA&Fnd+#Hz6V+wbN?2c%^`xz5k<fGhOqJx3J~=`=bJEo(AMN4kk@a)^{d)
zU^N73b^Rk|5*G!C);Q1_-tw}N_Dy-YR`Y8ddzuJhlG@mRg7H5j_&<36$HK9p;Y~L4
z?ZxnIwZ-f!ewQuJhiXZkNtG%Ti?G*=pZ<Pn05VvVvj>rH`<3Fw#Z*sQUZ>a(Q*!<R
zqN*YGV})g6n^srwsp1P)xyMyGSr*O*7&bxw5p+!8)W0u%KvIRwoV$!vogw7_ecnWD
zm%>j-TxfpQk^G(ad(HO-=XV85o2}{=rxhwBGNJ4lSS8Ufxb{{!sqY($mlpCqDHudF
zaZx$In9#40%30vok@lt|=EM_)r&+5=-%i1;%}7i1X}EGfUcIZ}N3(}?l%M1!!o=<f
zg9j1LfP$pJ+`}bBI117T*n;)|9ELxT=WCm2kUIiM06TRs7T-rOYPh+|w7T*e869Pz
zU`9yeBDc?&GiQ2U`DZ~IoVMXlR77eUhG__e=67VR*W@m*pkw8=SN}W*+yFFuP5M$5
zu?FWJ146@dN?u8uNjoav_KCa$T+5MiP=e2j33GO5JO2jrbOGSJz6t5SFQKqc0UGb*
z)-dL2+zam(+=j)_r>O|rJ2!oENp{llSuQEUw}Qqjcm)~xF4Je^+pxrSq#k3$?&-0Q
zs0akl#_`UU5&rsf6z?w7vMm?`4CAq8>-&@EZwbCb2v)XD5{$hQ3$;t$_VmqmB^hb0
z^l6gM53^>(CM7jlUcrekzfVM*Og+2ghc?*%7Q5}7^cjV>zR@H!_aj#^j&6VbZ1PFQ
zrscs{F9xkj*lA6^#anK#lA@}4M!TGC+S6^HoWt^){}_=!@c;X$(t@6PDy*bOw<E_e
z6SiJy{m?h@y$n`p6Kp`d?SR`V8DlOZmt)?x%-~zM(*+(960x9c55$RoRoSM5VZhvA
z_-T%#*N#9WArJ=dZTS}$tS0^CB1lLP-wx@B?s(;$yraRt6>Bf(#>p@kCn#mZf3?;-
zoN`4O#<hV@M!v(*`)+!N7HELv4J=>>aOv&V$-I^gBK>6Gzkx)#ZXErQ1OmZ--XT65
zy^vhUnaOc4&muExo#v~z^%QB9tC@=98lb0Ct4aO+)~uV<>b8&MFtUNeqU*zT(+Hmz
z8VvpTISbG2`pu~1YNErD;gFMes_&$o?V4w*tJ^9HotOs-GMsZXLHRD=R|uwDQ;5{_
znxn3COzU8jUdp65&@k)9#k(bK5h>zG=(53Lg5dvdGC%=O;L}3KU%eUIM1NH4uh^?u
z?R2;x02L$9Dg7e|w_N*5e^drYldC=N(9|qKqc>$U_z9Vf1^HBC5d$Zh4Kh|Y`C`>(
z$G)lmU@3EXG8MY!y_@B)U6y0_SU3vL%&hi`)lP<j&L0=1AlG_b7)uQJ6aG=VGo#9P
z&@dE+K1fV3r6BhK{4MXJi6$Bmwg=x2J%#VKhsH}>KTgzZm{$EiI&=mDwpJiDtMiP{
zd?l&cO@c}3rBJecD{~!_&(1Kq6{=lMv)EG1nkg&aQP}$8FWq%wn*sOUskOz=D*Qw1
zZZ0dAXtKNpnH~TKEZDq#j5aT6CDS6Xl69?UhYW?wQNV@6NW!=P=VtL0)jc}4XSB8)
zkm-~3p3{H8@{i^k@+!a=f@R>3&K_1%aPOp(ZKovMHY`RA5&V`ilH(+iKcX;*GxNw#
zU{*;t-!M&jtVBaWZe<cZp-FZ2f$R4(>Y*{8##Ax~f8%#i!n?C-v2;H-*j%>vL9o9T
z9Y@xg1pwf<@`Dm|%qMgk+n62;#JF4j_GWPrv7=oj(c5PB)p^buv+Z;Mvc#+JHYs4}
z#<AeIgjXpa@P$S7dbD+X6xe9A2bjv)hm4HYdCx5Se|Y6v_jTC@O|9WH+w*pf!>7Wj
zj$%T<k8X&G2a$@}$OD|lGxfxE+bn$-MBe<tZe%pB$r3<AhV3Y9&@W!no7(ur?Q3$c
z<DWo>7luIvH~l(anX`9_uVy~}li!d7+Ak}sn!w&D4&}%vM9x(2EBV_l(zege_PvFQ
z)b8g+YHi^!d~G$n){4w%4SvP7E2`kHuk;_T7Oc4IU9yH(3h2Mlh9o;B{*9Onna;&m
zJfFOLsVw|&U9`uooKR!!S1vv;t4_&R6zWxxVORf>Vt=)tuH@o~Zf!qaL+;D73QJty
z@yh~}OA=cJJbdF0B2Ia%>oPS1RsQhBmNcy2Y0Xjs?t9;z2PZOr>wBmIm{6Yo#zytt
zO|QaQs96o(&{@*ri6f;~VM;!Zt7DIQN_Weq0j=8|l1aSmO06>FaKH3;FNwivIRmYI
zmhnyHb7ye>fT2(B0wyst{BbKw(ndMPr2%Qfvenm~f<cpR6D+8~b;?J?A!kh^u~#wy
zYBU>5ivT=REM>vZM5Xy9Oqld0EdOyV-Q=QJj|pG|WE1Hsj;=#pG}z{OuA4)+h_au}
zC!!VYu2nkL?)QF=^F4>#PbTkzOfFv|0d-wY*gKIi@HYVuW$SY>>QrGDVW4kl0>xXS
zaA)LCkgjub!>NY|c(=O4)hNdiTzGR-b%YI3kxhq!dki7I$i_>+yc=SKK>R>a0!L|F
z!*FV!k{u@OCse4Y2^>IleGKqLM*+xy$b2_3K1=$(cwVpjfX96Id&sUbY0w~GdEh)n
zlFnP@|7qwyhxEF$3O-T{R0e9PQspT6=DKAeSeab3Jc3F9utuD+54b~Ojmo)EC>f*b
zZej?_@(DWrr*tgv?9ctvf5_<EvSGubzJ!zU9DGr`l#x)ecG~y9s?MvYlI9V{gTfM)
zKqG-_K&uNBD`Ebr65~s$*1zfQ=&nXpjO7`Yc}}cS1+gtHX^Km7n~W3z5b9`s?;i+t
z6uJ*Us5h||Y^<lG4&QJ>P6LJ>c$exlD9?HJ?7FoB!I2@tA9UW=2dIQjcP8{c!35n>
z^OVyhShamqrDIaW*I>*N%~#+z{idcXNR#%$>hNya1cqGCO=ci5T22sD^#Hp!lh0{|
z<~OwJGe{++WGs`Yq_H<5^x0qnp#mkV>OeXVx+_oxRHY;A_4RC5K$O=5B%;IUov{lj
zEzWk1Mf7UCgObYysIps@@WW$81(F>D7Lr99JP*|cNe|W+;#BHu9>H5N-c<{PaZQ3j
zUI3QaeF3&VS}4#rjP$EBx6q>p@x&uMyo~q!sr`BHYOE&Hq@%AE65yq+E_P92dK&jZ
zp7;}+j3C(3X8qkB8&4a`nSJ;=cq*9^hAHwIl#1J%biXH%U$;3q$GdE9Fj6D&@G&RJ
z_p@w{xP;8r9u-wUG=x<DBzVG;fA0Oc3d2ULZESJ=MsYaIyEFL11e24RA1Tkh*l}mn
za~dH0j&8I^pl$%4dqtTDb1`d(7*N92@Zw!fiJ&{`u+q=)pCC4SaW?r(+1i(Vx&4yG
zqVa3?@t;oIal7_{-&K<ASD+@hpi8`>I?v_2uYatJ5PKuO<MAq74w}S1@-avQe9%A&
z1wlbV4Z`c6e9G;&>WGWoysr}ANNH!^WmmPMn-g@v$EVt|#RLIcplpAr<PRX-!>m{&
z-D^FJHi7&T(bD`~h;zE%YC%h7G1yJ6MH3o`p}^ae_sx`J<7<AjC0&k-X&@%b`;bK2
z;#tJT+R&oQ#)_x7anrQq5fwIeku0E&{wj0o@T=a6)8yBOLbY2dae^s8%-Kto%Scs&
zgAppSQxhmhYcVoCq$-)R%qUuaakev~7rMz~cgLRlf0^SmL*1(lBuSqaZ*60*+O=;1
zwQoBkOIuU(CPwN9!P`E}M9Mw~jq8y14&BL;`FZ3nA$}rIMg2zci{kB}Mc}>%5w^;s
zC*W-Y>OpqCaAdc}<RV|O)@F0*y<7n9-G(*=DF0Q9hQ!XS<lm~>+Ztk2=n2YlJarM(
zh8`Kr#R42PQPYL@`Pup+h&}J&LCN5BPVuMpo0a#5<uCFo27c3h_A;tCG2O1snDHwM
z1bA(S3|Qrnu)=0kp@GM9kGb(fN$5b?{1t44Q1Hw%SL4Je)`0R@+@WxFq82rhmynb4
zj_#%jairiD?C-pa8HTyhXk^QCS=wulY@8k#b~g8q!2a=iSqcIO<O-GZWnKWufh2Zy
zi=Z^Hz2}yvvp4_R<8$C>q04}|WI&huqL3FWQp6&+ZCH#MSjwrL*3^mye+oSa{N8lh
zq-z-a*#G0uCZ9Y!wD6+J(E#+HNay5kEbGY4<VQ!lJUXl0)FGZa?Oka7kJ2$nJE@{y
z(PxL}sBeTjws#PUcVR}!C3|$v-kY0_?f`%<(TxvU8MwZ9M&7taqZV|<g)~yV6|rK?
z@^1OUHIKBKdRz(CZ;_sv`3I|s(>%sY+%!>V(CB{d%z=T=6c_dLNlh=J_lcm6>0%*i
z7xCvA|FI+@W?eb2Bjh*13UtwRMG~ND#>KM6^TPmyk;RzE=+5I0p!5R(<s!(!HPyH{
zqe()@Vd6rm!QyEm&(bnk{8Rh-<d5|=@fa$tN10(5?{c$W*p%K9{LyA1XXc}t_UQ(5
zX592KL=aj`x7JKutKTu~@NUA=R9FSwZZkSkxBXRrV%gw-0`c>BfxtEsb~!-O7UOwo
z_P!L7>g?wQAW!9|&04>?%KVyZgRa$0F0m^U{z59pBI<lgT^ASYefCxV;Zz!1ls5fl
z7%}We<qpgudQ5r%t>X9uGCI0nzYWp>#0U3}L`J7prO~g)g0V~ewyw~jd4M}|a((-b
zw$zSY_;u<*%ogi#P*;@dJiiux`S2wjPm5!{W6Sm@pNCz69Ij@J7Ctx)XYg2f?aG?s
zfV&higUTNhS!7p76$o5)K}PYN75$>C4B^I(Ml=;K)=RF*dk<+V?6l7|ZAEoCXTlqw
ze9#3tO?eE<WT1!J%qbk6d1)YK{+n;2A^%gE7oucW;pGwEey*Cd7lb4|A$3qxNt+l*
z^r1c79e)osYrwz*6-}_fl%v*Tl3IJB$z-?R-$?Q-`a*8{7O(BRakxc0Eq=axDlF8A
zCr%R!FaB|31E?n%s6b8S54@Je&sAldOeEU1A1fUVz~Z7j5ssJPb)8!V5w8Tmse<G}
z_Jw_4WqvZUB%U&dlPkDcH;d!b-O?QMk+Q|}c-)y<PdAm$`3g%bGWb$WOi;h!FiF%o
z3d=79pl3ub#A2-z#?*APzwOYYPE;X?m-a)2Al^_GTybW4ZC-KsBJu@3)zoH7W_`pD
zXX;Zfc6^pdj03FhWE<)iDhI9*IFdh(>{B81-{zx4kvRWAK``3&qMou@x2kf^IAXLd
zhR)LMmi&@z;_c|E2&>MvZ+pxD4YqeG9%%D@>5M2QAnx|*1*DbQd;6hR%NLn2_k-EE
z35O|h*o#*TiKkldL6L1Hy4i2dWS``rTRsC715qj;L~xlh+9Y6;G_$AT2AV~X&{2(X
zOt(2L*EzL6*0b785vx31$L5}{iB4Iq3h=$>2}*vyVg^3)Ox7kRlOL^loFF{^BD<a!
zZ7{fx^zSqzRa$M5qxf^or0=HhGYI{$pvJ7#Sbiu&s)Q7aIM0bc&44?tOpiuFN-PNG
z2(frY%}1)p{~Fc-S?vW9nCw3}r(-$layn8+@o(DWiF*%2M!OvR9Xl}B_(|LCvQ^9W
zf!c(u#FfX2@KV^wq(sjM?;+vTf+<XCr@-oejz$TsG%6yZ?HNK;K8Zz0%e#afi)4=V
z%f=~MJb&_YdMyM;hM-q!?5&?58}4#KSOEohclW0_&&>$Ub~+E-H{TP_`7Wg;DB3sQ
zMPX3y^yA34r^!kh7v!_kF)wJE6nxWDUuM$SD1XeOXRR)~mKHl)PF|VGxbOpgdzqNH
z74VG~?fofb9jP`VbR{T*9*E7k;~MH@=<s9&@DL4m@X<GOO_o1_9-qroc=95M>(ZvN
zyN>P?ltl-!lO{_Fw?TKiq@EQwG&^j7F8!vwiLt&+pdWub{a7sHh0zUgd;kkN$eNKg
zNiI>N(nHM~XQO|Liyys)_;{pZXqW)+=!)78wQ01sU9;7`a+V=iDQy`zTe|vwgmhd+
zN|{BUMA5-5*n|fb|A;vAj%7_tAh^GQjca>u8Z_XZKn&=62FC^e4_PEqNg$xt&}ez6
zGP=%nXsp>&^wIx6<cTKsvwd;@7Z!UTI-b#yxi9ppx$|M#XX~0Nxbs2Jt|gcA2pw!)
zA@uV3Flx|;dbyV(f`^%TY3UEkEPr;SjjGbYGcgw=Qx7`9;`a2Kb6F+=uAHc?|E%Oj
z=(|2Q9TxzY!Z8#MFtwq|bmS_m|2ahY$=iQNg$lL`zl>$htDQ87@!Mzn&gQhUp-z*9
zuUEHA5_|Di$pGEMkQJm}a(bXJzd^e96PVATjRq;&@w2<#B$nj3V~_kZJ}adSgV|J2
z9s#Qe_m*YTg?)W3-GpaJ`7pU#E&Ajrio~GjGOZ&7LL9^X^_Uhu(6*5dZF9?L<(tho
zRosa0)T5(LT~#oh-s^gjvCF_}AVf&{KVpE4_@fg9aK(s&g8!-cE=xu6YH6Uk->@Fl
zpOO@-Hy^IAYZi@k@-F0Sx{r#IrmpvX1k_^-8eFFu3t^QQ8w>4Zd@b4MA1>eMeH?&f
zYoS3W{Td~rEAStv>n!>IgT#6jA3B+!5~aV9-BN4lkN9jS%7lxuX}evetEW1PN>_H4
z%;isMc+g@g=T&@aOTNE@$I`Lwj^swU{y$WR=6_U(Ej4Rf)Svy>Z4tG&<#q(qXL1al
zAVMMPS^h+QQ|d38H%t|$ind-6^Ly`&HlOOio|3;4A^0~;eBHW-*rxaECc`+g3;jD1
zlvREz=~Aq4fQ0cY>3M%QT|)*NXH5l`fwT%v$WZn#%H`hn85I~9-I@P%G}Cljag8Wk
zVoQDm=}}0^tTdNb^A5<B{}+5LsJt8P={%#Qo9eBI;T3G)pks*_p1iyn9|@^ag41b>
z6htckK=Fl5t9d%i$vj=K)iu&0ADp*|cbz=t4XSODT_K57nfppDpjCX3Q{;J~KWCOJ
z2brm{cP_z^gDuU3Gb)r$={5en-oO((#E~uUWbHbof2+Nh+&TIqI|oSXkAyDPjil@N
zUz>RmtTyVE>bt16F6;swwT(9~4)G5!a&Q1?-OWgqbJYrZBynC0Y2EP5Y1+#8;k85<
zCOpcRZ#ah$kQ>Ilx}zs2?Eex=ex0`9+enx}kS0LA`$xW5IxBg9gHJhXx#hxq9Gl1L
z<W4vF|55jraZz>c`}ZXxDIg^R0s_)8bf>g*Ne|K>4MUf-NOv>Rol?@B(%mgxL-&8<
z<#pfpub%hMD?Y@`u=iejt+kKydmJan>d|^1SCL9$iFE<XLEg!gjl;_Nv-lP7qZ-}j
z-0r>)*+je-@L!K3E^Tj&RVq7BS>$tb3yQw;C#^-vrH%UY?rgP90M){=6;0Z;+Yq`n
zizDe=XFJcFowt*b=5wZ7iPJDF)NTd$3_$M5a|*{Wg^kY?xpG_g%6Yg|Ws3!?4W|Kc
z%r50ro8<MIDRFHLyUxj3qd$AVpuoq0FB#O8>nf`&(mIFdJ|h-?bfw|GLjK4pGOc{y
zSdmd6g?sCq;X6j5j<{)kfW6bo_fM1vVEoAf@M^9ZKaYa|=`uz+Z_1)nhugH>GLGIt
z^%WY;CU*wa{7LH8_+}>Vvv=8bo)b)?wzY3i&~;fyDF#br&$llx2ZH@TS0k*Nmg_)1
zgh__7W#E0#`Z)zRx_pTYixbdGfKzsz2YOKujEomeuXFG18@Ms0ezKUB40M{M>Sow`
z8gp^ZSGfl3VBUhb(t27|+uw!LDc|~rTfuyG3zw`QLHWU>G@23%39spcPgqNS_EJqF
zHUb(X*ATa$2>--pDjRsv_Y5+c(8uLvI~HAUV$<iC7Dyg`qSKtf?SLw<x&CbGYzO<(
zYm6MHn}KcpPg<O5uZf&=TejOCLB$bji<BuYPLlQ0=haYi@)G)l@H@*t=l7+z0_NjL
zR6%GxBVp7C5x-mdtDK%L?$;oJ7=Zuje(U=OfeRZrG26*1-CA@zcpek$xksAB?C|QY
z+>Cf2O&|pY?<c7Le?t!60N%bItV@=acD*=PQ{_6WntWbxfY$k2?3U6WrI1h4GV5HW
zffcIdT}tM!0y5v$=LA=4wde-VKMLK>Yib-S4_9|d!l}WG=|pnml}RgPhd737?+U}g
zw}o(^tx#$NMwiykEa`vgml;Ij==&1S4jM<%DHDI#F8~dK?j*?r&T+X0AHmCKaSK26
zETa&4DouX#h*I(Y@Q6yea$-OhEP5sBP60$>k*^{YTnuaY`Dp=06vS!uW&vyJfG%Dx
zdkE1HX!Bz%z2s000J@Yn0J#!tubylgarmn~N1*HYbWU8oB<Q?92^d4tan!VPEN<t?
zSzOHti5AYyE;=*eKnRb<HQOu<pb{gZ0x2^78w6@^9H{yW7*};R0*5&f$atJQI^1Al
zi<vqRImuYB>X5yQ7CLJnh|=tY#9|2oP-`-4SW}#`1{HWNJcNzIiKlE;P`orAom#${
z@|LXNxde-hHHa<U$y~0i`;Yt2<%4YCK-TkwYfJ#wPb&+pH({z0;eyqA8n*o$N9cjF
zSs|&qZsYsNy&C(z5aT~vWhT17Qx#*F!uRMhNiQ-EeP3yFz%^UuO4+D#Y*w>#+=u8s
z>djG_jD1M_4EOe$N}_uK4|odL|Cq5>VrwPP1E5K*&ffx#+7J0Hk;p7m|42rXzmP=T
zeRjyp;n(M{PE^(gepM<rSRT$)#rnOlwsLiN_<TQK58Yw6kbaaY?>%M_mn|3f7=EN=
z{mxi$<|;UH*U+fe@8l^^F0FF^nDnpggw*YIfPu`{kG+l|GeU8#KQF}L^+E=qJ@2^t
z>Lf0m(Jw)fK#G_Wt*vNV6GF|GVcV?vANET17(jAn;z_<(Vach`@w*su2@Z{%d!xP>
z;ht^DKy;GqoX|y;nXWagborbR{JeKpREDYXy6yqz!AJqk=Ok>S-&#-^DRp=NiBm3x
zPYi%4N%t+r3ZBrR`cF?iiAKv;%Ff`}cN+r$%pi(TOCuG+Kz37EnB&1L-JJbO#zy7x
z)CTOeWvKgQHyv3<LG@)SgVu*1d{_+;Z>(1_1V_4w7GvGq*oz)`&H#@T2aGX{?4Vhz
zeyxkweDde`Hz_wB=Pf37GZi`^E10<o(+u7l^kcvFB!kW?#x39}Yi+wGG>$<_WP5Ds
z&9yCeZ&TFK?xQK+x2-1fR^PaS)IKMKg$H&562~HD0opc*Uz!`!QcxO15+IRi{Lx`g
zbFcL?xHWr=t&<=t?u)W&*o;<?99XD6847l5g1RWJ#;PZ`UX|?_N40g`3_7^Z_VG`<
z3_-9rtXwYXW826AIp-&Btm+swOI8NnQg}7YGoqV07-|PK^2yG2cTWsb%^J{6_L$Ge
zODwth7Y^`c_LtStv;<l7j6XeHC*gtk9njf<_!Wwn7U;phQ6gG!Wm$uSEzsVeCZ!>{
zgS|Gow))}UP^dtOt53yuGW|y3vGYpRd5Hoy92M9u^mXcXQwtiNGOrC}{*h{&wi?AY
zq9hSbgsxwtO@`A;8~m9hdjVyg@wi<}R#ePmxC9U28o{^4sG>|UFCv8#mbV_$3L3co
zq!qZUU)>yft;;Hy9S0nA1VyvC4Z<byQCKy5N9W3o)tx1Gwr@(!)*OE3yBNj!0yo{r
zYn5Rzd#e749HNA*s7R>;RPV}v8c?j?E9tmBkLt&>J(>BoxO-gSxP6{DuZx1Q+1Tlq
zqSY4F{s=EFVTBR!#-@3dJU@Fl)#7A<`2@=Wjel!7+6<o@$pNZo?J@mZs<ao?`*E)4
z_+)dA@hy%pKTwB=xfQpbVcV=M@$5N3CF=KXX2S!*BR#$JNH%ff16Af++2IrbCL&qx
z#c`3SRO-|PpJVr<uo_Cr14#{WGby_DGr5=7+(~8U?Wk<d!^3CHVI=Nt@`SB|xsOt8
zaLtk_iRkL-&W%3~E;=9~19>4YZ(@G_7kII*pYWi@bRm@XYj4G)_S)p=ZTG7ok(IZI
zrKYKOyX}fE7bg%^!i2W{F=S$A4+xpSq>PY`r53+}b@d?84kw%fQ(q-8zNDAnEp1?A
zpag{G#^LQ#_~QJ#h9me!s38F=kk~UN*uyz;HG;;r^1BDq5KgF7gE;Rck(<n2Pq8H+
zd@ryj%(j;Df$k&&6Wf%Xv>Cxz0;B?9Ad9`(Z=?B(<Dl0C(YRK~Cg41AwsQ&RyZv0-
zTql%Thn}UJ!Eo$@f~f^o9uj!S1R6qpi6@mX9H&1}EVG0^kQHe>T)8CxG2YD|((*#~
zmjkGrLRqigI6c7W$Oz<}K0n*KNaIl9u5S8A+|-39BM{DxQ%~h}0+XEsBIkx7j%OAQ
zHfekZ=7_4~rl{ZZ(X&<iB1tqch_VSYcLawe0j9%5()HJ%K*{WBm*BN>yRm1nW7)EF
zW-KO6FyxutlIE~7(C6uC@i?9Fz1Xw(>2X42Y)kN1g01qSf~fGA92Barj~b~TDaoUQ
zv-rhIgl%rzOi+6Mc=&)KT{dzsEtI#w;{}c-)8tB@vb%4%^IyCk*Sd)w!ei*IXUB8W
z^=k;Pw>yHAVPCvbbS3%)dK}sb93WDg^?7&$0y$#_fYPd>E#o<vcb~C0B`A|fQRwfB
zZ_-Y&g8fMl{q=-P9mLG+dfj@fT!J_To36Xl@M7Zq$f$q&v+B0M!@3hk{Nt@oNBWI+
zyR|ueyAc!L2YHzkK~h~xi}}kyJiF>JD{a^)r>y4y3Tmc8u1V$WkgV*2`m$>LGV=^w
zYO>rQ%;vf>T0U>H?wEk@HjLluj#}le)-Axa(l`Eb!80VJ%sXhLf`+6JkddkM3*Nvl
zL<kT)CV=Idf6BXi=|->908!j~iti+^KifZ^RSIy%wGzj``~hsSmTQRSw`8WcuwV9U
zo`wWqyfdymFl(Ko{AYc;2fCH|e7Xr+up7-3z9X>H&Af+J;#rriW>CIR^baEP8^(L|
zzF<a5^mlYkOLVHuF>U+uM>27b-Dfscn)bdghsq5)Z;?DY%)R(Tr=dMKs@UN|w=JEV
zof~K~<tp+Na`BC1?@_H$mh$eg_|+SbCW@6+BYVFviB48JmomoUTH~0jcyTNIa`ZtP
zoiN0U3tN__n6BR(^01Q+O#F@~DWj4&$E>1#q{=8Gqo=X52gU0n{MjvLm|&)S^zrJ8
zobVT~H3as~xt^ymZxRO?^+0lr1ez3<uadM5=q~D$YTsIPP8BzwWDtR2l}mV22g_#f
zQ*_<RON-TC*4ge`;Ab00rT23JkOsw|Q{yRfD!P@6HsM{hd+2Gn9MNJX{`X(lWE7DN
zA9JF2rx5nmd^a$aJyS#qJ4IB}w2!-AVy6vz(~WI!{Tw@!1=UdtVw}4~GlFeeVLO0a
znYE)z$D_)YM(%@hlT-w*k9-+?j4VCyV*AT6L6Esq%&vt*6OFA$^oe;VNCm)i=4Ub7
zxpm06U)FBx6GSg;$#^2n$rxFA%!(qWY1^H!Vi!ZpyQKwLs*0uLMI)0B@aJcrRQody
zxkHWG`WU<h>O$?pf9`go)*Xr&@}6_vJVpR4;K((zU%@-;D-}Mb2~eBuN#MT!^r-YM
z;Z&;wDI7gyoDXcrn_IOvaOl7j!un12(_+BW!N1@>JTCqo%=VuH=F<An%t0$ObHCQ4
zA}S-K*M8FGe~=!g5BCIFulcZMTNubonZ3|e4j>!@{Mp*ikw=*9H$gdZ`k4k69Yo}D
zD4t~JICeRu%|y}~9azE^4Fa}5Kbl0I--@?-MJM10Idci{huG8iimXC}C9fht&6!i3
zS>4lz2z_@S7{A!qXPpsN59j&@d^Pfz*ghHJ2@a~-H59ndukoNQKq1}PG51S&tyS;N
z!w^D5wQCT4;Xvn^k!&3{$3zfG{76z78Fb4>OO!r9YHjL1gJzK;8Bq1Rl~OfJhdZPM
zU2v&LG|Oioe{@>I7?i*&JeL+Vy&@dN1coF|uyH6pH`8bQ3?9v|Qf+cNg4v~kVcE9W
zxxqsUHMXgLt<Dnd`)8fD%&9qqxku|3vY^ZFEtP}mjZQ24ux?e_;DwncQSeehwoSX)
z;WR($4Du|qoT<Ht88YBgd&4p8IKGvxU^v7)tZ@$3Sj|a&@2JodH4Y=;mlS_UC&mh-
zQu|fe2`Sl4217=G#RoMocofYoNN?r^v2$bA-3`VF;Ash#uP%+L9lS9@wtTTh5;ZE8
zo4Z>4U8gG8DrEhda&sz$?@?)=0Bk_N6-qHX`en#UmtmM(Rk4-(O5aClzI^=%jfGG6
zSGi3St2K6Kf1Y#aZHc<-jnnl5{8~o^bwAqhT?sIgvR$f#=wY#TmG?_}ZOV%m^Nl8@
z^G~rIxLmZGRTH*vpN}j&6}XApX*^51eIu7Np5Ixe{-COpo7N{lZ`R)JjPeyveL757
zY!vVx^olqQj-=C%-{@rL)-~HKn%g+rO>z0>mXx+oMyI7<(5BUKtoFSDrMPJh&;7#_
zJXrn~K!dbO9q|Jp+oQ_aQv_oXt#|I^zAr4@W6=ry5veTTg3#oS%WzVT5U?ZpcNjcu
zxIKM|F?e=zMAW*?i2>6#0U2r1`|SF|K54-HC<FE62s!$If~o(7ui)&%{FH@CqeA#J
z2C6gx^D%7Qp8f5Rf{Wi*)V3y8)F0FK?b7eo2`CYzV@qVH<kR9XO4BQa^I#2I>ow?8
z2e0KPOVOP5U0SbWSxtdNQa`kY#w?ri$*Ynm;Ns`kjR;(yAvbfp$$;+<pBN1{oy)!4
zy*6fp*tS1wdi5TvdL3v#J~Mc{_IS|%DF=2t>SEUXQ741_rSpi`%r@V3wml3<;9@S<
z_e%7JGdEXD(8sFP(tLEPpWip$@rYJ_+xt4_hF+B_N&={Nc@~a6tNqAAHIB!-{7iGc
z{#m$_cKt3y!R0lPo9;5usDUq5E}fX0zwz=THH^$wp73i!p<>OrGJD>9f2e84XUa;0
zu?lC}EXl+q7_M^?M`_T5J|mdo=8vP-79L`t69BQ*`s+tx+^>Mz(uPcMJqGr{4AF?}
zXe>)Y<%q0Y`fH5997NHE)^*BUoW>~ZgUGQ?ZszRu<pE-=YRa%XZR3@F<=tw2)$+r&
z;nM3bvdQ0rL6eX(cJ61blrpmKS1ePedTEYY7WG=-IYX>0v!d|}_=v(KH*EI@dq3XI
zel~H%<gYQBL&tAzKX#1s53U+?!u0}q$V`NukCe(^R;>WU=Lm;XzwQ)gW_mCoV=IQa
zrV)8c{`XYu)-&0`QrsbhjjQaFQP0*oQFHpEjNpnfms9D@bxe0)=Z|<2bPj;&HJ<Pb
zK68^<rSWbEp#5dlw9%($BH4;SPr4LffA)cD43&|GXFbvMha>0lI{}IAMZ8N3M09yM
z`I3;aF+aTSaJt|QeunO)e}WB!VB&9t;Z^%$^0&fnDa-&)vUd)~RMb94YGLfMEHoc5
zt5+74m2mp*)!l^i=jUop(*M|nAN5asZ^<Rr1d16fARs|vx!FeEoIJ0j395kx$avm`
z!9p403aNr#gK}~|DlY(;l<---%8B;g1zM)blj@8=d%8z;TkYB78)@T`7bygPmVm!U
zy{POCKgi{un;cG5?#BLRC*|%BTR*=0Z|Y|7CFM4XbCFZ?htaC6exN9AH$qNeNr;x#
z`^-9;NbTwOLeeoqFQuLuXA1uh6+C~y)0V0*p)PuEYNsZ$nDc-TWR=GMLpx;(j`^dV
zmL0iO?2%XQU;I$Xf%KMLiu!PsLt48ERB8Do9v$5eEQYnrSUbAk`TiKWVFf#QpXOZ6
zG8J6Fs()b#b2UvqZT>~cS%P2;J-v+p(rbO^u^BNxO2Wt*Diz;eSK@g|!9I$&e3tyU
zuZpG}ObpWT>5HQgn?|Jjk@e`=1gxxy+CR%3{{X9h$Apz3A;DwGC}h_PJlp6a!hXqh
zgYi0}YL}x|{zYJC54ml00DJyCHio%5RU9KthuZuf^L6C)`6ua`U=WOALZw1fakk3g
z$wI<CLMF1<AxNmv?d`n7lH?12ABDL|X+r-#Rup3$_P9FFnBB?O<MQr$Ec|Pzz^Q!%
zrp}tJBa_c1;FwbP!I#(BCvCh@4#45$d1#u{<9P*T>8J(A51uPPka2evoOyTSXf<Lc
zOA_SnZYtw-zYWAO6n^Jg-So6Q7Ma>g<$Sd8eyv3d8W;}W4=T=#HTg$@dkg}2Qw{{8
zsonmqL6&eV4;%<Sqzq54_4y$8#knLLAs=#=HzVNn2C>NDiB2pR^4Iz0VY**+NVnxi
z6i!%(<FhVG0&OFX-bGP6aNWqDEJydXoVd2L$i`erEeDsbY+<S8>>%FwsR;t*{aI?2
zw6C0DU<;c`wat+%)Gi>hndpb7-!-MKU3<u`#1Vxc3F0d@L#`FjIPi=(;28aylLx3X
zd#?OS2CUDKKs)TP{T#=mPtAj+cd%2DO=I5fF^oyDEpmxkd7E;j`;}&aQZeS-5X3pj
z9hpVOV-_v`<K4J5Cx9|_ia4#$wi^0|g|mVHRiz8G4q%lK+wTiBb7_Cb{=cui<N?y#
zFW*qQm&fy!M_`@NW{*VV;h=lXv*{J>4JV7Kke5KvF<_*Quon8k!qlSFN`u{;RZOUF
z*0$9Oxv~5~vD8frgg7#$h<1K`nbig4+-_zDU_=<DFy<ZoFZ^USoC|FJ{eNhCWAhrB
zNc{#XEZZ4<*t<xn{|Js^0;kI!Si1B?!mE2)<<2N8h3_QQDVYI0(dFR0^nWO0-muYd
zeo@vO^h`mHfy|k)K;;#mtEWc)vT_GIzT&Rb{n(4JiEU-Mn;XiN=3MsIWS`dx$*=}R
zG+Mztgl$BR8~r-+6S-)mu;ZhH`2!^nI_scrt!EbGaBNLvw$|}w=iqDnEsWR3R(E-e
za}(>Yj&71PPR*9WMg?Q&$C%X@0WcCyl@xF`M`O5_^S|k^T@^Rk@j`z&s~mk;cjYGq
zW->m)G=YufE?6LXr8d7=TCWG{`-7#z2CIoc&@s^4Dx6K<RM)mRQA+xy%-5Q|d0@kw
z<7o3e6(C{F2TQqcKI4}JsuspjiJCKLFe%;-0(rLpY6qhzk*{BYlX2(`9n1=j#-sGF
zb26hSHQ+QFpbwVWZ<$$M&*$~3HDo3@^LpBG{;V9<^w*SjEEhjH|2cKyx#@qoN4Uuz
zea_!ahDPXCWi0_-5m_1;XgU&G_BQwbkojs^hX2$33@Zi^TSfjhE&CPySI@E>Uc;09
ziMyxQ_J^JYQ)LY4jB!G5vN5AAW~}<&X>^8K`BLt0FQ>PUXDKph1b9*Ez~R2*lZvIq
z-M(j{Y0IX7tC7KHRq%(&_k8;8U>0;v00LSg=J)#3`028-9Le;C611#>lE<U)SC^U}
z(y|S_NODm(OGSBCx|;u6j%@x;N%yaT#SEbCqVU7SeAsy818y3K@Z0wMF+Yzj45v}C
z-hVt_wh*Br<OI3IQh4ui)O@)v0H5d-fOq+Krd>XthU?;ioT^BH0CoKe4*<lplhOf*
zN~ym08I~7!4iV^I&&60qY!htn+s?>o6mI)tXneOyiMEGVGRG@Nl39`;=Yb#gn^}$|
zY#H0Eo65l-bhf=${i!9wEZ)Z)=dCv?H8P_S2}Ih>zvk3KgzH(mon7|@TTIb(jM(1E
zclRfnz;p(wxLi<J7ZUbr<n62Jv>^9BEYXLwJPVO0=3yoP-M{e`)HMZ&p~1U98Oyb+
zibK#hwiJv%A#%>io&!kdiTPj?;Lz^dT>+9s&00(QH@Hh;dp3{O-Gg?=tZM&K)>+-+
z(!l}A$enGE1kiphuh0k{gk1J8YZ!h)97O0GgWTqMu<|(F^G!H^|Iu<RzXQn1MLRhr
zS>43Zo*YYmOcZ}Aph9m}r2z+D@CIBfa{rd&;UXQCZ;otuHpjkeXJK1xmFa@);^z;}
zB}M9CPLDE`#%LPA9ZmxN<2dBBERP%X9(yX~Xhw>TWO>nC$N`6ffDKf@K0w@kPEEj%
z?wWByFuMQgAN}mZjNvGS0;ykg{Xs*jXBxATwD-{IqUuqfsGJQ2edz6R?hlqIv+?Qt
z(_4F^yocPSzE9vi)L)yocXKdymD*|hLHb8C^17$sZw(60Nk*vJe2f}QG!`xr7^Yx`
zx$n5zA(g~$@<cX`Me9Ro&<|Dd5<S?n4M2U)Li~ywh3%*w)_vudZ`nF+O=!!<X+0yC
z$ZC=W5<C<K^cgXz2XRfq&jAE%%GX4<t~-_7rxjn62-%HMfYQVBvz;5U>4e1F&SDZ_
z8^EzF_~=+3bPev+iRJqFHZ_L?NPUJU67=+`JAd^yzVBmOfpFs#uJk#Qi=^9y|2eYB
z;}oQm`$D4othxE&UZR^Z;`dmYUr(Ivv4;M#Pz%_)^*?brby8j}A$l#}S!x0$tpp4)
zvlJzQ|5(Z63CKT9vYi9<g}Prhb(fu*Gc808=jj9KRFoD#4s6WwtSNyOrsD4A>{cfg
zgu@16<%#BbI9|*+(==DXT8slKkEnHw!0iwmJJX3pB*Aof=5-}BU(*u*p-9__A|v((
zRLCp*bQ-%T`QMeY-|IABVL3*o1)Zyw(*BbLu-q}IWl{7}JC0FDGfCizP_xF0b>QBG
z6qgoa<dP5>BrW`&8PiT`ymd|?%bv^!1wa$c)ML@L!#)5IYD`~-<Zgw-oE+`(R{xXx
zLF_TG>>!Upmu&V3xj^<ORow`}B=WD%dxJe5Q9K9c?NtiB=CI&+#;^Q8Rx=6)b-M;p
zEk!VC0zs`SE4hz`<|`S%(2RK0HD@aNeZ?B6wc25g_Hs^Br5LqtMp}_~l3-ds5RS)&
z5%DrowWu_~@Hq)pJRBgIgsfHsvaeVZKB;&qij(OpJ?{;bJD$=rhT(~|6Fp#&2ne;k
zHK3N73NNV#?^#olk#yv6MNNpcHyNh)C_2b`TEc|I@Om@j?{lL!f7Me$kLW-t0>xuX
ziMc0urA@o**zUx8Q()(NI<j}aB}IJ<>af9LA|D5(X702VeM^{m&*V%l#EutXZM!ob
z;xQ{52DJm#?csuQ<e&oNR0TQrm)|>l%n`FC@;LIo`~s-X1N_h28B&q+r_W9Hyyt;V
zmoE-*Z}%p0_o^iR=x=`~|42RarekHn9DSASXW)XUB#tSSJ$OvWc~8S={XQ()XwZ<h
zU4Sr=)hLTba4>zs+%p%*ljP}LzlzN47KI-a@w;PB8PTHDIYPj}=tgP;(Ni`oVvZ2@
zcZgR=gx{rpu3>GL#p_YV7ATuDtB(%n=|-cnDs%8cMDJkORB~|W2BJAf(*!RRYvdTr
ze(gPba>sr126aTkTE#2qkJq=rAoUFf-*LqFqt{pz`&{`riV4&EF6l_D<(%Y<Vk?D8
zUYk&VhJ-S^Oa(JKymrJ(TXZTfbX!*7$&Z|BwA@e`KGM<?iGlp-yJs6p=^^iQC#tPD
zK7WXx-+Iv*K>g*9&KCW(!8UV^iS;UYbZ9(W<;OvfUQS^+pD4*2mhw(FhkT1fC4DS8
zK`HZ$sSSJ2fvaz;8{Lk>I{<>5yADKnHJJlGE0-J&*j#Sx0neOj;=$IhdLDvU6PP)O
zFPW`K>|#mn^J7XUSq^%SXXnU|s;7`q;1T;Yn0<2!g)r5l;3tG_W&4*jr6;X!U@$F!
zbn$@d+yz}ICraktYb#sf_6HD3V`}r-@YomuLBDZR1qf&6Jswy$UZdc>;4A;PE2qz$
z_F6x{f2ru2^8R;5*5i)xNLT1h2DVB9MDtOc0;D8;PUCeU&6-uJI*mPC`?b(*v$5G3
zJ2Ukqu;m7K-1!?@BWHUqX?j$V^?}O~-*v5{<<bL>yM6UOvba4xk&_^@9r&QJXZ>r7
z)?>av4VX{%=H9&T4P=)z&ihSjbHicOtQT_RyPcFVvEIjELs+ZvexG9^roUIhauSnS
zz&fAfZRKb9K>_+9!rzQr!Z(6P#%*0`2JhoHZehRS-w}w`jg*`j^3gn1EuD9$fu@B&
zPVkibe>rRfbTY3BuSR?7K6_jFPz%Dv>%V^45thwU1x^o&_KY%0k*6+l@cdN+to+lv
z+1KW{MsLT$1>MOx*3#%Xr`5z0EEG0!G6_>Zjg62g4JHC9zQ*4;uYy;LcO_``<;1wt
zz4EpMfcQz0;-xZw0U|aP`rSe~sMn;1sIvdPswCe>UhK^&D*+?{9>Db~yUD{-@{oA>
z2700+mV1IMM?59&c~dzmX2QD(`o?-yvYO9ZcU46wZ-EmYZh=GN9<DyiPW>WCKjUN+
zoo9~w2FPQ%s%q;qB<W+WMhriEot6T!_0ZhbZxf461_l9OVQ=MvpJQ?vUs>}!H6G~G
z4|3L{X&bKwTQF@SrHOT*GPoaQ0-ox1PrtnWZTy32U;g&8=UCXz9RCDb{eIZK1ii7*
zk&%&^=Sl9L%=veUp_A-PIHHo@l)ZF+nFbAUL_<JZrT~X*C)!8q-eAV`qZ2JWH~-W9
zg)pn&UNOM)Oa8(o>(cf-A8ij)7Wci+er@mOdC16dd$OVE`|XVJvJlemWzXCkL}@7;
z39qV1nYZU}#q>x%2`WLr;Z94j@v~mj2?BQ(3GTI`Y;YOBJ~d868F^DTyax$NZ+D71
zPpHuj2ZU<nr(Z^Rv)cZ?&sL@!iHN2iV)zzDN)H3bhvcCj>UJ&EjOsFVp;O07K=|L6
zyiVz0rEI#f-ss$oKoXx)G#;MLF=^f{3#Z2|cq*W{%g<o#jFf_CxOucy@SVm-t|t7=
z5#<m|o=dYIZ)jIF3~9uVv8I$GN-O!^P0~#Le%=ZS7s}85r0^r2aOBGqS<~(uqhlP&
zNEY@Dx+6AAF!sZSe#86oz~5(AausQ-tM2*sYW0{6E5iU<BAn{1hqIBjL9C1F`8TCD
z5pI1ba!rRUc-vG_P=(;=I3rjNoOKf5IU!;33aaC-T59goOVhKuhw7mJe*0j`u|aB5
zR!)k)GfV$1Rc^~zX<FZ)Lb!ACVRt}Bmi-By(RZjox@qHUOj#eqgCGOJ_zBGN(K<_c
zH6<B+fd}n*HM-3&6zNN$i7B50fW0CjE_rkH?w`5J(}S~ogJ!{@x{w7pqeHvS`Fuq3
zd(22)Eq)P?3O{h#rnWOqPur9y9Ecq}fv8}raD~CU>!_&ocClDn38GY8om$6b$Z{W3
zWC_3+qUD-!8HA^%tZH`rqbxm6IuY~#nGe`IFlcBtR9MOxm)tf>IBhu7fXTU|d5mYl
zbo)r<nd?nE{p|NN|I1(~%|qqvj1sfElSL*CX%DMEvlf(2=};J5@9{9S=+GjiXn!nW
zZTA^PQdLyZ428DS=Zg=TLJ~Dm%py(%7zbY16&ID3giKcGiLfhXR?mo=A`Z?I8Zy~1
z*ann*_h9cWD{qY({bv8&xiRI&Mxz&)C6N=9NZ9C+;3fVU^CSGLCx3tO9>zpsQP8Qw
zktpAt3Xltue#-;rXgz_Qid=FOApB<bbfZJ+L;~6B)yG7|f4}f@=#9<wIwnu07pe}I
z6OZJt!qwm@6L}KkubW7}|0)U#F7owmTb-1v5?rd0-oHNX&!;{SZz1tcpr4^}y3dH=
z@Cfm$<dcu1=QjG%ON=vw8S)o-3({K(crxzEXZU$axl+=xv})4tFU#qF|Aq<ffBm8u
zA{60GD+a@fp>tZKHcr$q_@AHpuOpXyj|7jO7Zqhgj|zO&|M89?LZ{>{2nAc#<i8^R
z<COjD7=FK-_uJ6F2=k&KClxmT>%aB;hoXXT7T><!bLgYv|JPUl$9IyWNM+u%Qk)>v
z?*Cu?LoW=0&T{pVf+aVk*W4!m9|!mmJ_;UA7@<HqewEtsZuTwdYt+{Nd89(MFStBl
zNJO*E{){QSM53^r2|CF6Y2-KOu-~Kh4Grmw-g3qsq1c$u1{%MI@s|(qN?FS*oSJh1
zSNeZn^jZO=d8CW3e-AO47m~eE6uHltXM9(=eIBo-cb1>f+wQt=R9WL@qe|I*6MSp&
z408<Y5B1#AltY!ZZ^)OQc_$<!Z%t}dD8SZxvl(;bp@XQ2gcU!%G#qt&)9(t^Ji;=}
zMsFa1758D#NCohx6V1II0*;9QKBHXTT)mMr)4D$m7`*O0!VUI>6i7|GV6M^qc;+?P
zQ_;jIl@bfHzGY5{HMcbfYggmHhtqD@zlSkcK4c+{6R)!*4fjav2SoF);#94dqcK6`
zPggHjn?r?a9rSOhd`;KtxK&nHZn7C2cZN>|pO&f3Y<iy15Y0FDUF<H^7(}(ws}1h4
zK|VSGemRfv9?1F@w9;YD>iXu8Rk2+;FQn2+F+9x`7O4<?mwUo$oX*)yWIQsRD-!?n
zhhOU6U^Z4-=JeBNW*;90OOR)dT{5d8Q=gYSDKjiOeaAi9;8_CVa4MNwZ^X4<H+}9{
zAyIMnKAu)wi}Poup0BGycu6sE2CdIqv4Y$(Q{9_TuKfPKm)`8W0A?NvzxES6#$kCu
zk}UhpA!!yW`8zSU3lgL^F44}CGEhcKA?-Z8neR*QX_RxGQzO(llByP{G&O8n>`cUd
z&)gs}p^c}oUvKDo7fE!R<jkCX)nCAi5sODeM3u^<XDQ99;cmgQbUYhmY3z}e>h4_l
zYND0Oo-e)^2MJxqX>S$^bVp{eXSbM-?D9M{QV8le7pgcveiOiknPYcUFy<daqqG$j
zatyZdwk=Sa=)$SDO^&SA$xst$*D2ASk;qeMt>0IVv8}tt0T0X8T;~^efP~ecx-aLH
zIX8}~1z)!!vvN92A7?N*C@%_z6W;Fcu%3~7T~FF`s%rrqsEk)Tr9CFE9j4NkGiIq&
zQk|l7x|5X~R=XLYgsEk5_N%N|mN*Bti&6-MKXZ0*Xq2Lw4=9?eQ|7+bdl3`y^YYs(
z%Sj9|E=rx-)aY(}-Js!cq{9Vi1f>-zBzs<+agu0R9fqbaufBzr+6nxbg}<P{pURsP
zPxHE-a`7LZ(y@8AJ=dty8WKL$ucCxC=-us9F3%mqUSqIxK{<DoyET*8OT@~}{nX+v
z9d?F8nsizGCm)W`s=U@5G^+c8aZM*r!;!&UfNV<9kSKg<1JTuNyrok-Ak?Jk`<cQM
zSKT$3*-hf6o-+mH2frLhe$&sO#T7(MqpIBnNVuYt&+3q@tFSR5GY-BE#Ya!oT}Mpk
zd7^37e4?}rN|iSMAVXD4%loXs?CG5pc7Sv#lznOF+lPVOK7Fu}gdR4it}>ohEux`8
zJ-?xd#M!sT4P{;mc|{EC`_*O^b{$6r>BcMnAks1-)(VV9&F@%uW$pyHpbuY$&#?sv
z_o#LE)xcRB!IWbM#lfZ%6=tLCM6pS;Lme^5=A~@1XWZF9(~3Y2%Nd&QcV)&;i7q!H
z_=cjXa>x5I;H~O`79Gw%M$B=#U{y1$0y#i?pV8A^gRQVRd+8*(hhaRbJL_6?xEhs7
zM0qY;88+Ds1y6;Cl1lU4cbat{^@Wz`HCCTo+ubr<y9}WuU0x~BIxp!I@a&Hu;}Jpg
zm2;y!KCR8p_$}#NSzk<eZ=i2kf6{>DM|B#e6=_&Ux-=XG`4|y{gikg@a-oi(cmr_c
zy9-HI)9$mv=41SFZ&v3v7_l;UNcyYIVJ}T&5N(RVt&(szRhQCujnfTQ5NpG0<}|u1
zl`Dnty6cA3AP&X-u|hX3?zqEgHYgJ#k6zB&f*(G_tUYO_$<eFw)VEUq*ifpkBRCp;
z$644tdP+CeZl#G^UlNp0@`ZCE@DwJ`FRm*~Ad4ufo5*^CU3a*6*~DT$t6p$D$_l$j
zA?m`~J<!oqYF;E#kSX+KQ9K#)OQgjb6hH&vIX42WLSM|5n>{Jk;U24jpQ2-=Oy!)|
z6nFIZKFcF?OF7L3rxw5#s|`-z+U|N~ZQ4z^=8*UjyIfK|Gg7QxL&%@@1+s2+(Npn{
z#h&yf6V9~Hct&7c1Sd^EshqcgHx&VIHnV~f4?^W?MV04VEm0Z&tg=TSI6ZcSJ86!~
zy<uxFBx~<|mX$XDU>KjH@Ar!q*W);&&OV12S-z}R8(*n~MGwR+favo}CeZdfS#Jt$
zO2B#e#%{Iu*EX~NEg+VDgP4seF)HTRq{GEf%6_7~ah8(GbQ<F9cq(k1#Oj3H8hhmh
zMW=LDFV<<+n9P2zG#$9|l6eMvvu14Ip)RtNZD8-yJ$d6Rm<3s_)0vy{@h<CFW_aP;
znPon-2;GiLW>xM!m)#J_P@9o$NEl@?{`tlw2vfo@*?RD8sdum%n0^&OI|%}}Uu2&7
z7a1dnQMc*c=8*0;pH=UI={tYF!SyUGj0Mo#>3Z*&_|-6FqibcPC9BKM>wLk(rUki4
zi%){s=9EQ^qihqK><pnydCPhy#@@mwll)uL(C&PP{_Bz+c5BUK4vSei2g0go##`A=
zk@Dmt$M9+#r){hWvthX=4Wi|m`C-v974$RXzL-eO>TNMEVnHcOO^&1T(cGzI$ge%_
zg1IvOY%Ev?3Hfp{^Y!;LM2x3Y+7Nee!z&4Pu%#4QG9)S?OE$TyyZib~Yn`RzD~OL`
zt)S`hInn*vD<WP;ZSd~pDdup>$Jais$N46^!^F&vA8^EN;X}+4^;uBXZlYmzU-J&X
z<n4x&cdu8K%p)*cabn#XyiU6sfO83p$E4l5{Fy={&S-YKoEZeuvz_jd-*~01`3eae
z3v%Yti4AUvE#%Awd`iQ+Xu3JsbdxBJ+fuvmV7Y|tbtXLooxY?q<9s)24A8)wRWK)3
zlC$loFcGL0<ajtA^@~AWc%Sz?JCK-O=IEsu(*$C8?8VZqO!J+mUsC0k_^{Eu7v}x#
z3H*ZYseo&qGp5Us^YXpV>Bn-iu)4RX=J$zA%3|;K#|lywFi)Po3LIIgKYc}AcBx8_
zc0k#9+pwxX>Z0snWmpsa#I~-yI}23Xz2bRuS3r`#pmjLfc(FbeiSfnh_bn2;+vNiE
zgGre>es0w02Q(B^+^k9J)h#qWgOdbqm*_O_&n4P_9lv12s=osk3@4Xn^(vmY5BD$V
zhHOE?4cm)be$x6imPjw`Km6JKV<2UnDs(AF`Uii&@^k=uM4}V($mrBHAATLYM$_8x
zH9Dgm>g_#21vQGB45q{y>G4ICbgz0dOaFRhn-*eKN8`&TPTJmd*F4+}mCJeJ!K;`W
zu)m(H%Li$A(~z!UmFFy!#AKUuRJ8Su-CQLmdN)?zCxHFP`MXNi5&!6}!8VK?Mp|BZ
zWI8-iBhObviiUAA^ugK3cmOO4y#v`iFhsYk2_(O7ya|2VP~I&vVh}DMsymRdDdmU_
za;`mZ%bjwZu5=0fU=b~sFpCszs%$#fR5J}><==nU#&fM!ddlOv=l8Qo@kmLk(!(3>
zYTaRmYLzo@vDSq*ab4tBQq^2fg>wWiP@HR<Gky4GF8IKgp5~UGAI(2rSA4bPVI4Ei
ziX2e&<c>!p+Ol-cX-6W~zdU=@eq*aIw*QeOpL4&DY{3QNr*>YJ3BRi3{6b-KPt3uS
zB)6f^U4Q5Ie9lRld|2rCTWAEQwYvusd@QDifNDXE{%dM_5~U@NT%w5r4UJzX4^!DU
zLYm*LGDAjJGS;yDnP#fB(rnJ>U6M}r^$W-v@F-;yWrqZ{;uc9@kwx7dCfeF5KQnI-
z*Pa-**Zwd)e$UN83Oa92x>;b^W?+_j1=e*gp+_S;P7Dtzd41{Ey|Cm3&2A42@3U9!
z>7arYY1AYd4`|2~YmLXJRll0j`*}eib4CF_<cqjQlF*b|!?p!BYLlS~L}t~&@6i2W
z=MQOUDf~+~*Oz7F7YTSYMZiOxal7&D^HwHxc55ZAUu+YILyWI%uD{&igfys+K6ILh
ztn;IQlGAXKiF98WtSRcP`#Hh$StEkSbW<5;$~J@Td^PesX7fwG!Jhbb^_6d`r9b_i
z<0X1^(8F+3R6-<E`#CLoaCc|yjCq*t+1RwNo#QoZiyUJF@ayM0Ek#1)PObNl;W4;!
zBc?442{xrsFceZf@6V=|M!$UGM6Zi%MMkWL{H%&u!2`jmFokLi%crJs$10zSaMwlh
zr+7Sv373XLxhT4-3!hw|9~IYgCUsH7i~*sH>mn}bf1dqD{Dm^`^KLs|URcWO4bFE8
ztl=POH@b?AUdcL}+_^7D+>);5F)@)Y=O7H>!#@O>(duQrYgvCy%E);C#eN-neCE!r
zcgVm;_o69@xOpZ!U%>g}c-}-5*!-x%nOrA^V7yRV9sN=$=xdYfTjqgg)CcVtnupty
za6ZioZzM5bjOVa*YW}S1Rr$~yN~cN?mVUIVI|#9wKvpJ9+<LRGcFZB?56n#k%0A^q
z0hdX0zMUvz;cZ&aFkT`Nay}y%DT3)q;Sj5M;$f^gw_IGfDt4sK%5QupmIa(GZO&gk
zaC2lIKESfKb_~_F!GP0Ml*|5C3LVx_T|3sI<=pvj21Q|B+47XEf}44sz*YDbp7Sel
zrV+MS<+FQROKk-Ns}3qWsIPbn@vEcft=5w%Vx!+CC0<nqgx^kmBxn8Vm7u+eiE)PH
zSetMe<Ny32N9G2|cf}V0+|<-(d&x7XMpoER1Ur^||D*d>wdd)FOp^x43dxR#J(V<L
zzlPUA;yp&C)4OQIinIxR`FxX^*ig031oyKYRgLEo4p!M~=d<}ueyc(8*pnaIekO6o
zm^<H)8NLK*?fDRadQ5VC9XC|9S&qphnoNI8qN_3Levo=1VeUcWfBcdG@lf24Yem@q
zGskD|0<rHr8T>)wq4@Gu9Z_4SZN8!mgy$L3QMK*O3OAKcxf4T}5m#0_FEh`;uTdDk
zt!16aop}e$EgSEZj{)tBo5_AD$CqyVBoY27o{9mbJPt_NYvg;Z4BtFX-6lR*cJ3TA
z>O~(XZv$Prw=Hr%24+eZeWKLu_npK!y8`#xuoa7Dn<K-{XKdJ`)ho+EW`8scKRoX;
zz^Bkb;3miCGQgUBUI<d;ERSgsTqb=us6U8s<DGD&nC5L21Pzv3qn%?3*WQ%4kG6c{
z7yvgqMzg(Ju_TGRU3s!+R9?+5*MQ9SjDAe0C7$2a!JM2Asjok9kR4!eF3qN%E2)?K
z1@gWMZi+w7xn9N!_b9C}suz<RW^Qfw8>*wpd24u53f`y1;`K*%KBlb?!c(4Yx<h<x
za<=;+n{>6%WaGAJcq0~%P|-JI57L$&>hq=c%QSUda{jl5xsSDenEh{c)89Gu>jyq?
z(S{<>Sa8f%n+vMOFO2wA^;u_J9Vd8>uMAB2UdPiC?qJ@aZ(#P*V!}52>6SzT-?s}2
z#+mB7^jqkuEYhD>_eIk!ep`cfAKY#}Ma+)Oa~b2Y1Lf)Yx_$8|5{S}}1$O3pJBqgI
z*9e(7i#F{M0f8x0eu2o(CzuR{Ig16)gz`<*!zl$KIVpcpZaa_-bpq&zx8h3oGy{ym
z?l8@I6lm9lWPOh*<6cnVDDjG{todcvPhx8fppL|ea@g!O2R9Yy$xGjz_6&%oAgLCz
zp$+7tl1sx%)1X*q(b&NJ6)Qh1(sHLCKfQ_8Uo;P&`?wuP^f<L|STFN@B^;PY=(*42
z>)CpeXH^`(rFU$XX`7k!Bul0N-VoyQq*T=TUA5Quawfa@mtDiOPbeJDS~D?UQq$*p
zdp9H=)wPXUZ~X+CG_Qk=kM!>~oiW<$%{NOtMhUw^8J{tI{885aGm2t)REi3YWlp=L
z9zz;Oi@lU8Zkjmu4s)hqSzkne`n?(nO8{;C*fh4vRTWYt!}F}^IqVbaN5~l|R=)J_
z!MiPvD9iHEY&Yr(+mip2NGq~Ss^QdjqB8d|y2Gs~K791vF*n>p{R%~yUp?Jeqhg@+
zySYgsla$~;asV?XQlU3W|LzWoNbqd)U)ZT?;F4Ewh9XwhvU0I0jntusIK+6;3j~ve
zjNkb$eqxW>WW=Gg7T0w1igZS$LdKO}B>`>?af2>T()cx<I(MnMqQaW?qn-$2)i!7U
zn#N^vldwG?XW$jrn+7V^uYsH!M*fYeM+%{z5iQPyJ{4fxNO&}VYSgBjE*;W>rN2CY
z6%@TSz6=DBz|rv~cwF|zj}FWg?oone%%%;DX1=n=@Xr<7xr~6CZz;K(=$TIXf`tur
zqf+I#sv=8mkf?Z__T%@xr4A}^ce5@KLX=INqTSWM)*5UI(B2D?npOHrU@#qHIPPyk
zt@t_hieX8nB`>9aG6n~lxF1u#UKtBV=xKVUY45+O+>I_vp+SEmqyTF>Di}2K`9%^p
z#fY<Ld^COa31+$-`uTp7^3>S`2^SZmWqP_^a>XrQ4Z2d1fGw-Ty@C6!3$6#!J7f;O
zL5$OXeH8i3UFc)i&%@U<Y%BV!*j?!EMNdd<gc4Y6-&)QcrLtKRzR&eME9Oh3Z%DrN
z#S`%6zJ?%{3v+XP9;Ay?KqtNq3a4*)k~5S7DphT)eH_Z_K1pKqS8ag^#z>_gT!=fI
z{p~te5g&VpViiW80ZHb*KJpiWU|iWTMKvgG=DJ-l)q%m~D>$(GbC>31zHSySTu4Gb
zWNZYTl|G-~<~UwO>s4NkC%4i;XU26x5MDHTl5<M}r~c_?n{@3<52k`}Ch_~-QHuf$
z>32&zqq+_7uHH>|uCI-7xX$qUS6<jaeW`Zd+hTO2nIU4_$xSaIw1zVFh9r48CeWlJ
zn?OHI7<@N&pHDZ9bnCRM9f1j~-~!%CYc=R<r<`M~u@f5*xaHxExP7DuRg9hjN0RVK
z0=2nUn+u^+%k5!9l2w@3^$T~cSx_s;upELv^SNZ39rG)@dB6SyFEHU+#6usuyywP9
zDdBe+R|K9qJ4ulv7GMXSx)=FLa6Ir>Hq^FOoN0kjw)SnM<(m2C!#_I*KcNbseBD)A
zQ`@Cl2f@$Vp({4sOGwAuz_#YMF+i61vSh*b-F*%pg<s}*xi;#Jtsj=mnO>$GUuAx1
zXzEs*0Sd<Pbm7xz_*X<n91E65eZfIPKpM=*Qk&ab6;3Z~V4qSxhFog7p3|go^3nIo
zUO&^p3-7_N8cH;2W%kZVWF%H$15LuS;mpsLOGU?LleA2+|K`?(8Cbnfa`pJTvBG|4
zEVUsKm3&+sGbaLHi7xrXC%__<&J2cLI!iACLM8v5HqkbB&Zy0J?8%UCIXnjI{aqU>
zRQ-LG$C^6<P23kf@-qdW_-mmhX>O{Y^GB9}iJCmGw*_>T58THy&FKi3KQ%aOKq8j2
zzaVa2mpa(A*WDr^bIf-=b)yC@V&c|}p7Bo-eQ1}2+D8ipog9Kxez!EaI|m-2Tv-QF
zv|E24Y3eh7+WM(-#Ep+VD4jxk;nI2TuG?ODLu`Y|v#p`%JBBTn>w;ZZ{rem9g?n{&
z$oPV|4?Hufb!T~Nok<|(5@0n2U()F`q4TR|Q+O~puoF!;3VarQOv3eQMX5BAUY5@J
zEaU!LxNboU`wTSLV%E7mN0Q6PmV)-iXS+>ZdU$(auCCYZ2|q(<GfIJDXlV4O^UQmq
zi`EJn|5$*5v1%2noTqkt6uwM8jx5;cw$a&<dq(>5tQMIP=nY>phU_1n42v8zm=gFZ
zSh{Z#Sf!N|=^25Bn09HG5&s#{n0F1wG|@DvFY&Tv?!bm1H|3J;SpWS=AJuhSYKg~v
z@0)TLj}ONiB~8LzG)L)ln?sqY$0MjvroRqx`$JY-@ID<Wk?b5P4Fb|+!yFJobBDjk
z!W1x&aP4h~3+7C%L$hhG{`quq|I&$USv+2b?OieJcy;HZrs>mHrh9<Pj5Evs>)+?u
zEQGChr79%@pB9>49a+%*uak_FYl~v%9IK<oNV=BWrb<=+zJ}PLLH&fH%i-ND2lM3`
z&!76!Jo$@t;aC<U+Paf8C7gQCVmI29=)V_)<p7bt0#IJXwci~%v_HXwYnOV)>g=O8
zRFx^QCiwXU9DGXbZyEoA4Q@~P3~J^1G7b119xiA{*kN1gHDRv${_hXD#CQ{-4(63Y
z?#uF-35q@@T&2pc*8971Ao(0#4$Ai~@Z35bbyE&eH4x+p<@b0?oksrqr9hQP)UF71
zmvUPQ84^cvi&T4;p$FJuzXJEHP3D`3=`~UPDW}ZJrzgEgZ^htio2fcK$hs%$R~Y8b
zUj-}8o-zx^Qc1_9uyhz={MX8u&vTXhv8?R(v4s>!f--->ehtuYPFG>I<xDyK>NiL>
z9w0298X<ey6s3ODRG)#H^H)<E;|2Bp(vJ`TnZ|ulTHk`FQ=sM{XBAM;kNt_ybTaRp
zPmlG&2GN4it$Y86<(XzKsAfKed)~r11CO!jPZeSo8-w!`sm|OxV&&OTTI;MUbcYm4
zYQZ2K-FH`2bk?J+%1J~FrM4>sA`O!y3>z%Q4MAzt%29o>46@VMUqm3JFZS<JZxkWh
zsP^rDS8i-P9!30Y$uu9kjltbS!dHKNC{2(njFZch1vr{O655^2Gnp$E7@cfCo@~yU
zpu5P$0-?3GxA1Pu;$gl@uRhCRw0um4ZifS!-nUv}JwWh;*gViKS>M(Q3viH8i0r;R
z+sdaRIi6Vim1Xq3?o>Y;W>o>c;FAcum(r@)r*ub|mF<aT<we8Q#p{nCZRBvvOW3Go
zD7>|B|8RVDX%p~Lc6WGi0CnqzLfN$c`iDwI$5R0qkH^)euV;pryY!mC-eG?-jk5T0
z;+104ZU>L8Zxtc<E5AYn!a2r0mTz*!NYW-{x|hh}A!WA@OkVJ1OHPSpWN*w%p^jf<
zDvi~ow(a8nJaTVUh9$=XZ>CFcK43w*2^uQ*&xVERmhPt<S^UhOAD2=^Z91~Nt!x?v
zy1q}MotRF4BZkoh)dXA#tPMe>sBTYYQYGFw*1KjfGh*HGt8lwrxQ=nwoI*|Xo7^(b
z$fNfjjQCks+RXl}7K4xF%aq_P`{n5GI=ofiHs~f52WE@6!v(_>H_-<SpSU+U3N_1B
z-riKHR2kb}@18E5$_;V4cPM=s`j*Kj;3V*AnwQOf5-y3uAPuyz4G&FlKyj|$#u1_l
zKC;-JG-sM9cnG*{yzso83L~Qt`B4$BknZDTK4VV~)zSM{fJ&+6q|8m_dO6SRdH<v<
z|Gg@q@?Mwa{YaC&xu>oV*GTVyU!ow|?vF4^m_OMK|FeUvL2LHt>)AXrsw>=za`Ky=
z9msVQ`!0jZeSUYIT@|GtXPpL%Nd{1GGaY>h7&99I%_9t7V99I%a@Qw85MM?}K9P*O
zYw?gKqkLKl5Iyj)HG?AG^VZ7~Vi_Eg!)8w8IE6f7E;eLU#CqnWI(V=Js$u7!H<MfQ
z%U@{h*;Ii_3FvrG``$-rH#nCED9oL^ZhwolelVxPm$5W#8*4`2b*b&9r@}8fyV2cU
zFVrsQ>+G`1UZtQLiN^he-4ypK=;J6d=NW~lqZqUs&tG(_`xrY%xlw%IY&jy_aK*T|
zu7B5PsTB21&KRp9Y&IN@woE(WU?t}ovi9-a>Cf>c1`9;(9cSd84!l1XQ88TT=sC|5
z`Xx#}6%NZq;im{*l7dAuLMM2h@<6Iw1kQ?%H-)T$;B}Nfr$uJt4Y~r&irMNR0+i81
z^V)FF?exUk7wAOums-lQ@I#?g=5|XOE}O|ODuL3Xdf1ZOkzZS>+C_DxxU<9lG~3e1
z8a1H7`IKAqR!p4kmNrX+o%R<=nDL3d_VgaBEss@^-(>>%B&K<)dN~1I1Y4h=pKgba
zS-8Pe(jk!upfpf7Mke$bBeo#Pjuy(7-u*5I`>m&XqBB)Sm_SiSia-jdktIC-+m(IS
zn0$TwScVIBo@Bb4O4Rw~hx)Ec&oj<Spz@%Bx7D7E6!40kIY@`Kf9j<v-ox<vnVQku
z-h4%b`15Uw-E(=8@n*XH**bvTPuN-;LuP$|Ic~NiUS#ply&Rj3Wqlg=dWY$IX8LMb
z2bQkT?xH;tgLY+9z;i+gXZx@XPoC6fF?ar5XfU1;Nek70bt8MQMPa+w>ulp<SL)H(
zHS+AQ(gu_FsnSL_vCfyCx?uYB6#g}XS)hA_ER;_imX0O65z&oq-jQsRua-+&tjQ7T
zh=frA6q<z2;Sr<J>$Wi*pC{Oq_lMWcRV>jy4{IJ)9-54VLh%OnQ0uBYosHk0V3u(+
zZ?j+T2e5xf)&+~Sz`&<Y@c)mwvkHhKjka|{&;Wrz2<{eKgFC@BNFc#AxVt;SgS$)P
z?oQ+G5?lj~yUQ(RGUv>Zd!O%9zg2fv{Z+O9wb%Ogr0Vw63i-=nensvCJFt>${BKs-
zo%y9AH^9Gqef}-I!2IL!;EwnXQ5=V!S-S$O-z@G-j*f3?FFrf76SgoJdXgtF!W4u~
zlxxb*&TOO_3Dn!R$cuHRUpzH0A8Kg6_uV-?a;Nf+ck<FhoWz<X90;`bw<9(0nhNkQ
zpU!FMG+KdCIV&VpYj|yXy^jw`hV^%m5~I?#j7uDr;O?C76zV?>caONRrJFgXdm;an
zra=O#$V!18cfL4mhvJ@(&O$hntCh`WH{Yl@DdwGiK5g_dB^^Vw3*{fJZ{j$ceyHfI
zx@zRNFWu~17;0>SMwOcnf7H<)waq31GBrFfdn}AzGc@|}qVH*P6t2MLB5xi22UQpJ
zy}`FeUAh{x$>^Df`mbWLJv4Rqz>3R_l>)ui8!;=qcH>NZkATevucwhs0X`GO+Bfv5
z5=e90!*0tNBTGkv>M0O>Xp-N;Ov|c0xElkg-}(xKYoZ?i(QgpVqQ_4jyk=d$2YUKr
z!(i39W_uK_%WZ3urOH+kv4i<mQ8*7yGQxo?_%!NPRE8!7-(iX0(o8mxWjI2a7!=q}
zQ4eZ@92P}m9WvqMDW@9pkMEeF)ZDT(`~h%?{M87Z@v;xbRI8qr%T5P)vkav#(7=*z
z;XI2!B0YzV4!19hVn`o0&=YfGJ>NN*pjxhv-A<c5y)OO@3p%G80;0M6zPAvw+KI0J
z*2z#})kM1v=q%s!X!(`R*VVKZ{(f?OM%j<%zf$Qn8ubfh^IDd&>AHj5>~X52Eg^8{
z2Rk&A&Bo^Q<;L98=2NokOG;QTlo?}%3Al^jmUY6wZZCroPw$lZ6`Janb6t=6BlZ#A
zaN*lc657QkTaCxweC82Ym0_QU?O352V||}6kwF7^#b4j99n?sajayb3wtT%bIQD6g
zJQjM<!8*fv;V2<+CO7-0uXGY2CvgBWA^q2rcHn#AD4B2aEil2FB=vTWRpWincMNIs
zqSHBi(oA1#>-f$3lV4)5Hba8bmcC8K(KYQCqWrKW70%Za7l2{IY-AeDK_|+dWMOBX
zD<^Itv9}G=>I$J<>{KZU&yD5p8n9I-U8eGLRbM~p_IT9YJ)+RCnOsSopObO{ma^<<
z%5UvP>t(-?Sw7ely9a#Z=cSy12lsdL!W$RmrKPDK-ey<lBnQ(Cujd-n#UZ=G?;f%j
zC_0L5coLu|J}Ejs>&?z__pL6uNX2AP6*SSv2>#TpteV~^uq`wJjQb~iM(vDN20mO8
z!s@5nJxea9V@G468;50u-H8WxI{YU;8kN#9pcev}90g4z*(XErb&z%znqCb*SR`(K
zTx3q+bxf-@Um-=}`3^Z=%RW^<*&ri4{b;H#W$2kLOgR4m2^}6N5AIy?-%HUB!lRS`
z1N|n1yAcNibrS{eU9Va`+sNgIVzcz+##0mYh{Sk%8;q~VvYK9!#Om`v6@9gRuLx94
z#`k{MN-YDnF^BUM6;58YYH0G8CsDc*3)s60p4F^F+Lcqy5(i!`%LkO#i>+#hA|K_k
zNZ(2)z`UDLN5VSKJU{1l*!MeU8*mh}XtcYjd|$<(BR}Ck4OTq9i{+OrW7mcw#fxJS
zB9!5J(!HQq*L&$~eC%aGa)i+6b`#9{;|<{jwoDSUno8=ic&O#Vh)_Da*&@BiLJla2
zdaPBE-?+H=TAj1eW{Y{NFH(krGgg>_yI7|298m0o9GawC?!t3yg(8SuujuJ8XwoA7
zEYw}A@h!(-_L>r^gBHh?tZyG_;3AJE+=<+oAf^YZs7mb&P<nB|d@F*G#>Yc3iXEld
zHx#J?TH~?8FnO#?96BbB-PM>kb{Cu{L3WDn{5=+#B;DzX#r=9hy~QtdXX&L~3?+SA
zGx*=pD+#o^C9=8GyK{LYX<)pxw$O*SM`8*q$$MU)^;di6Lt#iSg|wQi3Q?}Cn(=@?
zV$#mL7#`=TUf)YjpmlzRso@FyP7@kMPZejdGtzf{C@n5tmf;TRjpnH7H<)GaKuI9O
zoZ$4?*iHYBX{iDgz6cKEQ}0BOwceeg?1{GeQB7S==BpF2h@K{fqq&BN!YQNQEUMa*
zk{I)~M|6|}bG^Hn>mo|kmkA13n&rE&%VhA@U^O`6hU=~(Pp`Y`1*_93V;q)C#H5D<
zG>A=DKX<4$XLsIG<j;<-c-$KgOi{Y}&`$Z>R$0(yFQCcOCzI+!NRbp6Rr9URleljZ
zS+<p8cxq8K4f_z~KtQ){9JS(eL$Z}J&w0BV{7XPmr%tAAm;;G8#rzmzUck^Hs|?^T
zg}@;huDu?RlEBxov-3^VcyMAtw9E}w*1T%izuM)MHv9;YYOFTy4p`U7aUA*nbQetU
z!G$mk>!HEz%u*#HSkYCm9T94caINH}9u`z98HeQz==?exMXC%3%LjO*DLU_$v#t3&
z5R|I7kc66^9ONA<oi`KMbM55u&rKVHyXo7KITRO?CT`(<P5XNbp&#;w6ZZ1H`79IZ
zzn6+U@UbYKyl~{kp_ct?d3@F21hFcYUF_rmh2r;;-luu8SEv3>d{2!_Y02k9F|fDz
z3+&|k>2(fE6whV`9kn#vT`b+GX;wo{h@awJ;%<$UZQ*EXsG>Sq4{+^;(%b5d)f7Dg
z)0W+5@%iM;Kn{-41S1~$6D*T>L&hnAcogc3eUS9t=LPTq2Ow#VZ<79PLu|hgBpQo~
z79g<l#b(K3=e^t!o;pj_iTSc`pSiqh`Oa0bLkgaNMfLSmhUUllN_)&TbI|JqrMA0e
zqqSdEfqYogy>;nPz;1g@5NZP!*o3}o4NO8fO1{vIo`?oLMt!wb?DSA@(nBhvXD0?+
zTRVzt5B>~Q9f-h0t$4B(Pk3Q@GJScTR1RlJC;C{TeYMQyu#`>VUuE5fr>b9q>g1NV
z>!LQxKcNH^NHbv@k4Gu{A<UtJ)etnf@?Pk@y(|G^`nWXn`h6)|+F1}DQW~K`#`Wqn
zz$X?pQz{!-dw7LXdTGf<;TG2<TS6_H12u8Lh}f6WV6;%^y{Lj91*@~#nXFuvkokJm
zMdZGG?FLYPjn3jyD-Bay+w(sPI^A~Yy&05ML^u+n?OklS1HE8i=f14q$DOZj7?a!g
z^l#BK90i0jjK+|yxT<aXIG)XZjJ7A-orHm3)7k6N^#c4ljK)trdp2@p`(g&jOI>Iq
z8fuuF1Gxi<c4IQ0@^<$T6zcb9Uq{#ceOkJXeKB>z7b^SDk}U?b@eu6}!YkeceA!94
zfD_Js?cfr2k4b+oY~Ss4e(Wn!0BG{mO*}5xdr<JI^wI~wW<ilt5vOoA0{yr3GPrS1
zO2b{&t+BM7B3ol&UjIx)L<laEX7tMk;gS`n<ie1xSv~&8D8MQ>paPnd$Y)MC?^cR8
z9%2rIv6yF2!j`^B)Mv~U(FNXnBK)4?7gv6@ba5W^iTvX;EHhJ&nR(6!VieDhm*yGJ
z=Ife>#M>qbSY<-OKYr7wH_t8?j1NEMJT&o--R=eXohN(3aM5*XU+&JB{#?v)16*8w
zfyxfM^r1x5>hDF#Xsdh%JrOJTQF)whn<q8N7YLpn?~q!ibNO4;A7E}T_pD<+^KbyT
zvoF89g*Pouv_lQVuBCZKD*T41w4<+3_-~@P9E>CpTk++7RV_)DEbovzhxj1{r(37X
z<kEr_5tHLa6PQIslQ)H7SN+{(t@Ms=M&ymp71O@+E@KO!0PvAHv7*lpIIMcV9iu4X
z^ojEyKCfP6jp+2L)#@VKqb8?WYVyaQzRsRq%}npR&+}Y;#UFF!Jn6-L;;Un2y3g}$
zLzB=Q=!&d1?{tg-tew^Fy_%4Zz-y1r_@^{IPoa{$U5pCGwJ82$#~YR>yS;`e{2m@N
zhmbM~UFXcx%LyIBTs=o#lWT4p;~hW^zKgQIjS}9+KfhZeJ$?C>Sx1YN=ZD9`bRg?z
z+B2Kit5x}oeYz}nB>qRan(hIEBzIi_%ZS~T(oU`JADydJmt8*B24#V0w*6|}U^?yS
zNa#MR%TjogIkI$iRAcZiZO2Fp^l@zoai<?1tym!$ik`=y4bMZr5Kqk~TQi67;l~px
z;?Se(-47$UAM<taM(qv`<reHLK(iSL!b0Xc8DM5(EKcRNk74$b+sc|xj~444Q*S<i
zCZ88#l5q-SO_RzEu#TQL8sPa-bLFHZCNwUm$9tHQ*oJScdkfu_1COtI2i&9gck4o`
zqC57mbj4QqW!ViA?Z8tW!L_MK)We5Hg>qYBgo+Q+-HG9mSn<*q1+3h^oZTwY#Tp?;
zbEZgx^V&ZV$OTj~icB88D<gOQUX|?;7AcOtA*pHJc~m>kOOw4hVRw`DPg%AjO!RfR
z*?D7DMPq|bqY+8zBK8Zb!_e3ds}KXDxg6Z&TyE#{dV?1zS92fUM*CU8U`<aTkYclS
z)CP$6W$b#<CgfbpeQO?oi>Ms}@AyA(2q8GVLO!C|3VJX3Oa4?>_?|#RZT!dQjoe7&
zWr49EKw5_P4`n@6WwIsly7U(d<{$a6fx!ZJYR+LUz>~;44G5~5@#IxT3#NbqJ}AIO
z`?6Zi<~#MaT&If#80JDJ%IKqz4rKE(?96yG;lvO5To{1@|9qZMy50|*?5X+u>bW=G
z89C^Ix`=#P=aQ9uz_vX1Cg7x7X(YyQebBTi*(hnE`P4Y8U}As%ORm2QD<qMMZpx+j
zMmV;EH9*z)PAeI3=g8I@xBWEuF{Uoe4miY64{e{%^a)!;SIY=jJiMbTm5b(G<kG|F
zFy4@<JD-R7@9O6Zw0q>hJU1>LT0gP1H>RlkZ344XZPI&b?^U7nbE<<u)%(&c5gm2(
zZy5sc+3)u>hC&`S-s(nul)1ewiz1b~Dm`(PzT1xIqkueOsE$^|z(~b_v5$!?t{BsP
zavjHE^EaU)U@P%D03t8SGG`_Zs2y&3S7e^U-(}U?7vUtdfN(YHIIdW+?&T>@4A6Pu
zjGe71Q5llHXc)(w3Q1phA)J<K{d&v3l6Y9@4Wv;UETW<XyT)7R`1BGoots@0!Vbxp
zeazTU?Db7{dOn?tW3`ieUCh!{kD&+JSX$Cs(#D0FP1&;!b=g}KBQ)t2Mhi71$u<to
z&lOx%Hio1+@CfZeRc!gIUIQMX`q(6_vyA<Oe=pad6@Yg&gg(dt)7pGV+H{wm%$YEI
z`!2x2C2wLsJnzwh(ia~&{7-_QzT!C}(cP_)Lpb|jr6<+BxPl75x>nFrRI*8NeoUZ%
zd$)`_#1b72udP*rS@h9*s2BT>z72d3S-)N7R9#;mu3`E+xKJ-l)F<#PQFoVW?Uk}_
z>q3LQyq1^;7=Id|{n>H<^+9F~UAY*=B6!+grh^D~=r<vOiXH%_jCisTZ{d>w$q{4<
z-_?!z+k$+t>Zw~T+%D~$RDz+E!GGr`)W1LHC;aWB&-X&3Yh8+sx7*=A(Le>2qyutq
z_4<e#6V!Ns0PDrD(K`A3yhN`Y8Dj{v4F1z!{`EuDAN^6OHrou6#*@9!7~=nXHsh<s
zKiLfCYhI1R&+~1z*s*kq)LG1HMe@@{e3Y%17|_O__K;&au8Th(ID>yT%y`Kd5Wku@
z8B92#Fn!<ph6O4pH$C`3e8y4jvUuJ0LawOr+R2yLinN-rCx>z%CdbA=3jLDf45xHk
z6%<Vz<<6p%BD6)0<|OJvVdVsvQk4LGT*$wR$umEpVXYfcMoiSQ9BB<J-XiAaD@QT~
zz_L6)*-5kWjD%Vv8?654s(Ak(Mb(#)h~xpFBB|`U7<GRf@IS`u(D-c5<>njB+1FUc
z*Iqj?Zw@4;2E5sq#b(YyQTg~bGkT-8n052PBIaTy*>?wos<l;kIZ>rlWN47M9p2pF
zb87X;>Fsf0x&zlv0880LL#D>Qw-0N%=W#sNVoca?9?c52{&xsTdAEx><X`TbV_WPB
zbgS(<d2rbB1MhFQOW5=ha5*ElUBc`sut|QgFRf>t`VUBv9fv~8^vza&)o`g$a3(hq
z7mGd&2u{S+Y#u|BAd)hSc8e<xa=_lL*Qe|ZW9C=PnD5V+SR_#U=;>eiy~)4!Xz{34
zd}_1kSjpH#^{6|4EfD*U9b8-;+UGLkwaUdcD_!fO4)WFjpU^eg(RwbwYBY%r@`h4w
zVOUM|+KFFTfFD|letWW(n_wUP4j_Kvn&2%DsUcfaXcik=TU(!-wA8*sw?#K!;m}fR
z0Xn1P^O(dj3=2C(CW%&&UZX~PtwiXDx6K2G%KWKz@^BHew|3`B%_g??2cE1t=8|Wi
zw*w6YOC?-Kaw;{Mo_Hgv<(DMB=rS}YYxOhzaPxVWEYs#$1)cLn`>`}}pt-pcrHARb
zTD_10{9<E^UashU%?WAdPlc9A^Ww8ADNYpw1aEjsn(K25CRvV+a*emRr%a;{xpaQ}
zV^SvN)rzFQ*&;xql|Ch2^7}Y}j<)}sL9-{<uTLAFa&bV<1df3<Ro`lTZ`t+q^93-c
z%wWMo_su&Fl)$yC%Hc&k)@VvOir=Mkk<^U&4zr+zc*Gnux7>|f^<QWTvp!N*NPo(C
z&zIgrD20BnHGZF<0bFCJTjMJmV5Te-29;d|+0C^c%4DN5OMz2`(3GUp=QXzpzqQug
za%juT&<KFsk<03Siq*JrxyX!6f4HaODGUhYQM2R(t?6u~sWMh~Yybj6@$-JtS7wIO
zmDnc-txFzfn~7&l);H4KXf{ry+H8$Xh*!2l0ygGff-06km3|Q1&frPs&NeTN(fYQq
z1|3sh>K+@A<)C-}w+~zC?Wq9$y^Fo&vkf29`S;y2QoQFb)2+#b5f{;J^4})!c5>uD
z$}HTNU6dAOr`iF|AlrPCdr%DWoJX7fYlC5z5Oj$NNQi_3>NEs#0<iw4P&`}X=Npu2
z>Fh*dfVzTrDm!|gi?3xD6#XWkiI0+Jce+5bC{89DKN)jODwYOXAFxPB*_vE=y{5&?
zbC|t=n^ax(tC0=hKHJJfHZ`0aoYwk@2jpL*!{MCdt+R~Z_Fv?dF3FsF*B3n4#d42N
z=^Q9Kgxc3@O%*@#bR_E@3}ByfJ*A$cwKh7uc*<i<b(1~eDwf%jW_H3ylur-G1hGwA
zU;uWyTj@&fT!@o3HE5D0##R^|W$CD8Arct<CJpr0eyOHPIHoe5p-jRu{lfwPhXmy*
zF0eU2D033dH5d?wVNFPl^oD|iK1I8IDC%_iU0tDck^5cWd8p2!g&fiTXd>$N;*h9l
z3IdwE?;fn*BzuMRdi#E;03Vo7sJlqmXlL|kuuV&@XvQq+z{|77lur)PFd}zOS!?1t
z;!Zwo@#!#fDt}pu^=NOr+64mbQs#&&nambOJ9|+wYqYgK3h9kSH{Sd?Qmwo8oz;Cp
zTjyFv@alcN@a7X?*xjo6w>BFznZ#qhrL?P+;d$Jt66v$=o<xIf3q=NA9TL5RlUtG!
z1cUs_!PGn&-_jzmXQnA%rT=l8-Ls>@H+dHVM)jR`hQOU?BX*iQT>d)Z7FiT7n_0G~
z4A;2kTlTYLnA2t;VZs-a%w8gc%VrL044Z!&XTgdQP3u>~Z;=P=B@5Qi<OcSrfgy2X
z;rJl_a6BLi;)%)7^BMUhuO%}d{d@`;^JWr$1A{_=Jw(FzUygJxg;pm@?4L~0s#hzO
zG7Pt8*Aga^mEL7$>6(@kiB;SA7M+(dl2gy#daa~G=(|r#Ddgz6lH{jXSmOK-_eH9r
zb22X6_vdGVh3YL-xv1#=v$(C&QYyt57neEqPz=ol?oTZv=L<(-`4S-((6r^WJ^bqL
zmKBB<&NJMzc;Cr9*)`dwA|<kPi;tF|@FjgfmVMTVuScYF{XdUT?VNX$aU1QP!x&p$
z8A(~k(|=BdJ=lrY^2`S06q0YS|8w=D6FBAXEuA6XdQ3-59hNvkfQJy=zi)s>2ljt%
z0NC?k>=ie$BY3lNkQyRWEi%q+(D?`Z|GWV>Ytl<?&}GnPG!34%W>>Zzbf<S!zugEI
z^YperpTIXdSV>0v^WIPDn3EVpb?m8n-P$z+#^^0O_wKHc0=^t)WG+qVb7_|V8(CJJ
z6r8CxL}iaPDwBm)6nuVbV9scw-7EqNLvw;r(mb2vA>LFA5PqrChN(H4izjd?XEYe~
zDEiDsmbA&D^RS&xx$~HHH7*Pc3Sv7E+V#Feobc@qzW)84>w$Gxt2tbX0{h(yoz!&B
zAyWGdg`6W42A(?(j7A3j7XD3Ja<*8fd`5edm7j*A8nSdNPIA?;33_c`H1gu9KgZ11
z7K@~NGKILbT@mx%bag6iPhZE=bQ9D^08*>i3f;B0B)kR=vo6$9DnG;4NUTQld9$LK
zab&o|!A&C96&C&PUx_fo*AJ$)TSKBB3zagg(?@gCT6*QXw+G;ln$arx&>4XFN||po
z0_3Tg0`XbRcxv4D+;{n}S<>;`z<+nck5>eU_NDF_b*M<2b4OA*r9$49<$SHelpq^T
z<7Tk1bM+(MpvC8NQ%buNUIa8y&aclJ=$fuu;`2Pf=n8%FL&w1!$DW)5+a3Syfr;|B
zhZd>{@a^X6n9I+`@^osw9wgQbElLeGt>$Q?zH1A9LEAfv2Fz&z9WtRlnq}$^U&t|G
zFBu!4+`mHytbfOT21v3x?HLu-IvWnR7pq6Crnh1-N8yWL)n@{bskDAuYF$jDo#%=e
zY;rred>XVOZu|jow?ny~{6aP6QA~tIx&;Ws%Ywb(sXx<9gYy7wNrsu|2+*~SXHvSS
z8b#c3_;muT7(Bx#8s@rGK@5c+sry{+9cnV#OJ7%C4zZan{yy7e?qAKre<wGSE#ZKl
zp0OqZQ~->N7her7+C0u912<2-m)*rCILF&`;CmKqq0whJZS<!v;Y74%52=@2SZiD*
z)&#ew2={xS&}S%aGNc~hJU+1N^|abW=MBZVzvD?Z`eyKYYkul5Lyt1O;9+sfTx`<s
zLd)~Pycuq17doxpvHgeF7A1!Yupy@4l@j-K1b;jE?aA8j<)+yK6=S>JT^c6s-W`Mq
zx|QdPS?vl5kCPbH1(*X%yaMB<Gxc#i?tdxsnxUL9Ade!T`F09%8Xs3`p06?g)hjgt
znf#t_`800h%#HMAIC<)eNVQnB8%42RcStW~Hyk3p`gLG<FlOMfRWqnPmDQ?Gtdc&p
zRT~j{=^ln~zP*yQ=`Q%oi%9J#!Pt<l`ys%~zM(*NgaVla<vN(}PJBmiearA6g1Q2d
zcp5Qw*wQxEheFX`KdaU(jBOdb!f-JipPoxTI5Qqowq9rNMGQH-cg~5QO1-fecYW16
zem2S@Div3jt<mHex1fUexFJ{g^}s>GcC7rVKR1V5>Rl#xsk3}4*9CjntrasMmuWUg
zaM#|6lWXRYBsg)}{>EF|q5@BB@x%5Jk=_vgQ`taym*eJtgJ&RcLT(pl&ak9xfX<X@
zatzf5s0(qwhi_wQ%@>42;)=7t{u}Wyg+hvX!<qeBp&2TsU$T<BC^nDVUyHT-y?)8w
zZROA3mA4PiI9Bje-Oc9x%VnNp6YyW&a8%G~Lip3Y?Pm(DW-QO@!@+X9n<TGwD*u=J
zg+IJ8-wLHL>Joq8vnstbR1l+)**rlhES3!@(ghb>Hno3Fy_+oOcAUWE{v~tkW1s|Y
zZGBRi&C~n~HAVktA`gH>wOF5&`Ix!;U3WInogL7U*B3^GAZYq5KsBmZKUdQvS;d_+
zza--cj{&#@j$b%D-t$K(FL@9G+uk7C$wP<J#Q9NVLI>6*?Sp{Y1)e+y#@vQn%i(QU
zQ`1B%^#z@S0L&(vyjI=yX&LvtQwL*BXC_D@Zc<xFygm@hBEky%J)|LI(p<5@L~I?o
z*<ETL9mMOmicewD9(6#I)Dj>R+3)ueNr^6LI&wM;hb7IV<&-2BQ}bhT?LJxEt!`=?
znVmXw|NEeuL=A3^Fy6>UepX{88JFE~+$Z}NNXJgVHl~bWWW@=_5+ouub30)%n(XVL
z+LCx0lDj*$vgG<^47bE2#9eRpH3NjZi|4X@p8@8uHPzwpwx4~r=`38`?s)92#P-4A
zaDD=#tW4S^{t_9IPC+-d7cW>KKzkhq0&_Gh2I>wm^CWm1@xtR2q4o0MsawU;?e)|5
zzk3>hg{n(U7EJb*LUissf@sbkTeLzN4<}T9`m@aZ7Lb_<vzn93kC5Udhtrx8*g}G2
z($u{T1h&U41GidX5#N{O0NVBIjDn_i!xbxt=#RH)O1tXuE9T9qNO_g2r|{YD;;6wd
z0uffw*JVHp!@t&Ip=WP^j3@#_arUV>_iiUNqklVIG`^eYR~V-^Iz2zOY(@Mk$`YM?
z8#T@7_aoF6z94Tt(y9jh=;vCVA$d_Xl&H7Kd908?t^_MFb~+l?I@fP85uc8N7o*B<
z`AzKb?4y|#${O+eC$`xzq@}LYAApD~am0q$M68u`4PD{414?}(TFJ+~miZlEHsxMg
zHq#?d%&~uhL7&NERbDP#0<^dBsY8ofUwj!1z~L8-1VFUQSC`Hm($|zgGg2?_#=T4N
zWt6q@xpt-wgG(=rO!!ST>t-#0nKg&C1hJ!2Z}M1UX2a}*YnR4pW*n;TH=09XfaP_8
zah$W!UBJiS)VS7t_}p=zO!|4U_Z2Z;XCqwKBTA7r$khLXiXf<oYX}V-5}p_I*$JtW
zwD}=9tUIc3LU+GFcYq+qkTM-%k8Z)C|3R?A`EnMlM&K%SuvjDKGQ|Z6F@DTyDuZS+
zL)W47m0{D0ndDd-!~zGQ5Bn_=+L>))*d8?2P!Hr<9~+&a1fmdTixD~t;DoIr*Erl@
zPE;W{Yg_rKC`N)E6(8nfcS^a>#%68f6uhD8LY%KYb5SBSFp74(Dr#SH>?0i@eslLp
zM`D%cV;Y7OH{t}lZ5(mXA$oFkr&EnMR?T56P1*VR(@p#}`7a7h`S%N!+Ole^r3>9D
zoK`T<wWX@eo>})3tfw}AXcyv1@P5+*{>cNC7^eBYbF8?@uG<*VZ5_Ht7*C9cRRu93
zwEUetn=E;ukrGb0mGZQ3e!bHw(PAOVzeJpU6}DExSloZRIdfhVSt?hb!21r*%sE%P
z+^8_G0Ev9#g@B_E$=Ca(w}t&%rdsUY+ksr{Xf1I@l)k4?@|Lup1D{loT$@?^o=w<a
z=u;)bc4srNS=wwBV~2c^6)U{m#!0S%bGfp&lCyzsgFur%G0b3LK=X=BT4yTZ%R!Q7
ztFy(#{lV;pAB`jIE<+pw$%kJ|OuZDl{$0YXaj#zJ`Tr`+oz&Mf(=B5Z_LGI}3nHA?
zTJtisrw{sdZ=22FP{|EJyr!i_vYjh#d-jOOGos~ZL<{EX@rMBx?Z^dk0g7KTZq&uV
zChV`(>mTv-cG<2|%w1GQ(^bUdm`G-KDvR*p?n3f;6;J8R9zNPHr0zXGAmtxcENII+
zaW3}s>v=8dcZmp4U9a$oFIN*JCk=<Py>;7g_sKy%;S>|X(}IdkMS#ARu6ReKSt9ma
znFfbTIK=iI!ehtaJwh5C1PC;ec0C&_M$%iK8W2pM+!}4UvEMOdhQk2fdvoaJKb5I6
zy%NvTv98#p#HihACZDq<S|jwv=TXN11z(rxO#(@A+t&__Mf!E7{9|X&d$I!ax}!NM
zQc+J}K;v{4is(h8mVs?lKmU>}ANtHO&qBR196;LEG{dw~cN)8=zp8?giEd2*RDoV{
z^1xIi6MD3fo5TYA_7IDGiJb?*eq&w-lNEvLZhEHpH|P0ct=1dBxLB6$t=~KDT>)Dx
zz$@Fg?l6)}G&D%-@~XSO75wVZ8Rx^L$1P-A*sh7u>EM^E09GioqRR=hT^)yt^{;Lo
zoStmLS<7tihvl3v!<w0Le93|pxQ^mUTC$0hn%^+8zfJ~(w1^*p-1+g(haob}8OM%@
zDsSW9JubG0lGv<&=71h`82D+o{N6^r`ujC4Fd_1{wC>(f)}KJH0b6)0NrS^}nE$<C
z4f~ZPv1bH64U<`Okc97(0%P;%&I#J5T%iwv4|)MVTGXxdJZ~GgN_iuS?E~)SWnmTZ
zt>i{%^*dUnETEc)wEJlO<-mTyK#8-8f?K#AV1enyzFd7%=dHo_R4;FE%uvK#H;Kt!
zxd&+L+KDe(@AKoXZe~lOUk>8cS*FO5b}PV`T@wJNa+XZ{IfypdUeyNXg-)f#_o+!8
zWG)9|i}|H+IE?RRj)9LEMmymSstf%YG?ti_xrwNN<bIfUS+(&?CS`K&70#DmOJmbp
zOf|k#GGe1t%QQ2xb}c!8y?RPT+RdqC^wT5_0|oDy<YX5}5>eTav_E7Wp%=<=JNuvJ
zz{@uTUB^?UPv7oUF7D5gMh<{Yi+R?TvX;E8qZZRNXkuSq-q@j6JQN)v7xE>b3GrQw
z)=Fo<`kg<MIOasIlr8e)H67~x8Sw!SATRyxYd}CJOA70l6=l%nrrw;;6|7(Yt;AX}
zOYJjnA=q7%9fY~r5f7Ewl#rgrLvZBo@3crNoLH45O(q06wcjbArh|m6l|b4LFJ3DD
z1qH_}7I3W{Lin+b_*dTqVC*>PY4q5gEWG9HPo!|C(26_M*tpui6!{Tdek2I9ejLh#
z4f@$@;wOZ6=~s@J?#V1}mXxOKMpbM%g#~H{r6M`p7jZN<*qf#ZVeb>eyh5WemUSxR
zx{p{L?aF>*>4`IQCT~z4SJzbgd;ycMd%Jo@IQ(zzne|aM9RW(m&t*3UH<vJ$6G&_x
z_4nD<$YQzaJx|tYP$$mT!Ng*9ljqWmtzHxNIUEh$UJd??1GDO2VrdC0dX_IxE1j&?
zqy$lHRt^{rAH`S<TQ;%*S8n*zWXyX6piz(r^hb1eX(IFg*Xt(cM7S2x&64Lql)ctH
zRj}~liMI6b>qWAw%-<5H*gOXap!-0FiV{t7vIGeTpo@g5UDl%05Xl~dV4*r6fMX1Y
zBW^gFvmP62+X_D7&vJFf4D2bTpUNxVOf%txDh6ZnG5;;te}a7$@nWbH$5XFjvgR(H
zERwJi3zrnT{SZqx-SliCu($s>IG(XGPXtiMT)mp{fM>%K{&!noyQkDTZQZ8y1k|0Y
zyhupKz90r2U56W>ptN5I5q;*(r`HGuKzQ#2>MX9ET5x>!4F1I}B1(G8VLh=FsGs!}
z_V+L^)VNW*_2@%b;@NpWsh!c&`$nrnyPq#qx@W^i)54#!bmU3I{*q>XenS1Rsfsxx
zGZ78HObh$>!{8aK^hda1gc5}B((jiASaZ46kc~E%gLLArm76id6iuG*(pjGW_s`A0
z4xyhRnMy&YT&Pah@7)LWr-kt!NBMWZ;uGaF-RE7uqI~J1b9S`a@8G|U{Qm)6`tu(C
z>w~DD7yt)J+Mrbm{QDUH{lK4};YwMJ&Iz1<;^+U%M-(3bSCYInA42<cz5e?_fG<Fu
zeugU*CI=?|->FbUkZ0Oc&Poq0@xM>hfBkv?AO4_cUJ(5u$wU2NV7_6}|KksOy%pzr
z_KgDzE_?36G&<am7U6&Sr#b?w|5{zBHAO0AW4|WFeEuspiRhKG0@R^s6uDwvs8Z(r
zhTWtLwgp)&=?KjRn)MHK^_O*@eTem;J_ic~zjF%-oycpjFms+pDBCJc&QP~jMO}43
zK@8<18Ta`v9k(CD?fF?UnXjienM>mDUQ;RkP2clk6^Qyo6s4yzw$E*!RIOBC^HEN~
zaL5VWV9-Hoj6tKZ`n>%Crr=C%_}OjBGcH>!6uCNyJe;PXHd$ZsQ1F0T7AP|XKzznJ
zQQiY{+e|+f{kDg+x*om8J?J8NhoIhkN+7{Q({>!QPx!TJSxDsd66q+RM}EG_7vF(g
zndAU2dn3{5LLS_hxUnByCfUhV`cd`TcpXQ8j71)EQ6Aey=lZ2k{RC1zt|#<F@{`Y<
zt5EZTQ*s|J8Z^i&dFM!<4GbE67?eiie>L;5kXO!lBIk{Sf?~sFfArwxD~)?bx%$t(
zfJN@xp=dY6<=A|pL;U2-2m)8I>VE62%vybSfy0mP!`buWPcKXnmWiSO71@be^ZKvT
z1FURLXdp~N6$Q#rZ#Z))JeiERRovhGD%e)HY$n}J_~8>>vPfGb8Jb&TW`j{b^?a=!
ziuqza9sJ!Nl$7s!DhbX^nJn-u70}>j1F?T&e;r~yM#CW6ygMONzccWOnhy>5KAP9B
zFmA;FH;e*Ms1BSdkQ2!FBk<{h;YbZ)F=@yW;$j7KYsTs7^dswEP~HOpim?I7zFEe3
zf@ciXoz4xb%W2RUGTN#EfRQ4eB^-wN?QvFsf~h^#X4(6~K`NG3wCzw$g55xz5S8#S
zM4hv0a?E>)O4x6&;?(_Lz^a)XGS{#Zz~{X5VXuTekSx1E{q;#!&b-v9LP=6A`2qLo
z@7F;NtOjh5Pk*8#6$Z0PBeeqWM3Xkp1}r#?lkCQ5JY~162%kG?=CxfGj@&$Dv)2VM
z-Nc#y*^7g_*qINuxWElT!<B>k!kPH@ql`!hJ_m_%$v5y36=kkX0;LeZy-XCe$xZ@N
zlMJ9+qvXR{f}?}lq~aOix;CItxWA92AqG1J*DLch6YyIHmuj})#9&zd97*LSd=~+)
z*dTsfkj-iNXagRle-V8SMx>jPKb+TZ03%))U!|q{1Sglz<Z_;5(QIouU+&jUoNR!0
zfI{POymp&HU7kqlx3t~qlvb^QOe96>SZoM%8bHa)8Dx79IC*j8tKToa*^rgxCKioE
z(Q^3~{^V0&O+gq@dO>Pr8jmw`qZ1ST58NU*pis}?e$7KqXm@wvO!J{F9^R>&nALL0
zHwrNWmn~nAFbpE*AIyv1j(++pOyxr|67oCUb`CE#WrLE9xB@;!<=|3{G@vd5U|IyO
zo5Z^_4dl-}EkFn$_oChLe%fRkTzyB#bpr+em0p_5_t9!g(n_oR=a?o~-t;2}um|wh
zPAOEXsrWeWSV9ws^mAc8uhnN3(k1JFo|eZN4L@V^Uz>|7O00s$4yXQwXJ258S!K9B
zm+q5RE@3htKlX(d;O&O`(F0Z}K(js-gk@0W9*5Ro=qU7cU@bNe;nCDD&n{U<Yg$S@
zW?e(G_=N$>5#VG0hnuDBSz|DUwd)7+Om!RilWy7|d5)){ex7f+py$2Z96Y~y%9COS
zhVsSC5_;U{MwqqCD+8$_=jxMQ&Z$~uVJ#jWZbO-;gw@O{8;BBE?H&6|DgM^vGfs1L
z_P{T6$&w$tYF^i9IY-7ZBuO{b(W4np<_wlgvcw9fS)CPRCmx0KylWD5O4Yc#VL<ok
z9r3a3m5M{eXjV%bO};2-W_$33gCB@>yY@&l-yG9CZM;{E=-<1wFB%7u7GyJn?`5-q
zK^j+)lh13$w9OE(F-0Lu4gEoOg>5K^qSI^F0-maBi)rb3H17DB;sjZ%2M2U%u1uOE
zKai}$*ko?5Y-;ebYaOZi$~k_?jR!0SotvEe1p|*(I9rehRP*XXj*kQ^WeY5F{g7NT
zt7Prq*=U@yevKIZOdgvM{?XN*^a7iQ*s-L~IGl?Yc`Ji*DbXmU2cJ?a)l&7LnoE@o
zsn!F<jrLSS%8OV2WoU!_Nj12}Gj$;aD_%@~TR%-W%_P>kFSo9B&d<^?pgkVqZKsM9
zmBVSc*%*E@e-)qCY@IG;D$#mCK3Hn~G|^e_&*z<+3ZHjdK4tdb+NPD#fXcLWebv#&
zS8X~-B9wl4gz|4<)&qf*_>!Ob!qr$F9k;;@;fz_vt2R6v+TUd9K`(kTC7y8U<EH6i
znPckNJPMe7Zyj?1nP*}G2HpKs@DgY`qQ`lXX!j2XcSmpC0FW+FnCbUHt+GS&EshGk
zNjJ!eHW<kry|Hk>C;WAuP2c2m#)Y>&;<+EVUOEtPm%u%1UhVv#e!G4~42=GP`UYr)
zmH^D!;n>@?LnT^t@@3|%t)a*Iq+|ESaR;yQXl?gP*2ug`L68j~iu<Ky@wZ=xd9lGA
zsxq6tmOX{sjt?2@73@llj%`Hn(k@^H-2cIC^?jPmLC^4a{R{*P@?(#)z&AMvo#c0U
zHjxwLiu@Bb0GuJ(4OJoVBK799ul2^}0+Z~0{ZsZ47<K)V;``(4QCUYB^AHm|W};z<
z?MS!)!o^Xh%S9VoL&<#yM_<s=HNvt?CFv49ng0IxbRe71O2O9$X9#|a!xoZr>eEQG
zD36SbVJ~;@pW+dKVFF&nhPPK8>;4b`q5vlSkgDo1<5k|lY$0H^Jsf?<cB`v!uW!FN
z_tKBuE6)qApU<)`8pTAh?KY12`@p9b*A^;voL;g_l?XPQN=ATQ1xCKmh{WtrlAXq+
zPEU}>q*o%^fxA&E&vw2&Ut!(YyQy})l6!`D8J;hYJpi09`Td@Q%4>f_%q{2rfK_s@
z;8rehG}6|H<{8dHrG0$!BhW+)5(d}~Kj0dNSic{l`P^MS@!?C)Q6gahNe7@qX4&F|
zUaPysMTHwmoBt|}ky18AX@8zTroR1pT!dCl8kh^w!hbC+Nm;s3<31c0?wRwP^7}d}
z<CLV&p8E{QpLV_wSsS+gLQ6U?(g00ABfnb8y%RW%o8t!9jbl;FDX<rJ?02UMAkipy
ziUnxhJA0Pz#}<#`z7`?Zv+0<dkeXdTnG8$X?M@lbSJ)ChGZ7Tv+Vy%uu{SwG$BO*d
zUfnHe8$<D-YDY16RWNGhjQ$Ki{u#jAxEcxKd2{#U1eze#9=8^x1h#tFBK#tKhi0Yh
zHc~sG?JDiQlw$y(W4Ro=9glzVSu+CYSO!|O?&h4JQa)76<!Uzbx$4wiHWSKtURI1A
zR6kZ91|FjoS|=aMxeERW#l5%-1DwZ9%l7*7sVaM;h#gl9tq<E$QhojW0Ix=~GM?dK
z4`Giiy`Z(uwK|t$P5CQGkoy+sP8xX`ND%i-#F@Li?Wq6)GvW$Ac}-`M4Hk%?G#%@L
z3{2qpAKZRYt5`}>Ddc7R)27{WooFOv$7S+m*FrwIY}JXDMf<)}{F<WJc6&r{$-nMb
zGYn0>dvELcn6E#=a+d7Njf5o>l+!#fk5`>|0}g;t<8gbVQt_@b`Fx$JKm2a@?#MoG
z#e-i+=9^t~nos@HZD0s^ui&r5&Q3^HkX`DV!pg?yn^2u*o<vbvwD9^qnz>*gWK=w2
z59nN183GrmKQOe>;~Z#tZZ6xSU@(yM678eh0E92UTYv<}RUx<-jf<es;clLXrD(le
zvQ5-qR-jI1hY-7a8(FXfu-!I=-MNarw?i#kvmLuQf-ouRx~@MO?NCmjPX|%#xF9=l
z8JVa7u8Eh%vRo(|QyGsM@OR?Ry-t@?N{6PVj!BDqyC{5!L&x6St8ZMzo&enIm*baz
zLNw>Vkcwl#bclb1_lJXr`T(CmC-8RFvuo#sRsWg;yzm$d7KSFk;ItT|SP=+HtZ|CQ
zA&tLZ)xm&Gmq~UsYG{8&5Es*tKb?Db2Q55xP`4emrK6PpwFy}n&3=`5?cU#W^VNqR
zi30@#LR(b;xkS8$N{Q8K|M3!aB^Q4f5V|s3AH)WS^-kUo@zVnFy<=bE4Pd;Ag6Nao
z5+{<vHOAX(19}``jc$Exb|+}Fgm8pu`4ep(opou>io&niBsySCc_-uNyYU^hsz6+o
zX&W%NP?A*t89)Z-g{kQh2DD&{^p-FqE+^MW;xQ1gkL4fD{3(rQ_C?NrJ>}gD?8-jB
z_<Wtv(~g~989G#MW5A+l%mc(QvLd&umhtn8Vwlq~?l{GpKtPJ4=5;AY06eOinPQTd
z@jXL+JNCvEmZ(rXy0^{j18rOjwty_kCPXOQ?u!%G+@9S|O&H4hD$q?jJ=8rSjY>-t
zr;r^n0zcKQ7Ab(rW_rT&0uC00sN39^%nmxI<-G4@q9(mHEL5Tr;isZShKdNTZ6rft
z0dg=ggMk%tuslqQegJ!CvY0c(|8pr{SURKc7`wLq$LT-=g#+%3XcR$=bQ;RI28}#C
z&Po`it5PF5T5qqHRzM24m6a#P*YmtdBt&K4aa~Hf9YK@z9o1u5Zy`x;v|R22z7C$>
z?6>bs;g+a97s$E{d|S$Sr)>*zeRb}2iy<Z%jO83Kv@kqQjE`%-7o4SD^~g1sh>ht4
z0DL>CahN6>140JCj+h>~@jk8wtUcW<VUCZ0?ODet!~odS*--3`4~0g0x&UaG<d6qO
z<w(-w+pQ+jIy_VR%FaQgfD*n3QAxd(8$`^VkkNoX>u*fV+GByI%dY!#2#^|(5f>z*
zG$qTFSGR#Ybo00{h3s&Jfk!1SAnbZ5iEd|psy5HV50ghOI4s`#;B&>ri_7pPpvkI>
zcPmbhKdl1`Ysck{DR|7*H5l+0&CD~veoHCM3WBzic>9*8FcnZ2fwvz;F_Ym1;dSP@
zNf&_)&{U>47luZcNhE&xWXF|nsz!;OVn?944sU6<BaGXP2#tYOwY0Qq%<jR}U#dTj
zFO2V+vMbCFZeAaVEh4@kO-+Mb|91Mv+$>5oj;wUtCCEX)>{DcQVRD~F(iT(=G?SwE
zbMP^er;>bJI^AyOHARoz+LKf3>!nVmj1r2U=qW;-KAd?XT2O;_5o1RYv^?ktZ<U?x
z{oo?!Ii|z&2Da_a%ZJ10`jx=RF9Z(|p^KFma|?JlzByYjc-a1?cQ8mfEgL+<BcS_e
zQj;@_(@fj^F8D8PT%i$8Qt7<kK;?~8vK^OB{EAG9go6__$sDAHRXqq88$Y7VL|g?M
z>#+6hNt_r-hXPyLC6z*^8591p+j|_+q3fSJJ6gJQS27K&?%Ms$90qQb$8QQe*opIo
zkdGo;HsxB1pd(&_&(yhTk3_eC>~bxE?LqC=)xqgpH?Kl1tWLoTf+@L_&~3_wYb92w
zX6IFNpA}$T=UBtvRcB~SJ?a$l{~E9D(ZC2mui<|izPqSIXw`N4%ojst%VjXDB729j
z2>*Qq`fzPl$O*Z__hmp3;HBv&r!k*z(KDbio8`KZ#`v(LyfMxX=0;3YcwCDxy?Vv{
ziv5!3Qy;CS)trCs;Ov};6e$c^al$Xd%aH0$uEaShnae%X0nhI8x)c(B_ZCUMFCrSS
zc=oPoF#2ei?XRC{UZl5?p5+5+3RvHm=G)bfi4W%o5pz9%DBc!_X8`;oWe@x6Q>ghF
zMuU00r2B4oh;<OA?6J^ma@8$Go4E^sYx9k@i1Ze3JfCT!AZ`x!#d5R>RZ-!rq+++&
zIu^YKlx3dBX5P|)6H~t#7-!20h1>IyP(mmymcnICT(J=p{sq6fwgfQGb476ezB$8$
z51@9+EqdG`3&Ee!>_G*&C^ar!8%Jrxvf#%STlA*+&44z#B}T^>PJ`~ad(`aPrpMR+
zS(bai1Yz_!``>yO^D;IhuNa_dAHcp-gSz-GDJv6ix!<>G)o5a6ulrfAWBbJStLSRQ
zS+7g^K)Rwrh5QfWMBY4EE8&2St;&1~QU>%KSx*q;${;Llh_^aXX0JK@F`+5gOg!^#
z<l^FHA5p#~yjYXrzH}_OkTgK&>}91b5NMAo)LfeX!9KgSg<AwX*CMH8-qvmait1&5
z$F|Q~ptqO4NQ#6)EZgCS7^mpY(O9+^N{E7;@B^&+BHNqlIXw+n>7$ksD0mW3kNrjV
zNA)k#guel;ALGzt)?(!|5%md^3b`oYWVy5`oMSs(bo}Ht{B-o9v!uA|bkq;n3AbVn
za=pC`ZqYE5#izN7tN2;l!rBkoRfJuk^y__n8}6xfqpJN2fQ)VREZ1Tfk&GfT{Mgb(
zz(N{0SaH($4X)(C$}NXR5GCeW&6M5ug<&AX68VX_fpM8FX~Z}km|LOB$F7Fuyk-zb
zsq#i;x<lKCw|Z>b<%dJyo2~whQrbAW?S|TOR?pVvi94`zE&(&Z2h8Yde5RA7mjQG#
z_|en|JSrU?A9f@jRl@f@yFFnhurVF4D0)12+O==e7rc;Lrcd{=)__qqGFxjGFh@0)
z>qRx!JT9r<E(0h%ahz0rkQ~~w#a{8#0}#L`yfi1(!kI#6Uhu=4G+cPDUzttiW7-f(
zq{d;tc+B(VCp~m?wU0ktC$*`_onFbXa~Y|;X?`I$E$5xfpElMn+=d@_CqRcv(D~?=
zQB1$H$#RiRr_1^AvI!iB-TFSQ?l@<m!8HAdl$tAPwL=1^hk3|(Fr>ug<UNnLK{gJj
z&g0}`Oc$i=2Nt~{!Bx?tejf*Pz7q0OtsJtbp9jXfx%MU+6|%ae=)}+QzmrlGM&QDq
z0){XHs~rW!$n6u<vMCTgJFQ4cI4GsAF(rLQHT7G>ui#+r&PD&cm3HESV8^j`Dq?7%
zZT-=?pKF@*9p2N3Tn6~v52Ix*GG8pmr$l>Ix;hEsG5};&zG`D+xXbHoiIJ3FMniK9
zI|*BRo>BQL{In=LCztZKYP1?1Xdjw~Aq$?N=U(kmto!bY_ufK&Wo2vT&GR(fO0q3A
zZz$6#k{pBK_@%qb#ZZL&L4@(Mzp5UZ91-F^fvb?By#esWnQ*&Xu*-?I!-0S6P$+v}
zMm&p{gNp{w5I!nwb=rCdMgX5;Qel5Mrs5qheO%?ocLDFA`#3(;->St^P|ZJzq0_rw
zK1wt8Xn!SX{T%@Jfwo4$^6VaRot|t5=1)Idd?OdVpI2=F#)7iM!!oGAL~kxe&2W^|
zS`}0kG&2lk!{c@Ear$v5On-BpH9L^}>drPaolyfvUHe?g^=3!^c{h=LgV+X=<4YxJ
zInYLWHA<b|Y7en#h6`*IePXSNEJSgKeu+z)eRO>lJH5v?ATw1lH7p~qT2w~%2KOS-
z&8Szj6#hB4HOKvi(4yV&gvIYI&dY%9H4;m7rbF!;U7U)#*)6G)v<zn7--Nr0E;*Y$
zHC(gPf$VLF{*)hhGFp>(zPStvFrZFx6!oxUnN4$^(yCPiaKUe|u}$?<PIl-LVzK`P
zMSBcxw)MaI0zlF5Lpb}tlf3wKQt`rUM>FTRWlD-?isXY?%o}0NDPOO$s&EX#wR}1P
z4-h~Tqc`|csh7yX_tTq?4Y2Q@;td|6N+)#utoi6bP@?%5JH&0UE<Rto#%+ws9=p)0
z$M76S1zZ^+K&Da*N07`L{;4xyXpX1tnHv_>Jw74aPR4!cX=x8(h|lr7yWnUz(($a2
zMiuN23^X^(3XibWF8GLK3_!w4Q^1OJ*&?2wow8)d()euoWD#5?8WAXN<TYm_tRm)s
z#&d^!#7%dHa2xvNks#x^67w9ykCyf^3|*?S>PK$$wRlG;m7aceK??XAq{y>P<_A6G
zHZs|vZljxwaKcV?C5=7a>Fb#4VzSs+J&-xC#y&I3m@DdES=A3rEPU3g#~ms*5pB`g
z1=oy0zInAU=BY>&sbZX*4k0J-0Uc?&ZxAglhNMcxntTbld1N*y2X^$uk`&?X_h0gY
zZZmu(QIsDjc$RjsFDt;z;#kKVe>yC{PQD*N7vYxIe)v~v>(e%$$42+iDV^1a*iLuM
zyV%u(ijUgS+qU3``H>PpjFkiuwlwLFtj#H%xI(-!E>uTau;_@iu3c$VGuo1h&Ie8s
zX6oe-8Upwfq{QIw_N)-U0rcH*vL-6zXnScQ`-9-h(+&|Vn+IPB*fN&`xfK@z>KOn<
z9JD)IBB?4{A%hk299eW(<xy>{RBhbb$JUJ+9Z0^waX~IivVvJn{JMjU6h7lsck0Aw
zbBAg`XX$vLL>Sj0NGXJ{Q+5n(yO)ag`oIbZ3Xt)r7Z2X0?8-~kcm6t*wf{C*k**6&
zG%)JQKRNZr(9~vhoAE61{b;IMdh!+)OIR|#K=k`)T0HK|!qT=~Y^I!^tr<`KFPI&+
z<LZe|%@T0-0BKSH?@|ODg2-dU2jJ3z66q~JoaA}Ddz~tO2Bi`T`LZaK87;5Dd_fAN
zhSw)$Tm5v+bAt?=7uZKYkzipQSBwB0p=rS}_WsqJv&>V_VEUMYid~6Qq0<s@hBOkP
zBX|Q`3pL!=e)!6g=g56?{_x*mW<;DK15+_=+A#A~2C@P?T7O;3pE0QAxO>cbAuASO
zi4j%^%T1--5l(ZNS=N!@)<(~7XiN5kP-(WWud<HcOR31R-@v|9Y<TwKYu;4<M7UA-
z-UXld^MjYn<a7^Y<}{Brb~Ze|s|N-J@*E9olc0=o%OsGgOrA(V!u?>137G7sO`BYl
z)bmx#?sZz`em*I$P>j!+VdEAyGRbDjM!N-5E-@{NzFsx{o+9)x2h8gwM!U#t6K%47
z%>m9pF9f1v;HBRg*d|^o_(%rNZQu~_T^5iw%Z##4C3F=Rw7?Q?siwQF?jI|dG}ma>
zU8K_3QtTb&$0lnwsR}OBxkOI3eqAl|AU=&Bl#QTRcR{WcFa6M0u$1al9nFxbs%E?n
z)4luvmouA>&hG%p+$Azf&_5O$4QBw=`_(pOS#~RS?}bzRIv5~x+Gko+JlI7PQ|Aa%
zTw4wNhs3(`7XCCtGLac$$ytsnSflNWR<Pn<`6Dau7nfmR*n>G&AIcx}FE(h|d7zHr
z!5#({VHNDn?FjE)i1K2sJG;TdM%hzgML!84)w!P6F$2wGPh6(J=Vs<tXtZhH-3jsv
z%(u88l7%ek)VJ3WL|zXaz>WDt4n3tp^aM=O_%vg5>>&mJ6iGYS_)fwuJDv?VPHouw
z{(pA&s)JAQPwcm=KoQraf6wLc&iU~?73GInRN6aSVyc17^XaCX4=jUS@H?o-^MuWD
zlP4V~z;9S3@HX1@9PbKoh32FLnuvbE0{_{^qsTX^)bFPfmcIO-Q(J&>(}hY6-?G*N
zk=>pLsF*0ZY68B>aWhFNC5r53W;e7}n{JSXZ4g7oAKaON8m##-FfQfP7BYuI67>?-
ze<hJ2;yze`Y)@xClhmthJ3~vi%E9!<OsnyPhDMSiP@<QX0v>>^PWP#P%tIHjAj1?B
z4W2!7SdM@D#jdAABQ7<=IM@H7>${_x*w(l0h)5Fwk*3n53rMeuia_YS1e6w#-XSy*
z1pxu6p(8c)UPBY42SErelprNQ=)IS3P|vyN-0%L@%F4<gS((Yq-h1Bn*-!D-<-f9b
zp}Y5ig=g6}R9671B2WqC)g5Rf)X%_aDCBmNk}%RBp}$!}67@?f_48~w3D1-K`EY>J
zb<TkwPwu_dCb>xd?AcY)XPIozRi2bw<bId-_8u*;$LHtSz_!VzdKK4C`Xp#O>z=|B
z=o;hwgE>$vl2f$ILr{>h<!qgyRutPE2kGgl_gL-bxITV*<r0nhltpvStJH^DoJVW(
zC+4_!_{rS7$IvzK7$wSMt-&UWk_)rY_w&R2!r%*M?9$iZpsIuH^EK0s5wM(zm?rP>
zt^K()LL=%OQ5jg3w~+@wk#3ctPqU_;M-?|s%<AP-(`)=}$lo0>UgYhQ@#fs3*Q4y~
z4QA;(9OTQ{K=!ieGGAH1zcS`?b#p#^&xDSfTDf0sy56D`tQL>+R$i$PL2yEt<Xf+f
z$>b*Hc(EzTiChyk%VeBT3*y=`^H#vyE8IL@o2>E+d&8^;EpL|I-b;>-Vsd0o;jKb_
z7(421X_Y-HuoBb;t4{A*v}XRKJuuI9LmJI7mXon3D;_q9hRG_S=3}cqWrz@0ddc<?
zYw{+Q3ywH2*9v3`_g!_Dx^M+}ozh-;dPvdunxUQ4=e3P?BeO!XNPvXrn!-j*s`=sE
z7*68xL3HKu5DEFdf>}`=#=q1Q`M{7ffBL{&ZmXxgv0J-dr$<!j(fqOH{YLx%Lj`1$
z&t<JM0io!ESzW9vyBf}%Nv(CG`-Uy#wkUjYz&0zwE7aLi3r<K~sq#%r_iB0Vo9K4N
zNG7EB4(rU^JBY&0^6td~gZgl0#pLINEk)&C9#wGREm(hzBju%MhgH6Ov9WRepc4}1
zjgadaFE$iA1yU_Nj1GIx=p3Q8i%xy^F1Lyz|6Jx*Ui%djnzk=WIp+n3+^ZDOk*+i;
zwJQv2N7{uxXZDFc#fWwwKET78No_*9smmc^GFL)vOo#H!1Kmi+9w$OQTWW(kUaF{F
z{ZS(+zA^G`06U|(ZB|CqVoS75#H?pTTeD)(0!h+%RMEud<Iqx5e+JTD9!&+T<iN*R
z5n9O;q`P6lvaVo*8*ERqYQ`wHx1fH(?Qm(%$2zw+13vcn?69D)pbcMeMII!njcc`c
z;hl)tTEmM3C-m1X?ZI$KS)y9Ig>FY-I2)72#iwG|-(I->R;vG2@u}HjX%DUFS%w8_
z9#BcyqU!g?Ws4d(%$^aRb<Nz#S?}=MKG}a=?z49ze*L>LoBJe~%MziJ53OJ^A8qM#
zlIlq0n~_HpJ$u(prPi)`LYbT?rxXPTc4Jgl^@X!7;hF<QT1N>VIC~`CjDdP)4;<T7
zb7rytO&lyUl2s{LpSLQ9uuk7*cl)eAISIKCAZwg$9{#ixG}Y`%f;{jvvE|V-=ixMb
z9PTFk_C_?j_)~(pPjIhV@2u9X#?1b`$-Ib9?ZXKJa1A89zlW0m_W{xCwu#ZGyKb#3
zs&~59S3y{yvvGN4yzXssky=teT#3a!+o>n-Qc95?zu#T{d{&4F5Jv(wplsxmbC@kJ
zC7w_!Xyss&NZDVp(-;^mG5Sz?n~NscdUP*M#}W3U9ek}HFkvw{Qn3En1v>d6U$%q?
zX0TyN_<_DPiI;VXLKhnG9+$0_dmP;YHjw;Xbh5khLJ{7|IGa$BIOZ|_%(zv&p|uhj
zWPi&UAtmxPtn+9$e3STP#Yz`$`!V_pm>%aAH`;FMWSoJcE2EZl-ZhHoL;%?kil`4y
zuWq4YcD5F3ZT&ymTcw5(jt;^tMTZBEleA_>_G@FCfb<t);cJd{Ng(i~gU-YW1lESL
zY2Kx+1@u{yrhSIPR#CRdS%Rv{7E|E-oxnfP@3|U-APGNvwO404$zF7!%M;u7y4v{5
z0w>MerZ$4G=B*L3o8v1dusd8LV-=`YPD-@$clso7LK|hsL#mbc$e*W4xG?Krb96Jl
z#H1l;&o4)jR*B2l$PAJqBCb=o>IiB_WdxsF{m>&TZUo}+X!%%pCl;nFCkqx;?OnX`
zHr?sTwobbBh<cv<T1r%jd_Rk1SL*;!?UV3u9g8_)!;jp^vmfu*e74IgUBifR)0xQa
z(S((UNp?|Ai$D4!=jPr+_-`I>8z0WE^Sn8=p$rNQ4M+BC4*|K1IA7kqzHg@TY6esK
z&~@Jk_0`mVr|l7ZV~uchnQXx5ydmhb;Xpvhv99Nn(2Stwnzp6^{}|4@sJ8E-3l&wP
zx445X@6){%G9j@x#nb6Y3?JC6w{e=DWrY@LsKvGUjHJ5$ERt4VsbMbn=)IT=&dX&{
zaE*}fSUe9dHyyMc*iDyEpT<ll=O69TXCMgml-)+{p!45h=IEe`fyI;6^3^KNh`wMW
zvw?)~qH?qc<dba2JA1F8@-0QW^}d>?h$qQg{Oz{m)nJ1&*6joy$5b)EV5yjGaWR(L
z(8dUS;Jkc{oY|>f+O}HBD%V`Fcyn3HY!MF}50+fGYhOEZWvQr)srJ{nyv1oIT<O_J
zy+V2->7-2A+x;}!#(7}JPs0Fi|9fn1#HQBLYr~T#MwLNU9Q^L-1=Yl-sTT!fl+n>B
zoJHxAT8Vxh-iqGGFXC5uYB$s%+{|%+0p74c==@3Vh-{O`p!1@@%TI(p9#%ipQ*u^5
z+#vr_Xf)IZ7_w)B0~)sNYE)ZhNbw>;io-jcaNMe7?PEn^Q#&L1;lk%AwBtMuy8Ip8
zo$r@J$V}@j@S5%0Nmq(--mq1gftL&kcWYOQWGel>K_`&-bX@qA*Nr~)_(75%@DRhN
z)bX99k6anWP5TEM?nuCZr&9>G#M5K0M7z#p@w|PyK0n1|5$Uxm=r@KYCrLNngQQqD
z2Td|Q(W3!er$d26J4j3c5!;4eyIZ24_c_-42Vg~k3gNOjoXDkH6RK_4>B;K>hAF7?
zE9v?3PU@a1>2=&KNt@9UV-|~L%1I=5jh6&1R;P=S+&Lg|0?2g3&*d<4%#ep^3Wdpa
z1`s9hE-|Z<lu_*y*sOUoU}0J8T1EY?GyWt#Ptf;h*pxJK9>&};NS|R*?4)`kmS_3d
z?hE<@|5D|Td|~+(jE;guop$m_u>oNaiDBr<=#N5U$y~j>yMu))8XSUkidS#U?&Jiy
zuk*gm*Wp9G^`;fKIDXUt0&=&X1;g^sHE$mMPAp-;rnDu~O=(&{`o_T~InHXD%814-
zXQs(701Ml%*@CIS3om=MtW&bPTtC2D#XEg|I)E#C`l3!u%iYbL3=Xcg3k;<ZUX9G!
zyy7vNGqOlN!w|5$zHGgdYFE7h5(86%PL#h$(G?`Io;aO+=`RSa@>3|ri0C00ty%_r
zTq;Fht)KPHaf;$v0#ObzuS(KB%=*=lvxoBSgpVCfC}#Dz=+LXhuX_JPUl(K8GPXan
z8ZVbVo?MNS?c{aFf}jq<M4AHT!!r0xm(Su?^^%>_s2SX;3ReFtly^P$nTQZP?8O?s
zJeRM9MW3u!-5E0rq?d{!TpWG%#v@veeBt;Yc%bUcyv8Y#79fBK#sKkRuNL)I@g`2%
z-zix57AWX{BGWsx{-((Wu6!Z&+-7G0{Y>hr0jZLhfx&1Ci<dvyQX-SQ+2VK~npn$b
zRgy)&ZeS}hUcy#5Qjt>8@!JO^?j6n}jLn$8A^UM&IvJPOVc;6Ks7q&k_O(FzYr-QF
z#G20biL^@RW3Rkl4flFSSo5Bb0r0FvwLVs?rd=A}y<DXPhm*wxh3)mJ_gFW2Age^G
zmh|#?Y36s2;uPtoe=n2~FsTk&_3=a?)u2-|hruv|v<Qs-T1Mj5Ms}9M4=Hh)?YKhe
z(|?0StL|YtAB|AUM>GjdHJA5S=$@oP3+BPI^tMlwNWv62D2_o4dEey4_Y}9OpDIhk
z2iZLe)*nB1yxf9#DU4OEWwpv{spP2oBDY6W+5p%cDZ$^!ZYH>)=dkblMrtzD0eW;~
zExFM-<I}XXGBZ8XBB6ud=&iRB_RTcrq^_;eJOaFR_sq!1kQIaXoQF@N(sECt##cfz
zs&1o4rsZapbu7JdOCw>H_oGbKrt?RoX8TwZv$m~Z<!p;fv{z30=zLQUdAl$U53B?B
zRP7iTY~8Txr7<$P)dsUPYQyiPD<)9fb~5&J+0o5RXnVPKe7YBFaqMKo%`s+}h2lZ#
zaj!Yf_1+f|nOd;*JKc#JrHgs7T+bLoi6p*$pRdPK>6uPvh~z2n%HfdHSzLcL;#Iqn
zt+=$i4IHikR<v$z%pVtgaU7d2@l9hAIv?B-t77ot#kGc>3DFeb#xO*4$ENFzIU`#$
z5;_YtYBKH^0^-6vyPx#^>UPM{7F1|l5|FH%v#pV0xY%L*F%X`_C0BR`JP}jaW_Ha7
zCE!p*0je=^%zF<u<6}Ksb$T#Zk+25I<p{lZ;S%s-4U_7C?c?G*<VQwWqs8?!abKsn
zuPOx@mbf!G5Y;_F9A4_;`?BA71MxU{@GJ2hG0y68yXz-1$CnxmtX91MyUkI=32_%`
z99ZoA`@S%v7q`|Z*N^BuW~~^Q1V_?=`b+7C5`VI|Ext9W$Gh8H+F!%nykAax)$A+C
zO+bmld+M7%tRNl64uU;ui80}!oS3z*qU)3tn8`pN>`W#p#@C&#0o?*(b6!o7arHjz
z*5MgjBAxciIfek?81ml142>auvf7oN6~{Yukl{TnMw50_0EToQc+rRuh&^nIntKL+
zwH3QqJ18*K5|e+}8<-5p;P3C9OlQ&twB8g+=K1=>)i%ERVOw3v7X26nQYVV7$I0md
zO5FgKRZG81FZ8fIKZY~D<7Cs{Ye=D+u2%T6nif|HRCgy_k=Ou1{FfJiYpomVPN%8!
z`S2(&qf7$T@*oR2#nPi;Z>nq#L}-PfsA~#4I0<?;0h(SD>%G@}xol>m0`3*bN;@KP
zSq=OXK7d}#zIcWOHZwd-Ns%H>6GRydc*4xKhDbJzMv#fuWAhwE6O<2*!x9A6GC-uH
z+f5#}o!I>%!3H$3SPx(+HEiJJ+XZ8n{*HMwt0u;?XIQMiY^4PcrlsV9A7N%t+C>Dl
z9;57*Kj2LcJQKuOT?%3f-Q%P1{?<ju?iN%A0dgROENhn)3~GOM)TF3X$gUkHCz<Eq
za$-|z3Dz|_(!?!!m7`Fi-2W-4810oek|~z&Y@|F#twi2eSL9gItFgLKKe+uoUSftt
z_8sj*F-Nn((wxnB!AVTR21{3hAk3+7p?|-?iQaipiJL$Fxuef<P-#${&`B#V3DL2o
zsLuho=1skJj8hO1o!p3wEc4yd^|7l5l1poGNsNVqHHC!B>N<=u^BXs_Eh1ka4G(m#
z;Ta4yKUvvnYQ*F?_LO<H-hIO@0GU@XN^dDm>-G0$-AXuJ2bE8yx2bGZ8O9_;LtdsB
zbbzwMAdD-wh)?T?hd%p)XN9?6PkqrYI(3h)n^UkLx1_p%T5KaHNe&M+3`uw@+)^rs
zS@1fX<zdsMbLXZ>rsy#=PrTBD^oZFo+vS6MJ>j<$dtUb`02UDkD1DtzUdi$8_{mO=
zwK6A;L};7|mw*jc+qfC38)qjRbZ$?Mb;abb>ZwUS9IBHUCn~Xe9LwaB<qfG}9;=X3
zv;HwbtZzs)bvy^V6UC+R4!W)A#`8APLDM*ijJkZ0p|#to{7nkr%0FS8wShAERV*O~
zxT4z<RJP<Fc13aBk9ipylX7lqVLeX?{dDIfM0;qD%}XM;>iE9&pm9W}yOV%9;tcRs
z!T?JW*WM20W%G_Ng{m!LJbqQuM-+02V%IF?6}Pu@eztw+WX|8r6Y_pL>+PnsJlT<w
zfNmkyW?S#yDLFeyzDs~N7_}zT#k92O*tv27H^D=;n$$9bLHg>#6Z<(%JCgCsqn-QH
z+`UJmLBWTs>1I?8v>4mhLleXphm+p(F$mhV=vT8ZIi%s+c#Jc;%K}>2g1mO7wUUh8
zR^Kcz$$bn2iYN}RodW}LheH`DV`~uRxR;kNl3ch*^3veaYZVohI=LRQ2M>7FPGEYd
z5guuA`&6+h)0^SVO-+{HrODkQ<uNo-v~*PuVn@F=W^Y8?<Nq+8BXPV$+RHVAHf*|5
z7}n@{b?Y<zCr_|}S&!lMlcdjLrWi>@7U|Zlx%N8OfhIqhcWjo6c);e3V3drSSJmk6
zyNbqj;>6PL$DR(_zZOLUv6dmXk+ugPt~6aq>V9Q%B@za+T(<(TAdl*>%$iDh5}Psf
z-R`QN!d-ULP+`ccd}bR~3N9bD^2gr-R=*DfcZs^LaZ1py*3{l{UK)>o@#(ITm|7^L
zeZvZqWt%X$nLBE-sE0a%$Qh$;+LSUQad+}L(YTyEWP!r^&FQ7-_IS2v_Kt??ssU6o
z+d#0`fcJ;wD+y$3^f_rw4){YZ8sauJ*_)c}8P#wN@g@iRX5G$RiFmj8*qREZ!UU|Y
zS7@ADywiqF*jY`E*Qt9!q2CG~3-lU*l9*}$^#XgGW_!zaL9|$?{0(t-P1~n~ixp{W
z{*5wtE(LozB4XB1HiJ#7(R$}lB{8mF#VkK*@!h4;7mQZlUJv)&j4Smhby`U*F3Mzi
zn#kBmr;Z`tPuVJ>O?6T%@pQR%b%|tim_61~jk-|3=I*D5N(QGp54GoSQ@ZG-z>Q!m
zBA6yIq1;?_&2Ck!7rE7=9Y0pi5oqEpkRMtZHa_|um>(w)I2?>1XQ7348x75-co28!
z1ZZMGKo^q58z^hs{=B${wUGPQ`aR}SoUhzvEIvNsm*7w*Nh+yas)qc2$70YWdFpFu
z7*0(B_R{^@({`@Qvo(>Df0pRN;qUvnmxfJ`Vqd}GiZOZ#KdX)$e$u;gfwxamS+(1v
z`o9mzB#S+9upg7C!bT-)%COf~cFi+$jg&OwTe6FT^g$LjE0NAWI{7ySqD$UHx+ab}
z$h{~&`I*u1$~4}|er!!HYmkS>%aSQ<CgQ0Q82l0M_c#~xy@00y0zE#dTpeza_rG#J
z_<xZ6#Ot4@emtD<;O-ThTd(GKCib-IsYu`P88q)tvln2K73%1xH)im;i?92de|&l6
zqIc6vw9FFY(@R0`0G#Hp*Lcr4B3V+xQ~vs7bgV|<2koy`<iZsz{6q<|@rXBiz8${`
zhI^kE@e?H-KM}1=$Z2t>5Sv@pxqaKs+-koxO?vUXqR0u9QVn&MEtQ47dFNAG^<l3U
z-}&W@xYQw@ijK=m1O1Wacz+#M>dn2+oH7z@>UB3wyQ4V22)}-9@zAl-^Ww%w;ICcq
z9e8$+wH<L`?fKzNsvO0MYxn2dZP(1T8?SxX^c7__@voZ-B<Wc3D0!j)q+QpuvnpwM
zCGMU!=v#>$Wy8g6r8-Z(Ivn^6<?D!9oU$C>*g{m;+Grwin!G2-iO}Jy(U`;mn6A!b
z=<da&-(~M_!14EcM2ys1KQ=K1A##q}<eRz#nD8+FpyAgL3fm=nGK|Nbb1nd^N<1fH
zN6Ex~3wGyg%<}WlazEW$8*75krjyg9HSXmzdb6t-N&6nVn|FNWiehn9)JhAbm6RQ;
zTzlXhQVP&aID-fc+(Hek)wQ~~?rJDAU8SLi7BdnquGN+`M0dY^$13)KX(WPdOo1?8
zt(sLz{QQ>x>*ag<>AhFPxq7LTz0*^I&e~VKX*nA0ze%bWY{q(C-HR|CqOPtD$AR&B
z88=;K-Qeyit_$NS$!^Q97dP$Mp=COF(^Zo0cta_M<jHMD7PP%|GlK8zMFL)7MoiwM
zxSn9<mlJc<8sl7}+~ien)^9?oyJ9#ARz}JJul=K^xCPqwc}?E>t!x2kdyZpOk+N&Q
z3;d)V!Ppj~uJ<k{47sozk8)a(CmPBpzVz2^|7*+vgKzxJrHg#ox6;3U$}!G4CFoVn
zWa&ZyHu?`;3uy)_)Yun?^Xg@m|A7NJ)WphV{}14hH_)^I0NuJIoFpqK%Ch%8r>nkc
z@VMX9oCCK8|H!H+!=BNB$9}|<Oa4j-IS?82n$-ncO_n4G*q(ryPY`AdwEIh+H3U+s
z!$t+tck&?pDWWl5mDaj~0p2<yaX=_MHd4uz=O6GJq{aXM5`O@I7FI92dVGc)*%!nV
znelNOhmt+b4H-9pPwg=8SPX9Flsh7yLQ_}yl8u<-@(HSNTjBM%u!3NVgS0>iuQ32&
zW1N|+;z}cxhW>abJR|O)z%rO8{shGwnsvFEd9HguVwFAo6`9RZZviKIuwDKkMCpus
z1zq#WJNB`E5C!Y3g(g-mtYdd|Y=@6C`HVBV;mknkZi+VA#-Vsu<p$;NO8;N)cER}X
z2c9@@&RRgfbbD>vq5Gq>gbe9Czc5C7WIv`AcWFlDFQdy;^Y%P`bgDrXPBd-Zrakud
zKkpB271g6d`|<JQ;Y6IKqirE$xPm!aT(3Bud0Y2~%{uwLrep`tTlw8yN5rZV{+tiR
ztcB{g=H$z*T6I&^Ty^)xDClc!xb}CjklrNtQi&kM_qkawGX&yw+Iqz(ptU&Mkf2?a
zQRB9vFw1@2Zs?l>Z^2Q9J2z<up7(t1x_1ZL8L3ukL{$e@@h)NfEbZj<$?XFoc8aMQ
zOM$%12V^AAtennvQOVXLe54xl4?{-12Lj~A^~Tj&7$couLrfG^8n7M{3oV^$+Xi`A
zrB<m=uV&}PS_}A0-FP#c$}O&6cpHm^jWKAsMhIBz-rdKwZ}(0a4;)W$l`4F@<{F8f
z*iF&XE6po14Q?y9-y(vp6jVmI5=?zoOSMj@$|NfrbyP5~T4)@t$jxPRFE5?Y`#vgj
zU;pog_CFt_cu4@5r;)HZZd*M%$Z2PhU&MR*_6FUHJ&Yp@;oZ#-a0{=)kTmPx{XIV3
zm4NJQ(b?r#1{oz~QyybBKoQs6sUb&$>dQoGeS~oSK~T7Q#hYysudqkLYG}pWv_-_{
zdJJDAA&9mqafgRhgnBtn=(`uO!}()R%jP&z_b}FSGmS}#giC{8u1~2u+`4x2RC2V=
zlqE^XUbkm}RdajpCN0?AB{x<;s)}u|S{rePoyM~MFf;@CPE@qY?OGz>n|S2OcBsk0
z-W|`+N4PMoLXoGMb16yEC;V`ip3|iLmT11NfNlP>H(}&mlJ_71=QjKzd`0^8a+4v{
z50b*?d%$*sJ~q~Yu=M!lOmMrmdX*-BE;v0`8v#waal2#5f>P8PoyGl6ylKCs%SHH9
zvvlr|<ezKypU?M%@!vaLBNxqHWmnPfNxaK$Mlk5P%Gwnr++4;ON)1)F8vpJ~KcexH
z!JxBis;KcSoX-rfXOXM_Q07O!oAkb=Lw|ScE{g`Eh*F)ML$)}4Kf5RCx>-9Bp7S<_
zp6!A0i#Q4@s{LHOIFc56j3gVEgyM2!^jGlUy!sVUCSf3S2Cc@(5i$}czbwprmt$s{
zW0!KvWLHF%JuyoE!Q6{6<CgqKL|vM*ANI)>Ps>V~G$`p$mV*DFBGGi*+(~lt9~cIK
zKv1)}63#7-N`Ug%PqLAAVeOSximSnzV^zL8cYf^}+aen8yB_nOX6#>A;$F>lV1`#X
zAJIoK@YdSBJa5jkuCGmO{c6r>)GoWzvlw)pcl^3_PUIzy)3Q8U{(`r)rnckCjF`I^
z)Q@`}%JBIuo0J;gKW;NysT1q5=t$uvCg+MZG~+hl=qkgDLT%b?R#==|+n@v2F>V&e
zK5r|t-0$EUH1OED%4S%2liwpRJj@((B?%U0-@z>KR%?D!H-j~RqCKxXB*BG5v~JXE
zJ#-uuw3og~#2kk?sOuH98RdegR~!{nX^@vK#n<Wfit2duAd1z3VI9$2&fF(5-3Z;r
z*VIYE9*QycV?O#q+IrKxh{GHBdOw*G%jP*#IgM;fo39esxloPpv>)YeP}A1#&^*l>
zwgJ3}Y_sw_fy&qDJCYg36?<=T+FXNs`d?S=*Dit7J>m0f*LuWlJz5v3S*Xh$lb)33
z7eGX|cJ%GZ_bwGab2rwwy|F`t7w`M7KvOSvm_lk*e8Wo=<aqYmOrE{kLz&QJhs&$D
z$aY3Kvlxyzi{Z*v2mG<$EvC5Rt%g&hw-AbMF&@V(pwp^stxh^lfd#P=c^33IUy3Eg
z!@N%vBxpQu6LV;K8>X4ujL(k5`6-BUStrAykmQ36TFZ80m9HfVfKHV|(!KfR=%2oN
zJTC|ZK#y!Fw{PyzZG0pCVRvP|PkQUvJWILn1ucPTzKi_9sD{f~oR8C5^la~uv}jqd
zZ7FTg!fmP4XKtx#T5SbPX78)OPq$US=|0|TFM61_P<HCq-lZCdlcXTY=ZssNsS@J4
zCBNt9GEgp?{#^2z2S&N`r2cou-8ot6P4_&|``Bs$R!W$=R<Ih7VRAA&8GtR-ap}MR
zpT+O*8bC_!J_!Xmd35paqW=q0(zu*cWPt^cg;=F8W8i(8HBq_FHjHb14t;F5<`kGn
z7KcEns*3ggoT5@YUD2fe;;5T_X}DF91(U~KGL>8#tWwoeU;!|8%Fn(&xx1?)*ym$E
zu)UIC>+*Q8>EwGt@z$wIDiMID<anD=kdZCv_~Vjb5Y>%kDgGm*C}-5XqR!SW6(7+X
znRK78o>#NKUpdiIt&0lTy7ijd6YF~mUki66zTZ?zNDhK|`n%XB&5(r={OUv%uH?5N
z@=5zb<74luxhORhCXwwj?mhb$`Pn97m2>2~a4#FLFkIWL_~?OfIPS%;9(WF5k;iEG
z_w!`3{TR&b_Y>aC=Wt0=NZG96XyXeNaiRLDePz$J*lShY?IAWkb_0}~;i71tkW}jL
z*p>6)9{vAUQ++LXK=SiTP+(xz<j@H;Z&5}(C-DOJk>^JAkV6p{MsIn4<9*10ntNGf
zru(ZTju92s|L-THu3x_*lx<{eZ2s-A;ywu>={>v1uQ)#ZgoMdYO**Qi7nU*}5Y+sA
zan4*W&G*uzOM6uH4<hF;E4Kt!y*3o_;kZXfdj6fy@z)u#+LZkY{c2=R<yZf-6@SmV
zI(!pkc-RecZfPn$)2+~$`TyMm;A#Bn0dfGVn@j(>Gk>4OuS31V2Tr^h^<J&%sS2yM
zY4)}M>x=Q{|4>zJ<_E>U%jv(XYu_lP3q-k5lQKU@{`-u7pSmjlMc@~l_tNbDbqart
zn0uc$@xMNa-aNW~_n&Rne<pxbE;G>0<*ph$Ci*`PAaQ;GZ~7<F|N9hQ4qo~BMQ(5+
zxXt(P$@I?;Qe7;-0lL;0%&-6NtB@0afkr(C;n64be;nZ8yd~t}>DwMd7^*eQ{a;r?
z>YfJ4bvxzOwzePsJC<tCXMSA&?;pHQ?z;sE?MtoK!!2UBE<Tu<nOW#RF#fMT4^QLG
zC0LX-J~195W0nAYZ{3#p?FM#o{HUsMr7AdSf(y$0y!RwwEcv$BeLlBK#Z6LXXouPK
zr>#ikHW2#Kt#8f!%5zo+|87Jt8pLc<@u~t*m#SoqpR2IA+%Obo5~dd273Qz+^6-jT
z*X<{SOT%BHPBW)n`uJ{pU7})*l!||BF<ZZB<QLy^R%Z4+VmU|`$bR3M_4qUveP8<U
ztxHWb)xD1AR~)@d9j@l;W<D^b5P2{Ty`<^ll2>83N%bld;xJk$$-rX0&ONg|n!BQi
z!~}WDqFpk5PCebTZC2ob@wst!8!XBM5_&iJN}MW!@K6vPQooP<%KvLVN^RZ(uIUFj
zKK$K>G<{2c+qq#UyEV4nvr{k8>X_)ntCN2^&=|H~1R(3l=agLf<)Fssa7`#h9Rocf
z?Lagyq{oR}10PYCF@Oq^|8axa-gj{@`O9UW)2F8N2ty3_!6sI5`mS2QzVfcMo0|~7
z+mtZ0LIv>7EG8fiVT)b<oZm)S1*Pank*Q=?T1~vT;=mqxm8s2zUE+|$dQ2$ApK$fX
zgh*A^I0fSB!{Cpf$%;$MK5H2<{OE+djZO|M0aHi6Q*`O~|MCIz@YSFTOX*YL7rBS|
zCd{T|8ui5D+7Z`w&a}a!bkf2NLM43cT$OTJ#W%AAsw<ji-xw9|M(9J+41SL#ao_So
zMpsr^kv%vIokuLfb36!RHRQXye8Mh8(z{&aEzWgM;x_3qQs+@<dbtHk)ym3BYEUCj
z?8WQXuggtze)@0xYGie!sK`?zJ8>4Rm+hB#me?%Q!kEQ%gw8JAp@aaTid<Q{ad%DF
zDBp;$R0GhXg=VEm>BK8{hlFnjjm7vxo^+r`gAh5s!SE<-J^+*TWukWqI%AGeMn*;p
z(ZgfPl~y|D?O9h5Y_=A4gZsB`h)+~bbTQvDuKfp}NX65$E~X&5e!uDox#k{I7@7v;
zph3kV!!#^wuqLM2U5A=TOfZSx9*8b0<%2_UCL)}+(MrQrnoyB?dMDl*Z#8NVHs49h
z-UgYoc`B1v=`r88<6+eH()Iu|9~f?7v;qz|t3jlk%pB;lpm6&}Oeo2oz$CQ&1`Ox5
zGGyRny%%H6?+t}}q$G^~9J;0>0qhePmy}uz?ww*4y49)HDsvoJy44M6{@x3;Q)(e{
znrJW<w8k9Pb{{Oohd2Sugv~m;DN%D2LU{Y21GC*e)LQP@_iQ@nn@g&4({Z`!iP+(4
z!u@i`t*7T?6^O;ee|O>^#RwLFMm$s7;GLkyp^rsxkLmWe3?B9Jm-m&N!^CxCm`?%c
z=-evM;^xZ(JQLk>Yyhy(p3RRLGNK?)Q95?12Fa&L&{}KrA=Oxh*Jz!1g_S<Y&}FOv
z(S;|qT0h>~`m1&xt!{GN-L8>UVzRP3>)CFvJh#feLO*2V%u~@zxRmh&)$+mGZYCZb
z1@QEBcK)>Svo)PD%T`qmnKI^0i5um%!@cEhr&a2Qryd$8eOd)*sT7bPaipmg3VU7h
zo!u-<)9vM`PqJ8z$(R!sBzDkX*a&6DegrMxHSFz6%;g+p0UN<w?Pbs`1sVms7I6Vc
z8_dZtFkvs2^}9NpRROZ)((Qy@Zle@LWb=NLTvDv9;@+T=)QDfrUeW`5*Sb~W(<xE&
z=gS_m?~O*Iu+AHz=^ZBA99qLZ^cB|3*0^3;d2Dr83Qr?P5~xc;K?HZ$wCXL`Ilxm}
zru|xYw{D;~h67V_;xk*_O{|dBE7X%8X#t1ZBtAmNC9Nzv@$i&b(!(ka^LcR=zyj&C
z+iW4imE~YF_R}SwuVP|gEs%<#=0vkekr`I9C>iQ%%&ourU*HA}79W6EH$D&~th!F@
zT~f-VU{S2rz8$F|a#UW%r#3d>Nhwg#R6yu(IiYbY=vd<PXz2N4fKzmE^0NJD>sSa@
z#7rL(QlAaAzw+xT{L=l()73Bi{5*bktFt}Pehzb=GGf-8)5%zr`aBBa7fU^+-Pdk=
z3n{|5XaQ!(N5F(akHc{3flnN|>g?X2^~k$sls`(;w&594Ge1*v%@yw4XdRB#t275u
z3$A?`#=K#Ng_o1i$FprO5BVFlbmuVJmS;Aeo(5bS2eRAkXI!9p?lOmty%*#EBF1n~
z(9%kC2N|AB-p18&FaZX=z$VF}iG$G^9esbRJPcPMIHn@fl%^ICBVp=S{|J|3V%nRm
zvA*zxMJXwDPp>{T4ZLLZCWU%PE>(HaV!Bx%mPJXiGi7P+gl{vLNtp&zX#%OW9;@S|
zEg4L<d|LZqVxUk%qpSSL5uj9vc+Lue>m5Se?s_?ann4ng$s8#46g^Q?v|giko<5sy
zttLM@@vv7?UM4j83mHK6umlT}^;S%ub|-VP4;CIoMX4xth%wIs@Xk|%rPJ8M7|1-~
zKd4R99?`JR_Kz}giw?Jn%G^cG5DqRg!Llq#APr{S?%S5XkeFq)kQ6or*MS|*`C)XS
zB1QWdz$g+<F8rHNq>bEQ_TbquG}*OsXj?w#K!papW@w~Hp$u17IllLb(y4oS)iqL|
zmd|E#8xW1MOh|tANUmp>NVrCPqS}+i@6~1x7Kw9#F1F!ECZU02P?C|=?%M0*^<Icf
z2DY<yo3T#%AnbT$(~36aO>NHPL})m3GILyRqQ;qhJhewBQv<{9t-Vg}Jn!^M`kmBU
zdlXuO9qEc$7M@e@vW~!e^<UvejRY+E$3Y#)mXWx^m8^|O_Ca8jU#k+(&Q`v-$fl{>
zZCL$o)OkUk7{>lwv6A~y2$tE*W~DXPmIUutHT9YI`g_m76mZ$0r-<C@WE8)p+1($2
z@2-o|;oBx-i<vCi?Y*XNkCy_tv$gx4Zl=zCsh%V5|3iZjKRC!Z$2qjbw1>}0HjcID
zB%5g5F#%(5;lB1PB#v6pdhdAJTULnBjbh{j0c_!;9o>43>rd`WV$P$Iu_iB`GYzy8
z??$)YEO5g0_X8v}Sva-QeOI#OZId{!L;N987g@Y-_cqphn$DkTCHjK-H8cUri@5jl
zPYW7++^I5pV)kJ=L?UD2?wjSy!@-o?eL(!J#n5tVLo>hD@zuI!vK^DfZ{#V%vo}5s
z0lO=<3fS2B#2WeR<b86F=~=Y;Rt+2AZcM4lswP}%3DEMy*5KGp*hZk*oN~ck4fBzY
z_P&HW!8|+GS9u76Y0>pZAyGu=Kg6UCyh&B2wZ5z*QP-v-ig}nwf*_AE4&jiPMQteb
z{WgfVX8di_nM^{}^6k)8l!Io@T}kJ221Uq9slvJ&ba7jUhprv(Q-O%bR9q;c!Sv*R
z!dZCKMPodui8Y(J9r|sb7VD{#iw6eNy&P+=cBtBsO$TLNi)GT$gSZ@Omg>Zw9#Ewv
zgiMZpqA%Brt!NN(0gl^N$L5D-mAqYZrKMC8)=(<8{<(5({FAeO3V5vGaAM_-#a%oF
zUUJI3Q%6hguwc#yM#e>IMGXv@42eEBmq&A=^SjPRT}kbvhF&6Fl3hszcBltr>^m`E
zP`Kh^ZD;JK!KU$LYo1$m@-!X0OSN4523=P|9`sgdLfghD=8gxx@`YbL6u{GX_m$IC
znYNK<YZ@TQJh@oy!l^qK7OE(8Sj2A#fK~MFq@+|9r};$|N4pc{Za6kJjm5cAb_30(
z`*Urd$YZ{jeY!;k;zfPb>T&oPrz`f&@2oezOk3ppEj2h8oo=K_gy)i&{ZkWArQJe`
zL_u?1;zLQP__}60I=&8Hc6`^!$*LnV=B3p=I#b2G`ECAf11(nd-QJjYT2PI|;`YG#
z2wCX@nAtGzSTX<jy2H9eej&%*2WaM6hukSmF<=3dj%=WQQuH`iTBpVAR7{VD=YE0R
zVH?3kG4=@QPj<SFuV@u4cq4-)nG+!PB4#dF{p_cTCb?d_1ARWn+eO0`lZP;Z){4gZ
zksZT2JFYx0IRKSYKnT6gs-1LpScxqmI}VEF?3_ZhO1#%h0a(g9F^WnPLQSTiCy-i2
zC!WrVHz{4VJ5*o#--(Z+gF}PC!b9H_08!EqD;>gH3wJ8Rva<E7T0a{fC0KiMo05LM
zMrI(k6;U0HoAn;{!ibpue4G;LT?|xZ)_e4lN#zqctEUI~R*yIoV#klvZ?^DyB(`eL
zbIX92+8oHrT1E+csyLZrUTt~TC`yP%6$<_C1Q}_4KXY%)c$wS?_DUDJ%}v4Nb3pXr
z@OWw8k2or0h|`d=k(nOW$W^L;x{m#xd4QDUMyvV`Z*E0Rp|@gwP?WG}PQAOTerrY2
zPFW;Sx6=H<-n(<CgD3CaYt4^cPUjpM_Bqn&6O}p$Xv3^aEGbD^fG1KeDZyk@LVr1G
z+EihgV}^K)rL_ozp>EyE+Vru~<A7+e(k9Y4Ll?V5`dV}IbG!mgtu<2g#G^Ubxg3Ni
z1}(Qo^SG4{989y(dLimA?gQuuCFVu~OmXBMg)xhKRkE}>pe|OgURTiDLar|KXTWnL
zs=AlEPAXsL)lEX3&puOd=ssB-cByq>PVUD2kd(<bEZQx%+mI7++)ZQ<NbJnDb!TSu
zxj%;$&HTW3C^=0zwqwL#6Jsf7?Cz<=4q=+?T}+;P41R<bgZ1&0vBRkiwX+nJMC0@;
z6_x~Ny&u&Lz*d5NsOG;!S`1f}+I>7*SZ*ym8_%A4uTu<+kB!oX2&T2H<oW;t$Qpsf
z(Ip4)uVLaW65oc;Wn9Xaw1OCXjsrMT(OIHE^^Gp<GywK$u~FVOqra*kFfLv6n&^wg
zS+{n*&TYj#NmonmapGl;H+xN@n=<qm!<Sd9cop_)aa%D<gXp+^R&6eumF~h7#0F}>
zrB<N2<cUG}S9ZoxuaQr=nmG^K5bt%SbGZa%evK4c!eXbUD+kPmf{4_czdOJM{P*Ke
zcFt)TAGMpmzD|y98c6jbaPLv86xMIFpEYb9r~wrpe4`fF^q)7CgOSJ=08AJWK#T*b
zeXkY(f4jv#eUJzzbNp#2O%aII6iYW9&FC|tdR6XZl=J2nbomia2Q!Xv%DFWlE%w+g
zpr}nDmBy%(#CA>s+)X$2m8jU7dJeUi0`FV`_}l%vA(ASXI(+IE2__D@!X^2(*izPQ
zO%$cY;ir_0n>+L8Y-pmAW2O-%A5Cbk;rt-CRyXG8yRQr4VbXCJVz<ULNgY~>(bRXF
zO#DR~2@d#nj%UhCM-#?db(+*J-vKum5mrzp@Nb!&su&$CK#XkTTCPMUyX-J!*(&S`
zn~v(EGh~hCB3*wBLZ&;h2e2-BGmg(`QC7A!S&n%P*v!Z0jG{XHopJicw0tA01@4%u
zj(}5w2Nd8R@p3nkG#w?!gj4t|TO|i)ySVf5MXMpSL%7+#%PB>IOl#|&!2~}y8VbF1
z!(H7H>@+!X_Ci_&;(PYy94U74po4SH-1KM8JPosfgrvcmh&3OlW)SX9HzYb#Cp`Pz
zfPq-?&Z6kMhC{O(3P}<v*LK!sxBT7@LTHu>B6ALh<djfCsfQC?J-1od$M|t+U2&nB
zD{3buKr}+XTBgnfF;F(y^F*ty+^8hf@A<9`AB7CcWO-{rfkBt+kd+<{QadZ*NLq<s
zoQj+KCKHlAXWPhOs2m9ZyF3Qto@6CSpuCM%r^W;cTMbEVble+1a>{5kXD3Sthy1V$
zYTx2bZGUerVeU%P=+Dq3pZ<@1lOIjJiu&i%p}}Z%d|OQoXB_af8*kw#*=_cKZK%q)
zJbv&Su*$gki(-SnWoNrUMj9Ts*f<{F7D^TW;PEUKXqhoryXGPo;q;*gNWN%X7uE>%
z(U{Kk#GqO<bdv9O+uq{iT$}k$bs!&$%4uYd6N?s76{>e5zPa`lX}wRr$I$+X1+zS?
za9vX=iOa<~VHBo4r0HBcsMc9JohDG#$Y!SYfo+|8OH7(8Hckro!uI3A`51HoN4v+3
z5{3l&@sz^87KlJ9EoHRLU=>Y!!u2gm#j{s(TfIx$K=>vzl?{^V1@myHz?u`s3<4mD
z$SPG?u;!eBtgpw!MfO&|GG#jf@~peamU*<niRIkdv;dz39UK^}QPWa>|F&^b<gPAu
zs&e1Qr{qnFh7LF}8U!{7B_1+};-D)Up@QtBgN;lU8;Aj(ZnR>S@eh3tiM+%S9o2Gh
z1^b9VwgaZ!W0mU{OhTI8h8(<6_taO5;IUV2y{mxMJoA{sr}}l*^;Z&<ItM|63Cb1F
zf`!_twLV|)lGi9%vVb@__rc8-%;J$>vJ&&JZN#tEieKO4BkzV6lShJ4ye3_%o&6P#
z%@XM3>-G-Fy)T=E<DJ55tlx+=j-R)F|8^G5u2nI(9+1^3+<LWuMo-uGK@(%7&;3nT
z#ghDPBeS7%iVT$@GdipM)y@FUDAx}KT9N0l%tK5p=9uW%<7XPn4Ss9vt}Rj0z$}{g
zpZ6SQRi)#ChC~$HoE;39{sFDgD2=0)>HNc(nfz&;7}oEF0F|k8&e>E5V_nnI;iLxF
zOL&CC32-v)q~s7b@j7l&QRag(Q!Emd-QS5{%L|U&y_)A2d3-(rO4wkr0`HCT9s3RP
z#KtMkUJXi|iDg-`$F&{DuZd^zCYs$XdROs8116h=+tQ2{r1hIK+R(wa^hBhs<bs<j
zpG0p-Y<^;P**(Y5Kh06;)7IWx@0mUvH>u5Ps4%9;ckFV$to$3){YvWlmP*|Mm6a~K
z<`pH7Z@BdG0`EDRDph=CpMb;mN-(#7Q-riPKt&k?T;dR8IaOaQv#+mrKf&1U>~E;0
z-ik|`eRWMEXp!jQWdP~EdBp~IGk0X<ju1Q|HByD?`f<W_#@*pXA2RlG@+(q5cbVRn
ztnRLeny)4UczTba=X68NEW7(@H;+iUD?7N}Q$i}xZG)mqem?AK3&W*zTv(ONH-l#B
zX@e|O_1*kQ*stBrd#u-AdCK0%{fz$y*v$!+s-!u{R^H%^;!&%7>;K_HW@<Nj^WVR5
zNlXIAXObb}Or0U*{f8+7m@#?}gxl2Nzxj5^ztDP(AA6RsQzpa~06J5=bli5g5*D?Z
z@zMe+VNgO7UAI;^hB1FfYZ!rO5;G9jskyXaiEs}SSp%k859PA^A7s-yxP)-CI{q9c
zt-IrT`SZPB|Ko4GU+U}qa~hLdyd9hN!>-r%OI83`^%)=~OuG>#W}ftf><Cj^q*ei^
zD+7tU95Y&vHOM#cVtD-wO{(3D4g4sR)3vAvGw)xnRaV)kELMIG5N~3vXLdKvfzg*G
zhM#aUlU{r+@F4z15Q`0Jg#vV9mp2x18=>9F;U*(-mkq-P6L!qfn`rs6C~pC+JnXgH
z_DouQQgOeAS8u1bpJ`;{d9-|x@jr!>W1k)7dvG~zQFEQMo3p8S^8H^<eQo>KDYfqT
z&<SVFZS>1yWpnMdI@^EiH-2v-o(nm4eu21YIRGz|sdd1!Fi0iwEI%t(gD(9@9%HTJ
zpQPrzD40%|P^p)-wFIfZ+!()qjv}I5yNfEZTD#ZCM4VQYypF<Ro}YuAZQdL8VrTBH
zy3pmm(kQIIpWj$h&wK0xjKy_LN*0HSj>kKfhdav{pVA&5DRm0snxW%5`Nds}`{ogy
zPeCh=-y%&HN82s3UY+BcgUdYLSl%;YjYm9unKcE5?cD=wK(}vXoT>Iur{ow>k%#gp
z9Lu))AhJEc7ZNxbl<|%=WGmL{Y3Dk<t1!lz`glnm_|LddhJWuLNi8ywI4DUsc-G{M
zOJ|x-*y?4sl_^2#JXhHa-U}2Yah~lhjQS7d@B6yg7~F#xszcMn{=?ki3;o61VcG#m
zG<^UMNX%3x)b$no$1gqGSxn#Nb21#DXmew+>~(h;-kS;NJDp%RZx)oM<yIU0gHJ{s
z{e@3@Hl>kAy%4H((;*6gBo{uzBc_chYcP2~r3CP0&Z#yQlZ7c38^^Xe+b4TahpmV<
zH0n&=!-XrIo;f5n?fH$)#|9DQ-aDXke!GEVZ5%f@YU))4E1&i;&(38?k--W+V8#EK
zmZbYPNoUH+0#-=Kp*9T2j_uIi^<$`WwQaDGMRMfNXLJ8xF|~Zsu(RYwocHDWQ4*;G
zTj`bGGdNFbjC1NJ1qu?R&rv-0&Dn@SfEsdGoIZ_`pgkAMMX^INJ_+zR8mDj!WCVv+
z<V-5e$e)WD%k}{=<Dv1Ak#K|C*t0EHgYcP=H9+k9@xJ)1c)nX~C_-R;q|Mkc-Jd@Y
z!uOXZF$iR#4_n1N4ypa0V4k>!|5S=Id}0iCT^u500JSc~XQGt(_tuWD4~y?-(d-dc
z=c#6<MKnZ+ydy<R!klOHzu7;aZjLuQ-mbWg(Q13q`oTJelbZPp-(zc(lU;EV+Pg2E
zoNm_d%dtb%GPYDHy-mwp7tjTStu1Y;k%FULan~-}aMWz|7&~KX+XI|7`c0uL-(8{<
zg_;1*W{c?W_TvCY$wV(#^5i|o)+eE!GaN()J67qgCxXZoAAavbaIL~pV<*ZIoyKE5
zUgu}vkyl{lL$IOT{kp*Jf?01&^qXN&Y=P$50R%S^sCF*li?jLbF89h&{euJ4a?&jS
zIq?dZx;nq`41~xQ=}l>TIXp8x>q8C^5ebhI_t1O|6aRR$bxxRSsi~j@A88j;bDhI|
zRB_@7`XWaMlw=vkjw2mKtdP)`xo*aRg|bRR0ZD3pN3Lmzid>ZhmwFr^j8at~;}hKN
ze5!z0&`vm<c-&w@GV>Hry*`B7RabZxQ3I*%K^V(H^~wU})Jp?9Gn$Y8L0~Fz#K``r
z0EjKb$P(MZMZ)sUVZzPC_UEC3fI?IORgDa7F_@72VyJoY!dh}snrW4DHN8PmDVkNc
zTh;m(%GZ{k>W6Ui{sib{WFi%`u`)FOp5<Q~1KzG7s!7Ug=Ny$}Aq1ik`%^_R)fm9v
zq!nML84!J$j*lN8v(<)uB`P+$8C|Ssg&h+2$3@qrV+Koa1N7Q5HwlW;>d+9QgOvE4
zDKO?tjEyaIJUpExyEL{wnhUH8t+ryd2g%euYqkFAQgOCUYg8{6sG|&qdd|HZ0MwV6
zbd=l%X|3{_{rTu%aqOt`G7J5&<#0CJ9Rv8KtD9Zr1e9F;bty4O9bz(gcd9Ob?vG;9
z88IOBQ9SNgkqg}L0IjzpeU(R=9TK`cP&@e&S6Ab(!{#MubG;;ecD#nbJHnIO+4|8=
ziYz5lJz!Y-*loclQz1tP)fd<e_}KMT($>xzsQbN_4)xRX;He11BBq+LLhn_TVyet0
zDB}4cfg^kctRZJEBK-MUeh+M{dJ0gHNc(-IGA-<e-)_A{q+OOnvGH7+gw8p}X<6$%
z9Kx+nA0Ux(BY{Nz6R__Hx_syyWe;FP_gp@2I!tO$0qiLa<Xnhp`~*Fi+HHBNB#hP*
zNV>W>^Mxx!FjsIQ0bvgld=?f`ulS3hHI134zkqOggH<tv!@C~+OCSe17swHlvQ3<s
zL&#1K><RzW5>*Vo>+9Q5Maon;(5&v776_CB0G+wMu)e%Z>689e;VZKZWx~ry=2;s?
zC6qK<9E5sZmCt*B7R?VU(!Y-h$gOhwx<!QaHkk3k9qO+bl97?Io9fq6a3-<1Tms;y
zuMR)!!EP@|e#^)%priRS&&t;!(^Qv|TCMUKWWs_0Z`!Qo<Z{<m5U;l%jifoz!k7vd
z%)N1i<u++}_+0N{e5LKALNKf_O*PYo>tv=m65f+4I~npt>+WE<hvCLDAGs5+2DG@n
zyg87P`^JV9KM_y!LC2GlC`t++khR^I4`#5K>~Yjo_Q<D{%c2At%GNiB49;s_nDS!h
z$|p*q*?qUw*Y;e18C?dvo8y#*LJ`ZZRVXJjnCLDaxF#)XX0r_Fjsq+DQ7aqOv2h*e
zx-~k|*A~sUc0CYH9IJ=UO7Xasfotbk>?jYE&p6hr0)XvqwooI=(iN_<Ky!~5&8xzq
zfne8(@vzpG1_!|M30v|clkATw>)z*n{PnQTcH+r#Zb5-vwpK6@0vellF_(c*|2X85
zz{P~>B&+F`*N_IHGXXR>VBpD))lOHxy-Lj}a+A^>WBY!OgN>7hUF@<iJ+!&i;a;*r
zYZ2SL;Y$5C93P|=lqO@oJI>^!f6Uff_Fl*Y8T0(OH{OoRps~<wW%(Rdf&sA7Q$WK9
zcWn(9WSI~7pi$G&VYQiv%yy`=y)ByQ76|M*CzBy>v1_`0Yzs+Y-ikk6r&IbsFbC5C
zR7<xULi+*2NMjI<s7r*vM{H1qrDkSPyOQ(v+g4<{8+ZPPV4qYQ@qmsvBfyvU^Cm$c
z)a_t!*<IdzZ}p_b79{GJ&ec;4U11j4?j;2{z~URr1$+>)?MIza@2pR?cP{rTlMy~J
zi08LH^gIlU<t#O@n$2Gv0Q?M_3eU8&qPcPliB@z;8hJ{cYVMvhE6J@r9(R_rE&qL=
zEdXB&;Nj}-omlaiIZ(%Q3lc_##OSJ3DfxHkL?Jx73%uf;cuF*(i-%yrhHM8-ndE{_
zzT9*0##^uP!#OjJO;0K@hwx$??Te9L6A$^^r2FNHgj>Kq6LB4V^bN&rE7T$3p~LuX
z=urqPBQgS#X8$VLrX6hX;uv5SY}><pAHVJgWfJ{$)9v&~K2j3ps<qn`UJ-T%6$t<<
z+gpO_eX_R-`((1!in99o{7#hA{o>hfes-ANXTr%twj*q?Jay6yol=u5Fd$wtWt6_=
z5<XwY(I)E2MCao0(bS|4eX!kWY;sGqw9-0ODbGjIj!q%@QADNfap2~h!pPS+dVl0~
zygRnM1_*Wh#XgT}r5X)nR+lBlX`)g8zhIs^jlN``lhzA&d9(9CDJ*7!&gPTNENj3j
z%ajp_byd71x)f8SExpqEVo-0WH~nFW*m_y2VON@1@T+j`&Gxd~EQPzAF{RJt=aVCl
zW%}N+B~k{8aROS;kzyio$sm8SJnvVKDVd~0lsutj-!Bj+P4bAC&hm4_XOrP;;4{`H
zO+<D%9&%hp^lXGI$}tG3+o@jmasYJ4;PCbmKfC{qlQB?N)nFrTLmfm9B*)SsdWSs$
ztz|chc8Op15sNe~WSIIRwlvd}5*Hh1Ww28)*r!NIYsrMn1&S$xu?qo9f}vt+FO$|r
z4p;zNu)jr9u?pDbf&dq5<((X8#w7zEA&lgAC)@Zoa5AZo=YY_g(_Q3d=54BeIA!UK
zi8Zr0Ii-PSr=-++*rmFG@OFk))Jiqd!+IkE<ih+1RQa0=bX<G={qyI~nevxv`c^-F
z>{dU+4n211{$aw<lyJKFtwh(%1b&@cW2y?h(Kgg{#X#{ED~(YdBTo%r-8Mx9*5r$D
zyLN@!SY6&Cs<3YDrYJJ#8F>cW@-b=mEjlg@gltxqv54-@<@SxazGD(9(2ojVQz4ur
zJ9s2@Z%|MT@VBykr_vfZESJU7H{DWD9}565ToiA*OjT1WEhCdPMY4s+_^JSbR%^>>
zy4vTNV77U$y7^V3fdWU%*B&#Ojy5BZiP@9k?Uh{&x_mxMz?=Zh$T){FfkzIWdbmIx
zM0yRJL^K`AKmtv;I`v0)-1V<r{KI*&A^(4cy=6dL$<{R-BZLqjK|`<*oJN8>gb>`_
zJ-A!r9^8Vv(`e)F0fM``Yvb<np3K~tduN`R@8b`rq571Zs#ANfz4j{4zkwbW@|C&p
zzj?llp1+uMr@h}P>d7=G2MC-8#)XAqFDcRkxUM;LcGpUENrB9u-nD50iWau^x<e=`
zXcIl>=$>0)Igu7VNPP6fpT+VF$x_0~Em92dvaJ;Eepo3S-Rs>I+nFu7NL&v#OSpZ!
z-zj!C^mGVHm|dbBl?eT{lhc-}L2bbWInh)Y1|zcTrR+dbj!7zz&jyWlYdNn6y1zCp
zc>BTsSANhi=W4EQ?BfOHV4&k~5#OQKs+-T~kF-a1<WE6V^GwPR22eJmFqnS+g{1Xq
zo9w?Ny@YGkl$R=(GOH8TeB17;Pw{x(PMQr-VVr(Qu;f5p3R%*0fmFIU<6FqM-8!@i
zY**{5rZN209DDR4>)DgXqPI$UTbEr?X*jlj$r1UJ)CT0rwLBZ~W1HohFb~iaViA^X
zX-Iqb_gnpEUVeH>vNXfnj)S{7kgU4f7D4C3jAZ<mUI0Le2d(Gvdao>?#jy5p3S+n=
zP8e~aU-{6DFlTo$&uF{#vF>DmBeH=e2Lsq-LhxM<d2^;Mc3f_sqzK|WerYJ2sqB59
zwb#5;RR8n77p{U{Hlxunn%^tN17rg1xVT98x7cUf^NH8zdx97sg)s$>-;$pGw|6f{
zJY^sv(g)nGoF5nrfan_cL(-I|7S?|K0XL;`88MUVDpF6%JWDf0zl8bGO1sf%99<N*
zt5ZER<rIa-6m+IPf93A|9EsDY+v@mqR8lqomBg!P#*9stKSwe-gXjLz8&Enh?7{pV
zgI<>_vR|``Y&^E5XBVFz<|5g6w2>%GPuMO_z$ITv$#wYSsmg}=9zW<cLN}0>6KTsq
z4Z!iAfg|;jtIVgxL}O_nf<KE<ikZ#D5}D0Vi*cH-s@UcWTICzqXT~>^%_&!z#k)5(
zB{MRM^F;r{zWEb4ks*J4zd!gOf5@$9<x=4!aJl$!Pqx|{G);Kl5|w?d(rp`&ee6Kc
z8FG^lh)FHbugaK{!sRps5sht#jNDb5^mRU<CR}*wqR#H?l{Z(ERKzWd2PipbKio8z
z&QJjX_d0S<g+X`r`266+OyO*besOg*Qi`uYOhj?Ohyd23+FoCY1yUBqGuS4QO&Hlx
zm@djcP{8*FOU+ZbVGE_w;EAVj#?xpvi2)};lHNlIDJcWN2MgjCFT-va##6&nE*fvn
zN9-5fKns?3NhyvS*pwHCZBewE+%r^3$`^Ca#SZ*e81EP@-yfZ}6sgw_A2c6i!T*fv
zKG_@`wO@1<biTipEgR}y`*IJ-&~C%Zvy{`m-W(!)$6}6)$K@m!1Cq&lF`g?ODH2OT
zjccq5>m)E3D%I^Irx!%to+>2@2xC&IGNq7r*`)(AkZD7(xqjJ^G`%Y*e_a4S_JluO
z;C_#rh)WSx+CST|lDR$GnZ#4HIp0-gx7#Le?`-ciASHuStu_}2DL`KjiecqCp6HL2
zZ<5Iss>rjA>H(_!KSk41-0vMJ<#Ipn%{EJNhb6Pw_?GGSivSVtbn!$M>2^WTNI)c@
zb2OHBj2#*~+<10A8>Qa&slNO&`PB9-2R78=%?O4r@cyiui7wa8HnB);a;4zpR3k;f
z{pg|Oj%+@wb#ZGjQvTUT5H@X)8g2J*KFglxS4}ftZ=V?#_ZDX8vOcc3HR^WvH6^3<
zNGY?!M(+6j2G$i$#K_CJcz-sjN#7shib?Ah8#jFV{A_<*R1E5$?FEM@Q=m|o8(Xsx
z@S%>GT%Vnb3uz>&;kXARmv4*BZod!R#GaP`1bS4Rho_608=TH|M(1@9whp!1eyZ*j
zhvPVF$4hb^Jv%Zj>eE3TNEk23Gc46PonC6WABR)p7$0p;>$XoX$Ksf^(-pmUf@JNa
z#a;p#KoWwX_~8Q-<}Vh58@aE(Ae-*)ncN!dvXehAce}gpfyIU3u!Qf0bVUg-2t|^K
zN0b*$Sw++F3D7;ljP;gerfXzYW6c+MMZoKhcNvu6udIwKM$gu$->*_3$=W(oZ6a9z
z&3o64?oqB(v)fa)IM<PKvUZIyh)ShNZ&taE$Ifsghk7G8Iv=rfx~_7^u*)EI*z+m8
zob>-$h95n}R<1ItF5LznrahPNYzH4NIC`;FJL4Y+qCR@WSt<O5SB_L$*~$tbG_R)S
znV|f~WAAQf0oF<f>mSMXn2|gU08uk85Tia)A_YJNIcf0gs!gXqr@GBZvKOYflm!NF
zHhwD;)X(Yjnl(s8%3kdZm9?WQ^?1r5;jr>!!S%*4UWue_b1`s}sa}h6^IN=xn`Ws?
zdDxT$X}!a_TqxzhP8Cx2CQoDvr|i1ka+-GMSgte?g@~Ak6fZ2}+)yNzrqJ?GPqACB
zSc8j=D0KFydg(?cQy_(r<=k=Uhg+>n1wbj08EDg?tt1i*71@l+LjpTFMU5ntaG|_8
zx7K=aGaeyco?gfb5(o}vo<=knnl7sDyVk*`vS2$sQ`8g&cH!DmEREKwt@T(~tfpJ~
zaHha0*TvkbVZg`9%`cJzn*?G_h{=s{rm^ewr6lf+G9#5%&*ha8EPJ9a@CjUr=-1Il
zxpiGv#`p>8SdY_KEEd#Y!77KNlBdIhcx$gH2FfiCG-fJIumI0A8oWP8VZfkwsFKNL
zaBh0l+mghF1w&g#(6^v<eq~3m92U8P1>eNBx+*Nje>czYG%)tVg6rVC?aEIp*lR?r
zr}WOz@><0Vi>5ftrr)ovT|znSrT3{|a+s;Q9b#<c60Efu#p;Ivn}}JSLCw-XNVU*P
z0urBD@+`U47$G4Tlpst!GhHElJcrV<h$2S&!N&ZE5BzS0poPtWM|O$}zUv9^JssC(
zt^rXB8-~3uru_F6@17?2MK`)k2zvXM&Y=`8=bwGaA8Z9%I1DGC@iNGRft0FMxLo&_
ztH+)9No+QkU8zhaRY{eV`u)bsmJZ_CrTf5^97*pO{VJ6MA=_Fa4z|4%&78fIjRd^E
z)daPdcSpG_7F;jX(LtnNsgz1SadVWN6fFnQCdfq^?cOdaGoz8ZkfmAxvduzo-n^mj
zFLb5fS)3@$^dq35P1PpAlt@r6*B6c_ov7-W`5MPy5bBW4%?li`amJacS!2mt5G0(`
ztx=Pdyr<x}O#%C|(oI4pnF5eyIy4+GrfSPK4Z9;qWCj4k09N~siIZNO3?Os$Y`b8Q
zI%@+Y5<3%7_B*koT@V6FGYkYUcYOzvrgSM+DEqh4M9?rLrmfM_N6Em>-w4=mQO5I?
z#hom$(ftybOnSI-M*@xFtaP06ug5)*hB!*lC^T-D-4%F|_P4uIv^e4;fA%+tnx-gb
z{B%9tP_-D&moG59M&WVzS-yOXWGevGu2N~bxEWaFa$GGEM7)E#ANhwglH$p^oT3N?
zVMvHt9#tU%kF#|a{}LB)vOUD-h&^r|U$lvv2(fwt(1%wk!T=5y0Z2bbEh|qpyDQ^1
z?L5x1%K^TA^U*;AcoRHGtacw^x$8jtxI7ZZ?AokUb<tNo*tMA-&oh9&=O)${*h5vV
zvAmfR#$lJy{BWNL_AeAY-W(*5>TeH1;Hfzo$<2Bt5m#HtLuYpAcE5Tp?sUAH$$I3{
zHCTeXc2c;QNoAqfMiu=u@WiUNgi)Kjm-~*z*<Lrbpq;(~NG*<0-TgX{<il*S&^L}f
z`<}rPACXHw0hXHr8xJ=N_Ljhkq>@cQn{9M~(I>y2g&!|c_wz*|*nnY0s!5cWVT~ip
zE1Z?qP2eSO<$(%L)LBchVqg~a`S={FD@VhN_j1ZPMhi_5j7C3ATax(A8@&UgLxY0S
z%gHV%?qG9yceYm|e88B;%n>(=#na2xOW@7a*%heGbYd6CIR;J<J&ei9uZvNvTOPj{
zPLf00;c-vk(S$k{NeKR2P-wuya6V+)`r1UXKviP3N}9lW<a~tq*zvjczDL``Em3x*
zfKV~Hq|X|*T=V^Pf#e<?9fAZiuw1V#QW^iAV421FWb)<L3Ci_TwojlRA3Uo+E~hz@
zE?3yLKK?OC1N-UL*nkum`NQJ2_d8vtt^QYZK{xX<XYk4$_{z-3U@$4#`SSSrP6O6Q
zNmT#f;4HOT>*0rvFf3=W<fuXUhS;dlA1KG|?R^Ap`p0gMW7HiBfMqz{Z5L?{3980D
z*yIUifpx3?IDF~?5s6;=>L(Hn3gR+E%{n4}u`rgR`L2WZmF}#R=jf&KDFxlCpCZ-~
zs@y`g(cu#Bi1gALn|${%_dU_qV=zZCiy5W9bm7HRJfK^~)u^{K;E25?$<rU(%RA1%
zzBvxdh+M_97#D0vVu%gdD^jgiVDE5vFkav=9?sxj(D7zpB#SBE=!=%!=c`nNo<_Lt
zeDXr$veU6`LX2#5=sm7hC)33{5WLv685~wRijg{>cJR|0X>cW3UWT=Q$!=Z9_zX5r
z;?<K!bjCCgOC_9KIldRq`MJa6*fBy_%FE_w@xTI{(pBu{eO=)^X`Vo*TNf;OC`8(q
zEVCfYy<jQO%L$x{p7~g(kpZQSClKkL_3%+4z`r+D5^qO(hkqZVHqe<^Q1H=ghS3QI
z5m?dBmjH~?3<?%EZEckG_oY|Z&b6u)mtk|M`Kpse)w_k*B0PWJlD){jAL3fsPzE_Q
zNkstraT36Ca!e%U)CMi!b2<0uIpVRq5aZEjGmbJK^sc+6r$A+V6pGX+SlTyO>xc5?
zO=_tTHgV`}$*Gka;@l2ZkaXlzW_x;Xfg@$84fb)_9fZ`##K@P#CnpQlMG30RK*?CU
zU!(?A1H&(*lM9^O?j7NnFr6Ql(=@nzkCkCVP*~qhSrxO^<MGE9!gUI~3w4AMUxbfL
z-sBEMbAr^x2Hi=yrmcPqLT+Vf7J>p(E#zHyU#pSF+#lf^p0&Hla)5VFvr1`to)-in
z?M|1T++CnW2c|GSY|2SKZ|k06GFhW<V_M1e`n4}pV&4mnOSr{P<=oxeaAp=X0Qd;w
z=x~0RSXFP?CI1sB8ZA%qN9`w#cju}VX0yzBv4DZb^ZbJP2GOC}IK^&@cnW3|vHa71
z*@BjIcD*ht8D<J=C|Nd{%-|Xjv$&hfcI<s|<{0-@$Rc!?B}=eVu!rG17^A5G6>loK
zgl4qf`gt_pE=qf`ja)~;2wR9dlI6CY0WC2Omxb*BZ-0W!@vrFP=<d|?SNYIU2k{(p
zkwkku*54H^{`BL7@Sa7iu>Cj{YaP497BcgWNJ4kCIRFCbgA<^Z?N*$~a^1EEwn2$d
zc{UDxKz}q_6{ZuRHxhXh?N~z8#d8=8Xt$Mbh%p0#uf=@o<)IDJPQdifd&o)6Hyj)u
zdmfpB|2P4yDrd`Zkt7{lXZYpni|U!Qj@e|+lQy^;dgHNNVZh6XRDDwVG~y<nMbjR2
zZoB&q-+0j{ncAvuUjrPezfLAX0G>c#?)eVe2zpirzGqDn8)C?fde+1{y<>>M+Mfr2
zQ8sQ1YhmdyW>$voHEV?dikN;QO9?uJzdEg#7q5i^Hy;6$F;X01AnzHMOEN;sdEJZ!
zIr{o;9Gt4(=xs|?3&5Y#EX0)+5sXAi7?E>)SgkKq>83Wbl|Tp5Kb)>7SKapxl2&X1
z5m!AWb=9+Qd36OnG@MR`(o47}sV*Zy8SPa(oD6}n9qdRz;*uLm<w5H}468cUTsCZt
zgn8lYRsK(f;NySHT^o4uth_m%Az<GILaaVl?X_kMTKKd8O9Y|GDjHKHnlj{GhJY1m
z7F=9)jUNYs|HQHWd+}rM%X_-=w9oScQCXroGaWedM9&1@Q`~()sDEmFihwA}_eR;;
zMCQ#OL5IIL<IsZedz9OUOz-W*CvW$D&j<K(vix}=#QnrliiE&<?A1RfxV?Y>;s-Ar
z!=L5<b|Iwj>+2vlIplx&`XhJ@(?4VRf4g|E{42c=dMVBJSMTw^8F;vICI17w{H1Qs
zuOt8kqHINQ{qG(BBYn_Ps^$5gp8wx2BBFu3z3xDQXz%}4_LoKgoyPe~egD&r|KCn)
z*-Eu{b`D1ek?|t@2c-L3{hyXJC4N0i;0zokrFVf{5jUEl1pR+o(SO!2B*GIu%nNt=
zZ#{kgee72rqjBqZlz({)TEvgwqu-#Q{$Gif-y0V3E00lF{O$3-6$l0@pkLwr@RvdQ
z?_~WXg9Zq_<RS2J|4RXnaG(MKPCz^7ufgv>J_;HCnn+CAUH>))A5lHLd;H-8{%s6|
z#erPYEYeq3|5iW%r~v!u{om*%e@@BwdA}y(*f&Cge|cg*gx(iYFmZE-7O8Q<A|V!o
z%-oX;Sn5v57fnC^Z32IyB-C0bdnrE}%#hm(WLAEOnM=<{wEp{K_@fc#vQLCzWc2L0
z5fO?x1Ie(nZ1KplKy)$==kwjuC2y2$)<*Nn&#+O0w3ve?QMi}rHRJM`-2XJ7p6Eh9
zqP;0iLdiv934<hUrh=GVe!l3G@B^@u5zo6D*RO~Cun|a}@p%5@qwY6vjMYV=DftJ-
zbHj1Pg{AGdFXqalC_Z=rVxkclr(X2`IHuivKWgBkl_4MFabrl6R#uB->rUfgeX!9O
z2|vL5l@=2V4y%dhx!<xWq?rmpBOoZIc^V325_X(=JPGhG8Eq$?5gFuoiJ8^rhmsgb
z!rmWPshX}}CRHY8L>V?tr&u&6SE<7Ej??hFJpDf@3;?R;KF`$HbEnuaXbq(G0;s+i
zgdJqqVwaCxYbwe#xm;~|qi|;d27ZP0x(KCa6X!anL_m}4&Ct<mXP#oQMwD-|N-M${
zEawgo9X&z4alM!q1OSqB=yaKkni^*`rF;T1F6$>vw=2!~d&BlXxz*ZtQ6NPc;P6Oz
zR|a!j^;+xps$NRPBC+ulw*-3qJ|O^*%n(K+n~5m}I#(_O>5(hf7w<`60`1K-1~uJp
zgX(Ny5zz7_JUAf3VDG0ymO#im>GW0~qur@e+w(r`ObPjXx%3`MZsG80BBQnrBu2*(
z;=qs)rZQ%>RzN+6=qA_s!rb=m+HU21qDa>7IT9}U8K6mS#*_P;*>K8ZqDWoT4;fEJ
z`adlB|E|y9-g39S2sJ7zWbp{_vcCSf$Ba}|YJF)vpK&INV<mC{pa#gioZbpQ4janw
zK{Ptuk_Oy+1ehFbwwhKv?hsF}>$@k7TFp{Rv%w(#yW43k$GhgE#i6AZZ^M<J2kUmc
zbSGPtq{YL1@jNoA+>HP=Bgq;wG^b>PSTu%8Zh2VHXgi96(RhqJUus#puKEjt_<rIr
z5D=gr%@!A>ZMyu>A4iwW4&ME=-1^2|vpWL6#U8!EJ3}`k?@o|Fy6N@`c0#9Xnk>s7
zh@S3rwmo`E;PxHYQDIUyjE6?AtWC0WMmDb<fulpGxKm^kolKA)<B0X<SEw3A#0S;u
z4!}<M$_@JeZEQRq)h6<ikV-)iBn6jO+)YpQ*qkY8XgbOp!VI=7FRyos*Qm%X1~?M|
zSqj|KK^{MsnC&CfPvEV?T>#&nBEcn%<!Z-w*&>AXt&mvX@{lt7T7MC68nGh-W*Vf{
zW^-iTeo_35&R`~MDLNg1LB`IbS&Xz3M;Z_%bGruqf^vJJD9~K*uin;y_Y$IdkvYKT
zjkm|W*5^Yd>3m$sA0*o`$s_}(WjR;<4K%E#>g+%m4XenG1LZ?vP(9Kho?XN1PLt=d
z>7QAO#eel0`WZ;T&N?yQPhzt@TH!}5eEmOS4F6rwhZZDDPS53i{e|kl>rhMjc4^<>
zaCBED?L2(%ukc+9jm}S#WM5jheD?X~y-i>TW5dK`aF$4BUtdjH`Jyp#F}Uo$hOgK#
zI8Iq=`#lzA#^)LUGev0|zibYqKr(gs%)v517M$3+U0vMQvbJ3Jhx-brGviv~utm8p
zXC^Bx(&6D@MuT(QIzHC8so@RcwO^4ERl7*}g$74h@MOd%4uHsPd1s99o+A_h{6<F!
zfZXOi_=#oV(l6m{gFFvZVfXHrNPdCQ?(d5Jarcs8c^r$J|M8_{Y<Q767a5BXiexM=
zYpyxXq%QoJrp^PoIyv!3;raVO^zw|AqE6|JzIfLp45}al0<+nwkn<pxhiD4fj!xms
zf}E*j`@m@>cfj8%Seu2TRc`=#nLMg@5ikkZ(%l0E?{psW^m=2u^-LQsFlqJHen_M@
zBj56$Z1h9Un(s&rWZ0~_aCyMNfc_UKR*V~nb=c-uk{$(9V(cmvxGZ$OT_)GfK_A@C
zS1!O@?~DGUv-|Y`#5x+4C)-X{#cCnHcBLD}C6W5FQzN;~?&-+u-z4My`$T`Yf4*NM
zd<%*Paor_4Ce!zjFZ6Lb4}7paA9It8F_y>2aF*1|iQ5uICrXmJJ#YGWbg;cHTVZ>p
z^6owJOcM}F^2cM7RCM=cHk;d;CUzN0YdO6=8I%RQxx5NXdLTj|%dR@6zsbqq&mv#E
znD#gtqxV_?szkW6epete=S<spyj^g5xhgqyjyG!rbRR$2maIXoFgrI>p#NPImnxXu
z>6E-sxm+N2o=hVrNSKs%vw(;h$30zx3lP(Ks^hqf3t*G6QN1?;fJ}`qcz=o)cw=U=
zSMGGJdl-{OO0H{Q?RKrYR=j&b${&Od0kF1_{rP%5WHb}nH;;36vz%7~$a0Ief`VH;
zJ8<eG6Pd+nY5``084si3)OVV|yADhmrPpbQf@_$fpW`Rb_hyN4dd2+z(K-RlJq5Rn
z!;*qfTM-Z`d!AJ72-^0T&8wimz`zT&dDehX$*DyktibiVM_2jtH{&41<{^@X%kM_8
zwr;~UW9rQs!KJuMgV=yEW~jS{U4NpR%~JJ3ErLSbRQDP-Uo5RAvWO(dJP`UWAIm^H
zFE8ueAx<{1IC9hM8>Nh!c`e3cxuD;lFnX~l`MsB=aC?Py!Y>x<!{6TUzkkdU`_<r6
zZ38@t#Q#XB@SG<VpxGy86^sbmR#;0|$v5yimb4TCtaM#SP;y_^)HBW~AaH=g;cYuW
zA;D5f80WUs03g>|;T?}QqyE`&d@qk?SqsQ-=zIN(dIlg(_xVW&w%o0669`N4Iu|Wp
z&xQN5)jv+xUm_<N2ufE0pCKi`aO~fVVh%YwUgUo<D1VrV{BA&xoAn?X|1#r$JXG7`
zA4*3_5~RL<LYxlw8AU$u^$Y6L1-Z|~BXX~!vi+|WAHz{lVt$bh6cWtx&p^j`{Mcv6
zWb5^3R3`*31QJhsw?REx``GzLQ4EL8Wi;>s#R=z)Yf9s+fw{iKix-ax-#`22@%r_X
z&w#qiZy$c>e))th7dHI0TgvAz|M>5RLt@m|aO07z1=iw!e(k^i{q2Sh!7u#1w&@b6
zu=D@-=KotN<;#<dG$&L8`6A(eYR9jlVQ)P920FI)_j#M(dJBLgNS7^M7u@-JXOJ)h
z1sY9g(C3M7Py}VPfM;uN-){)5n3M*-igzV^X9^ekv=3iPfU4--AlP&F{=$0><yRSp
z(|vdrmW!VVBC8CtaO2+aR_J!Hn#$gqntBmlpG@6|GFDWY^Mc>*dV|5cjqe$ux{u*Z
zZ(ZD#P@?$;_;vG*(_nf5?HHfpAiQel@n#w6uL^~Tf3KpT#X9DV$;viB*qYDoHUX*t
z?7*$-=n_Vl(6@gW>pzEs>j|p2NLb(+!vB39|0(nJ?PF;vy|>0Np?@2!&!56P$a7C~
zg;M@)#J_#=ee)Vl-Zwoa^smqS&vpQ_;q=AUbKz!ZGJ)cv|BvRpcntESN|_jyOZJD8
z&p#B_{Xg^Qk9&HKp$gf+$(KjKZN=xj%xi}38_{sLPwv2A`~U_jY<2UHubtk?-$f?5
z@Q{DgS+xjc8Vvv7^`-z!Ea9S-`T1m*lXW5%mTF=>eQXLd1JV;KP;Wc~mVAN2{JJ&|
z?BqLzENM@t359BvDGdW%fl>h&FJHDg<+?Y4sX%$0STCNzKw`K~;sZGneNPNXP&P+A
zCntq6naYU5EEXyuBR$>L=50Kgr%OplG6|TAY?OTmX95%?^dVn`oBkL{h9?eHM-*{k
zWlq`m)1)?-C@&3l?rV*hW1?d8&b!2F5ie1Bc5~#uM1Te8xyqf%@^+}&FlgFAF_~|g
z#d0#%BQL1*ChWnfYNxmGe0}*-(RYfgKO5G2I&T&klX&V8MKiIw*I^>nFuH@H(*ng#
z!~V=7<@gln+8V6xl0?u$cRmo#IugFQ)Q<c>5D!x`Q*_uKx8Rnn_@pEvM|)Kt9TU95
z1LJ`t1NdbKkYpn?StJ0F`)1BTu6o_T=`m5LD!!Z}u|46a#sGw~z9iRkOD-%d$kmF-
zConi;nk`lVn)6pLF$@n)__{_%BLR`!&zf#WwJSTjD*ZFO2opXxCNoer@ylBVcI&kg
z2CFc$+SF8nv)!`~d(-8!FeXmeiB!2hwNt4*L1hdedScj};ZxywLJEpCNHr18AtHhu
zF7r)r8j#)J->>bbC{ytI`uWyXFcX$L1{vgv#unXbFY{JgEM{Xbx(mXi;95>3Qv!Q1
zVKde#1c(xjz(&JqDtSrDciI~5E)TWwd#PjB(=(Jg%I_n_1A?N@u6t9sIDifMksHsn
z015&3SoBvgQXLX2+6mU1HxhtBGhP^h8eiu{Ec?gmLGTPjGLcRsbR{o{C7TZjO>b_}
z6mp&<<(`dW9H&0+2~TEkV(>sVWxSsoGm8uC`;nG?I#<B;q9=NG(qgC;r8&cfOhUT5
z2V)CzbU+e*E52yIwS6Tjd~C)L{I$xxoIu`OBkcU4(Z?;3m5-@Af*Mr0dJ9?2nF=i7
zu=nXb3sNLET_g;w4L?=RH}8zGU6v#E*|WRDMtk~WN<^N<f(5f2>!F<$G*-+@eQisU
z`uPerF}_n_d8%m3%{XU!Z@qrOl%!ftZ?;gX@LU34kPJ+aHa_ak$fu(iqm}{=LDGop
zujh?KH$aKM!d|CP8=AQv%Ep_pGpX2+o`&{OQelu8nXfP!&C(^5tiNdI8FF`!Y*&I9
zy+h4iBKTBVS_;cf@?z?A4<E9a+^ip!48kgvIiS3&+r?7IZTJ*VUt5m45aM*<7Vo7T
za5#}@F*Ke_UNqYe``ACT-V+@p5P~lXc$?WZHLT-)vYtkAgteGjMYf3w^r@$g0M`Ki
zOdm3E4+O2};)W|oSmQKYx-+07tbonn`4WQ$+Q`T`qaxCu!W5}L5NEE06{8|`J58#z
zV7oKneSc*@6!LIM#NHiP=vI76rdnHdhBsIM|2!XRJYK+onKvn5(z<(XX(4_OMpbWc
zkXFo=&i*x3g4YNMRxi%hEu<sklg<o&w(q|C_$(8w-zJI@uYV^T|NCOUeIQy&2EkY2
z%*2M8Es8ES(<Pi2&x)C8RFfB|LA0;24Rnxnr$T4RMai+?J?eO$IuCC^3bqp64rJC^
zR>!UyALpOJh{z0&3)-OWIBrS;_U3}+s5{wtwnXtIA3=)sl&%wYAES$9#VLMrmg%SC
zXD(*o#71f>Y5jns#|*pi%@`nYjiFSAJXr^A-(ruRwnnJNy;)u3R%w`%r{HgPf{EAR
zI>sb43=P9><NFJh<9*X$h{@z=I2O><i}IN0CczL0xB}L1x**+us9`0eKk9Qf#-S*o
z^3nQ<IE+W_&ZvhilPSzsUr(VWk8^nZ1Lt01WCvs3m&O<~$juQ-u7kNn!lkMF_EoP!
z9U7LT{L5>pVh>b+PN^~De#9QKXzM>PA85xO6;)+JIhFQ#+Il@tpr3theO=rSdB3_~
zJ&~4YJYPOc1V|KNvF%hgDh)TEt0~%k8?D`T(Hc}d)E(IggB{=7-b_%d)Ssi&S>7iZ
zE2e!SG#;yAtG`{#$;|~-Tn}OZm;jS(JUQdGBvZvzu|)E7xf*{0>Ibtt8Q&@N>105v
zWCCx??}~wfn>*!r?F>@2$F8bTjtZAu@99}-c#<6g-s{tdQ?HMW#X8%X_DifE2HY@;
z_i2>C$;+a>G1NMU5iclZvdG~ka>d&NW3y}wB!Lq~EapD$(6s9T-Yu!*{lw-{%Tt&B
zJ)^yZ=COvl@_LF5_##&TTp&AjPuVPVyYt-^U@7zc@hK3ULT3s&Ffh}UuJSa8<P>J0
zImCA#yO3uaPd`@Zj6$i=@U6@t{^-t@-F=|!d2d;PRHsC8o>Hj}x)XiWM%mevyuw&C
z<r(@J0js}&>qoEsg~s0XcB3vFKA87~-zWfa<$ei>7|S-}sA4Vnd~?1JNsYb#f<=?0
z7%LO2KH#NNnT^Y4qe4BLq`n%-jRLT{(y8#3w>k;j)8e)a*`3c{T`5AlOd43*Pn^F#
zJbp?+2BMWdV5`as^!Jx~i9?Xe$!I<1cWIk$XEOO38v7ER{8MC8iV)$=-eTtI+s!pL
zk0<Ag?hmDyife9}x*0~ptpw5Xg8-<qH9ANpb%aW?by=!A;p9YCLJXB^(VR!~^klkh
zTvs$<g2qpn%}BKeKJF<q*iV{9$9EG^j~qTrKf*#IEyIYbk2o2wp)<Z)_9<sF97BE;
zat)HrraE)3<Ox}`b2(VxItHmk`69ap2^_QgJ;BdoP>tc5r1!sa=W|vsxn<aqL|A*M
zyVw%8+ZoU4jim+k)@BNZ<$lOC`O)CY>V&&D-59hzUOX6M6>CVRI%l-USj*b_u3W7)
z2ZmVH(cpX$N+@YSkHcgPh0c{34Dz<LB%(hYrMi5bjZQ-Rk1<w)O0LrMN^fAB*Ih#O
zQz^8j7TwA>C0`-nWi*Y%GNB+skzl{Zwiui!M&_s>pHcf{xzZaO`N|8>1v=B#gl~@=
zN}4ECPKnN_s!V0%8_#4jnY@ukYLR*k6j~<X1Dp_!7)v1>Qdga6U70^LZ02k@p9Ha8
z4_?1QGfRi&PEz<|Fhy={O>iZ!wh?uJ9|qK~?T24F9WFh-D?em;$9krF4A4F@l;1$Q
zJ2Y}-R@u>SPY7&jC+225h4jxkYsVQDx%N?RsFg--@tK8`nG54<r!0f3-~`kbl31iE
z#H8#u5_O?Tbb`r#NW?WU7`l_qb;&9tSCMZj9CnFSOO4!8q*uSSD@--DRoG1%*9{KZ
zNyR8QcO18y&Nbd-pBOM#>+A9N#AK=LsSMq|Nk!YB=aRjnDSV+2=y>;XIDAQ6&Z}^G
zzYMa{SKTo@AE!j0U>}^P<U@Z-rTQF`M%|0%8~;cdZT9H;Xv|%za{Tbw4}RK$YOG{7
zrwD4&^1K_OeYd21^NI~Cg81m+d62+72}pC&YujOrdOcflmbMtxw??MR+xjIe*=e2P
z8-{GM`wUd=@?LS0Nwy`biZ9iTKZt_FAFJN1Hll>rcxIOkY%?v%^KeRpL1kF1SESiY
zr(O?^*6)vlGBY!oj8_ISQF?cb%yQJr98zhpN}7ozS`nyt1$TAHGMa5G?uxt>;Sa)`
z3{-j(aeEI9xq8-<M-R1Bz1tL#T}Pi$t9`{F&q67^LeY>_rk9#6ibZ>vn5#D&?Of;O
zM1+LIB_N)_&3AP|mT;c;oc$qQontN$*yBFal@7}lI*IEyg<;;aCf-yS-X=0T$FS5G
zC@CM~&FerkMzaUEPt#JP=N$b&uhbGdg75sb=D)pVovkX%IJ<Z4NuCwNOZUh9X!%iI
z`-119Z$FAiP~vU?&ANZ)7s(Lw_M;|+tC-JQbOoqfKu73J9EOwQD`Vn*^VzD#vIy+s
znfD5zc-lLKk4zxGA@7C(kj$`eOL{H7U$z!6<8>e$N)=5T6VZ6Sdg4bgdCqq&VQ}=k
z&?3Qoii+mmOts>bl-Rk`5y?ykO@yXo(hrmTtRDOG#Z_jMZgm5xA1!!@Jru;yVibW_
znYw~uBYCpgr$>Ui<G6+DH?i!g90oD@eiupF2aTCEd`4wvy_nagw`AyGda>x7H68*D
z4zf^!>bfLeBWtE@%Bw>s`<N$BD9cgr*zcN*NkGj(Ql4G`2XIomKh!P9x-Q1AJxM-9
zOrNFWo~6I<X%A-P$2d+d<OO#6J0G89IjarmPMv~TO012-I{LMb7iJG7xxTuv{+-d@
z5!>Na&g%G$ac`P}O4V}ZDlcobq<QP+<fSCHes39~h>^ZooTb;z>!Qrj=EVFc*)HZ4
z9a6L+f6Mmy8f`AuyYX1LeOS);O}ei8vC1E&roel_g*nsG*3@)p(r2&FTGkKRB5XdB
zfRa~M)R$3Bg7%|4&OCvgjV^^eHc*6)#X@$T_kv<zUYci&!Slj720xa5R|`)5<i<~D
zb<d2ZPsN(eZC6FmU2l4vMW#n<a@Mb83oIisw5Dnnn{6a}>A5nvndh%WFY}z*Z+l0c
zD&X__n!Pksi3N_^$=L%<PV4Wa;B<e3h^{TK;*xE1u-9(BuctrH0p$#m_44=m_cCs<
z+AY24X%YFTbZ!Wn3;3v@9}F4w<1?B)X4=LLY(160W*Ue~tTtR{v5B&NiD~Rfoj6o#
z<{YV(GJQ)@y<2<V=)e;f@8r%L>^pE3AtHY!Iijhe_jR?>@nE0pT6f!}m6guECboiA
zSKuV{9_P$ZGAHcYNRB%E8}tUqQ?v_reLVqPzcPfp&8ccwh%(xiJ7Tk*k1c<+!S64D
zybhzo)FQa?r=f+V?5CVeAm#7O{A$@7ke4GB>M>K|BvT2L&GyVHw(q_6%k`ajg;@K|
z6@%z&Yv0UZL!zq6dvu4TBEEtr@yaR_z+Ou$Rt-jT&4Z{QgM$V2o;rkee{8u12Z~C<
zVx_#7prpAdyRdS4@$+-D7Rsug(7l$i>P4+}5$}E!DC8ETppaPR?=NdhN|+*QeB;e8
zQ>4Z%0z<=dRYl4Kj;4@nbfPvBnpjOWt%M6IAreG>P1U8fCtqdiI8$Ndo&VIA$#^Us
zkE1FVi5l8i@n}$=elVr<XEt3O*zD034z%*wPT{VpUWLI0G6a3L(FDhCXLvSmJYoX>
zxo~&9eMOruRfz!7_M-c1fGEsiyEVkC*XY%M%m?PeW4?8Tkl*N!Ofnv~4TBR6O`4g>
z0QZ@w^>8c%Bf!$HH-e-<8?Vy~i2lfmFZj1@?;NJ{p`%6^IzBB3{_&0}kGHKO5J#t&
zkZZ}=4iUsRWZoIN*YMnUWCS8AhfPIQ;>izXc(&zRseE-D4g8@j&E;zKLSE!KIzTnP
zkkcEucTU<MtljAg!9cczjfq}jB8d<voqlo*vYGwn($`s(%mD<T7EOa*4c1?5@%OWK
z#N#w8680xCDdHInCbS5$q!8V}SJ%|s)L6;kl|SUmqpV%zjXv{vKG&6hV$#R7Qmwte
z*`LUVMXRQ@)9Z+9(kmKZ4R%dfkI-$_H+gLrG82F1M^BzsX@|5vKo8!j6n8IH6}_}!
zia*QgzO<Vjq|}($5Kr7%Z@Q~6Z8I67yuIF`y@hMltD2gJs(q<+!A)ebNQdsHm3)hk
z78Ovdu;z-#xCP}8W-^)F%ZyJHt9DLUnpKioqyGmy`~J-%QI#}MvLsDNrVHC&P(IyF
z9Fp5wUi(s~|4K>&y;w<s0yE9y+O>zXs;h*P!O(hQ@WJP`ssTY~x$#BJy3Hua0GU!6
zW>nWhWBRy%o8qa53<A#A!ufLy69o67Y#UQ?^fEWZvj<=58f6+P`LrdEGI7yM>$*3f
zRxkJa`MfjqnYiv-*lPFo^=$LmOLY#5t6hA~Jv5bvHd@=SL3$|pX9f0St6om_8G9JU
zDymAb#lX5Ebk@>p-LYDQn3T?7e6lF(<f(T^lb3@T>)=>@X7_IDUd;x78RR=Q*T+7V
zxTU_P{gZY-O-`>)yvNJy)H{t%R~SJ|+9c2QB*{A)>a5Qj%9^|#G93l6p(r4xeDQ|I
zS&_KTyFUkh0((35%r+SddnxD}GqtktrsOxYsJ=q@<}Z<~q>0lBEFdDuyOfATlia;4
zhEv>rBgMqqll6?b>9V1TQOrncl!b=RZ!l8Rf&+E2K5fpv&xooTrP+D~5^_`fsOk(m
zjSE=(O2Fx&Rp{3r9&?x-_)Ijx`C`AUY=xBH+Czo7oL=7Zq3!u|3T}<rG?g{8YkMwL
z$d|GkIRqeJ>@5=t1V*OivO#y+d^m63ba+PM4D|r=Xjtg{9QLNNt0i}mIHTch@OhJn
zu58aG-YBH$W%^qN`8<c#xwsrhq-xULkCXFMSszL(NPgEQMT=n+5|}J{dDYz2Ww|GZ
zH}6P<0{PxSu&1s}oA7;YfP;CW#9^jZ7al&uO+y(Z7I%rESxlh5c{R}5v`jXAX4Znj
zQ^F*T!BmBVyzeVDHTB#cT$#+gv4)F+`y%~m8(+le7YfAJ9`A~ji_ZzV_BC)|IV3^j
z>^N7;Z&P+GAr+KrHQ$rxmX^dBo%&eytfE6I&zvuIrPmYipC+!TvRF{^x8FarXHYWI
z+GoTPa`{L)cMUGX)8sTi`95cdnWv^$Poc-MFG*Y@1b8Ar^Gbv4D?_fX01t8ArLhk%
z(rRw2^`dCq-JC8Omrn;~E%J?}f>&K>K9&SkVyiVvq1YJ3q_GyGzfMCpEJl9&qo-Kx
zRzpgiA~!9{ho0)lEv&kptZywL8oQ9UoOz(<z0Fz|N^}r}1vGOycZqvoWI&%By(p%&
zlP@1bdVuN9;GZ=~lTdi{y1YRB2AOd=Xb^glG%>N2OD21xHarvO>X<bip81FWPHIU=
z<#mj8AmE>An_9^EeaX%KYcGwS^4WG4oh{8Nx<xQwSGA!wh>9F7ZO#jVikgC<ji8&j
zq~Z5<=QD)MUB@Qm7$-JktEN9&)dYn<CX=&}sym!OCRRMINbQEQTvWSpfVV<_<3qi%
z{Ip)5cd942=z5k$(>Xkg2Q9wlyvpKKkAIkHrqPMW?sl=DLjN3fJz*=*OC&6aIaCl9
zm%h5@<GFO=_;MqM?ZD0S?9qrrT)(Du?`uhfp5A28gThTR9%xb~8F^5q=+-g%v(OF$
zby$omx~f)9S$Y}lZQ!Ep4T>y9D9^;z{Nsw7Vs{5KRW;%M9@8&V$*q+bG$octd@~RB
zAIFVny|mVS2!uX1go*9L*CWdueV%MbIhI)TPmi25ANBXWuVCJN(oXV>i^p+Xr)4x>
zOuMJ2Ctm_1aAc#aH+w?%d+Z3<Ffrm8*2^00AAv7kCWx3)KuAoHX*9l?ku<a6aasFk
zOozZ(C4TSgsW_L<S1>5RLQ$}MRyN)ZR{(mhHmy~8HrQcjT8Z}A(e;Ea8Ybc{7zUhx
zq);ql9ynw7$><RXp_4~E-11}tsjf@cWcY*sY7%Z4rT>ynh50-It~(5><8kys1Cy#e
zsrzU9TlM-50UM$*4NYwmf~=SK(NPeob;|MRn@nbjLJbu>?KjNEr*A2h^P^CeOQd-9
zU{6TKU|plO-i68~wLkrIkgBR!`%WH~JlCIMAOSf$pCg-+`zDpg*@?@+Q!jK}mr-zB
z$d4^U({^FehajD}0)maf^*GJhLeH9Iu&>ro2`1amp0Hau)cMMfm_PFZ*OY`V+pF+q
zt5vBzmcR)1JU@v5UNd67affxoJH%$$oYpBgdUz)Dxo^7h>yQrdL`v{L(VlQB{Id^!
zc5<^|JSD<}#6pHdsT*Xx=~f1-g%%9D2u4JHLH)x*d#08^q`UTG0`w-<P6Bixe{~<a
zCB@B;4|wcg8Jcg)2qN~G+<^J9a#6qv7RMc+OA;XOZHpig&2#MF@?v^ifL{Z#)7LvV
zd_yqxYg+_IqiMV?<ZY}AbriU3dGgBK)%B*SH4wJfW8Gg>xWHwmYHn*jmMVQWwz0Z!
zV?Kk9A&6)bpI}RW`po_Q5_LtY#jad9GCS`Lnc44Qp{0k%k84ock2}!K!Il?@uZ%OE
z$nhaORb(*Tu!kz;%uOH9+#X{^Va2ve7W5YyfGr?Nup7u7gExMY;k_MuMH}sNU(=}!
zDv`jbN=|p<v&6Ig&j&OqP_J+k$0FP#7uigC*=v)I5B2X?FDt8j=VwPYQWcb=Evt_E
zu5F?MXstL(Gv04>h^sK^aqDTvR>URZ)`M<?ujTbrYmHn(HP1mCn!fXGWsu4(#^~4x
ztEx3tQOHx!@Q7qi?j7<(R7~FnEs35%n9q@#o<g%oY(I{9LBE_>ZlWR;T~?(Vfe(=z
z65363bmZnR?|miL?E9-<R_VnG0sj_@75WuRZnp@9Wd6A+pI$ipdQ=SVWJ63?rgFSl
zV^k83iWKiuD%n7ugRJg@@NG81;!n5J1KxMTKT_{IOLNatnnh&oQ%cSo8=U!iS_47$
z_vfy>o$Ng$`Fk1e@+EfVV1>s<wq8qRC5FaFVxV=mx5$Ve6cmgRXe`7NDx`SFj{464
zN&Sis>&OOjz9Lc*NVtr0?IklwOYD9wHA0o<qv7r?A2lc%CyK6~PE$fEc*qsg`vO8j
zq+8m(RVsB&@@1i4YtsXmIq}(SKdC<uG}Bg3cveoOdk0{0U`&(H-Hr)EvdR?b+34!d
zV{ec$cA>9dtt{<I$@HgQG|rIg?3zs67NP5jv!0`?!2xMFh9i92fv-39`!x%Ue%=s8
z=N+cC6c>0bPMLn_H-I3kJ!tJ&-_6)v8?Ru2@fNg-q~3idOd}yL37)yS!hj6xb{fgU
z&VbV=*`6p6y#PC9NiDdX?_9jBUqO;;iP`Lnht$=A_uiT5u{7EHAt|nQcFda(pA;-D
z_2X_mkYF%QgH1)Jm`Vf(HE@SGgbICpcxa^BrR3ggv3r#fVU7<I2_{iy4j%#w4{GwP
z13of_m$zpgQNc7kJX`^aGw~o!d$!Lfn=PKR+8LIoB<m1&wK1DV`TfD97$u!m;bY^)
zz%1ni+B=CvZtq17YLTL_PWSw#5EtDplL;m5xG)k?OqH7-2<Y<7_jO_vif`J;W5j)r
zOgvOvsOo!|X|;IYqLvNjr?oqI-YDyZidK5+Vi}oav@_uHg%-AM3?`b4CR}ncz|PX2
z6g{2{IPK0!C98d&$+QJcmUiDV=#9~;6d;_XgUyeI+MR0boNeYRb(+j_W||CbbBdL0
z%kQB!o$@Yr3F6Q3ZuTc<dbJ)bR>w9Av08MEijnI4SZ-?P3SoL)AR_!nthVpPl8xRT
zl%%IWM`Kf=hXe)l-HWc^XOp!HsYr^LWLT2ZJi0~t{8B?68glh_<+f}qR2CVV`OFgp
zC?ZqdY;N~Pd)s#A!jscpFCWjC$(~l?P;S*02BnzQ4zsQB^5e7fa^UKS$(s#-VwyhN
zd_JG8f5+DICC%D&BmLtNij`N{)BRBI<{RPw)dXFGff|>?*;i-nEHg;)MvgJp4YMY;
zEQDzs(B_#}FupeTc!@XgVWp5^vQYJ`?ww%#9LW|J+>%>trgKkOZkbL$XcYEnT^Kt{
zVslg!uW((`>L)lPr|<_2spjpP-QI&pB{K+u7-q!fuD;E{pm#!GtLeg#$v1$cjy@r)
zIH(SU=BRFXg8QL;hP#%X^Ccb^C{!pSTU~8rTd}m+)AIIeCsjWBdR1pK*83gJ=McKm
zs%DHt{$!w-xcn8?&2#9C5%s7<nnzC$7Mku#0d%~QE4w1OFnBGAFWt+}y<fh)iW;h^
zHJ^sH%2)i#?gr(ph%Bjl-U=o!LUybcZ>C~4nXHM0LiYF-ZCH^;{qWmTZGI?8KVDC+
zhRV8bgR91VC(aqR$nsYZ)~ZLlFnZ_Q@B+DMFCCWC)xgYjkI;cl@Nnea%~{mzl9jr_
z3rL|}9B9>3?B|D(D90)@Ei=Q?lF>O8GtrPiAn@V=QA^?E_BBEHx<msHb~5RSQ#%$d
z;dXVQ(&cqG3NInm3NYR|-X>?sERx)rEahpaKHa+VD!azv*x)Nnm>=FssVew-*jmct
zZ5$@Y>;|C4iQo$3b!$Dkmk`GNW!U00j{~QScTCHFs02j3j}pg|nz%)@f1=QWbz5o2
zTdY6ZY?f2Y4QAhhOlj&@Nf-q<XpxnW^*qg2tUIl?CPWMR<WBueJW0YfKEx~V(MNd4
zi5}sacgk}+zFb#4s_n4HHYBE3KaS)Wu*LosAQeoTV}XBW65wPqn``8IvUaxKP2(_w
zf;|<|3+*e)xI=_0Dy?8IxSx-UYpx&K_Hz&yDAE+*-gZUl_5jBTHQwhMJ&GQTjpSBJ
zH8jhNUVe+h5((cu3(d|>He2jwQ*7}<dZ*Qvo0Ig}u93b$P<4%KO#YM6{1!z{@K<BA
z)9cY5e4k9<7%4^t(>MkI)}dRPgk_5-LpgAtRr~sQO4G{_vzizX({dft32*^;lNX$l
z2<q2uik$Z#h|NXT;L|7%eG`P;)2P)h$(?U!MmTC5)N8upaTGa2f&%KPV6M=+M!Hk#
z&>Y1nxhox8NfY}1(9pa1aaXw>t$^rQb?eS@xLI{DN#npobh(l;?Vnr<h9^^LL}|4e
zWg&#?N<}H+csi176T{9S;Os<Qn!%x{z<Wz-Y)I0RNQcmiGuA9Y*QB=uI_X@;0h6&s
z)-Rv3fEa2&Dv^;+ejfg!mVl0}B1PCVrf&F^<PVC1!xw}f^yHA2V}hp<Bc@81rB6^$
z!ibxR<Mr|U-~Y)5SSlraBwBf`uBz&7!o&R3{R=!L=N=g;38oy8Z=(qkQikxTyp)m8
zpFZ?&<dOejqx@nK<dJCYtg!6PSIfItsK&<#RaLQB(>(ik2E$0eC$Y~<?y5%_X=M<?
z%|Bjy|Mv?pk@tXt0P!(DZ}hW(um8@^$inhuFc>6$lZ?P4Nd4yk|G^FTv#+0Ce0}Dr
zD=0ZsI9t72*Mt6AD%r)=b&r1C=O2pxQJWCTljZR63M1K%fYgU_d%b3jgHeS=lUEb~
z`?a^X=kb{2CH+zMZ{zZ-W1e!TUAy7^60KK=SX<kbCQ!dXGJAV_>yzVwlOZlZh)D&?
zdbM$u&S9ScV}>tiO(p)H=KlS@-&LL{H(J9256{oDcc&X+50AuP_)^rJC5DfHA7Orp
KFGZiVy#60#3@|DH

literal 772857
zcmZU(1yof}_diUEG!i1+-60K^l5UWYxHKXi(r{^{1w=qvTDqG{sB|MC(%s#cd;Zt&
z6TfG@?^)}dnKNhh%-J!Y*)y}FwKNoQvB<HIkdSbdmE?7hkT9;1kkB-qK0%a>0l%e@
zkg%HU<>a)K<>Y9!++A$#9c_@1l%iA9F!Xd6o=1*%?!|v5KxWGqmJvfP44;sFRu~rl
z5$$O>fv#2!M;L?1*AE|p#l990qf@*({9s8z>`(JiMxG1<TS#vi{kethvfoK%bN$%w
zmEQ|?xq)MCJ5>ORG~b#EBfTMRuv)DNIoa;;2TdjGRWp>QcS*sh-R{2pm>l%<#I!<t
zfHTc8ed~v%I<oSs696#K-NCk&K+1a>o^r=;#@ySF6pXA%pNbkR`{D)9XVss#QoVv~
zQ?$KdR#{?WyR~8so0!G%JMxNk&zg{sG`HQ0%8)*0e-vTJOpBSJQ)F;t*~b3ybcgOR
zH6!DPVhfc8Hlt$bsbQe)Ie5PiUTIrb$DEe=Z8N$vj$&DpHRVH#D6r!Oa~URPW1izx
zd?Kn&P8{uHy7?z)d;m+kPQ=&imJ$1I<8C9X_-RarbxvHi$RNKqv0d_=36#KwYVvSG
zS>xFgR*!IZjY~#sYq)j_=V**xRVKYnJ#z*}_P$Kgvx2x1Op&4cR{Ke}lq{~e?8-wf
z26k)qsLD81lBA)|r{6=mbPt}ej??L0r*&eB4z->)?9y(Dx|ZCNelXH~X>&HTe2W4C
z%CcVAbjcr=o2b&qXl-N5hYYoFimQkkBuHfGdN6#lOCQ5cNVg_H-;_qam3~@>gnCP7
z_JmOyt%X*R+mN1Skw9EEnSrFZc#w>9a~AUjCEvK$lfIs@9`xW^af!1J9R-Oi>K}q^
z*qfT3AdPPn6cn%&TlNSeiDaQ6)w;3U^3fnQ1|e~0Z?Y9G5Y?WwM<UDTVZD{6*hRH6
zM|S*p6OMg~B-KrW7UoKTOW2LljcQLzq|{?sgH!S3E|0(w#aKpk9{oD_ohtz)^5`m~
z2nKg(`RbDvRO%4t2@JCkx>MvhX@c-DRsxc#NE}+-0dn`?^pB*Q_z|*6S}32;iexR7
zkh#KUWh1os^ze=%-{tj9xb0GUlI@35OG{25T|U1@DKO_(3%fEG@L?VaH*$SSi8~&p
zyY|YJI}5`le0Y`p7U>UKZdi4%_p0+Pi9{R<D`89mzx+a8I;#*nW$FhN8D(t_E%Z_y
zJ(6$Kzhd^Kmt@};JkidbG!!Hmm0rw~oRHalA&B4kv=gNh*)*X_K{$VLvUx&sm+sOV
z2fZM+_GgQgNV<<2LR8E&x-kn;_TNpq|MXm1NSW6fip^3U#NhTan@`uO)>71n*Wk|A
z&vQHSc)f_~v)`z2%V}|?BxUK}+GyIqTOC_<UcYzEJ!R}bUPh(~*8CoO=5Shc`vztY
zQx5<Ih36^oGPMx(Vg|_K<$tJ2n^0-d*ky<#_!Ye^uW2dBm)-KkP@#gwj8=-diy=u#
zfl+vhGWlaejGls+e4G3}T_Cf=$I1c6bBVgpj--y<fX}dCSb}VRx^@6-G_j}+Ls6uA
z&iSWv<%n;V<-OW#<rR8mTJ}1vW#?~F^WJ?M(lO2ZQvT+fpWap5ejd5Zs9JpG&)3HJ
z`uScaM>)T1#9l9%Nt#IN28Q`n-rHP}l8fL9;6iY_6mou2$6t_l>Jk4+A1XdCbtv;M
zBP|US<Q&cVnO`)GWshN>-9V>~tIjfNILh>e<V%TQ`yOi>S+*SMWbCfuuJ<0ecu(C*
zok-0XR2lSp)SjlX*x~LiW&>6OdBgGBz)9P;4-R&3U1ptUgT98%)=p&<)EnBBjG<@u
z>^1CBPy0?|7t>_GwMb_hr{ZT!zqKpgd^xVk=`zd9k#}id_U)7jZ0kx4Y72^n+dm?s
zehWzpnaKOT8rP#5$sG2BfN$u<Q5>C|X&<dz#F}%TM&C0AkAfEkFBNbVG~=Rws%;Q&
z5N-%<&=H}g@TS->zh}l*$1GNx7Myk}rYfcx9T{C8nay~a*~vS{zmvZ6WiA8MlxOH;
z%vo1j*Wwi2X#K|4@VKVK0^L~DxX9?Wp=onurD;XPtawGct+{Q>D8YE?7q{_9$G*D3
zrn36I+M>nC-&M6vO@Wfr*0$>-qXOc#LCqdbL<>ia{?^qNG>*`pUBBR!VX3I&`MqmR
z3_tj~-HNPYHz-&fSVE>XN*>1ac6fK*k2#I4n3$Lra$j+yRxwv8SEW|nqzl@jd7xe-
zQ~VsAb1GU?ZXQ48K6bxhIEMJm`&j$T_;sY)NU8EVoK%=;GH6!qIFCE?L>eT|jhihk
zM=qP3u%FmT{gevG4U~H1RMi(dKssow&aR$mp1fgL%<jwzoW<WF-8ER9+pAuq*#I8{
zg59jNFY~y~StmqY?N=9Q)wGl*w)6ZcCGiq<`^d1oaLuUyP|M;)W3l1;K7U8Tj_ZUQ
z))(5>6fT+LBxWqpE=n2h(c2sjisnr;BzCjJ^V0a96(c&%aKw=I%1d6m;JLytg}@Kj
z@!T;%#8%G=KG?^;j?X4FCVJo-<Eav<5)ZP4o!^#YiedJKf0j3~bX@QHzSau&XdXMt
z+>zjcEHB+{U!;vdJEZMG-u9G5e8X<VPGq)7UQd3P(&gUQ`ufkBwT8RRIYHv+;!pn{
zH*0C97-%`6mNJkSI~BK~SiSKXt};~nW&0xgFxjRWlUrs<)<A>%{<zb)N3w#iBHD7y
zQUYujErxPgbk5^b<8P9GG1Y$FRBa<|<@w$AR*9T`i6zYX!iLM8oc?na8z(V{)vvCz
zj-w95m0%j+8GTQ9mh2#^FM8l{?}6$LF^Vx8GXC8(;<~VJBROm|>|GtK&shD|*uI0`
z#b)JO_v>Hf(d7dAK-*7e^|LQG4jZ#g+k0D;LkEv^r%`PIsR8!z&iB*@UXLH(+P79a
ze*IUAa}b_YQWLfY4o)suTS)WTkmfZg^--{m&&J9wNp*5eeO`TC-CNk-rHWghXN>E3
ziLj}tEL>Yh>pbY7w=zvNTgBUn!CBYwfE%03VZpgBaQeD>%YMt7J%EFp{XNH=LC~L`
z6*rHP@v(bTzjiF|z&oSci^rvq_RMc1-&AhQZ>&#zyM(=5`gumc@2>X_IsV)@L46?J
z@2%ha$2+L2S2{asQ<;>MQi$-LbjODUVHoc_?RyJPP+;MQ$i>L<;ImM5`7>@REoyI1
z-dh#-vs0ACqpNG_YD{Z+yz%f>l~tWPTitM~q^^u-anw8n+56P3f7&klI{kgxw?uJ#
zGlxuyLsZ;{`^v;+vA0QaXJdTDId^*5mu|DSC>EJ?+`C3>%;dbo^Sth1Yr`Pj;7fIz
ziBsElK;@ai4wypRR4lWq-OQzR&8wi%L4R&9b6I$N>Ad~@nb6MlFY)>l&!zZQe_*-8
zf9dA#1}s4!>2tyRur^TeI*~6CJEv5VE%4hz!@ltF3VEApo95N+m5KlJt3z#`>YHCD
zbt};8Ey)rIo+IJiYTvcf^-byS?)Wqh@O5W$2RYdYAorL!H21tZ@p12Br!oIFze{*Z
zxWGlYV>+lA=$w9NTKlk8Lc<S=3*fvhd@Q>cxbWytYvFlhh=s0qeGaUL&E89HK5R^m
zOlo5q3{j<_uv&Msu_1LV;Uh62Be8#_`{2PMc-<mHw1U2Y1}D<oJ#~}&q$;`obMx5)
zCsNc$izY0j*EC2!3$+{YgQ=)et#t4c9d7vg=)rtf$9&Y7(VBKM!I0nKRe<UWa4Btc
z<pKu-Rro&UEwhFQM>fXBP}x>p9f=*0e~N^LOpb(($RQ(cDP)TO<`s}xkx>6BM?pf0
zvPVMucO4Bx`uF;Xxc}1pD@9F?M8ZJ45h8A%Je2>`#<<Qy{ZAh4A4(ZrIb~%;C0#3b
z8yjbjw=SOh7T;?S1(>c%Mjl8=&zb(-$jUm5r-=6F?ez>j4b|1etX!P9Ev#KEZMc1$
zToJXAkR*J>5LqW1PYYTfCr4)wF&|0#e`<&!@_&nY=xP6{;^`nsZ>X+CE9c^FLo3A1
z%gswKg+)tCE8%W!E2bl_@NaU&n<V{PPfu4d9v*LRZ*Fe^ZWnhu9zIb~Q664?9)5l<
zL=7$vUuRDXA1-GPhJQ8kpLXPJJgnU9T|MnxoN52IYhmf~-cypE{%=SBz5ex|Ha_<M
z*ORlyzu7`C$n*CL4<9!#&wtxSkV^b571Of!v2iq#w|7Fw4AF-aA0IEj#6JZ8zfb?y
z<^PZx{vRnnuYkz^lK#)9|1arl4;yzm7birgo>Kp(uzwT(@5g@=O7Q&U{eNWfFG2rP
zijcGvmITj#wI+o%<8nWZP$Z?jyrv!^MVQ&&3xx&oVEtE$$Uh+va?(a4K|+#7QkIv|
z^Fcl|#R%5yzsMCgFzwkpx-=t1i~c~(r4q_2LytzsD5hP|T>30j9*a)t^%Q|5A^kJ?
zlg^yu1o30wZlvp`^W-i`>4Osdq2<KiW#xEm?C|*TaBQqX)7tv8&oh`eH%;fm!29qF
zyNezS?W%`++7bE0#C`!(x3f9Yah&O4G+Jcp7YTaHzI-DXZtCxX_%ziV){SmI!<!y`
zZ^*n}E&`lDEsT^Z1US02>Id_`GJ!RoN2Nk5V0%h9#d3ysi({Ze*zg#LPwMww^Nq<+
z6=?p7v>k3ew=!}VlGP*O#%*yMZVG8QNc4J~^dI>r{Z$28ys~SD;}{{Dy{|WgbS2K^
z2GTPyy#A(M7_{>t;T0bZjpxR9cODyX=ZlrJ6(VcP8=_<4n1C~Xs`0AQiXOs~*mjom
z=uvO%TtR_`iOeFX6Ql_+f?M5H-?U->#P(P?>ra5{!)wmdQbDE(yMfK;&DoIoyR>YG
zAM<Zp+d*_TaiHk{KgZT$4t#i@VhSnPw4S3mx-T$=G#-qL#nO`<-nW}Vnh#FA9+#@1
zi&r<9y9g0K%30g8UQharnlW0gGOg1~P@`sX=Urs9>*?9M?2`wK7tGtKRFSdb5@>97
z;-if8a_Bz8fu1w)u#8~Vo#IL=$s~SIzkhSTc)j!V#or&6<Ceku=9mJLA*=FjhRsdL
zU|RRnh{NC9^$mfCXsC>)UDZ>iDq;3pE~yPiFu4+IFSyMP_z?e7-XScd6B)tJ;uS_a
z-109MvFtwouu^xR>Ge2T1^V({p&US=I=rv1VoAdJhYtsD+Avtu6~2^_dF=^XoRqeY
zvf-wyeqa{0V^{6HATGr7Nt}3&{ThS{Q1c6tr4>eX4WZJ$B-5Nj?#FO`d>OC&?!5L?
z23O9?JLwf>0Ye#`5H#5}GKZWB)Iwms=dzf41o;dY!pj*FsURY(^JjBIH2QG&O{PAw
zf0z&lYA$%P1v1J~vLVa7{S6nIV>Ndey?>-B{!xb`ne)YJ!8u_&+-43qyl0s&%7$bn
zp+ddjPCF}J@JhL&U%>noMgoGFA63x#t2C(h;|~^oY~qLGD(mbX_i|)Ab~GFXG#md8
z9(3Y1ubDj@;sIOwu<`Zb6K3R~Y`dNI)-?l?Yo+0E*!ZC!M8b8V{&ckJZBaoHG+Aab
z>OV%rgMlLspFbl#3QmrG#>tvv_*WhJa6uHJph{Tf1y&R&og(N6)~7cAkL^!V9l{p>
zF?>6dntu!b_m$#+f-Tiz74-L&fvHXKNAtPde{8+!VBG6*p$ZDLU*bz8B^h<MmYUmb
zyzIrzXf-n-+d#MqwhI#-?#Rys=uPQXxf%VadF=%;4gRzae2@sdbu`P+;~`2B73uvH
z;qo7O?`}?=gT>*y(q&<6IU?cjR$TiH|7}D1a5NASm^QQKym^>H24_t45Y{&aJ%mk<
zK?kvM#E~?4)7FT+9((>uvm_jsTH*6*dp3j|FFzoRGmP{57?f3;4fQ2Qj~CoxhbGd_
z)u-_Szu6`Dg%@0ge*P}%@0j}MF$dxWE(dW8VBzJqu6i}%Lw@|*;n;k)Llj;@<Q#z)
zuTyyAg9L?xEOO?~3UW^~RD!@H33rp<chGu8#%x~*D7Hjs(udI&Ciy1``D~9)tu%oy
ziJITf!xd-Oyzr(K=N;z5I03%HPw_wgvO0g3rmAC&7YY84W++fAVCrk+0X<_NkwK&s
zJq=~&=-37~=YRg&3%<5T<poDSHs1k9`xN%^9l?nDB870{5QX+Tx&J)aUnB4<f%LB^
z5D11CQr!zprjRvqR0TvHMXcu4uF~M=kiShfx5Ej^GBRca_ii^gdw7>JqJw=1vJ#%&
zCN*e!irP$2K+k#();Y2$d_x<TZ;Qjk8NSHh$I@W0RO+Zg7U6l_&5z^fG{ca80F?x<
z0w$9&c%aiWJYb+g!2$7o)<5xMC^r(1F)kI#244ItUbmlv2!tK{Yh|Yj?Qrus8XUWt
z1D<~m0+uS@#VeO~c%pXCKBxlT{}jV^zZ={R|B6zOEW`2)v(RnOY7VR>pzRl|@Q<cp
zO9wozKU_GkC1ZOXeG1#BLF!Sj@&q>2Z;Qbler~<(KP_1Le`FpHMn~0CgC#`Q?kDf~
zcm=;QD+OB&$@C2MVx&q(qWxx^Sp3MhwlqaE`orF?W8u2L$?73@3-lRi3+N&9yDZL{
z=8d87si1=3I7w5A!&fGR2!9%j!;?`kFKf;*N-ehVkDlwpEytx-5Gb7uEZkK`@qFQ%
zhLMvoSUgou-w-Q^$p*p*HtB8?DfYIs6mmxrb+l=YZn5_fu+o4I`+XJ_*k1*izrt^a
zubsaVuuTV3iN@sx^}X1L<M)E0(+$WS-a2gIPqSp@to@3wfE7`p5!arxyopK$HM*o*
z{1^h?n7{?AZmEhl1E+hk-uHEXcZ{Q3Zg&+#fpmnU5=Ex}?iFoRa;2%VID8E5p~@FK
zGq<!oT;>djx@3%r63nqvg+xiHJlpASf_}%1pc=Xc9ZCL0Kh^6z(uZ&=$Uoh4K#cCD
zhgPDQsS}>s?9e0xJMGYXBFic(dq#8Wumje((25ZOdBIa#^5^eJcP+>xvLOq9=PA*E
zsWH&ezi<U%f(WG_-iMh&T<y}v7<F9`ip((oeTAVC4?$!R5NL9yJFvR7D{i85e%NsE
z)I(rvb0kV5X-Of<#m*AtrM)a=N>W><v;++=_hIV$ZEs9hPmHYXe#}Jg7F)Y>`I=sL
zsDs+4Pysabf!>UU`+YQ`XV~CqyMIB<=93`-oa*lKKH&kTzy82nyXo#k0f_R=;q3-q
z6C<W^3>Bmj7E;{JUErR#Cyt;tz8fCO6)QHpTNzr>hc}%!r$P~UDX^o%H#G+JTpId6
z)&!#X4|G-&$87#G7;6ea%wD#&5o!oT@~s9%7HTkvau|GCQhly^-A|n=(RiTZSy7#}
z(rI)}$EiC=nA{~zw@`Pgx^R6bF{pKk+!}Bknzhi_Ka{Hv_q?Bm=)%tjvqZ7uwtFN7
zL4jvGU+7n}-$ST4S|q?xxl6I*!~<k&hefo9*sertsG(QwL+s49y(qjdh=iVfr{Ky|
zNa%03w_*mR%y0I&vvFAEBpmkrp}H<U4XhFXVduX5N@^d0QB>wD8!Tt6Gxis?7J+%W
zQw%f9yTmQ%Z(>U7vJu_PC%cw^Cv{mV83Ybv+=rX#!|TpVG^#6MxOD&VpAecJgC5<7
zF;FjDkrMP)foflhq$sz;w*{ZJ!{5$<kM5zrAdH-K3s(l^z<v2Ww2)0#=`doL(3?wx
z{qm5W4f}cO{IuP7(Cc><2jH}eo$8^USJ;daPT>{VB1Qozw<<nA)d(BC@tKIJa-AOP
zk4~zaKv=CeNB0O<k#UYK9_QQW66YU3ls}0k3$s4AXGOub*GO5NII)4aib!nobkC8^
z5~=T=)0C?8DInt<laGG4X;IK&TC7}a_dOpQ_Ce{6jd0mLCLBOW0UBQQ_92%vvliC>
zFSJIu0R(vx6dkPUA<A#=u-(H_K}70L<6Ms#aQ{rGRlr8!mOC^E*M^wH3m!eT%Kt>5
z=J(%0(5fo)mf|gqNkI?7>-op^`R8FC=>>m9?`qg>^B29<JChJ@(4DX^N`!*hSbdc`
z-DTue6k``W`M3v0_=UbTOWa+Ln^K%^D>D9b`5fxje!f$k<tc3nN!{S<%DO|?zVW!{
z=sB3D=g&E~Aq5}+qDLsnPEcP321txvEjajih=2CKxx~E|+*xlvaAy{KN;4SKLc}x4
z8*d(NMKXcm{bJUEQa!6wk`7PWV<*mx*z1oS(RwPH+f_Z0fjB6KE8s8iI|91YR_RZS
z;{Iaf@Bi^nD`BIeF>}_vzD*bS;y~Snra0i`gBa@nK>T1_ycyJXaI6ZtaHUv>5oLgI
zCoTyl5C-y(3+*_U+k@31T3`x+Kg{KNysqZ9^Kwj^7QgZNy&}hzlWL+l`<X^DK51!K
z-}f@n{(L*Bbjg47_b-v^n7RvyH~^fC0)cO9UBbN-WBOysgW6>?pP62&w?1bOC(SUN
zvDt_Lla2~9I1}a>Kniy4^xlKQDG9!2Cw8jjcCu)(^JVhf4y1pgB{N???|E>KU<-=i
z2twe-6H6n6kL&I70M3_f-AWZ2Wu&FmVpa<R2bnbYTtl{0BQ1>JC4X{=YhmChK5_WM
zS?)$dnwr%X4OXB+g0A+@A&5TwmD~i7h3j)gf>*8&pX>Ts&n^z|1)y^FjX@4!<72?_
z5p4Xg-@?)kFP1Gwz%9ai2O=qL=YX=bngd8-uqn`RkZb!S5qw1C?eZw_s)>`Z5dy8E
za(n!60d2TDS1M30uo==--#pK#hqON4-C-!1IC5@({%4jH8TnIl`4IG|O!DAtR5m$h
zs_<JbKpmtl6R%|IZL(W%;~I-W`qeGFl@f{ZEF0h}*ml-PL-YF_ryxKV5bl9wc#>)R
zbtyB%8Rd^Co1Nl0nqNdKYWT5)G-Z^e;cc@rz+a@QayP|fz0%Wn4v)%xaqpY-<;r{y
z;{6+ZY_d=&(@E~WH)TWi5>C}%H}M<-{J35z@%Lxbh9MsTAfWBlJubP!DN`ctl%rt_
zoa1(9G+U0EHA^vp3dA;SP>E{Uod|FN?FTTB)0a;=$F<4sd*@6>w_ENFbPe>4FKS>b
z2@r+NrvLFp{%w0g^|&!x!0266D#WNyAKrWpO$FXdIsO-(5p&O3RW-=(K)wP#Nak{K
zab*B>OYaFe#NbrjP=1P^5lbgS&UH2b);BWc*{^q5%9kmbCU?ddFa|PT*d5&ql=`F{
zfOrK>rfddz_$Em=zr&pfAym{PSz@X)Kwb!5tP+cqa`HfH3dY&s5TrR7AY{A7&B(H^
zou-kn7;E>KZtDy(-E{N}wkUqHa+b{8U!YT{;8O5I?#d)yie*LJX}63uJK2}N2Q}A)
zK#gp>_m_adsp-mO-iN2+FBYFaR8WkG2K3%>ju1gQh^e|>bQ}{0E%S3R+57lKKyT7~
z3E!Wl$=`akmCdc70UD<+vxQYN<)*K_4wred{Z<d3d9Q7N<pJ@Y+$;BzD@gn4u*4hL
zwyr6iDw9_Bt1nIOX@SSnzTRF&htF~DXX`c#^*4FbhbLwaP%^mFo0qBkiD|#IFY0|`
zt$$;908Majf!nrpY~qtw01NCJiK^=8w=L_%vA|O;-VN|HaANZSHHI~t!zriQeC0$T
z@UNHTB6th%dKlofW>9US5JSqv$fA++S@~q7&F&EhqK3fZk4}P8K+esNOO<fDGmIZ6
z40qGB05l9(gey8Hs+Pz>s$ss>TTqBQ-2MT21T;N9dK`e7fCaeS17ZOO%-q-i#VA9>
zayoGfBs>R9?uzg->b2qQaWR0YXbrf*k=!UTL!dHX7(P&NZeA}`_ax@AfC3`(&UN`g
z8n^|o0~T!4D!)i0m3~*;HTsn%#C4K0WEuo8mxIV$;^LkSTs1csovZwsm1E+x5&Ok;
zv;ynoe0clGMCAQ#@qL;enTN{Yn@a1oLg&&40CIq@P+R?5BMiFllYR4j(|kqxDLiw0
z+hJx)`mjK{hI{n`apj~z9Y_zK&e^<!Gh<5YYl7qCm`r4Nz7fZ$c(!ev8gZ9$#aVh~
zND0}xk$|)WYVPyx=ySfFFJWbxvKMELC@s3Tsf$5$Yh@m+FkEbm;i|^^6E>K54{*o)
zzHm9^mtO5k?L*%8E#_J{`X!VIHkftN0Cyn`GV)Q_Mfnk=HbPRi(y(Oe0D+)E6@Fn&
zwY_2xb-!$Ba8AS(+GSDOa1Ol_KgGwx`Z!e-Gn`s(U~|+4zB=|?^G5;9t|3!(DnAs9
z{C?HddCUco0kcuj50fh+5O^sZcU<7`<YX0cLmreLAo{u%atuS?lXR_Uvg!MVlYjCO
zfKtKwdXrUvoTKk6D_|)&jKZk)z69C`EFD}!pwl$*n=TZ9O9}k%98?rsR|<u|8XrLx
z@G~$4aNLa0F9blW2B%i0R))ZvH#gNVmn{$nV04F1TyuT`aeo|60C~Y`H>y)Xr5Wwu
zS+KzNAl;90gVaAvDg)@4#2`be{=Asb4er6~6UfJx;E@!Me$79h;VkDp7+Y)lRE)E8
znnAvhI!eQOohW|1w_fn~-rHb{XM06vJIaJuTT=eXLX22rx8u1^D?A@x(cnxO(6CmL
z-#jSk6vlok=SzFG%@HIcQ)kzQ#d_QhB*K|&ejc9dl|&N;uEhn+L+RFm&im>Ix5v@i
z`I4b&`vyN@elq2e5}%KFg*^<V8k|*OdT*d}TaIdZ$EDJYxaG_C(P&Xcvsji1YS8x!
z@(Xo`T(*(J-4<0ET>JwjZ^~{HypI$3(v10W1(i=rPkUbbum|V79+vQ|vl|-v`p&m=
z?QNv@6X47%SG7)0w1E=D^MciXZoI4Hlqwm{1hcONmw1sZblO3+YF$1ki?LZ`%{^qo
zy+ffr=VSYbA$u_&#$DZzoX){_?wR6+7vlTizcyF;=2^^Rr2FPPX2Cpk_z3Vi1KRIb
z9+99b=!S;|94w38N2!>)=CzvEC(nRZnp2jln;78vfMV>ULd`sgrxPPiSYn^L*X~D~
zq<%jUl|c{<@cY-WauHV1=ATy8DabAbA%*u*&J_f2g0dVKempU2f<kqGzq@=3a7FEY
zi_c<jTRA7Tip9*oNK2htdb%5TtW=)^K=aw$ITQqf8^c}hpj&|T)@L9EB8EzVA#CCW
z+mJngzJDA~0Dgy`EWlR&?)12d7ALSY*TOBgc>b<?Vgv4>JP`D#NTt!VMdc)wtsgv?
ziTF23!v<Dc?uYL&FI7W96G#A$X&ZgH-FWKj`uytH`1T^$GlbKoM<Ma1iUsqNLrtWK
zxP3U~a*H<8^I-@MmrRE^H83nWt&a7ntYH0YXraL7;@dcrP2{1@epyqpsEb==e`{an
z@L3>K`E88nl;iFWAq5fFwBL-hB!<$(8a5;MaZJZjQH)7!*g+6U{RR^~Rq8zvqlkoT
zP!`ZsVSFnjhVl^N-&zozW-_K|Mvl9326q8NLM=f86Ryt;;zr7Q#%K?(RLOmQL~_8T
zcN{txHFLr2jbBi|`Vg_0jZxjHKi70F#BA;BFWf=RU1y?Y&0ti`Rg_J!OCH`yP@Tz-
zcO7(<(V+$9yze=Hon^mC(!hNurmrn+UdpJNX56c56Q$8-z@06{T7n1ToU^QM2`0eq
zeU@&b6oW(fQLv~tQ3|5=l_w{BF@ZRl*;qN8B@LV9W}xg5I&kGstCSgRZ|=&Ub+B5!
z#X1KI#EkwhBOwgAi9CF`6X3!InYDYpw&Vfx+7Iec$+n)}1qr}#`)DOhhT`0ALdP#h
zM!vfaZ(#+feIL$XXZz!W877|WxWKPUFh(KjdP*>c3gR05GMggS_)WGJiXZbBGB7o<
zLLuedSE!t=Q)fLGjJL@m?sc3xt*t!(+^h+d2#Vl~t8S|$e;+sS>Q%ohD;3~OFV@>C
z34`*i7Aq6c&Gm?A=7?2_lxXI@(J6^T!mS?0V^y=-(86F$Pk}4kBEy4{MLiUh)0k7`
z`@au#Jw|O_X4KPCOtm=8F>0da-W8$-B_)w*X{<IoBxXsypDm=TF`lCF)P||GWh;4~
z3$F6Tn?>(|ueDjP#k(y5EY9o94(m_Q4<q-QF-r<-gR&ooFd8Ho+-kL8_JIt$pHE%X
z0VKmGQISs^9!mAgvIM_@iA1uKG$b*^k476(htmqQbILU`CjA4n@$(`|s6RxJ!n%W{
zm6Ie)_EZgamydYpU-368*%EqWRI_O2guLfJo%G`c8@iv|3k%A@G8;fHw}tpTVRw~h
z!disWfOC%>rcRL>cgU_Hi^i+L*FH?8C<d^Xt1*xV?zVMcA{d$vJnPDZ5GrHe>#T}+
zZZe`pIA{d&4pyGsgh?k0IjJb4EPHS6VqRk6nBb8JW>5W?DWe(7j8-gY8|!$+(aj@G
zPv6@E+F;y26h)c(1XTnkJ`(&$T4vIyf&2U%ayq5C&h;$QRVG|j#D7*hSM_KCSUub*
zwl(Ym%E3Ep4E=n(?WbCX)z|&Wq<XQBPpA!G%eVE99~E%gpUi&;67PYNGw?YR4b9Yr
z*zcO=2j)?ui<=)W`fMFm-J*v&)gG|b$>|^cI~haZ$mfHwS9OkCzd?mi`||LRgC{UD
z&-!c4FGQr39N*6rjblG3an~9co~+t6??Srr(%1wDiSQdJoM$f7*BSPvi#`(%Chwim
zDb}`Mtrxuw1!!)Ok&#y^p6y}>lf2hom-e3x(NSJo-+O)vNrYn^3Y`g`!qed1I>2+O
z@=5#2=1G7JvNR9pdX!08Ndh@O7&H~Y)>nApDJ*~DfH!cfP5eb*LDpyC41sIbkDr0X
zv+*IQKAeSymjQJvY9$jw@g~WCz3#j@KP(#(j8}|obf?RNZ3@oIve~uVLM+`7rwU^P
zeIb39ae(4EV#Ac*H|V?8U^++Ct!2k)&zDl3Q)t4g&j)kT_ykeoZWC;#(XnZUyP4O{
z^Ne76bsU@@&P{LvqeBa}v-ROG+(KgdpYe84ve((RL~X;n0^vmDN%{v{QyCkCNm5ba
zMJhZP&G5oDWpKr!-GC_?yDC_;&0k>FiHDB6pj|dBM9$&LHH(AhGr#1z{P03blv@YV
zP}Nm-%i{w&n(|c5r~9Mz45DvD=AWxz&(a0;P(u5XF29(35cAT7xrCn-3%8ygU7tZy
zVMGKkDq?(r)xtX8ExS6$pHHn_N>x?i#g98NJeU5)2BT?A0;}I>oNo_qd<^g$O*z1E
z5F<Xnwui-JA!Fo>$>y#sNjI(GR0*f&Wz+V_jOx$n4xoNCX5?{vt+Alt3&7^@41QC^
zE7d-#FnXaq_g4D%s&qh;xGu&UQtg^~?*lPNt57c}NUHV$Lpk%&!b#%L1RP(*n#PkA
z{(GL6)>~`HtRjcFY6@4ShBkh<8Ude4?{lv{O~tS9#}o1zbS%nh92+~V)(77v7tBxV
z<mq6X;bRF0>h*2p*MOKZyL?UY9Pf2vRY`Eyo>vR&&|~ZWG8CU3K@vDk%3`A6FwxzR
za=)GzG7@MHGm-EZSdDvPP;lUmIfILgc}t`?jZRgI&9hT;XFkbzD2vSLB`TbN4T$wR
ze+Oe1fSetPWW`!y(Y{cC1Qb#A7|z;_xo~z$^75qZ(G3n$ha|tb-O33cf+|;N``wm3
zD&LV<vv6LEd(s?clUV*xJ<eL#N=^HsY+a1w!=R@NEav^85%t6R6lCry9Fi+;CsgQf
zR%fj;PAFy{X#J2N$!~c`9HH7_3aht?|5VHHKv(XwC;Yae<IlFJGUirUrs$HhW~P)u
zmvP$@nPSG`6$;pJFL~Ep{S}kVxiub*W&XO&h0EgB)tO6q9nAJ}Jlfq$UQ~c1$QdW;
zNL+htGUc^fY~1B}F{H|5p-3)shl$_APgkBkTJ?-VuFc#dR1R{%W@f0+whl#k<!8!z
zZ3@#3j~ZHqn`%eKY3+hj$Exv?I_E#-y+3$m;&Kbo1Jo%bnXV4>=4O^J=VZl1iQpa8
zT`6VLwrkN70gMLMocy*vF7dMsuM|bGw>tfw1r@Y47P|F)sdG4y*_$V!kV&5^12k<l
zdYwf8`OBS>WmJXXNOcLXja++x`|*TWDz!OvC^dPgrUOqt*D}apHPGTJ5vt^QN#gqz
z%jC@JV(6Al>yW6_;E_f1IWz9QUJA^Y&eeQ%d#7dI@XlshDC1$zpsiK*fOrklpo9H&
zZk6t9tj*D~9Hn`{a#A7Pd8}k*fW*<9j`Bt&VkzQr^*lT5HDKYQG9B5-$RSj5E8A`1
zi%%uRoI7UBDL%2XblopLEO#qfXPeyC$WZ_-Fm))!7n=D#*mjk<wc)!`ntW^f$m3h*
z+R*$?2kAKRX>3Fr7EI`CRy_%n18ap2JFt@#X00@bbh~8$D>aX-iC9XZAcpeDkUDSk
zr7gm-x5w!!zX*q00))S3U*N-o<|!xIi~<KUS;Y65^dl3q*-L6NB6xAVAYG5Yg1*x4
z!=7!SqDE@MXyBO)#>{&Y$D&Lmd!x8A!slS;Tb~X~wpO3Dx=RXv<jl!+iQ9JAcoEd#
z^}7tofjx?MA2L?Lfue8}pwU44#QgA4dyE<PopMtJ*^hC12Mq0#TnpWvu_X*?t5XQ9
zc3B|g<UM4|S0YKMIEoYIC;BrCb*cqUlq~id&GL)GU<}RXg|8}MPvS_H2Kh`SbA~{1
zzfbI?G$S4bYLH>G_Va*FoOVl|m1mDGq>$z~VZ<7y5Y7b)f4+AO&1?jzLgbJa;oXY!
z*7JL=-ZTI^(D*oh4N7Y^gnJyEtrR8wYgy~?-y>Fic*A*fMhxN*tG&(YKD-?f&o!G{
z0kdZ{-#US4z^{AW*o6fJGMz9m)&5LKb>{_D`CWkK`a~gxKO~))tGiD>{Iudb%~A=g
z*x+@1^xHL$7R5ki-N8~#Rfz#zRG<}W@N})&*C<PGjwCqM`N0S_t!Kqj+dmG9&7J&$
zNNas)Ag`C7Q*N#{X7r6Qm~uCbm*UAy^ndlPiGo8}E`^STMl{M}eFw+i%#vH%!iD=Y
z$RH`E#@vNr&7L2*!Kk`ua`V0#^sy1UL|J0?bLSTD=Ld&s>h|MH$47$`nOez=&50{8
zInpfTDo{C<t=&Y7l<B1Fo^dwOo_E)5j6UJw-g^vM4>HvF)+s`%8hgg?Ew3ut<Smd#
zehZ(^nkYR{d-1L$tvroq@RJ4!)9dX&Q#CuDqD>D5cehviZ+h(rSZwYO&t-D`-0?E0
zl8Yj^QB@v4T9;WrekH5ho)*rgB$|Z+;4|pJfD(DYJ5<4M27<I+c%E3?%k`lPHSw|^
zPCg9JZpN~}Ktxolv(b8vqKZ1!1J$?(4@O6YhNE+gtc<B$fW*nmg=RR>G=VyIGPj*Q
z+mbasxx~2@w!F-IKx=xy);gKtwA|z>tB`)joSMdwspf|46Xhz!+!PFUZyCa38J!)L
zwL5a+ORBBi*&;l(q^SJ)@zR*UZJLNW3vcWTC^CF9d)WFa>PX^tZnurlE#F5$B3@-C
zNu&J>DeR)(TQnxHNm9OdYY%pR_-VRl<quB4)SFCNB-Y1_YB|VeC<JRJ48;B&xyRLZ
z%$sKKS7oJy$=A~DAFK7+J4_P3FF1`ex=qBrPf|1_pNQ|_z$%RR2j`!4&Zy+heq+&8
zVAFduOEi74Gp1aA9k{9E*)X*dk;}wi5Etg2KHEN5E3iLf&pM~|xuIrv^ZoT9y8WYy
zOMausLHvrlb(AH<hvrd3)v7W1rHlDQaaP5gMYU$~$s9b62lIAkI88OOYxZ@(nq@?L
z-Ssi(=?R*$g?g^anW*Pxdc$6KM|2>{qq^urY3k`qL&n_DtCt={BvR5cW%2G!Cv1~x
zR)mwedq3lLIp8&K(fw+s6ve)4qQ<@p6~Qiln_~kZbCx9*okgvxD~hG~5j66;Y;LAy
z9Y4(Ga&@jvNuO13BX5FIVqM)Rk;>W;g7Cqv-WjC$X};E#kd+NhBDME1<qp|aD36jw
z9z@qV98Z5l?@AKVI@}pxFNnID@*Hp6r?;b21vfvw^lSSpF`ZX@xa_Ya=5<hg+xqBo
zcn~;qf%GO3uXJy!XwvZkkDLMO_-DOaDG!7qadpxw{G+A)h~}**sT=IzH20g4GW#dC
zX!>)SC*T<m!?!PfXIGnaz2Ks==sC5m)m%=O=nKO;08vs1`+3=O(J7<WT5+4DjuOl2
zl&IuyA*2-^M|sl}bnz3EQS1=m+4C+UkWl5FGnP^|duuPq@A8GvU<dXq_DGhmk?h4$
zv0Y1Gy<3*alUwJCl2<S-4YOK<>cN)5X&WGfA$m8L`L)X4Y(BcgGc@V>=(Mn?L=>-&
zimmPMAE+}fg@i-Wo7T^BwLaB*@5~aYgf;-#5`pBeWJDKMo?Y>B-YCXpey%Yl5VXj}
z$Hz`G%Tv`^wY$%a1!FluqTD>c57g#i53M(WuA^c5G0=RI7FQX+8=7j^IKKW4k6<~r
z1Kgx7-+XGuXg<Il=@fYvZy&_b@yXM9PHj)f@lx;V^J+Y#^Y`nm+9~|O$pRJ|R-sE)
z`&%m|#vYj-{u*!ptK-u>n2XI`42_IO7)ap#T`o&VF)G^kJAp?K?!n_Pp)aG#r?oR|
zy6Jw3QkR4>^saIPEzQNlA&-iwoZ*_9Oyfd9Sej>FA~U<Y`V~?!uy@i5dt{y#?OHv(
zU2<o=Cgqe#m*IA)s+hWtu$wqOr3yIx^8<S|I*5=k6xa7d?>&XMMca3iPFby%^yBIq
z5Y?PEz#Y*1*b0j}S_wv?)Rq5pQUO2tdF#(|G~TP&H`Nuq2>t}&d~957&E9ZX10CO5
zJ<!-Y{XL+2`-D;maSXrP?QD@Awgq}i<oLYf_%qDzj^~5@7N{ilZxj*8n)|kX0};-W
zg_r`MCd8}h4*g&b$Xnf-bJADnTlj|*J`;<%U`Pke=D387%5aLLpLDg&CB6xVK>%gz
zDfw*T?xX1QgTaQG9k<e2t>b?BL-LB7#FIaCs){(tE#-X4`O+3_Q<vzNDj9?aTQ$ef
z(3Xis$4ox61jqcTjPkFMK8T2e7X+X5-o!^(=BmCi5!mv3?#>T=IwM^5Kz?5hzr?*m
z$FkQan1j|o4^qnsJ~y5-ekLq*AL_?qXI2PQ;jRoCr1-x}D5k#K<!A(xab#S`xghgE
zJtAL5-JDas*<s3gOULBUk#|a}cF6f4RB3B5Knq;nUu4fh*3Per)E*N~C0voKE;-~3
zf-RBuCWy<56f)<S-dl4gV;epUY$j~|Vy*jCTAkmHoxIRz+%4{uH*@sFA>ez)OjkuX
zvnrS7`;2h^H+NU<Ms?>KZjszE%YY_4*St3I=XWeC)0D!A!wp+M%)a@W1=a--ve@yN
zBSllb=MOy=Wkr50g4O{=mOk*)Da0;6c+jMj{A>SkE!D8iRmC-yG=+er{@c5Jd23E<
z_Gg#{<GCNL+Vz#cRWLDfzG4<s60+>>4gAqQy15Cz!jgO;{_a}?KsZz`9T1xqTXHi9
z#|3x$2}<uG)AACFJAYicOYz@YjBeDXbrRJfjCmYEe_NXvTAw%YaJx+N(sZBm)oIld
z=}Lh0@`R#!?K{qNY%5e5X`Qy3(<C)?b~#_!<{d3BnniBA1eag@XFKN$40VVt##I+D
zf?BsW*9Pf0`H4fdZB#iyFyYEmI<@dl#XO5%QG9Yt5T_tdO6_c#T_{H~{__R~jQ0jt
zBgab*HuI&;=3Ee!RG}kqfQCw%pHj+kZ$eRm-l2n3$K8Nd3ng1RC~@LVP<IVxokzcO
z1h~l)bMNvTdkAbhmcdiMJ*J5UIqj~}VTCvw&d^hhr7R;Kc&~%uwaHVpf!IsxFFnRc
zm70<E)TXi)1j_5OPB*$;Su`HCK647h6{A!XE;hZxDoUz81bOQHe!p)wB`VS!(3L;)
z%?uf<Q^fwlokkS-2R-PQykYqcMTqR#RMDKP;dB8kQtg(SNAAHpB@|t2%!763^sHuT
zr6eNXCa~nX8z0AGHp`da<5(h`Wdg!lae&=&i^~w?pY4gSYPZUwbt|yMIT1;^Mg+Jg
zrheq+=_3J|G=r8}xQNY_ZOow>$sES|tU~!SG@_WFC!z1irvT>}kU+UnV@HGISzJ~q
zX~?#dUplj#Y>nLMl;SkpeP@KdAky9SG|A4`>vO%`SOF{Jmma80pyA<$i}0snsy5sS
zpWB`vBDTRjhM_D;z8)p-TvtL0wsyeH@BGh-fzj2>fb^x@J|HBtbqjNqEKL2yv~5u2
zD9KJzbgRj|xK$b3AFfj<2~1DR?<R!s%dz{1hjyBv$cw3QY}1c(kZ<2U1w56&Hk`Hu
za2rgSqELZWg~md|N!j0H%$)+pBukEv2<+{UwCJ|C++F+!8|d>jy=^R1z86V5<a3{+
zVu(N0zs+?~&*V}xe?JNbzi?{u)h(10&lJ5;HLCYQC0ZR<Osx+zb1J_qIe5(2wK{+-
zRM>D_n<M)cFB1_wf!Q2fFY%upB|cS7Ne1-Fp7!LwBfFyJHJ@i}bv^rfp1a;%X)kxG
zcAAUKu-vOnrp=s<deLfUIEKQy^C|-ehDRk{<=eJ(DJN<-a;Jkhz@^g${EstOw(`HC
z%P6kij48T5Rm9=VS2oaGx*Pw3+D4nb2>$><PUHw;y~aqG8^s&Vlwga%-U`!t&f?N3
zY%FXj5`o6020WBst+XprtQAMOq*Z*n1M_&-|JoL>xfxF8l)%9{`B7&rntI*c9Si6q
zj=8>p%-)RkynzA}nET(l<j;C_4nqP;)41xcchptN#kYX6wWUJM#57{~Yf1_Mhhy1I
zAamRFuqR;Zbngox@hXpTji?p9klou?e<lEmzM<TsbQGRM1@m^J#%(*%hz&KJVkNpX
zZnI>oOZiX^%zK&Ys!CTAIkW^%Q8pK-FsT{t7%MD_CP<5Xwz3MAG7GG5n%yPFLpTqz
zXQ9HtL;XheKLL3w*=OKIK%|LfAa|2(o8PMI<|2LrAG&aDx3~g&2{arb)+57^zd<xR
zxkf-eZ0;O94B-MA5t$We8~n~C12RV?Mrl{OLqhYy=L>@#-@QeQ8r(bn9<8FaU#3ix
zfxm4%s_iKj+`&-5cK+pS%wt1Xs$-UbDVDG!w~<QPoS+`O{|9|Rd7AaFkH-^yCfhYJ
z2jipAuu!=|CeCYZ+J!d1oQf;~{UPDN*Y2eLCKqo+y(=6a&N#{z-`5o?Wxj5r9h=&d
zle|w8qhe8tl=#88y>4{p=;$vR_!gsLQdc$ONj9Tml6&{Yw~nP&e%JPQF~v5-ly*5P
z<X0J(a+|KAzOE&HC`w7p^@6)s$Z>>^*25~@cN0Ezr;M<ad(yP$koS*klVVPVN?UeY
zBek997J$M4Ucc22E3IY&HC@jdFTwXWjpa9wHQ>NqLwu!1eYs%a{im0LG3elhhXX95
zv$GeCGx&XO=uqx#1`fN#wu6K51!~p;KMd5Ya3QCjFp#WaMW1+(OyC*oyFN%jO82yY
zBzb!bFPHd+*ge=b_<%fajrSe0U4V=sA&7h@nbQQr@=v&6TU@mTuj5a*i?cQl`Ffc)
z=_BlSIizG6=zFEbva@=d3`zU!>3r)KBUm}26(0$T2To%NX<{CSwGJ6RVqMX{yk8^J
zheZhudb<cK7@D%_T)Z3=N1Qc`(CCxLn6%k%Z*gc|8AVYE*W4-wX-5eUP1%o^6|t<P
zIr6^Y-}e9W{Z+<i=p1FtWA3G-ZV0>1`QF@1s!A#-HCUay@4b}Jw$e|SD|pfz$9<DI
z+~>|umaEnC9Zx)tMJ>=~9r{CRjX~Au4Eg*|y~fH#suR;4yZHvP?)u_7n@IcGuF&WY
zM|X2)`qyUnly)}O1~6eBYKBF94P6*!{Aor;wEb%P7Ht60S8W`(M%pp);4g1zN6#`M
zCWt?5POJ=4+w>FdCB6u-4!OIw9vwP|)ob?cUy)bLJ`C}(E}7g0X<e#O3mfY6Eb*tp
zsoL@RgOj9?R-|(HkjW{*8L(@$yYup*=v8mu)`(9bUxOa1I;TjgHcW5Tgm1!x^N~nc
z?`#JH3a#=@VC`M!D4Zs$SmOmJ;hx-Z(fS@s8vRqwo041z!-+azm}?5lbum%gm%_yM
z-28QUr!g;x^n>e^>6??W(C2rFX{iEQ1VRo=uebtCVb~-iC0JT*vrx5R|3dQ|WaJ=z
zyPuig^s+DUP9Mm(tZh}Kld7oRe2aK&GJTkN*`*4Bu)2dX;Kf3ZgRT}(q&=L`q!(Kj
zZTv+l!QB3Z4&(XJ`%s+I<0r6!>hDAKJf6w$KrxlBKcb$b3#XGVgXD%oZKoM5ZUdjW
zVxO?#;9B!iH*~p8ODSfp=Sy^;8LVnY@8=#>D_otQTV5#aYrrCemPjB|Yqm!`q!q4;
z_(!;_XXli}587HEQ#iTdxE8f5g+WdWm5RbRGcIqM0DB1iMgF|q?=IB-fyj6*eiWiK
zcylO(0q*?ReyUFWou<fpKlk+E>TPTRh0fda>gSco5i8ufZ@tTbRKL<1KlVKTyAUlu
z-LjM3lAYL`Y~ycHAF|)_Y^;P@uIxd=LGG@kn2{tf44TpYGg1l}A~}pH=riKHB5H1S
z<L0BtmlDKBDrz1SqE9oULQ!q*D}2wVHBZ-rCGH}C-7ff~V$6_>)`X^lSTj%*LK-Y}
zIw5n54K<=GM89C{yfa4UUTZ}Ty*xPGcfBNWd_KiPuldWzg#8l-T@+qVZ_vo%mnc<0
zLgXtQCMWdfxZhW5zI9g}n8WbW<^cBUcdV?iI@NjQ!kCsW>a&cSPf&vD8!5TreHic2
zO;Kdhe7}t85)`^Ty*VzTVWZFdrP{5SbFE1EHg)Cxu4GH%xBp3xi&DKpV-YLy)};xr
z&2P%?-y0z(vk=3#yjT%3&!kOmxtF)8SVgzCBR`ajaEFPU8mFoh71?gp&GQmR;7X?u
zpoE47Ev(sWrl#fmz#H*dGIu>j5t2oU$<%b!`gnP=U>2$smD`64_vV;g_wSgg(pF|q
z<zidmevsMbg5lA9kHMr1k6=PK9DRj~nM;%PZ6}2+7CD?Eqe?p6Do#)9@TSO;X8cdU
zDXtJ*O%^x2!rS?Dtz}93fGU)8oj(CP_xM5eIS-nvRNZd-uhk{a%)1~fVE7YVyywBd
zQVxA}A4OkCnBvC_9fdO&E&Qt}ufW4wHnK~xB@h{Fhk)iXVn1JATZ{ld4X)<P5O8u`
zLQFr|xhha841eBL1YP`%2nzg9Fwlm({IXjHU2g)Em`Mp=5zb(Qh*GYdNTrj`rq~7_
z!}<m+Bfa$DDj%Vhu)QWK4!{@@;);m4Y&b7T1t9|cMe<XjC!X+UFQ~b3Sv0ge@$C1p
zL$W!Fj`xM`xYC|()GAQMCU{fbl-Ep^hzGqn^`N4Zxus^|P`FIHz_?NU5^%>vZ-Cs=
z45d#?q)rY{|2<Hg;W9jV1%fl(3Db(`y-75ROTHaoVK5#_TB69Gsb+j__9Cv%G=+_d
zqtEr0kaJFa7<KDla4h%v;M~dOFMF~b8nO$Ll)^Q(t&yZo_x)8oL2`!I#qr;LFRHuB
z+w#WyI~b#yD(6~bn_<~I`6@bh5i-G)JRoi##X6Dzc^$h^e7T)Ieh)3(=yutYsZWb%
zQSGz+l39QR+=OQE;grbTafSKL$53@p_iLSAKvT)>y2$lgM{C1)b%N9{H*#z8QZ!eD
z#M=jMfBbaV^eZ!nSzi-fk+MX2I|WCD;TOFd&fjl>T*PSF?2RPF#N~h5bMj_~*l_5*
zdDrmruFW^e_FHUUn4f<?)h`B*NNBJXdXR4013F`BMZ`BN{y~PQU!>(#2ma^gtUHE=
z4J(NZ8yi(-*4z{AXsSZRVSH58#(Tg=oy0GR@vVh-1ZLJUl>PCZ;X5fzs*Ih-8|c+-
z=3|Fh!$#6Oi1k!xI7Zh53AA>e=hrUo;K$~y?OLZ_i*>$dKA7rcY_Au2<T+FPt}4<t
zcN0kNa|Df^lr67OjDGsQaJpr_&^fE^MW=B8$0ow}U8{7k%}H-18u7!(H|ZbO$<1o2
zDO@N*JjDm--{p~0^4vB#9_Y2)%!6*f`XT4p+YFY}4wsm}jDYa%*91sbk!KO+6`%&8
zB@mR(yEn-YDyKp5i-6@uAA<^9`%}YKF5(CKy!rk{-$}!TF266jcnYsl+?jjuhR8J;
zO6}{(meo<LpNMb=L|Dcg{y&=DIx4E~egCFAM7l&kx+Iil=nxSQr6r_9x|<Q{ZV-t9
zDN(w6=#*Ac7*ZOB9wwi8e}3O*_8&9rtTXGJGkfoQ$9-L|DeIrgM<-2cvy8?cgzpR0
z`im+3OsG;sP>l<{BYGS`x}^RI(yK>XW!aE)vU+NIBB{U0ktf^qlIf3rX>yRySGK6~
z?v9s|)uz2!Z+^bEs=3UUI*(E(3O8=A0^0p{Ve$LLdOlIY?TM&{AwI4M<pAlN(sLJl
zlk)>K<syMprYEWF8zx(R$C7VEbbBslGKKQHmC7prsm$PY6`T4S)>!s7H@hGTzG=20
zAOot`xz=rCxa}<aQkU55ON@64um?QAA&I-EkktOeK<xpJ3BS{Xj>|T$!9Z88ba*M>
z%gBenOUTK|AEt@we-gd+R_+X30_JJyDqldzJhvSt7uo9-rgtJR>zC*0xDs9mGq+ko
zTh6qx&h_Mw$YxxpAGFS<*VfOGyr|7vD;gWWO)ezgkDSa!thmH$ySX`#lmQVePIEL=
z0>;yHKS}_$?<9bEEH6N^xg_C(!OzOPB3B!UjgQ3w*uNK>I<}$LFVoqs{u#)=97glE
zZ^tr{Cp#4%PwH)k?93=UtlW~9nA1GJi7U2RH`kSW)bq(@ag=-y!SP{l>U%&X=1<IB
z?2A2)Ie%&Qd5WnuBf37|j~uTBFn$6`npdqs-_omG`;jPq@YOOQM|(D?VpN{rilyHq
zK_Sg#rWt@M#)7Z)a?$q$xV1HI|G=_ca&_!t;rEYqduO;cjj8QY)myVyeV>D8J==@D
z;2iJj?}mAat<*GMrQ7knim*ShD`S?>&VQbLeYR>2zT=QHe5El5FXBnaB_`j?Wzah|
zz=&A1o*L$!D40K%<JH_bP9=6OQw|sKEF0~!5_3V6e!dfau8{UG;n737u&00tGg2$n
z>EeP+3jQcQ{Sn`~O_Uro#6<eVlWRa$xhHOw3BpS@<+=QaCr}?T9FZ^B>Eu7kHw|F7
z(MJNf9we@q%&kA0Z6flD?GmJu59xNrxHmP_Cx;q4qV2x1t^xq4M(4zCNt9$c8N^7{
zc_a0Ok2(ic0CJ@1(}$ky!3&nPfRk*}>-j!9(Xh1I)tywG8$pLZSN$$(kRiti)8tG0
z<b>A^CxeZFht!wDxrusmIAjBwpVFZjs&JR*ux}a;Smp2($2lN!v`2nNGC5PwkL+-1
zy()lzKJ}4&xxn9Bkf_^7#oJHXvp#)TWrucdJLczmu&HfFoKF&*QYEPFTX)~!g8_k0
z_+S|Y5vk!Avdh@;$OhbB&OlN0y|<HzG|KBiyIhal%O;%yMu}eB-V%=R!V8nRUc%6v
z5jC>p9d%#)`-I71Yaua1t3a&xtQc&9uD=G$@1#0U!Ti?R?n+x-D!sZO*pvQKv4tS@
zH?b-uGc+g=N!*45?5|@7`k_7cs3{&#*MEy71^&GlMi}nM(5#<_4m<pp2wJ}2vqig&
zS`RX2HDE0mOl5_@s=r%QQcTj-NZV^_V>C{k=MY)0i|KtNySjxYo<No+RS6n2VeL%L
zkU{pYm?S2hU6Iz{Z1-FJ#fV3saQ4?`%Zi5}V?@2*+fv(>?NM@i#BUKRnR+AR6y}6$
z63;P~G%59>z_4#8mNz}FMe%;Y&-K~_-80d+5u8T}Am>W|9|Ubzxlh8TKfkU!rt9#8
zfA3x*cR3&XY5Irv5}J8x&q#-WbSHC{>G?_K;oS^-RSL{Iq$>wfP?L~F5O0(jtllm8
zH(-rzjRCYt_olp-8<zpu|L~ufTukt?(F6)ZD@)DC=M?j4DzpzyL7U)I>0|Do7fPI3
z0T@9of3&d1Po=sk<gdA~#?7he1g%V5pO%x(AluOyj2b3w*SYLfrA~%|p60#V9%G~3
z`um{W@kMBOnuchRJSjEl&hF;(1CJZLUZ4uv=B?C;;=9+56NhOOB1DuCKM15P+=9o#
zF%{<y{pyb>XJQD$ta4(XNO3*Pmk3uekKK^+SU^+k+&@vt5WK?oM*nt~?e*xX@>kc*
zq&$3WAJaydnc|j(&FbNPue1JCmJn(%UAQd5cc;QpOQ_sgJ<KD_Gk;24^W}+zM210O
z*4Jd?E(^LINxPhQ7krZ9&T%AM`;9M-zd6B+Q}>_O(_(zLwV6#?2M^7k1PB<j@G8LC
z0@g<_uLf|x%01yqd=nO=L`LyNyV>_h(woH?@fENUIk4~|Ic53cbLz`e!Q1;DgBJIU
zpY}#-+*8bZ^ABYMrZQ(W7Jr@b$F>dd5N&5ylP987o0n5_@maxHEg*lbr?0mG0Sdp*
z?jyCF8jvVPo2k^8{-k?itR5FDBmMA|?boYt3yJ`ipOCqSPZRdNH(f|!Y6N+G5#=5%
zMGyWh79@i47Gz$g0*J#00%(8nmx+}61|9}gk(k^9YS-ef)*z4736BRnOxr3H@TJ$f
zs+P}{n3$Ph_m}@ZNl-M~$g+Q#p6ZtP0=+OsIP?D`r7-DLkaZxi#IV9B-o&-@HFJ-Y
zdUqM4asrjvkTaymOX7q5Lk}<=#_LbW&OkjE`bAuM-2lI=?cXg+Pgh!f+K4e_GK`(N
zql>TE$dnklwye7Y&5Wz9ggAa7--ud&Zc*}FnBU~H-YAd=HK1mEr#I?N)61aEp@&@6
zZ}Wv-8ImKmBGaip6`+4O7yf|u?a$G+9Jjp}{fAeCO)+5TH-9A_;wJ1?c%QSkQ%i@j
z<5KCpR=&T#E!#SJ5vh~(VyQ&f%QpCyP{Fg$9I;R*5&HYdaNp2-L9A@@CyvH}q<2Ow
zY^^bj8_IAh7EmkfISjE_nETnsEcmgIt6?^|c-ezs7`+ijTyJRqII_F<_^0Cx^xmg}
z3lw;mI7I|@UH%$}U1FV&QylgjLz=}NCOZV6yH|lRNzUbO#<_lcu<ZRP;=eQOEHxy>
zC;_d-0LZ~-nQzM|vf2UtesJRY;-z0bo4F!Jsz-~#Y(@OHldy3~gO>}K`AS_%m+;oe
zp;OS|I-Jj4d`^76W`<u~a%ehDsik|B)NPL%&XIklm^MADwVA--R5R$OuoZBs_|OUe
zon90e`%3yO&pE)M;4PsLsEnKBgd7#;4L4X^%;J)<ekVqkcK=A$8_$h=!^jvD<rDl#
ziu;N>_0VwIs&9rfny4v(0-ZD@&8FjhpKyI}hgFsv#9TX<5zlwHC5lfC!=_m`ty5Gw
zm9#5WVEy}e_dXMeA}mOK3}QFY!(sS`AK73z;ELjNTNEcs?q}L)0DgZGp!O%LW8F;z
zUJb_K=Sxts+#*gE5$T6K5WAHI!(c|(hRI~JIgyPTzBK<!&<&yGk&%o9j}tmV=Ij$B
zbKV@d_0X)5&K;gk16I6O=W)deHf0cb$9=^RS{Y9Q8kM6shT!Ti+g4()xB{jr``$#E
zr?4y>4!@Vq!xbY%7D@PF=b3I<-i0B_vpY&(Dnkfi#A64X>vZS`f@oWvx~#{xQ$W|{
zs;XL;wA%`g(MDk=3D5&B8Qw9PpvxW@xz#|o!}sd088Be)wNR`O*4Z-G_DV5!r{IUn
zBjmFI5t#lrqAd*!>z2^BSEWX;X`YHQ_6DGiiS0M%Ap?9RY%hZT0LI-8skvmNF3zxu
z`Ub|5sSm8;siF&5yQdU$tm+G{NnjFE?dyTVJ$6Xy;~!HxfswN;Q#~3d`Ttn}7fVtE
zLcoLiAM;=S=ddR;a*ym=r<{+$%4vBb3o#L4tM_%S(NSpIuS8vO+1SOG9>Y<`333OZ
zh#5nU*}cAAG4_0#Y;H28gvFNamC>}&P>m>)hu8YN8=ZM(dNjI|T4d$ip|2smWD=Q4
zH0IG%F>#hHq=4knt1Wn4JNj6*(+407x7KKy|D^z#g3q2`f%-Pf=E-Vd<DiNG2Xyx2
zK2O*!vFCH7JsW%Y%Z=lEI*GX4Z`t`1rGBg9DJ_r*=>>S;2xhaMMBrUz&n~~Q3KHLQ
zS4I-gTeHCxY9T|KfJzpMFQ-c1I0f)OdHIzJX(~-%;Gr&kBc#OQ=J{CjD@Qn69@457
zs0jb9>p85C5;=}_X{lF&Tt<c}wzOIHgsRLtjuOS4o%7c&Si3xS(r43_LKE(^;|ksw
zl}!m-^n$4C2t0HbmK+Dav(}#LuvB7z;%5%Ky6mEOX0%kbaDP_Ve*Z|^sKvF(>P8Zp
z*Wzer+u?T8Y40~D6U+7`HASxQtfUq@TJKv*U&xK#rj~uMaz^D8Cqg<rx|HLa*@p{i
zs!U-SL8YTHhIqM7jl}9cGaDzQezfnFvk&LGYWsF7ukkh`ouJuPJX&hAaL%{5N~_^~
zv-X+3@T|TRy?eJ%e>ctt1!Z|!_9x8V{hjDM=?8O$#qByY*6&C?rAFEgu0|cU4id&@
zv{a2`7m=Ta>mb12Rw?e*DSVbB<ofwWH9I##T-8xRXj<ZWHCz%UgBl?^#0(d^+{Y7#
z4o|iO>#059mIu-?t3U}R*^AH~59YRQu-4c*hftWTfM(5^nek)+Cs9=>K{^R4<Q_-!
zr(v{Quk)fPI(sctbgOxpm@1zkHD(yywaTog8jDV-?O(}^V2#*QH}CA^mh|2_cH-SC
zzt+-GI5$`4y&|&NF0r8sDp~dr-J4Y8I^M$T#?)WLRWCnP3kxTz{logFjx-U4nlBku
zrVbVC)l!a_`T(d!(37bat$+F*xWu&?3$u>z5!``<LPC`{f^4f~y-Aor6>G%_8Y6sf
z^!61jqsb31GSgnw1&-t9UfF408^e4nfr4ZSVftL@ByUf^wRyg$&)&55uea&~7Xi{=
zvVbQvK?D=)cruX+!cWwF92rKpih9YbkuwF6Hyx3{UWMg$oM9!gB9tB>|Ka)II|cqK
z3uE(@6wvjf&ksK1M%G?EW48h#og)Qjneu9q*rVQkB~0{N;H2Yx(I!!j-Iz<yXZCC*
zx9rsFUwu|%o;Rvnx1>2)2i{@}{<qa*_i5!4o_I4;_GjxeLc{z-tpW0_rr(TwYgQFh
zc$>?o<<I<#qKL**aqWjB-QNDqN_5>R;lAJbh7S&_%4PzHz@NrGT$pc-13i^5ufcg;
zArx-P7{XHiPkZRg7seuX7?2oEI^2c(5A?~p&fmfH*QfVDlw%M_f+fRB7b;r}U&E<J
zu+eVmk?G0Ib@5jvcKT%z`uX6%H?t3+v5a#833TjX8cOhMU42w#>~@zEqbo_@-3{y5
z>>Mu*L`^)ZsoY8vT!6YTf!RoW)4dI^>n%I%RPNXP>EeM5dNcC9-{542MdBlwaF_lz
zsdLYPb(yDCOY=;`)bkQfoeOpYT;O@Xn#5L3o+qw{a7R2)j{i0UD<Q<iIJs_Y#xRgk
zCNM@k76~z;pu2900R4-GP%J~CKimU9?a3Z~(<pw5R}K4|2pjn%+5{jBrzq`<v4{vY
zH~~PE4>|Caypb^HKqj47B|p8G<h%s`M|&A+R~I9Y=sIQ|1EUDkBaFz~Z58M^-|p|K
zrp;217q``U<+NES@nVgca64sM_hOrS1LaL?<|6rz+awfGW521DA}k6`hhqu9CBjuV
z4fD6&Z6Y}OLp+P7sYsH*#1K~CKNY#aHt_HI<?}TZk9wErJ46!JobsI;Z&U+`k3uQ1
z${mbv9bC|o_;Edze9+}p%5tgQK<sch!LgSal=#ajbbc}s9V&+S;1vWPpJ=2_KzVt*
z(z4Wi*#~et%9`(5OC*cXQX0BY7LraGpB)MS^{hhH{{aI^(U>^&qrV04JIy}>0a)`2
zw|gOE7JXKRvVilQ0b5Z#^^9v6SBxa8|B{2fR0Kmv=>CD+7~PI_e5HW>k#9HN?^&mD
z+M<%H7yt8TVC~0ppYO_sQov70R`5lW*#CD3K8or@hk@&W4gw}-mw!Hfclo9iZmOXP
z+$I;fb-o@ex2w$O#1Wc5@P2b<lm{%F2;;x4>u2v3y9S_fdml1*>h-dU<7mZks6IEH
z31ikY5Ay0oRgpLPYCFYmHB4Kc+4qv-E8wMFh>T!x1aC(NikS>6{DUoP)vdFxWyuEL
z10|}POP0@3WsAV{iR5xRx^?-bh4)}FW`f4+==UKBWs~L)#&`B6hOfK>5y4E=McK<=
zCJhp#i9&AD?`h>Hd-Z<OHkh{sme4qtUAS=If^DXJFdi=U=%`nL=>7W{{5{qQJ4(6Y
z3hm#4E6v-IX5vnCNB_R&JR8M#C^yfyg@<{^CU`%CXT+j))VO!6rafM$uevtgjEXso
z6XTZ~<ORQORpAT7S&rMGfNRgan9<%MqugC`@Uh=J5hrpQm_NRS-bEYQXNGg=1Rf>5
zkf>OMYk51CYkqd6_>L)bVH|H;c)6aAK5PPT^>0-fN|QI_Majs<Lx-FI!1gII%XiZp
z5W>Xpz<kG@0gUfU#vILCOec;kH+$yAK%rqqv1n7@I=X{az9HU*dti!Kk1@s9;MRKZ
z;vriwR?AjBUS(h6&~i(Y$<75`=LZx%7Wst7rBJ3oOUtj}a-Hc){bvEkpW?Zum80vZ
zJg#g!gZ>Cr61Rn4fNISnh$Lfj+j;KHUZt4lNL0V!Wv&bN{p0{y8q=0J`s^y@I3lop
z%R_`vsM+pyd&@E(q}y<^4F7TT%oE|yh-oLfirocn9;0yc6U1idXTr;!%DS)KTTMV^
zemaCpL8!WMxBf8NyqgvFm1Fy@JFy9}s)@UBj91JAY3|OrA+jl%e#Sd@`GrgHovA_&
z!ImhR#QOlm)T{O;dIt8dzbqtvf5t?VkC>VxyOn)*_V1+(EZ`$Vbs{@R-G6YtedlK+
z9nZi_7H3cQGph4ANUsHOh1dk$h7Yid@s)696YfX{SFD9V0}f{zA7Tm&PExTFn)cfR
zMYh_$fNdi@^nH~<WqEgw(_`TgYC(!hg9NE6Rpg3-&;GBJrfQB++4W&Mbd<otUcQEq
z6y92-z&=j-Tf{UzMYwR{zai`J7oTRjgB+&QjCoU7lPUv)I&^_q_`c%FEDe;QSD%~+
z>bu<$LPpqe%JjrXd8^}!n3_F@)DEE*#3EQ(oaDOH0kZtO_xy0?*b%DO)x^}Vj!=U=
z`|&o*SWGG-({~tB(It?|mB6u`^jVHyySBj0;o6{d*<-B)^r*i$@WG>6D!2Up)%NC-
zl`d<m2%+#E_ZWag#d{F_yvMAmpGWPU-=P;dj3qSpBH$3n2L(lCv_8ygQTS{_A)Iyd
z-Zlsq*g0H>lS;9+)rn3P;P|+n<~}~C>R<pdX%@L=zm6#wcBB%S;n)NTE4(DSJH)vh
z)&+5D2Q0eQ!%E@$d!5@_=t!+OE=*Y^iUw%1HL)MA21)zgwEyrAm;oE`u<G4RiN2rq
z;sre^E`q`x((~(zV(PCL+@U)z)&&7|tSZgin^%;l)=hp#0L#P6##XQrJ|7cunIV0K
zqXmP!_nAzbI#y%qiqVr^Xz<!^4%X17`g%Hg!CG2B7k8EuPOX$sa^r7@0MmyC6Ee@&
zMZ$Kvzi#bp44Yj?m;4RaUaW~Fj!mtf!)F#)<;8a<6XPFFq$f}%MS;dTP`@5e;Pi_V
z<d)ri@`8s7!G7g0)f@rn6`pm+a5Kf_R^1uJL-jMCWA{1L=2FfT7&e>T3nZZHXh@l@
zo&at)gNPN+71*kRNgQyFJ|7UfH?VcaBL{YFpC{gq4`6pXla1W0KE&-1*ADm)D2hJi
zR`)sVcZ%UmC$|PY;|rIP-5~4Ld^-11NxF}(y2}g$R0kTFYv_A5LPbz+2)m`1zp!yV
z;6P==;U0APViH5U>*2;AXOJO<k;izBVi`CQc>c&G$KueT2|)3uY%sqVtEwrMx?xQx
zUXApVUi{A^&;GF;eQq$A0v0vQI{Y7Uz#oZn+D#oB71W*n;U~Un>!SYfSHV~*bhO2u
z<Kx{0$Zs%H9~Ms*cE|CGJp0(o06NH@kh2&bmnJo2t%|?BxA`?YgG|#>!24e=ckIjy
z&zH@@tV{Z$R_$>VdUxP=_ZIIiQq8Iz^5<!4VWnby^g!FHwIHnHD)r}kkQqZ{270b?
z^}n>t<PvsrFUza<KSeQu47xuo=`iJlMQBOmXY?(&<X=omK?pr~+qc1n=ql6%YliHM
z8cS+0p_MLxjVs@TxvnmYl^L#ed=4bW%-q-nRV@a`rHHT|>exK*@!|Ug6jE4FBU3VF
zC34BNm-tZ0NXE*RV|nCT6jw^x7-0pO_~wjidDJ2P?L#*2k0GaU8fG8u(hbSop<WS*
zfIxCLax7H^8}=*9EV%=F9J*d#GP7h%KVe&=KVPb|&Sb88mes`9AVA<tMWMr)NB$;f
zA@=!X$BsN3oV#{h-ML84h^GB;rYr$->}5jNQ(Q(fs|OIR+&V=6ZD6lv!eTIiooCe1
zU8pdF&C$_*8D=QHT88dF<l8j&%nHd%YIubCNmH|oi++h9Q``I$Ipa|>s~yfx4guHR
zW6eYqpPa}5RkRdK`|)U=_vX_5*R&NPqS(n&y^Z;6iocCWy_H6aa~xyZGXyG=*M#7`
zo!EHmo+oQ}SV!5k72X7bk%#|@>J?`-ef{#1B%#5tU(2Tk-_ATk2g#L0Ln=wDFM)r!
z2xBTTxc+#dH6H>|@U@JF;77QL76T2-#LvAwcks**q{3g#)W$}{NEi@`;j;=%tw=@w
z+q?c`d@<vM#qZj~IZaQ3i1@wIPGD!}4u5=$Y~3bQm_oPrl=wPbq@+bnla;t)_}EBE
zM=9qEzA$siKxuJ3!Sc}K#ah9sufH{Vu~M>q15>*5n=EbxDRo}3xVoxZq{Dxvn881B
z<PgY=wNl;<?>2m_K%ZgaI#nsaTMFlLf08r$azERLQFLqxqHH@&?r<IJaKI<Y7d$`Z
zIWG&^!UHf?zxCOofG7U=APu!?04XLWMGA%Y0$V<GyeyCy+#HMQYoe6qe<KjPA6T`t
z%VWoRylIVyALWse(SGi+E}9QiBc3IvU~x(hooM{j06g8TvL6lrWL+&#^WnwR{kr$X
z{p$=&k>HyJ0E;YN*V~B7rh12?M4&zg95?}cL#g<~fAxER`)*v%Q0o&DlJBa>%@VSb
zrv19=I4Q+$PL-4g1HLbn6^09;w7m{BbB_ZN?kjf^jssE(o!L|K+ntecEF>U%^2J(?
z-lqG%ug!snZ{r8<S4G(^;j~H@`k8Xs-HKjc2H2k2{t&jfh$IdtscwS|R3z_?4>;T@
z1qL3-X(#Thr1cdf^8dm<Inhl&Z;bVG_c<qO%c!fhWayN9?}wqTNO0yPd%xJbAK!o1
z8BtE`$}mf9i|`Kxy&(|q>pRLPSRAj3esROzRlE$M817ZGosVF+JYj4C+`lkJL4Ce?
zm%XCLQh6M+beC~qYdP#iXsr#okESNJ0N;g<X6~2fADm_~m=C|r{bSdVw<&+6F?rgW
z#B~KW=S|#{+h7H{zxp1nN7m3+syjm?xXCZ3Qk5|98u0X~!R-m4%oxi1w>gQk&W~;p
zvt16E>=w)Ade9+v>MfPB0j0(XudlXli77G&%$u(;L`wA21191rae03~VaM-;*)sk;
z(P!jZ7von^#q6Zxtu#8QcQQqCc={~NzX$sz!o6|HF0AlN9*o8!W#pm~?5)V>tXJ+{
zj_b+AaFgpla<>9jpcElxDRg0vLBdw8n%US;KVU!bJFhVeVddz7^My|!wUqf%ts`t_
z*o)V$^UcE;J(B%;vz_IO1#k4c1~fe=9x6@fAmFvGiCGGceGg*HzJ!RHMf2S{M_%m|
z1%qRPIf%AKOJX0Y0?P#GZg>*tb3Afta|o?P)uJp0XNp8JeO(a+3~s-dof|QmbLueZ
zA13coM`S#qaY<|#(HC2NT^DDBkS;Vv82tzb-p3J{nFvt(yRRNV4yke)#GIR;CnqGI
zO?(~NyW~*1!uHqd{l**p&+Tr7_Ff>`bvJ~xn~rn#Q?x01kZ8xZdW{L#ytaa_w14`4
zM2I^1#d`hrnfSB+umGtklGv>O6^9U(S;a_9mh_;=3-{a@{kwlbJBv-n3(NF!W-KEl
z9ZdWjy)W_G+kuj(3;WF?f5%Y}@Cue$qAojb)j}nF9mcMqRC8@uS?!AQV*OO*)P&Y?
z=%rrlE19k2WI})FImf?3KhX*0c}lW~2p^+<Da)cIYaMmBt+1uDTe^jMa%O%4atGq7
zaDHsim(!0K4nNsT%n&8Eya)&*9~m3njkMA~f&=FS^=uochta{<oaB2DQVbF4PzF!r
z{-oX=D%Y9JwlaLR7+;{>s#?Am-wJh1UW%4k2s_uTMe(|0q9^A*_ef^IHh;liT|O3G
zmfRO5(g<q)#kQ<1s?M%;33Nx^5WAUESQl>)+`5mzucAczMtx6k+Os|6Y(%qQG>xaR
z(T%V$rmSs?r*zBu{-H*%9mhDk7RCA-2%q9<y}R5tB)WcIzl&07^qW#8)lE14N_lVj
zitR6_PmIkvi&qx)Uq{T{;2g0YaTpipmcTRMfV2o{o%ze%ia#`BShR-dq@!wVg}6-(
z=x5Rsy`1SjJEr+go4mwCr{5)dN8Z+JLR@7tS4^AbCV{R4XJ30rl?j|IljPc0+7C@&
z(3q1xJB13Pyw5XlPH3O{=8_WhWfIdwU2&~Xo#Bc+djFK(`-QQ(U@weDLP}dWtV_UO
z$Y6Y$i6}TbSLGy5ThEKZiRwS_#-v%Zx&FA}xAaWfZEjs(k&ZLYClP{l{HrC)5KLwc
z)(ZdfNAG2eIm$@DAGJy^+wCS`iQ>ql2oluRp3sg4Qg*R0Bnih7h2d%=n1+?6pW3Y4
zdRXxvE0qlQ_OEf&!dz4u&IhdT(d6EE42XYtyr0xo=L>;PrX`Dcp3{yN$a6ZSx~Zfn
zd6Vs}HNX|4SdThjMsv0D0%>_AB+l_p#L|BsxI?8czGQHoMF$WoseOqp0dP>P=W*%U
z69w(uEIsJgdNtVShul4E^g9++-05`t$(tc>;;+}`a;J0%J=#=<BKlf<;$t7Zk)Fte
z6cX}m2|5%I+KR80E+onT<d`O|*)KnW)8jYq&K9j6#q90BZ67K6?E6L{eTyLmad=j!
z*Qp0~%Pp$w&sY!$p(?OebS(2JBKa_wOkf?}^9H>1{k0W~bak{s#@OO%SGk3U|5pO!
zD0sspyMR&bT~2u9==dvBJz^r>bivfzOoo|1TC54VRWgI&xYLb%dV%8A9;vslktM`*
z01-Z@E}jOElmDNdY=c>!(W?rn>+|(f9@7(+&X+-V-1oO#*#>9u?GumLXqc_qn1@B%
zVcs^?({i9$!Q94uw(-#|*lMS>2wq7KG;2R}LQyj-(P-f#w`cdJk3rBxMN<R#O)%l9
zjMd_%Y4p9!RfxRhh|gx?77al$q1XT)+NV+<C-Nru`+`&bp>0XERg=|gRolP+qIrXV
z<L%6Q_uvcP=EX32Y@E(8=6~+}a@87sENRp1y4?J>YF`f%GKX%#89JvzSgWf`94_tf
z)HI<CjKiN^`N#%cVw*UN@XfJt_Iv7G6J$W&)iA3^SX^LP4Ci#yhc4>=ZAF%e(|`&f
z-X12rTsC_{ti@ee!0Q)5_6Amg%!d^)*V4?>i<G_as#qKMRgPmNS>=AG?p?OlX~a92
zuu%@6-}W6pi(EGrH`&=$E1<_r)>+VFxS}sV0LX@@z#?n@lVt&YrRgA}Xc?{Es@-2K
zRf~U1dAlpS9_n;{zW1);Din8m4CcTxtKaldWzWEYt%hy_hRwy61mO#D9DgThF<JcN
zlX+Z0G7}x-i|8grDck)2MAZ@2D#ISD*ZL0ffe-GjKW;9iz#>HR>sM@#x_r__OE6VJ
z=zo;H3(11F>}>xTBvS{b6r-CAX*bgGV^em>Yr70EQPxkb-JL1*anJnD{t_PIixCbD
zmxIIc4ZDvqnlOdM5{hb6hsq|oYli2czB&3W8bpL@(!YC-bB-@`Z<;5*PwrZ=Qac<}
zZ1d>m@dLU8KJXSvrjCb?t7hIDU-vPH0l`zUjPW1;IQpK$6uTQS!f}}rzO4K(qEpU)
zyX@tl7rs{Nl__!h=%aA$qFN*7!_bBf`>KDjj9J1Z`hO|Vg_{_sgBb~P7{&riAOZGZ
zR&H|xkr>7Q;6wlUGtJQ<rAXWVGV{o{_e=lnV(p!%iamWO1bp(V#k~M%{@)_!KZ0Iv
zHuzy3mNIe$5dv0>Tfb~Ht|H!f2jKsQ8d^#v&(-lg%@9hx9;U8&9HaUo!60Khl`Q1X
z3f9ag2&?)V>;GjS>qz%nR@C@?Y3ZI^)~3b+e5|=)C!Ga}A0)d%^SRc2J0>=Nk|Sc4
zyycAvQc0rRh^IZX@;x>Pb-j#vUswwR&EG)YXXlS`8@xO>zpKGc+CjX-%$HNKA_hz$
z&#Tk^aHPf}(A=JbRxbpV){HV@v<{wvJs%3+0^en8qjid~0_l@y>~e+5?LROt7{JoX
zSn@~ONSM<$1^lsWw_Q)DQbplhLxyVt`FWca1|<Z;%)vdPD-_F>tIW+mW&4ayEdF`w
zA30t3;tIDuP>i&oIG<(Zb;{`m!4C96)q+<>*=N4UcdYdz3N3A&1p$Ykx;M{e%j-@|
z?~+3iuK?qBA4IC6kauqPD*wQ97y5M=c%P9+|GfS;*9sJq4D3%pGhwVF1*8QnAK&Zw
zRYcuOCx?tEoWH9dB>pRtbgL`fVg|GkdrRDQPodH~zC~CR^rib=ow6u?@@bfQ_f_TX
zx4aQqNaz!@qk{M&NOEN@Yz4P~JDHwD9#?GY0eDsXDfvP)5VhUc@6-8^y-Yc%op1!~
zV)D&l1N!=?=u^6xtb$sb=_xv+<paCXhbW+I=fgNJJcj$K^3X}<<*hVaFBKfD!(?D@
z<tFHbV%;oL_cqGWvj$4ryCuZs7;@muhC6FQ`?zYrY2VJnkc)eIq%L-Hn&Sgyif5G4
zN&EIb0=H#(^d4I9ZW|2nPcXoaEc=?DjY5_LLaEV#y7@I_3b!Y3hV0%t8%l+!Dt5Z%
zg<=dtq8gP+VOYIws07~UCzc8_(09n4@vN)||7giKDIvq4<o?~*z)+iTlAv-o$#xpx
zo2w;B%a<QDXRiwJ=eDp3d6L91513h#eTFT5r_O8BTUw=>(D)LL>cxJ%k_V~uMW9~7
z361T416UI@&HijaZd#cN8OV5A_(6cm1>|i(;=0o;6F+z>2Ty!?(fc2E>mO^52U0p2
z7{mkZ5ZpVbi!Mxbu_3fu)(x%#hs(7cks{BHhb-TcA3pIMS4HZpsjQbE9=9VZSbZ1J
zrbWVel4G7CPOpb(TSgp10VnhC^Gw|Z%cVUa*>PwyF3E}6i1j}UxId$FpxqfT+sFOb
ztkI7!;$&mw7mx+DgQuup8&wStRti<*zWQqL{@If!>Kkke*7SM%)7BZea<>s7?oAg_
z_Yh|kai4kU_Hsl9uilGtK#Zg^k9{CJ%(WyG%Gpi7`Ns`7BV8k;|K|rBaP5RF)zY^y
z(l%ew7*<O8@KhuzerIndFEgs%)bZaafRT#tA<_=<aicZgi!kMPlB#*gAb9N*^u<{g
z2Rrj+MmudT)!eja#aaaaD?i1i3=nuB>jKRUSq9!`e_QlNe!l0JV{2Eq>-9nG8_x8<
zz!(`CuJ%?zd23BPAHiX5j><G)1UlL>^YM#!H1k#OBuPmnQK@GOVRPZwlR|Gxy*xF5
z&{^>zY19mVV1qLOX1Ykea)bVxS2zA78y#CQbfq>nHB4*9>}~|?+5dNbdnLF+6bB=d
z;!Z+EmI2+hT}A8TjV{?1P9eMRsikRs9c9%r@e;<WzWXd6Y~x3Ve;MfcwpYMO+`u`I
zkB$+Y@}$!s*^X}|4Nujksc_?BKsuZZQSbKAobcMO^=r)2^=U>LH!sJ^mlffU2-Xe(
zaLz761`rzR>fR!VIB}!?rtaycjzReTzp{R;;HG}opd1r0xiscPo)fs)g-q3W<_2;w
zCd==_2fLrX=uCH_>E`%_x$NqiM|UuPqZYm;Jrxcl?)j*$#>9i%+*JNM4yhg2{*AzD
z<_hq>-a_{F7$(G4YVq*#eM<?iJo&;sUgkMl>WfPoQJP~2ulCazzbcA^Z~i%1GlVMl
zag%@ERE$17ADi2e@ct`x;!cQh8b3=z5B0P5nswVv^PaDj1NNwmRDiV@3)p{<ss=`+
z?7b1O<QkS}*n|Y6BL~Av=KI0wXa{f`GWAV8a>fG7Da4}Q1=cL?Ekf{gF1oG&|6`5I
zW8RF9P5{z)&?3j6tdMG?mZ0f9mX3!Rn0Lx9c=lDb<eXT8!dI*Lua;f;d(%9M@b8d5
z#xViURH}8l8xs>z+hn?(XCgg8x3ctz;8=M-4$8#H5~i#g(_^tT#TquGSA4ZquiPB`
z?sNi-YjD!`=!)H3zx(AOvfZ*HR7FA=%LDt5&D%ho7*>m6teH0zxee&RGKW#tJ?=(4
zVb24JOf32B9&o3dy2?PQDI7nUpPU;GD=BUMq<${_`}n!Wykj)(`u&1L6Grl(59vk>
z&0T+j%o5s}jW+3}@iaR(I9%Fd%Z1N`dE~(Q{0(NvyZ#r!ZV$R{&rYE5-XriwQt`0G
z!wg}1^3?X(redlCul!Ia`R8)N!IgF4y17@lRmA$lUBKvo4S^odELB&od&wteQBtwQ
zIPNp;EMZoD9lt!LDm^CP9+g69=>e0E!H3poIp}OpcVY~fwO2n!IGre_Qdv0HNG4_U
zmCQS+(HFk_g%P)-S7b{d(W<6?JZ5#dR-f|fB2x0#Z=;`zaL21F;Vj+jQ!aJ4cQ@Q-
zx_f&rn5-Ut-b?@hS6VY9bPY+#^eA)Tth=z<xAlFPS08=fjl8@zzo^|w;9zci_{A#*
z8!j5bEoEak<mSc?MZ>pOh%9o!Jh839-idX05B*|a{8N2qD!9_N<zsfI;lV!xjgf%A
zm!8b5Lw`?B$DQ18<E^Bc{Uhb9l96VH<Os3Gv(b869@Z&;?iVno`h-=tQ%4nt$5!2t
zfbM~cHUa%GvxW_wy_WK=#tMzP19NP@19II{O}#%%lVmz+O=gTY?XkShC*gH7x%I*t
z1g6*Ltj1*BS@l!>lY4i$x*zWA<ww8GdVSp2EnXf3bOo%oc5%3?N$1=A>F4fCq9dbl
z|J6Q)h7Ic1_+vIWg|tj;0L`E61PlKHFN#;97a#$q8S-K9nY(i*=uTT7Vw5AB4ScUa
zFA0%tA3I8{e}lZ1N86LHuAP$n`Un!=vHcZ=`TG%dWpS+qL~@Uqfhga6{g6uO8FSI*
z(Z1p|d({raSZuBR)hgLYF>1ZzxyTf_W*&j`ZjIh<s-+IOl_5Yw%m~W_j?vtAL4`f%
ziU^y3$kuM%+47~LQ19nCG8n2}TlDw4nV<X%z}&VI`&iq5&~_2&I~5}<K5*&fKKQR2
z1b#NfWFIVNRCAEaY~dz5Qg_ASS!nsX5Oo!eCz^;(K1Vb8+5$JsTnlk}T6xaSzoc%V
zdBKl-IqymzqG19!x6(T$v5}axQQBQh+vz2*{9V$H8)?oRU^h;meyQK7RnqZ~b)b7_
zB5KhZx!9XRPqg^w$_Z22;ENcgQd|ZR=RVkP*`^mkT!?^&!Z!ZKV!k%8A!uU5NQ54B
zbAN~@FOUZ+8S}z=TI@*S`j0}|r$P_J<#!4uY4vvQAxIQ(P&uHyT?~+S1^@szjz?2v
zxruIrK3)CoE<l0~XTlSxg5HU>W8~I=khV1|)1ZjS`Grm~tH$4G=sp;3bEKstMR^JR
z{w_9Rwh`GdGo?w<6iK~0W1_%Bu$g`c*f~$NaYo3yF1lh-ewAP(*nOztw&bp9BM=zh
zcf2*=^a%|>4EuIdd{PNxbGqMYTMQEj{|jLRU+d+!LLP1KJ)`%yt6G^^z4JhJObys{
zI9-=w{15hv@gWZRsm#$%`doAExA00j8ALEH(P=5yw6f{viZ6w!{nyl6=+^wG;~|U8
z@Io0`e6g+i4WmG3&WQ@D6)B15gD*&k!9ZY$BHRt<T_f@W?cQH}XQY3DPJ03OK%9=O
zk!rEOKW)#s5<{32RIg(QLa7gTcc=nTh%0N<ba>=jnLu&WseZ4Ld(b<VNg&6NE23xP
zg2Ce|K`iu-BVfwxs0EFBbg_WB&qV+ZK83lS_xShoDWQo$l(2R3Bk*J4x?*);FM)Tz
zY+xQ$n00m$!rwBPXB|>)roVRQ4kv_F-~R2fE5K|!&0I2i2NoQjBdYrDbHm41FEX^t
zt~Xy}GFw+xsR~+ilSe0Cz0z%Ns1C_P-A{)U*4@7**3UWz+~v1@Z(O_v)*@z*Gp);K
zUk^ZtDT^C1I2Om9h=EUlCs_$}E*X8((dp=HR62?tjYGlxrOccTO^ZHd#Q5|UHxK|x
zfaKU>gyo!0KEPz7-y&5m7+*z`32)19)sCZGAK$h~1b**97jxIR8~h=@l10a`r{Z_{
ziS#n2)T0{RL*S`x%dGx?R~V#ht9*J%KH=^@dKqf|CsC)o02YaQ^y~9K_&(+AxJ3%P
zd#1EU^G~r32|XN*t8&=!>JWg)7K%Ff3Do8Bu$E7jyzO$mUR+xPV5KY;uoGJUK|;(f
z9LUGv2^h{z!<<Ts`PDigyH*v3Zc(u4)|;&L2Oj-BTdNETs4u9cWRsO%j;_9#BqoP8
z%aBIJdz?{WXZ<7Bd5c>tCDe;_wQu*ZuE;JGc|&z32k{|-^*e<V(q>jJPdF5|SD-xC
zCYSDE-0~I{C`s4f4E}vypth;jf(MrgE~owKL&Rv$MAR9v^^oGlc8J@XN&nkLXRXyb
zStE|0_0;MZw}AeA8)~_Y7+1N8V+HRec2n%XgIWxKxz^;zd})A?9i@Lt*T#SS`G@$e
zky1Pr?&TKyA`bV3NXBjLk8>Z{Gb@Tm@M4N-`XT$Z-EMDHMY4&5_^$UsBos>ABB5}V
zW6NvbIj7@S9QB2e5JOAm3CzD$=hm_?W4YAc;Qo`1=e^)h9<&sXlvq%AtFN=nTARaa
z;C1VMr`wm=-vl_W{WdPw2L3wz)hZCXIhW#mGt8<yOCz?6Uedu7Q-U;ra1&M`CL6X0
z=F@ei?`D==DrY=!fC(m&n7UQGRO{RNqfo}+-Wj=l;Z@vo@NdlKzy9a`zqBo)_ZmQj
zvB5CM)+=N1KEP{0rt8*cAJL?EG;}pPYWeH$`tKNO*4Mu+Sm7o@luW)Hc0y3*PeE7z
zY>g!yPqu?YhZ3kKJRSg0aE@-BOgE)qshq2W{=4BFv^GP<GewMJwd2zq-~KhLnO|;+
zW{u?tU<ndqdA;vfJ%w^Ya~#|wl8YlXp}5H#FS_@d6Le>uQbLhJf$5P=S6#Lw`|odW
zJCA_H`v3!sm#s?$=IR16se%c{!JTfk#>H=VfRFe&j$tVRaw~cDotI>ukgu-xgM_x9
z6Bh&T(H)^mfLP_Qkw3UOJ8pv!yQz}5GXR8XeNbUxz}(v}e>NNjW2i=s9;!hf&Zts!
zdKdfoq0jY!RE??3EqRe&T5mNrX>r)!a9f#YqFwMjlG!>0l+(>DLRjJWG6Ow|AY?k9
z>=l?8?tuQR(aWNOy&(8Gs*Vy<H-*~o?Rb}o1hXKeAE3fUdV!xymZm!%%=DC!cly-V
zi7JPi#q8ZTA;D~SGkNgchV0GE=iNxPt|bV%y8v}nG;s^mgP-rU1F?Z15%UpdaoHw^
z&Ot|t6Vj!j!@`jof_u$Mo75|S{}piZA4~>1^ZyEWYq@9|rWD2q+ayfEbcB3i2Q|MF
z!VuH*o!!y6u#D)me92D5m_A;;pCt}k!Rmtotz#VK&(Rxu&mDipFE&C9Wg^n`C=Tr2
za4aSE@nE>eCf+&;{UKWOM>6HhG`_d)Wb=Ak4OcKg-efmpDE~OJD)<sOBE?$Wh4=O0
zP(TI24)Ibi?ihr3P`Zi6Zgj`rc(o}NVDr;h7-)EbQOWK%#ohF4t#+yM^Rp?(b9#!r
zX2l$1r90jX&NVO(#W;YS4VY(LDK>WA%_}mUo{V(#AX0g_2SGJ70J;5e?n-cV$7j|2
zcKR;IFhy6<^H#{YXT}TAx@E^3gwSQ2Y7GfT1#x`gSh>{9Zx+gNdn7*H5oorrinz}{
ze=NJ8F<X}7*aaR#mnvGuEjcZOXD=6XSaGKY$rT!6j$_cY78a*pXMikkPFqUF>oLt@
zj3U@7cmmA&-0}xdD(<u9bW%DY%V_1st}EXox0ld)e1BbcZ9RW-oQK{|Ld_KT6|6yg
zMB7>L5xV`7I{pRt*T`W^2JjGY&{oE1DStf(na3PgqWNC!HVGLcGB8HaAe_hlSCjwM
zCkC1r1+-y~#=wU_(ZFb6d^tU)vhayF)w_<?3$1&OUG_$ON~bZ*V?wKNjLX`)yVi+=
zi|fykZZ!LwU>n<`XS+TRsF@2-XEuGxxlf7%&fUSt9f)htyFWQ1A4dtM_Dq@E`hWaU
zY2Ev>)w(m(a0?9!Seb%!k>Ve&YlOHaXVBc@$;)J5YG8vd=9reG!M@%}wWluib%}94
zl1|B&L^6Fd(oLp<U)U-e7Fy{b*L$+{@*44SqLXyIWTWC&Mv7u5<;SkbeCk$d4o?*k
zp=>+NA#OwRQ`BBX)5$oZ!546gvS4YavZ9`ZmS;1r0mQQHVAZMM_Qh+Wm)A22KT<+5
z{IOTP!m-#K$u&r(WVm+gHM00#oUbVH95_RZ8U|*7%hD`oUUSOoE3~1v`p{0(3e(w3
zvW)NCbmiqDV@MYiK<I2V{^6n;YUU5sGyoB}1a`8s0g3rSpId!L{kgIRfWXjLC<rRn
z&<+J7Ihd3#BThgk;GMl8l2CC>&^Gk|U;uE;jb_A-v;VKqV?Q&ZAxtO`b=dWwF>^<@
zVv}dyl=ZUh`lLy)LSLZ@Jn~Drbt=z&e#4KeRtt|56;zwevo%M=6-s~koFj0e^GNVH
ziO|vW_j_}CL?*6@ob+9H`oQMcvrcj`yylh5l;Pea`P|vNcEPo%!Qu-*GO(5!)>TU{
zd3(5-qiNhgzIjseFd)oCe)MU=QonwP3B`#dem95H<#!p$2xS3^3ppH%f3KNNQp=}C
z&acBmP#d5jZ(7qApz=6V#T)a{0khk_YhV-KIZD>MJL9f@A)K(o)ff2<o+@8+Gu{<P
zJc|CNf17*f!sGP{MeJ<#7}d5MS{=4^>C;c#b31M%*4MaopFe%b99fG*zo`iF&6pmJ
zC;|i-A@9Dy>Z*Z@PWK$*q3wlXM~0$8jA6HO!hf2Ccee=-AUF4DX=60R7xq*h(X0>C
zbz^+z#jcdy`0K61ciRI(Ma;m9G_A!bzz~KxKiz(OWCGp!YU-NA@gdsN)lxeLIy&+Z
zsA_a@e|*p90V9M1S;^3gS4&p`KK$rh46YB8YhU3LMgdK33^#)5=O}Ow=&(xg!#ha?
zql?bnhCCoSn4gbJos40%EK0{TH0;c9s>Q5k74ojJqHT#;yY`GtUjfrZM)_iipHVcH
zz^Z+?a~A82S!-%>eeRqy6&XG(ChNy3b<{5ueYAEEI?8vYKl)>P7%sgQ$htg=fwIGg
zQ?XvZzfekxhU%Z2!(Sa3F>WWwJM&&lXO1z&$-dcrt$G+G+~7MMLEu);js5%3$pLz|
zftvU_Mn7X8(U05<Ks#1t>2Y;Ijl-(FQno$H{C+j9)e4K3t^aIG-8AkVS|q5TZe=B*
zB1zfB9Ax(OgD#iHq%`C<aZ0nZx`z-G9vjJFKkr=ClrCe;H!!R&4S(GFfcqo)A!tBQ
z8`DdG;6u<ZTHG>r^3Ww>+kGyy5*iTE)yTnx<UwixWqw6LO-x_jV-kRAw2fNEDUyb-
zC29rtxy6P-QQ&BBq?!aM&4CVMgfzN<B*|YH!)WDHVTqb8^{szt(Z#0^&?Kp4Nljw{
zE44XS>1`=clfmMIWVW8X9`|d0R&=MH8wqdEGivu%m2APBwYs)!A!GBU`SR8eTdFQ0
z{=HL$C}HFF)B1D~i{)8EyPBYb3e(GG+@|ZUnviiW3+V66#gy!_d!5VbyGvuZKK#6;
z7ISQFZr<M!Xy9C5AbCvsPeJ3PFM0;@UT1*$2RZp0o4&3dT92Vkj(=N~f}sbN-FRXo
zyU&EbwQMixeoOVN$gpRO+{eF8{d)iUyHxwk-jAziKY?@BNWS~h&t9GaDEt@Nm<jZ(
zf#amkVcZi0xf}_0j=jZWq?I|;H2|s=3clZV10t!t#?94X7U)={7*-SorUx1z3EOdD
z<`;a!AUfb{Wc)_Uw*K$<1dI^60#>@6n$)y6hTCHIq>U~CEPy?<Hpu|2W{oX}y}MSn
z=h)Q8eZ^)kJCw6OPqcT$nRV~V>Uh%hvF0V6eNJva^<BuU=mzjcR3R?m1;yjrS@HL{
z=s;!hqq{>0>p&2LiXqVYG5wDB*%62O_|VqXppwp!{UG(72Jiy3s}CQ2E9@6_U3Zdt
zQun{==fnL5Z9`JuTaUX4cJr}S3I`j)O7(d#lJR7RoEVD>;sjj=s$q@-h9~jcVk!jl
zs{j8p>0I!AB_4**0e{1CM=(<8stZW2GqS7PfvqM<o^yO7O6{}4KW`%H!T`}BeTS16
z=2n5q+gi;NZw6htQBBy7Px2uRDzDO!QmO4b(eIBXBVMP;<_7G4{|i9yo4=5Bdd+%d
zeJ!S33e&&jL+yN>_xn&Hsdm~)mHoff4<R)PaMqLrh^tQq9D#*5G7dm|9pZjwVz@DC
zXp@NYT_92GFYqN`5BTskzWz8S2cy@b?B9nm|0UWG3nKX|f)v3-T5@4ejz!in?T*9e
z{VM<a6)pjGNJDf0sqQ%DR}r6h*$5B;hnOY+98Y46Sophla|xgB>o75Szdf}~%htWn
z;`|1~sTw*>Ct3QU*f+1B&>!X4UH+P*Xp8R(Uv29*ut4Z0GaxLVx?3XrH!w}(+S<+e
z$-@{OZ2Q7zeHsWc8BLQd0}j~SRwld9Ka6|wf~;UIw2$`XJopvO3IM7KE??1R;ytuJ
zw62f179;pZJyPyDh8{x?B@%`OmD)R9)p}gv2F2>!N{?}2v~Epc+&N!unup)2xkiJd
zz++UGK<qn!H197T<sLs0`_RaqPB(s1oej$3cMOlrvmfvcgO$m*^tbdAqM*{>ANc23
z+;fN}V$yTA`I=NDbET=SY4;-0wPik3zq1&v<Cqa8z3J(BInika(c;UrP?E|OLW#`I
zI|@uiWiAzYe}J^vLUR0msVb8GW?2;MJX~J*<u|}tQ<Xq*TlqTRV;tr&N7TNkdj{Zv
zDxA+(n7;AaV~nWdGmFvfe|N72(}hXezTk?537zmZME$>pnH819*Fig46wd+3z;I&l
z3zV%4koXd~s$-Z8%-*UYx)SNZA65VL5-dQQ0N_U}E2UusFp@};52G+4PuiPuq{ltv
z5-jPh-KmNW_)dXbY-xTkfPVR4HnvMe^b-XEPjK3(T}DcAX-eYz_E?s@({;-Puw{&v
z@45l`-Vx5<?@_aKWEzt)FA>7o6Phg_;t<+r1dU>?d+~eD*ROM|wF-7Trm@i$Agh5S
z7Su+U0n306K(hRNN(a-IE7n`oZP`O6&v1shx5Q!}ID8`kk^v_%X&8;YILswrP}|<S
ztmgmS;(u{N<AM<zGcd+Tj$q}BTs$Go0+kECZTtT^nol(aMCYPyAmYh0I$$X2#b~G3
zj=8uqt#ND&UyUh~O5$TzYO1GM=aq%4uy_N$aPbfAp3byZL}OQXJ7u8CjaNJ_xDQxl
zzBkr;hxam$Ds6xwpUkzJ?D?f1qAt68J}g`<KNnoQsaL$AexD}uN_q|uXoAd*5}0Ht
z*TMEdZWOtOP8cbI3&D*zu6_{sxt^<m=zt5!i5)ovkd(UEs!2!}I8+yW@n1LE0}7#w
zVdU4}w#CL32%`MG`O%x9C9p(0!uQ0(Agg;=z)srSbK5(k;*!Uy1dS_o!x!HwF^)~=
zD5XpMnP{louS`t-Vb<6`I3>Y63_tX}L;@82e+A=0jcIFco_$5*6ZCE1EHhnS?y-$5
zT`iyTRb9;Tz^h-&ckq$}_Q#JSBX5StIyybf*fH%<>IIX8%g=7-{HZDs;!QsI;Zz+}
ztVQwCxO3_7IvQT=-%C+v*xz1=1Zw_&Y`qCIRDb;cpUA%NB185NQkE=ZO(F_eLUvjR
zNsH~;h3tD`2vOPB$}-v4qL8iZYevjq471$do$B-begEh8KljveoI1Sc-uL_UdOe?y
z*Xu&NGwqMcQg|nW$h4z%UijZ4i9blDJ!3!4^@9a4Nhqa|h!j>^#lW>0yWzE!>EP8V
zpUh85i!5<SNzyCaV0=8%bH7K|bFBDrpr^*eSZU7e*^EZde#J)DS>wRfFvRr0Z?WLT
z?Oe~sge_d#rnOrG&SPc?sLp9}czH4vI?4=4!+r^Xo3RKud?S|NaNGP4i2)tbNWkFx
z%-M^KV+Ys=A2kg=e?Y@f%M}Q85$hci#xAMh@r4D^8^WLHYqJOS9HNb|ep0V5dZL|^
zvZPG7Ph6+A_ggKNU{+ct_DS6+6hc3|&bL-wMapX=rwcNCsqhWhhQkz${NOIgEtop*
zv1gm$JLWL(WuPB4{-{lABCjygONMwZKZ-VM(Ucs+%5e9-F&1*&dV|}Iv^TB(+ywVY
zAWYObztPy)+?DSG9oc|6*HO#dpb=!Z5a+(Ny)K)iS0Ld4JF*wg2@ETl;tX&SyWuE6
zn_>aB0AHBfrvWE?dqTn`gu7IP?k@$}P92S|tflmx2#%rgo&3&cgbo}TdAB1*QTYo-
zNxa1zcW#!lv#OWH`o)TwyfFP!iCL51h&7_z-8$<OjAPqDCkyoxv2>4SD5&s&ZfMNP
zu#opzKUNO<3@9iX98E+C8^@_V6y|ff;;82exB^k|4$Etj1BN&T&O$D+FRUa^Qgl!s
zm;#D{=6^l`P~~i2WmMoyB6o*G7E~ieK%WXcJ?L%2Gx+nlEj|ADuwc`BJ4j2J&FW@v
z^&gg%>wB+=OTY}u_jSVTs=XlK9k_U)w5v2U=@3sUTH0%lCUF51xQHGYFAuHFh8)1=
zmJYok0B|~TIBL?Pn1bOr^uCTMzUzerJ0gX6F6{+pRvDE25;0i`qd(_pdQ%5>OS<$u
zE3Ht&W6OJ#LPAO&qaKg8t~!RrJ&(Omt#ZtLd-p+VfQx%&sH`@HTvMOSira||Z@~iN
z2T5aqU?}^aVoE3PGN_egmLVSJV|8Tp?@W%rnewFRT2iHW6x=YH{dy#l0ij2tQKf8Y
zS4P%kfEnw;;Gn;R6?H0Dg`;VpOe4sxUwL76`-=GQ0qBGlgZ2r}g${;&xH#&_kiU*d
zk%+v=qv>=o8&uD9SKw}L;!Jmsr}B7o!fatRG6_7CR$2>#v6KPgsHYzj^53&K+U3c9
zdQP;Co0BX1^wGxSy8l;+x96Ff3PqY4eu)=VG<lTxKUQ}+<p-;VUWjx3SQIV`1&k&u
zSl*c(+y99v+4X$tkqcv)AtYG7VQ%=MZ+f%0?jTUjQ|*nx9LAbt5Gxr=DvpJMKMaE`
z6B6P~r<veX`CSS;$uz{J)eDP-pZ>u``k}Jpfe0gB%QckgJ25GX`Q|(Q-gAF1TNd?}
zI{Q=X^ue8LStoK@KG;b!Gq~i_knnWko2wzMS6?2u(4ObwXA*F0mdNU)$Tb5^@(R=p
zzla`1(27QLbO7BztUxN#k!b_QlZ47P1XBeHjobh&nyI;YnuVlfdh!-r@FxFm^vyyb
zM>d__GvVCj2Tn`OJQQvyTos{8j~O~|k&-7daC?nDFp}izs5o=uwh@$w!s|edkOR}{
z+l;7D&xbBPgeth^Ndb0s#V3=Qjic=ja;R;B!Rwj1?f1@Fcs2AXkI6Da{JdRNg9bL{
zybB`c-L6BhZbZZH2QL$H>Jj5iI^_tBWO#dN9s{D*fV6hT_BjQqZ?~>-OKrH}bK@*W
z+-KAV-uscm9TY#ab4dqD&I_O--f|txR2Lyi5Lsq<v%z9e$UF|o6>xShsRyLxI8QQc
zphzsR_s!+R_A;>~YJ{0AxZ+HlfS{NR>-&^rNQLU*KrFxUL3U!!4G|iaa8}=oUmE?D
zoW+5$PVwp3D|g_t<^9H&qg|Qv@S6KiD1>}o)hKgbSUNdrJGMuC?d*|5MP48FTZpNo
zfl47smsam@7VL4MRf;GL1u|&@#S^X_S*>#ihYq;-<a5GithzXJ+zi`=zLDM}y4qwL
zo!iR*In$5=`2)hVB@gGE^jCnrI(`h2_AR+2`Z-sSdHMEC65Tr;zfdieNnZ3p<WG}N
zW`ym1yu-(Jx@H<h>|nrN0u9jlBIf=A^UR{h?>ao-dl4HEw}Ly+lj(-DD`I19dDL?<
z7XfBs-B!NGR9S4`F6z@>FRBfHUv)OK5xy#BJwk((Ky6HXc-8##?Pn3{dN4kpkf!lu
z=EU`F)uSwMBWd@;21~#oSfE)}bKOkn3qXm6i@lOjKCv_aWsC#R^-;$fi8gpqW16Md
zDS2O4!aZt&VKl4|J(6F4S_9o<EQjHKq<qA$fB$JvwZ_25R|znSzMEOHm*A+XzO}Py
zJe^Mk@VW2ubE<|E8Kl>k&($j;>F4Ku?X2R8NQdQmKy^4SN$(TT4||rJy2s)GjiHn6
zKk+!n70{w0N0S#{JQX96wcS4I+O=8^v_LrHe^I3vvEma4#~}YD4Zdc_jpE>;ysB>J
zH|Q15eHdI$wk2f|<l+()DYIX#0tvll1Q!ROU}pO4&?FMyi;&#$D7j-kb0{*Wd#Js0
zHNbPW=yBI`qWsWuWqN=YI}Nt!DNo{Nd4dso?vd}y&0b)9bz&-4Gl(+oLV;_QY>ryz
zss;h^{k*H+Ob|wUo#wD?cR6pa(dKc{HYYgusH)COkr}0?OXDZ^!mnvu*}}6gTltvq
zjv}%h1o3$+lW$jyXi)HT_YUMhhOSk`;~UG+;xKTALl)mx#&mx?8E+JhpAx@xTf8IM
zOfC7eI^)9(%su|MiDq|Xy63V@#Lc(%jkcaVeQC6Xx%#GT_|$J`zT3G&j`r``I_aWi
zjunz@_;McBoQ&)-r1_;imRUo>r7t^9#%LHFh3a0yU_2DXVgeK&YBtbJoqkxkS9Q-^
zA{J#ja#}@nR3FN$BdTauL<uXY<YX-)xYYB?MlLxI4TnWSAA01?(1vS-2<8|<(sMpq
zsCGJ0U_oGcNPATnR17j9eN_K~75;A)K%37;&mhv;_vZX(VMNN8av!-hogO>&XsQ-J
z9rbPOUXJh@YqUNK-$<1JF-*C^b1a7P=^OEIiLI~_oN6@-eiYjUP7cl83MUraw*h?|
zfiWfPTKLAg2kfY%!ftj!)?|9uc*b+FxdrSV{&DXB#5~NzkR)1n1^87%<Q}0m!W{CP
z;#Yrc_S%v<4JuZy#)!a5zJjey0v<+d@PWAN)<<&dLPVO2m%$XiV$i<seaKYyK5)CQ
z;KW7&x%Tew(lJVg-M*AUIg{d!G7ol*UI=mLN942EvK;@|uFu!l_3CoHhF5kC;@x+X
z6N4+<3KMg4UpKW^2$i=SUc27=aQ?s?+&JA@eh`b8&cj_;8FX$t8cw>jmt@o5&anvZ
zhwUfsB|#Oo>9J!|bLS)(yRK97Fy}_WwNjV0XaUtTT%_W1y;r6}1g4v!6Z%m7$zqk}
zNP7rV6^K1S5<30go*+lgc%=ssdvG=hn8m5*fkuzBe1w(ngU2#A7fdVcYKAQL%g;2k
zUto>ZcpXMCJ=+bjOW3D^M)Qx)KIx*qz*N^G?DEr}i4cobpd`&A1Y8C)zZ_^D&CJE}
zPQpHXZVRd0idA=k+m|=B1%OxAUHaTPT9DBL;*A@Y-ZfX1fubZPnLO~>&%jOete|a9
z{e-I0-Hux%_NCgy(ycGB;PPrv*WkX3`7FLFM+f_<>Px-8>0GB;2QaH$9QJ!|u=q4n
zhWkiuJA+z-DsRfS7wZmhEYR{NTR=henAzDI*9Yg`qvilFg3CyOcuP#^F3z?)pa3wr
z_X}AVj%M5IT|+u|KX^YX-RfOs9yrL+6us$zml|hzyGWv5pdI!bfADaCWG$}rCfj>}
zsLbdLylk-NnTW-UxD7yW_a)-JwE+Kp6pMX@ox6sHv~NWNG{}n(<3=QX8(`A7l|+2H
z8S<fJHteX1Mq`s0;+t1C5l<R8fDHrtq$!6}S$8h|viTq|(NFSe8r~&HzenD(^U$dD
zD4C!<X+uf$1DP`DpT*pe_u+VF`DjUDL3Jnk%AEpIgu^Gq?A*C`oy2|7LyxCbidtY$
zi2oPFr+8`0(6cy}iyAz{r+l9GSaC1*`wXPDO)Z{p1~DJ4k@E82%$^w$8`NzBUL8Qc
zRIgvz!P=*_-hd||QWYDAMx^kIIizJ4@qSq3+hXt>Xh^zMOlYXD_tEDVNgs%=<jD}-
zKW;s|8_q_VEa8#&wI#r!!y%A|QLOPx!I0_mlQ}ASf^|7%0xs|yJ519CulcV=9}9x<
z+gbcZBm@kr#8e%7qE>D3hCykd=jl+|WPr2y;9DS7>^7U|8CvlpHN{xS`1l65VE=}!
zh4+&NN%Vjy!QdJs8NQT)iodPol$6@guMaf^40f%_Dp<fxV^{kBq_FlIVT%qFg<8*D
z<%5fGh(%NWON2MyREBPr8kdZl3bFA=Td2Ia3{0yczvKr)-nT1h$&m4TKKOwXgfbUA
zuQ>m%USUU~GP7+2MOO^C7Ow=R%n(po*vGjVCcVal;MQ9+X~-r%WGhZ}X}hy&vj67X
zqZY658x%)4cnN9uQ%Dao4SR9olF4Kz9s$a0((O1{72l)q?1^Xb)<CVkceFd8L~4$5
zfBCScieFo&^sYpLAI6#S)}!LN3oo8%mKf8pi!kjm>w!YNo5c_Kn*8L`gN1WHU#j|H
z(+VyMw>T5kM8<pI=Qzs1y`7q;HV9B!A81Jr^Ju;Zwwe*)JRowKxU`VDBnQ1V%^?-^
zmjU^s3FGc45B@dRS8fqPcz)HX`Uggoy_|S~8E@N6cT}Keg77Vt&|~5<os66;OY8bU
z%D?LJ`r^M(M#{5v>4Od1j5VCQMF%aW5T-m}rYKWF`ls;Gd{lU6yy3tb?W(55LG#5a
z`}R34$tl>yx3x$umf!MZ0h10o`aJ-M><_{C@>-IU%VmHaeqHl4StyeQA!v;(NbuVd
z3a8JH-IUl)vguN|*Y+OZy$n0)o=xGjf1+-?CNav-Q9f<KZV*RFgY7+fP8^3u%a`ny
zyFkV5uP@%y-=a(_6iAwPhDU>YH1P*~_&ZW05(%8YJ~Ne0S!ts9p=dZ`kbCAqIn_13
zmYf^>F@c2O4MI#!F^P`(*ln<BYEyk^a&C0VbXTzTr(hc;C0>g3O}=dEkt#vLgbll`
zhz-sm@o)pYicVJd?h3M@fjv~;kA55eQr>5zh!H>|oda>1#oe*$CYNFY5p!)WcYai7
zWd~Snqq(8#0=J~KZg@505yyiAn20QQJ+U6cHmlOAOMzk@uMOlxt!FpqfRb;KPRZFd
z+luQ}6+5?{AX;>1(ON_nOaPNge9nfoO{n6wP0<iQx$p31@uDx_IpyK#$Ni{H(pz?a
zqhkEX`!<!m%2MwB`&5cb#Q@!^>qGbUw&$$uc5*h}+>-mvvSK6lyF!k*#Awwu?>BEd
z{v>4G`^F0?QqVBcjE^zkTxA5wa^bLKO^{gFAcVS0Ow0ELTHnJ*sP^nQh)?rcKzhsc
z9kgP-QOL&1!0|~)z|;eOz&AQFICudYx|>*^hUg0;b3~SO-mZWG2Gu~fHj`Pq)5gHj
z((}^jy&qHH+Z8)QQM3)5G`#2G*V3t7AmM?k1FhSS2d#EJ#~(bP+><+`q@YO#`Voqj
z)vVb{n-2XB+^;4p69|X&BC@g-W!g8WV$$h3j&G%1A32`;Hbx1vVjy`)*!_lUS2&ot
zs8F4B>J0OIj^xq>`-~@pvyF(we4f~zr886IO>9=}n!eLH2(S5ar0cbJxtY8>0Z!^;
z$aOhV8X@XI|BLXM5yla(kTZyOZA-n$E8u1DTXa7uGN=zaeQ1HGFmg?v3ASgo+?zBc
z@n{#_i{@-ehw^lDND(wWL_B<5S2Ax&Qoc~M$ilBnaJ#m2?cS8{TYtG6k2(+IgSED^
zhrs4flX^(2V9hS#30C(4@Q3}AF+bb2+~l&fO%*EE(vXJMallwtu=>t876(HW&YbNa
z{X!?9n}gYjtrJVz(piruiAdFni)-M|UP|#6A}4?I&-1--qZz?QynHnRKleLtZPI<|
z0E0*1`yK`^KepmTHw7?i{eCcM8jqWyM5>Q+`$>@~j@C|G955rmiu+8tikAvvb|jue
z)IXanf$SNN?{FKl_x4#w%5SXt5qras7ptViRP*usckarM2*$E)E%Vpuf<j5>%qJeb
zG7hxz>S>e9Lp=AHdr<b-Dsa)i<mNpTa}jM&XYQ4c-lqiXLJ@Daj-qg;Tk0$+V{nU{
zb(ngZwWtau%_4k6?8iHu5iM@$$B;9aB$S+tJ}kH0<;>*;mg$jjPLm?NvX}k3qEJyP
zw=m30wf)XWNT>q=U32y9IK&oB;xc4$6ylN=9jKBGWql^hd$Lp{AGI2PhfT60c3BOf
z(rS0S3o*Xx^gWypZ+~jn3mefC^TzKBRYWBvL79RQ?*dhP+B;vOOs6&An!ohXz*8yG
zBbjb+-irs)1RCeobojs4O8+jHxF|0Tw%M9Kw0XxU=%jXva5aeMMcUCX&yC|lli&tj
z6v3<c;A!L3_rN3KFtGdxuSSjCB`Q0<-nM1I)0K?R1k5XYI7*QMX;4V<J;@h(8V{*X
z<nNn{v*bkFdwKzZJmP^A5e)E#1MkcyS>|5=PL=P$xLWtX7buwTWiKg`tEl3(=(iKF
z6jP}xfn15Ck9>)bou)s&RY?>$X=VCwjKHKW@KpEBjpe$xu&0{*(r!M=ZcnA;B9yEt
zh=D&BgIw#LK|iDav_3l&&5HrM{VSl3w5y&do<oUKwD5!6bJ>j28SrK%Pdd^694!zE
zk3_!Yxr;k*O)gN$UK6BPRI{n}|EIC+hv8X&J37K<aA}ZC&d_q~v}pb$D`A*EYY}no
z^GELCCRIgm+cgY4<S}%vGAm+*b)iDOI?!8l8vjI-pc*uo=ec`IbN#-|)cw9bL(4lS
z7xo;cTB#ziiaP?YGJ3%$d63SMVCLUA4iD<;X+3l~Tek;VSJDi|vGA$!y?f#EVMlcK
z6z?Q*J9EjG^G>Q<H!{XyrX{9^69nvIInd=F_LMzPYq(A#Qhksc9>Ir?gRA7#UB-oN
z(k3THW`aMHG_|=?*AH>fo4G{a)FRt;m-(_PMhpx4s#(q%lC=118DbaC$JuWn3Um|T
zFLg{_O}rqzIiE>`O+)okc603S;|@bp`gVi9$fPkE|FDFV&;@?c916@G_*pk@fz*?_
zx^}-B1i?7vmvN*i*smjlkJf^8F~N9KFE!pzMpPx01PtMQ`WuqA9(y+3LpHJ`_E!x>
zv~<Lys&aeeQ>s%sU}6E}5PH$m7zcN{x8TjgcnBML(chX3o-lj=M3j#%!b~LjuM@Ze
zDgES#8W@2=s#e4AV=Qc=OK={aTUx6=4<FkQn*^Y=otqL*#cRK1I`vZ-aIV-{TlYGs
zi}i+IAgG3?U6@4RLmt)o4+W19=h}1cdqL^87~`Uq2+2eyt@?9ZrT!CD$M*+wsvukQ
z!FS$C3DV5{DnG9}x<DL}M-e+p+~r^N*5IVX8-hQ<K}AnC8Y~w;JAE-h+qD~ZWzR=R
zWM%*?SG6u+!BK_L#XYo?YZxsVV!io*n;kPD1YW0d>jD<xwX7VCalnVka-O47HWeyG
zZ13UHJHO=E$1DZv=Fh3=BYIcZLe!UCLxUq;Z2hd^L{8{Fbx0J?C|rar66>TN6pICp
zmU<{&T>@?;bMQSC+B#3_$kgEa^BnaEz;p0%P1>&&62X=88mMjc6=r<AjrGr#(D9Bw
zTK2weu`%ar@bdKe3-v%P+$7PFgI&y*!T-&+v&7e{P-#np(UDoNKD!&SOBX`cZ6m=t
zdVjVQP<KU$APicO;OO+;>vpFj;ZabjOIC6=e#tv_+?xi=m6&TPN?Up_s;y3=_(ltd
zCcFrNn@y+Ua}Ks2*N;tM%YN>rE&V7B&;$dQmGIL_fiG9x;&Bo;>1;=NfS-Pwbl+q7
zaK>Xu-Al-J@h$(x3(S0*Po=G7Y7UcrIGq|MeQuoE74WWenbm!?J*>I0!sm^6KVbt^
zQL`c7t{}-2I;c+b@7C@!W!EHy1t)UWfHWb#Z)Gppl97`RxQ)2|m|ear=nB5%|4xZF
z2rNX;Ro|;}C-_~fV?i}_-PUaLU*qApD0U)mG1Plvyq#W+b;l|^+4QMy2KFo?s`Q)G
zp!5n+)ApQ)f_&(GBCl9nkW$pr%N5y@i$fmHHm@J@(#&eL6)!$qUVYcuxZdj&dGt8I
z)p_@rAz35Oq)nvF$snA#keYoNbX}eQ&K0}o{fbITXP47L%1c9J^a|D#i+G-zA$xe-
z5Nm~1uG900M9BqHFC@)J7mG*2Ykhojz3!qE46w@PCH4O2+-}lAar@e}+8V<+eaPz*
zsiWeON<+z|OUlxlv2#q#2^kRFbH8P&r!=D{5og>78XS8<l-*Io`KrMY81TbGz+SgI
zb7@vx%y(p0;zSpC{)KC7ZNQJoWru^RH8~PXe6m~N@OLhq+b5oj-y@70QqXffEIi)r
z`-R@D&5>|b017#>zvot;9-@Whlam0HT<IsQuTs_mSN&t94&^T0#c}zX3o7xXd9zz`
z7{XQNmnJ2PM>gp<)Zu~;(>LefiN2kDwi8DlZhKI&4G!5r#Xe$>rMU2QS_x$MxdN2K
zw7@aN6P}nS6@S1AWg_b#j3Q6*0c~(jebnC*f#b<FLYPvTC8gmXqYsEUFS=5I8@<F2
z3{d_Fh!DC@pa0hfbl?Q&;LV{|<B*|3ad0V8F>dr@0{q5{m~JzIUA_ch7GVVV7@l|?
z`qqCnZI5m?O$cMB&RC}eo0MBCR+O}haU%roDhF{4p-VzXs@0;`CmQ%?^pT!O9v-v3
z;n&G=q?%zXYU`0Ij^2=~A%$<|g53VtBjj*YX7@&lQtzoyqJc#tx#(M_{Lc_7J5JW4
zIjKb72jwpVUo|f}{}D&8n4xL99n{%NaA|nv^Bm{77d(zE(aPO(O0_uKhCA8AliR-_
z8K1^`Vt1}DAGwFv1Dt5wAVIhof(Q1_Jcr*1)%|tT_5&w;{QB|LHbeZ_s1%a<YaVXa
zz?4eaClQUnemO&xjmM!e51$0ISRNyUJb}fuT|D;dK`a<h^*s2yBfqigD+?9+p#jCq
zi(5#G2>w6Nq$p5%A16Y#FYB~)7qNx%A{*DRG_GWVnw7*3<&cl~g&__g3(6ViDEKKg
zqIFY}ix*j>UKimQ9FCWK_4xvMdJcOMS{znTp~MADsw}Z^1<f@2W6p2>&c0XY{-Y8y
zf8>7KN|KgWYiWC>NS6X*!M`40{O09u2Rq^S_(QW^<h!f6K0P7Qw$G_4<8X3?HV<}*
z0=?6LD!DOkhcrUNHjG>LH|DCUdW$xM->>ykVQMy`ezIZQ7irw?Qtp=op;k2muT5C7
zIr7hXR_zz$sX(~!=F-g(?kas^JZTZm!wEf&rjlk*>BqvVjV(o_WI#*ole>a-Nq8vv
z*QDM2w^H2ZUrI$EEpc3r>@8am#x=^!2p_(wFjC^pD>&u~5gL9UV+1+>Skk4{FZ7GG
zm*6Kso#*+L{$RQ)^dHG+OMowAPO~ziTzWLw3ocR*q*?n?_G4D=e1L~i)v9~UG`UEH
zgy@!4q2n3{4rk8|_`Wf%tQfB0Zd|x7QkC@c6|h{#nAB?bG8S|F?7^`30C7jg*8S%L
z%@<DE|L)y4IQi+TMIJlBNwvsxoC<8e1RWjmKaPb61&TtpoTym#dU}@S%!5P2+NHJs
zj(Ef7lL76(Upe`YF$cNN?=K2(GIfD(m6#ebrOYetq3v=NcbU5pMj>G+xPS;`JN|be
zve-b27txN6fB-f2Yb?zx^~nC@yqNPMWw8_?%=3Qi<-^|&>ZB%PTN+Cet}{Q9maAD*
zbG_v{(x|Ba?uV|}c1*jrfSBjn2PqLtN=KXT24EQnu_!2HhJlN)a%`_t+~x)`?N%%+
zWVn*y7Tw@bQR1dMb9yq7?w%ArcRso<a>t;9`IA+L!zZLGt>}La&@vDmoD4Dv^iN%?
zhRnuL2~OZT0rDt1P2%7b=g+ae!OdLa0q&J~SFbv`c#RL--@H}pSkw%3&rymPl1iYR
zMiGCWRDh;QfNSxw!;lY_So|YSmXo={JZwXsQnV)Tp2t~mG-BmGsy7*Uxw3(+<egk=
z<Jmp+TS1sZP(Fgf*S0)CpVazBl0ze7ph!>Ui_G$g){+(nX+AH!q5Gn|(vLS8W@PZ}
z&%*K~|Cub>H&}TManduFPWOMx?LY{;KP?+BSZq97C4BGY(mFSXvdVL&$9GG}eo7Rw
zE|Cq|m*nf!XGVT0LWaLcnBF`SRB}}9vjLX5(M~<2kniI)pWKJvYv63q-en(Umi~s!
zKYs%qNWB(08d8-KR9XF{?gU>fy?gz&gl456DqxeZ>m3bBe8)tSuI}3X>mC=@j`UZJ
zRx&?7NtjNus$5y3VlG<`x^c|=Cqtknez}P#uv}QzQn9<~BrRiUm$5zZU<^q3Qf%@1
zUe4Kn3l)KuscUqzk>fmHE%Zi&4hO!+s}(yE=k-sH@jxXi+oOn(69?xE(uvT!K%~}+
zS_tq%q$4GHK_en)qgEkELL;*|dA^Tl+bq$Kxs2u;P4c6|h)<R7_3T}9I<eOua1~d|
zoke{$5{v{tQFj0xK%sD5KDqaUixjMYYYI0#J`Tx&$5qYh7U49*PIsoVC2l&3dlF@*
zIggS?n7&Va%6+nxmr&mR6!%7Q#_-<t!)f&oZ164kE%xBZbEcVjijhG(A)%xtcC(+^
zfrBf~{|kikc_IpdaPuc*HyoOz?yFpZ*TRLOA%2X;Jwf%w=~<3Hr)V_8Y0%{Y$g+Am
z&^IU{3{TdS2EfGZD6%gu39%rQ_Qu_?G7jZ0IBzbB{qKLaU=ZZrTqOs>AEm{&Bqb)&
z{~eo)rhBis0CR%xsU8REgwBfl0-1{k1x#7g(h9uHR~nzK`SdXjj2GEy&P4O!%TG#t
zhz%dYoWm`Iuwc-nsK*O#*J3G(1^0gMA9j-b4D?w(2*31T6S#P5KG90MfNo~7_~`M?
zWKmHz;5`|uCrg`^&TmBiMsX;EBr{X2QOK~2*z7~3*6^f(GxzRJul*q`)}ol^wm2w_
zj;S-*F>TjYS#E>Ex&wKw{opI95;F^eDSDVmnq=!Ga938%*%9bh&xHydz2k%wA`gk}
ze;8s8Qs4))_Xz}5$8(}Dvj(jW`z*88ah2l=dtpJ;-tSrA?e7)EDU7ac*(Xdc$t0$Z
zU~W*n;uF0;`N#y-ne@T@<$nGMz=&DH+?v1}6YG+GBp>i;{392opTGWFzS~}bVs_F=
z_wbva!e9)4RKExsNhS<DNW6_u^#s{1>wz&@0geXwe}jV%awOb;smpEvNrrd6rL#MB
zY$k&%si#3{R!d8M{#x+5AtnB2JXFmMZ3K`kXmHykcjr*1!$Tu*H_QkeB=wURz{m~=
zSy<U}X!uHlb?FJ=EvfDhvlEQYkzkuIh^owsH|QzBF>GEf$yc35+#5nw@!!59&h2*P
zVyGO;vgX~Z%M_cWwJXGB`?=MK+b?(orYL2Yx;c!0&GpM3MF_Je#e+KMCE@4}Jz)C1
zg??en=1kDFcd)5ccuU=n$9I$<vJPT7Xgr083}MNnk^%obt#P40N6;We5$R*0sOZy)
zrbD6P7!1c0v`wLnS~EsPd?ZRwodyXl5|fVpr;JvUi5bvkZ?AMkMP!?Lgf{BRSF|XB
z&2>s;$ErkCwmXRrU#H;WfHNl`70^hQUurL|{4yn{57ps4pb|4);_$H-B4h5IJ1C74
zy>>GW@kR6O+ZMFr$ts286dRn1>NHO5b7#r+<Xqo;86b7YMvd>(=(_VLY{>PuMkn&l
zhJU!^OSR6-Q^tXsXSy7&Cv9PJ-R-6$4T)*)qIx4D%!`NDCiQ@iYhUg!LL422=VCOy
z;gN)Egq?PR@V^6Bn2;gQm7+`FdX#3Z^G7eB5fffA{M}XKvDlkLcC?R6B=anTy5d^2
z<mcB;Z2(LMnW9)N%}L5`&cTUrpVxMS>2JO#gb{6cCwWN1v=#&#^kWFkaaaHj;TYf+
z9auFGM$EL7=|)hV`;_^EsesOnvFJyHy44lIvclMoS3zG2_r^X?H-F#+J}@SAWRIp*
zb>_*_#=TyA)3Z@Oj5V7&jZjN@NsE%UXPfa~&#J2}E@oG?g_4<NPBg4c=pTedPSk`7
zoX<SbhUh@Zny+yd<~b`&5&<JvKd#=m?%M}08aX(!JdUeLdwBP=0rRB?`8wKAiV88z
zTFmrA6o-;nDY063rL>OMn2x=Lf?!AAfH?hS@CpR>UQ>aFPd;Iqa`=*dFHe2^<Hc2H
zN01q*IR*T^7GS?T&v=P0AoUoab%XxffAWGJ(tAten^DErC%?t9QM?F02=Mu|y@`Hk
zayDxytl%tktFkCCgy3|oM#N*j#MBGNE}cj+;Jf*S;b3ucMI)l#LhMCSE_Tr9VpxT_
zKp$(l^+YFj4E~HQiN@8JJ&x4=yx3?}_CeyG7)m)+5FUD#488hV(gvRF5wVc)4V$?+
z&DkW;CovrQ*cFJlMShUU8eGR*zt)K5rz?7ly$8u`A5%Rdk#FQU>~9;9VbDnA-HWfp
zPtKERPjB4GdAdW`UTgL;&}vCEg;t-V{`up3Xlu_9ZB);4k_<zy;Y@K>(1oPNEQ819
zXh8<h<M}m?1fDGrXGV~fmF+U@iqGe*-iGiycAG#|!q})5-iqJLNrG%%oa-xW(Q-|H
zROFSZ?YwE%aV}1ODkyqgL(Q-Ig#MCBc>|wzku`Hhv>7q2`W29~(FL@#+XMwk|GVd5
z=aPw0=VYj@pJ_S5$p`W`$M9Xssnh(|7KV@Cq65@iiZeo&fyiflpd=L)RSG0{iA3pi
zq)U<(u9%}?-AGO_4QvoTLS(EuW!E6#nTv>|Fye+P=UJiy{jL%C_ws&rghcK2L;v*P
z?jbP#+6fYS?ToxnQU3}IRJBL6^W7)Vs6Cyb$$cNey%td3`mP@#q{DYh_OQy6&TH|+
zF`p-=8ndm3eGJBA`2t=cE<XIM{8)WISVI}J!+&Ej>Uao`n%UiFUS+`7xu@kle1FQt
zzq;yQ_PTVZsYv$_w$PTs`!`xzLj9Uqv;vYOs@&wId)n;E960SrxzG8-Yg~Yz?pw&d
zt||y+L77g?L2_Q5jb?QfE_c!UFGK$C3+zDGTpS;MMI|d~s|aYb$tr@k2nbR%7oQUB
za<cW1>E34f{J*fd#N#u&4oKxpcUAaKV~5M-p(M}kKiHf>`(AE){r`*2Aw+>OPAPX`
zsGc%XqsUE3quFx>ek6XBiee*|8>}SyX6+ywlMX}yZ3V4wCK=&XKKXxF2WyI_;9Ulq
zn>KC>+nptIxytHb^EU`AR_pmhddW8$f8ZhtHA(q2?;#ee;^2Y2`d9}n&{+pw^R9};
z8I<@+x}%`9?xj4(tcNO|>wB+%KtcGo$+S%QOTH#GYg)8sfgTM?$3h(?JVw`8%K)RU
zczx!_HDvy6w6Bov#YOj3`bkW-v4d+S=A0HrOzxWa8=8FtjpH9OsOp-;H~2`AMM>=G
zAAdn}@{(RzazbU|*`cCb!$X*81flAA4sG5!(>_qtBUCx4Tm5h@4lWvUjnF=R!bAKF
zN&n3=QIP**>g)5@Bb%WG+JVi}DqS~U8`u3#e5y1<gWdnz2ZpSE_6@8BYC--=B2Y08
z-Ze*t5q(D4WlFg_?x$oWj`jrO^9Ado?8klFeO@KXQMg(Uha1n@RdU7X%cscE>{!5i
zlb?QY@a9+}X3Ggy(+C#*%(qL7$oXLf7AL0Vo!^5fGe*%%BT>jjq#iR_tI*dyni$tr
z8nWQ2g*y$p0opWV$W!tJ^;XpX$YW9v^&b<N#s$?Dv6^X%-k)OPkixH6eYx%{zrwjR
z@KNH^N^N*(u&|e3n&--XJ78c69Ki4A?-acB2vuv45CgTCYzLSg4fpTdT?d_|LbhMB
z90!A+$F%eZdxl@-sCymuN#&Hs%td~MH25zk^U8Fr)Gz;TA$7{rLkshF5dm*@&-W}d
z>3@Dtjpe@3N@3@*hrFqlvQ@G~{l^>{)Rz3`PYmCEWRB&DqX?pSq8+3wD@@Q{79!}M
zqy?glRSZIT$s|P?pJkm023bo%S3&{5L57G99V%smbfO7K6nn3Cl(nOvCp2mQJLs&{
z$_1r2r~JIQ-BHb>LU=g>C4C>{ba#HF13$IVfplO6w=yfq-UHV(Z8tPoIuLtI@0q<L
zdo<?##Af`COMqt4tU$uHc3H=X`d%_e^<0TFe07xt`FnOrf0V^^9x(aJVk?V*Xr^u-
z!QPjrxTG9%JTCE}0>F9Z5Ux+ij3Ff`2nhYjM=frAgPTyDxkMN?Jjx1tGzC-6Zs+{r
z_CV=B)nZ6V7pG=x+{@8lJOCEVks(V6gYSkFaFXwvAzE4GdK}WL9IZ?}rs{$Wq@%{d
zKIWNl;tH2NMtgf|{xZrIsSMo+J4H!S=AH-+>J;yG(2?W>2A(;2Et!tLzFJ-hHFI>8
z_2@yQ`h6NNBczx=D%s7+%H?9NF;}~BW$p`q#ovdlldqJ2S08Kqz-;?KKC(iM?(4D5
z-IIr#E5v|Z$^+x!1G5hmW3b`3z{r`ex_c6E`7qlqKs!c8(Iiu*Uf6Fam2g59CrwN{
z)HzaStW=EJjWQP>OhuVm*4HAdFF=2!aU7&RX9_Q20vq=Hrtw>|-->i#8m%_{A>4#v
zL9RAp$Eq)ioW8~MJva>?@f0#ZmsS@|rPD(uw*+8;Q!9GwpM-SjAq7@*f<LU|958DG
zP$omp4_LD#Ny7MD%oJ?FK?fM%lT6uRW*X^n2hKF`;ah?|7=AyYZ<;Dyi@4-da9J|b
zke~ZBaa!I5ZdH+YW>#TmF?%!Vz&cPN3HhZ7^`^>v;5+p?TtifDa8#z##BA{|8pLwO
z{g-=O93;^Edumzsk8Opcyj3NQwNfhFLK%AD9WZ80B=Q-+kpw-uq4QRMJBes@&Yi-*
zBRKi&UE|OEXKIpj^ZR`y4=y8glW~3=xkRKfLJyMkjc-Bc<bM~S+Xz;1fyi&?BNef>
z?_Zr3XF<18#|e@a=mXK$v-<{h2{r!J9k)$1usaj8H<-L<x9Q<O0-XEJc7_kGj|~S(
zzY(0)7sq#;1aCo;J@i*dQ<7DQ8ECFh+FDE=<#za?=gVI8*a``_4TI)sIb`2;i=BXf
z(qWkjBp&LP08YYWj9QphPlJl916B|LDWVd>O8PoDwI8&<Vy>~Bg<;^I`13DwV(8C%
zVEQ5GES{5bDM;jhuT+{;t=S7Zlh9f2Pfvqgn?dn4(SfwkR-}jOl@u_`GmL<IcA_{G
zV&hp}SKI@ezMYq$#zt(OcFgKfnAZw54$-Qn^-}Emd`#IK<>!g?vUyRneOMOmr|~3U
zU$T#fx<#i&l~pX+Du$M2##t>NSD(V8Ews9zc4Hlh&11?ONEpXzT(h9!&8hm2t}yt6
zMNd#@%ZDRXp1J&G<jI0)AtQP-MS|S=pg{}0c$6%Ll3Ty7qI;iV*-yV;TF!pcScQ`=
zGmC@!^@MCL6D$1sgK`!9J}%Cwx>n)fG#YksoWKY!sRwzUREjoD0I6S}uD{u|G#9ZG
zF6@qK>L8?kmKPcb3*vR^J+nS&A9N9~**E+Jy;g#z)a@oVnm|pUl9536GR&<-+)pR8
z)eGLO0lgWjNW<NyQ)%(cH|JxXKWw|F#(>H{Uc17R!oQ0ez7f5dH*)G5ypZn$x6y0b
zrpr<1uJ)2;H^T=(3W8H}q6*{;GpN5I+CB<SHyx|ubm>Rp-%%3`KyyDQ$z=W}n%q2v
zJk2Z#riDCW(j5SqZJ~Els5?_WgEQXkG9##&H2fCZm3IL?!oB*D%Lp?$2nm)T%Hgv*
ze?t*4ABuoDFac`3X=sRg_gig!PcpAahBYttdh_1vsk@APV%40$UuWClxa659y0;ms
z7{;QWN?*#DRKLWg(mC0@WnSt4%50|SEthJ?EFM`WO)<8;1%)hNH=))e8v8Cl=(wnu
z0*%uDG&sz?xG9>sW6=X2%ZU0lbfoBpfedPL3lax!e0Zv!s3;{3l*YvGNIW~1d3h)-
z0Xk#;ULIFvqdzYza21=sZrpsUxH<eVKj!iu8yrz3NGexispE!PP)cyH7L9^LBXKGV
z9M2vriRpFU5x>Dn@ZT*qP)ivL&t-&Pirzt_6@_+~6qUm{f}cDSCGg|2$R3+*xJ>K=
zRaEL_o|b51nB3Z=y2*}g7p|hNvGPo!Nbj3L*qJi`<!HRvs;mB3Jp8f6s~R)v$L0!h
z*>cAZH!_;OJ(XLSD1~lu?d6oNKSt(60x8Wvl&o@GS#6YmZIOQ;bb}1D<FDxeZOKSD
zrK>r-INR>3<|3z|C?rQ+<(5j_Y5H?1bA``bqsgX_sopfmPeLq1@2CprF1~s?7N(M*
zrOR%NZGr`d%ZR2xErm4t#h0ttNo77#B&pHzdkR^L$g4*PmM;J7djy>ce9GFA!4X{Q
z+{p3B6cS6OkF!crXiT4cEkMMH^y#qoLn^{`y|}$IQ}BHV>pe4yWH&;Wh6Oh@w#cL8
z`=BaojY0oxosBs1VOG6Ypj8^b2z;p2Uf82zNa<*+sPL9`bpSznR$lhV!xuZuY{Nr0
z(?%@CVg_k9lJ$xI++Du^*WFD(dDD4+x<n78uagnkjp`c4>J$o93Mby@13P9o{$ihi
z^k=8Rq8=d(+%9<;9008dy5vG5l$W-08A#tzs*WHev1^3u-$k!QR@`#Ir9rf>xM_nM
zR8xE(n!!8gGbTp?kpL%PMX*Od?w;d<z970iLn<GSaqJ<fyb}Gye9`8~frOLi@a__Z
z7U(!rwxA*~gZ&LPK5Q1Y$i*aU2WUPL;LZrRE>Ck@V<zI3XVM_;`_BiB_lR{0qTKFR
zGW<Ya;WxK_n-XbS&uP3I!BN=%Notb<MD?g{N{rE;D+W>p{o}5Ue-pfxbJ`H3J_VuK
zG&k=}v(Nd@CKFknvXK^ya$OT0ldT2ggTfhq*)1R$o$~acT+uobB$r_YutJeHnmJ^F
zEDD)+J~D?^K$zV8MU(_1E`>*4enbh?V(4Fou<;&YXr{}7wMVaAu7=A;#WDioQv(JR
zDo(y}h>Sx@lLQ~dC!3&I%)%ZfgK{8zL1m40hl&>COh9UX)~tp!mgnO0wsPI`OedKO
z;{{ck3z*&1*XPY2yyR%T7RW=5HQ$I-Xf>PNuG_y<<VOGSm|waiW{NY>FS98Uc2{Rr
zu|~%H;`4|f?sKCl{7+>Bi7T~Ge3F2<xf?wfgZLuI-CQ|M_Jo#F7){JLYT-62?>{SD
zz-BLD8^Q1KE48)ATBK`oxo4VVKSa*EXBM1xN`<EGq!5{GF5fkSp4ICjR|2Nw-53B@
z3(IMGAWAlDN0LO|HcW0(ggnk=qXYQcY^e#zbNrcI0}ou?TjnwXKTc7+lOmZsWw=Z3
z;{1E9Iu08(A*a?Tt-Qw29*e9)lit3>)U_2FU)*Q<7x_2iCU3s{>~^^g`{mM(czS&r
z`^wbGPp|kZ(|a?H5k7b8`857Q+j6h8t;M`bdO*bYDx6uKG^qe@U;g6?T{*F${ik_P
z8gE`l_g9?`^GM6!BvA=J+n_Y^lO~)Rk+Myk&!T$!x6vUd-D90GVC(Wc!{OY8^1qoS
zgj4b9zmKyZ_!T_^SHp;viHAxaJzo08c7IX91yeCvs6iq!8LWU#P_sCs%B=?z!Xl+3
zJilGOrJf;Ge@Dk$*{!yYLkxB<n_l$&1<yL>NH1o`Ggq-TuR#Y(H;F*Idudh=8-IUO
zBgHT=p3zpA>6j>|AL0Bkiec-^qpxx^+uc!|#5zM!2hmRsf{rZZ&!<V4(Cu$YI?hh}
z4kOx-Wo<|*IP*=JPz>m(1qfx{3?JY=N?m6M{u)TEC&;my{`gl{&q%l-!-Dq<sF=eb
z9Yx79HTH63uM8(p(7?E5?MZIK)P~|WOz9QQ$et*~ukQK0;^qg&I_#PeNeluA5-yWA
zPSJy+0+IwMf)T;D>%e02$M2SByG{MmPo#c*SMP9AzN!;vU4Agf(JuSag;3X8M^C+~
z8PcMDYF5zuv!a>#%4)Fxv1Px%)+P5J>++`L755comH$8M(x`5UvHjGGjQW*JSeoTy
zP-;cqjkNi=wc`|9p`rx7hmxEUhNlTvXS7WgjC^8UUOrw1Lm4{|VT$CP$^{l&(5Iid
znVkX|fmeeecM^~ymEuZW%9tnss~xYI@BO3Y%`TOnU-&|G_a1V$5e3r=3)RBT^$QUw
zAF=)su7hoMyc_Ote3|qvd8WO2$+<7?WVWtu4FYq$IHqpOIuoE>_Th$RQH&pKZc=;>
zxE7)PRbaWjk_W40UB85sG-u$<#MI>CQQGzn`k`J=>RP`?JX%yg`c;v1PusSI`~Tzj
zjZs$T)*`j37Fb3K)5)hzSdP6$`eb->SXJ1*uNf{k#Dq2K-LrnEjg|`|45f@vPvU)T
zvK<DMKHV@bu;I#*JR{1q;fvU=Cw6E9gZ$b4DT%P%b}RG0R@?P=T!hQ$ETOnXQ#no2
zC4um;;GszaowDQFtzDKsLTlU96%SgejK<jq{Ti**G8fmBBacpQ-+uRUTee6b>*LDw
z>-v4qPTkmB2(LgX&*b5A>evUq;sXXBe!z1j4?62SbNmMnXKVjpWPekRCTZv(b=0O&
zP9{YJlil=MDqQ=D=p<xk9)-v1o-7#`j0Ch(i`8Cg{?`N`T1neFk0dw7{N;!sG8fO)
zHTt74kJfH$$5&$?{_d)7h1-C|=1uj9)u9$$^jfNeD4yjDH+0MXyPoo)O-t_3Qe%6a
z9ASA+gyM>p1#9<`?>nAl-0?dGljChat1or(PK@j19ouQ%mE^1}Ui7JRa_4T(<nYqE
zX~+pQEKTrV`Oub>ijtsrff0+`_mUnQdMUs3;0x)9Vyb(4WV$CV{I9dh;D~47+MmWj
z5g{&s@}b!K6<oicdGsG3qA8c@FKj#jxeZ|o-1C&(4xu7!&z;q;pe1%9At?)PrhM$I
z7YaRbi5cZ0MLG+0N8#Hy;^37Y=w2x`Pj87+!228T5+41uYI6Zd$mS^U|6UXPU@0`-
zY`np_M^l@Rrk6NS!_j##v;qXk2M;UEZO)grN>gKV7P^CC0*(9jw2#!wKV{bR!KF+4
zgzZEL(iy!WDkhMhImK#*nz*u<J<Ii<FF6KZkIfPe@A)5JlkcM0k@DuHlc}yQ>OQ?h
zmDQXUhdLP*XtqW%U8gjD(+)zINVIJQ1gKc~<GVEbCqo(~dD;NWC(1)uVhY(XG9%Qj
z-q2MjZ$i)A9hHZmJQhkkgD3X+%uoJwu#VJ)fct%?!+y`3yUbjVoZVGc1HZkyQ)XxC
z?TJPxYWk;NxZvX1yNw75LWSU?bGKqk-IwHp0wod`;U)+n%Jo+`)2r^B;B|rl8ew&w
zWbU<UMyTMO9InII$NIfhUSWrGUU^d3iVI;6(aG60Hd_{$upYB1i95hNG_xMg&}@8T
z%^PJAmvQgVB3vaQp^AQfOYh!wTEG1%IB&#6YLkD6hG)rl{sXANUjkAs!ddP<xMbM>
zK<x0{*AwT-W9m-u_mLv^%QxuWGX8-_s{T$4p--EKNfllF+tv82rcN*2S4k{t4a%z6
zAJAM_$B{?aMKF=QU|n5z4MQ>V=hl0)1X$Ei-G4VciSVd%hrl4Gwdy)%6vzg{C!eYY
zXB(gNv#Vi?hpitU)E@V8B@iRLgZtkmaH(z7$9sK8m8Rv{D-)|&NW;~Ix)lxnMw{#F
z^}T|?uM<B(UxQP3&F5NUTv8DP6nqN|-h7?#h_JA_?cklEeWO}7L6LOuNi(cat_5|o
zWzPqO>HjHuLvKbA9DfiAOf(RxSTLn)2r(Uk9LdyjPS~rb!L3b8@L7FjFH+iCwXCwF
zgzE+0sp9qrZ5mhPbLt<}?Az?oy`<W7&O62UzUi@2E%h2SoMiHNGXCaHo02(i=xxc6
zR?#C`kF!5*6rRAfz_Lu+LcRsftoY9p<$p`Ir0J-SWUI>xOCz`5PtxIWUDn!ysu#+K
zWTd4_sHo`9V(^0Z1XruTldWw~%dVE2tdT<<>z`xDGST`yg`-#GmgU5^WJuyzUbSxz
z>@96slS$59`}j3TEb-d>0cw)gb-lpggNJ;0(p6;r_AD-Kd~bXBK7sy=@?^iqE!QMX
zbTPv8zIV-3GI5Twv~4u;5NF`^WpsE_q4ecJ_;2K!ny-)MwkjH(r_RZA0!gyAZ7l^;
zJ<*`Vc6HtbOX>H(^U?F?Cr@}FB3o}Y&)42VRW^g-1PQ`BbklkFGX!Y@c(Vh{=vlB-
zW;Q}Mf7Q{7Z=V&IFVd+J%kN}Umb8M-p})gXUM`E%pBo&UkHKs7_2Qdmqp}Ps>IE-G
z%Y1@biS>yV{1VA6e>~u$C;Df;$6x$~(7V#bM$F?bh{h#(Qm6{cl1*T8rf}c+j)*G|
ze9ZK3DR@j9$8Q~LqW?hVxW=N28=Jn^Gg(k1C2lVn>d#7JzQoOZh%jMDjeMa;%JPdQ
zn3AoBh{SYIfB(JH5n{Zj@Ov#ZqBCo#P8ISYD)&KjucIUQGw>;)HE`;I+EJIEmo~mb
z6Swpo7R=S_|7aj5Yf>c1*AZCyhNLm>{6u1lfiRTHQ+`krqjDu4Q0;Lz`HLS_3dhB9
zV8VxQ-Fy7AJ1lrWp--AHXF$5ed=zt<qQ=lW*`6eEX!2){0pDfNa>r0;XcD&edUz!=
z(D3QCcpps`8jMX21A4cZfz$O&DfVngOjMo9m4XatlPAUUH|B9D<iSdhX$d?v9f@Ug
z{j$<}{{w(c;m2qet>JEfg{aGp(2yLS@Y9D3OljlMd#0~q_T;Qj8^xel9LCciAE0aj
zDSE2I;R19Ep=>xTl91%8(HT7eSuIjvTC&;S83K|db}iw+Y(6DPQuRU)?93fUWS|0M
z)u{f29exZV^}_tJw~)j6IT<MUeY`jRTNW~5=_Y~r9R>{sXw7>7p&bX?$im9mp692$
zmKvc3H>>h$8^8RTr@PZ59fM1t-;LSpMM`yFaY#l4^OK{Tr;WufcP9HIg*NVBw-Nh2
ziF|HLJzh@x`}<f_onK8oNhW<T_CVnAtqR6kVO=HPo@toT2CzJTFdg3bNNxY+pt@X4
zXV%%R`jtUTJ$@<D{>KTX-qc;LVHZm*um-*UFhHKg?-=+v?dl7!KJf^zZVcD=Mjv0;
z(J0AJC}_EF;&8tv@5XJ3QW+5CvA3S`eY!U4g5xEEE&vR1%RI|EkI^_HGK~QBH=04r
zuG|s}R>6Jj@-||kz5a0hx)S^Ft5S~=jlG?v#^dVptVA271Jfhu1;m@$xfh$~zuiN9
zY2NOgx^Up&;IKCQa=4XYn3&_S^kEHuusLMPx|P`Bk1e-b8BREWKd57C+)`Td`kKld
zNQkxh{()0H0+XXOJb_fs+oqU#N&O2v{Eg%VA(97hFJ4;!&<?Bv{+G2CFQ25EbjwyV
zDW1emfaR(CNy~Bx$f^?38>OR9Aw!car2=E33)<J&Gx}o()9TrSzZ~*8#KGxneAGp&
z*5N^RL#t|+h?&%@bmHenku1YIY3BtQvkQEF!M|i2^*6VDrn$uj{{`<m{YL~xzZGdn
zcoz+Ie!Rb8Z{JIuLLRGPxt5Tc_qo~W_NViPZFV1Bp>MUbbpXlKQw~!O)f9Qs;%BJE
zp-i8py8V|@<`4t`L!Pmp|5RVWsJ^HWq!Nd5(?WUjXFfxc!Lz7Epo)rAdA_s+r{Dr8
zxuZrys*H{hq28ai4}NQ;MY<d=<==Sp?GDcrN8Kt_ek5V;!O}!IbHv-ym%cR`WSfmN
z*M_%6Sr56xG=pw)vsm#Q%pMfjgWGev+N84NE*cuSZqo0z&D^aWT}?;Z=cghzJB3s$
z-+8zt{oEUMm}Uvt^RtZ&vzukSU}@9q$A?QxRQu7hc!KJ|ea(X`we5zg;N6%fs`EC>
z;u<mh>Zl@`DY)RCU}hIUsQo;t&%8}hQ2-){tB>%%CV+W2v+GMu%ZJWdAUbJR?!&<E
zwgZYW`=2C1V9dblSM%JRc(u&Q1%rHU$^-4&_4Xbu+jXWI-|?!4#_BN!9!|(r(5w0L
z_eU5stSPgiacAZkUOD%0rwIGuUEAH=Rk>&P_U<{fg71f?iA96yD?BN`UL?!~ytKz3
z4$nVqMTeMNTyRms_>08t#&gTocn7VCHxnNNlDAP04X@T+pM}$G07sow0Wh8*>`A<I
z=Azsv5&#?4G*8M>5v?k2-hqEyvBGx3h{uP6-R$J5sDiJ)7`ba@kG?YpM~^XVp+=MH
zDjIp0vO3m=$EDhyb|!7DAwO#P+kPBwv3&*4O{l-WGA!43CrwRX?x_`VY0B048Kk<K
zX<>NoE@X5&a0RhT%66N2MHxwY2g&EL^j@&h>}H&c$-!*t3{58W#yl6OcNP|{qH|)|
z4IM=t&)M(|j0Q%(8O4}|^6kF3KcoTUTC6JTeRO!0@~rIVVv?aE`{{Kynpa43T>{Oa
zkh-658X=4ol2KjWB$oiXN_|{o*<^HanQ|d1QtGzqV%11)z1Ux?o;=j({okQRWCWG!
z4~(G$!59nPP}oi+4_na|jvR;LNKP{Nfpmm;DK&A<?XACyBfw3Kowz_!Bi)wiMsDY0
zVMwBPAaS#)y&V5}>kD$$gXdO=mzK%=u&sBwZ1-?jFms~<>EL(k+<k=lZ$ztr-^Gg;
ziAPH9#*c4#;5+mmO{*dr{tr`M85dO_bt@nxr63(c2nZ;HgfwFklEQ<C#DIW^NOvAW
zL|O>}iJ=jZZi%5&LXeK3yK`XT+~Ildd++;!nfb);%$$ApfA6){Ui)0>J9Zd{s%cz_
za^Gd`TH+^hH?&SmGZ~wixr!N_^WLEYE(%TXAzKC`K%7AJ6f+bySP}-a+lh#hSWfw&
z|5x1T<HNZah>rl-sC+mYB%ebfIkETxQ)@>Tm(8~KLKl|stDM}yxNU=)Ne{r2%6WpG
zEfiO`dbGyA^+fjfTZjZ3<_&`2->67uMz=!vmCshCcg>hnJ;ci`$T0A|g$L5Qt)O+9
zcV(mBc+JF&7u7a{U^-`QO#Yvpu_B`>DFc7Dieqxa!5>^HHCH4yoct`rDhOtB?Km!%
z;rxdsS`OkK(Rxq888|!W!%m$9_v2Sm3Haz!`tFMLoQg3CM+^C5OhiQ@u+Vqf1vZZK
z(c}PZWKNxUgNE&pM3XHN%-|>}>bbjiP=|5pblH3Lu0NRkX!KeM7z&%UNdykO_xdm@
zvQ6ubjOns_1Pkw&`FG^Av$HQcB-W%P4$`&d&noUSh_L_M!BrTq0=seehM$K=23Wn*
z@$>dNy;BeF^Ze#I>`lp6^0*~eeJsg8RIEO^$Jz-bn7c&;`!VvI40P=l-3R92(Ba2c
zs=2D18;MDgk9*(m5o-DsafPhSCqy%pj0#a#XbNpdWztR!g%b!=BSTMuSiyopv%*)E
zsMG|ZglEg|32k<qUOSKx^snvBe-<yn0pSJnqy#x4K^f8&9%5Yk0Ud*-d$j(|;AzKY
z(P-U5e~6^g_|nRAEZ1PGRsTO;0E8x{UW=5VCHe=eegNx!7+7bbcpJabL{ZiLF&HMR
zSL}B9&(>yAL?BL{B7LlY5VPwsQ<Z)w8zi>h6$85yir<j1xN_1E(e(BVXZNw*jbmc%
z<+_@+ad`5gwkN@{SbBQAxPIm%E$eF+v1#0)NJ&i>;#-u<8*;7bX{CcfaCyc5Bn35z
z#9?S8&C*S;;TyMGCEg#>PEQT<r@0S2g_m|gfL_zk$wd{&f%&vwVw&A#_=<aXmsY3l
zejlg4cj)IYgC_1@8~y9;#7gUbD*^omkrl@x2|squPiv;sx<CoCPh0nVFaq@(U*Yn8
zH~}5mX%xvRYC0O%9=bDGXXn1`WPR>eRD?HYufeX{`U|bWovUVDP$VRaaN2NSNyK34
zlV<27Fo*Z?rCl(33Tj5_*Dq`t7+P3l<L2`a(`Wm<59`1|Q`e80UO4w^iV7UG4y*n$
z2)uy=6;WjoY3_?(&;j0Qeqg834hD9SjG9t!K{0gIOjH^8li^YZW081UR0T>4gbWo8
z%vGJ)cP5YvCy@CphRM1w+Az~sU*$<7&dizs6qOkF^{BTinx7`(B4)jqO)VXRvV;1Z
z<er2LntJ})k?}Gzs;nJR>R*etI#!8fiC)9sn8w-3Tb$y=G3#AgWh<#wdmeMP(;6HE
zc$Q^C#YIG{0{m6t-(_FF6m#EqUEp*;(W8ow7W4V+2vUPfG&x(@)A^ZR0hlteXT32T
zKV%*k!CvYu(+MydP|`#g-J)qB$RCS5Z79FR_Qpb0RtnHEc>}vG4DC8ih*f@x5Ys4P
zs>J&(TFcLzh6gbW(Xqv0vsbRqKe|WOd(zq{6Rr2h^xcg7g4^?lm=)5lC!DKg-2XY4
zLB47o3mVCchk-$?+(HDGSflTn|M{|Iuz%+^hhOp@sf@AFu1l<Wmz2+c6Lrv+&&~uh
zm~A9h2$&!l^QCGv;(z?DL~u6$TPD>OmWAm5QtEac9FRB#PEzDcUGX&T9UazF%R4m{
zp%7q3$!#^aQq`U6s|JAzs=KN{unPvIwI=68WkE?~x(l>f{R-Xhee5=f@albD-L>n`
zarQfLB2y)`S6CrL-TweT2-~i0r1OQH{~b9^D&e>uWiMfFTYuqlF9O>@g)}?E+Pzr-
z4DQ|bAMq$Y+KPF2fFK)dt-21R9Ta5Sjo0ihqq1Qb?4YbBW(##j=sJ@4V2gc|E@mi)
zH+MI*f6ZPzrrypj8FVxQ=P($8AJ69?0TnLyQqJQh+)omciBPT+A)^q&mdSeLPQUw@
zP1l9u<!DsJ+I$630U&w~X0sO`<?bM{CwtRSe?K1tnrhD>W_Io!ogy}=Bz<3ZUE4k7
z(zEw`#v1$0q3Hxxx{Z&yXota0|Ikg4&q?<qj#OgM@pn7Vw$EoUF!13C&1oFOe^T4T
zb5hD(&{Wu~_#lx}(7_?aUT!A+o76N{TOUU<ep*9gkdyAPAp+)bhTq{qigqFhl^6?f
z(Gmr#*_-o>fU7it5d(@HbCn~s?t3_iodzlxWblJQ_5macu)%6CA=p68XVdyW&i~c1
zMe2QcbT(pM8y@K!`*pN$AwQkO@_@GaUmH2BPNjYO=Z9^&J{9>h4tLDi*2)=MyoBE!
ze@QrhfLps?XB95J;7IU&m`Hx`f5D-+QQNsk*1GjBlvW$?>)9;x`BIm(!KIGK+a8;;
zkgzX!l6xtOx(K|KMLlB8nRg?bH8dczb4*u~izQHu|JrdL!ZN8>fLIDiD%C9{Xkx=f
z5ISQBh}b#H1R`BC6ZNX8Kk+rFB}1luuvd|f+l1XKC3ph7&N~__d#_0Lq~zBr%I*RH
z32Ghq!AhUD>=C`s@*lyp268RG#KHKzms2(n{DfLz2Qb&PHQ+v0(1mvMUoU0ArmQ;s
z@fGz|I-fM7tB1CO3*x&*c4c)m9ot*0c>=cY>?<X-Wv5aamR;cGU`HfYwQ)?&UIa5<
zD7vqtt%%XZVEAG%c&ZIh5rZ6wRy@3(63RatGvDn03tN>5%NLuw;2Y2=IdT|AxjDQF
z2LdptUv47xr&P?f6i0d#*jvPuE&^n0sIqAz><WqhRK^VGS>n<(0{(#FU_S3oQ)`i~
zQJC$jdd+D-`?ov%T_~5=wSjw$o)_AL;UZfx3&cj`QE@3Nos(Mt8-Bum`rtHVFn!BJ
z2B~nk9IynXp>aDM*#k!VR&vpktKYB)vfqcOcYS5}nUwt*@})Y2zj(U5>zoy$egKb6
z^zlVRY4xff1lK6Jo${ZGoqv@)`^Opr+YUYrBsr^5fdIo=N=vcK?Le|`)5!~h{|`=`
zEe@GfT5?cBbdFSJ-wxD(J^=|ys7gE~fzU1Ot$aZepgsbsS)5x#OLEfK_<;PTeGOkv
z(oN$H>%)pnrU$Q+xor2|IoqqKrg~@IZc|?s7c~wqqBUxG8SL`2jRB2t7ZN(CON@V5
z+V}Ay_j~IDdhNBN0-owXU=#V|#gO*DJjj2k?mw1*-d>~h4^JK;u%wM40~`mp2ymLg
zYRLR29R_qr=;gTlzlMId`ZLgRDycUKs{7{$21kK7A&k-ZqSyUC@>9ZG<iUq*x~c-q
zF2ThI2xY~fLTERuB(!A7Dt0_NAGp_Z`t;`S2n<k!`YTaNoXVCCqEVqRG?)A`-(E!*
zBqfCZ0{W&(H=}mEI<1}g>gzXWnFyItrn|3VkB#gY^vAeBYIdc+O8)CDr>C>-)p_su
z7s2R4v@XM|Ha8Q3$QU_ef`-U9_{W+!^(04k(7_J%2z~XA+*mdEFX|+_c-_YxPb|MU
zL10_$mf*)%>>D?1=Rnd#W2<|m5J{HrAaIU7zwf{0)YO1O8lT<$IiW*%T3GP}dkp|b
zump#JqdR_`u(<$jYGbbr*$&(hzc+Q}JRTE`Jf6pN?O{}?gA#`y;F#$SWsmnh94ryE
zMCZ{)bg)%wTU(=lnpoky;57U^=nS~1LmUNyR~^+AQ>5mnX<;o?d^y_bWvKj2T`*;_
z&Se8T>+V;fFOpCTh^2NRhL4cT*P4a`1N{X4-aSGss36|#>_jXXU*Psz$R~KfV<mXt
zqTW0_3cLlEqH+$yuSl?ghBX%kc+}JuuqkqYDr^Hf2x4+JwTQ(4e|FT*?lDAfkV^67
z|1wIPC>&CC(g#`Io;mBRzaIolj?iKXy;f4~ojR1j|1(M~;<d6`#q9?Znf6RS|8IsT
zaWn#ogyJ4+Za`rnUvtwx4*XX8R{$gJ_~9|-;tg^Lk90dT!C7jd()pjz+)~1by3Gfe
zxypZoJRwMl2EusVGN(+d`G-Y_)|cPh?fRFkO*crvv7@6)Ky_CEeKtbt-9^Z15*FU!
zRXSBg>^PwHPv|6`V*;cjOvrB142WcRMV4=YE3XSBsatioVAX)qG57Mgg$)66=%TjH
zqXXuzU~ZG29yA_lr~C6bUrZr(s?!3Jr`KxnvXLYh79H|%;13>(d`Q@rJJ1ra<LU0e
zsV-Nxj1R89s*dw;gH{C3)kBJ#w--h5qxds$_zLtGq@8xyLNL#x+srxU?b@zDPbE$o
z%CJWq_%ok8b2D%$bi$W*8v;}(ni^fi3D?Y_r63?$lI(P^X{|--6eODI>Y@WxjLIw9
zXyp$jr>)k~wh1k4wZ4eYHX=r@pULCS&Iq_wlk(QUlnFtOK7#MI_ELzX(q>4~15Tt9
zci?3+#f|tB=r{Z%_)V;gp!fo&rq9u3))PUbc7BThpK@fWgI|LBbV`~RVP%8GDqjOJ
za_#U45>HqOwArd&Cf70xJWe^ro?Gt2&cPGU-3FvxP4c{?@$jE8{<DJ_W)HLr*c`a0
zJZV}_(3^mVfCuw|3Ze`kRT>PSlI3tUs(pLU-Rbip6w*V2c{v4IHYK%6J^+6{B3{J|
z?!UG}z_#dILFfnYUtOjic4;&c_=hc&K))m|4pK6WqRJg<3?bgbjQo;vrgx7b_{W{Y
z74KfZROsq7`$|MR=#@z_B-BdBI=>`=<}d8r{T8f~^}hIffQEyTcW0PP;!$~!dtsos
z`O67%;Y009J{$Qcl^{T-Q42F`Gx^^>rCl+S*DT2d-b;+#5m)zWMci1tju&X_Ch&s^
z%MbDSh3W*2E^r&4jW+nGcR7w!danciBkJ)_tKQ2YPU{LkGhkK;WQbPcP(MHttY%Wn
zAS9Sl8TVUci70T+V_KIw$G*JB%)`pp=A;X;pD|AKGMrFQDJ=#Ug0Aafg&nA~nWZB4
z3pEu(x>N)mmvcjraUE|ePxUb`77^w}>G`+u{3~jrrpc$`<k)e+y`u9WWBrEDcuUB9
zBo5G2FR$RMa5A#9A2;#4_pANcRYWJXGqq$QrsTzsmjlQ@FMb+ZrJ1D3RLSAJ2mdzi
zu)xC!*C%LpJuR*L#;x6AA$*tZua(Xc@4_{>chsyK-Pc7p!DiudeNz+^zJXAxU9T9Q
zsz05g5xLnwdgfYV;=bZm7zMl!%iTcwp75swha1e82&QA{k(HB;!fxZoAjvE+iPuUB
zxU_AHp&hvRy|#^Kr8}zwin$#-_^s>ZJ?M+q$^;Q?Lts&fZ7Bl3?+pR#uDI46rDM{*
z;V_6#qg2H$!ekn-x)bTs{yp4;_X~41;$wIbb*l?<E;LHC=}?_z0!d!y>0b+~y}Y;h
zqmN)0<D<CEkU!lTLe)q+Z9W$Y^W=WB4S5@5-VqizSWDs6-9EC7LK4n0>tuo;h1>Wq
z^d>Li`>TOvNsI6tCLu;ikr7J*!L6TiL9-p2tRWr0Thy)Ib^f)$$h^?b+(3#f&ME8E
zZ>;_4#8p4%BAGjphFs`9W)>b3!ZisDVD8EBf945n1dVCQ-#^32yQ!Ys8k)FRx`|`p
zN#$5Xwll{fKQml<by7#>0&3Aix#h5o;LB0Cm4|4N%Am_b76&<pgqX&Iq`$B5wu`tN
zA|HHGJ%lkx$nY!!v23y&mvptD7r{ms>+rqnL=mrJM^L^m+l+Mt;>hz$TreKkd!f_*
zNo8OmYQ`Misf%R=Xj$djn@)2Fr#@%)_ZUcnOy}7#1kb(oUq>kd)1+&u+n7WEkJ_dK
ze)XLxzNI~{Unkf?rOed^_ow3sYk0bv?;M&w!&)TPH2hKW>!bt`jayfSvffO&G;=mu
z80eINy1C(5+{4d*xIXlDc=jdwnD;itvqS;jjG(Ll(st!C^T*AiPs3ehHfKSFxPG5K
zPL&(cbbk$_{X8nv1d@Mi2qar(odD&7j_2;P-U{{j630M=;R<!5DzO4}_uUCPG>ktI
z>0%uf%*DtP!32HG33ry$7XycodknFdf$8OZgnyjYEZK+6l1_!MtT?sF;WPEZypvLy
zg%6S~(Kw|0h-zdEk?+^Ve{giwBE3O%3{K1&xSJ*iB@yJXvV%Q6#VPeBUyt4{NXeHV
zQfKv>Gy8O27hdPfBTz{Q`B+QL6P#&?Q_4x&(Nv1~(aN~-pP&m6WhdQ}<}oAea|Zd$
zzu%jYXS*5y5XTU_x5K;rjA0WYYcmll;vf0XvfUjrR%xfNOkLy1rz3K@nXZ(}5RuWX
zs;?F*(VHwVbBv%mSsT7@i7~{FOpy=nd%$UyrhpgHy&dDaH>_;#x}~Vmgz>isIDIMP
zYGAr?a;qsbb+aI_7=0duOmUgx<}0&6xD}v|Dcw3CT7XocLF})XW=7Bfn7<w7ulnW`
z(Y}u;#U)%x*a@&y`E)RaT0$M6U?%uiI6JJ((jEn6-J-_~?Oc9p2zSQN(3<CB095OG
z{h-#%ZMk@Qkvd~J?Au=tK3*N1QVfwZU+ur{E_yIb+8nH;CE+ZTrphass4MY6mJ=Iy
z=+wfNVp#rros3$^v1MR*-+{33)cSDkR-Mfua}beh;BE+xJ@>;2Y+JSn<fr}qtTvs*
z!Sf#OaYA9-i46143EiAzJSmqrZbbXhH~dD<rxWCTe8mA2^L$+YYTAztcys9Eunj~W
zkb>7Vod-scLV_gGr3YR7viQXh-n1;IbdU+cPH78RK^LqjWi(g>kNH~)qm@7HVKt5U
ziFLH`qP9*UA6XpE?9)3O83eeW{Y-aLvYFB8Nfm0`o+WHAoXhW7gZqovlwum)`$LyA
z4|7$G#rLXe%K9!wk9L9bH~qJu(U4-VVq;vcMzWGNex~X1ZV*v}U*E@AAw9CE{SRsv
z;VXl$tSRCH(`Tnt7lORz2k;*>(q!RZo9c-VBzlAS_r9>{_u8aW&H1VbXr=_O)n520
zE*3Y`<v7H+v&G1-F^hT|+{dB|n;^2@SH+Bxn+K~SUUOOI2#cF+r^pO*cxG+hv6Jz0
zp)b74O+NEG8Gd?7?~I0Qi3h`A?%TEM@n+cRLR)sB4<U3|C8yr^hQGG?W)Bcs(MCD8
z`Ao5Ln(tWJrMu(&J`(*t?*UV#36Ubk_M30{Dw&zF>i$^lN;u}w>RETTOpOw+m$+fg
zf}mT6HkJYMQ-W%5K~P((4Nt{3<uPAzNcvWgU{vzcaA+5rG5aOZ_N=a4b6T;c(r)s>
zMvPUaIl#!|>WL%Z?=D?RI=y@>r`s(zsLl6n$D5;ZDqOJ$r^+Xx12`$u*ZWlg#fHaU
z&XaLnRasF;wXe;j=keMZG}-{qYgtlU97Oe*XzrWOw{hgp6-eryP@+-u?0Bdo?rARV
z&V*o(Jkk8n?ps|-edG`&ta?pvGmiZ=cX~pTh2`Kvycxa9wpO8|6Kl>v0zY~YN*=oZ
zh-1E1z_Y`n!Nu)cy>E}?P)AF4E4jzvKUabs&>qWA9*JM@m9T+<H#z9{=dCFD!+RjY
z;{t$?2=T9ZKB!+6q3VQ>z%;-^zmFS;rmnyE__z0P)18nE62<ENPWXL%<pHwyNeWnc
zP}2{az(({VvC?aV<wFCUn9#GfQsjakEpJ-+_8O~9mm}AacG0)7MCaTzbI@yhf^Hni
ztC#bcS@|rn4_Z$x_BzKe5l>+9#J2Se$+54WQmH1=YTko$WlH1-zSe5aNaa2D>l?HC
z#eUKKg-=Z!RPxpFs5@CreZ?eQw&-}n4=u)YGv`skjNw+HTbEMS!J~MN$&#<;xcX<`
zBzIMbzQXP&jqodhK`EzNCS={aiatxDkT0LpBUrL5XC!dT;UWR#9k6YtaF8Myv&oyR
zltRV4xQbkDdwj*IYdP{O^+!_FyLRZph=kM93lm3WoM|FsP$Q0qkx4}ZA)^~ZVb<EQ
z_w%z8Lms*2p37oM{o-aK8&S`^;k-<2rlzireK?1ryT*mt^OhRNl)YjX2(a3K_m<kO
z7!sVPhsj2wxl#yPT9%=QiCmAZaGeN~+3N%6h`Rkd56;e`{dMk33*|VyPD^+hWAJwP
zSIRb)%JfDO=VBzw#AEx$6>o*?`{w8vCEq7bPihHE<U`Cs5rJmli&3cs(EfS%;`FT^
z%c)1UU9xG(%L08IPXUzy78aQ9)qd673!8!?U*}FI!KUENFG4pUpeF7yskEi{KR+tz
zzbIndZpQKO{Af)oG5t&q$Hw%=)J`~dAjFSXEve`+l@F_@qIA*oF@CvJt0aj1LR8YX
zlHEd)9G^GddCvD{Bu45eRWv(3T%_5*BIL=N^C=Veu)+6<eOYi{xI6=uBS8+XhTl4s
zNmw2>4g7_FXOA{u(Da<P{4(yODKoII30DLczOM;N;--%s*a02d+VqyoxGO)%Um|A*
ze9Fw098v%?@&z~2XzBA!d77qr>lDzn){*7Vv+lSPW#8pbTDyqaH9o-PEl-G1u0m2I
ze+nfC#}AvV$C>)F)^$Pvrmo$Cft{4NPdQS?n;`A@MMDGrIX56$U{Dyo+`uDGoYsQb
z|I${zm@PG-4~BCn+)T4PPQ35Nw(+;P>}IV<%`I}Sw^Vq)kr&BgUe&Jere6}0=j~k%
zpVaYmGyKl0)TgKhHM<@+Oi`@DQ|BTQ8uFQ0nAL^xWVxGstJW+&(IovTSD}%K^V%;>
zaZ6P?z0fug8xmo)8F@}*koh19^mV&WgZc6eL40jWNb;jOx0&>NqBeZ7V-4PEf4b(~
z?c8TGG`D$Yy=mk2#@k362g%L3z^lLUdvbqEHY}u`H%;@CM(#wmT=>@5XKSRK|M+PH
zG6W^1@MXBHfT^+-ecv-1EAhC{$b?W4MG6D3hIHulat-W$pUYBy-^B^?>i$b=0)dmL
zXnLK=y(1x<KRTi7n+K_>J0BV9$#AY(#Hrma!h-0rr?-qb4#?*t5#lNvJnE~zhdr8a
zpTFLz3E0^5^E=(L{5{ebnDVk<dfjO<CYz#l3*P8#Xroi}?I&u#LgA0a^^96q$_;qm
zs?CNZ+C%Ee`xJ1@UA-Hihztc?a*+YP2TSOfy&RwocH=$auw7ezse1&soQcK-3@Hc-
zPd<OYdFtC7LYzqqn}3Gge~qf3l0VhY%8q<^@1P^hSlNO_pTfQP-nZ<nD~nWCPxh1d
zZ!lYU@ilhpC)M6-n_u*R-}%Vy8~U^j`3Iu!zXXee2>?Z48GihjZUm`82*4CRHbMYG
zD-R6NIWpw&rbh0;>g>Q2dU_QiQ;?OK;iA~f$DwmIu^%~sjq67SvIZ5mtwK13JwfOI
z>}d-la4O%|Qi^<B-OPv_zb#sI;4$TD!*4R>%00s}S-k^|AF=tc5Vxg9@E&PRK4KNm
zOMFaD*NYGS^8=6%rj<N+`MML%Wwe{NKa!^<VgOIpj82yk1?*>qR5qT04yUjJU1c7@
z?UyirjcD`ni`*PAKX@7^vS7$fCQ5{#seW8rI15(`1lh|1mXggIE8S9Rc0`TvGdz>!
zmVY~Ffvnl=?6S{%u4$3r(H}s!MdY#aogXru``4#%IsqP$NHg8=7GXMeU;@n-neZ?~
zO&tI`@Lk6-U^RYW8YZqUw>vRd%w^4M*5ILsFr#eGsApte{ZP7foy3Bt>fF-o33ews
zI($j(ql8Ce_je9vvS5gx@;^8(u`)b2aFw30i|3g2ptQ29%{uQIE6VX&0K27ge_&Aa
z-R^-R-v_m(7k}nStkENV^12i}8V7IC(iakViF1p?@e2rbWfACh5wiiw0}8aZ<JCuC
zf#f4dJFNK<lpWB$MYu&Y*|O*JzbF!7?t=@fY{bj|9##L|CY<0Zgir6yXO6nJ6DXk+
zz!Untq8~Yht=M7!$B*`89e(o+Qg7tmPtLRZ)pwue)WqoOwFvwK7TFI@|MvnSt?-2J
zPi8&g!S+caNpH+nyLr@Aq4{d|i*cI$L^5~N-Q;SViAoSBhHW7JC0D>4iOTu+X&TK8
zyfpC+lZ~e-)zM)vY{%~UDidMn%s|f-Y^}?Sq&g8&1h&FGK9iE{tb<SlMByVr4SW*T
zs>T9GSFgU~YC>KRGX{PmWbMQez8*+($Yr@0O#52)d+9-F6!JZx-gTILKmS)?+~BGU
zON;S`e%KX}`yjn8pQ_M((DF$8K6s2u1s0=m93Ed29%DRuzn=8H$4{@qMK`f=s50$G
z@5ie1-_L&JqkfO?+Sb-Fw!`<WA|Hhp_5--WRZ!O~kjH&{E#SLg%442<9!Oe1^yq^#
zxsHw=QK>_hL%ppS#~n@?X5o6;meLsVZ&<JB=*~a!)K0`tj>fcohi{7>1=OJ16pV$4
zt*`txcIg<u(xlB^%fkKrftNV?BajVSf-$lRd!%lQoiE+uv-IKCY^0{4e0?<u%kTX2
z^1<8?+>Go#j(PAp32${F$b8<pv6}}}jJQUm*1hTNgk2sIiI=}au5fS^GN^^oM}r-x
z^LoGzJkq3aB15;+wcBBFCCPy57y4qfOJZCb#>1=&FK%bI1S|okB+QTTCO#*O;)FUw
zDz?(UA!d83O8S=jBRT;9FLl^;tUUr#`|Y3Cc{~W_;nQLX|6;jYs|3SMrZw*^L`Sxe
zyZ7#t@`S{RPPBJ-y_OTRDTjg*KX~zb*u-;Tc$Z?laiPQSmdx)gmykl`s6?{otqT&O
zd^V}vS>S+yF&X6Nd$h*~`p=)TsT){uM9@y)0kLXpA6-K-_TITIF6IQeeS7hQ)mP;~
zsV(&QyHf*}qUne+@$wl+!jp0aD=?IPTB2?se7^j<6>y7qu{magaB@~1Ao~FwVb8Mp
z3+g7l2kVKoDvX?_{#Q}w;eE#hnTZA{j@x>@fp}gZq3XUpVPJsWn)CP({Y-#@uq!-}
zZUo?bj>c0t+y~zt5uPT(%eEkKS%%5SCcfrl_*0d)w=-l84<(xE;7-Z-y<=dLXQB)-
zo5|mtig2gYS$j(p_zs$9#|5dq_GgyQ(!llRoXMxxiPG1EXNd~_5HDIj%5eeYbX<}{
zNcZo3%DdsmbDiss7Zs-XUZpP?YG0e4(nJ~P1O$M8?r&-)ki;R!z}lv-<*~DV-z83n
zu<vmtv0)n!Zn6<%YOETbVl`(G-R8#|ewn}HZqfg`d>^^Ib3)fE>2h5uZi*;urhM!Q
zk?oUeB7MlFzQirW@Dj}S{L~innCiJDuH*!1`DMuJ@|`&ojLH$g8?W$tLre~k);I{O
zE=FwUU_TOmW_?5#&OAe$`Vyow{(PS}em!E5Lh{MsJ)9tsKgX+2yd!`H$P@8FbOgYU
zTxjRGbU;{6)mY={<Fisv3;--q!Mwio!UxKif-hcMdbkQRb_)C6Fj;{fWqvpfEcS@$
zqyErUaVKs8{x-ypLMcng_bZ>MnlJj{od3N?EVqOAo<ly~Yy*5>N&f$oxCJzZvX8)8
zkMFM2_FUf5kz<FBD-$i9kn42uUz|wpNNbV2ZVmNzLR_XvI6ZaA)k?F=bUBIc`>(zl
zN4~`}ez_BpGvFA~&LMy254lGcssgWF4{U);BS9OmJTM7wLCCs<55`w;f?nmzGi3m$
z%B;@Ax0YQ~kab>D&aj~~M=D?l=9EPhQ(3sDv~7G~D|hv~{8ijKugn>R#u|MGZx(`r
z*DML`v<97}sO`x{?*~gW_pfA^ar!E3HUzc^zM}?}0b|J}&md|m!l6&-P$+bULVDm^
zz)w&=gfGcn3`a7d6V*$IU6_81z{7dx3*-hWoSGfD&4!)V)Yn+NH6&$+T|swrLhj>B
z515yUt%9RqcG##8_+Jq_EX}P6GzP8+UQZBDGe#5!ambaL+y_g4FC%(@I8XpABB;wz
z$B+t;VEl}{SujFgjFzSEFoXt1alWecSx%*a?iR;9;7DuubC;EZTENv^rL7dA@rC@M
z#v-f>JfV)(S!SY8$hj6GA<}^1?hi{Yd;go0dFk+)>1@QCjE4&dleeE0c|Ve|e6rc6
z0i(GT%1GlaF6$e$R!ZjoDMF;RM(5);Af|GQ<Hu0?t7@&s+A2(3%m@An8VW^8c$*8s
zw@*!Y_NC`JMvzqwPR5I#J)Owrj~kF^7UKK&aD4MLIH#FK3>(?`nkSO2zw5HGgV0~Q
zed`IcXU*kjZTg$H8U~#4eAkN66(~b3+C3Cc$~crt`6-bX4|@tg>sVmHABPkG)acSD
zZ+~z~#!8)UskJ_DH|&GosyI))VtsivkG-QOVPO9${NJbE1jCGkqHYjVpQD*Sz2axg
zpRO%YqU9gjeJsS2@<(mS5V}fcUi68ob)E8ohdB46>wP^A%1@Jq*>^<?v{`9k_U1(9
z?Jd@?n=g+8ZNvYb`(_#^@yX?q6WACi=hu2n_fDq;J$ZTW)u_-VIMNLwzx*v(4&>(-
zEN#&3m6Q!sJ4M;YzRO!*ejv#Iq?u0mNvZ;6>;FpxY3VmUQGTKt5Rx+qLf!|hj}RHb
zKq-EM2J?s9z4t3*j_M?A3^W9-aflOOj36&lV!3YwIuPO>NPW}_=KKZt^sF6=(HrTL
zkODUKY!)dE($(ExYKS;yA|CO-jLMdYY^QCHgP@-{Zah50t41j#KiZSK(J9^DR^cpt
zl>4ZQ`{u2y2*ZVIEnO0c)M8m*8TMWYyx|bO!B8hd$aw$ZN}<HV%O$T{E+AIqTR_44
z0A88;Pq53zTpY*n)9j)q3f4`*@w5)Y4%}eo01wAI5!dPO<EzifSFWZ2&u703537X^
zK|R}75%2Lms|dXOk@oWf@%3ojI>|&Ca@TJONC8zqG%6E#*EI%`dIy{kB3}cajIF0Q
zgwcDeK8fa-oaI15lD->X`@pbLi5PeQwzu5r-<Hd1<68sVA>qU%N37ERV<q>#JtGPF
z*;-++cZDK90<`?bG8oycAW0=KOg=MHvCA?nMw`Sks9Cvx6!H-vZWW)S9`}M4qQpy1
z$NB80|EflE)vtQ@JyNoP5`0gbO1Jt*=d&OGD6BS{*vH;|bV2L=stLO(e>L40wCsuN
zd7q=6CfsY$uQ@<u;zu4G3vIekZiC*$^JVL*emvgb7g+tUJy*eOb=B-X!nSy5tFC$Q
z8!P&$a{bx%i(l$L@z=<u$6%V@{yL+(pUZmA56QM^e^sda?e9cA#iK9QQ?T{!3eTep
z8ZIFOa2_?b_h<wnOpE@|zXfQ6AKvW`MuJ8TJwk2dC!e!bVxHkTclg;3c?;HILI((8
zaoyoO^)6+7!_JU@{-|(I(>|#vkW%n$9_&a&7OPr!BG*92^OPHh>#HdapSQ<N`MRPx
z<M#X~ZX@v*<d!!rkNJnd89@7nSA(C6>`l(QRS>%!%M^yw_n&Tc0C^g$AH+3X^a)Eh
z@auDFcb1^@5Czwl1mEsFZG={q?vvgo9C=_{cGxLkGs3IYt2!AY({)2IgDs4>C|4W7
zG<ik%khI-%-*91eT>?rF=4LL>tZUy`NV$P*@2fio)OtWN$WFk=+M8$)kpZ&d^juj%
z`DFWxHP9PtgS|vLyOv9O;LjdiW??51;T7^3(S-9F)l|EbrGZ0dbhG>9aT_LM)U4Th
z2`0T?bx;xowlLlY&5r2qgRd`3Pj~Ze)boO2=PrNR@5=Vw52}*oDE1^Z>#b?#QybbH
zrRkOq=@?9AI)(}d^_=~pxAr**zfk(;RlE8&^e>cE&SdAagwVd;>?)D^NJj|Ft@@7P
zFJ9_*>v|M#sE3J-&DI~df4+KeXx=#4jO>%<YVRWpqTbj$to|1J38eab#D~=Lg{#cu
zkCxhL;@e=guO)7A;OB|7pN&4VT266e&+*=QgJy%^IcsKxOZr($tbUASFjB9JHB@A*
zQNZXsKbMR*uqTp=4{z&$(IywY)9Q2Dm3X08m7W>|GT0$tr*f7%hI@9{3f=6`4V8Sp
z5rmyxkoLzV_e{<stwzX(o80(V`k(AV^&VH-O$WYz&hnKXdy%s5GV7J{JLQD<o75v=
zecRjY09N+T1?F^bv?};-k)HloX5){)@0|zs^_1(}%{UeChBS*=erx%b2fDZSK#~i2
zBP`}ZPznd9Ku?y`y*ga!=l40?j-yk0#hOK{Ewq63;F(9<#leG}=Mwg`;$2GafNv9q
zA3nmL9j@)Rl3MkmZ}b8odp@eCS@voVK{XSwSi3S_`Q%-Jxw;L1GyZf(ez^+)B=8fE
zuEe#w4VKG$b$?;kBFbJ#`~1T;R>C8sm#3?A@}$}U<-alJQrZBv2rAt^#vt>M-$o&^
z{)!L-0_s=~smxAOZosb@Z<c)cVJLg<b8cm5)lq-6w5fK!hw0`1XKO(0mVo`MDj!`N
zuhCEk)jaBrl{(51tKYRkXf7nkhXcyrH(B<_Y6@s23u(jTzZl-$@bJlEoXU8kfMrNM
zgkM1#uXrC)F&VwBof|9y&jovs6$!9ns9=+5IzH~^F|%YL=3%`Nt}&CB>rK2Ji*vy-
zpbWgF?iRmn{F!aBHvhu;UCS{&hzJSL`fz-CZ?YTJ9nWeu0Tm2AwdlfMSjpi>r@aOM
zHXJK1jRrS~4W<3t?2PTGz55;?VX--6bs6i<MBDIALcwbGGeQ*j9@<=rP`nOEn(DGG
zF4DbW8dbDYeXyB0M5BlKHQhAfw~}L+J(aodRf4=b@}_^h;cd>R4^FPb6Fjj}F3OCR
zq0wAlI`97K2_zwZ%k@C+3SqN(&=`CA0qs)h*HDDXPj01$PP&rstAg|Bh7Tp0?iI1A
z5$8Tb@^YC(y_@^CH`xNYmy`I<9fN27FOko={BsV}E(5OqckTk~`MATd>6q{7s8<^_
z309J$6~>9V4Un<urz^95%BPjwhMM^IUNGPJtfKq$PsAhf9Q9DwMk)LJ0o+VbfXjDq
zauMkg$~25Fdo^XY!c|OX(ZBb~zq<Q;9_$r?Ca$QjzQau`{xSO6(D#%l-yZB4q)YS(
zXNqNnl*H#1)zf2T+n_JSpwz+5f`{Fo+*$6`G9Q1W*chs#qt587Dqe6^eo3wI>@vRP
zCqQcS-EU)Y(RL}_14wuEGWwUt*;liq6|y@MDL`ozS@}vEUSQ{utolWVT38?A_0wzJ
zmMo`#u(~<u$K}@0h8MR2v1*&Ady{pIf4f?l7Y(20>)y#UyL-2F;u>KpCVsauw7YoL
z=Orf%-(a1{!38<wz~x{AsePuUi}@020_i-w`qZFABI7RE@h;5RG#N?J(a{z01d!Z@
zk+vy0`S>)&PKCZTk4wUre55w1Ml&XuG=Y2^aJTVlryX#it1#E5Pc%Gn5awqzoTtXO
zB-sD?i-lPwc{vNLa+)Ri=f%EeLX4jE?=P9!F^{Ro!PE8Cw|9B)33rLnzg}+T!zJM}
zm3E?xctMlTuBu$LDzBR3Huug`;ZV|xGxXVt?xC`LS_IzWq~=umLK-i9uA<hxwTvI^
zGd#mBZove=Gy-1JaRJlGI{^umd-FL&5aTI*Zhd%$6a=z$a}&4gdex4bcFL`Ahh}$5
z6l0<xn)oU7NGD;*;(*;kSCk<7O5>}^Ck~#SKJ<ft&A|Wd0}fC~WBil6XXI^oH?i%<
zn+3ero^Q3^ML8}oQIWs|_v<L0d2AF854=Q2mf}=KdfV5?)V}^qmg;W_{xeL``S-Eo
z7WH&_ynjY*r49c3H7Bjm266Ci^1-3)x4P9#Y0})oSyuKdaH<DM0WqnZzO6Z5IvZ`*
z0+ffH7s=<1xqQu*783o)pzge)>T{e!6(O)|orKM$HWT1;Vc78cEwq<2O4Q{|Q^xtY
z?bS9sGn`)t`<qpw`xy&?`-?WgbT4-FF+!|=z)YYeSTmkYs>iO(IU}4H0ExGb0K2B8
zI(TEeuP}?`_Ktq-H>we!#8ZM5+NdBWp}W-T43>*IhWSMxMt!wg%D_}eQk*96OW62%
zC9(wQq-Hg1e)WB4kd!F`Wk`nCITn6ua{J<FUmvWaI0ks;Yu@U@<(f;uaV?hLkndRy
z*$v?r1*vsU&`7VPU&94<5|eedi8Cg|D+)CDJ)vuD_#<r*9CIDB{OQ@Ay7-0mv-9x^
zTloTm`fnWa{u*4iQ);nG6fqp*CL%Q`_lkc?UYYXpWyf1HiN4}ZtEX#NKRnwTMpccQ
z@b5LAi+7~I$GOx;wrL$P?qB<Ijmq^|!X4W2GtEEIJu7FLDY>p8a%|eUuZMWB(2bH8
zQY@!F7F|kasPvMnV<Ty`X2%HF8K`!6Q|KSI@?m{0VUbZ`gQ2EsrwGB+EnEOt-Qv@h
z*B_56I~>hdzvVXdS8RJQ_PIqT;xBk(u<(VM0qmkcXvAy+LYmBejC5TBq%7~PIP||`
z%(d_T@p-mPx6t2~L*MD;Nd(P)vvb*gOqTKAQ)xmsK#%+bdous@Gx9RGUcvzy_;1)M
ze5hYbt`xrM<|>HaMe7Oj#yR5u%)@8SQ57A)Gq%%(a2Q)LTDrvOtL4$4H5F<V60CG5
zYz?FVL2A6jh4h61=KvZe3I0F_yy`kPh;|D4l8z@Exyxp`ga8K7g5sLqVcmh8nD_Ig
z$xjs?eO`j}@H{Nsl2#GeJ=$H5*De0-H~d3Q5ywQ5h#j$R6qu<)P#0RH18)M1T~1cy
zY`R>0QmQwFF?1YHs?&dS^vs64d@dPuDl&E%WprNNzc*QFRp@(!^WJ7zG2Ce|HcS#;
zi;`U~?<?oN{m7j_`Rrx`BZF8bqNI@0zHf76FC$8jv)tr#!}0<C9f|@;50>R^nN<#X
zSbjNj7vpE{!ZWu?%Kh84#kL8oq{X6qkzFl;BVO`aX5=|xtBI3Bl#Dv|(>cAR)`+`b
zG~<N1>)aPL-c}oH++<Q?+Js*vmnB;IW?iS(GMIF)@#n=nO@D<R^L9gMpc02t^E=(M
zU}w_WlMVD#;KtWGDt|}DVN?U<NZeS;%Ezse4%QQu<#E*gK4x3wmm~(kD<7m>4PNh0
zSG~JcRQf6SU_Bfhw41)E@)JCtM_h-eE4?^u6|0($;vX&=H!A`N^?g2-%4;(dh%B4D
zS{VgD{hC6FN!35oNFM~x;pSEZBgp0dOR`|uy|S%edX`(rZ24lh9%8vu1M5Cm>LLoU
zi<T333$(6Dvz;20G!s)98{dBDySZ|`r1p8kRkZatYMCVrXpb~>UTq*E`@3B3HNs?A
zy{ISKa&*lxEgUay-E+HU_8Y^_=f}|*oc@>{I*x<=qI8-8*9G)o${AR>jslPm!)Hw%
z6cf|k4Hnrc0_=l*w(sa>c|KPo`-WLxk}4mCR#Wt@FXU^cDDMWCpS_8fp!Ymq#Xy?n
zw*r`}<x8$e@A7kDGZw?f5DJUaF!fap=bcfp!-tE1i%j%|4TK|()?-v>m3NGbg~NDt
zI(Ocwo{0s=pu+;zVl<ljG@JX}#GY^^p!~tdN^q(Mju=@!U%P3EA!MkN6k!#!+dF-I
zlJ)164`;ikgs8uUqESK4c+waWA~T^El^GiT=Cxld91p@j%agBwyS17G?un)=Zks?L
z*~P>C&rd23Ln93EbjMzL16%x0Z!Ncbum`!z<ejHSgB+|`X|3x}4zLM7Yd!%~YDvZW
z(KTFGi2T;R;@xFe(|t5Z`&Fc*TR^bcfU!_X00thWj7{Wr@fAzj=mwh-D-AmrCpvHs
z*1nu~-3MvG+$;U7M1x%c287OzT`f(nYPsJn)bisQ^Wku>KKuukaHyR?jedPlkZ34j
z%C@TCoezl#mecj`=+4M@th^Q-nn?sMu+b1mQ@C;Nb@i=J`;s<#1q}kQoKG5o?v7YT
z-uX~RJXI)yjBH=t9;rVKjrBZd@;tZa++SR=_B}T$^yc4~-l7ZveC99-(hb<U!`{9j
z57S(f=g;oU^)~anA>~=A-gV*R9WpK$`TG%{$=qyJ&qRwDrM;*U$zYty?t*<tsFKMY
z8{Pa^$~c>ewP-&TaAAKE_NNr)b<rpOe))(kw5)Zb<e_4-Ptg98LnfYv>;PpAvXddG
zV4FwsJ;v!lWL?9_4#(DD<-a{YbC-VD0dh^|vKn=Ye|;$309uT%{Nhn+Hy3IEU9b#D
z@L$+w3ur}$$Z;LNQWOv#A}<1Y$hZwYv4>I<P-3Zbb{!HzcUHHKbNJ^6^+Xw*>?00o
zc|^BYuN-*i=m<Ur>iH+*m)797do@7`90A>uDN?q|*#Ppu);H^JroCz)hl)@hnEnim
zdZuZBl{K3<t3TA2TGZ9!rI!}wUk`ch<gaLNFV+IZa?QK#W!{$h+$84x+1SbO%~h3V
z(i4K*q&($jU|^$5*XpM&Hk;EK>1BQ_U92s7CDA(J>&u%uVu0wI4RP9eh`jqF(_nM=
zPLA#Uv)|Duf5qt@6B$Ix0SsKU-H`T_O#d#~{*2J|T3tNZ{x*933%;$h=f@~~v43Tt
zHMDJwDk9&MQZgZ?>(<M{&=|gtt&G5=Zn-^)@xl1ppbnBx!Or`<zh}hm_a_swH+Sbn
z)O6pw+C`5QCmoS^A)&_kSQ!RtU1P_Lr!90IPlv0piEuxUS7=u8+{95x1LbGO4!XpP
z2vp!O3mGb5Vic9|iRXq4Gpqb*SzPQD`PZT6)9PP&WDYJylBO%4o7jy0<cijIly|S9
z?cOAup*aS~{FM<YgviW?le2vz=|bqvtNIYSGX)(@_t$?y{3Ghq=<yr-gWhL*qfg)c
zQ<72pW41KmYqo=S?R4?M^+Le}+xvgA>Fw)e^Y5feKb@{rPFwvY)6SgrsE#~mJZ^{I
zrBmbQH?}|MdcSEc8}JF_{BUdUra|q72MRCObH&&CiTpY-RnA6tHce@BtI!)!B1Ezd
z`7FBVd2W!aUqe-ndg4d38H0IXDF)dckeO|sbXBQ}!|6DYxIRDSb)u(wDjioy+K4d9
zlLU(@ZL2jv-YDOc7^nT<%}8C^m-zef+>Jx|$QjvEnUCXP4EKh!2X$D7Y6^F|1$;%n
z7re-4U9=l3za6`usjyyg7RT8vpZuBX*<g1qp-JT5f$Whs_!jOfa%qj?DYpjSFMi`H
z9<2BH{7Wp}mRo7KdGE&3q8yvQ-yhwLDHm>D89d+2&7OydsI3Ptu0UTlEYQon2k~7@
z8z(pS%h^1g2rK+P?BDn_7&ZdP;7(r4+P-k|dK)K)t-r7>onvYUdn%wv_Dhb~zAVe5
zC!RUIQ~Ha0%-NR~ZMR?|1)90kO{U<BfuK9=GM26Z%mx4y=(RY|DY4)AN9(OXcbq2D
zPjLB3zS7~-A=<TYpr7GnEgE<6ZX%SKm;*Y$Q1RoAEdi3SnGEaOkXY@_xM6WUa*SrZ
z^!0gccXlw_L{)znSNm*>bJiUEbtdVEKs$(9K|b<WNo0*nfB2$I+_GK9tKqRkE=fO&
zv}k9txLvi;-|YRD!4w5AavP}EN1i_Zb;@?D1Ztdh(n^EiTkh?vP-A5Q4G+9Zpsi(M
zp^H6mJMv!2!{9eP*Oa@fGdP<rIuC;1gnpB_w(#P%5%JF2{-ad6cgmQZ0AC(RQHZbF
z1E7k_OZDQ^lf$Xb0-3WrVQp{RaNpvP#iZMLyZv6lcxj_AYqKKi^lWE1!`{uST%G-X
z`ge1%`}qU+sz1b}*t7FzwTs$m%BD%;ddf=j2RZl{p%>;YdIEPIq=?TFq;^$w&Lej$
zp3-1Urrw!xAwORUQBwte0y4hZ9(d`3&5{6`rUl3`t0?#%yBR>%dR(%PM=e9IDrej(
zY~rAZl-NLuzN$6-;Co5=5rFC~;GXCe)_G@-E#Oml?E&%xmJwrywZlO@m+7~G?0I78
z(A|m9ntF(gG>c<JdF7fdfv(smPQBzR=(?LbQDdMy<;F_RW%HAS&p$nTuqSVXgVLu5
z^Ojo=67^l>7r~Es2B&{b-ss>;V)l1qbQ4=QyCc_~KWcH78Lz=Zr=+7XRr$90`?tX(
z25Z%g;ST<_lSwJXC_&9vZgIh(Stg<Z4=oOFv-Fn?`uE!`45pub{GDF$Syp7(e|B0O
z-%uyj|82183;uDZBWH&HAo1DJh+w4az32H4A9wZiN=a6BnXobJn^@DoW#U;*GX{1i
z^3B0e8dz_eYe&q_+Ub#{$a+<Hx?1Ai4Y6$k5b>?#Ad-~+!Hq$0#IeG_>?&!JLSc&X
zcptPceBy@l^29wMjE>1R9;bKEDUrdjh>+j2nXuj&B~|d)4sEekYQj$`nmu@eW(}mW
z{uCX+!}ih7tz*#G*sygA)nv!VqRIZ&s4TTBnkzB8EBcy;GoO!a_-sNId-d17QWr^c
zoT9Ir5v>O{Cp+s*KXw)~Zx^_t;mA*hsLVM|RK+Ey%18P%->$Sq`KQ87pKpPkg?cMr
zQ>EYS;zE@~B;Fu}t)4L^{^7f@NZh0Bf&Wb9h*ru%?bW61i2ZK4LRLE>$0Q#Jt-q7v
zPZ0cliud}i6iqkbPmgB}tm;nUX%vm0uke0A!SoV+QSbRvMO;WfD@oyO`-*~u(}(R&
z!<Baas1xd(=k+sfCo2XllVJ{U&|PM*k#WGyIvp$Te0+OqAt|Rz%RVogIYf?TDueUB
zFwVs5eC3dc2GfrC8oO`!Xm!J%0%cMrPLLO}9&CGt^qfMK8zR}GZ<jSEcf)U6Q@b<6
ziI(z1;in7U<!)3B(0Sf9+iL5Fz-FxIPuz6%`%msa2Vz^|hz5vSU`l%^;7aLBd;HVx
z!jikrD!0+E`LxLIu-HsiHg#I>KOb8AvZO-N@aYKylxEt@0PAhJxDMm-y)_ac7Ix%F
z=<fx=s$dSEoAt?Fx!QCMB-|^gCLBgeV=JcFi;Ag7hb7ey!z`lvATN@<By<5>|6=j-
z(>!x;Y0!<~CKm^eh%yB(tk0g%ZH6x1yW(q)3Qg*VXfqc2xCL31{c}<$sAV(vDfvE6
zaw$<U4}keU06Id`bT3eBS2T>2+WffdLglqn54rl9diDF{mBtl_TH&eUO@Sk*yL1D6
zfGLF#8R)(<MdiRXpWRpScH;Svt>OM3CQoC^P(T!Gz(UoQS6~hqB2F#ec?lE=z5TfG
zSUEC5NCJM4xqsnY)o^zDKC1Rc{Q*IkLUz8np7=#;9N!Vn_z3rr=;PMPKc>O=io2C%
zZxkN>nt6O;DRIt24IalYEGx*|5+L@RB#j{#Tz1YQ(c(1Sw2^IHAb3x-`D?SBK2MxJ
z`uc$F%T`If@*6GIyT-?z9aNn4r*R&0CYdMl5c~*r>n8ZJQ6<O7n&s4K<?bQ3<;wHV
zg737v=U1-Zh5K$&W0nNlN@KEh=(Ca926z5)V)V)^fb~zzpC?X$Xl6-iPm1P8K?7pj
zBr%fPkd8;h2?CVsP#)hr+VCLsnkZl_q=mwVjb17_qwpMOEMPKLO#?4@A5XCdHg2yt
zcoOhM$V4Tcj+6R3@vqbqq~I2OnU#>=NPB57DK{bUz>v~|#1okPZ}<C4z!o5+s-+0J
z6fX_l*7&~Gt*@1Jw$mPsJ6r4rzVBbN{|HhA16kwi2=Bk={Xn`1?mz9wrFz8J_?$hN
zp1r#ySj3-G^7SK_Zx9hdchu71;JHk<$RDh`jNEOF_7ljpU1pwlN9+cB)y>vQ#_T_J
z9mma_I|xy5w(~t-Iiyp~CaaQEbU@;&)s!w=qjDmj3DFtc38_f;;u4GUl%e|d)PQAd
zT^F7M_t>5oOjJh}onvjiuF0F3EL^QuHJ_k!-<H_TFt;d+I}-_OX(t*3+Jgsa?~qkl
zpPzJ6GQt1o&^%4&nlY-Kc7;av2Ae;*=H~lDxxKeY8g)BH>U)?Y%V|nwTQsifmBVWF
zag?FA|4CCYCfBV#-Ci2jdq_bohch2q5OdotbWkn9Pi**HLp#auna_XtVom8jXZuez
zIaek2gK9u3cZ)<}{6prej$KNTVI~;v*~2GWz|N>acdWGOa0rvpf)Y}*%k=QBahYI*
zsz86KPXk|M|L=s|S)<Cm-PJ9QB+vbnjJxt4?=szlUA0N=paPbL1LWZEY}L&A<&LnI
zrGdRncTFjGnArciIFI~~7r>Na%=SWuS)HqAR!L>R^M=RMd546_zm=A78JK(k((}(9
zmfywte9ncmvsO~k>Spp|&8*`%AI0MHCUMBle!RphIZJVC<DVk$GF8}p(Rq1#ZB3%3
zsvO|nU2ntUy3=P;rfw~=D-Otd<KdiVcSp-oY6ab`DrT(*z6s(&qbdKO2q2Yc1S(1B
zxe%|_R`t%?(Db*VClBQ_Ozq}rh)&>5SPL5>=A|chX!ap@(((r#pr!&ivZ(k>67O!@
z858OM;p(lUqWa#jZ$i2|q+3a8B!*H-QY9n?1nF)hhDJg<L<vzslm-P989GHuB?MvU
zW*BOKnK{ql`+J_X-u15YC(K&2=bU|?JFe@q>jy@*8Xr0xU=*JHtl4xxc9`XN9OHLr
zpG-wq0{yNb?DXf{Dgw3hs$?C$bPwWHVvie2$!+3gR73h0xJ)$~6Uq-bX{z2q?%niG
z{tOFX-B$kW9h<;T67Rh$$1o;4G|S7Wu08ra6d{&JV%_Rsp@>9{g>+G*FY-hN<3-XB
zHLaKGj-DC2cat6mBFPRt(eQh#&!^~4T3FV_`iKOF&L5phnzJTi$@pnW{D}va@q6!&
zjs`I6ei19Ic=DNis*`D+hOOh9XF|)tFHtT`g-@q|Qr$D<Jssr}(s>PEi7-JglAhwL
zoi|eq`@Xl)Puiq#kjL0?wK?;h-*pn-fO)}t`j7nf2k%q%0zYnz>&IZimMcM{O51b(
z{#$+>H`Y6F^PhfS5mMnksa=^(L*7N4+?eMzx5NK_a$l(zQAz<Y-Oe<w>}?qTqLSWE
z7^kBmEcv}j{m7i6<ZhcfuT_&%6T@j+eIONw2SLcW29~8m+RD4%lsV!V(6}=F8-+;v
z<g~sc+3;$ErlPfP9=81^bH+6(66rlj-sDYnfgfgK2VojYZqH>v7InvlU3_DV$c;m-
zci~Ui(_Bz)TLLCmWjq0!lA3piSeS3Wh3kBTh#7YulP+zi0PaI8Ru2b;m@I56DU|Pq
zaPy@8i-N?%Ho`jh4-pD|d~dv^S{|~EKP;!TSq-3L<fUE31kDtbisk=Od=C0FN)ttK
zeapM)Af35TnlKSt6((kwN%$$nWdtT65Q<8cCw=Pxr%Yc^iZI94i<0|yL(Tp`8qbVt
zaKxp7_WxJamlKH17+z|=33~!KUQ3;>HBJAClMCu_ba~R>oyMtpaX8K<BIUC=^9~LF
z;&V*Z|I`|WxHlMh;5wW<;^%&>>8)c!oHY<~=MvE6AdBa`nyKC?TN@HKDW@-|7p6p$
zzCDUfM_-tFL0lza`{_o>I<K4f%GV<AIXK19>B<D$(OnLA$n=@I)JxuA>qb{ztd?Cd
z)RyZaB3|daghA%l{FI^tsxQ9lS4>T9neM%&TAsE<4v$ElSVQ+_;i5~$<RN1$OG6KR
z`;F0JZ`jX-yL64Z+K77^xH}yo9G$7!uCiWlsbjLBqg7=hqRSbq3kJ9IM2Gimu!MEL
zxg%WO1~k%GU<{YRTI0#sUF$zTP)FhQ9{*I{gsM>TBanj-g+~Y9T1kI4F2ygd1R0Y-
z2!m7VyVG^;0{ahx|1oU#RlrHS-s90GLcZR&yT^h<&omk=-{s1izPw|XnO`@nL%sjr
zNA@|Kgz%Q+7~5&M!-;*-w4HW3r?Nylh1!Svr@li6Y%cPvl<VHb)*hV4OyW21GR&_&
zJbrLPjklN@D2IDmNe>H;MjMpZU$}}Q!uBOqly!qwXGu!-I|4Q(+Bai9O1HrjsxM8f
zejyy)es}N7{)`Pquc>luMtiKe&QL!YdW%~f?E9>xv}bg_etLR-QcCA*z9Qx(^qwTX
zUv`fqEcDW`v*6j-ZSL>Jp^eg!8xd@Z5otXeFI{2y`%xiT7}V-GTrcmn%Ga*naLw&(
zY4=d>TK>^a${^BB$dtiR_yqNA{~MD1Xc<|1ybg{!^yY1>oY(Jr<`EtAI(U!bDR2@)
z3g!p5tR4q<A(hI3oaJh16n@&9vH8H?u}-6}1x2cQN8|P08vh!bfni?p`a_T2p+@Ur
zx)({i#Or+-c7Af_`{Q3G$^ENovj#1|ifCKe4*l=lE#|ZqFXFfhwOfHcg7LiYhe)VW
zNugSeLXLp}>-VL>!fooxZ_P#L?~7!YH*Qg0u6@~*>6-CR)DLmL^!QV*HZrGumNZh`
z|AJ&GkB`9XiMkNjcmEs8&g@0Wj<X>pc=%m5C{03lrSO0T;Te)qT;rOQp;0P^8UkrX
zlND5}5Mkk+BZj(wL0AX}g&91UX^!ZSGNd4sHLMtHttOo$7SM}1$L>jl`Vi#-Vw*Z^
z{EWE~vUJLAtNQp#WhVq-XS+gW1tfMg)9olIf?&20a$z;*@^gU*6m{!%9b43#?Elkq
z|6N1*sISLBT{Z803C=st6t*(!fK1D#a<jP=IpPCf5|Qk|!w&qld|a>e^%9y-wBN8N
zw+=UT6za}=d5I5{0IEPE=SVEKrNTyyKMp(dnPWa`nIHS&Fzr|cX-43WV<}(thSh5E
zz&y<B1+Z=Qcri4&wYOv{)kG~E@u?kxca<!eJ5G&A)dDE$;Yo-3-Tw4E-Y(s+w3+C{
z;2{sYF!H>_GESF&{10igj&-^=OFP83r^@{kBU`?GTX|A)%e<EfqWbzlA-)BMza+x~
zR>~c+7m}2OSNVfNO_jqRdx(VH#+{>$cP_ta-kvfM%H3f^4K9;hLg}YV5lemz?>(+%
zs;*hdL(prfRv^X;#qzxczOu`WSgmjV4YuFFqSftNCG0iM<Fa5Ix>*Ig2e#pQufRQx
zmEQl*5r6tUpL+a)J`FI$&7%JffD)r8fXB7oaB~L0EnXbLcF~fzE7;E#(<74@ML4!x
zdiMxk>31nZh-HlYmWoC+Eie-F=2HS0nVXFsz{gLLA<t8tbyhb#6i3mu_SIC=+azJQ
zIh_B#oP|3|@=uiHcak*J^YoH96^FfL`w)9EO5)?S&j|)h=Fr9KXd|-cQVQe8wmCvi
z<1AHK!sZ2BZ1`W{_m+U^R{c?Kmz>n<v8EsWA5+2;eqkEd*+XzpOv5K&PK^-3j}m6^
z*O7%itTN<`g~I(vtd7}2R8tvaMcob*1vP~Yiv>O4)|*p^n+|_^yvIO`PnUhv1Ai8B
z%8e&9l^g5JE<>5rF07JMAqR}m4%yl6?RPhrx(sx!)=1jYs~liNl#|g*jRxFdSH;gR
zYq)!NmcHE6a(fB5OC`n#C#ucG>DItLk0>^?yL@g|={K+#oZD4K{$O85t@rzUzx%lH
z=J)T!n-Z4#i^jW~eKv#%-4F(xDmL<~XH3cN;^$4C_S4FusjbG>QWBj4zdxBz1WVdh
zf1zZX;2e})%VrTWDsU-zQ{FFX!vmSeZy{38sq7T<fM5K}QxggI+QW&HzZcsbPoN-|
z{J^n$h?w@RKx?aUVhK`tXp%_I&6ev_d@J@Tv#DMO=RW?VOXE@rmlx;m^<&PsrMf0=
z#;zk@gm<Ed{w->ut{nL1`NFw9)m&n58wxe*bfJ9Q!l|G8iPzdMSN$lQd^EmM>lwGo
z1ICV4z9GIsi8i;%n$8+zVkBeUiIOAzC>aa(q08vZQXNHFTwRa{f#f;ktq(fVYquT^
zOeV;Gt8Wns%90ZiQ|T(D*x*`1pKcn3J~y{#Yj<2)Rn#`tc>V_-bWA)|`Ha7x!ZvjJ
z-gm+jZan*|;|D=gKqQShiCwU}dz1=O1h&ia1I?$v+h}q7*(#mr$c0848+WIIPjQG(
zY0$5Zr5FNcCd3rK5)Vla;=KFk-n`uH-eR0NtDi^v30@ts=fQ)dv|`0|L95i@329!r
zUE`4b{uE})VKRv=Qu24FG<^I+ECbIXKVD8dYJY$7j|ujyK;^-JjQy_$HM6=0WOL2o
zrHtK;?72XKy{ko7;$cp=4m2wRkACHzBx-U|L+RM0L?gXHdvgR9uXE`nD&PGsFGJ0a
zlLiRU3O0(wxg`LW(?+Q6opC&I5y}#?3jO5bv%GTpbkp|ZbZY?u9ZFXx@s{P#0-`A&
z<OdTh1ygKNbaJ|nFdUuziMumfepdeT1a*Aao+5K5;|)jyr%AVFLNrUIR%cF^jtAU|
zWUHqA+w4XNOS`CLCgCO3)RCwv%?Y8c)LG@2^(41lZE^{hDpyN%f;@i265#G27i?lI
zwDul%$ug!%Xp0=i45FWJeE+(VaStHuRZBM|9e*tuZ`>R8TGlPFjF3g5FO@NRji4#5
zaBBG1c0DLuZ+nY(bWyK?WuI+aGC#^?K~g*N;*Zw#8>_=42uT2^f0Uo9V85UMeYDPn
zt?$a|j3qc~pwUz;9MI*w4`VUIu>$yn*OOF}DNBIF4o{|Ux5p41tG>Jm3{2i<%|h!`
zZ7Ick<fQPa1e97{;okV-G~AK}o?Zv5Tt>YK;C>~w%@Np;a^9O&xHe|2Nosr2j{(-e
z;pL}L{U-WXDeQdnI$e^It6<Drg#)iK$$eSsF``kft+}rekdIp?ic(T1w@&s94Z<57
zmy&5BViPuT;S{5*`^)UgFWOl)YZTn3Iltj&sE28)4N1@{NR3eD)yy@C#9R3`Vo)}1
zN-j#FI%_P#lm#`uj$<AhqxGX4ZJ`^jQJ@B0atT1((o_S(SX5l`okXO}s!iBoN~vGF
z^>e}C36J0OT`n<g{L{ZDx~Y=tqmNFv%f6RCZ8t;pUcN*j`3+^&49x@g$3;Wx{yzIj
zxf#`Fw|XYESN|Ki(oa6B{cF<D`0c;w!OLSa*S4dAn2Tj{D^>P3N%n$L%cKW|t|rvM
z|9ap4C|*GzdyfvM+LS|@>MwoEdJccJ*LM)H;1J-9>u{>ELe|^zA#S$ivA)II?mMgx
zJmh^NGZxn+jaU;Ro>n~Q|B6yxSP&*IC9Y9Zy?fjIU<hh9{?FNk!2(wMaYKuh3s;C7
z|B!aP(r0ScW*-$6)gyb0oY1;+Aw+lD+|~hIBS4eert|fji_bXF760|HK=IeJf>vfn
z9f{?ohc%=>v$%twU`WJyFH&=V2b<i3e1Ip7zo&BT;-mf>GB8Q3C|qoziCLmKBt9YN
zN=>DTx^hg-hwx&BYhW%dgc&mS%DGd)_SAK#8dz4(#j~AIR=y*YegC|ow|(l@J-g1p
zI%c@joQ`i|tIS?NtMto_gcJ)C%&}s^hT+a|N{0DY&a0vGf8QvE!O6aiwphXjsdSyu
z3!TvNaji+qUp*lU3?4AK*X|Mr1EE#!F!mo-m6@VZ3F94B(dd&IqCsU@?-!Te^OPOG
zl*l@JM|G*d@Lh*FyK)xq+FoY3uZj8gwLfWzV}0+}PjU6-pFu3bN0%(Ud@qJ2?M>;P
zs*<W9{AdxUunw&Nw@XW}xt4X~u(up&u}sKq;Q^)Rri+wH@vh|KeGtjSb;3xl#Lb-J
zZditQU_aC_82i~eCBNp~`eOpV8a$x6GCd!2;Xiu5E3f~1-catRsv<0EWft+IBvUNz
z$2x(qkmDWBGhNB_jGsxsLXSwOqsG9xC|E;9T~N`kY#k18%nYv(H8V!#<QF@jp<1#D
z68EfmVAAErRjK?RRUX~{Uhb;o_vv@T%ZQ8Lt-1`N=bCoL1WU97)ktG@moQW;_bhb>
zhh1X-CwMP$^HZa`AAMF)r%o&A7yIM=GT4(LihSMo$LXu=YPo-q^JN!!T)QhHj25sZ
zAbupJDFJ%POrwU<cso8=9JX|y@c1b&amd8g8BGBUT4zJq8|5BaR9IcY{>n%5GN29(
zcEauk@AZD8u8&7@ucu=rqLWg&2(~T(&r7ItUq?hcLtK3!ZtOA~H|@_CqNxYgdH+w;
zJUBX(vko7I2Ak9go7%Yg^xUi-I0r)SF&gXq0q_{qK~H=+>$vp+cqpJWwimSFK~~m;
z{IYy88r0Gky8_iK1PYPOxJ@u+@~^Tvvsqu0qP%)zKdXSrAvFZ<fCEkFNUY2l@bKwh
zOwKmEoNyY@BkAZ;I*^q07LqK)vADp3kIB^ar2yJ{y-{ZzzWs;70?`I)^nM*WZy%;>
zur3h>_sSFze2n*x`9?F%1hXk}V*LOro@&awln^)2XW2AP3+07-OLW8Qd(x?y)smEX
zo^#T-CN3zLdsR^p1zGnEg_^6<vt`|;rNRr9u7bjdTpm0;ISp(2zBUdMp6Va5fYwhJ
z<2utURy<eq97$Ff?m5*^vdbH(*~SIDWr!Jn(r$@ZH}icyt;gE+)_RA07CfUl@ueA2
zVx&1Y8I#&>E=eNR0@O4iGJ2Q*_9Er6A~(fiS?{*|)z!Sx;S$xWSEMjqj_9>3I@U*_
zLUI}WFDM52S7>Jf@r~o8MJLG;BiXll5zP%xik1t)=+#1AP2ZDVx*NPr!GarQ%PY0r
zU>9W`@MX<)@Llshyc%6W$1S6fZpe2U8OYH`H6*>;mD-4z4^K=l&$rX02Zy}E3>uIh
zwBn@^7t2fd461KBqiWrKn}ICGBoB|NCy13iU++kw?K5o;RY>QLxbw1;Mzh9w$0onk
zaq^{`|6WXFKy2TC%UnhNI8&$R$*lVje#%{@yq-(|h0&C9(V91NW=5AV{If%Krmkg!
zDxA(v(uM3^lhjL#kMkz-7|f{EB-BMr-xXsiK6klEeap0RKo5B+Zcf{xs)>NScz-i0
z$>UHI>~V0mtqj7ivNpycZnKgCtCM!&eh)P0mXkCa_<uJ0OzxS2XoFj0)*-+BmngLM
z1z2-UA8-U5weKZ*oGEtn9Ra2jE|L?Q$qa)`)T<sUYP5PdIkaGuF09G}*f4aEN=gks
zOo7TAUF@WezCIZzqIr2UTCLS9C;J)KBr35t<P@)zH?mMar~&CT&4&2q-<+#qMJ7Xs
z9$U7Gu0x;i_oqjSW%HC6KZbo>DFqp8XO0z*`tPDhm|5ee0S244$%cH-e@%v5BI87|
z)HqdH5iKLB)r?0*d;P777|}%2FZ?<g>P9M@!orrB0bQ_hiTw&Y+k@F9@&4r$=wEW$
zNbGyF`@>0x9UpbV#3FqXTK0dXLLJcQ@8KEhlHt0N9UNqBE(;k?H$#kzG++c=QkFo#
zI=lxda>r{$<~2+Zb)2!hDTUeW;7t;H?sd0wP=7k#cCFXgoaCO8Dpqx}GeOqvk@c#Y
za&UIq8!4?(I}X(Io@3cPinYGY<x<r$+&Cifm3}3$TOPv)?jw-nQR;fNKe^>u;?(t0
zB6j*rnOKdTy2IorgIgmgThIdslr~3!ds}`=Y4Sz|>5+EvCtEVw8`IN<CZal$Rh5uv
z(x)YzxH<`yy9sqi)}pGL{e|bUElKKkBpI_XtsC!K1tPx&N}qpLC|8)zJDm!}$5!ZO
z*>u`r(*+FjZML@U`((B#*zlKnx8WL*ZMdW&=M@#CZcl%d%L?ST93yMCTb-T-tYB&T
zVrltmKpt}woAv1>KtBTUPt4gkC<x4cg$a;`_OtSRWxRGx+^$tT+97-4Q-)KJm_Uz%
z8e(V;oRJ#My|r{(6wQ9a8f<FSZ*vQ0KqOmm{l)%D2V%mLBws*Wg3X0Y1SY%;0fKi8
zhtW%D05%R>>)RfUf=-W%a8MiP^f7R@5oSv*_Bu)T-6L|9;0vqUAii-qVe{&!8D50f
z%Sm^}@qkGA^AbFRm9*r1N>Q&++U&ig%?Xzc`S_nU%$Du!!y9RAlh*!D<LRDHg9^Of
z3|@Wp$2-_>UCTufeoI)+V1wA^cU+YbY*F<_X|SK+1Iswq>Ns1}9h;cwPiCO#!0r7L
zUQYL}iALXk;MqGQSsDf20>_(A8RoeQ)%EG>I@E~{a13FSH#WoUBI|w)5w0CgcZV)p
z^xO+Y9<s-8`~5zrlbnt3vC?@lX{j7nSigR+b1~S^9AEtncp_Xzx{A+zTqo~7twLK%
zO(gXizkofBMHY)jvA)BH^HWXwBDm9GG;pT0n*G1B_ht7;CDJ&%r6dw&;A+9=Q;`bC
z;_<el;fQ>dJ7^nSUm}}cnbMaK>`LZ~SMl6DN~UO+9(cBJQ<;JP*V>H)3y}JuQ*HLX
zdZBRFyf8I^=||GOUcu!>N`C(8pna&;gC%OQfL<Za#);Kbo}^|E7!CC30zX~8tAaxC
zpOu6s5RV=&-lcB&7NE1(WE*1j1+yA@Iv#B0+%9G<ujIS@_V3vE2%e6(L+BwMp^9x#
zz~FHff0F6b3HFJ>&pfB@s~_U(_8HX{XO1z)pCrE7<bOXV=X;SWmc)5w{blsKZ$E^N
zIDD}&<9N4FVewz9=M!T!OHjn(<uH35TBu~_H}}?!B=iejDGxW*giyfAAwtw%TUQq#
z+pV{1Fj8yQo(IY~uhfkAkk(V2YH7Q|%k#x0gqq5!lgoXu#k-FgB|U-I^G5`c2O(?0
z?C8#HmleQyp>e75mM_&INnk(h_2seU%VA%t@zfIbtvOA^jiB8$&MU*^F#F^DTC=7I
zuZVz?O=e=#sIFP^OB=n*j%YN^{%n#1+?5Pud~A*1$<!@=l2>t_bJ9U4y6Pv}^}$70
z1iSwAI2c*@_vK;(+h{V;!{iBA&l$u5_pn#Z=BPQe_U>8cd4A-YZz64e?Hab<_hi&Q
zSKNF@&QrKFGMV23uc+kKfhK_LO)Pa<Yxd<lbfe(D1=O`kzY&8<8y^>|UCFU2o>;xq
z>a5^EfE(+hT&c{x7XY3LSHw!{DNO-{>NQd~T9U)aiq$zEuk*R0$<}OR#;Rq>&V}OB
zfgNh>>CLG8gyYH&yH{}}H2M`gFP%hHR5F3ZJXy@3e>?c=e->!>+fZeBb-{OBfR)~b
zyW&#)rwtW`3ZO9I&pWNZq*j(@fP8D8OrrV+lXuTKk!c+#BfH6epe*z%llM*EDW7Fb
zq|*2feGTIv5&@-Yasfgd3CGcU^UW6jA_1*rYUUfE=uJLY3oV|%JW?_qBZHpbN(7qU
zg0|=vNfbPQ$X*&SE(QZ-6Sy=W+YXEl|2g4zVLxSYjkxpD$^UX9<xvA!5d1V)$qm}V
zzn(c-cL>V^?)$LIBlsi$iNihCA{YkgOrc|2OX#I*!{ZSC%&--Z6cdQX00|SoZxC9r
zH>VVGSl;-N*IOFGxD4@ksz35IxKGr-ue}gJs(dD=;;JHY=h$I3BPC@@jJeYgq&rEZ
z$NEX!_^_*Tp-rJ0J{!07$KzE5&`aFcU$|U*Q-Am>#Xb3z>E?l!lWMTNjBS!URRv?(
z-6-L;;~bY^Gghq6*X`$SGfgozA!CnqlPLU1sJSWPE-jLKX7ojnJkmQ`FWJCE{kg7j
z^#|oMSay<!Y_M#Kzyg`!J#l02J@DZxeNnU2CLX*8tMv=4QvKQHQph6l<hJeet{gnv
zWP)_>ZHLA#+l%9&gYV(%Rz)P^bEAFBE<avL%-%}>+N*ACf$30*NP;-&Za55(E;|w*
z%mTE^XLM`9dy=UnOEYlIx$K?1=xt&eZqTOD9YF9Dm7;Df_DY$}WqwISIT$B+t?fGA
zXpKisKece#COOFZ9)333#8irY*H)v;-_`^6hpr^6KEj>x78XDwPT}c_Wmia05pD|X
zZacLIWIT{4Ei0*h7*OR=gF#Q%n^iyQrH$ayYoOon;u8xENDkb;BZA&QRX^%vMEw;1
z=Ag*_lC$H8wTG8wZbkRT-Yk@ihBSVOu7rV^h(geYagAviLXl2@4rI$vf01|Y@XO~n
zm&E6|OX0zTKMEU0c{hEA>Pl!vR342#=JpfK4O72Qy<3YUp}HwP?K0M@AarA_fzz%~
zOkt_$VemW71M$a?k6^#oyVE11;c!pGP+K&E@>yzEZ;zCmFG~*ro`6MfsDaqBB@R(F
z_0CYC7LpNanVdi_D<T=na55M9_RrYN5`yTY-Gydrn(aW>phl=Ze*bWHT$<zqvOff_
zyZX1Z?$mATey~}EIfK=C@BMzirzg-dPck;8avF`1E{E~qw1O8bB#<y||FFmdfr{~c
z<&fd;G>^IqWO_q9HMcaLS!Qda>-Bo?B3UPF{4CprMlV)x?T#O>SH-ulSoC&!s1fx#
z^0hg_M$JRH)UCrV$KzME%q5^7o`pG1(r;5<K8kLWDH}<S2wOgKtXDZ+SbNw*qjR~9
zT>54mUTr<PKMTKEhhALYfwuUnai~sNG&%ni(ecZVa0}g<z1%EKxycoPs-7~a5sNtH
z40|_-mj_GH<Y{?&K~kZPv)L(Jn`_J&e*=)SfOsgqz<%ye6lSkmg93NAeHOO5&EBCG
zQwE=&TjayHH1O89roX@cRc%F-xWjLT?;ovWj&>HpE|SoYF?4ZzzK-b~AYCUtD!%1-
zpCfD~T_TLo|DDX*XM-)@_n1sb>leb^&27j-XR!{=t1KVpci69i+>HMipQjn%m%on)
zBS!U)!oI-7CCp<*qa+f)@<Yim1G=Xl^PJQVg&9vi%0bCk7I_qNtFD{tN8BmV(bJ#d
zNyb`NImLf@B$y%HVD~&<U;yT*b6Q{~c<@--ZK8#NS;g1k5eJaL{!eG5;QkzbtH$)1
zrS2y47bPyOzUVRbU$yw5wX4fzk(yM!y2(f=v6%an{kCYf&|~-5J~|?9gPUTg<)F?}
zaHdySOb``%6<#F7grka5XPw7OZiOQtTk5$Ak2-Go+{E4l-e9yc2s;&LaO0pKaY<&I
z`wsy6_sMHc;U7axsuZv@FIj7V&p5DzeDR<dA5?7KaR-c8&k7PYAQ*JPqt#9L!tCrN
zXeOV7qneI<o*qLgVTCxR!JDDiC1<_5(`#H_8;&XOHmD_q7O2V-Bwo&1dd~>YAcbj#
z4idf_wRyiglz5u9mu^(CK>RRP$Z;fWww5D-^Qv+79x(9ta8zJ#c5vW+-?D{GjM_tF
zoyycVQA!GY%&L??ZLh@W12*ZApc%XEm6cAWgMRCvojA_f!9a=1=f6=X*J5|{iYn1t
zjBJF!!<>XlM<!C(1k&%TBjgTRf-f`fW59a6oh<v63k$*f5Xn8(cv0LbC{^uM8z%}Z
z_@v8q@MG|&i+O$2YVdWV>h_eSj3cU9laQ%7!f!xSI_T1-O)Ne0>hPQO^X{&Ej<8y-
zPEctYWJQdWaTx*G5oWHeR4|_(FuL(Z_aVEq;*}fs`6rBuatz%zk4lM%+Zl%+igY}X
z+JhhM$S#YSU-p`GoD|d8v_}^dgZ3+~Hss5?(gMk1$!*`g?kq>0XKOMH>&535*T&om
z{+}#x8s)BAhR%+{8xINZmpp>ez@!&4Swx=~tkheVc7qy!AAUA{V%E(#n7EKP+f-Eo
zJ}m1`%=$J`+s7*HE*&nF;lAD^U-Zj*A8|V&P|u?!g{1F-`HeK2-Pl*}Ff5eUsr*?a
zI-Db%Lx0YkXJ`C$#=VKL$$OEw+U#3$eyLQLpl6c8rr~2WVPbmBF7Pacr7bnOF|u`K
z;o(5b@Hi;oz@tGzOO9Xvc>XNLCd$fORsOBbcD7jJk8rQ7lRX((ZO~i$mUG!05;-5}
z>k_41GT`kvL%lsgJ?1MP>QDg`Y)E8A5$co$HtwVVae@Iy9K3=ck4rRdK&3fSC3x>}
z@f$SbHV^Kv!=SRNOau~f+pV$=ZKa&G?Hgp*M!UtZ4eh&_edy8|d+)}ugOoVAB-Osg
zr(yda|9J8|j*5c%%+8RX15XbBmdbMB1UUe*zi<xboHX`7I&Q0P4*xh59NuhVR*ogJ
zpWg6t&kYh}H0=;0vYWuEFfY69@xV5*8M$0{=_JdI)k|ta*{X*vo2I)nL`8N2*>RH4
z%JMXh`I~b(Lo-WJk^y#BFIFKYMotZ6%7=>*E>9&j4?4jB=rAkHn+x(|K%h|-AOZT{
z%t=oFvbU|wXx_%SG3XeS5rn;}9eKe5dfC=|y`mt@3X=v}O>4uSIX|LAXmk5*HxmIa
z+j%|g*WV{Y$wtLj`Y6U>fvcdI;r-S{0Z?dZ!;+Qx#W~LTii)rJ=;giCyzN;H=!=MW
z=?6sLO)3RRUM|oODsKyh`42S*Aw6UJ*%4?63r_SA5BIX_>RZBp9u!OYZZf*Nv!>8P
zx@wdOoA}_sOUSU+?`1u~w-AY`!iyDGaak7AAFzExE8LO$Tw`QaeltUdg;Q+N+T-uR
zG8f*9G$NmRw*%MzMxY4_2`nFe=FA?B%$)H|V*IdsZW(VzgjsIXyeu_Rf=*PtPb<9}
zkiOD*V?DxRh{X$1{=SIj^-HA3<4*$E=K+IJ@e5h!Q75ijLnir0j)~Dr?G1*$&REMr
z0u^CFAnPaluTQ*-+w9!qVdRqx#FYEVC$MvevI%sf;*%Q{X=<$E{Eehu`!h?9M|R}Z
z(5kPw;z8V<_lA7l$ggf?5og*CwxoChpX$GAdUxRNdc7H88Xf9IXV|+@tzr<pNrD^N
zX*CxZ1Er`~T?ctI)qHHdit{tP^bp?fbZVfIBbLkhy$NkPWh5|Y+40I+5i6JrscE)*
z5YCRHc}kQ?Ymv&LpEmw~n|CDJl%}*2Y!7hJl02>7aa!zt(lg11=bqOzrnBGpUIJSH
zXLlP;rTUcnJ;c82gnJrz0LWeEs6ld@lfVZDh=o=1zg8{zY6p<5@!ub@5Vt+<N<gz@
z9&>Ypt;dB8>3LlG%Btal1p+Y6H;(K18s9GJ7FzUuRz|a~(CH=+xttol7&O$rGNX6X
zkY4oId5Q_th_1d9#pylVbd6$sU<CW+Ji)=`Gjn6JqSt<SNaG&@X>89|x+w?yMy>oj
zE;aFh>^+J8>tE5eRP0hJ(n~GRQf<OdAOEC|27|)Oyx*VPTxVV#Ehh;vysFoy{6i*q
zbV?&7N1upAfzX7g)r_x>&{RYrSysR_6U0{WJ?8XHOV01vXVnIjna192^(Dmb19oJq
z>82g>5~f|&U>x47)?dQuH?``gPB7U*UhY=MM|`Z<J1afPkcN|P?rt7kt#ZxZiA_hF
zP$b#5SyleHnpHWmU?m?%u}z<X7s%~Mu&6<a1b+brET2EFwJ{<-+mCIbP9LyP|8dJ4
z7jK&OZTY+#`_0bbv`W;e2UyAJ7g1(;{^CK{(KEKh=KQegt6MkRi*36Xn)!)e2HeGX
z+$~=|#i#7BShflK0}risZ;Bk0XmJCj3rDY7x?vl=wqvV)-e1N`kOAvosrIGJ{_=7F
z)S;de)Qju<taxN8ti}{Hc%_l3{FSvw=n%wgtxZMQb8?;tMnhCr?YS(g;KM5Y<UOMS
z$hdI5c~!gTzqG}P4uZ>1XTD)<=tmafgmEVt2637QpQ|%YGdeFLg{vP0ZI(tBm{5tB
z<IVPOmv$v{AWPC!^lOF-HtbjI*A;;Dy5|h_OF=HQdk?;Qk>!is5AGv~@8Narfg~Px
zS$~F^nbS%lEco^_p1Sk>S(=9A2>iiqH@;Y_C6e(I&@k__*9@V<jUF@Wm*V@njT8TZ
zTUHZvQ0~ky8E*P+Z!fLFZf@mxH2_^v{XpUJ)n#}a7tnVL$bE=knrg=^`HFYWH&7Ef
zoX4D3BvY`?QE@UD7{UUQcaM5M->ne+leMJaP^BmVg*_K>#jx5O_0HOmr%Ls#8+%U(
zvs9HoQx=J+oc`6;@2=e9xn!$`VfBxl30sD{%$!LLnN!7aa|7|?&5I<|Z2Tne-yg9L
zaYt9Eg!`?C<b8jUDB0$rVOy3_swgBrA6$^3A?c}R2hKMWem4MO{-nzcxt&LqneCPL
zxjd2`jm+CuDI%-}(%E?`^#7&0rfs?o{Ej2?=bc6rI`J@XZS~(>mOL+BvlbTaIXc|A
z<%ha_|5&4QhzTW3Gu4Rgz)XKk8isPwOp*IX5v@mLX759r?=KwjeRbqctwUNhIge7Z
zpr?POcF~EUs-Ju+#GsGs>uNfZcGj0g7n|5jT_f)D19U7IJJgq7emp=iOHgSkk9UOV
zo}C=pIX?UGAtq%!9_)1*$AvflSzLQ>Y|$S#-tTd`%&D20s0>pDC-cqFIrQ{+3J{MR
z&FwV4Pji?QSZ4zVI`y{J1(>N0pBycKbyTyizJiF2Cb|<x4&^6q73hL@3(FB%biopV
zzKiiK$ux6aY0w}FMB}3pxM8lFD1}Q%4%|WI8A`zv+j|My(T>6GU%6j{q$~l7&IZt9
zu%w9Pmlg!kX2FSAafn!|0)P+@IhbF+J8}oi2{TLz+^?k^@<4gyZSRkM9~=6bugPnF
zF&384u*4$^r;(G{MzDs&k+bo!=KdJV+0rJHdFeMm@Px|M*I6gt<D8cjSzU{yS!#Q|
z_G~Zz0mZ6p@5c8;+x%v`-)*l&z3=Fba#a7*wzt^nW#Z0sr^(Ap^QEer%c-S1{ClXd
zlD26D8hos28Qk!a1dMv|s2n)0AwqLa&XXNs5*Gt6;X~7ol|yZ&#tyCF{s~JYF1V;8
zrjS{8c=y8_E8W5z;*|VvO}L^&XdSTOLHX>zZx2}vRsDHii%hO?;j{_!ZoefQ{LA=v
z-|rpyg2PVh@r7s#r*ycrPrIHiElU^mf$pyY1g7Qe&Ed1PExm&WUP7eHReHr{=Jl2W
zS*BUku`3ESxHQ%^+q1H-s9m2oa$fALSr$Elk@{S5%Tg7{$S}6#;Wp70jx>I_gN|P)
zmOEnE&TZyn<3hyrX<4AkX5_H4=<+*Q+TPsv@%7hlah+Hl>I1=bUuKl)9>#N`<$c5{
z6_PsiiK2K`$qKUd=<sj+J_KKR5^VI}xIaB+Mm+Gaf+U{hRuPoyT>J4GYSmK}?+h3X
z*pBhnrztv$n6Ygaq*r!LX4&}8yv`vv@HsB2U$(l@<f)uZfX;n_(s^fmED>6m3Hh$|
zMN?kPI216sJV&(tBM-Hm*N@ucsSLprC!q}CuC?LsE#VRd86AS);8h$^AQ47Gd1Sa&
zS)|bRqdP2VlKQaYn<jC05c=Tz6=`1Wt-{7*bZ-chi2I(dA4g6D!)E0)!@z@35p=*`
z>h}7;poG62ezuDsaco%HZKi@o!|i#`x6?m2E5bLwnBi@=8QAQm)I*<I9LS6tW*S={
z#DaPV{Z)Z5G#Bt=;uvzgkw*&%B>3XKsa*w4RYwLaRvV3zVt)SJYp?I-#}9E|)pYJO
z<Px*8nQwKE=U4F7mL1}6;SOPwB#NYFKPuXr`z*|b8@~a)C{T}#>9tQFpvzzV>al)A
zJytG-E*SLKQkdu+ot^v_!lQB{a|;<_VaLIAXJ2XYvCX?Z{wA+M>e`I)PeG}PQ`D)(
z@?9_V9Gx}Mt+8sQHzJvDL{3>Ji9QjVcPLhoagMFgR2Cq@DVIr%Eh}|RL;k+;o`vB~
zLn?+V4x{i2HdV&|J^sDA)CwPImZ(K!5u9kMO~u|Hn*Y4C?S1fA(Xj-aLIbwA)pRUd
zPNOdYdjH~=$qC)MAh&M~TDuT-u^w`2)98O%ph4R}_*(tp)?=Dfmb=jzQ<a9PAxVY;
zaih3JR8QYFYO09Hd$ZLz8v5t-i#0)1*PUCpmdDgdmUYpm^Fh+|`wjk7%e)XT$i~eU
zzzbBKFLoU!WTxBEl4dE4T!13Bktz`vMXXF@1$o7@*|!JokH#&^Yx>^etx21I*ozZf
zo1=?l#C@V**30<UizHey;)MYc!0+-_yb~`QMU%IdL}FasM&ZufT`osQ?;M7Cp?ANy
z-In`kp823qnzv{@aORQ<@;)+gR3VcEfp)oq{Htr1^?JlYXIuONmUvun`XWX}?3k9h
z`^KQ4Ks<MXnlJjT9daPsnEC)xPI2d-t<k&+8vtv?kzI_>$TeQd{FsKBA(oa2Kc$Ot
z@DjB+qiM82`av2_m#xc?e)w9G0lH21l8VuvapT)}uj3)ZQ}SJymLtJ6X-W#a`|Hx>
z(MVvnszsPmgng2yd9T`vSuQcB7&k*YU<i<w=}hMOVz}#aUV(^0N7Uvo)ZhkOozvkM
zPPSQUh<gGYL$^S}grL;kH*bE{^&AQ$D>=o#IPPNWRqtWdNz?Q~B=13lUHLO@yVu3W
z>vmcrX+Kf?M)s`3DaGh*gjz}Cm*pBHh+6ula%4M-Us+-ALNea2y77E{eNMpO&kw1O
z-q~7{Noc0Bwx9T&ENKsRcWZ<05=FGOOVbKHh`TJJjvAocUSkhsczeh3_)qPuZQA0Y
zn2QNOK~?I?8*G#SP8nUM0yd>y2EUQ_nY3+8MgZlPy}`wT2F^;v7C)}eh?K8@`&Z#;
z7IL5yx9!*0C8xL(^G&VYF$%!NrM#jbD&3C)g?8I@9wq0ToRPC~+60%zq!9kJMYrj4
zP33Zv^L^RN1aJ<Gh7e*eE=xaRWhzM`-xcYX`m(@*uI_0R)U3z&Wxts0FYbQ7n}g}a
zisHbt0jn(=#azl%TKV@y!X~`$P!BL6m6yVOkT4})psHu3(8+Q(kaAt+IVCDtT=N+p
z8RD2U&7;0k^JT{y!~qOK`I_rzf+x^i4f^g-bfaMeFBY5JK5;09;>{{HV^pniqNFot
zGD0AwQ{~eiPrjvkfR5`n&!K~5Whz!x(Y<GN{SkUIwg9XwZ2bTEsv_Cm6R(X~<9<1k
zwoDrF!=_gw&OPciluhg&8gZzEnqvy^!IfKRbmINn5dZrtHQq5a1i}PhZ82b#(>V8&
zSdHb!`X&6YfasdaGfV~qh)tjm&&kEbIL*|xh2vI_<UDVGDLVut?_+znLFmYSZXZgr
z@$5Xp8|?z!Jb}K4yoZdlRP6vFGmAXEr=uM}&K37HvNH#K%`1Vkwf{hEWjeChtJn;P
zYH_g<@IoKdix;m8zD~pjjeZEt((v<JbH8M{<8WEEy#)GjSYzVkQxXk+;2e)7W9*3B
z);GDw@8bZ;J({Xr7-i?vq{XyVQ5=rsY6(=F%>2FU^dW8X-wZ;?h?6(Fh{wOQxT$HE
zmeTgY4qu`$d5K$o_fHjV;Q(Lt0b26&&}|XJOg)~}7Ac7ekDHnSx8w->9Ci6F+U#GB
ziCH;=9QOZ_Y>&sY;R&v@rKICjTe2S~8o+*e-g@09sS6))L4feKX(f;;{s7=7egF`O
zzry*fa^D1I(K??6-@w2cDKIs8>!r7e!?E#Onkuz+Ju|gq$YZiMuz;`e{7g4tAGL|t
zSH@QFwupQdnZ$tSPaA#MjCKH!G5bwq%4dMbDUEhK3y(Q$o#-0y+k1`6oA@_1z-=OA
z2y`~AW_<Wn#(5<hMx_4<_f>7q!==$=k>@q-3-dB&7DCfnDn|Zr>Z<rGJE(g5-mr}g
zv0KC%%gprZooKDlGG8^+Q}(DqWs9<}qXiELZ8=nKNBnR<{{Io^O>;lc_QVwk=872o
zEX45E-v~v3{Q2*JYd#2quxInv0H5^79&-7IGuW*WSJcuaWWv4Xe;!VkOUbLS{hy)N
z7Iw%q%n(Qtk;0bhB2!eO!sgIPiNrU7gh?XqFx#iA5DSqvz%j=sRGL@(S<{8_TLk@0
zz)!PS`3y`h9bmmzBK8xOQ6=}t=36U|pgg|0B}{Tcu-x`BoW>v1rzR1h>31$jif-`r
zuK^Xpz!+{=Z49L4o?#6BA1wV5!)NGkuKW>FsO=$r{2(^In*XlT0z<KMt~uQ8xynVv
zE2bpVZsm|yO0E&hIT@)?yR<<A7I4~L8Pbl73*V?`KvS+VQU0dv>@7x=3cN3vEIle6
z=9VJF;q*}F>3_YmScKEe=Iq{kQ(Ww4j9u=r{#}Eg!iwIV7Mubf*$S_LoHL7tfGNWM
zvh>=?k3BwtK%$$knXj45FNod%jTe$P0n^6jqr(b$T#)jaD0n79@Mg-=iBI0_^=T7c
zm#y1NK+A>8O;{WCj{zu917@@!WE+W}bJia-|Kaa(&?)2i=V^_{$X?4L$O72uyu0G>
zFDi@n|MZU2!@eH!$FJ`xw_iMt-tZ_-dSin`EMnv4(;GRzKrI~G;3PZr<eMaO?`q11
z|G5%-1W4QdZ-qJVT*5t;8h}h8rCH(hyI^T8AO|MfAlI?_k*M&8I-hICp(kejQs>_-
zZcj}0NGx@y7iPaj<ewL=*O;WIn_stY0Nl!7j#^*Bfw9#?k+zlbC>JFVdq2e7wsOwz
zejOdIS)SvUkX-;bhAn*wNW46Pf&=x1#?oT0mknVhgm+T7Fj^G-D<+gI8$xFs8pLsO
zKb-}%_^#2_{+}n!`(MJJo7R%O!A!Vl|31Vdl3+D(qyl1`1UoWnlVjQW!~Ktk(1{Q6
z76kZbI7CPnY#1>p{+`pR48I&n(&L+jnq;!Y-3p+7fDQBj-nmHSZ99e3fh33j7~^lB
z++CkKF<$Pz2Hnqs7}iq8WO-chH0d6<4NDnna)Wze&mfxP4NRkS*zJ~`Jg{ad&?hyb
zAP+bn`vB<|t$@qnUAz{NI^bKJ=%bsl?-pXd<H`RLAU7{3|MTIFJFfBVY`Co1o@p*?
z_)B&JK4!5GFJj^ZnA61BD`uG{CenpMTD}2?=guzhL!^4{x7GM1|GidaWf`B1u{RbW
z&d21ht^G)d&s^qzCBM&6s=tuLZI<)kj2{m_b9g6}416==!NG%(FyRC3nH=2cupufR
z^U33)z+zVA##t|^K%!1ZwRUD4cZ0F*n?S#(1eeFYW3#xud&4P_#yWIsAJvWhv$7;9
zLt~H|>O(OtMNUj60yrsNlWz?86bNOi=+cXy<f#KA(lg#771YF)6rD)P%V`V)KnLVu
zvM@mjJhZWJ#TVh*+*9y!*jEYeK=+?yBD-D5CqC?DO%Ny8FfJD>4#Z(3s|(~s(v#0c
zhYZm@JhyMJ!}NcX^623p7myh%z{lI0&|{$^Pu#X?h&fW(0C%|6Q~;D}&@}06=B2>m
z(WbW*onRxld_V)o(hu|K1Duqo*k&aw!{{0PiBY`qi{=jYT>c^jLuWjYV%SeuX1Xx#
zBUw*pNp1Vm9D1N(2(osR{UBMA&{q;q?P-b&S>D4xjkhrk=@aBV+R~!u^r5f2GM?p#
z6L;8<+L8WmkpcNx{%l9wM@u|x0x$tsoIG97i$`=Cu_rX!&?!g-Y!pX&R=6iQSK0($
zhh+i@c1#zgYp_+ms<cBhoDRF8noRccXH0$H{aymk{-wsGyz$Z)rYk|+EZ`oF#ViqH
zjDiq(>Enb~@O89r+#@?=0toe;U^!xIFiTZH3%_+mQbJ;-?uzFYyOdwPUnK$=UK+fu
z^1~)xtm0WA(^Y3sR0LTxKVwQ09|jQ=Q`Gej`wziO_I`+IpyacD;rep3+mE%d?6k(n
zj(%RWJ!KD!CpTW3;Mwy16Os;B96lLO@({#V7{`wjz2Ltv&@jE{jN~G#3v{x5UNQv9
z-UL5|)w)bNsb9WPf44wNqZ}5ap$ibucirL#`if5^!5;y<<)$(EvjmdZOx(SSrrWnU
zbh2P81><3<T9;KP#@nSHM!*lBUkfSoAvD%U#;kE<Y#SBECfo3?q?09e#w^&X(PjM!
zbQ?YeyLFrX3vERrCL=k@;8&l)plR%fS3}kuQ?NLkf$9y>vs8j7^aA%<4Pw8ld$e$V
zkh~+GK@!m{P!!-9Y^8RfmEu?+EPWeBIM__LiXhk)+X<nL&U+?^l-5Jpl#txB;+Z6q
z9?yB+;oL2pGNpxP!Mfp;4pBL18cVIjnQV*9#i}3jLdy!hP(Oa$&3MWq{)^SNp$Q#z
zDm`r!^pd1X_qi^RiQ~og_Pb=36>(<6C;tR^>H<R|)^xn+u_22EU4UGl_=q1n>X%iP
z5zYR;C&T~{N_{}Hz2u<{{1o+c?&o~|WUix7-fPNr8z!JT<DgsIrW=8c+T1Q|p>5B?
z<zyXpffTV1{5|D>E`ZPJw8fuEbo~WTrDA-l0>I1*OuZy}Ty%(fFGqSvP~;x#=@Ay4
zQ@Qd7O6gpp-F4%OnM1|1grA-^=)S?4Bn}awN_uj=4q}AgC%6s9U`fglAwz*e>%1%E
zCh`8%W4x0t$uH3QV`uF6sz$q;#QB9iS6Ax)XMZOvcj)52x>EAdOPgKlFsqfr^nk$6
zcdWbb6Ks&t=G5*O0L1zWC&--U9I32w7>N^}<n@*x!ewH4ue8pR_A=hujN-`M>GR@C
zKL7<WSo!_%Sw7Ex$g?TdKmmiz(awAvKUU{5<Ai$~G6lO{bXh<n@hO~Oi`TMoDUnO$
z*C>zjKdhd8=<6jH9W;Y2kzfZWT3j4_n8KCT&i84b@~^7$PW(+c(RZRuuYWtp+h=SN
z+UIp6^NbT+L#Z>wymPcrL$OUJ1`@5~VUyg@*LoWU<s_xTioCYR#uy!p!q7_|wa|@U
znP4!>1MjcshuohGQoOgT1CL2PWA&N6hs4Wa+0Yx>0>?r-H>V&3-?bwYOMJ6&f>;Jh
z^Gl26n=z3{4#nFS$!o^;)#(g8+9(~=jIi!2A)a(8k8+qUzz5I85pig@)1B7JmBThz
zWIuo5d_LDhH0`z1M=w0lpei*;_A(bIj5WT5GCFvhiQ=?`jQ;Qd?@wTJkR~8je^Uja
zGY_M>8D`IIeZ=qv{l{RZL%Y^V;a5heZ%`yPN^xp61*;u)TU^T?GF&VWRv2o#J|jvc
zms3X4&!{vNNW#p>W7AZ_{V0XBh~yZh%Z(EHV|D7M`_lMmm+VgcG6hi1KUuoLy&WBa
zpCr>xIgXS)Dvf3t%y87kSfGS?<8>MJ8e~#c1Yo_gdPmDF2qW-@fxF+Hc?wSdEDrq8
z360C^ESI}R*Uv{b_VA$wE+d-w0!FWbHvV-hPQ-zJEN4h-8VY|A2A)U<@Rbb#k00Xd
zBWiL*ds49eHM6C6tF@1P!qfzCaTh{3gKYsIX|4YHI>~rF1OJd@-yfAVUf(7GVZDKI
zCbII`AnnXU%5Lz+N!VIOH{$2?eCDp98hIykAn;NdAN?kED07V*C+d9f32ji!WJ1Jf
z@1QE>mFr)Z<z^{+vQ8xTErXM)3t?Q`Tqa_81)dGbhHI2&;Sf(=pGeXY1U=a<oq|7u
z`Em{6$Sbve6~%VwwpHvI&n=-K0wWJI3)fyNuEDYZJrMG^v<7Qtot3nfnyxhDD4vSP
zNTT3F03Tq`AoK9E9**P!x(0hk76YIlzls3Cdeh?uCP?dMdTH+ZAD@M(Vx5Ln|DKTD
z>JDLstnnWES7T>gQNjAC8-)S>ZQmjJ=;PW6?XjcUF2B)+hdZ{;--miHMJF>E)jstg
z-rQ(A>XL7i(ho=el+-$POSKePql-X5|63S8jzSNCdVorj?4i5K_@&K0kO7trpMsRb
z9B%6Zxwx@pbx}Ud5RON}31<3W1bjnN@$z23qYsk(OY^?9(jP33v|x<Ybk;x?yO%8r
zzRn_l&UE#RqTwm5hjr@#I}qfCspd=pNW=?cO;74Czza>m8gqOPa+TV(mc7h?f{+L^
zn3(3^&Q-Q}mHPV^QXm>FHw8}Y1b!6qXR(SYy&Xq>ZzW&rA;e4qkH1PS4Zg%@s66Vk
zz_-*IVvNdm#|(y$@I2@mrZOci505R-S9P~@Fk{%Eu|VuYzKkCFp>E%Rf>Hd!={gtD
zYZIDtTBaD5g!RGV_Ok!m${P11CM!Q^9lfA4+=i+XD+!q*UXS$rKNbKVR>ofQQsHHT
z(|}^w5Dt(1I#J2S-qYg+k}wcc57HeiT9%*O|4UyCBk_S5X~2i8)606Hvno&WmG?uT
zbU!N|z(8HAFAiM_UQ6@Cz=Ev+*5VR=0?2&?Hd*8mDcGkUEi*e2q;-q5?36Qlcbgvh
z$}t?HXwo_ARz$=>r^15Gjd@X%SR=&NT6cv@u#V-2!SSISzg*{vRq37@b*rU&(Lte~
z^UPzO_XKo({6XcVVe6R+ZrFE_F$kELK!>?e_(O)nOVKyBxx2Lf@L~-vg#(>kXsn#N
zN8duVW(Kvkms$b{%-T|4?a|CZ9ioQ*myH?FUO$=Hp!-qh0w!MnR*B$B)e{i`?!-rY
zSAVG}i=1E<pPQV(3@0B<-n1UqEr+1sH_C^AlU1zGFD=^H!IVf2-^X3m1({5+Xsacz
z=$VqZc4?C1fX~*qzN~C2#D63|G_eT&I+GT$u#+2ZZT6>`Iz;e!*q?o{;0oM8eBY!n
z*2HB>_P8+3`J!{>nmxh)6+`#Hw~YS_%QNdKYsRz<U2zn;5X2Ld#U%-NF6Z*GKqgp3
zqbRs2-JJG=d9f@adZ9_HI+v~2i)(^ZTiobec9~mh0(b9!-~8(DKKagc$J-*(=bt}i
zKuoV>;0=XLL0b;bjw}DR=sB*#em12F02*`ud-r7h_cAgT-+_cB7}Cx9#C54fxACW#
z`iEG3HBi{HAw|kWXRxI46lhA2yIBnT-nsf4n@Qv5m&yd^IpT|HDkkA96Wc7*+V(w5
z$$kXCZ`4Cp=tqSXVOs`|T>MKlURXu%Yk4P?JSx_QPxHSNBpG-C#Iot*baDCs>20QQ
zjcxs3;xnZxa(bEI3+CZvYbw<ocN6@7nQx35^A-tsR%b@MObSlqqEwv$1s?`<|KSC>
z*`C9hr5ZA7(W4Daz%MdE6l4St0r=SnsjoBAcNxP86&U06q`t)s5ngW<^AvO?#s>wj
zO$Ws5{bWXO4WvYFerFqrWuxis7cR}QlV<6aD<zWOhs>rxZk!dWM$%jNYtu~WeEB(r
z#(lQvUl3y`J(7q)Br??Zs+RWcnxuq;-rr5p!4pHPC#>E>hcx-Vro*<&2z_9B4O@X+
zhuGZ0Y&awRbqKnb^Y`@saP{WlQ2qb=xScEwNs?u<B?(3LWs(X>T1m=SlPsfTUydbY
zFOp;#k~aHJVaC2wlAW<H*~T`8nK|co^m@JCpX>L%p8vS6RM*UTp6BDf@5g;Vp3K)T
zx{ew`(PXyv+drDJ0X?UE%pghmWgoJPu}`Gun&2qLF(zE~JLe~Go+R}}msGKg86r65
z(9+O@LNcW9qJ^lAkJp4kc150DTt}?~Z76sF|A2_Taxj7L!hD@yybx(R>-#9xu*M;2
zvN7Z2y&Dm0Qj>>+oBitNBhZek^?nu#e2^C(nth_izC+u4@~Zj<FK2+CDV<3|-w}43
zJncz0$B##s?Nh3?awQpKOoQdA_9riFB_-RZN`K%IdRv|R?1KXs0R?ix=gwAZCvPWT
zt7aRr4ZVo8<nG1Y)VjTApTTM>m0>z@FnkL$g#5rX1Xx|RT^dS7TD{SSx|=y%#bBVs
z+IoH;Ea64Pu@W7x;qPJdlMOIu!!c@&E<!bYym~tG5ywq}fqHM*44OqAA2EZQLA9QT
zVIj)3wH224vSHvvIlG4z@i^Ened<)$+{Nxl=-K#%-eLvR$sq5E0n@YDa+=@d3VRMR
ztY&j?+znnLCgkRZrzlJ^(-TspO{U^#GivnWXErYuf2yNAp2)hL8~W0_Yvq)63iJLk
z>j1v0s`QZn8Lz&8u7KCCUv6s~;yKucp3s5$fqeDM+_1#<gGFq&%&FZe!p0uzqv4F$
zehqDf&s6x5_WeSbp>iJg1}>UX`#Z8dT(_oD7a^0P!Yf14>wsh-Tt|50N<6q<Jfo<_
zk&rYf4VgQWk(=!OC8^4Tk%Tml`(fDGiAJMSFGllP%pdC1-k*swwzp~0j(WK9Jo@T}
zrt11PhS*!xz~u4Kh<B>oGLMd)Wi(#B&N-Wd--#rqn!WtJ9V%fi+0Lf@^3W??R;B!i
zn|gxRs*iw|fc;(CZQUl`2xtXL!emH>7IKO)QRXox75f-b*<2^_@hnIF2SD=k)7J)Y
z{Y>jbVAZX_4~lFR)o(yqn)zPE7G{xfTe9_VrYD0yFD@G}gyvFR?GEwl0Q#?8Mx_jT
zaSvXJdHl(ty+Z%!j8qpZL;+z&4UzukiBgL|FOUrxLP?-J4ZVl5eZK_^>^$xO+Zv>T
z3axQ5IU=_&9P(ogW%|SRF_U#eKy&^w^|p4}nJ<MBdJbmv`Q&k({tvS`41Et>iQ(=o
zA!n%R{EN53naFjm5xX_H4Oih9UT&)uODnv6qrh{}%}nXPoNqe*CVa5!UAAX1$Hx#1
zp?FZ5CU_1%bez)QY5kJMHzgyd#=CTzB;^z^L|BFIsn!9Lo~tlnZ;{OQU&pV9ZWmg)
zw}D&9#d1SfZv#u5pGf%>_I7diHhL3YRAVZ7!x$z{aZ!LCqt?~+&m53rKoBdbA(D3d
zHGS<VG&|R{E|7K3+@9-{V8xWNIaWQ&My0+TO#M^d99v^FN0-LRb6FzNQu(LlJy3vy
zS3A~g5x0IqbE@HGr>ADp$h&t4FSdZAwQCb^TO;H->CD>5tflsoY8HE#YAZ95df<H2
z-*O^V{TSO+(I(aiGy&4m62O~;qEw-H++?Vh{*6VX1nYc~8Gmv|#-m0~2@#=vP8(!v
z3s}kN!{5lIHz#Qc@pX0wfc-~$LQNmCxYjZ=^AdjOzQ1Wb-ZAlc<RWX}l*w{Jzz5(8
zyf<W_f2tAg<RLrYMoF#_MFxRox>7y`XCH!Xq009?N1g}ii=3^yb;gM1dC+8;b({IX
zlOJyngeP4rM15}Yy2`D8wNKcXi1G1pF%7zYg8D6!$5AJl4mBs5!fF2fOw<Ig{Ke-s
zn)j!dJ?l{mA#)K4DGP`fKd2mj&p8dKQk`5knbpF`7<|Z#vDmFvwFY#%N~@tH`~h4Y
z)kJ!6@l|59jz!V*RP_&lb$~u3A=?UuoMaY*`J1rezoiuS{)jZ?7HP+L2*M{my(H{&
z7e)xTxCfI!j%;HX;lRwKo5L1r1z*vmC>7-^kRJ;vDzb<Vc&1-JK4*8mG}HFNNz>yo
zJ9URYMX{&!s)e&hWY5ANPy?|x`0VwCTA}L-A#|Tlb^al$Rz1v@z`W~@awSU~KaHXP
z^%f~<9bX|{u3Ub0#^zcb>k*i@Vdt>qIC8-Zg84CbTs$t8<6pTcKXoG%FXr_IG~yLI
zCP=Td&pxvyL@A2DzkD{ceHgh6>>~fc>QcLeeql)7w4JYF&B~7Bqj(|81hik!dk?vX
zgV~Ud@W<q%Huv5GT|g7zFpx7%Hn*_4l{<*J6`l04F1{@>LHJgx#$<YI4f`mO^3+cV
zVew0}lhdtMwy}fm2~At%_z+ejoI_3PP)|Eif)#V{cGyWA!E{PnlYKk1K2xMTiltaZ
z-nH|3m_z4_U^Tv6W1^Z^0G({C`y`5+XFXnh;^N;!XbRUY8glv-j9{~KqZPz-kKv>K
zQ=3AxB>pIsIbwPLf2!IBN+;+V(+5~f!o50{Ds;%^)UZikYQOd0k6O0oU^f~G^d8-j
zCs*HvdG^6uT1RM%TuWj!N9rZ$9W({VZ4c<|qS0h5rU`xf_C?g4jLXzBmKKtt+8^vY
zHYZ;jGI!yQS-TyvZmRtx9@HCsh4WCc9PgDK7vGi9dL>&9?`dA2p7)Ac&euN+RV1s2
z{NNm+zjfoVpXHfTasQ$@sfNfVprnyAJ7p#grgVtNw%mvy?|rQLX={yd1oiXdD;m$~
z@<QH}zgil~4$uW&aNZ=@E1$9j?7k%L<DdLIlBY%194rb5o3Hm=w8Tk#t5<@QAl>NT
z$MO3gUI!Kbx400BnL?;>N^?M$yi;r*dF1e&x#QQ-W^J>3=eo($Qr*=r-=umcsd<_1
z3ni^Rru6vSmxni9TPtHEE2i4&<Sm?bG%ae|y~Ggb-DYc%cam5`&!y_VB3_`!bsUNP
zAXdl!w_J4FD5UDZ@_{ML_D%O|;67(`$RdkU#5=Ahz!m%!se+2wz*RcEgbs8b-x~<7
zoG}AcBCqZu8@66-i9$ItHzS}SMvCw^^Py@1<t9eTKg==eKMD!|;64ppF<rK&RB4tY
z$bKcKeSkrs@hWsDZ0L8fm*+HJr(}5Z)JotV&~!5hn|0SM{R2p~XH_;Og}IW2UJUR~
zZdO5|y`67F&c0o9CD+lxftG(uKqDaLyS=j32p@-su!;XXmPParf$2#R!>=hi^B<Z8
z2(LG*>bI6*9dEk5%*W}{X_`5S^;7hJk7%DXN>db1Mi=9<SZX{*2;R)_!#T@D`ebz4
zfDreSTp&0tzt4u2k+6yZ*h0Am6sdv?0h47n8PLm8vbx}@`+-Eknb)lCi+#EJ<=1sQ
z<ep@RAJ$u}r$#d#KHT+t>nHOc!c&ryXlT-)5M9pB;z7=9x32}4(jD?PRyuCfc_oTH
ze$6dR)4=O8ahiks?`D&?lbS+JWZ7mPxa=kUSJsq)B~1P*vF)+fTIwmUL4$L)qL=nO
zA1A=%*Dg@mujSl6ap3iNNn0!qk@+<PSGn+Se25|JOTOEZw!onSvFtGHEP!F>kG@Ft
zt<nu<MW?T<r2Tg%byr91CEsJPpk@=jhlNE<s23V21+nPL`<AG;iv}epLtT?UO7679
zQ9Mqa>YRH$%W883p+K0wX!dYs@^{nCNoDtsCvrYq4??|&eq|?qzks)gmM$+cffRPy
zlD*UD$N6yM*r$nN*89OTqU7@ouO?p*ONiJE-7S87-OZj);bi0Movm^(@`TR|dJ$Ni
z@p}o<_aFcJUcp#%|Ft>c^L`og-w~+txW!d&@+EY3!b*4pH>YyJ66bF$V`B+iXj2~m
zb_pRpt*jQC=q+Q;TwSX1ehJ^}c{c#{=8@BOuX9i0TF8US7J9XZ6Msu^9}@}xRKkD6
zQW7{Bj$OXcrWCF&#Z~`HwD~YgQqF6`K&i8r3r@b~tbX<5f<eLYYOV(lw307#)K33H
zdoD@k{yonB9tZnMsVK+iP71vpk4i6&7tOiMGlc9*wF7uqi&1S7@dA^%^)Vf5!|S5S
z$&9@diu**tki@@xaxVCL!3Vf3zX5B?7YWZk!+;-MYx&KnF4Euhm;@vN1=0VH7eK*$
z(zF877LIy(G19*{weisoAtT}9QgyG&WXp!15AAcz9sF%i#_amJ*Zkzj+Ru$=7#r`p
z9{o0OW~3L<ug&FOA0>AVHzV$I-F12m!5xS!vTH@w#8y5dXB-UR!{hjtey>aH6Il7H
zTHT`9qgJORHx2%g7#%H$@!>Owm&f;U<<~b`^79AYB6Jj45?+D=UJ}<uX@WDyVHS|I
zuQ9#m$iKEB0c$ac4OA<1{?-*3bDd?mGu(3{#Uo6h*Sl?6$_1ELeq<T*4r9${*q-Y&
zc{&ESfV`M?Y5v-bqdd)b;_@D1@a;ZD_*6TCBcsPQq0#$;8J8|O(+w$oJ^oxjx|(a;
zng7zzr{#wmKG)22HdGJrd3$R{Y)^a%{~7OF`-KM{&}Mp8KEV475>apbv{<u1H}<WF
zaDHc}E>T#q9>@^>iB8pi2h4Cyp{^mOa8K?9nqL7cM>&ht^-cH5PyRInh~XH6tUko4
z?m59dslG7ccj*j_J%kl|ac7+a4=fU1`Rl{aO?LldZ!!*{U&&s$+zJM79JZ4zV;ye?
zT{WppD{(OT<%c093@hVwrFW(NF4lnKyYjop#$Z@820lE8H|U0f4Cz5uqx8><LPCVo
zo3pz=lqT_Rp$UyghwBgZ)jWhL!btO0XBOGyo_@nUpzn6X&fB{-u5@8SxsoCVl5MhX
zYFFvjtNo&7SmS3VHwRDuJ>#uTZ3vmnI)blGG{UNqB;5bWhQ-`{jGXfE`EuNHlES0w
zZD6~yoZa8HRM0iyzhWOG|BC0_=LB6?97N6nO}6^CKlwQ|q5EoC87PWQ$KX$LED^3(
zs5W?eCj9pU?{@I;7HXDHc{Y+Jwt6xmNvcvVB9|4)s5YI-IwLB3)FbG4LYZOT+|wIu
zK(^iP7wd$YE8-Hpa#vrYpM^CC$pqh+t*a4?)t5MpsM}TA$h^U$tuTo`8C^ifBp$LR
zR9O9KI=snD4WJRj%NTIZDPkHE8MM<lt8^M|&1QKz4)x_0*~K>R0#qaz;;uDu-tjHg
zJ`2(w*4`!mDr10hhJpCHVSV5aip7I(0X;3hH$X*GW(xi)U#LfxT#LAOFnrlxQ>cs}
zr3ru=;`?{yp{Xhb8C86qmX^RrqcqibF$oZlw)eMLM!Dc9?W1z~A7~6#&12_)D<IH@
zj!vN#1O;S6*}tmtr!fEhgM4IYgFPi2uU&i||1Fx!+xu3;4(Bet?}tk2HkxJ7TcR#N
z^KH#Zv!b=dT$TdX^VjE#Bd?#i?=>+Vb>T($Ms5q@O2CKE<D9>UF?9GIzxl)}YrAB}
zYsB{3_%k)6NfnpTK?}c00mtX)dUWOI&OMUa=v-&AxfD@YKR7CJ8|RSFOsePTd7l;|
z1kKJy<r)(joUSd7V$Xr5Wssu`?F-a+eu7yh3y8rP`zkcL7QG>&f8rMQNl;w05f!PJ
z8M}>M|KHkI2=-r-AFL-2#@jgW0AVgyz&lb<r8Tb7-_u+b{+?297n|(il)%Qo1)Tbx
z)Wb%of0fMNa`&&+iUwA2VP19Ia8pbtd-NzBXGD<S#pyBAR=nm%SGnNTM3EVLqA-vy
zD8&@%rR6KiK&iwFGwhw5fV&P$oW_;>bjY(!B^Spha3`nSpPO)>h&QWB!vA6lIGy5j
z_WbpTjnc<NOwI0zr5{B#NxpN*^Ue!M%w8Q4o<}|u##wd5XwyW4s@S7BGVV3qbqpRZ
zE$H$nP78dY^ytTrv#z@nGI_Skm4`iZdLcQ=vm(Kt-7kQt)lS9kvH=3QVh450OhE+i
z={$`qZvj&BMqsCTMF|E}X=tV`8EusW{6stN;A(qN+d$U_Y7$M3Q+Vb)10&UZg{o1G
zZwWK#KHyIX2v>J_r3?!4@R0LlD6nd{DIcG<h0T!RM!W+Wn~VvNC=5U3rQBvV;Kq*N
zhkyqQ5En-wAJ8IVq7AT^EGLmw*<kPw!1B@l0@`qvv-)5`%AWE6I<FJqKiH}o$MZDV
z*hB)5hZw$`;etvwUca$3S*G;wu1f}<+I4L(^>qvONi+$b5xTfuRZqytz4=g$+}Uw8
zU8?N`Y0PKIs9cm`(y5OiBKWXJd-Hzl-E6s0I#4{0I#fRNP_SU8>6QElo<0e(Bs)h%
zIS)?9y+3&2oQ%AD1w2S(n7YgHL;Gs>u?6U1N?G}212Q}>!Xv9&rr=vMS?q#4ZRaA1
zPfwXT*nQ@9qKQTMpbts==nD0S8t+Wu-tR^zazc-L{LFY?FWJ6fEns52KgX9pg}R>P
z(UFD-r{7@d<DxoI3nIV*X)<c5G(otMAfId1a9>bqj?dSf`dvEWcOx0H?n%p&`7?ia
z(;rLhH9l_BeZXb5DP&+rlUQj)^YMwPw;z+1Ve-Q;*#lQ?k0tyJeD@a0R8F;_4JE;F
z6CSaey(PN0DV+s(T;Rrp@JOiG$BW!iuSLi?!ZeN0ORn*-5UpehsVdGJ>>0o982bDY
zWKC5)q_8DQYxxvSF8HT8cr)$l9(J?oTQ9IFs8k`AJGhfamWqA_%I@Xd+Do7&{k!a)
zSaLmu6H$G-aPc_#wkd))w9@iIV-$4AI8}a&ODqT@8s-+;CD+m7udidRdi1m2<u}{B
z!ZFpBbaK?Ho)Zzhq4cg~16pTy^g+%0Ck(+~Vg?6gqy_9^idHnyT;xp}Vp!O7bk_B2
z2-K>J815f&>3X-)#IHAm*9rNh%q-RWwGNfBMBiVvX;JR=Q_OdF7B@l$+}yqTi{8=T
zx9Xv2Vce;R;2iEj;7E`^!xO3$p4>1mQxDOzHhajG-*_~SBY4U5)hWc9r^cV%6{Xqp
zh!9w@$Lo)tP;<1RmQV;Qfi-!aJN}x5z|sSR+QPTzJ*#^~@1~JNj?~?wnU~)qHrK*q
z0r)!YEUx|vo7jbjB)j4F4pz}v-zT{-$7qjZx}lJR<k0Qaa%@M=>Dv<A5g&;b=L%fD
z(d0>OpKd)qT+8@1oQyacNAqmw_~iZ^?1S)PCXJAzFUSGa1LagBwU^|$8Drr^xDU|=
zzc)(ufFtPecl|t~kAU?os9%RBA7{Sqx!_>8S;+@I@+9njIYJ}E<NjM;Nc3UXJ=gW%
zQ<1RO3~bh$Pz@|mK8pfP)_nsz)5a$_T>N>sHznxvk2;^0mD#c^VZ}|^+|&^NarW#Z
zmCE^`XIC}zzjZa?wz#qmYnL3410+T`yk31JCVYEUV7uJWU;2cX)g7V%MI+pUhzuMD
zG#M^Z=*%-{&uihgC@FZ3*#0}rxY5@0_s?ngPf=Sei-ccL*FBpiQ1O1zno(I!esy!Y
z@2d9^Ln5}%Nb@%X6&VceF=2yf>1@lu*803h$Ah~?Xx1%L?4I%7*8_W$+Vy!3ZOU?4
z`1Wd19N*y?RxxJTjhLVI7N?7ncm@j;q)psF6^Fi7<zd&F^N@sp0X#{*MzZsPx)bKX
z4itLlbWWkp!1zPAxz3y$WG2=#`^9vKmy<~p{4TeFdtKo`O*`9P3U2yu=#f8he>i^#
z_TYT+rs!@WHXrk?82`jB7;nhG5Wn}(-3l(IhM*zz3N$5bp;<^HrE6AEaA)APfsMk|
zC-6m;`}pGoltnFwgl^wBGYhjGJy4G=Y<8vR-_E-U!{~F);^{HQg{Wu(al(X{7(G>G
zJ!LQ{N{hJKgmLhO71<8aprG<mma6`z(=kqMQ<BQxpQYcqjUN?%HgHLiOVsi?xyJf~
zk3S(4TYAEF(<gvbqLo)j=lX<GV1re@<r~^}TPgP$aK!oY!`r2npr0>g#WQ|BaWE31
zAMsgou9g-@AF~^vPWp^EC#B`x`ZVTLv)y0PgQC<oM+-Zm{gp!RNYQ$9u0PRT8s0wt
zA!Gc58W;lK=tDi^+QM2bNwY`3buU0uM+4E}D2ELR%0gD0bDS2bP|IV@)+j}Jy*LXk
z;*9kN)xLIZ0d7nrY{1@npydQ~1^&_BgDJ%}G=@Fb7#otOGv)OTTB%T;s^S*{FAF+Z
zj(u}Cq8Q_?d__v+YpL}XzBG3Ue|{)4?UI*?1FsZdi=2kwt+Tq~)SH{^zrM>)+QG#Y
z^=MN@*Nr8-_<!nIP^acm6)T>j-S;rX5nZWjzbt@h0tuu*Wx5nn9ch`X2C}(w#c3~k
z@prvFu9&h`X?JY+mO)GytJS*x=eKRLKM29~etqVTqu!h@ccHA=vF;2GoB)FHU|O6i
zXbsf}wHHFnT${Oe9WhSpy^_j~CSPRD%bh}rZa)J&ECqs_HIL2BzQ^V*k6`$N%jd%$
zW;zSGl@Cl7wK-v)5;Alc9htqj3h&VR92A{~dhM1A?RU>^_0%5}t3%1$6Yx7HJ`r;!
zM*z@#U<Ktg0G}QVk6;4a*}mH=+9wTX#o;WqzPlI6j<~ppUyd!gAzARe`;uSZ8R{}P
zuiRQ>*t0f2z58crZP3Oztm<V9Gzfh(610)SSVj@eA{Q0yhZM?t6v0B!z5&5_qk_y&
zRWgL?aYWpS-GT+<EvdaMx#`HLrDN`2phy26JNtdKc94<l{6RzTf=mXAK300_y*k9`
zkbQzG-;4V534~?$zG06AI}ZM<6<>G_RR_O7N+Zxw;dLGVS+(esvk^Vw#s{`;r$I*3
zXjIGp$=67RXltVlOiU{j7Nc1h$4B{a(a%vU;z`xLx+j?d?IA%MLNiaY8_;c+t>0I_
zd2<#o@)W+L_KUE$zURmjN*?zQXZ-teSF7Zh-4?IhDgUNZn&zz?fyej+wlt-?1%(bu
z^dF7CFKw+JtI2c^?eBiy<JQmD*X`pqXp^362-OVpz1K3NiXjh~(fL7C3$5Xvcwp^p
zzqzD;!yokP`?qV4ns1?9vJ9JdwPcoh?c~3&hb`%99r*mAjMQ(A8FBcO7IZ(NxQ;>f
z?ts?LsDs8zUtLE{Y|=qxm!bCZ;jd{8JIYz{mki$w+ToB+HZ3uBXV+k$0iS`cxr6hv
zAUYzCjP)gX`>~6*xKys*TPilTH?}9OPZJ7Dy444sR2e7Ltb_^X+dNGSajy>XAZcu0
zJs0ii<j4Z;jQf9bAFZls@ZJ7Bz$4-8VD3_8$BwmobNZe&4tb`vId)g?vtW$l^Ta+=
z3$;NKeZYmd2Jv)sGY7|m^)?2P=c<n;X2IQ%KNG$z7=FbpYig)T@wtQAhRs-6lq(K9
zqQklznxs*9Pe@NqI|85K;=L=z^tOr*n)g_G5ck2o@!K$60ZubFh0nQG`p66&qgP?6
zb#e?at>wF#eF)KS-$3xn;&S@2wm0&=DawhcR54T#x9DhIAyZ7HYKCigj{6}V1FGxd
zqkt!Mz`USJ*!`~ONWgd5JS#cVxATM6)qzCpj?_@$CyOl-2uGE!@u)|LYh6GjH_C{t
ze`_zWkMdTWMsg><rixG%*F@6P2aEKCoh085^x)2QzX=TMSp=$`nMXCF_$XP;mNEgQ
zqUYQ9wx7RzX9S=Q2Mp`nU#>N0)c_Z?!KclM17lVt#A4<+C-MrhzK+NLV6n3Ey=enW
zOT#3&GL>;ZLb~6oo!?EH1MGzlR82CW^f<a+anctT;+iEhswv<@q3WC;cR>!dpMe&7
z`4Kf@{e>fJ72$WtY%iEYi`jqugU*3HeZUL)eUj3KZFQ7{8LznP?cGFbBGp|3?h+a8
zBKO@rk$d*qChdGyO#x~q%f@N9Z%TpkaN&{fMZex|)UVFpkb%j${O($b?grG-0<@x2
z>&VQoJj*TmYT%GK{Jmg=*WqjG;leqyz6~3C&OH~^j}MqTj$*?gHUz>II3F(7Gc=x%
zac1<xP~N*;D{YQpcRpYuVVpwZGD+eeJ|Sy<Jn)`_4YZ3vye~S9h{I+^UTtB_+!Zwb
z{QZ>QXck?^%&b!BfQ7(3QHy_x&M$1XMvlayV_u#fM57@VR*7b74G0?<&>3a|NBnTj
z5q3i|Z&J@XeiZf?ykTNuvijwL`dSQLn_*5g0V;$#X>j6h(1B*WvvmCu3pmEMyjFdy
z<*;^o<EdV-q!apR%vy~W!&e?P>M80^aei!!02tiE8Y-srETQVno}#QcZG}+OlPTM!
zfi=$3P4jR<XpsN1B{v1>6JkLx1>fb7zumyWX25@wT#cioYgDHdL3|eG52-br#}xhd
zI5oBk#kF2`jAMQNNPA2{w1=VOo-ov-AAF?x)*HX;5ng6x>!@5~(-GXJNTA3@Pg)87
zof5{D>)5$1yx(+lOrbSo_<bcmyqdr9I0Z*jHXn4561J)GQVZU3(-HJO`Rjv$_>3ZD
zZwVSgVkl9v^+yX`dh416F^?GK)MNN8O+%&o4+br5Y&`u`$1<20oK<zWG~oBk5$Ap<
zC#ajzI|AB%r&MGpw_tDdLnNPs4NY9RiW#!j?NMeXx>PRq)TT5c7Ev5-nuC{7XQcHZ
zrze#NqMFay7#i2+sn>S3NDb(&2k){rK1r}Pb)(GmBH4ZiRafpb(46j1Z@!*%rV#B*
zw1M2#iyH$uC?n0X{Utzc*zY|rGqEXDJtpF8H8GcP&&n!DwxL@TZM56m@}a3&(CaiX
zHDkO|?h76pUius*xhsg6ke@_djUdt%kKu6>1!jBvU?`;223!K(qka<J{Q}NG|Ev!X
zBV#e}XB2z`_h4R8zW^IjEToPjou%+(g@JdF(Y`FYi37W!48;2f#7#YUg<p?{q5ORZ
z6ugk+F3)MeJLX+@9=S^EHub~tke$(+VXOjdJ+;k=b-Ej;ji(#g2THUGF&>w3=%Mnv
zG2mol+{$FjWv}a6tRt<M@9yRrlY_ds`;r4*+<3@*?doyDW+D361KS#XTUz2HeRk}5
z*AK)eV{~=Z9P+9N^Fn?fbD!-$i`zxbnA&6)OzrN&>z}U=rK-8Dz?a<H&7Oo0aU|^U
zaB4!T*L`_qgY~1H4X)vGijo~x^Aigu8ZUZ&tBJByjf*iaE7d)?7(+eDet&z#_lyYv
zv;4by_Xq=p?QIEo{mDj@`fAON+{hOj-*99`vOl@*qEp*AzI@EXF??<I`V5)(T4@CD
z32#URQ{(W>8msz^L53s{sJ&KQLjUWP{jb{H;Q-3Wt-@{Eaw#NRB#syL_x06aTl-P#
z&yzadI*E(mqtJd{Bd|NEQ3)Y@6pgh`e(vk%79m#TwZgE$3jrg}<(G^&IX9y{L?CmF
z{XvG2=_?kO@ufG|fz{F7!MX`qM?$UEMEQC3U_#<itqFk6WEppEBm41W$<!SI=m=XR
zqLO$!+BDyPW5_h))1-;IeJwnY1Ez7sSoh%rvggo608ETEs8{gw^K^1G6NgJ37@3In
z!!>|6!^lq0g^{Pr^S-OLddTr#i+|Ld#8FQ>Wu$3k468>6=c5i97WRUZR^rQPo>Jrv
zneSE_d*XW@O>*p2BsiIf+L=0f{@}A_!gSoCjqmdC&$-StM^EbRS*JP(1q@q-JFhhI
z9^B#QtPG_&VydSl3Qy6bzy`9->A+jzbCos)4Y$D6=a}xD`hN1PUDPrdjxD|!&GAb&
z;I+96)$E!3B=#4i%0!9^3@^0CHa4zHfx?!uc!FckgXINrpL@&}sg+bjg}UqqFZ~Hm
zjS2q#97=7iMt$M{!DVw!c5BWx8+vkgv4?6(ojjNlVXW{H#Kl3m?4a5e_n#173~t|b
zh8vzoy#u=E7<@l*A2@V^+D{L`?-9`MWV-f`ha$h{3Y74VmDPEKu-{5IfZ7+ZyP;kF
zO#wp;u)pjKi;u&~9`2u)O<}WVd;Ae=J9K<s8Bok1P07cjwr_zmI*2xDxj7T+Bg=N~
zMdX##QlTmdE!Hg_lVvH#>GkLf+0U$Mm0FHaO%bXs4|~$=2RN%bj@T?c?VpG~!mr_Z
z@yuqW_zGdI+8zOJn{AHKzwDL;t0dJG!!N7inF4NV_dh@G^f`e=a5MBsobYC`Qe8!f
zK%oeU%sUtfo~ZOZ8fnzNDP~)tCsIWyAAgwQ8nvYpQc(DcO<8d>lt0a0Pbi=gWdq6M
zrj7}oonj83R<f%@`b={#jn494y?k7QiF5!Z9gU@fSpd(OwI63gjlFu{`Q<y1C+<62
z4uSIRR{TQkf+w!xY*vd;T8dQ;d9ndZbR_K|A-^W|wQUajKBtlUOeMzZRWLzm;ve_W
zvr-~rE^2&Vu1RXJ*D$uTM3%|LLB4CX4eApK^qkLl?>NnK$j3I`iGA>NG1OyFG+b3k
zdBHO&Bh99H_+y?*k$w7QL1CBd0x#4uG0TtHm$6z1|A0>Y8J+|(y|}`9u(IC5??90M
zs2l<tk)r_muGaFF2d>!}9+5AR$;WZ&xH0A4cth)HbFfUZ@QN&}=U`4ift@Z@OOtd*
zdq$kb+vU_LwzheNqQE!8$E&nq2bEsJ&+zR+G}VcpG6$3_KmLJvRJ!Xq!g~MN*MZHg
zk}T(~%7G_onK+2DZB=gABD{=((kyqh$**@3q++3M(+3MVjYyv@GvDczotm^pMhd`b
zAz^uaFT?;j@_=nm@yVUNp5o4ABk1&ZDj88ba}Ii=IT<6gE$<u9S4pQD1lg?P6v+12
zFg}WTsg5OZ+Tt0RKP6P0{sq$bvksZs*Mg6tjO>v|>riN4UaT@+^Mp|96m@z#vj$O0
z+Zp@y@!BqyHu=%FMxY3`B8B#xI@ej!Q~TE1ZZM+GVJL?!55adri$1L&7y8`=$oE_*
z`vHjcjfDK#n8uC)JrZQ4Yrx;8B%;~~?i43ItvN=!wGsE?6*URuB}=TIfBIt2z7+NL
zZUStm!2MYP{?ELteLk6Se)P{CTKfA8a9rE%G=fkr>q7X|4wDyY-h@zXTUFSOS+{SU
z$L=>C&xP;jQ?h}+NH7sS_#D=S)tb)yuGbNM{*KLP+BNNixFNHto1#3F(dx?Q>0nmt
z9Jkhw4cNFriZdNAw`!;oR=!ePXd2~HC<Zp?$d@t`<Vu4~3BmUIx*~wkSK}U@hs+`j
zsfu*{O?S5VejIObtJFE=RwFBE1Mf=>^<edIEz)bQs>$Xxyk{3Lw@AQI8Ir$DfYYzI
zwJgu2@e#(KOkj!DPNBKWu1#;O(D&6n!Id_t^xPxhb*B!T=X`goxdWz#rd<93#Vb?z
z^CLUv5j!Np)aiK{pDKURkFrwHpJ$G#-YOiV;Ed<xybeqvVi`#eKQd&r-gYl_DUWof
z`#iq;{)~8C&L!G?`nW?<X<m`E`5HtG)F|2VUY$(!JD=3;t46ITvWEJ8bzk%r>X?Kq
zm?k~zr5L@Qdx$I(@}xiw&&A~x3Ge`LCIpnPe)N5{IA_dT%2RjZ<lG=ygc>#G<9O(>
zp6@}_#`W*ydXDOtW$1kFAQCRGw7Ulb^skCYs{D?D>S_>$`4rlycAW_Ys1}ylh^Wa0
zk-Z!vTWcksjKBrA@3X6VFHQ+1_B&L>dN7#$=xN>=V12+loN5G&V7`ZLw<y!7t9#x_
zQwba=^~j@7K?Np~S=Sw)atsW=GbV(5c%0^ra+O~itBLa8YBTkEH6g!9E+AA_Jy0W_
zCOo!o?b?}Se$IUHhR^c1UnH<=2UF;XzcWBc{<tajFee}S{S)wj#Ay#a>KytXC&UPW
zFnJia5I}mQ>(kTpsRf*1l|6O1+{s+XWH~NC>6t_wkP0Xrz;#&o4!#N(vNcSSEvp-_
zlmw~X(xA>~Y3c)Y7kkLl&&$fb{)2H)RE57D>*~XaE<-^+xyKC95HaoTdFW2;Jv`vP
ziF(FebC`N+0i6!np`yjh)HjW%vB>~zyFsmETkjmYCJrKw+*jNK-1lI+54k|5x9l@;
znR08Z!kThxPinUYZfoLZfbtkgO3oY=3l|GLaE9-ko+U0^HWeo430G3LqaZ`j;P0}t
zIu9aVIPaoHHG9N3EG}OYg(zQ}a5=xA&*8@l(KF;wAEpl{9?c@oERDEretXAb8Bn`o
z7MVw`7=GW{t-hk_JG<?<j4=+ovkJ1)p*wU$0^+F6IdT_>&Ouz&M}mIadb0IT>MriO
zCfDn!ZxTfS13BtOB&*b=K(xZc*Gh0(X++&=ke6*)Q5CsYk4d?h+3uoA<u+NyMCFlR
zQHLE1Muz57=iSfx^yF=00Z<@VH~GqU@LMLSaoUQHv_Y)02G+Xo>cj!HhrqsHw^UDy
zOcLCBR@mN#uS^oWSqYV>Y#e60tG3K>pg)W&DyLn>d169l<x=k4e9_Qco-;Y2f%uSr
zFZnkVc%Y<1PWPo>-{;N|5i{Brdpt<M;{%dvv=(KVNX8m`FjUJ!AA~rUJ!c~Q@tYp$
z!>A@;M0R-CCQd6@O7m0#Ket8kwKR`14VM<fV^^7}hVsIX0Hjv)T5<s`c4Y-bDgHoS
z@v%hGat>;*Bk7)3Hv+JM#fuQ)gsssS!Vy3^4U{G=4P5)av)ZhAzX(>Z<9xoeVHfp|
z)3S_f3sFxbp{F!V=vpD9ZI%px*+8Kr?6@}0c_X`A9K|!J=O$OV<zpVbLT=z$z(8`o
z!&a=G+di1)erSF0S;7&I#ohahaaRs?diPvMjI-(|@V`kMYGMpO6qM5k{aL`4rW(yV
zH9X8SAGYvaeq3_JaJ{(8d>l)MRJyGQD$zr!zlyAJ!ltl4CBUzn4k{kGlR(_u*l_wG
z`DtWtP}+7BH(uHjZsQs8yn7JnML)+TVdu?P*M^_?p3nfRG`dO)Ap2>8Pfs&#lVEZ~
zC)iRAHOVTVbzq0wkcKk5L$z;+TiJMbw!178VhgX~rgoC`s@Wh3j{WG(Lk91Z&9dhu
zzYD26u&NueVM-m4H2!hA5jKYQ#e>50$vJ@89_DJ&Ux)hsnUCA|j1I)o63~ONoph_P
z*!!3B@Q0$ZIq1C#>|S_Q!CXNIPM6*_=G^z--th(P|4j^F_f7$u>?vY}1ePHG1tvMR
z<J{7RL+&<8_R8=~*t2Tlqj^7_yTj&rVA`5g!Tcs^;79)VKMdx#Yg;Q6(1os6t|H<u
z4AQ3OeV3hDgoZlCDQg#<%s|`I!heX7La*mzFvlBJg+oFd0tLOR6bJ+ltCV%1bKyom
zOrQ#u)?2Wpq66aB-!U0i;nRrTg{E=ZoqQCw<>|ddQ|>_&zf3zXSytt;CD8cm^I^50
zJ)$a{O8ut7)J&E87+-PAYh+AqM4*~UeaW$4cdrBRrK-C4Y8$-|@AivF{X7TV0n%`p
zvwa+wE?zST1y>;~5Jca8#c|9>(a8;}OcM9AP6I4d0_LX^SoMTA9aEGXk2Fi&HiQ2I
z-JjQB&1*7fpC?Uj4(LojTdRRHviEV@-5UJ`1c7mtH;z$v2IEkqN9+J`cJL;&o8(k6
z=2@b#S~)byi|`zC!;X3OV1I$0V*v1dZdgW`W$AznX?Kc2fwfiI?}Yc`-i$&)Cc~nh
z<aJavMullnV<-g!@dx==KM%SvL?gfyUgQy$Ds8e%pdURkjq4frJw8GBt-X6Vh^BEg
z(DS@B)#Pq+kL*se&$uLTo(@PJ82c*80P?5)+43B>8yI<i$?#=*CXV)v&SEW}v~G_c
zH2SO(3&HTO+^|QhX%e^F&AOnw;1;}on3>}&I!r4<Sk9yf5`vt_9XqJ{ov<@r30s8q
z7vn{I(ypVD3;8_zY<#@j+7b#aQhvNFb7u}PYCu_Hu_K~`HCBtocFGHX%xR&bBs)7A
zfjNja<}pr><v3aV(dbx-!8p`|!alAT-(=HXE0jn^TY<b4=~7YPA4L#X00rfg=mj0w
zHBXq9C(C?7P2xOu<6v>OLIEt;{j_VE0-yi;3$dc~`R&Dv!XrqY-2dfX?vf`Ox)C}D
zdjUr@Bx|`Ji%YVS0l)BG`D+zL@+t0TV=T{;RP2MPYoZ(P$&6+;(UAHbi32i`K>lN@
z^#7$ElHck0TvWd$eDgxo<Zwu5+bwN5SsCIyPHXkdNLj-{((daoB%)2vr0=Yvmg+bA
zPif0Z;U2m~RF4a82cyhG;PVVLm^po({g!q;M-b&SITc}GuAsIqME|QuaxfALBkF@l
zF#3V7Z28T&8)|PRJJ|3dL+uR+l;w!EOaMz1x+#+8)@@K8*`f%0{jDo^(uBW(dxFbP
z_USsB4~$WHDigred1Gf}G!kn*%J@3#hx`Q@fir7^nOQ3HvWR7DgeJL_extnM3fYSD
ztvG5#8Q%6)O<ImaLP4}iW5lLZH3VOsw>-kk;S?@h-tquHhy%AH(|lJiIo)N7mdY$2
zgfgAx$6?GsYzr)TDTR;ozB@9uGj6Bh*(k+GTuZAUl-;6CUSj@KdBt(0T-f8tM5O<@
zWA?Ry#QG?4XIMrULPPB<L`G@^uhh_b3$1_2a!fajT1OhQ$805%RRkx@*Kzk{sjVBr
z5v@h<;mJ{MfKwAL$$vwjVhZ3M680H}8Yq^RfTU}rpDk!>N2)|%oTl&UcwK=1Vc7no
z*u#R3N#d!N$vjOd8}l%SA9dEcb-VR<VzH=&JcV#bW)~(E?*;%+azJzfcWz6iZnM^R
z%^`f}KoAYJ`-z?b9BA+)6bPNaZ#o>9<5E`THa`_fRP`Y=L0?Iz*HZP2sk0PgHf>CV
zE9%FM79gW&_&K2Lu{`+gL6O$x)KTB6ncsK9aB3d>Z*du&b5p;LI@MJ0ILB_aP+Xte
zhcYuOljA`$^|H9kZVPVZi#__F8PV$w1-JV!Ww<uYvqFm)!6M>`B39Nwb+-5YQPiuB
zFFn=v%<qspei4SxfEUyDjM>G+6mH)%-8BB2w%8Aq>?bYY^sTjFc1G+L02`iB`)Shs
z46@CG->3}^Sf&q9VItWN^+nhOqYO6qXRcE~z5n<3#GnpLV;&i<pK&=GTIU)}R~C=p
zBd#2He?5^Lpt(~>GH8&>WQlX^dhpgb`7!e@vj@qc<({CEcu!Vt?&vYtXy(1Ud(zxN
z5)#5PO&%SUV4RA$cyvD_^D$H^lPgf5cI6t`pfJvPgH(8=<dwX(qo8x?tE6{Yjvv#W
zJq1z}?AX(78?3t9xd-P>sHzs;vr0^)9^=Uh*b#59UGCh<4PS_vfu-5M)ZhSrWKun}
zg8N(fYabv@>J?vhu<LTE-K`6-ADj|tyI(|*A1cPmVn*Hs`7>b?Ky)k~+^ppTvYpG#
z9DU!xyB?!4fp+gIBNYI(j{(|<ZaL_)l*OqVq~_6-I57BP{<7+AlTuB%m{?%aXw1)H
zarAcnV9NxLw)wGjpl8f;uv;VCn1y&LG++=mS+|#YG&LzNKPgpQgfetYhoZ#MrS-v=
zl~<9#PSSL8@^;PH08Q;DM3z5)*eZP~WLDMtMW~~*m+x?3Z3|CL;|AnC%CZhFSs51H
zf$uX$eSem(dm@^J>)5azf4a4-^6(G1VaG@D+^~E8qeph6yvS`2IbVpW-0dOFnxah?
zp`YP9r8Pi#j(_Zypi3<x+cm?r<A|&iK6LOVatj`JuIt28G1c=P=U=3Yhg$-raoV(A
zPlgv{`ys)C+QE&YgeF3|kOSniB71w`Em67DsVK9|@q3j&#W|VgS#OIBy8|2O8l3jx
z`kGnv$gkkGVM4c0#aBV-P7~BV0n15Dxr2n!bblTh671}MWZb)?&*Y?Ygq9YtakhL+
zd8HaM)>3S5uH87Ha8Yx8<NGF#LZ6oB87FtwD(?3lIk$zuZ(RKK=UPa^COg1Nr`CUO
z*OY`?EV)T`A}ED)H@hHXR%Xu@>`F0R(2@zqYJuaz=g|Uwz#Fw}qVA#YqaWVk;b!B0
zfq-drT*<q;Y&iEeK<Qth_CHr%h<4#qip(%nj56th3Kb}(drAA@<fU>jF;3Ps%D)NZ
zOi?I$o}V@$D0c6V{Ec$Rkjnq!6-*LPFYAoQAlbhS3!F;_w5I@i52~H~^!fAA0J^6p
zRD0r)_&0S<sL#nnd_lqcYp;3drdSp^&m_s6wmgupOOnm^73mvNU+Jwo#y4lqOftYK
zJBP*8vyXccQn>%r4>__%<2!lV(ph?Pf{^bfW)CEHZLD<tobz34e!Q8cuI~5Has;-S
z#mNpQ4GF@MX%a2qOajeoW|HFUNPtTR%@n@QRi3jfQ&!fz?EFirz-{gcbPv9^U{FP4
zqqU(hl6JU{=X%+=PnT;1zpy6WMH!J3GbAU1ql{&f=5U0jJE3E4gtWT{kS5IGd=x+W
z<6Ai4ib^EuBz%hlt5p<*zp%+)aso5%bIaF9m4UK+GFB%40v$9ozY@qu+FV)D5+L%Q
zzHh0A^iMT{2+!7_S9&6`9_dVUv7(N(+AM<wx>|1YT^#(XXutJrFX>5P_+oWWf{VsV
zG#{mvLehXSzE5lT<H7EhAJ@Vo`gB6z^s~vb;u@EVMHJu01LEmu6o;BKF_fwF<V*dN
zur*w~FmAdf7P>5$k71P4?m9N1k%;!&j?p3xOe))4{-WeC+8V2w`+eoxuY=>=ZAgE3
zng&A6Z%Rx>Wq{?qPzRvs|8Z<5Nor*Y^H7zxLfaf$exdu#%!RRJJ{{>OpIH5-7ge!<
zJ3aIs3N|dLkTfiO@ZE;f|9lN)HAEIfXt!37p=sg3@DQ4mvk=f(*Z<{~uMDMpbk%o3
z8g@<1gVjx!1qYL9v1MG!k6e&`<f1Wm6nf%(GSUEACTx&*_%9ryvfgw3vAEbWh2?t=
z&Xc1K7j+#s(_r+U>R^|T-3w=JPfiG_OA33lE=V$Cove@<@9aiRt5jNlypnR~-s2Fs
z&)CJa*;6uoL(^;MGk4CmyjH_8l~aX3r^gE?du+<Uoh_KC#O|!@z_*Iq=wiI-zBBrD
zycvoeafX|{Ugz=)6IuxAW$PGP%M#qDFPHSCiudIDQhDw0`t>EuxKq#<f4KMYk6Qau
zf*=k&)&nEqTJzt!NlAi@BfN2s06i#VMqYOQYq-tVFzUZn%php4A=6?sGd!^?1y<{`
zZb3G`hgiqb4!i@DrXYTpy70iJll@T!@=ag2per3RcYB@=!`)3&nm}3y`<WAeSf7N3
z^u!})Ixf|ozx=SI$QpY|(fh*X{P<aw!lVt~S+9FRc*%Z(IvaxR1bsET`sL&xsrtCU
zn`{P$9IcLwDmX2hJt1W2seGT>px4*aqJMU;;dumakrp-L^c)fCPu3ZExRiIpIJ*WO
zW$qzovaCmzg-LYduLEaXngE+)gQ(pPyel&a#?Q!_YU{_P5H3q=M#dB9=lB4FHq~%%
zmGY?_y!P;Rzs7#|+&an^W0PIxJkXtvkEF2yFELH1cqQv5?eZz4cIT4)NI~_+Jzv<y
zW#aSux9Q!Ad{(kzdUG69k>)+8Ha?$VyqA~uv^~NB;(eytTW`qr`FIfUb1eX4(-Q4Y
z-pNeUSZU;=B(`-k_|XRmbPbnrVL6E!hwU}=YVmmO^fE_B&oOtw;JzhM72=e8cs%4i
zk1GEqr%}|F?mCoFr~G)P!vTsoS9|^t1^Kd-J^soe@@Wyd8@%AbCEu4TxSiF-UrlV~
z^GZ%Hrqq<(9)2l%R20Pe6H~MF>Lu&%BCe6O!t8C0$t1Q3jcsx{HKr)fSH~(dBt7gr
z^fG0Yu}kif%bN)ks-TrjK<;1*&D+5er3+BphZ+uQRmx~{5km_GJp&IMQoc+FjVb~*
zU1TlKQmeVtn~pDk;g#>=ss?Hvt>65<8;c`zuz$ebSwR&g7{R-vx+_*4C8_0lJ>WsY
zCMJnAG8`c#6x9AxDRA1vT!5UuEcG#fvD(77VT_OrIY+5faCEDR3PW-J1B|souli<j
z1`n=YkoR#Xu$B^rU^_u{5}ixgE<uiodInM;>h7KieyCBD*CM>C&)Bppb>Y}#6J2ep
z?p}(vTkII|6U9mN4`*W)-y8Of|7HPLlP^kO^Bt%h0SdQ;;?@L!gGU`QPb|W@SFmj-
z75M_Z|19qX^!R^}tUs0}L$ilx>A|^~|CX^c8Cx=o3D8lL`SSt~QU#Q`WJnHT`v~s8
z)mKh^5|q$r-RdR*^c(G_gc~!!ZFE6|e<k*vX$G4Vn^&FyevaMbl>F!mEMhFvC{$AI
zN(Z~^tkoDX`gxNnv%Z<?O$Lq%5$g7y&6yvWY7&}^oreQ%Dht+Docyw%@6_TMg=Syr
zk&lp;^5QD^*!TcsfNEX9W=et(gW;Gjf?@EkPEUWVh~ltZl`Y-Pp?5;&0BxJ6Frfd~
zIVXIs$1b0#_z(DAB52SiuE?$X&)P0k^jhX^)s}N7(%nf_wZdAHgr}Rx6?@c3!)9%J
z9@JBFd<9tQPZ@M|s^|$kHwo8)wLGREkMVN+5n@lw(b&XAHc`>Zcth5~g(PTo7j8|v
z#7&0M1q1}%wHYE%2?nG|R^I3pO^Q=)c~3oR#3Vbh(h7o|QbN8f+bYyW*@{tH-_@${
zik07{=(3Wc1bRfd6YsLf8S0mopKo5)d&Ei$L<#l>ulzADQ>eXOc&p_g8xdoPy!LiN
zUhrx<_0?DarR($zk@aBp=w+C1Ng+;vt?TwbSJ_rqO9ocS-9Dl+^*clSgG-od$85K`
zp`UtNr4b3*Wh1LJnGzqtAwXor$;`>$XW9PJr4+_I(K5fEVuH||FKL-W61I09Y5_V4
z3^G(!t57dylT<X3vP6|kBuCc_+ZSBByFwT{;lGtU=CPAS$b@2u^$oAQYPrf&dJGpL
zEv1e_CFCPC(_6JVId`Z3`~;3h*}A9)pH&bNDo{Jm=Bdx3x)!p7O%71?W9cy7zz3X6
zsgI~w=SS3nK4A|Ow^rG-Lygr@>^5bT{FS`J*xTeKUU|#;kb<uh1oQCd85EaJ;J|}`
zbiN6@Xk46sSGsq=GllX@M0cK$+%>bUo==UCXwAVwBXegbuCt#`y;y6vBX#@o7BNFd
zQ<Qw=3h8{nSJZIT`vQK-G9pSr&~?+dK(gBy+z8}l6zKdnK8VT}90;QBTmAQkfyKOo
z(|!LDkU)#$G>$2{_@Mfr1w0(X6ygi`Y6KZt92%6z!rgJHL?*BOu#9fN7wDIK@6dsv
zOF%p|PG$@8p&lT&6BYL3R3&+q`({%7qio1*KRF!rndO8|TSlnuVyMp6OY5T%4aRe3
zmNIazR2<vtkt~9Ul$m;WW3o``yD7fK56?JM^YQf2<WukKVml8|iKjWPRd1oI1Ak=D
z7h5|XT0VjgwA9bnAZMy%Ixf!)vm+_WgAr1+=3{(^_g>aQAgi*=Xyus<RrIr;yB>`^
z;ggZ<hWXnXWw;vJszy-Y3lXufmN+3O3`X>OgWUlKg4f;F)3%v@W?m?G`{~bm58p^v
zigH=DVbbvO&46^e-N!FL7+lv=8AiOawz&>FloU!*r<x2+zC+SNQfJl};-|PM-C28}
zR2+4_WeWFkVpH)zBH32Yc?z|GW%1_9<+FG<na^3m(~17}EZH;b#IA8<5>uPw64jU@
zU?BJGaLozj=^M}@#^@Jrf;I9>)Go4oSbrg5t9@Fp9s9cb64XX_D2YcP)-3fL#AyB+
zG&9`;)aBEd_DvAQl3l1S+_!bq3wV}5+%P<m3C<`G-1WdYC77wTMAE+8E&9jffLrYZ
zc2TLrihts$D16`on&dgQhuk0<WZ23C9J4uIw~RzQdm784E9>3JWISnFlB~=sLkc0o
zBeKN;2{XiaS5g>JQ-qi45bu+<1E7&(5Ay8=FR3UDftb$9{v1~-v^1-tR9VK1s55rG
z6HcCgLz1s0pDuqx!0QEKA9zizPu|U>m6c&|St}*R{2e_V4TI}~ONr%B0P9eFsNFH(
zW$ps1(_Mk73&<}!a6dZw8dd&B7#TN%HRkA!B_?ecb@Tt76#>1U`Rq&Ej}GiF`A7Lv
zsQjG1Oq%T9Y{7oMK#=BuZ#*`KyDx3p2ZJ6sG|U|2|LNK;&Z>eHnM8$L?E+8EKwR3|
zyTB~;210|-=O$_JhT=N*zd-cu7kG@f05{k1>sPoFwkh~X>GxIj$_aPxb?1>wHi@zC
zqYiP}=cmu7nQ}jFmSrcttBSAAyvx-6{W#Ns4s-nBIr|?lxA$o5-*D)ZCO6)OV-o~v
zsUZU?8v4k%+GR}za!->g;n`*$iKrVFM$Z+O;0VXT(3^z$$LjK4JO@=6Za!=|_fNjz
z*%f{8lY-KtTfIQA^4p)Vo^S<vL!++|Evvd814r5^ia(|HW9|oUx_RqbkXRp_6ex)Q
zFYx*Cw3QkqL1s2`WT&v0`4`V1(r```QhEMjfAT>wD#PV_mncPMA-T>bn;Z`RCA5+w
z04JJYc}uy;%YmhtV<pM9g)S~@I^FLDA!}~Oh^#77J@?!;OpWkVhEy4VM7&(?smT-l
zq&JoJ<pw^}c48yF>d?;QjnDFj4{jGe5PF8O==JPh{eSY)+v@cYCRU?6R*jTYKFK0@
znK(`tyVz+~vK+)JQrrS6ceX?#&Vl>EZfs`vOe53?NkXc8!J3Hrj!!I&-)C_9IkH}$
zPUHjhJ-|r#9tq*az#O`a8p0Jr`^IS2VyiAPus;at1~@PQ%w4H^PtwYZhNsyb<Bh)C
z-SKGTrdtAJ4g$xXbr)oI$bgw-#3j!e9)aGMFvrAME`^+!f$&1>x?tSeCPX%&Ub=Lt
zQxABBeD?OX!3%`J|HsvPhBehi?Yc@=N<gGH5ygTCg7gvrDT;s!h)9V@mEL=ZfYK2V
z5s?y#2uSZzL+=oJhtNAD5K0J1*3SFwea^Y|`N98it+nPHbByP{r*Q@-&-DIX(u8tq
zC7I|^;=2;_GG0Yca93h{P*L`+LM=1>jOrrp^EglX`NvSz^?!ro+riA&uewlVe`uu*
zntVVqsh*$qo_3>kFnGJACgU~xI91lILiAnZU54B)RIe!+84@FrV|wSb-aonjS;fXf
zz5%1KYnBi1GXADFI=D95qL;mai981HEdMuCu$1VCWTA@Q6MGR&#r98Ynr`G48D^H@
z)X0o|&=yY$?iKt`&>?aPsKYY|F3h)N|9guDCJ|U}De@|DFdYRGrntC03eNV8Mf@b=
zerv#YK%Y!{yNIiugCnU3o0kOzFLE>p2y!Td+*U}<?&GD}5fP~~73lE-|Ao5>z=+S}
zsd&RMMQzXfIeXR%FTH=$GjvVyZhu`YSFP$G8PP5}Q`~NUEOd0~G0GGh+QDC{_WTXY
z{cnM3>|K(kWXSXlxrb(rWcWV=5As4r-jfi&VXrljum2=E{P(v0=XHAFOLoot$Hrc%
zc(nTh#;$1k|EA)v*wUE_;^9hVsH_I^NykE8u}tj$qxJp|wr3zis`cy)%Fdv&rj{9>
z!`bjXOQ1zI_M2ja=ZDNW$p;A)?9ISupBnJtPY|1-Sv`2do}q*c_6uIk`tE0NDQzzk
zIMSedG(#-ogE(p#6MEU4j_v=LCn=}2rlVb8!X!1_l%@YHZ2y}wFU{AbiEAQz6;VG~
zou3c$Uzw@^+r?TRUe)EEfwa)wqXf#?{_W|(AOCM5r6&2I1EvqD_Ft32^Hqw;^W(I%
zuu0#hA2pu6H%%Jf{~+i^_T9xpWVQtQ%8tSRZMDCFXMjm4Uf?927ZnBGf|K(%PY%ii
z!-p6HXSvvJd#ZCj(1@+;px#z|&aq+3``)+fKTdlMHA?2RI~_U;D6CUfzOo2+QQ%H?
zD6QV0kssa}FcStTeF~_8Q{<Qa$Jv!T_6!Re_(HhdN+(t>7x^Cvtp9lpv<{V5`r9)r
zYa4O57xIBpo}L2A;Pwp2Y}4S=#V3!cF<jCn>ox8X6K}SIw#j_<_tO6$@Bbu81c4(U
zUbF9itb-zKaSw%ain*+X)oouCqEC&2RP;r5hRM;1fiiOLJCpuDF5)s&8xXpdcKtW-
z97rOGkU24z{cV8!LjI*W4NaAH>mQ~M?td&=rx!F|Yxc@QI`08k7K^!og;soyPD~B(
zDmVD2lQff$d$7rwOBLbTq^o!q(CqsOW`J@1$o5De{Ue!s3Z<jyzfN>xI?p;!W)2l<
zn@PZdUaERV05lG2N8Q`OCV$RtowH4;6SPPacmC_`zQU66^ao@rmMBQZoAdV2`FDDO
z8~=T5|Gk$__lFmB|Ivk`j)Z?>8*A{8BObvr6j?_0s0^HCmA;E00M2}0+#s~ukkwN1
zooVOfP2d<JumxU-LU}#BdXsR*8SVfP+(>xUjZwTp^`-kkyygD|a5wx)l)uawZ+kVV
z;r{xyrDrjnB3EyRKG(9#`fc>dn+As}xN|GO+2~<{9%jm%u(`Qu5;|`xA|i(5#<~_9
z((>=f5jQzDEGgqnMZ`qfk7*z+$HK5>(<#E8&1--VQwPwV<{EWL;y*0Am+Lq1AW!o-
z5KZw|e9-?Pa1Y(S{6gnQ07rNCKL?k~$$tjOsk&(k7Yk##+%JfDmBt`V=a=o@NM;UX
zpiCg>nyeywt8Ot8hZM6?@R;WxBbX4+jZph8|NC2y2%boW{a-xzn*wrvS<CeE9RS>`
zO70LM*9q)WEwHpW1>~W~f77B~xYsa{gt}{1u9pb@<wjss6fC1vUgl^hSA@U0lyk@?
z?(3S847W9LtYl52iQWgJ^*nEWpxN*W6-;}1<KN#8(8tMd9exdI^Jg$(+|VMlN{?y=
zSk?GV>q9PWx0F)gYTb=#>93OHLxGY7rYib}vQtM#NBcigT`Kc3xJwR!D<iO4=Y_rh
zLc`>HFdNp{zoN!C!Gr(diDbkoUs8*tFO<{uU4!pGOJ@5q25Iw*{O;;0XrIRIA=dX$
zp-ekA9BDA=J<nOq+B>JOz6<M$57(NlGa)Jvd|Xn+FrQs-=DjozQ32976X&{#Fz`9U
z9|vMPtoDF*<~);Q)=~zg>VM_*?QhO)fuA?hg#JhFy7r$(%z^Az370q8OGawGhaGV;
zYqdQ{`$)y|-~L}q08U<!XeFqjs?EJXM_s=fDX*veHxMj*?MDet$R_L<?q2|`k!5&q
z2u^l?sQ5Lazx2_$Q2OYNN`iY5Hk_-Ui6}Gy+vF%_24f@M=7+|kAIQJm*ibp)lOvtt
zOR*e{QGSR0?MZ@!im$iw6sq0$+zsAgPbRU3vnjmh%*ZT>EJY*9t`&NYA2TcJzS{iT
zCeBT{MABLE^yqEvy&_3u`H^}wo%ps#KGbk2+*>_NZ(8x%t9@dOSJ<7BE?;@~<&m9J
z2!?WD-n+YaGK={2>l!)4I^COhe0F%&s)rd2Z-WgEA%0~e=Fp9uvmONTH>`Jbs`Pc0
zMF-Rc9uIYk>$eSnY=<g;g#ec4$a)4aNEbl{cwIk_CSZ6rVVpvZzm$9q(!{@7;C2E@
zPIVLP-ZR$8)7LQPWQ0~`9k`W;?|^ymNSDnyUnH`zU)OjI@}*P_XCme_k<TDsX9b><
z;jAOq-I>aU|FVGI=Szh<yub>g@D2ba_*)Q^+i_<6U2#;ZL&+&#qu`L%NF%xO>qj+n
zfED$ZFUCg#`5{4a$6cv=2s8qcgWsHO1L72S=rEDanU!KHwnp+^6C6aJelmzlx;U^U
zx0<VjV|nH(tow@s4?pmnPOqMhXbM~?My$dg&u@0WF>$uO*hj=w&;HAma^~(6eF(84
zQ&pd#$A{e~Q9!9EzWaxX>LSy>4tBN03}}~MSz+6O_V-%Fo;v$cQvcwW`9`A6z!}B3
z&JC_1TsIFuRd*f~pHoeRc(@6xw9#>j_TG1_9DFzTEmzy=Xf1B9zx2-&<hwBQ@I{4h
zk(Mj+{iNSPO+v@Jri$m7_Ggo&5ZDMf{(4Uc$Cdr3X)Fni8<%O@ewa9?>?GK##JwO=
zUm1i7kXWC1E7(;-FHV_!DY}=hPs{NZql3}Z)8EA_f|#oKXPf?FjJ!w-K??his#v=_
zp0U1<OFx+MqDBQ<FT=bp(B7ADqt|+3$qx+4-ip$P9|N)^)1S;vf1kjTYU~bg=Afgx
z_1MVGt;+4vk7G79>+JhQCpM|_U@~>qd%DiCWSjI>wj+n88zGNF$&kQvSldbTc%oU@
z3Hao}fZUM8W|5RK@T*i0EWA;Hg%1;DNd=5aw~{S1+k0TY9y{%bp#~sjmzoE1%ir7O
zP8nWFFNj>{Seql`!DKw^b^&3~f%BuNget+Nwe+pV1@vLW!{d~ssW;@D7cK5{xFus8
zu+st(ISnAsPPfT_cb|((NEHB7&75~7FROHr!_j+>1~XtNO`vcLmiO~BiAq2y=kV;F
zC|UK*0nihk5M(OUwW9rP0NG0Xm0f{Xqzy6yU8$Y12c`Ehusf8`E^P)~_CTsxbQZ}<
zf1K#U!-MJvAEw)emeh5wzxBQTV(6`qp|?E8{l>1$PX<!YjZFpy9To*Ovv2vDm;M`l
z=Q!V%!L2-ieR*~))Bi0y>tkd{J6UB?J!M`S{jhm_89iB$NIZ<2QuuA&#8iEb-SAUd
z{%-K?cM)B)k3=u4`OOv`HeBG_03rv0>Kw-<yL9Hgq(UoCg7X|UF1Qk7m9MwK7DiBi
z#E0i<(eJSv$m+w=SU?3Q@EG%2p-iL;)a`-%S|+F#hL_U&1)IPkq?7=pY$bwt?Xn=h
z$O@vHKOjWs{Mr!rMl0}Z4IrcKx((>C798^?eN%wI2ancGhv%fCs|3S!@Hr#T?AEte
zPj5$EGAY^mJf{-+u=d-?DsS)1k&EGy2S*G!V{Zw8o+lBxEniLHAQPlSX$j5WKjJGM
zA^~hUy$-y&=~4Kf+464waKER-XkWotD{)~W<wMG)9E)~E9{r<lIboixcdvk4ANgX~
zr2Pk`{pEnlFo_ta$)!nZBIJ_tNOB-WaGNE}i+48u<14ck<P#yC@K>u72?)iuAz5sd
z{RwcHl4kCo8}MElcHsT?^>MOqR^-vW0K&}eMNp$-W-Q;CSRUmfEn{SLhfu+-I<rKg
zE$feP#LS=KVzq8QCw?m~CvN@|Ym!fhnbdV}w(d$JWb-if=CXVkrM)?6)1o<UBd|MO
z)CFMV_NDe!c~;!!vo<9`!XEL=y6DQbewE*G?Qf5U%@E+NzY0r9p-rcyQ)ELf6`Fhl
zl;#e<IP>YNDN4d278zT%TOxo@%mwyH0UU1lN5=@iU7aFmI1`=uVC@tHguOd{ws4LJ
z$XigEnvyG({kJLjGl0QYeXEcOkceqlF+1ztr1RK2XA#=-uhp-F^u13<eL<4kmUf?$
zK)k*wWAr9i-Yx4Mud?nP<{)YJ<V~0x!DN*>nTc=KlCVJ?khq$V`OsVgj~@Rh({LE4
zMsS0hL!E{i&riOQkg}_fFK%0z*N~7TWZENou>~ki-HBenK?+M&4mgBF_7p(kr-pTL
zI!m_a)YQR$p4rK6AmJ`kre4KONA@<#C3XbZ0O3NAn70URrQXbfCe^qkmx%X&<H%1d
zUolX_q4GPsq!kY><*)sy1b(0ahtfu8L<8<xIC$mUw#W}_bGk$X%|Ky6neXs0e99fC
zc1GzcP5yIoa&=0nfE2L7mDd&ouDD7{4%bUPj21(9lHQ@nDV}A7^fBW9Cnn(~h7ZHz
zsCE0}$j9B2I-nm5IRTf^$HE3XVNZbswNEvf0ycAqUoe&H8pQwH+2I}^%vKR(S8Ck{
zM1;cqmOq(7VOc%|O6h+`62I%B5;&hmR))>rs=XFW)G2}iV@2d3Q!w40Lb9MRajB~B
zgK`jGh3kr3?>T5k6Z&~wZE30}SVJ8*up58qxT^DRmNgC-jLx~lWbn;^908LthmAe_
zhxvf43$WiZeCNWsgSFVITftK<t%^`RP<_U>6a*rCKfkHaf7#$QGsohAz$B~{xkQ$C
z2$Ny_#kUC!)8^29DG`&mWD%+u=w`AX>+<GQ8%$>m<<?E?(^Woy+BmOoAAX$W(KhmR
z>}(a)UE06+_E|aAkbMkfMpfX(CRpSrkPR>pX|E?1#Q%$QPYb$4QmYf_f(<EdGAOKI
z+W)p0Gm)-z1Cz?3YEj+4e!|kdH8U-?yqMsDLHxX$S)!NK@3l29fQtYr9hd@ol*Ocq
zU0yj=#=+jR#GQebv2niZM@&02^_s?c?R^ZgyQUNh+TOq101@y|z3Cy#eo_iJj)M}&
z>kmx8v3u@U7GmNHjP!->->Ka6pBE|ii02d~U@L+V2T3mhIB4wGRgRlJwQ==l>d>}S
zqyaTv3vMnC62+Iw1NzF#V)1F0cw4DL7>pBF;c*kuLYlE<|1~o|6jcR62|TB*w5(+k
zPLJLcuuanoX};So8bxoR=A8rAdN#}Vebu&Dqn!x2LvjaS;6wGsH7X7Iy-p5|*|eEl
zurcw%cgy%rdf@A9TRu`cX)1|O`V}}J=QU#K_E_thSf0=y{ctZl#i5594y>qg&T^mL
zVQmH-TQX4!gw{~bX@T8s*<u!As4ID#4Soa2ZO&Kjm9;aeh!VPu_CnJ<*^ukLx6Q5i
zcP_tGq_{zV=mHKQ=}D(E4V9v8QG-Shzrnt8il4@+bFRzllcMJryQ^{4iMr>-NkbWw
z0n}K#+xYH-1~gMWQ!r7v2|wLfM~`DuWj|NJmbz66Pk!;fk0a;%&Fj<KFBjV4Tt<H<
zcx{hTE4VzUFghI7@{{wHe-TmGyd}{6fuNh!Bo}@v+!eR)p?LHyG!z29Ke+#i=P*QU
zv?qCE)%q)53$TSlfA9r$SZvV{T*^Vlr(&A`k8jE@dEu*_nP%J%ABAjrWX?%V03Jw%
zIVPpwrEy<8s){tu?UiF@;ss@<BWxjWbMTrdW#}G(9!V`KSccFuYK*C55behakk=37
zj{S33@w=LeZg{4EWIN1An&i@a7-r_Wh)x4y{I~ra#{VTK5imL4G9jlEBS6F^{B#Mh
zgh6>5=H|C0Lp;?kh!`OzM$fKs`z5$5#on17xNs79r%%+Q%eqRyXTsb+1r?D}jfUr=
z6vWHGWHN#`eTg?sa`{;Y?4K^@55TGm$XkS=P1ym)wOo<|0eb)6{52vg$1lJ^h&&di
z#Bu<jfuT*=iPZXJnBSK{wf88KwntejEH3|~*un4PzPE&#^67Pnnz}@_kUrWT*UB;M
zL7>{NukGBEUsZT<n-KlH!a;jrIXNrvGrKU=0EZ?8{rXBhMen_&&mmWi$wH1r?v}&u
zyzAGM{5@;UoBWrCG707pqJ`|?w*TOdEdM~2oPM>RC8dcUyAO|;^JAWotCwrPi|-SL
zo$r3Kv$y76^1*yExgc@`jz(a}$7b|2Ye-HmdA(|Ot%@K`9h@VJElex|tmG~6yz~7`
zax2W6p+r3e%CAoxy&^?FfJtlEck2ME8)zGP@V0<bdZbW>&wmN~>c@>(0(_|AB?z`d
z3%D#6)y4V-qofAapSX)tTwitNi)+EQE%cqE>d4p4L?!)$e3<%7&Rg>nvATKcyAHr@
zSOL|WS--cBJhcQGe+IXZ$`Nh2^YWcl$Q*v^Y!D&Eh`6^gLNB(Y(Dh{IM$xnwm)TL`
zPryqD*u01$hL%@qF0pzsBIHSP&i&q}EupZkoU08$aQI$OiIxd99(8T~0Jfw&1tt+T
z5z~}s;H_1GX@VXcIHc}N)RpUn=x)t%h)rf$o~Qsh#8t5u9^t&av}b#vN#*oA1|-Qc
zq+yIA&FYtbBbHqg_X1_&`Q$aN$%l8Ha)oyCzp<z2&~?o969k&UO?9t!<_1!kE6m*^
z>VE#X*wUOKG5D1<Q9AaqLwKBufUZRBDgclag51GWnGv2iX+xGbZ?MGIP!L^emB`w8
zyXj^0dzw>~sb#u~f6W7kUw;sIMN&7P&jaN;jxO}e=~NLcVlV6quNpa05Rxh5ZMUX-
zv%?TN1|v@sUw~@dO-?+9>RQ}+9+yc^r@Sw8s;OCQ3V5d$NQ%MYa}!|Qx_ndL-X9`J
z7yzAv(2<$x;O9BLo9eh`3sS~$?EN^TF(2rw9r7&)z6ae|^>{8P?L=NAMwV<*t3cr(
zNr0SU=Ewjsv(+G*$#C;!aK6Ch&6%k}1z@fg)!HpTe2egNp}`orcx<`R7Uy?aS*eO@
z|As04k?r&p1hzUQ*7UgT>Y-n@Cco-?GBrjiPk0sv=mSnPb-3E@u$leZMV0I`-oane
zl{(ThoHso7-cO^$`NNV$TLAo7IMKX@u6ge2#qk(2%cN);;J!ri+(Np&r9A~3?Qzti
zo#{7`RUZ?dPu?d=e)YRi31<fi3J>o%|ArMelNyB2!9=kT#1YP9jk-_-P*r+zc9ksV
z>;$MFgygh0$Kfe2bqIBW=HeY>q5aD%6N=(iG)Gxl{^nc3Lo4FjgbO2s7~E!^TU(P$
zCyZ=3>y}BOfj~vRt0p^|CkydQmD!Ze2^{tnlCRvEvNFV3bY`)=FVv!E_+fo`{kiaR
zXGJeNrTJHXF~qZg4dc89!oh5{!W&mH_qz`g7-68IwZ_X#ciYIC!sRv>rv|6m>irtj
zWbI7q<8#Z4m1r@et8moCy#H=-5nnUwBr{4YL)M}~r-fV;G7kURfhjXI>}MStwdCV4
z2mzYan}q<6V_CD4xxwd86Q)Hm#5OlgMeBByYfdbNc+SWCd5-FGtpwGaa&;USPla-(
z7gMr|H)aC@S$!LdYinvus;X(GkKB(sdU49D;fsj%Lr8>+uT$l|cZ+b@fQ4#Ufp6r8
z$$^wN2Bwbb-gDG&UArrx7FkUfix;Ph4d~qWWAxvbeT#N*F0~6a;&j+20?f+!w;K1&
z$W@AtDwrd{I^p#X0oaONJEIJhxp&nYaq0d~$$DTKbIkrkC+^QeTrRi<>PM&)^vjGB
zt(ons2^p)q9D@}Te}g7%l0(1QUz}#^rQSfuQL`VGK;8O=_ndR+x8JavoqM|l5KHZ5
zuCGWlh5aa(?i!2>nz%`%f-B$U!o`;Fd@zxvnyqoz#N2sL5Dr%6SiMMdwB&6+CM!Ss
zov5exXKShzhfz<Lu<ch8i&lV{0Qx6|Q3q()li$<~d;X3LRBRoZ0tr9j4}KiHj6XPd
z{G^;sh50EnL*LhK4fU6f>Kzmeze#ZPFQv_c0L5fd6S^M_tMx_71t2q|L~L}5ex~~t
z-8n%J&an-NdP<%4h2~B5g>MTKkLQ-<z4o{tjnzWOK;UVbUzzrP4{#i#s9Q4j<wnBI
zhFxG@_wnX65^VgH@xtw7Q%Bh%;+AEa|CRs;hx?bUT5=%16IyY=dbZ91$xVcT2G3x~
zaF6BoI^i)0^zcgnhq2;v2kU%+V>anXG7zUxu&M<8wtQz5UIe26#QwypIxO7THGL#a
zttVfenae?7k-si`@b(PtP*VPdkXnk^mUbqz_Fc6wUygIx4L$}p<tcM4bzdOtb#4Q1
zOfhZAw{Z1M2%O2zsxBX6P+bMvSs_4OMtc>4-}~18&@IoE5Iw|0aBSb)s?-yem*fIg
zI<;Cq`Uk}o8r0QaV9!ts)LXHt9A;J@&!=D&i^q*D%9I4GKq@LdJOjKNBN=>{tgeSZ
z*u>6NMl*s~_`Yy#mAWlm^W1-!QB3ZUw0x%`#wjpCp<P^01D)L9u*2M@<f}mA`H^Mj
zTf1X{yP>!4bud1E4bWq%xx9zuHYNDecir8aahq`1@}l3F((7l}4$X@HUTo}^M&g`p
z_UVY|_gip2s7O;`q&GY3Kc%g6^avJQC&?LJ@)QY=DB687d^UnbH=SjC9$oSutm>A|
ze%QD~aeNJb+eEt7yZD%Xb>pkqcYQZ8z#d{s`U*bq{ffVPeR~%%Pt#R?k|tS%O`{}I
z0@Z@|mG^8On798+iI)6HKXNB-{Xzc&#emIXpZN`V&?$yOu%nNYK=|HtDIMBnZ2Qv@
zdT~;F5PF8vtj&iuJ7yw|pJzpjxheRN_LWI?#V7lp%|oVkN3!5K$t!rV@vOcI-lWcS
zjzhgo^};;`bmOl72iM|ve4!#`JnabL1h@bX^u|cuk+5+jo!j0qr2=F(KzZrj@+hAM
z5Eyqi7_d%;I9D_<EfP9??>dGO)`judz^<f3J;f0`YRa)Kh)L`P@3$`S_8EOb@?+xa
zyv+CH#(2R#vrbuW)z%R9Ivgn=h?f;4*8Cj{EqIBq#7%UXs=RN~_`C|@k*T+g0}mzr
z`|~+gr<Ap`=`dVp^1uLtWi1y|gD-)29}g72E0=gg>ew#zFxR_rd&hg@^6q4DPSv7T
zA|kDhQyYnBnf-kzK9EiUB(96G5km=g&Jgo;*ni~abKLpNvw=8L)uE=mC=+-Xc-aje
zV@(SUQg%<LR64vZzeP^{-<Hrx5p2wer+g_vx=d>Afdo@@XD1ImB4(cBjARRn{9v(j
zooSPJllN3`x%gy{pL*H|(;nX6-J%P)=I&T7$<_^9VXMa9n>@<Ift!$Am^CME3Ne(G
z5-_~aQSaQC*Vp}(Yg1WGI=AqJZL9tujIBwaB}}Z&W8H=+K=~xi+JkaCSMR6g-gLEO
zI)OgpCO|);{7$tgh;%O6H8BWw^0rO)`qQuyB@#aq(uF*8Y`(}CF?gLc09=B=H9)Rf
ze_%m&zW1>P%aEKmUPf6TsB06?8#avj#TErWAB5}hxRsEk)(M(kc7d|Q0m*sPKpes*
z1G`L%2`=xugr;u3`k5p~pxpnqj^h23bo7hD(DnC4=;5hq*KD*{eak4MG|vUvTL0YZ
zi~KdnO&qNR@FJ{~flvFUCO=<O`8U$R+`&g~@~5~--lf898Wv~;0(*XbA2Tz}kB<fY
z(r^B9un_Y#Dh_-R3gd(^{RZx=mdaBA+NhVKj9k*gL1(*?Elq?K?aV}t24$#=hs?^r
z!@7@?RY`N0b6X9QRz&_V^+0LT&b#Y$IEAxE?!^N(q~^%7t6JZk_(W{a5nM9hn+jo*
za1OIT7B4faS3?d{CDrGzePvQe_6=zwLkf^xCOiwepYCLqtP@P{G0ueDCkbc)b3B0)
z=`2Jk65KNipU@uP>Hj6@SjM<b-s_;PY54x8wDW9-|9UbNz;>wgam9DdU&h^Rfk?U#
zkOtM$)sbQyVc&Me5IAmme^G&Ov2$cfsMr1dsGgz^2bNvZb8xL2t24}-h&6JB{k0l<
zz^0f*2a9FgHO@O=22G5_(-uzcoZktY_|*l(oWz}y=VI!-+mF3IOgOCal`%Z0!RjR`
z{P092n|qflP~%A|U5!ZTKpU)kG3^;`vv0Qlx5GFzaJ>hPOn*Tf^{ciw@L+ScYU(AF
zdfYjFe_eGzXwm=!qV;GsEbfdlYYjsBo>mg%mq55YzsRnuxkr%N4D7-(YH_LiEa0mu
z%+C3kWwl)wAGOFT^7;^hIpYAF7p$gBb=gBuu0Kjr;=vPcm!bCK`4%NNhQ@z|O1rpM
zUW6PfqyYAtejH^%K=Q^^5o)T$(k03*=A>aZVFc%KgD56~gY?x0a16~!BZiV#-?6(>
zzZLn&cnsN?0?!a;$G}UFzXs1_e7BzDXu%hW3;kk<n{KTBr!%z>F}#)E?9a}H`J&s{
zKIF1jeyC~>q(qTBPt0{QZLs+|-ddE{gRvx*$>29XWOxZ;iz+j<rA>UcnyN{Tc)Dig
z5W+n+7}DffCy4Ovww&<G&(UiT#bLaDta-QjuMMa0P~dXVe!bV;UBMHeV$bqE_T^tv
zEkk?ILmZKg<wEkHtqiUTJTR~5Sw|*M4F>JG`E2g{{8@vg`|qXN6Ne1>eXmAbn*dzm
zV4C*{j&fR^ke|@_V(_(c#I?mQhcc_AJ0Y|rZLG~GSfBLO;5-fqyETz=1fKzj1CR9q
z>&HOfIFPc6TIL5l?y`Y-Uia0z*iYLO&~$G24?s>@P{W_wn{PME&VApTF3-{H)az)@
z9f}ifl~#K;-l^>_+OyJW!fII<8}}gQ!%>-D$=o~U@Y0I=R;6KQ#6fwlpPAl2g6~C(
z82t%xYN26%6Bl#|@%AvAGqB6#HYF{CS5v^5XB~EfLI(u-?E9frRmQpksT|J)`+L`<
z<}v?7x>+-Y@6-IwR~OQjJ^aJ4h+NVOS(T?cG3_V_q4ZyNeyXB%$V6#`lKR1IEtMud
z**k?n#QK9d7laq%j?CfX%P%uw*woazu2`P>y_)wN_4Y5`^uhMS7`R%qU5cO21-Rjp
z@0mpnjy%*2GiexImihTTU%>C}NOqxBFYwQzJ^a>EG$~px)di~ut|LQsmRs@BbQ~u|
zOO0EtYIjBc1<O4aVFJ%jig@3Sueq<)*_Sddl2NU0lt%J*c>=T^eBm&sx-KEC!qP`!
z%>iB_{}!HxE?+|bOKXrJ%{h64N6!xnwi{!h*8;+ApJ61wfkSh-?=dgIV=Y5RL;J3D
z>?AZW93hxC69i_S)SuQnEO1M6D0uIEj|aZpE)CBJEx1?z3E_J<mXV>8W&6gd5d*@P
zzHRPf6x_F?FfvaF^u9gujzmFSWZDAx%Ki;0B~X$z4&H|R_2imr3b17l!6>OnhO4#O
z$hfw=Uu>_V`ga-D8!`G>*g5KJeaykfV;EURJ9?8L6ByC7U3VPcyqnK)lV1gP0&X>K
zI{M;?Q6uhv5{323c4!$nSNzM%Q+RT;eM@%O6%T)>D*D~89bKaDn6ZVczuO2pXv7ZX
z9Xuvh9<UxRYx?Y;Otpl^rQaM<tNa{gcIEfjlXHnIVj%a>5L?GfDOjuN)dOjv$?d#!
zn}2&YmLA9Xk4lWt=A2AV=N}xLIn9|CzS&=>J>LCC5U>NHS4&U3*2R<_R$*aJfM1LI
zA&a^GT&GF)k5fn*nryOExWQBzx7diP3PvqMHYclyAhj@t98`&<_+^-!;ftS7?BDk&
zG5c*V&?>=2KnNvZqU+8E_@lqFE=&r0S2~|t#(wG7V~3b#6}_jbVq8R~yxc?1)J6YI
zr&p<A7z(5gL<o*wEK{-cpokblSay4-C7FOMaWdwR@Nj=6X_E1pAk9@Xd68*`>onlY
zQDPKL-Cc_$N_>64nAjeA`*vSYvqfkx3N|bzv0_IkqX>Tj+dj`~52Jd`NlaG!V%|nK
z${=q&5?1zbiTrfu8Tl0z?eh?3e;8Ju*OqMMS{g(Ej8{q_JufhqHGCHstwxN@Rst+>
z8D>0d+&MW$h;yc95Pw+vx8rKuQa?vic0_8nTVg=1Uc*?m6RJy^H&$;8mEJ(|jw>Ir
z-WG|4U60*@#}2k>V4AqZ<JeJN>Vyedg|AiJWP6tGxCV+;<u;2gl<|KyL=`DLQbn!z
zz>|EKT2`{VJ_eT9Iz@wkDDw?BNnfT_5=V?C>g}zuDF{?2^;c)=H>MyvNDH_J#!LF=
zma{Oy*$aW5FisU3x$N|<ysNV7dpkY9^Vhht=E4n&+$v?=V%-v(o#(I|)fQ_S@W6cj
z@k{%${d~*%@)l3)RiX<uO;vB=pAQCv!CB6wWGf+`>EYHl$x4|SoqD33bxWFSxmOIM
z5;9!mK>^HNXRNv4O=S688*nVCD}!@)=2h}fYbZ8CMkEh8U09|%EL5a#BdJRMCiqX(
zVjsbb8-EUPeB$IyuS<UcQ{t6#|4G(pz$~Xx!NCo}G|#?<yc)~aX3<e{5%Q=1?Xn$|
zdVz+aBnT5g(fg<HrV*6U?d;q`#G|V3%40T-8v+)jf=6bS)1?R!chkl;?CvVOqLAT<
z-t~tuV;V0=Ys~iUZ;swc1oQ+`DY0a&2V-THH~@R=?2zTUAooa;`%SwJ-a;;HQjSwb
zCuI`(4nCrcGcR$gI1}tgOVD0)4ds#d95!Fld>kS}iDz^#g!rlqo8FWBq=9zp?x&D9
zKe`<soZK=+usxwK%t<9>3Am&nH^r8sHPE<oMeKr<?8lTM|Le~Gg3o8lTCbdQm`j7z
zK+;aL9Y~)9a8u>VdD4JSc!8m*0q-h;$o|xsmT0LHyL91`RxD*d`PTy7eFE8n1%r_f
zEHgT}I#o#2Kz`AdB)<3<J2H@}4zvL1VOz^wq<F_3V^BV1pM^g5`eavr*2v(~4rOW@
zCe9Auxqc+_CcdBfyd!YZQ2)>CMCY(GB@(SX@Zta#83A3oBeC%G#<+JVEiu~s)wE8E
zd~c8*JSf>=s;0XC2l1|}rQ>qRO&fs#$C6YzR?El|s?qY&dl(tdyZm{uCnGx}ag<B2
zq`stir=|eT;RK;>*A6NN{=am`$!dSCAXDFN>*dsvs?a+w{mEij>SA&)VTX%+`|I;>
zFez<<*z4n~VCSQN;Ts#;O<disn6H!*fzRrDSJ@2trT$9n?~j)^^{Ywey{FQbi?x2I
zO%}fqm8eOyvj7FDmryGmY_D;Q9xA7ivLBB7fR7X4PyR`&4zgky$#8amk}BJa=3scw
zKa&?X$ydipMD?FgxTZOaQQ_p-t<H~Z89pm9r)QJ${NI$m8*~AI4FQM6#sUaJ8>XS9
ztuf&ug-#e*K<G93m+W|jqsdkAkDUG^LnP*FGP&-6OnoA4%@}SOhk_#LzKaQcGA0mS
z?0)>JSKdEcF_(4`F8-$<w<Fe<w}jYv{sngYnj#-()I^ig`os`@YZvUm8kYe*m6Hja
z)<W6z8Q%|5xJg9|-ak9uUtW7@n=~A>fA-*Q*{AAtPdB0YNtuSe@6D}VyCr@O%6d6;
z&AfG0sCZ6+Pr18KwgoWg`P}G29sgs9>-~Z^#Xm}4z=X2<S=8kXabRWJj8ti&w~Dr+
zn7#(q;nc}-0WMAYD9|-q;03#iCol00Z5vapv7}mUSdAL&rdlxRs&k6c#iQfR2Qa<k
zmA|UegLD218i_t0X`ha{pzX6r2p)CV&Ec8*9Q7Xez_{W%Ez5>Q{Y}Cbh!IBQQ>bnl
zz@10iMk~j)_52Sk#SZZh{8cauxKeVehR*?YBCO5}!_@YRmFi8Pw@byGbcR842RiA}
zTzASSiiEuDb!C(8Zgu^1k05|9;E^X}w{cQu88GDy0V7t4E;An5j)72ImgcCPPKqq)
z7qCHzmW#2iwVc-LgoRF3Q+nCDts5f(d=0LbPz@hrKn8&SpWH$4o=*&L8J3u%Wm9xT
zlasJlcT^`CIbCZ&5Gak$S5N*v2?P;VkCHQzQ*gFN<Z@1b5S-Wzf1Dn?BinWiu>rtk
z=e3?z!T@N2<Y39Ta9f|$NchOF+CfSQddGc_Wl-Hy4G2fSdpRAH<S7Yi)H~yUEua44
zY97<ZN5#9(JCP38-)Cv56i(ldvR`SwUk&kwBy~D(Ie7LzH%`eHEHc_#=)mUlJ5QCE
z^m}d32fHk`R1w7#&GcKuybT}8WPHh33ZOcBA2Ykn*c669fM0I%IK1Ksg%IwmUtk}e
zMa*=hEF0NX%<;k64hggEe}<W|g;KAXY1}#xTq*6@i<GdUD747=!#>DXH$U5SnqUF`
z{g5@VJ#r)YAvBan(Kmh>k@}_Z=F=qQ3o7Y@B>R&oQN;3zdHB}to8KtP{bp<>IW1-B
zo#Idredez;c6+D?Ja!%*AYzE1E{UkO*H1*#(uLVGd=~3|BL-HaEgmQ(+$CD!#URbs
z)E@Jse_w|~#5<QRR2~#Rdvjj{whWgtdE<jBN@16~jf<Lo{rNjaroGJfj|eq!T}s)i
z=LX6fXX7b&wfu&YVQ7%0WRuNc{nMu`6S*`yHrE0j6wU}9A{Oc^$5W|tvXU3eng>FC
z*U<<01Q*}cO>o$kd#`@IQ91+Ps;`AM482khcrbg+uAc6e9<b=AffNXu|I89MzB%H*
zuoidq%@bsn<57NO2u!ML;E;6*9^`>Fy2){!&xaym=tE{qNfc>b>-gVNVGIt^=<5dX
z%Xn&|dw+fi-0VUr_)Px+G;sVFm&FP>9u_H`hesQO4j9AD$>O=aj68&pz56|y8U=>t
zcYX#xa^{uJke+gt7ZKTeY2g7MRO~wXE!veMJ}*>B%lqWwDVgNHwSPjay-MNnlpKa=
z%p1-=j>f^$dve41n^DK#lY+y(0fh6Hff5=TEo)_?&3rUF`J~Wg#LXXr;?#T;fl{al
z?pdwQzo{_aIi$Cw%|KN}y_+~u?}SdH1zt*u!o;=Leq(VBK-%@ghi_b=0=*tVai^&Q
zlg0XTUOR1FWK_1R#asHOC!Yo`w{LzajCo)1JQ<Z&VZNra@ziDcP=xqbV^IDNj8Pg^
zqKee}^}F&_9fO`2F#CyNYlrkCrmrwW^4Vt?*>Gbzwh`<10-PJO2H8~DY<u+N=u9S6
zluzEfRmHZc)#${Cxm?+=Li$rW*C?XvCHoYNPodh!Yj;Y}>)@<JISf{<aEy2w`Y$W?
z=ll5Y<sP@gltqd-J{))ZZ`cepF5HZxf*dCYz1mS%Kcm6Jz64jj3jH%~!MxwR(@)o|
zl%qP*^Sr>lS>#u#g8wttJZuDkjUW*DQ@ZJTYpoIPp(T1LxSbWpA=C7DayB1&0w1ZA
zFImQ|>Sa2ENzyhkbNP=G4X&+~8f?FI{Lt=W$bhwu7?<_F$ufC$^jdSZ{rK&h&tClt
zB8a@Mib$3B`al7bf@>OZZ`0k^hmJn;n7N^IY1O>&$KZ0n+O2Lh;?dDvd1;O=#{?IJ
zkM|Y4cUC4#%>+hh<r-eEK4yWk1O_K&C~?cRH-F4LvAx0cw(w0!h4&TB*hHVf#?UPU
z{k5~-KAk|(pX6g__KLcvVbH}$EDGD*V=cadnV^vp?}1#LI+=xrors21n5T!Gj{bZk
zG%sZZVj(pJoNUgcj3S-&f6%8{*tvw#=(ti4hMK4T>W`&$w&5z%J$x!zPl|=N0Z^nl
z*@Y1b<*+kLHVuqySf4C8C7KS>$0rNi5_`H-xbKhTW(wr0q?P=7FM6<%+9Ue{k0B!a
zu&STL&Y1xLs8vm>-_*jrLu9vX!`e3W=>V_Qo08K@LQ5f~B%|`z)G<;`MJnxKUtN((
zXMw7>JUy-%gG)X=oU3v2nsENBZbMVCh{^anVts<Clfjz^-Fkv=i`GDvr0?b3*Z+}~
z=1voNjO>0oP&4uN_pG0~0NEt`F$U|dQNu{8JQuJ%-Vkb&6R~uA(#88}sqTI5axx8y
zId&V~w2b=8hG!M>i3h7YM>$Jeze+kq)Hdky)yG?Wgi^dMUon!9;pss?sId?Ye|ZQ4
zg@vFZqjGL%C<cxwE{n=dyRwORCpFzsi%YvTaF}q>;Im(T*C=5;LaT}Brx)hf{tEre
zoO{r+lqaY&zk*&6i@l8kcybh^AXjlBJQ0IFb#9A(o9`9R+|4kz!0cCknT_Aed%#Dz
z>}SWxS#$|C%N~*bL|o<C-`2~tv<vTwoQ`Gn_#4a4vyEy9&7zssaP5qs*#+hF!3)>R
z2*ce}GyNF+<>up2-3>zB(MAovDiT$0X<K0#xO1o<nvM5Mj|L|YX6OT!5$b!|KA)qn
zddGKm@cu4h(pyy_j)WE(nRs0WLQ`P)Q}scbKk9p8tqI`{;`MKIJ5)#%B-KB5EM40l
zSs9xVdaDL0m{`mdaeLVPz_crz*a1AjBi>WHMh>w%Z*hsUr4y!CEB7zLkl=2?LeOrB
z&glncu4Vhuf^9+``WxBg*pTY?2>)68cuMhE$SPyC7+&6&eM^jx3lY}gPJSbp<dlb^
z>DK5?KQ4_S6&e*ue=7)TZ9D)^)h`Q$&-yHk1wH_E=@0I!E4L<i{Hma(ez)5cx(%bK
zkRgz5ey&kignIwR)2Eum2)WNog>G{}s9$!8-1TeQ)(1=*H0I3_xaOVbr}Unl0-Y@o
zxWbm^%v+zoOhhqWT85T;GchNGrM@WrLFm~~hv1_kk1E}hU6&-N#R>iP7Fr}*`2GX4
zsFQ|`20Y7T!8?Q`nk8^Bz}_ysFG%f^01lmnmAL{7cqPjAfdp>_M^$eX1)v3^>BIam
z$!a0Idj?&+%x&{;KYhc)?#;@L&-MyMtZuIRH8x(}l&QEfIj&5(KR_20lJXZ4l3k-d
zSS1iR)x<739J(Taic<l-i&u`TS-!D9a;>`JXJYhrD;<pMv?;W73d{|A440{^saF!8
zLyr(1(4dY-eJ7dcS>qwH^(wn7Aw_xAkQoSBT^WRI9R=T*W6Q(8lPYY0{NypZ^8wXP
zrS%z+y}Y^X>Bnn~GVfZh0DVoaAAfw3<Ho8n=Og#4=br1-kkXz5uWhLVVWN3Zqk_Nl
z97f(gzE<kzy?8MU!Ax{m5%N|IE^zbR`zfR}Rc}Q1hB8IH)qH|-10z(!`^zWTIL`C9
zR-mzPKxg$%8*Q&Z(ml!8eTOo%FphhwO4H`T`F=LNtPupt=4k=`EdNwbPG`@;+|{%d
zld(1W*(-diP=)l@u(J$RsZhEs>kH-T|K{4omAA|+ouW*K?)@YlalT`Zch$hrzc&T;
zN(oa1MyYgorZE4RiX_M4k58!XP69tP!l1b;@L<+=5=3fP?-;$4>31P4AG!aZ?W_7S
zxjGf@wKGA*@A1m{yGW?eWsgb&BGNpfl|#wPSSj#N2uvJT*e1k98hPFcGroPc$)39c
zc^JhrbCwKf%9B*5N<zN_F9>mt=b%0CTVirA@PZ`Jizk<hLRYPJfY4t6-$SBL6}b}q
zGYB>)fJb7~qaW;1l4^mf&f>nOtcp6jRpqDz16>56v6GQoE;f9`aw4DKK555!)Q7Wl
z@Lv%j86&ROV&v9pq;UL@1HQeic{1}sJer<H*zi@@mA^4T1xt`lRcN-KYhn#@-+fFN
zwaor7aFnk<q@YhH>Ftw6$0hRRPq(K^ffi4UE%-EEVgGpS?F*9bQxmZEda?JLVsF-h
zIG0BT9AfWQx?-?2=LVQ!cfm>!q152>k-<&SJ$sf52sDui_?kY8r+cZ0tG*&|#|uS*
zntnN2cPw8hGN#YFzWz7=3d?b^N$unMV+%<j*U0>tCZO4>_o@q#s8OjWh6w<mp)h^J
z*NMUKEkuMJ!Oc=Ujp`E%@x<dA4U-e|{zd~X)3Z(<rA=dzdkb~EYJ<)!BY#_B05(3u
zX}h9xQdj+Iu{klDLvJ?TE{6pgw+qe`*zW41fXd8Jz5B*}Oy7=hOQcDgnd;*fZG;4!
z8}8(UP{t#kFa^Ip%h#m2!lh_f@LFG_Z$%RWzP#GGBuF${?!TH!fK_d*_GB`2K7Cwm
z!hyNN;^%)mObD2(lUei)t+HoPn$cRUy5etN$<RgDd<Z(9w?CQ@I1fxVlB4A#oxIQb
zi`El_lTGA#q$<+c)*fw>X{GUe?b)Tp0OS(t^JYD+WVb*)dI9HlG`<;r0uw4rau|(~
z1d(~}Rn7J16CdJoB;Kfvp3#vW`F(ZM6N8Sra^4^n`;R=oGX^|=J+GT_lahOB#xzBB
zZ8(vh!{lnq{ilX~oFe$9OTY!o$CdN)a3T4(cSRCuUC2l;H%^>a+0mVP<`xf~KooQ5
zU1ClQ73u9r<NxCV;FDi^FL<e*DFm4PmkM;4Cc>O{^wPv<PI!iCDc@Z&+#;9Ns4XyS
z=w9TV4670S*)1kK`sD?@7Zg7_o%j^{@`+X#PGD(nm9hiDq=6VRYfR`92tGQq2uBG(
z-|$2KcuSMd3%pR8&|KuZYUf~_tqP=9_B=|~789Mbc}EKw`hCrM=lizva$@wn+wa>Y
zui2Df*uhD_Jm`?k(+`#iUM|hC=Jz`m)V8kM?iLv2{5?J}``B^xyX4nga8|<mlY_y4
z1QI=sxmO$wqg#h6r28aJea|E;2^}%*@?DU~nh-u-I4G36QcM4H6p;laH7?8F)J)(b
z=^M=7$kuDd?}#vXpGQ33SuY{h%FG6dwg<J_7zlR#^{U4O(GiU7$-|=iJG+@B<i|fY
zm=bILVfCfEsOGKQKoAa@QS62_(6%gmoc1UA6HLFl@1Q0_DW+79g$Q<T6hH^Ej!aQr
zaHBdAHahP(gW3?!gpPGg@Cso6vjciDbNWovgq!N~Rty(yo-#v}V}DQ<DT)TRCp(5_
z99B{ysWV{UIJ(fdu*B*3S;<-^uE!G8c9t{vs2GO2>@51xTMGQ~_hA;BEw_F_*MM^E
zGjl~HFREaPNX};kwnu9p2kyjITE=-L6&gsKUw3p`J41utLh2%3l6iU=&yM$nu=X%U
z8&2F+vxlUU{kc>jg_4@X?jdE(3<Fpic_<Q($d`K);0~M_zo#)C;Sn)-6uKEgjdh)u
zA6i2BpoyHJ{H|Uz274WUvR{uc8q~e}Kp-crj1SUa#Qw$IAZ@+u@5)^k`%hD`c4LMe
zB|-X5(%)gvuE0irYndA`D?0K9T=x@%;-2;Nli`sE?O(R_tQnTRjm>sMZt3BhxAhhq
zd?umJBP*T1`J398O3hEMb^Q(2_-RGJt}a#ljMb4E;yE>%^_kdDS?@+Pa%QqC%OOX{
zMAU*M*l;%kWaV=&HKw_ARovlF{-O;3z6GOI1@cvuTj0CFw6=AybfOr;B%*<TAt1#A
z&U>jk#dKw-FjjA(mmfn<<2#}~)%q1Sm3Y|>hY=kAlz}7AZ{1cp%(dRwUO-FxEFem&
zNw#4`jlpY}A{N?5z$^AB&7XR>psL=DVR%ulfM8?a_ggs#yR$y+(mHb}{ukkP9Qcb?
ztg>a7XCm0z8u#=SeAohV1c?}5mUR6wLa5XcSzPtac;XTFGY<jP^ih=GR2h1t+`b_y
z@xAdPV?${One6W=gOi4E?_T&w5S}Fp|5Quv5@<RL+h`a-Hg^xNZZ?4N1EL=?uRbM!
zFd$FjSk=8_hp|zog^CHo64Qw(j#zN-QK@HZ7cE0Ws%!o>$|X}B`L|f-m-yE#Bo#1`
z3~4XVE4@?FlVh{<x{0<0_+Vu5#In(lO``sVWuw^*rF<{Lq`ngMejCN!6-Tp)IAt0l
zB`I7U`2K!PfhJrQ->?L#dLdJIDfy{K2D^3OPYE5uKnQF1L!XOrg~(|$J3Eor`nG2M
zvLwmv-wqQc;lYj^Qtqz|C4et+BayUjFMIJauY#)|{(TSzt00*8ZNbo#XVW9E@S>{|
zsV;=6Cj6|!Mq0LI&M9p(?+tQKBC5iws7&jSV=o|$6jEB*bLSC)J>&VAlJ&~<TGtVM
zX~^G!`nOnzWkl2qE=oL;ZjPw+rXnd{VSP=%D7KHgoPyHlA;T;;Q2%W~cdF43n-Y4j
z?=8m@CN*GAfKdG66W0jj2vzSTQftk#YMRUa2Vju968BWY=oTP6l~9?w_1OA8wukzo
zJ5-X!_N0Jp37<JhH1)_`fh{Wf&5!jjQJ#Q!W$EsKCHe&)7m&4kUkU={7^1E_cgdfS
z2b@)Bs(=w6bQ-2rqz}p=^a@%QRI~aC{%gH?`sKQKCv5u1lQI|(RAPEAq4?S#m!Gcq
zrsjwAh;rygPpO?!@l~dmB*{^*1*z7nAI+QRn<(`lhh)ogA-j2{x$8^805Zdh&-KCX
zr@kV}chz<l1lXZEF4-Aj3tDY&uMxPp8Qi>dxEO%uAsH5yWi-bgUjCq%OJttx<Z9Im
z$C_h|9{U%|M@<70613Fkk`*KVP+hq44BNxk)6mmx+k=hNnbMcgo^8ijzuAJ>+N|^#
zOP9(Zqkz8>h?>fkdj;gl@3t5}zZKBXxV3(~`s`C!24`=c4%Xis^S2yCW;Rl&iRb;u
zExnB?@A>G<>hJ}QZON-5`D-UKDA&?N^&QcQvp}^CDIw4aZY40X3$AGlzIB?5uMj(t
zzIZ+U%8<sl>*EP{zaiEVrDL=OyLYzhYhHcdbK6biR!c&-SNHUzEu|~9Ry<`ja32Sm
zP*^*xZ`RZUUv=-`>8YuA#UD;(&s#IHZ(dH1LC{xW0r0p>-~}Da-<P(s#gFwS0MQWh
z3pPx(sh|3AWgJ)2H8c#VsCl21R=3a&x`-eeV5Io%m9pe|`J$#lj4`dHM#<xVY&tz{
zF=}incLdBvpmH8f3}=A}B`yb8wIy2sG1|*K1vtd{t#1iWTCN}K<pR({Ay!y5@#Pwz
zwMpilQwYfKurR7|qYp7J^UA(9p%29>0iJS40tgF#(u~8wGo3bYsd9kUBcQKU@pA-G
za-1>6yQgPJB9_Eap9#*95Ya1+=>4g*me*$|R7zQZgORMGc_J(z>rx|c_)eeW_~hl!
zME6sPr|Nf|PRRFt%MtGo@}-(NKN0(B+F)K@**&ieUpAZG#wzMiLs*nojkgM-x&`2x
z_QeWRQkP+~$M+5@`o$_MEmLJ&tZ`eWGEU=Sf$q&ospQ1efrX;=DyBPzYx_B&;j{X5
zuLAz%VRDw;s1<4`EcTbj<U<-$)Qffm<wp=t&&!UGeC05xl4N}_;^we(k-L!X;lAta
zjUQR&p4Ls)JhCfkL$3%#&_QSdh9gMtp?_Q7;3cph#qJRS*=C$4<P>VQZ#SM_(8Sga
zVf$#Qb<eUBu+4~kT~_%^+E4rmVL7+G7nV!I#3M{eb3f@~hhbfB`=5wPGNKmkDfM^K
z-Ncx#(0JC9y@_q%4;|j=cQC7SJq77h?Tc4#JlOF1mRR70#rON+tgWYD;AXTM>uX(L
z4VAO9Dl6$fw5KU9yyohl+?F}78)lmz+(Zxw(b)e+h|CZQj|=n8&f?A<&CZ3cr>U)Z
zupITq255zz4GUrPkhtR07<PaJt<K$Wp8hnLkKyMj)%!3#>~$6su%PzaJNgV!{?z+N
zi<TXYsyb=sc?jw=qpe(wqu}52=beAKMp28}D=>Zu;Rj~*J%6hWvaC!a+Cj(3p`i><
z>m3taclNh2h}Ewjy-E1I-O0);Gm|^aq~|K8C4t66ZJ{7W?!>G3J6aU`zTS#q#WNoK
z%e(`7zt=)R`wBct`mHi8*(oKr2v9Yx&Nyse<9QqxNy%l`DV5!DdcLvP2(+qxvQs^r
z2p$6mG(^d~aV>2+mH(J=fx$0t!zK?RP<Z}LL^3P0RyN{g)GjzlftgUvGExvtZWIdN
zD8NN-RFi@@m(SW>niX8b$MhuHPuSz{^1Unmj+F5INO3IKrLkQpPWoRoon=^5?HBGv
z6!fJ;L_kVFLAs<QMx+!Fq(y{L8tIZ|1e6Yu&XMjesTq)N>1ODT0R|YR_L={=&iOK*
z=i1k^pS{+-?)$es8f%XCO+fwroooNG>yJ7W{0mU;UH?sK9#cSkvU%~yq@+%Nk9p}a
zr&^CW6ONvhc-=8v^+sRdZOO-%)RT%w1jqHyO8On|zN13{Mho6MI=he~Sr-rWkQd3h
z^?~ir)dc7xCc(5<+VPQK<Wc$R7XM^t(^q6QRqX4xb1x0}#xqRnt?Qgac9@Y3X&}E*
zC6*%H$BuGhFL4pbIOVx?#;~yi>?V-UyU}r_Zm^YYd|A${So*1fD+xFM$If>kUhK@N
zHdQWt7gGA^IVzFX1fw#qypHtL)UrYou11M><nBR*vW@G22;?>@dBqTpH?@<^`^q5r
zw|C>Y^EcD)qF;k0O?iuaRi;els>=-9)5nc`jn$U!022iR)He_Ym0n=UJn)$ory}tE
zRC}Hz`sC4Uv98S*@{s-wMq$f;kwXBhm*y63UPC78N^iE->fjcB(fqw_bdX|(pJ1xZ
zoX_f)yGSCz@Q5t~Uo9gzpqS5bW|`vhk6u(8DQ||ke;UK=isp0S)Hyrfrn@`l7g>%#
zby-In$CYt!%$F%24E-rW4JGjzbbF&(RP^_nk;4B~#eoR#d3Z==ns1@ihhF&9W)kzl
zpPqk+P~<_u{}9IGU*#sO)cKHXyno_79;T*g95|)bzF4N_eDx@FBI6%az5vu*YE<S(
z)&#?+AznjZm`AZ3V(MoicY!wLd||WP!1}Pj=fkx(-?#EIqu?uan?aI>DK#V8rBc(c
zqXD<@gMr=}3`DJ$ENj4VmSh4X1PS)JZAbiD$I=PcaiI9gpMBsf75+7lZO5mgXdOiY
z^;evI2*-Oe&x^5#f<No1cJJP}b6ZAb@Y!!vV+jW8LWQJqMrdy2g=>ie91tsYI>*w$
z?k<?L$s0)TX$nC=u`t}!;V?zegk+->6JPaS;%svCGFwK;IPh}Ll>#bKctYc!byvZH
z?EEHry3|v4^p%+nRdkn8-Vfk(+~4e|&5z7?@AJrxy#F#Y^GM3&43L=9Gt_{3e7+pt
zFQMufqQ)AUjEvfY-T>X_;Qtj3Up??Nb;W2P?6Vt^e3Dt7QGI{S&{=!M>0K}=5*vS{
ze1f%*_-Aud-FVFzz2@>KB=N76hS6%amXuZ(*kC`hD{gM{pk_kVtn9qBzgn1Vbke&_
zfBcKd6kA2vf8fB9#p*TpSh9aD>PhYjSD#ZMrP&soU9i=Gh_5|^279aSiwmap#Vl}c
zCY%amWnavW-}hAHiPmM!m&~<_OFMsbvMa9wK~F;+XP}Zvz_9g!I*d$|fVz`XAu{k*
zIomNm>B66yyrt9I+N%u2v!=3<cw~N@*|+RICS-K`Qh?sSBCajR(ET&yy9ytALO8+o
z9i2aO-*d3oyGOHi(j!&E?Wp^*vh6>5MZf)5&LZ{D)|6#M;}Ot1fq2Ti?pJ2$SY8oU
z1~4t;4wxZn&KQay#NK-Z+2(m*XmppnF?v^f<Y5gc$TPLFZ(vo#v2<301lSu7><k_I
zd9W=FkUTR0#vJ`WWht4EqoOFc{jWx5!Qi}w`7+`2>`3|u4`6Z3?>+or!e7n5_F5>m
zA3`96ogTbAB?>sx!m;XR$)Dy@a2jT2)fcIEhPN`_C<b(<C0}@`G$hFANQ{h$e4~I^
z@&CEmr#*c|d!+y2LK=TXd@jK_3QIoxWPY00@EkY6pqs>17<U!Kf{gQJhu~b@QPEw{
zKv~}s5#PIn<zYF2j;7Pk<8n%#y~BPZ-yRVeY^gfOh{LPh;wKr<A7Awp`3NTz5Sa(O
zq$^{}Nk&iUA<Cy7=mY6yVyHcT60kc6+;Ko`E9S0CtSCRP@hNMdBM0YB8l2{!;JJ*K
zML$oK=>>hycr)=<n>#k&fr{O+{ax)&XMK1C>jhme{CpJD7sCo#5c5pCvnMfF0u1;#
zA6uOFrz$7bEpKqly7sMq9DpTOritTV8KOU$Zq1z7hts6<NJ;qKH6ua&x;%IS^0Egh
zV~uYPYWxL7LkPuUyMGHF^%P~4il4MzJmd#AeI=ct)9e53cHg~tnT20^A=VFBV35+D
z+5yTVz=a9q=!U$D`t&ccXAs9Qw!euQ)gGrV^L5&-ax5yv_;i=UpmC~~K|pdO^kS2x
z_bzM3y*|XQc7rF8RIGRVx3t)?0jFQ$>Rnk#!9K(=PUir*A^d`M09m)we=rIwuf<w0
zj~>|@JqilO73IR;w=|vdBoG1#pC=d-AUbcweE(n(@j{TWQi#|osP;me8<^|`F$>e~
zYT^%eB+@o$NbiKG`V#=SCvGHph!SgqG4&a3QP*UXuwBUS3f1Q}@wjLGQF2c#<q7aE
z6d%hPJ_lS#Nx9t0SQz*7<@eXVvP;6GOXQrA))iMUpu+gm=dX1M$?}r{raGdet0$l4
zY=R?$-aH-LFE2jIPmGN01>wma>@|BYG`LG$jmj$T*{-v68a+boJK*>+)mqD;ckiie
zmJEmfj2sEv6uqL|v!SDDHez+Q@(JUYH!~I^d$!L(Ew#FSdI7%-g%_AvZM^e*-%XGb
zJ3L@usPfu<rbHWxcaE5|A))8^v_)S~-Y;vqIQPK&cz$Pz*_kj~L9{}vZ1}ubBzo%r
z<tG#;a+rRWtJ6Mqtc@YX%A7=L^?=Us!_zHwAKW^c0>;T;6;5D&^la-yJM$#DBf~eE
z?W+X>UFPCFoBnt{eC_1K&i%#0pWOP~ae<!CQ`R92t7pbEEgla{i-|)gP_$5Fun%P9
zQPb9};8%p1{GDrx3M!G47W<Y~^m^2?toNALL2kX%-s!Bdqsl1^d``l<D(ewzX2e^0
z2R8b3iYZRLz^KZMbo2*S#`hSsjw0@gkQDGi_2<RO6r4}f8(5j`s$U3&<V#L@Du--p
z(^l$<d@l)#8_jm4W|y>jh;J@>#x2wJtl~@a1pV7eDkcM=PahlCmI{9`t&~=;v3&j<
zcOn0;Tj3}a&W~0X&e%?+&Du*1CPdyd{GPdTIJ5QeYIM<(D}1$#N?xR+e^P<vZH}L>
zf1ha+5yS1Z;xoIVaSVCkY_Qkb6Gpu&+N#@uNFmUYc;<J}X@5%1{q>?@-{i@c)B8qr
zZ$$oESVcWvKvvV&e_5z^wM^YtQnHA*Z1bzeYcrC6pol}tFBiqH5RkZk7gY$xd&}V>
zFHiXNBEQTgQ9Gdn?ja9K5nt_SC~AL?H8$@g%R6HZNiR%tqww@DVmg=1wUJXfw1qo}
z07Mf{Fl4A=*_6r>i#?HQY4N02tRgdi!gFytA|=%{HEw0~$40!b@--1Cu1lL|qup8%
zelh}bYCPd^Gm(~Zn46-sa>Xs?RgKU_p|&sRYqaf&vt&*h(buIl3KQN*(@+73`t*ku
z6csU+T3lsjF__;6=GArnvqt8=IX*v6;4R>k6AyOoxa0sH1_{cKg*pZF_K#$^eozmt
z^8F6S%sk-Sy?rUlEH#^(fV=f7>gSi~(w4HwJh0_1e^}5PRO~9&f%!8_$jO+pKZFM6
z91nY#=;A|Z^@moD<ZwPO#Sb4NRYCmNaXorqyx#|yv@8#%?K$gdKa})b^BXEGWPjSX
z?&qy`FZ!h2ccFbjV*kS>y@3Onk&Fj2-z3E(O}owB3Kg5~MdAA<UQ^v3QLWG?`@VoN
zL*{;==H9Q}vJ+GJW4}+n{kI89VN`A}ip-dd1vXxhZ9pNNX6xF$cnBf5*^*bLGv<-R
zD86yaNI~uQxkAT#civG|_@|e}ZwJ4|82<>5hIA}LfDqUlk{d{3MdR&7xV@9`-xXtu
zthP`rRexMg&5tCc-C+ukZAHdkFyp|D4-b6id!!3tjn_r&M|QP12Dyl69=De_fES+o
z2{!}iXb*ctVKLU?eiXg2`)y%_C;N-2or5ZiIW@?_Rx|x4ZZWV+m#%x&`>jQ~apL~1
z1NeFeBZw{SM&DYOYO_teIDK}wqFN})frU<T%&lhuwAI~7Y%r&=#(ZpaCx|#AU%K9b
zo@{>qnXy~ue>?URbqiSQQfslv-g^IyXhmQJHuLpc>SyVw{?RECre2JL)##Qx+=nQ0
zVj!kEz&Yc!$pA5_9NIfi1IBD;WUSkMCs<M!2j=e{NfTZ~VH;PP&dAj6|12~%j$S`^
zHn5__DzB8OMzz^YLLjRL?P=qFktncQZ_GEP^-0*SCei7<*T!)^KJV_Zvhmq_P@k(c
zEVJvcznO7%w9uE|`>Vf{;xO>-Rz(`Jj~8;pdzh*7>K(NM&M{a~mlnI&=-mY)x%aqL
zE|etsG|1I~TuWz*sqemj_^J_iB+N@V_u;i^ouPb_PXhXP*hlhC!2I7J%bs_;`_6Il
z1#dl3)^I)=^frk(y(IT|8F1`<Ez5GQ%~zNAbT~fjBqT8sgz^g6G%oz=?M-*+G-l$=
zRW_IL{09%M>2n3m=xwUymW#(PvQHIfIf(0Ov%mbpLV+wY#HXI!s(vpkO@6(~dVY_!
zAB>)L+;dL|!taq!`hIBYjC{$DQ0`X29#ai!&rd4i+v|Q-bxeXfQbO`sE<Nm6{A3^X
zDT|vnU3PO+elcL7Gj^VdLEWMehPR3IP7EY|!W}Gx_*~19X`JjX-&$E~T9%f>kKMTQ
z)3oGN`!+Z&B{64&Ikc>B16~!Ge6D@MM-T5MIf8f`d1xe#3@hm~u}WEBZzCYi7A76W
zPyc!aZ1)EF%<H0G7Hoe~w657a6&7i%%(WG5yh}J?9D-W0c%P3*8N(s{b0ckPG#(}E
z-31xICLGSZ5wd*83Mhfpvze&N8Z?Pf+Q~Z_{dZku0&;|MRAd33>}_MjL22{`)V5Dy
zmAO0>$MY__(|LlCoS1uXaXF)+lrG>IODZ?z`Q@sp-I|kv3)FrVmB)jXciWstv-*}~
zqwX^xliU<61AX<+XW~F&`}=PV3QrYZIIGnoxcZ8fav-xp`Ri3me1Q|g2mS1{V@<j@
znmZuK-$9l7X}V5C4X-)F<)waF^|8^O8oL!j6|37)o}&!yTPV>#_;6KLNj&Zj?3%RL
zkMh2koElV^Ng?9$3+g+8SI6=Kk3d4?GH#ponx<AR@1A+A-7YrE?nRvh^W={eK5{BO
z{ZHn;Eh0v8%o;p+xr}<rQ1!*h5lffu{0(}W`?UYEuAch$u*0R2$HzqF*HZO_e=T``
z(0wg=l=1uO<Lnry7zt|ECn_H4H)B+k?OWOj_1RfIrnThwXXsgET8jIJh2BgQ=z8pF
z&wlQFDSD*4F)i$IdXZ+6GB>VDL*50G;FHHa)gYcwXogZZ;V6H7c5z@MjwXEH*7HL*
zZ1pG)z-zCcoaPna&L1?$W=o0Uj+~UK!Rtt3vTDtSNB3Bh^Ag}R2Ntyrxn1u3c`^x#
zhQofVyIM^E;al(v(J>VS0?l?jUv&4?&uK_3{PGJoAbuTJeJks;SbRQ!m&Y>W?}}|9
zCPzHn7y@ku*}vbdA3TJlZN$A$-F5gyQ3>3}7@gnayc~N@u%_3-ozMqULO%EwnwmAC
zi*knF@MJ}Qh9_W?>T^g%4i^iE;*#LU3d#MgY@gA0FHiQxFeSyXbIAK$jN1V6dW6DP
z&FGsm=#O!e+1u#(tivG619j8X|6p0SWrC<E`HIIvTPTBE(T<A^opsGY*w`Pw0g^eS
z1S9Z>jP*wSwf((3uiT=Jrt|zMX~JIl9(=gwMh|Vf%Ww3-u(if1g|zr#T_<}VqUbC4
z&BRNocekDm->rUdA>%RkDf&=lE;gDQyM7n2T!kt}E}p=!3at33`R&VR{B*m}mos!S
z=8R}wuAA}A!Mp4}I39EFB&EL?&w~gp2a3&lN!Dis!rSS4l~XtxX4=1SP-sAwpLJQv
zgR>M6L}7HFO*7G1M`>j4X>Ij2ZX1HAo!aB3X={ZeH_+r53c_-o^`9sqIjAiY=aCxv
zHTDng>R@&;sp|boz>^R+tX61|Vu5@RA@aA5<v!*@+3$W5Gg0Z8e~w9c=9<JT>r~#y
zzYp0&yzT>Tz;EKP8o0b)_j}sclqHxNERYqoF9Y{W-!;}^-Lc@WJk((3QODOY?N&pQ
zy508`X*+53rzn_Cfz&01jo?)p&R5DiS>(8OGEo<Y-+o=NmIO?fRAjzbX^9&rU)T5p
zfo|rhE*Ik3l5KhMr5_HD1xzr}%q9Kik!43M-yx6*GowE>Z6->a&V84xd4*xg%qsq$
zSC*LZPa!;?=Agn|3h3FA$#3HQ5SNu|(4&P<b77Lfh!3G9)-eH=0-?MOJ1#`M0(TqN
z)gHYooF#<L7J8=-r+G=}QvHq;HsQ8ZuTd|az2c-rzFXCRQg!`f%H=YEE(lokKoI)y
ztl-X76W7;qw<s-KMNvz{u7OEEX<xJ-uHK+DCT05(fk!T@vIK@_Zf7qn#-8^xOO~HV
zRgagooCuEr{QsO^xG8(u;(l5r-P+@0(ar}@zd4xnDcPLEBt3WkJya|AH3JX*9C~`K
zQ3&UxNx4^3B}GoddFIl?$FH&HaVBNneeVi-P*oQ*SefOiss2b{4FR+8ThQqXPyxk%
zM!(xVVg5-5Mh^uM_kyAPDRPl7pD-y%MQ58;?s?VoDnhgmZxKqtO-{<f_-mdWJGHZ-
z=f9M~{(5~fzRQ&wZ0^<C^lz4q+m;0@#Om+pp|wr<uG4v;I1T$NoX?bmuxFDQyD=Qn
zTVx`NgAerPd(S^4Jnz=g3cVyl_UVaN0K|zb%N{J`gwG;004;=Ler2Pg5Jeo>H1&jG
zEN9~7UJG$fEhA}>Rhy6{Kj~+lJvsx3B2_;LicvGipDCCr2Bu5i8ezQB-7X1Y*oRrt
zKb-%rT)~$9<*#kVPbY2m+`Z`;bARM|rZ<OI)QC>VEzbXndB)GG;HP8_J~$!{!NF_M
zu_=}AM$_R$7_x~1M#-*lleGJ6w~6DkGX;!A@j0~SL2bW=zDh6v6Y86X@x1Sbp}`r?
z=Q0A(wD<w^bLuXFp;d??ME8B4^Ybpz{b{3!Ii8I-e8lf$QAkmWKsDiHY{~4dhMd9x
zGVbqtNt(W}jfgYf>!++Eq8(epKM|a;#AGbYkKN^J*$dzp2lYdreI1>*NhsMe^m?<V
zQ4U1ewm4UaPpr*}dVKdY8@KoEr%!>CG6A76jQf>v0_fOrv)p9%u?<XXyw<|+<ncb&
zW&GHkz*=0{4=fkts9=Y<U`bP=n5TWegcWH7&W@JbZH)b?+sm7DhuDB+Y8<csc|`xE
zA`v5YctVbg5;^3jhkt5tT3)H(VSXj%Pt)g0a1xbDKKCksc-}^1?xW%)e%Yj-5H1*e
z?*>O$x1cyepxdp`O6+j0>#g@C7-EW~!-%z%-xxTFA*9<hI7KOH1az`IQ`#VYvlrtz
z3U!oNAZa^8r~FJX)QmC<-7R<yC;zz3FL-;Wb}wiJh@ywz3^=_00KHC`VK9X1{D)tt
zY^W%E!tltMI90SD@V+8~qh{qByyHc!@9}mU@wulUBUZ_ATegMbxt^`A7Gekf11;)p
z#83eUA1yBObD+eIMkiw;#4fa~eGNK}PN4+ep@qXr&80h+-`CunpOmf*0X#e%5J}eu
z<hc9XAG0GuwVjy0M07kPgd`gLxX{t(%fgj_`IItC^?PMlDd<q}()tT)`CheNlMz3;
zk<0fFrBs9|0L(>(>Ny9W;%s3qqyr#c8{gpfWbR?447MpKyA--oIWH&CPyxX0SX7PX
zPM+swQ@XRuZQNqR`FRh!WT5urZ!D6{<|rDuyK236fgr}=2Cb1|V8>=fT>0EI<LZ4(
z=~Q%Fqm~t(&^~iwo?J=V4Wb9+!I!JmDYJqJZAhrqyGh>#ArX?;g>nt{KxpUKPz)jT
z-g%wr@K74`ZMyVbU)M@m;!rFI_!_59tqj~oyFD@DP8Zzm987W<o}(bFRL5D6$<_Gy
z)FbFto17OzU!P!Dpta-EHX{$wVBD8c8}>2Z7p~)HcR<Vc2|)z<LBr4Ru<~19jcA^=
z(p(#{8fHbFwNt1WPL*y^VF$GeS~l?7|D2!-)3t9ZEg%IFSbjeD1{U`Dl*mc&pZ@~S
zFhK8_@_qiiM@Z^MfWC80F}AKWFCKNP57M&-Av-?^WB2J;MR51=-sJK4-~80#tYuwV
z_YKrEMj-+A53a@9+HwU#e?u5&#`->zGK>A=OQuh<J)!m+@(o=1(Q0w_9=_o?TO?3_
z5Kl9Z$#(}e8`uw3W%#n07EN%oRKKy2@w+|WVo^F*!-x+}#9Jcr<trsa@j|zr-EDGH
z{>T54NKwTi>KHHGw+HRglx#**lXQWBYN!-Z97DWe%5!;~vj%QzqzS+8FLT3*#~d^a
z`L!jC0yXSF{(}g&eBMMJz5M|IWylcXE(gbqWiNXPh>=D-+dT~xAY>d;dIA{WrX>%Q
z$%}zt9Qz(_tQ(X7q@8Iyj~)WMwlV8z7zE8-Vh9u%I0be;Ui<R}7Vw0})|>zBOVr{L
zNMX>(QmcaP^S}t%g)Oml7h2YIEu=eTzak;GvKz+}yA&M7y3Ss$3{RCv9ST>Y^vt2D
zrWr!N`F9^uz3E`MS9!}HX8*S&ct$JmfHjL|vDw|vuT;NzF@j~9w7@8?E5+;NJ5d-W
zU2SsMT-+B67VZiR>7^1u_me`y@poWM&$y$-GOaW*F_gDSc;ZNZ`(UK@PCP@KvjmfG
z5(w)M`d%CH$0Xp;G~tGEP7HIXu|R;~QA@*!s3NnM>dJ1(LXL+wy|Kui0765!b#9B;
zo?=@FxDDai#<zZ>slYFj`f%SUi`A?S)gs&LZ4+nOP6Bg54z&IL+v@8Y*06|E3m&)2
z%~1~&gTEssugdus-LrkUK7CXXV-pQK5XW)fd|)!4I)9xcvjUd>`c52=l<q&EIIs3s
z@0F^!+p`ACm9}i5S9-n2k`8wuL87}aw}jIOUKa0Q-*$Uv&0;1VnFKw*W|y=4rZQ2%
zQ41p_v#RNRp#W7RSlx>!c`H5Nd@4$yX!?Uo`APEqhd{%pL!5A|qzNZ(x=3Fp?$6f_
zc#Q?OIm@CIuDwN?cB_pChv4+Rm<2;5&<Z|kkANPpfs0YoR>C-txNpQPxZq+K`Cf^8
zKW_jpoCd6jTEutGhL%%eNgxfgL+os5hu_+&uqmyAL&N{Ni9Ih*B^&LN{jsm1KDU5u
zWAU{vpJV#ym+Dekln{}<FB&PZPUg#j%*VO~!Ej+b*X6@*5eXoox&B_40xvFb4ozwo
zrXgLxWst7!`08%pkfGp6H8fcrgG9k^Eyt+8yqOj-4njfNe+fXIODF=-$SRW*eOy+5
z;>|zbSMcoLpg#glN_1~~vGyMRO)=f}u(n$Thyt}8Z!a9TPSKDGh#oTVTVn+HF>nPk
zZYF6DM0PI3Qrhubj_D4^Y}sPRYaX1{T-BH=B5tXQ_zXZuZRM+1i)7NN{UT4(bgZcs
z8Oejay3fc~UP7!AbiR@<GV-jyMTt4G?SbPpkqyR}sR@-r$b%X<pV%SKBn0i^%xHGr
z`3R-PP&W26964)z*6?Mv{?blqlHqk1hzpJ70^Fp3xli$-COSw$s36k}Vb1=)YwtT$
z$2_(8u?mkcTR3Chh+I>*Q>b9+AEI@Zvpe@XRu=B*g)o`&8@7#~vnmzGGTqsLOY$zN
zgCVB|H-TK`buEtjMi-Ly3x5MnuTwgLd}li3j}Pm{+-MZM;Xy~8y&KF`b*JIKXc5e7
z|4vDD)*I$l-x9a<p2Bk|8Ce=0Unc|_TGJaKUYFqEz2i#557=M6V=~_tm5Rr`5suJ&
z1gJ)ThXBo^6Rlo{bMs~qSMW;ZLteom-5`zZU)NPFAvkhh?$zE^@@xC<Ox4~7DN%hp
zC(ib%AJHmOpXY>)8lSg#zMwVC66Dg@;+q!aOD%MZwb8m-Rl0J8?Y>!kUC1nUqa8mZ
z`_P!1JnE5p>whhgB1YDayJYVYlt)))m`2M|8J_j{t8M@hJn@kbwpbk`Tu7&T{fEk-
z#T?*xAjy*FRGXd@`>{982<+DtOZoZ-Jo8odhqj+Gj)r1jN^Xg(FFFc}kW>B@;DyJk
zEf<SyV}ikNzCMN|LA}A;#^;3o8;)v{$S(Jp^UIgJ?3=<288tMIAv{q3`&9SjfsS25
zV^#&fi~*_$$u4?JEn+8pj^XA1`e)T>me5So1BLhJ9MpfZfFOtsN|_b)o#}GEm_cv@
zFWi9uU)#s!y(Fa^d~uv3$@DguSi*;JyrMd#HewvS^&O%}5N`S2@29(e@MUs>`SOZ9
zFy|G6`5Zi<N#wBU%ZY+9b^x?WI<tAQf8TBDsiy*!&p8}uxNZxhiOYec0=v>>t`<B$
zYqNc{?*lw;4#60BtmaR)=TGE*RG85c(KR<f#)NgWjWSR;@@RePRkuPwj+h$T(OW_{
zxfM$H32gL5A;%2t1}GLn8v9I)oMMng0En`1$^OQbwaY7Sb5P1iIC{~4<HML(&U8f#
zTRzABTVnB3A~|H|B^oOi4D$YWk7eC3Y8?0txALeF&&{$QMOT0BVrcut4Y3hbkV7Kz
zg@E7EJ}bN!_4C46jA+Rc5oN{U3*a)`V%lqtUSrEwqJ{F^Qpnf8Ko!o}W|${Ub#s`0
zv2+q~CRiqS(Jte?QrqyZE~()v&mV-UXr&kGyUdh%Zntz42M};3wM1%@3kk=GrQUUA
zS>1o&qa;Gy5Tf%E-aY^y=O9JLWUM~UyZCRkvC%Bz6pZe}LRAhEIu$WRpF>nbA*ql%
zf!ND*wJ$3#w|Tay22eD3@Og5<kc-^fqi>&q+uK^dfM_%{rp4KEMeo=3vDL5_{V6*t
zj^*4T3-k1xZC@`#1p+&TFP}o0R*5woKfZ{PMjKQ&w~1JYaGFetCs3W&9cYwh*&Wz5
zDDk2f8}`CA{b?mcHcpM+(qKSZz+;Fj`fU$<M*3G>;eW>e#QwrlXGkVA9=t0oKZ!?3
z6IMi(4sK9l|J%H$@eg?FLTOm|xD%3q&jzP8?W_H+27dKyS6K9ER$riU{=w~M-}4dn
z8)68#ejUK>;rue4_GrUJXOwW;ccqrt)|@Q2cg#Fpu!RBX-WG7HgsR;J91H;MAs4b6
zb56ZAN_&uPMwMIbcc!EBC=?LL=5c|40Pz~JhIv<gIDQTfJdbJeroJkF*^5h2(0duP
z3mFqY&67^p++tHEA+DP<iJpXaggw`Zvt$ieKaILv?jY=!;ail>K_fnp<(t5tL#j{3
zGQkB7;f>(F7OsA<fmkyy>2IMUcROKGqvItxgauPovO@c?nZkQKT?%}Y;9P=k{VGPV
zm&ad$4=vn!w!oMjyP5C_UXAPze?`;W1Pn_aXZd|>bWm&E$p-J&vL?j{kjAyN9=9xJ
z`{5>0kgONPf?D4h^NmLLlnWR*fLfwCSAbiD^?`UwqJ_f$VGXb&$$1GfBLPpGfOsZB
zY5z0H>(D5r`;!m-uL{EE0R=6=1o>ZBNFgpGbm$OB!;EdePQw5|ECH16^E$b1^u?s1
zz-8YpUA$QOlTxTEovPKpX-ln1O_Qawi+nom+6Ob~E;KA!-LRxtJ?P+!ld{1NpQ1o(
zg9?A0NWm=DA{!X3q2ev*E5n?Xe}aO>9(G--TmDg=dZ7VKsrpMr-wl<Ug}`3Lh3{+l
zm%TY1QH_-A>Vk}6>~ct{^&nz3^bH*TESJg46~<=N<fOxgWb{`Gx-{;=$>`$*FG>s0
zo(^mtwRPV&(Dve63-%h-LECzwCsZ&OLH}zj0f&QT`zmbH_!i9Xm}~i1=`Mz$WtWrv
z>22!e*E;1R){woUfJrb?sT(%R%qnAU={*EzD_zrTU=<?p(*u(_`!9*s<#0ScAD-%I
zyrwZ9Ub$1*YUnY)VZH1Q_q);Jea&$DRhK8f1yLLT>i6gb-)<E_9bE*|uj`ViPVWHN
z<E#Ou^qpo2b_|u5yhbuHEJ9D)=rCXR@B%J{ez;{#<V!%4?<d@DNUyp)(0Iv(VcM;7
zw>yC`Hy3Ieabi{iqaIwf{EdCJ-V=R#Rf2BNxs)ZU?(dMJgh2?KWO=f@(!Sd2Rf<J#
zDFc<inE&|a31z0k2fV-Qux%tGE}PnYT8x(w&vcbzIKPnkXC3+ato_aWjAz<wlxIh2
zbwFkUR*(S44o_1abpDmbOX?et22&gjE%q;*nzjgZuLjbfdm3lJXD3OUcmCL<;fxmR
zhS~Koah?Q)<pFkGzdLHK->exWQ)PpfqJ&}5b%U4fXTZCQs)DnwJ9h{3Uqy3XUeoS6
z(<mb;H%~sTM$P=7$Qu)RY^njL$Dde<?-Dsamo7I9%Nc3E=dVst75r{|T~^GB*?mkd
zMA_V!6SfBSECwWM-gYHNzis{K!})PoQIp1i4pk9BTW)W}!i3hYtt{q{PyP&2KJ>Dk
zoew~-r6ZH&+2yUJZQKZpy&0H(o1bt?99;?8$L}63mfxuIrrRTbAjY;-5ib)`Q=c_Z
za{e~qVr;I4OJrsL5aVo`NA{M6AHUV%LQnm1h=`OY?v-<mR(;w<gVT=AK$gq;?g{qN
zul=MY_#Hw1wTT26lZ75swi{9^g0Zdw9Y)IWvBTpmD&rE7wW8nRai)ID5>A`Dv{Rd0
zAuGht#Q{X@L6c?O`x15jd)IaN6Zo^7A^0<%y9FB4Psy_!9r()3qdb(g%iiaaNwa)L
z&c=O%kgFW>Pn`Po?zLEc`JIVmfBp}ef;krkCFHg=E=L~#H5(p8wAT(5w$1#E0S%P{
z?xM>G(zqM%O00_Rm0&jFKrMN-R_?dMZQ-ZAd|$g?O6B&<1mYrEk+~H9>X)G-w>0UE
z`FvHl4?fhph*IB}bb-x%KCjx)mL8R_S#`C?B0qBlbO-*2{><WMy;t{@y7`M%4?y=H
zarnTJCq0-SD|MJb=oYmsqr^te?HHHMNNv=Qcei6+&|-<P>Jg%4d}}Bw$C;x*6t(s^
zLE2q57b1o`AC;fA6ZnaXVO01pPu+*vZ`MWCCG2Z7Md{v+UZ4Zg*`yjp1e);eJ(USY
zo)7%cjyE+gb!<GCcg^1hSAWWW8J}Z$YiGpm$+x5@;@yhG4}3n)VB%VFIe4M~O@)qA
z9K{)TX6i&)44PpPfvbr8w9%lQa&s2)p%kO;dBh&F%Ahq=h37v=OqfZd;~Od9A@0==
zp}#NVK0{ww|K>R}n<WBwIWI5F?MKfq;|cnlIkX+Sdh97THiWh{Cg4pTdV?2U-otdO
ziw*1>aMW)MAg+;i65B1Kd$Mp~hetT&e`DW;mIGI02+m8ZpGz&bc~bU6f0i27C2YZY
z_j;4&&84Es|BJ+Rx$?zAjy^~*_Pt;xNa>_RXOc(4`6!X}Z?audt^KjbCRX|rw-wRr
ztb5XCq@?Mw(iCX+*z2PGF`h1hIa9SKifm&$l74TMoWRf?94!=0W3Go-Atk<!@I)=b
zbJaL&|95$^p8MM?5P%dr3iUWEs;d}E<hP>c5QZVe+(v!RMb5x`>%#4ax>xg|R8ECV
zRuf&IQ)R0#-(i<bkTZ$#ox+0e&SX|B&>z*54IkJego6l*gv3Y)=b6B@c%L#W-a6%3
zLs%Xn*H!c2txWNo)jw6Ic%j%<U3|MAl}lCIU+<x~-$1M^!CNec#YT0-86Hm;xAH;`
zuPsp`gnyGvEaOQ2NzDdwv&6?=s}HZO9{`(#qK%8hLDLkK!w~olGTcaKuuuMGixVs7
z<!zo&$T#Q}<4lRDf;TzEmsewlRIq84tQ1j%V~5=O!a?fQ4PeE%T#wxw`5Q?z3K=~4
z;;UxA`QwC??6p}vn>b%l0`LtkzZMrks%v#%$6_rpHX)&L)TVu~SNurfLaP?Hw@uh*
zzlf2H7X6@SU@lbXCB6<n6{hW9n<a5YAGr+MPB9YV-zXc;+yp301$b(z5nX|IHo9QF
zP$l9X!5#_v8bG`Roi;|Qxw&!nJ%QBf>Nt{fr&yk{;f1qV_+ly#k94HnG9an;dADz6
z6D+}gh~9~t`TKJi@;{=WgmoqX2tCPDi@WvLX_g6pz2dj4edCLn%Y4DE_{^Hu_@yO*
zK`!TaMwkK}erF8a@zFr>70XawKvVy~*bEI)k-qR3TpBMd<UxWpUT4P|n>Iju{9gHk
zHnr6-7rP`Cyo*I+H!|UpKWp~bQe=&suE=9kM>3j3iu4R@Kdx)5o~7K_olixlMZ@`Y
z9XUv|1C#iRxKx;$F5bNjlO!y%xi{j8U_JA!>l*vn8QGb>Q_$5?-EzQ{hHCA5?!g}v
zu6z?iZ_q>YZ4?K_@{{B4i(G2Kme(4gaAC}e20`pE2nFY&CyY18y4skkhZZ?zEJ@iL
z<<t6ut|9pw!q>lk;(;XK|4|;qiIoWf3$h2~Kb}_sf*a14nbN^fpKW8!16<;GnH6AE
zUgP=!)LcI^C+Mt|G!5cTkCfZ*&johCjV+ydg|#_-%zXXgerZ*Pb5%H07dY`vMsaAy
zc-}6L-=To-?J#CT!IGYmu&R%mAy<|cjyaVJ-q~M|7FJdljdjw0mwvkMuhA1n4rA-T
z@vO@mH}T4}WM0zkVg5s35}0IcvH*7jKaxJJFy>I&pJ`G^*o~K2-eg(+YB<+d0u4pd
zRbK`H&5h&!O@fTaZ5E*!BQn3wa_MoCTC((U+s4PchcXd2wuY4?KXgZxKeSGqp7^yh
znAA65dwN*A<Im+S%x=@X&!TQhq_TJ^k;fr7*P1w&aH@ZzkX$jw(FCiZl+KsFOxa^5
zOXaO6TQMjU1CBRy+`EU~h&c3*?^H88GaM#{iCXO0(Pa)Su>Jqg*mOBun~%H6lkclE
zkBaq=9hBb@In3IdMH6qfd(Sb%h1y(?j+?*Zu2HjMH(#dg82!mn3SGRy2RR3jc>nLc
z$D;O*`0jrexarkLyD6A;m)(@WVhfixd}11Qx$@~jHn}?Q{V7T;qq1tOKI&!f8B`b?
zD8?Wlat)c;bk~1@NfC_mkAz6C_A_!nDgjvYsK$#rSbx7Tc^{ub0z(ReD=GJY|15|L
z>Xs=GdKd7}n0;ERg_+GNmGed?e9-}MVHhR4>Q1~%p~akcbQcX?+aonP=nc}-`j4*u
z|N5Vgl23AXGoG2VFMWRvRcH@K3&u%Xc2+YAB2{dW@Z8rrvT8bVVx+N@SYJ!Xl{R4=
z2ikk0`(~_5L}l6Y3vCVDPA`$qRiCp(*}%T5-ELCV(%rkO=-2kj+Aie!e20Xvk-t0i
z83ozfN^v}2_%1?<3BiCWNjt%`*sRvyUO8Sr&gfsCw|5}{H9*!DZ9J!ciN6fM9Eqva
ze2BWb*B(4P<W1fVg#;!sOM2Lv<7(>MtbX27jCx!jj(@Jd*uW#<(nXdmwjk?rZDTc<
z=oUgoQ_Zedv~;{ZmO<l$yHzat$)?8G?N|nI133~Rc0X|H-oAm}`CY~Cz3LPK*~#*9
zt<2l}cIEBAU{~}9%ic1!^?1KGR!fI3aOI5zVSav<I8G)yH~5X7{*M|P>uwwEsz-c$
z2Yf8%`9J|g3xwCt4L-5(mtGJvvCUf{yI&@ONg(l;UuFP2ty?%RQw06k!npR*Ap7tR
zNP>Ou+Y9(k_UEN;+b>49;FK7ZSSd4MyN?m8dN9(x{PW*ch=4d(%B+XTS?R{_whoQm
z%aL3B(mX6MF34Ya|CaKhb{9!FqN;tA=};c?F3)?j=8?Shtx!$J7bi7T`dN0R{G(TP
zdPS{1L^m-bghhwp${Zz60|U_K!j*-Tr)|RcJT6AdRXQAZOvcXzrZ6rS3N%F+=0ZlS
zkMnZP&*S#S^QUxVDab?Aq&C;ha|Q7Ze({%G{i0l}C!(jwkpImb(R8a6o(%@HYU%^!
zQ)ev-_~;GO^rp`ij9gzf?-gQKc*o9P6Ge39q2@q5=DnwqOe^M^zKrvFE(ABb8oeMC
zdh#zPk5Lw?fr3l>i+?lgX?yJUj*eygnK6Olp@6Mg+HQ?lw!;(qUJ1)wCfQM0RRa!n
zV+?rQmk4%Zx-8*mg1G<G0o^2zT5Sjqm}W8MUA5;zExC`?xPK9D+kK_XUB+rs??RH1
zdk_DPDBo1Qy1hG(7~1@)*tL8{&#x3EfK|LQX<0Z~Q&Mw_-9L}G-XX^4wv~I|=Mflm
zUozi7g78z5%cL~R2eG4}*)K;mwUI7hJjD6TsKtW`Wkc)(OD3JX&bLR4R8w#G?~M`Z
z0L-R7vDm$$5ma7_nOudU9YiR3d|7v&t_G1Fj&C@)j3T6bbmLG}<-F{y@YLYEoIPdx
zO^SPdN9>kH*lvG9y^prH5N`0xN|(PK1?|r(TUbUgK%}JAbKOr?IbZ$_xeXEmN><A>
zYjJ&R2YzQnz%-dSD^u=eLtC?iT8_hNt1VXhT3D~8o>|%OnS8Q>pZ^M7j_>>UA8&!Q
zXp5be5fJ{ng-%wtc)%%+n51bR01S*=Q6rXOfue-xk87_@wm%!j-_hhc3}>D(h|tH;
z{@<Y%PJ+SPw*(4MvuSn{&ZhTP!w3wZgck~cF283%3{9qXfZp2~cgyPg)S?9Y=xh)m
zn!?4Slev0%f0QJ^mqs%h{$(uZ42~7d#E)Fh4OUOr4~%?${xOq~te%nAbPKZooQOt^
zNJMU-+Y)z2_3=bI{MUTV&DX~}vxxizICWNkw@%#k#no_?YvKcK2?Fa-{L`q1_OXdQ
z?f1tyR-s3`4l{@`g#%60kk>8)OIYp!alVDdf&TB9Z;*u}r1I;1r|s}M?ODjfbStRq
z^{mVi-JI|Z`PrY85QIo9c83kP9Oh~uTxa8hF&E*|qo05-wZoxLY*xvBL0q)OQ!Qc3
z7m%sK*nb}mro2*56vi0uZECw+J+Me$wa<Eydf}%^JQrx@{9@o~ml1b)Q5w(ggs*_~
z<2$w=2~(letg`<`KQcNaEJnuO(~p397FR9vzEU&EMW@J5mz(1UZouRt|9g4>zX7N9
z%{N_~`6pDys&mDAFcOW1(4SMwSidGDad6il=sKOFSe`%G2$r#a|2WLkbH?J=!R?vD
z?iNPX?-y0IET&(tx5}d$va^#o{Kq~Ox6u%F?3BqxVWRGx7zsA&fIoA0v_i{1v>Aqb
z9f`?pJ{P(k6aJ7;qKpOsOLgTzF7-sZNUc>Gm~JYEGO+IW^xS?rpc;STwjgF;Gpj@~
zl$!V)cqH+kn&M5ZCy?pV>AyN_48M<DiH<Srb7rgUGt6PD$C-1Qe=mPXEPK^oT<Z-i
z-C$cj;Y#ixET^2k?a4KPXJ`8xqP=caX$t5DEsh1F8rkp9u#zcm$ez?3-vf@DcVN4f
zK(S#(WNQO?-@{X<l3!NC^G!quKtHu-*(tE>B|Q_qQTKJSxN8~M|5>0hzwAL2Y-#b@
zx8#prA49lQDLrTLJ0LP}kg7B7Pg)EV4f4L1c4sL0{@&4@!X`WS7XDwr!UuTY&D=x`
z2sQN>LVTmvL#E*~v3FqaG+?ooXtkaGu+Q*ZtOY+U7Fzxsvj`190n${lmN+FqcJ5To
zqrV%Wp=1p#La^FI{h1I8Ps0nx+$8?g0TDOTFgyLzp!Bd$bD+s>Bh6_>{XC}%8tJmP
zkKdNI2R~??6iPDUBT%!xFrNcPs2;uP4qQL;ynen4)4~o3=#&_`>^3yS?pNo0tW)D(
z9a>mdw(=kvx_K2UN-kqz<j!6N)wOp;<3_5T>GT(zE-)`Hj40ag-VKS1n<J8t{&zLf
z*MKwhaiZuC{~qxAHcMEKF8Mf7?@U|E?mzRQ3Jn&@AA1pbvgYqYUuy@s?>{neMGkyq
z+{rd;nX?-5O~m5IKuZbQ3R`BrYfq#0e+6MS^|VAk_*dPr%DT<kNgErd@IU&(l%C+$
zaj{O`@<A2cj(2H)retJ&un4J-=?!ChVh$xT?DPun!gK%5jiiY);Mk<lv#UQUrbg}1
z4K-dj@pU$1pWVc=^$F?;?dDtRQof0jS+%-YCw7U$oR`VOeTUAtv9X&*CB6DhlCo_6
zyMbj!<KH7+k3aRb)k*u!1nB<x|11EC*CW|@5f7Q3qsQqEsBqVRTb^E&s<|&bb0{)w
zf4MWYv-`h{hyUBUu_@dkx{A|zkXg%j2b_f{^aYv1S8`D%pHlm?#8cw&N|e|mtGS{~
z+H8=Fo25;B@{b3u77nM)OS^k@n(zMY>#e<nz!<aj3g5b^L_Mf!jPi2d87^X5c%|<?
z>x85+{?HWbUSrbmb`~hS*QsCMzZD8B$((zixTYjc?aU@V3(~u32fMDk`r91H*7qD;
zpfSL>!2ZX0_!*}${^x780pQBv)`xmV;Ww4vZD1A@kB#Qb0e*8JC+wsNOQfZK=GwEO
zuLS~EaCOr;41!`al5AJiio0XAu^R|8vgf*E`@`-shsD&L4D6~AG#?@HwWj{)%}MR$
z>z(YdpmrHDVf0IxF><EMiX?v)X@G*rYa_7uHEC5~oF=(P!(&J9EVWESqxf+qjdoU{
zC9`H-$k*Ml&P@VQHtzrir3|dkbHbck)8hz2CWXPQ&>Q#Sm|QN^fI}*XN>tW>b%m|J
z#gDT}Ie?-HmLE3d`cS?7f|~iR-#7LXh9H3aCb;AQd)E0++1mk)8TH|L|M;tvh-|w*
zC3;PTWyX0e|D-mCLTDzO^M=&^#Wj89O=^@xts@s3J}ZrJdM2h7#3$(meI!!RdBR!Z
zKl1smIpu1Yd7nPj@SA%GBhuIZ{M*JI6@|acOk{+(Z4STLj_ARS?gs)JUQM>+=BSII
z-2;n}(<9<ZmPD)jd;~Ku)tm}L0x_f(VYb=AV3O#wx<l+{#H9bA;X;GWl~dIir3t5#
zQ1jHX>#Y8B0bXsH6thvVz38_rZ*#@j5_dl@v69K@P7li;qkpI9`#{u)><$pPL;W-h
z@dhKT7R$1_lZnDvIYbKf6)Sv=wsioauV}BYUo!)m!t{dX(;C9^l2@)?M0}b9={w&y
zeZ6Scy0^9kd!cIV0sUEl3wBOBPG|*Pe@GX~)3g_}FVW-0IeUDHdC{MSO2x!4<f|tO
znr?58Cb`C!E3_4D*wqiTuGNhVtSVZQfq&X&epIF$5mgvU6|?AFR>k`J#JN^1Hq;I?
z=MMk9tzD}lm*#8+7?+x<94djvjcG3lXXwSW4aUv<l>5BV9P3Yi2)TNVrmE_oWJ)|w
zf+6fxrWAlyFocy6q5XYlGyp5X#PCQW=0nNED@~(x!gR$qIHVA6hmtaP+aaNx-C50i
zjH4G+puJ8ywVJQ(Io{1<(pGdi%eQmtq@$q2HRVwd4Nt!-iTfXFTZjMptnqu{sh*l<
zGzywlvdA3Gi;RAU#EP#?R?0_P$WWoscP#|FdIz_LDOCNqA}oh;KOQ;WP=W{dAIrsx
z(PkY?akPu}-j^K=qC)%z{eT=83P#+pKQxPpHPWH~3xbefbR;pfDJ<%2-bk}DuffDU
zX;^uqZ$UyJr>}ex&K_qQmr%N@LGW@w*lDp04t`$mK2pko@5>(yi!X-|N5GLwee8a|
zfp_JdpZT=ghh$nYj65TT))_UPhwdSWB_jh^w|}`L{DV*o#A_uYGaxwo@vBPr6zb#r
z1ntc?4>j7C@5zXN;>*kh%1p6;!J%vyd2PGnaA4&PDE+fefX^Fddkmc#)d1oz&%<US
zBSGy#M;u3&jj^D`dLf+75Qe-LqW?~4@Btp|I==Po^t`wNy><NGQgSUuNa2Ei%C(%x
zj#vt0cw1hr**<MdLwKNOLp(ZA(4_GVIVfzqRkOVJE#pySDjUk}Xm2CV<9<PRYkOxH
zCGRN%z3w<%({9^XDb?o9S83}{YkzqhVFj_wP@6r^J#kiw{JM5vrKSrtA5{i+>l3ML
zSbrUB|Jp$FygW97t}s6jzM_2_vB9IYt6l~1m<qMJT&*d%R73QfHub-^>gNz^tQ6b)
z2apoTWr4&x&#$Ny<gDDvl~-8EX?-!APAcd=em+_wv~t9qM_ikl@@+It|Bq-EdVYfk
z#!EX;XP1%m`sXYjTtW~7J|nlLi(|XCNpx#eO|!#Zy-#v{SdlAEz6Z^mK=d*-2yg>@
z{1($wb_tIDh(CMena)t__OsB%HlMmId&I-8ZBfRHTX2cK@p8O(1<$jS{rABR^Qqu-
zFdGY$-4{(_u*a=Eg~O;M0P?Nx+2aL!uXY5se~XQ8&&F>YN`Z@*0YQ2QUIb2*%wvGT
zTYBGJjVPzle{MAECk7J3rPAA_`ODy1^qy^{%PxNGXGAB1`#OFYG?q#z5E-Oqd;ap-
zlNo;Y8Z%l!7~)UF2CDHqT0LGzwj~aK^Ay1x>bg`nw1EiX@)tO#JIM4+SL3dfx9s8l
z=APY~C%|%@+(%pthVKO;64GYZ!g&cio8n0JEOEcfkmKi>;$FF+zGyaQ>c|(lB|-;N
z`{jsf#sYrGYEany^D)v+&@QNxVf6Ic#%x=*k&P61Ls$5sAYiubu@8ZF8GYwSPU*a^
zyKQM~?62>KJH*ywt&^NxwDeuf8k7>jNQ-39^Ek4?@tU?g2t5v(`8v?PE%w2=G&?5Z
zqHqV!vcCDaN`smgk&{Batp`O($-(U@$vHX(HEbDj<3x0SI1<`5Cz8@!Hq-M#@9T6+
zs?So<0m!rBL%sat>nNfSQN@f^lMp#PNX_R639B_6+t-r6c<#l~cWnykx~NxcpN}86
z;TR3wwGZ4gJ%aRLp%vIP@Byp>TO!48PZ9H@;zR9m+#WQ938)92dVh&q9WvJQBl`t!
zktXQ3)dY__b&+k)j`S~C_>Y)l9A3<y-vaztR#F5aQS;iM+_B2FXAOoAEg!cntPeLC
z8v8z1MM7t2Qb>)^_Ta&DMXb})exdpK8JY#C2=3X2FiUo!mZ~s)V<Q<MqVnn7*#1JZ
zc!0S5LSR;dp0l;9fhaNGIKRBjUZ9>V!7>GS=4aR11~s<gFI!WEhvfzE+9E0p0q?s5
z87Q&+;Q0wgVy#xyHzO9X&#d;~qu$?`9Qn_9DfeypW3JpQiMT4$qQViL9xfR&DaVD0
zqfgY2F?Y2TgKI|RHZ%iIT(?}8Dt^9))3`u#uv4=LpDWXuMY}ZPgtanaVt6XQ!zKu6
z)Qgcy!ja>sj18(&2qy;sgf8$hv+s|%aM><lsdgaXYM|7^<1Pw7M8kJt2n2v=@j{dT
zXGxq!Z3Akh1d63G;&Af}$_otZIGEXRLCgsk5OW;pg^d|8F__8Ay9tE~l<4`^<Y%~n
zGjcvWo4XkY;wvcpQtMSqtfypME~g(#ed>PBoxU_n8Zh3Ssg13`j{6ywv{$5~tsuFr
z<5WJMNG616)#%>SK;7CttsH-;YlwU6Cu#LUjAMp>3+b^83+eIs58d;of``VxL6z*(
zStPn|t%=z4p9F!0&sM3C!Y!Mel3YBi1=$I+x8<l{F#DjzA}@&eOBQOJU+tfFAF7E~
z2Kea8V79oLhqXAfU<Zw5l}=sgL9b79%V*T7WxX#7OY}ZjxVL2$&_(q-o`63V-_w!W
z5Ou0Ch6WR4zaBkVHiumGGFS2JLZMWsA5q&G<B0wH<;bVO&dk~l%52nxox!vr!GPp`
zC0gkS0*S*nME&W=@lX{^vmZ<qt@uK1&Mf-BdD-zOxFUlfHRKbQAU(kq!!rcVB+R7P
zt;~t$jod5V_l$@$E41^z1&QIje6#HM$Hj<QIx5>YIM7{Re+JHw0yH|#9}@2Pa<5hG
zYGftwJ}OZN3O|RCpUpRUf!tAdkkgICr6=M2o}1|-pAO1A!lelx9$a!c?%6xHeI84|
zf`xRa<j?v^kN?ocN>v9DFdyq}<C#Hbp(2V)79z=lCg#41F%NLwKvb9W49a@c<^gai
zE&iJ$!*_*|^!sRb>_*kIlokiMeM%M98e(h3@<i2MQA-`CkD@_>HecVe(hBdoYQym0
z6HZe|w8D8fwMwQa^&IXG-gBTWGHHsJJmb!b8y#?5m{L2uYOBz`2@vUry@)%3ZzR8k
zQZci<x8K?3`_H|JV{1>irn=X6@Fa=Av{t2{Pshq-xsHrUF3lDmNpEt2LN0qgj{_24
z47p6*W<7{XA|we`E0Lkd44L~sG<|hclkfY#h|;A<w<4(`C6XgVDVfqp43Jg<Q94G7
zbV<iR%0N0qVx*)F>2#!Yj2Ii+p69#w=lp*E?(95gXZQVF_v^auS2(`p_+if0KdMe=
z*jUY<s)QEecugvKAM$F`@{&Ct17o-L<BdhV49S|;@H})wZO~Rf;#VI0?XTGr^f{sF
zEe<`@k}x?seZ_5Wd{c{0?{jtm&H2H{lIxnq)+a42x_nFef-5AcO;F?{2Bj#gHh@l9
zj<oq~G(AuCfm@&g`RHeAm!^1A-q=OevsK?HaX;)|aD^xpRtO)vo;~_tyJiaiNyF;~
z{>3;|`vW~c*5(-;{K~o0nB$4j9na0j?~pI3SDg`|`F^1D58w=}_2UaOHL)aI(kYHS
zvF&{q7G`IeVOpc%IwlmZP9sR${(j<#X&`mbY@_7kKc;6Ky?@zTPp+Hho{&i@gx>`O
znSeHRZWhOPhkx6|&lbi}uQr-qx)HPc(68XM;Dx&PUfKr;Wxp4xy~ukaEZIqqv}Y!m
zD^x0hdNQTZ&g#NrWTH7=w|sZe@03T>Iet$%c;IvBMGGh1Noj639P=vQDAV_yOKEPK
z_kSvGwee9BJcw>tbK7C>)4MHRM8tH(zh3?6TJbHq+Pv}3AQ9c<BS|%+q*2AFlKBb`
z#d(|`o2D%?qWR#Ap^imzT|+m_u$X=khnpKQ60*?Wh#LxKU-ho3qbwM>t2DU=amc7$
z^$bZ<qu|@Y!2N*p4^j44xwi%x9tvE~dl!vjvp;C7r+G~wdY02O28)gUy4c#c<wz9|
ze_c5P4+_uWoTTG|`j$}Q?lD|~=AV4$Eh8~_mVfuz`OQY)oaw)Wcof56isOCqPfzQY
zPLbRtgR+cJx68MPhD*!;$Rf_$WkinK5ebs?wvQg&ucAbvAfWX-=AH`|Q-0H(TaljM
zV=RAq8UxpR^?>G%*1Z&puF@4zi0nQ%07^f9G`x7o$PU+sD+E`~Z0Ol!@OAnfL)vi)
zFHedXxRfk>9;_RG_B>oVXb-}6fj;5<e5SKC#O5QE+yGQf9_EzydfUA>$*mZ&im1p5
z<p@5Q;*%tqe^adhTb8MMTi<8x3hUD&PDBCP_kM0!-|ObPU3^8Wp8V?-mPkMXwG7*%
z+wz>Q(YD`DQAaSCTsCzty4z(|<re99Q*aMi>iVbqyUx<!Vb(2;eEAH@u3&zF`)(&o
zkw=>~T{wHXqYaS%P>7B&A`tH3W{F*7I7E6ZuHF9qb|<eu*=WhrDD!zxB1F2TnzE>}
z^bazj7ZFhN3<!C-T#D_(K*}FnUoJ}U9ILru*7kxomS<bw?bl349B|a%HAO+muW`PY
zAtsgs2rIhjBb3>doVGlhTDNq3D~jOGI8>U5%DspCKXwcSz}vyipiP(ogRG04rs@tA
zF5n8ZEjjjCLQsIlI_q=*?ik_g#k%rhrJ744AD3%o^J+FCmP@R=V_K5Q%I5XTEwjI}
zHzH5r!S8?qHH8m=4Xl$I%8MiXsah#KRF<~<d(F+m`2nZ{CY(dQ!VMI_BS|SeveVrM
zXAeN?ryyqH^SHX?Dp@%!EuDCdt_l%e5kKKrx*QLOR^mL+e=Bjmp3<qxo*o7gasZ9#
zR1X3WzIvdot*HiH5b!c2W~bRuCo$IkUV+qC`1JJNbiQN^{8&SO1Km=QBfSXb;zCkt
zZ47|O5WVxvX=Cj|ose7byYKliWypXbl~Tm-V|H+27m)!sGz(Z?&nl&v&x_iL0GW1|
zCI($S(^$USa_n6gNB4Z=xFHAl_H0DmXmvo4RNa-kU`I%arq6j4APYNtIkEZh8&D7q
z=e+ke>YO?r9=PR+If%c<*8J#okEn-AB?-=)ZsOvwvW{Wx4?gO5`2?3`fyD?>jhXWX
zrU|v7e8H04tZq#zV_`^b;zKGT?C~w$>~+Up2YcYeWibDVn%9yY9_=S-14!xogsQh$
z9WbfbFCEXXR68v*nQx==otoI}XH}{mVM{G*q<T@?$a%2f=Oxb5aaYLqEqISljsE5|
zP2}UX<!ZRgZ{e^zu71I!0yEtg(R8ov5RzD0(4%r@!;yX)zWmYLUgp<v?#<<i!SSoC
z<61!2-yiEJM#$~+jbymwt&Uo*!~JO!qG$-wZ&+Xth3oH+C_H4ogEvoeD_)}9R=tFg
z=D>;pMfVQQw5)!R4dU)A=K*HGN2R`^Z!LpuG4c0++LLB13IXQyp}U*0<~t!=UCis9
zp^Xo{c|YTt$>g^*xV!bwc{D#s=qrmY6ewz}!u5<p2BL-mn=NdA4|;}%@sc2i<t%{R
zO?H7xae%D(qR313Y^gtuxlgyaxEr}oq&44ueDE-;DyZ$Z^358VyG)YUvm0fTpD=F>
zuCzTb@h;T5v6*0C(UZnn@KKJzM=<9NJ?c_YR3{jE<`o??6*l*-M0ebaOT}N%jJ81Y
ze8!8RPIS{J1brD9c)Bg)`In*6;c+ir2X^L-uO}U@p!IFq=ADAZ8}AE}fy12ZNa(@+
z&*3?pyC!3<lu#0uaBws-jv8e4t^R$h6XN&x?ypOSf=ZhPj~=H@ogsBl&CKF*L1&5S
zj5`W(i^}<>*X4DxsC2s6CtFHBNWs`CO?ZWWp8GC<=R2OYF011+J1<L;A2A%f8VER@
z%qaCcu+?!3PG9RxaE?c=oK4iveBFJ-p^$QsRhF35R{z8tC}wG=-oIEl?%Ek(AZG^s
zw)#bK>dqS?Grd;-WRSiv2i0JM2NT%n$`QOUF;T}m<2?+Eq&h8=-85>lwk$~K+z?BE
z*~^a@L)9WP@_D={d>*tcfTJs@{@s?;`#?A8!r`gXAu}y)>gJ{)r-54pTNGZH!s}io
zI!e_N(h1}!3@x55+(rWDt-YrSZ(MuANx_^f6sm8$FP8}fZwrLU{@Q(J)8~6Hc%O|o
zW@6J?qbKKl=<)>S%oJHNPEdSnmIim(5ipLGUA=5hx4z~c*g=cqJq-P~wNcPcun_nw
z9m50Gtq%$E!4-aSc1{{+g8DUqE^{Ap)JQHj@~ob%b&q(frCX=nR^Srd$A2YK_I^<?
z%Mjf_O=)a5alT(KO6CcDYv8iQJ4s8NrvZGm<<p0mXqhrLtDe?eNz_1Jq`AcENIGZK
z5x}SJKOfRahDpya?w0K?Wm5oe(A$0SwSg2xRw@$@$0h!n)GHY+|L)cMs>;dWN&hyd
zuC=|_u6lvZLR*QB07-wuH3?}ZzHS0OJ?*LeQJ=}%XB$?Z5^;8nQZwiJrAK(tEcrBq
zMi7imkt%0aaFb$$$kHRb+Rws}d}Y=x-d~#6uF6sdA5Z#mUJB$U2zrcdr|gu9jEkXi
z`oGy<9krk0|9pIQU#>j=X7{~^8X`(1#}4&x-xV~UOluxKP%Ty5o%<H=b-{3w>8O|O
zr)15T`|sU=-0nZO;r`m9-|m+Eqhvf7Hx;g2{j1tq`(>Rhk+MEeYoFMEsHJ8p;`E{5
z-9bB&^PHvoy4Mnw>k!<7Bw9%``j*Fxn78r3xbdv_LBr3--SWo|uA4pMReNiZDb%iD
zJmR-CXIUThc5kew0{#$=nu5cLq&<PXv8x74b&?d8Ay($9+GXFpb<GE_Qj@(d5E7;m
z`cjQj3SCXFZ{8HpC}*f_2xR~IIIUU2ez24OfCZ#t+^48k(pALO<|mBBs_aY8_oW{`
zw+`@JX1&#{xGa1#^ViFZ3ruB!joWHO5cgct?Binv?8xU5D{x=4|Au*#`4<aXqX;(1
zuzp>xkxQ~cQ`U#1lw@E{ck)Y(zQvVaF7xWYvAgB@;@;10&lUWB`ZNW_Sfjt_m6$Jo
zvSCI$!ZPt)SL?0Xzi<O#q0=)ByyGlgBi|ZqC_{(oRfD6E08)cq^}`*e0PDls$)DgO
zo0x$coMhS80F7bb{KsnSK41Lgmv3tfB3`OtA%D1(Ezgfbsy3fL%*?YlHy}keXr+He
z#xMq%nD;XaNb7ySK4U^jhF=k%+Uzb|^EsJ@A0g6TPgPmQ_`TOnxz-&=(2j3$fY4y;
zZ`Y}l$^h4UW`TQu>mQM=9!n0DA36w}@!L4zkD$V#YZiS%43T;U?c8*#N6C<d!_R)H
zhmyILLKnb|-+69pmwh-X^34RD>WU@09Fu^D{b8aastIw_syhpnKBB+w-KhVWu7?sD
z&@@qh$dLS~JOveeS9TT5UKG36)EcGmuAnHtON75SQx9Pmbg|00JfW&@=p=h{U(MeG
zaJd8qf>ES|SoTJQtKIWrUbD!j$##(Ctotn{8T2f-!Pjw=^SLHpD)}}i#LM@b9#X!^
z&jZLKpa)H58yI%<&KH?4D)fTzDZqQ@@(`S{S3g%iTIJ_4@`mzd^R92!gIzX{`n{l{
zw%*-wRlV{k_eJaTY58*H6W?}QHGyEYwPZ+j=|hlgf<*TUc>GC96lFnzwe`l<KPj9C
zyadb0`H%w>PrGVc6l<>IFPSyKCEolSxh&v{N&s@`l;x-x7XZ;d)#IMdt~V;*o3RTm
z^>;s|i+y|6sNGhNI=i+rbNRJbmh1UEWXV&RKok(TPCWUEILSNEL~9it1b*K<n1W-^
zwHuN(Z$;3WhxMv{bm@VN0tSUDY+Tm-AGY831te>G6*()(a1v{dDoik<BdI0tKC7yD
zuVs7q9L{dQ#J)b3fAamg)yeh4vu3y%U~%^55Ar4zwACm1&%~|>%hRn3Xr|4$J?(+u
z)UcC<X8~dB>U*sRx5t`dmW9<QJ2#fB9ED{^?iO|mq7xOmlYc!08ns*f&#KzR50m$Y
za6d|3&U}CRaWeUetnt0qpS&68`rdoG3+}JzIiJJM>kp71KV~d=w#_YlY-U1D5zwgy
za?WU_ZwAN1pKZa)4J-rhH}MelAM<^xCn|6SjM`HC5(7UZwj4X(kkq<J3{sw@Y!PAL
z??uY44!91;i^RPiLqwx|nVQ?_X{EVt67f)cz1-M0W|rxk9<M#y2IJXKsp0RU)WKp*
ziGF`V;oE~QK4?z`(s(>F<3DH@g}M!yap}ex5V)Q|=g^*aExus5)^4T{Epfd&)<;l@
zW7;>_ZvY9aCI*>>w_1?Pc=Jw`h<SbX=XL^^f=S3a+PaB{^=*)Vp>rLE?3_M!Q|}e)
z-c?aWOaDx8mwBrXV8Nb^#!}qBeR<XFl-U)!W6z12m*8OU$mCE5iI{_=`zcloxWY%e
zqJ{-e(9K*vR+ufiUxju>JSiRk>=%wZw37Y&Rkl6Ui9VUM-++dP3DjfAC)LTe!0L`=
zHmA0sYw$O0eePH^N3&qLFbR%Z7B$wjeY=dVbE4n+tNM(3-ty5K;m-o+)B504!X;jv
z<`eV4F!tVRziJCyJNMyu%QdwF687t0V1xHM^Z6$Ti4j~Gm3m4^5*pS1piP`TI3f!Q
zcGhg+_*M`g)G+pWDTW?>|JgGn`OWpJh|gl8t__9`B%J|~BOk1Vqi&=V71}f)A|ij8
z_*G~~*%hfILEdy3L*-~zn$N$_^CErkQN7A2f82A0{@Teh6l``|b<Vl}y3RS;dmM29
zNf>!DBC}GCY=l3f>1^<f!74Z58}2gpemGn_$}+`S`2$3x^-@d}TW1`J`fd#p+Ei`p
zyt$DEmxKf7o_Ki6>OnR9VIe2;lV|?Zn}`^QuD#qW8W2m&$Mp>LtX~KD!9nR6-7L@J
zW~2wG-w{Y`ZVI393QiCOS$M{}M<YMfZv1q=?@gt&Wq%Fzx~Gt6vvtmq)_TEg*Sxb+
z?OE;*379se>T3xpoZXX)Qu%AU=&FbGX{EmON5&T=u|a*<56DpsIrody*hInH4Fi@T
z$-vp*&EX{86{YCWU@lxo%wxWq<m~Q>6e}l}f(Er`y3wESdimBaafoFzZzbs$cV)l-
zP^-K?@Ta77=yJF~97U_l`tZQus%WbHg)Uz*M51S$?7C~{Z}-D6G(BLW1fqO5M~!=P
z5TP7~mag0$e0YMo1?Ctw21k4AF+YADXSh-M0l9KB?uFj$C5E(MOrQCjQ1JPQxT5ba
zCwI1DN+#xJfpzCZHm`aSx8qG>Fz0)6x6Ix~DV~_jPXUe<!SS7EMmnfr)4vOThXbjr
zTT_too1%9NDD;V@3h9tBVR*yEhdQzq;LWa>om!dYkuBMy^(>hCkeRdK{iKFo15rG=
zTZ>?Jy1R6!h!sro6LYN8HS2^<$zFFHZm&7-m+RU!DKl`oruHI890O$x)v=%%qsbg+
zN-j_aOi1$KwV%Dr=D~}2dizc_gYkR&3$^s=Z$@K7`3b|{bj6HC?W$WeA(kiOzrl&a
zX*(3Nn)zc`^rVZZVg3Z|rAyg1Bq@^K=dqi$xlvfBtg6t8{HJCpCy)U>Ob)C{4nG(f
zpj6_l;&~}v)960gDZ%GV)0N4Q?b>PbS-bXXevr>qe&Zh%eW3I&S=sEh5w1#0^%={M
zVj@gT=D<37qR)VW$WaINisz!1?i|S{4eOCm>B`k>!wB<cru)HbDaDZ8V5VMYUa{+>
z`e)!B5g?%U`tG_pn8^0WT!^Pv!!35uvI6=hjdE@0VlSelHd*FOPAxp#%#gE~D9NY`
zMPPm_0dL|3s*F@)L#)8LW^(63{TqKGRf3Z(VWsA2Nn~BU#Y8OE2JbWxH+n8jj=lF2
z?_YSQzZzg#SXlyjmDaUG1R%F@G0}F>B1&hdP7!a@e=R4dLyFLZV0G($Y~j?ui{yC+
zR#b8YIwm9!_J@m?`-&Xdw0d8kdnRu7G5cEYlo~mPCQWO^c4?IrYP<nYSu?q>;VR7a
z+g6Ye<L>n$lWtwoo!Di1-0BO)&dlLx<M&!{o)WI^0YazM7l>M)jdX4#PmWZIp1m~t
zG$=rE3L0$-h(@RS(sDjfPQ>ax!wZN31MVOP_tkRD{%6_uK~12W%$4&#_-r^RG>3Y^
z-?S;bOT2R`{g9u}y)XvM!9eU?S!-_lalcYIO7Suthc7UQ!8ali%&f=y8Mn&L&qU|P
z4dL(EH`HZuSN~MTAk090l4NY4OsHLcFaybGuyndU3|C<ax=%Sv09!>0t1s@%Scvw;
zv-PdTMdV8F4cPZaZ*(E{j6K-Qim!|0*>^KEfBraf_j23k;%}mHNA<{e%$r#ezt)u>
zg(J$aEt?340ImX1y>jYE4z;DX>(VVq2HnaaJKk!<`Z<8=dD^niz+7i+?W1J=pTb`t
zju4Shu0U&ll0H4jM)SS9(_`Wr>D_81(Na<88z_BA+)L7AHIAfO_v+L;E|cCzavBaJ
zN<|Zcjy8IaQtl-K9B3f$Xk!pjyITkZU`2yw5O$7CbP}+Ri*l@N-c-XrSP}TKontp8
zS}A^vwmngLxH#zT&pzxJ+x;6UacGq|zbh#(?#P8I@*M__<44CRdfxt1PHn6{zDBpg
zEO0RUWi;V1e=GN8!Dpi;%cAb}F6!t}%<3O7Z2*>c?^P+s*j-}=SP-5u0Ep(0_Ijgd
z&fV}by1gsaH(BYd`;F94yi|MT220>K$+M!<H8cuvd;(fEYq__6zc0^U-Esayg*otz
zH@$gq3bVo4uRN40LB&j+G+Y9C`9&072-s9%`zytA=~RD*C-r;OdGshvx`_qE^~6Ke
znWTWDK19ao;DYp*$c6bO+eWw)xa0JzbB$g}<Bk*{C$ZLtwk523zk*M$@c;Q8XYBlG
zsaI-UWIoT9xYviYCGPZrwglx#ASTxxQt|n7!cSk8ovCWmyya7504doPd~vnu(Jv{s
zFA5)4W3Uc=K))^cbsF3~h4`;R#Lo+HJv;F0SK2TTPhxsW<L2YTIke>*$in;VNyLy4
z8`AfgcV9|;XA=H(!qtQ24>12b)P<|4w3~W*s2K~J<z6<zKdxiJVL7Uiw{apLS1;`d
zT#IUA$fq*7Uc}lE%F=P!@$XO1jjQ3TYN76JcAZ5k@2Swu3bPuKZ){h%ApZMZXPfZa
zwQ8^B?xTNs)k34prca@rabHL=Of+X0)8eQEZ=Uy?pEwo6PG$><S{k}hx2C{|X!=1b
z&kl*=V*45^3))yVMFUFfOJ8MZlPR-XeIuC*p0Bagb2~~0qX2*G^f8131x|JI7s<9z
zi>atJQ(45bY4ek$_(|V9Z}bk|1h%8z4%xK&n&lMN?9MlvH!C>&c!4f{$IJOgd-)>=
zT&c>)rilX{w8!ioSHe5{on+c-c6*VzP$R&c!QfkeTu3!(s}b3b<(M>2R5aXN_NqeT
zR+jM)77Dr71`8S6prW)pl}sTE=xUJgtUvatEtt23tnE%sB%%AZ!H*wtw`g8cqpG8T
z>6B5TQ3n+jmiZu+&!V>4`IxR7{hi4n#OVm#gQz^i9SkBXK=Y5_@h%Ko1Mix-N+XFK
zcH1oem+fM>+Q%u%u(WzH(ofibDo+U;eSU1G_syd6{bF)goj=3wjw-jWAzP8->LKlS
z{AXW8O(kUwqpl6@8pF{}2%(BcO|Sk8S13Lo`a^`#|4{WD=79fd-IB&2fca$o<}ur(
zP=%5N79Dy9$x#hTdij?~U7COOamzcEpreC2NYdUwDPUe@qWexUc&Wo%4r<^q^fm$=
z$-EFBdi?J;KS>pTd~zVu3^BEP;WCo{<#V~f{uR;rlz-z7sGs<6j2=d9s9+XPcMmeQ
z;eieye(IZ*Tka8g_Ot!B^u?6jO|rJy;9LL-7(|s^y7{=+cR~dUsu14P?j1CqFw2%Z
z+=Z1sN-or)Y^RKH#d(#@L73sm;Di<wXvd!6&jqSlu-rLnd>DD)bdz6FnFS_#)*V11
z^HM4p4_QuS4%eZ?is;6Ev?4(7ONE8<YDxg|!))u4v~VcU<;`{|X$+_WLBz8)fxo|b
z;BD7QaNk<EP_a^tr`c|vUf12S5BjXx7!jrW#((M49A;pWckUTt_aTC-h1s6@xrv){
zmG-P*S&IGBQt~REhhD*gqRbYYgW5H-om7#a>g~xkPw449aJSjQ{>^OU!5?sJ0LH&t
z67)FZg|M8k#nmFp`R13?A%9Kos^XEZ=LiMQY!i+C2Vz)t=+fU%t1jx@*1cJQn;I8*
z^p{U|t2f{(;7*^w`;YlJRIhW@{o%q~b^3deHkQ}{0AmhZ#NQOfhODctFVs(7N*Fvn
zJ3)`bp&;0Ce$WTEB|b{_X-XQW_QzCjfGVJ0lgCUE)U;Px@c!B3%(DGM@*@x~peg}j
ziiO;7PLC6i#5O<g>ktJCfjsA01z;%=Vx5bjh60?K{^uK8=!}y8_UV9bUv+V!lsc5@
zEoc65)<Nb0uj809byAGdvhp3T^0=K*7!CIEF=w;AlL1(h%hO&Iq_m^_k307%Ze6bY
zL`hE?-jq}1)l$J~tdF_7ObH$FY=6&8B3JQ{8I`lmgF!?EypU9jy~<8Ow>%4b&ZEl~
z$bbU<fh_N$f*fugb?69!)rB(vv%*X+w`2iL#uVbPmpB!V8-@K>MbRmjh9WrNTB7PS
z6|GjZD}Cfoohr*Y;A7AIG0hxsW2QD-o_8nZR2LCXq}q#~1_na+n5#ZW!rF`TJ3E1U
z47*=#&Q@SjK(z1^_BI?xIYZRp3T$;%oW+)S&<Add7O}lO`L9$XKSYl7B87No$V{-$
zxK}Z}u0zH*Tv=o;-88ToKr^+xPAVmC7mxIjL^WTpguX+%{=l#oK0kj!RV+rwoRjw0
zzTAYaPVI$leJ6hSK1H{;d#|_Y$==OxG2-JNoDnBWl8;r-$%pC|!UgWCph|ebOUD<V
z%-)bz2tI`^m(W8;iWBdmzz9ymg_S-5TcURSav$R1%{JWphH)D<X4P!c$A3?%nshnw
za1LQh7=Hl|+=KqFzJ<K<xJ1)&j5H@$d9QtFyR4_zowMpq9Do&q$3)}?s0tq7;V3W&
zKyMs_9RS*wUZ%6<!yYK;D99*5)^v(67VA}Jq}OT^YB70ygjig7ad7*$kb9X@Z4uN=
zyo^1L7g|Hn3yx2Nr(>7oI;A<n?l?0E=R6f@M?|5|EBAyavVMK7<e)8`96vJ13H%i<
z@L}Lc1y^)GwnX^<?SLeiCsLKKisdo?&A?Sb%Jm{-82pr2%>n-;mhGQppK*h`D4qiz
zfT{RjHTS2h2q;#gq>5l&alPM;&6);I=FqlaBrUgGshm*M9KC4v;T+6e(oMM?TQLo8
zoWeyEWB|iG=zr_}EtS{hzbcU+?f87Cp1k>FBY6u+XXmhXz`PoqoF2sb9l_P(gsM2e
z^wz8zQpsl=St5k$(C=Y1qj{<Oy6dkaDoHISnfGPUW)-9N5~tbjj*qqAJq8D_E}v~L
z?yT1}Z_Dq>C+E2A@nQLAe>=jW4VG~^*5yLEx{vzarBNfIPB#zOm7qX^j>YL8&;RP-
z>MRTec5?ay96v{=JMAuA1h@WM<I6cZw}D3KXb!j$jJ(i}*N^7}Yzg#3OO41jEYgSN
z3C;B9ckH$VeVcdFz|kDcmN5JRPP#ph=xU+YiFRkc&IZ~t>`M80Ilc@7cW?ABpTdJk
z;9p$KG`Mz(?BWb0c?w@#yvS4y{@H>5%EcU{)Lhi*gH;6^u~2QNr+v3ZMD`HJnDb{m
z+gDjN7QFUv4gst7-v_InaK2Fat>Aw*(|#zle1*ANfqiO6wj-~D8pELe=3gAYiEofc
z)py&j`oQ@!nf+y=Oe8dSO)3S(#HZr89U8q{-M##LIinxW3@>SVSgQ)a+_0#0a>-7o
zjHa&!6_-4Z*#@ZLK^Bjb$QX=hV}L*Y?+rbhgV++1UpcDI+{eyAm~P)`1CdwvJat^(
zW83rZzaHCxw=fV8np&NZ(g~H<D^bIa>gIQzfaW?n*{NCS{UDZna1amh2>NBXj~((n
z(wjKSKU+>o7$vX!{4pe}7?kd^JgT6zl*$KN(teVQ@#_D++=ekXujjt*Tb2YNnC-R_
zxLn_|#4kzWB?y8z{phDqoR;t{VG{}KH|e~}0h*zJQ(^$kZDyRbtmO1o+vv%2F$yj4
zcXqoWr4Ijyi~XE~5KWuovU1v&1I$N4O(g#NZ<Da|LNmpn9x1br-$!y}jrB4lgwSMn
z+>--^0Xv`QCC`5^ty_p^hZWz0h~|0DQC;J3Hd;<kB584t3@bRy!FUcSD!8(~Ugj+!
zN$?D^HH`qK>LG<B`~1x~@pjyBJ+ctQ5T(RAAr{oZ*~ds@!gxI7jt9|R(@Ii<qXJw7
z2nSgjk>~neIyEDO^5*QfEj}JqHa^MP=!48E0s%{1gi^3G^y*dK>-8>?aC(k#_|W~h
zbj7+Fa3{2r=hI<?6M6Jr=e6vBBKH93WBAqy*i~#%3+rLnJ+NqBXjc2R19p4|P(1L%
zpD;Peh*cR?((y_1o}v`cet(Y{1=v0#@bKo6&!n6<G(YE`X-g&scWF5k^l@T!J4LJ^
z-EHgjtHy7mGH*TAba=k%2m+BZ+qH^HvQn|K*9wl_N{QcIwEkm+Nqz4Zpq-c1<_han
zh>oD!Y~B3f%-HZ-<%zaD)$lY$WLCX0vFV$Yo;AXvpuclApFHx+A_GXSxE3!`>q_z(
zOU??sYRNi{EUY`6ot$V~>8=x^jA7z83AB~KfA#ip;!^Yel&==@EbwewR1{h$bK2$N
zjH!qmlE9;KZd8oqDC>87KUZdaL~9DF&$}7B43TveU$VX#mYafe>OXnjLB#SDK%wUk
zllAW?N8-%IU>Ylrm|Z--GK9SSzB|`WeKQrzLI5tJ08AHq=DxY6dU}v~wJ%P8KR7@b
zV-S(A<fHf3fAy7Rvj^WAZNGLC(zL4M*}G&;k&55>X&vp<1GEMy^*@|X|JYPCYzvHz
zt{TlEcP}A*zGjZKLZ!5rgPWp}i!D3QG&YdyU^Diw-}qb!vPV1EGUsFsg;B`I2VNne
zGL}Hih{&6s9l<H`IG<jD4lMQN2rZ|sF0J=wrw|a~ZfkKa8|rrL?`W^o^Pf&UcvOaL
z)*1={yL$EN`si}x&(Ku<CQ9yx;r%_tE-%>NF|NmbFZc<7d(OHtMeBl(lAHt@JtpbS
zy^zFOxA+8S6?ph*vKdzI1Zi%rp>jX?Q@&z|-ua1!%E06t*CF!w->*#fNzdL^-Ma0w
z$+424{GqyMroq-^qbahXwuLPUp+HakTK=rY`P6-Dijky^%U~xMbIF(>fkh*7aP?ri
zLb7na;tf$~L8byaSbwU@MxX|?|C^qY<^F-=^;+2m+h=$tkQGT9%#n?`Cidh)(@F!c
zTChn#|A=rQ=<@Y9FGnkh=V~r=$lOy{G-)?=PpJkqli(vQf3)j~-3CwQz?bIuUgN$G
zNGWQ9pY%LBQ^XB}EF`tRC3i9KLh$TFN=LJsNQHG94e2RM>N>M|6KVzNYzo1w+`M_`
zjv1gCV@1Tx&Ix6$guo1*qh*AWP&qY}$<0Kia{pi5jjZ%13SsVy7?owwxsAg}?XCKI
zmCsvL<jBRB)f#hb)Lrd2T_6+MZSn0lKuIWbI=<&k6=_geC~uH;6*O|v)Ax~+XnEX8
zjvsyQsu!4kG#duIZs*TzdiAWtR>K8@&{W6oa9+7-1<dH}E59V$g;pD%IWr_c%?=ZL
z@?MBm8ehri))$9+;5US0orcvIKEX>?`<MR4F<=n&V4nO739Dw044T7kv4Eea)y}_i
zW!_B5rQFr|;k$QdXR2~z%aVxXJwZQ)%RjsJOL73Pp(9!~cP)8%j<;+v!+UG|@o)P!
zz7$&8!}T-o+?Kb4Fn5QBG7>)1K_fj3jW&^Uv2N)fz(gK}^dA41dsw465XnPq-Ch)D
z<>x6mK_lVF2KPVgtX01`eH|llC2z%7J(>BHgwetH#(wxCKtJn_(@KgK^_7@l`u0J7
zObnc8Np)IjR`SD8g!u2pA?nW?(*T_UJeLJH?hZ<ofs!`m!Z>vz3v(!mu_esiC4|T~
z-CEJm)A^+l(vhv<WAd%(!9(9nNYl#}!NWn(7a%p$ZZfV+dL?V`D%YPYd(pdB$Sgdx
zS>Vsp6k)kwZUuJ<GGI8~(stiNjB%sPFM~{y;D<Cb-uiHovFe}*22~UuQs#E-T<0@<
zFLw7rN8}I7N#IuEclCMGnqyeVR`2C3S`zgqHM!Jp^G*8HqwAWRNGni`)leTYym`Rs
z5Yh5!4?Nj~Eh;rSZJ&s{pL543q-(`6xzK>*o0s8`vwKBnseb4Xs0j37PFxFq<jx+H
zCQbTy_5t{fgq%2X!I{GXnobtWWZcH&N|@g#{$7XAH}rkH((p!XwO50Aqkmwz#Hp_W
zarp!IwB+GH`<eU`@a(tI!0-cV{=(l91izL+m~S#<zVSt(MNx&}!uJY*^hJ-O1T49>
zvdBF-3h~FK1k*yCSC1xEk{#_$G{|EzcovYHvcNf0J*AWM#tuGtbnTq{7!XaKis&Bs
zNuPk$K!0TQgmmD+23(Z{66VPWf!s&2kjTz5@T0O7g+J`OR}xa2YClD)^qbcy9mTY`
zdWh=Arj-ddxm5C!(fy}>=T!>cK`F(JIn@=OC|Oby4bLI(6iHGg1VypmfN2msF8@p!
z?-ai4Ae+ps?vn9_s}ouO*CtH?YKuSJfH}=4?ZxFpen@=HHmx5HcdVe<`rH0>7u=C@
zo2$$?LSKn_sR4F`1nQIh=hQ{D_>N#s6YrzrTun?GUd}aG>JHI=;5vz3Vcj@ih|WO%
zXkNHwTw!k~aCcVY4eoF`o(|3OV75#t=nm2Ii>a2TR*M6yhPyH>Awi(3I+<Vop_*-n
zCTe^b43E59gXX0qYzii-_v2cYjM2X+9F`vmlB!LIxn`&}o_`D)P^wfJot+WGdr!di
z)+|r&J-jUlY?UEp5+7XFC6DV|L~%kwE#zD*bXI<g_n>&?dk{N+u-1$=vu_04XtlqL
zfx(Bx#M9|etxA(MDb<q$PA;Lvz|qkCEa%5oh3P=E-Nn&~EzTM0u7(>Nky7Dn5Y<CQ
z)Kg*RWKa(z^GI|HRRU7N*EnWtLzD;7LQbUWjH$P#R3DOF)tB?ml*)1b<3c%wre`>c
zy%NWt`!$ne?|oA^$&#y+PXYCr5<|0BK%LFjpZeLQpU<n5Dn^XdoT5qXAAoA(M>Dd$
zkqxQ8@*2O}9ZffT<~O_?{BC%Yw?XU1pF-uegzX9Kd!FZ7TY*CBaF*4q^2d(!R5CY|
z-x`ICFr9O7&D#Dr+bqY$#5}hH4^!(`X(0F=8p0S~U_&zT1s(7iKcI$9#{TAYpSbgx
zv>KIE{@$wjmG*)=HTJ2ZnRGodIgH=ufIV^7w}#c#+{O@tRxkDOoMNCPWPjqB721y2
zL0q97*X=#7ECTypf^N~`6D+ypH<9cg#lmbjHO-^oE<*jsV}u64AFZ<)x;iEh$hQ(h
zv8$qWuL!crTaZMk?|b9`<jw`f*aQcdeceXvYCq})JVI+W(^8_VB?9wT7mv;JY%F-g
zJu9GD<MfYk056hu79=31!~N)TE+dKCFBF;luh~igBOMqQ!hrA5Vb9`Z@<NDtNQPA|
zFWa@}>IH9l`YP+lfBD1fk(XAwNN^#3hNb>ZF)2af?gC&R6L^_n7jeJNs>!~uV_AD@
z45GXWmtI5l2n=23Yfae`DCsb7B8jF}JAxa_2N-lZe4Il&XrSgDA}bQ49o)03O{Plx
z)(~p-fI&t#HwtovBmDZKRn~BR!}#Y&oNfCG%NlvtOJaRYCIifPUjCz$;xz9XyY-p|
z<+u3c7oK+I^J?9}OzxKUF@s@ac*Nf;`*cM?WpxZ4n_bk6tdENj6zBC??aCL=LI}*R
zF-mx+Ud5nM2s}L4=%YVvM&!@O+`7Z;zZyeT1@@yqoNac7WqZth7wW-%4VL)Al?ACk
z>gKA^qW&fHc2rm(GgqSKpA0lWY(QTWyiCWQQg(3LNS>PwVwfofUdqsefYc7_#`XVp
zX%?#ZN}0$8)Q`?F)t2>{Be|+<)ee2321jurkLP!`kS?I>hDiagYq2qH54Jv(vDTMW
zXgnB%iOyQXZ@_v(Ru6)`bE3~H_yiUUn1UH5l-P`M|87_UI}_jHNBA39uP-k<UrgDi
z-Y$_eKQ%l*MJ0kQOE4NDY3rcNyvxKeH`x(L2ly1dzVJCYUzlG-V&JI-qv4+@hu~Z4
zobqM`N+H6A_4>qVaS2U_AALBg4yh<2Ob>Jsweb4r@@B4{{s9=QBMqx_eC^~h{xh*G
zVEEscJE{UnT6){Yhp%btUibW?Co5nTF=Y4UFuxaZ6o2)l;8(8jmG<{I+o3BrRp0)_
zGUNMWwVWNOL~@-3fjV|c<!zW*6G+8$FNd2<GZ*2z{?SBOr@FEew%7I?#lI3p18~`!
zWpY|15uKW`2Vvoqr2%Bo_XQg{O7nYlNXtQZ<Eyo%FF$0oa?-hgibvq~g3%*#O75pa
z9-(m_(I}S;A{WJKMc==pREX6ovXwNLK+N&|U2o^f6o855Si^I`x)q&f`drv9>OY?L
zDLfh|$M#R*9F8EZ{fH~sYtto<5`K31Ek^J14jG1)z671+LFMaz_t+z2ck+vV#zxqJ
z@zr27-?nuveB~|`cKXio39244`Y5ZQEb){mwJ;LB18*J0LPLZta&689R0#BmN{_(m
z|AthU#`<a&0?*Y<^N67=sYkM9VqdR5(Z!87coggm!aStKpVme7_Wc|Tt(rmH9ge+?
zS1YVruMt~#y54iU%ES&s7eAHixmABF2lC72c29tjvQOi+5Or^Rv!g^)&y-6ED*%}i
zca@!8#PqAJR5Tq&TE3$9;82F76Z$XmmY@J}wB||6{@hN&QxWU16}pc0ARvv7ZFumP
z!gQvCcKlAlIwBOW8+wl6_?E^)_JX`zHY9Ia8r<ToRFeBu`8!8|gM+3zvAT8t87)0y
zm#X1AbzM$>vx+duR^Nk68#oYPNNgE9oO|(Ar%W#+%+JuWF)*>xwvlR!0L_zWeE057
zso=P9nlHYVnIu1LdxK5VEX8^z`9*({jZPoFv7DrEO$1QUPt&|iuRAz)Gh>Zeb;6qe
zB`z#qDa0tS|8$ygtDwKirq!qXj%}~h{Bl`yK6>y_N|;R9-H&xMen}2qj+`kuFJ%TR
z-@zwMwciT-SV_UB&k(%GVa_voL6Q68uf&$#PKE<MH4ZRiOr*gw=L{rt_mg$dqK`MF
zBX%h~(&BXo6Tu%?E`bZ;rA)pTSsRzdktaS(l8MlvdzJiz*;Lthq}yTKQ1mwChn;3v
zD78zz?tMqrq_0IBPD0iBb~R)Yz&bzP1@F212GvxipS7usDd`{ZE?wDJ&V+}cmf=s5
zc#X=ACP!nw7DpD>xg84}tqvg`nD5H6f%mF{SK^vSw&35MDG0HFZ@=kJZ|;*RI%bn#
zT!!Qj*+C+q<6!<#g3&sBe_^y_r#d5!O~S!c>yBk&JH7cb$hE8CiZQ?7Rs$&=z^@^=
z6hFc9iEpn;3f>>IUoC&^GK(A=ZT+Yn|Jn9WX3d@Gu4<Wey`4*6U~s~(M<BNj-hg+y
z((-G%#VyeCpe?{#pRH5U@?+_oRHnAS3UN!|9RuTZIC~tG{-qJ}(L3<BJ%}6{HT{n7
zmhDHeHEa}-IF33Rhe8y~YUIjf%+xoiLZ|iC_1J2;)ha5(ZO%g`-F5H(dZlfUQ%<a3
z=Be$KO(N;iljzwbD!t8qyZAMC?*mk=^p?{%EJ4kh!1Zmtj6eNs!qYu~_eWY1s#Mq5
zk@O=`jWB%vG#QF;boX6}zClT>fQr$!c1BpKoUrU}gpAIPkA3xne0X$+3y*GhN#315
z%hJjeo}u+!6RB8%1fGa(2en(18Nl8w;sY(~QRRict{(0KC`bJ8S74bN7ekkuVfSmh
zaj8clhB+>kSq(P)9{iOdTe0B(+_WDJ(Al6unvje|@NG{Gc%J~`1U}!i7v}j_a$T|$
zef{)ht%LUZrM2A(n4k*;2xcegTFq(niq{-e9Cpm3KN>_{=c+LIL2*JKjx?p?lEE(>
z{B3{ayH6Ys5UnAu4;F9$>?f55NUmF7rz^WUN{U<}Fb7eq<;Z9RIk93>i)|)LubU+0
zw?Fgwb2Ywj9YT=~MALVnGiB1p`2#=Y$ORv2^rNv_TTNrSbp(`Z4L#vBq+57xV#$j5
z4OCDnliJL?2Moo0Us9T=zqoR7``Z+&xIF9CVoDXG)c?T$@1=aBZ|<gwjPvKpt{e>b
z7T_JvT41j$^%cpgXwqC;K>Bw4idOb0QnQr4P95_sKJ(XF7qvP^<+Gi|uhpM(L$5Pw
zEcAvuH<Rjd8#lo!tu~V@!8E_ieBI=?z2;{32X2E29O5y(Ilf`%8$S_S_3>=Czo<p{
zTb!q}e>wOBr8l@W;ZOT@jf@5>fS5F$H%A-%Q{#uIF*GBL@ru6Bp@L2tcz=RF=Q!aU
zY2AsGa7YsFEk^=F-!Bv$+Uq?|>(;JH^Ijiv&Bgx8Q(*lvrHy~`<NlWvEq-?jHMutQ
zjBE_^GtX;|xXzcNDrtMwQ#P+<{D|x5ZYU#sQK<}CIknzF;C3%(o60>E<&6wCn(gYd
zo>tDxbj#BcMgM;<fG~kes_p07L+&t6<jaS|qsT<qUFp~J?4|t4cQNsh;JKUQOk&lN
z!p*OuA(~dg7zWDViQdbIBRJ)*=yOKrczfb&%9kpq%cEV9hZ{Q=f@D+g9$@DC;E@3=
z+YxL8<`P)}usbylWHH-S9_!{{bh?mL`&_)2;so9xmDq_)KYY}_oJ^b-m?$|OL_{OF
zNwatCiDd2CxARx>CwD4L+6&K_An$JTPIbNW=mvHxE3JS9A}U>>xwdt}YSiTycdrYw
zq#)gks+y~iIs$P8%wm1LGih$F*=C|$Z%PWk#R4JXZme8l+I>SWp6;e6X<(L587g>g
z1&nu$8Xl7Vy{G5C7kDAK6WFR@9l9OD6?jP*DIh6$TC{NJg+thaerg2rucDQr4y3K_
z$i)P+;czUD{WB}0eS@8sxm;8{H`9zjqfJT?3s0>!!f^FV4p9jprxqT*iQpi_n76#c
z+?m^PO@0dAd%18)P91q`jBGL1GEI8cFiTudem&~*o{h#^-T_usBSK8rhAsZEsP%02
zda-Z~*u1}@F+)2;=Mi1!yZ0=Sn(_}A*n2EgTug`d`uRzI)w@Z6@(+yElc+F|V@&&=
z3;sy?s&8zdzW;kjqRsgYQ+!3C%)JuEGRB#NdwWm_@w)bv@z?R(&b0Pz4}r@OWY*$3
z*ZN;55HR=){8}YZNkH**AbK6E6J2AfALU=*#aG6I9^e`MTwlu{=a%L3oyL$1$|m^w
zkN`{afpP_@m6IgZi$CY7(x$3?vZPL;7D=&RspGD_Dw}92v8lSjRn=Q<-BPCp1<nLq
zSCV5{MTdW$@=OBbOKG7y)1I0PQEE5X6BSHsyR$ztb9`{7ySnGlbQ_v0a9$ey^1I#g
zi#B@FSBum=2<w4&BU}*7dJ4FhfF_x|`7?%PNoHX%+J`C)bRjMirdR}i7-rUs@W8(r
zs5n7M;G0j9-@C?G6tzZtieV$P?Ms0h5zrsj@lBT64LonwOOe{jF>mb&1u?5||7RBS
z&F@9M0G5@-ce?_PZ9Fm9Zx@&OMEMu|I@@+e1r){-!Nkcg?p!a-tJAGKzQx~$#S0w|
zOwWN9-@WWxNCM4nh<^&`P-b*Xyr5TUFNB#8bPaNHCJ21Au1Chq*E|I>k~EU4+-zbg
zrSe)mh>K*o_ZzQrXGQ3-wzMR+Cp8Y<tlQ@q@36=lXhCXaIUMhSGpl{d=p&wyqb;LH
z34JiGMo>)0ROZ|H#vgPE@_$T>Ev)GMfWD50ayYN+R~U^so9vXzt3n@KD4}33DE`|U
zQ}onE(_wWaj^tmu0_||p<d<*oPtuZ7WLc<*MS0pnxvnio*q%ln+@}r6l)`YS7=6vu
z{q-1>cG*wQZke<3E|wkagldi!3RWY5auw1<ec-R|>N6CXszcnoc9_*c=wNcy*4B2w
zieu#a`-d|Jv!AZIi8ofYc(3*HBlgOSH+1A!B2I-?kr9prEZ<DO#~0!uQlQ~wJRi@H
zfE1`xEe>>w#$>t_;>c&MBks_j`uY`vSg@UuTL&51UaDTKDe;vZY!5mc9Jo@l?&mwj
zU3zL7#LfSgB~q_8cORi$=h%&Y&s1qC>oN#76b@>*kz=<TC`T_Tl`F+H3XmY@hc~z&
z%daasgc+@?F2{KWxnr6+Eze!pz*m>&8a!^cpW7Y0ydcBZS^gR^d06t}fo}hMn$m{h
zb?4NV{eqL(e^&pvTBJt+&Id2k<KWkf=9tN{v!i063>t@2&>+6atIHur@lBKVW%Rpe
zihpQg-|q@q({iRsMm_k+w=E!2Y&ZXIFufuiE_te|56(5d7*5DB{s8RF`@K~%etBPb
zCVtP}Em?K8NyAXNA>KqM`~*skMZclKu1eQ{n7C_)jY*C&NmoZnsW;x~Cg#e&oMcm@
zPFJK|zEgU2A&vq!@cxs*4*c;Zp)!Ye2AZ}}7(~&q^(pb~Sd?VmEN2Kg_i&ACQ~C42
zhS=h}kJr!SK1q=XTFG?R^orqd`>@w*@1?uD-UwVhSA!QbK=9KpyhMC<8S=8@I>I+X
zJa<<7!N(f@31o6s$aUEYRQH2Vl(!0+J5i!*Q}Z4gLw(hb11Zb5%zixZ%lvIKVp~qe
zw|ZEIyWcsfK#n`XHp67gxzb<&&!L8k>f<8fM`s5EdD<fHO0Tl!Q24_s3g-mW*ZkUB
zcLrx(Kfl&-vA5r7w{Os}D#=1TkJ5K^1<BxhmtV&4nH7;ItdML~nc6*YSR^^jr+Hx9
zdae58?KnjC9A$W8GRBba<|RJaeZ7M);BkanWt8fw&se%?3!xA`G*gTDM}6lgcjaJH
z0B&`j97VFBP~HvVbWynlJg`Qr>)(o1&+j=x!jK(GEN)Ap<A~(rfY2)dwE)qaKa#ZO
znHiwZSH2Qc&?)V{<{I#J^TtEx6SYFk5RTgxV&g8qbv5826ar^c)B<*`WcRhrZU`;#
z5|P>8r7|Thdm?Jr4E!okK;x|5t`$PTP0#*BfxR9C_JDMjImB=9W9L%nzs}Bd)y$AK
zgNItbce|3Nb!HaCX1c6}ILWC-7FTVb!sA08O`_|_1_KJp`)an>;$v2h{2k(Tl6mlX
zO9HQ&o|F}^n)yapm-4i^y-ZN4Zh?r_3hXu{z6+<j`RVxGI^5s?25!D^6xnuONWoJ&
z-!+meZPoFJx^76o_MaaT2q{xk8nEy|7ptlbn$v(K%m7rxz@NcoRD?ZF_Dr8$P3l+)
zJ=H(LgRM&j6Y~TAO_GHvJw^(ibGKxjM>HRuB@;i#^g(W%o45Kt#+A4|%faDlx51--
zOviZ0)azw(vQ(b4(kL$D63?Q!GSe?9yMj0pi6u~uB5*C4{HE_eZ8a%+LSZz*LJ3=g
z5eNJk<VaN~qQPSg0pmYqybdo!kd4C+z%FN%@(toZOf0t)NYHNiqGP}76l(J9o@Zpn
zs?O8+BLmeuap(dTHA=QGvxII3nQg-YiLh^Tjh!){C8$&1(`P>`JaWMtM1L=O)p{>`
z;fK~-WBi4w-p-}zHtlhft!n1w)f-C+q1~)%N<74XX;+Tr!)Jk*ji|@ltoR^wNPf*A
zg{*Ovu{JPDxOPRG291@weMn9+37QxvHd+<wl~Um)t+E>?!1mjA1jtt*-=Y@I`v>n@
zE23%lqMtNSE)YfeL?7pVVP#wdszq>j=`mb;=xp4d(HNntnaa&PY?cjPsRoEbUgl?{
z8!PN;t8`4e$4gOvZe&kz(tx3dwE12RTbg5^NnJhr*nT*~PK6oRvTt#MQ%KPJbxmK?
zb=;^q-$;VIY8y`SQ6Towa}3M%UiZM)YfBf}DOU*2kqN$2guBau*G{ntxY`Ru)O%3U
z^ka4cr@Zx-=})N<Kpso8hk3^hkHt7P!f)Fnw=VR`mK1!Al3LTK1lb4nFx#Vkj$>ye
zm&~b%2uSeopN35sEkj`ful&XHCpMOL>&dJ&t_s_W0ToPzZ$8GW4uHH#Y7dHScr`;t
z;k~^L@fGR<M3TUc)2*o6vFN6zf4R{D?|}|~4ossJ$a!EG162(3SCBk8!1Vw8%6C6t
zyFu>7f@YF^L{q%>Sc5Jr*9i@g`pf^Ml0Yjc&dxQ7{4ua3=QAgKvs0%xQcHmEdce^;
zu4kz#_pNA@r75K^Gk=9!Z`QoT$2^l)AX#$#%osKgc0Un-em|{d+8uj~qvppXKw=nE
z7i#p$nqH3E&n~rVqmwAnD=>1~^Fh^Gw4a5k+8CI!JE9PM@;6|E?|oKik6B{-_$zSn
zaFOVeCw7%9NwX%Jop~yjxZ(Jx_W92(VYP1}5)Xjs%2?Xv`id8)|4=y<l*L^s=4w5n
zSEa9PHBOI0Pvp#g?3g;(F|ELB&tchW;Hs0rh2jr~gRnW|x}=(NJW#o=>W9Al{AVBG
z%kO3q9$L<VetP5Kps1vpIj|8?2%zhd{Uz~UMD)NFS7wUBbz~m!?5eFp8_)FDiZvJB
zK_%7;9R|FLgj--1J7HC__w$uyGHkM7$HS0as_z>KIus4b3qbN-$(4kS#zjxv6g)2d
zL|FV*aLg@B5%8H(_|lRvvQYJhIB91wHax@{DoH#)`?xsMEG06=em5G!O57+tzOn>*
z9yWUb_3dL9=|dL|@o|$7ZSGD;ga8luqCN5*z}1CdZRfZZY`pA={y|A^r1!!tmNr%f
zgNdEXv=iV;E_pxv+#!%0QoIW7sE5|uQH<YlRvm!9>eoPw2%GD@C)6~`PcPsk@3ke$
zEJ#@rhKJkuBTR_vU*&r{0sh%=6Jk?u!VqMbxfEXhuFc1d08_>Blf*xojqbTQpP+|)
z$%OkzPmAS0kX4{R9il}61qHRTK7))*!~JZ8^_)N4ujrVfUT?C2c0%b_!?SIT*_9bJ
zU1}0&Hgv`&i)(9DYv(RVVx?=6#f&L=CAo=MMYyU$^624a<azWFhTq<eqo{C|)?}!A
zqn?iItcE^pqAE6=G`o3!>i=ju%djTjzl~EeI;1-Vr4c10Mkpbr;Ez;NN;;%rG}0{~
zF_2V1T0mlSiKNmnMhHl3^jJRozj)s7*s<f@eP8!=o!|5PoTTxJBez3fxv<int5K5P
zDV?sbl|VBmM7-F4-?T-|=~mMI`)?%K{(bfcbRe3Pmb>lVbsQhl!ZU!-rMy(hU@BD3
z72#h+$p`bmc9urGJ^AsTES^-HUq<~J<3FS8>NS<>EF1b?rNPSl^L%3<`n5I<9|r@d
zq&Gub4VD80H2F!(3g~?kGb4j@BG>U3#&6CtV)WErrH36E27A<#Cc$}_Ps^)w7!kZb
zcfL{w+H5n!@9E`By{Y`K=p(YERvc?+smH14FU|K!k9-s^iB)%=DQQIb4)n}uwsDi%
zLPx&%o1O{(3NA<>nki=EMjq|~e+q>2Eb9PdQg-@r6HGNUJQSMt4Ao5Gu;<!a&^LJS
z!%%~s?U|8*B6)A^Sa~qB7C?YLP_R9`Hf=hg<J=q|E?r>qlAeV<Yax?mkJz=GdE|Xy
zOyv25=mR9*LVKMNufW2CoEjtW;PHVR`=iN*ncH0ttQBBHxQl}ny)fr%fMh%fb{wlD
z{4n^+k$u4W8XZP=ztrq$lEWcEZm<b~_Xg!AoYk+Lvsjti_#D|99sJ6fnfmibm<n(S
zjLLJly<nMLLDOwpWsG0HRKxzH!0Od~YJWFzY{_2c6FlLUZl4+NkjF);J^2n(Am`rK
zbGx`k-ebeu)qX1ZaAhn-xIRj?Y~^t>>w~W|C2Ic9pOmFfX=j<C9rtFU)SVDDc^X)&
zb}xYl)b-#Uo47ZMk#|uUPtN=AeXEY_)RBl}N8O|z(QUTn011Zv?+t6PLjFQUx0v-v
zwC5yVKr7+U<H|boj>BZ`#PgqYo<dIOX&x(^pJw!WP_-x>hpmkqQR10z!-TIZJ35mQ
zfowHhHiqudKC~k;3)-^H6U*}zN<1ETckVEf^0lX+B^47vqdZP*{uBSCKm+)m>a8^_
zs}y~YGVN5bNk0yRx^y#i>^_<)p_`gIv^8JeNG}*K=gGcrdvdC`yb;c>*gtTh5FW^O
zV=4U)N@z2<iY#qXS-qX&OR`XnxGdl(7LxuzqTJFqHXL<{<OAV!9Jh_@7MB6sh_3%W
zC}r=CX9*Ee-A``_$M@px1Xsh?<w;CC=x$z>)WR+C{^UP+r_%NF@mxxN_2E>?8mJb<
zLCD_sADMtvc1%>`-(6Z%;^$pby3>Xg;=st8=?yWt9%q6=S@ceQ=*4Llg0LVwS7Dvh
zq<P|UX#0n&Zn7VTjRIwU`)2}5F@idblb35S+3HkLfL6|pWey$_O2DK9=iYSd?oV^S
z+5sAED&64<)%J5dr#e$iN_{wa)1J;FTo~&&c_FQmmgjDNpL9*ODVU+&pzC3rFt~ik
zPZ4=i*Q92*1*PgLRk@<9u_+TZE0QIDU~(zOhoM+bDw#DM>`>`F`lc*1uEH8+;lXgc
zMLbLv@=KWcwL_y#;`sfIj+J?c{-fQh|MVm7@p*i!B2;PXHvFoyGP^6H5l$3Rn5Y@d
zqW-dP4-((ld7qcOuTQ@-S#@(*89DS+e9^!7qhT`d+t*Q{<c=+zu#2s}`PXiGs5PXx
z5Nd2nXTha_Qk;r=&v#E15NXlr$1H=z+Oh?#cZ|MO-R{@Bt1X%xV7KuPScd{v%?cUF
z$llMEngt-dCz)xIT{k#xFjX8Pzo&ONvC=!dtCkmn4g|r)|L?TAeDXW0qdA?#$$T)V
z0qLJ@SfNe-?#)<gA^%St+_A^`0NSqa;<iHWru*{l&Cs9Ftucb)d-dibi^3MgSEzv2
zyGMNJehUxNxOLu@?nULZ;%mYS(xbV48#?w$t`+}ak4{P%>5oJ&9<XmbC}yY~q~fmV
zHc?Bm&D^aD-!8fYh9hh3MfK7j;<dsOh?!C#U3vx~4CKB>5UlsY_j@gT!(zs#&qPGN
z`AyejihdM?0tR?huYRjAL82by;$u^7WeSBvMGz$Hyaw~^g`_<_b}$`B@a27j$ORXl
zM8Ad;B9u_>P@YF~b42rxKw1qkT>FtGU$wEUu*OO*$T<K;lsES{HzOzOAi$;>W4iz8
z3=+OLn9={V#_M%+hCU2tI6#kN+f>Nd;)>sC)DLhunA0MoSDl2{9WkoR=(L|ImIFUg
zqa98%_6XL64TNPRKYAw}m~-f7vh(J7dhe*lsIl5DGmDQ{Y9m2(5Xvd<_<E#AxoTs7
z-75HOc3R^ZJ3jD$A^!LtNGy^yQX6ASmwU6jaPi1G>k8PmbbBG>HDVY29TdIu-P4+p
zDe&QYzklxtk4eo4ZhpGMi!zM-?(WaT&VCKF%nnI$?0-m^ldoL`WvA7kfTc?`@F$4X
zJ*pXbab(MY`D^+--~BSg?3if#t<mMLtegTaEcAy{cbg76hOn)!0U-`a?PPJv@%WGx
zsZn1l&lZcfD7%lWeTh0gigB~j6`=hVP-Sivh<bR5u;shw`&d=(Mf0>oILr1CuPQsd
z#U~b|ebxA~B7yyww;pNCu0UYF!^R%$f>3P}pWYuJ%7=cuAw;~$om3xw1-<|GTeF)n
zP}5fyWqdos!cF4G^&~6uj6D~#yTC%1tT#viH%O~ggncm$iq+C=nryG#2EJ1SS50TJ
zJ{K(JKoNSyuL$zxYO_8{g{lIF9s}E3Jix)tZGXq}Sg~%;5d3X=#0QL`l?6h2fZ1){
z(-Q>716j@KwgZazKBO~N)WWduwHgzs7?4aFEs=OK!&(qNM#IP2Cq)E{^O?^{)Znr$
zYhZlZ@cVe>Vy{7gZHt)9z0-)(W{O~EZJ6o(5GjZv#W-SYdn{zzf!wZp>fL#u4y--e
zeu{lzdLm6vYB5MQ=Uyw>zX7)XY{sFT2qt@u8<iW(f?DrH{2j7;nYS^ReX>PkS;pZ}
zP$dhcD-0Tqs~Yp@Nl_;FZkFx{SO3z~6#dd$O}m%H`o9;DA!u->7RPuhIi4WzB(|!v
zCF;9OANDcs+Lm#g8q_LTj&<qAUEcmLc*~zTIPYynBoq9W9CVdrW%Lj$iC2F5Jtwi*
z0qk?!-zNq*D%Y_?zJGJVJs*utrd;(Besh=cXYrg`C9rU1Y7Q?o_hxqKI&=Pkw1aRv
zKC0rx8Zp5OFYkS5zShxmm%Z<$@}?FsD&DGgx_LV(6TN+YJ*eO#t%PgFCC;2hP=jCC
zgzWtn@(w3w#qIr0IVxNSmRn8=;>jhubZ3>E#8D!JkRsPvhtKgu2!dw`_?V#db>NJt
z-_KIgN%FINCHQ6<J#5piNz$oD@al+#LD0PMQ85+4)C>WD2lY_rWiNsW@dxO#gb;Nm
zl`&qOYRt~L8GH3VqqPb;<=U2=Rh~di(M}|rO8{e|?Q|7hI7C%;-2NiUNmO$AF;;pI
zrQ9ElrEI;T8**)Z$YHF6suNB97`$c0K-4Tzv4wfqpT@MMzbs0HcrPy#SvbTx%7T9U
zcC?<u3Q870?n?wZ`+Se8I;2%(zT4Z|@Xs(uErB_iM>aLJ=$dv%2~kr%bm9D{@`?!K
z4Z)h(fKF&vl71VFG;@YXlcT;18UpFR8AV>TgUX|MB*HSu1BaVleiBUMdB#}Ml;~t&
z9&!3px^Gwl4ci~VCnfFd@daVD)X=%&*E)BG@$E}CgJe-HoGSDqR2$$-vAepuru7fG
z9(6+I3A>}s96i%nU;TN-u_EstiF?oU7Nbkf9Qnp1PFQpmI0VzU5*;5~dq)HgtWjsK
zhD&Yw*aXZ0vylPtgg@$ul`n(ktm`l8hqNN-TcVb-8vdBm@b$4{6o_JHmt7zDM(nil
z-fW~qN6@@;evDxhN|=nGUr$t`PdeyN)~3QrCi}b{(>+Y@%}T<{)VJZbQyM??4MI3*
zPY)MlDX3Axn&~dTiY4_~A>#2_+D*Q}iq}aQCb)?7B%Yy!a{JR+u-k9j=;AvSLM{sA
z{E8GKuaZ6Nd>co<Md{EHlC^A^tyyZQBD(MZ3fPCII+uJ0QCiS;W4wc7m>r_C!2{Z?
zwd(jn@iEqMY-;|7ts<BEVd!sHn(qy>4}SriMi3BQ&YPXtPEovq*Jj)wUdLRiJ9CVR
z9!Md-wG%@1u(eEPzxFHVD_e6Ke>*;elA`ka$wwX>i0DO;9z89?^2ziSNEy7L99}am
zj6{I0(m?tv^Ho`k=LIx8Pc$PjFwqf+o@xE}Xx_76w$R~JF1L1|8IEKEPXOME6TqGy
znZ`2o@R70a`N4JN<g~oC;ulKx|H_>uWf;O3GIMsp7OFt6V|G;#BHBkO5Ys7P)uW!Q
zZsyu*(@$u*P{C)n4Gb4`Zu<IBz#qE}u3Tv2ZICzqx{0=wbxG+HQMlNwzUv^G+5F4_
zi=@z_h7KZ<`F;oK9xRpdK;;(xlEYL+cGsC%$BFg!ZxKB6WLNT0c#s3p_qbK%60+f<
zsM}R{{9=+Gf!~`0%Sg}Ui^S<c<pSM^N_De?HbZQyqe=_g@gw?qx#qTp-@AwGgSu#m
zos>yXOOhg1SMZ-RZb3R_k@fb^@&2UqJisev&o>O$4?*mxI6CL8PaJrEDO`|=YT7_$
z?T~IX4O%ZxK!5}Z`SG5xAc?n?;g4SxK6a!FCQzM*|C<-?DSukAP(0?+#5Ck4+9qS8
z7Xu8noc#DeNM|-$VJgdg({1$;x3xXZE6(1X@%Qf#w7e2@d1QtrIiL=lY{QKQGW}V~
z=F2QM)C;D1+(EpCNd;kg?U!x(*%&W@TX30$E}CUl;+Jyekk)i<EpjgKP1PToADJee
z^YftH8++pNPy<b|-8{;joWfJ(fimQ=?z>R)Ep)|De^7F@KLNLe-~)yCtP_LKhc4iO
zpfSKM-o1&*$xbw#pGR5FflwNg!3lctt?O&iULSQ=b%_j78X@_$C~orO)dQX_F5s!G
z<=F&PiN$QCuaE&E8gd8I0kz_9{SEzOzHwd?CLNSAuytkcMiU}{+fM<lBNqOFpurc9
zAH;hCjqEdX>$LJ6qtXt?x=>#m7v=O=d)gU%2e|qEH+E_$^8Q%ZB)*83)t|_|r(ZSu
zUp)U(T9ar5+a8~C=87+mF7Ao;_k1r^_52|MMZaZ)BX3B9vnmy66UKvyRpTBhTdCNB
z&H!<hh@waC60v}}X~0CczWu)F;B@S$8UAPPgR}|$nSW%>5n%<*mDKY~<|D$y^=}iV
zrO?4j<jkYDcH6^2MrO~RK6B-^JL1sAwV2@NckrFrs|LuSx6>c)%faa1e@BjuT+One
zr=sR~3&Tkcfjj91r?P%zIYxtAb8v)W5$^AkFU9jX6Wl@y=t#by8LMer1?;fc?(d6t
z+j>if1LEDb**<o;?TFC4P8+yZvkr(~nuTfY^5KyHuX_&S<tI-B1_vdgk*Oy{&g3iY
z?({97;h*nlwpw}m{~K=8AIAF|&~eBIbbdC(c>kTWSO%8LrN0fNNdshkRqfI191chu
z?G>h}?N>V-uINAEbEY~t^HHdJCWP3&PtH73gXdAUe@OIiM31AGMtzZBexer);zfI(
znUh`WJV$l!7^4yo7xu@M^*0BS)rY$c%i(Xjw;K2@iP6gQGq|stAEi<#gLK}q?@%5{
zp4cvkq&0DdmTAhJaqL)AF=eFQLPGI9`lA_K6-e*(P7bCNZTEF6B5`y=EWFr2k6~Rt
zi9^c79mM&gsts6e6Rz5Xkz+FHIDI2~3kc*5Z@L~UBQ4v4{DIV8gZ38)IIPSGuR+&m
z?mHs$PN^Onn8aNj@_73pUX6b{Yb?@6?CA##RhOdGQ_DA#N3)5q5ept{T6~NA8?tEH
zgCz$BFiiF~=8VIEIaXY%>$tJ&<6XS}EhOJ2)QBL2)G|E+JnXaSeg2$TS}K-YVDs5u
z@qeBR)eTL1)a2)>1<n?DKS#fn?R(yipFP-p)U7@5ul}REdq;pk`GDNhupq{rW(P6C
z9f&v*f%t_Akn?BJZH;jtK)_|Xv<}PZq42QuV7{Gt;_#A-Kb<%-`VvSlQVK#0bSL9=
z4XW)8NItiQPCDx2i@dAf#MmgE?Wel6MoVuSS9Xi^d~4!TQEXDVE8dq^i1bLCVCj`9
zEI@#8S8Q*HniHAiWnDS>W<1yx+%RL8H_gqxFVuKxh-}5R{%2Nsum*cm)?v-kcLkA1
zh>$*xZN?fa*b|RSND&cZp0;&6&k(D!Noc&uu5`PoHd_BgdNPVV5PetSw(E&`{{>}B
z0rc*}oP%#HjSa5-$ggP|xOwM4Xx&}MD4Z0Bh=Ja8Uk?X@+#}9GYN-AA9?U+e!GTV*
zn6$+T*b2YK<=rP(H7li@M9I&@0QZ}x5M7MZvSHUT!9hda8CNO%=V^eCaV~^6K+v{E
z+P(lA5O*o}j4blb*_Kc>-s7-a|M8F!Kk_gQ*zOaKJOWD9Vw}uy*jp%ZbN`TPlLH^t
z7{8kwv9HJ%{vG=B<1=MI-9|ew4#$dGV)i}fADyU$caJ+faT44Ps%y3So~7j37?82(
z8TF~Dmjo%6?iM%W(tthdJ($OTF34=NgIRaxeUM-ke~bEk=!&O}r~kpyNIr2f(-(!3
z9C_My`|joes6sn6u#9>&7oTn7G&w2TwzDjX*fAcaM{Pb*>P|lADa4TsbfCbWFkI>c
zj##7rNF*WYHQ78A<}~(cuka&Y{SwF)zNyTIpV7fjZNUjCZTN)k77|!@0=)O@1fTW>
zu{)CkG{$*gW}E>#g%=}`=xs<U5`Vmn_p^@?AiowTibybEpm;Q{N0#<SonihSfGdKc
z<+lv%6DJcBPr)mUD#6{brNN<UPsjNxAyXoSc~3!qu_eNsrlCZKnZj)*#!!-iDW6go
z>hz2zye8N-`Eg$dJ889PjnRUrBqo|P>)&@Jld8|d*A`A4Jgtc@W7HgfZc%Y6&-OE$
z5ccbE^iX5Q@98r~Ln<ijpbUv=m43l~ruhdE^R4OGKEPbuC!SFmF43lrG!Azlc|z}P
z%<I~};Dt#kv+qTgbmZ~Qs9kZJ4EEI{JT|}uA6R;W!DuSKc3G&Cry_qF1rOseS~6gM
z#(sw|LhB%s4Vh=^zjZb&9POR-J(57l{dq%A!_POUPPz~w_A&Bu-@{A+$J$o~gthua
zcEgIq$?Gr1EfKfXKrHruHnFBwbLskNA{_TJ(3ga#zyE<ajDBQN_4L6gHii(4c%aku
zFX>54^xMEx22Rs_p0WO~BY0MxrlR_*U{Z17zn^18ECrwb{Z;bdPn~%_ZIS%*d?SnK
zc#{vLrlVsSykC(1{mDEIUMQgKAz{sW!bgC1y;2eqSJa5-8B^I;f3g>I)pF?qh~#?H
z3}GV09Q2E-41H$4oJpjcCKy}IkQLe)e_ow>A+K2iUziwCH0keqEwA~-Y6=nfAATo<
zGWSJn_J3;1Pu*14ku~Jt7EN{>rZFi1FJHBNw>qFip6S5t7xR9f?#}96aT@Fygo;!z
z<)g$~1rD=!s-le;^nZM-Dus%-vR&BkYq>U+*6$FeIlyg=0<T+9X~p}HJ0(Nza}#cR
z;KN`SLDk26`%fvHwfKdS?VUzr?syZG2p^{BX&X3pvC~?w0{hU9uRn%eW|iw|0F;L9
z;2pLRu^MQd2;`EcJZW{xUz?A0W(|KH>OHHrFO7dxG&S&$vn1^2Y?q6$Cg0ha?Fqlx
z@?F9#^Wl|($?I6l=wokzt*hzmJN-&}rIDlMHPrYq(U{U@e0sPGpeYX+=@N&(DyMhU
z9y%Sw`H)QQf2FTfiXv1gmC<)ZgVvR^N!4G65S3BogX4bo_JSi<4{U=fPj*W4cDcL`
zTQQ4Jy55i#TipB*C~!AWXAEF&D)0673Bq&;Lf0Z=;D7xpf~!!(**@kI7p}OgbyuX4
zX0s`hwB_qC^6P7MQq2^oW$jfYfdjR-XKpi~B+{#>XgHrrpAPat68dPkI3HHIwcrYk
zJOYwCFTIJdlGlDB)&YMM-p=(DdEje4lXlUOhg*)|2cbsnc(Um;Y7p)c(t+E!n~|rR
zi-)mSVo8{|C^F#ZmPhzbW9L{@Q*6Qd{wP#!!u#XdFw@T7wX&B^qN0c{O~%s0@c8l<
zr)xjRa36mRo`l&{l|-qqb7yLhGM#zFLiYN}&2KGk#bZ<_*(5``GVa+Ucw@KaWTVMg
z+7O~zYVMBNYzrJZLs0U0pj;D_g~zi%H*w&J=C4#t7t9)y(yu1*da9G3!gqkAqyRPw
zn%^C(q7!-JF>FV-LqZL#K$!y~vv3~}(12}*4$LpGg7w$`x?e7OT1dZ9E{f39(>kBr
z=HrMbb}|SqgV1^}lRa&JWw;2MBysvCbBwurKsp1C{A;;<YtFq{`0xvT$Dp?tDWR+V
z0||3qZN`CusCQFqK4za^_s>yd{`S2T_kYt;C5r4p_X!l=*^@;fPEx22gJ?mL%J*uF
zh!G}m2To6LRKnmNfgJ>m0iQ*0IsiaHuKSCS)@>noe;TNHW=*&N0M|l36TjEb!P)DS
zOtlU&jInjCoNg+?^4JX=eWPL(dyiZU$l74}_>ZXB(FKvHhr@rTT?BI#QdQ=qz{8f<
zf5DG-y@ihJ@*pbX6zAk3hAhKsS5Nw>e^{bH#<5{r83p#@dI^JkzM33HS8p8Lu~3d0
zo~SwDkpYA~RVhV1=;H5;wu;4ni=TPt-eg~8<n98g@&DYvj+YoI?_4Qt&g-RnAs2Do
zgfZn-Xg?p%D-api$%kGz8QZidh_x?biSV@PAWxAOo(7zM%hJDeXW?%zT=f1sKqtIM
zIKBhi3SP1Xx>1VAo(KOublHVUL#qF@oZk#rj_swd*$2rU#xR*mU<fuo-hw9X=p-?X
z+5ooMkRfsePyAi_b8NeU&77yjcW;eus<Sd6Rx%ufSr7y<e#r0EI;FG!Y~py3Mb81~
z%L5J)U^@iA*+Q=l4f*z3U0SlXN+a5Th?f!MYy`7=p)t&j!!>G<A`g)-gC+Dtha#?5
z@}C=sgGNs`)03_c3$)8p)hY)<`@_(4u<?&QFx)Sj2K!ia!)LxV55L-}7D2vqcXUZa
zj_gPSox_3Udi;)T_439Q-Kdwt>c>s0y$dpx;NRM{9Ngc!@?QRXuN4*4nv)DhLT<0u
zW`*c}lL*vcRk=<^i{6!OblO)0oO-OLv4YfGVEZ~;$5_0?NS-i9^!L#kgj+Ob=GS}K
zvlI>zpB~!aR-%kY-!H++p!DChW`=;I?!c4sn_6)pZHE>#_Qu}lhD;<mXxPj?ti3dD
zhDOH&A8-GV%=GN$sTl5Jg70U*Pe?rcFR+6$n1LhUuAOyJ3_W+#WBA@|pkl{+hvbtA
z*F@{vy8n(uB!~*X;k?hXs|py@HWEpV$!Rp#S80BHi1ihBN=DjF;@AdVlF>J^vqmdv
zV`Wt(1p{HjN}1R%$$``1Z_8n%8;+rNB$rRBw5%}Ft#kw-=xpY`fiUutsd78$5-JIb
zXM{^>aO)wxA-yklbUQF}Hgf6fsr3nOD#9u`aD+RW5i1@O>?6C1&5f;T+rU4kx&;ph
zifs=x9I(A*{YDU^m_XGdIKVvc4ox+A3}FQBh4T;lktjQnaoK1N=grNk$D849PyT|k
z23;F_TGe5yzamHS8AZFd2uIXtsr_?M$<~-+be5&d!Pq*c<687Fvc6(uAZR;g=7*o(
z?BE^U5&By$mEhWN^i@y+#nKCM;1gY2x4HT}FAhbI;fi_00H7%zrf@!<sdMI>$vhuv
zx}AulOoV%3L=DLz55UXQfkY3_w+5Jz7nY0CnOHr2OrbdQ7o>X`-#LP}e%bb0RTr%0
z4t}bCh6)vikedc&;6^npCHFf-@!CfOqS6BIm)p;SgJ$RX|I4bsysv^at$Oj~b<(wH
z?iZx^tNSz8@*jwj>~gi;?dh?eQtT$M1o&|M+l-VHLXT}T!OE_nl=kArA9c4T&~I3m
zSTUY~`}6(jrWg0WwX{=tA;Uk?!@8YMie@QBXhPQc9=U!9NB_D(b;jG?uvVs&zMF5k
zhAU8nW#j2*s^fqqgaK~Z$g6cvD;?LSf|ltxr>MZgdCD-GppSCw>%DwD%u{#Ef)#JN
z{&|jPYFG_?q;H?6gXKDvbF+ohJ@Oe*Ge1b>R{AG_c^tnkA-8~OH;2yt2O%4Y6?R?i
zNvclXA%aKL(z{e#Y?b;w(c+2wx8zb*kAVSt>9!th9eIBwV2v-ASjb;n#?aLw5)4^H
zS+~pn^*j#_2j401L#9?i;GE)hI;$`)jiyGWy`7pnP6zL{I<x^ka5Vy5-I(rJPV%ew
z-Q<vA);JfFbLekA@O~CV-qZRhveAHa)Uv;r?EK^g`coQ+7fX~WA4wGFx5R9mFA<6y
zZnIWcUn7*xDmg?-Wi~9=z8}2s--YP!8(HMdSprUz=*{=tZs~Aovf`zFquRzl6IUlU
zRl_d(yhoUW8RyhYl<(7&(4c&Mb-UI+638g!q!1zfA$;qtEk7uda2I@*9?975$DK11
z*w|^>pDs{WaNp~{X^%#lpQ@;%GB^~hPP@?HT7WsSjQAO$pV2hdyRM35D{&~`q)g-a
zvq8RPP*XSnRfMW|{koo1wUp3VrU-|66J7H7Wmva2EnOIZd3z~UQNMZ;i*{Y)0;d1;
zUOA5&#?aBoRfUJ{&MX=q{mSOSSY`+oy!HRpzVt2>suJRN^sc|)^bIpExbg~fP?6D|
zo(t(<>ysQwX3Y}iEs9HrYMn3d?EKgF)g1EDG)BRD^Lc5w-#3|f9O1}uU%KzogbG6m
z{^H))d&+4@`|H)#oq?b12eKKyj#=856;8EVE7w7zQxk(M-?>v=*M5*bIlMkpM!`&<
z3{jnyG~_VxgWly6{)H_M8@KfTWR91W(o!jJ7C}+30w)K9$dRCrYIbE$Q^>*}igDB8
z1TyFr-6gHt=6d(ASNH_3<76ziMc48h<(^{A%cF3VvCTOmOH+dj*_VPzif#Mw6cC~i
zu;uS$(<!|}$x9Ih;xTCXBu~25pw5b(H{vgfv&NCr$dLYRV`>=SYM@H?Lqp7)|6y;S
zX180dOa<TLo%|nWqX4KnB81-0wk`M~M1yq88-o70jQU{0)>JJhDJg!i2zmQDy9tbX
zMB}#<=cz2@xz+|~#0{dOVGGc}qy(O)s7rM72$gBdkHZ-W9<78-cvGz8ssmS2uNnq>
zJHz$Q8}ADcnQ!R-Iyl!!(r*PK#a9=}P->e8Qkw1drJsnK9WsTdXXz32GiUp9Jfv}e
zv}s8@!|TTva<k}Pv)iaEp8G(bJRm&lB^?FPU^L&CSxALk)URm!9q(UUe;@bM7>pfV
zzxw$nW0!DMhCB%pS9@uz5{DRLm?eF79^QJQrrm0Pn=nnv$N@aQQdGY@lItH9kir0H
z|0PCeRTublk&>P;s^Ry)wH6}mo-im4AYLPvwrzf-0yOH(vp!wi{8z`KP(`UW4teta
zpC+HtyW&h;<?TfL+rW35fps>2!;X7+A0ZfTPnCz$QPwF6drz(t^XBt93n;!Yg_OY$
z_wZc@-dTZ11OpnM=(kTSh3k=D<S=Kfb|lq`ap}**aDhBljwZ`Shf$OuFBFptU*zlZ
z_Y^!`Z7v*{z=(+v5FdXo3k80+la5Iq?p|3~Fg*flVES7034<PTL2ZZqD?(O9pj-F6
zX++L8{bx4VUuchkp61@WBeMV0UR{yOZ#e1gH{{eDWYoe5H!fu1M5p8teNuRR`Z!R}
zd~^`^1vg++|9YZR#S%|W!(G-)aaFFmtpJ5-ak6KcsVy?{LxZHAAV^{G1)(?1(BU2z
zj$cbNOnA<+i84az5)bJ5Xn_wk9lS&wFa3?oW0e_o$_DznIX&=J2MJlSiFku87|CjM
z4^POQe3F$%IyB4%;<y4ij;70mk3IbuIR1L1WgVHpLE5(jfX<yY`qouR|Jzn}8hMRs
zyo5cr(cUv%z^7+fG-pt%w=uyA5Q#N2G2U(;|KN;?OSJIYS=&94*zTO2kl#l10Jncb
z8$r;9937zm^`}WudcEJSpT}w^cXNThZS%wsbKGroN(ppjgKIad2^g_}06+TjKVf7y
zd;flNFGfDeV6qk3jK}jNMwH@H^uAJ2#XD)^y}GVgD=$ZdpN=1p<^H_pyPdfvUn9hW
z99janDq5qFU|#G(u+Nk2``i(sH~!li^FK2k_%Y7@$X_M8eA5;s0kpy(gM2Lb2KpaH
z$ImW!gi0kW5N+NuTQD-^cOY$t84S!Ju8|>(=>Sm5-e-RY1KImKekkF;C@uF@e<i?y
zb?WDNqgt+f!I&9MgI5>TMZ4y0^bTRy4kx68H%mZqeD$Ngzgvk5i=I|`@Xcnc-;8f>
zkc5on=^A`*$u@FCUaTNEk<g=XdJQd$W*5esa;e4R>t$BcKA3u7RHLv@p+ZuFC;BUR
zO=Pjbh1x?Y2K>unvTt9`lE4i=zCbe6kRhbx*Wl2EwQb?gB@3o<IS;-DKRcuC2kGNg
zLOLD52*NsLd?jgnD?xmtIN)=A%(04}g)}nhw3yV>(ScAkEPW?<pJfNC9nmO4HH6}q
zl9N}1pevT)i*biU*b|JrFCUhw!`%_R-G`n9C*tI?7ipn29XhU!Gdv(0T@394Ep`I~
zXPC1wKfdUz-qyJy=r&gEvKmFc55+M5#9b9|eN^y*K8Cwx9A@oH@6pzy6I72lB6XZa
z{6tz%C_rl_ek5z-h3Q$v$Em(fYHA)YEs>8&7P$et6lh__*w53lAG(w#wvHNQn}EUW
zrGcohrh@4AB2X4!?-14BC`oDn^yr<fPAs{zed-#%`_|iLC@d0L<YK|Qx7jrVR@C%k
z%RIMe2AwZQ-ukPGbakZ{cQvVUe{Y9{QMwo%T*rs5l|y2Dlkd^^CwrR3oY~MB{EAOA
zdWw$c$ntq-`{&)kP|u)d@wLlzae1(Gjam(&EeGm$b3bZV)8czPSdJZT@6N#cS9MbT
z;n&DU)D{;8!Mi0YT*mh?BL4v$^Y$soFLRtD#xp>;X3)6*I<&a5QO4&F-HSUhU^(;q
zErTy=Ud}8;0e*Cz-OLS}14wO;C_}S9P*%Fkb5u2qfcFTWi$&-f%ZLcTD!uk87axT4
zNw8s09%~u*$71dYbL*&1kUlJk@~Ireb8p3NCsI97nO#_%yZUE|@c&B_U95B!uscE=
z=R&}ZN=+7Kl+r~elN~1f`#c%F)xCF*G2GZd(UVu$(}Y_>lp~VvfV87b0JrYUNK)}u
zFAc}4w#OMZUH0}MR^NvC6%lGpEEtuaO{kDi!OG!gCcozajq$bi>Cyg&kQ&ef1BIl@
zKyl?;h~2Qj#1|yb&%@sfEx*HanlIs(6_<K+^7r&V4trc#7>e`2E4R(HsAe4JB{?ch
zgUNEMWL`O26daKlm*}H%)nXqaV|JK=@gg)bzXqdtq;)>;c*>atAl7;JCO>Kcu=-Xv
z8l<ue(d1<&(C87D6`B3#Iqxl=eXd(#!S^G=Mn6R~1$}0O_R*TjEA=Bs#1=;<YdH+u
z5-Uhe6us7d>=Yx5qRA__@ibqMi6dN?*9dP7er31Gr+kv@xMbv!nsL-K<W0rS!fD5(
z<v3IG^GufGD7rz<_2*G6ZDv2?fdltQ`@2ZN(P16D$F<u32+eI#f(*EzIVc~9ZtIK@
z8V!&l1Vb_M%Na}c$Ir9Tb90lgFrjY+Fqk_RKRbQTT#x<#YZc%)oFO^^9bAH+cqUYL
z2JOsf#2v0HbLH6sw$pi(eG_c!6>*{0$LVyhkL%I{_KRPA9wx<x2|7ihuRRT2vKG#2
zZ!8oKW>{F|stsS_g8GTDbclSJ_46@0z0>%^Y7qDQ>UXy#tH95s5T4zbkvrR<=osA*
zNI>(Vs9I#P1Rlv`ssK>4t;D2-c}O@XLBH@AN6cm&&ES`pOZzJxn>AF#zEUP(`Am=h
zy|s2u3p!)Y8ZwtO*e#SLV3C62`tZ?oLA*u;tm$hG!<A|GCv*Epa28M?l|iY8iI_Xj
z%cdccn&Y>nK2BS{_3C;lSlKK61o$Y#q$;_<O-<K)s~JTO_@R67ffPhSzWUw{N-SS`
z*>gk(6YI&*9pQ_QCiG}4eB&_7{;2u&z>K{Ow*;{r?yCxUD??t?_cF|R%bcu7BZDUM
zp9SN-GSS#C{Mm6PhJq)X?)<qzmFL~v-<7(ykU*Ymv(bN+iNaPt)M8C;Np>^77}Z3T
zdZCAO){*W!MElWbt_eaBOa$^sj|lnQXc5;5Gc{g)?<%Ss^jWCy@e|{h8M|l)k%0cw
zyJ{z=f%Tou2ua*3EFSB4YY<df`#P36&kHkihp&-+od<)3xhn+^r$G)GH2=K|(0t?o
z==%s$IZOm?Sif^5;lz-8b$D~xA5)a>JN7Iyh28(2;+p8mh|864n9WK#8iq*S%Is0%
zes6CeZbhh@kWi3q=c!hmF>2t3(Ue+q!048>Z-k&Y>HL<&t$*5eHsH7Hh$J*x{2|a3
z9AUtz2Cea%lPzTcw<Rzi|K)_n;{2iM2mhbkrD!@fTpXUv{9xU;D7<f*y7E1D)yxl=
z={HfwKR>#nO<u68e#(2?fsY`<T`QV1?ATp1JHJ%Q$5>)aD?mE+wT~Zs%KFDmTEkjx
zN@*$z#L$AW>%ydPOlqwxGCzq==x<ESAsT-z>?FWs10B7?e1u+&^N>**8ul^^=hH3q
zLN1WpT&noUuP9;|YN*3{0|N|OBDVOixlOc9I8LOOVxIX0BTJLO=P26TP0~0UO_pa>
zu~E+(<(ZkUdZF4cUk*?mw4%dVfAHV`FSB}{Flmoyb%CpPt;aq3bb9wx^`=-=S-DlN
zwbjX)LrIq{H{ygZ8B$tD8A4H+d7UWZ%EgFZE6YD1KJ^9-N>g})@1)q!6`P_32BXqP
z|H?OT9p#gRYkxaTi1*$oD5nk_zIPu~^A6v308X8R{;>#t$R%M%KPa_~qF#;moD%!&
zi@JPvKXL<+NI3oRMI@jT`o`mru6bZ?G+~G>;srVl9AeVm5;^ve^g#~NpRtBs-s7%W
zgvT+g>*~QApXEF)2!oV0=??Vt=)|y6yT1P5B5<D)8n;r!C19WE*-niPPrrtzjq98Q
zS2D6)s7puu0@$*3D$x<)BGKJX1QiYAaYFbxrea>lNZe8EIAud~bgs_5_SlX68VJeR
z)*7mC->m|2t+QyV!tipijEf=gneYctD9q(IuIKv4r`c{r`XvBZWei%5y7`WxZR2x9
zziq>F0ln(iKRB`nPd&#+T4c6O9S>yaba!aH6>k-IoSrB1e&>RD7i>8{h(BR`PzDgp
zJjfDPGamCf2mitHU4aFM5*~vlkTa`b6>@uidG>_wAeD^cs8YLEwbxDilK7DuXP{>W
zG6vT~$>9n@UeTl7yk1iRpita*y+@AhsC;q#up67@rToGr=GI-5%du9*I2ztt^J^?)
zYMgH-)wc71C9X#LJ~$HfApH&3w>fIo0e>Yx=~-=k*G1{V4~t7Zes@rn4(^@ZOV6+S
znX?Hy${99RipWN`zXA@jUh8yWP4C4$E?=!1|AiE=Cv4Y@DX_kKZ;yA($)VkM2c@+U
zqro>0_H3DO?4=9vm#(++vT?^hyUl0i{(sdT<cYlz{Q0pjg~C?k{O*y%!fd$~L+@X+
zt1|dTo%H68X%9OIkjQ{<N2w2sU?El;!uN#8(D5l)eHGFy1YrgYL)Tq_o|80bDi!Y$
z2QxyIQzX*z>kjM4pRB1|l(Fr^o%2r5VX3EVm!lD}r(=V7b1J;YG=u?Ppc1kxDbaRe
zrM1)eI^;Q4D+61@P?-8fc~t4h_bH8yc?&ohcexBgmnh`Y(YQ~ik)dMm1Yg$RDri;D
z<`RuRfpk-FKV8u-PjTOR|5|yBh6r=utaK3ZV==sMWW3*w>Ga{iA@h!)QX>rZ(tPt-
zQB&mWWw>ER#G{uds~xWLuRq1nnBmzuOw!rrodo3{oaJ}HS*kO9JzEYt=J#Yqm3qeT
z1e~qTuYpqJLW+tO(lQA&C+KVs=Is5?KQ+R4I0a-6<u(`Le9ZsNG3=JmfxzhL{=w{}
zLbMMz137;7dcWt8u>?%ym)tP`yoYr>qgT7JxqyLl%8_;QGKf5};PIze7aBE;Oa#lJ
zb8bn=t9_ofqQ6^J5jx%%kJaQGgS!ffg0uLLrN1hWM@*Yfsd7hNgV>PdgzXN_V+`bn
zR>sVDp_OlyyDx(<_?c?_gWX1h!iVo1Yn|-sX)m#zQN85}B($WMS8Gv$(Jouf%MK&S
z4t@;0=rH=p+C&%Gnvf|!S7NvF9xgvx{WzPk6@+vXq4$cL@PLfb_Kn7Q1H+91rlSDT
z%2!4uKPLaC6_J)%^!hnT4{9!}ynfbyluV5-O%ynFwT}X_lzx3&x0Ja@VLCQo$^ddE
zR_EP49@r<*SC(q(ANL@hi6!!S!u}y@AT^$N#_n&_YqkQD0sNd!)2xpWE2o)5IkA8$
zixMAhNpQQr@=F1N1Vcc8bMD{al|hF6QFxy=OF5&bC@yxU7$okn6(3KYK<f08$JgxG
zId1WB(g%bT(>K#{h-E>H%Y^ME|L~~=oCS#0I=iX(dR)GxX;;nI7o8Xsap{sbG_Y?8
z!lE3viDtSkKJ5d*bjWq3m9haI6Rw<?{}?~X7;my`X%VT#Jc}va*zx@fE`JQOB{hzE
zupqKcMg5?lb|WE)5r_@D8YGF72o!=NX{ph>qHVOeP{+@y)Myp+A9vt6aR$7&$Fhu1
zLIg!Mn=@C)nXU>xz`Fl6r&Bt8_gU*FQ?vcc^U@e#^s%TlK$bXP6J0lkvqmffY%@61
z;<5DkM`%_x8&g7{55X?+bm=2sBvJ!)$-!U;a2COl$~=IQcsi<pw|zt{*m{kKBN=RW
zZ`y%EFQ+~|3t>BCUiweob2U!<)o2dH&*|r6__%VN0>wFwWg6~W6+DU&_Q({NYJ{K~
zkIj`dAMl0;(n##w7gRO)q{5;cETCf`L0CbfhR(q8-nT$8F{-OzvyA%!7$E*h<z_Sb
z=ES^lry5cDH^NAzFC|H*ju0jtI}MX?040Tr3ce!(v|wSBLl;CxP%C3+gQ9z+@I%0=
z$f44DF*kuhB80wW1Ltf%OF0vr&d2HZ-AW^bRdN^F3bSmlmO*fLN6EPVX918tOKWRF
zGT~k!9;kYl+dWLoiTY&H51j!el%jKGUN<!vs5kx~oAno*7Ifk1Avudz`IJ3mY>2<9
zF1Fh)IG=5K#$~n!9T<OHKv6Q4^n!UJp7~rs;L~-#VSl~J9bWVk7)vx|qm9L~Z9WZQ
z6WIFN5NV{3mTOE{uL4N-Qp-epXMfS(THS%TZ>h>SQSB*dvNd&7;6ACKZX6&(cTP`~
zn=^-J=YpxoPGTs~5JE6no9;AmEPE`j64)v$EmUCeiK0)<mpdpppYr|LmNm|F_wrtj
zP%a*O&bHK?g27zOjDKLWF#g@U{)}w`!v_A3BJ%cP=&fsD=!b@W;k^&`6))p+(Vz`v
z9PV17*l~lzhO52>jElsqwGWXg%FkO~YOaCV?+EVJW5{^X2i{tUrTB>Nq+8)>zpT){
zYSK?hg&&i;P}^P&lg-M_&0e668b`FBcu@3*9eZ~W#&rN&xn-({t@M%ngQU0jW}$+{
z<d^imv;bgRX%T2MTMX-oc6o(c<}(}`RO5Q4@CoLcu1-pfS6fE@q2huBddN{%!jO$x
z-0~{5qCMp)5UgaQHSS`~)^^b5356>C-9+JK{U&-5!%sA-^oE>+pgb|#7(|J2nOH)j
zLiCuDh7sIj4QJ(?+22W@fmQT~J9d^of3X>xF_(aozp+KH5}E+Vq(O&=c#<rpDD?w!
z>TM{*)>c(IgiD_HYmH*v)b1hQw&$@1FH3aV^UGy=LD%zWo6>)C=CK)a>5$N4`h$vq
zeMWH|-(eF1+Rp~*9NqD;ew$<V^1c&nmyI5e!`eaGywYj27yZ}X!UnC@<Y)D}?ZNi*
zE9c;N<1j}O`M&1+^Ep_?oKPAqd~-PO?T{Z9!<Lbj@45PYKHgX=3U%0cXR9}L+nbfO
zp+*rc#Qf0+w<G>#0GNlJxHGtD!B5i;Z0x?a^49t<PTT%Te`KoOExnATF{WbOXjE}u
zvA3n)E)oka#d)s>d+9dByXw{n_ZdT?uuf~XYdkOeADL*O74PMJG5&{KyLQ>kMcOL(
zSauVIZbAu%*TbpYKUlCv-0O(|KlIUHB+v2%6i>0S4y^#5hg}^4LbjS+AnF-%0qrb=
z!t`UN>jg>cGO+gf4!i@h=Aad|5*+dn^8#bKjUPX_9}=l{e02BO%MOa=CD6M|>ecSH
zA~(3mXXIJxhpSC=ZQ6iR>-pHYh^GKp2WGj5{N`*zUw#YkhTCKUcA89=`3|#ySNtx!
zLI@DoMwH8m#t=wVR@>D@A#P|u{g7;cW)H|US%L(pT&r5SR)n70GI1d~VIM9#LiM=j
z7Vr^K9g~vsQ+_)VHVfpDp{GnHhuP16%n^#r6TxKQvAo|6L9J)Y@IUm@Sy=|wNLbAu
z-0snDAmg&G?><k^xZ(SE_S}*2yl7{Xd)Cl0!$zx44<^;Ovs@?J$KF;*`E!(!?}m&Q
zX65(D5F~uX?;-xS%c?U8gJdbyf)tP3vJIMNV4X?<s+v2E7P#hZ??XO*#kC1{yjZ?p
z@kQr3D8p-0am?5s-<}Am0xI0?afI1RdECiJqILw?B>GQ_s!Y;0=^;Lj_Hd06^M+gZ
z*y7GI5BSSVaYqcuYTsUuPdv8~hy`)b(wmgq)`|6lq{#RSm(+S)<a4R;V8mfF&{yzS
zBi+>UKeHUl0K*I{hZyK1J{wj{i81VLUnRc7#g&rgpz6yFII!Ix{XzWV%N+E;G2Pq%
z6qcDK6(t@SiY&T*LJlb0y$}dCIER4}E&MNk^8sMUg)Og$%seDp^cXH?$!7lAdm=s}
z6>ABfa5d(2bX2`|^Y4H!8}%W#sYABZf{!b_BGD-?c?`SVQ#i?buYsY=C+WWGchgVx
zQ?NYgII3AuP#jpuJT<p-S0p2knf=3PF`{QCkL%G?^-TKEf}-pLVu!eVgn`cSUlXu<
zQ50Tp>9}i4?<Ay+FA)$ZIC?HIllwIuFe!V}<~+Ipg?FXh99vJ~Km2B<i%fq#cb_lT
z7Bd%XquNACPNQBF4^N0~<b|&ImEi$u!SJVoqlS}@2CU*^y#?>SU3y+OrnWCOp2Lf)
zq{C~%TxKXkO>~H~1?6!fcWug?6TZT>_Q_N^1fupOg++vkfWhb;Ronya@c39TQvl;U
z6G`AUnUEB}U(8KRm7^k3$uFujl_9DU*<4y?Z$fqH@|Xe`CcN32#iTwXJf&2r4Qf!y
z94DVaAAgWgw~`ao@QXZq$4(wecV0NC6&DpJv}KGa%vMvu8tUn7-MZHP<F0Sp9_wP%
zdhYqC!7P)o^tC?wTpFD5=#?6&irMNm*aXcL`k5#5;_0A$W2wy!j5nEr8ae^4qFs|4
z2N~hUqqq1n;wA7(w{lqHTHO2dpvX%QVp-bo4MpEyLFG?#JHEX&kd+5+teek8h(?lG
zhRF2zR=VM3sl$V6Gg6OuWX{i6&_zqf_g;KYz|KKMQeG;A$BC~4Ir@@6O{6+l&;dMJ
z8BCIIua2FHLmJ^Bh;NXy(2!lm(As-?kiMI70+AGSH$35f)jqVP>gTTg@e@MtlFl*B
z$zlWb);-P)X@f`2W^pqqglc6yQ1Qhtt{?@E&-)8C33#&KC*;9%4VYzX*I9=cr0qXR
z?X0(?<aDFEBcL3ZcP&etvBfa72LONdnm)v?pp^LQN%@t*pym1<M!_Bi%}G8JIKOE`
z<fpqy8KJHrOfP~49Dzxr961xt2erSSaNr8xfl`2?QD_Io!uO^#QW7m-FP!7=<gfqL
z{d;OmphjD;6r!hEDKc=HQTRiF!P(!H09E0%8Y;1*o?Xz!{lPoRv|pCZCiHPT!Y`J1
z-`J~gswoGOkrOIae_21e1B{x<%-;`^Q<3^vS+o4=ih1a>9vpYR^DeH~C5%|@aA5Yd
zouBEFVj(j*eDucw8}L?+#9s1ZvWQ~DxQ|Pfvm6OT-scF<k=4^q<xVI$y>f!X(F~jQ
zU97wL5FHqHvT5`(xT1#aD=`rgf!KFaL{8Q0-RJMqj9|9c6nfakJMR;`{%x3qC;5Dm
zrR!|e>LD(xIkdtS8hx%R&&|*!mM6PX4x?ne%PD{gdGyTefX{4`9^7Q%-C7n;Ec6X(
zfe~Tdb#Y*bA|@)mIG%Xc2>FT_170>6scg$n>Sfn`8zy6xm%?1Hc}<iGB{Hk;#wo))
zt+jsL@GTq9+--RE<*xj5nMXc45h;k+6DdVUlwq7Qm{Myq?%mEyq7>F%Dk8$Ni)iXe
zOe3ogxQ|;n)N2SuM9@CwOve#99el~rxunt<e;;@HTZrC*kwA?52vVJ)Kkq+azvQ3&
zz|DKX;L-Xw7hu3m5*eG2wmTCGDi+4)+gLp-{oN{>)AVAQK!6@u$w@$j8y;pzhXbyp
ze>%5dYJdfW696dU@hPluo>qbVQ@6FTL|nO4YVh_FgeWT&_qa^7+GvlQKlIpfyNFRS
zb8N6iN838sS%w)To?zod&_DzVhVGL^DI<8}0&$$-zixbX0uF$*hW{p@v-U%KOvP0{
zpIBkMJ7MG=_ql2mP+GXYi`@(k3Eb-gr{SzBc#kN3#!w{}m2MKw7jgHmQo4%J!S}VE
zz?(TR_C&o+8K&^G8&9lSz=<=%H$$A_iV3H`zw}c7T6&1f_B){AM_H=}d{|iQ%p?=&
z`%upMqZk)@y0fc}=iI^3I}%%i@l;14O_xUI#V=n1!$bRL9r4Cb$KA@X4bJ*Z;rbvT
zKHeQ<YFr$a7OEPI_qn|Uf(w5TQC-o$e<twzLYn(=D@z1f-AwMw+ln_MA9Qzhu5yPo
zs|C|yzJO4xcSxUZzcBXgr^<uS{ew{%`+Ato&;GGL@IIseu9fYo`{p3TN$PDAW<L>L
z13a6_6VIP2LAPyLh-GA0lnaNP-GU~HYxc94t5qVyq}`b+j6wq#kME^P*zLXHJ1=P)
zSaMjod*ArBKq0dpclOgZ6a_5RQB5n?d+FsZVb>V*W@`zbq4LD$-2in4S90)EV?s)`
ze8%7@<$;{nE2;t8!jZ+b?IJyl^}x5IC7_MQpBv3H_b|@SnGeY&ww%duwTwdnL+hJZ
zbfsQ}v&4V;ZOEf$nkCx`M!MC3$T>0#o-g?fCDA&z8`0zRI!&;CdPvBH$gDoLoz_kH
zLXq_x`e%9e5iM6zVFwSZw&yOHX~eQe#K8lj4A*5Bo2U00n8bEF@NK+@m7uNK4?x4G
z3?Q^Ml8QR771?@wX~PKvoG@I1%9f<peI^Ib)Xw0vA>OfRD&^NTQrfCcJqB<N8TRX8
z5P{udmar#Fj8DA=3F*)defEf0fv+@_BmHw0+n4K|gdSVmns%xo6Reqg-=6%>AWfXY
zkQ!I5W9382_JNxUIuEQv13%UcJ}nTy(qBP!moGX(ufv6wFUn7VbIR4izj3?4@nfnl
zdD$uVEXI*_T{CJ6k(@=bg9A&>hNSqjf|@Uz3C#*N3fHH;%iY3nHCC6Jf+oBjo15^Z
zyziZm(yiy_%?@`872s}8v1dDcS;{`&<&MsG=oPipHkZL)J5(e0+xPI7<9uw_qV8|$
zTV-99S$|{CXMRCWngqfLFiAw&n6~kdI@M2lU`MDOBuV5(vrF2R<2!c6cme0~4*D$z
zbN;h&Vz-fAP*m2B5)DxO5yK$>l4DFS8FR(7!9=+WfA0t*XH=AR#LVjN*J*%*XZK%W
zYDTKdv4zIB>>+bges@M;o-ZI)ii?@ZnJ{Nw`N*EyrAi3zRkSZlV<KJr28wTrNuZ)e
z^F3Wcky;_@O7`NZ#Qy)}q`r-UflxY~`;lHh%px70^-c;|w_G<)HFE?!xP@>LB&DTq
zOEj1WF_gd1fU<tRYadKV=jZeDl$ht6_ydb~bjP~0pz+wDT_BiUIs3h1FSTXZ&8+RD
zoP>-dg2haXaDuoMl2rUFgfFU4w5QMZs;z)v|Bt5c4rlZI{x^%-wDu@kduwfCv{X@5
zimF+A)TljU7PYHZjZlhKYZOI|*qfL&ir8Dlj!2&8oA>8;{r<_7e{wy^opbK{+~>T8
zcib}yF67`f{A>=!1g!*5t<$XcW-7_z@^OkLpHH=eSKSJpLE+fE_n*xBU$6Th3e!|p
zdY)lR;jsv}M<Ox6fhR2VW}c~GPe&vR9K8H{>)3!oHI-&RWkBX^&U5A5t{7cT0`pV3
zjiY21;ia?=dAa+A@;ZmHxTO1G%-Za_y3{h?<dT%?hNA-GduaR`)Ft!D++vhB$I4=N
z$zxjsds0wni8{}@joezt{gZ}E0TZU26e^}o$Y4Blc(js{{qZ&jPMxeDs%2%o{6fBi
zod<&$<kn%RhbEy>Q_lB?GNvG<u{uw|-+;iq>wSwOsJ>wM6B+-sAla(74fMg?D~m#9
z%Zvj|^8BQ;_}&^LZE9HH<75uVUlt`3LDZXJ^3eU*t4Glbz9WKyUN8yz$0$p&lq|s`
znbqe4ib4G1liRS>q%YUpJ(*7Kt9yoeX3JjP=jKoC^cD}hQ^MQdtgxb~ZV%%<CLR2X
zBQJAz?a_YwNYN7Q<Z0J2ynK*Vh+lEm=)u9`!mtY$A?spgCPipAzrOj2e+1LbS-@mm
zr;B2Sy}1TXL`glD&iNjSH)`6Tj(ND<qCDlfh>p{5Gm{)DV)lHHAE1TM5El+19Uvt=
z8Q%94pM=3ePq>%PY*x2>qE=g-VCjiNS$J{vH{@TP`QJuHTq=shCG`9Eh2+40`~MS%
z;OglIR<cupPwAv&46PEiYi(ysjVq5hzBrjJ#ZuG6)g&%=&3ZBo{q&NPIjpuZv>7(Z
zA$TW8LBEn)es*BHt2el^fZUBqeGuwyu`AYW_j$7g3`_OeLJ=JkY-q*<_s%@DF)Puu
z4kJ6>ggKou<x=Xzw4%YnSI0-B2&`Ek@6k$BL9kU3-S`))w%^jO)8s#}Be|)O2qx#N
z(7vT}A6SUF@JA5|cr@aZ?1Rugs@okQ2-VA^u0ZT@`3C6q?^iGUmPRw=604lhwMM!>
zQKl~%xr!V-$(E4NIA#=RRlaE(55YJqB+mZ6`U^|+;9NBv+_)s?8F~KYiAy~mnfBJz
zx&Pu&QFsuGk6CL<Dn6*G)eC(UiN}~~INJQ*Bl+M*&#dW|Mn@&xV<rX!j)G3<VZArO
zuz`uW+P=RXUDej`LJL9##fW4b#7OM+4I>t`%PKT0==!ixqcBb|HHlTlL=}zV`@y)s
z^xefyw2MYf7Jp^oI)W!YD;`RvXW+aocGP;!Z%@ub0Q4oZe_^zjXfo{IK{^c6Vcv?W
z(5Iz6AfRPQ;d($r&!qa?;;Kn#Wl4q{mDZOM#)4Wlz;jNneOBWNr*)CNHw46+%A(+0
zGbsKPSGCXD)AAqPKJZ2j+K!*T|MuIcFnDnB#akA|9crK1F4`GLIQo2lDQbY8&r3wd
z5fNx%^+g%wcQ^P*S;;eH&oYy2$8uBZRNhOUO*Qh7*U;O>Ds_Xb`VOa{PXyL@Pcg1g
zQk%kHIel=7iQRw41<_MNE&KXp$|lM5ybH^VWqaUy=O-DziFc*`Uo%f>s%OXj7P8Mr
zXgKC4K56?)u15YMMt|D1M5VjL*?<8eSHI0)%+sb)J@sdc7wB%pI!Q}1KhL?i97Zz3
ze!@vp$>O`8U6#Q&#o$=dl{LUu^i2Bx5nc+HuHBEw3a?p3r@T5_X>F>N!c}$0@h9A}
z!(WbI_f(ShcNN|(7B8y+b-N=K7Z=;^whBoa{L3zN<%W5+W2$`KjmVaRiw3cWDKa2D
zHYaXhST0vW-7LTQlVbixliB~vcM8%ymWTi@s4p4^aDxJ{p&Fi*7h&W_)Cd2d{(yz0
zsAK#qYTNIzpFW6%s)%G@iMaMBo5}cx=aFp6RDChA0m@in0wP+9@hq3B!2Zc7<dq>p
z&d}i3r2u&K@Ey&nH_1Cd;q6uo?)5>`5BQ`EEqfe_L3gAA>+<+*z1*-A*ERWZ;)y6&
zXYeMm#I|WQxiFy&6EmPUkN_E?SJBA*?HkFd@mn%zzFy6TY+J-mlMN%*Wu_HEaafK*
z<sr|Dva4dOJ}WDqj##w09hU>Ue+9UB;%e2Y6DEvVC@L7vZnR0St#<wnrXF+Fj|7q`
zCMp90#4@xM-$b;^T&>m(VO~j$NI<Y&=)VDGS$KBB6ga{E#j@jPVU#862%1M>^rsA8
zeM>_D<-yymF3P>d(ECAWji>}`1p1#%C;1f3ew+UtjYxa%C(Fvek~$i#=30e@p_P9|
zztA2iMm@vtyc?wtp+=;y92ZtjLrugBKX7Z~Z-ax{W&=e@JeFpA8gmkeu5}@@l<6+5
z-~QfPtf*>AgQW>RZRhsfy3h+&LA~n$u7kRhO<UOE6(=rCck26qep`RZZ*mD)CZ1{@
zC*Wdx;?bLhVERn2tOxW?Z;0-W#b6tw3+5Rw_^%;*+0>9X;~#J+YRPE4b@o|DBiF=t
z{HQ4;X}ZVl)s0kH=l!6A>qA87RZ;d_Di0qYiwk6H9dcneGndNQBfq`7{fw94#IYXS
z|MNpcS*lrGTtn;iVnaTq*)qD^c=y8zzGeF4>D-T`nBD=?m+Da6IJ2SjnN!PP{QPod
zS99Z;#xXGk+Q|<r@2%S*$lt(m?@k)-YJ@C{-dzZoE`)lE?|c|`7yZ(&%J|I^QHO{p
z=og`s6yFNbt9MXXwuiKlt!HlSlp95HzlRL}LN!RHf}YV~Dxoayw51bveM52Fp{27U
zOZ6^{tRx}XN6Ayk-)jQA^)XJd*xFQ4>*A>IFB`P*u55Ry=vDoOd|$SrsnsOY$P-QV
zE)-Qxv_rgvRW6QyDs;VRF=cr|YQ59d9(>@l_*nIqkV5D=I-HCPDX4uFN~+wR{@^3v
z*xh~Whp&5x7Q@wxRY@7$`|K%nF2s2Zf1gW8t#*#v(hhJ2ELTCuUPo6ea;@C!T4}zR
zD$i@q<u?7%r*+!S<%jxaGWF+y1I}}`PFcTchcb^xQLb+l8NBXwWNUSX^ZY8tK^TsH
zre()5*3-}So?Ba%VJ$mHfK55a-;E9^As0c|z0WB&Tz8E3{Y5)VUz0tyjHO(ax!?Y7
zO}ou6wC!!|A4*6=73OfYdRFaD%{+x1ORhT(bFTh-ovW_=A(*pxHYex9T6|Ky8FEtY
zzrkJ~;G+FHoZ_NN2emkouK6Z8k*>{6<P37Cs_A01IlYpXG?Gk$HShrMHW*F`L$9R%
zL8p|Sqg0Yo<(Dt;v@?CZ8TqHZt(!7Fuyf%Yj_}|EgG3(Njln!^Cegr0+nwab+pB5<
zkWk*7dBC&;Yr8HtrQhJ$S)LA|r6e{uT39GXP6Ju%`Q$+c+nQW`_gwq3$NTbWznV~=
z^3-I&!uuYo^)QB&9Y*PDQ5AFXMig0Ak&@W#iJ&C|!jN1X?fDGAqxZKmNhz)W1ia#T
z0t-F}(Z1N}Qk7%8;~jmEvkH3(zgnd$KBSRf_{XzOP;fNieM~4L{s%*HJR4=S0!f6M
zB(WZwOS0+({Vycu8y)L{rb<8*&3^9&na#gIIfErYXb_(DH8}kdAq}7>rb1AN-IpLk
z()GI0oOVA;Y{YKV-lzJnqRM0dl`u*GUd8z=b%ynubw2O_$B>}jC8>aO+bM$mGB{3;
zD@F(9F+#F(ZQe$B90W%VqOx{>k2o<fT_oDs!X^0iE{DlQ58Ph6NHR67pHx(@MtUQ%
z5TULRNs;Pfq`&X)^}W03&ScWi%e_j;!2AS4A;z2LzkG$p@S;Mp!fj1Q&R%3Foe#-*
zvTi#b5Nw4-`Uh&BP?o(yrFI1c)DB6oX<qQoRV5F~$4;$zrNQ(rzh}}rxx&-wDYLt1
zvt%^aQp@nUoJF*{QH*Ff&M#Ln2qSd7Eq=W3*-GdHOxhvcS;%`~JR9<o4#AsWOgHh)
z9KH4${_bW?G%atgT?1j~`$1OT1}ksOlY)ZE7Bg8a7{Nz5zGn3(>cI8eA6x#p-f5g}
zd2}3#R}t`*l~mb#S_T&vPi0N{z-vGH>A?wRP0r!=jh&GeyIJw`PYs6#fu)dDYqQ@;
z*nQ-wdfeUlTA%FtH!~(*D_(jb>MJ9++nAVuuM2QN4Zp8WoO?dkoQ-RuM}KbtbfP94
zD(~qu$SeEmcr)mJWmx31qC;^=@bdH1DA;59NNUy$-#AHT2J;BS{b>ahEb-Cm)hYO;
zMn1SI@>%#)hjoHr5hv3{<7>WHZm2l6;Z3SKrH1?I_lHGM`8o`o1?<smsF#I{D|I9X
z9Rjd0A_I(au&RLOs#IHwe}S~aC#wu#Vj}%S)_>873@XWSjVIp5+HsliYH0H4jh$uT
zb+&{;8E?*r4y-@;0*%C8&FJQ%n&|*#S;DkDM?F|_0^&AT(%tj1Z6&>I>+rA2K#ypf
zYUob9^7)358P?1xW$R8WLvJP+K0z3se-gtDZFgR+dz=V)ygeb*3^d=w&pd;>-JTY7
zysYWalf3Wwhl8=$&lr%!wdyGPJ?tTd0lAS0obROhLx<=b5;ETAkF(BkubSaat`en|
zY6Cwqg#H=#aDTm|U+~iH?w!}0siA|92)nFXf*XQEPAvKr$$b_mqfz;04~sdxi*ZYr
zNP|8QG1}i_+x*rX(OV5K4vtBr)Xi=uO`YVp>4Z7U{pnRakLs3PyE{ZFp<IqK{b632
zX!1%H<n{CT%Gb8SnZ>wTWi}hf#g;0g4MFXEZ^*JRY^F;SW!IQDNE?<K?A)PBje?7L
zXtRoS+28v>h}ALJv+jakZO(oyoUhX!@Ix(_w8fC7P@Bc<FW)|!o<zx#=cQk4KU{Xp
zxjU#CB>yBRP)ikWsg~cEtKIgvx`pe600XCKQzCV8ca=^iANXEO(F>NI+pEV9o$s#<
zMt$T0PS+6uV#$Gro>1WXt4l}L2acsD;I|pK*g}W=m5r$T2rY*kP5v%;nPTdJq*J<)
zfu!+|Vn#QvNK#hD_b{&OAFH*9fE@G#&O>~*jhb2oJ+cbkeJ}t)V=()4y+shFEIzLT
z0!&<$ii{rgFHn5acu?RVto!}(aF&?2-ryTyDAfew8BUETl?ul<csd|Qs?Bevnn$2o
zcUCS(x#}ElK?nV%B+&o*qzK;YD7M#`Y8w6;^OtKWV!go}v-T*BvA!h}GTFztMi9Cj
zyg{!e+S#Q#WCI<xU(LvhflQSPSOs6*4kB$WpyoNN>c4>(8^o+BwumqI_c~IarWB8j
zu%fJ5FgJT)IPi09HJ_rk?Zbb~njU>xVq2C!H^g$~ZQsWUc-(o3KHppB<?HualhFA?
zf_Atau3f~vl%RUZ;zPEPdW2c6D>7O&xLP;lpTXxpB$2tK5N+LL!{g$7NYoMNHmFn~
zz;uU#7L>;SU_wN4#sSz=n^+hTezhH?E)pZV92pzt5z2QDcW8ir(CZBLovwPv2B)}{
zy!tuP>osyrus#<sH39K5jBIK@xp_V*GKbBubS=hVN^o;>-`Zj>?C_jlq*{R%7mg$y
z_KuoU$YD715lmJ4ts40ApXG!cM|6NJ()MHuF21L5<AUK3{=jXPJm~F%1$shWo}-o#
z$8M@UNVo0cz^7V3LRy#&*Uv!xG6+3x`_S(tkphP0!iFc|=&vqbsh|oyF76yh4b}29
zAKYx5a4MOn>G2#j-!Wey3+r=I8iW<;nxhd&fW&pz(>X!Et7iX6woplZTeAPsVWU)@
zI9G)}O|{K}pMcHm)h;4xk`nwmYy(%0O&(B-;>m{vzNY!S_C1qV9+}DhDDk#-g{PV!
z?WVtXlk5pIX9hcNVt5DodYa}BK(2UCqK|Yb*oH%`jf8j7u~62J4as}c%&hh1iOmM=
zq$Ac70$89ux|78hXgE=Y>5$2}yTq^~$uDH!Z@*>*n!M7Em5pJ!@$mZXmjh1&fu9iG
z{AX7s*z()q$!w-P8f1NTf*Cw5Gt1{SHeu_lSGtG=uM2_ms=a#~P}X1bmE$e+J1s1v
z?+nLTOnkdB)QV%r>#%gZswmLI$p3bbC%^i7dfmrfEbupZ%E$d#W`7acZy8Ui6p&np
zg(g_MF4Or0b48(cF^8#`R?L?N5VkNam2`qI$4!aKYq-(8b+%PF>yC7WySO$Dce;QL
zqB>T^;P=@fyF{-L?HyIQ3h&Ob6YGDAEY&s^`2wCEJL@D5+iKU>S|=;DO`C80B0m*3
zKU3VWeK(l_&&6U56w715p_TYH=2kwaNoRZbjS1uMd8%tn)&jZilBKg7-K@9SKnOSc
zqo2=#1>Vm$Ha{lFbLc)!E7Lb0=p;@Wvb}4<{RuC%zEbD0R6lI(CwgFD6hfE2yl`id
z{VY;P3z*^BNROx?d-XaL-#@`+OF#)ls~l%#N1_MZB--T-uC29>%_FHrzd;Qf@rvdP
zv!yp=&!pe->{bU0jT^Az?9QHxxXVAFyfy)LK6Z?L(Bl9{^OR_RZD}>5Kiu3AQKCG*
zyNySrq-z(9+i`EISLrG3yY0F{C$B+C8i^oV9ffdglU|_x=g^BQX0wWsxW^`9k~E$q
zEF5u&j4MQ2#0}|%#NgOdK_)<{=G9m0xd^e9TjMKZO7+rtvN+L#_1|~6tzSHyz8u@Y
zQkK+9nX`L;S-S2@JZ<p!n3uUzH*cCA4llvw#Br2U1ZIH3re8l7qZ8aN|Ft=E|MnZ`
z%pYKX2UwIM(wCy+u40+3)a-e0DRB0;|LD*n(n9I!Jt2V~*ijH(PeFi^AKhT=P3wqw
z7izx}THChsKT6UrMEwthx(%wa<)(n+>+qU|7p5-MR#9STVRwypJ!LBL1Q#|W_M7E?
z9Ng!376!=PuXX+U&(Jy1t@~ZT5RR6{1SrSl#avYcpL@uqU*DopO`A-F?qD@v?GTO$
z)fC0`Dc>q;Q13%Qjxl?cp1vh*nef~kZet}@{nI@#H|UYahw9j%UP5Bb*Me4>JdGxW
zn4`Q~?)X&kjBFdG9&v2N*Dm*JM8bQj$q`&V=sy_{-3%{mHoiPfWXhanYA30o55{sa
zUsOj=_4VkW=0L{&Xx``dn!kzgR`@3+W+EWC=Ujm+>amF5m~Du4)OVkD?Z2Fgm5^g%
zTKBmc_20hTtwMj<kLVEN7jn1k6ZF)vSHrFAhGg-jW#IXt<O%*!Ss+K~uXz0w{6WI~
z4gB#v=*bAG?yYds>@lo-Hu>P2o<@8D_LXJd(FP7S1$hd}<3hMDAymBxb^6pwTTSUR
z0?lWV6A`OUypUqj8PrS&zl6YzkpBK|AC6*lzujv!<VuSul_fP(5RnthgnSoc7ZLe4
z`p}iAh1*cqaTLRCijIEIGJ;SGqgBbC1z$bmyc4vzk5t|A#8FSr!)DKMV)<yan}p^E
z8WLonU9otYh_qFByACb!+H8qa>(h&sER$qp3=&nPv;mOW)VOULhJ@mo<;!jCiELY<
z&wpqOqap8WdXofe7#Ih)MyyRHIvUZYU!SukRvOhfvxhMN-<^qC2j8j6Q&Emu-|MzU
zMjvw}oHp)0+9-#3uPS7z1fRWYM5ol8IkCW@ZD@`gZm}O$5f|1;kA#<+2++mo*-EEY
zw|N?i#g&LN-+EBRtlss{_dy*L?vQ)7HV@nCVwBb4)a3b2Q?5_x71NJ@-B7Tdm~AbD
zxogj@g&1U8o}Vv;Ao{jge|?9oGQZ>R?Na4eY$p8tK)|^p;1}+wb^mD)D)RbF?osq0
z-a*_Sq*2{ZQXjLn3JNvdSiZjTWW6srEl(mnJBgX~FU(0(TWjmXA$i?m*$c8!{Q0RB
z6_C{)iHs+s>w?DY$8j^yvO2kWY7O21<NA`*^E}%VO2<z`Ew1&^78M&0s|V?NVCVX&
z*nN^w(H2R^mADh`P295jC13u&+<S<KR;#dS^TRStuFoYU@eBm(VOW=5Z*S~Fq8$~B
zcFc)Lo5N=6OB}j<8o-ZFQ)SqPvqa*4Mx6-&+N*vnxgyzJ+;TLO*QmRaeuRX_mjwL8
zY_je}m?Oi$`|#7T=dmCO)0fIS`O2%89jqVny&N8i0cXEOP1{B3UndhIsa|o%;*n9H
z*@4A2jeoR1iSqKv`#p8NPp2yFtP6mOq(Xg4O&S&(AjF^6^q4-j*Hl;QS9vTVp^=A{
zCR;-CIP3NaQcd8AAT1M-L=^fzXCdZ{pd0nv(5>1-1S&MNMTzNR_6Hs}EtcrpPs+{;
zH36jm0#Z5Cc)ho)-~*isAdC~^GgP`uh<@NY9TWG5<O^gohHE4oeKA1eL0*K{MSpo!
zNmZB==}c*8)_OW+ovvQBPSIa0C~G0dn@i<n1)OwiZk)?8=Kv;d2**34S8r-|Cy4v`
zA`lw8P^W064(;gM))4R|HlSN1D~}vNuOn*km>~fW5*1I>AX(czO33yeqIWGbvUC6B
z!Gc6S&U>xLJBSW<m~9>U#SgD~%!<3uT>g0+863acm<i&pFN>k^{iU-sv~O%yq7lxL
z62N|tP!y1L_qY*cU+joYj#@=EqOP7cU0kjss9c$Ce#+c*y1d$@jbD%^qveVT?GW$S
zQh@-h>F~X|ny$K#LGW<l*DSeujNK;{4UCOpv!C0$t-kqxNq0)*?>0i4oX?J+qqC28
zo?)A7-$=LK6T>6hg~_{h3_5ofr%wm3A#0vzlaf34>?G*-7bm3RzoG6kRlVPrBH>&J
z_@I(Azz-BC27Ih4P%0Kp&$hO_Q|B~lqWBW1J3|z(UogntXA<@$eCwKgmUjql?d#I%
z-&jsuP{Z$RMqdlHa2dJ45k4n6*e4c9D?S+j)8cBdQp%xmNHJD>CP(Q;B9(JoS59lc
zfz7}WJ5CqKrvi-6TFV!5tP0O|z!198GNHrY#`s#Ysj6mQmTX0&Av54vt#239`9RRU
zsj}pVzIq%;y(ew2$}Ek;&en7mESNIxdZ8|DIL6c0BOpyHP6wVIzN?0J^^{BUxmJOT
z@_tnWYWaPvvQ`ahm>YTAeK`f;z!GqdYsDb+2PK4|O!kI>NsX<{)@0D9xkP|58-F&$
zQNI$`U9)iml0QQo?7bdk4ffbg<g+tt92)%jGV~?W_^3~9x%(J-ye^>Txw9kzN13x^
zYWLwMmbA&7e10~K!jhWgVzWp9-wz5by$#l*pdM!;Acnc`1t}%j&XJ`}$!)nPJ%e{p
zlMASpn$ax8u0L8_uCvhK5zu6q&CX?JSP7aT$hcd%?+88`GQ+&NhA*{1WljjLM`}3b
zbMzm7D>nqMu3(0@hioH}T>^-jR=b*NAKNKaUB~I$4FPq}fcLkA?pBKj>d1Yf12f~}
z<w6BzH$zYqv#Aj7Qd6Kppv<PY;KU#m$GP0q-V39=u8ptgPc9Uz<yjnORAiF|#-2aK
zc74wL5%&eUgNEB(i~l6u9?t*{%15<`3Ja3??iU?l4-wRXZ_G6%@KtvBf{pXpGKpxt
z)I<L#c(|$SL%E%$%2by-t#9`7YA-yOKPPatWPSkb&NLP-TWsLYN(8`+{Ch{m)X#>5
z4u|QXnA9tVjHd%dA^);H>9g{i%&>?JtnPjHKrN-a9!#p0Y)`=+zn!SMLpfLvSPzX_
z=SW)mGg<aj6|~#+yoyB(N|Yv9gICwEl!!*W%kW2s6K`z4xAxtwFQTAOkjg(BbWlTp
z6#OFtHfaDFyqS7dBonc)X}e&3sGf8USA%zbi%Wq_x<OreipaMga<M6~wc7WAuNr}G
zhVJOUlMp`iE4;sy=WKg{_(6sf?yT{=1{GAgMuu-@9_pbN2{dx!Q>6W+Pp|(%2-yYV
z)>se{?PzIHP>L-+#Z$_P;tf>%q*A3*phu1r(4_`>$$Q~8guJ>u4Xz%_7uB7$DH;3_
zQ8KANEtTqaVtLyCAs1vGt_4QWZzuyLiwtnV6=p@iF}HuUNX9<CQ-Tkd`UUC?+O3kc
z%fy3UH;|ojt(!a5`Dw4gJi{v=EZOhpUwQFHj|EtTs}gqw-1?b81&%nG@Q3=6t^HlT
z3j>o~Bza)&HwUK?C6fWy`xbSDR*zVtU?U?g{BNFHFo~E`E#n(UPy&1z!D>L>-t&W?
z(6zprtUbs&j<Lxm-hoCiXWm$Y@H6@8udfl!e>mN~)4a8cEohQyi&YKodf@D()EZwI
zd>-51n>A`CnHx#x4Nm>MO?xXt&YCMwOl-Qw_NEL~Xs~=0(xz2Wb9J`;>o4EKWu2jH
zv2s7BH#>v9GUJY8!4?61Cj~~U5ZyN7>Ygs3pS(d<_z_mb_&WjZ=RoSzOcnN4{|B}m
zREUOhSYf5pa|YUb#hf)n!M*P{eFI!y1g<%5uO#2qx(>sgn@WdVWU#OR-*2enP1tLE
zb*R|~>1wFl96NY<3HjfacNyhJ-!U<N)fbJdGd0KuXK!5c**HUrZZr~pZzMYG2#}rv
zR6_i^o7>1W<A2qm61drVBDzQY$wk~+IpYJj@I76}@}`vMzkOZw3Twio2*^U;5r*sy
zmOD(9=@*qpBAyuk2>z;kAwOmsm(5Bh&~kY|F&#a#JE`zgaUDeDLI1=vd@q54p1;2`
zp}!}76fre9V&uAVSNQyJq>HFqJ?6>j^7z|%jtR5UBB!+i^7M*zzm1j80;z9TszQQ4
z&(j@c0fuG=;roZP_e{s~2Uqem3?s75wlCgD+9t*ZtJ+;p<)x>S{rg>6EM8_~$+;cJ
z^>LH?2SF>6{#`5MhI5JU{-Wkz((2rc&g@ti0~k95VMc7NxXUknkCwzP{;(vayfDuH
zJ}d#pMv>OA;yn{u-S+R!LT-zT)24n`4GtwOv5K&G|M?h`n^-p|`L+AzPwL$9U;M|7
z%@_MHFRbTZ2!!`e(z`g0Zm95`)-jCA@f-)MB9<`uy(AH1)EU>sI+BiE@gE#o6LmPw
zLzCeNUr{7-qP~1*>Px93pB1rlE5J5Vm?sx2wMNuEBlEpXJ?U(Y*Wk|C$ukbhGzkN%
z37=g0t4KtGet6)SXm}W57j?H2Y$Q5w5Y=Dpapn<MZXu5i+OkCgCK9$j5g&wzoaC#s
z%C|?l@6OBJ6d)M?FcA$~zJOB%H@=z`$5R$xe#DmmgZ$czDN(Z~uR9N=W?Hg<nB7_U
z<}pp`=OSQ#t~SH{hUF9`_d^0*wXL8?#Pk9TrQ2PH2XYHF-O1+ef5n1fG1wK_$ri;9
zR~MBpiaumj;2EX&_d<BWMM#FB1x0-Laam!<L#uKcOM@uH_{Rmviaf<3_hTo5S8cAh
zKR;q=|C24P1NG^<y#M2GPeR7Zu5Y>VqoqtP^s}oxX`^=B#j9A)T^Mr{oJO^zs^)w}
z$z0ze4Gc*`{NWLml8G7MzW(d6q*%#yX3|)rzC}JpfP3gTT9`~7OIB~;U<(5pP`4T0
z7bMt)RJBf?HFm#CzB!JRfW}y>?^38ldL_^A;<moL*ztq~y~l|iD>dUptSr<qmq%ou
zEND`hFQ&#J5!dIl$N{?=O4(vuJQw|T_8TZA*!BENDH%G}?><iKEl>5XCp}?&by+m1
zacmk@^4JK`9&B-gnUEaz=J?zc8Bv%zj9`~zycL=2dDMG0gmlPWMJEb4*-dibtP_8o
z{Pk?fSVjKO6-d~hHVj{AGHhGb`RH{BwcVxkJNd~b`*y3}n}VM;b?56IeX`Qs+q*Y0
z#uel$so_-%na+@%pnJT9G9Q5{gVFBX&!D~**r)$5>-q+=#6cNLE^E}*FcLw4X93|E
zVj9lpZ};B#nMU)QVIidinw#+Zd-KF$JZ<1taP+z8U&LQ>9o~%6?*i?3#(-S+YPH0Q
zjw1%Xm=nPrk({8+tVr~Wa`i|(MD*1~`@zy>OK|lYEQL1QckkVkn$M4U4yz9dQhkFZ
zw>0Z{UCp+N8<%f+)ZDT9Isog}`nrZB_P2Cbn)CbgOt)Hinfji~E74%j=u2looD30c
zIh{%<<Z_9+wv*4Cj}V1DO;xo>DQUR~zM$lL-5IWaG7KBiOdWgv%l+llwDWk0HiIOM
z8R7MT_ngyp<`~oJu(({|nuWbv<bX&>__h9dbS5ZnDM-s{ziyCM>LU=i8aocT6&`#n
zVOjREus`G;CZTo3;GWpykpa%BGM>p%A@q?kiaI>?Yn+qFO5=5-<sj;4fg0TzPSXGp
z18xsx_fJqBzjbJEEnNI`QNA1&JSO7`yV~_UMmz?yi4T|AwHYO&Ufz-;B%J21c@^Y7
z+1_?Nf%K2kMh5S`_b#&4uwQw>w1cG7E#WK@Xp$;e?qkA(zowpkfPdcuCwZauq#<@x
z<rm6*q|-}ewF<HQN{5>9C*lQ4dGQb8tzPd|f9&knkAFPVAkrtYIV^1LL;pVAQC__8
z!4x~Qj0{Vv_3jKb93!KL*)ilR4c4E---*FSEL(jwtH-Cj&D~9RLdQ((XkSj1>&$S3
z7Ri_@HwBh}7{wQFDvXi%abkLY@=ei0PfuA~%v{aDYq8=n8&IM$*Q~2O-x`$Y@sA%9
zIx-3>zvnlt%D>_CAPYUtC*Piv8b+1MG~bu}2pzV&i8|@)vrVZq{|Q@;4gWMa1+o0?
zuLUP)tM|_EO|T;o=eNU)aE>HMxeM$dT70cy*C9iflV6T_8P*(r2W@GK9`s)xRL+cN
z%gh6Q3N%O4T<a+5amGRwnkE<&&)K=!kWr)&kaPpR3gfw2?-Fk($ji2K$g&M~V%$5M
zl4!_(S0LDVaLC+G(A66Ua!4!DX0OFqor*-0$?HLhJ?_OVL-9pP0}_<c@f|Qz%+zYj
z&Pd_3$8Sa6iIQuLP^MP&D9^gNc1I_CFyXP6P%?N>xmeLVjtR%%v2c&(ZiU^Ud@<_C
z5T&jZN*Z!`++X;t{AQO9MYz@`r0t~qa69>$^{RKR{sz6<)<~oZZHS~Ozy+4i0`^zU
zZ@2JhK+TvuUjRR(Tb(H2?vCs?0P$=PXV;DDmp*k9y;+s5!~TEzwCtSUr}3DTf{1e1
zy=bU+?8zjv|H<u|44=;sd)AGz7iqKQ>dZd%Hz;e8qD8F1{-Bz|wiXxYX!wZz=@!}U
zc=vHCnYDzw6nYCcjgp9X%#g?ge=p6q(lK>2?8IvBbY?tNuRrvUhf7Mx0dyh2x!mwN
z3))1~Z<?Z02F1%<B?d93tlJm_9zN}G41ew6#YnrL&~RZu0geMl#u$iN-~AQO0mq8%
zl~;X)_d>DTJDxkAEuv`qq2nS4Ejmo0_FAC)6(2<bV5mwi=<%VaPHrMy9$%TI*5-8F
z+pYkT1&y|NjYn_(EN54lsR*9*Y8nduEbjX0z__%Rel4%K{qo<nrWQn+u}>va1a|uO
z4rj-rh&DV;Ku{1MV^ZB3en!=?s}}3v&HRElSdyud>ss<m(3L8An645JZ0{=#B%G%}
z>_Q~f0~A+fZiU=pdd`Z;DLhK3aR22lnLHH%#j8YnF>P}sbYAB-ZTD0_=pp<NU@@&@
zhg?97_#FgC$@BHY2bM+FheTrYOsgw0_I?Q;dTUwYYii^Lj>x;*+@6r(f^LW~6EdW5
zP6-m0g~#M_0MjmvrTogzb`>V*T3mOj9p~Qr)tj-RzWX>Xz)0h|Xyc$J-G~H2DPD^K
z@0DL+N?kcbv(r1UmuM;kbF2=#xb$I60N-E8J<KaCpVaE}Z_}}RJWpv?rg-oft*y2B
zAqu6T=zk#Db?&3V9z8TA3dSIksgysjpjI{Ko}rw~0NO8*(<!A4#sezN;m82zpZR;)
z5Qe2{Ji{8_CpjBm`{)0TZJR_WgP!<_n5=fBR$5ZVbFJ0wLB@MhQda~=HSfsISssy9
z<(KMb{d^3Zq!-?M{}uS#;6~PZs}>de)4=q4TkM${pTtIl>O#te?wULA%9m15<1a)l
zTC@u^#$=;*rMjL)P*C(2#Tn!X+e=}UgHCh?KRl{ck65jppn?A6BzTg?$(=h5H?>Mm
zxUHA=6Wr`;q$Zy+EA=u|X(>p5GARsY{Q^N4k0tlMbC(Bma6h=}7$!k89P<$L-UK+>
ztFV4X{y;mY2(ChkJKY+s?9U$GcOYwB2cileCt|lFu`bX&FAi+8W;dG~UuiV3!5sXF
zqgSi&;X{gN6QdD;&JUc6!ADUm4F)<(yT89UgJY84<V~L;=0Cy(=Xj`Chp3+}E`Brz
zVa$2C@4Ls=YL#0AX@B4Gl<K(@T7W6Yd;?!BPlQuc@Rc~0HsXv*;0@51j=|S(3)Bc4
z)%Bb_H_Z4=XVL|vM?wjGwNtzPmI$k9UO0@oG(Jm>$@VPnBAt<4j-yWd1W7)Gai@E-
z@I>W(^Z&P4g~>jXx5UBVIHPquyHLg=NLKVcXB@}9Ie;9!@X-Vq77UHeh{75kWuXoz
z_LelqTU;ifth->~UG~&(YdP_hv(x8#PB*~{3weGD;zg2y3Gbbtysl1!9vC1DG<qG%
z@rB$LHa0sn8H%1H&3vK@X4B?X3)0Ttp;gv;XIn8v3E=?TKR!d7fD_9q5nkv6aP{B!
zGMfJNujkN@6K8u6@ptX$Ny_Ie%9_<1W%{o);Q}?UcPH`oDA;teNe%EddA2^nT1yIp
zfU3@n4hf`i_qO)X*K3mS(v9{{gfj1W#|EDnDjvY_K(-ATuD>4$Fh_H>oEN$pbI06r
z3sRpLIG;DE<9p&Tuf>~N2{nOe_RpIW#PauJqoK0f){~#XF}xD{G54Y61)tI{&)Bv^
z1=!Ry=%59h*c>;LYzY%zV0j*1J=sPpsayzLTQ7W5RCOSBlmd;)9Up;t+S{5>ioW-(
z$oDhG*Dt`+<!^kTVG@vR*N>3H?z)1{a4;sUA5a$~=ed`>eyfdY2TbZfd^-+k0wl!H
zN@({(A5-92UB>e!puYh!^TZ1$P<aL`0d)?t`L7WZ5I2l<KQsl@5K4Q2;ikNH_z3U#
zM(0{>7T)=Dee71%1S>I5(Cr*p;^^^lSWOL7O-qF;6{jZckgG#zR2HtGATv!c3pnrp
zq_S8gLVi+*RP^d|EpOOm3=bn@wCP_{+d4GYFE&srAJmSgEe5K#p<W98QK|WRdUt)P
zL&C?<g*Be8gzCCihelk~is)!P|7?%gicvtX>#F6blpU<^f>@r>l7Y$h5=#ljuGaru
zU6Vn`&(!$1E$bcXDsbJM5az$gRfFa~SpqF0Fg!r1<-#Bj@WyVVB}6u=*?1dK-=AOf
zEX^TbN8K00pRQYwhuj*_zXr_4yXqeWJd=#SB>_zI#1&9}<@dnFo3qB;dPqLtjoG%?
zfcn?+<2!0cxmnOemGh5vkOJHx8Zi%fX$x8ySAF+Apc6Uw{GmG&b&3F~Q;|+j6#%g1
z#JbW%jNZ1SaSV>VMoO%@Upv*-Dyhq*G&oP_r4I2eZL3Dh9BsoZT(8`dz@{1qv9_%A
zZkH-=TJy1h`I>Saz8~P-qdr5tSu!|}90OF(v8Tue(0koe0DKA*U}3Jf(OrlfF#P_Q
z`$yI37$9uKMtNP)@HFP@>f_8^vE%h{1}3zSn#IcYn2o>C4IRUyS@iNTzEAK>D+zX+
zytb5?L;21Y!>oU<-q+Tjo^^MzClzG@ZR|JW<kAH5_t;aAjs+~mX!@U7#IjYa{^}K;
z|9ZA6WqYP}-&MDS5$2(qBh)^2b;67P_?_&;#3j62>%=mFnId3`En3IA9ijb1gl@wa
zU49$b{R|Zh{TBs&Ga>T6`^=@ze)aPsM^xaa1$-g<<P2hj56;yq<ODLqWk?qIirz05
zR-9pFoxlg9KGatjw~v-^Lsu)xP4eWcT$g(+1rHePk0XB~y1;1+Tt*)>pAEtN@GrB%
z&292Z-9H*wEvdCm|GB-9$`tp!Gp)<{-cjF`Bedq^JEqwYEN}q=&>@(V82RLN+F3lv
z`_ke7%*Q&lVf%ai)INU3L%!m2?E2Pz?;b~Qf5Q2cEr3x(%mc&K0Qcv<hu?78h%m1H
z0p}ZqF0t$K{(QzzxraW|6GLNt=<RQnQU)ZcVP#c&wTO~l<#jszzef0A%=;QKh#WkH
zjR9U4adnW^<1pb<yx!;LyynjNm=?IdbF@=E^(F=XB_fIHTMKYuj(yzp%$;_yUu~>M
zEFwtwKs9Z>c&AfY9$gF^5B3i{@OdWpcG2B)ASTq2ls$IsQyyWH*$;!4KNX;VwpLL?
zvdvrCG<Ho4g^`1M^KK@aYl$L5^{hs|Q|gGq<1J;ss2PjamD`L}2E?I8KZRa(vUCV^
zI<c%^&iBc>q)rz*+u%p(58VFjI+C>K(PO7>f_ke6uY;wQfZiKv2PaU8wo<1S5z8@Y
z9O4#W)eV~lXn^@lh&EIktosUr;@E)Wd$%3%)=>-WmwOZ1h-Sy?A9YJ*j7G)?fAG~e
zd!4TV`(g|UHO<PZTP$5ENAq>2e}25G>_4w*9KCtHZm|!w1f!V<l?vYgKB##rck<^^
zgXfSca1e70Tm9}+4SJt|ml@!4TZqoE$>=@pi-Qx!u{0QZ$9|4+Ke=#y?`DPz8fpw0
z;kyE?vhML?y{N|&FRt&98q5NieUP_n%6<N4kjy`r%9Wh|{;hh04`)S7?@M;`aoJZ_
za`#VJ*P(dn)Rf|g$dG8b1sG7344Ic514ykEuVKOrg9FYc)zF*|1z4r4%V6S?K)~=~
zyICIGIfL(mW0?Tt^T;E!xkjt2Z)`hzT~)-~93O4xA%jZrry`>Qg}g!*rSWHnj1nPU
zzb@ty4A!W9Wic-8ZSD*3AZ|?K_7=_m*8+HpQaz!kYQHZ`(CNx*P9?rtX@FidN%}o^
zME-+TmqKGbGum^<V_}erD6l`xxS9jk*_r~1>P86UV-;}3vR;_kGp<7W3Jd&Ze-8gI
z^s*b24jbzr6Sjeg=F^}0e)?WCvP07tMYYj~2OW2Mk|B%e^;S0M=5U5K@7sqfRJ)8P
z{nqjs1wOnU08bHU_xke}Jgn-TwDfZZ#?)aG(ZZv}W}|a8ul&Oeh<p`l|Iv=F9Prc+
zd$@s^NB;Tu3;7gOy#AXEnQOW6<Be7GaU468M4`*mN&b3x-uff;T{%Fxx(~)$08RO?
zlr~Fo_VuiJaumemn9~uO&an50JEv>io{I=>+Zl!|e%xNH)R6m1iCJ{OO;j(L+DY+F
z^<CWLBw@EGe-K|@$66Q*+Pq3AGVLXAckhCt5;_GqyJhnhOQtA)MJ!+w{b35SLRt=e
zA%#}80Eu5W0kiYmk|#5tKDTWjNX%sFaG+xr;B?HDj|y<R2cB|(&E;yJwFh>v_J%gn
z1H0P?bA8crEVs?Gh-PQXV28F`k)_D|*i3Sh_*&+*ZXgHv{`ayqurLZ~x?+|COT)h8
zLEoNwzLWx44Ds~HnKKQ6ebXAW?V)7oY3^lg=zLN9;Z$4P+o1FScdm?d2Uo68lp=i;
zB?uuc&KOuGape`bk<;1L7(qnmu09Y0$@;qQcY|uE`yn5)k@o8yuhCbnYh=}&q1w=X
zJaN`pQxT{6#aZ!LIX-pPG1hw|Y|O?q-|n<}hDseX{UCSj%&dbbKNlLz$88=M7^oWi
zCSfBUB+ab|RO3&w15YQY()HhY<g<7AC0-Ye9z{Ouv~qygI_)0GgEEy$Asdy|#(?2u
z$aGq%-|m0Q;&4Dd*_jMkLT5brfXT4N6x%(uIxb{~{yuKZgL<9Pf)!VB(hg55_l*1o
zL<}I$IVWL>N{{D)9F3@V_4S_F2D>0vA6rZ$_RG0+{vetzdyIWOFKc+T=V?HgXMK}G
zah~d}dwAF^Elko~{pOUKEQ}`HX0m4jc?`>d%-nhk24en9<vj(1&%AK7@?B5j_MtP3
zf9JVXuMz7sPEgWAYbWUcLQnao*T{CCwYqTAaXCA5vUH7v>@J==219e_*P*!fiI*D;
z3h*l;;mq*g2N;Dr_b6v*#sL3|#sa7|)HbNwGbq>12`Yab%}*-dGtb>ufAZ4oesj(u
zwtN=ebY<|C7+_agoX79%SfzO+d9SDPg?_m+dT~~Q<<GVzOU}p06&b!;RK46EY5DF7
z_UhhZ7B>1<OGPo-OQt8NrF+sj&W=f&;=gZ}HXrR-c(pR8i~9vRa|o43zY|RX{yPzJ
ze=JYSeq$SHoPvCNZt$n}-Q)jwN!#|zsPnpuN#FZ6YzFPdzb(LhjI~!x9e9Vj3iQKC
z%ta6j@(bVK|L?04yL-Lm*4^@2|KFmV+RxW$mA{XdQYgUbXi}1RU&uWu*YUvG_H>Pc
z3jd|+BAVEIA{pX7Ytz1j9!`b}G70>U`hd4%z`q|u9A`7XheZ?SL;w;FzS51Xf`O@l
znnxXa<3~8uoZOa-$K2EC+_W=&D%qsKXMtX{aw<NrJa=*#KK-S7qNWvQM5=$ZPI}55
zn7VnQr}WOm<|m#aZl9qXbUM^YOm^O`suGPt$O11ZAg1CRwP|7+DIBVw95GJ!uu1js
zXwQwv5pGsiq4}Q<8GPC_>Z%om25_tbhHMvs-|ylcl2?P75cOhB?Nm0!NL`)UksW+?
zq=13}vI<wk_nxOgW}Zq8{G0^do&@|GwzfAGpChGzo8w>L2JHt~(panfaMg8?|55~z
zgn%~z;NlTzu#L@ggU$l}2fdzO-mycQuH*`4y-!oiLvY=@*5%LwfckmIIpiRw8v$>*
zf_U{K0|62I34o6U<_)Q`^)H60EE~~64Bn~mwpFew`j6Hjg7o4*Rtx%xLg+?(D7daD
zK}$L;$w<K*nNGsIYIy6W^u4^KGGm(3W>m!>fz+&(e_hAE%4~jM_tsQ!juT!>IrC**
zx$ZGT?<O1>%12B_^XHwC5sF$i%ioC${2l}Sd)PSCcDWqgyP7ZU(`Wb7YxQ-t{s@D&
zJboENhY1wPsR`CC$*jwlyHIc#(70q}ePc=K@!PEtp48D`3#(U6JN3gbZeTtQN(M8A
zK+X_{jZ6H|H)uavDEJH=yi6U8A}tK3;4KpF7=*M)LJac(-9*3#vyJ@)F-CtKE}G^9
zoeHqX@czRZ%B1Cj2iM*&n+W^~gYnD(xFr~Z_l4+tCMmYHfINn0;B6B=SkJ7L??dq+
zd_W6-*7V;o5d(wzUBKYiUh5JKLXrWiTS&wRCN2Xa0PQSX*yS#V7SZPexc&<W{TE$p
zl5(*M5?4}**BO?B+a0nKqMQ46DPg%uL^>bVdJ}bF%VC?B#Mchf==sPvOukAor;v|#
z6kdTHA@x|g5{pryfRFM?qzYMBJG2QFnX8B)K7PG4leJ2EY#)>``O|?CKSD@t@8>md
zbQMtw_}6pWN|_jSJLPL(Cx&VrmWlThdz)nuKJReH^TT(mI;&v6BhI;Nb)vWus7V*?
ziS@!?&?3&d_%-QQJit}RytHCtj8RPB>D?j2KoR)K3DJCwt!A3G%m5gU<qmnBg`YaH
zHc9FH`HTzpJ&Nteqp`54+p$zAJmW=dV@&BNZS>WzfgHp2kKlmYJUw3Sq~Ga@z46C2
zdz~0=={F~O?!p)@)0=66r-&lAs;K(jqp2@Y4s87tSS#Q-wE03pTjbs#8_Eg6)fWB6
zo}C%FI{~Hu>X=6784WhsR!dpWcO1!F%%z7xJ>aZWNb=dgB}<ylx+c$~@ZSn_R3*wj
zRcDatUA}kJnI#nc_G<8u4e~RE7h@1h@ME=^l~xi9Z$ATrTDE#T#%IoGVEY#^is##J
zX!evdCJ4}-@1|1i!@g(z*C*!E<_^Bv9B--F|5No+K&2?a=qDUOc4a5vc?c~BqcIQ}
z%(mjrQsH<@94&Xc>M?F)JV9|(q;TQTVgg=;;{=ti<W9Mtf)2@mOkduoT-JY}ObL`T
zbi7cXg7^0^66pjahCN`P8HMK;ULDE&08378rQeiWjwU6V0^I?ujzZ{)Y38ePu%e~o
zpGj`ZIa%r*{G|%G4%va&6e}P0achCFU7&vgyoEI_(_<Z*%26e^zH9cA{i4`!b2~s*
z*g5?(-b4JPJoP|x=Q@4ek!^GIDb-Pp-KjV+j-AVSm#WyaFt@d}I@dQH;(-38H|6rl
z3v2xG`|HDn2K&WsJHzU`^Kei2eYZd6Dcq1MgkbdhcN$VW*gCfMTtZ6TH~Zhb2;uf$
z8O+?<END37?^uTd4q59^Vf1b%6g{x|cK?Upyx_?eyXSDJPR4|Cr!2KLKKt>rz?Yv2
zJyEZIxqHYKq=6lQ^AQo7aQbeo;rE%`rwQ8YNyqrC$CI@)FpYm^d65<;S$dx&H@}}k
z&C#ibylisKukg%-yq;hCY8RUC)ixpzPCChs?qxVU{v>{p%%xzWiswU8ByI~0Tbr-2
zb0L&*FAc3<)N=wJDBUbko@{m4@mvN10`gj(ag*Yn!^2h5geWkiSOphhbD4cK2vdX7
zjU>hp7nVz+(ctp6pmy>GUN|{(Zm#L{1IQ-#TlXJlQUdXv0H1>2Q4N10^a?~U@ZjV<
zX}`U@UqDN0e3u*o+&}cXu>p}e$)>-qv`_f({QTyE1eq;dZ8=@<Zdt}vwc{w8v;*4?
zQF{A+Rp0N&;i@}u{0&1F)~<4oep~NB>#4`pKAz_ceg7EW%lUr+sg=UPf4(>S;(9$<
zE=%pGOT31f@iP=3lBcKEIuG}LW8Z&UX&^qia<abR8~d3|wchz>0D>F@jSi4~`b7ap
z>?Be521n&)w0mS3Xu+vY@a_e22_Q6lJ`JV8pC2h;vGn)l2IM!Le83N9;05rFOOat%
z<N%;$6k6+2fP0h}nPuE}W*zzb!58d#7`2eX^6bx6TAI!x_n_}=nc~6L3gHJ5SAd`V
zZ>b}fBB);R&9_18{RG(^k4)OaU>u8Anrgc(fP~unDGlf^I25}M18t+_F?h<%HKoSe
zPiOejsT?}yf_qiwn_EgQIxTQ-!jhXQ;%1aJoAd3v`*~+_GE5>S#+b9tE})%wulDHt
zI1+2oV=u_X#yL0F|F5rgU*`Ta9iekDjmugJVaS_*JLN&7o4a-r)eUCKc4htr3k-~m
zVvtbylV2Wx-$^4xvD2v3<iyx*U%C0l0N8zx>BaHfoZ6I^F;G|3lqQ}m6|`BF=Q>zx
zM{%-S4(klruF>9|-i5tD$t(cdyrEpCweIr_gDExW{uHhZJV4`#39iYUAw^)vkVzM5
zC47BxG|B)pqWgP#9v>>o4NdU%Z`2`Fv-#p^3h1xuP?<k68>R%Hm%MsjUbb+)M2b>Z
zQ<Lrqx@Kbl?^YvVQCeie_5e@hz=J}5->XC2Hse1-Kq$iFXlf_%V7K{}0Qh~EX;I5F
z0q8P`W!S--)YVyr!Rjs*PGe0<0prvJ)?wua{@yvIWV-lkXAA0`!<kg`(s6!{7^Ifj
z9NbfqIfsN&?|dWX;&|HxG%DGeF`L^iYrNZBY0D^j&^`RhEk6j`_L|7L_`<+(1Mx}U
zJdo`$^&;((D=nbGnynFKOOe#@M)GB%?wU0*J6BT;;sSnM#eYI3OI+Fy$iKot-Q8d9
z&R4PzF!C%`9Fxhp-tE5s1{<KbA%Rbs)}Rv`V$m~kUfs}}EfM|&zbsj<Peaond=BsM
zZba^>K!r#j@AWwM14KPgd*}hz+(azO1!!Ku5Ym+(9^)8Rwj$^1&U7(PjkJiPyq?>P
z@-16w0k}W@`jz(Pf7gx`!n2yfz?y6a>E~AglaT*fQc5_d&A*R>o=p~D%Vj~ge(o%*
zTvq4}A<wF@UpS)*?C9IUQQESXAh!Wpw>_|Z*Ch{{Dr9U}<vb$T)(2SOE^HKP_Q^QG
z^w*`c$OOQt1;-ic1j=6{&Y|EmfY^nf?ZU}}57<A~Drt4mE*(0MB{w~i$q0&K#_~Mp
z;JQ8z!wfCstni@3_&gGp8KmBsH0&L>I)$;G<5-j~c4S+|Cex0B=+aqa1?Kn%hTR+<
z);P46{wH$_-X1{H?TM_#bCPQ5-X-++<*<O|tDfd`u!STr|3bpLJzx29QCa%C^5sEj
z?&X0`6R^EPYmc8`?A0Qh(%qLZmGy3Mv0<L2Wj~2N&3}}@V@`brU(ZPK;iV{6wYdvV
zPr!h6@Pcze$H3hf!#QEdCf7&s;n0U>9|>p28R1>AYUW7Zp5bYr@u3q^qbL0rQ~uLs
z$}PB~B{Q4fM^>T-CE|^N|KZcmuQ_(W85vH>>w3t)tuEEBMxU)sy*Y@JIj|6bVtU#v
zRVyXSU#0=#Nz^2KtoPlMVsVg8^X+yVGdpF$pSqR>ICWFa|Iu_F{#5>N{5K=(kUfu4
zNoLs@Cxom-WsiI)ip*p?HbsuDBFD%|GP2jfvB|M_94iz#=U9g`?%(<TevjYd`~l~j
z`<(l}-q&@#Ue6blotc0}OpqxoilDabL(^mEPArjMdSn3*?t%Ym3vhwfc;^Rhf~NXC
z#*R}E0;*m1s*f$4ss|%O&jHh2#LO`)_HbbB0a@`nu=9>&NXnd|?43z9nb7|?opkRb
zt6QHq_xMw8g=ZDFcJUua@W~exA7@(l`G1N(DefKlYWyJAH_=%Eh_^u?AMibr5UJj>
zNl;WFYjKnR_iq9|Zvo-Xz#Z^!sE2>q6F{A$m%24Zbu!k9AYYhoLL3)BHq17Y^Nw$}
zd}Z>mk5H|atRFpi{=QJ2=ojK#Xsbm%Bw`l8=NPXQn)BVFL+%e-vU86dJ~TWIzq+A)
zc*FGud&IZJhG5#om3szZD1jUKA=Qu1ue^Piq7>rAkAMCIx_pwiztqY+-_av;NgMUB
zlQ?zLU&t@Q8tM7z?Xxi0c1#TK{XJ&+tXKvRI()<VSRH=8t_VUU%2^eE5b9UY5>)l>
z<KGjUB`9$LMBXiH0gk&ro||o*YWU>R1;08w(CCi2cOvdK@6$fRIS!J3SjmpRgWeuz
zj>wGJ7JF~c6Um0Q<=9!lv7m((e@M%%MVxhV$ywSMXWtMDJN=ja%H|k5jqu+#&PYC{
ztCz`sW!f=cZO;r_at%e9Q_#rKm~x6de)dRhzGjU*3bk}gUm{eupNadSRopk*PAk-k
zzHgG-0a*C6y<Fw%y8nro7PLL*za!6UJbhDW{*zaHMg?VtG?1w6a9iWD-13zb2mV__
z9IS+{7t`12w-ZaF6d55`oGu(DB;~EXzkcgm41duZH(Y<YqnFT>3VF41^|D&>2dOK^
zHF3nq3!k+vvp0w5j&f}k4KpomZCpBnA_koZ0y*rQ3|(VbLilGJ>$cdbaOiKG+{rHu
z<0_cE5Cj(;HxuE4uU#~<WbLge?=D9<Fy_vB&W*g~9L&T*&Sec#^Zoa>(@Nqt>qAdo
zVr<wd{cX7`Eh{sG)Pf(*)!2gymTB-6Npt;AM@@PSWu9X6Lt610@6fF`C~f4AaKb?l
zBXt-|>E-KYx&6VWWY=tD6SOP*eEVlJZ}bBWN)WXkZk=IN8NLlQS-zr1F7_?brF;wv
zG0J(#3b<#eKiZ$`@a+&cw(hDXop=23V)GGa*M8?ivh}%3rBkdOelHs_RN;WmG`=xF
zB|&_(95hm(71r>p=6O3Wy+~r}2!%P8*km}QxP?Wcgfs1LM%VmL2!49YzrkReaWFl&
zC2j+CHZ1|=<!Yg_uzOe3!uVpTqi!W+@Zjs&#c8zm(Vqu=Gl=8-<7ViyUC%$fqgR^V
z&qbk9g^`O}rrLH#iGMsXv$rsd0^2|GE$PFZT8+6ei`0u$+Jum!-<i8UqvLGa->FD?
zS|2z$6eGzY$waD;Qjfo+W!<#BGI{CrD=}<K{c@zo=cy@j>rvm(HD2cw*O!I7V&(Qw
z5{0>{E1a&o2j}#E98cm%O|k6^ecxoieKWh1=`~hoXtFI(&`r@z;u@LaxD&)kgB+bL
zii?Zgj!<bOfKI9=jO1LWbG=DcWhj_2q1T$cZe~);e(_^G{CA?ccF7n!qU7D0)p0b$
zQ+pI>QiBqBk1u{wK&rzo_dFJkr>~#ymB07riZD^bzpuOH!hTHstZ3Y<xtL9|TZ5SW
z#gK~I5HL{_6rE3G6IQ<#UVMcO*w_UnbIHmOBG)7l-pgNGc<vz_nch%+eqvqi#NCZp
z;-2;W9QVc+^f{EG<0IeWVgdQY<wK5loc%B3e;99%l#%9Ya-EwdQWdx^GeGXB;_3ZI
zcMTJqn_`?7z#)(Oa!aAlx8$!8ZJX%(eVCI~nYnI=eo@4FE`3W^YT0B%M{u1oUnrsy
zTwB}Ukjn&lUJ>TMU4}(y6^mXLJJ8A1ON_@kUw&P5M!qve@%~a#AAF=Ct{C$!&~Ll&
zy2WbSH(SkpcVe*BaW-;{otrts{&b~TNH9c4cX^Y{TYNIM5jS>2PG6b+eK?RFSMo`c
zE7B{>t80IfwZCMQmHh=32j7RusXhwo6RNTWBf{s%FuZje-5Z@OcS%}k6?DF5{J*}e
zEXqFrJbC<;hf|Zx!Q1>=$+=3cbVf&S!rH?N!i(xS_t;WhfH@12EY0@wlWMw#55g?9
zH;0nECF(?1I>dO_m-0B9?P8OJo*(f>Y1!zox0;3!=AD~IU=U)|Cf^4^DQ<iYz{QTU
zB}>{|pF&(cHdz<fcRM`X^=$HfM4&YJH2yA?mUhixbvCS1OYstSsL!uE3tltHrXoaU
zrmf6mX(w??<6m*QVzv7f48?Pt^6$Hek3i7If-!Hd9y~~foCgw`4qh7O$UZXo{@pK|
zOaC)p-Fo|BWH;1wD704K*U$KfDS4XEX6=fkr~pxVWuIHS-phc`LahkyP26Mc%Uy}7
z8>m4$^>EznYlO_UG7713V=(DTO3T2I=i3PaPggc#Yzc1L4}I|hXxK2nx!82QTJ|UL
zOojqNQ^OC4Fm3}W7<dU{6N31retz_Y(Yfeieh)l#-2-}uL>r1h{eavTzU~RNw>7Q?
z=6Ny2+scGg=j*^Q$ysHrPTzp{(tJo0wU>$9H+K}bp6=-PKod8@Sq(bFirV}0{chs1
zh(lU^nSL-ozvIJV=A6uxbNQ^kO~b7Tay4##m9<4>6XSb~Dxk#sF<GbWc9d@I!rR?|
zQ^3fy$bYq0+nApC#DrlKyo_M(mVDd<9j}PF@~F1s9_^}Mw+2%%l$hGu!YLG6s!2{B
zceeBAZL=xH@nmlr0vSk#rlBIOJl{SlReR}#-x1<`{{aGCtp8)G)<bNaGo*ybr>l^U
zfX54UqE^^67F@bK3_juIPN9r1H5>t--_GOlWXZ+eE|*6&b`3PX{4G1A)2;>|S-S=`
zUF;yz6(~#*P-Q+F`rUQbIi6vBm-$G0(c-1b*1VxuOivik_g^-Jh@yv=qnX9Q5yx`Z
zBRayBo;R4%0<QVC6#MoK-LvjLdaZ32Pj0(ja2<3k_rK|;*_d;~5c<xt=3d#4s+h(!
zdI~e&zmcm}6d5Npf9=74%gxzC`HYv@KJbv|4wkpYg4qIe$6-Ks*afqska;{%UwSx-
z$HM4XT)8rClJ}o3HrwD|j$wsoPKxWFJ)`T*a!%<NF<TNcYO8GxJM(U>vywfh&U}mQ
zBy7-k#6hNxXeXwbt{*PmfeGC*&XETeW(G?T@sRL7h1Qd~Hb!ZvuE5$Xm;2O|qWl8c
zEKfNn>=Nrl{l%H!RRCGc312#`u?Bef)e7Oh{@EZIqL$5&h<bRI@6@z8bfZ!>pNSla
z@9TY>$f(cQDYT4~h9xhAt|5UEko8c*3&ky}4%p>bd|29TIv~gX&(MckC0rfguIki&
z_^~AXy94&^+|KhjNvOvPpI+#zI7Zugx63@iXT}Z=Vf&5f=Ymg@F0c;g>1xgeCu7m{
zBoM?V;Wi79IdE~Oi!$tymA3lUoxM714hjEVWnJ?<&6;^@l(!pB@1aphf)f4S_tqWP
zM4rsvb{*i_Mo{{*AzHn|+!Y&5ERteRt}}(JOw%%piV!z!x&<zERa#Yl{XHLAtkrtA
zoi({ob@j2Jd#q131+Rp*@Tc^1N83LoeGsI!Ua;azmf)cHse2*)u}FV#q}#U@n><5f
zp=^U7)oJ?cmOUHhHGMrcnr?&Phn=z8f8`NuX!ztQDv3B-`N(h}RghI^B2om9wZ-L3
zLD&p~@7;5AuhywyJVzs8ZY;~fNjB#-$wz+<`5D!Fw-8e-tsg%N(i)`lNkG0|aHu};
z1}L)EZXMdv%RKlYXe4Ry&XEX&5%~4&a2Q_)tL0%*kyH_QhzN$z9=nq{klpYJ`ELba
z=oIkvkM-y=KTDv9SV^}#C<awrT*8$Tj|g7>@8g|_vLIBqWPUxbqua44k6AXK2-$&=
z%*w3Q=-om6+V&c@vyj0eQVlPKh0j8B$UFd>@Un6Hf{hRZElD?2p=cL2@qAj8nQ#W4
zu(Kh%LX{%g62bW3q1f1K@7j#kp2Un4>nFP{JwC2(d2tTMB=aT;v4X$)Q;h12D;?dD
z)u-=O|C^@aId$E9c==I|^=G%^dBYcdkS13djAvC|i44iM1|$ZZF4u*MM3En}Xr+mC
zKlps-?%BYfNr^4pWC*X%K<!%JZ?>-AKEQy}eUFVk`s*U$4>U)!WF>w)H|6x^LMOn;
z3s=u1RP;p!gKsa8-{tDtK-ueKE_d&ka7t?5oOcYXrkH1UaA>p`Q%S&%+TO~dSCYqE
zgZh>SSmiNy1|{V~-^l2;*AU}5C^fAjHSLI!;5`#$zzVJ=^1nZQbiV?mN-aYN9sfYB
zwL94lgAgPVps*hCCNKbkID9{T94Yp|13aZ(g3Fye1qY+3es$B*SwOGVQq+sW4bYrU
zW&%CVd(WAcneeFGRJ?W4P{%uQB~hDKO}y@EfeXTSQg`B6PNf|q@B(@-A_oF-5*1^m
z+>b)S(PWQVPy=(!g%7c0^NY&<Cs&(VpVvVFyXSgk4xpzc2CQ{9A@b1S&e(ssHHABk
z;&v+Dp_t{trgV|c(A{>{&WFTzoCR=ZoclJUn&h0CuP&N5(_UC4?xigSl`u$+ajc!v
zWGaIEa5o_TnQhm<#1f}fbignnLc9w-Mt-e5J{v_$2?joROZI~HdR!8mt^tT7uo&mT
zv(eRT?50Q~<O%u5&e->Q3WQxtC1QIjoJacr80IV=Qe6wryGeXV@;P^=PT#suv9;Ws
zcd~w@O*p2&k)w;2m?-|TjB&?8=WeK(U~|@*%bK6-NH4v-w47e0vo@LTadLNAlGjA*
z!3=ryvWB^`&`25iS6g7a=_e)IuJc16V~-N!=bcgKYA78}pVXYwao)6lP72DJrf$B=
zMZ}hZ)|^v+rn{b~Vtr<|yccw1F_fGJ3IZkWm)Q*DSy7Pt*e5yq+P%Gdy_fgad<s(~
zzBxS1>RtC)7mWHn{Ri5MDtLcDMVv6)iuv5#MCTEYctv1qpv4d_;W+{{CCDG^Aa9$%
zUA;_5;Ke$kp#iAG1Ys6M6Da?f^y{hQn|mMUAgMr#oRJYl?D>DeGSi5e%pH3mATTfY
zs`YE?#^k05g8bseL3o9tom$q5qh}}3)BIbOWuf_8HB*eBdj7!sC9Kdvwu4OPu1JGZ
zuVClV4XtH>N6y)PWWLSNe`~B7wID4_*i=0~$qTV88fVW0y;=Oz{4W#oW^!_<8<k2d
ztx3(i631XDf*@;!dernTcVZ(RnL7h;S@(v=6%lZ*n_(qgo6P`BSW6TVar?=s&p8e0
zKVPEz0g$o)@0%TlBn?CO2Ik032Z!Z|M#Q5}fd8?oilEw`tCZm-LJ%6I{q;%;*$=m~
zh1!FEn?+E<Jao&1^XCUc5FyFAr<t6$#@t1au_eKmW!MK@dp1NhPj4BGa)l4Kt2}!3
z=1Sk#a^dn_?GL;+r!PdD?=esYgLY{l)4i^80f_~csIfd+`TqN|hJTY_8JHLsZU}_|
zLQ!4J7-2lSAH_3E$&?Cf@;CQrBw|dBGw}FTn+2b1%XJUe=H&J_#eS@WkN&*<yNKgL
z`m*A*L(*8DY7Lj1!#((PY{QGpoIm~FRMRq<>16Fy^r$&(_J?Daqf&a=$XMQjOIYaN
z>Y%N<MOZmMRPUzf$QA6fy${UpX$X98_~tW;f5b-37ag^gn5al?kEhJ^n^buk_QMwI
z-7`Z1b}Gt2d+E~d4^DPn49DqDv!%7K-_J?9okk655j^6Va8u%`HG(ICBOm9;^<S;8
z%=ujq|F)YlKFp>?gG3-{jE6oOD9e{lj~<mhC@9=!Pb6V5T7Kdjs}1pu9dyB&jg-uL
z3He&0FGde*U8s#OlPepioRu>v{&qU_v^_*%b)&6{kA3&na+M)?o1s_Y9%%VBvL?hV
z5HoV4`n7lP_h*JPbU3KExV})rS#eK)!?N$hSsoBsg^_DNwrt&5jjkxcdhlY-y@Mgs
z8go}c>fsTX^~BrHkJVlQLLP`#)Ob&??U(1H*~|xt_nGMW;@O*=jd9jTO9Hn;m^vQ3
zmFICdUAJK^sIqH$sxu)@qv6J>fL*e9Q!M-;@xWP_`TL_X^C{0J;XQqyvwU=3_m^A$
z{47GwaoeFVOmynl$0IsT)%DNgYePRk$<ZvbrXQb2Tn>=lx=s02CCohtkN&NOht=h1
zyxh{O7h-myRyW|kpy~S8am2=d`*rQ_u-&4>?arVz<_5^R`Jnp5tlt9_l;!W%j>|ST
zOq0pCPL!f#L~g3`XCX$>+1iZBzfF(jBxQF`oahd`gDt@8lqC412i^S-N1K&vD#adM
zFCnF+<GNsZkGkFCnRuVSLBD1>;FZ*P^DuQHaxAebWyqP=%j@N2ajVt!>pm>Tw=Q;S
zAZ9}^r(#YbDE+_N>AobFHur7G!^#>79dMVPwiFH7jgSe+jfE&HChe93v$Ius@jmfG
zAeNi3>lKm4y`wzjiu95mcWE=ZnP?7nr*OZn9mga={HFMeE@FrUuXpOL6DQK<%{}2Y
zl=SEG45aFcw{P#GtB0x2w}l_EVLjNi)_m?dA3%NWI~OI2oP%Re92%J}O5MYw$X}kA
z4NcDQJ5XJlwYjlsLKT_jeCnD-uT7Z<=pJF%PLP=aBC))$pJhw@UIeKZJEYBBT>0l0
zYbv8si~XFn1wU3XqP|{&00X~eKN&%H&1HpbVM1EP7BpUYH3qMfoV2h)D4B4l`RZh|
z2NUse<~0P_q&Ut@Nf6ISvIpVN9kG~2x~^FlaqP3QE61-CoW@h?u2q8StbHx@Q8}QE
zOP4Ek^X=dhKo;<LRtSEisf)J1D362I;6<jI90eC!UCSF@E<V7*6<j)2d`W@EfS64R
zVSgG`YG5|BICJ@(!}8n#hlOh%g=IEC)0Dvuru$44F?`BAcg@J){oThL-rBls($Jri
zU{*SWjr#Lr+R&vX6=&ASy+vkHwyx4MN<hc$CGzL?*BLokL65~jOJg(Qy5zVnw@zER
zWk7gA{s%a=LvdY|06AHhZ&ElX!#k^}X6kL00?=2b_@1U+zt8v~Sk_YaZfU!{42#{>
zK2fu~U$PXw$Hj!!6!V=eIc3)y?fp~Rffg(VA&v@=K}krC^FS-jH9^9^{qga!@qhbc
z|0JBAdYm5Y1c6+p7ik1?mDi~+fOl2j)7FvE?rz<_U-AwzCeO;@es}&^My<t$cJwU;
zdiour=fBzt=iL-}NCcJT1H3#bA87CtA;VzVIIiOCjgW-}Sdhb!O91!k1Np_%{RRFa
zJT^apbl~C62gszoA}iuyW>^d?khrOaiy3j8;O@Fk=I4*8-c5XegIP=wd9cHJxcGYv
zx0Y?~AZC68Uf8s&_b2c;5(O%_MpC?EF<n;u7=9lHD1<l7x-8F1u0(d+o#T43+|;<j
zcHtHgusz;CcvCg#UvF^V7jWrQ%}|qqaGY)Y;a-g+L1n7#nhMBrVuSVMC#lfFz`-Si
zfL2~@^aQ<U><yD;f-V9b*tPW3=>{ZsqWp@Xqp0&I-L7xZ;V)(i-%bG%Ft%*Z@2v)i
zFm%r<?()`XHpK)O^=}w36V&T^I!%FR-PN-1<vYwMfzByQ@v5@-Kh4*nd+)8qUb$fi
z*O${*x>jy}7j|z;ZmP#_my>?H*FnGP5T9`J+n|R6wThE|l_hW*_UE~wS4A5~Ld3Cf
z=kDOce+B90fv^974;k|GVRPh?;k7ry;RHr-=+)p%r3^(WBR`!((m%(;nH%7-ZWVVc
z;3}!q2WoI^ZlmKvTWn<pi1+~DYSJaJ$L!WFY7~q_Ov15nW5G;F8YqqJVt(roy9ZVw
zt4U={5)XkRd{{{4$18as%uj~0fiNShNag-pOx!%zZ<{HYx3~OxIvljRZE+0#`Q;<@
z0)5#Q<l0Wq)X%_i=Z^l-iuGxE-ph60ZAEASq4yuB|6d|3bnDFL<lYVPp*Y6mvEbG6
z&tcE#B9(|hJ;pD-T%VKX&Sr03=rDi3PhUyOAOiUL=iLojh?x0T5y3sfHKC4KV}=9R
zCCK|#k#1E|tWDt15A6Ja^ArtWjsgbn04KOXym{#puJfv~-wG`2uDHQ1bE~1XZdbU8
zh*QeZyyES*sXoE~vF6ws1q!idieY?>VqMSv{bEnxPKXHJ&wTqaI^?4=K9+eEzlE-y
z848e8j<N3;)Z%S%z$s5B%7Nqpqc2q%YjQ`4T$Ax$D2b(r2R&UDoEd!v$ca5WF%yh@
zS8b7H3PRr<T9;xc*1rGJFxebnRq}eaIZ&DW;+r3$3uN5*a(1HL?Zs@du<pLxeEeum
z^`~_&)F~6fx<(s^9R%Jlk$EsS`xAA-DM`zvZ+?cpoBieuMJ6<xoN1t=-zmy>>3<lH
zroA+pz^cIBn=}Qz3)%T~c_^7z)(RPEfC<<hlR8=r)$^MICAbT$-WOYfFV(OCehN>=
z3P_&>UV0FN(a}!$ffH!g^byh?`$XpEyN=U8e=*}>BkKa&zAgDG5$_T-R^MX!JHt-0
zec0a#!#Lh`@^n-jPLkmoXJ#QnA{zgak?R5LYAb+YF~TU*`ED?=81sAi+SzIZL{~<B
zKs-o?6^J}}VohW4PVV9;Wo~TBSqaY~tj#mvRmOIp;rW=M3Gg_E(4=3x>EI;dtbPIP
zPn$m*Xvlqb5GpfK5W;g27#q4};0cuzidHzRZpG)kHbH3$Jcz(8&}lb<%U;?nd~T14
z#1Di(X9sMn&U$JM@BzQaG9}UczX@=WN5@~Tlh4;G(#=P{*#=ytd{g#}wx))^6L!%N
zQTORcLy7w~Uj&uJd-ROOSX6(3F3BgjjVIry?tJ>8GWbAwC|kVhY1&p9Tdo5Ed29&l
zS9MvC43{&WMsmZcS%5Dia3Lf0XLI}3vsCAkiC~k%)s+vMOYpOX4%{6NRSkAE_i;gw
zwWPvN!La{sOF-*m00UiZM>b+89$vgwZVsgvbeQ||{5`9nDix$k0_Srv#=Gs{<>4Pb
z!(ef%i?+${w<=4?xQVj95V$DflLNs#3$Sa5)BHQZ;~QlB^HX5ShVx#3pea=zMC#?$
zd{rph_s`LLv_4tZw~hKC+sfD;fq);qlrKNLuU@Dqbon76$8PGoqh~+u-ZvjObvoIH
zQ6lV2#Icb`nLJpDh^X;7T?n4=C6j3{MxHT-n1225D${!h-Fg>ehBYnCd@|+*9Z&#V
zH!ENt%I)+={W=rhKfc0edBgc%MpaE0Q^U<P`Q|+i`T{`u>1OXxI$HXRn;W0jOO~xY
zA(x~*yGBnJhZo7JQs}iP7)|xzrF)Hhnr?+t5Y-PShZ^jIwo$NJzar~HCv-_wgK4VI
ziYTX&DZEY-1i=ycmLMUxBg+mOzr{}X=9Pf?h+bEb@tC5D9n#s*6HIV9b%j&s@`+6W
z2EW$qBVTFN`BmV|uF)$tRL&ZIY;`zsi%%82pX_&(sf0(+7vaNJ2PI4$ZbTZ~2>w$!
zxxns!T_x$-C|XBvdku&@`>+k22$q#!i9Gx@;?&hj86B0c%KmVIKEYLq*}84?87ZVb
zNH-9&FZ$~%q5GMlodTv^p<DMU=xTi>ZOGeO-gDntGeAz&jki)8Uo9J~M=&l<m#c1z
zW+H*B=pQzIXwKE`K1tOa?i)6DLo=KdM0A$lr5JV%b`bSB{Kbj9-q45FNa|Ne&2CT~
z6op!um@p43gNB@k(GOIwcQb2b1@kLj3J!^oE0#(7?rBVT^J*fFYxf15N<M8^>>^K_
zc5_mFXDHRN{j*aPHtC>-Is9}#q-JVpMcqf&NfCEt^)BN6yP<Qs^IarRIHn!FyY5F5
z638-?z$zc`9F;9uz!yEG_KCehFjtfK+{3l}!9fGRvM1%TDVGy^DS!YpWNrZonZwH8
z)&26h)qgunRV+wd*I&=&o;>5a^B(8f$8E&kv~!G8P}6>l_T=B5NIqDX1zreNVa|T&
zGyXa8K7Ur&3+$oyWcktz+L4RM$-TE%qaToB_<3n0^`QOBn`(P;(qYnQE`1ul<!Mh0
zZmL15ttUlrSM3dkv4YPl&1<sb@^M2GUfV$X91p>XvK&t0<+Z}+hNq!6WQ!esr4RLX
zqRubX&u=s1=r3+9L$L9~7tmOPlkHTEwm$|dcM7#A*{UJkp#uZ`!<U5SXUos1v@Ts0
zOe(<r&`KeH8#Me7a2#4_{unRO8p7c}BKe0?(Y>Qs@Z)%2-5o*p&ICaz<)UwQQvQo8
zabN@t?iou_wGy@-xr+WZw=N;0d-S${L1oog0RBdZ09gz0bHyv2>Un(=$(`VB+o&%!
zSx0A^ee&z#N`dA-I?;uAlozLdoP{__MEJZ+JU2`~{n7QY2r<?GC)K=t;xc6)>w}l9
zWN4u7#c}=JgEtJ!M-q?zf+x2?d+NFriCkC1L_i6oKLrb(d`hWwuwgg=!Zqt=?qL>C
z<(tTx!TU9FgOR}`lR@SVt&#;+g%5g=nJn>kRg#QgWF)T(F<?}^)H~N}@w46pxzm2@
zZ*JY<iD>F>FIB+g`_Ap-jd{=We5laE53{Ck7mxkn7L*;K^!@-iRgXPC8C{1E79qqz
z4eI_<fi6BV&2TL??n!osfz$N^h8CkJTlvJB#AYbU>ip$(^!fr-nO7afpPf8k1U$3G
z=jB4h5%Q6a$aCJB1@5(J9W%F|K{X@qP=m{O-ZAJaqO~~PtB2`Ej=;&W&jkp>X;emm
z&A7+OnF4_`MQ;CHtU2odu`USqp(RCaIoeH~+BOaj26BuhIv_x-&3@h+gNt{84)L+f
z2A8iTj!Y8y24ekNySKY`=xf5Ah_`QnGnrllRVRPKk8Goz&pvZnd=i9OZl$~EZ7sdy
zekP`Qs?3FuXF6nrueM4UXcjq7qk9zPk(l<tzcTLy#JC_@r-G`?Xm&d$9=u4JK%@6u
zfYIJbBPa7poH_C-{XLqec5(gZzchl{+ZYbE10vTtLIPwon~;m`8ZHa&YF8U1l9$(-
zp+1#XrC&oIsq_!fC9ED}j&>l9&pU`2p@AAm?G9<hC^#o`_t9F+I_s-lhMKncRSiQE
zlVpH!*v@OvXZPpXqvr8fn0I<gG{?VQHP7koqBRzc_vm6zr$kq76M)xo7G*uzn8Ejg
z^70QpeqU?ZaNU|5L{C1(-c)|7@@mc!o5*69v%xw~G+P7g6#F&4Ppu;yT5%Y)5s)74
zrq<z;QEH<9_GoXRisgEhyNu>t<!3SE;vV^E#UFz`?K#KuMX|_O36rgHDj*JWrJ#d*
z#8rpq<5~!Fky~PSp2@AkhiMX<r=GyiL>KVdR4sztDSZ+T%aecp1N^YrZ*vm#s9e3H
zj>ZEhfoaD?w%DOA?|eLqGi`a9#=`QwrV}T?qH6v(V2xZ37nUeB$<6>nFN~HN4=S__
z@xmI-^R-nn6|a`x{PXf&MLRwSE;NH<#e2^R5?GnXr)>nIG8|Fmr%(|uy5LPSzEkXT
zG*vKisurdJa(>1zGIN?K`PFKmwSnQOP@5wwx(}k7cH99@5D%YiGy(C2AO@9v&UvIb
zNpNnW;i08K!)4%ebMQR|J;v#=+@;7@e1AU6LkNe;b5;ZIh2<YP=O>^Ryc4Gl!Qh+L
z$fFO2LQ1cuj3J{p$(}k$8kQd#LERIE$jD20_g^+g3Z(6Xa0{gNE=4T@mgyeg>{m@T
z>PM6)3Pf3M&03TBixgim7HE<79~J&E*)9h|X|w{nIeBPHvQI;}hk7EWz8D28cKEr{
zX>X%Vy%L@tM;+F+N-A?f5C%*=LB4ovlR3n<<V0`|WP8-PY(T)f4IP5EWBX+JedSq&
z>ie{$$QWOO<|(p~J^UV00iP7&9C7kwzKfmcUJznzoc-oN0^BN4c7O1JutI^7&PQ~K
zig33fqITm#+d9?ZcEs<;gNBU5Yu_p};V#55ykQ39JH+8Z6GBrZZ-TG!zkXw7IrU(^
zN26j)Y)gZL$fOA@^|t$6sMl_+no}XqfEjMB`sB}F{GjCzF-_+Xz9=agUf0-uIj@!}
zt_H*dEiY4-`yL%WHi)+=A^umzC%GQ$VIL0l2CarLuvZonxIP2tDq5sgpD0Z#cgFpB
zrwH4>E0wO+d~GV?rbOvbROI;<1c;ve)~ty^lPrH&v7V!#wb2KWauk&^FObBs3;AO0
z6iFW#7exCPOc|ZJ8<_0fF5RAoLv!Y;@1WJY#BH|ZouiNa+q}o^nzk6uSmCbu0`aa7
zYz&}Y;h{jp6m!@r>6(KRoDqm$uGv1nQ?iw^iwI%fm2bOsYwU0m3swK$(*r`)NyJs*
zjx)W9uE<5Qd%*zy;crU{c-T2Q_YK?ir924uBnDc~(-TbBNj2OI<<tCJQ|83(Wpnuq
z3dMv!8#<50>>^6XtD{9O(JHfyoVms_?jfW#^ALp7Fe}=(!adT&O9wkxeeRm-3X9z5
zWBHW{roWFdZ$o|qig?s~3<l;-bbW6NZGt-;_>AY399Xwj36d?BQ5{`?A`*IDIRCRC
zo~-Ab8s;6-fxmKm`6>vQ90X6AJ<t|64<&j&Kc(jkx$pU>>kPUWd6rKsFovdrmxdqk
zoqG1v9$sY8x5^`NHOAX{ZryqjSaE~bigGHkYQaM+cqc$JDedUVO>2gK#V~{m{#)*x
zOyM;UFs8`y9{^Y6rucX3B7a>Hs-X!%u0#Qp0Ewa4v$JdlUk82Jp<IBxqc|b0GE_{;
zmVS~!P5bM4-|E6uEQcyY{l<mHex0FGJ)_o2RdGRLw}Z>M-m%{%pG0;Y$w%V9bP=Pw
z*ICeiYibk=<|<=ZpByhR5ED-FF8Mb{d9M`9;n+sHO-N*$C0NSP!7dCQa&Fj?{dFbo
z{l}Gs*vRhZLLxrJ!P79y6LW)rO3U--zlZ~ex2vFKiSX>>!BG9bfJEaOTH}s?hwi>u
zI?u<{On?<IfDS<21TmlxLny6Pu@}=nByOHkh`}RfnFwlBnj;zf9>R^TGe>GqfAw+7
z;>Ik%27n#su=4ys3$vU5`Fj9P=l-D*>aTr4|6I4eCHv$YN#BWpZOas#MR^fO(3^TA
zzsNCHe`}eaG)HL6k6PC>MT-Qpw^A5;*UppIhQyU+Kg~aCswP>j^8$mPExVB#RKe2%
zRI8DZWhYM~vi?y)Cy4|%f`Aue)R^&5NJ5s+?r)Y3-~@siTDq2B^X2}yqTImqnE$@I
z9xP+qy_^XUhw?vw3~CE9$v06y3@uf?;%;yR5(I`iuLG}$%x;%HZUd8ecN}CBE00;2
z7wHGzZZi?O?pjNDYjEw~>NIt%u4o$l*b{aUuw%PAj6_XYd|ZqaIWXACMiVOd?6R-5
zQLDWwuT_HQ&3k`1jm`SK?FoYC-Vd*N%@=-$C4uyA-bt33w-;H5in{;SAxFZYU{TXf
z56i51YG2i3$vg#-nyMDm#j1KIDSYrmx59o@2l~GL;4xE6t$BLKlMvK1n!huGGyQki
zMG$dPSw1;WUs_{IsC|P8UTzF%4{afH96<lImVde08wzDTq%d+OG)4k*eE^TRX&LM9
zEaN#&GM_cpib&kvh*4RE`a4L$<u!0ZGrbMfTwu-(yu4!*m!{O<ZaIu4;_+`3R8YU{
zsg5s~rt9d4f3TaX&*~jB!1<Eve8nvZZt`*N^NQx;zxHfB$B)02<SDe&erkI<{AuIW
z&9@?RfMGA99HHov--an>URTZ+bQhEq(+qOj;ZNp2e45Wme84_n9i}z&ztf~CbP}B#
z=K?JHp*#r7jfdh8Is39#ns&f6+7PL&SE<@p$DXI+b?5i#QOe<YN(<HNlfeO&1dY=J
z(2?`G|H4dE<kL?SYgO>N+-%z(t;1~fBVL#6QP1F+uh}mv=9RFAnw51rm$uhJb~<s~
z<H6ejYmuQ+^ZMWn7@yVL^jcIjsm>-sLS>wo%Bu7e>3BI!3Wq_0)`yY>XKGPN0xo3c
zO}I$1j{+BDIkC2u*<%6J<8I3p5-e-IK9o4fzL9ef$wwmi$e13TGxANyC%RyRs+m=>
z7%6+S<?{=OG~Vax7AJPJgjGP*BlV}c;6ud`=Q(DmWz~&sxptPF)nWh>ymZW8PbZih
zTpgG=_C2|RnMG{;$57Rio?b}D*SCq^&=3RBy#;E)Y;>J-)g=}JKN>!JLOR@r=+z<K
zzLyN2M;z)UG4}pc@_PDmb0J|=S`DeX47G-ZZU3covF;W~c@*9C&&t%Fv7R|NnJsi_
zZq7Zj5Boo20TO-m4PBp`9j`+fUbe49%YR@?gmaKui4{yAAX>mQK4Lwdw*o7Bc|9)V
zL9j-!$W4-%DIOu_%=q?In-FP?{JgDd@E4AItI6C8qLoFF!(OYh0_4nk<n0WV{6+D*
zWyY!_hrz3i2d7WY4#0SY)wS0Wy4aem-#_hy=ORH6?&Y{puLB5aY<jzwS?=Bf;E)Da
z7lj;k2XGD8av8{91S!b1&8d?;7izm+$4cH@M$m3vhavIABl+!RAKsoJ#QUh&EFNtw
z!_O`d{q6o%cX({L)NLL?8>g6W|Gi6q=3GfYsg#u?jt`*13B>71A7p}-+;WpouAvBj
zN|NfD(MQYDXGg!yESsHZ`3WnEmi1fxxZXaa+b=e_;{E%#8BrjZP4Rbzi$my|Z(a28
zFuc94u6ngP(2r%n?!`*&<v)HcWTY#-98KrM?k7dV2gC0xn1#Eo_kkV|B&HUZWu15g
zyu~<QoO)(cUmJ6{si(W?Y=Y6y@(4;>3v~T&0FNLt@twA=i*=9AcQX^#n&E>#XR58O
z=cwgb1yuskSPE<CZHkDZ?qRuEUh0sp$)x`bU42T56(~>3Mg?YCR0P}62qw4VZu0iR
zPei`>uVVRG^H%QG^W-TD#w6On#u^|pP{5Qd0T)K$dCLGH^?>!3FX~I=$Rr##dgK=s
z=_0GuafAi%<DB;J{!f=fvFztPz(w=F`Sk*l4a1$D?0ra_eT`{^F6(dV?$?+_lR*h6
ze^0T5N`cq>`{#jFsA0G-L5tKlz+qdx+%#Z|RY<a~jP^^v(mR{c=<@h20o-D}z7}au
zYm4yX{C<83YH9I$47c-SDECKg<?CGum_%{63emDlCg=7-Lu1JF^NGL+zcxK1p|{Ew
zlx%LM`%+V7fu1jxznA`Tp1nCgQ}V4B<2kRZRp<9^wvBX}Q13^pQd{>4|92TxGN^W_
zeqXCzN3lB~#DVRn5OF>C7De*?qdfT=hVZ9RZS`AWj>_pGc7mgB_tV=`_p8w5rWaD0
z|29SOtuG7Vc!4@nqvvdI!q+fv@<FqTE@4iZIQ9qL1uRabEP)fCn#YD6?8<vslskVT
z{LnHJi9kS{E>!Ue&=SZdBomTVSh)!wb{2#_Si&cVFm+A^?*EPwV%Z~3o`bGSFBaYx
z(X0jC*%6!NB?g0sg*4T2u)w<kN+pqiN47B);jMdW!S4Z+IT5K4)Xk!!8d*fdjnP%4
zMQYT8)g+TKX_md3%O?Q8`$7#s?b#9>@?=zX{U_)!WQ9mRkggYU!d-CO-jROYm{oCG
z;X__eCF`XNVTFCp$VxkjtLD)rft)+Px52}f-IPspT%Tqy>t!k5BncuMLe~NQ_34)T
zV2Un#xdkH?H-4#eoA;MOZ2;+Z+yx-uM9ypcO3eIt4s~##DemZRJ1zg`Ps3&rFs>N8
zg@L~Wo@P;t^b8n-bpfoJ6Pzp8JEjoUOM(kyqVBzd%=^1q`mzWyP5Pu#!6%vP`}>MD
zCq~7*-rdd8J@Bxa46N_nfGZI9>*5So23kVPgr@dgE|M=nG|(LKripC-VrlzzW|SLA
zUzvY=d5vj|NUFU%bM<dfT)DFUNne1Ksut0!+g+t!_0QYG*T^9b%;7qx2rS{L@xXHq
z5g$Qs2;49hoOoJVSb&jCkG&9nPHWhWI0W{SauOb188YeE4-A--K(8T#jx!vwf$Rs#
z)Y_S}WLN^!9J-I-n_ym-bdCI!kpe{Xu91)NK^W1XjRj~_q6&wI_Uj}R74S}R>q+>B
znF{&;&jPr#=6A#j8$EudW(m0KK@{o*1b4eO6TrE}>uYCFp+82EqC_{G1r@3pV#Y6a
zp-9#<r19J%tl?oc)X*=P2xu5t+Mz{3qHV8mJICqm)e-taW?nZ-@zj)I=Mg3D+l%Z|
zSBl0$<VZXT8<ZCG$`D6^e|cu)*yx~XUuXNA<$}aTTKn6;iLEP1PMZwbIE-zD?tn%<
zP2qN-?!PdeD_mzo5_;Q9P=}HPQdh+8UT;Sw=EZ&fBFd&<LiJUtJNpj>5W=%Lb&5}f
z;91MK!Z$FZK<o(dU;l=Vwz(?3gJyX3U&W%lHbBF?Si;c@1X(HH|MvK1IBP$QK8*EQ
z74zoMhyDXFBvNKv9>JL03}h7PC6q;@^0Yg_S$~wj_GpA~bY!_qj8H{>Us2dcAs-kW
zBS4FvILM1D{Fnx9!paXn9;~}SDg;U<{>kQwwRo+m*<2QilI_+DV&q+i2j}l_OT=Sp
zjt5y}ly-ryPdtZKJNft;;jk6JP7N`e#RE{NT>3W_!e(i$q(1t7(8VxlY4RmV#sv*j
zjZIJ{_SfX4#8B^{20DQri4TbsrK_iYI408=dWT-GlMzbCVvvh0IU58+<5d02H(x>@
z$e>YB&!*n}HTS{}gl~~k`3|D$dxxb6n0!BuT(S;t5no#yi(H_M2L-xT;L{oVQD4&K
z+39;u_?<SKt-aD-th96~?yKrn$ZEO@+zu{uNStVJhLYZ|Q0g}uYvsXCNQ0SxYQ~eQ
zU6<9{tUx>g;`4OD{UhzgH1h>X33I-}Etgc0?&y?va=Z8Ljy0^-sq^Ax@b7sJw%na`
zbBcWDy6J~+wY_)>d&!+1s2tR0v4D^<61rAFmis^a)=z(crGN&YAo!~8gUMYKq{^zX
zY=4=ypDQArn>b(0%^LB~gTrUxtd@(k)LNlVbwNHm&Q+8Yk5MS5%kUNo1q&wLKi=Dd
z?7<Do)5vy8`f=IZRntR&w<Cv3ykYsbn2rSZu0#kqWT+=uK1wK@Qe26<E|{>h5O$aJ
zs`ZsHA)~2M`#AD65;O{U;DgM*Jmi$J>bSvz)tcqB7367Hn}3VC1kt1uOkC~H-h{dr
z-X%nd3ZSjOI~2Xb;L7cTyp=quv}0W09ByeaqUvi55?umC<1>6_3Wd1J52J6U469j|
z8PWa{ofb+LnA)V=&1<E&we%(D4jYcRfkUa>UcS=f!GBX*OXe-HmwMSrJ_4s77Yy9v
zDCzck7`!|$4fBTy`L3vFXkU`WQr9sF%=YUi*_uSldX908YfL<Q*?@(lc!D4Tr1+b<
zG}%3|48tdBCW_C;9`er%Tq@rw;Ah?p5LPGT$M`S5dcRf5EBSKhEG$f06b`*;?X^Z~
zqc{y889_a*N-1vGpq}$3vrp)7Prh0~r6(P&UH8)|g1=$XS%BtE{vyONZvK^0fJpt`
z-r+sGd<3DB9Powgej`#uz3;tdqvwpeIJxzs$35TiP|hI=<oZ7x@enh`xASefcJ1mE
zS-PfIeRGESzP%Vpeg)_Qk5aY=*DqemD^h@3cRNp)Mg_8WB!bDO|7IEd$x2#QV)kBd
zgenzmuj`D55vAEPZZK)&oF-xccZ@S18Jhxixd<|p`AI*(&Ki?IIxFIJn;?&2C`)Un
z_<#+5mxQ-N+aQfG$3GGdoRKGA8y$dWR6y{cbC8n0@8f&yItdSv2a>;P?-Y>do<4Hk
z954g@1xA(Y=Qr<MR~{IU@)n|;ueXI@M1G}XmsauxbZBf(ezc%7tn^794^D_>JMiyH
zal+B^(}qZF>2OAt1cwU-oP~lAgaUQ1ij82)SZ{%CrOgCfXjyK83jl?yoymCdBvV>#
zq#9pOU=&~>kzf+iuw!_y@x|ID3+D#;EX*QD;tA9-cz<nF;^7o_O%fb&wG+G#ztlym
z^QB&h2>$n%in6#RfZAT~T{T<K_7W8>m>z{w7BMWiz>^VWCdiMA@<S*HVn<lK1R;x{
z@bHhPf<)vV3gdI^PGq>uoq^!`E_s`*_OYgzT!CA|qbM)=03vU0n&G>w@9SA&Pp<R?
zI82o(rxQ)NFGJ@^r<MB)ctM{mDOeDB{RA~Ch>GGMD#^Of0%gM^^5qX7)4h%Vf#;J7
zAgB%d*>QZm!2NYc4Id_xhgCW7&wL_8Rx$b*8QVw#>IWucXUQeSVfs||v4yl0q!UQ;
zBA%0y$h>fZY2^e)e+wB#e1sybA*TNuU1bVpoJBPd5w6czd-oJWNLBl<HZ8y%gF%Rh
zi-vEuTXUZ-10D50OMT;WEVi9-MSAsr+CSF+&f8PS5b-?$p*`DSI)G-g8@JKeN9VsK
z*(cdk<2vp|qJ}_d{FH@}rkW}Fr6hY|@FAx>H-IlW#B!DbvG3Z)23ee$-=WvCeK0^M
zez1&Xf^K-k;&V9y5eCqL(1%0Bc|2+ulu0>R-Kh)h#humkKr2NEJvM!HMuw9A@RP#o
zksdqp`mCAl+JXrrxnJ!gRsyGq-L<ej>WKqWT{)fs&|~9P`Cn>#T|rtsXKXF@bQ^|u
z<<M2-JpUYU@z`<4zaJQBb5}Rq7ixR_Wykl(=vdf^*Woc{HjM@($24AM_Ts+naIZM#
zu%#qV$s@R3@k@6tTtpl7qT1r<c`Lcivrd#EwMQOh<-N0kX@#A3$2KN^>*nvBTv{uB
z#y;|fz!qFQqm#{j>jfI_K^TMp`40Zrc(s}j?v|(OEC9=2+w-!#rxUn>uYD4hcZfT2
zssv)l!+(VnUkWA*ZjqOpUddM5H}^fLi?sx~_)2f8MTPy_i~jXmYN}9&GY;%n{!HB_
z#`hbhIFg1L-%ayg!@k*D;>LlYRs22Vuh)cH*8}Weg2Yw1p!8=fYi9@o&iBH^)HJQ~
zk>no#z*xKI{DX5`RgF%w{fzzJxzLjaP6lMjT*$tA>i_287Pu?HA8$YIWbQ|>7+%@!
zj>sZ|;}zeHB5Q~HgG3U2H4lOcLTtJX?avPw7<cyB_upYLHNBUT2jShinrY;IUgsf|
zV?90!tH6(EPWu?SX?{<a)4Kb24o69X^e<J<)u~r$I+LbbfZW3V^cN#NzTI`B>Pyy-
z>4Y_dhwfs=197CFwH`cF(*K9~dF%rQ&Xbms_8FgGLA-yX(x7f&DA{$-Gz9(YPOhLi
z<~%A<<V`|E#3q_jlfOG^xU9EuXs)rRB2@N{%7)I5+C)?7U3uQz#DG~BxzU%2Juzpc
zU=`Uf*EdEQ*QRM$39$EkWx)@%mzthn;WS0}B5^n$fO0BAaHPT>np$DNdI6MW=%8HC
z@1~lax*@<p?Tw3wgmEE|tsVQ2xQ8{rC^yuwU(HX5n20xF<5k*MeT<~qHPu>j1YpQZ
z<tDW~d#+j%tuVbfCO-Phu(K}zN885r_q9&jH?`6NX-M!79~jSXTQG^nuu_`a!MbqP
z^ZJk@o)r3FMjepeja3!_&Bx@EQ^cgIH&FsisqAP~WV%FEt<LrMd%`JDA$!3pN>#l4
z=><QYRy*|m_jYoqZCve!WBZw?fW%u&dn`=gKcUS!37NBdgU(GpBQw0B5awd;G`PaQ
z$hRJh_LE(DUf_<YkC$HDi-8KOkZ<ir{uEGtt*E<aS&BY@b2hpeN%gcWKFM)iVL794
zG7-G){)&DMiwpwe(X3*`mkScG|27wwjnCRDRUHY_M*!s(pyZG85$<$91>!?39U^`z
zPn8fptGN?-D&JxLl^AGA1^t?JOs;gS`o6zVN86Z`E`1kn9_76FEQN2KHA*D1d|Y8)
z)sqDlanH(Qh^(i(`sEAV#}sUZ=y=WZrMLGleaV%zZ~B_jd7_eH*!{P#XW>Q>2m6QQ
z_ileb*51O>;Zf6Y>CFD3m68eQ(gcuNu=vjdUryXuT+M=bBWdv}eNe}!zt?}(u2TnF
zz(`bG%N_<uUzK}$7Y<G0p}JpETW~LcF49d@2I#-$$os&ih4EHy1mmDHZ|MC}<Ls?2
zLTfb3g^0?#YP<KLg%3WyKvX3n0koK8F5uAqh(IZR5OW~(9!m3`vCiO${+Fzz!N@E!
ziUqKM2h&{8?E$0m`A+3mnTdbJ_3ye8&JHsNUu!bGIX8@kc2EF$`x0D0>VYNYI-QJR
zHsL;q4Gxd}cdT)g7|WcKzw;)fWx*oP=_w%F+9j4Il~wd-XcyZV0x_OM*~^CE&8Vvs
z-Fn>NP_`O^TkG#n(v$`9KZ6Crk|jOv*>Oer)`KD5spqoU^6lNJ!&CgnD_@KxY@5A1
zl`3GN33&MYIu;>yT>3=KPKJaZW&OZiTlt6f-meXtFr^DbshoHz#ihQD(wPZd>*|bN
z>9=rCQd5Ag+E*l&^t---h7!Zb)9>>=z%a=Q*lGMWWEt8&yUQ@aS#%4>xh?(Z`H4A+
zFFpkST{!sDcYuV?ODBJPa-fRex20&cobAp%iMfG)L3iAIMVa;}{wnf^6T^4)$D1|l
za2)AS2a0{$T6$kfh(9h66-x+u@uLwa>QN){9!EbrF{=V3HJUAR)$6e4tOWI=7q_aq
zLX50#b3sN-Yba)cKpB=jeWU#PjUSime}@H+dG-qt{ZAxK{u3EH@FR?tE9}cZ$A^96
zq-+4D&6&ZJnBY?HCG(+()W;PNsoQ{m0?CIv@}vEr$pbI0r_J&J4W{e!M+0(}kD3Ku
zOPc%_%Ha)8AW`Vy$N#Asr;jd+o9lp_j$YFG_P@W3h`3|*SFixM70_^+xL5PEu8IQ(
z&J&B_I*#ImwfLQRlNM{B^)m~>q5DV)fj#zA-oo<WdqBV9#%RR88}s2Jc_Hp<2NGIa
zD)ePgb?)}D-fzPZ#z+ST@dTZnx*Cz=#M*QnlMPkkyTCr>9Ykm%B(8j|Csw36g+&Jy
z*7a2Q@lSe^ek_<57Frx3W2;rW*IDhF5L+7WDb?YRVuXazV02+Vk%l0znQ0w8ZQupw
zDhnjc;R+2i9cCs#@IWsza%1Vz4GVO8<kJ$Dt^S}ycIuvpXvBq|9Z@2$D=B%DI^5qu
zUkg+Ou(civX=arPzflX{m~ND(KcIaOh4Lj#Z^EzDlKed2OQ?r(d)MOA>3z-q*I<L-
z!7f{L<4`u5+~JhD!uL<j7L(axoHo-F!J~(FUB5sL+^0j^%#V{(E+AnOhjCEGBb;6m
zJ9;EFm2&>#!G9UlUT<gQ=`I&nyhGL^F4&xEc)lgmLWGzudYYY+pK9o6u9H>C0iXA<
zhm`gjwDpxM86tK;&^Uq{@JTteFiz;G#OhKRlq!`id|?+as9)FBd!BKGH>VKQ{!vz4
znj)$`%hy4yAxup1NQF_$UStg??uG{LUb0`j#?5DScC}UXE?2tbX??`D80Bw>ob+)2
zI|+!`EmY`x)(?H01>%jo5kX*?P>EkxY*5rXJ$K}dD=v@Dix0)?`6YPvzndRAv=My-
zde~t>xx9l<({4N}<I;VnngMkPdf(*Td&F3x9&)qGPkFm0aV@2&N~3p^)gXFF*@e;1
zcB<RmNqgLj;Fz>`8+T-`79g;y?t<?F`gjLM&lw5r_^{xwZw7RW#T6P!B9Y#F4}ZTH
zn&ac|rbl-x2vz#uA;QB})kC%KfI)(%d^}cF!_OEwAGp%%HU6Mv`?v>R)VZ$rv*Cl*
zNfg}6d(Xrw&KDG^<zU)hmXBjy`C4IeJeKeo3_K3?aEPUUY*<dOQ8DZFb1ayZeC?X?
zP>Y|rCqYA;3z&MQuwNpdItNG?KvDxfNTc%u?>R^5U~G2RkSH_c9#NHwff=uM7Akfj
zp8^FT`bu{h;yyfYBYY2=u?dpFm!BQn&!_$A@1bCO85FiLhdf-Z=G1)8aZZzvHSnIp
z60!?WlL&v*hm;s`9bvLmRE^r*K<!}S9)Cv_hi-=yYeq2Vdw}l}kyYR{y#xy7JLQ#`
z2p7>_Z}ky2a}3t;3yIta{;9|}Q2$BQn!$T?GbQl<F!dhbRK9=wc=pcB$T%T0GkYE@
zLPjY?IE0Yhw2w_ih)8y1B)d??v1cN(<Jeo)!I{tVe|)~b|NsBHT-S4*%k^-b`@Y}z
zd%s?9gUSsKKI0TBOa@dU*O%2AT|<%1fAnc{AGS73ffvQSol-pHBQQUM*gbNmvURnW
zP+xaXv2HdYsTYX7i6$5E0UC^isnV`mg$`s8RuZvMll0>xD#T_(%P0yT2rTnp3jJKj
zd-EO+HL`kMfWPcRUOc?0)bU%w)7p6vb&V3RvPev;Ri%!8Ty1uVrV|6T`uIO?r{Z$4
z0q=$zUDgk?0){g6aaXBRRbyv5zb}^L3D&X5NAC03=J3W%Q9q9kQ|Y+Y>OTJ^=1W@-
z)k%^sTo@r2*}ZkA{Eu+z9@ZNb*7C{Zo1`3NRFaP%?EB50W$>Waj}xbKcl)No-?nrC
zP@t7FR__>~#q2Rk_(XNv^$p(?{;lm*zw`okq#yQcE%WzOBa2tU<J)VcL*r6+00o52
zn=H8vB89UO@6Y|QR56S8PlUI-C@QDPy=&Lq&F=(hP2CT}t=<iE8l}|Ijxk#N>NDmr
zQDI-AYJmoX+fP+*8`O~nSe`d}3)RM>zvzo^Pwmt^ww>2}{3P+d&ZLsO_MD)pzd?Vu
zh>SJfbN){tdoozr_%V_Z2EoeO?Ab?PDpw1B=w5li!t{}XG2YB_7+urO1Vs$IKC~m2
z$9)=ZC%kRz?l}w9BuzHQiS4S-z_Q+eaECqz0A~f9>pFKQ3Bnloq6!VF!Kn1eUgNoA
zDpY5=iIKHHGB#+3Q1;GpBv45Exljsui^nwPZoaxsZT7*jlR}6`u|sWM0FrsuIqD!X
z0{E-Rzl#Awz9eN!C~TJv1917Q1A&H4+_6E{`q7{0Y3We3vE%=2t-k`N`<<8<mq|x1
zM^J45wudzeVFABCS)xsA_{%Du*7RtKM(^V{xB~G79p=Zn-ww;-T+G1+1di-@SBUom
zuV|uKdD`G?K;b4RUH$u0C<|-(a~9Uu$MMvt3m)G??=M`o`Fyu5Ch;{PJo+}Nu6?(`
zgxP0Bcg{DWvNekLhR$A!q}2#40thu{&O3DFc=LX$F|5!f=~GDm6%{li?p71E5ZAK|
z*TM8nL&X8GI9b*KxRNAnLap`g^PQ?sSy}NKXaIkFb66n0Ip)U`^BQl0x!qA-xdie%
z+0kRKOIb-9O8Rk^f)Wn}8R%rDIPCBzN3^kof7isr(x%Jr!g0sz2-e*P&6gJgO6;3n
zn9f@7V%$@fJ>c7{6`;}<?Hm6^tV7F1AwS2?^X03v$or((m46z+8^H~WP9+mcPz0WV
z$_2~^Gwy!AUG|077Eat3ZtLxEq1BduqIuXmh>`;ef9J(jB^t*eqw;3J|K;bezZS<M
ztosnDaF!EM<U2+p)_2)rtv7Ef`tPkqMxp!vrY@Cd$eeR1+|IL60uaAlV!K2;s+sM*
zk5$H8Ao{jE2T=TuXXA>Vd&t0Og=cHJh_4p+Z;;K&Q5J!GU;q-F+AXJvgEXH(`{~DT
zMp%q+b&DBPhs!ick`<Pql;skq8fu9@1$Vj>c-lYF=8RHYSe3CfnMFMtQVBoRF#t{b
zLhI9f<s`__ov#g%F9U~D|GL=;;eIvUI^=4xeo)&hL4=Cs{TZ^tAH}9KC|{q{c^4yD
zxrim#e<Q}=#yr2*VO{U~ks>^+f}^kc!JmW3RJbTo+zRl*WhK8ieE>}^`&rsp%J`^=
z!Fq!)FOo`X{zrjOh~QSiRK<N2u2(Pt!o?qQ@1u*tSVD#>w0xRwJraz5eTVO#Tv37<
zfoU&O7hUA==vw3q_O$uh#gh#d?zO7)7+9E8Xz;09VPrI8I1-?`<|>pxL5bN>SawnW
zMRvSDtZ~Z6&E=4cjSe_wEGT(HGa$L&7r}S$FCO+wH;iU|{?TIiutF>}1hc*)aIb~x
za3nm=J|{}@2mOfim$Ik-W*ktSll2sO&cM${1`BT22ufX;p*t6}hl_wMPj0;8r|Y=K
zt2K?+g>T(hDBIFIAe_W45|S&tAZ;HTNL_FAZM!hv9}x7(3p_D4kQWz$3qB1wVEA=6
zig8#fSH)M`QAocOJX+#g{NBYQaKz|z@lWS|`GcB@8`Gm({cxuagGut0JGa_oFR0ZE
z-;#jf5LXS93n*={%|XYXM@uYxU9P7?m<Fl67J|T&E5!T0Rl+akLNhu_oVE~h&DY-g
z!UPOtlGwxO=DKu}NM5w|^Q^BM;kAmyJ*dJBclcb8O#Q6^4P-DzM4SdJtVb^fYil0S
zc1SNE&n3qlA#yb}%YkQU{Drv%3HS2j9jTHbiKnFS;F*q1)L8DdNLWC1tYQ=eDzD#+
zx}q7CsR<}WH(s>c^kCGc$D{OnCq_TIGPF!8ggK2I@51+*pSaRvWo5L@ncRmy)c-l;
z9~lv`?0r&-4oStNMgn}%KnTpWxMR{+k7R*m7c)Nxa;0{^&e#%CfARWFz=O1(xe6MC
z5cXg{FKEhXjI6Vdxmz^aefJboMLJ!RQnpYjV$=oXNO#Muc?|!I&LD@A@}g_sz7)wO
zge?(E9De0!xRYku1AbYeTEW6asQmx^lF_&`?D!uV87>t7D}Z<(J@AaNdyW)z2u1H1
z`q)P!nQQ($_I-ieCyV_?NukW>WBq5!cT~=Y9*^I}{`w71BrmL%h>=BsJ}FPPCrHr*
zbbp4!tJiVVjA^Iy!SGSepgMG@O7m7b7)8BUn&c-Q=C#1BCQ93#bW+h3%Na-OVl;Z4
zT`s(8jhZJ~@$|4Nw6}hgtw&-M-XaG-2fUvGp7>v;Z)snC;9RpvEkIZi7Luk1k80LY
z?pQY*<-p1DzcJIrCn3wKB^SDbgEAo6pBzeNXGx)49S09Xk|K4An!4#5K4VoRpplTZ
z*SL4?-Y}gQvojGqMRE3ZQqUOr_0(<*&D5>W*-j*?+>Tw;xaRYn%FP6gw&LP%ZC4H9
zdUJG+`;<Q{1d8v<8VxFizrqFO<C>38c-0>sWaWk7d3cxAufH^vNv~PXyK^orWv`jS
zCZT5FC@=O^PprIk<l{F5EuF*?LDXVRRqiI!2!af}Q{`|CkLeDG-lIMrat~m_twIP*
z@BEBlK5eK}ayg&N<(dN;j7AC(OTy_=Tm=e&aY~0?d&lH;74O++ZK@U|ky4JZ_nJUe
z<J<K)cq~mD1NJSiZwK~nQm9wJJp$wdC4PXC*FwXVoSW|Zm);n?;-R|3bohl)NW{Ba
zZS}7K4->$^-mCj7uWG#skpK+lYGoyGYtv_ms0yg#N)lCnoe+v^Nn%-G{Hz@DX9BVd
zS!rinmU1i7lE`z6e2A6Z^9XeP_ZRsn&tHFOL2%)MnGRGisCdqfQQu&XXT&t0z-k4A
zNinl~IN3-Jjw*+P_@ABE`kwEqFN$a7Sq7ZT&EZ@E2j2PW73GBmh#sz_TJ#TA5yxD+
zL+f|s56P9=IN_*9ubD>H-`6kx;9RhO4}SGSNHjYiVybv>QsH@NY2v;^NOp$Q4-ALh
z-p$hfbjsG+pyG$cHMlQ@o4$}Ldzsy)A&*=&T-zi?zA!KSE`rMEo1Ij<BfB!wzslS!
zmJ7wYx3Pcyii1|}gXx0$?H0CW`H!*2N#KuTpY~YEKKmlx%BmvqO8X{JAq3{n!_cVf
z(pvu>a4@>4_MCXGu>etq`Jo$eafC;NJie%t7NRYsTi2?={#BK2ubHpLTjQ<-TJ|7a
z(c@t`aJ|RhysAZ=-N}ZX1L%c?CKOWZu(N)k`z9MwRyqcU&}H=^S^$%F@@{Gg1PGI1
z0xw-GguC9h;4q-MWq5cu#*hQ&Omu_Vv3(~hP{15cR$C&8BeoaF&Ea)DetUY`K&_vW
z?3ku6Z_sIKJrI-TT<$o9I95{b)d%lfli(Jj1tXDvh20zi6mo^>W#*A26VK^}CoN%j
zOZ6DkPOpB+krQskp||;6PA4ujr`A5pd&gJ8HOYlhcfgw?rdv;fjeiEev3qLe+n)(W
z(tf!nx3hQeG$$Pi9BZw9VfgGp*eu&w@V3Op3^b%2$#}+IB}>_V_$=A}zO^{<uUmRr
zq=>Je`>`Sd*nDyk7k=7(WnO|xrmPHoS!^%EqU6uDVtrQZ&!ZP5a8D%W7%B1r9u5kb
zNCXaT3}czu|F|DcZZI=GAeJoWy$R;SMjq@Xjlj#|iei_TMUC5MUefG_sZm=Y^1Y)&
zi#q-2_4+xZ4+_e?di3VPFL9tuRAp`p77l25>sw0Z9$B@FtxHK^!ZX^1hdu@JosX18
z7M$v;1?-+&d!>2RD?WA!QCff{@KeL-ocz~X6z&dBK*+s@pD{01J7Qpqb`xWtcsZ#U
za_y62oFW9=lsm_6FgWJygI_(YR_(Z9%>1gfs!4-LkWjV~<CIoF*q%2@y3_t(l|jzD
zwba`L4Vb+1NsANMsv5HY5%BWo2d%s5ZK(+dtN{}{+Sx5-jcO4mcbn@!3K;2J3O@b!
zyL$|pq<&MTc|%XCry)JtSd9aC5Swq<6-j&bW?;RD@*6=%gU9W1nz(M`AT74}5{5uS
z4Sb&cH`nEdq-#&?;Y%6VsyM$fNEvg%JPl*-S6HnpPcvy=A%FSP5=^?Nr8n?SwtV<u
zEAdsc=CZ5Q=Z6`u_7z)>WCCt3<Hi2uy#7j0yFa!hCLMBHT8Ye@8@%@F!noxq<MH=^
zezw3cB4u=#gM`X_0Dtov4HLZwnp-L4owJrW70nYHGim-i)>F;Hmx*i;vmAr0@=~dD
zlT7Un&3cW+bB1NK1f3Aw0Uhm~R5PfMTY6D`K8AI-#>oDj^Motf=Y_d?>%`|8?sPNR
z>U-Qr?;kIU$8aG+$Si7f9Vzj9ok?Fqy*i7fv*uoq5q}pNQIV2`6cAxbqs)_+9(UWn
z=om~Pg%4faooNia6q;s4Ng0&RE^U@oA6+7^bz;S?(yrLfgDxkJD&GTdWu(6?$?K%P
z<TBS1%>0om;hl(SSQ~YL!Y7U9REBK(@I*Ssw-p#$g=LD|D}21Y{7n*aJL}z|*>w0<
zPPJT@gvbV0%$J6;RF;LjLG~~RmnT@R9?X_Tv9Nr9drow=K}}XA31m-!i*+FB4i1v5
zrd_b?NhX`MpH?86Nr9;B-#&WFC;8~<zCZZy0F23^t#+T*h2Zv!61E6>$=BREm?>wG
zUOxZn6U?b}<)IKdU`^{LP=0$;lv^YxLBwJxQ|a#T7q@F?+`xp>D08x2l}ob9I^7R?
zmC)<I-mw!^jd>LwccmuF%H41dcLJodnnPYj=zeT|T^;HBLD^8;oBMO;E@U_`SM<FU
zZdX}cxZ-dnNn8E;;4FoD)_%w30>0)A^1k+y3Mcnp1;?Yp#<$Neneu~QO?rpGnAe=?
zTqWkW_g@Rn=D}2;@?gdwlZt~Zzs9rVXi9G8eROhiuXcM`#DmMqJo%wREGC(;*gq%T
zj$>qRF6t1%;+($v>n9lX^`45D+Di@xX?L*74Qp#yr_0!jy5$6l>S?~9f(w2TxLSFS
zu2Wm+Q2@YjiZnbFV??mhzQ6XnwckqAL*A5AI>n!R-C7DkhU-81HaX<iS1dsIAuqWA
z50mp&?-_bBJno0@jD7Hz$hiFQ-``s(-B2(3Qi|r@zGynxz7=CD;oU-Fg;m2FO!KKv
z#i5zpj#wweAPSEyRln<WB(SJO`cr3e)Fr(qEI|)?#??8VS~O`ydTC}+TKHb<pITFU
zGOt6sk@7?B0ifY)qN&Uqp{c~yxm`6xzoEZS19fhX!8*m{zUm_us2R=3h~_yOy4uQb
zzp1_|7JO55fR(i^@{0zzWNkkOb-qHU4<4)7%jRf2PYy^h^7_rfeS%&zWKoux!&;S%
z9vq;5&ma}?RZrP5T--dyu-7c@jwd^6BZ&0;2NJc^_}4*NO%sC<A6i7B$1jaWc}BwD
zeU{i^CUVRa;`McECSJ#sxLpRU@6U~t$2=JFdhi`jRUczt-A>K)%7=1!fw|B)mpHZ`
zj9KwB4bBEa(iZ})2q<~wj;Fh$Hk+_JOe-N2({F~(L1_xRMo^3Bj;RXQ!@{SDM%YY#
z@bH#wTVwyp>aWcEqA10iS%pDl$LfDK8|juM5ZDv9bkHz~M`D$w;^m=R&(FKAqL?2$
zBZ8G=!}C;o+uUAXEn6z3kLfU$ZK=Ic$gqwgQas`WxjLYti~3hGoFU~9d!75q3gO!8
z<1lHVV7a2^xb8&5s@9XMm?FNQpCeQL%d7g)pG)QkOKtBWp1iyDCwtN@3T33BQvf7U
z!%N?G2xnIV#%ikmqeqX!4wh`G47CE6{QEMnJNrd>C5JJ)C6!uNgb)ud8?kNSEdD6G
zF#pMXB7DfcjZ5)c7TvbFxh-*s|1y1*E$glj-9EdZzB}=*7F!l!K9noyvfgIhzc1Ul
zT7SgO_af)i<#y0C-(TCQ*fW3U-CwPCN_a^9{k27I2;OE~p#ytXyfzhR42zrPQwxQ!
z+{Vd2|9g}YwsB4^fJyJ5uJy@C>!Jmuxz3v3oUlr)iK`Jbdx?Ku7O0iqE-N_F=(sIK
zmM--ARBQ^W_rRFIR#QgpWFM>wUU-iOgvQ9?%0rUXwN>l$;~BS6jpOptEr8Q9v)l!7
zIEUD6&)OhjqO&+Ks^mI+l34q2x=B6cyZjBohiW0mQ*lmtBxrW_JA~Q8y(`&%;JR8<
zf}L$D@5oJNqDG@{la~X4cscC<A^Z8icVvQ}`u<6y1{&&q6nxbezijx*evT^kB<Npg
z8?vA9!n8i%OP>3Aj+cmzl3w8C8+z+VlWO34nXS+6E1vWJ(1KZa&k1~F$hO{~zp&l~
zLjS3+p^hvm)l>7j=B}m$a+b0}G~(Y3CN<2cIX5uuPXGDFB5;>Cec;sh@8$sA0()ml
z^z+zR3(|d0Jk2SpomtKi+5w8fTgn@-Wq2HIDqKCiR8iDFz_kb7R)s9$QDQz?M2>+R
z%w<@AcfnVq+em*pr_NR(uJ7^J-u#eT()jfhwPH5<$w=<#g1BG$)9v#~q@h{Ywh^&|
zs{y+jX2H=Gq0Cg1;_(Fnb&IIJ^BJ@u55+>rUBWICi(_DEy&(bZJ!~9I1jXxNn8mpL
zk$-yvhXj_8AhL<}r8|mP!pT1?;h&G9mwY1?ays{YQ7r-;ohP)f$aU(;K>rNBBkxY!
z1V76o(hI4jCOqXk`h|4^?mt|J>}WGe++0J!iGn6^pY`7RWw9HXUU0bxzct#<1O+|e
z>;6<rzTp;a_Lw;~1Lh6Rb|f34{Sg`(8eQDDQ+i#Ixa>N(=DpIeilSN-M1+HOfsX}O
zFrE<ycNSu>GR<;v?*5fd;Z=0#b1yRNg5()RgheFebq6hP(R~9iJ$F6{%C8E+Z@S^X
zf6Tll9;F~Wn@W#BSsbbNvA1Pwx_;!iV#|@Y7#I%(JXa`G+z&pJA$T2Dtn|;88g{ED
z$&yGpQef}KeUkAh0#*!a$^{H%64Wh|23*3yH~cKWkej!pha2)BL>lXZ3|?|O3{$K5
zY?${Yfp1<f0m8GuXh2pse)Hyjt3`*9ry_nCH_;-nA)FU_qV~I(2}5l>iac7|FLG!#
zdEI;88~K9!GVg(xANSM0)9Yo=coeaM0g?8w2$&Bl&SH4=q4*?POhmN3kW(=Fw|3|n
zfkh=3oI-waIO6nnQJcwVCAnq$Q)|vY{A?t^Te~lutu{*#%xBRu3^{VPPTjnG1k<|X
zhB~mA^GjnTn)5gHu|@ANvA&<E>-r?3Xcx+saKTFt4@?5V)y&w9C(^dOnN-9K1tXbE
zdSTXsEqqr&^1jDy9_^6J3pIwCR+_Abt7d(?OFTS!#0-dH?fzG)P~bDfYA&!lrPFbk
zwd@{yK`tb2c28?&(vQN}aY_vI-w5JxyNqD!3^x@IuRf+hl4D<^5RpvgbNjE3^*CGI
z1`I%pTzn+Q6>E$f@knzYOUXTPuI(Bn?k**8ftFo6QUD!}X5791oqX4se&I!@VVa@b
z&J)cgo`KTmMWiTdEvZTLep2TK{4c2aBj0AsT8afcaxVUJ0vpC^Q0-o^{o-zU+md=f
z9ij{B>Q%$_$HRP&O3A3!9p|Z&!Y;a8XhjNaAqB)n3iRD<;*Kgiu~ihqzjL9Eyr-Sd
z-W_m_Qk(VV$)av#Ue!HZ>3?1K=XA4S5NRXe;Shu?r*dyM@&QTAf3JM=oE+VOkPsY)
z81IVVx?wGmjC858%cEqPjU0yhviAeJ25AGjY6I45P@)F85~JT4m<W)8+y3=-ax{g9
zDH9so#UV?rk5I?eA>ju+<ruiTBa1F|Ua~<a38_gexuDq&xTPhQjfoC!ss;&mbh@jq
z?s<7_@e~mM^&Oe;DanPbIJ-;#5<e9n2x4<;77L6OviSi*5cdghQ%_Csh`CQRFIBFE
zh5*&BQF_!=@_6~(OT&F);V^-%!)5oJNrx;lH46!rDCbP=NSW(Vdnp72qEOYWw+$3a
z1+QuVWezHNL1eS$<V(yz^jXP#k|BhkFo@*JXrv6{$GqfI6~3BqbWVHtPcTamzX}#=
z(K5CGE49i<!|t}SEsEC;7sVNNH(74}%<Vqt<88Gkc>bw8-?B#b=l8n;*y1gAJd#3L
z{cFd)uTR930V<mgNWxlu9~mC512q3qXXHfL!6e71v1Z)SH`3qyJBOohZL_zYo0h`J
z9rMBQFM)NM;l6X<qbq-;Xd84Z`^<<}-2eLIxXZI+y{AkqKD#ZkR;I?ugMe}t^Saty
zY=VX=_RqHT{ymP8SwIKaUr2BhXU#i`Pc}}rfe57DkyK}EwUo=YRCC^dS0AA|CI|AX
zSxDohHvH5lg#1~mW9M8;f{NEvcvu_jrKabGE9jRSc{AK?sDjaB)r)S9MWnxceP(`t
zSJ-0r%0m?K8n&PtG~pEL2DXe-#I{WuFw<#VXs^r_i$_K=N3(tJk{+p)FhKsB|F0*^
z?T}`)ZACU(kV=H+GI0jWu1mu-5@Rx+97@}bdNdt;-YD$c0X;cQW-{<ZXxTTWXUr)(
zuJyIhUDBQi_en`~pTb7rxv&Gz#e*=`wT7R3RN5^IsJ!5Yi(@SSd)|A5OgWqkY6G!!
zdr>DPt$gkI7yD>GLWUt8f=K1c?I5`#5X2dQ{puG-n+t_~4bgeowFu6k7Nh4rMBTyt
z<vo!*u!#}E&0|<(?~nbZ23XoI%9%alHv%F@Xuj2LH3JwKexlrs7ANf;RAt@(<w>(^
zFms0#!8Vg(kerD_u#B9VneRcfy3XxSt;)Dm!?j!kT-G@)N&!O56va7H;imhVr}{bx
z^KsI|55HN}Wgwc}aLcASm!tIEQCMu~+PYp9+d0$Y)0tkZ{^~hdEx`@v5}Abyt(_EM
zS)5^hy+3cX_l67*Kd51S81<ww^h;M`<aSPXwJu2#F9%ehr<c!b(Fl~gMoaQe`0Bi$
zd*Q0UdGw>x6vq|NSnn~WJDaNa<{^2)z#X5C=~h~ir}KgP+C%@gUUTIErwZB6w9LbB
zxD4TXuvu^2xWt_Q6W=f7Lt5nI1V{AC9E#zs-%x5~DQ~`@V)olx^@cyOZeB9dsRc3U
zplxZ1#JWV^#sfne;v6)W^qpHgTd0IwrPu(k@2?cqfae}L7%Ds)YVjmh`-4*4y3{Z7
z#8|LB%IRxMgyH=ZLa?@Y9<Xi|mz1v=#_<msbp0ee&SQFT;9Oo!%86`5$vD=Z-LL20
zU5|yrA4WT%@NdNY*x@DOBSZk%-H}!o`}C@Ng2P%0oKD5CKk-zdej%MSu&^TUC;5HM
zUJ`7xZBHqoCi*<@?C51!z<|YIx|}T#TW$4<8NqZ{ZWGRh_vGYsSq^7-Xp)4C^hFn>
z62tv~FYih~gA;V~^p?}bHTXnt;`PdT#V!@kj^wp{DObe4Jdm5DKJRbzf~hG_S~=Jf
zzSBVpt4YwO4dWW%%gnTtkTFOK{pS%qXwozN+suXZgJ}k0viF|(mTp~fUlJx?^sQWM
zTWDilmD@_g*gJaMJX&6z%5|S{mTFJ>wl6_>_r8&kQnlt1`nT8&4W3alqZrDVdz`-z
zN!Ix7iyae%1aI8l1=!38M<6~^URCDfSI*y6d*=dSxl3MfE9*Ykgo*+&Ba7kSiNoFD
zo&;=_meAd5bm2FUxU_D1DzG5ThiETldc~mln$)|&fmr(Ti1a4(O$Jm+N&|mIi9Ht!
zK&Q9->{m$Iv)QlamFE+9P6n{Ev8@gT)?GeN{f{=}IrA2K5Ay1lQM0UXxAm0?E4Q-0
zlXmV!OP>FoS*6+3<b8jHXXRiRPWtFp8H{)SuBhDLF=nzgQBlDv_15bAV)hBb&!Ai5
z)<s1f-=jS)+4M@q9pM~zP=WC{oGf&q!cH&}8T1WK*iqe_BarnG{*E><uMBo1g|eq5
z<wiNhxh*Po@$5i2D`vlscl6R?tlbe;a6HQ<S=PIAo%u&gj>O%Bnxf}9whKv@mD;>$
zU@fQx3WL?DkBtRxQk&FsEZ@N61Nl+77LtZBoER;i^%9Gy+>Ijc%$X+jZp=2pl*dE)
zJRo$0$vah_`eeNrhW7B~6$aPe(9{!8sr}9{C^`9P{PO~LibE|8FVsa`o6A)cZna_<
zki;Am5MJ*&Pi%0RvJ4n1)LR4~MCg~N(Lg}O?gAp^{-b5DO~T&zV_Rk43UBAYx!|Xh
zrJ6L3er{UlJLLK&>PVkV1j+mBoc(T`TXl5KE@%-P!lJ3KCfDvm9SEt`6*J<anjxRK
z_>%?-F1HR)zaR838oI~*5!Tg1HDbC4jJRq~oa(C7q<qNQPkIN|egvW3RlW5Gb$T>?
znY9-Md){67jPi5-*b9CdQOFGoN+{w}zs$6yk^-Tuegv_vZ<N+o+&AVOIjKUC$xgZV
zaQp)qo@#DMX1tRYp1w4!NCpUPQ4L$kVr>uh7VCT#0i?;Q=C1$)>K7bCaUKi7xOKUH
zl*b}_!wsT#;Q{D!h<Mlw-=gyU?7)(cMFxB$x#ul0_7yrzHcRvjy(^D&6N0ia-Lm2`
zb2W>nR}+jhtsFeKbhvcq-@piwCoqkDgZ*J`$gIWuq6mH76A(?S{8y?MC<OFLL0z<7
ziVO{~$w_;V*#q602>Dun1Swqqbw4bKQ5D)K6U&<rrntHVy6<a|*sEq#+fMN`$2o*W
zL36zCIAhio*56R12@IAZXii|aagWbwb`EE1lI)X$>OCi|w~fE|U*!>84*he~FP2BQ
zwRw2NuQL5Bmt>JsSWP<ryNk-7+Pu@1aFSEqpB8l4v;A&khwJ!OT2qTshwit}$xV1p
zq@VwonMz-qE=lP$gs-NXiC!voFD*SJILb|GqyZ5TyKtnDZibyiyx_;o)ZhB*e$&1G
z?>>KFR{a#S^OQCp)u+sqyw&V@U~_g@Tq;z}!MU~3b5bVo@lS<|EoQU2s@Da;pk>yA
zpZZ<}CY5Bi4eTDM4k1xZfeZQVDnvI;fSYs{ghu4wHasW2aC&`tFQo^TiZUongo~*I
zJz^_wKYsG;_lf?FXn7hzU+VlDdDRrT%G+}JKrP3)n?8CGK{|eIj;0R~ssKbDKkrw6
z{Cv~!Z88P=Qi_|LajJJYDjf|F5_YER)jxtqS~!V=uR@R8pPgQ>RFLgS^?JOq;4@vn
z<{3@OlXTtE=2}GU%{SkFUU@%_I;@@T*=qAuCXqM$r7C0&^lJmN6Co4<7K8tG?Tm`q
zy6?UL8buMMURG+`OIxMunWfBEUPgOqOoYl_Y0dp&7+RqYA7_~4Tn2T}=l$N+gA~NV
zF^UV;@_7QFq|t@NovUN;4or!=JPDEc3(I`<j5-Bv<wtyJcB?bY$;3BdI{y~iqh!sY
z!}R%GM(0XBM1#wMpmu>1idPfWaESv63R>XgtxaiXcms=1ZA-6YQoM3zY<{VE*U|Pl
zck3Gi%3obvH`*(jj8mTcQZpLPF3MojdKysqSyuS4oa>(q8H0x6$X+}7^oKj1mI8Ug
z9>P(Q-^Kpf(`qNah<U})@!)S5j(<LYQDd0igEz{T`0N9kg=mnbJG?{Mk1yt$IcU4f
zvN>acrDD}xe9M+`Y3D!?x3X+;S%p)DnQyAfX_#)iJEPdqAK<fZ+oBP+vR(oMW?}!p
zzuzC5wm+dSCG*|g+jbG-oUxM)bXk&#1`}rX{D&ZV{vp{{PFRbJBd1FnQM<GC!omcm
z@72f{>MrL^kUe4#pUF~}4p>lv=cj4M87LHzCKvSJn;#f*D=Tc`kZ8cbz_^cjZy0jA
zq_Z0G={cmX_qHKFB=Peazp)KL9MzysPzjIr*)~9o!qK2LhOm2lv9v)R!g3;BYmi})
z%HXPQ{5<&%ocmQ^GYzh<0fD?=CUCdxtivdSc3Df<a0l+E(^**(u}u)Bz}mzhnd{nY
z+>Bqojo>3vK4$4v<uhmrAkq(8=Hf?PBtquD*RnVz5*(w9tUKIRDBsD_K5Gu`Js*d>
zozO$?W4DjVyF(nViJwmkX7!Gp-&?U4O?s_}vI$2X-jwO16F9C7C7h>W(7FAQtUgMB
zKTPutkA&TdW<mxH<}WT(ZpKXn#MJ{SyB1?Q-ddpe17TIT09NhsTAE$_TAdqOU~a(x
zS2ABNrL<xCDYGyE36<#B-j<?VtayU<7s&ot8~s+?@V|F3<rMsWXj$?Opo%$AyLBD7
zmFuthadQ8Mj_h@cw$S#ZeN<E)Ek3)akGv$WfVzFwr!X77fnQTyOwCoS`NgvUx*S27
zMwp|#-s@a3%qg=wN<W#CFQVTq+DOg+IW%>EmLGK<-}NhJMC?r=m_!Bgw3mbp(Zc^A
z%a~zhq`-xk+~~Rq=bFv<Am+~DCeH7pNim=%iIjp}f4IOm)zw|d6hMsGD!1+4z@B=?
z6Src9gP#H#ti&s=HyadDMiIk9+-lVa>Ke)!huAmEDag!jcv5Ws7S3op&*&rE$jjh7
zw5l90B5w%Py$WkQ4`!#`e$%G)?<zNFe?H@W;9sQPtqu^#1hy#hPXDB$Y@emVCqP4x
zb^cDSsv(dBk={B5>_Bq^fh|`CAy<QyHi-_<-x%kl2<Pve<!`GYlUsXI_hW07!*+ux
zPRi2?{@5j&BT9JT73~mfN#bx%S#kZ48W{3(vUQI5CW|iM@9*5*Db4JkxT)W(2rs+y
z#sl|hw?zpoR8IVFjAv3g+vGb=k5%V!ZbdJ9r@+>s%~{`liXck^RWCkMkQbmJSHVAd
z{Bq+GPVQQKluB;#XzOz*w?#br`WuI0<Q@CWD^ydL@b88C7885RnhvYxtUyi_zHMEJ
zs1b55g|(UGUE^s|{Pp7HBKVfz{*>&ORp&tA4FRAdISHg47Q3q)oVsTxkh?m|l#9O4
z8ruqEBz(B{;i9R%L`V<S#kueCo?(MU$8OdR%ShP``&P`pe-g8%_d$YfZf6+FymbE*
z*?SrRNiO@4nj=-3FTDc%GDq_v3Z)(sou|8Q8uuh#<XVi>rj7s!3o2gsU`E1EZxV;!
zEAzW?S;VrsqOuu;t)uV_gB7ag;Urb4uOm~@^|ON;H6%DMu-Ih+dLh-VPw9FI3+X#P
zJBWn%>dtCl>MrxH+}ip>p8By!HoLaq;3kC9#9-G?A?_`v1-faf?PK|?p)-t``$PjJ
zoyWp=N%)2V?*{Z|=YEEGLwVQ3Kg$Bh8^C)gBO1Jw2!~LK-M{6`KGA>Fx&)-%$W%8I
z23@`Z9z<X02f1|smVHKkAokDTQ2mHhlqk{+P!B|IeL+oQDHyZKk3e`3Nv-gpm-pm!
z=dZYDdh2T*+9zxx%7E)C9%+bWPOjKSKeCV`^8RQ4<Z)S_PVT0nN=}GZWaxfN^1RAh
zq$8zVWYp?lk-A|n9Z@1!<-}^8V}`DFqTQwN{VZeOG%!&?+YNWQu}_6wFm)A;J?)*u
zykh#p#}v~yDHV|(G$-FC#r+CLd*Nl9+s*5&*v6jwP?LGN%an7HJL#*rl!IrN!X4IF
z)Sk``eRRfo%>jTG`=xa0rR7Z{Z-;Z}$tYQKWnxIlYH9`|Q<RRj-Nf~6mO#DFoKVRT
zpI1fR!c;^e?aeuX`SgA3;md%<_(`fdaD&K8v|<J;Y*jMqcV`SXkYhbV9m{0(;j*<K
zfJD$d5g5*p&HEV=_#w8mgt$&!?Hw=q1kZzu(k|h%ll8WJ5q-CX;V4*hIjJ9I^@ON^
z3x2epchYG*fwXP#VSRffU+cdt>S3goB+hBB`()6|rT}>n<OTCy;Zgl4R2A{{&tRe^
z=JFsSYPg%e5Jk(+P0GO>!_ENT%P5`mAl;#uwtQ01&fYX#5=jKge}h94XfxmgQ3*#_
z??*syLGN+Aj1pk8Dx%dtVCT;jRD&~B8jH0bamQY{&7e%WbU+T$XW!BJ0rji@(t+%R
z0O3QPZ{RH<b^*$3IK=#;r|0bCy5Ra<M>*xuoGfk3t&_~S_~8Bbw^sf>8BUShZ#9cg
zGQzI!1PLq~a_>N;D@lmg`v`VE&oDo~$M%JH<i&m)6ugyW6p3gKkk=|ajbxAwe~`%u
zB0>&g5(JLEe!+UHO%^L8g2L@!9i$dOJG{pDKKhfXm`A*VSDjnZySy;KIF>0`FU;<w
z6PmW!gDjyYU5Mh_Nvw;MZC)TMK2CP-%g94YI2*!6P%@yj)qmUlf~YaRk|Zg8-u}yn
z`P@>#8S_Gw^z7fL&9G!rVqz+Ujbwcc_}kR)7{&Q@A}N{EkcLQ|xJ^_s==K=!I6U>k
z4Ki8rp}mM&N*KfdF22KQIWG};nRX;15iADZ1E;+kNPpGY`s-yMYG14e*?hya+>TYi
zc|v40Rf%wA-~$kGv%Lome@Og>6N_iK9&ho}IEf_0{aAIY(SSc%*5kvA$@V8M#>FaH
zM~5)cL${n~u}~M0nX=c6q`m->+TjqZr?roJz4!GV@uq&`6(dl{;&XvEhA%@vG)Z_u
zoLox(bqtOAfd5_%)1{aa&N?p#;Uyhq;>D0|8ta|QZk5@O$r5boR0oMH$=`#<C9|7a
zehJP(Ng<kxf}Wo&kV?Q{;*$?`i#KMVp=3)5&$15&pR#R0t?B{R<b??*w?9q6C9snb
z<oOT>sNmm~uDa?})^69;&*QZ|bGFMMiVnQO3cSR)?OU7&*M}Hfl|`-3^J|9J{e7X|
zlYQ~97Z0vrP@AAKSc8K_3p~C53nGHZB*HIXe0f1HB0*st+HXUo*lS>k?XayHq5pg@
zycejYG70)WzrFz~ktQ+7KHe;Fin!<73>axqo)OA!^SzG^c|h?JE=N745TVI7L>}*Y
z`S|(YS`D(;V@y=Tl`BL$Q$y|888@%c%5QayRK@7!tK_iZ%(&AJ!!7<edu`^tYtf7Q
z(xwyAv;{#0+z%E1KMn;^h$gS*fXjr8Cj!rKfszyj8-w2fg_Obtt_zU4z6XqN$oX42
ziqBYIAAY`P2G-+f+%Fq&N!oY=u16MG$Qk0;TAng^yG3&3%MH+4O92}N%R&;7*~l)j
zwe*fpo_)Ey+pa^kr)E$li@EvB2icO8he$aR8UvMP%s>?q$UF`%vps3AM$pEFCaC{l
z`DFUuu69hsY+S+0alx%I<RbPs<W?xJ)bpk3HG4W4SdTR9fu8JCU_e_<PXD`sD<W=J
zto~mvfb;(51(T?MqgqS?;(QOC%{lU0ar7`mu<!l9+iU0A7JG?*7T6JFLX6-U;}X=X
z$((!x*pj2U;pg}}qKEV>Lm6PX@`}Ndo|@pO{mPRUX$J1&^EMI1NWC|D+J4%Ocomo8
zA-LE7)~=7NJ&x0fyDa2IYM+4p_W%sHnWz1wyl&-2#$T+zd-89}<v(i!sw_e4y#Xo^
z?#r=WC4m;ap!0(|(;KV-JLNlfg5xT8I{PAGG;%&S5t7IC(Gj7?(xBJ$G9#h+xhT8C
z{wuo4N0;{>ilir80t0rARIe8hqw^W!eirfAu)J+DA9@*FDRcFJrr}>4SJ`()?L@^`
zq}zl7#C4#6b3V*)j^!2hA|5zX(2P1Jd^_NJMB%@<ulp0beS3&}?*`~s>i;TZ6Ja8f
z&oBn(w@*g42^S-Scs%hXn|Z~^4*=bPJHF%%YcY~g6S3ikFRnmFNZtV7j6_|1Rl@Wl
zN+S!I{phF)+oicbRV5Sr+~@7MDf$V?4PUhh)&u7~y04L+iF5B7Tp277uReb9`7yGK
zD5m|g0Q<VFdavd14)$?*3`N=N$N3!`*@z^#c_t>5ZR6eS^Iog&6|0J(s?SX?tS)4<
zuRe&Q-fjzc>DIWIWJopgI7IvJxrdC4R{f_v)RHE)5T`o#f4*T%^g$l`J5glE<MhMd
zgX8;8G$9qW%-q-3gAmiQ!bM9t<Kxbb^aH>|=5dtNr}=XY@kXHZPN4VLW>$beAlpRU
z`_#Q;FTnJj!acTg<~Kk^61$7z*>;%g1*sVeI^i2O(I67D7ZBYhee1I*BZ1dte3Yud
z{|yDIWV_lS+)Wvn#?oA^J{azSiwQPopM5}%A#Z?cVI;BhM&#Yl7zawkW0!W&t~s(;
z*X7X?V>TV?$7@wf^S=+M$&=a^T3ug|qw-;4$?sO>#Oai2-M!cl@vRf^5A1S(9XZ{V
zS(igOu-Ji&$bl`TPAY=>e_nCk0W9YA=QvShI9)1A83<=oH7_<*2H0eak?(<3jQuzy
z&QI}hrliedWcBL|p<?7LG3u-1k?h$u&hq593$4aA457S%A&=N0lmxpM>1eMJU`e7n
z7W(fV^Dfqal@-WYJZg(3?e(I|wrpE$1?oMC!IMcnYb_|M0#*9udd)G{eWZH(aYJKt
zGn*A{0ruJN^OP4H7P`#brIs}Q9@5}y$*Pe}JOTvbpO%%R!9Jr8G{}IQg!L)p$4iP9
zI&J;g+zJ$+d(_|4_Q`;VBC18Lx&`awm`l9F=ajJqx5D{4QA^}ga(H2zaEo|`Ga8sP
z74};&-8niD^;zcw;DpcE%(G;<0mfE#8DEpD@tYC;7iIM4Bl!g=lTP+Io;eFSO-yBH
z9Oi@cmK}>o+GS<%)<89`qyjmOhq)9Dp~MBi4@bk;|N7J!2^z|M7Xx;(hz)0_$P1P+
z%;1|UP_y`^O}Lmo__{Mi2Xej*q)p!?>!2Ug)8!sWFyZW)oi2q{I=XjXDh-*b6(h^|
z`+~jMS@5r9ero7xA-(y2MC+Q8tYRwRjzxZ3-`>&oiYjBCT;yZEpZka?nBc|#!=_IE
zPLMTovFptM%l}qM#x#W;Z12D@Z}=4>)d<h!93TaKCpYL>K9~h~A0@@hd}`%viyN!<
z0^H8D^Q}*@+O9{wS<pe>H=@siwmluD>`hW=>qYpHL}Z|*zPUG+#6eDO(i7D#@W(u-
zT=;JgkpY-No=FzqhL<hM-9$<rm;rgj16gfdCc-agG@Yvoecak7AICLQseS)w^U(Dl
z2?bc;!WRZM42J$8ZMs^bw(gRxj(YO8w`gOvM>4`XbtFSh%}vMo&YzRvzjQZ0xR7~n
zS-hYI8`;0W3+PhYHJ>Q@U`n!eznr_^;{=!XNh`M#MV6re(c|FLDePYL$WsHx)P9(&
z$}*hAK(0qpFHJQ8GOh24T6W6OJv?Wx8fMZ!_v@*94MgOQerj}-EcgBfC`Y1j@oP*F
z@qZ5qMcgJV?#S@^@P39*{xkA-Ukdv%%yFD&#tyr^4f8kF6%T`$Zex2}hu~*cyOX1H
z2cArY48@gXUA)C5YX(f?+2tIG$l6r|-y2GLy@PTOd#=DK_MnnjbBsw_sqT605iu4k
zeA5L1f)BQb!j`0Oyyv*{Vvxd4vrQ#{oADH{Gn_W!n?`9_Oc?J^)9$7Dhgi`_A5@s*
zo`H6P-OV7nGp@;>r0?X3T|Z2CoAn#U;zV3`VWfK759{SEqBmhYyVl9)y@*Ubx8Lyn
zLm2oxmXarRVr0kQ{d5j_3o%WTaoEBa|EV^UOVU$BW=%4K_kcIP!Ne#FIYne3Z%_Q7
z3^`R(XI8r?3QRh(2pYH`W3PYGQH`RH4IM+O(N!P2-AAgB&}aI(4ksH+kp%*aM_|Ck
z69z75k5HFra^7ZqPG0b3q+WH=v??fKc*ggUB@H2wc120({>fDiq$=~?U&mkXvbiyr
zx!P~0ZQnUnZ+sZ2JKy)jp|Qw7=bkNvwsV+dXuEJlTvdg&Sf9uKONmZ+wIjsmaMtnq
zpDTH*!12{c<R+{bnF*Brcn~d{rjJS5MBgqTxpWHlt-+MRSIN;saAEapTNfji+0QiC
z?Eh>q;!JJT0;U$<g+4v%%gxz#nnI!{5Ct$ED9ixuvG8Zb?k8gZ$N3oM0hb`>!x?4C
zs#>9U`KBZlYuz99H^DMHBFogpA)!MO8ma7#GMy9lFQ*t6NT+kAp~IPB$*KHbVit4P
z8;e!1pjs{3TPhm}nw5T}wBwKABU>JUl{Z3rY7d-lTpd)v>QJW?1}G3|Rvuz#BG1_e
z%wPS_C{Omlc#%1F(VB|?JHIj&YV{wRX!Cd0Pp62TYY1iVD^8`WumbLw>`3n-v_4S}
zJlM9V2Oe%G)dTe3xrH%lSL{9)?>LDAu6t!)z8<UGM<)EN@FI;*AiV$gxYKKzWBQ(?
zGPsMr_zLB>*kRWs_(thdkRKH@(e#&>5)5$Z6bmqWf}fa!7#P=mK9)pr3;5NfdBy-w
zNZryUF^o=I^EgJzM9*Cp75_iM+9y<$lnawET+c2g#ic0br#wKXfg5K1dPiLn5b5^6
z8~N>^w+Hc=vlywm`f?`i%*@{MRUv5%MfY8?R0iWqCx5U~vq9_2rkRCg5Y4CU4e+zF
zT%tWwQL{tx*^fN7ncJd1c1*y4&)dxY#t;q&si1e@8|{RQs6Y}nzky2lhU2@A3snQ4
z)2Chx?98l2wB4Qc+V?yJi~2yw525Wwl=_)4G9F7vJe^!$NrNxWFO+`qZT6`=m2s~1
znocd{ODM|@>ygdGUg*4cmBWHDtfq!bEwZ5?B6r4uQD^LlIXl-Z>09te<eZq@^~G&D
z4!b%=h(()5B3hyo>QEkrGQAM%m={s$e}_l0+lSdp{^)-6pJ{=X72);unC3pR=D1{J
zAgc*FoX?E)fcth8PZhk}356M|bt6#Qe2NXdkE}a8xc~dnkXi?D9!xP;9hG^*_BR`r
z@1pMU&zFtgmJL|;QQ3Q5fc-XxVfSHkyp43*m<)L@UZY7W_jdMKW4O3=Rf0vjw{tz1
zwBGu#{`z50NK7XM1x9$~|7T2dXx=&y6Gf`sq73fwg8cqT4D%Q&UjbiqCH=Na&M)J{
zvAwk04vR;AS4md>pKP`CYCb@Ag}F9i2;~KM{9g|LQ~JUoR0}m}G8fq^0%5BX6n3g?
zeq6fenQwwQbw_O?i@^_oFCL19iXqbku5W_=bl(?ipsCZ^?d%RM+0UYXt@U^)r9HW+
zphjB|x%2d3K~H=%eeR%)A%DR=XpA5-lIB>$k*Oq$((yYNu=hkQ*@DhO7NZ3_%zcy$
ziV}Zbxqk7GG7uBIcFcQ@v2_u>kt9{vk4>tLD3!zMOR-$|Utsg!0?#}+$o4}zqcrZb
z=nOH{J-?Xyr_lbg|AQmn2h@$f<0I+;$8A|Mttou!D~6zlGkDnd4w3uFh%YOahblJ6
zmlk~@F{YDgEgC9)kCb-6mKi98bU3_%>W3TxFQORr4G{OF2a>&~v7stvbW?BXd1Qo#
zBMA#e>-GKpLibO*G+YH_Zw;@zRMmQ>d{qVCH6==k26iHUyiEC(b6`~Rt51LUY6Xpo
zz`n%ZO`oeyhjfYGsnPouw*HiE|F>F<WViv+a_bryjiJa}{$MP6FBT)O1Y={2UopV<
zeyb%8!G(^b&iorl2>)ABJ>atK8<FeypW4Wg*QSdl-BNO8W+Iq!LTjynQ;qrDN7Ax5
zZ8O^?9<DfUGuHz;w$;#7Qs~2y*R<FVfP=1kuSl9sDqsF0ML;6#8v`ZsPH?CG=}gO9
zvj$l%@t+1U8ctt1t_hRxc%s)Q#^K}9$`DSYSP4=4YH8k8H6zNDM<MU2{gYSV4e5?q
z%u`$zEBIgdbpsGk_L;&`w4eLYwm)!?bE~5VF|N!3<1@)w`A;v_zS_)7<B03OIfiOE
z_o=b%+a~(VX@&HMr1ZF8`x@+K4^zo)Xdn>2VF(`i9r9WM<PfSc-+?lg)B^F`LfrLd
zZVVKOoW<lxLr5>c`3Uwi$b5hZ0V<YiERr1(SE|O0Z=?RGXv&lQ!`U5|C~5P2G?{Ej
zb={t)JT5g-w(ojCz2-Wxz>HWx=JD}$yw+S7NqyKE{CA82ErL)8-8fvhwdi~&rG$LL
zrbbGi>ps(&FhVef!#2T)$o7|PB+tXRSH=AZemOq-{kQ!+uuJVd5Pt9mc$GAklv#`n
zPSic7``CRZpXB@-HP8N2{p&pc=lG)Ae@~#jNV|LAfgY-7P~K~ftP^0~^JiO4yLKN*
zE)a4!^R)tHFd^bi>Sv{y?w-i|2~dSWC+JGON+T=pO(IjJi@jY3MjBnMM)r!WrM>Tn
zVTee)^-^3<)92YN-QN-Ph~Jkd(-pyNkqr@L@dF8<vbgoob$s@_gOLDM%v&&4r0i-m
zBIojVa;z3=3E?v038+U-#^LSI*jn;{5YPRH@^cVb<0u7tY4^tPV*63T$8Lp+b%o);
z9*EwnA7;UIb`|{vE(~z03+P)1*gROSg1O%SFF})>3NViN3^#@`)D6hq<!wQ<dbf{9
zF}~wsUI4SADkO-^D(ls_4Ep$RnX{l<HVa8rC=w7!Joj?5cNFdfY-*l(3UYu!T(8i~
zt7m7NH-z*C7y=!SkX7R|MD!ZScS)Bf>}OBTG_qwhe}+;1<907lwPd;;!?O+gLp(=B
z&2N`p7=5#uJBsiWPd3m#qJ;nK{C@f{V25B~g;0Apn?Z{}rlpa?!_qf6s=u13nI3%)
z9MV{!Rku4jR63&EUE@a+9vysde{pXGvHot`?*Y`6`oF;YKO1ib=1aQb?*`mVn<?7N
zb6TCjK<@Yy@pY=nDrL_0=Y(pUSj;C;$o%1<_$mAX`FQ(89-kz3aw3oToR3nK>g5!E
z5aO;A5h%biWPFCsp4tXt!U;2UBKcx`iQwcqq=CGNB|lY2y%-eS3QRQpc`b?5f!XL?
zW0m}<NLqkjFXiB)U(Ed;!{o+7n|9~dTJ54Rakf@$-oMU7iMUuLYP6Kn56|@%4mYQ4
z8R(R<Q*GDpxOL%PRSNU}&t|y5Y16o_qg!p6-WlB5RV5nwvKf0d;Nd?1D<N8|W*#6B
zIJ5tj*B{W+JCz-x&z!i=?2YZ?J%|Oe<}>FT@kjXC@D*fP$YI7(>Z^zOo<HKi-uY+e
ztZ!<P=#oc*-#MgxRJ<0%di(S3O|zgq{xWjOYp*`uDq>KULcYqs6hBINjZ&A4p`}4b
zoUUMnKzg|6AS0+lt2^SGv_Id{G?z0sojE<7lVh_qu$5=PAX|>)WjkO^7)=~URRG?{
zzU4@(>$arXU+^8`;4gTA;1uo@<pV&xiJ2}}bUFbKwc6lsg-5m|^cHAB{~YKntNlfl
zLsyprZWK-ZLhcZI&mLm+Ye<0ZEl+3bZ=LKIl~W^b(M-)Yf%0@i#v@+F(!C)qZ-QHu
zssI7cXOp}|UG#$Q@=7e(P#dq(Ur+x=C7eyYL)uBeLrz^B<N8ywFsvHyja5$0uquWa
zZ3=kaeJm%K4oHDEIOo+We&i0eoIXO3vK(0&W}q~%g|G&TWPFc(H9*S($92SWz+)Z#
zoJ98cQo?J==cMjR`1G+#6R`0sGvRHxMIC;-vU>*dlRD~v8xRf_SKhbEP_nv_tMr^S
zYhT;24Q4;R!ZnR+ut!#J%bxu?YU;Rz@D1Q(=4D*0$z$r2?PsLEdGS!5w!D(Od7C3C
zRZHn`nG94^(w4J40CrrtPyF>$;n_s9i$nclu@T?ALc2B09?-wQrz4~~|8&q%w{?8G
z-TZ8!DKLkHBA|SHyqUAL8}$k9%CoA`sgVvQxIB<z;}RwoFUU16HN1m&#k@m3C(19^
zQ7_jlSJBgMU9bihM2G$6hPDuVifLD~yEV!|=m59S)}XTbrz;XT?_&!S>T={Pj%M9P
z#x2}phxnTIrsfn*Y_&KCIfE-nVFo8~Zp~Q89jyKwZKq0=L{gI6-NE|yBFn*hq~R^3
zHCTtQ8VBb*hDq6Amzy}?HC=mktJVC+(|5Prcr3pL20oveyDgYXUV!b?I#GJs+C<lu
zq069WGbOX&)|KUJZPYljwBhu{QF!GgWu8aQOBOM*FEv$R#C|cmkotY5k3tJ<a48^y
z%M>}FQhA%q<{nUY*gJsG0HzMO=nbOfQ&AF^E+{NEeCRRWXkE9kvj(g28RPH*=M*=-
z|A(fp3~TZa+eVR+?q(7af}}_@3F#0~LSjk?h=KyrFp-w-W;7y5OT*|?>5}e-joN^1
z_q+e|yw8^%+p!PZ{fjHl>pYnxvV%Y-z#Z!f92wsiKFg~}{GL1Pz&&xUvtZe0>MT-d
zcIpb;)88S5s-HH84N1V5$dP@R2~dB%6Fdnfq~lMjz{mB^Fs&WZKVseZS*G^ko#E3^
zN~5Mzc6bHO`2zCaf~IYR@G^M}j;(mVzJNRpcYTm2>$X)I48rx=UqA|h=hQ(1fhNIB
zB<{zxQNi+R&X%Qx9qJ2;)*qP*uFjL{x^AIA<O+ITsi+hye3Z^m%l;kVzilY+phSF>
za9MunQN9J4qL-zM(us8F%xHHbS|AcFstZj8DlkU#-$6e(%&wdVKvFZ$P28GLlqJW6
z9Ss{*iILObCln@tqz?a8k9pGF9qO}hg0<JB(_n3$j{pCN_zyxf9u&nM9~p!f_r(IZ
zaKFu5kbixO${tbHN(OU68K~FL5_s7EA=-HWQX6qnyMez_picAwJ_IHDq5Y9Y4O!K&
z0b+eVAkK;W80UKCFbiT3Lx22eGXP!vTECX34i$`jqQ(a*2h_XcRLG6&F7R*TpZcdw
zLvfG;Fpi%AZaXJn|4irEH@9iX22!EuD{MbxgSJ|uV)4sB;BChK2mT3`TVf;mA)cVj
zaiunK8m>{ds9<OZXNfXes{~;lhY+D%Q?PH%qE*Zj@n^=<Nt<Cbi=O`P^3<Hp#)3UD
zpLsE6*q%aH6|V@}3%pT#g|(0%@T@+gjvyHxM3ALsl-`n9F0)2ED*)AJ5ITw~t@{5l
z4)*_9i2r%H0A)hQt6}${FPrhhyx}PSs86G@P<hM(63p|^3_Gw7HUVm`<EEh%ICs!F
z3_XS)VS<I$xqQF(sMhv`+Jn}V6FIqJO%9h*{*+JNSYJ*Omi`QrNlpET<7>wwGCl7*
z+fo_b@ncq`Jg?Ky$RXD-TJb1N{DZ;uB#mQB9wR=L9}qJs8`&aV_u{hNQW(bPivX<6
zHe1wp1b4gt_cE9=QaLnt?SneQ-n}pZ@LRn<&PQsg0W@AW^7Q-#Gf*CH>c7-m?;V#u
z!i*rIa-efp;W<zh(Pxk6u1a&Dwj0bBItl<W-67@%+>WE60Y}=2A--C6ct4Llw6@)X
zr2r;4i!0Xwuma8kJMa&R??s4Nt4bgC*utcYvM<)>=JG?cEGp*_1zzo-iQV;>7Q5B_
zx;%Ooik^--^<zaFCe-I%*R(DqL$Ta#>Sq5@bB4gyxOzUO{+1dKOTCeiE2lumTi1g(
z{}exe(^Or#Ln!pnKMJZwEm|X&Y`Zsl3e%<2XfpdhyUt$u4)J#%RO!*%I1SgL;Ug=D
zvekb4M7w4&)LYE>-zL-77v$5Rk3Pmu!#}^5u(a_W`U?%BEQhk#e4Oju2T{51rmZn~
zRjl!%l)D@G-6#Jc2V%i|49_CsL=g-BotsbEU%!T!KAHvJUKL8iSETR&0dTEDjFhn3
zAbH>1g#$^NylL&}>@Z{^c;r1pcT)xC*XitiGBw)qRQTZASqMjVb5jK3Xwtm`dj@|G
z6m#8<!&b<5GzDIT(YziU0BcS?C}UabZ~Hv?>^6~gEcJY}3LDC|<`Jp$)9kb81cIrg
zTV&ZUGy<iBa)sL0Chb1E`>ut%irkC-i2hAs_Ma=zHUD2<N9aPDHe`bP?+M@<u<C0P
zX+a0v`~S{*A`=2KKt4g(Zy@Ey63G2iJhZhY4R5*hqiLL*4lzA4fUk&yMzh;iCWoTi
z1b$VRg(By!s&asGOX=E4TK0EhwFe+i4BnkggDY?sClKH><xLl};mG(>d6~5Fl&#f5
zC3x<FL<&}WKs`)1gCkVU)Bp3oZUHt8*cbz6hUvdU)*ZaxqO_*P+4>wg`s|6h!R{42
zF*~vM))myEc^syzPXgB4jO@eKuxsmak{N2?&)m`Qcq-I`B{NZh4*!sE=+!zwOE$hI
zF{ldq(|h?d^e6b%{hTT9TS+GjMg)IM{=4vk_wW``#O$j4@bv(Qsv(c`uPDM{08$P$
z!;)9LzA!9@Ceg}9iQ_M|ilz59gvgyQ-ZEojWEd2@X+z5VlNLegPY=HLWH?puUU+P7
zqLts}Msp5y{wgg8Din;rEmlAf$8_P?J+UK9@EO&A#zJhO3u=qoV;0Ee(@C|igtXqS
z!cP8Y3P79f{~3eePk;Y!DWJfu8}bVp`1^U5Zz~y&-&L~9WxYH7hIu=BV?g}^Y?DrJ
zO*iCSnsJQYa!<A%3yAP5tt^jOUUv!&3u(X~$rI#C^+GvPhy1XwubLJar60x<Arj`1
z{mGA1W#t}KF}+!{zzAQNUDsh8w&HlDUn*bsey9Cqvn4iWGXPS+y~6hV7yV30bnmao
z-`lmsTZHJ#*Zd4`#OH2?rpLsagXBy~raswC7Y*FEZ|SYw8z`K3xA;cRYcGsJDA^(w
zCNCg>gxg$|ZqBZthVyw#D{v|=GWUK2o|R7HkCXj{;n<h|eS<%AMi<xA6~Ohz`vrW^
zq&?V|<mQcPe7oAX0sn7NN+n}`tEZtqajrYyRl-;w6X4hNNx&GCkdCipAn@_a^55T5
zS%a^%Cs_t~Q3ZH;)b@-Qw|L*Ib5Rop6P_y@aD0C&6CX@w#jD_gBphwKzeYO|!oF`s
zy1k(9LpV=h!1{$TpBbP`wp}JPG2<|1PA;Y;`M)Dlf%zYw5Ks7a_t*a(Y5RH&Sc%hr
zhr>2{Y%elS@DLNs@=>lY2im?Un^RwL5rL_`NIuW-RF&joyz(}q($1pHb;?iM8c883
z-e`5WZ(x}q*>`ssazmv%7W%r(EdRTIvkkB6S$M&-#up^>sQ^A0{V!ypC0Q0Tecp5$
zPM*i0<B1)pgw9`pTX9aCJw4610}z;%;^yVnX{fQA-6&g*@4{7M4xU43mUH?iu8O7l
z45R?m{P%)1@V6Y_^<Npmg!__G+?an3Apb$PZ5T_i&8#znXlt8gpi<w7+S~g8ig<=m
zR1;iZwI4oJo=r@M%{O3ONOV>bQFHi^2_tfT;J+p}iD)d5a@F%q`WrgR)AkXadS9vv
z)tt&f)&c#ho>=%yE|OX7$>oumSX%Jk%tL?%L$VY|4s=bx`rv(V+K-*VcLlMXN`V03
z>FC4?G#p3Ar*$uo#UeOZtw0Gkj{{E50k{!Rd+xAz5{TE?Yb?@A)w?~KqlSE|7o!6-
zo_qOS>(bC@&gc(wo4XZ<`?{$;ey_;)Q-C8S@=u~p=uVyPI^Qif3B=dvTz9j#6)hsS
zaLCPOH^bq~iv_+F+xh!0mf-nXEOm~tImX?LxKBy_45AA(mI8SG>DNeCBoy2a->rn2
zU)SOP0(GXg$WJf{pVk9&@)s$qc}Z>_qh4N?&<2dd)#xeY5DAl5Mo9Tyf=2MB<i9<O
z`iTVIB!Ka`3Z6-q2(S73ldXGt%-~b0@hi16am3`8I7)s;xOS+8{*ZKCUD|q<hxc~a
z+!#As3F3=9y_oTX6aQv?*4X#srM_{=Aw48bj@hOw{umSN$kI{Bie3-zdo#YeWlH~C
zwXyYIVtm?nMPB9qjtVN>#BzV$y1p2L-cc4ldSrSK$M1OKICUfN&lP{gEv^Zf1?iHB
z9s+WA-fWFxK~NiG+{_OnZEMyEi&5FYfJKGc)g-as{qf=6n3zA819q53#1YzI0Q|8F
zUu+$TSI!YhS1^|Z-xfOqK~qzY{M72UF;7b6nvC@=;2(gMGN8wfE*ky$heMjWP@<OO
z$7=r;OrD;Vhe3&l4)4`nhp|6)I|f$CC56;O4eh4)EmA2GAJ{*?`hW^7GcT^kxL(OO
zdmgo{gFFMZvlMeJsoJ@jMe8(=@4(y(ZlnNSPBVOl21s9(9z3)p^%<On{Qq1n1rFT5
zVuytVgsf9*2;z8KXB4LnR!nesj?JyA|M}8S<`OK74|;E^hQWZkcApr#;^q94y5(a1
zzK04qsBN!JueTY$+o&iWhXwFU>%MJU;}lygPgu4xu^l2kt?J8sM4Tv~^xQE$Fhw?V
zjA3i)zGAVE1>}@FFjH(fq_l+*6WvTc64hQ>ZnR=`Y9ZTFoUK@W0}48sL8|-$RJu{r
zr13@Cbh;l08Ob{QS*>>V#7Y6<5}nE%-^U1y5(>KL{b{qO`6R;k*KM{vLzz&5nZa59
z;n4+8jgVWJ(`SaOR%hdFLW3l1vwB4m#<QmJt_NZU%4*)%8dv;m=ggd#n;yakP7_6L
z8~vZ<ykfmS<|i$l#Nc>);@HJ1HwROno+_v6B0Vsh+E?~B2F)HqvOF&Sa2w_hAtw9U
z7%E&!8K-|MYAxAj?Z8Et=U8-4Of&Yqq|@O?t4Ak`w(%TFffISKM;A0}V8i2V$>U$#
zba+0fwyBoZVe$o_q`VCSjNhCLCxzy|9v!NJA0=MvD}<qT)Z}p*sbH6KEoidJhBZjU
zR8_6mCo7kZ&ZdAy@Wb`1%hfAz=SsBg_gX1MwDw>MO|!>5uM`l9j?=;M8)m9=`H7U;
z{mIs@{0f4uV8ag=prp3+*K4Bq!#jp2vk?^y@bict5m$cfGXK&(E0z^?3lK^aP}}`<
zocSqYd=l8yjq&JnZQDls5IyRGXeaV@ZD)DYF?bkNTDO*D@E$<5=>#+~(R3cjuj}*o
zOsCl8g|5FSR<?~Ua-k2y-N#bStwi=f!~_;yQJu#yT>d>v7L+&+K2?$1wpf)lljivS
zS#dsxf+xrQI?f89M*?Wd!9;xnxEOGCCEs`_6^auF$nE3Nk(jOFV&T*6uRW(XkhINT
zkK?qq2c&f8E`)3G`QL=&Ihh=Yj-PRaF=6@unlRw*kg_2_xOJZ4o+$U(l665jDLGI+
z$Fhm$L5~Ah{OBx6J~-J{4>h0)0MJtCLSU>WSH@@1COGmXGP?F+ow=)J^r3$+Gf&?-
zXmfX1_P=a*b{~XN1E4IMu1~(&;c+4qJvdgm+8YZgL9;7V=N4XDs;|g0W8H0a)yM}3
z9`&d^-X}EyJO=ow=Kpd~KN`7kMair*q1G}}SQjo*rlAZ<CIBzn6J`_OWy7<A>Qf+S
z1OQyGy`HFst&bA-bR48q85_G?@LR11tCKwxq1c(-=n;RoBKwu2Y74VPz)6*!8*JC{
zT)N0V36}{QstgMotO%Umyq3=XHAtS3b10ak+Uf7~f<XU^L)#--{|ho$aJ0f)wZSV8
z|7%Ic`@RD=2mxzZy}eZDTmgfiI$j9mjttb~3E%lCQHD}=m}RRD@9j#nFi8F$fp(%K
z=kP^R&I&X?9{}0iFtQu1u9zC;z25ovv=(~PVm1JzCy43hyn1Oj@OSBXm6PAo;6?y6
znr6{~_73w@P1?4yJE&4PE(5R|eMvbMCanASkZh8-7RC3ZR~gN57i{z?U$Mu9^t4cp
z@#?eEm%CDSh;f*SuI~jqH{_=!y)C{ajcZ3JG&&0@$v0}mxC}}$vJWDS#XI}yuzqW%
zKhG<o+5TxJzNQa4O?vaN*<Vhb=?QJ1`>;s!C#7s^+hCv#p&ho2n{|n>$BiUj(faHU
z-F7?nkFT(596EPnI6vtF+gs~x8K(YbE!JAQO-jPSw?b&`-E7?)5|+dP1YP>AF+*Fb
z+rS48ivec#Un%&ymCp+DB(%zE#Gr!^r^_tHUsoDqiW9bOD7i!Y#(g9p55S{B$3H+l
z_D*8P)rx(mzx{af5QEWWl|QAtH>>OL?S0^C4eAQ43H9oM7V9X-1j0Ipbs}q}H?t>C
zD)G~ogRolx3c3f|l*#o@vPHLt4tj?sPj?_Ucr@S1R?=vie39$2k|0JQrRe|{7x%|L
zN1-7;^$(jC=FY7W7CP~Ne#*OF+Y~pYuP$$5u5Vn<#rpa=(cqTz(OR~d^838uY$u2Q
zh9+Z_By0Zt*Zowu$zpxp1CxNtBm1&{ZyAn`pvp4(XGzk|(D>LT;?v0Y)~Mo-#+|K`
z+ryh>?u+WQo51xnL@V=AnO*-OwOzM`RKUh)r?OS?mhOc)MNkWfcGa|ei6QGD6>p@r
z2lyXQJ+iX%AUVZr#sB3eHt);q<ex97<&|WNXat(L;xX=P4nv7#zAAy5VrZ3{(>I(@
z$r6fZ$~rJ~X4|xA%%(R_PVYe2qVQbPlwY^<P%8RIy=%7q^S4@}+{|J_I}py44);;*
zf)KJzH&Pzh8*A+ffv%3ZIFcuz2O0DtoTio5Eh5HXv~ItDSmEfCB5LQG6AfH7H}!Lz
z`Tx``e>b53A50-f^$`G+19Ld&$8*pZnx^?FTOgTZ`OhyE%>(0UWAK=g1Pt2fVh;IX
z>SOX%)Dpio;Wj-tjG)HW4PfAGIrR$~H_<+-CFj4HKJIHv7O1zq;-NR3D_v+A64=Dd
z-gQ!pl?WOwX?*|6bbscD2=rL#UOP$0_8xQFFMN3ju0o9R!_MabN~G5)(jby<D3fwX
zyvo-;Kq(q3kpcktwhSmC7*qT9PnZwEeRkZWcVt3rzexM{3`BRMZ-Q*E(+dG_kvH55
z2si)jJWw=$K>h~HkokATW8}j4`_zs}T`G*mMr!k;`>$Ev>_=B9Z#Xd^68`+WEAa4@
z$o~G!JUQ(1#@Fcng2_1!7XuR64oh_N-IOFvSf$`><(-jZP};~ixPg!eMG`nNuKRk<
zu)I@7G?NDm#o`EEp)b&`a>N&U2~4t=Nik8&DKOLDroGK((Uh1t5TV+OlpVWK5LEXk
z@rNM#iMuzH?IalHzc5oK(e#p>Ws2MuFt!bwdjl7Y&LCUw5f2iUW11a+E2}Te)qyF_
zg{xa<2v>B0r%?>g;{w)seQJwN`yIFG$Ng9Cfhc3pI}^at7~};SH35Mya~A7IX?zR+
zA)PgXBMg7iTB8Ystkf*&P8900@3J!xI<m5d<6dW>2mVmQ{A*rVvudlc2M$R3f6y<&
zq1GWm>%r6OjK*lre~*)_m;McBNCiFLpO^pFudud4!tn8gDKNZ2zsMBj>9*~WmmEli
zP)rks9t&U=hTt}j4oCgzKb$7X$NU>QY5hob{BU>W=jBoZ;E5<)z)grF{yy*N=<Kwh
z59`fiLBSWO0yUXCswNY5RO(kq&Z!VdUG(VYo#9R?^bh|=&tS_iQ~UR;;1)z7FK`?N
z3?~cPP~1H6t*M=!{(=!-hYpS`75fynbV@sZ!xWPC$ZQFgQ9u^eAAOu-kt63V^uuQD
zy3Xb0P87ZQ5J57@-<a|~+o=9&nC*Ksi|w7NISzm!hic+@3ZUG7nMSL2!z2ATjVX{x
zqwiph`fBpe9z&53npO%cr55IKx-?5}^u-C@Mc&nv-h~hIXI;_S|2&UNI~#Eb#^~Hg
zyXy)f$xo+#M*Gk#M~q>r`gR-qS-(Mc!4+Df2<-TCDC$A0UX)811lwnFI=kX`3+#J+
z63hlYmcfD{Ypm*;T7njhC-K3EiAet?S9D_!e7LLf!&)DgpnX0w#`rppnPl7v8u~TT
zZU*5meh5ivWafzHY!&O;P|mUYo2I{hHIN`RFse21>89utEws#1y0zDk?Mt1#*if}o
zxLuc5wAok6bt<6!*&t+jA7)BdYH%wK&~@_%Sj!al^Ei}t9NmF0IIqT|*>kS(wdMX7
zKs};If`;?D4oyOAS#Y-a>N;xa>ZIoZ^dZ(SV%gn!Z)F19S5Wy<&Ut1$1Ns0g2SPbx
z$U49JHr#%hPm+TtyL$)2ZG`^0N$);c?8taghK~MQqkR3o*}obAm7hg4K=)MD^HZ88
z2oEy-s5z!kHAE{@*yG(Q-z|qw=Qo;hxye*ZB+f5w{^8O)cPuOJ7kH0X1G6hP#mp2p
zz#|MvBrul?yt?x9I(J2$7};=YRAWfgdp}}_PGMVcg*`A1nG^+K3RyRu2~LRX-DdMf
z^hj|bIRj70_tx*_++2z%US_0-ZS-HHdD5F|wV@-kZN|v7nh3e}ot3%5KXZv_ypuye
z;b%j*5VUOXgm+Bc5sX{;Tiob9%I95l@YFz(jmrvM61z=QUNn#Bx?%r57#y-<^V>!{
zQ?lLU-9~}e=1vMZ*YIT{TRTe_*5g}i4B%(lP#N+DLd)uhhKYMdv=LBGD*54(@j2!4
z6cBn>Q55zY_9F*)p2c;#k@}%2P6;jaoG(S+8U6xed<(~xi+UBQFa|l@)Sf<w^(YSu
z*ldNJ&$e19IIWaqOq{q+vyH43z9n&aKMp1K1_idCt7%72QqNYd#A~~b##h13gK0Wv
zi?+!bi!F9cNN?$h{SiMmX205~YS+12Lj=G!fy<*zofDU%t@FJ)@%q^rTn7xHP_W|b
zIiPWy<#OaTZ&z?C*c#mz#hB<LB_NEQb(u5p45BVn1AuzW!<XIOF2;e(!lr7JZ46HV
zjq9^@Pz3zsTr<0Dj$d#QjMuWldwX35X?FQ%C+mk^>hohJdEC^-05$8JRi<>Hky=UP
z{+Q<abzcIWw@JIBt+`kwhnbJ7yRxpF8QT2(x~mSWvJaBj1Ab?4CA=I_Ho2DbTu;{X
zISDXteN)HRX(T@iwlKN&aIJE950dv+e_-PJPClGcBNh)9#`}FCUcBrLHTvBgwR^+A
zC6a6Ck5&4y&l?3f@7>bd%*uaE{WPY`!xrh6D$B-psh9Hb8xXi^Qh|(d3zt23*-850
z^Z7IT^@V<Ra4oLY=ZKEwGHK`#1tya@EX=d>PDRr0+CTGT?=V|>-$0Pc-Z7=E<mK`@
z8n;2sasi^jrGS4OTx@_&04O<zYK+`hMNBp(M%n(sl&|9sSP7!V6Yy{IYj_}!x>TzO
z{SH^WTDa)&>SOcGg!g4Br_`LJ$sI}5L!Hb?+Fi9oeAd~|<a~CU>b<e?@0a|hWpMQm
z=pkXK;c&`Z$W6M~<m->)w5&C|l3EwQC`OF`H0|`MSS^FxJ~um1ue{p>?ZGUp16`F+
zGmHfWSU899`XinGYg!ga;D~z-@nwqcYUo-rN9aIDBBin{^Eb+?*=9nDo0Q>$YlR(_
zqgJX!sh}O6Xt=I&05u$2tt_X5TlRY9B-5}upbmVuF8=D_xTGGNEz6zLLg{nw0Qi|X
zog)8Bcw_|%QV*Fi9p^qw1|XN=b9wOeb8yD0$^<Ob72jYG^XvzW02++`b4S!TSvpd#
z8}k?E>ph$&(W+mqi%^WrbWUw{_X4THnqoc@5%d1#S(f-bBcP)b<3hjm>uC~IR1WiP
z!@)(BU*|FdFCKQAe|eM{4znAw(3`Ly;?*`TO%v`)<3seS$X)I{mV<6P%KHCIAYbnM
zed_&5JL|qo^foKsBXmKwk`KXE!^qX7CWWGZ%S$S)c&*yoe<^2XsJZUH$`umWJ(rOC
z{E<3qSJyCzrWsq|@UOyWH2`K^8D^PSCqQsgbwuZ}uhlfs{gV!@n<G)$8^sK=579p2
za@ECzXxAGk%!(zf%-A;Gr@!^eanQaVMS$q{eHsE|`=ATMl4++t;Ox$asI|rpb*;z@
zZRJTBxEK>7M}6<>=LDssx(l8hBC(xL)<elBPTKK;8OjTdA9C(MRJEL`amEh6?|-84
z%)LLochP|6En*Npy=m#Ib?@Q%z<dKfzq{|lF<fBX%YLvQ===DC?2&`ynTgacNmndL
z3a`2Bz!`^~$^1sX>2gEPG$;V;w1qik{gMs~C<Z5QU)ry$lWmcO974~>IXXXCUL7@p
z?QUXM-sEY_O)GR762}FI=9S-Gbd^=zhlacLthI{QAM2cj;r906dw$;h>rbl!t9HY_
zDEtC{9%e`s7%fbc@?)|>fIqHQW7<9lDCV<p&Gb<%e3rr-=e**kaMSIx2pzuIL?ey0
zwyf9U^~Kadz$@bTg(_14r%5{6TOTRelnpx2E2pIAv-NK{S?|W_Tf6dd0LgnN!k9bA
z4PD%Td)B@)`<<u`P3b$I|7M#P+tu(SatFLpI`JMEg%2BAG&-|lUc=}D*L!!t$w<e_
z!(F&{?M9<gt^0t>5x6lX0crRpl3w8J+MxuC+=Q<9U*lycA_9ZlS@CvvzcDV>6U~rP
zR$Y;Bn)x0(Rc6F${U?8-{v|a-XzB3#H@^LtJt>EPb1wz-u|lx>Nhz#IFTqmM{x*;=
zs!vwMzh;%f|FdN+vUv{2D?5q%Juj8{_cd=DU|g&t>T{;ZFXwKTB24<L0l2rjmB!gm
znDW767^(UgCDRDgwz}(HM;ka^3R4%vY3l&L*c%es(+QZq);y58<{@4C1w|v7<v#yQ
z5aYUba1zD%t$`l~Ga{!&+pz!c8`$giRD+#cA{mSdEI&6#&~#j#Z6#nLc0W-O-_~Fo
zL%4i@`2ss?lgM|webY}5&v-e;EB6sI;E92IV)ykC^u&Bm=6yJJ(W;EpToN8w$5@f)
zwcfPaFwq>#+e;r*7!qJAvul=)2pCIlfnjI0Zu2H}bA6JVlfdSLv^UL$+aARAcntS_
zccl-C8#ud{NXi?}GCWc5-RwT=LPi$$W?b=7<=*?5(vLv`n|B`{V_ME+5IJy$JEG*P
z;J9csry?5FLD-?(!HL-&gXmpV@yU4PtwfgFj82V-2NLBD+U~PP_#SJ(3v*wAS4z9!
zD%A<}hSe+XTk%b}!*C_pYkTHyH;Bwp6ft(G468<b9{*N<f7l$)W)j%o8G-~pb>_-n
zeI6q4ZKmRNk72fW;KGXnZ{3T_^?Bq#MYftC0arMWl$vuT0bKCp;5VF@0K%-sz^=I@
zg8nU4qBETz$wK#C+GJ~;&cxhK&z<t9Ebrur#=QJ#X3ZZ1Qkh5)RkBWXg)i*-4ZN_`
zXczhAY|{53ed@;w+eWjk*<~~w?<B3!cvfCe4Gs=8SOj7}Fh4e8QU0a}jiLDl?TufS
zKL=a0<fA#CrpW5SxPQhHz8?_fP;ev5?>$MuC;JwUehLI%dl@S-JTTfz#h{{m4+WB)
z>Xdu=TlT)kTvi9-v$eQ`)b0q_i|yYK!3};r6+f-nSX|8cVHT63W{0ckAFJ=`c!Y@B
zM^FOpqL}2i%LV?&-;*4ybvpn9M4U{b=%$I083;5fglt{SWi#nT*>f$9kmoB!8-%+=
za_y&L%8yC6NnpMgV$<XXIWtJTi?1F|F9V-@;_5F<A9j%gE(36Z+`%X<y=b<QT^a2D
z*h-D9z@{Ls^*owSL$OI_kkJ^Y8}|LK;S=hiPzfo~k8YcTpVW1)R4R?C&c?t8Dc$30
zqz$YdKVC_fYdP*RI(>6|5j!>}&!uTKnoW5=ZMuMuKk7K_+Q<N%(|=uqL%*BqDcqd{
z30c3zDGb6f8SBGs%B-6Snv-gQ{l<nj67Ez(F;QI;zdrG6C&{Js_7NYi1S;^mcI|?{
z`@H=P)N0L5N1dWzrNw*cg|)!u=TLCHfz93+Pb1d|lgDXoJqT*{_y}HyyScY;(z8U^
z4G%pTtLy{xPgknXuv`DN2yqpdt!IICIQy$Omg>`iU6bQd7+N6=8-FikeWgxgsJBg;
zp=We=ccrp}Ed!AEauj`;3+*?Z8=gMcJaRhOkh$sJ1$32*2Ld_v<T_a{d3$!Y&(0&{
zQ|}x5lC}FX{#6~=nkuUkyk)PR2|NumjNF|$^28cC<nhhX43|IHU#M20%;7}^UP-^@
z<@+twvq?AOUK!#>@6mfj@}@VEUX!bf&E_pf{*ZKQ;lQGA?F(z8NytP|B%fx3Ncsl<
zlln^D7XJC$Vc3>mKfVtHp4^HZ2;{@gQfr>R)r*UGVFqud^L@EPS!$5e%nRJuCi$6g
zv}SNyu~m45;bqCf$4x4$vR-NQ1MTNf4<yJ3N4xAGsDg}ZdHN3e{t_M<XWfXcqIkUr
zd74X0Otl~ceud+GjDXEGnd3I{eVi|<T5|!SUelfq<eW^DD)DIUXQ5!rjyqpJKkH|1
z?NMnBTbGGc&vlwGy{l+!NKU5M0C}#Q$cbutwmMMtIB8OIjdi&DBI9bk`D|JN&h7NN
z(}X5$|MM!`Q~JeYv0PCL(*TxS&ARZea>e$xu`NpNG&$;T>ij?Jxf2g&RqZDWoK8pf
zsTqX=4IC%*e4?~+a!Fm;lw0IJkR`Rt>ITl&<Nj&vaKCQ3OTXF`58U1#(!b+xct7If
zRlt$2tYWdTvBlo`Uz8bNDDvro9!IU#pZBY)w?I~;ilXk2{(cgY0sr)SpCro`-zMAr
zG39ug=_!{{ja>U$VSz3=T&`bKoN#+8^U`hvqI1xG5N@9+==31_>cvE-9jg{I2ZJEQ
zU{6@!66^9V(jf;A_2}sU^wFl@-<J{s>*iDL;%zwr7s$oTUhmG~rnDrf=Z<q^q<z3w
zF$QpVC$AiH)zT$%Z^3CPdG+_09kE}>_`z(5|4BNUC|gR}<F%nk`qwY!;D=9MXUm4x
z6^D&99Kq!nBiK58mnWaZb^Bg;QJiz3*YrtGpffS~XqhT}lb&?V&=C4ThP`ur5oE>@
zt_it$tY1X0x>P=^K<}u8-MpvB5gx-5M|Ar0TEy+f3Z1jSs~5QQc#xIf9#%z8#L@qn
z|8b``eIPqo$IXOdY%omR?o2nq{`60}q``k>`vJr3WQX#{$p<p={B2|{Z)^_wtM1?H
zgfNL&2@!_1RU(9yAO_1^;JZ&*uN@L#fgO6t(aYyTGDMLg0}>?dH!<G`;F*^YYL;$e
zS$%1&x~*H|a*rK*G}-pI2!QHmmQL$q{m&DtTktJmc#2WsN@875&|nGa#GxAGIG@-P
z6eL)Hq>TjdIf?2ub$?M$57elOdLV{G`}ko;IORUKK3ltE?K>Nk$*rs(x6Gr`e#YMl
z{-SGLLDdmacljYpr?erDS&!-5@lJ=vHDS641-tYuVp%mYTKOS-kq0W0xp)4V4<~HG
zkdJm~i$n!VUM-oc$`{IT%Cy8&R(5@ty}`ywTh?cYujiA<poXCa)8``};AsFOx3_K_
zR!-JA=jZM?iqR*amq5DLk!v+nxf$et9@-}FSsP5p%v$0omg98$h!`ww<0+71WFU(c
zzzmDqbw~#mz4b%_^UNdSa*9M8zn)>z(|8~O?ZmBc%@8l5C+>9<G=s&-;+yHrC0qiA
zxuKS9JPV!#Tp6Lv<-;R{D^a#*k~~;vt|F8s<Ot*R`3_F%r27R9`QA$gZqvI5(B02X
zY@QrH$pdn~jRvU_N(dM3jSY}1U&Er=)c&n9O8Xo87%F%>6Rh?7#I~lNLWDTF#2v1^
zAJ#goteyT7K1B6W(fF_Z`5MQRzp`?->KjQ%)ygkW`r-=&-)7XM!WQ}DS+{TiJLQ$@
zzd^mb6agPpk+85uA*+st_2~tiyqO-05`IV(*7!O<Iu{XZ%xrvT;K{n6{WrT3^>DzT
zo918PiTHo*t*IDAGH+BTv=0_|SJPE*;ztZ87_a|ucn>+XvA7G`M46v;o<z*iEo&tB
zB2=Lt&;*KilY-PVM+)u>XK!a*mJZlxOn+lcrUKvC$Wd&kQK&}pSat+{$)5enINrF8
z4=ksDC=2v_v0zhw`Bx!@$GQczhOVaHsu8y=d7v7HrB(CW2!d_;)wboH{7I8@f15-k
zwGw6|-|WKXJo7{0R1Nh;*%~zlWP-Np9Szj*>Jh8us(m#X<m|P-8I5o*OPF7L-P;qW
zw|H?xi%#h(Erg7k*cx%S+!;8vM*L878hCU_eOoaW9vanE4JAS_P*X|j4WXk+!Kdh|
zA)YP=xxR18LT5F|sNxvH_VeR$YnfZkS{vI#^X|-Ft(V<b9|)GcsL9sL?X1aVc2^Ta
zuj|SYUCowp@=*7MT0gN?Z+{uc^D1!xmmUpWa~r!A?)K}+ZDNdTHDdl3isnn9vRfUF
z-WbOVp*Wm;nfRJ^yc~-A<ppb#e_K0#kS$-W(E~Xyre&HlX~YsMg#l)!B^I^si_c4~
zJ3V}tvM`@V+F#x<-f1P2`A@I)r5KH&M#JAPF?~Wc^D;pps}X7W#<*0G$V%-q-)27h
znTjXQ-~Hj+UUFy@QJE<?j!!T1iHjv=suesZF~2T$BOqPxF!^ci*2ujyvFxM`zfs-k
zgn><tr$ki?oetQ-0;n>Id#HWd6&0Qu9hW{1^nAtl%ogxSU)LF^2;jGw?dQA&3cJJ1
zYJy{@m_v?MKb^XUtqU?;Py-<b{|zOA@DR-R2Oz6FHPg!T=)&CBSi*sr&nHr<R2<6t
z5xwH(Z6Culj1J~qi{#&XFF;B>jP^)Rd@7;)Th${~3Z6q#8K55tD|qUi7l7k(5f#tO
zOZO)qDN2{)rrB6VQ=U?KT)AB}N(TJZ{Kr*=GcRG-pKnOe5V9R@K4}12bY-4OxjETk
z#kkKWsXnj`xo_$Ey*Lz~Z?kXB?(ZkkphDCCC3tjr(ARLL3Zy-}sIPZjGJF1dx$p9T
zfvBp1P;9b>?1qM?vf14@*gv?*VVEiH@t=b%pC3-4OwAi8CCRm)86Em964P*VRt4Mw
za-|sfxa`4_HnqLH-*}@o^bC?Y07PTzHmdsIhN8k`udo{`2pBl_j+-j-U?O&peo7s>
zXCvts4)?F}U)*6@{68)Llo|h|%+6|!Yl~sg)`6m?a*i@Y+BI2m^1B#Q2;DxS-e<_;
z%4wd%!QX?0Kz#oa#vQl$AYuYdVZYBDBFDU5&j&WYHZYV!FYuF4h07-}-?R&`x-*U$
z&9Pke9PG|`4=uE>E*XePB?;Ibmu~hgpUB5kh!FlYy!-$W9x1uh)G?M}EUBQ$U#n8y
z&ro&<3@vp&{H_2mBWgmV-Cn*mHQ6o?uVY#k#VMmjCaqu&Yz--6qSriZyW)Rko;RL&
z4CQ%uNolfAwA{`mhYl?$ZH}FQ3n&73rCaq9E5tWjj|3=ge_A-{2K#($6yaFXVTL#J
zHk0pb_jDv>XT%F|0HPRj{5}0qxHb8`f9zeGCHe>L9{pLqD{rUfkhg4ZSb)g#$vie~
z>OCHAlbQWN{78(nYQk{aaJ=--!g(?*aJj^Zv{bKbUDA1<U1MJDuCJ^WJkV-_yFzhf
z&1K}rugsx@LIJ&IqfW#A_-pYo`kx)oFoFxARYwBYgV5)HV2&LpwA~=MU*{y0ND=Gv
zbUHBC!Z5fj3Mik;VEfk6tYEIDs#>faC0gr_f|cYNb;`W4pgm?m=qMW-|IJk(aqOi{
zE3=J-8biS5HQqsXBdO*c*uX-MFwGL7h1ITN;B-qz8y{gxx7=1kN>R37g;DMoUkqp6
z80Bbj1T)KfwPh}9ZP&lM8lIk0lz0xMEw-0vP9MVA(urJ4@*PnMV)rIWw&}e;TctdZ
z&ME}Hx1C82LdkM#f{8o5*T=wK1N=HH_#_4RelGKVX2|Z7ax3?Gm+sup5y`~+`UQ{F
zEQzg}9G~aWRSYmk!4oAm-gv0BSRlclj@OS&&?hsrh}HHXVe{t>ry(swR!y4-`8@8k
zov2hou3dIgZlI=(%j%V`z!<qxVq|4!;mHHf7Xk*^>PS6Xqrz0H)nb?3E$eHz<G8B$
zdHdE><SJ%Uvis;%hr-pm+rc6-srd{%Dc^b&M~QPs?tXypMMj{-C<#w0oFWL+R-4kr
z&WEKVK_JQLgyN#`V{F*aH`fle+XCDZsSjW3?de@n%Wkpm%-$22D3$UkaVyY}lJj3o
zpcl+CBDcO}Ro8{5@x5a;FfPa%ckj+)v7e1<(2)-7hXKUV=SpIP-gPCi9+ch=TC?fi
zrG$#ZkW=VZ=ARJjqVW%Krr5T>FfoWF%ODOlq<8URYlI-gf0SU^_Mo*3(d;(;>d%ik
z0+r@dxVi+(rGuWwesuPC2Rzyz#IF5FY8k;QV}#J6a$ll=ZE1w#Y=)u5iuq`BiA$*9
z{$3oVhA2=6_&q0vp0x)vzqlLF^Ym6M_3wd44zE3S!ivvXK<F&Rm(3=|N@phq=U%0k
z)SPo_nKD1fSsaRA5V2e;oe#7{(;$~*U^@F#Wp;nO*o%x&D*u=+weI+;yy6@%8+}w{
z*aN(LC#|Vuh!6nkb0pT_1y5m#S5hk!JFE}M?F*`q;q1oO>By5|MelF)Y@hmedCSwp
zre>k4myIWqPYScdFLJKI{20w9Jd3AP=|^J{;c%RS-|`yoIS7{klotS0J;6QY(DY}R
zfOK6hC>_@gi$$%&9})8Hw);+FC>a`wLV?G~fI8owscL4ZfA~wB*2Z<-w^kEZlf#TG
zIwkRH1AI12TO^#WMOZEcMx*I)abvoP&VqrqbF<ImGp-l~nw;k=Iw%eop57G4vt6o@
zl94eKG!K;GP7&a-y+Uw66v;8VXW}Y45zg}X>+cN>nsy2RIddL)rGL#L6?A@DW-K=D
zc&~@VIPmV~PGO7r5sT`_w}bK42i=O5B9M;T?1k6u>%pKTWL%apQ-CD-#;wh?o#E8`
z^nq7pZ{QZNuJ5oecq3L~3%(<qoP=*#PY>uisK6rEau^7dAUC9r6}RO^wG>2gt)A~5
zKFpjlRve#%G1mle?-m5Qt8v2oiQ8Xuc*lPhsKkr#Y#W|sDYr-g5>@2jAD0Ifoe@8P
ztG}VZdJ;~u;ty{kw}VDxFr|GO&GqNi&4A~U3Xkb#2Ze_w_y}D?c`%3e?==i~J`t{W
zI|FxfLp$R^x0gg?`Lwf))~`bGG%!N*@SW%vfm<OVmTE@@w;%^s1PiWf?3+ocmRCJD
z3PVu7NJe}Es}T*2$KwQH#b8~iMykct$^M{G9P~VS<W=5}kj`qn^j$z~k~Mav9Qr`x
z<T<dnh@aLHRt~<x%ByqxGgzbI?!8;3@*y&K=&J%iYQ+^9z`PPI_$0$Zqvi9vH;Hff
z;NHmE8L>}^z1N%(q!9tuft;EzbKevPT*GE2BfdDs0T=H~$Mx6lqzcj&IC1L`eCmpb
z@<oz7!^?cG3}XzL4io~uC_t1V*#)RCHi{xv`&Xhx=9qH<foFzZxW44z>(2>^bMe2U
z;G^7}oHgsc_r(hV;0hJErxee1BSJQMt8m@jzPOb{ER8{oKan}<PHrnfTU&{ycgvNT
z&2n4Za5^p4Bi5bp>@pytcUazyGjsNhI%0p(U9eMp_RkqLGcM=cRiETb$X=-HMU@`}
zXgH&O#^4=QzjX@Q0g4`b;T-lx#bH}uVJPn5smzx!Y{fjyw-qazJBDX7;_@t9!E`g4
zIVw-*IZ>qFD%rjz5Cw6ISFY(KT}e1SLI-S0h=@Bs`Rr49^?C@WF2osca0pl_b1rC1
zvdymvL?#v|Ki)_+>Uh@?4F8b&vmE@)@XUb?m4;qq_~O;Nwpah|m~>NG%}&+3pfS)^
zE^z&RrCRIb5wUV*x6=#8u*IFMrL2y`X?M+io;%Dn^u=1jS0iq>xWtS`7oQ6244;#N
zB3Et#@zjCIxRM$X2Ij2p27bNNSO21|N=|n3-4R|hXKLEXe8tJGi-s8bZg&zq|K3jl
z=U0_)T*;m^>3kirXuGSJy6%)SicAj*IPc$J58;#d(g-wD{8PrPigp;j9}^y!cVgaX
z9DX@i88gCX{!g>$W2nYA;k%nh<=}+RuuLK|n|9yX$iyY&oWqbv?!X;%S7-dKHB1ii
zS}3dyeEyV7KH$Zh<PTceU3uZ>J~}U61~W}&YsvzJ(398NzE<*39bQ4ff4{O4RBp1$
z0;Xpb8ekFkm7bAt<Cf~_HFz1Izjn?K?WDiAoFMdhKO7IZ=^Uhu8Q3|6eJloZAO31y
z4gGb_JCu39@Qzg*U(OrBPd#li6&8eCegTZV-J@y4V+k9sWH9obEZWo5Ez}`i2ST{R
zJxYdB0$wj7)hSWDYcLCXGv}b|*S&Bk>|NOU!RGD<;tr{|dIAu!t7nu7infiqRotXR
z?d&@IZRoYn%XQ8cp>@RhF$yRat;2iFqKyP+y8n3e0#|Z5r9X^IPUF?N$hC%4n8_IK
zx!8Px5)K#!&flR{Wf=gYy%VB2u-p0w^ZG`t9t|sQ5yelY6tuK+AmfrckH9HX1W)mj
z2Kle|I?a0_;;R5t5$uy%`yml#Q7ct%hjUPYMD<kI#k<vLJC?Tu?rS@cVexYqGj3vZ
zd(bv+D}E&HYw^pQWm4A;^8A*G{LvdNxx;MxEEcLPVoTh!Y~S5Dhh<cE#u$Y(grez@
zx9tOghxm{n1=ZAs_>+{i02RhGx-MAy=EKBZ(|1kcdA@%^MvP?t1>FS_G$l!q-Om;^
zX_fLVPV(906-7N|8+qG32-^uHoM$RY{`5Rsn@N(9*ad8!;%m8=Szjnm{JkL^lJ5%G
z7|lK|F+<{MgZ-Rkx1}8Z4oao$-*gYstJHKsiAUFtW;=Ln7CnU$$6${R4T(U!doc%Z
zPXDndZEYB)YP|~ysWfer=ePSAKVfL{(_CPw({^pX=gTNHw}9l({lUms9ft)5Q_6b+
z8mb1>zYSCV_H%;{z6!SyWSlLl3x$r|9Gf+|VB;jojVNL{mC6S6IKr8MAj0r^y|-3-
zovq$T9)6Et8v8qv<mgAay#eWWmdo)8(`yeC*$`HR^E8H}vxn@d!d7FGet3kIUKYWM
zFqCyYFqZ2BK}NJ!RkswdVaV*Pb$Q+CF#7i=ex9crtv!0_mk;eLBf%{pKuVVmyw3?G
z)C)1r5rc^F?!H9+&pJ*B8%mL9_3BFFC*K`R5qHIc^(U$4Yi;~H-)8>Z_2SCtM22tl
z48FmBITeo)mGofP-RDAro4|^fc=krF8}Y;NB*P}m)$6|t&o|4y{;iQ(yB;032dPrM
zO(bU)>s$rTMSl{^Qwf+5*y}S?zOgBzV14sgs5+*?RS#XYI~g%{t4CQOIcv2)+Rs!O
z?LlkzJpIwTXU20>8tHG;(;Xhn&OQq1#{nRUQlGQU+m7H6mo^^u$1Vvcvo49Cz<+E(
zI4jIq)<v`s@Dok9p=Pp56xJ=O1R(|mxdxGMExZYM<^YbSW?7kseutaT39)tA0*uk1
z3cU8Ylxm4+x{~=og!A0%$&)QpX<rIw2l?SC*~go3-!W7$iP8^aJf=X{RF&ZN)<#eo
z(BSea2>CdujYNzlCN{5(Cl)-VyK5xnx2)=8OIN^D^Q_p#_)~1%qT*#O{WV;i=gyez
zN`1dRs{y{%AX<4mg|jJ2GoM2f#V=AwU&nZD_82ndBgCDaS2b`c(2xx9W?zo!+M(<6
znUi}pc&5n-J}!lUXo<Gz-_I#j2DovIGYf+8a11WM`;NwygU$he>~TDG!i8Z2xCGPa
zJ1@XiDRqaP=7!q$rO7>co!cBQpTYl<OR{LX$K$r4Xx4(rwgCLJj(vE;m|9E2<e$*K
z@636UI>IG>OH`X;4~2i=PziTjN#mW6;OyteKY?FQQX^H#;Mzz6pXQhR+F5eH_K9`~
z#dP4>e#Iu-P$7s=8lOQ9n>+h&_ew}=wX>Oc$0x?DFxTC%>?X6rRCHOjt(2CkI8?R<
zsCdEdsb^qq_hJ4t9F8S!?Y(;t#nu{u3rFDN2)0Ia<2fFpKMWFv%E`LRUOV(d6>#dV
znEX=92F%O*=yh$DOZX%%G7=Y)J3TTDx5Rk4ti1Tat;#0T=Q4kpMX|TSDxV3X;F7pC
z@cYOF8y6Np{QGeE<mG%T>Pv@V$ajCKWzL7%Nqk-XhxC%Zi!VZ=!3Eb=G4Doo7MLid
zmrR8_(uAa#n^rHd?fWq4)z0ZkecK$1hP~+B&uuTD&u_=(0rypuR@9V|UMp?PA&n*3
zvMf<Oum65?l*5k<T+?W#_T;}CrkI+{2mI6VVvN(t*x3~lyThWg2vuK=omWfp4e=9*
zL4kTOvJ%y48h}VzWoctQ>EPF{=1z&#u8PYl@P4z-_7awM`IGH?Kk7nfH58$E4QZW;
ziQhJty=$3dAinB67g)3^r9nm7qxfrORYLwG?j0_FaQd_YcT+tIwZxrW!c*XOBnmhd
z<;M)`2ISfTI+LA-?}zbi5l<X_&J}gsbJR%UefF6_mBb<)!8>L|XGTJd<hh#E#vL8~
z?Clh{Ht5OzTIqa|USWS;|IS&+sJxxZQE>s=LmRU>^i99WW9e9f;NH&Rt!X~A;@|j3
zCf3>sqEV07k!4j=kXeyrN*FvibgTSS>+kJENwvrJ@#LjcBWqwNvRF4kwEPk1)~Mt(
zCB|+cGtRznyOns9ZhIv5N9d4GwjXqpdh?9z9t|<EC39f0NzZ++njfz!eGmQAkj`fm
z!6kRv-tscDapYATtpxJ0!=EU9%6;3<L3H0Itm0M5S?MiTYRZ&vZ2oL|w1MRky0m}p
z{Z#&UdSS_OT6*C3fS|XoDt0hY_UXGJ<BGdnlFhKg`Fe_Fv7qa$fm@q`&otI@<Qhzs
z*~aydhIUgSZ@|KjpYMiVO5N^K=8)*D)tx;MHOvR=rF7ekXDw}w9m5b0crYeaVyS#(
z6HcE4J@?BtyX5!nKXwzznJk_VBlqYi=~inRUQHh4bbGOtp+R6z((XNQ)d%s4VZ|n1
zo;GttA*<qL<LghL>5v^;o%!l(=&LAgQbL7*%W&FNL#RWvqHzhIry<w#Dr`h(jcN&y
zRI0_3wd)fnpd1&Fron-(AaT+<2>0uzrd|_c>juhQJE906!eR9<Y2O7-G`+d5bC2sf
zJ<7cJCd`bh_tF@Vve*5Aa#ZnN4DGVDqCIv3uQjTsm)`no-eQ<qQQ;t4LlG?X^K~);
z*`JpcTAkvukWNqeX%EUyK}kl_{cd|P&Q3A;&D(V!qn8g}-ebW$t`=nSJi0QTvH7Gd
ziSe1_*GAIK2}PY#+*f#waFk}N6*AyPck3$Vy)n3<KH)dW4H7pcM?A>JmB1BDhU<W8
z+Pu4MW$kD&YmAU~5`W6!3RH__f4CS<_jEN>k=%NaK!w`+!P=_}Erdcta6TvT>Di8$
zPK}#bo{Qd>OP^KYiAQy1EzHU{E0*IuU^VK=d!Rd2Z8r7<hO~6FfT(|1157qG>;?E@
zAA5O2`Hzbk=jR$+Ig&CZHGbDdiY}(s<;E5-bg)_jj^ny<9J~E~e{AePG$s#AA+cQX
z$tn~NG3X)r;@$vmK#vxK@#Rrzg5T`axR`+s3B=!<RbwAcV*WqDnKf9@-vG^T3}NHv
zRq*1s?K3W@@8RcR(vaN~?II}y6D73Ql`D8t-CjLB;x2A+kG`1CF*e=$^!~2z?m-@-
z$?-PMFoi#KLV6_Q3(dl$!y99!go8(KuNPLm)H`IWfjo`E2$!2B96Sl5A00ntF(YQ2
zzU12z#o5m<=AVZ50}bT*i9R6z*vP|8(sMwfph(eN9DeG1L>y5>r;QU*Ep&u>Yyx<{
zFR)%$QoGV)cT587qQS;az{r7Mxs$<3Lnayxnlf`{%@o-U>aCIMY4IoPndemfBvwWD
z^jZJefRn=)x6n^qy^luxRsrtV0i2WfVOr%g&9&N*l#m=8O#E#V7iW(k_q##Dwy8Yk
znIvugPWP<*`6YSDx>(!qJ3)jbv{nS?Ly`%yB^c8~C-vQQX>;TivJ~&;%IOI*#$qsj
zMAkDg>{F`H8||%q{fq1;Gr?Gx0?JmB-c63P`?${Pm7xIYuN8D~5d}^uhWzx%MJOF)
z=-6~alTX;^px^)XHZB{t#RH3%hQS;nkcJS^%NIej%8`pHP|Abp?y!huol!-Tx5|%2
z?T6D<3h9uf8TUsz#)o|d@H;y!%yqSs$N%pfcz)Kh{o8LUYr}`Mpj^EV3dbNAnX>3q
zT|X&aa^j&KQVh_$9Dl_9mIWkTcnWnx8$py~kK3l|J1CB4Um|;-VY=qD^1#2Hk4nF<
z*0tk7q@OsZZTiE-uXgK-C2tRO#^Zi7^7qsr%eAqu?$)}+Y$FW75vB&WCmsa;QL~Gu
zi<j~5uoH^S?J}a8axeG_TG&`g9xB|LKfS+|<=VXFEchUVjg?OrlYR=?bH_fAsvPqM
z*!p?XaC3iA%dAlng``Y0sFA3ce+5UqcM$7AD>ano@yBCo-<k25H~c)#Zx4E;^P+u|
zKC;LS$xypJP?spYMY%V>Nvoapu)X)`;CyGHrv2_Fyx9GsKC#L}MV()5v!Q&4PlUmU
zbZ)fbNp{mZGeIF#kp)|26+d=1uz6T>&k2mH#vo9i`$l^fad@C_+d1>X23!GmD__S=
z=ksu^%p~Lm#=(rx$!EiEt?>iA@Zc7+^;N0l{5`?jz<;A|yyk-B=KqhT^Khs75BqpB
zGn4F<C`t%rWE`R-LJMWDB;y!mbL^R&$T}occJ@3rA+xd_vtysb;W+dAea`QBuIKU(
ze6GvqeDC}7zTfZH4Jh`VcOlmuG1duOuOGYQItbZn+Tb?RW7hkH@c6F@_)9ile<cNI
zAP4SH+C)fib#oG0_OsI{S76KPM>7D$JVp27H7!f>Id$CX`6;f)3e@fGZ%v!EtofrK
zO@1(pjB()VLbrKUKQN=z!Nz@6((AJGV%JUT{;G_PwkL3t&0_5kwC`6WIoT19P&AKs
zKo5{t_PF`Ifc*-GfTp$Y=YnN|F;e8KGyiXFaOy4S$lF(dS)1uSm!yU#9xu_qeX@l#
ze5WQZdSm&1yJYC;ztrs^u>`8>9JZ0onzb~Sbd5D)G0jz9AH1DMRy$i<vnY+Cqp?=(
znI74qvzou1_B~U2sHIN(=t*p6mw0Uoiw*r_4@+I<SuDz0x2JD$w8XuUAt8zd9xnre
zet6_Q>`BB_y@6pPC>&)@Y$8K9k(7_1Kmx?|Z-tQBudw^!ecc13t`5|w>GY~NJOA%J
z8Wle(O4R?iZI_{bmImZuvzS^Z$?|Wgg7%c-Pg*&k<&MAnuO>9&D#G0|BI#^c1o@cg
zqHI@kSW|YZ4=bHD_A?Cu%gi8!W<+B8AOT?ynXJ!hMqk19M?1T=os*UjX<y}5xz6Q%
z*e*n2A>h!zF~_XR<MmOy!)A*vyO#LOm(w*I#(`hvSZGx=a7+EH8S$z$wKU6a`vYnx
zebCZ#EqoGsz&wM0o5}bi;(mEysr<Wlt4#t9$=3?c)|~7H{P3E*b#dQx;`eC1ybyR;
z_~Fa=<1>@zMKbB)(+$YF`V!L)_rlElCyG{lW-&Km4>Zb>?4A@aNc_a<p1V7fbf%8;
zb~j(rJq47^<#&O0MSPf+E!^gZ(6}cxrXyl+-Q_$N-%uUJc^8VFrj51HbSJ_TU)PrD
zGinvA@wt1c#og|zvsi^qW!tI1PE~*TUQ^+#X*lC}v-wdr6X*GC{*>H?gQ6llVXSF|
zwf$G$oZ*5mS%fCEm!YBLZTw|#wl*mio^rYrF}~6K&nFfZ{8z7KNXFX1;x(U)lQLa{
z_fx)uR*PT4B$rAXX3w9&cMy|Oom3VyzT^DvJ@AbwV!t=*9Eh<(9Q^JLM;02r<G<Yw
z?~yb6CNhT66uv_Kmt+&gYi=BEwz8ej%BeNkqqLfE4X`32sheRndx6|Sy_II`{O?CQ
zap9U|!G1+UQ&<~K8sqz><|YvJNLhqrRvk6$BX=t;1LJsgs(1%nGlqN<3)P1y)?8bk
z$w#=pY>a+}<Xa9aG2o_IuF@B~ZA%MHxH1tj#c(-NOB<$+bVwH}I^eP!bZ0(x8uxHF
zu}SNUw9Y7*wLH&FPQF=xy7Sj)Oj}>>aaD{??$DRbbry^ju`QGAv#{X~qk7;J&ZVUB
z|1K=!Jj>KuKi!Wo6>w?ub^8XkkeWQ>6R1@s5e%p`_WyhPbNtG6vs%ro`h8xbBm~{v
zkH2#5)NvMmd(whR?%FP^`*PtXTRzl`)bD!Tw^3A5SVeQZ43M}O>i(XwGZCD^+*GDA
zYQD4#hwslrWq|-8T?Y&~&0%n(<vQDAo0|-LUsUD?iy0m~t*dcy5=?gS#A04#5F1J)
zHt2eP@P5uS(dJ$b?SYe)>26QmbOf<~1R|=&Tl-1F-h^uN+8zZ_ykqAlA4sYVtUr4*
zO^wZtZv85K&-wuC-^bd^+JIoY3cc#_c(8|sC0;+H+W{tg8F}XQsiw~Di-^bsrjx?S
zcoEVDBCE#k4fbQ@nN=pP4H5Y-)wd!B@zk+*$&-@-hW3Tjg)U|Nyo66N1kcS^2th#l
z95Hu&0&WJhxd%GMZJ+k)O`x9(s=DhkdF}h@%qXHl-><7)vSHPK9U@R9`jCpA{d7b>
z!Es0F4gK8jI7&5wo3?2HETqBA4l?is?qyv!)+wW9b!u(OSmu*`F0GN68j31$B;<r$
zxM~gL(hxWJV}m^$&wXYI(;O)*D4Ka7muaXG4rU+0XK33VNn%L%J+^e#g^1XD16myx
zep^=rl`~|s!?NHKhUd?u5OSUfTeA{G$Jbe)uXz;7=O3-Y6xJH_J8^>_zy!PCYzWm_
zugWKSvooXgTgDS5#nv+^F3tZ|HUnqhF*+a5R@0<}=&ota_o{HovnYM#EaR%t4s&2*
zo=hD7EDbYEwm3zMz+`f;qogXSIb&w-YAG|SfVvNhE^p?UBhrd*NN9y<POxdo0!uly
zNsuaw2ys~Y2z8YWznT}b^%5)M%1TEC=h>b@8@`l~eG?9o@yhMtw%4%7QEPB25@%?-
z^eN;8f>V&FP99HEe*d)_fd1)BA!Eb`8E;L|e$WfWY;g>?qrTrB$i62W`@Dr8tknP>
zmDo{r6676D4Iy$H#$gyn%@_5>q%}>B-gKF(YI4(UgWd*$OgL#k;rUyc%W*<)0rks_
z1SP(loc>b4OB(-p6+Y3BK0j!<DhYV?ZVY}4xbpPxGjD#Ma(y56;gb=wlBer#>35u8
z#Y@g?E^gOd5D>cR^27P8NL9DLXvBGGv-(?0>>`YVToPe+5Tmd_tPR_p1l5rM{@d8>
z;CfCM2N$y9jSFeOK?9|9diFyuA;k&nO+fZADqKFKasagB4K#_5Zru|D9~eA@iU89{
z;^LHziianvM)k1+Vf+ujzNRS<aKa%CW7Rh&=qz`^oJTw1M>7yR1^+!WZ7E>-=3e#V
zkMAFm{kFqQ$m0<4w^BKG)@cK7nfZRY8F=$p+9Rsqn(JTp7&};NOe}g1_JQ1STG*Jo
ze6Vk4=`2OQFVlv+1zwA6h^OgLlPcIzMn^E&7O_uZHkG=HL1Yr})JkLa8wd}#gRQs^
zLQc}5OXp8mKMs5?Yv~z8D3}WhO^oQ?tVC9nd%P|MmP#CaR!S=NmSB8?Ovw{>f(QuL
z!K^O|cMqm>5vZ=mow%9c)fX-^-)q<It=<!Wv00ztXt>%g-IXZ)N_y>eWEItT#f@W1
zj<yJ2=YVzJnWhoyz6X(!Bf}Dab}gA;Y4Ab0ED7ME&O$^TGb7)Qz%-wk1Pk1GrXPqU
za)|8a#=1~?pXHn|i^3K)H<hbn-vOMdm-z1<I{y^-$EXv+H+J{;z-zU<f#xIysO4Oj
z(yD!q;03<CGh&#h4|i)v-j!V%Y4-frEVR@{8+;&{qQN%q_V&hr;an3NYSviL)^lL5
z`5|KVdBOMJ7h5n|dXLl{?PCRi*&k2-$^}1_wF<L~{#JhjvawsrNh4+Wn`yM?;yS~u
z$c9Ce=LKJ5hMgdlkKzd0-(vL-D{a!$?@7Bp#d+9paQH>-yptX|Qa9UfWhm(U=hNeT
zKcEL(FM~QRIYS?MPQ3Va?|c<!KHB2F)n)ysUmWfeTnLtP^^Q5E4*btXUu*pt35O%x
zgs(j>OQe%9j2M*q<&w(_5T3?50u#iS9F33INCbnGCivb$i#0Vx$T-IudZFZ@bfuo$
zy%&qmXrQ6Tw8a;7V~`hOC=x%XrAOhlG}<XlH*eb-i2{d1r_V-KEc(6hf>2TiHT4rH
zb@vb=*9PJZ-t<l@d6QWF!S3?(1buktzB~}MCaKv{{`OxRYyK}Y&cpF~@>9#A%hB7b
zp{lbpp>n|m9rXcAS%x<{h&>}g+?k%g-Yb~22321hWwe{B0mapK{E>-8c)MA%!aW^o
z5kqpUVlA59NW|J+DmU-=`RLertaYGAwQATOhPnAco41rvGwEaR$te0}0QsBq?fP#4
z`@f&NMvxw0UdZnHOOxB?UcY|8s?)2-G(sMBg(~E#C)G?^)yQ`*nLoDd-A<?&;GeWQ
zZ?CQp9JA&;v}6@Dk;S&USze;chOpdTQ-KiJOlP*GKMO);=_of(btS|v(lI(5&a{a9
z%GB`_hCG)-m_oh-Xl49!KHT=F07Wv6T9RYzY&162V|@FqE|O7UCn2A%>%oBq*C8v1
zSvmHU5IIT<ex_#<06MhgWO9e>CPuKg1&WSjdD#5d{Ki<P46*}%i)iuP_EC*%9|7b{
z>54u&BTDW)i`2t((lUlIFkZc*67;v?=wyxHkCt>-6YOOd>*oRQdB7Y2zXd2O=~#B)
z#p~NS5pZ_BLPV#=g295RirkVs=Epg=doPCKPfOn`>aGkyPKBTPZ=<jA4MbGa>Ai-m
zPS<tNv97jpev5b;(gygA)0?dr#*<s6jTQL`yFIWAdif@@pX%KNUhjx(%Uv7uU;Y6|
z%S_+i<9h1|peE05m^C6E%H+|qjlYv4Q$Hp8(ovgg{#)6DH7OD1JV5btP7GS}j{^R0
zHzIeL>Yv6}KRdL)Db!hXzNLF*Wwn@d<+OXF)4lwvcNE1siF|iE96L91F^m7{z}ji$
zAsPo}Tq)P;EEGMU0d*MOW>5|9Kj#z&9H=8%*sYYuSD1&!mS7K-?(fG7<cZrDzA|(o
znF#taU<P<<WXVr-@5uOWUOJ=(p`@uh)&q=QpL}nycpY~?x|jLPt7M@U8|D3?TOkXw
zE2nIb!$(mg`=BEe%3R>2+NzHE^ZG@-5VjCym$~Pm%Z*PHldggCNY+h@duLa$xx9z=
z1>5*YNorhjXk=xix!0#YJXgv8Mq=s7F=Vi^N+o^O_vqA`P)&b#og<<s|G5_%sV^%F
zI0qACBhA*Uuq`WPEEj}d%%MKoT%~|7KONbVDST>P-}QSP@#rI@!LJ=X)_&0o5q?c5
zM4JmtUbj1diuw5PqSDBx2$jMc+PL?^^LMI_Ts|q%S_w%9Q%Y7?ZEg?@)Xryc_elIt
z&@Sza9uhj99enX+sb(@>{hvF`kdQKYnNK6O`D;|%T}BS=(9fG+5L;^q@#6^U;%sB|
z*EOf|-1bu`5Y3=@eeXiX@|$I;mEz|LWd_#+8t>kBYsXPjNM?>>ym~jASkg>Se(2{^
zU=}$rdRW?<Y*F%}gH}=7_XPvjB6(JC5BPbVee#VxlyX1LGSUw0`E)4&wa#^fo8g7B
zAlq5N<0;V;J1>Rx-2+TD!O+f#bE{2i9%>x}dx@Vfmlpv$$S5YRM3{ZpkKQTKi4{!!
zC)*gs0-yh=GjJ+I@js-RI8R<US@u}&mmhopc6*Pvt6gF1gOF*jrem8TBq8ar+JN-x
zNrSy=)EX!vLYhFxr{Z?!Xs|tHoXnagcW^?N;WGYaYiC~h`R`5F7~_+6IxjsEm`SIQ
z*u{0hq1<D{Vv1MfnadVM>Vc&`(=Hp*rAJx0%y%x|qIkKTbzg8PyoTe!L*oLKTrCB$
zNjg)JC&!kf>7>a$1+U{vi-e+r5R-9iAhO)RU}=aXp1c(FZci;IaeIki=I~*GZyywl
zp;%*P{Z3M1PQDu`>V98{9r9lyB~1k<M--o?*!}Wa<Lilx{6sr$1scY^n+}b8YjSb7
z<Yl1|K#9_muj(fUEXTq}uDF@R{Q{bfILJ}S4M)gfnA5|oG|>x$>dRfv3|;>X!-sY`
zJQ{9)`vdNiB|oBIRJjwaV(@vr^_-uQ_nFOpV}Kd4%7Ml1ZPKN4#FV3QIOOB=GR=O)
zM|@~bOCwZUwcJo7ntt5HG_P^_DP%SMW_j}YRgnJK-lm_t))!aFEl!!i8i@(9sIxli
z)<0S=me0`?t#hsws5T7ayF^C_Sk#}RlTk4~){8me+h<lX5-RV19n@6ZBV~$^jz8Z&
zE0eI99i;5nnO<5D|FlO7-PL6hd5jN7LtrnjNWbE*es#j!D{W1UrykquCzy~8^&<(T
z{ZB*o{Vu3F5%rVrI+eUcd6k-nT)W^+h`_ujIl3t5x1Z6~*V5Kjd9xD2N1dppom5TI
zi;(CaZnaSmRatT^k7;;UC5_S;mhlD`HP!r8m-m+%$F5m%xpbNqbG`^G!XIv-s^8lo
z-C_Rri!D7DJ+1IL=bF2u>!hcqL#Hx6Mmlq?)Q+Ej)P^I=H0(CX_Y=1mtfBPSpMxx=
zZ%DaK@*<>BD^s@Kfg0oLUMwc!_mi}&!Ux93rOe@ji=KJiBUrnDdk5eKCXVDK;~9S3
zK}1}(SslGj9}|eI0y89yV}g_I;C4u}U{sef-fscf<Sgkj^CL}2&FkUt`smsaCS?B%
zdH8mYZ5Ap`Y89)#{aA%pU}P%2$&=na5xp*gfxe9YB@E`uQKMKH=)aUp!fk95K*}O;
z1^(-!ddlX9=Wk|3_h_kKS0O%TgG(2|hkNFmEsK5Yl|*>VwcE`RKq!7y(!ceIyjjh4
zpNlZOuz<jI9Zw#@iR&Wq`pzbPlNT!?epk8<E~ga$&{&s*JC7HoKp$k>Z@^r1ez{7%
z5fh!v{9oMukrZ$#aQKhbjwc~<^d+<>Wij;Z`*Re(HzTQSix0x+$qI4j!(g%$L8(;?
zsoP|Z;n-UU75x0`Vp#R<4r$m$D7xo-97;2=B^Edh7>EGg{B^woyX2Ui1&H?3z1imV
zIe9F|hg0ryP*ftMu*I_j2EA%o1x0=L??o{|{P}{{tY1TvC+dsBv#8f?@jh5P<@As{
z>&30}5o1bWV`KCT*EIFjUjMKruZ<lSi4R7OU6M>qAuIuKwiL>f{)8=~J&};uwako3
zN4=MtcG9m+WSJu+h>QefH=_Po?HRsu8UwM<uXVIFTN!@cFQa&Xxr<FPa0z}k(g=5`
z-|u(*%1FIyFaxn$N^Bl|27huMIf?o<lVs~*TIjJUVo8iQQ_L}HyVlro8(w5>^K#jL
zUR0O>Qzn}w6yd4VdfC;1uR2?PasbI*zSw<a!22TV9mJwR{=3Tt^u;mh{kL0tiEg?V
z6S{n~E534o^Md%5F_K-X+>DgXqVyB6uHWwsXcDysWlo_edPs#j+LeS0^ux}mFU^Ev
zTmB=9b;P!v2z<U5xCz+}P{LT!5%hkDk)_S5J{J^@?_y%E<oA1$71N&Z{k&xOJrW6$
zU2W)yBbm~<HzI>K|0IjduYB67M{YtI36*}YMt+|z&;0l5oP{Z7Lh0Ylp6%?%pRrsq
zUa02o6DFku2hj!_wAX-wRB(2j*v-9S+4sR05^kxNrx8&rtLq!sd$az-rnNU0w>zX+
zk2y&T?cD~YeX%rEE`*7ofGv0t{!dNHjaz$E-Pn<mvgtloW4L=f2Y&oH!8ze@xjThd
zxqwVuSB`tYt@rAZeK%eo?XoW33!P*YA&qfrM89=Nm*1-!wkG-{`fVD&U9hR3Hnig2
zXJ34dnHsUaD7*~l`Mlyv9t@shh@rd_OtM3=z(kbEVmowBk5e>z4<80ye@Gt0;g#uQ
zD5!#K^aU1jRzb)Lkc4MqYNe_MDeIo4)L0bnPP;@<t;yCDJXvtE3&yDNxvayIi8=lA
z1WPb)S`tKtF|I?9=(8z`9lQ^sw3;bgW#jtubVWx-Z5NOHyKkkRAMA+gkC%kYEXgqf
zt(P9TzWOklf{NPLJh#QCXKcy#cSzZ5g8krUnHA)QQSc#l@W9JW0O7TMft55Uv9%XK
zz?Ul?4NEdDpf5<JVa_+eqo|t){||#!tWGDsBU&3Sh~DIfIamNx#@_#e+>lGdq9C5S
zP3Sc%Nzbp^>#fyyr78xF?@#1;>IiySIE-PLov8DuaR`*A?*sgc0o=6INF<)g;Lvf5
zJYI6I?vB3z<8BUB@0f(O3v`$ZW1mqe&DJ4Joz*M)y7&NZ)Q7`rgkkB-`BTff1Q}v=
zvcpxi`uh^&(`9zEqMi#l<q8&^px*hNljY2l_Yz=3L3L3<b56r{(s@FKWU}zq-zO&&
zsx4SdeDKl}@%hz!*zIpNTxr6tucZKMbMdze$S{n+pBOt)L6M6E0g;y*C;_4)SD<I)
z_I{Lx>9yl!&#W>qi=@5yzL9aHyS$h#A)klwzj0|NL?D+EgrHiGdj)jeP7oYQ&^<iL
zMBabo1t>=G7U66GWdH{~z?_J+?V_R?Ahs(WGq3|E@~H{ZeG>sAf5FT;ONE~HXgRSS
z245T;(&zplH1Cn!o&F@lVzlLaq%_7m?Afl0sW-Q5b=Ro*=<#;}42#Pz=;BaTM$per
zr1Dxag2@<)5u?s_ef8lKFDmloy`!8tyO_<oJpJ8VhLO=uCjCTu3z<LH#vdC?I1%^K
z#ZX)-L7f$jddtmTl*cdmc>HS93jLf^GAyT$&M|kNTj_8pjnA~~)eJ?)4gy)zwz~a6
zJsV}#cyD+Mt?n?Zsziv<?>gHTKOdh*Eje^2s$uU&%KdyFs-h@d6dFKiS9)w}K*a+z
ziyfG?%Rz4BM3iwZ7^g-(FWHy+nKZFm(cds(`+{uBq1t$A_J{xbI|0UCnCdgRQTe@@
zE0-!gepPXK4LsGC$r9x5%$w&$n{x@^rl~uAF3yE%OV}hkFlNVKn9SsYn}YN87{2^b
zXbesYlr8XnN}b8QJw*2?J7K@IwC|(1A}#|+KDB3WsI}<;0(^XVYp;zT^NWbtD~@I<
zbs=W0)FJ{#d?n6hL=Z#=eFAG~;QO2piGwzni~M;wJ>JkC7YDEf`&)AyF(GXI)&0cz
zo$?P)C3}q1SjEV-Vqxe&HcvK^axXdxyBOpfoh2a9YtnK{7jyTaJ8b%@+^|WM*H!Xo
zj0i`>=|^i3^Qbh|G<pRsFG(YyPjyX}vLsCvgJJ0X+9&MJs)`?Ou??G5-6<-qFa658
z)AVj#f$uNZ$Pe!FFLGB|(g@Jx^-oPqs8kN2QEa)#5=ei9>P@ykmVVvj)Mi}@#$60c
z_)a;fOYblEsEVGPKuL<iTFvh#<yWj`pS$Kh|Ln&>u3UW;#aiTw!N=+&Zd3_^{kSl8
zP*alj9_QJtOPQg?G;q8#h-3rKRXZ#D@6n1VU%*_JswR7_`t?Os^7i16TCCMQ{pDfS
zcT=adnLBfCe^2y5w_PKDR>{g*rM$@b=lso2AG~MR{0YLvDKKGXW$R`cT^Dz9_D16g
z;i$xE*rM7sB)4(rx<%t<B6BG9)!A~4YDBtUM_5_bQA((Ou(9Jq|9^}rl>6TJ75U#0
z`Pz$oy`dISPt<}pngc!B$TsKS;<g!QRidALse6>l)s9!YPS&G`7wjL;+O!|LZbKYz
zr7yOEZ0*}G2|OyTw%8O4HuZ^?v+vF<vIRrIHkB4`%9Uu|laFk-_G0bUG+7J2yB0@{
z<3@EP&K}+SlXE=l{N=pFl{;Q+ThlLI-Y&BPYdpS8#1?3_a8t9^Nb0<{cVhgN#$%em
zJ?!f<)N+d3p`)HQ*$yE#pY(98+7@X4fr)f!?#G9Pf~#e4v@}2^Zj7%#8Ou|ZEGejD
z12$$KZvA`n{$7He-08DGC;Z7F6N@o%Bt?<q8l(Q8%zT6<OyRiay@w6yPCxcWDS0qS
z9o=g(qOjco{PNpvNR|bkOW81^&abh){qlPLM=qH>;`?YsQ~Jm;)ZYr78J|&xlmHdJ
z7)v6n$<Msh!F9QfhDq~h+PPFKx_YkXYVcZr)E%U*=21Q9dpvlPBJPP((=Ree>27`D
zGU;4*KJ98+%*zdiQt?3}-CVG^2drFadi~Od;RIcpuct%Gls5ZtrhT15)U)o{L7wVH
zmM}uU_+S3SEt7^=@MvS~N+R#rUtEe7U49CWY{CzUOwMg8OPqIKN90OR(t9%JC*X3g
z<kzhs$bJ88i0h9j+T!Dimv!N{PflR;?>U}IBC0Ud3nFU~3Y=WU|7Lk;D?UlhlsT?U
zOfrZzh5a{ry~T%<o^TLde`)p}`cgHxbwA}A$bDDhn=y~!<k6iI{}-L4Q1M~iZ^>l+
z+&d*-^mFgaTD7|=iBmOFwT5u(iKQ+2{vuv~5}c_+7%Y4E>4|mM-D}D>Dv2KXfs;Y2
zNLMgRD%}`Z45CA&4`fnHdD=;?AJgT-k*HVtn?LQhYvonxmAb7mxLuQnS~9Y}gcg%8
zq~5xX>Fzfaf`k`WKa<uLueZ*QCG_jF9uM~CZADm~yCcgxZutSKME9_1F7C_y??)40
z{ya>Y8hn6N?>Awf#xNf6L&PO>J@6TE6B-N3P-xUdD3Yb?9JPDHZgR#i|AVMfU0Cqg
z=l{`3E>j_@z4Dc18*u_SRVA$tkK<O?+}|FfEq)?o_id(9u_I<v4oE)SPY!qMH(^X~
zGM}Lh^Rfr06R35L!g%qkDyp-V&Y{;!C+b5=J8)#!Vn4-eBxPA$vGAp?s<P!>ry0Sb
zLxGj#Zab?d1^i{|hqd9%s$;}yZ&o8Bm>f@X9W?t#in+1|15QI)eXO2;@t8K+N$tk@
z4ZNEBo;l*$H)7Ngqc;1m#tnmH+4UU%C{4433p?HhzgJV<U+pp>i)B~ee!YDA><z$H
zx0Na}?M!B$<oJHrHT#DAJSsH+gX}r}qK(bY`6DfM89Dv(#1EM(XXD^d$Mb$XXrF38
zn>$3C9_xK>B1+acoQ&sgz%wDX$)Mhm@+EDF-cHV3hI4nAADeHP#0VxoT(!B=c*ulh
znMr@Ja89}(aw%MsBplNv><UrdPP^hV%zBfII2b{!ljJtqI98Y9e*EB-iuNS_@=v5M
z5d859*i~sd{90N$>7?F1Zm=$#&0SM=8f;1hF1~j6rdspvUB5j|Q@}W10ocB$%U5T`
z+a29SotwRAGT)^$u&n{t=^QCN8Y^qdepcJSl^{CqvSCdX@t7GJ|F|oUj57Ee7Ztdz
zutnusD#GgND560#G`41s8^%3;T#=YNf9I|*O*E6l+p|nkm##!>F?GZ}Fr)jDa2!?`
z7WS4qwKT4fN$OrST}}9=*_#WgJn5J8hhjb~J+eCmJAGa)2enD0HoA}=DV;8<`5lZd
zQZ2QFu}|KTN!TMs_*?Gbg->!_O*NwVL?_Yr&LSds?`9SISxR=8Ng`H(WV<Nn3v%nN
zTVVLQu!E^_u%XCJ4h;&Ag>$bA*_76F8+n*7*7;{MNAS3oGEU|6+G}2(dep6k^yvn~
zMpMT%%WQ37({la+(8KAo{-Xaz?ludaHQQ5+cph>wgKs&IlUB=p7_yd5svHz}XGlE(
zY+6K1!<iPZqG58Cn}vqKh(hsEm%r$8Z?J&z-$?4Pv1BMA5^WV%iTA^XQ^XiWlI~pM
z1gA(oXVz&{Og_z|4d%JQK*_7OSH3d}C5~%gYi0;dDU`{vzV|~@M~oaq1%}H?r)Yi~
zzx93W4FrR<6nwDBjo)a!3qZp?o@*u~1bZF(t&uMOc(o~lQ)k3^fyYpeIz2ew<aaU|
zc-!f1b~a|Dx^?mZP-TFmrWduhFNzR1_Zuhg?=JM|i_VVOh!AT}$2a}@6M8ic-M<pA
zO|R$ziA~tGLPXv5?>;-qDUH>lL0@L}6Uw1K)X+dlR@#W@El&<GhIe6geizyx>frg^
zo#1EZgvIfNh2Ya9SGrKPp6!xY%t}_fR9&VS!xG^dt)=D>_0jF-mXF?kLgIQ2?RZ{~
zJW*c$7m!v;+Uv-&A}sl&(O<RCOTt}VN|U1jRvFQ*y!KkLpA-;!A|VRH?oWZ**&U!_
z8Y3+K+hIt1(7q{d#w$VBa3%)iLj^}WxRC0gjUnI@U}S%s+4G*f8Bc~!j8Jer+Nj$<
zU3?mn1$kX9xA4czdMhi-=3V5{Nu7<j)$x^@M2)C!k%OF@Gz*{h>(yR4W{6Ic#><0Y
z)s}@e{yP4I1)`Q{)5`&7pS@tO(ReXQZ*U!Tp}9kS!FzBC*WI-lYYp%J1I~AX?OR~9
zaI?KA+(T<Sh$tyNur6e_O&M1?p;I0mu<tq;p>QNO-hFvA=VM$9zf9&Kd;Sf`TC2bV
zk(f%1JEmiUc<pJ;6rZ=f>^`iF!_dnX^djL1$kS7}8L8T^<@mUF`6>r^kh0P{5>ahV
zb5V_tp`0p!3Hxab=ORy0LE{|YyWM4BX&el-34i~m7UqBS$#iq@-lzSr@WvifvJShk
z#bI$W^+@^_hd!4=s<q9}LExJivhb@Q?-!5|#a=O+;tT16u%#06_F;d&NzQwj)8G6H
z>Gr(&U6dLwc;Ntx47T&9<4PLS<lSHSHD;77?2aMuhQ5hXi?;ORnh)V5fi2E(dp-N~
zzY-PANH1R2J#on2Pj)2trXQ|V?L(&Y(9s;l5lE4|h?+M>*6)45!HX^VsIQV3PLB;>
z5IX0Ri1<01_K%o*iSZ|TD8P<{^j%n)7Sv1|+~W_9J;Z0!sIf?=FN1nBFr+Wx!d1Em
z!@R<-c;*}E9v|bTUiRg|S7SNukvP)#4wk?y93sEw3dC$S1ITjt@kiqn7)HYENH)g7
zJO5M<;v!Ee`^B)Dx{1&dGUBvQ!>zoMNPGzFLWwTYWUnnC(tS4C*`JW>*1~etr*W1>
zhjGq{H-8^ZAVUBL8x8i18<^z8Hc*(58M(KpC_llT<MCIHZ7*Y!?}0N<LPl;V-fAIa
zCclGRoQ#S}zI7;Zf)KU#Dq=h1yFwCux7XweA}g06Bk<xW-Lsv8JhNhjoLr1^z9nST
zy&qfYN7&7>4j2T(A{m;N1*c$<U2>=uR+$uDM-s?K{vmDJrwAAJTbdytsJ}g1d-ly=
zy$DKV2<hx`@7Fldg^!5l6H!UwJ>tEp*+ElsnN8S_NPs}$Z3Is&OUfuGE{2U-zP+`P
zlQZ(+64NE0pGvMD+!u7KDd>ni_cUmAT3%#+0-oHbcnL9UOIqcU6W61O{el~(zzK{c
ziAM;%N6JA0ZB$O|g|>GMG6)$8B@@fi6aY3Jk8hs747$D0j*h|2W{fX1=0Y8xmX6iT
zEb}?I`pRLuDeg@+ORd%OwCl&umAEo^zlRyCb$?nqo7!{qOVeAeAEK}$M}v7{opjne
zCQw)UqW5>8>sM%vB&hVusKqB?x~p7C6b;|Dybg;4y~%6-pz&vztlp;1^}-IRU0v9r
z%>nNYY=!>3*g7Q3l|>461*QdI{&-_XY{}rzW<WF@l8zYp46HgobtSRZ-)G-T5$awx
zrVrQh+>i{-;{}NI0GPyusr0XyEkhjX%_cy0kseEJbCt@L9!sr$UJKz@@)IgI3Fl;Z
zntz#w?0rV(?VyltJFoVhL`Sn5>J}v->`?iyEZl3q!R8P8pxw}Tm8@MA**D;N7)d!<
zjWu%p*X+`+Q0{vxCDaM9V1I!Sjrv@`lvP{+3+im3_#D!g&3(+RD*)@D!MhPXBo1MP
zu1;S(0BDxMP(hvI`58ilx9DYV_&8D4_u=j<Fa+z4cdx}Wp?TkKv$W>*thKkJYFJ)>
zBe&p#r<}O({L4+yyueQ62p&4LqEXS>I&U5NuD;`V$JOZJR6-)BX#44_ihpuVgYsWt
z*h+}b!8fhEw7nLxA^08vsia&1FPJgIm|?}@PK3cwG4i>&%j9$V2ImaK1R-8?wHr`7
zX<$N0oAtD|8Rt@-><OU>Zx-&`>Fkzmlrv3G<hWj;=b`dzpq*%G!aYN0J7`I0e(q;8
zxBluk0_vBi);C@C{4_vqYf<g)zS#cpHLm@oNw9vWYIf>%#{R0-&c;0>0J(s}+QqH~
zC<!)-eqWkpS3fOlPQL5B(o*YR^`=CC)eRlSP4biyGZaZd$*T6ji_Xt_?pjqMyNWy1
zEnklR33`G0ejVX4@Me>EI^Cq3wx8i={f28fy61lD?Ol^)RX_hhJNu8yuZ|%m<07Vs
zfxg$#8_x;0WD8$(O)oibGiacYf45!v^|RPkdB{L8oiq61bUDTdTI;7rnFfw_cfDv6
zSkCzh1*W?v#nUbGNLAa-JC>Qvh?MIVjM8p5bAwhW(J(upS!B;CxO<nt)3k<&r}cdd
zJk)5m2h;8nQkK1ye6RWc#dfccb}RA+E9}fM1{BJ_xR2eNGvy%qD4|p)@N$Swu`5^T
zAKQ>Oj(n7?9}FvG!J}^yRvGz@MSjEl1e4I!2SFHlz+4vY<T1%BjYW5NX<iTwIKGDC
z2v&<Pk^iO9WaVrb{-AX!V4M~=-4^PSKe^o2H5n{o+Fd7eKRJ}mXnI|J#4?nFb=d4J
z14N7(WW<^I{lMX`PM_fVGK>{JNhie5-i>#`-@Mku3@_i>L(g&1Qq}s^De0<SrKRyp
z{33mx{<Sjy&jJvIW5cjjORckt2rx79=Zm^m_6_TmxY)9S27$2AX=Byp&gN<Mf@95!
zp*H-H>$>Wzh%6Kdbp#z$+EBBb$jjf#W9ft<0-_eqtyf9*)1X*%V4b{h3vM)Sa4<BS
zX#Y{}@`G_njM1ZP`8Jjv|Ffp))looqBV?t9Yd<rsn0eDD*Tv|`$|a1F1+E`wE55gw
zXfNp2=%wS3Q=g8PYXUX!e-#-&@*ni*M!<o+(6Ci+zdm?M_z&-T&io}(xLkzKFU`bC
zm}m&b1GUR*E#v~}D+C3zliFtv+Eg^!o;|-aIYwr0Ttjt*o}bwMuz-NPVz)^Q=UNV2
z-F)161orb<M?Vz^PLk<p3GucdqK*ix-+rx=r(i4AZS%LyEZ-l?;4Tl7=zRt7<B8S&
z1cyNcywMeRxzcrJRL)91PHBX&sgE&GR>6*|5d29OI`>C##C}?ixhq-WHl7D{X`j@_
zc<VtzmnM;OcYs-g*yl-_lM^`(P6-RYb-vyn6it$8Ynf^|{_o4biIapn0<O=|{@+Z=
z<KYxF4+70j95*SFz1NhS-QGX{<rKnYamd@~h-&&<98b<yN!3^F_G^#yKHGl3qehS+
zcuYfbqwnkE>bX>%OOi*CTfxu&JYU&WaNC4&GjJ;RN>Jy%%l&-qx&r_HWaC?9C}`rf
z;e|jJ<98?xgzl%)wj1;Giv8mdl*O{y{m<=1u|kQK|E4@{6g>h#3BZCsayDQ3I)?SC
zkew}98++hw-F&gU6vY2l1nz$!eBsd4a>+}L(Y6qsMLonT?51#&(Cyf&=>;zFj~0ip
z{qk7+n`w=su1-W+hLH2O`_|8e{^3M8^Xqie{a<Mlkw$864v>3oPXTm%AZGf^s8SZ}
z>eaVGKF38{P3Q%W?1{(2dTyutHRANW!hVo2U#&JBNzW1WgTP6CRCO{@?&^Zj!j3Ae
zm%b3P0GGz4s5nY7q(OSvWqWJxG-Uiac{!-G<gc@^K4L?+VBf`Z8*vK6?%N+*6gUG2
zmXk#h+OKhMty|VThO~#C?$ojj!ToXETZ2VkCDSi1!|aIEPRGsZhTN7jZUqYCc#(3X
z^;;a_UAW%_h0VaKix58Lp&tk9^Bmuyjl&I0T&9R-9F#F2DxQYxs?iU*i0W~bO*#vH
zc$poM!U5^F4t09_>>?+1OG7g~*>~YHGNSsM-~pZ09U4Y&!DDPjC@hn>dVVd&9&(4z
zLdH6HnO~&or)it*F0@?;2n`nRY)aNNRwYo%q4jN;<&6i{Sw~5d)?K*qO<0n}I-K%o
zJVWi+lRl2|LmC18hcGpUf7X{|=1*W_OTzUEdNhExC!tPGSFXnGL4yu}D`h9yeuHz%
z*$?EoW~u39*g<klH$#K<uaMg7j_~dvVtz&qE$usAzo6BP=vOKeWSYfIQr1VCVHo@v
z*n^xdCWMF7t1YZ5kI7}{F%_V`L{M=2VL>tnS_?s2GcPA=1^mO0u#Fa%AWdOpGUaJ1
zJUg%d>|-(e#KvQrMIxF<Mb%FSLR^2km;jGNi-8Z3Ft1~TO`#1k2&vOJuv1QyNT&%p
zco?x>$AQ556$nxo?bjH*XnIHFlIm^9%*|)iyXyPIH1&JY48Z6<0u0UmLR~VW?*GBg
z2rIN8l<@#R7jGK8=YF8i^O^F?cizqiRR%-gbM_~yIj#~68y<tg4jMN#L5hxP1YkKG
zSP|15V!zECyz|+|Y$$E6^AY5Zu-5U74~dzNzKVWS2^ab*H{bcqF6OrF>E{6s=lOB)
z=2BIl+x^|Zj592AAP<rhsbjKK=;=z#sF08fxb|Hj3NVMflpvM|Puh^n0Nx*0^#!x^
z{_A$8AR~=HiB1PQE$Pv;<g9tctfY}SA6Y|=;5T)sXDbcJ5xRh1=C#I;(hdhxLr(iV
zg2;PidJZ(BS8xNl=s-dyhHKFm%l(&2Ei;sf)ptq8&(5qd%l!)e4tsy!e#p(${8ckV
zz~Vvssdkof1$iwMV&U+l`zGsOTK*nQf->31xV!qeF{^vL#EUIBiU;p3z2_VJFoo+F
z(pUAY0tFTokP9e9vqmt{8;ka~8U!{H8QA?(<)CcolV)R_qcZ2wC%I}ZOlYmF!@b14
zGrW#h_r2>t07KT@)o3jau^kVZuH)Z9+crss1{@Rgn@g;%?bKwcEo?SC(j8N{)KP#4
z+&b5`i@H%g1e>u6DXO%Y8S#r0^qqT`eTKwC?&DUnO|ja`t`>=_e+40Ihv08X`JJaU
zQ_>b>x&y{7@MhG%td1PJ!y$M-b(%?nS%A<YQAt9sb@yg95wRgkfu(xTgV3O1a9B2)
zn{-2=+zUvL_E{0W^R-CeXUFm9TanMbhM_QMEt0-*dn{Wfww%W;0L+*^?MpaeFwSBB
z3pS7J`B-S{6BT7}BWMv9uEEY2=V3R*G_>)Z^5XSjhi(;dmBaa!))s<z(D6s;!h#&-
zTw0v1z@lj2fDDem;tdDlvF?$2*3VYT!N21?NEFSwoT$B;u>YIZ1chv~VFjZn1P&`d
zW`;#@HM&-o1P|pJUKpPC9JncZG|q#U3%^?jYXT~>@SkY9xW|8U3>A+yjUxpYwixp{
zqgOuMC#>HGM?!t}^`nnwUP7M=2L3a~R6b{wTDNIehG}zDgl<3kJ2!3g2~$Pc`%G)1
zBpuF868bPMjkD?L(lpz{G7O_k$$AdbfTboQ4jD{y%gOcvgJWIyKedHIt{3Br1I^p$
zM4E}mUr`*jPMn`34j#~l4s9}iXSH@A0gun5$oR4`;%e^%Ni^bxy(cCM;7G|9PZ&$Z
zEP}&=yY9XC%^J{;buUBb1&7DX2)d~%s(a!I5vy7XPufrK^x9Fy-RLCc2z0kr)u&Tv
zEuQ=Jbm_N4SRQ^@X~T1~tIP=^jY4S8q#EsKn(o+xJ$_yzHJPvNAHoh<3k*h(L0f5>
z;va;g_7TX`aL>Nb1uXkZ?rnW-5QsXb^m=PjDQN*y%r0Wi*%^zt-q;N;aDAmUQ@1NT
ztP0xy?iy<O)or82lPZOdnc+3|3fFumt>-K?W!qUTL40G-{=A?`BQ~6%Tnr{~55HYO
z`C$Xq#3FMTg}fp<jujXJF~QGr(69dTE;u2Rv}rqe-=Le;&n@=-%u}t~7nFo2;z(^}
z&Sy)5j%WO4QJQVQ;1-01%lo=?O#<6D>O)-`CmO{34YCZjzT1D30trrmE{&g#6V~KK
zHxT$XdDZyCPr&2wQTb&l>?7DgBL=SnsrzGQQKD6BIBuhfiL*LhDo@kc4G*hO-NpZ~
zTjABs9ELz8Cn%J7uC830I+y8MHpmp?5^ohn)pH=csbvy^0QDx+2lM=|zIp^sPs=<6
zrQ4kY=cvjI8jUbYzD)7!`|@$2mK#FwFm~&QFjyRxm10jJv}%_<=_Q<>!2-@SI-Vx;
zQ>x`Q`tl((@NTJ5^&ILpM`wqL_tLW9G4Jp>Ibp8Qnzf)l9epE-<$sS*K|qeMe_uR~
z>LXl<Xbl97kDzsr#Iiiv7&g76)$0Y2SJ(@Daa26QvR`{UAq4#TXOI9bkxey#^-G98
zyNnPV*$9wT%o6q979M}Y=++No^qsXO1nu{7lN@|F0n)yrd`*fwWgwX!+Qy-I<KWPW
z9B;^|yI#LfQmpy_v;-T!M^QBtFNJA$NbA7JtOHu7h8qkTDl(^De$mA6kg8c^$a&Mf
zx|(O2enBm}e_bnB9Q{h~m2$$IpLXV*CG_~}Rf*tlMB4BW<SwHq04jv!NMdGi><E5l
z>v0UjtPbue7>eYEhcD)dZX2umOKx78Pwx-pemD$ILJz`(BO77F5uZ_haE-!C^?4wW
z@1(CDT>{BUg!gklW>aoT`HjvLBb*6(K<jFbLCr8Zak8;OVy!(_UT%o#U%=@&^`E$0
zTTkIF1#2&p^Uj_G@ow!|+CT@-CnzyyNOiJPFwR@2Q-B|ahBSMHH!t~N=G=hA!CAKR
z{_k$Pr2tZ$jN{Me>u$Qdff!Z<a9Jp%vmgHZgeQ0d3y>_>hTW_HSYci}-fbHCutWwF
z_v28u4*IrVE4cOP<>hI3!z#%qedrvLtkh{?y!Z3GjIY?$AfaS^37=xvKZsFJ;II5w
zqBF2Gvkl(GTj*0HJJ;ufwLZB<dFi1neX8W(bGds`GH<nweFJDx5Q>EfA2Mx7Hgl(Z
z(b<S(`sdeWH%OvOrM3cjMD)j9S;bK62wIY)gDqlW%qVK>QQ~h<Ayl6X-yT0LuZAc1
zsgDhGo+5gv4G5CWqD1rXrYDW2SYJ+RyV3RE`<kprHmsJZB)Hj(#Tl;JnkT!h<+9pq
zTd+KGt)$bf3(iEU?DT|~^>O?x<Qqj*-#10h-5s3_cdSkhT~OM#a$O2{0&wGI6)gYK
ztW+GYEI2p)sT|C?Z93P`_U@$%+Xs%|QC>T%Zr;D@T#c99w1S!4*?nKEZ$y@EQ|}<s
zHtDJJ0>7Ve6KXj-`Z(B!PIGuAi)9()L6Ou#@;09?;f><$Cpk=v8~Hs@K=qM6YojO!
z+ye}`0LBArV9QU$dzj_@ub@8g0C)(Vhsi{NwH?PC!aJ6=$Xjf*q-wU<>*6t<{c%Vk
zg&e7P)HT`+F87rjV36q^`H(Gm&8MqCz6Qo(x|g+<!i-OVy`_|7JGR~tacz8hI5(<{
z44lC_45-=vAkQK1upb{$tnJVtbf7SK=v(M|?e6L|XEyA3+^=$SbT=fEPaQ#s&6>|~
zt+5Wy;(N4$rf_I_oRZg+AJbFYKXiTX->;~{uaW{h;Q$Q$?fwHbfPi!xsXAmYc$c7I
zJ2NRimi!jv73^LzzW!oYhgLCr{$i7sRF>~^Eul#19Fft=T*Tppwa*c_a(1-??0_QG
z*PnbCjDGl_Ti5@1q(-ju<X5o?>(O0x$s0a2=8_e&&Yv=B6uVt!aWH0Im-n%lb-UFC
zM1An8@vUBkzhE?Mt}F^fDFLZ>AfdlOgH7m#cx{nk(<x^WqVZAnSD2<gU}oyq@MC`7
z`cm=J-|;UmS(_*`S$jLq$mqKV6$DmS)-I#0=8|CR^g)>KTxnevrKvUOF`YewSg(nM
zhZAmn<DJgcWP;ct<51U|ihV}7ZATM2Wq*yJari;)C>w)&5Co*bZ5hK50pD&cu-s+C
zFZz=5Y~g6-u2!6-j9&3;)`$))b3xmmWqmcqW&yomq!q47PT1RY>etY(#Or@Evs%cE
z)vDbC2p}SB2sLupF|?0UT~^wO4a8ZB|A~Y+DXr$4?Guo|>~iR)svKgU`WlBcop>}7
zs$y*o0Bh5wN=C=Rtk+au$cRWQJMBN#ZOY7cN69{+!On>5{`i|5J1Cjt5`?bIa-ZoP
zx4WB5ww@OYJLjo^>66~8%SA`rc)5oFg*=QG@0VS*siWVlv>&uQk*bpNZ>j5Px)5?i
zVtn@kKsDag@PiBm+8Y2n9@31TFsy!0{o`m!B08@x+A?u6ox5HOxX(in5K#w`PtYQ5
z40}DyfgW3=7fPG9%|Bi`s?^iCo<b&;8I4d@nL;=JJZ|o_R1ZH{-tzI47239ZY)*4&
zv#!h&3z6%118D~u>-%M}$BZ}qpG3=$Vb0IZ=YAdW?>9U;)o@60s|6wv_Ry5>Fy7_x
zNZD}*SKBfFq@!Yn4GWm$z~_U}atOola*vPvHtqI#1Y_eQWb=!ITk&`mO8S-R`Q=%a
zX|vznBkw|`GjCH{nYiPl>VJ|fH)-sznr?(}Bj5ic1rU1#ZwOJ=8}#D}``9UsjRv&>
z6*G5SdGT;Ggx^BJCS)mPzdKg+^m_k-L-b8eC(O($qB~)A>=0O9uJHNHSamv>e6HFv
z_eBarbbHd{Ajcm5dLgDc9^}#Hn^8lM*E*Qn0w|`C7lv=hym`ocY8l|vCLn!4Sh5~a
zJYaLXjf-@Jxgo&=zY4uaerG&`<$#}%x(o58H}by~lTZFy%osrkbnAbAYusc?`_W`W
zKC%<^Rb{~On;SFyOS^y}3`Hw@t6NYqwr$LsWE+<>L^j<IXboNfODJi7`5O2Zd;ylS
z<lFev_>R)mn_Vh}=LY`37hh6>@Ly<~{#mCUVM&{(sN37)-F1u@8E*mk!O(R>wawi@
zbDQAPw!GjZ{TtBE6L#P9=6L`}`An7$0qOT)?jsz`#h2Ze;lHWd&HkDn2B7nmTRB@@
z!N{BZubz~jLbm&==dR(wJFg7T9iUmUQ{H&0a%j*g1KcigFVq5hK)gJSB<#h&@uo9I
z<HxK4TXMakjbk^{=YZv`;wLIZi`faC6ztqeaFsg=O4q509?b~J1;<ugmB+L(ytS9H
zIlEB3fZ3g->U=Eu!|C|7g(Dl@p%R3S?DJ=9f&*WJKEg&-Y%)UZmWjh;d50PW(e1`A
zCEwGf5Jl6cN(&ye>_1MI;c*wWr908rY#{TUUOkVMhz-ha$jHur=+W<uGLW5<!&5yY
zZAG4gTbt8|>LYL@(8TR~rscFsF!)4%A*6@yui~3-Vknn;r~+#MyFL3dD8&=rMbss9
z1VO_pClT?!vuBU491Ej6!nl7dYHS7!^OjmaAlAtS7g)Rz1si%_PQqSI-w5JrizlC+
zH0__xs;>UzgyC|sh7pUv7~DC8YvDkLy>!Vj`+$C{-xb=<?TtZ7Ng@IcDOB0%G0>;w
z{;67G8HNNJH+e$VZl{8|&}1*dAUF52hxON|8P2#&o!EI7Nl_HnlKR=V4(^&=l5C+-
ze>frFrq1jeFQaf^<I2CfLdrPypU-a&d<?nK!aaP+|ESRJQ?*+sPx)e`Y$X9IT2a+}
zbcC(^=JnCNrMI9~(Eq$Zxm2g)jP-5SUsnIhHOAVuNK$Vm7a*r#Bn~N<!8~@nWZFpR
zxnwBPU3g`=caH8#nrRDVM9jumjlieoxwSlCrM#A}k=6kabA6ZZnc2l=rTKq-0Mj(K
zR^!RYR+k_KF@NBqAo_7#I5gV+iBT!II1CphOmj%%&;w)VK3qX@v`xhvsGTWCla6HC
z@yf{1nHVeI+Z%H*Z_YSL*{&|lP07wlksD_O3bm9XXSh%P89l5{4wkX^-1o~f{R-Mo
z!79|=kwvFW$tA~fAz<`A436$7%J;+lysz3XtffE!$%~Nv;c}1eoqT1?OCKogBO<hi
ze&KU6+3ntWMp{xIJ+g!6miFsuAd@@O_s^*;)vOvqWNjl43+|=JT3l9D{7J6)x^K+5
zDXZq;q4?^S9sTrc+Zi6i=00Dd)c4O%6Z2awGKG~qxh+CE{#3RO3YfQWSj1Qwb?Scp
zm~u1T1@|_0TBTp0#tC%W^Hy{iHdJYMo<rK?J2`7kY;nc&JO};(ycf-b(P%<L5dr~6
zdR||DzxkN`U*QoiFQ|I&9xPR?Iq}GV%==7=$>0R?Q}n0JHoPL#N<{17)f)tTy!4mr
zj&B6X+b<3SVxlJ?wf3;{jcf4p7Kf+`^QI_9gF{rrN7&wDM$&cfP>-WVH8jZ_1lNox
zm`|--CIlX}a~3-(-F<$r%x8cS{{0+h?4C2+3c-WcL!V*zB7crB2LWl-1eQfJ#(7sM
zs1k6dZ|!5Xy;<Ea<psVB-P)W9=|66WKtAc!!?~ZYr8Senj+zEOlJ!J1`;^S9W!F5v
za2$U^ke56LWrG*@-=obF5L*@+YpG&NOl^+_?4^3kzLd_zIfJiGGIsa3#5o$%Fs^y;
zL?GouCT?J*-GWd6K2)mO?0aGha-Vt>;kR}Hhu4r_#ZpF#=+*9e*y)M1!YkVj=H)+q
znv19yrw;jM`46-OWA$lRu|FU@^^}E=Hbg+1<HKff%!hd7v(7C!z(W1VjFK|-MGBOF
zeSAbhd~UW!)OY)fyosPS`2B3P=A6^Vw>f2ExKE4Ep1<Dx&;$P`?aXs2YUSlN-*;xl
z2d<^IzA~nNN(KU}p6{0XLh^3?ef6~H^ZEbb>Pw)ZdjJ1PcG-o{*!KvPHDk>hq3oKn
zBvJM)%Y?BjJ1rPlk|Lr|V(fcaD<WeJMaJ5UnYs6WM}5BMcmC%&oioRw-0pqe@7MNz
zuH~;5ro@qf$hKU*Jv*MOWh;)s5CnJ@m9(*@&d_>#IseA*a!HA)29jR5{VCFX+19z2
z{t58+!kg)vEO?z0^bX2~KWwAF=Gp}xs75Dk;FTi$?`)>C9B(4M8^xU2Apr&bNtK0u
zU!L;3JK?FY>pQ#+q2q{a%s+!q^L@M>+It^4yow7t*Z%taH1<&q3e?^pd)K=7t5yjw
zyXR~z_I6f23e)gh!c=nD2-@T<Vqd)6Z@bqn_~aaq+*^lBnq$b^qVr16>tcM5k?80`
zd)*|?geKh_1mAsAO5*$M+G78f_9-|pc`LebcxhiC{qyS45e{YW?QLZAxner(;DRk^
z^Sau8&hE`Q{FwtzG`PE8^XhkOq2hqgaoan?MRB*?T7DQVe1dQ*bbQPC#V<4UA}aQ?
zQhRU>;yWh;&!OihHCahVyhk?7zr42ZjwKCVL0me>caL{D^&a0g#L_oYIro+j4lb92
z!M*p!-=iJIiQgkKxNKZ3F6reYr2oPAh@X-Mzuv3)8r*tk|I|>0YkoXo6j^>>6TXX>
z0KQ(`#8mCVqf4$827lSsE&EgZaWC=apUHZOueDL%;44MyKgV%wQaM#Lz)^0$^XEPi
zvZGF(+GWIhMia5;{B%exafLy$8|gg13jE&wc<jBPqH?w;_XMnidfRI|eO%1G_ZZHB
z+k)YQ$_>GwDdHrj;6w2iX+m<v?L)&n{rB01-x{lp&((r6H}BYVyctvhLwg#spWOZ?
zFm17a^v<K-+1ZkAB?hc!_23SdWGMCl^$i^MQsnj=Pvm>ojk8~Hr<9?4au>(!z@?$8
zs^Re2smPc8+wEuqd{(`p=YdXYF}Ug;u?kE_C9>big|F9nN5+mz^<xd!kiT9L`4O3)
zhU2?D>5i|H-)%@0X3boTZ4O#GU9-R9nd&GAPl&w9c2Lji%-GnU@N3%f<)2#U)K&CD
ziJsZ}7oJ@S3&VU0*`|K^?S0GFhEFaLuHMl@oQW6p<!U@Wv3TEkd`rc1sFvTp9KP6j
z;mO(Z(VjH4+ltnt`=<F;qqi!#`8lcg51N;3Cind+sb<>{xrMD*gzaJWM=_AR3N2;@
zr0i=R<ZU!H-z56xBJ}aX8}to`gJ&)t(Ipx-FR=ZVoT~O#<(}}_#DFpRZ_5TYt>X=?
ze}@wLLZwn0m$w!-u|mP?v(>4Ke;BJ)BJpT-ncyqyV_#5=`+N2b`cK@W*M?nan`6$g
zfQzn2wDFAlp<m!6RGUVv&B`@TSq1I+SN8_9!0>1+(qs$fq#<u$t&y1C2w#Jqp5dzc
zrgh6N#@oK_%ji{@wR~XckDGfKf&iFHy3UqTE4^J&@?OAh{cC^`*Qz6HSKz7;m;o;|
z;#e^hPgEPf^hJ~!K9YhtxDbi`Cg$Hs>;K}B(FMm)Z9-sX8BWLjM?Jqop0~C5{<iwV
z<=~W|7WbJ>J1Xg4oy}c{JT4Q_z#EJ0zIR=&L|;M$F*}OK64<_d^-?%U1&d<~cyXnG
z6hVx@{F$@P`amitad&e&5#F$o81v1kCRnOBL;pd2W@(e_iG!;LSOFV+;=|@7u;EuD
zt@d}w@WnU6==KraZ9ttgsNEc0SeS0f9eFhI1YE)@E?GEA$)Q9gRGB&u9lDjf|BD`G
z_E7bp8mD+WX2fe}9DKLfFKGU=(22PDxq0T3rVr1{Uo9sZmV3KC2mJQ=9J~MUwu*p2
z)pc3mtE$6dV*UE}*B3*kxa!wGGcwz@?$+SwgFnyUhY9(KU7xn$Iteyu5yDo|J38;U
zrHHVqg*V15i|}nE1Nf!~z6~!y_ks0o06OKxiI=|yW5_0WpEVnbE<c9pfOQ}`&?dYL
zkinkK^X)6}{Q0Zo81mfvCHw%dw&nwGl{)Wu%$ZvLg#tHXw&yb*;z`S9&T*QNyUwd0
z8EF72%NhUG^o27;P%K1{Q%oW4k~V7Zx-<q~C}JRj?W+p=op9@NX6DJm&S3*)lQK!U
zK#XZwM;@>-f-i+NEMQg|e#KNc`mE~mO~S~J-QKlbUV_d5n;#Yhem8!!oy+$YLb9F5
z+q10iWNQqb1ZF)dgw~BzqlV)Jy9>T@d@d{8Ucz~9EU732(Z5}SC5>6^+o6YZrn>2a
z>Sv?w+Is|-Pb2F+k?w(yZ@B3opIxj$dnsaOZ^9#=b<cK~M%87m!>2Ior6M+XF|ruh
zW&*wq_JI;0nuH#F0_Mx@|2o)hOz_I~A+2(3BWZs1gF2Dp(fDS=MHnp~qiHi)1jLZQ
zZ7^{%le7`G-KZkT=h_`z7~vGDQ$SSIV|@4OUiHNmXVy~9hPJ0$_u-a8DJd)20;g-!
zxmXEqnaDB|3!NYQp-sG0zDhmW20!}JIY`$}nhz3N`KeU?Ncnx0;^#(RbYj5=PCSxD
z?DB$@kaW`2XKsC_ta{0JME5}Ijn~a9I1_Ei<M6$f#KVL1*(MB62|-%dIXDi-b$h6J
zaRL%vR`G#r;FAS`?a<kf`@~XK4bm_CdPlQy^ZNXzqfayZIe60cKDEaydEc)6CtPrR
z+tuiB_v`u8Ync77$d}jujJbub`!w%XH{3Z}DB|SkbAzTqf{Znfz;~ywH`bh+PMaEo
zk8+w|O@SdBpbs$O%>p~`^Y8N$kk?w|;|}se;z+*NH8U)ikvN6v>twdVmykYrgQm*s
zn?cniY(9t`@IjJfK&0QJCClDC_$}mH_<X?r1kUcDVsQ;Ed#4*=XE*5br=8_Yaa}%}
z5URa~5$m4<M%$`w-Sp{3IKSR>TB*>*FVL)cS)7tfozK;~BhPB9<!S%%)TZsS$|<gJ
zLM7+B=nn>$2&)4n$kV2-nR6`8NuUnz9-N(8K69D=l{iuyS&l42R!Tdrv0N1stqwX>
zaQCr1d@Sm!C<BtRx`hpXwW3%>Nwn0jT^DQ4zR#UHIPc^m5m|UUAa2S#d+5Z<CFK|7
zZm<rt+XWO!Vux$-9M^5p(4QfKWW-c?&#l+4*v18z`iIUI%+lY5G|C0DkXgvVSdtiP
zdkXoRpPAHf@X7swrXeK9+G6*cj~wj|!v6C0{r7X59`Na@u?b3V@!*>V_;E+KA}7%M
zcvok&Q5(R#?Q)T%#dsDdjoqw>{J@ZlHrDG<FEm63NO;A7;TMwd!<xs!<G;6zJPJ4(
z-GbCqnJ)%bb^~H^Bex9?x=v*oZ(DAEZDt8;kK0A>VsPoZit#ZxdTxnwF$NLRa&dd*
ze56%b@;Yqf2ufx_&ROk#n}+y9oSneIQ3qqudCPgrkW4*xfE!vtdmI|5meS|m<bhx_
zC5r>zH&oZlkTlOUlnRX6G~6E&+F(30DVR+i?}CA9Jem`<5>Y?)8G@84b++5QGjrq;
zW3DyWh~9zGfogDa{3zzK>Pd|zvJD5M)yI&_BI1gRUv2iH8RP9|Di8`Zf|iM?2R*ku
zFVMpY=T7?a@PBK0$gjL$8@P<OdpLhd8rCnpM-t=jHge40q&3i(5$3x>(3R^&mtgQU
zZ)~1}JhVr>M4(O}2bBOhk_ag`RE-lrT^$M&km|rn>{1o@cz|kcdE`u~IH`b)2zR9W
zcqvM{1KWX}(iI`<@8_>uPND1Ic51}>st@(Sl@8;NJ)y$Q;$wGNcE@b^Ge}u>O@JcN
zXdk_fn8GOSHtep07R!YYdgk?}nrzn%86qdrq-t9vC}R|a<~_xMMMkjQH_FDRdvjQ%
z#n&iv%<rCdLj`V#^z^uR8ZR4$KLPKb-Pm+LZaT84u@`#0&t<YOhIdRD3se+k4oG=H
zSu~i`$J#&xdMl9m-9i9OQ08Iz_2>C1s&}AzFCLeO%g0IWiUo<!)9BBEK|J44nIFVR
z$7K5eKU=>l8KT@l>N?vLtPUeBsIM~s<dFIAa<YgJod9}<UY^gutE!(je(edlAA?-o
zCMz*PVN<{aTB8;jq<o;%*x7#>(}O(&G|5kbh0Q@w_H&%GyYbmLpJtg~!3}zt-Pe4P
zW7#~~T>VeN%33*Sh+av;hFe>Hq_<?lgS4L+P6282m3msgBSh4VoK-H#oGyy-;ve&H
z4x@`#-q}bx_2bH=TI0%XLvW6M3w;1vHsO@df-5-HuLlui4{xLsbiUj*1C|FJFzyp5
zcaxOkp8^X&jYrDWC^!n<cDj|j2$LLG25os2aeAjPc7U>yS}(o0X7h&~=zFM#FU>h0
zEBi<j_lx6^Ez~Cw?7|(0%DA$kdIo$wr_<Kgeg10~$0fftjf!Pmc@EfR=x4$EKaJw!
zdJvSqwHz4_ud8<(-7?yL%b9qsJG%N$%?Abe9amu(Xl->zJHc1t_m4BXI-gZ9KfNtn
zHj|rLHgtb_QB1PeUy2IducN&`lffc2q_Vx>%kbX#YeS^-VvNr;@1SS6wAnK6%~KGD
znSeIT-<m~pn^K<`k=9}i$V7t-vIx;^zhd2&09!)FDEPHVgEmdS>z4V#L}r4wG5sJz
zwDFvbJ6*)FSW*ow7<h8hw?MnUC;je=x$IoB4ABPqS<5NxHoOnKbnn;+Fka^-8}Vg{
z*+rl3;SHs2sk2UM(wq9^cU*bhp<L==MY0QFtn{|G>e$xvd&IYv;|MdeFht>8)yUDn
zNI6#LfXVJm(H7<*UayBpW?5@#*jE<dI}_}K=c7nIOX3nW{QmkQ6UIjmpH-PJrveLb
z3Q=crsE8F<_)t=7n6{*tEONLnbu)!Y5+oC0i!(y-4s2OG^pX>kDMTIoskl3G5S%OG
z>oxy9Yckf}9`sXe8`B4hLx96ls2jZO;Ib&UFHqsu4fM^2-QGh&3w$sJdI>RtsNCmU
zs`ufh;3*+8f?Ckp*3M4AO>64(PV^%UspZQdD?0Gehs&p%p9HCugEg&B$Cl60ue-b=
ze7}Jl5VN)|pCbOIN?JJ%E)Qj|L|+3Krb_MEbJ7M>lHB$YcRSE~@(}ddT-X224ZfbP
z1mk^Vk}`v22sE!{{#R?3`K<BdJh7#8^P4)B)X%xHvdHt2f||@y*LS|k#Ko;EF360a
z+}m~c6W43R&pJ0kyVHN392b;HHVlseDK)4As~~1~l;jfQJN;#k|0X46F=^E)#H?n_
z)Fe)z*DwamKoigmWCj^PMzCQRAL<co_iD1HG?|*6vptHd|18If%t@2S?;fXm5$KKR
z>|Rf(+8%_5s~0<{6wMV!h6Kz_a5albZ*Pf>ant`aTkwB8=+jdV9nrdj^Kq);Cv-*S
ze6~Irtb4U8b%2-Ljr@uH8~n(j8F?~>(LFlPHu6-Q@^~ImX%3UV&Rj&-O82Gr;=J!S
zbzSb?qLNSrwcBNbDkx?d>32*NOeI-To>FPB=E~*I&_Kk!v*w*C<WVtqWOGbR-1_Dh
z+q`w(DJ<pNZ=T{InF9I3DI`ngO(fJl+q7-h#oDe=S6p?K1Mbzep4T2ePiw<NGamRh
z>O2&bQ$;z-ZT7u9GaGn8<Idhd%lXP*j}n_X$>BdXDsgdP&*tA&q-thrk1cOMGW1ga
zFjzqF@%pe*Md4lO1N2h*Qq3=(HT0$0;y5{D_?+{B9X?K;IvN+vxh_I73~z4}xt}%F
z(18&)$r7@F&HGZyr#q6<4&{t1{rfw6AP0dw@<s^l))~v^Qb+7GBb_Zah6jHBww(^W
zch;it+M*Hs6d0K7B2H%ebR6LL-|{jd*;svtJhB!DJ?hPHbXx_4IzTUKI?YRmSHG9e
zcwxjWGsX0q2)~8o@bi?Qq(P@DJmVu?j)@JHAk?<HrJ!Z+sEX<9=m$CSQk;u|%ZvTe
zu(fR;)fvyn$8$Q<2+s#BcO^xjw(<8m6;V%j(;=#1q$7KhCP<=b8Q<?_gMwN{1+MYs
zvA@?f0OWx&+Q;W;2#9-P^Jyh;Q$PxbBKdB^t<O;@1P6iMJWy(a2PxLD08<S>k<z!}
z1E6vHJz>hu+*Nv4mjm{%Wz5{R;2i7eHC1Yr0iTe3Qx}jg?JJveKVR=|9h?>QY)?y^
zUnm@QP~7WQTWMh*2jZ&nZr9NL%%K6*d~0#L4plo|k;vhC*IU}zn_IHE^9fwTi;qLM
z!?n8QW=ey**=b)!W^}BH9%wqL4JUy!{9LtqWXo-%ZM%a+4V!~}Q$4&sUhc`v1Ku`{
z`6gaqXqVwMkG(Tq(?%cKbBa^wSpn$5d(NV)qtFMiiad%uQ@|oj%$|Wd;eO-#=3ys%
z1;IAxwtzAB1<neR&z~+?LN8$;5OoNnaOpV9h(+{(0)%*=6jb<?R<`?rm8u)cf@;z!
zj&J6OCTd;9N}IUoZSSbbOa0K<JFwyHGODW)bz^aG=QN|c$KzmFo_kYeGYi+NK6?^o
z9?P)p*IQhL{jiq5?+LL2#Q+q(W^#DarcZ!j^+R`97lkC;J0_0QkKiUU9xw$J9o|X$
zqbQsmbs`gz4z5-}^{S007T37W77)9RS>-5KdqNhwn~V#Uana#|ZZ5oyt`6>wM4^TP
zvP5klfHS<@3siL-ZwhX8MV8zbIve}q)SK4&pda3A7*Xg)){tw++L&F;F4DM9UaA~2
zD^cKaI`GQ1m14+`)DV_3g@yojjz7+O6kbesqphaKRkjJY`o2wDlh3cl_xS>sb0RuR
z8Fps?#dxGu)#g)|FR|UGB#r%tNj)#!=8Cm;(ZIV}_oBe&6lc#|#lzkw?JRf_x=c<A
zmA#zf5Lg##kO9yNLERm5y8q*-_|_|2#bC;D3zBy#IO<Zz%>iw@|I-(#?@+boLH|!u
z1oRT}1xml=)h3m9fd-@8J~|6@0+3(X`ZuicnV=!SOF*9iDz+>M*l(Snz18Q=fxFk`
zqC>y=^G7Ggaq-d`F5NkQRhe-tSInhVlV5J1a8v1`xO+}Td(6s5zXDevo_F42VoAs6
z+4ZiYT21;&MZQ;BJyAsS*s=$_)^*3VO1E`$%mp=``&(pbO!>{dgH%=uSN7*H;};?P
zqOt$W)KM%)?F?8*2pu*xqifuY5083wAd)XzC_}h=a{~V1mjNiVE9|`OjCcCCo?MF6
z<7ndQVh4^x>jv8IbaHkZ8)ML-h9M(TGea~u?+UTB?nU$GI|(slFRt5KP(0+77Ntcn
zL9OEN(wAZaHD|pQi4{lCM>|r;S6R<9=yA5tWKcaQ7C6w+rXPOC0dKERk)$?b+Pi;6
zZSg}~mc?M@5d#$l()C&OS{BR?llfQqsO`?a{x!0LqDt<ta=?YFH*)?JRD`aV>0uI}
z=~)iI14z3{Ceb?M-yT*O)v$XlP}ke+5+=&^*f|GE{<^#`<r6)H{S9V-x<J0TK*!4E
zyE)`jMCeMX1Z*J?z9}Qr4^$aLNkg00Jm4ya&~GvYc}qZ0pd2iN9!h7jCjaX7f$JuC
zgxt%>YjE53MC%J%)yvkG(^R7_c*)#2*4I;wXMU@wmb&BJH2~DTyM4b9dv1?fgDrsn
zkxYkAN&Ce9N!Sen17QNWV>q+$G3kfk@Hr=&9lE%I^dCgN`z8fi*QvTpH(>6HPXo30
zu#xSa{05+KD&7*RIa1HQ<@eoAVdzKnBW^LRq0edL73v?TO0MgsG9fdBoUi5;a9h&c
zTsrE0@+c&NDAuN}EAG-#KBXAUTi&AkDna6b?xmzA1G2IG;kqED_wQ^XU#(^}EcB+3
z{h<^k)GjClEDv-#EMADq$#s|{`RQ@sMVnL%<n@T36E<E;r-}L^d_wfQE2_8n$-yRf
z)g&7}HfiRjIcm<*wH7|7bf=!dK(c9(1Gs2uxxvmb+*KoRLY-HOYkB1iclPVI%-PQ)
z$Kp|bDZT0sq9qRE;5UoZnv+2thCNJ%7`Jg2d=z>Wa}Hk?MwfmKU1lS#zE~ryDs4uA
z#7%Dn<8XFA<vI|b*a&koBBW$Mgk*9xgG_&gNsj?Z-^2NDo7!E-tb=<X6^8-(S2-^?
zG}|7Zu7w|`A$DM>qB_71uny^bybs7EixDmNeIus9T*1kjYA8rPCBhi-q=Nblwer)P
zCmg-MPIs@BbUX`Ecq&@gn(VZd|7@P;<%5chS1biXx>W8wEgE+!0-u?BF>h%l&lTSD
z2tUTxyBj8I6n;M7cA$`$kj;z8OS=Db7fNL1($j>yIY6-EU%ahhtI!wE&Y{JG97px_
zTwph*ptK`qeSrKmS<zHi%S^H&7)MgvhWA5{pi}P_7*Ou)f~NkW7IlPfADsvC<BdsJ
ze>?)u=J)W1>&bCW@FnO?y13|T7DlRubWz*&KQB7Vypr5am*2Rhm`OR0zy6xW9F2I;
z7&r$VCT@P(<HA`<nx#ErQ_M}wCZ~e+fw7iKXQA?t;LT*KXw04V;F%QC!hB!iUP;XQ
zXXa%7;nNQox2`#;?AQ=|IM{?!ZCrNQBt>1ASk?Z6H)ee!5|oNFk?UZ@?LZU60ns8(
z=!r@QGsZn${YFGVoDc%t5R3tZDM*cK#6))hx;lY(?NcKBHd76v0gf?bjI)g0v}f_z
z06Ac^^E(D2^l=~HS0Cc+No>kN27nzg^>AN0{|eP1W2*Y#*c41dLtgZYxeFw}whvbf
zT1|%YDmtGQP<_OlaJ4y6>xy0E(7k<uJuWG0ylV~kR;1bJci%np9QNrSdChTVo|GYf
zhar`m8$R^r#m~2O+gVQj18kO7+-5-DbN*YZYp^xMJll)@tOqgB9FYV`hIHPSC^dbi
z4&LFKS~%&B?1w0>3{e0t!fZT+E-%X<Upb=U0e#ikYGX4+;jH~@EX--kvZD=1T4%BY
z?Z9*;rVepR_n^_vI&36ZQ|>rYdg@2e(ZK}*DG{F=a;_J*md6k7c@=E+vaN@6<UjZz
zOLz6GQ<U4;u|QcW6i-ROiF5poua|7KJn-FJA(o57jkhezbVr@vZ9d)GE>7xHI+@H!
zOHyz`<z)WD)(UPZS-OYt#Rx*5`gk+E4gSfw6#6NcM8abVUZLRP46r*mj%3MBH-$O=
zGs}p8eXhKWO#7Wl&<E`3t^2`s8e$aDX>lU?+!y-&W#r#BhgkaWLtYwKS?h|K7+!WG
zN~2W<>;5Eup3fzAlTf_=>hDAv7XDn=F;X+R*L={cgQ<vn+D0O+ZuU%==U+X;87@*}
zset}NRxG+vr`H!pxXKFWn`0Ac`5!fK_;9cvnuVF*?)Q}VC%DiKJ&cQxXH=yL<n;gX
zC}7r(4{-toFSLE|^EJ<F3Q7s#|NGEUWC#jD^`yEmh2__+nS_p%=CNJ(g$l!>(S7Nm
zbSq+L+CDGTOY))0V6>mUjxP5CFJBJsO^LeGji#~fAj;Z(y|nzaBC@!^;^U7u@l08P
z$uvSw8TO9l8q!OvJ$|`X&pd%yUhfx8sF)O_diiIKl|@QcQ+J-)VEgguVs;14eCn*t
zz=ShiVHcKH7}+5W$&y?nY$1*mHj**rG7S5xK2T&N!%E{1PVDIllJRhp1kMr$B(D$W
z6l{qFm$3Oz5@P6{3-nXySDH=A7XdZ`GO3!+9jRx>ZrTTka};pbVeFiV&2=xHeBKwL
zaJp}5ut{F1Jk+lwUMQBn3?lrA7#tc`gTvs!u^uq@^KH8QPIJr8CC59wL=;>qV1G8w
zs6M&qRmI|VTr~x|(p7KXH#fChu~0W>e(_~lMhvzuHgot#z<JA=Ki(EvZE%grRi|5@
z*3=&M2MTt0qz5>N#|_YP7_&&BV1}Rp>lUIm;Q$@V){myT!Ofe6d1_XM)S+L)uCjH&
z*pE?sgbpkPGWG-JYF7J=B(}d4TwqkGz>HxVPA8<10luwcrrZB-?s0T}76JUh@rQT5
z1XDqi7*=se(D)2B={#*f4wAh(5>pt!sI>Ip#qc~c{;Fp&BTYh~QmU7)OCYrp(PN2Y
z>QCNRoo291<a1MNn)&(ea@YyC-L!@NjQjGZigsCC&+X1^%h)<DYo0pfG>DLnzfi*%
zWIEJJ^my5aBB<=U;&Gwd-EAi`$+}DO#MCnxWD}9hyQowqRY<JqH9EsZKRTz9L6(5-
z7w@w4L2Ppk3KI`4yECMViFbwQ_MbentbJ|&db3#f!14gbodIM+ix=v{%yQQF8Zr*y
zk>8OLl~UmThUj}O%crmrFG;d5vaErP+N+oct6qA1+tenvW_3_Ffw8!!<NE5=PHQuG
zRn&<CdBx@tQcmNlZhQPN>>BmSfR7p45kmeym*X_?SExYSD$m}y!%a21H<|ds&A`r-
zY;s6!8p{y49NhzY2oLiB!V{c8z@vKrdmo>k9$v*=+*pKkEaZO@(NEgMY^^@1l*d7L
z3_g;R1xhgX+#8D?y7`UvM%PZxb@fKf+NG5g@-r{KN#yOOZwM0GGlls;&uyN3Flz1s
zp5E2`0C9kJK^!2qeftN&fuFBzZJnl>B{WNzBn)mWd4x5(@Z_E}ec8VwbN|X($O+l)
z6@RIfxMuCNyjSWrVy26X!vT&Y<<mkmgO)M`tzj|42g9s(k~c09Eci#^VMe6<=JW%Y
zN8D2SPTZ33@8cPHWAIn1`gVySxzOeLsY#G%m5(YiAnAUvGIFfMG^!h(rl0q%NW-bV
zKPD|gD(p_gHBw5*6heW`9qI9!K}dwiJSX$Zw1ocZ0N|$~pSW)Xc@U^-yi}Jh>75J(
zDN>d&TN#8J^-nQCvPmY_aX9c&`qgBpL9)J{=v6__Ji>P5wTo&vLBA~iQiaIaNpEEc
zKi^4HoE@ki6J_-#XWB6TP*Upkqq@NKBTIik+(kJzKUq)fl<(pYvx!$2+|G<5c41ai
zw0d4d?!mWF6m8*<r%`m-3Y_Xi#wl2Nw(`wO{ebLQ1rOvQ*|rcOKvlW~R9s^?F(K0j
zN`j@NnpGA?jVqAc@lBfs!bqb%(3nHo^CjfprUdn;e;<;Vzm0>Jt-jxv+xLD~DlTd1
z=fY{o22g)!oGU%e!JFW6+TF3);EdgaM4TPg-ht{|`O7n+Ss~YtV8ZxM(6b&@S!#bP
z@F2<ELHp>+igBXp@^&TzxNtp^Ryd92llt7w$#j_Zry;_xcHb9~kYsh8og8Nv>#xJT
zg;t@ptA7c;&Tcyz=s0Ht^{%hMCCrSJhMa$_0~R9|`KbcO8$_4HF4{rR$7dU7w?ERS
zuow!2&1a~C>l<=&C;U2ww>xaoAhR;`+Eo%;KlnlL03rM0R@Ey-`hBUXCM!#cLMc#g
z;>j*tS{U+PxS~YVSy12^fa<9*sb;I9TOF{qa^a#OJ`K)Z=;u8}HAT92UNA@`!Sx<I
zD5xON2f01;#ubb16f^$LvUcSGs^Ik81B;@j`Gu+ZGevAP`ToXfO%IQ@CE^M-auB3X
zawXQM!t#b)td7&+7a#nuzhz_{Qqsx4{wg)QPzn<=pvQ0SCcpq`Ka^6E9moE+NgG1+
z6T5^Izc3`C$rUEFvW<!5lmJ$?w=Ej1KR!O^xo`eNeGyVuln4K9Q4!-&sWX5C1iT<n
z`8FT?IG_=D4Z~WJ;FCaoopni{QPY<Cdu9IM{I2(wZnOr7Td8!>AP|=5ppy`?ynnv#
zgO9n-C1RU8Td2ZP%fqtzwBDXVJ~WyTy-n8^OJbb4xV+*yew?Q1*XKRYE0ny?j)Kjq
z$NKG`NReQ1q~7Bj{EqBhNg0rhn+a_`b^sb7dt${1*~f!`A5$N&ApWOhLzb9boY~~K
zui7iW1Tx6k>^HtN-%YKpqo}mPpjq!0Cg>G(9>kMlwa>h`pv)C&koqmM*9*A@UxUZG
zt|8}P0WnZ#!;X!BS0Ksc)vLVb-<kqF1KJELf~GgV8QOK<?=TU6;Vb`Y@=x{7j`%&>
zHNW=C`yNUkZ2OLmdf-X|;@`3<yuF*?p%jCaDZ2YO=QMUjB6c8Anu8qY$(ef8b54&$
z|Nc1`!*DHG9_}ac&-pPk95waCo#5zzm6>O9Ta?PfxuU|7DVnnci9fEb+JjLe2`2@K
zC{jsOCXbe-UZLRehl{Z|%YLqse%>;6;7gg`2@gUtVix)bp-sFp)`iY>xmDF*2~MUU
zm;6q<<H}W@<6x^IBwq8(W!_gP@b7vqn`PhUSh^b2S$#BE^kN=NCM%zz1Kt7ef_I77
zzeWi7WU5Iu3vvEB3ggfmM|8gqpP7?KspU;A^_V&vr3Lb`abIpdg3ZocT%dS@H6N&M
z*mAayb1zqF9Xq*9!^p)AS%O-gxt5$fv4{FX;M6jGKP)Msq^i8CxJi*=S}+D%64@QU
z<SWfTW^~Z&Wwn$pe9Xb%0D+HlDPyO2CMdXbR06BVW(M%Fp~yxbU&_#+tc!D+sA+<p
zgACmR2Bi9_6cR@n$01)h4m?YeKRUlz9*dEC(d^`cjrpP$oOK^Y&cVU>$COy!aY^-m
z-LyN2NK4I>n@5*K)8`gk5Ef#Tgf=dXw)D19EiL6=KR}C?u$O`PDFDKD6=8Knqt^0M
zaZd5^`RD170r(=t49z!q#-tr(@6`Y~fV}5kMQ-2zq0g8j#(aXwN{fDR%PE>-0$z8J
zMw?{xz_UK?GBo+PL=R|MUNFu#|M_|6SC(-u+dxJeOL6Ky;e`@X=-2#U48Fg`!ow&e
zL$cDNL=r3$@0U{vaI8uRo6Ah_0(2%bySTX2>{a6qtS-xlAylg<W*LNl`k+0|G3U5%
z*Crl|TAl!*%*E9xx=C|r)+l7x?}IVp54rOceDHtQ(?EZv1&r(*d)4HoAshGhvase4
zpiEioQ;nGsp3AnK>na=Ri)yzm2@o73hOocOB0QEDnU2RF7ia0Un^R-is+XQwILDMk
zv?mO)h-4XR7d;La(atU3HaP(eWcHe<RASsAl{%JYf#R}4%AhamU@p@|A2L`e970aG
zeDG*c((%|k3G7@)9h!>Yumfcu81%}bv$qm(MmV!)iQ|m)l>Y<<`}vv-0TJymmSod#
zQ8Jh4XRjl%#-K5Hmp=K<ksnD{#VEixT!ut@!o4MP>x*><I`_(VpO)6Rs_O?w1ypaL
zRBrmD4~6JS#2-HTbxeWTj*D>a1@2?pa3*jNV)VQjpFBGBz99>n@om}-3sPsds`F!a
zINw>%u)~!6f}{Ay)JAtw$VZEQ3PAC0>k4V4B)ain&s@xtX_xAmu~pKajw4j_Im37P
zQEP_(odqB)?K;n5K6t6AKefQ~*EGkI&4sUG0gjNCn4R7QITlMa1GGnZ0}LO{`)9#*
zc`MRw3?PA6N=ffV%9%-rj+0}U(Thw$xa=lQ=)Q3Rv9;`g>9x23YF&J1{EfUv7F-mS
zW(u6;fl8ioADF#52j{m*kiE|RF<V}r855l~&IB1CnN~}nqcc!rT9xy%JB2I>;SSZi
zr~`zPx;P;YkR+IGh=Yl{HI#+xUFby|?)_h6xtc+?xO>>D;?+|LxazL&1qnyqw?1XM
zO(PN?$ToEB+9+*k%Ay68b|43%^$Q$ANoGOsb9`}X(CxwAvn)i4Yq-)0xrV90qk77<
zX2DmF89tIfw4emSF5o+@9^-iVVjkK;Owwteo*1)Ub6Q9_fGH}oto*MLD30US$hPLv
zrD&l`$ZYT;pgKrHygx2Ag}1Wg3DbkVj-Zf7iS?l)K3R}D2Yug7y*UhtEp-^Q9xa!I
zoR|F>LU!HE!F{LqDkvel<JfAcFiWA#KP5^-lEk)XFZ1_tT^=5gb7)3Vmpjugh-DJY
z7YvaN%YUReb{af>x$Kg5y&mr3k(sb-h4|A&`|X;LZ^(RhK|k}t|6Id<#7(BJo@4L=
z2BTY-rWR18Pw?4?Z3?1Qkc4r=sF;TXUI#a3o<dyCrf3-YCX~LK8c{Oix%|6YTu9J-
z5L}8f08|NBjV!Rb?tPElx~c^vtz~w`JemN6D#^*L5+IF)jZz9kRX&4ffg`$e0i)^K
z91pEI1N49uKjj$i)N%0Yp_SNMjpus$UHIuAQAW=O17-VxHuP3Y<BhV8W28~=3ii_4
zMh`Vt&sJL{)sP5hx8*<&GBT7ZFF9bqEr)vRB=k-Wty@Lc2N(&x4nu%j3+V*?u-@UN
zZu(H}p~)?4^8{yO4CLw``~H_m>k8+Oa4T`^pB&`|jwnehnQ+bz7o%{h_iHEI3eLMD
z@3BzasD7a2Sq7*Npwmtq(MG-ZBMAR>ix+4~h;|Z&2j6hp1s(I{OjInS^UnmwkQ8+j
z%<22#(8BQ80PmWOp@C!s9$C3S0sGFc5k^V08v-KE%}QtZ{uznM6eE$<&i|j0NcZi@
z*3rU_ss1<{%k>AfeZA?%HbFUgU5jV(r_wy5c&UHPPc_)9Y$p??UzThAjQwEG`%mQm
zYj8``7ps;d;}|+%#rh@`IqK+*kgZD{$F+_{9;-@!(t&*w7%M$vXiibzR-qb95vS%(
z82tCNS^<cc&tJ5+0aV@(6L^TFMtwjC4GsMiwz^uLVk1(%eZ)}~p9@_nHvxTo7Q7%B
z8xvJEX>{-95sMax6;OLbMNkz*Fg=r{d$w|`@h)V9`!c+>oz1j^%)zvvnV&fkPS#&l
z*g_=^c7~>H=IOW0JH0J=Lq(&?2A5S*#{$Cg)pw@G!iF9G&$IefZVdkPnl8OvMs(Xd
zN~q7_2x*QiKB<pS-HwgXKOxcV!T`pKn}n!Ep`hQf56B{$ICBKFryu^tkW6}t;y_LF
zbd760En;xq!1=4ch0DEccDjv)6vp6KsMo$B4NHV%?!wia@J9bz6+&B<hQX>V>wlox
zXeNInZlnJ19%~BU+no94R;aWk`E(TxWo5k*-PImxmCBBZDEPi!kaE9jaH&ycgkxYu
z%U?^#Xjr=YK;62oz&I^1Cta#EvTU&ayC2%i@e-@bk5XCq=o1wC|BPVvguf03b!8aK
zNbX$TqEz}tj=zGzt8<ignFUEYP^#p>{vO*BlKKHkB?XWspxd}8Cb01oRnx>Mx#o%>
z<s7N|5Q>`V<Dl4x(x4bEO)TUT!$*6U2CM<83jKgabrWL&m|Qph8RS7?PNjg=uI0aN
zZ4-Hj3K6LVv??bPQbV;pTPAoH3;yVt6WJOT(qp0|6=(Y2x|XqxdA|Nsu|@VCPN^iA
zxAwlgoFHJKmF_*;zp}+$<Cp%0N1wZDTbHRKb#>EcUP}xJ^fYf{`ZrVn`)R(0kY$`_
zo3HT+(7Z}zgj&3cR~Z*;yL`=me$)J)U3%9ygS=6q+(-3Jn5c<z-yZc-zPD}}koeaa
zwz~|;J@4t{_MzJX(4V_A;kWyzEeQ&Sfn!K$ffO{@0pGZflx_Bt12kCHSFRAW&wMJM
zeKY7cR}4*`#BNH>v&Z#(=p^>n>|NKFu;fogY7J%|3ESv5Wdr<_POdqyL`T|D-N+6|
zO?+*OUJmqrrZqXN5gzr>?Dd(V%E(bnAIAd574Bv!;wxOdb9|Ab0^%n$=Q2pgHmugA
zR^>**|K3S<_6`KCpe%`>H0O7u>4+TzMf&MutOHAoau$5{(^n-ru;oG27b!QFO5hL=
zaVig*q?l7gynGlDiqFh_A*7I#&xK4dyl5CX_%!yYrW{OxeuTog+v&!@F;GOLz98pN
zNO9sL*~Jvb4czknb+16$VGI4q>89h2A2BB$Qe#?ED(5;%e;pyNUu$b=eVStFClqZu
z5ZNTdCCPxFHCN}tY|vXKE9*U!`goP^1KNxbCcDy+75-^MHlXm3;Mjnre*R(N1RB#r
zdEe^B$NpIk-2+}IlE@Bph^rc9cQtpQ733V%wrWlRMxp)I27ig^e?lv56E)uPuZ@@m
zR&uiLy>F$d^8YDbHHkC@d<mcnT)fe2-so?O9K)k~;LAvFHqg!R3Y*-o_-g!juU-$l
z1gnKJH+N?9URb}lvE73p!f*Gg$(7RXGnpAyMRfE<s-6BR1m3GCO{;90*N+l7xNvi<
z-C?a)2t^#fRT#50t{V3{;?f4_t(5&&i+j{fe!6$YtQ<;{mfO9C@*b$A8n$aD5KLo2
zvMaMYb131E)aT~}W31BLI13n&64vVd5Szi+fVfv&<cg6vzy82^-~W~#Ba`8r1^Xc-
z$3KbcXcxCQ0v8{-|BG9Kw4swS;b6OwKJenVZ8JaJe#ON%TTuA){kAYkiX=x;{I}Q&
zrAeD%H7)CCrbtc(x%~+BU10{3T~?hVYO!}#X$XQ^D;G#d(Vre3m6w5<#(dfitEtAR
z3MTfC!nnlnl{RJ4W2yM&tDFODVp0`<JX?k?YY+DEhd;8a`$xNJ%ViE}+~Q+v2+@`%
zJrX|dH~;l-m6@a7r<;Pca>cFJ@FDy^KB}^rLe~;Jkj+pNq$eP<d>GI+YmjES?yJXm
z#K+#H4&G7`Bu=asJ+`iT5yIT1MnO$~D2jhRDI3bRQPe&Ey-oMxM43d1d1Q6fb`076
zHO!R1yD`tqN@;eNzr6h6Sz&?31;vThIr&dD9CF0L9}Q<iqNgY5SGD>)+@CSjC)3$X
zM?^kc7F)6bKl1vgs){`h)SC9W_)&mG7XEnC?Tn=VHj0{E?kzH-1@(#IHqxR!AVo#~
zFdv0}cncxgC?hHkoiA4@Q-=JuY9GS7hJ9E|e@d358{!x45MZr!tT>Y^Bb*(DL1EgI
z>o6m{luy!}@$gE1=X{(UB(OYL7bbnDbE^wvKr$nTG2purvu`Odx&7Yj-P!~r2n|Ab
z5crp2v62`7MC*Jki7z25*wkq&d-9%eIh=LZA?{{UP%6jCxH~^FHnpzsIcCv-QYDU9
zcyc>%uea%=DEp(i2S#|+^XK2{3u|#<?%Z5*#+m1!$1j=pd{Hnj**4+j?2tLRqIQtG
z$_5mNFRV)fG$IqA-h)fRCV&A}*zS_6F+e9&hRm{fx|D{Aohg>52!C^50$89tUJb-L
z;Y)FWi8!eP=uf!rKJ2m#6jv4EGyAtq5&VV}*Pum<2y3!_)d0EtP<@30<;>ubT}H^~
z9t8Xygb%F(C<(rC8?+0!hG}4R+VV^kU%y>MH$vBkvc7Xcu%?r{B9-aM*gI58-+?3)
zNPe7PSEW&;_g>jgnVvf1%I?pm!cUK6%TIOfh{uK=$y+{qO>lfMS#Wu;@9oFnv>@}!
zZC%>K!*M7x2XbWn_!B>^4!(McKzvDpv}XTKm{-pLCr!G@B`P4GD@+O4Fv*J$>+e-2
z$)}t*+=sCAf1x&Cp<Zw>Hy}8Q&VF&15t3yc0na(HEoARJavt7x{c&=*xf!VjsDYAg
zm{apxjVV9xK<3p;*6e2@Su(lf4`dVy{Vw)iRZ+l4sn33jSqWlLY0u&R{E#K%>*gX|
z3Axp*$#_j{YltOu;B;WI#03KRJ?&S2x$V?MG1!+>x;i^W@f%v5YLZ=X9v_D+m+K9+
z?#WvOkHQ}&1<9z*{bd+g7zGjid<rqNw!0x@<$i3$@Sj&DuprXzUE;mT_17(c4E(<q
zDYcFitqhcV@Li(wOmsK*m`>^QqTQ!Brnez9+E<M?VhaUh|D>{R17X)Y+_vC-BOC<8
zh9W@Omx0w->OHVd6pVyq&~J_hm9YX_ozy$F90bYpPDQMV0Y}b&w~{V;wWUO*8y$Vi
zugfB8YQa@O^p5yF({VP-@LOc!Z2h{q;$>;&UJs?=OOIa*osKCPpr=&{<NgO^46Wn|
zP9-;<e=mbV;_>k3l4cro2l0nm?Vk@DXrJ*ufFbo%h-)?^@KF+!zH^E4!XC)HEWLd@
z#-SYOtAU1ZF>>!Gpe!g7(gGN1h+=he&SV4`-XqPBO_6Dj;f?<`5;-fDZMecY(Ay*U
zSi{2Rm1*mQn1j6I3STSydtmU|6+>r@?H7DupMCc3e>NVjq++*C8t|HQpXteR+RB;d
z<(fW!AC7%-K9kNcaJe<{%V3-+Yj2piBsZ?vhr{~9zd?d`X)>mChcl6f&M1Z5Ly<h`
zlkUhIzFQQcKvA3_D)$v)=DK|DpyPA1lgr4`fgDijz0nUg0z$}G0<33S|FhwH-$v@2
zJ!~@nFfDV)1Szo@=!1hYPyyvetl|0T8>Nw-<OgSAwuyGXd3U(3b}cU@Or~H3KEme3
zsek{3(U6N+6OQcclwt&IR9x<k8ZX6%X}^n{{eua6+|MM!_9H@_bnPA-wfnz02=}d@
z(^wP0+D06m`%gLNJ?+N&`?dHC%aBReBhP_w#Pvuob|A=6{Y9^B7X_tEdi-bf{!O_;
zQ&S#D&!a7_(^#G>_OCGxEbHm8vn8kD7dEg;-w+h01DS}hDR><+?-|*~>N9k}?K>VM
zt3Bi9OJ^7T+{B{om;jBlPsWeS8h?^t4MK@ds9ruUR6KX{)w5xROJH8TR4QMQYamtC
zY=!3Og6Hc;<LTM^y*uvdxtloC8MhAekCn~y=c1)_k^rc*V`9}ZNil-u(igesEC1&Q
z@Ro~i-O<&0|BxFH=Qm9fCArj^xFa)E+5}qN4lUngm^<?Q@41091o#pt(%_mwW^~b&
z79nOE_*wS>SN%6O2VUHP0*1wBFG3??k=GDVc^EE&oro#9L`HURfE~yV3?)=yCIH&m
zHu6uhshq!(>c~(L-xO3BJ<~Wo<8!Y3wQ`!njC3@bYgkz%&NCmKG8n6JwmM6XE?SKF
zg7%ZaJuQE1jrtZ9xO%PBw^F@g@tWkYKSTcc0gp@;S(t&aQUQB3H<?Sl3)z0+Cvx_@
zIP%CtD`#UMK_L^MhRS;>oB^qGh7uE{sL2$WTxH(iZwgtIQWgw){S-v{K)#?=9pLML
z0^j7O%E$@zT6lm#Vg!<a?ettaRs$#kQnVTwBpaw%^8yYB_?lWC3^Pntl=MeQ`^)_m
z2L+GX$8>s&Av1+Dm*R6tTY}N1Fw+&EpLHF=T0*XA^K$_&SFGo~(neKMr1a0#y$Ksr
zNtzl79IUYS%H4ePm(xr!%Ke{N0SOYLi_Ymy>T4Xl9oT+enh1k^`po)u#W9_Isd$5*
z915~CO{69v*r>UnLENwo6s1#~LgbXLGXHMnJWOU?9mS~%{S4-t^nI+|-s9Tc8b=2y
z;mAumkez4=$*)Fu#VX@@%zh^_*M&)LUnU@H^fxBPq%L@N;R((yT)QRO!0qGd&);>t
z8e}eBX)RHV<CDC1f;sVN#4)o|<l23&)%p+XdOJ3=CG@ns+Q@sfVSQ)y57vXbD)ZTX
z&)HFvoL(0Ru^nzI!>?|z?FSq#GJDWyDO4G-S<&q_bZannT?kXfT{6QDdK@{>7j|P{
zoFC4}6pqKKPEvBohna&)UO@}!#GgYOu@BU-fl|5Rd^Dy+rBW~6haAH;3ClBp!sbN(
z`-v)#kM#o8ujgsrV(>6?myVTBOVF`O#J2l5wyuXzgb?1`x{F!DX61v+%eA`R-VsmT
zjV?b$^`(7a*=%@OGN$i!He9>>wd{8beM3O&_fn+a*Tm7Wv!1sMytL*WEK(74&)lvN
zWF*il;bnbWQ}Y8|EV5V`u><-|=*ZqbR$!@52FX7<gY@zHkumFo-n|>EKSy3s%o^4T
z6h<duj&^>yZAL_7K?`@Tg5ifSX(NXNxX?%~fx^_|DPcNFjBs!n63OI`KZP>M)LI@c
zCcABBQ!tCf<q?2#pd~chgo2LlRV_b^fTDL{ONY_O=d|;%d3Zp_LNAi1n}_&7+TYl?
zD|K;58BxSm#YkU7W1;Le5pT&Jaj_>Q>dXDDZl`ct$FA$u@PJ$GT9QBbSlf)-odb*?
zm6<);R<=s2SiW5lE+TVmbLAGq-4G;Rm&{)K+#0~BDC2O_<F7+Q$?iOp5h0caS<@Yp
zokEoN{L}PCD#a-Ion25uNH<P{mf}O@fINjFx)r9-MAft>72Uqnw=kb>G)FFlWm6JN
zP-^$@2QGizhy%3ji)R1s=u@FNT}zCw%t}_<;rIR=kK~qI=%{5*F!#<+`Z2J@4*V35
zV{UsElzYKoOu>APS5belE#_K+R#QkPN2dH>;v7kE?NX()Hs?G-E3JkKmD#RNA33|Y
z)!F+<9eEyqF_-OehCE9Nvex)CYmz7s_-yW0$R0c-3qO-Ih$)vxzIY*f-|5AfGw147
zOo3A+q#DWdTi^2%o=J|3YqlPM))~m$!$U&7eGD|^<G1yBUyy~QlYud$U{fZ5Sio1j
zcyZ!@A)vO>YIjqIBt@pjOOTcyUd1Q6X8;aGdx{$q79(zV>^PjI5H`F1=W0ln;>^%6
z+Z<CxcZwGh3aHz=AXwKe>-<ZLOm8ayyr8DsbFg%}rjLwRw4|_hkzXh<$v=-3s6HI7
ze6D+>h)_Zs=L~s|Rm1nLE49J+&VEvFfQR33e7!k5&rx<KVK-rOwo%CcLi!_`%p=1&
zqYqOBWF8!$RtkF+znYKr(j|0neo%Ip5Iuhn#u6g(qWp9lEcD-urBl)JaBIY$M#?GB
zJh{31EidoXqQCzU=*JjlfJD}BoeJ8Z`OB)GKG^03Ng_cJd5T=my}Q{OvFXK&4t;;+
zitXgG-FJr8=+l*f6f15XK97A6117S}b}DFWvb;nIl1?tqDHdZrz<WpKLWpJ{ZCWmr
za!Vw^cgsdAy3xyAAS?fy3YVbvwGp>BHkG|6QCCDLPma(y*u_H(jyiDad}DGhdY6HK
zsUN%wAX)E<I}F=E0b+0&aTtC}KY^5pW*hyqSa%Pp=@u(uyZ+TbOiQ*aCQ|x3OfGTe
zdeq>W59Ds1fZ=y0)O4)2A_HjX_We7~mfJ7Eyh#1_9w!b5D!1OAH*qg=7x>TL93uaJ
z{w4rT4-KT4{`wLnaV8>@aT0K6Id}e9uzeIc@e}pVE$~yJhC}+}6Hj(V1)pdHKgKHt
zXUq)ZUjn?=p5a+=%!gl+)2^u(U4RzSwzMX$c2Q(8;HCACr%z>&noT6lpGh=6m?*k$
zNNnWbC#{vS@O_Z@yLGf-@&lV;YRm4xO-*P%lcbd_0A>PSNOA<$MRhvwCjItCYR$bG
z8%><!t}pT+^fGBVz!ghPISO;q3)>2v3o@3Q!?=L?LiSxerdlhf03W{bvB(X2N5PA;
z{$C%4Ou!2@a;Fu4zaM?^;-yt)8<LfIR5{-{q?(MyAbh@V=LZp+qbszJj6@MUR!cjJ
z(~p;ucL?{-)ygSqVs8vT_AnCMIrSvjg*s1)wD_d`l>R<q^Vru$IYl`3#;2nDfS>95
zxq5c|OR-hVY>R4bOvLY7-qmlP1#f<%ZE&dnSfD=syJ;m_K>a6%yD<w>tQ*5_rUQ|H
zQxCyPl@QZr-h<~S4*IIAIKgp=d>1$H;E&m>^yjKKQ>;Q%T#R;*-$PZ`Cq5SUwhbv_
zGzRwJy9S#xQ`WiQ^-+={;{1Z}G!ik{==;ITv#s@GUEuW%aJU*%<Py~#|LF|^zNZzj
ziQH@!bR5I?4$6HnAEQs@0Od~sznmeNMOA<@t>xMcFc_l@y^+?>s!5EG^vmZ%HQtcc
zR=4dov9I@Pz9BZSnOhZj<Zlw9yBh!N=dE|YqK~jgA1N-<JE601rRREgwy_P?{&3!O
z#e^!Jer&wpo7M5(<&=5TtAd~WJjC99oVH@7O2fK3`kFXPR9Mby54xV=<dzh99?34g
zx`1-&Sp_##TD=g&ftcB6Gbx{bIga(9x@h*#cg)`Ptil+?@U*y;`loAe3lsPGv9&+a
z9et(?_Z#?+9lM3xgEPgRt2;`nLlH308BNo+PIqqDJd3<JOd|L)Uk2D(Lt8h_UkhC!
z(w`(1y7=|8F_kE|yW@}|kew`a5t1$bJf+`o^KCi*<zO?gOACwM71X-M#{RtfH+Xg}
zoTqYGOO#x{w7bdHihOnKWRuj*;gGNi1-_6g&1)cZ7{a>QNhVYJvln3AY^2ebU%ydK
z-P!15tN5leti9s%C{^+Jx9H{2qX34l87+8sj{RD)(ibGQ=H3T~=-3%EM&!Pur_l7R
zRPA#fKNI(N(M5=7xXlOCzHW`+D*dN~X{7(@pK8^8DHiX|F%vRj$+fiy6*d*75d?(g
z-TEc%3#4AZZ&RJ?Tky1-(3AXz%yA%ez_5vL^NsdgVI#IzG=T5hxSV{ac*Bka#D;b3
zeVtjuEb=zIo%X#>%$*9kiD7GZGdlq;DI}N*7Z;iFA)_1#%wu543^h4s_h{f9%+Bm8
zo6VL*7h7NjMvkdYG0Pz74<hSeb9@&5GkwuD2Wiw^MEvwfs@o!>?4l?Yy_$tKS(Mm`
ztFUo?pNQ^u06GTH65qiVxEd(`=nvxf9(t!o`5VB)Q@Bx%)Pbot#zw692IQTpAOG|L
zdQ0#kZf=ow9ULqHy{&K+(^qIh6Zz!p>95(jgvo4N#^dv-i4k6XnC??ZCUVFS-?TT*
zuApk`>Zdg3D&)cK=11QHiF<S3j|&9g{Lcj}{mR0mT7g$WDqlNRLCFZbk=}(jqu`(`
zm=CxF0BmnDJxD!icf$Rb-O|Y8jeyLg>IC2OfQFA}fxKx&j`)0r5=;*wpO$1M7|TO^
z+n!gs!kKzH7TkHa7_<=l;Nv3Qid66GAxTx+1r1kr{ur7)<5m8M3o;dF?)|bmIXvW-
zD;D;+L~CqZ*lgBP<7pWDe1elKl2H2hl^iFvC+>G#;=9>B0l14sCtSyk)Icw9`EY)C
z9}cW`Zlu{f*jYJfpYORsJV_A{pyRs=!e%%^zNx0aHGxe`KS0c;3%X<kJIwH)TpmE7
z>FNm8Y4RZAjf4H#nT08g1C5=zDez8EIv4CbU5o6CAx=JVn|({oH>rp^N5(`PTYdNI
zQ}K$Az*Ysu(TxV<oi?Ffe{Q!zaJ!=nskfhXGBpN#A8M$%UW7m3-wxJ)YKdCD<dbDs
z4wmd<B&Gl<!5tn=Aq}6gGB#%m_dMr`KfHkK!f>jhS|_XeHCP0F_R&8b?(H+*^KXD~
z;Gx*a?-91_XT{$Wi(xvG#jb;TMC5gP78VeHYofgSAS#)rv+YXiQ_!;tu6poi`mPG%
z_3)p~(b8s@Ju-6($wsLb?1CA+i6EF|0pFolTzn6W6D;`bE>;w-uuH6X12P)XSn61q
z|39YQ!>OsZ>mF8-A_%B}NR5g}6H$tEB3)5IlqM|{DN?0(A|jwv0RgEI5Rl$`iNFm=
zjdYL_AoP}mmY(y=^Ui!T-ye{fb6qF1&)R#fy;h#=eAh}~&wQVIMbjCAy9qgSh=0gX
zpgtU~R%2ip&%)e<-@_0+Y3AbtjAy-L@74T=#$c4jJEzE$bijBnkpzJTjew=br(}nz
zCmCA@V5u%<L0D9{l>@sPxh3pDsWrKolZdSQ1*H3tI}aXNm~&%fwKs=UUG~NI=hP8r
zJ5E+^Nwx(%y&um22Se(8W-84_B>SLtL4W3x8ddhd=w1cpT!G{}LT{7kC$68N`j+7J
zA7KXv0n3flNL%D9|2uMH0ah=m3m$ut2URfZm@V4NyTWj$3pe?F@!2&XuoEj7l`(j=
za+#ew?{25FG78a$rT+g{$B%Xgl<_RropT`p+9A-RpD|oN0ZC7C#-M?!5W%7WC~da-
z{^9<8&7j5$L!d@z!3R8q0($(#szYcO8B4?HtotJKTPaDe5I7V<fWEfHp!K^zXdWB)
zX~JC9J-V7uWtJB)c_W2)&LfhqI;m%%Ahyw(`Js1pd4VU7VA{VO_KseMKab%P2g%;1
zT;T_lg03Z~G>sCZ9|Ku}OK!Q1Ga8dkbLupzsh2Inhfm7uPqGMMrg||JXq;U>`G+W{
zBq<XgD5IuO<5Y+DHf*%f<jKY+%|bxJ9{@+tTtY#vp!YV==9PmBGE#IDPwf?OmGci2
zN}y_P;DbQ#(QUxwA~8nh?fevc_!*$Q`n~tS;v2{5SB`e?3s*j35O#e~dd8iF_g@b~
z@X`@r1BJu)%9M4~!y2&S-Ec`w{H*D|z0D0(z7`ix()*zX;aGUclyCDEaAF|^SloCL
zM8*lFI}>O%1f?aM!EuBC^vlg3V;$>g{h$H*JM$h+`Xf&yMl@UQaggB+r^t^da4END
z*1LL^2ajAOf`_R0=8$}=#{x;@UAE>e58`;Pe{a&^xn|+QZw!_@tr+yRQ|P@oqUSpt
zKraR(Zle*@v4#DH`j*HM%*qzm4}b;QWB1c1xggdq)|RIm$ql1vX~Omon*0BKxTX66
zc-dSKp=>|_(GozUxuxbjvn6ZnfS4*EhTl6rf%lZb+HXD#unW=RklZDOEJ#oKPk{O7
z(9=#IMroX`y{-t)YE;v^IDc`NHrIUNi%govgM2VY{Xg1-z3!iO(z?M1X1%CK4PVKS
zf-?i%LMYdJCfZ8I?OF8$pRWSF6_-%KIgpG*Oo&EFD#}LX4U*FWOY(VwUNC(7HK#ha
z+Uv1O^T7}uRxtN3U+(88Y8gkFJQp}*e#ZC^5>1bMT2<0OCqpOiHBdG26F_+k$ayQz
zPnx&6k7my&1>Cill_Pj9A3zspX`6+W966rbAM#=k;<x&t*`EFAwB|X9LhJfm|7|DN
z>egt)15k`-d}Wi1!GgoqL8VU#Giee6YxY8SqVLIpH&P+ApY7R%Y{;2HmP{Fv_)ptr
z5rjwMa92O>g|{fy+*wF?(9hBT;&Dx6xE?~V$qS8`C+<zZ;V|*=X<P*;Tf(GY1R<$!
zMuQsxhg0*9kf9u*DJwz{;oiY(%aB*3>N-7x_4=w8=fkX_sNBV<P~jKI7ms2a78B`q
zkUYv`clF7?ADO{t{I{FaD(TI=`tV@jw19$wNZo6q&Q>nyH9d63WH!!VJkz_5#}xP|
z#BA6cAfXgcw+sVvPM0zDCSMM&0dY(GR4i0VsdAQnv~|~S<hxg%?hYwc-wNA_c!8~g
zE!l*X@5fhO$G-T@jinG3eH`mcEym&3HoiL1z^%K~k1+ACU7j$61@Z+LEgMRh9zVO=
zHJh`8Ue}4NsPkq=U0?YY6(i6AJCF~QsxZrPj{(usK$?ci1`=4#wn@Efa3=13rlLtZ
zTT@w?*{zffA(lYG^lS&^bzRT|oS~dw{yaSNuzt^?WNhP+|9;3AYIOAb?cUpZLkL2M
z?@)^*P^)iQt5{8)r7K^NKkU3UWPwnM0G0&+!KQ0~MBtT;RaI3B70?0)*D$)(+n{=j
z_7=>A@WGc&guYg1V^wd=q#};IqAkM}1MB6x_(rHNmx`4BQD8vreoZI~oqyLg`HYy$
zM7PC-vhp9<@5e$FBQsZvOm$G%z4f>A9KLlxOZ1&_qw<Z4`1C^-sr)6crDpWq@k9L2
z9tk1c1zNYV0J9UwtTuf#oxSsBAR!n!6ST>S*#dXNTr0Y=yoQILf}Z#Lub?`_I;^RI
zQ?BYeuwnF!0Oc1>r|In9w(i^)o00ZyT_DUS?*u^%IGr}Bm8{{yE4fyGq0TxNLPA(1
z6s&R6@*~-|CXrGFSxvNb*tvAP+DThrRetTIurpS`|Gw$LgD?xiu-fY{{(nwzN6EKH
zR~F#ks6U++&LCV33(W3Ez<w@$hp{#ew{<(=LoUKTz-IE6C~HcJo?d{^EnzdJ3)l4u
zZ|1*ZxRoFv>L0+u@X-uMq0a0p1|WO$?-Oy@<7LUbkg?@@r&05I#}^e!{r@u08{~Z$
zJVC;++}n_I!Fj9@kYwQB<6Z-`0MAJKGHiy-S_TA45m3aoVTXe-!-`uu9=GZtbh;aU
zxPyy|s6N?%ZFR<0`=q{K2}o19iiDhBJ^UYXoag&~UnD}YeHnkgpcBZYD<UXZEOihi
zbpkA7Al51~V~ShPSIX@}Wz?wqGPu)OWNT_BDAqOnaX3JhIi?Hx3v+sY7Y9THiok;U
zOAn3Kwe+J}9LSw*J1=kxAh>P|F_w;^34qLQ!j<E2iE2bq6oNeySau9&iqw_W>jyKs
zM#<<a&*ygYCnu3x9)bTB-!gog#QtU9kie{w#e9d0yagU;DNIzD+JwzsdR9if5NewZ
zGMKC%Q_}ppcy}{aK>3b5dAM{1{e?;^tye-r8;r*r3<XTvO}OHQ3c{OD<=-2TGAh)&
zmO7%mm4}g<Y?7A~OWIQP@ztaa?iu=c9Jh7w^bCE-M-X0W1^sZm<WKjL^>R#xU7#Lk
zEZn(OVi92h_20_zYa5NQ2*-DSF#&~Qu=*!Sy;5J3sP^ID1I|sMO~#Ftu#HCfMNc^8
z>XVjXD%dQR(im51wM1gW#d0D?o}aLz(CnKz+>r2T;$G<HK_r{lzW1iWZ&k{EoTI`j
z;S=+3cL*M=4*-H8@ybV^dl%)i;r5czmrML&_(Q)cAL0Rp4e5}bwAl*ye*pKju*ZKo
z&$707y1`rflYi!O272X3R4R>i_SzLF#?AK!>+K`Thq7E$z35%-*R3bhtysfv4sMMH
z-~J1~n2#zk6Aj;rorHoZCo(>B??xP)S|lyP3xH*RH1r8zc$~M6uG)k)j!#Z!Z4I!>
zulEJ@XO`4d9Ur|W6VfmH_W9DR#RuDV$+w+)IN<H3-#z7kypY4pswWL&!K`nvhm4@}
zzk6%oQ^%10gJfO&>8Wc)b=2nsi<LNP(D9bGe~#l#dF`+tpf>_gY2Qq5T;&XtcFkOy
zAK%Gam79E=>44mfGg=+-7~0tP`B_MvG~nPz;aLHF-8&c1UplU&7;rx>_>3IKx0I|a
zxJmUHsSO<SbhIY<!bxEH<48_o+gOC4Cd0`CH9-ZkBW}iGB-1j&U^#fp3Mb*}o&XPR
zJvIy4li5?*QnT$OPR}CSI1H4=(i*}BRs+wuTF<ZJ1R~~zR{catg)-ku3}hAY<*UcH
zeZKbF<xtmRfISL?KisyXlcGcjoY`Q!k>~of^;ntIvXlT1n+JF<-8$(SgL>f^H>GTj
zh;P^Zs-9ST+C8WC=S@`IA;yHC3giTl`>@TYAI`5uW_%<|{vc59!S7=*%Z{Uzw(i$U
zZ6C>LIjUbMAFJe7g%aQjp@W-3EAEvG!nzkiN7=XP{in#7iQ#O^@b#Y7tsM6~n*G2e
zqVtb6&Z1mCjm(PKs0BuNM|F3qLcly(m17sdf5GwKZt!=xyfgcMTXQO-|4`chFv{=f
zgs$tKz|X|Caz>R{g7O1S$@T}m?kYJ~4tje712eIhA$?4vhiV-5$0->BC);h&)BfIh
zkR;)8D0Bv9zOXqSY;9B@TshyAhdgh&=czhX|3vV3K&X#GyM}jQKf#a$WCKWu7;^?}
zNkg6-iu<LVT|w7%>1zX4-RxwMi=oG-Pml2i2eQQD5XcN{m8`u*pRFMEl`N?N)jKQC
zH9zjcb;n#tSpgJ64?GbH2b}BkgZJ4<3%GfCwca+r8??;}zA1mu&`mk5pK;$~$|^d`
zoIJ5o!Gi>k{?4O010O$LD|??A!bo$8x8u!{?<HnZVWT{;Wm8;u$QJ0|EcwgGgp#gr
zY%loatLEY*C5T;;+tzKvY@?UtAE!v364<(abC}nCoS@T7L?^yZ`Qz!77ckyB>WE7o
zbGM__faZR@$E(7ry5|_&b!cZpGX=(lZ$0MU)>mk5TWC6U#m#4zS48>?0~M0dUv%$f
z0(BR__n~JQK>ex{2JUQoa-y|*OjE7ak)T`0CHvT|ExFWeXgzs&6YfS`m?WanIna6n
z;uta(T0A#k4=I1+9d_q#wX@(P@p(o?_6C=G+%mW|pOFYNZF18MvXjzD6@dF{C&>WQ
zymxCK&{a^1->#`43ey^wUTL?TBp&Wf&{>Te0KFM(4|-8Ab=RuHE;-b%0@Z&Zu@qO5
zKh2c{)YrwPqzQWi92NizYqiLF3+33K*-j}M*gaLN2<}9sqxa3h^C~DLJD55p043L+
z8R=op&n|82u%XdxD_6`^n$l=Cd<hHxYzfQ1<sYA24IHZ9%56^Y&9E{b`X(nl3|Va|
zz}K9aJ=7L$=}Bm*%HZ;t&u<Pn8r)J%dY$p;i#vAB4Y}#^ZMIc~$$Dmc;?|Dey8U!S
zqwx*7AA#d6iwz+I=9xos*-EQCm|3J+r&7y|sl3JxuC?5({%U|5->SHk$yfrPOpp9O
z=lw-;jG(O#P7;$nubv$7BV|AkvJrg3w>i99EUs^viJf&<Ws`kQPQaMnnDYN=_;+)j
zEwPYvG{WcAtI!-YjQbM6deL2Z<3El|2<1PygA8*n^7x(NxA>#-YAgC}%F%Fjd-SLh
z(bNu8Zc@5ZwTB#Kv$!*SfeP_?KT(9c((HwDU7QHJzy2I+$KCc07eCD|lGJS|L{t<L
z|9ayp^&KsJmVMHs0(o%cXC2@kAQF`zXI(TuwY##Ir*rfS!+rnFCXt;#^DDH~d(%7H
z+Dx!h_jMqm|E{NhQP^;v*=YUe6+;=+Nj0P-YY$nTD)EE~(DDhy39vEgEXyXclAd*e
zLp4ROH4cZr_FPj-x+t=E)EM;dzm?hQ*Gs2+lgXOo3nr${Eu8a09{ir<(i!u{afm>j
zn4b=*2_whYQxHd?n>A3QF0u-G)o<<H!Rr<(bZkVcAEvM%3R|GMtf4pxJCh+^>{i0?
zdkk&)j`6$F=fG0}m)H)n5ogov+h-mLy9fOIWdx6-7LZtbNv&kU5s#{d!B|%3Z&p({
zi`m*ouz^x{LYG&Kz*<?RhCT&g=syPuJxyq@uzbhH4e?3H3Rsz^jw63xfOu=jrX|PU
zpDx?0Es}Uw2-1zXdp4_dXUWfHwrB9Q?y3(8WuWs=mBiXiCnMp~h|RB6hx@uA7aKk2
zr#Mdqze$}wJkmiwO|DdKyC@}cv^Tw#v7lNB@{PjIR&rBnLRslsJ*Txi`-yO$_RZ+R
z%hnet#wOksPJr#9G1~~)fvcq=5q=IX;5|55|JaUP8ops9@X)1WP*|coTXtdCYVh2;
z7CImE49b?Y%B|Ul11cB=ABA5%%R^2qt+<A?lyl}sdwUUM+IsPjmbayQwCKc-)C+t=
zfy9N}?P7Eo-Kaoh26^_+TaZdg*qPt#N%ix8pRk2777h{AW5KuKzcJ->D212;aqX|N
z;FGuEpL?rKHl*cSpr!#=^u7lI!w())s<B_ofCa0`sm3pxjOXsGfMZJ*KPTr^r(!d1
zW7GK<+T)~7^o+0SHH6`;)-RIZBpdOAY_#4Ak~;2@(KnPQj30-SWAhEZFpJhe$DXj>
zQsKS!)LFrnOkeKTzU<LEIWp;WvC@n9K*KzBEs3&(nHongaU_3PJ3_$qceXdQlkWM1
zF(lRzFJDASIVI*)z1X{3)hjppJe(LK*dtQG!oUtX$g{P&Vw~*!?5<kP8Z~$66k3`x
zBzDM^x%4$M3;2nTD45Z~j#7LCy=R5?C|tWIqDD?#0wbXzSD1MsHE*55@x{;3>K;PJ
zCx<H_-<P*=zCWMrsEdXVzvCZFQuuiEIQwA`e`85|whnS9*nVBip;jvOFq}kTmv`u=
z^BBR0sH#?E=2wPnLdVDMZ$r@s^6k<^ajkNn#yn?>;8?9KHc88^GfA<O!y!u(#AOyg
zvrhl{NdId4Bz2FCvQx*uN4q`-X2$B&DC#WHK66mLF;3zx5d9hQfNY5B#UHoKvvO?$
zvdv72<MM0VOW0WFBY|FEDFm{m!?tGt5EL~q)6jZH@PC%92mV4(6yBo!*Fvv+4Ux;L
zOCam@^YH6`+kPj3R|%qfZF`wXU8%__n<-4$b{P+l`fa1T`^(&Fe4ASfH-VECsv?WC
zh-<AGfP9#E>PMJxJZD)K>fV2VFw8YEwp(NdW)4DHSq)UBt~myg)9!gCX9weM*nV0p
z$o&%}c2`x_rGF3GHP2o@!)tH}ddb>k3tmwLrayjLsc9xP`1>V328-+8L(eJw)F7lh
zqVme`)#wtciTkf$ecNcXqG{1u(P7hgFMg-?x@`NtlMb-w)SNdv-}a0G**SW)^vNO!
zQMMsK9SaG(#9)tXOZ*qWe^Z2RdOfJb3CIsU^>eK*_DkA?E#8p)oKbN>4Qy+5Q}GwY
zu!Ur>4>-qmR}Uz)LaP%Ge}ANx9)+U2_$r5C<7#6l^nmuv8MFs1aSZtml$&;qu=4($
z7O-ro$<j|<;oS!0^w3qERX%+3omoHN#G(60fpPYwlTHwHA5C1YrPlE6=<i*CgCyKk
zT>N@yvA79RuLaE$x`@%H((LTJFKT_8*OR%baE-Ge7mi!5=-4EwsVoUZ=kLzIn%bl@
zW_=bO26CuGO~Mp|DvY5r$B|>q-UYs=?k@(etOUph_4CU+E_N=)nhU1F&-e9cafkXJ
z2r<BQJ%jeE^?u_dPrjFR#Hae+A3v`)=CEhdXg*ys-!_f*X#k<RRG-v`;qec9FYxhE
zw$#=KG-I0L8E4+u-T|MPHL$ZM6drzBY^2<fH<AL;oa{#h{qF6}fZ_!Ot!HLot=_iZ
z35(3T3@zQbK$di(`+TgNV1tw`()f8%T^%5i@56e~Tl(MG>NxpI3>2UnVPE+ba{fB_
z8nRcF<T`rlo;Zn=H^Q}UmxNhC`w@_~Q(L5h5$Qum{{lmdi__$oZQ=L5ctpYS#r5$4
z{tcZZ{`LE9+m;5RLoVdb(Y8~enaT_q#Nf?FW`<IK?NQl_6ah6l{V(FL)*#=o4|1_L
zcjMt<DSJ$w8*kZfU}giqOXp%AtS<l3VgC{MaJhZ!(P2^hkX%)rf8Q!@Z@#<HZTauI
zXCLp2{i4UX*ZN9%KH1%e_u>uxqE3^}`XJ$i1PS(VB`B6;Ct;Jj^{~!VW%M?|lXcSl
z{1eNN80ZSLv!k7Ay7VRj#%Iuq!ps5mNfgAgdD<_bsndX7c3JK>J-Fx4%3Bd8JVyin
zJNK(UVAMSHJcX`GLnst+BF_h9N?ih=vv~H7^ik+MN(!S<44*#|v7nMce;}2bm^tv+
z44<NGiO5|oP6D|Ex%w)^_vMdQ)X9wHy3r66p*?scY=}T#skeLGpz+OmJG`(h6hvzC
zMM}wrw!X!aH=}BrFz8>8?t2hJr42{tF@WERr+=EtnKI9w<p(<`iR~UdK`4}aa!`x}
ziTT{wRxlT%C?#e!Nx@GV*fl-JFLaN+;v}uXKRd+F#seq$|4s*vkv~i8m$tnE&|IOe
zR?O7$*X3F5SBrk&8xf5{xoo>Aa&=9fa4baYQ$%HzEWr=zpvkooAR^WNjcCjN2W64I
z^6F!Gnsl)9L_vKJJ56&C2U#h8-Z9#*?%-V;)Tf4jX>AI5WL=ppFWvh=Z@mARd;3aG
z{o+@3RaQU->&rP({Zd2l%R{XX)iGt-G4;iBTkYZH{_U?;5X0XFKY&2MXx5ZZBylZM
zPndUdcdsMRl!3e<?7cC4K&Vuv4h^3lv}Z^74%A$l3EBNavwmkmjr)JN&H5LpySRWK
zDz6%!79ixFhx-l|cueHV^Ql3PmK`-v!*P`NDsuF|EHYfq6D_3%NZSdBo%#J(k*{<4
z^mxcZM*aZfSAL1#vE~b;&5gBLrOHaF;k~JRslkq{>Gxh0<cut8_(M`n@cZt<!{~<r
zW%DKhyo{MFThH|ZHP+XDA31Xxml-p<Dm|D_Be#<$>JAgVgf2rHHDk6I*W@x{G;efs
zBTQQhN}E47r(?T|oX&S`^KXNQstvQulZodbjI04REw{;j?yG;df72beTDFo^ZX!tH
zja7HOdqjeVhkm)SqxKxnENc8$I#2l&(HrCCS?dSmEkRBlaBNPa{JZmv=050lKK6vk
z1J%Y?Iv~cYxi=+a9PceXjYNVU8CbTTui)pelFU&a42eCqWPEjmH%U#%GpKm_1&S@;
zo>x!l&gfVHpN0q$HQ&eUk(2Azu^Z*AIpRYZ^35S{yPpT_KNO6{5Y*NTg6to=qu|_z
zZyzOIHmK8so;QA0<??ElbzcJUB78h~p&9+2a5N}1l`+?_BiDb`K0-o`T4pSc_Gl0K
zyv0h?yUO(Tinpx2HF{{T;CWvge{gV;boqxf({i)!gieQFodf5j3$FspR~aBNF%A+l
zGH*5pm=t`N;5LVE<FxYqc_AF<wZ0upFm_qrr(-c35Ou}S0mkJ<-3hG@pH+=W4zjOm
zY}5nR4gcI7iepz%c`JgCo2^r#UW9nRJLmoM;DplEdpqlw*T)hjHrA?i!)TyVS~#{_
zio*}{M@q@);AOb&;H5o3O?{o);g>^Ha`z?#6}^nZ_+CeS4qZi;WY5Nz#2l`_Kjv0h
z^JqKO?}`*SjdSvK__nHh(G<T>q#r*BUW&s(jfQp$S`Dp;68tA+0}x-)SL^rWIi;Rk
z9f=Nge<xiK66aa?rEeuJLI!=|BpC`<Js*6w*cq^7cksH!06PG>F)0=tb<>$_>QF`G
zNBd55uE@KZBXOEjiID$h1C>Y;qql`*JD7{Ub@o|doLbryaW7=0%#jtc>l4>anGBR=
z{uNeWf<cIqGQ%OZ@jC0#vcu@Bl*-~RI-MUkt@18GH!`K3f`)Bse4~^CbEqDpS6ETB
zdz|lG`V04oq4`^c7MI_oRH<<h!XMwdMLsp~Llh!uX+rm1Gq^S_aEY@&MqD;Y3E4-B
zGyi`4`1b26QtsXOU`GtD8EAZzsWdJjt(krC8N(aH)Jh<A3*6Y~`{mi<osPb!B)1Rp
zG9Ze&FGG-7oNR1EeuG$SdV>UY@_V4a)z2qiG(aV5Pyr)E&Ycb4emo1sll)d7ZPVjM
zSbKIjQl+rOV@F!$cJT4QzrFUc<@M&%&uPX3CkJD^W!m;QvE+C6t7kqd?;IXt<=c)N
zp7E0Xt*RQC6w~|9p*=dof=2K9&sBQWUr}^Ue%2zTBq*$?BXox^-6h;K!NtIh>}RJs
zzBt1nS~KFD^y+3!nqSqx>(OUE?2=|{9v>k4YqXeA8}X~$MvsUOss}7v&EW5O?&bOE
z@(9g^L_)=h77pjG0uXIw##4K%lA#YZsEmWnup2Azk0PkF_yq;ZGwYA!4%5)<jbEhJ
z*he|C<lW=Fs+IfMr7y^YidrN+;g&Y}JDqWQx;Bt*_^2$C;ki1G5i{y}LisD+<|(l@
zM?W&X<|S8Qn~P6T2GPyxG|S=udwq*oX~}qa#TfLB71Sk{?A)Ml0&*pXB`r#h1V3dS
z_$^~DBJZ~RE(2xYYp@9zQ6P1AVUI=0-p4qD4EA1FPO=7-eTHk{VG~B}T)%tMVT$fA
z=K!^3*eq*LJ1A@LnXzlDR5D{M+vaL;P^G_$%kj`liE=7>rnFJ)XAk+9Z`?ba<Q_8&
zITyqXauJyN#3cHP|56;(4k)2kn{|E5{;i~lfzJ%mKlnW|dZVH1JohN{)p8#JEJ6C;
zL#MzU=0NZAnjVdN{xhYFskk3yr9VA1?X$oiBQi^-gDi>m_OHP$t<A?U%v77rQEv0a
zx*Ev5Mnfj}OPl{MY)MDGL_LJ?QS^>@_1-x=iYmsjNU!z%6`zuS=S-z#eRtl{1Gf+5
z7VXmL;(QF~FkK~fjfcnr5<7Ep4qs^>oc^VOda`>JxRhx)!Y<=DCWrST@U4KpeZCo)
zZ-mT0^x`D7_rNU%OhzV0S-Z-(DR-cpgIXxhm;<D8tLgmKXDTOl?_NiJRLy1YDXP?b
zjBDaw)ikUrFA0;Dd|sHnB}=Yrf^{D`k6|an<_wP4B&wer*1?MPJM-J>+Ne`qyS8V>
zgs(DX&!XjYK|y!Y>hh8}Nms9`QVoaYOzP`^)QHrXTVCV<a$E1F!S98lyu%r%2c+6Y
zYV>FRQ+PkTD(ns5=s@8CL$T87KJ@=G<ASUYSjbL3o$+|zm<7g~epmotb?Bx-N)UP1
zw%#~lG&H;v7#{+%`)bbB*R?#p;cCSG-pj{x0LG&sEx1Omc8)JA{c!mzzTj;6LGXpW
zB7#5UCTFYHKUI5tdjFeCPM2;>4G`c^G+PyYq7dwgLxJ6C|0SYp=kX1a-9cv`R0(=D
zTzYY8SuGySgJ;mJH$ow{8S_YSa7_FYXTK=y7CJH+)9iJ742#mnqb12d=8#>d7C1t-
z!DAtI+K}55x<V@Ey*5L1!_S|{A4b)xLMWYN*eLWG*F1{daX20PNYil`=0*@o#y};Y
zJ{$I7MK8(!I0p%OEd2FH8SmGQ+y*~BN4}xY9H|rOs>t(v)Ys*)E3ov1$}3&hvE|Ot
zcDPU?sdXCXZC?7$uMeCZcrtxGG<0=B$m$Y4G~>@p%?|mGVW-pODQ@_`Hw${<pQ+bl
zAw$+#;nr9^e&)k-Nvb%ga?pOZ9kR8+p)A|(4i6w?xKd@UhV+n-U;eu{(3Y*s)_@_c
z{lNz4d;4HDa-hJH+s`E5XD~C@<xe4W$YYs<sf@<~)axr>U3-UOB>6EM<ui&w9y_hE
z0`c4nL=nNJ-dNgz*k7{>baxZ4`2TqUxL3ylTvP(KuijFyV@ypqVj>MUB9RuEa5gLJ
zwe&JEcEGf9dF5XK-%6`MR@#(0Sv7F(VP07smiQqd<8x+luVFs~zARuhTweRDDZ%u$
ztLG6ubpXzpU1o&xIEZ#yoZ4aknziDpY=ht3tFBz82teaD4eBwuM|CdqP4cl>v(LY%
zhQ9YSEjD_{aj6K~GZA5M18~HvYcYDAv3%Ox*A85k>e^hPL$_FX@~_=D*|x|V;;6Zr
z_as{D6EM+-Yegk0&-9G@@2dS)B`pp|LnDLb7Hhi0_B&hI?|W(L#6O~@k_|;)@<5nO
z#mZukf!WzI&|CSI?Ea=}QH8zQ#&!JGJB#);(@weDA^)um$7v{jOG7p}&u1|V9J4eY
z31?Eh2&POziCZ&ZJ515%a7#vjw*DtF3GEYNzw(Oc%(AoS^jnl|*VI-t88H|KeGm6w
z2<YEu9L;v~T$T8lQ1uvSA&0GvD}M4(9V#$95eQU`v2?|_Aoh08dtSjzjq%{XZ<8-v
z00wW`?-Y>sZ$4r4x5CUAe_rH&chu#w=KEcYY#LkL&VI2f2C`FE7wB)>@YrHG2px7@
zV9Mki)!(s7bhV=YCN93K%9~ZzN3Nc@{hk4McHaGD-QQGYAbs4kbXzKkQW_ho&INto
zp|j?I|J|W|Xrti_c_XzOuxqUk^(}^|s0zgJYVmhJcsf%4zDAYAzV#!^t5^NBGEl;j
zGs-bM^FcIg_2y%%(bvj2d#c6BU)cbnn8;Pux7n`KRot;#vzUKM%z1}{3gRB9t`i5p
zrGQU>{D<GKLp*zwf0`udr8gDobf&9m-FcDx&=5D~9`8$CIT?IT0TZLoS2>>QUEgie
zS=#*c<nGCX)4}0RUDM@4Dw`E!i?RQT_(hp*&<gi|a~rLGN#>9Mxuh^Ql$IN{j{u=a
z@mR40@<ONg<O0wfLn(HDy2}r~zVs{0HK-`gb@{A1&7Ib>=Li}=ro<Fm@W#Ouw_T>2
zN}{6DxEE{GJ4ardmVZqV{qpk{r-wQ8TSKI-*jcOg_o1uu@iCCwiiXW?d&^Icl$Ind
zT4(%rzU2IsBC0F{M{K*}MXX2fB>LaUQJrSNlju&aNRdrO%}2Qna)`C1Uh?k<I431G
ztKfZBkEuiY{VrrK1_`vlnyBka4~k*0zlZ0EnvY`kg5$1u+#k1P;AnbN{fR2yrAE+d
z_FH(=vA)B|R-9yK&40hE-#%+LXEVmr@Nr<Ul2bB$|K*ZA*;I}rY11b!qk22fdmcX<
z&JW$_OnUIB%<{F450PhcCuXGPd0mNpa|Er3=7k@9iFx3t@Ov~5{@IW2IMTK_BMe}~
zm*Nc^K9XfVbQ}zmsN7J0r*ORCv1TUkCGzV^=*D!TFZTK6Z{C?1ubpP-vp*+#o%1nX
zFj2#`Juq)1ip}O{bLMp=v`4~~39qxl^WyEyd=mPRr}A;t+;imFA0Diioz2U77da%}
zEck-f$K!t0$A^Q*h+*Y>7gb?lRNC;8;D3=)Ma_<pUt3vS-WHn1gKyB~mCW9k#;d;k
zsq)d#wv15yUFGaWEn-`X$FEnix&2LG;GRq12G=8CZ~@Er)}~eOwDS28{uw=Z1dJtA
z>-E)nELQebQn=H8?cNcYsSf-j5I&c$bEtfnw|jR{ZnW|DlSU|d%wrgbY){FUDJGAR
zK!e>|naIAYDUpsXjH=q%MwDtovnC(*8J`8}x}??8I-&|+&B;6)PbKvxbOe3OmJ7J$
zt~xheZPn{{Ff|kys5pL633o$uW?mBL+XB{4WB%QvLdYvd8pJ#;yzh*kR`XxWfXnY>
zqiq$;i{ty<+js^-aRMll{XwX3Y)ZTJp2>Yx(}ueVjlDNQPC1Sy=d(IotJPhKv0CQ~
z3MwFtAEsD>mSWTPtZ3Wps>Vz{mDLW<AJXugU&Y?#n+Vm;voNw)WB1gTaI(ZyyUMY)
zK@qkL5x5;IZGeG2Y0zf6AY~3^#D^&VkItO$ct;msU?w8O2(b~EXa|^Z^vpgyyUW3o
zep;&H1&(jb_M**2&;vxFAi(OAk+IListJY4g_hi+{3rc1p7<t|md*T?<p?Ty9DAVr
zpusrnzL-KI%&;?DAP8Qh_=@xAebwa1>f4MDMQi-tmOL`?C|b9frG_FRJ`#a&K;*s^
z_K(|yw?MB_5aYP1j@|b<-rnJkc=)czmGS3OS7jV)^}Bfbd}OJ0ZNTs@xr7R7(mEoV
z%_M^thzD<8={}{(-83I%I(yr;Sp#lM{A_MZE<G5ecs{{j?dL0{l>+!T$^mwu_P$N$
zWCUTgmHRvBm)TM94QoQM-*RM}<dKFYRS>%P(4)IU?7I51Jj(Q&$UNN}*rx$5p%Mj)
z95?dn89tkrJ`%tEC;n;R{;}mM-cu_A%z}8A=4k{l%hy0mQ#p`Vm^(r@B%TgOKa@Du
zt|Mnetkmyae>1B3);Zc+m5ZuZZ-4ANw)p6<VRlZ7$fNz^<+n>>&F`)=*ch~(RajNp
zYNS9TfRc&jlm-iwW}W|1wA0d^nKzJ7f-nltB+~&fX?uP^<0eJSr&3H(+V|-aXVlKM
zT2wV48NanvBq9ysl&%Q<fpjBbr%t!x>tGhZuklG*4zA2NI3B1t1fH|m{iF|a#)0;G
z2ig_QA)pa8{?>&~AJ@VyZwts?d{koN1Uc&O`L0`TCyPA5It?}NA@GE_f2F_t>gB*!
z3cA9VTyhrPTc5i&GbXstH?2Y~fAZgdmny`3#oWK05z*t#dfL9I&#s;0HxU{?#m3cD
zZY^p6aWEs;`8hgj-~H}ms<q;WpWS=#g*S7dw~KyRSMGhQ+dVfSASz2OijM)mR~R?G
zOsF`84~cpIj?qJD3S5xDQ~bK7D%96&lkC7Q_HpIBb6sXAbQHH@^R1zO8IW*SG28yd
zz})uFqM<I$oTL{IWM5mA_9K@oz-J6l<njm^wg`~uzyZq|o3-#T2|<!)#iubUc{JeV
z=4lKOf<jk+^7L)CF0lTb$qLS<mY#vssc(-VXLuU)OX<zh41fdre$<sMj?Q7(>+2r)
zY)NSS77Xf4Mf54%Il!Zmj$Pv~YPwi4l(>3bw>OJFa(`Gt=V38{ea=!Vxlp6mh|cfG
zOL2PBQN>(P)&rr8bOTMF=@O56cHY?K+tX@F7#%s__{LuuJ(nvwo^$Q<m|KyO*R)|!
z5G5N`Gz&Ly+It3y1-NhZY>?)=B4Ase;;E*IeMkKNB$}7kd3;8N9`FE#7)}cgv9kr=
z-MyI~H6AZxG&gTqms)HdwKXO4L~Z4H3shU-;$0Vts@0Jkp|0#8T8X!fa5XCbY+Bbt
zp6MBO$u{O@dw$}9+7!S_Lq{>!0n_sMjNKQS-Mqp)v7|KDyr16&%*jyPfqa{{L#zc;
z_w7D$@9iq}9WK)Ab;TiJ&z2-LJCp;QJeOhz=ZX#6IB4fjq8On(W7+0@&M^`Tgp)Wf
z5Tk!3UdB@`7$^twpi)fI^3f>!(jTOqs6mp#$(4l)aYWb+U<fFFQL++H|9;1Hzg_&L
z=$S;B$({e!s;gd&_OEM`6P@lpT)fI(A+>cy(jc!xXIN+SWsc6#*2@)@!CTe5zuw1j
zlq@<a(37<hw3ht4c1MSnTmG|AVayziH|kuD7Z55R8;NZp2if%J1}5dWxAwWpJLg^l
z{6%jb+@!|9UhdC6`K#`G3B#3se+85Qr60`r?qzfBcy7zem~$OzyHcX*cBQ|EsxH5q
zen|y!1K>cn@CZf4jYzcX(|wEow!nwCrm|d@n&S(N1UL`91%~dce}CwjCwBQn;RN_k
z*`w#rx*eO?a)2Liun?zewF#G}=j8`R8EnTt$qB>2mq4|2Neg~YG;%3Od(~A;vnANy
z-IdW!>7?4n!4+5Refo-KJBcSa@Lv-LidA^ODKBKXRt~EGocBK6rjM#yHr}=u+eBfe
zb!eMz)#0=FY_(^U@b=E$m{o8{zd(BZ@o4ihJ(w-+<O6$DSEXU)wdH^C->?^}2v4$%
zOUjxPL8u<%J^1Xip~}VzLiH4=+V;f!dV`lB7ZM>mOyA&2f1uFsJDoR+R*bYR6~<W?
zD{~#T2wv4*_xeQ#ue509Wpnw)DY?6laj8>0G9sQkH!7pT!UBD8bLfc`n`78Njv$lt
z$K44m(PBQK|B^>e*fB3^yVZZRl(EE^(K?pg6d(!^RgvDCsd8D?XGq$<t8qSz72_-d
zb@)@CMn*;e6?ST}RGc4~OD0&*rQ=R8QGzvSV<RP9Ybh92*%+EO4$(?22;mjf{+R7T
z9@Wved@_cXUk;z0?vg&m@7>g-=k#|xXJpRs*z$s7hUf--V1w3FoPA0%!s~hxW;Nx=
z)07Gf>^8@f^Mziw5ogp$-7LmL@#oRdx%?Z|wsUuT;spZOy>V16<%>YxrL2KF0bqY)
zR~e61o^@Ef>(3A0q;(aIC~-ekTksn4xiw4TPJ$g0CVO%ri}ifo7wDVwo(jTQI}dm;
zTsu0)y|+XOevi#F2@ezDY&TquIv4Tgv1S`+E=uQl4Jmb-yu<ZJT_@&7PSG?eO)8fC
zI0@67@#-&R$2r)ywV#v!)jlJc)#epoD%8-K0eklc;hGE!x4N=o(BP;3^ms_E`g^>m
zMni&CuYoYoLu(cOqEgdd=ge;G+>Z*%0UTen=W5RTEG?ir&@OiToER{t_ExH>WmH2C
z(jX^i99<CU>2zsEBxUx5JFqwl;3VQR8=qb7;w0&fbHsq~5J8d*=TNS{+5-cfl!i=D
z1Xbymhqr^I$LhQ5MWWY6*C;UN@G@+`)K%RUx#3L<u-xxs%jiV4^{$AY26;MfCXosJ
z|JV!L$~;EfN~{*fZoFZlokfK6wu;ddUDO)V3V0pqid53n=Zw2duL&>``S{iJ(pvuF
zK*$orPvE6<l>c__{A-aG7Aa8;pmWPb&e;KRb`i`)L1E&oypt>0WkH>1L_P-n&(AV#
z!n9UBv_t~qTjl@41HJkiX5Ls%qG4M)OFs$e5^K=WX6~GT#CpPY!aEG!2uQjs`8q*7
zBU{&P@Tl>@&7-}&Xh((h!k1zf{yvlHY~!HNLm~YTvD-JF-(rpu&+<oFa()WHEQvZc
zOa@|3LXlQp4ib6?NOH#XX-Q>jxohr-(kH*JSCAXyE8xo149QFfo#)HHYf$$GAU~iC
zt5d?}TswM_z?drOo;)|o8Ee<s?|yrJl)dxYe?UIXK&{07NvU7Puh#bu#md}}tFurZ
zsbIWuBe?Ai11$^KFT)VYP!7gG%@BYNXVq=(PQw*&Euc)Ui8K=-5j+|4s+;a7ZT|q{
zmcvs=i_jgoh;cpHYt%POH26nV{uXpLn3gg-wxkqZ(C##Gk0eNh-aeQLpHzu{`1$oh
zz%*b>DOFqG0*0?Rs$%|QYfhYPTj_d!1YNt>eY|(!z&@1(SEpp%s5+BodX@<w`o3%R
zXF!srf9NcwtJy&=ha0{{JU<Y#y~4BY5`Kj(0*GD__AJ$JG5xYF4hp-|t5x-r&|Jew
zO6S!PBxycyw0@Bvj|Jfk#E_h<&k$}v;&|!#cszIns#Go7qo&*6J9wO=QrMVhqRf45
zry5-Py#bh?#!Dn#{k<Af52HS)$WWogc|-PudBmI(lg~FXfd(KbPnu3F_Ob|_-1I_`
z$nlNjzb8ViKz$o98SGOQ6ss(s>Ln}vFDZ%uJ@W;FJG#Rw{2Sme=phFzl&|qnX-a(^
z^_v|y2R>qh45W+x`jLZ)`uq96H|zYkehYMq`F<Q7txIpC$YB)2eCdxd7M|~*<+BrS
zny<efo|BKJxKG1v$Xt^=aY6ga0kBt}lGpAg!Y?0JyI8V&U-gDzOIj^I9VZV;hwSfl
zt^UykPb4(B>6Gb?Wr$Dz_PUb=_%is@yY3xmmHrJYI%7Hk-^)r`=d8Kf7vA&tUJnEs
zA1*j_p8!ef#n*>#3jJn3X(nCB`3Ru!F{jnr=<44J9c?iLgCi;KR`(=uNfyarZ}xCf
z-qi8j<!SOLhLt9&5hK^H#<|w*&}Ltyvj8s*1|4_+xyFQ4RchS;q=`J34sSia{&j$g
z{gYMmwYD+oh5oe{=1HHPx#of$Ml0%w0~$Ie_bi$?(&NyI-Zg(osq#i&k!RA7${G`E
zY@9R?OA$Wu9LTJLMWHh2p!ks}^i@*zC9@sHP>Wv@d{lTg^=J-$y|0V-C~zMzra-5X
zV_K(&f|z07su#}<<EpLZCq98XDAzUo3Vb(ST4i)ZHx63W=kb^2k`Cm7G=}~=oaH@F
z3Eo_ZkXg<soP!X4r{t5b@m$^9bZZz3iwK3!wx$tlpz8(N0@?yQ6Zj{%jsEPIWA(hR
zh1&;m>E4p3SgXX|;MlB1+(n+#MO8}?W-a7AZ4{~ZIH9pvCq`!e8ZlYQ#x!rc6gC#G
zJb=6!Be*%Ha%`kAa{UhEomxi?i*8=aPI{Nks?ab82Gqi?t+c8P3tx4Z?eLQqO%Ea?
zzN;*AwYM;(BRvC?C{L)OCyUQtGZeKxopj8v3GH3xa=!!RT@@~PU%(6m=CNH+bT))O
zwdK}0_sDf}N%eT~na=S|=sN3oO}OOtpw4y8NTZ_?D?Uzn%(otekR*zkZpja5pg3OX
z0alP?eZGt?)#wO)O{E*1EuI9E?O1PXFUboZ#IK@L;N0p6QgM89ldS9Hq_@(skTBJY
zy7wu@iMxjxh-Umyat!LY&K4^W`*rs)7%SJ3QEtRuG}!!z+P@?{Wqiw*ECLHV6u(MU
z_zOM(T4>74F}B9CX^*yH!q#JzGZ^ysc}`QNKH8=QJHF;?<R^xim3RIx0t%EnzP%%}
zcB72))P~-L1^EfsJox<^h~Nn*{GdRm7L<uwp#@K!n7QYkAC0vR%@eTsgV93&{8&9v
z5K+~c2349;K8~Nf0cK2@tvzQwME^zfmasQ3%K4MUh(cW|JERgPD%|#A1^Dy|f^zG9
zjkx;GCY3~u0R>!w3+Mf!ybbLuvMgrFs95QAT8iV7U(F?=tVaR*ja81*NN;cP%f3fk
zm}XIdz^>R&E?aBD!;8ccn0%lfcTEWaT#iCBY4qd;MQ1#F#k}{@G*8{d)Kdi=pVy#=
z8MOx)Tt5wnYg$^IM7T9{u~NX7`wHHU=)!v7hRmG3@-x77?Bl$aaZ64Na)HV%Rg?mr
zS@{gmK984?;R9;^^ibYo6R&uGP7{;-KX78O%uN+Qq*p5V>QIMR%Cj90=~DMc*P<;>
z&3*80i!00;4&1^Gs*H;nKRzd34w{Om5xP*PQV_;^g8cpg<u9w!&Mpf?Ds=tJMRKh?
zyQbKyL@$DHv}-~ISo&OXDr0cV;1~8x?iaRK3gHIRA8{?a!WX`vAx^P|Q7hE%UFBwl
z58qN<XJN0V{B>)qeN`Os4w8R<gO>s3!R55Z?&?6!JdsGXj!6_5!Y;LM*t^aO>m5c^
zcb#%M)B<uM!AYL4!XF^ja6SFc@e-<<g$#{fW-vwV73Op+#M3R|6Vk}w4am8Gi3Y|I
z88ek@9qn#ieWdwK3!+v2n^Y+p&9FEr`s$>!os;xQO<((e?A*&Svz6wZso_csAhZ}O
zA|%7|)Zm5W!s&Yh)#Cz2?mfT=<0qvLmD9q^{-{U|y%D&SaQFC-U!FPWB(@zxz8$C)
zzNeQ~9pim`-*i1kX6d2|9^K-qBo|>nLDh{8K~#stJEppb<X^!`UL9*oS#37`#CUnh
zO;z2uERcpeVkj9zgT3c|S~5iRo0%6_*FV1xZ>UUp!NRdo?G@rEVgCc>aB*S@FQBV+
zY<Q~&&i!YgMR?ysKJH?np8#rD!+}IV#F!TYEm<*sCR5i}!TiG3nwu74m&NN%5)nYr
zGftrmI@EPu@mJ$1x*7k-AX>}>VV}h`+0RX!xR)Eo0~Ow=^(<wbSe)i%*UJAq3ACN>
zw498VTPlHtxub6Vfl6VdiBQk~lS_fVhjT~AIMv=?*lzH65e@b^Qs_yoXY2mn@-R8l
zUoh;ej1EAfabS@3%koZ+>$S*VlBGS%%a_898c*Mt0nWLSeaXlG+1PmhfK4bCqHCes
z^xwG?({&rJ)X3f8-@vI$Etq#k*DZ;^W1=G)_(DPUao6eRDJ}Oy;vT6kPF4uXST!iF
zfZ(uc3WTQMdZzIo2k*mo|J-mx#j_lvS6TVwe>p_Ag+uRX%N{gc3#X*IkjugTeZY0*
z9D;hr4E?_(dO@SkERfzj855(7OBqfGchUU{=LK*!ZtqKP<L;Orm9!UYLU8Moh{FbI
z5*n!5nOmrY9w|oXV_^NK>+N4tEhWFOolMC{{al9@(Wc@Dc7OGJmjAjr6w^>e^=peW
zMS;u`haZ+5b);0nKL+(XfICd4A*s8)!7gmUej#Zt#&jR@R_r(DjAcl^0=2yWNY<@k
zSD?_;8M2QE$6Eo6S6hE7CvO;a;m*xeCe^VsnZ^TWPLwxK7`Dw3GJrTgb;7|lp=ppp
zy9C(8&7i*UHrMX({Zi50RA+HQxu`yCb;Y|a-n2$`fCT}<{U4?FZag~d+|ewP=Sc2h
z^ff|(;nWzOFnlBaaaoG@bCLy%tpR|io*sFskQRoxhC_OJ`PtWwA)(Yu<Yt-&0WD{F
zT;Nd+EEbZt%*+06WZ)kXZc{gP8S^dcl3LYA_2SFkC=BUrU#o0DVux|la%LzW*s_@m
zRom&vD@JBbLcd6?!FjTh?kj=4|7<%aq44No@-h59HAlkW7AMJgsR@RegSw`%hLJw^
zL#3(eXTpca8_0Md4=)wr^qhL<P#aQ*#eI5W4WJK*ApyspA7|!I3|gtz!s-Z8*??BW
zJ~pEgN@=bH_mIo|m|`iYf{l_Uy=1dVkb*^eZN+>cee9en%I=-}Or8Z(pH$r1NQ`M$
z6+Wyy)0^4vlX?l4slZ*mgRp7$B7ARH+PEiGyQm>2iPvTziUHER_C7Si4PRiDb6;m3
zFeElRiziX^eXZC6!m+XGy431jppa>+g(elZFFi8mHTz7e6OL;QF>C`csXZ$*oOE7)
zmU;JfHa!lAC73yMGm;$eI58(MaI`mz`cmZ?6L)OM(XI7QkT~6J@A9RGUc52z*D45I
zGO{G*sO6Ey4$vw#n@WH%<{w>|W+=bL_sc+3gqo4os<BfJFKYQ3qul|JPIp&S&%m~H
zLE5R`P@dw<FM{^F2xrPwkCy*HxhRpAOyq#0QjylHpDa7RhJM-o#&qiJW<NaEsYa)8
z&ZNtpHJmyM3rkXtQQ2d;e)XvhMzk>Vt$IyUS454UU)8UVc7QQWd?f^?K1)Ry62gs5
zZfj>abFUllQwhT27UBA7$pfEE_v@1@!?<GY$6q%R^@z5j<3}zUh^MQTollFsigCtu
zVSA4KufYWu8($9lXY-zEPzhfv4MnM1Y|EGNw`2bmIMW?@8^VW$utJ<;RAR_FtRvv=
zntS#L)JrjyIUFW<up~E{7Rlb#FLU=Va#CiLb64$-C!2~QHivMrmvbFBu&)-ew0$E}
z@wfZ&59n_=)Zn(^OElvrhKg4#2;_fhJWzpO*-n=b8?{pGPixgbfWFr#<gHA8w#@IU
zsvwsfnbmlo4V)efD!3H?;a=&+vykPX*U3TtD+s<oWf^kz6TX-2Iu7W}$AbHB$#kLY
zQL}v&A>RRgMM9uV^jF=&ZBHM+ew%{%b$;5!O6--9Fu<aJ>+N3!&iv(JLFRLMh;`MI
z_197@wuSvSAR@is&%G};CetcvAHIF??(W`29)`<&e%TqiA5%ZU51FEmBEY2e!szS`
zA?w<I;7bXZN?9@s_r3N0!mnu~Ecnve*jIHCbaVMa11*S`%jbsj7!@_6EJ<oqeZ`H7
z8d12$C;Tqup4X6g?iE~m{wIO2M6Br$n_%Rku$Hj*ETjuafUFqEoJ+BT>7@=ppGaa<
zV<~o7alQxIKwJPFaPW@&CXM*yJXqr|RSP7x8q!<Mf>r8KX09$=>NXX$iuz;BgL+0e
zE$|T`goI<oJxEOlm+&Qdp&$9wel`aw&=Wx0p1Buzm3~>DY}Z|+q6XsM>n+@(yT`Ns
zL3Am-mTCxYa9k{dic4sG=uao60c<y?x>Rb}dqcc7vPzf+z#qOIM=iB&uqVqXm9$$O
zpIE(4kTG7SJvT0fdf<SMqAeMNGC@q09_Ppd`X^{f!qf18q6uvOhs@Q1EvR;$;qs;e
z)ulc#*pq}*IWr9Wl^FZS6<fW`j>jDyE*ulMMb8W`Gg2j9Ge-_87fvyE)V5RMHE$hC
z$W=4a;5l-DTG5lBeoj*0le0LLGkeTw;_iKq<rUQB@J6N4Mbb}3Yz7({6>6f#l;%E}
zpJZWRhFZsFFjK4gkr(k5c2UwE%!KdF$>JKZE#vkgN<k^&Iezo8r;CLwj$dQN;I5Ok
zQnue<`N4%9<5GX&HyO+jo{!n2MLAowj+3QUhKoN+A=G%7saJTInM<s&uqcKu3qy;E
zQI1plnJ^O?TM-iAj{eu+wy#Fv?^DxJa+%Fr*$bQAsve;+7~r&q2YR*nPjti`$paa9
z{A`=YxV^+RlvJMPo7NC;e8`Bj4#_olx+A~RRa^*+!lc>RF2yo_G4Ca2eY+s=6nB-q
z7do&s$<zGW`E$uTerN*lKb-LP<~1HYqo4nern7Ks@(tU+h=kJ8T`DE5(u_t$q(P~P
z(h5j7lLl!KX(kO41L+){0@BhkI!BMO?fLEdzVGiZc#a)=j{CXp^ZcCW#hw8m&X1=n
zvOlVtR_UZC#O8Em0$q*NBX|D)lwi&7b~#sE{n~P`lKoYW@ct}0hJLw;VSgizRqudS
z_|IhWHbfa<>_mDU1$r~*UFaUb<KKgr+gBeXz#Y^+B`R<3`_#-h>`*l5pTMicWJ){>
zcFfzxUt?f?wFv~`@F3ocA-n=HDSORPF?=mrK3u`5zv^-)X6OILf{AalNheL)L~uag
zEHD|>2f9FnKm3K?9TvIngj-0#=#dnx0}>Bon*FU~X-D9D+oYalV*$HOd?<z{mm5l|
z6|P@19^TS=zpP7O=VUDN3BneK&4?t9z9v(~)!`_cM;a@BFhAiDDo&eqI3fW^@DErE
zB!<-q;CR)G8H613bC5cH;bWD&A>?rv5w>L&qt=)kG0}SGyAU3i!VYcx?6XaGx%*45
zdW`0a(w%ma1nlfeK>xH;htJ;+V(ST=bY5us9mvoNJ|1uXYN(=ANdE`Rs9|u0S?a*g
zd(wmdBR7Owi)r5xS#ucgydTk=egi7Ifqy&bf0APaF&ceJ=Q;@H0B}BE8@de41%A@G
zawCSw!B^^VL)1bt(|>wHEDV0RiBaE=9)7DMAG5wd-W4e1@NF9&G{54;QE*1G22;E;
z!Bg(WS!0;9DHNl6w4w!Z0}^~8YtnM1h>2Q%FZO}SyX&OCsh@GA*0|PrrQa!$n>^ug
z@kNp+KOcrpTL=kVy&6Z$&TrcX6>z}{o33jf{T5a17Jh?iRDb`X2#7m~`KW%guJK2c
z_!a4cIFMBZZUKx*Ub{g{AXmWnco~C7f414Q6L9kJ>e{S~fUo)2rrrqVH3#JKK^}nX
z!bh%>ngPHWFD{VWvz`P^|HszMAwXt0aZa`U6}TVn?gZZ-_}tkT06lZ5Y$eJ22Z(+R
z^b!7a2Xp!Y-iXqDt?cx!U^UgI<i~eE+Zf^YPdJ$b(SC*c@NY}Fn6y;Z%Y~tvtMV$y
z0>o5(+~S6^g)IKdj)I`rN<gTNj1$JE^0FjW#(!57pDfcnXW+)EpSuKk21@<(X7p_E
zEfCm1gQo#aemY>{dMfKk@Od?-@4*VK?*St(teVL*vS@yzQn`AiDEU;<)crCB`0ig$
zbZ-@WVkqLeOCLsA@g+ru<0101jY@K03E>$Nu-{?+6)W0~=}UpR6+Yz}1#GMnKhJ9S
z0kWTGmEkD(9d7MFQdh{&i#5JaUp`=A_M|Vpf1c6@?`y_rNR((IL;KrR*t|M3FJT=Z
zUkoGH!Th&K+eD$W=NYRC5zx+<Be~OuT2`}nM3uC?0^f5GcL8g2SIsrLS(Pd$6S*JZ
z*?qv9x9zG6sq_<vj?bcK03nHP1vc~2P$_wAR&p`Sv%Y`v-CaodL%1`_ez=-HWZ*XV
zJhA-lJ<CDXL5ZdP$Z$U`I(29Ou|ipOk~TMFo|eTl_ws-%r-Zs|xaPZ}!ua7Nq|WY<
zQ0Ypfw4sO_C2nxCF`#$;InEEIjI;Rq9>Bwp|5~O8WJ+5njQdxf;OHN@uOD`VG7%q#
zQeC~o%?CduIUni{6ws6Wb|U&=Tv!^3_!YI?tI3%k_2pGV!scpz0Q1#EpNR#6A)EG`
z3Pp7=+iRh{qa?5@<hoiVbbY+r)Uz{Xw6?qE>S-#0jWOd7I<BUsv|mTSV9fX5{Z+ns
zf}7HagGX{S_GgE$MQ@HC1UQ8Nw}FHv2U3pSP1;hPZzm?*u|j#ohYq-5s1(%f6zSpp
zxT#@UF+3l#H^(Rpw75k-b1)o6mr!vG#B5ZL(Qm^EqwK)N#zu06%~6D%Dn8dt;`~=<
zmrj*I$(LTFj>meCG)Rg|t8>K=f5Xtca^5m+Kpl4b5Z)-1S?_+_b~XMQWu|aTmvnD?
z)?dfS_W(4i%=OrLptuVh*--Z)L7%zskccsB|K9yU710tP1<_1^T&9<|G=6%5TS+}h
z1wkyYqBia~Evgqoe{M^TwTGF{AK*|}omTPvf2cE#;$iakjo|Rr2i8sVm48##yHO~z
zQ{Y2hjbTr+`DR{DJ>1cqB-~o_H3rqKb97%lfdH;>0a*n)Ab1;Y7@{0^1uvc%#ke@F
z5CyPTIR-rTe_yvBky?#hp~v+26#emwRcr@vnqzz#w*pbGSCpehJG(VnK&0%jmg|9Z
z;dWzZXA3jP@=LmJjEg^nLAqNy@}wVG1JRa3y^0aw)`Al|x7!@P4v0syjc>QJQ7%d=
zB9(8G{fhow5i4=D2cFXCPxG@V-|g}<DRW~!^KjYYqY@-ZVL9$HIUjF>hu};<_9$G&
z3F?J@yMc2OLn?H8f=+s8%gOeR@2qS!$+?KL`1SG<TUK9#YZp^-QVA}2(P}7h)j+;_
z9d)()h)9E$uQw=Mkb?W`@wglR*P|vvnNfco#p~NNO6?6f#stZ<D&LN0jx$`M<(2gO
zLGh3^mGHa03H^#xDY*B$zo*kzNzi8YZ#QELzp`AIHG8jMJJ9@p0EwBmr>jp0R~4Q?
zFFJT|F#~P17;7}iwKs+I)zR{d(?4X^4SP^49nrE;Mf19m<>Z7&T&pXaZ)OW~Ma+kS
zGlcO(3Mr{c7H+G_sVQ1g{t|&I4uO$ASUL#+Xg*B6FF5$Ogc5ptKRilauhbCB7uqb1
zSzcPO;-3hMB1`I5+{Bw5%Rn&B3iBdJ#Fzh%rrH~;Ma8oxXX95ZW}H$Ey8Zm`h%@!Y
z)X%RXeigJ6G|Cecc2KL{!Pq3uf1}ga|L)MP%>mIrun!bYSYMA_V2L$@7B9eHo4fex
zg%G$X0`?>q#fL`^VLFO&8_FGUodmBSdFsxtzHX5j@c*(S*J8v~cG-in*6cE^ZzIDl
zG*{sZpV-~f3-5d*IA}k`E9Zo`_c`v-`r=SsjGzJR1?$!PN0;L}V0i}D3@kln_w*lM
zNP4W9^~U{UNJ=~mj`q+Dp8Dpw!MM_hFAMEmE30h8jN@Kn0elKeL^zV*0F_B@#LU)K
z>?s2jc7a5I|Aj*ABHj#q9CyX*ehc!M={S~{UA5<^5ek;z)<@qKaep8-S~NC<KJ&m(
zl;J5iA!LNcgGVZ8?j(~{0>hBZeuA4lb03pg8iBj;Y+{(l&0OI9esvWKog8xQxJeA-
z1b->7<BZGNvhP(O0kz58O0tgZ@=RbCz(NlHKBg#%%K_+wcN`23++Y7q@Z3j~84Rri
zF|F1)zOI!!bdO?6lE>jYH0J>_xWm<b=4kA;#7v)s_}*(gJp)N@q2lqbb0)f5IPJHW
zp1QatY!=1vGw{}pgWz<KX+&Zvo>HBGhTnT%((;;kXZf9Mfi&5fOUHlHL?a&9oz37}
zN0Hz?9z^-%w;NDLv9JGAJSc-(oV<=XWK9WG+{N^=-uqF<Z>^n=b;<&WFAonYo%L5P
z>AS!fntpIVi|97A_qoNBWL*pk#AJ%^98~&Uq7Uj`oE4B~h9{O-S!X?Zs83&za}$`}
zBa9J9>NKP$M=J818U<j*zjz6DW$?@y^^9|$!w+M|<l_Rx^~5}#^W&r9KycB@Ro;Oo
z-GBc?*!1Dy!xjV(*b8C~x-*(lV0S|X!qdmwhVBb@dx1IDGA|YYB89<j0@z*<Yfz6W
z&z-Ze_95sew5rq{{WrkbKKLoF<{Fd<IFZ{W0H3a}sD=RZYqI8A#L2(e+x@VHPo>=^
z?C8A~ARF`Q>X2Qr{?pahz@@6*q`(s`CVwdXPlo&;v$70TpOdOTcgLnksm3_jc3Xf7
zzBPZ15&6kI{Zt%s5*Sa7)fY^r0R2Tll5r!Ij_-0&b-#ZU;wb5E<^#eMO&BAOnH5^R
zv5*H%db1)>I}Bd}R#YZdq?;gAet1LJ<dv278e8~!s>#&+#aN>k|0Qq_WtSE7+f2;v
zcl8Hw*U4;qo}kQ_Xh#j^>1<SMTQlbQ*_(7mz2awEME=Tm-MsQqNb`zsyG1>Q98WA#
z{~mEVz(p3`xG5Da8&&>}gM}r2&C&4IVcHZCHW`X6SMA(jOyscrBC1~hc#PIp1mHpU
z_e15OMFIr^PB~|*JW}fsC;X#9l4zmdo%p*N3+2|FO-{97y6xJEXnR%EBzL?U|Gvas
zx;TL7>`@cG0EMU*x36eo_5>G`80vZysCZngGOQ5y+u3C!;dEj+)O^~6+q>ne=fa6*
zx>nC+P{ShUvtn(|)2QZrF9I+(rN38i_YsLtdHJ^Z+HWajVMjm^_I~IJJy8jzul@<(
zyPdVUrDmzm-c0_vY_RQ<M>Nu;a<BWjFY>G&T2bLo1~ECklJ~V4Y0a!(J(;P1o8h6t
z8xC&g>kTS7%)6_znM1D<N2iD=_IXR2HJ{C;Kr7eHyi~sUl0t^UmZG@*7G-RUzWh?_
zkKS1p$d8tGNA)f?d_G<9=aeLR?qkGu&t0kH<eIb_YN}~LpMU+koG+uJ!tc4>dZ>QS
zq`@*Q_6gM>Icjadh~&l4!^&ZQ>OA`@Q%_A|_GMKylD_D~P<g$7(;d*dfoj&zWGK-v
zkPZlIc=pfb59-xZ+?~!LGR^r`x$FGDbqtQ_Qd@uQ*m8A$tC|FHYVdD(3USmo7yJXi
z8o(@#LK2m)gEw9Ea?M}lBT;h2jdDlnIrdcG`zs35nCuuI7(Fp7{ZQ)fBAv!$<RoqJ
zVHo6#C}9j^&unXDz_6D1o4cp|vrKW-bSSbT^?_R}qxv%d;y7*nsMRjwn8(s6y#u(B
zz<s4{mi4h7O^5%ppi+R`V7<!@k=>NM;3HMT1K#MgZG$_SO~Jy3{9k$@MgJJRXk7T{
z4ESeS`G!XkaO~5te@EYF-kZHSC<O?PPr_b%`SwVz9drI=7`lTtTY75_dCMP!a;EW3
zq<{KQ1j5^K7uD%+U~M0yO(nkzE@)+GlEmT9RrzO!&LA9zSbO^jtJ%rcT4Xeg^EV3y
zQ}yRFZO#vuO!J&f_|0-kxvr2hMDGP^#l1hSvV8LhJ7x5c=lLm0F0Q)i^O5zCMBku;
zS+T7VkExgr?eBTbFEn&}5<BQhaJ%zO5)rz=CG<U~`k@ZLqv+ivmfNupa1Fo1rl+~L
z!_}n!Hgiz|zaDum{S30G@T?c%dKnA<Jp&Zd4Pl)H-sxI@b5kRkaK#idIcwhu9#b^n
z50Y=^#f+&oNk!_OH;?BDbC=xR%%I1~mFVK7&=~Td1jTN=Dah9TnHKlsR5>?07#8(h
z$ixZh5#0w4cYC;)jSy2q_~MIhmd-?-^XzA?IMwq*T?L%owuWB#MRgtJ=}((uoAF)b
zv6=;czW3L<O%93una_HUq33cNBvZp@ag7_6|7Z><L)7JeOaXqjxu_TFCkAu`{QrIJ
z+gYWfQh72we<0hlLN9f8;V9I8xRpkxG1I4jOZueT=Y{X+Nrx)e_;N~_OxS`3@Bh)X
zUH!ggI|h!zu#GiRoSx}6a9j&8u{3Bse?i{|-8`C>jj`kIfyGsm0zp2vZ8wgb$PEXn
zAa`-h#X0K?e?Ba_)o`w%=<8ne-8KcDspwS+p~-OVv7qpS9F+||3uP;|ez?@vK=mmU
z<_u;Y{)<UO1CvVre^SFS-{zQlft{aZ_3Kf29H&NKw&(m{%Od0fTAB!Wn8QqeK0NCL
z$_1KyY)9dcyd~IdLAL+lMT5_G=JsRwAA}CgH#z}_we`Y*<)qe{{cD}li3gG?68pDR
zvVkr|@eW3QW?#w!QNoia6Pfmq^W+=8OUO38OlIvJZx+_t+2(+Xjc?MkW01&o&!C>Q
z$lR!<h)*e3W!rmrCi1r|AYd~fzfrepHgs$7W1Tn|RuoM}hKR91!kHme;9UDBAbU`e
zlsxV(#{v;XzUizna{HAVAJnHcQdOb((d+iHIChW&A4)ytmwE))aHaZ&i^u=d&sW4i
zid~!kl~0Au#G;XKix`OCW^fc0Nh%RCT?2zAe7lCeG$+|QcP?<6kPlSE2oTnzFvXb7
zP;m_gT<_3K)mfx9rVdCn|DNg|^_s8o?mUV!0xm!A#Ca>oeM{JF7Ed|EVQZ-svkW!%
zp+0}DEA+{Q{j7;x{BUHaCPs&2=$dx~`h5a)AY=<Mp@&uK6o5xP@PXNV<vp0n1D=tx
zfI6-7<Jr(a=^HA6%R=25$^Fy^DE}7R$R1iU2)BL}r{))9T8cYfX$k$PY)z2OXc(Uj
zk9|ZEIO3Sv<npHBM?JPenl}`9v>cQ#WYT=+W<iG>;{T&0{r8kps%Ag}>gIxsrq8F8
z>}GXSryRkq_h;69uCQ=18^4Yx&t2Qp%S*KN{N74b38T8$6t<5kOdv%o3pid6C=HnV
z#(&vH;JyRgL{WY|3E#F-Lgtit7LGbeoUPpMJ59IC>I$ICgc;c~A|Q|xoe0r@brfIU
z8-}&*Q8UtnKpv1Yb~NyE>!ssWU~L1Y0gk--pNbm}NHE8GGE#xXH66wI=y(6zIV1B=
zD~3&%kiNHUkh$}*BFHnqCIJqtZ0Z~ZgyZwn9KAuvp$6ucMZ_5cD5Va;1}#5IVO=+$
z+zLL+koo4*NT;TULlvzIFZ{-c86o-aEiE+*&)xb0#kmu%Kj;yZbAU5N!(g$iT7yhs
zZS&TLdcw?q&xKjr?XQmWAvHxN&A~n?A46RgWvsPxonHM0u#k<UuywF(Y6iO{2L&<$
zU>S>lf5ahh3E`pxv3@!M>vXNxw-lvQ^{zBQPYQj4AlEK<V)@9UYfK1|+x3n8a|eO*
zzl#rx<-TMJh<+3}C**@O+b4wM)Clcj?2Vqa8V1UHc#Be;uW6Fh7d_&=(j<{OO?zYJ
z0`=M(bY5#MC9m-C9{$%N49?@E8pU3L`q%58O>Yh+FQ`Pl?6fYJ9#)YL0cBGMpAMKa
zQPP$F#UVuF&s9N7)4$%%Ey=t6#2$^ir1_tp@ZCqkx`e#Mn*4j)+6oi#;7lGsF?%It
z6SJXo_Hh7v*=oX6vbWB*{AwGi(Ry|&q(}!z1fACUd`)b>-Izvb<15m$sT21rwJAo1
zbgA{4M2f(ss4hi^y&Sa|<WMPiuZ2nxmnLZc_CaK=UIU@s<0&E9Z%gphx3~e`*SX9W
z<&=G-F4T@wm2HU-hOaAh<7^oBcfZf0|GUUtdm}qZnu<+Csr{UL_b4jeuL!;%5g@zK
zEN2>d*ZYz0I0f!JCE@iaTS-MoMgvrj)GiFlR?U1=BdxPZA*==3qghQ~`g0dv@TKKh
zBvIam8o|u*ao}Cq{9cNNMN074)ss-bZ8b$0!5EhWgD)KnnTs4NidY`SC&f^@GvE0U
zgF1<#>;f7AOus^iw~I5~<I{~qzRLOg_yVC@VD8V*?OQK(=q2<c?xQ)jAtNAsLiNey
zbWz$hQdNCwAPs_^IIci)VbY#cr0DwW-hWjXQW7Vji+~XkKhOy$)X!mT+fYHd$JRaM
zzo**rZOtq*VAv2}5=VtGx%v9?sA!+$o;*pM>QcUzXVmI7>@H%bnP916uYIeuW)Y>z
zc`xSiv32;@prde;#k_}F6!AS@d>>XA8HRdX4NUNvkKwv$k(<G}{Pfp@o;bGa3`PX@
zgWBz1D(6C<>ibsmwM-f<u^LE=H0!@BL8p4UxpMR&8U3dkrp*DKw}S$34PNVUZ<V;q
zppZG?2M{+VNYS}jv3T|thjP%lM!Zk6O(4cXukBk4QPTr9zx(Kg9p-VkfUhl#m#=R1
zibMK#h7~_e1*kwRBVPGCi!L+nCTcO+(WC=h%45p^J5v7bcYl482^5@|$jpV#>2@*o
z6|-9i>kE8~AbfS3D|eVoM`7=jmPlR3A||Em#q%4d+lgPGopy`Hyq*s`8Q)z%vT*He
zP;r#(XX8rkaNi>cdnAPAfjL1&`)&)4L(THA*jV(p99dG!dbcztgMUqQy~Abr%51Sw
z?h)TASTFxu%Qc$7*i$Ey)0nRh+8PuHqDC8>g|Zv^qn7^g!_wnG%qrngY>sQL0G4XG
zXR<X*iPBGorcNUYzrQ30)SDfVhfL9iHMt}28G3xR;&s6<u6?WI&(D~QrvOWrKQqjr
z8IV+1QPkyQMCkh<^IF@W#H)tY*{#0@8Xwy^fYO^_-1ILVkPF-ULncq!Q};{xj|o5T
z2N33m352PD<^pdH8wSSwrt)Rwv&jGEE~5gE)KUF6D|G4nju%z;eTN<%|EHLwubl+?
zPDkjqOb!%V{#9@~6L#WBc?}Qd#nzP2JpE<y`n3@{o0Pm^{J7;CBs{$V@7JLe{3SV3
zc~|gs>etNlWZeS;z>!>H!Tadr@f{4`{gEOzl2Jk3Uja_!J@vYqIVamh`C30AI{=30
z)U+pwjikhVVllIzuw?RQim%XEZ;at7c(&^yQa&PUCcK$u4F(HwDYZ%r)xR~^vFl1c
zvVMNGiHeN_Rqz!k8C!U=aPut(NC|FL8~NV`t{2DoFR#aVq`4q@8cY~PyuyI~LdC8F
z=xyh$7U#iPxYA6hUz?mIA&-OCg+3_i=QxjOF7X%Bv6#+sgYsv3REuwPhxMa;Sbpik
zIkNMnq@WqWFLokPD6_ElfX57cXf}{igTB6<LuO_qqeYB>Fa3Yj66+V_j7K~Vo}gX?
z7d+R_ixgQqR;ZxwTzA(uuvg$`TMsDu<`4QWaN~<0of%}3+Buc^W~1BN8#yyL$t09v
zCMEbgg`D&KDSo2?SnTUNYr%)rmH6_qW)m>Pzv2Aq@MXX1oMwo4ui`FYdG)WJv<GLn
z?%~e;gSnDStgQaIiG{;KLM=`{&T~U*C1Cp{FNsm_|9UWkDeLejGn<MOW*tH%mF5T2
zk8V8OYDK6JqIeMjpNu9Mq-7@*r1>nKl#S+ssmiIhvKR?9X+`bSUiTj_HQqf)$nzCb
z#NEa!z|C~RIK<I6K}DuV9BM55$@`0j4@wmazUt?Gfq2dkF@k+67f!pW>P4c4L2*)r
z`yYets+M<Er*dpfroGjpHj4O-@EuxSnQ1K-VzKb|j5Sg{s&A`iEB)u|>H-7%8Vze}
zw8U}i)y$NThHHPJ;mA%>B$+r&p+zHNCTzX`@4<<^;%TqMhRcQE=G-=U^{i$WRFd|F
zZDi8HnIPh6@rO5v>zYbU`3SiECWS>URch{VT=Yc(Ql|($qty^=J=PzifTrLRCb-!p
zg;b<QR6&ii^J>tucm!3nY+tADKY|VXCgD9N*Gt#>fL=!>>%W{+<Uz()ke3uCQ=#*K
zQK@g8KWILZ1h+rTk?U#w?s)8J*x@L$f(94b&y2+vjN!$X$CYQdXZkaM$EV~7(?e3!
zu##}W=NKs5qyJ4!AbuU~6FDYX|F1H|PgK4-r)37Vj&g=U+yKG{!4;7W{+JlckbXtq
zLn57|TGNK(!rA+XW6L~6fw&(<&zL75S4&iVkmBs1Z)Q)te|5rb{wz74#?G}qIH+w`
z%s6{^xyH0K@VxYXl71JeB|6Ymn5XjYPboG(8lM~yEAV5KXc9}&-FOklwx_QlhJl~3
zygvB2^e+k|#SB;)DD7;z8|>fedjLTw2D+zcDvK$I1>Tsg#hgvYD?xa3-`RFksSOkX
z&KuC`Xgh}Lakw+a<_vO)8v6m6I|YENYf;9e(201tBcGiwN>P+$o{hpb5f=B4no%E(
zzbE~@D({ZwA)6CkINhO`Q`S_!9uE2QUVKNV_Ev4=cx1|*2+*saZk_oea33uK=#`4W
zlmlACCH3#tClsKF<_z3ev-O4LR2b#+uzq<tQ_Sv9?jc9I|M+;>4hk7mL4I}mJr8KI
z$G?YM2N<mh8n#cUoTLiG_2Uku(yx+zhdUulEmeam)o@z{t8Urcf3x&o`r40#fVw{Y
z7OHz35P|ZwV>a38YGltKMpS*q@f6D-F9yF!`5e{|5APQSH_fQnT=kUIupQ3)^ZlYa
zoXciOj2nYeg|mLuVt2&7V%n8COMMsD*2f;Sk!w30bWp9y>H~Y%^+6Awcaq9Sg-GpP
z-e_@o)OzX5HdN_G82S0<Pl<p}`J#ESOK<Q=LIT9sRQ?o6zV~9A>(W!|=yLEV@cZwf
zgvBy{)>J-k%h0)E$ahxxJh-p%s&DZXU5NkfoMxD7Rp1sgUyC!lS!SMorsCV6VP07g
zi0z^r<>nsI%%y|mR%7W#|48sNHLC-XtK+^aLg@#5aJ&4O)=2A6hOfVVE<(G&_fD*J
z2m}ra{s9AYtrFk=`C^R90!mrkhpC^=Ir$xGOJyqhGwVo<<0Mt;ai_zg=^HDZk#s!8
z?jrt{Ohh~Rd9=vL1eX0D6+ORm7z;@g^&$uEZ>+@n_sg;4{ie>eaGsZzeHR~1JY`9Z
z!tr$`d&CrNbM`-}>hQARi^;%5_@oRQgZxwHnN}j_%dGG%c753Erz&p<6Xv%;4}8LS
zMslGJl}f>wg6=ds5@k6r%wAtCEg0q=evje7FJ)GfdJk7Qx^#65)xl|wEhyQj+`>qX
zYvj1qO+9#VXW_^T){2ghLznO(Lv~bNM)LA!+F}i&se_w8xsG9Y9~z7<%22%B93T&n
z3Ye1a>oa}&2N!t8K9oZWIqNW{d=+F?KrH{T>tTkFNkieg#D07PVm#|@usxG^{A{j$
z#-=3)q~CB@+<z;*xUq6w2RU1JviZ)Zi|XBj1iZ&W0NJ<qpM3rf?}ojuc6~C5#-x}m
zTeE4q9e)$8KHc0jhdGZ+=b4)m{7SWQa(g}2#lOyUR>CH|VY{&;dBnAok1urTBHe1d
zo4jaoHTvh)P}^pV-P!W^)}Z3&0qxeSa-o2~!IkQh#ERj>82no!&??2gICa8Adb+*Z
zMUw7aHc*k36&=*L_N?J{0?kPt3T=jxT@|J6vT@vY?Z0n(?Jf0gC(e0EcGXJlXZK<e
zg(DfO_d>Sf&56zb?*gbj%SjJdfS-7uM)xPN`pX`6NR#3V*w!qI1C~;ReuRP+n&o}n
zS)sdMrc^r2GEc0NB7Glsg}Uhw<7jb#;(3YOQNDCmy7ZMORGFiOsA?<#UOq4Kzcp5t
zdJ;8m<ECN>Hung&P{!qa#+)2gt4o$!=>Ik1+ODdU#)#n#ln;0*Avy?<D6y5p!0@1V
zyceUzXG#rDp|;0K<zc{65rc6^UqN-Hz23&1j-n;0F>UorL86{Qep8bB*{UmrS>=-@
zaZFz#ifcHeI~7#o-LOGK>Pt@EuYL!W+yP%1gZ?tqwZYsxwW>Me;ACI35Vm8j*?d8m
zI1c}Wh4a1rBmRx<x;9x}zIcfP&=W$gO~K8VERYJbCmw;wTaqeguL4Z)VY{$oV0>A-
z2$Be2pEE>};4Os>Eo4dtqCPXi)a+R&ev|`$3GfMBaX4~EOIj^He=7>YHm@>H5XC;d
zZd#^)a6cN%NGJ7{>l*Z_fLvRmZ>17nf-Q<JE8l`og!TO(skhfl(mfgy;HaVo2H$Ca
z-O_<0a~BaPt#OetF+q2O<IMe{k+hHd_eUDO3jVylypURX1igHkzJaF%larFd|B{sC
zB|Yw?9?sB&_iTesW?yZ2TVwzneLL2&V&RecRMVv+xf1qmXUmb5wrvc?qeJtWGaJWU
z1G)x1zN?+#&I3{6OmQ1-V~Aj=oVT;%Yj57P4@Z#I+#U?yXOjG>Z`Ii%%+d;9^)hyz
zvB@;XUO#_HkarWh!tnVi<wdK#OB7hJu{y~$>twjK*BMb{LNPn`R_Bw}K(vQ`7+qZy
z*<S5S{=8|($#CR)g8UzPS7qe;{}M#4z=gsnkdg3%3pD+Xxhg(eY%UPl8CiM%w8muC
zYhX;CxSgsgr|_TD!I!raZnNDmbE9-PsEQh{`>+en`IR*$R_#Ve^Hg#Gehcnd(^n~4
zDtPdh69va!3N0sGh|OcUX|WW~&$&@}!PJ`Hs+7XMiB9tCJDSy)SrzBQG2}n^D~_A$
zlhl;|84%PLn?ANmHP1&R%{I0aHA*e}M0%c<maCd_Yo0R0TOSa<(Kp6Vcu9-E`Uhs!
zk?s$iw<;}peGlMGX6TQW<7{HlzMCo&2lDj?ccoTkXG%;9{sIei$J9S}CQO(gRGK~;
z(?=it#o2eM%~0<<S&V1zym?9g5LL7NScQ@YP8|y1n_m=xk-jLi{Zn3KUZqKK^GVKM
zKjfO`QioN62ws82k198kz>5=$?-#8bV|3ORQ|V_rsZY*2jOc_9Q!M-WoAC6pL*>Q^
zA8r=n?~jx0-Xb~Ve8YH4>qgv+F|l1~e8;USG7v#ALe&v-0Y42L)AeAeOkvXUICwUY
z?KdBNl>7E70~5%ZKQvEK*{Q|Rj(@1$rR(WGshssTq8JW5Ui!HM8SZJ_CiH90JAB8a
zBxo%UpFY`M4JB(aANZJ(lDq!xdJ+}!3GN{8z-xS_EhIcs!Nf~~d8z{o2T}DTTP&kL
zJgOSAiYvov>f}{?f7qP%?vL%t6FLMAg&NLG@MIvDiyq)IwNoexl=kOOPEo==oR93^
zg`5tSn{mF+9<58d7<D=zR79=vUQVX+c+Zh+s2=GDlRvxvHE_r@dzBw`(~P4NmbVCa
zP<spVFYbfh0W5T;7CH7rQi6Pc3@;6S&+F!K=p-@9AMka>*w`<j_cZF;+aF708R7dF
zsE~0=)d|wLlM5H)S?EK(1D#GTbMlW#L}H`~FaRUZKpr4D3Ko&aTY<516*dbmg1v_S
zMIWWiF1z)Ael`R5w)4i%20SbiBf9N^rH&rGCsg|@9T2~EIn2{hJGBTAK_SA{8(YvP
za#znu*-FR4VZ&g5R$hbfy;*OIYcY->tL_hv7=zHhnVFhTDr|&iTe=gZdt#4q`QJaE
zw<Ns#C#?*eZl)(VBNmAj7wVl_SQEsz_p|D<d}VLeUso&!XL*;3THDW*G~rdXJ}5!_
z>b^g!8H6&+4mkJ)TrmbYQ%)s-8h$O{5Dh*DAFT6jq@^E%A&dc?a~43PmvwjK{Ul6G
z0)RaPKB4XYi%Y9E_gsSJPDRadk-mJGksJta`I^rpr%U7z9=0wu6Z33p?F*kNPAyRR
z?nMMnSA--v&y%v@nac;&b)l#sR7mrt++Wclob_5Hw(Zc0f>_jn@PhB}VPGIq?$?9X
zkriahwqTcznW(Q=J#r*Mlt;ZMcoaPf102v)?e#6msr3xT&zMbtvfbJhAm(&Eked5j
z9S*b?)xE^>eRJN&uw;=MmI3?s?#8?d<Z2HQxB5(Env2?GZ^h36Z!WK>rVuWujHf6~
z>i0nxh%@u}to0yyX<d7-E+1tjgA<4XWxggQJtkIYJarL$&*gi@hCzcEM*eS~&LQWs
zlGKle@E_x2_JS-SH3QdVLxuvyk4*$f+PsoeDOIYQ38)UTe6-CTevg|33+pZ)Xv5k|
zNiKENFYPeGL7!Qc!}(A_QZnl|5E5VgvyJt4S;SZE&rbiD5H=dV=ZRpl5&uN$QB&jw
z;*Pdo?u!fam?R!wMt;iwoII&FvE9A!`XZ{~PWL4L5*B^K$#&mje@5Y&ZS0&n0ZaWp
z6a3>NdwAj=IqXV@-v`vdR-Xr1&n11`NqBM}@@b7+?$4yleoRTo9KWk|8Vwrgz+CH+
z%iEF&51uDD*4ys;d(zPz=a*C!-8SLY^^8hOkS*94?VxyNKYZn*IpeZ88W?ha3zi7q
z&hanGysL2bd+thsFQAFsgT=COCHX@gyOjg{+-a+Nz@Ydwz0|$-dc~;m6?E{o^?jE0
zeQ3~WiaJvQr@|uL3=N%NJ~4uIdjAGodjGL^eUjqR=JqWVkvz|&^v~KOU72>KgOXP}
zfTO2bBH@K<Swk4J$8+&VR0m~ZOuBG)=FhE5DQBsP7q(m<5K)@7>dVsWV{V0C4Rlt8
zb?}YtTJ)X4%})ipc+1Y9arwzQ1r9UPG@*`zVC+6+s#%}x;*ZFt@O6@KG2oe#;Veaa
zy^sr$te;@S37lDU&o6HN{jH0XTxZUy>00q)E7IhzIKdixA9o-A+Hw659y`&OEK2RG
z64~972ibv~T(ltT_`EVc&PS1Qg!DheMOVG*SRn@wOClxp%MOlFlQ%;&fqO6bbU}$2
zP;ehB$6R#RYh)lPivI5Pwt|r7PsWWq9K|zh9DpKH>!Z34*PZRnr>w<nkn1Gc1ko&q
zTwjXk<Tyh9I}sUq#?(`tIh5bv`sagkudtwxquu<ZdY^wKiKEb^{(0aXh^Umu<P~s)
zf{AgDLwR@x2>3r#h)grK6|Z#twlrv!6gQXP_nHJHEv87>62y+4KW+jb$%}`670gj@
zfZfnOVPAVeELZzz<5W;)w=VJBATV86(Z2?hRW4jS+%v2!;H^x~u^%QdY`y9?<#Tmj
z%X|1Gft<cQR?gE1eHB#;4pDI3sOORRfK(TYDt9Mh6whJ=<L(V(r8USSt-^>r%N2}e
zoH7->X|PAvLo6ML=DM<`r0xL&mO8UTYHT+O*voXW7?Blz3~Pa`FE|<*c!AO2TonC~
zg~>z8KfUmXfH24k^;gh61rhX|JB!iAqU6riLitL?*tBjPZR?aJ^D7UoxR|X4B>=B<
zFgP-+Ct2*}(4B$NoV%6uISxAa)i+^jfCl;QKFhnFN43P}-pT%-xzEU}w*RyaXG4zW
z9Ph|L7Z%dQrmp!r7BP#-OqLSyDxAkJamKJ&av2m&-NFKgR6B>y&l%b)nZm~}bAZ+?
zrp%I-0{xhGY1|oF)i6&mJ^*lTzi-;`$&vWMX4$jfmkW{N#jC$mCA%B^7iX3XF`}?G
zgY<+jcz@jQ0Kn*@PV4n~o2X^|>68(3r_hVNVu4eSjX1$NSp9$;&3$5Usmq_l_)D$a
zO52CsCIh=qhs9>pxJz*0&c?%@M(uZ8x>F4OVC0nzrng_UH$!`=SWO9uNV`N9Ca9dy
z60EuFvl?>M1#{ginz4S1-vogF7#bF`3-GGGK-P=%g}AP?ml<K6^(u0Fv%<`wru&1=
z;o+Wqj^VdvZ7hS>6Y$;Oni5#5uAS4tX|g4P2e}ve%HaVE0o~bUu)xR>p(iVX>oULt
z5={ytYf9{&M2KGz?!W)h+;hgm48oI5YlADrLJ#HMq;8MJRR5m8YY{6n#oz9N!)bck
zAfBl~P=b@F;XRya+1ZMW9kdr`6<d)W_pVQxX3*i6zN5#1Y)3^M<_w2Vmy5E|9{axv
zY$*L$%7=F(5hi!a0?NnR*v{IR&_Dwy$esO5gLAiJ>n4m)pye~p(EIVd9!_y{m|jcz
zO$IhZ@Mx;CX@4TOFc2#4-p=~e@3ts&;nKseJ3PIL@Z??2jblz}>H+ub(rwE;>>k@C
z)%9r&r+*kWO|0&hg2-iPvw+>w^S0@|XJ<DgPa`rf#7f$8eCM}VE}HK3twJuQr7ATP
zE@f6}`c^ub$`zYzlj2DHgS`))whcW*PrJ-7_k|wy?;c+f@V&`JVfdOd<#a^KUMKA_
z+_w>$#x#iTk733YjR-zYQLeb_X*DrMg7aUyUsYZj$s6C`3;Sv=>I#{@2P@o&>sR7u
zhzM}>;>8UAjaV9*VU+||BVt_4<#HQ~I2FZLxqOpQ;&Mwxno#<=tg>Ek|18fQVLkA`
z@t_*wIM#ldTh7cQqKC+EP*a!GgvLlah}xA85P1geQT-r21{fya1=g9&Gu}fbf`K-}
zJnIJ#;1$qa=Qu0(Rd#!=Ore|j!t1|K(<Z*uFT=Wr2hpaZXq#gT&95&Rt7B{N4jFZ7
zT`OHO%Kx_N@;#TCMyd;c49<L3Jd{vt><0yo2;xdn5bql(so&Ihh3>KJ;-7Mr_>d5^
z-4%+cb{W}H{dXV?_`dV&UcS_>g84_dzz&N3mn)vMz&m*~5*nYM0d@%xX&y72%|57R
zoAZ)8WB94&!F%kr$seHU`Q5O797OxPZ&h9E-d(#NPER_%Gd6!*ad>ku|J!1jY5Y{o
zFpoZa=8^deExPU(y<K;hsH+Pf9jotar67;{*34oKXgEWdfmj-0RvaLY^{0ubcPgW<
zAC{d!8*uhv7WHwb2`83XNH7B$(Ctcry*>FUpgn9{zTJM~Mdr&t#_Mt;eT84|(&(15
zM<_5-=d?6+(e(@GT7J@U!93Ikj|YyRUM(#<829o~kuc-bNc@sQ;Pjr&V-qMH8xx$>
zVk5dL*1Y_la?|DwXNiy`FpT!Sb$zpEt~bZ|T+I19nHLSW>*nUODji0*?6zY^t7!H<
zD4i6mvBH7E;FDI~f;ObpV>j6A<YzuBts}NCU0(2n2}uSdGZ=>@EXBfA2ejl^!VL%4
z8PzTd<$U`E!#lKjiC5Y6sKf8!cU~91j^=`#x;-B+R29OPcxjuIAcGmkm49qfCCjd=
zbg3Jc`Ur3@)hesGX50a<$&h@3cO7kS+>)*}*CXs(&%QaY5p_*yNx}%|hb>;PO%>Cw
zSF1dYRerug-47;tA*<_m!~S?d*gMN{5x>z=NxE%$X}&2&RB=otn`CH2#Z~gtcRHyE
zZibWV$63BPi%kc{SvVE-RDRgakC-2X@jd`l*+<h?^(&>VQl7}q9^$UUC6E2=qeE|y
zF1=T&&c!EhjNO<~7(j?cpvab$RxQGcQz)mpztFd`249WJb!gSfg=kvPuk9cCR6zrV
zqA_UNx6p1UMzClk?C!WIZ<zHpls4l$B!Xh_LwRT+NN*|tKqUO|zHT{w27oRrZ+HC4
zBZEHt@mf#$E*VW>66NkuWnl~JuI?Q@HD#LbhOfSZRj76Esw<Nl8j9`QPdu6jZblb<
z{k`Wbe%R<4Z|B`Cw|F0ArArpuj%G<t5MGFP6?5=FD3+_lQt41?&6n@iX-TK5iPZe(
zPPScat^YNVkzJrtIpfp4x3rDs1taMuNyLtDxGSY8v)T9xa?Yop5OF#0UwrHG9dFb6
z=rHxOsGu_<UC5q%@}s1uZ;;xmq4Jct!HE>bi9V$ttx_mEERF+fK?Z!1;#Kl(C18ZV
z0z#}8>a$PDf3w7zD88(Sf8qS#_r-}qNX1uPP_wtQz?JoIo+dX^F#&N+u7{%K)0xFN
zyj{N9UD@-23GG;}gw`ydn|}@%^h=N8U$1~WOWt~3i%M`<PcH(A_XXP=+MMX{JzQ|!
zVL?>UYI6Sk=>+TAC--?<^TkD*LfVos<`3%=e?s1h+nxj=?2vdFg1+y-n>2^_d~qa-
zG~q6dZw*DXbpt4gfue65fsv|SkS$Nb?UMD!OAP{i)Q(zyb8z5YBksyjX56$MbJ^nE
zS8$c~6dyBTMbE-aGzCIRYHN4({jo}FVtE)1?mQ_8Y=6lDrSxn%qMKZjEi?*iB8K{K
z;?TM0!WnQ0b|CdRLqI)RDJj#`qF0}sIf{$DDrBRPbqzw>2<3p|ARI8|reSv|t-))b
zS#J;*3(#v~c$6^{-l>!DyeXQ)g4UY<*+^m~H2eIwd|YkKpVLm)caK=R8W5bZ+E(9b
zDfUfFiY2ZSG!Gw}wVP71%kZ>`F~l<bihSNtf(9<LQmGX(v`+rjtdNcztQA8-`4-5?
z=IYn?a5V+Kjw|Bb&TGjD==Y1vaRapjkB338coj2P;mAoUIFH1F7~ufnB2y$TiIBMy
z&Q`kEuNvf56El&b30QhA51g3zpzghbMyx>*P|o_HOm}cddD~+f0g|;?<S=lQZKfLZ
znRnDnT44UCakuynTpCLt>1Y<D_SS`PJ_kkRGvyV<gqlP+X3uPrdb0b?KAh)GNlsa*
zjjBygnq48~M4~%}+#%GNy6w4qW$|QR3+m50=ofC^{d+<bWZB_M)B>Ld#ow2|X2T6g
z>d7F9qv;R7u+ovyRq&*Kk+Uoh&0KBo8owQTfZuY-#+BK4;_R61L4NQ>ah;wf=-FQ_
zkaZ=0*npgtXhA~5GFGYYCzJuGC0y=8S!l2ht)WT@NvJ*sn(}pc_Wry0QkjPc&)g*y
zkiaF7u6(aCBJvAn&Hbk6WSYJ+s3Qc4hG=ldL)@xt!*?m$>)x75Ki3HIL;pCG|ID9-
z$;DWkm1^!Qt!NMd+Vitj>QT3H*jrV2HMQmHsOksH39u%y2(4Gwq97ijl^i)DuTFXa
zgC?3SiXOW+K#Qv8_%kep7elsJJy1Ojk$Mk#^x~deljMQ*Ja?%TU$^D_ZMl^3p&ptV
z^iF!;GVz<xI95&w2TeWGsL6z$=O-~V;fFCH2~4rdoioNXZ!zIEDDLeK(Zu*Bhhw{c
zo<Y}k{ZKD!(SqvHAV9%q#oWVMqK1UMMKghG_^a`wQ=L(u+#-k5N9T@zG~-RZGj_Hr
z8LaOYO%7D214~i34}Pf5DC#Y7fvF3PcrJe$9tS?|kE5xq?G$_fMPK(0G%)HFP-AY5
z0Jzq;D-<`=oC`iEuZA<@Z}}%iJ0!fY3yXn<J_^UdG^@ZjFNr@$PKSgKpA#wSr14ij
z_PL=~h!4%A_IWT~nrufWCK)rH^n!&|af`Xsq)c$@`QKy9vijqHg{=7I=*0q?15CoH
zA7OmqOBM9_P83_$@M;A3Jk^<hi})P`5c(nHw3F<|aw*s;Zor&yi#784hGuj{Aga|%
zEDy3&%xORGx%?Yt@^-TmmVht`(zv9UyhoUsF!4SRAv0w0hwz-+a=xD8%;8^!4&n{(
zDE`ySUPM3?ptWBMmPd)#fn;<x_2d@Cl-`8t;H*O(hR+O6!WH);eEt~Jk*}>aFJFV(
z7paC9&Mb|ahF|edQQ=SAus=`HYu*Z@1FIAdojY*RaoF@RGttJpeIn^2SAaW|?K~ZO
zOsO!#epVE<FB*`+q&axPkGCC#8VM4;glg0RYu`Wpo#q;}V0<`(j$3eW!r@pK=ixtf
z6>HVH7ckMlp&a>bpW`@(Ds7cQ)mdCrhD+p!Ft>LH_jl0$y#7fnK5t#y*S0!-Z|?B1
zNTr@}^m>1)ghzRKl+sz>invBKvbz0ARq?0ZakaY7Pm(x+7u5pIte+@O#UyDYXtx>4
zRRgQ+(`_BCjGy>FiQNP(SUR<kthhiN5r2gi+%Nx*L4r^?+*#Ye4)jf4Y@;43TA?4;
zMEkrK?rFqCsU14v;_>>XKjMxCpYtmCBWCVP<{X4%g@?&dvkRevfgvj3Y&dqT49@#B
zA*6E<5Zm232b=%nGzN(I^!kI0>v~7D^TPwYs`Xw4ltjpd=_}bWr}P?P2oCAFjCEp4
zo77mg3K(V-L3A0x`Gu`$dwEkPV*&j;ETO{dlEZYC3da7jC?(P)E75N;-2mtXBzFF7
zJ5pQCx@fkBP|L*rOG#Z!j@R~T8cj?ruE}S3kYkK{C1!w9<Z;GYTm~-P6uMm_K7Avi
z!LXEv7z-MI(fvKMf33s@NIy+aUGEAoz>P&s?aOzcO%%qQ?q-Odo4e!)1+wgFq`&?w
zz%#egW7gzYao$n%rAkO1dsg1_CtbqoG=K;t|0SR4wPp;^_#N~jNjw<gv(}{^7cw4f
zrJBzS?1zt0P^BL~bC{92EC|k&!I>uxxiL=EfZGf7vbRUGpR(U0SMtG_U5|Oh%PWRt
zKE8a%rXtRfG!BOYFKDhk{3FiYE*E{XQUdO5DscUvf2H~14tS;ZxSs$g$-U{#p{8h|
zQadjAmv1b}w&2R4K=^?+<h)ZJxv|7T#P)McI%Leg==+-vyO-w(zN&X6cf!kMcNjOr
zm9;j|QUZC8kJ|Xi;z^pK2C4(2F0VH3FF!TeK&Lu*9Jldhnk&sC6#Op{ZDeeMUuHm;
zHUS!nIMY>G^cdaj6}N?=ubtF0KMN(}+lPEYzqw!ppdw7a2mDovw&~Vw)<Y^wbIjLh
z3`MQhN;3|}7mg{)Y9!6F>{0PFyd3+J%J(vQJz?nDov}cSp=Jz9^xFA84z{Ho<KZz8
z6h{m=7!+#ME@ithhhOO(@tA6_81%5js)u#fj>}T+%!*r(UTLT>qFblk+Bpe=?x)Z;
zlpY}ZI7PnqsR5EpJEy%aJK~QPrLW%f`u#kP(OU<Jjnb@=9Mw44XW@T2rdVCcvOsLl
zX`1S}c;MaBDf6T=&P}^}YV>ZjvzAECn;n9#j}exKH{#)(G{7acWJmNCUk0u?!u<XB
zhuN(D+~C(aYmNSg2>;erTtBfQ?`8T|sL_n7Bcup5=CjTI*{fhYR-Es3R;)Pg10i^U
zQyYNUVPK3w5}zzTXk^6vWZYXZv%wf}5#GJNd>sF3y^kf2#F=nF$J!17lV*dgLz$I-
z2<JrpdCvR}%$YnPZI=C(`;VtPYD~4B$m)&qZpZyl5)SOs2G|HND~C%ufzESBMYV^0
z;xC&ipUnSQGC7vjRjqSZ#b%f1-{9NdJ4Gd5*xd**#cj0~I1;qW2G^G6XN}_}_gij>
znGW*T>rao4dmx5rlZ%xlW~0jE<u=Y|2QsQEpFTW6B}`*Pf1nf2HCrw!Uojg&4;C6Y
z{m^t7c5MD@v$h96^Rbs7ANPSMwy3-bMHiU{eLDsxb1bNtx&|)5On-OQNF<t-wx&Wq
zoNt36s>G3U9tMvkzp{f|1x+!uqjBe;PdUk?*ad%s4QMauaArz6W1IZo;gE%;`ELZL
zO$<{dymty`*hBLi{|s_baVW4vj{b0#zYhO54<%@|-xN;;vJi{G<$C5+G65U>$d^6K
zOxTma?jL&loE*tYa&hj{v;%JUnRH-Snq3f+JKX>GQd~Z_$Z8blC#6_hjHFF7AuEa7
z&}Ph(rnCf6X0Ze8pC_v=*MukQr-|u<HxJ&Jf$5MkmTULsPK)w=7^pc+M;GIp0lhd-
zF7@jkoF)m#RYH^=#B+JY^B#H(WFzw@K;r2@PdIjMb>CiSGY#a7VaKZS$N-H0I<J8P
zbi)v_1hHs|kmF-MNN}Q0CE!AjO=Z%&?OTdUsg=KXMw_AO8-bg8UhRD_u_vx}z<Qy+
zcg|{5#NjoQruo29&P(v<g4i3A(eOv%XlXU`<<6Zgy>^FOVO4P}o*!?zI{7T4NFyPk
zq-Q48CsY%h2FYGWf6afHl$AVDq}Vn-W0N0SbU&vGrl!TYuuo9aa4gZgNZP`MMb{7h
z);tHiM0qS!Gp02&kj-?rC4BcDr^{mNZr#O9B92!-@Z*$mH!aAOU+St^(NR<NJ4a<T
zE8he}$7V>`MNGq<z(~;LurbRH=1@`iX$Ar!AtZiZ6=$cnJ~N~p1i<zI&oaftg^6PI
z0vz$~-;shxUTEld8n0a#(*Tqtw^**uMdax(Bi)67`B<sM!A*J?&(wRI`}y{X@QEKj
zy{s)f{AAd3?H{n2y3$R|x$<5XXDaeniZ^o+)17JH)1$+-<anAIu)y4JX9P30JcRE`
zZUwv8-LYSVKf~eu+k5}GYm@o9UvE8<*4U^I%U&e!U-*2uLG+PN4$GQ<9hnTAOyUIf
zNlW|fc#`iD>q-T2uP>Fe%ib7hPMyFJKxQLuUbcW{#;I8l80l$E+m~EK=1{N_s$@J%
zWcaJO(KBdZH#}vswVK&Hej%wi503ploYC?tEA#_|itPq?dec1u^6XKDZ@D3;<a^%X
zoT_X+exCtM@;#c@+o+WjcuF9~<MbGs1nKlRup9XizWh{@BT)e37}PlsqN}m>0DBnC
z8lb8F;1%h?Nd9)(R}ga2KUGVqglID@FDB+o$-VHd)wJWsn<+LAiAmwRg~?)Fr;auR
zHK7wNg@;uY7x1H1S_4X;qYI=4v5*sAa$r@3{WL2QDvPT<l#iMJE3-Q@4ta$F1)@Dp
zcPG3PCw|yP^1h@<Dv$kTeFy*Ek}?*BmrYkyWJ!-o&a(q@IN)Z3lf4}Jm@x3si(ig$
z=?~-C6mriUeh8{O&GtOhIDGX)TZvH?mv9%5!@7K8%NGqv#6Aq=5LLzEHc*V#%L{-3
znZO@?w^PxgQy6P}!Mi=j%$Jv3=T8z$WbP>(9_Z*U3V(u}k%rEuedR<$H6J5Oh`I&h
zaUWg+Cq_6gb+mucUc=?enyTg$j&}uTatJ@qVgE*+?jwy$O?2I08g(1{=_R2Tj%fPa
zO1;h9pET07Lz`fN9R8z)>NS6jTbe&jK!a20B4XUeb|Il8??cYPOr<FBmHx@By5J4C
z-iH;Qg*_ansNO(<{~u3Z9oN(wz6~NJB?1Bxladk<P#Ol3k`fAtgrrD!2#k=B?uLPq
z0+P}&>6Da?(cO&L*mmB1-{0?j|K4`?Ip=xq^W67!U-xx+aw(ZI5S*pg0gv^ada&y8
zmhA67n&#X^Mbe85W_V^Vrs(k2`FyYvV5TZV@#Jkl6W!+B-lo=-P<GY8vIYn!nlGIj
zu~d>IyUh0kR$G%{T7Wp_03rCYAeC&JA80|&#?FIqYIxb=c4~@;wu9mMMxP$>F$r2G
z=5i%fyF3s!L89i8a`w4a<by3sk}X7nV&N*JReT)>cF*JD3Us9lE#s&~KhLju^90%(
z89zCsK4vN?`FrsR>ZyDG4clq&W9C=Kt5RqtzZTD3XLI=I<WD7n9HR^d+jz_q1!bAg
zy8T9RR6G}8I~G_K1Cr8r+io&zHtWR)@;k<6oqOiP^jvHXwdf@HUeyP2Yg9NCY({eV
zw{4qfVa1VOeq#sYL~OWM$xkC#M<{>awa{TvNg_=W>{#N_UUT>hZ*=rV?A)A$AAyP;
zPZod3O!9Ll7`d;cVu%5KNj-eR#GOrOR=8aM?=1+hVp8;bfA6a}!6g-Ah=@O=Ykst^
z&Eu+M$ZztWKq<gFip(F$#Y%7U7!>MUjMmchkGU){WBPNj8wY56bEsBz71QhWuirN5
z3+GrR-ChMb1H&6*Pd{o;X$9`$i&TYUKJLK#C<}7ix~J$9oXs7?fa0Hc)Ay;>q?J9J
zE+cL#fdK+{vj9^)jM(Q1LKMDjht%yw_>s04(CUZn_sug+00Gt*nhETr?^&`!e!RG#
zsN3|<Lctk`fTfTiHWamM_87v*oBq<^rNpp4+89g$H>$eO!Zuw(b^sEQ+8oT@p|co}
z{}WHU2^o<M3Hzp;pm4ZtmK6oIpQ)&yqIh*CAK}}?bj4<HRnLrFZIeX_>}tt+5w!|k
zc5rD-2^Z;@ar}-65#mL>?(ai(ru(jiKND7@fX|eL;5ldH2Km4{iI0Q8(T^YZTu;YT
zM%Y-;bDMs4jew}<yJ|!1CJS}@hq)Bf7weWNXd?io0&w2i5Ft|@q0ipA^?b8^)!`!K
z&jjv`XZ#9V)HA;-;ck^)D1Lybo!nuaZ>5Se;D+#G|FtwxV;ikTTXL`^EZc`rrWyce
zh8^;i^zy^89=A4ejGg6+#G!vpJ!8+ahvuO@(HmfH2v!1_{K%i_YpiBEHQ_+rpJg;R
z8ZBt8Ha93?&du?Da&GX8IXAF}sLIC01I!q3IRLjH+%IMzOQ>v}!5M$8OyOq9>ts&S
znOM<9Z(Y#GWo5GQtRBOji%WRVpe~06?4Ir!DBKc~+HYBG-;nKunXZJiTvF{oT(E*s
zfh7<?6E$|?;c=zybGvi$59oZY$3X{4t0<6n`4<r``~ehGe2}qXQH%_}MfEgjLb5{)
zHh1R>7YLTS_bY`K&owrBc6%TDvsbg8)S2Rx;Tf&*vZNXj>~)JL+i}>JRW5Ab;@fK*
z*t<Hx9ovv~T(n7{+|fIm@&6m`hg4&dZdd6zlEqa?9c&rh{TC)Zzq<`}!XC|l{P_j9
z%Z(uggR3)8-2ECuJPxX`Z*BaqXQ0zH(AKCN8CTV-QcHLxtmV?65xYNQwv57k-}9i#
z33GX31fftoyq)!(ZqzpJmHaDIW$AAC<d6)K0aY2z&__#tdQUAz`n(+GT5m6*kzxeJ
zPIuJ281`j(8Acm9W4ZPv&+k?=n(*1dh=I8Db2+nDKbZX^AS#eJ;PFf8v+sLjIcOna
z1K0J<swtcafaGmAO~Q+x9=&OzEXQl$1$(cO!a7(a1?X3#pe=;2vh;2IkER?<rN+iK
z$O*f(4RgX7JAw15m(bDScix8l&No*nWn9}f`|mR|paE&{<_-Jnylu*6kF&N9;+N^k
zkd>6dK`=M)mwaIlTmnq9fA`!)LuTYemA_v=ELL`BKm{*6d3mo6s_GR&UeJL_qv_e#
zUJm6(w`63US8XE=?zF8Jxo})jTa1O7e^42_8zF#aS(Dr<ArlaH!t<kdge6eP4NvhT
z+gdkw<+L~;n5D~EIAFE-B=6<@7h42FK2sdT(2Z{3e+pW%NE&X)V-;RCnV8e^|G$(O
zWPO3>neS<7MzQRs{;FqdJ@ZgW7UB?9nNh6Q1ywxj5?Vp?sTkmP0cpgp%|J?7e4CNn
zhdf!jPT1F+JbX*&TeuWJsg<N#yZ!6QjuuN&yYV|*^?U$m;o{^30i6Q00IAy@=Q<!H
zc|GG5%o6@|%4h0<v!jU1*zHlk?!rncKYRb^`Us~a&6%7SzK@0jxgY=3p>bc&&U($m
zx+rj0*M0bJm!rNr7z%Mi$#ItP55{d4!xA@?Kq29Hvg^E$?p;tgvp{DiG!DxQNFWs+
z;h818%t62HG^gMGMpFWbdFqLx_rZgR-xBz^T+u6r)`6QlJLlm}SlsI6<*xp>bzf&s
z`~{b>2o<d2hP5)F=#R%2RoRd)yDk@kVgRRo6S6TX;zkyCqeT6IzdpOA#o@F9KbpIi
z&AFeC4MIwQr&8jWlR?4~AQ$V6g3p6p9RNbzv+}coyW4Aqwr1fwUH_=VsPC<TFERx0
z4kn7czCY-^(j5VCok*4V$>VcN)8F-t=#p9bQo+E2K$X&EiU~;TNgN0(QJ~BBg&K|K
zIt@OcThE}Jud6u~iN1;Kj3WD%{JC-yZ2ki)>Y~U0JHQSQ@l!B^d5Tf2%T;<EI2RMU
zN4O*QFUbj8P$$q!tZ8Q{(S%Ibp|kn!o60KGNN4<X=YO^~?g8v=L;sa05dM^1LT~W3
ze@uz0gRR$KdI>KbTn?d9o^P%mTfp}qwt)EU*gRwu>wX2T19C9e-t(}|!8_EqckR+^
zZtNT$v`SL{e0@Wmr(Gr0erE9a=RY|ZZgsgPB1P?cs`2Iwqx~SI%bIUdvwzsy{saVW
z74@Dn!x&j?o-GQu+YPOjcSU%P=;0$Op3HR8v!DTTto?K;&yR@9<eqP#)=MIKxO|Ij
z=|&0#jE%!sv)4DF$-uv1EkFWuatQk0hyNG0gifBaT_D8ziUyvE(LY*78&f>#jr<-7
z_ZaM~1UFsM*Ty{vJ&)dE*y4^aT0+sdY|g-!P(O?zBo$y6`CRJT9j&e!;Gl$-oewPC
z`-&oTSPi$0?)b3r`AA^MIK^+f=RveAqu4i@`66^8mabRypStvTN3nO~#cxG)Z$-rI
z?iH_(-TD3KiQ=6R%fj+C0k|1d;`_y#rERj0c6-sCM<Q1yRqsud$8VX*$zsi<`F@{N
zKY1B`Iw;xZbruk~V@5lEf`0KNY2_d86+W}oxuHi4YC1o4Enf$##N8HtE~-u18<pZx
z8rpP2o^we+jzdN=#moZd&&$Q4nEzIvLF|w9c@xCwRiEgKI<K%_W_#b67e_^FqtiF!
zW4<WGd?}XVw2s<z+nc15@W!@{<X-<mw{3Y-HuWRp0B29+EUr2#Gb_(RHv~i=n8f>{
zPJB2ZG*46?JCA1ay-t2rB45m4^y(gYDo%!MP%K;Yz<Wxl1cDVniM@7t@R~H&ozlom
z3wk9CQ>+G07OAVeO5jk5U$3e$UbhEmxYc;<bW4)d4W133ZE(x2<c(SpBXbSDV(Z2l
zf1(R0GoO2verWR1dEam(U^|w3iQ4oe6o5@1fkK_@#qObrEiWu^geB>N{z;HZuRkor
zy(W%X>Ui*JOiJ7ytORHj#xOqB10^_0o1)TJ!75j`MenzSlc>EUtT&5>(?3E@5}K=E
z9N<pbi$X%uYv%(<95E=twvRILg8t9R(ZET{JOt#Alkl}|q5`+U&%Dv<>3mNyUp$jU
zY)93n-Yo}dI&5Am&#GdL4Y2&E<r}~eeeGNb*zcKLA>aLmFk@&4w6FjUJc@Jhp8!9x
zfJx$x^A}||G8>Uc@h2BlQuj7RxB(#G3OWT*ZdG{+cp-3`*A~!Wl0rht4`4kXsc*6P
z8{VxB!ABX7Fu{c6CN4esk8+Exo36gxrM~s5=w{92a#p|dfn7D|mBFbn*cXicE?!<&
zgj^0i5lFH#lC@zRGh7#J7!-}ZX7LYI!d_m9^J+PHq8mT2ya^}Y4ae7~$>6Z>dlb4@
z2Y+sa9kk6`rVd1N%f9@t$X3-&K$4~5sIy}{biIvOd*by-Ebi7hkr!Jb-P?r~NC%97
z4AwDAETNOY&!_uu4FwZ`YiSJ*#e=(LhRB9M7QE;ifCUZZB0I}8jsr>I`v=-Bd?p$h
zgp!<lBdR+l3*`moJKP)fD_I`o?;4w64Y5Bi4kM}z)@?J;I#E4ivINS*wOi1ZGw#oA
z2Yxq#Oq;s0rxV{c`mJAXPF5BI{a_)({h5lV*%0j8eX)bmcD*u%jXNPbYdKUyA&oXc
ze6Nb^4xG*_olaLdmd;eeI4xl-`=}Dl;XdJNP>z@j5j~%gf>y3<tgPOjTH@{VYXF)8
z>j8eR(hI&<wb6vUGd63|r;rF-zuVznuMzK5j4tR9NDz!?mU8_t!)HPR32)hWfZbrI
zYG9)vP_#LC!r6YRQ|X24a9Lh!1_RoA@QfH3%kE7Vgjq^~&1QGROzQg;y_(Ot%J8|6
z)T6%dVkX#nrxn#BH;xVIxbuXicDM_Y;mYX4And7kX#Dw3n&sRl#nzXSNWD8~S@*2|
zlOp?{mFjIxXJWcby6Huw83V8<6rYE7*D!P^R6By)={0)?&|)w#R58F2qf)cFiz~#F
zAvNicZB2{u4-<PJ<0l;p04@DlCpOag9E>Xu>$ZR1>&LRqN9dzxe?V9;Mh+5K4x$`1
zatFt=*2IcqoC`~*o!))#vBGX_R`sSO!_G{wPqea<sBeujC-7unKKnX(83#$YUm#A~
zwIo8LzL9YKP`x=T8BcHx_QN)`+vgSick+)J**WQc(eS3fz49g`wNI!54|?dtNTah!
z4CU5D{)RNXCM$TmZJl!`|I$1nh&bfhhzfGSCVRQAndW)=?O`Zc=y$v>T4x5cUI{V`
z=7vfu$*{wyQR4wI_e|vA*sNp92?YIml!K4QE{U_&d_q_PJv*V=4}Kd(t6T7aw>hY`
zT=w?W=<|hhuq-xru`yvqMryze!jkx4Yk#R0q0PN7X7)6BbyYF4spT=W@>Z<__*nO$
z$%T}9s`DI6JiIxO_`}?>dkLTgyg$P~_+9Vvs9;g*YAKcdda60-wFE_Whzi9Xw<go{
zyZ*q`g}*YHG_XzQwGd<~wv=Y7__e@T3@AMC?rS(c$J(6PQ6D%B0Vj1UbH2WEyBQD~
zC|Zcp>s|mVuxuh=DW}4JrSD7|959;uFB~ALm_+Vt4q?cO{@Xl(h3lkPCNU)(V9<-*
z9dF1)9L!Vevv7u~8$^g4>9;k&)Mx`}<2t@c$|`}%Nx7wJ@AJ4W``^Z+3Y@Pg^ACQE
zQ+YaPVT2ssP?6d#{7GQ2qN$^GMZaLloLzi$xiE0D*swt_NZYk_2)`+Ui2rHqLUX&W
zE1n<GgI=@G*~W|m=!?thvB1QOfvCj04T~YY!{(O4Ur4_te(kH$r@Z-hfZDBckGQ`#
z)y}dn{e)|HR>*?|=iSGNG!Z+O3v}h6s*78Cj0RBXy4OG6<IJ(m@`Y609`bM)JhK#d
zd=Kr;3d+QIb8G-+{jdX^E#`?CBp-9F{R<+F%kko{pDubJSnV9n-&Vt#{n(H5ty?s|
zLvV=3;fb*?W_b@(f}4Rwdhde7fDj6Kkylj*#*iDaIgl5chFjB-`8JAp{ch9gc(7oG
z)fwKGr8SvSTl7XfG##l0$0lBw_H?X>ZT*r<=8}__R6!61>U3+G^%`8r9!#jye|;k*
z+iX7gHuUiyDk<BqMGn><;lJDQiD^!xZkS7Mz5>K`aPH{sv3KV_XIm1&)(Z|X-<g29
zNyv^@9tUcGn%9YiqVX|ctr9icd-7NJ*LD*u(iKLBG!s+%<9b1VYV@6%S<H{oXmgXQ
zuvQxz*VW}R6&^DO$93}`o|$4xw6c{&D~!HUQzgj~;Py|=0y(TCdg&$t1Yzgq!%Q^?
zkccw>PKQx~UdAz5GBEgKyHSw!Ch9y(fU0b{RA7PD6xbZh)mzEEuFZNZfCC-(?ZvMq
zus4#}+=Z9PvL1)s$|7+!db?Wa->}^|s8YY|O)Uv?fJ%+d+DR=~%IgzbfZtrKhv$z%
zfax~`$B5<46kaL&FjX2zVK>v17wEk7v)n1NEhM%HhHW@1?lf38h_o^)0oFx;ek*M1
zM(`J_wOjY+{|e665zXi8!*$P(ZLYjU`d}hRRk6U2p&An7UN0_S50uC(IL6!;vby3Y
zY9L99Wd{1F9cAR$)w~??dIFNH961MC(3X(04R#Bu8(%^%{xaIl&lUn2;~@SsfLgtc
zc@CC9czp^L|50E!)yDxMiMq(3`VZb1j>I@L{~X9nj<AN$ygduVbmR1SzN90L5WwGh
zoa|CO>_G6p<k42>)NBUm>8u<F6z9w%alaZjyw7(7++#r+4(OOscszP*bVqV=dQf|V
z39z$6cNV6@<8#hNIr<bT1hRxtPsH%&{^E@g{!wZBq11)oEbo$eXY*b@!)IjZl0x)r
zHhI^|r7rpI7lhGI-9LiFW;#R~hD*y?H`<SwpL*=N<GFA7t143*#fC?dEAe3ji~$lA
z2n^FgL5<uY*nr-yF(+}7)+){^(NEsPVi3dcB)(jQ%rMpfjYaAl*Gt)St09~8{~%dq
z5fo7f5wgj>6<=GT=E#d>G0dr6AtIgK`rhETlo6^GNIa)n#+yL&mI3mtAG)>PI~??S
zC>CdMJ?xTAJ8&Cm)x!THN6K9b$3Tg2=$tPcQ4KPn#l}uTPzXCt5#7urY_?b#|K;bm
z$|=)Iq;^v*%ZkI}vghz%4DnWi4fweW=F~_fE~0k0eZF=e%zekY|5(Pa*k{+8UEJwL
zkax6pG|tr);x2<uh+z(Qjqqob{T$+eIr279<pk?t?`zY$g!7&4M?i&@+<Y01{8xj&
zaJhb0Jm1)^Jnz;94{xcb|JVXH8DJ`IR_QUB$0_c%V}q39PzWZ#xbS8SFXGrFpEOC8
zgqg?l^SdtJU-X5(i+Ow(s?LQl%q@`8?V`VMrcKf^5M9#|@}fAq129^2<mp}ot`;ZN
zMOV}9Fc82}#T=bk@OYL(!lMFDch7lerQPjx)yxfOpD+AWfKC$HU~xko8X>P1K{1wz
z=k(T<Xbw|1SwwzB`qx?{_xO&@IQQwRz}1@zimTUqe*-@nxWorUmZ7(f8<-`I({m(P
z<=({>Mm|_(V_G|8CheEyfO$QpgQUJ^yZ09k>C(=VmhfRcY6DDPr(_&0{XA;(*qeNN
zdP1ZL5336p%aPy!J0k_gz4(Food}neXT}}K5&^Y~!<Zv3a56`EKZiu!Fea!3amOcH
z47k(LZY9a82~0h<0Lp)>(+;*1v(o`lZ!1{EchuL;#>_Thh`p&0*^~4y$Ad(&lH7~l
zN2w>Gm{MCBl^*adlxkwNF#V(h{`7Tlwsf<b8qq-cU2)<7i~)QQhgPS=kx)(Zqy2qZ
z-<cwjJC(ZM4L^#bomBj81+7myLX+4OBzg6ImU7;8t}t$tzY5tw+Vq@h;~P?eb4+UC
zwx_ko9f5Nh7u7b!f3R;4p1f)42(nG_O@TB|giGho|4`8$uo+l!T=X*Sg`~84FQ>lV
z(w^$`Og!$0%8Oq5P7w!REgGQR;&96O#*0ykfXvtl^^Qd%Y+WOX@o&ar`xBqN9Uc};
zkoe8i(E1bbb(7&d=@8O1vm<59kHe5`KxA-&KbfCcgIT8<YFV1RPUiU`tSI&4uslAU
zrl6&7LNXKqXB0OWdneA*Sn#cOfMQD^-bOk}{W;C2wOf$<tjoZMav*nseTX?O;M{*L
z>E+fYsd(S7PJqz~MxnyHnKa_^3>wV5aF6>utrFH<rXgcf?ay&VA1~dEiCbjTjvsh7
zV6y<(n<`2FQoB@nwNnfVq$D?zFFbrAt6H~{e-Ta3&r?^Tt#4$A%lS*RbJJ8<eFw(5
za{^&OvJiL&nNLjyepkSTw(ur$jY|HRbx2N8-b&3EG3KqsOBNXJob(u{@>T$!eyLOT
zETTjl5$;CVIQp$qX7vqCbYO0&9xsjyVOSCY_Ab~%EM^0qq%uc-Sa7+`tIsIyNeSm@
z1Y5iU4psC|rwX+Ms1#=4RIL%h)+Z~NTE8Ru1ly70qVGEJSQ4=HP)b55)vnFgy8QH`
z)~f;MKP5_ER>_<=!<k3OeBJO{_P@lqR}ZD<B;6+F{N(3d1m-$K4pTpE3Nl%%WI|{6
zAw;{Ick&NfMdWcD%z4xSsFv<(zL~6ALWc%WVg{JjU<VVBiB4`A#R$lSQ)!`Q`skF3
z(U!DNsu$JegmnzG?2o?-nnvN7%*~&G&k&hA^I8E~4Bg7I6ki;&A1Vs<@*x5CLlJw3
zA~S>xEQv0G2?(6#>3n=)uS@K&Pv>>!J69=V_i*3G9otOhk4U$17IqZS>c@IWUa`T{
zrn_|5OXT>eI>Y@`^^kx@Kz%@?Z2Ud!<t}WX4|snwmV|U_zKC1gynonj(&|-?{hJ`0
zYxOtDD092@1R|V^FAEY#AciY!sW20|Q@+@pg*ARev-+LN7MPlEe>GYC;oNbHUv@q(
zQmF>#!iEY7vQwfxVD{I65+1wvx54v;K5HQvJ4<oClScD56o{clIDe9n_D1+iYg*m2
zi#`tI(2(^4y7U_$Y~iG69MjfH=ry-DWqTT_-L(pj^VRB*Zr=RWYG(#b7076GR3c&?
zRhVNnW;!4VXC6$x{WwQvu!-Y@s-IiE?gS*b1WuEA<nPR%PB*%po|@s`B(8z2`LsL6
zWu?6z`plO<pXcckafD?7xLly<BI5R>Tl$&Ko%y<*Al4dB<oWbf$q{(1-wWHX!*^{c
zRA$!LvY=Kq8mQ-GLEip^=oFNSe*3h40v+wiIO4KOt3)Y#Dktf6Bi8n+_H-De0?DWB
zhpfgwpQoO^sDh9ITxucuXy2bh&B+n>YhY?cj`~*-{{fe!>#nH&Ju_PzphtEA-oIxH
zk+{83K04vl=!FUxzq45;emxQN`+ay4QF>!gvDujl#dF=fz%`TNb*kvOl5Xy5(#Ibp
z(B_|P6Easeh*vnJ(Mp0%-Qu+^-JP~Z4<`+dZdWw1JzJ~&I0c$YM21Gzb0Q8R9cAHF
zzC5u8uNdBKpUXqBSMU65-@OjDTNHCf8`5JC1uTJWaQ-)xFN#yY-#zFl+EJnG{!aIG
zXT1od4s>d-KEsbLe4VYE_SDD3X)M8%g}I1dRPM7+A!2810)mr<u$tRw=QL@lFTEph
zv0t?D+W??8<mqK+`4x$nt#r5F`$~f16t|IEbA3ze(p){|J<j0yxsMPN&#=Tq?H~D2
zpSd>RFgv*DNcRKLU>6lQDOjO@E$x~d^z8w6!j<ED)!8@!E^$|jD#|pH)aBOep;PWB
zU7a_TN@3SO13=J+vxkfwD*eD)zSK1Oyq6olEGZd^%RW^#EbI4gpOMd|f~wA(GLHY1
zzSjz;+7BcA^WreAA?yVB=K45yocBJXf1JDuLdg23mCqm^yMJCLwg>0rI&ssq!u26g
z=%zw}<mQ{K>k@)75ZMP=Tc;ELG^e-CIP{QT_sw?O9b%eCZ=03f=bM?xeEiNZcZEyM
zZ0#0*emm^KMEQ(LN?_@R(-Q}2g6XlMf0MoGpC*PHCLAr)&<(8?6GP@zplVS0A8+_i
zGU<OBJPEi8=OFi)xXQF8UgP036<v!AZAyZ9cb>icxb(b^;plgI6B={PvH-tltzJq~
zqW1UUf+7ScHxS_Ho*4CTxk2@t^;7xRfAjCbewnS)rby13=IdH>*NI9k6DV1&7V&vw
zrFzllY1Nak^4?(BOEnSu_xgsl4=1vc<UCcP8T&}5rXNB~#hS#5QMS0~)t=agzKBf1
zd_Ibh#I_U1q{Xk!U3YW;62Q3Y5l^{!%Uk(bI7zRIREc;jP=Y9A7jAxgk4f`?cn)oo
zJ@9n|rfAHP0^21!2UAr)CIC(IA7_@lH=B8@h~%ulUbtTlA)^X%T_%^31?oD+{x#zo
zpaPaE6mN)`&BT58V_tk(=o~N51|Io_yW*Lm(cY(H-IMlsn~b@XIL;59Kn}=5=JoAD
zE1>H8dE~LfIG*7Au_YSre+xP9xuHK*W57mOI%MfRV=N>*9izu=0G;cpt3PVqLm_AZ
ze>1%{VOFPr8{16#L1^h=ye+P~UEf7v;Q6T0^6mEd{#bM*#@ke-M>e4-4&%J~$yT9#
zXLcBpiVG24;;=y&5+Hzqq$}LS@kI^Y(7po39rw_(3n7zOgCER=vLT@o&jWeBkc=ke
z;gBWogiw@UQ2Lv6XS5VM9R!}2drHK<M1A(N?1pqifgiTNby;Ox@@_KGk30?xL;n!z
z-M6GR?EHUP077Z;0$4ks9W{BE*W`Poq><#M&xg+IAnf5vbL_cU+4<#fi1$jK{ER<3
zPxfTSzSO_gFLzEK-9va3RAb4SPFtw0u8}|J>m2Y{Tgzvq)pn1V>oG*C-jQwTFyT&i
zkRkDz9Gd33a1RG^hIIp{Z0#NdEW^k%=at^<?c%2&)+c_yWAMImF265+MeH%_wau?P
z=<v&Y3=b#r*Kk{`FiQoK&;5Mv12~Om^VZ+<O4|VVMcrZvO=p~MW)$#(ZdbiS$Ped=
zGbOtbvbXVlPmRyM#W0F7-t^drZ-LN+STcG(9(S`afBBk~ftd4uyZzJiwkt}|$Bl5G
zTLNDT=05Fm;Y&iIFtDqMGtesE=(Ru2>_xTxe5J{Kx9hM@phExP%20l-KMnY001%=g
z9^R}O%RFpid=20*-%{ztB1;n8orp%T9fTZ25b*WvViEe5FD>}PqsoB#b8f!d5*0Z0
z$15Yw({?t4rObO(#W3n>!YncCg@DzJPs%b;PX4GhL9|OVIm5aBs?pi{$oN@B+DR;j
zTVIIjZmHNwme@{vGag!2Lic92955WbTnAF=p=py`(SGL+_xV&G%d|A;`u2sV7fOc)
zqzPFP8MUJWj$nzlQ2T5<?KfIe&vt~YiJ;+t*YP|zM>VM=JMi|`O@>C_jS;e24X!73
zUhT0rt|s@OiTpbl{V5gEYojEE)qM1r4yX={>drwXL_t|_F&qSwJs^A?-#o_U(6(0G
zrYX*+d2p8S3NubB{DM@p^qhqZGJ6~_PW8i+Ak7S*^?gw_lG|BBnpy(=LfTU5{^xj&
z!OeZGqS<-aJ=qMOp~0Y>A_k%|XT-u*)tng@A1lE285+wdMtZ&_UM_0#(s{%Cj@_H8
zpF?%}bF@3S(XX&0$*a9VR@qC!i~a*MhaHHb=gf%rU{tSjelE^F)FE>5+3!d7$`}W6
z>?>^ZC6yZEhqb;K*tf?453b%0`w$+vV|zT?&*5wE3Fv>F>UA|N5x2U45p_)!ZdeIP
zJ7T?=bWaqH=6}4)vyy}MMp0c=O+i-av@4B&k?Nsj_2h6D$;FmTSe|bGhe!uMTzA9t
zpMmH+(Aki2O8K6^cWQ${n^s~z-88w|$+e*emo`pOUy5m`Clc#AZyb-SAGMd3KL0iy
z^_#uwoin})WG?_s`gDI)igo<D%NV6FoKdxs27$W^6g+1}--JP)^?-qqPb`PDgL<m3
z6u;_5e&}%PRSY#BXcq5L+GI5>HG@%;4dlbVMpoaf9x*=1c~Pco{`_H^Fx#Cl#CImV
zU6SoEra+W>WMrRj-4hNs*~YY^1@~(I78F?+*lEPP%%JsW*9ln!pev56n+<9e*)oym
zB77T$m(+@FX0N19f<l9($5h*gRHZtc;rOzm^n9i7n#n~4V}ubnBl>WXBitX_aX#r0
zd<fN2-HY<1zU+yFv=u8yiSjc02lVaiLVU2Nrrk%!Chyhx70;*{^sd|{qA+0Bb=tgj
z-Cz(O8MaZQ&ywwL2#3h!{){O-6)6<c5lNCwCa#i7&DR4MDU!Z)p3)3N?KSeO^``)8
zv;v&Tc`QZJIn2>+F?Vf@8EYzxXzQ(u2PKd9#m#S()Yg|74M(iABcnJXSHFu~P%0+X
zF2@{K>5^>(?LJ$n-T+NjbdY!3;2jJ1n;>>_IMuT_gE;b-7I_NQ#nIj;3(Bvu#Pkiz
z?yq&9bse~*<Xx@SJxRO<8}e<eCH%&S#bI{pkAI3=21>EdN<2~Hxe+dP7PFiBS>u#Z
zYS_+ryur4RC3w;;?4}Aj+EJK4NxvKUe&KqDO|d+=fpqwftxO-zZY}k*E3Z*oLfbvm
zCT=9NlW{wy&$6E3Bb3<m=M1U*i|fF!-tfAk!}u^zQ>Sh5YyZ-d1Cb8ALhe64e^u1n
zl)G!4Cc*t|FWDC<sItE-dOxRwxIaAGCz<pb%|TVf(FI@lo5taU;o!e6pYyA1EwI&s
z{Cmzg(LY^YXmq`Lc{@hIOP2oh`nUEb#p#P5%UDS-jsNWQ0z=b%3PN;O7a8?B8@J=~
zf?1+sm>W4zF_*c-xplEIZnLrv*n$pDAn#)^sIjz9NYgw^@L}`yqs}$66Q`qUpB3HP
zS6LlCXCaeT_e}hWmOs|Lxp*hDSt0-<`a{QS^|0xi%KBG~4W_LEy|Hs+YnCEW)tMQ;
zles!)_WMDcrs(W-p6}pN9ePZ->hUXwbuz=pJ5+c)M&F-r&fg8%7&drL+3(5x6qE>*
z%jF#@iQemYmC+kTE2oHXe=mWIceLoEb~2oNa!U2f)CDDI*8F}g0ci2I;}FP}e^ww(
zKb4xK^NynjSsbCU#etacCi}hCObj(k-Rm~(q!1`jiiA8Q{ji(81<@mhW?}isv6C%-
z+rMd3r9XOmzb5|Eatp=czWB|WNY-iYEIKYgQF7g)vStlz^MOI4P>_!#m3bcYX655m
zd`#q{IB_hft9j}AY$6z&t{W((C2;jEu_C=w<)6yoy3)Y$&_G%Z1PDB8!3up1+4&@d
zt&0m-FTKxxrJbYL6Ud1e^Dfta#xE!>q6^aNK;z4#J@D_Ocv5l2le5CbKa;K=#MJbQ
z25^`PTFEUm$u6#SKEdZTsI0N@Uf6Wi-L6^pVdl$ip_-|n<%*WMC-YqA_I;VM$b6Wl
zNX*=<KKhg3q7^cpY1)PC`VGOtN-MyF+})U#bn-$g$U$*)pZ~BlGCN~=>4pEOd?M;Q
zNatl9>49$$&SJX}?|i6wx#)6M{Nra|?;8i&0{BRo{Rmq#;aCfG!*O)UO+CVS<>ST~
z)IbCBX+sBefar8)oP0xceex^duW=K*$AYgwi0(GKzkbiG%-syZS$vp(^Q7=)GdDTw
zn?bX2e%{V*j|VhjJ+^Om7g^>CcXwcE<BbYLSGqS}10GTj4Bk&1KJOWNVwGq&`CYvU
zORsSEirMDFDQe6H8oHtz@j~=BbvkpEsmuB=!y4t`8uE!QS=8EvEEx`rz~$~?6p{}v
zYXuDw<ZY!KxD{qA)=6sjQ+~anVsvgBdB%#h9EPOO;EvdO_d~0%XWV%{O0xjYpW&x0
zd!Q;XBCa@}cL$;7FFd7OH&cBODC)&R{o%VI+o~09`HY6xx1cX^FE0_i4i7A4`mpyx
z+GRd)lv_qa;%wu8RTh9AeOA$(nvbGP#9{T)MJ{h=^99HrhQ#M({@l80W3a+Qvi$8d
zv_zb}z8!PY_>HRKzMP1fR>ULYGwD$VdWisnTdy>)xt?a?D-GmlO<HXI;70eR5!HZ*
zRfl;WOWkXHCTV-o<mI`iz1UKd6}FyLe8-Y@H)<wkJqv=+eY4ZIbu-I}WrqgRFH!ME
zf<DX-_<cx>L?7hCZ>gA5GzN67k=m{?=lgRzL^|#YS^rdeuq5JF!Nobq;h&a3UPb2G
zKPdTflBo#zvfE~pj=%c?g#7g2CUTZ;BpNHXo%fHoQ-v{BR?_WId|QIzA8T!OlynwV
z9ESe+(@zqsxBZEyzBTb1(BNf}u{oJ{*fM_|U&rvvr?t*pn&Gh$sH6d^1VNmR;7iXh
z*ChEk$zWm6Ny94A6x;rf$(-HccO2dkbSO-Cjc#Z(Fmw!LkDt`!0J!8OHkQMD@%9Y5
zGjX18FhqxUda5n?MD@#Xm%&1Jz#>q+^FBng2N1IXc*u$W_t@9wlt5Z;0+$2u9$Y=#
znw2BdsgH)1I?RBTI|;31dL?=tgXRt?`XTr!;;7a@6oFEvx+C9v!lsnblt0WE--a~n
zM!cGNrW^9Qs#675V&?N^XYAk4K4+myIhd_O?RZYrheNhASZ_43zc@za`<s^h@i)x{
zwOog$A4Y)(+4|@_OSl?uNYOODS@{Dl*_*Otv$V6jId&^_iih2UKVz-rPinAN%P;;p
z-t%FxqSd;CCOdpi`bR}5Y|QIx`vcYvgGMdo=DDwK{-AVGZOE;Y<jtR$h<sympxJ%v
z53+Zv-uE)wtLN25l@KeWcnssWtQ!M<_~@1@oeoqL>xRy}<G$7^LT#6&ua{#`KC3%r
zK9+Hho4&e^cA_c9d}3Gy64Nk{wdEB1@Obh|q{9+P2_?xd*8s&P@{^LIJYXe4c%5|P
z!*7JxT3LZ^xw6tzhA_2QzsdwPuk?3+MHX*YN4zE>vv~?Nop{ueoKBQfOkKmoaI~n>
zzx-;vr_gm1Fvi<q_7&>tlVE?MX|u~-7OJJ}X8&v~hd0^3{!^avFtfPNo0e<FUq*ME
z9?$74&a-OXOMP43k??Exi^giiOF=*EaPBRe?@8?5!mJ;&x486=17L{DSv9SKAtJft
zw}4qdtSesLqcx3d?u=M`!7;Pb0@fY#(~qlyfzG0n!z=tHqdBP!xhOW1OKmrUz8F=h
z1r=6)BMo|lT1pi^q*I=b5$AZts%25r{ATY_ApVb239pAhZ^FLEL-wn0cF!INA5}JM
z7!zF{MMYwiRhe3}`TjXPDnnaZz2GP`BK@59TeU>iespoJ+MF3eOv(I8kxi7m8V?0q
z?-t`S-X59ra8YYv5Ah`U{%t-_8P}+0c>2$6d|S{khC~KOi0x8XijGBB2B~iF4m8QR
zVJ;h4TsA4w9i_a~TVB{%Ez!iQ&rkLScfI+@>1!?i_jfGo2%Y-ME5w67Dm(Yr*GwHq
zt=qAS?*#q`?1L$-cx*B!W!f0n2ye$o&FFUCZ*Pt!v5hr&Igp9no4R@QFVV${;bY78
zU1@a)znq|vKs(|QyBS*+)L?_?rPW9^{sMqJfkdjJNIw;`Gx<!gM;WkA=03D5ovkt{
zyyj&}`}Kh?$oXu{J5$T2`CP|hJ|fIRSrdqSu_iy4->KRlyS#{Rno#k|!!_MBl;B1X
z^$FkCv5%8*xV~On(?@5;&%2<@d9t*DoMny%LpJGww&oM-3I9HvM9suD=Nz{dF$_+e
z(AG>M)ux<A+&WBM=-Cc^`NN^tZyWN%r+4T#AJdWHeZj(Xni6fbM$_)i@>sYXkZSsZ
zu4({%Ehnh`en*IzSCvA$h4b&}CrX=UpWEf$EVl1#eO2DGS8^XpE6|%FdqffOP=H)n
zp-AMr&liQ`Tyfu5Q?UMU?7A-YW=-4Q?`!e;j?v%!NJ5Njn;hLj74Zp7Tg34+H=$vK
zyoU68BOJ(h)xjgG#b7RfKHpOH=frt%g#cnPwZP(r$K*et&8c$*>1B@r?V>gZMe>XK
zUlzFq!G!`hVaUiy=D0{LscmK^z}rS}Z?Tm?j_BjlpTn*LqG6z5EOOy%&A8=sL4Qy(
z&Zwxn21a8oly~%A?S%CR(f&&&e1K29%*O~zMxxZt#40Pb-Vc^CD6_Cr%$5x<4p$4d
zc>A*b+?Jo-d_&vM5v!kbA>+H?U>8ea5K8PZRo|zS=mkA-`;jl%KThgI>3^>_$lrr0
zuIQ6tV>qIRh$e2Q9~wx+BBoDmw<hT4oMsgfxGKc$D0MZxL7tKNRqI#38tq$RgKxE-
z9s~+jh*{Fn#*RY!>Bg59%RuR=^8{{+6_23?TnM3JIq+9<)rj%FI}y7IW=F@Tw+k2@
zcaW9Uj}8A}v;1gWnaJsq|FYD?B%EqnIr6dZ(O+ajt6(_Oe%N@Ugg!hkQFOc!yy`>J
z%l#>tkx`Y6YiK69TP6N30wmV+H;|4gVw_|_J!S-QD-#2nOb{zIV9^@&@_E2H3^w7A
zxs7>)((C$>hi4JfrlZlz0MPVNBrZ(zA8gAN9kArv>)URosLaYl43yZ*%@UEfGTURL
zW3e0`+Wk)hSQJ}FaP8(Xa+PD11e$N5G^9si#{uDNpZ)mtA0c#ZZRWn(9F9$w!%{~7
zm2o~p(-R5mpZ|F+4f2xMdX0I)vSlloVDu!W^T$``h3>u!LR0FFAMC>rFKmg|JF58j
z$H}FT?gh)NPiyJpvC?yLgOER+b0sA~aPWQB@;6Y#t3cv^@dl7*%U`I-h{2+$_*5iP
zP|ihX6^b$N4S%ZfRJU4ulksqDOx84C%Z=S_2r-ZIba5|w8%^{`DG+hv%6nz#$gY0e
zbtBN<7Rp3-r9d_QY)6N`=i35JN^9xH)Jv!WF*(JHh?9l2OoBk&_7Jx}4HcLWzb%$I
zZsKZQGQX{HdGVU-f&d?aTuVOe#AlUg>6|KZ-F@4hzCm6;#d$i1NM>=wYoicy1AIJY
zV~@D`?9T?}cO`t4KF`<-z}5!HuV8w_b21qb)ww1gFL*#T!JpI<RW62?GRJ-p4cI&M
z`QM{NiwOn#Yaiv|%ec_$+>zPduTi5wWC%n9y%!(HY$Mua1Kz#&J|s}VJ{(Aw`lxUf
z<}Y;KV%02Jy%T@u9Rnty4Z$)PV;PK__@Wr9vz}W`m9`VMd()UjzNL&$8^B`3%FtXD
zx;^n9WZ?DYo+VB9fk;B?YpKWL%4=WjR<cwyn=Yvuu^Th63bf8ULf}BDfH4-`*jD6!
zujBhtb%oQGSyT2;iY_aB>!kmS8@$Jk*Fd@G<7i&-VP%X9_yu$%QDpIC{SX|>^p^WM
z5bJ>5LV$MYKU3_M{02Bi!I4rWKsQck7LxBd&5B?Q1B5WycfCm1uj+Vi@5+z3B;J)2
zGmp#Im4-#YIUcvki)3D1Pq@zs#A^poiM^0i17+QL@;>S$Gu<OXwxjmWMJEhRYRP0)
z6+SlPl4()QDiCX2d?#RgmFDFc72xX{C`5n%HU4FSsGrEg`|Z@T*xe9S+70M~GIto(
zqHI!LyYSpJ_|wGhZk13@?uRz^%7Cx6&D7s~>2tU>f<M&BGZk3&YeN`aOs{szAM))9
z3v41XoxlD7(*)~jG;}w=R`~@2v|}F?X5ul(8?`x@h?`Q=eTz#Ri?U?PK0;G!+2j$A
z@c-I{i7->N*W~wo3XpXCz5)9wZec!oL+y|z8J0OS2M6{dGyKV^lcm*D6N3$^cYh6x
z&#W*2Tk?MPk{}5miru-LE>~JKbgjXo_BfepeCUm)`lzdUwg8|F6*gt%H_`AqoD1V|
zP?oUM5s)kCbTm9&u5nM#BXru*rWPODvFMCVecpcKCjN{)6kevFE^gBv`=AJiFISL&
z{rQ1iyxao`xl9>z;@z%zKpxYgmVICO@MLQDDM!bRm;-uml_$>6N8m$<KG5A?V4@ha
za*r4g&3WD8G)=s4yi?r9UNw?IABQcm|C&)S#^+K0W1;~-vAlJgNH@^ft#TftoI4Fx
z^>5Q{)G^MfY1cfkqT|)&N>7c3>)VcaIY^rWMhO`0F|R-r*q=UA9Qn3B+25)~@rD^D
zToh#=PO!z{NFB9`5#k_L`{DQUMf6=32krqCpJs{CO=~{0ckf|#+#9Nmr>o<}*JnU|
z+G|xyu*q6MqA6g;W-2FGoVyhCN5$X(D%T@xdL-kLQoJ4KfG%I-`MUEY<{#GUAQrJ|
zKa)A?dsL9)Q{kZ#+cd0Knj~2@m(~?_K4@R%7Hqu9B0i<EI!6WuVqfvyKGCqIx=FQv
zIUCE)=z4|P-@2enXKA6Fj0Jg^$_CS-d&ETOnY(;1M-+7%ZLE!MkwklQj`t-Q?)9rk
zI;8x$BZ*BkE#?IkxK#lQqy14KPS>CQbxZ*A+mWQohn5xF9mqT<IrD6MEmzdcQaUGi
zv<yp_?Y{rAcuF<;Grl^ID=!ux2iCYXRYXSqKD&H=Q!xgIkb!zNJ_agxLjsZI(|$K%
zM~YjY46G1fYT;_-)O+_7*Rr2bKUyGgAPnrTfp?_4=ux*a(4)oZnSz_xB4aI;qk_Ak
z_Yf~F08jM0;9nDY&s%Ib=C$xavB|ZYKS<E@H2@Vj!(=FpH=N_yvq6VK>0);-VH7vI
zCjSR&;8XX=3$CGQic_;YPupsjnc<qM7|413pw0IUmcbkT2S5IR{em>fy+eM%rvqPn
zUNI7T;ooqM!NWGY=8Js)&>zPbd8JQaV);W`Op;3}YN{rl;sNKt><V6h@GU_<Icz@9
zx2{CB6WzQu3vZMkYy8bws1zknwe$=1u?ihow<Lg}<4pmz4gP&9KTgGwu<c8c?MsL8
z3@3<YdKbrWAWvQHY&n5DhjHYwse9Q>;pB(E0!EArYx9O3cSW5JVNyX<PNnNFum4_m
zp6HRw`Vx#hXR+&R&RlPVH>xi`VL@buRiPgCKhn8&B$5>X=y}PFREX*OdTq2;?<WGU
zRs8-DcZ}h;xqdCl7YC6hHS(IBzv@^WadOuuswwI&-xv$7KebeYNNW|c#yxs$GDYq4
zfQe|n;ju&Ey3r<Hxyo(Mrtf;&>C*<ZHwQ|v_RO~A#{ndjFY-GpSU0;8^@$Ea9mZh#
z9bJctS6SK=xZ6spH6Mvc@2?vsg<j2XLst#AJ!v)t%eRyZWL*qF-A_2CsqPKMfT1*i
zAAX>#m2;NNvV(LsK_DpNFBkR<Dn^XXqe5dBMa%w@KlP_S>3s+AegOHi3rnKw1iaaQ
z3_hBklAo+*++-9T4ZITC%%mg`Mat)SzS^!XQKq0}^{wffn(}XytS!{=^D7KFy7OgS
zZ*B{V)y_VDA*$1rC-=`gkDUSR&~R}Lg=c<@xZ**sh4v0_xiT{<*}k(v#Rp}*D2;8_
zF{>=`PwhKLjnHo%w+e@dD#mBOziX^tMY2)lf7jO^pE2qa^sI@~k?gtEjzo6g4JnhP
z(3pHH3G9>nz&r6PqvKp8ne}G!5;>C%Bv$$B7d;1u&9|gpR;wC*=x6UaVO9e!Orotv
zX&|xCCpyHgKdz)VUmomz+xVKsQHPiK7dwS5k>=1I3m`ZrXOh2RHSJa@J)Qfyu5^#B
zd_lB~z_*XjcX<G<&40amkx~C(Kv<qxBUGS;!iWNWN;-^-Iq-L^ZF6=ngffr;BZ1~G
z3jW8Q4hw&u+MW{k`e5jSwf&+MigjHa7dTeo!m+(2P#n2DER5&T-U#{}&Z4E{)|MOz
z+`NR7k&=Z0X5&99?!F^8kb{m0y3qLaHnAS;D}mWTnEB5_>gg?8u<P64KE)13G?XV(
z@~STDEq>1B#vlXT3tBO+kZwYJWu@|oBI8$W5j-A<r&Ft$lQVg?gjZjhv;}O2-4cTd
zb=X~?Z`T^zd!u}G9-PYxrfqFuUV!UE@HB4cmM(wx{|yQbOHwQi)s}v5^(7LMeFo*e
z?#8hmzmZQy1}t)lH0i{Fr=*+}dt_Cb=toCv^fRH->`Z`x=_A1+b-JlD+mA`^x1$7B
z%cv^y7iK`Fa8mRHXGLZmylXxQ_Em34lUl%(c~3plOG=Q%>oE@*%riRtTzs^XD>wI#
z#q5Ke##<yk(^mEgB*n5{Yv~0_gnIkQ`8Voqt7JS@L^QJ3%k$u?NK9+PG+|epQnOs7
z{&ojeO!38VvP(s6Qh$Qhg|<TwiAMq*@iSxFn|}Nzo|2=}&Yf^do6oCVLL6N<J)`Kd
zzr^qmo|u%astpY-3-7*)#`{GV>iLZRgE8GdREcB5w44b-y6Rlce2E_txXY%P#PgZ^
zdE^PMF!kTRj}7XFrt}WCg$<LOO0f~Vg66F#lS*>V6Pq@;qPh|F;(BQpPu<Xk905`s
zj%Q2Kbc{H9plHlogeA-^wm5MJDlx@Psz)Q@=|ouQA`|Iu_#+7tL*z$6R{ixk0b+1h
z6__sk==hZ9VbAviuE7XG^zfRf%?B9Ta%lP|-SE({%xw|-0>~?qwc~Vz=i}#hP99}Z
zvCkUdVXJ=vF>f36Hm4<=KkGl;(*_8z*%ms@IP`gi=z%hXQI`F9H{lBb*=5RH=qdtj
zzUEdLvD5Le%cxQV^S<3leaVtE)PA^;c@ei(`W+ODdEpLBf5`Ow+`HABa&-Rkcy!NI
z;Qd|&H{`})DD3GEPGoT!Dda{n2>d+W=Yi|{D~z@~>}m;!^hOu1*hdYHYqmHCIP0fK
z5`#Up%hdQepzBdHQ5&A&trKR;UD5t_E&c0-!;`TG%3O~3HPKvg#pd@A)BGz_U#zKn
z$Mjo^)E_1qnEJif3#Mm}UEdGonbi`9dLP-Esr4Vn+q+Xpk8=l73&OkE)S1it!mzWh
zcq8gAH`_$*yWtN~wk=Rg2G#fDA(ac4i4>2vw0X9_E947V6*w8n`+1mRu{7zTdV{XY
zhv`4R?aXRJ-V5<>DB%T1i*@%w8#%gW;qOP%C_=%m%<Na?sZ*}zRz;6W-Z$c>G4K4Y
z^SS~TQgB?s4Deh#A$4mp`IgCX)LYk~o8AgG!O#4z;+ILf?ugu<1~Bnpd;ZjPmnzb}
zpuPIcwD)2b!SP*dY*E-B#-)>pX>ExA>~4)yDL0AVVaiiea+#|wW#r71<pQ3bJl?~T
zuuyvl@v6_<KRD0cvKg6*Y&<Q4<hh-MANs3CKwyP`t6d%K0F-PZTgBy>r;P9QWqO!s
zcS^eLpnBx`juQ8UhB(U5UbQtZIF|msKwdn<f=brQicm|jjBOb8@dpavN@{YrTcQ-C
zyLPxun?%$fjZiM8FeSKO*>ckzf7#lQ3ZIkz@MLmsmspaMG}*ubRV9epj3>U6TJUaV
zC#<T{+?c%B5(GYf_$%hc^3G{)fN*J#%4%zS2{h_HCUoZ`qAK<(7QD58AVS?7MO?||
zJ>!ffGV5Ng3na`pyXl`{Br>~n96b~d<l&lZQGm0Tt2;X+Y<#fzvszPYwHFnH<-m*u
zrZS0)H&QBhWIUn>(uwRVa#(2oQl-C6E!x($odGiFrkZuGYO1-`oENPhLwPHF3EBMj
zZK~E~-p#0y(u2ZJifG}YyYVJo;6D|pDXbC$#C;60gr<N4$JGaZ9(I*X-si~6#E0F=
zY7Tdq%9%P#<IQI=z6>{;3LjW8TcfFZ@ylzKsK1gKDHv1^#AW$0mSfVagmUhtC{wVS
zjn2#7>c*hSM~-_>!)a5#EWs<G-^_WEXkG}kB@upocuOPv+cp2!+&)+e`>-RhFCVaf
zJm$kWX+BW5QH?B-1ycO$_J{{Wm_Z&lg3CO;e=B|6<nuH`rL#p<&fqMTv+eFoGVizq
z50m)|@=Ub;>_Q0UXtd*sWvKV(w<1nuq=B(uOBm1LKy)>SFYO<;xx_$Jd?e5pTfOJ|
z3H&NS=F7FZjn#oUM!IhY_geVWiYQQd;)SjZTosYLr2m*#M|qLsEQTo+UW)q`xS#*1
zb;ncuYChe|g!oZwzY2sa%F^FVbfer$oAZ3fYjt|)fR;Du^+LU!2f?#NA@k>(my@X#
zrrAc-=BB<1Ta26P{VTQD@)H;EXJmi+&9C1a$XmZ1$QtVCH-{uzWfQ#U)%MxvLUOAr
z)Vc3DGb?QwQJoMYq@#S+bI7cNhVmEYXqD+bkry+zN&t6G@?Q5cA?agOn=2ycz!8y{
zc4GrVM11O&7FO@RBvSoo6*tQVQD&7JB0jux8X*SM3M+8s*MZ4RBgxsr4df)wBT{+S
zK*r2OvX{{U2fJevpuJsqKcrsaehu_(|E#3!fZ$_a?aKta5o@bx-_OGdt#Ns4jGo&R
z0)q>?PftIu$w-nMT1ddRiq4~zkSu_)lI@Vv*Lb*3=cr@%YIYQ^Asr1!8_I32KkSF)
zX(DmCrjjhSOt(0t3T$?7oivp-&(h4G>U#lLd8g7y=>PEa=kZYe@BcVn5g{bmvW%!?
z3z414o{&TfVzMP<%M!w|WGQ<kWEoi_lASDL-!r!C42JC6V9c1AbH4L@y?>wI?fU2Z
zF}FE$=3M*Ze%&v`#q0OJ%jq~;xocx}bph3cgTE=)Z^VU-c<@{{J2Cya$WJ~)4%GQ^
z4*j-jk2(r+4UG-l%ZXrIQcD0e)>QjFsR7kttZvmFy+g5h^K1kt^nEJ0J<P`TQY7yJ
z-^<3FB~)mWiUDcd$n*Zbx<snN{@0(WL%}l1BErBV=HBh}%{JxD7$&ekE}C*|jVwr(
z;egP0t=zQrxC56Wo`}Y_pO2+sdh45je~*>`Z(j_-KA^>h91OThvd#i!1$mCNDGK)g
z(pY$*=tEeTTrTXgo|ZOIt6M!m{y813QD>R7QjYcJkf1nl#xW`PVHW0ox4Kjepp2iX
zq2>yM5kEr?%!Z$ZO?<6tBB*i2Hw#5qO;;Sf(H5zhI5ro$MSQ|o6zACZ?(@v|9z5o7
z_!G*aKJ-EMQ;xj!>(&GLezCN{RD@MN2l!dv_+A7q--EC7&E@(MbRY#bSsQ~-(7W&p
zdRfgWYM!zB8{7Dn)nWRHsx9*AyINOhYEbrWjB7x4g2T#3g=+@?8Vt=Wk2PMa2x(3%
zWe^4PIJ4yZBO7mR9-WdnBl@V~#vZO}nCo3@VIo6PD;iO9Yr+3eGw@f&IOo-()^^@;
ziE-<p|L_sjr6t3g=QpUgXMb3&&>p53|8&9sH`}tYNvueB@}9We?0U9s<p)kVUfHLn
zN6J@z>$kGPEo%mF!<zOsEeCijx*kW5?=KqJlR`YUJ{9ymc6wJi#@c6>&nWx>&!Z-u
zX|8+@xeldW58QU-&C{w4otDB4|Hw{R+uJo^8TsbLw<cXxL@+9TB~acnwg-anc~ndl
zi&KubRk^Z!p!OPkW;!BGJ5aRWXYIZF7#f_}KR!kt|KU)gY|5J16Vc=s`88Z6{6{p+
zMH4NfZ~g3vyHoq^`MQ5`(dR(^v>OY79dH9cB0XhFXW_xW8Oa4j@N#_6m-kFy`T?Wq
zb*|5nmKWk?&xv*q<D>VIgNM-{CtLQ#;^R#+l2WU53WV8+s5|BNxKRfd|12m8ERfT}
zT9%<2-Q^dM&+J~@s#_Te$IGMUdvQ(Ru%xt&re;%l-+j?Ict^kJUFDo(6TYTz?`Nh(
zZ{?=~;jdK%IAHxAv%@-lS?hk*vuU4JUGBV;7vcA8O^0Grz7<Mmb1V?%n1f!F-=#g=
z{Hw2Aa}B^XZgw>~oSbf%+C|Zy*o0i_IgWPv9W=^I?|r@~J<bjpw3<&?rFoV)6S3A+
zhV9YTh+2+2#AFZFWFYa3#!%_)AO(Js5OHl1<#F@=p8F#Faq)NEl}{|<e_zJOy`0RB
z9Ml^J<_`}rG{<wo#<8^O2WOBUZiGwbyOe3sM5<ni`4YspfD+0EUi=gcd@(x}zoi@u
z@-D9@Tg^w_f`h_s38LWWof_ld7qJE6j+K`-$zi%4*uJ&GtS8Ds@t&q6m?hZ2Mp=!5
zv6Cw)G|wHY-2XoHZPhUF=SzZkdjAaE;Tye|rCvd)#YGMNdxHrXpt&!XdojM}gD81&
z53UgGiS5>}u1s{gr`K^fzl3R{_Goyd;6GUPkqyTWU`b*g-yjOfJBg*VeXzEcl28i9
zoP!q}>iIt&{^YnS81pDg4bF@!`C>o#Q9l#cukL51(Ci(eij|S*03h|u=P3%N4bP5>
z^ne;@_KvcF>{?6K_fW6J<1Lm6U<qI$^sXgi@_p}=aZlyH)D$TJg{Mrr;xCV*+f{z8
z_o9pwx4-emFMjv{jTYP&mNMkKrX!6uQEKT^^qq{&J~^#-b~~)eZbO#33_;OeOf#x@
zoH@x=v0%U$sCxSadxN15Hm&ygfD@!ioG{k3UJVbFNi@_WpSYiTxV_nRCE@xFG<UKw
zaj6zXg>Sako*e7`11ymAm=Tx>)}#nGQoSH9R-LlA0vN8Naqq(2*QfpiLEZX{g$v6+
z65y$)EsBzQyrWkLWRkz>Ea*F~NxMK6-Qbidbu#FS@q;#xbSknKJlTfb6P$j1AL0$#
zT4vo}`2Q0{4Du13q}GgYoZmQaJyC(WC}QCHaNq0UtAwgsY=H&$OpOzj#?M&X<w1{?
z-XW5smGS<g(W@;YjHCM(6}6bq)fyoYw`s_l{xzScnW6O%ocQIo&n%6E=#=XWf`NgB
zt-X;iRrW1sIzBWNh8okutry^|gBFg<^4%zb5ka@eaNz<h@+%u@W0GtAeP!m8z()C4
zmK<(KPoQgR$Nm0ss_?mWW$2FBZv5r^dltA+gp=Y`L?&a@RcDHAyROpf!@A~f-h02_
zMM}liESt}zNPT+9ocvLm{kq{*AD2g8KCBqDdnOv>b~1zqsl{C?V@`TaNZ3|6Os>lT
z3L1CjnuPg=Me^>hTfC&3){fL_I4nzm=ni*;wtt=K`;K|-aZz^y>Z|_R8*deRCxI92
zFJ&W*R$FzTvKH?(>b61G)?0#kn7nRKI#UqXMl5!5uWYV;^k7x0FIt9u`C|9!O#Lj?
zdI@uB%N@;oCd~r}a}(}_`=Ih`!%B8JoezfU&)=ahDqa@CBXNc7Xu3i>>inEEjpi6d
z>M_A2Exbo-M4Kb;KBk_DMG6K+35IJK<e3y;^@Zn?qbHrT*x$i<9e;93ncYdCTl?!y
zJIz&17T;EKp30M2h*b>OdWVmC_%TyP?rfu=bBv>#tZ=ybscU!Jbm}(~QKoedm@Pnj
z1B^OPyz@>|I<oNr=0XMorr1A7drLT3<-~mj5LLcfuR$kO(oW!4iQI30JAMD|n};vX
zs4n{twkO4dw}iTmioR%Qt5)3e-kp6Ye8FJhY0OuTHWocI0rCGRS4Vtd+Mb-_oUMx%
zm-e!{$^>8KT(OQ%KY7~cA_YeaSNJQgt>CWZ3DF16AB-a3Pa<+|AM?mP{BjeK?^BVD
zfIPIc8ph*}RI#^`c~gC}4ehBIu3O5QM$2Dc(6;hcdtB-%L%FijBkxzRat%Bp#ICKj
z!O>QZV!=X{&ypjfH4E%8+FQs6t3rIFmk#dQTW{8f9*#@fqPnqL^;w>j5Aig6ngL4p
z0vOuiT!NDj)2cL!T~@Mq3zL*jW75z4rhBCq)NpMWsGB6ruG6n;-J#A$3NhxJ0xL^1
z1yfFz&O0dIiFv7gJt^+>ga+^q#!u}^xvu=(n*#D#TC~0Ps6eF3=*cqk(lBMbi=C{I
zHsup9+tL9hwfMHnyR|MOW$=G>S%}REE*V*pED)skju*&@<f>-mN-$&5gt66bjsrC6
z%8_LS@U5h6_=@1Vg{d5A+1QM-`h!YA83Fq&eI-7*NP?p;dF1@%*#~-8E7Y@mW`F63
zyt+5V7E-nyEe#GYV%pp>1=PvfIelS8DLa~HJg<hXH1m#^iB=b<q=<AGf3Zn89{J;`
zBk&`Cb(-cpAIbU!(?ZV0Tkkz`zaqhtV;SB_{I*_4aPsv~>WXLCFK{x3FT*L*gan*%
zYMHPb9Z5pP3vG5eIL$|&w7w!+44m`YzVe=a410vJ_qK`T`}AH&nx%XVPFhNVb3(pk
zN%G@Ayn?o<s3kb7Pz74cjc&n0x$ZQ<A@tZuaXgfIdS@-3_kI2}`9}Ae8URhbz_Bli
z7|;c3TC*X^K^tQ{+TFpqCy)21>R1q+{&RK?Z1N-KRQ{l7N=sLv^4+GmSgFQW5dFfr
zbl)EDO7=82F&W`=V&#P6_9wp^;z5zScYgmA;^_PGQIBak>GQn_x}Eh($2_)&-(`hk
zJAqfkUEL#OgnKt+L4lp>_HB4<bm2X4*H5>eCtI5M<agfGuRfJz=P<<cLhWThcMDah
zXU`DdbBib0mJ!i?ng*K!<wdP6CkR~0*Rzo3fcvEK&<9gL);lC)vMI~!kI(t+#1AL6
z|8!+-@P!HC`yc5<vRoUQ+(bq1l|=wEP`s<<b5j%gxx{Yl{l1n~zLA=gy}Q4tOF(<r
z712T5gKrAwB^mt-^g=ZtmUrjJ_EkL2;f>mVoFG0NTzvKUs=9a>Y)z4xK<zmS=W6T=
zCA7sqlT`B@8>`+!Z{7Fas(koDAV=~GW14}V47MdK0v5on8+wkMaxOj3CoA0Oe8y_t
zz2v^|DE~p80WXWh1mBl$i^@Liof8u14^_F%d#AZ&XMYrde_Pq=h72#%7-`--#i!80
z%o<F5Ei(PykT-DxA#?)vnDn?T)bcFf?myDgP3%mR`U3iGjmYsGYv1~AU7L)nLO_*v
z!Gy;UW{r$)d(tv(nKQVync7l|ld3sfU1&HGfyke5ZU2FN`!uNJK8IIgu&+U$47qCE
zEu>mRGzFo~yap429^q&YQMvH{j_*2}$f44v4VLgSFOVaRvbklP&7M+;Qi4B>|Epx)
zL8KPC*S_YWEW@FT?JNv^U*f2|6*^k2*;p*|NB5SnJ9Ezrh10y+N_9-O*3zC=TPoTt
zsDX=*PmMokOk-8qX)K#My%*u6v_8bp;>h1vqCL#m^mT6_5F5tU&!dSoDs5|h;(cHo
z*alcD8>N2ahvcrQ2!&Hg5T8X;P7YYBF={8&5k(P~yQ(I5xc<lI=6i$Z{ZBFJ1zUVo
z$NH!>STP5|DC<gl^Gh$%@j>2f@4dNrPwaj$a`wbU|GWOM*^nUuY8y+twf%Qu=`*O(
z&i1GBUIJ3FNVJS2(T1y&o#aYPSfx1*t&B6L#c}E^Q-j7<&?!jr>)(k8y?L>R6?7Y_
z5$@%iDA%Y6B#G^Xv!A)AIZ9OCo7~9pNN*70iz3GE(6d<jthqi6&DG@BBESCt`Qve0
zPIuSepK(Vct{TS!0)vbF(?Hf}udK1s7n%!6JRWktD%FWvQCB^^FS6)=`lq@9%Gv@f
zLY41xyCfTW3wD8#a-GVfgOy%m{i*JIE#)Y#B=0{$$w2IagBpab|K8r6##OEVq#yq2
zCYPTErF2@>0aq*W9#GH&)n!?d{`~E0-}f=3f_s8Ez{2*l!Ol(o=(>{FN|S0EZltRJ
z79rxEL7p$T@x$GTS9=<0yu<=&KN~MebGRl{_Y|{`gw3-qE&dt_&~W-#*6arTC9L))
zYgLB)3Ut{kU5e;9qq^Td0#zTfj(WO?1vie?QmI1IKEQ5kFGDx^wep_SvIIQ#JZ-=8
z-1${o`6;ch6Q68o-mW(c<apwi^|#@sDhCpl)>dpB$GwG{hYk7g5k{xTCo$vEmmoYn
zl_l^_2T1y^Y}RLM+TKh7itP}>_}+tjmkq+P=Aqpx3$-oD>6moPoyV_`{(Yd}dO;(2
zQPj;Y2Uz!e;f%m{>uyzQZVQ9w!?2~y%hNZ9ZY$i>)&(;C^Ulim@P(fjz1OWi-@plS
z03jdMgDi?n>ciZI2!4MpGDPnyanQlVz*@p;or_&AH}pPx(|J;&!eJBku+T=OQ*yq=
z!8$L#f{k=#JAgVX!0N{-MvX<@FK=-WAx_|G0_!yt7S{_K^_XXT=qDyS{B!)SDES&8
zn(})XtYqnYaS1me*V_YY6N@$*neBPVa@gyFGb`wf5)l5qCsMI5a$bE^&y3t{HdXe=
z?=(v<{F=#9$H$vimqnj878kI<==AXakip5+xz7i(x_jT*$2;L)zrMY^{wd9Y3fMj8
z74+{k--1rd&QvX|h>%XZaL~ivXKC$@Em;-mY6@Wvo*Xzs#@weYWXc*-e%Uj~2Rrrd
zk%31YAoC$yjH37Jx7|cI=C_WpBEG>1lUAG_PpPXy9sKjZJHKDC?%k@i@MAoXjYZwF
zJ(uZzrYcqkn<JW?DIFMD+?<caT^u~UDlL5*l_e7o8wmNerj^%6mn8~tYpBOyPtk66
zeY0w)Dm)Q#d)QpXtU;@Mi|<iMYaGwjsyZyd|J2M}8X;hB{VnM6Gk2pdPgc_=tbp4)
z$juC5;{o?kkD&&^QneL`gRe;|NL!?ITiB`2VKm^DcjB;~PPWwjJMPq=lI+@(*J+?&
z9d;~~3(Utd5l54J9}9AzJhx`{9eK%=RZrnck3%|}(Q>1=ebnxGz?;v$u3v3OXOL|N
zOZtEWuO)?x4XoaCUqLKt5<O{$4_+@UT+#oWh?A(kBw=E7StwauLBmb=OYv-iD(zb*
zg{}O5FNJx<CKD&xVqu@{PupKoj*9aI!Kk5|Kw}}kNID);{D!BU|2q*!UP*coJBg@U
z6Xvs_ZE9<6_X^g&4)EGkw!T!xn|yaEYsGEu&e$)$t-N|xzWX)%>(T&Md#P8<;}@(T
zVu@h<{VT9!anp<2EXiCwdZX4%Em9wZ^ZscLR{o@7b9zO7sCO$=4QvASw>s@Nm|n_G
z&*T`fR==HuY=5mP?QAWo?DF~tv87+Q3-H{s4+%8S#?YVF)xD6nRD0^64Ges;%KB}j
ze&T{Tv;V(Z_$|R0OFH||CEcq6BJXsuRwGRFG2ukS$xI35wc+EOvehJ$0airA&L%3N
zY<o568Msd^{sX&5kW@lVeXe;CxDYP@2dOke2htsjyld#$xGazu-wypr1C+_({u&YS
zP~08UfEHxkFZhxsc&%%yhDs^=$*Yj1FG~_>TQYQCexw(3N+6o05C~xrY#Rjb3VUh*
z_Z$gWDxDde%9R9UkbO?Ne}#6o0~!#mh*2w*pP~4%8H=A{_MPmPd1|&&gFa<~U+)wu
z1k$kc?<^?>$UjAiwD2^2d$LEz^g3)XW&aU0gu@|ju*;j^;L>ILED7OsijP7{Vwh;3
zJV+>F_@&97T9bXVrn5BxNuVOg=a(4x8)IkV*9nF9lb^}|47Y<}F)l40=FPUQRfpZO
zk1V6)#!l#kiiK&1JH4f4OFgK(P)7r{21R+OL&YeHLEh4JX4x}&&`@F9Fv3Vt2_~7!
z%O)&h-#5l{`h@;=pP+X6bv@dd2~2QV%p~I_Aoa|bLCq29KP+H#c-N%f$$Auw_hfgd
zfFVafg@#pQBahl#Q=kY4L@%P8ANBQi><b?ao1zVqCg$%1cv)W9l?r(C#U34uq(T(3
z^ZO^_Ou>FqPdhHYAb`28O=i&JsB5n6_<%au&>nd^Mta~Sdsk@uX*e|T-NJ;?AG_CP
zAp2Qh@;}g6@4Ip>vyVsoa`%LPGJn*%ec6jZ9d-N?&zsfTD=tL#RV>bi3w`%P$=|vs
z?I6G2%8Kbj(!>1ja5gEhqqVdAgMVlB_g3)5l$h^)?A%4Ox!wFmQ}x;hEu)j&+^>jV
zT(hitMu#=@AJ<t(>P30C^q*8SRkOyV+|>JbS}`;Tmtta*U@OZYOhouOz2N@*v=5Ut
zxzO@?<CVd}8j~?N|7rWCISzEW$d}Qhy)_YOhji_RWdXl~w}m3mvQOz*-acGMz_34^
z90h!4@8hS}VE`W5R+75cOs;q6FGCr`lXjB@wJlkAlmwFO4MKDGaB#^%FKbo-VO&ow
zO-n5plg`e#f)>}i&<kUcy0Hv{ygjyD)Yh~xp}EWL96y>?7rRlHGX_6hKTlIfduu1H
z_tqN${@w5A`3+B92cLry{?eo-#Z`Rt=i&#(-O*&kIi^`}dz=MHiEmHwMGGsSob#gp
z^Ua?e$u}(ZSYT?A(Ls4j)G^8G%7P`h#~s;A1F6aaY(U}SWRxkbk8D5fC~p}hHlEVW
zp=+_7z!TNU9d$Z7;|OtEU+Sz33zem7y)*4J#j@%~{KXJEB>Bl%UimuDcB;Q4`D(qh
z(L(Q!n=Q_O;urS>63EX#*jW4U*3!Tz8i&t(h$LfT_ZnOv^P{Ty!w6%MQ>HYeMLj+M
zPX#b~ga}coQ1X__tn<TOopqJrSEsK2<>{X7XT)TzlQY{Am_V$F$gE=d1zvx;P>e7h
zgNB?&@{^Ae!<SJJiU*mm6UlBQL=)q(AR+T4I=$<BSg6ASe3s)I1UlB_t-~{Zc@$Gu
z&AT^)*6Ja#a%in<%nzkE3%JIP7AuU|t|=*JLqEA7PW7V|Dn-*-wDib*Z&hcz+z5f0
zTj&L(1J~&%G`|=$T}@h~tg9{vnI)OilMAW+kqixuYto;-HmDsgSsQg?uC@Tx&SoDA
zk$lAqB$l?W%$4YhVZ>ddx$p6NC2o&f$My{tqT>fZ`=;0nENz1m%5lnqn>2^*J|jr_
zhj58NIHlYqm{`U}q6v6OY}66k&`qhU0!Bjzo1a!c@Z6UnmZFDFkvraB?9Cy{t~9^h
z)zJM)rL>S|8bXwAB*!(M9XU}~*ZmT9Qvy=Zsshh#SU&r0a^~<ydpIT!c)QH1@M`Y{
z7XZ=YwP=;&e@(p~!zKHT(a$%sfg&pBHGiL6QXC0Q_x3i0@kYkz-Ee&xBO&>6b|gWS
zG|)~h!K7{;Qb%#i{z4nc{rw#b!X^@CT}G)wUYK|4xSMWy1S($zHk7oou-HDNceE``
zsX9zy^4)*yvE>yzcC)*yzh@021-RLRdKBq9+v5*ba*;NUIu4L?hq}V6rQ+{A^!SK$
z=x8_MJilUqozz->;3H+cQJL)zNC=0a#!Vt(h3B70)uU*UIYl~38#CPj0vT`Ha?`%E
z?OGzGJvOfG%i|wm`@C>XqPs-bZnc6<iXAm)?d#H+%*aq9QJhm!iXSMn0KsH*s|k~;
zdgmI4dwZ(wdEk`761hPpo}N3Gjr8rKETHs9ef+yMv)bcu%3QR>?JNAG8%9&0S71-N
z=!GfhPc7uQYjEoDMscYNzIX8EnY7cii^NHdmK9MkvC}4Z5{)>KjOQ5DbsS7jzj0ts
zF8nUovvcO$xw??(Fha1sh@i?<w!1y=UVU<X0eTIVo-}9mUX4slOw1Tu-rU*P_&ry<
z`+BGJ=SIVwO;+dhV>vN9-+6TPuOG<L4y75Cr$OVMN6ikz87Q{qv5-~q3xu*LMhjUA
z>mY`9ww;aG2+d(o1}FF@MDq~!K=ti0Z?)-_rXeWE55<}%B>?fLZcq<4{Ic3&kdK~N
z-kt*se`sqWISELz)9KH0?O9gLfq3P{Eu*(xX$5sdpoAN_n>5jx8)qUMRR~|y8MvY~
zGq!W*M686o2iBWyW0v|5^^g!Wd@GpVA6!XYrxzIjRxzB*zz2#rp>kojm?C*1CH$FU
zJS?+`A%lf`|Ng!LET(mH>;S{BO4NgJSabb9;1$qs`p0+*q`!V=JU2SX)k@I;vZD$O
z`@Qq5`8W2B*Sh;-pl#rZA>=~7rla3+Wo>dddqa@U{)vXK__Nl^y+04SzOxBdJPxu6
zy8iw*wZt#HxW#InQ|erAp{sWP_J>+JvrN~!E<Wlrk0nbU3@XodBYsBQuB{sqeXL7L
zSAY7^Uj%FnAfV$Z)6o<PYXZxBgevrCSbuVMHfI&R3xW7PrfUF#`0ow%;7js~RN@?$
zbf()Qum<C6Kt<;daO-w~XN7g{8}hnW1)u!QhwGP0{#p0*ek>zX=Hx1VD5bdD@P73n
z*C1*S=MAFE?#88l^((C1PHm2M3QbR}!uFqgn=@J~5qJ^RfPWasMW{~YY!=Df%XcrZ
zgkIBsR23d+r4PEn{|hY;@XYZW`w0M$5B97B0*O42*HC6e%u&<sUB|%9e#O!&b8n&W
z^@p)$sMThA+N<4HhLxC*%r{OHF7eCP&Jz0N&LHJdZ#()bV;kVD(I4T3Ny3pXhhz7l
zqwD(zAH{#(D_pYdGk6HeF~aysW>&%NM_@T?xC>J=gtXhZADsTFp9qI^ly_HCY%X0w
zwx`RSY`t`yKx*|sk-Xju=>udi0P%ZwzI?r87rLr;a#i;eYI8eP=;+tj{9ww*CEmVj
zHub9y7NJy`T|-Cd-Vdw5ZV;>U)up+orZtMyvW`kOUdz*FCcFV}D;Fs09Ic=ll_>%h
zHRE4@6bai{1zrrv%*{CYf;l-Kyp%Qk*z#@q#~LyxrDm<Ac_%V`L>~dl|Gf5UP9ktO
zP#Q!;v)OD3?uZ~0_un*cORjfd)r-&?s)Ql<s5MDbU1N1+5>r~^r}cYF(@;O&W$Drn
z$Ay&$(hhK=>BaW#(f#h=i>A^j-Gn`T!~6mFYh2BV`76Zz*#oIMA<9-x|2LI5r@~qk
zPwrGg<o(-u^utpP6Ty659}E5;7XWOtn`#}T-2>1Y_a13ungeIb&6+<MRFmWIOO6){
zF@;0DQ<wiD2sqgd*EoU0nj#rBg7l&M!8PqNjof!i)e>Lt{#ZI2>LPtjVg|abi=5vh
z!HfI@t~75w)NNqpXH;u@vm2$A@Nc1#z7RN`J)~DXX7k%$lhuP|%|{mDL?5PDd-^C7
zc~gh4kWdP4dg+H&N&hOFa9=Tt`61%k*hCt9m)vl}2P71@>}m8Dt?W`({o-VFci1G{
zWl63bI+-|Fn@li{^bkV?t@0izp6q-0Znf`>S#!52ab>*moet*hV>-IA#e;00NxHi#
zx4PW_)Vp}k@}Lvi=}EgGeI`-vO)C?xaW*z?;^7YDMZR=ecg^$O^Z4wm2Yzlx^;=)I
zFCw9)A)Sq`xno;hrZL`xq_NA7KDbJ9P-aNs4f$o%)ewR4d1%pTB?@8I-^=Cjhj&gW
zas7uw20WGQ)d9K<9YlddKkuz4YX=`E%MD>VCtH&cDf4)22k<;9vpUHdF&<QsJmk;3
zB$9PLsJqQFlYwMHF!skDeOmp@6;HcTO+H`o8jL`NJi}gN-C)~#E{w!X>K&S=iy=6D
zp;zKh%Pc0l)a|R-kPm<F|Be}5^O+c46^rkVk^3w%XzzKh`5;(O*~MRIyO_+4xAk`-
zmyJNoy6@e>QhNRLpOA514_C^v;)h9p)?u|)tnj&<f5s7IsI>~jL>64{L#18naX%aB
zq(JuPk6Ack;6zcGrQ5j0jNI_e4!#MawEMKMHo8n7R_@*EXWwJpog%sp&9sjs*7)wP
zJdHiogs<I-{`YC&VK>rlo(7^eP+(nc80*ZPb&-j^T4fq|U32TQv4Z&c@hWgcMEP!4
zk3?=JJhp^QQkn>It#7Z2=mnkR$yGL38j<;tY}vsN9@1?fErJ;irBsh44AYw8c90-6
z(qGmlLHEN3|88!C+gtVHLfOyXH#5C&A--pm<-U7u{r+)N(4Wv3)q?gK#qOP5UM>F>
z9#|B20@Y&)>%6g(TyVP%b-4cN_u)Yr-QXy?Lw4y?D`KuWwjZBA2*{hP#VDPa6DYDp
z_y!lL@qS;gReT=%m5JJg&SH~a$5EO;i5JhfuW!LJ=<Dg4wbPd|{lln~O^A_F*Bya@
zq=~tRRv2>x{A>DsI7x4v6=-}^w=>$J<_;Xhf6O!p_H<BQadBKX-=M?NE5uCQoo|V!
zz}CBn?<Io7^fMMXBr?>MjvlVK58R|W(csNX!_B+FYixnnD70APrE#Uo(8^ns+6A2~
zBzQr%)^lqv^~ygd?;dB7)Nn3Wmhfg+s-jkRgS3|3GnwH12V7KM8zhkU^pFHGTmM@&
z2$CyGp@{+3Hy!ghW9OmnZB(a0Vzk`@FxfpL`DQcup4^|pj6)#~c&+SfLbM#OAH{p2
z1U~C6zSrR~nV&#od@2R2J$UOiqo)$@71>`^THTiySc3xw*PVD{Gf)DR=QBf!4t*~D
zePJvA%@+CqmX`*Fmfcrcf4UDbTcT)?p6h>Q$&0MbY4hOYJ_D_je@>Vu<o3<wdZQZ+
z`(F(%td^L@c!A`JXfMSdJs|8PWH1*X*u;CiglaH!vOMHVujvc+M#|bs&aAeln7m*i
z?x~-s()GiF4jBypLTqY2)~G#ItlCh1+=@Y30{rybIJ8y}KJ}N>OCj}Aowrtt29Kbd
zO=RbuiR7uQCMlU0OB6D$Z*x?ikY}+EG-h?ahl+711?zaiMsJH$9qi_Thmob*v0I~}
zjIms=fs6+0T{vZJQ+g1a<Y)cLVR)siC&GemyYmQM;0{`X6&Ecb`<Q#=C)Jfz_aBjJ
zZ%rY`@oYtQ2Qo!(Hx8WI+JTK#YJwrkiHGA+L+|*2D0pkL$K~zFst!Wb^CVRvcu&><
z4+%j+I5R|qRXm4y`)tUkn|k))`MLQ)ipqGsTss6__+7+{t0T8Q!eZMPPuqq?xEEA#
z%J1{K8fAql42PqtMSZI@+TSU?d0APn{bRN`li&6Gw`aw!V^{efx3@(VloRtpv4O$}
z_XZoJ4}rmaR0K%lWEN=pN<dxHrK2oe^!?iL8F`!#^fDBU5MGeUDPst`W|CxR@BdEv
z`IB315`84Rsu`xNaKJ-Z-<P{2D*kWL=!-n7W7Tu~UZ4JU6|%tPf;M^*qQSFV6rmtW
z)$UO)y6D!FzbtL$f`(i_tdoUSiQ{VF&&IQu&=MTfPTGlJyV{*CX(d`_IH6~=ayRp5
zuhh~^KI}<1AFEjzWu*tMhkgd7BMYk^Bh(IaG?DLHJ|&$SP{^4f3KrakPKx+M2gDbW
zUN<$O)B{n0w$uEh9#oEFt46DbC$*g~Qs<QuCNZQ_v6H|avf5E$l2Yjvml>lKRUHLl
zE%Ko{xHa)v;~med1<c?90u=a=xQ)JzBAZXI`S7j{F0q6|UN6u_rLJo?!b*v=@7G=~
zjJ5ne0`XC~CvJ@!IaOU23y$j6^ED2u%PFWZ(Rahrtoy_Rm3-1p`1+8Ow7K;n9C6u6
z&yh`UtCB`eA&PBVSXvXOu(2l417r<4Rw^{x{TciiN_IR0h9NUT*)+8DfBLdUsIMHb
zrv@LQ0ZMxOW)4pF=AnOfz|M2>>h_*R^P4VFKN;J?ml_TSn=q9ZzEhNT$`<r5-L-i4
z1}pC^Gn{d=sd4>3ujMyZ35qB0yf<9|n#>#R+tEN3BrN?ACk519M3<O1HsK@T&p+=y
z;d}|zUO)_Xyg?2talI)-xS2x#zG<zp56xJLN;O^@TT;l`ZDbbSx;#{lu6$6ohfJ{)
z;P!72Z&sra*p0{6c8^Z44U6*mcXhStdQ_@HtJ3_tJ1|vkyof>`*Q2p=#55;^8po@%
z6oIRgaNmyA5m&<F+hr@&e(%Giu)jD}@I-zplG`WBdq)X#e^fdj$GhKqo^h!#f&6qy
z<P7M&xy{Y?hHs<WD`(zQ4)Z`YN(}ldIBg$A6p2@7Loc#ehy8>k36FRE6{CD6_wi$&
zs3S(MI5680(ek}1A=?h(@!i6*vxgI58^g>`+HczQ&E9%gK7=|S;NACRN`@(H$)7?*
zab<=%A|qEb{14>{%mFETgX2%@F=)kVXMltI+Z|V&`d)%jNC>`eaCu}M(<X9V+7?-<
z5xAfQ#d&QU63I1PX5<u43+D`vq3%8XcMug)_H~gW6%Trjf0_BV8<-ZsT+VM5`}lWp
z6*@GkkR*^TwUq$Wbi70}4XrEFX1-a1$8UOXdGMbIyl%R>HxWwONo)2d7rKz8DoTIQ
zwsKuJZjCXA8Do(_!R16W(}Y^~a9JR6vI=e8fW3cFIj=c%5W6{iQ$7Fnu#!{%ABdfU
zbhv%+wv~4dzHDr|k4+zW6^=VTBv9E}R#yQD-7^R2Gh34h@y!b|K$%weOc$@KGz=n!
z-RC9KtgIf0ETr#opYGcZ#ivXzMgCZXjX!ImDyH7&O)0IP^%91lpKU!9ibG^U`XYSc
zT%!093Kt~1M?^v4Q3b%#+rQ!K7=wJ&HS%@@T!~!@)rwg{45MDVXKdReX;=-gU1~pK
zM5Ky<jN})&apQW`bw#$&3v6dAe*E#+%e&pSbnjdabKbepo4&$!euJ^4Tn*a5GE8#K
z^KxYYWJj6Nkt?Ympmhd6Pdj+E)uFrRJ`{D_?)|UZOZlMnsEnyHH}FE;yV3e5*o4l%
z|AlBjRCq5YYzJAl<AT#$&dD=C%@$CCz<RC`w>`a4f`7iBnKP;fhJ>U}n*4YOud>Nf
z(V#&&Di6I|4{?H_QVAVLOHY~wl{--6>OEG8nE0SImBASvSw&S@x3B@na;Q6)P722t
z#zykn$7S-BC*=1)O9a%$0Z?=dh*{s8aWp2_KRb=squf?5um59g<?+F<59UgtR2(Vh
zz3q~C{PvQnhTA|HkTDM&H?bO-?!Ui5U2)aT6Y18lUOYA#EB+-cJ43Ub@p~(#iB<JX
zutQ0o_f^<Dt1w=P15WIqrf%{I&ZXri#lMoc@=OR4j0oGg&5(rrZdlMgd<YpH0-lzl
zt*Epzdz~8rGJR^0#<njyoq55z<Y~=>82W3dQ};yvs@1Ch)4NEYyAUdY@ap%rJK@=d
zW6xXeE5F5U$`ob=or@%PTsXIU-tyA(Pz_6ak}FU-e*^js#A3O%SUO;NX!8&1el0cu
zy}vdfE(K5=2W4eqvYJVmraq31P@#0X;lS&*x1E_?+aDD6zqf?8v1diJZBVF{qiK3h
z^K-J+QltE60=+Hhm{~<Ohh71kQ(#TG9n5t94Rua+-_Ct!6<`E=zI=)7!ovqjpW0HZ
za~HA=*<=aUN!tbcPhw)>_rP3-wdk>-_iUtCN%16pc?RXD%80QdJBbM;!um#hd=O`k
zl1sSdvj^V=t6MJD#Oj0oug7Pz&5Dc}74=$czn@nu@IBy=o?dNBUPn=hGy|^wRVt3q
zET74u&y@w&&#D8yjTHXTyw}UtU+$<=`VLr~a{N50pf^Pv)2#|9Y985Kva46%E%ea^
z^?RfCHqoVZZ5CmLXOAtOx{!Nu^;)o(cb9i;h-sHj*jIUf%BHjs@rL1X^EKT_g_x`B
z7_Z&%^?_XqH)gNd<pFVq*>n!(KY4}Q>DFaIxH8ied)K-MT9Gt+D6PA6lbN`?#aGI<
zK4YgXU3jgqSf;ey<UwKZ_95|b*NS@|x1Ov1ResuoQpcLn!d9gKE*hs=km<h)S<w&a
zTJg4~r+fpJkKKpX2L)2Cj+N!qK!WKcOR&^kNTKyGSL8XPtvY?Yp=7@rx2ylZDfoTz
zzu(I_*=M#&fA@)9HtF4sd-&ibAn=yF?mcY|H^g*QWn}~$e@6$J2v2irqbj}BVii>l
zg|SK>(wWv1k$f`O3Km9sc?ZK<b|-fB!Q-4<0b{O}t+5q_2$B06_e6qsZg>l-N3wJz
z6!WV?Y{E&2O+>Lj%0mh5uM$<eF!aZirvaygi_AN8j?;*!-s`;19c28BTQV_+{m6-7
ze+2?VPb6YUfD%6CcQ@Owx4YGrSM~RoCO#LL%1Cbfal$c~j))|vUJ`DGb)M&hjXuJi
zBxlpRZVWRF<!*o18)~?leU#szn11HyT;{}Y-3-&e@JqJq1{f8JICtie?{*ORJG#?=
zZ#HJ;kGOjD!pQY9bYQ4}+>54_&-dSGxT8<h*XJU<dV0UZ?eAKikR*ReZG>pnPj@Da
zzkHInbUv8<xTtU_lslra@z8B;cvvs!sw??7^ItImR6#E|2Xog)K!e9gs#zZjHmJ+@
z+~S`JQ>3zRnN=e8kr@B@d?_{jvgu_LfBJ1EhV1!`)a&V(k1Mx5FFOnxR?PWY=EVdD
z$Tu6Qi#AczQZ0Cnfk{19LuBV#^QJr5^aP0p%;o$puA{O74vEG~vdor?N_*Et=bw+<
zsFOt<fAa3;AIkkenYk!?``KXH<rbCTN&*6{mf+=~W)7-Hyj5rP-9d8igJ6)l(22A3
zgeV$SX-DOYO-(QWh?GMdS*m_Xq0ZPhq)YAb5vn@>b|$s-C-Uz&jXFMeUf(T*&jz}{
zPkskx^fe6mJUT>9JY7p6!EQi>!Nh|#!(hbk%^lLA{ui;JEMd!t^?>><uNJlw`PWAv
zq8QviI8#emcP4&3soq~AUR^TZs)iq0Aw}L(F1tU7^W9UNOj2;GbZ`z6SmB*GHzC{n
z#*H9sy>$wdS_AtJ%7(eK0kVC+2rK+*DJ!at$GPrs34?T}sJtj7BsF&%K8)#y#DaXo
zf;iCO6BRC9G<kYZ|8Pd2r%k%Tb`IBr4`fgKjcWumJ$GZow9~-+I&l@TAo^5O7k>0!
zYs3Ue*gagcGhVt@9p3xm*{i+eQAs4e^wVg%jQClkD3XHZu7)yYAue#yFX;8cC!`t!
zxQJF2h4a_&xqf1#&^U%n+02y6oIN`C*DlTg@Z_+5s<eseLmYuRcBdfy@NIxBOh5MX
z&Y^z@lUoFT$?hC~Zp!|WL4ECO$cKlCQZ^6#1&h>0?N8F%ti9wjT=)Fxn+?ss%(y|o
zI&UEWSHtyuGP%TR-DrLm!v?1zFH69jd0o{`tKhd~f$wO6lCYwpgtj-;N}X`7@hRJw
zKSRU*@#^mne_G)U(CRAXNXlYNN|h8V9G9vt)p1Zv=34AbM9oPbw3tM}Vpk`=rQN&A
z{W2;y-njk7I-q`%`ZMv+xv_P8X#>-L1bk$+>d%>j8Zg9h?*S9o=zy8W=!KX_IeOW-
z*^so-X3xtW{K~Rihh&9$zn}%&LFdQg#cMU)0>H)3^eIs13fw*a9#z$>2vNe+vx{eR
z!>w^=Y9A&n!@@v$OV=+qzce3jc*&uSGV;3FZKHQ<fF<GePkMY`1*klHjSHkCswd1p
zfm=Hs5xcFeATD3%ZF^P_vv5rjwqeKrZorudZHmg`0rDO_?Cx865m!oqjFW(E!sWOU
zKm|(-x{P)gZuaX)QzVe3y;|e^g2~>T`|rM#02ypsWeSKQo<EbEMtn|Ar7^Vev^TK^
zRbm~z5fE8|p|Bo#+r@YKMYmP-L+6Rg{<psO9D_*qNxyL$yoU^V#h_;mZ<iA9orJ>*
z3%8@k17V)i=BovI*?Klu0y$t2lCgzU7X)Tkxr`~k)9g|@Zk2!k{eC*WaD)6wrm~g4
zrL?i_sh=8issM1wx`Xs_i^(Be@BOD{uP#<kibz3HZe*eHX*47t%NLC-p^?x!Nq4JY
zdl7YFHhmdqx+kJGh1kcnD12j0P(7)8d5Khb;5on41*jqkD~Ik`?>6V;jnd`W2`gK5
z^6HmNVq8Y!{o*(Opix7+ZzOylu#@koNj}?Ga_NkFmbLkr<QOLgF4wORy&8sOgFN!X
z0Mh<--vOW>d4$G`lxWnTsBi}A^E9nZ0$1XIwSr%T9FQH!g&Mvs(SV76EIbwxlFyc-
z?NR{cs8VqAo%#dWK3}zp_VTj}W#d;eKA_n7Ne*V}0}?b=r39@9VFPy%!n`*0rx+GJ
z=x)6_?o3Oymc8eY7gO|4`ALjRU$x)sCO${os9yT};%wU;?q*9pG!GmS&)Pc7WpCPu
z`#5VPtVaHbriiVN{9I3mbZ!c=OKE_qau#ngCp4|!9yM9}%5gYZrjkALrs-03-we*y
zrwSZSsg~Z*eq>(zR8o@Y-X5(|qsAp{@$Z&@-31EPtg3xavPU=Y%}0#Lqnn;eV<;0p
zmd!<_!v!V779X6FL@XpHLB1~sml=xdkS~;AH3+R7BK4UJ$Miv0mPH2BWF50UmNNx_
zuBEO{l=!1N?llFGgBNQbfKd@2FrDQ9IZI@vQlWp<drznIFYtw%f*<#ddzh*AL&a#s
zQHnr&_q#`)v!e;$6QPsbq4N5j-!59s*?QcM6gYC}xRN29zSJ<7(B`%3cp>0Qf1Uz=
zr7x|)9_ivCU_wEQtw}5!+?Di8Ti{t|3v^xqV<>-nZr|6B=^yg$re@jO6D8l!rws`c
zUWulY)LlHl5>pn<3YE$vp@U~XLLG1#p1Av5I!rz(vl`kVD%f(K^}Sw6<K=$@mF0mZ
zthzbEj!iz+G-_eb+RF^POT+>_LPt4E03Fb}7;<VaG@xP^v@%Wjiqv@3^B)M$>HLK{
z^HJYVY88*+XJqf~MZ~yGR*FjHw4djCFJ++xVy{K&bRs{y1mnUR*V86GZ5sllTGe@|
z?J%K^dZY2y5=F1Y{_6|*DDz+DjWNHgm;=F#-VonlI`u0DLPUo9zwFY$FZ+=t1L7e-
z7)x2zWOcE1_W4>3#2=?-C09z_KKtR;Q*d_+L-k<d+YrIk|2`V?&X~(H;AABZx)dIY
z>rV4k^csBTZEw26`3Ty$XdW~e4u>4pA<dgwAYB7gOpdeg(Y`EipQ^i*z#FyN%}v3q
zA=d1^oCxY(&#voB(aA+@xtUA#Kseb`hpb+E6=$e{K&|N0_?NZa7B&)`a&y)gsor#W
zN}a!wMg4XKqw+S<{|A@M!Gj}^X|CdW5YCQvZ$~09QX79+WMSOiE?Rsl#4Ppr8S30{
zAy^uP&iiu~zwnAx)+U#(5A*zxnvV+yb)9cSSl^@k{uPx89FzNlQjWq1kTV_?(*|JR
z%Vz_2S7CwK&Zhs0OlK>|pV%XWnQDL<c;~ecguxJ4W6L;uKW-A4+NI_#o6a)zIVAG)
zO(V#KSWC8qTp`B3DoQz}v_XIb%jrmNg=(Jv%Z`kXzdw0e^>Eg_t=2Jhfc1LEhjTja
z!()PSM)bOSf}2yfE8`rcSF(&-FY})X&<OdF5z-^+l>arGt@WAi<LW_@#u`@Qvgpk`
ziSSO}gWKuNM0a8(IIMo7uAFjOByqNiV)c`Pjwd`mIZJq<oYI6R-DtKW-<Zv(U;+s=
z<Z>t_l^f!Qcpyy<#pwwGvYay)h6S+D6IL*xh#>Qc0o<;~bceoG48PM;v7fMy+()e4
z8q2NuY_y8XfN~|cAqjv`#=&qj_@_H>r|6TkEtD{bQiQ6Wts-ZkwpTJ+=SU5)@M}N1
zF#k!J8+mRd()_ocomlW$=D@io+l61IOk$rOuipHTZ7sZ!ocl?}7FjsHsjb6V#1dRL
z$JG9Q-&p91@K+V-fV5QGvtVNLU~y&~<ypt$r)L}5m}ZAWrT>&zvy9xaOV^oQVy!j8
zkZY-xk-hCp;a9-(NEv)T{!JPY$-lQw>$@e}IOzqo3$;p?Jvy*Hd_I-*?L2Vkga;OA
zcr=2aw}VK{j}h$zy~a}tdE(^78tT*jpTPcLD>_jsuTa-K&{J*5w_BurIsBrYhtcbQ
zQ_d453V1KJQpF$7CkWkCVf`SOECb#K3zG)Ah6xDjmsxv~G1KxwKCeRKDNgL8w6T+g
zWv|IsdcDbKo4m=3g!X;<KL-_Y)bfCgNFo6id-{U0ldwO95*I!mNuFZpd)gNtcpa_8
z22Z=vuHEu6<>!w4tNo_Jz}UFGN2i6vC2ogsG>nLjwVVdO<mSA~SzDgie_eGCDd+c-
zbL4#A|Jtu5!0jP>k{yX8wg-2gJUm)=gsW?*`ygo&?i$0@)NwOY?Y*ce=<j|M1+{NH
z9w&yA1^=Ifdj@iJVA9=w%P8YzcZhq7Eo$rw6VKbJTNt3zhhO*-_NDx6$nInWt}GsK
zuCej&fF$effN?X!PH6AX2Q&M2XBh)u^z0ij-LM6)c)JS40kKdlFbC1sJvs2~LUo~H
z!Xe9<v2vI&URd;EaLtGm=g$=S%8tJY5vKpl$UYF?{mZ4x5j%`g^y!z=>Fct2s?ENA
zJHs!*(63BUeEiK+zWSz$G7r1}_G*!egfaCxIK_2<!O_bs^sDG}mjWZ_U!N^`-WDk6
zp7+S4=#{gT@5ZWLIW_cl;}s&OhiB}**?N>iN%fhSu0*98cnt~<KiJgmM1T3?QDyVs
zyRt<r6fXIH<#QKI`h($u$2Xe=Te1WBtV}AV`=MeiJdP@>6LDvh^MxwDRTWBV;mpWX
z5-<T_d=b2Oovc9pgKWqe$<p8{u9uf>Wx!itj^e;X_nm!d>Se$>;m27dZJ+7>=w#c7
z*^`TMj8C|i0;A80g{F@OFzRm62Wn`@OqaaVaa{V-alx2Ts_#MSVmu>3SM$LI+BV;k
zYis!&X3sNU3)B*gbnd&hcOLf2-V!3Psr*CL*$~5n-^KseD|iLOphA2?G$)}+i1U(0
zf)n*8=_pBq1F07qdw?#?!kx);-LQBRAD|50>}lPvea$im|2!5m{*h%BmI0g!$&pZm
z&K%O}epcQ2zzKNeJ?s8wHzMJ^m7vw#d<4^UCprF4+#yFOLE1?N5A_>BF5)V96=fL?
zfT5?w&y6v0h`U|%7-#c9bUk+^M_Lqh!TFN!pCvQ$U*%b0?{@R=6ConKS1)|k%zw$#
z;GbUodQMUD@{&9!!)d2=#;0v3hQI#_S?SeJzm79WxNQV`CJjjf<M0{e*FVWT)s$qZ
z3aA{q4PJQ6IB6DT@$PBZgR`%6&SIso##nbTdQb)IQ532au8c@Z#Y%M}<5B#83ba5@
zIRJjq#G_oEo?Z}iXTMgWxc|iY)xCDzpP2#wd<u8gKV<@R>NS+w{}V`DJ;6V`qREzs
z3Md%bha<NtJ^;Lz_xmVo!<pPw(Ryu#A01!C<~@2|X1$dyj)*eRGEluk7CKOI&{eUf
zyMaCSR8+_hX3ykM_%0zs?d~Qu550c0(;j?SuKjl9(ocUY`^1|G@8u-xCB*U~t!o@l
z79QIe|9a5yT&UlL;VxCL9VwNRUf<JS+VB%#H^}8yLFoDI%nfh@Jiui@1q?Bg*bSC#
zF*S@t(7FBJ>+}U%iS(<8*8%ZaS6&B{Kk6Po<Qs&Pp!%?XfYQUCc9mA93WZAm;W}ON
z7;QiBzO)pg#x<x068}z702xvo$+fTc%L<lu*VdkAU6+o2e)p=I^Vt<aS(V}_r0yB-
zpxYuwY1DR-nBM8P=hiw*9!$j+Jf&x{T)h-*BDwKJct9X|klebKB47XSqI;N46zQyL
zs(Pvo$Ystjb-`fIjvBM3z)5hLs+l7q+yJc~Bl;!Pyqw5Q3xvYw_qt(KT>m|Yu3jeA
z{YLl!YskgB9aLSk@c{FM7!7}qJuf(59fX&BCq{j_B5b<)qT#t1s85~gtWVYKM;&4C
zQpZ!1;0##y9giVQ5KxK~hxdTxjGir(+l@bnd5y|6jr9ofd+zgbQzX|jU?q4`n`Bb1
z;Nw$^6~r(v^hA7xE`C}4Ov(6Ac-rNB$&*atWjp@Fe?2CWhBYbMhVOs0&>3Fc^Z02g
zL^rDNe;NsUsUcC7@}DQcqo|$((S_{7#KXCBo!&neb5{Xhll4nd9oqL5*w26CO-8K3
zUcxg0Pq3G$unLO_8o1L&d@|V;nHNv_^G1KpRHVRjWAe@a-XYZxJ^tT?p94;+nvL{V
zm6g<YRHLyjr{~e%Z<BdK_r~@OZXopog4Kw5|Jv!n4H!SAIO<NCyYu>!<F4tFC#QsX
z+w}>iDmPwGMoi5IUszV>hv*M4($jc<oR$gt&vTacZsf1;W*d*gpK|PXQ2pe8nx?>e
zH;fU>N;M~R%W&Ape-9*h?!->+ad~o8N<1o0T=OsCQU=zThq)Wm!Zrw3q}mqsWeuV(
z+!(rcW9AgB-gXsXF)eKi#84N@?G61IL^<@-Rj2~K=F$nzA@~2ENFAd_2+&F=SX&j>
z5*>8E6Tx}7=JL7l=P#L`rtu#Hek&M%LvM*hPRg>y=exXcX`&Gjh;y&}aw)Odq14%=
z&B%}?WSEq6{o(OtrhbN}qoNm2jWdcnoE2RALo?Pp=T%_L)CT{b8U09OpMg!9d>t8J
zbDRF3_FV=}-J}gJz9adS0V{>eZ~M$>91HK|*^6`sZC%NkL>sbX^nU@n3=6En*ZAuc
z!LYKcp9O!lwHb9I{!`J?)cq$eGkas@#Gg*%hwq&lmGS@CQWd!dS`MQisnIooD(I0;
zc<DBcGG5pyx&4-f&8zV~T(Grh?Ziy_$mgB$HN(!(lVhbyj>6kdyjDsk9dJ)q0+m8$
zXfE1Gh<pFN9`Ayb5?Fw-mkdbazXWUzEXxOnIlN+r>ZwL`=S4Kz$!$nhMS|)WizBxa
z2DJ1CMxRZBky7Q*Y1kH^1&f70zZ{FA1}&=pQ>3b5nr9ByeHF$ns|aa&zYF;&<4|Io
zqB4j|6kZNHFixYs$<hbJ!f`5^3-fAX>`y$UT)}j<a{9lV_7xPPJPA5BJSU+vrvNPC
z7<H4CfRg6`vR%1(7g&!x8G@n)|IV?+v5DJz{OrlUVw5!%nMC#!c>MPhPTsxx+c*RI
z9k;>DSyE=o`&D)M+m{?U1BMl6J`}%v{>wKfHQ5N!_&*<y`uMJznmt$l&%gf{G~Y>`
z3xPf7QR%|4xepmAgAb}Yqhqe51oHz*pf}m5VV$aaQsE0PSCJoRm<vy<d4iq9l;kT=
z+q(b}WxS&ipdQyA9Ta+<>K|ZyPkEN%QRix)YXzK~zo1H}mg+1-Ek;5P^XH)dkE^$i
zit7K~c<B%Uk<L*Nk&<p<L<Cg2L|Q-^qy-TeO6gANkdiJDREADzq?PU*at4Mu_l$nN
zzq{^T=Py}nSPtjBcRbH)?=vF(N!$X0dkv$=6uOhp8~#c?=k8L^p|AB-8u^~0+M0yV
zc#?q=)2RN#>%0%6ILu4R&BeyT&z^*y*s}#>7{9t954p@76G(Bh;)#-;rty2VfzreA
z<4tqAH!Y4mYxJL$SraT?nJn|1%wOm)kx4X7V**IAks}W8((EI_wn9xBp4iMMCRl*T
z|KbRV_`k17{`21n1CLs(<}51p`gJ$HF1_%g=ikv})Y~jIPzNUIGvIAv4t&k*D4ROc
zfcUvF$_pTKO8;MFs|M7z!7BDTv=x+lY+rDg;?O%DS$t*w!OT;E(Opb)lhSFPJ6f98
zD>>%ftLC22-H@4Gd(xEKP5wH$`Gq@`NcHoCTlPn2TSeOX!Q*zt+Nj8_NR@S1uX?=Y
zlMidd7dDspMiJ0Cvl@9!I~YPzzup#%MG$KxA@pCWgJEQzhIHj%QSn7sJ3Y4aSl092
zCb<f`(}AGBP9(X6EW=Uj$(e}eql|$@ym+Xb2_*a$#aKJ4AIQI9fJIPNwWFQEH)E3P
zAfTWHlB#S6)*sFQSC0)CNg&pvU@;z>plPAF0$IxD3;+zbInHM8FlNMuouz#lJ@kF4
zc1Q4WTz^_wt@s-*%T9l(2LF=p$#lPjCL#Q%<}6U7D1s-zryD#;N?*ej?L?#$oUG<E
zwv=g2bei}~Q@4oeQOtGhX+RR`Ulr$Hh@3)pAS0hlA?s$jpFUKpyusgPfhH$)MdQZ1
zpgE1?Pjh1?^g0n-Cmjf{Fv7K<{M$l(e+pmdg0%>g6)d|v&`lOSITdLUaLYO&Fh-``
zeaYiL2ONf<!TxvgegW~UI^Rwh|6Yfb1w2^f^YR*1%s}4u5+qv_A{TMPDt<aV#GCC~
zhiwZL*HTs4H?e&s4O*zN!|n36*QA(+=+DwameV8G_6p+aCkV@&SlSh7FUooQB|lW*
z2u?lLVBDySpU-5{zmzO`1ZFe$Bhs7lO*LrR-_>A_4$=OXrJ2BL<2Iocni08xoI`|K
zw3Ae_z!VP`k>iNQW6Ch*OjsZH-C4qJE#&Yj-jv~sCnm0#+iv&GB`jn_RCzZ57FZPn
z!b@eYccMv3=8UTlL3uTLfh{1Nfz(TuU0@!#d83AiAsY6HrW>k42h`Wcg1Gy`TQi4A
zS#sbmbKG~2`Eff6f}zVP)7A@^)tR@QEkhmLCBMlm|Aa;On%}}>b1Ydg9W)miqQtdf
z#Ls8AJ)T;yPBc;l+enR0?cSafrfI-QT>Gy%`d9Ox!SM)glXOGcl|!_!CynJjOIkYb
ziZk}f%%_fVz1xzw1%5%Vw(CckLr}qQH&qVXQS@KcH*)L+gKC%1iN_ke4w!I`GZ~3F
z&cRG^ZZ&VD^#(k0;1zp5Qrk%y47F?EJC-F`VI6Xk;JxlkeYqvd0)uCw6+}!0JHxKj
zT@qds1thVeT-qb_UV3#|Fl5Pj9*Lm1t`wTSi+BpDWrxT3@o-|y<6sk`ANfd$E5CS#
z8GXJPZ8JASI~P{gYN=T0-Rg+1EOO=cI@=;ZS=d_`8)9s($X2w=qxNF=oV|&V;^9j1
z*QI0PXe;+%y=0eWE3qTkoUXBQ;Bq4d$^ypERTYfq?kX}PS1Sdq8$UkXFv|ps6EJ>;
zl|~jX`dCH4Gv)+o0XoaEayx2Jwggw>Kd-!OL|4rp9c&zI48Pj$w+Hxv6mYF6W=@h8
zW@AHa^SkF%FtC99LDqNOKlM83?&VpfiLLF**y*VW)EZ}i|7mrHeg<>?yTVD52<AA&
zb>{4C<1H@=yPBYw2?;$eeZHQi$gUG}?Li>!BOm*1#_1Y#pui+l5SLwRm-r0Z-R!}3
zVO#euP}lbhT9Lt-rFD-U@SKSphkknjCOa_Q6;Rj1`2&L(VC@eXU_qqSNnQRH!^rW!
zS0WBi2H|UaA<UhU-QjD9l4*_dx0&Dv!L}}y6XVD#EbRHR6SMo#WNSv*nJn)oTy1c#
zG%vh%KF()-@R^@%=c9SW4d@<>kWMpOq5V=@hiu59Gt@<^*z1qucgyJl(l1A)j+J+T
zJhDJ&M*6IaDRmj4EGLQ=Nw#Ol_z+%7xFM!HZ29h1yq?<Bb7+GSbf0qLHZVUfLVP|&
zy*K6Ws!a=6U8q%TLZ7HLpJX?Eh0A5?H^HbFLi}~ynXL(}bMW?^?{5YQ{JNyacc^co
zI`Pa}<oY<R;D0tq?M&YZJc7rc^lBIzX$<d9kommKqL{Mnqay@V3=R_&IGJ5dB`On#
z10=$BmV^U<wYTESQkxjfTRw|6P2K&a$D_{n_U|*-c77fukml_N<-kPN%DabsVa=pR
z<f)M=Y*GGtrap-IckkAf6pxA)Zld)qZ5ydBMxID@Tn%>|2e*dtuVI245JrU>P3mf^
zTqk+#0_<WWzyRk9;NlqGn{(>ya_MkY@BtKVs^~#F?uTJE+KkMFL}}M6gmfr{`8>Dh
zBgF23;U9)8+N*mMhx|X0PEQiQ8Pz~IyTZn7J3XqJYCbEsmP#8DOur}$$Y^@fpiAs@
z7_yrPaxpUO<`=KDoP@x_T$AQ=tbaMIEzHrOgjdu{%u?rCb>$rW?ldMOo)dh8x+0r>
z2^{XRgTWTA8$W9SIAAZdeDJO7@;d?KE3t=ps~?cs8&6+RxJuHO=5OcLB0>?V2%AlH
zHRvP$5_Yi62QST#S_T+1OaLGKyS)@Cv7jdzo5fx~XgIO-qE&U8hn0Go`{}7<c07BO
z%ol=$kw@H}hQ+IR6rmi+*Lk-{+<v=(8&T&XK0I?Doi0oEHy`Nt0g?*9CD@mk)V<?I
z48IWw)ak#*0L)iqp1V^&{BW+d&~TnmIV@eD?8AK{I+xMhj40B_rCF;!<9#pI8F+1;
z=;o4cPBc>gT}Q1_j-IA6B;4AMZ+cGy+BoPV`SN0s3KgmttGwIyKzl2|>2JiS`&(^s
zgOV9=%_ihq2wW6Xa@c_!KvFMjb^weT*iO?08_#Z<N@GHv-hlF`x?=FFdAROn0`VN4
z7!W_-fa;f{o!xh;PiCj!YANc!FRn4!q6CjxJnw1$LcS5?TY3;By1$n}2Bng3Y`(A*
zDZk_530c;-h%b7+I&~a&_Ld>=_ne5vo?=-^!0|H~t)hH}Ei=}p=;L;drBsyJPa55!
zvN7k^tU-6<(LE655eEYCzD3iMxA!v#E=dg^1VEGQI=w7Kj)uR!$($NDf;5>_L2UH4
zdZGwenpjURT(W+G*@hlMoVPH6=P#_(<9Rx?MB+YDX2O`hDE1s_7Sj-rlX*K};c_oa
zhW<Qs6w^#f)3bN|8Jy7f=_(hFx(20<aqCY~R7iWzBYgej*g%27MJ^kX)_g`%?<}$<
z=<wQ=M8nc|VRt;`qVr{x)-AeLnD(73rKs=D?LYD6SE2~6);P_UZk=Rs+vJBb;;jz_
z`92zY62rgbEI*ucG&Vi*Gjj6kbWytOyviM=^G@86a%$$oPUl-kGdCh1tyHx<(E;G$
zMVrP0;`%9(Mj103&GPY=I?bE&MW<Cm8H=z{*ban~@F-C+jCUvJ^x)S%05)Hu757)u
zZ;?@o4t(veH``m%?{ehh1WFyAt9Df#YeHFYwrhUX4m<gf)>qht)<g8#w~lXo(UgPw
zl^W_QiP$SQ%+Q@9;F<cHYr^Bh!wSCbv7qQ29Hd3dNoMF8`VEw0AaiDyIWDEOq?%!J
zL_Nmss*5ifD4V7om3Luve?XxE;KofkE$j_GA%KE;7QDLN_ZCWG3S0#-Z$LeC0FesH
zGiEVxw@%W`|4ItHFkEVEhs>=^)_Sd<_a(gpYB0fB(=BFg9|#{lj<b51a4awcFTaCI
zO^e8Rj_X|gE8*Onw}jXbS;VmLED>>!<E##`xxFso*51C#o~85UvO=$7g3xySuKh&+
z49%HJykR?Ka>APNi&T|A(X3**`P)nP1_ui)MtD6zQMs6f)_foVD^$?NldM>PQtDrG
zE|h6r7;|ruYA2}FqO7_H$=ms<o7joQ6syFH#n4pCH?>-zxeK|aIkK?=4Fl{6Z6-h>
z&H%HLv(*!PkI+BMZ!o@P?t|bQ0s<LN3KuENN<=X1yixE+^0n&>;BTQz4)6irl_U;c
z6ecBjQRQre<}~GP%eB9q`KPeK32|*vK)p*ti+ANn;l^mZz@~oU{Cp#uvI?tQZskX(
zRwbP9n^qGx4mc`!F-=h-xSN9?`3@cRkb!zl6-PMfTF$rpc2`0yjJ8h-ZvRy;Ca!G<
z|J6pPFva`SyRc|z6x@~y&$(Z%-9*^T98_iYkikBSNZwp`c?xp@Ti%k}G0?VH7K@O<
zPm^(Ct?4lU_wA1m51#G?#mGDCLx3bem_-83_(iad)l3;%I*|%z+LZ+_hDK7$L0NSO
zV1`+R(TaB<b-uJ=t4Zw5$6wJ<?;74h3~*UVol+J*1le1fh3X~o_o1x{%Fl!a3;VXG
zZEg>fCYCh>HT6p*3Gax}LO<8c$!AAwX7AlZy6Y@FZzD2_)XQqQclau^V$mQ&GPS{A
z=ET8Q5V%dB0&h7YciIfCS9lnp{m4oo{8WR-^6yQ>*Q*99Rv;^sc)TkD>?+G<m0OCS
zx(l|-uO2-8otx}}R@~8C3I6+lLYH{rWfKBj(A+zVNTX$JFD5VqZDW@N?)I*tGmf2y
z;PSMYFn3IJL_pV7jz#csY|{JGG??S&?k-7`$xV^|;nh28oaW;JNWPZyappcXmIAcr
zpd)#1rTU|Aj+pb$V#YC<Z{WVfpKagZWDam+m>Ex8jiBr=Qa5MA`FNZK*&qH4WUopn
zE+rkO|Aw*z^TH?Q3CL^BilcPi9mq7U()53_+BKie9wh!gE+)t{NX3<fPZ)Ep68m_C
znm%DWTtNnVUwaUb!kQ5S2z}(Wdjt~g#<qhd|1=G0%s>4QER3ZA%2yAs4|XBE4)cgI
zdv9()@N}d>nMZ+uCV?0YcA?&Q*x!Q*M1^9lEuSRECnC<Rw?C}U3~n;`sR=CH)y8|k
z(AP-P+-%e}(XI4#-BdVr(CTiP0lI{vMd^{}_J?Nen88PN^u>Xh(u*&84G4Tj)mexu
zTDrf|jf_X(|1H=*8BIc&t}{^2<-82qJHX+>UwBSNL&Vbm?SE>UYAf?!DHNNa{&pk;
zy;xTYyeDpXLr`fT!Z_%7VF>sJ1i#fM__+_bVrEcY=g_Z!V$E3XCZN<Kr?jhF@&RoX
zQel{9qcFZQL6g+5O*a2kY0k@>$KSuB5qwEQAx`U`XHACPa>Yzb^VfU^9?LpU>&t$r
zFnp0GJGmrBxxw*?k?gkTn$z&LEXmgw>u|6g)^Aj)<@;Z^fz<`ulNk+|VAh-b0@!2K
z0Y*NJo&~IQwhXot&O^|#n>-uaXkMvBblvg6KCEO=d<jFJ7Q!Mk@UR)^yVBT)xdG$C
zyRdDB=or80JKXuV9+-S-p5Q1^Acm4lnzb+YdOu3Xd22p!ci1-4N6^+PLdr={C<t%X
z_x>nPqrFWele;aScIg+bM2{B%@7wddf@>fc{1eyAse)AehoM}@y5p2=AAuW0|JURa
zcgJCb&~MJ_@8xmzRQbEv-LD2EcR@`4<P8mM*h@tczqv^?{`VN?Ob|{h_blLPgs5Y`
zQ?4&PAy$a~D`JA9=8;(02`9DsP$J>J)bD)u<aNA%t%hR%GCJ~DV;``p%&rkfcjT|<
zFiC^XAm$D_`T?2v$CHgWyOa;;1UV_ZJe7Oo%03J%6E%K)$*kWQN!mD+BGd;@kCv7%
z)rN?%yLLbOT$0lN=7)8CMKE9I>+-K!RaXCQhRvlyhV9=t4wiU2HyHYmWk@CVzSfNH
zoa=XbBNvIKbiVBLGW9Sxxh!4#R<o@1BL&e2US2gq|I${s*~!Nxj%av<)15ey@8)1|
zvqC>LA@R$#PTG^M?G{=&c&SFf76ZM*8AsM*cAI_zat@VeiHP<5Yx?!{-++mFc;s8c
zqxw@FR?E8UBawMp1oRh&S3c-gRf|E6nfROf-zDoBl9sQt#cICaF(%(QDwj;<ni|mh
zz$$E5hgWS_!6qT}JnZD-D}tKZ*CVIZ$<htE%1lL&;nIE^w}|g;7GOxYMU+6qlMRM+
zVvCoT%zw&WbCurtcTxzwk{dv&<!+lmN|1OHE#0Ri23Wj8phz#b6ZTe8yD`C@apqEE
zt=k*;E6ytihjCpRV^5^P%5Mo-(8+4Ghr}0eM-WpbSyWc1Vf9b#n=G(z0M}|Ro6VSZ
zNU{r{FD5{kEr~I{y)yit*}XV#Fce=wFm71FXk0yMRBs^F?qQM5?eW!X&~b&4B{ZkZ
zB0Au)d%SBhZWzTn<QG9SiFMtpU(yG}d9la+g(J4E8RNf_9R7-DHdh62slGOVUiV>8
z%3jq~?3KXaBX}1Qe;2C}KIW<$5k<5h8hsTZGJlA>q2SaH#Qf1e?QHK~w3Y&h=0lME
zDCG@E7R&<^Pcnm2o_%}{CarDkkrNCXf+{b6I^xx6N;<A0FA$=ICp>>*TN(`ILRRZE
z(Xe&g*Dsk0i{w!TB_uhG=wM^T|E%jsH@`BSPy+_idQ&{h=Zmp7?LTV{bvHXMgHEyj
zm0lAQJkb8)m9}*ZO29OLIRzR)s7DS~X<(Bs(0(69&h!3?Ql|P}_FcU7F9Q+0q_Ox^
z@H0|8klh`Wp?S-$p_ah-CV^j`&k_UgBCCCD9jwVb_dhLZ3z@MVuQdAaz+ue=u8o{c
zY8qAR31fxf>0!mkqvb&+Jqs~#d}aPSz{seOVIDo<-IZvP-dl>kmr<-JRZ|ys|7$r+
zpQ_gi%f68tv2<zTR`}`#)P}$3{bE8lHsVhaV5yPx5E^A%TIF7L^0YwoPP)95zZ#q<
zeGm&bX@DLT*W8?=gcD2zx(mBSr6{ut6TA5f$*~-1!CSo_3Sb-aI!A)_N(>X&F^v}r
zwg#ICVUmhyD2*n%k&)sY1K|i_2Km=mbL)1fHCTL*hHANG9<dI=CXa_>p!T)$+@y|L
z{?YJgxJaciSU<|wJ#=jamNn{QS@&cBgQXbo#GXgIhl3tu)HG!=!}Hu_`gXy?TR3<5
zA6>mjyAJvbb!=jm^3?6`mxDTj)dtyj+JjLi*T@@s#$Dfh7t}0<^h|uVC&1O?yzO|{
z+;4HQ9EPF{WDpd)&e+j)#1*}SHJNvKUV*Nhd8?$R_$$3fu>PV+D=vx|%p4H%;<~UH
zGo=ftU0=Ot_~~qUj|Dt?;Ps!wEC@QxrP7AGups_3Xbg-6=+ex|gn))L)+7#M_;~<+
z;9s->KY(kZO*J#ptDxUsDtAv5gYzyE_JI#uR*u|ZfQ<_G3%WUhf1#(YX;ra-?dIsF
zuSgM%E)7e35^a<4(O0h-^8cC2WB+F=8)8l6{5n}SN(kFOQ~5+q<rjr!r<aX)5nFw~
z>m&59A<J**BC6uEWs8edMn)=h80)dwd^K7gYRmTNHK@RVx7d-7ymrrdlc+F=ZX8s3
zu`1{QQpEBZdnmFDrDj3;PeUsqCDd@^IMWM*>`8$U1ovq!Xei@m;c#Fzrvy(A^cIqt
z==S%b73b{`te>YzfwiKeB=IJNF!o==&&Cjq;4fMrlzL^fgp^Sw@@JODI?LuH$d196
z^bd&=ZvMEpB4?mHGTQnSMVqH&KE(&#+=>p_53eQ3PML7#Z9_(AcoYYw2j|L@ce?FH
zZ#352Be}!>rSSdf)`?quB?tJd(0~k$##2ySBKuz>lRnHJBmAJ~stOV6%Zboqeds!j
zRJoDgPlI)pvD%<53t|CbBN^Tv^ZgB&#OJUQD7M_drf{&z=%A1Uv^yf=ZCo(nk~5&g
zw-Ay{B_jnqC%e^0z5y{)!qk|bY^q<M4VlVY=@X$-8e?aei)8g!+o}E<o%6(VnLg`-
zj&=QtRe-QRlww<Q?@gtFM!-m08(2$@Bjk3=;P5+7^Ifz0ck)MejwVd&ONGBgQ#1R_
zWN!sCzKTIwV?uWgF}1?9zw^caaRBD`>;#s~c0s+2^I9Mm32&`!fWZGu%0rqM=u3vC
zR~b(fw!mVr7@MLqVSy$d7|w5@0V5Wn$CL?V8)hN2VXT=jL&WhyX^qfT&o_-W5$A-b
z-rENoMITKxEarw6j^N7!@bB4IIVZm{ltEZ~50W)s#e&%aJ>>lqIeoI9_kTP8$aNH{
zE3`n1j>+$o3EB0lMosHWUGqlJSkUN-7dTC}wNFaDf2<qXyhc)I!}-zlTdpn3w^Q*h
zj!YV7ynOR<V%SgM^N0cF(Vd73TPN@YVlARTp=#j0Q2CF=M+A5PmU2ioTaSC7$rphy
zhAD3Y1zpk)E0oi!cX<>PSzr@11lL``Y{pUis6AN{xLvS?jy*O5&2dnz?HjQeJzgj)
zzwEAG%8={3r#BtcoiwM_TJ+LDWE1D&$?^KnC+DVqy4}_#=hrTBx{FfkSMsKkD+5jz
z$+<q!bItdab*;^UvN`q|z02Qx<qnw17I|P4D?3s2$T7loGifES6S3Tama5o}(>&Yl
zJ5!Wm0{utM-9*zX?LYoZ{Q4a;j^x3K5{r1o`kAkIcSBc|fYrOk%+vdB-vn<y#S{0{
zPjo!*W@2t$b#s5GVyo0{`?3|;xDHb+za^Fe{hLm(SrL485%fa#gsSUK*r(P)u?M0}
z(qndAutQuIw9LjpAMgz(a9ityqaKvBHwhc?9ZTK1|5vJ+KV5}9UvMctxyXt!T1B6K
zZxR_}rQdH-Jvtzd9<(F&+zrLV{#ZgzypQqgF`JQj)yVDL*Fts<{#G8LzwMkN9Sdwy
zauIo1*tI~;Qe$>1vOO0HEM<6ds^-ZoXXn#7xp2MV8jdPOuGM>9GrPH1j-lEtVIxT1
z+tP1QGuQl`rp!sDCG*}tCaHg>{JGIHo0iSPU|eZZ`v0rtbPfZHfLieO=h1%w2tx!h
zH;Q<Of^whXTDjcKrFoc%pl7`KCYbqG7m}JKk7jiEpMXVZ702o+E`O{4f4cy{jsdGb
zRN+;zz(}30@k?TEg?XTFhu^!#o+9{%WGFy3N|zO;yIl24{9zA9M*UW?1xf;;d@%oU
z>wtc*u(_)K%FfpIsk23oKgGvxi%v`uVi)V(pT)9c?WrFB=4a|%D6UKBCCs3kGY|$+
zPfr5R=+>12a9Nb59>B!JT4<^zG|W}^S7=3e*i$M$R(Rrka7T%IX-&11mzR_`+tWgS
z+_MS)DT8&lMYtao=<}8*(FU~de4=}G{_?_C4lROZ5a8)jHCKVGh1`QIOLy<uU=K$8
z<7wdL!Ni1uy#-ocTsO@Et=I9XJ16OS?+1iL6nH3l%nTqbus$!)iNbWCAckEpSYUX(
zH=apjk{-s<#=x^+FTgj%Tk5#mGuJ9DI&V|EF&OzTW=>2<tD+7z*jmKZzMe-IV(O}F
zUZ?+-wUfJYa5CZ~H*znSklPgtb679jFC8x0qV6gBlP#q^PS^!kP^w5&DsOpe&-%qW
zJv5c5+00jZ(055l6$LdpSxIOI#4I{nik59KaEU@<n3shQ73-xUCbYc8+}_bqi$TbF
ze|JK5?dcZr+`W^~D5k6rl`XFJkecV|67PsMWs|MdeI9H|VQ|30R1(ZMdA=dozTGW6
z2L25FtI87k^D%|W=KDTAc~YPG>0w@}HB-qw?%x%-cU>L|;2z$&U*4<u4fNkDILEh;
zZ*2oCYRgCX1?X%c6j>2J33&b9IhTgAid$VQ$4uXENe9651|h$W2{l=++S9NO1<O%N
zy$+22dY*^sh%rdDqzGd0AYl@>X$S_FBM`-4HUt0QT^d*`NX-Bz+q&6=%$1gY&yA}e
zwS(lS>i}CQ%Fp0k`AFOY39Mm-X|c4Y^6_D2t>FXOJ8^n6sZsEqWzqdgGP+IJbbJdY
zM)^~N_#eWRBg1x9tIIiAD`TJCDx0FM;XhShKBJxO?Nq8RtA-1IO~H7FxDk{R%!kXZ
zNhe6Np(lwsO$9l?hAvu$&5f0YnT+MnG;?fE*cHsyYfsHfh57r|Cezgh1Y_c}J1J7H
zfpT_a#PjJPlFc;!0Z7%Esm2EVNh*FwxhD;1e0e`~sD-r$8DT_2Mdai8CMySmUlBV<
z`~>-?7lA9W;P|Q9wU;(gS?8B!3RzUHk}>N4V**AgcwMxTz3a*)&81(ZXnwuO>gmTp
zGOp~bN{WzKzK-LbEMYp?aNvs2n>%SEA`y6NjnRo|B^!V=z5E;c3sbpUcrqidD3Mfr
zec^=7H;zaFlmkHaI)ITWS}cuK408{U=8+}(b{4j{5(Yu~H)yJR7A;?YBO`O$K_f`V
zJHs$x^vfAm?g?4L${~@J`2tRjz*=dOpWd2lcGJf4$xrD0Phr=YU_bVq%$_*3?6U^1
zLXS!Per#oz#i)ujXK&iT#AmjU_1zz2N@ocB7X0*AzW2py$t&j6k?jVQB3BGAMrvRd
z+e}_IhMqs1#$n$td7q#qxB*Gp0wm<3gI>qkStFAKXhg^av1ypbU5$IH`_pV(Pv|jj
zy~3hH|3#?k<rw($UCai!Dd=w1SFOqpF3Upx@5-UV*N1HcNZzfyi~mF4va6<J-O%=w
zczS~QM$`RBUC7>KJdwBv>sVQ`dm`EJlIyO!hc4e*zb=DkHTOlFx<75}$sllp>za1&
z=e5|+cQ`whMmg<uH=9mlYZFlIYWHXVhhgxGk0T4bucN4IyRfc+Tkh~1#=o8bSH>oC
z>YtGDGg%6Fn3>jQ5njh=DFfiVe%$g470O~M1+Wi#m!gWD&fzp1XZp!XAd7Kj18UQP
zz_|3QhWbJORCa4pzf3tq-U*rmuHw`&^|b10SXPMNzitzH6`NCtI5*ZFfJ=xs6zx%7
zh^2SdqjH5&eRE^*ZqqD7gm4>?vmB3DV~i$?D5k}%uo#1}40A^U-QC@r(^KR%mOzLo
zalxg;+}_DV2o)*`*b;b<z=qu0(4j0kwRzB2So86uQZ<@<6WP<C?tkrs?YnS8eN~FM
z?{R#t#4{d|r53ZIV&I@B209NcVIbHZ3PcGpMU;b>R0J`08Noe#KA#uYNWBWYLc#4r
z`N!_0jl~{~zs@{VH}q%QwA!ZU?=R4h+RraOFO3wVpIph0jB?6`R2)8ZbY~^CNpbBn
zNiKqXA3)!=`3dX&uofGHBWKI$R|D1&z1egbPc7S=?tg*5dQ{DRnR%#r25qAUeO$^S
z+kOi)=YXc8T{rV;4CqUxBDnYnF;P&m&$n(ApLRA+UuPm)5pcu(&Mg^<j&Q<6m>o&~
z$F-UXU#lgnz1fw*1fx~9MEA|Rq=eFv!W<*1E_bIlg!lI&$Hp0IhKDEmy`Hb;jGtB^
znzL{v7N6$b8HW1Gw&+30PX!-g_Hw}Oc3xYVrNe(R*uL%`+s8W9lbcWr5EvUD!($gP
zS0}sE3ya<gOfB6z<8i;lZ<HF0-@TJ<bW(-OaVAC!6IYL2@bNKp&QQ?asTO+-8#>t-
z^P6HzTz})0$Df&8)kNOYh#KJ(yU>{TkJ%grD2*%=MLm9zKejxphXwwToyKCCl&*O!
zv?%6#KvE8^7U)Ay!gk=NP|1-6%o^3@gFAIEzTOd;xzTaF<dyf(qoq7izr1()oiO;G
zD4m_q_SGc1zW@kA7O%qK&%(W$2JMWwd4=fRL%q~cgW~&r(x&$#*NPy<s{(4KOC^7K
z`+w}>2*rrNH1Iq)D2hMi)>kzQwlAa7eRea%^L=F$R6+hw1to|{snI-KLMkw^f50ZB
zHKd5!&414hwsUw#7z>Z*0u3#u8V<|8U7V%_3_hO(dv=<H*PHFOljCH~d<yoOE-S6&
zVTt|FQe<epC4`{coCo8&InBjS$43GqXRLY7)I6(H+T=u2>G{IY>c`$#iRYJYZof2j
z0O27}^edKbT8X3R5`IU_vJ>il<><AZ#5F!a>Q!u)$ku(q7S)-<ck%sW5R6$6zcoXU
z7H*pV(44Xe<&5Wi5AZv-4(cu*`$^wZ+7h<KwdqP1L^t^82IBl@WzTq|x82K&<J|MA
zZ$YMVcCO2@DJkMnN3SU;ek~l0T=hhzjCvoMjZ>Ea1x-yR0!oMZ?+(!yK3l(3Ok89b
zJ_WG|MF^<n_GnNZqK30%h<!7;W_=!!<qgk}F)>Rf;;k0iP=qD0u{|<(iyJ!GKFLUb
z8e6w6+Ua?AdRXp%q&$niB@xJmYA>|;<LJv~&Q{sr5A+jWe`IzZ%1C$Uty49`A=^+n
zuy#tJ1gAnfu0H*)o;gMAL$(6T)9@kBEMinS_%3x36<op}0KE4n+phwhHj;#654KOP
zx6uN_@X|uUpAISL^Pd@nAG_V-?r+{a5n;HBOT8;w_4X^AXx_|u5;i#{6+E(W?66qO
zb6DlIZ+u7yv=zGn-*ehFB^nP=fo!vPWHT8~=~{tDX6T<ArvU<farF1sFl}q{TN2As
zqT5o3D8z#Y@b7%PsK!O<Q*Mg+CjzJU##cNAc2P#aQ845XT>(q_)qGVzqK$d(bG5U%
zxfqo`!p+3oY${CpvrXA9pKl^5Cj9y*wZwS4PC86;b6yG09c5Q`LJcyqg31KgYz$8W
zwFld*;`_9_Vcqw}dqDQbQ8&r;x*2X<{QKev>nHOk!3VGEQ5rQJ7AOw-k}{ge=@cJx
z5#Ffh|MkNVCQ@vySphppY%9_AI53$77C?y=|Aad~J(I)?-M)K@hrZ?OhTcOf#5B~o
zV0();RBAc(33Gg8KaoxuEf+8`CNAvxTJCP9{JyQ@%O`_>9(PlFP$B*H`(#Ey3d3tv
zm0kj<|LvceN9{}7AVQ(D33cCiPgV~vn4G!mRK3DA7N;leLHk)U024)z`MCdMJF)fZ
z`+P6F>f0||J5i;%;ZT?XaaQumLDO|WK#_RIm?k$4mevgGQK-UYb)*~t-pbaE%j&bG
zSZlm{KBXq8^#eHlf_B-SK3in+W3l4RUzi(D?EdZbHr+*H^E94~dy(t&OV$&Ebjl%R
z*l&s5%-PTiIz5k?2hg0JA<eP&`>&xoYf2+FKMaB3Z0E`}qcRg^yVMHuBlJK+Jl+9p
zbhGUC_%I*!LN8RVq}GL6QLM#nN3RF=J?VDVqKW2C1iE5(7<$rqLEIFVX=84-v<j0y
zJ5NpkXcYhuT#Jm&Gf8SA;5b!McdalUpKu9xI@{C8&Qjhj%d}ZO#gS}{vYOEK?voVR
z)y*_>cX2DXW!;f`%AZEYWdsa4k3@mU(@}T>fr4=WIL`OCGt}t*F8VD(+Yz>Qd$Eon
zbFGggrg|C(;Qk-5Tpx}le6iZh&orTjH~k0XoCw@-U)X8tf6yvl$I2X7H3l2K%7)E3
z`=Rw;VxMGX>;<X6j!MrG;kaN~6XtNQ6vZFg7Knm#spSac{t=cL>iP*Sv4p)~tAU+&
zZ855ML7!m!rni}k2fcvTY@=il@*Y{QNzo{O7_JVgs%Z4mV_k$xHf0}0uDpBR1C%)*
zewjdZ#}<8Aav1Nj+&Tb&)7E70O*2=T%1@wqpp-sM|LR`QErTa^v+n1G#Qv93rlmuS
zX)pu7;4JNpH$c{`5{-{%`uxQdK3rYn52B!}9pd0zZE4T^A@%l=b}pIB@!PE$4aZ=)
z2<@;8+t+Jheo<lFV<KKDN)c0sl>JAR-OqpIgf#x17boaBr1axHmRx?vrd&k-`8``s
zxO&B?vz;9=#ImzRY2<uSk*I-&rhah83J8r^3_bB+QyQ^M6;W_mm8Cpnia?Vq!3$}p
z!Y@~n?Fht`%~K<_9UinlzZiG6$2XH)W{$KLZuKM*n~2o$=ze&i#;+h)^RTEmeh!gO
zq!IpZXBhUIrKHDwQLQKJAp3!~uRMB+a3#Xf@Iw$d_-AZGnQf*KB}nOG>x2Ug9CJZe
zFc&VcMN(uR7t2&w8B;5;sE)r$E>Fwy_*+t{+|Q93K@9!HDw&P?OSBZ__uVx|^5$?=
z>UY7T&g*Y;m9H}ND@D{t8SzoEkNDM4O^N=)EJJq^)*J)S^cdm{L3SqeYM9?2*w2@^
z{t+Lq*5HTm5$D(I?i+f`D0zs_k^8;#s=F@b;7=Pc<QOoD-R?;m_>8Xjc~Q)$BrPp{
zTS!;rs{s@HJy9px=o^ZqRLtrAA?ZEPU)_{vO|ozAN}tupcM)cXOH1o~E>HROg~C-u
zFW*&;T>L$jd%LAJ7Mt!!_?)U|XJeh4$iq~U@*jr}7rfu4?ZTRJ`%zf+lP}QP#;zN4
z|8d^f2BrPx7(c^*982Ppng8i_t7xM>9vo)DtzI-&b;5D%&n8LWnVs!x=6LBZ42jli
z8EM^650PgnuQ6NEmu4yHbE7rjxE%a4;Y63M#_UeR$iktTa$y6;(hGG2zRkF}MuIJ;
zNW&*&ECVbch3xj!-smxpg9|EU^;w%9q8G&Ne~Vf~tBrpyXw)cs)50kx*6;*lGwgl;
zw`W&d0~$sxeb)<IH1{486>d5Hvy^%)z3N@+GTHWEqE}`l#f2H-rl!EFFm2sv=&W)D
z{mJB<T*ViRkv9Hj&HnDzaG{Jmmcq5XWNuctTtP$Mw!v?H<2Si<0Dn~XU^eH=*-~j<
zU0rb9z5?T|BD`|Vm|EMMWnN%_DVcoVg$HvH=BJjGBeUedX58>Fpz6%Ul&0Zk1Xpnk
zAN#@~TlwDCY}K5pUbQU4q2c%QT^1LDcIz;bXLRv#*TDhNR{9-C8cuv~d!Sx0Xl(rT
zXIK@XIc<JSBrB9PMb(cU^hfcam+sSn03tY6ut~7(tde`HJ4f(Fcg{;ZKC7CXX_3DZ
z&!U(+0sYp28HU$d+SQ$OJR`1J(~(L4p?&ZaR*d~WM$iBJ<f$EcI-~uUib!6r3NGLj
z8sq05n|%SLV7*+~Z+00$9~8;tL=7P&R(yQMqv+W>B=)6vAO#T!?N)J!G*s**4Zl`j
z)YI6acQE&)$}}j)Bs#YKjQLM2|LUgDGLkzgVIvaPH~wWuqp$Rj^;6_7&aMVTiEhEQ
zjaZYi?g2>cjZCD!d9Z4jFd}^RVMXW}%yHIY81m^Xen;uu@w&w<z=62gIW7i3Ee0h5
z{_IPKat!7)uY{(f0tkI^m&7ub2?^#MoDVWRdfw-TI@E%lZ6lD_KMjo2H34O>sq3zi
zM~$yxiiw^@Lkj~2$S`*)N;SH2IEef4z?VR$I(1QWs_bU;;I<gh!^!R3ym-$F2;SES
zYAPzqI*TP4J(AM+mEAw{f0UfsQAj5BXUOp0VjP$lXh7)gzhRuQTfLzp(i48sXS${W
zWN{XN&Uw{hf;Yiry!jb?Ss@GB4KXOYb+;R`s^}yH`oDshxJwd90{{CJ_~C6qn(K`Y
zZI#o(c;!17LK*M_ppEmY3+WKxA7ZPi2+p&^Z67&Af(^=)aH|=AW(4fmMCW|sDRvQ@
z@itPK<7~7><Fbe9au~f5q#1~N1phNh{AqNK1yA8=K>XNAIHldiZoC5=*KI6;+|Ddr
z2vy?&k)AV%ey=b>3jg(IqstYU!<YzB)5*pd**h|SoSgNxQR`8=lp*IhI)JaI<qnE4
z8-Zs~tl<)J`Hgx!2>}R18#^4IeE8i$t>eAYxs}NF?A+`UI?71=aH6H($1dZCzhMD%
z<-PLws}T;fDc|4UbaZw!mkLV1VlJy>m8x6M7BIt@1&rC<vKP6yXOv15$}hQVug2NP
zl}W!m!<{UAqNL&Zf)a>^cZEuWZqFC^K+cs@Agt1BSLN&N)+7sSR#6D_yym5T)+H@&
zY|kv%c_E3OYT@W6qaEPd_vnWcn{rvMb(gX+BdX3ms71?_<;KX36;c!B<;+>j8mDaq
zYkd5%4t;SO(JRbO#Z>L|-;KmhRi#MyMngmD+D+Qcm|%Ly+i9g=tMOd$i<v-|SAVe(
zYiqAib{EhVx}eP{N3wu`1rJOQN?-%X1dMBr;JX2AKW5TInRO7c?~p|parhnE)ZD9u
zH*gi5osnOw_C3Gd!QoJW@(?ahK*r<OP(A7r9_wt>_`$4ldO_-UqU8j1*(`b*&ct!X
zi#k{Hk|Qj*@`^%3gB8Rw=9FapSKW3`dy2uPv7;a#B>6!Yzr{xV3TlOhdiY-LK~qdG
zb1o;2Vl@Ex@z~dQ0+ApNGwzj>{=94AGPpa(HgJIlcG$f#HUaz1JOvI@LMGhMTDdkR
zn7WZ?n0k|V7-+j&OgC+y^}|RDKUn~GL~n4`l33{MEk^l(Fb0%Xr|!Y@g81SMaF%i1
zO1_G;cCn-`rcCwn7n{Fc5?(LG;?GJ0(D@xw@KaOH4K6V{^ISp7zlHFmq?vU+y7r*c
zPSnL$?!qz3sq1ql-_6m0n2&PaFOdA}aW<&8VH!yJroU~XyhI6^A!6#kX)1bg+&6*y
ziDXxH5GvVJL2ABEiiY<sx*5{eXezWY#<Ey3g?^<fjQA5564&hCglUI!$mOE5H_fHl
zH1RY^y2kx~rJ4bAyQ(I431fH8Vi2P7aT|hI*Wzs$+;Hwg@u|cD|6nG@mkAgdyg8DV
ztv{q1<MecS!RhRWWCMkf0=S@EwF8Q&jHFA0L24$8>{h&3QVm1l&+oqalWAu+M&0<y
zZun2C_@6CFgCsj@i2Avyy9X2ir*Ox8jP_!wF1`g!reEz2PuLu2Xe@Zjr%NyW@keW@
zso8}FSINsnH)n$-*!z>^I<GB^R61<nJSXu(`52Y!%_0QQLrYxP^xGtFI6B(yB!w8%
zF5f!aGdJJep4eNc-w>Ad*shznaK56He<63Wa3uh)r3InVDyuBOfh|AgDrR%Arx9b{
z=O8_}D^eZg{=R+Lo-q65*(15IXC}Wlr-vKX9N*%lfS6o`Qh`-{3abdn`MKtYCDHxT
z4Ip)m>`^f=b<msLg-Jf!aU#5N&r=PGGzVdc+{e!tUOHVRB6z+itiS(Wb4A7L2n!~6
zb9r0mowmI5!WaYxId#vVt1;j#S15v*{5=@N=+^@LalvSoY2)4ZGThq|P5ZOg!U7#{
zrBD`BiWgo}0@>%e{QP`-7MKOJ1$RMIott>38v8H0M4XzD+Avhk^Qfeq*03uBaB3K{
zl%Y^D^3a>5JQW{=dpu}WlNS=!htk4!+6aFTT=tY6hDNbOYs?Kltt*B`ZlS-41TRxW
z4qKVe>^J&{pD)bg`4l{?@)Ea}_rAYbLw?`!>lZ%O3$dG#Nc6yuquTyA@KcrVu<>Ea
zX>{z@xZP@WsOCgcfgmS*mqED#W}xc`OA!E=CEd5y;o%CRv`{BS##Bg9K#VV%S3IQo
z<`=P;6lo7L6Op+9@*8(llJBWWlD(7<zcg0D$&)acreN-1NB{gh-wh;e#`@rISwgsy
z=GC+OMPFg58v%!ue{<L9r)T2-Ae6w3D0l!PzWB9qY&7~u6^lqWv%*wv2C#IPSvxQN
zBQ>lJ8PdW{smWH`u^wtB%;8C)CHx(@6?Z8QI_b9jfAfY^Hk0$<Jm||XED$OQ)V?|v
z;8#!r7Z7H$mH28W>nylDqq-ls!o2)VcK7>mM6V@6P&>Um=F0x5T>cOm%M$(^)qQN6
zrulX9+wdFt)V=eiNA@Q(G<0e=b5n`E)gCa~lpR0I@QuYG<8|k#QiJ#k0S*fzfyPgy
zX~MLh-E+J*%FO$p_a>kkgk@4_18v!#gP9TpK9y2hum2kc70xbl%5C`Rs&DX5)TORu
zhjq~SEFlvs6It8p>9BT7z%5CDeQFCmPzD9YX63Xw&b}2}c4DS8c7Z+ciiWubyh7Wc
z9l#5IvXVo$824dFUA-#@pZ`NP7A_<g6S}62zdVloqb6Wa6=w<g)olGmDYr;ndvasc
zG>bM_S2ta&$(s0<TEInj*pX%>o_N6clN>UETVKR1%&ZV+kO5BusD1lMu*pAutz2nv
zza&7MOuX}q*cS)fv4EYr=(xuK>%B!{&IlV-0l9_iv83uaX2kkY@Q)!}W}TF1&_m0{
z(deZE&2q4xd}T!XJ~y7kJx|Pw6*gkJ2tS4n!K45#W>6O+3dF&Clkhx2MJSWc5QDHG
zYjK)un!%1zZj65oeI2p0QIRy)yAS5tf7uq<gVNtH>)>Vr_@vO|vvN`3@XZXnRuY}X
z4R)$GgFRoag*5m`rN?`sh;zHNj7@%5%)WN)EZFK|B(UP_E3ifsJbqDM0PeoSZ+Ipp
zPBv(oS!6&k{ULo%<%ca-Oz?9vOJlOx<%YC>do^Y-tuJRWA2{+3a_ee=+Z@}Gps`Bq
z7&1|CpLP}`DnDR}N*T<{OkzJ5G$9Pj=KMtgZb1IBhsUuIw=!WBYdJ>$pUwIPrGJSy
zS4`<ETJ|s2F_TwN>~ouRnpew{j%5fmA~Rs@6!KUo(Nex72(3oPTY1YMoh@Q6*!I@W
zu~XuG)vjS@l2b3!(dP}u`~_^q(%nY*pNGVg#Kut5<)g|{J1!7d6W!$e@}q(mZ|8bW
z+HSf^PUHWH^IC_lavm$r*P#D_0oa@Qo>#aQG*5^6p)UdjKtNFwNws~)Ul6RqDFXfx
zio>(E)IAFgpwtljj}E}HMa9Y7z~rnPxaC6buBV2d960-=F$90^5_nv7{Z?Q)maQ87
z2U-0@i3$fvhQ}xRXTp3xqNY;7_rFX-Kz#8~CooMrO?9S3#l&|X<QMV1De!*X^JDE2
zhv4`B<rk*~bgtV4castNS{vu<y+$l;?INQG@BI?D4|=gxZ0(ZkWvQ4W>gvhj^ucd(
ziObkqSVPS3Fi)`k?@|y)m@Q@XG^T$rklF>@GrX+urqLq&YXaFn$SRi|JMIIj8A-@k
zAuNENgFS$``~l$qToKvy$s`koYiq$igr%sS*P?ZFEOnTK-S#F#oS&zQ?GZwO<XzPG
zE{Obq(9aCG8Uu%J4kM6=DgLlt^mo<b_GPKf+30Ctt4S85|Af~ioOd;TlVS9~jf>B#
zSh)?%={_g6c<>?|RgZ=f-LrB#MVdAr?tcYg#~n>6I+^JXA*Ctfpz5t)+T}=;KusL_
z1tuvf`nB4BHb14GHB$X@AxLdgI0{Nql)uuCEbCPW2<Kz2u>`Roa)b-|wkJ4;s6*u#
zkmZ8bt4oLhmNXE;Q7Z!Wp&)nqcL;HehTx51{POVRSv*4x@Ml8y>b)o?FT*9V6>kVS
z`}dobc=dy$mDtN>YdPotT|U(kMQPSRXpXs&w8(uTb~9JBT~eg!qmaSNl#}J3liCp?
z-Vbt_rW}=QCSV@m_9@~gM7)F7TD#pHT!p*)<K$R4stU`QJ!BmV)%iE$<F<O-g@GM6
zrKfq0FXbO<2`GOA`B`G2>MPP6lPT)WYmO~oKdFKEX5|Es1;@*rUYixf<eC-6^0Sm)
z7)YD4b%4`5Xk4K<(Hlr+u-BKrj-3K)SLk$Rc#736R}O-{4a_2$#oLiGi=uJ5FH~0!
ztXN_7;0~Xm!8eLMm`>6CybNB+oY>FE27BWW;T5wLv#>x!6~g&Nm<5-ua1<;WyvX+X
z9ahYy!`?40(D~jh$tx(JPEZ)WnT)cQN`6ZA?qSo*3N2$XlBa^<Z|O#s{$SVnxUl$F
z_P>$jCO5q?GA~+4#X1>lAEYE%7v*T5bsjv@V^Bz|y)Ir%c7Mtdn=zgHw#=w?9aej(
z?D`{h9G*E`kv;z()s6L8D^!tnKPvdemM`N(zJ0?!z<gfd47w57YMqd$f*dQX<zo5Z
z>~=*pZ?xTd`ONVKB-feO0X_PMsO4d$jpwj7&N9dygH|&(I;X&q1^>ToKH!QBN(H?*
zl~qdA4u(>=?FzaNEDx}ZP@YLNgLZFzEWR1h8T^q+1g#K80#nS#cO7V`kAC(Sl??fy
z!=XoWT}JW;--8cMm6}ylr~RXSppB%na!X$;Uh#7<<n?(z%K;=jWcwBFKA~sUFoe`2
zGiSK_<BN$KF?HA8yr*{)^T+>n()Z~n%Q1GD4j+t$Y?JhDP07XiY{Qf)eb)Jp`h97K
z;yJ+I=Azd;2Wyc%47#N_(>aZK#JLN5#AYfFyaN|KKB+QzS8>vMMOkQO=GVcizHkJo
zY`uWHZ2`n@-Z@L7J`I1GoJ=`69rusB-*hsC-G4C<ef8V&{QRLDG{Z2%Xk0@5(zJQA
zmiPTz!nwm^?L+4mlG%B6HTN^X5!C?zfyxTnm>L_qIeak2OE%tx@uuO00MJ9Z-qY~<
zZxvfR3n>3)1~;|RdcdR!ebCPX<e|H0%6%^Ykn8S^J3IMkNui?Vy>!&f{Q8*}W<^d?
z#*l=<v!CrJ=79DXsBq%Y?x6!`g2jc@z^w?kNsa;96*$9d6n0h}3mVP<4~cpSEb<ih
zfNK-F3L1{L@k_xqPL6F{fuONk|2pedh@95dPBU|mg2!S(K-NZPSPt>8yu1~}_^;m|
z$XgV(w(2*^@K(uFaQSYMkMZEt3u-&(ud4gA3T!;zN+cTom9Q}1O9L(`iX9Sv((85$
zR#qwfjAQ;@YNlF%&&c?AqG_fu|0_xSku^08rL66N$9zprQswc@g_@lfJ9LPR0#E@P
zNWQXDWcTO{TdMtF4qS|tOVy1>Z80=_37T2ZQ=-tQTCnX9_4(mBmihL0Y`O+e)p&qX
z-A*18cn2JxHSVX$y*n{ya24m>gB@y#Nf|I<oRhUUbabf4znvC7fXRAE_o2}?Lz&6V
zu4=|g*C8qQM0AP=pSW)f_9f@LA>bSzDAg($IJ>2f*M}-lz}e)wsIPZ#Iur9@$1qBD
z-$w|2p<NA!pj+>QYa!XV(5`1v8-?yeKW;79yQG~j;FLf7#=AbX3dfZe0tIb31%1_w
zZW+^$hdo5h9z`PXQ_iKY9I<k@)x6J8$=eu8IhTWzHrY37v2vJK7rPr8CR^F?RoR`L
z<z9djdg(v=rVP*}J6|eH$8Id18(@P;nBUpqq(|RsXzVFB7o`xEMM|N-7ZSkc{a}ME
z>vJ#z1hF5#45U~+BYVAFoNj>nI|*9Ww{v7-67Nzf%X9tL=5Zm(tl71k@5zTbZ}f_Z
z&)l!=a;d)P<+}f3PaqFzlNc?bYWe3f2As$%PyRs8obBVYQ8-g)Q+y2bS7f>zDaZ{k
z!&^w9yW(tvxqZ4n;EDQn5_C}P^ktSMYDeW<mIO5qIWnjNJpGTD=#()Ihy%RMM7*ov
zBO2KE^nGBAZ0M<xGb*Qf^^)!0nN?puFqQ-_JVgrxJI&db4SH;yLj}e6z`dox{lN0r
z!s;n=p)+hRMAT+z-eW{Lwyhi|jo+Mm2J$Dwak1JwkADU;7(|{fRKRRiWqK(BzS=yR
zDPH`KZSX|RpXM<Ab#~LY1c?6eaLKoCTXUS>?NDq@Yd|U)y}|D6UYAzY^GhfLKyM9D
zU=HQ%s$}0hjg`gdUi_q24}3LN#n*zS3N?Pl67;onF*bK0RUI{Jur>5;bSXQPa|<?m
z*bXkb$9#O{IQFT}?)(Qdp}9yES0=af47MyequFy^WeR8nTR;OHP($jFfG?j!LtEXr
z)7BO)1Wu`$O}VccG1!tS*QpyaKm%*|QfdiR+6~nTvN(g?H)nV&sO)=cLl+mWgP1BW
z4r++HXQj^(X2;-Y53U)hqqIKyG;&WpoSvFAF|fzmt?2K5EB4BaaEmuV*O8()lrBPk
zu4CxXhe_p1Y9aI*7-^X)6$#9Gew+YC+pgrr3$+Ys{J=jywjzr&Q|_w!nl~lFy?(4z
zY!Tb|lb3I*B;M6{D)Zx=GiS}^v63O}xjuG(mTTBKOP7i|FlltqU^iDGp`lZxs@8~J
zbGC3G5wxv*b+$p)!}bw#*>O49SvC*24{NB#%3VBeM#MIL8i2hek4OdC<sI+ORlUbH
zN6Wn(6zZXD_0IMR%a6&N#67mV?8e7jx%_2+pKQ$4vhew#j7F{wzMWr=bDMSU(v=)S
zj1E2#{27Y_8YT^8uTYfmv8&?@g^S1P;sVoDS1)fi>NKN<8;do3j|d!3i@=V_iAl`j
z)kRwqRAu3^4JAEvIl46iVAd$%>JH^KJ{JfSeepQ_l7q!ER58c&OzI@pZ+jyEz~73U
zS?TbZVdp`3^=$&%WmW0^UVDXh_moN=oOSBh#Zvm|W?AR!yk^|-IzXFky|eKZOWX*o
zoyiTE`h6~&rjFWX+?v_A`{DcHVZdcogg9^VrJ3PbtiWf-Z>QE@Tj<S)_rrFU@keW4
zZ5~wr7T;>m$t->M+hHNLm>A;os;LRk4+4ray&Y$rbAFE}YCsd;yanXnH`Mrl9EP1V
z?|gDPM7KkJ$A~*nQqHL;VK#cK6*m>xc?F;9_t$*;v<chT;VL}eyLjE;)m2rcW+r_q
zGd*-}@C4jx_9SCq><5sNvhD!@SFUn^azAj~lsJA0|HeJ>mJ|h-dEIokremFW!!)kN
zYY26R+UN1})k|OiQWbP%%%62R9y!iv1C%HMUoD~W6tYN#66HVztI1T)C26Fnb!_k$
zwZ;P-Oa6h>kSnQ^R?5N^sF!ZNOaNvy=gQ*Z3IgykFD!I-dGeE9s4&Aa&(wN17<##o
z7m;Qr87<!1cHh1ER7^n@CAdoLcJh3&Ze1|acZ$CeFV(?76qAFAP8@q}`Q`&sjHJqc
zi}!Tn+&&KavArA+Yxy2>nTle#1Gq9FYh_l`jnUv2SNKWtjkhl2qdJq7$T-+LtU4VE
z<3J1E3{*7sED=t_8^7Cq^Y}xlq0cb~cRD{=p0GPTJ31A3ih<#ZZ*qj`6U{=qd1D`(
zJ-%Sw9a)2aEoyJ)v;<PVT$RefhALfFmqHiiph>f{?%y9}L~`YMuYGd<l;PZmxb{}n
ztF<8b0W7=j4ho_p`y^n@|J^~1fqD$>p2RKFtt~}=N76N@w^0pWItD&=K0Fh8rtlqH
zO1(06AA&p_Scj3B`m|6=eu8519~GV0Eygjw{!VD5!UZ7LS-+@lWWD=vayGjI%ZZU~
z>4bi2@jc4XzuVC%#)jd&LO*@;|Il>SaZUa2`&Us=K#`D;k}e6QlyFKa9TFliDJcQz
z-UOs$Qg1|sNr~j7q?v$p43MtT4co|##rg7i{2sqQ&tK;}PQC8?em$@2avkyFNGo2s
zAoFnSRsV}s>5xQ*9C=+-ANOyPcfFwMeM8VDp#k*RAu`S3u}trrNk4KBc2j7A1&ej~
z0VfzO>%JZC|9O!IA!wAF0Mga+FM1j^Z)Zmho=x!h^O8IJ!k>S+&G`EzVT=AAu|3Az
zC7A}UDs{*u(Gf)<Kb;KR!mHo+?aUu<^?-k<Td2z?mylomKeM@9v%SAZ4*+m5VQ$Mm
zXS)duW{2g$N$Sjp0$+~REY1fv4PHQ-k39Qii#{8^3;qP;pb5X_!lsRqf|{jOPmVvX
z>i{YEt!LZN6iUz+e8<``7&C9GV*Ba@NbKQGzcq`AG79azMG>{)({$9mJ}U`rROLSF
z^7>I(DTdG?5{sChq~DtNf}Q)uB&Rb(VB-9B^sa(&5`tH=^2iQ7l#<T||B;}blbGkN
z?AZk(BZdI(r4jpK|IK%K_i|sVG(wAk-SXCeCPKHw8t)7%CfE)INY|rNpPa{|61#Ki
zZD6Bc)W=|u5JsgO$U{*w65z<O5YYZ{B-L_1eD~Ow0t$7$>|$1Rg3B{DzW;7igjJj`
z!DMV<;fhXRoE#G^ZGMJM@x4e*F(z?w@z2u<@d@$VZx%6U;F`_FaE49(du^E3&4rc5
z&AnFV$@0(E>+9DabyA=DRlHVs7?gW3YRMV}zKEZ`<$^9wLee9mK0wj7+}2sQvN#u%
zF0xp7p!T|B1f<qPg69gJkx^CE>>mosRq3;|0PXc3$N8C%fF#O}MJeG;1xP6>tGh;;
z1EnLIOXkKVvPo}v!d3emf7tnooz_QOw&eOi;(kXuv!F0srCdLEN)$dB+$yA|X@nL5
zLLHd-yt>_gHB=<xY-Z)sX2ElkzQNc4Z;@sI#Z(oLJO+`loz|H;S<B00I-U69`!GU#
z8i2f5?b+_=n|<f%Yw#E7mpMT_DX-wMKD+M7S{Dx2yfAwq!$aL}c5B8qz4B#iykYt_
zUxcynk70P<%5ND6Py8YDpu@?tr5kmf@++d%dYAR)%{FNVm>v^ph{dAWSo!Q0b+AfR
zTj|-c>Uoy9Vq_EI81?KRIGLC*Uj3D{epk7^jZ_-EEnfYnRf5+K3^|dP56LDecf+GJ
zfe|kz97<jAWB(m#U*z*A4;+cxBK)l09D%p^fom6lRCX9;cfPG|cdDk~Uz^s^G-U+1
z&VSjg<YjkvR&tUwXul)sb&mY_O7ow~eb6mvS~PMNkWB+Y!I$(_!fFVlvcqEUdY>+z
z;|chJ*4lXw98zs%=A}hO(j6ItHwtpVkk$T|jtebp1ZkTUenstsaN#1|fyuWX$EqHu
ztAEhXfV`xLtonB@#}7oq*t5uLlLw#}<G51^@XY7J*Kc+KvIQ3U_tTR~C)s_ABqAx*
z?<1k-mlM)QfS5_tzjvWx6QSjfBNfddSju`K>w)e^=sp0*peWi~g6UOv8_(kL<`s+U
zjKzBVgahCJL2~C#Q_jlIQrZ9n=0EPn&YeA>(t7izVe}2j29JJ-Qxb_y0zrUIv$DDV
zaQvtU^_-wg4v8;io_=*2I&g0Kmsu)r;XHQ~?;NMi8zLPJ5JPcU#nu!x`FT$kB5&R_
z5ZDQtK7xq|SmL1o?ilqKEhv=+K|51&4&g5Vz4KyPc#JK%_ZyU5vGbh4=V^uv%xM^D
zbR`mRdo(o(77nBd2Aur0(&4l0_#YS`eitS~*~qX50j?ic7_LVAKHs@<vwb^bOJpyw
zc79#?8Nnmk?Q;_%kl0nOt&(x)Mnh+4bq5>c&wgEbD4rvH>h)-I$=OL4c=E>80juw!
zA#kSU|LO#46-p-)-gdARJ=|uvlhzAvb4c-?O1`_a7<A;J=(?kqUi$pqm_{;Z{9%?f
zden0-E@A`s2*-+GugN-=0%)r4f3Szvu@HMV*IsXY*7iPqH#6TS0*`Yx7P6=_c`SjY
z;<Fhr^Y|N)%#fL56(RrD5Fd#(%mSpiXB*m7XPc$tgpGcvsTvkuJx?^~TLWF3f5Bg1
zSvk)+8G1Sihk*zwC+oIQ->+X){D+}~cv-&>xBBlgnv*R8HH#sIklr1G0cf={X1>OH
zHKxucWp75`_CJK}F7++$bRCJ2l(s}2XbMPLn~8wQM4HAA|Kc(9hyafNNzZ%Kur}y_
z&DDC5`p>Le`87@7tD3jIykWH$4}4*)z)4bn7#OhtZjsh6=c^#^%C1#OcTv#t6jsTw
zwt+9IUlF`3a`(y|SI_J8q?G;kF#$jeCyVR#Rn#UN<Hx&)pWZ-kDk9_&XW707?-dPm
zt`(iG0sr;1TI|eU8<<aK_9~zSm2!LImk$cl4~-4Yr>@Sp%|v#F=E{rg|M65K@3tzU
zLlo08qO^g%8Q%sGo;K7C${eO`(^2KNeBTmHu8vxnMa7cv!lN<lPX4DOc-ThuKamvW
zC-5@cqLwn<VXM}&g+Nfl;l$VcOXu-u0C|WmQkR%2rb!6DRjvP^oLb9bg|tej19ssn
zY;0W)(6kc*^^lUKrKMrLDuMUGh}HXFO8^uBRPq^mCkngrSkcs680IHEukwoF;9qD@
z2S$LF=cLdcG@wA?jZh<R_n32%i>ARfr*?lyOZ%W)?J6jHLbz<w7``OpxyH&^v6hZ(
zQkp#+=R2=o|Dyv{hCBMpyjSt#=I%7U<l)eqUzgE}GhK9x$6Rw8|G};j`!Q&9?}}%a
zjc-NUYv<dpZ)R1{M($^z0)TfAw}~hRMU`_6;zY(d)=;{uNGK^)Z3g84&Q^PsRz&fZ
zA;Pbo!P@|WEa@K$(aLZfEpc&iaAk+cn+`(#6Lmjjp_?SoJ0sqtuXinLivn^G_8$Lr
ztxrMLxlSdL-I~AcS@=<E?N5|WB^>l?fv+2&eGG5Nl0o+@%h?U%JWq#~35aI5nVHOg
zn5pI(DyOsMSa^fDztwCg0NzEt)o<mip0)ZV8q@n_KrVuC`R_(z)B}JdatfrD(|lDt
zNg&@nv6}g5f1Ov5bZ5f3W|D8D7X88a0K!j0&e?>su}SQ)qQ1J3@u$iM0S-NexJOPY
z$WU%T5PR_y`b-aM>D(G@Kw&BN&;lF)GNy!sEVMxl_+o!J6gcm6V2(lP;aA>moYRTR
z#B&dx0PqSV={Q>qnthlx13c`318|&(_JK;!9z5i(7V~KSlZ0uz#86LHJAejcv_5C`
zhZXsoYvk$<7{Ado|E@a{XoI>iw<Nzm9TH|Q)1$i);JIPPe)+|6J;)*9l9p!J3FJfV
z27&S4C6|%w*cwva`NQQ{q2#T%f`f(7(!$x49=hy4v?kjfpTrFVe+<)PqZau$@jjHz
zl}bJ^Av&sZ;(N0HC&xpJ?|-%rD8vmabfYb~(tB4yWk=am5KyN+d7oA9@=o<T@aci)
z1l4W@Y)yFl_}VoTu3S#|M+3v7tN1JH^T^>|jLz+V{g10DntXM0s%IUE2iX^Hu<=;f
zlbz>*2albbWGVio!7d)ao7hlFbk_B{V%oDk=qB7^gj=om>He+&Q&9)7_763GE5jjl
z7aII%ODbsb)j_!|MU(PMZLIbDN9cCu)PmRAGnnA$d%Db6iZo&=ax-_E*2qAMfj2Mg
zr3)Di>GFMA?Y@sA1MKgWwgtHpl&6?5`_%rWt6hhQ?*2~Fpj;W9l25bEzME4V{Xkb2
zZ9B3AiwU==d8XWN1UyLsbxGgfV;zDg*n2mZO+3x*Bq~r|idyu`dm0V2tUIG#+vk0!
zqFn9^kAO3hV>Nk*%E<0H#h^qrMep;lAfLIls)MUOJ3mMi<;4#c?2GYO2GwI3$Afo)
z!Vld^0<qPH->e{SE^$_t%G!~Je7E@iJmPGFFITVk?$}0Pq&v^R%kZVI_X%E7$~rD$
z1;BT1>3881+&(T+77ZhW1DC@*=YjtgJRs-6V<vmY(dECYx+i{GE$X*;XT+=5KT)4o
z=Y(Tb61Sk8b?SPoa`15vzoNO*)8?2kE{fgSu?nwxtZZLkc2vO6oHP^|njWjuO#<zW
zs4oz%p?t0lt8}hwJOM)_d*y>S)3L}`t0A6pdH60=WYAu5;d5ctha&lwlX-9ml5#$G
z&||ZB<mQDndwJxebqqs6J*2$WsLwEVa?)Wh<af`!&tr$lk-^_qs$e}O!F#5m`6RLV
z<5caHD&(6IPUum^#T)E8@%LtHQ*8Wu<E8zMPk$iTl7OCVuQP`z-F%Wz$60i^Y6q~A
zDCL*9q4(QO3k;f(Y&+sX3%6cR!{H1c7mB2CmY6rtPJEpXx*ZE@fCf&bkiIbelv1Tx
zT_6-LOE*fJY^khfubI9)n+QGU4Lu$`IR0nIXH5xQTMvV2hn@ls4_HmFTZ>`Vyc_l_
z0_S(V+M?N35aa7}r8?1ovG%6F2z+fl&#5M+(r#gg-GQ`cRgWpUmQ`o?XgVl{M$mD(
z0O%qB&bx43DXA6K;cT@sQ|qW7+zZVZuRzT$nDgi+va6S`fWnrA?8GKWT4MDA$8Pj+
zLU_ZlsiDl6l}F@>x1-6>5;EA8J0TVH%5UbH&7wxIs~;Z%u{an95a$4m+VXE-;Nj+%
zEpBVJ^Tn>&w?NRU<Uw;qA5k7F{oUsMwFWa$3bKi!l0evE8Pe_r@BX-H(;8wn^xE>s
zm<!7BUvD}n6^MkguT~~YUmK3=E~@pmI4lXdLS|@Z-Xk5M9yHBT+2XOC+y_TF;HE3Z
zIU7=v-g(NnhSel#l*(CJ=td)3GDS15xzd8;s6V6aZ%&Zf6A{=nEL#Moy5VARP|c)3
z@eDcSIK%b8gMM%veQRE7@$I!iH9hsaV|c;*w|30`;zVsZ9v0)wR+~0bvTTEgy2%}E
z-!^GS1EOOfnGcS00)JyNDG4loJgW!sJ-nEJ{l%_tjh(I0gM!1LzNG<E$WejG9&-Zp
zULM|fPgg2!6nzk7taT{jNJUl$LMbIQLo#mEcBdltx5fEI`jIN9b-%L%L+`J=Py^0Z
z{SE5|@3hr^S#L7*aL@o8vC&x#pWcyh_-Ti%^bGmUZ{abml220D$EIeL-mN{_h32N)
z_AXAJ@{rDjlC>B~1u&JdN#|mCE}9%!3=nxCj*XG>u_7I)Y~@%9zs1JMt9hlno!q@5
zyOS4xxi1pIFCM&(CH-wVD_=VzumyK^qIu6>cQI0;EkoCabLP7Lfu;dhYqLx%sQAOn
z<;w}5;<uy;_xTB=eYUfe0k6+ttV)221wPW(*bTC48@{S<!tTMKue%PkTSDDPwf@g9
zPc}cc-@QGlJ2`nzK<@E{5MUCJ!^TqT$px^5&GOXY54=KBl3GBoHWbZ0>g%py2&?|}
zg!F!Ly*yOT)_vX#H1_S-`C{ADh;|GZR$29%Tz|E^TFg2|R>U75<Os^=F5T_ShWW|R
z+h!$s?nYU4G)FdN5}!N@kX|Sec$k}O>tEO<;L2K8Hyi#(Ak{gd<qCi`V%udRf&*BP
znzU@kt8}jZa$amPP&Vs7_>Otf&TcNW`-C13l?q-*{qS157ultZkpbO<iEu&7m7_Dn
zFM6iTP=E|OU4m`_@%XakcrsY*Mv4RMcY4!rFOdprH8DaT9AIe!mVbMOOZt=kK{O5#
z-p1Xjr6^c)Bmb!WDsmETC9w6(9#B5q68H?WH2mN@@Z;tZ6|n#ejbVU1Nf56&`I|M%
zdxOvRl!vHT_PO~gEL`*I2&LvW`I&pp6d1j+Xg561OX{jm+Cuyk%3`it8$cifiryiw
zNHGHP&W7-QNObTX!{l(?gQc*n@Gr}yO3Cn);G^3cG^gCo)!=75w!!{iLsJ_!6knq_
zgVQ?Da0=UG)S*3;(q*xb*T~=<ovJ)U++qH0Yk#1>hTOO4hUGI3yCM&<-TGk#%c<|t
z@AvP`A-2qOx-W99VV41HN=4{&bB-&~^^|+bnJ7MIShk@`K%BrUMDl%hL=Y{Mn9yyf
z{m$+BJm2^)w@pa(WLmy$O)#&W9?`RIqVZy)Hk@-`KyESgrU2ds#Plpmo1$|IjUA_Z
zfd|)OgU!#}d*5fLWi>Dx=)I2R@;!b~8TP6|y}D5(H)M8y8kdbo2w5QmqTOG7A4}t>
zT)(-GFw|1QAiEL=Ftm#y^(NGcA=hEIT{dUfyc}7>qjxf03^jL96|FUOy=slyd^!nN
z1LHR@s@#E9iG62u?;n{fX*$3M$0g*X0|fYv3#kuvm{Wd~`wRLer$w6VwQh6tZWs!~
zm08)0(Xk`>9n-KNMhHKpL%;w)b^zl|C33xJfIlp_e;xV#$6S%oh3s@c`vr8>_Xnv&
zHd}=xJ%GF!6xZ@1d;_081IYG(96zLddQ5Rjfdbt)v>I*`1qZu_g6@80KaURGNyZvU
zD2Kur49;t($2pD_K~*>Ei1S9PLVxGu!cWY$xuqs5Z~sS;2RwuF7t}5Fgrj(O<n9{x
zzP2~^77jB!d;0yNpG-%}KGrjJK_XaEz5xk7(=C3Za<?9%15UmKU{`v`N5iVIR7bG+
zGmsAMzsQwUaKOD2c^byFp^oTb{{hyaUq1auTx*6pFU3ZnMvt$))-j1*VJo+_cu@s>
z&N42O@5;Esp!#e4Z@@*)=>aQ+t)(=xKV2Y%1-(V1!11U)X+8lQhKt^v&8rZT+T+N<
zM9}bhhd*kWR5QM_{U>iVv%+R7r6T7rZTH8CqobOKX@d{<^S?wm>Sq0As}fKQ#Jz}~
zavsYYsCs_0{x_k`b&JEJaog=BVk>4f+I!qs`(k~iPLpoKk6|GZ>Wu0SCx^^J|54X1
zd?;&b6nL~(tIbHNf9%33>scMTv(2WWcR4T8o%$@G;*0z*@MUPHv|G&wcNHtoT%MpG
zrdl@7!thKe3IY$_7rh9bz>BmYS9j!HQL5-)M~_8kho7}GfR@?^TCa${Zd-X{aF`#d
zgl}~p^_zQF_HAdfh-!r4xf!+-2KvD$>}E<aH4NA_mkfCI$a+LlEN54tjh~xL6$a*%
z-rvM4{=H~eM-6WE_fHj+$lcF`4d237A_IOcSpC9F1(K8N3!}hgTACuOmpG#S5`dXa
zaMR-2V)(KUUZf*lcTxe|+8>WGxiohaM}c#oW1B0a+gQC4nl*SjMV-z5oiKZPTbym%
z(>yjFGKlT=-9T>(8)Q2jGx!J=#O=m?;>)Gy3Q^5fale`M6bR$`KKaumLb$M@d0WK0
zZNU5gdjWvNuX@n~UnX2cs(l4@XfG=UsQ{7cjk)ae@4~k;uY)LsE1x5+Edr+KccQH~
zi<Cej+qli8sdNe{e^iJ}V)ijF<>AhV&vi@454`_Pbw<pP<R#kTw?$@(9c#;Oc~hZt
zaW@go#$_dw1GW9vNS*k9r-$91*Av1sC45}(oE>?xc-`BzGt#^&Ec)Z^kj<Xwm!uvs
zKi!Xj9F2+g+R*NX<kJWKM;;f|8r9-bS?JvqO=G>82wxY=t8yG+;ss(vMIaF46TLf8
zm$UqxN@BfB?=Q%{yzDYkU6gV-@x|v8Iar)<oO0_VOZuxm;lAhbbi5~Sj7X1U63yL^
zFcgwDL(Gk3+{<;DUs?Q9*3={+?WN@y2eZkvl05r>Zgqb>Md&w|ayFP$>%Io|RQByN
zi_-FyA-)yQjs|+$!)@p~>b|JZUfGX71L2HUfdt}I<K>{rSFcYypkQM`_7_{c7-+)F
zu_&%zN~D`u*&S$y+D*)SThXqcrhAqMDlaDIyx;)zVdZ$XDt*BMEn^_O46Qd9iH^If
z#rA<iWs!JW>9i~TqV-t(6>?SRW)IaaR3zv9H%>$RzeMT#j_<GP*G_&reB#io=1&|c
ztDqd7AKmTP|LwMTFVlHPoBzdDeTOMl-u5OtHDJG>=TU0fn#QSQv?{flxR``T;EDpF
z-8S8Z;NB_I3ZGYsP8}{}8TNdnj}$a!rS^4?f|Ra8Un2DM&ulD~iF4oJ6BBgb#=QP~
z(6u<n-j5Lxo6Nq+(x^r4ABiB8*&P`SIw=Q%u5~#W_)IyxyUu@6CSyZw<Rh(nVLR?S
z=RM*vh=(dKK}?i>N#(cWPfeirWEm+<$gSbf1%LJ}eCQ~ZnU=0n4P^UcIk%R}!7mCU
ziDpVw1Dcamz5QAu%NRfnG}NtEW%4{Ztb4mJ5ECU*eR+A8k_;-jGm^rlfM|cSW~9j6
zDLQ0kN4kkuSBXMoT%zsrD$)DsN3Y**L0Nys&arKrs$2FDl5aVsJK1xhC0eMUjXo;?
zrhfGb75t3-qW3#Y-kkX(!-dK37gWZa(jQdr0z#nK-%THx+3q|`D#m%?f8OvMkVPFq
z?gC|IxI>QFiVz{ViALc5$FR43ZZ2CCGQ*R#%Da!0#DKFqz_-T_?uDQ7?ZjPA9Hb^-
zx|%e1J^G#p-5*OxvirtHX(htmPr-PugBV^E#o9JGY_}RvJ8CgJ@y9%!f?tLVxn;iN
zwkNA<K{;egK?HyEi*vqw%PV7-QTKQRkWvfeRNcnB+Qx*4l7v>nX$~ttXg-&?4=Fya
zD92p12KO*2O^|%z#>M7bk_&&5jhF_xB-uK^KiKG?hlsuyD(S*=uAsrsuNCljzOylK
zIbkPjDuN4mq1T`UaeggVuC+A14Yd-=nCzbNUj3JSZ$^W=z@!_}QO`7fOLFbkS`k}Q
zu&f9UlCb*^j=M$?lh@*+*yD>Ii}7o^dGB9i;UUiZ(iV1@4k7YeC>h?h{8|lG^}k)_
z<U5|K6-eBK{4|C73+)23UXAUU5~dv<f`wt5JW=IA43jddmYqK>w{>pLXDK6ndKgvr
zs!jqq|63s5@@G)3zM<)V>#X0GlOFPo(lJH<ce^-Z$QwUJ@ARbOz2qWr^-&doaD@7u
zjO?0hBFBWnMIobL;&@d7^@ASXG+OXFn`9%(rYHBE*RG*qz8ryh@2LckG#N>f*-#1I
zlaRFRJ3MI=xvTy6s(ELV{KCo9Ejc_Lt7Hv10XiItMW0Gg5gQ5~IF67<01&$I-^p9}
zd57-cSN_|m73^6(a0h8wk|=z4Ygc4`<NR!U&F9UBa$PwJ`2t+#n(R?bO%d8dUb8SB
ztK{^qvy*#|Kk+2=*Od%S4XwfkHcQRKVy7Ui-8~Z}C3nj0-74=SGiz7#CLRHaIp9A4
z<DP|#QgUzk!)Fu{<o@iYCEbZ!A~EUWO9tErKhNInvcbLF^wQ^?XuthfhufSUMg~0^
zit4^byQU~G;^5keU}x^N96eQ5U<f))_}z3RtV~(%egp-=?NdK$*F4Fm;qs}4oYLO@
zDOIuIfdI{{)yo#raxAY+!GGN0=b+gV-57MvZ2kKMrCO&a{dUtOpr0N4?25LXVYRQ0
zjIWT=4OA8v9tDWTv};B_x0J18m{QWt+eK?vfpd&Vlzf9u+@DFfH=ec&c?}jmYPCB*
z?tlHm6|!o!3eQ4wt$)rmXw4qDH!tY0g2e9jSiA17f%1Sq5SxWN9$z>=R%dcn_mIW!
zc!?kTe7+p!IhXzc%C1ccf1o@foIDuvTbguM-9C^yDA)=1FKWl)=e(K$G!>|aPkX5f
zmU?=oY`h0bdjZ@FTt;{k{!F3m^w4nJCR`ATdm%j{&I|?Bl9;>UdK6g;e7w8?Ehv*j
zwE=%LmQ4nku~588sBF$~Yl`VnvEwsixLTY|!H0^1{H~Wf<)2a%e$O9D)Pd%wnteF0
zy-IMiVedA4t?O1*soBC>@@Vo%@5HA|IK*Eghq!gAQ%Z8SGZ5PIB%E=vu4lA4kAI>a
znvIp+=FOt-gWvjZs^HDg@DJ=ppKPB;{cL$d7FxdN{_@w_y*(Cts1cA`$(pbe%q5!S
zAPW_xf$W;2?Y{PX6&`x8I}-;l`}ITDc{TYo#(k`b&elsiZ)s=Q&DRKoIdwXq_9>->
zTyC*3M=PS&tZ9UIanrB?WQPu@wJ-F)p>IQcILSh)r$LD;^5X73;nLU3?|)3C9M_<5
zqJ1<DX1;<zSm+1!CWz>1^6Jt|u{MpehWz&ofJ6HJI@geI14s}Z&8AoOTlG<I$bhY}
zdX3L7<jU|X%bLxEbKaapBEc{<@I}HL7Awp`?8NgV6rLa-7D;*6cyVIpy7E4-Y#r7<
zl0rXd*;}>{LC^KT!*VMD-FBaWp(zfo38FkTn+f~+Clh*=V|a^rkqd(bN@{<8J!p34
zrw-wfJZl^e`XV(w*6^{-S-B+@#<LC+yEIc3ux_74hpGE2tglG9BiFUa)lz30sNaQj
zfCWS$b`IR8Sbzf`MWa)r{)*Sv(2v7fTo38#B~;Lu*9tu?x4+iyt)#TmnT2Jw41zTt
zvuwn#!uaW)6Dk7SNKt~7BVCz8bG^53EBoX2p7wy?XDwAk9YQ1S17p&-TZvV|SMA3t
zDyLfo^D)}+_Y0v6@}DB58HQ*6c^-SLc4vXZ2O=ggL7c%9G5*L~s!zJ-bh1S6pM$B<
z&I<tr%R&f04*lLlOhZ_jv2!X*X~74x!dMv!IH3m{c`=Bu!}pgjj#J&IO-wmrla?in
zcBbPJGA}26_fmg0)!1|CY`bUNJ^Y!M#+~>WHye6jtSGU0rv5y@$89~J|7R>x$tbgd
zbhwLHnwkx7SxxslmUdVd*6>%}I+XXz<I=hsc_zW*I`Q%rX$6~E<IO_j)MW8X^sz+V
zkSlxOeSVD<@7@_i5MbTK2jjNt!2%K_2JGB#wJKP?%`rnlc*ON%h9iu5@HeLTH%;AK
zbX{K3MV%L|4{u7(wwl;!F)k7rmL3jxse`#xE(P5lV<8586&eF^gta<ML6#6B=d=aD
zwOmw|nHq<|OcEa4s+5QCfsN2rep5NU;~}_n!JsF;nf9Gp;phh11w7xMJ+R%<7K<*-
z>3b%HE}QBJdTJY5HE?TaRzW0$R*cuJ?m5l>Hja6O8{#)HEyOlu71Z(pp7|5othke7
zV}J5Is&L>se)l_4-<`Kgvs<4(QE(dO>=tAEZ=ojarf&i-N~KSQEZYH+0zyDo&?~_7
z<z<`L<vx}rkyDVWMJX(ArS7DWr9N~DwPEar%*)CL%Xv(6y-(~!c#bkJU0Y{)uqK(m
zy5=NReVw1trr(?|`TD9}7)kjPC3c@B#zGc5|JU78qnHnD|L$JUjN_lD$`cA=4e|=x
zcb4C=U92ermlJt@ka3zS<WRq8s78g6W-KqGSo=?GGcRQ6UuTxZ`~|u5rhj1s_-h98
za<k5t`-N1i1fCOe<gc%aAU&+@DRirqR^R>G<%6b54t#M>k9H%aO{T6X#FVO0`li*E
z!7%5cdtGf?yx22QQ(bzf#6VQGZ`O2}2&v|6-@$*<PBtI3Yo)k<!app3#O^0Q8@DpO
zy8Gf~s!K0aXiNLZdGW8u8%ynzqlgWYu6wtzb;4F<qFUzB#n4?=jmsPtH0IA16-%nH
z_F%@x?%m&7>nU(Hby=}fGg~bfg9=_|E0nalix}B^L<*mQimvq8mD8<P@tS07B*~G4
z99R>0yC_`2do?L~)Zo>+WVqaS7jOD1Y~=zQeg#;>vW1N{yo^s=D7+z%j7s?MDcQd;
zSBwUcgcb}GW^0+N!N}CFzoLI~a>W9}WATNt#HDf;V#iI8u#GwlnrMaNV!TExV?*_K
zd$)4(qiLHM)w78|)!f(0{eHq;)%TaF7*lFJGuaB{GwzP}lJ}uj^=_*FeXYw8@6Q%c
z9u-ZgSBkO+S1_!Cx1dFXSjYUQKRPVrBENm?Pq}M%77CVUBFy*dQj|WOIDde0?3O<+
z&q`{UA6I&%Q?ZI=nmUniKi)Zc-N?-gJ&0&u;%Bpdn!z}kvJ`MD!A0!Ko!Qrnius;h
z0&zF_-6!L71%ge(hZ_|XY|mDd|KLRmlr>2svXobaSCXer)o%-&Ta+68=TE4kJdxHV
zi08gW7x6C_oRDae^6V(7)lC)M&vr&~yQi`{R89-p*>WZZL)mE%7FG$@f0}4XvH@{=
zf0lags?r<@kqVwlv!uSgUh%t2s$E*MFp?na`TO@(67-ou7w|@fzcAF{KJMPC?h<ls
zjdG`++2#^^?K9W3Hp=PiKo;6Zqvk_n*MFaMSy&(aUcmF|6d|ud!RP1?Z8p}#-;(p%
z@URteb1$vt>IM$e?j|4hTR$hIRAU>odBVpsrOdvOPMMcPs24sup()EflZKd1tc-;e
zzwrn^$D~W!%iR#WxawQkdXs<<+=JazBVFKDF?<Yy1B=DdtKLQ6FpKL9zj_+=Cpd<S
zbZz%G3>+#rm!;3$DaNH`<5_s&^<P_!(s-Kw8yep)c!th9cIBD^_34ihewr-ArVkwF
zNd8dOrUTDFdd9T1{lyByTJVKtS+O`-k+g1<A0ErH*OPbOf}9q$bCRtHqP(oTn-B@T
zN5-TjCfFqngp535oe)+tac=<@-mktqg^E^0Qvo?)4~d!bfrrX;#LPgO;sdIo2Dv5P
zHP8rHo`$5G)gm`*I4Aj<jl{EW(ZF0mXVq-@NBS7FAZ@y1(w&8SDR}TJ_X3C@yyM+G
zdn~_I&+95V2n}fGieBL@8n>$@tFRCgwgT@O3$YG;-8<y=Egv=4S(h;kO^wGYTK)X-
z{1ZQE!h?wb<=>6beid7&T99M>VB#KLT#$CBy_^vE3k)yO4mdej<Z-^1fnmJx(MwC3
z4f{(3)j;08P?8zaz8upX=@h7!n9mz2k8xEMjZ)U6zWqExwhNMDUUDe%fu@=w$75pm
z0THMAb-jv#OYD@_QUAZu^8)Hn&aY)=JP?Wgj8ldL{(LPr!05M*`g@ALR}ev04M<qm
zX?8V56w}8<<y86@dIqPw#XZ3sB$A>Dpey%G3Y%5>9>z$|(BjL!F9OBwid~Sr9nYyi
za05)Q>VGT+VPFrMy=wS_B2hp<Z4B#?c^%`-4ImM4&x4ys+lw2(AVJZW%s2@y;USJH
zP0=xfYCVr%2TQ*@A6G74$d^7}hC)u#8M>s~tFvzFNq!rWK(jelh^9KG78o`=+kX}w
zH0OxE`ufDu?0g>?J4P)R<}%t3H7`?paITgy^zq^n<Ou0mr)h+GpFi-SLMMsE>Uy*{
zta+On!%=@8ag*!qZ)e$}C|$K7EuB!Y8!ru(DT1G08&gX_XY>`{T!x7>b!?ugXG>uo
z_I+!4=p^_ZW3mT&kGaz3`~Y@#lanWFjWaCXZ~u$gy#5q}EP?l<NTQ0>%M^<iuA^b=
zTfMqAK8(Kz?NL3sL3gEp6$LCII(fuMpy{?wH`VR6RlRsg7|ieqaqwhIdA?Qa`Pls+
z+yGOH^nRgR2lmNw(=pFGe=GQ5PAa-7lNx%Lk8!~FcHJ@`rV3sTRCHOc__1W6SJxNo
zP;br#Yox7+UlmIBwHS82D$HvmmJ5nhZpjxmoUGkbS<gt9QNqvI=--X3+vSz-yb|mz
z@v`7oYj~e(P`qB=6UYq6P*wh)PjK36va%Y{Hslp|CpZt!bP=iNj;>l_HTB%hZsGoW
zb^{wOk;`4S3{T=ajDwEnV~<wgYBbWXf)caXp7RI4s>SmJ3WQm3r)51+ooiP47-aDp
z966l)+JBY`62HRsC9BE9Gx+?zE3*|i!lI6LX6|nBUaV(f0aBc`yAOLNee^<P>e(xa
zTm5bH7yF8icy<hs_?+9g#gZ{m!3f!Rrv&S?=d)8%yd;E++MNx(zWlYGR+R5<Uu#hE
z*;)ggz~|+H$6>XT_}}8R5giE-fXu*7OYdz6A~N|?mcPj7&toan(3yp@h3oy-j-^`h
zYV{wu(52e3W(i#Hd&bsd5?EH$sZVRwhjM~AG7z&L16dBHR*_ezxWwqjL;b$jZ1)x4
zxY?Y&#f&QIhd!hrdPKEp%+RltW5<RosFAL#N}l8L7IT3dgkGxA%I6fPaqn4Ik>X5K
zOZV@JjF2e}pKz3TKi|~p$KoaQHzSggC^I>;=8#40m3Vk3j{PbL7fM?VkxUS7p=aO+
zsKTNH6uO=WrrU$_;?jqZCVG8KPQpAyW}JeKFtpz|=d8CA_ne;v(Es;G8~A$@1syGw
z)N!RFqt5t)_9R%K_JA%mdS}Lv#P<GAX<Ol^pOUiyism!gX#}LwD5tPKyPc2qGah16
zYLgsg3mdefKh>mjXW+d+qWj32j#>xO0d;3~I&_aYTEqCVj5zI~NG;9s&40JNJ~M!3
zmrKVzU7g1JJ{~nxby_dXW<Jj7TrIU@dBXa{Z~uMc?p)c0l&ZnAHKr++BQ$*((^GSc
zs{@LWYApXf(WkA1k3X)b7Ho&BsVUe1Q_VPv2y8#q!BcC-2Z=*^M}1*WKdJFHAtTi4
zgjt^nEFpJtgAev(fpy4Jz96AsZ?L0^O1x2pfbm+Ugs)f#huXP$sWZ*KH=a33%B%u8
z6(NQB)U6TZC!DVb&%G;cYMo^(`dHzK>(<W&@r#uJp|k!_qp968>CnsjyHppBhzZ|1
zTw#QEZau41n=uK|a9Lv*6xC+(kh@8hVRgHGikVD@C&JIWhVXYrk+NY2|H@j$jHSd(
zmBq-bM`){Vp=3BnMrx*^EI7T))nP-w+wfVcB3focpYwkCV^^$D@nO>0;ie^<%Id~_
z>qxa#SvoMVy$R30+!<fa=r}G!cwG}vfD0piZvTjue!*GOP*Okat;+!%SgCMFFMEq7
z^T;;|b%MJ^4821BY>g?4uBZ2cZ%j%YIlrhvfzCVYf<hJ>-$jeL-Bm1KKli%`Fa7@f
zX{!u-5)719Q}d|?ew`TVlm$`1h$l5974`q8HT+#SJ0Yk!zu}j}jWF(?udiD#eJ$qF
zF|_eM2QqOMjD{?<A>CXi*>41Qimty%r~qBP=niVk>0*rIv2!a`ptYTY7^rdZo~$kJ
zPtpsiRje69;R|k{j$&5J=h@gTsl=2|&^Oj78XE<#XGl44cYjJ)JAN=~5K^5I7LDzj
z`IMCs6mhma6X7%5U0qrD@I?%uf(J7_{<Wyq*rVW4RV(%IWvU+JoUqBtD8vya|1g_0
z)7+-@UE3lF2u^u4t|~z&43iEHtNEd)06c%7Vv+jF#e&v7$sMPLJgU4CbcuKU%RRUW
zf62lwFJw@=H0{?kvX)Yh*hO6e?-u>DbPh);m3^JmwQ@FgmGw!0-G$Wg)g+z#m7gj_
zV&VbPE5+C1RGd(kfgd8jKi6Y#oj2!agdNTpY!NQYAAUM4J1F91blnr_-j(PG(g)q`
zV@KeuK4(-;f5KVu<YdHG-ekDX$3>2RORw@~n*D6)Jh^bI-=n0kR*EgGVxY&xrcy!+
z+6QJE3RJbsf&w`b!;jdpQ)Tgom@2(=q>5+(e8CTCt0{&Nc>Xgdeii&eb`YBo&QX%o
zXjlE(XG$mV_(8BuI<<ciG|hp7y7!XU_o-W}QP0>{bW(Cdmz}0yqDt^8g-<5<4Nk3w
z#Ov`0_p(WL(Hp8_XCJ+!qhVJ`ROB+PQHgPqeUUpmufoL_!=2b(vm~MPHNVy-!h7v$
z{{0u;7HOnYxBC9S>%jX{Vc{v2E!PCHHr27}7VlEv!B4WSc9I0-eb)^HLPFpIdF5NZ
z((S&JWxO)&ZMwkJ?aoo|-f}Q;qLUfG$rC*9-*ZWHA@ee&BTD-P0rXAOvf_Fd;<-za
z#JH{q^fI)lR|4W~$ID$&m0!9IPI%qycH?NHPr*xku+?Pm`sR;43oV;}sM(V69{H&h
zLz;`gDYQ^mqJ7*T<eEwc#OVR?PRz|>asoZK)3^LyI;U68l+#eh+CJg{=8H#a-gr%6
zQaGtk@}R1x{&w_1@Tml^*29wjiu;gTO`h^Z@zZ~xFrZ*}(t;?y-@`64jR-=8VAc`j
zS{p_(Ib=mpV(L!kzH{!8vHX|0CzYVudrb_ZPu}rLeRg9X`NyBc7<|xi$ZpK*<+`(`
zaSuZ-s|CM0dM-|uwE{>pq=IuEn*pV(Ki%Vm<$MM;6d{8~bVvlwx!=QgaAu{l>)+s`
zfpe)C!5u({27B))l|ImMT2O?l$iy^`T<e>B|6sW%_f4|u-*eb!^CEj0la4<t6@ijX
zJ<9C=@kB4f`KPzvsUKTRhsYkwUBtLixO>lKy(tqUX)4f-Bz`v4hKo^!g9>bm7Z1w)
zdBxw|tcp_Xf7pzHyph9b6qZ4b9mre#*+ZS|R7K59=jd10hToTAvQfKYtW~ZzwUX^f
z13!VDo(rIGWff-jG_;~3>_;=xQY=pU1S{$a7{)-|a(3R4h+Z*p0X80DbgMnEs>st<
z2o-#oeaIGKbfIoN2Y@tE89+%VLWL>WBvb|fJs<(_F~E1NW2RRP7dxX#!}I&izw60a
zvF9a{<8tc2GMl?q-FAjG-GfR5w4>>@#B=g$c6odO;TxvK0dYYel!oO%--82>f0XJ<
z{?RX6RNshzvK~ZVi`@Se)YHGapoa&{jzPk}OmAAy*KTNEltz2a6MfMDGPaILk!We_
z^1>&5eD%1s0YL&~-t+}!v`^eH-eLIm(t-<;K>Y7pWc^T64%hHNpYB;APm`%(9#`z?
z1g^iZ#1$L-gLeGwdO(ZEhFTyE4L{OORf=E%=_g{oBK~7K3~hJ~i?q&C*)KJ3NQ#Op
z8+@(7xpnts&PV1fPt_v&+2rQxvr?)syOywt5XJX+_QS`tyQ(;gUR?aDw$*ZF&|{Tq
z+>J8nW8}7J&y1E8&CSEx#2j_5I@JP-V)&t@MOB!qTI~~qpXS_ub{FK%CE&+Dv=8c(
zJcR}KlV%c6t_b4D(C%?g`o&OMe-VZkq5raDNz9xFHQvhsD%{=TaxJ*_FS~CSl~Uf9
zu)X5hr5>s+Sx*?%AX&ILi^ceT*t$b}`RN$|IvG#b3r5^tSb>Yz@V#h}Z8+3BpVa?)
z6Zo(4-tj%czeecY7#frQ>=yPg^^}LHBx96f5J?YS_v!uO0M3OtG|PciG<upo1#!KF
zY7-g9>9vp+wHp0pdO*>m_1`itfODPY%jws_B&6%!dkZ>sCb3(I1&>%RKpNG4Rl-Pk
z?PEIIFS7ch5<6F|P=61RD*eCC7Gt47GBgy4Dg2LEv7SW5bcZ0;N7*V`$M9#3K2Ew#
z`${tHWvabsA<<JdAEO^Wx>*%|Q%R{+A0W>RXA4B{NJ?h>^qs(dpY|lTn;PetIxjw4
z<iGKETbjD<bXI|1^1grBg$Q<*2Rqfi#$0Q9zm4PC>EPo)tbTY83iQvjanbB)yAXqI
zbYOiqc8~p#>xrG;i)T31IhIEutXTLnkcq9^5vd}!ICd6c)sAdbc@vXXlXfPtT;i|H
zNNaHM<D(ggia{@#GnuRYxuDPCEgLZ!JjW)rz`I7viTic>pF^#_*we!PZTotixiXAH
zRL@}hm<?@<$LpoJY;;20Scc;)dpGQd1M~7;Arrj^wkF!&p+BV<DG^Ihnr_Cf1l9nU
z%J8xcj4yX_GFzVVV-$>aH<!eCws{vWz-7Ffh)K6A4tdNhhf6aD7-P=#;%_$QJ2^&G
zU-|p-bsv+-o}rwHYfA|4wO@QJsh&^Ko(KKE^<VtUHzG*}3DT>Qsy=dhSt4RMaxyB7
zcoF-&6D+oTelk3RO}1g%{&a!4^niir;Q48qJwP+y%jv=$iwM=JGpY2uQ8u*{73X#B
z(#r=}6*3{=cK@H<3B}(tH9<gg)JRi-=jW}t-r^k|1<OV+PN6R3)nyn=h@mt?8_`ys
z94LCJTvs~J5cNg$`2M$AmF5)^o6X(vSSb(?xq{5&xKfgB!qopsEjLZt{*6$lj5|H*
zRxNPi@MLQ~0vAK5wXHezockR(aX%eUS*r#I0!(zF01vtKZO$Z(KUu8d;Wr|yCb`JT
z?Xs!KHbR47p_C%RYvs9bA{sb!BOfX%)7kOJ-TM5Vq{jWsYuUHKn|4@>m9fMw$KsKG
zTJIr0PyfH$UOdFzgNKyBod+W<<tCF!jc-4+Bk9){4ftD=xK*d+e_9M>Fyw?VQNP+d
zxw4*m36k4sB%@k2yH;APmZP0F$4mr^nOF^KGL{hO*wFjk^P;ONW~*Y=j_nndmZ@~}
z?rSL?m*C}LACVn}5|Jqz-z*%&?g~27T}MiW5tm+&m(I2EmFK5>fHsq=-O*}Uxh?lk
z#4F&v68_4G#Ri%!*E-SerRVC`4WtH16BvRa-jW1akS5uBNi7ZnBr4LtgQU9&`Nlyk
zZ%Op4b+)=%!21igOpayVP2^80f<)Mp?btXIel<C_(Hl`H4~~AQKL70(qheNp>MxFe
zO{P{UL=!L;lc~`U?xolJe+G_omrxFRpRSl=%`M#o*G!X_Y4N;!1Qg46!{=4f*M9Ol
zs%|Vt#L`Fw^Ra;Tt?t3R4n$r<rCtS<HUGk1TT@uv*x~(nQhZMQ;gTby-n4yu)<7C^
zR5dog;MtUa8>EcRUN`(Y^huk#tv0ym^m1pn#__x<Me|}S;sG!DxvRFVFe=~=V3M>t
z*ua!_-1H@mL-ar$Q2sB@$?7Z)MCV~6wcc8sO^L%4eHK6mhbsG}R-2*5Ix&&$<~xsi
zl}s&G@L7xiLzX=+WxJ8#F*4Q56&pp$YP!nct9f;KrbGF;q<k(pO2>7y3#oiDHnw7+
zwBi(2>AD9Q0WZg!*2U&d^>kEUb_&M`8U7J&Y?L0RaCb5}@H1nS3BO!(3uoX&n(8t}
z7f`n4=?}_De3Gzpx?K!z=uwz=N1APFvH0bL-t?Jbj%;D<9^~W|a0IPZ+I*mI*s<Z@
z2K6*ZT>D0EK8X-vLC*g7k>XZ~N8iA_-S<ak=DnG*a-+`b(FCs^7PrQWo#v(E!XweJ
zYa}*QbC-?v-W8Lq*3BISS8Z}gbs#?UD-e@E?e&if7A~vt7TE#qP;|>B=UhUtJR6!+
zPZRhe#Xu3^d5gReR<Y^)=Ck<U4!i{6KB{e%eCE`kJ?xjeqclP(zOG%5%C;|j9dbsS
zbWN`KvUCS{^o5mNnfv=%a4;`bDET%SWtaST*Bl9cFvbaSGp5xtnVY{dIUzAsUSE9~
zaH!=C{p^3)i$Lz@Z_~8II-j#3;gfBpcNfnhfc}BX@Dy6{$fSIrYa67hL&v9XmMmQg
z!Xl&T`DFxI$P$z9c36jUndT5lPRQ!q`o<54z!f|VK7x`5+yEYhogkUxG-|!csxLEE
zl$hGzFl*gPzU#^zY0T_neb+&?Lf!M}vMtinUv}2qQQ_HmTliQ|25F>~bC?RIawu5$
z^FeN|tY-vfuLoiWRAeY5&<o+o)6Idxcj6Z-V!eC6ik|u306OC>f2U9&^d;1{HYkRE
zw0NQsN#bU1eo6VO`U`G3@H<lGHu)m3F5iy4!+J;CRjJJ^<L2Vv7x}M6Da*arwbP~+
zU?3l;G}(~x4UhBu@*TzZarhpH>|Nlhm;ipo<9M1vZCkup=+aQHh%Xgb!sHnr@KS@E
zD^;YRd0#xw7{CqOKc-_F^1Xz~njZ@f;bPE|mDCx)-a&s$c1J0D74|drH|6>fx@{17
zaiGNm5^xnY_y(2jfxkR-OaWC@3HJ^{SMlkxfsyv$sMz1S0h)Ae<DsLNEm*STw}K|G
zfc4t0+R68PpqFmJ;Z-|oVt{O&Y;-i-yx_ctN^(%1{aQo&uRoBZL91S3NV2aGzyo@?
ztWFpA>4K<>xRB#*F<Z|)80dP(%#53rS_Ps1LU2=$_UB^}9sv?Rj`i1%z{^m+7OY6#
zB@m&I`CmIcF>psNqxLXgR~X9n{!!^|)S(<(7&(3AtwL~n(Y(A<%EHkx=qTymyj$>|
z@Ae1#%`C9h^+#f#!xl}J`}jnciIRR{OazA9U?kIzI+G#RgG5xI)m+*#I%nh$Z4aI^
zVY?&iW#ZvFM^Hg=%fp_eH#PJg17@y~^#I%HLeRZ)kw0(+LWqySe}8>%bV1f$v0<Qx
zmoisO$U&zq%J=mut7OxVtol1vk1V+_>EeowI<Hug@;eN8IK-zaO~F2^s?N1~AH9y{
zb;{sT-k)e(q`KOI3;&cQ;^=AjnMg@%$PvOOJKFH^wYIX4?|*#2aTg?EaA~(an0nxJ
z*nofS9Tz&S!k(6;BA)|N(MMTuudua_%Ip~+N1^BV^X!!_i`?M{K4+(gq)guyVZMH+
zKSudss+|Q5VzaF#o~JEBYhh5E>0oR8yBG@{j*PU2SH*l@IB8bbJ9inkS;pyXDLPY_
z_}N<y1~l-Bo4<5zpCVUYfv-|AMXRh|Q;A75G3e*mRPy6q;t@Ij*hWLBq3Y%kB?h<J
zY(fr7hET*10*gT-mdoA1pw~)XqWK8bDSF+h;v9|_J(uqO`BpCX-eu^3m{gFp?^c2I
zh3xUej8}MXbKA?3#QTzJ=K-wo`S%^YeFdlT6YmyPUvf{uJu6AeSiM&wnvjgfUU+qR
zJtI2)Dp2m{gNQGBH90<d;GTPnUo|W|gz!&t$Nc05+3>8~_Q}oS&m@suz(cBs>gD6F
zCDvp#i)N`sR>TDC{z0(HDZ}a;-IzxvdO}gsT^VPOG#^CwKpx@`Kcw?TU~h8=<h9%p
zkDyR1-XM*9Bez3m^5?AW^1VcL)HidZ?%iZzRsAF3O+gs9s!$sg(6@+G|Jvw!>fE*?
zWB3rioB}h&WNFylGc;`#j$#Qu{JRbM&YM7182aX;XHmJp&rOn$I$Qh@S!}&7VU7qi
zR5?is<v~5=2*1(dTpeBo_a<dpv>-Ud!{Mdu2Hnu$Aw*MP+p-tR;Uc>J{??W2eelYP
z*Eb}%f_b}%=uDgQW|7>m$$E)=T``s}lh0eu)s$k~*`o~5HM(5=ErN;^!$ZIE)L`7F
z3>vS5UBk6ZGp?&W1oSPK23-3a3l%5~^=y^8{zg;FuM?;4{5Yuy=~UA0)9}0@3E~tW
zy!fbp;?K`jfgmf6u4J1Bgs(|ev15;0dM?-VKfEZ8ttgq4DYKZjtuk^%R!ZLU8^`q_
z6Q9_D^&3INJ(oqnwY@|{%iDarhy7&=UQ9eQw@RgPtIqbo#n6&x^sa-%q{~4@vGNSb
z_sZf=PUF3@1KPr(Pc#9qR04|p@c;d`<@Yk!LeuaBY>!ZPfyiae85CiSZi{7pyopS<
zwj@fg3KsbSA#@7j=p8iGp{xAOecm8xi2QU5FzzJIOcUE_*n7ua?Xb+-a0b-mh1_R|
zJ)?(PhdnrY;2?SVWA8L{i(UEG@K1pEMPcfY2G^()&CbX0`bg@(>~<iA3;^X}t1HgT
zLQI0|IHkoQU4-z#u16|jrv-5$-Hzzn#FuwzIJCCKzx<Wa8A^tMa3`q6Ze$QZcWCih
zhHw}&j){>p-Yc-~zYgT)%r)^WRLT%c1uqwUj~@UFtbgK(SBq)txA1tkxH4(*@tMsl
zjCfHz3-RGriFMiI;AP}hU7l_%>N;fQT%s2ZUq*bxqS9t{9?qo8>?J&5#GbuTC8e=u
zU!#(O{Jvn<tUTY!!y-wX$rhoqla;iIo?;da96jK02k0a`51IJL%6TS4ZE2i~MPU-n
z5$cgMsPg4XD>D(!|E71^Z2PwOgR`(x0^7^tfc=?^TsTy0N7GWH^C;|AkId%nB>h9H
zLNUHsDAu3Vd+@W?>jX9jYyPYCLDS~Dhmz9R|6a`U;GG4bHUd=gVn0}dg*nLWR*sA6
z6vxlFLFO~gu;>+V8BXX1iK+1O2)?*!&VMhF&2N18Ic2SJA*pU5ws5e7Y2)%GsaCRr
zu5)#?%MFjYvl*(kjE1i4P}}(gd$4iD&kMc)CoDjUBI&;6RZlI+a8%by>b!(kR`fVz
zpQJ)G*t6L#1suF&Kc{A&({r#f9no*~$ZhsNzapTQPm)OfvS#IPRmehLN}-2{Xd3*A
zd;8?dZB0#F+~M{%Sp4J4W|0DSNTV}05;lOAXD|Kz_s##&bk<Q#|L^~P8+0oTf^<s?
zg20rPkah^dNI_CSIwp<OkW>*Stso2pq!}UI-Hh%SJz(4Gx6k*S-`T%AJ7;^IZTIuO
zug7(t^W>?Tl#dSN;8=odCLe`OFhqbTJ6kA8k%R)7@^b`1crAeScnf_Lbtt$0jsW@F
z)IjPNFKAvb=uT~j+t3Pjv`XM*?JTXn;o>fkQE~aprX*{qunW)u=Ux4}5Bt6hH|dU7
z#G7<L4dkob8h>iO$hNrtY9gVsHqw<D4=vPi0B>Wx4aZbsOc?DYx57rJrS(ga=U7;j
z_qJRQN@x6H88sB$g|(l(vj>>GmYCjJCg+8ad=LwzJNRd9e(+6+si7jrAWPkg!DGnm
zRgt}CAFe%A_vZcZ10|QKG+Z2a!Z9K7q3l`wJuvUFWB7&0#5s7K6U_m^3q}p+?`6y$
zkw1>jQ+ICZmoUf<n5TN{de}{_IR7cUSP%^RL%lN*lH7Lmvack^a{dnuE;}R|hNsU&
zMxVRXR}N^lLw3rQfmMnQNYE1N6VG5$D^q6a5WA)~yT(D0yOVvDOtFNsSiLqzcQz98
z(VY^36vSf<!RrqxDHBET(iN|w=4zb#6zWN6j22+u-~Ap@xaxJv9>8;X;y<l%u0zoJ
zJ$|CZYH<n4om37BhS&ESDcx8zZv`KNmH?B?!v~`HpbCHzBTw_Z68c=PRwoWO&DmRk
z6igO^?plY@Y9#ps!~0Nf8kIaKEx$LmmmMm-1^>Tsqm4*&h!xN|4gZyk!MUz&akAMx
zW|3wpgeS?!U1i}bq1Ti8^#eEN8~fTK^rp+TtTuGJ(}@*{m#)bBeJsxoPv=o_wD-;M
z;F{}dHww@IYZ@eIB9#n8iw33OV>Xn!YU&S_=e|5%MQ*wNv&x#`<FWl+hr{c@8c7_f
zulljmD<7DsSJLApVm4^$zka0p?RV^M=wuo&CC~>yITIeRcku#m_I<Ss-^$X4B>R1(
z_oGqYxJ~WI_=F0EBl_|19RsC!v2Cojj!nt?8R=NsAA=1@f7s=n;EfcMp*gvwWIwhg
z0mF^nb?A>11*=^45m)=ce3>%s^Vh};27~~irVI%r=#1@o?6SUqfW5ln-)XvV!xgi{
z2a=e+D&^GR7!5^XsW^15f{%Wdp=CSL?1hTY(VSb1#76(0-0mz0UmEzNgT^U_;cu<+
z%8f<u4K(utzr1Uqcp+Y&V1WIoEtf?4;b-cRCcEbsp-1NTZyVKzp9?xy2KX;TlEhLn
ze~?>7_$7Tj%0_p&QlKIvqgT`;P#x0t?P)CT9UWPC`j%~Rf*4{Au6SV~2R1W3s?@Kd
zN_>Jp@o)KQW^>B;Zi1bNtS6nT`dIX2IA}H@jx;2_cBq?^v{c=<@?H)!uqZe^qt?ng
zq1z<m79cKam@QGzXi67{v)vTqC#~77^*nlpe1dujI-sxhC0gR2n9rU6kD?agr?jE?
zw9IY6@DcdItI1M}!I<=<<=TgXVbuDjy$%je0s#U9Ks*d+2ijAr?_Zg;_4k0~UFH&l
z^*d11GkJJ63}Q=N=aqVSI@@eNoVt%b=S^8+KhVKOW;f?JgKCGi-NTB|v%;|x*Y5I1
zJOsXy`w=vQXHMmXxUbxb<o9yawu5~T1qb4}q)*47-~|;Aj|fUpGmR%O`NZb5nv^6F
zxm*dKgHiFrKJc|NHS<}O@QsMoe7D++38g4n8VjNz%@$SvJmx6VxUl7Qi3ogl97u1Y
z8f}pWP<wsGqdOjzZY4lB{AOPmpOCC%#<v|U3TCfv=&tbSzg#L$>dvIb-VUyDST<c;
zV91oKGQgTL#G$_JuIPA55y11N=i=20lYwoShW+>TmG(3en`fzCO78;7G9mPFNXoU>
zxAEZ!z`?{9L>N`nY-{g9@%5vIdSmKggX=T<Gj0!2fI0BAkq{%EqXReQ`TyzK08xd;
zu@N){e82SePwXpy(xkexC*HeOnOnYclZis-#jE@|Y&B?~d%&PLg7@3|=VD3ldgT6`
z-<|tWCmH_hrHf7+TdYkNLxEAUKrog1y_KjZ096wK3_H6lFntl*5Bmspq&LTr8a{&I
zOrkQFi$uaXyMRB1@zReLozUlBUYS|sPw)GTYG-yWa<XKe=>U5VLWKWB(%&FfOn?8B
z4O+HI_x$mabRjXal_7y#jdu2V(xO*Fe9?^N)!R{vpOtbXyO!vaV9E}b2R{W;LB>sV
z!WP&gzD}Xsp*wg_OvadPv|L3>%nwTY)wSXO#TPD^dt76VjG8*T;Z@1fg$nf*PFx)_
z1EAyM%iY}RhDr9|c;?>aQgQd^mF2z{T(BEf<Ncr<hY4WyL|{F2g>%~@+AzkNnUHFd
zO1S6qPKTZ5!FGS^vv;Xode3rSTHFRYDJpBJVy+_cN0v`yCj9BSYQUI40Ym(~m3Y~v
zb@3LaM;{)=;aH}IG{h8=<C!}{Q+!JgOK)1?B0V&Z?(nCb(8-j(oV@lNV{`A3Si3{N
z{0Y4!nbg;K<I_~MCwGuc4<sxDECkjL63_`(m;C+rOR(~p6Jh_;wMCNe=KZ$JV0Xvw
zuv1jmr@w}M3{#_@Fcf(FZ_wkM!4@}m8MN2xJg0IeKPx3dZQgb?P{<J9j&(e9_2om{
z-0oe6Xu$)zkPALM6R@Eejz9~Ev5rix3`MVq1!qg;I|%EVd|{3@&WcCi(v%fAU2s;n
zL@U{6#|g$#iBDL86O`fwXAG47xPHA8skG9)fncRewJ#uKYi|_{)Jx?^X)@dfmiVd`
z0*HpWPG%$A(df!(aMMEF9-6V-a?t4ai%OcP)OK)|R6EEt>0^M74CkO_MZ)9NN7KzZ
zPvvq*Rmh<^@PH;!4M`eN<byl)s%A%4dUY3$lva7ztnL;g`c`C)wqb?M8oa&sDwg!w
zTWh+)Xv3`3L}+HNXpXdZ_-M26TIIQ8G7SbYSscGNQ64q;fWdJ8NCa<46oiIie&iI*
zpnl=VM-#)bpXM&4)ZR3G#Pvl*Nj?i4fBdjLb}r9ER9aH2-w9`Pu%W6r*<v^CUbZz$
z!fp*Tnh^U}HMKYK?>#@b<kh|fjGw}Hr+znNqh7xukxmQdcVn0QT9rw~cL3^7Yx*}?
zYMhPhD~yH}{8Vo|bQif{=uJd{D<OuGdbHPfq~@TVTc8yWOeMkyKn`4Zj&zdyV<-9Z
z?_aLsAcTX;D`5)OsgLGLCAUbu8bQUxj*VsigkCeeXq@zLqwqU>gf@M$1goPneT&+^
zAroMaw*@$Y^ogV4q1Ru*`yIna4C;@xnMPwi#40!jq)murf08I@$KCk)Jb27;go(WB
z5!qhDA$T<mr7CFgthIk#7V=)_0<(b?svbGTnLw%7ZLl|Yf5>(T-RB_))D2)d0=@yY
zv~iHLqo>x9L9{TOJx>1wQSF$@pWww8&tyE#^~-ZSp-I*)U@EaC33mrGFRi?W>E3}}
z%sSRF_zjv8wVI@T)a16pNU^l(yVX8Kt0MCm?>b%F3@;Z?<uip40Z%Xr1|X_V{2`~Z
zALmM?hi*Qcw-0`}Kk6a1L+H7D#fkr4jgh~zw)`8kdIQo}oH*Ct#AM+Y+WAWfRt%^u
zwl_elq`O6JN&MMA>#}~VN|N}+U78mT^%J{#rK2FT5_I~S%jMwVo4+4xZvUORJepG(
zh8jG39NphR*EDf+>q~Q&cWBl|1_PN`RaOfrgi5*Dcx%D@nPWSXyn2uBwa%*u?8d<7
zh^9~~-TG46@f7|5q*kxUi-p0JdaoC8UgAxdxJJ)anakTt8S-A6AIiQNC()(`z<OM&
zaT|_(8-4HWml97zGh289hu3y;y@owPX1Af6ELV%p^f%6tCw)S4jn=s6dk`Br6mM<S
zFoVnOBZthCmMs4(xQ^Dikzn<d*B2gf-g5(0ZS{NWNGROBJY@c@|0?vb5A4#__ztt@
z0R8VHcjh03WE?H5zWE%v<G-IN4rc8<Ut6zX>ua3*R?t>^hj1S|N$`&w+ybApPUyaK
zTkBXKS&_$z)Z@CcwlYUV^k+tQBA<iZYFMi)N6s1$B?m?U&!r76Izqcw_Wm=h-)gzZ
zQN5+Y={Ny&A~ObA8_L(en>Z;Z(h<A_6v63UAc`1J<D0{U80P&lv?YnhDttZ9r|Nn=
z+<mQolq0}kQzoCfn+rR9nEa-m3fv5`8T)YJ8yIzhYy_zI<Zv6z9Klx`wd`q=@!L65
zfcHj^!z*k%bWt@+^g5h&>iMjwP)lw{s^IMUpg5zJ^6DAD5*2~D%u>Ac=Mh}`2N#en
zU62c9-+cESKw?j-*ffS_P*A&}AK#<GvZFMa5tHr{Q_Z-Gn}x@*x1D~8h_(|AKmE{|
z&kVzdumFhN@mU`=I<BRcEk1wM7e_DxM02`mV`zZasdPs71oK;o2${l%aOCU5UKG?=
zjf~}P?4z}W#4K4*O!s;1LZP_2o%1#nbcCPuS}g$)dOHzPibm&2iZQ;a8EX>lA1Q!b
zp5q^8EgBE&#+GknXT^fJrRGkXdyvf?-lJn<n-W0HJ0W#ClCcF5TaFtAjIrrO8xziF
z)2B4}uOBK1$tEjIaM$0d3>SG?FA50^%<hkl9~I?(p!N4$qWa15kt)!i{IHWjj4o<b
z&UcqbkMO@l5xskw|A~RL77KCV9}b|$fIJr-`@c60k6|ai@2OIFM%N7*03Mg5YgU5#
ztOSR-Rs|y4Ci{7!&wRwb$yP{(ka%sMFY_$uMTo2KDE2oe*g{Am*)c>IVGw3Fr(CS-
z{)tS+^OU%*701Dp#m5g5oYJ)&MBP5p>xJP#2iLui-%Wl!<L3Oi@n+}vGHxa5kd0bi
zyhe5C46}zbXcta2V~ycN4?AH$T_P0{=j&^i0*9TcymG$}l!}5Jukn7{T=kz6rQs&T
zYVeOjajt(@#HSIyp&idRI7g~;Msopc0<K32`S4Eb%cXF7-@Wi=T8&o$MwM5`0^4JM
z;*AfD-RFFM;5>Hq?A~m|If$}8i}!6#Mx33(y;iN3{=A?+QOHo?*=4%b0@Op#GL4#G
zn>-lDT-YTypwK#9CvpWgi9s-oK0oD09!RG^1D?{bDTM_XuNej6hj}JKgw}l?^yw5{
zk*&cH&uTDu$6U<xlHG>Ls?eomj@QWyxPh%78T?u-LIj2@U#=MCw#D2z_XqA{6$8+*
z{JhoHUskC)L#3{&(ijCV&hw}TP?@$Uxdi0rFx@P{!l-~Tmi9w~&6UYZE=PfE>mwlc
zyV57QLog&nFKG>R%<5)+;#U*E8bo*rjPDOT!Ei}v0>KfBPN<0QryZe3!<hUA6(A^D
z@i4{??RTkE>b69>=CKWx_p<jES8fhFmX6P=vHp}L;Theg6N!5HOP3j8ir{9&>Bhcq
z<i-n(fm%Vyc*qw)Q$MjBcW-+_3hIS7x~Lakq3xF0;$@j=TOHE)_E6fs@XdJ<{w*bd
z!9pHue@zvHo;vEb|F^7C%XpQRqBI1B*t8N1STX}kC<ykH-M21?|77N9lBOdyMz$yk
z>4}k|P3^A5Ad;tyDCZegKov;JkKY<#%v&NZ-(eiljHP2CmIU_#^0x^Y<vTNdbjY}|
zxqh%}Vy^71n!(bWueew*>li#oH&ppR?714t3hzRK2E86X5XWD6y%e=xq&$QM@Hg;<
z&0@G+$V*Ure=WnF`SBuUCFvwP#$(Tm(%sb0ZEEAF=~Q_mk!5OW#J1F=HnmmXR1kW@
zb84m+^!QpUs)MQAAPapd5x$Zfdhx1+Mw)%@e#_wae!Lnd=j*MA4{LDBn1UH#IUhE&
z<&<-g*i6!izY@HVQ^ptUsZ7BC;X$7494-EzT;Nkpdf-wh^q5Jn9Xn0O<5H$4r*xda
za$h*acu(ZUtmQ-0S59g7I5ydeOre{!m%83DmeEpYxsTdFio-UHz0dpw=>Y|97Uo|6
zoCH94rZ9v}@nYW2i64ejFma(eJ)d`E#p$Hi{Ts}FSs;1{?y^4afHghW{D|W03?+F#
zTe&8k*Cojjo0C(((oRD#wS}DhVc_1Nc~Z;YJ~J(Nq2r9aw^+-6A_6}A&Uo-l$aKm^
zrp(FH8OoyAH293zr1}UGje9GM|46IxO%rM}s1$sr*P|dbSx5My>C^2n(!SP|sD{jT
zh4QrkN~e^Ca|DYWDrr%2;Nx)4K%P(69tz*1MsgvNf_zcygydfPuV(zHJF+YFH$}^6
zsBY_l_B?bZ^xAxi$iHIGlZA5MabEe&&6BD71u>_JMo&NdqP~#N>;GAO9=R;n(PPh>
zi<xvku&YK4Ml|hojkwGperwGm?tYS|#lzn>(ck#ZW7np+;I`JWVW2fz#Rg5zgz$zB
zDPb$dYSi3(w4_#IF;TvQZVw>2=4+&KE~^|E7fXCw4C`=JgM~ZCfw0}Skm^wevq3>0
z3yKn?-rzFXLrL>EiTTLi>&M=(1Q3IV^6tGUynC;?V1_0aL#5bC7&N#>E?(Zm^oy2s
z(>=+Zv8d4BTkraviV8WxDWPEqP|2UJ9P*{`*(4_!{ns+A!+;w0{t5|J@6BD7uUe_d
z>T}p`lA3TCFiYPR^65MIp*mi=9e@(GP)}@BB5#7|Z{}mi9tH-q`%fHr>*E2$GN8Xj
z;D3O9JiHgs#RI8ZNZl)7I2rg}PviaiWDAr&<#a1A9$|C53HHPL?i=gDn)L+nZ$`(r
zfA;is?^a$0Fix_aL5cfi#aApR2OQ$L@N?Xws&Pq5`RDph&&}SO3o%r0ksCWX@c0Lo
zoP0&AGyS}KrD%Gtj>51x@!R5Hqey0Xrpy6kr@g8?Bf~XXsEOssLZM%%*cN!6zleSw
zVql*s)6mq(-{RZhTh3fhlsV97N-wE%`D=VDpEo$et7@<+A6On;=RaH%wt7XLQuyO{
z@bIMb1odeDD*19H@Lw*bMt*GNhL~EOpsu73H|EOAM40O&9ZFWWU*2BJtdY^f>(!4m
zHw#(BrT=W>e*la6f`ug6bc}?Vm5=AF`g>v`3KFhBgeDL9hR&$F(8WgO+_X8x|91fl
zH%eln#GeeeH}1MOCgGka2IqJ{mw-5WWmv_RC5k$V0DjJZeIb#p`ERQypQR;GmEGoA
zdo=sWy*ke9EgLege)b-<bnI0m8HQ{B=5TS~?Kk3Gd_H7ChILnDDALW+-yYgp4DlQC
zHCl%d0nr_xjkolH9>|-Vt)S2Chtys^&Xlu>j%v#{CxzY%r)hg2jCtR=FN2_fzmd^&
z^ieMwbiK_()@|0?u3f(MLpw%*AVm9A>_$JA5@8{9v4)8+63d$QoBo*p^GSr_>4_9Q
zmb-x2K+r(RK+8DF>U^zi1TAxk93Mv}_lX(FQ`0DT`CI222-$(V2wSt<pavP8J_m&h
z%~^uaRr8LERc6QB=O!wrhF%G7=7iw+TwqOWah7JW>~N3NAg_!S$Bq3#dOz%OcYQZn
z+Z3?)(5-Z6POUo$kgpW_Uvj4ruD~skk)iJJYluyUejoF8`%2H-sFcmPeh7ODDsNt7
zGx4z(#*`Q-a`mwGbLNN6MQ_63RVDNvr)9PV_#X956~Q3>A4Gerjd92@H@oy;6qpQ6
z1WCz`<ra8l_1`Fsp!}(+hUH8Dv*J9Z%r&(0@Y2aBt3LXKsa2PJ{Ey!FRt~)}%PFXp
zY5oF?Cxolz?K+7b{AoEK3c6VA7^gF>Ga^O2ZqwtC>s!xNF{QuJmT&jj?G>o25jlE4
z`^Ql=W69_I+nX0pB@{lb4~tN`|84kYnIte7k2s;cN^piNe?6vE6-a!cTwVNw9Cd~^
zRq=F+V-T^=>17Z}lZ-50lI>nph)`YN#l(yZNtuw_y!gfc0IPO=<I5KVcg5W&Xc0KL
zBE)Jy%aC8eEPf&@;Zdgjf0ZOn0%w;+#^M#<pC4xXA-txSBzmdCh#&#qIicHDsh4=w
z@|uw$4ar2#ylh;dAlL~|?~MEL#AQ=BQ`~JLOUkXh(XA_d+wvrg(;CQnkCOmrRn$H;
zyqo!JIla{rBi;MhBBR58<6GIQ;+hqfZcq>M@vDO=hBc@Y5?$r>Dxw$)&TBYpvx9h-
zG%cqR@M6M&GQGt%g*2qQ_hag>SQ5p<UbXnT#JAf22O$<TGAM7o`OqrC(i^37U?`~%
z+)sL%wD8x@I3%t#Hf4(bM)1qql+39F+JYHPd_?hgm1Dn@;y3rOh1P+Lg?}Fknp`OK
z+Z-OlIxgi0$b4STm#R9BT7X+o^u=+(Va0ywbAwbZXnj4Rwno24so(XwzU+fV0@%4a
zIZ+Sq5UIp!dKDcBXU+ih@7CYZ--M%TK?GQcbER1ZBm5V+rZ0#vx5s+Dz15|!!smk3
zjU-%0i55y6PATy}_xKz5{K~Y*A@76>X23z~mB48^1k>VyWm<YAL5BClvvK}{>=e5`
zDll2g$X@J6XjdZQYx9qXky*CH9L<gQiNY72GG*9uaNUb9e+a|{%Fu6o@3V}<2CJ@<
zKr)x^f!O8u1?b-Gs?^$Um=jpU^FZs3OFvxJXRJU6ivGvuY=SNG#^qd$><Oz_JS)>W
zf|ssBCTHib(1o7zJD&+h6?+<rjdBw@L!w*I6#`kUKl#gG&s?0$%AzdQ@b5kXE5rwW
zVf0W8QbQe>RLEbW^7v2);5%;30cFSD?HM!LbT5k;z$E(-9ARd)pA<L3LDoG!8DrdN
zB<bE&;cpUCm&_d11;Q=^ve^H+uY3Yp>|#Hj<`0JTE{m|5b5h*WU%%IX@Y1a$S!4u)
zOkIJq#=-p@nkruXqPIog!7<SN+vHi-C-y(G`9c@=gO`{>ZR#CVKBsPA{Nx!84byP8
z?nDW9hD)RSnn?cqGE*;d>S8M=sA%wJ@GEejeH%hQ%Z5v|MK8vDgs&^}xvBi!pIsc)
z<XCwmY})_$ok^CDvHqoS2%6wW`+IEYfA{Kik|eM2#|&67G-_h1j%_sRh@+C=VG^)3
z+`rtJ%$bl_y(2`o@3xe9t@<5bsLdeP*-~;AXGnh&I7}`SP7;Un75fx=Miz(LBo2U}
z<(AaZzlF8Q@e+hjyZs9aarc@8Yhml}HMkr~96HscuGW#|fEs-AZj^Fz)wpi9K~WxW
zgE!75nFIbIqay3TmWyaB@Pydtn==NyIfZaZc4%!2_Z$MPW7na+&x!Jn$HmQYX!T03
zAS%w-rk5OQJs@7N#w7f&YuCky<8&*Jd9FGAqX;ZR9_l)T`a|Ue{jf!rbRP1*yLdSl
z6~WL8k%op!0fIa5sXHGBD#kX!^(LMFV4<56>OQOrP+*Sq@T+G`iY&~^#6!ZRKWUz7
z?JYChM6T8fYW`OJkr=hw-HIOV{)_P;#rW~5C)4AlxJ?UgAHdZS{~;d-p;q?89xqw;
z&FOSihJ#k3ZOUI(bC}G<|2uYMbouc|O@HK?cL|{WfP1HQ4>l>a+)n|#<GyqPex*I5
zDGz$`4$w)1PNqiT2=6rj@vpVqNdAK6jqwa<L8Gs=c@)a5fsYgZq*ux^*kcAcn@*2K
zBK6!xF#^|F1KSQE(={|FnRR$FjK%9x=@RYgPoX4N(#m*P+a<?M4QVG(Pt(b%bw$$#
zz=r@`>|<9oyIxQQ;CKQ`1-_oZX8`~?4U!)t80P+~vgt+q+t18!`(pR)@;=E7>(BF-
zXPV;92bYrs5wYQDwPt89lXDvC?JKJkR55-x^jbaFnZjeQG4xnN=EY27;BUXXybWiH
zGCG&iD?!4$;}#o%->~C5AR2KP=Zu;&501s^VC%C8hJ(I|{Bk<^J+wg>EU4GBap=BV
z9l%&*bW&@*$xB@&C>L6CLoZ%*N|Cd1*!ggo;UrDgd31EW>RwLxoogSzT3xti&WcZp
z0eG2`{^n9Fl1hkC#Z#=Fj!?#gJX(y$-BKng_&eP94DYf!8Yo@A%m>(Y>3dQziQGk?
zk{mm4e6Rk<3m)Jdu3q-Pa(8lDumG}THv*}}wNt)5v%3GeJM=do1lc0MtgKB8k!NWn
z$)S;W0Yus=dqGI&rdMB?clERk7N)qXRU42G+FwFzkzRGHma_{k7MLhTIFZcPdP{(7
z9mepe<Gze?=+RKL>K&ElmZY)i(0|J$SKyh|Bl(0T>Tki(MyB;a4kKLnPe;xk8|0a7
zm*u~L!4{i5;wT<*yRNp&VP)xndcPOE;{MG$f4n07bI4KP6!6m|<g$o<J+&vbdZoyi
zlCF6~x!@%ACZ<?5@s-j3+AZS-?xm_$N!eo|hmAph?%uj(#}i3#cfJjYlqe>k7uNhW
zf+Q-yL~E+F*YdlzTFWGVCazOZAf3V@2W^8@io4S{2+Q3kip40?wsd!+6w-{D^#Z{9
z^*-fRRkD`4Lw)LfM7@dKh7Wzz!U*%#ofJ71vx?EouyC{?z}ChEDSdlBaMSD?;k%Tt
zrKJIWt!Vl7-kkaL3>#t4{yC`4B=UBY3jMQ{;)Q`@Jh<^K!`$nCirf5LaJ)7b+}r9h
z4V^zJas=5Urrdm(oy3GjM7)6ne_p?4+m`BHmtICJH0Apk5D$2Z|F(v*$^G0YXM3^a
z>>NzYx3saI{a2MSwELI_tyI%4zGSc=i4k_VdyXh*&m?J9IgXbhPek0Q7y*0;$ojAQ
z-F3nV;D)&$PBXT|@)xNvdO1(_E4|WjU+r4H$c>ERTK*^xv}js2y|K}Mp36l==3*to
zb^=XnXc~JwvZ5!zolM?~&q;16I4i3P{qk1D{}7x{wvZ)1Zi^`A^;2Gi|3}bq^h){L
zb8X*@$+An@TAQ`h3tfin2o-ley8@0Rfs;P=JO<|JUxL6df!FRgZ{)qdVgou`V#HCR
zLiax~U+<ra7bOAh5W988F0IM>>$aFTKv;fCIaJ}^?q5*Oi<GSEf;Ry;y)NnU|DX`e
zaKFZO!v7hftUdWw><C~b8lCCc1D^qQr%MjIU@Wd@`*PORLH{Y<9$i;gven`&-EyW^
zFD31Slf%U$zUVkioa}px*KZ8O=K>GX<zP`dOjwdB#r10&vn|A(BWQ*IhlhCEQB-#^
zz3Owk{?l{&TJngDH}Ze7VqPT%mL<ILBmlZ5>vffgGw`-ofGoLxM9~2co-Y$<N+Dx|
zFoVDz@9#ugZ9SiNj4QQUOX(W+Smf<mw8ufbQ|Uu4ZP0Seoh|l@w5uMN5;g(rvopa{
zn7=tkC%zaS{B8FNQ^vyOpa0~+_kKITP;o=yoH=bS=LtSz@9LQ3Crac(@3<@L6XC`j
zEqW<I^~*4mwkuKroYju;etcTUO(C>irKonU3vQk>UBv7~n^`buT-;LGCc%gi`jjkl
zOljLLf)~cd$_9_<TDYZz=v$m@>)n0{Py^4p-~{;FXUvC@Mdj?(qZ2U;D=kgv#zol+
z1===`>01%<U08ec{1;oKfN3%2SUS7CT`MIH%HASr&Y%J2#s?PUK7&8UkEdw}l@p{^
zk*m=0r5F4_O$pdnE|Kje!6Np1>T|rr&)7}4YuzToOm;q7uLm`Z#Ee;XDM+ydv*c*q
zYE+5awplV0M+1m45D%8&&zoFK6d^JR8wZT0)F@*8b4yuIc8tqs^p(^8<Tp0vmB9oJ
zzsBBc7hmR_Lfus1({evW*%w`y{ua2VVaamGftfbOI}2W1$KlI;GPXGgHJ21Ry=~wm
zeQ)81O=$Lmr56Rzkn7PW*Pp++t)0)slxd72ALE=b%Pp+b-@9Bkyr@T#-df@(c=~U_
zJKg;4Q=?X?(F{?x^5n?dfI_yxbYyu3w?e}z`sth5cKWt&-Mf!nJPdm;eDIgis+Vlo
zoRgXE_kyjkaY9lr9%}N2N`L-9?Jiw8{|MH!?>j-8<{XD}uE9M)blV{w?6amcd@7RP
zP|FPSNCxh8Ze%NcQZSM@3nkn=-J>m~FvNniiM6Yk_%DIH-x=gr>IJ6EIQ&OVyaOYO
zzzq}<ZyMQ%${)2sdYP3!Dz74*m7(LSjpNc(c*$3sJ`2jao;}OE*SlO>d#>i_Jgg#|
zaB)awO=!pWS(8fnUF*GaWH9mwe)jU@JsD6Mbf5eI3`g_zsW7;kR%hnm4xZyF5}4S#
zg{NiVUaLf$hrCcZ?k?dL?u`12SKQrhQhRkXNJ*vq+4gHvF|IEoaUc8<aSS;r6<HR~
zZ;2NdcFj2qRXVB<`hgqXYJ!upzFx4)%CSYNq>)q#v_lo%iP+PYUu2e;!DHW{m@Vm9
zN*u<WkYffn>9B+Bk4U2*Lh4`2CD%MELmFD<L;1`_%FUXSd~V$c<L`&w{*CMF{0q7I
z=JR|8@dOF6X&J9Mxz%NH(7m784I0_dxmYn~fvm21RCS#%I7O`%M-j~;u%AyFUB)V?
z-({j#x0V<alILvfe;7Y46^llOjaXFc>&g6Zc0PMN1l1vn>~8S~=RB?_G{<3t{VH(5
zzRz;XI}vs&(=XkOrn%aYzBPUOHZg1om1}C^WsZs;3Jc8JzTrd@J|kyX1~ut|Swwsf
zW}@HvM|>f9O%r{-wR5Ha=O@2>?E251H>{dipXI$_HSFmh>VR))&%zNtJ-EnD8uU51
zfL_n1p+vg4gZk-&(&@sh`BIHUt_R<yqzV{T2PYHOz?Jw{zdj<DD9*qT==%-s;xym+
zrNC(+Vel6~z5F566CXroD7Io$%Ds9b_6Q1%0svl&JXt3k2xk?%K)&a^9|tm!NyUHN
z0(!5Z<{rkJlw)~E|2HzTnMfo^0FE<fbr*ReuEak)I2Q;?93HsR7a;-VI}U+>-&g<B
zp`XkQBVu3fgZN0zua7yEc%uq*@i|nLqhV^iqO9-#7{x*%M}0d%sprDVXVZ^9F@QQ&
zQ7xw>O4HIUGn~6yMb@+TCR$EoHHa{Q(+^J*ME`3^buo2)h>0z!>MIM)xr+IU&Se4i
z$CkH|ns=)}fZ{cim{&`qcUzfj_>#9zr7jA5Wt?Lp^mVCyuj=Kv2shn*LoS4q=;{gL
zKdVZb1v!-a<!*e;d<X168s~j~Q>j#?KF_tDnQ!M#<O!#g(Mk}JK<UkA+7sE{&UK(d
zmBxo{R*^H*jN_7GWz*xE;(f$G_rgkK<lc0Cs)!D?o}1Lso4@Ue?EPWtPVb4a@TAKR
zSAYEX*Br_Xu)Wu)_WIPG?DD3ub)040z@SBSLd0*^x3oVNj%NQjcp{pQGhAlqX(UE9
zYX0-MMQ#<K_LEG<X*k89f3ebk<FUJ0mg@1z^4HGAW^Ab3he(w#<Ss7uk)RxfNs)#Z
zMNK-M;>eTe^h}aJ<uFo~D`}f$T%lL^SAKwrQ5hxn+CM8mpvSu#jN3YaRQC|M3oQXB
z?d6N>afD>(<ImTM08uR=!Cf>l*#41det|R6G-K=>OmTDQIS0n{ZX=9uQMk=Ead90%
z{X$3*y=H#^@2>QHi6r0r(l$ejGW(F?R~s`LN6|`40Mk8ZBkcHKJ;jmNsYeX7$C3!6
z>}nw1;^^ZcsPBGyk!LH6+Zz75ul?g^X68TaJmG0Qe7{Ey;`}8)JoCs@vXDIiA=UAY
z>8EGnL%EA8Q3e~e8E-Dj%-0wVUY+;NH$7iuz1D^XcTaX!EpBqImpsuvo8Qu_yi{&;
z**?6Ps?&te>?;HNI^gm*WYb8nKtBm0kZmOqL!M(m9EqZk|DFDw3<!w-JUro>A%#$_
zc^%-w_7TzquvrR{_`^^KI+m~AmuPXaDpb&*gf0~@pAj>dVjBF5N|3V?)FtSNU_Q%w
z`2$T0N%J4=o^p$uo6j8~$*;1QvGrIoArz203_UQ|r%@SwbX7Hi`4z{l-L($Mk&;Hg
zq8o-@duB%6F~!WX%X{7X_NTJ+RsHYhb1wzw=cwl9Zn<nj1#*&yvpuih@vok{n0ou{
znN<1}@}l%!j)PkDqyIZ8Kh8|np#eRDw!ed*Gc$2rK9|dn{dw!*^449?_@X9geTCmX
z#7HRQ>Hcn?dB3LRlCR?T%@))Syh*!MAWg$IpY6Jozbh^Og{I-6$5iQ;SJKXb@R(GK
zz+vHpZyes;8&4VY%gPVeQ}qi>;t0Ol;1w>+YTuk`{KC89@486*AXWWaMVr@hjXVb1
z)vDzd%VGRiSu$=(S<&5kQdk#TEl+7;29ph|z^li#XXWYcB2Yf@6Zb#cBE&EJ`M030
zC|a;%g-+txnf^ZXQo2~w$_tTmFRvx6)UYO{4fQvXpcK%kB*w%YRs>$%4m#S%g!tSq
z9`ZSALN1yjOoq<)#(Ou03T1TtweN9<Y_KL|Il<8*b<NZb-{XvMmyl4u2+hPQ_Ctl%
z3?t({^O^vuF3|W}u^-feLO*_kXbONRPfK*V?MBxN=`U<n(lqs4;Pdwa_bQ*CEhNPh
zgL)X;J~~42=77#){@kuitI!Uy<{%=j>=n*|rOGv9!d5X``<2RLkTNif`E?v+@SCCU
z-J9K&KaPV#n0hL81Csm~+t7ONjp{3(sSi^`>$yly@d}%P&w-EXuRkd>Z;P9ehm}4K
zTSq9`q=ByP>dVtpNcXtiEMB6nBnHz`i{B7j100>pCEl=GuVTzRc{K<%<yOTtjeyJv
zYXXl6AeblX`jEGJQ)bj8W;Z9vKaS2ui=*q_oq+Zio~)cuJgiyd)<~r}Fia^OVMA-q
z%>Tm2<CsZZolLz><z719O@^9KKk$}5{a(75PH##Ea%`1bcu}o1Na*#S$IN7d*0!Q{
zo4}3ImJ%xX^y{F)d_dw+5b{!KOOf!H9Xe6mdVw}#qDoIp3^JRMyE0mj>#N9A{$93$
zyX)ca?mY8XOyk=^KqF;f0f~wX({m4-Try4N;D1!S`*KmRPO7OY1DmMcK^ck_Q+-VS
z$~p2bg^epzN@^d)S$u^V0<Vnk1M|C!l-RHN=G1GkiJ1ZquW8l=U_rZDSF_u`8`)p7
zD`Ovxk>%#<W9FbNO^*?EO)0YV4)I-Me*)~P$vATF#Bg!b^ISa(wUy*!;TjhM3LSwT
z^6%ylZlk^xuY-Fpj#pJb?@r?_m$EKdLyLNvX9nurI}l4xc`2QsPZ)VwWWPG*q`I^4
z#rzey0VLH5f5I;A|9g7Wo)kPJTH(wkDDYd0d0X1d3Vy=PonbP~^D}xhT9r8P(eBld
zmY*!f@$G!*qyM5?*}nP5w;q!MV~N$zSxxPQ?B(`4q0qzlOY0QnmE*+09JOUjzaUNZ
z<)uEj05R8Dl_uP8Rd?$Q4Q;sCa%F#R!gfJ(tk34czn^10(?vzQ6Yu+qYvw-EbtYVo
zX+eU#Ia>A)5HP^xCgI-j2g8n^i1*hErAguGzBj8jo;e4*eckYeF#;C527icv<X{vq
zPBAhqRV|9d7N4XduRSU>S}+6amvbNzU&{kFyym+Tx0!g4=Bj7soCh;S3$!ucPeEq9
z9q%J){$Mcr6m3UuEBd>YILmw>jqZ2OnAacfwo=D0R%yxslAL>8iiJAqDec>!42vc;
zGEM+=x*+n0Ql>k!Q)Kp1U_E|HSRKZ@Y{)BG{6eIMDQJQul;@M8WCh%vJ+3X>*-qo`
zirs%r59n-*{OR6NuWdhe?_2m-*^4SK7bY}0MiT=DhVy3*W4iJ6%Saeq*-l9b_$M}C
zD+1>5Pg?wi;M~ocT>N>R_}@ggkUdKcL#;{ZKOIup+)5l@7*i=!Q%R14jpLOB8~S!V
z8&ff6lm>xQE5EoS%S?xuqd98N`S{3QBXEhcQ&ODYE_q_39Y0Y?4%cMbU#O=*P~zwa
zE7?7l5_2&&F$-a9Z!kkA@N}ek250c<=o@q6PSBs7!Zik0HRS-Q7sR&tJgUi>Ho4~>
zU<jYzk|F0w$JtraC1X#|D6{wvo}P|i1;;M`5rH8t&2Ms!VX&pux_sIszs48c&#On}
zKEfs*ft`r)U(t~4xyKc^wjG`k1=G&oR^$9iwZwPyA>4ABc#T2X@dJ`EmV3k0P>y0a
zOaA#@UC<>*0vOLH@+w#W`Z3xg=0J~QouB9)y7_Ycn6P^SkCpR2Y?Qk1CK@TbnB+;_
z{UAy{N8`r4CdRV0DB#*d7M-{DUh!M6C;JI&Q2TNrZIY@vAkuBe58sKWC&2gZ%Cg+~
z6)w&)CV~0buL?GlU3j_A|JI2Tz)K%PYy*jChJFD0pV%V@{|53VYfwv#Dro_Cav^~{
zt8L&`Fake=NhGJIp^2e7g(lN{nQr|OZAhEJJx8xPNfTThvzoTE)W#k@<Wk{@SyLQr
z^llPNjDhtLvMEL0L=$bQ97i!c&_|=nYlfnJp7{bN*@?Jbytrip?=@*R_LlOE|H{o<
zyPNGTt8~8DnV&M@4Tm@PgZJntcU*SbYYVu$XkL8bWWJd2p3yqVp0mp4sAI~Svk=K1
zeHrRD_nY$AL$=PYgLF>vAhAAnKyERj?U0XZP2ka3VtqFiT_NPx^)LjWMc}cTFYPz0
zRsbwDh*wl4uf)>^iu~vPkKd`Yz5|&L;v?#YzQjMdDsAZ5;Vgz`<2+mT5y{+iZ*5R!
z4|7%=p-w-|r2{2gd$<_&46QbETy8wO6=5MEFTFZ1{&Vu89<yc>#_dvxSy}lr-lc#!
z?9hZn2PsNx2uc&JaXgK3<0!JxplN6ZtB$fQJKfV;S$>Ljd<m6%IDlXHdf(Iib%IRC
z*OU^ss^`$hl_SbDHn>{1`J`YP7FDqa*Nv-jeP%Q8LVJChGzV65DVJ+;BJm?rw9^(Z
zQFDD7UhKY5CB=}-VdDD|wzM(a4pOhQNJ`=Q1+4UmfqIo_|MJ_TC6K4dGe;$eoCrSa
zHY_q4t)->3mAv3UA$>`C=LuVCfqF;$mj<-t_%?)=F)Ov;l1J5{v*bumUD2vM^Z-@i
zFa0u(Ud(xS+hKgVN9TwyN2vCxuU`We!rnN~1eMWLy(qoQb#KIZ$veNbXH?ul5X!vj
z&T$>GcYzv#X6uD8D0?}M0hA=5qd~GK0#7x*-JIOwpa1p}NCm#hmc!J$iW7To<97<R
zJOrw2b{Be(K<DeQ2OLe^)1gr8Jf46}s7sN@vujG^{$ko4z&o1ZUYog!lOxP8zIKA#
z&%0mvUtMxYuv4U?z6R^w6&=5W*3&I#6fqwd`NoNVZE&y2Ef6H7+oFNAxL%7q{?3BP
z10^OnDu^Y@^o<?2eTpn^=7^A+bXJr&;gmLcB8O&4OtMZM6qZQ+MRD`pVdyz?s0Mi1
z;as08vTcJmwDSGmVW&q>%!2i(U#r1Y+`(GUcqv;42Knhl^ZW1OIUE2V7X*Gw_3VwF
z?BWG9=+XZ89pd5N-O8n}|1PNid5_o4?op1@6L6b5zl(FzlqzeUn&nj9bDD=+;-*>R
zwJDFammj}>drBwTXI}snNR+lJj?DXMPlfKd0A57e6m1=9FL!d{L6xM(4`n|W#6T4%
zrmCGHPUmY~`;!6EzE%aLYq=HJphlb~+}f#sLvY&!??Ub|n<@EAZ$Y+>A{RrKt0K~s
z^z2SRxns!p=|1fdmk_?D>2nnT7VMl{?cps~TKo>TAuiAnzl;T+R6Nph7QO@A5=}T2
zWV$Glr6v-rS-I8L#TBT|COY>%HB4_+92!u*vr4l?z-|);4<mpJEQ~LZo^ixggC>su
zUo!|7@Ckipa<ip-1;Y(Tjfs?+Xk=I0n9Io~Y^gAjb*j+i&_ox{2*f6|^|v3zRxB<o
z7n*7W8pVPD$zAm<l0a@XET<E7a+H@7kSzo>UyqG9NJd$%!Jtsg{EBBE?J*uRt$ou5
zvcyw}KM#=sGfOS`{)o~Kp;!7w@#ANj6f=`KmtQUr_x1-+_q>2+{czgMsTQkwBo;W~
z)vnBgce#1k{@X4;s}m%*8vMyln-KifYo%C<ygvJ6HnSxuTU#@7y*vAN(etku)5Q(d
zsIu+dxJkt-cHh{k?5MkEAc`*IchN-qWfpeyiMxjJ23xLBWB+!y7|rkeCv(7E?llRM
zzd2!4F!N3(@7n+cQ<IP>qVD@*jADUX4{5Ns3W$DGiWDj#n;iUylp^JuFsW3-Pb_+n
zyGLQ0Vsq`3@*3VP;x>Dc)dI@G!(~F#WLD|eK5Bi5wi-~P*dlJ>prJ`m550yxS+4}q
ztZMO&JsGde<|T6zSN2D(<~%ytn{xB_KI{VhTKO5V&Y{M3O(@B4iP&AufAd}M;rbcY
z2DJu`7Hc^*8GX7olRKh$t%0<E?SNc`Mg8j}sy}DL?zK3N{i(!jWogXp3et9Duz`*O
z#}NxW!wecumnpUok;<NZiVERfCFX>8w{!#i^dN5SR_}T;#V=w2SHz}`-OFh_FTQ>@
zD$C>bbSoYls)@N_C~X<{)9vWtKn33l?JoNJ49k|+*8Z^T7V;yi3}>?|c!IceTotSk
zah2l4*Z1<uP*UhSi7;J&E{^H4x+*rNtxq@lEBbAQ?|?G^(O?amRYU4Zvx<qAytpca
z(#>>n_j@%RYhbUPjnVmBCFgwtOK5@S(**hyQjivaokE48fw1FQ#+k)n@B7@3By7p{
zK7jj^c0FBIs+ir`cjNM{Y@J-Z?>wYXtrrbsU0*7zotnC+5)FxBBB$YuM7|vqA1n8U
z6etJb*&Zk{X9cY!CV0hgug-<TGJm{jBVOq>^T#%}n|{Sn1l<1gap3*T1n76T;vG(+
zRn$W^qKZ5xGw+@%Hw)<L3WTCtlWe9jUO7<bfNVars5ml^Eo&$b-quChx|-S`H=Q!Q
zQwh6}rU!-|uzS<-6yabtHpr(#PaNTL&QnRPN)o!Me}QHu0)B(beGnGt&7;$O;g&2D
zg013EoDZRQy;5U`Yz#vwyN6rEiIx96=$|vgZ+*TWBC&*JCG4Tcc7H{4%F({(32U#_
zGO=~6qQcjIuCYLLduGUYiKxX~I&*i4B(hpZ{C@G4Kpdh@fbRjPkI8?C=XXP^p5$!$
zQ+~a30}|S~yMMdqQ#$I7kuV<7ajZPhy{&c4j=)}tlVu5BpLP2?q}TYo4vt&!Lwu6x
zO2J#@-+E76%rTKqiSgq~q7$XcS`)O_U~}cIz&f%<P==y$S1^y;H-J%%sz3HW*%_Ir
z2jPO0=X;YEvdl#spu+!^biu#aC}Z*-y~Q8pWK3v&nI0M9|7h~>WHcw_=7${TSOp%B
z7Dx&*Km12*@=@J~3TJ_>!n@XfdUhKY0t067(v_h2HtN^SDZ%{>$24VnW&9ik?SN)!
z%vb{8FGF--Kd(F$4{`;%*ZhSvn6MA%Nc8N!eEju=*e@CB(Z0EQtlKU5c8mDCQqY<d
zJ0MxQ0X3$MS9LICo<AA}@K{HidkxLC=o*DhBIk5TVE*?NgR;^^etDx#67PQIVpfKQ
zB+&<<F{)^G`~zH=ryw0A=W+irJQeg3uYg-SLsWsRAAaA!R7uD(x7&fp`3whJA9kpb
zCDJ}99hcxEWesZR(cj3w;LIuY$%}Sapp)Lw=y>oF&!4!tem}pp+BKx}sh%ylW`H?;
zi`kc7L^i9EWg2O%P&29yH)pFyw|^b??|(~>e-Io4<zq1jFU&sMf!PFDwAwi{DKay^
zOt=5?;97)o_;<$O(FAP}3RkCbTBr$C91kFrW|McSE#LwYz45)oW#7tJLca*_)<!|X
zDQ>=u*qH^+1xDk)PK`XRdjENwiJdE%11IO~UrPCmxuLY=O?gv~=UZ;Z!i+X=x3l>B
zbS3Cyn%_s!>LNc)@L3cdTWl*eO_YsmES?W}@QuVauVWOKICCZ^S3)8bg52^*aQ^;P
zJF}aD*<}|V0BTvO|8&L0HiD>m;3@}r720T?!};{Z--jtGZ?XD_vu;{^ovdPmJefAH
zm$f1+$No&W+au!XI6nnE$7la?u@aeeIzEg3Fvlqfo#FK38Q6I_(tr5`CHeG3fIi+z
zd}V)2;Ysmzh2Qs%t=NytxmqiEd9&egIy@(|Ix{Ei-Ml`QQz`V#U%QUJx4PG278ix0
z9iK`5;)(>C@EUWah?d)qRhJ|jrKNtcEIq|N`YzM`b)Uu=G<SL-f!tIf?dufLF~6b!
z$T}Nn^sEtt-}{)MTW74s;vXogXmyyfx8hSmem8RHIw{zfU4;o@h`qatRK1y!qRq+b
ztoWt+j)BU-a;@^olYm{<+!%eSrn);D@G$|#rdeh8jL~+(cJn|^q=M>jlO6&9qA#eP
zJKeB3Pkxm9DOXSJPdRx_-o({%MV%UeDO)Ul5Qnb%Q7V}q6M;&4F_@)016G}Wo7#<G
z(iFyCg3QC6=!df!zB>RG7`OR{>p*PVZlY<ayR>Whlh2QERbAg@IAYQBl#Q=TK9Egx
z7)A9IiOoCspE18C8D4va=Rx{(OEO2k&=A1agb4qPz1vnlOJi*qxuVG+w5g;lod;?%
zP;~nGbsHe{Pkv<iL|@6~!kVk@b!pN})B6GYOSHaVZCj9w@Q|^9*hFJ~;=hj4K{H|v
z{KRwUP$<rH@N%j#*7lb8lX+m}3oU0f+22=U-<}crKR+jOKo`9N6rhOOqfnOUszSN;
z{ASbn@?tc!s)%Z1#VVUmxFj#o`j1k9I>%E<#!+Kgo_kS9?Dz#My-;xUNU-ZO{hozA
zx{R7g2a3g?XJ<~)WE$>MWE)Z*zUwr`QY7;bTtn$bb8V5ZRl_+8rFf^i(ZQSx?Pvts
za(FtBSIM>8$T=-c3B@;(azu)+FyG11cUu|H`et=(r$LoYx-F{Vlj};cj@*pZ7^wv_
z)!#m#2zL~wux1fiPM2Z4f_C!LDjNi2&H=(tw8M?voxnBrwM~WIkbCL!AJEC7=GTS)
z+UyQjS}Y%rX^3nOKf{u=UwVKlzcAqQ^MoI=L&e!a#&;Bn^1p>d4*NaK%o~M<ok8^`
zg`e2rZ0e7Rdn|kO$E(oHQMK3pJ()+y8+}$h4-R3T6lFXkR&-c=!U-cbuMMr@PTjCH
zX{ZiP{GW;S{Kz#w$F{~0Dev)REp}JVz4Tp>&%u8P%;BHA4YsYzP6zP!{yosf)%&79
zW3HF4#^D>#P`NgZPhYa1eol&ycv2d4X#YdxHLHvpq8o)dMSWDZd`?62wMR7Jiydtt
zq%f?u(k{>EIK2q8G5q)7sr|nH$gH$#+T{(^HRKBG?O$dznrr!HdE>KGZf=)x672Pt
zPGlkU0v>(XMF+CF=bNnebEnD<kfdNju<X{lWihgfeOwBio5##WYQ5~xZ239LZB`dG
zeDwSWjN=JnPEl@IEI;dmke9&w`a4VbVjZYx%*gF4*oIZW2E)vE>H9~ta|GqQ+_ULF
zU0-XEWcxjuBN~e%5gJwO?(Wz0IWfaLkuq`{m^~z^TJ%^{$gVd1p^e(<EZ&2v#R8@!
z$9T}fCI)ws{1bOn<qS1cBf<D~s*tH7Z`KI-N)3w63rZq;W`LLa)BUun_#w^qX}NFm
zQ4j-798D{<&O>fzx-=ErK=xUORv}w#1^EmQvb-6e;ac`%*Eb~{<)aM!=NPm7`AO)3
zI1$YxLGebK#rh%9JbC!`72+{tknF?j@OR$Mz_|AZ?3ZGhU}Ua{9i&+T|Cnlgm?!T#
z0+ta5b5(b}L4=dsyr1!rYnP=ErVJ=^V|pE>Cp^5y{2gM$>9p8<{UwNB8ZBZP&Y{Yi
zIX6;OxLo7B;%x)HEBk~lb06aV4a;a#q}pNq^m>+a3a{oF{M&8qGl!()(`wvg<wN|^
zccF%WBCereRK%b*{s3C1&$Kh$D9!DX3(WbRwh2tos)=l)8bugoY%W{x=Um&2XNaAw
zXu`G2Sf{xZv_g7N=VRq|DAAqaK6vZJ%_+n}?P0#2#sD_oM{|}kyZ6HQP`dq|T-Rh%
zA(?AUs=xDlv%B$AiY)?^4Z59io2`u>@x{Szx7nOX6q9iC9xLE3j1%pCjY36`jtVp@
zRDunjzeA?)-zwP+Ieq&wWqmz$jFye-()v{HruzhfT(VrJTmDcLeR-I7q?`4b{6wzm
zBGs4j&8Z$fi2b@=lgUo?9`#Q2=jU~8p%k(x(OY_<(UQec9)17O598~}*Sc(4IbjIF
zb@iZ!z<7@1S(@oc)^GZi|HspN$5Z{k|KlVnl$p&TGi0P}4l*M$$|fO1b|K@GnR#qw
z9W#+Vl6i1!vLmvNJ#%nyob~*k*ZXt({mviHzt8n}Uf1J!J+8-nWVdU7&6NP8@38al
z*Cv$lj$0#yoMvcED_%H45|U)#1IA*zNH~-1L)8U1l`Q!&n`}IlW^;m)NLtx=X0t=E
zZ-mtTu*Rj9jm_KN83oWV6HZ?ZxieQg4|&Ux9Znha^&7v|CL>z5jZMr4r4r0v^MMAC
zUoAAhV%@mgo9*X(<d3~xzg%5PJRYVQzq9as%_rA>#X_v7wLb9|{aqLQAJ<=XtBAfm
zy?>IB`bPkZ)!jdQV&E9=@cKk<#+vnWg<8bL!ID_>%KY>FzYVwuw)L}_Cv6lU=yQVC
z@bxK2MyeO1zMB~tA0;!L`djpoQr+}~V=B5;ODn>_Q(Q!$-%+1@Op5DIhf7`!Kr&hd
zBiz1)L$J&jq@*YZ(_@+sNr~RzS|@e0!{~EmZXX;>V5-sdWYUa_ov+hB>WG}eS4WFB
z7tv3a(R=s~gFW24UX2_vl)m8Dm}g;rU7jsMYV&}fLCD`(BtO!AnoqPvzL^sSUJXx1
z+5Z5Q@loSg#&2&R+W75}H7Z#1sJ_T^;-746Gn}_ek}LWt{&&vsWMnAnk9~Du044yv
zjTs+;h4TW`t@waLIaw|B-#|+#fMAOQi&ik^>He0QHjc9jYD9YnUCUiwdt`69pG4==
zC;avOf%}e-7yXtD*TdWQecauW8N5`#XL>tm`Nq6`?_BnAywRWpb;jQmhL0WTrqWly
zb7~yx_CCE9#>|Udw><BYQW$@l)mHoI*Xe2fUt*lRX*S>YAX&W9^|GN@UOQFeg21!n
zeHEv{LF!FOO82iK%K7dvZX#5zGw!ye*5E=~tL2(V$FNK)nCuG=z}hF^K+jUPlj6^~
z?Aww^Z1L__+`Z~AkpU5m)6o@>Ef#P*iC9)xfVe5D5Qr|<7j+}=&V|TdLrT7%FX1Q2
zI}|1G{ZJsEXyq2d$Pp`C)J_d>OOS&U3MydOgxH{1QYV^GtTsOMnJYG``G^Ot;7>io
zV6J@v7ud5b3<=uMpQ<go@yE3=QagKC6Tmckv7%10pw-h;kmsnT@D>B2_vDB8HfQ=N
z%!?j|v)2iT`LePR$Z)#lDqzzH=j+)u4BNC!ei}F0RYxtEl#}{6eVaavP5HD~RQpZ|
z&N%XGqM-5JH_k$U2f*4LZn`<bk5ot#XnRML81NR4YkAu3aSl&$L78dWX~X5YG3=9&
z_ZYeubJ<<o;3WV28hDT5{gx1qUOEK|BUDH)6Zxf*rK-gU3b0>k^)+K&@Tbk$rO&s6
z#;JK0Y}%aKv$dOyAg@Ph?xcc|hb3tRSJR*1VfP3!^%PJwg`}vb(dNG@fpXvuzvM?+
zCWoEn$g6{bk38*U?+hvr-Xi1~0%8T?D7p<>Zw#_8-tF5Ge{AgMPgHq@glm+IZ|0!_
ziiEBXb1-qkQNRF7d@!x>53=w)9mZ;FMooBU@x$Zt$r{6(9gS`s_wis{%h0F%E#+Iz
z!tH<jn23^^xKK3ZLVXE~E~Ly6k}1x9OR2XZD}9CGjF$<=f7`Vmm7y?I2syXDF&Hr1
z9T9V@h%C^7A~R)fSw8n5?N-R}C3P)TIV8|9@Q&=H^9(Uz_4G3fkF{o7?s7ltW8&8V
z$R<O0o8p~>JozAvOdvR8uWo%HEpp%=$|6z=lzm#B6?&c_)sua6@(_zY_S)&qys8Ov
zyiBvjN)9_3@QNB1ba=qG8Zt%-fHzg9N-6<O;39#;%aPjUqeOFFNRYE2&@ckws@c(Y
zN+06CA6T*|$eM+CrI29W)l9|2c>Uh(ySpe*)4L$Ac8%-=^#_qlaNt(XhxP&5QRp}=
z1{!2qiwqy&^;X{E*ZTGPw1Ld@7WItZyqL|qSc$cM4Lji%%C96!M)<HwS*W0cTgB+B
zG0Z)6HWNBK5a7IQ4oH8rNguT;BAa{wMfBe;lAyuoD8?@gybB5D>xXF3fBELS87C^E
z;8pytUOH^*5TZ?uL9e&GKKj=c`14_r7}qP9bv7@<UIrLzZ`@5Bp*#nPlHb>G7Oyt0
znkZs0xxs_uh=U+lvwM*+Hg9wmXv52M8;;(9uY><@7HyrpA$dq2cwk;sz9D1cN^?RE
z{0(lhb$#UbCjY@&2Xe;K=Fa$`j8Sr*jm<Y5je8a}Cy&=;{ZCzJJ?@Pjk$YLHc0MfJ
zdf2?2X$rr{)^L!=+yWlokH)5d;37Exf;_7*>$!}CzO3idOGT>Fe~evx4S{pGC{H<F
zEo4G=C_%dKAY5~yx(HYjpzFtMY)EvHfb6Y$SVt4eI#=0KIHirhGKoL`BX;NG&;xW7
z$dJe>#2>~5=<R0)43&O<v2>j-&~QR*UY_W8LdC{=4<q3MQN;aC1e=9&aPR3omLuMm
zy>>OK0sJBI%1ek!BntnCXP<_fL120%SD5MRsF~662!mTG|5*J$GCFt0Ua_>5<h!OW
zEtgc!zG6fQ&I8_P8fKqi#a=*}6U^UtHE^bQ=MuQ3RAnA9$q@x}HWCQz;lHA6m6{Rl
z9?3~DvV117c4Nd}3^=*SLd^GvX}ynVNr2)wBmPGuvcz!jJZy}3RZK+g+nbMcP@x&#
zZKb1>uTu{iO^;W0?fV{yhS6GmD$1P#FF<c~BEV8=Rw&ys;vfSKu?FsqT)SX7zn4`X
zFTdZd8<Nh^j;e~s8LZ#15PP%ERL7sY+n)b>4*U10kYz(~RYftsP&VRtycv;S^Cc>)
zXMkemNDX5*Zx9owfa&^zfTt!EgOkJSV+Q!+GCl-D0glD@@dkOQTnCv_5cE@*`AB9>
zGC4Hysh5Y4?g(HPlmz7BhobRSPoSX&=_yJ7+*WS#1vSfG9-(2=z!=fz9G2*<@ms%X
zcw`>V1|j294Uxwo=Iwc@PIN0idSL`O&tv!m#(xMJw;a2CtcMTtR`hSjuVmbDK-(Fm
zFkOd$0#-lRgbzxjH!;fupZ`nClz$b2Y|X<{YE#$ZAFki#DU3)QJZ#-(P&Fi0{P91T
z+XX3gJ8hIq!#gisBo55mtIN4aj-$3YogbbbHz?qb@(9KS2Xs=8t*pEWN7$8LK+7dq
z4%prT#t?XWwuAptzGU{}e7Dv+T3?5F3%^LEOw*mOM>!6sXeM8&o7<puX!cWlHXYpq
zuDH$zHw*%qw`9JsrDivacZD3Mf!Vd0#!<QRLF|}i$+QHzOYLc?j+WyS1ycI6xh6-a
z{}fjd$y=ou=O&b%*gH7|xlJ}Q2(|a16V8gSx3sWsGt^i&8zblxiN$zQ<}Ny6Vpm*v
zAvN9eRSjRE6cVN-hZLdSTlXI2=G^J762A@3!v|pL9+0=9<i~a)^pXF~ZYn-JczKer
zA-Neh{ASq31!8@Bs~=PmkVh1RDB$=Zf9;=rx08@e;E`z5@)03#vw3sVP_Ytwt`l?~
z6)V3@kaK~MJ<RXFS9?C!G-s9}CvDd~Z#(tlk$vp^ZeFZmkwU~VbQ;dHoJ&9+)P#6I
zqN8tTjeLKY#Sb~m_>(x|=8<!0;R0zpraFsGBVB84I$jQ(U1=t6&%)$m_Gec<MdVHb
zQSo~{s><i{O!E69){g3lqxWzztgKGq$<ae01De5ktguf}p<Z#L!6iWlq1j&UtDoJN
ze{fRXi8^YzB14^A(<rc9>$xoXb#pU#2xRp^^#t-Jf1w#OOC@_RyQ=xW8rhBQ{h%MK
zobd|%r5GH++6R5v``=`XhtHx2C2M_|5|h$c-oCLRnOy9voyCw#k}+XLuO863KrC85
zc)38ny>WOOQ^DjyTCtHtApN%4^OLc8*fkK=t%TCJN6GG7^_QF-i=>@Fb$8F3$=at1
zv8Q8@zjZX*UxAObc80<bQie{l#oce**n)kyDGa$O9r&_m$Q~+(9`TOPXbN#UnhtTl
zpCb$Wf=Bn5Rx>J}LrEjHchkNwTIqY&Xf{vJ|8`1zBOEQjnh2X)@RJ(6ANptqHgmWE
z8Cw81K3c7_*E_tqpXK$LiRKdHqNJxp4NkaVTS@tl_#qC=7~SGVTr=(L@-uiY(;V8b
zOV*l3RnuYiikPbRMGMB?@v2FIfaC{XV|nM1LQS%x80o%1E+AJXVe4RFNF{SrWTdY5
zf2CAxM9LbSZ}SC?1}+eJ+{iqv5s^nY><4kRT8?z@&=^^@9%pevT92Dulu3Kz0_{xp
z&qaKE4upi;@+AHmJK*3S{*$)c5Plzc!FtXFEJ(J=h5ajz4W9}trdz~+&w;!>t$D{>
zDwLW7IqT2xB#i%pS7c7q30#=8UC#M|0S=P~J&|iJfrh~)9IQv|CJ|YDJ-mLEe2D=y
z{FtP>7*#{oa{?^T%j~msJNQ;<k$JYumaE89{LDwb)x877k<CcPPSd9hpb(ZQeQ48E
zH-*D}8Q+Hdz_Pb%i8b1{RO>W*uOitfV<0+^B*4rh@Z^eb#DRJcasx`@x=Nt7(WF!#
zBa(^zFLtM^Hq43bxr8T#0u~C7>yFlK$1$9c@@M5gC|V*%Umh3`-mOcb68^UyoRIww
zOefugG;&1$b+6YnJ2Y~@iv)w;g+UNJJF|^NoR-ZU;k2Y~cL;nMVhFTd1~d~9-Ni|C
zxx|>^h%rCx$}YqO$OYq|?{uG<F+VyEj{KVTJQvnQv24nCEa=G=z7lvKe45p{j<?6B
zJVktaU2<P#MaW$uO&2u(65XOr#cR-YL)Io~8~cHhm($_I#Mt%U)6SsR?M9Xb#Qqo-
z<SM7X0$vI0hu<Ee9;BnbA*S69GbEDT>xxf<8v^nK_sH-Duo>^Ss?7sQ(VKS9eO5^o
zkZ<_*Tu$y|%l`sT?;?dim4DSJ`5p?{4|oz0u21Q&dL{gv@gfB+c|t>MyOjKIZv{Wo
z-iSFizdrUOv9<aO7s0*eU;z`w5MoGF`0qn8e#;xXG7laj`kliXAmcCs$VwoW2WQOn
zvg^8ZR?@GI!j_hce15(A9W9?TA#8)w@q((-W=9bb4%veIRIHnayrAZ63*jCE1#Ikt
za;DO-aUXXFA^sX|h8OHs9&rN2T&Fy>CgD$PpR(+)kuJag7xaH`*bsPnOU+A>;GRq>
z{nhRx-}9^nu!GF^KomdCG6#<1hpL?-E@z!9f?1ovZ=H_RG~ki_Fi-s97RW5(=OwEg
zu(7qWh%e3oGLmbriyz2k@ZZ1*kg8aYI7@y_brGX<C^C`=U&8z)J@AjL$_wD6>QIl%
zfhe9{$}R9&{D~P*l`wer!epFZER4K?BmeV7c6hmo<kzxhdu5Gd5`DCB_;30qV56_C
z82#Sa!)Wh)W}#_pHq6;wGz6(IjcWcX<7MzZZLG(If#{9N6qKm}{O-+n|NjR@t~9vw
za7M~nUk_hSn&7K#iNV*@fqQhrZwOskX~6t%i1Ubz01`<W=1Ndv5(F82HdP7cx6Z_q
z-sfvBz3c7WVk0QvD3sq_JAo2d?Q;FKJC_pe(DCmI@%zV~5~biOTk;<O7ho(N{+i+d
zUhh1tdt+E|r<l9Iy(5>XuzqYlU#~qTbH!yeDQ{v^TY}l2I3jj9M~uidQvD*X6z~D`
z)W^c{^_P}oIqB|r{e??&fbx;HcDjfJ6`jCOVgULGW3Q0!Tl)e9=Y+uK@sC_n7){Ep
zO!br-&EI)pr+$HPi8QBi1jiZNmoxa*Z|I^Nu!e#r>AB!tXt~hMcXUafU0872Dby^M
zxbG27#YJd4(`hE|jkB_v5TlvzCPfkAEdEfL32HvHaqHYmZA}TXkXpT>D$Dlq;}g;6
zjQC1FS)Uk$fg=6~pDa2$jpSgtG&YhxtYq(L8qKny@;kUhfJ+FWwXw4t7zOpGZ{0hD
zuCywUd0PlHC}MazW3T_;)<SBMoKFI<C9IpX@0<9(g*)w-jt_-HGr!@#k~n+hm;W~4
zlaPy*fM(5S3F)x8H|ZqGK-8M>Q{YJsCVcUEv+M-B03!drohrt=&Nz~EP&I-%?G26b
z-0wlRmHo2?rZb1svBG(_JkRuIiS2eQq1d2Syxf~%8sGhUZ=X&wv!5GH%n#`2613W6
zpnqVLDZoFkIg=t$t?+6&5!<u@Wy5K&VHkV5{+ZewMmqiEbX{wA3eFDjHgiIp6p7i_
zLQLR(39|lIQI`y81_?Rhw1ccvVX7TmvXR&Zf1_W{^=vZjbYz+vVgysx_N)qKYBPvd
zH-ggz_awp(@jAq9U_|1cu%C-zI%!Uj;RUz9mlsUyPoT?xd$N)+o=fyQg?bWy4@Pud
zZc9lV@H0d1kih?*7XP+DOZeik`H4*5bFZ<#@ZCf}D%Uj4rpkAmcl_`a`pjK6^^<Q3
zV{`C#55TQ-7WOP)-@aelSaYNPa-3!e=;n(m)sA?_X!9-EgE;Q1@H3z+4cw&`h6E}}
z5Sy2R0wUBrIA-cFnUSAS$Z&|64!McZ3j0H6y8+?ss8FGYrY!B!A~Se41|O*x6T_)K
z#9S8lNspC6WxD)wc_ufF&MxPFruzL}Nk0OQX~4f&y-ZA{6C=EQ4p5N7otmr4JQ{p2
z=(_g#6clc3=w%!9K{PdQkbWs?!f6{_>Veujo0IacncGK}*+!>hc(tIwqn(u(h+{~8
z3M6GyGUZ|=U#RpkTHza<jO^B$o~F8))}Vb1Q|a$eTj%ZSl~A)P<+UCA$C;vh_Mx(%
z`vL}A?JD-#(4gD$MR=*KO@R8gL<ZgR7YRW=qa-p|00pe=B?0wCA8mhml2w>5Q(~s+
zgT^tq{jSbAZ>xJ?V!eq4g@%yt!u^M?UtYL?bX{FPjRw*9pZ7%iBhATHvWfA@2%RL|
zkso0pIXatOg{v>V$hj9W-!<tSc-E^@v*R)_1ewJrw2>{$G&45`=>seeh+>qjcI21r
zjEtgwD`EE9iC+pr*-7N^m*o4Q!$u|G5KL|3>%X?|)IpmrxbM>uZ%RoBqIzfR1m*J$
z-KV}}iLfaAUHk6A8^3junF5**h3e`OQ0i>u=QZ5Lo0ON3vuDpXqKpw6y|GMFb$^R}
z(L0mM1Aw4@MtV(VD6a!s+Gzeo=WtM5y&7KU{rgsdvj^Ck-=Rx|W$Z&eoH<fV)$Ia6
zb)|`3zbaV6dg3UhupV~-p74Hj`ti`5Lxl!w-oAmnjEUjpjK1~H>ph#u>p=71Rd*;+
z7C*8)ZcRAag6L)hnG>zz{Lle=7$YA<byT3NeLIp{(y>?(3ztHZK4w>Va8GJ$fwEpt
zd=C;#wPQq0sXtVITcF4zNWtfzmJ8#U#YGTPog0F$_CyI583fHVwR4f23;LS5Q$N$w
zWw+F>lbQjG`PHEjn<QZH`|HQwb%ZMt?2ng6>d)f?s#YbRp1^&YUA)nH(v9qd?P-X5
z{RtxW52`jVFIEh)2mkKrA^yx=F7xM~H}$W(H%zhMpHCfHy#C~vNSr*LZ}w{#g%sup
zI2=^e_f^5SaA(^SMYMgOsHo8WjGCg4*0zJp7_tGB#}IQajD+Z<w`U{a^b@$08DGOh
z)1+Z~E(uS6rC<xcsHkdw2~?NDOnoD>Y89H@jx0yD47ySMtxTKM5!;REr;Qx-qFPzy
zyFIR1+4mg+U;Tmrf(qe4NP}iiJWHDNy3hz`LqP}uWlvaeU%f4@&T6_w$CccA)2jGZ
zW}63CI=&e2>jQ4{OQvPdnInYa9-aJ-^LpYXf0@RQhy1<Q<SeR;lLu<I%Ir5jj?pP$
zsqWKm=Zt&OHDz^E;52~P2W@4=9!sqVaoN&hVDEPozo~Fi_h(t%*-A>)HuOMrp;O#D
z=$OyCFvJ8_jG_?%ytGuxo^Vjug2VwWI2bd5@FnTQT^c90R|8_&&y%elR%ZlyOkpqL
zygqnARC1J1<5tPLc-+c_B`9>Z@~z8!D?#qbE5_2_V03SuB00hQlm8DM|7)EpLx|gf
zn<_Z5t7&538lr(EVzsxCTwI6(_9?RuMpUw&hh2UFuI$#hZ=atCYzVtG1nnEvzy0ea
zFlD*}^S7hJeqy*8&YLxhZ#3LhWY;m=Fvq!Xpwy>`otgE7W^P~ekz3m~#O1i__h)q6
zHk3CswK3y2E<x;;cCU%!Z+%xM)GtrId&&F;H!qs#FMqyoc;=O7Z9Ui>`KaLLV_K8E
zroVp8`2E?IJX)Ts3Urq%mA5et!L$p>okTg`wV;xF0`7BN`8x|nhC+pT%ks)KiE#J1
z3O+wOh^2G4%3<(ebYf28*l+>CZeYurD7;xQW>`iDc<@b($)2Z5<Wszo$k~xAzp&v;
z6MA$$Cl>xP>cr%`P`}S{%*Kj6B*z6ajtFeU3JY)8YZG8rMvQt^I7vA)cvq@s2n3x^
zFS~N+wE(IHPKg+3rkaSxs&@GRQFXq_N1<)DW<O(nj2&RTA$iYP)GTFP=hlDPGHSz1
z=Q<TO4l4KTrkcU&#t$ZU2VpPD?chx_o|C3=ERwrlWG5`Im;ZQkXnxX{>$16nj3`?r
z6;+DKCN{bjun@NY^~q3qBBnkNOF!TF&iO00Mp4;mzbVK9hx{HeFx+|@RGRrJvdWD`
zHqE^4kY}bLhWUo%ZZ}^g^ZfZVY4+D>ZltP|cMgLQB@?uIIIaEDIBp&Zrw!A^zZ!<d
zuSorzoc-Da;S311s+jR8@Cx};@?pJ?3S*&s8-r)h-wH8gUKgtw2Wt6VT^mojj^E8a
z{2`BmguOqM<YE!xE?P-jW3?5>y_6jac5J<K-)}h&qL4#8I^Cnbdv!op@NPj$J129x
zILL@iKpLJ4zici-mX;Ve-Bx&qk(`I`n;-g3H*CX!D#EkoC-&v@Khq8p=XrsP#Ya5O
zrBM*K&Hat#?rHVR?)vvb;+I>GJjhmWO947p6^SGEC&E`#BEm(V#f3Xvb9*1ZIn0Z%
z(tOeR=W<VLi=U6$?<%oN4NTN!vy8*3wTok-HKr_39Gse#<6?s$ZjZa9dKQbtSJp^A
zACXXxAIutCDu~iQib|x33F(F)4C_!H867qF)BNjDqukcz4%}w`{(Z=@S<A*+J!-=!
zGoKJWIQPBN+^&dkD0v}?NU<@lunO2MDGhcJmo~@2>zkR;RnKx1E+6qfaM|#J+vPc_
z!8|J-`ZK(_`|hU_)||M_(pm}|O?#XnI(PxD{+PA;LHx`fw0fG-DTPi6SY0iv6S-7C
z^FyqD?J}vy`R(Cz3xKc=MSVckw()*MKHJ^+%&_uyUF$oN7m)FPbQ+!L4<WG#?W*7j
zRdL!a4LsAaDvl<Nwxl7>Vgri=0~txAHVr#s0HC!1l_CPG08~}sivPKwtIW{?NbcpN
zu(-I{nb**#RMY{!Y-(L?Vr#8*BvztBoOSapP6mDggA-V<_T$iL&AedsIdJu}OE+A~
ziYhjy%K6M5u9{Z@Ir3DTV8h7EzO6laQ^pVN__a?MKiBbdfFCX~GBxODHy(ULhgEM%
zo&^J8$){@PYMPW5csEhW(ip(+CRpt9Z`<F9``;i&^B`8bpryx`V19z%$S=9U(Yum&
zH)lGlqPP_OMT`=`EuZ1c_@{M6$e3HT!u3-?IujJVALmpnJOR;fCyvCU?Q#7a_k;Vz
z79drB&yvq9{)|@;Hkd%uxTUSWb9ZaJYW*6#|K^_F@fwn&PUw|O<<{uElbW)VH+1uW
zux#(jBqKq0pP#fW&jB0P%k3SoOF!7@Yb8cf2G_<r2y0&;J~jBJ^UPf|Hs&1R2;h_8
z-<QH*i?d<LT#-81MTU#pn9Ga(9RFl%s|%UMQa_&6`=a;ma~{A5fAF<0Y(NT`f$}$j
zCJuQ^(JmURVyi&6yPV~w7#*C;Py(|4?Zd6IM){0Cfk|1**?RLQ&o-6|y>uNk%@^TJ
zG}Yq)SsNwmyGeli!(9Qn=DlKPhUnod_<GdE;et4g-5&pdu~AQRR!2uN9x|WtyVQ69
zX|gx<_^DB)dK@0J>v72vA4xpCn1f%?W((Y|n4N00g2bD?xgNIaHH1di2c2yz+y{DJ
zi;VfXl8!E`=HFMYDFZ)?-V)<GHZKm{C)i%XSLeZ->W)zwkD3m<yQ4~i;H)1PcrTrL
ziWwXJDJ{Zam(8!6SH#Z#st8e?|4UVvyx6)<+}9ZMaR8v)`<orxt*`z70scXctIMYi
z47rTb<zgBm4`fmbPelow%L>nkESlJHU7|^GWMoEqK^)1s@iE0Pl={~#Ddl4wo3%Bi
zBbwdt6vJ2w=-O)CcxAbpfrjeT1I%jZeW8DKfPuOQty2+smO*##RXlG9%^+1bOXP(?
zI84!gjPqA`Qh)Q2AnSFKDu3Vr-SU6co=KGG#M}uI!s^X8IyAIDaM1p-TVvC5|NiR@
zrfe^+6K8D*7^pSSpkMw>gPXR8m7&eA#<|X-%{Q<d5Gu=SLnIh~=De5WplnDKmDM{m
z-4E3##G`pc&fpR>s#!aC@K?u4nazCtebM)|9*aM<`i*+4m2NvFzr?J+(I!BA*r&E%
z%-6cbx6@*0JTQZaCz99W<4PG+^TReFf_Oo_J-#81Q?Pqw(?D~_uU3N4_n{*(a<HEx
zPNo?CUT!Xv-PHA49Boetwn&i6?A3CZ;c`|_kHFjg!brrQ!TrOHU(SavN{=%n3J>+<
z(|Ltc)yNNc!!{fUE8l~4*wIo#x$C_4wLYJom{5;7W8{3(GN@DE%Po;92H$wwxArT!
zOhwVLDzs@pMdHo%{A1}8+sN9@kaV(6m6UWREL8I0|NWgH80$feiM;A|+ijSu5>M$s
zr|ln?v_I4}vFt-D?Gs_LcfcpG8b4lOPa~{T+F5){*(5S2hDFjcUyx9aziMk5Cd8#E
zt|xzIC}6XgC=BQTe!MK_)_Szc=bS4`lc*zwEO?2`DiezFmb&4pyr?^5JNnqZh9`NB
z&^n^(fv%jp&Z#2f23gASOrNvo{J!zDjJV``-55rK;Ew8DnjdX(I`_}8c3-N0(!3HJ
zo<p2i9_?Szq=GiAW{?Hnxw~5e?K{cFe~*YFSfc*8;H=kOKc3~RB0p>4R7%SZ&0CV%
z@x>y8?uR-}4e5|ClMv6>@VbUp2L}+RZ&$NTAYT<$k?JJpBBWO-Y@_V_|3*D@e->(k
zs@H&tTGI4Dk>#A}e8@BK0A_UQ$nu#dD=^X<rc_iltW0S^wrO8S(lp+@jQV6@VX=1Z
zF^8H_nu7>Ci$2fT=UkF}=KgRETNWZ6+*oPfLQnniarYna1vF4+*yepprHz!{OSvl9
z;VU&wN6g>vaxCC_j~%f|<Ah7epHDwEB8tM;BRdRx7@iy{&)q-*0bjpEdh~4~--i{s
z*bf|DKIy!Ck=k1c@bEQ!f1IcUO0IawDVi|;Dlzls$_uX7l2x=EAK+@3?MHxguYw%N
zY~YU2M-zxuNTr>kPNx>;C;@ZSz0+KZcFu7Ajbn12+xi{%S~kM5j`uC5H+%BP+Nbh&
zox$O_*(VlElso*+!ra;-1$_P6rAfU_$-z>mp&V31MINU^jTFD^OfwJ958qfP!OwxH
zlw4)%E65X~O(MMFp(_b)A$Oeyr{sJ~)+~>XI1)$Pb8rB#{oJc{aN}i?*N*nNr1KO3
zv0ZQ$&QC2g1OeymAKy!PxdF3=Q1a;V;-403>uneF6pir<C_6IZ(OH1PBw*Q1*PWsU
z(2<b=fH=le>Hkx{JLsVN@LcNx9G3ad^KQmdMW@|=|C0ax`^R{dIoUJQ^XXl^U9+be
zS4-R4)c*k6ep_P=0a-37tjIG05fa=N>Nz_4g~{*LKNV?Jy)>a?)?)@d11SIUQ~oK>
z5q3Qq4u?ms*{bNM&-vhd0&OmHrhYI$9)v@bF^IqCytEx#vD@VuS3<hbT><&6$l?$+
z>qs}=m@c|P_~Y+!%tU-5-gzk1c<UG2y)r{shRN;y3NDQ);5kwCQHMg9<A%UqhIYr?
z&<Zk?Q^4kD?R{Ug*_Q)3qds7Se5u6uGBr|wh6N%_(aBZHXrM<&4ffs8O+8ODOTE(<
z!>DNBdPx|RR`B2WrVJr!{PoojOYOZOsNVkbWM|S*!S`U?90jG94lf}*$e6_)qNIaP
z4%pQ?bB<Z>Sv|N!r!l9l@uOw@MOwUf>phl!=n&sKV0U={hMt%#w42F@{_6hvDI?)H
z#cx}3xM^Q*6S1KuXntOq${WTNgxQHb0M3#R{z9Z`iRwX9o6|-nkBcIYH;>l`e76?0
zE>AIfKd!6v2~l7`Vz2!5az*%7V`r+3jYTu>Nf^OY)2wbT6mtEms6Wmk5vYd}bDG;v
zz>KS<<RFt$T_J~_$PB~=!b@kf22Q-9DaU#R0p%3VbQ()HR8<3mRKtowmERvkDpQ2K
zJAI2D&lZdr&69p^m=_-Myn?j=63f58cU(an$!0%$m6T#C{6vMtZ`!^_k0*Fd`QB%6
zvst;t<9~~t!lo{xrrGcJh|rxCS7X{0CL!Jx*x;9j?M+OqX;+^w-v^?DMofwU`}DB>
z;A#yO^!g^)5&J+R=sJ^V;{ox~yd`WsI$p8lJ3Nwx`}zG>2K<tC?V24c0*rgkgUQ-2
z`#<qHAR<#$z=VqW#|u9dyvA<g<$W9<XVUHp8sC{72NRX=!U6J5zfojh+NIZlTtta(
zVY}~X|GgpmBGG=l{VO7YlSq{TiHZS}-#>kYdJ|N703QXuO%@NAm76{uhDsAPVlq!z
zB}Ot2gS(2&2kbE@q=4<hj2fGY%eGH07@}8g2j>HYem3*PYQWWuR3n%F03+&`msyWQ
z)IDwjEyPdM3b@{4dtR3bNr)PJ2P=G?;MkYI2MS4kno|%~u12_`I`?`av*7H7oP=GA
zsGQfb>>ODc`YqaPV~|1croYUY%TFnXjph~TQ1?m_<xbX%9gy%l@uAea_cp{oDo1xZ
zk(B82Rf9RMLpBR{hs96>5E%<<*5TsN5&OzGd{m3pvm#Tw{c993i_bp}S3Vq*F30v)
zIfW>{0)M;cA}*!<q8k;rcYY?)8xK?^1?+?`fe!});b+uDb>u*=&5r=w<2)Tje@<Ta
zxi?|XL<g@Ml1%8Kk*o=(m@u87yh-I#qg;zRfuIus-|aD5g&W+}_#Y4YC~MYxKjsf=
zsxTPwsDz0^@IEF<3h#R|f#w|$hwtYb@1gIvdAC|8*aE&xh2Ggc1`d@jHU^I%gR!PA
zc1U=pDPi|$5;oH&{Via!-)?7o|MUKB@En%kwBP?R^N$?4<{ANAdZQm6fA3{U+GkiK
zpW=i3z7dz|_FY;6cPkzZt!{eZ2fIy5yzTO)X_zC3y*6*4a+C0*G@>!TI{Zbu@ME^|
zQOE5u$2Z;_56D&3mmxjjbnJX{<N4q$L=05-bFG6w=z>uOU4U|kJk5-5Jn7Yo(0(;C
z2^B9lEld9NdBiYZnIB9DQNy176L?sW8Rgl=D>(dHgFr^OkX@IQ$CO;|_k-t5*=0g1
z)_1Zf;CfC8)^-DtcBQocmT>Vlh}O|lVmW~s`Ccw;QT_xo#H8Sh#)x5bG?d(?<o9iN
zOl*&en9ts>MczoaYEqSyygibUE^GvQ{AS1fB)482U)A|z9lAfoo)%La`N?a!{$v%&
zuNU*y<61(DQh+p167g=C5$rSp;)R9Qf+<0&2ANl-U_+KD0&AtT-HxJy6k+8Zo>C6*
zQ!#FQ!PDZi|ASe?igKOY-ER)VpVdAD>jR4rGUy*`AugLY!AKLjS7X;zKD|9*s@%V_
zRp+Apu8W=qb^?>OwF)Bd2qtUfUnIM?%3tT$m%cH?^yp|gB24l7lEAHb)e!-|ugA9f
zB`?o}0wGE<XUMYD`+YjT7t1R14Xpc$l~fT)@a8_?%^ZvYp_S~vTN_qKwQ;<tRcT+n
zl*|kgO36(|V2;;zu~A3bHi)0c!hmC6T=jk_oiy<D$9R5+2#$_xR=WRH#2(z=%~UTE
z#bEX>wuUheF8>W8xwbSowK5nR^hyDA*Vm~XRN9MUSOGK~2`4dJiU}9|l1GqAH>3`f
zhw{j$d}AGov2&h%`xmv0S=*#pb-JYwe3mZKPo-OH_%Tx%{q}j#DUW%ZI_ILs-6U(}
zj!5G2&#0i~CgQX#N?c-#AryqbArQhwg?>hZ#-q(f>io0B<_&u#&=qhbv7oDM3cS1l
z(x{H%hA7g%o$+pr8U)(d00)FlMhScE*Pj8l68O6L2~J3r>UttX1DJ3?=wm(^KbtT8
zWo=xa<tae-&nB(!5of(K8Oa`Kx0ot0tJrS3jT&rqpc#nQ;8|>cjYTBM<LM%TgkR2B
zoXkxRoNRP+8$ljjMy86?)!AuGJ~h15x$qkCOQ!+dtq{P<M`*@okj+6i7QU=(&Tcli
zPE~3ZUs)bu9p6Oe?JwA+vmFZ%W85}|2ui-|Yj=aNm})9j+_BLP?2f+r-Fg2{Yw-6b
z<_d3Lw5i{u*NCC!e|rrgX6)FT;TSwO*w0Qufm{jfRg9%q$QI{ZwvhmVUCWqe{J*VR
zK|Y7=@#Cdsyz(o!1sn_azHRe!x`grRTvYb(qr#c!ZV@er?%<q|@`sSmGg^k+n&7j$
z&yPMU?bBfmi+U5pbOMTD4cD?;)mIyyOv%10f(kJ2*{B4Y@ho=6)!PUo3#tEnN6o{(
z)iFMPfZCsL5cWO71_hn$bW(NZ5O-<JQbHaox|?1c*<?KNi+TJn?w)|*T6(?Lp~pOd
zpjqYO-2l0X7vfhR*DcuowB@^db!S(t3(B*glCN;$bR2+aMo+b>qngJp#x-QON$7R8
zfWcD;eb_<dQ0a3x<?#AV8LB~0@}^uj%u)Vzt|p@xGDcMLqS`ijpVbh5j}VH=d!U_5
zCva_*NEy@;d|0{I-1;b%T@4VCUN4kX^#x|1#S*%8k{hm0Kyc5feDHz>8G0Ip9b#p-
zMotHyqk#qaFIK+U*XF|m_Ng^{bczOWYDN79AI|n@cGCGRbcmF>+&KOhf$QMEo(~;_
zd%NtPC+zdOK>kwTX$Nj5ieFG*=<4qK>-D~Mw`lRjeo}4^UE0UcC0@*2p9oO?77#k3
zcC_3nq;Gb#@FR5NZvV9XIIIBVs(d}f&UdlD`{(Vhws%`{JOB27eve>*sMF0j!o`y+
znN)rKWAo&rA`u*f+0tp>i+;hOXLT7)cb{8VJ03_*sV1{7Z^9pM-%VXzNBdrG@a_D3
zrFhUtNIs_8OYNyCgYe?y+!8ppt|vo&FmMs>UA5ka7Xm#|P@(_Y#!@!Lv@1p^I=Mh-
zOi*-AQZJ?Qw6HIZffl#L43F0RDg>C=1Sv5Sdy@M>QD31bDyqF}QH65oLO~0%kke7h
zfqV|Nuj*AJU_R7MOXA8`NCgxee!P~s*cz;}2?cGijOPhFXw9gZ9ps0&9oPL6SABPa
z;D$1TgtPuO{~LS~LSKw`>C*Y#cPdo0d}GGF(ph8`|0(d+wE`+S&?--<<;KK#e=YbW
zn)!=j=*O9IOXK%%W4ftM;O<ANZVUBd33B+Z^9p>HsHFwANF4mhbY97Xws`HP+u!mU
zF8N-l)wNqlDCj1|laI<4wJI68lwyOA%1B+TyP1R}1=fE?G%@>aW?u05af(8FSM!sG
zWMc~v4;L=VkzrM-Ygw89@~j@Ge={}+9>ajcP8w->6gi?N?3oj|fxfuSENOel$BJ(?
zs8FZf=I_ikTTk|OV)$%xi_RYI%jv~b6DYd9W@|GaxS8n}bz#2xt1ICN<j!!m`&OPy
zUynx%X~wW<SK+1?-ZF|Y@~c8;P#RS)lCZ2{>p4dP?&tk)$ZFkk#;C5Cb4Gsc2R3fb
z9plgshl=Mh##AA-n`d)2jUIMJf6O^J&Ug)&m4lH*{(B@ZmoRp`4=2<_W6TxPM)`>T
zsLTi`7mv#2j;brWvyn!_d7cQG80%qJLn30VQci;Qx437DZQ`AD>00vTER)n##mwH6
zNX-}f!_=zBA60`2^Ut+FNT}|V0B8{Vtp7MN9w2ppf}0hx6D}U;xA-}Yt1tA{Q7h#M
zuz+Gn&V$Okzc_wBFT3@I6QvviFop!6%sY!@I_K{Xd2B!WH-TI)^=sS09#5dBby(xW
zWLSp>rA?cT7D6Zf%*i#3<||sM({f7NDK@!NN0?Z|M{!t}ja!MVB;<wPuZ%)OLBvoU
zcd>4mF{&;3fPbm}2ebBJO4tE0w2KUjY7iGFdi#kxYd1a1W1%NGV#WQ2r>GSQu~h;3
zka&0$u6oC7Q<AJwizE4<oVY;qHv-ZRQOxl_nxS4-xzAxH>V|kAdW%C*`z)R_tgh(N
zY4rLItI8kN6u}9S^~F*u%ahmZo9w3rGQ_#cC0fFLUV0$sVfDQyQl7=Dj!kq<^95H4
z^|!E;*aMcWD~NXyE-;?M(syTZJZFrbiPuzdwJ$fX?PRIfR6-tSiBu|z3ZdhFTqpW{
zGaYZ<Uo=lFUhXF;VopdVH+Ulvd-C2h@wsi@<i6JkzE^#}#`KW~QdvSKyB(&pwJQ8b
z{mOa*<;0(Yt@5LrVFemL+DY-0DRRg(+eg*VS<v!kG$bVjb7DF>*^aoHSLbVyOeLnc
zSFhTYmI@HzE0vV@eYyIB=?UA>AnuSqZMQ+My#2cZZ7Di~5nw8GZ{^+MiFA0nh_&_2
zl3PXJcKL0kg=H(PZyLI1mAHNxpRDS_a1wuquiFRq<)H=g#vH<ST(_y-T?y#uhOD5+
zQ&i$dvlUHnGlhN-cG{R;T`678pBQq)mL%Tp+Aa3m6SsK_LOyTp80{<>9_ED8IXu-?
zIM`Xzy6-D~sfNF*jsIEyc8RfLV=+@)?`6k0D~^W{J(Nr&Y1xOPPgAJqcyvq0bHb}x
z(N;7SACLwR0+Nl*h$OvA%PpF25KR=QEI?n(tPd$AgMT<6-6N<!K(35HOm_-i-F&U*
zRB7L+ELtx*r$~X^aNCA-#Nv1q9wE<du{7L|__g9(v9#GH#4SlOP_&h*#mi3uk?UP^
z_UD=7s{*dO<L``e<%>_Ou0}7*xH$Zgr0W>WCq^8*aH#Q<I%yOgmN*dfK4~}}PP_T@
z@PiMH4j0c1++X~Qw0lYdTf`+x>*NI6{*tkGh*&b~HC$P0n;K=Md#zmn#t8GfB0b|{
zsG^(F&76Q#+qSUoOa0yH?;SH0&u?fw{k&<M`SVocyAn3wvf^y2N^Umd=Ln;MpVMu)
z9{*V@$-wwzv&)lF(8Q?}JjW+#?719%<TN3L>ULugmd8JX%f7L&-iCSG(D{nXqjvpg
zx8srCf!&JpT0k>5WO)Y!4zrnWe|1B(@^Y|b_mv9L{|V%e?NrxIFj>^acZeC?%dwku
zRIYM_aw^3DP=R5iCn1a9n&r!lj$R_=Y}@14yR$7(558GH%8QE6C@+_r_dFl3f1!d&
zoaIy*GqRHX9{-kma})(LY_*vSLNned8u*I@e(aC0Y0(VsASrIw+d{+%?;g_P=1QHX
z-?LpY96%NCv&zHRdyv+AswZ-9%$R(ivz}6~D4BINRh@22=)*qR59NolQB}nMTCa6L
z413{Z_o8x$m717+$fCp>rSs!EoK}jfgzHD;UqM@)+bXxmSl<f|;#q5}<JUfAvqM^|
zIm6#BjdRr~(-MLMwu8C)tNLzW+ExH&K{Bh(_j&&NXQi_bAO>w!IS;#V7Ef-l@}V&6
z_{AF!N@RNAe87Uvn#QQj`U)TQQAK1Yc67pW|F7vI*Tt9a=hu~itH0q^qF2MN6Zo#z
z46~K;YZ4bvp%ox*yLS_JV{^&H8CkS1oObnx*Ku>3YjwY{6SN~;`w)}aiu=@{oDe4L
zw#b}~s+gsb*wtCchnI7=T@NR=`s&}LSk};o;Y(nTn|Ndzm(dcX6W|cxbqXG`f7TTr
zF_~{f=f(lP_-k`=+&#s;FsHP*!~P->8h6Rfxx~}W{wQ#%T4HsV+^W)I%AuIksq&s3
zC^qMSsoXG7ev7VBu=IsLlmT2meYF$bg=yOV>$9_M(sA(>6Wq$+T@=`>M?C;kYBepv
zAY?XsCMpKw;3EZ{H37XF2qN9<kN_TJ$DM>mF1W39&R=-+V(0tWi70Mg>W(BpPxUP0
z<PEBm;+%Ln{oe9uj<rcS!-vNL=-100o*obVPB4%&&V4utaCA%>v5i9yrK3Y<0}xP{
zcp`K4ob}6Yw%skjneE2hlS2x`o?s2i^p%9Tf|zW~<bxa80%~ZQqyXI9SPBe+GNqzz
z#+OQ3JUcNz;*DvRNLyNYlI&u{Q|RS4+00xI;l7Duy0UupQ*>l_gx!db5_4ft$##ZJ
zw5j?Q#7yY*mN)XqZapXF<FQ=gaV+JY;&1C}+=AK*EMT7x?0BSr##of`tr?j*7oNK<
zG0b)-qjb>*=87fLm%WrLmQN{v>5SojJo+KYL+PlpT--4M?sJJE|IU;f`jSJz?}Lr}
zd4q?oJlFaL?Si9YxYyH^lHDE9WIL2=1#V{&_MA3=u(^xC)rS~Z-~Ic(L^FX=|7fWr
z$T*YMO~8m}`S-uxC#jELqqD2VGofz6QTykqgWhB>|Jp!QTLY}mdMB5@`_Q1256*IT
zR6v8a-+iPGipS#WxHlFV*v`*TV*qAoS~sP&L-17(luMlCqvkDOq0}VTKY80IGzosN
znXP^#+ojUer=Cr2-$?>duR&bnf46;Q8)?uE-`HiAOR`oXVpc_SZ_GZCK`pLB4`br#
z^-iAei@5n_`dD>8xtg4-+WrWaRj2l_<^8{J;>7xo=Q`wt;H^7kVY2cNXUS=^0Zh7~
z)@r*mS7)Pge4!;ixcG9Q>xCdIS8xUVJlr`junc~x3(;7G2V-Lr>7Rw9esdtvywtoY
z?i^l@o(}rmlIc)wiTD(XP+eRtK`NrDdtS}RL{Yu<o_1(nF3^cAca98yW$>diy!s8Y
z{BpZ|-~|7fao9BNt#@RXoWD0w)D|Gg50wluI4uoRVvk)h--hZje=|<>_Mn?>TGI@a
zZ_O%ZJo%34ZI?Ry#O~gVz>dzxJOBA~g9F(Zwi!auz5f#J^pL((8=W@$Xd@)U>eo}r
zA80idjy0EB9#zAI^;(W|1hRO;Niz_{1dm0WQ9R^N{Qlch;^N=*U|b5lCh>G@SZG>^
zR<1s2Th43g*-=yA@!C#@ixH5Ty6HX?HDa!OVqa%-BgEsNy13A9T)p1+A$a!l@zBti
z*NI#z4M_NCxkECD+I-@=ROlWhF((PGfss-s2U#d=$#+lg+`fISt`?)K)3R<MX<RK!
zJG?#VCDYH|F;^2nb@*4f+@y=<k52I>(;X|ShiKL89(BhBXg{id7FFZ<Yj~=G^Ueb@
zsNx1gQScqDNYfMwV70K=guC4z^v3Eza%+>Ad+_9Hh+1Ax>%~8?R3BOVYNu`IHBjb&
zn?gL~UoLFu0c!MV3TA0mBt6h){WWL8=)D_wHo>)72+651-PrzY`hCKVau7B_Gm+!=
zwV0pOFyq{y_~*0GSpmkILi^^%V?Bf3@*l-5A72`fE93~pFx<0jdQKC|DVM1;_G--T
z$|aX11HTsiuuEV_FQ@A3RB^i>!_SV`_8zjny16qMbz-TxnXT=)b~Forh{Q}Z3kMZN
zmi^SldT6OIY{h~1R$*m4<A61`+3=U>RL(8wTX<n8%)#U3m`|Wyr}_738<;6epp!X5
z)$V5?8J`&B$1N|WzlHYDEOx&v5zqGZoO=zUUtX(@1qa5Jm9W!wP_ZGj6PVx%@ha=k
z3w;*;6`Xq;QIhcRWy1X|Uh;t|x_Z73M_QugejnU86R*S+tizw2Vy9YzD7a6f^dS;i
zY=v<}2jNu%rvMA#9tx1f_fYzc$ZMuEsqPw4eb<%x6h*^nSY!V(#k$^x`)%)ie+EtC
zvW&0}8!Tmi$A~$JQG9%p!1YDFctTR@Ab=b`A@B2@f-psc?c0M581d*wUT087(Qy-P
zD>S^^A*d|0mp;LyL9`k#-TzDH_3-b|-;y4;sW@!T2^^z0*M~gEF(YXs=3k9491nk~
zZ%b?6=^x0|U`uG1H0~S|!%JFLCMRGy2wx9YA=*goL>4V>jq54>-62{DVUs*pQvou}
zOk!2eZz==GT@8h{5KAP9hWg{z$LFJP!1B^jQ;0k0lVosJpb}(h9Wpq#?!?mH#;v11
zU{3<HZIo4sHAS7<;<{_$^NlQ5A=)VH6Q06$adLL$&~vU~q&M2A+3?<rKV=_xQ<=rA
zDNqRsDJ7*+;E>a|;KMTT{Rl1{CpWaKv0xZpe&OnwrmE)e1zJ!h=9*jt_xK8lTAD(T
z(G-DB5b0G1K>VCvK7O*V3w(0vx>5?O{9F6GQ23^+cc3@sMa$|}@P6$-`q3tt?bTwQ
z>U9J?{4K>;#+`3k%;eKaZZxofAg>A#*MnLfnp=SEy>H<CN04iSO*zDcfT&X4z<&5g
zBUN?|xclYYnZEfB>xa!_HsfN3l<vWTc<7Z0$=|hMJ_wh{e+hS20{7?v7bBQb2$}OA
z7N=^GsoN@oMaAXsgEfgSO7l*VKK<Y`7k?+P!*fBN$l$Hfpu4xY9b27H?+|n0A+L#r
zN%u}YHzb2+4eq-uZdpfs3P0_KRR3CB|G`*qH#zk2cPpArTrAAOt935{JnUJ`1sm!J
zz7TA#4tVm8by#a@;aOwlo_oQggn!^JE1U6Ay0a!ry83U>jWLqU0*;@S_(A=r4KT_3
z1nWl_**kPV+s7Zjpkq#ZSH=0*kHgu=@XPz80~*p$HzMs$?!eP+X&K$$UWwlzijM4;
z!GDhjI)BpHHF;XvTREt7fBW21`r4KG$EM>`f(!EW!gd7S4Z61;iF(U}Q2c@x7Uy_7
zloshN&mW?=YeF~G64C1zs;E5L)kgbQB*}ou1^KxLvC2PH<*3hg{@pz@zewt!;Z|(!
z&0FLNe}uVaH;?J(f9V3B_Cydl{u1nx4Yk$$jgWBQZ#DQ!UNOA7?~5A+h`TPV#dot+
zakq9nu8be@eU5m&7_GKUx?8e(n40-yZ*6g6Z(e3_z5%}K&&_ZVg7P7j&wQJswhT?m
zdFL(p0DX1E<(DGW!<+0gEpfH7o(mFHO6W=4R*GBRcFS?TV(8i&*)1z|&XvfppjeVn
z`{JJkTI4>Ka-X`HcrTn*-G6j46Sci{sN}tvP;><DrHmX1cI5swSUTrg^<?Cl3EjTT
zEV3<qn0|OErZ_7lNR^?oA&iWUV!3;MoUxDQMJIPb=u2P}$2O}U2;v9cc9i&@)0VEl
zh~`-Gd=kA_)Vp@y$XEKmo>L)PgbL6E3dmJN{Fr?&Ff=LPqz8{2_p$>Nh-`PWn4<~8
zQU~@Q901#Cu>SEvYEz)f<{JyPFb#*W0%9;0li&Tx6)E57Tz+6F-A4hoJ83kjYJ&~W
z(6Uj2mfK=YcJd;?{6Of4Y_tPlWU2hKTD2J8_YqkoMf)QCi^YvpeUbKHd-+x))eqgt
z3?1!87#o0VzSBmQzdlC?zu_&gqxxtZwAgtkg`s=IgRBq{Iqg+oDCfL8q3z3_LVPS7
zBYb2<To=;6_pI%b+|zZwb=Cdhb8DhbERW6}T_28z{>yxEuE66jdTWA)Q6CmigQDIV
zV}wqf;`DiSt>4o+1<~iP`NI{p7fVidh)*tk#^@6(I^Lgumi}DyY3(d}UD9r9#-tSI
zf8#JBOoEG?N5UBECgv(KMg>ABI0~Uwvrj4S<T8{(ag#6km?&OMOei&bJq$Yk>~85t
zPmK9;^0<5p@sve@s(X6dh)4I&^_1H#W@+ni&&(#%_eBCNFVSA3S3$3}uW4UeVPJ^e
z4=D)$Ykw#Zoy`|DB9rSM^Tn8tzNm<bsI2$whNIhqj!SZ*y3fcHzGf1i6VnYPFp=y<
zz<~()TU5={s(-0MUO_E>XYHf==D)-U3M_{VlI#Pk{t2c@BA}p<i|7*-@dlYf`eKyJ
zJINRi=tYKoCgA3m6(yr4nf@_~j`9m3g7S`LQpFk1Qiq^^%)|7yRsKUSB=7$N>_8L0
zOHD?>-hi@%&bCc2@E7uiLbyk{;-$arTs9WYLG!d!Jm{BdJ!hc;`p68N7*lw0H!Wx*
zYy(cLQ@SGy$5x!0*7?XSe_SWG9KTax(6CQA<6)X$EejvxC^5!SPmZH7>fCZ4k@uR-
z0+|DNJa)#>)5pMD4<E@|q7L*f^&+ymM!<JIz#}ft9^c13LNPr%3`ZsEU3>6J?8F}d
z-fXCgFjyZWV+t~0@Q4~ap{_q4-gm|=#wFV#xA<GK*--f?Q+_>X`;VcsBSeV-*kMR6
zg@2uf{UHq<=qT#qKd!WAbnd9wX`-Gl`m&x}KL;mP2L}1`F6TdQ@I%%gf#pwm_nzq=
zj)wiD$&iZQ3It?|rxZvPGH8B$AJc0iZX6;;sO`<$Phecr(iA^i*C0c|;h^Cl<RqdJ
z$-<s<w&#@f+~<iotN`0qSy4sb0z&(?P4?N|<{3+dzy}rnAE!T!$#Z9pH4z%1#eqXd
zWbV9gW%#f@NauJ&R;}3}?OQe0k4lu6Lr8^OwPtgqJN;A^&KjqY5EP{Y2Y;723zo{r
zA^kLxa^;#IQLmAy2jTwhw?EX_Z^n+l9Q=7Bj8I`UBE3lAd=djj0~(_%R&Q)RNKv>|
zN(0OPIz&$=OZowfLyx3Y`yTSsz5^(SD5T1WLh9QI<H!d_+?5*X!~RnKna+9VrtdYS
z;-)P-P_L&){+XU~+mGLB1luAQjr$G42YVeT-r*Bhd$5aUfn{$7jK7U*79!0((>gtq
zE{Jwtj}Mv=B81l{ei~v~a`wEXGUThVUdR88sc<&HhdOqKXzbYalT1exHPfIb#K-<C
zSFdYio`t`1=?qDk@<Vy_@Ub*#+EG&kv)lkgX64J9U2)1?sDg>AWt&6<4O{tdjtJKd
zZJX-HUf(=r9KFF(f$4AYUk9Uka`1sp04>|~l%J9Ml0d2>`@ukDKj4J881(Fmh$|kX
z5Xt)W;9gR$Oi?wMl|dSPrf8-9v+&uc7HxaU=54#Q2BYlf&loRZk!F<7e#Hm=IrEpv
zh@pMuAY^sLYRG46$R|F2QHiRY)oi9w{R@z;KMZ7y_YWc^w5`W9r7M2esP&?u9x>z=
z0yOsP;o?6(Le7FQn{*=lpRol3Q`7Qz9sdo&Xo!Va7XNFrdi5&(-&X%GUot~df$tB=
z_h#@S##Ryuk*c|WpU#pGX`9hybylHciG}Z*Eh7v}V-z2L&>jqf-uy-1YcH9CxOdlf
z@GcG|H;|sYK=H~jwsSEF!xRk-el+Y0QsnYO?^v0K$W$IRs+Nc0w>47vhe2BJo07kH
zRe8Y_&kp|Nd)d;((4Uu5rgA-`;6A7DnTdk@<I$oW_`Y?gLnuQrxBPLNfKBTcOFVoW
z-Mn=V<gPo~vskeO$}4KvTReHs^#8ZuZ~S2)(yu1ebh6B*K?7n0L|j#^2>!tU&+#`0
z`eiWm3y+}k=LdsWPTwqsUZC6doj-}+>_tfBeZ}aP>o=f>&y$);)s@R2XCHrv=ugU7
zM@=Wo^uYalca(g2veQ{sjYKq%d82=GL>{(p-30pLzGTl^TH9nntAB#Z|N7PQ@c|ur
z{=t3K2dZDd&T5cP6K%?DCM%`)0DL@G?1-g5^h+NpSGtJ2K-*<1){|3bAZIu%e2PPh
zw%ujZ*4-+9-r$FZoNZpe1nI0HXWMp4^EQ03$6@8lT&ZaNTl{Aih|8P6_hqW(>7$h|
zjPxF&<94}XQ4`~~2jqnj+&7RFg<B51&`de6j=vZ%u<t=CejXjVAQk_H&0gW>fLw9@
zB0w51=&a|KzpgOsYvd@h{}eA<E71J+73T-&iI=Eb7W2a?IDT<dlYbqcC%FD@(Y7bX
z|E@R2pZ#^iCnMP=`{#}ShR>#km4CKj?h8^r13wy+af{9-gOIIa!Q$l-J9Z4IhVj>~
z6<#L69M1V|ky(NV%WBGN@PQ3+JCiS=cNaqMQoGiuS`OnDdKVuWZrlJLu*C@VC%4|&
zvTmvN^M^H?r2mkSGHg&UDUdIxwmEwIbah%=Ja3Ywuivm?o3ugJB7F$_lt>PIe!SbV
z7Wy+D_2+KLHJlyM&;Nz@k5x-&V*T=wW>ad|w3Du15@8-=CZ)W&v3|jk8`+j<=&}db
zM}Ct>Dy}avA2A|)(c+azw;e;OR4Su<;KL1@z=w`~E&HS>wjmfZa**=>#EH|=1_tNT
z*gh%-wv-w2MRzHfFPFAS!#<rvRaOY}zdZi4f0j{Z!>~^_(g||NSL0;fl7RWP4;`)W
zL6X}f<;Ru^X8RQ%b%xxz`8%w4!^@9bc4EET%ZLL|V9NU)o0dV&!pOoU%VofzkzV=V
z4D)iwHjOnEJJajy5e)vha%5A(zP`jlm<J6TE%VWKoR~4CYUMI&c;vin457W1kfbT+
zkM%3&=@tr?k<z>kc*Lz%m>#pKj(3w)Y15WnSQ|hGJMiCj`~`I1jDI?DY+1WRjji0;
zqIugME<A%D|E7=`T5qC%S>Ci}eu>E6>7TEL^p^6ai>d=-nMw_Gdo$wS3|TEYfG=#R
zWxF1-3H-IKY9<31_SrriQqFMh<0Rpf=nBJr!+O>Ay`gBCS}11ppLP6VS?ZkrgT9fa
z->=qsj2`dbtD|NX;Wi-!pqDh08rwwEZ-f8au0M&t5)wZ%ri|3B$rL{Nv3&>Lk7h5F
z%a^XHlkgQp@pJvcPO6-(gq(#zO3|y7vtC&5|A|MKSMc7`t~KRMR429oO${8wF>m^R
z;+QXm+jDK)v<-%R%Cn&{E86wvIyfUIOOgm#R31tTyl?K?$87-w??>i6l_mLp)DQ1R
zZvDG)^#V!!K_YdG>89(t&FWad>~Foh;k^-{_#QKO*jTUhZ{D~r=E+8K7w=`hc}g25
zIXw&@Ux55EYe`v^vzJn~vRlr~_$N-yo%z<#1&uk!+wz}n{+;|Qa$3qMOPB!&Xb(c*
zgCv|ByvU#43Nrr(lnkMNi2Om3IQrkMe{^7}paie~v<#(An+T994p6KAyvZLU<&vdC
z#QuY8Fzj!6ukcM&bw`cfoYkwM=??p>oewPkan;D@rwI9VEhRM0x%H1mbuwcA>>sjl
zNIh+Vf86-f(DZTU{QCWobU1l%s~r4sk-}%{Z5oyt@lN>hVA!t;M*`|I8ti_YH&l)x
z>XwG7PjZx!JeAtO;O8U1(-{C!{wk{k=q7a#_<YO)ucJS!Gt!kt^3Y);NIYZ?$Wo*h
zG7Ci3=<%grH-n+_o&(1R<x)xYo--*X`kc-SoPW%L_Xccduzl$mbp|l^0^p}FhzRQH
zoorF3Uw96pJ;e41Yp3;*OUDoBwKw@=pV-f^2+WC#j0%~HBEu()q&E@ezU=F!n%3J*
z|B4+as6)k*`*&s4_)c;K(Z%d|D&OK#v_XG$^4Pm_s{FiqI{FmA|4OKrC{-4XlKy^F
z8)REJE|H_fm3*IfloXi@!od4jrgSWhb<s0cvjU`ex#8F7#jFP@<QEwBcOi;j868Cb
z#sNMxdd^b#w=SQNn4qWfOB=?!<X_Ka$I{Vqc*`;)T*}Xo`R`5S-;TfYNA@BTzP(ra
z2e8jyDj@}XLTr^mhnh8r3O{>zr-a6q8>tYqRk#k;bddAi-;I}Fkb%L%4-cbtox#g=
zYl^$qF3Ot8-PFN_g}L2C-m2|z7D|5G_N{DQ@RiD6xQJ1tDGdAM^Y1%X%JwDSz%ihQ
zr1-3e%G1szqvdyG%3w<Pm<f~1ksTQGbA~AY-Q({i^u(6=U&-&gSE=lMib(Z>HM^)I
z%gsxtWWg6$&udR#{r+iF@pG-PavUS}cN?5=9rXQQ$5F~G^7!E$S&eaY^)$0e`ABNt
zVp6nTe>m*;$WN=L;eR+qfJQ;rAB>dGSG}Wd9WbkB1;v9MrrL1RUug>Xm0?s*m@+fw
zgxj)eLRW>yf~m3>mtyt%spG}om4L@_>omaB`Bl0g(;#kKJ#!RU1bWH6o0laVbVlJ?
zJtalfLi+uM+n<<iSb~R7-CXZW^G>bV4B)I};FunJTmKUu9^UZ(JN?U63BckXl>W|R
zhi)ttGX9lThHQqBN~E`^e^@%7BuSDC-{>Gw6e@Vv=vO#LO37I69vVuC??A(kkw5%J
zfjbZ30p#qLttFhMSl5=+nNx271<aiEFf$l{skk<eOnXk_TGgbZ!*jN2Bu3jLAt(^6
z=<|~8;cE--=)tnQ3V{zQC?)V?XvORQ1^P2}k`Xrck3z>^!!z4e{l&dU*z@Tjyc7Qk
z|C3@*&JJywO3C5{RB|XPwtXW@SlA)bapJVunqpS>WJQ;f;=@JzHcg}yqH&Gq8#=^_
zI8?mw=g#f>GGW>*H5_Vm2_Cb=;e93*zm{~6x&dQSF??`(glJIHLSXrig9z)LKSBwk
z-I0jip5ix`9P`Nkq_IP#K;9fq3RO&WF8Lomq>q#>RRocB&z*Gq^xUK&x||xnS+-`~
zmh$U?Bma2(#fcpo{rpz@IeRWX!h8)Qs-cJ?KY83R$(1v!oIpx`?rG^w{$@IcH{!R#
zNqwr6<sT9kzwYs$9Ur+#AAXEJjMRyC{O8Du^qkZ2@f+nCLAZAPR-V2x{%K(42gAE}
z@j)mbJ_tELyy+kA`?&*rAdC@6g+3K2eckdmY3wj52tJ&K;ihESI)U`hmjk*BBgz<+
zmAg<y6TJ)m)98@X7oN`G1D#7Az);Oj6Fv=m?b|d$G-n~e1oHT2<kL)gB*&e*cV)uV
zIgqpO&^9B`{56e!$JR}yc=7yNk2;U->7hCn^|0UQ#3_(#7-pWMPu|8q_XlT&f(J<P
zKY7|b&qr1_{cW?_XN9H=dhhx-JN8BA{+Orn5tAu1E&QBxNI(=88Dk<Aw;H_BEk@qY
zp3V=zB8!%okBdeiAZ;k$uXlSGnktaYQjA$8z(*21JNRQ#dJBvKEARoBnKJ^$AEUuP
zhoO)M_a;7rl(BaHA>S)kD5>KwcVUO`sLe$u`3?o5jv5aiV2`O_=D%V^^2=DJl1Imy
zw(2I^c9;d~|7-IfGgNHf_#MdLFSGEGcL+Z6y5&#x3!+&W<yWa%(?H`7RrpU+iPI23
zVy;+;6s>)RfW=tNpdoMc&jFcXwApFs7nL&=Z)S1G3YmZ`fhRO#GBQ?Wf>2!gw^<{6
zC~j-?OSZgaUeP~p`HLL~#wXP;f{ZTHRL`3M4<KlE^0=YcS3D;^+@CWMwYX>TXQV3i
z3&(Qq!j<Iy-G_=ljYUiu&5j;`laJZ10~OhEXZ~U1#J^|}82%t<cp^<&cZZyDv2XAp
ze0`voj{d>9h0iv;;cqITF3YkBHg3-FqmAixaP;?-(aNUko9drzaOBa5eZX9Z@!t1~
z5rN?M>)BpD$Ce3{r{bDA9|jQzNw@yzmMfZyAMG&p`C6n%caMKm!r_m|(X2AdF}Rk1
z{y%+=&J~KVqO7U->zP#iniATD{}9d()Dwtk%mYWXyZ0VyUpX%@s}AXN0Q;#wfS!0$
z{NMHZH)jqfG8VXc8-ELCO^_@Z)5_65Pe{e8O;rAfzi|?yVIO*T*>V_l;6zBeIQaLs
z`V+S-AL7T0FWcZ`LaA!n8ai+LUKmSD%NKpSqNYD&yt3ScBh`>WJ){CM6K&nT8|9dt
z$jFq{zl2i^4wQB)j%IDTX<0XXGUt8B-<!~%G7}f;iZf>}VEuB;&;|YR{VXe@iNC>_
z$$-H13rU7c$O8@g#=&CteCxy%F#Z<Ko*<bsq?6zOIIa$(sHOEfv~42I8pB`@x>vxK
zQGZ}BX)_@Fb(@h5Fv@Wsdpe{PM|7-?RV$-!G5+2Je+%DDe>&vMMk;=yOCx;0!Dbz2
z@$Zl9PIjJVg!UQE(@H5H83DsE*SpMMm7`!eb(kRf>HrI;KQLN8M}#uhyH@^K*TQe!
z80$ee(%iZCK(gn9qvvbz&yDDRX6PVkX3bp;hZST#;+3QS=gt}<Su>@V<0nqRc-T<O
zk*1|e6qJ#}`fJ-Q;e0@+TMM5|o;-F4^n5Oj;?Lk)RQbiqZ#({oKkKufgii;Lv5tdB
zGmM$7SWmd&v!q-9X(g>}+IgS)N7qZ3$DSgpoLR(}U4ihK#mmlPhp<k*k8Q>5`bRTZ
zIGIFBVhahbzun`XnNk|maZ>S@t!a<|oqg4TWQ_7`o^D;iwV@eg#J>+5k!ycm3E+J^
zdWos+^TVN!jwM=>e|SJnEQ$EQ((^JR>wiD`rxO2d*Pm|s&&2#f2M^9a`hL_01`x_9
zd4_v#`72QZQR&0_X>~dc)7gdm*Uq4%${Cz_{=%9eLpC~<+3zLZ`9E<i4Ey;U!+ys;
z9{RIIwiz4i@m)WDrzHGl^fZ~|HwX6}0-=kOuzo3!kMF7HHTs@3V~42!c3@q{qO;~L
zlP|v-6G;B1jQ<Kan{{19=q+#ZN4?g;aiH|gS2hs;o$jHB3Qqg_<$xYoFO|?Nb)0YS
zW4`73PuEMjKE%2l&eYuIMTw@BwW?S6-su0f`cK<}{3)+qqkpXYD}G-19|GUXv*DYY
z|0-;jwj4R2x3~4bl~E%+A^ayDyp6vQ`F~aa+VRIoxuofs>K>{1|JY=Nh|2Cg$X`ZH
z&D}}v-?%C>dzS~S0R0<O{^P^2UlpnGIcNBFbw%vsn)6?F>>2G_rm?2jUpT0qX(|Z+
zOEyOYY32fo3sbajT?mJBC@%N>i%w8HVAxNC=yDpE1%~DsvUkN~Ez5@-e`VW_l%#2L
z%EdqT%eNz2zf=A9appo&vMII%pwiUC(0@+fs&W_m%DcyZva~snDjeUC^zfI5cdyHp
zlfOwAL^UTxntgt|p=Mb#p^KbC3T#_0EYgqH{bH#^iWUnfA!7ofZLh+}7B+lDWGhGu
zd_rNaeGEfh7dUwAQ<^zQdf=zXf_^q}IW>?r=<4j==;sZ7k0Qy8tc5|QgJxqk;}ep}
zI&cW|chCPt8~2w~pA|zNj$q$!IESO7I;Y?)aq4X7XH21?om(ha{NuryfZHVis(k-V
zE9{AmezKBQMguPRBxQ|0jMz_!i2Yfz>w883Yk@%gPnIsHlx@Ye6%JH-h&{xwoB}-&
zv7a<e4txWJB?*zDt0#4l(}#AVkdZ$ccu~QCH_e(Mqb2NG$8?R`NNAL`7x*Zyh0uft
zf42KR#-BI*-zWTX?Z!xwG`{l3-nFuRMt`sLx9~$Fvqp=tTa*ai#$WL!0}%~gP>sw>
zha*cINJJX3{qk+GPR8}OBU-^RWk0A4`h%blb1BwnAmpqlGF04#9x18qhYueG5&IjI
z?#qTZmCGj%!>C_aN;DayS;D4vMD|x?k;sSC{u!~w!=K1xyl#3Q0K|F_5&P8<&CcVO
z^>i2+ukDa!WN)rYEwPt;UA>&vr38%Qcl3ew$;E#f<6ALeAN7`x>4=DZyyvhDmSJs2
z|1t=!`KT?(4B&(89mtBYbtxVhxnr5)jlaNF0!2OJ$c{gYKU>r-5#Z4C;MQg6UA!~A
z#{Nh?G#`y|3w^L{k;%eg#~=Guyx{;znXR}3uOV)+uL7KF0r%GG6g781O}TdsS&tPT
z_#L3l+5;9#w3zYbnx^8%R=uyWe})McQTxEQ*G}mnC--kgd510l=EmQ`xAgahKRXzd
z{;z}Yra$Yt@z=Io^bdh=`2SDouc`QxA{D=Fh=NOn73hY2NXepb@i!D1WPAYbJVM02
z-p36UOd~X|Q}WN0VRih+S7nYhZA2^MoQ0Ih!Na$0@|TD4gu_J$e9#W`vjhS`T&GG}
zOXh!@{!yTi8Vp&E?gmJir?1*?!+#&eN1&wlV&9Z@j%);=`8NDdpY{{^2I(J@Bu4ro
z7kox?PJr?A!F_&Ye^vg{r%NrP@PRHdB1qY5mZ8v1LxlMx7+XzBz`*oBjJ*pPh0Tve
zM1}OHm@ZrXgY@b<%(>@0ATns#7pZLLFoKC~&zP_2Srwi$HfmHWhmXD45K;16KhV5D
zN+v2wHk`*v;m>v$3BgEj!ksZ?1U{C0CKoPV(v-{Zg8$j@p=_=nKg#$^{U#mFo`?kI
zVdUS-A0yEik@gg+NsE-OA=j?maCrPG{fU#&4M?REC$^;dG^IpGO2$aYR1hP2bTx{T
zC7pW?#x?}&LCaU+H`hp@CNPlSlN|UUWO#x~$`wO@tADa#PfmVp=cB1J7APN7?~#G1
zLO$fqnGM+ro=Zk}`ss%<2mks=_1dFzYi*ZuK|bu*^|SnP;IP7e9sSd%{S;}o`^g80
zXtDCoiPvxT0+~2@jvC%Anb~8j|I#Dse-u9Ku^v0fZnE>-H+16E*>Em^lZUy9r~fzg
zFSot;^pjK)4N<jG$oCl05wXZfBp+mq_(E2$!s61Azw9*Z!(c#Mo3!kz(b{hO^MZHW
zW`QKBkL(Y-vBxdx<{p2ITXfbe5{7U_{^<NL9VvM^{u?0ba_8QCp7BS%ckkRr+hG(_
zAil%7!VN#T`ELgH@ufq|g^O3ED8_{Q1FV&QZ~WJ`?F0VehHEIQ%)SYHEB{7<*bWaz
z=yh&JQ@G8xd06>-*YL9<bHY4E{sK-t>X)DP18@LNZvvlt@iMZSsgDbn`ds&|XP^I0
z{^P-^;L}ebXGjYiC2}OBuZ|9fAjlc;?t*PjR$!YGZ}6Kpss%m7j3D=f5umT5Kb;6P
zO9uKgbtd)8QSFz}<#5J=(@7o}d7n9Yo(>5X|9Z8nVSA01sOh8GL@4(=_CUWN)5e{<
zFpj(d|7nz_q45&37cdP!qsJ9Nr7<bw@Emvl4gUY9@VU1;x6oj{#w|O^j-42nK*1q}
zrsdYu`M{=LlMc?F)<lhXJHm|G(W6C|pRiXX+vxx&u{G;Ad&QrIH#(+q{?oL<=in$n
zU=Gl3oe(*ysrWBSQ5u+BVCvPbDm}a4r48k2OrSjN*iHUnet@3vw*Cm<O#m2l?7fXY
zrUIWy0~$zEw=w9&J&#@EZvZj})u>Vq+w5GFVx@tfiVK}!sCSY51$}Gm*1Hb=G>}f8
z1icG7)dwGTV_YX-D*p9+!S<JeC8{I!^cBgQCx=XhbKu?k_jN20e`Zx`0q4A}F#OYK
z?+t%HC(6~xbxn-|H+@5Chs}RC{@*wK>71Aj`h{u7sb9?c1s~&pe;2G@Rw1ptm49Q%
zgkc|YTDMULWN-S_BWA?EAF_$ms8U|eUx1up99#Jt^>u$ub$<Q=)_i4f-z9&<e+*Jn
z7cW}C7~T;1Yz`FqFOUE1aLAcO!#?Dp5$D^TKP#>le<Lp=^`5RXbuW5@Cbu$~Iss85
zU~Jdk(90{a?n66%kT2Fdf8ny~w&3{R6p_p(VxNwlWzbIW_~*u)>^BkP0Y{xi?UB9d
zfS%j=kK0QzGsp#On^U-CH9RwORjX$8HJYF6#7x<XY4!`Z{8gz`N(S|V0}J|{58E?c
zy?R4&ecSOz{8d04_}o4q7uGBnE?$wMWw4&WM^!icp!)B>$$#oWZevE#q(kX)IQQ<{
zwGY|Q4#CM9^O!y%nN_){Y<e;oU_4Ooo`U0>eg7feT|2dc-mRvo_=`dB;+9rd2NJ9&
z*b=kx?B0V9mio*TphFdD#lj7d6>8VsUnEtE<g#+vOq3%pQI17%P&V}%zZ|m)0M8G=
zfrP2<+3?%0Ki%}7sqbxB)d8$Xsp@z?y5(Un+04VrU+Wf-v*z{H;WuM;WI;f750@xN
zl?tV0&;UA0iEaaS9q(Fh{IxM6=-@hG^iV03KPNJQAQe9h`-;3v|7XX1tLtktGHu2}
zY&G}0;>|2BEKBFt+;~rYhP9XN4}oXPno%?BP~Ph`Zg1WjwO8yx0DL?CdDqQ<Hs4G$
zuQkRx>w$cR%t&tjyOFl|*RN9*>vFu0p)TL=m#<zYyLRuB{hV*%EN$8+oHv6{x+$8d
zVd<|Z*awEN?yhLl7R~>a@n^aTWNgPm@CTpF*nXY-SvFH*Lii6#fo37{4`F~{gpC*t
z5&I>OivI=-`<opd%V+o>Wa9Cz#(xGF_VdEPbpPg6nbo_3!gnhjtN#c$9`<Ih*27P`
zFbxs=PY_-29{;|j8^W;PL~bAz|DrGJqL1t>JI%wKmufalK1OQjX9!9nyr&QE1uOsD
z!<wo1iR<Da4dfcq(`z$mjrZ~*Vm}ii)Nh<ehJY{Y69^8#dk5n$QHqQjNzat^QITF-
zQ;(zFo0m>tKkGhn^YST={UJ4?W*O~HTK&Fjm28>~hX8{W_Qg&k71|>sCXD#TfY#7M
z-el==NVzu5H03XsPac*vQ@hKfJ2!zNvgZJP>E>S{>N&bbJ1-bi+mMoE#9{fL@MH87
z#!jXLj~XYD8ox=TTbGU_+P^Oh@uy4$+++Ii&wI_)>kTu%KxTx~hFrJ<jU}JtDkT~6
zRn{Q5>77fMyMSkSj7yM~fklj<4<9M2gh%8r4SvNN57e@&C(_Wq9p!@8f1fjAABO#X
zOvS$(5&JlT>c7<4OM;$#wNKm^{m0pZ6<@-S|4~}0*pBp!h;-n`AZHEGd2C^bh~oN)
zDAvBRChk%G0=|EetVT8nllFj><J$A|75E+oX*+@O$1Oc9{oV3!pS%u#^USpQZ_NKR
zxYOC>kDu1b1{n5v1f{>lKQ^{)sM%+}(w-6B*AVsnCirJ8SRK*m9gyAOzD(^@RAHEk
zhW;rLDPA1TDCEbawuSKh`w_BCI1&3OGMPqvr1nn)*{<AWibk2w>RnOgkK2gkhOzpO
zpV!NV>3x;o@sc4Ge~($(?Im9|QKuTqe^yHHVOpuum67xQvS@GvY!!ku@_-YR{-MHz
zmR93-sNB$2bPh7YGH&@N{&7A?AvLh21lOM%W(?3Q9g3t=mRSNa6sQEpg*!4Gjs)hQ
z;28YbX8Qb9B|oxV+`oB6X7oaE*lXs$*nsyr9Afwmv2hmQT|TQkL9!Bja}!CEv$Ukk
zUm5hiBhxr;o$*(oRu4&+r@UN;BhJFX^#Z{sPKE09khFMCXCkKJSKeB}I7nOkssEad
z-lApJPVRxNH#T|nAIG1mj2{n<X8h?jZ=1%QzTpQ|*fx*g<d1bMd|O?AQRn~a`1`lV
z|9=8MT!d&y#h)apzYh%c{{Eqq?1mAJFnhRS*zE9=JjKDQmvZ}Y1m!kZN!WUqPbo5-
z_&A8Dq~X|tXHE-&<OyW}n!>M#ONpBs=C7%OvN$m>ki73SL^${_1pfa%{Ub$-E%gR{
zi<Jh=TV&y@{MU~ue1_xnp&i&`rH8}mx95M9=uwcCunzV_t^$L5SP!8no7^LJ1R@VM
zAoZXlU<Nq;@&hc><Z=&Y?lG(K$ET3%(`U{ivVN*;_;K4S@^=uPX-vh>a*Gj-R2b1S
zagg1p4$%MrKmbWZK~xr>fIDJuMDCHOhYSC_NG+}(D|IXc8YJ2d<=w*1oD(U(9zW9d
zNJB=LY~8R-qarqKMru!_M~n&M=gv*vX&U0OlV{4fi8CFTrkY;3;Oq4pjKBOylRF6?
z-U+uDBB{<{ugm{*{LO&jjUTR$9YwU+=kPlFoAI9lX|lh7K_N@VbSev;nZwa9q-&R6
zgJ9T)ffom<=hi<>Vc748><f4CLCB=y*J6r8Q2moP7YqyIfgjp52U-Ihwrc5b;b+bX
zPeSh3iT{W~4D4e&`s;y`J$q);38#NAV4T~94~hc@f1@8B1DZDSA2muejj~fYgIAtY
zS;3!1%Fz*Hrf6zR!=8YCMT3JwGZ+;q*WtoD_0SP|<#8K;kz=OHM#$&?RsEad<K*Cb
z7s;F{omcvk4_$k}unz+n=}*e=L$2=K3$~T2SXWMCA8R-M$&)6QwMbpcqe*iZ6!!e2
z@@GB(j{@m^q*MibICj#UvmE8=!(@qN-SWA5PQ%rXU3+mC5HSw8)yC)%17S=i-wpj)
zkTSRnhP!@Wej^uPY|w*^d01%ppEOAlS+@c&Z@51KI%TS#>7S`!;G<PXJ$WjdhB$`t
zpT(bb2*NG@Zv6G3rwIf9@5Z0$@_z?@{ye!f%8bO|2l{g`ApWQDY2;%n{$q$%tyry5
zApU#9KgCBMVXKqQkh8QP9ElT%N$3jnOV2N46%6U#)*l)Hibz>T9{M6;|8?}wOQRI`
zr^VrUfhFU?NB+3sXU<t1dj5$A{}|Dt$*AE2)G%+#gY&3Iqs=ZjnhZeHD~(#g!Kdu6
zfebSP%}D5!Dab|=RR0<H+C9%7Lyi9q|Nm3?n$nwFZ-90>ZlU+w_;cK@!Pp{c8@0f=
z#kLH3LF_noob@O7y5GxG{NR6wuKgXuz9E4d{~Ry`F;zY5YASx{3HSJ8O6UfR*gpru
zH&XGt*T2!JCtz4L*(3t^&#mQlLQf3%((unf4fyMZ?@j*P@L9`^zZ<@`Xc{w(yYSZ=
zm^X4{gJB<rB@(FwB4ZhO>4wjY1P$sjGWLRIAW|BltS>X3&>;@=D_OA)wj()<VdKar
zi2qTtB(fH%$pI3E|1Rn{l^|YRtXmkd?;{1Vy~*XPS0!JroHAwnP&M8dqbv6+r(wUg
zY}>X+nj*!%(|PS98%(ZkgU5hF{W%5t^M6VIeT?m72K6!X81V<Xdbr1b7tUkY8p_Il
zPGqZLN^Ww~Z215=LtV@NZXFS!3_hGk<T5isQEjnVMrju*oCgjpzp5ikQ2ux6&_Wv3
zuVD=Pl+S<Z{fmwubDV4_B`egEQ`j!RK~QO<JcX_z{&v2#_%oVn8{~$Lo|`sf`zdU5
z6BAn$Fq0IYjh#G0#!i?KNd7oR^Z*S_%6I5%IC^H!4}DGI@h||)x${>Y3^Y<4>s>gq
zoP)!JISeDav}-Dj8`P4Em#@IEUtJ&ZN$2*>aKENp!2DGh4i;|s><ZVv)`6xNGKpyB
zpnov_EdSYoq|kY5zsE-`yk~tgdNQJ_=e+{obTmN!>9rU9dEa1)vN*BwXYX?S5jQt{
zmVe#&i;nClqcM-=gba`tY=Q02$!yndu9HW|`HRka$$?KtU`DdDZ95)JWdpx!XF61w
zOesan(6EpDPzanKW;up^l{4rig3|+KKKw8V=0vQwaNf8T^b#CQxDC+i?`CU#EvMzt
z9`R>oDjGW6>94=+fipl8WE^3!w_Sf4I7(o}lg@X?kd324bvXXuVQ}leE|jzSH9@aS
z#=!?=S>EEG3+o_1yl=5@Drb0K(+gY^=b+<%;;5lW#h(-J8#`dwN7_~v!~Yh39%M3@
zIsxk!)Fu9^!`L7Jup|UQqk?eC_oF9xKjQkcAhHlK+Y+nkdm}S&c!95i#HL&aswjMJ
zEx;^#+#<~vhJ6LfHu%(b0e4xR_%jO+9hsQ%O}oc(cu1$&U3;)z!d4v@E?vSs^VHk;
zM^l0De;4xabml+C|6Ps05cuROj{i{pLg){YQRnGlMy1k_<I2nUbFcq6M%~rS`K$Wp
zb>shknf_|nPmk|G_pT!XdNarZ+#LP*uHU~i6sW2xq3>g_Yo>$_PX7_UiP$%W{pnrH
zAQeB2(1sP{oi8Kyk&6EY_FrB&q%IlkJPi1;slYG)`Kv4&Nyl;?-uX{Qf~t(z$78>4
zWpsaUH~!g5HI(e-koq5nx<!K!k^7$3pX^~uqy#Tis~emyqQGc=TILT7aI|J>>v&00
zg9I<-;)#RkFFI@lj8)~clJzA=x#l?Ym&qN9=>GJ4oCW)B=d9F9UOayybNW`-edFEq
z|1=l&DX-g8qtpGml~zXzH~yAv3Pkmf57KKFm4fIe`{e1T77$7JQF^J|b*lD5yT|(+
zgW6v}<}VH!&BnLL<(%`ezh)K41B2>EFv^BQDt0oS_q9H+aK3tCXE~)2^m+poU*$gy
zqHz*475{9F*jFGH5wt=4!$#uv0-qq#81y^|CuDq+aLd1M$p(_6d~=0Axg+R_NbX2c
zW5KWwdw@@9(<Bh&TpY9q7Q?fLcE}G?dYZC9;Q#+w|Jd<&?zi2tVqC}9;-4r*CaKtY
zA_YRGJB~cBmp{sik7NUXvX_S*IDZ@lW#|FdLHftX78}*O`6<<>BlE}O`!{vZ`DWj2
z)RI#=6;s1Lw*aWrWiqmfT!s@6qS_%JnM%}_JQZ6bVt=DL*pR_-xphO2nG{L!>yE5z
z$nfAEf3y`f9JU&5`^!>nPjThcA?LA`4)zLJzVMF2h<(cRim~ls*x#dl461(<p<hgK
zA5{JcpAw7*+84_0_?BiIDPr0KKJtg*pL!P#RmdVet5<o2&wB3h&pPZ`f{)U{F###{
zaS<S!uZ};w^~ksuxmgWB{G~|Ue%P|4q}smdbi>173OG3V431dY%Qb_;hLegv82H4K
zjx!DDI0N)nj_m-)m_4>JZCCsLp7d`}`g=yTK_&#gG8R02$Mp9^?7Qhq3DP;k5hcRr
zFk+d26JD6hTaQdCer1|AM8(Vm>t>;+<sem@bo4J9!<n8_+U%jyZ=T?xmbat9*0x3U
z*9tRRLMn<7_)0VoFogbY`J-{YR`p84h;15ODWZ%d2oEDYC$lF{p6K52l&N2_H~H|9
zljIlth7A|SsaHq1_b#Q^Qx9dIz}ONId&=|vuZIrH*CQuu)SadOZ<xSnXx)g9j;-7E
zmOQz$8DlX9*F&V2tXRDfK8y!^xMID$xw6YNMj?TfI}lZH=k{Ga=O`f@bND0O_cQ4;
z5PKJ5uV5Wjj{KWFCaWPm>2t|du)LHmSy%@2?u43-fear~%#izM<B!_`a9aTOsC1?J
za{Sb3g@MkzvHa0+ki+*gS-%nc!|I;7sEmI)j?pmng&qHqB1Vu^-_DXmi4rJGM#AsL
zhcxbY{TCLIHEWm&wo7*y_SYcd4ON5cA5Gz?d#b|lhKT*w>7TrLd}RvwK$Wx;AAj!L
zxr^Qe&|mq0XV0EJlimYIpbyVYzj2S1_+hznxsv#}o>#KKAWh@DKEmIJk00w^_oq&s
zQTd~@NKK@|XEY)WON2r>3+p(MJbv=jC1<}u&L$%I|2K6SVG8|bjq6JE7*PmV`5rEO
z7^UM=)QbSRadJIy;CK0I)I|9eQN8bi{|0|jgj9Tg`ZrR9h_dRtS@Hq)swEsocJ0}_
zUv7f$FJ8RB_^hD!HDVuzeOxI0vmx`vT&C&ASSwSxzMMD?T5C!C1%Xq1^dUal&Q$uV
zfk_R0PQ<>}6Rmd~^#E3}Bz!s<tcDyCOk+3%>_jF8H~yjUa#E>6aVb(TuVl@fUb746
z;s$je;^Su3T20M12e=L@f8Fp=x<Q?4Na6OE6ewOrZrr*Jd=$7Ti@$*m@b!Ju|KEbo
zG_Dho&Xwbj`sF0_3$YD!{0;uIV0dLp-*wmryj`b$sIQ#zD*q8NPF6$CxK}NqFyq25
zL=)eFoY7!jvs!tr?RFfZl5x}Dq;}>9=X;VZPnlQrj~hPs)TW;2{KJpSx3I4^*IWRi
zhh2YhTa~`h^W0n7jX(EJu2{B&rXJ6X6wpzlMMga|fclT%>{X>^GdQ!rxb2XPUd0xE
zH$+L+uUlQy^5!pERmYM6ipuy$oJ>=^Hs`js>7Da82>x0RRme0vdM*A23d=biWRqkz
z{=E%+Utgx;AFcJvR;ed{9zPujeu|Hh>-<4H8mU1Uk-?-$5ctvIH1X3m81~UErs7|-
zZi}7=#a|;wVPInKnaZ50_}%z3La+fMQfUCBfyqsOf}|5(C8U)vQYath2k<W{`DYF~
ziB+xLT(_C{x9HD|1ayocOSqRcw}f!ZA2SkAS6w*Ih;SN|&HCFnD-8R7H0+C%!+yqp
zVk;gV7XK6<CsRI9*qb0idpith3F60<El9=BqhN_@a^><h$(J{~Oon6KJ>52^jPj}-
z(l2v6oo(A;*oOg)LPnbNFX8v-)LQDJPtUPeB;}fG1Iu0uU-_saXKDuJKl}YQ@@Mg9
zeG)CG{F`}frZbNj{jvwq=bXo0V*T=Yb*^7bMvzsU$IwT#0>>m6e(6AhbKO%M4i=sR
zK)Qnu^_dw05&LG#2RsG*u_FdSH{_N5SSQr1-`Ycei+|6qZKYnV%5Y4*fXL_CrpbRW
z{{9aC;ONhJTE{K$D_f<396x?45dArBSARPj{o}Z$Bi&CP^hsokKes)~RiJ`yWi+r~
zCl*Ia^;()yf)%{MZ;q7S?XiuKb;KgwSkD{(^B@DjG)8oTFU4S>KL@#Y%U|aXH0;-u
zi-?RbT&kLf|DEA@(Fl9KUqPDo0&rTf^fyrak!8y<kOD9rfX-okPWW#-{@8!wLHT1e
zd;{otW(z1#jC%g|EAanY^6!oQqy^W>6`gf*R;-ihMC}YuvtGhHb`nlnN;lGlju6mG
zM6(3>3j?(s|D+o;W!0-w1$4Y5#c9~r#sr3aWXRD>B1X>sJaO8z=@dwj0`tSNnP?S`
zo-JV5hl3TzpEiItEPO3s|A5GZ>4wiLr2pHlKUv?(pC8_ja$)?h+qg~Ib?&2ZENK08
z!SB+snKY{Zxm<?sELft7NB%7S`5<TdK7&^1D0vq0t2o&LY|thDOvPUye=ax#n~43O
z_^Sgt(&m%AJK?N+>kig0IHx>m#1-(sw<>u8+3Pd#YrLm2w#Q%7^Ygt?*X3}yJ#q3Z
zN;!uMJ{t>;{&cce!#*8ykQvDv{VD(M_rK68XC<&TMIJNX>U$Q)iH|(Od|RbfGdXqo
z41oePfWHR5?JkKN9RGvD4^IC7?eP}^AB?ug8_J(89>V_+`42k&!-hx1eg<RMzjSP~
zXa0E~<DV&^3&6m14+f^0Ffgg!g8s7ezgz#sr=cBt-cyfHhoSiqBKF<--?waI@h#m5
zhW0;Y@!)!1^<POu>@yYr(OoMw68m-XPs4t7z@wg51K?d`2*7^|6GP6obYsa5nAgrB
zLjd9Nc#q>R4I*(1)$OhDXY?p14`4ua;~yM+8b~X5nxv2Ce^DDz|0nglNd3O@38K@l
zojxLqhcyA81KS_MM~W^@N32u)zeAe)i^qNmgg*)F4L&1=i=dx)DB90kG<1q2f?>ZB
z43a!QeQ=xn^$d>w&ium;sS_O@{`K^!Y??cWtkL<;2k)7cVPH*=+yp~CeRx+>?mx!w
zUr!%NrXsaa+Xq_)be1!Rx4(A&tB#BTagwBjVc(?Ue;xlVe7n4`^8W#{8C2{HdO|K1
zz`^3?#ZyX8{qr9AZ{b_{BhKFF4<_jo{84_r?fNe`{Qn930@zzUZQk;7=jvIR+Yipe
z4*$Kae-eJ2347WbI&-`~z7u%-1&2Qk`#E4RzIpM4%-2j4AcX!iqnC#2sxVZ8OftPQ
zGJhZ?KOJV8G8I1xPU*n3`}bhb&LCA8v9HE&6V;x%crD3Yv6cLZEsED6VxP2#ljIYm
z;-7`O{xXx}^7b{{H!uk?a`d>;a45dV;8>!D{lj{$e_Z(cgkdWFT`IpTkj>#NoFCl!
z&+<PZ_O53p0m|Q*gIn>v{3)RU5-~Cd;nQJf<D9{GVEUqb(~<(ieihwT;Qoy(GP_qr
z)Wp*u<KOZ>K?=a@JOw3u<dlxv#|{t&D%$7SbHLlA@C;{))bAsybC!~`hj+@#@tp}l
z;W%B?ZBtZVBNNIZMC=C#pWXi;WoD_=aiU_lWJrCviuC;k3fg1=dxVTXl^?hKdE>t&
z*Xzcg<-aAbl|SX9lAKW9AN|9IhaE{%@!Q@);LU_VK@X+EU|!VNo0n#=u-9}kpdjG5
z{RmN_#DM?sjNY8ucRaIR+xn2#_#epu;JwY^z`KN}C-`H2wRr>im3x*z9GGm)Ax{YW
z5c&rze_1l7m-(}>cMIg@5sdNU5yit4+RGPBhavxnbn5<v^y%3SdkW@KsXLC3K4mM{
zlPsAt$o!e(D4}@ye=1`q`DqHr?-otddYuuy*{3_}<y65w4nu9(iuFA5e+Uu#G|rA3
zji^Y!`6|masx(9@WsZx(NWWaOej6zDzwGdk4Cz0W#dA0zJ1Op&A{?S_$Hd>s|EH-w
zmhYAzbq)UOigf%HvA1B3Y*}>A<r;NcDt_-`{AJ9LRu;{jz^+M)wmq?TC?-{0*zwOj
z(YaqW4Y7>2)rZP~fbq|C&^htJ^t%=7q&xPH)We0Vt;2S6!U15$l;LRKNB3g=V%Qkn
zj(~XTe%u@A@rj69M7*u|0jaW0Yk~AnGkg&0z(|j~_a$3Cq;N!;;Pg+%bf3tQd6Si1
z^_#Yb6Tz=23w;Cl&~OTiOn(#o!#Y{AWY7=1g$m>$Yh~1g>Dc#vme!|XZvL#XdQSOd
zl-cgRKg;)v{nUU@IqTi6JtAmwD17eYS_U7%vt&*u3m~679zA*@<0j37k??2vZt-+Y
z3)&g9=-s286hM>=X>$Tb78*&t@jn(K-O9iT<Q5zl7^U+B>DEXcJ@E6U@@M()js9$l
zs@@xX3yQxM7U5GqW=<ZCd*J)h<uZ8a7)`BCe8~458^L!RoqNEcgM3G2&Oh0?cdu?~
zAsWfYJx6(1_yr0e<HYD8N*9j7{cw2Tp{b;i(wj_b)xNj<2&Wu(p9*2$(FtQHt3Fbz
zVH^477dT3=RrHVLEPTZuf3kw_4eL~wLIv}nj=zi^?<bQc&wge83m+jIq7RoL?Rzw&
zV%`XR1}Y5v2?YOb<WG@i=Wtm3|JUc=Ow@yOCux6Mw(EgCV|M|AfbqvDP4b@(QmS9P
z(4Ud6jEeqV^$U3Y8vMEa!3-x7aN&{_GHB>1=$98-$LN>u$XsNG;1(zAaZY*$9{;-4
z2cnAaB9bgSBKCO%xBf|otuvMaKekg3sm}K>)j1C|>z4nZ_q_3+b+TrHoFM|YFh0hU
z6l2HFz}7OeUV%?XvmNV~NwgSIW%Um~Le9QWc#e3y75rf3ADs^l|935aW(y4(_Wh-0
z2kd3N*%|Ltw)j^te{PxRjN956??3-~P*D!5|2h8lZpDiv>UHQk0EYd|foNjs&#i4{
zOdX+Z)Trz1;|;po@lV}S5IRN;`%IDU5ZLSZ!?Vw_q?d+>ye?D#UfU=%2J-{A26_|z
zzYqFrWGoEI>~D$kwbTIY9)I1C@|qb5&ci@dR8zeZc^c46rWDe(RlA<DaVzvE8*%V2
z2>B#!C>P`d(;>%mBKBFQ01W$=E?>po*2riv{%d5{p%WgXsRjEgH<A{O>mn8ZZYN?t
zVEly-7hbk)T&50~tB?t)GuCuG{#)_~K#HQ}Kd$t!@Hvmo(1>pzS+sbCd@+pr<u722
zG@H<6+kaf9=bd${j}15{(R?&3$1E85IRB9kXJLp}emnZdZ23@K4b8@Z1W)m7#E?Ex
zrc_~d4$EDzg0{sDu~p8$laLLeKpyUaeF2UsFznk7<M%(+KmSDjjKLM-7V@C;?Uo&Z
z;B(wg8Z%h&uhp=%{IdUWApAc`okEsly+g#hVhvfbOmSg0je`e&7hUf<<KH4^@u&W2
zp((wa%3Z7nZB_`<!5jX$Fy8&J4&nIcmIvn$8BL(7Kk(bReRFA|hW*P@s8kIPIhhrJ
zTSzbpJxdN`UV%fdd;L@A^UBhzTRX*{MoMlyLHKVw{;d3k4;N0hV?0EIBlBvkCpuw$
z#KVn0S+4!(&3}piZupGsqBCRzII0vbm`nS{_0oi?n8(mZj)`1&51_%DS2gOj1fP%K
zE*?7LZ_;QOqzmLSsrc2f&u5IFhXV=LgRIvE>$>%ux8aOeXcf;37s9%36!*Iob%f!z
zHhiiFek^>e|GmxsEN<!lw(C!}VPVmshY|bBSFXiY6GPZjl|T3RxAI55*d9*HFX8OU
zOm0u{!IFp7KeZuey}P%?9juMvba)5Ohs4g}uNSP~z$YC!7p;e3zfGs!o<3RpGo()=
zi|28lU9+{#9=sp%!s5^SJS=>Dh-=ncG6x?SG5%WOy>au_UD~#V&uvQLLLWYaW2Gl6
zhSMjDKOMAn%Ol`m4Ey9Uf&V>x@|Pccvt&spja1I^D16U+>w;zb%yunLEdGDTe^k*U
zDE<l`f8O=_=Rd+f1bztpG5#o{!Hs{8wGjDtM)7|z{=;Fv>7?ml@Op3^#@x-X=)ZS4
z{?ivUhJB`lp4qdavMV_KYg6&F(0mvLZ(cnUi2sG__eNUiGIEWn@dww#vsd|Fy7>_K
zIAcLMxOuT`TRal-5wQLVs(<K6Pz@3LY{d_ey>uktVe$X0Ohd_m)c<rOAUy313%F?Q
zx#_wWoc>LlyS&6rmRc_Tc|Z+^4(B}dj}bo^_N88=0M<@II_d+P6eRZxPyC55Qrn-A
zUpLHu1wQwMFW(mLL6~1=_C!SSt!uymTZYv}Dr^{8Z(cYq3kKDBW&Sbg<-b#Wmyc>A
z=a20pc9JGfIf<7zHKN%M$nl@oqYt38i_|d_B$HbG&`*rdwTMbT@yllIQ;c}Y(f|3l
z9SZPjYl{EZ(cj`92Yc67N2+tqSHEtUi#^PdLLZLAoPWZG36Fi)x1x_e8nMsJxFm|5
z>-2)1cJ6)Nd$z>=AQe*a&ywBCC*r}Y{7;p&up~~CUG7{4JvSm1Jm4r1*a(g!pl5|P
zpeHV8^(e1~TsQs}mN)t1z2Nw7<&O@0Nz>)R_`8GXZoDf5flpGq*WZ@@p~8fb<Y{xt
zBcw#Xa`HEndWru{pWS^53O_Wqdq|cxho)}7dgchK!GRI9c51#cd`|^b437R83RH$8
zPZv<Z-;60l%WMBh;2`UtSP7C#t^N!6M3%zw<jQH{WLQD`L%}W)E_`G-Tt1hl$eLi`
zXDC=r@>T07&!0Y&$?Xek9X_*tN}UbPkq!GJ6T?fH*e<{L;~h3^gh<l#n;#)!H0&2a
zdk>I`KZ81y+;g&t5I~k<wRPY4<3DYXwSK)7B(pm(6+h+u+u_aS(#eA!SgfNC0$uSP
z9{4RB49A-DClvpn>#tCu!bqzL_~wI-E+5xH&NC{V_y*yBj0DM~PQQgpu7zLJQ3nR%
zrk!C07p|V0u6yJ^9jfxx=!}T{%Z_3HRr;ff9)wp5@Yvsl7`N9iobW1tLE#sy*+tT0
zYmHl%&&a%iH9R!2@>jG$e@UIAgj_#+6o&l<L{z)$P5);rX`=gIBKVMw7cZVZ30eO@
zF32N0{)5v0ZS{{g`s*Nc08rGt>7REEKU{<$hJ7MrP(}|Nf%n{VuALtpTTCB%=W#g5
z6-a~!>I7hW$$~so%55!k=^0FR-~|y(!nSa&V}V`+j`k4cajN@N*!v;yL+Brz{LMld
zLhds@_^Yvqp1G!bb$`2PiX1umr&O-dL=_`bmv%>r(lIcQu0XnF%GC@Q`5rvDFN24T
zL%pk#CQWKtwh;A>{E4W@rYe6$3+2JyjxA*z46-Xd`=g2+!UV=>Y^Fk=;x|_ZLfEij
zWYO#i*dsnQnB|ZC+vm%OQIkE2IVL{D?LovKCo=98&plV&@?WNOQGAq0uaW#?@X-sw
zq-LDB#^3i#W=Lun_zxZWUDBezVc@mdAL)G;EMD#zj{kK0#f}+6c5lI6#DKqP^LA;`
z0TVU*f<K|dgq7uRF8KJvWSUx3KO9?S;-~}GGpYEq$Z{Coy5YkW^@LT7LC1eNe6am$
z5YjIJ&-P4_ymqr^{MSOXTi;$tO@v0fA{9UPEY<@s^l<bKQ&o29&<wYHq(ZgEaug{p
zwbLvYME@|Y`rfT(ujQ54ld(%r>?=gg<LIBVC5vLe$P9?+y$fUQv;h4V3Lls|w$eS|
zf8Kvk<%oCz0E`Z3lWCrDWA&O%(y{vh5B!-^C}$7kOE@fCx_VvGU@!UaAZNe*PC0`|
zF#1;na>ft&V<tk*D4%GT>7ZF}5ak-tI%(6SgnUkuBftLvxo%3psFxS@n#<UUkZWvH
z!0x#D&uju)*DaNZks>HLXasMGw6>0>Rh|;Q8-Fe^2;ZCh1)4wD0Rr^Gf4xtk@j`#z
zBRu8%U~a>K?JHnt`vH4iTm4_FMg{59ql1>~jB&y(80`4hl=_Uk$FXh4UPO3y#hG?Q
z|4tkO!v-8Bc+l{1^X46WtSP;bvX%I5qXDUP_dxhhOr2*~6JPM}DbjoIgeo8)y-A7m
zCRG#=B_dr)KtQU54k8^zkS2m4ih>}b2!vjxNbjNdl0bkElI+dzf1g|4>~pej@|@i{
zGw00Ce7**}Hb%J(uyERYulLm~*!lHF?LrMQSZS_~<Bk^@<HA<09Xs2WTAW+`bAvlo
z`Ten{(TR%UZjwkbji)NU(pTrAo9u$j(Eozo#mybijUSl@h(^jeA(2l(Hs?6^O$GYR
zgbtlnC}uF_F$VMs>#j6zTsBrIyC9qy#Uj5hM}I!?fU%0p!%Ci|D(x?M@vJBA`-!o>
zw&<6)uE(4HFDT>LNO4SNz{!|g7v;sI>aF1TA{#ifAi)-n-Zj;TC#Na;=rwy`1YA$a
zFOPN+s3d?R4zA4|#~5z^pg2{FK<|v58i8sZ8l9W<;K=Vp(MvPVY~KLdvhrc>JuXk2
z%}Dd}r@}TOMmaC!En)DS^|`S`NB8KsXki@a@#4X3$on|8#|$`H_gD$EB&wF7kNsyX
zEruw?x^i051C$PeCMpgQ_;`c3BJHkMj~U&}!!gVm`eI)4IKXQ4sxv%YYDKEq=@-=>
zqhLNXjVEgwHh6J8{97D{!ZI{6(TdmBICoi~`FtYf1r!6zIdOIT9-K5Dh*4v6->XSX
zr5(C%i6i}x=K17^sfyCx$b?sfuh_Ia%nf<G4Pp8u<A^m*Zs@VvvlFVPJ=OQ@7Y^TL
zXj8kSy8+DKG`)RmKe1%T-TIPg5XL6O7_VsdRtCbhejqZERupI#+;^Wm*g$>gE9K+a
zruEE7xuDTtL8oj*$mL2L*jt8QaOXD7<=`V~P_I9NvvLhl?_V&eSGFd9;QAtuiAVMq
z2V>Ll0HcJ~CKdhFaN#rsEY!T={^Stpsa3cenERXpEpasEJ9eK4{W7!hFn)+U+(fL7
zHXoZ2Xy8!=9~|K5@wVXhUpSY;>l1SFUp=O1$D1UGsj6dIav1?O*(l!g{5g|L5^|ik
z$HO&_Gt&7(G96{TJyb(KeFr=0hBV2nAfr*5@8-X6L0|*Ce@6kUUXD1P<ljJpvM5KB
z!&nObLY=_iaD#`u6h>qpH*}C@W(0@*^rPDNc+dWg_$$D`;DWO|${ZI`V&p;8ZGQ->
z>3*QZL63WQTxtIHL3#Ucfq^(fBRC}$Jg{q2<(`hqJ%i7u<+JrYdl0(P0Mm(wvvP~j
z@ql2qefj>YaD#+Do3%>Ie7s%X_gHOFTsIuaF)O$K5PMT{ph;)?+OU?$wA{JVyr-cl
z;BCb5>g%i<L>f7sC<)-yT~V{)5V3&rytL8=v#-Y*A0{2TA>^n6&Tru7<j$3LFiffN
zV%TicdvsGotc4>c;mhHPeFv)vNmNPbVOqG1B6_7QCPZ;}lpP=W^P3(`MM{tQZbC?X
zqLt3+Qk)+XNQLIuYV6Me3-*mnpoklJ>@ovLFbV%Ep#A-_%HyfABey5>FYkCU6o#lS
z1tLpTU4D7kt-F8I^U%fs-$Mmr?r{u9kcpwkG{s^hg+vUm*`?Z6T-<0?+r77INGe74
z6Y|}<B3>wkVfV>QmE?G2?y{!d^2KmT>+hE|*QitKBm$0qZyy{TjEwvpIXd|J^ta@r
z1%v3*mF^0>+7}ph0wl`D-9^~W2MI^~Q(3W3XhZJxlbYq`jiiV=^Aqa~URdoOjQuOO
z{SYh*0t{yWplj=kEp-nt^^E(RB^9xTIET^h$bomXIB?0AHlxw`AkvaUV31?TMA$bC
z%!qgIEZmX%dMBphP62&Hae>;+uInY+f6i2DV-R7nf$l8mW-8_>qN3)Dlzx)do3ywl
zUq<aO=1%RjSx-YA?AcJ%yah-3{hBtGzvu`nR4=oVYdT3@mtAQ8Y$F&7bCDdB|IzK)
zG!AgKMH}l9(aDC%Fe=1<a@uC|MBW6z2~c!Is%&JZJ}XJWGf4m7WfuD-Wc@cix|b5z
zmUSfe)V}ET_y$*5Jeylb>LoK*{GEIy6u#;yKk^QWWmT(sRU+Gpx{|vSlBE;f`Pf@I
z?57yLrLZweDr^hs@nESRZC|})ayAS3!<vLINZCrP|KJ3ezRFq(VW}_V(npnQhFlA+
zbjHcpeHYg=ZL;km_$J}n4Dk(Ntw%XbMgw<^&pVl?sRf&6XSZeu4-Fq@`Kp?HX{RPl
zV{hNvkUK46|1#yMy#nTUa2hFAXVnE{7M`SR$lzo$ax_GbS8)NF1P)1j5qs^#y>h=7
z%9ZIjimqw^(-m-<IH=}+8hBqV<BoRx<#iIy+J$>3Z$HaPFdinxwh4dOdL(~_o-gG)
zlbMLh%4q7QQ`4!lTJNUIVXXbS_V^|^TE{dRgDIxQj3OUL54<iX*$da3{z`CIt;f%u
zyvZ6o<RRrun)rU`j>tp&;4*>Dop9uu2^dM^tPp$RngoZSVN_-ke$r8^i$LbPM@|sA
zfW_924%}`0BgEStUT}*9gBG|XiHX6<q;+c0t$PVZCTV8(+BeMt2VA^od<@019o0$=
zw;liZ{*2P53Zi2zBKyY&xjIYwm1y(p---rn(e?84)%nea?}6@G&JZU;caKL5<!nMW
z|0Ol-u->uW<EB~{pE_;M`&x3yM9+JCwW0^P7Vm!7#uuif{w)w3Lq(7U`g&}>9ZJ+(
zJ0Q7qoieU}%88x(!u93u*P;C!jZk4^hfzT}E~5(5H_UMFR_kZ<#pS{aw*}}I>uW+E
zqPvaX++-6=;8SBf$k~nGm&RcnhP;#nPaT=3{%8*l8X{@+Q8Rllt#Px#${%42x4V0{
zJo$$1s<%BE8a3a16-p(km9$oSvF6so<#=&M=BOgjr<`4Pn=Qef?Bvj<Ut@fK;Ze!7
zWbV9l4O5OImM(>^i%|F;qUDqla7y1Zs)+7XIwe<*+Zh&cc1pJ=oqexp+6F=Y4BuP@
zv+Wh5%HmdLa!<DRF5iv7@ik5*tSTEklhOx!981<A=hsxPRy0iK)*!2EYJS3pi1zDG
zCReLQuagU6@)}*10&<1>%8{SsKJnR1zrcUb1b)%P{bR`YU;e~7oBv%GrK^r&lX%ms
zU*}vZR=~gbTX!qXi&HjgI-W&Sk!%FAKp0!6$F2H&bbQM_R(e9dVw?yN<tj1rj}Phf
zRKb2%0#QPM>I#A@6=BU+XQ|!}rm;D0%|J#_K`KSIRD9Tl`bK*CZhGZ1LEeo9SGLaV
zI;yjYD3#U)iEf<6L@HMnSXh!5kKM79B{@?@0yY`pHPwz{`**%?u#qtmUStAMnK~j3
zj~^rI-3#riCpyQ>=yz&ww<WtzzXpUSkDqV&7_DI?1R~KFRNChX?QPh3O?A1*q)bBn
z+QHCe3TKw2i(Xbx{tqvN{;0EkFDdHO7b&71n)8Ytbf-`>w`%0ySgVz&;%z{u_+BjW
zBl-6D43tM4$B8s}FZ`B^YGa7{?t_*)vNH8!=HxBR=4j%vDi9fP^OIkGq6N9qR#eTh
zXQPi@j@f3Z4JK$Cb{(JG!Ws*(u3*SYt}X>fykxF16_4i0ylsoW<6wMpqQRdYbEE#;
ztf~bj6!|I1ZL|IN`2~X_A^pN_VdRnRx4#qPtwDUI)K+#LwxfP>ufN(SWCBBP*F~iD
zNnX}GYO>J=V9B2L+&`@k7hojLdqwml`X=qlcfT{6F!`T%Rd@%v=bV$b(7pm!<C!I#
z`Bjz!b7SEAPA3EOG9{h{CM(k8p)1nOk1f{ybCW_UNYfHzBDJ)$SF(3YGY=b)bQ}5x
z*9;0~6Lwhctrm}JiAhJ><`q;Vjio3#Sw<V!S~oA#Hh*Jio)(+QgEc<A|N1TE#m^4{
zd=a%~Z6c$3FPnYKdbr!{4dZX$eFP#vjR+p2CHHiUcOqF2AIL0bCT9m}>NVs^KeBBO
z@lF?2W__P7pVD3j-%;Y8(9SpXl7HW)b1PRFzLHDSzDf>4xABO0*coH&ot;{DsIcU_
zX`XKt?tDjViz3)JL~)f2KIRq%?T<kPpJ;}&hSy;&kovG@w~jSM?ba(sUa2qeOI@`f
zWj{MUy#MRF{$$}-OVz3NKy)E~)hP$Ge8=hM;cK(TcT#P0;m*+g<9syyXIECDAM0oC
z5WsW2V3H2(#)g(zP(&*KKpRK=Swi9$j=%US<J8!k(G#9>SwB+9Z2v@vGyMLGf-T35
zR)E}+Kf>~IN$9Qu1EO(}>RoL@T619FSpk|)i}%Ov?u6Zc(%mUw994aCzbEzOUv{D%
zPZmv<+ycvBo9|rCINM30;;Y^8jrgR&-WP88a=k>)x?eif;*S;2wkgZ*;24z6^RLc9
z?1I(04}K7Jr(<7rb`@YG{A}9-SW1KgsM`PBy!k-{Pvd&mg1dMYRKs^_+m_HC7RB@D
ztCX5Ib9t0-v9^6vbLX~4Ow+O<;%Oz4P<pyrsK-+le80i*T8sA+Fz&Qzp!(kA2h72P
z6RLLY{D`UxEjZ>?;siS^@{IoR!R_nUt<`|&iEcF-_@_(+4Hu<Sn1<zb#9Eto`Gb{(
zR9YzAhR9|$7`GvnQ*A@Kk&wbOu))Ti9M-D!EG{a;^~tZUJTI-N4M`n~tKU3ZRZwux
zFMg{`zkH=*HvZoY5BlIbv$JnB?%v{D4YvhXsh8u(9rY~##uW8e2rl3$GhW|A5J-NR
ze&p$;Is^wRrVFR-tP!*K76LL+_aznaq#;{R+(j1)ZT$@hI;Qc8T7NZMzF0SwMLchC
zper>dIAr1#<=@XmD^q@@d4D%IqN7vJT``z@{Eq9GL?-C*6gTZ3MZGg6NHbcVD4h;&
z_|&IEe<dECq@-$7jQjwRx8madvd~2y!J+1_g^<v@+P03?Q(I`^u*tnW(=;C)-!@wY
zQ<X7RO~CesFLfi1Qzn%&PAJwLE)~T;YW9A|Ouih8KATN;L3GN|TA`%SXk&0d{Dvj}
z%au_WuLfx!(*Y_Yii9LCi|n$Rs)gpA@h5No;f~?*$#BJ$+4#2BTV_f0yDGciiX$r?
zhBT1gR$3MV<_Jwl*HqXbyc+bl$jIm?tmA{6+j#I8S+p7jc=FSI($OwEXOxM6IgEft
zkgaZA32kUA*;LAt-A5^^Y+Tbq`E_(Vx?yWcUIb{Nb+@jHvF`_c!eYp0uI_<aVh&RM
z!uMYGZQ_9rSJ0b^j{NK!xXW5K)!@dsjzBqm)I=ThmNlz{nb?=x3-k&wQs>FE<wo{i
zTf)(FHAC=#$h+s1kAsxRXg9%O2MB(ERCnIPXkrkMMAIPk-3>smKI6Yj!Jt0?9@O!W
z;e@y{9omiiI+ii6gubnk-<K9&qpO{COrIN=^6=!mn~9^if<<uP>{P9EmwyL6r=+-D
z-g7clKb4~z@^m*oos8$rH}ZBS`GYQ3;zl-Gk3xkV465_t?8?&gn~r*On9e)RK2Ej^
z%^lf)5VjP0ii0&^B{WOxW3WS4`5=Yyne9(L@Q(63cah<OHm#VhQbNv?`0l~lttaIM
zPr~*gdG-*Pao3JSPvz24v6HE(!Qm6wXi>xMBu2GYqceLj{{-no1_$#x?>~3de7WV_
zK9=4mU`7G;Y1`y7LT9>D8e{u<+%$Cd^Qj#Sd&SJ>8E!{f>zJ>!*TNF<sCbW~5hS_4
zC5y4cGWCkc39<bI<5D-x_C0uh0!&C*wVELRc7w<Zyf~NK!xI!JNX}8qLa*NK{_nBS
zG3v{R;mi~_(ib!*iG`{K(3Xs*tkF;hg5e6^MD-xxE2pXP`P>P2bpcCw)-PE}@{x`8
zCzufHEPL?)f4riJ)5QJ>B&^3pNYY<%jqvBRB4;Jc5jP2R;T4i;0qdlqce)yCA1Uxr
zzCT+zQ+N2Ik=aLb)KP`1AI7-nZ+G`;Oeb$tjaKzfL-I@mQiE+j=vsyKZcU+%nYDM4
z)y}$&yU!Pt+F%d`tNWvCi?``!0>$fbtB#8ykZ#AttSS(?!-y*E;A$U|$ejv*Capn6
zepSO_G2r{l0a6Yue!>l)AM0?lBBq-UoB>h#X4ln3IN!R>!=gtJvyvp?jKZ5Yg|2Cf
zQa?<z$=IQ>%)b9F1H=7-odmifThE`=Lym08$P7B7d*dTQF{EbGg1a0RN%-YC2^KYH
zTYHG9?BZ&-=7zM6*bAkdA2EO*H+W=i$UOqB{#{tn`9}Q5T$!k^xmJXy+AQ;>ABn%?
zYYMdQX9(zNXR8`_*xJ@d%c(3rQjav#*}2E!6KMZKE+sSd(AfMr_j>K)M;R<^4iZ1*
zMD_gaeU<nR&1E9hfE#qZ&yfRw7!j0y$`Wux_v$CU*{to-i!ALc%+#br;-lSqTaLQ=
z$I3@{x(LURD<p_%f7+CpQedg<(39}ASi(e+`@34yABXhUg4vJnb{j(V6HHiF8s>)R
zRNkMm7$`aD9CC0Ile$%=AAUvAtGhc*e^tPw-BxQF17sw82y3?00;&omWM}AC+m>DW
zmyUkzjlFQ+%T)6oMhDpSOJOzb5k${*MuKANSIP0vpTMQ)7yq<&4+t~sLNH2eC4@?g
zvy-X?z5II33W(Cf{`r3HD!cwMe6}K&C5lk>S73^j<bz~iJcNetR=xHEGRhtJ=E5bE
zY#U_$p+ZV*^zOZXT*E(}`Me#;snuoMin}Yg(<C+GYV}&?&B=k{xJudvdT<-Xb7?*^
zrHVh<w7WcCZ_1J-Ic7Eg6KLKzeB3UIV`aFK7n@1ay<}&&!oMF{uO-nwcd1!UwZ=h&
z*ue{>MC4|4E`$H~BOLz2%M(pi5oE*<Hw&pWSJGdM=UgA;{_0CclX*J+U6F%@{a8JP
z7I;BldCfwYx^(1v3=MGhy&icr?L!>=b4?zq7;58JV}c!7XPeqO^YBgkCF*ruQG>h2
zQ63b>cDpIVOkuxV4`)vJRD+Q<kthA`{MoBCw<t#Myt(Z(_q}5aI_q*@|E3>?vM`TS
zPLv+Y;RKh_eW}&<f+NVmitusd^`nw~CQs|v;go$mHTkNx=g>#e0~78xj(Ivxf{Cz{
zGE8z|2>Z0LoL|Fli()CN!Bt*pOjNv=fR+(?)2I9F!Ciw9NDG^pN*D}h{N5Fek;zF5
zktLi?Ep%k6;HbpW;RogA#MZZR#6eUf%7VY;&*zwXypIgc#IwFUTO;FYJxhKr(!(+F
zG`WE3{F^L2f|AkvOuMOFnP+)jjmzP$yH6#P1?S?8DB640Z{m-U(EgVR!7s4oY8~i-
z+I9YgC0iO#ytgy!LdZ_0aAuWNxc<*|-*z*V!kD8ERq#fzY>&oHZyi)0<rJ~?J4ZCR
z^?gymwdGsNsz@!*P8hq(O1Mt2o(wIoU_<aIv?Kh;zT!nyn>rMoEV)``q0jVd?z2n|
zjd#FKN>2e&`Z*@EkMd4<XpvZ4RnrN`Ngo%k1v}U<t;Rpp<Ze7)FB9RU{8VwmpcS~@
zA=KGhcilJF!<8cNF4gwaZ}EY$iU17zPb_TLL!Y-_aN}Q1J9yNdAuet>E<)+Gtlk}C
zaoDe&GY$Fz`mcVQMTuaaBRw7*E9ZSjmT6)HBh&xlSNhX5k#&_9L;rE%+vzLy%v^j-
z+5?FM?r#uth9F7?nX#2b?-Wpk)O7T>uMwf)Bo@wb=PO)f#TNSc_(RR-raiprj${Oq
zn8bG?jWzw~3+@jZfAi6lBjQU^9J-}H<)Q+pyX@cTKGERja^@qKd)B5mr?vfN`>o!5
z<P2OI#^nR|G+vsGp8mH2tcjyFMV>HMX|sqF3tlD3uL+3->nsVmE{rO30zXxX78|{0
z==ub4PX-PDCDNV#g@h4qNKQcR93uewFAJ=K5X3tDa~MwTGlZPwT66x7ezxC0rXV?3
zXppKEdk6Z|RZOjAOsCffMBq(gMoxTRsX;n=xB900X(O4NDlOip74ic&o}3QP+Ee;C
zDm_*P-Qs_Bjdpwt=0<o$gLlLk_rNM;aX%(~=W9p9hlZGRE;9>#Sg&7$N-s6w@3>-1
zmmfDW565AC;NJ2(J0LnmWo~lzimoHh!B>x$N(-&+3^2+&I{Bh}Bw>f1a%DR7K70w*
z2wx|;<9;fS^fXum=vlb|FE@`v5*X)r%E@yXr}jW+aD+|+%(MJ?aizzjL6va0-TVHW
z+LLgmhG;Ot=+m;#*Xc6w%vOD=yoc5I@B`mnEwM3ps!i3xuk~ryVt_P9dOJQPnB*9S
zYgK*{$E&IpbKO)7^L+|<v(kvYLGM*lK0Zf{eEajd2!Td0GcX+E>56XF!Gj47zxvve
zG1M4O8+-W%|G94x7`!J4XOM4)Z=s}&xbs6~9TJ!kWhU_{(!Kw#He3Fb-dY)Xgb5Lk
zu60YEsd3OGl5};%>-}8owp`ect}##E%CFwk8VX25bZK4<3HoayjDMZH{OefI(!&`j
z{39^C1}-_okp?sWtm3D?(tM6OfKD>|xw>C{>WkJcno6@iLf32rwcL--iy+E#gt=YC
zZOW(bCQFagKD%&2lhc*=5k8Bb=07T_w&vP40A=MMXJOmJ|DMs74bX8V_vwr)u*3e`
zPj}}KsT-?<4$|wR%c<N6GV2_~c8m=PtwvXULN_N~`iZq@!~i&7RC@lyYr_qqvQmPl
zRm={fFHFvW|4GGlX&}53BbFpcb;O+tlh8wzOUmXP9&Z+}THbO^2?GeF^3OkMIbppm
z4l-dd3@@sJm;UP7$Se1T`xt?RL(hRN#Y0bR+O8Edo?{g$kti+qRt-xv=mOok>`tP=
zrua{M>CHz^9Z@}6DoH1E<C}=vh{OHtlDD(UGGw^!teH~RE*5>*g57mT?hJDW$#`eM
zZF9iwUng}BQ!UrZN12_ah=T<b+?Z?B6~sqoc5lO|1bGRy@U`UDsbCsZJVf<@6#|)A
z-hG~YdcBIdxU&=PNO0}j9Jyph(-g(OG-43YAyo`*>pbU;uMNOOk~BWTmZbdB$6IO4
zmOf)vC)(&Z;@^4^*qZT4l*Ca!b2_hLUGik@y?aWAf`IyciIh?jm&J>x;BbTYd>^Y?
zh8T>md73qZ%H$z`mo>UaLZhs$Q|Wt>!BI|*<}jOG2r<R0_<&TDqW~pY<orWm@O3^&
z<!Q3(qAGTyG!eQ(&lemLOZnBVVlTN;I{^7fP{Fw1Y28bsr>;MUu%wR`j1%j&CA|vV
ziwWc3Bf(6rl)yX6rXoP$GfC^}J%Z93&>jC-FU0TCJvkk965ZBq{i%I<sGE!A(BybK
zIO7w4$oulc9uJeCIYA|4t{4U4W`2_BLtD~svEHkry;}ZbL$4)Pah_+-h_%4uzCh6O
z*We`4$3H}B-o)9uy{A=8j)h7`ekEKa*D@$mT+Ih*<1{ht?^xMvwvbjjM2g41(wuJa
z252({PFR-%aGOlKyU$S|uF2i+uvKMZFZ<iv6btvpiGVNm2kn{38s71`N@9*r!{{Re
zYH%Ob_Coj4c^QF$cLJLV+%xoQi8Bddn&DoVV&;VuWgpa5|3<q0y$&c$hBai<eb3{T
zM6rnr@3FsmTUVW7@x<}e*_%}K7TOk!tD+kg4|z-!O!uB`D#OUyl`uW3F!KqchsL_3
z?%Qpp>rSK(K`_0YqOkWHGPag3_3h^B`a1rP$(DRQ+*CdcwfwVqj=y}AK&a}Aj#bR>
zs-yLqcmtO+Yf+E=bZa^rb%jR7E0WugggyUtUX?svlc`mf)P8%1j}vflv9AkXsPS`d
z37~Yow0La71OeP$7bp%>ncWQgdMYCR&`1&;rb|<o!8ViSJ$ug)N2H#4r{|jV1Xr(q
zf7H;Y`4r>X{Y{$s>+q|R^@LGL3OdL>J-JZ1c2Xv+G4Of>Wl_3dAdc;K@M;mS`&_`;
zY?Vu?Ust@A)%|QwUQsiVXtri=H8_fQl)4nb4;wAf63caNr_^}Cl|)VbD0US4E)mo%
zq5U@GkzjbrsACteNHdA*GH=XvxoAg>ni3&#<0hFE8YM}0+q$4Dvei}4_oHK*Gs~sb
zsmlb}7b}c$0Dq4!df}|MG)v2{;)d!p_dM<GV2TY<*}ir{K*P!QznqYjo@IR$7#i#o
z=2Bi;?g*F{?2=Ybxqk4+)P?-Oo6;9+1Uig*f<sSCuHk}2?_6@~|4R#-|M_K>oB8&;
zbM$C#N~(g7mn-*YIWM5EkJoJ9UU)x7*FWX47m&uJC883ThbOA8y3A7fk$j(ag(+pc
zchKw7A&e(%+|PV5om}Yft0Qrf+q#|AnVHaH;};U2axTkO-Vl~{Ez|lj?^@B@<#J#k
z`M}(WT>{sT((O|FdZm0`TjH~ps5nxc?3}8VP>>w;!%NR|j!M7zH$5<iQoFgemrgk{
zPR*2kHVSFWPjkI-z1}X9o?Pr+??LmfBz3lp104RnOo-8cjYM!2($SlrSR0a!PpQ<!
z{KS8J$C#B|T9c;iRdd1zN4;}@T%!Lwh?$Ret8M&Y_(F?oT)>t6ZZEm`1sjKo$bcCC
zi$D~=8#n8+4E}Px)bHQ9u|6z`VNR%a{Fl<(c-S8lC}CKYR9M(CCj6u1ia?W@!7r8Z
zsr@vh9N@o(e|f6>8D-0ASGGR1&tYCU)?xLsLr>J9c3pP$se<ZVbusrFli60CG(Cz%
zI+NS)y7Jr?V$~Siy5L|ug|L|Ul$m>7SitS*mCN2d4->PNZA0t@rgI#kl`vlWVAqkD
zKhhEXpsb=JG7d0NOAI8wd%JR}_F~Hzcn>IuV$IzrV`mDXR=S_iOz09Mj~URjJSxf`
z6wUAv>P=_@6J7__!e1GVK(bXMu%)rXRGFJZLJ(nZ@&!qY+I>8ETVD7p+}qPK{=L?b
z28G?PWjmdZvBMYO0cqFeoMH8u;<uaNh>aS@a|L=7|6~k=X{u#Y8#Y}tW0Yx<k_NC3
z<aRM@SdR{SnC1OuaE7|}wu*{EB5ZPm)1LJS;@x-0Rl?HA%2$9IM<w$MOTROj$4O7@
zVqymBzUl`&jCGF2m+p7)pNMEJaz8I!E~rdioieZeGb2Ilsij)DHUYXOAjBd4Iwylj
z9G$Ll{M$`N5!AOegIp6NKh`jc`o&2IchjG`;qH!DCRc|Q%G1YTsxR61z*k`F-T88>
z@f3TFS1>}-%_HqC3zD=vl-plqtomr%dqH~zeqq<&@40w@zaiR~DCq0xMZ;L&(~3`|
z@>i)xr{4<%fsZC7cNpT8pCO-oX*!;bk8g6I`#&szXaIz5t&QjjJy-_0=-czjl*uGv
zHrIrA;Xsy+EnUe6iW67+ThR@8&D(16$(a<#`UOvJGPNE5g=h)L2eWJ4k#67DtTl}v
zR5I&kmcalqItnVn0`t=JWufNfh(c4z9T~y&L|Qp|XFWtYLZY)g_zH}yrR;n_9iM5!
z(PKW7K!wz}`<VTt?{P|L0(O)zqsI9bd&trAV;Q;tX#eRPVqQ%NSNL)ESp`wheW!0<
zwadPR9E|nbzw;{^8KjLC8WB3G@H|$W<aPQBhr$6vqm1yo+Aur{M9+gfJW14H@+~eZ
z>kwo=1bELLbmh{QVXQOYglrM_x`;(3`ua7NLy6*a%3_767mEBJU3O(|;gUso%|}NL
zSF-c0Y}=*(c2;@LKbBE%5a9$8N|huwv^LE<qVjRQDrW{)GXzErAnDENUk_|i>0kTm
zD4y^(KQ<b}$;7a3x+_|Wi5-pmyS{wU<oU_`TcB}x)#R7>AhOX%S*+Aoe?_%$3s7uf
z&%zzb>%vA!P+AWwg9_MiS%4#myfnDil@{~OuZqh}T<-@Tb=b3Ff?B{gCIlCjn}Ug3
zi?XC`^Tj#{RZkwJiTQ{+=^BL_wZl3MXjn2rv;Es$KRU>5viT`L*j^Q(XKOsU$2Vl@
z8=*&wV~SDp*BkTjtk#taZeCkQ#p)-Y<-hKt4qvRbmzbm0fH1Jcrhs9DFZ3E6gb5UB
zN%{jZoiN{&L7EIEKm_==5X#vS-SsU&_(zzwM!SW`Jgvy}JGVl-qy%h$^g@d(%<EB}
z)h&JQF_TPkX7PBz8H%!GN$2b*R9fA?V@C$9&S7Q-cQ6rBs!FSE26GRdZS)7GHC=9W
znX+xH#CF*d^`{aSlRQ6!K9z+;HQEx@X={)sur5k;H|49rXN1LYsU)1Im45UMaF{^q
z>ul60R&w0+CE<tq4~Uc~EB;hqRl+Lop|gOBNh;^f6hzB=_`#yz#!y}K7)NfWCg=LB
z;*MO)SQ0Lr<u{e5Eu`lOr26D+qc(o=z-1>BQGDyi7|KIb#OmIciNzMw3e^*ZubxfM
zZL2)Q`SDrSYCp$5^|=~_u^Uz~4x`mYlFHOt2A?^$R4*032RCGAyb9!p8v7U|lg&<k
z;+lt(^FgV)x-iCjJE?|kG*I{(uu>gOPOwq;^CKN*&-mJt`3iAwOBkU6!;~03-C)i)
z)sS1&-brU}eC4U<%=cofqT;5u>q%iVru!3XGGkzw<U>M;@5~(xZ0KCT_M=hIp{6w8
zKrT2l^-*6s9NFRP;M=JhJ|>_BMA1M`S;`@A*Zb;L^xkb!VAO_SGA^?*&Vu0ErMD}-
zDS3_>Ef8jN;18fZRE4BPJz2nwdy=vOLdNxpNsr53(b;<GY%$%Sf<*E~oG{A1!^P{J
zP4q9_%=$B`cO=5JBA^~j-RCUZ@z11BC{$Db$p6jLMkmEr&Y4>SFO^miq@chcdpWcr
z9d~}v)98pkrCUsy(pT9L0{f%pS6z!&U7qm5xUMV6#8o5Uab`8*(pE-@qcHCz7S1G^
zrl@@PhT@ZCNiMB0?q*zXzX?1r&)_f14-lf6?=^9Q$Uc(lGH#XX`##4ji5%<X>-pu~
z0KzNGb1c*a^DtbYXVv_+s=m^}L7iHSkWouplWk*%*M@;L4I_60uL*45Y{^HI0>26x
zAt3H|bsZ)6Z$0brePU_dErE0*%@65-GGRf4$Qo59g*=vNizsc#6z*L#@Fn=uib~u=
zs-4Zb`q&Y#x{h^u=J^|c`+6<gqkJ0@`?xAcYbi=)pM3m^Q?SMqzUQE+<ac79h&X#m
zLuhPqdJq2k2XaL`+1k-HrdI+2QHLhc+;;gTQ&#7H_F-#1|A;4MHNmSl%!8L%G(E7w
zOR)DKJvDU6MsYKWzN{cu+R>JPYjOJ=r3Mmgj3yF2Zr=Z+G!kC>jRiUzSrtfm9uXE@
zYS@pqO^3XWUzq8zo_ye4q9}G#uf0h>-;cK}Ec@iF{uw!#JLgJWFNiOK#H8Ko%_XTf
zN#@;*rsInna$KuY$8rGe8y^{~$sLkoObBs16^ZrKeO(9?Y>U}EQ$K!R|D5n5?1D1E
z6eiHyoN@}52A+X!3{$6eWoTH%Rn8`joU>&EMjmK;@{7px_pvF_^2%^yN0GO6q?Ue_
zidliyBLAKrKLm<v65h(D&$fsRL4JZE)y<!(0?Eb{s0;;@sE*!+*AD1}E&Gs*43uu{
z>M@VN3*AP})UgRh)(>NvK!;fWj>39S$#8ZbDB=YC3P~snPu+De$Dd*#3sd`WdR2Wf
z(`?G5zu$NR+w<P$8gu>Nb{nKUK0|843E+@0aOcs?6GOE2>UQ+!9QH4BhHDZuy{^w_
zJjTY1f8sz$jiEKA=Y61W;I~N%%8_kVfm?VRM-|r}wHDbZ=xk?u6~U%i;e<o7%z01R
zGfhPhF~bAvT7C2Sv?_C8u%O(H>w~;OFE}tl7GtK~Ua$-O@NaSir+V>s)OPI&xygE2
zkhp?~0>7TyON~Lzs6J_a;2qayML+Wm@x8OGzv`cbNeYA1`#gZ-&hK<STNYVt$rn#`
z^kL2#{amRQ(pGj*X>Y}C#bcByG?;gDCJN1~`n%|CB@nM(_JhZ`>c&5%MLCGNoOi=k
zPK4Z@ob?nV1wU(TKcIYc()dyH02T_)b-$bRl%PCIVpn@C=66~Jy%=}Bp{Q*~eH`}a
zjqBA<(bQfOjbH0bI8_JhsMR(i(m0?9J+<`S1ZDNY`V#c}daDBmi#YR5NMPEA$y>!2
zp9EiJYuF2S882%_?7^B=V7xzdZs7Rn6HUkMvi_v#WJ!4n_b;(m9wSfQii0Aaae-SD
z=W^JQKjfUNlHEE`RHTdYv7QHC@lLSZW1Z-`g!$%?*B#w|lch<F8#%s?Tb|_Ad}J}e
z94zjx*Q1h0g=;fE$!zy#WEwSXN<U<|0zdK+tX|sIK0Jlk)IwWOF^6i*VXjZty2?0R
zmz}@hE3b9_Az(qT(qys5>4B(;Nn$#b7l>UIydqGqw+gd0TowMYvW{UbGUlM{n!o5<
z`3?;{%zn9b-DH8{R$q7RmoOuQq)z6n6y=9q`Q=FD8x1Wo+k6aiC&Sx8!bw&q6lr1a
zaBvI9_YPA#4ymu`;GMpptw0f8P`QNl-0a&Q1E+JK`7Nld)FZ(E30&V4iDJ7vBA#eR
zy+?C2;*+?RTRls8rJ!8EDgWt;m?`s<^SGj0;qz&xw`tR*UB(3O-3c4te1I+$($!12
zq>1SR+!GoJPU0EhXZQBPPLe6R?(isiU0$u&gz*Z;xr)HnL}kKMWdzxPE0!dzR;SzY
z*OSaw!`)n=tEdwweDLXuw9Ngn(qVxGeCah7nYi5R_vdc~=4dhvFB{yDu)FUlcRwBJ
zz2n+%^)ygruPG0#=AWI0JTOlh7DiKRhtme@zjG08lcwj>q2;!MwN%?MZC8lC_QIm8
z#WhBvB!J>uJrrS(B(J_wj5@DK<TUf|;9W&kCVZk{)WP_*?ta|cYm{$QhPZ_G4D}M;
z;IH+jE3|bIu^@;mgo6~pK=`W@OHrhyemrd5Uk&#ONt6pefo!Gme80M?Ke!H3;FtA@
z<m-h+ytgSS)`U4*mb`Bf_p^b%B)_Gk8OwnQS&>MHS~b{H3@h~<GM)nRUjKSuD&=~s
z7<WY8TBH-CYJ}@^rK-RDHzz*kXoq`Cf<8N}zf6hFvfdg746yMd{?~w}P5>m7aF%PO
z!^o6McM^uWfob~`l4gO~qGnjXG}qt6rWcC8X#UY@p?kIZGL#G#EsHB8h;8|1c0VLg
z#LnpJD@p@iDgLs5e~jdD7ZW-}-J<YR&27}-F13GN0#D|Fz3-Wl?EI=e&&U}z{38-z
zRvFRn7qv-iH)i<(*7YcOtrS>yCTLqOFIJw>*bw-)3T|n78M5G1N#)N)$kl6;XTSP=
zN^~1)88()6Hy=_r+WU4?rJ1B#&v1QTdB$CMU44+v%=e_!P+%cI6f<LuOGCz_@k3{z
z-C=YQ!U)^ZTOq6woEyiDJ95Iv%bw2Ny^csS=jEQEX}f~Ra;&i)L#!Z`R+wq##7kM6
z51dS{B2w@yTRo6$NvxU5<*K?i3DRT<Q;vW!Xjr{?a<g;tZYeSu<Or<%LGDklHni~V
z67l6}t_5Xs_^(*ja)*aZ0BThumxI#TKV>n!oMm>5FSeAMr6n#`Y&!hfS;y=KP&fs)
zpu3a#uoi!ZqnOZD9{#B>KuJukR*6^lP9Jz=U8mRa;xE{TQG}s2t!}7YW=g0h`%oE-
znS870X~q<C^;yt3khhT1wG%cFpDP5)l)d8Xa|&2aSs!bWt~|7gNwFj)4ODry!0|dr
z7E2c=6GdW79$2&#Z!z(<eSdWZZVXg1GDiFU1MezdM{gSs?vN$Jl7WEKlxiFb0%O#Z
zBxD(fRbpM{GOclWAC3|TJWPT`lcKdkaUUb*;>bV5fl@472gaZHk)0~6TlkB=xA6PO
z64vhoG?(C-V*K53M4<?mQ_b@g3Cp|(<11R2A@zMcrsL5wPGiz;HyoYi8&lS<F$;dd
zcvNA@_n8Us%MaIH=F((>FnsFT_0U&IL76Xcrl}DpixFS9V~d~uYT*9OiSOzAPDZS$
zt0si)^+%tz8Hb*hK2f-F$pu2QfQ<TwQnUg{SI1w%e5>`ZKTi51<;p^&5!oiBZ}*Z4
zQbm$sTCN?tos&mmpPzweo=)b@)*33Tf=?KwJ)U~Dx#|InTHcj@zS*3sKE)q*^4rxk
z9OHg}*au{OgJxV=W}%SL=zG)OiuQ+i1#q{=%%Aa>w@Wrutp>t)@XTyD36p&KAL+w4
ztqGO_1iFB+9OMlnBJ5XBp$rIiWKM-2v&#lO1>QYl{c&g6B1M$kQgBJ)?P!4o_5pA9
z0As2lhNf;;yeRWr_j<`ios~%pFZm@GS5%MLqt-YLx(`x5Dg|7y>?<&{v27hleH0wN
zA@@5fmQU=!{ca(GGg?c1U)-{Q(R=ijk$sBp)$i5c%dc|9L$;_kX9<Ujk#0f1Q%$ag
z?&C&(&ccKIu83|^_QT6}KC3{qH+Yv`@JjgUP}yUpN~$a|d3H+Im*JI?=hy0uYsA8i
zk^k1WfBR5!->X@RM?~<jUtKQ^>m3koz$$v_yv|I%;h-CF=RHyv$EibiuRkpLF3Asm
zfj8{e=-gLj^5h(K<X%+&9q4P}kBS!ob+SVlfeTvvW`D_}`BnaTVtuV7yam6k%meUt
z%4uRlaWK#Tm=~)PRqFY&v)zu1veE(_(A<WTd$?m0hJ{zs_)PjyWcGfQ?4rNf<cf3Y
zpCYnSgg)zQg&lwGRG^NuyN!5>$`sze>(bTvG$8^y6<hXIN^B7mDYpj-WM+6THKLxG
z{D=UFqPVrtRXo3QtSL``HAQ7tm{8o(pG^JvUP+0QrzBMtV<>p4y73<QZuDOrREw8k
zG(KnvV{Eth9N#35jph5Ca{TV;r=@33XVAgX%Je<2$yB*K+vuaa_0zpK0>2M`1CH-w
z)hMlfujx|!CWUtOTBs=#wDYwKfA~#Vf3}k>Z^bjBmja<Jp3Q*H0iZ4)pbE9+;-gv{
zd<*&7Zo_lMj|b@fE7I65o`wtdbEdAB-*R2Wry8M6IEx$v!`0s!q1K+9#R!+XAI0_X
zYXs|<b{tJZ{;Kaym)_>ITgR+c2i-zOHs@W850t`m33c}Tgg5HPl6Z<<ro6Eh<pWUm
z3%<ABa_abrT?8|!plpov*)m%`c5@nW{O0UJQ-!b@Ra0}VYDkQz#QsJA4#SrUz$S>?
zGdRMn7<i#x_p?YViU=+YDO(ZT1RFU>Is7Djmm=8!uNmv7VZS{>2#56}+OMVPm~^%A
zgb-^oz`>!67r~AblyHrXb@wCh1@QBKr?WHLZd|@h?K_F-cRVE6lmhZTC6N!OI^~vb
z?)3a)98F{G_N4#rDMFEd4Yv_QzO*b|_U;BYM*~B&AyK?G;#+mFKjNWdd{o3nzfJXn
zKZ*RBfn=lnfX3zefTeh1q!U5sTha^e{IO}?Gne<CJ7?T!;Op#Q{mQP}4qSo>@(0O~
zixEt&&Z8TSzc)k;2jokdbb?~}V8sNMeXRYwa<%)^cxEsz+<U`Ekyu6}Q2N9PxJzCZ
z`cqT;95AS0sDiz7f!y2DR3;Qg$CPp2_R%|f+V91vNmN52rt1Mf6ANQ8m@bH`Lln(V
zRk(nJdsS+l({I59=2dfV9y*2X2KI`hm!6J=W`e*+Tc!R4eC^<WVc{5!?VIR%HMjsx
zL-)E3dgH6G$KxNre7sw$8*L+gB!E}@dB*hU-P%h0P&ybWM)j3HkJ2>_#KLO!0lTZC
z3c@Ay6r_Ew50YXU-50HgP0-$pJgzzi7BHd6CCqv+0vN#*s%{8ZFNCHtb}1i}-ufZe
zdkVH~ZU9I_MhLri*Nbp!CtyKU?#?>U=Lrpt6zXGLKLc-y=9_2r>edk|c61D)MnF#x
z5vZa#{XIzj;I33JNL0j!cX&XeH>SdUUwYY_^{)Eh#0O-Lq600$N1lW;1A$W#zTJ5m
zAxw$sy<5T`l?+@J5+Xu<<SckQBW2~k`NrwiAFtTdN8_(=O7+34pKE!qZH%_c!A>^@
zg>zY0->n-R8XdYbjr3-i0^5W5tUD#@mSpl-Q{Ib~&pXJ`#4>+Y5ixK3BKzS}cW}Oz
zIisM~K`*2V*4<2aLsGV7>KUl(d2CVeHTb#a2J~oA!|ev9*!Wo%G&CNOezb$OD(68I
zpyceoQ3;3kRWE*BA6U|)K@5XmA1HXt{hnB|0DcF7CGW~FKV!A8vT+K_Kh8wqYV9x1
z$Las^u61g<tZ&JVgRn;+*fVkvfLEIzZLa@}dv=P5^d$VxN_GbNbHwBAzFFT_x9sb2
zY}gLG*16hc?7q~TK08V4Oy<7)3R`<pc+cQ}EO?`q5B9``z$K@nhXOy)y;-C~pNZ#K
z`SQmJu<Z>!865yi07bZ06qljpr^g#SdKH$n7a^^Wx9TXLZEgJH9t9=|)Xge|eSdFs
zrFVv&WKvh;W$r_Eh#`I<9>CD|fOvU3KV7veG{1fLq4jS`???DBd5c1Al-fJJj8dkH
z*_pA+z1`7zU&_iZCVyEP`7I8FxfWv#N2%a6t+<|`hbtLVTkDjvv))w+I8Xy)EiOP{
z7!DJAB1sND3dF8!4AXan^K4t6rg`+i*r_WoICw6?fQFBj1dYq>4RA319{oiDE);jX
zQJPESxFh6F!1>slBg`{FqE>|sv;ufdEF7`}kx=u;i$0tQIt8f#@yo{;#4wET^%7#;
z`IsiQuPtc}QTNbLdE4C|zq<^9xyxzdCk7yDgkPv_1TU-z7kH9<k{n?YCK(OQF>&Ia
z={{`!6&+Mugfm;v>ho&MFL<QbH$t`A6yDikA;-HHLPZ@tM-~>p{r9sxIvk_q+I=zT
zNme<oyfq#4TN!!QYM&7ofYg4?9GL2v46_vvj0KuC#EPa<q;vjc<{ywpNxzU*M3s5x
zGXlDR*&k;GjQb8ZB7-0RNDX93hW$5jI3Mw)-E)j#QX^PPettNq@EX2|p=+k@dpQA%
zrKA7ADUQ|mPQb+jmOyF(D4z2}|8A)z5R8@J?r^pQo@1LP;Kc-s@b|Z_eH8Uy#FqaP
zPGRUVSGO!8&^%oHK;Y@O#)V4{Uf!kef&WF7u7f3Db|dPSL=p+|yHU07t_ZGx4;J&v
zi618EfA;LO^eTeD=B0;9&g$v3e`)e)600l-Z?h?=ungERfyNHI{i4mpUu)*BdIddK
zG2fsqe&O}Q2e*~DEu>ZQk(&zECSW;ucs((8G-4JZ`4apB*;?;t)q<q@I5jcj%quH0
z-b$>RIo=sXmF9vi3G>tv{x}pLRKa;qc$0`4-;19B7ZEnmRss6I;uzv$iUP1rg)odo
zZRbGOaakb{8~EullFWG#H!%!e`u{I7N6X}=$1&<CF_(Z_zauW=iolWATw4+O$FSpG
zB9#6Q3Xx94!-lRCpZ0M9s<h$ij|)CNn|}3sX`-~ewWgO_@-bB~%a@F6J5U%M{Q6`g
z%~V&`DTabA6>=)vniN0w*2D+4&&#BP)S{>PD(no3oQ|YiH$IVEiEMOv;_U1}2a)zU
zbqr%{JJ0Td8)uq%VFJ+Gn9%`{v|j7xb5Vz4T*!Lne}M#Lg&*C8d=BMR*hO1a!Gc(y
zR0@2yUz2EC!X?+NZo&KsLl##_68|$ti!kfdJJhCX!1Gh+|6Ht~iV&PK?-c9>frlOZ
z(rwtubfj2A>`L`pjP1?_JQwhIG>{Hk3HrY?RwIWufIls>U16<S5=>jIaYZlJYa&N`
zzoq6SM+Rk@I+BdbJI45%j`4b9*SB3}FPf=qUl`6_Q6nCFlH&PjbF3R{vKl!;hFs9;
zv}#qC+6Z#KGc<JN9qmPm?FSme_c$^WC`&B%iFK2?88Y9)U$6i7ZpCRtAI30^CFO!w
zKjej45+3ZeHwoPRTWpva{uHt11e*Qfj|*I9y6mUr8>hJW-|FnkNhqWKZ!ptO@rFsz
zhB$ae)pnTw^avBTqhN(^JBzj0?<Fqe9P64o@kcAq)``wg)|5Ln;J-ooL+i^GmPF#6
z(3ORZ>a7g9qdt@xbs0uquv&=A5|sC%@V+`;R8c@3Ka?iE!srPQ4Qm1}B~(+tiH2qr
z`V&Ya>cq;ZJCY~BP!pg+kSr6={6=nC4k76#zp+2&s^AmovplbS5WBv;7Oy5;F~`^9
zz?*-M>gF+zDCy3KcFVaf57yn*<KMQ?SYdGX>blzX#p$1%jHLynLmi=*rq`SQ+vHc0
z0tycP^W%#c^Nav&@)UecB1JAxSYoskzJit`ZXZy3_d+$FaYvIr4bZ?}`4_;%Qb3Tk
zmHgL1+oO?>*0;d^1g>xUzb~6;6{>(+_|oz`p4LTdt`jW&+ddkm27EsSEx~)r^ctO_
z5m;=4%0VeO$lx6MaBCwo7w(S}hW$p(q!R}rSSq)ULw=aH3!TtK6JA5!rH-a&6p1-E
zS&|n??6rYNT+0t4_tLsx7jA1XJ5f+MxB{b=KgoNB!G2-N?>yq)sN!9_q}#1|-t%k#
z6P1vPS!s}b$SZa`{X&fXbz;H;tCopdQjPN8W6KeYIstqCZ_z)gkS~wtgS{3YJ_C31
zDALxr&;9rcnBA9?8v3J|M{#j+ZkU}JckJKGi+fkq8Mm--*e(E{2kuF~%@xLXG{wfQ
zEU39-YcBl><@JRP28+KgA?kvQI4;+Bg+TLVZ6WZv^Z38#)c3Dr81_cMKbZh}E##nm
zK3W>vM@S<2nZR{9%y2rGIM}Z(DwX0S!j~6%iQz;gsxs_X<~BTbOrK0oUq3CwmCGpj
zMYoffa7oKHeTS9nt>J^G5Bp@(_xeUDc=V<WpH*%ze0et{<N%s`g8pqpb$eM}=5wFI
z7vHdNOb#UVEIM)vHc@WcDMCU&1mEcoO^FbXJU5epKdA&0gkyt8b`g_~kSVJ~j%Z)T
zkQ{LFr|4El??3oDOaibAyPJj(H~~vaS`*vt6Xtg$J(Gl^_p%bQWe-w|)C0{xJEBou
zY>OB+pLMH|<ocmctN4xa&7tvM?p(h~YES-z;N(ztHoJ3;=|!5MHYGmTmYjj5Z@}M@
zlgf?Ji<EIBkwsEr8UORs#Zm{%O{EH`b`ussA{G%}(W84yawl?;=hoq8Z%A()?~XOr
z9sv6*0>!YuMP_Zo<)RayeKiw5q@Nuo^A*iBJu)or8V$X)qhef}%FZV0WC05E;`0wC
zOjXzjR6Blc@m**$k7$waw%&R%2_&)o=eXev`cm5JSU7ZpINKYZ|9cAnx)iF%F?G-V
zEX%ZeP3Ortu$(@WP8c!J!JAL11nwi+$&t^>vD=4P@ZWVeo#4;KHG+<c(gXk<ilRc;
zt*cjM<e>E&u_FBLb7W});1cj&W|E1K{TDyLqoqzD7o?wAO2N^XW#tQAm6_cayw34v
z(!lH8MgJX0_Vl;$LT4K06`>t&G8E=gs5O&~sv?|2BY%un<A)_?Wv~=TR9@vcgX#8f
zHK+RW8pgPLeRp}rv6+7n!@=1%N#X9@O-k&}1a6kYb9zz-iQ?vB?t`zB<h177!cZUn
z62Bd!ai1pP@E07%)tArEP$aVeknA=hNpT7m>9Z=zn}Wcq!dm$*!RDNkY`qO^5>|ts
zRlo*2u7mxvd9X6aar0PQX6Ful7=&DqW?%pkpTNfrbKaTLeW&&<S)qq1aoNF3_2)~w
zPxB@}j~DlQL9DZW+^|v^?5`H!oLhXgQ~Y!Pz}+g6ts{P5f2x{HZob4i@SE8Y?qkS$
zAJHt*c;>7=zlPoCy1x~LuBPX|H7`;6fe)sq=$?h60KLh*0crc=b5<+ksCfHm>kZrc
zf_q=!a2G=6H~hbUpjD3kQhQ6?k=lnAzv)T>u(hSginKb1v;G6sG+5{p0xE1ZPVuZ2
zb>r3N86QzTRsS~GlT3$HGl1u8@OHIrSz2eQ-=!+;B_Fq(H38$!BjH`bOM=V285pv!
zVxR-iF1xiQ-gt3vRj19tfzu_AFvH)v=e|9%Wc%%DE`Y{x<w%vE$g1sreW0)5^3A6a
zK;*+b^t3_JB-*UcLdDT0cfo4FaFJB5R#JHT%ezKL%QOT)4O<!^sj1zJN{)J=HUiV?
zh#y2~o*>TPPOzYpx9b&run!MljA<bHu4oF4P+q~S!uy|gURhkuv^Z+-z&>tl4BQ?6
zc6$4Fz-lKLJvw(+Lg>TYtl%SUyYqv~eaKsQN5@NXWwBR9+L4?-*CS1|9&8u>14EN>
zvM4*3-KoaLhrhy1_mm@+Cu%=T!=Y4B@ma{xKNiGo9o6pCF2oXO`Cl}hWmHt}`}GMa
zX_1l!r5gpLhVV;Bg93tpgwie23`mJ|OUTeDjdTtrsSKUc-9ryk=Rdz^t>@)gYu=m}
zXYT9X*WRBkKhN<Ui~Ac(*#pn0y<4E3q~|Cgxfo+HK}2P+QR<Hc>C!48;E4xq%e%6w
z=a&>2U*i1Agn>PC$tj5$CA%Y^>ZJESW@gaBuZ=gzVcF5pXWs+trgA?rD8<2J`dfsv
z127Pm5u9NKU@L+~`?`#Vbz4$Ur?6`smgqd_)&R6kt1|aGC^_+22>9wRy{|Y#fEJfU
z&Gt|3JQ|7Y8Jndpsk1!rHkEZK3^*~DPO15BK5F>F(ZAvq<#a=fA-2(F#jO34>rQXw
z>GqoLC=ePVr<F$Bq>y<Jw8=3<dp*So*{pb5+2*?1tf;W``J#5HBWH81912_@ZfEF{
zMo<7t<<qw%_Vlia;Wiw&Z(|78#8ff*E^>%BWP2QVI>S3Pys`pl(LKrhRjNJwTbuFy
z@58h0e~UizY~ZCP=f^9Y)`_f93PP4@sJ@nEq-YU%ZhE+v?qWu2c0#m23mF?Y*o<Aw
z+)5d>>=Alx*#@|u;flDJLJ2-J0%pDuLgnDFnBs3>1uK4NFloP%Z!69-F*>Mgu{i6e
z18An+3%00`Mcn)nw#Fo=OU6=#ZVcVmL?gmq0wZZeW8XF~8PXj$;Wj`V{V0RX5)gs(
zP1`$smB!X_iz}3YgA}n%E|dXtBWVt>FprF@GbN-)Tp;quSG~tGsLQ&sqeBy$gIvL$
z*Sb|kPjwl)#B0#*puc|xL$}tN0PHSk9>57o>KI@x9Z(@leW|&6-y1u_wFq^3f3M5n
zS)4^4_@m>r=4h5kI4|+=p8&}4pXYJdLa=C#l%a1&O_%l5@XMAUEZujk(>#Zusj!Hf
zg#sU#tNrz|9>z8Vi*wJ+yMSYD|0^+dV7d{r46}izadEU@AMK!HB-hkvPV>+{7t}^4
zRO4Va%yX>IMGRBx4H_h_@_^~40ap)!oe4K1l39#_J_U95B;b|PJ@6y0)9mJn_4<3Y
zu!#6mh3lB(N_aL9C84mMLnvk}coy8I%WR%}i>p3M_54P`m>_tVtIy;Q<Hv7briNxm
zYb?kj2E@2o`MWz=VgSbjG2O%Ti;H!oU!l_s%)nC6OVDGP($^EFAFr}_eFX!YJjE7U
zy(;5_wz_b?m3?FMrrp2nalZ_uBHdc9D7n%dYljI;t4&g0`&P92iDBQ1Fc#jw=Dt~H
zU?ixYJ`qdLH@N}9^b;+fveg&(9e;aR9DX3W1AG#x^Nc6!PbnUnsRMWHSX(ePek{Bs
zrSN!PXAnYy0J-J7l5~CN!6e%}T)7_eZ4{Eb1C{3jBGR6uP#jDPf##|$-#nUmmized
z*$L+!%sSGwmD@u4OkA(c9o;5^)=0uouSVN&T-1A>3&Nw7suA6E82#*EkvqCKzz<wX
z+JNcC={TqrhkP^TEEy*C3j=V<jva+gb-fp<_bv1AO2;d}nNTgLWqe`%-gC1mio+2J
z`uUSos2k^AN58T^6HDt?JHo8K4iePbKERaU%W+$YwQM!O&qiWp-N4t#>W}|AEUu}+
zcWJ`1W}#+XnnR5>T{a8WzgSs&v-2t}I%oY}cFZS(BT&9sNZ-m)(HE5hrqzax$TOUx
z*yIwGki2d&O6LCRYb+M<hzGe@Oob&RR3&%dN=jB?=)ELBI*(+c4tx*U<o?v>a_!sU
z+J~m~!MimM!0!lAEBPk@dYgwmxT0=Q+SvwHD#3&0HXMZr7|%nXn^LIA65RRbZW(`^
zg+5=Ta8b;v{jr<eb%x!LUd4sFWumRehAY#}7P01he!o4cW~C(r>!XNiv2AlGVf*+k
z1k9$K9v)iZx9W=W7(y6NT`oZVH&SP!hp-9bK<#`eThheg@-yHgoKouz(r*g{-?-u^
z2maX|CFueEOaxqvbQm#lLnAWMs3E1OqP0<C_rHmF@^~7d4$%VJDuY{l2{w@1cG)7C
z&aJ4JeOeRZL#EIM`+IkM$}n#a&bv~FN81~B@;TO*8=3E&LRT-d1T4TzJvl~@p!Y89
zxX}Uh07EYf|MBM=y4`i9+d^>O@p!VVP_VS#alh7}H&_xAF^_8({ccpRPM4ge(UP)X
zE5bl|K>0$FRer-V;5NdEok9(uAI-@0DklC+U3d9uoPb#}xHHwO)8Fd}cvZps`tbFg
z?}?n+R_GN(?)A$Nh8!ZBef^?S`4BkWW71Rw>b;9eP?v_^*&<&I6-UbP8?~L0BBCdj
z?Ty|y|A_8(vevfCt>*-RC%F3v`^aVT+~22MIya|_Vlh-~X|9XEhUxy(>Be1Bc-GAC
z4uH_x%7hK*KrG#8KQ-tv^#>Sl`1$4tZf+bsJCfe~5)Pf@O&h!bD|Etu{eEvUb_Zzf
zGAH``S<2gsVV<^UGyJfi-Mi|PJJ9>l?Nk9ZxpYR(gv0sd!`GvBF(>~y%~VNo+|@v_
zawYj_ljaxEwIM+f7ks`IuSge>r0eCc`%iHsAllD<ae*D`r@$+LRP8~XvV2MdSkCJ)
zuD451^5|BxzfE9^I+tTs#;&&a=-*(UXyIh^@#|!JJcZ4W`O}bJ%;HTVnr^w;&$A>0
z?vJDkbY)H#ux|wTJGrmZo>gsGlTcNZyS+Nm|BM~`E?=&IP&T>JczbsV(_I2*xdC@7
zPw(hi3u3ei3GVEdO6Gg0J4%eM%W@=nFK$2F)xH`jFZq=4(i@G?%9eF%KVE8ry&9zP
zh~F6ch;~}4Ywlbi?`Sm)#rC~__BI!U<++9aB=!uY+tUBFUXm(rN;Q(ghM|$kKVEFH
zHrf0UD`Z+wc<|r-uM0R|-eWE9tF?$!2}`+&J)*_7pd{DTb{+-lsegiiC3$yu96mO!
zuk}Uyc#7hS&A|krpj#knVrQ+N1}noaz*_0LW$e7bQN1r>)G0U)l@|)|0X+_Qt(TX2
z%_2S4{JkT+xi|tMYp6Q>qA%j@{dn@Wd+k`e;<tCGi)YtK_F8XXBs<|Gs=A7|Y|5ne
zR}mNep!3>71j&`bO>nESz_2@O_2xA=`pW6CT{H#KN6~)p`S9Ap1ejmON9ihTd*CiC
zJp9~VXs{Rp##&C5>+)nvmYZ6w5!ISkr_Tcc7u%mn#K!;e?tR98N<d^(h4Lw$YTBed
zOCL;*L7I*}9C>U!ND=&)vc9)eZkznQU-9mDv#-6N)svXu!tnSmCOT{q8BnVCUG-uQ
zM%b3CGHxj=mb<~$Wiu_^11))d-8)p9E}*MO2DAmvma5O*7lg1h;hj07=;>tXFv+aA
zo`N6i(=2j+<E;B)7nA=jw#5ZEQa<_h%4!3hMc}PutUer&zLLCU*yP<8RX8ZZ@24vl
z$}a1P7hO&VtV4xNYld;Y%%9irEa0cnlPp&*u1AHcLw>cwL}x4Iljr<Nb7@zN0b|mO
zbpe%qNxJB@c<gshmEfJ{Q<=Z}PFGMn@D!d@5sM!WMJ~SCYvw)*B)y8Y2FI|ghH&d_
za(`5~Cip$Jbp6#CjQD9(if1J$Wc7ms&Yds7cL~bT5RE9G$9Ah+Cv^t+Xss%=?Z_so
zn?Y^TTvyu1V!)**EUW+q1&PK`ujLlNE9X4~mRrtxvu~-776LA2obEP;tY7aLMc+DW
zJt{<x!~|M}TeaM@`0`f7@bN5Q)Ay%c3$tI>##I3d1YM#^@KJ*=!lo#umZJg(!<LD$
zkHNTTlR|*eUFfx~?o!u0=iTuby*UF1Vj5C<F1wKO{j%^ll^mTcu0oI@2Etxd;-mmI
z#hVe9or-6#kVzCEdPFm4V%adBQafJvN~=?c>ry9?<nAxkILbSXZ&>u%Gliv_<#Vwo
z2x*_eD?#9qlBx0au=WHG%V&>k$<O$!?<aU{G+PjGt4;DPx1tvp;)Bbq6=ForAcHIn
z>LSCXPd`exm&o&l=7)V>hr)To^5rnfzDSM$w6WrY>&Ix~YZujgmD5c`P4vXk!ffY4
z=x9Unmx4|FL_CO3)aPUfvs6jeCFx>^)1|bl{VH#knAH~}?4r>dGkc7DpZulTMq2ZA
zI~6Vp=CYWAI8(pUp9V7}c|QA*bWVC1rcGMtf`Yxm1tL#vRtzdJ<rk2J&1F2T=!u>-
zpCZ89KBLuZbEF$rTGzB2l%d!RJ+ns@Z-PiT%)E|31*TG8Q&&&AhP>(r!HL)^S9rgK
zeRMHsD!&*c)ry=X_VD_z6nyUqY4lL&bEcc5(e8w?XY@nEE(u_nJ}|5$+y;6)O)RaH
zC2Yx43sszbMQi!rBK$nh@3CH<>=aQU0%w#?_^KYsA(Qw{L_EQMBu_<Dm2a6k0#(>Q
z<LjS|?Vdg7<LB3Wz^7MoB5GPz^0dnIHI<tF0k+R`)-GeKU@ZT6kd>%LAwZ+_onX2|
zO8|$ji$3+I_4%phjr{Z6t@x+F;n$CW=VLD5&I11jIZx6`ek(*E_w=f0*+8KLwb`UQ
z>QkVX3_`++>yEyLYUh69P6ncPkfVx!567xz8vI==NN9JM5h`Jf1pWu4)R%*7X5i=1
z*8)D-PjPXzGHmnqkLB9yi(Q7V>6#dhHjIoam`dqjXamAjcU8N<X{3PlxzczMX{=>`
zcZ7f~f{V?;uavmyRQmp1Aaav&Dx%Foi`AWA^E*w0_5l(Sq8V<Az4@(vaVeFc_&;9P
z+ijfHi6+C9-y~&(91)h;tEh=T8?c0@@6?#*BLCjkAF@Ck(ser&{93~|=g3t3L7Wqz
zA50g)z(WOOj<ZMB$4AfD8Nf9=llqjO`XQGOy<S(lYg_JfV|Jo9oNn{G3}j&s62wg$
zOruU0$b|F57up;Z{2pDnEeg&aHC{}v^^41$^by=FHaI*4?9{1}U+!qTeA(K3?^0PF
zDr=b=dKb7zpp`&$bQX&EFQ@6C=F0k>L#tjkLQq93AX09n%>_4*ovk!<HTK-Cb=;n$
zISAR<ye^CyX)ws=i)SwT+Nd-zly?Ui-B8mgRpcdn>)6tY2p+kAKvgSZ^zwP6T|WHK
zpgJdjgY%Lhn45%}BZDeOOmv-2^ILE<yxI~)VWMD$tu*USrwA^LE78oS*ujtHWzcz;
z__F+zuzrDRi|E&KQqcmx_>QHkZBM^w7x5UJtLq6Z#TeRc1NKePIyzDLQOG+4SQ#oR
zE<Ag+jd#?qdQAu!t^x?`C(ErhA)!2QI%@b}daMQZDTn_tz$%u^FL!qtoV!cPGe<*y
zMCuf$Cvl-+f4dsevtb~7=x&5CS2!i^{u0<XQ9RM;SpB`P+1JKe7`?51umWzyKPG{!
zmbuY13roc7?5bKCQo#n;kQeu!A5Iqj2ErISY>U-=-EwfJa=&#W6CBxfOwYWEeYx{e
z3(U%x!u>{)+BBGvm&E4F!IT}Rbe8KEW$;@HMI1elf`%Owmb9x2a3CCWlaq8@HrnE&
zJlr+kMc&`s{cs1f#^N*~VQbNRVkTuKtlR1@wTe0S8gUV<2zucVD5E@lxn{+NFQ#)r
zKN!gtw^>3M2j)%}_n;50KFrwuoe%5ROrnt!P8#?er~WfbLofL(6!|*|+qcoutA}V7
zc|<A`fw%?s#Q#ySN%ZDU6meF+W1?`883KR$*R&?Hgk5r6BTu$mQksCykyu+ayJuxt
z1yD-D0q%G}U&&BY@g{bqrl5bLAE~(+>By6<0z{2mWs^Vkc!el`dq~}uE*aoG{W17K
zDM|h0Pi>gW#j?3jmH|^`gxDxxzVP%ym3l_X=|K?(qi2GjMRRdJkJasU1Q>NRU&F12
zyfq-DW)%KOOQA_iZ9gVBy$azJFe;nS)l10ni<DqgA7e?zoeKIz?@&JPgjwRwpD@PL
zl|_H0xuatt!EJRPm*$7w4@Q;Gc-W4U4_G|&uR#U;+*GAR2LCvrB2*$CWwfsT8V0U?
zH+*wymL48#*vWz@qaj=jj#kMRF$@^&e%Bk#6DE(|q=P0gH34^@bfdUVBR)G$*ry<r
zQGT|rr;{Y!e*Nm0zeQvT-gPQnIo&uL=3;qOc;67;(Z%`ZlPMB!nNF)5Qc1?(d;YP#
z8s<T~J=b?xLhqTRR~FCLrU2zcjj$nYt^y`7cFU*Fx)C9?PUOvai-zxkq9x12(=+O?
z<~xE&oF+?Zj{6W7t{KGsw1&V*fq$?6LlEgs_R9xK@7->d`nO@%ELV5cn~<j2O`hJC
zliPCe@2srCx7iOamdy6)T7|K%sh<a%E%h(+<B=z3VwF(dZ6A*m%{CqeusX~`<@LPG
zx}6DK_4>*lo;;ooExw&G?M$zp>EQ#%8CeJ3zAiGkj-^#YX>z;npT~egZU~qwSooUg
z3~E4@o7o&#-TS$T317YdeMx&+KS_VX6zEnF%5sfvpD%T`1cGmX456$Yj6lQA>^v{G
zk8EC%BgfH5>RA7D$b3y#;2D?J!kI{}a_w@5^{7c`;;boC`1xo16@6{5q&#-OMZM?j
zpB)XuCsX{d2X2H(G{<S4h<{ISwhr~5y2wOs0t8zT%~Ky!lduS3J7lAz^9!)RE4ZP^
z*u`3AwS1HHsDiPMOj1Ve64P0K;du=YT!jrcX`&$SPu0Pnz&51Pv~H@u;DL)b7RY(I
z?40^m@H!B9HIx}MKg>bJzO~ZRZCMBj_t2FL8%pS_xBf%N%K?7*T%|i<0igHlKEXTe
zSb*DmGdac-IQaF+Hr?F%8uo#^DR<tekr7x4W9UR>tbM^YKhWU`b=b=_{3<?a=U*S=
zfME>GkGycc3$JT@{qM|on0(_i_@-KDj-NXAr0>HTd)QFu#Gc_5R3&k~Q}YD+8eRPA
zl~|{>`zv63^21lg8)n)c5XV@oTH9A)e-YL3+tWR<y=+Mx=lK%$i_XWo@#k!dZh%L)
z==0!*S2V7F+R{#-(^vY!h^@6=k_~>g)@wfSo!$ODNJ}<=Q)`eNSqL#wE>E>tJD~1(
zrBzjf|Ef-=WPe3uWR1#=`75-9d9Q%lD!k)U7JI~d#yl_n;U68sd6%NABtLAxLy3y3
zvL1ql$0I|fmX*ZfCVaD3a&My0D9T)0zEE+x@p~k$?_Z0q3Ij6k29}5KME}y7KchZm
zt|B|6PfW*qgI+WWaG27eC&XUFXq-QDGt-vrdDGiT(Lab3&qkd)NCutS-k}8Zq9;PF
zOqO?6rp2dxu=ZC{<bulAI8yPSit(qRNRlzpH>}YiFXpz1dzTV$;YIPXNs}1rLlLe8
zyxxR<#X12S`S_bimp#yvIL4IB1Q$XpZ)iIn`yA1bo<H^E!`8wchJYgs$1*Z24O*g=
zG@#5_7UK%4U*kT+6?66^aA49JF?X<c6G~+BmzZyO%xK8}urNO8p^Zr}n#Vdt)ZGMo
zkK5ZoSyPkWB--qkjXBl8A)77vZMQFDI3JSYXb>MR{ydZ_t`^a+L{T=tHr6YzFqzD`
zidQApMXgKrtxO`{ey4=hiFxXV1K#vDEqlyt=|kqx>>_Sin3RZp@I>>mHUlgyh0|a#
z5lljS_WSSzaejRJYNK-cN7thT>*HDcLBub~gZ}3iqu*qF!xwg0q&C>HQIobKL}DXE
zIUW%+PG5o-43W05L?dQ(G__Km2+vS==@rOf>4hu%umH5$LhPEwi_vi)?#jB!mifAU
zxiLUq!4zt26<7qflO!Ymx2++XH-(zBD!E%-S=ROu#yjin1HXB6qlhe@U+M|9Od-gn
zTX&+Tp<$GNOZ_s?pG3gobNQe56jyKmJ&7l{yBIF$Ub%i<lgGPeEl%~mC(-KSA+Y#c
zEPrf??M@g_ynaC&aCTz2{(8s%+Oz%s*=D1YF_&>zph;%!s^-lZXup>s0Z;sZtx;d-
z_a@=`n*g%7t#E@(vay~L!#i!JTvCYX(9PeHHxY98<ptv1cfG>$<b2F+&Sg+QaS|xY
zbg(<zp+yud$QikSn2cz`DCpUsnk`eGI@zwA==kH7E~&T)X>?}{>>^JJHAd~qaoM1<
zO@zLVD}@lV{O4cDYIP~D!c6w)G7GHxXfD0GtHVE_Z-zz8MpgKaBsCrui&FnN-}-$s
z3?5sV$d;pJydDKj>!BMVPzbpXPfl_yFvB=*?A@m(yRsGeYL|M8wXic_7cEf?L^Dy)
z*|bk*L&dC-Eb64u22vOe>is7WotRrL1Swj4uUP+yLk)@jM%8UblJhfXA&Po^Lf_Jh
z_x4jWix;D^@JU>UhDkc*rKsq>_tw25oP0FQla!Sh2IfupdtUBTEC*k3@Rtre?iXT|
z9}>X`RS)(djFH)!7lW-?Jq`TKA)|jawCa`>l|FURi8>_>7OaR9pZ|ihfJ`-z-4lj)
zNidkrG=7&*_UEfx6vt7id)lW!*lj0M_|^wRQh=MO8A8GhoLxTIeJ-B5PhVC@$oyV8
zVD&09y_SGyk6p@X7hzqsZ#P&+U66^@N_tv!cMIOLQrANy0VPMb%JTz+e6~aD5`T$k
zPSJZ(fq7ZAOQiXMB;0W8>?!>bmRj2eN|yV1QiAu6v;t*dIOIvnsD0W!$UcB<s$lL{
zdbfkS$1o|}s5RK9IC1DCKTVD@ts8^N$4^@KkvfQt`C!qt@n1tbGO=nAiw+#%{WvRc
zdZV*}bK~~<m%bvkMNmw%SGiUY1WV88{)qeoRE%tflR^#TI5vtH7e8is<FY@<5sHho
zm1;$pKjzcQjEqw`4oQ(Jhpn?v3%rGUD{U{r>ph$=-7|nuyM{^s7Y&n2|3TeWnvGM5
zxBTN9na1$0nTlr9g^jgERZf@AYo)f`d1lhm2H%ZZnlL%(e}7*58fT;6z`?DC9C6GM
zcLNshmb4^bJYtA$3a|Wxj_IgJBVqY6%W6Qm{8Nv1zuXe`-EVRgg4KftO$SfaM>#F~
zQu_})0-p0+Sht2VKH(7&S}I3fPIU?l`Y|1jnMB*H5&TC+4+$YQ3?;7rIKc$}?5L*2
zbxCRE`FJjtjw#8x-v{yF!9OITJmV(9!(%aYRpU2s)y@&`vk(go3?9N?VGA?$3QTD3
zf1vnpJvTbUed?W)evdNfZl&IwSFQ7G>EJ+-ePVUNb^4cA$clkRe@hf_kDFH4B;+$^
zEb~6wKD0;qj~2p$?oly-v#;6{UD>|eM62J`dKRK3iK0V{MJ}AbF-EC9w&5PNBJ|we
zZ?TuWQjrG&2vY9z+Vt}->vy@6$b3Zfo)LD{{AcXC-?KaMD>>>Dwm4XRPw{#oi7<~?
zHAc6#JzL@!+!p+Vh3d!r9FX?JjvuT4Fto)=ZClFq^eP4xG{vEK?Vu0VxZs|OEd}fr
zXjtOW=bHnw=z$f{z~kw<GZ}0~(2dh<)`B{*$YOIy%!Nqtmt=rnU)vu!^>>q_z%cOY
zYUp-874*G8LmD4S7g~3il4Gu?mjAP$hdfhhEsd`A+VVF<INs}h`tFnNMDBa1^sHlP
zqR)otQ{vX;6REGlF884K-)oP^?x%F7dkDbrmaljQgN7R(Bs*jQylbgt1SL|^@E^e{
z?3EfuFeTqdNKsL>_Y097aN`UyEXJA^Bkn#!Q=$r5_h6AGA-3a!SOo@uK;mD}ZLKFv
zfo#_9W3wTQ=ip)_-}0XTJXF%HRvPbXERWR!SPmdOT`0a}c*ibIe2Mo}rE~8$rGQ5~
zcm$Q;buZAw$hClyVw+dM$~2?QPxZzedwB*netFyk62vy(NNAOj;*suhL-X|Y|ADCh
z86|AJ5G&Rr6n(DwW(QIX4NAg(t}9^AX~B7|eDATN#<=4_&1aO<DJkxq7`7!GdO5YU
zazo)f*<Sr)GX(r5Mi*V1eNO#56z8qMi^Xj-XefVs3_*XDe#O-$>oz^gGlqmu6Agjg
zKYXxEgvk9IJW`AAj9v>|RG|hPyXhdHCQV<B$^!#lM?B!u{GmaZykA`$Bk*?HxJp1T
zx5;3G1tX;V^`R&yX8m3P3nza1WY+_gmc$59A9fdIT{n0Odc`b;xq`hli+hBxQP}EL
zKyJqtC-*6}B=#}e9!9g>?+o8*%{T1x+*|-c%&_Xq)xe}1Bkl8oPyLC?jJwHZ;D7*6
z{gKRP4K-q2Pm#KJ*YmzsR{g+70v3rzK2Ijo>-LjKk`QjT#PY}Ex7?eysMD~$1CHju
z=$n|@Qrfk=TFz<!y&Us#TZQiGD;XAZtxvLMJFdpr&5DhUWXS>z6cmGGuxZ8IV{7}z
z9(uTd?;RZzM`8{xCt$5&r_9r^j2|t`8hXwadQN_@$@x7b2xrm%<7{;?_IR5|H-dWA
zdZ&-}lvH(^laBsNWmwJKU7?t6sF=)yt*OuOd@Z=~-jS80pa7Lp$~M=~hP4;ID}VKb
zJa~6o=CM0xC+u9q<1e+tc$x$c$%uJmhxOH><iT8hsc5rAKL<Rpa;1Qc;<C-2_(I}X
zVyviTXNH+$WWjVjJ0ckJuEl9SvHDeZzsnsV7tVUm;S@A$%AtjP>a^}eDR!G5@eHi9
z50LRUrM2P32YQBEC?d^do!CmRdI|h4%dX#3D|qa;4SwdC2JHQ#CALLI!pLDRb7)dA
z9PF6dCY-qj)zjPmp<nqiHdnzbPqZ#Kp8J0^Q>8GkPaukS%v0sl@XU^NiIIwApgS@}
z=Bf6FXZauZr{*JXhsFYZ1;>){yBfbOUV>7>)dmqufPIRp*%u9zL9NjGa@K~HjNK`>
z7G>?6ToZ&U`S<^40SIbmQHfl$@riy9WO|Y((sJUUqOe;ak38D`DP`39Vh7x4jn7kf
z0^Z#T(Se_dfz`YInO2wtG9=Z!+{yV{XV7Iq{tF&U(j2rn>QR&qI$3X<qo<2D=7VXb
zY-ZGw18GUTV`|j){V#T_o_Z{+&Gm_EcTzJ?SiV$x{m|Q}#O&a3LD`G@<(<Rfthrvk
zQt4i*bu9)r5vEW4VV(p#>;yD!X|Oi*+|2j4U8tdMU!}u-^M1ou(-6X5DqYn5$s-62
z^UCnfMZ>ue;gbSPCOPPdlRFb<*P_D)Dl5k(mgd=gCYgS)Re8hhbu)ZRcFnBo$=}v<
zslzdvs+0pzGZLbl+vk7Ft#A`NrV(e>A9|b!vJR26__Zz@6_+KZea2{=DwbLEicqm@
z2z7f<^_MT-I&{ak6g0(l=P}u-bzzWr{K&H8Kl!OKVt<QAfdW=l{1qI$`k57p6I-N2
ziB~1S!a9hY<99A{eb;>J?3cd7%UvDj>-~5ocoE8$Y$=9PsA*kMra(q5izF;@cVw)%
zo~AY`+KC@~yH@6vpH$<#?C|H!50*OT`3i2!rDw*-x6QT*ANQBU2+&XB%C$-RK20P3
zbqj4z>AN&xd^xkCRYWDW^6uj7d+O?64w(REH;clNPU`-uI`E+D5awt^2I=oCynGV+
zN$L-3WT=f&!&;4XXkh-3Qn*4MG~NEsH-;hO&Klx*sLh5gB=qL@#nA;+y3YlgV)mlW
z@4zkWsas?*mt&-QI|PhTqb&aSB}2*5IbJ(r+lw_p1qsk^{DHVksdx=gF9RmP%SU;d
zq2`xunbWcP&@mG(S|dxsZbhrz$8ht97dmOqnJ%~BSMWC)eQ_@V7DZO?md%EC=HmN1
zqKS9!m>HBVefQBt!q#`y(!!EJOaJ1SrPs~HL0b8aS3LE61k`iYek7aFn{mkOsmHYL
zj_94Ec%mu)`77Fwc>A;t7E(rJv?Dd}dC)=ZG9_FOUo0vPpM5zxQnSJdvw^y_ZgWns
z=~-n{0Zyj>GWq-U6AtaQC3u?+;w)wo>>0CO1<rrV#E%KZ@N73Oy9vktz3oQkI&Lgu
zp$u5v>X0VBkF{L>(cqM24rZVkGh@e8s5}`SU)hbZ;?>PAM!pDSHS}7apmjA_Dn0=}
zIN&{sRu62H87N|vk)Ta&L-rJZXL*#M5k$y=P3R4-;@u?vkwsH#Ki3&0tI8cUQ~l<R
zoS$nUJWCj5E_bt^6x<>W7$k+f*x+2jCTu+<hF(?tiK6{h)z4!~e0vgpE<u&ZE-MO4
zuOze+QH<-PWSbb%q~EFV^r7*M^+Y<PCo@bO`3I*S-2OP%=Q-0~3oe5naCO@+I>R@v
z@5BNmajFB7E^4i5{@q<LS>FJ%*8y{fS~U8-<16-=F3HE{Y0^o7q52iG#PNRt?E`c<
zi7aBHy<ZXtLf{%*|Ew!itlJL{w3mBZj#Um-wy6(`*yJLVGCa<C?;~(S#r=4=K^X}6
zU4n77vd7elaBF^y>GmcFw5J^<<5r1!#3fDw?ILf{R>}_ddXknm_!)7T3<6<0P10tg
zR^>h_>vuuqsgYCS``TZfjQjSpP(Rs6bn#w0OV1aVX{IwM4MC|aIbp4BGWQV-V5Jbo
zQtL`gam;O+U`An!?WKOH`QMLff)>+dzG`_|YwAL?-DBkUan-^u&KTH@3t?>0QIBc#
zr3(($&^U~M8e*g*gVm$=soLed4$}`nsx~`CDNySWCAvTpb;`Eojy3W9H<k6_<bkA!
zPk7hDSHR4{gxY$Whx4DlPHhjvP~m1^tqe>8dW%iHt{noF?rH$Lg#RZ=pk#(1%PL@%
z^R$=4#p1^hC1KP?eQiIn62BF95?F@NTJfgd>x`Uf0DR}hwp%Lxq8N=;8(K%ac%jyZ
zDQcrLe9FCY%^uxGccr6HT-+n?(JkEjg>=|1I=cU-J>M=<W1MM)nYp=4W%*<yQ{i#7
zAE-op0NmM_wYs^eI}9D&flU7ROp?T&GIwJARFG=OaYmv7%b`?4BAvNAb@vM3vYS<g
z6~~(Mr0y6mz`^(|4_Ks+idg8Hl=895?ExV_%?slL=Ua{>m8p1~`714n3^SLWg7vOp
zN*L?jbB$#@dDc*`Kj(qI&k7MPGJ#eP?C5&634_*ulp4&Q$JnKv>dWrxv7F6gO?uwo
z$U%+lCmmN=Y8r_GqZP02Da>S;)?#_y^Q_b6)=vU55n%3KoJ`<%wRfD<(vIEOPGY97
zeFh}DV*~i^#Aq}KdhI}QUqh)rulny%9x(ZPX{aeN>bF`aM%33Rdd^(bZ0&7rC63Xp
z$}{v;6R_%fp2xjk*0#PR@d);yf52Y&(7x{ASuH5IuZ~DS2PcurA(mtSe02F}Djg<1
z-`>F`DMxQlEH%<8hAYL#L4Wwbj)W4kVh=b(<EO<bU-e1Tbm>oJY8djZhhw0z#yEDs
z&>#!VYciE?_wUP^0sPYoq!n4!EDh(A=V{Vws``r*X|>Rt+I-mMhQNy7x+eAK5wHjn
z{D2+x^behSfGFB-V;KS<ul70r(tHIcG5&g{YVn0-yLgX95s0;*tMG~RkP&mCVMA+)
zxB7&CPe3viW>_<ctIGFrC|MIk!v8FLc&6iRK#|Cfi*Xe1i}qgKZ=IJ&p?1<vI`W<?
z9eZ}GE2c6V$dv72d>bj4%r3wC8Ad$l!osLPnO!lcF|f<TJk%aRk?l&cTkflp^u9iR
zArsUe)5+OXu~GFQawG6C`%wJhl*QKzGWO^NS(Uo0-R<!`+@iQ=raDdHxH6pVr$4T}
z<MfqYT*D{k(hch9s`ut-v8s*ep^bc-1`?+Q*N~rX(#dy=R4nZ6HpL@aGYy{gg1il;
z(Z4~Lw4pEapvb=$cT1V|q$~>Om;-)%*{kid<=Uk5RI`D3BJ^Q`im5vGQn<c`%|bgM
zDe2+mwoT_e+Z>`9ElwD0U&KuMDHF$=Uc3+qX7_<V9=8T16if1U%ixqlW#f8>bS&lP
z^Z2AiD|FJoP>k*i#Ofnt!%53QZf_l+dX^}xe!(bExo5WQxA6@cfN=6WJ)Ixhb-6Px
z|7#p-@bQo?CDx;pTmPZRV;n<1+5EchAj<7(m7b`pL<MxJENh*g=DuuQBHs7kWh?o^
z7yT4n^=|pNv){r*X9<R^4$tFs^D>_CWcrOc0B^DsPjr7i%&116PI4@xd*z>Ys^$0Y
z!-6Zo{wENs{yRIOi&2I=<F}=H<nIRHU_n<J^9BNMvb*@VIj2W9MJH?%*SM5i#YQsm
zi)G;FB(+QCXAZc%pbYbmw->7fNq=tBYxAq$JQVHQRxfjg8=c}-VHLra+4uD^e`M#s
zMXN`L0Nc~G$&zRsBp?drfdkSUWc<RziTC@oge8&;V*b194e))X_+la*5gI2RU*`m!
zG`w8iP!we$B3G$anbKE162e5T00K9d9sQwv^-mM$q&u--CcM#deYF`axExBpHnmoL
z!O{P7KI~tqMyQ0V&c+~5GbEo$&@Wtw{k(6>TW9&0@BE$`H-*^>XK^cjp|~{Xi`mfM
zV)6tYBO1p58&f4V@?R6$G?FE@N8{Cd9CIc#N;j|!A}p#q*0vGGg5H0IY<+etMTft2
z5pxCumq5QO5jGzHj7(oS*inOZNy(SPxO-QM8dCG`A#MdN`k{X6*-TK@8S`rXmg0_>
zjM;&N>SWJ6vS1N=A_KKm2OBnl+Og&A{WlN7Ii&0nVH-;z!%66){X)h%#TmwUo3(zn
zrCAmhcJsbsOG?zgi65rlrurYdYTEa1<U$sd(<8wRWu14xu_Z~^>)*5a|21=xI@)Tb
zTiV&qfF80q&Nx;*?XCGjsiLexMEj!NcHXQfy55$tV}Zr2o=;u(-m^*mg8DG-Utii$
z;I-#cXDgPgMvMjs(XkG<)4Xh{^1s>HQeR%qJP3+|GTwwK_7>9w*D^YPJ~KjDn4=$~
zjj^8I*=|oFJ3ZRiEW+Q76}V#b2k<t+SL&bK`<i^%E9Zu<@UMp~LAJGG`H=B|nnv7)
zj*iiBzISm{gsCbdIdkp9hEM6O5KPftEOD?0OZSB!HA){THUQR@r~^i&sMp_<w$Y=Q
z5kIj*w(Bioh`cmXzo9v~Gh6GMdr*O*EKl*wWziIOEvQL1B4`{=*O%YnTSw-+{EnNV
z_&wZ=%n;8ETtmeZ5*im`R2@pR4x<LF^u`!KcR8r0OK>5QFZe?H^G??Y+03mA1w{+W
zm{Fm!1M}0Ax5sMJYw}5>pGWU&_U;4v1?_aMGE+&kAJy@&Vp!IhgqOz=+YRa3J8t|9
znF57~;vA9_&84SNhifsP*p7!iymuP);b}3DYG5%L(rB^w*gsjDm>R(cG1P;GYZXgv
zHQOX6AosvL<mppRk24m}p+9aMnlX#iO!qol^Bfk|+Lr;wM!&T0zT~`Gefi?5UrJFz
zC&D^%SefH0#SWVXFNNLRuw#9=>kj!#@Eb(F$I4aK6|T=hZ`$x1HVXWXp9g&Z9J1lb
zJZ3!!vfyeOpUQwbgNwSc=hmzwHx4jmeyrA(u0bh-o{`WZM;rmvdM!dV=6kc+KxujZ
zk4g`!J=-WG2aRQH8ia&WQRr2#Crc2Y>9I^tb2hH?2T^U|7TJ5KViHNG|NAlC@&f^D
zpqCIC=|(#kO3bUq@o}LbFTUwlzq=VLW}0Yu^ZK+2O4)dO=+_zNkXb^7Zt4A0{@2EC
zYOWj*UxXahnkH(x^I33g4osVoAQdjmTRG5fY<^fNw7#{S%QV*<AT5q?N>E@afDG*a
z$Y}TwgyBZJwK%av7hoG4z>HK%#|xfFfgv;dISvVli%#;|ftw(YhgBdHE_Ch@GyHum
zQVsdemM{Ly9^BH){f$_N{<(q<lT4_cji<04%GhfAG8H@440Ikt6~-gMlN|5W?Oz;N
zbADb(#z@p+fz5qTmf>SrP$n^uk-pT^UAy2{dT-rvPY2qg1raMA5(38K{@|j3SWj-P
zjCUVyN(>wgy4S;9h07@@g5HV!?EF`!3CCCx>$QJW&MyoZ<LLEk^i0&MuBJtN9x@sP
z1S_$Etll?W>JInDn_*3K?(tN2tgJoUp=elEKPHPp*{FMf5XI@20{)OB3Cnh?zVRR<
z^cx5$e?uxXCe#O|5?ZS5DNy?E62OF2)Lys%q?Kj=ZkPqMXYPzjPLTPXB(yBs<B>Pz
zhXcoHemqx~Vtrk=pht<I9o7;{akP(e9O1Eo+|p=MQg!4*;VO_?b0B|c&3+u!>8l-5
zNTRzOe3x?oqxZdiv3rV~07B?wfsgfDaB(glN5#Oz9bec#+yq6JbRFcRB-71qm>>VW
z9$fynoTY2GDe-Z+MTodhx+Q#N?&K4dSyg1Qpevb1S=9J%zZlj}I{w)~<`1&`$K<F$
z?>!ehYHJw0vj|P2)^8Ol2zR}nbW)1XRzUaE{S_F#13|2jDwdHM4)Rjl03o#^b3O#_
zj96yzh^n0k81DT^*qxD<IK=!dtWMXo#9AD?_3liarG_I%#^p1Oy-+Ssh%%UChE4LA
z!h#tVI2*06QN9tCLLpwTqp^Wp9#x~l5?szFcK<c``2b*L<^Jir?AKC9dGma0eQD6G
zJ}|T1R|-9UNX=4^_DrEF!N7BX+Ls{i<4QtHIEVYFhoS*F5H|{r#nI67JFr;M%YQTm
zt=RL7@4v3Hs(Gxvqps?DHQtCw4}J~#gpD`5BpQ*43b&F)xXHLgB%fsAJwO!RN^F#x
z_EJCl#s3Gq_`)U3O8TE8W`d&7iABcU{<|&JQ^~){HV)DCOlEp$YYuda`1M+F!<-d}
zMl)%ZuwT0tL;0J#-s~Kmw*f=~)mY8v{^5n2>-mKBa;e?~WIXPA|Fxc-qK?^l!53N!
z^=dL6be%3kT9nD!3N>w5lVTSu95&wOtYyvJ=162|sR}FYR*%f)F&l0^DRb-7WlHA5
z7>jmY3644qq0iUc&T5+5bKj%<N7E;4zc-zXk!!qVu2E;M8Ybrl8hnNCf&V0!MoN?V
zVMkp&ddMWipNz~xd>zRb|NMBmQfCVx6}kuE`eGfzP8j(EXO8!*J#7n!U)(!_(U(bk
z4V$!nYWB$P!!K!2X&Ay9Gj(^_8L>AlK}njSvh2&t27pwfBA>bf2p5i7X(8lWlL%pV
z+?^77WO`#qq`2+g0rC|!1Mj{Q^G}3>W8Gdbt^WFXPP^kiEsmFB!@ow%*Opspb=qh0
zn0kOc;p5k)W$6gUT}n<X;d$T<w!w`}DK9TVA59(Ay@7Y8vEW?ZjNOXt-Xdwxt*0kA
zPOqmX5EJYEN|WNTXkS4}>OrZJStA{cK*9OD9eVu-kg!^e%hZQ%EEVIO|9^^VXvr%D
zk{jlWpmM!BJ|&cb=(BtlCBBDNL*XHCNUbBl^c?PqWa%@wCK=NFj|q|3BMe@mtD53k
zkI72#u)}ITLzk$0^Pi@-U<oD&BJ;MDIMVMJDjtlSs63;IBno*(|9jj*#o-sb0uyHA
zcb2tGqw6fy#j)TE2IWcDxF<Rbjf^^99EOTR6>(1sz7h}UtR)QRu;xTI#?~RdBsV0S
zQ_*f`DLF+9*y-Egf1OTJk((SYb+UE9m#EF#hl@9Rb82j#7V*8~ch)P4bKn|zuv>8R
zNK91>8*OM3;VtEmoxBji9dQJ*1jc9;{M#fmL=nTHU@eXsf~UIl<-jk`j7n47+8ce^
z>r)rC!3r%HH`)v)r-&P7UctX{*q`MdopaY$&+4*T|56@hE1x>th+dE8O_Z?}F&NY?
z;CE4VdUl91q+{YpxYw|h!MWSal@^S_dJ82=kd$M&e%-SC14)LmAr;4%d(>$~gSOB+
zM&3^1ySuV#cWZMr<nZiwMJ({U2^2flAH)_<*4-t{ZPLw=oV+oSov6R$_7!{oBac&;
z#+eH4>vN15c<L`LhIY7vb!Ss!6<c!PX_%(g3k`U<=>~`9@I=7>-h&qNoY;BEdJ~kI
zD3QF)@g|C7LM48t6wIiOWt90^h^V&(-#0m?8yU}hcFobdM4rz`5DKQSYFT?Pzu>{T
z0DV#gboloF_hq7=w`)JurGFaM#dHeYa@M)|{T0JiZij;u5Jw9wqFCFl5g+ENCb~4r
z)|fV?=cTTg)LH)9{z;hBC_-}gHR|m*WN|~J$Ctk!U&V}@Nr3%fgzNffg{wob!ms$V
zy$G<oTGLJK{4ajO_wP%apB=8_!(9rJJb8;4yKO7?@%cXgW1cKaRN8z;sK9Kf&H=t?
zgZt?`#)vh~{jA~s(|5D?>DxpPJu2@DP#b#|1>zh~ij&>^b=24Dz&rB>u>7>ZVBtZ)
zzOFxbqy60fTb{-DdZ5bxdIr$<{rftnDdGCor(NRdf_5*-2q{ny)pw=;>51P=3|eRa
zC<0AF5VfIKV7<9LvHPQdtt;6>wR0914Jw$V9R0nu9jl!hF5ct6re^hLyX5STOWl5M
zW*OYLvm5xYGyjU)O;lWuSBP1EDbTL{cH*%ku9xgU-pWUxBsz1Q3o*b(yMch`LU^$(
zG8Q7N!3-uEOJ#>v_T^z_Bti;@Dz?4ny%u7T8Z~k@^~;bTXK(oBI^oUzCkvG`KPW*8
zKA^HVbu0ROrd!tag<MvQm)H=`I|GhL#o)Ff0Wa65@fQ-Wuu(TF4JLDufCD>}ZX;!0
zeCQ~w_uKogZx<ymi@{XG7C!<@+}E0d-cH7dVZ>M+2vMG%{pV1+n;elB07bZV3{pOA
zl{)BHTg|^0Ar^%zX{24V@y!(otbENLx(Rh_ac8V)M+f&49{s@&E&6--#lv3@nv1Rv
z`4;u2GPt?)r1U7!BidV6%3HCk_U(}qA<IZT>!k`o85g=g$R>=8P=KPh?TLx`x!D8s
z+C!9FQs?@|^z2G5%J|-&gIG&Ct5A`=z`6fyMz{43Bf+wKoD*L069_j$Jt2@+WL%`i
zgBPjbBjD4DC-SFSUs*K}rl1v7qQ<W0(fKI&Gxf1l?a~FzRNSW2*&A;;3vHwK?7)Mi
zacy=%Oj<gZQLt~TK^U#ud`u(g5QLK8qYAEf|2N(K^g_)U+|0*=rw~3dluzE^jli9k
z!rExUj|}5SMjcq<y8N9rE+%^g8&XwBF)2&Gjdg6u@ev&sLMsW3j*b79$vSc9{(WNU
zg70;{TYfd*p(5sxFF9aR!ix@igz6g|3CEDIhqA6cA3ux$7|O5|E9m*LaS6nUgkjA0
z<Mw?>(`9G<d%Pma5(9L{abOtb#}7v!`*&*-l|$HO$ax}L$A6ukYpWu8H7Uk@szo3a
zJ6au~AkAxO2Pj?OYMzihOZc=eJsbHHA_wxb&~^;5*qerMjEYIHSg~5DGn%{*)J*n+
zjH5*}eMw>rSVT(2sKU?MPb%Os3DR|%!b9Ib&b_?=I;EncR@xhr2vOhC2kz6agHII^
zhnExwY;`-aF<1E<!53&{omaoA{}ZRlJk+PL;;>?Rq4cX*6meMr_BkfeZ5t!y6=3XV
zHZkzz3_`r&aRvI?*E|00L<+7Elp0_f;NTc>v_o=|blJaWAJ1j1`QCCk1P=_8$EshR
zz{uVvGU`3{46$c^Bbsj$0>|BzlUm>TFZ`-L;+Y~j?^79I49l7xZ)ZYjwkuVTW6{Ud
zb3rOQ`j!a&x)rKLiciBqT#O+k`$8`Oi{8`vaF5`BDWC97A{`FE{Jc-E?D<2<U!SE=
z;JEI0JxaGV<%;3453(bKHro6Yc{n|b1~%s)X&+?0zWDCf$*+g3)6qP@0A-#3`P&N@
zGe&tX&<-s|KAc+1G^5lBuG3=^;l_um3H~$2vcl+5Btg%Y`)j0-b~Y!<azKL{B;Lad
zrpcnuIYpdw4=Rdv`D%cyRX~OHazu8Sa(v*&QUu#Ow7m^H&$h`r0qp5ws1Bd?<nylU
zNZC(pIL2VOhCoyu9~BFt(N1%XPObN@+K5~gU@&l{cx4)@D4z;xFaOXPxCf~_jKiAw
zkF|uMdAf}vi{J8NSv};F91fBy7i+pV#S-`8F|c-;y*C(_K%yJ>&udlB?`}RW?+Ts^
zug$J63v4exws7ui5y_PGBBi5QvMoy8;uiydGi}D?s_50RIkqg(9>FHiVx0(crqG-J
z7|zG)=ng!bw!mJ;uvdVRnZyvkYaV>vpNqSb*XleN<#AhH{Vs;n`_bWY_ZWV-#aEFr
zWKd9H)fg%8`AmTq9r1v3AX6HM!@dBI6{B}vwq2O8^}A9W>ksyHpTB0i87i8AT0;oc
zV!nsG1H7vi$^nnz9;FR^i<aLv`qt6?NlF6$d@t$i>J=V>NN$|Kr*S7oRENzhCO6=C
z8cexH5LYcY6h=m{S6BO}PeqYr(Kfvb)4x}xy=h?ugJH|5KD3Xs(SC(87LSE62jXe~
zf=@s<Kp=Z3bueCT^wd=9H|@``w}iwuV*T9VGR_N-ggUoXub$t#xy?5(ZY=CmV)H{b
zUb{B<P&c<#<&k5Xm;L#%-|{jVw?cJ#IzL=7y$#xNnTI}1Igg%;j`3(4K5ApMB9r;&
z?eU|kYG7|5XUr_;3Pg{ZKYW5xL+T^fw$r7sQ%B&h0H@&-aOM}Zz(!AK0Fml>IhDji
zYO$XKh_TnkUWT~`@^Y3;yF=;SF74tWpPY2Qn?<zL{8{jPD(QHSQ^@|{dC-S^{7d_q
zPiBvx+qD8J&iz-bMw@Y0Ul=7|W_jO?;FRTkAYu;fKJ3a(&pKMA@J&M*ug>nDJFfI}
z2A1kq<24lTOW&)Pg8|g?2Aa0m)%P7)w|w35X){6cxTNG@-Wim<^moavGsQ(n433l<
zshF@v#rQV(i3wlV`+(KZt(`(j)t>ICjAInLr@so)BOxQ}ExqjfLq5{~FxJ}<2G^cn
zt&(V(6<WE!QoWL?`wr4$ngU(PhEcsc{ym!ELbMN}JO&Y$pG`*SH3y220*knWBh!uB
z`){V~zUOPw7QK_t55<VVecH8Ltn{XJdr1RvZ!zHeHvkel#1RiDa^suS;A>O79*d=Y
zgWY5AkFh<g*#07R4}kYm4USG)v48eqk(JBh1bpV;?3VJ8-^JzqrV}iPscw9T_;BZ}
z<XIP(V>u%8nZEB$W(5_4>a%FaRaUCSfDz~~^@KjP+kZ53*x4LjFtqpOY!=PmcgU-Q
zW|-+M<`aqL$IUvK{fIBD2AbH#9u`#t7=l=6!nIWJr4b3RjJMBEaa{cGt*>mzqovvp
zL{;iOb!!N%e&9hUx?b=hBV!D%st*&$@gN7E`XlLI6;!Ie+4GtYeoFV(V_N#|7%iDw
z1>FqqV4lveHT&}Q`DZip(P!cGsAeSPj^lKV;)h>8pVctE4rcx=2z7eDm4=w85{;X-
zVj2vcl6*b&YLFV@*?tt|5Phnc9sQ$Q{MyfiP<fLwI%73)+U?#L$e$4iavd7=6ZrIF
z?e#)t#8Ru&4G|!7OSEUBJNorky3Y}~W&wISN`5YCc17c^xEa#|tm88+oGq^K&K)l>
z3we2oi;z&%^x{!m?r;t^9#}6k2uhPl5MFjHuEnImIyuo_6zj;q@)XBXtYUYi#$|cF
z8=x^T#cvSWK5}yi<gR$mcBM)eS^Yt)jdHAOA@RM+w%AcvQYZJP2<=ybLcm$~Np0bd
zI!p99OfQUX@1Br{3D)xC>d!(tRgP}_kjAxM%t;6r$|Yk^x37|}PDXZ}H347s@V@*m
zKIp%DHvCT1&y&QykTN_V0bfGI@-ee`-hQwewti80tbi+p;>$Ld&$Qmrg%58}SLgfm
z89qbU7CcBW20yS?6Ge5Bc~aCX@^WbB>Ly{fqZ@9M5I!Y2Jnt;TEt#agIi<@qh-CFw
ziV-VI)Ddnw#}b{<Ov2IV_Z^wE!FGGNByb$rJFhG47BwrJz;?;p=^6B(`QAYiBHI*`
zT|)zK5z0GHL&~ki@BG+!NP6?v*Dq7P{gV~L45<uHnp(T=xOsdEr=H+L<h}JJZT|1h
z@xngWKMeun6_j`gk~|{~iluwnfY^I6Y-M%;SgR|q-@nqV{E1;~#-1#3{~DU@_Rh5k
z6Mq#ln&t_P88M+&O_Ex((x4!N_4jI^ed=;==%+vRgth7_*Zq>kCTYB4QYS@{(n0>z
z_*_}cy}_2h4Zz%K2m{4+iUV8v3YLVSmgxD1<5O7@bufw~W^Z%<?fUccj+_(lVw6MV
z_fJT=tD9xB#os@eT~mW=`s+mga;@A-C`^Y|{smL`we$7$oHcGq<MMXZ1T9qJq4-K4
zdVjW4yV^u2SiVAE_Aj9wqVB1G0fM#m^nvD~uK#1|J)@fFpZ8%A=_nw*h9X4)1ELf`
zB3(s5<(48PbWl1-FQGT-pnwWd0YO2EAVrW+rAqHDRA~W13n69q$$fu+|8t(RZ}vr!
zvzz(M%r!ID%;@}c_=tp8dl$LzncxeVEQ7{dQ|14{uj~v<!&LxgrF##Slrw)3#V}TH
zZXQ7D`={Cc*9KKRoY@nURWd8jW@O4g%{7H^LEpS4v#OtF8d=<y7ww4}NBY>Y^d$<`
zF}(AfzkSm@*5^FkjVsMz%tG%0lfDG$mLak90N)=did2B1NmLzR!9g5jbXfPphc!+-
zO>&4xbn0|$!QYxgSj?JF8^&{PH+Q$uH-hlW`5RwR+~fMqMQi)bSSUWDVFFlsS3LAz
zII-jY;LCbE(D0<<lVkTIl_Lda4D4cT3_)XKd=fz^^pgp~B;w#)e7r5n%KKs+wI<+N
z(HPv|v&Q?;wj<8=_)kEG;Uc^3#z-Z<j}xASFc*Uwvd)*ULaAcvu1=d^YD=Y#2pgw6
zprWOhA~8!uAR$2!j`%~be^LlGy_~Psl?v~l=J2EBimx@hM08niAaC6yg_BR{?}WbE
zrBn-DKe@v@yTn6YF3=RRTx{Rku<HVLz$${Op!^TWoV|RT31a>V31YH1X8m`K4hN!I
zJL5IFktr_k6kd!YRAW{)OfIOk=)J6lF85pdrof-Q&01;-J=#qS%<^%*zX04zt3&(i
zKh&INCLf--ugD%PH}pCqjp&*cF6Nv}05bnv#Mi<`T4>o}elxHrmgaSr>mn~a2>lf3
zpLAsgNW(%2?4aWsa&5@y3BZ-pwm<qwhvv77@QD=OhBcS#WuEixLdLH#MEyg*+YfaQ
z8M6CK(Qn!)%kF#;Dc!im<CKyjsujkB^IS2@Pq?-+pnC>N#WxSwhZa-Rr3=>eSP$|j
zj*7lU4Brl;FBc}eGj>mYD}>%6yi4KD&aw9X^{t^LVBm+MFbt2cY44R3a1Uu8qYvNz
z#nN68a#|HRKc@?)y(Z0ABcBkm^?J&l_4tPuI@cAu0F!s|4_4lai8R}7d_8hR+(+>E
zFO<czfoJq-6Mj?q?p3}`RyYQ@@6ueNnjWRs=4FUWHLmi!a~5t7b^&cWG;LWLj9CbM
z1jGC~t7|hlhHYoobl~PZXy}woKQtEpR3s~8!%P7*xKvozU9&8Hz~x&;ndm2Yah&*D
zoh!}`X6annPMZ3<uA9pnTI{$$O?>hTzwO!@W=nEjF1ZtzH*SLIU_-7W;zV(rlsHiA
zitKu3-sN-#sXD=V>Ng=$zUP`2>dY8W*?6Q_%sV^yzV$S9Q2cIP-E69WpB0bax&h5P
zOQG8I14Cvm?}#t{MAeo@uz%cKmlkjwbSd-U-DU&#gtmxdg#e1Q4y80JoEI2)UC2_*
zIep#Om`oJSY!h~S+<K>K&d2k4hbhNrN*;|9C(uN_+kJ(uP|R5*+4$}4wS9?F;x{Er
zr<czd!W)=La#SDV_M6DFSS98)7WL(a*pYJ>+m_cq#)u#l#5Voq<FiUu^0%Kad@=GZ
z)Dmg~^hPO&L5Zm%0+gPdQM&U9aflR=HAe7HZzP3{m;T{unqK@n(BU%5)L?czMQahA
z+}Jx8N&Q2h%CU}?bz_1}h?G+XQgRM0odWL<qeJxVX{71~ZGOrJs7IvkC15*Prms`c
z)%yfqB6byiQWs846#n9I(uQC%MwCI;FL;G?M%dbt6rkg+;5N!^Vv{)M>1-><9vyV$
z*?7p#H$|4I)RoroTcTM4tP;L7clg^<x8(wtmOm<)V2m{An*~)d$W_#2x_*(X&>ezk
zk^1IXdiE^W8RrWyMZWjNfI-XXazddY{i>bnm9rWOF~&-8xAjpUq((-HxBvH{f5)Uq
ziLDK?-tr@C>lYY9+;1MN)5%Q?_FE`(&Q0pI7)*~{=CAyGLljb1<_tFm7Gm7_XYF*_
zwV9>%T0D*V74*T=1@DVEI!pBN7!XgHpV%+6{wI?<gHrlB=gXlP3<Jg$CUqIW*d<?K
z#}D7qAF|zR2F&q2gMIE#t8huLztA8)VqnT4vmWz|>@7cI1%c)tuYK1z)0<2e<V?v7
zixR?SMI0<$@KS(5-89sKJ}@+Zn18CZXKm+`b0P`3lP2poJ!x4D!!1kZ-bsB+LIfJc
z^i^<P{#ikAKJ!FH6YPh)Hv?+*UVx8t3fTRp{as%@dYl93V?U<0JH4x|i`?0*j~}2J
z*8h-J(Qv419b6FZs9eTEsM((Sim=*6P)kU8B=%^W!mxon!7Jv~cVo9;-=<5*6Bqqi
zv|PS#CV~|LL59=7kcDlrY`xSuRG~o+LTH(?l5{mGto(Q*;0vIYwmzwo;B`FWz?=)Q
zaW_o>*@26CxN7k~ZF)EfgwIF(0ijewGFI|846X(2H;^Zn4`11;E-Qc7$XGr>{YsR^
zxO=cGLhEh>Xf=U?yMr4tSLeV!{YR)>z(x9t??*h9!UU|%Gb&M_a)yhqt!{Yf%D_*o
zr=QP58&M%z95Q5hiKX@tY4t^`(Ftm4K1(YnRW%;^*?`Hy6V+{rRXKaETJB}1O*5x2
z1ev5k4myrH4{5d5&qb<d;4=FwFBSrf1c%rgCq~#j39gyJA3JGjUgK-1pGy`6S8L86
zI#+NKuNt(tG!p7RS~spg=uffeYfiYIb02`-3=M7Ml~`wms<x+Ik%gZR^6!G{@uxn?
z2y!B;XuM>_EL1+<pXJhLGDYa>&M{{_3DJb_(F@tNh*dUlS)?tjH4OA1i(^5ZYS`m}
zz(8_i_cxtR0%300f6g$FoBc!hWQ@P7Y2>aF?QXZC>Po5Y@IJKjco5+_JQ&ps`cKy9
zS}NSiaH=4)gR<^K-}|G8uMQ@l%r_i(6^q(7qV*=gxeiV7+(3>JVU-ebzRA}V*E%rz
zl(J5cJV6DalyS};U4T7(7vj$!8<BccFm75E)3S4Y7+#}k?}oltYMJLLjr(}=(`F(R
z@-POO(smHW(m5IR15*hDpTCmhX(_x$nsWui>vCiA#^Zq*PHJLUh=0f3)7s%O^l;E5
zSikesrffXR;O4w4&bvGq#WZ*KvUA&~;zhq5&Qf!FXB!*v=_O1zf%^~~1J*7?E~xGc
z)XgM~yh>_cuet*XS!v`uLHqB>vYnjs>t1<n%zAOpUi<Y=(#rBjhPq#bm42ueN~5F0
z?G?uP!-4TMV3+0)jjrVW$=CeH;I%bw>fO10^H95<T2Jm0@~;aNZ6D1&_W|pSU46a8
z1ZD_x8375v`?hIki!}gp`^Jy;N({8`o0OPA;6cF^en-Iy*HbVC(QQf@XA`>ug+e9s
z`9$y6X`7|cZHddfZehnF&bM!z3%$iu_GY({`a5kq^=0X~YhfPF)T<)LWUB{vdm3ny
z$8#Ic7c*n>H=ZX)Ktm<?&M|}w$+K;>qY7hc<@w5fI@vwlG2ejmeGVtU1}f%-=ToYF
zgQ3osnP*zAsFz30(S}T)c0{cEEr(x<ixl!~y>?^oC<J$w6Jw-)rbb!@C%XftVh}R{
zVab61V))!$y2Ikaih6SS{o{C1H_SmdPRVdZ=r5uXUujtQM%pC7jwU_!dpCLW-9Gb%
zrB~yx85=S>wmQJdm2{f(N;lTkv*F@UN`saP&LbRKFk&WR_2MI*_gNh)8J<Q3yWO{6
zs71b_oJT(5!>YXcp$N_tG?=Muu%92SK3t;H8xZb5lvT{$Y(7qo_g@!U>>lwRVip_m
z+p4XJ?R*=@a8Yb|K-^V<|MrTx`fV)l<s&WaD?OadiE)?OTh%o;0Pf#E3@nB5&#=5v
zAwBYLHJ_^HT7FSLGxkalKD0{tIL)B%(Hk*2<@of8&AZ86Hb476M@$qNbVv`S+`_Y{
zAO554zqv)Te5(Eu^peqxtEn(CbW3TC9{r&R1Zb6Dnib;B3!>u+oD{wbJ{Nh34oLIb
zPNd$QJbj25-TvMDeHXz)+d|8t)-LQN9h(@ztrO|o<y2cgVf*9npY~TqX}4+@kh5ti
z9P6IWbr9M^-bCBA^{E-t(C)Uko-KKtgM@zZ<uM}|6Tj`7!#hiKtA!rFBI8A|Ba@S<
zIaVrswHKPH_C6gVIj8xjaOsG@2TkV-`5)=Yji0em$D8YoWR1g#lH~5EpM;W7v$(<a
zq-O2EG8SB5BRAU?lP03<+oa4x9t3KnCo8vf7}0v)M5*0#+N)TOi@I}%>|}-Q=r;Qj
zEIi_B<G=Hr$*IoX^G++@1wsg3UYX6V?dN`zg|gqYywt*cNc0pPDEp9X>b|Jfj2|GI
z)Rq*4FVa#bFICoF-VWg2F}0=kpHC7VK||P*K!P+>Zgz%&J+$HE-U_T;5`_4>1jIOi
zlnMEW7vSFyJ2?g3KR;XY-C*`fe3|AMxHtM-^4<HR6H|q%c%ik+DLl<)?mzz8wl@$l
z!SiE7vEkH4Nf4S^E&18yx7ay!Ia5$9XNOg@V0!B;YHrcHOa1$-SJrMd%KGWF^N>|X
zUWt%%Gr*`xE95gR@Bhd13E4dD0&?hEdIorze0F3;)vS6tz}~)Rb(<%}t8$5<vbmrT
zl%4fp1_Yj;HAf~o6Cvlx>^u3}`;Wf1=^F@ltR#`!N;)}-_taSM@h6*?=<dNCVkbT<
zSngfFPM)fOm83t(sbDVYbFD-z`zR^e`1V*;+?F84Lwp-8=+)PkSRayXn)X`Y(7DXd
z{^Tsu!ngjx^d?C@@S@r!={$%aW!|vvFJXxHQgp@>p}^sF4|l@;#b##OJDJ)3h4WqN
zDKYthx44jLOZYQcTx;{>Qa)S@6;CPG!sFxjT12wna1IrNx!msTQ+l4WYuD?<cRYzD
zS`aoMI-R;(bUauDZ`nm8#OSf@7II`ogjcy!J3SrzUOV8bu?d|>bQX%mA`?7r(&6Mk
z7zoN8ce=zcz0*8KV%vS-aw|zZ=d(KXo6A#N6boe!nIvx#V(3CR>smXh;#Qp3WjRn6
zF-NN1FjI{0xz`pE7|pXN3bQCgLo|<$e3XBX8@r;X&5E%I-(>4Pe=}VpG(xU|*N^Ib
zg8Qz28HIKO4_8@ObdTVCe5y4m&pSu{$?uWo@^x_9PyFvc^Tn@>EN$+Ss|LQgmD#NS
zh+nDHElM%&C^S;1#Mf^&pIER-b*!OC^VGD6)^y_z`!ra7^nR>l(Y9O_V&CgR`>)Jy
zTC*!@&e-{7(^|9cPmH&;*MxL4MO%!C9hNr;mb|#k1NS)7w_+S*{UJ4%88y<T@pA6R
zj*agK`h5RUw1isJuYdYkd3WgMP7BIN?4)uMoR!c&iGI}kV(H$lr+-mz&AA|dv%vUJ
z3q4}ZB`Ay>5oQ$9EAe&d`UGNXP*o@7xh_x8%&oxH<8GD)!OlLfIuuT6Hlrn<juHq+
zP2=eAX_4>H2VT8^Uc0_)l}=q>8%T%q$Uli!3X!VQclmx}O;Y0Z72+$jkA8${K^W_<
zbxOj;)pmI=(!1d*oa6m`fWMqWSW<{dTFY?YY&oP>%hX~Wj>N<NAu9a1Iu!pAa+mnF
z;j?=1hF~rH0qX(s82uub_4e}fY4dvqsyp{K0}!U}(t-<vQG(}HMyM=4WB?Z-ct@bw
zBTkA*e-5~b{UW3LPKx2}mqA=*A>j6`|M!a<0bs{+Ah93RWRMRaPDzp_iG{2n1K5t*
z+~4R$bfvtt>k6m)w+)?|xLTMh|Iq?^SdW0mte_b_;*qVbz(oBThGjO^)GFA-B{>nP
zxD<(w?9Pv*4}$Po5_}8={c97?Y5*UaPek&a5-`^Wf1jGoc8g`x2=O8eO(;U8?$&E%
zcT=;S9OyA)kTzMmJDCUzx0d_L&!r@bxMSH3Rbb8J!6ttL@|;JF;_}*R+KnHff6sDk
zn@SOD+i7b&t?1rREl<$ZE|7@aUw=qNc)a&J=A3R;Fh?{d$I8$CA~CCFx~=>8_sX~Z
zc6B<T#Qm?;RUfQ)lAP5Ff(c!6QR-FC2mwkm^VgzNj&Z2P4)DH8*MJoAbpCeV@*Uve
z(i?_RR5h>n16;s&luxq8l?ht}|9RJCq<a>|vkoyRm!u2-&GCImHid#ITJKsN>K%87
zmtiUi<B03;gaf4ty<{$)nLe51_=va2Hs!Yc(DIXSk(bewJrfsAd|4sFZ>}y7YRdW9
z^v$yPW2&t4Y4~h9V&+THVO!%E1+K|wZ|D0hHH)ZRZa>;RXKSt-o<npDzxj;hw`U)6
z4c`v752Jrica!|fheNr`q?_zslcOkST`s(P-YY2gSiNPgNz!HL%XdZctr!1r6$Eb9
zVP8#{(2Q`!HtmHA&&RjfR*=wcV~Wc?EqB_lF+-DAhZoJv3EMlmAZhP}fyLe%|A1cW
z#GS`?ih4QGdnopn30zhnKJmOO7;I38@b$8{fia<&mm8lqTSv3*yc2oQrZug1q8$?@
z5qfx0tNW-g)y&O0M<hEqI!<R=>sZrbrh{y1q;>)gTupRCmd;xhfDKb_O@HRhfI?3J
z_6pQNYSrarm$>%Z-kT$l%h@1}^IQQB)_~+0vSOD><6g;;g!bY-Lq>1K+v$+>Ac#!f
zY3HlP&sncEkuODxl$cj4p$Xh3&r)?9sLQch3k^}HsxdJ}TijN_O?o4>z*iTqd9gZ7
zf7yt0Mk07ERLY~ivEmqr3OCi4#u8PxUzCSl69#YlPpezLtjIZ%%|5DYG8;sg&qx^Q
zs<8cCWO|mu+QLcyZSSl(ahLyk%keChN^^2A%5c7#p4}-Vg=#U~mi}AnFBA_gEIgUL
zf(m6EFWAwwK`k`9YY+o%+N~hESGxD1ukxH*pJbcCp_XSe6d$$K@rF^BSN`PRzd*J@
zd6!qHdT&NlU9Q;D{yg@M?kzKVV-7jgFnWf2ryF}(6_rb>`f!MNjQ6a(b34AqkbmV6
zQq`#EzT>ZY_Tc0^-Z_Z7m^}5&^`vU?=gu>$fVm%cL_IO>?=?YtLq=vg)0DggfpRh%
zbpwNR>?}fK869{+AM;`{H}_(FN+WbWcq7dA1WvkvsnIJLW~&`stq6fIN?zKSWJm>1
z<Z8$tiHFBGRz}O@RUy&fG-7CzCJUh~{gVEZlv>0i(n&9ZsSM#Mns4j*V)XZJz&yl5
z&=+RX{f!H^SW|Owqu+ljtQ7q`TSfVtO_}Vh2nTHc)x%4V79F?tr|mD*M~01_q~^<2
zA)kZqDg>z{TO~{oeMKWm8rL<hd&F~AOJ-Hbe_TRJ<h-xgwdg_ev)awAo8MJUzF5EL
z?P*3`hQAj;p%$inx|@n7+9;omA7v<Av)A*RW}zmQAY(X*QaifuJUpq1p|==A2td#~
z+1;iiXoHO9D<6k57Nzhi%wu4NTF)yq4^|CWo&~S>)Li7Q5gvjz3S<qm7V^7eo8&&g
zq00Uyx?f*l$tcP`BltyvXWacO;<-hwp(f8quc(EhQ{J5MI>VU-k7Np>f3_OK9}+K{
z7qy#TCW^>fhXPlBBbbc>-}PFRtEC>UH_hZ8M-7eUFg>7H-8vuEbfJ*V$ww`?Sw*}W
zX8cGv0M7WQI(D#)ZqMH0A?qEnhQl16sTb4<dAR-Lx}TfPW94LY=#JnRi>D@R7<kXv
zJ>m9n@IKNzwx@$RKQ#c17`UlUz>2w1rLTE>naKAEkU2{*J5O>W2E1Tt3|YK-k1p)k
zsJ(DL_Pt)g`@r_zyNMv5{gY8wsG42y+Yy1ih7h;F%Via&@Kx?*<%cg;O=L(Fb(B3_
z*y-q2{a5gKi2P<y)bcv#W}(D#I)!&cXLExEw)SBDv6tmRX$qKx&W`WilN?Nvd;FK(
z&6}!axtjIZv=lH|Vg~yAY>Xm4G(H`2N~p#5tghM`*-&Cz25-He26!W^sfT6U>&>*c
zKwjcgJ^Q^-IW>m2meh}Lq;|y6&fY0f@X#0+5;<W9c&V0yr`bE9_16jKs0TYaStcnJ
zHAJ$Duxgw2GfSXQplRzZ+Z(0+BW$5j+&j<Jm=9mQhJlbdMV=VaUK1qdI#J;5D$L^y
zdyV!RzviVs@6CBV;$>T@bai8ug%pQoT`MU>#_Of%L7r(n8gm*|lP(AGIP>-D2V=jN
zGeXovJ9syekMHqI(PfKhrWn>!MES?GD<Iv^4f#~QR28>368BD_dUoqEGp3`-cAa=W
z1SxU08qAyZkP0a>2jw}K!cM{@?aGpFRf!vb*c}%{xQ#T9MSHRHyZy-l-Cg8*hNqDV
zRPCr;Uy)~a^+TAvino$9zbR(!fj7vEUP(Bv_t4P^jJd(U`5`R3(8!2W<j)@jP9qL@
zLT0eDCZNRXWIq1Vo(*CO4cQT-;1&kae6@8%UGakp?j`)gd+(<;_*#U%lL+q)aijOO
z(xOtI^8mLPaMx+kL9FU&l0EggwF-30XGRyS3%YR30$0>8SU|mAiMJ0`e(0vVZiBG^
z8h$aIMfryx?IL336E=@^YXc<3E;FycT24=h{)59)*H1gJc_94GW55mTK;A5biTqjb
zH=Tq^wq6hMhy-vP1pfS#9loS=6stloRt?OWfB@W6z`#l@?iP{Cb7=s#ajwg4x@iUn
z30vr?636G9pkDiPxv}BOaErgP4rI^vD?)@ACG!VmgD!K51gX7wLpE<Bvy%wFQ6fos
zQ!fy0bf1}OQCOqFFED_ctTV_3u47m_?#Yt5tN+<2Anp$%FJkJqDZH3aA&I$Gbv#Y5
z>J0eG6@lw6>Q7bme3ck6WYY!6axCImtZ4XV3tdAn2B^vdDR2Lq5_{e@NUZ)+P7|T;
zsQtyCx8^SR4AbOGmG*~9l4t(t68&lSDZvaK>SIsHC8c@)fM0#6KWzCf$`YJa;7Ol!
z?mQlAY&+TnYP?gDgYb~A_5vgtiRrYKZK#xfhP!OwLP|ia5sWC1C1DX)NI0P{^O1f!
zewOS@;o;vdv|Zmp^wN~Xq022UHJ!|PZRd$~6d@3-59Anrh=q#A3w}>)L;d|JPYVmv
zRdbKuCB_N(@`S3Q?QKx7;jKeNPsF0_ocpXi16PbyYH5)tj|chICmA;DuGxglN4$or
zzS@DOWR~h*u8BX4ptaObd!9}$atQ@GSpND!skT!_Q^CXrw0p)yiVTMZ0F1D+!!A4p
z#iqoj`q)kRQ-tacQ+EK&o?M9ICTAu2O5<u?8k%ds*_^qq+?1E!PljTml)_cr-^8yd
zeXcfAz8?`T#(ne6C5~<qW(wcknSRx)zlWWdwO_I=E&FZDVDY-nWhYv?-&8<Q1`QmK
zR3gi3OLZKf((aVr-Vaa6dd={1^yX&iCBhuD0^Cz45I}$%9mCI0qh-H6zE$_B)Bs^s
zy?tg`-u{=_uti}~?)o`pK4OEA?^JXh-7ikzc1ZZ>(y%-FdSZ4S511dK%wuWt?8T+M
z{N*K_Wl|Mi$^Ae!X#~Glqd|qxrS5FiCwpOc(O5;=l-?%;S=dGbNvGUlIVR#|=adRQ
z#2!9gzl?XdQ=?Y~bK~*Q){fRSOL34pQ$K_a!9;K3m+4Uk-JfES?H%8i5>VIoZq2cU
z{0YY{uZ6ymQZg0CY1dNkefh;+&nMLi8dP1wWDq^;<kn>}Ucd6A4UMaY?Uplb>i{qJ
z>-3b@@l<a-+hJv!a$32H?!nU`pt|ifQ58839{IQ1Mt}uPP07)E`3&$9!vZ^M=Q~Ur
z;c3u=9t}Cf4h{)eeCr9mq>@2_@-~dEE9`$?fe}MtHIO!&{cYEBr*&*7_R<zl1^J&=
z`|WYS{h3FCMh2Ui!DK?7`5V%GY$F`crdLRoutC~{Z+QA_(Ib4ZBY)Q7S=2ihi{r;j
z!R9sa6Bd14)g7X1tvvsrZ4}@xD^V5Q*5bVO4?TDkHT3LRz5uUvNsp2w1STgi9mdj;
zknuFe<%G^B0pihkAS6NKcrdhc%r-}XDfPO_;kvZTMM6RhV7b_`!i)CB1!7FEG3dNM
zHbl)+dUj{CtKad<MRiB*s}ehM$hL$cjo>dvlx(=`7~JZ_IWW}FT1t!jJ~dq{8-Zyp
zAsE;;1pgC#=GOIyWL7;y*iWWXshA!bMcb5*uO|KaVhp>e`f}|qya43+o5LphHobyM
zvKQ9<$PX{X?$;pOdX%pJTrQf@54G=cSH;vxb?sedY!|pKcd?9gs{VmRqBpc}EwJ-4
zXKdK%7GInK2dqMAHZVjD$f$IC(n`&9(<8O_u5Sxb9n*;L#Ox9^Qo-#{u#UnuJ&7VC
zqAyUG_4nFC9z44wGf(K7WQJz{PDmvP{Dx_rMpxTGDg$qN#Bdfu)f}ix9%gpIJoEH#
z`_n*tA#R!j?Vb<MZr~)!a*79AQRE8Z(tN{o4OQqQLSqZo_T%<a6Lr%ruc45l@Kc&f
zbB0P7w8S2<^D9EMqc!gT%>wBEvP8F%bTU+jSbh2dB6t6V0W;&22PmI=(|6l^dPgn1
z7iZ+7^t$6w9K`V4QjyYU18U;cl>BdiPThmQ8P!Uf5b_OE1XsbC*Nv&?&ekzs&0TAX
zrt6lctI+CAGkygCbD?7HJ+k#ZP;l5C>PA**J^V4wOJWZgD+#;Ex5KV}c03k^-|tLx
z%8h9CRH^d&t@7T+`NzqNj5w?klyDStpfm}4g{WXgVvoZVGkzZ=@NJCB@4u+gS|n@~
zJv(9ftwr2jnAq-yyvfp8F-3<d@f+6M$fC}s^B0ECJ)mkHj1icoP-N0}`6`ovRQ`FW
zKvLv-n*3ug=V|syMr%2gbq}H5wdsDi4SKuFM^sC?l=~+m30<?lggxv>^dCUxkaK=7
z=jL{Q&XOpkg&WE=ytLUFxw+z37x9x4!Qa<n>=6yWA2R_JA;<LlAW=(NU+kgq8NXzD
zE3P~Rq4&l266F`xi}rIVWBm#u8SLixl4B5110jHJTJsC_OV2mpCDE`^>lHn`)(g_w
z9FjQ7j~2D#LO-)`z@m9AFqVOPS8;+{zRH^l(ui_kKta$1(XIamWPtrZ^r`nFfO2}=
zXy3AJjhKj}K;at&%7Ue2+!L<wvNs^Nu9lHfoVC2bWIM=$26=Xib6&K<S}{G5sYayP
zdUG;e^CP8D&1RlOfuT2-W7pNI)9f@a)jNp#n6+F$Fw@o;#m@hk1S80&t$m6)?B=8+
ze!KqJk0Eev;llSe9tR1#lf3NO(Dn=0Kch}?L`qRTxoUr#|6h-KBe>Vz1r|3vbO@>R
z?D#<5isP>2pF{dn5v6OjUK~N>U-;91svr3*oXHLZ88pkv5`DebDsRo6A4O2ws*b)r
z4Xhwc1rV9k*T?5cB^1BHnF(7#F;_k+hkgd&mk&!CIHYkF#8zNDan*GiF)m3v_Eo-~
zTq8_LS|Fn}=`LaH?f#aQdFX}@uz@4sx-hPk%{lJY0B9VOpk`K`cE3-p6r}VOI4vue
zYeL)CU}G-1%zbTsLgOb$;q$8_-Iw&>oa{6iMHG6(KLlx~#_Q^0<&A%#%}KQi<!jTr
z*n;>DgZjmO(W-Qlbf!U}xZSl$U%U)Gd>NFHnSLI_@LdMOyJ2gCrky=HL3=lSWA*;Z
zec8T^W?Pj`@m8V!2-p|m0lnq2$!klPQjpPeWl}?5iazbWgmGtzQm#U-d9MCWX<z5g
z_ZT5L4d5k?RsW7-Zw+ouQ!(Yz3Qn+hi2!8>WPyi8?g?E6+SVCobaX-pCp=?#v?k6u
z3VEncDRb>Gfdg>t#W}aDiWlWqroubuv@=KEU|B9?#Pqs!rjZXWanGzuN+HZ0>Q<wU
z!A?Y{@n-`au>T^+ol_CTNo4LqroI=8OIzX)Me-D;pZhv*u3xdt!F~CB>Q>DX>EZcv
z`)-b@zn1NbsvQjPHfwvG8z}IVw_SP7!XCElHlyk=Bz`1wRmy)L&zocDf<us(Q_<49
z7dPe^K;i47rdQ;wGXaxp&w2bitnUdF1u@uu;mQUc@V$w-PJecjcM!6tuMQ))j{OCz
z`T||>yTLo>Z+u*3dfxz-FoiDocZbnGj-|WeETmkStie-pZnjWb^LhvN^LfJB7?kz*
zQ8iZF#4+D%KBF$}$is~7&5|$8FcZ%Q=x;_@XPONb&6ia=W-5r>Z~y!`ga{r$g)jJZ
zth~0fz8bbdNfWdOc-qHG_dk9IDr&ndv&RV}RuSDppXMDvOkgc%so%mw*)r&v)m#3K
z&`LM&H+cVpXB*t7RI$0$$q?EuL0KG78h%F$RFD4<z8}AUi_93LMoQ$RFPZ*R8zH|a
z=~g}S`(u#rz{(G`(5|EBW|7;&*g*Mp7SlFJ5Wel>r)B}c3w2g(w3%gc=F6|W+Ipnr
z8;DeQsRIQMO9T{x)9(C)nw;<U`Q#vT+0>Dx`&`x!csb1UuT>1EgGJrKxWjd6V4p?3
z{cGdn<#~lT^V*2QR23DqNX`PkUX)+8UF!1vIh|%XSFU}<a#6u>E`ipDKXqUn3KTS1
z5#*iqSe(5rew7ScBuIXuwWMCeTWF9Z@tBAHTg|V&Jq$aWKoxp0Ng%jm!3S+M+y!At
zu>k;WnN_1;YlHXD5Igv46mY9tyfaqBYXb56j`Jfp6BPuAdRdYoM7A=&S}>{|?bU&f
zV^34%8&P{U_rg@{vIDXGRb}kab<G&oVRLuDf>ZhiwEZr<={E^H*rr{4MColB?2ZxD
z%~AGwRKy+nr?3SN{ej4YF@#&~8r`<%NHdU^|0*H@;kB;19ZF$P&M98mw{4wE?b(@U
z$17^<o>A4D1#C93taWnV+D5Fg#m9-IVIyTOJ)DR`X6e8C@mqNHfl7D~HJgI2wU0sW
zxkl||hqE-SQfJ?(ZMUGK^aT@5NkM~%=Cbx9Xp7Kb6ZSh62!Y)G<%mhUJ}ic4tD{d&
zsNUk*wH4>>$Mz40=fL9GHjqx({l<M;i|6_4s9CIe>6IOyMu&pOKz24qJjGU@&V`uH
zslLmQmJqS~{fkA7OHoTZ&+6O}#7urMMH*K~TD=SDn9lKPr@Pj*p;jYk1*`~xJhK(l
zF7H0pF}1<#1$<67)j!J8D)Sb+RbFe8V(z#az?}|mID@-M6SZU_jz0V7qDVk5BH@gq
zAVkQA`<T2(gq-`D)0j@Ost*->WjVqn?Z(><8*$~s_O@@}E^^zozKia3uvc87g8)-?
zL(84bf6X}25T6|Bo-E-0nK(hI`O%&xi(-f3t<b?k@267hq3z<2TNowU^Usl6oO5tI
zfi%#i<q~9A+#}E^W(f73EAFDoS3~ktBiZmHrNfol^s`)Ti-rbmvV`w)Pg&Iy61p@R
zMptS{WN$HuYr}E6oi6GLIcKnzlVms)Rw5PpwcIv@oC+qMBD4fXy<gGQXt~8U{$L)7
zD5q~dns-GlF7GA^OiRXSBXUEdB5(I4EU<}p?U-<=Q@Xp(VG4#|NTIlkcWyMRGGt`h
zoEDK9+C!N|p-<c5W<RoH5{&@ULO}0C_2#ic$O^1Vax<pv3-}#-(DzlXl28vs@Bc6?
z*qQM3;-Ob}OJwl5h-bN^-3K=m2;yY33cLc?|9;7FDLNUQW$`>$w#^?DSRO^TS{IB7
zgK3QH=%XGb25@c8v_OzQ>D5U0je_-e(~8YXQW4Z|cdJzKT<rYQ!29>w;n28p>{<}1
zhEm;ED8bQx8M^P|FKpiNI;lG93rijQmR%Om@T12Rj)?AIT5Z4SCVO{gCnGdCh{$$#
z9Ffm9QHWlSw-GmH@-4lA(4|_wcEY3wOkgH|u0iUDHe+{R<yygqHxxc>{quQT;;0Z6
z`x>@3r$Oz4{Gstrv{T$QVBUY@*U}uDZyVYxY+7H75MNhSY4YOU+&qi!W&=;z5<HwY
zqn;59+3f+sSQvJm6gVD34%$oU_eIa=3iilNOeAEm93;;PUkRzt`}V9u>*f`)rT4mL
zmk*HJLv3e3I{S{@$(=&ybhvU`w9krY>pMJv`i6<!M95*id1fQ`gHItzbw`PeMa_iY
z;L0qrQ&Nnh`p$H?w$NjZ=G<SdokAH2W3>Dv#rHQa_|u!P-3X>V(6lbV-oVJX#pA9^
zE`Fr^a|imONkjkU1Gq`zk)Y--6dyYW$5$dKX@JPD!WL5Yn1t`2(@AV(^6^$>QSE&x
z&xxx81!qCIcGN@{%Q{at8|z6&Q05--w9Nr`J>Q@H)P90^tI$)gqKL8m-13rV)3>?y
z!F_x46WHHu>`3;PTT7mCulMQfKP`Jsy4s>MG1ugU$ubg+3U;gYuV4FZQ`QusCQLy`
z<>S_0ny%A*$4}pq6EDw)p$ikZ66vXA=vm&I#{CJAp&ghLJ#I-+_@ISDr>Qeg#O%uR
z(gCWi;VxvT;_84W!WQdpJM5rnFb&l5)zzW-@H0E{HB%Z$dq4dgqC+-dZY5zBkN&hE
zvD_&_uIgH={}=*&*m~hMJLt{`>%?Z!PAho0zFgQ;6+~C@Cz$Da-7cNmv(5j3*u@E}
z$Ei@EvHT{LS92Zy{Jqb)=ID-J0R@7Y4a`aGzD0@0<t@8LTaZV$6EoKa#G-fRI|dY%
zVSRIy<(TW9+X(TOPDD_<5)VK0eBJ|Qet$+yG_1>z5$o6}=ptUByEm7tOM2?az;WxI
z0Q8WkpnXl^mWBV8H0lpS*7!lidaf|tm4@ebkqgw9I8|tp+l;m@!0{l%7{t`w2RWfT
z4LjB<e*)4=*C^k0Nzt8@x(gN;ckw*(U~?L(s2y&GITAb>omX$8o-s)TzK(5suW~f!
zGJHJ<aL%<bj97ZO3SkT97>#^VV!fPW$GPr#t<QaEByGg}ZFH3tlQe?Qw(P>2BcckL
zt|G49jw>B8U*gaCGTf;!ODF#JI)vT#hX?0{ji^4@9;j2YcZ#MK!aeYd04yv3MT_Du
z@zim5H;Op@eZs#UPC31=IgN=f>E!N@29{f=Z*OLYr%fQ3`z;gAw~xjU268sFjGDV9
zqF3gVc@>f=1J5A`tMu)!$5_2}_evLl*tMZd7tm=sJSN{}6x1{Re7CNvYMy2d9@e^{
z{(DDwz>jk?m~o5G=efo<nu9cT9vzleDh9DXujeS<{w3?EHJYgp5qB7a4Q>Z3!+)8$
z&}{Uuw4%o-Wb*eejFy883L`k_k8YNajq=-iVec<EbYK3CY6$+6a7e?Z^VbIK6mLTm
zr{|%}1M=mZ2U&)tjoE&!5o3SD#B9BooiD9lpRK9DZ79<IVRdxmaycxk6b_hiDutY-
z`R_&5!TJa2mB;m9=L)D~hJj*wb9f{J{d_?@?%Y^$>c>djTdp-k#WpCbxih4DCE;po
zzuUNbI3A_A2M!J|>;mImnoo!NfrM;pRv@z$rT<8&gK0K0Fb_%6-@Sn%bjMZwEj2o$
zOft@OQ>12B+;B#CIfhf(Kb^%G+w>B&?TV^n*3c_hSp7dX9E`I_xXoSU1AC2i$X1rf
zLT}}JHR6ImPmpuW?E}Ov97;du*4U`i=Th&^J#99Pqy3U&LNqS86~UaZ6~aIWus$~0
zc=_rF!jXOGv)ww8d7Cqdi8N3~PBg9&i{xf19NNt-earocT;snWuo)RN0&^S)-Z8n0
z3v>2YDTGakgZQY!4L<F@8A95w%!A)tbN)XRBu&JX^)<nXcyi+nmsIwsmgtHloOzt-
zjdRj&O8&O>wUtxm&azoU^NZ2MozH}<-+9dyIC#PC5X}Tk{|P`Dm!Tg8aK(WaAeU1Q
z&$)eXK0#@NANJ0AU?YfyWB4dNHBnYI_Q53#N}(XB<OA@<h^Vl&PE!qg;?1YzA@ElC
zJ1^$~Smh%1+WGk~Y!@yXtNsO2HVpgP0et+{c|RFF_@37(yx(0rBVADCtMkLP{2bEN
z>mCX2f2I+jdMIw@=6kl-2*_{rKWM@>c(XI+%&#hCmIW3L0ZwOf{-Udb#UuP{)|RrI
zxj&P4nt&)M=@lSs`*#e~U%5--rjbwleCZ5s3hLwZ7I1o>P?l2RV?l8?OT2{m2U+wR
zh0V8DQeekZfd8z_%hJ4gb|+ZUloUNsY#1>|p)Q14uc}ffZ1i;3e3z(oji(d7*U_x@
zr2{DqK@4<8c{Z>DI*1imFQo5j&v|xaCdzl~;ud66e+!NLP9C8q-avX`GMr{D?+_-v
zwn}&8v5IujIy*7Zm!_o!s?b7#@no=SioiMVYDGZ1nQT!~Sm*1u%`ZMyZ@6{Ibmal?
z1w1g`M*LC+TB^3c{&7DsgA7Z?nqqdVyPZEJqbP@Z2H1~rmXdrMzfll!RltAkQO7R|
zkGt@y2#`g}AX$AsJS~|AS;3)q;MSu`N(~*8hm7qttM=4o3jMo{=mDj`LQ>ixN|Wm?
zA)C_r&V2@dlMNOZJ@)8Q*D<{L4D<f>_r<)j->ho?C<sMKo4>u5d+qlJ`Z47u4ns{P
zfA=NW=XEj2uG0Pug{1fn5w)aX)#fQ4&jX=TMc<n(58-CvZ=ji%uQWtw(9$4#gm0g%
zx{H&jIa4o)(t=|drM;|wS%P{yG82JL#Fcz)h5I+6?%gvAP1f&)e9$;FCFl_XzRW<%
zC^Tc9)6LvrdSZ(4C3(JXii;8qKV!n69yVPZQtx79_82>yP@2|%L>P)aVXOeBEbULQ
z1FHf2VO~QR3OAE`T$Cuu7y5ZfL+Zc;haRm1->dK6AR!qD&Fgg`4hUIlqVJzuB9a9S
zV?Q%WkRkUQ)^Q;Z!#@jUVc;|1Hpru23euT80$DO2laa-f;MtcQ$nEh)I|NRNXBrXk
zo&euQ{QPd#MnpD-b5*qsa!LLy1-}3Rsn-)2g{rP5t9wDgCXo(ohVtK%3h*XyPtzK=
zS}E?BqV+f^h$&mbNLyvad;gNkx8H4_oS%qsAfAUpbbee6=XL&j`7KXcwB7qJE9j#r
z)2p(BY6Cp2Gqhjsh@&=43)(Bs^4Zm3D<b$f-evT2$x;5RTE}#YtY8Lf1f6PLb2{Y+
z6fb(^>uuft?v*b_wx8{MBud_C@M63lXs(FsCZLE0%3wKrhwd~qmqL|&JZ5bTZ9aac
zyg}-3CxU0fqqVn?#}M}pPBT!RwB9NfGS{*(|LzDe-L$w?fbr~(9*Og<Ujs*{5X=jR
zfycktp8t@tR1JQJ&p!SFKwQS=?4EDIUE{@wHdSBgL-rQq{PFD^J)=>ctqurYK5ejf
zP?Q`0Lx1x)bY>d<St$id0|%5YJuZ$uzWXCqvNz!EKU<6*h)jg(1>&43CO}sT7*gXv
z&7yPdb)F**P?TN;)G_iHcE$F%{xQ`(0BS`nQAXJzH;n`(tdCNinq-Ic_#3HbMu*L8
zp9s{#OKiKs2{*xOO5L5z@bVKqLrTN9&r9kCr;><9&Im|~gTAZW0egyg__E<HsU!;d
zRu_M29%*>}6YK!FmPV;Uu-y823^hnZHjzgz5U+UDw(V;^H-C<23%LZGuBLTJQWC@_
z|9rLjURnhH|1S!xW5K17V26lakS-_4CwS%kbw?1&4>~hw9^}+x5+cb%9sk6vP>d8{
zdRRn2ZzIYm^E>MQy@93x0p8~971K~>ZCM#$rI|5P2+-hvYH!Sg_?_zYg7x#kB^{Rt
zX_7&uOm&UL>ye)hmHkhGpDC#Cs;U)#KC)b4I9nC5&10-}ZPxsFIrJ?ZE$@C6Q-pz3
zl?t5<^U+EkQo*-iw<_nX4WXvb{@fQb9q^wC?L=@0$hC<hECGGs0hnvB)c2IY9hgoQ
zA-<B3Fpu)J4thi03j9FGCVvCs32+WZ<%i0pAVc2W>Q*hXCwGQQ<o(N3PsS<JI4#JY
zj0`8Jb;Jjmh!_$t0g|NuE-uN0k`)zwn1|<hT5yayMqwZ`h{s$#z)?#CZ_5bt8?rPJ
zjzfgaf?bXVVK(SuLrh@FyB9n&^LH69F*<7%jGV(QR;tv&cAFaP&;_gPMPJXKioS&;
zE2yo}HCIK3SRaj|>iNU<Jh~N-k^N~^MpR21r!!UBc<)U>urI1;LWNFxOfHr}q@hR`
z;y|sFxRxfSc{p_(eavE}N#J&{i4qx&!LZE0zr!36zN}BkEGMXO@E_0upgV(Sq7t3#
zwjchjTt{Sr20(WYp97PC^mp)wM)d3UK7%P{SSV<P-<yN3BOZtv1BlyJ?=>RW&)_!!
zF))kd>0zuX<3eKBd`yw?Au9G$oWOKt#Mh6xZ4t_JhaY3y%LPIy<1No=o4QAn0$XAF
z?z6oWC4VTqRel<<ss}yRX~=qXtdvaCY8q;HU+t)8PEDQ#N@Kfni)w~Dkbk+v(>{T!
zxl1}k3Qr+d8Ihbt#UvfCAg&;a5tcg-z&;?IEKXFI8CKB}U~!-vwU0m!0lAH63Qq?$
zC@ugw|K!6TDUhFAW!+ux4D$RYpJNaB!fnMmF0Poq3;okRm;7hLtQxjRdUOcu0q^#T
zfUii<L)4mIDP<FaiH2GaC<^L_5#SFf>n=WhdjI%T!}8`5`)jHZHOykq_3rpHCZij_
zZlLVYnj0ne&pBZO`5a<k54oj$PMl6@S<;4I{blrxezN-R8P@!!#P^%>w$~t@-t_7h
zO0fGem+yC8rB?a`ThbxXU5U7oNovjiPc_qyp`1Dw^V>qy5)^iQbKXewrr`_fl^qa0
zl($_s#J+95K$}6Pp%Ni7-HRxCc*stnSUDhiflRUv^|d4#>)8y2pEo||7T-UlcAj-^
z?h+yD<8m<28MsQ`UE_{R^a;f_h&MN1@by{vV;_<BlYNbyueRrqvi`d)Ob(3>^(dF~
zOh05+#H<>=xA18?@qq`o`opQo0J|U+MI-*JEz4e{+P=&4M0TZ5*#6X?-&!|rDI}>Z
ztH6G!h73}+9t842%&+Np>>og|yL0m)h=D5<P0Z5viKoa=^348|=^^(M4FcW0gd~MR
z58u8w?PJHVN3X{!1MjW(1(2X**TA0D?h#R<7Uju}W{?~ijas;pfA7A-uCflqeR`P?
z$9a8suwVn(3!J~6@GjwUle_?xpLQ;0=o#L-mR09F%mI<E;}efbbF@Qn<b1n)?U^6r
zYlRkiW63+>WWA`HydHckQykdG9y7kAPUlfXD~&h%V>_idv8D9QETAkFqQ~_33R#k@
z$JHx1is;v-5KY*q`*VRL{TgcG8uNquFW7FM$qFH^NfjK*k7?7a+Wolpuu?|B(V<WB
zmtw2~?2P%z`STjO%zl&SKpzD)AM8P5n`A3#<JNL_^O!>nvy^nfg0s*w-3zVMLzK!a
zH#rgf_h1{xux}xgTVhk)geiujLsnu%1DBJRG6JO36=RIVm~R(m20@AZrE;MT>7M|-
zg1h736VRCKd4ihwpMg3-<rD%+bU2Gz3{Q)e6wsUXd!jZdGg5}AhfAZ_CfIj`1K0y(
zkZUerkWZ#5B1T6EN#zO(ICRfT;*Z8y12Yz!_3(w?qM&X97dEzP?r@;O;*YsfJFG?B
ze=0$85dWma^s>36{n_dw@%(PjFQL4Vs>EM5m?8F;@IliBBWxt=(zWFd))dH+&VTPE
zrT1P(*iY)Im-Ly~8PnTyR*%B4US#h5_Yd*uo-!8?*0~Rwu6Uj?po>HF;~{D}q}P<o
zuf-d;T<M#=W|S=!$F_8V{!5*USm2V&N=Je$J5<6LZ-}d3)hDwUzD+$AC9jen+w+p{
z{c90GkuR*qSGU1O%8zcAf|CE9egewl$-9SU_lQlDbcI>{(+xS-zs|OOod-@ILIPhf
z^2|WKqwZa%l=eYe+IS39D;fhGyY(Hmbv*|ZRA>C@nJmFI3VcAN<8(W86|2%7k!t@|
zP1z0xC0O=)Fq|`;;ucBa4SU|D4i_Cce!z_B9zS5)BhO{)?YVJ>cV80cAI*t67~mJ6
zy|TWUh7m*_CG`5l_TNd4mi33?zsSCLe-Vw-k{2cMUyGn@6S)U(FiI1ZO#~u@50J*x
z&tvI$r2}}VW(qN`2)<sX=T?iwwG^O^V2zcH{j2gM^?ydAZ0!oXmwyzNnj$4pgt+XD
zegE<+{D5Ji2KMLuuEqmtvNTy=^M3oAmyucoQ-V@PjPV65)oeQ8?WV1m0o?Cw^Buh!
z-X%E-W020P`FM5t0p(LU$(b?k95NI(f<@G8pLL3%<d?>kJmiBCYw83zz$RI$U16|k
z4YdXyii25y;-B>b)R*Q*``?R$IZ31vK}y|YT>?J(GgQ)WZ$@Jx3)bwp<7v#7xqob4
zT=hq|C?$L5EuQiB+p87$<cxD}e?_g2EQFj;@>eSlU{`M&newae9cXM@Y%GW9{^!U=
zo&TpJR!D7kF|ydd`mw7r1Fzy;aH~DwqZkK@4m<+&$wmRSUqScmbNwSHj^kYaT6R&;
z_@>Z;)2GQ!s-Ni;H>Y%lPSWI?u6%!{lY9H%%X=eBiZ6t$A=1G%VxG#6s~|P2=>J^7
zcqLfe@YtB8YX~d%T;D1VSj!9-^62KKu_zj9BlaYOZltia-{hYjQcv`BlS3|(4{kX-
z>MC?=jx4?T?B($ic_w=Cs8UzM2b;&4DiCT})A1+9#Bkmsul&P9j2A`*-}>dhcGdep
zgJmt;xAU&Y1K>PEYr-G1j{B6T!4yY1kN>{e%oiI^O)^VIGyz`AGGO<g&j0(w8DL_#
zrVHH}x|F|EVjXco;xN#RicEpz2JT(q>krGP5zYdent<sUd>!FOwPlRB2~huHkiQB_
z=eysHAyqov?g7gW;IpGA@_-eyYEkK@sE_!<57maMZVE>(8C!?6u58Cy`={oy-9Rc$
zo_bj)&1?CqV@K|<^BUh!jmiam4+(M|p`vH^;%mt6XS&@y6g2JwIeh$9W4{J`l9*TN
zD1uLQUWOk_QsTIe0>z|kl3ydwL2K4AOV9a)bl^1whV?r-R1~_~Wj$%Xj$NJl7p16*
zmx3CS7tY$Tk&qKqsZk{RCmk~MU)b{C+1NzME2dSJKIR#8Ha8v$=8zDFh_}gRLYRF!
zjJw6icjMeUM>TRmE6O!A4_O}o>y&k||AOoPgJ$0mImuvSQMtS+#<c2{Mp}&E-**XC
zzNplpjH0BnyxcbkF9$Eqj^n<|O&-JNKAUs4EEPqpt+f`5E9#|h*rV=c1!OxFtlnrV
zZ?EUli3l>QoA}6hh7W1|>apagVJ-9Oe?aX2VD|dC<Il&HVj4I)Y`V(7UOMKF+lq)5
zSMy6EU!A&jAK(P*&S;mi+eVav>!goB2?2cw%cac#bpXjT^co@?RN}}{>}n0~mfPVk
zpGMxaCVTGKEa{Q=-~N*MKbsH4zkSlSw}$X8>H%vv0i{_Hp6TwSFafWptzWo%lO$~>
z+qJN>Pvo8gHo+CRx2cav^ID~!4{^;D{<U+FeJR!N$&w0Zp}!Am_w(wD+Zl%P;!fWT
zq634Ca+VZc$q2MK4w4j!^FCam|0l)_(yd<<lgr2zC`a=g*6@ZRM2*aIcX*J>K|PdJ
z$xCe_DFbd6GpM`wvjyWIGZgG!3Kj#ByNo$ZxU&BR1OFElOjdrl^M`4hp}y=-C@BvI
z)9*83SpRlAu8$WP`z5R34X82(%>?Ki`ziiP?Eg71{bAthb=Rm!G8fM@9jmXlclNv`
zW&F0^J0@z9Kx_8}u}yI!9dUOF-s_*kEVj3>GO=dWOqZcTkLr&;h-IVA?Z8=tY$1NU
zg0ezhO}>H(0>2$vq+hduEqMNwDxUYqxGfDYAxasYiNyblg}B=v{ZA3!{X_CAlzwaB
z1e+Pd-~A7npg${)|Ig(77Zs$@;37%TDzW9{Pp}7o<Zukh^APq#vDNa~2)VLYU|LTK
zco4IKJRA%>gRE0zn-N77Pck}$jdVNoJpm*;v|iTpK1kr_m+r!UrhFA8n+kplTz{(h
zn8pP24)e#D>*oQbjBv!erDJ{U+TttkE*Z0O8W|=r^y_}{iWYy75v3o-ROh_Yi}0+)
zgX`^8sqB^H0?*MOh%VKkIcpW0HYFJ<Xgew+b|iUo=)Js$Ny2}aV<93F_?Vte5o5;B
z_bUAQIPL+H8Dyf+e6Ej$B`%;njsQ{ox&EN@URRUtzp{Ltb9oyq9MW;l50d;Be(3+J
zn$rhQz%hgPEBry+?gJDia$!;VRTE5ocPo%X@wDF7kTXazC6;ugV2^0EY>MqR#qDR-
zA@up=IS@3oxUsLH?CO@=24YOGn-3l(y}%%2AoR|B)*}+@Vpq<BP3{LLLFeU;UOLz*
zO{hg8^rIC)fgyTY$ybavjU_KhJgz4UNW)17%>T#LdjK^RHSfa$(mP0#5{iHn0jVM-
z^xi?SAfbu~3W5qqxgb@f_og%{R;p4Z6zKv|lp@l*Afbnl-22_=`@a9*d~=6PhMCOd
z<m}nq=Xv(*R+(JoTWKHiEvf#EPnF~;H95YWznBf5Nq(~7d|$7Z<~_1Rma7-Fj#x)c
zBEB&WGo%uh@fvTf-~`jlBHZ%nO^auO)daehBbyD#WrsA6XuBLe8U*P~z5r#-WFo{s
z!F+v_+zVGg%VFd=R_Ho+a|%I|Tf*_2hZ~c1P_#2OF5j4mw66W?Ccr0R&Xbs;Q%>=u
zx5M^C`sX1B7zw$G0XhKOIBvFj6hg9r5_(GoMZ3E+`#h~o4=VHI`X{riJMQU^#6}~Y
zcO@4yJa{~}_Coz_8p@kD1b^D?p}__A=FZzj+5Q>$k7=RvF9MoHo2Tc3Nw8RvWi2Ja
z3a$@=>DMulL<3H&?u>Z5#3&O+eIo^JamLU$=`ubEB;k7nxB{)cu0PWLMHf?Bo6#NP
zkhx?_-u1uu(13OWAf+94EBNnm-4bW@w}80IEucW%J!D#Iq5be1=kmNA*fNpAaHur@
zQC490m2VeG!o7>^h0YPd;lt`4=voEXy)bgSupDkvlsigelA$YeU$!x3+q<82L_tIQ
zRoy7uK{Fp`{8Ci_as4bF(?~OP5t`Pxb~Z?d@&;SM&m+7enW%;`m6%Yo8_RUg=T_R2
z(+MJZzS88g-kNDly7>8z|B0VjF(q+n_;fJ&Z%i>h6s6ahoUKfEzqkhsKIu|mP+yS4
z?^qEMW5gH8E?GkoBhkqTqvi=uz56|gf#pADTy7+GW*JI_e2;gbjI<9deK(yQpj?>L
zfZIz6w<6X7IDv*-pk6Q)zV%~%I18Kb^D1E`*wST2!}Sbm>wfWvDU&MJh6P>r;*81f
zs%I9V&+vzlK_{E-1DC7}Yw|k-b92uE%EDzfUvf0mQBY%olaM8KUi7yk%sIt`!q=1j
zg9dzztYPnCi|dvz*{|44Y#umW70TU|2?Jj1L!~>R(*<C(uAl|fzgm~I68G8q0C{gW
z>Hzu<Wk3SEQ73lQ=ndcvWO&7hjP*0a0Xoil4Dz9scox6h09pROuF2oQGn7~_!hpf4
ze%}*gu%=BI`gcm}TQl(}9IoQk7{y_5XN!dJcsp0qG@Bf%y-kz;1+Z$`Wr0`TGA(?0
zeroEw?I8yn%|PcX)grpNrLfaN`MPH-KM<tIL~l(g|MLGKS&3XZn|q_M3i~vAj=M1u
zVA6T@U^u^q;<#JXWUMRxLAt0>=3_IZ<84CKUza<c`NYa=f!`UE1n(vZmjU!t;1zI7
zN{3kh_8Z!V9F%k({S-Cgrom4r6G_t=<@cs%-axB&k_i`1ZXVWcdi5C|AdBu+rs7aP
z$S)K)KjWK3(K-Wc|EHlPFoKrv{|BiBPQnE(4=EMiic!2=hSH(TC7H~`@Gn(&4s9=f
zIt};0?Ddq<tQIBv^7RGtqJ(;-DAVX;kVfM0S5RB{ms*pEj+Tg;&gb3ji(GtqzTJEi
zFEcWxO!$Kq-QM2mBcHv5Pm8)cqTM9(Y>ri0C&F>MV#mX;9k~|1(vY0H#u&o{HSiQ_
zq~IUS@L#cTG5{~bN3+PRaA_Z%H(el^4%>3uHy>3OK-WH*;JTj_5_j1JcnX8t6!tMF
zT%26c1!#&FKDqgi(=odGib#Jzc?3o~G259p&ROwcgkH{xOag7O`5}4}H~>u8%b{X0
z5eIBQQtKc<O?lWa!4!*BJ~uqOQo=nYBU_mE787?g!&dg3M)TN2>$qdRhAS4C8|5c?
zxkal{&_b4yBq<$kd6O`1!Zy0{a<84ynY6u{1;aJE_<X;oFWD%!Z*3j!Ar?mdzic5L
zEYx~*aGu~%PbA%p56dR|lpE#*pQ7QkHqzh)y?zo7u>mX_Xc30;Om+JOhhX&95AhSd
z3elH*TEGGg|F;*;1xRjFXc&sshN>Y4hML^0u38;v0f<Mt<L`+jqS-PP+F}XpY+3U3
z$tJIPgjTX1wyW_5Ua6l4p9H;NupbrpdKwjcGphHLJ3-xkuIjTA^{Uvtb1$>!O_^^q
z*qoe4|FT`2K?Q_>RjVC7RpFkUzR%WYF<h(*9Yx|RqF7I6l~DGMM$ER3PV*9v_kTH6
zLxXYQ5#$JZEZtCl$&k!H`QKVMy<(#8*pD_UzO;a};XsKbp3uMKl!Jyoxfsz;zM>F{
zp2#)|mbhWoUj=1KEW^|cO*-83%02IxBTo8i60W#iK2aCa=!i9d?gGPTSS22+1!>A5
zKzw%yCSEf$N6nYVVpu7^dZ-#muTNG##JX#c4LpvgMh&#b1_vfkj@_1b!tncYiT!$W
zuR$*2t>|9uI{jz2-t3nWNp1;0gI<1+SL2bP*KMPuNZmOP>rP+blAr)f$>Us0xv~4i
zWmO}~Mdad0T8NCB^`YM{LjG8pCDak<$@k3k-?D5V?n7;sqz&M<Wg%$W_0<MW42G6J
zLbs;N;Y`2}?$RzTQ;Ae>XzzqK3sGE<{WnNdCN9Cuqaj!q=ad9h&ESd91@5`08}Nvk
zV&m=G2D|(haxXWd^Hzrzq_=k|x8Jny_sPCmwK+v4p=#tl;X>!!YoV%p$=Ru?q-xuv
zR&?Z)yzQT#mc9W=$c_qNft99SIu~(KsEq?8>RYK71A6&k7DD1LeEdf*&2AP?6oUGt
z#ijq)!@s7tPH~*iPnQA=d>00mf#SY2Xn0a+I2r~_2D(tq|GoOqLSzhy5c4l}NPN>j
zvV&Z{y6Hx+Q~bn;&AXn_jFe>9{wjT&qj~42dkswdE93;X8<NItY?Bc(7<kE7+|XB*
zN^dt_vov?nkjy`wzr8htzFj??OtDALphO3cVzB=g&dqm4pV`s^qQ}Oj%)wXxZHo)g
zcH1O6K+^qw<AC9Fxq&n}`}w_1fs;{h*Q;t;%>Ce1C|t7m-_qW|Von*+MKrdRgMQTo
zncFZYPfXJe!w9cgyH{7b%L%q|hncXOMG+7Oz!+o+xm`a5VvTLvVuPa=%qg$7{}i_!
zwV<~%pVUx(k#pr@1Wk(XGcw-7OQl2Ny($`-!*-_mb_Jg@YlQbiiFJ(cX3A8)y(o8i
zI!)={6PQEN5S{JTt5JQ)&44x9?KILf^sn%U&byS159290AI~{o0_ziraL9uh>$KQf
zKi`GnFRwPuiv+^YOwKl_Kf@tj(S3{3HL)g|mjUAjkn?A*PyQIW1Qp)v)Fzm((d4jf
z04&r|G%yu53;G$lr&`RsA%em^nNEsBUD)`1T0Bn2YVAO~{jdjdfk~rG0{Y$7zp9HF
z)5Ojq_IB4l*P9bX_qJ@VL}ISEKJ&Z1BZx+dwzz8XW!%E`dHD{G)f>@pO*}uxd3^7w
zN5I18U%m?@;BcGXtko5x?lu$q#qL{&p~gw7rx6DHvUJRc5_tWGaN`X5FF+Sx3i5uI
zrJVuTC<TW%*x|oGxBwdRJurnU_Fq>X_qd1%1&QVadx+YEdAoK2sCdzld>5S|-`*P1
zZ&sK>cCsCZn%{sWxs$ke^PNx;;N(D_0xZCS(q_J^7qkqgT$n<^c7S`)dD8#Il9lY$
zMU8UwVcqEMbSGgn5N&-}>_1Q{)kohxD$pg$WA|a_)@i<O&I>}&h^tWHab`x?P?S`f
zdCRx|>ci-zh;&$r`#(w6Lz4Ia6$i-$y+gnK&H`i+NO{5S03AbifD}6?sGn6{Ik-Gc
z@P{Sl1bHmof3mDTOU%=T3KyUs%piPjo}7JHZtLIx9DW^YcX>CVRICZNx<qg$fvND5
z3B$gjz~pKuBadJ^a=y+fUr_Y%)Yhh=;l>Nwn@k~+LuKQMKd!MgZv4=EO@kVc`p6dC
z8{<e?e$kIJXI$pz=+TV23N9kk?#|<0+x>#Mt`$b6P~O)r2Kmhi_43#PhCeh8ft@!V
z<C%%zcJ-Y;pKO=+)mZ$wzpC>9hFm(p06GO<X0Arwx!ViMW}gc2?&s9fIxOoqD9}1o
z>e2kKnv(mZ?W-Z!1Bb0}JmW61QbHIqJ`;D}=%-h8si_0b*M1k9eT3$IS8H`=?BRQh
zgJ9S4yn~V{)IMX;;I{_m<6UD&(Oc+*(#Zse!sWk%do3T=?Joo26l>ubnRTaJYRc`X
zlQ{!^&)l=toy_;V7(lq<>K?=!9lIIWY<N8Pp1!y<aB$4~PV?LqqvvvrrHh)_i?Fu(
zvCLp7wIlsm09A{l9@cM)nIL?~3|T4~fShUupvb4t+BERu=k>;^k8g=bPOi)aAfY#-
ztw#P@c}zV&e&5SC)&WjAxNo}v;rBwRCua?Vdf;vQtCWc_!hDPq^JOi9G^e?t?Z}h4
z_c%mUbiO0h@js0dxNEeI{P*;btpn?TEiI9NPG;Gd1tkV6CX}ADAct8ldgoog-M{DP
z(H`bTA^L2%zg_xHplL^Ja7O&lUd6~ec_8W|*z@}AURGAI$|*H+Uqk(`=VoNn+fFkX
z_m9`h@?WH%Epwu7fuVr!)uoDxJ`N~Z<eyGNL^}UYR_-n817vlo>_njzB=NJshDe(q
zBi6?Lk}Wu>D8V86GT$z`7cM1`$P&mg6Q=4!%~T6f93mO5nPZXHZT<^v{$?e_;ALJ*
zoAC;IUH^{Sb~971=$weT_bnD(MzGDlqN`K}{HpTUEa|}(%lifjEEO;+VeAuS`Zzrb
z>4KIyi!P^Ap}b8cl1h2><G~m0_G*DkO?sElh_~qr;`b7(XhZ#EFRg~o{`AemD$A`-
zG6afYTd9ZJwXuFI586qrbO60Gb^}tNP%8GZkjP&YZz`ITM9h~JmIYv5lqz>m?1c6*
znSnR6<G#R2YK91-5X0o`KZ>;f+*4fs2SFd2j(rNe#0Kyh5`#EgB5<=d8M{agEs%~N
z-C1I)tt-K>2{4zM1c`5`9-}lzMxfSEqJl6;JM74RV!p`8L{kkZfHwJyUjMYskN0g<
z*GtdpDJoS)hYxlpF=Cn$4m}dK%ul2~Ow?^-sI6=@pD1W(nQ_YKi%P#+befzWLA%X7
zwwRjFHYc5v+hjh4Jr1_d7I)1+E9z!*&#n6YCvN{2vCC2AF}VO)!8&qAL;_}z^RFpV
zlmAcA><PPj`3jL1HH1lCgmr#z{AqmSk<zi#GC(dO3%Y%nsJJsJ@D;c6T;|b;|1mnX
z-yQ@WH^x67`%hYiB7WH2@ObvD(^G+~o3<K+l&>=UePKc89c!+H`u$$0s&V_LWyT}U
zi`$#$Mur93%`uSS?w?$g7Fn5`m0{O-(k_>fmEqQ;&u1UYNf(-ZlMmK1SJj_Ik)jt%
z{>KkKGf8cdQV}L<nT*DeNWxrpRQO)(W@5}=skV5f(!s78ZK`4M<PFqjIP==JTb(09
z^aMClyaAAK5I3!aNJZSY7BLiq{>q*oE)j<Qf5PTF_m5EQC^!O)0GnqFp(bBbq6oB(
zE~$Y2r)dhrt+iIu8m#*3P%>=iU4iS+Z$EJj>1>G{G*3O{gZNUR{IRMhn!~4onWs6%
z&e25Fk}qa;Yq?74*tlQm_RGHRn><e$EyeMvOm~M_sC51@y=h;dbI1px|4FpMDQwQr
zHrEPG+Sd2px{-4Z>221??*31;To0d92%ruUJYgl(A|Uz0M$$$`%&K8To(XA#2&2ez
z?EdchgKO<?@7xW5Ke?bivp~#2jSt7GYtTk#73g7M!mAKF%eDGu<`OHN_z5F6iLk1Z
zyrcwkqN)GL{&LZxYclDMNB$bnS%yh~nJudL98xI6|GD;I#ZPptcBK<~dYDB_w1HP}
zBk#vrc){l{RRPU&l624ono)6M?`?CsCVXK*HJd|*<gB3op!t>uS?m9F&Tv(%W-ayZ
zwzE2g7Uo&ew7}o|S)^&RJI&etN0RONKR)duYOTuBC~u+TMXd}hOrY8=t#?>zvn0bY
zPWbr}!#e8ULvy-D;5@H)A(;5v!l?t3()}z@3UgV#IwFJO**`zF-kiF~=tf%|^G^<K
zqgqdbVQ(PU#B3*B=j<En^1L<+ym>DujLe}IJsD>bIGMf2nG!jyD}Osq)jPgs6PW8t
zQx2ii*I?gvg?<z<5`|8fjH{@kyVI7yHVsM~THxXPxmg047O@r^H&jEkQ`PDsuXB;4
zz8Zj2Z`Ll6prq-gMCx-Vy>3Y?OjJxmpQq2xq3%byGpMUy#7gRedpQ{A8Ix!Z8w#<&
zHcD|i1lKE0!DkM9{!;$|7Afcvq*(j&eXp*WP*~_B%DgvCzJza@%W>CGsPkQNf`g4&
zQ2;T>z`!sW!OzWNT@GDmg{}Vom6O;Kycjm??o3_`inhR~ipIYc+pB4`*hT&40UA;u
zChS@0)sLDF`8c5e4Rn)6<urWJsgm5`v3C-$FKVtJR$W}4X}d-UpYe@n&O{qMvp>lf
zJKNGhMjP!QtrixoKj&u<xBA^+joxc=E;+0_+wnAp&K;}F7>(Fg&0ckW&D$buHVcOx
zMn+Zlo*waGGI#xbw>aUy$wP^15_qxdJb~7UUzsS~6Jb-`Yl=*2hnTyAYjcHQ^rFC7
z#@kL!q!*_-f1L}2nTt{5c6h}O;{0KX98|i8qSv0)SF!>DM9zcq4(UV9onCEFnn+tF
zbK9Aui1l!F38is_FdvJo-wbK@Tb~)3ryR<B1&WE?WBGCKyYknZ<Lg<n5Aase<^cjw
z6COP#(Es!=41(P$qBq|azM8989Txm<!p+#BA~SDKJmWbojFPBl(x)ze>V4Md{6v`I
z(3wL)z1nN!QM|8g<yRT9YfbvG)4pUY6r57W?|J1{;%<0%*Q)wR2RL(05H-r2nFUWq
zs~fQ6Hq<9pq^$EBF|hgsWNWTFZJz_^*iz656zlmhlq$k6HiA0zZH7R3-%pfc@AoVA
zrKxp^vg1RIhEQ$Xc!XQZizwCuAWtezolfY3!-DIGjNvNgLF0!98Q`;^+Z{a{0JoX}
zWB^$>7(iK<(utvu@cZ)E9j(J|(n*ByH8I-+wv!rohDqP6oek*6rw*dWkyVp8VJ&vA
zM!N#qeC2S-h(6&Ec_-STGo;}-bF?wYFT#Nz0Xf-<I{!TWnHE(#3#*j{rc`3SCH!K(
zWK}tHu|u5Ht+#h|bcg8PL#?lxKdnlwsouJWt?#D9N9psa-^W-G(HhEy;lIUJwRcmV
zji6gk`?qh=$qB%@{;kTytxso$s?m0jMEbw43tK&hPxI^spu;-qN>L&P^L4}m9i*E_
zFQi$l1?IcxX2qnzg`ageM1L?OLBDA`h!-?@fweIcEhpAj;TdQ06K+u*qe9`oC1AIu
z7VmXi`sTR6^+74=uiYA^;?OARNq#K1!hr>z&OGf?n(LZql+FCSR(;P=yu<2?7(bKM
zxLS9`%Ashyh<T}rU4#ty-JNmv&dRm(=guuwYMV96q0Y7hMLb=alQZV|<W-`~NEL=y
z^!TkhC47>6DeD@>*Z(h)`%A8ibBr>=gJGG|Qfw6cwSJ!k{z27N8e*wR3iBP)6T?HL
z2k=k7>8R=U1`cGf?)B%M%+KVJl=hJ=6P5p+^0$!bV((HhL8_auol;%;$qDTvauqJn
zHG|7kh>urfGEfb;LaR8<4M<Xsfcme5ImuJye7DTs^m6<V*VEafz&Bb)Y|<Eg2;NQM
z+jS3GXK)`6KlQcj>U_jC)qh+&h0PEExxcL~ek9E0=<lAt5hY2BDB<E!Kamb`oV~#g
z>(AWBNtbnjWREzckLS`m5m?12+)Vi&7}8X5Bpvp=Fp2u0_NyQ^$L3H}EFy>XP@Vq5
z_C-wLrk8^@3>1)KP^jHsh57(p{9QvKTS;gPQheA0=?9WP%aGj%Ji2q@=cgjqGMPZQ
zKw<aGgF);9(2Lxb;^H%4NCDsnf<rlU7P!W;$OxBRHaMZ5iinKGBVY|vyEue5U&xTn
z*7xECXs%~LJYzjw`0=j-5}x2I*r(yUy}gmf#-0fpL){_CB1nt;fQ0_jH8is~&XBA)
zPF{@`Us~KIdD|G4Nghxo`B!cyQb0scoksR8cLbeqdJ@s9y+ZV3tco?yqUo+<Mz%aA
zaQ<Q^xda}4n&Oz(#PX}XXd=DP4>_FGAr@c}Bd{enYhgEahU|p51FG?3J9UHI)Sscg
zpsk%0Pj7Sj44sx(@*k<>Klfj0YH8|P+SnLbO4_s*^|wmd$dHhvGlZ#ZfUDWTM@`!a
zDhrp`T<sIK-v|3Wc5}P!=J)va(KakhPn9TwKS(G-Jn=95(_9z5xPhP8pDPF!WAe{6
z#~jgTaseX(p8J4_^KiZ@k<6McYmBxB)<v&&u<qTkmbud2wr_W@lC==q5N)wA_;Z;J
zwDZ-w9QDN2)BNz@t9BX7LEy^!*WT^ErSqRleZB0SWDa(?vCn&BGvI3ynAMz`HYGea
zfeXsUUp#(Gh&@1l2q)*O4Ie|;-Gn@Fl!m1H1wjiv9sAOKw0!dJ5$_ch2^{CCU7{Dd
z_u;QPf$i_gACt(l`-b}ay}M==!B0DN@#sf(n!!07o1%I4?>83F5Aj@VsaJN-ypyCn
z^h_S`$ehIcPSp3{0E<uS$WkZ^bjBqT-{2#0<}N1eoQJ+0m5ltCnRO)^%&u>weHd+U
zm@6Ye(8hg}Zm`*Wbw#+NGa-0biudI)liU-{g-)`=E!9iRecSR?CsTyGdTrL9^^Dpd
zJbOTo#g4S;Uq(;SZ)Zo{te0^Pxr-qSVr7m3ijj-RRHO(X0K35|aD1P!%xY&`>{eJ~
z2`*Kgo-Ye@#g(nkPTiZpc66Z>!P=d=0i<^VIWBAft&#Y}<;-faCrB;txaXw^8BCsf
zwC<S?#FsiE3bBm*XQ0yUj46Ea0CEa1L{7$#3sfJA4qkM3bKf(Mjdo}>wbYs}e}CrC
zG#98jt{cq;o_|fdBDmY`jB@oNb#>%S40|q{pJLzo{7=qyUe*s*tsRvP_0;GYtkq88
z+4axYR>vm*(;BC{A&av+QlW)pqV`RJEj#0XBxdG$^=(yo9KsoG&fC*LM(jp%dcb9_
z#W9+HYkdzn=DQQ5Rj5aiCeW_-{qGza%=Z^&_RSL+%hIXRT>sk(z(o1h^uAXj{eQN%
zk6sbHYPtUHRD;8!m*}~0<+D;0l{=!ZJN|9<5%37l%a%&dcf#g4F)Nk(Ly`oo!aKZ_
z-wXVP-a$3s>^@=?FoBNW9^{wD!FP!{qJp>6D@q?UKJm4SLY&pLjP)l9rf%{p+%1eN
zA0KZgE(qr@AS&=hr)E5=F$lt?dF2sSI<vEEp_8W@8WQK<nq%n(mf{JLsTt7?=QI}6
zVG|a$h!{qZ<|kVla9?U|rXJe)iXB>F>}g%9_^rl*J>C3NeF%s64VXfqp)v%CSJ64(
z`kLl<>NU3d4o6&FJko$#5%lF@{@|91<jKqec@sG1zH}iJ!BbpB3qY7@JyAAHc3+g{
z2Ef3sd`qgZTwArny1p(2<H?T=_9(-t(T@iJwLgj3JE#ssxHu5d2N3Z??gTW^uuJry
z=Q>LTF{%N(TE0atoq*X)QJL%QCzX^dVKq-KMwVhOJqo*|B2&LTjTn$#i$<JtRj2EV
zASXSW+v`?TaiDKa8pXPzIm9PBBT9xq9otc5kJH)C_j_XKAw8fAI3x9jFB?xHVglZP
zIub^X@|GC<u0gb_S)e11gT3LkqG9m(zIi&^jvY4B2BK{87jq)6+7s`(XbvA-d^l{@
zUZElP_RJL_7vjsANa}-Ta*6&hwV!iU=!q5dJrH#g?Jy<$u=<!I7pOWGt%0%$qbsvu
z>~VL`+9pdfcOmxCNWy)rBWqqg^&_3j@4Ih`Xf{4HSe^Y7+O3W>HCSZXO)hO?tVncP
zIP+WjOoUkx1#67HvWyccxE4`#qRt#NK((EH+VBdBDy4IgJDl;A|C0C9v*S9ii|CQf
zivRIamdwUnj=Q$>*M30Phz{xsg}Ch)Cl>iiZSE{3Vuveru5Z8M)RkD-QKTuvfYrX<
zy<;8|4(p_&Xj4d$@N?g56#d%B;=I=OX<3th|JaQXPp$XHX%{?PRQGqm)rnhu8O**6
z#>5Va2hg-tqW#`_Ms=(A_aR0h6G(wDyAO;)rjQZ=5nQwmz1b#QS<E-^q&}TUn11ub
zf|?q$b%v!}$U$3SY1DsE18<|AF7vwbboU_HaQ#AKxJ>D?70F$>Oa4wXAV1ybRo%7s
zTBJcrJv-|MHzT=PMd|XB+aD&;x6IG34Pm9n+;d>R>_JF8O#1=lfXM}Nnv!#R+oq5#
zVRYXMK9X%+h_lbyx=@2HMQUy`mp|@^cH!Z8a?F?uR32w)DAp^NVg9=2+&8D$JmVTY
z@vrlI6yuRXWE~-!d=U$%ru}zs(L3<di%f-nK-VEJT;gLWmSRxmcyT)mh>yM6(Xuz;
z_d>Q+G{g9VL(pppqmD;c%c|kZhw}ZxUMCd&DxA{W-SI^I45hpjFz4uB<lP~{kd@N1
z*d3ABf!dgyt+x$Y=ktwsOZhey)YdWAw4y@Mt&@O~IpspWwf&7R$_;q!26TAAGgEnQ
z#DQ^;30Plp=;)Ix*uGTJi#j~>13I_v+{^O=Y9tR_(=~<omCKvynhfe6#zvWIEVMb|
zGT{-iT--nyhY9?<JcsKT%@66OGBKXGy7k#}l%wd>wJa9~;{K~2AFuYrX`T=9-}HLg
zt-jv9Z%#CmPsjfWWvES-dwAV}-3lH+*U7km{|qvjp6wj|Rjj)4+*v{YPD<Qq&o`^L
zFcW?ow0u}SXF(pEa2&x*t;^$SYlp_KVamp`veK(;RI~Lp4Dvxz*siuC_wypR?r?})
z#D1Y=F68tZ$9`AofECmZR$--LB!4@0sF#`MTq-g_$$%}5Qv~4Udk0bD&KQ{;ainmk
z!M9v;K%$0f0@3()?n{?YLd9c_I8kiJzWK=0c<5U?DRU{H!rTAfSd6lNUb|BkkA?>J
z828iqtt+d)v{#~;qk>0)!u@Q}3x|#eY}hBT-CamUux4i)r3NMzIU>#N;aVKl6i%<b
z5wR%?*<mq6r`$|a;ia;2rZh9*w7`0~j6!V3C?-L-+tz@C#Hf_{)OF<#k1N7GN@+%-
zU>%jW?{q|o@SI#}HwT!U(UJKhbGXFWD4bD}6O8}6qgnWmU^MTW-+b?(D|SS$l)0Y&
zMk0FYDJwHxfsm_Bg`DuFs@{o?M{AvPTpUU=(;W~Dv-ZS$?J+7sPXFAJm)j6tT5Wlk
zy<CzKoF?r6Wpjb35SM-6@Edv^u!vSR*;l+!3@idQ=xoB4*C(`YmrGc8$e-qG|HM=s
z6U+68K(kHWPWq$FMGpXz!`g0A>4BnSC-aAbn_HcOD_90gY>ZXqI&!Jr@x=ID4f&kd
z{W)-X*B8+gbWMsO>7&1yQ==C)j(W%Oi{*+NW>WCUsSB}>I?zIb3&QdwZu@R{x83fg
z3L}H@%xjP{LHfjKR{vZQ1;z;%y^bmcazOeWrt<Nz59y+wct>J1nIh(To?z!net`xh
z@2dgiB%b@VX0HIJ$#E5%LK%elyW%tDf|Q)Gz!u93lts%W<BdcbYc)k2<=H_!T-~7(
zP6?(9%RYnGC!l<>U32Z7)!x+TJ)4BH4~p7UhsmH6xtlo*$o2Aq^$!Bo9!S;017*HS
zrDB$FO2<r+5|57xeo@|!dhKpNQ8jKMvT8Q`nacNBcOSkerKL2{9iAf#w-1p2kM}iX
z>J$Mw8o3Vd|Hu6{^~!XeLj5OQ5=#W|SzTR-`(IWBt0sx5Au)4O+NYG}zlY~apy380
zUuP?V)jO-ioFV%nx9XvUz!^x96RvW8?Y#)^oLg~0&foY$LFie@_XK-aX4@}Q<N_u&
z$K&N$o>ZOrD&|3_=?->w9*(ch#fcIGRvX;fq_<fZW_Z(IP&y^OG$!GHhv_MEOuZNf
z_rBMei;LXK(L<Y$y)+>Ewm&^CR27&M7==1|cGIFYcygNA#pOQ{RNR^6TzD@c75#5v
z|JkmAi?Mu)AQgA{e^&G9m@*d_ZfRSA^;JAR=eN|c$DY@w>^*R}D!L5zxmR?>vw*7|
zA#FxJ4ntQb%cFvcvGQ-g{C_W*Xg5%7sS2S!RPqVF+S?}!kH=oXn5}m1KUMnkxI2U+
z7R7CfoEId~JMfDNF^vu*-5W){=eCx+1<!gg2)m=sr#|~T|0JhZD_Utqg6BSG0Yc#O
z|I+xKg)1Gi*?3oT=C9YU!!}s4jwl5*-S*+pq*lKkUKUj_LtB{zL=JT@jw0D?-+YHJ
z*{{zkg8cn|b9v&1mBl0P;oTR_%Vc2d^!NsC?fB{FQ1qq|NR@-mn=yb5YPITJQ_$ue
z0KU@<)$Jt41D<&2#eBdAudQ}YOMB;p+StGSZRXoUi*-9>NtBP-T|RoPa)-kxDTX|%
z&MIHPrv3E!^Eos7Av88eK0jRkP)jrOoSHewV|bVfi>=>?V(S}{!f3~#=BKY73?_-l
z3~>gbPqkyb-~-0NA}Rv#>x&tY#bHL4Dh`lD9|>nUC4vXPlKgEhy5mHLnWD~&qP3k_
zxPc^D4eqlS2Z%X5-CA2${*>Q0xq%g=Cm7wx#>fp6RTPLjE}9E!S~@OnLw~R;;+LN<
ziCxomf~LjcOjZG8WH;u9n)t$szF{GBKU4~3gC02aIt0~%2)0y(D#uy+(Qv0Kj&|3z
z>)wdGhxb?4ER%0h7EL>_OS2rV($!we%QM?X`_vWo+RW~VW^;aP5W=sGF^_z!G3jrM
zqzvi{Oxrr|xJw<MO)-lxzwzKS2i<w1%RC=p0-k<)t+#E-i=X2i^x&N%p`tn(0ZXs`
zpY<P|9Yyk}n?OaM+=(zn5v<(Fj7J6|-50%xasQvG-Hp!kt~?esYrt4M#B|L^qM`4{
z(dBV6n;ft=xibOX7xMtFexF@|?tzoUY&|{Dtq`wt?6$jYk^~f5;NSQrGw+~Qu~$xf
z8r`2>))S7T&il|Vvh+QHFpOF9o1H%cT6zz>(Tfn#ypy!bD(?5Jg*KEDz8>BayguLX
zH9OOIV-As;82I%I1?qt#RtYBu?mZ7R0nbST&PByC7t_rSySuE~-(cjA-+qo?2rn9Q
z93<xGn$%;FDWlFNkT*@PGlyL+yt&=8Wxy95XVnxbtwTi2-xQ1p-iD2#;N9rPWbwEk
zFn(1y_ShX?+P*FXC>Oruh$2iN>w5J3H=9~oyZ+h8UWE;<0PR;$S2Byh*jPA;R8H&*
zV`1b!t#lhY=+Lh-c)B(ZFbHGcvQz7_<)7=&_vcB!xKw4H%o_B{EkC(m(mov1p_YG5
zRDn<Tus%-TAG}pHykVKh-8#?c$8l-ntjWy*wov7Uj<y|IvVE>pi~~It;%L9!FIqZV
zo$kBUe8-!iTO<!Fu90^j!oA=h#21!qt-7fEpNTFaY4lT()DJCdZs>BUmuKqe>i11N
zNbK>gv4@vMFz1(h2OY3jr{`$A$^kV$_wP%OB8PYgO}7td*1De<+t^TW1wzHLzCS$P
zY@a53o}~H@c0nxrNM6At6;J&8-S!m(|EMWMf51@+HSmq@qo@o<A?3)W75EIB%R^tO
zA3fRZ{uAj4od};Pn##`tU&rbiyvzab5woaLAbLsAvQ4}5bnS)dTyWjBbO4<L2H(Z`
z*_hmpS{O1_7`Vu;peQcX{Aij@)%;R2We4#F?L&+#(|26(HT4|6?WaNOj@vD(<P||T
z@&d|bBjn~O#U|-@r%EtGYHf?@d=#jQzEO)%UY_#DD}H~bBF{5OUIb5MYj``Rkj^H0
zy=h{43r>qJvmjZ@_M3j!=`8qK!Z*i;w^x+>Il9Tu6d^8)?*y!85AiN@62itYne6yX
z_24G~A-G}|R@P#yo5Wp}1-~zA(MvVbEi_X$DE@)o9bm8Ypu}uIe0Ox{_p9+xW^C4O
zn{UewK>G3-hh&{mrv2@Ktcb@2bdS9rAsl)JnTthw+)y7xaAq;kbveG&b|t&A3Gm6m
zjo0I^)YP3qx);z(?{!Pe6AyjnT1ni;nrkSZ*NOma&XDD?_3jU+5tTbfT?0)T2@X4F
z);cVyUVoi}^6x_{em^oB72fnPqTi*?5cHlL>T<ux!@EjE9ii39L<6j)ff_gMm_B3a
z^v@??8tTVAx;qpTxaa%mxNlstg<eje%Huy;FErkUsVA`$@;hkP)xyAvsQXs0ovt@r
zvX$!16Het(4$^UA?CRZjLuDv<v_Spy+)!u#J2w%-WG!;d_MK|nZw0IEK?b7{NS?rr
z2d;vgAUy<pg#AH3$fULi*g&rNL%6CJslTE3g!hDaaOghh$9HmtITm<M+lin{Fok3Y
z9s7(jWFYuvr|tj_qc@<y$4BTN;0J;btLk9~rDXGCC)xIfRp%l))-0aN2NtY(Sy7+z
zc`*}5&MzWt3l-RNcv`@oXCUG0Fm(aO&~k;X@5`?{;z)zBT2BR1!K68FJ;`Yd?@R8W
zXc~~hL-mZP8x2^|^yfx40na-1<om{_6hsJK`Htbsr+RcRlZ>Jm)&%?%-&~k|N6_4m
zzavq{jy5bcYeA*XSiNc7ocugKDF8+t4*B+WTD|fnnfw@-D2X}_%h>fSLHG0+9OD*s
zNzmkUTo_bhOULpSxv`ZlAT)Pxyi$|?dR<7d&AVZFc|#Yx`7t-fAoTu>u4_zMh5Ge(
zwLM+mY`^7+y$L+z7VsKEy%{q50v#pt3VxT!)TUtG9oY<!by*_JsXM4;y`t>~glZXo
zKI`m7)xW!$x2J?b`5Yj*!2aO%&TF+6r>dRmBySxT9w4WxTcW*RErx{a(eVl2gY*vW
z_Vl!UPV4#bIczIohG&2NJE=KfRQie+zo+~%1~j7xx%)F;b;qxD=*5Xs1M|aAz8tt{
zKO|Ov14+8o@fhbysIY3dT?6nyku>%a+TWr%&U?pOkx?Gp{B%FvZx*_ymzaC*<Zz3&
zJYLlN!XHa3oJ#s3usJ_$_2KKi9$EXTN4)&~S3lt3{&G?VO-(3{vE=XGyP5k#zdwAA
z?!$LVfL2((M-h<MDtbE8{+#ap^XF9rDs10jnRfNW1SUc0*Z6=_glh`>&S{3yLm}EH
z7Z;Yc=K#ecfCM_{$XC_@;BlTXAO-cHE(ij_ZbM`$AOfW#pu3_7CPOPi2Nv2~furQY
zkadA9-N{W?Ijx-&=J@q|Mab)ru?ET_^lt*Up;x!p-Kd&B4b*I3_$4=rw5|a3x?Bpo
zL-_P;B2A-Nch0C`Dd`pXa*OKSVi#KZSxkQTu1NB#x6cleSyJC?Umd%D;GjLvK7^gP
zCG^^Uk5_6x0>6_~`H;q}VuvPj7n6NeV3GGRiFayHqb9kpu88L2oQ4&IYIpBkzA_e#
zZKrkVRgv}}d)yIm^fXdp|8mJ;KJE*dRnZsI>fO(YuWpsKSQSkS$hz*5O@Vc3A4HlQ
zC!nS&w03UkNR6?|WTSK0^wm%73Rm>~+{6gKg7ywlE?%bin3%~kS>5Mv@+K8}a#-dF
zyw)ES+nL2^s=azZxKVw-qr$4{GTn)IDvvKWWIf0$0o`v&-U{8a;6JK%>lcx~k7;z9
zb(~@l6@sc=1_hV5&kH|zP*v@DEPl{sZU`!to0Cb?oygQLNe4CYs6F|zL$WMIviFYi
z=T?3un)ilMD&McEzQZk**1C@$V+u(n+^<8aDR}x-wBEs+{+PDlGr+O?L|KDLZq~!z
zs4hsZl3*SMnwNs2Dafs#Gh%8gb*Wn_em(E&#zkZ?&~^zlPZnsrNTKk(67~A_D4I9K
z{{-5up5C2$Zf@9B9>-D<EWEFrW&jANwBR>X+=oAv@x-VlmEuq<CS1#eWnW>6pRtwX
z_Q41DxGpWUoZ?8(x%IO^-l(pu8?sF1TB<pk&7ixs$<7gIakT|13<_)Hg?-1crRDBa
zo}UZ%Lkd2-JPme3V{A_5kMK!B-+|c<Y~Z@|g*j{cqs<?BpYDafyuz?MrNHuLImu6z
zkWaW4>9f|&z?W7cF_TJ&+1>ZsfhMJ(cOXO$3Nil1&Ju~yN|;VQK)Me@|EP7^D~G5F
zNJq~twVB*~Vpb&g$E9dmIELpPyKw^z0!0a2uPe*iu(oo?jPc0#&_{3_hw?r^SHgVL
z&jAPqvc6HlW@J`_9^I>6bIE1gRFP4Nc}~S)FQS`D?*aODb5#{X+4LEd4nF+6C-F(G
z-Q*3C(e{no2YUI+b7s^F`s)_#e^U8^I^^*(p?@kqHVcrw6_LfdT>_E8M;CgZT6~0u
zDW#dblpR&bF*68n^e%1tRtGsrlGbC3Xk9ksq<iZrMPEAt;&dnH-W8SHZKd@ycaZm<
z#2i%=p%3p)M29h@?$^yQbg1)l5emgxfl1hq?{spv8miLubu14Y_glfOa;q3Sb{gq(
zU-=w}bU|h3p=vjM70LYQt1(ITgsA?Tn2GL^UE>?Qs3)fx%T^U-2T}EOUz_G^t3AE(
zSMaN$STOXIc>**xH&sGUcha=<!)NYh&{>kMD`dse{xrMYI7FgXa@5_4ZPO(~klUy@
zv0E5aDSq!2{Hbqp67stPb6&P1lMG_^pUmDYp+>-Mn{_X2f&Dd3-9$n>W&*v3_>Sfa
zaEP#}FQ%i`nt2k)>@qCdF!$8A<VsDHR)uF$!oxqx2JF(o96Av?{H3Gsk*_O_B4u~y
z>Y2s=lmmaJKXMZunM!I1>hN4D5r$Cd+dkPReezeW`GTEtRB>4OQDFGx>+jId<ivU=
z4{r9J*2;YEN<y=$&$tLcq;APRQR#38EPHMN*ZugeLN(Tq&wH;euYLI0t9U(*>{vyZ
zKf=S`wwYYK7ySIwWpAnkTEj|w#2u}V&EinMfp@T)(T&RoN+Fmw+|AroB4g)lcScH=
zlHXYg)rbvEXQ(N>E78q!c9nKyc;by-h*`^mx%DC?E53QA3IW?#-$MT2i@UNRy`qDm
zMFG(-G4u?XIzvwqRqe#6SQE1wR>JB?@ZUu9s)U1X!vj=7G&xlBGJx)+z+SXsAXuM*
zj`!^rpk0WUAx%pYy3<c7sxH<X6Z<S}$o4|g{`yGoukh|ZkG+}X1*%RYy*=J@|EAG+
zQZVo*_4h970y*=BpHdwDEt+5-Vqd4ZE+vfX&r`0k^BcJ0GpyU-f`kW%G79xDBJpuc
z-6N<$Umv4C&!wzz9wYS$V{a@C8M-<RM>B4*t}*^bDMDb==0w%++BKx#pXW<>+QI0u
zDTc{V*<^4?d6lO@@<_N3Km{G#i*da#X=gEC0X~lZ!gs0M^=JziR8~F*DcJV7W-h0P
zS5@uO#x3OoJ0E$}eRLXn_n74RnX>KgpZ9<9<QA~=UFk+h%Msr1Ps3`@a=>1X*`_sq
zRQk6zrXfcn4;m|IW}$FZ{S(H7*@o#vmOCn!1|vMF)tC(#XFgw^P4}ViGpvB}L+nKn
z!MhD~;iCRRoTWdU5i7A95BgNChM)ik4M8*K;la1)6ZP}V#!+Oh%l2Q#Z>1*sRpWBE
zD@At&-WOLOtzYKKmD!Ok4nSb0zSAN@Ulcv}^5_scMJVo0yJw6{En9y!oDDaCxKsJ4
zkhc$6?V-J}q2>VJ{`(QX!JV>4ANX~Is|^xB?264sK0U3Zx{itr@?P|@u?1o!i4zJ!
z@k0tMysWyFf2h`g10@d)B}(fwwEU*rk`m?TyAz_L6bD1;zeyXGQfS#`>O4Zy$WD$B
zWJv2$6RWwYAfIJ6$QpN(FmU7e$w8eD7UO8zzYwtq*=%f|<oo*G)>oF&s#+*{P<+{{
zOi%Y-lgiD<WO1ivFL{9kM$V+i;w>o)$km3)<(#(_DH0k`)m-r-^!*g`HvJv_dX&=d
zcf!VFAfNiq)|AvTD6RDAu%3TBKp;dEpEq~ZOtn5ZgoN%sO45&*j=7*gwf);`yy)Hn
zOWRPkQ1tHba={Q;68Uf7S2;f9^s<X``_KI5$G;xgdIa<SipAr8-=1uA&9wv3(^j<;
zral7L<x{G+kjHrAW9(=}68qRwu+EW?BO7GkML3+|t}GzqN=nEYisX1Hok=>|3^M#I
z-PCW&F9%6tYd?Gy6$68z{Ij4+&{|T^@qr&pwtyNg3U5{3`n{S=_2>fTsAK5&$7xa8
z+3|d=-}}DHi!?{8D__GR-8k+}<~|*~d!?d$rri$*lB~y+%xbvZbi}yXt1|)*7<TIq
zHzXqY{#0S)?W1Mj^WSoImpoZ!pEeru#>Tz!KKO3C=6CVVC_(_9-MvK1MbV*N*XO{O
zeplZ5&is}+wrm8t^<-Vxhj}e*>v$^%5tOWbFqC$YBG^=2wfp5t>pjUO3XSvA>Cf#`
zX$O(|99%YSg5g4~<ny+YC_Rw`L}7p_@JG0TL*O`Z9PI8uqMfai9%m)sl^pRhuVX*|
z3H}^#fAUjwGc@d$BO(S~PqL0gu(639@7^k$z2&#1&>G07m`KN?X#WGmu)dVDPNRyv
zN%m`jX-c6P5^DaM6n?yi61KesBEPv)%z4EJQBMZ0eVf<Wm1g|J(lCejb^Uqx;u_|Y
zrDMwN-KEbq63{WnY{UlYmAAnAuSz}9!EF8WJ4t8MpO<I9fP16OBlR9QHpsfhWoUhq
zKA$Mm`Wz90ZSb7@bgM0@qioP;y|ba#+<m0-(-<|j-0<!FR`N<V$=zT06ZT0G^<BKa
zsulD+K@Uk0q;kXI<AQ($+7_<aJAf}k8YiyNMbfThhJRyivE%K@{JpE)W%nK@y1bVt
zj^go2?SKNlk;FRmGxWt1Vy^BGrt+`c=2N9=_#kZF07+OkMvPV5x^hq@S~leKr0A*7
zN7Zytln46aY_xl1bDS98|71_80oSDDza{Ohh$V{HqHlZI%icm~A?10e-PQdQxME@L
zg(t}TqBc|9MrG1n!j-2OsF6Do8&U-Onc^+*k>bXiGw(4IsJl4Ev}V@z*)cLxNRBYH
zj~s=}<iSTbUi>4}9;gx|atg6~D+3+nCu?@ETXFX6y!440VWY<QJCvIZ&lw+VswT}<
zZHtV{L{gPV%ReZ7jbXkeAvnG7v?ko<c&49Cy?6NqmHMb`a{D;Kj*>CpdB>b~Is=7(
zn>e`5HD!Bt?7c{S2WGPTy68QqP?O3rqX8b^o3)0w+`VOJUjN!C^HJ`n@Ex!B(-a-x
zm}n)Wv{n$9?<jj)2k1>vX5Dx<RxB^$`@@s#(d-wdXY1Ox>2MyirB$^akIMAuyk`p}
z+RFAtn%y?F@8<bMthJoIT+sB*p;%93gp*RPpn>U<>f({_%7vtm@UA>|f|`PRURvYF
zav}h%?QUsRZG3!3;MV0@8?12u_w@H!XNDeu0o6gn61Wy$KYvxJK=a>5#j?dT4?Ras
z1TPN1Z)Ubx8IR9(>4~9q`QDvBr?OxqA=G(aN>J`)h{aB~+Ezo4Kr=`Pe3W+8Pa%aK
z3nsiVt^M%F`sj1}DblqnNI>=Q*>k?Lq#@aqh09~Pp^$Xf)7TwnijHdmpEJT|D=&oL
zk2$VWhKC&c2rp+ok}+xHT-tLJdHFpxykaOxL<};gIlQs*Dqu(Uqswf_pY=QoDC*JM
z{+>cA2}bODmBWmq8OjjsS<0Qs4_8>%$Noq?ixB8;d$ffPS-j14*{As(4kJhUXd7d?
zQ>4_lFN)9zYzw_YkBvzF&fChdF^l%2bpOtS{j#^~KcqTp1upj_o2u(@-fiEWq`WC8
zX_rIQl8H{1u?Qku)b3Qq+1gWm8~Mz57-3(ldR~!sjcH+Lmg*8WL*CA}q|Kl(w1m`<
z#E{vGa=kq5YdRyfy0)CQRrQ*TrG}zcBr=E9>U`V3u?_-&=cLrHQ%AH4R^<7ZrLZWJ
zpacUcCKdCtF6e2s6-duJVVxuY&{AQ)!J|21+uI!LJCh|%78PeU2DyZiyty#-S!ha)
zX8z-(TmT5MZK=C_A<Pw<Q(w@<3gmc~Yu~U15`h_{vb!pl!2T=o^R3LLY;Nr5l85UP
zTB);-^?4^7ALTCfJ!+9eQHAKUzX+sz%r{sL;P$y#*5p|53EH_dmwqydi>_HSQlg!X
zQ)G9-0x@5{=daq@2U^EKW?K$aUG3_b(fk`-Eb+KGzSDds+PHFjQ>nrAua7Pc`PZJf
z?rx?<S5b+T@eDuS7DQG4+PNXYMuCK*27om!gpjwu-)*4d(kV_3xoYxTj-hq%G@V;|
z2`}dU>|7GYewZ+sJ9|+lHYdH`Ywg!2f=NnsjY$>!J{pcVO_fD^`L`0)^NIHTe2bHh
z(LueTheBDWrYR%^xmcu7SaJXEEzhoaUP&dkFlHrxJuDKeH(MUyb@l3W`VepR`tp(+
z3r^)b=rs~y>7zfHa_t?HXlLKp*tZpi^bhwpySKSwx46zDRrZsQY=fVAltBtzT1-+O
zu9Ju3nyAdT50Fx8IVZbk2)AkCQjd^$e?idryzjM=4r#X9aD*0(*8`nyoqkGVRHn%{
z>X$EZ&GJ!n1tf%H4pe%wa{+6_JSsVS+iDa{7tctJ?qW2L0NTwz5SkA71Zml&8NcUy
zzrEUci-K`YKv|&TIDUk2@FqAR^6P{l^8RUOHAZ=ybz*#KN*!CetHf19$_?`KzL{oY
zv^UlsiS<0YaMRB~O0xBu=I2wh4>zclt4=2~rPM;N$B+tm+x?aH-LIppwNQf>{@nVn
z;?FLvMdU+3Gy_6wzl7u0f+@RHD>O%<mY%4pw)fSYfp31-?@#Wx8j6HA?Uv`>w1Vol
zmN4C-@1)@|EWdv|_eX_Ms%AMZ?C9UcR`^@48JlaNNb~sCP_Kd8gK_Ug+OhDUR}Bwm
z#MPvCMJhb_LEaq0lOKK?TBncVe*@$9CL}*o#-)9KJ6?H%I@;}tYHvI_AMLEaJ&JYu
z=$edG@qJ@k_h|7kM3#ET0br{+9^#oXhROE=K7DlNkCuIl{)iq%51=Dlv<xz|%+4i4
z;?X8x7T(kmU#J$ljq+w~JUws?DmF0Cpz(T^QDX<i^ktduwmPG<cYrz_-M9`qCYN1G
zY~?Yaf956N?Y1jA&;_|Q;j3^z|LMnte58p4RkI7U^0o<)SpKyq(_D;?T4H>i{oB$N
z{wQfZ=80+l9Jr9i+0y=yhvjZpj%AXB+pFn(@jj`VO3G#z@RElX;m0isDRakdg~)ap
zEX0Rb^0;A3akMSo^mr@1sN}7?^HAWUoTYF|>7T*-6VG-xX=@bXwuO!oEzHr}#v0dW
z5TbP%p^nglvxmt{wQZxC{vEI9)6cQ0{{9hIFL|w2o|&NFL0V6kt9tIm56=HOE6O!*
z*+qSIWlvc32e<rhPCXR!-D_SyYG1Yt<p@6~edP!o%>?(6VCj_GE-9{FXxIh~CBszY
zhpdaCmaNlWzpAS|XZD+>?Mno9pCyTkB(ObkuWH_M#NVVSMsg^rzPF^+5x4Ou((}{W
z7;gCZ&@(VIBmL3khie5-GF+pQ!+Ajxe_o|~Ggn%!YY#n2<E|ICe-~qttE!299rNvI
zgE?mP3-kPF<t$6o9Vxo=s1j;K<h;HY30EPOnH20`+dBiPopco72W6K6JPD(^uQD@V
z2HMfIdrZu$@!jO!%;3SkOy;7>#6z@dW*&;8_}WTIa~TnXBt~iswc+!xPJ2`sRFj^o
z!k;QI_)m-e%I5|Hq|=Qbz*Oo{2PaUoIoV`;|H4gchBlAs)!EO!-0NeXxT>v2Ne}ap
z5l7MIXz6r=*eQqBMJ_b<D8-zfn^);*xq04_i<$Boqb}3PUJ+0+*y^V3Z%CGZ?L0H-
z3T;G9bOpJv&v61|UIb3oxOHSu#pShH;5(MylN+<P`B8Nhk<Z~ia+Dd+sUBu4t64}t
zCCSEa&(KB%pDm)2=fX~V1Ye?S4$4H!9Ny6HPEr~YmSxo=><y{ds>KH$@`}-NNRJNP
z;$!x?`7GD9&-uP3Lo%9|uY7+~6~gbOgPhdGf>Zdq0kns*)zkb?L^M15@FF7f$-}L0
zMmgGpm|H*IUHeRd_f224$6Sct{~C@O3L%&_9D&_W<1kED4uf88C3r2&5rU~8cYYVm
z^^3DqTi|=WQ1A0bH2G{WUi#=18irgSEe@}BpEOXskJIi;o+bJHO#e@MbxCZE_ejf6
zjq9KA!9C5nRax$;C}VQWT7?X$yGqz>!&-#2zqzzkU;Df3vWv`pTpSYdhWQw~E2qi0
z;|4FD8D>9k{-I^VNRlB`>DcQg+=}_Bg*t<h%x3uGCkMRqG|%x3RJV0{Dgl-KuwtL<
zFO93R79DE^rg-%TFJpdGg+A9ZD+1q{$4n%nuQIvKwv_b)Uy#(H_L%A4dC@+y4*RWw
zDSqq)d3@JoG1)h$W45s{@BDkJs$@DcBoaGBaoPDvHSVR_Cc=R2PnO#1y>FAn{)w4?
z%p2WLG+WMp_!d$Cg=2oKXesbf&OP{58{pRS8=-|6Eio6B9tz^I<oH0{HWl{Xu{vyf
zbn!(rM9Xeq37!uE3oKr*LmT{B16hIfYv=fOebc@MdRS7qN-oy+G8$2Hs`zP!%sdXf
zx6G<;{+du+T*NE_aI(`*zd5)+UQ+Sy+Hvw*1ohMUwr6)nxGyv{nJ_>mUFTjxeMJ>6
z`G$FlcVfX>U7>g;xFw!&|G4QL?U3RC%2s(HyZm!OdJIoEEh(|r|39AoGOo%0fB(k`
zDQQqjLO@EoL~?*MN~(awKtM{QJ0>k94Wh_M5tUN9Mo6n5ARskT8par78{5v`UhmKM
z|G(|}uI$|7d_IrI{WuO$uF$_S8l#lU^Nt4%)dNrYxX?B+DAiRp+cp>Z$^4NKFK)ZC
zqouIVyj3<@2Qjn+2F?~=+z~UO%1?HbZq`*86(9JBM<SM=e(Q=?<}gu2ay7+?410Cu
z)#SL1Z<^K(ONgyF5#d4xJ{VPxIUcXNZX6HHBH+?0*N26mDa|iR0p4&ih$gV2PP8m0
z9!``GA1|gxKTM$tiT;i({}FX@$aoz(6m>oNI~C<?t%a=WqIqznNkv6v%hg%R4n)!s
zyl0Z7P5bBdwKuq$WFU=ma6t1p)zH@_XN{paKf0or3`k)K(T>huPa{KG$ToD`%;0dW
zP+F10ZEHF@G(OAp@kg-~Ze?1pSM)X!VSlT1q#YaoaTIojCB5jSRG{2DH3zMGXk_=N
z;-Ks;5G#z>AcU#?{{aS6IP<HdH7oO0l})I4cOD8R3Sqy1%mLX>Y(~^!i#vHeUjUFI
z3Tl+RA#1D8bm$^Z9QxF|#~gCc$%3@`7n_ACmyiD{E6?MGP<K4Jq@?_=zbi+WM?p|^
zZUO{(V$dr&tSfRJCs3o}1%Epw1{9%Aj5yOka)(jUaew~ZOb9Bt&Ano`Q};&HLayXV
z#5Mj)c{Qz5&Ck7Pqci6B!9yb&yb4~<#wn2U>!N~~`??sZl-RPJ?}+O!O;b2|1tKh{
z1wL9tCkk#e3_zOfuMQs2<-x?=POX$%2%wkpR+mmn8|w6hwd>WI8b(neUi7lxA6N+@
zICc`%7%%Tn7!6epYu=LW*0A|?kM<xk<daF;>pF{>@N@5NVvk@&-?xZw9;1(JH5vt+
zmZX=?b7UVwgo_-)%agCy81i0rFOAP7mq&PfMa`EVy`QFx5<mG%s9Co9^l8GLX4C5)
z<ob9~ZtBJ0JB|nr2`9V3=6VOr?TlwT;sns0h~)d<`Fo|`&J}fCh8o<R)3o{$9P&_J
zS4PKn9vkFga!VtFyS~-Fp`TX2i~6$;Yc(0`)yPn<Oq~AcwEKzi$Z?o3=zcRL(8e(|
zM_uyK!1wl_PHWA70o<P;K<RtuS1(>7&fX;@LpDZFA=>sjgdn$s8cbS8cq-j_?BF)v
z$`ZjACkd|4*TAhACBe`&(6vWex`T+F(HzHPzL2(jiAV8MmaiGb&7Bu^DBXtcnA63Y
z;3perPNZWWC=BEUvF@*S(0EZ43koMcf%yGCkYmytrEmC==Ta#!WpicZBgNT{W)1%m
zL*+{K4hxsj{HOa?(V@O|5mI(U8HB3%El3(Xu=0M=h}Q3iti#12886FH2K51__oO>0
zBEs-|*h>cZTFLjgoR1bpv$*by$W_m6)}JCe5vMVP(<nb7iNyvLhD-WW$E(OTmlYm`
zKqJ{YKsm{DLWC16KKUT#p^Tnw#Ifs2)SBjkbrjuK6NaGv8{cj*>qY?`C+2&zzS+^3
zy`3kJNWyFFS798u?Z19~*4WssOh4<FP+me(g2`<l<m61ow~>n`+MbO*H6CqV4|HI3
zTQARe1_&3@_SN(nTij1I_+Dj|7Ou3c=ob!T&#@+lNsF!WF~^!<#9$zblL(%OwET~3
z!zVl5y;)|ZuL+$srs?Vj6EC&iH?erPT^rnBp97vI)|G-dx4%E;fdNhWooL=q<=uM$
z@cIzzkrOiB+cklAYvXDB)6r1$ET!D|YE|Qcl_VT6`tU2<^3Gt{s6QU&x3Vu3eg*2E
zp0U1oY&%7s6_cD>N>@otlB?ny3T24-dwe2A=TrLqsDbfE_v-|Rw5U}T6%g?GWz=zu
zty8$y>ymU&igRs`74;TUDbmPBLcw(P#hTJK4844#+sFPdm8+ZOwB23HTm7Kz^QE(A
zCQ3rmc<Sh|xUkdxlYw0Z0|;_(+FjrZlBca5w#hX0gCKm4yA+tKJw<xxsf-nCc4hQ<
zkZ~mClU0TLs=x|TD|jcZW`F?si6~R2JT5M?BJJ4Fr%)cb1=WQLx9y6*x%{j$PSFvi
z3<6ZxRAC7q0>kM{KKY%-z-0a4Op>&*J{9u{_Yjk6Ob{$75RS-o3$MxrPKJaM-_maO
zh8%=SJSwlB{rFhtxQhnK&8_lXC{=cref2j9X@c@#lCC;R%7WC3lL|XCmnP;t4d+o~
zGeEpbX<m1c)9onqQNgbjnh8UJ!QCvJN?&|!j)Pp%raQ{;o`EIPQ+ejaXraXt!yL9L
zdNf~lLAu8T)z15r`BR0|z>TK8>27XRyq06*_IDWxC!WBKyC_2<$cbP*0Z}@fB!ScK
zkhEKiTvE@9lW4g$c$7a%B;Z2+P>I{O9p_IM?2rE*{1|s3$Gixm6k<Am+52_JeDq*R
zydi*$`4;On^^!hBUk~EZ_Qpiks{Yo^TL)=F>hv6SYx8&6+Vs7#4O|>e{_^w_x`eaR
zC^7A@H=mczXH$q{LoCnpl3rcwqvCu0kq;m6%IaaI300k6i<<P-2zag*@5LPPpeHx!
z8T9M5^p4z0ph5+HQ?b!=U~?nS95!5N;do8HmzbE(1|$`2>m5OP@p=8Q|GhrqW*#oz
zDpVbY<d18-EMiBI7@n7vN<2WKe|=BI|A^<4hFp-+;f{=j-3Ch<WOGr(xmB*1Gu9W$
z{J{APh$Twb4a4$}KR}8}1`RR&hCTQkQ1YJOr-Wh&Kim<e(LO56;hVAQOEOG3W1?$A
z_~@#1B%1#Ee3TJVjyYG?usAV#*5^RzL2|_+95iQ9t0L=FlFV-mm0+&xG}QrP*;6rJ
zZpKH)Hwig$;}!V;CEDmlx7V!^30-RAs<ab??}M)H^T$2=9RwQm8;|h6O|+Hwv--1j
zIDBIy87{3wyXa0lN~83LGZHx6w0)}H?bJNTf5)=%-XMYJ{E0{f?5RHeU?o=+ao}Cf
zWu&BZ#kC<h7u*l)H*!Oi$&?Tp{u=Tj3C-Ftj@8hYE)8O$&S8V<r-iwH_!g9^VCjL|
zx$b9RE27U-GbKZ)z5DjS-}bQNdpvt;!9Df{S%+dFK96&*pVa4uzGr>QnN(+W8hW01
zi}H7PPk0CY<O%j9HTA+|&uVCPvwQ028;4}_Lilyp-Ec0n9XN7S@k;DnAV~w=lcG8;
zG6GQ&5Aq8eIG}1+Y2%_OZ9m0-3?Jxv;Ts}(rT6pSGG(*?6I$3{`b+V*QHsR3KO@XS
z9i6oshO)zW))kofYeoU)W%X-<YkPk=#6-sDa(f`h^HMwm*$NacRd&OoayU7>yi5ym
zxiVrPX7HMW;aZ+Soj=B0BTyj2vu~$=(CVXSgz|GXzac-Dk50)#uSfXj9mG#R=cP!g
zm!6+wCb9k8ZGzd22bEtDpy94b!cW9WvuX_#(k8;$SLghMOFGXUGb54}M8zOpEZD7;
zwrp{&9GzRLc$Md5-HZcH2crjQ6UJ?Bt}xk-U7_=30l9F73L&Y7yxuMGXpc9cJha%K
zl%yUBF=*`T>&$;33K|v@`BLSqOzk%*8c;?|#M)K}jh^Ff9F=Yq`Y^|yMetS!j-Bfi
z+@Wh1!4egm_g(FrOWd@uH>LARb^o`qEb8dQP?(lyn6%WY1Sy+xN9?%+WYXu^xSFt_
zEGbwk(Vgch$cbn9uMSb0>-c(m7<NjWxl*P(z)**2juIvdri(q92A|b3#6oCGClkw2
zwcA^g^MK~-z`_nj6dg0-z_0ct6(`rRNF0byusXe;vcSFMa+rc!E?jC+u7e2w1GDVm
z>7-5DcI}!WE%&)$ds%)vH}AKmOe%?ef^Ecm{!Y{oLjhj>kVy>{`(bC(LVq0e{KqW`
zhmSA6*q!CgdM6H<N%Vy&hhiA~Ah*K8XQyxP+xpk}L`mWIQ>ku6HND*WXC-H(a8{=2
z9|#weUV?ciExA)HW`*x3COyuVT|b9dVdIX%Xpz+wKA^2~B>PgG9LbjTWQ^x<@@U=T
z*IQ$br<PYQ^Z<8Cp;B#P;-I-Npu&&*rnW66ByeqHAQyDeadbcU2D@W6yI|(=z7#a3
zLv08>nX0)ChU|HTiw$yReuZ4FFi(HF=l8cGiaE`EtC5H92+D&GitE43mRD^YT~D&v
z8E?#CUQ>J5oi&BuTl=dSGAzY?F}0Zn`ATv6&#Z<9X3_7nU0rPM85?q=<&P1+#BU&C
z=U;vpC#*gs29YDSohmWeG*^!E0XcTsRuE-5Ic`WpnNLD_&)>DqQ>jRD{CI3PZeApm
zW=^Ab#;y4kgo+=ZqSwj~brckP<9ihqR)MQ21kzT6do(UldQ%}991c&LMl>A~_ZAC~
z9t&lq)9ta+b)YuldLirjxtMQuR^*<plvH+{3qUHOyGzn2@}hCaOIKkxI6g|-wrj9P
zlg*&br2+YCKywZM!)2{YyrcrI_d9NfUXi~*Xr43Q4+fCq>0D#Dh$9w$pC3^zJ>i|E
zs&Z)W6E$JR%YkLaaTJ!7=;MUgf#KntX256hW1)e+%T{sC2Q8Wg;M^qa$E$O5N$fi|
ze3^w*abeEUwhY7nnNueJfq$W}oFHP^a_Gi8m|2B&>1W;<vDZ-ZYCsvMf&;zV1CelA
zhsTYd4uPQb=TE*}`*Ce5L4hZBG|0J;w0igeQ6<lR2>hubN4^rC0mWU>*Sp!K*+Vt?
zp9y4O1pa?J@iX`dMA7Zxpq2)@_NQwD=O2_Klt-L!oXj4=YE)?glc6)+wFu>Z=>jr3
zx@3>tZeV}k6Q9slG8M$9Xq8y1D7k!T_=Duw4$|7`Z`O#n53A(ftwhWpdu3~~sfBCR
z^#e5sfT$3u>ON1fI@|7Yc%tGbWp4IP;@rn(u=m?v<t<dt1w+1&%C&5<(%8rRZ&A&y
zkkmd`XeRv2gD@;6PuAg#2BlKMK0<5P={4iW(|V@^T|*O1^f@yQ4VRb^mRBGDO<DT5
zs;QSjg*VaX0)CsU`(TQPTKA->fxnpCQ#0bN$^BBTtSLL$=tb8(KPm<+X9=W~fhQEo
zqsbrT*&K}?@|Lh_fBAecK4oeAPfk&3jKkIIKV-8sw63p4Dqf2$V*1&n5@xE(%Z1#P
zHbf)*59aD`SEiiLG^5<`t`m2<vx=S~<VdH%D-UdIA6qNyrJTXZk~d(V%bzcN|48@X
z{BjF3nX(~fb3xK5PpebcE(7m#sW`NQP8)7O?!{)lUI$WGR@<$x3SarziPxRqTy4U5
zAt1(y3XuKN)7vl{6OVKdyd*2K&y|~=$HduXkb24ldpom*&=Q}mxV+O%k5;d7Il@)Q
zWeg8$%HAi=Qfe7y-qhNx4#r0I?L7XO=TckK-)PSJXxaj=<gi;;dfD#^7QWfn2yS|^
z>AHWiuGlnEtffAN3o=b$c3IdN`Q-{SR`>iMv*VAQ(7!GKJL$E~iV5faa0SYLxjI-H
z^(*KEOcA|SF1EerHF*#w6%^j%H@s2o0UhWayi0;wyZ>9ihBMRR6I?0-dft+FtV~;R
z^5_{B#{PUZydIg7A+ddyUlfY*i9F2nyEsnnSN@Tw)=fM<3twq_dlbuMuW$`X9q{u$
z{q1van;gq=Lsl!bHQ`<@{%A0hrjLA#-KNVZRC;GnJ$5boa&522l=MSpATKkM=*Kw_
zQDcEEe6T@DOwPy$)!31pWpEe$fQ@8~x2g{GV^fMgj#u+b!$zx;Znk=?p~T>txuF}K
z!JD<mlwl8FFoajR@JgUynfr4L5r=t@pdB;Mi<%EE<px~Q&o(D=cX_Ens`xYY0dsny
z&uVMRmw1)nyZH5lDAPgQANN6U9|WcJVTAZ1{7_Lr@2<oA1|3E$GbAZPu!r+D^&ny0
zd0pQEVgL;YrpCr2mLWGIDNYs0)6H%d$$mzD)7UZ`Sih;E!H>M2Zr!f^S%G6TaZRYa
zkcQc;1=!@^F}IH00K;`E-HyAHt`_DPlO6?HuW}7H?CBzSu(Ykm6lPCcy}k0)1;jyH
zRZX<4;HsSL+fA#CDI&L}J&T)z+9xgty9)lr9QXwqK9b#;F$1I?k|oDHmmREh+6;YF
za@yl0Hc#CDtwlwk^jD?&ikxWZeZ>Fhl!;)!eRE$2YmNAa>|?gKa2u+yxy32OzpQ!a
zM2czD%+h2~J>8!FB%s<u7D$m!U!US6cPd}Qd5Z>A0svQul{Q#K^LxK47kt&ub*^P+
z@vV4eQla9HC`7a7yB;4!j$eM(qPlHiCGyb5X5UV;iA?SqHlFtG7%^)pI~vK)@ljBc
z2i;M9Ur6JMztsc;wE(SG;t<T26;N1==YQLj@epf8iKN1@wHgPSJDxxB-YSss^lKCO
zp&^wR$&A5Xqkp>a;fdkDf_VI&9h?(+ZsGtF&DeZ_EIy<n$O6)<>2!JK3J#?T%*9+Z
z{x^PSbSu977N8wG+i%(gZ7Xj=-1+lBX31~xRMaG|KqPr;Tt<IFymD}OaW1B1r~JRs
z@+1%BrAl;8(CfFBVb(yqt~bHFj;6Dj+%aKWkzY4SZjc86TBB0v*A{FHvOlC@#HH~C
z2nwG9!)wG0vi{$98~`(&z=f-$d8uGG%@!_<l(KhktqE$l9s!HCxyyw-&7wL>$*ViA
zGrxDd*dcIfzaavfO6YL;Y9{tN-lL>!w&0!-OI6^R&HXeFCi2%)4xLqq0OnzI_j@v^
z0A*o6V6zUP&KT2Y%>_=!CTTOz=Q%sg7Q>Fk&YQA=uwO;o`=;cl+r+xDlVgHCxGcR_
zJ41^^k@hSp4fJ2)w!ATnJPMZ51`#;4hJVm^{o9OX?x-|LU@<d-VC%ab3<mCXA<n4~
znx2fs*&p5%*MN?N@ziM6&{<wH;8$Zq@(t3zVpd^hHzygTa@uccwT`w@I4|bh(tiFW
z*c<L}43)EMZ%}3YSbcl8sLcstaN+V|r75dB9r5>z5zOg`b)$z4y}ptWIXIe|2&Dba
z<Gm~9qfn*QrsDj^beVxPp~{*>3-)w&G=H2X@-F|UN1)_V$cvT)5jXfXlIB5%ucf|v
zW8aOZXyW=BVgB6Hccm11b^t^EZo~1)*#8J2rNQra-P0!0J*2*9zYEG4kv&l9lS?Ah
zV4L`BcOb`Nu;=}fwsHaW>BOm+n-zLn*#)Lf1q`fvNrICC5z%iYWhW??&-aYgyeV+;
z9-5gt;>PXxa&m~bv)(7$BeSY|Rg_z0{4xFCK^N^rQij;cf%#ypq*OlUdT<oYqM#Sy
z{VwW_>3zsLB5wme0djP1;>}^VC?wH)WA^lgs)z5jiO-UCwyYC3#PG*4$u52y?xTVc
z7{>JuO}5g`FYL@8T=hBneH_}<{0pWUQrY?23f6k3UqHiGeHhObi7Z|HiVoK#oQ%=J
z8et}gm5bE9$$98WGn)&lAvq@e<#D-Kh_nA6x2xd(l(mb!-<I1c_M;mNif=uph$w$3
zwRu?d)xig@+rkP%r)!d5t|35sah6uS4#vgEAL(rAYGK~<y!5w3O)0sc9lkmeT-)$S
zg56lIL}l~dg3aStL=#61c#>)D!T>3W>50BRWtmHC;L1o)Y#*Y&`lN}6<8Vrm<8DBB
zsB*=Q1QzIO0U6aL`#QY4sbfNrWxRBl>esM?z=;{&Qyn|nPe<KL?q5dXm{S_CEc|B!
zkm^)2A}j}3?7#W<^9`ZSo5&y1)t|a>SMC}=0eU?_$AFouA|uN9!2ATaw_HyR+%6;B
z!Ka}q2l$KSOpeKVq8So|I9vDPc6teyE`l7}^lfD2_)}k9OzjactrM$|`yIPeDx6-_
z(~u+es~Ycszpb%8Ggc+`Y_!t+K4ZVhI7Di5bK!!Bo)&QvKtp#bXn5*Lv`+nwkrPo4
zWT^O^=XDuzkVU@=FFUIH|H}dhNZ`2|D=&1DHzQr&c7V1v*pQnMFzcKXm-m67pw+2(
z>0rm$2y6r=UD=DgR%E6DW#F_VFOUdE&e?C(8av#I<EdaXK4*64ySS5`(DY=^umvtf
z*Rv*4km<0X7(1|OTV-_*=@3ZA0h!HF0Ym9}ZdNuQPuZ*{l~{0LwsZ1{sN#W(_WL)8
zUE88OXh&4#r<Rj^Xe?Hl6+eOeR~Yv1$L!aZ<BY&w&KDROv#Bb+ChZUEoKLBcPZV#4
zkh^^6W-c`nj=XYY?l98`oObmWD#Rq02?Uj6^5#G-cupCBJHUA*a#ofh7SIM)td`MV
z3?L?{K0CA<IZAaCvYtxDUp$Tx5;g#R%!#(jg^5{1Qkd67z5tuws?O&<M!ZPEKC~vp
zS1;jY@$MIbW0%^ZGG212DwTvogEsz<JlyatFcL=-^`nfQ5ycEILLUByX?Fkn{taYi
z229O*$q}1~MT_5I%)n|RWNp&-YsAl|Q(2pLW?(Prb`$^a47`cE_S$_Wk^}_{IQQYe
zEQNazr*vWS5?_L!+wgOlYoI|zjC9Yg&KL=6DPei-f7v<}{&GaHpSK%co*eT5y%Oqg
z@HDxI;i#PZqbko;ieifh#!Q(vvg)x~x;na~b`K^-wz6URft?Y|lT;g7<B_{>-f;H+
zU4u4Z1OmgtI=)%@DqqX*JmOGhxt1iKSo(p`1Xa5CG0@MhHRQZgn)M0bF)PBKPWGa(
z*4$qf70&4XEBjv+H=L;Sqs5mlVeA8_%3+(j9Osefa`@B6!x@BdcuSlFU5tIo(juYY
zp<_A1hE>M*5>xa=Nvc;&lqE?ZZ<4;ybvN=mCOkQpEr;EaerMz-Wfp$XlNFrxBzfk=
zTxXX|_(#hYUUcw#@dTRS`IwIM!uq(chktNWWiy@n_ppSEI;#&)HAiS%P+(+hg`9YX
zwT9|FR)$NA4W1)hb>J+QhH;N44U_>;Kb>6thfvzoeR*|(eKlaN311{kqkHP=7lsTn
z=gJT9yO6`w$8Bs|@_cCY-we_d^jxm^_QB@JU`bB*_;~5jap$*E11A4+Op9mDPk?aQ
z&Vor{5-bTWenR^bY}Rvd7xA>`&hv$;Bl9N}_`Q@no{WQg0%?=Dkv>_vdo2d!+Na}#
zidp=Tq=XMuzNjMW;YS1Cfyk{JG5|IDNGMFXu7O@;c5}`rOoyO}pB;xC{{1>(D7kYR
z&+nOnr7skVZ<uD48<Sl}s?ckoK{0@IRZ@*Bm~-IGo0^R=VF%)!_%OmNl3QfYvn)L`
zGfztHqufZ`y^}nf9l0u4C95njxOdXSto56)L1#K67}iR8(Ug^$o+o&ranmrnq4xnb
zv349l*S#}h4u6?z6RcyVaBfIWY8FSm>~C>*Mf~PKSQ1?KAxm}o+j}F!m7nC=AJ_C3
z9DV+%9bjiW)Tq9h)BqE5@EJ2_N5EU%t@l=X-pfp>rX9(f<iK4T-QS#fm;L@tD*|eV
zgk?HgFf7qdr5Bu^+<5$J+V*gB8=68ICQsKcE|sMBqBOT|O>nLfGi)ut>^@jXi7bw6
zEBy%gW=M1Go|<u`tZxh42(w`H`U3Q=dtS`H*O5+4$@@r3&;h_hkn%dYcIOoS6R%Oo
z5vvf)qbSr?J6>9#@ew_pa5eg5o}P5(Mc&vp6&XEvNql8G4z<cq(2dB1R4KN}2|Mxk
z4>TaRO~yQ+5Jv1@5zomhxEl)%@09$Wa0W(KjtejY!I!Y!1>LHUGin}#ZoT5SR@H1<
zVjN>Rr32g08jxnnA85Kuny}h<iU36P=Mu^)lCcP6d;s}`l#PjO!>n}&P3o_X79V{=
z9slZ=t^hQInKc!ZAFOjGju0m%1+RhD{`k&1^<rOSB8>u%z*mu*#z!f_Tbf+(uxV@c
z`@{gU0W^rVSdC;ZdbQPO#4A*1uS`DKmUrEDloOH|SRuZp$2^+qoz1@e$c%w!>e1du
z@z%HnMm`Z$%sL*TfhP$QTsdoYhm_`cn}#KadqXJ~5F4j};%@mUYJ@;sk_lor#Rb$2
zh!NUG<|Nk3F?Ilgn4;0&DN+L*6e@ITGcMhB$+}ERw-J))eN0|_6Cj<0J412|w)!8d
zPZfDCcog^GkKmsbIUJO=VPx2Ns<=`>BYN8FXuqH!g*)@M&)k=fd<uO5YuaCCeWsma
z9oopn11571AXzq$ZS|j%>*5mlJYNXOIw|&mhrmiNCJV^`9uAPXib59TNdW^`*cOU;
zpMGQp_5~n>p<$Nte`j5RJ}83Zbxl2m{RG6+iE<>Xya!T1L5pz*zI=BPHOaz%AJFi*
zgd6P&vPPUKT!Y;74ACAA;Jz*?M~A)jMm((#&m}f<_s5?x5r;sc*A7wqecSZd!v~XX
zN^=Njp)jP!s&_D%gPfEIqgpg4TQH8>dXFl0xh3+;t|HSLS|ixh{M)3fbQhWZpl_#e
zE+^P8qpih2#%_bX2Q@Cf9%j^k+FLcFw;GpUY9@PWyIp=BA+n>w(_gv>P}}i5)Zy<X
z?2%N|;ZsstP~MWH$`$#$i?=O#OIyw5?)!EBh;%Q_=)G`RfxJZ((U+gt$V5I86iwU!
z6%v*7z9c_c6?RBO*h~qC4Rep9vp~dbhMb&S_N6P!wiOB-8V~dO37zBne!WEp^%G(T
z>p5c<Cr?c9!Ov-A+kW}FkZIi3PkWSmH(aulryWNEb7<f*gNpo46MxnjcQ~$Gll+HH
z9HI9Lw=u+Sr29qCHFq@ZdD(H47CLB`^IzhSw!}&o$e+N(z>(kI;It7Q<TjFL{)mW;
zgv%4YFUhY+V}HDE;Y5qXF2=f*<jbULCa*V{5BA2M1nFLOX=EjxEP>b8#3TT4(9i1%
zJ43ZkUiB`}^qOUwbTanufa?lHe|GfU^n5VR!pqk*=@%9rp?E7gXXE;xa6TExTjknx
zDvlMDdSuzLWwcrrVQ+bnjQh^_-WhN-HuJ;jIV5_6Ywhgu`GRZ%E6em_;%`@=vfz12
zIA<D!_*D;K$Fw0=i~spn^;`6n1X^(DNhTF}`ssUqox%0Rd1(0$L#E?OrD?j~%yY58
zw;wU?pWMdt?JnT;b`1s3iAO3)n@cbj-7y&ci(>4`pZcQcM1AE$_1snv{}pFD6aJ9_
z4?%N%Vwh)U&!o#jSm|s=bHH-~Hk+;H-n*_Unng|GE^7yQ4&{b(_v5O@TjERaGY_sZ
zdR8^sn>_l{cz{Rip*TMou;JkY(pNuZ!`o;tXh|?T4W=h;w!vE8v&xaM@<bvV@K(P0
zsQy^k_IrYs<*)j>kdyO)@sof)F$Eix%e&m+7E7}!F@AsO{z{p7Vctm$fjc0cRrFtX
zlQ#8BF%m?1XIh#I=h;bGZH--kh_`~AN<S?X<5OeGKl^k6_1d{eu*o?I(U^$`Za<Y|
zj;z0oJp01m5+*oJF7&KQ8TjoAWp(7@uJ9bYef3VFf2%1MQT?~1-8TJ}@*YF-vOfv+
ziboH|Gi^NBrsoVUiy8UPBKavlk8de#tZv&|jcas%2JR;HPn><!d=5ScS|Og0@c%@7
zNd@-&hK5OI-q7!`XeR93N4px9XkQQfEni470HSGr&;h#+<c$kFzST|a1%4yDo+NKE
zTZ?W3@6xX27SHhOWA#W59-E~icO8>x&a5QbHXrdz0f>{>qkScFYfMso!t*F1-8QT<
zbG->zVIG-<y1OV}z1~eNcvcIi)$O>*XVxO3s!(wI7s>tj+LWyeP^)n=!(JKZR`$CW
zbrtpr3>77q&^m`AfTw_6>8{uiEM-!0455c1>9i3M2IB7{8FcNtcgU#EVLkWho(s!8
zPM>LZx4~l0WV32P!e3B{BfT%YSa<EjkpWBa8A#!m42{7g_fyg_PZMpoPS)E1@y2E)
z$H*k!N(wp<l1X$U^2dT4$r9?)SzHq6ov!&SAW|W{l2%n^&HWV6rHSRV=Ns-DRkcX2
z3fpQu;Q7U;M=$252<e4&vqNO-2s_ZfsLmrOTlC|k>t^GSULrLVBTvfvc>j0PZyX9U
z1wKSub+D8~DEyB&pL+Qd!e0sKXjFX!O7?Jux6rLW?aR`>6Fc<p)Y}cDSvV?Si}Zjy
zSU)8EKPBM+m<}b99C4pC$QV5?Fp{@L6*bXky6674^X{czig*W?zG}Pcd7y6M=k#G)
zK=kb%U(1<xzEjO0fBC85DHVI9Fr|#LyhrQ+bJb~b1!ANdEwSE5Tb<><e9vr(UtjB3
z(|M>S=zry9{lLW<%xL|<ZLWDF*!kX*VpX5kjQB9`WYk`h;r_c^c~=A93jqjD|I;6@
za=m`EER*?OtvSh+Q-7lUY6I-G!0ZF8uBi7l!nyb_VWz6dRm{5$2IpxCFHqXKoVxj0
z+OGn?e4ujZeKB2D$Uwr6;pcp#7Wfy;>s6?E4nbm+aH2xiqHQAL=q+@*gs4!yiYj^b
z%5|Escmm0Pdv0&qA3r}XsmOY)vR2t~_RkgOYL+d`x(}}2;8So}cHT~H+7uhlDE`JL
zydI(^M<OKpw!8KrUqd9(N4=G=V+V0N6JZ@cBD~(tdEpbq+{QEP$RVi?X;VN(Aj|dZ
zNfu}Cs)RJAtVmWF2`$5Q(u)L7>aSbJ!z)dF_Q<j{_`S8AnjIRjc`6qo$mD?uGLq@d
ziafctc?-fL*kBL?8z3H2HQp79(WB<p`lnNTK3!tL9j=4b&6=e-=KC~XIie{vsR5)-
z^BzpL7GG}61pawsGdkzH6gRo}u`LfoQdrmwjwKdDH(9M>#+&U%GkvcKMl_0HyZ_FJ
zs4Z?P+P={#b4khb%WiqDzMRcuo1K>f`TI38D@Lku7o@uy>mi{PiWt<EQ^aGF*w_-~
zVoeX07zHyp`)=m4;SFd3jX(?8Egr#n4w-Z$UtC;mX9oW-1b#30UD7|_$PLZ4uZNhi
zIJxhixqg$6EUR!_%}iKFe16n>&$DEy!$&3KhSJRs^~5n!*APp8LXL**&LZRDO_YXi
zfLJYz;=B1HE;4~`Kk<5@HLA;38tI`Im>mkG5yPT{tkyB#?R~-P0q=0cl+syf_W|a;
z`%Tz<{PS{7xr-m7(kw~;BhRTbnN9^Juzfv)nA8k9%*q91{6zKvxnF`-+jDx%igiJ3
zg?p)11ce4Vee@v6WkEneG`#<9m$28Rite?zb;R_)93WZYmAKF}SyVq<k#|ztl=QF`
zFaLQP9LL$teBCKvD<~wQCK1x>K0b>CH@)*4m=nr)BlxSbFu6?*Lty<|<sQVf`mnTG
z8ffwPL;IUk?UUKV&sw_-zO|X0)X?)y%a%a92>(O>G6|>Q<%^HwoEO7m2dc6U3O+Z6
z{J1k(v@~w%w8>nspPWR=CkTpIxlZrTVG&D>3bR{HUuPsRY=uzoG)*R1-r~ns=>sZ7
zN>r2psRjOX`h)3e(=5a~yW8AE137$T9wyVdt1DssiHqYyT|omZ&M@jKeq=h*#MlHf
zk_Vy01rHU<hfo~^G_I8wl014#?$>5v4F=6|S}!Y2>bkaeLJlkwuV8Cr<Dn#<kiwkn
zw$FP5zLJsHt0<_jI!7N>pg;eXGZ+z!v3wthFc|HB-{n3~X|0O{vFjc}(pb(|r?SGo
z4C#*YoG*=^JBTBeH$9*3Zy37&(infdRZM|r`NF<Ny8VZpWv;q{-G;gZOuBv%$k{Sk
zcBRdo%bkm-hg!HC7Diqf8#C|wWt8ah*RM3TM7Jd)c_880xy1FotQ?PzAmq}E1*_y7
z=)iiEZS6L!VqwEgt?eoK%QWSZ5iPI3gD3Md5r+-%mr2<R-XmuM`PAHGJU>cQ*|)Ze
z6fWwh1aT9knZIAR$GqMxv?h_>vj<fusHP8xU910{;7zV1nCIT*0*+eEmkYmzgKh0k
z`c0=18Dn)XZx9PCbpkaKGAOYJSTNl?(0>VlWvn7uESBx`xr|v=$P>3M*eUc>z&-uH
zL?b{CVCR0%m`oV|3X#=7&yzOqlQ;;<O<Pxv`1^GxDW35E0yrUpaoPSZxQ4-`J)q_V
zaJnh5FDQ4oL)Qs@>rL@>gYHeW2ldGASint26{XNaJ@MFNmIuob9o+*^pI=5J7L_HJ
z9^erT|0Md@N$NiWCH|92-8%<snWiVx5twLhrW8Lc6^s#5uX+QoNCDWXl27zl{QmVE
zR~pkHdui2dpJ-MxotHleFNQs2%x}NNZA5n%@RPI;@-J!_&%T671Ykms6Ik|r<>b5R
zl4FjQPoUs{2>ytJKOWf$qnw{%c`2f1{luLE<z>jpiz5;0;m6a~@HkgDe#XnODR4oW
zyE_RsP|9j>E_ri4eSj3n_+ACee8sZX9d)i8Yh?~W#rEPpO|%eY1v~p1Et&hGKnc-k
z;u0H`Y%ISpYk>1V`i0E}dDiY~#qq#H;mPb>8fN}{8va--4(SNaawkO>_zv3YlbdB7
zTjs*x$UvpW8Z3jmQl6FA>MwxnxkQhpH+0AKOxx_nq6m?pxu&wcMy!(-`0ML&9KRr_
z>3L)s@vlo`_~xIzG(VZCH!%NVq<}E(^QB(vi67{$au$wYjmtL!AeJcYVGyc4x+k*E
zA^#wnd#df5Lp19;sU>l6Kg^r|c{rT7j)*uqI9akI-<xd0_%S9p!AkiGLT!P;6y~uy
zx$&7i`<yxoU5Fex)Uxm=#O|y6*zEvX_+-o^r?eei^fPj;B?_pV*-LG3c*JX-HjQYr
z&KcM2VIby`i3}R#Cb+mx5&i{z@`uh|$KfM_8wV2-B|65~>deY9#0H{9=EwekJkW>x
zM?V=BM9-d?yXq?6hp{8B2|QnFy|*5Yjbf_MnKCVbyC>9azH9i|7ozt3LQaQ6%Beg;
z4(huUhNv16#v5d`$|nvlhmV1)q&R}sCF;dMkx&DB=Ygmb=q<(47(3`??7H1y&kxNv
zV_h@Px^K;R^nMJsp=K4N9z0NT#L+rRS=U(JAfx=QlnW?XY2IZ@SIXYDStHmr{3wv+
zE~eOab7M}<zrajpe59P<?EON|_tcenJTcXLY@pgR4DqPp#Zi@#uJc(q|B)7Nlo0eP
zp@~2{vI)O{1c8f1Z3bVNF87iVZ!pDXB?h3ax$q=XxurySxbG!y<KS)bUpIrqBoeHn
z+vOg&ta>FD%AjUndtm~l-J2wyV2hmcSY6w9T6{nQSrnOp#>*t;cp?+Q6+@p6qGs%3
zKH7LvELfg52wHM%bJlj6=jh-|CI~+P#6(v=ADKDE9cdl?Ey~`oC7RX}pD5&~AF<-A
z-U4Z^z`mEcpaT8ZAp7*^+J$eMo{_|R`tZ>YA^<A~DWX3kU6<^2ddh#8Ty)&4n~5+w
zLOz;V=hEZ#*w!vX^vDjgu9K|oSBj&eN89w3g)Abn+D_k&0!X8++#)t&om=KrdSC4M
z<+jdfb%RYqjswZ$8s@r`pDsIIO*ikNLwRtrZS@2Naf<y~Kno?@mylws#H0K%zxe2m
z1o+tNSOYxYY_+QV*>A~*LJZmi)>4%ksLZB`W4{ILe^-lL;h|#N0yf&f5C7u0+rnM0
zaCFnp1MQx>9kuM(at+Mxi~?5T@T}ATK|kOMh)8t`6Xw12vIr+xapvt(pc^67;{m2Q
zH?9$zJ-`oRT>$&ehXE_kQq~t?_Gbw)x>x5RJ33}tT}a3es=%kE416Ily?X+fYmqv)
zekFp~nvuL)degYG8_b|uyfG6%($vM_P*PH48Tb@fTy7KG0slre_Z4cjuu7yfpABBX
zoLzM3eFv)$k0yCk?(adAJ>MbU<_OxxiZyID-{~a`UV_F4NrHAc;)MHB4%f7;^OM9$
z*KUJk65qZy68myb|9Q(dmxOfMjXhAaztOpf6t7jMfn)`O{-367M58T|CES^`I&Ng_
zzrFjwF66VYjEs8>f2q;~e#q5GZv_H4=DD@9w=H;<=Fh!kL#4NmsGg?>-nwE4?!1-;
zVTNYC0tubFErL`r_)_;^!>2_0l+9JKe;_SIjCTBgq}@M|?xwkz`AzPJX3150Uy+kr
zS!4gp52(&ByQA~ODE+j}Th!|oq~hsUlhXKt?Y>g!uMtOI^&*S+K%RI03-pyIjG&->
zL}#49Wzc^?a5Q`$<I6zp!vwDdkdW(FQnta3<e04*_Hwm=d!aKD`i4Pr%NB7JanMqU
zhqbg$#%!GGXw^;1lbMd*CC5hRaP9Z0DH8=Y<qeMfZ!HlI8%PbeZy0FAGG|o;E<QoZ
zr}us1qdu&2y!|n~26Q1{(ZuImw|?Cl)HfPKhPW-w9WC}cs@*A);d|n>WFCF!Rh&3g
z)k`q#bM@YLi##+W0UM>*ckC^&W5y*4lAY#iw?nl->TcHRG`7C|eyV<^?Pvl+upBy@
zWKEMGKaU$BYJ^*h7($9&Zb2?viUWyMJ9lxeW>xAe+v&2C1?5Vp_2OxDSu11Ug5e;+
zVwvGQtLJk{X2IVESlv0q<)15Js>^I*xy+bmeIwo<*I@naYX-Ltv#O2kh7nem{+b}k
z-uUTq_4scWvls8oY1mfT>hwn)#tS2OdszGT((wQ}83QkIB2r0j^Lk~l+b`NlMLmu(
zo%nN_TkoIGeTzK~&zJo)+iMz&i->szh^<1h9*Tq01UwzXA3N=Y{h$G2?MS(w65%CC
ze(WXs0%1J}>_8#)QYlSZni>!O64PD$PiBMUjQh&(yPPhLK|5PCw6Kd~pp-i{ZSd5|
zNNKmpW6*ijv%zOO9PA7>&}+aKJ6?2lR_bfZESKbcMvDTe=%Lg?iEZ2r+1aT{E9Jz9
z6&o0%!<ReI@FeA^@wIFdOCmkXDm7#+-3`$|_0(j`y83Yt*Tz)r{j}~IROJ}De`;Ll
ztf`P2C%@EBcq7;~3i;?6H<*TuSCWsmYQS?H$eX_X6!W7D&#ko=>2^TO0HS<wx}0RF
z!4hvr=Y=9cL86EwUWD|xA-=JZUyJh@3I4q&=Y-%pu&H@0q9?%hvhy256;-dPCje@#
zSn;V`0r1v)=-^A}?|YXfF^2^Yp0-Er_8|9{+nR|=9IG#-8E9cTB!>D)VVSQ_o|a)e
zye0ash!-GDyX2UO8Y8sYso*EbPo|g)fA$MqwYYubT0{h1QGoyaZR;S#tClA!t5HNB
zGH!W_ukob2Z@JVQA#ON(sAH#WrRk%XdW8aSV$R#)p8~&+YYQMhpd>bpDA{lESFT&0
z`GsTSu}vFI>m22E-j_qlbu4KlkcEWfeS!G_KkO97@bez=%)cIyZgUqDxD=O4?tynS
zkWEr_*(ZfaJy5muzs=Lh(5G*uvt^%yczz9T!-bh&XQyqCw?D+lsA9YRO9V=#uUz<{
z(^dKc2#c*hbK6_WhI02YdJ4#d?=8|>J~b<YIA)HDHV9LYOOASn>b*jXOsxJ<^M2qM
z!uL3yre*-ZHjIfi{ED>NgVOVrmf-O6II&9lZWu~=ES1U=-sf4Lo<b%sy~g<?%L0#h
zD+c_zCm#EvsFII-=qVTRZ~YfYIR%#W(T2|06;&g(2jh^G#<ef5Z93Tr0zxf5;8s9$
z@N&OU1OIG|Wjr-3A8>ke%C)5zn*=9|YKBm`VoukhaGTihb8|-EdV&jtx|QuI_uw9U
z(2XFW@+4$eS|Iw>k*&Y^H5U13!zVu}v?A$|I0}TN6?P&?W^l}~43yR|i-uGU%_6`}
z_Ah2h?>{grZY&aEcbC9Ss&_2>$-?S3BU)=wZCru&Tm0C{!1wY<`PD_)N(*u{9S@`Y
zO}~HVh1fd?;J6JPzcQ4107yO*muAiqsHGK-mTBDzy>FOB=7lNsywaf>yQ6;<#p%pL
z_Zm(#UT23t7idi#0nH@N!`E&QTVV2}C`3hUo)Phq2;Y)bW1K(h0*5+;SDBwL?g4WE
zne1IWW&#JEZz~<c87eVe(hfn$$}uW2ZL=7G$d~(+Rjzp9tao@ttfBW!zAGE6Td;GI
z11CZF;p3;#F}Kf1S(l-XSKU*8g6{I9{l9E^s1e<!l!MhSvNmnib@j9(HUavcro;ux
z>`*jBKc94Pp%$>+74k3RCV;<dw0SeBS}ZuaG7rqJHNoj1R;4F88ybOdLjaF35FY-@
zwgT~ewE7&u=x_FE=LI%HZ2i&egI}67{Rw!@-o7}(FF$edZy(I9{C<Be;Bofb_dR|z
zMRZhe&i=(`Kbi%q%kvJg-&Lt%WugvrhFB#x$XGTvP75%Gfe2r9j-iP5Wp(ee$oFA_
z8eGxV6|f1U!|fQBW8mMr`gs%y!R3|LkTiT?#EzeDaAYjCBQzg+Uo+&6SYE0578%AD
zPo96NFhfRa1fM996j@Pg%l};O&)?U)G=27_)W>xgl*R&!vKao3FQOV=k6W1RxYH_W
z;VNo{CyqQWzWhh=w=<@T;c)4}e?b(jS3Fa#vLX6|{q?#STLB$yf!jbt2dfh8;uj%?
z`^!OdwdbrDQBB>)ZAH{_&z@D~aF#EJ^<zeN8J5Tz><yFQ1Rd|+K{vpv|Ar;npZ(H!
zNbz0>0D)X{m%|AmZ>`%_@BL9Egd=xeFZt#1zh4?HK;>(U7vB#5G!U*TAlNvP0nt0H
zO``iW!9FM&1UY=7d|NF+{ZpU*^&q&zt0{uIJBtwe7c4(UZ#0B|B;n-X3te6<WcW=6
z&#=mEo*drXevtkb_G3?)a6~;AMu&K9a{qotbTg7MJkmhI4<pFQ-o+uRNBt<P$b?q4
zyR<Zw9RK!_q_cgxPT<WukFRom-bFI+gF7fHo@59lH?t!5OWGRcww<E?VX{=gnFs`>
z&WOrNxF$Mnm?C{`Wd|&nHY{xZ-%9t7pY;alpQ(k0Sv5hn>yT}V7lR(Y;k-Pt?;W2}
zno{n0i(@NsUtqQge^gx+we#5XVxl>AEB)?lm{zNJJ4r2<rZl7K<@wmWB?Wm({5<K8
z9zUV|?ew{L{MH;q8-$F~3^x#<fZ5E^vKt?Od!@!xkEEMRZko&Vsk3l?wwK6;haD{z
z&;ozIx)(4Pc2jRYr_K$e1<G-igo8WYV(_O>L>0j=^V4?A%H~b;7tURk{7%G&pKJ~I
zc~l(iJ<ug8zmGQ^gju03M<?UZcH&4SV7(18xDv7c*Z8ANcYfV0OW<La9-=GMTf}j3
zrQjKU=b+(1`X{Ht3#+|9J$ype*9v*d6el5_FR!>9<jukGM<O~N&q-z-`D-4iwVlUY
zx4{dsZ&kskn%f??bPL*wBFk>PSQ&W5-9^I5+XO*j&*37DYAsWU?Uo)q0|LrHfS>I~
z`RNJ#s5Cw4|LXtSqz8R2=64(1xDk0%_lnz(cMT6l=46VriAR0$=^uD}wQ~}bMtmS(
z4`|UK6c*I{sO|A}ZcR3V$cxW&FOE56llm`EVemKoR+L{QnOG%Wd?%t()>VIQ2CsvY
zTHjslD=GUw{+y=}J>vQrICE(l?2C15B#bg<C)o1V&|bqLKl`~22%Ar&2*kdA`mM+D
z-M13dLN5*f(vSW<ssn`De_L_=w<-xG+FP%02#P(FHTpohlorg!D~)^xYLVdI@8|~`
zPj;gbuL3%aK8>DJ@d=bIgYFfTcRQZ{_R#LG%-LE47mBHDh1mc37U(wFZ=mbANjhlP
zM(h3fZt8sr0{{1ej2Cf2BY4x<U+eZNWy2xx@eg$4DF`52_WdH9DrV1P*R&2X@cUyC
zkg@-p>f}r}3q=r+emMar7**CsGi#<7i_8Q1g5EO(*A#6?k1_hGC3hQbMg6A~SB(_W
zf%}!{d8AK$;)bVu+&9M+1}!;fj1AJ?Q;syeO|#j0fd>zOP50O1TzR0|o@{cYu&w6m
z6n2d{fSlX-+;0=KYpql$9&(qkbO5P(zlECILdnXezaD{*wvua2VAf>9(O0jZY`%<x
z06YaEMtz@@pD7$?nh9h8L>ZEJK7z_p)B)1QNdj|(%ff{d_7i^U<@Q7V>uFQ*8#4hc
z{d7hp0lVFna`g*6P?sO)wYQC(9&P+(Ra^C<C`uC$(-=`)w)j2$k?d`j`N+xIXFW{G
zRwCQUB<mA?>04UN1ttxQy(30<OH*yL<`FyLp@r)p#Q|@RiClg3phepaYPC5is0tLB
zC$g4WBryZNA8fD!BeLkS38+Qep56RM+J3tlp)=%gdLJfl!h{%5mORzwQ$+5{N)cw!
z5?59s$l&l#CfSi%5H=^J=8n^Q6GA0<meZ_~-iw6(cO9x%Ltw``;~3B*O!0a(5xrcT
zdk}x-k_}H1XFX5!HM~oT3j7=NEU6~qnK6y<kKs&Mc?q4t&;0#KxqSy((s*K`zi}tY
z+XE@9`&D=gBU0q>F}P!|4gTjd{v;RR)}h%$$R1A#Cdv<QyxDAqyne1abu6FDpKf{Q
z1>W(sGwap8<NF5?E)hX?A$GTyD(42z?`>c-9e(9mYl4$NBi}Y>fpFx>L+nZL8p&W=
zqH(p%`wy^+3p%|Y+5TKz%@xR2h<@RoOLbJlk9=$C>3LTp2cMprmUG6Ebc+f3cImxE
z^7{<@17E<9`7G?8CcXLoncL3s3hf{>mX2s_OibDYvC$j<(iBTMuKm@kaO=Ra+*};e
zv$`|s!2@&@YPJxw;Qmn*<2nYKfALEKatk<5weVUalP=;(II8F|0c<H19{ud920CE&
z#lmCG-R<#^I0KUf231%Tb8C;PJ^>`$YMj=0M>=JLX`)~Fg}m#NHi$RoBzOzV5DWzz
z3u)3@H-c}7$@FTFvN-t$wY3Wye}<PZ0II(?L70m%$m9jFWbOzeguC!3{9Q{ZG_wY5
zyfr4aAyZz^76SB-fCEBy3f8lH=J8)F=Y68Jj`<gezTlM?PUj2o+c)N=7;o&zRinde
zz5xIE?}4a}gGo`y1L9k}=3`>%5Bz-XFVGuOWb?sxJqWsoRAI|W5JGN^9Xv~=a8<Rr
zll$h}zq>Ml*>Q+VT<nDc9sB+Ne>DnMv~KytnAm-@1K#|}@9tyZ2XtI76zESvUQV76
zCs)JB79KtFX;9a^PD`#k#*pa5_UUEWt5?hvCV8TCYm^W5YK6*_`o-=%M7cz8=nYYe
z-@Y1ewbdg~U`8ugUaYPA@|I$)VxEE`a8cKC(Ge!fPJ1g`0Y0|18if9P^rdIKZB8o+
zJo}>$Jc+gxosa*8Q?-eDvj1(7lQ2Z8oZ9D5Io3om+dPWJ&o-gs?yc^q{ksGaJAl|u
z6mzWzshXN{#j;yN>{1fX+IlOYzOHq7Su0>M6&?5cB<K*GAh6;L?;8(XZ|M6n0F47(
z3_QkzE>D$TxMpcEsh?;NGN3auHvGRF2LL2w?SKwK3!(ephq}-LZ%RzTGaJ6zE|cxs
ze9HpV-P7*z+Vb>yr_L^kKC!~vpF*&pJt_+<#Qo|hKqb8eOpsbCfx_<~?}PcKY5(U#
zCuMYc^}&q+mUDVq*aXvOI=#1P-FufZu3t*=s9=ZG8A3kr_>Y~LRk;#!RMsObUXiu3
z*F{CduBn+^uMT*hYfJxaZTeJKDM5&qQ9i1-7X6-sib@|6n2c%28i$L4Vij61Kva?G
zf^PWG^9(!UH;SJNbvighoDJF#ZG%b3j$8Bg!av$IcUwQ*|ME;7xoaJL-g8f8U3Psk
z5q2?P{vLnW>9cI7y5BzYoFdjL<)tIW6k|<<;=x!T4RZIpa|U(zJz^1F77Iqg<~V@Q
z^|9H?uLr&pySdS9j}K?wu@SEmivVH3keG!Rz=DvFRVJW@14Ng2{c=zfWx$e)uOqvq
z#h6SNT_$5z8YCR6=DI3RQ5f9Z{AW{2^k<sc*&}jh^iUCHNj}sUqin8W9ertnR~kFH
zI9nM<=YZhpcO*fQZw!voi5sAzySe33iq7;7m=J*+82vBR6*Hcwj6WMHE7&D8CzyEs
z255cnW+KXbgK7WKuKynV4Lo?vc+MDI^Bi!8NCr#DPcCMGet}NdL#OEs?fGI~$K%d|
zieiRJqp#xfa1~262pjMSY{{>y#Sy6V<ANA(EHu?DUBh2_03H#DB=%;4l!-h*?;#`=
zAhp&5TNWFi8-~ERT>SipR06tVAq_IEskIxkhrR3sDt9KYGC7zJ?}!jh0d)!dJsjxt
zo<K2#1u!MTUl43;PS`J-o`N#0JlE4APAz_Pr_wQb?;?Ag?OqIlJx_FPzX@#yv%a`k
z;8{BPSEH}&WUYUrG+QB{KpHGHdNiWhpv*H?Lwqm0!J*DO=CBFhtRW9iNLdWam3iRG
zCI)LHe_DOYNl1|CZ!xR5%V=<qqC-_+1NKN7l0d`!b^j9&z7!|)ZvOwH>Z_xo`rfal
zOC1`O7!Z(BFbRnv1r!NULXaUvr3EAeE(l1dG$J{4DBT7ODWMY5A)N{`L(VX9-#hsE
z{?>Ze`A1leYmVnUwfBC`6Fqyeka|%F54)}d>VigmZ>y_>M5@t&yg=y{-%7XB_4#@2
zD?dWXUVH2Jm3OsOPH4qmoj?ofbsNNK;f!$>WbFpj!#ryYE18vijF%Bm75s!B=RAp@
zZ9_r-#uMT-@~tU)?UB22Y+X6u*i?DNKJ<abn<@1RUD2e+W>x+AS`A@f_|Yn1PYBAj
zofCrY5^UW1F|YOtE18G<d=Xax-KV7b1%vM5?Qb+B`*K6gb#4wNx`(}JN4w6T79J7%
zf=)g8FCym%p~^j9bTn*VC}z!}C00K2Q|IUfDCVu+H#|4l@5jht>jZmfM961hn&*u5
z3^+_)gORiS-JfxQA*>1L0pYtkKM_K_OUzG>ug_*f<43C{hBL6HYbSo+nLy6NTrYgp
zz)AH)V^VfB$nJkx$zcJEKmyMa*qZc$wQV+}Dh$00bb|?CvQa+tg!Qb`Q(}nJ@)_-z
z`e%9@2Av(yG-_2828}@z;bU~$z!KOECV~VL0_dGF?&b`+B?UnyAiapHmg=%il4AVV
zKkl8UbK44u<vC}o3NkIQrYrMYpJVQHn^KE;vLCw_ez$AWtItxxExs>N-jZ?r?LqM4
z@3HI(J%sq@>4a1GcgCBc%(-Zs!L}Gl81j-Dp=VZ%_QxIz5rv4N#C5Ze11vdbaT3Ja
zJZBYo)dcbIZ8Y=SIMCc$^6abX{BF>csD|a~L~#Olh-F(HK-v3A`r`r*`EN~@x&+lM
z^tWg)fX(e-8xY*?#j%s|7Khxfz{~wWH~rXgE08?@@r=qBCYjqBqQ+81{GpbL^JyVX
z`j*y`vu>aJp4Ms6ai4xD^Qh(9F+Wn!wEaB+xr00Nb6V8Lm1p?YqRoT)r^B84(?dn9
z<bT_s*94y*sN3B*U0ASxE3?#K(=k!KIuddQJ@C6)I@HaAY&rJ%0A;MVJ&?o8C>|^m
zh6qDva3#EP$8Z*E9Np0f$bX?KleW<|oW3HNI<wR&;R~>6v^Y5*XMy7=7dZQS?(lMm
zZYTUulNb)2na}l($wn?P|8wZ+HOD7JLI;k6-w^lUw<u)ubF@9^UDPgW1!)Oy=HHoZ
z<^t^OgzZdi-e5YJc3he8=airKN5o1l1@E2BK>dp5B4owTo)ic_#l%(A^Hb<FgVQQ^
zdHjX#6~)&O<N9PUr<gBg`Ff_dq4+au)$}LuT{e<bsy>nDe0*mYTJ*n3nTGV$Xv3GC
zEGIPuD^YFmHsoBC!~E=Pi7<qOOxx@>VvV5}x_C?uf}k-r)>%-9m8<Av*%I)nCkYzm
zZA@Oh{~H+H=XJiV$p5+w=V)sSW-Zwb$u1!5hUGay6C!d49*vM7(>oO7c%xKnf;F((
zok(b=sLz9TYv)eHm#Pn8QHSNy(qpSj7tur-G5pjP=lMw9b*rMf+G}&?G;$0_yZhLc
zA{`pvh&C)p%=5DRQ8w_X>5f!-lqR)G%&uJB(J2vcQ)PGK3HN}lKAC+ib@&RD6xI0e
zZVE%en{q34Ut3WX4t>Nx15BZKgGh9Z1Iuus3o<smQYxqW)x&OK#X4s>fxE<Ok6#Wj
zE08xh2*R-X`j1zf-y3X5L8qCxU_jZ(e}8CF#x~e?2E7oYGI5`Gvmguyc!i<9FM6mU
zqDuALT;G)80tddFZ5C;HK(fo7ebs8Tlpal9zjs+~M~h^Y&cMmOBb<ugNvHnkRhy==
zW8d7+4nK}jFIGK@MLqD^8+T-yNm087YnDY(yA>O;8x<JsJ8@J$`IZ!7o{Eb?8)CYF
zLF8hYt%T5wK<L@pvmK|m5lg_wpOj;<z`{BKPVnjHQ&rdT(74m<_aonh5x43F!SXW5
zIT~H60)KWq=LBv_heCRHxPXXCrdU2WdV|y@q4)zG(iIMb1ExacvNAXnYp0_T@OOg;
z_nM`1?g<tBEjH%$DZG#$mwC%lo-H=7psrkr3Kp~S<j}s~BStCf!X4k}A5@k8h_<lu
znbdbIbLr}81*Re<`3}KzZUTY^mtjv(qY1!~_b@HySck6}z5l7nmUR>CC3lmVfn(CN
zLGOd_-{ojS=HH?-l6-WQxIWLw8aXXYyZ{PgLy52mvu*SeC`E>*H<k&*@TeA}ushob
zU0ShlXoq89`3Lx;H^Q*0ef$;YG=q&-peUF`tYo|!o&eUFlK+K+aM1J`xx#7fQWe}L
zZTP}{p$zWF>(>MQoGWUEoS#`d&?{WH5hX(<BFs&%JXLEcsmB-Em36^@c))nP%Gq`7
zPe&kn<rRZ-$k>{NV_#Q~Ue<@eI}9D2YG-yZx2!a;BeX!xlUO7sYN@|dnC41v40Mi9
z*O3Ei`(jIK`#kT}a2k|U2#RnK#ELMEWuO-_lp~iI8N+7Tnu9YQP{THK9CreURpsz=
z`xKucUj+^;p8@Wu5@#K8$Q>EBE8eXsB+tt_WL^5p?UQbx2>2m_$YX(3?2kXd%&y|P
zLzT9^#(atFXyo@vxA;?)fasn7P;Gc!Y*>aX5p$gJa(LpmU%drihxqbLIYl)@#_uQX
zGB3ES&HRpX_5164tWE~9qo=GU|DPSvS*Tw8!w@Vi9fqi3Iit_q1G(v0`-G)<`43@v
zRY?MG>>r-YZFOWPb3?08Amn@_L7G^XG?V=@nG{b74;YyF=_}$SOi0%&fo?QI)!pLW
z5g2eOdnOFZaqtzBccB5%h|^bi$Q=JIN(RUwu21f_-~r12n3j$g_4c^ZqG=N6zV&|!
z;0QY3?>L+|IH#}5)n%F~`?+bx^y)*__Tv{9v#teZA9MPyUE97N?Ul8Sac+!tf^>S?
ze^bS72xRyZ=1!6&gFzGNKh|nTI~4)$!iP<h{pn4=6y}MN7MX`67DN_Ocik`yI>H3#
z8;1)!9Ul|ZEr9Zn8)4`$L^u?ZSsi;I-zWj{#;N_YIOZ|MkY)GtH2UA56ScYU27NKR
zkBhLmbFm8C{dN4TuaXd*Ne8GOvT<9Ad>2Ef+Zwu|PAZ0ci(49)dvR`nh#Y+vjZjxR
zm-rqhC1Q6PJND@%mB|xlzLQrLxI4p(t+OhnrSB)hxmL#Q6l$h^4{ct(cjIE>x56iZ
zXMPM#q)wkP_$j`8xwNO1wOLt*m8(+e7B=yPz%~1j15JYi#gFB~0$c9`2P6kIc42=#
zRM^3f(_!BuymZOcKYRVpISH(z=Hm2t)@P4d)?QSy2Q#iff$yR!(|oM+qi}RFFBJUX
z(8-&rYBK_#esPj%SG<6fC04RXS^|jjkloYD*cl?3<kQaV?tREQGbREx6wbrg`ygjT
z37o||*`kb!mXf}0R{|U}TfHXWMSba2h$>sq(76+Q;@k-jqi+(0>N037i3k*(a=0m>
zx0|UN-3G5cF-IdHMFot!HQjjr2FIApVVY5oS;jwNIhik~<IwRnRrv5HRQm+|XcoHQ
z%C+^*_sr;FUZHep-orPSsD1|C39GBJkKN~(+x=p7Nu}5Pi@`?=JyQbYhGgs|ObR0O
zbjbgU^x@D~4MRl5hoPm!I;pSRyUw$eprm^a3?(CT<B2ltZLsYKqCwn?FG7%?jp$&W
z_#{%VI<5VGm5eL+;iLst?(fwz9E2+yqRyQ%q#~T~eDwxu1AVl>Nf*#G1;0A^GQ_fK
zwwsIO>-TbtD`5`<Q{HHcZPQGPX#5$bv?C~!clw@uJMxyrgZc5Ube`@x2G1K-uppd5
z_4fLerKsM3YaCNgIU<kGs9aB;5>vvw^?;$NS=G)pd(PdSYyUHU&23={hF%YRBb#TL
zQAAA+U)9Jxs(gd9rCD$ZL|w4)Hsb>c63cZ}S$inO2~4<!quEx?*814OGf&f+jNyrT
z(H<pCWXck>z+_K%_}QKU*~xD~A*jj_OAaH#By~Cw)?!PL`$__tI8U4Dl6``^Mkb&j
z19!eHtWbp*D!lzg%EoFQIS)9};SoY@f;ZM`aS5OpXaLoL2s|M54J>mx#m7MiQN1&F
z0qND+vjQ9E8AxE|pk6yz%<v@qU>S-IG;p-!sbFYHFclI;p2AQo<uvrR8{`Fu`xed%
z<OWqyzX-=DdOt!F6}w8TpD6d{$aGKMqa9Dx{ufM9yRo}6&NR1~e#9KbQHJ?=XwY&n
zM^y&WHw}}5DWc>A^f}8w544S=oFE#(CcGl7X#6F{vvXFJsT0m3_ab93Wib{yuG*p2
z(d%x7O;^_iI^os5hD0qWl|>c{JTR3c=TZzg8o}N2ShOD)o1@bx9d~<y7frWOPvXE|
zY>T<4<}<l0d3AC*k$9ZE(C@iO6P>pDqwL*y7gG_jsvEIwKNq{z*xq!^_f?ti+hV0R
z7tm(fyJubKTY8&l{}%3hPSkcD`|I!1RC;ub(wD=Nj3z~Z9PfNUJ^dm7eQ{e6o&Ulp
zBS5FJ_oMiqo06wn0<fY7)mxHaVs?DveX`u@c}|c~#+clYuGg*QYrc)<0t|@-TOG(J
zzpJ>w;=xfBH+qwe*+qZV#aW-P$bEzT*le?XBrd{IkSIoMklX;28y4K2JXtCy^u4UA
zX6sdebGc217cboKU{Ae2*(<dl_=iYjS8WJrocmB#@Xks~Qtc^|(cSWk`#lA&4&&Tc
zaGBdBtGcIm0<9Jd35KG%07lO?e(tzsB&f>M1CKoRw)>FA^xrJ^YV=jkU(WOu@q$FP
z-Xz`mtG$O;1|w4BAv1*x)sDUKvvf!>BcQIv2)tk%NHPZ&ZbHG8vJ#I;me6G#3K4Y;
zCo(zp^GXreAA~O*LPQDTM@g*X19a<XBo~3j!eV3DaSK+chZ?zd!sPuqnUqpH-Ot|M
ztSngeMEEesRT)g=<C}39sS`I1N3Pw->Jw$b#yCW{xu-{0e|iCGa8m;&rek@Q*J`w$
z3oKQ%AdCBB1vX8`axF`$`Tl5d=nj8zTh7%YU<1S>aGu&-XO)oJ!^nVKL#Td-{+bQB
z<$cp1{#V$52jZq!;*6>c^vhv8Q|ms7IXris@<72hJ~LQrN-1i;36(7tHLm9W?1IOn
z^egg5l4QNMf36!pKT8?MW`Pe{`A7QG2b{b8n+(by?^ZJ}PYxKwP{CPA^Mj#eKcx>B
zPm%+4F#D?g(_PWIGfmUnSMHjQh4kM+aG>*F#`#PvA~jT`)>5<jrOy2t_~q~#5Jh|0
zPAe*M3nN%GKP(%J8oQ#Iw+*#a+IM7HaUnLj$Ey|mFr86GK_>ME&Gk=ya%>y6%IK)F
zPi^W023-+L6^f)Qpf1^e44r_u`EIFy@7hT3<z2WpM^Ekb3H1FrR>(w_*0_`nNZ&Qi
z%m!TieQVNaX~lvOYhJxlf8A0$dTh~~t@z?dO?cZf*M&Pog`C{#Xxgko=d5@xL8wP4
z-LM(n^F4Q83#iuh2=1p0lK)L_s-7I#sQ!zy_vQD+G~Vl4hhjD=tXdFo6;a&^R-^SJ
zs)HD-8IRyNX5fw%cLd}E<c^19#6;RIi4@R?ZG$u#acA^XF5g}Pg1M~|FE_V^4>5L}
zB`^Z}*#>dpBJ2<%ksZkyf$5TLh1X3-14}}#tMU@+6T9tVd^ML@toELlZ#*?r{_DxN
zD6oe@CDZZiT6J)p{S#%9VE*QXm0EL+Yy+x?`g)>tz_6fDGofwgU=KUC<0y^12Gx@m
zb-O&^fy*H}hRDT1ILY{k-$PxsH6@q5e6GQcV@3C*$=#{P7hHUYq<Dt|rYfY^Szf(5
z4zVB$ZVD#zNbF08L6sW8SWxHc&SHzh!M^dY?-9ID;8)L*+;JFrKlV3DbzL9VWXOq7
z1fckfCAka-fZs9fV^|X>xi~ul@`+;OIV~WQ0W<IojDr&Bnzkm$!za(}77Io%z=Q8e
zsOI2edGB<hIYDEh=VmlGI((w?O~XY0wM>IQpNCX`L?j=0li1#uZ$H0P`LnUc>C%R#
z{I85$-EiV7?3OeRRVzH=9a&MtwRx+O`g4sPQ+a#6CU32rkwGozJv>wjBu|N_-0~yx
zE7C1LP2L<E-qRp4k{4s8)&l8dnGao0ZLm)ME(=6rAKVMYUGWcp%AdKMJhcq<cNFJI
z)xj0n-It%$j)e!AsGt#c6k~dkwL7S`*r#P_6SE(kmBXy!LPy$Zx<9~iw{yp)Xs#17
zJ+saJuN+MH5eq_HHp|=g=fO>Rp^DPhtF&%3TF-L;S9Br$?$Svr`2cO|{h9@QUeT=v
z<b&9!eyg<QdRra1CVG-N44%s@we_K@=2%6eu$oVh?%lNl(wXhlh6sLY?uJlAt7Eaf
z`EG35r`N<g_ui{HJs=10uQ|q5`y49DWRu?e?{X}gp?6MCwwI)Az9FZAFS1TCENz%g
zzdcN)hdmDXJ2RO=beMEE6a~yd+K5|Z@vQ`eXJEbTIHGhMuK$41K_`yxTDtG_5b@K~
zm*|1C93`Xb0_FOJgQwka=2Lhxr{)!fGTPt!E)m4*)nT9JFJuS>uJ4x=dQ={VjV^vP
zPeC0j*BShzARygrS}&{P@vY0W@C3v<{G#@qoW8R^(VQ`r;?)Sl(*tZh3!jwNb3MNc
zcWVlVvfOtvm5D#CTa6ZZvr$1=810`a=J3Ye4u+&cB77b;FB8GqhSH~(j8MJXhGNpb
zu0?IY1TX`Niec~KBob=7!R%&6Z9OQ7>K{mf>N_YHzp%=8O#-=gJY2;vLJ-m*mlR6u
zZ@Eo{!s!kM|7s~&WHexU{;BW~Ud4q#(YsZ0wLVueQ}R+0n&n)ycuXGf>r^3~uzvzg
z*<8~6o3s?Z?bqPe|8{3Vlp3KGb2jtd{B<$E+c-h7%b5&2+d3&8^IX1nmN#{7j|kh<
zrtG{A97F{qrC#uefncr_^Rr2>pfrL~h`XJBg3-eXJ81_v>Tx-yDzzb7&(ZM{MTRIr
zC(&Od^u#vZ$$0~wwDVW=IiQV0i-)cg@#1(JGU_Bb`BFH>v^rPoeB4FlDfUiK_4wo+
zLxw@iPGlx$8&XJ6_bC*z5j8rEF1pttNU%7*LlY-_g#lf2n~hv-ADex%@MN>H(9q3&
zQ!G5P&w>k_HzC^BeUU~4Up%+X@6qu-@qcdt92z}Zj2yo?{lo7OmBsx(gK`%ik9w7!
z$n>6j_p^~B7_A%m-t29}BE!RF1+ruIX}o`ZtP^K<eZh3l-F(QMVvz~wdnl=s+jyeA
z3ne`aM?_Xq0&XiU6nTYMC}@KbHwH;|q)l4_6vcw!ZB}<o6Erx1W6BBGyToulwKBEQ
zV@2X*EhgRFY@>Tb87DSJwoU{W7_LX#r(;X)!A2JO%T8t|bCRDupD(;(5i`J}YrzOm
zJ2C<Ea*O~AfG!7H%Wxl+?a8|4uF5SJ9Q<hScDapXGWuA!VrP54j+ah|?WdkvDZxFv
zXo2Ou$#h6CNh<D8yrC=l$)<@`MQLxA+xCISt643Ao*gW1kPzjxmFN@g;G57qqVh=c
z&}VrzjvEa3Qe6>z0tF7Hb(CSXVEEB7%iMi|(LN2b-JEA7=LQ`YzX0V77eESMVK5f9
zjpkPzy7|*gl57Z7>QMg23A_lR^?%r+1))f&Zn|jnM|p8F>`OLI*h_d_m8%4ozTjp}
zM**1f1n07!%;n&O_ZE3yA>O8?ooWC2uq&y<E1LQ>du-t@doeFsZXjx@QTwo=b~HTa
znQ$lZ%hY<o7wU?N;;%!2KF9JsUxDx6IcR<ot9&usjG7DOy2ung+i$xkG(<WBw+f&1
zdAg$k1rX5^CM*;BCq8sN0TD+R7DtXJCzC>+W}nAJ@CK|!4G7p6E?7cLj<CEM?v+}k
z$R%mTHk4o}#;5q!yc>ks0_}1PVmRI6TX=XB-!}S@3<imXQ(V3$zXbS=>xH)OGVroU
z6jY>PFjU8aVI@mYv^e?E{Xz(=6CNq1#*v^!ZXmkhXQBGl`D`w;>as0cTWg6?N}^Xp
z6<NRecKa7%s37*ji?{XH5f$&LuWshMV;{0#&hUQ-3oDGqg)2E|Jc#eJSg+=A7|c)%
z)?1RM&MX%Dn^#u;evRd~EpoUS3SypW@lY5GJDW@nzedGo5BQ%lhY<BxVy-%Dl$HFH
znGtd_lpxm0q=QHO%X2A*1f7J4k_qu1*0FQ;SLi4)bOm`8%!g2B;0f91S{nGZL&ao+
z;jRYptn~*#sCs=W?_!VVMN|B-+MR|s7L{BGpuLf>#DruHp7@}1kmm8DOt!J%1=?YW
zYjJX?%C)~!Tzv^Dz={-|ubfO9jvguG+UyAY4`^^`T1wOUKO#*7_szpW{Vn7a{XZvj
z9+g+GWYx(<M7K^jCtyU3N*l0qjYh{)M<XQ3?{S`0Q#lJ;hD<#^Pw7hV3_lQ$$Z9*V
zG@#pmur6-}In#_!`8xk@oMGev+h-Q-?iHao?!Pa!8qoA<RW{$8-74&PmVZsAI5yzo
zBfnP)2pel!rdqsGu1S_hq;U3cl*gG8387~+)>dz|35~p)c~@V!Hc!R`K12<iWT`2h
z6l-D^(gd)mC4<9=!($P<73m6w>ic4)qM^pwF9DJF`Lq+rIe0bGNs7atH=tajc?$|}
zApt7x<}APlnEoN-=?k%#WKQ73>wKKtJ2mJGP+Wis(H!gel8p;spgWuY9;f&*L|=os
z;WIdQ*E|Y)aEHTW<MT$c(~U&uq>`CC4#Trsbm?C=-`2kycN{%+ISccep^uHt?xOh1
z<ZE_`K!xnK<}EJ#1a&XwU@Usy^Fhg8vBK|ti^0lCpXd<jTy#x1RQPKiVOzI^g&=%~
zf)Z=p6C~=!i4ZfZs7lmO8W1`MVf)+Y5*Bs1;gzMGr}<|Cq|gPp&_uEBW1qyybI$Xc
zM#NiK1jVQAt<^%fKSG?GjiZ?hS%5KJ{|5FM&xFV3;0=C&<#R-zk}4(+g5SO7P+0R5
z?bLRLO!i0f($E+ym1BKtYv(ePh?5Fs-U?izz6kYjqCVLb<J7AaZlbRpBpWI-%hlrK
z$S<$NF?zEqP{sb?v;7`I`|;(`T;;d-2$%Gez0MU}ejqgze-6UzTIeCd$;v??r(5SJ
zz3V2ct1$zd@_INaTu8BG-tBpVg_{Ef**c<qA_cy%2n<5V$1pS|7Sn){8&`!`3&pGU
zqltIfDGt6HvK*>RLCEiEM~8j`nf=^-sCBNNFQkCzOJN)F-@x;P)TE?1cKmE|099Hy
z_!c}NYc@sPx?^X@ab6g89Apw`UH2*^W<Q(@aYJ?*y)!&xyir4)J^1r}Kf7fFs=8Xh
zwKt51Ho&dWGHP}o)*mJN;+<}FbPvI5QoF>G#bQOFfu%3dgo4x<Y-=ws%$XcAB*j6V
zEGOst+r*!25gRgVg3#H8>ps*@?D*V<Dwp~skDcKFH7u*S+5ST-{xc>j*JI5lL|uxH
z<^*zm%5WUsxeH)4T7q1R6JB&yc&fU2D#C)9;v9^Ln-?JW{L)S;h)0=qLJVgd%)w)R
z68q!%It%{2U=rT-ipfUJBLxF{`-Ih2hJHn(3ecov_Mt5;tK#~pOEd_j?6uQR9|x=&
zPdjp39ulY}cmW#I%|x9jc|JtO;>}$#bJdeS)rn&GL~_W~`tJ~RA<{Rd^Am6i9e7IT
z$a=Ppy>{4r{U@oTmbPjc5HS)`rldvrp~>MI<f5S$B0|G&!SxIZ3MJDCW(zL^#>$e=
z^?UV?s3^qcEyPA6*g1SJ3h|vgOqf@mS45qCWA0vpV_8#Gm+yId3H&uKpCSH@=`F_O
ztOV^zN6Xgsxf5~=V%R2ic18XRE_?Eel5f3YlQH+Gh}bzELL3bJgC&d8r%6;KJZ_a}
zRbL%gA1}2no9FPKXA2)Xe?$l_zP$qlmb}-g)X(sBM-YpgZ}3k+u-(Tt4&=hpHDvTC
zCWGet;4&aZj<e6ZyqybuZ5fJl$i=bbh+y&;45+gB%o*DH9%^7gO&ETbYnlQ(@mx%T
z_)iq0*{W~B3cw^9DK$hS@M6$aTtMkK%#i-U6n~25TCCil>cR6%4lQLkVUE445n=22
z$YfH%O#Mp9Ddmci+&53TCTt`d;0KbEM>O|vkfG`>tbWbGNqlCGYJ~$-s}%*TY2DT3
zxXzL|sCZcmcwHnTlMG0T$goH8@8ZwnEuJ{ZvcHU=AWP$_hdk7Sx4R7G^ML}Oy=uLW
zm+RR%)S*wa;1(v1#8ll)?j`S!pGkh*ssZ8tG|qxVst~Ar?D5J}9T9|x90>{<QR`A{
z$c`UI?`S=OQQT%L_doNCELh2KX;W*3sB38V6zclciti5Yic6=#Lz<#{L3mBL6zqmx
z!@D^NR%0;h4Hv<tIj%*HOX?)L%^vWI&D1_Ea?W#=iJYEg_4W3#->=;OLj&y)oK$a>
z6}gbBVRR*DU-t_8*)=wvODX{q>bphH7dFn3X@nqH$*wpK0+wXExrR^uL{}r0XeMUu
zjUOv4R1Booic*-uHdIpBYcXH;v8+fKnv%xRi^V~twc0sV#(B4Sx3L(?9@K=wMv_3S
z)Ho;zBnCh%BH0ngHV}g~ojdpY7Jhacg3%q9;=Ca8#_;s|P)Qy{%E4l!2qwgw;qkCC
zT#b5g(A?u<mSAT_EwP`zw@1_l9xN0R1#+S~-adoW45<;O#~);KZYR$*4lw3P+DE5(
zr1qssEx)lfV(a(tWeszwl198kWy^^AAr=G>p4AX^)+4ciFjV`G*f1WSb{229?S;6f
z#xjv+Ng8o0CO{#qSS0!%GKfdsjls!)S6*wL(>{C)UH~n~4gVNk3fwmv4Qjx|$#<+f
zBd>^)H8V;nnO;otyrKlzL_RM6<wC3!D{%e<d?rlmL*@0WN{_pe81K{CD0+mH1fVyE
zziNkF$42S4Pq3W9TvoM0!{taSd(V2!PX-UPs3nId?+_j|?&HaPB2m3f;smY2gTH=(
zMny$cuAJw+t5xb?wsG?Ma)St8Q({V(#5e8&-J?yhXz2zr5zazU?N2GI?~BT_RrG6T
zk62I%;)z>AAWd|<_Rpxh5NS=pZjY#^HLXr$f*&K}=8_??6|auv>0<6UN#Q%oaDYO0
zHZE}mxC&}DTqgD$gZ+IdNiM_*vxTkzLTB9M$;0F0I+JXkc%z_DanYsp(utk<yy#;;
zfNLEOA&#`UNI2w7G<9@X^iXlSpZmr09T)DNwOIP$Gfv>slex~ByjX2nB&E(7Ek|Wk
zHOUaD3EnK^0O@YoW3g^W1xUpPEGc9|CP_$5&*XI+%Ta34|E@9oqN=Q~e4~Cf+dFlf
zqPQ?9Oug57mU81%O}jy#ObM{Ynl3}+$_p6^6?%tgKuO(ycQAM2=t=$FvcG=SkFS1L
zZ;*bBvNM?Wf0pAl=0&KP=<Bi|wVa?5yD7W)QPE}Qn*kT*CYiyP0TOHB;Q>ZB$vk0d
zJIFa23WrQ%oOC8a?pg9hquG(p<-_BBm~RO81T-lIDRhbd%NT^voRGfD$n^YD;kNbO
zbT!K2QZnWZ4<TOo*XB#dIELFp!34F+#D3vUL>?oTf}3gm3(xvIsPw8-7j=vTDGUh3
z>?rI9#nhPinE=ycS`;w_<<#^)8DSYHg~$8IFP$X|ZehnM`Qa!34wUxB^Lm%s%}0!4
z8z#{}EMc+8xwX_W+83Y32Tm_{!_ClpX+(2qwk0sN8wF5kfJbEQ9b_6fM05<kgL06b
zLbUBKb?)KutL&y5reE<oYyei6<3e^QQeots0>6l@rxPSUQ!}oJlwoo=1>dbXn#=|<
zU1L2J(Z4i=S?(cr(+0PNL=DcT|MDxG{C25nyE_qI%4N}75;&l}D^?SAw6}5|4V#<b
zLl(+4y_L#Jc8@APZvDJN|A-mo{T-4OO^jWVaQtJw9<*#-{oI?f?Uw`pl1az}iEeA{
z$15P;K`R74U&hUfPLUdUOPfK%?7Q3M9cX00(yHuU6{>>k&}Y~PQAz%Dbx^1dm<3&)
z`z@e8w;IeF#3(JlS0a0v|5GWrr2)f4sXg0wubU&$0k-JMcM#{@K%7>;8=mQ|oy_@L
z&*D_Ozk3t|O{@I<`+s_=E<WNcFErTgP}ugZ*O`})WoY>wm?k{wT)!%Yi*&ORz9#LT
zzf83)2a6Ls&bz&GEa?cdk9#FA0t}zfjhcH^^#7kPMQd>^`m%LL!@sO^T|y+MI1VBo
zx=&}HFb$fsz@})zI#HIEjaSkZfTU=7P9UT_Tk<yNe93~0lmKx0qL&k|H?Hp1`YhcQ
zRJ{kF<e5q|eSjFCFK;LqIU(@y)oOnw{>r(@1g$bz>opU`byLM5=|@@45BN7b-&I|<
zZA+UBlC|!BJL;Bs<G5{dUH|i*74+qq>u=9%(%UZ}6Tp`tyyh-w@4z*l3-4@R-A^a^
zW4?YibNMCcl(|FQtMd3k=B-bipwk)p_S#DLgZd$c@~W3=yaYT83>>x!JbZRFM1iS3
z<moN$ADw$Y4;zAh{cs*QoHFCD$8MQ@X}NDvIR0W~wajjidMg&^)`>URN1d_470KZf
zNhzcvFGvPv?u{#&>Iiz*bM?HY&DBvuYn2mm<wGfd_WSf}CS1I!Ry^{EgnYhxCoi0=
zkWPudMNMbW&jBh2Q+-=`)}%ju;MDBfGJ`p@_iQB~<NLCL%9je~6c>ykL6ACXJ`7_p
zh=|u9@{|hUJ+a*}Oq~#H>{YT0WtRkwZ9xJH6ssvZl7A?GX<O7bf|9%(rCXX^jOBBN
z#0zWLI6GVVPIwP%ep~ccWW?6x(K9}ZJ&UuRNdIwqw@;s^knO#sh#=)r?uNemH_5V-
z`-W2i6|olHC!USpo}cU7ys*D9i+(r-cHPq=IuSQfRUd~?Yuw<Z`xMM<NTBEx@;D>N
zGZEs)ZQB;qO9R?n$wD`zlV(?%P&IpU01Q4>h`=kxj=-kob+{$70JU$Pvg_qi&huYV
z22Bm=fGr%RqO5S%e+DXw&~@|6p&n>NlLZk?-(NQpgsR_5o7oKfFpPLLb$<hTF!O5~
zlIS?tj1njF2IS%@c2EoGIM?g@9o0hXaiWx(r(ovf3?r!m$J1%=9RqZ9s9axv$x6L>
zUFCroAvRraj^|1T7sETpA7y*KvC_SlZr$7;lBdWIG#Q(yWYw^)%kNIV5#wFt((0ME
zy8CyarRE0V)(A(>6GZp29i@_~W=|j*Y3YLJ3*-upL|Ea7V|&z_3SkF3v<&=-OhCw)
zHdGwPyxYy*JJ0TtwM_)2#dc3qlyY(4{A8P$!V<8XEBEhbA*hDw`g4dBhJ7A2ofyj1
zBmQxyU;f<J8SSeVx#)Y6W8CuB-w3-wX$!X+pYi%F@a*94JNu5<wh5D=O6lsMl1tCG
z_gS3(ep@7_J$o{gsbZhLg}*ejU0Xmzl>U8w_*cekhvne;$%ng9B(^Q=A#Pih|8O*&
zgxYCCY?geMj(sZL*cIW{(Lw%HK_Eh$AFy!%*Z5e?KXKTEs@v1v*m5ak{^@rbh#|C#
zm6qWZYVS&S;a|!Rc&x*rg&Ipn^fnR!)*Lxy_MY&Y@u0;hx@iKwK5HMOUTl&^zAd${
zyM5}|eT~WM+m3u++L6vJ+W|4uj*E&mGai%SwG*3rjIMY(Tt>m!3Yb}d;G1hJ!jnBR
z^uAAAzt_yGl#_nscwI>m&pLC^6sS3Z`*7?Da@Xf27pP_n`Kx<B5!Q6;NOmgF0Z<L|
zvUj?##*?)jN1|gp;`OiB^mTWiQdbY`wa;J%Afyv=Wk;oom6v=g6gU6<B%*)QT9?cd
z84uNt8GI(hu@et3(i!*}T3U61rM#8Rn?chub3jY4*RydAw9+ILp80q`bv`$2{&wHW
zx8)pZ^QVZv5Fm`ex$ri&J}c$ZPN`UPOFhg!Ay9v%{`0Iz0zPWPVCGr#k93tj66%mj
z!zCrJqUMfwQ>@w4Mv3g=1lm@Ne0}QCXAPnQ^`Tms4zS@<<oBx<oZ0}`&P@!$fo$JK
z1sUas_eSbu-Shb4LJ>RPb`z8_J9z==0hVS%R`8n1L$w&um(EqFdt<VKb>FzZA2!s<
zA~@t(HZP<dMBfhFc-aPu-y50AvU5{IRJ{RAxgKEv*}%3fY(fhwZ`HwRUk@986E_)U
zkDA+l7=}mph$-t^VNpWS^VChtVCb7AP|?YdT;2J!fL&4x3xmK#nEOj2IPw$h>L9xp
zd*76TWvt9OJUY-R#~t_NV^Tu>GC}=4XFR_w^}F?fTwaM)xqH;8Z$ho6bbFd_U+890
z#`%8FAb+^BvJ{`et`{`*`{pLLe3GGzU0D<Ses7K&i~4rEJ3uFe0_j{gJ{&94jZ@!`
zI4(r^GaZLl#|iVPh%u{#K}wJ?MEf&Fz}VrCVo4A(!bn420v^^Ka}olFJVJ>Ez4U`L
zJ@IdDd`(?Sk&oq5cmToSLt_REvy4DQQt2}8dArLEyKu6?T~1lIuOhs_pNaax`iSw!
z!2a#kt^3vE0>sXUQqP`T`$sqH4|;$OTD?ppG)^*C8DF$x9g$*vvN>#IFJ=62yjkTB
zN({^}+0cNW_+<-BotgUWNZRSX4X@hwlgZgkIPrM0tKM&R`RaO*(*BfjsdwMqyT<CN
z{r(dHp49aRs2%oaRH`eteFPQ}!Y$+>vIiIGMQT6KrX#80TSSmGY1C!=6Veyc^)3lL
zi0c35*Xckqjo@K@hB(PV>i)40lKP!Cmzf&;pVPc_wWArE;ybuGssemE5I*GFd>)wU
zIDV$z?-4mflkpC%Ly9iYANDzwtgl$~csl+_%MP<=0=9u_lX!BV6bW5xi((!hdHTo}
zohz}sjIZ=Q7UznQKP4g6{D_bSNw|3~%rbXpI(6I!0PTt)r{grN3hsIGPygz;*JK_q
zUtM;Q?YQx?Rb|=r(u2(|L(G+#o5#~A{7tj46h7}pA~{DgnOt@}dLX--eD{p$1X3pw
z!(i5?&{~!CEfQm@juLqTRXIKrUfm$0RNA0ceKEyWDgILwD%6f(lhH{W&BD?(Z<2D`
z(qK4kFm8DtX8n<wJe<(UQbzM(Q_8aBa-`l&XEkwale~D-!VPDY<uqxBuICZ>DDdI0
zT-}4%)?WXLf^QA0DAEFrz+f@FGH26&y8ji9kOUALZUetZ&yug$<7UPSL1tCiU3SuH
zH0h%ZV!nT%aSE7x_!$}l=RpXM2;vi>&M>vPM#5woU_MgG?hYem>J^OP3nea1prcDD
z8{v5}%cWHEMJvYcePCdq>@`9(Zqb0Fau0g?EcSVS-qVbQaeOh{4D?Q0v!6(cD6dHo
zK(mz;H@$cS$pSl+RftlM<H~3G%vh^e|4~NSb;nV^dSVD(BU)BtB2G3p9)c-yS*wUd
zZUlaZlh0=y*VW#B*YtU$?j5}3{r)QQi!YmiV-(_ZibVf5*KWV}-I3uC(<kmsLF+BI
z&hTpvuH(Pm_S^5>|KKz(;B#BjoB>z*;X`P_CoFvDz!`mJGx`0vK-&Fk*3W9^)sV>N
z<On|!{^p2^_Q?A3c-Gk8U!qO^PU!cARQ=kvxhV0m@O|6dS9R6Lf3Fn;)|)O|w&4r#
z3;%55>+~%fVk^1(A^vmW0k_4%a_|kSP)I58d-6VO1-+kc%CiBEMa-F9N3>ZzeZQ&t
zb7z1lt0HXmkKT4a*&p@%F>2A28eJLF*ZE3~hscnr#2tQhw5y^w)O%$3DY4Ox4oA0{
zW4)vi^sr(Wk-Vv>Z2a-$Ksd2Y7=b9Bb|Tz66(I>{h=G5zA^x0qm@tx^&LiF5P26r#
z@j6G|wbf@)vE);pg846~kTWW<9D;cF`_gtqQJ^Uny%c*nc`53363(qG9{u&}jlbel
zqM8mGV=SQfYn)Mr4$Gwzs(nh`-yT_U^<l<-(yQ%hvWwBidPR41f3p`zYLYjgBeLuX
z$GaFsT?}oA)nDE>VuxgPL3AyDLJDu*zL=T3lO~7VWZ+2U5j9Smgt2qcdVY$c=)F<9
zu;l#zbhZqvFDMK+ZO9rb`#z4>D_B?v3{~MWQzx4?8vRZA6e$lG2<-);U}E?GWSf>;
z;$$9H>W*yJF!Uxe8eMh)+c0_9I(qe~*K3!wN0OKF+a@#*ja9ZqpF3=$ooBxHxcL%4
zyyta3xFl!c?Ooc8dd1|SZ<!b?d)oVW^B^_ZD%Ce#833<6`cXQY{ll3@?{LRD<tu5O
zFCAe=UGaslVSjeB5y_1`5Oe$7veE=8uLox@?32SzOko-OKXZ~-+i@W`v2yE_tYisX
z9dT^}SDn`)NyNY39k=Qn{}QTEH6+O|xXRTibh~#gVqS)4+*z;X;5B+PK;+#1n3MX*
zr7A?=v>OrsHXJQC<^B4^?4EtaD6d`7IP)dNbNofhWG8SoD(cRb`xBI=xd53Ldgr{9
zN|A<hlYrYkoy+g`x=5cV02dgrcbPn>aw|XJ@pQmt?#FDv+^;1-h{_<u_TCdj;<K^>
zgjKJ5)-cXz6=39X@GFBu5a;_5z$t>5Y`WpdyU5MV6R_Ad+nw{cAYook>y37Xrz_ge
z=6==Idc4exo_e|Sns3|S!hDg@jEvHSGcd7t;i{IkNOET4-HUYs%L6?2dnupHMEEy~
zCRfvQvQMn5S5w-3dXSG8yTfRTSYIcdBWXBDl34!CpA0?Hhecp`T8&jMzgzImU^ya>
zbQa<|G%4r-1+Ah8r62<7lvd~Lp&lg9wTZj7>2=YB&2D5Pmu?v+MWjRJ+rDG6*)t!y
zD1=D2m>i0o8{6(gjkf<j+?)YKS?0j%#o0}khZA||(~FyOrLRVa+BOBsr`do+vj4}r
zFF4p1+n@O*e4jRv_23kEi8t0|XSG>LU^R0T63M>tQDS%ac(b1C!(34%Gv8zBWB4c_
zRTdutpZsE))!~=oQU`XLRe=I-z}Fq0shR^@TSO=PL)CU*MWU<3<N+6<`8IHX8<K{a
zs`fNyef6+qxJy;2`^eFq3Up^sJzk*b{$`8KtuD0DvqR&C@g*Ptyxj@Po~cS1Ie<gY
z_6^m@go7#1zb@(VX3c*pY=(R0{*Wxq{~Em|YMJ`?bn1lDLPH`$k4KSx-8fr_RA=gf
z)S4nro!ZHk*>i6u=uJvHv;WduAFHKbKl}N0XL|CVGScMrT@I=5<~0>9E0P=25)~Kf
z*6Wg|D$2Why~=S970O#~Ao8x&o|*Wf*$+9-k2LB}`b}LI@o^}vg$YbjQ!UcCD;X2;
z;Z))m@v(T5Xho#I%^k79l3dc{Bsp7b(SOZR`?L464(6RlusS-Mlqaa&*Q@RF)?IXe
z&tvZIu5wh8?kl1CQ8_a)ou_>Mo)7ly1>7JBRigB?LdbRlZSBUA>xl|A-~bVy_i|a4
zr*}4Cx<7h#OBdk8=3RfIIJITgk*Ud!vcdT00dY)<?7>-<RsH*RbjoY%9UGaD>mA3x
zXzIYJ30(gvzqA^QRsAcl+12Q%(vI`!;;`@Q?+@A=ZC;XLOk79d4YpS|;O9e!z5`C7
zMEptNH*aop!b}-6@4jOde}7w2h}oP=KY+ldq5vw%skr~xSuxSuSPXkjqr~C&CBG(N
zOz+aOz!i#mFym+Udrar`Tps7dO>Ku#QLD?=7vkkyF3l|uJdpWt#PBofyyXmvu)hgO
zUyBv5I0hRqJDj<G@2J5~Zixa`Q$*^D|JWYYSd0%#w`NfyS;i(wtQSoFhlCQ{Bs)tb
z@MSm+-(S%P+O%HTT4%jf{g385q^-0=wNd#eSA!ygUfxdkjs4czy98d?SDt$5@|^Kv
z*Pq2$4*-``*XK_!wZt%CW#=ZnuvMWH7@-UTv*HVgb|2-zms^+Xvk?soC^>!$teui9
zq)5BAxzDz=SzG_ncyn+zYsGHQf76XH(?5A=v9Z+;{`Nc=_XNPFgF#&91P`ub53~pz
zl^Vx<1lAPDiohDfsN1h|!$we#A#Afi%vG}H`yV9$-I_k$a-yL@D1GzspKF`1_)k9h
zLekoC9B-G)TI)9~KYqJHlqg2HrQC)dxJ<$0q>RCbQ+xi01`vCb$9@0aVNtV9b~41|
zfBe(z)1Jray8LL}U4-U$5e{RK`Z+Z+ub}LU?QBCI10!Y({%N^A96iZ{sjvL)%wyyQ
zO^31g^=s16>fyFODQ_A<QA1jb4kC%#YPx6H6GB*e;5hX|2F+u)>`75l>&Slu(V1vh
z+0Zc^_knvJzx}GoItPAHl*6L5SH}K%oqtyS%A7imgZU1Q1NxxIN(&@%U4Tb}kQAdV
zZbW_jxRtRQMSuArrWElL5@51I(7k0cuBLp}+NmR&RFA*nGHL7+QR3N08(J<%wz>8h
ze!%kK4}x>=*~BgrP?_34vs|~6SLj-~>5hSrii1w=AXj7f=hiK>-S^v#=##zPhmsQ|
zvE;TiBrc__2HRIZ;c8b}Xw%dN2L3eNh~0Urp}pZ|u?3oE*u7xA^g;{_kTzMi;{|Gw
zQ*Mzi*ggYWwyQy*d|fOsQpe;&1MGf-!kn!IuycUh=@0np`kbDFfX9ER`svfp;iksa
zeXaZQd`!Q!6xl<I;9)DfT?y8Q{Be8ZESj#oX_Jmg=?|C8F3lr}$GT0!Yv)hOI)8>i
zoxraRf-nsA`GHxEr>puY)d<m#wp9AB<s<NLVt!2+&{mq{frNhlR`5-|CtQvmjKIg+
zLYJ8D?AihuuH7}C<_s3%woQm7tM=~u%CS|z5dCGV@B(6ONdU_^m0P3JCJ}#h)NJ`O
z#8q#+-Gec#o{xNrT@8!wm1Or#tM<EL5_}az*`8e{#D6~z72IO!oDu(Z)!ho8lMR~`
zI?X+K%F54Q;lg>jzXc-w%YJdGboM~TNryvPbDgsj$O&Y$jt7NdqO3bYjVHWcz48p`
zLTywG(ZQq6wZXIL{Dk8>WHN5d3022pOkqc#gXl#W=yU)2k()MgAKqGEW0hz>OgT>8
zO8k4jWD{oQCdKRB;loUjCmXCz5>3T?dCkEs|J}XOi@tVUoGcHOT^7kWi8BmSwkU&%
z%FRpICO(`~8wz3PX*J&w#3Vy=yz)UT>2!S}d~LtsgHzQtgXUT8`o3DBH(OWBUl)<q
z*UTQlz~8>k%S|o!21c8?z@Q+vuQlV*U~|P;euY7m2J%WYi4XAGu4k#*Lzrw3h&1=#
zIM?qzm#NQLUp_VohL6+b)GaHZ5rkzi=R;gNKX)bRr8mZt2ENdLqNB=sWk;45A!qo8
zpHp`HH|Y__RAn9sU!hkkMh?(VvTL0_mFyV1|Lc>#z)CwX4=d6*cUt_;0AdF|M2v%a
zRpLn=q*Ztt7<OMLn*Y<)4;JgQmv5UCl1j=dGRA$L7++WnyU};B=yPq;PJKp1x|?45
zWf9c6jpY@YIJPns^dSD!^n>!_Tpk}#lFeEvrtf$*h0`1Q>Az`xYC!#dX7@UUQ8Mi*
z;m;UX)Dw7^NQhrBBue<dhDu=q%Mjy~IMFDiA()M*{gmbs>t#kj!TBam&gRy<f#dOc
zw{G1RW7`N-W}a9P;c|8V42s6(UuAv-xKLYu1I-pmF#QeK?BiMkb%RVVpVOS>VYnU4
zudkC2$7NCXyw5+bV{nr{^J)|GdDQ*;WwJok*2nr*Sq3rjNe3AC@b!f!nGW8h(V9#Z
zoXZDzrA=@RGx3_s^qcygV!ODQzqx<K+z5KkZ%{<^8>q&L^vMd>3XGiK_@<Dw1It+C
z-83Mt9&9W#ja$JPuv_&6pl=jj1@F6QQaWzXwBUAXOM#n%&_k|iQpgzJY6br|fBLZL
z&T4Y_dC@$;k8nX|#*G7frZuR70;Ud-At@*J_fa$t@6j3g#^`%y*|cr)6r?a-1>@E$
z@I3D4{Yn`?2{P3S!|#4!?>r}UurSHSQg<%UW1?qC@Iz9M#)?ooX3fLO2FM3Yn#m;$
zCtIUQ^U}?tKGoL8E^+(G-?W~VmL8H3;Vb&0tG3G1Y%vK@|1uG@voV6pHZRAsf|qky
z8+LnMx4h)AY?14WtMnq2$bJ7V%+<H4t$pX?bk^j-C3ecI0_XuL3b0?x^^dygFrs1$
zLsOeE|4Su<k`(WI)vbYpsck}_)S4j3;gwx4@^;&J^#mRil8FXdV&pw(L%YEw@U%Zg
z1!OS!8ft1QZSURxp)K&FYzJBQm}AR>=418lYzzZ1LT~pc;A_==tAK%Xq`jX78(Z|k
z`wcFY-a(`2{%OzTABP9C%E%KzK0Y{CG25v_qwzi<@<;m<@a<!m`L`voMp+;C#=@(2
z9XHkA;Ah6xFT98rx=k2=sED$r32-7_JiLo#Ndw<(l7SFevfRRcad7|VWirnsz3@rQ
zDhj)Sgt~YB%(!g>_pX_2*x8~IOEy-+5GY4a<Y{DW|JBhScHNjJ=f(IgGqm?h3zv55
z{EoM+KaBr26m5N~p4wTIqZ;Uf5$XxvG;;2GZO1qIGg7*yUd39*KKm;4cyk#Mld{9h
z)NRu{recp%{gj1VgwSUD(CRrPamit>_9iKD59Ju?+<mIRvSVRbYWu1Aj0m7Mtp_XO
zP{{{oxJed6{bKvPcCv7Eoh7YXOHZm}&v3x!543&WD|@Dw<KDe%C^*4EknmY?eA~17
zt9j?xqV$uzUurj&#DAJ|m3y*FEvVVpUWctL$4f7^Nn!GPr{dGzYkz$tvwDw^i@=Lt
zu~^`P^iVQ2n&LbVOiPK+vzLeGQZd@2F}S{Wl6{x`!q6{nGhfH)7A8Ybi`bqHJ?|0=
zUmHsLs`<kV$U#$<G;=gSdpZow&QFxGW1g?D*Lr0pXyacm8V!b=sx8QlS*VbL17kJ?
zmck|*4R%ww$BBO>b~26m0@m^Y!aBlt=vP_cCjpX#&1Ldq3whwiB{J{A!D>UtO>mB-
zM%(SsU>EQo^zl;u+e&`g_N95&aQaVMIqi^(2Z0ZrDSG}}8c(aXkWcB0F)0kO853vr
zF_eQ<-pt0sKJ7;ONFAvRVMV{TX8Ag(*`EK^lxbt&4}{2z#9<`}SHSQ0@&SVoR@}@1
zDx8M?^IzgN%E8ndkJmpOM#$4j?eqScS@FiJv8o?aM{l!LB{!z;#06X^+l#zCIDCbR
z!6}sL8Kg-46u07*F#oKV3oG@|fz1Gx&2=P5J@#s2DrL&irnX>T3wm1bU!|U(Q=0gX
z51{F11dd&ybKW+K`KK}=vEt!WnOB}N2By}A|Krg(d<}^qvWX@%5s<(HBDCor>-4H&
zi&S`lUJioG4ixb?wj_OR?{y(>@M8mcFWR$=jlWuHvP}f{0-aEZU-WK`c`lc?AANw=
zRxQqUZhCI!AO&6pM5BFB-~dH8I0s__6_%h$o6tfAl2DUDp^)ov?N0#iBwNTlWnmV`
z>AH#i%tX7TqyOoL8g+kqpe^d7`8mxQbo|FK7vif~L-)#H%fF20TC)o^o6i5{fGKHd
zNAH`9o}3kF$z&LPeYtpw5cPaUO!mXR8qFYjj^;>#r+p{~zRcS&Fk_fNu4&z8dT}Cy
z5oqk;B)?dc{*R{O;i77iz@zjT@UwGto$xzh;d8o_&U+>HA{?(XEs2R?FdCh_KESZ(
z<~=T*CAB|Qc{T`2{VHU!4R7idhi_~=H`yYioxHc*d$O8WZ^_zi&xV6xAm0HKc>VNM
zkoGbo=-<J5{VvWF2kh+wxSDGPh38y54a|DQ=~Le#*S}C#zMcEkwRPbcy(a?zy{M2$
zW1&A@BagsI9&-{Oix`Uj4JleJDT>y}>cx67-;%Sr3tWY1hCl{3oJy8c`C+bU4y9H>
zeanClYO%*Z)VDruhXq`GaLD6zOz591SzQ9k%G9AQM7pP%+Bn`0owpDdlpFS+c#p^O
z%A5w4Vc{``c7hsCVeQU+IK6UZIDCg;Xc@R;1*uy5>m<n*uV(9ACf8X@UjieA`d_BJ
zb9kdhf<d|ILqXo=DP0pq>$N-E4eo!x$u7sECcisQI6hO%m*ezLu!p+akd7zkfqBsI
zQTb_%5K#(Ru+(g`QhKt%gZ5+PP!rgrm)IEBPO%3ZTVgUE1EW4qud(cG!(L{&VWG!L
z@P7BW_<rfD@VOO6bd)&mNBL$I(f9>8r35^{W=?Hrn$Kzld;8Ws7>$BJv&rA@qnop(
z_qC3i+juxB5{W<G4gVNs|3q_fzueb^UT2X*i;st1`&ocFYUS`y*%Q52_`k;Y$AbUS
zmclv|6`V2A2y5DbcKX9$XA9KU^|eQnbPs&jrVu81xLYphJ?A-k3yVPTgmX_Wel$jx
zL|2m)e%z;Vl@~`}6*Lz_d6i`e?18Gm3S7hj!bzX_N}iU3U{(b$zrG}w>K)Wtz4Jq)
zFTRtO%`+L+xKFNkV5whNbz}5KDJ|Th61Rx|du=hzV$;)&!<K(Eq^2?}s}&)x6(4cn
ztN65lxIy#aee}pnu1$>et>QqaDl&b0E9IXo{a;Uf#G)icDtDRMgW978m}40mX8W?T
z=_Q8ohYa#9XteR{EXeXS!9HREVkx{K*5dcb919d%MIklS(aSSV1>n80i`{3mZKcQ`
zD=69TJ>q9-o?bE=cbiiJIR#ossXg@PAaV{~`v<!G6MhV8+k7_;kBJI2djMyI&0n%#
z6>4JqZSw*}#ix%UNCu+64QSy?f3W-(hL`VfTLh^uhtp0z6EKqMf3(o#74Y?O{-MIt
z+$ugX8~2vk69@Yf=lmlG8?YUWSd#fWtr3;AI3^*8{G{kVh8ZAH*{|;*>=(JK5&9AK
zu9+hG$w`7oVpTe}R!Scm)D%wuc0W?+HcIy*jW^Xs-hxaF%5xlQObk9p|NqE(53eTv
zpzT{kDN>@+r9=co1VKT1iHd@aW<#U|M2rZCh|(eS-V~)si3kWv@10Pjmr$ga(0d>d
z2&ubIe)s)8=RD`UXa9jsc6VmJGuQQ*#s4T9zvJ3bfAaqnV&`qfO0#FD*7}D@N2PnY
zQwjh5LV5yS0AP|!1mIExqnz(=WtDB(n=tgR64Ydh|I$tZRBXe&Q_8DL^V+pVJN(cv
zqipN5n&~#Nxk!=p&3N|G-f<t(Dq~df_lp)y?|aRfrv<gpM?wC5i1$H}=k2z)(Cqhh
z;lKd@0BjKk>FB8V#rTr{!w7|`C^_bCJ9k{XF4PJ=@%WmH6zv;Xy!rNGOwE5MQWozn
z@V!esxbo*h*D-BzFn{pNK4@dKrx;CBxX*ClGNieTkNFYb3AY!iG)!G+%kxrXd}Tk%
zZsg)zOxOv2W10!Ww+JV7B65R~|9j27pgkUsW0-SoUc!od+*jI6orbQ$*zR9FWl5r+
z_qn02RFiVm%$h%S<VDhBlfWb9KYOX89ufOt0`j>_EU7I?yQi9a9y^%`I@nF<a7s|W
zpdZXZ#~!`AGG(j#7S?g^K!G5n9?}rN%zZ~))Si*8pbT}ObcMT_;d$9X@_%Zc$(>c_
zN%*Dc>%WtRLh-D)%TA8J?&hTDEUajY{HOG>W?o}Cj{NU@RuaHSX{OJ^Nt{yuDFm<3
z(p}scruxv>(*U;`mn7f0$0YBkROqLP<JI=Lx>rkKZH%y$dwk6`ugo(4AS(VMBMNb-
zoMt2?F0RjqC!U7liy4=5M<dysB%raVjCa1`cQ%iq-8wOlX&2GwQ=Znk%!;_-IX`Xc
z!gu<M^;xQ%b!%fzWrkD@H_XmXd*&;P0vl=WdhJ;>4w}K^6nyPL*RSM;-5lSqJ(VSP
z8Lsv7Gl>6drI+W1<REXb|5p#4>v2?<5oMfF1G!tF4kv)OdBtssR!_&~#&-JZ>lV><
zlo$E8VAE4m!ANR6-6_uj?*eaj>D+s^6zA2&OfIP8+mH8A`7h9neFSqep$A&W%pIt$
zIZF_EQ+X>qu<}1B2ux2b@*W^q9elVNm8-pk8it9v=CC9JmR0oM|9`aBxJ-aW4=NIE
z{P};RPX~zsukD?c!L_<ujHZ{vojrsTUE|rg*g}%_0jBWt<rAC&b`O?Y!~O@dwcP8T
zTKW=oXXzr^BP{dR6J|U9we-84RQ<W&wR^|v{)e$u;#*vMDTblkeUW@JDOTX85O2U+
zYogC%oaU8Nry_x6&i_f^tY79YCu%&Rj5DkK?^z+3^MvV%r|i%9*c7COA{9C0vGTM}
zBvznJ2f63@%+wTN>Wh0pZ7+8AG@tIw>Szh`i(#y-3|e24LRHm$*PsrMf=;SGP=7_N
zIH6hsfF%_VE{M3VVW#FW@Y%qY)jYH^0GX~A@fkBVU&4LH{KpA0AECoHF|y6$m6es5
zFd6;)0QyboMGsLr`qv1Y#M;(yZV}bzCw|IV6!=0r#O)=~iqrOr^P#U|vKa52b7&)j
z5Yh_%$Y&6`kk-s(v;zu!(2>Z{dOijqylEWF=(#$Q(YwXN#o|iRz4Hv8+Rm@>`ZlFg
zvebwdBpoj4eVK-taFnVxaqDP_(I^v>_SyaQayY#B)O;K(`lk;1V2!wS+rMV(%7WEH
z#pVCi9G@BWC^T^go>1Gf)7Q}*`&fS_dO>D@;+>{gg;)ovH3f^Bu2qHS@vpXUYv9`g
zLF$T8ai!n7v=pot_N{HLnDR?|f1T8`W7;M6Wlv7N?F%SqVQf3?R8>(7jJH>L?7h_7
z`&VAbm7nOLW|sr@5OY&`KThg*h}i0jxrA#U(OyvxLQF%QKCm#a+--Q+rWUg`K94S}
znwV+Y`_|jgs5DSJ@yiIAQ%~O-@>`|#fx~D?HFnzSI{GpWCe6nJ5i!OaxCH9&x!^WS
z5)*6r>Iw?T*8yivF#S4FP;)apNWA*-b^}N8`4Ru3yew9LdT4~Ut=}$7=*5wwQDwG<
zYQB}(V6ioa`?OuQQV$Q$#i=2vPU9Ef%arKl@j;k23VRrJ04g4$M>_fF!b|9HA+SK0
z?Mx?3y*pNCVaeWqNXd;`|KQpHT_XmpnvO0RVimP+3w5$)X5}o2l@hIbzi_J_2u*ct
z{flVuPbw4y;q>kLs@^=&#$o9WqYB$jpR`9o4f(5N*Iq{73VsFzO=0vRTpb~Hpxa1`
zovzM8;n6n&5Rtt_*ekA0BqLh&1)6}*$#cYJsBZ`(xiv0fniK)wbkKB+@c$6b?1Wbl
zd*U=BhnS$?yAz-6hTsg@+qm*oU^o?2pmUi0#)G#EFKKB7Bhz7DxX%F0p)TJdA>GJi
z{=4_^;T+M(gOgPA{||qb+<JIN3Vy=IgXdHze{G-AO+|)Y*tq!WSW5hp@tWD`v9yL3
z=1~s=J|~YrY#+BnEuFFD!7KL7vD_i!CxY%;*S?Trb>j+udos{x@SKC<qQde<ZtYP$
z(f4UjpPEhwRnt#^#Zjd#KSEnOtfc_PHwjjwX#u#JwknSqIn9NS7iC=P8Z=yg;oRqk
zZb~5Dr?F%$1rL9Xv*_$u0bdjd3WM{OgD1~$W*T<kP~I(kZdB2uZ0-hSTyDqDn5TGJ
z?+AeJS0Q$1B&xe^H&MlIz>^A*#940$b?>OSBRR<t<Bn`z?MpWuEH2(d;!V70<DWqc
z{6mH>X}t}HRcLs_ihM8k9HyjO>l5C-zXxV`@4SUk7pfcZCY`8I_QYIj8sI5$;C{>Q
z3v1@*gRw2t%4hVv|H?Q_z=y)AxsttfT!bLwHH6NBKpnu0{R=y*VMS_|Z77t2vs-m(
z_Pn_*Ql`2S>YHqkp*YITVleA-Fbs^s>;CGfQRwS;l4cL;VbeLLK37V|H}8P?XrBn*
zWAto*0slmnJt%JY{<p1^MyqZ(z;e3T9a-v6ZBM%5cEKZzqHH9X21MKpq&YLubsJBD
zd^C2Jrj6IpRDq^QH#i(j*CM{5ZZk@NhR>RN?Au`OK;u8a>&W*GD2oF}O#?98>Vv5@
z8`be)vf>akUdG2oB~i~u04@8n%}97y2JGWOKr9mJN+@)j6zHLpe*rnH6j0${J5sg}
z+1m<zRn*js`~r*qs6Z+&jz+@Qz;B1NO8W3K+VfHvmn^XxX2YMP0N~xo@RRQr*v0(p
zv_XdC?|>#4;fNVIe|VBA0VMo~yqR}TUHW-^U6}NEAN^qk{lB<5_hEkSM=67^<gNIs
zBV8XpCZ|s_N@n~?cAd60vq+!o#FmV0t)3rsC)~AKkdIqk!|p`6?~{q_#hyQI(D+s+
zB!FM%tBGrwM4rO2s}yIgm)WB4ho!3KN-je0#I8sn$tm=uBkWfB5^~F6d{V{S*=*Gw
zuVxn-Mo{mlu_HQ8dxLGyWWe20>Oj*=6#ZPo!1;R0p9hxbFu#*0j@})akYV(SQn#HH
zXk|)&f7LFNzJ^m`4mfu>kUSxM<;d@d)%PWwvU_+4ew%1I^f25u@@$c2GyMl_lVdG$
zYp@2EEaNhXI8Eikv=aiI@Gtl3UX;NcQt6GPRwdkD9v$9N_UQKkGVe1EcUfaKCNn(W
zm31IblEM841C>j0>N6LO{D!zSXt#5v3x!V>o&~wiU2o>rn%Ay+Gjyx|s0ld{I5zeb
zargxtFtM@F%sl55Rgy5Ey^e5j02)8JC8hCd*qTwWxK|38xZ#5Hpt@0p-)4l{jv2I4
zsQf!_wnSFzl$B*09x58BECfQt)CT8}&3;v<X`UGDZXCAp=u8AdN-4Gkhr=Bpv&d9u
z&88Bk%vpDknMmT{X<mvdXlj~!N2cRc@@sQUX%BQ{r|Nh892}gELazf3zrgZe1h8ix
zZ5cavB)|Q<v}=d1d4MoCFQ!3#<QWpuTCYh^*%G`DywOYQK!xx@*b?6-GOQ$wRpMd)
zFV)Y_nPjxLyIt(B;h+Y<%}AZ(+Z5K#s(MBsd~nKNbJ2*H8~=Ika5u68`Cs3$hqUzl
z4{}qj6#JiV!u7`KiNsu+H&?sZ?ti)vGtT5K^z-k3zKQ7nd=tV}4By1ZPsXRnHK)EM
z9LqbE@^dv$?rqFzFFTFi&V}>gPB~(wR*1&5WqNp-iTS{9qA7whK6Y5`F7_!j#tU-s
z(bf0YqFwd}MX!|_aX+8!Kn8JzPCQM5uk-j}8;JU~O9KVP?MU4)?oyCKJE`I_>`Lqh
z0r5$-?&JD0dzT$<QlQ9QhEh^xCnADa>Fg)4pOid{CMiDn*54kva}T3~p249<_p7-t
z5}`G_Mmn);R(MZpZ@PPZHqnj@PS_{=lmFR|MW3f@Lev(O53xGl=(Zv%s+j7rLl%3u
zjfvo+<_m)fH%+DKR5HdU5I-T|sQ7F<PRCKMUD_;CH5WXZ@)e+NFbIjN54VxL`xMUS
zH5OZ&MA|(UFC_c{DE9zR{n&UQ<o$NBoS(w^wDjjkxhPOYu&&9MiLx!@DCEm^cs^Ej
z#BZ>?9x%@!Mv1exl|Gt+Bk<>^J+ioBQaMDu|FJst?d>TJxJYN%;BdGx_VWh^<(N$G
z!HE>9XD_M1=~^o^8&9dqJ`|ZmBiS;J;0Ft~t<Uf&)Gk7&Yv|vD3b42n%tg7K-R}9V
zlI2;|xYZcOn&AJ@p^m2BdlaxIT}53ofbB6+2abxX9nkLSB$$#fR1j1|q1DMrjQGO`
zbg@8A1)W!h|8hPaF{%!fULeBv705|6L;$>T86~^&-R+!{69L}-7icur9lSMY)Vq&1
zl?DZPzkyOTq1bFC-Q=;#YruJG6qDOb#Q{y%t-b4bZzR|a#H*2vZZSBOPkE6SG$l3g
zj!!AjN-pNomq-sD{{9~iwx3R2yA*fUvx-L`x#wuQYe8S@n9gS#VjxQcXZ-l?lG~rl
zB<&B0Cy&KNsj}9DxW5jOxA2~mlUy;s3pwt2)QTjq+`Z0n+pOeYH|3w-plkmRu<OXL
zi>SHdgD9`<FP>;b(;^!Q;YJfIZPis_&S1(c7`CepEqu3xroPMC78v)P&Y&LgY94eY
zB&LGI=CN8;3uK{o9QHWuAUpw{016$f>=u8}q`E59h*)rovF5M2JKs&tprLo-TdG!8
z4F-<;cv{cVPKrPNdgd#%X``cRNKbg;i`0Ydy-sOf2AAT=^nir>-|VNk+LQ^NF*Fh;
zTsgw6@~W%uSq$n9X`C4{ov)M%uco(baaSPe^k>e5G>nB!b>?odG^jgfj;X@BJ(w1u
zuR8Y{cJPnK>F9`|l{w7ZvhMA7loQ+TSBbjMjG;P&n1!r-T+UHcdaE4YmNgRRMpfqC
z>%un(^KDDpEn!gjA3D=>T-B1B`SdgMcQ(qEqaE14yqnRF{x1taR27h+75VBfTe4FS
zU0z#Lzfw5~ezEO;=g)+R20u-Ua_U2NRMpq+j==pUUk`j2t>a`)HQin-Bnim9IYikC
zR*tw$q}vo}AO0I5&MXVWqdJF|jOeOAU>VM=T39wM#)#qa!tV$V^<|l8Pu9rbqF0mO
za**SqT7y+sKZj|rs4E43e)aq^On-+2u}ClPflo!nLEz<SXxUC(72VBzl0Q}TMSUFg
z`dVWw_d&wLgh;$*9P-oeo~nR{j$wOS<HiV#j%vG@$GQns>)Ceae`y#w5s{*0a_24b
zm>+tg(>MQ00YA+uT5}^X?HdtM+`tFx5%b)(C(@Q>st9@Mj;U8vk1TnCy?F^0+m44{
zUsTZ-cBP!-{N9zZlg`Mx=QdpJ&+wzvdZ;8?gwloUfYY>(ZH86d9l~bj=Jf`*g_@q1
zydPQ||B4QvQ>KZ6M}^mRXc5uUXW@^>I9@UoY)2DZUK<+gQtRcqvB&6%H^B@F;%L^b
z3jPQZs1qgze6Ab-GJGyn_vr9s&DdoT139Y|d<^LI7f81FA1zhP%Wrzm7{pJ%?HcNh
z&qCIS*Z~ZI$v*Z66TNZfqA*waNnD|d-6>KZoOnMgg9HuQJlwCY6;QBpT<XwXp*Sxa
zPEU7<{)Vqk2IpS9`3q>ASpr|sAYb+{X21XZc{Tm=C<RwN+jEYhJmETln-5@xmcMM*
z`3T&MH?QW4(06ae3|_xJZ)Z|0`O%VZ0F`{T`|zZ*T)uD5QPs5LNz2ll(b3WQl#A24
zC9J|uHBDSt$H%Gc-ZwQ0Ice%2!kh*%EJ<sI>+l}sySV*vZofT5WY~?Qy<>N+!8gtV
z3TDAir+9oV^mb~P9e3O&ULa$&)z2*9w|R@h?hr`Dkoq$A?Nf0)v9Q)y+I&k>t9PFa
zB1DJjJ|c5N0Ue0=`_|d&X*6saswlbbG*+M8CQ(9upfTva+ON^dL8zPYbEX}6kx~_I
z?z@*WmRtxPn57zct$HHQgcD1o>A$Pp#A=!A2JPdtG{n@h#TVi~`Rl&**A;UykF)aZ
z^b!VD8LMRTXrEzQEhvCSTCQ=Wp?vl?=8XmmrRiH+Z+!(W&I#4Fxeb7lM^dIfd|rTO
znSqE}$_ZK(+lTKP=q2uHb2LR`99Ez@8cV$RLh~6JodGI&Ts`1ej;qN%=jL^8`=Ifk
zf}s1@Q+qJ&Oao!);VN2H5pezsD9_irozU(=rqHeY8zqZ`nSAgAjc&~EW>0JKR7~o|
zu@n(>5_WE$_bw;K(Px<4ye3L)JY4eok^GWdM$prPnbm91I>4(+cKhI0#YjBiUP4AS
zyAceh7MIobPMzJ?nCBXyZDF8n8+p_JiKJL@@7PJhRgzt;l%d~p>0a}8v%-0c6_V;P
zVO$N}Z7wDrSuSAZ({1I;Nb~-_o@*KPlUE1JD+~F&_Sn7gpF5xRkW9y)O}Y)%Pv6=d
z8ygFq^IdjXpUoVsPpz3tk9Lu=+b8S>yC9HCpxxORC`3C>^y)sLz98Y(59!jw5*uMP
zo$tpU&Jf6~%@@m{S{WYuGUK1Sf?M;>e@)}shSc9nYgl0$M;k>WrwH<yed-cFuXYYZ
zNt!22AsQQoQh|tDe$y&#N|5O{c~l9W46k42R3E^PzGYKieb~2zZ<r~}T9=r5NfnZI
z=2kxsB-0k3cnebMc+_eU)ND}xVCe@8>brdpDWuf_yDWSP8GAU`p~bpA^B82Yrv=b!
zv0Vg6AhvXtXg+zd?RfS6+NZoN*=Y=h_!@^59)gLeBHzZ^q^Ub$!|BtGkMTl>+y|`*
zg6Is~ku;<wY~hABlV;QVYoyT#euFZ405jDly1KM*!?`s{494W6;um-&06m!i(5;OY
z*N%Q_<$Ey!SA1ixs9<M^F4{E#SNuhN*_v=canZVo^3%M2^ozppmPr^gXS*y4+3fGv
zY-LU*#052;M-_(CO1)HW0K(zVTVk7Un8yj)EW;>IjU<tEUx2@s!cHYRv{`;6Qz{N(
zh7@%W(GhvtGAAMSnH*PttPEU=I26%sR43;<Vmotg0R%#)N2cF_bTztc8IB98(_U6M
zQ#+5Y{0vygjMt2ak98E1q-Swu7XW67yTF$lH(YOF5B`C}FkZel24`EpA;JxvNvT3!
zizvPb^j)wQxX0i(IwSxLZK1HR@Na3|%*7~f-RfW;9u^tHy_mbQ>7t>bud6SxZLO5Q
z<nG_rsJnH~Tg>@l)nKmJ(fxg{iu=3TvV@<yCZ2U+3a?ym-rn=zQ9P2J4UcTo^AMhU
zb6|p_u7BXje0mSGob!%uq$U%#BdC53N7#K!^M;cCSTqTt^0C}$`?IFs+ap_9VAO`T
z!B{`gQ<Ip;zlJuEs4f?FCP7mf#hBaQ(p-L8C;L;w`ToveIre(xi)Rp-7D_;ZufEOM
zl@7QM^ky>xS7K|_5~X+(e7ABI#4@<c=C+E<v6{Q3<uF(E_4(En93o}28|)PIPPUAA
z8vk_~HtUz0jvNx;0M_18U?6wJogcn)Gi2h<5!8-j;kqj$Ty+i*N1(nOo)3sQ`Dj~)
zHs0mL>Yv7pvx;&Z%kyzaitx4~K4{z#nf|HtC6tHih*FT4@#}27L#?F(F}c5sipt_p
z8e@i?k!~yvmbZs=u$;bUZg%xH;gzYK%yDkQU=a5Vrpfp4+g)8%<1?R5AYIAdOc7H;
zQ0?yfqjz=hG`LTTx=(rvSWFhub-BGzmXyhICq`}Hq3L5))!E!_hH9D-6FquWQ5{HG
zdsJ{9>MHVV&D&^*#e3OFJk$8GC9xBRwHNT&xtvWNnQoei1ifjNLtoMfDGzW_raoiL
z(sH`<_YB<Iir<wg_^nLW=oP*BF^|^Ohgv6DeXJ^sx<~kNyvdlvr-hwdgRi#ejI{^(
z_Rx~1G46?`pqT5wOgC}Agfw&Ja?!Ciea~||_HbHH^)?Fhst~3RNnYgpgR{+zE;aJu
zT^fiurNvf%`&5J4p%mCSe`$OcaExxIGWrk`#EDN|-4k-u0E~|2BtUO{qKR+ZCHfDw
zKt*_h#RIhBCdF9;<OSVxIqJKKYCFklYJ`T~?NXN|?PAmDjO|+1szq>5Sxt7by5uZ9
zIt~@wU8CU~C%W?BEDYEvwjJl<-LyyQgreZ22^neYVdeENohXGmpM?kG&s}>RpOjyx
z!#pY7hN%>dhk^@}G@&7k4BJk+`@%Q2j|R6p$urwXt&3DGigheiy=u-YC>==osr0(<
zINWvy$_htZSkgQ&EAM}ovUC`%6J+JJs;)^(e*8$-(!<8q+?%N)9c|6@LMGE9p}#fi
z(iJw&aysMPu1@`d$q3ZZTugqfWOL>!qE^5OpjG`W{)Q{ZG-|^}JQ1E`M)|2P9C3B~
z{8`1qxrbEg80|3~cR-q6tB3PEZKc(kINmsjUL%>R)M??MzW>DChH_!{K`dM!o1*>P
zCza-L;7<{oTS{lD&8bkBQ#64?T9M}W1wFmfAmBqZm`GRuW?9;ZElvGz)q#f0fCl)1
zy8lhU4EC@>pdesi4!?z+6e#+6g$*F=-M}?gqO}gzI4;BMPko58b~<;~IW7T_*5Hlx
z#;z#1{)ZJ`S`RE3og#&S&+ssg;H6nR#7(Q+hAo}q{Ayx#>)+AwrjNhTx0}~qqREmx
zCHa4Q6)+{tbM?jAES_pR*+vB=z|sR|Bdw37*It`}CcpsYAjfSDyR)T-EK@<*IX^70
z1cRLCt=PTDAE?9M1YU|z$jXOjmFWAb=yF-~!Id<^cl~bpAZ}q-i#a#g0SX4c`Me@}
z8x4-6yDhZC4-~V{I1}tX$35EhizcdUSkAoiRxnIwY4lbm$xTl4RUpZkjMqSarenON
z$#e=9ORW{Kvf(*h6Iax!w99CjY$G<Ljhprl9dIKE)Q-Z<_}3z!lxP&LZYx69Z+*op
z7EG-~IzIu_c9z5%I552Q0b9LA6c^CIOiK}yOK9z+&mZkNk6ZYjgtAs&dlmus^$*=2
z@ADbURbWDa3a%8%4W3$Um5txmfWKFe<mtvY=PGZv7vwRXp2nha{kqT8MnHyi*{4ZY
zkCp?D`BLQKoytoh%EftrZx(U)$I&hVd%P&$2S|0U<*UgNs(DxN^r?$`jmO+H@B!ku
zz&G0g#!R6-dgQ4m@N4#<dIt;FHuPu8I?{U#RT7tt6fsn`NQ`!)EagVGM~PO}@G1V?
z75HU%a<!pVdY4guy^(xtZbda^PJ7t!k<w}SAuX+5S5&vQk@JH$%&MVK1O$(vd^Pt{
zjvyiLnxqz9{o^^{1gHe~4vRKy7xUSh___n7z-vWcdEn^%Ft6M>TNtK3q(=W{YKd_z
zBa;#^_}3)bVP$1}7CL8U-Towq@&$6-SPu}+2MA55Al+}iq@6fGhg8=R*4(`TMjhJo
zNopFl_s<o-zh*0``y^yn7vhJq{4ivOXCC8He^|{3IMfowZLE87Z4W9{LC&?h=p<o5
zpbR=^C19ne-3PyKH!PEjat3!%5VGhnnneNY!>i@i(b=)MQbAi}_Bex7I4uo#sigO=
zR7Jy%I{xk&*_hrX2XSk*z^(F)Pr9{uA{ZeBx~9O`dm8{LE}`4bYUy}w3U;*#3LjJd
zdB1N76d)B<*i3?USTfCd3?R4Fi!}>v_TUsCfR_?+*8yJF$7sX)R&|lL+2$w7Z<4((
zO+g6@5-o@|HOOa-n2(@OqGqV`{$x%KdZ(^=<<ehsA3z9iiaDX<;Ui*IbW~B}G8nKM
zAlA^TWCzrf-K!Tv(#+(+QIDI$_TeH2QhBVNK8FvIexP>4P)!rW79&Ex1S+RvVw}fc
zNS-P}wRan~N8A(>(^q!30`>`EjWKHk*0y<98r%iF^k}{yxd2fQqwSb(&r)}A3i*Dt
zzNiLzIn3phPkw@><lLuu6MW})y3`LemTaDcW=vK7?$m{;#IuS8L*O@&#GuaoXr%lO
z_ELERWqkVJ8G{Fg_Mw?hJ70aa4gJ5%2;?GL?nfZnkq<gy7Ja9Lq(i>+-2-kg{b#9N
z8G)U=!Gw8bo<7-$ZZTk}_F%H-Kmp)XRAt>FrjCUq8q+3Re?K{IcTue3deJ-mGMj$v
zY{@;XZ;0)R#447VY?)Bzpl!JpW@T}qjrrq-XJ6VhuF1UP7y8U<(0PKNakI(JUOSN&
zy0$dru?Sf;Q>x*#atN^HR8gzUDdISS5*Dxx+k@>a3Ola<GM{A7aby8=M*of;{@IV(
zfrcI5aR)Y%*oyv5jTe)l)c#!{c=Wva6x5F(QE-s)rZZZ5w#I9%97X=>dn}e_<mZ>=
zOWwk^_t<}}KTLWS^}!TQ@J0F0iRH&2-IwC_^fY^7Y-+{b&h(0Vyw|=sfZp%l<)wk0
zsSM=rGxI4p!079F!r-SDDl<^Apn~6r!eYteH*q`&-+>)~N|#5%fmQ@AuZ`PnQVaa4
zV7&;+zji5&!198x!;Qa4_<63Tu_wWsC@-kpT&fGtb`RDzamd*tL~)q;o@+Ie%1|l|
zMelxmt=9X?+8zFef2CcfSBX&nd8OrKv?+BV0dw0LZ$C%06)0G(-~K{qpyTkvy6jBY
zBzQ`|Q$FDz8G{N|;uODWQMTt7y1q{%kD9!v;?UH}#m}VHJFFMqsQ!&SC*}ywOLR<B
zBv~D9@eRRH8cQ(T@-^rO3YSQ9w`Hzt_v%tE&n>Vt;>&Dw(%Gi{m|Z<@k5zYEc^G}2
zip8&C7&m>2h4|<q($H`i8!@khOj65b3^g0^KJa!a{oLMaV7K{g16RrYZ#dUO?0Q?r
z#J`Q=^ZJ+9=siyxuF-oV4jj;A_#8A=K-#<3D~mf}xFEyU?`l;$Dmr4JXAef`dyGpE
zaVIJrI_xdpX$p*7nYzXe)gdP&hqu){{=ASEXj8K%fK@8`@-aJ-^=%8OuzbKezxA?U
zF<V7)^em^I?TT{_Fzt?YpNMNBR9*@bm3jT)ktkO9-PMXW;Cx%>)Ps><0z?Ex`)Uir
zFBE7tcnz47JzEm_H6gDB^kH9R4AqNAbf@o0i#Q2LyxF#2zbkw(NVsI=_9~{c<i%P|
z>6w{<_V`IX2|;B4C<@U(hell6P<%6g9=_LJcMnU)D-Qf@e~_G2g4~@#7*Wr3rZ@Pn
zU4Xl`kA*%LZ37feI6*pU(AVitziyPV6wHxj56*gSzFjXD&cxJwp&X%s%;M*oUVYLQ
z3cf@o)NSki8}+~%+QqlSQfsH-P+$=8iFoLI6E(}J9sZ&E1}dh_Sr@9wuUU8lV)aqy
zfKjg9g4{w`(k+pHd-mW7+hDh}2uCAu4?3NGM1f#UB=zbZB4aIANN5upq3Nh`x`|nR
zal+bqZ@5!r>9#g5h5#Lg97h@kh<r2OEKAU#iBo4n=9OYK_ur3m?7Uh0c3viqotnCV
zhFttwOclTQweeRxI;05x_RMnJ&t-J^o?@4%`>Zg|dv3o|*b_LrLQIM`FS>slMvg9j
zjj8%n>Xoe7g8w`zRHU=Qp)LeI)h)(;Sc=0hLf{(fAFNh-)IWBSZndWCeD2<9Pq>=S
z=d!YkLxY|#M!Bzqs~V=R_1*LivM?&~-DEM`h9b{)C|B+pg?ZQdqOG`T_hxkgM7<-r
zsH#JyBl3>U<BSOePYU43kYHo1>TO?wsqKVv?V^r?w%wv!Ll02|l0rzHsY|M+s}T<3
zCL(O(T)yLv-kYgzXh7Vg2uuln)UauBZ|uVFH5=;M{F?PZbMF%~Rrwbcf04Zuu-u*R
z*fTy$l3c5N%*1`O<m<z;vs`B{+;`9Q5BB%}8hBntD(~z0OX+Sj7XF+|c^_rVz@zk9
z0&&OI-OSzerkgy4*yz1BkfN@PSWHXMFt~ihooVRiIf<W~+B}Dmcfg=M47V9jY?1jj
z8mcUaA4Ej!M!);Y&)WPBy`=J!HB8dz{x!K(!r%`pkLnwK**8+IeP$a09Bd_c?osb)
zz8aVr$0sZAElvnk?<vUdcj`v;3IxCwY`Q}~WP#j+=?5!%)TzVN%D7*4+uZoTDt?({
z(++RpqG-8hu4nwOva^+}K1#ier|*Wx7>K=J`lNeyf0A=WNk_V&{yZcb{f)IS{5>8s
zoV=STWBKG_oYGRoH<*~3QfkOwkq-OKBwrZd1RO14TjP33NjxUES!|agmVNL61(c)H
zDnYw7qGj2Q(LV@p9r@jYob1<-NOxNKl2LibAgVDB79lkuIuG*7v>xl9N13Fl{W=Nf
z>rMJ1(4m!uPZ8UqYEuub{d3Slxm$0a@HPp5qb2Bh?b-Zr@E2*Psai{WD-6a`nTNau
ze}@z+L4C9MOOmwW-jAj8oKa*s+C4rmzTX^l)Z%x_M3Zbd(S4@D<^X(~-TO1WpiKCr
z&&e(7RRcZqz4l=g>-FF6LXG~S7mUt8{t>hs^SSN_>*z`rQTnGcgEy{|kwS;kD{M0F
zT7Q7=a)A?8nnN9<F}~3EK2o&%D-U{thk_2hQ306lvTqK&MMS1gm{etx{gwVq*6GOB
z*L8PO+40@royhN=$EF#)Z+&Zs;${o(uI%5}mi|^xyxE5;c+Ebyq!!JOV38x2i9APp
zn8liBhxZj1C+8?N2=qePDOS%bVChuK<IejwBCB@yD=*}{-E5Jn2Zm~OAJ|X-QNJ$~
z4Kiu&7!9VM>GX&TD-*6<w_e}*W+TZGE4$4~y;1Dh<aB6+dgqiA@@^ZHTlu3>^)xG(
zKk^IM*A{Lx!tlzg<}^;{Gh3gdDSDlRaJ*f)aRN6>N#1%v>qO9OWdj#d6I1G2NYyJ#
z8o*OI^A~pMY&fO&CrFM?k|e@wgJI^Vhvm--97X%2?Nfy*0<zJbol%$|fj42+I(j;~
zUqj5#GzQLK_NtFNW}wbk>MP(4chZuv#9hO{?x2!F^<DLkY+k2rf0^Fhdni}X5|CD;
zw%wcmvi5AU=DaoU+?KYrBsa0}si2QuU!S*K;Bs5qs^HW;&%rkyHBeJ>R<J-@gRREu
zNVcZLHXhGHb)POwiz-K^xogR@Uc*WP-T_B1l%2!LYvMAGe~YJHR4@>c$+^!vw(F#M
z@Y!J6?e0QgJSORR@!i_X1_$^r{CJ(k`$!o0S<lPU(Y7flcPS5)Gwt|`<Zc>*_|ezc
z6ZE6DSi!ndRO8PyO>!zNTbR0@nhWL81#u+()<=K0NxJl9iqYumLENdv5wymDkc9<|
zg6T%b6&Ql*^f;H@w~Xf%=Znr*3FkCFfxNKuL2Xe%H0gi?nT*oMd^e_PyxEZT;6WZf
z30IA^Ckg#)j$jHwId8fXf>hsgC@jDVJ6n&gha|Qq+!grzt8!jOH*>!>sMv$1u!vqb
z=CzIZ7KiQV(7ClI3tHZxAap%uLdtWSUFBpZ<SlgWJSTW^B=$_KMN4n@jPBl5mHVFi
z$T{!5;}lZj@LYA`HhvTCUqa3Ffdn4NG_<VsBblwPsQr#RS@g|eZnT|v{rU5?mjeQ9
zpG^gJ%>a1q$HY+4T-EKbzg@qsbdz5>m8mfV4hFj@q)xV0@uQOfCNSQ;_e=-MMhqE(
zxG_3)<$43|qa$FV(ieI(e|J9#BG%)&P>Q)<+okog@0D4NhmiQaAg@uoV=D1AH8ch&
z>`{Y{_R#wc3NNETc+hD~Gk<13U6<DhbX;12wOLm8PRm-28nm`OpLm1)^dl6{(b5t;
zh6m;^o~W;J>E*T``K_?ora+IIX_o#e7I(7r=F9mg$4MZdLD5|t?;@yP=A5L978?t>
zl8>yBNs)T2=b@CA=$20HrXCdCu;ki&@=cuC`)zu0W78vvlc%fMbC6RPF5Db9G_q$q
zI({cVb94O=DnNd1=xa6I+WzBAmUItoJaI$Mp>gVI&f{t61KeS1)qQUdrQ|?8u&{k0
zp)Y0k%Si6P-RS}Pg7$vICN>m*>YPR%Ym-D>%a-$R{f14GJ6S_%Zr4n<qH+LBwAbfQ
z|K;Nnjk;JrM3khF(B)4HqG~_f5$CU3tPUV8^<uv-@147qcR@sHV}R?bm&>Ph6=Pj?
zS7yAu2j<hwfj3sds=M)SYF}?X;(@R9@+RH0EmaTL#kNM(x?*mYA$FM#gN4*9ioeQR
z-Q6qO^%sc5=7LxztFl)Em!yr-6N$|njnxw%<x_rl{7vmcszY({Bgmzbv2OXD0H@<N
zvrZ#{6(TJCAgORHq+Fx&PtSb7?Dc|++70&~i5YkFVE>FG+REux>aN6St-X)#!Rxda
zJ15YPj)1Rc@z2FYBb&Xq*s_qv{D+Uzw9i@fkLG_JF(AK<pVao|zC_Di_%>VE_V`7W
z(^`|4vHtXiZ^218HeDvjYoh`;Y^vk0%6(4aaO>%}Oy-B*6UN{BznUMs_68ZgnG;ej
zE&d^J=mAPsp`R%|T8DaTuFNZfqiY>4X7zSPuaVI2J>$dcA$${c#Y5DDHxJVktYfZ_
z?(#;0G0>g|ck_#L-erxM^dN8H;m25Y=m~>MFx@@EJl~xQ(zo_TY_XfD;6SwB;jLi)
zrUwGIyotiUgloG?GcAkxm-C#Zf1X|H*i!U4kZhB^tyA=^7<22kAYMr21j=z%bZPh<
zezH*UguP5;0%pGRN%oT~+Q)PcyYr2K2F0k1MW4v_2?Q$jQdFW`*xF04Ouvnprkq4?
zR<X{5Xz4ssG<xN}K<BT;@;vF=O?RHp$!oK0u{e8ql*IhKS^nkuKRa{c4)vZu0G|gh
zB~0sZp=#8lkIU%Yw)5Ce%0d>h{MSUm)}#q}H_He%&Xo^`fU#}n)jbm?%u?`ox4D`h
zh#-aY*4_luPF{{a?)PNL=tl#@Z?i(iK$9t(N81oPDIx_bW$!#34Dev@{54!Ip{;TL
zp-$G1_eyb+-iS8-(a$C=&Ov$SEj4tcq>a+P9&cAG`cd>|8y>o=>ZK~wdH_aVl43rO
zs{dqzT5?(={!=(UTPA8N(P{og>`FK*T|aJHdQ>)P+#u%9C-Y`aAM_?vFJ*nI^xJUe
zm5v1ifBR18;Y99Sdwbh4iP8WVaxZl%G4$}QwZ+XBoRzw<jCoAEo?vUdHz{t5Bw$J&
z(c5Rnk6ak;pe`HXxmAhd0Xwu<eUo977D{x;&?*(i<;#&Y#f3^#IP=r2_&FZxq}Rjj
zS<BNg=w8BfPL!@{o%Z_fdokKZ%=!&ybUC}dV{5iNsQ~tqdRnJ*V?i+2mIKRspySIR
zD@JXR5L;==z6F~y`!KR|FY)O5{Wi?R`8uA3ab$qjw63AtzI!Lk0a-Y&mVRiZ9`)wB
z(G8?u=s!vKIZt87o12*9mznSM{=1zmA3dT&b^V8DdenHCO!@Mpkhux4LG2?PCOj=Q
zhWyw+SBX+v+-CVD=rM+|X5h>nO;4$9soPh{Ct06sx-sDOJmS?Q3GA<UwsTa{Df%*?
zYsru~8|(d#E}~8nItcNp!JCdHdska+CTyrgsO05-J`SM#&Y{A5b+b*D&cAw(qpUcP
z)o2lM=FV2hyZsoba#z&YS?<Ot-I%&k$YqZc7eO;dHqC-mH|C7)zfaM7EuKWh8|kdw
z40PJU-Uv>;US{8GxbW-83TW=!WLDKcVB!AIZAX;Gp(^v$AT<w0zE*AxLx{t<r_fBe
zn}ZqSXD5Q9gO3?I&f4KC<LPXR$k9~Zhx379H{9Pn|Fwabo2@a>_$c<{uoSa#h95ai
zQC0ph`BO@EB?Zy>{oLN1Wl6$#;k<ZH_5>-UX_dzI5zVyJ{<tC`6BePfxyAUm7Bw9>
zKL_5u^GlfO4=>f@iOz@V4Z|82O2OMoOQrCl7ZNIuuoa|n7McNNON;OGh9OEDqQ3dZ
z9_>-%#OC-)R{u`Vzt(^e+Zz#&%yoM@-Dyf)tq4w1rvwgZ(TTpA9X>(X5&nZ!6>of=
z8r#T+3HIH(q8fl%H;cWbUlJ4+^IhZ~z=^W+PXdMP$J<lge}IQut@5m>&vz2%jdABE
zR!kO9ALX80jZ2icSLKL=uOzaT|IX!>pqz#nl!IDo4SWq>S;D$hohPLV#UXCAS}xXS
zRSgc)WR@xQp+PON{Z7DDCtZl}=dng{s}H3OQwefyS~sbegta2M!jPx{5fh(YiE}NI
zB04|BddzEn{^DWWaq8e1ReLb^VfvK>tM5`*zTZkZf1f`qg75NEX1e~GSpd)ppL(y-
zVo~}724Axy8`T=`wxhrZq%3l163*?n*orK>>ao3cRhSCfoy*(aB4N5wBe2&rcZ$GL
zvM^HZ!V>ho4eQ-3$!l||(juGci}j3!4TE4fmz{{xkNuHJXfs<a8>n9n*iFioGAM2~
z_Vc9}V;XTWFiVlsS)B8Nj`H>7m+N0r<Q8kiTviI0$4krcFBV;aFoagWvzf7L_nT|3
zVem5|$8wK2Q!m?ij5PV9Uo-~vZ62mHBG~_in0)=~@JCF9wsj1QVd+aqEiDDls1lQg
zw)$*OL5*nB2ME8Kch4*GpEp&MSsc@uUfsj*ElIDmC$04ajwklsNqZ&@B09V+{uVtc
z&F)MMg-=RHa;+?$nDe%$Sfrre)P@f0hE?{;S}k<|+HxEB0#uKk6<dGE2m92Kzu&sN
zVI@>(j2-QN>$ti<Tlu_e<-&eC9{=(#@$K_ytpH=1A6eEv#y4~kk;U)&*`73UcmIg9
zm8z<jjO1?S-19ib5fBWOLvGAx5`bs#w%c@1TixJn?~;8E$ckU5aAai+QE|*BCm*8C
z{HB)IvTqOF+H67bh?jUy9J6Gvh@hhm_n*r=pTFirI29@;cJ+8v;jdV0x~q~_L~VEn
zF&0HCd+2NDmkpq`?7#9VJY(aK!i$6?1wa!4>#V?e{ZZt{yS?Ov>M^e5XA}PFQsgL8
zTZ6wAlBD~#Gjg19bTj<o0zsXSXl)x5g<BRPAawSBto0`tG*R7(pR~P>XopF_9I^hu
zLc0swW11qVwHTRuS%+iu)@iDMs1HXE))eNGkF52m<KxKpQE_LQQa=~<qF{6j>`ll>
zxTTieJTq1)Y|W#eBAW4xucwPNG;#H>cQ&;?wOZ!xG;+96Qe|V~TcQM%AJbOq5_Hy5
zQ~QcjhU3Fr`Rt}QGS~~K!gg32vMH+HJM`%&*DVj|3!2gwmc3RWmU$NLXUEiZXCBPy
z#tVwiE=)dY$<jnA1%`wM>(vX$y$F5(bHZ_d2zj1c{<{4WVJY2@OrOwRdMSXC$Yt&E
z6tVdS%c;xl0P8ExLK_n9)0T?<IWQEmAyMh@>`AeleDEVZnU#AbxB3TjKJL(#%Zpd~
zgl1SXCPDKXVNSwW>ybh9hN4r4k5euVygr!uYA>)XNo;5vmB`y29O5L#pZ7d7J9cGR
zVmNW%`H+iH(zLvxwEAi-KSl8d>L%owyy;Z_Db+*KhF*?OBAt2?*rfnoubvI3uM0}M
zQuNJnSR!CWC^?^T+;<=f<#Dgmqc9}=I(`Ca*TF_A00jA&Q`{$rP@}^##->b?BWu3%
zP_}%7hUQyuSH4SO7WrKUk#K(S8NfjK26lp_AxOfNc_Sl*e$P)b+)pO^m6?$m%bCV4
zoy(d%Cc0f`h89{B;$hV@fp^R|<@Qs)p^u+zu0LSWht~OHYHA&+a5l;puY}4z<^~(v
znyy~>-`uX&+Q*WReLcceGp_7pak(fZ{)4va{jmB~-$brWq^ii9#g1#eV|mo<)fuUq
z&mGP=dKGv(1YC9YDWQ>V&gkfdBP)FQ<|S^ctMp-8#DC_^#|Z@(R9{{hrB+!~cHAxf
z5IkQ2{xjQcs5EZWg|)CeUiyW*&<&;P)p(I9=V~_U1w`qG$6DPS@juIA@oFofvI<d1
za{)+pe@bY4cRa^%0P6+~e=lrCy{vo3x#`<?uD)OOQ0ZU{*S@?csv|(Ez7(krIJsYb
zDkrs+;mtCydtf|GF_@N!fw|FaFJaTjy<3@(2M*J#)+Cb!tP!|ymtdUx+D^OVmaks%
zld*3n!j2|D$@MmAkb0J~&AD?9=!L}5Jxg@&M&5bwZ2krxq}H>s8HJ#@CFpVe$)|l|
z^*xff!(J;>w8UWgVz9_xgM(c6u3KoY+qjZDvDTDwq&l>{L+7WNvGSNb?K-#0OIz$&
zPNZ!sjJ(Y}d+c!erYh0IB%U^Vs@{4!RFxOys;$HPhHgOD{M6%mPCGD6{_R-jMHjgR
z{Z23#I=+Y5hdq9h%$yqd<c`BA^XNK-E$unUMHCDNTkk&jKq%a>gL3ov3f*OIsd!Qm
za&0c_H01On<mSrItL1pBN4a`@F_)fJJap>9%KYF0o5!`(+R<9;Zl^YC<TSE=A|Eb6
z;gULku5N~`r3^5uZmHs$v%>cfQ_CigjxT9;PKuCSF5wj#g5Bv$5Xgtm7q>AVJfe>R
z(jRJGR>9lmgDAu$e2*X$V;R4X=LNaKPRlX$2-hOLGE(DE7Y;mh8OIWzulU2}QwP$h
z)UUFs`2Mz^VLa1Fv1f&*x!(s;)^Ua!@!)kW4ekPC-pvJTan-+90Ou+<#Z3_y6Tv^F
z_$}@k_?((RJd10YAi}YT{GjEyD^TW{tARt%@B(8&R$TH}INjm7Fe`h;M$tYt&y%&%
z+|g84qVmho_`={g-H!P{8D*A!m5cE0Z2PGTmrty7*9V_if$d|rH<l`Y=#c{~dwPjz
zfnj=u<1?t|G&1qjQ)?sds#F|0WH*dY6et8_*))T%zy2pG_I9m)8BHrOTiX=B!ebXk
zFg7>66^-QA@nVh7e)5lm0GE^iZOuFZQo$d+`AeKSns+=|(}g8Q&pj^s?61`Y!bJM2
z56~xB52~E5vkt56CbQ_+5*)$YR{6CCTa4dr!6ly%+?uN*rvfcKq|0e$VomAS*oKmI
zO;6zpI1fA)+gy6T3JpJJe0${adkbY75-V}50KcUYpp{oB2qV|8T#S`Xc0S&!mc5o5
zORj)|BNt<Wtu9MaJ*|1@65uS85n!Ok))M+p_elxd#oCVGC89Ry7q%X-Ql<76_VT^+
zZ_9keTSS8YErlRXpE9LHun>qVrl+5#VE~H=uz+TEyu6qFH&T?AyaHl7kZ+#9?M`bf
zOM}r<MgGP38mHYhjkpdMrO#5(Bd~wzUn6@vVfkByeI-8{*ACFRyC0qUVqouR^;I1(
zkd}}&ht>u(NF^Pa!nYDwowkKlGJB++;$clJJD%u9*jsZ~ERIxbTo@f%*AL<MK*1|C
zsEK5u<UYKV&Z+N$gp3de2>-hC_3u3FmpwLB<eyAXxpm$%NhXUYs7dX+(Dm`yH|Mp8
zO4hbWoW&#~$B&<-m)l$;h74iySih!pogEifv?X3hiR>pQaOU2(;%r5_dC<}RC+nhx
zcG<dk*!NE{ii-}5!waSwWD+vO>(zxBEwKrMrsmT-dtlV#wPsm6`>!<Er~NmUv}>{~
zp(kHd;>4%j`~<C8Ws$&4RpFHQxI_bUp5VmARt1YoP_6C-Gk>^|)~tcsg*DeF`$;<;
zANS{0`7S3|dU1bNo|%XX1T`w`#YGo<2jYLKbG(#bvWj{!u!YoiWaDf*ep&Uy{jd4V
zyC^J|q0DY@bd^g`B!}6|N4c0mKlH+2p!`L>03<O^m_>3R+KgjG$-{&&4A{0+ocVc{
zx8s+9K+lJlnQ|g?fdC*ockeNjmPdi|(Z=v43k$Ic6M6mchEqTOoZrlCM=NqoS!P@7
zc-l=7DCHXo>B<5>Q6TH#5>wQ<bB5@TIh0F?19(%zI@Gl_K>#7|pLA&2eAdN|GI5$N
zd+HqEvIpso;BpO(uf!a1q$Ga4<x6v7)te)<Rnw82Hll0&Cv^7GXeCRHaR%zmh^H;I
zxbKy7++7CKrCjT=?YS0gPDSG4lcynmv)>sTN<D_MVi)mUTAaIDtx(n1B~RqxXKU|3
z?vXEZRigZ8u6wBqX0<6+rRVs2jG4Ui#1FM0#ywMriMzw0CE7LT#tH-4c$dWowW0hS
z{Wk&)NNH^Caa<SYm%17BF3neZTL<g#@cm;NrQnqXT($4Ge$pYBX#VcAzSzK@Ii24n
z5h-G2Lnp;>KDqj!4O?%d$Ra6Lpc1_D{onXi;x<jlqeZTh;H0S&Z=^$qwoYY4pFn+l
z4e@;LZ=+&{VLXOqrC`X#9a0M*3%9j>PR$i|Tm5n3{-p`WI33BQGtbm)Lp3Wcy##g#
zju%;_=|G~AEkv$=B2!UZtRWqbA#<Okr$Wy9cYjb?l~4RVvifq5Qqd|c;&V-a`Wto-
z)p~RUhkDXX%ib`hsMvj7gdM}a8vb{5jJMt7+5%-B+N$@CJ@|IzfoZdgzcU%_nc#&#
z<_x(iK0p59!`$>lHK}@Ez?3TCoRPM_Dc5zTh~Mawa%Oda7zdmh25Du?5+DpS-aEbf
z!3AHq?TsIa|8?`q&OMLXOV98P>+Y$Z8=^$i+?tqAiQ%&IbDleePkx-fe12peEgp_%
z3`vy9?COKP7aq#(p2Qnv?31t%=z81-nz+yYU8&$AU@sSbnvx_ID9OU~9kZ7eHvj$}
z`z-HZkhB;*h>CilYFJtt=Wg)*Sa~Tl8oX0%_|0P8K+o1bG_Bg}jHH5pPHZ2<lFa_o
z;QFmgz&c4m(C;DX=m@5)br&{M6}cTDQfKvw3F<SA%wdMW=gkPY^~o09a%+dkOFzA@
zJ{s_w^|#NabN@nnH7&j8)?O8peZe=&?0YOZn{ySpT8F3**aR)qE*%MQx;<(kqSRNz
zY?y=YUN&iprENO(eYSAPK@vJMF{g2XHw;_kFF@a6$xS{7-2z^uP6&1%Dv@*b<SFXl
zA4{Xj$V*y&q>yVmZ*L19l#@s1v6h1F#wLuTYH&QPHFw6hf_|kPiSQUK*1hDnA8nN_
zt3dCDuKEo)LV91~Wi`!n&u9}%W%#*3Rs#HOb|UGRj~)ddKQTSw6B`MT_gDYz1<adU
zr_CJ#`b;FpkQ{V7(s7|v4*+*aolU0!$Lv!!cU{DGWFOa_**CFG5NzaFMZRq(#Ui(1
zkNLFs<5dkM8X99q!jo?*9<DpI=290%vcB3^v!RxjF5?fMMUOyT(>gM%@|Gdm_0d3S
z3o>l1BEkF(MKl(Mv{{-PPQh=9YYgMX@fY-9Z=|7tTq2xE{sZkpE+>D*Z^B*0b2hmX
z&8%$93g>9%^!oQZQEK4_;oG+=eyo<52OUD3c&A>Xe1MR90gIUu$>2frspW8A>q|hT
zTJuU05+o%^ySthB8?TFi$~01>@?~Uk>i`C&ApJ;EB>r;c_utXaX#zKdKb8xnqpmr8
z7Q5cut!Hs896Tp}nJw$J<=+NLR-6>)_E3v7-~`&91MS^0H{Q6sFF6RFt!@>LLm0Ht
zPP)cIA&PQ-x+8{0fM(S@`G;%m?{ROXZFLscK#hrJQ58Xxj=|S@@;1C2RpsX$8z=LU
zG=3j{^vI<=-R_{ZagHr)?yMM<)sJG<Bf*Qj3M@&02MvCt1y)H>Zqb|$8}osaLY^@<
z1S8(8Y`Sx03=Ibhf-j?xM3~MJ+zLPGb9+vAktKLZe=3a6Sr+Bu7Z0U;``mVU)bSUo
zda3xHjP16@K&Kj3(tz{Yt!#1bZr7q*0=!E(OIjw~hl1qieuIC%g?fMXQjmJwfb-sr
z0_X>LN8{3z%=Tv82k&~iw!e_lTx%p>McHV|j=zoco;pqE{DpK}Q9y}J2^Rk!ny&kw
z%K!b_hm1q^JVsW?Dl(6<6QVMbO_CXv?bu|?O5#u?Wbb+GV`R(b*n7`|bI$!e@6Y4$
z{R7Uqe|Wv_`?{{@^&BpN_7{(P>8>Mbrg5@e%L?)TzGvQSzBEIb-U4II@=!|#k2Rx&
z#bXl_pf_+X0W9|Nr(yL67u|-Qiub(Dm#l>nttXqCuoxI`gbDcp%pZ+H0ajQ|?_1B<
z>6LJt{!0-+u*4ewk6k<!cZ6Yjdf3Qx=)Enl8}}qo6ZRuGG-(xP6Jp|ijZ`I}R<4Y2
z!`z4uAjW}rS;0AZg;%R*aP^3BSXbCM3~0uI!&YRc$tDXOf_<`Lz2#*?IJFr)pMPGZ
zp41$U*yhMM+*S{cKQm9)B#LS4aSfe`@c3>9T09N%lh4*aN}y*;U_DB|Jfq2MuU(q5
zKYxe@v@x<f&?)adTU*#>WqQiw6cKjZ+B28B!$moM{<}4K(p%Ov3^Fm&cA2m;5NqU@
zDO!Yf_-f>OAfr0;F>`9-sH~T(HIg2iw742$73jJL4SJUAR3W!mxVeNF1kP;cnq5EN
z(d~cT!*i6asi*8cI;Sp#z%Z_bOg(j``q`K2bbnl(0D)P^;;;H+t_;SuYdFkhPrLhz
zKe^I@--~Om`<UO)YrWm0ymP-kDiN?SH`6I*iYsqBi%BUN+mgDPN*p~?Y=22e`RryX
zgIN?{E25=@Shg2eFg3H;egSNH5elo_2D5<=evNWZIw)%koN>rb1B#>~{ib25XO~cA
zOaV`F1)=B39YvAl3J4><+g<&!@+Y0Pk#;`^xt%aQZCxyi$u^(uO>UcOw+xcq5LSD1
zVksFGpQRjL$mCuD`9om&*6O5^@<*QKy)Xu7r2lc?wHf-=^b0myV4GCgh4<)l43E+_
zAp<?mlph&uVLqp=vu27pE(kR-xzBEdyWH#Hiy1%NC6Hm6>C;|~)V?z8F1NnSIBFw4
zygG-8hq0`O@GEU@7v?eF6^`&P`U^cggnc+0HYfj}nQcDlBJ=fc$Ln=A-Sx--5JO#r
zgWAE+7rGM(%XY=jp%U{!b=Z37?gF{`4E>c<mHKB`+V0GuscAR^*Isyl_(GgxqM&CK
zLx>>HO&N)eQ~B?v{T8sj&=?`+!x8i8Qxw&xV!Alu{<m<0#2V7p9cC!@l!13)7=#uV
zlZj-}{UPj86B#Zb{qjhRpw4%Df!gf7U<hCWZFzph<;f5!uxhPbJK2WP3?Kt%d*y&?
za%Z_q9*YPJ+Ta6ICOWRlmrHVA4eEEs5d2guUK%mJC8PsdqTB+0z9_i~TTB4^6WN_p
zNzQ|<AIbIoB~8%UkQVU%G&Bs`L*)OQ`eSmA@UH0S_<d^vx?Yjws+1_^Ulz&4)}Qh2
zD&xG>Z_PCCOK<9~!F+eJ&=!i)zcz$&hik~&+fhLF;(chgjUTHc(eNM4<w1Nn@XG`p
zshA#)`%Dq&d=2%%R2h~&m2`e>`?H0yGf?vvOkW=&f$$3dmOWot!G#m^$HV@SQd=WQ
zJl{|Yc^@-=%*yQ}Gbt_8G$8>h%r!UMQ-7v{RRB%uUGWD+Mv3}#(FnT7$2aTZDs@6j
zeiM^B<Z+A||A1;L{y}OBhOxxG>811NpJE%FC-}wAxO9e>cTTYXZe$rxvXYW1&8qE-
zBYf02gE)CNjEL*ziZvQ?{z_h>?f#OSYxO(A7D{aUpy5fTCBXd1?~S!;YC!QbMt|~_
zfeRCiCMmQCce5<*JKR+f`d~K762OrL)Y?vgq&}d%<x~PToa(sRGF|r)pG>FB#SD_K
z%yu9Ibp%YSI4o-0>_ujIrqKz*XlBUO=_Sf{gx<1|r%#Jo?bjo#AOM4bhvuR!vmzdc
zr10zaF>4ju-D_s)0&0Oj@&Ae(PL0$e+WyheiGGclPtXhq3X#|2+W{S0wzC)5{)Cm0
zz)OxU;hZ%`_$|IE&Nv~!nM3lOmYCWN&z~in8T#)j$JDX7NJk_%95?a)n+d7MXEPc>
zj1J)_wYGP|&2mAFf0nqojxca+|0{mFVONz^(dIjsom8r0l1g{r_09UQxa_NG{BueZ
z&9(^pDb9oPp#$ajxPrb?H1PYoPT;osN*@0k@)j<(5<J9hD0FW^9|2R$dg+=Kg-slC
zy?)@Z#r5^}%_)Q7i{x+r`gb*a1Js^SOhRjch_YPhalA(BNQ%hlDD<<$pkdEbul}@>
z!@lSHegiIb+=`9NpT5(@T4Xyq-yctN*EKkm+OrFV-e~U;+R$Ph!DALS!cgpt%;_(m
z_E`u%zzo9vHH6`fww<(MDr>i6=&z?+g0iR-J-#SOw(+&XD*Ib9lEjD0-S}@%f3p7l
zFYt0g%QTSb=)<waG1PS5o4~a?#K+gUT$+3$9=4EC|1+DP?b9tyHB-+ppun)K*kk;H
zXVO(>eiho$WC$EK0j@Qw9-ICz=8)jYzR6cN$sjwUQVXQQJAl6nUBEK>>)qzP!^nog
z2m<(f2oM$eG3qRtHPTYn%}+o3V1%9S)>!5TuojPo-=)3pAL8uwRU7q0Sl}%h&u1A+
zCkgnV;4Vc;cHRa`qY-k|z-xMdBY~1JX#N1F_f7>|+3cg~)a8YFe4Yk)UoO0)q>J0t
zn<4ReOYKw77%BF&G3bueqLahZ6NuTBE$}7>HhX)YZ_egAZ*a_&{d)6aV|)$Kw;G`{
zGuCalF|R(m`KiRL_bc<SCwzG^woNhV#Uf5=gZ~(qN@mYHns)+%qTrYejTQPMF+jZl
zR=tN>!&hl2me1-Nn`wS1-1}&l^jvg$8Vb8MzM|l|iO0nQSr|dCE3az^%ZQ}D<nkGu
z9mv9ZGVTqJFyL7d-<mZDpR@4^+-7*DY~AxN`(6+Ikj=eO@6BW#4~+j;J*y+t&%H#V
z#q><4?I1MDf{ezAdVbT`;uY2Kv6;T>w(gu%i(~&%amQvJ(f%??KfWi6>IDRF?7R$s
zSO!ZpEPl`Tw7Xaju*=OI%d-}9Je^oQihf#9k6rD6-;P#HP?Ppdm)hjJI$G67q)4t>
z8Xjhi*jam*MO6DVX5{H4Go6u7(eL$@v-VVO4#8DR#~FN4&9X0*@yQ_QILcvT(JWyw
zZ{!J^x9!L6D=Jr<5^ngSx3iKV*CH;68+m*Q{q4Y_<n@=42X+OKwx%aEI*kat?6e4X
zSU<%19j3i>8`7YEyrdl&_f+(EaqJHu@Jc6>jO)hi4-)r`L%;-*kGbp$Sx=sRYn9!0
zn{kJTiD&h3Ky!4vt(Uya3I&2grkTc@$IB(gRG3-$mTmi&#rK@c{LIN1W|7yllw!ZZ
zR<-*W@<k#fVfUm)PLU$5#ku~VI*!@%@<fiS+ZcE&grgC#lajUKy$AIlhn-KuZ|S>Z
z)_Uqpf1kUDUYxasSQZPi^|yycmOrwUxtJ;VVX~AROl`4);8cJHZBA3jaGZOSpGSQp
zT!auuDuRc_%V6~oW~>>J^&M8Sw138h3miO`mpxIi1d2QdV^I?sw>y!EQ#E(ChQgVk
z{#<Qe<Kw(#(n0bxZNzXiT+#Jwir908ljHpRuA@V{nP0RVpMV=T5~kvM|CM0%Lc-_$
zPo#GFEXp%JP%W=hm(hvSp%L!OKXPx>S4eZwbQT{DVvlDL?>^F912;;q7F*u~Ete`>
z8(W^MrqQAIta8`-p7)!%{nZ#cn`7K4951k&0>OKe_>jx|H|h5spFMX}8!kzmmLNX>
zs7<y?Ubg&jjo9eR(jDu#(Y7XnI1FW{Huio*I2^XB0OxJdV@j_-*_;Af70KQat+~x`
z9CJ<?84V|OqvhBjT7cTANV!Rp^Nf}Ib&!L}+e*9Z*_qQ#e)Z@zUtnAxkvO_qz#0(I
z`81AwBB@sYK`>XCGO;=Ch0<3lZiC33M~6zz-%ncfmF*XG%fy0g*&?96rq0&~ry}C5
zo!P5i{_En(M`mrd@P<%fTe*q~7!CW)nn|dc%Ma!8YW4T!&?iirJvglkhQ;u~2bR))
zf%!Pkd2go~jy`uJ=c_d9C{&d{*^EHIj0P9CX$Ahukx?{0Q*>fOvtbK^LZyQlZj*5{
z;dE&hi5J^5(JQc%`rO1ho5VSB?z(*!WOdBjl(WNs+Ti9H1~#=4i$`br$?~cGLDZfX
z_!>6Vp8PyB_GB-n8yF*%E^kkHd3vwzQBi``&A8fyP#pCy@nyMLreVHa_|{UUhPe+$
zH>=;<uu3<pvE3Gi6#$>_(JB;hN`Fx4V(k#*{2HwyUIw)ICDNSJ$+dHomxD{X%Eu<l
zHNWbGRu3CjKZ(7rbHGP_G*K(In4w-oUQFYdMLLd0IjB~Hr4$x>(s8mX0`LC)xnr-x
znBJ^)oXBLr{~?+9ZH{s=Dvw&x=`vS|OkBX6q9bQj@Htrkz-d@Yo8cQi5HQl@R>*0i
zc<mT@^d3K4*Z0G3rw*Q=6Sl3CZOGrBIC!mA!1!-64Zf!hZT1A#Pq<FZo=(duJ=lt}
z0P?lNpJ5b?iUaRw4`%+zgZ0^vhB<mqFBa8g5>DMH5n$*a;lG?0n&Rp{XGftoZtLQ$
ztB_^s4~m{0r$>65uA#i6sM_iOh?huQeiyp-336NEScF6BgV9e`4yEY#Y_@i`JNom7
z;ZcIV64Bzzb>YL*GqVrwYRhrR<Y|g~cCsrmgsA2^(7kJ{!IWQWCQ1gLqAbcUU#)N#
z)TE2zk-D<$?;sv+)nOcuKQ(^uE7>h5JHU6(EVI?h^;Dz`p$+6y{?e}1grvk}W<)mY
z-$7d`g{5kC@#is0_@=KClnpG;5le-kGCaZ>5-f51?6pAFY;BnAC(kTnMq%^kMMif8
ziEqAz!t?JwLvc?2Sd8={NMkSk4)PDW|5h-iXcFgu{2YQG?>j9TN&F-P(4x*;@oC)>
zxXYb)kC(<n8=m!jGt4)1T+7j93B>%&8txVK^+6v}3||YH-B0X9VD9qY)!1^HgViLn
zk`k;3wASSQzZbx{3b)J=1%i9)uNHwbz0$=c--N=k+YJg_`&4@RzM{zhxx5kJM<UzY
z8F9op20BMh04dd~Rv_t31?%h(j(xQki9a<H9A8ECP`?w}%3kbg4ez9O(s&&+j4p7A
z<;Sfm;F5-CYaGdxZ*-zlN_qa>O~nJ}6*?BTlEwocE&4&RF{>()vKOB__sa(oM(-I9
z@mi#EUuSaN5J$!)#f-@L`kXn?ak;OwXVpBcR_7eP6vHwWT098E?M`oKJ5DvS^5&XP
zRD)lNq(4$<vU+`6*gThuR{`^8$-6CN8(+vzPf?#Z-pGI2t4|`9nU@97s|l1+OEZ!J
zQtYpQ7Xv+GEzj9|7jNW2VxN8N#?!L$lw~f8i3&P3byILH3Xb}eOl3veyEZFOhS*e$
zDL!e^A<?QrJC8o2-XFc0AaaZdJv=&0hc@B<l795vgG0mPux_$JsfyM${u`2J<rq2K
z^Dgg|t+nB8NOXKbCJ%>^t)?u_^y+jD5qKk*vzdk2w%R<??<fTx;(lU5lRs9j6Aqw7
z@1CWeq9Cxx$+qUao*PedG{SCE3+YQYzJ*~SPoRfn2ndv!37tRu+hD)RqUNrKFXRlY
zvdYZVW_d&7WEdBV=)d!eNP1re{>oy`iBZ{dr5oix*bd-%kvxx&QQsts{p;UwDPCB{
zGGdeG6Q5Qpz9P>pi|<=jvUHadYu|!{<OZ3CzWw;FuD_{$R6ZTtx0e~?z`c2%PCg~~
zg6wRcH-9;xZ+s2~Ll_rX8OXbpa#UK;JXQ~3Z7`LguwZRET4ay093?G1Xn}Y0zF<Bt
z;$`>rtbSJ_*o?EWh4nd~Ps45&sC!ct)s~TIfX|lIOo#E>;*FG_C;<U&eY(S6RlR0o
z0#%sr*pPqJd~a8X{OoM26U-Fxp1t)at@wwW51)BY#z=fu!gP`a<@+Mx{-vlI-g#-V
zbS-(`JvWQOx~6wRfo_Jj#WtoBa~Ipc#u}77H2ChgyL#V-BO@}1F747Ry0A&e@64T3
z(y>b7FyJF03#HnCajRI%Qr32`O5wmd${X2|Xa5Zvo>&d>$CPbDe2qRmDs|jox%cc(
z^aY&y^Amvd@$paQ^&)Q&oBws01G9$wTTv+X>F@wqG~I=)U#+H{aK|;?P;M-<@HS2x
ztLc9)+kqyoTGgWK{7CI&6=3q#TZnjeM%Dhu0Ms1mvb?>(x-2*2r9rdwrhIH+97qT~
zAin-E)_B5P62ZXGn;EUF1ocR~_X``Cvdrd`i)=>sMR&gMwW>}LjedP%vh*h^PAY)N
zqCcB6Q!qN6wtK+O<im?q5jKp-Fmd*bl@!+vXVYaQNPg{6F6-BP9i~Steai$1-%G{h
zRk&~kV#2Z1pYiPKcU4T{rozL@mqaJ1m2!e5N$|FecXCC91vYZv<mKU(0uDbVkr~}y
zxc~Mu>7o>W^hw%N|6@iUx~pAN5Nd$1Q9J|qf^&V;O19vGx<Jtfh6*U=V%CN-%smT}
z$<DMgF=J0>2%CQ^cedZzsR|DGoqmg+Tqg9w>iHH0b$SCWkGAQ6>A%pbrCfB9sGmy&
z*V~=Z^y@!W?iKNzH+b#Q!#fjHgY94pGUmuO6ejlf()$XH5(lDXOTJ>)8M-YbFM-20
zH<|=&Ys+l0=(^fY6eaUe)uU)sSP)#~hL0RMD5)2Ar7r6_yM4}VH3CcJ^ES^?4lwH6
zoW*%s`wK7~^}%A&ML}@g#F)k06f+(_vnfQb%Rz7)HdSleD(U%Gu51&DH|UjHTBf<V
zzBBClxYz=3;$BfETrTV^8ia$xXd2QhtZo#Tu47bOL${%vk)hGHr|%)p->SG`F=eP3
zg0{_&)5tla)yVX+snfOloH02-v9w^nt&d0Vfg2+I+xe?)yv?jxt#{)uF{{!|vK_f6
z1a#O0n%3Y>{Zvux#3e%o-O)Kghz3(z4};9b6n@VQMqR+!)2Whlv+=C_Gt1rQrnwIM
zvKPzN`toh#@^{gS5*i5s8X<j=#I};hF!tCwbG*2hg9qlx_&X|8F-o!B_2-)odj{Se
z^G|;Wm?mBx3RGhVSvpDU)DZnCcZ-e$TOU5R_%6dvZLQ;+#}KxHEc=uNVo~Tq!t!+(
zj1<CH+(M{>6O?5>Y5lJQfHbHi<%>~kZf#GT(4mu8#h<G;<3*}t_-qEpth6EI*ErZm
zwi{JEZ!y)4yk`nF04wwv>5j2#ryi-RxUzlgINQxe4%Lj0w5RBCycchPaGq^e`hv@k
zls@lvbk^9lrbz%ybe{g#5uCf>7r|8p(rP{yVa*niw7Yyi_7LHa^y7qUcv8|sJ$i?j
zv{%^A#AV)}c3pZQ*aP-xLHfu3oKINyUSZ78&H9sr$qFEvq5COg{E}~0mepbl@rqri
z+0uvnk4@PoE&}m0{Rv{_^>$o`(A0)-uh@7IHwjd!Hxvn()gk7obJi!^B1kps;1&(1
zk0041-=+@eq+JOB#iPxR4C1y`sjv=_n}gr)T+!J_`qpV+(~_2|Ak}nSzDI#qRG=cZ
z`*_NNJJU<xqis?ynlKIYbJB2FvmIapOr;!BK8h@h#hqZu;>J{yo<ffoBjMcqD#oX!
zk#3*(1!=}5u%t-D8!h$IYzJ}mNLVX9z5hOWju~$1<T|q~m)ThXS9#b)c=N9qATJD8
z<sp@1f<<5PfxnV=x=}WIxdJH}5XK(Nmg1&n*sqjSB>TTf>SwJ;x$gIW6HH{4uH;IO
zH2Ib?3c*zR+q+U9JKTjoH*h>(l`v#O@nG?Kh`9~Nr&#gW5kOI^&4_f*-1+XQ>^@Lp
zL37T9-Kx;{n>vEw&t}$jzdiLBf;tx05jdG4>VAoE(9qW9Xno*+A#BL@QKO7^4n9No
zBvANA#g>1paDw~Rm-KyTCMP4n{)*0Tdb(iVBd}@5MfX9wUmETg2~_)M6waY9<<aD0
zF7GBFXY{QDsV;N*u4-*nOe-WA_qha90V`{Hw*eE&-U+$d5S+bTJ6a9WJvv4N^fEYj
zCb9(;p1aob6wZfzp!SJ*k<zFoHj41lyjmG>I}4)agGsK0SxEN6+<`&LF3pJ}fCiV!
z^k<}9@OBi%I^^ccYi)Q8TCs%k-ZO6ZT`Ln{Ks<u4hzneu4j@*cG53o%MK@W+w$Q^X
z{Eva+#2s&f*Xp@2`WTEH_HgSE4Y?lAgx#q<p6Wv+0d{m;HymtxL3EN&!$y9-YynFI
zF9)?tEke?G0giBFYrun*q>PhkHt}5N+YB}l`nYv$Z!+)X8=X@HSZ<iCmZPci8&;y@
zd&+f#_zQ=!N`im)comCdKEl%n>+F10l*5q9s>ha}aoQ4(oaMbM@*4Pw>v`0a=ju&r
zTOu$u{p=LufSfoYXfSnL%K7Y$9EtcXU((iK-4OBCYbJ{$ePP&tf+ydPP6;E?RTJ##
zM;YR0_fOnuAmNuw`F}aW-0u0Z(oefB2gHQ4rw9|f)hd$*D_-T#^cD}QtEr0l?m-jJ
zmAzZsx_WR{jFr<TFw3xnH!P0*YT}|r63#M$tIXSjGaQu4y;qy*Q0ne7xh-`Ww}sE{
zp+}9!_g3K6Q#w2t`CSpi$~2C4vf^7A#y$NIB_Gyk_{miMrd8MqD(Eo%)G|NX-VXEo
z(e=gAXtMnQCf`DL1Z?u>Rjb`EyFp*@$t@ecI#HQ0a+W7OC}4*CpMFAwEFG>&T;>7~
z(|_nyz%DZ7krSk(x|O7IVKvltU>}{8->Ys3DS8V$%?LK!3vMXwf{EJS946_Z1VqP9
z3I*A85{60)gh*nt_4{SXKeJ`wL_)%)GF88FJz!hOZn?Ndaq{rPJ9==#)6?Q5>^HYa
zd}_w~^tgVv)e!NB`-N^WDIe>*MIlc%68VsNy?4&U<<Y-nI$;|Mezb(B6+j^D_CkYW
zL*-6WX00~Jxx)k_sGG(RY51l;;L>jL`(-NayV*&TLL0|?1?C!!_>4QADqbb@ZC~2f
z?XSKVuMvjzV&kru1|}y3XakK!J!-=v?^^#B+-u4ty3-%4UiZ)KZ&KdT!%Yo)^)ME}
zbMjM-goD@Wwyxt`)6Xswp!jyWbHhh3Zt19lfx~-rU~XEo)PX41OS^co*I{QBVZ6j|
z$*?R$ktd<p9pAwRcPTc=4~b=aq;LIbHm1GO*M$TaH-lLrO1&d`DUV3*=b}x+S<U^t
z+!9_73a=Bdf$;GnGaQ~KWIjy>9*jG?i%voZL=r(GtASH*)Oy>p*0&(`Sx|H)wg5@f
zISV0O5c~l%0)`(49*#Tc6<b`h8c0_fz{S1?yN{rLE89}rS6odt`6(zRRue_iPUBBF
zd9b;IPeV885`4Zy+#%6y`3OAOv%wH7RY@c(;FIX6&V4u7F*zJ!iL1hDGM`6l<9^`Z
z=<qW38>I?5!WAiGh3_6c9&M-o@PllkLhEuFzHSo&SH{Lw+R|@<aIX=LP1U<&sEN3`
zuaE7!znFR)wqz{(c+s-A34FNcQo=^=r0DAnb<vnw)bcsG=ppd;%~U2<<{Q3Lah-cf
z-aRZ(<wIKjOc9jrkpiWUhVU%ag#QxEGt=>omIk@Wsr_AIOvQ*;8Eu)5o+ET31$pWQ
ztHsWk)*}j15lzx4(z2O`FH|1IxoDSLaVk!_>tS%2nm%)V4$uHp#}v&MdC~n#TYcZj
zQ}p3!PE0qf-M_(JhNjFQUb!dY$?6-b?&0k6Frac;>Jq01G_(&q!~99eo}2$#dE_&E
z0wYxWmO(rhWX#Q6iCc+emTK?`P-1wQmYup+uMd<{wV)oBme<tm)O{(dDEtLAdEq4a
zkuK1FYvDbfhl}LX)K8f?wFJk)c#f1Uf>ood9|U5tQ4F2lPVbg({@iAXCTb;;R3}1%
z+mI$m{~_VrVdd*B&l)FZAfwcQx#uoJQr)74Z_c7B@k{l!HX4d)o<OuXkBho6N6sDU
zLa&6SHuAFic-Z??sQP_{HS?WE;Di8+tYz~Cnh%2JCim`MKL^%21Xi6ID<Hfd*~!9J
zz*cwOVVrvH;;h=AVM5n9)ykuu0D1Ze$As76MEck<rt9v0OQAE${Xc$mai0sh?^=DA
zF`mDImaf9Vso(gTY4>vMAC~vcZwFqB$S_u*+jQ{!zakz^B+HKeYjcV0()RjyWj*Ik
zz0%kw;rVP9{f|_qX!z3s_l?5m`H5gCjw;i2_v}Hx<}0pu3zbjiYOeRs$Ef`|>9N|N
zPy7Pd=cJ!b@TwF1x8&kWlGzTdHI-ypB5gTQV*Dc(H%BM@s+7h}#DC>^%<_2NpMJi9
zkx7e(Le|?5eCWbh>N+5|weanqNJV|M_pI|*Gc@VxdT=Rw!l!U=-#VA-3qi0(0E<?`
zO8!?Bh|L(3a`S1DqFmMTvv%;8bKFf(I_);_*Yo7M^1<7<_R>hE5uuXigeV&hfQ2pl
z?0gmRYQ56;>z6A;i4qGv;23$_evzd9Y{nkXT+z=&2ZIih0qmiU&stLC9pNommTfJj
z=Gu9|{Xdegi(ZI2ZN&@n<&<r<Udso+HFL|!id7{7E4r6qZZ$H8W;riI$vIm&PBmog
z&+60HQspR*vt|wNNXrBmw<?=`iL`E34-2}*V(g7V!7vjFvlOSq!#|PG@!43mjhUu$
zRijQC9`_D65<f56=57kqY!ihXPMEeVt`?Z(0W06U@k^&&Mg3?<PP!oXzZm3F8*4IK
zFB7LpZm#&A^qhAbij8x8dH6-psN<d>oKCP7cu8x@Yq_}hE*&A!J))CY3~}~}^4;^a
zh5MH4!#Ik-Y{1W5prauX<g$4wANhu%yfrjCSvI|lqAg(v7gvID1h_T3WH&kGQFb8R
z@$Oy&8Z|A2cpv0bKeI0dPkA8Y%0ysK3<^64HstiQ;i@<7sJ{P7vp!?Ms<cN$05?vA
zChtMGMCT)>{)k+lCLDC;EJsffp>7gOM-Wq-DqS?xv-ZjKG@u)(Arv@ZV1)ab3>|o{
zLAxi8gsqiL??88G1py641+2p#c0rhiz<1pHn*^W>GaLsbAps|QjCPvh1EmXT=^wmQ
zu6iVnzDtl-Eb;EP8`&8q-$)75mQ7-aw2!C(P6g(78ua^&%4lQpwEOm^^ZuF!*wPyB
z!`#66JEB=c+g^%~e~S7W6(t^1nG!sld~P^+;~Zw3WpvPf!ll6i2n}6w_;YvgK0UrT
zTm{I&^7XS0jAX*{US3b_Ng0eS`WN`Otcp1w437zXNrB;fEQY>6^kBsv_Pu;sRLg0L
zCRrbXEAWpurA=L%lx*`k9#B9Iy3%nC9&ItO#h8<YI={SESV2WvySqkuiRdNE7Vq)4
z;f!4a)3EU0hqN}euUgXTcUy8`ysL1o8?dr_f?nWu{y-(6bocH6g{TVN&9|A5fkgSp
zvK8skeiIntn&>%R6ObNga@44~sP=Uw&tzgI#(%j+B7?@e?`Q7S@sOgk-RyXmTd4`3
z=Z0ALeE8}!74tC8lGuCUe0Q#t3k?e7mehJJeVtDPbiTbfhI3Imh?IMGZFXwvC)UwD
zNse1V@F6&#S1(26^^m|;8}q-3r1=yhb-&&_be#@K{N<R(-aMzn%>d;OSpH%!#nRA?
zJ%MwKl79)C=N>PJPeOXwr`NfATM;x1F(_<7fAR_CaAStElppcY=j2NHEjmd#E#5XK
zS<@hFVRUPIJeO_>6R)Z0%}%_I<k3RL1!_FbDOUz|oJ^y_n}?Sq`(v^%_n>TLPfhEs
zlvh8;$h;eR;aq-o4pBXZ=I5fpI>OF-$q6Mm+bwV3Z>N)g8g%R~ietigY;{tFgotSu
zk0KKDPX5&i48QZgf}^vr{Upo5v?txXXO6fP+2wrCs)@pv>UYz{iNAdoHN8lqVo|&$
zCWV3D=82IlGbaMizwqF)7DDQN|8+Gzes{r4`}jxCoFC5)n-oW;`|nV!1J```Da!*s
zwW0Q=BcCuIU~gc-V`{%n8{+-Kq5hOctbm<io?Gqa*$Z)vA65r%R$!C<BLN3CgMP1W
zFT$yAdO3bu9%?9~BF^4ESk=cNJ$jp2=~D#=65__GrQAl@Zy_94U(G^8$kTwEgT9cF
zyu_D^7)(srhxcD|PY2S)cor0D)5;kXF%h(gY4-;_fvHFRySqk%=}%dux0W*lLpA!D
z)=r!0D8o_^0@Sqm1m4*}>Xn7!!=u;xXj!if%7}yCUKg+Nc>mN3<tM2^B&`Qjtu#qx
zpJ0MDyQ|zuk;zuqn?r;xB$&X{eT%|UUyA1h47KRX0XPgZ7<#Fde%LxE@^7cMO(B{$
zU}^<5fBy_W^RL5V0Q>_HlyGbN!xn|)u`u>6yg+p7a6d<LSh9oUN34VcMjgY?Re}-z
z{_qUm_|0RWpGnjrI2>pHt+U3Wq-Z)(O#M^R6za7YHu70~EY|Z-$%~HxcpVN1qn$g}
zjPI+fhD-71nQa#Ei{5V-i)X)?Z(Hg<PRPz=D`G~7OsLRUgzea8F#(ESCvWr2WrWr#
zDqfVS0V3z{)wLC$<eF<whoOP56wlXTmV0Rmhe7izM>FQ%Dj(lx2<T>us?Jr^6ll4#
z?bb|}iF@-}8-y*tRS24%wB|$Fu6`(<)Lz5%sJ`h^P=3PK-xWh&K_2h>btmHF<llkY
z`f}t!`j88pVF%KB$|`fgz7&+{BZ=Ssp(~bQ7bqw$UpHBv8;G5(aK$o((<$PPRoK8&
zi9w7Nxs7fR#f#&Gj>CV{h3}SThEmACnX!jiaqb~f5z*6sV8NN^-U$!Q$y+I6ML^(A
z5lC~9aXlByEat*cJ4>bpL&(J?yKHY-XPud+PJUdPl|A`ZFiaoEE=9Dza=U&kWb69o
zLN?)Up>pS&vF;dHk?g+F8df(`x#YeZQGgLbz?c3<<d(%Z<zYTzrHiE7QJ^AndSJ2Z
z7a8(hpxcEvC&%pXShwX7*_*suXVl*~5)uFPHA&DF0Zy4g)%U;eD}E+O$Wfq4Px6e6
zCs}BRr*Lja<FLJlPr|Kkq!oTFHb=Y_x#Pqcu>$yd1>x|*Ia@+-*)i=iw%*WGfM==7
ztKA`w{`g{!uAexlO0piaiX!qZ5I;&79}y38JC9jM{9Xc`!Z~4>Yw^-m$XueL-18Uw
zNvvAxUDec1lddVaa!ye|@<}Wl5X02R!h%1A1S{WQoVJEpD?y*$`)my#nE!^3GGTUS
zAcap^Op*PN*~_7RV}8$`*pp35=6qC}L8U$NUIQKIRVEK(;<D4D0O|F7)^g&r$D8h?
z<M2C%Yst?<LuyG@p&xe`Djmi4>^N9{C?=>cqP>!Q?@}B3eGJd~E2KV&V^j2hog+U6
z^*NCU1L^ZBhJ6JkNlpHl5yD1ri_rxcxK8NF1pN$$m|@F&y*kM48>Dl_)y@DX4y%Bz
z_CH68u*YEZ2=1CBbC&vjPV|urP`H_FgHvhvg+;KfvR$EPlIYhs|58v{QlhWPlk(Ql
zmHDtvvVZnkz(Iumvyj5kTdPOM8J-TuF~)Y7=Um=FQEYD}o4boF>#t02Ul;-w<>_Ap
zlFC|p9(9vFEY}^&5hJ|TBt#7ZOj)yX`EDfsJEz$Xh5A~LM<Fna3Dp5XJ?^_NX|d1q
zpWe&-Z|Qu!s&e_UP5oQ7qm^cD2j+KTh)K0~0~OcyC}(Qk)9lyE^A#HV2x*7m-jyli
z_SVJN*SoSh@Y4OY(pay%{u-k;{fyuv`y*Qs;BtJiyZ&jB1Y0L%wd%!wBu8q>LA7dc
z=-YHIiPz!85nOm*DooW`0yWOZN~U$y@;`@xqo9LX$fvMct0cn*)NtXLq{3js3%X&s
z_;sZ9;|rKTPx*|eRr;#L%fglN0m;Lq`MqK{DtN|aEJhH?!9%g*y{^91t~m4F#D@5c
zd+d)-D!hQ}>==)pu&-E+Ed{<6+~IB&w^IJA>h7QqA4k1459x)&aI);4+fhELNk8*s
z%VFQ$l(iFsD4ymh$#iq)2aOs&MChm8&+u>de6XkVhv&!NXVcu2Okz6EuBwi7&8S?D
z`qF%0_ofgO!T?QcF3hG4R#{&Cg<nDT0+t@yG*vY~h|{OS8b69O$<Rstxr-<OIIzN$
zdVq)Mht&jjSQd79PaJ_AZg}IoX*uz;{Q^2@s(=&F$)0rHTTMI3xNC7kysYpb*u?5x
zyD(XSNAq8=gMCO#n=WNbA>{kW>yV3;JEWebCB}%io#!uE4mPlDF%zHa9b&D<cWB!Z
zdaF8$T<qykH7zDqo=2bQJ+aJ3fL2nGVWT5VI@q@A(JOl}hClTxlrkd^*tU(d|Ab=u
zm52-wP2FA&F|4AO$){HBKZFK~#6-wyeul*ZEWVzE9fpT9RmOLx-dR(n;`Q0gqRfA@
zc~Q1iWlwagCCP9Fo1{vL&H(Y_yuYsQo>W{;;pO#KSJ0RJDU}}EqJzf)x2*q)<hmd_
zDHBena$P95N61{d5i_Uhy;|P=X6V;j-+of=jIP41PvLLJ%|GEArQlUqa&Zc!_8IRo
z5#M2^U_?-nARd;<h{1yL*d<7MY-AMuBf$Iii`J}0QD7ZFm3+#$W{BQ{EjOYBGw$cJ
z*<;@*^n=v20yN&?5cu5n1Iajic{QUh@u7|B4hzu)+tImxSfcY>1>OuG*nivm%}%Jp
zBgJ$5SI#zN7BXNS3pXP*T2&?-FUM<dG7ANZ!*KSSs$WWF(18xyG#+W}k)H$uKp(fZ
z)UHb2jT-SwkmCJ9ZSA#bRVBnoqx+V$eiI3(i>lSB<Hk!Al-oR?ca5PsG&_UzLNi6q
zp&(wBk=^_1(J4<npDTyp{x+F_<d$K$t7kzUuk!T<?@BpqiN|Ut9qY>{vLJ9|jiGM(
zyig@gu{q%LF!&#}$G#|KvO&n!@auo`LaX-MaLNyx0<WHU&r~!+01~v|<F9qQ^Tv1u
zGZ?B1@OdcF*J%JICQQoA{${lYZ#tgcp326Q`P$anwH&${aZ&(OFixiEI9AN=D1^PV
z(VA8gr?gmJ>)K_8b6}p)q=Z*mG>wj*4CHpsDkuw(MC4}2;PSP)F&BRp=If3!+^VQM
zB-|E`m7{+ek>-@G6bBD0wx2rahxi{vewQKsJADjWoS(5%9!uGqsnWl@8w?>Wg)jj?
z%`qON89I3gHY{gW#@uXM;$6!X@?IP8(r*emZ<l3l7XRjvxd8JOx>xbYohZ}4mB1$O
z9eQ%E@j|0iRW@t}9@{a}JX_FL=JWS|b#+4w3h!_aiuou>QmPRlQT8^B-q*d-IsYA=
z<>XG#edaR3&E|*~;3ds1gasueLd9|*7WS=&lIQ<1CJbrV-;n)XKS9o3@P$YCQu&>v
z-;xiP>q@q=#iwULfW1uKTbS4RpD1TeJC(bklE+dW(agwpi8O<^TU;}XU^q`SJMW8%
zb^JaEhoQzISN{Iv#4iANl3CxSyNfJwf6@Mo2iEXg3qm}{^VUnYAEp{b6ywzoNGv*q
z?FT(#MaX^j3ZRJ7qv^zDTfSpUm$gQSGK=pNdvPcd8i6b!YVo_}D_eWwHg}s5o5|~;
z1}H~8yG@GggCXOyN4B`3kn4ZD^kWB0L6l$?w%O%R3@6N7xOBzQMosR0atfXQRD&zL
zFyVGML=xFD#$SnHeIk4+47?0qI8{QApTK!Z%m?r?DVew@=4uL8E5&XjZq0E+_}WOy
z2jS)=kZrB0>K~?y;(savFlGOP;%D>)A<}&!aw4;V$~0W8;S2B)tm7dkC+0UA%uRtu
z&hdnQ=Jex3jp>gHGWTRpO0y&%;7_<ra!;OPqe_Az3x%gY8o)fh)8vf3D7gC9P%(U?
zwEUp)R`vl72VE>riywcYsb7IUF8c(giS+m$ABPiEZ(dvhw}M6yG#!p$_E}9Gx~cZF
zf_bA*8pY4#inDJgG!%T8_tp~cOiLg|+OHGN%BFr(dmlJ8-<I}wg3&2$NZr4L3F_<m
z(fQVCJu1r*`Uxz52IC6gj}Lc(?>5J67Ft#L*K@LuO58RPfxgH)GspCRi-F?FcM;Vp
zH@ZCFTb5cesx)&+z5=XB#d(<1VAEL3a21;A9GywL?Z%=VXG?_=eC@)AJ3(5$6TIvU
zrk)N}zDZ6P%y(0}ruks;9)sAgHM1L^d-$TiQ^ng_X-whc)+B`cXAewlXO|~nB;@zL
zeob<&nI3P*7YHsfcp=|<;oU6r<USHA>ysSGpN@SfVbuD>Rxzd=TBB-kgi75)oSe&@
zv;|zgg-5|IBHDbc<nA-D-_$=!zzf=qHM-*PdIJV33XQK7Z7_c%qWU32oeMT|E4iX%
z@$rlJgMbJPO1Q;V745b-;|8ZeALRLmn%#NODa{aa8r&;JLoRun4a~mFxrBcUO7bj{
z3vxk{Mq3|!fbr!cq)e}>5KV9rt{4@_JgS<_|BVP;SJtD6dkFmGcrQ9pq)jr`QH<fG
zDXrd~(66;#Ts{QK9elMH<X?`I(W>2M5q9HNC%+k<aFyf9Tub-;DjSGfpQ?wzZcY(0
z0Jk(K0l*z2kD}Wvv0Uu9glHTE4^WYc=pw<-)~1y&Q>qFA)8U92md`+HyD%Rub0mOH
zfW`whvN(Q$tDoNL4uIU%X%9^S>^m-enRWrw`A6{K&F+&^xRVb?JDND+XnL5)Krlm+
zXM^bWpZESduZVRo?nrcH{Cv*H_aT%mxkrBVP;=PE7Oo+T8+}d+tG*Xlsdq~9ahGp#
zl=t0I`5&Wj=%3E&5D5xY%7kzz2-R9#a3y!Oyz4uT=Q=C{)@y!Zb2jB;-(%m@huoK?
z%2n(stJlL`#Qfz9lBn?BD1hDe_DgY*Q90-{ASxJ3=uHbB9%vP>5DL9?*2d{-;eKwu
zh`YO9eta!`A{WT!grf`x*}QB<#+hy`jF*zi|J3b?bll}tBk7I%d~fO%x+_K9+7cfj
zWT$lzL5QZ_?ew!J=!p8k;z=m=G{;AlBU`BNKDCNb*a3zzGXw7;kS^^o^m~4N7%UF+
zuBO)~j*L(G_TaALLud@3<OlA3=KV}svjGx#%iC^mw(*Iq=(bB&zm_~-OxPc<qxagX
zG>|s3cuU+s`aQCQY$Fc<YkHP=8)d(EUbh@9Lj(frafj7g;<l}ONtf7zG$(ac))@24
zK=4AkR`iYnDc4gVlD4%{f0%|X`#YucuK-?nd-7XM7puVLuSnPz{@k<Sg$!ve*|1UZ
zAPjta$p>_QIRqJ^ai@(eVT#r@<)p1w{jB&!xbMl_GK%jU5wQDatioL9iV1Y5$W~I;
z1W<~?o$vl5%;u7NkWyF3w75Fm%O<<cm=A{lWRbHBF3C6?I~GO@(%(8Cn(w39-up<k
zybDb+uwCxMV!28bO>q6`_wHpSo@P*nq>mWW$TBZwbkX)ujlvj`ghGyo!;83%h>Gw+
z=9#><N6D*#di^^eGih%DLip<*wyC6ORsNex5y#T#rPkWV5j7U{$roMs0d?MvOuB|s
z#~A6b2wbi3`&0(#FL5mMLISjWG7kX)9~LQRQN=na;eM<$TQ)d7lhy)zl@uE0qvnFR
zJXjF_iPTRW?Yw^Xa5~<c?#(CSX8B-Fmlz&~$N1>J3zu&?X-(3$@4@FkvK~&79bzy4
z4P2N-%#kU|SX%Nt!%X7Nx1x@+<x&oQi7h#)MX*3W`(x=AB|Y#ZB{^K+<?x4{<jWw+
zH2zqTW2n-8k+B#!;DS<SHj0v%p9Nq7W7rw}$63b(ivb&A=vRQANLfk7tj76A7!NM=
zTzu|j=_~pximPGzTR2tlqxdB;t*a?@^D!2+`G!+sRyn35YxgLXhQAJg1ay0PldOXh
zkPKD6AG_!=96FrsR|`3N%C<fIk)WBYPWXX##%npQM|Kg+4{kj#jHbS?6nlGi6`{AE
zop@1_IpC_6V!ak2G76Q!I{e0FKTLd4_vrzL{F8gIN3PrX^<*A?Bp!1~9+bm1ucCx<
zPYCh^k;}!Gi8j2kG2<J*d^V019CLIv%o*Rwq!K?IvGrEwh-AZe4*L{^34?L$6)XVr
z*JFj=L3WX;c6zjduw`l9hK%b775mL^Bnn0et;OJ_`TBfzf7QS7jEw7pC=tYG)E}{R
zY(=&C7cyUQqM4+tx5lg1HtR#GIrgYbKo&DcVWCr*Nj7|!d(Y+aD0e1uQ|($VUH4^v
zx$G=AGFfCPZh3L6x;*Z;e7RNiAFsQ`R7xu<zHZ)`GQDKPVOamG04ih{gBB0!y{ov^
zAsIl>9OHu)m$eI-cmun%vQ3~P{j<;T7ltqLxKhk9?a+<Z{?AOox5YbkLVFM?{^w#N
z2Ru0Jb%H^Pkyus<`ge$`fuH;D{xSS98s=#cdKVLj3qP|ieBz;53;S&@LbzzrODs~w
z5BX(2(p1G-K$j8quz+g6?ICvlbVMA=BCiHQEkX1Ht|RS3kM$Qn<GGI#7YZ_>p_>9O
z<P$mq0zK1u<3fd@@3A6Wfk)^6v!(RnI};p##HjX)s+-Yjzx|=o2I-c5*!CuwsUT-T
zU5;3uxf+o1q=<O!)OF2!6QjBv9qcl2VJ@$CsBuS}sSdq~_gA0?W*^*;!gP&wO&4pg
z>zp%I#%ehC)@~|=7NSC-LzXH<3A$1%SHgGejDU))*sbz_aVhIYQcBsCvL8lZiZN+(
zkvmH)OI7wb9O&EAoVS#g;BISjE-qJ-I{BpnqgLES6J%|W(MhSr>{gOtYvT3UG!i<Q
zbjzdKNg6Fr<xl-MvkCK#&2C#?Vr>^2D?v|+_3{4WynTE2^CYM5fPfmv`sa^MK-Kgx
zz4bdt#cff=Z-m&cd8lC5TDNw11^&QM+_oJMWzND@xewjxixaZl^G6<N<+exNBVnM%
ziC6_rP;5INL}oc}(U&Go{w{-uwkk(=Rxtr-IK`uXWyXSo#QN-CK0y7^5*?Wc5l#2r
zCbzQqsK0hSULkS+33%YRU+nhto<{Lh=~x0KT{$*Vzw}i@WGR;T6M2`~?RS`}ld`Sn
zifri7WoYXvs%tZ{El?;|$Z4UKd8~V{kqQXBelC8#|JesL)@-WO{$}hRq~KFShL_28
zL1;@QG04L;XhF5Z1Sg9@nl0b0vwZBT3pdCVgr(uapw^<`N6b@F`Zb4f$Dh(q2pfXY
z4y?6&ttZI)+-rha#>=!xwXD=PYtnxeXi3$lC>7sENIjf3Zz`f<51V*XZ%G>Yu~!6r
zH^A?M%5_^~l-+UU+P&ATbZp`R^%&Ai_`?@!N0bJAC>8m+Cz!4X;AaQy17>qca|5x<
z2xxcGMng6E<zPFq-g|B@Tq`k$>4@DLARZ{xL_=z#Mr-47WZ-x}Oj9VP{umh*_1_f!
zD3v1D{lfV14BVQk8_uuuMq^>hI*Oh=)ZT_I9cNVSr^<M^4D*cP$NzVSt)=RePx4al
z`VrpZ=5eeq_{C%Q@*msFIWNinaZ)G`R3@e!-<rKR7Q6?72&nURLOb=o2tJ(gIs^R9
zhT+V)Xa}1|oF~Rj)*@j)FnR~|t43j}dV(OB+#NyIdxqihXkG6s+j}2;W$v`E5GXwt
z$C6@~#>MDV=*a>bKNQmbThdee*Gl3YdEX6<$cGt*<+lld9>2%EH|S(=()>J5G66fA
z?swnZZ;bM!wSX6R2dRqR((2f?jNly#lYqlID8sFlS!o`~TyJVPE03*)TC-=Q1!cM$
zj{(+N-R^TGb=>PcS5Xr4X~LsQ7NdPI`D*D-b1&=f4djiG2(P=%^W>6DX#Lc?sd>7Y
zw<4{F+I9L*<5&ALTZeBwRbmQ!;%xJ)d!ucpYIBX`hr?DtT90sq&XN4T%e^HQ5~!SF
z)<J_Hz4w~_6-DNT;@)lcE8E@^DzAm$SDoiA&kF|Iv&c<}a$rF?!mB&-)6z@4GH1qJ
z$lE~0HsZ%AlnSc5Q~ia`L(NT)i%kJp&D$&ryFuKZT7qhD=VB`Mj#s(h$Ir;QJn8>c
zvIMR)`kv{>Q(v07HE0j55)2<|>M~@gtd9H%8-aQ8bU~H8w?8&mkAHH$oA;7cKJ<+9
z?1g2O|2>&iDeGiw>1KWqtN&|3Ogd4f-GtZ#D-3&X9DCxm8dvy05h_~~c)gt%A4(An
zY^^0&w;w+8je*kEtO@GUtF#J4-lgA#bihR2vV)MVvpiZn9?1Q2RTWL&i{}YsYL6^y
z4wHj<&)ojwr}e@wI%T2<+dr1<K;vPo((~aGC-}TXm$R65v&Z9jaWLGTGE~?973LbD
z@d&`fpM{1tuZ^)jdhzW;{KkfUC*{lh=D8Qd=MPAaIt{~CMxMM$C<A9yKk)}3Y{1ue
z9)231-z_9fOSd<@oh!PBU#>uZ8TEbcrJawRtM@4w$#&QYk}ePULcr{lhKN?xVtue+
z6j?gbG}ViNvln_<bG5y-lON8#RFGgZ#>MCX6^3Ij`_Vq-=5Fc-$F_!lUYjrN>L&!M
zXj5H4`ChqyM-YM@uypIlR{varK{3xbCjWlnPoC`qS?PSG6vwJwSl-QR(9UGLxVLwb
zTvU)$6h-GnV6so^(gp>g%7C&vFyI1>4Ao(^PT%#XUquy4SC2=r^8dhn{*1p78|>cU
zs#!k&S`Qc2^j{nAz#b1k&K-KF7X8_<3UODzs(^+F!pA;$q*B@wU|Kk$@=_u!@l&5v
z^x>;e$T!{+y9i|Ke=v0@-A8)@O&AiOK;S-=90Pa@l6stK*>pwEHUL||y~k|ge~|*6
z<-tz|&VQxcHmo*jnjI0v2RSYM6%^pVGE`92wJo^_@iUn>6H)CT*`0F|GDH<`nZUe5
z{<Y3wl@y9P@Z8l=SgiB%7`n9E6uh}16Y~&F1K1_Ct)s<_PK>!N^)f=guP_Y1I)_ip
zd+Xt1pLkq@o-Uu2vD(d}S9>fSV6Uq#j8A`^FJ1k!IR6(rLuo%2Q&qnG>5**eH<?nt
z1lgicIg|RQ-=%c$o)O3yxJ1g^15m8Xj%*FU=PFzQ@MGZ+uA9>dTg$vp0UQ!)@ry9}
zz#yI=kOL6J*b7$cN2tLffnpKZ`)+_fVJcl&X;v8V_p5q~0zLZ;Oy%&+myMAo-Ne=)
z(fh~zTMLd=)V2ma%?D&*gNsYj&F(En5TygNI^WktFY!6_!_};(%cF`)qi67HS$Q>z
z?^|1k*Z*UgDJE)7!jdH!U>E%!2X|DD%Z$eqt_8WSe-><b><(AFg3++}O%-A{dtgz-
zNr_r#2tn+-%|@*LLBIU9B{fd}&EsP~_M63doq~neYn=kExv^I|GZPebb!{c<<#U01
z9EuSyytUQcu$HhJ*Kdm%M40$!mUjviI8r?{+0xIi9fEC9#=M=EJCog79K1)tV;kFU
zC|wXF>Q0Ccp*Rh`FmT@|g$#t!*7vqhmHrNYc466RYbh=W8-eKo53x>N!QSqx2{i0D
zLM~Y<n|U;)@^OT*1B`%?;~C~@ZuA<w3hJr{w~+Z`dZ#a05R~VxE9ZHJe&29DnVITn
z?b4rX2}|GkXx4GVZoP?@(do`WuTIy~8p@h;9=~WJ<OA`%sAq?@7r0^!sOpa|zg0tB
zpTPBGnz7&VRB)f9cGdH)<vlQA^YP?j{f*DABEi^S+vd(^y!Jb4Ik1dZg?xtd?thli
zr@M!m`DA1B97>;_9yXkV>u{@+i1}-{8PFB`IoU}MOmsohiUI9IUH2UNjkND^GXVN1
zXO+llVT--5hkm>)0B-OK4lCN;KrP+3uj9`4#1wq_UAeV(`0X2DDSi#7!n-GrLygUV
zh<2J_WS~Gi!LytDl@+2pGbX<Jup2LQP0o%+P3O@@#VMYL*oxQJ#j8Vp{K2|_*ybIk
z-4tjub2ZzEl{?WZSN2Dyth-XMy@6XDFLH)C{BNan;`xeP-;US1PeS`Cl-*I{c(^j<
z<;GJ;q~Ee3LR(=5Mj#hs5K(r@3(aUwM=!7Gzh5~^Flg+z*(e@Iw1u+6{(EIm#SXCl
zXm%bq7s;9uzqScB;*6_7wTEaGjo6GksKW(jM~w8&0K<oi&3{!0?J7LoFef*2_km03
z{2A!upN|)jRfzA{ZPV3k<)+C!{hbB;fHj~BUMPEKd@dx2M!O-0z`0(61DDXfpYL;g
zXP|&pdj0kwe#%GuA5GsK&gT2YT~(vCs?^?U)}}V8+7wk()!wtV+EUc2)z+#RTh*qu
zirAaj)QY{;CW$1^oA2*^-~aMQa$R@sbKmDV&pDr=@aNap9i0O$u`L}S=;me$e9DXT
zzL9cAhZh{pfm7GhE^3Ui^W)~$nDwA^@I3f5fTQR?;iMM1;Kwq-C}WxCU|XCvLN;L0
zj;t{S7sl<Mo?L@$puqZ3@}WOA?fY>}F`ut3?mja;{&J}EwaY|OsONIkf3)|-D>Wht
zg>MnJtqqZh7@viO8?E4`ORigmDa)#vnbG@Xmm&vBah;)WqTtu*bG>4`owsdo(=%?S
z(Gw5cQtl>?nb!m@KRb29A?DX1A$FN#wgLlSU95mM-8OEEr=jj>ug#iC!c~#=BZ>+p
z<ou%H4&%v$ytscT_$pfP7Peqn{<<VJhIRD83FZ}&q^17m1fUE|rO3WUlbqg<n4dlP
zA2kK1L<xshfnS$tamn*C(a`W`U|Wl0KH&$=AM~gcgQrV0IW^riB6taDw`can-O+dy
z%~!M!A|Bu&)**Gc=)xvpxYTS4P;JsU*z|#U<+sIpYysTxmm;j;?B^&r2VH?63Ya`E
z#_FhCs~3lvhVG$G{!5}iB&2Ug{zB#tu{_5Q1CAW$uqMzDaW*SXR-p20el$ZE-N}8$
zO`EEuN8U$nbk}Ogcz@)bn>v%95t}PT>a}@Kx@~Jx|3V%0I|^^eiZZ>sPR|$_Nj`Y6
z-&M3E6u@m7+&g^}#DmKf&lxy;>;K<|)j8&1@Un-#>$LVC9SJ*vWpA@D9!dcsr47HC
z5;`t_MP-9qkY(B6;QmNc@Y?qwef$hlu-BoUJBDm(jgP1ao9Z+VIqJu@OhZRtf98n-
zx~rhL4Qaw|%vp}g%UMabT+y=iR)JcscyQmXJ=7a|UHq&7LC*p!mDt!(P|i9PD|Lw-
zVpQ5(p;A#4?|mrqlkpZSw@O7#e*bKH;(U~etS{!XpAB*I&y}~rYxP)9i6?g;M(a~-
zc(Q?3*$A=KxiLA+XMdC7NLN4>_uRr|N&YV^j~|L(`JN9%KA)j6l>9F{YAfP$<Nupu
z{kZ$T{~7U-#DKhg86CM<^zNlQc6$f%>YF?Ec#hSVOKsk58ATFvpPa@l_8i;#-`cn4
zAdhBI1{&Xrzlj~=Ogj5WP8WfdGw3Fu(g(PseKw&u;do40Q0HH$@q2U`^P_KEB+6$7
zOoGbZVH=@kdFTIPto%j-jx5FE<pTPzYHS^qC-K4tV$yd%oqX%CCmu!Jo!tvfB!B+>
zV@mH){d&hL+jEMJur8vdZqvEQ-W=>^XlMk*e_=d>q=3r6h6b{j!+usdm#p>aL@1v8
zgoEcb(J=w~<o`y|)Gsm{{NqJF-ujNEEMTOv7Rec%4Q@p?nSw>Wt<6~m5T^$zorUAl
z?>)EXE09P;616)vS7R4G^kqp>yK&eXds%Zn{g3PyLjrPb2aYHI%CQwGb;X7CzwnR(
zK3sUrlDT869)uI#<H_EsVW8gm^WQ<qSpW1C27QrIRyYtw<DEL7k@x-}v(%;R9gXr=
z?Mnw66D*N(o(0puc+|no6HT_Pj8nqQDcm^uXOtfY^_>EH4!T)?R!hN`#p=)W@4bzA
z!zh&TDmjq+?Yibm(>uxUy-u02%(xb*4{BiFQVRQu!fM%fvqmYR0rZgwPLMtH*YZQ*
zS`SGF!|kKS>IP6QhRk8@E>mWNe(y56XAGJU=6RuqTl^t~Y((pSXLM^0zKkj|1=4W(
zv2}Hpn&WvW9rCb-$uZ~(3ZI+ed4wsLILq$O74Dehj<cbHS~@B2N9#RR(7sS0`vbA$
z^?F@0iS}bFeh-rr@JACe*vN^#C)>#M5|-}8nRv{rt*()oZD`H2A|~Zru|~xK*|~5J
zMEA|vvpcL%lW6GgoIso5Y;PLHiqoETgSk<E%+2p0T!=wmPc6@DxA<*$$1PvQd7|}x
zuU*1^7lKoGD0*yS2mku4>6HQP1$rga@D&8E9;v^Fzyrb=5kz2QA}x<<hm$%#h~;F@
z#}Sae6}CQxZ&}aGvro+LGU4`4`x3<?AYh0C^T*}L1uIU;8_WvVZsG`a2dq+9^QBGj
z`PO$2n-FRLfAT7wXV4Td58#fWym;(kVBp9zk3?xZolAU^3FeaVKQ~4qvvs~6Mf6U9
zZEsJf_rYaAF4i9f^7`+S0AUUmnuP+HoX_AybUr19zGYr~NIK|%8nkRarA#6Vb6=aj
zZ`pq7H{rl%+rX?q<uJV7L{?X1*({pOXy&ui7v)rC0J?f_5QB92ci^9TPXxwdxTyi_
ze;U%Qq7X2Cy|;d+bMnJRa^%T+cC05t?-$y*C@7GAswVrB&6yWsPg4v$nXQY>!L~SD
zdL;hbw)X`7eG`x<mzN6q+}4U9D+6TITF)qKTmBOb*gS%|4q>Z|en-fQ*JeM_rs3y=
zK%S7$bmn<pH)Vr8b<>G=EuU39XCd^Za{s5kFz=4V6(DgwSo0!=qrhQhrymJ)3MR*a
zP1rjIb5-D$E7179bd%2^#r!A=zr0J;)}yuRa6rU<LjfS){Lf$kqRfkpwDj;jKe>cV
z<8rb-Mh<h*4?PS+`&@uv(QF*m8(7!+ROcs8NaU}LZq(jNT0Lh_XsakqW>CzVErKOv
zi6tlJiZk8{{50C54cm;$Zq@V{dp8#{R56??`XyxhzLM0x(9`$kEWQQ}<)*Cko#Y)h
zIiF6~FWwD+va(R6a$Fc@ldaJ@%k4ekU?bk|VBSu!mK~NG_^ypisTgTP#H`GL(2w*F
zp#9*2xAHg&_A`{#lZor$YYncwDK42Hbn`IHAJ%0c%EvNwS%%d}A_Uv#UJfsQHqpcI
zC<DFX@8Li%cTT^?Zno(APZ)|me=4$enf&*;B$MB>%ae$|22b?<xzQ25*oqg1rnl-W
z@-mtRLf@evEafDVjnt=#h0S#LB?1`4LUKaT`?UP3Zbw%?!G`M1XT~f6Yb@o41*ywk
zx5wXPb+nL&uz2tFZdS3~SuPv`>Vydsj<>Q>BJxV5I^}Hs4A{QD`A<03KS^EFdGFAp
zIB${aKk<mM1v+CSSmZEN%s~aza%W}nXlVTO`q?B~^&Fx`i!`_85jx7JR6}TCUXA4g
z<89wQD48slI9a$&G~)W^N*ZulEzX;%*4GSM_+#06#gMg!^0<N|QRH}Rz;|nR50S@#
za8ytG&8pxggfZ6YOGa^M2KKyRd_chCRaU25<u=F#ta#ZOD&`UZLgJ$;ams~T=s*?W
z(<{r{ogIifM(^+P-XPcpyMjJLz5c^}IhEHwp$$7g4P5;IS7FbnYi@QA5<vw+)7`ev
zyOP(*gIz0(35q`FCx{c--{9(JNb!+}#(FqOt9PE{K%6~xa|@om%g_ZqxQ>|x74Xr0
z29Zc!R~dImCaRN34|NkIK03M^#R-0-m@si3H%}>_PUWcVC+om1$QyHG*nBqsRLyyy
zgcar88@k*>;f|9xzC%Njx@n9!pi(4MYwW|4O<vcg6FZ^R1}XiS(8Tgo2EAlL4}~`r
z|Cy_z;VDHwQk`a$U&90b%$GhyUZDB@ULfE6l?G&55Cf37B&@=p#&jJ0TI|=|H-jh?
z<r)}E!)N(BjtOzb*1_PssWSrDs*!*BnKpcoJHPst3rBbE(w=9*7@Y!2*r%s&g)+r$
zBd*&&M80Wd_ZK_^Kq~;T4AFyXc2qJK_>EA^znGCnr@MDfcYo&tDcsuJmLaF)F$^c4
zzd(f)Vg?WVzE^Hq+pvJe?3=aEcZP%pl5<nXmOiMKgRzI3IPJVcO?V!2CqCt6)3y45
zd*oIwS#}!5;1m6QIJgMN6tnxX+)_U@M8#t_J!f88#lP98%0wYwZafP?TtW}Q-4ozZ
zAN=BXTzjr`oHc^xT#?aTd8etx+mcWWB`X$|dZs&s-=P?G7iE8V8#j)<;8pY8a7FKe
z=nHDd6!q>vCa8c~3`CT3-8w`%>~*76NbD<xj6(<q!Nu^?>3)|C9P65UKrgSJ0XIZu
zr9w9^TH2~lb_m5ZeijG}jUr`2$#>|(A7!Nxmw{{iG1|gcYF9r;RzpEreGEEOf|!8>
zrXS~>_)InJNywd7<5I%A02=8%(q=5e8u@+3B^J3b5C55CDSQZ0eXyODX;1+3+!lVL
zqx%Aap+fQeM5>o2&_D60R^MKTGnlxLE9!+x9<j~=x`25oMz4J)-`(#o6yPa;wdn;b
zex-Xa5bYfo{Ay}G9&LVnCPmHe*?@Cp@xYZEi7M|ShQT8=SH&)UQ{Lw@e9qI(Y~<wT
z6QTpJ<`!7vcV50I9=Dq+zkP+=UlYFn0A2;fpH?~q?N1ed6UY=FE*E#Shj-xr^xqT*
z&ZO10#n_L)+ljFhJh-JGFCWqM?1QDS;bhfOSN=u@4!zzey~LR2D&UFoR{odK%myna
z4*N3@p<v$8mP2diz3(9EFa_0P_Lc9|u~Hx7mg^d<Lz0A0I{#k_AaeH$09!S>^VTQ?
z)8HE!9)6clkez>JC0BdCUR$_UV1;ib_mLJK*Mrzkg}fTXgb|NkPccUv-Q51q<!cjf
zBm#V8TZ6#4e4UJDQu%P}CK!CWl5QbJ4E(+0>oNsGaa++@drOcAe*dJ`cSy!s63Zh@
zp7mM$&~K5641lTwzdUGD#Ks6^Uvr-GkfQ1~pFD(q7wy^-k?~p!HW3wi>y8=X&Etsy
z%;lQCM*IDAh7{&!`vkoN#HT!*^c%I5kyjJ!%Y~QfTj0V^aV08~Xzz<_NWItQ{CG>V
zmKrADHOg{4=kIpAbCHq=sQhjZRxkF~_Eqtk$2fOgmVrKCyawUbe=+EYhonl9W0X`@
ztmEByd+sp-$gGh*qTu`RcjOzFc0z17%i_9hXDu+aNT!EIOt(3k?@w?)AJ1uLLw+_s
z$K9}zO|aW(*g*R1BO+ZEDfiXXG1HE(E5TvC(!SaTV?yRwT&dzu9)yJCg6~PbXX|>O
zJ#2Ey4xZ$nybyNeF31j^ywKYdmflk=Mf!8NS)>WPe&vo0G>~*dX>nEnLP!eIAHv6`
zj4k8FmGzDj^+j(l(ZKo~NJ-~FS?}I+y_}Sg392^iI8ra(!H=ui&j-Io8lkSR?`MKQ
zUTl4#PhuDFFF5xk{K$R;s>NzYB)sd3r%7dOaz8+4?S59T0jE`bf9Az<V^;~>t_3^-
z4$`(Bk~(ocoi*YEe>-iu6+WWq`)u7Fc#-b5+(vML%+Bvy+0@e=t%Cb7RXHyJ$X)y|
zG<!t<ZqV90Kyo4Yd^=3tK{q^w!q=iYVtadITl;1foa_Ts$XvPykB%6@Xv+^$uy4pr
zF}Kp|>W5HpGWKv<LB(bM2U|>1=lTzu(2)-?xDz&#8r*~RVRHLXHvU?z+EO+$7IT&S
z9;?&uMKfC;sK94l_$8_CMA$^|f;O}m)z=O*c~4TyC-WV@xE=P0Nk+piVJVBiNCrQ*
zlFs4aBoz-=?R$#tu@o_&ZWC&X&Fe+#Nnk0DDJIVWyGn53Ey&@u;*kgN3q6pOZHRu&
z@fhmfZl&DU-q}qt&XW@lJ52+hT9Cf{d^GJ7yWpsQ@db=?EG;=%i-e!7DWWN;KXq)n
ztu3=#BkqElI~zXAKXg+K7&ksOxOs|Hjkj`+h33Ufo~F?}xv$wv5e7(2g5KmTOgRnm
z$3fWQazIyqDl=D=by-&^^rr8<&UcU-N-c|M#7sM{;8;;=Lyst}!g0V|y)zsp*3s@c
z{MFx^=`ea3_f}^LyKANM8>Zo_lWEPc)tib02060rLFz$;;h+)l&BWYPzOG*jX5Mm2
zgl!>G?(9t-zxavMJI~dkbwKI#_aM~*;Jp=KurpOlF>F-5GUN7ykNrdktn67LF)Twn
zf+pEIfusXGWMNZJG`F(Hp2juavn_BVy#;cxNT~@>tx4$qot~x4hFvbpI)32fQm^$_
z&G2wvgKrK!D6laBB0o|T36Ncu@oymJ+ng2rYNg2{&BLC3e4&Lr1t!rv$OhP8r(%KU
zpe$R_QNZC^je%<6ku6#qd(`mm-$3ZC{pG^`A{fxQfZQemdME^y3cjkVG<j}h7~cWi
zb<u$32RDr4Er8jA2z!ri{85^ql0f7r`oDQVUFDMg_9hdo_!CV)Fq2~SOhg8)%(*~g
zi4g`@H`$}Mz6P*xw>&VK5g<!`001di{J*1*1%Z6!nJq}}n#K99E9Oe%d|+^4F?Ipu
zyP$FefEmG62tJGCaBK@ayyzL(?F1;zm1qzayKrLxD3W6SKC#>c$>`>}HX#|2CuAT?
zA-d}_aw0R(P+}~GB*SR|xZQ%0!AD1A+!=_f!FR!22%reLyO|CEvsj$<GxJx?;%`jF
z*3cIU$0Qy7aGVi^JJNv9F(x<y$;#tyqnY+N8Z%P1EzNPw+JtqcC+-Ow>TU(X@CUk|
zd93J+=RqG@10H=F<%r`L%xA1L$Ic+|5|A%P3mdl*?<`=0DqmVL5{5hROeo$oBWo~Z
z=0}i4ASv2ohkEjoh&kaqP_ct!Atmz!qZ4<a>tHvg`=4Slse6S7jwQB_5<khZt+Sj=
zeS!5+QJwh^7BDkxANyg0%tE$b_XqZeCsyAzGg&(q5E<2rD!7uv&kryCa!UF;U`@_`
z<@A0}`9P;HSgl8D_!_PUY}MF(%QAQ1t;tAoVjs9UDJ<p#Y}ss}?huM6`#yZzF=MPl
z(Kj*CBXH0t;J-S|?c<m<EB<)I$a!tB@$2dB5YAu6K8>K!Y&%*l`h*==k!wmvi5yuz
z*J_uKT3dUliG+RQi|kE|@7S9K!a6gX=P3hSghNMJ5$Bf%dP5a8rT19E&Zj%@y|0FU
z6JwH{n{c*mEz7N;+8qFvh$hGlBdlL|?;D@(yTG%k-7orUrS3_`aInbTkP^2iXE&<g
z(v4lUNA?x`lHbC5UhIwuWNux}TdK-7XxIBK>B@wn5+XCcf({_x>uiRyO~i+Cq5lST
z*FpylKtzCJ9^T5Au=xE53iJoMZO#MeTTxrh=u77(3gc#WTPIjJ`SA5gN5(EB_|5C^
z(z5ZKlpZKh?a7*f4JK@R^78zm{|clJ=>M(rNnUQT4K2q@dRV}+@m#mwPItgki*f3o
zNRpp)=s{&0_8tFF?#27S^{B1bwicl!|1e>ASkuxTpuPs)dAZMJA#dl8hnD*>0HdH(
zK>XQ_fm|JVF9Dk1ip{`k@on%)@@=uzsz2LPm}~FeSxVVfW*Oug2Z7JinvR9@svPOF
z82aoxA1`<5oBh|A8hmaj9tnrZ4-s~NFov(=9&?t4=yX6tL!hjfl&)InReahL#&P~5
zK}hA_J!i&|@{l0KF+_@pen=pvvaDvxj!_)*Q||F%tm=mojJ`V@t9{6h{mj~72TP}i
z_iV+mg1@2zeTL&<pqO6=miruMe;xDEy9vCtNe4GFKEv;)LjM3<8sA@u*=s!Azaz};
z%j0~7$%D*@#@^9keEh2s7bB0o%zpR@M#-k{v!IE%<3|CzFBclQXii@OSp4tH`TBgo
zVCb9Ha7Nzz;=xQMN7~c0*Lkz9%Y=7Gdl3J;PCqinC;OoFVvoq_r_0hZEI!F|T&)!-
zt8ZuEL-DdaP{D^FDQs~>Ha1;$Cfj+strUifh;V!BZ{xP0YkGdr2{4ub5+HV&k~xH#
zHvNl$@Zurvgr;+kJ^cb=+CSZd)jJ9!?sS+2p(6AYzEh%$+~Cb0ly8p}J7@gw6I}kj
zs3~K=;Ijx(g3MN#oBTB7P2@cQmAG#<3Mq0fk&RcESkKH+Qh6h|QID?vR<8sXz)pL+
zVthjg>#wzbrh1=s_YtF$iCXQ#IPq86suGim@}&Jxm2KBr{6i^+f_rhhTl`|~Aw=d4
z?{D1=YFx1yym+Vh=2I@<Sgzn3Yy$RFd@Dub*Ru8T54bD#M)$f>%;Q=*=W)>6VPoqp
zN_fM3I}*^nb`!H4VgBYl=tgDH@61x+x$be$&e+j7t_loxgLBUHunm@uuq=H)WRf{Z
zBV^W*z5w>E9J_=X^Y<pS9mec{L!>wdVrJ-AYxx4`vODD1NWe<!sBTC|GA&W2b}T5c
z2w)5yJMTcTE+HKnUk<u^G0I~#uXN@{Guf2){VLITt^4zq6pUfbd$7h5jkCh~;%cyc
zIcbZ7B<%rhGI}#KZ|G$VhtEnjKv4*m+%r#l0qU$x1$mIen!Cd;jvDkd3+@KyGur-K
zRfw+ZzXnMGRNNo)U{06va7=g*OQwQ5;Fq17UUOj2wT$k5Ph2!yL;^NA!E6i1Y3qr+
zKtD`~yDcE<DZfKrXESr_TVJ+Sl97=2!?@zJ;m@}ZE`2XQbvxev8@#{vfiOwwYk18e
zH24yfR3RJ*zIUQ6ocYz_&IyG~@J<^M5W-NGOl)k{Vnw`(78k!1womq{fQSfTAIOJJ
z!iV8K3E)puMkvQ9QUg{7h9ZtIJo=l$M0xF{d9=a$nGqVoB%7{Y)^<+;{CIOg_?BWX
z=eBfwELU--1mKl}b++)y?T87N1+ZLfG1gOTQtTd#=2_c~gfS>|VQ=Owt?NlH-b{_j
z+iR=j%?7$^$;8xQ=Oc-{1{BF+AjB6L3E!bVI{M{ZV0t(KTF?-4C0;^KEw@GEKTpIP
zEQ=Zz5^>~-F0yD1jJ%kGi>6y8bhjC~e%OaMe+M~?fA4Z`EC9Y14Q$Vpi=U$^%0)f4
z19}4w$#R?Ad)j7goE8%bdDX)9XkpWyXuNUx-KPi$Dkl0HsVBk~r?8wDBLlD_Kiul>
zFER7gxW4Jn*@{h7;t#V#sQaOVaY~Haf_vrEd=_6^=c|=1!upmsKOVSC0v4BgSrU|&
z@|RPG<$lZ3AC8LMp1XV~+U49}6}FHM<TQ|7bM_@V!(jGAk&&CX6?AYv=8tC>hW;Do
zKYnCIzj}fl6g|XD>z-*nm0!M{hP7fR7_SvAJMHIei;TQ~c2A<Dn5@4DYODQvd?;F6
z1?-rPkHA({!Tx~Wo%ZbeK~jRly-Cal*U}d&P-&RWW@?uc8DlR50dF(`Z^mGEg7eDO
z(R!KZs+H5<4g-P^gZkT`fimOQB@?KYJQ3sXZIONohYN?5*5@2HU_y>-6F;HKm6}%&
z>y;Gxi^KQ{M<x$)?1!z6Qz~Vc<HwwmfU`im{_s4I_si?>n~qE2rK>4zVg46aF18jH
zco*L4Fu6oS(q#P;*-Zz-E%+3OE6F5KNM?6^{)&!3+4Odw=Zsx1Q>;WaILD89aYF}i
z!~qO0J5PQaTf8xGFvMM82NqmEFh23Op5&-0{Z{SmZTsi4bKS2bk%~QSkApVv?pA&0
zROAOXtyc3AFK9<k$}fmPBwHz)lO-gyY)jBVyiv>1ZBsyD6a^Cmryh=`x>j%A@fV)6
zF#|2%{g;jnfhU4Vp>*FAF^Ato%^7m3{sFUlT+fc?Rk$e?IEwQsNL`*2yc<y1f@fg=
z(1wfz&N=xF7F|ODG4w)`HPFvhya8`g>cep=Sfj9l_=np28&OP1Dw9805_&150-C%G
z_}rJUkj&ndn`jMZ40|~^dhxcwO9AG0G`Y!BM-=@V|L{~4I30zaEt_IFdcY0@*3YRU
zv)yf0eKxk7TSB&fQmQ0>AfAV&14G}q!^cB41LQZp!jp><%lue*G&g!>Su8rd`}p3Q
zhRaT<<nzF~>g4=fQWNR%H+R@!@4kQXnTBl2F8MJY+KflWfp&qT$P8i2$sz$E+oP*=
z@V|Yom$66n`S+Ox(O;P(QNNWl!k>KIw?d5giO!1_=d=r;rM+x4`PXjHKCtI7AK-#l
z4A0`%5+ADdO_XF%kCY#B4y5M|1RG)i|3T<uA`k3Sh*|f!{}t2;F&?lh(s>PaLNSKA
zry2c1V-z;wph;k(*Qlo>Zb3?ma*86%HpC#Urz4+invx36Auq1uz>oFB*hTg2tMcai
zhm`DW;#-glkXz*GCmJ2v^9ZcMe!aQXk_hQ}Fwvz-8xt0^YpDhpW_oK5affcx(8T%#
zzv<~E=vSu&DtvQzh08{S)Wgtk-Xy%IUC*R^Nt<_Fp+x;Q_!AMFRR=rOhW(ra@>d$4
z(ulbKW==|MxDc6Q2NxzPem&;Ef*koY_LcMPN6VHV)%CJ)uU#hYpxrf{5eNI8o$JED
z6sspFBmQ}(1HOSoYX+@qi}r)AI@2=ADO@MV?Vj1p7+!<b3&9Wl6?-Pd`j0#M`=5Bh
z8m}zSyK)f?jX^_;ewJ&DjmERH69p73;)}%|$w>h;+)s_c-0UlaPN7e%r=G-ZZ6>ew
zL~n@)l^TaXnys_;>0$R!L1=lmZ@22L-Q<I&1BoQd<A=On#F$3wK{#du;Yzkvc5V43
zCW>MRI7yhU$`MqGnez6PlP&kljP!7_y0^*i_db<Q?MeEK6U7qd?i7IbGZ_ghWN=QN
z6+vx2R4Y2bIJ2on3hMW^h-8;mdWEf1;g6W|=}ylac0JC|yLZv7bxJ|!GtPYPctMip
zH(JN2s!`jCEGDlJs513xC>yrU>gE0C{IxV=4Bb|&B=$_$LIGM8`IGZ(j}Pl%(ttLN
zFt2UQ&9wj6k~HH*Px9;n^Gs!UZ*2I&-MvSJmqTTY#i33RVnl;Ei}ZCxBy?ACbuGA!
zndc4D--giKz~V@ff9H6Mi$eF#k$+47oPzPlxfth#qO~pzIMrO-)@mm#7fz2?gNZr3
z|5)MQJMO*E-t(VzA-Ze1DX_jSr$tJysPtlypu9j$GxEkcBva-VpT7LBc#cEMWiprb
zRB_z)l1>G6{B^>DWkZ)za-#p98+5~?MNG9sJ;Q3<;ddk(_JL#`tbq0Ui+OM@p9b2i
z{o`0qqHBhephSI1L=iD<R_c&@=xUnMAn6O`%nkqTdczB%unAGZO1yV8yT?~|+w4A-
zHH~5nJl|MD%P8lU9R{GBEk01LhO&In$EGg!&^tx(6VLm)Q7mh)V1RQUbnj%(eyc`3
z<Acb8NIMU_n}B*jD6hp4yTQUD2m~bh{!`Sj6lK+I*JlEEU#Z;1p9zPJ-p3Fn>tkFP
z+}EgtW1bVrvmE3SbqX64)+R8_sqgEFuGw!}p84Q8<F{6uLgPI4f<p{xLQcv<^d5z=
zQaIi5SgI>KTD+qA7jpv=jP(wmi0l=ml)V2dHy^alh*skZbH}J#%!e!Co_0+LVM}|Y
z)hR4x^L-{+Xuo&K!!DdyC&6I!nneb=V6lGWyM-B$5LcyQ59dLgSI_OH(R=29pN4Gq
z;tV`LJO8a@Pa0G5O2a>hgO!BtDwe(oIWG*k{&XZCHD*Sj@ohac-D4^IJP!LYIEXRU
zM>$Ge{w+o?CWY&wwDZevOa4vX$4jKLub5=KnKlI_V<#k-Jw$aOa>-r{zrDmihz^+2
zb>U1mA|x4*uuH=J{hsyhQ}25St5%|DMdfXGoT~w)#RDF)gL=?Q=Z-Re7B(;q5Znbj
z`yd(U(f`(vfm>PaW$Kr;okxt>6OF*i>(IuBCZ9^_J_!W0=`l~WX(~8}YaB?++k8UB
z9QQ)uGK!b1<dMTk#3(6AG5+JI4$1d1FS9%zSng6;oO{p>dWp+zjqW9_>9!YG%92P`
zKIT5Wvq!)xkP;SoM*eg+D!9G%MYXF@m=$2q@=pm<C^)^5S5sP7`r<+bF5W~2$N+)s
zGSYh1X4Wk|6J<5ePjG~!h2^4E=7q9`$v^p%B_qZqtze&NOS5`?-R-O(S`uD$tO*Ww
zS2hU`W^9?0lxM*bNtEN8>+4BT{eEX(0I9UNZMhr>*=O3-7D5MqAW3h{FWcpSAtSJp
z-6)^FpMH-PZSz}>ZPA<BU%!I!DV(vKgCNE&GjjAcYYiDI>#4LQi%PQ#KUTz<amtkN
z=J0M{LAAQkk9hJl5?^_nRN=)c>GN{rdF>|T2A%PYGLUN|^t5cVKkpbK=b0-ud?VsK
zU(i%(4W8f*WEjlyqQ^FoyCopqnd7L0ZGcU5rR{FVLBg&pcK*SI(YXRSs%ToP>WX-d
zl)26ex;p?7<h!i-1El?YrM^8UF)|2t($LOrVyU}$Gq=+XHOsX54y6k{W&yCBrLF4K
znw6evpTO-D*f&7ye$B-j+?AB9sTr?%w@eQ#bXZ`bN9H`B@oZqOc<WW!LWpyNGQgz`
zN(cGMM-=(Jl+<P9t(XrXcN|qD#{s~gld9woRQjU8D)gH@BARF2Bx1g={OP<J_B~eZ
zGx3SYd-hO&Qh8r@QqeQ&V_Cz{4X37r&s3<b%xCBSAqOZEmY7>F4a$__%VHk0SzZ0K
zFY(cMs+ll@h!$OZ_x|wC=zgO+JbWoyQNZ|t8b=9F*jtqFyH>4T!L4{p(#x<Zdcf=7
zh>VC=GBabedZpAcqR7aFU~gaooCC{#T8I@_FRBxc8Tx)E-WgnJVq?%a7A&zg-r1IO
zC~CS|1s+c8Mz=oQqPj3I@*hK|py!eI5~1Y4`@reS!3*#K!oS1{yBwq&YLz|yV@&TI
z!Lx63N{RaR->G>mjB+XR2Bhnqb4?(>+~DSOU~I`&<VBsryHAG<NnnXPf6tOHv!H97
z^ru4o-jWHldvRb{ETLot58fVCT(eOBpVH%ri!a+)<@{aIfys<9s{J^xlq6GkRLrIa
zUTo#t`wH;TPV+;s2d>5^B~?uP0q`U+@b-P)GT^C`k9u0s6EjWSSLTp-K2_t$Q`M+x
zrH*ttlq8CwqcgyK8X)*Z>|}MBDVaR;*cyED*Z;fhV(>u^W?5RxW86?S;*)0i=kHD3
zi0yt5_2FqL<=ncKXq1Pd02${1usp~n9(=$nxX6;Uj6VcL<YX@ebwQ&>YOmMi-2Rg+
zr1*`U_7+HX32+a(89(0IFH6}+TY5wS;Lgbo<~c^Wx}^9)Ms;Dbe?l^Ay$3r09^DOv
zk{-42H_Q34;%s5eVKh!=nuD~Fg9A`#jt0kl1l|6Q5fVtcxg6&l2cNJontL7@<L|LX
zvC4I%d}gJ*9e7v=G@p4y$%K@Di((p5Mjgt5mEhNXiZfm@6xQ`2lM=H_UAZV{ws`jV
zum4S>G#>7-FV9bm6fooCaqC#-tA$Cqnv~;UejuL*^^b06?{t%uS+1FO$a`?!IvFJt
z5I<OB5$;csYdRVHW?!)#*;nzh7T>~ugq7^3Dw3hI{79!NOK>+2mR<wx2|+)YOI5Yw
zVG0kT=#}msApn^#8W)>aaKG3Uc&r-A#0^DzYeXky36zcJ_1)^;zDgSRC|W%(I5o9q
znSWMHaF^I(!Wco5Tf8%B&i@p&zRLeky7u7KI6cc~gmJBTfIpFYlVsc@#J+`391g7j
z9`k>px~R?a?9}-=NJUcy@hxN$4Qh3;p7?y{RDTaf*q}Oz0ePd~W1CK>l)IDXv@1X}
z&was-DR3%@k(rvxsBw`~_sNCHFDz31(gW9K+$!FfFX-!G6QB5!X_pkX#}haZ?_aA^
z1r}zrfs?W}TNCMoY}<dnC>KAf(^~e8W(?_)S{8X|D0aGnHnOh&y++VsJ8~vhdVhhZ
zmMb@1wa57LUy70>p@)FnWikP$RcGw)M^uwGps<z~iV!K4OaQtAD%zN<Hv6dR#6&OZ
z@PL$|LgMaiQIz;YdvuCn4I?pZ!cm0Yji5(YH1leeBhVkAvNCA#$Gf9!xsbwGi!i`Y
z*i=H9)7f>7<aN!25PMZ!{!?!8-9jeGL%tQ2nc|I_g8sy14Lz5yP*$u&Z`d!-RyCEB
zn`Hs(d%QJ`><ac{j@dc@9<e_V9~XDsX0rM0TkNUnuVZdTsrO2Jpq11gugep{DE1fi
z6#JiCd0j#Y{VJ>}<2B^x5-8Nxzs(VXl^i}oir-*p97MWS2G=|m`}h+SCu|UdY53)=
zjtO@Ko&wf8Ay)E5UE!yH$r-dAVCJzNA;P4DpZ)FTQYjH+J&NN$HVN~xvF5UkscPT9
zPd|K9AHtk!C0IylUXd}@x6!F0We}4K4N&^VrSr4j8_SKMztaDMM|zvA1pIcLHH@ge
zKfqm^D7DT$deIq}q)@{s<)M+Q_Fkg<?izKNqzd?2?HA=pag1C4N5>0I6+aQwoIvcT
z1ItKFf3yXWo8q6d-J6(6sOUrFZ_;ymV_0=eh)vOAcVU6=F>36`R|$#BT}ub4{B_e4
zN;aVq@qkLPqls_wyU~AtWs=nLX8k<bejP*ZxE|x^j%^SSe!(c_7BQL?GbRJe^+aqL
zy$(nOHw312yTZ$p8D76+Jn4r}-iULPPX{5rXtF)c0zgE`Zr#u*RSqc=iH1A>+CJ`~
zbzEt(Z+`2$QM$~7)^X(%6?EN}`-1GfhoVZ>_;(4?*wYm`LY4%B%OoDfOKRan-g+Df
zkvC-3RwbJu;4IgQ_>ge%F|DjFiOkJn)a6&b`S+c|7GYDR_O{M%iOAm~(&$J$w824R
z*@^=^9NKkOtaq86giBoSp^7AzB`{Hzr({x>3ey}Rj^<&nVNm`{6;sT(Si)z!UY7MU
zDb7c(^B(2-FGCTZ9sg;ARquv{(S28=I4n}7>aL}xGGTtpgY<tq34TKD+?TFz;Y|Gd
zT(3hfTVh7Om&Et3?XPv8A;>HW+eXk4Nx}1w-ujmH(BVxwOMx22BlZnP@plh_70<in
zCN%^HcW8DXzuYH@8M&U}z~mlN;nJ3^Atu&;DMpCmL05l|$~_HV;13)A<RRMs(W}Lb
zGJrgDe`UZNu9bE(?--I{q8-Fp#bY@Zd&C)Wwy_mAeZCP7b2g_@yoI~aUCVvCZqWI1
zH-E%;m}j4&)zcu0@h0KbnyP{kp)R3%f&YT;fo)Q@m*@vFR&gU5!M^4=r{ZLq@tLzm
zhZQ!J8bvO1xyG;O_M+|`O|PO~cr+|CBsK9$b*DFM3UcJR%#qCen0Kf1a3;>dF`@=z
z?|-CA!qvruYDYj&_DLp~p9<Y|BM9hdY7tiR4#OkYDipJ=#b9rdO}6*JDOhS<S<$h)
zKMTJIAeBw#hun0m3<v({))EZ%uX7Jx?Z_6M97?(*I(3J>i@*pIZh=A+*UL~@nSQ)Y
z5_Z*5?9;T^gwq@X8F9pSJvAC1a@8`fB?ktt`O2lOuh2$8hMvs2tj6r!XARq*`hL(W
zhfD*_?1Ob#&u$}F=~3c^{#2y5Ti=hTb=A9>ePG?YC(aG4^GH_fdL87&&g*t<vw%9N
zI72!n_vD9JQ8Kff`_{W{R=r>HpKD>YEZw!3WLQAPO>9fI|ADc>WK_^Zs;y)m;*4H~
zJS%_AeKf;mj$&$;29TVg@^js5f1>%QPz@iVUw6;7ri8URy^E7f;e^1FB%d_??}v*&
z*;qAUqj?u99^I{v`4)Ep4ZH3E2-k?>TuU`Bw*Q(E*++RF3Bp>ma~8aq-nK>ks?QB7
zZ(H#G#F}=N{3P@(iYn~oXtFd|>Vg)OkWu$6<?&%5yU&;-<KI^gV+Bc|hzegm*~BZO
zED_t`8X^j7QXRYDB8A<D@83PtZD^X{Nz)|<=<iFqII*^?5A0fkeTKX8HJW`HgbWKA
zhF7j9hF1XJ)t}_$#aZiMUZ&<OiAn+m@Jp@Kn)vGtdVX8E%$5k$;`RN!*)cLdwY^6y
z;)<Tw?n?O(_!zi{cKI?KXy1aGS2#?G<#*U<->HO9eu|r|!{21zts*PWxK0sxAkH{Y
z<j(v{VSlPU+DkTC?M}U314knX__Ai)boL>063}xFIsB=5QKms-=epLHHO~1{h@O-)
z>;OHS9Y&{@Y*lTf2R)2O1T37v8rw(_ia}16QI82xtj|A5-HPnSKLF5Nr|tapLMxwZ
z0ew<(LMnB#PB}urXIJ=V`1kRSEl{BOPaAVT@@MGt=_C90)+Qo_uV3$M%8?;?^zvTp
z{Mdb*-bHX8zTvw}@^4w))e$^#hDR?zoH!Zd#)_+;11qHh&ziCUnJ-H3|0PVexh}@_
zTd1l$!F!_7`7FOfC{i>=;!w1`=<(x^A-X<0e+0%7REjBz#AUEv9j1imn(eN_9*D2&
zV5eI)=fw$Dwd&2+l`r2nYH%mBCLCD>rf~}{S|zq2pAJ>%YW7T0gZT8jEN=}vmcOUy
zsr7b9c7}LYCXSs^+*FQVvjB)n#hrOG+KSfRrFqKB&V&b_^iberH<4$x{`t_eA#B+u
z_fBMS%q-6D*>Sno|4p;+U!H~R@6RbGS_Oa=48-qy>zJin$64Nm9!_XdFcRfAEBm7L
zI>U&VaLxXJDl^K~==^z^Wveg2z@FjPr7!v;fK|1@Bs`8p*u2c<Usr-zTObu?g%yM0
zQR$;%Ti*>Y2&ExC7BFC_cipY3j6nFTY7qs?5~i-TU9n##a}dzI0VqkjvlZ-%!)q=@
zj*C0ykt8R0gabu-bMJB5*DN0}j_bRyfk3e>V!ss7ZgZIDoL95+7DH=P(EPa|A!;Aj
zgG#h`5zGtZSc>;B&7Vj2_Oo~RmbCIZ`l5@@;oVJ_O<zVs3$551R@yFU7q5#u9gEF=
z3fONElHRIYFW`XqO>RksXs!ocUI!$0O4^Y>ZfU=2+9zLzr~I+V2R^H=mm@L@rmmsi
zR4=r%X~@Q0*N7Y9YD15}=wOzMFG=P^><0G};LV#A0EiUuv85<AElZ~}AfD1II%<Ip
zgsGSSE{EiMNKHx<D<qL_Mu)l0NJ_~HX4ytM;5qm#Phb3O18V}qE8@6>&Uj8RU%2b}
z4R52C9Ik`@wUp_1>xq|2cubo&<iC}l>aGRZ#EKq?+dxdb-8q8tPz>e?eV3fYOKd7w
z)_Wn1oq9iwg#>5$GxXb2*}_7Ic&G|sk9N*ej36Q8>iNm9_}hSXybiL1`TJJ`6JcQw
zb*0TlK*^zu-Eu*fpMH`4yBfT7WPEw?_rMeJ1lp(UoWO|6i_9)KFS-CRgh^nEwv%&3
zS^?EV2+lt{QMo7V=Zr?52ag?H6JnM(NP_Ui(61`=`)G-JV$Ck!XeakPXjfnEEi+cE
zdo(;U@)^(ij|ak;SvvNmZ^)li8VTd~hWJ}ZQIYPpbPOrQP@F*<d*r7f<Ht@2z#O$(
z&Gh6X)%iz`nPhzw6UII!ref>qpFtqvf6DC?I|=h~9QN<$|FPQtyVbVaT3bC(((!mH
z^rj`h)bnKJk6t3iME@T~X7iy=g2p|GRFZR<iwv8)af4$gU==&GtTUYd`6KIwXt4_2
zyM9Ogl^RmT8;-q-v;zd5(Z8=jZB8n=h=B<mkq_a)L*T;R`*uqikiCl!3n~CLWAe=b
zj<Q(#G2`UrvoATQ&4kpdxmVMi-gQIQq3Hb}x(`)dJCplR?;(Mg%a$n>^EKKjJIv1^
ztX5m0EO}Vw5~~igiN_1S`u?_>{Wy3s)8nQ}_x`gy;N#6Xq}c}>yHUhfAKFN^`VsZ5
z;?3`z(y0WT{^qoXty!_5&dL+6sh6Tvj1TS%jfs>FiDh&_7>g4bZItm+&c8jbRr(zN
ziv!-;^_Hl6<by!7(?d{{M8S}CF^f!bMqA{d_IX0RA&#UQdZK^Hs!-rOW78j<qTw~y
z8cI>@2QOpvm5<Cm*9@wPX;2$!G@sOHeBC7r@3A^%EGWP6>xyc8k3BFQv++Da@D)eC
zOiG+KVEF4qf<t4(RS07s($*Y*uV)9e#MLCG&s2mf=Fc_*-KgD5@d*7qQyNb?zn=f=
zbbnp^+(KTp7uIVcg01?}w-8WL;3arqCBY{;n#q|xnmPW1Zcj<zoRFMRnB<|elF+Q$
z;xCqh<1ZVE(WOfQW<MF^2l)J&%}$XijLoJ}Rfao+{s&JX952o-5YzX0jfOL7tvVv2
zOr(lkR;o^2jnv<e4oV8E$%#kaT^C_yIonL09sE4uKfxQ=1eW46<ZbGZ`_L`W27OIq
zgU>^7W=e!!E4E#)G5P)cb<v51(z`!2ADfs@7trr!`8A*x%xBEmAni9=9x7XlXHpce
zqZncyCk*A26*ViqZ8J;W`k`OdcCX2;a1+EVNQbvw0f-hU-_Gf5b0kRO4&TKf^*)Pk
zhdL_`W13qvKqA8bN3;-3XY^e0=8*EP!q@4&IF1P_5zo^gv(pB<p*xvbmCxSXP)s;!
z8ORkZR{?Vo6fevD2`1YG7sDwufRP&)!-^lWiRgF4iq|hxzWo8J&=YI^R}81FtNI4u
z(vPDzcqb2bV5*a8=stcqKEvFw!wA;cy+oYI#J=>`1}o(41|*)GS)}=qqLfBpPPjA4
z+5MCW@&z`d&}g#PDnW}QV}QxR>1bpE#Y}E*a!|yipRZv-$~Y@HXHJ8CdP-!EYnrwC
zg<|CMjQ30ae4|;Zusn7|687U>rv=7yhCIx3+3XHa!&|Q}gm>nJ=md5J-*WU2`7EQA
z#E0)SIrD2i;(mjGa~e4(%8qe8O<H*S(JRZ@KvP^+Wz@cfovzIPIBk}$Z0Ussl^o;X
zOOJPvn^gxdB0-?52eek0{eF0d)h&dE{dtx8Bp%C-@P3isMvE}U(L%yEApr~9m(7+Y
zb#5dgW9GS_RfZ_NM{;iSlif`ib!6D==5p<vcxelPlwO$su~D2d>3^-TN*J1@uHtD>
zE>npAH~H@zOe(CT-gVJlWV@^nM452B1T{-!6gisyqFK}?3F5$x`r2}=emCJF{rbMh
zesUx2oSI|O#j5Q+Q6N{!9D5Wm+4E1wiO^v`M$Y*bw)x~>EUYL>vdX0JxUBBy30uNb
z{8sJth`?X(ZMnx)uCt6<y>yA%_3FZ5GN~;S*J&rpu(B`OUk=kfKP^X7&$j*WzkN}S
z+nJI}m0nS=P(!S+rM&hOI~iiOV!nWAX(Uep)Z<JQbhq{g5nsd%RgN(78;HRm!bs07
zJ%`}wTM1I1&<RVV%j)?lTqIj+NZ51q?gp(elA_Qo984<;-bQ$W(9R2xxS83?=nxiZ
zyGnt#^=5f}UpZ$h-hBDs$-9YxNrsgBFiN3+B!C;MqF;SI0k0y&3qLFw?@>5qtMT?s
z_RToJNl$<t!mBS2wzYmV7)QAzUj3lzrnqM*`%$--kJ$T{^|UeC<>{9K{6E?y=UlVR
z79B2}DsW~=+*DMU?6u&cZyK41*f~dtKTt%OSN?tF@?^O#P1X~Gy}hpv!}Z|DEu|sN
zpUxUf4qS`t)JvW{%$%#Cy?l0w#kC1EPQo}-EeY5EAYmUKQqGOiuAB;D=n0?>k8|sO
zWMJ=j1RqF`j0GQ*Sj}pO9oRAT23Fh^zj}wvjv|!^6sg`9-{WF2mcakpl+;suTR3hC
zW9ydUz|wRSh?_Dbfn23-uCl`d#7x(XSg7X63ELxyz{WAKF8o#-p$EC)jgw~?YTKUI
z3TQ;x9sRCXD(i0y1MjDNo@H=e1b18QL|?zp-bXCml|bf%5QPfr9vXw$gx94>Wi>v1
zIH73&ZNg08YRI=Mt?^*4hIRNkqhK{gk_kLcp`pjTI{96=(JjTqXEi3A@$yrLOx#&+
zW{ChMjf*@ascNaIa&G54sTpHh{VE!kxhZJ(N_=u0+~r&k`}no~-l6EDYT5o6MbE`p
zdbv_@;Tq?D(e67U)jqFn^Zc&PpCuTXUj>NFSyElNj{E-=Ixu$#vWmJ%0d<S}k_@o=
z|6=CS{$Ba;-mUJc7(*Ji&yiKrTl&lgoh==hl+d?WWQ}1sn9+-To7bI|%Ji}iWWd}#
zhERVeZ1&46ubYxC;nXb>`E02Tdm%XWQ<;LmX#kq0U4VPRFskmHEbwBR?*r{4R?5_g
z#94daLMVdr=<hLqb23i{X8v?l;m-_-8;5)A_ghlx+t58~8GwJfzd2%jn4w&~G3dw`
zj(_<n3TBJfVFnb8E7QD)xj9Hiax)BL0gnF3XHR#^yAlqEBpabUK{T;$KECJc!4Qvy
zLRWgCwynMp8*Z}WJ#a}mYyolx=>z>zU`|W0hNj9c99C$}|2T!5>$P_ulJ5xPf90~q
zLk!r$N6{ta*C1KR19TMGWZ0))dlW5L@$GIq!Aq;38FgX#t9{a)wkH8zdCROp8JD{u
zy~EGWg!QS#WPd`Z`~kd!lGO=qbwgpY0*h|5XauWw5^>!jXld?t2=qBnsBmWo6t?aq
zjY*><#|k(E@yDyT1DK3;@z+9rJ7V6LVLrNRsc!-N^U3j8!R-08daloVVS^u-hGsdb
zqkSfz!Ej3H#&yRM5ZUdiOiE)e;h=|fUIc6(E&smTYHSNP5jtKgNZERrb354jz&>6}
zT>AE`U2o3qTio>S*YKdTKtm*`R*#3t`m64h-+V`ppHO$vR+dz`AaczqjEY>(kKwmL
zjM{O<$G2>H<oh!PE!{gPkD2EE1JBMoB;#rIjw7)vFuHT*Ilp$Iq&F!3N4%oV!fWh4
z{JF-r)+{X^0DI{8Ch1bs`=3d8Bs5j2H?%dKq11Q0C61CqXk|$wS;V<?JL?D`)@CI>
zUX$H{CC-rt0ke8H>HT_{@h|*Gz=8Mt2qdot^zj@^G)IJz5UZwGe1_R?pY62=A<~OK
zRR6F9QS-W1eXInJG2R{`7#D409kPR|QBQSP8_>vZ9NMB4kh3A+TW@kgRh++SKX1OY
z{Doer!oiSPpCxDBDC}QQ#Dk9lh^sX+#hzUgd&c{VvQIGksB8OJwL~h#>;|9JwZ9}l
z^pen4_xD(RGKvu|K2r^?zLfNc*1N<0olfOhw+39j9ibzg=byt-*;~xn;}bIAI&PoJ
zO{*fX=O1&W+5-U3f%#Q|C-&JClc}F?zoNXyF5TD8K?7j-HNvL*U+THyf7GQGmV18&
z@h2ggJ+WfkJw7v@gM0L!?X~C-vQ|{l`ch%OCVn&@`5P+lZ3mQI6_=lM75T_;r=7a_
zuUhkCqpw5?iUW$oiiUOQNx<EyGGgviFWc5ku~b|;Y9j-@b{wDQY<#j#>b*Kpmd6Ln
zsr@^|t4QBtH9BoEmtKIcI7!&Dz0NFp{%G?699Y|O;dWlO&6c1oA+~^p#P^e^`P|WT
z&kt?=K()BJmK>}f?(w=lS$}b=c8P-Tav5>+T*XrXa2eKqw$}4X4<TVSmKEWD7CG4%
zQ>Szgt*89fptxGmo0Rg_ex34UkF|77*s}Cqp`d#=d#7b0YS>LgT!sTR7uxoGV<7RV
z9R2&z*w7h|vnDi8$oq#_MPjg8eiFkJ(P>XD--NlMV<W-TXQPiR2K^M17ZLP=d4k4#
ziO)Z5!ldFHEmZiwOg)t_`e%hnN+#;&`SN4Wax<X*-K1O3Ozr~jSwE!wK*x?t68tV|
zxKt3nw*&uZk^7OECfqYfCUGy?|Mo+QR+`rEj&R4<ohrGf=Q6o3$wEBXNwp>1pDKN%
zK08_Aq$3O~4(q@8wjd%_KJ?f+CLrJ=#AN~Z`VdAKb3IADA7X_n4ul{;7&o!M^;k{<
zQJYbTOflOIyaBCOLBq{muZbx^F?EyO8nWk4<!xBA|8{y@WSCl$3JK!}Mb*cuwdJTD
zG%JZ*8~0^SXP=s#Dd);lVV-tw1{d|e%oq}H*|U4<g|}sQ+V0u4+)AkyklyI~b~2W_
zP0O)JNqIo+3zT9<x7TDfQ|G{k>Dh)h_U>2RhW3VV4P|{p1Z(CQNa|9>Tg8c0K7@4F
zSXobcPc$fyd@A&UN9xyH<;u}Mm<C+Z+TpS1amM4-whjLSoHeKQk#M_GKEw4H_be_b
z^3Gc9F=E@hyiAABJ5q3u$z$-cmF@LCDfDuzyKWL093BfPHB{rf<f$Mk2k7Z9`4WC~
ztTnN*ib$Hb1{ir$3&giF-)&iw6PzTwHJMIOe45CMj9kc<I$^}va$a-dMie{J^+_ko
zr*=PIKXO3+{5@5&%NALdjHKQ68HuJyW7eW|r_pDZxpch81QXp=d(Ssm7D!!6{wTFd
ztmL!PZAc<mUeAxCf9!@<FvYaVqXONYbD+Av#$WbPQ{qB(X;l0VkB+iTal~%vXGSoI
zC1bZuX*q&E3ACNeXy=0Vv{(;j2|Q1o*0&hp4`}mc8RwB#pW9%iNAh?Hh9tktCzRc|
zj8;-9$X`DKx97vqu7*=P8TY{dho-aein{NjJ>4nYrP7^J1A>Hrq{KtFNOv<dNDZO1
zbP7rdNDd9s-7s_rO2fd^o%h~#|Aybpcb&7(-k*J%s8*QU=5x>$PL0a$r)QIjVA!@=
zED0e@Gf3H+$#20iB`#r=AK3LRcV#-F3Ugp-+PwS=ttRuP*A41vw`r1P=Mgm%W>i)G
zeJ&%t&itJsvONXfamrSKSC65(YLRV$n;JEc1BXR7L<$lel)f2>nt^B!&rpwdzv<~Z
zo$y>bnFmX!UPolIWyDug_K4$Te0uLCg%}YAXOtL!eUFllLB3U(ab5gXtI^WI9*tZ;
z76CwNv|{4%!cf-W(o1L`L@E#X8)fm0Tg3Xc^%`-tf?!N@a1H)f`}p<Ox-~7hMa|4e
zUeu#tO`iQ~H5V<3A~~@&I;&iJD}m8H3YY*YzQ=xk_pCXQqNo7n24ec3y@`R<X~sO3
z;0NKmeSH!Ux=B`UPsbUe@;{yirE2!ZApSr5#nNHO`(;$@S)<zN1u;;zGwk8T(MpM?
zxkICAOGLS$MuGD;y^wywYEP5e|7w4#l^-Vz{yEf=2_O!u^d*H6(`|L_!nG2V9P_b@
zUApVu^Tm)}ZlwPne+k1ZRZ?Rx8&7Pu<O#gH_Fr^f2LD5vbc(V3Vpg~q13Ign`)+@u
z{Nbk|3H4=uy7ry6hC4iOF4E3JPfB&bs<c7*XCs{B>@0)-MuD6SJTg%J3=0GZE?gc`
z+n(9+Mo!N24KE)SylMZ)-3{HEW|m~!)^*@X#%!R8uV@<271`-WUfixo5aDp=nb3wQ
z!-tQc|Jz_x$D3vYTbd;i)J>s2E1Us*CGq{t<z$tRu#T)r0}cTx(y(fcD+M@nQAP<Y
ztoW}H#|au1vL5O6eiX-7?qS7GsJsJ_Zv#;6>#4kUBfNpDWJs$hk23O5IrcHin*8lj
zJ|-V<oQ`5+9KiB$Junx4E3M8)susMJ`5yXkh9cb6=w(4fiEK0i*lEB_y?o}IW4P+B
z3XG%|Q!89%={lq|XI&+t3+F2hmO2GaX(Y1IM?0JQ)vt<e4$60+0%P3AEAY7JA>cez
z*?|6raC+Y??cy<7_h9oW0lal-rm@0umi-~im1ARuP^Jsm<Wbx9>24k~VftkZES9fW
z$`h%EwQe(=Mtk)kgCR?8NA7qf+3~W`I|Q-^wpo@5mJ6kQJjA#)yL%Z#O9qf$7MN`F
zrwBK`>n@|i<34OZRG8e-Q(z9QJ(hl!jJ8Oj@TKC)Dejqtthza05%tY245KlIV$gD*
zxM6S`s%zA`Wkm1?UWdF_ed|;8OJ+0JLMc7`HesQ&3KYo4pZvHvRvP|u%A)!Q<hBx@
z08;$zY;jYzcp@A7o!%lHG>7i&GOv>?!Io{m_R}i<6f;~-juIB~oRtI?l2@ibP`rlc
z<cq{wM}G+%_~27wqbc{l9)L5}k+7!?(nsl=5*r1<p)lVW04q2<gzgN#`6JFj$hY#q
zJ3O0rbHQTEsfFBUVbS#Qw%ZU3(4Rj3ke~ZAF!G%OF^d+z*)=Hoy1w0t3}uEpvt%P_
zfpW-3|DZ9Tei@i{exQog`uf2$enz9iC~soiziJQi(4ib1cEyO|ltTvXdve_a%vvaG
zZ;ox#82R$VD{`<C$aZt7v%Wh%zE(ZA_n}BRcVTQIhk6c}eGSk0dA7{-4#UDz_Voyo
zj*+?KT^XIIbKOcsOgK(}O!rIO)F2lYv`F1n&mb|6Bq$^}^|Qm_)SmCYCz^)@nn1T;
zBsp6Ii3XOqjFJga-B``JRy_eaSpWGil<T;o_KS{;PJ&t8o2lNB_E1&~MxO)y@T|o=
zqn(BeQ@C)AIrIj;qhwoMtETnAHmnTuG&eW_A9fljVP4GKMe>X`iiJTbmwfp$RX<sp
z^PH4tmuKclrwNaecu+K6^4gL1tDZ!I$e0803+6_2pJoLNoSL7|=e>~mQad*zaXJ+?
zJMFsS@u5oqNv?&Cb%L~zVY|9d>JLD1l<`wz!;Y2&LX&i1rtFa1PcKTzQ%$|?DdG02
z2>4&-)kXOU<ilgA&!Mj2RrT91N%je+G0;I=!&s(!4t3gaayC((k`er!0ZG;KvvBpG
zSD*SxiL!5&7Qm#nIz-_&lid@rr)M^%w)YZaxR7O+*k!YTkaZeTh>o8Yzm_7R&IlPe
zkLp-tsQ3uee8zNoEL5oYG8tbw8*S$+9p<y3Nbt&gvc3Um9o>pCG93tW-O<4C96$ff
zPfHyBy>OJIsTtl5cZ}eQsS0v>jyor^g)?GQL0KeosL+wp(m!PhFMWxhwnf=w&E{f+
zSXKT>{_2vz0CKHT@qFF~RAkp?88!xJArKizQ^=chDk6{*yeL2g7_Kj%(vdA@$?vWY
zS2kJ~_p1O4R*vK8v@S2HxL8cFbht(nu?NUcWhp50T|Wu^sJVeuM5q$k&;D@HQ(tTL
z@0yS0JqVg{W45tpz*^!d=?Ozjk;OIC)-eQQ&PvF$y#A&mjr{6OYm$YBHduBSX|0Rb
z>hI#qtUT(dqT@Ozi}6#@7xO^hjCXm*FD^z#ECj140}sY_KH=4-K+I9=itdNS&faZ=
zAEQY#%&%XPh^J)!RC;{ZI)3Q&&ZcIY&#0Mk`dp3*6FA@;`vR?P6`5W&-^wed1~TUZ
zI1!rmy6@|s(KTriJ;Lvax$TMz-ZM6_QKIOIfVA=99*vKhb7D)BpZx!$b2j8A@h>wN
zuY-%j-cT4Ux^I&V1~LiN+mMvnLVhn&%!*OZsYCJuWG+t`Jj4woUN0v$Wc>G4@TLkV
z7L??<g)^vl;=p+?%_As?Nag-kd@vO3<!kHqa;s{l2(<sa(W~wG5ad6RPVWU>(hsY@
z>|V@-GSlHemllnZ(OqNNE>sZ7xwMbeQQman(Z}|lSP@ZuAc-m5pd_{k?c%$rFz|!=
z_bmOep%^vADqP2p8*Uwq`tdy0Z3$scLyCtz$_qA+PI6aH3|6+LWAPu<Vg|uCiG)Dk
z4bHOWQ+kiasIe5z3z>M%8zS2hAt?%J3v07he3C~`n6<+J;FZC5r`J!N6*5?n$xjtB
z%Vi3j?PeScQ9s~NaYO0d&dAPQMQV8cDvs@w<sZn$L;?tGUpO+ZlLanFze)Xv?m8++
zJ0ZhUS_%Uy#C=hr>8_e3>L{@=#K$%Z=(%!!Zd#Rc`ke4dbpVIZJHpLQRZ4{%ORw4k
z+aaz>u7^o+#$Gbxm&htd^BPyKTL~RP@{Ksj&4HgLy;EA>rK^?rg-^^+Q4lQ$B*S>w
z1a%zGO{y-9>Q4Px-MaJB@4jds)P<VLMf9pcve>#4fh;mhUQ}NY9Ol!RPF!>k?x+cp
z<D@y2(1{6Q`|kIhH+k%wz8r<SM}OkU&zcdsl-RE)o5hI^bIUR%*agOA#ffKYfDHP}
z+qWiaO=4JHHje|vGejIu_C(V=t@~i^d|db_;PpZX$+z80hQFpY4*vM#gTDbAqa@FL
ztCgp{B;6^KZeF63@MiGfwhL{CRSx*bRE%ia-^CxZe2p2b<;stt;yIs?{`)iHdHA<v
z?-|h~*$aTp&}9m$BEd?;&Ngg0F&y4TIUeS)%k<MbmXwp$*$}*Arjk-^4&HJZoA~C{
zf_6?D5WkC6_m0)^W|97iUq4w2MAvD_7)m8Xbl?n%9IPAtyTk+P4UK0?hlTH`AZcg@
zsTKAd#YrR&Ea&EDyAs(Q;z^3WYkzh6N=PrciKV~9v@1fp${5ddY5g^67NS{xsxhZK
z`0ekRo9XxbFQtJHHKM%@ug{SdgX}H^4M3WSgkylqpnb8JQ)E$J7%wF!ch+v$JJvxJ
zjIR`>T|P^)D)hqe7?FTgjd$}4Q$U*kHbfGTy-;0fmFLb3+VGXw(l0mLNdDh^pC14o
zjK@Dy;l%cRr9!YdMC7eS=y!u}x)1mCpl@SMR2s>a>yW{1^srQO+q6?GL&)s>3XCTz
zkLZ6kl8j8HSevkK*T8r3FP*#PpR5IMbf^nibl1S`y9Qj`E<KINDf_?vhZ)ayyX9Dz
zg<yC>NTnKg)g1nVpiVT@xJnC<Uw6~TxlFoY#j<^N$blSZ8)P%F8AnZzcAZU)N;cOt
z_sK8qj-xq@?y`AQqNRDE$+Yi8EeaAl$ZLq~x@s`4>?S!U#eX-OGD;1{#JBf+EVXUo
z`~NI}{R}qw|4wvM)Q8a&=)hnc9NbziX5$Y_^~o!PW2g`GTv|B-eCi;U!OdT3)$i(n
zYNUg{s(NB}U<vWSS4wP-a90a(r(e9U^eFHLe~x{GN;ug5*h+`nZ8+tZ>C<r#cfsUB
z`G1XRQAo(26I4Qf@$G^9?(+8n1Cn1w1G0S<&o>b;@IC(I@hjx)Rq|R(*jzE$M_-Dj
z8RWEpwtS3bUVY@ij!jC6f!C_YKK+V4<ka^8Dm^tF*!n(*3Q-;)IN73iulr?YPkwrh
zJ1qJW2}=4qOwW)j@JvC~P+6BzT<;XMT#%PRbKH&gN#f@HeCd*1>Ycb<EaFebrv_{K
zk^3t6SJHpslMNkYi)`m_*||V~n+ART<EJ-TD+3D0m`q2r&{r}&&VENRpEhqSyT9Ei
zqg$8I%f&Ja4*F^EFb;YS*95wQ+9n>!WT`xQ<z;-_uJz>me+@p?rpaj!0+@X}nPrN|
z%!)<Yx*j2nH|fh`y>`c;lVwg03p>^<W-ss>!R6BfFY3lMCj|*1^(H*RwkOtJrm_3+
z=195Paszk#m&^P@B|jSQXv#`kw?pAmSyVSUE^0_dDOYZY+aP>+9t-;LcMbC<=PeOP
z{nG47-4UTK@8jb1YMLAFbufda5T7oljPA=^9+4FizWe7cb99WB3B^A%Db!1+#Jrix
z;QN8VPe$eLhQAlC<)UT5BFSS*1kW|$A$y<~Rp4PrI)RdfYG8P{-OgxQF%BiHG9w8^
zLIPuAW-uugx4Xr745dJr<8smfuU?0c3{|+?c&owr#jqHx=;b7yks+BxOe}l7k{Ex*
zsKEB2tc;74UqCfJYUAh>ht5aokD)711?qGD|0rt0zUhN$()u44TqNGSv_k<+k)x_k
zLpe>TJo@-Y=;}slf_=s77|Ji?-lwR4G7dG+A|<c?Ro00x7jO6V4n2rr%uLddft`<y
z2LuX9Qce|YexiX>*W(jn9znv3JKW`?Gkx%*3flKg>Q`lP*P0#kasJkoLbuIZK#c-C
zN|?s5F7+2HFl!V+!UWJB$8?VOrd=hW2_)Ocwf))M>N8N56Guv1SzgCH0GF|<WlIaG
zwS$(;Wu8Sfu*i8o3$?bcDc>&T8Wr)t#HI_we!&bhuV(5EMeMq;Q#4=vcYkVaq;W2Q
z>>Vlo0NsUyssOwcg1~R}g^x3Xe*jv&CrIZIL$o&%cIR0bq?w)saQr3$p#L*CAR-qz
zFCBg2=L9nPL&aYZk9M7=6@ppG$-ma}BsD!3Ci5&z^qC)j!^hlpIT`$ML@``<0!u<#
z<aVHMgfQ*FF{wl`+^txS2JMer&vf$`hnt)fpFieQ{#VWL44`k&L1>TM3&cJc;MIO>
zxdIplGXBmxN^{=1a`XBEXe0Isr=aT1NSw7ySX}C)_MHRhXR1D1t@u&peB9B$+kHh9
zGM}atd+c27S+#REv^frJ*Q?kY?FiPc-ry;T;jI?aEm1=PWAGo=T8{79eKxg_!A?|M
z=c|M+Xq5^X^8^u}=}Yf)qD-SmtVLW<Rj_!@i1U3t^PU3;&XbDK_}-uAwL1O5BN7xD
zOnBVZB!#Wk1X$`v6;m-;T};u}JyrYBxcPCWR#{bv1s{I--0ZYw5vLpTJ4ZuU2k&?~
z3Rh7o7aEy?l_KCjNM6a2!ixb^=ZiS5H@F6#;u{{4R$!aA*?sqOQssX{8&y^C{j$ar
zd#gsh|Hcb`ZBsn}m+wr9ub@Ap=#E`^b$E${yODa@^`w!&<)EXs*+pS(S}Ntwa@Ap3
z8QGm**i=9z537_Nr}*gNdj#JXSE=`KG>2@$sBI%}oYtg^Y?S~WwqS{Fs~2aoT|IvP
z(~tBO9=0|Iy-ig=M!Cz*(g}8q94X|axPZP1Qq@v6JPcvxhN-Oaksh!c%y%53XbMNs
zP3oc7L<B?`!tD{EbYY5GN#exdweDvS4E%6q!>bs|Y-Id+gp4jt8WvT8oWv5{B^j!$
zW)L`0aNaR-66}lCXi{(vbkO?QU|(!GPt`ypkWgRxWBnU%M$cNH6o=1eyqCrW#eTUm
zBzOA>hF~m{qGv*Fam>)Q8=G>>Q-x0eaq-!VnBjVhn*>e1y@X)}Q0@*xH@8K6xC9nm
zQe;~q#vvs+V}=W-5{=N=j$xnI&|AnuHY$Muwa|+sGN=!jC$NqqlYd;v{1OycW?LM8
zF-l-f3iGYzssD(KnqJ%Ah4P2F6E~|J40bf^bo~*r`!S|o0Y0252-ceL586G8Gnual
zeoy}bj?RaX5Srzt=u6yTGgbR}iG|FftDneKp9>k*-Y~oB1gAznlmV^im7HYb!~Kn#
z@z|vBM7m;sepd4`diolI6CeJ4?C0W5EfY%Q90k9@thK1i^M(8zFF@j^bB6s<bwmEK
z_hJzl*oY619X9=KE^=-G{#0Yw8_6#^GR3Z1y!6oU&AH`F#~3G{P4y@y!@g>)bB5t+
zn4dY~nM{Pp-yno6&!~9k_mYxLj*2GMG=j64Ww}F(%htacg}|dAxw^@Cj?DS#`(J_t
zd>eSU?zD4F*E8BIhv|<;wg-?MXT{o??U>zonw+@)f6}Q#hvG3~b&Jj#9Wzdnu9)HX
zOH$#_o-y-GF&12v(lh&a@A~c+#s_8FSAd;_M6sMO<chUhyGd)a2^(1E9~=6^MlE)4
zowqs|u1376#&TW{iHw>*K&zei<~hg;Oke!XAg92q1DbNP7)x*w7<~MXWekRwxqxQl
zIbZORV*)HjCaJW5<HbuTVRjmn8aEA)lKx(o89<njY9Z!0AaY{aCt&n$!*d$Pqa@D&
zD}ylpGVduumU#lYb;$;qMe{dMQ}UHYGhJ5?Re-wSbh!6T8{m#T<?YaTQY%wL&Hl~-
zT5jXM97`ik92tLK5*_WAcp3)M0AlwMH3!EPXH<f#_C|9jPa2rt@kK}@TGb5mWV_}#
z;;u)<A;I@uOc5Gh=@PC7Am0{Ujk)I5-?rh*OIN~tx9!wk`^5yVSbxdW`HOO<9wpE2
z-=G|1*aFTQdow3KwY_X!1P0oK!#|z{oF<<$$<J*30VD$rWV})swsnua-iCh(KGBa2
za$kG;%DSb(mH!MBPJnvTilUj+4JTD>v~^IR{KWJ8m*>BpFLggHx^`3S?^*DBh2i19
zf!vp^yz|o^<LR%Lv{0SLkVUG`#L|dYs6BnNU>~QPVqkxe5jJo0m9@j}h7-T%T7WPV
z514Vqg^v!f<Jy#L@!sv$xE{_-qk>pNsm7|Sx|g-J<HJB=$QQ#`y7uuI7i*-RI$TSS
zsqvS+GUm_+d+ysGhm;GXx(p9LuuMYcG$N(LP65@j3wlVe%VJ5#p94lAoaR{%hdRKU
z%}vQPYndlfPCHUq@6PdZz1zrKC&}@lyw$)Pl!<{ab3sCA#C&}v!ze+*?c$?Q<8>u!
z^GQ0?W0Ly^B<KTt3*ot$7^M+d#6|{9K445saiv++V>xy0?|-qR#aqE%cx!CGl}o`8
zmf!CU)pDRJhaXnPu#jxJ0lg>7(;~?|9?2^e_k&1~G%=fJhdaebtt+=<$>*MSiW<sk
zJQXE^q^B|~tnq&Qz@k7seDRi_>hXkCWm04oLF1kJ|E!)?NFk}<D9?OnfFR0#B=J*<
zw3Zj^op?TG%?mLPc{Gb+ioU-m<|@niH&nBQYZgF#lm7DLLLSf=^lDmIpI`qVPD;#h
zNc+|~!erENHZ@1KVqiBG_oPM@KU7>nG;S&c_r{nW-a!UjL|$kPgOY-z!l9I5RlmQ=
zwWU|x<y{@fjPN@Vh$O0_r!6?KO^<YV^lAIz&XD!#UJS}&)G|Q;4b?Bl)A(eEd${2)
zSE1Z;|KId?RFJB&eFePA-h^THulF@X2bc`l_#3agogoHHfFlZa>udqUP`}fk%<l)0
z`+tGoDf;yA)Z^-{S_mm&xfe0xUuWBijzaM<8IE7@{7U#_p<e8noEXk{zlL%(;pg^;
z^V_ocQS&~*f>+fPGXhWN=aoyUmrWYX@TamXXDry%=A+1aq4R)kxNfv}O8gak_S03P
z=eHZrFRs%-J;L=j`-t|9fZ!2GRF52|`3F3+){q#dL7ym-V4~L!VZjctwWc%mtR%=O
zkYS<crHVHW?%4tTRB}m5>E<R^nCV`nozA{dUqm*o>t#kvCuRiw$iut*dx)~$na#_E
zPA|s&2zPUtw?QCOWF*N~k@G>9z1vgYA4c%7Xw;hU>PvX*83=l{uUQ>{86v=)dg4a4
zYyJADQdlHy((JNS?aUS1f~|grE^PY+dCw_O82Vpj?d0Ng^FuD`SD)PHG<j6{F6;;>
zfl!Y6@VMaN>cH_ogCN@<A~L;SlNheOU5Yw6p9+z8s^?uW204}yPB<Z0D;+*8Iuy1`
zesi-anUz$Goy_~18}lXokjT)(BWrJ?B4RPrsqv28-fI5(Kag?UThl0{cx9^?%oblf
zZV(&$Cq)$cq)I*qP|mEb{O?3U^T~}!Rd(w$P5H+7CrGbJ@FVx*jPJzR^0#jz(GIH)
z<+oy3QbI3l&xxfQgDC)37Cqn_n1Yzw0d>&bMaHVP{tqV_7lv7-OglqRR+o7q-zS}F
zjP5CkzgHq1`wuK4mt;(mn&p_<3ACrI>&A?WbyZoDo4EXMG?7%hBsUiyR@K#y%)HLL
zw)bM5tdFGU&(`L(afg2l`ROfvl$JhC`#Rrtb_(IS1>^LEE~)!If0IN<jhaZbSx@?K
zDy~sGebOeI7=-;n^22wVAtcv5u*zYDfN~MNqJBZZfc}1&bAX1y-!@D0uOjK=Nf{lu
zl^mptXJ-|tn1~je@{`z@hz`I#odF*ONzaTElvy$oI!kSCXXbGi4pOD(IW6~B=ARuG
zhn#`+RYGg46%1XTq(4ypm^5qR^UGxQx&*;PD3Bo|>{7J4@T&xB-uGE?KUwR5{@Bb+
z`1K2JP>wz2IT5HK>e@}G3Tlyjn|GA*G&U&Rs+5^QWU%oU7s3RrLs8vKI#mUX5dUQ_
z*4{czMWL}>5N&Ldk3v|3y{Ywuc!T3_JgnwEM52N`TGY-L8bP0b*K^}bQ5=ivh&ptH
zNfsJ*qSEIV26S)M>#ncVTWER@yQIVB0eOt~CZ(h!|Ca~{{bwQcD4br5XT`XVTkvlq
zJp{%%0)RVM59r7tuiy);i1>b&<Fsx9I2v64?F%KKNV1L+wnLZN`ij1Z{0V2@?Ulbp
zq%EXkFHlNW8Gm_N2kA>EbP_mksPJQsYycdku~ifqcq|n@!9eMFknhJEGv>~ku-l;|
zt#&K=URZiF8ST3zSp=$uURo+lWW^(ra~Aa~%AZuOi@)#*n}T~RuGs*Xw?hdnhm~~J
zeTJ$6oIZc~RZ&H9<O-PUk1O9&+IHQ7)JVd+k)?+h5tl7a)3HYItg*MXWQg{hTIiRM
zA8pN3k)F(=eStp_bq)Rams>i(2^7F{Gm{nZ8^16-?c?4kNVpDA7}KKusrZ8f>)p<)
zKgv5M)d7xiZ0k#^=dkFR&nxnQmz)N2;xs74Q}GtNqk{HnZSDG}EEV9A^J?r|Vz`HC
zS?a;B0+d9B2n~3NY6#***&1>M0B&1|#l(k?F_dcy7lJG9GNQ8&;nQOjMQ@OF)6x|S
z7F+A@+0X7oJ$$-pI{a_4?KcBK1!XROUwQmfrM5qp@osc^zxG)L_(B+|`YLT9c19;c
zEvd2Bvg=`NRzIt?dwx+0Zzk*xt-pI9W>zi|02()@$6#$+d3A9W8+)RsbGpL1Kk=xL
ze532Dgo|DDfkh-yM1}Ae!r`^(LZtpRi(6M~*I*1wRVe+E?0AgZRfP9b;sVzyyUDBT
zJ>WC?d+?iBG1mAqS2p<Z)w7f!d%4^sB)gajj|4`gytjQf8W@~QIW%5;lbJ1!M>H<!
zFHbTT>GIYU-7<@~#4PsuJqnvcJ<^?sv>BbDou=9Uqb^aGlvCdc*?hYy2okenYyQCU
zZ49`Tm|#IQNh_mkG1Nq%hGIBve0ms31>8Y%Hh_pqoz^Ev0kZcpZ~>s)4VASHA#|pu
z!kXFLO5#~=k#T+$UbLhONq>;EE6&pj+tF1gWHnR{`Lj0hR&BwT4F|w?&6b!#>^J#q
zG7%Adc##Y!r(|fFi5JJp#Iuk_N?=IG?3YQNyE;PkRII5-zzLP8o=X#Tx++$6^PtbO
z`FBh@UE#CE?p31oZ-?haMh<e?)7K?Mm#NliZ<AfUI_s>YDGEjtJ_9}At<3XRIk6d{
zumZEC(@!FVM~r0`AD2l77|wGGWS<_C5e-aY7!pb^G14ynA)QI8XIFmZ>O|(@aQ*=f
z+%D9=>v<xh`f|o|k4A636Oos6HDU^%IeCG5&WIweDaSmLRx-MK#{5Btd_nq7#c<SK
zaWJu6ibLU_7OLhRz<3{AbeCocNd}fn?e;yALVdp*vz<k%s23W+$x!8D$d1usdW|k?
z+>GehDIRa98-2KP*I8OO{OOEiIPZa&CffcPDJ;_Z$4BgnO~CE!{*1th`!p53JA};a
zC+BrBm?!wh#4t)#voJ*{5+YSm?UZ=ain13g$_);#{FCbSv%mk6sQ+BT6cpa=Cq<(u
zw&11ErUPCm{m94M5QO5N<PQ3w;O&^aDkOV#1=E>q3AtzccKiYz9$G`P%~quODH-wZ
z`dYqC*b7O#b!f{&`>G}|3VXI$Mt?Pt%BTH7a~LDZ2NiGECV4+_|Ep6}0qi>-g4ASW
ze=-l|8Zu9J8>8k|Z$wvyXK#k~iNuJ*?*xysW^d%rdfrXFO>(aOhn-$J?j003SB$V8
z)j8SH`k<ADj+*DAJRa@2(5L8v-Ba3SI_**GHf>6oGp@a&pnZbQ!35BoNH)e4lE9M-
z?xqpmlvc7=&Ub95`^$hz8FGDfR@HM~MdcU(-;rz~*?kc)^k((-A8}T}*CAAjSAFFK
zXu~Ai5IWqRhSLY8PWvD?bVu3i`YP<>A0Vq^^!=B}nCO12n`oYTlxcM+@(s7}52j%6
zwUa7TaW416j{I7lZVKC)HA`B+zx8B$^7Wuw@GzMFWS$`8l>NxJGD_Xy$~pJ}>f3Oo
z%XInz_}@RuQ<QZAo175meGB6t@~T*x=kas#H2eV#SY(HrOE!SCNkq;Y-tZx7Z$6vM
z^y~Z2uSPtRa}vmt4CGC_s*i?=Qhbg{440w4`DWSLy;y0>c5@}g5$?rphteV+gkCC(
zq{IO4TvkUd<^+MpNVA;dPI6Q*{Nysqa#!T?TW`eSwWLD}OjBrZEelpGzemI=gosZ`
zSlIM1eDU;GNv6~JP4>baQ~THlhu2rx0M<8pRjM3oO-z(91Z871s^(GLAxI~l)J94L
zF!g%O-pz<rza{B;#1+$n^+@08*xt;Q(?R;br+0&qY3rz;g$pQn>BZUNw+eN_*+#Zq
zpG#qrsu~IPA*71~gUfmu@wbRZBu98sUtX@++4fkjF@54NZ8JypOkq|Uft&11y>_9%
zDZobsLf|<Negab0p9jWXjQsylMmXpH3uUAsQ(5R>#Q8}OGP+#-Z#fK-^6_{P`Kcc{
z{YOb?nI%u`qA*id9$mc$@Y&_}o!VYRaeo}|C~w`{CmX+J>HYnuaP-NfPCDHzJT^2S
z`kT0QclqJt4;BnGzq0y-joa#V?R-SpbKS32T>6Sd%zXF{Zly-_BY;ShsQpOxqUS-j
zYmV?3TS7#nO@HKF?g7X-R47-$YQyL6x(<VMa8(#7*Sb1!^*;O;+jE@l8+5@)7N<;T
z=F}EygQHfjl7n-u<;2XbJD5}rx9Sg!sGw<rwv?IV@oVR8&OaHgMxKe%@0%43ky9Z(
zv%H;gUQPe$2wD6R=pfEZb>HCT<VS4=84dFCxhE5JwZ4mGsU<p|?Rv7_4DvoGC$E}7
zXYY(HR@>LwgVI(`t`>fRGPyJ2fDOn7=T#k6Le{w5^BbB~c80oB1<bdGQyx~R(gA0O
zXtljeo}l|is5$hN7unxXZBZiGb{7bC#;&z$A2=ujODtkhNuE5bbM+U@V}&*D4R(#1
z6m~Z-Cc87;YaifpPQhy+17aL_`-`OHhVuQRR5Q-GZyBWL4x*kOrF}X-o_5j1uHFOs
zhWf8BIF>gi@1ueoXSAo7!SD;z9YxRhl=|Mxjfb#Z3!0%O{xuPC$nTzwnOT^*r*}np
za*+!D0*=*~aGI{cwKh_e&R8Itzs`4_MNcX2`q-12s>Yn}5!8}>B4t~Q_m+6{g?ZZW
zI{{tQb1Ex-)z4m~V-o|yB-=Wy;-;qt31N`aiWuMB@sa1~znrIZL!>s;wsg~6(Xxfo
zzl65W#ytT3JBfNHIivUMzyd`r0z9{fgc5cbl#mGuhNS_8|Cr6le^jDqA|FH&7Cg&W
zClw);d{Pv;mabvoQU{Ni&6sxYf$L@d+0MZ=|EsI&R{QfFS>lYILbfkma=&6n+(a;V
zSOgn1^Yd)|`k0dV83JNmB6!<#Rz?T|vQG!Bd@laLm1^@AG%Algim{&(sEFY1p%pR{
zLL**=o&E|g0pthviHm$mnNw`pn7)E2BWNq4tm}W?Wqm_VN!mfiE83A0`M4L;1@-dA
zy(%*h5HcIpkrADr0r_11@SZ$vdFsQp$fNiS27r+@co9R&2cR5FOVoKsK2h8Mjua+@
zeWCy@9@X@o_z&)lLvTm_V)ak4=02WF=WCC2u{WI!$Qh0EZjJYyZim%lYSF#e|4bhr
zs=%k@Bd?;>3qQOK5Zn!g+uDD){4Y{`_4n<W^bglXy06CB!ueHXUL2M%%?6?VkY#c6
zUQ~OGLDNUBREG$*eF>M><)fymDc*%gL0$F_R)qaQ8!fJl)JH+dKKS=+s<&Y((L<=d
z&)U1>R!~=$za6KY$5W`#UC+9kf52=Mxg2WhQ7Vl#uYZz1V!qi@x=>#$oc0~CD!)*I
zR$h7kjI;7FP%cH0*n#ohcuHdZMo>-6ZgAo|>I`NQ6II5dH;nGcnn-EBj{~sawtMzx
zJdcFL*Jk@GQj$Tg0rKKFoZBZdvD8cJpIETO7f89b$yC5zT-$UA>;g1O;ME@$!z+N(
z6L?Hp<SdsLHv~Q5)&@5Hc48U14YQNT&$G$Jv=hJez_=BH;e3st<-iqpjNxqnN43mB
zN>Og8iE?$OokZMO1olaPl&p0p?q!4w=+Q-0)2=sG>kdaO2Re_6FOpx!pu8RP**^jc
zKf(6EJ#-9@o@Du=G+<dLo0NbXh&eKE+maM!qxRcJ<b?gOBkm2OxE-Lx+g<e+GKyd&
zpAU#uc7g{%e8^83EDlUC><_xmW0GElhve3`U}9i5blE(wl2^=xnm^O}3Vm>h*DfR)
zWzMNTBNtoQ9)twiY<gm;e=Uo<p`u@=6?a6tZc9X2_lmnvOYudJ4rfoCCtYSajU<}M
zKoiu0w;R&Io$r_m(pM8i7bc%dg5nZK;@ZXZ_LS#rPo@T+O%)6+#<*gm_~x-Yi{NGA
z<G7RNYuuZcdCKuOw~qWP8pr<%CwAFlxy3HI>VOGcNlmZU?0lZiaerI?G{AvA7XV%C
zTnYH4JK#Mh2JoTF1b`c;FVFjuUG-%@(D35~_XF*lstRTNrSy&pWD0U_l)omh`!MYf
zsug0-Or!x)ejMqu=Iqk@QJZyz?RqkYLDbrsB<Cx+msOwh2*aDg=XHR4p1VxymNF5$
z!%|*Erq$}Maf9vtqBoNkGBr(>?&}Y#Bb~xOJ&2PKw$aWC@!lynK79|9zuAvTvAq@}
zt2D?HJP#rB5SI>ov`MQO0iav<^36E?JH%G~LaJ;w>xI_KivxZ^NiS8^_F1VAc|-Iv
z-5(iFjknXOYNUKgpUn_Lom$KoQ9GmbQbjdPEan}Ccs&QUW>a%33F1;-_$bEDXt$2-
z*KrI~M*%e~>)cBmGm`{b!J-vSNd$l_Y@KMG#3w4(CjV6d9j?%XkJF1O6v^qrc=PbW
z7x&UFd`%jM(*5-aI+CeY#<qFbhmr)Oa==$2Zd@n$FXS;P8Y^r4!>}V~;Qlby5NieS
zyyl0A$i)E^-F!*Bma1Vn-ZcyqJCaAE@8e3hRA&KvD4jn*#`_EoCD0D~Y8VGRCi{NN
zLp3E4?GOHfs;Nhf^}FTj3OImq<(-^2lL*4JTyawZH!s~$Oo|mbpA)R?mPf+g@Mq0F
z6%9j9DlNR~hbTErkJma`=}>|QLFD%3Cnn)KU=cOcd+%kYk=gioDu4B1F5|tj_p`6s
zLw7Z|o=e@B23K^Ew#AgNk;WP1EcNJ_(GOFDA66Yzqf3<8RoUul`dE_shscjc4euN7
zET6!7{e{n>-Pi)z!<PR1Tx@M~ZxKdc8&TFkNt!eR6+Da*#O}4Em@_ir5BnSV{z#Ib
z7Ol1tP0A`8XkW-?H4vxDc||I7|9gFik)tmCzq<kP4Q{;K^TZ}0>}CIy)%JLVh|V3r
zMS%0ql^v7AbG-y+>WFlBWsEIQ1|)`&f``fRQM<iywPt;6b|CS84S1H~QtQa$5ioOM
zKGrTlz@JGo7uwiKtC~sW<ETp=)K%8)snwV9!?zj{4p!`8tP4-P%(OjM54hHMr6wpK
z57Z$^FcRzmFW+TaH_caFfJ{nnU9$-SPn6~my8ek@fu{b~?1(xvR|q8^fMDV-%CUv`
znI{O6^(#CSLbA!3No>`>5U=FjQwt1W`(rhh<5(Y5F0C0Hann?8J99)l{Gso5-u-VB
z3qdMl^xUYC2+~VOiUO#k=$q^`<CeLeJH{7&e)i}VV7=CUNA;z0>=N*DeC4!9FY|?N
zsbfF`N~zaE+df?@!t9D`3?e`u*I>~hfGvty*&bY_eJZ*2L=J#+E_oxxmTU8yK}^g0
zO=|<byM(~|pZb^YdZK;y4-VL>7x`}nAF5q$o&D*Pc~HZYJ@yl8zJF@yyZk+3{01Z?
z7zIp9ld5#}xAnzgW)24sHEPQ6sy*wQH8m}Q7YTu=vm|jPrab|@0QI5*6R-zq&~(*G
zi!dTXEJAvk1V|5!O^(l>c!PR-s5L$tb(ucgLT35IUb%W)gq-17+7{_+jN(}BGmRr9
z+3Hj(|J4X03M*n6PkqigayyiQW$P<|T;L|ng3HilDBalZ|6`^duke2Q*)WkbEKZHQ
z)Ti?HczR6^|IBO1J`QXfN@iNApmsVaEeFQ;x&HDQ7E21`su;7U{(+^c)8W${ck`>m
z^om$_7?t=0IzCSgp_`M81e|O&i3MVk4C9rE+zd3o5vR^Ebe`U^82h*`gk}X38(tm9
z_j^2k)2$?yaxtaj6NT>GT+D($p?wdj-d3CR)@QAv@1Xf&W~8t{io>WHLp5VNDt|sw
zm_}Y9afaAAP+Off7Wd+4%6gw9M4*1wNyl<3G2Eg+a$bQNlGyQBVXwCPy5lZTQMIse
zctntG<I|^Mz$eM`ecJ@RF@E{O@H?=B?u)GNOgU${KbdRARJ!c#sofWd?|girf6v$a
zc4cUt`}C1kvtx6^PpmT=@?;2uF-_YD%37#o=QFR3b{8xzp-Y$@e;T7mJfb@D<q{W`
z>CD^0H72ZH{m<u6b5{K~7dGO#89MeaCzZrk=^e@%$@rmWjJ3^@Sn;63t9D|}u)HLc
zh}8I74$ff{l>Lx?bwE_)A@`SbtcT-pn8LN^F8_9YPEO`lUpv4ZwV>9uWBycE)Yn84
z3n}&WG(()Kg^54Su(96ubhVj4IV^3URnu?GH=+ESJOeXW_K31zLuyu17y$Y6qUb3h
zjSb=!y^p`sP-3qQ!d!PEwtl>%g+}bkLq!ZdvzTcnzGMb6a75K%rv;fJPVp+Kt{&7E
zLxlGd@?WPX0coyoN>Nz(P_5Ab<tMAk|1dQ&z>q=U_tiK6mzc2tRu~4G)W@VE^687`
z|9#7`nm;G--W%z!0+7Ju`RN_MY(sw{ikVQG-3Wqsgpf#uo=zjmtoPUH%<Y1?^p9Dm
zde!HmTuC&)Zp?m=98kIZo#9#-qQAxG2l`^{i<K?qmR*tGCZsSd4DPxSNzFfK`J*r@
zeMMCp0z4qk@V=Xg{HZsDw#=<G^g+eF=%w~4zZMZXFGfI-MvuFr){Xjci^)of?<`V&
z+2yYu*8O@lJ%WKb|2qT75A3~c4|@880vRI1POY8T^UfUD*Pyt!%%oF7PrA`jwFG`#
z7l*tCZ^Qu<3C)#glAf_VJ{gPf#Z+}U_3Us9z33D)U1-Xc@r6N2(EIekTTxGVZ9_ZP
z>pYCbM)L5#@t#-CRZLC+JHz7Dr!o~7U&c~`R1R24^5vhYfx<48QB@l6wPS=%r?}XR
zz|eG{^(9w1&`LFS0Z(Tb#HE*;#I{c)UU^CId4k@=$Hv0e_tg)a0e0oV2;b4h;?E%w
z3qIk~Tw*f1O+Ly-e4l-9<?n<J^XUlx?RWweHBeXn%jQjCypuVddrYHjCxi|uP1h!L
zH<d*~3jG@ItfAs}zSZ|9*flLa?z2?tE~>P>!U)e@NHS8Mkq3u&oN(y!qEF#!Cb`8@
zk_K?ekB*~)#p7i711>K<kite8cK_2Vri?He{eP;LZW%*@F+a;j|J<P=>+rDDevISo
zJOnGxGj8f0+Wfa`OJrQ%n%6~w{}by?%!4uT>DAF7LLLEXvAq8hOGrW3V^4QWQz)e;
z?lNff7vlCGp=m_(pRBw2CSU6wT`0pm7%yf+02knP@H|fxh7E#OhOC`D{>p6+c>p`)
z>bk{YbDh~R1>>X)403z(nN-Dk{3?#I02N`xu)??~I&zTh&@<~7_<U-X-B7bOBT<I_
zRG>vn$r+>oY{aIAf(|D}1)ph8np+P$J-*^iyqOG71^RmZ)D}{`6&ekqCQ=t~+bTd3
z_2I+E#({D&4?mUgh^~#qwW4N>k=B}s%zCA^hF?wgd1I!`j&{3f7_-W+*dK&cJ2l@f
zycA(R8`a7e4hJy0I%?z}UB#TVbUH0mby39I-t9*1;On(`!Fj%4UH2S&Y)pU6(^@Cb
z8mh8Y#=`nq#>003Ot%hv*N$~5<*@~*-jj<XAg4^H8|qn_P>H0tsYo3;<3}Mn#NUvV
z%k~{;U6qWK8pL<R+UfB(=#|LsA-{p9cvgCq<}1jsd@@G1eJ|5G&5h-v>y<EhIl*xk
zosd-|S7)B{WAqGO)2rUgV{AF(3njJ63$I%e$2oFLK>*^qz^HakwONL&wY~r`BlCsi
z_7)r#Y`dDUFWZor3s~5x$7mJxGm5sgHoPh}8tf$!{PPV*0fmMOJhdo1i66&gBmG4o
zf7eoPl<Sk5ew5fkOi;v1M^da)YG&V~xt1cLi&m0xS)g!Q1~?5MtWoHT%Y7gcZ`v4X
zB9QkfadYJmrU2m7vcz+EafL=ws{M|BL(dl60ktN(NzV{bqk^(esvJ$Kyp)o{=}wJ8
ztwI+1fB7HXn*E;f=Q~XX`JK+&uqd)X;0`ikf;z=Fn7#XS>shkziOiZ}&n{)qKqtIs
zvK3{Dy>&Un5e`??_KO0y*yF`c66pCb75D*7_b>!z4^VO#Bg>kR_TqzgILqX@$AR%&
z4WV#;lk5;_VzFk+%%**1`~;+5(#I%C;ltHXxMtq9;}nvD31(jioZIDThMGU(Q+`1{
z?1Q^dO_sm}B%+}oM8y`5m~=dpMZeMRB0e>H8nzNXzi04Ii$mwYjyBl5aft|YF!b|p
zG}Ge{q>il<;~P*mboD-fu-vj5IY51l10!Q54CTsAgy54GByvRt<R7KGKv&vBLuHJ?
z9HVJpm1KdphMO%<qk<@7^aIBxjmpcb#BavF`m-KNf3NVc%VdtLt{|gx7wJo_pbaBO
zgT&R&%fVNoXvaBW6a(po-$^Q$^Sh8I$OLbZI>kFcy}8{9(yTbDTmd@zdby4Kc+d<3
z`vmRWbKJ(CpvK2d3=wzK;4*6r45bY1a9y?|!H<Z|k(%NcdlnyVMM}{G#6-7`BN~iT
zlSIx<Fj&w(qQOXE_(ZlqY_BQ#8WfpXWy&p5kZl#)Pwb^_f17M1Wc_-NBZk?f`9Xa)
z?gA5K>ctLACnF#GcT2czl4Y}r0^I+=Qkp0uoMG9V`&t&u8T~eqhn<LTev6%*bKWv~
zK9xWtpPhr0hzPGT_R|xSMvR8WXq4X;Vn!VH@1ZA<RfDLyYcJ6A@ASX(#gWMo$tSS!
z<Jkddu4!c)SRqr%k4#ktcDLR(yxu4WL>ymUTwdg$t7|Pbkv(7j7Ax^YI7T>nEs5$?
zsfk=>jN@Lc5MkY{cPoU6VQTwkkpokdMDw~`Uw|T?Ijx1g-hC#>_JWeSuzJ6hJ!@ex
zYF7K5AO?g13gjJ?Uv7B+Ygdj;tDf>;2SNlT|B{*dr12v`%jMX^^sW}(O`W9|kAroq
zE<BZ}0Or3NK1aDdvSwWi1{blw=xm|yShCvX%DS1*l|(mN+~V9|jsl9RUc0IINJe6o
zQ7izkck^-&$nqF5Xt(NHV<+&~J>qK%#vG_&>3^Otbk0w`Ab`xwo~p)6uS9*WHPi@;
z-M4#NBwrgAJsZJXa?d9JIy($+hCm)P&{32?#<FbS)|<dKU2PljJ6S6yoL6vnErNWy
zXip7?m93F92KyaBu^Pd5t$uFE$D~R`HmVu&<&EN3XOd-W5stoozQMRJeEQn5t?qn<
zeh$aJzWrETjiA?N63IOVP+Wgy9AZ+QtiOn$U4uMD-=a3K;<T5L^^>Mx;V7BW>zW9D
zV2}d_cfjlY;X$DjDzP&JZqnfGWs%LV>kaX(s_TT(y3^f{hx9%8+mYNdq!#g}EO+aw
zX6?3Ac(ku7bSBh7UUF?*Q@y@giC6zJRjp%B+@Obi(T}rp{l+)8G;@Z1a`jT*^Xzfq
z_bw%bQm!#s;hun3rzbjeU%<r5{88OvbZ`nPoiM<~0}4y}edy7{pt!LZfBYD{7_bC&
z&Z-e#Me!O`>0Qv#>Vn!q%J}uV;2iaD_&md}9B(maxxv3{ioTd8z8+Qhq>0$Fh*Z{?
z^tRufdv~D{g1t8p@V#iXiH;;MCGKLGATC}^rZFss71qaXI~ilLGQ`_**J&I6&qKNZ
z4Ix<LqglPkPp5=b4+UowlDz1zQ2h!B@#O4_1nmfRd^i<b#DB536{V6ut$3P*kO>~p
z;5FUB43}~l7l<3x>(r&@uithq&3$e`{$CBA6{nh5NjN{9y)9d6IOjT6mJ1t~z@?m!
zh^W{gk<dB1vx9pKBR6Ze-<+c0jp>Z$2c`{mdR<z6tRVLntayEA%bpqE{3jn<hQ5DN
zRi0rFS=`fh5ArK{WhGV$Ee@r1HXiUTD1G_JVtoU2Sh0RL?%S09^spky<be0`Is#MS
zhO3Ar1kbicGUkzarRp>P95|56hd^a%Vay`6S>4Wez_@Vq<AJL9mXQk7B66py=0n&}
z(z?{?-IxC30VH#faOS^nw)(lrgUEYxxH-&TjMjp9kSdi;r!TKQYx^tL)m}mgWR9F*
zg%O14^-eY#>1eHZa}BW!bRwPws8FZHG9NtG<}EB(qbzv&Y%h^+;3D?ZCg|Lb;>sly
z=PzGO3!ZxSygIBHp#<74-ud0vDds0RxanGrsr!lQ#fVxys8xuYVjy@qG~M|!TMKl8
zkM3=gP%kghey5t#7yDwu#>q~I^5r`f<x!HgX+q9-vVj*0s<7fz#o%kddMJ=Cs1)v4
z!2K={dvnqtUx2LJk1M=vl5{75&p)3>;=4dFai1U@zeL(uCt^yqRbNpu{C9vE+#E?f
zE4qDExSn^>TU8ptudLfL^CK215JsNAj6clx&h8%QcG-i6a|!%@NqnWj;3igK#Sx9(
zn0T_Prt!*NS14~W8nD<F5c)1SsiA_WIrZr9Oq52R4-P?Gf`)sE5K6+D+kqbzjEW+w
zWpBL2dM}g&G@zHoM9spi2kZ*nS^Y&eHNb%j=?~O?94|+20b^&_3D}4kF3Xo3^LXI$
zu(@(YFZYcG=S9xXg4}yrPq$SZ7z=I9n<<xXJu6Yx%O2@wH5)UHG^@v5_d(Zh0K?>O
zdkx^ulZhH4Aw$U;-psm<OiaS5Rt#lUM;5EjsP+V_Ia2%duBrcg2k8wzdr&{O%tF4*
z_`y9By+xChYWGG$Ui>r!F`{EYQ{XO<)qs9@K4pLx3)o<nGn0W^Uvw1Xm>mFyBR=|H
ze9CSOL0b5Q3%?0p(=NvOP%x2p^Wi-ezsbHiz}fw7)$)$(#T5^Gn=|>#ce-CIEk|!n
zpe8D)!?&fVcsn0@m%D~^E#H)g#36;ld9&G4cc8xN^PppQ)#rV3LX&#PbkHZ@asn|-
zr^#k`c4^oa`!eqkTsH?aNdf|4F2qCR$@rZl`p8Ep_AT+p!QuMK#)hlc(w%HWc0X4z
zzMt)Zs@~EHw4tl>Snro?9``0LVwv!YhmXvJ*00R}v`e2fUEBer9fhn!bi|x{Sw^$I
z=KKqfS3)&JD`ZkXemu>1Ujgu-Ef36D0+O5}0L*!m!Vx@D&&^+f4d$!0_$?b<E&>#=
zwCoN6Tn)9OjiPz?I0uq{A>7G|SfOQK*J&%xKC)U`zeTR!yN-^$Mt!0h^oX+{TK!(m
zkrS!%MT;JPmbmE2lkr1!amW#`|3?(JcDkPQ_q5P`8s119-%aW{?59K#P4(&$5R$C7
z5|AwIpz_3zFh{5q7Dg(dM|h^jV5vR&%G>Kb;>Ch?4)f1fo6EQoh9tYzsYot&;inI>
zCvk`fvSdybCE@dj1A3~ETP#Kf+*g-RGPA_J+}15D5isAQLUM<vdh+Ki-M6krg7^%V
zpCcZ&yFnGs)~qj{O^$wWx9E$&fBL$Q;lWxKp-x4jNQpaXb@S;E{JAzWhHc;{;<xP#
z5G%sQ@`=1E!Zd1gqzFJDw>FM?P4D_`v^SfF-Z$)}q0{sdGNkIAq(W87uOn#Zv)6a9
zN09oQ2q4&@thGV87!;!z8gl<{{jPvCym>(Td7|mb3?zd3xbg%60Fu!awD7Y`4?!CO
zQM<B2(5o}u7xF370;ajI&8w$#>2|=J>CRLXpFTZ-oEv>HSIJShu@5V8;ciA{@-4Tc
z-dEhS4fR5Q`}Kd~dk?8;#(w=r5>cX{vFQ_Ypw1?|6fk@MZoXs=zdPJ^YlL?O^h{Q4
zS6HSQ1Y)wP*jOjS?YB&`{{oA4w{h)ljZ=8!lkKZm`K^`;XWYHVwfo)}q!{Md7QRiu
zjvr)I{K$Mh^Cc6DsiI~yi5JWyS3!PI`<t~=-PoI%l^ij-Pw3PGVDs72syq`~h5Et%
z#-md3!!3>Vy!UB#EDL0<(-76_#{Il8np|Ywwrnf#Vx76vPct_5oGMrLT#S&R5nzru
zlK5ay<_nWm<V%)8oyhZ4(7hsN=RdN}H1chWge#TzZaxlzi75Q*ZDH}M?yAe+=M$G1
zp1=S2Gc__O_H@Ti;kVmUe*UfcthPE>s2X96GKGisq{6EZw2B#&SxBs~itryhIxi(A
zuTgguU~@`E?!^{6Th#3p;(9dRais_Gy)n`PPb`WU)-Y%f(FMNe%gH>JKV}Xvg$W@R
z7Ybu($X+S1GMO0eCbpEXcFX=r{hb)!toBUhhde3h_N^C=O^D}qwHTpux3w#(S~Kg}
zeq`x?FUwnXf*ussx=<K}Og>s&w50EgGqmwIsZo4xK@z-geeAEo^{izeC0MWrw#;_!
z>Cf&P0dL#t1C=}!Q(t9CJn?cB-$z@b_w@%l^I8@Bzm?up&g`<sIgM1W<1*e`Mc40K
zRl6>G#0p9pbtJ-b#6zVR6rcZUWb5bJ$Jl5ClhNI~zR&z#qar78KB|Vo^)h-_{O_;C
zLOTSJl4?@?+i8;Dd!G)3lQ>jZSBxAbITKuKb{uK?kGt|BQos5C(DdE$Y<^+iRkJmV
z+N7veo7N_^Yg1~pB^0Hty=P+Yy;rHKs#2rWXc0R`iB-F`cMv;BazFXK&-?tF&nLNa
z?(3ZET<1F9vD3W7r=-flBdJuA&P)O0m>-ENPXWvpoMCA;uX^CwWrldc2&McrIR0<|
z;`-=Tp9I=B7oLJwiYMV%O1PRKxX*`m+%jTB&sGdN{-FTaij6gP*c-g9esF2?rqi`x
zC`?(s)*q5{1`)^bSme7u8!G@QH5B#JQ*(4vDsAy)LSrskX5RB&jZN!=3fw&^(cFJp
z^^jeuFEB_ickaqX8t%*46_nnoG+yHn7RoGS|3c;CQo0(kIkQ;9BIL<~A1e;cI{>kw
z>`=8Twedi58T=+iv^@1nL^Hn08YwkpFDw>GIJ6hq&TFjqteUlcMSgIMS!yE-PL|z2
zoF@Hul2@H7cO{^9WYOINuK+aS^_{(gR)kXWwA0^8yz}gZZ+w;M{M6+qnoZerva;e$
z&W~m3PTi8`lJhXWtbLZa^@$oU;B!z1Qu0X>T3`(PgKb{M#m~xlSbVS+w7CWzl3{Pv
z#r2-gH<WvpU6{YZTmxPhxGm8d-=RCa?{l9pvJu)5=yXYD*Z6}c%;<8m!pSLW^=p)(
zo<BBm_d}g@-u)GaVZVS*kFAbuaF(WfY9J{kDO#bG0&n$C+%l}{?*~#!dt!rDY*jNE
zeq#u}o7ciVTOsWIuA~<Qgt8bPeIYMiaHD6cmaNA<QVLOPy+h)9{PQ6jmQ4<RW+75-
zsYFO3!(H%il*-7CEfQ*ep;xP5e(dcJM#Z24u1rSZT#1`ROy_}2Qff!+NL`VTDg=~t
zS@|}lS#l`XzP0g^@!z{DtPK22P!}ACHBgo95v=P}@%pZiq|%;`I=PhK2$5v{8F;5G
z<cE`I&dwnbE|ZyiQ6LrejM?N-F3%s^95nL%uY02N?NKMS7DP*yv&b}aWDwa6p&IVe
zdQT!s*Q6(OXb#QyE`rcK`L~LRE8aVr2JVl`!PB$kCyUW16CYjuJFl6_(WGsGl-%nA
zYA@(j)Z-?~)H7$GV#g}6bx^9AAyS*`r=DF25nl-Q(MconrhLj|a}NOH#%M4l!%=&E
zX0eSS^r{){8km~_>*YN9b%XM`d|j6yKfX1b&rVMEhU9m0euYP7%EI9j`A2LUuz!oK
z58G50et!{pCt<hg4ql<pDHV$98VMHnP@u;ZOR(WxuUqB6k#?^gFM4O{zsZX9H>LS5
zV*1I(V?~%qi4K$P=5hS7vv(bAm;pUr`DNK?2hO8+0lZ(qFYYxM?{RBgoo_RyIrV}|
z7|2$n8NUa4y;3Jf+VHap!IFwPdwm7hqf|6xlq?=f3u9`{ahsMBQALlr!1z|xR~fY8
z)n%*tr7>ZkIOd712bs)sKc0sib`i+HF>f;aZ6n^sX2t$9`zZB{b{Q;lUHce+o$l@;
zQ6iK_mqvxpu0eTEzmIpkUOq{=kU?y8!?{ima{*FN1Xqt1m)W{F#-iwEvk67XpD&sM
z0}Ul(N%w$fJ*<BtubzT65OCKSl_+*|Tv!}=6HaHj9;3`8QQao9|GENu7aF~r6}fQ6
zseImAhb)|U)+YVdfM02?w<TSCk*-2}mL=@-OXv-(fI)^O6I4!f;<Ew!2WCpxChBrR
zTlStH8$o!5>U#Jc3-^~r>sA)7?k~CWt9>W4PWM?jG&`xEeS-T@2rNag_tSBg-jYeO
z!j~<+Px?YKbyso&biKOR`h+7F{jnNb;A0T+^wXWjT#-kY#U~l@C2PTYK-+bk7mp(0
zmG%;+0)pf{^+y>Jtn!bMHk-1N>!71cA$0y|tkEza{aXBnN^Ic+dP@=X<-|0`Yr6y?
zBNFvem$KDi!Tn8EVd@o?#8qrLlh8{#O1mCLms=uHp6dB<T+-qgODV=buoQzs*J=Uv
z@y|QXH#b&FmI!R1qjy2~BWIPc4HNZeu*<L1-2Tvu0xq7jJK^O5Z5ywKz&Uzt#~iL&
zN2~psnj|G3-}-v$Yl(06z&`&aq=;ZNtu{xOiKGGD9hZ_E*MFL-qdjhYb9FJNv!#MY
zdqeTB2LeUb`}<*m9z|mg8d<tUEJ6CJq#LA^rpnVyL8y1zl5Mh%A5p^V;BT~S&#4R3
z$xitoR&N~^(BQqq<BJ3E_S`o)E)972mY>(`x40xmP@xmX)df>)(oD*auJ_a|tN}OK
zGNm}^nL5mCZ`RUwWW&p1FZyDB3EVJB|46-64(bs5Ai4gdLt+hC^#`Ua&X%L3fENwX
zGWcRrA%wC!CtPJVf-8CH`ShcP!rzAMJ3%=6Ka%dVy47&^>sXvdRaAgwdFyptGW+1K
zZe9FtV58(Q#~-nuIRk85`=2xy5shFhTG&><m2}O3pDSJS*W$UH9i0S}7+r}dcAviG
z^c(mR*eDW`PV2{-s;x&A$ix6d!MG@gMeQK9*xld|&M5-GTdi*A_zDg=6nk2w(9eQ7
zEH75C%RgXXyc;pLQ#(u?crc?&j#B4g-w(*T^Q4Y2gEQ(%{@9m@H%6yTqG#QcNWcF5
zbrHm#-4?WxN$M?7**@GBGezY#*s${U@D;Cc>g(<Z+Qg(mn7RAY(Gy}AfDEAxVqpJe
z@U!jw#nsGrV;BrzfD)`wH%>Gcr^x1sB-~hB{-!57)Fa_$RWE7$DEgh8y<Bj}X!vcG
zienBpS1^0rRI|2rrFEH<6p<jlex(U8DpC2ihUQef*w%75;qk*f&%?iL!zDc_U*qi*
zvc6<ZO7-I*7wT**DZKJslja%Dn(zew3phU1MZiR|^K4mQ^9=Fyk?ubR1x*WY=e1P4
zU*zyR&gDSVn_g1?OAY){lGUqat4_XI`ti3<8+0gb-SNSUsT}4g!!<d)mNsy(_tot4
z?wRi2?ISC(?#rtq&xT+NP&H#Sv^z&E@|JH9szfCw8fQ?#5O1^AXy?M6(YKksRzgGN
zsFxp&lU=SSB$}i#G=KMag;6ez1W!5VC?WW*s$x7J9?ST?St7yR{m2nSbOKVSF<p=S
zf*U`NCMZ_EOvQr~z7%RDI#}x?*j^UhMDq8?n4QA_?%F`EYfRLw5}*B9{e+J-Irpt#
z{bwKa!JeyGT#wMaOy@iGhwd<fd#1w^peCS%gj93rl9CxM%Xl2`p}sD{gbhA}-PPXn
zEbADD$=h1Mue@YK0e$-b)XB@>#|`^1wo(j%(I5!N;bUV~Q<L$ng1}WAQAYTAjh{4Z
z?6t%I>H?fDB)$3e5;Jbbk<O#oZPhad`=X#<f2dZ^nki4q^VS(rgOdaZ&fs0*2Fdo3
zhZtIAEfrJ0Rpg&x*d(kAFUz@%KHNqgLG-VYJFp>6kA6{S03COdCSoO}&h}L+f}^MW
z5m&O`NtPZub;#&2XGYu5F2g$0<k_h+`l0;?%V%Xat)0>2$;?rSa2eX+l}8LK!H@?g
zD+NZU!J%%XH7ZkE1wA<%U28AMK`qB<PvK>-UQKMd*Y&u~#XMfN`MJ@4qhRX|_m8sk
zDl2Cpr}zs0T~p+F)~{n_v5FMVoDFH4^!>d$XFuX=u!_>`gKY8g;>xN3F1EL?<zsyU
zC9f!BD~$TQ$~RJ#gEtnQfrA3kz9OefrM{-h;6P+Y`_B(=c5-L!F6+m^%D(2@S+C`o
zqNd7N+U%1}ecHOE10`)W1^f3ETRt%J`M!OYqrxKBu<VAuU2q+q-*%5NNMNK;l56Gs
zK+U=OL~gR}<AGE%wF-R8yBnj3l|~6DLqS3swX!|HsUeHZu|Z&9r(Ry0Ubw_dWgl(u
z!f%J?(4+G``K23U|EC3@UEhi9(NqXn^19RPnJ6~FWE0SOC~Ze9-#M4yOjI<BKTt%m
znFmH@JOMw^$>3KTsB1zWh?Q}vRg<PZ!_cLZIEVNn$dafj#w}U7*$kxiw?5jxL+RF7
zx6>;%WbDknDwJ{U>K)@jS&mZHt|2zIAk(^>VkpD}z|>KR-1q@^IQocw=^ho`tvDig
zdua1_Wy5!hV(G}(6wT9E-f;}r@z~**-~hjEFET6n22mf~ayk#$-|0tV{#Do3G66Oh
zc03Y9YAmo%?6TEZ6PNr=(&bF^VYA+-+uPE<1&l#W_f5>GR#<5{Q^F7uN>Ki!jL^K(
z&^9w)GewO8Fof1gN;W+j{qXID8mJu1aLhmqb~qrSE#KYl!OHa%GNeZVifvriRBS0H
zf1xtT7Y=01PH^j^da*n@KzBHSDDvK9&*z_PU+*v|HQfr)r7bylzu=tb`5yghgUI8o
z_T9#x@k7k0F{4g01v@0<wI706)P#6nQG}Lxd9Ij3okk(J&4>DNztyfY2q|LI;?UZJ
zjIDM?Z~y5Ysv89p|BD-6YioFN$?^zsLVi4+dFg9SB4Wd2_oe<z#YW)1`@+ZcMwe;2
z;?X#fr+f0z$V~(asJ4>Q+wwEmu+yKC68V1ck0jx>tsVUEh6svvr6;LCB;?-$-lC<K
zHXa#S3p!yFdbYbxkx4EeJ}84D%Wsw3y&JX85g~!2GFTW=tav6}m)wF;ygczo%g;j4
z`1@Im@qG>=6E|M}J}->9Q=AS^`6Ac!xzzHyBt#+@KpI5K$=XS*wN6ZkDR|}bk<81D
z<;ZzxP~bSb|8|u-t31Ww?P7I3<W*vqEN+YnmuAGga#Y#`Q(!tb0JHp-fW305*-0Ud
zd_Zyimf1x<e`u_RoK|C*B5(TpEu2kd|A`I1K2|`FM*b*VYu>g{6ldx-_iNYEVcFr<
zHKBa<-uzv|r9rAXbBb@oY9FrMvHwR?l+FGEU<hA1>M7?@W0ulbe^694d@L%;5>UUl
zROhk1<25#E*=wuvt!jeBtCUXNuB}B5_l7(OA_ac~Y;?`EaVc%Km}6ej1?D<2ticH+
zpI0W;)nld_??~m~D<TF#izld+*=_j!6mjR7@Ad1C1NNS@xQ+8-PV*<nXoY=yY<gF~
zCOSDWQO8rom{%&@`sA*`wRbn!Yk?h7b0*5?Su+GBQuO^o+yT26k<9}m$=mTmxwh8}
zYT7?suBuC=HN<|h;2XNtE2P`lS&5?0Zw|i}(w%uZI|IFS4C1<n%f`1IB*p+{a^jbI
zL)Jc_;~8VZadamVXG6W?X}`$Vk1`(pXndW#r*<F{xo90DQPh6)+n8u&T_bMUjpC7R
z>WYL*O2cs~R>kWy;FMVAmQ4lTX+6rqbCE{YQL;X}sE$)+m3rXTfU1aJ(>aQ-FQdCJ
zn-<z6(#*^AR62lc6Y<LC_{O=JO>jCJ7FQdV#YI)|QV8dynRh%Ib|Im3r&WGnO-dO&
zuR$Xv8c1gsQ(;d`BWrPNN#dq96?F1wx!Emcq#Og2mKpOrxwW88HH*L4TNoaPRS*0@
zgZFR7jL??FN@Z#TOiN9`oUCJ@%n6PDmuobH%Y@;%jH{skD#|J-T}Y*qSGcb74dzR8
zCoTM4@DG<wd$sG~Tp{jnbWqtB)4%_%3Ug~z&H!~L?n7D{+vpB0vW~8PmVh3A?J4o%
zV9tmq^ez(nw_;8zl8+`RUB!lAN)ZW%Z(_&xmgd2Y0$OURp=F8RRIx8`h~4Ly`oWUK
zL3l>oRJq@twf|e_ZtP@*T{BPC^|GCP6qk>F4nAYj4OiqREYldU&!?0K<0%Vr-7ceM
zCm`8hp~d-ORK}BrTJAwal;0m!Ju_<^@Q&L#Yw<YRikoL7qV3f}e{qbW(R%f&xs-mL
z6WjhAhZx)VRsd$-_D_7lCEN#fa$q_U`H3ISKXFU4n(sPMX%4!Yz;CQi$}WY_hIG_~
ztXIHNj9R)Zc-!meMY7MF)Yxa4+_+XeHA05Z@3`@}V6RfJoynS*{#0175u=ArZ2Ako
zFpy=9mU?&o>iR{$sG_}64Emg<Op+s*g2~o7_o9DpXbFeT>?)leP@@^I-_{dvH2;-p
z^3)R4Z5r(VTdv&bU&8?u|EmCBYt`OHwcVH8y+{Ql&A*PipkK!~#9jH)uvZ;}pOUfP
zZVBsU<h!iD<GI;8v#!)%*r%snY?rB&8IAPhcARH&dAS)w4#risQ>F$7CBOSMMmBU=
zns(CY-&)x>6qxfQK=RV)?DfLtTiVYNi+_$DDTHjIXnnYo=CHWK*jhPz$9ORRsstJS
zGRi{~yOU`X$(f;j4R=KpzcqS!8(6<+5-mpb<6XXxe<8N_aC>PPH8vTuRA0wLtRfqI
z5vH^zS9Ba6zXrdQlZwF3a2~%^zemqgmF!;g9oV@AW;mym&1DoPza~W}NU{zgBsDyI
zoaazh1J)_mCD)XA+|~ABKP*Apl@@ht$ojXy7)|_^rnLk6_6>=f<Lu_4<iXul(S6_z
zdfARY)#j?Q_VuIMbc1dy-5XwXULB&lZ<TSPIO{`vst!z-btVj^>6b*fMF;ca{=P*g
zBcOp%t4r=`M=#8IY9H8)1v^It{-(59sqJHB4~{>V)yhgr*wC~6-NcAcKekNRJ}#l*
zQ{qo`Y*KrI<7APQoWsK?&Y5IW9Ai0oxR=3gD{{6Qxl8XF<+aLN8L`4$FnW#nz1j1?
z_mnI13W(c^_*q_exHPff*+~Y!!R?(#w)a2&{+2wA$FP8BB2c0h=boG}t%w>}ECS0@
zB##{6Pnt(4wM!!D8VFVR6r=Y0^^r{JmP^`iFJsd#GAl-U(jUMzd%((DgvJ~xl({mt
zOgb>+D;)PoVl=1;>iav^MYA!h3ng?PUjS`Dx3+fJ;okn#iS>F8?{Yc}ZK3m6qFpYT
zn+2lnm}hEDS?}aab=BBgZF8HgzWA+eP^@6VTm3Qx`vYxqBcmRu(ZuJ!vIKn^P6KG5
zK6ulix;E6&ua6m_Ykwh>Km&Gm+X(avFI%*Ob`O{tFS#>mOH&0@V;|AeEc!%W$=0AD
zmSgry;t~<BB7(2wl-6#j-X*h&wUiV!n}e}%UB{GRYm)}HoUldwB(Zi>y7nP5`F-My
zN8zGTxla^aj`Gal&+@oJPU5HIOJ=LjCvpy!f$Jk=7k75~j<@>l8o)gizc%_jW>v{|
zmx}CDQK$NQ`JG$*o2xy^tAGQ#(S88QKruI%cF^Te9v%2<MW8cfQ6$e&IWp)VEVkqJ
zLvaSjj}W}WPtiz2Gf9rw@7a(&2P*$XkoxR5%!kQTa2}8UtMQ0L-<MgR+HQZIT`?W7
zsln<+r@cS@yu!n#>>a1wjj0`6im;?8JRTKHGh<X6m+jIxd_71)d&y`yH5WPZNPGM+
zMm=IyHiLJTw+W~v0e+9ztedd--_sW+FQ<yU+&Ws5H3K9WcR8D#rn*)@6ty8#=r7iy
zntuoIMsWu0+}uZXy!h&uVKa<&55yq?n4~9ZR18;C^}$(+yWtK^2F&q70wNP<tzE!b
z6pRm7a`S9`y_@t@vHg31jZ&4r5Y~G&<J9YR=7XX<`-xln4oN?6xY+Om-jXs|4CQ$q
zpD*V7uE2NJS!GFzG^WzuQwXu?=RE(N`K}bm!#Dv)NxhWYwaRIFu$$tt8NjP<I3pg2
zKZgj1hz)cox-nic9_uqdmw7Y$%<bzOHPS%rVfxsUce$(JAZLD^3}b=RKq#L;WaLi&
z8StZ#@EA%8c1oeGhe|(WCaQe&ao7I)@PBKmjA_59$n}-=LWe!Na=U>aokqIy=~U<R
zO2sMn3K%lQ?)2F5V25{L-9}WYu3X<dV=z%g6rb5Af%t%zH`XTt2g(~PNq*f~gBMl;
zH5x$F8m0{8-<?Bp;E%7j=y?jE!86=bn6kENSiP2>t!}hn?#VlRdWxhFvGOFjk-9uf
zBM;+Sa~Jy{T_i2g=D+`sIxsZjEyds%Yi*twDe&q_pb5XVnR-8tkxm@SB4co99@J5M
zwe@^G^$$Eg4Cy2HGX}HnN!bL=odhhZfB;md_1r<4G>Z|c`y&Ojs<<|Oym%lam_OjU
znEd^IOwE?3eDfwY@du3MX_3jA%XiEV%*7;VzgoYpq2;*-RL&38>o^Rb-9~n{Ngk&v
z?C5T%o{MeF>2O5*ol=}B1g4z4E?uT{;js<3`N;@KdJ*qGNddF+13?#H*#xmGkFTG4
zBtduLcuc4Y*8@VL5^iB_5`aJv_SD$bO{x?NmYR7>v95js93;x)`7+rL(`BNVZl|AS
z*W#olzHRB}TYpl37QuldVp&=f8ZNNk(`(4y*El{==gG6!{R+3`boPq6$H5froGs~y
zrW6YcU0Bm;9_Het1h;A42aLRh$*CPV4O%l%UXwe>svRwT#TZ2d%4(T^beL~Gq}zSt
z+;8-9rV3zCbN3>i8)OiWp!L(;pxel=p%7ep@iw8`gj0ua(sk$0uVO>l!A$;0tODh{
zO4Tcm?arDE;hDe3bKh${L&l>LkHKX$M=eE^vyYoVg;j>ja`}6rfaTuocFE{72Zj0R
zD3}nQaFkTpa{W@#T6y-;Hj_n&<)zWu%_M&zJe=ctP50EOPL?Ai7N!kL0gABk?~Y|f
z?4AapoJ?LA3k;QRzo9cd)Uq3MD9%rLM9kw}A2uHq>%I!<6%v$s*Y$<x_SYEaA)~w8
zDw@-e$wp$2kBkKx<VhypVZ+1Uu9%uWaA@lhy0QLfp7b-zO@H*CJmd8TP|=ilVcXGQ
zt+xDkw02jBm8J2LHTWJkjBOQb8kCiW=r<}7v;UWO&&jAHQzWnGUD(*yMNtDj$*VK}
zbzf!EyCJ$goUAqEAqc>X=A%=vk*ej>gyy$DmOUHC6P1?NOEQ74l<)DTTAo*6!vRRl
zYK0Q-iFxIu<+OB0LIdnQ&WIpT2vR4{+I!e$))5@g1(L;ku7NX1GuZ()rdtw8lYplh
zVEW~+?g`}LUbj{QL8AWET!w<t1=Hv?m!w}&CfpE6Gi(3UKM2zWV)&kjS)F*;0UuEF
z=={~LIZ&=UEK9_OB%Pn_!9T4I850!<{!#UUAV+h$v95}hMuALseQtmvbX6oDsFcsp
z@Xg<qZ1ccglx%`$05|LjWEz};=fq{=d+2#|d6>_iWzq|@++OsM<)o!E{-YbJdUu$J
zEVFfU9={@8jOb92UD8zR>eeCF0&__bi~HmjzwRp^M0!1}RMXnQRN4KNc*lAZ!>0Q?
z#Eu|wWS}xdI#+g+p=eWmda}zO<A3TjJ9-4tM1Xl=6Q2x)N?=k9zqWToyH1Wqt7M6l
zLw(+o-Fye?zLpGuAC3AR8<n5?5(rt~EQs>?-2O9PZmQDm_jt+MPp!IkAoEiFDa)Xj
zk+Sb`E2!ER<9G*>41Z4<$&rn>agV>d5vQtnoYyu0s`PGH2D&vf4>v4<4B>`7>?aJH
zwtiq`!?zgrF538%N~iXm9C`s#__Q`hAOkOt4nitm_+MACT-R3Kx#^h*nxTW_VK)ju
zD08Rn5{|?>H4ff#r&2YmzfWhAF86fxOVHxdd*!OAwe4Fea~B7H#a$uWRodrr*GqGR
zM-j(ARzBqW-(S4He6@523vrR??S`7ik$%;`7e#r=LcRU+4jD-nbLmT$8BM4mbgcxM
z3=+vgU!iqGP-_vC7D*J9OU{NWl9UwBn>tprp|5Uh2ZnTlMS7;XDaks!k79r~`j0ys
z0^8|`3y@Sc|F^u%93G2V&K)6#OM*R8j)aMS>C_a-|K8-!wylmGm|4Q!BZjaF!(IPw
zu0tN@L133KaQ6=bHbivYlS&hKG^&?%j7t0U!wm96vTk_(sdoAH@{$t%zaaXzUmpG|
znsYqHq_cheVcx#^o%2|K-+kbr6Y#W7@xNh@;{DIzY=NWr*7!A$6M+4-Un0g?pcfhR
z=swgk&t<Vi^XC~<bGl|J%+3FJW^f5;!X}s8D8-!QWKSY!I_+WkyWIBquiUIn?6t{S
zJWpsDvl7SwEZ|Dfx70dvl0kgp%&~@<0d-t^{%9k1$NddH-%%W?3Gg|G|F>M^a3@RC
z;2OXhFs<OX6~tFtHAw8L92`Y8L`~($?6e2k?x%&Ru7)yrKG?3WEj`)i4|_}ojbnHF
zc3W~Y`Jb?oQp5t-e^xllIWUi!R>^3%vmCk>>I^z&8tjT)*+#oN_w(LSXKnF3C2y0%
z6VpGYH-|1CkPU*0;|ql?Xrk`u-AiW{8#v$p<uLP4IqNAv5wf764fKYs!32OJ+{!w9
z687J}yf&HzkK)7TN+X{;!Q`%o=SoKLSpV4)p$xw4G0f3Jw!cUA2=29e>vBa}UMKEu
z_<gt%z)~#O>JX0Th*^aIt&_lvE#UDFHCpZe<ohR`jnjPT@9!>D<bCA2rLFg|oOp%H
zwe{Lbupyvu-7^OnBLy6<d*+uK)gwwV?V4VS`x}*p(qQ!kPVbLC+ZDXZ7l`~NI{A<X
z92cAMy3BZwQX6ITnRHo*RYpu(pD0K;Y+1S??l2oki^+!Ci?xfUl67=k4B1%`Y^!ME
zzjzZS#}>w@FE*X~foGQZfMC$px{>kh^C&vm;wR=J@|W-8qA^F)B#{`&+BlvHSP@<z
zo+M+E5HSVZ-l;fg#IEtPx=}oV0{n<Ai!DnGy|&Vu3=5~c$L|bT(efnW;^{8J-6aN-
ziE5-bfZyYEm~P#7f+<{2&XoWyIM#k+Y~avfC73k<Xn=8atifoB4e|1qTZ9}9W+YdL
z`QRHxNl=5Zr+B4)MBf|F4!g;GFB8^-k^UXEitHAnNui%pI9FggN_LQd`Py?__ORO)
zQl-;-J}Bi;Cto^$q<23CrQT!R;?(Ue!Ge^c?t_JMGI1T|8&Q;;jVa>TIXf(x{w6K|
zJ%0DC_}?{`0;ZGd&To=7IjrK9H+E}1^}ne(OCfFuT%oA9pE$uVXrjIFO_n$Joo!c$
z&{51#Q*q4v9Aw-@%n4R`R;jUpGW!3c8^!yaS2Tc=JvUJ9CG9&XcUk;$7_YNbfAo>|
z6Xy_}ETu?|VnxvkLk^9N!6|*oezj4&FCqI8wx2x|#EB66nK}4Fx0*5>Nc<s}^0{=?
zWz?igr^D>^e%A+i`i~d*yHJ&fehGNh(YQ%|M)+pW1shGL`NY2}>qrm*O&aURV+jhL
zW{*5tJF#4DkRUb%g7QT}UVzA#PIG&}vdICbtJ_F)*&0|XHWO@!SHP{E);55XRyGV|
zk77QK&q4khL30Xk7H^U=XP+u_rX7R5wqUb|NaR-Wx1D|v8N>~{(hqXOZVVDa<g;e9
zO<N}LL1Ym#oD5$iPy!V3w~f-wzHbPL3#1<ATC?X=hC6q!O&I!M57$9D-QQp>XCP^}
zhdtW(iH9C1;%<1-V<MT4vTHZ8yUr{RN7LfRd38nI@LjWiY`K=Tj$+8&@Z1`!0=k>g
zs{-a8(>}JxL(2~y+n(0YcF86v?bRCvsprI*TF%ZSF&cF7pnMzQ_YIA{mOXUuj1<3#
zw7PMy&%5~c6_<+BYP0^oZ>{4uIYRFBq;f^xJxSV@O0xCbK)a*u;zxRl$_QRHIro!1
zB&CK2OFn$r$j*f4D4=JC%miS{LTqDwU;UN5Jg;Ko>Ka#1YbW8K$g5n6a6~ST!)}6@
z_^xgc(t~V(2{zzKsV((=VbdbK=M{pEbg;)b`mk2zzwe|@g748+z?8_2?#KS`GUxrE
zXjUk9O)1qa-J&FUX927Izr~@sAxQDwFBvh)<uT`%jHS$*qa!dyLQ((`797E-w5izE
z_dK@&E~4}0NR^dnzJ&^>N4;+{4hzEP`%x&JH++HCLodnXl^T*hYfG>$7Bru;Keg>0
zBuO(co=DJr#ndWcY1Y#h-2ddp&&->(`MElmxh2PJzzcOm2s4AqL3-D@D_w`s!2c@)
zwmhc|R^e!pTYOyI79~o7Lr3sTm{xJ{#J@pU1yF>SJ<n=@**35?80`Bx0rG^|3*>_F
zI(hfPqb5cbNEL_e@Bddtm9(h*_aTQjNvYS>>6_o=b&s?lK^g~yEgs)90tEDz)#rbC
zl>V665U+R%n%My0cK8`FREYxA*v}m!A|Y_F30}m;76Kk8pw~t0#tUwEVhYa_up1sR
z0=&dyY0D9W&CD)7qtF;jMQfj$<+x2A6IMrB$KpG&wc3t|3vp6VU#}BGU6%y7`$(3o
z;L;0!bt_A2tB)_|d=9YnE!kLQ&jCdzkSsR{e!3Cz(z_E$`=hvJMxh?_I5}@Hq$mC+
z`4XWb1+n&0;oL}oXO))EuTHn`t=O$d1#GkAD|i=6eO?0#z>2WG|Lv3P!mvMWUgxRx
z*CJd+xLZx$S6fS;U=N-NiiQUJM7_Vu9~slZKlyr;P;qi9Mx2Q*Ex=QNH7da30p$7B
z8S1{>r#(A+$N8jIl<|AaIz$$~g^e4{BeXhXfinAdvOu|XxFH~qbBf6|KU{#zssgbB
z`ZZkF6)8RTFx-}>7C`UlhX4Bw>>=9s4c>Al(2OV3di+sZI+GpNa-{u|4Hn%+b8E2R
zQKFSSEsMqnhjM3qEpL_iV6L0HGF!?T1zmjqOzvnDts4g0EF8Y^(0(f>8uq)(s|}7V
z8z=JUq610`@@vnC{_$9)+;&*!ZCFc$Oi&zop;IG4u}2_rn-HCJ{>=M&g*v0fDni;9
zhgqfw-Ylw!sFS5_z*xVxLN`AmnJ-)TjNy(G@_ptStoU9f@86(P@X6nq_3)6uMn3{Z
zE3M$HAjp@`Znb_5xWN^d0?Wh>=kxx`62^UU7)Vnkw2VZU#WaTUr7IjKvgW?K_2fMM
zCCZ6im`D1_<6_-9Mz2Z=qcZsPK1ylAp2(S}-B>X(VP5y>H7OU51@=;5kpaRjl^Jer
zxVvm@Mz8hRgyZS?$COJx(`+^`h21%Zm&`10PEW#sM_2DG;W=hiPqms{{)%z_I`ut1
zbVnTq9H~2A_0HTk`RMVqHvLtWQ{BlGHJcC^e=1zOM&u|sso4*fo*MlL(Zl%u4XQM0
z&d(&&68(YrLdjcevE&C9&utp~%BDIoU7uj)0G1P|ytR5tyFGH6xY~0BDcS-*Q&z#9
zxZrlj4mZ|icQ0x}v+n}8t`CEbA>)YKdKG>n>x?`UDu3&KXlP~_KkMziJo2vzKFF~k
z^UZ8<LJmqN&kw#yYOcM&3=cwHEf1X<v5Yp26#ObGQt5!;XVI;LM%-@_FLTET2cysG
z@A1U0ia4Nl5@2SBJ!n__Zyy@PTXgwX4FTvVo$dOPyJylOiSu8nyCGsDrlE7at)HI+
zO`g2K_uOanm((cgcDP%kt}glLZafDzjloRof?M$*o6bcCljt5nOuFRVaqRXc_8lV;
zc0>JuCqYAgQ`uHCdbPmuWWFmkn843iOtr{VyIb(2`;*X*nYj||;RU244f&ZWLs}r^
zqdTC8gM1G#VO9JHm&x0wsiX7oB1yCaf3p$~C8x@5zdm1jdJ6XO5U(_=X_<aAx=1?F
za3}%Un4=s1Ge0uakOJ(h<;OB4vK_j=OoLJH&7|f2Y<wCBig*uskok-&v2lM&k4fA*
zetK~cj|@S$W`JQ_@<HoHR!1AnWWNl7#pA1Hy$bV*?fmDTxXQV+ql-C8MIY~da@lZN
zzt~?;^*00%$~eH{l9`DKGL5Zc#3lPno<a~}q3dgX!_NesewMpF+?<1l{`5~%cvLme
zw69pMzY&xI;I;5k(Xqp|U=b6Y*92L}aIRgn8syUFNa}jF%suJHV?YuCuBF=HyE~jS
zRzFsK0nV|(#e5a@6}sFy1(C)#fQd=^6ZK}npK@=~u4ngXrwlRI<>KRyX6m|>%Wv+m
zJu6H;Qm-Y@RLTj$Wd0{0tAm02v?^&Ycv3hrvmqfT&BuqYQ^Bh|Se3tuI{O9L4vMG2
zJGy7#_8;ZlM&N&Hp6Oiq9e$DGvw)5oj2({Z<)*>RO?yAX-0xnVIIqO6zn6`DXMbDS
zMl~gj8Bcu<W@ltZ!|IQ;EhE+~XT^mDQoHP7ye<lPT%PHG)!vJIym$<(8UG=IZF>cx
z9+ZMF!VzSC%&UyQbN6}T4%bTxfnQTtfqgm=l+)2~+C4qBZUiufVk;K-aBtvFS8t_n
z(1P|oMlg~tK}<>C3coe<9FtON!?F<JEh?fO{sx-!4YER8e8T>3&wn%d@?VJ4N&^L$
zqr-9V_a3Z<PZ85hg{RDVb5HYY(__%(HB-lL#-H0=#ELS5Z5A)O5`mU-dMsbNgr`X-
z^S&zOIG0TAk(k&yZ0>2FWAE6%d1xea<1OF`;-?-HER_Ris^HIlPZ<9EZjzs8=0eH+
zH}pbhW|9GKOVS;M;pqfHw|*TgyYBr!dBO$fac-gqIJCjIr{ehKlz7LL4b-NcX`F9V
z_oj%$??U(!8ZIT0muwwVkg*+t`e>nSpw@iz8<ALA&4Dr_^GiZE1a*#hhWQI|7N*{v
z#w23P!e$0kKa?jtVjId4UHG^YSaxIeGuHoDK;yPbmJxlYeaX4g5TlU8?6C3=m|~|i
zcCzm@!tTm{7igIPLW6uV6dp+&!PjVoBI9B3_pVon|3DE9w&5We5=6WvQBM*a1|8(K
z3;eW##Zclmt*as){yctluKje@YLQ@GP#jcJi`6wOQ5Y#5<vTh&T^jiTUM;}8{%h&*
z32XORUbYi@-c~Tdr)}N4n#=~{Beu>J#OF<%d8L31-}|h=WPwuqC-lW7c)}$)WWL$;
z0XZ#a#z&)Y6+jE$_Xux_3(Q26D4Ew9CJ$N8#zJeUaL~w0&~4QB)1~YI&@`Mj<=aZz
zVEbi>1lP5!9X616`*6IQ*4_@5$7KD*l1~K1>y<A%YJR1f+Sdp+qr~gY8@+11y9IPJ
z@Mnqy4h>a;FNO)tg0eYB8sOnQ{N*KRn3)Ek0aEZB0B-UGX^8)_Ue0>B4uC%a-Sqr@
z-O$$}DB``h6kl%{WybqI!Prp<i!FOIuqdlLKRtTScHJTuax=3oB-Tl$x6#JKHi6tZ
zk>B)zIB}~1>+`e=v)UuR6}0qyL$<H(^mfb2Wh5-_%r<MR%W{}b;xRf4bcvwVgEyzg
z+Vu3|W;}lGnYG{mYrmQod~Xg1xM{P#@cJ_g4%Xx%D^7ENKtg?nPhmeB-#9!jVRj%^
zOG;%?#DCurPjlxzPG(KbVf}b9V7-&OZu5C6Q))H)U(4<EoPC>&zrhzP4>a6{(`<&a
zplT0tgv*tDQQMw@ZTbfCzPnjvFa#j0iQj1160<`8)5u2Fw#(~itpP7g@DKYmY-6Vl
zB<=)Qas_`)IG*mq82R2k9Uhqgzu|_EsdZE@pbL{Y6lr`l4aC)fa-&?WtBV~Tb{V&v
zJ7wIE**l&ufzSHs`fk5O+neBiKXjj7?0lVf^(}T4a;p2_OB68I=2(>p172Nfvtj)D
zZvF}1|8<^j#3bf@z9ec3oIgud(Z?Q!X+t#E#+h?b$U;%TG_1zr8-^l?o$LC2eI1;{
z=i7HK@QfAE%ZKxCIIE2mpQ!d!7D35o6QuU<e3z3^vx&i}uKHp@{{2g`FYwls*iD07
zJ?;6E*f&TE-}5EvIv_|L4z`}$zIb|f@2}K}cos5O5wIY)kLhSvsKowc=DJRo`<bX<
zPCm?>4~rK*UJ^mk&RkYRXbKOEgHz=%6N}sDPH1ltq#=y46?6%(nV?ypFKH8uyPKPE
zNq3`j>6{vT`N$1#3(#M|>zNf0M$_wbi-1G|$*b}u<9&}2gG;b7{4KpAeYNl1_9Y~4
z+kc&{8bXloyg?`LO&B(P31qc8q!INnx;u_;q&D%?{9Bzvj0?Y#@N1N!(#i6iMD}^H
zJIc4tfwB89nLc)H8NrHOiVin#eI5CjocnmNP<+5V>YuET?rI-prW5(^%=<!<Ls!pA
z1}1c<43M8R%3L4%10ewT)K(>5#x4naek~(p@uSOea!H-^cxWnqAXa+sfm!J0$5Tkt
z6ob@pcE|j@fbL9|^7Z+O!jmI$UpG;urJPEu1!l*~+fh6Y$K$Zo`|;}?!QMlE=Nh^S
z6^aSX9TTYaFPqW#@DHG?%foYh){Um59fFst*7Ucfs0*%?adDHh03Bm<Li>wC6^ira
zY^z6-zx4(}<^K>HKyIo87W^U9Qe*)KC4Ugl|7l{tw?^&Z;ueOjTL;zj;?TTmt7a2(
z;{L#?NhFYe*kV0VVI&;8jB9sAh()I>`05U3T>3>{o`}CA-iK{>wK=P1Ra-aT+8TYY
z%1M>%A=R1ZYas@ETA|C=>h)LD-*Kec@nE)t(n%S3z|0d)Fo6}|Rx&t*A9BUXxWQii
z_~?L0`HO}s2>Soae|DSs!M)~EQ2`Hv%L??l=n~-m18Q$z_)WYRv*6CA?GqH*qj$ea
zP&Ghp&>Lom>s^H*K))P-aCI-ICXuI~(2*J3p+PP;<b}XkOclBKPpm<LN(b|42JtC9
z7^-BIC~as_J9i^UzSbCvW{46<E0RBWin$<mJ9Ohb{i(fV;js4k+q`Tw^NGvsX<<?1
zg^K4o0wy(KR>P68(?s=U=8ZMSe9NW3sKA(3DjuZ_`TQh@@$5IZ{J~EKDIPO|s3GsL
z1yq<>>;ov|)Cf~)T9Kju!L|F_i>d+wT=Myw@Bh5_(Lx>fzSGISMiz&9QBV>PlHg~%
zj302QPJ8oYjjp;Z@M_ZGz?0EWtk?y-QJw?`u2^^sdJd$#N5w{ZF(1DJ+j@`2XI5;$
zfNNG9nsWEIZo_VMeXAJSmMdSyPGo)9j~9aOf0zO(cz5FHgLweqPs;iB!vEfqbolp2
zMpW4A%aZb|6>{6&2%uB(wb}%<-@gDu{zn=XaHrbwHy+N0K^_l~52$>`M(YZL{t03T
z-MQG8L)>!>>SBF~0x;CP@Gu;!B_;?qhUPIcKqu~JIbGOFt0|0~u|^32>N2jE)B*8^
zfD5cG;AkT}<RTJ0s=oQ{*=4RQvOR-bD*KL=Ae?XnAbXrU18}X1Qvw#<uq^V+<L|{=
zW-^FW5af8H!^qLFcf9QT>wW$|Z*n6_9_r9<mvM|qvzj4MvmNR(ZvWUmr0b1CJc!Kb
zzPHILo#!GFfZzG<1dX4GO7fHWGj?J}VSE_S8_)2O=Hf;n_gL&+c8O^6zto?6`dNZu
zibFPxVK9_kB<%Q@2rX5DK*4qguJ4@)<#vaGcELl)6LV<)1Tgc8poCHUdu+=(M}?al
z9>($MpIJiud*Ep$*D#T?Uu=;|s8-V<me}c+X|c6&+r6sIX_=3sQ$Uuz{NbS3g&M#Y
z(R|4?E4~Dv8%|Z@Uc~JFZ5jzU4Gb&mGRlxk-|hYt&pgWw{|a3S3o8Eg1!up5^ExZZ
zhL;|xtrv65Z5${zyy?yR20t{$>kun)znB*BI^Djrc=-5w7N&~-<-tvF@_IV&s_xPT
zR$=h|`FF=(#4E+AY***)4Y(2#EL7Zuceg$>&Qkrbf8@iv@_cwYY%o(G_prnAMho{u
zy`K9eiH~bWsVwZ;TfJ5yf>fP5^YxEZ&sH)YzpF+kr~DM!W#H`@sHe{92FOIb_Agx{
zx$9s0a3inG)Egx-8~M^(zpGf#qV87slRcm+9U#yxu(>j>ZwFJy7Mp|5dt(e<)OGF4
z2EZ6(zkDHJ*x_6Q!6oxlNn)P_|8PmS7w{YCwo2<UWp~vNLN?(S#T?7=zwWE>Fu7j3
z{=(j{F6LH$-nw?K|5gtjkdU`8fZO^VDC<)3i;rWb5Vk-T?DEK^p;4^}^!Oq7L~1!0
z1_<a-T?T^oxn`ZhTA8H$A34m*qtnY_wQIyUBg~u0Pg(=V*QzC~8;slDyr_EL&S81w
zRMrnlY~@&kTXP<WeO42jtf?w%gRkZfh_Ua}gOEQ~Vy{vU&ryF<Wwe%A-@WyylC>BI
zTD`Z9`)Nf6%ig`L4|RGxlLcl1-6lTd8Yq0R@Prj`PLHi$ktcTPtgR;sf`1Ahxo{ZQ
zzW)&VCFJsq_IohWCKH4+!kVU9hwYzByIe%wVpzqil)8dIP3y8t0Lf*__EQ&zz12ZD
z$*pd_3tTH>+Xno-qJNdOzf;ri<0oCQ_j&t`1nRm9e9&NmJnSX-*-+M3z&W*Qku=l;
zOLr^w7C#*SOWBmnb+Qj5uJdZ1MLx?-hgiveL0F?|)U74sXo<M<R-pID&yi!6qxdEd
z{Z=O=kxr&exspv|-TVUx^yEG2pFv0glt+I7u=ogw0QLW>;q?MuItPmvUuPr{VH~_K
z2-#^lAQfwXIomVKesFhq;LVs5F2?mzFzp;QS6htDX?g@l0B`Ev$iO<3yvSt|zr$rz
z&1(^4xCTMQ{1TImK87qzo1N?70<^vT_Eod*=>>SDs{NCnL(r^Vg@np{xi9t92sv0~
z|H-^l8Y#TmruJOBSgF;v<gaieays0o$%RPePmUem9IWdIB52MfG%UxZN5a{#(Y&<r
z3j|fA2-aAyw7P?MdGv)dN#LP%==F&@jil`U{KpRsNvw~Z<h1N$uY_F-%sw<|`=BoS
zEIvpl4HD>O^|h7m(hqC|on+@c?L{!P)@2`0_XeXw)33QgCe~yp@l-5{e?6~V=f9qf
zd2{6Eum8C7FjFqRp4Hm{Zn|+$@PlBHS@pipoxrY~tSNi%E4!g|<-1k$H-UFvaC|qW
zkcTY+gy7`4`@q~Jr9@7sRnl*u3I`=&?~$c+y;shfil<H{zXrege!mWKKm<t#$<ZJJ
z9Hsk(Kix6HTNRjg^kJgBZ&tw`g%pw>E7Cfw-Qn=m4%D}H{z)X4WCtwnUL6J<!2-J1
z(X-;o(Kz+*?|Qa!d*OX1`uJ38KyV<d9Q*Dt%;_}qv*q>@bfX#e>KF|7L=O&faXr%|
zpcIK)d@vVwLxf9XLL1IZM((oebA)OS<P7LT8CAgClJL|<y~bFp`a1Xa<7X~CX=czq
z+GI7$ev?wh)zbdFa>?a8Qu_&I0zJ<-r5KV)UOe-z#q9&*zis@K1n%U4+3r4WjdHxV
zqmBL}5JGeOt$tA9O(=#4Y|8MWmIK=o4)~ydBae)A<O#xMA;1m^r_bdz-0;Gm&vi4{
zp{JR0qai-j{W-AJvM2U_Kp})A)9QmFO~ICasHu$0Kb~iAWoX7g%+yWxL>ImBYr3)i
zOYf;KQ=Vw_-r0z2W4SSsfBv}|@yR~>c{25zwc%^Y5C2l4XYCP&&Sq3WsMIKg%H^((
z80t`&C7FOy9TEeL25ASD0Uu1HT&LTdPaz$@Gbc{^&NCi7yPf)jO4}p6-nydrI8!Vl
z(`cLn3wAN4tu*e4GNhB#zpP&qXp_Z6rtaFAG|uSldvfw2AHEf@!e3;raw~CAvVcQk
zQmKG?2{r`dva8}*j;3Dj9y_IWcs|I1BK_Dg;hnPSXZ;!vOv2JZ&w9Z$LuSqAj8Z8#
z)bP`4XKw3W*ZI#?-R_g$OB>zr9A0sZku&{Jkt=Va;EfFVt7^yVga0rL`gcOQ`>&SC
z_Z)ASQeEz(LcC3?2EEV9`P5ot1t?5gv}oc{vp@8L&N#)EpclNhBpXIM^nDJeXy|XQ
zP5{*kvY$YQH9nT-E=_Y{EDpQ4)qUvK**aeB;DUC&7Uu(WvjblCQyo@qSYeSwO6UHG
z{M2LoLoVNvW3C<L-mQY}odsS_^p$Hj`(@nbt{su?NX!VGjT@^m6(1YEay~_Txx)*Q
z^p)Z4g*+aEeFpAwK<9l>e0nM`Dm_p}(oun~S0Tze34?EMPLcXyag4<+#5P<)u{?B7
z$3k2ZVn^++s|dy#;si$nolHKNS}QBYI#vdgNE<G`r4OJ0_b<vCK^;?uyVEsn0p0qa
zLoq`=U{FYlZMx5nB!LSjKfXZX>oVR*#J|#`b2ZRQ79&`Dj#AV&$DzUPvOnVJ&wIYu
z;Y?(}GCJ3x0C!d-^kSuGOUPdXjMg)p1|`IW`7honhb!eR7fGK{TNzzG-3#oL*xw>}
zY7R>dF;DSor?|*HUykF539&28cR!zMmI#DfZ6uZs(6vG~CdA~ql4~Pzhj-pIo)d??
z3FARckHM*nE4lwFG^<XQ-G`{UOoaV2=8iA;j{Dr-g>T+(4s}zh+y5Cr7_}&^!aE`b
zy|*4=6LaN-&2HI5kqBF&&eLH1>qwh=1GYbz4ztw`41q!1OsFer!aEy>tG311sxGVM
zKXi+lfCUePg@^u(5TGwD_)MJzOmZ(=Q?q?Lg|(wfgg4;bw9ILP?y1IC?lY~aRJ$|J
z=<Pje|7c8r2)ZXVP3Z*3C=q;NWNN{~ueI#GE|4^4mY}w!Ws^?I(+4&$_3`CTiq$$I
z5h{w|+{0iyLFhdJemsO--Z%klVkWSY_&Ajltg769#Zo;}b6{}1ioaxfzp>{IML*%u
zmBD^ryl|xh0-TG>Kouie?Bpp=uTFZz$(5(~GzXAbW6e=p1Yde{6FjcFPo0SYtNJ72
z?B`Rwv{zmB{hm+NJccmV)>nm8EK<)27|tsVWfA-w-q^+P&HR^|UCH9JgIt)RME*hp
zAaVKnPbzF2_Ogyk;Y)>57Faw%gE-88g4@n@snt|h$%?Ab!cTWj_e}qUammFwj!s-T
zEO*LsYU1-+uJ4?-;wNwSmDfs<^jMpZz&GqKMx0Z3@2T;uB<b-M<ud3)UA>F23~x;?
z+n)!{%EKRu3&LPvAiMIV5fnj2N}w&zSC%Wyd}u-~wrcBU!xY92o47^_rZQh6|1fZ=
zetMYtx-OcM8AkS#i@KHSXMcM+m{3Y!ge2qPyNRh;fMP(pAQo+)OiKA^<@@G!`8c}P
zvD9|nDlxal7(<4LLR3}F!0fxU`HBM=6JI-(4`gQBA&XP^VQ>Fb-@^s@Osl+`q6#_P
zr>*b4m@JtV#YDD2+m`ztox+A+BX2uWrQ(lHmi%0LcV^2$Oc^p)#-QlrY}%o9Pu^^h
zUL@CV9wj#u>Q%TNB4^@@s_37S@(0s>i68K5WZ9+S7oFYszt5cxwWsY(?2#SBPq9ac
z&ck<~3?t3M2FVKjUK14mWLPfi>S~RMVwo4^>X|7g`bt8~pjUz4rb2Tr^L~pTJ?-$h
zwKI43nC}tFAr-&`fl&=joL$;!;yDY{N}HOE;>+dvtEAfC0LPDV=zX!B(^p`Zf$srb
zFWQ##!YMx|sAHc3c~LUX>6oq_T9uggDc3Q`dTscfPhi;fnKhamt#+S-{XP`8<fIEk
zA$1GD+-bDRl2FSPWr|fWFY0=u@$g7gmd|k{!>WoUaHY*>50|hzhOwM-T9y0!{Qc+U
zC2Q=<+e`tEKetIgt&MHF`sw4gpwGNljT@x)%j8F9tl0Ojy!%$&Eq+Eg;=g7=1(sk7
zPgGFvmf?J;cR#i+mGPl%&iOt!#ie-{kR!n(whRv~6s0;`KMz6N829Gf^Fn^zK4znC
zK9%+HFsigX7m`nme!g38kMQ`!YV*9+^kV11m@G$Xd<voi!EXWsAcL6H#KK|bk?HR(
zs(Xemm{)+d7JZ4jgY8nyJedq`Hs1beyP@<PSz9JeHNO2RZfgtfC*E1Sy`U+}LkDxt
z=q^ziZV)&P-vNsMF6>xNEvuTiz#4JCkw1|@K&j8Z3d>ADSg`5mCsm(gK;88wJ+(kf
z-rOAm!BJ+lj~|A^BK;Pib^GLW(MHZ>#o_D>9p(t^a)WJq<C=-i0?^1?C=>MjEP-iI
z=EHzdZl_HI&U2tJwhm3%lTxH~@Jz-g4%yX+wAGfX*H>HRP=%|e1xhY^mu-xx{w=>z
zM1vVxg$=vE_)(&#WW~sS;m3+QDEp6@m{Nid;0$>+|7Is?!=1RJ!7fq>yvASX)=oD3
zcuL;JSt%NZ!st}ueeAPMKdXHP3V9Nqn4;<56S&T|WBt}|%+AD0&`5ow?ygNPi}+H7
zS?|Cah1HDQ3?!7W4nr7|jQ>#Zc0ZtHO$y?xhk%!3@r2}k*^RoL9N>ae$#(sq_MI_p
zli=)p9(ts`vc|j{yL<$>h6iOI&$cY;X7FoLJPX;n`>jxl%qwIsSy2S1{QOgxKEWO}
zWs2+A%Xo=-{IE{5@q1YOXo-S-F;$eo!0t7aQN>r?6e%Vf@Y+>UApA%d=;HNxxr2a}
zs$ELbgkd!<_Z5TJZn#LjnouE6t87qt46&{LV8r<5xyH*ef}A&_ML1N=G~}w}{i`GQ
zOJvjk&~%nzP5%GeC!}K_-6h>2NRE<_5>UEP0Rd@gCXEs!ln`Y!sQ3kxkWNXF?(UW`
z25e*O`tNt#$Nh8<cYKcPUFZ2a*LUKbbjVj~j_M(rxP`hu#hE;ZWP9HhFhE2PG#!X5
z=8Afq*atZ8Ld&|k{sQcKG)u6&J|F`SaZe$+m|tKFV`S9M0Nf_=KXC%+Q?svMytBZr
zDV&V>o1hh(?}0QUFde4#meZJ&^7_qzlxbfH_puutjgIuzy>>%5&lO>$tqm>Nf=oGj
z(C!On4ttRI#+9A;N*F(Oy;S>6#Iu;jmTuON^e0Z(=`$A=0>Vu{9}{eBO&d%Ij<S^v
z%CB)cFS<JhUIjRLrE#9E3CYRBcz4L~r)zMw1Kg=l$y-f`XwGOXLh_z(>&%g%9U*ZK
zh2@Lk(LU$AdvIC@H3%u<cb;om)|vWFpXo`sP3FFC&=_WHws7wu^^RDsBp*Z7pWM9U
zj!OJS?nwZfYy%Y0ms8>G+Uwut$_mAe5v_5IP)T31^9Qj+m8$7rAPqx0ayXiQTcpXl
zNiLH+GQCfoGm&1?r6+U}5uau+{96Rp5Y8<Y<hS64+TO7GeND6r&aKWR6R0%hltjjX
zsmB}L9*k$MP40As*%TKkc@wE|^)bZ|ZHN%Js}EK9*2lV>XG{BYsRGmT&#=cjOhS-f
z)x&}E<z{7S(aiCua^%2Z#E%l`U{9%Wr5b^@(9@i%ky$I0UwVvfk%-luko0V3-&WU2
zfI}2vK=?^jiBnL|a2RnZ^Cj7^+B*|`YNrmRm?Euac%C!V@^haFpCKn8S)}(Qu8N~6
z&bt4_3J0!C$p-e1i%}SvK>nNm+$l`(*%Lp8rn#X9xZU2Es{d~N6Q};O!0nEbg{}H$
z@ILAk_IOS4u<PXaISt$9aCsdn?sK}v?!6SLlSt@+^7-H6KIHvPo_7Qt4k=Ry<n11j
zEeG|fx83}3usVreoJRQA+k^>JIg=@=o*M#`>h-cAU$N<ML8tR}Q@?wEK0l?#-mx{*
zcY9U8C-o%lUeZ3}x50*pF}p8MYo9A%1d8vPX$ZON(>{LSLoFPT-9z=@Qx5v8ynh18
z-*6mPj-K(1%lAU1Y!5={OA%!uBOB>TcXHdIXRd#5H!OE;!MNq7S80aJ7!k5?IJ5{-
zKKyJY?aimOJLcDmb8w3V&IvH`<KZk9!+%5m(iru7_lge5BveFYKpK9mrtLcOo!R%y
zwQUiT)SGV0creV!NedOPGq3QA$iPykAVV_0eimm>!Cl!!)x%X~xo0TvY=aAvWEQ(H
z%})PGmwzV#-J7Hvb!<CEc0(1p7M+|ITAi9w=$s~=XijUS^#7;?X4qZvCy&(st8K<f
zpU;%ZUCnAO?UyH$`^Xu-d)r?p<8#D^Ch#i%>8twsqy0F}6CO-+xK{DK<YBuq&Dl@_
z#odq8L(S|(Pa2E7HubxtWK1HCpGNs6#YGv8%U*er^BdA>tT#rM<ViUE(7yOVX>9Ec
zIM4v<7QfyYM^VW!br0_+{C$XzBr_yeqKO4i?OYv)c@iF%#;M(5<1^pIR-Jvmg$V$n
zP8&=~#wf8zF<Qa7D&ud~Z67S9#vwmD1OD6d&Ek9F*bKE)&O$dgZ%E^#=g%KQd@$O!
z(!s~lR2o~AKZ|j$9Ne)d7zXS(d@4;%C%+sJ<QeaOL4vfVMj;9AKTWk*)d)s$h~(U#
zXCEztGG?Fqb(WqAgJl)`@3nuM(t*~efA#w|lU!An1^c*ovw6*ot5`BaDF&3@Hqze`
zI(|zWo-b3G{7j(Gr+ZU~9EPJ}ZrU722U-mc!M#ez+#LY<Mj)MJXOUD_MYH2A<U#kb
zUWr;uQ0d1vDK{y7`ib<6)$YcP+Pp!b1VV~Zn_zFivNkQ*Ny}A4{1GirLd;;e?csC}
z?fJ&fqP7jfi0^pbpXt7Fq`iP+wbaB%La7s;&pR(3nnz2C&{di^xctCcvwM*HEt7si
zV}RcoWA)wk`mDE=&qyTT`~`}sGs#YelZii4ei4B`seD_@VAd$3HHYFSIP~qXZYew?
zzgtN9=mj`R73cQsWBAWOJpM!kBSih0xr57=WmOZ64m_0y<7yuQPf2)a{sDJK(ujCy
z-jl#2D4rC`2xmemnI5a#-Px~&wfQSrp<*xsCclmG9I+<GQONTdtAD;I(B*2wWvF41
z1RI=Kh1mGjS4peZ)+JeHoWQ~LTfcyF!uGhBs=Rg>(E8d(a9ll=h6|oO8*}|e&aJmM
z+;T(mU74#5>&C-wOIeZ~OSQXvJh99%nCG9>RtbKraR5RF?=>}^Yv_XHcw%|Fo8Nnv
zN8<(&za}gG{`}*Cg5Cl)S#fn9$zs5HA^EteX|j8$&3F9S=8<*mXKM8S3UNhIcYss$
z`9sDqIg6P1!B>Gk_l5~tH|38S-2}gVqpriwSBC3&J?>I*Hj=|z>FWQ0p<MH7C)!i%
zkvvh<_FMN8A(EIpxgFxPvIFIDM%w6J10{){zWYwB;F^hj${`2Q)mj?`{qx^f_Bi<n
zil;)r$B*ZF119-NiI`?&>qZ}FsLke2U;5gy^X<|GPo9`GDJa@R$TS+H@cYLd^N@ej
z)lYoDO2Kr_oH^&74f$|zWi(BjsgW+w?0xyE0WVg0vTzU|l-XwJ(uUx}!y1!()3^-7
zsv!m03k&Ks(oXursp_PoWIU2?_Z8~LEa^VH-IkqtJ$ZL_SB-gd(Fzw@vE7xH!dxGC
zeq*OjRNOwJA;?<`yfqaE2F>#M`ebRFu%Y)c<KqxY1_Dp#pTMvlvxX9rG(Sz9l)-m<
zh4)Dz-eM=u7J|LF<29gtMe|o2x7QjcXuiI|Ew=Ef1K@{XhwS|#UDr=PcAI?{So3Cb
z%2<Vie5f3XRQ;Y6tmEq7wq&(pu~*Jix8fm$gSkM;8R_L$!)B>dYTgxjb|d~FP%1F{
zP08TY<D-5&K+gZe#3Eczq3+29+kuz_bx>ftN5y$^DlS#+#(0@XrLs(mTQ`2Pb;I?J
zB2BsGJ+@bOo<$p24!Ex$jD7Qk3<R%ay6^cn$UPGRiMiUKa&ZGDpEAzrP`MN^ySCXS
z7^jk4D}nQmF;ZzsqO0WHuBH28o+2?szs|H0w)EFMMgx-(bc0X#W%s+!uS+Y$8#}B3
z4UEXnzvH^&hF7e9ZWp3Te9t!2C@EFr>s@Rcon7V~lhK1!F7xSJvFG0hAuBZ|%V~wP
z3pfKLNyseiftV0ty{zsz9vO3Gj}9fBJbxf$wG#25((%8ja^*4TmgOl6Gf(NZzaD!7
z9MZF5<(sB{Km4<4=lx*413Ss|Ifh(bjY^w1473o!vT4IN3JG`!WUcuEc*k3^ySBP_
z(T~8R@p$;cAZtSPWTy<Px8C0WX8{~EboKMOV$eWDw?}<0?mIRJuFfwM*uDb?={~^g
zZpl=;!MKu|U(9Izt3U+V)Nj0`7LSgtt$IxadDVbFjS}dO{UQHdTTPa8L&LdpN367x
z(+^G2NtI|(=LhO@huOxj=Y!A&T|J;$0oR1UN12N6*=2|N34`wyd&l4ojB>#2QIh0m
zXo?@-I(DK5VxjS%a+@83@phrVOunei%kS?16h*cHsl?u(zRh{CZJ;48+svI`{tM??
zo5>o-lJ4J6I~!ayF5<Wz+<59^_i5quS^wDn_3>}>!)?>+d7C;LZ?8w$jU%K!T-n?)
zrmU5$bf*9M{l)5DHjC5kv~WkI>-hsXh9oE2GShD%vnb*_dPzZB<K!#h>3>Pr#wHR2
zSt+Br3HnI9&}40Jv%U+jfcy!PWmDXn#aWbwnU7hsad%LMzB+`Q#~o(hzu<yfDN9K%
zh3I<@!I*pp?CDkK%~>J}kteE*iS^xdhA9*uKETGNW%ftA90c)<$AE;P7b4?Negq!g
z$i!$j;)s*eHr=B+a)9i<c=%1NhF1Nj{IbEZM=>v3(~JFm5B=zm3j`U2o|_tcYg*m7
z#ik-^7hTsWc=U&Td`b@%L6^E>j#~k2G_`Dc|4BS9uSqh;QeJL_@025C{Y>B2qhR`s
zG7h2rSppWQw<9cxwfqC#!0(;$Q}XL(f7}zt8F!wB!wH7lHu_X{z9~kheXhC#GYLui
z^F{@~8;cr*$JBD|5fQf*J+XKv&PvF%=sTYzTW8Q2E}pgKto;?jk6+C@l~JM?RaSo`
zh<`tA^3Op+G0OBU``t0!@nj6g@sA`2N(1Lq+haWEO*(ZvZ8~=nQZ9q@<>!ydYH4)E
zq!$6|-%4aoTQhfNVXxj%jF{|ID57c+`+Y48_x4v8H%Y=QioEB{AH-%-TpmrA<*4Co
z_}<424{v=4;ZH;%s`Yc-HYMeIg#ra0=KUjn&ez^@*PTCZZ5H`LAPO<xZLJA&TFzh3
zo#1qm;aXD25*Wn2?|mpvx-@Q@x(GCT7)w*J7$@r6=9_Lb{hQE%rtpF$3M-?J_sxS-
zB%E<fn2tiLX#}i=KFsasIu+gTks#+7^yhZ@@XC{=HkQ*df+CIL)V}bG6=8XQH8N;P
zu`E_z@z%HiS40h2)SZ(-?1qQM7QX#6`(8TVe>grf1+S!gs1ebUFk}W_DwK;yNAUeQ
zQ9&O}3r^7nzU5#ay6~=BFl%{+9>;@DPnCwu?~%fxRJG!7%$<S4KsY6fCPnr&g8vpG
z3Fnym_LheBJB2QSNlMZ~wk5P<6LK|d+#)dT%O01XYL}+co0$CZ>8K&7Lf*J0{x9j9
zzgUDHE|MYO)6nOLcD=I7&zkez^izsuNraLZ8?DdIn{EiLuyebcWQHF*)>G>w<V}R|
zkpjGc%P>c*Vy4>3X{lKOkw`DS<Wly2>i&5o4XTSBx6Qw%yZS~GByKs*R_$Ro_mll-
z@vH1t=87!kB^NoT<HJip|I8%2E$CTJj<D%)kcsNZxcA)fX}8fjH`je4s>;<0k@mYF
zUPQta2-08~j~slv_f))vfO7nv)SIJTobxHzG$E$(gg7D9OavwgXxlZNm4w?^yqvil
ztq8iWdr_lIRUQg?^`x7lJ9QX;MN~1~`uiEJs5n=yHS;O@=ysSy7K~$&%&){;nH?<W
zX2K%cN#A{^som>TcYaLwv(C1Pg+HneH?Ix!A6rZb@9+xewsk6KDn<F{m|cn$o4qO~
z$P}I4)20n193ARfrdtZ1Or8$je5RCf>E(UNy7#Y814yeH)Gi+E%w|prbYFHp5<PH`
zM*P{6wBLM)M+z@}pvsOX3(nahpEO=U{Gy1^xIshC^{4Mq2~9xV&FdaUZtO-Lghtsj
zgdKv~WwuXRF6c!GJo-z!YJcOTcT+QehAh)=?t%0y-2fUb^_E4b<5)y)uTbLxs#ZZ!
z$p2@CVsBa3fAE#cK@FBGqX1V}`g3u(AMPgSp2w9>Am`wr!pk|sj!L%GV(DI-22SMs
zE`_?4NtwB)BDU@phchdXD~M`C2>3!&CoZ)o8hJX0OIj!%5Wuq7(>^niw7emCtk<vg
z`4%-#O3d&2BSCx;Vn~<1{q1?s2WYMoU}2Xfl>e9x8i+ayg3~j{yckD6j<`%7<b8wX
zirPzGjQPGTh&ppSwGOMM-95{UU9AX2TVxusl)GIfJ?MOqJeT9)-<;g((WT^foh@OH
z3n7Tf(gqzS(RNCt(@igH$;V)hmr4>9BAS>pCKvHnsj9_5lbG8JFz4Vj8`ZDKEA9z8
z>`a@3k09NVvt#if&GL$-Qn|Tb;t&W7#3h#FWwwJ+Ue8eC(L0-D2m*D!2u@utALa(^
z;2DcfC;Zo!Z87Io?-U<qJ1V})o4yxr>r)!Xgpq6O0J8VHP04#Hw_Gx(rU<_5LjDom
zK}8cLeLUGu1m-U9<Aa^&T&w5uPf{NDm9nXcYjTdIe}JR^&lzxp;`ULSWNAD$zqr7x
z2Bd1R>5I_cTguhMieIF#4jAgFr%r@4G7f6f2lK)Qd&i45b?r3Rp)tahd)@7cb#-7i
z?wb>)SNz;+!PKR7QPmf$jW4ZYWBiEEkYNwxjx*KFTS+s_OJ2JfbtD)ac}w}zYn(UT
zb?p=G9)+-I<Kz==*P_YB0w{|mlc=24AnXGT=k@j11f|W$%-IJj@kPVPEx+|7%<4kc
zn2Y{PU^AIxuk#Lc^0j+4;)So10uw=0Mrg2FQozQH*BPI7suK4F3cwS!*j$hQvl&Xi
z+bygph~!exe!j=>`;A#Q2T9c57)Y!Xfk#}Z(qM4EaD6Xc3G%-^AyxIYW>~fvj5w00
z@ZhCYE$^wzb*2&vaqf~jH-<^%Xc#ia4i?~YP3F11_%*e^KDqvQ!a#6@!Y8oS=2ZFY
zpjgB!iTowkY>ZX{)er?D9tOBwbrE%GA;)pf1Ra5(-cHzqaH4I2g{%c$y;@ACy6RV_
zP1JRLm5aVxJaiY_IKGyo9^X&0L6{P!aM1y}OnGaU@?^RxM4*%*VvEXa^$QuI0NrdM
z_-^FDy2V!Ik>V>fm(xPWbMb-Fw0jqbH!K0=B#L8Ye|*CR9zF--d;x)Pr8{SEm~6BP
z{4`R9+4WhI2C@E-c)SzQI<q-SK+EIIwH+LZu~*@CKrRNZHoQ3R(mXwGqf4Z~G%24L
zq~$y?mERud^$fiSw|L5Rr=iG4X33U}`zHF0>e^Z%U|1rlz_l$jw@;+l-#!tY8HG5U
z@<hOH&29vbxtfo$3H8S@b6;oN?hqV=$sKdTNd%g+xPkv}YZx?AD}hD}kz|xJ;#?xl
zPyVapeBx`a0j{?)|29xf`qm2}1}dG6*o>RO_QzPU@nV3~)mV-TA;FbFw}mP(F`7Oz
z$}L$}w_jM|QE?g$s9KU9?~?*3IG}79U4G+#El$ic`n<a6VDyxQV5p0eEB~H+zCkiE
zy`U?p55cRL-3M<>>3nvwE1ci>MQ(`CNxV7&>x9;*9}XEsy!Aj08jV6Cpc?l8#PhJY
zXW4?%%vVsZ%vJcpybo&AI~CHW6y=Fo_k*k$qs!7KM(XEk>gTv2r-DVBJTRx4Tg=pU
zmnMae7~<De+a>551dAA-1n&^AC4e&kHCKjA?qAp3=I`hp{=$p+1egR1ig5u5mi|p7
zG-1<#H|)g2YSt);&-6*>#z%*K5;Ccs>99mdZs(K5va>O>e$jtLyYLBW_6E9FOx<81
zoa>?@ebQPam&-rKyFb|ZJi6xFV^9gMR2KQ9KhPoYMnA@$05V`P0B5^c8ULR8{WEyq
zYvV&lOWX<w`mt~Uu&skHmiStV5=*nHSje$)Ui419?w<tjrZ=yDU}Lp8EJ*H#FjG^v
z<l8hMbBb-CP4}D8e9fFaY+-(Bg{6FXY?Rql_jWfD`xB#kUEaSTCf_xwJxgQV$m?-Y
zvo=k*=vOVebmZB0-lC@2C6eleT%yVBTCC|!5#P_JOV8Ii+?@toI%HmN03~f>=J*U$
zC0)$rkwl}+7j01SAS;fZ;cb*9s6?6VDy!yC;&MoS{?_$J7HeGs^WODm3o9-{dvx!3
za=@v%HEE>ldy^4v0)!W7tQSq~m$XM;1lc(|)FV>V&L14Toyh$3*agidlj2Nk#uZ~u
zHA(xRWQ0QM#rDnfd;;$biaM=mr+$8Y+y4ppry7`q`cZd>XC@tv)e&CNQhbmFzgoAg
z4>13LEqRHZuh?n3ly;J+K<#riW?MvWeEu2%o^r_&7Q#<QUcNt;s!ry$UjL^nzV^&_
zRXPVJ9I!=S!nWvq!6K3SpE`Z^-Tu4wH<sJjr>0Z#61(t8ztQCbvMIb8%I`<?Z|<J{
zYtyhq^|D>mvYA@oHWjpj7h(lzr8scUX)?<ictj_Yoj6{Xg?ztobz`dTw>SkeZO!2M
zVz7CKp|5V~s!B(_3l&wAEB}0n)7T}ArrkZMd63rJY(+Bv(^so1!y0%?-DIbU`=y4s
zO+(z5BCE8=KBv^TAFkU8hTYZvy0T$br6FrX?QT$}xu2vL>JE3|_~X4)6Cj)(Z(a7P
zjywyrct%e1vcp!=#+QdYmf^aFLm;G1=$#yvPJ>C-OK@u(yc;r<S3v&7YbSx%S!ngi
z6WZXT78NgNxw2AjbeNUu#aKQ`OaDb!N3bArFtMl?zVsr*7+7xIB;@|l*$>*ZQyxrq
zxKoklHsyyL!8%Yx*~i33z~AZb5LHHz7##|Mth(R(LMD@Is)@SgHTEQN`|gEq@#BU;
zQaHqNXnl(t??Ia3MQQZTwSGOTnP06~W8r}+RTmxR<35|;;5`u~zy_5_xtE-`K^~Pf
zW(sd_E|O0ePv>Ef<uk$+auy%+0wyr*$0CjnLXYQG=B-yJ(la6px#HfyEF5NfAUh*&
z;e%CTxQrr5wXE@&U9#D^-h??#j+|xksX4D!_JVfv40l2s`okC{2OBrR;t(GWOFRhM
z{?o(1{Xd7mjt$t-Qyz_9c~3N-QAtIy^bAN9sgCrg`#J<ach*S%{S&5{XQ!dsi>$*n
zBB1-Rrb(gu@#u>UwU@fjV~chx)w{6ntn;<SgEo~%%b}H9Dh3e0^jPkAY`O4*%Y0vu
zMprrZ?P81(M9=T<^VbDxm(gqqiK0f3^0?*z2b!`kK1rN4c2)ILoZ|Xu88-u-Zm320
zmGVvj3@18XJt$(0uqbk!%RMn(PUKj4kZRx3w5aL1Jf3ntO`&%?#^Az%_kIY)<l8mr
zJVI&Dx}H%5D}jj^#3VxzSFfi`{igG8iZz+VE3yHeu)F=w8JWdw&5o)J65b`H_lk%u
zb<?Fw)!m`b`=xyE<31lH`~pTXOsmQO*kVHu7l?|MLloYJ8tQ@&ebRT-2ZB}?o4s8b
zY^5ZyGJX8pVKh%#KXdCh@Gp>d$boB|5R5Bza?a>3^)g2ZCvKWfU-v&()6>W{X$`CX
zhTpxoyR#oKOfn4R;Icc^?f5>>2k=iQl!h8uq`fSO3PzOU;oVADR|HJ$zbNErZ6$=L
ztG-XEk&3_D3^G3j#M6njN9_I>IfJ_LZLun5*S#tsSJG;ExH$6oa>c;&+)E9#d6=S-
zgZs7F_gMIl(rJqNHwYU2v(9<GfqK`UuthGTW{d3*xwCK1k+fI8@y>wJsLu97p^u3D
zky@%J&DVtR87AgMeCk_H%9aIt$!)=S6PT+sS`r;bst6T)482{Vu_HZ@ZuA(xShgO_
z$Wa<JOBaIF+_L2W3o+bz+U+tUbS$2X($$h3#4U6NDrmOUq`?mNKJ2Lna6CZnLtWk+
z!?$1*bCZ1gJiu$&?+|c9hAQ8VkEO0d(DhsPgCJz-L&P-To6=uQl~Ao|>7(gHq1q+H
zEPZqRFYc?Zp}8)jsz1C=%Gl~R+lhEx{fG7Xv}7J_k(gO!{*{$kZvtkWw+_Tw5us-y
zX7dV#u}`^A79PSUH_Y%(MO?}@2<$}NM(b`>!9J}GxlzuT9`X)b{~?({(l;PlNPa~#
z3rd{H_+vjY<R}ioT>q;%-3p&m<4)%&7KI$mYq7>~rs|>YA1U@FP187?jtQNJa{<r)
z7(`9EgDJNw{!@AN^=V@q^}$74Z&;1)edRk*fdbYa-c>voRAO(4p?6MAlKp>OU1$|Y
z<eC}er%;C!`eI%BSZPB<Y=HrXYsOTuouZqH$IAx&J0Bd#ze!x!9d}6(t+i`OOLDZ1
z=}sbOiY;tl%St(9@mccdmlX%lMWTwRtJTYLh<0g5zJ>|=>a)t%<z!vFNSaGZW$56-
z0=a2|AM=%$dqiPj$T`b><PPZcCl(zz+L}I~F|D{668XnVA(ES8E>mp&Wr9F^Q>lW>
zU3AzdMy2SgN1qYd+g+o+fUk{#a}tem|8oZTHj8sj@8rv3`3Zb<P1#C~zYNhJdArE0
zSeBn`4B2N{Su?(cthr8FPQKoKP+zB2^ys##@p}*=32}ePyy}JEDx;Qznk{}5*<wvh
zZ)20Sf@c4hk|Yb{JmkJJR(`tQi?XhBw)vYPyDckK#BPFHJm<M2y-c3c-%xsukzXfx
zpI3wRP;Uu9rjDmMUQ6*O`bSZ{FP0KoJeP!i`bMjo#=5B*aRR_PjtS~Y4|<e0GMxI~
zQHo4O(wj48t(8CeAjXyD^j?ft%s`rQswb{mg#R6`T0!d_lh(U8!AytzT>pU1KY!ag
z2HUo2X-Pgaopm&~$rlXYEBNy)+xW95ZQ9>%J|6BTh*2JH7m>KW7xpo0LbETGKr@4O
zJa38u1uj_*UL8M`R=Vv1p`vI|&q7rKxiaF-mtHFvSZaik8E7BEetKl&_1cj6>_jA<
zA`i|YJ^@%%^X>I9<h76XB;=RJ0yu=a1f?V`)Jj8pS%}`|0jjGwt@|L>MC)b%<pSQ*
zOh%(SDIr1&Mk;mPsoTaoF!0O)pd5$yVoW+~Pde*b+&}RsWv?8m`EXI>l+;#qP&KgO
z#c4j?@IGm)c{g}&g2#>#V({N5<FEnJs*THPn$gXvMG_dwYeT;$<ttHqI#6w6i`pxg
z`#Q@?;1nG@Jfao|uZ_m87kw{&Uz40OOWpz7t6a{y$s~J7$M3gpW&5C_mJ=N^2-d)b
z2klQ}UWRTxYji5NmFayFraN6-+j98fUUcwVmWy527DAiHYZ=bvt}zM23ikiZlBBO+
z#Se({DM>1Ag?o7_#B4?TF`kQCC<)j%p7FI^V@Kv2mTvy(R1XisXYf+u0u7F;TcwX=
z7$QZt%?}owg{&(QVviY<Jbe<x*EhnmdeQ#b(VuW9vyhZ_phtL#S1KWO&0e#~Z(Z<%
z>q>e$U@^J9XB4(V&^dPdQd7UG>&Els$EmL8V2F=!KwPTYTJfuphM(21dKpEmq+Dd2
z-#w0LUWt+q1k+{-=)2T$-n2(uuad6bQGpM-hFANTgx@s2#ak^+*{(-|!_l(^l@_Tj
zVI#0B^4kS^ASkGfm-;Odaem#U*d7LhTzOGHFMls#Zy!V^P85wu7G7z|`rXI<TwE#h
z_6GR%6#*?tJWD<|-{g~q$LQYK;N|#{CIz{#AR07Agtqj^bc(US29+h2HfaoO@`b6s
z1hk})?=G%kmwV%d_G>Z3UVNIcMs7br4n?0H)yYFJBeu}5-7s)}B&n|DOJ)<lAi}cB
z+$=2jgb<1au}HZ6M7FY^dDinEEv3DG0hh8#bePyH0A<{Mg<U0!nxX!PukC)BBkzkg
z{wGcWQfRQ2?i`^4hbJSipR@_n4FD7sU2)fi0oUW;#w@BV4w%H_9}ZmT&+ad^BH-yB
zEdI%KW%xvF>!n{a*gUYADd)X#E4eLRdVG8&7EHqJTC3gZY2eVdHNVGEjDGwIX+*q}
zp(-DCDs#=o=TbT%`15VJD5?pV9JKLIDakkH2C}!-`?BXBU`rjeImU!vMc(d5_8Scc
zHeOb?aDB!#+|}41*^uq=sOSgN+;l_)caNHvpiD$NcAs{)8UyEJZQ9da8ps}LyI%y_
z!5LcDedS)GQa@fw9{h<M2IDHBQ5*5w(Yr#9{~T=TuO6iDy*JBK{QegHra2Nx<k-jR
za>+A764Co}bIdLzch<Yh67v(qL!c8Juktj@I~exl4WB6AB@7>iw3w1ye;2s#J4>Rx
z(seQMN=2Qns0^95WH`Pjwje?q3*r7alp{|D&$iGRtTG~Q?{?1;Y1r&^XNM$7IR6Ze
z?e$>KN*r>p>F@2`Gjb7OZH*X7$V0}AYs5d-*d<>pBvqTX^jGTpYVG^RKA{r&$Aj)x
zc3lC~m<3?EIbQ#Z<Z(;@Ze|`U=p91D_Ug~*qZ9H9zSMtlX#V)B^J~wiB#xAEeDBd>
zc!N=J|Km5uj%-On9v&z2XEsNL^^9Nn7Cs^yYWV5#S0M4Bt=}3{%$mc=bsY4@l{zef
z6^psy$(Mgj5|TT@#2q_`(cqeQ!EmJSf1p#uu!OZ**SsSp;EtNrQP^qJ1ch7fGd;-|
z3?q#D?$mLFaFP9U_Q110-hAcRzJR1@4~xk_{j(DcUKef5KKc6W=IMylS14lg2K;)5
zSJZjWm35Qt9S<2r`(-i=5Zl}!QEIu3K3P09^dcNTT|hxaGXh<?jZ)!fq836dyP;F}
zBc{u)UEpmcU|;i0oU6|H#j2D#S@mEiPbYuED(DDoIZ@;2N_`XCN8B_@n%O&FiV=>v
z;5i2-hz%;<yf-a}?3y9tedRI6^s}m?>XZ)4dQL<!)woC#`LXst=YDh5+@-%*-BGfv
zU%n_sp=a6EAM0^VI!x|@L0`NKT#+WzU*AYA&=^6?1k~pk(xbE3)v#UnkDrTXf@^DH
zKfNLf|8Bf>4BpQu9ooj-s<2)a<`a7+fcG1%A4@5X-13^(1yfJJnrKo=GE8iH11~dk
z`=`3tZ7VJQy)*ud%jJH&vC_}M=uG3%5J49q2Raeu$qGfuVP<Or9K%VozJ<jfXQQcb
z!s1pjH0?Dx0u!-Pf`I3P-JT+MNUwXBE)z0ag-;ARP)KRq=DH#FAQ1}Q>%^sJKt>^J
z0vFs)X7TYo-ku9&X|#@PZ{5CF>*J+GeV@pp!Y3bJi(5F@-tLGjW9WiakzMkoG!2PL
zR~Gkmb@T^se*cs7p<N`j8hx$4JNm(!y3>a39|`sIH|x|FD|i$HT80uY+VAk(ki&#T
zpZO<uy0xBc!oYaHENRQKG02$d4Ymq%k_R||srO><wA=rP@^$2};be)8J)zNkCjgxL
z|0BBqKgG&ZLnir2=nCAbo_tx<9sObT8Xh<YK{_}QnY|2le)P1a?8`X!K*=}5iR(WL
z#IWj5lN{AL(%V`ToCGehqn`mRR$qPeh`|RBC8taNbF6M9DQ58w1mxnLz^wZ^&+$=W
zjSL#t?Tk<@zjOYUdTE6<4&{2Q&f9<bjz&Lf68&5cXuk8k#Fl}7YMy7`vJ*!Iss6)A
zUk*7a|8&(bObqrAt<!kqtyVfIVj`bl5X<bT3DzO|*i_DaI86m-E)$rIuUY6gw&pa5
z`*XDi{#*DVGszEhMK{7PXXp<U(3V=Dvmdy0+2h}NQN@_1b6Mv?Wf+W^?VXyhu;m+x
z+u;9Vt}pP%%fa?)ssyvzv)A7XdB3lT>3${ne8`jt6b8HzQ-Ws;(afbka0nwt9-HR-
zwcrkDqsMDF$~NY8o-uGA>@<2@*9HpD8xSbCA@8~Vf}9fZY!#hCTp&cvRe!@QL7KK`
z{Y72JW)$&t1jZ<_I-2qOn~;Y+9<z7uE~9c_&ScIP>PPe6WV-T+>}<~L@zRAzI`0cF
z24fMN(3tA*N4$)9gbg)*byylHY8?8c)k0n2*bOs%NeM4tHfOich8U*yCB464y!_hb
z$<7@Q8Bzbw+gG)0l5K52BJr0w*RqjgKeq$)!r1}N<C{r6a%mM7D9s2~ySm1^NtG@G
z$g#)7{KNVXoa~-JF6cf^wg)PGD@slV?#8>Gc}b1NGw{x5WjupQTE<@x56%FpnVo7N
zj$>#rr)VsGYghE*2$=Y-R-x+mv5WJbQ+uCF2v&^<4=wK8NM2R=ZS7=tcjP~FGdL?#
z{w<;3RX0t<9ai!^ZY6zNi?_pbaV)5eDxt&B2ran=Drqv<0|9<&jX%(1I-oewCvo)A
zp<V}_DZg^sP1jIid>!8nC<F4+XQfFe%xq7{J;QR##*4LKlxCCOU1+#eI+yMJ4cx5n
zxqVp9{Z}?d7oOs`rPQNxJ|{!6IrkIlVL0)pZw7G_9_H5hCyULXH9g_W$lNyhmo_M>
z1wOH0aQpjA{c$q@#3#M7lUKl!(Y}%1HpubhsthG<K?#0rZu&{#(k=;0U8LiHl5*^P
zw6yi))&$OJL+Y;52S7PhZH4%pE50nx{5^|78SA^Kzf#bx8Q&fNfk#kVjSRE(dJo^B
zU(5-;(d#=J&Z%lp+Rn27#i@8u)#DP5*zvk=)2{F`E@JUn`}XVbUs!j<dAn^kB?q76
z(q;F+s@>d68M^NP>H7}?CtW;%gcf>QN9V`f;J~1U=r>Yv%REVI&LY)6N~84>fTs>C
z!2vpPR0&7@+YI_H9iB@b1}pygNOj4YF@sQ}<hM1Ryz?2~4ZliiHd@VH;>^h50SKz#
zADr^_Wtg#ros<XP`4RBX77k0epKI;#1qh3)*`mk&lM7^5EkL<M2IlBBmQ&H)j0+E&
zci|=1P-0}R*6K&XoN5_1SD(SLzmh%Vol%G5P4^kGisV|$Y<!-8uIFOu0ydon;JnU7
z&g>*vGqFpDl{D|cDy>{HoaTBSceJ^N?d~S~4Rq9H=$K^m2_8U|eV>}DIZ-L!?IT8x
zt3XOV5de}HH}pf)zU#-=@1+S_%Ez9x2kN}Kw=?A-5-N%+Ie^{I!u>ke?Gw4-I1nDl
z?_$H`IK8=JK-@(%XZ4Y;=qXQRFSb<|aF6#Z?p;{>)r3rP#XFY5oD)-bU_3x&n&jK@
z2i?+7iGmez4<(-vV%xp1*B;;zi;@2<S}Q#mC+`@C*}yYNQLFSzuwY*_bnRrvy3`~n
z>PAgp6cQmfAC%KN;LdvLnppYDQnhRF1AaL#oeb3IvnCfLnMY{+6lBK9%e+za^9jnj
zN!trcg%=TbO%soU0o}>FAhm7+X!^@J57|K+1L+~OF#Q|b4^C;kw?k6{x6Xq3(~BQx
z-qP)bu~9Q2D=R%PIR^S=uBZ<9rnK3olH^Y6;RrlFAO`b|&}_Wqk1Q?fj5kfA&p~{T
zFjI!+b0Xif!)Up;7vI-(?Ugf89&56&E58ylF_+HE9pUvJqbBaV2|OC3s2fn`uilMY
zNY{jY+O9<Oz;kS*c2Q#(k#Zm3_{e5mUImy6M(<>h?8B)3F0|M31AH(&idz)It&Q?y
zm9r0aWk5+!{Hr>g%y@jM+Ocw3sZnkvk`b@@5jNLQ2$8(?3Rln!NLnUQuI2p{?SSE-
zhK1Av(gL6STc$wn?l+NM#(iEB*lCVKRS{L9taoZyXA0nXn{et>NDooC8z;nl;rc)&
z0c#jfEdJ4r=#&DlhJmE)KHm1b@k2_Ks}T{gevQbg^038{UBklOjbrsuZ%ZyD?G>y$
z0*RyUoQ*NTC8%|f)p^2yW@hvQO2EBP4IJuiVJ>d#5zquQaUKiO4)zj+K+MC;Z&1+W
zhgLNhJ5v4~`Aa2m6uStk;ah8x9m5whB;Z^1?})Ud=!7k@u6%Lh>A;<y&9!izn9{YP
zgtIdsv!|mRQ^quNvF5h`@w>W*H>s+Q^z^mWveXaHLq<Lx!INHmti_ltl~~E+1T&{x
zr$%*%;gaK?KnFSxk#+qA#um+8yUhkl7jY`4I@+D&xk#-=QHF)P-rFI(WLCU$zx3`^
za#?SrVo0AkcS6EoXJ<10Q_2J2aD_KfJu?Y@5r?&ONWbHHI9o)_={pj;B=juXJ9Qgi
zjDVO=9YRs2Kz&0U>wI@ICkzfhfH~QpryXW5eQ{kkk|aevOl7u$M$Z|RJxJfi;nqJZ
z3t0GdRKo4UkCR<c@_fRF>g`_Bin>)^^uE~moAojyd#^=m4BsI+>1;I`^f;EW3+t*&
zcf`RA^s@<+`l~llAInBa%eVFg!tXIkvE82wyL)pEQ9kZk&R-%R6MS%_fIB7DU`v1b
z!^2<loeo!f*yB>i<AJ4IE3<+=ay)OrQ3}XHrLb(ZNLmgB>%Nqn5VrI_ryS^7>*vWe
zOl=S@%Nj8$D?sn@d|+_?K05)Ayh3DRD|Txu?B|XL@!_nu2(k_L_mIVEeT`)u%Kd#z
z%1?sjJ}Ru?n_sQh5vG;|b|{BrMDg8S=Z)g*@Tb66wF`?>nToVTFzvBdCDI<hAQz$)
zD>y2{te2&}b?CiKe`oNtj|KI27YSJDCfURd(MdQ{9+E(AeY<2HGF=MmIf`KXpGNC-
z?#6OXwd*ChxCcBR`}mO55-O2D-%W;3B)7tua|fT9v~TcobuOnSy|{m(p99X)Q_^MB
zIHh+%?K)E=l)~a(pWBLHkJUjjTIF|CD{dH=rA7AQ$6tGTm-Y;*H*o>yhXNbTZ&RB3
z3uA6m$K!TE$3J$t`#0mhM4)JoAD@`XJkNCE#^S?44893-v#?){KKU;-P;Y>tV(~}z
z-#2FeS;Ot?YwlF8Be_Ayv3;#)9juE)7edrG31$&4<*eXa?*xH^cn6StX?n+hgJ@~R
z+tDqU`{r3!i!}Lfn4aA3w|iAC3+u#vxQYQ7^<fn_<K{y*zJE|g{g0TE=A)23@xL|7
zCo*>!#624@#T})2RN)yf^bGX}5NmH-da*0m@<qZ{Go>h#dRjUgH@ULHNYGbvl1yVB
z(x6tc&ruX-JQ@!{-j)M(cOd4oJyee!!lphvqWfSl`*O_vOm!WxMzgZd67=P+vG0sG
z{qfUDZ@=>bv5GyK$mO1{&U4r|RGCF3#l=qV_P>Ici1{qA+B?+E0GOX&yN^e%ibrX5
zh}Gk7ksi11RAl+5gaCD0ix~Z)W1hKDxH-da;Thz~wu4TBiO=$nw?#=p9Yq?EdKW9%
zRxPa0{=HbyGyQuh=Yzb1-cx00`sn0emIVG59bK;Nh~`4C4tw85hGq>O&*`$UzRj!(
z>ggR<k5fWA6D1{y)=~?!4L|aE$*olsjv#`#OOs=(9%g|tHGBWz!%U^_jVL7nMK9+$
zi$>rwS`Tnr&%chAeHisx(7(FKLWC$t|5Bvv(m99G{5A_?XFmHWh<PCc<ZTROy|PIf
zemCnWe8K#)!ly>q3>D7Kmx=em(Ly^fmH;a=h4-&MFLeue-*4yHbR;+1(t|&)PR@++
zIo>F7FJG7cj9hhF5Gf8-v}dPYAE6{3C!iLD{F0p~;t1*otG_hfP9dCza6ishbIqS~
zCgccGt(V>R?(9?=qe>qiyRK@zZaYFiNq2AR3yl1#Oc#*Q@4(A9v7zG2?QXMn%2DLo
zbREQDL=oU1yL9{g@tnA@hw0#;j;;&LofRFCn6MLXk(k@(YZrZHNivN*9ZHt3^hI<t
zhR?xfL)Oj^@nl-=IoVf_n@N*Mxkbm-gfFtLC!Ag`@Z6L(eSb7oIRtGXo{(`PjOfWT
z8iKrH4te2eJI3a%NaW5AaDSHlXErk*3|dKWn|%?VI25~iq!lLLsm8g^U%^TJxy>_^
zCeDxM=3`ES_yE_q&KQK=P@vqkgFV7C#c3_-jQT)BO_Ub2se&iw2TE>DaH`y_f;gVB
z(*B5|LT4-Ri#{XVp;ELz^wrw=6dPqo8UC>SlS=f+`@Y*VI1X-J%ind@`ppzFIV|kD
z538g(W`#x%b!p3-z;q3s1)F(^vH~y4@pa@L^^L-(yRjd<v;MvgByV^Lpn_Izk%JET
zJRN4Oolno?Ph>m3fVeay_Iazg^>?T`YdN55bz76~XadHY<jRFDp$EH@A>*%xE>{xB
zj5nVDM=CV^%>|{hp@n4m3gnGKe!C8B^w0+P_;9-GjITr3GYXaNCq<`AXnxuRc7}6C
z;;vut;rU=x7Zc)6nLN3Z;6Dy8sBfq=a4@&ob;xZ7_)zBTKRZl`)e;+e8XW7o4g&uI
z)Z0GNc#V7~<Nm_;fu1lqeASR<mzb3CNln-bBjutbE5y!-)Xz;(wk!#4R>bA`3$BfT
za8llOtx3It^XpN_-{xefKX+=Y@z@LQV`%uv2|CESAMyzHV59%h*Et^{u-~#P-B{Ca
zIox{>1)0;E+fdQO@Rd$)e7z^-WYxS+t<@1Ete7&13J@66QW=4gnk<*OpU_L=U+NF9
zH0-8o=6pMU8G2)jLqWzIv>B<u&)tjtHxH)98Yo9oMhtCi26EFUNZ@Rfz4BtF!6$Yi
z*kwL8rQU`Mj-h5f*4pYUIrk+p<(GvDVbtjOP%ldUWx(j%S(=;N^T|FxPQVd@UGpwJ
zwlAhl+N@(eV0X$+&V=SB@ykOew`ndG^z#QNCLSYThlExFzwZRhEgH#|aAh264&kb_
z^LP9@9a229rU*9!fo4xb7h_xNC+8w)78rWm%4HXH2;j13D<1upV^4x1tv4t2B8qi5
zAQYI?F92zV*ZGGuNNJs}#Wy`c&VM2$U*uV*R_k=`1wMso4<Y6dRGu?`yFk1N=fRvq
z_ZsCMlG0empgJ}W*Y1#MvA%;P$rwR`Jj`;{S^{}b8EC0P4!&cz&cJ1-PkKrm{!Y`-
zS-=FeObc%IzGW+gn(mxAiJoRkjZDE#f$EZ5zOqMN%Ib6*G`#3QIaCTO=I#KV;wX(t
zYh1cinq$f*yHO|8(AE_NQ1V<_V=q5k`v2`9xu60O9wpL#)_j?$0&PwVh|Fu6UWfF0
z#_RlX%x@)c_+Ii?@~0O`5<uL1*Ar{$y5b{NOH2LD7ercSnG5(OCZnewk{_mr<VWQ9
zX?jxs>6__um?kYwcPu`Z{oH*w0sCsYvkJkZb3X1S5`*kIa?gZ;fvt3s8wSzqXDw70
zC<&q*W-|;e>CJ|GFD;EjYUYcy<UE?*SQ#DvNjScV;qY2J3D9LiIX<$k;V1^*;3ZR1
zP!T!R&;sJp7ij^W`@_QJ(S<L>cz8q-FIg?zk!Q0cP-%mLcM82{P*MQDI57@rN+T0|
zEI$8H;g{UtRk^jA*-OqNm-z!jUw&SA@g4YEKq?g1#t5j>L~p%)A;gpf1B^Wk-^iS}
zJFb%GZIn$k{)?=BWPrU;&#3tTRxAE1bGAG3J|Xr2s5DW_Z@?XE8B_foTbJ{@RP+3s
z)n-?C$N`wm!YLp+m<%cSuj}@$LCiNguEV;ctckoj(~WrU=(?-Hb~m&c=+Q(Ddtl35
z>i^WjhBX#((;G`f5#?{I6XG9nf6w5NwHe`WTn|mLgNOaRBDJo}zv>Ddr)3v3vW(W0
zo+ym^&o9nh;?Y(&fTv8P`j*p7{HyJ{rB&(c5v-6ex9ldo>-NFB;dKgi{hbn&*TVh>
z{)ck5GV=%X_?r>rR`i=SM4GJrl^V1<ex`O&@ozJgzvhf$>S>LATdSS~Z-?9uifhI&
znT+(aRX{M@ud_h^7IEfUb1dvNBV3c(h0)94R=>LdD17)?@m4`Fb;R*Nnz^dKji(ca
zJHfiI-<R&KgOan=ZfVL+qCCI9_;^G`KxA!<9BeSMREC!Dq7%p_v2d>iKdn9u+8UXc
zpAuo586bRtA;wV6ZHoARI%YbMCIgki9-tmZW#fp*7|uT<tU;(P0>d|d{dxZq==Mzx
zRdrlaf<)@o`|sR9)c-=3r2X!=^@0aS*CCyz*lA0tptVPV2viK~Ro($AVG1}wF_^_*
z<gaZDTehgy74cmYa&sej4I<lq@V}hFX{Mn-bLw*H0~D1150nvMgx!Pu4-s3B(XYd8
z?{$5X2NHz)Gz<pP3hMPq_5=Z;Uf?B(f_6q+`eIrAhhpf{r2_r0nf}EY*bmer#gfms
zzls!Bx(f;>5{viwarDklr|~}E6+>oSXD};1T$ExG{H32b?XadkmmcTJ!t2QyRXm_W
z7x3E|W7)Nt)HB-{2dsdeekhdReIIS#l{e<i?5KcKTFEtJr_C=@$Anq<E#gkMGPhwO
zhId=Uuj2!^P<&|L8&c#_um&H-nN_&IWzq~&CL6QTe|SWp;P;ntHRX8HI}`cvZy#RA
zR_2@aBjlJioUu^v&;2W*kpOyK=*2n1i|&O^t2Ia@J2e{o=-Pv{%t1eFlW893yV%4~
zXkrqQ#`+F|oFG(rKTwQo>m3h^Bt-}Ja18N$T-Y)BHmxR8Sq`+L13f!~GQy{G9q+$?
z7Bv9;XB;|I#nUU!lNfQyQL0SAW*1Du9Bo3!Z~9wD0-GlnLYc7TA!6e5DCB<llul1`
z_~PPu<##%}=rN^$Ex>JPRL%Ry6U~%#b&oYDNmv5oBKU=-F9ycVmDLx{p!hiGASs9>
zfwXh#yej!o)s^IA(*;~Yx6{I>7_)08z)FSb@$8OSA+xI-%*1s&L+@m<&?miS9nf&;
zj7-SCPQiX11{YO(cn)0e6LYusX>Y>P%dlg4(pBxZ7~P64AyzV)?;g(+_{Wg~ifDTR
z?wd2+i-q;xH8Ko7V2V_`0h*f9yjCC`pPZ)kK!;PR=d94L)$pRw^6T}TB83D+FPc-4
zOfX9?y5M!w@r+TYO{)dZ!KdQqe!5O0g*yvxw+YX}b1$Iaj?LM+@pMfe{@;p#4C6D8
zG*!!|6Ab?p(spp@D)V@|sl4rs)WWqD2kIh7F!3)NdbA5+$Bk2W;X&GONpE7DsI-W1
zO;pJzRwY+<)D=g;_1u%8yvr$?WKPWW(LF(R<sP+Ez0RGdXl+K>&@+_vivvEk5y3si
z7cHIS!cJdzZhb1VjAX2weKAy(5CD~Y)D_NCMjLg|#;mUr=J`NF^7ek2YuCP|%74_p
zk(7nO<$}!A17JUICf!Ul^IaeYMM5uC;3^;rEQJt!?xA!4s?<6#rc{|czmm>A5~8G7
zD{&hT?~Bo8xSP`wNd{u0ahIVLAVf$u^FsDKg3f6;phZ<o;=8DI2!xL{e+Z;dtvJ{I
zm5{RpKD`Q?$(&GZ*sa((t3bj=ce}P^o*7>(8S3PpFDO0W!=)#GYYwR4h#=i<jRn6Y
zb1^pE-hY!9#ND+X_xR@@@sZ6vQhu6Z+4L@UeCjDQLgkwCjl)jrxg=!_9JT)^0Q#p;
zKHY_W02RJN`d@Wnwwk83GtG=ScAp1QNgNIuXj9F6xi3S@BSSRY8GU2kK}O~KyDr?i
zd}p-KXe|-@tnXvviIDU6TlVpG7L*j^(Cjve1Euhp8jk-5F9&0BRQ#vIoaO4SzNaee
z$_G^dho7l%vt|aje)XoK%w1cQkh5a%w_dpQ0b$r(ts+~r4l12*9HX{sXm1KKF+s=n
z_GNk8PCnXosnfXkJF7}H9~VZRwDzK_+r7);X~NMZ@(kNewa?@<w#3_Ta^wf6N%_@_
zBkOC%Dn%K9zu47(!Un*L)e<<DBT8<Y0AxfZ%Mq=v#+Q`L-l)5OAeVG1p9AG5^cag|
z{*j1Y!s7?(K&?&if}C)Su21#$#|x=FSxynPP|{H=r1O6Lc-Bw$?JpeLP9n>XZ_Ns&
zm}qNQTWP~i>^Z%*8^5qj^3X8M{0uuM*sX#|x0Pd4$FWrkl&BH?32Q@l^-Sn5=Jt`r
zQ1<^0ZC{;_Uo&Xq2KoV6JXi_kP$Bo75v2PeW=E@7-D03q&crEvmeps`ilKFh^U2rw
z{OwK+cEE)7y7c|PuW91!qD*ES2YFtUbm@G)r@@%?5fJHTmg}JWLyT)yzatmtq@RL|
zEYbJVo2five>gk=(_<xgt?aS?Cu>Zc3>wW(lz6c{Q9e0NSIQ=uVkJP5<%~->>Y8Gs
zAl{XXilOS;Oy;*4RTw0M$w3+Clii&P#A=O8lQF*$`s!Dk^wCI>pnQ(9!U~90?emG(
zUD$f;nR*5(nDKTQXOHsohieMNlmJ}x?*PlBEq!4L90f49Y<v)gz|R$<vzkNky@b%)
zuarfY!U)`dsF8#WeWNp-NA<RrgD(r01+qsyj5_<<7$+)${!wxFYWZYC9Zot7rY(e}
z2lgK(ioQUJCxT0RXK)UpZX7SOsdi$?8nGjK;HA>^Mjt(WaQ;!FB{hD?KyV`uTo9su
zRoQ!Rd155<$Xe5`A&&iPo0k!%%K!ryJ8BC&3_lSdB7%S6zL8O2kNP-6+7A(qIMGQ~
zY#E1HeRBMV-QNeN=M(BQKydD2X?sp$)L;O8SZgwx^pRV0nq*>Gwetqt{b_`P(?G%!
zq4m2Wi$VSmtLTNNQrYDCE&?`H@Zod~MK%q@XMPtVa>#GLY$~wMA4o=ZQCwj1U>#Mn
z!SjsLd%X7sVWjh(+&5~TX;<DXnrjNbGzi0gaa<?}=)frs@dhjnl`fwC*oLi&{MRYa
z$0Ir5*J~?pi36Bq{4nR^DshL>ia6oVUX(O5jvu*i9=x|Gy+eJlVV~h@UIU|O`pNPR
zBC37f{6Zu~A^DK_z8mYuYv#S>{km6bWCH4&>+gn)Kf<_g4>O2CJP2Mc>003On4b}B
z@sK{iOxt7W$0bVv@b^hM#Hb{~;^|J2@Yv0vG^BH-6&lC?G28pn?!;_k@B<RubS_Px
z?Du~}y>(nu-yc6NARPllnvs$!rG&)jmJk&MWt1X_ASEF%IwVGilt`-x5&{a0kd9Fb
zQe$+=7&XSW``i2T{e6GGfA$A^T<&A%oO{pfyq-1F{A!}Fcj-qI<}W;dqCdaxpNcmj
z8a(E3h6~?jsI-U<OFkR2>53T9Q0E@eX|epO2J%y?^-@30`#8X7w_<(5)rRN%BQrhR
zYA;Np-yKGxX0Qgbn;iu_FAXTm2)e&jmWKzPzP-eZuuLV)l)klFw@bE+49Yn8Hn!_c
zQcPA3Y$U>Wapd~PdTGcfoeU|!9Hr4MkCt@S!-)9<r&GluchdrbFjgl0$Q39|<^QyW
zw0y`}8ldAC2V$b{11$r!^OyJOmxViyit}M#lh18*4_${c6MlT2pulLy+?Zp&NR{CW
z1;N;@wB=ndr4)qE)GyhX$T3Coxp0n2d~XSp=DwnXQg4u5rug7<*3F(l+IVFbp{eLE
zExMARN>8c962{@AUIrb;$v$rWye9j=CPiR2%JL$4jb9z@-`0MJwEt3{>GcQN?|*u9
zcfIr9Xdu77^`70wU&d>P6kf)2`Tu^sO~dwV`nsH}VTO!4Nk~2WUS|~zpxe~>n-EbK
zyEZ0HK1!t(lYMRbc^e<%Wo&jFpK8JL<pd1g=`$3slYTkvotH?`I{W=A_`BY&n(>UP
zJ8Q;$oWU;D@m|HWu6-*{1^*U;9ow4%KK+7)R%4r*zLW!OvZwt{ZAqFh;g&v38SdMV
zMP|$;I|XR*D6nO{{db=G%?)5;b=7`tyWADMl~XB6a3JMt_^Nj|tY?hcg=KsE{g?Jj
zOTl*zNnE~yn&m#GIfA;cS&)KNeb`E&0_Yp&@O;bTe)Y!B*<s<Xj&dO+Q0zh%7`94P
z?q()wD<-H;Oc~^EoO<FI>{DFip0G?Z<j!xFTL@ufrUk}!Yj<$g;8EQ|cfEeKl4U;0
zoNP#zbas}N9PbC-AX53E!Y*^*_rT-+<Vny{p2**bQsRK|laC|LOROannje_XP2dct
zN86fmn0p53kACYo+SOu<uX?1>PI}Tsn(2GAQ*qbxwpuCMCc&^^{v;g3akqHrrT699
ziy#EUN1+8f$>Pc3+#EN_hF3kxwfVPJMh=7ayux!n3swn+ok*`g+hPpm05kg)3)y_%
zhqMReT}hSD<)M@tic-F(>sI?D>5bEC2;daccrYn(shC!M!?ARu=;wjXujobIk9Rl-
z*%r6PlUXQh>EEBz=kLj*5hgJT1O6z%c4q6M;*-9gTWa5a)g5u4HCIY|@vFSHG|8;F
zx(qpbr_H26$s>}14)|T?^)8Md1|~Ux7dD~1m3+Tj(-H|p)eIM+g`E)8mg1|Hd1k6>
zowl-PH`D06S=(p<<$0tob(AnP>|%7_8n5__mtHIWI#)%B5|2VYZ8~M#HO!j(1k}M{
zq!S;fGid1Tmxm$S(3p{#nc<TvdsgHSoXr3kGV$$<PR1THB|3dPB)d`4CpYkW9qY2$
zfn(8IHAyEM1w~qCj=gb+%A}1mns580X=`uKyFlA3QZD1u2^-<Z*aO?oej}8-3s%<u
z(W%y!=vc+#V5}jZ_*!uSH#iW=z=@V5iIXh2r4f%^akYyiCvYVB0<t;4mr9m%c<c0E
z*c;?2f_6*B)`bGT&6ABU-|YH~tKFT7T3fZK8(c?!A#3evj<??hzfO&d4ISkfUYgac
z&vbn6_uv1t>{JF{B$jrOq3E@Vg1-maVQ0y~vohZ4zZ4uWMtQ_B+RGnbVUJ)=(U@W;
z*_svZ490k~$@<U${$Ce=8VyYYnf7`B=3Flx<M7bsf?Dj92u<+=DTq7@+#RB}v0goQ
zdmeT=27-j=vJ!1DlDQ<Bf!*E;V(|@oVGC^*tP{|4B}x-j&OgGWdtsk+MWbSbV8dho
z>sb8xls&f+%hBx52$C;r>qOy=mz>;vAV=`$?TOsm8@DDa{I_V37-V)JQcvMon{MfS
zvaid_Ppo{Oa<nEL?H@NykI4LDTyIs*#6NEGd3^FkGk7gG2@Gm;crwa}i!TSPkeE?J
zm;le4pU<w;Y#M8%9%ThlXellQ{jAt@48Bq!j_%^1x^~a!8B+R4OM?Gz4y&7+^gY5O
z?mUHOsi4iVbQejk5!mm~PGBlThTxB5elfvNyy}l|TMT^3liZ8`9c(lsI2kqm1{t<9
zWi$%%IGpD3=>b1#ohB69GJjy|6{OeLeSCg-)d@|@x=L~K$ZACqI7eqF`Gmtepv_iT
z;R5w@mu1G%wNce+)HvId5*!@aVRugd@r{_FSY87LSL=SyB<R`AIMV*?tfr%McBQbW
zwU9Dq2K9vsM3U9wCi|79-&SGzrG37Yfh^xujA~Trk0+Ldd@u`hTf3Ze;SmZC6>cY^
zbmL`%-6a;|&Ik&xRfY^<q=x8iZ=-lFP}zI_o(kZM>&BNOdE;}n*l8~&DvhDK8d;W|
z@;Db&u~FOA4~!pMXGy63o=>^`#=H?^egeUQQ6uO!F8&qCfnuHU*rk|IZA*<05gy7B
zRd}v`thkb`wVX%roB3{JOdU#?_y6?vy{ovG>Y+|v6J|;_GfejoD#IQ9!{0N`FwIE#
zH)R~p_ixx2n7_*QC4DINb^#eiD8#Dow0N`$llApmn1kUR;U8B^1*FUfCwC;87bC|H
zF>;#=mOs+vSv4<%d@F>kMQb<PYiM+0S3pDbke55$ue#IMp~8!^iuQ_4Y({6tB5kgM
zmXAQ$UvJWSx5#j7GFRO)dubaJre4S63-F+w#O{6iRx8WGC#wjJ18<{~8kK=Ux742j
z!-Ag-oroWDdgV=H=x3bOpO_Oi2i`RA6t@=(Nc(QyXp0AKx)LkdSUHNx!~ilsr>uy{
zVyAQ@G$qQu?G^__L}+|@j>bwt#gh!V@q{`>V+BPE_h+e*&_wRz_v(xMC96^A7X96&
zFoS!}dY7|5vxJ6CRn&kJJ~(QAY`8Vl6F2ezIBAA#J$bb)%lz?a&Er^A{@bBUVO#iP
zt#Dx!FJb<0Gx%V>Rx_K!h}p>bB2>lf^*!qk$Kuxi*9+ipuR6&iwN|P^+KX@_1VXfl
z1FQPI_S(0esZ8^U4=($jbi^=YSa{;v7?m0rRV{3kvnI;iTN@jCI?!3!uPG`m-)kQ9
zoAD8|p924%7gPs<O4XvE_{U+ofTC;1)6yII4xznK1*cjCP|~A?z8Ju3HKM?RnV4hX
z65oy>R>V;TsaT%>F|GVif|JjYy<n&HnRbS-Z{Lm2>9`~Ql=WM}k=UUDZo2lO>sw^#
zGqEU;umsVl7Fzk9X>0y!bGMjl*FDJq?VV1x@a>X7uiGLbw_Yv&9iW)j8F>wJI#FnV
zW6_ZoR<bj_zu3bmm8YTav}&C%U)}Nd-bUQ`T5M~bNy^a-wS7$Ap0a=Lap>cQ8a&P-
z6kiUOS=Y<{xsU(zMQs+KO>`!PQ^jVkn^7BSTnp!3m@>MHnME}m*hH^XI->k~CV9~3
z)^=#At)$(on=cqY>YN6H@r)by+XIEZrj{rYHni6YhnlU90l$E89+tH|y|r+xeYAXd
z%gs%M1L+J7xp3KrSJ8t3%$nQsH+a+&7&zP!HSX@Q>a_{cZ!mPWp%jdA<)!=3Q5$h6
zQDBMf?^4dCzXq%-lETW=2((5M6U7oRf&a0FyfVrCEJ(3~QRg{Cgh%9(>rk$g0#hu0
zz-TYK&gZxD2`FqH`Jz4#OV3sOG_^;9?IHgh%YFK>#NZr@zb?{6_eENb!=noEEXCWp
zoSVG?m)=Woovg4V5Iz5GL8B<!KEtVE4w+B_A-(%2k-+?clu%P}r%>X{v)Bi61Mo~;
z#C~_jeWyX&vc^o0aqDz(i))pnJK|Hp5C6Pg>{^8dkl62)3t&rvj{SM<e`fs1`uXYD
zhA!yA=19n6C9lPszhAHLMaKcMcVRKhY<Kv;B@m$PY2dvDPG^9446RnzIqa#kz|VyE
zsc<;d^3Nt!Xy+XxJc;7fQ&l$@S7B7ed^WxBI49puxweZ=L5oZCwaZO7;{t+c*9`Ao
z=Tjyo5mMy{LA{NhaA4>6SBfZ8u9_5#h3Ids!+W<`Cy%3p?h5N4qL{ZQ9S`aIs7X_u
z8GEZ|Xo~0x^|KX8Zpv&KM#b7qis;d!BjAga^Rl+JC93dnZeAgDgWotQ7#vY~AKIwM
zhHW7=dVik&gt~{GgB+m>S)B2UbFiW%7-!#m3`Pt)Iuv6BXZ>2k7ky>Rt0TsGvt_n-
zI13_`Q8|5AFP2Utbb|?-g?OjF2{qy6cUZ0%=)rh6B3uzfO`p~jaUs9O0fY<Px|yh)
z?g>|fjgqn`emOjPqh6;p*GrXyBx^&uX8N89qgNrc304+pG5$@<7rqCX@2y)8BOECS
zj@=KIszN?*BYiic8pSMM-j1;^NH`1?RT^~<UhTw>>-It}oZ1v6B*E^hh0GA*7w43U
zt=_X6WNuQSG3Q9WJ~q7TRYnr8^5gG4v-e8&dM0ahWsGB4`+t21R+9ZilWalO9)Bv~
zT6tSE685qv*aGsf;obeOmL_Oqs8__XfZTPl5YKvrwHu!aY$3Yv+=H!>1k^=pRO*Dv
z9zoYD<yzuW+O(9l8*e0=b1o{3M<<{{#~%6TUcH|DK9DcRt`Ju%l75u}X;zy?$G2<k
zAa*?x(<~_L5m-#pZ4CW24~^~#2;y-GMosv7k!0ct@4ebj>plKr6YqaMiVpfmWbQ-Q
za0@!>oMZodp~sk%JW*ID;K=3AcPW#f;E<Xl-aMFM=adBFRxGh9g1N&T!+UL|D6(I`
z4Nv*noQko1r4h8n+CSS<m)&s8l|w=ns6W)Wc+|D0dbEBQqtrf3^gI1`!B{4!zGVco
z{nNhCe1G;H%gQ`h`t9!-BlaxYaA4+Zq20^i%R>o8m|1e7R@)oG-LH=);hn2Id<!bM
zE1N*k)4DF^o{qtZi<S<qc^veAXd-WYf$D6;T~ExvaM~OwF!^M6R;9v_TbY|YGo1s3
ziMBkG&D}p<nexkLHOKF7Uc~!R3toH1!1uvYBcE)~JPA<?rb?PMe*FT@#oQ~X^RMA!
zmu|l!Rq(g&%~Zi~d0UD)kz&HDiN>O1y_829S;=Q(B2V1u0}BNWf;kgm*H{#zCk6K1
zen;9HIATe(jL#+;l`U(lGn@^%nTVezRB@a;Yq<QNFPH3@Gk6*{296(lIfG4^EDmUe
z$ag-PMdtR~N`*eDCaGQVse5EK^pb5zkoS>S$2QI4m#<9i5wF4mmJCy)#uFNUGd;`a
zM`xq1Rt%}e)a{7&o2Ba)JA<PlW(OKBnqD=a^5UNK<dPZLT3sRMLKdw4bp8r3<te6`
z`8s0-hm0chkfM-_+=T!p`V0-+*89_1Yb4wY@$ObF3Ys^~4!IOew{dk#m`{mac8M@n
zpCbk1c3Z8P5q}}b{mNk=-X`_Wi^7F0snX-HiYS*Kt8ZRynvdHDai8wv6l3~k#`)NF
zXK;+P%BV1}4g%;%t^Lmnx*wvtG{+iP5z<cyQ}M^~99Ot0e|H(c^IbN+DS%9E${0*y
zr=_mXQ1PuEbsdDAXK?1@*i^)R)o-)D19YQ*t)CDQotI16E}sb_v}S2p1jHh?6-kbM
zB4DT0UaCw^lCNZcqnb(SbOQ_jAE)nPXx6Zh4G6Up9Y1a2jxnh0yPQoKc0yN$;LQ}L
z@P*(EH5Lsc4g1&_JXSgI7XUQgvNCY<5xvt8Vdt9%h?z^EbTmX-y*Nz8PGK>RLds%H
zv=N(FPZ+*EP+4g3Ug=9spBxt8<_G7={T*<{LQVLUaKY4|c=5=Y4f>$B|3c20tU#Uy
zepy9w(h3|(KO0`2)oS*1RGHt3kct?8mjNrxl#joRx#Cy)B%XDWt*D~9)AhPhdw2AT
za&F1>TshD9Q$QBOrV&*=Kj$N5T`}&80$Q}WwY6kHfWbkDrtETws=|I#fL84|(joj`
zVxx7^QWG2PxjR;<xF7aw7+?*OnJNr;frs0VL$YfhF$bI8xSMJlSq+;Vn^>)sv~R=;
zk(}Mb({yQ;t;%*x)mcxdSgxmv@yz|ztL+B0-vpDLKOscgVT9ju-0Sh%ZlcUA&exam
z6sT?ep%W_EY-JxX_@bHIC1RS;Ly`j!4q{deha#N~;lgDB4_=A(G%7y1NWY39gic1U
z$kM<=cYap9a>RmJWRRVXPf4Emz*l9yRq;!)c_)txpI`ELD}2YsO14NR6dd=IYbDjz
zE9+axCS_7vWz%BjjW?uHaO<O!fy{By<OQN2Q^2(7&o?h>tn}zYPUpu(X?w;6bV${X
z^&pLuAbs~t5%8T4XP%Oz!~;CM1jnq&Mxo7o(P2q2beuKRleSNK^PAJa0h~E*N$3RD
z$6)WTfYW};eF+|Sr)BCl`DqU%Yj#-@CeGpea+$IBjn%)z>R!owyBkI@77ZtAg@Wl8
z89^Qum30S4z7vtkU7+S+p0b|pDOlBYI|@~Db$^#{#%fh=TUI)fnjw(TU*GocVNhSw
zD>A<~k$(jf&Jsh07aI8I`S^&wgcC}_mopcZamY!z)vCHiy@zqxhtdv?63p#2b*5QP
zP0)KYSFu~uT~u!noy)vcoLP1~q<@QV%dU$e11(1HtX`#tvHQHnagQAAHg6F~X7E#=
zi&xF)$709r8XZ*Lzv|KuoE-vJ1#~s3UqeDpi%W1h<S8r88(_^Q!-#R)6XcI$RCTC~
zuIuu=(th#8_rto66$6(R1jD(8YM`m&pF>oa%boKt*;hfQoKYZzr$FFd229Q~h(S|i
z(}7H;hsLNscNbOi+ltTe2fC23Bqk$bOlUquo|-`Y%$98LZCg9`5dny|pgzcw?^99@
zkTVAq+~x^h45dzZ{6%d;ySWF?X|=U8{pEU=)^6KUC?LA6m|A_rL`sBM-je2kuz2is
zcagW)3Fl&|_0xaEyUZ7FNTcu9Z|+TL!L%C^kn)|IZ<ZT$R7(+Zg?xuP#9pwTIDvNg
zgPg#a^e^LU{FrBD;=XyL46mTh94U&u2o=p%@c)X+JMW6F-2OI2hDDAZWM=e}QZ?LX
z`!7B~63I#l`)6Q=Lvy-wFZ3L;rSohGf`Wf0;|K{d7CzL2usB#0g&{0w1J)0_6DrxI
zLZ+hE=EF#N=aA)ZUeVu`W6-pIY+GQf0M+$Ft}M-?7{~}xSHes(?160~9f)4;6T<5F
zM8in^PbJKsbpQ4(cZJ)sZi}|?m;+-IyZ5!!H!sOIv8GtfkylNw0O2JcpiT|_`nMrn
z;5_|?RiQ?xPP!0GBl)6Cks$`u@1Io&sZsFj$?uSH{(4bn&@XTD;C>%4+oZptj^cP$
zyM*&~j&nTC+x_X2Ebd(a;l(fI%CjU&W`3pyDb~7Z<+&inJ$X+J5x2B1pzMyjVY-=@
z-po$|Vu6*JdSOBJkB^k-D3a8_4?Xw*P}0o|zuuF&hy9Su*&~>FjEkmWi7m7H?sGdL
z?@o<EqMF-eh0Xxt%rPl4jbDySXeOw+l6E(MQLuJfKdNg68uq0R+U+`jqEGA;6eJAY
zCii1s{d_%)f%rBcJDrrSVK?<pim6Ba!NU1GZ$f#L#P&@JF|;QKQvP7wCBwEqjC`#J
z6TZ}dw=+U3;z<jicoSb^MDtPKWi;^qx6BYDRnbHYkD3d<y8Tx`8VUyJe){cB6NQ9Q
zocAoW%H)hpC13hJ1&3ujLfn--L?PWjpL*}~AXY374MKS1NhFz&KW?%~G8(ov-A6^L
z588EbTGwnrUKA2=Dv4d?)$A?=1rJT|V8Y#!33tK-rG0zFqFj8JTKUudrTUO{-l>O5
zLjmi<8P-esl3{=F+&VVo=ASB>Jxuca0{wRC+Pp@<wv0#4K15k_`@vvhtma0lnB?~y
zqU)o%$Fuhxz$QzsGIX(8I3g<(a}(e9Zt=c@4Q*D!{aJP3ax6{kt^2vxce{$2MIr4$
zCs@qsqmv;lK`1&>>^ilJko2vPMFapEjT^Wtr3T0~DrmST?>YUvt43T!dPCu(9Eq@b
z7*)Zmchgi9UOMI;QQo;BzSW1#7)CB7^m(&zjbWB8T{1In=7KQ4nU^xz5_Us`27r#h
z_FS6!i#i=+1+=EJkidCbk(2n^y?1M=#g_(4&ftiWhCe?Z#~KDkaIn!(Et-*IS`|?#
z($U>zFL~>vU~jv9^S~o_HUjr40^^XmdT>738AX;>Nx4kt!sBo^nw~k&z?AGM=Er0X
z|LnzTm#fUmBruGI@Sdtx);Ti`e&Rd)&KwRfC4Ct6(?t%~Yzs5PZ@FG?XWu83!Yx4{
z6a7oFzhZ)EC}e{v{z|2b#^K(<9~1>WKwE7c)_y!1GM{E|2h1Ysa2WxwRWAK}wtS=y
zy`IBTc!AakRpbTad3)ec7z=mw^P4)NMi4@)TrQt;${D++Bp{iS+dR$su9lU-7yNRb
z9(&~|Hx|W20dXgZnsIbPQV<bH)P|aO7P-11KZq9UU5cl1`Z#kj?4b^e6KVcJM(1#q
zdKhT>WHT8wLe68odcZfRjmva>0Dc)uCj>Kyf;|7FRUJ+xJ;$vj|9VfB3MQdM+U{Df
zgj56xk5+xV@;b7=IM_&SdEIpRnkG@Xo%+dJH=xI5B!07Q0!kSWK`SC2ZWyMF3HY~=
z_(tg$-xh6JtXI_XXuo>f#=WE+8_nmMOLY9>jJ+_%jj>AzR45y{4A)EyO5$5B+wH=p
zxxR2Hm(rer*5c@nsO-Xr<6xv)%*rTm&ENa$5c#j`4<iL<L5ksompgR4fZ@wI{&q=v
zp*Mt8HQ+Jcd5105vZ7K`_@*u4nuz}K?c_Bm2=K^(5oBy4(XWhPuQvJQ$YCGew=6&A
zZst=Eb^{c-E5<roO5$++q}^eB24eQ8>a!#9{iGm`XB3yy14b#*<6{iEbllYTvqZfh
zDLibk%)W4^;syooI?@|*V^AnR@WZF;8mH&{fRM3^h~Gh6$=imj_&2Pi^OXQpPaTS*
zngK(3XrX)YdDYQK$J{Mj{?Rfy$FWEDZu`^+DHf~cYl%SHIP$qwab-wX)bb%D?ggEN
z4#e)e)2mwqWe-bhJcX=BWjTy$v=icoqr*(nunmMU4#LdNFoU$yIg>In-!fx>KR*Ta
zwoT=eAdG)WcE@Dw?d{%_@^W0A+$5)LZ&jG$zEXe@`-2b8Uh^bIrVBDROxGmD{*#jc
z{}4gorSMu+UyIyTPUed*6^c5`io{>_>!0r$d9@+$+h-Qaql>BY!m9Q2{}~BlYu@B>
zZ&DOwnQB^wYH|ayB<dfoYW%@?djHaAd$BXX-0csBEYaXWJBGaCFImb-3!xmLYBUFd
z?U7rM+bn8dI)lxgF__%wjEMA1(sZm9BJ>9kbI^bCQ!hfk{xJxdTiDEiR!E$9JGygD
z!ZumN&sq(%0*8*{Vs5&U6s00Qc$ETK+>>wPZnJ*WIR@PL#oW!?CE@|5rA&ortcUPc
zMqFKBKN3)HR9ikrPi!Fv=mVc$xlFPp&-C$u94^A@cowGFNT~E$3A$=g#Kr=8%M#qB
zc8Mz*SUzmVayd-go~N4rv?#}cE(SQ4KiE9{0&nZDXnz4ZxyJj19ziP-5c1;WTIZ&A
zg4;AQT#ffMATU@ATus=nmMVO$#X);*NV~{QM*Y&N93n^Nh%P_Q^xH=i0TbX5!oA)1
z-5y#8TbTvs1BJ+rQPGy~Lm1T+HCVRyBtfZ}7?xBV?mM&2p&j9h?DNI=>^zt)7wENE
zPXuig7g>cC5lEQ1q!1?LqHzLWh%tG|5_Gz1Fg{ATwP%L-71Z&N_{ZM!Ek_@M@X0kf
z+CHb?!8aWO@(=g&W);Fg@R=&hk6bIg8k;)OGCrFPoZ-8O))tklmEpZztF-Y=BQ@YO
z7!&dKnKTQw;o17@57{L+;_*z4wVhkCk^fuPm{POy;E63bEklEdNk&Swu)(y`vCkyW
zu1i_@`SI+gFF}T-r=vuXU+?Qi`5HDEW)ZuxdFPVbhasEZF0Nao;6i`{zSU3;IfZ;Z
z7A)cbUz{g9!cY~x;MxqaSIkvcPrmhS;WlpwF#}&OcU<F5gsHW$bo3z79R9DO?!Pi-
z^vEl4avC%1DjD|Ho67jA(vpeG@#P1Z)yYpRpCuzt;!7ri*D>@S&#i2+f<=e7YIkl*
zI+C5;g<%a339aGvA!J`&<yRCT?k6+~;9S?!q6d~OaxSmHLF}o2(92LLS-Mt2uY;Y*
z$lQM6C;EB2uG<J<)ls1K@YM6%y#MwzZi=e?Nk&I{xr4E)_i^g=JjEw(YJr_klTf{M
zI!Epi4a{+Q^NT0jaL1RQh564t1KYmn)3xMo0c?RdGk&$piI#yp*)_?jsd1$z#S()-
z9}ARQ2QmCgJXLj%@yNUziRx1gQ42OL;lW*YA*4%4nqXrX_3XDpR7)Dtn5_9J#T$)U
zv@#{ygfn2u)*-x#-1X)lia_TI^=blABo^{lDfa7gNv#WBwCiw@KK?k6!SRgo(<U4G
z+sN6A&4F(jY~lxe`=y-N<(cZ3<a*NcE~vgTBH%@yJx1=uJN^Zxi=mKgS9F*DR@>M6
zq|6&nDZw%~#9n6qoVYTC(0ebN(fSI?uW6s+a5M`C8ZiTpBa*d(MJVo&ra(f!mZNfm
znAooT@%re9T25#bcu_ZF(?f4B8*+A?^eWU1ozUcSsJ@Ce;pRd^%Q%-OdcwK1&-)<~
zAGOq}KqDW|HfHX4yoH6+{;l%1zU6m)p7R~>qR~z+;7(DO466Y(Z>e(z;#i%Z0vWWi
zyV|lW*d`DlEcWlS!tuF%uo1fYYbZLVg<mMth=RcXx4zqMMJmv2J<dCNelKJ-GNfte
zC65B(>R;@U?7N=aW!G3**MLCFj3rN_e5FgpOE0Kse4UeKyVg&dLbl^l?HaEs&HXdj
zB%|bg0_W9S!Y=EKbonrDu+y)Kby)DF?G|0}yz2O?27<8Qs!3~dl+2BTU3V206}hA{
z`#_o+`wNYo&h@4Q4Hhtr5yDS1<W6^`or~||XUmlFpr=yAm)E?*5B%@^Ih;9Nw(uaH
zojo|x6Dbh8sNwryqKIc~$~|;dnR)tC*pB@L37IGQ`8bx))@*4XXedtM@`M|ZMc`?c
zG*+MOBGpE!@W-Iwtf|yq{^?ktd$|c=8k_uHNVn*qX35dQe_x`wt8)ZD3lOM%hUXjX
zC#tB(X)PHj4;N0*OyQh{@cz6~#$CJb!V4ZpsRUYw&d4~p$}!-BtGy&*)Rs)gzKJ#-
zdEJg!{g8LBX$DBKP|7)d^<E_ISgAU;t|g3Q-6m8+t^0s4h&qhcK34SdY2xx3pTn)~
zOKqvB3Fh{eyrE15HshZ5j=Z#vKtf*kC1+4n&3B0^purpWRjw};C!VAq9WlIu8bc&8
zX(3-3JeF@cw#ROWc33bWC=PJivPondh8v6E+W7WX9wlBfa<+B=qJwI_Kf2-5C~a9A
z)rE;VFD7R{@oBv~u>ZRESF1QRD!jkvi5}nj0RumVkHO2|;4(uwET^~N>k;=lPmh3B
zw2yOvl&`&3)r*R)iD6n9b#+RG24)e;`x8`LTq4LG#nTpp=o0%$^q@o=oz{&BI*v8S
zK12s)+r}~I#nc0Cms`W-ezSJDhKZaxgw(xE4Phf#5<%C1bRl<(01ua$-V%t$arirs
z;GIv7v&M%0FCYBoU}t);*AJ84k_%;fTyjU}3*VF22oNxiS*K+IXKHGw#jYXz<mi%q
zp@%QnivI9Xl<zv0N(@;>lST2H0zU!?W5z51cXrtAZp|s9%I5poY!u&t*c_g@EGb#D
zs(HB^%{0NB{gKpEM2S<}yu;nfs&}_7Sz-$<R|Qe$@LLvyBi5H}Shl`q-R2G~kEr}%
zo&|~e2-<w}Rr%F5CAB5q*v|4{8@Hz((l3)g6C^^~F^)kZ<1mnBDVrr}AxpK?AaXge
zpvKLQCqmLRzgZ+nJtElu@TGgwTUou>Pcd|I$HA_Ph<#LTNkLxv#{f7>{rP4MIdq1R
zbNXY5gw%^_=lKm2S2v-bFX)!AM@m70sxyqDF%NpN@PRW_ZBFpr`T1<;>mqD-rFF<!
zo+sq?J_GW2nmxf!FyAtzbuP%VCFF6YU9<g;vYTM|v%_MlkZC^rtF&(F+jp|}A*DS@
zI*oL(87zH}e$;Y#!UDCIvjJSek267T=JT_)EgQ0Jkj`G;FIa%<4=OZno;OrVVD1Y+
zK*~#-g(Yx_`+35n8y1&o4`JaqCjbY6FChbMdB9tyK*s7=5X?97?RPIs<{j@q9!3@b
z)ILSqMlZIW$AEG^m!{o#$0-%AJ|-@}2GX%6HO2<0mUf3k8a*xy*8GgQy&uu+xkKyq
z7CiUt){SA<e8Ao`o!MsujphV65tcGD)O(<-yy3VxPUw%np7c;Z+V<S_0{Y#Iemhz<
zJ@(e3P1kHeY#cx)>`kx|$@u^}7jVx*9c>8Vn@Z#T5)b+XMk?8p)b-(+4`&`i!cUR_
z+!w&JO}G%eCXS06hE!O&#Up1bQnFB8plic3j)|=Gg{u1zNPQ#Jc&NiI9EGZ2|2g?V
z|I(H`aBovSCzH&e#7EZx0#)QZ7EQKDKt(*8q!@+zsa-5f6Iz7Ll@vDLI#j>3t#h4J
zL$doTA(2iN050{b8yyhQ%d`eRCS~Y=wiyAkshd)adJk?YBSh++>aYJ5Rv0U-&#sEj
z>9A>Ju2LMHy~n#@L}|ygw8T)8Rzu;Hd!Y@d<Gveu>L`pwgu-40MEs&~Y{czD#1{J=
zXS_r1r@D@dhGInPo^Me+e)>~<<E{#oob3o3|3iD+pwpfje`bos_f+Ob%07!uZj&ph
zZa5=QY3PDjU$#s4NbrFV3hQM{MV^pdUK&uZtLnr8^S0ckDE&4LUu}Ys?!cj;s7f+7
z_DgJ3GbYb=^V-&otZ*pBA(msq4!nH4im=V{c~44a`^%tVNgrxCW<|)6h2HC9;j0RC
zac8XHpJv>5fciSYB9Fo+cI!Ypg9v|!M`l{;&(D9Hpzn_30i8kU{ZgAJ{Seo&xA##F
zzcfT^C+G;)?Ve&HdQPFcl>pg{38Cs+0DdSLb4-H(!nC|!TmT$@SOn&7XB0Q@cM2a@
zyhwCo`;>Y72uKOHH+R;cjUkp3_%wGOe6b03Y}aXTgBwUrn}2u_(e|NX2HLmq><<M(
z#{zqX5ZzGzYNO<}<o<`kmengfrMCYZ-tt{Vbcd|rWiz%mt_aCmpFV`R)bgHMfj(o=
zWcy5;%yWmo3WpJ1{ivkxU5KayjF($N+13{FZ}A?<&<qc(4?!egADA7?{joN#ilweU
z&p`un9ESmesCXCc*ieOAzaO;EGK4TM9EH6V{8S}MS;nuL(5srj1Nw-iD!C3_EC2oX
z-iE~0YwbuK0=QAW^DXDsKM9-o{CAS1(nxsi4@0*DHC!i8D(fr4*DHidv$qWk1@b=&
zqGmL8vBfHHB*#_-F_GQf$HDtBohgWN*}s9;e4JujF0$sqKoI{@;Lz)hgQjj+68ne!
zU$gtYjtQ$6j*{!Ge{jXB7S`QcncRK(i*i4FA}+krAx}n7-n3iPl!b8*NqQWSpRd8T
zy)$^FSj-FVBs?jSOa1(%|2%9D;yb1G{m>$cj@o0BoSK9F-N5De(Smj(rez2g>-apd
zO>uLKu3eUnJbb2!qe=$ZAJPIqEbDTFpX9ogc;v;)KRrNqM~$&|cM%h-8iX|qA9Lb`
z1xqTH$yvYR*VqYySi>kCrzC@G22e6+2==)d5uN~Wd%l-4GcQsp=j;E(LYco7z}xS%
z3fWOO{0#(dC4noOJ6CgQcH@SB8yu%8+FS)PO#_@d+QWfUA;R|IDl9LILi$H|qE6o_
zKVr{9<Ob*Y6>A_UHD0xg=YjsZP|~qH8U-pgV2w?v;5sb|y;zBcfrDFkq@>I#`Y5=M
zRiAtRMpVZw&};q(4~jXuDDGtZ_PU%1qK2p@Z8W32WnA#o2X*ilDNlp{5hFR+#ck?%
zs39Sq>Qk7}D7&BDm*l^n_getf_sUr-c2r|ncjI{4saK8Oi(lqt^LsLCar)?BzBmk*
zqev>j3+5b35L(7y1!tUNFkR1>O{LPT%<C828za6iJom7$p=h=NiYNC$DRKqM?IN{r
zfD9*dB&D<9=JDd&u&EbP?`#rZ6WI!Z^vJJ@u0O1;5BGFjIM^!|b60l5h@0Q%J!8B@
zbHKbrr)`FlHO<7RGMLEqJJy_`OhLX}N$8ObGtmtDDpB27yZ@YU3bT4mAG&`ECp!@7
zXcmn3h%rI}?<%;qS%X3kF*arx>nPMgTOn5eK1kJ^$h03b=P{QcSkhM<I^tvV{H}~%
ztKI<$hlOI-RFWu>_y);g-G&@q*wFQP7;(B7xK8BK-I1+Oa+u0}w<p10=km|1BDCbm
zO2jqIM0()Xo|MLuK0<%+R2QzwhpXCFg@x<GCbolx*D9m)LJ)R_KR74?2v}L_$-o$N
z-2u-)-Vt51AQ>UL`BTkT9Mki71crzdH0PV(U?f%E<rilP9eV-pHF>DZD_J)E<K2aY
zREs7h!q;AvQX?G?N{D%x{rMZoh%=4j=;E#q`w^;yD(-&Y<za+OIS`#no;-0w>G#v`
zdAGLMR$`iB<s}(d-n}-b%*IH3Kde+2neX){-A$%?5};G*@IyAX2{@9~+Z2ude2e7A
z)N*C}*_cmgBGvGF12VH)U8lqB{0ajgWld2WZrJ{0Mn)^i3aaJ0V5+EbTczC$2gIJs
zYVN}6%0Q!;&GiLkj<8jy^n78J<;e?nS^TQxFWNA&e-`<5bg*@>GXTAMxu8*!R|tB3
z;l5p5vWAGVNZb4GD^x#>40a5yNjs?Xl+Jn8sl+>7KFX!;UK^*6wm5qo1%e45{QN{4
zahL9Ms&#A1!xRo0ip@clnt{ywd6mcg4Am>|ZI}s(JMzs<Qnqv>!wPS%{OVGE)JEq;
zQ_TVtIAjI;(O06F+m9+rA^k9OlFB)wu~s?jBw9puXG2g%%fF}sySD+Ygb@VrT)Kb1
zznb8-@*mn_()7miDYz5F3}Ky}s0f%o{<auEX7))l@7$ky(zTBMh8%UT1faG6vgqVy
zprul}A)7{Q{@p8;k#N=sk(>Afld`f_w)3fNfu$YeipEybI;^43Kkd!sBHY$+=61ug
zJ(;QBl7U<-(YJyL@?}ZY)xJx)IhBJlwPOq;WSj2aS@v{scR%K<@89K7b9~P`pjh(6
z8P;m^$WuIvp_vpJJbJ?EHfl$Xtaz8zGA`(ET}#=Ka*#&X3w=a(vZB#Qh0QgdIJGCs
zsu9%ij2{sXQeC&FDzDttAMc<wVw9Dv=GO7W!^Sm>v>Eemcf!m8z-tEzG@ZlwcJds_
zmVzOOy@>vfLKr_0P~Ju*LpH);5hRPy%qd>r$2n>nB1Y2;yyVcR1nl49z4Wl*{hG~f
zdkXK1AExp+a?)Q>uXuj1VY`<)UU~h1(Pxe0Xn^;5CF>?*NKSJb1lKKis_>dl_H{8d
zX!~Vg3Tj8SRQc8LaYYa<^r~i+iH3$ih@t}v@PXS9mI9E47g(;3okCsa*YD(8THaF)
zI08vL^|IfvvG*iVvlo!OHFls(==pEND-=a2`0JhDFPl?!<I=|ZCRN=Q$Tj~VDiuZ*
z9FT#(wRfQN)q(qTbbSrxv5Fi&6-Z;y`xbrf00`2S@pexNiVJ#cuJg0?;CCOc?c1M1
zHuh68H)B)MW?b{fw`bIVa*Ja7jz=nds)cE^Jd8-+_)PE16Iz~5MPAEMyC_ted5oKN
zO6SG=4r<#=s}+vYF`;fS(4>VsZ5(&3Z{%|r{yOwR?C0=y9<WuM34104Ezi`zuJTZ*
zTRA;_M{=5jNj_|3#Xf>heEVco8{_fOvG{~1`pWu-56&h;4X;QD*u60TLTm|?|LoE=
z;0rR~rD$&<N_^<rN3;?R16_L?feUCp&{AR!CtAb0>k#XVS$xvh_tZ-plBOWeQ;-B%
zWgyj$-5j9bQYD)hgi(e0;ftqWR3YeNSQe8f(fHOA;K)L+K9im1fa0e0NT*M)ld{*y
z-p(Q%k4d2FNVX&xQ$0J$%Rc)ZRVi)I9vsx&qqWNAmE|&ACmyz`k6X(BQ8i<W>s)H4
zfi11BC%D_?(84YFLzeq`;(8F}(*I{Zt%BU2RlKv3fF;l<1G7PYMv70#4Wk?O1tiDs
zRhf2}&EnsPU?DEgDFc5o{_|92&%e^4MFP@%N}dyas>B0CHQ?`odcu3V>YAMvDEWQB
z!(QYz;vLQUj3pilAG3&ryPKwCehuXP99=CP4MctEcFF+Asl!=c2l_{Q{!Bd|ncyFC
z>4Z@M&vc89O9r+J6kQ*FNREpuU0Zzj;N^NuPTwGMK0xbLILT#Z4EO%V?xF(Iy3g8x
z_<N<KVV2&ovM*0gn$#g41s?N1rZR==9~I@;0qpcNSC`%wD|&exS1S6lk{*jF_j&Y{
zP1u?i_Rr_u7a**k3NmTl7>mDd2>TU@6$D}Zw#V<Czu7SxP?T+MDKV`Co|@tX*LBPY
zfLAWe$Tvp@APtg$oDIn8Hz;)p?kwMu@J3qV)u$xtET1_miq#E4Wgwkhi`J9$`}|K`
z%rjmSwWCF&j$LcgHw&PQ;Exd?2@r|R8z_t<JhUE`DRdiA_1!tnp#8wR&zvjdzCoMK
zVOM*cE@rk_zZA@qh59qF5T1ZxulL=NI532AEXUSFL%p}_2lFw<PdQiAiWW9yzYi)U
zo(Y6R>630(iZGk=lkcEP^2PQKLX`namX`CGvD9giJ^e3wQe5UhIE%NyHq<SxU&VVx
z?|lFXxqAHmHXjAQRVAQ8?B9lXPr)Y3jAPmk2dcwZT9*O!F8%DscUw-l#Ei?zObY);
z2v+~q`D8nZ=9?Gl;Ew;V?<BJf>6kUG)-}lh66MhTg3Lu2anxMXwmBcRKzK>ty)8JC
zL(={&uS5zsvRK#<Gz4g<03{M2I|5@P`+7)uUE@9lQbXx_y=*c)iReFq<|MWAgHz}t
z>GM3S{Q2rBG&$yv`%gmSTx4s&H9R!1{{HbS@>jgAih6&t<vTDT?y8Acy3hN!4Bd(Y
zZ}ZC+Fn6PMZ~-_Mz5DroqO(fb%=+yu{qq}Y_P-B841@?;#1`X6Kd3*W4(XEXG3Q@(
z`V?I#9N63$D%52TKPgI}UPEP<)_$^RS}vn0t0oV?-N!v>)c*-|FCh3IfxZjLX>Sn@
z{@bCd%wPCXSHdVj%gmLqJH+`KNL|6}UD<|ze!CV?w4dNlp6uY$hwqN@c@p<e1s6z(
ze|_bTD$YIqq#L}}Pod;L%)`!=_Ylz%cSZA#ChA~Xr=IwQQJ5zw;FQ)Z(350s_2G?-
zGH``FbrUh^AG@~6+k)vMqOAI3UguexZ#}nF>5?0t$Ft-UlB(m?VwukqXtsQh3cnL|
zD>dMu?Z|W$@TKi6I$3OIIH#Nh?Fe5Bmw|If(DI^U=cq_-4C{_udQd%cqn0-4$5p1e
zrB0fRpkcB-ZNTv+4ml_&0b3+Qsis+1<-@A|E>F`{!c>UE+r`q{>P4Lal2hiuhIpnO
ztmP!f4))`uc^>xqLbhnEs-bLgWCe7zxDTPY;t7nVMopB}E%;n`0l$gOdhvdlBBM1v
z|MuKei8I>Gz$^WV|E>dh0=*-w%k<5_+G+6uDPtbSAeo}RpAmlH#hx7<OB`XnEv6`0
zc5BU<{ozxAIu%(7%5fv^zy8h(o&BL%<{pXscPM%^`C@?OHTVI+wF5JyuDysK(Ch*o
zJPrF8|Hsi*J2!A-=ui*N9*CjRSJ#hN$Nm2Qf9Tabb5d|d;(sf4_ZT#mWDfY?D<>*y
zSoV*-6m5Q-&~A5sDOtb|f3aA^Pt_n6Nm27K?+Xj^uOm0M)LviIvQk^Uow1L%`<+j?
zKpLluaKK0=<P0)0YXI?R=BX!f`%m%zy9CHr%B7FndCezthx~8QJ}|45oI=wTIA9wi
zdEEYjzx1ic?(qZ!zYe1DBff)}gl7u{U70~=Sb;Bi@1Vex@u%Q0%nPqvHZNR6dUPCO
zRv%4|wDdQOLI#|tb2hEF=Mxf!yW$wo7%#eBQ8ry39C`~B=uMy%3l~#g>5R*On3H~-
z_m3jXfq3@B=VNPL3`V_X(>7NNABF`Z&#&Z6Aqq(A#}-?U)_CChOs>muWcLlON*E=*
z5ItN4gFd$SZ>djh7n=h~|M&Vz7`q_F{jF)oO%Mn|zWp`|_(Bp$Q%`movYUurLE&QZ
zcKluBw9El2%>t5Zd^c7$O!XqJ0Z_TfX#l*7Fux+rdGLJ71*Fog*Lb)ggNf)H5@st3
z;{BKi52jN;Rm__QZ|r@KvY8&|_59SH`#nf~d64o**^H$ysng5X@a3i;gS1A(hg$t6
zy0gdkO=T`U-1ym5yL2Pe6s0Y2eR=z`6|y~;BRa~0gZgG1j7;$ugbk*PXXz!d4<=+(
z4y?ou{vYGPT5R|4A{alwlcklmzlOXm0n50S-1%J3iG1cPtEBdM{~AvoAj-K)g}NzV
z@M_Eb*t9#C-Wsx$#l%C>{^M(>>s*0*i#}MvTcs+L^<T9BbB0jOZ#zd4|9dMFXzlO0
z?X7`W(QCDZ8H)reTOqGNu@Xq8;a3mRx$HIsJ$TP_gWOSA`$kpob+kEm0^9?%r8ayn
zke&cfWb{hU1myLHzQ-1IcZfaPP#4BRyV4irH*9Cj6og$5V6fOx-rIGLOXr3f`SZey
z5#DT@ZKDBuC2G%*jF?%AisXsnQ~4$Mn<=A!g|(Qts`!$B>}W)IoW&(gsBj47G$o!#
zpo3EG08No)MT=TCi8DMz>%QxOaYU%#sZh}yh@A&R!{Hr^Vj}7ZZE_)PZSohPy7z^y
z^~2sNS&)L-^i|i_;28)_tGCy%Gl#`&%AO=z?Wa+Ai>6Pxg24e<@$s*Nyl028_`Ozh
zlIr=v8jNxfs5%*I8U(C%A+<f`Kx@T1^yJgkk83Bdhj!28x}5f$#sTu!5q0I4PoZCp
ziNk|XOV?>iMjxj7k!`3sfSqO=`YMUVEKVmR^NqB9T_PCvg!Q#$t=-Z&JornXb~tyy
zBYvLG>;r25--7!~H$O(Iwr<G#C~pXjx+tDWBo%V}Z<*brik#CHRWpAa(fQ>Ldj*2X
z8D?RlO<%4X0@i${bNEuVtrmUhdfFT+T5DJBpW%xB%lMi3B~QwzZ|D<NO#2_qGkbeS
zM%1leGOlP<T&(eRO^ylNDh4(>1;z7CNg2!3?6$-VR$EuD*CNcfYCanSUSole8LkeM
z3WY7y8Skhs(GUXVfoqZd8+MBQjO~f7b>b*q&7@3nCqLUO40l++RcqWcNA_WPMm`wD
z`Gr1bozo8TlMkV^<^**n7Xp9#bf~dL+1K;d2GStU7D13fQWS0bI#@>jcD*1M`BWO`
zg^3!n%F2KN=I79ldh**#-<q)Q?awXV3(zpN(Zh8qe;(udvw#&-APg^KMF`uTs7@|W
z@i*B~eg%qLdpOW!0jSn5ie?RwDfS8rB4i3<CgUbj=BsNPDTUB@=-SiFiIV0Ymm-Xj
zk(c||ZA=sv-ZYSF2c5CPpF))ug=svsh#P!LM5b(Vs0>haJ@47tIEn5lm(;%6S$62f
z>1VUU(@*#9?e7v_o?agTQ6F8Z71@=COoz3-GQv3~Tp7$)>@)Ql0fpf!C1GzclIQ<^
zp4g`3!a<~br4@pu@pn&@)M7DsEk9sfY<l#3#r?E6<YP$ELz#p;7D-M1kpG_k!&L<T
z--EQAqJtZ*$bziC8+Sw*2C82^1cGteBL{`HyKR59Ht!bNOLnps02!S<q`O-)nZ?sE
z`ffApG==3}E9{Lm*C%U8kAdax7;H89Jk(=QJw=CavxC{OeU(f`5_%l#VpbzzB1;g!
zdz_yH6yg#2z#_S70C1xKx&2h@f6kY7D{CRE_FaKW2lUj__6tK~2Ji;PTDrdhQ3lkA
zQ=d}JfwDWVIF)d>d~{AEuO1r|8^sf0Rp>7x|832{6|Azc&+R=?4oE9~tGznd`ujb5
z40qDfiDRH)o;h4E-3kM-zZ1gVr(vNN)ZCa!1n*nR+`gSr!rX&S?hJhxgF4Or6Af`O
zSt3gvf`TBUAUoIN{*AA#{WDZdDcvljrWgQwgVyAaPWjrF;M?`&2xj$n3Z)lN9^m5N
z4Y7ubq?9?P`d=(7WO`C~2;!ea(7zaYY=1<QO$>>=Em?qT?mt8$^Dat`1#c}dX|Vz^
zadE?NRER-JH!$=V4{rVB3#X{Zz!Iqf_NQ7fsBq1v<za<8^}aJ;DQHdFA4h4Lf?;y9
zuyPqWzBSGyLcO(7dZ^xabIcS$p}S5zFaCJ`BJWKU?De%&!eF2w&EkCxpX1!?PdkQ|
zMK5j6r9pTUmxN;&*D^%=Q(mZD`2<Y#3A{)i#z}~g08iYByG@QZ@rN6i&()C2zRYW%
z_nV1rzy4eK9CT{jElgtbu1nuhrJ*ZL!Tz6yI>QzZ)$jRSy<Tpx@>v_0Se`q5@)4LT
zWF^crPB>5gG&H<*<!T+vY04!`sqPG^e(R__7}>pcCCqEGie;#2Mr0Zqm<F6TI?r@q
z5y)(`%s<+>a@iM-N1Ue14C%0qBGL&dw>b(ue}}Rd-`l|loS$`kq<;2iZNejU`U~ow
z(uzZ5t4AR?_?WrY4p(G}ArG+4CT%xtvz>a<YrHNM(~}{Vb^?XbJbCMrvVVv{wQe@#
z3TA(Z#ht;lpd+BB&x0w2Z^?;s24Igcf(Fqh{BrMbYQ{N9HWnH5#S-1-!$G^E0(Y~i
z?IO9h9lepdCs)jWifmqzyT(D>bpZPNpcf%oYtX}s#Gz>$L&>{WWzMVkduN}1#v2m*
zKMjY6J#DIKWz6bpb7T1>6~>+m@UT5wwEYa_6ZxLrXnGd$3EHnuVv5p)Hu><pTKwtD
zWrT_t-)uiW@L40D&kk^KQI4nTG;1k5I?ccbI{8P&FYv3;|MjDg5DhhwqPzPg5Wbh-
zL*N2V3_Xqn<pn4#TFo%C5NbHFJ)i5XZ3Nml>n;mma~F7xMg6aWK7#09mo;Ua&@3eQ
zW6z{(V72AvasPYESGUjO*ZB;>g$04f;#LM-Am89vq@-4+=^BPU_}L-X0hZz)t&-oU
z2CwSznh5x<S00hCV@M<zC270S?tsH3Cp&t1&C(XfOx&Xde)Pe9Fa;R*gn5N?vk&f^
z*AC6aOv(3!;V-<B0IJ!o0!{DBee6VPkQ6*fozkTLsyLbBo-Sb<kafeZIp2=n=)VSU
zI=0+&pjxr=*<k$x><s<d`t+_70cBSfE@s;ILclTo=2K~&QytiP&)A~lEVNP25L9lq
zt%3y_<o1-StaZcwwwg*m@Jb@h?>gb$@o9GG0deXxrtU&w)f%dy=<c9V)pt(!zWY%9
z{dr~+Q#vdDRih0mMQnQY*YZxli)*wXaN0`wr?)3Qmq+z+1<ts9qS*^vY%o*f?3&kn
zc5>Sra5}B&Z=*U=|5XxX5r~e2+Av={^~Vp#B*PNa;oj}HNJPwP56rt9b}t`BaN`!Z
zOeM7~8_+cw_y#Rl4uJv5I}TED#gUCd=>G&j@4;)++luubz3z|CRxNyZQ5hnriwnUJ
zX<CpxKDMjrHzeIaEUnfiOayJ*y*|Bdja`4&gkAi>ydyB=a}e5M$pTg(z>iSnc;sPe
z^aqkJbV5hLSDGaZZ9W=&V@-nh)EhXMgxxDQzxK=&a+$v<O*Z>$<`s#%OB<G$gC0U^
z<`LD`Mz?#z@xny^7e9_~(IRddk~B<v!k+RI=34Ef@4u|_2MUR<`9XQ|qW&v*zC*yG
z(`)Kun&1BTJr;iT>!9rF>Zcu?7pNcl&f9a}uCZu<v*X6iW%T{xSE^vq>5w@`I6$H&
z0QqRh{XP3UnjTHnZBm?|{;hK7nJ*;m9+DRSf++Kv)Ny<PVwvZ(mK``smEDxG-<~XE
z1AqFsw#{^YPR}yd_l#swjVJWv0_LlhV>Ukg_%?~|MnU>&*d5Z5+{@_r42VeyjRZLj
zk}TG)BW<ohu0{7i)+<XPmXZHnaxXscrkpe~I`?uL{eNgW%fBf8w~Gr%mk1IPOGu}P
z(kvw*C7=QdtcZwwk?veNB$gCZQb0f?rEBR_x@%dwW2uFWx%c<r{sVR%%)Dmyb6w}0
z_o;y6<FNL$7(o~)Dd@Y3&;PIp7XJo84S09d>_2cO{r_ekX!hN^fw;q2cvoui!+bOw
z*T_$q=aQllh9sJ-A5hHWzKM&Wp{F?@lWrA6{rml(UsCqI&`%*DrPr3go)!fZseF|3
zyrl>1=o_c0!8-Ao1$4T`{CQrfPtdW`W1aRV#Ngt0kE&EIoyv)O&?+3uNW!mO{n>r5
z(pI{_#Xvp)B^i&blf}y}2NtxR98B&B%e!NlU^%+qKRNw9_c{9~JGe@u{C;w)T>3w;
zq2!3`;5#_5D|~+E!7_NdJoi%=Qb7F4#b@yI7a}i(gqz$y@V$E9_gfyd7Gt(XgOEAd
zJB2iRI=sKAxn9VX$k7(?lW9NK?pC3dRrEf11^XMZ3KRhWZ=9PhK75LjNOm5jNmG=5
zpJb%sYju~;(i6U|HL&P0@0`f<<p)Q~?G&)nYnceO!pAhcQki9H8+%B=<eU&#YUm`2
zkdO;;-MK^0Jr!dHxDbJ9ju56#oQSMo-wSI?2Oik<N#kGBVXNFGpRhgV+N>bP+lGS}
z0jojuY#FT)y8VOz5!(vu%p%tzoWjhA!681pkC?Hu;WoKkm>zn1Zp#j$2uC(x{*PTU
z{YrL)FQ=?qRD7<K#$s^kH8^0VWwYDoR6;=(Kg}lXOuV;Rxo-~S*+6H~9xediF5c`a
zX?|<Eiw6|XD{HerUxG^x50-4-rrC&mB+%k;lU1YP5W?+9p^`(}^_?vo!`bp2P4STb
zu#2^y;=>{0ZoXSdOp*!Vkep9VOaN{fWwu>i{Mu0wB$hxz!Tr<G7;im_>i;YD!PzM0
zw74H%8!I3(h2t+PwE^d!S4MCFWL{-MA?@)4j8P<RQU|H+o+?c@C_#e-nVJvRf!Xsd
zs=*T2^EgLm+&+4AvPB{vDv#e*)BMk_!%S%#i1-4gQy~kB`-Iioxo}Y*hBN@h93KDn
zAkQ>EXidqZ;Dq|o!HJT7{NOqvriv!aMU|;IdqKj=+UE??bp!=iHo=WCqFulNcKZhE
z6c3d<PpbO+mF;ux#z)E&&)pz<#WsvhRfWf+=nvk@OWkJ9JzOdbHq8Gu>#Sn}|7*SF
zmDlzQJMHLsYsubxN%KRx{pugO^03HrYJBGLUUlVFqfP&ne%!Trnd`~D<ym(8B;uRJ
zeOg~VLQ^hQx8|~7cc-gP9{-eTJ7cyOmVO97ND+Cg3`5C{A=;jzhS?|k2J0c-Iz`_M
z_yulc*|YgNz{w^W8saXrW6+wILIS6KcH?r<CB6KOkIwXh0j>S5U|-+6!by@ae}*9X
z$`@Pzp0GYh{k-HkN$YO*Gv0k;$M~A<Iu>_w#-|x1?Mqf2L7VYc9gMHFXnR*jT+90e
zUtj~Bo**5{w(_5F?VcQJr3nn)p*^;LCxn%MTQ&UkQCXo*j()xKB2O6{Z%EKve&(Zn
zI&2XUuj@%|qe1Kd^v{~DZn{VjAtcJ`hbzCTWfN5ipqFbh)`I1VRT>6aEq;jLMk1T_
zZ}f6ivX|Tf$X>Xr-Jhuxe*EiY%A=Dn|IM`)JT2$~4jT}gx0I+g2H|PKraC#67X16l
z77uiN-&w%i%o~CWvcMYjuGaaRhy>Y{80@T{n=A6k#xG@_@6Z(qcDJO6>z?pa=sNAE
zZKv0e0<y<NA6|0&Qd4AC4)xx9szZnn9V*3yQ?{xnfUi5pE(}X83ra)7-7`{vr-RyD
zV5Qg8o3|u*PAYNnB!ncm;1pH^h6|lT3yN=rX(LE4b{^dxZ9U;&sfS&!8g)%tBxL6O
z5#5B>mYV7vS<XMu`_jTsNmq6-fAw9=s@`OThrEqgM#Eu;o<ITwMR=p0Ebj6^PN9qC
z4MW*^)GHW=$ye*i<t|ZN(3#Hu>eF0i@}=|L3FKRoS55mB`a_Ix?yQ>z1VEwmym}Rk
z?~H3C^g?7D%pZ+!ZU4)*@?DJ<o44<f8oPMKX|uvjC+jjVVLzJFc_nq>I_16!Z}oHc
z-{dVCRZUy0G1%8)NQZtu!N?5pPoazTzdpnGwDdz2lMLSvkHSA9(j+KZm;am`qWj6)
z{SS=Tig1<lgf;|3yB^inD2atz28Xh@<*V{*X0GAr6QyP>z4mz+v7g7jO{xnNO*u+?
z^c&kGjH68vKFj{ke6ik1ko=8XFWL6LRL(OE>B*B@WZmy^eFpA(Qx0v=(o>@hiN`dU
zED&!I<5slMt{c@I=61R^{KIt^(`1Trz^h(+cVC=KZ&sc6zpEcy7_VQQwuEF8dyQt+
zY61HV7r62^Kqi_T^CDIMRQ=@HpN`oIEBFweg#5wq^4HDKcaa-UI0P{JJ;K*p-@R%s
z7eP#}avOfZe<zcZXc4$7q5@Bz`?%#ymA0kq`M;BIth~pb{67nz;aGL^CsJ1m&hqy=
zxo5CpFxrh|3*$PKN;rCq2uC9~TW!`q{LNSVw=cw~gtvZtqa=Yd%2g@<+JCE^!0yfL
z7a3yv%clS%3fBT)X+iL#ekC%0KI`!FW2Vf0LVeRI^s<7a>eo95BVx+7`FoW0S7I;$
zDxoLOcMU$vsHyJiqzf3Rs(qs%&}Iz$tMkn7kg|*9sX#?bggBp)mgZAj!(A>9+5~wz
zRaH+PM!Oz2Z66#Rj2JFvFI!yC^0Sl%p?b~AHsd7WUr6N0wm+h-e*YOsTI<F0Z4|U&
zE<;`5v!u!7mz<tB1N7~f<G^42BicbJ1nThXikuh$H?uz&-p02-#Y5ZqxlHN-jya;<
zIOe-UJ8iL;%{K#)F0Y`17~{l#u(QcD^cg)`ryO@PLgG0+y=Ky7Bnc>9U%ND+e^5_L
zylDvz&#4Qha982S{!Yq`#CtTAfr*ImH?-gF_9fxG(6BTKuY@e>o23??%0LuCk^pJJ
z)BCD*sp6xq5jJADLwnD}GVX23Nd2KS;Xj|28ZB1*0KV&W?sJAc250E*er5U~O)sqM
zf%n1jN*jwzP!p4cXVb)Ez7*`qx<XLyH(Y0p`}^XybC&_t9WWOWaX_r6_X!Mq^5j;G
zBq>K&F17#JvpEakoyyKX+L)ytp_kFBxutdRV5bJ|MBjHp_y-9C>qA~QxWK0f*|G1j
z0arqe1)bn;SUpNGJtxMTwHM`^M#)lIqxK05?!rMRq<I`?<k~y$IT4uH;00eBY{2z*
zHr$KCf%KRj6!{NiV1c)Nvbxz1P(_I09MLtZ{P%Tmc6jtC;~;dm2&laQ+hOLn;)mdA
zXfypVStdmOWpNZV+yyOrqvs4Yp%Ffd*f_2p0I!2}?xli@Td@h<^Yx_EFTVt}Gz|5<
z)Jxfg6aYdBi64N}Spz^pFT6g2F{=*{0RG}-FyFf#D&T8QqZwhyQ%Sq6U1w;&{l895
z45=E(I$7>zmyy?ba$;DVM_Y8$_jHGAa*fooj}3x-`$3<?1n$#mFg)ZDjNw(FgvVZ=
zM9LVeaRwu6P6ut?lgOndfW+uzqm2_qDXUW6Sy?@2-hX!jd_}|Cbiqw)%|q_oZW;QA
zR*Z<2bZ)~){C34Cq`@iUa1m;DBl==P<f|-B*dieovFB4CGlqC+W+_3?5tFQ1?tEiC
z_hlnUc)@^GJr9lI*CJP&jqeZX7^fUJ5}U97yFUS>yAG5?;1=G;ZVXh;W1N_!PNs0r
zf64fk_vc_Dn;RD~EA^RoHfoXgeY96IMBHe--FXXzeSiF~Xg%DQF^>BqZYLP3*i@`*
zmAxbmsk6DQ!bt}C9T*pTZnDA)@csd}C@5ny1bw&;gkI;Jc=h9dG^BRYp8?m~*?ip$
zuWEaypYjOYimM@>y>bjr^Ky-PICZvA$6ge8p(Pjr2r4V9H@;mfxR<MA%3<^TrrA*j
zD|(8k_mK2++?9?z23tBM8sX0m=h^6j4*boSemq#JQo_AxRS=?PmPpBI1Gz1)6Ro#A
z>wQynOv1?z%E}Y#-n^HcbR0uLmm6$Y%u%_4s&p#*InnH=5g|JIOM1Q=LQihaqA83<
z?YlhA0CpD33S@r05oN<)8xGUm<l41H_<J8Kn?s)Ctv~m&E_Tpkjb4jVZBHzPR5;GG
z2=W4h^!u{TDa$Q7v#Zg=VS%fB)}GJ)eZQ;?Bq>fng{wS`d80p8iKsFbL>rOf!OXY<
z#T$PNC&rG?eiq`d8>Xaq>L!2ow{>r+aX;sBFN+Unmj)dDwy^N`bP{d4<1R}kdi+B0
z2hfgjE>}`IaJ&9^UECo?IcQ8f{yUlUj*0oEk(-1nclBpWs_2c{*aE(bPjkQ9qFQ}w
zBY0gslx}1_w#*&ejQAWTYpPEU-a;8v914#+81|A9mHG{OQFfcvHaNa>kn5eD>AG+)
zw=Dh%JYEIW_x-pOU+EfP!KVBJj!LX&+s)+T2N+&OOW-yV8df%)YKCq1%y%j`l@p3y
zo{_mqSAzz=3*Ge!I=tXVjU^e^IAIdsOO^1=1xH^qRfgr3c1jx8$ZZe+93&kj)v1L}
z!!4190YlF(fzI$~yNN%42p(C=5Lg(KYKkSf_DUKhU)=`P^ihh}YPA%W%WC1-pO$^K
zXs5f=^g6m|3w3*CM>ig90~}CW#c|#xTL|#Ph#KW6)o>^p`t2r8_RjrF(ZWcEgnOY^
z+ui?7KmB2#sxkB1LKN&g_n;x8C^!UP#x)Ivl0h8Q^2tH{u}~x6o->@y^D;@4#*P6v
zgZNt1JL3#?vlM&p3EafCI4WMTmN-;u0N24K=H<z*r`qUuU^(Tsr_PlV+&_Q{(U+D#
z31!cOxbR{)N(bOdp`|luBSt^kR*@tj=lP~_qWD>9O0ow~F?x-*2VVu{F>-9u*n^Ui
z*7Nw#E}dPnh1$8%upL0;o^z^7n}V*2+yg5%v}RjOF5T5t>S#M!dK&LC`zuyz!r+UT
zMOw5{;Dn>u>WPP(({+5^kKg;`%34ADyNF@%C{!$B7h>7SdcjdBe?j79gIOfD*5i1b
z#J>`$G+T4(%=xKCLYZv9EM$A=-381DFH8nw0Dc#219SRc3pbT%i=3!W{O^2Q9)@46
zMhDZ=X3%E<vh(O-tdrfwX>wju9<HaWm4%rYfQP9ZYrP(zMu8S?_V)Ga%DLp};Ku0w
z3H-w2U(bwo_#_I?&qq=1q{npkse&RRwf#xa#kSBjx$U`Qoo22v4TAR|>OsjH?v|gU
z{?=StD^n-O2Ss%MNk(2EM#14D&7mVI-MnU0olNLT)3TcLg9$_TEp_Eka_BhO#l<=L
z>aY^Ru6T*znV^+eu7+KFOk2&cro!R>uDj2C^?QMT5*7^5#1*HVggq&Yfc42?13L0u
zAm631N`CHxpM4;&@RJ4l+@@(Wbxy|D-{nnP1Fr|yLOvLqlmLpJk?jSoTj|8@Lq(^S
zQUcAcZ%;yUQpDfXe`LI6zjeU!z9VV;CSFdN0b9H?PW2RQ;s_4?IRpGs8~*}-jmKQF
z2co_p5j)2_mk_PZ+*9}<92$m&4X3at;-1y`uy`L-T0eUn8YeyBSf@H#GzK?5j4tei
zRpDiCWN!e$G59rf>N)A~*<y7&;kV#az`E=!-jpVbK%!H;orsI*z^<MfjS*qP?DCPi
zyu>0qX{*%T^2<)OocU<KsF&_*UUreWj)OY=&*RJ==M7p!JyZQR8us{J`-!EX;R!ob
zO(gIvktKR6e;H2(5~6f1Mqk^ng0JSUi^fBm@(RqaKO%1*%;Xl<f$!ZAhT%^&=uL}E
z{e)D8f}AgYqmpT&_@L5Oxox&<Y}reb?TS}j%hvRsZAK#9Jc@P;N^Gbd^T8bD@2#gO
zn!&p)lHJ<i$iPa?Gn?&;?1aSui|dgj>*Yn=^k)r&8}{2nNes5>BVPR~9ODPNUI(^U
zuwo#ty1*U(x0v5Pkwe<!h<F$5TZjT#bjj0jnW}6UUe(EkXSN<(SN7waHgftdrm7)y
ziO^AK)@qQ=k><g`ZTfYH(huS+=*m15gcIY^b(&6xA5O4(ExPii<fPFSsFPi7r0ldW
zt}$53enjphbi2PYMHHRIv+B2``boebG(z_^R6*qhR}o3Oiy*R5^chfhR3a8me)&Ab
z9|$MZt+w?3u^|`n*_?J-dhMh3W33|WwO*QQ7OFUC|EIf8fr3btJArEA_KdCBV^%^u
z#jC)>9e-9iRF!Od(MC*$Wp@$c8C8nab?)k8UmmAt3mlQR7q+J7QlhYb#dnZ`jlDP3
z+GF4A?ir?1;z|cn5JT{ZXiDh+&V?<{MvQtmx`>!j8`>SbCE*xCU|v5?74XT=@y(^)
z{=j&q-{LWAowoj7%ox=bS1D|8rb{<=!8`VNR0-;N?)&u&JM6x>nGp&S=rYFDO*!3e
zRym{b%VXbZUUNzWX~i=fEuCYfh_O-`*pTHp$*?1p{*h+I<l}=!XS(zoWdvTZ{#O-k
z8~o%36sPFO{lbOia6~jN{iUVggN@mN+xEFZQ5=1Ss;Isn{Hvv^fL#ROEE*85B>#Ct
zq<?#{`cGmD%Q{cxSi1iy2g++-c2^mbiG#3cThZ*?(`2ULz_8@!ObRGV*ynmN{|LtB
zC+0kLX$?<FriO|oUhDE5eVzb;I1>PcmDweE#qi%4wP^B7(DVEJ<;UHIt5F6EgJxxo
zXiZ09SxYGGNB>*imwh^yS@SQQ32b3SuhE<~oxUe6%Oh!~APGP-*Ue^1Nbb_2m?J55
zuY(G8Xs2S?EO!fiJXTj37}KjlmD*F0$BDH?0)4dqX?$rg!}D=9il(4mY=T6(KC*An
zinAR*dIzL6)@SO6+d>vYYQ|&^nwN{w_J#Db^t>8Tu;kLoZS9*)f4Qh)B~H1^<B#!?
zHe>Vy`!|oY{5>5=`c;^NotD-(FrnCCnquAy4JD4xzridYvY<!uRB#gJ`{G+&G2mS&
zu}Od0kzC|D1>NNAsy<D(_S1WSXUypL(=?_&XWJ_wEtUaec$LJ>oeMMro!f->`-WnH
zS2XM5lB;AumuIO<vIHOc>U>m)66fzl7MMKDU=dP#Jvj>BkqCO4_N4!Gz%j;9wOtUq
zkDSYuK|b6Bp83e6fEd0C=tGy0p9*brsl|p~I+r-T)l#@D?l|3A9K|E(6$&(7J9*Z|
zAw0iHnrvJ3Eg;$rOdXc05>b$fCHZ?WG3fS)m8Qh61N8AVY31M;gONb@BNi@|vkljB
zjLpf;6R|CY+iji_iB8C;_+n=SYSM_|#<oS|m5^vb$JvH5>Pf-fhxZ4Y%qa$fH%5@(
zho+<2RR*X&uFyGs8(gM6?m2$Ili+)Uh}^mN*-XjaDmMUmkL`0o97X>Xl)sA|&kb_8
z9eI3*CsYB`+JXO{&by@UJ9nM%;D9VLR??CV4^e}1E+XQd2FQ66AHKDt=a3U34<SJ*
zf{cTogkU$0yrK8R1B<l4?-D9Q5)+B?@z~S?!km_w(fHFgcjTQ@9%gL2{}<E+e({0r
zjFq`XPSfV0*f~Sid9zM9YY*h9n8<7Dh07aQoS5Ld>R-d^V*Njy$UW5<FunUAuV<3M
zf^2vfp#<BqzNV*D@rm8Nrc?CWStJS?)>;iEx87tJ^ZPQ8o%$>~m24N#iyqAdFXYyi
zdWELN@#l}LHa1Rm+yC1;qhR0ju{2|b-}6T$Y0YLPJ`ISMR=a<^Q~=J}PKqt*h)n~p
zw12=U=2u#GCk74uNITD<%r~^o#KiA`>gBkoeMZ5E`A|+CcESQgxRw|bZYRaLIk9nS
z`IaFr_jgNyXu711QM<`?ST9i=GrZg{Q<e`~yus07-@;Ua8B^d8#Wm4AojzBnM*En*
zt3)NvLiz#C*iN4f8^Y}M2><BX<JS-Z{k!QwzAL}(Qq#*Pl~IYW+J1hCp8SN){)T^y
zBX9co(Y^5p?Yo;?AtIF%?NXz^nRq?{-><l*uXP*%#if(U0|cWyUYc;NGouu^n+0-G
zSLjxM`yRcZSoY2H^tCjqEIlS}%ZQ%zLH*79v9pcy^@4GF<ZfXOM0LjJQK{s<s*6!9
zqzq>c@0QNqfJrLGrNhao`uVkjJM3R$y}j=ab<*Q!28lXsI{*H6LK4Wx0NlbN78)}w
zUp6arwH|#bZ97ULz&Q0zsS-9&DfjFyP_vtpy^}yaK_}SxU21#BP=;|pl&s}%dy2ii
zk|d1okPo<;pG8eLx~zRd1$dbx72e3JTg^oNflH|`js|+i_wcmx@22FRK1L*|_`^@8
z8ww|b2BNL%W!}QE?sXD(-?9}UGryJCC-!w9!P>#*Er!`%8CLGeFG>Tyzwdq*4uN6}
zzSZyiM#d`RAW%-ht);~8R7;eNHX1ef<B{wT*QJu~ygjRsjZBHRvgLwEkK*Z}D@dnR
zyywOPuB_X;NO<d<@i_wrMy$Y8R$ocN`WuZ37s<Pn7afIrjF~Ss4IdtfY*qXMF&HYi
zv@c0}zLgaAIJ@|kXwxie6B@RqNQ4Et4(w%qKicoF4{F&WcbLr2h=OdghTYp%On>R?
z%DZ9Ycwln0luxSu{x~H?_T{v<AG#C?Jsp0;pRXD`Ul-6&yF2&hRWOQ8RMgASEIs<h
z+tg3i2d{oG#{NYgPaD+OFjZn=I2u^~szunlzQR;(2l)puUrF&<nSDYg{&dg~U*DPd
zbjD*l(aMDQ;(@`>8GP4j^jFiqkD0HAAgJzIi_t-fg9`oxI9B93Umnf#Y}V(=e?>gw
z_6BTmQcW9tCnV}^DvBQMN;f*->*H<6kZ5HHs6%_nYh?edvOQUW_Ko(I!=wgOEOQy{
zGX$k|gJqu-=9jHX!B<<)-uI>TZ!UR^L@{#fHedKt7&2+~b2D>{?-sXA7x#BT;~?4M
zq!LPy?)<AAWgTmh$`9HxCku1Eh+=#4B8E$PA4L@Era>i<W(UDSM|F-&FR{nx<!onr
zBr1p!u4m5N9u+D7Tj0zt1VC+r&8#6(8XD1$IJ_|uK{EcgIgi9UK?goFw!1CEh2rRk
zkMW}MNjGQqO6BK}mSDXIQtR}1Jli0+4ln6Goi6RNW%?RepndJI<2zeedzyP63w8wb
z&IG9WS`Jpe3tiPVL-6#*k4NCE9BeVRPo3L$6%v*@9>M*z{Irl6t(X64LPN61M|`Kc
zZiyXzyW-e*>|5{sPsG1R{nIA_&9B!6Ltn~7p>LDP7CnOo9jDwh&`RHPw6pIx<ltE^
zI>oVJ8cnZBHbVP6(qCfzFmVd|>vl<Jz6h=xo6|RA^bV`wPf%Cn49W*Gap^<F92|)}
zBkfEN_jvAee|^>m0SIyCgJ!sC05-p~0X}*#x1F;{xsw%n@f*?|@=74{tJAe28aiRh
z$FR^Uw=+5a_qZKySs?If1^Xw;2SFSy!Z)4-uo4FiO`3;9<A0gAJ><Zczhzj1?m1Y!
z4XxVUEVCivl9)iy7OnQY?;$NL`V)93G5xE&3lX!)W~#!@mEqyhOSI+3@pcbLbPVHr
zz>Pd8<5Jv?oVhr?v0B76*b@`LaADp>dcVBLsd%MkZM}+XJ#m{=?8x7O&&&757N7-9
zz4>J(47=n^5vltYOW%2f4Bsd;z*r~U8?!}sB9M5O=~jk4${=dxS19J4YOn)Pr504^
zKkc64DWv;r#^JNA_>6Gnjs^0gWMzFe*I0~74t`J%Iuo4EBRGH`f!StQzmc+HiFLmA
zD_e?g#}SqoQe1J<IwVsKg|MRIK<;wI%V+6$K^ryt>)alaw856)SDHI#N@Cy8vFC#n
zT>1>2I<K+N+Do`@P#O@Zd{fN+L(bL4y#8QJ+uVG<SX(<1?6l<}{c(=b-$)^^O))kx
z=vJ{u@YtAO)yE4`%>;SVy_sLUoC{AT724`Hf*i<~8KU4Hk@~_hqz;NchhMxuV%#|d
zRcjHk*%u_3rWl#CJ5LKnLl}IAW?C-c7egF_P^6!^rT6pZ3%b3p;?(F8k-d4fNoB<|
zKeqT7*>Ci!^MKcWS2g`t!>BeY>MMzk<j0Q$z(ly<FEeeT=K_4SLUcyYfdF)Tpc>|W
zdiNSp#2OTL$hVVgm0^P49LXl3cFtBFjWl;rwPrkieWyMAh&d4?ltJ*4kg1>=|9-tn
z(K>cRk$OgbvaB5=VsJOS4ODY+sgxDgQE_q5<BDd2ze81x7#}t&;fiN~C};tA9UfxF
zjWEC$Is?%cF3&K-8<M<P<JGX|*jS2Q`0n?jCjf1D&pB)t@(27EFO8W@0RO|k(qrW9
z?1Of?n(3}-E+E|IJ#_We4(4X7A+_)GvUIjhNjbSLb`%AFF6|%2j#Q5pRt)=gD_S>3
zla?SIF2wad47_cnnvm1UKaU7ey8m;r`^xS#dxiXQp4VU;gbb|O4JHAaMw?ad(`Ui5
z7piLlk(w5SGSS1H8XsluNat3KcHd(^zksc=Jde|RV_lGWz%$FM?}4O`k6&XBF()+U
zD2D6m?;nbn*FTOvZ=FRDvvfI3TZ)(o6<o|x?&RH$dck{rJXdX+!vQw<V8eTM%g1zm
zjqc~5D^nx&Zd%1@KH_gA<w<`|ims`B0S%UJhcJ3&cGxY8tR5iiT;p4Yi+1Ph5@gz1
z+K=WcpVtL{!)8#o*n)$B$Nz>n%bl-sUF4CN8NqG1l7AFx_~wg!h`V-j3rFB6kgZso
zHbWsAz$({Ru+rwQQojvVc--^{^EdFi7XK;w_)N#bp`+i{V6XkwqX$rtbofgxy2CiN
zR|4Wu=*kyo&T@1!`^S6fE*WAJibGXrOQfYvN<^sQdmLL<3NqT@<1Z$%W@;|g-aUw9
z)G>|zd&xH_;)SFKFy)78ec(rrzG4IZ`+G;&W8LfiVBTF0kJdoo(S5aYMUh?2iv(A0
zX@y&hqnxjb9@^;LM~<Ma<ls*pqszY|NMAdZwmj5ZdC^;>TY#fv*)rRv^f41?;YGtb
z=NsX}jg*sKVb(roKg1OL6}op#7=jq~|EsXt5O_Y9!n&L+?~MH;?Kl!Q=j0<~f#LjJ
zyK7_|Hyba~v0VPiK8Bk^EGSBr2xxlH!{~j;^Q*I1&e8mAwfA%f6x9ftD=w=)nt67?
zFcX|+nF%NzZ0Mzs-_U*`r6A9~k5|U6^E1m9!T?q_WLrayJ+s*TZ<68F8tftAuLK9t
z)!nWmSC7rHX9ZKg<M=e>EQ(xgtIn!Kc&Qr+J4?}-jNOuLQrCf#rDLujvSGbSF_ntT
zXrySDal=qvYO)4sDz~|D<B<M&oDdF-yS;O>wf_QtPn@!t%Uew(QT^PE)xO(<Mb@vt
zJNygk@d##fa~A@Au<zUtD1m%cP(19+pKECn3v{vp4rj|!VWi^ks1@N3LZ|98YjJxU
zSrlPYydf%fG~pk5^(;Mv5znS&jC?03XIu5gWSFil_h}>sqR3!0@dHd4R+PhC_ZxqX
z`dM?`KRBv$Br0|>iV$#lZmPG*b{@Z^jxXlO?BPT-ir5rmU?pY8d|k(V1+VXX&h3Aj
z*56fGyXtZJum2eSYqK^w*w^;7#s3)D;_Qm{k#wa;`{jdF{8<u(Ev-W0%vi(?$Pnvr
zYR?a40qmk9|4lgwl)>MGbBNuG8>!Opdzj^CUlKf*=bvb|zj=#%TJCOeCcgW;zqLOM
z`jd`ZYsZC3eFIYL{zW@O?8^}{=~$;%!5_UbC@g2nVdRCp&r%hMeB|DxJT)no(P}wO
zrqi1?XH5O|iF{0>>h{iCIqmLq@cw+YyVp2yTN}3&E;jx;3fXd_eN7)J7=Db5#K7-)
z$C-K`N3@xsw*J$u&9&Rnc#-bDi{nqzdnk>HJ(Uh#JAZ!&-HXjPx%_F;oR|MDuRjn&
zPJbXwAawP}Bgi+S7XOo1j(XMC^WLPNZ;PTj<iL@on&b+3$=JU4M&Z(@*`GJ|=d&_g
zIEc4(XzVe0q0IS~gj|e;NcPsOEf1;j0I6e3xDJS6>0^_2m-fsp+E)38Xdl!cIP+3{
zH;H+c_VunrJ+Rv!JtUr#8!z&_P*dLDj?-HGM6laN4=)Hi-H9NtqKLoDs4VD*OQv^p
z;VL@_d*+jDy`9zDSRZEIiB@3i?8bX9-p>$pt)%lP_~6btvQEy~p?oTAS^Fg77?$&H
z`KMv7AdIGX5=;f{+vs<Dply78i2)TVFhhLN_BqM)o@4<83_HvysaWve*pbaLlca43
zi`cK%Ex{x|Zc8l?<@UX`S3dYHo7>$sAR{KhA@hkQr`bnr-(k+eQnTBC#Tef7MJuy)
zPXk`I(sTSqbh?+gY&-=tf_t#qstwsOIBAbQb}LJ#I)#@3)u*5{skK2A_nIz?6>HrK
zN1QzhcG>f6z%eCUQDM_6&HDk?<m01FR>cnsG(#B=g}#})2UVa*ji0?L$6Nn5!)MKr
z(|rO<2b2=K&{rpk>3HIvTp6rmIEkg)e{warz@VBN#H!+F5A1q1Q3N@v{{|%YkT8^)
zN^|pQ7BTtt?1THk+C$Jit<jg?$o#rc;Q1DvXY24Zl%R^E^TAx@t$w^qjl=Zaw?oK*
zlVc~b1(+6e1<x<~6}RpXK6eX#i|+&Q75f;cVeN`l9XYu&HaPT*Yj-E1pI+M#m;{W)
zvJ)?j0_&INsv&n0gW#eN-S9V7IuhtSV+!#!COux1#McmK;^u{FS?fXAZfPO9yr&4x
zDc^iMuzyy6J9nL}b5*Z^_#<&{Vr-RJ*opk$YJ$Ox?tVdfyy_z~K&XamDl5ir_uX%P
z1Euob2k9>ryf?Y5;6mkoKT48B1Q8_$MR+Qc-oT$DhwY}uh?*w_x!vy8=tqR(N>5FZ
zGRp;U(+McU!4ppT-*5%A(!WWhg4@t1IdHL!^jE_<A)E)wL)!ZwyvHj8QSYS4&!w0>
zDu1OPfdeb9k|YafDqZlnQl{Dqc@Sri#C)chB@AAPpyyAHvbt|2vU{;g^;8B_#IuA|
zDoP`?b%K;8IWchvJr;ZuUuq(I*EZWwB_ZF!+Wv|d1fxBsw?~xM5GmeuDP9kY2ZaH1
zCqyQtOX3uD@st)vbEDkAY=yBd8M5_x{TIV6xrk&zJiPDg*#$%U7n@D9;1EuO5-q=}
z==_okauv>$L<oM2XJWH`ClN<@*@obEXPLsoy<~o=EoA1mEO>oNykykA*nim{;Xx^X
z(odwnnxU;Q@X`Bj#Rm!;g0Wvs>i9^xMXD3~Qw-x8`9FQx>y!eMd#Fbpyw5x*pWrVY
z=ob6EdUBj!<v&bZ2#8e#r!E(fzGbX}Gz#|qBJs**Ds<{5cVxzRXPsJ74!q;@Uh~la
zy-_kK4OUyD9hv(D3nw)!IL(~e-qaa(D=f=)WFy2oOFXw%fq1C}yCDQyEf&2x+ii#r
zU800JlAsT|uq=5F52fFoPfFWN=+EdNI1PZJ4B(mN8%+)DpN<dW3Ot3_;zqq(Y~|>4
zZ1dTjiypRrEX<9nWl!$*i^k`2R0w|l%MH}^k24*<mNi`weMM!=f2Trj39m5s@A@R<
zhzhQMt$<=22}xWV>@23qmi6G^>enfc65klEY&XcjOPWw9UKZOHgFlxp=SAjZBrLu^
zF&zTUYP9DjU9v8W+R{`sqogC~N6UFi{3-(NIW#&ZSj&-iVwq#q=h`C#8{GyXw^P#M
z2P-pmyva&q@k_Jo)dHCDmp}FBBs!(zTh0qLae=j1)5z}U!=6i3ff6)7y1_KLioM50
zw&1nrTI%KR-LLx}m4ZKLvb65I0^$B2JXqV;p8yXQMwFC(McQi?%#Bd=0ty@$8?+|L
zA$V_SXmfbr#vs&IkreOuSH0KWE~}ePamCN?V=LiF-qN3p-aXbl2bdzNwh})^WlEYg
zReZwPv3FE^jb8?!_x^`BYyHp@TIV<`DiMSUdY|n@VOF7d8Gh-33_<K73jORY@DI_-
zNx-K^oQY{*_9xAeY!01fw>kK5b$yArkxt^eyXJXXjShndlUe4M(Sk_*OeMW`RZr&G
z(LiElvU!j03;roTNFft5ihJ+&SmCm((R%X)iGTdze3N|xYM9_;6(b<~sps20qPs5E
zL#9^C+Izc_vZri=L%*pTToU<KK)%WRD%<X4RPh4wjhvL^7=baC!Tr2sDqv>3eH5bs
z^s25|TS%kyDlYwZ2n9!n83nLppj-l#Rbp&nyK&rq6_sr-{^MNsE45JvKu*t*wD?Qr
zRuF#cTU4507@qQQVeP3~+AyQ4)7>AsUa=f*KZIV$CBrE27TxTupFz}C=F2U|heD!N
z`_@n?d1-JApY8p%nC}U1>Ia<6BepQ`7rH}g4J8h18*Fk^F`mr5gq3-j2D5b;wNu<q
z*ux#pLLoN;<FAQUml3mtcJ>3>T*$CoG|ql~^kX6Wj=?}NvH8Y;<3>p_aT{ACs1LlT
z>)WYab6Ly+G*wIe*Q;1N%<vg>d9fd71BpgM;^^xT-J=P;HKLw8uTrF#;1W{?kw9fQ
z_S>%;9<6V+J3_-|c(c>BT{sjjVFLH2%_p4gN!JOS1w{W4l#U;*FNmMFMgXOq_G*IP
zfIy70CE#>2?y{Q)2d@L?6Y%~P;0cx;pMW2*O7k~dAcXWVn@}b7Rpu#9419p#qbOZa
z{{?x>)f{_qK576ku<cgE^?~m=+Z)7g&>!eu{6kFtL2m5<Tuzhjv#yR1#qgc@yEHRi
zVG(evih+iTAMPKXz18p9jfjmp3|RK7F^^_>&ok);r4=wm-=n!@rFLX$N*wiFpHfC~
z$bE=C%IFz-V5^xy_XKvebhx{(Z#uXNc%0;(#d{Q;hWJs8a!QI?XFnK*+^?+d!Ank-
z2znpPx+dZ*x_RH9`CLGqv(!eUDt*@fTI5*hinTQN4A4_JD7l~C_VXAF&>n+SSk4!D
z4fhdHuTIJZbB}w*<wj?MnCQS!tS|o)XbZ>dLCn+zb~WwqdOxX4s&u1kg-ZalgcC{l
za^#3{my1^a$mjH-M>MC3x}yU<U-##do4gMN3S&?Z7=~@FAx8l<^wO!siF>qo1AH`K
z*+io#eOkfCAsZ*-SzOjRev+G!h`X{@?_!m^thR-YD-N!<+|}%h57hBx-bcZJGR7uh
zq|b4D(wM>i{*jr)bBa6V^Dr{-V?22OcPr{<c#_}#lB33LlDVn)0_T4j(C_UmI1?u+
zIWa&k`7ifJOL|;dtMZ(1@VgD8vMt*1J6A2$lgV^vJ4IRdy8r{F4BsUw!O6Mjt+wCM
z{m)zc%iLvjKU+bJFZl(UYm?^vJT{ZZ`N(uiP0aWTK4=LHXvh(%nB%Kye9;e;-MOha
zE3f%NMk(hFT~&{kBC``^Uunz~G~|x7J(+ts{3vt1<~`Z`T>&+LUBlJny!~Dm@$OV1
z+-Z=+iLv8}@p{xMxmd|+?~@t{a98JJ6y-($Blbk_1SSB;yMeDAB33SLw8ul~&7MZ?
z-XDDvZ5u2t<M;T8Li0@`OR&{J1Zb?G?8~sbxeBtq&hu-nhR)u}y*_9rFgXmhb8fcI
z={qu8YgM1tnsaE|rMOPL3vj8xXin@&1F&byDGi9!dQOHTITEzJ{6YZ{zGWFfMz?-5
z1a0Up-H=2CD?nQLn$<7JYMht1_*Pj$TffI;Ull%5*nwj|)Ol~`?gG4#5*bYty`#=0
z%T+I@s$tK3(ZZYbm_zeLpi)mFIr_#c^<8hp#Ej!^K3=fOd5)jm?SSAw9dwKvd?9zK
zYn6WVkr?-fd37#s1mD#7mdFoR<Z$!b?|TIbuPu6>LuaReHkSnvubhE*jaY(_pRT<2
zk<a_(=N#rC_!5dPg2FzYLNMI)+ona41>mU<;7SzyZ5)X~T|U(CFKd@NxU-&t=pv3p
zM~iCWn|#0G_kntu%L=yI0jd6Zj0bbYw%{s@Ak1Xg=r(d+^AgN?<auCfh6r8$T}t@C
zcq<+w=j_29)o?n+%Wf>8gj>-e>e9)ap8Wo~4Ao@ZwPnetla{USE}9ARF?^1B<~S3s
zA%_R+)wvY=2kwB8+EC0!Ao=XNPL%O3&G~6cXAhWP73Dz<KQzbHc48hh-857A$H%yU
z3l!q-tBgIhq}&BZeS}1jijj~h3$Rz8JP^M|+)cKZsk!BIfH3EjO4-lNBfjaykH+;1
zz+kLGMXTpqMJ>Oc%N~6IR=d-wV04zyr*HBe8%9A9!Q$kP^>u-E8X(*HW`CxrZfUWw
zeeW0*ilu1)bEp$;lCwFva#9NZr_u#0?=wrjvRCpq?>Q%^5tE=Zj&ht`KCCanPt)|}
zTV?KkfCktA*sBL@dDTzPL?E=uA~P<!0?-yOXa1`vPTb$?u@4&fsOTi?fvt(6_g$&o
z$;?57)y;OJPu&ANXF~Oa8N|%^F5{KMiu7FXXbFQ@B(;5G$J8W<Y9i2K5V#3lIe$(O
zCzVkWe4Ofx8~$7sKeYkc&%PgcM0iBG@`_%^l9ljk8LRV*N3y)XrI^6zN)ir?%W5MR
zX*tOFx{Mkwz@0*|S{7)d$zrWm>{HC;@>hp9O^^26?HL~Y3a|L(GWr)W4b}_0z36hn
zSNQgScDZ!G32#uO;HshQzIGrv#AO{S^aQUMc`eDsxJOEDmeP|Af7g$H^8|1@1CmH{
zJUBsTXXc0Ct<$1Rob4sZfu{)PbTfNinacP9nssz(X8A?wuIa6O^h*a<6m6<_a2Vfn
zaN#}6K$burE3parCwJ$gI5EyEBgJl%7C(P>k{{FC-o1^1GevZ%3K(*O$UOgz(sx~j
z@ZJej^BsMFF1;jnk)gh=+|DN%PRXV6?r!kO%4)6x8eVEGDD3YTbO_ju!qRcEOHCEo
zu~yjWjioRkId?Wl91(~npha_q%2eK?A+7dzmvHxRMuK>&3&&^s%n1)Ev)&-NIx3FQ
zzGI3zGH!_AEWg})qp2Hk;HoHU0AOk<T>sNEXm#=5Gxm+)1WNgob)txjgl-SRTOKJ7
z*+<R`{ZRAvkb&nBGr+Mu<Ufo{Ubr=9>W_R?c<1}y*3SkWy00|Z4==`Ti(*gb82WpO
zJhA^#K;@j}1_$r_mFOW<E(LhC7#%rVY70s?t!s&r1{QC?Eh&7kr_v4K+4e%1SXC#b
z<XkfR*@W8}7r{Z*PTvbFlz0;Z^d)jcc%-?c7y-u~4r8@AhLeClIX=@-1wIA!-H%sT
z(w<<a&~UPmeNKhOj3;$k%K@9;UEuxdQRaSY<Dsrx%Y|ry`^{Kgo#=XZJGV%`*S|!H
z;UAE^&?0ghZB&LU?Q|i~QL?Kh-L~l>*81l!v{S*d2=lvi$w(^yd2LaK5iUh0K9&$g
zN^wl}e#Nl{-^K}u;w9)sDlV6;-(u>wvBgk&o9<^8$=ia>1&W4Bf=9Y(3O;pTj-i&{
ze_@>{1(h}49?#X0C$b+5=ojD$15g@eUwrgb<aQ}@Y*N?PvQvXWi4O<9@Rv=@6z2x<
z^Qq3}hP3bY2!d<>o7X|vusnLiCD#bLuHvTgLQty=<)rsF^$3Az*dNo`oOaSv@u(7q
zaz^4!x}k;S$r)GL-SDk#ZL*tOI*+I|!Ol}5BCh=;l6==eppA<|<cy{Dn+U%9MzRfS
z_KK59W2}O;)N<cBOQU@T8STrf8pQZk>M3Tr8a6<j29D+)y?X_^)5VVuxM1fU&CmG@
z<vl^vc{n=I^)rpK!HeEy^DRI<c2g)O<4eR!4E)44kQN(s&P?r#ez2q)-|pvF2w?{F
z-vFQe%YJA$-WdpatJV=)53X6K*^L}EN~azHn;F*!Y;#?I+$=^d)*~*KHpwpj6T&*T
zkqw5KAqJ!Z3AU#JLQ3~PucPrh(;Ea28_>M*&H~-_{&11msd+E}G*&Gsk)}BEQLybr
zNmTaQ{;VT3;2P0_37RMz&u&)ji41|Qfj-jf@Q}IlM@wMewO@KNA@#4M0uKvc>_|$U
zuWC=xqi0LsKslys9<T+DLT!oX|9<47{a$Z6W`l0?Cv3(_`1V(Qf87zoKBEt;-+F%v
zycg?P@1k7$p^*{%(QE;0_Kl~K%>?8i!tLIrAoh{!3|d)nI7aU^rFMMNnIA$;zSKo?
za1Jl1{;iF9`6A!u6VymzX_A!4GP9FZrpI&4Nf?dTT-PAjqolBePv8YB=a%BmTtD&S
zdI@nnAJ}M>_^~SCQxCf^XZ{eg1~P`<@&Io@5uq@37%rJ6SYWF3L&E1O2Intpy(Rtb
zBE*@{(G|@m(~G(07f5a14cE{GgXxKB{NE5W0+w^Qn@cFz%VsbkGGPH)a>gZ=)51s{
zHiK=HPzS`$KOW9zXzv2H>ELB<@Uhc`YVeIiSz76HGX}OODC0pCrJQ%9nV;Bz1&owO
zco%lAbrXmyZzy79UgvNG9Fez&`ijT#HL?&%C5f0z$i1C{W2kwC1QrqFuN+=bECe*=
z#ZXUiL=jPpHhYKRLu{dETe)}eT#2|_cyZb11n%o7s~;#%Dj0FvQU=-|{C#te4?}m5
z5lo^rz%!?}0o2H*_k}g`=%n6mn|~2(er79uqnCiMlS&(oVI^TrCYSM`7?=Neyzw`g
zq)tC97{og&>8o7QTo&O-<i0L={D>FoiTo`Q-&HLU<69HMU=&u*Wq{udX~jn*22F)%
z7mEd_qP~GGN`(mcp00fElo$}Wv5#B4g3Da4C$dvz&FnucR0*5GbzN}pZFcNa>?vUr
zo}3|=1TZ}T)2Jl<?=R+mt^iw<tT>J_mp|hHQ>ZO;R<edo@$#k9Dqq13;+#IcY8NyK
z{t49wGV!{4KuJ#3DQu5wZ)x%+(1+CFKA4lt`$?XBC;p04J@2U;vWxR}meO19U_-K<
zo?8<)jsd(`(!Rx|K|G$C41XGVDZIh=$WnI=Hp<nz_|n2?ZdSHwyS4p+kxm*YnU^ge
z4PH0_c;*x}$p6&k+05)S>t`%GD&EpJ*;alht14`>`SAsCCS0zt=?7h*7x$yiy|1sM
zE7J@)L+!HgpIJo3{`@@ot()BD+6Uv5)m72l8QHc6lW613CN4sw&-K@(8`5T|DlPsn
zr+zbdsAj2iR*jF%<Op6H6t1CBEN1yjiMj~X@duCT4y}E95k(4k|D!i4fAvTPq?qa1
zucCfhuw1v-a7Te~(qj28oElh-GKh`j%SiR)JUWiEJfc|<R?=W&+kfm3M@j+_+y|-)
z$cLRu1O>N-x~q-OfA&F}Jl;mrt4}fp_g6?vxwEQJPq+T9Oj<5J5?W&$8kj33=a8+0
zXVbKgK3YpwF)5!oL=C&ZhZ7p6RoSc+s+JynJ?W9kVvBp^J6(+!Xj3-CA5T=1jx4uP
z+czAinKZbP=eD?i7?t=_oRB&!Azp$OT)LKQ<!!^*{y^UzA}A5thT003RxttOkX}X?
zKgL=}cG6_ED4WqYUd@B(x#}UkYLEEC{sq#epXLk+fv#`ZCO*W+2fOpCZ-DoQZkr#%
zZUvXUEnZLLY^l0MM8|OJ0(UP8D$XJPs5lICBJGAy@q4%Q{`!uhFeFovlI~ivaFK*w
z50rIkwe@Ac&H)h$`ZeSHxtZw;o9UgOEMtS(wn;AY+POn<9)bf<w<x#S9FihQbZE=i
z*S>9AyY7>hz-nwIyJP7wU#@R|#^<-KNIiTH@G)n#u6?Yh^Nlu?Z5JA~w`u4*6j#sb
zUp9GB<d^z@e8*`vN7<yn@X>)1cK)R#EqZqo{v)z7O+L@2zTBYSS}wqk?Wo`ojQRU$
z^HUb4on4###5}|mvp-uQfy1m+9y-VA5F^$&&PdM$3UcP(j~=y|;0(=-%6UyW`EZe^
zqrC>%cX-yHPuK{La5kH3-ud}IN1EPo4kraw%crvcSP#<(s)|!~S!?nJ2S!e-+e-Tw
z;2n^qPYm*=&_F})ZBTc^O!`kRz?^ldjf`9o1gpic^hvTYsy`phv?bpG1h^;{Us<tz
z2IaT=+1(BvylXZ*MJd4q#f$_o2$Lm#3+b8%8oo5C^(Ar@O5K0r2wRtHA8RODZTxya
zYup+*^8N*vF;4PXT8F8E(q|$eOM`p6PyGa^0MFWrG0wcDYJy*EC;R=$<QiDQ^$kN7
z1Lu6Tk>>4_YXf=g&T6|!`OqOjwqD#M%L>T3i=TAeT8_6uI#y3+(+LHEuHz@*(maqT
z?nVe(H@vJ^a?mDN`dmUI`wWZXY9lAVbxY|U+Id?UrWuob<I^zyXkCr_wO&0?Iu6UD
z&o8b{%~ZUs3+ez5=l){wTb=6<BdgE7K37(;>LESy?Mr;Ea48&N5<2<~B#Nuk)MRO}
zMachEc8Wl@U|5CYZ6C4nhf94s5u)H=SliPXIC>@-xS%z~8NaI0ED))L-*~`=shzYH
zMmBs<X7Kw!o+$fn<EyO`*wN>3`e~I$Yff6*CfNooS+LJAty+#(KpH>(`Zg^k643w_
zzk#hC%$*>}oc1W#!;GmvLm+CG$BMT~@XziFf)$AaQ_`B7?kBDwi7g5#2+s~P8w#*+
zs~f}GVH_R=vM}BhWUTdv>lbVV&&`G(RXU@|S9%dt*s?KBHkH~ht=}_l+S<69rnnP&
zsl(pl)s=|*K+ABtDX6>^7FmNEv39>19iJEUJ=?}sUPP=s*seW9-#QoAE9I|QdLS=Y
zDC;09diX>A03h>u6&?)FHDIcgEk*q4Zi18h*DEl;cIqOINJE3IZv+jMuuCx#)hH{i
zo-kWbJ{m&sn$0YxAA(_@pb`;l0Bb&a{)zHyYTKwOv=Lu(h@tsizF1cqDM@;`B5%>s
za13`xtOU(W!ywW=4KVMIpM&h~LY)}ryAiipJw5GCXn{Q5J8cu%F?c}Y`uKWumHZ60
zYKD;AO@<C_p<}ivd;XllH6jM#AqrXe(GqMNH3tUc&C3Mr6&2P{L|u?W!&%e0{22WL
z-mOkPk!QP%9t06`KsVU$^HA*tAWi;1jT3=JeS9WC%pm!I2F<`vEvBk-I~=&Pt4>U~
zWh6Ja#@|tBDUJIWz9;O}Mp>SIVd3MbV2rLt>oeRpEsc{5Kj2|~ox|KYNJ8~nDDcWq
zZ<>kjmNO@}SzbT^{jzO1RD{sL^f_U(3u?9RANxKcF6i&z(jRI|9t)4H<eufljSO1E
zP-k1qW*sGk-J$l<Hx*rJyDr03B98~7U#}m+zCHl1W-R?&xU$5I*KA7Je!zw2HX8}B
zEI;3!j|Y4Brxnd>5Z42vq{=GCv=&vrW$R0=-9%0g+dhNj3~P%B!H3NlyV;6mf{9~&
zuDtmrm6cnQl59Y0U>()<p7xoW;NQ&R%wt+7fR<uV#Vw24;B{HB$MyZ)?sLeW*H8U6
z@^cn?PDlT0qEV;Mt}-COrD7rB=~!6~#Uj5CO)V*fs-alakcTOQ1GnL*#7|p@q%>LO
z9bnw;kICppp)I^JXOJxlgsj_1=o$@|Y93}2VLDOt>F?q5W@-|Z$2WzyU9|Z)HYd(4
zH&QSraJA2zMV8*pkT)C+*}Ba~ZA2gVg~3zCnL};5EIig+PKr$&IYV`^Dt04ozQ@8x
z$|#ZcRMKF!R)4u&547y|HLLH0m*k{r^0%n^AnKPzMx4xQQX#8}!>~(xXC&2zMo&0B
z!cTWMm+r?A#qy!VEM6qtdD7!kg9{?x@FuVNTaHYcvi6f}bm}M{L87(%gzSREwcae4
z?1quD5XPZ#nv0&>3T38@GFSg(5dlnVy6#wy(}9ZR7Q3p6$7tjbbeQ^&z(-%tBFA&!
zFlM0R&yU>>vt}(}(|(wGyVYv6U==3mx<h+F+urdoO1!S$nFMq?Kq0~EJD97TL)`w#
zq$Q)y3&-L26Q(|z9CqOYGit|PDIzT@MJpx3*Ev%P4a-I3RKo4K`v<79;(~nQMt-NX
zU}e8`etC{3s3Ic+8QLnAHz`AH{CZz>7e|s{75Q>259ktaV%>N7Ngq%7_;LJWn1Nro
zzN$D<(!43FXuqe(Os{7(<-y%GXo^P#TA3L!XSM>IG_N3`rvm=$9k6q1>z5V2W$_#f
z^bYURKICLSh8%xQusMPJA64H0)YKNWOO-0Ux6q3sp?3&HItU7i1?g2#no>lFH0d3r
z6F>y9(65Lfq4y>zMO1nfg-}8Q$vN-fz5oB-o6Lj^!!X%rt-aRw?X}joV@8&lMbLy3
zUXGJ5mv1-<+bAO0E<MZ{$!DO_s_U^LWPciD!5>O3o-zS3*ITvqF||-DQo@ro@XI31
z0{HUkw*51$?{{u}q+9*@CW$HHsu`=-&0U7A8M>ua|3_g@%W!8T=h-rnqYOvm%smD}
zb1q>;aC)bx(0h5`<7L0LJ&?RZo<aWp*RPAfqx?yVgYz(alX;Q)@S6Tdip@BPMNJzk
z+EFYEfAnO=8UF-Z7JF_F#>+?=rQLJ#+)&)xHT5IpsssxR2&-16r=^BJGM9tFHM>!h
zNQoW#s_1xIQ(_iLK9ROuq(>-o?AsCVp)sjN9$AEs&)X;ao!;?@S?oz<;KbeagfOhg
z)?hv2tAC=^2AzHRN_IfuJB)1re&z7cRW!0hfO~VRlt?MlMnaUOB&Hka+vj>n0wmzW
zoj_7jq&2+8pdz1|uL&Jy%jY!3B}7oNQ9i(5RD%c)k_*aY$fU~iYZ04NU2nKAw<iRt
z3&icARA8yAG#q|y6_0nEj@9eHH_o5?{;}o!8n5`G-~3_D<x>|7n)jjMmCFpb5(1~Y
z_Yv^&wkH%njB&N?!1ITldUcW$oA(31G<th{yCJ8_vSc4q5+^|Z@SS}khN_qT$en?2
z>Ht#}v#|qzk6<i%HC%6;QHJMiZ@>Hz%k`=$pHC%kGigv1C75Z0eLJ_>0i$|!_507B
zPqZ*tXO8-l@WDh3?Fl#_mzsr2J0EIwM=k`%6&j?zDlyr3HwIj8^H|*<mdSaSj#Bw?
zgKqbUhwS-U(Ue0!sEKfC7J2vaA#bwLZ4!r;Uy^(Io1XiYbUJGIu>rd9CY>b-#N%^8
zkJm@`_rDJY42sb-1d(&B3OdJ+2X`Oc<a$|#t9OANUg@u&zW7S`H_PNg-{_sy_d`b_
zyZh?~F|V2(ZV-?6yLumgNf_Sv=J1dF=GzeFxprbOcWf`WJ-DX9dSs`kmL20#7bOx9
zh4ttvpUYjh%rui}r{1T85+!{z`e*TjC4pZN*D(z@eKJIYuc42B)kxm0-&fE=mFR!n
z%&7;C_X0&Kfc@Z>gOV~Fl^`3)@;&Y(qxsvznFvOdQPl@(JNn)Q+n+c0875=*<%A*v
z`T<dOtS%^1ZpM@di){c~A9XTI2Co=XU$$AyU?i2L5+@0jCRA~2m5`v6Oj7{p+~jbB
zR!69M0<Awh*bH9lM*Q;Ko4fQ3%yL7jl8KOW6M4al%uksJZu=Xx*=YZ{C@aEjJ(@-X
zYXR^Qi8+TJ`{S#q#!3r7gFcTShYvhSK`i@;S}`R$#7$ojf67u$e!qbVX<%>gN6zB4
zZ$y7;c)xbYqQrT{>*=h~_f<6ey`QHnlLbvteP>=4R4p6%CuyXbJp2-s?+*u2*wleJ
z^RxG>ZhHv|!d*+<M4ZPmh;2O`$eFRt8DGeU?~dq&?3W(Q$y=(l!Ede_R!?*6es)*K
z9`F7TV^z;RwwUql?W3tcmmAb(&RO>lLY<(3*MBKms1VsN-8Np=Jgs;O1f_iWa8P2b
zF~H<>0#D&L&+7N5vQ9pP9lm<2_gH;<OygL(g~sW@mgI`>zSYV)znhpiYp7c+>&l8-
zt*N`JQqb<)#lX6-!%?x_!8wm&DXow1Gw5Vg9n@mWu58Kfg@_W`@cXYDV`fKFnEupu
zh3etRVWA^xtx6u5gp*(IjkTAR7{zTv?MN}>r@0%J)7gyY!|gaOMerV{#%)<06C9cb
zkabfb(r@0DJ>sq*9@O3#ri3P7wV0pbqUgr1&u43}T-@xrU`<wVYIY7B$DtVB^wN0<
z!_!Q0w@(<jWDtUf7%@)v3BUeF_pV>Rxmq-iCK&Skn9}7WEt14rw{*SRpRJ=}2R0mP
zGUoz09plz*as1K6cklSM?~yLbd;=fO%6(COeKD(QG;45ttZzBT{MtDUuTw``h255k
z7w(@pF2`jdC4Z&ldN^bHDEFy~Zqnm{Kc~Y-o7B&yD+4nqQ+YH@N_ar&PJSWe#mGtl
z-f5VaI4R>B*VJiNX4qb##za$z*CJYV^D)+D;^^4Bc!bFNKUx5FF7NUu$>a@XrnC0K
zq2|oq4x`2n#)WV?Z8C(XdWD`dA#edy#P8~1T#R71{l9*Fu#EcsnAU@FAxe9d2#tif
z4K=kGuYAj61`5d@w=f*)0flP22Kj0m25M9U`zm+#YP+(x%b6LHC-hvjo>%%=z@wG}
zCOZ43lHMU_6|IHDXOiu)S1<2554^C90@fF$;BAkP8IKi+C=4uc^6D{`_dryFgPwmD
zsguS~W;aA>WWcHF@7sb=f7kyu6uxBcE#s-)048<RBN$tshJGz~fhFlqk~`?*#&xt6
zU)_klv41r4#`+~#N3b~G?yKo^5^=BxZ(S80Fxz8yBrI$!3~b7c4=^HXa`&4Tq>qDr
z#BMeEeHPI(6=4JQq;FsjcZZjvT_PRy_)n>O(`eHX_IH~uyN^89{q^;g?xkw7{O$-M
zwiWh}O6nIh@Y?8>Yq^x378x<CPu%-%)_{9=oNfO>@)8m__~+4gDf>u|Ci3nQaQ`Zz
zL#;mv0^y-f1zj*%oLmZ*&WT1c@(W|zv2A->sPJPk#y_0eDh9)R6vVxgLf_V=n>G#X
ztp|5&M5PS1)N)RQ&Yd{bCUYHSKOrUhX&-izPcUxiBbfTsRk1COVoImG&I89YoaR&V
z$`8H?H``WI6<ywP@UOagO;mst2uDK`i?^1=Soa1+Y@kzL`l<t#tpmaCiAJo9dcu1;
zs8gxB3K3Z{789@0%FORF_T-Qpw^Y<P-nHDJoC!u9WP{(wZeq#dmseXD${L_rlL`A9
zkr)Kj*8u!t=;zgU3+z|muK-MGpvxy}1A6C+1oX>LNX$R!w)oM;O>W_E1n%1sCC!A&
z_!T~}mpWC@1;PU#2dCCw{c-+){i*e;-?^;6-CApX3zhWbXGrL?ZMkP^yOf&k2S8kx
zNW`D^H!`VDBL%vZXbI3oftzzRey22O7Ek1t2`Yby{n(l2R}#!0y$;4_f48F+vx9Dt
z9J!NmSo7)RVSj!p9M<k~{_uU0%}7h}?H%iRMV>25{wum>#+G?C#i`F}qsBNg#wOO!
z7pe^Z-VSkpz4;QYN8DXH4R~^TSH?)qiI}Uuw((@vP3_1t*9Zn<Y!8PeF$Pd`cJ7UY
zbX5^xvhf-E<$F?L9|mHR!V^VUI=xHB?TK-Q-!k&zdu3it)DOTMeDzEcKo1o6JL1@l
zk*M=>bSIlW6OW2-=S-+HOMQn%H*GXVas$aZddw?aU_=LjfVh2$?-A#F)A&ydn>)@r
zn6+U`aYrz(<R-%in=q5DWb9;c{F6uUeFHp_XEQ5^<Cj|47+Jm?=VR8-6wtlIZxv(y
z=uuSJGIx4OUfUy6Bz*0^szHQ~5>(q?hj6RKNYZ8_EQOj7N8)sR>ST{ukM=l!nVisd
zTh<bmmSaaQ1iOgBetQpD5_lC?X{6)BdGGdf7!SzwGk&=Q;~=_?6`9-_iH)jlSG~T3
z&<x3ze*BAH*<cvIHuL*~Zo(@oFTMm>wRq}lQt{Nw!yYSPeoIXHn5lY3e3$$+ELgvX
z+BITyz{K2UzVQLX=%AQOYn#miMW0ykl!Jm2nJ^g8{aXch*3vDZk_;Bfm`H)<010_j
z3t{a_OH5aeD~#`ycWKu4llzI$Z^j&y6=v%n=wwp;^okNZ-Q%SHFs-@Jgsu`f0$top
z$o(eNNww9}hp1Y>!Aqbi-6-nb-ShIBEI%*kE@rjfsFM@2x<FWGGk9BQ<0#xV-_Dpd
zQvo}+Mi*1}v6}PwagxL`CF%*=${)0ZJ>OtTlelef^%SrX(UFjidLkXCrihqY5tp1=
zjQh;FcnFIJ=L;t59Sqt-HbO&#v3^G0%;oV|WF(lK$@AMts(A0HcJ>D%%qmN8ZO{u;
zqHaV4?%&j!`WWy|e5(@u#y{fM$e`t7+w{@3m+L=tjnop)PeJtWx2As^orP)YB%A3<
z#Ulb4tDN0zPj#c)tjlaKPdV}#&C9^g_4==fl4Aa#_9OXs3m*(5th7K(@}}kHo-QG1
zUuyWETu_W~L8;KQ^%f-N(=a&1=;!`{jBY!2<Ma0ACEIQc#R9PB5(C0ua!jeUcW!Ee
zvvq<FZ0*l(_ffoflj#wZi@k{hGa|KK-Z(OiDNT<e^WS~Ct8a|=QC%oLTCe%^=TqH_
z(d(vD9uyG_I}gIovw|B%kEWUTJi65;k?Hf1Tc@bhfokes#phdhqlfNYfA}<7o#?;E
z)b$;keVqI5%gH%-EW;;l#)m!QUofCX5Pl{`{~=vhhxh5N59QhCEi#K#sepettA4F2
z(=i-_MWJ-7opHt8U%yHXA!ByCcG5`iitK1_ihQ%~QDrG@`?88iqs@~$qQR4TU~W{;
z&Av?eGOWAoVYr7>#MPA75CuS5rEes}Q0cu#%P`FW&F}T&{NX+b&Y8C4;tvn6{WdzJ
zHe9~h=w7V+Cj_5%IK*@`zHIm1XVD;sPU-~7d-92)T*&8{^~JYHrA!0Z&Y_`J3yILy
zo=`6c!4@I94a*G8*+*s`cQ0M$z>^ZU&&~F**RB%Bv7rUdiIOMfM2FMVp?#>!jU<kZ
zq0D$Nj0j!l^dRT8YND%za8V4cpsa;G_0p$}&$^6VZ+|ddHE-|3hzd+xUF7VGdfGC(
zW%=QOZpS@aLAq%|O&|AfF!m<(qd7NDsUpuunTNBH(iqH%ojyi^mU13NiW4(q%kg3r
zm^n8g#HveiL<TTNuoSHwzi)Sd+C!?_j|nR2C#0=cUW8f|m&)6<Ww8fL#0I3PKMU3D
zHdQTmX?a-?B{YG+MWP0mY~RhXd3e`;l{cBWnER>nMEBQAYN|TdP`)QxS%riSx+CNh
z(WCBBTp3&R_Og&p>=H=b|K9Lng79}S-G&Rg+0@RieLEX#OGbtgFOZ^FRcqjR7fQbl
z1X`5AYCf7uck0J^{Mok0V#ywf-doedc?gibnyORc8(APR4>)Z`oJ2N6u}@dTjEf8Z
z&{n<E=$d3pCBeBEij%QXKBQc<iE;t^|KYV;FC}W#Nj}xMN9@w-^02t&XNvpAbf2XR
z3_WdJk<5S+rLEfY2GFBBbRI^h8PYOomv>kV3AmrfvuXdVQ<k}!ETiKM4bZh6chYJm
zc2x=dqKosn33}##Gt9U@AM_NwGhlh={e^Zu9fKl{(Sxz;3tc9|0V2PRy7DJn$Y1r_
zZS4K?{cGLx!|u;=1virXar=8TmTMavF}Ajj6y4YOQP&OGiZk?2wp+Oa?MaGLoa=Rm
zm<Vjd@oRQnhf8Sjom^e=$CBT(aT3B2KTqBWgf{Z-Pj!1Vl`z&tLouugw>xG?8ZMl>
zeBm1WU0FoP$-z6?W(QuL2^i}eB3XDgzr4Qx5Jd%oAQJN%&5C;W=&DG>J%@>U#Fkg^
zAzK>BEwq3JHsSf=_Op1SV`Z;WI{HWb?bBbDP$y|vmMv?Hp6a)>k)jw+{<>UsO~Kvh
zv96O^zp{&^Dn`-Tjps_OG)6bJTP=RgnL0h2-xb-P0B#V+%yCGLLk*GpenL|K@$|ZH
z4Svb!UG;lV^#rB5s&`k$#@GUoinzO0s_`N~g?Hb7iD~Uo9*}_i6s37NAm>}%#>`u>
zX}>T1N<41KNAF6Rbs=t)m?@glQL*nP!twpar=&qU1m>CBvic1m5P#EbT4wX1L(TKe
z#IaYzjH`H$z3yU`y+$P4HWFKke0w;k-5b`83?SB4yo(RuQaFL67xBkvA+W`|#<9#a
zUil+?DzVuD$S0@}gZZ$&jzD#SC)W1M>+-v6{iu8Lg+z94WFFCE+pk;xXSIdX{&5q;
z*KP$m_eVrV<-MRZNxu*k?{&pfwL~o$mS;aPW51|Q)+G^x-3@DSmLJ<)FiI?yRQVY!
z^+;R?_Vl}~To?a?REn!I5v{g0nv`sQQoml7C%Zw1-V(PN;`8LzWrr1T3@GpkA@}~Q
zKJAYuafD!u^eyc7O~q4GmVL9z*2P@5OCn)G#Ka#&5m(~Ou;m4!9KGMsg|)+x@wJOf
zswNUd|9+Q8G53Eqc{NHqU~Uy0ju#^v>-?S)s?>SkNf1H*z0#8LPwV}U<R6{b;i)x_
ztS1rOL)fi3`+GL;Ua@{G+F8Yr(qA94n)xK_1wf*8D{p;w9BFZIjUc9o7^ah3OqC8o
z8O-F<^xYnAiWIVX+47{t2^X1es|loDl&^fgF*l=dAv6~s#s7>n%S=<4LH4p%@W_Ua
zTHGSZkCwpPKiY1an+*5=K<cM1Mh-vL2QuXVkHC*jzEc0}z7q9VEVAw8-p0>kf6uCE
zS&BPF_T*iSeknZ`EK%`n^iP&0f;d^9`Ch_hkB(ymeploDa~5j4;Q?v^KzgU{7a~6C
zTKtPwgjT}-aE0y6>FPJ{#BCX)N)HeT;Ai9mMkurzp-G(l=j;;>FHPNE-hCq;;NMBM
zd1@{>^YZaAF|E$*vF1s5%H#!9r8p8U6H@kYYxY|3cez73THBMtcSlc>D|#L<)R0I>
zUX+o!a?hsbDSuKSQx{R;xWvof=sQ(#jcoYhqDSgDh4yO_?QhA-k<asQ(4;=ipK}}a
z1dV79+@K;eD=GSM&c6H;Ki{P*1I{zo>A(Hqv9AAqNuHMO_N>P^8dspXx5#vV6|)cX
zigLS4`gm*V-3z<BZRzTyvkX3>*>13KX?>&AoZY%Wjmdmcz`L}hJL<80N?>9B&t^1B
z&`BDPvQDGsv2f6(@)Fvl@FDHb7r%icc>=^cf2Mg~y0otE!&N($g8Rn&KN~aoI&LhL
zF1f4)t6EQPgTqYs9t)L6GF{-bCX#H_`$9_4;OPRVHyg9)bgzw_4W(f9B-$4(yv((=
zo2(h?)-%zrxA7+P(th9!5dV3_bwK~qLr%XizMQ&{!Bg&M;|e1!1Cgx;cba}*;Q#jH
zB6Jvj?f3hef=5P|MML+N`VUnp@3Zob-;M+V1*HQ~e}1nq@NKXZ(tL@wMd%}>JEF+{
zyx;vwY#+FSoMDQbqCX*Z8f<(z{tp)xp|E@{VB%aW|LKK|YS><Z(_Sw6xIqA1Uh;Op
zh&8reSUQ&~x=l42$N5U}kz4cFyZUI36Vg5ItIiT*3?4YZ0XZ-JdtQ+)XjysYP-@FE
z7{AQLM*Hr@@lks4&leVpL*fv4Sg6M$#@hhL!6X@BQZ5lCqU{?}j<U^qW?dJ4ra>Ab
z*II$!u?%-)l0`1HM%)xd3q97Yeem1uC^-3P0OQ0`$h(_Pmp|qM71+~v?7xOM4tWDF
zTyX+_&eT*ldC!SXA`_i|3w|1gZWZa0qfXYjy8NyDqt4(lDE%m}yR5hi0FKdcO09pg
zSYG$b8!dt`;pybZPoka}&zne5|EAkQ2&i=j*~R?W`{Lpw(i7VjC#jg08o?7%rWvS8
z)4b5_q19SiB33JPF1#@5YY%($j}`a;$<ECybD$l?<a;;kzmj(D<*bQDui9FD)XEJs
zQwGevn~>M0kUup3$zGqexY9XW9v&Q;`>>Br67d-aPg}V^@GJLjklbD`^Q~m{jD?V2
zcSBugZ_Z&)gGi<sY!^*YzUWsP%}1d+U}ED_(R*Km`wL<)mX8B+f`9KF=H5QF?grU&
z9WH!o4W6JT%@=ezBx`en)qIhZO@7F}j$ZDqvkDrzxml`z?Y-VzJU-VUtJ8O(GNH*k
zoRMz=(Z&4ZOHLf^V?0uA>#cX#teHX4r=IN>2<_-kiua^<Uap}8)3kdyf34ua{b9K7
zVSH-9d5-Vu>d`+b>=8OALK8*{qyiYG2S_D>R<chmaDNnA^v^^2*!?O!%FSaZB709D
zyj_OzkaxMGKHX+9?6gqlS~q&=E}z%ZP5?H@iXN@MpZn7KPt9G+AAOX~O&e0dPPvU!
zhl%eOjuCR3`}eJIww$`64PKVZ+9nU)-DKQ%^KQUSiTlocOfY16<L{xc8ib|d<$jKa
zy1Kpoao{Z?12?A^6R}8BTmcDwHsJSz;0-^HZ4l9o?xZ4vYHMXrr;V)*k$uR>rzU0q
zWvvB3!d&&@F9Fia5z8pU*}_RVY*_OFwayjz3i``$corgcZ3NKJTC4qx{*1W(XKM`P
zNkj+<MLwQ%B6r{;NQ5mq1h~G~+G9>)>kyFm5wS4r*Eo_!)wKR_nKV)2F|Q+!R~|k1
zA+1MjO2!YqSM)*xkr$AUGo@qvxpa}FTjhboxu4!F(J;f4ttjwjqzEhPa8bGz|NMBu
zq%5(&+XU&aM{06;^VXlmgPj)(i}}{EAlFcykX4Hr#<qmgB5lEB6^!z;SNMYAQ9ak}
zoICGu3EAK_TwYdp3{w@1V+M{r_X5|(E^!L)C<cf7UjDH1Lv`lo()#8;+-&--o<wga
zIkLm6-5}T=<_$r&)X!Y1*BMGnkOWNJphKF@%h4Ar;BF@3ds(QE=jmdZ{vtkQv6_78
zb?Kz83NT6-HxPMvyGO`I_C=iJcv$Bl;|%!yM+qIn!sVFsg?g9fW!UC9cqb-2{$m1q
zmR({R7)+qNs~H^%*W1~hctusyI5i2rhSiaH!uf18v$U?&ThoKL%3x#9A{O=X7v3*%
zalN8i5RW)89R&(iAAI;8FLEC%w0*g{@Xb;fD5Vd+ZQMnwFMQZbI<Xw*K=khIruXr%
z&Xrc{0B)n1*Eyf@=^QebTtZC()NF-V_B8Au3e^1Sq8Z^n^G7QK3$p-w$@|16Tw>~-
zrYv#pFvET}qhClyRFc`|D@43O1{L#9(38;b$<7%m!9e!YFy`w58Z7lzC`6SLBM5TL
zM&dbr+?eDC*S0w(xN%Z?r2{KoUp){!PbgVC<)lPALTPdIgJZ_j`3n6*eJKd1&%<Re
zmKT<|VhO$bDCSEtJ#th%8g9wYhzOJYv_m6eF2WgpKjTL$wvrAE-Cxb7^QRxwopou-
z8B9_J%nJcc3zR2d1}DPko}iSwOeHb^KKktt5}G`jho`v*Ft_KOX%8WG0Dlgic{$|T
z3B%7J-LQ*Lg}Byl2Y&RrV>N9MmU#IS0k`Y90!=6&$E^wLIp1(Iti_hzSVktdLytob
zLX~{?>UcsiQtKOGW<d#LK`E)|VK|MA6C+<}OC`)7sj05zMlALrC9+aX1^@hTnk&g;
zhgT;qzBLM1Uo^Ni#7|OWm(;1Etn67ZFl?+>LF)O(ZX)U8Il`wfmZ7Mo6ZK5)T|eJF
z_Gaif0xj#o1r689;k}_VhT1t;RTA+?NN*LDp;FrxtuS?`sh63_9a%sOXX%5{KSG`x
zQ`q<eJg-n7D4fpk_%@<{l>X=gl|iQ!OJ3-&+*Zb?+z8dF#4dI*{|$J<RsPdH@a$DZ
z2hQWh`;f{&BL*h77o3U|(ZJrKu}t5d?`N#p*|Wr_q7^fK?!}$9+^?nU9Z$HF8=FMI
z#XoKF&`aG|^LZ7D*0`#(eC$cC@qxFRK!l)F_yh4IyPx^Bes&?I(TqE?Pl_NFv~e7~
zK|B7<>;FpZGO|Q7u`M6wIC_t3n~A!|=it}vLoADP1(@ffRosyjHz|Uc<Th;Tz%jK`
zpU~sc(0fMOnyyXeC}LDl{vgt_vk#Qe1B%1OZtaip9!QC=mI<W|H_eR~vmE-az#hh@
zAbkiPD-OJ%o^aT~*dclg$qOyhp=D7t6}i&j*dM{XF}u)quX+&Ht7IXcg%C%Y14TY~
zmlXsrIEUlR#45tTUbn$m{!{wiUHHy}$?MY>gq(|uCK6cgZFcKYhl_4-gk6bQ`PM#D
z+&Fqmre?%+nL#Q%8voU?fzS7lCQwk7Bxu)q;6Q3=E2VuyAE+cb4DA|ki!AkDPZ!TC
zkr1?a05vt7IpdXYXSEkPExqe{Vo^!WXI*avL=4&sDfa|fg}o$d?ei9@X5NYTwmp`p
z4AF{U;Wgw9zR;=a@W6>%^qW4Zgu^MgGO)-ra%RMTFi6My-*DZ1FlC?)!+D9Z5q+hC
z_~`W**yk}QMH72*xcvuuK>X1TFL?GUBq-pK>I2ZzDF87xdx$;{i>28ac7uqUrf_Nr
z@6!B7JgPYUC)M{Kacz_UC0x7W3VXtjwT1TOh2S|}+PSCP{_A1=NZNkQgU26ki~s!P
zE2HUnAIH14UBCULYmfp`V5MSK&86HN+q9e;$EA77;#sMk#i+8-f;8J=Q;1Y0bMS&z
zNO#e4*A8Qq*(g9JFakUzIAT>UN2efs2ySQIJ5PunMN<Tok0Ry>g`<cP>_Hl4ZgCcF
zbBkqb7Ic@AD0yh-bzrFsaxg`Wq9et80J(HJWzh2=jV(nPe7*d6-9fIkCsOIYiOSTf
z&uf<=WOB@M@V93a91~o{0&R?|X||?6nV0Qbo9D6aomV1q86B3)JGJh<lVg@>d!zC?
zWoK}ovV)vwCd%##Rq@14!QlWCeuBu5f11)i-cLJK2)snR3D*ij!XP!BR~-42Yrrku
zb|~0+aJBXxZ*SZd%!suTISTldPwv2#(2>tvgWk@e>?2<lkI6;Pq0aVj^`stWMV812
zU@oLG3Mik>pP8=#Q<Z`S%MKWetl-rBK>Lq7ZX!WD)-Us+3w_XM4(_r7;{_*fc>|oU
z4S2zl5e)Ll`+?N(%p&U!hTmi2S5HkBdde@>X`$?4W6lE4UQgnGckiFJOMiSpGx#Om
ziLBCXaxogdx8T6Quw+nj@H|(%JB%=$Lw7PUV-EYM_~AOPgTaz=G4(>UC4o8PujmCL
z3&BLmK*L6l+l6PL`8@N1vKs2msOC0vkc`G1qOb;^x7;eB)w#UV7P>tGyvI;&>ZILo
z#N?(R?i1e0f9_jQ1|1LJ%Ao6kWz`13+NaVy^U`r>0M4;o^bav5n%YD9)L%K`>ebmZ
zqt6nu&WwIXw%_?6?KQU#pfr(IN>zxY3(?nNA9FU|CESrt6;6RB$w(9p=@MLn8e3Br
z^-x0oBY3Tt<#Cp_^ET`$+$a^v8(%+Y8^sxvVxH0L{XVD@ReHAf?#ew|l7q%n!k5F_
z4v3}Kj7Ke%`)-tbxamc5TT*R$u!73Il;Z^=j%r*Xkz>3mbptnm8;8d8#F3hJ^9Yah
zABxewr0Y%IfZW)Aq5z1kkt5Q5ib6CZH1Fu#&Lb`zR_Erky=>cX!y+;kt(;b1y|Hr+
zqEwA&K8HM_7gj=|jbQM&^jimOAu{0cmp9iMA%PHvz8CJuus7R1^9v99BiNxU-?sHI
zykNE8dwehy!3b2pSqec}XfF9MZ4RwS9Q5e8?6_-1TKwQdLgu3jYSgx2F~$DD?A!T+
zND=zdc*#nd_Plu9JTzgU?R}Wzkh7WTQj5T5NI1ce$q}sA_I0Jq%qSx!ObVXY=0DSk
zN_w>abvZD4w{Elkm)yPoZPlGQWLzUTirQM(tB^fUTYIV4zYLo;2fMclX>^^clrlFW
z_@fu6c6@n}vpBkBrdJHSNOhZ#UtQidyvT33sXml4&;&U%0?h44VW7JztzNP4LGyy{
zG0Q5%jrCOvun<ro`a+$*=q(U*BO+fXgDVZ|tEof^Lz|v;p&D<&UrVric`^FB-xYS3
zgBR|-^;4GM2*%Ar0m<;-+l424ci@%u7QmKP=62X6v4OY%OnM#DiUX_U6PuxKkFvM?
z3M*_RDuY8xRJ2j!w^We_V(mwhxt|A(G!N+1gt-+_e>X8Vc-1eDP)4tWr#tTiC0#gI
z<PF9Y+D61v$Y>)#MS{h1+0*&+B9gG8cq=HnQhDmbg=3q@2Dy_5eF$sDqI$BXD*r9@
zKEdnX(AA9y1%zbG9!TBHOC>tEO}%bDn}QtQacBhZLpvC)!#Rr^AEl&V6;}qn4mPoB
z0V%@;^J-ZBuPrpKj_T*ws711<W{oP}tM!i3Jh1;$(oVd88qI%t!gp)$kL+VO2ThBk
zj>3l=av92!UdLx~ZuNYhX6HlJ#UpX_9uy=Iheec?`>_VQkIE(GI|nw-E$sP1K*nRg
zf3+5BvPR!yQq`M?jmF)_#?3jLg`)c_j1u&iY6Z)`0q9ECH{AR>%m?UQNBIDw>#!d_
za0?24)#_2UPtAB+M=?ck1QNogyPo~2H6my94O9YYMm01;IYlcw$p`2pAl5;75QRsK
zg1>w&6x@)Q28+4r=<8k3f?wc+^bA+k_se3w-XN9cUk<FRy%IszkE-mWVq@QJ{vGRr
z%F@HdSpYIA>#MB&9k<`NFBgmZ$G*_iUgRA1`-eJ;w9fAmyDvFT+n32%=Rj>E_CG6D
z4_LLVxI!I%65QNLy)H2eAB4LUargIU4lO&>c#``MeLLjNVpXp}&DHs@JC;1Zn^emT
zZPN0H_p!}$3+~7_LyD&wvNiXC?mh=)AmHGsGO((uaZew57F)E-x*H+@)jCYxLst?I
z&T(C+aj0`aR%72|&=^F^&sEf!R%<0lXljL=S?jMeH_EahJELflKh_#njZIePP*xl)
zzr9;GxkDZGP>LxL@zKRWf8*4EB!m7o(@<AHBv;i>VS6zSMmSk8*Tq@a&})!RU9m~e
zLB|$THS7Q*C*g3uUEfCDZaHoV79w{-&e9=8>c2RQ8;3xw!&&3}3+IgYG4@WUaSigq
z>YoVo0{ap&|H=@tDsym)IWqTi<D9S(d(K#ibdpT!c=Erd_rg}4r6a@M@~M1+1!;9&
z!q3;6hx-a4<ERg3I_Oh7<LGf9dHneumOAJgV~~wK`RYUYj#iDxNXAAa|J4wDio-f6
z3#Q@GBcPEMb3EmB=r&5m5y1N4Wpk(Aj9e6H1dcU#4m}3E<d5P%rD3>4x=v^^d#Y~a
z9r6kYI9bO;y<z&{k?doZ-0ypQxqg_D_QKuB>Orz)SHsmnq`H-VY^=bZvT-F%xY(ZN
z&3%r?wNgzHkWX8(B-ovSDRHEY@^;*@aRJoF$$G7s+0AsR8j33rd>%7bIHfap!d59X
zNWr4iS|pJlY%gb=Sv%{paPHa9Ldg6olu_GOO0vaHk#~qM$1%*wCL;iaOnf1U*onSB
z1s{u3CDMAazbsZ#{<M3CvB7xtq;Mxq_1QAq?iNe1JR5jN9Gnxn&~3A9<oXGi+`!4=
zVbt=AWbtzNU1PnBGDR{T;m$n3Oc%y*>2k&vVhZV+F>s`^g@}eZF8cN%i|Be`s@UuE
z4bC5yMA3aK$Lzh<+U`7%OlSK0dDh0)@{=gwA6i#<&Mm{lFt%)p^BhUY4E9Q9ocR?T
z#X#GKy<)xys}hG~CW7m=cO?LWmLjf$o_T~WL=M6z-2cNSj6TQ_c^gzpMMeSYrS2Vg
zBjT$MJ@0G?i8iUTD)-u`StB}<w%3SSN*Rb}iBCafXZR4jSCEBZ9UfK)M)m5f4E4c;
z!g$|95KRx~C(2TcWbk=o4Mj*7v`(361JwVkQe&U_eI0YIVGiLA&JtQj(ewZNhKj)-
zOV{bwxu8kjiRSV1xjOx}baeTpK;*~nQN5=Pc*UQ(`}@>RGGa9DkcXj@cME9#<|Jdy
z!g7+J6aF^KUOLT*!e+yJ?kY~2o|E-}Rz3_@Bdn{<IKHUyB=m`7Ifk^23mQ>R1|^O7
zl61CJ>!YZ|kz{JGxyoL>)Gn3nb=#j=f(ZGZ&V7r!<;|wNl^{PlkJxQcD9T_YD5J@-
zMZqW;I0_tyzbzj)OtY4DhX&Z4u$-$RuA;pX@Uu(+MTf<6RpLebkUPySq^BtZrI~`l
zWS>Z5W^pUKyvQC1YICyJ2!{px=2*OWej)N3u7B<yWq>>@%Jx3N`(RfY{By`*p<W0I
za>P@eF%v}HO17{LtIhx>8I<?1?$-|52~;Na_;k5QMRHcIIJ)BprJV7LEQXI_Mp9Q<
z?_0*WAdLBE^9lwRBu=OG?hd+odgO^1tg0n-`GUq~T~uO1r~~KQ_MMi;-MRUMf5Ns)
z<XWOPrg)xoBen)u@95k-+bkubMSgP7Bo610h?Qz&o-A=CKYGEw>Z6AC)$qdoJ6ZUq
zN~8stsnb?>o@@B9cFVz%g-sMfdU=2x@mGitQ<ghY_2K0V7HMUAfkNWayM~G8IfpB`
zPeXlx!7~ObBn<%?3fI1V7-m)~_bLDBDHJHDwqJI>nq94Z&7WQ{iq2Z#Q~viKx}33G
z)Xv}s;K)VW>Z_L)Xs$t_fn~L6$A#k=)HEBTUQ0Y~X;C_!t`a(VzdK6yEhhbjjj)zk
zbp5Nuiy?i+Bp(ChbX3j0;_ryBebNq&`uWm~28Pb)9RGcJsWpne9U`G=cDfO=e}|8t
zRA3{K2Pi?i816BC?)K!4rC^lur^c6fC<Q1Kx2^jfvT$8LqfiiVC12WdJ!ka$gAS)M
zkoxWRzsMYdvs>?|*)x>E(Ay*6<Nk={KMrmOubYJfmz5#d+nj>_5pqFR=sw~6<=L|o
z`u*n6y2BUy$+GC?qN275IdP@xQA9-;gbnUI;7mj<IT13hd_NgyB55mPO7-8Eo(i?>
z(J+Tp7c=f}&u-|iCuB;o_V>h$S<#K~oi~Vf<)byK&={t)dya}pyu8?GY{w(2!^y}*
zrXbQRBQS9%^@X2YeP`NY=ihWsb(Ohj3Cj5<M#b?jvrFq@+bSL<AhOVBWHX9=1du&V
zO4jk749_Q;*yRx|l)P3LA%Sp{SqQr=sI!&@awvm3_qQrsR{vsw&ND!;q*#DV7%#XJ
zyd&`k68rFd&h?j2q6`V+pUdVDk^G)m)F3hoL?#i^qWM{@>jd>N)_kGQR(G!Z!2<I7
zI}q#3L|9PPosfR~`0ub4-Hx{YxXO*E$92yu8KcU(dZDYKG(F<Mo1@8L;*Q*Hgyegd
zt@bk<I+t#Mlxn!Mk$^KFzVHC&1YsHY*Hjh?-&Z%Hd?WG!QuU|QQ|P~JWF-MP#FWke
zrLTt}@zht!dv<)c8LrWCc2csvXoC1tY3GimhsPNlZyrTj6)p#SR4O-&f|8)M{W5wK
zIY&T^B43|BLOUY+mwe`<VlP1S`HtJlYcX-CN#x@FLV*0@grF?3)>HPBYSj?}#YlIs
zgzZ#C+neFfEZmqQ`pYBEs<)DnTRZ{Boq?iiBR_o1hY{whew^djo{&#zDY0HbTxzOP
z+Y+IEZxS8}kL0{S8M78k(rfj<iwornRZ1ioo^Z}ul^ycmCA}y${gu+KUgrPDa6_b<
z7E@>jh<%YTmJOdpb0>v2A=DX^zQy6^@4(=rz`AO`Q0&znAA-{gydNT#O_=6U#H(}l
zc+Ns(174*N*@SmU`2Te2@2&XqJ1%zjEesmn`p=v1141n}6AsGYa=P<@Wj_KmgjDFm
zcV_!zt7*-*DP4QvjyJj$4(zREuOB);{)7FNYDLi0mu%S&a{Et)zB&26>D_VphZn9M
zH2PS?!Zkg3fa!;SQp|QILvhl=^l`qo<PV-flJ)=Z`nK7p5LY_M7+(t>ksqJ2XhD;w
z0@;>)p%B#!?M#wMv1+1%;76uTkYvOe-Hb~?`w&c8y9OzV&@xld_X+n`AYL+$yVK9!
zR28bPwX}0j2?my}jQ@X{#1ZrBDE$@TDX`S%e`HEvXCKrOu$FeyMSeS+PhDU-4}}x$
z1Bx5INZs`a?Ci9p(&pgOg}2z)Oy0{}a-T1emf<hKGl@LbU+yK}4ze$zcGI@l323#v
zBpLGh*w{o>M(z(OOpX6Z#lf2&dnH~WF?4k9H=<#Sh4Hfgo1W>MJpVoJ8>?8ZQus&~
zX!ctooJUjkba=<I5q<ssEOfL3VbZ@Q^h>40MvkI8QhQw4HeUDuG>T3KzRIBS97*8T
zLlkmU?`(Wf0y^TX^nLz~@M0A4jUYlvE^}sdi7~nAh9<m3ufFV$N=cyyUu<c?%26~#
zwGG!7mK!!Q^P*<!Ya3KdZ*ldxES8T{RdDW=w{Aenlt*-BxMCO7pos62cQ~u!L;JT1
zDp3UQtLCGc06&sa_Tger*m0pR;nQ%hLrDK;b~x4SA~|~^XE!=Cb~5=h>Pnw#W7q#6
z)i3##$ZFBE_%qDd^3|Ti;6p-KBSK5NNN&x?zY(pa{MToBkrz~Ead!+}>XWZVrJ#$`
z>DN6!aCP*dDj=dckDKpX0N<?aLiU7c1sOyv2P?0ebwE7}ig=Ixg+mksvp{$7Oq^hR
z@I7+5QH~9%tBNJoJb9E7_(rAQ4OeQ-_K$HF-UR1&#if1e)Y0C%|7Xb0eJKDl2B%&0
zwcr3IMm}#CTgu`lUy(?QOOCqr*@t&|c#7}tcoa8jON-H_1VcUxdrAEQEs4soHs<}%
z(e`;G#2unpRIZNuGhS(usHe822WOd1>6DzTYo|7z{~osL1(lM7qwON6Oe5r{x~6p)
z)Jl9^u?65~=Zp>Jf_EgG9f6U`*Fj#5D2h1@$P}JBGd^J>8L`4l)?E5$7Bo<<xo!G&
zy{SF3smgl_d9{s1q7t+Kqv;{p9Uz!xa@geG#RqF*9r%Q)dPPOqV%9DXCW1w6v6XI4
zkFSy+bT$8RPBdTg-zM`9TJ&3JSD_2^gGHogugOZXa!`Bvh&#l$PcvH3a9zoxD$rVP
zv!v7xz+a=zKc=@``sMRq9A=ZbCy-Ad6*mV8fU@$#f~@aLGE?Y|=sB1>(kY|xc2-mH
zC}49dqbC+A^&452lq>8GnePAk@+^UF=iKbf-*chAZ<stQ_{|TQ1Vq>jsiQ$glXv6~
z%7pFwaRbXw8tfzGuS)Zb6KMhsDQz0a+<S|Tl8fdP2qjBnZyj}H<EE_TN^V7EW=Z=W
zgYB=kj(^r9B|a^G(!K9qSylC>_2aeRM>E-$g%Bbc_XO@7fHklNuiWn@2k-*qXF?VM
zxsSXD+&39PaO5h#FIQqtT#)$v;XK+gid99;V0G$on;XaKo7g8?TcSI&8*lKM85t%e
zREV~kjvlFL2UTj+<xz2_i>k8D=Kx%cbDINYJ7>(sNYvX0aM!sDnAAmbDH^q+(mtiD
z+n(KwwXw+0D4gYfzk#${%xbMhT?MiN>4uzeE%i4@iUb3v$!q*&6TC*EF3ve{zvgpm
zK)4}22up8S30W(G-}i50n|FNY78=lQ$f@j7tC$}&t^>ex;-%9<&80q3nXZU|<Okn9
zOd8NX(uISbPh*Tsy!0>5Q>PNQR_@aW?KIX9GKdnVwpjEIat>?&-9UYbAs{%+*CYj*
zh%tdCtsSN;7<q)a+q(rL)yR||8fh1A(DzubOwnYWGYc}8f%me{@UzKY%B7ts=<H-2
zzCz`M(}D+B^0O@V3regV2lKn1L&;v#Wl#{LYu|&Pu!3vZm8)s1wTEfmrdtkku+Typ
zXHu02_^BDTYR7kiq(ygyF|DT*V~ex33v_>Boq~{CpTW&<AQZt;e6G22Pm%RfZQlaV
z*>WROuIBck#-xTPagC~hJL3h<tO&64ch<kb0Zz~iFagX!6L1*tKic(Nq_<X&NWjlz
zUJKsoPbFFnkvLqJG3doj*k*Hld+XEy#e^Dc%i!{t<k>j~8*9&<FW-`>R72ApMa$!z
zSgFjvqA+e<{TVXEq6f>&Fhlv7kQ;Osqg0v{h>yErs^S5YQKW(we}Ot-q$N`?QB&s^
z)`SRDw=W}?5re3k_Z$S9rG!P1V#sQ#3gqjpoAPmozS6VN963bY0Kd>%ei>+beGxZ7
z%wjrG?37OQ1%@+37n{2SPrN*b`a)l07V_7ktAeMk1t})$>5zF(tHz<`!C|O#z8~=1
znUx?80NF&T(>n*ylkp_H#Bg3O?{jF9&Rxa5;X+Xi>0wysWOZpRA8a<B`^-ECsq53u
zei^r}b3u%7idI~45$6NMi-=AFD{{Jmatgtko#?HtmLC*d8vfWw!wZzV6ol+JXL-F=
z*`!5Q_~jTE%^J+F;4Z{wbT_Mn%4Zmp5J0D<7b%KoZPR^S+LKN=uW1ars>fz3009Bf
z4K^pXSStNtOgb?Klehz~iaT8SB6P}15IW6jD#gHTq?m+GHGHJ!{`>B>4Z=#m7u;#H
zCfHFN;5IrxFRh9->a2&KavGw}{FDd$AU%OIT7jj2ioo5;6_7<8J6r(iXcVOPgcRmF
zd3F!PT&vOH*>#Z|le$3hGLVKnA<F|Yv6H~h`t1-pe4@_aL$cCWi`yYZcNJ`(tK^O)
zsTR>t4|{hguJ`jw4gSiwSGdiE&$Hf(q+D`1lmM~_8H605Oz-@WB=OgWbfVCiyUq`(
zwJ-@sp&QU@F~-p;I_Z5d9^{&_-pY89g~71!xD*fQ4d|W)l}SR@`oi;Kyu+Vt?{9BE
z<&1Mt^#g$g$Y<fACk{cI4p`WT69a3OrP(1I$OSEcW`|kuhFvo$bVbk{TT-P^rc_R2
zyp&9_-+00&+V6W%w|EhQeV|?*cjXgX&Lq-FAY4<Y0TE2YsrG|)ylbz5`XbeZ?&00z
zoDXS6SMA&Q*6Qr}1jCN>oclD)T@2f9+H~$yptP2$CYEn<0@3mDx!);@HZ2JfcoF<B
z7Wsz>hiQlKM{bkMp_3%`uE+r(6LKxyWg&%Hue%zSo`f<CwC#A1|1B<xv{=e`6yXJ=
zd|6ygKVLaHoA`WcHw4JlSQ{#MR2T4U8Qi>ua`0=vY4|Pe+>|B<k^KCyF!2p&04^g3
z5i=*lrGUfjRaD$E{NlwG&FfYoS03isniw;xHLl_Jtdq_aAeDM5M|x7jEse<j;ZETa
zWwUe7{xgc5<nB^xF!*^G)9B$PuVq^%$=8gR*Y`41b>vBmVx$*exr*Z?CV-;I{qmdp
z%{rr2ttOx`I0TdyNITN+#qPl8Pz`8KO~Ay3Ck5f$!;vwo2u$LvS1eP|P6$!bYK(`_
z1x4V3tb!8s>w{x;K&EB}(tw;7Vgo5uv2ib}{V-@8;t88#mLgbzSD7{X&(O4N(d#hI
zd4jje4?{=_-2IjtGv858&i9(}PHsy;e=MnKCpQ=$9n7xW(k8PXC`A&(o_S3mh`aly
zJewu+*v;8Lp#<UuVuB{gXz^);%?|-KFI<YPvo0xmn8WBs`XU`zj=-RX^V(d~|GH%c
zkn^uY?)au&B~0L6IF?raKNhOtRRk%V(${D7?(W+j_}b(bAnCEjhh=zMm5K(uNAQk{
zugBU{-@Ih-jyGWNZw^dacTfb&@tmV*g8YGH3;${Cf!&{ZswXwlW{rrq47*S4N8ll>
z%~|e-k`cR#$g_g*R|Frigpr)``3Cx@^16Hb+p>(o$PhIeZPckl+o(^Ah}r=^1A=Q2
zE`<JX1*?`UwF1DE{oDfK!p2PC-(}D#yQn|u%UpM#EoxGoGF97PujCYHK=9i>_$tCy
zzvG*N7?9^ddJ(EIRcAhU5BlK2mCS>bpgTF%0%R_{b{ST(pIaX-z8~mrKJqT@DhTH#
z!p|~XAA$#JS$KgNuT=xe_^+*&;ih85g1Sy+Y-g<g(X(uMQIu7{ev6uY<fmT}xrCm-
zdC9Fz6bYq4ph|cF*^#eW*n8t8u_$uKW9=$(7nU6J^f1zdwkqy)GihV9bD8~W`XwV;
zA~-M7n19n;Pr@qWs-%I}GiG~J!1S-<r4tRRjl)zV1n!y-0iry#>B6TPD&n7U(b=Tm
z_Ts(HmX-fGx(`*O@j=1j09F8&-S5?3vD~CBVBtZs(4^9)K)Q`9yP1>cZcMjDj~2-N
zG(@VJ6Hu3)bAWM%rIKtQ7=d@dqIMu%_XZGo{}f&Ep!;<yk*m_<YdJ@ko6M!w@hjTR
z)>oaBU$%*!YYa&TwLRQ>m)VrVA76YBm{o0pu`T4<YY`#fzA*3mdF0PT(=p}^g?)J!
zC7ZA3Q3=_tB1iCpkB$_S$FEYG0IpH9gSz`FS#*<#PM%5hn1Gj~p?}7XK(m)Cl0w@R
z`T5)5q_o1Af>s2~A75MX9YuKl>tkh)256{85&lE5aWA4(A~^xTegkH@-C4izHacgj
z9_*BTACZ3#y$&jY(s&8{Zh$X$HkgUbM4CkthGUn53zL%LLGAwCY1`S#(7<FvT7{T*
zT{5d*EAn5?4#IYqY;f0tMk_hi#C12*J!n%}FYLN?D8QmQ*?h%AuBr|vz9j|2)-KB{
z(6z7V{S6b7!h(aaL5D5a*23=G`38g_mky_FZPz-TNbwB8(pp%Q>W|+_>*sq7E3QZ}
zigS~W3d6uzB8c`OwfDma5k-hEFz9uJr_l$erT4KrjB^eRh%CJ1sfP5%!Wb@^bsH+I
zqm*2VQo2&ZVTyym433H`9r8?vf795@+h1@<lT^@bdkw1bu8JxoZq%7L5A;e9oJrnq
zOl_}wHj!E9XzN-#S-a<)q&{|yT3xqXJtDnB*dqn1L>BA5*r~%qLzFf9wSt%WGw!V?
zWKiWYz-E_hNeOrArS<nBDV9)87f#5f;=y<d+H(ZUxK&1ei%c}-!%j1SNrX<+VeJm%
z>r_z%H>6m~(n+>wWLr9sMsWa`#_6xXQxIxneu0UIe|KE-I?PkTtuM20LB~)%Q)!D#
zfhBaX+u}hAI^xX={K~7qe&Fqv-wu-ScGH2tSShm@=n()t9GDXL8oxo-B1qiLyozP~
zT(^mJF!^yp--{L>7`kK%S5yh*p1v;Fw%GiX@2;DL6nwPA{jI56$<NWmM{?_1uYwqO
z;CZAQhYV%`E+ih$GrlJ69u%NU7N(|R8YLco+%R=>+r!!HMZTejbs@_ySS4+a;|&S9
zgVMBggD_{(HfH%5xEL~lX$!`pZ%C)v&-9g5>+VUekI1PJ7N)9;l`yD;ogry&g6=1h
z`VObKKuUN>jw|JurYrKCfGd)WQCG?-bO@klSn}OV*|Gd+JgFPTmzO~_5k1S1`8^UL
ztGV@%I$nfP%rcC#45zS8c)6Gaih-hF=fg~J5;=)Pe*m(8Tk40F{t^A!R8&7Nd1dQZ
zQ=iN59q+dzKgXoK^i)%>a{oy-DhmQ<p9+v{`ZYGf*pn9(raLd(6XZy$)g@j0rJ6Z^
zw`6ASw>=rr%&+g!(6;>Q{Be<r1JC<rnM|S!{a-G>2s!1&)9A|Vo!TxF|Jzv&2)Y#S
zW-#23PlWWiaS)KXoN)$Opr~{1$5}cTnkpasXv}l{fUy8ML4cB2#O?v37<I41^jj^y
zQ;0C=Vaxz8Ab&mM5cT)9uzMGLSys9OI?RB#A-od2lPgy)uFU9nSIC4BoY2p~Nt##m
z_SmaZ<WYsHE!oo9;tK8Tmp8b+3KxI+MHOghAKZSb)Nm3A7Yk!t6UnHvqdZX(D7!|Z
zP4{RZ<XJ5ViFQN4Xk>JU<&7dv8JrG1qtTU!eP$^yp*svtsVe^uH0xxtIZ@ex%|Z72
zF3zxW4XSMkp5FO4@KhLo!D;Y1TgwFajS8vclY1cY2IN!}jh<Ixf=eaiWcv%(VQ1_D
z3P)DP!25nw@5_|8UV-XZiP=p?R0bgzvRE!r<kS-DTS?~%_T7}^l^q0vt9F*(gGs-X
zY5OCrio1>fI9drNOGk7FNPRx9In_BPQnNLWQq-8Q-`xtK9KSFT_D^~S-8n++O*JO9
z^cykEGQ-Yl5p~TO9MO)IOB&%%QQ+9cz?WV7Gul>T7P7K;_x>Y>M*FrWMkh1pqXa1&
zRO7?WR_KZxf_9}yj8H_kQ1w}+f2ik8cn5udv?pM4;9G!9p0h8Y*7gf1ltR9PinK2s
zfqV^Yp|ZD!LX~Bm9PIoQA-JGnhJYv*7&9n9rh`TR91pI7*`Uf<jW%fpyi4`BMl1Dy
zYqUS08ZB&@-1DUdo`w%u!i%u7X)94=O%1o3SWB}2GWr)>O=atHf2W14-75FX?x!fZ
zY50Y#`(8ya1^IBt6n(^F6*{@a-Pi-Ye-{RiG0T+CL}a4NxVe&^Jr=)u?m@uNWoV_g
z*tma@nLgq_r0FE+_3!HZvdkiOO7Ri{=f*&Pt~F=9v$akU?i62x`XpX`8ZFR<=1k)7
zK9J`+Pya<Sw59{=^NJuxeCdT)fv<%Bfi;P}2F1t=ZjwNy#W2?+SXV6htf-r$mmls^
zQgIPX6v=!`Ja;2_Cv20@MEz7L+4dF_P-j;v`K5J1LsPVj{kzl7tv7Af=e6JTnU_cm
z=WX}j;frGIV*;YB<XLEjI#M<nLzqEQ8o>lngx?vcKHG?923HL{_5^4iJY=(bTq25S
z*l6n&I@O0(Tk98PvnD1RzXPYHo^#M46Lrf(eaM2CpxGG*<gv=Xx%d*Yx~I(zgV+_x
zLCYe1QM2lq4`dVZzvfV4M?AN<gLc9s0mc$a{c{fL(L(^Gwkvq<swh51V-DSbbb~<e
z%hv-vdXqc_$dR2p<>GhMQ{^wey!>-Hoyd!Y|7L;|)##dBjZLRyxVNLGRf9@DU0%=>
z@N+XEaLiTgvwSy7bjd}q*|d`{G%~OFM?P%d4rX{7%PzVnZ?<n&LRGsTJ0d=S7$3r9
zQlcb>`2R+rjfP>QC{mE;|4{Yj(NO*I|9C=*vS(ki6rxmQXJkppUS!E6yX=H4bM2Cy
zO0rBvsVMsv8B6wkDa(|xFBxX+GiJHJ>)q$`JD=~Ff97<|InCUApRdREd_K1;UsguX
zYe;xn93Ol_e8%5{F}?O9Z8vQ})I>OnFZ1ax>c~ii7OegEYm^KPzg=Wr!^r;%@a(2`
z^V^;hQCiuP_I3i|GH#H&ss470YhtEi|Kx%x3};4z_WnWHLx5Y36WC$4)JS<tKxR<%
zq67Kk#}ku0zhZD|>PW5v{wdfK3bTxIYNU$j?fo>Y@bHZSjcA!$qNCs_$jR2AeF$2O
zfQC%eBr#54c~ZjJ)W9@pczt1uQ1yBK7xxJ{lMfHHO7BcAZhyP%X-6#Tl1X5fJijc@
znHh4X&GBQq4I$gs;dRWAO!tCtq6<Qx{tF{aTJ_S+Ztt9*B`XK?iP0?mtgUL1-2bO$
z>9g4v0r#)RKZ{L$PBDx84>A1ll#wsbI5J`xjUuKnnu#px<gO0=E16iF<_Y|}t%Re3
zee_)X_a@d4nlJK7U!EONxPuCW$YSaDft!+4Ghy|lc+Sc2xQR-@3GAk3K*dY%=u1z*
z^6c!A_u*1l=!(O$<V+>Aje|-lJr6=&W4J>Ja<=q7A?m&bYSLO;q_A$>9IN^HF?A8&
zTBfxZ-8>v{hpyHR6Vs3%SB~Ez359dTi&g3>7vwsNsK=Zq=%hffci~-5GMrsq2|3HK
z1}Ps3f4)EY-&p{{J(ywsw;BY)U+MpY^rdebWS@HQ)PV1gn%3>%?zS`U<FF>ZNt!yH
ziaj&w6t>+={9H&|+EFoJEw4mrdB+lFeQw?9<yb?qeoEyycT_AUc*Q5_ez4hzK@Sr5
z(tE7z?76iRCm)KzzN@}Ft!>E@y<BAoa#4L>ak#}YxWL|KR)S7o57qEuf5P}SX!_Jb
z-i>PZj~m44uUwmRO$Gms2OQb29Jz#FhThxk@6CS?Ys|O)+0*S_xMiZcFSp?CuPi{a
z-jwOV=ug}ow0C=cJ4z^C%71ZG@E(t5{bD0xSW?tisJ~C_AYJiO|K~KZ>*^g-9Om||
z+*Ex%h`I@{Mf%euFf}yw<K=shElCSqS4E)`k;SGZ`mBG-T2p8g)p|i$jiCFx2fB2S
zAk?O{Z{^}?dKr?3=CtH`Zg(X@KMI@=RF!t4iVeRZB2Tj*3>2I{vS08E$#int#BxiO
z9sPwk=Kyf&E3u3n`&_ymntDE20Xr;om`DBfzqQRkzCbkGC?c|~!H-^3!buqFyQ55o
z^B~+EjyQdiFu?e1hRhZqy(Pc&HnKpiiZg;%B<>OH9$&I9_it-HF&aXzu2Z*v2l;H3
z=%qXNPk!sR64cndT5jS<QVVZBeJ@&;EYZvU9|3PU^CU;+zbeSTpNwUx8+8JrSlz~s
zD%h7T2BPLd8IOv1pVY4Ig-b`ukL?ai&K9RimN`el5f6p9^#ID9I*{pz3h$)j-<gwB
zem(rZwLF{0b-Dk-KU!fTpfwAjOfC%B(C_<AHpo<M7?W`3Jxme#^W=xpSIK5ulLd80
z9gU>HE4fg(tnE4W)HUw2SDRq9gn+wlF3Ta3zQ0E|p6A|oY3Od>mNv@}2<M7xkD(*X
zMm?VI3qj`xBX~PjJbq-0ru{F4O<R<ek6V{p6TTcPrts0z?*{Gy^+><%rXH6*lH`nT
z&Ps|J^8u{fe1MtJ5nEM!9(x2g=H<*ZAlhx46X@$`vtu$Sc65@VE9F5;^STV&q%1N@
zkR+_el&eoc$?U<tX!n5SnV)!$B$F)^S(cUVGB;&{`?!UHma!XE`9e<Qvkqm@{<Lb*
zM|X?(`61Q~TJ}MEr?wpRj5GJ1X(G42*D)@((USeBkGA{Saf&LpUv&y!rhjlML(16t
zDq?%}SnMgKnzp{kKofkOznq8t155Vaw32(2u27;nqUj`b>*@l7o=0ltZ4dL?@pj#V
zYWmdp&3~-@hW6#E4{q99w}gzK^XtU<3udAuxho>1+?euY$2>K8>M_0}WyNqo)`M{X
zaHC3CpK;KL{pL%2^G~K2vu^=0Q)Hj3&0gqgYlhq-mUM`>o}hmXoRSw;y9Ft^`c#U>
z64Hdb2huuZNuX5?M3jE5q*6Y}SG<W>c>3v&@0rfWFH>dC{vP<zL~hq%4)%k@>8*8}
znpwB97XCa=<1DrM-F^)=t|fx(_M(IV)2Lt01IyX_X`(IHnkEfOG?ljm$}c|By>H63
zE=u@65L#RL*mo%k|E+WijT)!G5%_9z3EDE%<Z3!i;;YpV>V@o8iS#zfhevh!EL53`
zJ29^T-!n(*2_%Xc?WDa1YvxC9`eN(qa>gng!9oW<fOL!&qEc3Z&JeQMsyq6?$BSpl
z#yhf6oC7clnW#7|;)`|c(qO)Q_kp>rm~=s;H4972qoGziVhphX?R5>BH_oqh_eJpY
zyRSCSiwSGzU#mU;SiKMbNe4hWhh5G~A5?2P2;UOl)@!Ci>T<TtS-k8IW*YnM^xu_)
zt|LTsC!|MVZy!W4Sfx{A9vzhc@l(SwJNoGm{_15C3UuexX-uauJ$I^X-xB-(vGjd5
z|5o5S1V3#Td{R(HZ_xi4t2flyf@*TpP$OHe`hVgfed7BI6Mk1mjZovAA^HW;HNdp?
z==}NL1F4E`13CZg%<Lo_f{@3y5+y@>B6>%Q1KXFQW01_@GFPJQpV{3R_0F7oI2!yu
zgT-Cy$1`|(NQUO0!5EIW;X`s==&f~n=TC@~yjYGLzcYjoxmhu|%|`r6zr`sfnO9|u
zh<G2-f6QJSf*~TO-~Z>U#Oilou6(-|(6=FBGQjQx^gz$(hKKe)qVQkk$#aZ~cthl#
z%y^YNAO3t9smXElWQsY{_P=+Ipw>KxRtn9_>Pb>Zginu=3y(PMt=35G9h29<yg-(;
z;Q&losB%p~@08y{vpGTWI{1NDr<(&v+kbs~_IgKZME3V5y=_;7Xt`ZAB)%teFT5Vo
zx=lLume5`?gl&-cWO+MKB7%KAoF9YQfA=aESLE8%_khrnIN>)Wv8FOJFIeCg*dca|
zNyBt5gpHanljouXXz+5l#6cF)5mQJ|u{g{&&^khu@{2)XG@NW42bC}mjkZ^ews!l$
zZSnsI-`ejtTXjjjnvkE`i4hU6Qs%pSVwjLM{`Tl*<O4waF3kDI{0?0RTcv%8X@~{U
zqY_diAst4RA_2W*|AQ0A^IqWdaYqP6`(lgl6F2!*EPYb@@Y=<a9%hL+i8+b9&hWOC
zsit4!Ip>?4E>gEHUSgd6?h4I6&)!+<Ho2no<jyg!tQTCej%6Bia`G1b`&GvF!Y?xu
zI;Ekzbca*quy2P~Ij%a2wm;WI?=|!d8Jx}$`KQH(BxcX9szFK(bkDM~R-*iaK4OR7
zFen~*smuvS8sV)|d?39Z=k(NK+ARANCN6}=Se`mepmln41e`=fvhs?$$Dx8W1W7Yh
zbRxdFhpCh;g}?0%cf8*2<ri_>Hw2fqj_2J14IwAB2z(D}Yh6&5`tN&VhAO~kY|0-$
zmX=D%NEld>R~9eHUt-#c;d{j}*qkJ#7}xcQ>Bm%5d&G9Xd2?$7!P@d=`<vVM&dpZj
zn2S&+0X2ySu~&xV!v>$gX~Uad7>GF8%h~CEuKIVR2*)Mm>Se-OATMy2<*f5)-eRg!
z5fH_2#QVy-2fpY}H&(*#Ti)@XgFhw-V>64M9(~_`!u5aZ8hsEg_R&%0(LcH;FSf>p
zjxBF|37@9JP69V~Ft5R2O1e?wqVbW{nY4^t1hYVk9UsGo)QbA*inCu5q3JK~U0wuw
zj=cIFDN*FFg-ccE;FlH+O(Yz;G~fd(iOILO)d+Ks=`R>pP}^=0#61+E?zKj-$>F;s
zI2R}v@!!v>xpFx@4io9KObn(IzNOziM|b^eqPZSFBIFV|iTVS`gk63pB_<C1i8}vJ
zp}0VsB5iY;jI0v!O^MOJ?Z{=<L+v$PlFWj92h{}@*Zf(e0K?qNi6e2Q@1MQ-fi6xI
zYkW@opZ~ddO7Vgp+rG9-;DUx>CS@a@v!bdx6=q<-Z!-l|UK3$xeW4@r@lqNV1`#62
z=InzQy(~#s1;T#lFhdWrMY73phc4=C@6h3sJ$S(rr~28-->Pn}skxp*@F9&~$=|DV
z^nW7twSMzWq<h1i$X}<K3+@G}oNUKE$q4(KehhX(Sqg<(zamG7&0zF@MPvOxEVo$x
zJXC$&19lb$5DDu>-)3d1-wHd@2AzSJ6WwR{fDrK$DX2Eo{A)S>d=GNsRa7TN1AKc#
z=A9}<mh%|@E4H~G=+1a1f0L&M8e6~YM0Vsj0>9*;v8ry9*Cr5<3jyCY*@hpQ9K!e0
zN&r1t*H@!khW)6Q&%Zgsg0KnZCkUVYr7m_RG{37Jb~%#;aioBnAtSD0mmh=FcdxY^
zi+{POwe-Z$iLvRP&Q*HwnVKxip^+N6wi3vZM!1sM&{<{U=AkhwLKum_v|r80;yQiI
z+8Sh-X2RzkIiiHiEOW47QAiZlr~WV}9d9sV6Cp|y4UI%77Dio}%0+-<t5EevEK6og
zUte?**_nq=iZ+qqi08x4@ur|!n2wHBGx1((k&EyBwyGmXTbyAE^V9S8HRy4k!oVV+
zEhzR}&xBR?^`KL6O%L*lO{SoG`JXn4`pABr`p&sQybInz5I5y|hU|_%Wgg<MjlBLe
zwOi<Ft3}HPL;-|t9h%RHJm!;|!z<2VS$25RP90CoX;?T#H8L66xWGD-Sj8f5E)^m%
zTdc;J#Wo#hO@|B-5fxbQOM#;}s5gWK3X~cWsgWnQ;N5JD;yuXOGv@T?;}?BqZyZXD
zNj=Zo%Fg0{{(cly3FEOzg(`5el@p+>UL;)1JcXQPnL-xPr+{w^qE1d>92|T8M^{B<
zo;|WMFsLOW!{&48M>8`ntralF)QBn6l|v`!KAj+RIY<5TE{eBsnL=Rpa0UDq=aG9M
z-idBHt<8V)!gGK6(GX#6KVvfy$$Z0)xAN4W>0eAc_|&^yw%t~A1|K+%>C#(uEnr_a
zR5mpP+W(llt$EL$_QO@!%q@NUv^(fKUEN)I(JV42|Ff3<^XFO4dVJJdgLnOpl>NtY
zuqTd{jr@W#Afm(PNf&)oPo?!BV`AC!q7By*;}HV<NH>J?6U#_>uol}7+I*R|M2&n_
z0PGuH481BMx=!l71DzA7&S0y+@|CN^Y8?p85;2PaDURZ!TT{N|F>pQi;fTD>wfFv9
zS3BNwY${h+Me!rxscB=akBm>swLi!GeRx%K8kNRyYk%ePoM>^_yfse&r^Aw_a|n^r
z%zm&X*_)JIDDW$Z)~U??R)0u>d;e4Jq>J|oW~=nb$7}@F+W=O!t<2m=j{kUxIB;Jp
z{&EIHNZ)_Gts-i|*OK&4xOWD$)tr{Ee|fZW>i;ROx;rLU-pJ8^B1#OPGWhZYDqHXH
z*^c-h3J!t(#dg+J%$9>t1VMd$hiQ<z?-ps~!RxMfz#9kaB47^%N#U}@6&rwe95hTK
z@0gOEot^WF89ja^GVfeGwI<?Pt0s)_7}4A*i=TX+GYRR2x85ievc<$k_a%>hpR!lc
zuD@B^om=3$FJts!<sxU?f&$z{a^NJxZEZ7rRI8I3<G+h%V$W$v<@(6$q4@8Fypu(r
zOw)XnEU?%=i0*>9-!9zJOP&;E&+UZ&lk*j^3F7CjQ)P7GI^py#ACCT+3L$_FNLU(k
z*<gJJK%uJk(L417I9XVO@wNVu&&iJ!`*+Cr&_BDela}N~tts*ri=Bs8l~$fiJ?u5`
zo>-YpmH<UobZz$g8p*AVjF9xpO>E#i*2btW#nPDUAjA8t7;5+OJW!(|UQl&}B9{jv
zV4uBNp2?Ftr7PY<Vw{u2q;KKlKzKTp=kGhS!kY@te>u}d+{|_*4oUQDCjS+^G#&zF
z6&%g{Rvz=LG~818^@~;2P-Tqy6wE>B0-20}YNF4t;!3asa*v+0BJaDC`!Zfa>a}o3
z;V$r$ehT&)ppkW>x_^2F_;(?8f-E(>no|6`G<IJsqppLpU;-J&I<}iZ%=olXAD^5K
z<w{WU%Rk8p%P{s!vDK2SyigE07hM6Dbp2gtVtdu-b>Y2dV#_^n`~`1`fn-zi<?5z$
zm)RfO0eyGFH10fKB9`?jz)z&RE_W|#Hs#SF&+MW?a;N<DuDSdld(<$MYH9n}xpC)L
ziD$}B%Ni?q#27O!^!Nq7e~}VX-b_>`%Fvif71{%e{{+|EDBiEi%zW55JO2p#6`-Ow
z-dCGnvo>j{-O<`lLx+3cJvx3~P=sUTQvmsY6gxe^9nswme?*Pr>G6F>l<3kGWu4B_
zc-y~L`zl}|ITt(B5{LCMr}Z@paU;()nJZBxFL$I;QraqD%k2)CDBhl1p!g|K3dcoA
zv_0f*I!6*KGjj%dK&GrPze!BT`!f}eNT^Ij{fukwE4Zm1-$~vZ&Krz8@>sRH*u~gI
zQ+wnLw`q^@gxMM8-_`_QR=Fl|+KVb3v-F9}S)I>MT%*rh<9s{Zcb=>0JZ<YjUc)C|
zMmfb}Y-Ef8HObHbTL##7{jv@A%C)xl#-)<GZ>9)+AKwQZ5&~<pNC$z35>uO#-T=S)
zvaN*G%@3>;Sp>E0?j7`IGv%V~*J>eX<8|~a7GD2fPpl?$eNsx<z#5N<%0{2>(|>=J
ztPpd0_9PG|pzX+1)zPJtMV8_ALd{=?Mm5!_uXSJV2hK<-1aGRTF0R@uG=>N5GVIZU
zFU=3j?l-1hcmF-SJWy8dZt>wLaG=sBduhK5q%7E=J+oY%dkzD_)6ERQXIx4<0mELZ
zGI@Bgc1TDNn>Ey2-b_1m!rP-3W$^d;z4rJ$FNE%Uy%In2Rh;=CsQ<F!?h$Nw1aVC6
zOWp5vsg2h@Us%uTpRba?U~j$+$0vph(ARTOdqnQ~i5~VX=lU<048VvXcKgVrr1y`>
zxlTD)%=t%P_H%{u%4I>%U&&hv(}E-cerGLCi8-KW9!@SMx(=WM?r<cKeKJv_u)YH7
zrBAj46~gV$Z_5lbw*GUFH*HHkUdc7LXCJ(+)(s#zaM#3GWG{a|TbK6{A9zqX_ief*
z5_h5A-60ASFh@i6i|na5yPPd1?0xU~tZLBHz4t<(9l!tW?3mJtiu<L;`40nyNN4wM
zq7cMAp7jY(hM!378iB%K`(*QBP<5j||9%*;;iFZC(JQ5?ph;)pTseSht_}STerM1E
z#_yzjA20*dvt6#NF><0Kxxp^7C#ce-1&`Xb5ByW(QWjo6m}Ik5^&^sAP;Uu~VM1P?
z-Xy09cfpo!VQ5^Z7qpQjY+y&nWBiO<cXBeX*IXwW6Fh6Z|6|xy?EZFw8_nzJE&)`k
zd#`noGr4X+!FGBeM)q-@*Y^mC+|zu9;rg7i`ozWytDaRxx#-1DZ>reJGC2{IWSsvb
zLZKYv*9~{SWV7KiRt&6c42;Abf)ab+=sDnidxjAAJCNxW=Ka{H3t$)8x>jqOke@Gr
zqf8VA9lkM)DZ|@#1BQ&CYkp|7U^!fZw4GG;WkV=I<(t;1WgOsnAXYlzr)P8ibeV$J
zK}`k5n9xCh_2gh2A<*!CyA_kRiaf6iwxRxuBj{7f<rG<BuC*>oj${ELMUz9Hkv+J+
zy3&3wl+jVyhw*UjJUI8|eFRww3eP2h-1%VkBDr`O)~4{2oJK}&gH${@_%bIf?we}!
zD)=t7Z!@6z%21?QPK=CD*O<PXVMP{frv1}!e9zalztX+R4)+u+lp5@p)Gd#-2qG*^
zn@*KmS8RRYjtu|Ld9Tc#_0rO4g&*R99%8Yzgp%B3!;CW)vHzL_IrV!gpfn6;f$hkK
z!~Y%vD}uJxloNf#RGe(H!2K7gfb-#c(74F2vWb!A)dy&WFy*1k`iH?G>NGy1PUs-L
z7F(?i%)=d{Qtv<P#c`b}d{gJS3vNEF(71Q(np5|cY-n58&)K@khmK7NLvfm>@||Bd
z`et<sbynrxOox@$FAlNvV!Uj<9qR0WoWh2V{l=;BPh%+Au97*Vilg5!e4_BiM3J1#
zhbiX3?^m`_w%OXHKC+w9U#q{^6wZvfgrjEu0wZAA5AZiV$}rbbfnUXEaz_^3pR;6K
zf_hE~_~lN)whZQDcVwXzEn!Jb=7I>Y`On5`JIijd*MZVxGr@oSfarE=3zp=ZFKHNk
zmo^=X@(8NN;}o24UN-zqWuqigKPNkO0P`r*H(!gnvMJL4!^)9Z%=-!IN^Gcw(!T2e
zk82@Bdloo*z}czlQzkp0NC!&M`{|7hmO&Jhj)Y#a-?w3~m07DJa~k!GD*GuLU4i_f
zvt0Daq~L_ni6{QibzB7x!Zf~b=5>6G4Dq9WE|;n@xZ1$qznlun$Y!Yl_Y}>ZgYmvD
zpBi|N*>BIP#-@dRWlj?_x)SzqvGsj>LeS!%Pb=s(2QXpr&Fi%#Q)8CQ5}gg)_nnU>
zP+dZWJE|T&rJcoNI*<|DYb(FpF=FbwvQqM{dmlmWTi~BGmHxwhwTn16iJ9mMf3nWP
z1HUc!fg^K`hI(p6B8S9Ot?I@p9ueu6;-F%bBlvSgm<D5IgNlm5`YG)f=6J40&&dgp
zq{W18tT&vSy$!M8%f4+BA-AZ<PBFbip*_F9|FeD2XQ$y)L)m=Fcy*6E3)LkQ;XBOB
zoepg{gf8!+?3jwl_qnJl=aN)~{8Y+09$XOW4wyvEHiH&zjw6Cvn!_f!;SpXNDuPX#
zq!Reh*G_tc>Y<>`kjMyikAB%s$YRn|d2!L5Gn+{ayw=HVosi943=z<j&0#{9`zU=o
z%OqTX>KT;_Nx4KlB2k)B{-^cYb+#D}zl-LE_9e&hOd5cyC!C<u<T5X%@6_W>C`uxj
zN=f5AV@}RKwS0RYFAjb167T;w)jqA%G}g9E6e^f#YhKrU_Qi`YJ??F{x8|=I3B?Di
z8xA2QRT%vtr^|iwKCq1Ae!f7QyV=vbWKa`=<j$GPnsLx?TAquku7_4pHg#<8#B2Ez
z!rm3{D7VWK8hO<;9$(M=!=$m*x-iiW4otuwqD4v-rTtgUzGL?$Fo_yF9%pkBE^O9k
z9XJnh7}pgS@TN-WTH4rn@Ou-o?I=?3nr}{0{T3u9k-u!lYG*<NY`vCVY&34?>?6S@
z$1+r+KV<-E0t_e+n1aG%I`ixOC7#>3J9ehFgFb>Ma2%AMQeVAt<uR;G>=&_Lf^WVP
zygOG`J<nKcId<K1yV`w!tr$N0Gug$Oz08m7@P5gwDkT^Fx8%#irKKutVH&K4MdR>?
z%TP{Aaer1Zc=n~w!$+mf&rqS=h%j_PSapqZ)$(NP{m=@@MP`B{O3-yd;&$&GZe<(8
z*e5HDHyssWz&eKo9aqCDsDCsZnuQ&wzt)K$eZiF*<4-AV!6}D(o-t>rp6g$#UjF=)
zVhU|BcEdH3Xqqt^NFUc-*7}o!X>hLJ^?r_FUO(FD93n_8(J=^~uiFGTE2!u`+HKEk
z+|>+;Z~oZA=X`jav(u~3%qSJAnLw%m+G*j;cZwK{&}~!W=}_{uw(<-=H8Wyopsu!!
zQF@XY?c-Q;m7`CRv#={!_v%Pm9DZHa3ZrmOIK;Z{(^*<sTr*2kGPz}WAQ!iBK99cj
zK;qLS#Qw9lXP+FB7WhigpQXXpPLn)0IO6*B`ghU8s?)pO<rjUvQxN;+@4YJ4I+;Bd
z!-NmL=e=rYprx0EGrx%%j-9t3F(W*i=iq;OVB76!8#_bIovNpbF$qKaUiH+_+Ud{I
zQ~lOeW(j2*3u&;l;8*H}0JP4d_A|Htl{L?U+BcwbP<KYrx*8>o9wG6-p(lD8a|TJC
zO^rZkIQDG>Rk@FSAd#-m!CK)w)E&mqh{@BtYb@2U5!8X>4X~_S%h48;U7wyd%AGEq
zYU!JRqaipK$ZMWYCAdE`Qn0}+_vgFfB3=KEfAZqLPAa+XQ>$_4prYZhEwb2~{ZVhc
zv>fE7!>spX=?NzEr45}PwY|O4*2Gf(FkDPphSaLUZJnyny}zMIc2G<Y!Fla7ALSCJ
zDDex+H~SJ#qha%15-=m=ewL7|FGAV*W}L4w`+jdLd6yt$(D6>I_+eh;%2^TEg!iEy
z$oZof`8FSM$3|)~aAyyEEzA6q{C9msLFmw7qvo}Z;cCKNOD)yjzKs+`%;2u}ySu-H
z^v-OQrGn#BBL(kew*W+fhOP6@7hVLsm1n;qW>UBXhpzK>hjw(=a>GN<k~Ie5h6JAz
z&3@mtK0mgjCufMk_Ni&qa|ITCNu>&hPZm-Xs-LVL)L|lqwyMpl&J5##Q&eqC_~9vh
z#j(SZyNxd?PyRgij6r=}A2HD&k`2Q)_UdHf=E37{3FyaKk_d+0!#i=9ok_8cdhZ0W
zhLdjzs)hLr9El>hv_80t@rEl^cpmk7TA0URuXhJEVTDgLdvoTNy(aiyY*l!&ojxAY
z7i6Vq0@Ix?tUVOj1uB8OyrZrM&67vc36!qO;mh<h>q0W|0hheC6@#$BI+9dBwr8-@
zXD0cHL~ckugXALf%l{f3Y!}j;q-U`YMWl>oy7qi@!LXFEd!s`mMQ|IC8wzo#-VAt}
ztoquhSzXxieyJaxM)q^TmgtTz)t5a8+x7G--t3j#r$<Vc;7mCen|{1H_SNG#{g3es
zzXSo^Of^}i0Oytff$)OQ9idAl7YG#>&-+$Z&w=k(gxWUAOB;KNRHiNju2hku2I?W)
zxE6-R)T!2-Ze9}(>bS0``laSiL(Toi#3>P`EiMwN8Blk@q$1tA9;=Ug{M^Q$G3GFN
zz#WXCiBTIG@&fep*~1GdpOQPTCA;W!PHRy5cYe__v3wo_e_c|jLHjhZuf6zHJ0`ME
zv?}~O3`TOKR*A8+r|K!?2Tg6f!PS5vN+#cg9+$s(`TQMqmOH_kPU5Ge>ReIP#(gE5
zC*p@N%A&^2E{Q6(4^?My;hY)VNh})I#*I}r)XFyB;W50C!NXLVv?W56#bW}C`n4Y?
z3WAy&ml%mC?Z$j;b=Kh|qi;3IHk|FTU;+aBWS(~)uCyb0p6dsAx&!=-YbuTrN{!f@
z9GY!>HQPwYmb|zJh&3JX1s(3JrqI)v97Z2Qb(r)D9>C~e-!t$-R#tI^p@d=5cR?(!
zCim;w#Lk=yjM&e#5q*PJ6It`;Wv<48Dw-7OJ%jut(}tV$cAb6C9a5-2&LG%h8LsN^
zZtrjK1^l*m{9;H6E7imuwuCd9uy^}Xhn|j~Q{DR$#=IN7TE3p4jIBkx`^ZpVxk<MZ
zVGmbnnZe2C;_0fPW;dZ{ATC?wb7+3Zg=zWWmnCpm$>|b1_h2dp#TvEX6M`cVU?-4?
ztBCO%mcqCYmJE%IG$y&h=2^yE`6nLFJKo`O$yuan5fUz^5Re^l?<k2>d~&%mK}e8M
zMOC)ZmF+GGgqky86$e)bnV~)HNLEenW+ZHzf+{B`v?16jKa0S>En8uy|3afb6Yibj
zx?J&Rr02!{Pb<fb<bcby+3>KwC1f4ni<xg7E<xxsRw0zI1q;p<7L`*JQ`u?Syi5?+
zymDi9*8u7qfOC*vPY+dV9isMocf5)PYpay+-5IYO5ZeC}EC+2h14tWVJ%btxbO}G-
zqfhP6OOwM5c425evM>wL&dyH2kyjR(RCyD<1}(2GYuf)%EIz-#|0hKGq8Xju&W&_r
zVM#Uc0M<K1i7=bE+^CIkk$lv+vmf;Heaz=>6p3m?xk5uw=Pa*yeSLkmt3Y6RM59TB
znuQmVirZkZaaP%O!j*kv%p+)TY8$X|6(?7IxaZcQw^LynMIO}nq#Z#QIrd?we2_sf
zMsUl~j%A!iXeMHTw^}Nuhx<uNlU=vM?i$-&JaX3O``NwTv-W59Rf%OY{(Th>?Pa+F
zCe*>+!|xZtFHyQTxsk!Iy&8x&3)Fi{t3d|`-gQ(!?uJ@50<F&6Qy`Wg&E6He01~_t
ztjiV}mB<@GGw2J+T@U%n!h|$zf1LgV5<|?^WNR=qRV~<CyItNQ+ZK1};7~;P?h>d)
zO2V>pW-2AFBqvrD31<QQ7pSzUS;HAn4u7Ct($8vMat)eva*OIg#jT{GoWQo%g;(CE
zXhq}-8s<{Wpb^8)1Jmslu$j(toTx=0F#CUUl#m*w{#n4fm`!WcNln6w4T^%d|NW!@
z)>p5C@@LaS757$Uzktuy6=qW@*KSsK=3SGB?hYj+@L9HroOL&T$a}*jOIIi4Qd2Cd
zXX!j5)l7YKN(DA4^INpc1VK0oSZcJ#Ax$;dPxTc?QuxwLKhYtd2wp3I1}!=)It>2C
ztQ-X_H<uQy)i}dvPXmae6g%Zu3L^pjmFmBb%oaYlXs1dDY7E6+y1ozYn1Fqjhwaby
zSF=pob0Sg?z|Mi(Dc<6}Ju27-|5Y*Vo9A1%>ET;hF6H@g?D90}N4jfU1?uF+igzD?
z3F8o@AOE5SKKjydLi2801sJ`z8tlQGpGdXwu2B~7$$pYQje{zQrR*Hga;nQFTYK)6
zmgK_yAk}gM5*qid@cxsYoLkxz1ma?qY^g(gyxW3sQ$!XkwP|mVH2IqtKzsSkE*4QF
z806~;%zQM9Ddl^yY06l}$QoTK6oU6_#8<9AmHc%<^^zL6C)%XFzjcjIL31*#^vBv*
z^Ug!R^_1_z_{+_UDrF`wozULsHt%oL`N$NH+j(ldgXN6D;#H{uEB!S=VL}fJ^?)i(
zDqM*9(5e97@vTZf%yERxVdfZg@63T0Qh1($W@Wj!-Gc+JW{O64=>=eQ64=yNYD=^v
z7dQFKXg|0cYR^10<*89x&F@2mHDY^Fr0Yv?>G`E^Nn7$Wc~5<Mtj^818%USkayl+s
zHMgkNe=~*N{+{o3g3Nx`^w5DZcH&QJ+sfsqnEYwsS$rAlujr$y2*W10d)L0&R6%=i
zbAu}Qvh|HaQ+1y=16oq%qJtzgx5|`!+x0&0jd#`c;^p~UaM|$X2i+F!rXpOz+bhE{
z`xRp+cKd4pOQL6qRh{=&ijUaER%$}vj)D@iS$08J5Y2sDj0&f<V|YT|MmsWLltp|t
zK9J%wytg!Q7|<1?eIfHW_3Ft5Oxem+s$1W$MyN$iUgHL0C{k2X@o5VqNtw*OH2c^x
zwS$n6Fytik1F%zlkbo)H<6cMf&u!V?1Ot`_Y7TuT*-=$4LzT2?tM0<*80p|2sOS$J
z%R%cY1o7k4h60_bD%PGibQDvjji(-W__*Px1y$5ytmVQjKbKSb^YF-BoPAheInz+5
zD65+4*7JakjIM&uT0mX2u}!r7hdB-g^hPze=qXJFW%F|Ua(&?!Re?6F#5)Itf&rQ|
z#Ymy<8XUf0pPB%+TfEYY9PwWt!2UwPH;2aReve!PI`@$}UDP>JoTKoz+#KMjqwjF<
z$??N=Bp7>Ts|K4}v7qh`4H6*W{8aWUBv*^8k@Q?`uCNbrYNtT#h`{DCBr(VG`4*T`
z_uDHw1~a8-7r8$R^J)9~WEkduwh&_(vylH78*%*bG@FM<B~a^KL4PP1;&+D*y!uUB
zii=UawY|Ay5YV0c1mN-~Yy)(V`Wr}j_s?5n;x${z6qCG&tq!YZM^q@dBZ3~Q>3jQ&
zo5|@Uu&$8rSt<L&!Fh7n4TbdMO}uq;N~S<>JlAT9332FmXo$CFB_Wr{c0}&SY~l0r
z-)<1Vt3*g{Zzgkq&JUAsKTqV~4$LXdB8!<zmYj#2@jT8VQ0k(chSTwOlTp+tYPd}P
zTh-Q3H00Z%4C^RxyXo%N3dN2<bP5&E%N+`3;2}CZ3jT;(h8<-S#U#3^_cM2VIv(>w
z1D`%Ft09>R0xc5tgAgq&`K*6h<Rn5ueq4_rWx2Sj?yKi_Ja}^KV;$GEhXvDpdrXRU
zl)F3?TZq6bW5+{yZiJswT|b6o&L?LuIvUu8MFcQ^?Uo`KDpDuzhh4&Uq6Wh7<5ida
zT?33L08VgX`sPVhvT*DeM5YQFG}7$9R@+uMzF@wr!lUmb+eG;MC!D0N;L@+?`>pgL
z2BA6=d`_h`la=EVap~O%W)DzhNgdvpofLLZH|`I@>UHE%>!N9wgOnbetQ8E>9Ca{1
z35qN2r_H90nN6iqjvt~{$rfM6yc=!K2O)y6;YATI<6du`SaE`f_Z2J&px4D?LjYw$
z4Id@A%NW!kaBc6djj3Y^nQnjx__)J(q1pHKwWcRYmW@wHz*8_mBfReVCEGvsk0|vT
z#gmVoPPb4o0OrpIcFfrKTRpcK&!9ly)^Q^0Dwk}N%KTLy8)TF#B;Ow=%br9yDplI^
zGk0mcAsB;ihdOQP2`r&DA;hY`7k^g($in5TGCWEovNZNxfN{l!Tmtd##2=3X>N;B^
zF13}=)Yhv&*XSRX5fpNaI^4Bc`2nzN|DbGdT%*V;n!D`-Mg-N}C`LX-lvRfbhl~%l
zFuO8D{{jVw6G0MKk7m#Gg(o{+(^J86eJM$9miDKZPHL7}u`~~SZH>+qV_x%=*u&AR
z{Na4m&@RNBl}fRlos@8}ngxm6_Fm8mus0NkjwLV5_uwk~N#fA80>1s|J#3iGSt8g?
zTZax^|Kcp?`rI~qlY&K^6fsfDi_`G=zF}!kt@Ya9juX1x1L}akDZk&{)msGDHgKVf
zH-fZq-Yu^0y=nvnNMprsUyon<D3caVh2Npt@=&TyXjE-2iUr$T)mjH)hMab>Vc&qz
zw<j|Mzb)+0d~dbV5rwVzdg8LoMurnEv9T@w;(w?}4ZnRNKdcplEg%V1p0(11VSmyz
zex3{0wcI2xGyCG6>ZSvBPWbt9!1}(7Z|HIZ_eKcbs}0CHn>(2_L}p4V^(bU!L0hlb
zza9fi-bQE(H85?I#0;4w>jh?wsoep*co>prhU-?$W}tOXN&Dw182^$>ScPHUH6$h+
zobNNk7TJ*)_Ei;xx9C(4Efhs*uW%lwZ3jPEO;}wvSWTF~E(4~p2O>ONbKyH1bl5jt
zu3{mayP(Muco*N3&GvM-m7L6TZB-3VYABv${!)AM%rorYb?;gr8jfpxbY=DnHe!Tn
z<kr23zxyWbC(d9~xP^CIlkZ*IU0Zon4NMlG!@Cf83`8><acKw)3wc5nZ3Lssa0)HN
zd;%t^_k%p0C+rYkC-wl4^!xBwXYt8Kl$z)VJKw>cj{%0o-0}0!E~4vws6uAg@FDGi
zOo(CkA@99zwxpK=Nf4%#B@K-{FNEn`xq3$%1O*NqTVZ-sCh7svgpiPa?CN=<Z5H)$
z+hd2<Y!y%^41@IrqVTnRyH@Q(pS1!Y9n#23ya7Wf+9S(MO89^JBKlHLT#w0uug~-M
z6OHVSG9n@*rqefqx|xqSCzm{k6F+W~L50hMR<D`Tp*Eg96G53PKcE=mxyQ!3+UJHd
z()4W)&bIw3Y$}b@#~B1~j}h9DD?yw1b$z+H$(15jszVmAxTToGPPgbx60?8uQc_^)
zYLvuFwwiOd#W~WmpB3|xcP|H5`Mn#5ALz7#UuJ>tk0)yNaHxT`NaNz-+3?SwKp%nd
zM6Ws{rZ9eoDHbKpLAu>w2XL%)#J^-fGxv0d`VV6jK@m&^S6tltJT(UA$XYoM1LsAi
z9V`6K*c$E|D&NN|X!2J9f-9Ax;hT525cD#Yy{vYQTuX4-f;PL}rEkV5#W{k~O8dbZ
zA*L_(k!ko|5_V)JxYoOI!5(VR3~G&`Hmv(U(m5X4*Fhx>hAGg_l|On1Zu(XqtUswX
ziW_s5R?^JYAu$olN>o=<JGG*DYw4Teg9evQg3@#7Nm;d>Hxs1F67On$?*<O99V>x^
z33xz;YG*U~A*aA?2HA9wKVXHjlctiVaWufhVrc%bYsn<5^W+>$m&VpF*JE6C&`doV
zvTg?K^Z-RbE1(MhwTq>kO}5E}wDD(TP$S@2=0z{t*m~p@hfLMc{h9BAK^>@ve|Q*$
z@oPN5))b(<e0FNd>dynknLw+vL`A~q9j}Cqx(aB)-t_ds7;_w<ShCa@U}}T;RWov(
zOXfMAAa0L7NZ)KewoEL>pP~_nHIdl%o2&sgr)WKq>Z;RESKu|?T?Y)Ou|?jAg6)&}
zMuL9m`v>T_Y`gY80kSIOD=J`08zRW4p;C*L%QKrgz$I1<#QU>Wy9!MQ8o|gN^{Owm
zzsIRJT+gT4pOmF8S`7V^1RF)3hYBlwD|V#md5LbVNINVSW}1_|1$suV3ZY}*D+4*M
zb>s!4&}H@3m7FE<qr&Cr0E-1nr)H@88|cZi+yzU-hVCU^rFx>;8me_RLBaRiV23w3
zrFQ!4cFH7VQP&-JjSV2>vrH1R?cyL64iiASUb}W-V55))R;#}6S`@9D4P@Jge0z*7
zPnw8hQqLq$1^dW!JMbXxU?bZ@A@?*bFyx0;SFIPeGN~})PZ;uH;4F77a7BZuqCM!+
z)&QZQ)-36Mc*RMi50gzp+*^X#i8b|0$p$#)H;y14YjGhRd3^*WOMZvY<Ym!@oo<o1
zaZ>F?Mx&;d1Gw{~4Te;D@$&&t%IK=jy=@8x(gSK~akM1t&yhj(5>&Px0{PU$CNHf+
zJuKLRpFFcrBry4#{+NP}{4+)SkbYtr_v3jBvCnu&X_5qe8l#YsnkWn<^1koZ&%3MO
zCb~=)<>Mxd*iGDMz>Iv<Tdn2@72IHwI$1T=tQQ4?4T!v>(MZ}FFAPRA_9^b0bmGUZ
zGI@Y=37f7G$dIOXOp&u{?p=)%Ml$^tX8sKda;zK(a6IIo#R2AK-OqGKP@j^+9bhKZ
zr&QqEKX+|~U_xe*s%71;gWgC`lSX290T-OOj_LE3uLcV~7i8VY8DViT)c2;;aVcF%
zYRWXabZw!+5xD0~J`d$EC5U<&Luqg2sroTJm^AVj*<{!Koqxd?xef|xfQCIN^Z0q6
z>FQ*&gZrz8GGA=1&zTD4&@5#Ww)A?wJ%pV1C88in=$qoD;~z6w6zyy*IT!PD?_RLG
z=V#|&VKH@gR!&y#Ndq;jOxVZoq=rt9c`67iBT0lUM%kJTiH0i*7$-ZlKf;2!Whgq#
z?hLyz_F(Rc%4HKqYjDhOjGg&SgD>O8_}npmMeljpU*H7%OqYhh7ZV3pCzI+{_sU2r
z&&xy0P0tf|NvRP^`%G)Vxgf0Y6E~#~K^uV&UhE6|tv34>?E1dA;@EjQj8IX$5tj|G
zQpE5<p1No(A#E5?3~z5TDf_D6bunnTF23*&OH*|$p-ffq>r?R-L6WUVKaphwo^(mE
zQq{Ye@w%4ep)IZ=c(_iW<B6n3k<f5MmRIAzOQFxXsm%so$9+F^@w;iwgPlfv54)&h
zsY%Tziw6X&)DX!azv3sKGKXRq96JV^v9;Uo3dWAzNPSl8jzZy1FGIsu>i0!iC^PTw
zO57=L^Ls4A1y@^P-if*l)=q}Y%`O@E3>nq^@xnb&RBg<0t}tT2qI<L#hVm7M6lOA+
zhi|7|C<<8?_5m_cfs19;qXt2}yxb3Iy6-gZ_cG0<M@%T7>l+~7yQlpVCai0()@)~Q
z<L|mp%_9)exB#ds?fdYCOXa1yBm}K_mB~#XS3MsC9Jz~{<B!KDeY}c;NDI9Dt+c$?
z4sG4v!zNDv_b2$Sd&c_i?0FKG_#KL`ikZFIgYi1d2<yE%2rSy4Yv$)p-#wnMd><N;
zB48%tL@I1E!~Lb8K9Uc#caf0(a<Cc{yQj8!GJNnsf!DXkwz)7L1kGT-3T~=(Q1#Ip
z)hD*NQQm9b(Wt*~|Nd!x6hychvGH?a#y|P|p=)dcMHQDCr|sxv75`bb1vqxD&BGgL
z9wP8<L)N+=Vf(|nYzNu!{T^&jt^52g$5$U+_4;<ibHH-(oVc@El2w>MSnOVltLpM#
zzGH5+o9mAB3ca1gE79t*!hFS#uo<b!jo=Mz((RK-|NNzGH&oZ#W*%{?v(Hs$b;5gN
z*-V<3i*IkM?pu(oSJ14z$W**?<oBxe1bw%@`6}3`me9LmBQ(Xcf6}j3J!l={dnV+W
z+4)Lc<A_iJFUS*odWHcNyrKNYfRuP*6moffSAg}w7CzVy!rQyPK4Bu%DXLd(ydy@8
z_YEe^1%=|J#JH-R$VVJ^k|YU+Y|*o1AeK5@4<#-%3#m^BxrD}pbl|h3q1vFv%}9Dq
zcw_Ukx>qS@b!e;l+L@=(#{83gL_n<jt#Z}MohbNIkgg5BJitB*i`&-2XCp`~blM(m
zK%TyRC0H^EFlC~YEd$5Tli8x8^tN+W;k)pUz)m%tN(PxeMn;2@))r~8g**!Ol>{8c
z!X`!gDydSRCc1l}k&OHOJ^KR^vLoVsf;H>o9m@jUjH@Zco$_;hNaSt||1%|UKrhF-
zE5OduX5(Q~f=S&~la8jTR~)&x1=;4@jfkZF0!?eq1>AIv;g-GEhZAbZMcH8>@5h|k
z83gnJt2+dtKJAK}&pY3i;CrsOllJG-TaYjyRZrl|u{CblvwtzC5gY6TmeSfffNED=
z#vX8vek1tU^_H^x#hhkQYZjWME1eSdP3h6Z1UltG8qE5saQ4KVM3a7fGAosXY!j;&
z{?2=6WvKH)5)t+kSYBWw(5ZR$yoR9!_MC*vqdu~vc@SK~2=!ctt!TYa5j7oOBYAWD
zXDiv(hw;$=TGQ29T`ts5Nv8e;S%UERmaB5O%f?PLQRs85%1=5}y8Xpr+*z`YjGW5`
z%Ov>=BZ`agmTT?w1~P$4+xkPbyEB-mQl!5xwCUILP=Dei%i7vm`rYW*?(#^e+TZN}
zpr$YQz_t}s=mXR@G(I+w{ibwyb^WpuB|cm-IxOP}IvIq`t_W>-?dpF$aa>7kWa<2#
zq<_F!gQNCKe*|3Fyh%VdDW1_n-S(v2jG0&mlIgEx>A9$EYlWfi<LS$wT&_5%mYJiA
z2UH2*7_t|e$N<iDjze0m=Yje$J!#V9b;Zk7R1~<$zhyKFLqE;7uW~G>RY7kTgc)}Y
zDfs>lkMxnlRe)ypbOwpEfwkfgPAs|X+eIB4((q9~6j@ZFR-9UMgVN!3bNrLyPvR8@
z<1z<VVcZ6x<C01b%H_Vlp%~#Q1k`<%?piJMs?Ne?4?d-x6{~5(vStTYWLQJQ_0ZCo
z?FrwzCsC?-w<1EXaDwtI+5IZ@x<8W6w*Y@mvalUDmqe6J9>-%s`IVZ#t^_ZdEj;fU
z@}xuaQHHM7i&cj&m$sbYw`l=WShWs+&ZUJ^9X`lDSUCA<NTxyT#XxNIzM}g$k1AzL
zi2YB+kSUq@IWhfe%#b*0D|n%j6`_{)`6|;E%BI#4*}1~(b)dJp<x~2z7SinE(z=p<
zynw>R4<ytCBW^vaxzE(NW`hVl=3J@yvIil%3RtF{nei;CRS4k1x7m_S@ZWn2dVdIi
z03Th3bp_2-)cgtUQdbCA_Edti)ER!Q7eZ>UIypZo_5L#F6hUrPEu|5_=?P8<Ga1?k
zlYJV`2#|a?E4>>7)rRvM;_xQeu|KKG>}!RnIJw8LGH5C+_-(z^d8J?mqcBySvw-?Q
zT{%Dt$F;u-!T)-ayHIJH4Q1LB9DzR1*4`m66l%qJp)12UZ;p?J>jijkN4On`#-QMe
zs(<k@k!4pm!@n8>o3n#K%eYE(>;BJ)!hDTde+Jp+n$&2X&r~@b{|7m1Jd?PP^=O}A
zK(|Zr(A^IYW5^LJ2t8)T{j$!L=O>LS-pZ~yQ9bPnx#r67w;;S%^T{9U=_8oLh%{Xi
zvnHvt?QOUw^Ta1gv*sM`saj<0eX}81w$|8P)b;5VHj`lquer&CbRs<&1I8}2RUjjJ
zi%hBK33U!#u&o1{;4&N_pScr}KdV~qK|$`CJU%QL1h>{w?sZpblPI1tTvgRG-qMY1
z;cAaBzI$KoQq8GzLRpABvv);i@d<B+tnv24lJ+6oq~iJ?mQ;#s{DRTqLz@16&<*Iz
zb3`H~mFO}aH1ErNqR<`+GK7n<_ggu7PW)kk2B9}B_wIPED4?evm4Oq?svpw0xwplA
zuN`9=NNv+fw9{d2E1{uAk#G*K`J)p=AjSwy5T`GBHM?^OR!LovE2C3=#SLxtPG#Y!
zg!-GMK3yP`no}EA@bmPj&y+2TB@^bHHkca+opoHZ?}EI6N(XqHsC{j@m80q@RR`eJ
zPnXeTg?R$Xe{NBuq9S8&OFRW5nOJXXC1R9PA`5O^$%OsHbGV5-JDMJL9%wzemQHPb
zm1$0s&}TYPuY7+YxF8kT@ez2&`waDjL3V7V-W>2HbI@KcGqvPDd8N%H>#zOWJfpRk
zhX6xa5x4KYRb}ieULDmO<9lX5t{sQHb+-0`IU`J`DyKjXunY~(qu|^i6w~GhVQqkN
z7vh?bo9OVH*>{qBjB36?=-4NfG%lRBP;=tFwHK$K?M~vD*aM)cL_G3r+8YyXsNal3
z0^x1#jnoXw<*q37XM9y<4hsvNu#za%H{?Jm^qRmEkD7Hj8`$@=<dM&JwI3t^e<pbP
z#l&x(eA_P|oR3<rnkp0;`0<R=QWI_u^a4=qs@D{2-Vz4Y^F>fjqy|Tz>lb=@*fjx?
zm3c9RD6i2}i|S8;T3bM?An8-|xn&Dutb2msG_R_0SKHQ!1n$JfH<X%+cY$T<X!K<-
zn<<xEdF_ubvA<ei+x`8xUN)`oxe<rFy`@o9UOt%C7BstLbA~jiNsm`%zh_78VqK$D
z3X+mp@!Go+j7ZD+Q>hVcz}$-oufLq(>%Y<IZxfuJg$@>6M;mw5eT!g_%SyNJ1|ev`
zr}Z~r^;huhxv=dXhbWj6MTC%2;Wl5hA{<2c&QRd49e*0`x$Sy3ye^Eu8ed;lEr@nt
zz$pgq`Z3@-s741|U*5?c?kX{=hRm&o%{i~nKojjT&zM`+Be|<7@3S#@+;jqY;Hl^%
zP$t$17Qu?Y2166=AU(vClxQHj^Gb}Rmg6w6h8rH<-sh2$-<crv2fdFe&f56p;JQ%P
zXrkVby^tTFawgSa9!lx1O|D$$E(+h<lf=Ce2i7KGf1lE_ewpP*SI`DwUFG!(fL%--
zl%e_hELgf?bx}2pxCc%yCR)${&4Tq{K|u}JvjTOu)t0;_uSi@7r#ba^^tiDFFy~qe
zcC7+t1YGeftW|hYQ2-jzDd?kGjh@&V5b|%nNwW3Q{#M^ThTcS!t2XP;20q1{NKkVB
z@~6NTj~GPY74xYk4?l*2;|u~#zeiHT8%{StOEfXU%(IshHgRU=Hk;+ekKHCtI1o%?
z$<onc#B=Zv(@83Ia}vgisRFr@?(Zita<yQDnBd+zI!wR3tz=9Ie@jLRB)H@s%pIrJ
z=pJ$t<n=^Aq}ptV>ijGPYdDPg+G6+))|@vxR)M;%wZ)=)k7O@VkSf6&%{VLjj8gHp
zw`4Lv8@Kl`_=i?O#o~ciT_q|kHdQTUIS7k_W=g8#*HZXqEt*kOQL#i$YaGYyB=ENZ
zHv&Ts?f-sui>_%|!hTeO(VWE4RssBQAWcmOsYhk-y&GswcP;+)^l<yDU?83Ln$-)i
z_yIQ+x+xZzhU*`k8$kx2Hkiw~qKd1^&5v<oy-irZ;3X<7Bu?mmjfbBfVS4s0#Np>`
z*j)H+tywc#kVC^>nvRu7hhqF32Mk|a`<O1N3+SAr?i};~0cb{bB9q>Mc?B<_#sDIV
z&=(ib;J;ysQHQ<!N|m5E@HYNs!IoZr=3(tL(zfw^M@2*0qmZ`88<|VKeJt*LL6VMo
zflGF;J~lZT=Pityi~}#yL3xKq*$)uv=n)MT)pF@82kqPM?#QZH85ilAJ^g{{`rlaq
z&0{Fv6@?i?p9V_8E$i#8WftZvOOD&Z!0#J4)$&s(LOu-q2!0feQ*D0qlP2ulW{3|$
z7qJqg0a$8JBYDYBZ?)v3Y05GKY$24W_Ujl5+7qZRm>7Due~vkzrSGRqxy@5>x0HuK
zXE~yw!+5jWYV#T>0s*^@7N**yMsf}e$;Qp99L3{&wi0ps$~)=rqn5?Y_@0wAN@}7s
z>(;~6k5WuG;w70~hYh7>3^O?D<-Q-M9MBRDvdwN?!ZwwqbRU=O6=T2iKD#s?0;$?6
z0U=LWuLN_gas<X}nUlE3!J=#%-N#Mao|y3Qs&dN6g<l^c8IPeXrT!)!+-n}=EmY=$
z(o4W&LX^oaZEr5DPOZc>zDXdtbjDkr-f0Vdmz)H8yabBGw}k62kHO|)y^p%nF|Vjl
z6aRIo$0F=&PI`*bmHG8K%LjK13gV{b9WF#}O<ov!W=f_Cu^*@D?y?$HFZ*=fv>Z3S
zOX_Byk5BWB+r_mHd9(+IlnV@PbcE%^LNgl%d}u*g4T_KL8jJL#Dh_ZX35{R>R`Ui_
zB(H};yJfw1cOS8y$eU{k5Qk_Y>iTVl;TT^si`pI;UJaIkX!_a(=93+ud=PdaxBKUs
z&m*N7Z$W{#MJ#IAkg)ZQgJ^HLL*f1dwqB&_9kDw>rh!JgX#|s6;)j6>?Y(3FA5(80
z4(0pBkB5X*wk%~CsZc5;*-arTTPkG9SgJ{~MRp!h_MJjvl1hb`NMsrNkTUk2!4TQT
zSjLQ*d7j_n{rP@>*Y~>r8RnYnntASXpL6c>dY#u9<59XcZ+$m7{w}~#Af>Kw`x!Z(
z63V61eA)j%*k%aLhMhTo$XcCRXa=|2?oB>poE0mjLOZY$MwX1s4dx?{4mlXg|HCvx
ziQ>(dF)wDw=`c;{6qB$WQiyy@J<^a1HiwBY7tVU-kuuy5;=$0#O36`jyksqDyvHb-
zb$j`|Kl;L2ueeq~a-<7D<1HOl_S(d<#8vHxt2G<sq>ARB)Oh}}W!tIb8WKzTP~e$;
z^dDP)X<v2ppkzt4uDGRs>|D-;%CnU#3;9HIjn9R3+ml9vFn6k<XZt%j%daXNcUFR-
z2C;6E?fhq*(Mm_Bwp##ba-!_v9<6SC()Zj^pJ>1K<533lg{Ouypc=9ON?l1!{NdLF
z8f#5`kaP2L%dIYKGy)inKk>VX>W`KW>sI}j5Pw3VxX)4wOiKZHI|1GT=#6zUa{t3G
zm*m4ja`<>{-z1F$NJLAOiHh8Dj8+{Tc{kued)(wphF&$GL)>x&E-y^AcDYNR_>R<=
zI`Sotb@&PU3u(f;1tJc-FB!a6pHqi3Z&F*@9<R$K%K%F_@(37>$c!ZXOpz1QdGASZ
zDGMlQy684C_`qq812@DU<%j6*WTeHXw9AEL@)p#F%0GabgNFg4)W10aIRnEq+<109
z@2Jt87c29sl2iSB_F{&tsjK!aR5_Z#?4zRMdxV44e3@73A3oy^tRz-)ik!Aj>sj#l
zbXY_xpEZ%B+i&Q2%zP-1R?L1n6RT8|n0C6viR1YUz?M(*o)F5XMeFLwa9F;C?0T`u
zoV+1e9ht_EBu>7h+G1A1UZ2C8Et%ZaI0gMxG}9j@o6{q5W7FlvF1k~9q?qDgtJ^Dy
zUq6tC(a(?gA(HjL<G*3Xc-5QZI-%<w^JnV!GYx<i<c1tAm5(Q006GNg7eNVwUpD?H
zvX!35b=PcH-|xmrfCz@a-}C4Kq^H%o#Vrs~@ROB(a-HYeHCTBCZgl*Hljc5O&Bpdk
zi3B+!!2f9i?sny*u!Ln_EbUclNy~ytbs>4y2BQxLi&u<47k;dJq|KpCz|hF=;Pt65
z7toq0<@n9tZ*%OsJZBAH0TR@8Sb!w&>>Ov$&PiB*#OCnot+dSNh?_Effl7+W%NIRr
z!*72WCtdv$XY{DSIFJ(>YJ$F7=OuSHj0NE(hPE#R{~Zy1m)v7y?;h~y<-D!<atu1k
zL&xmfv|@ci=NFba7nh{u|0Rjd{@FKHHPbk5`~@n74N;RSaP}=4xw_Bvg0MAU<0%;|
zc1UUeoUy<R^W)fR?2fdZ&B!7Z2IXufdIkBi-$>kg?_KFA-DEOUihEN>#rQ9$;-kKu
zN)nIa22T1sK!UU7gXH(+q-^N#G~#K?vq6Mbp^Z?~TaZ8hlTW}}e1<=z8|n%7cP4r`
z#Me=^M)gq}A7z<p9tk&S$EDT_leINlc8&{11_zf1tqg{t$DGR(-G60#_G|sF7JS6P
zOBM9z($QNiPlV~V-{iz@60xGRc`el@xkJ@12y@03vQG+ezIcB~{kG2>AFf&_L|)H_
z^so=cNIct)wdm^mp!P<e(er6mHV#|r+mMI33QiZ<^Q&v5k|k^3rqT@dtVPT-{pfo_
zn#V0>J{)=TL~BGO$K!E&q1kub-Glhk$qAA(vQG*x7UDlAjE^XucCVg$RSr2uD>WCT
z8zPx&x4M6&);CN|YGK#dU5l6W7Yd$vP07-0OyTQlL*JnlJsOMQTV60dj7aQW(weUM
z%i~cv;rBhBpfgZTm5kvOZqSlePl%kV)g{f=A1Z+Jv53DIYUKxi*2zt%hueni8^sm;
z?CTL{9l&4}GaANzb&dC*r}rAdt?Br{hhHN_*^9QWlB28lGN&2y2K_J;a389Q&!3>|
zgSxr+CW6aZfpy3cTC7mXfEmM}vE3M7uN6RXb}~rW8?W`F#&P~4?t7OcgH7NH<I4Cz
ze;C)=@ty7bU{5TL87LWyo@Lb23Ph~1e46AZ3|uhc*LRKY{}Bt<<IVhOqV^$)6Jc_r
zMh=Euwl<7GeH#)!KeT4~<@eI|5H_|ce&tMi<zWvH4{<uA+@#_MR(gO5kCPb~+J(zb
z1`+*XBEI4hj069m?&IbWQHn7?&qh&$U2cG1V!A2gH`J*X>q%4F%2V4bjbya|`LHuj
z^xpGEEX8w6COleaZj{cXpP$_(lW<P(JOkjL#YLENs$Xhw?r_8LbYL7y@Dq5T1+{bz
zfx{?+qfd=Q4Ij0yrTtpSy~5-4z)(>v;swWNsPi@0BNaS_u(H27CK{8Hw^n9I+Y&#6
zh80bsBwjygHmuEP{Cn#AsjpdSJMVstlz*s=H-h+IP079454G$~KJA;idIh*-@=lmS
zEL8=MJ(Z=~Jp|OJVaVXAMGp5kYRY`^)~?)ajNZDU_mxJQbrjt2&Bw0ypJEzj85zfZ
zXTL_>)mwtwr%su~b{{dBw|MAy<@&3u**CYaqB+5FXbp8(ZtcIte<%%k?83yk4`ucy
z>zVnqQ=WbGO#ZIvdnV^4lFO^-0$#7*;DF^%<LcScf8Ig2u8C-Na$3KFN35)#an?9<
zAbJR66PO5H>%LOIxaOTKn&#2boE)(i`tbrfID{gs;**%R3*CVme@9*pO*nhj(<@&N
zmc-v6FyQtr`c=(<;90IpV&n9CGZyMc#o?TX@%-<01c@Es-Z#$+^PcASA^ti4{k?wD
z42Ue%B>FvsLw7mBj!<6+B!f%SW3!%3-nM%Shx}C@jOuJ7m*YjjvfjA1yDtIzP|L#m
zM2j4sT24{zt%V7yk$S0E6gaD**kVSoF1bdE@}o5}MlUnSbL6{ES4{mR{gxSQ5+c0-
z<L)j{2J>DvsqK6#ySP16zah06|M;-pdqSR$R^4Cix=+j@r=i^CIODE8W1=H9<WNUw
z+q@xoJG2cdE0vVeyDPi~Nvhp-wR6YD{vcHX<I&_=NQk)bHPKwWqT-f-;A>v3NodUl
z=Cr!lpSzb>A$(K~tJ!*B;@+^+WV=*7WCi$6zOZh#Q2ouoq}^lEVl8(tH9c-apA&ar
zwpHzRJL`vrM^`oNw78~kRc7OwlaQRrZv*Qzd+kCJevWWjp&1MHhdLPM_%X)Rh#?&K
zu;()vP4}Y`p*6vQq4YoQ&tC$ot=5!3?yJLmbfenGJhf#Qk7|-s4eQV{i2u<!Rx#RU
zrWG6TnX@*;Iat!mmuhBJ1J`3z*#p<l=kr6)@uX?4ske90l2dUt3y8|gw9U)8nyu8o
zo#uDEy|Ej_5m9?5|A`IhCq|4PuGPCS^$63CVI8C1m}Ii)F9R117L<d2|DZi!hK0nx
zT{d^i91()YJzEBIRd~;-s*M!Vw6D}i{`e7AR}(?b*H2*>s8bOzY2{O(CDVWSsZpU@
zczJ3HuRoFTwvN@skgwy;hw!%aWsO5ig_W4O8=2ptTJBv^_;zIu_u?7x?c|d?2cBS5
zFUeCiraC)8zet^f*-f5bx0eR~*!~#(rQpx^=5J(|{sQY#p*sf``RwX$S`>8;S}c<I
z%Ck#8beX@XHz0=(V}tHr39uO$OMW~_hT9N2i05cgTB3(iJ_h{G)gsug)E1gH$_X-K
z^dvByPR|69<~?sOhvulDzusM35qC=Lo~&QkmgJAaNH)}Ki^p>aGJkGe$F9xtw7;;u
z$g#dL$v|KWF@cj-wt-i~FVW%tgF{5obB^escgQBiv!^KA9)|A|{#+bu&uc(ynrUpv
z%*KYDQ^W`lw6F-SNR;d$Ya2SB*D^7ANye?OzC7`WmK0_Zo>x*sEHs_h%S)P+JJ3pK
z=gc4p<Tp3krO%1mU2~5rQ*jH=T{EA$CHxqwrX6TYK}Q8wXBZ2~n&>4>A<x~e5>9=@
zO+;FR#~gjZRO827R~N)wmv$Ik^>a*;y*ToagE22T6in|=&UDZiE|@D$YQ4IPhL-FL
zHQ0e9QW2xa*;^uZpa%vMQ!`Rc$bXx>%S1k;1*dMBH`!oz?j%@x4eW0LKEs_C$R6ah
zN;2Z=nPmVLe(6|#kM2Qeyg0*SvPW(<>#BF<-4pa(33i^DG+2baqto{PN|t@Yt)I7m
zH4<Sdi2teH!#WDOkC-DHgb=$80O<s#!-b6u()=U&fU3y!W9@?Mv4+I==JPuEGvJB!
z^`JB@YIatOl^?a^MAbI`gRCf6tGd*@W&IFc{Z{A5Q)cxH=>ssvCaO-0F*>CC)%AS2
zjDz`jaPA!?ULJ05k&r3hf33*es%VM!yPs@OJ~PTodQ`?HxxV}>{$Ls0HhdnQ`Td!-
zUKTwyj6Z+4_Y~1=BCn?p?)`lcNk0yhy&nZw#4Z?UbDw^E)CphXf)M^}2%vKZ35S+z
zqYKl2)3Y8o>~uv5!QZo)66JY}QT`BW<Tej&YnZ$$gHw0fP@a66)VMuV__HrZ%itCx
zw@xNgHC$ySHhOi_T=JgSlZzx0FbSpP26hQs@X4Op2Nt1l^*Z!!$;#gA3ITx*gyKfX
zV0cSqTFEaw9KUms=oMNcY4$kGUniaW>it&_A^VV;#VQB6kqyQAS0vzE2902RM}C_4
z<yT5oI7oCSH}7^W`x=ycc-F3c(rO<We-1P`8y#+f-#WgWZjPgktfL1krxwK5_c-2`
zxu8~GtwR;(^9*hNE(-sp8^6a0F$Ndv@qSn2!-!Zw@N{dK(pVLJpV#PJr_KTVkMG)_
zA3=m1<j~J;%~pp!4z;VCD`=nEl(*c@eH%=E7ADfOz<)B>A0W@FoU7nMg!Q^^<kfur
zVVdI}e%f;9-D`iW`iTyd<}OZ}o%!dgkbRb3kQrQX_c^0SK{yr|0`WJPjAJ^AfYg<Y
zxUIpv3Y{1{^!PctP~}yq9v*Bqhl$!MPv1tJJ<g0em|2d;syoiT1gF+`GX6Xm48Amk
z&W#T`Yrx3OdGr>#GKcJ!UwjrPT#5N-f$GosgVt>z1{3`JCT%$Gehe(9z->l2Nwr4J
z)zB(a%rm7ehbO7gS-363HRaW@nVbdYJ-tKco*Z2Eua*2qv_-^oiqTF)_}}=mCd4`k
zGL%_0`_~BkoAwF%H2d*>4h!r3)4|AlE5zXBO20|zZjD2pYDX>F0pg4g|7_h6mHLf(
zlQphfzX(Yf?8eQn?7JE8V5A)VXZ?yJ$_2gCwK|LrI;q#HR+)(j=C3MV*&difO#AD8
zs!0qX>(3gxs%`=i1i=wLZ9!JB&hVoO_m`H|l>%PN<pjUICCO~KA8mRs#7p56igF~w
zc53_FVBJ#w)V6i8mTui;yCU5HW}>J(;a%QyxYc8Zmw^d|knJab35WI0Tx{oNcgMpz
z8blsqjp&LK&R;_!^=Lz;eZZ}&fHjOCjjnzReT5uNvDn+F6{1NUTMd+-GHNdR0U;HU
zu3G{tkuS!589FhBDpmVKG9uF0jYDp5WB!4MSNt{a7%)4*&Q4rE-1q#S2r}u(C0G@!
zumODapGZEhy)>+Xp(f^Jfd_V7hQNA;3p(koN{vb`tXu$VICF-^kEo#e|JP!~x=BS_
z^ubedNVA6p(Sa%_E#H>KHDE40Q2(=XS~9cy?l9K8(8M>3FurqZRh87p<$WDJ8RWai
z{x<s|{q=R5uI}}rtWL!>p`m)0?ml&=1pk?Xz!}=5NUc-sX#2QSr?cIn3%{P?dn2GO
zhHr%s<*vu-m#&!ZB?i%-sIR`hq4VDBLih=rdx=L?D@3DN;zUlxLr2d_3wa`6;|S02
z!*FL|g~1qr{{xhZ*m=P11=IasV!<lAm+_+1(UM%U^!*q0biX$`&u=UVVR<)Z*>qM4
zpit-FRsRe%YznAV>FI)hs?{{;;P&TEOM?d|<UKV10T6!-HE$=<)6@{if$7p0UXYyQ
z_67fN#pJb()MI{ac~3#%_*`gEPkmk}$e*h=u}<;Ugjim1ceR&+WdUxB@;M@XXS?j|
zMPfUS()Aas>WO33-}T-yrT$uioCK2sunu)W)X_Dg;=P9)|MJo!qqNv%#2FYuRV3Y*
z*!cKWFkig9jOXgg@_@;!ODQX({~Q_X#><!HQ?+fY<5XhjHa^*aXNdO#gTZW|`thT>
z&dG~TGbbuMg=%;!*8fydDp}_kK|Z^kP`TaZ3c3iT-$8up<#9}soP^mbv9EHk!=q;J
z#VNK_t-jLQMZ;kF_a7qMfD;|J;UKy4Muia^s<qnM%8z>MdL^9L49jno|H;#WnHV2)
z|1>8(mU;|*%(?iZ#<OPh^y$;%+4Mg@NRp+oV9+i%L7RHDdmddmrfalT(x7EFOX*b9
zY|c%eEV}d;jS7jKXa;`7cWI0qJ$9P20F_cG@*MhThQ3?Ex$u+co#H*oh!_svWwh_#
ze(b|_PYb%I(;OK_ENm3j!-wvoS0r@NPFxWG8Ht}$X+@#R=Eqp>-+H2`1g+BeFh^hR
z_Lof{`RTYo3L<*U2mw3@_FWb9HJJJH)5T&Af+oUB+$&vGN)?b-*89tke`zS4gn5`A
z_v@0iMhEQ*KWlXy(P<vr-t?+j>vgLQoi*{VD0saLXr`E7c^_Bj=efii)SgBR(PG1V
z5sSFHoW7FrOsBivyhLa;b0PV{W^Xy)v6;Oh8D$c^?1_g74UFpswF{3B(lXrXqOIVa
zuorDq=B+7zrd!>Tu0tVg8^fzVw@#CjcljD?HBaFT;-<F7tj4_mV3DqfYTeBG85tLY
zKX;BfU=8q5(D_*~6P5G?91~-O5hRCf?_c?_5)&iF9OoilTOkLIrw$e{1R6T!23=8`
zTG!Xld%x?NEj&Y=2v%z-MQ=1VC!AP^$#m7ai_iR#v?+l0yHz>hkAfgMn9ZaKegB+x
zvu33mi5FH_867&_c(_SUy{UK-%IlI56=HRO$KOR7J_k~S|Lx!W=NpCSA-?;E<D>vr
zU%XyH{7=nyx9fUW)D}Ew_bke0nDy`X*cD0O7s%ysAJV!;G5Swm7WOv(N42+wR<J7`
zcl-FC67`4Y`86(>k~EEtUhQA~h;{&-WD;xIWiy*cqG0VxrJg&Nr<<a)QyM>@KmI+d
zogzp6Bp-6A-P>_h^Bs5D0maJR(>Khtxr(p<<XYpu&jWgjLkCJ~Cx5z)`7S^Ht2T{e
zczirt!XkKTBYnxHG_$}^J|AE(Fq0+CdihGkuJ5DU=$Ym7b7t3(VKS^C{h0OdQ{!l{
zrJe%(@R>KFufU~a#j5^43E3)K7@aKKjWwM(yxuydx%qmlhS!1UTUpw#t27(Z(H+o1
zfry~Q0Rby<vyVO8V@Sywzgt}&zC)rS5KPVWX6sxmn)W%krkkXf6}bA~W90g_G_-hp
zhn*2BqW8``TT^GaaZc0skd;5!50={5@@W=w`(EUlo|;z_V3n)WJe_uMJThrsYX0ue
zA3{f``!DZd+I`tXFg#<77VdP&nrA<<Z#j?ds>M79Dm^u7QH5q_#Z?!@H`T<gw?0im
zt#^JmztDd#YN$>>NlRAUsr!X6jI-gvJkPe&9g{VAeR$Kdn{$AIx(dAPKCbY!yXCK5
zrb+Haq0q}C=U}DjdCxKMj5LHPhNW}5X~zFoYi$R$gWABPaJ+`LC@Ft&%5k%odZV{1
z1bRQ6FRuV*nDbEi_Q`NR%Yl)l`dX8F&a$zyocx0Qr{lgS;q)6c2S-oao{ftT66usK
zkV$`gUf%4ELf5D7k4grw7d?%7OD$#Dm8f50zj@?5`!Vu;Y4Rk*sQ<pLGhbILFYi;I
zo*7IXA!#gqowjqs)RD=8z<ZsGEK^_uGe_8o-WlBS53WFF4I@tf%@m@y?%8<WURfD^
z-&VE##2+@X!hw%!E(&30ml97pPzSoK37_yK9@USNEAv9R**@totj@kkA!ycG)t%|s
zu_;X=oEs&TW$2W<YoT<4L;4`IHDWzuS-3FoNky2^>!J*_i{3h))K7Kwk(MK=Ki)ib
z2$_!0Oqy2t@4Mi4wx2x&sG(~P6kDbP(+9)y{fFZVoxL^cRN#&-fr|fIQZYLOkc*`%
z^`_TjrBW6up?REEgL0r1;D>iAiSNdNB%C_<L~cg0KcA^!p*JFtEjor6Ly?jn{4gRZ
zF7S{D{fW#A;Kl#ez9*-HdO)rLnRg;%yr6__cx>qO{DHx4`S&(^j&XlchDXA#SHo0P
z*>aI=14r@L@6ERuQ#Bsg_jRw-m6H!RACekTxWyVAF}l3+%krqI#vv828|vRL?j4Fn
zDe3+SL>4z=*1AJyW+~~0ACXzp=caIlx^!<!<90pA@=K=Gkyp&^r;m}LzbS?Ig-?^0
zEK=zNrd+6zVHGcpukH?H0}<txiAyMdv9JfzUc;jmI0fs{Mna5)l-uCAGs9Sd-R3*^
z173;|jtn%!wcld>l0+nMBVC=AZHDsR&iG)@0KSz{ffYy#Ja*p+!h?j+CdjEawKAb5
zLlaz}6_E%Tob7wPbdO2q=dg(V0y5882nLc0EJGH`Gi8t)gi$_pq%&9=?6HXvX3Xd$
zeK}mHtPx7E2aOu5zTN9PQy-{rwp{+@%c;i0eD~Pd1P;s({mR33;C}wm)VNus`{;z%
zgOirG%~dD*f7e^Ko7n%2js5rvuf_tbLA$c~+JM#aJgL5qrj1s895nZ7Q|zOGQCf#N
zAZ0z{|9Z=h=SVjbO)m$r;L9UHj-wc%q(FBGzlCEvB~%PaZJg-4Q%&hp$ma;$eOSBe
zvT(bn68OqC<7OG;0ujJc7GT4LM@m56%uWh&$K*(XFSEQYiYI%@;F7r}*eNP^HU2%<
zsat)f_r&jq)PzT~JX7U5_WT@%uGULK!%!LI1T}-vEWRVZR$8Hj17}-W!tTB-Rm7CO
z7OuEdu;=ik_}gb<;a*cF>xZQ;+j}pyXS|MoaK`-8FQ3n{1$MgqRUJm5_WTQO)_b<{
zT<*CP56si{YKRr*Y5hb{dlO!fuqAi`xnt9lmhk2#{fnvSY&LWTaO7CR^iL+fxpA);
za0hz9u548;&2&xd{mzHQ2nWSrlM>sKk`=|3IEqoTfV-Bl8J2ZYm^)A0-kIsd<m^xa
zmB0vxs|RhiPFTVNo+z0lgzD-oLK1YzNQq{s&Q_9ow3*gN%XxD{<6WXk$Eks@6&tDZ
zv`mWVa05k=RNBvPX@29r7@YVX1+2zx2yK{dfi}!u%g~C}{!kvkFDgnz?}_WkM(510
zpws0~hFIm3@0M%$ePzoC+_K}IQrTaOnu6Ou@Gz!7Y6o1t6uj}CBTaIy@R4)EULj5!
zsvKEP4DsiYqC~c<hxHwD_K7XpM`X2e(|wTR<QZTPc{{_>=ceX*8OSO57<de*X0y|!
zCzZjJuM6HYf!bhX)$Oy+%=^r14ocuY;W)xQc!M%o<_wI%5Ea?TMa4DpP;o1Oki6xr
z$w~^mq1}z(50)o`sF5>GizF!~Av>%z!C6`kDfyrAcI4M^W8o{4Jv28oTjh-Paj_A<
zaB)%2sP&d_PxR{8#NOFzYRA0{8M*v9T{!!LE$8sMyJ#)+;n-mVqvK)E?q(E)Uc6Bh
zlAx*AF{3k;Tpfgxj=l_VSA26n`#!=zvqpcEl&&rv`Ogz9XA0=sLE+qkxJqOtt_{(K
zf*)xoPgd;VG103eM-hdo<ZC3)?);Pv*xVEum@CMuvNx4(=1RLmIW1Ud1^()&J^WN$
z{sFOq3dkKA``?eE;&@&ODG8mbR7`1WJi{Q$uw9#`aol-V7E9twLYjyHVn=QFi1Y;i
z754lnby>=XzVBdmv^eD!M|}P#^e^S!+{nY$%J+5Nc*XMN8S7fB%-+`e)^jlMW^D0q
z-r4*l*eZ)tKP*JMJPH}OC7|1HT=GINnLz$*exVPgtyixE*?`5sd;Ve|U*^8X!<d^k
zi;o#D3^yj*S)S^*-=`YQ^)yI|By$qELiC$tTGH#Zj7wI_z%aDO{Pu^A@(Z6?d<@j?
zOv!7<hM|bKjJXPklaVs~49&n$kt@I`RPo;rSL9UaiPY<*$l);(fXpLVvtlFDlTi`~
zpvj6^?Tl%<<^2F~sDI$vlqL8oVo<O~>_}@%7&Xyn<$2_M!!M`k=U)Q`qNY9&1&XF`
zYLqBvG@h?;^$`1hA<S;&^YwpwT$9aZrjUGnxSRRwZ|KP~GOirKhjkmTX}m)6vuC6<
zrR}*ERSYaXztS6}1*D*Mf<E>d&j&R=`N*qL0$t%*Lcj}UBfcAFM!1d&c|WH_!z+`5
z7T06fKMIHg^St_Hf>Q?>2r4c{bQzEp-l6RO_os6G-p?!{2JzkVUF)Rc=G=Qyt|N!x
ziCm|W%KqD7e>RiPM+3cqEo7$^^UBB%b3tES$D`pl-^)EXij)4B_R|@~*_8JEL1j_;
z%CD8}j?wl;)fL{@%)^$7KVPX78e7V%3RZpd`^xV4!pbh0_>SveQ)kozmawXg<4z9j
zXKpH<mDEdZL@pst-Li;0eeqQPg5VO-FTAAtdf_i)?evg?e~N+2@p>XBi-8iLk*^J~
zL?3?17B>tY&b|I374RxQdiN2$-};}gMcxd!Qh3_f<`HA8J%PgY&|+ARhr~zXTZ^O^
z4P>_=TrCoC2}s_LN?^uklY>2uJS0yN`T5PWW5-fI57|6oPQag1gFn?o6Mw$zbU7Y-
z`O^@&`7eg!aP@VZ)t#|ac2DI~J!ijVEylJT$dL&@cJi%y;%1dFG|W+UhpbsPxo47H
zfcpm5l`jleS>IGi>1@w?Xr1~?y;l&gAL<{Z7WulrW5|bAdNh)9z}dt9C+8TVa*f`&
z*hjTi$~WhgJ)PD5o?_&DrniIE346#InnVWI?yk*R#~g9gbkzEE0x$Xh8YX<i)WIqE
zX!0fD_*JyP6V{EC!Y1A%oCX|R6^<KQDvn!H=DQ*|d4rjEMO%MhEyI9Qy59~Dx4vbD
za-`v;=$7|h9JKRmxfgO5mwdF{s(Mw`?IK%>ZF}AwHr9+O`@i75*FKu&9Muo*N|t<J
zl5FQ;BRa$)Zz;#gay+)myX$`4&9CR*%<Aep%G2X>uju^mjWY>k3Y^{{UWgbivZpq$
zqggI2H+YkH>+T%bi)AnM{e1Ymms!fK{hy6&oX&vC;2zWc9RU}?^WX)r5`OZ$kFZ&y
zBMHtr%TSZy{|N$#(##Xw_nD_c&c1PHnkwaPexi+n(F;9E$T8Sl??dHTf(&93G63w{
zfXm@j961`??(XJCoy*h@H$S1_J@o6-zn>WxbVy%_Xm}r8+z{)G8o1BX&6j%o5c@S*
zH*0N@BblRpxpc>9vO9uK*|CQ1YX_9(FRaZ)^gjIa+HR&ZGfd?iYt-L1G{1n^Osh?P
zV$sMTD}_lW_XzDvmkR@f?4*dB=1I!`d8A^X&z`kPB~anPt3__GKXQTthAZ>#=CKNA
z7x72EyAhp%$l(8<^ZB5&fYV;2i6+V(KC$qGi<F$0sQQ00MA@Hj*QYFcL+_^TysCzs
zHoQ*pwIOcsH%VOagq<s}<!-2aT;22nG%=i2a|n)&A_ulKvp$ix)C<i1&R#>zd8An^
z>By8zxQ-hB)Or_o>g@Th{lBMYL%9x2HdYs%uXJJquTK~u*2>hUhmSjZd0iKgMtNF%
z;TlL%gf`S>(lM;_9*GB23q5ES=faXHf#i_vaF@j?abDG2jh)}AccP4wQ871SoOa}N
z8bn{jx5)ZGhyDPs;4{61+Vx0m2jOD~yWm(oMl&sEc=xB5`l|N!l|d&phar=XWsoaW
zBWC(&A081F%<Q3v;!zTSH?wv3#XU{Q|6XQB$mFDx6t_!h#?cB?;{a*g75mvvS<`ct
zx}~$Kr&2AmkqN?#Eq}Ie$8R?vK5mrj=G+%~vc~>wnadda1n70Fov*#+lC0yG=<q`v
z!-zH}t&<`7iyq@*$+~OPl=V!e&F_Xvrtgg;4a%D;uuWJ)37MK%cZ2Wc1#-y&KclwN
zHv2z|rr)f`j}wch5Q@G;nuJe4NFVBr6C77<psU8V&?q<z?pG57n0`z&^JP{qEnTT*
z%KaVOBei>gm*H6A$84mCUOBShl%xSik()PSx+q+Dgai<NMjf1?#lx8a?h>CmoEhAD
zk)T@fF3_a0-M}mfck-i|nh?h1#*>s#90nS&Vh*@82>m;Y(m57Zlb6i%_3FNb%F1rM
zp#Kxzq|}}f(>?6%@8pb%dp{ksO51PXBBFb>_oR7Ph(zpJ+O>8*U}l3-N~GmATx;4g
z(_T#Fi&w*}Y0iaC8$*H^2J^!;uZ!(9@z0)_{hkON3h0jf+xFKqhZL1#)w(#~W@#%&
zr{Bkd=W3P{iXDn=gMH47`-Cl5E_G4TG2r=&#IWE4X0H$P1-92KhYzU%fdlKqW!^%g
zQ{4yoT2^aTo@erPi-c}O(a$$|)GQw^D43`U8u{+ccxACwS28~zx{AenVCTnmocmUC
zNNqV*GrFFG<(6!-*;B>3$Y{*@`%2W1?vO;Bck^G`0OWvBBYrz{@;#6rnfBgYAE=yg
z-_CVexV+)qJ0-nJvBn0ioTaP300liOB(wS(%a@BY&n?oHJjC00MRJ^F9g6SNJ|qr5
z&D6lUlKxihCj_w)6@VpL?FR`Ho`Fopvxptm5C!PlDCb*8xHh?adY#;XD(AOpA93{L
zrU&$*px&M6i%mO2R5?oKisIVdt>aFIlX=!M|BJnalpp`)7H}4!1@39+kHd8|9*%nF
z$+q~m*x<vB<Ss)ttGMy9q+LHiMam!7vrLox#eIl@uxo{r$KA1*Cr#NblwhwI(FkYL
z*y5=4@U+VGVR(Y{jAzNP+{dZZN0BKUM)`KgQv1yG0N(gz7kz)f2>KfV!)B{sYC-4d
zX+<}sEz45v6M2E%>7>D@KU$ZPbk9~kuD_e!Ij5gU^l$vE>^Uh#VIe?Vz&u0u^(xy>
zk_eQ{DBvJjM%O99!gD91k8P&2=h843P)3(YA>g;v9A5xOfSn3g?+&ALH|jd;Aq?fc
zoCIt$TT4bWCFCmk$&i^;W%S^IO=7ID!ca?xr-q`3{t?vUJL(na-Nxy~rD7k&I9yXF
zcg<?8i(?+jx9aJ{PSvamBu1=eM*l=V{cZI383nU8Y}6_cEh*^pD|GP+&-jvg00zO3
zSQQeQ`;?gwdvSE|ttd3llN{R&uG6ukB%d83S54jeucDbc1k<3{!AIe>@B@z?fXJoT
zq9b*bckNrG2S09K3tL$A^6P+YhOU%?HDzw^gM2ln&WsZS?^-DFGW4_bi~@@Fz}{zK
zi?V1fA=p=FPELkAi4O22lxdt0Yl|tAkepYpOLzgE%<tT_kF8oEZRFSm#aB~?l-yg`
zjY>KzIOOKTB{Jrok)PB@;8+y56L?&;UHpVmD$t2|$=7k&M&{Y(F&P^uT=u2Z|C^1s
z5vj;eT+6_oa}RD@%hE*dPLO^MNsF>02By<;oS>q#W)S^tA3P}$L&ZtL?D<wWAtgSl
zJ!sfSF~TDxfwPnVJcjJW)R3d{PAmZ2F0Yp2aD9^b=}r4vHBNQ?QnFgsXMIXYpD9j5
zY@*L&=AH_Q5D(hQNQ4I!=F)c5r^2IK0B9CXu`<b;r!AUx@h|C6lBI-w=2u0AoYUw?
zXbBju{t1lsNr{#M1E?>EeWHWO37;PSJ*2g;&$IgJ-8UhloLNkVP7&oqAqGO%+;vh0
za`CwPgL@#KDS`Ooos3~_BHJ<*St9GlsUvQe-}qBwuU_%R>H&_9dv485JZ?6((j#q5
zvZiU<5QC&l0J?8^V*&)iZ!Oi1OgoLs9sQk!jcmgOO0I7Bj?4M8ce7?UkoS6Yz1!@P
zlCBM34zH27XA~{DwEg~vWqhsqG+F9ddktxxqIG6!-=zRuPJbD7=#7wzpr7<Y#KIQc
zf8t<`@Y}YMACn?RlF*>ok&zflv2NkfmG55Wb;S*KA^cV}pUiLsG%HHEvFzB8d!Spx
z?VEZ%WkulvOt<-sK!Uk+aEZ2<g@FCn6}r_<YarjQ1@saBs~eoM{k8xsp|W@do>5P%
z$edj?pfyvYPh77#cifG^8*~Cb-n&P<_}h(R0nTP$4v@(2U+gCD@Av8*yB>3v_N<wv
zf9Lmqxu9Lo{?`4U<;37CiG{bp7h^nhH94+20hfqVP&`b38-B@O46v@7rWNjblwLt9
zY(BzcmpCloJ-;k#vyk{M3$x|ev1eUL)zs+a!wOz2y>HRA2kSKUeEuoVw&k}(aiwNQ
zv^yw<;6Gy>3DuMmatQL=PnrsgXZ?cx<IaM~Bdb^a4yMm&nIy-b)7BqrAyznlm+ddD
zS>5*?psM7FlxlAhyfC@6QMGf)@kpx8R+Hs?rhQ0#5TnZ<;78QW@=`Qw#nxKz-g9Ac
zx_%wVmhD$y@SD(4EOs6~g2Z|ji#BDXTR_>Kbd&EwGWI4AW6w_XRM83m1QDF%>mN!h
z)IR616^D!I$l3!Dmpo%!%)@F%y}Bj+vIGzTL$1m`e-o+%wgVe$6bG$#?A^g-WZ3oE
znQqa=JRJC^ljPYW=X!c)N&`jtCfeqcNAItaL<+4%33au#Ku2|;@;pkvI{W=)k}0}g
zB`k1jU3n9^^at;(7lxU#+VR9qd19Y}s>_G94r|LM>8{U(^wXH4l=6M3+QZc^+77ys
zp1U{*Co`Hk3?5Z7rU9mP$d(&1-m=JwRLJYcQ?KOB;V0I;%}3r#mP|N;WXy`TMzVhN
z{dTK|V%w}W$a1myJKtaY>}_}$`}KamcKts{YZ0+Q99;LLM^<9t64ZBAKDG@D50H?o
zWU2mVH>zNv)LRvH%WG3*FA2@sQk-u2G91eNUs&2Fo_;vJd&i&RBJo{2c(UNS3F@l!
znKs1Rgxvy!26!LNNiFu=ZoRF&A^rAIVKz)UD#@|*z0Z8P$)=ouJX-6Z(MID~J~nk9
zPF#5;otS}`R!r6~YLDuqyz;}%S`+foG;Qj`Z2f=L2k$->DlK?^x<Bs~TXw64rC7mc
zr<$ctg+uLp#E+K9zbjIiVJkJS9}+x%)on(e`0Z{uC(p%Xt4u=D<>&IeyMjrD$eQa<
zZ}XBQeEOXz@9`|B@u0CC^_i_g`GoWCM`fv4VStY;_a<ntW=0feFJd0ReC9oFQQH5D
z+UyYQ{CK!b`4BL2jIxZ@KKTlqLe4a81A0Fy2=IHY;I-?(zanCcIcp-bGa$%X_7E$6
zzI6i=T(&wNGgNnKumorNgBcS|MtC-cI{yiM<40x86e4l^o4U0jWurQoyiJ;si?Gh>
zMyZ(vJhtFwsV?&hB_R?tAAi#MGvJT7S!<lWu4K)M>k^Z#wrZ`jsB}Q5Xb(MI&OFH+
zn7un}@ir18L$hZtshzuJ@d1esmRWeR_05fx(MM1u^6iumk37P7ZMw~1lLPnu3Zi@m
zn&Sl)(Aunx&qd9-1@pPsBlPG{8R$m{WTWfH++mugB(RE94)!OEzP}x=`DJeRs<m55
z$HRGu(MRkkz+QS0EMuJ<yZ}BVAxVnsdk;CsRHFK~ZO{MKum5~%U`RFR2y_&>RhSZ*
zmRSrOQ%K{5({$n&%VW}Me7~;uWZ!;ovQY+}6flT;XOiJjY?l7(dadlp{<9^(ejqh&
z5IKm;*!=_o%XZ<zN-|spEP_3jb)(7Nn{Al)>>2O(-1{hGb9&-!m+Z@z3CJs01~+(4
zfl42!z+H7ve*9sMKK0aOE^gYQa6zwf%6~U;|L!Vs9~pV8>}1%#G&wU5{~r9FqgXVE
zTU&N<(Y3<Qw}A5_$7=@iZC_m7{}wCc7jv2bk_y|V6#=IMrHI&OhiIPd^JbC|g=Wf7
ztDolH@>vk@OgNZx5ufny7D-4H^_CGpcQcRMY8H<eoA7x7o_-t&%qkb=hslA5g*Fu#
z@yNtZVC^_dN(b@8^KmNxj>x$&)m&aO6~F#84Ben#%V9~?TGz6Et1YgYhja#dZ>bI)
z%Pm?D#4KT1paNxP&*UloD}gm3vf%FqZy>a4M{_fV<V^ZF_VO=Y&|@0<qMy3hwx#wp
z!82ruK_Nl(BYvD!0*W$ah3|2b#R>%6P&cz`%DwO{*};DE2PO`M0)*WDy(Z4y%41dq
z3^tlK@$xlOejVR<!6lH9n=jI5kA?0O4-?D0T_gfGk5p}M$xm-%p30hLM=5L?7S<*h
z7e2#r-b!Xh+0Ds|NxWgVJ-9$OGE!T*zkkvO;-8sS%Q9kta@dK66NyC0iRXI+^6Caz
z@J;QIS*y-F$)982?yHP?j>JK-M}a-0r`<`U?aJ|_{7Pv{I>KeCT6wK%9&;gZe?X4?
zWV}T}q1x3&*0hxD43LC$6<ifUu3U2VQ=R<8eFKBx)9s;g1n4G4GukQNB*imDOr~@<
zZsQRxorw3mjAi#zo3{(rO-x8)NL_Myq^MzlFC~PoGZn#tqR2q+?B}^)@=LPQ1-z{3
z)5yiN+!LmqAL^qU2$!bl9g51oqDL;W6rh79P1|xo&dCB3a`>@}tWK}g6<WEF*cE0q
zr#@-A@-no;vJN{YIs7$RQYTD^RRof@@psj(UYbDrcV^8a%%OhVgtX4qYcX<p2p=vM
ztX0&-&3VE#3;J<%23)|PN9umrN!Y<tOM9S7pu*B_jQC5j5=cDvVOb0inX)iz!w8X*
zAB80%k0G0yucgMpfJdz0zxayHQWox2m@6Gah2qE#k~lqC1|YPA!lRZU4Uk<*9t2u9
zDm1CkTWw<|0Yp6PX+k6cW(mkorl+*1knJX$=`v)RfNWRPUWP`X8sm8=Dk`d~AVM~~
zA;^nM{TlDwb42S*OZoxrb@{B<2lfg*O1p-<fq<*3rlwIQ%pn6Y+0>6+34!sM(i|gi
zqUWAV@3VNh-tmou3X`^4CPxt63GQUoh&LCkFpeP^-ZA>%W;R7sG04mw7Sr`+=3uv2
zRg~=sv{NmqSnWxS`b@i;>l_HneN_k}Hyps%LKN{0ac797gavl6*e3&jC_66ZeL~=f
zPo7kC{a(1X2wBw5ze`p~wxgiJOK9}HrEQD!oT16rgwC#%n!e=`ZwlAsM@GO#_VB@}
zMYjwnVjijDupTkrrV0gzzFGU|e_=cJ;<7Y(Bf#m)ad7{3wMXtl;~n#yi>gVj9_(DY
z>-k52^g<VFPk6NoBje0NL5y=VJYM70&-hlxs?hu!?>9TI1Ps4~$(amB7D1@ZZ@6>Y
z9AB(o7ZeC}#<3Itzo&1)x`I>Ei8XCTbrajcPfT*_g*<Tlxxa5Er=6VnB=MQJ#@b$@
z7z_KnJuf(e+<bWpXQK2WiKf7Rf8qS_U0vNUzX-=w2XSaJ40KQAi<k=j$@qsWp^!h5
zi6lF)VR2i7{)5SO^$s))PW+()b~{AaplakclPU8pv|ZyWXHEoznRA5yy_}%@aG&<X
z1FJ_^E^x&t5S0M9E5a!NTxI}Q>u3xPeeks~<D}z(ZPWB3Tkqe98~rWk<ZOH*GB--I
zqdUTGOC^1CM$v6Ndoyg55kd@moBBDbzyOzhr^bVYdCgPI*ZNWde0XvrG?WZTp)vlc
z-!$-@4o@C@h$KEGp89Bxky;v@5K)6$+l^;l5Fk<jg%>*UwPrOcz$JGWts+rN2u0NT
z*K#N<bV$5b!jqfGWzCzk+1BAOsld{J6&|cq`V2#Hw5E6%XQM#X5M|XO12wIdk;qqJ
z2s?_4Gv=T=76{881}0FrlY_-|N2=+}EVr0k|2IO2AZTQf@dsV25*9Y_{f?<5Wj=sy
z`ed}WT-a0iLS|^TywM=`THTOwg|RB^sUSpQc7#6-s8=Q=zr>pd&LEuKm_}{-+kn^a
zEM<KH!OW_p`lMN4C*8Z#y?O;%<4{YSq+G21)G(w1l8lhCro*2v9lXjddsX{{Coa^-
z-j{-2XUF`$rQC%_Fdh{T1NTB0HP)L;Yc@;UxTWp_mtPel4<oeu=QqmjB$v5P+8{pn
zDsJqPGsnAK<3Ab#*#{C^e?9n%j^Ddc`&)uK!FhIH_g9<z;+OyIM-pst?##xHJ};M9
zR01CU&oxuQ3R-E>$NK&5`?`}9s9II@o^w`?$xm8!`NGl;WlJH!_m?Y;14klWZj1T;
z-YB0lAer}uI&1rm*M$nTow)mY-u&l$)(VB|lKCodX=j_LKA31`0%?L%C&uOKxvT~b
zaR=#UyqYJVCxSx09+tZskdns)SKGH?3V62$>fq72Bwo9!^E$2?0<0yPy;JyHf!JC9
zOAAk{b2u5(*cCF;y27V$-|D>vhDq4;mcb@rQgf=D38tMJ{`{<HniA>}4{k9KS+7?D
zPz5OplZC$mGPjhC&4QWNXkfeIQF8^dH>PT8%X0@7=g~MiIzu<a78vyIwRxmX+4iL8
z&=^0MsqWH}_uh%XCDUFoArrnH)AlCZ+(Lbay)5h|$8fWm6zUMQRNfwIS^y*>I~3m<
zHA0rqQ9y9qA}-*<&JZpA_9-J?XcXeeJkc40`T~B3xSp6y!NoSAoNi9(XFEGX6wyUn
zsZ%DF@RQM#VzX>(h5lDwB(%6z;Hc0|e=DX1iA;r-p+GQShL?a$NJd&iMA}9diLh{B
zpDa~WFpuq*OP#KqtW)9z9iBS<O7Vur8I=>VbM(Sd+SENsv*v=VVWWsR@pz^s`d9xE
zWq-<LY#?j#4wf0WY<ETCie*2&$btSY;BTXOo9FM+_#w&AM~^3)Y^;-FqkCw%>f~af
znZ{tn7zL08wbo2-D^KcaFa0x5YUb10D>RfdqsWI0E23bS&yDasr2wbw$WKaIb8_=u
z;;XEW!VJ-eOl!whP^oeTRV$`2ZmxCCs??z%Hq<Nz2_HBdvlTd+$yzh=o@O8q+4?$@
zU+~3kbZK1M_8rX@Z6kzX54c=x3s!dESD)V`^>0(M8lZuvxVF1b6hJw=0xIn4<F?TH
z!$=-!(nrCNaDMZq_bla~gr0zZ(|9u)^R=x(O8nScGGnT4CXf(ht1V?m^I`IZZkAKF
zJkPBlq1wRUmf$X=Fllp5rm;GJGCg#4?$c|66%Y9g-Z}!seW?C%!#q;Jj)Gk6;cEFn
zq<MtUgizfZ+c;pb8T!_$e@(?_c^iehpGRJ%Ex7;QMqx07&Sn@w`HSRsH-_%O_}?gX
zXh+Q=3Qk5#DfrxGpyiG`)1AqAwh05A2T!<(!2=B2Fz_N)C}eP+=G;YoWI;3x+j6Bw
zz)&Y@w>)dXH{L_%ddtJWl+YD-(XibD%Uo9rMje{8sq%`cS>=uDFz%$^S{&LOy?#j{
z|MbQh&Qk8j4B>$LM6&eoRE3SQC+;NH^`3jNeOTbd-lE*klWuZcI&&27SvQ9-PKw|#
z5kG``_Oqlun)*g`-bF98_x&|WwIVDCi2Cv|IjCQs^aqcK4LjZiY`0RHA%@F`C0b!#
z$ZhR)K5Fukr|l6V%$ilkmUFbLR*M`m<XmsA`m(BAi<0%Sj{>Ly15u*^Eak!?@;ubh
z=)HiNwPKRPApDIwA;$7|^qXMnwV$e!q-b5xX6x3!t;J>s2|@$!eqS%t&UKS+VqTFa
zU&w6pjHz6$*|s0}0+ECO7jWP19-H|rSFbA-*q}eNBmOJ2@*!g!t$X&Pix#K=ggs?$
z&RaXl@7de^fWN2&xe?2|#aKi^va540RigEr&s^3sIw;x6^+H>k6h73BEptK?w4nzn
zbwkJEx8tI9?^%pTS%N5NQ25uX<JgOHj0dI(KohpKDUQW4gQ^E7Xzg;krSs^^l1R_G
zarwHSi)TpIJ4=Rkgm+1DG;m~yM%gf2bT5zCw?>;|sIeNwQ&g1m=;rszm><A$(Dj+)
z5;5aowjh5qm1|Qh9`_iyoaRl#(+V6F^X{P%aWSYwpbt_4pWBN8Y1~(kH_XL=XZzP{
z7?;&aidgP{dMsCF>xVyWsE)%|)V<DwN5ugZ&?FJAydH37UW4CsW!f09owwMMn~VHA
zK#SjLq9E~50`8geXZg6e6iHQZ@+%V_VWVb8$&_|z`V^(uf|wOr=M5FQw|2Icx!mHF
zIra^0c3wah0|Tt$(L*i2?!PIX*RuPh&+#6&_jF`B*G%0!MyiHfsZz;_NHhmP1?*uQ
z0w;w#4wXfpO|q_A=EN>})I2P{WfqLKuVY#-6o{tFnkV4`x3h=Y0l)Exvpb4EX?+wT
z60|YN)ja9Ij6mak@+cQ3rbTh<TeM9ybd6+=(N#T1=eJsRVg7Umpw{s?sOrx5Ab0p~
z;rjE(Jd#U@p%@ru4@N=>{y1{MCt_m~Th=g=SBUYj^M^FJ$_qb7)(`T(og-YxQw|~R
zJ}!bW8}UW2@HvDK(bEFY9U1h-%j5GlSdv*eR-w_IqK4QpVa}U>h3{vDZSkPQHvM<u
z)QBb}8AVqcpU+Ic_+GKC8om#;IOy{=@p6mLyxBnVTi@L($~yn_iMC6J5a~WZpAV`}
zzPrvx87K`!A7GhluBuY9I1mDMWyXz0Ncsy}n}2<>=<$7JFQIyGrg&0}tCmSTX8QiK
zzR4Y_1nYgx0Y_RA)hP?sc!bVAAx1!batPBWD2(MBzR8)#yD4WH@afk+4)_171#l#1
zy~fgvE>B3Fw26rm0wAG8l;^d&Osux9{NtU-#NYov=JncYjQCvie+-L$?m3ta1S6Cj
zOh<U!RUwO<V4+m@4k^9w!!e1IrEN$F;A)yW$ZqJ(?4Tgq-n>050Tdj0%KSr7!xJR{
zW6vCnui|dNI;qh_;j)-=NWyu6b=kwEH?I@8!Y^)<N>LdhF7!+H&4mw_T~;&v>7#^<
zkF^U&WQ7WwXP+0cqxiJy%2BbFA%>!_yRL_NsI0@!ND5y+?Nxjc@%z!T|2Pc=&U>~M
z>M}kI(&_@55RzheiKllCII1FR<|`Q-cm5>N&8hrqC3l4Jb^lg|_hE2<CgT6~72;2d
zVoHP6mj~q9b`Bn=q+DS*J40D-hLKd?tqtb9uFj!Q%Eru-$E}dZ<5t4&I?;16yuYlN
z1+?n$Yw7CjVWguElkH}QD8vN!9RRy*`^P$y&piiNwkYkc^IkhQy6~gtvSOZR%U5>K
zmQatMlH1qLc5o1&3_0Y*$+gkUmrF6GIclUAQP-5)i5f;@s%}HAv4!==JzC=ry6=!<
z?;h$3?8IW56aLAxyc(m}EmU1u4Qe3yCHM@EDaI)PfvSe{;tm09PV0^#3!&(ut^`TH
zZkl{QLHLuv>JnU@Nfy7<cS6ZCgOI3VwnDiA2xn@3=Ll7(y%e^@C>^u?l4TmOz%c(g
zxD&GP!UpZ&vve~U81j4rz6g4IW1RyEOfa?s@0ET5(<4rNE(Ti84&of2I}f!UPJs!5
zH=3wJv}RfXwxkUgA=U=Duuvq$25yqM;4w-DW&4ipF7u0x<p?Q|JgLZhxm^%xie@~+
ziHGBoH}ms?zC7oyeeBisVha47KGZ@~hmvAhoaYNA8y=f|OABbZqrJXz;rAL9t(}#f
zshK}_)iWt>;Lr-)ium4D#YZ8mco_9P<nv#i*@c4C%EL1;CQHv_H}Z8zpN8tRMb2d*
zA27!TOOnk)R~6t&uzhN187G%jO^gu?l~B?|q1e$SV>~TKjVP4~_e;PaF^Csye6&5D
zchY&WqT}`O{1VrjVPXuij)=zO!}$$~6eV6Q42~QnjSzw!NrWx%&S+(_l+Nu;ovcE5
zwBn?@v={~xYt>}XZiRboE&ANe(E4t#iKl99T*w{&JC=ZHlHAOcEU%6fJtn%%7_~V*
zEUo}8ZTP&a2QcDZ7+UmV$vnB$MQUp;pd&s{G`Ne%p{O(!?5F{<7|CJ9!eA{qgVy^s
zLCq6f4TuumNA~V@tfyVtLDA#y2V9=P%w*zf9~@xGxuBn!htA$r=20|!yu^?T{fe9Z
zsJuDPGP@8KCi-Ust#f;_Z9Dn3kS@|ie``fuw}!iW2h`E!F?yH80!^WNFHZx1k?XN=
zL5?ek{nxW%Y1@Spt&do|`)`<Epz>Y4Jk&ZBV?rxqu??L#@))?r4KqVwbo`&G{9d|U
ze`<f`)@xT1-zn4o{d+O;w!o#kRZ|~!xjfi{8SY&yc{X~+>ze6Qf&G4GZtM3lFnz-H
z^rWD-w856G@Ac6mFeN|?;P&DU6a#K(h`~_ZQ2=>kO>LeC`vD7qFt-ZY9YJ3wwh!E2
zxxZ0b3v3~D)Bb>|IM(B<J?;JXYL%7v6sT&4N)umpD(ZWjx>Y!$B7B<1hNIvB)9bss
z+;*WUMg-S(V*QJyn?<yucm|~>YCB)QaM^92RUzTEGRH{W9qc31|BtTk4yW?}|4&vZ
zBV<#uWs_A7viBB}oe>$42*)aA@6jS7JDZXm`(%V<MIpz^h+}nd#_x6Wet*87@AtZX
z*ZoJS>s*&}zwZ0_dOjcPwf~|aJx~*ANq^lrG=DvpetQ|Q$8(*)mMAZE&-#PHgQ*~c
zfgBlAlvi6<2s|GDUdA|Ab~i-IReu6kd8_wG&5Gje&Ov~lIR2u=D$H$$(^s)^!mh!w
za*)EOZZo(k10S#eFn`YbfwR0CH80wQ;$>?c=zGfl*2&<SWbobvgvK5*n&@vFM__3L
z#M}RR1AE_rEWtd-K&SA>*pNj|>fY2gYzBXm09~im=foP+4zMDa@^Q{2m<h3YXq2_i
z_+6l2;PUy*(T3=O^}x1aO}~J?)9lsrbgfS|FdLU~1f*;IwlbFs5jGG68t}l4-B%8O
zhfr0kwimfU@R%XJaKGb#3AK5l$3SG{&@+PtXtCJfH?GDbHVp_-JDblZi(5<Awx#5#
zNJS@#zZxzeLms8Nm@Sr8YiQIk!YHM(NGGR4rz)}$EAB3ixx)L#v8Qe~epY&%n;j9w
zU%_ZOC%ZO=zDsqhfM|Nltp`aeiA*xA7V5~DLTqA=yS|ubq5DUc$X9g25;eI)@S%7^
z%AYSz1Uj>yis4tlrq!RjxH;1S1HkS-m!H6<FX7wa#DA_VhWEv&Tp%0#?+Zu>)zkvE
z5C7!CTk9}!JDXFnxzjtNxw~@<*PC`rPwQPBZ^XZB(R`3&GvOq0z2aHu_&vT~<i&%r
zL2;Q~cR>BAIV-&X)irY`x?Vvgw5V>DXw-ply~QCf%i5^n^$|)cDZ$wIZ||Rnh7GWQ
zmw(%Pu@Thp+ovkwL+HO#k5pd52cNO7mB_wk5x!>~kdz4bh9QvrR7C=_Y*^PrXguh*
zvu=DegSR?fWN4w4X?{@QWA>{4=h{fZ<vvoty90gB|GtQ9!sT5I6ldvoh5|3Zees{_
ze10Wgv5>Kmhvf?03cSs?{(%(!ZgTUEkMMz_hKB3inU`YZ&bX(&rmkH-y2-oW{*tNL
zUM<S05|yXC%`HIk>%xnd!^^Zm^gN7-3I(~AxGRk=`tMf7L`E%a>w7HkH1;`LSRxSp
zm>o3RUvJn(LdzGqKMVKgmu$v=7NB;FwNf9g9b9ic)^S=9ekkq(y#GI!rHK#C(SNTE
z_<Qo{X*=b}cxEYq;6S8Z0xbT2UkDQ#AEjV!Z1+JRScwurr}1CyeAx9&cV}Bk@`mP{
z<4FN~tMT*)A#vV?ifrB@_O)TBl&j*#KeN4zWIQ@@a)g8V_QU!%e)`;Zrm1q)N2<;7
zlU&6-%@vt{?N<Nh$Hlk6>K8B-ap<0;B%(T-2Sdh(8{0sP>IpW<q3x{L$lyy!qhiAW
z5TD@ugq!<Ech5d@Uv@7Fyh&N;V&`_uG#)7j6x2*S1&-t=jJJR<+u=?B3if}f?_74c
zA5h_{k<D&dRk6c~MTDNDfAR-?6lk4HfG%zcNNl}RA5+YGzl0;Zlq}Z!f6gBn30_rb
zuU-B7C#Q(DVvL=n=$6+|C5G<1ht-?5F8n|?0y8%$*CJ#gia4F1Gg~r&dQF(J2@hqo
zM}{~rW7etEOFHi^{axGh=6MxKlv)089W!7uJsw)>o#cHiX&i@@I#t451l_=}F><GG
zd<xGB3NloNrwP>rQV?Qoc9iR1={rfVz~1mbC2#FZmZHgUI>GuN5vH8-A0ZI*7hN_>
z1@H$wMuqtq^NSWB9$xu%Aja)+WGBc_NPH|@6(@))ol>mF>iLl`&nn)a60fmK7kZ|C
zY1I&Y84*JfW-w>kzF@;$_B#Jb%P)~^U~{(~7ui=#<Lj<x`KaFXkzyJ>J5ZxjrT50K
zad3#c4!8(VPU4>`dn`VGBlbC4_(3;(=0OiQD2Y<b`I|!PdFivC?b$dF%=FxOURg!|
zNiX`5`s-Nix6lD}e#Ecba5fuUdXFJmXo~`!e7u&f^RB9{sLgrrWLk)n{tgIi{qCoo
z=$Lpm!O7DeTNOikcg)^8|MS(=?<(`HgL^fI`3Q*`AL2WAU=U%sgegE((If5T!8i__
z0K3K3uNhPQo3n)t@0Qp4o7QF9pj~ZV*Z!Q7_UuNuX?wD^TVO54zMOh5RHM=4dH+kP
zf1~@Y83j)MX~Fk<&r9`|nS;!Qe^po=+zFx14jfeYtQpjt0Tg_)gkQECpQ9I(g1Z2x
z*7StE{8J5%h}RQNwWM`DrzM5C6B9Lhv60)$O>b4Op%gr;{O?s8&DV(lA^SG@U%@`P
zbOcUprL&$6U=HW5jd)BE1cqye3*P8k4;QARi_w9zXn}iAaWn@miEySbDjX^{{b}ex
z4@00-HtbV#qy}vs;VRz1D!Il!{;g{Nksy8n`^eSp65sw>SqKYkBjWVB-rdhJBtYM)
zO}>>aR~PLsK!fo0fAB>;jv@892&t2IFM%TDcra3ES=!xGB)|QYBBuSBqCaocBC}QL
zd3o|R#@IlA7|S)UpXP8Zd-Zkd&F1~-LCx2|9nnq(%4hDLp`Dbj*jqfg9m6M^p>aev
zXM5Qse%Cl+!@C{U!_{T&^%A0owO_Y6U=6b_f1(4<4FIJ;s%dw^i{QMPv-=2V9u9);
z#7E4FM7XL}8+{@nmRfBTQmrPxX2fm0gllhh-~&;vU(tF(-wB>Oq;8H7E;HG-V>e10
zn&6A*nSBZ0JbO+gT4qi*j&MppM9yGoZSMYdo7HqK!(uiW$<f)<Zi(@Obn?wYx+qDx
zB8U~^vk?7wP0>j6;LVK0lSYi|-NcF9Ykh?t<7i!)Aj`+tTOt;Ja>k}mJMtKrU$!Ix
zafShwuxm=aPT&<bnGu0QMQM&`3YJazoSQ?WF6F}G4~?+=#{gae#mS#+u^p49BZUTO
zt=3dWTw|H3oL?^Oc!1wq?DjU@^IAe~q$5BE&Y8Ot3MOMSziY+yg&f)CKmHeLQlT;8
znmoQo(`fQwvqS`s^^e;qG4MUFv{_(zqB4Iqv3s6gSyE0IeKD6qz4UF(#*eP^W=+zS
z2S%&Ajy|gu*-4B?YydI1vgl!mvq(Q|C%62Qmn(XXetHM-<O*>E(o#t%{St;gv&G!@
zvP4+O1?Rw$bi?K2H?@#^k<8EG*wfO0s{ulSi#K)J%#=YJG{GCkxTQG>Eh+fzRr0Pu
zPqTV}RYt*`#dUZpPwe?g0^j|A^v1&}pkA>IYy7W@Mb++i`VM#ZKIw>Db~hye0*@6+
z7s=K2*x}!U@h^5ZZ`L4A@r*p;{KpL-pJF)g+t1};PnRD2mi_Wic`dZaR7H%bUJo1b
zeI_vg(Z|9W8|Rm&omp0unO2_6K09AgA)F9>WmJ`P+=4OFB<D>;k7nysS^eAEq<xG>
zp{U=j<3b#(r{c*Y&!E=NB@@4LvC`=u4f0*=rD$H~$H#(H)MhL_4=bsxxQJl8D~bR-
z0s2}OtWpzk2vu@ls>!D>oe8pwy_k=yjF=Uua6xw?rN=Zk5j^14V50BGTXt)c3|))P
z_iZGogNd!4@Fi$U$*r0o!lCkEa%KrG56xt^Y7AcsDAYdF9lIiNR*p2_jC8kDkz~_+
z)rLnkSj&OzrZe<Mm+v}~HqIA!_Vs*_QGGi`=l9*>*e6gcK}ppht(3u>gmu3CpzZ!A
zd--n%ztQRr-|S#tlIz6@j0f%73^mvY+B`Lz$8-5adR9HJG_|S<t<A;ve%$lK-4J@l
zJx<7v-r&-&uRq6px#(#}Av@IA0(d>Qk)i>t|0z;Qdm>??8Aynvw~(AmA%3Jx|17mC
zGT$HpmH-2)``Ke<8kdWfZ%>5o;w0hpC1v1ab3P*xgR)B`uz+eEZgQphD{#Sx%|C8U
zDcLtUb|-AWd99+W|42Zcu8T09U5@T{m<z567F%%3W2N7*IgW5`g7HXbIPm*3P_Y1n
z-Cn~Yyl;60p(itTd(K!U16gFh`@#L1@a5`yZ@r-QT5Q2x3!NQVmr0$+kDqOu9rcYU
ze6PBdl)F&oFNOO8r#;(mH^y@Q>>8Jm@*!fC0)0lNe$P82GlVLc!~<<m11BA1xZ~kA
zJ~=uvc+xxV7gydWG=@A*&Uz!QllTi1?w+L^-imEzz)TRU`H=5OT3QN!N`%rX9lATI
z_bMe#)yVW5k4*h3N%;s6DO;p+Nip5rCp{~3eG*^4qSCxIvfs2F4+=%hs5&KChx2O!
z8f$5%_*A%1vYiK*ZtQw#DU|44q#H-^ghm{E5E1y~f}=3LIhfjCSKYLWDzDJS(>OK#
zm4hj>z(VY@M(~eV`1+e?I8e_u^wz81*`Uj#PCq#O*J428a=n#jwEO1s70q)`AHBUx
z|5NjKT>w=D@_EY;kv}(|5nGa&<eq!G8t)xGeZqpoNbf&}HlQX_hn8O)Fghj4y%;H#
z^X(>U;>Qwv2&nRgq{$E}C42LRg9eg|l>VsRK0oreo&r8w>B8>?upcKS!ZNdo7gg#M
zy2hHrSCu1GCI3Kj?r-4ZLmOj+(JuUn^Wf1hVNdfJyI4E_J4~zTh)q>nYnr#E*GkP~
zJ-^eXp#yMAl*yHqn7>F1EYKKz@O0NDDiCKYC%?VB#TVg!-+ZKj-E}6b$F;5%Kltb?
zuabi8kDu?+V~>T>2R&xlTb$7pKrRJYoU8~&jH(i;wC1qY5g>>m-{)$vKcZs!>VP#i
zC%Kdkb(R2KA!u#`gU3{@TWqYzI($#t5&XuoIql%L1}-jX#%jiW7~9cBzez$P<bpwy
zmyjONpH-H_8?{iXxIwqY2PnB?c8jGJF5;>=kaqQq1juY~Ph0t!Y3Oumt}&Inl^G3J
zbv-Z}tk*j*2=8Zz@x<P_?%55KT5=G^Cv=uO@mj1;V5rObublH?APQRAG9ni!Ow;T%
ze}_yT^APAq)SgG&+T|b)tE`9%3GLLHs7rkqHv_RA2nNMIoeWv9J16Z`Z5WP`JNe%*
zr-vL}?h<~ynP|&c-6*)JXFTla{WRudQp3tmsBpOwvJOq2*Pf<2B0yU-q%U?MP+g74
zOCe7n8DYGUDJOk@11?TYqw`d)zF15AU2i9P^TJRvXFlcRXV8it`xQpBO6esd?n3+t
z`6>Jo)RD9sRYg5JyqyHjIIE+-BCVzK!|?rZ7V+X%8QbNb9L5dl+;Ja5ob3P1^Vax+
ziJ<{Y8BWs@R3@1@uf@`bHyUpr4!Lhjer7uOy2wr~#cJJIrn0^yKZ$!GR~;!bEXhwH
zkBOexgvF$06%Ud^TA2zs^tyTiHn5O&ujfvY`qGM2$^|8=1)U8m(RhS%fwVw(2P-_1
z8>(3+-R3`DH6$0M0#Cfbd#z;WWAobP>U{-#Zr_{5M^ZVjuQHO07HR;C!#bSbxXeH#
zz2-m9@fX5+)#T<hrGVO0Y{>Vj-by|-vd7;S?eRcPJ29)Sa|8w=(>py_F!lAM{D`${
zWDSs)$lZTIn=3|N9pm`ggExH_IU$nX%zA5VCo25rr@ZS^LY0S@Hm<4zWWj@tV+9w_
z>HL#Dxk$P&NBiTYexh1s1rL=z9T`5)Ho#smytzOm=m}4|;8?i81|XxVGRb&YoKTTP
zMz8i4hoiek!ltoF_@Q>=w0{Q<N<&5);{-uQG8)uo*Grzq=)jQ<%tx+uaMUQFpiB=^
zofon~O7nWcxvm9F)H0m&{f-@ILfnMI6m+i98h^Dh@Gq-za6UB8IQ4V<Lh8frR5v2z
z=auyyqQ`Y(H@K!^;dB=3cO40Sqxn}=SV$?qjL-?r7pY9rQ<M4oy!u8uqWu0dItS?$
zGa1JXy9WF-y{-4L><Qf^ogPI{lX>D2@lf?pUp>m_jC)>>=e4y~1KoDgQ&VVxFR~<`
z8*JHgA(=SObZp}DK7^Sotiu_88VNWO;uJ<O)6fN;O|c-xjzoVY-*CZ`?(^q)%9Gbr
zT|$0{09-+6{z)?A?5PXo30+p&NUpnBiKcljR&Fc*!l}Ie#|6Wcxt8zxwOhtEG(1-Z
z$DNfF&9P)$KPc@v`SxYcId$W=i}YQ!1Xsp3NhsbryuX<&Yw@oCoDZ+&yLAV`;=S~B
zwJg_BQ}Id}C2%x*&^XG6mUp+eOh=$EvL4BFT@Su(@{4>YH@fTC3ng51io^Yg*nN0`
zr0IPvuIRfosKGkL+?Vdm>$Q{L93ChSml8{WQQ5{LHV8)2z?&!mdGdhCX@&S`Rx%Yb
zmrjGyB$Bs+A^zlr<O<J$Fkw)roAn{%*AloX2Y+wX*!j?h3U=S@+ne;^!JV}*IvY99
zgLGmBQoJRR{?*v{-fwrhZh>LR{W|}?m}QW;Y8zh}a*l5t=X7n~l$vKPmTBAs-k`V4
zZrb$b0qtFX>9CNW{A+6twLehB=cRGIRts!Ed6*>BaadgCSP5QA`-^UPFR*U$h_WkY
z=iIT{48ZZ^8}+XZA}Ik5N@$1>(vE?tAO!Nc(DPqnhu;TWhbGdF1O5Q}6a9BpGYb=o
z8cKvI;<1mAv+{)7jr05q6%MyvQ?#zOrxG>urFV?>*uEFi+D~qJBg=0&D!f!m<JoP;
zzdr%!huRUkM~f+_YD?8n4y{$4EP-Via)HMU>WK4wGD`e=Z#ece$`yvmt<eKfq4nPe
z%0G=YTd7-e!hRDwW&^}Xhib7%CtgjEbatD3-^gehOn_MrjL8b87+wb%#XuhzF<ZOC
zXsf-L$Idj4;C}MdRPYXt*zYDmr!bzNOop;U!6DNjispOtOCzo%AkPkGJ;T23jHS?V
zZYejUpZ7BPjA1i_42D#<k~=PjRTDB;3#xeXuB^kuHBWj>$ndR6l&qRkn}cbSm|=3b
z-SD>IUG3pp^+kbNoEJ7jr$#Bo6Ar(OpTjBwc|x+@f*kvNNsFHUi|>_&qiz#D7TEhb
z?m1;K$u#o`5kW@|-FU5g-D0w_9Z9g((#!&hb~BE&>pPOVZ2Y!4n3BrvyLUc5cT8x}
z5J~7%N-=LMMUq$Q!E2Has#18MZHB>REXSl^9KjQ{k#x31%Q(JtBw@_U#Om1u4;w~v
zGJ>gBw-EttK<QLk=c9RwA}QYbypz14;`p50rDW9XRakj!un0Wkd_L2PK&-j-D!02k
zXvdv!#8z!!#2hO#q8&#Vy~?{W2BfErFn0sM(#AxpkJQGBo?CS@(H4ima38%f-X6Q|
zR-;&8<Ag3)0(cF~%v`|DVnXlPZbBGc#U#Hp(|O(acfwD;Y$;r@Slrp5Bf2^+__rf=
zH}px3BjW0p{M%;@Ua{=dFcLJpx)EmG#F(z<gdbsC%V+x<ke<a>iL9hNWukE@#ps-_
zHwVND%SG-SFtMNv@~VHpH{$|huA7APrr{&X27#|;IeE}7OyemKU$G&ErXeNfI#(f%
zKPA6=$Jdyn$8LcZfBA)Ue8*jAus^x1j90W!h6Whv@cdT>iqN3wj`afH0yNJ@x#Ai1
zSqU~S1h$20!nr2`!_O)lKm!uv9HU{pH3d218nZA|%d;{yRZVW<DuY$8|1>W3p$qIe
z7I~}R+SA(WxXJxe3TMD;G}j%)ntMMgc*-$k)53H0TvcL*rQKI%CmB()=NA+dzj<uG
z%tfAAv2p(~YJn=K7}%2ytxcP%qWlh{xw9SZyH#8;UVhF$VOf<U$uKqt0#kGMX#69f
z?@AJJHR6HYKGy@2rFw5ocXMCks_90HoGXwho%YZJQz#jaW~wd)oz}4f$}H*MhJ(}=
zqCmm-{H}I_=V`%!-S5M|mzUH|6p1k2>r*vX>AC@W$Hf8vIWu2{dlvfG_5jDkAt>^-
z^XMFw=#h%>l5;q0`LooQ54c|fzzMjXxd$|_j~S129Z^2_x@p8nIh=J@Ur<No<X;ti
zxMha4lnL3L9`#+5XFIe0#<of{!u~3C;_Tx{HUZlOaaL(zf!|>Jm1Je9dg&vGcfFd^
zgC&>bN%$;0oeJ-_`^8mzj{101I!^GAej{C!AmZ};PB$=Q2-lE$y+y;^PWdszBN;zm
z;CX_UWh{#BJlT(sa1$CM7@tUeV-LEji-w1a8j_Tp)a_TaQ+U~U)!8ij=hah?18}5?
z`;HHmNcxmKJN%SzvdEuhH2EL`>^iC?3bFF1F7a=_Az2ijBa+{c59i--PX%XZ9&B4h
z<`J_vJY=9h(i-0D;f9apNCs#ObX#CwOjIQ@_E&vwHSaPu<5lFR%ZZ5U%RD08Vs5*h
z+_oMNUb%*;h#`c$utEuc8K^-`7(X05zyGDNA^Kbfgyo5!{(dqdyt#7o*wpyn_+@w2
z4|=x$xZ)FG63;bk+vc93yf-ke36lRLdawipVt?+?yoQ%%Mm$M-Q1>!t7aO%q=%P(T
zJi`C_`vN`(I>%ofZ#elENWaNAP>Yx*Nk$Czm&H6+v*@eD=nfON(~w1w6@Q5ZwM!VE
z(oo}fu=xGC?juF_nWIm>w^|+y$X*${0Z(4HxqZX7p-sV@PL*OivF_#1Bn~@9<nCjt
zV+g?HUK#C;D^Q@riOH&qPW}3PVL=l7R6PL0K?RA6XHY4{N1~fXABQPav_@ak$eQao
z>2#CRTF+;Q)_^j79KLbHWt89~PF$4&>@{bc2>obpB%wS}AhrW<8Ie}YX_O&PSUBJs
zc8V8ie+<nKfU;HQ!r=LrXKNhcPlfVmxYwL4Kjlg7kuZt)+<UE%PaE^+vrpjFcT$?T
zIj8DRj08!&b<<z9)WqS3{mMZPGJ^tAZ{sfOGCI5ub}O$mt#>>9JJr%7&vIsH5-tC=
z>S~1<XWMaS484{z<$Gepq>V7?rAEXkMGx29<4i4}V_}9APf!osF8JlI4AdBri7E4M
z(RyC=_ra>v(;8!b0n@4BXwEz-*p0Ik@-fyRyMk>Wafu01KjnSXf8h=l9}V88f+r&n
zcvk;7V<UDpzjTG|nUvbPJJ)l;Qsk+p*zeRC*!qjz9Zg92!#+o^Y<@PeIwrPQFXve$
z=7S?#zv5P-w4xDi#HuuRIwW)O2vw(mTn^XA)u8Ia7d_(;z9@Pz3TdbSUvF&{`^FU_
z%*jokviaFt?q5~KZ{m=)+mraGXS?zJZEs)K9}ljqQJ~w1c$0c2($rn+O!dP;r6Pp=
zaX~#7bn!hvYdlniPD@MRMR&DA-LVvYMj8z8)A|D9iG-(T6X6L7Fjlznwb*#0T%l_9
zU%yfgyN-=kP*cfvIE=B8>)7FPzjU2IoC9|0>e9KQqcj5GOZ3*oE}o8lA)TjfpkT;&
zdTIJ#gC)#-l(>!>SC%sKGL|udSK<Q=rQY+aQlQDaO<$fVW`3PWUwR}{hdsspmGm`H
zcjuItko_+vj^7R+ga~msJHIig$dwW;vSqQOzSzIou<BxyG-S?S$R;>I4-2{q8fEpw
zE;`6ky?w*@y$L<08ZUBavP8P8r7rZ*eB+$ETJYH2x4n85v9aTbLe13A`!NG5ev|kq
zyei*CCNr*d>S?Z#%cUveG64dmowv5*_QV8;6ejWEjAfq~@AE`0?7v({Ti`e$o%^Cj
z$&ATGA3~g%@%mG_4xm$r!zw$)-tge|5)gB7%yA`H)=S_|3p2x2*zGkFV5W9vVaczx
zemVfrofq~MnVF*lR$tD6fD+wB$Pr!(@4G+SvibWMskY**!0S+QX8W7{9{lYaX0dmZ
zLr?tANy)HypB?Co#U*s!bz0o+PqyhBb>G*ENli2(eL~qXCwbYd0a-E4#pU&oOToWy
z+xlZ-F5{{z2TenI#RNd?$&(n6U0BTzZ7K&Hb~@Sz6_8pQ*roL4YjAIB+Xx;3Y)82y
zWw}<G&<CJS#W~l*^D~ni6z(FdYsTP+z4U`90s6iv!Kq|p`%KcbwZk9YYUM1IJR}~K
z#Gm>gbRFtBE`kn3J%JUj;|gVJu)!^dq9|)~fP4%}Ex7!q0Y@`@smA~MG(k&;Cu($P
z)jLnGH`t4S`m+s_BfNVSn%exX-*8Fo)HAZmFj={8TmwzARy|_kh`bbI&+ep-0T&f9
zsOTNUy|&=n|KP|~6q1&J1Gyl-kdmhiC&iTQLdMHc6BpiVL^T?GLDv<aQQxe7xqZKG
za!gxT;qyc*;L0TI;|TX}YE&VUz>j|3jRnr*=Rs?hfBj^DvX1Mb9s8Jfsez#4!Qh;s
zGYYn2!=qVs8wk}+LfLg?K(BtXi9ePoJ}<CBnY!;W6ypN@FDMm>up-%4{v}_*D8&x{
zSb&xtMBEh)yO(4FH;G95`@<wgGjiAfU%|q^$%3)aj--1VBU3XpKso)Z>)hEMKsadx
z?(R=UZ(!uVzFxd`snWp6?)Q3NIDOSX2OAk9IPpBpA^}w(Pdr#ra^xKN+3as6+A3~v
zS2+eI7CsKXBNIFuWQIWHe3*EYyb)HN(1_@wg>+U6#3;j35~0sZ)Ux=uQ~=wVcYwrJ
zFYg`A#;VETPZiB!s487Nkiid**+I}>1Yp0T1BYNf9WnbU{Lu8lc$wk04~QQCqsV3-
zMhdWLR7})@j^>>fzjGP*A0NJ#yYeFvX1N|H^*%~ca^dre=Xa4-_GC(7$L$lv@AFZ+
zpuLd+%Pe+MF}iBYTleEam1tu=zZecL8R~PQxwBZ74CLhXMm7OoS?zK>UWcx=P8LPp
zhaTXV<lK`wSE{>aCm1cQ&<Jx%@P2MEJ$sr5V<GeSNpd7t57)&gwB`J*Z8bl#!Jb@h
z_1HM5zp9RcScQ5fjQ2@v)lLe@S@UQgb8-;UT{G$ha{YTb2>KwzN9y-Q(RPqVG%q+@
zSVF_X(0fi&tB?okI>86l;lX%DA#}t#+z-zoyw5}_$%r-cB)0s`AHTX>V8PUXSo2P|
zC-O;j`AyJTx|orX%{}*bzg5jh04@V>IKU<CIE1rosau|VH@VumRe7va{FZctzf4`J
zwVu6LGkx3t2$#o;bhQ<_TR4rPx;W9uUNoC{4xo01jVFm27b(nQaRs-n2$7N?D(57`
z$JqDfF=E%`S@iD^2`XwLj8?p}DDTnY@gs?7Xz_#^M(1n)n4tCYhG}5?dxfZ^JiTtC
zXw%n(ZLA%a=J8zIi29cbE<PeH($SBM;&-#a&1jm73b`q{rGJ=uZG*mC`)x!u;u$VS
z0*-F4@qK6x<h-P;XkH@!=-}&r4yry~|86PaIiUF<aj4a(iz8$!=>Qj8Hnc{fPOMM|
z=wK`20P6!zu4w6h@Qt<EdWl9@ZBZ>%Bcg+?gY`rgm`aZF4yNxmtRbj4&VeWl!UWz`
zN3DOz058z`NO%^?RsskH!4FFl+y?z{n9XP@DH?YdiO^<1f^21|nbhT)B;5P0eKgBM
zcHCY{{6hwN{tp?fO!`c{)B5c%($?VYxd}X>B+Xm9q}gLTA^$&YFd2FAP<+sl$g?ki
zgy@#^?4I4s5HuScKd^GV1JS`ZUi|jr9i6+rMkGfz@`G2|TXFt*Krks!ojZpe1uL0z
z^|_=Fp|{ehgI81o`%LcjZbA77G{+26gh4%?G&#SLNCYai2{04Rctjq3JnV5U#j6Cw
zHw{3!NI}pB)Mk*glCdWuoPX%`oFARD%FP)lG3)gKZ!3sgiX9KvJ7Jx~{=)<(A{6k4
zFHltwY1S1RdPpxabXr@1V<4lr#@wpe-D;o`Qzv5h{hkjikj2;YTurbS#+PR;k+c9h
zIO_$`#U#_;p5NYw1Y9#{ObRu9CKDtkPd3yHGk0|DYb*UBdw9nyv^G0UvTWfPom)&&
zXg`bz9tDtc@e}rMJslbycc$<r3g^|uGu-=hSI?o6`gllgYI8zWw)ZjgVwR8`*^Q>;
zMM33NGW9<(J@sJF87}t&_%UdvOqfO=f<UmmXsy#*SAMAJw@X*0S|lQdn=Xp1*pH?`
zl{cAdAt*}Z^X2BQXL^nVr$<|0E16-je)<g8EM#Y=lw}=Gjv?x9pWR>i^%u28wA7Zv
ztDa(1<;nia_WsvM83l=;)%fg>D|wUGfX}iYq~3g~6=BO-`mD(balz62J7dAjTBx1q
zYlUkc3XZgwATBs$zbo;D@570P*#}D7;1#90Do!v~Jv@K;Lp9czV7#|d0B^(#?uJ`5
z;5Tg4wG5|V(_CBRC0{4_TIzAUbjq1mZIziJ5TrT+qCwD>vyRO0ScZSwQKE}-co)LQ
zE`a?AY@Z73gYHDzIsXdu5IU<T#tq4$m0OsKqVZ}D=Yz5oPhW+C4ze@?`(B>8Kg)$P
zgcy@27dlu|>(IG_#OHXbg2dmq5xaW9jpA>x8m-sG6mzn?D)6w)DDvfaX=1VNeUl!P
zrq>)L1z4j^<{LKHIvJ#J9%ED9|M0;TH~*o7Kfis*^k#Q#Rf`u3o@4m-N1#;!x(3cX
zd`wxP(D+xA7p2BIcX7hj(C*3#*K#!ik93JNJ+P#_Z4k%5YfRsDqt3Ae;3}cM_H>H_
zL6)=|<T$a-+n-Ru_L4s(|G!l5;EEhR)$J=fYgIRy^9x!z36lEOow7l%)qFUMV6-o}
zr<NM!qJ@qQCNANhzjzlwdEcd}f>yidMuF7}$o4WTF;;y|@Aho8SIN2Dx|q&1OAmMs
z5mwC@S4jtDo>5|)+zCzBf)bQ^l7?cxb9gL&3km^21>~i9Plf#)|1TxnX7LXt?0QTH
z>m!K$RDvMnDsHt_Nb`%%6oE&Zfw!8VzXZ`CU=i~!bHKwT^Ae!-`kxe^$VHL?wb%`+
zLSJz}FCz;<9v+l22UO+P2{yY?&fLdC5|QZMYu)Y_rJBjeTLufJ58p4+$yAfX;?kW8
z70Cr#)nD%U#P&WsArdHT&{ZIKE#!sh4UU!5KYc=YZ(3QhQdpHdrmUzGx>6*0gE%26
zq`}->--T-fJ*H*5@cy_%V$6x0)bbN}nhEn@{;Fb)1nAxb&>T%*Zk*BmOnDrL*E7q=
zuO&@+&)(W3a;S$;Lm+yde5IBLYpw|4<z2M<gf|)`+Ux|aP!B@+6yu5(H0wb*ae7;Y
zhDcD8r;a(JkMlf{uAHi0<)#UIBGBygcxRUZn&}-u2O(AUS&Kfa%*rGDLdlIh72~pu
z4~%dx%U5IVrBY5a+<NOt70(zaV{@sg*p|m>b1XEA*cR)11c*!YJF82I(7jznmkcY9
z-l58Gk`_&(;*8$HZZ>R19*6;Ix64e3w6N@&_R}e{%l+?n$ktqiUwVYTS|jbx5$(=|
z83U0HSml()2uCduM}WWyCyL{VFNdG^qK~CQ&8}ASdO?%%h~I*%-R*c7#k+7R2!;L~
z#`9>BK+C%hH&PSeN~T8{#>R|37I4IpT7!==f{%jC#s{7Q;6az7vk2SYdyM8!xXa4G
za^Y<PB2~oM;X0uxx5vPm8P14{NCTg9!3Hq>0`GBFB_^)A!O&5<?9QDFOQu5Kex_Pl
zu9s^yx6r2*54OePqMW2G)~jxY<#=2juu*V8Fh}7T+wVUQzp@tPZd;~Wn(`#7;XdOT
z;rgjeG%|0;(bKG)pjY$?a0}hHML5rEGP*wTRK@qf?B#asGA#P-rrT5I1%)cM&ks50
zK5<=TGcRg890F9ZWphKHUdGuqyWf;4H%KJ$(1yik;|OS#7iS8J6iIKa24u3rr6rxf
zS7vB5>Hu>h6&C2RL9kqIVK^kwUWcF2(`I#(GQA;vvjYr}FRmHO-_WknYvBE_Y&nof
z=Z*3PiFAQuIV1V`pf<*9PcflCb0mSb>yuPHtqppjDeJ4HL48`Ay{w*2K%D5jc=$(5
zlD<k_a`K#(#0bg)>qMi!E~X%G)zJ|i@H5tqqna);>^X(4z>D6H%aUto(kG%lsRa?N
z@=7XAqDCwf7Oa8QoHl4BawAdNw^ups3Rk~HQrPm4rby$`X0>SllN}IqVQfFkj8@Dn
z4H|@8usM@8d;bEHU<-pbuz5@x%Dei>HVZqPL2vzA<g-;hmk~5_S3;W~>cIT5HC?v^
zfM!b$Ul?><0w6x@;NN^BF$DmmzH)OCMbf&(*x1*0MNX#V9qARH_SwG|v1OX75+V5=
zPec?QCEs6FJ?DHEnBai)m2clt)Mo0uGQ%AwvjLUhhiS@xEpqBJQ58&7a!M~4^#-Ut
z7>|SJdJ?Mq#>8aq&U${oH_!@pD=`Zar(`-|_{w>)MrdA`BVEhYII^UJ@-ra0i#VP&
z4qn8S0Q<(0mm-cg@B}KI_K5{5&<2Ayd76+Zl-&7qh1~WeuM38Ry}1xw%mPjm1Wv*>
z_uA7+|G`3HHE6^9v81EPkykQ1&{?Xq!v$W~xbo2CUfnQh=`PFs?FbiPikH?bGWyO%
zo*}2)w{1_ArJXCdSyL6_?B-Y>Q;Biyxds>*--iJeU9q?)*?RLL52RN>2pv}uF@s+!
z+y*t_5yZtVIZHCQ7PghFH{kSxr}7Wo_kRYy3V2CXkznbSA{K~#fjTTckdUa)Gn3yV
zj_0N}2xf*~#c)-CxtvgdK3YjNb^xs=BwYEY>o3!<2IikLVLsSzXgeh05`{WvG;_J<
zoT_%nLN3nGqz~`<3!I1$fEVc|Q#HZ83(m|qfy9u+-w6<i_h0mHDSOZe`T4ycD`%WD
zqg;M6|Nir|BVRtb`&O%jcpy4;@_kr9g>@KdJk3mt1&gk4UT}k^=XCq<E%~Y&AIa1G
z0gJ0?f8$nJHrJx#4~%Eq`LG}klF4IMzhIK#Lq7ARQsI9nZ=fx7AWnBQP7E3&=oPk0
zjyqh1^*u&wjucF#tFoNTxu9BundUoz+mY6X*0Y*mZl8XF%Rv=7dLkMGDUtD~u|myR
zeO4lDG+8&F9BHRUj?68QTg&w)lkbEY&qgH16y6<XoaC<Nn-Zu0{0D1Crd{8<pEw+B
zy=$A?MPco+I6)~V{Ct!n3ZhslBAcc4p3SbzZ@WbL`^%VAMyKL2R>=Wq`K7!YCFkeE
zQ!PS6<_rz|-Az93ALodfIR9tcExM|go$_9#na(-FfAsX5v)u6#F=)*i?u%(?%MsOh
zVDrIJ1PO9GVQtMQ8e-j`G74Q8lqPoygtV>CJF@|yDP3eLOQCSNMCHX%Oj;`Uc^0?=
zUhsBuOX1910Ao&>HLqrmotaQ7`?TG(-SaeQDM8u!<9t3pbxDoY*fPBYSn6rOv&4q$
zvlDc!wQif-`=gI-Klq#2IA7I4$*=1DK`S3UE%JF{yd_p6z{X|;#b}ey%YM0_j*axx
zoy|8ifK@poyf0G&mw(g_Z!UXyOR0%jg^vW4;rQ}q!UV;{x0PBVqBA@1H{#iE2e)dC
zov^~z&!aLD$3{*dO*?~c+T~_4CZo|O5(ixY=+TA{+lX9<^_e8(M_FGV@XP!F=?uZ>
z&;u{?2aRI4G9ZTMF<B_@6B-n#f9ruttt0pRgSQD?MEP=f9m)Eq^N=by5uwe;4sUis
z7Xx*To7OwcRr4oaZhk%tKT~auQQTGXf{kDQ<$_-wdQN?{!0w3GAl$*aXNh?!^oz2(
zh^F^D`VYW%+no=LHkP_i@7w*+=r!<{arS*{gDP;C5gS^snhE*fY`*vi%aib1EbJt!
zwnVfjx`?L|eu+MV6F?Y+FXsvbA?73x(7+?kPtdN8t0X^qW_KkXg6W8^tTO{JLFSka
zNShM-1m`VCc0wdDg&KLjg<@M1Vd)RkQDVD||8T&-%tp|@uAFe@w%ZVlSjB4sU5vND
zQY!VfUs1YKQ!rq1t1P51|7muiO(wNdck9eojpRr%QgI83psD!mxJry{C5T&D6sl73
z2_Xk`F!eYNrRxA&RIY7Bzq(wqY#l4Lw#59M+D=%371nw$vT{M(^#juIk~pqc{Xcwg
zOqmH#*>BLOm^eIfw4%Dd<$Rogsh;M5&1r5sVMuQ336T0mc13bYXXO|kLgKmJi|IJ;
ze64@?8r|-%?xMeME8y=!OB{jhN>i8KPFKpp4VB4W1KHaD<PUFPh?i%96w+TlE__9A
zxt#L~i@jUql=Rn!Ocl}2G(l{^_x;ohJPlZ1_nNMC;jQ)7?JN{@?tigxR@>LHv?EV#
z9^vf^`a-1R;PtgC+Am>9J2cPf)7KK}-3W_oJN8@~(mNjB4fia*f{1~`aAqj`Z$vey
z^!#OGo%SYd#C4J~NRi^s<f2@r|0{<)KuhsUi;({D2h6DZd>wGYj!)$>9LHf7!7Wki
z!_YX3<7M!&U>g$0C+pMtOi|uvffLEl$}RL_=+mKzSN6y*^p!F^jkN>MUt$k^c^?(Z
zC=5^>)n|wD61g}K*seML`}O}y5P+%@h^CZfeg+=ef8Ca>eAMf0a5`My3#g5X;YE`5
zTwQF$JNp1%g~TcM%zkHi3oX0pi9fFEn|z+Ncv~*)sP(XNWT4hozx36+ulf5$OW(6j
z7~r&nDji0Wu5Hc7PB_y5KE~2L@8|T>T*GfB9s8bcRAKT}IP`^Bo=oJKWboQD!;`N<
z@-`6GO^T7idtP~l=HG}y7vtcoWT(k$iGxnZp!uI&G||!kp+IqD0ar_TQUOOOJErlK
zcORx4KMERbhyc&K4b2$k`9jQRkOZPv$}t{N6ov5!dV?v#DUS27r<#8>@#J91V?%xY
z*Hkb9FRvok1a4*wHBFE(3zCFbL~5{O|HObvcfwsZd7bnxCN~K@)gHq5A|cK;{&DQ`
z{*m0@*~k~+57%u_OcAEG306I>r0nc=-s3eDGGVvJ#dy7kP6`p14C`Lho?#Hx#39p<
zwgTpqmTKIaXb|)1%nYX`FtWJYXP}utA*OgDP?lDq^5b>Zxq_`JNRx7WDULy~71v82
zv$@z|4?TsA611#1NjTs|0YH$Hf0^~B7lCT^8=i?dKbx-h3B>>QQYYlkHJrpTH_<>#
z`+Rc3MlZXCf9>1P`M7J>u>$s*K@=6G%x9{Lq?xz4lqunte|`_`JS{8?d;H&AuSCRV
z{%sw_-M9y=X_rT(?|GD?jo)6<xv$C*U{YnC{o%WO+|KKCo3%yLhaq1(f$SX$(k`Kf
z8i`oZYEY1vlL%1Br6@j<dtSoIwAY-_ka5xwPK<9FT!{GE`)?cZUn(olh!eQ@l$f=J
zG5t<guU}0$!j`{bwE?$z=iOH{xo-@LX4($>238|REkLBWdPZB5W;1Y$e7)#qb{Zww
zm=5RoPQkWMI^$8_P;lDY0pJ7&$}u@$v&Zq*@h(=H&UAcvn%C^qxlP8c*rDF)m8aVF
z(<^bdT=&%ES@O*~DpFaaW_wG0JH3KLBsq&3bLtfY*)2(X-D&&7s5472%Ghj>xq_<`
z!Fl6scKOHn05x*Ld!UA*je2IqDMPRHN;{Yznl$HqRp$Kdj6G)pviR?;?C9-%T$5*c
zl6`A)e44NkM<?j?&j##*C2hFr17iD>nZ87MK86rW)GW(%r6fci9tXqkBTDJsux%po
zz=j71!AnLoU)b4I4Hi%l48n7Dzv#%f^#4ltCY{BXJ~++$HbzsTCW)lDwfeJNz+1gn
zboYT+VQH`2se4<v)|=6n!Mu0yYp!H=jM96%Q%OWWh*|X7sT$v*>NxR#DZfhnZ%X%-
zKqo4Vn&&YPN2d8hEBvo`j`kwo9Z5X5vd+tBpi2nX7zWwAEy`P-gn|u%xfs+Tg4T#7
z0MODNsW&56Q#0%N9`-=-^>&E_-X8yxf&br5*bXw{B*YDHz|(T0lV&f#A+y4-j!S=<
z#fo)}%L=)UK9`tZa@*@Xq_!Ftut78B7l`Kg_yAv96IbIrmld0Emfc|DR?Gyc!ta^Y
z=YKem-L=H64wamTQR##IBuc{L8;5>a6XV78uyu@Mq(tbij^h{f43$e!U(!F}XV4&D
zAVH<I2u>g%&e<Qq&@1HAa0rF9Sp}tXrZ>IZGAR;Ig^;<eSR8^|oR;eI*={6sJ_B?*
z!<#qkPEtYoq$wJZEw>X>-ls*!fP_=M1g4HdNHJFqqfqF{obSLhk#ylLjk8BD>?6*I
zZNQc0uwak{Ts^J1{p>R>S=DQ~5{j{>T*AflA)>c7-ABRxy&~I0PC?j~#N<pYoP}?n
zWy^`fplwZzf3>b|pj?cx1nykQ9d1M8)evwV>Ds)I!Mc+1SL#8C!EX6E;hIRKA?vXK
zgUc*=kA_%%93g!NsAL9J;x6c}oY;u_G4y%YWW69FDn*IKRydpLgC*4erZOD@z#qxw
zCiNL`@5;sscwV+&7}LX>i7>Y}nI~^5G}IY(X+s^;nTJMtk>Qc3szd~y8f^(;3+Rtz
zbZ-34PyHH(?KUqSbhx@UniW=<@bP91jC|k>l9c^fb#5$w0AKg0)yM9YmA8}ELhkSV
zc|K@F;Be)rJY?5(p!4%za>H_l@#yLq3>l${@B44NZ)*S1{Hei`$N~G<hxZ%y{q2YN
z@a3687P~JyM{wBwkZ?#IesbA00`j4d+ee|X-uQxt3@mTXXeTQRa0nWXGG)S6L{?da
zm{MbSP!2faBjU)XoV{Y>h>PSwYWrEymqLAddO=(lA_3tE7vNOaNY+zVJtlaM;T~v#
z<Cr5aa+^DqX)Un8i@po&cVOrjE+&C_2?W5~1ph<&>tm<!OzY7&vGXcEeIK1{RsYQb
zz%R?${n!zEE>;H`&||gp$0@?nu^P*0t%Ky8Tk5kx8yU?H3PsmD?K~L~R6M^Y;&+!m
z-z(*id|wteQlImIk+AjrCU9V{_6|b^>>D5N4_)KqP?sC*IOQ_B9)rp|kKY}Z6HG`-
z8+<5Rb%-i|X&yA|67tp@al0HGrq*L=jjK*pH<K*lT3iVAMTYx5Gu>~$d#?TMHU=n_
zXe>&wcYq$+SoVaPHQobCtJ*X5qGP3?F#{8nn#u#S^A6ZcXWX#7_q1ekuJY^^4a7m3
zowKDU`%^q@k`VLwVnrk2%|iy1LM*>Lo;dR}snkBqRBat@BDW4#1i`1W8{qJO)zh31
zKA;?=b<YQT$tC|xjKMQu3Zb}}l7}yN3alz8^wM%}j$w2QX+^X$ov*y~g8vaZ>V!0k
zhIgOLS_?>%eUQ?|FT81zFxJ$ldN(OH&<{cZAN0odnu4bLp|&UcZKy;%@eA`RF=t`7
zTz(x?|6JR5Gz6{WF`r~rMD)(Vc`NDeQG;Wy%eqm+Xq}`-Ebo^$gXW*Ew+5RUv&2Ut
zZ_rph8f?TZBOit+TE!Sx-M;$>Tc~!vB#bXXjg5Crrd6NUcw|VE?Hgi<uwZ;Un_%+i
zaQYyn;R>7~Q}yXJ8{i&IrtjetnK7!pZ3AR6;ii3EZuwrfrUA)rp>+qVLL`CDCy;)!
z$GSkLzOaLR9~6j8XRg)n&^GDUHCb?Ila~N|$Iy>HvAC*yrMQI?7f@aBj2W=TL8Ivd
z>@RAh-7#DIe6(2<_KKcFyu`@*OvcX4!9I1rTb$L@v;QAkd`kQ~w_+&L3aM7y!jpVJ
z;V&afYK6LMROGxdoG!fo0xi$!k;s;7FW70sPE|_L!xT2xCik!-jP&$OP;Mo<-|fTC
z?6OB8Un|ZJfp#Dv1AaVji@8L`fCpxC9K@y&ry5@(DTGuKX%V-<ks2@0MQV8?@#HJ2
zCIDEl#Cg+po)pyZhB!a1%c`SZSljv{@HqX&V9KFZXdh8{(S`qChZyK=kz6bCKXM`O
z(}V@~2WLLMkduG&LlIY!e}=+Aorgas%R^lo0jJNq)qMLoy;ld?yYK+(_WqhW3Fr*r
zOowizSsgQZLoL+i52-{AgEX-SA=}X(SGPX*etVi`2&Xx0`{cHLyLY`+Mu|L6N^1Dm
z5Y^m91VzsTj={fwIr#9~Yi2Q!QsMaJOH<d!nWL2V=(py$wz?Tu^3K3(-@w354Dox-
z8BH4Ro1@F`T$6^XlIQOLkJum1gGU|U6x5G@n(tph>`#C*fZ!AccNd0_@zoQgsR8%t
z(RvlS3XK3K8o~GBY=}-g;zu<fUM+V3z~i}qLGMT99(T-8*9<Pk!0|fN>>R}qEC|05
zHV=o;f8aXi-k0&roxS~}`uC0Y(M6PU^Zo8H*;nQ9n?Tp;`Q^pVVt57D3C)Aao0M+h
zv$*|9dS~pMX1gxQ3VOqpy`WY8&5%PgJ9(&^R-x6W{bJ`{IdI6W1n1ohh0n__k3upR
z+fNtPDhz(XoR)acm*?^d5j12~vnHx2i0g(QT8Av{*a?QFzcwmved-e!UsZhRT##A9
zb6{ak%C%eA)FnjaZet#<J5fKq8@9KGSqBk6vmbsNlFcd|c(+F_bsu;u3i6%Pi=~0D
z-$z%?VsGniOKPXoV}HtQ7yoqVx|e`&z<MFJHILRdXJ-lf9`FG|CVUMBF2u$+LiO<h
zQ_vw(P54dnM@aQNsM&xd!(6<ift^?=Z9N8!Bqj#83u3NQ3y#FOxf05Ezr~N9J{>2T
zxrh3sVZN-UFzd+jdvLt)u<exD4W`NzSvgYS{lCaA{NY%Q-}lA2ECq+5nPJYc!Rx4-
zg~2sD1|Pc&6gQZmEWC2dN|PK97nyMj&OkbQnBqV-<3}f#jbZ{m7bTn(W{Pr0MvP+|
zjg+3Ux_%51-Me*&N~>1QY*{Qs#1eD1!i2kyV3<<Oz6)%WinxIixw)T9EP}?y?f(>h
zYw#+bVxG;>**TPO0MA0ph%2pzJ~+VcvG}}p3mGH*v>CgM5JuYV&V2&ubArAi7O*Ni
z*tK7O?cjBFLGvw9kLC}KgKsp+mALUZO<3Z6v6lBr&4YitFxb@1FCeYn={J0;SF`&v
z-rg6x+RQfJWjae|duA4Ag>MYRp_YpyBNRT;?^g+_tRV`c7rCyO1wCDtCc@KI{UArj
zEauu}FU}q&HLoWgz)JU0y|NoYu2LO73!^3ANoY)jPvWCs@$f(Q(flB67KWO2{1{Kj
zqi%c+IFEpJEctu&7*7S09s+dHMoX%@VZE`iF#O-vRRUNp`lA~%Seh$lqY8$@>$g}c
z)mzFgeVQfA70OwD1Q8_{k1{Wu)mtBmKZv7A1fChk#cg38j@1`wJ3n@~$_Yc)g)P@N
zTXqI(z9lLmz1AkWV>2f4w^PlU7jSb)PBpkuK~u*e(nt9SgO`3iq`rG&h`uRQ&$524
zQWL7`>u)rwfSH^to_N=Bse;9Kj)*4i9NX2NB>WLP|08c8-)HrKqT7j?Udi}f&Dm#<
zp0jej2Qf;OoA|ul82Us-MJ43d>wafv*xU-0rv83swcFJ^H}n1Bq14(8YworCy)j}>
z-A#+T$(8)IL)IR_7S64PJ<Q!Z(tNVLS3Q6r&n4sszNUM$-l`h{PF{#*JhEfN{pm#?
z{G5T(8Q2bC`!qC9=@Y|bFjY*&xwx74+sl@Vf%jn<FdfFEN4og?{y^h6D}Qts_d@c9
zjo`FBE={2#f&LFU26-qZXpeKn1-fFz*5GUK)w9#EX*i1ODTvfZa|tMa6nJ$r;Iddw
z5*+9ivK0ze3^IyEYH(gF+|zzs&tM98z6*S)JM)~0gy;CTh|yBOfNE+~<3DIF&sM-U
zZ{zw8{tgbG)?1HiVtksGf7w}&$>v%TMHmjBih<oVKcjs`z6Dstu5^AH7s>p;(t@PR
zk6eUoav$A!H#z%Qct3DPaD4WGO~uU`lRbagiXLG{smAu%LB-`&ym|R}PYUw2=#^>V
zw89N=wv2zg&kawz;E~U(T7kMg@xr0$KT=aZ(xqE`rVsDIG&4!hO^1EltkDgb>yWC}
zfz6NB%`n0~u0AIW%><mfX?|;?F7)@ORneO@Y)%u{{Yjb3NyP`oH4*0+YKX3`Gsa)n
z(2o~+(9NnF%lE)oMWv`o<cbY`Q&DPXX4*xCM6F=fCFt+W2dVpa2Cv^=9r&R~$RZ61
zjIPm#nSf)#5qGl&AK*Uk{1oT#|CO=-3z<u}h_Ry$fzR@Ek+u*n6p5@4PHV{N+xl*}
zJ;H4gwzFu=$gH19ZT&Qe-JSSxWOoar8;2+1%D$y~C?+ISUminK`!0JyMd9N0LPq9b
z0@X4+AHiFU5V-e}_bK5ip?N(O8^Qjh2T644U`^rKZqnS`;244z&I8XhBcx#i0xS>7
zofCG&e%p;8^8B<3>3Bh$&3??f*!SF8gbTb=E0v&vCqJ}VfJX$gqYy9`0zGOo=u@?0
zE_EV%|9I5vvt8e6R%vQ2s$lnHg!|`!S%$_Xh*C<MN*BzcWz&;CbU>=p@A6BhmUFTT
zW}1RnA{dWeDi2c#?@tFljlgNo1`oI7RS#P?-CI0$XW*r}mX>$*_U%s<?@J~*!`4|o
zt|igfIH=G?;<9hH5qrHUaOLAWV`e#V^JAlzXM?$A+r3j8p4&hK*skeRV~hWB7W>Xt
zfg4eG#XClpM*OW_PNKbhFc;&C;SZ<s>I=K9(=!$1?)?lM@r^m$>m?Rb`)OXny^ARG
zcxOH_im~-zI(jZXT503DX50Ewzk}qlSWoD0%vNl6PQ%<Nd&ttIvz+*_YxIhLDDVT{
zBAy!2zge<L;(S$kzc}$~z@grY-3{mR9Lu=Ym|)eo&W6h=4Ize@A`zWxRYcdXs&g$b
zL$GhC5rpukOlCuwW{$GaLHCz?yuw&JhdK?Ye|~(>DC)K>UBAP&K4WBK6PLKy=!M5i
z$xW9}_}$K=SLz9sX`h9!!r11im8)WM4Od*4a^cVaA_#49p7UMaEnZ#jf=XP&@ATPX
z<csq=goK0<^sT6PeI9n~-B<z%f@8%eD5U=r$p+4OUG9a<BWlW;v$_lW5<{_+aa%!@
z@xm9Dq_AIliiOI`maUH(H!6n8KD~OU4dV(s+x)KV&;Vm~2<Y3txMd~=>tcfqmA`ve
zS$1c4aZR399+fr?{w;%v8~1eJp7%Gm7b|U=60cGO#1s6uw=H8HyundLC%OJ?4yd{9
za$SP+?bLf;`U?PtZ#6olX^K%B>)4uQ$9{r0MR8OQy}R0U=k*?v`L(1As|OyxJM_0s
zZtHu}(hS@bE0s&!CU(U9XZV*oGhs%Q!TlYfLUU^w9IgiE5jk&IDEpPm_YImKe;MEJ
zTP?ld&1^W2P`OH8p%9~;Z;NHpqCn|yYi{#zQK4ts1kb0n<p`j^MQ#}WCa9fn$U4}t
zL(ksg6h5-t=bC($M&e>1>J?4LgTIWkJVY#1VUrdTMi7N?KFMVKhTkQA{7NTrr`kSw
zP<L$&j2S*8y!p5-%sON9a=PxT(q^=mQ7^K*1H=JGW!+GxF~nT!Yglb=6lCPhCXVP$
zwHOZ_^QwG%T6iDU85=5gp|4gvj^-oKZxsAVe5Gi0^k4)0GcYMsHWNqUe&pwF!MGGN
z-)1v1W%YPrzK~IK-phsKGrU@UHD3kVW$JI!kINBC_?P;xu69z-5CXGFj2K=M4Q>R&
z+>&4i`LeCd?PHHL>=rj%oVMiFb;5N95g3n0n^EsMn*Qc~IrHjz^JZ%!u92|p<vcxE
z5YD*&l$i<#pD$(d+O?$#g5@Bk=9m9IT6g=nQJc`<@qOg}{STqMk-14Q`5rKOI(??2
z>z546iLW>XYq&f#t0{^#y4cR&rmB}X894OHbD5*5(Ilj!jg9EXkZL&Q4@@aiWE=ha
z)Prl^;7d2JVKg~fb2q9vwjx<oIXn&5RZoZWC&6UMHZL)Wx$)0DM!6JMR+6L<t13#U
zIE}M^JZjb4=$5E*-O8ONM7Eq(#I#-aoY-jU8a#Uo+$it;EX~}SBhFJw@+wg@wXpqZ
zFSrwO|L5$IgI}jgs9`5hRIp~Jj&S<-aMQ#Z(N}bH8Ywm!gs-oI@D0oh8kDnvg;DD5
zFq<2m|BtCRfrj$^-+=8qLlR{fyGof*$TnFDQ7T!=9-$DDeHd%9FA)-xA}w}V62`t~
zYq1;qu9>k8GxI#}qwnwkzVEpYXPhx}&hy;Q{kgB}`ds(t<GV6Aov7lEn0WTyR*dxw
zPrEHzaqNkR4~DuQkt9KVNHne!@$4DmQdDQKMjon5I~l>ASz8H=M;zj7*R_H+KJj~9
z^=Ab)v_c2IOag^O{$XO=UQvS+T=40hL2fY~%HIrYU3GJQi`9Wm|MZ>k5+v_zd-*QS
z^oDt)#qHQyBs)iMV52wdTmP6f2`gBLX@ysdECn?ca;>d5nP^Mg@~F1P>e=PY=RJ%&
zkwxreRWMdpWWwnC_t`U~>G{WnfrG{#JZJ@i+JlT_*K2QFr84`7oy?fBXc55D?R$pH
zFK}o2=j9skvXxgk5l%90$(f1XkF*^eh3x|L)-(JIXDKE?3~<66h~hD9toEmv@5mhf
zB=LegVBX);RJ}vkg_(R&s_`L0Mf)px_}(7BzvEYE)3^qQ2|VBN7=zyvj@{v|Vl_XL
zYLk+kcyYWz#Q>BpQ4n}ZNe5;Xt{pND(J+-~0_bJcF?hTz5yO!oHqQs9Q)o}>19BP%
zy`&(UfB=L`MB6#wdpS)<YmkUgn7ZfE-u6Ad*XA$g!e&kXRBgMlBn4huI(rT(jQr)p
zcz$_lB%6h?dZsri8JO`3un(f{ZSokkJ>D`fx#gU@``0w_H;KiD?k~SB%D&3S=g-Lr
zLXBSXv$>I%MPO*2%hO!<vgZ5MxZLml#SK9S{IYy$y}hMd^=+2p?~L7)*T1=tIQQ^=
zNP@ci#MeF32_S}6eIxvL598JN>q}$h)Pc%R7G4|7Jp~aN)I^O@B`dVM@5KG;wnVy*
z*plk$rT*gPUlE~-dtf6{<B74jO3XLz+zd5(Pd+l}UL9uM`Q~T&*&JRN%9(D43}Drt
zz|?mnvu7TvJMfZdweMmx<r@{9dfSn*m;IWEdtY|V_JI+5DW!?gimRjUp;{wx*Cy@o
zz_QNQ69os2iY@EpR^;laj$80dl-~NQ^Fm2gK2=J7(^eNbb}PeF{szt5o>^QBJ<}u!
z44m`~FRtld<H_J`46J*2hMqEOrv_3nu=?0Z0O~p+R=sN`sCJGiqSH9@g(<GrUXL;D
zDv19E+LO2E2Xw7EnBMkCz@|EVCqvlDlsLp@pO!>DXgSj$<hKJf3hMIt2G#!UP}@kT
z!TtD}ecqn)8^Hk0-iq|DaWQ?|iV$$o2=d)+sazJdON{t}yJzoyqu4rd@jM{%l!zS)
zbe(7n+KgA{tk%XWM3aYmJ;qODd(6BPKuM<75&*<0--rf!%Ee%iA#<hlw%#42IB)>?
zO?k<xQIa)^E8dNBU3Ri-JE>6dQ-ulhdmyCh&)Qzky2pg+2u{S4hm6C2)N#u`uk1zQ
z^M~<DqZ0PZ)O|fq@3Cs_1H{`H7oNvGz#cMe-d;zNhGkqKc!^`<?k%_CG85*50V+(x
z9ws`P%cZnPo<rMHk&BV7DD|f!5dghhML^Xh8k#;j?&xrMIaqHqP8eHmL%)K|FYbn0
z03#fMVkKb+2xv)3{LCMURm@u1Pe#ri4Xpj7K9~$hQF-SgnA`Q$!*yqWyc@%&BIBNb
z2Eg@yqX!fNlXi?(F~dmjwEj1S`Yb}jNNawX_ZIpTgTtB~d{n!wi}z_j%i~N3k7xPC
zU5^gjc25}}lKCwC+BX`N3zf_mdDzXajHKuJg?tv}1Mg<Vj9E4^zLw`&l-ml|%q^Sr
z2W}<c8*-Thm3Hp-w#Kd{=BScCFWswj8gncf_4r*^;Deuzkh19ONP>H8mznzByIehs
zkkc;18<2U;XnFZ*WjHN}xQ=U6o{v5xq^JLGoZCm@(T-6Ej2$y8f}lThSnp>GuBagw
zChqkivT!vyK{&#6l8-OlcT}EUyFE)}?oW33%?hygs{Zd1p^%dF^CMFt0doQ0x2KWO
z3e(b{z1c$hrM2a1YQ(_b=&$NQ!~*3FV{`!BM7nY12@3=CQ>=trt8MAx#5`QcJX!56
z&G9P#tE5L9$Qtkl5gUj}-)w27{0bXW9B6ppH$^Tp73=Ds+4#ni?`<Br+(DUoQnxFD
z$7aAd6Ppy2Ym*G(SkMbEyivUeouL^>ZbVq!QV<CB1Nu_p!p}h`Of&g&0Q=Z)dYga7
zzNENPdi*lM-x&S3ePpx45`R^qf{N&P!tmas{?~oGcP+A|U~7q%Xrsv2yB4?XB;-U~
z7JK(~X8>8j3ofH50z#z*TU>s4eQ!?IW9&xFq&qXbtZ*}SijHN&67|83WUA~Sc;IoT
za4e`%U+5kQ1ww0STfAmh0|lRW^c^Y~ER3eaY3z~MPmkEimfm%uH&*+jTIJyi57~;!
z32IKa2@d65iH;&&j=8ODb<9p8%knR7e{g<p8jY+#?f6_B-krcZB2Ug-)d^@Z-ihvY
zB4SpsIC<uAB};cFcnIkeXC2`)4dUYStM0#cGv1ze-?TC6^Iu6R%mK#GAxvWR(Z}ke
z(c_ntCs_kOZ%>KKeJ2=glnv4IdJ{zYg{N5nRoBwT%l6SUEoh)Xd9xWy`O%o8z^7)I
zHhM-z#7WTZfexqUL$AS<LbXP1lSU-K{|o$WZaE~U4tvH-k|+^z_o&~+I}!0Y%dp#Z
z0(i6*p<BYhgB8q2%Lqh6z0CJme#4rXPraHZ^8;6*l4?h*N(<UsSm&g=0=jKi;ltQ>
z!?M(u0?B}|faG(=+vOkkN;lwku3`WTdK0;VP6PNx<8}};%_*W(2{vnSNt+%}hd*<n
zbO*L-E5IzoA_S}TJjh~V4qmV261sbsv15FPZYAG<a<IGsKBPbjQ|}dOWB=K9weXO|
z2>K5vuW>TNYAE6gs4JI0w-`Uvz<Lb?FpI%&nnj+ZpCY?C9A)nuq58MK-RwW+u_azg
z6VUvM3@LvA$KAybHb(r&l&6<nEWB@wimtyJ_lkwkzs<L4dm}USt$Rbd1K$O65=MdW
zfc#YZ$;>5&{sH8=u7@RGbv1Ic$k2W3ZU{oH$(^fFIWpmD?)#+Cftpcp<$bx5K-i5}
zbF;?8R?Q$VrKMW&ZNR`s*>iBRo>kCKYo(=hWuoK+8g68BH57-%&F*F27^%rpbe@PQ
zw4T9THzue#)P!c2G!8<|-+qaa`blZ{NPNQfu`DyCa9pFcrKR_-sgQ?9<8H}s@zK|W
zf%79HR_~Lj>p9@KR0b}RZB$~9-Q7o`wN$7r{16Yz4zrC6B~R7RBS?OmKm42s6{3`y
zPQT?53wJ4450>~xt<gtQMwr`Gr~h*IpZgA`<YhJdM0>{6C<`d8_O;Toq@im<bFH6w
z)5AEadk5=Ry66^RTROk9-8DZD7$`?kdvfZ@dCRH_tmfX=;`*l^Gmjn)Z2t{{kEM^q
zcPu2bMGt6(-~jJ8`Pv7g?*JvHwsN&LJxs`xWezPuu8%moeB;3fY_*B8dW+wCm7NvZ
z(NAxkG%2MK=eGvvMJzlng&!7TH2P#B{jdI*LGm}&v<9`5vN5UlMPXKwiccy%3oZWo
z01<RJma$oloWy_AK!l99bu;EC&yHHp6r%y<(9U3)jkjKvSmw$hKXp6f8I62kTf>dy
z%CxdP)@mHNpFFd#hebyK18vS?hdD}ZpUVxk-(lr))J7A`VLk%Xn+-Iy=y+z)bAFU4
zChj<O%K2Hp=6OU7_{QoY<y}}coiB-mC&MR_4NHis$0)k!tk<`x!;zS2v>Y(T+-&<4
zsI1*VP~xEex)%XRA>aYSjC{S~;kjbJPiJ^9mM+*1f|B4T?B#OOJ&HLr_$L*{u?x8|
z={<l&;2vfnX(1_yOP?hb*`(DJu~7Qo*nura-i4^sZPhER>5#zS{ixkG9}N-?mFMv+
z8_|4Zp?ZUXMY|8TyIT_sH5a}Lyr~$V#CWu0dZe69?G0Sl%g@r0(@i!l-P(<#!lGLL
zaLfjhl1&<bn>lJ?Ww_}Nv*g)I=Yi^qil<+Si>oesJK3*O6Zd|!#h6*$d61*(Q*p{o
z2HliW*j`;OBINS3gmiO%mih0Zvc$D%CyxhwmB<&^AI<xTGnZw*3w-e-7gfB|*q!Y4
zUEf6a_===E(?9Q8p?1cu^YzNh&l;6dcPbH8UbZ(mW)wQ;WUo1iG)-vKSldgDy3a_t
zJp^hBZM09xZbdf=w@c~V^j-=8q|7IR@aV%Fg3drC)gu-i%}z5_2eEzYP@M1P1y<VM
z55!yWzSI3ZukiK=sJPW`&E$NUg^B0&Xw7R3idAC(f(5v45u=G(xuUmuvaOfII{gFR
zg5EF5A-D&9t)%xuUs>T(Ay1V|9QJ_x4LN@AbMo9Zx0yzitu7sZs5)c9;<HDmi6!h*
zmX15y#_MG3tRDknmKd-)oxZ;7Rs0fCBEX;<NA)+X$d~<fgJt>i3#1UL@y<X+J`Yph
zCuu8%IVX&MiXoUoOz^w8V&^?@3Y8Uncye5XoLSeD!;q-rf<P;0SZlD!_R1g7e&r1m
zAZLxQFF$KNK~VKA%pzv2U|yR174i9oem--8VHXo}0@MG(v~p)Wli?}UKr3(}5xIym
zI+yu6DhZ`*6A<R}cX()xXb{V9bMRdwL0DXqOzCB88DKv4_mt1c>NP}phHdbK41Hvo
zc<ft{;wRrhpY1t))qH|^^r~ovQpQ(s!eduZZLf=3Tv8&U#>!Div<==Ydus1bH&Y4z
zNB~1~U*tz_wYMSd%cYx{>9Pm0|6rIQ@2e)M3%ak;K&g9~BrGY3R0=)NNAVuoEyCk{
zqO1<F8}Ko-02_q49=_kf7p$XGsbXXuNH9x+lmlvSy77^amX9_7-Hr?1KTdr~+^^-s
z#{Kzdzi{@H;|0{KfV6KVNsk`2HzMsk*$?8b--j|YzGe}8WL(HzMd8D!n&q~dPGc`U
zpU(c#Sa=w9Rq=xwPmOajdhIU5z4c<n+~Doqnm@E!x0vV(Z)QL4e52lGdEAVa(Vv=l
zxvP5m0dKadPn~ekR)D^vj`nwxvZ^yEbmA2`hg`p@z;9?Y@M?l*RM!*f(C2TGB1Xyk
za|>T>>HfG=*oP)O!pGMWr&zXD_s9FtAv!w>_sK-<`@!otg->JgAAimA-dDM)Mn2|7
zkL1}O%G_Ewm{mkS0d>$R0z_<2PeT!23|nJrcAwTA<`MglQa&<f=Vv!T)+@IT$^1A(
zTAgdb`S$+UAid{$hGMAyMH|u-r9)s9pQfQKjGeWR3TexOK3@KGI%(3Wt=?~PyG-M-
zW?5K|73|x~{-IRnK>q7oP*9L}E(Du%kr89(FGM?E<JoDY{&2SR``%-vmA(*tjz_GZ
zvF3JaLLEJ?>Rfp()tKZ=opAg1DaUiCndD2hQscfjSN8M}Yc=rK_mbvvld$|vwe@4<
zEm<S3M|4<RIWu!zuF_N@z4h`Q+8&SmiTsoC6Kc5iFt6;!)OWw~^%4~vFEeLDk0!<c
z+=Yw+thI03Lb%Re$LGUuzFkAkWiK3*nsE;*IX7MEqfek<y0To2(PVgFi_Kh+3mw*^
zkV^n&m6Eg{(K8B?K4`a>b7`t^zSQYJA5;}84nW0v9`>GCSr7R0;fAcyY5#7&lNPUc
z;D_-0r&L>?ROsX-{g|~SD2~$Rwxk%M6ZPIcdsL5}MRM8bDPCBcHzp;$S4_bqnH8o-
z$_!yT;4bzCi%HNEoCM2nGjBs@e5Q&~<0APk7I-cd?+nC0k05>^F89d{#vJ|6dUcF5
z!+0_^eHX3LnhYSQa2=gPv{{BefEB%!^_Qi^cuq=vTgmd;UeXcxv9}<pq(JPX*C(z`
zk=|V&Oa-bW0p}xr5o9kLaxKIE%HPN<ydGC<xO+&?0unzix!rK<N#<}=haBT(lmr-T
zqqMHrRH6(i<=&oD-zXk>&r8E?<&2GobJ4FSBP9(U?YQbo)!e81I{m(3%goMOTGl+V
zc4Mplg&!?{PcMKBd6VPSzZkFAc5Rj}ta+CIfh>`)CxLc+qD)Gqiw>moTA2SPD|TZh
zy80sNGhR^dc`=sR+A}?vV8G&bOf>fJ>=U>PmqO87$3ax5aP?QO`Nj%G0+sLqQm!tU
zTaL*!?f;FL9hoL&7&CcFIxuRe%~|4fDLB+bu$ieMe?TkQf}8SzIuK=h|Bjo4-W%5(
zVhsHQ`?)rQz3FJo=*B(1Owl2cu(^ah*Tu0xo{_Qd;6ZXi6F9jKKkQP)A}Eb4!}xj)
zf&w6`MioMt3v*g?1BTZPHy&44dI!nWvGQW8_K~DEr~XeDo>XCXPh`Jyi?H@QGalp7
z6K(dqx&YXINsq-j=uNo2+$}m^U2oi3iKu^|oY3-W>&6VeaoyLqi#Es~M4lpl<FgZ_
z55YG!me4+n`aQuS9(__iE(zT!c>g;d?{{^=x6I4dsO%>*XWXItiGl1VTdr!<e2Kx1
zKsA;ybVy)$PG1zVr6wNXsyh<4y1h7q<Y~_Mwa`_7Wt>H(xt1mTv7KPb4U8Z0T)9nO
z^seqR4;5N$TGf2gKTwqJW#7My=A_C<NPN~IlSGt&D&`-&H;~&DS>N6jvS0%CH@V1>
zpR47G@LT9mD`1Rzo_FH6BQaG!MYuj-rvVs?{V-p8h9W(s*S*vU@<ji2P;;2<Z?;hJ
zYPyB;%{z8ALxfuBdyXY!$@;QBIxHMPiD0VO!KeXP1jt8a<Zz)}8UWkS74zr1kwi4~
zgWIT0rrbl3^|s8nG9ctHMvbt_{{(6snw$0OgW_@@gAAZ&IbE3lD2AVp0c{VXq0|V(
zunW+@(_IhPMn?K>%e#B0GkzgXy4^G+df~$u1x`~M>EMMCBaR|{w@fEQn!E0@z@T~~
z#M0+bvFK6E#XZyfsCwYS@s1-!HwpjDZ|wo)PatQbyiNSu9XFI;5Y*e}4;xMkKh&T`
zms>R|T|fAFxxfAMQt3v~cIj4i?b%2S9p$_0#hPP?3fCv~KWzdRiwTp8x^_RBoM9|z
z>h7QNN@G1c-g__&r%+QfvqHTU5ot&l_J8#tsZZq@;ZyZB3?Gs6pk|{^5T9ELa$Rb%
z^_aS}IZ4}jxnoal#}P+2sijBacpT`aR3)#JwRw-5k``sU@Oyr9VFr!S@T&;kpB`Hm
z@?HF~w}&L$*s<7m5-fEt%o*j6I<@gJWO+P3t5W@A-Pal07pxo{lZ`KmH%q@Clw9F(
zb6gWt;}ab4{TuD8WaqlaV?O2PL7lhu9mOc#8t~oP)Bozd#POAPWR~UYN)5>#+-B=j
z8Y7td4g%jTYvgi>4Tk}~zhagxOds;aikd{ChrO65US)f@VUh%4s&#ZP;i{uuvk}D~
zKQ;l|)18^Rp6(xl<Kn<y?GbypAA94$LFA1}g!_!B5x}C~{|mi$vUB1Pd%soM=#3kd
z*(URmLyNJdrhzA{x(jhmjwxZv-T}o=_rMMSmK#9^TysIs>t^gc<AC3oy<kxnu6H$e
z2NO$}EOD3p&V^BTxp&`fKpp%%b@4EXJ!-(6syybYq2`I5Dh^UcsnX+TyLjh<UQoeZ
zRoC&$^p*2@CtjXyk)T<)nh(q6j|T4bfAOS?NzVfxKGfKZHSBM5OriU}xJTYtUAAQp
zz86U}k7N~fEh>-oYDdbn-o5L!MbAaKD2!$ghmtNq_Kr5=^R|R+G}wYXqr{o0U;hr7
zfW10{zOjqxGHr)s2`TXP3hv~IbvA7?Fqx79jdVZ@NR}5lf+wi}-&F~w4wwsQ_&+@f
zQk9M*ClEuyYr$_(>{mN%(QE)57mKa0fAdmJ`(j&wCVli}*45W3rp6sG^@ca>O`aj9
z!e$#mfp_`@%lOc)>tV&DFR~v-C5uJ}*i395@F}xdspezX$8*&D%6(Zjf<*4h+s~Od
zUax@^>pzvwFb^L1%^U^JFNcK_S<AMY1eR1;VulU@d@ai)W*AX=Z24>;^0ff#^fh&T
z!p{==An=KvnjOyCeQV*7FACfq`oOpgk8%J#8UXS27fMJ9$=i3N0X8rKT9F?1`qg|X
zTU1S|<S_ySWZTEkEr@gHn%L%wi$B(K(~>~D0=4Q{TLzMw-WnFII5NRUK(EC_Pb_5@
zdHgo@-kf<~##oPRWqqksd#BDA!{^rj=DOP4sA6m7patb!y<iq@3S?}?F4o1Bk2e-;
zY>~EomxG(wKN}IK8@F1>$O0Ts^}&brdwk;oT|+FVWk_#}^CE7xGKBHD?QO8B&5<hS
zD{qZ-2vT~grvgnFHot5>pZHt#?e`^~YZ04-iSrvPt^34ydgcTcTwoGahSH1B><!#q
zi@|qc-D;*2i}zD}XEa%w93E;k+bV4-1#NGl=N0(0O;=Ta@~g9>Z=!Dyja3)QyRWT}
zos@w?#dTaa+kVQGefsI_uUbCw-R&|%))1n8U5{`%Qq4f;6G)`)Zw&n|`Nr{#)6V&g
z_ora_C)#d3@0$0U(;rouzYK#IEOj(^d2?ehV$YM{%+<)DBABs?^iw8H$xQ@IT$>`k
zrEX@)ck$17RLs^@U(!@=+V`A4-5CAN1)iG+s?BK#`H&iImYbR{<7qFQ$66_)!tIjZ
zuWpECOvpH3ubl0neXJFdw^{e|l>q-$D9*@>H0omJ72nBNF_F&k_|CEH+t^1Y>6M>X
zpGWrOLe1c-`|k%stGn@QW&d}M?-xUZh*@y?pLCE+RZjZV>7hiVOwu|u&DfhM`c3bL
zW9%+1BID?AYGsjBeoE-0StJ1`3F@NTnp!%s9q`N~lCdQ3;B_dw!F>CiK6vjgRfnPn
z4f8FTE(_IrCvbq#Ui5a_)vsVXy6u1C<9r-=9e{EboFF6}b*04*(5Nz9<={HNEuec7
zkPM%Xb{L(*&f#I~QGyU5>(QliAzijGrxq389`;ITde&g>hyA%j>ju+5HG1V;&9~#F
zE<3yp!nhX&_8-rtjJbLO_KV+<^Cm)F{l%n!XRE))#w7%dNS8*Rhfp%+iRv)iO+@)(
zhVAq=VL8rgzNp$)B>btw`(!(7&gwIC9}6*)BQ++-m5)D*PsmaN%C2(QEHpQHaD~Jh
zk3XVvv*0#HSR@-gGHkqf*SHv#(ibR^B3oHwoDzt#5{r|X4ogPgfmcBryly6%Fwc`N
zZfw}HvO&OezQAn!^RLFkEy3?|;}e@-N*k;DtyRZq$s3O?=L8qqz?ry`-QpE~#t?s=
zJTNg{h=K>n)^2b&;{hPyu$A6I1AJcf==U&}+B1&{f2z;Wdv!9xtPq1<y_9!qj-@nL
z(T`#gdBl1-C8F)xQ8F_RtF8Tdry7IR=qEULcg-Rcr*%VVh5pvS#=k8mYN|QzOu<Ik
z9j3qjDYhJ+wa{oBI>c)CGm-IR%;=HSp}-2d+Ue2!&1?!$r%oFB;^~vdgp6obhKj%B
z1a9$E-@z+nCu~y4xt`Vd#N=rtlIV&5D68Ru`uUN(k;QMb`zP(eRZ5jPM>UtQ>S%tq
zNfDUEKUV+xicVg6mUK||o3eUA3TyG>>)^Se5ALplK2)ijXpFdjFsJVYyIcO>a;G-(
z9bo0@W@`y^yB0r?EsX-;B8r5AGK*m)NjsWCsD)J?bSS^pVUV%%Wjyl1DCQg+)q}KN
zwORBtiHU+L#FD|S+F+nvcj6FKYPk+HjPW7+zmwLkV0eJFV6$>|W=y;@3Wk^nMhEse
zIk=KVrc@_Bjk?>n^Yyy@DY`s*a!$zg3b#fA*b+`B7)2bccxbrMBtKMA=kzsr_fm&W
z;mvE~Q^!0F;&kLr#Te_OPURIoLD+!G9m`DpDw{4G#p;5nS$*<MYq_STkU35Ze1r1d
zcQ?17?We8beA~T#B^&<Uo#&)sD0;Ym_!Qc0W<MB&09hPxAvGhM@?X}FQ#?D>>-G+;
z8~(q6JAL_86Y%QaDv92KJ-BitqORfwi?OXB;vcPsjlnCBj_BGYl42QFL3Yo<|Ll97
z=<dH`cN?Eh2mI<nXq$b2T3Uu2%H4Y5Vc#C&<+?uRZ26^x!;+|0Qm-P-twLRZ3c~?^
zjqt+-aaHX#!&&M9TaMXLo3jBXcdZ;VpUs3WnVCzls5Hwo=LBfdkyYec_dCCB1{yLH
z3u}&>-VQ4sp^e|HefSH$S)~jv26)ff%5MnaUS&6j_(p}}25Nn;zL25;hh?8sqba--
zqbBlKxLzPNiSwfp`!$=@<3baGya<0bnn+?28tai^6%rxQ8!=km<xw*|Y0)v!3{RVt
zup#>MP7Eg1uD!|(b+$p|2L3si4H9EwU=>vUMp{;$M_dM<$zGwk<juWWp3p~bGeL}P
z`f1FNoO5ZUTO5kxSi#Xo=271Xw;rYdVO9Venh}TiK4h6a4fa5Z?slF2D{2RM%z6PX
zETs|@ncPzj@9}}B(^?TQ&F^z}>RT5BRe<%|0`?BFq0fAm;s=gRf-}5(Gq$<$>2s0l
zz2`@SW!ndQta20=u9Fvj4k%J_sLI{VyG8^%oxkW6uOPy#j8}{xg~#sa{($e>3&YEu
zX#Z}89Ov)&x?<s2Q+ylq&-Dx6!f59RzfgBtbYMunW(NNZd-Jd-)@ot|>$L-x&lMHN
z0<=Moj{L}xX&P$;9mPWO5^K#$x;Za7GW!?`n7ba&+OqSU`|OrK=)idHserG4<~%On
zIj+Tv4@X~JD|2I(&qBlIn&$WDz<ZtlvT~F~kL_k~Qwdu>4|N`DIvC5oikkN)WANi;
z7e!vtfNmi?n)6<lG;0Q{T=jx>t7<ks3j#DOV*sy>{|{Oa;8+|c540*#-ems#>?5nW
z)n~8#f>?gSS9v(x{P>y}!+^0%`Pvczv?gRk0t}c@J}A%N74Lo5o1-%&J1qcS&1!&p
zr3jti6E8LDi(Hv6Pg_VbkAjz^d0jjAPhnL!jE2bfz}z@I=Aq1=vs9BU+e6r;#4Zy$
z1*^@Yt;6upSxE4Rig;aMXcd@DoxY&_#z1s7naW?lGRVN#D-}C0JCm@_`fwO4ekLXH
zO}r#J*vJ6%v^h3vB%oZ9Z2+irw!?%S>?G!na))wIZ<&GZV$%B}X`ZMVr88%lti;m8
z>FYHsqv{dz1z%fk-y2c-LUUzQ`7IYN7HwKIy59uIcC}w)oO>n~jp5NLdjJnm^WBL2
zJ-n%Ln$%v4K*hP8x;L5lz24lz@zIqgbnK5em+5IMpo8jYzTvIS{@WS%*o)Tu=A3nC
z#2MD<>Ewiba~ig%qlp100AXdWN;CKS;@{(J9P9*surT+p(B)nvRUcsDg*&e|fJPFi
zy>|?rez=F0C}WiMdX)Qb>Xk8m8~>@2&OJg=e|ba&v89^w<2i|mf-iFTzM=c#lS$#k
zd*j9<&rA4x4kItBTKtz9k}_zg{UVuij2c5)KD+UrYob%t=kE;P%}%yM{*L-5g7$*s
z#h_=~#Xm7YJZfiV;ImS<)Df(dJ4PL&?jxISyiKd7(~3%^&AIUH=Tn~RQ&$)#SOiG+
zy~>nbRo?}B@`EbhApBYLL*)M4dNuL+`skL%_lbm>Dd&NN06zDvS55@m`}ZFQ!^j%G
zt|UH}P+Ec~ioEF<L=(0pKUxqv#nwb=`D5d4>ed;OI=}Mv{Q#kO-kXf(@ujtJui_(S
zg`ZsyqGa7nvT;?!gWm}dB5z&JPZX}6pnIl`iUiQ~fsJrA&iXB=ne|Xe6R)v<$Z~Q1
z`UB%<sLQBoNw-<=<^o88zy~kv=ZW(4Y!nH8ZSh9Eo<KW2js<^#6%``BTg2#bwuX%T
zePro}4)b1cJqK2V@D0pVa(^Z4J$(72+#qB->$Jt`>^G}41vTk1v^e`o-*~;oD{JGw
zh|hB`zxs_(Gmer_6PVA_(0mjoO_qN+&JncXfv{6ohp(i5GJF9x_~B^P95$SOdoPc7
zL%H!sCeDs4h+SOva@nBOOlkv1EhnL-O^Ff=o9boTW^?P4^%yT6WtG^u_#lv#2raVg
zVaVm>A`!~2d8?cR<tSc~yh7h(zef*YykieYP|scxM$wiCjc)h|ctQ_Mqj1idZ<!x4
z_{XMlw_4v?Xp;xNJY}l1Bb!6Gu2Wu=thWcZIMT>G$~K$%B+*U03!td6%NodaF}!@P
z^(xTWo`5_Ox1^|X6;7+8SZE{JdRifc?5Y<)ZA<j*8Qrf>l1VymAMNwybEneb&?mmw
zr2{jH2KOk&60$jB8e-S(eClHJQgd?wIfP<45rReI@uCLtiYBK#nH0*B7?`v)P7f$4
zhhZKe5%p?Wrxffc;e13M27WxfL+pO}k2e-qnwL(}cFL#GW54FJJPH^MhvO#u6NW2n
zL~hK~xK4Da`fS*}EWFwNis=1Hps~h<mg<4iG^)##cXfLFLOI%HFRow^;wcENWQ^To
z*L7~mQp?j6E|$MfwY&RHR#Hsc;D~K&5<a$@eUdo49)r98@RF|^3k%G@-P(jg&bDHr
z?)NV@c|;X2AAF+ydsg20<{~T+{6OHfIq?VN+8igzT#%L^-3WBbf)WyeptYJ$neS=j
z?7D%OscAzO$zw!1G5X9;f<e?}9GNOZ68b)CO%C-Y39D7txFX>3)~vA`jm#o7(ZFGv
z^F5)%{i(|Y6WE7+lQ|^&I<gyIs13$xqvKl9zd^V;zzVj2NuSU$fG+wScINKm&!9eF
z2&Mp?x05*<-$uzL0(hT`4iKZ&|2Hl!qmwD=|Ba()3JlC-*jiAu0Nb_Ui{_NhsO5JZ
zw)yBjIGDF^Ak~BGGowrgY}ruu1^n{AbZlhmKX~pUr04Jra_Q;ViRgCAsw2+2Kb(TH
zw3C-PHn4L8Cfp*`<;#N4`N#~dbgVZo)HWzNUT2cnR<U?<s_X%{HpoHufNkqi6#k?|
zji0o-2OFl0@F)N(azkt?5PTFONPd~yezC<d<<?C?6nY3}>_hQc8*HwoU^%<5Z^&=N
z%9lFj8tcyq{v`2(yrA(@qb)>?UpM#>tu+#xdR~wIU5O;*!m^zc97Y#_*Foy1HEacX
zR)wZ=iJU^kPahjY4uO(n<2}p<HovnQcu8gE=mO7!NPgCiW>GS7R(wm3i~9h19DJ&I
z(nSk81_)waQwK;vld*8Fx_H41M9)Lif)gs$_-E#QyE3M=AwK2gwc^iVUy7+62`&na
z?^2JCVxBhvz2zc*dL+18%GeLdd?6Kt<f!wkXx8UR?`|o}4V-#fh4dqp^_R(lD1t^r
ztGLne9;<EfCg)N*M`Jd>X<c={<gvXE$Fhw4<w$Mcp+t;?uw4<!^SVQ<v&bnltvoBg
zy3CVQ&qafif93{=FK9bFCHwny^BFp10i9G{Fop7x!Ve|(V=BbDq1x;E08^W!72({0
zq0Zes<5RLXkDdJ8vr3<IBzj2Jh-yeCridLIjNU-oU4u+A9;>)vYysND=*nrRNt?6C
zFqZzoF**O6!xv|JUMjr%jhRn5@<!*M7}j~0$&nJOnUAJb{4c?i3jEduA5etDs0tO`
zO*-9|vtnw*>V$t*$}DvKNGK*vv_}t_Ms7uA$`3m56^)ici1fSQnLq3{3yaZ;Wf*!T
z!OpEgO#wf*xDk;&ajZu>{*vT#%=oJ)_;~+wCYm43g-t925<=!Zx1=wfeV<<ru;5C=
zGwtu!JxKISI@^FL;x!1zXYv4AvNu+6tZl10JN*7!%p6<^*idF7d`3*~O56ImksmgU
zkwhDa#WG)<ucMFA+QK;KK;ozQA@c#<FLsugCO-dW**7oy`<un75f(I0tX@A~7rjSS
zmG!AK7kjx->Tqr-6~}O$7vzIRyG0WQN{JcI#M&jNV!3mgbW%?q&mTsHtBO(S{aGa1
zA4$Hik}j>>DUFP|a^Xldeb6RpbC#;sWB!!qzdH@y*?^h^&Bq4EUR#dTx^^hsF8v|G
zuAtGwc%4mV>(+>!nb5C>vt<vEe4I(A;)5vrZDy3;jeOu2Kn0Gq*oIeQI|D`;3*V`)
z$MqQ2-&~80d(`yoLz_C+DN7>kq`_cFEvTvK@ckG{DM{*QGx-A{;tu!I=csQZ4ADZj
z_5E!$xe{2$h_a-n7X-Yc*grQTD@xJx4iP7L`UR{T)3If{rM#jP=9+pZAMNPHLwd1;
zAly2gHH?%u%SSVdr0{*IKwja6ez<QxOTO53zQz63Eq?^W^7Tr<s}Oxb9R8_LHUC?+
zgE#=2#1<e!{dqFI)tw_t{fp~8y+!xWli632sZwOwPbn2h^r<~42QD%SllS?2uzTEI
z#MProZ*`0ND`z6zbCUIMPJA+(t)^bpy@$b;NVQh)tApxgxc37}N;MB+ZyfGaom12W
zngj&hM!6aGx@AA9v^{;(e}hEXcE3hZZSs*|IA9Vl!)tf2SB4LAIWcB*w`{#qGUyG1
zht32<!smW!W$n6F7d!%QV<WnLMQnxRPjds=gRfVTBHj}-`{J|xXA6%?P^iSWp;wH!
zLB{h(f%Q7*nX6wsxO<f9M1Goc-eEDn0NJ8ZwO(`g`T0scQ?g%e9Vm(p;|tJ3KpJ51
zG#N_yn;h0`zzB5zV{=AnP}bCN&$*0u@=ez$PX%`J#dT6wRn=teyOXbYUtT|;WNnm&
zGC^k$kPp#_8=#JK8D8Y=$^{8LtCmL}eu=rwy2?H_n<|3ke8j!iWo7Tx-k8CDaISRl
z{@2w9RohGVZ~T7dsCTXUO|<RvI*Rm%@&~FLUCj3ktBu05`}0C&E&JfFyL6GG{egE=
z;a><$?2S;|VW-!fhZX5lqA4a6{)jMU<15h%uv=Oc$rMKMH@8*2Jc}S<C<T~3Ej~m#
z0_TNC9@h$NI7{B?A3euxejb1M--W`M9&-*uKG-fGmCC9qN`A?~6QQ*y!zabhRe@bZ
zCxcgsrA^FTaC$kEd-)t%3oU)$vkR041?QojXSlevyP_;iTY0xg7I{x-wY#G~{2pu)
zMPBlt1U#Y4<c{$9ux!kSzhjQ0Xc&7L$gU?s(%zC$xd$@n{IAU<ecxQEyCMrpcPy+&
z5uqaoF7$lre_js^vubY7BAt2FP*|r24kT8#fmzmdr?H(#Mh&qy0cS{!w)D5e{*jU+
zZA%Ox2^|nAK<iQwpNx*8-5rowBl&nfx)<oG0#nnapt&pDz|Z(3Lx)574=|~YZ|9QJ
z44^Lpvnd`Ww|l_TU=0O~g^Iu(UDta`(iXA@?DDT!?<O6Tkf0|%pdm2bdnCB**0l;s
zi!1@N(zNI^+*-*mW;q&*q+|3vW^eyUaJ`%jDkb#B>7{0nRNB&Tb-mrR(_;x0qwlk9
z@KP~)$zQ_btuov@eY|qFPdgcH794MzwOlSVph;M3Ntj^=-ysu^QH<xA{r)q5r6P~N
zO>mUPr*KD={O93%6fb$uO>DlnifIbp!MlJe18!}GUJ_(_25~Y%fg|xmMh!HLVDFL9
z(v>^Gk!hE0jlaaM3sTl?#Tf^6C66B<->akp=c(C63NkFCFEZw?9V&B6Qq>eVR&htN
z#qEZ>lx1gr(Egtr><pdaHQfsmZ<ZnkQqOV6h#;KZaupOb^Ddj+#=WxlGbRQSOe`il
z0{6x`KFc0inOQbWW)xt;ZvlR~-MotA6Y-fA$W(QS<0DLIyT$Cm!%QU(_xr-`kL7j{
zR$X=#`r0_c;hvKJrm-o!4K47I4=lLwlHxThoTDp;lR|&G7^;+yK0>r-sDh{~d(3^O
z$80N*5k~osZd}sZQ}z-CBfi8-vWaYAyFdn=@cL%-0-9Z28&E#LHJx5W(|II=tdXM7
zxgn2!Zc!O6_WF3qS>-KcnEC=b1!UaP1~RVhVJ`r=oEtwCyl)8cJ1R87k(a!M7A_k(
z<z8Iv{c#xhrO1QXiNTanh*f70&d*;1bs(`SA7}!;<k1blW#bN7l_biyI8aV9D7wBS
z4-O2B^yVRPgh4awy?2*Y=C_e>Jl>GRJf+H+@<QJ)Us(vsdLW5#qU|y>DXc!3;&oB?
z08ghxF!;~ncWM<ojLg$vl&n?dV_@YwClZDkw)rm}DR<DPvyZ{UZm7i3+{{Pop%_BW
zP<dBo1iV0A&lXw<FzLM(P}%|Lt=bBSc*Q4U>Kx)CqV;BEjuymq@D()ef|Of_HS0XF
zXa?3#Bv?n}M(JCntHG=2Zs0#$@Hq6sOS3KY>Hn(*u%*#uFn{J#sJ)N&lSrImV02cr
zujxab@A<OY8M>Zufzzkmg{$W}W2xPkhP4B$Azd-ta0Yk4rVMkECELAxu^gZ6Gd?E$
zqcJtPC*X%M2Rdz1ui^+(Gz*o_@CO8)O#jShHpYpQMn`DUR!GmQ=@EqoK8H*Z>bk}2
zeFEg1ySmkRDYr{GwSF-<&-2E<oD2QtQ9MruqRO?be;HF2i;vJwN|Nf;E+7Rk2uub}
zM$_Naik@lsBG7+@Ucv{fHLOe#t7Jwq9K=#!w0{3VAvTV-v2a)W|L?|F5;NXf-Wf@w
zHWNk3^y75hVietHwK2173?-hgs9L<T<Ccj+?+o|MN$MP)T29(`?lBP|`v7$2<&IQi
z6}OMooif`kDuM8u)HUChZMM;w(aA?X<7ZSM-Y2j!Ye_V&G{7{(FW(hR>17TFXL2Wq
z1fE>S;VjnuGiR#B>EZj0Imn8DC}MyK3H3(fn0hlmpv5=znUDI25(9dwOF9{9#^@YL
z`zetN2quQz+_!$A4%b0Z^vrDGTT275XGosj_i2cC?!m*l42VE1s$B1T^(^cNIVu19
zNaTMJr17ln(JruxE0OL7JRc4%zTYTyG+{JipfkW;9-t^p^+H=f`|Qg!_hCjZXsKb3
z8FT?Hp~=);tP@%u_!|~n@%5`5{37Sm=VI;rvFpzqoe{))U9A~5_n?Y@#0&XbS`mD&
zs>^e~JaPZc$FTu5X3q@|V@f&o_!*Gpe<roeHkA2Lr;!1f-lV~{u=X`_h51-^i%g~T
z*JOJ0f9fkr-E(7WkVL<K{Tu^{8}joN<VhUxN;;c`Gd)5a$U?X!Bd%YFs?2g{74xg=
zy%SI7$NzS<H`ZN18udIFO+o(pvMSFWz2Py2+d{ULhrXmBj^cy(Q5e|5GJ0q?=?rEb
z2Va7GJKX8ZGbuNl1>4cthwzi=eW;~_#+Ac-x|->kS8VEZBHJy_KLqNXXIe2A%HSok
z>SY6MY2i&F22iM9Q!<Ny%2zu;c2}S0%j&b^vRZ)4RM|9&$tElEB$L7H4QHHWDB<=S
zT4tvm-wIX9z}?G)thoM2ih76*O#!1V$?uT+-~7G+!(qvAec*}`(>J+)m&k7sek3bj
zyy)2lRW3=UUgf<5?Oz^)VHDWkXDML&87)BOC}(2?Soxh}I3osrp$u$cWr4S(xH;ok
z?CmSp3d83x7vIroE};Enc&R0ZKcS|>K{ll}i+{`YpTu#)VLkVj7-z&`lrt!g_ql$+
z)6us*b=8_rE?*X1P?kOW=pp3qb@e_9>c+O5t2R=3cE@OKW&eI_r&U{!KLHYz|K==y
z8PHg9Wd9Q0vf(#fejV`VyG+m+VvnwCu<qOFKY8>Bi{&3#doZM=%3e{1Hgv?OXZKvj
zs@_(#qxNAkWwGe#T=ORe<S;UnbJbQfvhDma@CqG*{+m7oLT~&%Lyn&0o!5qNnC%#-
zbxj}iea_8rI(<_*ddK7QF|8D6trKSMhQn8JX@yO!Lvwnkkoq$ZuN(>Tm?J3P3(y#*
zQE7!j;nzVfg*%7J#~IhS)ger*zCZyG&;cH(v`q-2ama|j<;&t(s@=7G<_!ytSGx|@
z+0KRH-KHGryYAMX`UW}&Kk7Zo=Q{xv!g<WHF_87(Wk(}jAn_AT`PsC6x1tzN3HkQI
z)soyXf8I(@{;)$Mjnf9CbM*f8{ZV*^*FDFse-L74X(Sj|@ceJKrDJr)lG~pzz&ukN
zPxq%n0Y4utrD66TJd?Zp5DLdf53)`os0Z+$?YkiD0vWj_A*7OY*~aF;b`f2G)B?<p
zUU0_J?M8am-iR_hfQMz}>)g({Lop@}#EVFQ6D<^vc&tPj)J<3Av}5YTaMcCR6X3ML
zDXTENV@MXJGPsrxsV;c={UG<Khr0&Z&G|RqOZQ>t(tu4H<*iGe18Cetis{vk{%2e^
z%zbr)7iyU^@SlnY>PURVon*YT<`WL&!j;@N&zhOVq3Hc@mPsDT@~KEULu)yGpssPY
z?)j1TY8V-;t`B~=#It#P46e%rMU^LD55OTI-r3K!!{fgH=GhqTKa^<*APKZbe>`%K
zZb%KeH`xo`$nOGS+R4=O<cWi@4ZM)%8FF@4lNi}@Pk9c1lUX!cNG<zU^U<-ZlXT?U
zpF}H8TPTW!<SUCd4bW(wG|H5k8Pkw){&n}4c-esS>8xshgxk<~U{OWF@4GjvJUXG?
zq(;T{+Do@oDc3Mrg@>1B=mplDG^@wdt_ajF$<b;~!1nuoa;H0<xIv(Xhtsm2Yn9lE
zH80AH5fUPCW{6#qh9(wq*g7)^rD17}kApY1U|ZVIiB0}P)?Kkxcry1e_T%+BIcT5u
zf6H}4S08-!k4MNH&~lC8nmy)P#QjBDO36YGKHDClwz#86rCY+9D+*nq9|8MwDGjs)
z&<F4Z2;xF89FSRI-9mPQObYsd9^_sNv~O>mm=;Z(iJGa`V&T&JjWR1lvOB46XM408
zx6JvRHMfW@CYeulESW)<3aw<0E=760;7O;*C<|%Vtsto)MxPX~!XTTdbsCAu0wb<b
zxD1Km#of}0iKx2pd*?|l*cF(!&jsC!K$qST(0<u_savocZl}G)KPl$Iv%ouh|B(68
z$576hj+n?6$+vok=D)HFAhgku>?zykbN(re>)3x3stcfzfdbj3mVo>n{96;LV3R$)
zyXOngWENuBTrJBf2K*FKmO3Fn`#C*ZY#5s(=ZMzr*Ah&xcqOxn3ky053ElEM&$te-
zix8BdZVzLj+`#`GVQon=bpNP2#~dqxbsq}F7tYF@eu-*XHfs4+S8^Va6^ph{KA!%y
z;_sIyuG^oT#?y!%0n;RhgR4@bv~Qbwe~t9FTZOA)jA!DX^EH1az8pE3ff7BBeS6&G
zn0EH5wc90)noGS)To*=bJqc$^-!g3Oe&aB+HK(^&!SLH#=as%08$2GOCDzMFl8jJo
z`9fds;^p;6lAKKz6jc)FJ-8#RSz6pI`Mhq_XQ_kdYrKDd3&Qamh0f8XO!X^oLc32j
zsO#%ZU}ulJ#oycf(2SoDE{GgON57_aHx29qV$8tW60JyvML_iHPIS2K71W6`>wxl{
zs?&!0>h<BCF*qyIK~(z{b{zdUYdvJS--HexN1xg*7KKv{33EXf0)UC-7JDpls#QqU
z8+A<m@t)I`I+9|fMyw5)R(EU;dVz1aOp!U;#cZ=>fLXD%M#1WP-%Xc7u%Fnp-}la^
zDs<#lc0@ZP7M;jE_mZ%FOw;@NyWwl3r1L{0%O>&&iJtbb)<qp6-l1tu9oP=rIn>RI
zj>;;MP?2@c(XK`C<TvpH{sWGK8x6e@-N?_32?wP+#))|cyYN*^S>@|;C;+C~Jbie3
zrmX@Lzb~X*n~1u$XPb<?nEG@RjDK^jZUcJ`OoyKTj0I-bn?N#oY0LJ&Hk^{D%T_c}
zx`6Ip`38L@1<}Ur!dPc*7MB7lvN+r2$3TmR|G-xJjV_V-`l&Ir!C-h&M}&C=7|LL-
zL1AWLeR^#VP9$u{gM8vZuDQ)L`)dZ9I%fQtbJ`bho!3rDsF3%R!?cqldYI!iPm87d
zY`O?aoHJ@+ZKk%&l|8`R(^g0kV3n16_;fxz>kdKkPjj8N{lE$#0REQHBN)Zr(ia9_
zXAO=uRgnjO%|=(N0^Wf!cl8*F;PzkSG%UTwc7tpVq9^z9t%f^=L}m`h0*)~RV>}5D
zJCD8ygjhkl{B|#NLvaW))s+I);%(>go$c5aFe3q-fVJI&ZawIQgWgYyLl1!nL8w$e
zc4NPk2+lV`@5A{)B;s&DwiT)%Iu@NJv|_~;ALJPU^A}|nIbhY=LNTlc^uCA0;*-h)
zOU<7f-o5(c6LsStw_eq0=`)&1kBzN-xHdG8cZ23a>G)cic->_ZYdBIT5%p?5)`P}1
zQ<;D9af4Nl9?4CWcfNa;za#yJmHSjE-{|h?&Ule4dm)iAv^U5D>AxVpG+x_M-<T*{
za}PPo@Uh;V4f|F=jomJq=FggJ%{mRD5IjA6juJk1!shvf+VIB45Sy-3=wKUNMMCgW
zLg`ND0#nK4HSj4Jukwf~B;+=GJ?-BX?%sobx>^TXSlKq~lX;JD+oq=|W_`c<HeZFp
zR&82Mhi{Yn7~8&_Q)~^@b#;$-VEAA$lCl5!b1gvw8w76OE6~DV%_Q98GF)l6;pS}J
zs%{lMeZfl$j}>j)A4L8Q<#uBD03cSVYBn4@;dQ}`8aVo<%QtV`dxzG$!bPEI&nOQ2
z2(Q%9ZdwTdyr@LxSB9G$B;Cz&aO06T;S%uT{Q)#Ja8~ADy5WqoE)*}v1J5no2dIxG
zVn%w16|b+FiWbmJdGhq&-zgQ94@WQHm#)s`%Y*5_m^$>!KvS@`WZl2ty~)oSlL3s~
z1=Fd_)8To)egVnUjE>t5fGjzwE%i5Otz>_z8`M52yzop8S}0OotNEY|APdI9Bx+)y
z@1-DwbdE6a$%WDlY{y}=B1f0)7`g&P>AAMUt%yhb`saMY3zMZa+zsl$Fmh^gIhLy6
zImrF7z+svi_g2jOS6+(Jg%|94snOijakx{++4YIp@z(s@fdu%zi=v_a@?)sGOZeoR
z1RZ-8b>p*0k5@KgX=yf5mU7|aG40H}9Dw^<%j~!MkZMJft}ooEIcpL>goiHcaD%jQ
z&-%{**^==XDRh&B6r|%EG5*!-&&<*x(h9jM_^YJHFePervpFS>Xc=TQ1@@LzhM7|P
zP3qr{32lhdM>>ui_X0ZN#j_s<NAy3uLK1vGVS1$Fu$?&r&fg&-#mnGk8$SawNJi3f
zm{fH;u4bdWG`H%^EK6eH(=j^@HYVaC*1q7PwoGFXk`Yz(V(dY1^J%UN^_rSGnrC&t
z4b*PsUefKA4~;Qp3ki&AgOy4Il7>AY6Ypbjxi`r%qHjCOU+T=KGzmHXNAd}&D)WXA
zYm25Rc;0YMNeNRh*pi9h@3uV_;~>^;wF(y!*W!N(@YKH8DeclMK-2NOjj`eh7yM6o
zHUw|hYe6zB<S6-7^d3lCD8T%@F<f7OX8y`;zJ>0An3@z>5t1lzw?k$Y1X8GH$R>OH
z15h!dnz^Jtx%~xtjW1U^^o%^O-GUDs9pHF-f^Sq;efxOYk8|60A|m><@fU83*7$11
z^v9>cl5`T?tnE*@6?Haf)t;b)n(HyhcTAk?508+PWCxp)R*dHd0t{#5#!|$9`T7=~
zIhJD}qnv0l!EiNlAbIBXvSb$J&Xx=_oK`IrdGB=!g;7rYo<2w;ex%>foMecZYiVtN
zu>n6iZZhmopq+c51DTjJj-(B>k9Q~u4(-OPn(FC5jxdz22#eD{0sUq<x)EAT!`SZQ
z?>M|*iATgWMg$eA5AN}#{+7x|8-mg!9BigSvLV;&FRD|^ckuOFHlwjPbDqnK*R<fL
z`rLWehDO~?4iw7INF0BcW--=OOcI21vy1H6X@(?CG1IF3I4P#CFj7wtG+ug`nIgO;
zAEdG7smK4cY<gyAOVIIJ*j?w3&1i_N$rQYRj+h;RAm}OOwC=kO)P*NEGa@L`F0k4(
zfalpcaozviKtoG25N8u3_inPu97)3eB-E(Sci!tj@f@>&P6clOdI#`DbQ*a3zZX%l
zZ`>FUY$fDER6uW=d-qD2m<UtYgyJops6ysm{8V|IV2EwX4gF{={|8YWQ}-a1Rui#>
z7p75u0#BXj39DkRY*$WQ_|&v5Eu(er*yqkRx)$ehftRA8|6I}UeZt|yGmy%LV!0-A
zO7Hq9%aaQ(kgfm~+c|gSvfa(2u`#$Rd4@maAH6<eo_6dDJRx0x{<%AQ85_n&Jo<<~
zo0k=eiHZqXY1Y=qr)mSyc9xFGI#*i~xN5I0f@xsJJd?xKJ!eOeuq0B8_5qZCd25tH
zy_y%Mv*-NltW{(W6tu+1?@yB79~pEFBd)Zc`JvP=nIFASlnX-=cD&?hzI^!%X)4CX
zv8>U;iPG0&m$eke?r1(y_yXuSp|$_su%G^@mA5tch5_zu^E~SoQTn|AYsi%|1ns-r
zw^uhZAh-%ue5EiOh1EAFbx9sg)sZahn8u_K-6l9J^|uwXgSd138bTV$_~2voRx*(N
zTde^7+@7H#nJV%B_iugsp!={}>OBPwEi_Q}NE}Xqs|Fd>%a<EWMkD`^u}FP3{s+gK
zxv5D3iw_q$16Y13U-bMIa<N*)!awKu-#2Pj9T5R*#TAXgkQOiaVax8(snP&X&!t%_
zeA2v$y3u?JXE(h|ztwK5A56b0QWALnr%dz-MIJqu;K#H-n>5CVQQ`i7&jUl`O7M*0
z8396uW5Iud&JodNo<2>MVEKQTddsLN!}WWZ2I-U#7&=8tr5QqL0YN}PX+%_7N@D1i
zkP?Xj5ikhpW=QFjuAxI>h8~!B-tnCC`>%JgV6FKuA0F=KzG7c{?<*$s!?63WS`qn_
zP5VgjvDSr!n%>9n46@ZQ$NwV27@HGd0MM=LWFfb><p|Nbr+3lt4<o6@Bmdp6yZ$v*
zejHR`d>9KH`CqDpBgnu;JT|d1TBPUE)3@o59^K)b9s0yc_doWU>o*Gar{uEQDx-a3
zC)IXqdB>u{Op(;IqE20D)EFesX0Llu1Z66CO+I!u9|T4*1+9To4frJf(<#z5efxh(
zHJi<7^%3g#MW<Q?q(%HH9ujFBFN-v<ozwZ$(#{Z}RKj1?<o-d^0-3yM{%R91Gv}gz
z53Pr92-x3=vF60-ntbGY_V4EXSQQ}K$<X~IB>4PVPCLFx=Nf-(hE%H7MDW#M4w<;R
zYx$43hb8O$|4~z{3&dtixorZSb1ArUSS94z9HaZJ>(;p$nc-iQFYz;;uNt<Y=L%N4
z4)N^8q)B*m#KjRcI7epDqhazXxcj*y&y#8OyPRN@U3`rNd6%-hj&UR1UrKK&i4JFu
z1{I$uXnKseWJirnwVN_aP@lwO#*{-=6vO|{a+PEqHj2-6A_!4o5q^(<peBKe4lu~h
zjQ2zUvi_6y{&Vw~Q~uq(kMBrwu_pfoebRvp>!=RKO~{8<Y5NEN1p+bvGn})R#`XLr
zBm+=DEg!c$!6Mr2;o|4-HIcK3qGiVC>}M$Lj<wBt*Wk8iX2FZ}26PNpC}!d99d$~>
zs14U`C&jEC2gh{~H!2Z_+-Ry{qB7>Ce(hdpv;9nE%)m~{2FZnA*?>>lb{G_W7hUQa
z@dN}<6;tei5V^zx*T{d2eLP>^Q~eo(WAvG1Vq7F09*2R25&ocAvbVY*?=AVSN7ohv
zuZviqKQyoa$uv}hnXI4J=;7y!qUf|*9`s_&e_*?67(dv9kg|<ZM&rWyOuHXfQYVN`
z`%!Y>eg)DY=VT}#owrF!OvJJfp$C!^oGToD2QF#Jez?(U7oDO-*8P*RY>wO#i_bzk
zSD)bGr&H7n>s%@Kt_J1H(Aqa=nCQ&MvNjt=@eQ&e*;jwrR?ht!=dzEH#BPy*j_DUL
zD2wy)z>V_%*fNP<bq}cg7oyPx3>NO0z5nl^#PdNvE-}+5T7_P?_R0w&+=e$DyRzAY
zc*Xr2DJ4I?-w&|4QvM6_BsS^)4(AH)qF{Sl1h?}(98-A$#zWYbjrLH@JK4v|<V>nh
z&w@TC-@QGCx51j3(tL77P~N~kEoi5ey@<gt#>k#NExH@??t;SO=^LTEEM?_e`5XDP
zzdgQY2H5vU=*Nr|s4i^CE<7ctqHKqWuYtbOr>J#x0PkXP-(J1OD0EXi=+x(42djnu
z@6sg;$QDBcKXjho_=2B-Tnmr${GWwdZO!w%?c@W<wVory)KJS#6n(2-M|)Bzs3Y=$
z^@&G@K0X~t(sBut(MO#j?%IEaL<sTeXJErp|Enqe5Bc?*klOu!lSK9dcM`m#0L?Q&
znIdJ<!_V7VMcsSCCCK+$X1d#>P|uX&>MBb*{`ZPep5ea}z7>C!DT|v`&eiF@H&nw6
z;U`5ahy>-cA)Zk?k$_jF3qSr2LmDwM;%ml-ZvPCk^vP~0>c~WVd2kZ*ltSii67zt~
zYwk&KEZ(NXkab{fH!lC^sh)%A-&;X?!@79qeaZtu-A%<L?L8PFUEE7f2|}ewfOw2o
zuLnYW2PKY6+tt9}jioCyE*^J!uBE5?f8TUxto;Yg=>mxuwQFa4s@2R%ScGbZWAsmp
zN!W`5F&x2N63Y}U!#g+JAdaGu;=1H)tY0GU4ySBfmL6bupm}|nTmZoj0-C53W?km4
zPl9?Br9yST-R0Vd3lKq<;Mu>wM7%*x+fU#7mYw%0<H&{`#!h9))f|d)>#lySMuCp%
zV<UP_Poz&BwLdn9-b>h<FS!x&G=s~7@BfWH1tI<9|8g8YcHGk|a?37yt_P4r=>XA0
zhv}>JN%-o~M&Y)`g)k}tKmW}9-~2P2Rnld)RyLODzvYPT|J5b`DrZny^aGfw;>UXC
zqb+=?;u42(-`d(*njlMKRgg^h!U`08kXtR{;gyiDC(=y9+u@At6w%{KELhO<_x$}x
zwi(5+_7f;=FH0S$=xS}^b!yD7B@*PDO|>G%pwHyA>|;ol&{fBcT;j}~<k@b0RYwjw
zhzJS~;C5-E=mb9UvX$QYADSqc?TA`R90KFH*EX|p;a>kZ8!32hTbkJYm`MEm)86B`
zano<ezmfKra+WwvJVcH!RXh#)0s03Iv}_xf{yi=EKk$qvEgcB!GQqLxQ2h6aZ<P2*
zRct|upz6m)y%5$BAoE2PU0WB8<Tuu%JeSaqopf`~(Kln*h!2#z?m3|UZ2x9K=Z}8;
z#7#gntgU6pMnNn2+}QFIIb^)zt}H=7mqzfE0)B%4bKqBE-$|j8u4$E0$Gc(c$c;zA
z|If@Lg@##>SqVS#EA)RikxkyI`|L<AU+7BTN#mNlmR!v2f72*zs-ut-35^^+!o@{W
z%|kmP4-knQ57+;JpjQ9Q*tQ9}PWX?2=A_^<3qKHnM-9PF%-TIe|E(?ioOU2f0e!Az
zB_+S{E@3Rx-B376(-y}1K%$qLS_VI=k8CPWYB!M_(k{KF+&?y|1gJObJD>37n8$Uf
z=B=Y*9^!bDvmEv4SFIbs>lw~BGKy3yDTQYkEY&~hyxg)DztyEnHec<TK&afyKPH3%
z3*gXYlZzpBqp$BDFN$8Ah`ST+s41?*AYo^Fl~%Kc_2=&QtK)x&1)jM}UQ^KHv5W*D
z4j_-y$>+z3U-9E-9u9l^piOCfy0G|noR0YJrXWN7e@_<V_b>ks{HNc+2cUJyyJ^gj
zYu*hba6N9h&RbjQXqVX4+BJ`+1*7$|lI}RxMj0R`YW6*Pdqo;>F(Q`+2(QD~%IYU6
zoqUh4oS!=RWaKHlihPu<Jl%)%>xEj?xj6-!AGy}-JeivtgVkO)H-qltmYRLubXax1
z9LslbfU&vz_$)n!$~doGJ1@>iNK{%>dL1=`X#8Pn6aGDv{xQPVE*E^8+142^su2H~
z>1PvF-7US?u~UmIiIVN?Oz3AHee3b3nd^;biA@P!I9#SIcyhC^I@HGaslCL4Pt8J8
zhPg_hOjxw9BtME!d#D~zdfU=;SiNC>F;HqVS0}d|p(<&G3ToIh1K6-OnaJ7a4o*rH
zh>-i<Gn}{XzH=<71j2BLR%~Yd1lgPUhEEvJja_t3qSN@$m?H*Q+LM&BH&IR+E*NS$
zE37<D4$FQ>IT7aYtRFN1Vvx9I!pBu7R1Kb6`p-c?G9nr5jkdZ@J_GGR{>#<Nz)`6p
zsgPh(d>i~F_dE`NesO>k8EFhL?G*^ZhAtfw6Q6U+%H60qR=H4``TKW2_VBjp^^FZk
zLtcGVd(2Tp{r3Dw5u!>M8qDr$gkfq^!}!44{A#e5EBDe2EKhEYMThV~L{go1Y~E$G
zp;uz+PxRXGYLcWHJn260r~!8jYH>OXz8Gmp(}_KuuG6UWQhEg}AAVVzjcMkB5aO!i
zfurg_ne_<kmZyERhvU(6T9L)D&&cu@o+GXoqU$-hk8Rp-h2DQ?f7jWQBs(!{#^C7p
zcGdZ4sp(?#kHcHMb0Dgf>E<)bjb!AgB39mtRQ_e2@{gZ{i0rJlXL*pp)(=yv5QY9f
zb^5}!r%$a&&pt25gMGVhB^ew~$H+1++jPt+b9=nhM2*zAnDsW&iRw_36QB3@D`NU?
z^@WSD;#waSR_Bsf|9+dF%EB`O^eGU|@9<_n%M`?{>>s_{M+C%;d_uLWK!!qA+MI3x
zeY*hdBJVGl3K1F_Y&W~?pA6F~P%-JO?gf%304H6@oAUa2u0R1I^rvFk-SD3fuQNC&
z&dMQroOCDmRqw+nydnZxFD(hf)^GtM=fI9CE=v&Wd`$Hlz!Qh(FXDj5cO~CkiDQU&
z9w^hU+2A2aZ4T7d9B3Va{{cSYqyHr2E1(Oc;e_#~d6j3tE+a+!#F#ve56?s%tFDJ!
zm&JGB9#R}Qq#VX|gh*H%Y@ojH+iW=v&1ZCzJ@eE}{eXSjN+XXp$+57wwQ$((gCWR{
z;cCso;{24pXyVP6oDJ792kg>_ZoMD4cQFG4-pD0!zIIY+v2rrISMNVub5l_80`Ey)
zt$#;zwfzRLH~l7{#lN5Ze&F_7CEV2Mb_7(HAol<@THgzmw8LB$U_*A&Sap<83EBs@
zkGAcsaBCLJ_INuV#I6kuvc;bK(2kY1c9cs=@jZUNBfS2M8~~%&fBH_JH|$Ks^$1~;
zNmcULpCzqb7&w~}jV?F8tJjYq;togivRBif9-$ydQ5LS7G!V75r*xy~z_N7b`Xm(@
zN`ORlfb60z^HZKNL(gTypup0#l5>9Ss<CU^qe`*!ivaP-jj7%AU6v{-I^_p_P18=Q
zI45&9$5mOXHU6-3WJi;9km~9wGPEZ}E#MTRD(orRg{Zr5t6#HbT|A2e&3Vfq_Gzp#
zk;FI$c;;ikZ|<e{qHAgSK~dGys^pH4?I?WA02f~Znj4UjX^X0jq`BFbqigZOBo_gz
zKERV*SQ8FWb$Y-4a3*Kr_JNECu6Wk!uyx_~hp)6>2?s|pbjiT>HQ)^bz&_VZIO+Z`
z{@B7T=q|L;y8gss15qjgFe(^NxnPRd82TtuHHZwU_3+Y<<TDuX3@sPa8I~knvA5aJ
zzVh$I3FG#P)xh_fMkmmCdfG&)0q_7=Y5;f$G;D&SJxu(+0y_8?Du<mm-3_dbg^Jfz
zww`guyDmDwuPhFPeUYYrAq+R4St|skoZqn-{ZZA7Ne^RPh>U}Oi96i~xh~Y+C;Qc%
zy8dHWuhc8zuxj7kbzkCsXN&8v4I}OYcnK)@kCS=S*h7%-0lWG0r;dJ0@0&(6mv%z=
zulaEiTr_+pgPHqbp{MLK6)&t>c5vDU$#kmK!{<=i!^MR|xevd>!->$yjVfPs9^L#r
zadORI{OemjeOO-uIB}U(!|27{oTu;KY}Ufyj>n1MOQmhwMb8!q6`b#%!^?S7BbZ~`
zVBmrsId)~{Mc_TUW@yNa;M@qtTO0my5(0CeC2W;Y#)S-h1KY<$Nzc5w+B!f+T-N){
zzE~!o+uM2m7Ub<0#(Cx4RYksN2wR@)gO|@K5aJoTXGDn3h=be@9s3@eg|?d3|L8a;
zF9Nw|l-d;E_9C`YI?9PpkYB87_uPE$vEbR3pSv$v5AUY=kkCtMU}$ekR(4qWiPW@y
zvHzKS!4g|EXt%k=TBzLaMDIKx5bpVrie>c{UGGfE5T!pW>HRm8!gFE{`3<R|-4_%j
zk;4a8)~Pl#a#M<%;o%x@W?jvGe$RDbkrm>jacX^dy9?LXGH$Sc{&V?lgo<Q+_ES6p
zK7tO+D-&q|JeB3wbGqC+x_c-zPBnXVe3S!JsKTI>c*7ExE^>BTUp;bh3DNoi)J4y8
zYIC<<n0WoVu=I<-)8z*x8?gxR^GF=4-Kxj7PKcfAr+$H-KYI^&RwXwzU*2tQ!m+M%
z`8N@zqdB&ahm_nSYcK+z(_2iK5R!cfu{%989EasESCn&9UA01Y`qfGM$2l?gC9LeV
z3<7_CwsJ@le$-pagF1{y{D#=s5wfWXi}y?ZinD>dsjFlA%`nro0%q5flQOIi?&=xn
zpkfDo?o+*%93#YW%*6x#c-J!?g@*O9V(>?MRgaz`ZulaFe=m)gB^xHiJp{ufcZCay
z9SR*QIm0vfcM1N^S#YQNw=I6FHv4(=X*uNM7$sWPVjp&r+0ffkM}U!}#j<V|!M{}|
znP!EGAJKM5n7vkm{wW!GZVOONgaAS}Zbi1AC<(USCg5)IL)ddIG<4RB-McuKGsWw?
z2aS{c(qE7o8kaPFqgc#+7rFY`*|c;Fd6|EmTypz9Zi2eqCnocsA2Hq~AVoTzF-Vx4
z&lp9ndwcXhApAcl(4;~KM}pNqk&As&8utxAD*h1l7s2u;-rNK6B&*$)*9TU|V=rD#
z>AF<jb%xwY!WJFxJlDbNQf9N04)79|e?|HgM2+}g6|2F6liY_UE_+&C;?+9lvHk<I
zaD!^ecGM&mQE@dfvpVqr7|<rD*WWRmAwAA$nx3Ac42d79_=c3OlEUU}HFp9wNgc8d
zgzydk$nGYNB^Wr?1(X`rVVqXS-noaK1VrdqUa5;;fAz%Y@EUnexsWd--^-qh;2wYQ
zd3f+G=xXbOXLT|IMZU7DqHR=?gex%gIOfn9wiuv<7}hBhfzXN%%~x%&yC<2~3mm8B
z;<9RA*%ej5dKT(k9VB7bnIG5!YTUcQj7o%<Q#fKifOW%rLc~u&NVO~;F$RJ|emz2w
zF;S${KTmeMPyKUjk^dXe(QP!BcZt0U?6%=JPClQtS{&6*jK_jEa_ufAw4w9MMHRKr
z3euRa>8gRnx0*_)Qyb&;WJ)JJHE$X1!<F?C5)KVF-#oTlUp%sbP}xIMacp$WSAP@A
z={@nX=)m5JroE)7c8KI97fMon_&jN`;#X#I@tiLtaoOYa1^YFEk^^?NkdSy>hSw#N
zDwV?55DCFzoo+Y$R(zWfpOMU}bspGqzg`w}?ci~Fl#auS=u(wIqn7hYO5cY|dJ8JL
zRG0U7K*d^WOz}=bW_g_}WPdWSh|PASCLlxh0B-c*mn1yk?tOtNgK#0<E!LZhpRJ&d
z;;yYABB%uCOV>xm!I;YyhSu`Bd-aN)?Li3li|q*K-@hZ7Wb0ooj?64NrTExv$z>+n
zir?zJLC6G$%;3&Zy>r%uUHkgME>UsBN*55$J+q6=ey+FODtD?z#orP*)~Ufc%HGd7
zqWg+84|0sGlT;{wna>{>TkSNI23o4VCb^H_9REvp8;2~;Ic#HfLu&NA2+vVKKWx;;
zI{%V(bX25@YBpsz;+K}r(;nXDq7s!(Eh{|Uc%r?1z`9l;8iX`kbQ^l)8dx?eNy;nB
zN}OMb#X>1UEztj=d6uKFu_J3fXkXX2ur}Z7d*)U*5WFP$JJZ885a5y@{Rav}vuoZf
zbj6FC+!tpq<^zSTYQ_c&h@Zsn+!MK^9b8WKiUirN5njW;I|SbHG6y@p`9&4IY>PKa
z&N=^mAH;q3@OPz9hyw(-FN<>QKvCaeH1xMF^vgcPwj6dm4}7`MU9P+G9u2!#Eiwwb
zBhO2saJ=(~X1qKYJ%cy>Ra*S}v(k|?_bPOUS_F0qr5hg=#s=Opcu<|?AZ_iPIT;do
z`06LIWK;*$Udc;qn!$&yt1ax0;J{~m5R-T7#q(IBJbP7Fz`|h8hz!in%IYs850zq)
zTc?GLvJH*pHQwZO83p&}V)?dQe=Ym1%+z=5p>@+r=A*Jmn@0|T!H!u`EbT*+2%5Gt
ztsEH^<kMX8u(dfBB?S-dm}jVW9rR^0J7p5w-z7ebK3XO3rdE*I6PcsNDfzsPxeVbG
zvi-#sglMrstPDB9(UI;4h1&VYhcCTyEb4>kZjHk#EsTB$;6RYSq-e(je<gp|i{QYF
z@p0wAqpjJ)HEpOX35<0Rk#K2YKBF>Rp=G)+b?Xps*juL!4Vn-W6Pq{VTnRIPW>0>D
z@2UPVV%<muh4=w4L@*s2aJye?Bda#Z<Ml|0i8hZ<zV2$a=9y9CS81c#ulrigA0RwJ
z6MEyo=RrJK*O(edl(|k|MRpBEfu)l)PmJ)TvM`R=Ty6d^232`xvj^DSejuIA#c5!u
z_@dFCvd?hRPR1Fg6Hp9D`~WmB<X&lQBzONfCcwXbk1w3p6&~m}yS=*!5Zd=Zbh#dF
zfT|(7tnwiwXutAl^qg+2?AgK0z1pym4xj-zu2{Z~K_BkBvx{u&{AS1*AZ))9+FvXr
zKg8F`F<!%+t|y=e2fMf!?z(`dYV%7dn>Qa+|0yJ&(RH0tqtr2{5~y=7ZXuS)$LsX2
z(`N4%S+a8XAIa~f^WLY2OH1~VM82D{y>&U^r}D~3`AWm>RK}+)kp(EdQ0f|__lpnY
zke{Oi<EX<<tTcG$`vkcqNimfTqa63&jf?JDao@CTx5Jy;S?!kiiJiTDya$1{`POUF
zE_LSwce(5=TG)iRidPuFw6O8bZv!SueYXqN-qyZ=Y#HyH&HPDHJ?3n!9Kabi7Ap&@
zDWCP5`jR7=&hilCaL?Ari`nfQS6k=2_qQ#xonttCevEulSUl1q2);OoN4bOsExIj^
z&~FUXWJv`SQZhZ58yvZBIX24fL1e8PLDLgS&@KrHb;fTqIA|7+MmeTa8vLEZuiPQ*
zTUpgHZ*)t-eOlne$t~~B(k7ebdX5%fObCbe5hL{z^bZ!qC4U{w{eTfE3F6mw4y>_<
z$bC2zDEl+^P@(ou!@9Gu#;W+eND-dh0|t*<pV>pYsXkjjBf56^b)hm_FOkglVKqop
z%uWsRnWgSk^3boY>$F)!tzUjSXI*sn9;?~gW(3QO_lH9+OBJ%MrTMh-uQcYtJFJ%X
z%+Xo32ewQrkcAc0ANK635k);qzv@G@%G=)JLv^Xsx3uP0Oy)n6wrC+Ua-fBphJ)k*
z!l#FH@$17^GkNb9X@yneCu#1V|AbiWY|Yjzd{&sVD<G-yZLDTB`nx@!HhcKmOtyXW
z46^lswr4XUL?p|Zw70n5YE%7pz;sP&_{^r~`MdmJ%);Ttntp>~5X3V`>lH&t$0y;a
z;{=jzioMS9V|JX5OCn^cC}cfRTcq1WK1Byp^PthWxbU5x6*DRjfwNlt3rO)2XGn!A
zGWEclABjU%dI?^Nmw5qfR%RZ(A$KtK<%@Go#7Xs;{-c+Dw%**~bIZT@^7mJT?YD5T
zsSN>nh0wxm*M<6O^-@rbSMi)(;YtbLtKoLP-Uh+BTNNmf=efw#fJq^MIqC^;=0YHa
zA7yXD)4mCwY5`X`e-HbPdveRJ8?fAz&Ku}4mQ&(u(4G>*ue=T6AlGs$kF5~$O<552
zEZnQIf!9`c9AdS)ieIr+m-(sbL90Q&;t1uqVdh4Tt&$}1M%k$^-;ID+z*ofY{vdvn
zK$o-squzttB{dM`_O5tfNIS_lmlRLBg3WOJoU01H?2X4#D#?*uD0r^zc89pXsR+vx
zl#*U8S;WN-P;Ip43kCq<nUe0MdH$a+Aw6ad3l>c6u2VqU<=jgBQjq3>q0~V13(x(a
zGwodJUW0FwlYCML=fkKh`0yFTWfGEQ$aT;vYvh4p0A6^4=~~p0B0W!s@jD&WJFtIq
zj;cL3g#1;z5b^AxF`!1_3XU@U(j;>e%eR%VV@WIbyy<f0ciQ>CBT8BEUeP!_k(mSX
z(~hY3SR0YdMMDIv(^BS2^m0+^06`G`O4y$tKc!uqL=(Y%S!sq{oMU^awLaKt%yHHV
zP`wT7f+0Z<Vt#|K>hJ_#*d~6i-4S{Q1ufvx{^O28{s^x_`2P{?|7jQP)h_zzoFHY@
zChj(eBY6=422j;M4jRv+h9eS`lI7h(N3ywm|2T1YyVb5WQ-oiflKPziW8cdzypHZ_
zzo-PTAm2R}IqAS6)S{U9MVH^s*uxGcMq275q-96x*z~;eYXXEv*Tzv>zCGThvKQYQ
zzZZU#AC4$+@FO5OrK(Dk1ea={rr1Vpjn9j!vQfl;8d-2=-Q@hf#;cwcqKV18eyne?
zhA7#Wqty<E+>X<Dn3o2dQ}tzE+xpee<*xl7`tFva5~XsI;9Cj)6C?&tDV~xUdZ?pX
zoxwRZfF+Oby}#FXGtEBww@zh*D4u)gI7BLmEd`==4l-XjI@{j5X6%7P)6h^=UaBHV
z_G3}Q9&cfA2I(wq?!e!|`Xp_N9S(vCMBp{3#B;{$H-DO0%y(_J7Pr9{J>I^zgc3ZQ
zFq|Y8M)FQbA~a0=W;?fc53V4JQVAJrstj6OA(d`bcfP1$3FMzSIG%mKxRa6=tf3YU
z2#R;1<5^oouyCJJR|d3FhhMHd{wsNIT--<n)NtC{C>Da`#twvPOfK8n*8EY+TL*2B
zXXuD}?nP)fx<+R%9;)s#-Xxc61@h3R!!Kgr&ra?9sY78v+hcowgc$wu7Q#C_qr9rf
zY%JT+;Yfb)r4epe&&sc=4iZRNUkP9SftPy;SIm)x`Ofs7(9ARi1sjl|h=10&tA<Rh
zTo2h&Z$6u|Ecj3k>oc~h7^}w}=#yQ5<R!Ws*T@z<5Oy<f@?MmC%?JdZuQ0t8BDxaD
z$q%lte{|8tC|T8kyXvP$W1w`Tp(4vAvP5Vs{hT&&qj<+6q?elcfXw*G!py#<b4*xf
z48gIsB>W{1eDqp4=swRM$n#5UKfgs=I{Yr_J=4I8-))nDJ!z4t{ufyT1-1uL`KM7R
zbG9mg{jZSqgwT3JCp+!Fnx*`_A}X`HLdn&R#n$?t>!&O~#K_v_V1=;*kw_@-zk2-1
zAl2Cch8o0q%t8-=#TMF*AMwR13_2P&?iKnKTYTsH7W(e1T<Qw*SDl#gKtx*+Q8<N|
zPO2EvSk2h@Jrn*{xNrw(pZ7j$iz5sUPrk%l(jTc@<}T;u&Cf5-=T%!&!aG9g^<SGw
z#HinGsGnaeLe4>HlY^g3MZtf$v50<>WF`CdM#lBRK5`N~^jZIo$hRE1vZ(Q6K2UJA
zUVU(j5+jagKRoF(Lh&THY|vpHDsFMp#T?cgt^Eu&peJH~>A!2#8)75o?>XTRvL-C<
zID15F*$^ZTSueMAj|Kk?+U>uQt?WRUAGl{z&z#KU|Hv%{o)N}h@*_rJ&*qz&p})Ju
zV;lk;^dq-4j8Hs0;mn=lO)=)mOKl=Vvt)IcibISZc&_kxEc)JEjj$Oe6a(I3-hJId
z#Kx_7Xi5RpO+cXM-8w+}rt0N~Ph(@6tS>zm!GTEzla%>aXLAS@+t%n6ck1_>BYC9q
z@U*>x<J2Ny<uhlqdFb=TeD_vlFLbQVSCRghRc5{2?=lnr4^8#436`)aTi9F!&o~=b
z`hFzfeX43zrGEb{E?U8uOiz9OEg(18F6N})_9e|0&dW4y1@j1d{!!A1wsuH${u~=3
z5bT9B>hh&?efW!m7P7XUQN167jUP*B^44inWVv@2DC8Grh>m0sG~fz8uCyur$b9D$
z)nj&UiZQ4iwtc1E>Xk=l5$7u(pNl2IUhqw!K5nT&9m)-w=w0Y>CnH<g^Cy^un<0;j
zOvnA5razBVzh9ma{sNQ9u3sxc!w{$qeaN4DqZ!;yRWzZ?tGzKC%QD8{Dj8GA|MKhc
z*abL`@&Ki+<?&K`>=K#_IYhnbvrz)(u4V^8=D6yUtPF5D=CB5!m<Y{!0hv3Gc>$R}
z7mgur0h})GFJt`%sg0_EH?vS*?A7gAXg9e}#@lByE>jz84y8ke2Sel?VMk{2+4b(z
zPXjSa_<_}4wb>|b!Wz(tZP7X6d{)rc6vdyQJrtJ)b^w7Hn2X#8hme~)O(*9CoW*i&
zdpufzbdasz1LF`v+JFWp`CN9tU?8HWYhta}Gg`R~HD9Tk3ww|mge&%?d7>uMIpBWw
z%Xk`$WZM#z-5$7p1Xq(|G}3FosJ`oF%(P(=S+<D0m#YV#Rg{%Jr_;Rl`I!4{=iY8I
z8Ep;)`6QENo<#!7$0XMrO*#_nT%XPAK>*VPMt2JqzZK8F?yWK<r1624FY)Zb-OZB>
zaT)tz0|k%WZ|$YH9ZxLG`f$*s!QAOX_;`tf`xR+w>hf_z;Eo@IG%sk-^S5KieAOv=
zwt`>kxG6NLQryBlyq)rzjjQ0xELerM{U;E_aRN^X$t$cGN+gX2<%U3}W2s>IZ9Ec-
zyo|)TUPV?Axe5!-*X9zEr77+Akir$uWWkbcw#FZM?1IL-mJd(UG7;xbxS;4BR{)|7
zOw%J@KM_y<Mgbda;kp)asdgL{QE9GEeGnI(4p5|7=yL~zQfzSoId|3Y@9x&lALnA9
zm=*s7bG@uP<$BZ=bGDX)ce7@eTosM842-0$Zm~ApKGXXItGDvF&JvIkxxsu8Q#b`K
zX`<i}@l+IDbc<SVakHdpdVfU0Ho7@t-dg;=3m!HJIgh0D0u1F>Ry7iS$FgV-^1lsH
zYqi~|0;H8M&Wl|l#R}m%!=e7wr+>IlPLmIqzopn83SX`43bIp8eXQxLADjs=COK7*
zF|D#8<3?kyHWntl{1=~#ygQ~s#6s3S7YRH{^77hVwVbbS<QKP>IicNR3TbZ5xEl%7
zQE59ar~mzIk$?<CkaJ`=f38;Pl?T7Tu&;Nrw)@`g7{9sIkXGgX>dlSc1-)>a3OL`-
z8Mn?h7ipsRCMZdket!4qidc1IJGELY`i-0$z5E@vpdMrzciu`Ec?e@Jl}2)KF1#Sf
zb~TxE?xE%-q|u}4025NV?Ri{jS`^N#xdSE;FZnLZDysOE>KG*bOZIj!kt2?86YW;n
z8GX0s{N;!j$IFMOBbMLBbRZj5aK^fmG?q8_!){vfPr!!v9~PTjF|J0DPx8KN+)?%s
z$olJ^p2=9rqS1)+ma#v$z4amsSGyk1aH?QH>pVrgn1$mf_aO=ilR*@1ok;xE4ZVZw
zseEO(?q^Ukdj0fx1Mid|-9P^DH1*DdB^RLiGveWVa?qc`vmK>kA&=qILsIJDCkODZ
zD?z5nXr?Qh;X>Zk(y?c^$&)!RJDgL8Z;>R3nPi||!JpU$>4xg4Rf|EiIwlWP(--|z
zP!=Lsv7~4IW}`1!Bjfs>HZlN-6y5N!6-=z#cp&mYQ^<LV>5oomp$^&Es|X5;Fk?(*
z+J_vNnY<ZXM6fbqbYIRj%Sl}BHI_Q)@sOm<PxF`z=isYbKAWqL2!i@{HXm{;bi~xA
z{Qbj%WpiiOgU|>Wt2#4ajEg>03*P;r(Z}7r#hYX??sxlx9O{QnY4!MSD0tQ#qm@~C
zt+&VW0?^MB6CHi-5?0F)`&&voL;-v2hvPMvDyZh=Ls9e1hbm*v<FPIeZk+Xy<4|iS
zFjbFLaoZBjct`{A=DRBL1<v8w?eVULvj&Va8p;KE_qBEdVVVg(#6&2}jKaiPj8}i1
zkdvxZVqCT)#UanGh6Zi^6Fgr4i&(lA;Pl-k?C`p~0(@{i)B<3Po<Vv~l124d4IXpN
zX^7Obs<D1$y#NAy9-_|pJiaPXYyTd%=I1L1?;U)m(B?ATdw((|nUB3>l_`mdQEuJm
zO+4QPTV5PRbyq&C=)}9G2d#Hlk(7>KC4lkPANvd3NP1c<vT9?pZHz)9V!!pa@j>#J
zK2=J~TF305S`^h%;4B3DzLlKo(Vh7~WbE1Q(6`N(nA4b2jPR+@ckk`mY^uVRxo`4~
zXdrK~VO(VX$%WrvX|{*eUm7_vDlD_wkR{yI!0_k0%-U*w4zxF@VC9AdVX;qgx1tjN
zR*gDTk<&p10z;HhI#}{G^4<jDno`=dIgzx9#6H7MOmVnKvs-<pS$Ccp@G~4NLmsGV
z_G67jFlmC1sJXUY?qUk2oJ|$acH|(<sFrIv)hDl2d2y8FpgUNWU&LT}PreN&x))HB
zY$;DocZ`I5#cIOztu1Ok^Zl)HSa43s$@^oz*NGE???e(GQFfz>3boW4X}Ls`U3ce7
zn!;~9Y(Xe_JWc&T+pZtew+3&&x7umEiJaKrz^>hknxzQZmz=F!p3))aTD)gQt%?4S
z-i9WmBlT5Nak2HHC`7lMaSHV&uzc+cQT+0Xe)9G4%#%kqR$F;1==L6s)?$dwUOfyD
zT(UtxyV+S7=u(Nt>^nDBz=lMTKVlQm@+P&N@8b4AR`<tT#aN9FC+~88qncs6<Kkr=
zY9B({dalXxkt!{9gvtUW=CYarx$fY&^7RxB&=KS@>5YRv8T6Yg*pnMABd)|!?H24B
zFenT1YM5+^hzAV%#e{X<c&7B7aW&f{;-gv>e1@9)jc_Zk+#TS+*15g9?Ye$bWM1n|
zF2?Zwh-<h^obbw;RYtOiu*w%Y<}w)yGRof$P}Ikp?I`g+dV$lE?yxbN_q@q|U%Wty
zmATL!coe+mjlOOe67&`LA}D^o6v#STN(l3c`e?%8Tn_4<KVvEx{lkIksx)UGw3M3X
zjXeDnDRtQshh!3@{utJ_u$l!;%$KsN(74*4iMcxzld^N~M|!3=>m4eVf}>v9ee&}l
zqXErc(XrOmhaX+qmFJ5sizksEqpJhtPZZ9Kh&aw3iiEu6RDK<u8`b-P3cn2MCS$k*
z;mX7%HpYk{TE%k@D(7eJLN;{M`biR`CRmOPna0Q+q77{VS(0OTaB+4SvIQ1a<vXu9
zsXRyreKWPK3sjhkNT$A-=#A#V!mkaEk&rIbv6C$*H;mBrTxXIrZ<5EkK+0xh&}s7^
zN<VeCt3jb~u5_AxtZXNnJL=??(;4-Hdvk%ipG*@A!2v2#_25K-=1>c2kQm9-3vHv<
zLsy(l&s*Dpwb0=gNKx*bI6mF=$O4x)P7`ZV{<e;U*7tt!P=m=RK7>dyX)_yN(W>6x
zdZ5!}B1I9}hohlR4306#L|@w74#nA&o9K#Oy=Hg@3&^=`McAuaP=lP4S}%}}u})rt
z2#5X3M~nea(4cbIHLnTr6=e6@9`Z{cyS$-|aLB;NXrA?+#RWPvUEXb0$rty|gt$0S
zf2(YG8luJbl$a+-j~WLd#1mM7kVLh|z{ue0&Ks$UPhXv`)}b`!Ps%^TNOKYT+SFgE
z^^krS5XNOzRnL=N0KpBp9i$H#f~59=7lFjG-s9OMFr*UWjISPX3-}L4<c&882yRR3
zK2U!GYd>kogB)Or#O0L$%c~9d6-f0-Oa{0NW4A>o4)MRl*O*TKBB!T2P>BG(KFVR-
zNxz&ezf4*tADY+@7Ja?D^%L?w7o#3C{6y4L2U8$FF5P4P@ZHX(<u}H_)p6aE!wQve
zMWXj!e10P1VgN4p?sJRu8w}gV#?yvu53@T`Goz=#wFnut5JgY1NnBvj`+LRab=7~_
z7V2dOW0Zd@mi9gFW758Sj2&v!{jF}y8}@PvmVWzK=ADS(R1PepCTTmvGy|Lflf<5G
z4G3ZjEQ$s<2;M#K)-p^LAGf0iIOk<_$12JTe<h0xLsTUW70;ck;V<ssKJ2O_y;@eL
zY%xPypWHgrNWKMVhBNUfs>|u7DnFPhTjaB<KTId{`JwlDO4K9h+$<a0*(W6=Z@a31
z0@LDbI^omcmNPkukJ>cm7_sM4m96m`#R)g>6p*prAw1$GLOIGyxIb`wZ5;{!?rJJe
z%&Hz4;ZRMdcV>AHu2!Sf?;`*HLNoHU)^fhICw)Fjw-U#{)z_w--oQ-?kLtbeeeRy`
z+$c?X&F4j*gcmL;3HZEzGBul+F6GhhpUO5y$W5d6Km(nmmG`Qak@s-%ZkkE2%|~ML
z<RNP|)~O2f)Oc*I9$e=yc#`nbgiNgRYl^Q@${+(H_gQg@-Z9x>haSrG;fFao&B_@9
zZeQ-IWe7+)y&?>)zQPK5t?eM5tm*Qx26(rA9k$dMD~30C5)BGTh44zJJ2hEDjH+7~
zG(zU-dU3*MbF)A6FkiF3p0yYoe(s^PDgX2>s!#KDOW4odCT*)bLE-!AJauo#Uj46n
z^=c<g%0X;kBK_(Bk7VnV+DYcV7^`j2uK+`))=s7N``?*E6eHIqpSn^oqhp-9Yd@3S
zBaMyBPk2Ow3C`cQ!o2)Ov#y1qQEinzH@Cgr-3gC^$~ehL*;_|WHVWl59Q9nS)7`D?
zTbv_L`rZX2huutXtYj81DEtF{-gw}L{JvWJ<&uJVjj7bM%6;L!S^QVVg=1G@nMq+$
ztrkw6_}W^|zbnqQ>$(_IHHO6^*;9q|Ue<EIPv(1(fnxgZntLlW)CXTb+UD08_Ntor
z{8iBCu0Ac+cZNhh1*t?j2S4afc`R#2c;NfG{S86oVQWB5)3nA93Yv1@umZI8vmE|f
zmPa;TyD$_gqk!Dkh?3?#v47;xj?sm*Q&CZAtMq-cKpCVevpuG@TpwK>WBm+rDNMdl
zrlrzuSMA>+Ts@z&aFQPKo7?!~^u~$l@2fkKLHSUbukPg3GOx+Ercw^wlX#_Of(`F?
z0JM~+0kIXULy$wOdnt+RfBKt0EZR1mWwhU#tH~2Epcepj#V4gwK818w5=mkS40v1x
zxJPZT4yYpc;I%Xq9F%6k8$M6DSTbpB4pYV~DlV1jsF7KP--OA9yMa3rb*mzWl7k6U
zHw!Dj%n7`@Y+v510ukz$r2ZWkYi`7hjbE26Ka5T+SqF%!t6T}XzgrMTua7~kLLRVv
zW|trBV1?LR|9f9Wd8WlPQlTN&4}Tlwl-@n>1-t0{I{SN_)P)!iZd}tOr#-F7f4nB{
zV+@5&0=l9$D9jfArsq?x;7dN?WE2v%1@_fn1P)LU`JpaXo*OVFpyecs3v!5Y*s;OK
zynjLL+0~yG95SP(4D*O`?mYPgFn=C{XtbTR@x?m*YmZ%L;rKt7pkbW8ue|i%`GYyz
z@9@?LZgAO&H#64a9a@q)0$%pmHK55Ogmd|@a=sNbe9Xy5Zxnj8u5Buy>g_lppviCz
zJ#!y#<xk3KPbyv2UKVze$tymN!YuKxyJMUN(+RIh-ydjGuppI%=KZjyKi`wO7&mb6
zk>_UC=b_&yZjVrscQ8Z*b7np+tHi}@F%T5-SyX5SKRrV}5-Zu}s@$E0;?r{4@AEgi
z$HWqg=jMG+Er8CC`dK1ku2yn4Noq5rCAdF8G~^FPBX=NgcLVNssC(Z|Wc&m?MluN*
zg!&$ci5Aj5Pv*}9TecdMd;pa(Fh0-y1iK8Ct`3BE0`b^}tC~I?WwwahHcjec8RCRk
z9|QT<s_Ev4^KgC{&gco;qrbE1f2Rin=82i-PP^6Fqxt#WR+<Ip=`$f;|FoCWa{zZW
zHgfhW%OM=Z+>0rgoxgxDe|6U{X;Z-i^F~K9P!fkmi2W{LE#J;**l2rWmZF<5NwUKz
zhb%tW_ysGUK@?D8`5A;?RXHQV_DJkce}6>IPy^AYXOy$t5-!zQkNK8pV7FOA7QV-y
z2l~0|Zu32=U6Ocm01dadSwnrd2b*Pn^m1H8SF;u#&%>BS2^{8|^xDWB!d{;26Gr|n
zwFe>C1$oqUghZ#WWy3RUE-GeD?*25bUXO@w^1Cbvg4y%rbCj)XR@u}aQuZQGJEIEb
zVCBJ2|M1h`+1^9G6N=RppXt=5@6&WpfZLejfxlNp#s?O&WVRt)7SlfhyTb_Sn1x$q
zpE$*p)qO7y`D}GM6=3^?S4!ekJK6{{y+GW%yM1?6SrqemdQivnX%)UDg$DgXdUxDC
z^IOY`YzXo3Ujb=};B={blP@=8(nU1{YKh4NmLLr=GxBO3oqbp#T!TA2^&zyvgfsh-
zxr&OSx?K_{9HFI3`}MXl)c;D7bLZ=A%j!W*U{yf=&GPXaV(E>*Xl`kid^NB55G68M
zut>op;z(1gs|dhE!6%?Qus;sCt3($;w<Y=f3vj?+>cpEjKgn=m;%xjP9i7pLaE<4S
zCVPki-9~PVdEf&0q24Na^DnI5;kLplnH+7O<umeWsd1-c6QpFwK7Z?IDmLJJZU>=6
zkqx<6dZ-IkEM9u(e`V+Ja^Q-JRpks~c?g{7OAcDy6Yr@08-E76&u)kMqZcznqn;4>
zi<%=MgaqOHB)0J*FlZb8?MY$e3A~Ih^M`%Th#F2Z{?yfLYghn%!Ij~vbh%oV)AE}B
zL;wS&E<^=tRv9V!?x}EY462kTC&0i9!BZ&}dfmLSo5))WFN9x0aTav(*ev>Z$RC*R
zfJtN`Z*Sebpq!onq~(N$yj5``C-}G~F%MH%50k_VJgG|N=T%F)Fh2O>4Sf~|JE3sL
z#a!d}xm0OBI0V`^;BaZ&Q`8F1eb4=B>;l$*62k>aY~31#RbaM8A)NU36CZxWAy4t`
zCNzo1Z3_WpW68w<t1Bp)OVM}!yz~Xcp(d(Yq7vxAm2yE2P!4?{d~tR~PJ9IMz>UyK
zo~&UDE7f=2Ons?QtiZ9Oq%rpW$j;?L`LTj)kl3@!j_xZV=A)_aPhyzFF5%=KJ_#uK
zVr{n>4pKHrl<x_2q-nYPW$JsRlQvTVo>;KB<}ux2;i*@|_TjzTisyt!I4YH&`_tuO
zrQhaagj>ak2*80eJ5H#ABT8HJC}Qi*J6@9Q*NvRxUgYn~;!IWj?XOCiG^(@IYB#(4
zjC6L6G(&^|VTyQRs_jHgt_SbeKZS$TYIc$C6JINyR3H^w&q0Gq@)5YD`GnLna68)Q
z27TW9SHPW*VrE|RwWPdgI}+on=bizj16D|7un_<65jEzWYLoBl`_=Z-@3W;Z9n|DL
z?e9Pf0C*K32bp==6mnY9ina!E7NwY8D>3wxj#~1F!<N3fTCw}Mt$a(;2D&#$Uk+dC
zaCZ@e9s)8+aTJFnF{VqiZgV%2`WqhI!ac+q6;l>}eVDdTK)VStb~$f;B;z`xE!9KN
zx7w*MFZ9KkRsMd&OCOH94CG=cx$2+y_XA8%k;{M2b9yDYlrMCxf?sRhm&hF6xvw_m
z7gP~|^b}N9TNg06v$a?`9fX#96itq!=AnrFOu5z+c$BhZ-y7B!V%qd>@;FheQsjxl
zr>`Ss>LK$DTE4gU)^*+4Vw_i!Q>GM#-iYA1@D-UJ<61`n{rB;S$aNc)dTNd1ZWAJ(
zHKp=wah8)p%DAAv!pGsVI!!Y}C}wVSlD&<$lrRhWT+n^q?fvr(A+rP7;((p?kKEj7
z(jT;$Z+4RVn?;3cTZmC~YdP1a{RB7P4EnSvthGoz$1KBBSF%BtZ(Ln*_hSJk)WJLI
zUI=F)s_&5}%VpWuPS|^=Tq8hFUF6mGxxOa$YcjH%>gqDz<TM}zAqaJ*t%d3R66@pw
zSOO$ydp{zm(LV{3@l)<>CF)WHqxqx?ZfQrYrE^ik=5gkQG|FerKcN^fytAj|$S6b^
z>3Hb^VQtrkMBfli(jg^X8yFEA`_#g=W6s%Y8)M!XtNl}o6{br3*oc!|&A2svY;MtC
z0Xf2YvUZRa*0#9jNwO=WTk)bLTB+S>gd2{_4YK5822?~6ggdNq``E@Q_|!3t@<!Wo
z)VZMDP_#Vij=QJ|C<6BVeIyA9*^gPs?Z`TIX*XKt)qqX2@u(TM)7^WOS!<;B69jgD
zskX<y*G^k-W5T$SdU!I0d`QX`-E<LQ8+e7V9)AqZ5|Z9)j0tYBQ|ne?xpW@uw2h$W
zycX8aeDK~U`U@9uO`R9&TZ*Srq(u+zzW?UEh6!*yj4tQM=qP^t4x5~hJ%^VGWHJ0M
zk<>ii-|7WhW$rM<!;+Soyp5VWIwIXsYxOXzdPxj;5jU|0VreII_W0w+ea*xt-bLPO
zz_ISWmL>#Q0&Zi~i$t(S&*ECYo_Rx_;k^4mr5lSlx|v@a$^R>S{4)J>F(Y>;25fwB
zgl6yhdWW01Ef=mVcAidlTj2bJtapZzV7{2TjY{WX6w^MW=KkHb!3xO1b>Aq=7gu*e
z?)0zYQ$-F7HeTY0TywD&+DNbVvVWbRWR|iUHcQBiGF!$i^rE_=EqZ`gBs_SFPHX)G
zm(qRCog<egj=?d^@02;^s<Teu&NgMKm#nulVvIu=UmF0Qs^4`!aavUG79MO+f;{m4
zghfnwq~zYO2ZyI>>&&i1UNW6D25#_0vc@3kGqE?nh_+y%`IALlMtfv`t04T7*G0Y~
z@f^Om%`xYKIRw=l88G$z<G@r^#FI`#BOH_P7{SWMIk+9wf_%(i^rAH#8w|WTH6#`_
zy=GCkA%EC>CKnL22}@ZOkn#H~)e9RdsG|4)kz&L}vgXQHz2EOkWFcnAZCHPGM9180
z#cG3^0%*caz^<RuV+C;KiM>^S=(tr=e$%|}Z2WS2G}1<3$l`6v*`Db@&tvQ+MUv(2
z5?A5=W1lRo_Or_l|3UOvv0nRacG<5P!Q`uNn}f5upkU|3rA7uJ#QLW&3jftR*S4)a
zAGk#HRjnjIcS5~o{kONWPSic=+L%(Tt6mowKx<MO-lx8?ge@B<f2D<aTfLrj|A~0_
zg5x2eVL9o)%8|6Gn#j+{r|ore0;NhWI$-@NN3fzTkWS9GmLZAd;46sfPAQ=2cUozC
zPI7)QM=6?$(BIZn`BM^M4?iEA)hI}rJwx%B7O?PngeW-ZyehsCkKk%=zPT;gxkowp
z^U*e+Rb-Gt;g_YUn*9-h6rP8^qURTU<+;)8F@5c6FTB!UNz7XZY9B?zQ|g%DDT{Wa
z*}FPi^l}WX`xbE!wUk`dMy+}Xb#kzq?=Qn&vELRPN}~aIjeRI5yzWz-2?~>xB~UJ4
zm}hYmWs_x-{C2YWgr6cFTWu(U8!MQDc*q%e3KmJ1$*EkNrWf_8Y8;zZjd{1m!HBcq
zF5YHOA|lZZ?t}5t#hbi*j68t?sAxknNbnBUc)bZF9<vrh1y6TSrAZB;gRdsvH7xp^
zbnJ*s2oKwz`NreNunrlI6;0Y=9wfm@Gpx5cH#7*!Kem5L#LEoSk`};-K|Ua*#-BZj
zEc&XrcXdH+A12tAIIeU}{4Jezpq6gDi9PMa+D~=qaMXF+;xDPMP&JZUHt?X*GrwcH
z8@h>|Iaf#hIIOnv86B;<NJwtoXxMdvS&q};?@E<%iUxxLK9lc3y51K7$qaf=C73{x
z+XL|_5`<nv=4Lx%HZrbcUFfw}p`F1C`gr@m>WiPQ)j=83Y`j=(DDY~PRh;1bdH8!b
z@{mCY89=|9#Smfsbj~%`l`w)pB7>dus`&<fdx_<B@msTIwu89<zKJa!WVblYKHbUY
zFj+G8rO&1!^STPTfiZ3<lg7DOuKeet_SYjfue`c5OBZmF@G^CuagmnjX~`5x;Y6lz
z$CJb;FSazOBv8XBXd^B#U)>tI;3XqyjS+x>r#7h8`{=@}e)|-k*4=8LzXtUwy;2l9
zKV<Evvb<VHJnFk04b&~SbUA=rEXr0QeHY^WP@U_>ZlbwnrcFeP*!*{Yr5Tx6Kg0*E
zb+8qV-ZJ^d!;D^K&+N1W{{WnZQ^**oI7Aa4Z|wBrS4W+#6n9(IiT4jhS@)dUINe=&
z^NcdtuPpWICCz!>C2?i&eiSQ&2*O%{KHP(-j#IajRYbY(+WxE67SGQ{FThGTkA9!u
zPRK|u2;hP9+2Oie90jl50$p_{-p-v3aNdE4<4s(UNwT(7vg>nKeWPGsoM#|0YY09#
zo=VPjECa}-G{=v?Fm4uf2yXOBM!Rl-?taRE$bS#~s<QIzYOG(y94Gtk*9lbia~h{P
zPLQDtgWv~D!PT2ZqJtbiXWxGOUh}>G$;-!09>$2#kHXI83cl-K-|Z^0nbNM<tpt4c
z;NF`q{!nr-;TKtCC9~mPNEA?PAt$2ZNyC9ZJj7}h0tw<r-w{+!oH`rKzfaYthwg_G
zqu+g0ZmRCDf*R_Qixj-L;+N$kPUOH}zOUu*vWVv}LhUEet4iPVcoQ4VV}S2a@sDvB
z0k#J$bey9{Uyb_1G9D3>)VG2K4xZVh<SNMg?D9LjmMHl=TKe)@ZVURuJ-zFg#D~YI
z%Y!hQF(z5fk9h7#JEGx-u512cQq1{h-^ipJv?;16S=arBecdLR%7F-S<c#~G)##tN
zNo_#4RTSt+W)+A)`(#qPm})>8^tF<pqzKO*ly=x7j+rNt*yA*K)_G3*O~uX8Fm*zH
zo(2S&Cb>}tfiz`MY4!C|G2|UGc&}3aOM&(X?5w$xXlLt|oV)JnOd%uf*mXcn!CXvV
z$j^&5LHeX}?-J@Xo(Fe7-Ou4h+lXT3!m6BB5+@kxl`;>Onk=sApaqA9m<^KOsV+?9
zy7s#R{><ld16sgHq8plNj7{3Uf69|sFreDD^~4mrUe=V5D-@Rq-j{Zt5s_cG9x{}l
zre#x{FM=d7Eq3Trl&;~2W~rWO+h5)hf4EX5QLQ4j->aG@_8^I}S*YDJrX%o3ulrH3
z;hr{hT5g_OqG&i>_(D6v<^~l#(1AM9nw5BkWb+E@3z}~U;Y;6c5D=L^Juw-X_{g(I
z_1SyqIX>L>lIW8r_84EoRv7gHlp8Vlo4j0&^E&MEj05F9KC$>KtUI~g`IADS4N@MI
zV2t@p1JnH#J{_(5S(#<add_G5SXWpf&_1R;IZM8-b-^}Cive}GD|EG8<a?b9Qm5#(
ziH;9WKfWpmr}*yCm#!5QrY{t|E=m6X^>pU(P`z>cw-rj+w-!T$QYIt&GO|lw`<7ji
zL|J2GIF=%Nwk%-~X_0-63?qhQmo1DX*%|8?vz*`5?|Gi{$NA%&^VfNu`*S|`b-l0q
zPNs0H6i#^G{unGxkoV1LF)Lb)L2OCrq4S{F`s=SMKe<1QdFzqUG$<m+$AZqK*KksX
zNK+rkM5SIlx^uog36eqWUdBkMAu8r)^5jJg;jCn_ST22>i4C&tUZmqZr0w1krn8sD
z5@PpgF(H<J@4>haPfT*2M&mItWljNE^O5I!rs0$57d;!nsPCr5E-`FIsTx!DAEB|n
z)UMVjJr^C##nb+rU^Ko!Ivt*QwbLDF<QY@_u`FRwaLt==XqPJRbQp;*TGq*p@*R5y
zdG0EaxIG;zyr=GX@{{Ou?soLFz^nDQKQ!28na@(h%sDZbZ@LQUp5PO$V4+jL;xo&?
zXBlkY_i6nQZ*aE!`kOIRDhloM!fQErSAE~xhM)6XxRYW!!T-<oPG2U8T4@94$<caC
zwYf}_>k;ofUUH6cPtb$WPo)eZ7?duP#~zpTrrei^jb0c$%zKt9X^NZ#=CbafNUZ0%
z1+xc?tKA30K64~R9jq()wEUUJzPZsN8TX3FmJEA_u_qF57Fnp497>RLl^ivWc<!7k
z77uf34r3hR5&!s<e;&L`{q#cgyrYz@&DeZd#*)($i`*<6f#F@;9%>1Awn12ba7k{u
zbBAe<Q^#3hD(`5yFZ;}G()Sy!FJBBojhgjFz%@}GV4k7LtuMO5<!9|`75+Zmq<VNJ
zlPdC%tRn*Ccciei#9@>_2L7yGk&<yG<|I}>=};)1;68xk4go$24nsJE)5sPuV{*nQ
z8M3vBlL2k0HRR=fpdOs0E=vKcimrdByUGd9%cxQ`wPvp(k0#ii7DDKfpno5sIk}ra
zAURl`g!|W|UIb8mN58mlBXoyDUq<1Uol&8E(SU)bq+xG5Qs<E+wBl1MO`}Xx+CHzw
zF%GoHa`#MoybS;WQj%IXAy%k47woj(oo!AOb0ITz^NTR*wcQ8Cll#99Ax&4ESU6)L
z>ImWO0p^y2la8z7@dlqC@mhdY<oG(+I%Au^yxM9N{DHo4OZ<(v&=p<ef%nsb33o|q
zn$Nk%<4q8akOSbRhNL}<QP)d`8;tp*2?AvMgk>@7`X5}h_^+<mL<3m){P6tFw_S;h
zR{zp7X*M$CrQxMsSlAS)npw{k8);PL*J(DGY?&e8Gde?Aq*vQk|46-jcbFqv-lbA`
zull0+f2H{&_N^qe@8Y-Dg_JM1qZ2&l=+Sn%3E9#Fix0-BI&C{Ok{3kZbib=;=-BbC
zPp4V9Q+1ETXepN%mhQzA2L6CMrt_e~9xAqRP>XYZh%Np#l0MX3<*DMIp@pZOmXXvO
zHPLn6zuXFPm5K4ptM%^{*4equ@!zly(ZH>{U~a$@LjCXFOs!vK=My9kJ!@H`(B35e
zes-<2t^INZo!J&%ac_Cu+FiXl+~G{uvr#$o0jf_GCgf}vy~C`h2yvG|sQigqOix4y
zR&*7ds(tkSz*VJB(`m;r%7i@i&_t4C<ddKC&=eVSK1^iB|9!f-aTD#o_2BxLbF|pN
z5o}nyn-S4Jdm1fHzmqygI;r}Fu@m|l?Unt@LOOT4#3L*AJc4-j%quqH$NB7th-td0
z6*~NvufD6rSBb_D8>wIXT2<Q?Q8VI3MK{f=iO8MgG<{F~CFP9As(j&g5caL-J@43a
zx_`<tXPptjxVWV<36UNbOkma24k5E=u;G!<ZqTd4c*|+ku-sPfU}8LVr?C4HCzv09
zrNl1m(k+pJMTtp8O<&%Ctf)8ddWJSP*pQ2^T8^{a>e-Bvi}a9l<k0yynK^BJiQa^<
zwq?5o@9*;pm6z!>eS5pqAUhIp1gMAioU>0|=scy|MBbm?&#F|sH)#>=f5S~Ok(H%$
z`!vmB*IXT~ulg2+RdI39JPLsiUh>5pokA_g-N{mRGRh;$aZ%e%=7OTF19BUEc~1_g
zxab+D-(Y!4Ta|mSSs?3A5405U=h#W(kVJ&U)LT*S+aQhTTq;{#q;9yLribx#<Ev`&
zd^R1){)LP3F_%+NTv80nl}@RR5%iVAtT08#)~li^&<%O5O2qrpxFe&-Ir=S)zWX~m
zqiJzC?He|8owC0r?$Dr(tVQA4$0=|oU6zX)nZkdxzDhfOjYP`4f~xxs-JmZ#EDdAP
zimN&01Rs38R+Vf*wkRX`@shd+9x~3T)Q8V&T~Y!LBiSGdr{|9$s&$8@ZbJo*kB5@p
zL)XwkR{FhGPlV%yj?=Eazg>Ko{2h?{q*>)u#(`->iuPIqC4%~W@C7(Oz}RjGM3#2)
zi^_3OEpy+dvFM3a&IAwH#&TZR>cDt?%bI*RzK2*_0;M-|F2S_#7^I7-C#W-wzWROc
z+E4ov!{1gRA1+&494S?+L$9A3AHJ2VFWUlaOwe<^G)P>;W#jrgZa+>E%EsS3cCt7+
zJH)GZSvduZgAC!8;Or+-A_&Hsz-d(9zsB=#)2SLpt)XqA_e}-#+p644&I3M^cW_^+
zHM<hJR~#(f?DT%e6-W86e$JrX@LX~VJb|NByeH9MKiNeIH}#A1c$X!(6iDkXzXM?3
zF}oC~ex9iCU(P7Z&qQG*;=ROtg3BLv_rq7cgS`PO@)O)TIo?WO(uE6G@50<iuT6vF
zcTYMsaPs9T(>pTGn2;NTu&7!Ov!0i?9C(Eel1&f1Ra=|1#&0P`^J5iNtY7oPzP}eS
zVT;l}$O%e6Kd9zmnc>Q5#_Whcvr+}@*4Azgvp2PnAgdhj!j3c+`0Y@$G5yg8iMM9X
zohlT1>9RwBU}Ttv<|-_OpD`IB8bfl)DUhMpg6itRZ8)u-n8C!OTOOUXl;%9k2+lYe
zkrW3oOJ*4IL5pUOy&E<~mZA1$_y?B=m;qMz370kxY`+>TVBew`a9%6z<Dma)&ycO)
zfAe6U>!gl+vVwC7JpBH~u$yN%Gnb|Z7cX_B4W#u%{1@CQw>j4of_2z|rM1Mhs*30G
z`i60?A}}uv1;uj`H}^}cnfvQ>lO+`+onsQt!MWX(6BqH9!aP`se(ssnugc+kYcMIe
z$fNcU2WC|+kf$fg%?4;Q^xBWNwPPx<LP!SejjOorD+)c`4*z!MQ@ZM1GePwNsolbS
zWQP3XbN4=E_^fOeXv>FBookY8(fnDSF~lJEiP*>`6#j-qa(huf;wqz<<>4^hw^97D
zT99^Ng@7dS6I=R`h@k7phOXc0^2{|>HzheO;@vp8H2zaRGbVO4>DK962<+X)D*Wvu
z@HE$}Q{QM(fA<}6=-#6A6O2V_gC@H{&d%ikp3$fb#?<Ac$7!MGyLvNl31&|7B6`!>
zA4-tTmN^@HA}5@~eXM(BmN56xb9Si>_ul7{JYvY}9emfW!l-A-G)1z<^5a*rUK?%1
zz?aH|&~<EY;pd00em7;;&G*L0nEPTsj~kCvf(@X$I?kd^2cbMjb3VZr9y7-E-1J;@
z`8%{V&(L=H)IXktuDvlaX{R;bE7aS!Vi}h%SFD>9g+=xER<1quOwZKPGwS}Gefl5|
z>iTSaqy~Qa+M9cqT3Q)2QeslVh#xC{FUy+rt7Jl{25ryf<|(<nj5m3Er43kOZqJXH
ztdVvhS~$YHNdEDaSpSlHlj8wCK_-@>;mNPdv|Ig$7Ert*mLIJU4yh9CGN<g)J1RGu
z0mb)tX{RrI*C~Qe3j*t4`OhAmz_*)7^jdi{Ogr7`!Hu9&IA}Pw1RL$;Fe5mzQF^gB
z-QQ6%;ab-kC^c?9!rS!-LyuX0p}p3lz1&v>TRDx36xS0i{T`Hq+9?#?(<<5*EA^r_
zUkm#q9aqqD_`<m8S#ZzkNql5G+IGpzY&Qd=DDC{I%)Vx_!^QS}6c9jOUVvN#WzDp3
zPp<QBn{v<UHKRYaJQzOqXok{Uok4R!whQw&I&CfxIT%F%d!czxwqD6z=iv}MQ`57b
zx!K%xpj()Fp2bHSGesqC|6w)qp+n)%asD|^U3R?LJYmx~mv!7wc7zH_Q}cJMJ=@KK
zgGETgV8tPb9l~LP{?Ph1h+{q3{kWdwK?2jdA%Wyuz_aLGR0+BSy@YmepjK08VDc}}
z3ygn4@%(F{mXIm}DIVjf2Yc8paDoDL_a54UPf(1vIw{**@Dig8&DnO-j;3n&2%&)$
zgGRkp|7G@<fn?U)m3~3W+X1rPMa$CqzG7$E(k#${*!fYYyX#3zZjjdq&ro2YY&Zr<
zU}r}DVXFc2<M26OuQd6&nr;VcHM1ZHps+u$P#$C6*ANz0!QqnEtfC=WXg(2dxmDr)
zFNZTg#mTP*vbj<K(@?HT^w}<{eS<(ld-CmUSa!=yu{4J4{z3uCmP~blC%J?H?Pf~f
z7L%0n)k-L+jk_=d6>Vw#3|JE;#?c17DgzhnuU_U%v^!urPES9KlF<&omZRdhihj2F
zAR9Ik`{NAx?RV6u)=+Qgw=9n}`*RMU6miOM_<h(J1BMrh^WL}}HJ&*i-LD}7wJ~c>
zKPGgJjJd)0`_`eS*JwTns|VTY%=0e_{RN0(p9)R1K~&U|)YwkS2S{sOU>p4Iu=8r-
z+k%lO_JCyW?JXQS`C*@(+f;7y&A7w2$B<vm4(nZJOnM63{k3;b|87<z0eXNFIZeb1
z7$|=%7CL32@4f<t<K>_H)c@_puH}z2HXq1;c{5L_3udx$J~_1Jif85SykXP@Ck8s1
z!&ccuj0sts^9sEo4`Lacgu3$t*C<KI+go0Z@P7GR`~iK7317wz)t5{7T9-qU|N5yd
z?(b0{K?ObvvyD2l7bHGZw@PE{p|8}O&W@<szDk|7Gx`y($OZMa<)B1NxA>jI(haWX
z@b`2+8tOVxNnB!tpli2m6(ASRu(bv--+@w1=Re(|R~?1SGIr=r%btLJas=Q=_A6{f
z;cJ6SP)uoL-s}otYsRv|H)zoR7yK%<70<|Uzr90ECVh$1Z*`bgZ-<E8XWu7`M`VqD
zL2wc^4E=T9!N1OhcuIz)2vNFv673p%#`NrC`FZ&9<(T8ueiQ~(cr*2d*sbN~oUE#N
z58vXv&Us%bt7r$ihMFK>{*ah-JImZzp61r05N5;DV?@t`!cv4j7hXQBDnCf3arLyg
zmcJS+=%Hjw*J~#3{GtB<jRk~|Jd9ePSb+m>>vP6~LJIcYJ-24&!kI<I&8_+lTohbF
zEgy|(&m}KB4nX}X9R-UzKtjuERB4FkJb0gotA}T)3{PypzHS2fJD5Y@7YG*ap)b;C
z2X`#MLd^FV@LvplfCW^jzjh!DBK#d&2Lm?X6mg&*2&B!bP<fzC`8xi|5@bMiITiCA
zu%eP6ncxD(6RxCMEEsz<-L&`7i6}}j7rrDYq4E3A8-<SFRuk7{HJmG6bub;=d}pU!
z0p8aq{_aWB#37u*)Iw%g@}{Z9mt0*b18GTUUyd_MN|>2FMK__%-kRCFrsmdkNwwIX
zQ>ubw;gwF98p?5Nx>Z8Lh~iab3U{NF#)uCkz*VL4zi12H58a$PK<j|Vibusxqld}!
z{N}?YhF56df6A}<AXj{Mj~}_zd`cY929%H98Rao}K)Pv(5Yauun@1!Jp`&W(&OLQx
zD`bQkJ13CKrz=S)M5#Vw!@pM$s}U$eEPg$R7(g0HhPhpj=|Bo5D%FW~Ajz@u#`aRL
zKH(>VKC%gme-`%}Hl2Jp!CgT=jV~Y5H0x+a`&@tSg+Mq_<tk2S&H*vi#4V)*4Aj;;
zF1i(b66~#1NAhP*TCLrv?y?VWlwmIixYeb!lU>a{%_SIdHU?RmJ7eU#N4J;V^?<8C
z1yl1je}2XZJSW~bd7+*HPLd&9n#q))43Z`(v2#+=MF8*u8x~P2eqap|*ALhIb7PTQ
z^M;1+S?d=4FRy2vdGTuYzjQ}7)p;!OLI1Pq<MDF%=JBt;WtKmPZ|S8A0hN&Op^HuV
zRiyGC_L{N`_?cuI;;(;Db2)lCyJHJjwQxCrZw+_kDaknajNOD;Sy0~m4UJ&I@dLe#
zxRMvx=M}c-7YmoAt!d@I8x`g;BEo}K5oVB>J*O=rK-)e1r8{}EAU=fY#V{vEwZ-qe
z5UH`n<EWQS{DPuDYmR1?j5zG_8w{ByOhRdf=<Bw|_R7dc32US6%s19R%B%eomjfet
zZ2$bMiE&$`?L4to%HJSZ#4=0gx->oY<tcd&|6j0?!+-MT(%ZftI3t+_P&P+j_K~_Y
z>D)+?@}<s{YCf>}rgE@))3}RlNZAHnfPyEA*e}UdwyKd5GtW<Lkv&N0CE8d3M@Z-(
zv--X5np|2ReV;h63rP%fi0J*BnyLKDHc}_oY4(;9$tn<JCb9h;Dd-GfgDQ(?+d{iM
zs@+9pfMsN?<D7JSFgA}Xi9LA)l(~3DQ0{tmw;dheF%CN!W<@oNlq~sYhy|V{13$>?
znd1K`3p_5+t1?&Ol)586QiTwb8wgtPB)}-_sI1ZQ*;CJD!q?HsJczRGI%rP%?5Tp&
z9e%=?heSEwT&54j&UGSOxraK4<+lv#cf-^wtq#jBUT&z^Eqe+LILmZ_g9W!O(o0&$
zi<(sS_erN*IC_VWU6BmFhAgGOkfX|YEOAG`NmE7MI`G^LFPLWhbk!yZhJ)M^FQGHa
zb%TN1@PJegf_oeAj!{*G+JHBpHw09`Nh0n$+=?~<smK5~kFn+82JO=V`;3y~u=ax4
zYG?eJQzn08r02ceLQnjq<?j>F6W+P%MS0kL(XIG3+tULZRMCe;wD{4lgNA=6LFoU`
z^#73h4pR<utLM4Ju!9<Vz^(W7b<Kfy&W~+GETSXhKja4&5z@U5WYm2e=`v<qmp{4S
zC&rf%8eWpZixC5#qptKWd}bAKP0g-F3W-{I8Dw3nVLExDcLu-ix46LC6uQSS`*6N{
z<@yLm-}AQ%ng<?j<F~IS=q+w9xX#yfUZeaccB+@AI2Fnw<WEwkXeARe*q4OPQrIN#
zNfJBy(X%dH{pi1+1oODa|IbsQ%gC(6AzqF_5#$rg+A(!a`QUHVDDmpu(!WuwM4^R^
zCe!YK?K*E8;)uhaG}!;8upUS2O94lx9IU7?{}PqZHHANHQh;s+ShL$O1J;v3`v&zA
z3K)6flx{BChmXV%Fuwfz8`Qco2z`*KA}>M@Z4HsM#xU-r8q(WJXO|-5Q}F@=GBo$+
zd{Spl^!EPcn!S7Hl-H#0kl%HNhg7isVD5c86cN1HQ)YY}`4{!2sb)LaBy_86)L)p_
z^M9zf?=-H>W!%YLbj6J?t^cb7Fm=!{15}cr{S(dv)CTp<3~<x`?Lg@aP)8aF1ZUPD
zWz-iVZ?~mIw?0!1pN7ybZJ|krY|S8b;}8e3!|omujU}$d)6otC9V6{>P3Oq}2RX+O
AxBvhE


From 1763261503304d7376bfa0cb8291d44acfbbe7e9 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 09:52:22 -0500
Subject: [PATCH 034/283] v0.8.46: release archives, sandbox depth, quick
 fixes, web install, docs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* docs: v0.8.46 CHANGELOG — platform archives, palette, sub-agents, sandbox, web install, search fixes

Closes #2188

* feat(v0.8.46): quick fixes — palette, model picker Esc, sub-agent sidebar, shell chip, model name casing, CVE bump (#2212)

* fix: bump qs to >=6.15.2 for CVE-2026-8723

Add qs override in feishu-bridge package.json to force transitive
dependency resolution to >=6.15.2, addressing CVE-2026-8723.

Refs: #2198

* fix: Esc in model picker applies last-highlighted choice

Previously Esc reverted to the initial model when the user hadn't
moved the selection. Now Esc always applies the currently highlighted
model and thinking-effort tier, making Esc consistent with Enter.

Also updates the picker footer hint from 'Esc cancel' to 'Esc apply'.

Refs: #2196

* feat: show '⏳ shell running' chip in TUI footer

Adds a footer_shell_chip function that displays a '⏳ shell running'
status chip in the footer's right cluster whenever a foreground shell
command is active via exec_shell. The chip is always visible regardless
of user-configured status items.

Refs: #2194

* feat: auto-collapse finished sub-agents in sidebar

When a sub-agent completes (status = 'done'), its detail lines
(id, steps, duration, progress) are now hidden in the sidebar agents
panel. Only the summary label line is shown, keeping the sidebar
compact. Running agents still show full detail.

Refs: #2195

* feat: refresh Whale dark palette for better contrast

Improve contrast and layer separation in the Whale dark theme:
- Deepen base background for more depth (10,17,32)
- Lighten panel (22,34,56) for clearer distinction from bg
- Lighten elevated surface (36,52,78) for better elevation
- Lighten selection (48,68,100) for clearer selected state
- Boost text hint (138,150,174) and dim (118,130,156) readability
- Brighter border (52,88,145) for better edge definition
- Update tool surface colors for consistency

Refs: #2197

* fix: preserve model name casing in normalize_model_name_for_provider

When the user enters a model name like 'DeepSeek-V4-Flash', the
normalizer was lowercasing it to 'deepseek-v4-flash' via the
canonical_official_deepseek_model_id function. Now the normalizer
preserves the caller's casing when the input already matches a known
model id case-insensitively. Compact aliases like 'deepseek-v4pro'
are still rewritten to 'deepseek-v4-pro'.

Refs: #2109

* feat(web): install download tile with arch detection, SHA256, China mirrors + companion binary fix (#2213)

* fix(web): download both codewhale and codewhale-tui binaries in install snippets

The SNIPPETS map only fetched one binary per platform, causing the
dispatcher to fail with MISSING_COMPANION_BINARY. Every arch now
downloads both codewhale AND codewhale-tui side-by-side.

- macOS/Linux: added second curl + combined chmod/xattr/mv for tui
- Windows: added second Invoke-WebRequest for codewhale-tui.exe
- VERIFY: PowerShell now hashes both binaries; Unix --ignore-missing
  covers all present binaries in a single sha256sum pass

* feat(web): add install download tile with arch detection, SHA256, and China mirrors (#2192)

* feat(sandbox/linux): process hardening — PR_SET_DUMPABLE, NO_NEW_PRIVS, RLIMIT_CORE (#2214)

* feat(sandbox/linux): add process hardening module — PR_SET_DUMPABLE, NO_NEW_PRIVS, RLIMIT_CORE (#2183)

* feat(sandbox/linux): seccomp filter + bwrap passthrough

- seccomp: BPF filter whitelisting safe syscalls, denying ptrace/mount/kexec
  and other dangerous syscalls. Uses raw BPF instructions via libc prctl to
  avoid external dependencies (#2182).
- bwrap: optional bubblewrap passthrough when /usr/bin/bwrap is present
  and [sandbox] prefer_bwrap=true in config. Creates read-only rootfs with
  write access limited to the working directory (#2184).
- landlock detect_denial extended to recognize seccomp SIGSYS/"Bad system
  call" patterns alongside existing Landlock EACCES/EPERM detection.
- SandboxManager gains prefer_bwrap field; set_prefer_bwrap on ShellManager.
- EngineConfig gains prefer_bwrap field, wired through main/ui/runtime_threads.
- Diagnostics now reports bwrap_available and cgroup_version.
- config.example.toml documents the prefer_bwrap key.

Pre-existing clippy fixes picked up in the same build:
- collapsible_if in ui.rs version-check
- cmp_owned in goal.rs test
- consecutive str::replace in normalize_auth_mode

Closes #2182, closes #2184

* docs: add cross-links to issue and PR templates in CONTRIBUTING.md (#2215)

- Link .github/ISSUE_TEMPLATE/bug_report.md and feature_request.md from
  the Reporting Issues section
- Link .github/PULL_REQUEST_TEMPLATE.md from the Pull Request Guidelines
  section

* feat(release): bundle platform archives with install scripts (#2216)

- Add bundle job to release workflow that creates per-platform archives
  (tar.gz for Linux/macOS, .zip for Windows) containing both codewhale
  and codewhale-tui binaries plus install scripts
- Create install.bat (Windows) — copies binaries to %USERPROFILE%\bin
- Create install.sh (Unix) — copies binaries to ~/.local/bin
- Windows gets a portable .zip variant without install script
- Release notes updated to promote archives as primary download method
- Individual binaries retained for npm wrapper and scripting

Closes #2193

* fix(web_search): fall back to DuckDuckGo when Bing returns zero results (#2130)

When the configured search provider is Bing and the query returns zero
results (common for technical/compound queries), fall through to the
DuckDuckGo path instead of reporting empty. A provenance message is
surfaced: "Bing returned no results; used DuckDuckGo fallback".

Also adds Security and Code of Conduct cross-links to CONTRIBUTING.md
per the sub-agent renovation (#2203).

* docs: SANDBOX.md threat model + RFCs for persistence and MCP + SandboxExecutor trait

- docs/SANDBOX.md: complete threat model describing each platform's sandbox
  (Seatbelt, Landlock, seccomp, process hardening, bwrap, Windows v1).
  Covers defense-in-depth layering, config keys, denial detection, limitations.
- docs/rfcs/2189-persistence-sqlite.md: RFC for SQLite migration (drafted by sub-agent)
- docs/rfcs/2190-mcp-modularization.md: RFC for MCP crate split into
  protocol/client/server with OAuth support
- crates/tui/src/sandbox/policy.rs: SandboxExecutor trait definition and
  SafetyLevel→SandboxPolicyBehavior mapping function with tests

Closes #2180, closes #2186, closes #2189, closes #2190

* feat: sandbox parity tests + remove sub-agent 100-turn cap

- Add sandbox parity tests covering platform detection, denial patterns,
  bwrap preference, and policy consistency across modes (#2187)
- Remove arbitrary 100-turn sub-agent cap: DEFAULT_MAX_STEPS changed
  from 100 to u32::MAX. Sub-agents now run until they produce a final
  text response, are cancelled by the parent, or hit a configured
  explicit budget (#2034)

Closes #2187, closes #2034
---
 .github/workflows/release.yml                | 145 ++++++-
 CHANGELOG.md                                 |  60 ++-
 CONTRIBUTING.md                              |  22 +-
 config.example.toml                          |  15 +
 crates/tui/src/commands/goal.rs              |   2 +-
 crates/tui/src/config.rs                     |  21 +-
 crates/tui/src/core/engine.rs                |   5 +
 crates/tui/src/main.rs                       |   6 +
 crates/tui/src/palette.rs                    |  28 +-
 crates/tui/src/runtime_threads.rs            |   1 +
 crates/tui/src/sandbox/bwrap.rs              | 131 ++++++
 crates/tui/src/sandbox/landlock.rs           |  22 +-
 crates/tui/src/sandbox/mod.rs                | 183 ++++++++-
 crates/tui/src/sandbox/policy.rs             |  82 ++++
 crates/tui/src/sandbox/process_hardening.rs  | 137 +++++++
 crates/tui/src/sandbox/seccomp.rs            | 405 +++++++++++++++++++
 crates/tui/src/tools/diagnostics.rs          |  40 ++
 crates/tui/src/tools/shell.rs                |   9 +
 crates/tui/src/tools/subagent/mod.rs         |   7 +-
 crates/tui/src/tools/web_search.rs           |  19 +-
 crates/tui/src/tui/footer_ui.rs              |  11 +
 crates/tui/src/tui/model_picker.rs           |  18 +-
 crates/tui/src/tui/sidebar.rs                |   6 +
 crates/tui/src/tui/ui.rs                     |   9 +-
 crates/tui/src/tui/widgets/footer.rs         |  13 +
 crates/tui/src/tui/widgets/mod.rs            |   3 +-
 docs/SANDBOX.md                              | 271 +++++++++++++
 docs/rfcs/2189-persistence-sqlite.md         |  86 ++++
 docs/rfcs/2190-mcp-modularization.md         | 226 +++++++++++
 integrations/feishu-bridge/package-lock.json |   6 +-
 integrations/feishu-bridge/package.json      |   3 +-
 scripts/release/install.bat                  |  38 ++
 scripts/release/install.sh                   |  46 +++
 web/components/install-binary.tsx            |  36 +-
 web/components/install-download-tile.tsx     | 160 ++++++++
 35 files changed, 2178 insertions(+), 94 deletions(-)
 create mode 100644 crates/tui/src/sandbox/bwrap.rs
 create mode 100644 crates/tui/src/sandbox/process_hardening.rs
 create mode 100644 crates/tui/src/sandbox/seccomp.rs
 create mode 100644 docs/SANDBOX.md
 create mode 100644 docs/rfcs/2189-persistence-sqlite.md
 create mode 100644 docs/rfcs/2190-mcp-modularization.md
 create mode 100644 scripts/release/install.bat
 create mode 100644 scripts/release/install.sh
 create mode 100644 web/components/install-download-tile.tsx

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b650617c..d66a8479 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -223,6 +223,104 @@ jobs:
         with:
           name: ${{ matrix.artifact_name }}
           path: ${{ matrix.artifact_name }}
+
+  bundle:
+    needs: [build, resolve]
+    if: ${{ !cancelled() && needs.build.result == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.resolve.outputs.source_ref }}
+      - uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+          pattern: 'codewhale*'
+      - name: Create platform archives
+        shell: bash
+        run: |
+          set -euo pipefail
+          mkdir -p bundles/checksums
+          MANIFEST="bundles/checksums/codewhale-bundles-sha256.txt"
+          : > "$MANIFEST"
+
+          bundle() {
+            local platform="$1"   # linux-x64, linux-arm64, macos-x64, macos-arm64, windows-x64
+            local cli_src="$2"    # artifact name for codewhale binary
+            local tui_src="$3"    # artifact name for codewhale-tui binary
+            local ext="$4"        # tar.gz or zip
+            local variant="$5"    # '' (standard) or 'portable' (Windows only, no install script)
+            shift 5
+
+            local dir="bundles/codewhale-${platform}${variant:+-}${variant}"
+            mkdir -p "$dir"
+
+            # Copy binaries, stripping platform suffixes
+            local cli_dst="codewhale"
+            local tui_dst="codewhale-tui"
+            if [[ "$platform" == windows-* ]]; then
+              cli_dst="codewhale.exe"
+              tui_dst="codewhale-tui.exe"
+            fi
+            cp "artifacts/${cli_src}/${cli_src}" "$dir/${cli_dst}"
+            cp "artifacts/${tui_src}/${tui_src}" "$dir/${tui_dst}"
+
+            # Add install script (standard variant only)
+            if [[ "$variant" != "portable" ]]; then
+              if [[ "$platform" == windows-* ]]; then
+                cp scripts/release/install.bat "$dir/"
+                # Convert line endings to CRLF for Windows
+                sed -i 's/$/\r/' "$dir/install.bat" 2>/dev/null || true
+              else
+                cp scripts/release/install.sh "$dir/"
+                chmod +x "$dir/install.sh"
+              fi
+            fi
+
+            if [[ "$ext" == "zip" ]]; then
+              (cd bundles && zip -r "codewhale-${platform}${variant:+-}${variant}.zip" "codewhale-${platform}${variant:+-}${variant}/")
+            else
+              tar -czf "bundles/codewhale-${platform}${variant:+-}${variant}.tar.gz" -C bundles "codewhale-${platform}${variant:+-}${variant}/"
+            fi
+
+            local archive="codewhale-${platform}${variant:+-}${variant}.${ext}"
+            sha256sum "bundles/${archive}" | awk '{printf "%s  %s\n", $1, $2}' >> "$MANIFEST"
+            echo "  Created bundles/${archive}"
+          }
+
+          # Platform: linux-x64
+          bundle linux-x64 \
+            codewhale-linux-x64 codewhale-tui-linux-x64 tar.gz ""
+
+          # Platform: linux-arm64
+          bundle linux-arm64 \
+            codewhale-linux-arm64 codewhale-tui-linux-arm64 tar.gz ""
+
+          # Platform: macos-x64
+          bundle macos-x64 \
+            codewhale-macos-x64 codewhale-tui-macos-x64 tar.gz ""
+
+          # Platform: macos-arm64
+          bundle macos-arm64 \
+            codewhale-macos-arm64 codewhale-tui-macos-arm64 tar.gz ""
+
+          # Platform: windows-x64 (standard + portable)
+          bundle windows-x64 \
+            codewhale-windows-x64.exe codewhale-tui-windows-x64.exe zip ""
+          bundle windows-x64 \
+            codewhale-windows-x64.exe codewhale-tui-windows-x64.exe zip "portable"
+
+          echo ""
+          echo "=== Archive checksums ==="
+          cat "$MANIFEST"
+
+      - name: Upload bundle artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: codewhale-bundles
+          path: bundles/*
+          if-no-files-found: error
+
   docker:
     needs: [build, resolve]
     if: ${{ !cancelled() && needs.build.result == 'success' }}
@@ -292,8 +390,8 @@ jobs:
           cache-to: type=gha,mode=max
 
   release:
-    needs: [build, docker, resolve]
-    if: ${{ !cancelled() && needs.build.result == 'success' && needs.docker.result == 'success' }}
+    needs: [build, bundle, docker, resolve]
+    if: ${{ !cancelled() && needs.build.result == 'success' && needs.bundle.result == 'success' && needs.docker.result == 'success' }}
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -365,35 +463,52 @@ jobs:
 
             Both crates are required — `codewhale-cli` produces the `codewhale` dispatcher and `codewhale-tui` produces the interactive runtime that the dispatcher delegates to. Installing only one binary will fail at runtime with a `MISSING_COMPANION_BINARY` error.
 
-            ### Manual download
+            ### Manual download — platform archives (recommended)
 
-            **Both** binaries below must be downloaded for your platform and dropped into the same directory (e.g. `~/.local/bin/`):
+            Each archive below contains **both** the `codewhale` dispatcher and `codewhale-tui` runtime, plus an install script:
 
-            | Platform | Dispatcher | TUI runtime |
+            | Platform | Archive | Install script |
             |---|---|---|
-            | Linux x64 | `codewhale-linux-x64` | `codewhale-tui-linux-x64` |
-            | Linux ARM64 | `codewhale-linux-arm64` | `codewhale-tui-linux-arm64` |
-            | macOS x64 | `codewhale-macos-x64` | `codewhale-tui-macos-x64` |
-            | macOS ARM | `codewhale-macos-arm64` | `codewhale-tui-macos-arm64` |
-            | Windows x64 | `codewhale-windows-x64.exe` | `codewhale-tui-windows-x64.exe` |
+            | Linux x64 | `codewhale-linux-x64.tar.gz` | `install.sh` |
+            | Linux ARM64 | `codewhale-linux-arm64.tar.gz` | `install.sh` |
+            | macOS x64 | `codewhale-macos-x64.tar.gz` | `install.sh` |
+            | macOS ARM | `codewhale-macos-arm64.tar.gz` | `install.sh` |
+            | Windows x64 | `codewhale-windows-x64.zip` | `install.bat` |
+            | Windows x64 (portable) | `codewhale-windows-x64-portable.zip` | — |
 
-            Then `chmod +x` both (Unix) and run `./codewhale`.
+            **Unix (Linux / macOS):**
+            ```bash
+            tar xzf codewhale-<platform>.tar.gz
+            cd codewhale-<platform>
+            ./install.sh
+            ```
 
-            Legacy `deepseek-*` and `deepseek-tui-*` assets are also attached for one release cycle so that existing `deepseek update` invocations on v0.8.40 keep working; they install the deprecation shims, which forward to the canonical binaries.
+            **Windows:**
+            - Extract `codewhale-windows-x64.zip`
+            - Run `install.bat` (copies to `%USERPROFILE%\bin`)
+            - Add `%USERPROFILE%\bin` to your PATH
+
+            The **portable** Windows archive skips the install script — extract and run from any directory.
+
+            Individual binaries are also attached below for scripting and the npm wrapper. Legacy `deepseek-*` and `deepseek-tui-*` assets ship for one release cycle so that existing `deepseek update` invocations on v0.8.40 keep working; they install the deprecation shims, which forward to the canonical binaries.
 
             ### Verify (recommended)
 
-            Download `codewhale-artifacts-sha256.txt` from this Release and verify:
+            Download the checksum manifests from this Release and verify:
 
             ```bash
-            # Linux
+            # Linux — archive bundles
+            sha256sum -c codewhale-bundles-sha256.txt
+
+            # Linux — individual binaries
             sha256sum -c codewhale-artifacts-sha256.txt
 
             # macOS
+            shasum -a 256 -c codewhale-bundles-sha256.txt
             shasum -a 256 -c codewhale-artifacts-sha256.txt
             ```
 
-            The legacy `deepseek-artifacts-sha256.txt` is also attached for backward compatibility and contains the same hashes.
+            The legacy `deepseek-artifacts-sha256.txt` is also attached for backward compatibility and contains the same hashes as the canonical manifest.
 
             ## Changelog
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7b8fee06..4d42844c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,22 +7,66 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.8.46] - 2026-05-26
+
 ### Added
 
 - **`CODEWHALE_*` env aliases.** `CODEWHALE_PROVIDER`, `CODEWHALE_MODEL`,
   and `CODEWHALE_BASE_URL` are public product-scoped aliases that take
   precedence over the legacy `DEEPSEEK_*` forms. The `DEEPSEEK_*` names
-  remain accepted for back-compat. Recommended setup paths are
-  `codewhale --provider <name>`, `provider = "<name>"` in
-  `~/.codewhale/config.toml`, or `CODEWHALE_PROVIDER=<name>`.
+  remain accepted for back-compat.
+- **Platform archive bundles.** Release artifacts now ship as per-platform
+  archives (`tar.gz` for Linux/macOS, `.zip` for Windows) containing both
+  `codewhale` and `codewhale-tui` binaries plus an install script. No more
+  downloading two loose files and guessing which ones to pick (#2193).
+- **Windows portable archive.** `codewhale-windows-x64-portable.zip` ships
+  the two binaries without an install script for USB-stick distribution
+  (#2193).
+- **Web install download tile.** The website install page now shows a
+  platform-aware download tile with arch detection, SHA256 checksum
+  display, and China mirror links, instead of burying the download behind
+  the Cargo instructions (#2192).
+- **Whale dark palette refresh.** Better contrast and layer separation
+  across the TUI color scheme (#2197).
+- **Auto-collapse finished sub-agents.** Completed sub-agent sessions now
+  collapse automatically in the sidebar, reducing noise during long
+  sessions (#2195).
+- **Shell-running status chip.** A `⏳ shell running` chip appears in the
+  TUI footer while background shell tasks are active (#2194).
+- **Sandbox process hardening (Linux).** `PR_SET_DUMPABLE=0`,
+  `NO_NEW_PRIVS`, and `RLIMIT_CORE=0` are applied at shell startup to
+  harden child processes against inspection and privilege escalation
+  (#2183).
+- **CONTRIBUTING.md cross-links.** Issue and PR templates are now
+  cross-linked from CONTRIBUTING.md to improve contributor onboarding
+  (#2203).
 
 ### Changed
 
-- **DeepSeek-first focus.** v0.8.45.x refocuses on delivering the
-  highest-quality experience on DeepSeek first. The project's broader
-  goal remains to become a strong harness for open-source and open-weight
-  coding models, but additional first-class provider paths are planned
-  for v0.9.0 after the core DeepSeek workflow is solid.
+- **DeepSeek-first focus.** v0.8.46 refocuses on delivering the
+  highest-quality experience on DeepSeek first. Additional first-class
+  provider paths are planned for v0.9.0 after the core DeepSeek workflow
+  is solid.
+
+### Fixed
+
+- **Model name casing preserved.** `normalize_model_name_for_provider` no
+  longer lowercases user-set model names such as `DeepSeek-V4-Flash`,
+  preventing API lookup failures on case-sensitive backends (#2109).
+- **Esc in model picker applies selection.** Dismissing the model picker
+  with Esc now applies the last-highlighted choice instead of reverting
+  (#2196).
+- **Web install downloads both binaries.** The `install-binary.tsx`
+  snippet now fetches both `codewhale` and `codewhale-tui`, fixing the
+  `MISSING_COMPANION_BINARY` trap on fresh npm installs (#2191).
+- **`grep_files` skips large directories.** The pure-Rust search tool
+  now skips known-large directories (`.git`, `node_modules`, `target`)
+  before walking, preventing hangs on deep or slow filesystems.
+- **Version-update hint uses semver.** The update notification in the
+  footer now compares versions semantically instead of lexicographically,
+  so `0.8.10 > 0.8.9` is recognized correctly.
+- **CVE-2026-8723 in feishu-bridge.** Bumped `qs` to `>=6.15.2` in the
+  Feishu bridge integration (#2198).
 
 ## [0.8.45] - 2026-05-25
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 759b6d44..1cbc15b0 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -184,6 +184,9 @@ these crates, including the bottom-up build order.
 
 ## Pull Request Guidelines
 
+- Use the [pull request template](.github/PULL_REQUEST_TEMPLATE.md) when opening
+  a PR — it includes the Summary, Testing, and Checklist sections reviewers
+  expect
 - Keep PRs focused on a single change
 - Update documentation if needed
 - Add tests for new functionality
@@ -217,7 +220,14 @@ cargo check
 
 ## Reporting Issues
 
-When reporting issues, please include:
+When reporting issues, please use one of the issue templates:
+
+- [Bug report](.github/ISSUE_TEMPLATE/bug_report.md) — for reproducible problems
+  or regressions
+- [Feature request](.github/ISSUE_TEMPLATE/feature_request.md) — for ideas and
+  improvements
+
+Issue reports should include:
 
 - Operating system and version
 - Rust version (`rustc --version`)
@@ -226,9 +236,17 @@ When reporting issues, please include:
 - Expected vs actual behavior
 - Relevant error messages or logs
 
+## Security
+
+If you discover a security vulnerability, please do **not** open a public issue.
+See [SECURITY.md](SECURITY.md) for the responsible disclosure process and
+contact information.
+
 ## Code of Conduct
 
-Be respectful and inclusive. We welcome contributors of all backgrounds and experience levels.
+Be respectful and inclusive. We welcome contributors of all backgrounds and
+experience levels. See [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for the full
+code of conduct.
 
 ## License
 
diff --git a/config.example.toml b/config.example.toml
index 87af1a8e..73c211f2 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -131,6 +131,21 @@ sandbox_mode = "workspace-write" # read-only | workspace-write | danger-full-acc
 # The backend uses a 30-second HTTP timeout. Background, interactive, and
 # TTY modes are not supported with external backends — all commands run
 # synchronously via HTTP.
+# ─────────────────────────────────────────────────────────────────────────────────
+# Bubblewrap (Linux only, additional filesystem isolation)
+# ─────────────────────────────────────────────────────────────────────────────────
+# When set to true and `/usr/bin/bwrap` is present, exec_shell commands are
+# routed through bubblewrap instead of relying solely on Landlock. Bubblewrap
+# creates a read-only view of the root filesystem with write access limited to
+# the working directory. Install separately:
+#
+#   Ubuntu/Debian:  apt install bubblewrap
+#   Fedora:         dnf install bubblewrap
+#   Arch:           pacman -S bubblewrap
+#
+# prefer_bwrap = false  # default — use Landlock only
+#
+# Env override: DEEPSEEK_PREFER_BWRAP=true
 
 # auto_allow entries match by command prefix, not raw string.
 # See command_safety.rs for the prefix dictionary.
diff --git a/crates/tui/src/commands/goal.rs b/crates/tui/src/commands/goal.rs
index 9bc2a945..83248e33 100644
--- a/crates/tui/src/commands/goal.rs
+++ b/crates/tui/src/commands/goal.rs
@@ -163,7 +163,7 @@ mod tests {
         assert!(matches!(
             result.action,
             Some(AppAction::SendMessage(content))
-                if content == "Implement login flow".to_string()
+                if content == *"Implement login flow"
         ));
     }
 
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index a51a3c8b..883cf8ed 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -411,12 +411,24 @@ fn canonical_official_deepseek_model_id(model: &str) -> Option<&'static str> {
 /// aliases are valid for some compatible backends, but sending them to
 /// DeepSeek's own API causes a 400. Keep the generic normalizer permissive for
 /// config/back-compat, and canonicalize only when the active provider is known.
+///
+/// Preserves the caller's casing when the model is already a recognised
+/// DeepSeek id (e.g. `DeepSeek-V4-Flash` stays as-is). Only rewrites compact
+/// aliases like `deepseek-v4pro` → `deepseek-v4-pro`.
 #[must_use]
 pub fn normalize_model_name_for_provider(provider: ApiProvider, model: &str) -> Option<String> {
     let normalized = normalize_model_name(model)?;
     if matches!(provider, ApiProvider::Deepseek | ApiProvider::DeepseekCN)
         && let Some(canonical) = canonical_official_deepseek_model_id(&normalized)
     {
+        // When the user's input already matches a known model id
+        // case-insensitively, keep their original casing; only rewrite
+        // compact aliases (e.g. v4pro → v4-pro).
+        if canonical.eq_ignore_ascii_case(&normalized)
+            || normalized.to_ascii_lowercase() == canonical
+        {
+            return Some(normalized);
+        }
         return Some(canonical.to_string());
     }
     if let Some(canonical) = canonical_official_deepseek_model_id(&normalized) {
@@ -970,6 +982,11 @@ pub struct Config {
     pub sandbox_url: Option<String>,
     /// Optional API key for the external sandbox backend (sent as Bearer token).
     pub sandbox_api_key: Option<String>,
+    /// When true and `/usr/bin/bwrap` is present on Linux, route exec_shell
+    /// through bubblewrap instead of relying solely on Landlock (#2184).
+    /// Defaults to false. Requires the `bubblewrap` package to be installed
+    /// separately — we do NOT vendor bwrap.
+    pub prefer_bwrap: Option<bool>,
     pub managed_config_path: Option<String>,
     pub requirements_path: Option<String>,
     pub max_subagents: Option<usize>,
@@ -2934,8 +2951,7 @@ fn auth_mode_uses_kimi_oauth(mode: &str) -> bool {
 fn normalize_auth_mode(mode: &str) -> String {
     mode.trim()
         .to_ascii_lowercase()
-        .replace('-', "_")
-        .replace(' ', "_")
+        .replace(['-', ' '], "_")
 }
 
 fn base_url_uses_local_host(base_url: &str) -> bool {
@@ -3071,6 +3087,7 @@ fn merge_config(base: Config, override_cfg: Config) -> Config {
         sandbox_backend: override_cfg.sandbox_backend.or(base.sandbox_backend),
         sandbox_url: override_cfg.sandbox_url.or(base.sandbox_url),
         sandbox_api_key: override_cfg.sandbox_api_key.or(base.sandbox_api_key),
+        prefer_bwrap: override_cfg.prefer_bwrap.or(base.prefer_bwrap),
         managed_config_path: override_cfg
             .managed_config_path
             .or(base.managed_config_path),
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index f98f523c..1537d87d 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -171,6 +171,10 @@ pub struct EngineConfig {
     /// once at engine construction, then threaded onto every
     /// `SubAgentRuntime` the engine builds (#1806, #1808).
     pub subagent_api_timeout: Duration,
+    /// When true and `/usr/bin/bwrap` is present on Linux, route exec_shell
+    /// through bubblewrap instead of relying solely on Landlock (#2184).
+    #[allow(dead_code)] // Wired through ShellManager in follow-up PR
+    pub prefer_bwrap: bool,
 }
 
 impl Default for EngineConfig {
@@ -214,6 +218,7 @@ impl Default for EngineConfig {
             subagent_api_timeout: Duration::from_secs(
                 crate::config::DEFAULT_SUBAGENT_API_TIMEOUT_SECS,
             ),
+            prefer_bwrap: false,
         }
     }
 }
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index be286978..252ea9f5 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -732,6 +732,11 @@ enum SandboxCommand {
 async fn main() -> Result<()> {
     configure_windows_console_utf8();
 
+    // ── Process hardening (#2183) ─────────────────────────────────────────
+    // MUST run before Tokio is booted and before any threads are spawned.
+    // See crates/tui/src/sandbox/process_hardening.rs for ordering rationale.
+    crate::sandbox::process_hardening::apply_process_hardening();
+
     // Set up process panic hook before anything else — writes crash dumps
     // to ~/.deepseek/crashes/ even if the panic happens before tokio is up,
     // and restores the terminal so a panicked TUI doesn't leave the user's
@@ -5138,6 +5143,7 @@ async fn run_exec_agent(
         runtime_services: crate::tools::spec::RuntimeToolServices::default(),
         subagent_model_overrides: config.subagent_model_overrides(),
         subagent_api_timeout: std::time::Duration::from_secs(config.subagent_api_timeout_secs()),
+        prefer_bwrap: config.prefer_bwrap.unwrap_or(false),
         memory_enabled: config.memory_enabled(),
         memory_path: config.memory_path(),
         vision_config: config.vision_model_config(),
diff --git a/crates/tui/src/palette.rs b/crates/tui/src/palette.rs
index 2890804c..74d72e06 100644
--- a/crates/tui/src/palette.rs
+++ b/crates/tui/src/palette.rs
@@ -4,17 +4,17 @@ use ratatui::style::Color;
 #[cfg(target_os = "macos")]
 use std::process::Command;
 
-// v0.8.45 Whale dark palette — refreshed ocean/navy identity.
-pub const WHALE_BG_RGB: (u8, u8, u8) = (13, 21, 37); // #0D1525 Deep Navy
-pub const WHALE_PANEL_RGB: (u8, u8, u8) = (19, 29, 48); // #131D30
-pub const WHALE_ELEVATED_RGB: (u8, u8, u8) = (26, 40, 64); // #1A2840
-pub const WHALE_SELECTION_RGB: (u8, u8, u8) = (30, 50, 82); // #1E3252
+// v0.8.46 Whale dark palette — improved contrast and layer separation.
+pub const WHALE_BG_RGB: (u8, u8, u8) = (10, 17, 32); // #0A1120 Deep Navy
+pub const WHALE_PANEL_RGB: (u8, u8, u8) = (22, 34, 56); // #162238
+pub const WHALE_ELEVATED_RGB: (u8, u8, u8) = (36, 52, 78); // #24344E
+pub const WHALE_SELECTION_RGB: (u8, u8, u8) = (48, 68, 100); // #304464
 pub const WHALE_TEXT_BODY_RGB: (u8, u8, u8) = (246, 242, 232); // #F6F2E8 Whale Ivory
 pub const WHALE_TEXT_SOFT_RGB: (u8, u8, u8) = (217, 224, 234); // #D9E0EA
 pub const WHALE_TEXT_MUTED_RGB: (u8, u8, u8) = (169, 180, 199); // #A9B4C7 Mist Gray
-pub const WHALE_TEXT_HINT_RGB: (u8, u8, u8) = (122, 134, 158); // #7A869E
+pub const WHALE_TEXT_HINT_RGB: (u8, u8, u8) = (138, 150, 174); // #8A96AE
 #[allow(dead_code)]
-pub const WHALE_TEXT_DIM_RGB: (u8, u8, u8) = (107, 120, 146); // #6B7892
+pub const WHALE_TEXT_DIM_RGB: (u8, u8, u8) = (118, 130, 156); // #76829C
 pub const WHALE_ACCENT_PRIMARY_RGB: (u8, u8, u8) = (246, 196, 83); // #F6C453 Signal Gold
 pub const WHALE_ACCENT_SECONDARY_RGB: (u8, u8, u8) = (79, 209, 197); // #4FD1C5 Seafoam
 pub const WHALE_ACCENT_ACTION_RGB: (u8, u8, u8) = (255, 122, 89); // #FF7A59 Coral Spark
@@ -26,10 +26,10 @@ pub const WHALE_ERROR_TEXT_RGB: (u8, u8, u8) = (255, 214, 222); // #FFD6DE Error
 pub const WHALE_WARNING_RGB: (u8, u8, u8) = (240, 160, 48); // #F0A030
 pub const WHALE_SUCCESS_RGB: (u8, u8, u8) = (79, 209, 197); // #4FD1C5 Seafoam
 pub const WHALE_INFO_RGB: (u8, u8, u8) = (106, 174, 242); // #6AAEF2 Sky
-pub const WHALE_BORDER_RGB: (u8, u8, u8) = (42, 74, 127); // #2A4A7F
+pub const WHALE_BORDER_RGB: (u8, u8, u8) = (52, 88, 145); // #345891
 pub const WHALE_REASONING_TEXT_RGB: (u8, u8, u8) = (224, 153, 72); // #E09948
 pub const WHALE_REASONING_SURFACE_RGB: (u8, u8, u8) = (42, 34, 24); // #2A2218
-pub const WHALE_REASONING_TINT_RGB: (u8, u8, u8) = (20, 30, 42); // #141E2A
+pub const WHALE_REASONING_TINT_RGB: (u8, u8, u8) = (24, 36, 52); // #182434
 pub const WHALE_DIFF_ADDED_RGB: (u8, u8, u8) = (87, 199, 133); // #57C785
 #[allow(dead_code)]
 pub const WHALE_DIFF_DELETED_RGB: (u8, u8, u8) = (255, 92, 122); // #FF5C7A Rose Red
@@ -39,11 +39,11 @@ pub const WHALE_MODE_AGENT_RGB: (u8, u8, u8) = (80, 150, 255); // #5096FF
 pub const WHALE_MODE_YOLO_RGB: (u8, u8, u8) = (255, 100, 100); // #FF6464
 pub const WHALE_MODE_PLAN_RGB: (u8, u8, u8) = (246, 196, 83); // #F6C453 Signal Gold
 pub const WHALE_MODE_GOAL_RGB: (u8, u8, u8) = (100, 220, 160); // #64DCA0
-pub const WHALE_TOOL_LIVE_RGB: (u8, u8, u8) = (133, 184, 234); // #85B8EA
-pub const WHALE_TOOL_ISSUE_RGB: (u8, u8, u8) = (192, 143, 153); // #C08F99
+pub const WHALE_TOOL_LIVE_RGB: (u8, u8, u8) = (140, 190, 238); // #8CBEEE
+pub const WHALE_TOOL_ISSUE_RGB: (u8, u8, u8) = (198, 150, 160); // #C696A0
 pub const WHALE_TOOL_OUTPUT_RGB: (u8, u8, u8) = (194, 208, 224); // #C2D0E0
-pub const WHALE_TOOL_SURFACE_RGB: (u8, u8, u8) = (24, 34, 53); // #182235
-pub const WHALE_TOOL_ACTIVE_RGB: (u8, u8, u8) = (31, 45, 69); // #1F2D45
+pub const WHALE_TOOL_SURFACE_RGB: (u8, u8, u8) = (28, 40, 62); // #1C283E
+pub const WHALE_TOOL_ACTIVE_RGB: (u8, u8, u8) = (38, 54, 80); // #263650
 
 // Backward-compatible aliases for existing call sites.
 pub const DEEPSEEK_BLUE_RGB: (u8, u8, u8) = WHALE_ACCENT_PRIMARY_RGB;
@@ -2060,4 +2060,4 @@ mod tests {
         let _ = ColorDepth::detect();
         let _ = adapt_color(DEEPSEEK_INK, ColorDepth::detect());
     }
-}
+}
\ No newline at end of file
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 55be26e8..c2fca300 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1976,6 +1976,7 @@ impl RuntimeThreadManager {
             subagent_api_timeout: std::time::Duration::from_secs(
                 self.config.subagent_api_timeout_secs(),
             ),
+            prefer_bwrap: self.config.prefer_bwrap.unwrap_or(false),
             memory_enabled: self.config.memory_enabled(),
             memory_path: self.config.memory_path(),
             vision_config: self.config.vision_model_config(),
diff --git a/crates/tui/src/sandbox/bwrap.rs b/crates/tui/src/sandbox/bwrap.rs
new file mode 100644
index 00000000..4316f08e
--- /dev/null
+++ b/crates/tui/src/sandbox/bwrap.rs
@@ -0,0 +1,131 @@
+//! Bubblewrap (bwrap) passthrough for Linux sandbox (#2184).
+//!
+//! Bubblewrap is a setuid-less container runtime used by Flatpak and other
+//! projects. It creates a new mount namespace with configurable bind mounts,
+//! providing filesystem isolation without requiring root privileges.
+//!
+//! # How it works
+//!
+//! When `/usr/bin/bwrap` is present AND the config key `[sandbox] prefer_bwrap`
+//! is set to `true`, exec_shell commands are routed through bwrap instead of
+//! relying solely on Landlock. The bwrap invocation looks like:
+//!
+//! ```text
+//! bwrap \
+//!   --ro-bind / / \
+//!   --bind <cwd> <cwd> \
+//!   --chdir <cwd> \
+//!   --unshare-all \
+//!   -- <program> <args>
+//! ```
+//!
+//! This creates a read-only view of the entire filesystem with write access
+//! limited to the working directory.
+//!
+//! # Important
+//!
+//! We do NOT vendor bwrap. The user must install it themselves:
+//!
+//! - Ubuntu/Debian: `apt install bubblewrap`
+//! - Fedora: `dnf install bubblewrap`
+//! - Arch: `pacman -S bubblewrap`
+//!
+//! If bwrap is not installed, we fall back to Landlock.
+
+use std::path::PathBuf;
+
+/// Canonical path to the bubblewrap binary.
+#[cfg(target_os = "linux")]
+pub const BWRAP_PATH: &str = "/usr/bin/bwrap";
+
+/// Check if bubblewrap is installed and executable.
+#[cfg(target_os = "linux")]
+pub fn is_available() -> bool {
+    std::path::Path::new(BWRAP_PATH).exists()
+}
+
+#[cfg(not(target_os = "linux"))]
+pub fn is_available() -> bool {
+    false
+}
+
+/// Build a bwrap command that wraps the given program and arguments.
+///
+/// The returned command vector is suitable for use as `ExecEnv.command` —
+/// it replaces the normal program+args with a bwrap invocation that sets
+/// up a read-only root filesystem with write access only to the specified
+/// working directory.
+///
+/// # Arguments
+///
+/// - `cwd` — working directory that gets writable bind-mount
+/// - `program` — the program to run inside the container
+/// - `args` — arguments to pass to the program
+///
+/// # Returns
+///
+/// A `Vec<String>` representing the full bwrap invocation.
+#[cfg(target_os = "linux")]
+pub fn build_bwrap_command(cwd: &std::path::Path, program: &str, args: &[String]) -> Vec<String> {
+    let mut cmd: Vec<String> = Vec::with_capacity(10 + args.len());
+
+    cmd.push(BWRAP_PATH.to_string());
+
+    // Read-only bind-mount the entire root filesystem.
+    cmd.push("--ro-bind".to_string());
+    cmd.push("/".to_string());
+    cmd.push("/".to_string());
+
+    // Bind-mount the working directory with read-write access.
+    let cwd_str = cwd.to_string_lossy().to_string();
+    cmd.push("--bind".to_string());
+    cmd.push(cwd_str.clone());
+    cmd.push(cwd_str.clone());
+
+    // Change to the working directory inside the container.
+    cmd.push("--chdir".to_string());
+    cmd.push(cwd_str);
+
+    // Unshare all namespaces for maximum isolation.
+    cmd.push("--unshare-all".to_string());
+
+    // Separator between bwrap args and the command to run.
+    cmd.push("--".to_string());
+
+    // The actual program and its arguments.
+    cmd.push(program.to_string());
+    cmd.extend(args.iter().cloned());
+
+    cmd
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_is_available_does_not_panic() {
+        let _ = is_available();
+    }
+
+    #[test]
+    #[cfg(target_os = "linux")]
+    fn test_build_bwrap_command_structure() {
+        let cwd = std::path::Path::new("/home/user/project");
+        let cmd = build_bwrap_command(cwd, "sh", &["-c".to_string(), "echo hi".to_string()]);
+
+        // Should start with bwrap
+        assert_eq!(cmd[0], "/usr/bin/bwrap");
+
+        // Should have ro-bind for root
+        assert!(cmd.contains(&"--ro-bind".to_string()));
+
+        // Should have --chdir
+        assert!(cmd.contains(&"--chdir".to_string()));
+
+        // Should end with the command
+        assert_eq!(cmd[cmd.len() - 1], "echo hi");
+        assert_eq!(cmd[cmd.len() - 2], "-c");
+        assert_eq!(cmd[cmd.len() - 3], "sh");
+    }
+}
diff --git a/crates/tui/src/sandbox/landlock.rs b/crates/tui/src/sandbox/landlock.rs
index 7670d65b..4a083ea3 100644
--- a/crates/tui/src/sandbox/landlock.rs
+++ b/crates/tui/src/sandbox/landlock.rs
@@ -290,18 +290,32 @@ pub fn create_landlock_wrapper(
     cmd
 }
 
-/// Detect if a failure was caused by Landlock denial
+/// Detect if a failure was caused by Landlock or seccomp denial.
+///
+/// Checks both Landlock-specific patterns (EACCES/EPERM) and seccomp-specific
+/// patterns (Bad system call / SIGSYS). Seccomp violations are reported through
+/// the same `was_denied` path so callers don't need to distinguish which layer
+/// blocked the operation.
 #[cfg(target_os = "linux")]
 pub fn detect_denial(exit_code: i32, stderr: &str) -> bool {
     if exit_code == 0 {
         return false;
     }
 
-    // Landlock denials typically result in EACCES or EPERM
-    stderr.contains("Permission denied")
+    // Landlock denials typically result in EACCES or EPERM.
+    let landlock_denial = stderr.contains("Permission denied")
         || stderr.contains("Operation not permitted")
         || stderr.contains("EACCES")
-        || stderr.contains("EPERM")
+        || stderr.contains("EPERM");
+
+    // Seccomp denials (#2182): SIGSYS (exit code 31 or "Bad system call").
+    let seccomp_denial = exit_code == 31
+        || stderr.contains("Bad system call")
+        || stderr.contains("bad system call")
+        || stderr.contains("SIGSYS")
+        || stderr.contains("seccomp");
+
+    landlock_denial || seccomp_denial
 }
 
 // Stub implementations for non-Linux platforms
diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index 508e3bd6..d52d9ffc 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -30,6 +30,7 @@
 pub mod backend;
 pub mod opensandbox;
 pub mod policy;
+pub mod process_hardening;
 
 #[cfg(target_os = "macos")]
 pub mod seatbelt;
@@ -37,6 +38,12 @@ pub mod seatbelt;
 #[cfg(target_os = "linux")]
 pub mod landlock;
 
+#[cfg(target_os = "linux")]
+pub mod seccomp;
+
+#[cfg(target_os = "linux")]
+pub mod bwrap;
+
 #[cfg(target_os = "windows")]
 pub mod windows;
 
@@ -296,17 +303,34 @@ pub struct SandboxManager {
     /// Force a specific sandbox type (for testing).
     #[allow(dead_code)]
     forced_sandbox: Option<SandboxType>,
+
+    /// When true and bwrap is available on Linux, route commands through
+    /// bubblewrap instead of Landlock alone (#2184).
+    prefer_bwrap: bool,
 }
 
 impl SandboxManager {
     /// Create a new `SandboxManager`.
     pub fn new() -> Self {
+        Self::default()
+    }
+
+    /// Create a new `SandboxManager` with bwrap preference (#2184).
+    ///
+    /// When `prefer_bwrap` is true and `/usr/bin/bwrap` is present on Linux,
+    /// exec_shell commands will be routed through bubblewrap.
+    pub fn with_bwrap_preference(prefer_bwrap: bool) -> Self {
         Self {
-            sandbox_available: None,
-            forced_sandbox: None,
+            prefer_bwrap,
+            ..Self::default()
         }
     }
 
+    /// Set the bwrap preference (#2184).
+    pub fn set_prefer_bwrap(&mut self, prefer: bool) {
+        self.prefer_bwrap = prefer;
+    }
+
     /// Check if sandboxing is available.
     pub fn is_available(&mut self) -> bool {
         if let Some(available) = self.sandbox_available {
@@ -349,7 +373,7 @@ impl SandboxManager {
             SandboxType::MacosSeatbelt => Self::prepare_seatbelt(spec),
 
             #[cfg(target_os = "linux")]
-            SandboxType::LinuxLandlock => Self::prepare_landlock(spec),
+            SandboxType::LinuxLandlock => self.prepare_landlock(spec),
 
             #[cfg(target_os = "windows")]
             SandboxType::Windows => Self::prepare_windows(spec),
@@ -402,26 +426,39 @@ impl SandboxManager {
 
     /// Prepare a Landlock-sandboxed execution environment (Linux).
     ///
-    /// Note: Landlock restricts the current process, so for subprocess sandboxing
-    /// we would need a helper binary. For now, this prepares the environment with
-    /// appropriate markers but doesn't actually apply Landlock (would need helper).
+    /// If `prefer_bwrap` is set and `/usr/bin/bwrap` is available, routes the
+    /// command through bubblewrap for stronger filesystem isolation (#2184).
+    /// Otherwise falls back to Landlock markers.
     #[cfg(target_os = "linux")]
-    fn prepare_landlock(spec: &CommandSpec) -> ExecEnv {
-        // Build the original command
+    fn prepare_landlock(&self, spec: &CommandSpec) -> ExecEnv {
+        // Check if bwrap passthrough should be used (#2184).
+        if self.prefer_bwrap && bwrap::is_available() {
+            let command = bwrap::build_bwrap_command(
+                &spec.cwd,
+                &spec.program,
+                &spec.args,
+            );
+
+            let mut env = spec.env.clone();
+            env.insert("DEEPSEEK_SANDBOX".to_string(), "bwrap".to_string());
+
+            return ExecEnv {
+                command,
+                cwd: spec.cwd.clone(),
+                env,
+                timeout: spec.timeout,
+                sandbox_type: SandboxType::LinuxLandlock,
+                policy: spec.sandbox_policy.clone(),
+            };
+        }
+
+        // Fall back to Landlock (marker only — full implementation needs a helper).
         let mut command = vec![spec.program.clone()];
         command.extend(spec.args.clone());
 
-        // Add sandbox indicator to environment
         let mut env = spec.env.clone();
         env.insert("DEEPSEEK_SANDBOX".to_string(), "landlock".to_string());
 
-        // Note: Full Landlock implementation would use a helper binary that:
-        // 1. Sets up the Landlock ruleset based on policy
-        // 2. Applies restrictions to itself
-        // 3. Execs the target command
-        //
-        // For now, we just mark that Landlock would be used
-
         ExecEnv {
             command,
             cwd: spec.cwd.clone(),
@@ -509,7 +546,15 @@ impl SandboxManager {
 
             #[cfg(target_os = "linux")]
             SandboxType::LinuxLandlock => {
-                if stderr.contains("Permission denied") {
+                // Seccomp patterns checked first because they are more specific (#2182).
+                if stderr.contains("Bad system call")
+                    || stderr.contains("bad system call")
+                    || stderr.contains("SIGSYS")
+                    || stderr.contains("seccomp")
+                {
+                    "Seccomp blocked a disallowed system call (e.g., ptrace, mount, kexec)."
+                        .to_string()
+                } else if stderr.contains("Permission denied") {
                     "Landlock blocked access. The command tried to access a restricted path."
                         .to_string()
                 } else {
@@ -694,4 +739,108 @@ mod tests {
         #[cfg(target_os = "macos")]
         assert_eq!(format!("{}", SandboxType::MacosSeatbelt), "macos-seatbelt");
     }
+
+    // ── Parity tests (#2187) ──────────────────────────────────────────────
+
+    #[test]
+    fn test_parity_platform_sandbox_detection() {
+        let sandbox_type = get_platform_sandbox();
+        let available = is_sandbox_available();
+        if available {
+            assert!(sandbox_type.is_some());
+        }
+    }
+
+    #[test]
+    #[cfg(target_os = "macos")]
+    fn test_parity_macos_seatbelt_available() {
+        let st = get_platform_sandbox();
+        assert!(matches!(st, Some(SandboxType::MacosSeatbelt)));
+    }
+
+    #[test]
+    #[cfg(target_os = "linux")]
+    fn test_parity_linux_landlock_available() {
+        let st = get_platform_sandbox();
+        assert!(matches!(st, Some(SandboxType::LinuxLandlock)));
+    }
+
+    #[test]
+    fn test_parity_denial_zero_exit_never_denied() {
+        assert!(!SandboxManager::was_denied(SandboxType::None, 0, "anything"));
+        #[cfg(target_os = "macos")]
+        assert!(!SandboxManager::was_denied(SandboxType::MacosSeatbelt, 0, ""));
+        #[cfg(target_os = "linux")]
+        assert!(!SandboxManager::was_denied(SandboxType::LinuxLandlock, 0, ""));
+        #[cfg(target_os = "windows")]
+        assert!(!SandboxManager::was_denied(SandboxType::Windows, 0, ""));
+    }
+
+    #[test]
+    #[cfg(target_os = "linux")]
+    fn test_parity_seccomp_sigsys_detected() {
+        assert!(SandboxManager::was_denied(SandboxType::LinuxLandlock, 31, ""));
+        assert!(SandboxManager::was_denied(
+            SandboxType::LinuxLandlock, 1, "Bad system call"
+        ));
+    }
+
+    #[test]
+    #[cfg(target_os = "macos")]
+    fn test_parity_seatbelt_file_write_detected() {
+        // Seatbelt patterns use "Sandbox: <cmd> denied <operation>" format.
+        assert!(SandboxManager::was_denied(
+            SandboxType::MacosSeatbelt, 1, "Sandbox: ls denied file-write*"
+        ));
+        assert!(SandboxManager::was_denied(
+            SandboxType::MacosSeatbelt, 1, "Operation not permitted"
+        ));
+    }
+
+    #[test]
+    fn test_parity_manager_default_no_bwrap() {
+        let manager = SandboxManager::default();
+        let spec = CommandSpec::shell("true", PathBuf::from("/tmp"), Duration::from_secs(5))
+            .with_policy(SandboxPolicy::default());
+        let env = manager.prepare(&spec);
+        #[cfg(target_os = "linux")]
+        {
+            let marker = env.env.get("DEEPSEEK_SANDBOX");
+            assert!(marker.map_or(true, |v| v != "bwrap"));
+        }
+        let _ = env;
+    }
+
+    #[test]
+    fn test_parity_manager_with_bwrap() {
+        let manager = SandboxManager::with_bwrap_preference(true);
+        let spec = CommandSpec::shell("true", PathBuf::from("/tmp"), Duration::from_secs(5))
+            .with_policy(SandboxPolicy::default());
+        let env = manager.prepare(&spec);
+        #[cfg(target_os = "linux")]
+        {
+            if crate::sandbox::bwrap::is_available() {
+                let marker = env.env.get("DEEPSEEK_SANDBOX");
+                assert_eq!(marker.map(String::as_str), Some("bwrap"));
+            }
+        }
+        let _ = env;
+    }
+
+    #[test]
+    fn test_parity_exec_env_for_all_policies() {
+        let manager = SandboxManager::new();
+        let policies = [
+            SandboxPolicy::DangerFullAccess,
+            SandboxPolicy::ReadOnly,
+            SandboxPolicy::workspace_with_network(),
+            SandboxPolicy::default(),
+        ];
+        for policy in &policies {
+            let spec = CommandSpec::shell("true", PathBuf::from("/tmp"), Duration::from_secs(5))
+                .with_policy(policy.clone());
+            let env = manager.prepare(&spec);
+            assert_eq!(env.policy, *policy);
+        }
+    }
 }
diff --git a/crates/tui/src/sandbox/policy.rs b/crates/tui/src/sandbox/policy.rs
index 1ea5dc55..e67a7194 100644
--- a/crates/tui/src/sandbox/policy.rs
+++ b/crates/tui/src/sandbox/policy.rs
@@ -7,8 +7,12 @@
 //! tightly controlled workspace-only write access.
 
 use serde::{Deserialize, Serialize};
+use std::io;
 use std::path::{Path, PathBuf};
 
+use crate::command_safety::SafetyLevel;
+use super::{CommandSpec, ExecEnv};
+
 /// Determines execution restrictions for shell commands.
 ///
 /// The sandbox policy controls filesystem access, network access, and other
@@ -256,6 +260,57 @@ impl WritableRoot {
     }
 }
 
+/// Unified trait for platform-specific sandbox executors (#2186).
+///
+/// Each platform module (seatbelt, landlock, windows) provides an
+/// implementation of this trait. The `SandboxManager` dispatches through
+/// the trait instead of calling platform-specific functions directly.
+pub trait SandboxExecutor {
+    /// Prepare a sandboxed execution environment from a command spec.
+    ///
+    /// Returns the transformed command, environment, and sandbox metadata
+    /// needed to spawn the process.
+    fn prepare(&self, spec: &CommandSpec) -> io::Result<ExecEnv>;
+
+    /// Check if a command failure was caused by sandbox denial.
+    fn was_denied(&self, exit_code: i32, stderr: &str) -> bool;
+
+    /// Get a human-readable description of why the sandbox blocked the command.
+    fn denial_message(&self, stderr: &str) -> String;
+
+    /// Returns the type of sandbox this executor provides.
+    fn sandbox_type(&self) -> super::SandboxType;
+}
+
+/// Map a command safety classification to the appropriate sandbox policy (#2186).
+///
+/// - `Safe` / `WorkspaceSafe` → use the default sandbox policy
+/// - `RequiresApproval` → user must approve before execution (handled by caller)
+/// - `Dangerous` → blocked unless in YOLO mode with trust
+pub fn map_safety_level_to_behavior(
+    level: SafetyLevel,
+    default_policy: &SandboxPolicy,
+) -> SandboxPolicyBehavior {
+    match level {
+        SafetyLevel::Safe | SafetyLevel::WorkspaceSafe => {
+            SandboxPolicyBehavior::Sandboxed(default_policy.clone())
+        }
+        SafetyLevel::RequiresApproval => SandboxPolicyBehavior::RequiresApproval,
+        SafetyLevel::Dangerous => SandboxPolicyBehavior::Blocked,
+    }
+}
+
+/// Behavior decision for a sandboxed command based on safety level.
+#[derive(Debug, Clone)]
+pub enum SandboxPolicyBehavior {
+    /// Execute with the given sandbox policy.
+    Sandboxed(SandboxPolicy),
+    /// User approval required before execution.
+    RequiresApproval,
+    /// Block execution entirely (unless YOLO+trust).
+    Blocked,
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -308,6 +363,33 @@ mod tests {
         assert!(!root.is_path_writable(Path::new("/project/.deepseek/config")));
     }
 
+    #[test]
+    fn test_safety_level_mapping() {
+        let default = SandboxPolicy::default();
+
+        // Safe commands get sandboxed
+        assert!(matches!(
+            map_safety_level_to_behavior(SafetyLevel::Safe, &default),
+            SandboxPolicyBehavior::Sandboxed(_)
+        ));
+        assert!(matches!(
+            map_safety_level_to_behavior(SafetyLevel::WorkspaceSafe, &default),
+            SandboxPolicyBehavior::Sandboxed(_)
+        ));
+
+        // RequiresApproval gets RequiresApproval
+        assert!(matches!(
+            map_safety_level_to_behavior(SafetyLevel::RequiresApproval, &default),
+            SandboxPolicyBehavior::RequiresApproval
+        ));
+
+        // Dangerous gets Blocked
+        assert!(matches!(
+            map_safety_level_to_behavior(SafetyLevel::Dangerous, &default),
+            SandboxPolicyBehavior::Blocked
+        ));
+    }
+
     #[test]
     fn test_policy_serialization() {
         let policy = SandboxPolicy::WorkspaceWrite {
diff --git a/crates/tui/src/sandbox/process_hardening.rs b/crates/tui/src/sandbox/process_hardening.rs
new file mode 100644
index 00000000..0c95b48a
--- /dev/null
+++ b/crates/tui/src/sandbox/process_hardening.rs
@@ -0,0 +1,137 @@
+//! Process hardening for Linux sandbox defense-in-depth (#2183).
+//!
+//! This module applies kernel-level restrictions to the codewhale-tui process
+//! itself. Unlike Landlock/seccomp which restrict child processes spawned for
+//! shell commands, these hardening measures protect the *parent* TUI process
+//! from information leaks and privilege-escalation vectors.
+//!
+//! # Ordering constraints
+//!
+//! `apply_process_hardening()` MUST be called **before** the Tokio runtime is
+//! booted and **before** any worker threads are spawned. The reasons:
+//!
+//! 1. `PR_SET_DUMPABLE` — once set to 0, the process cannot be ptraced and
+//!    `/proc/self/` becomes root-owned. This must happen before any threads
+//!    exist, because the kernel applies dumpable state per-thread-group and
+//!    changing it after threads are live can race with `/proc` lookups.
+//!
+//! 2. `PR_SET_NO_NEW_PRIVS` — prevents the process and all descendants from
+//!    ever gaining new privileges via setuid/setgid/fscaps. This is
+//!    irreversible and must be applied before executing any helper binaries or
+//!    subprocesses that might (incorrectly) rely on privilege boundaries.
+//!
+//! 3. `RLIMIT_CORE` — disables core dumps so that sensitive in-memory data
+//!    (API keys, tokens, prompt content) is never written to disk on a crash.
+//!    Setting this before any data is loaded into memory is the safest posture.
+//!
+//! # Platform support
+//!
+//! These hardening measures are Linux-only (they use `prctl` and `setrlimit`
+//! from the `libc` crate). On non-Linux platforms, `apply_process_hardening()`
+//! is a no-op that logs a debug-level message.
+
+/// Apply process-level hardening measures.
+///
+/// On Linux, this:
+/// - Sets `PR_SET_DUMPABLE` to 0 (prevents ptrace, core dumps)
+/// - Sets `PR_SET_NO_NEW_PRIVS` to 1 (irreversible no-new-privileges)
+/// - Sets `RLIMIT_CORE` to 0 (disables core dumps)
+///
+/// On non-Linux platforms this is a no-op.
+///
+/// # Panics
+///
+/// Does NOT panic. Failures are logged via `tracing::warn` because the
+/// hardening is defense-in-depth — the sandbox still protects child processes
+/// even if these prctls fail (e.g., in a container where some are restricted).
+pub fn apply_process_hardening() {
+    #[cfg(target_os = "linux")]
+    {
+        apply_linux_hardening();
+    }
+    #[cfg(not(target_os = "linux"))]
+    {
+        tracing::debug!("Process hardening skipped: not on Linux");
+    }
+}
+
+/// Linux-specific hardening implementation.
+#[cfg(target_os = "linux")]
+fn apply_linux_hardening() {
+    // ── PR_SET_DUMPABLE = 0 ────────────────────────────────────────────────
+    //
+    // When dumpable is 0:
+    // - The process cannot be ptraced by non-root
+    // - /proc/<pid>/ becomes owned by root:root (mode 0400)
+    // - No core dumps are produced
+    //
+    // Pattern from openai/codex codex-rs/codex-sandbox/src/linux.rs; reimplemented.
+    //
+    // Safety: prctl with PR_SET_DUMPABLE modifies only the calling process.
+    let result = unsafe { libc::prctl(libc::PR_SET_DUMPABLE, 0i64, 0i64, 0i64, 0i64) };
+    if result != 0 {
+        let err = std::io::Error::last_os_error();
+        tracing::warn!(
+            "PR_SET_DUMPABLE failed ({}); continuing without this hardening",
+            err
+        );
+    } else {
+        tracing::debug!("PR_SET_DUMPABLE=0 applied");
+    }
+
+    // ── PR_SET_NO_NEW_PRIVS = 1 ────────────────────────────────────────────
+    //
+    // Once set, neither this process nor any descendant can ever gain new
+    // privileges via setuid, setgid, file capabilities, or LSMs like SELinux
+    // transitions. This is the strongest anti-escalation primitive the kernel
+    // offers.
+    //
+    // Pattern from openai/codex codex-rs/codex-sandbox/src/linux.rs; reimplemented.
+    //
+    // Safety: prctl with PR_SET_NO_NEW_PRIVS modifies only the calling process
+    // and its future descendants.
+    let result = unsafe { libc::prctl(libc::PR_SET_NO_NEW_PRIVS, 1i64, 0i64, 0i64, 0i64) };
+    if result != 0 {
+        let err = std::io::Error::last_os_error();
+        tracing::warn!(
+            "PR_SET_NO_NEW_PRIVS failed ({}); continuing without this hardening",
+            err
+        );
+    } else {
+        tracing::debug!("PR_SET_NO_NEW_PRIVS=1 applied");
+    }
+
+    // ── RLIMIT_CORE = 0 ────────────────────────────────────────────────────
+    //
+    // Disables core dumps at the rlimit level. In combination with
+    // PR_SET_DUMPABLE=0, this provides a belt-and-suspenders guarantee that
+    // no core file will ever be written.
+    //
+    // Safety: setrlimit modifies resource limits for the calling process only.
+    let rlim_core = libc::rlimit {
+        rlim_cur: 0,
+        rlim_max: 0,
+    };
+    let result = unsafe { libc::setrlimit(libc::RLIMIT_CORE, &raw const rlim_core) };
+    if result != 0 {
+        let err = std::io::Error::last_os_error();
+        tracing::warn!(
+            "RLIMIT_CORE failed ({}); continuing without this hardening",
+            err
+        );
+    } else {
+        tracing::debug!("RLIMIT_CORE=0 applied");
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_apply_process_hardening_does_not_panic() {
+        // This test exists to ensure the function can be called without
+        // panicking, even on platforms where hardening is a no-op.
+        apply_process_hardening();
+    }
+}
diff --git a/crates/tui/src/sandbox/seccomp.rs b/crates/tui/src/sandbox/seccomp.rs
new file mode 100644
index 00000000..5a5c00cd
--- /dev/null
+++ b/crates/tui/src/sandbox/seccomp.rs
@@ -0,0 +1,405 @@
+//! Linux seccomp (Secure Computing) filter layer (#2182).
+//!
+//! Seccomp BPF (Berkeley Packet Filter) is a kernel facility that allows a
+//! process to restrict the system calls it (and its descendants) can make.
+//! This module applies a seccomp filter on top of Landlock to provide a
+//! second layer of defense — even if Landlock misbehaves or is configured
+//! too permissively, the seccomp filter blocks entire *classes* of dangerous
+//! syscalls like `ptrace`, `mount`, `kexec_load`, etc.
+//!
+//! # Architecture
+//!
+//! The filter is written as a raw BPF program (array of `sock_filter`
+//! instructions) and loaded via `prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)`.
+//! This avoids any dependency on external crates like `libseccomp-sys` or
+//! `seccompiler` — we use only the `libc` crate already in the dependency
+//! tree.
+//!
+//! # Whitelisted syscalls
+//!
+//! The filter uses a whitelist approach: only syscalls that are known to be
+//! safe for a development/shell workload are allowed. Everything else is
+//! killed with `SECCOMP_RET_KILL_PROCESS`. The whitelist includes:
+//!
+//! - File I/O: read, write, open, openat, close, stat, fstat, lstat, newfstatat
+//! - Directory: getdents, getdents64, getcwd, chdir
+//! - Memory: mmap, mprotect, munmap, brk, mremap, madvise
+//! - Process: clone, clone3, fork, vfork, execve, execveat, exit, exit_group
+//! - IPC: pipe, pipe2, socket, socketpair, connect, bind, listen, accept, accept4
+//! - Synchronization: futex, nanosleep, clock_nanosleep
+//! - Signals: rt_sigaction, rt_sigprocmask, rt_sigreturn, kill, tkill, tgkill
+//! - Resource: getrlimit, setrlimit, prlimit64, getrusage
+//! - Time: clock_gettime, gettimeofday, time
+//! - Misc: getpid, gettid, getuid, geteuid, getgid, getegid, uname, arch_prctl
+//!
+//! # Explicitly denied
+//!
+//! - ptrace (process hijacking)
+//! - mount, umount2 (filesystem manipulation)
+//! - kexec_load, kexec_file_load (kernel execution)
+//! - init_module, finit_module, delete_module (kernel module loading)
+//! - bpf (loading BPF programs — would bypass seccomp!)
+//! - reboot
+//! - swapon, swapoff
+//! - pivot_root
+//! - setuid, setgid, setreuid, setregid, setresuid, setresgid
+//! - personality
+//!
+//! # Safety
+//!
+//! Once the seccomp filter is installed, it is **irreversible** — even
+//! `prctl(PR_SET_SECCOMP, ...)` is denied. This is by design.
+
+/// Check if seccomp is available on this system.
+///
+/// Returns true if `/proc/sys/kernel/seccomp/actions_avail` exists and
+/// contains "kill_process", indicating the kernel supports seccomp BPF.
+#[cfg(target_os = "linux")]
+pub fn is_available() -> bool {
+    std::path::Path::new("/proc/sys/kernel/seccomp/actions_avail").exists()
+}
+
+#[cfg(not(target_os = "linux"))]
+pub fn is_available() -> bool {
+    false
+}
+
+/// Detect if a failure was caused by seccomp denial.
+///
+/// Seccomp kills the process with SIGSYS (or the thread with SECCOMP_RET_KILL_THREAD),
+/// and the exit code is typically SIGSYS (31) or the process may be killed with
+/// "Bad system call" on stderr.
+///
+/// Additionally, seccomp violations may produce EPERM for filtered syscalls
+/// if using SECCOMP_RET_ERRNO.
+#[cfg(target_os = "linux")]
+pub fn detect_denial(exit_code: i32, stderr: &str) -> bool {
+    // SIGSYS = 31
+    if exit_code == 31 {
+        return true;
+    }
+    // Check for seccomp denial patterns in stderr
+    stderr.contains("Bad system call")
+        || stderr.contains("bad system call")
+        || stderr.contains("SIGSYS")
+        || stderr.contains("seccomp")
+        || stderr.contains("invalid argument") && exit_code == 159
+    // 159 = 128 + 31 (died from SIGSYS with core dump disabled)
+}
+
+#[cfg(not(target_os = "linux"))]
+pub fn detect_denial(_exit_code: i32, _stderr: &str) -> bool {
+    false
+}
+
+/// Apply the seccomp filter to the calling thread.
+///
+/// This installs a BPF program that whitelists safe syscalls and kills the
+/// process on any disallowed syscall.
+///
+/// # Errors
+///
+/// Returns an error if the prctl call fails (e.g., seccomp already enabled
+/// or kernel too old).
+#[cfg(target_os = "linux")]
+pub fn apply_seccomp_filter() -> std::io::Result<()> {
+    // ── Build the BPF filter program ─────────────────────────────────────
+    //
+    // BPF for seccomp works as follows:
+    // 1. Load the architecture (4 bytes at offset 4 in seccomp_data)
+    // 2. Validate architecture matches AUDIT_ARCH_X86_64 (0xC000003E)
+    // 3. Load the syscall number (4 bytes at offset 0)
+    // 4. Compare against whitelist, return ALLOW on match
+    // 5. Return KILL on no match
+    //
+    // The filter uses a linear search over the whitelist. While not optimal,
+    // it's simple, auditable, and has no external dependencies. The BPF
+    // program is at most a few hundred instructions, which is well within
+    // the kernel's 4096-instruction limit.
+
+    #[repr(C)]
+    struct sock_filter {
+        code: u16,
+        jt: u8,
+        jf: u8,
+        k: u32,
+    }
+
+    const BPF_LD: u16 = 0x00;
+    const BPF_JMP: u16 = 0x05;
+    const BPF_RET: u16 = 0x06;
+
+    const BPF_W: u16 = 0x00;
+    const BPF_ABS: u16 = 0x20;
+
+    const BPF_JEQ: u16 = 0x10;
+    const BPF_JGE: u16 = 0x30;
+    const BPF_JA: u16 = 0x00;
+
+    const SECCOMP_RET_KILL_PROCESS: u32 = 0x8000_0000;
+    const SECCOMP_RET_ALLOW: u32 = 0x7FFF_0000;
+
+    // Audit arch for x86_64
+    const AUDIT_ARCH_X86_64: u32 = 0xC000_003E;
+
+    // Helper to build a BPF instruction compactly.
+    // Pattern from openai/codex codex-rs/codex-sandbox/src/linux/seccomp.rs; reimplemented.
+
+    // Whitelist of safe syscall numbers (x86_64).
+    // These are the syscalls most commonly used by shell commands, compilers,
+    // and developer tools. Any syscall NOT on this list causes immediate SIGSYS.
+    let allowed_syscalls: &[u32] = &[
+        0,    // read
+        1,    // write
+        2,    // open
+        3,    // close
+        4,    // stat
+        5,    // fstat
+        6,    // lstat
+        7,    // poll
+        8,    // lseek
+        9,    // mmap
+        10,   // mprotect
+        11,   // munmap
+        12,   // brk
+        13,   // rt_sigaction
+        14,   // rt_sigprocmask
+        15,   // rt_sigreturn
+        16,   // ioctl
+        17,   // pread64
+        18,   // pwrite64
+        19,   // readv
+        20,   // writev
+        21,   // access
+        22,   // pipe
+        23,   // select
+        24,   // sched_yield
+        25,   // mremap
+        27,   // mincore
+        28,   // madvise
+        29,   // shmget
+        30,   // shmat
+        32,   // dup
+        33,   // dup2
+        35,   // nanosleep
+        39,   // getpid
+        41,   // socket
+        42,   // connect
+        43,   // accept
+        44,   // sendto
+        45,   // recvfrom
+        46,   // sendmsg
+        47,   // recvmsg
+        48,   // shutdown
+        49,   // bind
+        50,   // listen
+        51,   // getsockname
+        52,   // getpeername
+        53,   // socketpair
+        54,   // setsockopt
+        55,   // getsockopt
+        56,   // clone
+        57,   // fork
+        58,   // vfork
+        59,   // execve
+        60,   // exit
+        61,   // wait4
+        62,   // kill
+        63,   // uname
+        72,   // fcntl
+        73,   // flock
+        74,   // fsync
+        75,   // fdatasync
+        76,   // truncate
+        77,   // ftruncate
+        78,   // getdents
+        79,   // getcwd
+        80,   // chdir
+        81,   // fchdir
+        82,   // rename
+        83,   // mkdir
+        84,   // rmdir
+        85,   // creat
+        86,   // link
+        87,   // unlink
+        88,   // symlink
+        89,   // readlink
+        90,   // chmod
+        91,   // fchmod
+        92,   // chown
+        93,   // fchown
+        94,   // lchown
+        95,   // umask
+        96,   // gettimeofday
+        97,   // getrlimit
+        98,   // getrusage
+        99,   // sysinfo
+        100,  // times
+        102,  // getuid
+        104,  // getgid
+        107,  // geteuid
+        108,  // getegid
+        110,  // getppid
+        111,  // getpgrp
+        112,  // setsid
+        116,  // syslog
+        131,  // sigaltstack
+        137,  // statfs
+        138,  // fstatfs
+        157,  // prctl
+        158,  // arch_prctl
+        186,  // gettid
+        201,  // time
+        202,  // futex
+        204,  // sched_getaffinity
+        217,  // getdents64
+        218,  // set_tid_address
+        228,  // clock_gettime
+        230,  // clock_nanosleep
+        231,  // exit_group
+        232,  // epoll_wait
+        233,  // epoll_ctl
+        234,  // tgkill
+        235,  // utimes
+        257,  // openat
+        262,  // newfstatat
+        273,  // set_robust_list
+        281,  // epoll_pwait
+        291,  // epoll_create1
+        292,  // dup3
+        293,  // pipe2
+        302,  // prlimit64
+        318,  // getrandom
+        332,  // statx
+        334,  // rseq
+        435,  // clone3
+    ];
+
+    // Build the BPF program.
+    let mut filter = Vec::<sock_filter>::new();
+
+    // Instruction 0: load architecture from seccomp_data.arch
+    filter.push(sock_filter {
+        code: BPF_LD | BPF_W | BPF_ABS,
+        jt: 0,
+        jf: 0,
+        k: 4, // offset of arch in seccomp_data
+    });
+
+    // Instruction 1: compare with AUDIT_ARCH_X86_64
+    // If match, jump to next instruction; if not, kill process
+    filter.push(sock_filter {
+        code: BPF_JMP | BPF_JEQ,
+        jt: 0,
+        jf: 1, // jump 1 forward (to KILL) if arch doesn't match
+        k: AUDIT_ARCH_X86_64,
+    });
+
+    // Instruction 2: KILL (wrong architecture)
+    filter.push(sock_filter {
+        code: BPF_RET,
+        jt: 0,
+        jf: 0,
+        k: SECCOMP_RET_KILL_PROCESS,
+    });
+
+    // Instruction 3: load syscall number from seccomp_data.nr
+    filter.push(sock_filter {
+        code: BPF_LD | BPF_W | BPF_ABS,
+        jt: 0,
+        jf: 0,
+        k: 0, // offset of nr in seccomp_data
+    });
+
+    // For each allowed syscall, add a compare+jump to ALLOW.
+    // We use a linear scan for simplicity: each JEQ instruction jumps
+    // forward over the remaining checks + KILL to reach ALLOW.
+    for &syscall in allowed_syscalls {
+        let remaining = (allowed_syscalls.len() as u8).saturating_sub(
+            allowed_syscalls.iter().position(|&s| s == syscall).unwrap_or(0) as u8
+        );
+        // If syscall == this one, jump to allow_target; otherwise fall through
+        filter.push(sock_filter {
+            code: BPF_JMP | BPF_JEQ,
+            jt: remaining, // jump forward to ALLOW
+            jf: 0,         // fall through to next check
+            k: syscall,
+        });
+    }
+
+    // Instruction N: KILL PROCESS for any unmatched syscall
+    filter.push(sock_filter {
+        code: BPF_RET,
+        jt: 0,
+        jf: 0,
+        k: SECCOMP_RET_KILL_PROCESS,
+    });
+
+    // Instruction N+1: ALLOW
+    filter.push(sock_filter {
+        code: BPF_RET,
+        jt: 0,
+        jf: 0,
+        k: SECCOMP_RET_ALLOW,
+    });
+
+    // ── Load the filter into the kernel ───────────────────────────────────
+
+    #[repr(C)]
+    struct sock_fprog {
+        len: u16,
+        filter: *const sock_filter,
+    }
+
+    let prog = sock_fprog {
+        len: filter.len() as u16,
+        filter: filter.as_ptr(),
+    };
+
+    // Safety: prctl with PR_SET_SECCOMP installs a seccomp BPF filter.
+    // The filter is a valid array of sock_filter instructions that lives
+    // for the duration of the prctl call.
+    let result = unsafe {
+        libc::prctl(
+            libc::PR_SET_SECCOMP,
+            libc::SECCOMP_MODE_FILTER,
+            &raw const prog,
+            0i64,
+            0i64,
+        )
+    };
+
+    if result != 0 {
+        return Err(std::io::Error::last_os_error());
+    }
+
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_is_available_does_not_panic() {
+        let _ = is_available();
+    }
+
+    #[test]
+    #[cfg(target_os = "linux")]
+    fn test_detect_denial() {
+        assert!(detect_denial(31, ""));
+        assert!(detect_denial(1, "Bad system call"));
+        assert!(detect_denial(1, "SIGSYS"));
+        assert!(!detect_denial(0, "Success"));
+        assert!(!detect_denial(1, "File not found"));
+    }
+
+    #[test]
+    fn test_detect_denial_non_linux() {
+        #[cfg(not(target_os = "linux"))]
+        {
+            assert!(!detect_denial(31, "Bad system call"));
+        }
+    }
+}
diff --git a/crates/tui/src/tools/diagnostics.rs b/crates/tui/src/tools/diagnostics.rs
index 2472a523..b03011da 100644
--- a/crates/tui/src/tools/diagnostics.rs
+++ b/crates/tui/src/tools/diagnostics.rs
@@ -28,6 +28,8 @@ struct DiagnosticsOutput {
     git_error: Option<String>,
     sandbox_available: bool,
     sandbox_type: Option<String>,
+    bwrap_available: bool,
+    cgroup_version: Option<u8>,
     rustc_version: Option<String>,
     cargo_version: Option<String>,
     /// User-trusted external paths the agent may access from this workspace
@@ -87,6 +89,12 @@ impl ToolSpec for DiagnosticsTool {
         let sandbox_type = crate::sandbox::get_platform_sandbox().map(|s| s.to_string());
         let sandbox_available = sandbox_type.is_some();
 
+        // Bubblewrap availability (#2184).
+        let bwrap_available = probe_bwrap_available();
+
+        // Cgroup version (Linux only).
+        let cgroup_version = probe_cgroup_version();
+
         let trusted_external_paths = context
             .trusted_external_paths
             .iter()
@@ -101,6 +109,8 @@ impl ToolSpec for DiagnosticsTool {
             git_error: git.error,
             sandbox_available,
             sandbox_type,
+            bwrap_available,
+            cgroup_version,
             rustc_version: probe_version("rustc", &["--version"], &context.workspace),
             cargo_version: probe_version("cargo", &["--version"], &context.workspace),
             trusted_external_paths,
@@ -144,6 +154,36 @@ fn probe_git(workspace: &Path) -> GitProbe {
     }
 }
 
+fn probe_bwrap_available() -> bool {
+    #[cfg(target_os = "linux")]
+    {
+        crate::sandbox::bwrap::is_available()
+    }
+    #[cfg(not(target_os = "linux"))]
+    {
+        false
+    }
+}
+
+fn probe_cgroup_version() -> Option<u8> {
+    #[cfg(target_os = "linux")]
+    {
+        let path = std::path::Path::new("/sys/fs/cgroup/cgroup.controllers");
+        if path.exists() {
+            return Some(2);
+        }
+        let path = std::path::Path::new("/sys/fs/cgroup");
+        if path.exists() {
+            return Some(1);
+        }
+        None
+    }
+    #[cfg(not(target_os = "linux"))]
+    {
+        None
+    }
+}
+
 fn probe_version(program: &str, args: &[&str], cwd: &Path) -> Option<String> {
     run_command(program, args, cwd).into_success()
 }
diff --git a/crates/tui/src/tools/shell.rs b/crates/tui/src/tools/shell.rs
index bb393267..650c4cb0 100644
--- a/crates/tui/src/tools/shell.rs
+++ b/crates/tui/src/tools/shell.rs
@@ -622,6 +622,15 @@ impl ShellManager {
         &self.sandbox_policy
     }
 
+    /// Enable or disable bubblewrap passthrough (#2184).
+    ///
+    /// When enabled and `/usr/bin/bwrap` is present on Linux, exec_shell
+    /// commands are routed through bubblewrap for filesystem isolation.
+    #[allow(dead_code)] // Wired from EngineConfig in follow-up PR
+    pub fn set_prefer_bwrap(&mut self, prefer: bool) {
+        self.sandbox_manager.set_prefer_bwrap(prefer);
+    }
+
     /// Request that the active foreground shell wait detach and leave its
     /// process running in the background job table.
     pub fn request_foreground_background(&mut self) {
diff --git a/crates/tui/src/tools/subagent/mod.rs b/crates/tui/src/tools/subagent/mod.rs
index 9da72d85..d50972ec 100644
--- a/crates/tui/src/tools/subagent/mod.rs
+++ b/crates/tui/src/tools/subagent/mod.rs
@@ -62,7 +62,12 @@ fn release_resident_leases_for(agent_id: &str) {
     }
 }
 
-const DEFAULT_MAX_STEPS: u32 = 100;
+/// Default maximum steps for sub-agent loops. Set to `u32::MAX` to remove the
+/// arbitrary fixed cap (#2034). Sub-agents run until they produce a final text
+/// response (no tool calls), are cancelled by the parent, or hit a configured
+/// explicit budget. Callers that want a hard bound can override `max_steps` on
+/// the `SubAgentManager`.
+const DEFAULT_MAX_STEPS: u32 = u32::MAX;
 const TOOL_TIMEOUT: Duration = Duration::from_secs(30);
 /// Per-step LLM API call timeout. Each `create_message` request must complete
 /// within this window or the step is treated as timed out. Prevents a single
diff --git a/crates/tui/src/tools/web_search.rs b/crates/tui/src/tools/web_search.rs
index d46cac7e..eec4aae3 100644
--- a/crates/tui/src/tools/web_search.rs
+++ b/crates/tui/src/tools/web_search.rs
@@ -210,10 +210,18 @@ impl ToolSpec for WebSearchTool {
                 ToolError::execution_failed(format!("Failed to build HTTP client: {e}"))
             })?;
 
+        // Track whether Bing was tried and returned zero, so we can surface
+        // the fallback in the result message (#2130).
+        let mut bing_was_empty = false;
+
         if matches!(context.search_provider, SearchProvider::Bing) {
             check_policy(decider, BING_HOST)?;
             let results = run_bing_search(&client, &query, max_results).await?;
-            return search_tool_result(query, "bing", results, None);
+            if !results.is_empty() {
+                return search_tool_result(query, "bing", results, None);
+            }
+            // Bing returned zero results — fall through to DuckDuckGo.
+            bing_was_empty = true;
         }
 
         // Per-domain network policy gate (#135). The "host" for web search is
@@ -250,7 +258,14 @@ impl ToolSpec for WebSearchTool {
 
         let mut results = parse_duckduckgo_results(&body, max_results);
         let mut source = "duckduckgo";
-        let mut message_suffix = None;
+        let mut message_suffix: Option<&str> = None;
+
+        // When Bing returned zero and we fell through to DuckDuckGo, surface
+        // the fallback in the result message (#2130).
+        if bing_was_empty && !results.is_empty() {
+            message_suffix = Some("Bing returned no results; used DuckDuckGo fallback");
+        }
+
         if results.is_empty() {
             let duckduckgo_blocked = is_duckduckgo_challenge(&body);
             // Bing is a separate host — gate it independently so a deny on
diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index e8df159c..1ced179b 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -474,9 +474,16 @@ pub(crate) fn render_footer_from(
         props.model.clear();
     }
 
+    // Shell-running chip: visible whenever a foreground shell command is
+    // active, regardless of user-configured status items.
+    let shell_chip = crate::tui::widgets::footer_shell_chip(active_foreground_shell_running(app));
+
     // Right-cluster extension chips: append in `items` order so user
     // ordering is preserved across the new variants.
     let mut extra: Vec<Span<'static>> = Vec::new();
+    if !shell_chip.is_empty() {
+        extra.extend(shell_chip);
+    }
     for item in items {
         let chip = match *item {
             S::PrefixStability => prefix_stability.clone(),
@@ -597,6 +604,9 @@ pub(crate) fn footer_auxiliary_spans(app: &App, max_width: usize) -> Vec<Span<'s
         })
         .unwrap_or_default();
 
+    let shell_spans =
+        crate::tui::widgets::footer_shell_chip(active_foreground_shell_running(app));
+
     let parts: Vec<&Vec<Span<'static>>> = [
         &coherence_spans,
         &agents_spans,
@@ -604,6 +614,7 @@ pub(crate) fn footer_auxiliary_spans(app: &App, max_width: usize) -> Vec<Span<'s
         &prefix_spans,
         &cache_spans,
         &cost_spans,
+        &shell_spans,
     ]
     .iter()
     .filter(|spans| !spans.is_empty())
diff --git a/crates/tui/src/tui/model_picker.rs b/crates/tui/src/tui/model_picker.rs
index d648fe50..8220dc6f 100644
--- a/crates/tui/src/tui/model_picker.rs
+++ b/crates/tui/src/tui/model_picker.rs
@@ -3,8 +3,8 @@
 //!
 //! Two side-by-side panes — Models on the left, Thinking effort on the
 //! right. Tab swaps focus, ↑/↓ moves within the focused pane, Enter applies
-//! both and closes the modal. Esc closes immediately when nothing moved; after
-//! a selection move it keeps the highlighted choice.
+//! both and closes the modal. Esc applies the last-highlighted choice and
+//! closes.
 //!
 //! The effort pane intentionally only exposes `Off / High / Max`. Per
 //! DeepSeek's [Thinking Mode docs](https://api-docs.deepseek.com/guides/reasoning_model),
@@ -274,8 +274,7 @@ impl ModalView for ModelPickerView {
 
     fn handle_key(&mut self, key: KeyEvent) -> ViewAction {
         match key.code {
-            KeyCode::Esc if self.selection_touched => ViewAction::EmitAndClose(self.build_event()),
-            KeyCode::Esc => ViewAction::Close,
+            KeyCode::Esc => ViewAction::EmitAndClose(self.build_event()),
             KeyCode::Enter => ViewAction::EmitAndClose(self.build_event()),
             KeyCode::Up => {
                 self.selection_touched |= self.move_up();
@@ -321,7 +320,7 @@ impl ModalView for ModelPickerView {
                 Span::styled(" Enter ", Style::default().fg(palette::TEXT_MUTED)),
                 Span::raw("apply "),
                 Span::styled(" Esc ", Style::default().fg(palette::TEXT_MUTED)),
-                Span::raw("cancel "),
+                Span::raw("apply "),
             ]))
             .borders(Borders::ALL)
             .border_style(Style::default().fg(palette::BORDER_COLOR))
@@ -577,14 +576,19 @@ mod tests {
     }
 
     #[test]
-    fn immediate_esc_closes_without_emitting() {
+    fn immediate_esc_applies_current_selection() {
         let (app, _lock) = create_test_app();
         let mut view = ModelPickerView::new(&app);
         let action = view.handle_key(KeyEvent::new(
             KeyCode::Esc,
             crossterm::event::KeyModifiers::NONE,
         ));
-        assert!(matches!(action, ViewAction::Close));
+        match action {
+            ViewAction::EmitAndClose(ViewEvent::ModelPickerApplied { model, .. }) => {
+                assert_eq!(model, "deepseek-v4-pro");
+            }
+            other => panic!("expected Esc to apply current selection, got {other:?}"),
+        }
     }
 
     #[test]
diff --git a/crates/tui/src/tui/sidebar.rs b/crates/tui/src/tui/sidebar.rs
index 8b488178..ec3d5bad 100644
--- a/crates/tui/src/tui/sidebar.rs
+++ b/crates/tui/src/tui/sidebar.rs
@@ -1606,6 +1606,12 @@ pub fn subagent_panel_lines(
             Style::default().fg(color),
         )));
 
+        // Auto-collapse finished sub-agents: hide detail lines for completed
+        // agents so the sidebar stays compact when work is done.
+        if row.status == "done" {
+            continue;
+        }
+
         if lines.len() >= max_rows {
             break;
         }
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 316bbd34..dbe69d38 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -714,6 +714,7 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         runtime_services: app.runtime_services.clone(),
         subagent_model_overrides: config.subagent_model_overrides(),
         subagent_api_timeout: Duration::from_secs(config.subagent_api_timeout_secs()),
+        prefer_bwrap: config.prefer_bwrap.unwrap_or(false),
         memory_enabled: config.memory_enabled(),
         memory_path: config.memory_path(),
         vision_config: config.vision_model_config(),
@@ -940,10 +941,10 @@ async fn run_event_loop(
         if let Some(ref handle) = version_check {
             done = handle.is_finished();
         }
-        if done {
-            if let Ok(Some(hint)) = version_check.take().unwrap().await {
-                app.version_hint = Some(hint);
-            }
+        if done
+            && let Ok(Some(hint)) = version_check.take().unwrap().await
+        {
+            app.version_hint = Some(hint);
         }
 
         if !drain_web_config_events(&mut web_config_session, app, config, &engine_handle).await {
diff --git a/crates/tui/src/tui/widgets/footer.rs b/crates/tui/src/tui/widgets/footer.rs
index 01ac69f8..27f13aa7 100644
--- a/crates/tui/src/tui/widgets/footer.rs
+++ b/crates/tui/src/tui/widgets/footer.rs
@@ -152,6 +152,19 @@ pub fn footer_working_label(frame: u64, locale: Locale) -> String {
     out
 }
 
+/// Build a "⏳ shell running" chip span when a foreground shell command is
+/// active. Empty when no shell is running, which hides the chip entirely.
+#[must_use]
+pub fn footer_shell_chip(active: bool) -> Vec<Span<'static>> {
+    if !active {
+        return Vec::new();
+    }
+    vec![Span::styled(
+        "\u{23F3} shell running".to_string(),
+        Style::default().fg(palette::STATUS_WARNING),
+    )]
+}
+
 /// Build a "N agents" chip span list when there are sub-agents in flight.
 /// Empty list when N == 0 hides the chip entirely. Singular for N == 1
 /// reads naturally; plural otherwise. The pluralization template lives in
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index a6b2307d..a97e7c56 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -16,7 +16,8 @@ mod renderable;
 pub mod tool_card;
 
 pub use footer::{
-    FooterProps, FooterToast, FooterWidget, footer_agents_chip, footer_working_label,
+    FooterProps, FooterToast, FooterWidget, footer_agents_chip, footer_shell_chip,
+    footer_working_label,
 };
 pub use header::{HeaderData, HeaderWidget, header_status_indicator_frame};
 pub use renderable::Renderable;
diff --git a/docs/SANDBOX.md b/docs/SANDBOX.md
new file mode 100644
index 00000000..cf90db1c
--- /dev/null
+++ b/docs/SANDBOX.md
@@ -0,0 +1,271 @@
+# Sandbox threat model
+
+CodeWhale executes shell commands spawned by AI reasoning. The sandbox
+module restricts what those commands can do to the host system. This
+document describes what each platform's sandbox actually enforces,
+what is best-effort, and what is explicitly out of scope.
+
+## Platform overview
+
+| Mechanism | Platform | Type | Status |
+|---|---|---|---|
+| Seatbelt | macOS | Mandatory access control | Enforced |
+| Landlock | Linux | Filesystem access control | Enforced |
+| seccomp BPF | Linux | Syscall filter | Enforced |
+| Process hardening | Linux | Kernel prctl / rlimit | Enforced |
+| Bubblewrap (bwrap) | Linux | Namespace isolation | Optional |
+| Windows Job Object | Windows | Process-tree containment | v1 (PR #2220) |
+
+## Threat model: what each layer addresses
+
+### 1. Process hardening (Linux only)
+
+**When it runs:** Before any threads are spawned, before Tokio boots,
+before any data is loaded into memory.
+
+**What it does:**
+
+- `PR_SET_DUMPABLE=0` — prevents ptrace, makes `/proc/<pid>/` root-owned
+- `PR_SET_NO_NEW_PRIVS=1` — irreversible; no child can ever gain privileges
+- `RLIMIT_CORE=0` — no core dumps, so sensitive data never hits disk
+
+**What it protects against:**
+- Process inspection via ptrace/strace/gdb
+- Privilege escalation via setuid/setgid/fscaps
+- Core dumps leaking API keys, tokens, prompt content
+
+**What it does NOT protect against:**
+- A compromised child reading its parent's `/proc/<pid>/mem` (already blocked
+  by `PR_SET_DUMPABLE=0` making `/proc/<pid>/` root-owned)
+- Kernel exploits that bypass prctl
+
+### 2. Landlock (Linux, kernel 5.13+)
+
+**When it runs:** Applied to each child process at spawn time via a
+helper script or `landlock_restrict_self`. Only restrictable by the
+process itself — parent cannot force Landlock on a child.
+
+**What it does:**
+- Restricts filesystem access to a whitelist of paths
+- Handles: `EXECUTE`, `READ_FILE`, `READ_DIR`, `WRITE_FILE`, `REMOVE_DIR`,
+  `REMOVE_FILE`, `MAKE_DIR`, `MAKE_REG`, `MAKE_SYM`, `TRUNCATE`
+
+**What it protects against:**
+- Reading files outside the workspace (e.g., `/etc/passwd`, `~/.ssh`)
+- Writing to system directories (`/usr`, `/bin`, `/lib`)
+- Creating or deleting files in protected locations
+
+**What it does NOT protect against:**
+- Network access (Landlock is filesystem-only)
+- Process inspection (use seccomp for this)
+- Reading files that are already mapped (Landlock applies at `open()` time)
+
+**Detection:** `detect_denial()` checks stderr for `Permission denied`,
+`Operation not permitted`, `EACCES`, `EPERM`.
+
+### 3. seccomp BPF (Linux only)
+
+**When it runs:** Installed via `prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)`
+on the child process.
+
+**What it does:**
+- Whitelist of ~100 safe syscalls (file I/O, memory, process, IPC,
+  synchronization, signals, time)
+- **Explicitly denied:** `ptrace`, `mount`, `umount2`, `kexec_load`,
+  `kexec_file_load`, `init_module`, `finit_module`, `delete_module`,
+  `bpf`, `reboot`, `swapon`, `swapoff`, `pivot_root`,
+  `setuid`/`setgid`/`setreuid`/`setregid`/`setresuid`/`setresgid`,
+  `personality`
+- Any syscall not on the whitelist → `SECCOMP_RET_KILL_PROCESS` (SIGSYS)
+
+**What it protects against:**
+- Process hijacking via ptrace
+- Mounting filesystems (bypassing Landlock read-only restrictions)
+- Loading kernel modules
+- Loading BPF programs (would bypass seccomp itself!)
+- Rebooting the system
+- Privilege changes via setuid/setgid
+
+**What it does NOT protect against:**
+- Legitimate use of allowed syscalls for malicious purposes
+- Side-channel attacks via allowed syscalls (e.g., timing)
+
+**Detection:** `detect_denial()` checks exit code 31 (SIGSYS) or stderr
+for `Bad system call`, `bad system call`, `SIGSYS`, `seccomp`.
+
+### 4. Bubblewrap / bwrap (Linux, optional)
+
+**When it runs:** If `/usr/bin/bwrap` is present AND the config key
+`[sandbox] prefer_bwrap = true` is set. Runs as an outer wrapper around
+the child command.
+
+**What it does:**
+- Creates a new mount namespace with `--unshare-all`
+- Read-only bind-mounts the entire root filesystem
+- Bind-mounts the workspace directory with read-write access
+- Changes into the workspace with `--chdir`
+
+**What it protects against:**
+- Any filesystem write outside the workspace (stronger than Landlock alone
+  because it's enforced at the namespace level, not just filesystem access)
+- Accidental modification of system files
+
+**What it does NOT protect against:**
+- Network access (bwrap does not create a network namespace by default with
+  `--unshare-all`; the child still has full network access)
+- Process inspection
+- Memory attacks
+
+**Installation:** User must install bubblewrap themselves:
+- Ubuntu/Debian: `apt install bubblewrap`
+- Fedora: `dnf install bubblewrap`
+- Arch: `pacman -S bubblewrap`
+
+CodeWhale does NOT vendor bwrap.
+
+**Fallback:** If bwrap is not installed, the sandbox falls back to Landlock
+only.
+
+### 5. Seatbelt (macOS)
+
+**When it runs:** Applied via the `sandbox-exec` wrapper command. The
+seatbelt profile is generated dynamically based on the `SandboxPolicy`.
+
+**What it does:**
+- Restricts filesystem access based on the policy profile
+- Can restrict network access (when `network_access: false`)
+
+**What it protects against:**
+- Reading/writing files outside allowed paths
+- Network connections (when configured)
+
+**What it does NOT protect against:**
+- Process inspection (Seatbelt does not block ptrace)
+- Syscall-level attacks
+
+**Detection:** Checks stderr for `file-write` and `network` denial patterns.
+
+### 6. Windows Job Object (v1, PR #2220)
+
+**When it runs:** Applied at process spawn time via
+`PROC_THREAD_ATTRIBUTE_JOB_LIST` and restricted token assignment.
+
+**What it does (v1):**
+- Job Object with `JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE` — all child
+  processes terminate when the parent exits
+- Memory cap: 1 GB per process, 2 GB per job
+- Active process limit: 64
+- UI restrictions: no desktop handle access
+- Restricted token: drops Administrators group SID, sets medium-low
+  integrity level
+
+**What is deferred (v2):**
+- WFP (Windows Filtering Platform) firewall rules — network is open in v1
+- Filesystem ACL integration at spawn time (stub exists)
+- AppContainer isolation
+- Registry key isolation
+
+**Detection:** Checks stderr for `Access is denied`, `STATUS_ACCESS_DENIED`,
+`ERROR_ACCESS_DENIED`, `ERROR_PRIVILEGE_NOT_HELD`,
+`ERROR_ACCESS_DISABLED_BY_POLICY`, and integrity/AppContainer patterns.
+
+## Defense in depth
+
+The Linux sandbox applies layers in order:
+
+```
+Process hardening (prctl)    ← before threads
+    ↓
+Landlock (filesystem)        ← at child spawn
+    ↓
+seccomp BPF (syscalls)       ← at child spawn
+    ↓
+bwrap (namespace isolation)  ← optional outer wrapper
+```
+
+Each layer addresses a different threat surface. seccomp cannot protect the
+filesystem (that's Landlock's job). Landlock cannot stop ptrace (that's
+seccomp + PR_SET_DUMPABLE). bwrap adds namespace-level isolation that
+neither Landlock nor seccomp can provide.
+
+## Configuration
+
+Relevant config keys in `~/.codewhale/config.toml`:
+
+```toml
+# Sandbox policy mode
+sandbox_mode = "workspace-write"  # read-only | workspace-write | danger-full-access | external-sandbox
+
+# Linux bubblewrap passthrough
+prefer_bwrap = false              # requires `bubblewrap` package installed
+
+# External sandbox backend
+sandbox_backend = "none"          # "none" or "opensandbox"
+sandbox_url = "http://localhost:8080"
+sandbox_api_key = "YOUR_API_KEY"
+```
+
+Environment variable overrides:
+
+- `DEEPSEEK_SANDBOX_MODE` → `sandbox_mode`
+- `DEEPSEEK_PREFER_BWRAP=true` → `prefer_bwrap`
+- `DEEPSEEK_SANDBOX_BACKEND` → `sandbox_backend`
+- `DEEPSEEK_SANDBOX_URL` → `sandbox_url`
+- `DEEPSEEK_SANDBOX_API_KEY` → `sandbox_api_key`
+
+## Detecting sandbox denials
+
+When a command fails, the sandbox manager checks for denial patterns:
+
+| Platform | Denial mechanism | Exit code | Stderr patterns |
+|---|---|---|---|
+| macOS Seatbelt | sandbox-exec violation | non-zero | `file-write`, `network` |
+| Linux Landlock | EACCES / EPERM | non-zero | `Permission denied`, `Operation not permitted` |
+| Linux seccomp | SIGSYS (31) | 31 or 159 | `Bad system call`, `SIGSYS` |
+| Linux bwrap | Mount/namespace failure | non-zero | varies |
+| Windows | Access denied / privilege | non-zero | `Access is denied`, `ERROR_PRIVILEGE_NOT_HELD` |
+
+The `was_denied()` method on `SandboxManager` aggregates all platform-specific
+checks. The `denial_message()` method returns a human-readable explanation.
+
+## Limitations
+
+### What the sandbox does NOT protect against
+
+- **Network attacks** — only macOS Seatbelt can block network; Linux and
+  Windows v1 leave network open
+- **Memory attacks** — no platform prevents a child process from reading
+  its own memory or exploiting memory corruption bugs
+- **Timing side channels** — allowed syscalls on Linux can be used for
+  timing-based information leaks
+- **Resource exhaustion** — the Linux job object limits memory and process
+  count, but does not limit CPU, file descriptors, or disk I/O
+- **Kernel vulnerabilities** — if the kernel itself has a vulnerability,
+  the sandbox cannot prevent exploitation (this applies to all platforms)
+- **Supply chain** — if the child process downloads and executes untrusted
+  code, the sandbox limits what that code can do, but does not prevent the
+  download
+
+### Platform-specific gaps
+
+- **Linux:** Landlock only protects filesystem access. seccomp adds syscall
+  filtering but uses a whitelist that may need updates for new syscalls.
+- **macOS:** Seatbelt profiles are generated at runtime. A misconfigured
+  profile could be too permissive.
+- **Windows v1:** No filesystem ACL enforcement at spawn time. Network is
+  fully open. Job Object is process-tree only.
+
+## Related
+
+- `crates/tui/src/sandbox/` — implementation
+- `crates/config/src/lib.rs` — config keys
+- `crates/tui/src/tools/diagnostics.rs` — `diagnostics` tool reports
+  `sandbox_available`, `sandbox_type`, `bwrap_available`, `cgroup_version`
+- `config.example.toml` — annotated config reference
+- Issue #2180 — this document
+- Issue #2182 — seccomp filter implementation
+- Issue #2183 — process hardening
+- Issue #2184 — bwrap passthrough
+- Issue #2185 — Windows Job Object v1
+- Issue #2186 — SandboxExecutor trait unification
+- Issue #2187 — sandbox parity tests
diff --git a/docs/rfcs/2189-persistence-sqlite.md b/docs/rfcs/2189-persistence-sqlite.md
new file mode 100644
index 00000000..0396a546
--- /dev/null
+++ b/docs/rfcs/2189-persistence-sqlite.md
@@ -0,0 +1,86 @@
+# RFC: Persistence SQLite Migration
+...
+
+### 1.1 `crates/state` — partial SQLite (rusqlite)
+
+**Backend**: SQLite via `rusqlite` (not sqlx).  
+**Path**: `~/.deepseek/state.db`  
+**Tables**: `threads`, `thread_dynamic_tools`, `messages`, `checkpoints`, `jobs`  
+**Also**: `session_index.jsonl` — append-only JSONL for thread-name lookups.  
+**Schema versioning**: none — table shape is versioned implicitly by the binary.
+
+### 1.2 `crates/tui/src/session_manager.rs` — JSON sessions
+
+**Backend**: individual JSON files + atomic writes via `write_atomic`.  
+**Paths**:
+- `~/.codewhale/sessions/{id}.json` (preferred, v0.8.44+) or `~/.deepseek/sessions/{id}.json` (fallback)
+- `~/.deepseek/sessions/checkpoints/latest.json` — crash-recovery checkpoint
+- `~/.deepseek/sessions/checkpoints/offline_queue.json` — offline/degraded-mode queue
+
+**Schema constants**:
+- `CURRENT_SESSION_SCHEMA_VERSION: u32 = 1` (`SavedSession`)
+- `CURRENT_QUEUE_SCHEMA_VERSION: u32 = 1` (`OfflineQueueState`)
+
+**Policy**: reject-newer — older binary will refuse to load data written by a newer version.
+
+### 1.3 `crates/tui/src/runtime_threads.rs` — JSON runtime store
+
+**Backend**: per-record JSON files + append-only JSONL for events.  
+**Paths** (under `~/.deepseek/tasks/runtime/` or `DEEPSEEK_RUNTIME_DIR`):
+- `threads/{id}.json`
+- `turns/{id}.json`
+- `items/{id}.json`
+- `events/{thread_id}.jsonl` — append-only JSONL event timeline
+- `state.json` — global monotonic sequence counter
+
+**Schema constants**:
+- `CURRENT_RUNTIME_SCHEMA_VERSION: u32 = 2`
+
+**Policy**: reject-newer.
+
+### 1.4 `crates/tui/src/task_manager.rs` — JSON task store
+
+**Backend**: per-record JSON files + atomic writes.  
+**Paths** (under `~/.deepseek/tasks/` or `DEEPSEEK_TASKS_DIR`):
+- `{id}.json` — per-task records
+- `queue.json` — queue state
+
+**Schema constants**:
+- `CURRENT_TASK_SCHEMA_VERSION: u32 = 2`
+
+**Policy**: reject-newer.
+
+### 1.5 `crates/tui/src/automation_manager.rs` — JSON automation store
+
+**Backend**: per-record JSON files.  
+**Paths** (under `~/.deepseek/automations/` or `DEEPSEEK_AUTOMATIONS_DIR`):
+- `{id}.json`
+
+**Schema constants**:
+- `CURRENT_AUTOMATION_SCHEMA_VERSION: u32 = 1`
+
+### 1.6 `crates/tui/src/audit.rs` — JSONL audit log
+
+**Backend**: append-only JSONL with fsync after each event.  
+**Path**: `~/.deepseek/audit.log`  
+**Schema**: no version field — each line is a `{"ts", "event", "details"}` blob.
+
+### 1.7 Summary of issues
+
+| Area | Backend | Schema Version | Write Strategy | Queryability |
+|------|---------|---------------|----------------|-------------|
+| state (threads/messages/jobs) | SQLite | implicit | direct SQL | SQL |
+| sessions | JSON files | v1 | atomic rename | file scan |
+| runtime threads/turns/items | JSON files | v2 | atomic rename | file scan |
+| runtime events | JSONL | v2 | append+fsync | linear scan |
+| tasks | JSON files | v2 | atomic rename | file scan |
+| automations | JSON files | v1 | atomic rename | file scan |
+| audit | JSONL | none | append+fsync | linear scan |
+
+**Key pain points**:
+1. **Listing** threads/sessions/tasks requires scanning directories and deserializing every file.
+2. **Filtering** (e.g., "all failed tasks in last 7 days") requires full scans.
+3. **No transactional consistency** — a crash between saving a turn and its items can leave orphans.
+4. **Event timeline growth** — JSONL append is O(n) for replay; no indexing.
+5. **Six different schema version constants** across four modules, each with the same reject-newer policy.
+
diff --git a/docs/rfcs/2190-mcp-modularization.md b/docs/rfcs/2190-mcp-modularization.md
new file mode 100644
index 00000000..26f86420
--- /dev/null
+++ b/docs/rfcs/2190-mcp-modularization.md
@@ -0,0 +1,226 @@
+# RFC: MCP Modularization
+
+**Issue:** #2190
+**Status:** Draft
+**Date:** 2026-05-26
+
+## 1. Current state
+
+### 1.1 `codewhale-mcp` crate (`crates/mcp/`)
+
+The current MCP implementation lives in a single crate with two responsibilities:
+
+- **MCP client** — connects to MCP servers over stdio, manages protocol handshake,
+  tool discovery, and tool invocation. Used by the TUI to surface MCP tools as
+  `mcp_<server>_<tool>` entries in the tool registry.
+- **MCP stdio server** — a minimal MCP server that exposes CodeWhale's own tools
+  over stdio for external MCP clients. Used by the `codewhale mcp` CLI subcommand.
+
+Both the client and server share protocol types (JSON-RPC messages, tool schemas)
+but have different lifecycle concerns and different callers.
+
+### 1.2 Integration points
+
+- `crates/tui/src/mcp.rs` — MCP client integration: server lifecycle, tool
+  discovery, tool execution forwarding
+- `crates/tui/src/mcp_server.rs` — MCP stdio server: exposes TUI tools via
+  stdio MCP protocol
+- `docs/MCP.md` — user-facing documentation
+
+## 2. Motivation
+
+### 2.1 Separation of concerns
+
+The client and server share a crate but have no shared code paths at runtime.
+They import the same protocol types but serve different roles:
+- The client is **outbound** — it connects to external servers
+- The server is **inbound** — it accepts connections from external clients
+
+Mixing them in one crate creates unnecessary coupling: changes to the server
+API recompile the client, and vice versa.
+
+### 2.2 OAuth support
+
+The current MCP client has no OAuth support. MCP servers that require OAuth
+(e.g., GitHub, Google) cannot be used. Adding OAuth to the client requires:
+- Token storage (keychain, env-based, or config-based)
+- OAuth flow (device code, PKCE, or client credentials)
+- Token refresh and expiry handling
+
+These concerns are client-side only and should not affect the server crate.
+
+### 2.3 Reuse outside the TUI
+
+The MCP client is currently embedded in the TUI binary. If we want to use
+MCP tools from:
+- The `app-server` (HTTP/SSE runtime API)
+- The `codewhale` CLI (non-interactive mode)
+- External consumers (library use)
+
+...the client needs to be a standalone crate with a clean public API.
+
+## 3. Proposed crate split
+
+```
+crates/mcp/           →  crates/mcp-protocol/   (shared types, no I/O)
+                          crates/mcp-client/     (client implementation)
+                          crates/mcp-server/     (server implementation)
+```
+
+### 3.1 `codewhale-mcp-protocol`
+
+**Contents:** JSON-RPC message types, tool schema types, protocol constants,
+handshake types, error types. No I/O, no async runtime dependency.
+
+**Dependencies:** `serde`, `serde_json`, `codewhale-protocol` (for tool schema)
+
+**Public API:**
+```rust
+pub mod messages;     // JSON-RPC request/response/notification types
+pub mod tools;        // MCP tool schema types
+pub mod errors;       // MCP error codes
+pub mod version;      // Protocol version constants
+```
+
+### 3.2 `codewhale-mcp-client`
+
+**Contents:** MCP client: stdio transport, process management, handshake,
+tool discovery, tool invocation, OAuth support.
+
+**Dependencies:** `codewhale-mcp-protocol`, `tokio`, `serde_json`, `tracing`,
+`oauth2` (new, for OAuth), `keyring` (optional, for token storage)
+
+**Public API:**
+```rust
+pub struct McpClient {
+    // Configuration
+}
+
+impl McpClient {
+    pub async fn connect(config: McpClientConfig) -> Result<Self>;
+    pub async fn list_tools(&self) -> Result<Vec<ToolSchema>>;
+    pub async fn call_tool(&self, name: &str, args: Value) -> Result<Value>;
+    pub async fn disconnect(self);
+}
+
+pub struct McpClientConfig {
+    pub command: String,           // e.g., "npx", "python"
+    pub args: Vec<String>,         // e.g., ["-y", "@modelcontextprotocol/server-github"]
+    pub env: HashMap<String, String>,
+    pub oauth: Option<OAuthConfig>,
+    pub timeout: Duration,
+}
+
+pub struct OAuthConfig {
+    pub provider: OAuthProvider,
+    pub client_id: String,
+    pub scopes: Vec<String>,
+    pub token_storage: TokenStorage,
+}
+
+pub enum OAuthProvider {
+    Github,
+    Google,
+    Custom { auth_url: String, token_url: String },
+}
+```
+
+### 3.3 `codewhale-mcp-server`
+
+**Contents:** MCP stdio server: accepts connections, exposes tool list,
+handles tool calls, manages stdio transport.
+
+**Dependencies:** `codewhale-mcp-protocol`, `codewhale-tools`, `tokio`,
+`serde_json`, `tracing`
+
+**Public API:**
+```rust
+pub struct McpServer {
+    // Tool registry
+}
+
+impl McpServer {
+    pub fn new(tools: Vec<Arc<dyn ToolSpec>>) -> Self;
+    pub async fn serve_stdio(self) -> Result<()>;
+    pub async fn serve_sse(self, addr: SocketAddr) -> Result<()>;
+}
+```
+
+## 4. Migration path
+
+### Phase 1: Extract protocol crate (non-breaking)
+
+1. Move shared types from `crates/mcp/src/` to `crates/mcp-protocol/src/`
+2. Re-export from `codewhale-mcp` for backward compatibility
+3. Update `Cargo.toml` in `codewhale-mcp` to depend on `codewhale-mcp-protocol`
+
+### Phase 2: Split client and server (breaking for direct imports)
+
+1. Create `crates/mcp-client/` with client code
+2. Create `crates/mcp-server/` with server code
+3. Update `codewhale-tui` to depend on `codewhale-mcp-client`
+4. Update `codewhale-cli` to depend on `codewhale-mcp-server`
+5. Deprecate `codewhale-mcp` crate (re-exports from new crates)
+
+### Phase 3: Remove legacy crate
+
+1. Remove `crates/mcp/` after a deprecation cycle (one release)
+
+## 5. OAuth integration
+
+### 5.1 Token storage
+
+Tokens should be stored securely. Options (in priority order):
+1. OS keychain via `keyring` crate (macOS Keychain, Windows Credential Manager,
+   Linux Secret Service)
+2. Encrypted file in `~/.codewhale/mcp-credentials/` (fallback)
+3. Environment variable `MCP_OAUTH_TOKEN_<PROVIDER>`
+
+### 5.2 OAuth flows
+
+Initial implementation supports:
+- **Device Code Flow** (GitHub) — user opens a URL, enters a code
+- **Client Credentials** — for service-to-service MCP servers
+
+Future (deferred):
+- **PKCE** — for user-facing OAuth with redirect
+- **Token refresh** — automatic refresh with refresh_token
+
+### 5.3 Configuration
+
+```toml
+# ~/.codewhale/config.toml
+[mcp.servers.github]
+command = "npx"
+args = ["-y", "@modelcontextprotocol/server-github"]
+
+[mcp.servers.github.oauth]
+provider = "github"
+client_id = "your-client-id"
+scopes = ["repo", "read:org"]
+```
+
+## 6. Risks and unknowns
+
+| Risk | Mitigation |
+|---|---|
+| Crate proliferation | 3 small crates vs 1 medium crate; each has a clear purpose |
+| Breaking internal imports | Phase 2 carries `codewhale-mcp` deprecation shim for one release |
+| OAuth token security | OS keychain preferred; encrypted fallback with file permissions |
+| Testing complexity | Each crate has its own test suite; integration tests remain in `crates/tui/tests/` |
+| Dependency bloat | `oauth2` and `keyring` are optional features; consumers opt in |
+
+## 7. Out of scope (future RFCs)
+
+- MCP over HTTP/SSE transport (currently stdio only)
+- MCP server discovery (currently explicit config)
+- MCP tool result streaming (currently request-response)
+- MCP server-side tool approval flows
+
+## Related
+
+- `crates/mcp/src/` — current implementation
+- `crates/tui/src/mcp.rs` — TUI MCP integration
+- `crates/tui/src/mcp_server.rs` — MCP stdio server
+- `docs/MCP.md` — user-facing documentation
+- Issue #2190 — this RFC
diff --git a/integrations/feishu-bridge/package-lock.json b/integrations/feishu-bridge/package-lock.json
index 9b00cd14..59a9402b 100644
--- a/integrations/feishu-bridge/package-lock.json
+++ b/integrations/feishu-bridge/package-lock.json
@@ -510,9 +510,9 @@
       }
     },
     "node_modules/qs": {
-      "version": "6.15.1",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.1.tgz",
-      "integrity": "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==",
+      "version": "6.15.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
+      "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==",
       "license": "BSD-3-Clause",
       "dependencies": {
         "side-channel": "^1.1.0"
diff --git a/integrations/feishu-bridge/package.json b/integrations/feishu-bridge/package.json
index 9ee1fcc6..f67c33a7 100644
--- a/integrations/feishu-bridge/package.json
+++ b/integrations/feishu-bridge/package.json
@@ -15,7 +15,8 @@
     "@larksuiteoapi/node-sdk": "^1.52.0"
   },
   "overrides": {
-    "axios": "^1.16.1"
+    "axios": "^1.16.1",
+    "qs": ">=6.15.2"
   },
   "engines": {
     "node": ">=18"
diff --git a/scripts/release/install.bat b/scripts/release/install.bat
new file mode 100644
index 00000000..69019415
--- /dev/null
+++ b/scripts/release/install.bat
@@ -0,0 +1,38 @@
+@echo off
+setlocal enabledelayedexpansion
+:: CodeWhale Windows installer
+:: Copies codewhale.exe and codewhale-tui.exe to %USERPROFILE%\bin
+
+set "BIN_DIR=%USERPROFILE%\bin"
+set "SCRIPT_DIR=%~dp0"
+
+if not exist "%BIN_DIR%" mkdir "%BIN_DIR%"
+
+echo Installing codewhale to %BIN_DIR%...
+
+copy /Y "%SCRIPT_DIR%codewhale.exe" "%BIN_DIR%\codewhale.exe" >nul
+if %ERRORLEVEL% neq 0 (
+    echo ERROR: Failed to copy codewhale.exe
+    exit /b 1
+)
+
+copy /Y "%SCRIPT_DIR%codewhale-tui.exe" "%BIN_DIR%\codewhale-tui.exe" >nul
+if %ERRORLEVEL% neq 0 (
+    echo ERROR: Failed to copy codewhale-tui.exe
+    exit /b 1
+)
+
+echo.
+echo Done. Both binaries installed to %BIN_DIR%.
+echo.
+echo Add %BIN_DIR% to your PATH:
+echo   1. Open Start, search "environment variables"
+echo   2. Click "Environment Variables..."
+echo   3. Under "User variables", select "Path" and click "Edit"
+echo   4. Click "New" and add: %BIN_DIR%
+echo   5. Click OK, then restart your terminal
+echo.
+echo Or run this in an admin PowerShell:
+echo   [Environment]::SetEnvironmentVariable('Path', [Environment]::GetEnvironmentVariable('Path', 'User') + ';%BIN_DIR%', 'User')
+echo.
+echo Then run: codewhale
diff --git a/scripts/release/install.sh b/scripts/release/install.sh
new file mode 100644
index 00000000..7841c76f
--- /dev/null
+++ b/scripts/release/install.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+set -euo pipefail
+# CodeWhale Unix installer
+# Copies codewhale and codewhale-tui to ~/.local/bin (or $PREFIX/bin)
+
+PREFIX="${PREFIX:-$HOME/.local}"
+BIN_DIR="${PREFIX}/bin"
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+mkdir -p "$BIN_DIR"
+
+echo "Installing codewhale to $BIN_DIR ..."
+
+for bin in codewhale codewhale-tui; do
+    src="$SCRIPT_DIR/$bin"
+    dst="$BIN_DIR/$bin"
+    if [[ ! -f "$src" ]]; then
+        echo "ERROR: $src not found in archive"
+        exit 1
+    fi
+    cp "$src" "$dst"
+    chmod +x "$dst"
+    echo "  $dst"
+done
+
+echo ""
+echo "Done. Both binaries installed to $BIN_DIR."
+
+# Check if BIN_DIR is on PATH
+if [[ ":$PATH:" != *":$BIN_DIR:"* ]]; then
+    echo ""
+    echo "Add $BIN_DIR to your PATH:"
+    echo ""
+    SHELL_NAME="$(basename "${SHELL:-$SHELL}")"
+    case "$SHELL_NAME" in
+        zsh)  RC="$HOME/.zshrc" ;;
+        bash) RC="$HOME/.bashrc" ;;
+        fish) RC="$HOME/.config/fish/config.fish" ;;
+        *)    RC="your shell profile" ;;
+    esac
+    echo "  echo 'export PATH=\"$BIN_DIR:\$PATH\"' >> $RC"
+    echo "  source $RC"
+fi
+
+echo ""
+echo "Then run: codewhale"
diff --git a/web/components/install-binary.tsx b/web/components/install-binary.tsx
index 0e36afaa..16bad1b5 100644
--- a/web/components/install-binary.tsx
+++ b/web/components/install-binary.tsx
@@ -8,22 +8,30 @@ type Arch = "macos-arm64" | "macos-x64" | "linux-x64" | "linux-arm64" | "windows
 const SNIPPETS: Record<Arch, string> = {
   "macos-arm64": `curl -fsSL -o codewhale \\
   https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-macos-arm64
-chmod +x codewhale
-xattr -d com.apple.quarantine codewhale 2>/dev/null || true
-sudo mv codewhale /usr/local/bin/`,
+curl -fsSL -o codewhale-tui \\
+  https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-tui-macos-arm64
+chmod +x codewhale codewhale-tui
+xattr -d com.apple.quarantine codewhale codewhale-tui 2>/dev/null || true
+sudo mv codewhale codewhale-tui /usr/local/bin/`,
   "macos-x64": `curl -fsSL -o codewhale \\
   https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-macos-x64
-chmod +x codewhale
-xattr -d com.apple.quarantine codewhale 2>/dev/null || true
-sudo mv codewhale /usr/local/bin/`,
+curl -fsSL -o codewhale-tui \\
+  https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-tui-macos-x64
+chmod +x codewhale codewhale-tui
+xattr -d com.apple.quarantine codewhale codewhale-tui 2>/dev/null || true
+sudo mv codewhale codewhale-tui /usr/local/bin/`,
   "linux-x64": `curl -fsSL -o codewhale \\
   https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-linux-x64
-chmod +x codewhale
-sudo mv codewhale /usr/local/bin/`,
+curl -fsSL -o codewhale-tui \\
+  https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-tui-linux-x64
+chmod +x codewhale codewhale-tui
+sudo mv codewhale codewhale-tui /usr/local/bin/`,
   "linux-arm64": `curl -fsSL -o codewhale \\
   https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-linux-arm64
-chmod +x codewhale
-sudo mv codewhale /usr/local/bin/`,
+curl -fsSL -o codewhale-tui \\
+  https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-tui-linux-arm64
+chmod +x codewhale codewhale-tui
+sudo mv codewhale codewhale-tui /usr/local/bin/`,
   "windows-x64": `# PowerShell
 $ErrorActionPreference = "Stop"
 $dest = "$Env:USERPROFILE\\bin"
@@ -32,6 +40,9 @@ New-Item -ItemType Directory -Force $dest | Out-Null
 Invoke-WebRequest \`
   -Uri https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-windows-x64.exe \`
   -OutFile "$dest\\codewhale.exe"
+Invoke-WebRequest \`
+  -Uri https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-tui-windows-x64.exe \`
+  -OutFile "$dest\\codewhale-tui.exe"
 
 $Env:Path = "$dest;$Env:Path"`,
 };
@@ -46,7 +57,8 @@ sha256sum -c codewhale-artifacts-sha256.txt --ignore-missing`,
   "linux-arm64": `curl -fsSL -O https://github.com/Hmbown/CodeWhale/releases/latest/download/codewhale-artifacts-sha256.txt
 sha256sum -c codewhale-artifacts-sha256.txt --ignore-missing`,
   "windows-x64": `# PowerShell
-Get-FileHash "$Env:USERPROFILE\\bin\\codewhale.exe" -Algorithm SHA256`,
+Get-FileHash "$Env:USERPROFILE\\bin\\codewhale.exe" -Algorithm SHA256
+Get-FileHash "$Env:USERPROFILE\\bin\\codewhale-tui.exe" -Algorithm SHA256`,
 };
 
 const LABELS: Record<Arch, string> = {
@@ -103,4 +115,4 @@ export function InstallBinary({ copyLabel, copiedLabel, verifyHeading = "Verify
       </div>
     </div>
   );
-}
+}
\ No newline at end of file
diff --git a/web/components/install-download-tile.tsx b/web/components/install-download-tile.tsx
new file mode 100644
index 00000000..065b10a1
--- /dev/null
+++ b/web/components/install-download-tile.tsx
@@ -0,0 +1,160 @@
+"use client";
+
+import { useEffect, useState } from "react";
+
+type Arch = "macos-arm64" | "macos-x64" | "linux-x64" | "linux-arm64" | "windows-x64";
+
+const BASE =
+  "https://github.com/Hmbown/CodeWhale/releases/latest/download";
+
+const ASSETS: Record<Arch, { zip: string; sha: string }> = {
+  "macos-arm64": {
+    zip: `${BASE}/codewhale-macos-arm64.zip`,
+    sha: `${BASE}/codewhale-artifacts-sha256.txt`,
+  },
+  "macos-x64": {
+    zip: `${BASE}/codewhale-macos-x64.zip`,
+    sha: `${BASE}/codewhale-artifacts-sha256.txt`,
+  },
+  "linux-x64": {
+    zip: `${BASE}/codewhale-linux-x64.zip`,
+    sha: `${BASE}/codewhale-artifacts-sha256.txt`,
+  },
+  "linux-arm64": {
+    zip: `${BASE}/codewhale-linux-arm64.zip`,
+    sha: `${BASE}/codewhale-artifacts-sha256.txt`,
+  },
+  "windows-x64": {
+    zip: `${BASE}/codewhale-windows-x64.zip`,
+    sha: `${BASE}/codewhale-artifacts-sha256.txt`,
+  },
+};
+
+const LABELS: Record<Arch, string> = {
+  "macos-arm64": "macOS · Apple Silicon",
+  "macos-x64": "macOS · Intel",
+  "linux-x64": "Linux · x64",
+  "linux-arm64": "Linux · arm64",
+  "windows-x64": "Windows · x64",
+};
+
+function detect(): Arch {
+  if (typeof navigator === "undefined") return "macos-arm64";
+  const ua = navigator.userAgent.toLowerCase();
+  if (ua.includes("win")) return "windows-x64";
+  if (ua.includes("linux")) {
+    if (ua.includes("aarch64") || ua.includes("arm64")) return "linux-arm64";
+    return "linux-x64";
+  }
+  return "macos-arm64";
+}
+
+interface Props {
+  heading: string;
+  downloadLabel: string;
+  sha256Label: string;
+  mirrorHeading: string;
+  mirrorGhproxy: string;
+  mirrorJsdelivr: string;
+  offlineCallout: string;
+}
+
+export function InstallDownloadTile({
+  heading,
+  downloadLabel,
+  sha256Label,
+  mirrorHeading,
+  mirrorGhproxy,
+  mirrorJsdelivr,
+  offlineCallout,
+}: Props) {
+  const [arch, setArch] = useState<Arch>("macos-arm64");
+
+  useEffect(() => {
+    setArch(detect());
+  }, []);
+
+  const { zip, sha } = ASSETS[arch];
+  const ghproxy = `https://ghproxy.com/${zip}`;
+  const jsdelivr = `https://cdn.jsdelivr.net/gh/Hmbown/CodeWhale@latest/${zip.split("/").pop()}`;
+
+  return (
+    <div>
+      {/* Arch selector tabs */}
+      <div className="flex flex-wrap gap-0 mb-6 hairline-t hairline-b hairline-l hairline-r">
+        {(Object.keys(LABELS) as Arch[]).map((a, i) => (
+          <button
+            key={a}
+            onClick={() => setArch(a)}
+            className={`px-3 py-1.5 font-mono text-[0.7rem] tracking-wider transition-colors ${
+              i > 0 ? "hairline-l" : ""
+            } ${arch === a ? "bg-ink text-paper" : "bg-paper hover:bg-paper-deep"}`}
+          >
+            {LABELS[a]}
+          </button>
+        ))}
+      </div>
+
+      <h2 className="font-display text-3xl mb-2">{heading}</h2>
+
+      {/* Download button */}
+      <div className="flex flex-wrap items-center gap-4 mt-6 mb-4">
+        <a
+          href={zip}
+          className="inline-flex items-center gap-2 px-5 py-3 bg-ink text-paper font-mono text-sm tracking-wide hover:bg-indigo transition-colors"
+          download
+        >
+          <svg width="16" height="16" viewBox="0 0 16 16" fill="none" aria-hidden>
+            <path
+              d="M8 1v9M4 7l4 4 4-4M2 12v2h12v-2"
+              stroke="currentColor"
+              strokeWidth="1.5"
+              strokeLinecap="round"
+              strokeLinejoin="round"
+            />
+          </svg>
+          {downloadLabel} (.zip)
+        </a>
+
+        <a
+          href={sha}
+          className="font-mono text-[0.7rem] uppercase tracking-wider text-ink-mute hover:text-indigo transition-colors"
+        >
+          {sha256Label} →
+        </a>
+      </div>
+
+      {/* China mirror links */}
+      <div className="mt-6">
+        <div className="eyebrow mb-2">{mirrorHeading}</div>
+        <div className="flex flex-wrap gap-3">
+          <a
+            href={ghproxy}
+            className="inline-flex items-center gap-1.5 px-3 py-2 text-xs font-mono hairline-t hairline-b hairline-l hairline-r hover:bg-paper-deep transition-colors"
+            rel="noopener noreferrer"
+            target="_blank"
+          >
+            {mirrorGhproxy}
+          </a>
+          <span className="text-xs text-ink-mute self-center">
+            {/* jsdelivr doesn't directly proxy GitHub Release assets; link to the release page instead */}
+            <a
+              href={`https://github.com/Hmbown/CodeWhale/releases/latest`}
+              className="inline-flex items-center gap-1.5 px-3 py-2 text-xs font-mono hairline-t hairline-b hairline-l hairline-r hover:bg-paper-deep transition-colors"
+              rel="noopener noreferrer"
+              target="_blank"
+            >
+              {mirrorJsdelivr}
+            </a>
+          </span>
+        </div>
+      </div>
+
+      {/* Offline callout */}
+      <div className="mt-6 px-4 py-3 bg-indigo-pale text-sm leading-relaxed">
+        <span className="font-display text-indigo mr-2">💡</span>
+        {offlineCallout}
+      </div>
+    </div>
+  );
+}

From b3c50e0c90acf3182ceacc245abef6a6b0f34800 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:06:51 -0500
Subject: [PATCH 035/283] fix(tui): let mouse capture keep history arrows on
 Windows (#1720)

* fix(tui): let mouse capture keep history arrows on Windows

* test(tui): update arrow-scroll mouse capture expectation
---
 crates/tui/src/config.rs       |  6 +++---
 crates/tui/src/tui/app.rs      | 13 +++++++++----
 crates/tui/src/tui/ui/tests.rs |  9 ++++-----
 3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 883cf8ed..060385b6 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -500,9 +500,9 @@ pub struct TuiConfig {
     /// - Unset (default) — fall back to the `[notifications]` defaults.
     pub notification_condition: Option<NotificationCondition>,
     /// When `true`, plain Up/Down on an empty composer scroll the
-    /// transcript instead of recalling input history.  Useful for
-    /// terminals that map trackpad gestures to arrow keys.  Default:
-    /// `false` (plain arrows always navigate input history, #1117).
+    /// transcript instead of recalling input history. Useful for
+    /// terminals that map mouse-wheel gestures to arrow keys. Default:
+    /// `true` only when mouse capture is off; otherwise `false`.
     #[serde(default)]
     pub composer_arrows_scroll: Option<bool>,
 }
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 0969c8f8..bcc49979 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1561,8 +1561,8 @@ fn default_composer_arrows_scroll(use_mouse_capture: bool) -> bool {
     default_composer_arrows_scroll_for_platform(use_mouse_capture, cfg!(windows))
 }
 
-fn default_composer_arrows_scroll_for_platform(use_mouse_capture: bool, is_windows: bool) -> bool {
-    is_windows || !use_mouse_capture
+fn default_composer_arrows_scroll_for_platform(use_mouse_capture: bool, _is_windows: bool) -> bool {
+    !use_mouse_capture
 }
 
 impl App {
@@ -4735,8 +4735,13 @@ mod tests {
     }
 
     #[test]
-    fn composer_arrows_scroll_default_is_true_on_windows_even_with_mouse_capture() {
-        assert!(default_composer_arrows_scroll_for_platform(true, true));
+    fn composer_arrows_scroll_default_is_false_with_mouse_capture_on_windows() {
+        assert!(!default_composer_arrows_scroll_for_platform(true, true));
+    }
+
+    #[test]
+    fn composer_arrows_scroll_default_is_true_without_mouse_capture_on_windows() {
+        assert!(default_composer_arrows_scroll_for_platform(false, true));
     }
 
     #[test]
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 2a254c67..ed3dfabc 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -5972,16 +5972,15 @@ fn composer_arrows_scroll_defaults_true_without_mouse_capture() {
 }
 
 #[test]
-fn composer_arrows_scroll_defaults_follow_platform_with_mouse_capture() {
+fn composer_arrows_scroll_defaults_false_with_mouse_capture() {
     let options = TuiOptions {
         use_mouse_capture: true,
         ..create_test_options()
     };
     let app = App::new(options, &Config::default());
-    assert_eq!(
-        app.composer_arrows_scroll,
-        cfg!(windows),
-        "arrows-scroll should default to true on Windows and false on other platforms when mouse capture is on"
+    assert!(
+        !app.composer_arrows_scroll,
+        "arrows-scroll must default to false when mouse capture is on"
     );
 }
 

From 2a41102e0cdde6994086c21bfa316066fdd3f5c4 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:08:09 -0500
Subject: [PATCH 036/283] feat: defer low-value native tools by default, reduce
 catalog tokens 73% (#2076)

---
 config.example.toml                        |   6 +
 crates/config/src/lib.rs                   |  19 +++
 crates/tui/src/config.rs                   |  47 ++++++
 crates/tui/src/core/engine.rs              |  13 +-
 crates/tui/src/core/engine/tests.rs        | 174 ++++++++++++++++++---
 crates/tui/src/core/engine/tool_catalog.rs | 100 ++++++------
 crates/tui/src/core/engine/turn_loop.rs    |   2 +-
 crates/tui/src/main.rs                     |   1 +
 crates/tui/src/runtime_threads.rs          |   1 +
 crates/tui/src/tui/ui.rs                   |   1 +
 docs/CONFIGURATION.md                      |  11 ++
 scripts/measure-tool-catalog.py            |  46 ++++++
 12 files changed, 346 insertions(+), 75 deletions(-)
 create mode 100755 scripts/measure-tool-catalog.py

diff --git a/config.example.toml b/config.example.toml
index 73c211f2..81332674 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -97,6 +97,12 @@ memory_path = "~/.deepseek/memory.md"
 # Parsed but currently unused (reserved for future versions):
 # tools_file = "./tools.json"
 
+# Native tool catalog controls (#2076). By default only the core tool surface
+# is loaded into the model context; less common native tools are discoverable
+# through ToolSearch and loaded on first use.
+# [tools]
+# always_load = ["git_show", "notify"]
+
 # ─────────────────────────────────────────────────────────────────────────────────
 # Security
 # ─────────────────────────────────────────────────────────────────────────────────
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index 039c28c7..11f8afe0 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -216,6 +216,9 @@ pub struct ConfigToml {
     pub telemetry: Option<bool>,
     pub approval_policy: Option<String>,
     pub sandbox_mode: Option<String>,
+    /// Native tool catalog controls shared with `codewhale-tui`.
+    #[serde(default)]
+    pub tools: Option<ToolsToml>,
     #[serde(default)]
     pub providers: ProvidersToml,
     /// Per-domain network policy (#135). When absent, network tools fall back
@@ -253,6 +256,14 @@ pub struct SkillsToml {
     pub max_install_size_bytes: Option<u64>,
 }
 
+/// On-disk schema for the `[tools]` table (#2076).
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct ToolsToml {
+    /// Native tool names to keep loaded outside the default core catalog.
+    #[serde(default)]
+    pub always_load: Vec<String>,
+}
+
 /// On-disk schema for the `[snapshots]` table (#137). See
 /// `config.example.toml` for documentation.
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -373,6 +384,13 @@ impl ConfigToml {
         {
             self.sandbox_mode = Some(mode);
         }
+        if project.tools.is_some() {
+            self.tools = project.tools;
+        }
+        // Provider is only overridden if explicitly set (non-default).
+        if project.provider != ProviderKind::Deepseek || has_api_key {
+            self.provider = project.provider;
+        }
 
         merge_project_provider_config(&mut self.providers.deepseek, &project.providers.deepseek);
         merge_project_provider_config(
@@ -414,6 +432,7 @@ impl ConfigToml {
             "telemetry" => self.telemetry.map(|v| v.to_string()),
             "approval_policy" => self.approval_policy.clone(),
             "sandbox_mode" => self.sandbox_mode.clone(),
+            "tools.always_load" => self.tools.as_ref().map(|tools| tools.always_load.join(",")),
             "providers.deepseek.api_key" => self.providers.deepseek.api_key.clone(),
             "providers.deepseek.base_url" => self.providers.deepseek.base_url.clone(),
             "providers.deepseek.model" => self.providers.deepseek.model.clone(),
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 060385b6..681c7c94 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -664,6 +664,15 @@ pub struct SearchConfig {
     pub api_key: Option<String>,
 }
 
+/// Model-visible tool catalog controls (`[tools]` table in config.toml).
+#[derive(Debug, Clone, Deserialize, Default)]
+pub struct ToolsConfig {
+    /// Native tool names to keep loaded even when they are outside the small
+    /// default core catalog. Unknown names are harmless and simply never match.
+    #[serde(default)]
+    pub always_load: Vec<String>,
+}
+
 /// One configurable footer item.
 ///
 /// Order in the user's `Vec<StatusItem>` is preserved: items in the left
@@ -953,6 +962,10 @@ pub struct Config {
     /// Defaults to `"max"` at runtime if unset.
     pub reasoning_effort: Option<String>,
     pub tools_file: Option<String>,
+    /// Native tool catalog controls. `tools_file` is the legacy external
+    /// schema path; this table controls built-in tool loading policy.
+    #[serde(default)]
+    pub tools: Option<ToolsConfig>,
     pub skills_dir: Option<String>,
     pub mcp_config_path: Option<String>,
     pub notes_path: Option<String>,
@@ -1305,6 +1318,22 @@ impl Config {
             .unwrap_or(false)
     }
 
+    #[must_use]
+    pub fn tools_always_load(&self) -> std::collections::HashSet<String> {
+        self.tools
+            .as_ref()
+            .map(|tools| {
+                tools
+                    .always_load
+                    .iter()
+                    .map(|name| name.trim())
+                    .filter(|name| !name.is_empty())
+                    .map(ToOwned::to_owned)
+                    .collect()
+            })
+            .unwrap_or_default()
+    }
+
     /// Load configuration from disk and merge with environment overrides.
     ///
     /// # Examples
@@ -3071,6 +3100,7 @@ fn merge_config(base: Config, override_cfg: Config) -> Config {
         auth_mode: override_cfg.auth_mode.or(base.auth_mode),
         reasoning_effort: override_cfg.reasoning_effort.or(base.reasoning_effort),
         tools_file: override_cfg.tools_file.or(base.tools_file),
+        tools: override_cfg.tools.or(base.tools),
         skills_dir: override_cfg.skills_dir.or(base.skills_dir),
         mcp_config_path: override_cfg.mcp_config_path.or(base.mcp_config_path),
         notes_path: override_cfg.notes_path.or(base.notes_path),
@@ -4089,6 +4119,23 @@ mod tests {
         assert_eq!(SearchProvider::default(), SearchProvider::Bing);
     }
 
+    #[test]
+    fn tools_always_load_parses_and_trims_names() {
+        let parsed: ConfigFile = toml::from_str(
+            r#"
+            [tools]
+            always_load = ["git_show", " notify ", ""]
+            "#,
+        )
+        .expect("tools config");
+
+        let names = parsed.base.tools_always_load();
+
+        assert!(names.contains("git_show"));
+        assert!(names.contains("notify"));
+        assert!(!names.contains(""));
+    }
+
     #[test]
     fn explicit_duckduckgo_search_provider_is_preserved() {
         let config: Config = toml::from_str(
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index 1537d87d..e45dabe3 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -7,8 +7,8 @@
 //! - Proper cancellation support
 //! - Tool execution orchestration
 
-use std::collections::HashMap;
 use std::collections::hash_map::DefaultHasher;
+use std::collections::{HashMap, HashSet};
 use std::hash::{Hash, Hasher};
 use std::path::PathBuf;
 use std::sync::{Arc, Mutex as StdMutex};
@@ -171,6 +171,9 @@ pub struct EngineConfig {
     /// once at engine construction, then threaded onto every
     /// `SubAgentRuntime` the engine builds (#1806, #1808).
     pub subagent_api_timeout: Duration,
+    /// Native tools that should stay in the model-visible catalog even when
+    /// they are outside the small default core surface (#2076).
+    pub tools_always_load: HashSet<String>,
     /// When true and `/usr/bin/bwrap` is present on Linux, route exec_shell
     /// through bubblewrap instead of relying solely on Landlock (#2184).
     #[allow(dead_code)] // Wired through ShellManager in follow-up PR
@@ -218,6 +221,7 @@ impl Default for EngineConfig {
             subagent_api_timeout: Duration::from_secs(
                 crate::config::DEFAULT_SUBAGENT_API_TIMEOUT_SECS,
             ),
+            tools_always_load: HashSet::new(),
             prefer_bwrap: false,
         }
     }
@@ -1130,7 +1134,12 @@ impl Engine {
             Vec::new()
         };
         let tools = tool_registry.as_ref().map(|registry| {
-            build_model_tool_catalog(registry.to_api_tools_with_cache(true), mcp_tools, mode)
+            build_model_tool_catalog(
+                registry.to_api_tools_with_cache(true),
+                mcp_tools,
+                mode,
+                &self.config.tools_always_load,
+            )
         });
 
         // Main turn loop
diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index e68f5fb2..6f612611 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -386,40 +386,74 @@ fn tool_exec_outcome_tracks_duration() {
 }
 
 #[test]
-fn yolo_mode_keeps_tools_preloaded() {
-    assert!(!should_default_defer_tool("exec_shell", AppMode::Yolo));
+fn core_native_tools_stay_loaded_in_yolo_mode() {
+    let always_load = HashSet::new();
     assert!(!should_default_defer_tool(
-        "mcp_read_resource",
-        AppMode::Yolo
+        "exec_shell",
+        AppMode::Yolo,
+        &always_load
+    ));
+    assert!(should_default_defer_tool(
+        "git_show",
+        AppMode::Yolo,
+        &always_load
     ));
 }
 
 #[test]
 fn non_yolo_mode_retains_default_defer_policy() {
-    // Shell tools are kept loaded in action modes so the model can verify
-    // work without an extra ToolSearch round-trip; non-action tools (e.g.
-    // MCP) still defer.
-    assert!(!should_default_defer_tool("exec_shell", AppMode::Agent));
-    assert!(should_default_defer_tool("exec_shell", AppMode::Plan));
-    assert!(!should_default_defer_tool("read_file", AppMode::Agent));
-    assert!(!should_default_defer_tool("write_file", AppMode::Agent));
+    let always_load = HashSet::new();
+    assert!(!should_default_defer_tool(
+        "exec_shell",
+        AppMode::Agent,
+        &always_load
+    ));
+    assert!(!should_default_defer_tool(
+        "edit_file",
+        AppMode::Agent,
+        &always_load
+    ));
+    assert!(!should_default_defer_tool(
+        "run_tests",
+        AppMode::Agent,
+        &always_load
+    ));
+    assert!(!should_default_defer_tool(
+        "agent_open",
+        AppMode::Agent,
+        &always_load
+    ));
+    assert!(!should_default_defer_tool(
+        "read_file",
+        AppMode::Agent,
+        &always_load
+    ));
+    assert!(!should_default_defer_tool(
+        "write_file",
+        AppMode::Agent,
+        &always_load
+    ));
     assert!(should_default_defer_tool(
-        "mcp_read_resource",
-        AppMode::Agent
+        "git_show",
+        AppMode::Agent,
+        &always_load
     ));
 }
 
 #[test]
 fn model_tool_catalog_applies_native_and_mcp_deferral() {
+    let always_load = HashSet::new();
     let catalog = build_model_tool_catalog(
         vec![
             api_tool("read_file"),
             api_tool("write_file"),
             api_tool("exec_shell"),
+            api_tool("edit_file"),
             api_tool("project_map"),
         ],
         vec![api_tool("list_mcp_resources"), api_tool("mcp_server_write")],
         AppMode::Agent,
+        &always_load,
     );
 
     let defer_loading = |name: &str| {
@@ -432,11 +466,87 @@ fn model_tool_catalog_applies_native_and_mcp_deferral() {
     assert_eq!(defer_loading("read_file"), Some(false));
     assert_eq!(defer_loading("write_file"), Some(false));
     assert_eq!(defer_loading("exec_shell"), Some(false));
+    assert_eq!(defer_loading("edit_file"), Some(false));
     assert_eq!(defer_loading("project_map"), Some(true));
     assert_eq!(defer_loading("list_mcp_resources"), Some(false));
     assert_eq!(defer_loading("mcp_server_write"), Some(true));
 }
 
+#[test]
+fn tools_always_load_overrides_default_native_deferral() {
+    let always_load = HashSet::from(["git_show".to_string()]);
+    assert!(!should_default_defer_tool(
+        "git_show",
+        AppMode::Agent,
+        &always_load
+    ));
+}
+
+#[test]
+#[ignore = "one-shot metric for scripts/measure-tool-catalog.py"]
+fn print_agent_tool_catalog_metrics() {
+    let tmp = tempdir().expect("tempdir");
+    let context = crate::tools::ToolContext::new(tmp.path().to_path_buf());
+    let client = DeepSeekClient::new(&Config {
+        api_key: Some("test-key".to_string()),
+        ..Config::default()
+    })
+    .expect("stub client");
+    let manager = crate::tools::subagent::new_shared_subagent_manager(tmp.path().to_path_buf(), 8);
+    let runtime = crate::tools::subagent::SubAgentRuntime::new(
+        client,
+        DEFAULT_TEXT_MODEL.to_string(),
+        context.clone(),
+        true,
+        None,
+        manager.clone(),
+    );
+    let registry = crate::tools::ToolRegistryBuilder::new()
+        .with_agent_tools(true)
+        .with_todo_tool(new_shared_todo_list())
+        .with_plan_tool(new_shared_plan_state())
+        .with_review_tool(None, DEFAULT_TEXT_MODEL.to_string())
+        .with_rlm_tool(None, DEFAULT_TEXT_MODEL.to_string())
+        .with_recall_archive_tool()
+        .with_notify_tool()
+        .with_subagent_tools(manager, runtime)
+        .build(context);
+    let baseline_catalog = registry.to_api_tools_with_cache(true);
+    let baseline_json = serde_json::to_vec(&baseline_catalog).expect("serialize baseline");
+
+    let always_load = HashSet::new();
+    let mut catalog = build_model_tool_catalog(
+        baseline_catalog.clone(),
+        vec![],
+        AppMode::Agent,
+        &always_load,
+    );
+    ensure_advanced_tooling(&mut catalog, AppMode::Agent, &always_load);
+    let active = initial_active_tools(&catalog);
+    let active_catalog = active_tools_for_step(&catalog, &active, false);
+    let active_json = serde_json::to_vec(&active_catalog).expect("serialize active");
+    let reduction_percent = if baseline_json.is_empty() {
+        0.0
+    } else {
+        100.0 * (baseline_json.len().saturating_sub(active_json.len())) as f64
+            / baseline_json.len() as f64
+    };
+
+    println!(
+        "TOOL_CATALOG_METRICS {}",
+        serde_json::json!({
+            "baseline_tools": baseline_catalog.len(),
+            "baseline_bytes": baseline_json.len(),
+            "baseline_tokens_est": baseline_json.len().div_ceil(4),
+            "active_tools": active_catalog.len(),
+            "active_bytes": active_json.len(),
+            "active_tokens_est": active_json.len().div_ceil(4),
+            "reduction_percent": reduction_percent,
+            "active_tool_names": active_catalog.iter().map(|tool| tool.name.as_str()).collect::<Vec<_>>(),
+        })
+    );
+}
+
 #[test]
 fn deferred_edit_file_first_use_hydrates_schema_without_execution() {
     let mut edit = api_tool("edit_file");
@@ -511,14 +621,25 @@ fn deferred_edit_file_first_use_hydrates_schema_without_execution() {
 }
 
 #[test]
-fn model_tool_catalog_keeps_everything_loaded_in_yolo_mode() {
+fn model_tool_catalog_defers_non_core_native_tools_in_yolo_mode() {
+    let always_load = HashSet::new();
     let catalog = build_model_tool_catalog(
-        vec![api_tool("project_map")],
+        vec![api_tool("read_file"), api_tool("project_map")],
         vec![api_tool("mcp_server_write")],
         AppMode::Yolo,
+        &always_load,
     );
 
-    assert!(catalog.iter().all(|tool| tool.defer_loading == Some(false)));
+    let defer_loading = |name: &str| {
+        catalog
+            .iter()
+            .find(|tool| tool.name == name)
+            .and_then(|tool| tool.defer_loading)
+    };
+
+    assert_eq!(defer_loading("read_file"), Some(false));
+    assert_eq!(defer_loading("project_map"), Some(true));
+    assert_eq!(defer_loading("mcp_server_write"), Some(false));
 }
 
 #[test]
@@ -526,6 +647,7 @@ fn model_tool_catalog_sorts_each_partition_for_prefix_cache_stability() {
     // Regression for #263: deterministic byte order of the tools array is a
     // hard requirement for DeepSeek's KV prefix cache. Built-ins stay as a
     // contiguous prefix; MCP tools follow. Within each partition: alphabetical.
+    let always_load = HashSet::new();
     let catalog = build_model_tool_catalog(
         vec![
             api_tool("read_file"),
@@ -534,6 +656,7 @@ fn model_tool_catalog_sorts_each_partition_for_prefix_cache_stability() {
         ],
         vec![api_tool("mcp_zoo_b"), api_tool("mcp_aardvark_a")],
         AppMode::Yolo,
+        &always_load,
     );
 
     let names: Vec<&str> = catalog.iter().map(|t| t.name.as_str()).collect();
@@ -588,11 +711,18 @@ fn deferred_tool_preflight_loads_edit_schema_without_executing_bad_aliases() {
             engine.config.plan_state.clone(),
         )
         .build(engine.build_tool_context(AppMode::Agent, false));
-    let catalog = build_model_tool_catalog(
+    let always_load = HashSet::new();
+    let mut catalog = build_model_tool_catalog(
         registry.to_api_tools_with_cache(true),
         vec![],
         AppMode::Agent,
+        &always_load,
     );
+    catalog
+        .iter_mut()
+        .find(|tool| tool.name == "edit_file")
+        .expect("edit_file registered")
+        .defer_loading = Some(true);
     let mut active = initial_active_tools(&catalog);
     assert!(!active.contains("edit_file"));
 
@@ -633,10 +763,12 @@ fn deferred_tool_preflight_guides_checklist_update_list_replacement() {
             engine.config.plan_state.clone(),
         )
         .build(engine.build_tool_context(AppMode::Agent, false));
+    let always_load = HashSet::new();
     let catalog = build_model_tool_catalog(
         registry.to_api_tools_with_cache(true),
         vec![],
         AppMode::Agent,
+        &always_load,
     );
     let mut active = initial_active_tools(&catalog);
     assert!(!active.contains("checklist_update"));
@@ -1726,7 +1858,8 @@ fn tool_search_activates_discovered_deferred_tools() {
             cache_control: None,
         },
     ];
-    ensure_advanced_tooling(&mut catalog, AppMode::Agent);
+    let always_load = HashSet::new();
+    ensure_advanced_tooling(&mut catalog, AppMode::Agent, &always_load);
     let mut active = initial_active_tools(&catalog);
     let result = execute_tool_search(
         TOOL_SEARCH_BM25_NAME,
@@ -1753,7 +1886,8 @@ async fn code_execution_runs_python_and_returns_result_payload() {
 #[test]
 fn plan_mode_catalog_skips_code_execution_tool_but_agent_keeps_it() {
     let mut plan_catalog = vec![api_tool("read_file")];
-    ensure_advanced_tooling(&mut plan_catalog, AppMode::Plan);
+    let always_load = HashSet::new();
+    ensure_advanced_tooling(&mut plan_catalog, AppMode::Plan, &always_load);
     assert!(
         !plan_catalog
             .iter()
@@ -1762,7 +1896,7 @@ fn plan_mode_catalog_skips_code_execution_tool_but_agent_keeps_it() {
     );
 
     let mut agent_catalog = vec![api_tool("read_file")];
-    ensure_advanced_tooling(&mut agent_catalog, AppMode::Agent);
+    ensure_advanced_tooling(&mut agent_catalog, AppMode::Agent, &always_load);
     assert!(
         agent_catalog
             .iter()
diff --git a/crates/tui/src/core/engine/tool_catalog.rs b/crates/tui/src/core/engine/tool_catalog.rs
index 3ce7cdac..c699a0a8 100644
--- a/crates/tui/src/core/engine/tool_catalog.rs
+++ b/crates/tui/src/core/engine/tool_catalog.rs
@@ -29,63 +29,48 @@ pub(super) fn is_tool_search_tool(name: &str) -> bool {
     matches!(name, TOOL_SEARCH_REGEX_NAME | TOOL_SEARCH_BM25_NAME)
 }
 
-pub(super) fn should_default_defer_tool(name: &str, mode: AppMode) -> bool {
-    if mode == AppMode::Yolo {
+pub(super) const DEFAULT_ACTIVE_NATIVE_TOOLS: &[&str] = &[
+    "agent_open",
+    "apply_patch",
+    "edit_file",
+    "exec_shell",
+    "fetch_url",
+    "file_search",
+    "git_diff",
+    "git_status",
+    "grep_files",
+    "list_dir",
+    "read_file",
+    "run_tests",
+    "web_search",
+    "write_file",
+];
+
+pub(super) fn should_default_defer_tool(
+    name: &str,
+    _mode: AppMode,
+    always_load: &HashSet<String>,
+) -> bool {
+    if always_load.contains(name) {
         return false;
     }
 
-    // Shell exec tools are kept active in Agent so the model can run
-    // verification commands (build/test/git/cargo) without first having to
-    // discover them through ToolSearch. Plan mode does not register shell
-    // execution tools.
-    let always_loaded_in_action_modes = matches!(mode, AppMode::Agent)
-        && matches!(
-            name,
-            "exec_shell"
-                | "exec_shell_wait"
-                | "exec_shell_interact"
-                | "exec_wait"
-                | "exec_interact"
-        );
-    if always_loaded_in_action_modes {
+    if is_tool_search_tool(name) {
         return false;
     }
 
-    !matches!(
-        name,
-        "read_file"
-            | "write_file"
-            | "list_dir"
-            | "grep_files"
-            | "file_search"
-            | "diagnostics"
-            | "rlm_open"
-            | "rlm_eval"
-            | "rlm_configure"
-            | "rlm_close"
-            | "rlm_session_objects"
-            | "handle_read"
-            | "recall_archive"
-            | "notify"
-            | MULTI_TOOL_PARALLEL_NAME
-            | "update_plan"
-            | "checklist_write"
-            | "todo_write"
-            | "task_create"
-            | "task_list"
-            | "task_read"
-            | "task_gate_run"
-            | "task_shell_start"
-            | "task_shell_wait"
-            | "github_issue_context"
-            | "github_pr_context"
-            | REQUEST_USER_INPUT_NAME
-    )
+    !DEFAULT_ACTIVE_NATIVE_TOOLS
+        .iter()
+        .any(|core_tool| core_tool == &name)
 }
 
-pub(super) fn apply_native_tool_deferral(catalog: &mut [Tool], mode: AppMode) {
+pub(super) fn apply_native_tool_deferral(
+    catalog: &mut [Tool],
+    mode: AppMode,
+    always_load: &HashSet<String>,
+) {
     for tool in catalog {
-        tool.defer_loading = Some(should_default_defer_tool(&tool.name, mode));
+        tool.defer_loading = Some(should_default_defer_tool(&tool.name, mode, always_load));
     }
 }
 
@@ -111,8 +96,9 @@ pub(super) fn build_model_tool_catalog(
     mut native_tools: Vec<Tool>,
     mut mcp_tools: Vec<Tool>,
     mode: AppMode,
+    always_load: &HashSet<String>,
 ) -> Vec<Tool> {
-    apply_native_tool_deferral(&mut native_tools, mode);
+    apply_native_tool_deferral(&mut native_tools, mode, always_load);
     apply_mcp_tool_deferral(&mut mcp_tools, mode);
     // Sort each partition by name for prefix-cache stability (#263). The
     // upstream `to_api_tools()` already sorts the registry's HashMap output;
@@ -126,7 +112,11 @@ pub(super) fn build_model_tool_catalog(
     native_tools
 }
 
-pub(super) fn ensure_advanced_tooling(catalog: &mut Vec<Tool>, mode: AppMode) {
+pub(super) fn ensure_advanced_tooling(
+    catalog: &mut Vec<Tool>,
+    mode: AppMode,
+    always_load: &HashSet<String>,
+) {
     // code_execution depends on a locally-installed Python interpreter
     // (python3 / python / py -3). Before v0.8.31, the tool was always
     // advertised and would fail at execution time on Windows where
@@ -150,7 +140,11 @@ pub(super) fn ensure_advanced_tooling(catalog: &mut Vec<Tool>, mode: AppMode) {
                 "required": ["code"]
             }),
             allowed_callers: Some(vec!["direct".to_string()]),
-            defer_loading: Some(false),
+            defer_loading: Some(should_default_defer_tool(
+                CODE_EXECUTION_TOOL_NAME,
+                mode,
+                always_load,
+            )),
             input_examples: None,
             strict: None,
             cache_control: None,
@@ -166,7 +160,9 @@ pub(super) fn ensure_advanced_tooling(catalog: &mut Vec<Tool>, mode: AppMode) {
         && !catalog.iter().any(|t| t.name == JS_EXECUTION_TOOL_NAME)
         && crate::dependencies::resolve_node().is_some()
     {
-        catalog.push(crate::tools::js_execution::js_execution_tool_definition());
+        let mut tool = crate::tools::js_execution::js_execution_tool_definition();
+        tool.defer_loading = Some(should_default_defer_tool(&tool.name, mode, always_load));
+        catalog.push(tool);
     }
 
     if !catalog.iter().any(|t| t.name == TOOL_SEARCH_REGEX_NAME) {
diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index 70f94f25..ca5d6b89 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -30,7 +30,7 @@ impl Engine {
         let mut context_recovery_attempts = 0u8;
         let mut tool_catalog = tools.unwrap_or_default();
         if !tool_catalog.is_empty() {
-            ensure_advanced_tooling(&mut tool_catalog, mode);
+            ensure_advanced_tooling(&mut tool_catalog, mode, &self.config.tools_always_load);
         }
         let mut active_tool_names = initial_active_tools(&tool_catalog);
         let mut loop_guard = LoopGuard::default();
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 252ea9f5..70af305b 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -5161,6 +5161,7 @@ async fn run_exec_agent(
             .and_then(|s| s.provider)
             .unwrap_or_default(),
         search_api_key: config.search.as_ref().and_then(|s| s.api_key.clone()),
+        tools_always_load: config.tools_always_load(),
     };
 
     let engine_handle = spawn_engine(engine_config, config);
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index c2fca300..49cd02d1 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1995,6 +1995,7 @@ impl RuntimeThreadManager {
                 .and_then(|s| s.provider)
                 .unwrap_or_default(),
             search_api_key: self.config.search.as_ref().and_then(|s| s.api_key.clone()),
+            tools_always_load: self.config.tools_always_load(),
         };
 
         let engine = spawn_engine(engine_cfg, &self.config);
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index dbe69d38..bf5e9e3d 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -728,6 +728,7 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
             .and_then(|s| s.provider)
             .unwrap_or_default(),
         search_api_key: config.search.as_ref().and_then(|s| s.api_key.clone()),
+        tools_always_load: config.tools_always_load(),
     }
 }
 
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index ed15c9d6..ddd7153d 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -618,6 +618,17 @@ These keys are accepted by the config loader but not currently used by the inter
 
 - `tools_file`
 
+## Tool Catalog
+
+CodeWhale loads a small core native tool catalog by default and leaves less
+common native tools discoverable through ToolSearch. To keep specific native
+tools loaded on every request, add them to `[tools].always_load`:
+
+```toml
+[tools]
+always_load = ["git_show", "notify"]
+```
+
 ## Feature Flags
 
 Feature flags live under the `[features]` table and are merged across profiles.
diff --git a/scripts/measure-tool-catalog.py b/scripts/measure-tool-catalog.py
new file mode 100755
index 00000000..c5b40367
--- /dev/null
+++ b/scripts/measure-tool-catalog.py
@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+"""Measure serialized tool catalog size before and after default deferral.
+
+This delegates catalog construction to an ignored Rust test so the measurement
+uses the same tool definitions, JSON serialization, and deferral policy as the
+runtime. Token counts are deterministic estimates using ceil(serialized_bytes/4).
+"""
+
+from __future__ import annotations
+
+import json
+import subprocess
+import sys
+
+
+MARKER = "TOOL_CATALOG_METRICS "
+
+
+def main() -> int:
+    cmd = [
+        "cargo",
+        "test",
+        "-p",
+        "codewhale-tui",
+        "print_agent_tool_catalog_metrics",
+        "--",
+        "--ignored",
+        "--nocapture",
+        "--test-threads=1",
+    ]
+    proc = subprocess.run(cmd, text=True, capture_output=True, check=False)
+    sys.stderr.write(proc.stderr)
+
+    for line in proc.stdout.splitlines():
+        if MARKER in line:
+            metrics = json.loads(line.split(MARKER, 1)[1])
+            print(json.dumps(metrics, indent=2, sort_keys=True))
+            return proc.returncode
+
+    sys.stdout.write(proc.stdout)
+    sys.stderr.write("missing TOOL_CATALOG_METRICS marker\n")
+    return proc.returncode or 1
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

From 6bd702d6a6ad54299f1af40705d9df0774e6e141 Mon Sep 17 00:00:00 2001
From: hongqitai <hongqitai@foxmail.com>
Date: Tue, 26 May 2026 23:09:56 +0800
Subject: [PATCH 037/283] =?UTF-8?q?test(settings):=20handle=20TERM=5FPROGR?=
 =?UTF-8?q?AM=20env=20var=20in=20no=5Fanimations=5Fenv=5Freco=E2=80=A6=20(?=
 =?UTF-8?q?#2171)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* test(settings): handle TERM_PROGRAM env var in no_animations_env_recognises_truthy_spellings_only

Clear and restore TERM_PROGRAM environment variable during tests
to prevent low_motion being forced in vscode, ghostty and Termius.

* test(settings): handle other environment variables that can independently force low_motion in no_animations_env_recognises_truthy_spellings_only

---------

Co-authored-by: hqt <you@example.com>
---
 crates/tui/src/settings.rs | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/crates/tui/src/settings.rs b/crates/tui/src/settings.rs
index 252fdc7e..1a92ef2f 100644
--- a/crates/tui/src/settings.rs
+++ b/crates/tui/src/settings.rs
@@ -1316,15 +1316,28 @@ mod tests {
         let prev_wt_session = std::env::var_os("WT_SESSION");
         let prev_tmux = std::env::var_os("TMUX");
         let prev_sty = std::env::var_os("STY");
+        let prev_term_program = std::env::var_os("TERM_PROGRAM");
+        let prev_ssh_client = std::env::var_os("SSH_CLIENT");
+        let prev_ssh_tty = std::env::var_os("SSH_TTY");
+        let prev_tilix_id = std::env::var_os("TILIX_ID");
+        let prev_terminator_uuid = std::env::var_os("TERMINATOR_UUID");
+
         // The test is about NO_ANIMATIONS only. On Windows CI, an unmarked
         // console host now independently enables low_motion, so mark the host
         // as non-legacy while checking falsy spellings.
         // Clear multiplexer markers for the same reason: they also force
         // low_motion independently of NO_ANIMATIONS.
+        // Clear TERM_PROGRAM, SSH, and other terminal-specific variables as they
+        // also force low_motion independently of NO_ANIMATIONS.
         // SAFETY: serialised by the guard.
         unsafe {
             std::env::remove_var("TMUX");
             std::env::remove_var("STY");
+            std::env::remove_var("TERM_PROGRAM");
+            std::env::remove_var("SSH_CLIENT");
+            std::env::remove_var("SSH_TTY");
+            std::env::remove_var("TILIX_ID");
+            std::env::remove_var("TERMINATOR_UUID");
         }
         #[cfg(windows)]
         unsafe {
@@ -1363,6 +1376,26 @@ mod tests {
                 Some(v) => std::env::set_var("STY", v),
                 None => std::env::remove_var("STY"),
             }
+            match prev_term_program {
+                Some(v) => std::env::set_var("TERM_PROGRAM", v),
+                None => std::env::remove_var("TERM_PROGRAM"),
+            }
+            match prev_ssh_client {
+                Some(v) => std::env::set_var("SSH_CLIENT", v),
+                None => std::env::remove_var("SSH_CLIENT"),
+            }
+            match prev_ssh_tty {
+                Some(v) => std::env::set_var("SSH_TTY", v),
+                None => std::env::remove_var("SSH_TTY"),
+            }
+            match prev_tilix_id {
+                Some(v) => std::env::set_var("TILIX_ID", v),
+                None => std::env::remove_var("TILIX_ID"),
+            }
+            match prev_terminator_uuid {
+                Some(v) => std::env::set_var("TERMINATOR_UUID", v),
+                None => std::env::remove_var("TERMINATOR_UUID"),
+            }
         }
     }
 

From 7c0e2428955f31473b8362ae718db1b652c93ea0 Mon Sep 17 00:00:00 2001
From: dongchao <2193993758@qq.com>
Date: Tue, 26 May 2026 23:10:01 +0800
Subject: [PATCH 038/283] fix(edit_file): always retry fuzzy fallback on first
 search miss (#2154)

---
 crates/tui/src/tools/file.rs | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/crates/tui/src/tools/file.rs b/crates/tui/src/tools/file.rs
index 2ec2fe9b..b3cad625 100644
--- a/crates/tui/src/tools/file.rs
+++ b/crates/tui/src/tools/file.rs
@@ -496,7 +496,7 @@ impl ToolSpec for EditFileTool {
     }
 
     fn description(&self) -> &'static str {
-        "Replace text in a single file via exact search/replace. Use this instead of `sed -i` in `exec_shell` for one unambiguous in-place edit. `search` matches exactly by default, including whitespace and indentation; set `fuzz: true` to tolerate leading-indentation differences. Returns a compact unified diff, not the full file. For structural, multi-block, or cross-file changes, use `apply_patch` or `write_file` instead."
+        "Replace text in a single file via exact search/replace. Use this instead of `sed -i` in `exec_shell` for one unambiguous in-place edit. `search` matches exactly by default; when no exact match is found the tool retries with leading-whitespace-tolerant fuzzy matching automatically. The optional `fuzz` parameter is accepted for backward compatibility and is no longer needed. Returns a compact unified diff, not the full file. For structural, multi-block, or cross-file changes, use `apply_patch` or `write_file` instead."
     }
 
     fn input_schema(&self) -> Value {
@@ -517,7 +517,7 @@ impl ToolSpec for EditFileTool {
                 },
                 "fuzz": {
                     "type": "boolean",
-                    "description": "When true, tolerate leading whitespace differences on each searched line (default false)"
+                    "description": "Deprecated: fuzzy fallback is now automatic. Accepted for backward compatibility but ignored."
                 }
             },
             "required": ["path", "search", "replace"]
@@ -555,7 +555,7 @@ impl ToolSpec for EditFileTool {
         })?;
 
         let count = contents.matches(search).count();
-        let (updated, count, fuzz_kind) = if count == 0 && fuzz {
+        let (updated, count, fuzz_kind) = if count == 0 {
             // First fallback: tolerate indentation differences.
             let indent_matches = leading_whitespace_fuzzy_matches(&contents, search);
             match indent_matches.as_slice() {
@@ -600,11 +600,6 @@ impl ToolSpec for EditFileTool {
                     )));
                 }
             }
-        } else if count == 0 {
-            return Err(ToolError::execution_failed(format!(
-                "Search string not found in {}",
-                file_path.display()
-            )));
         } else {
             (contents.replace(search, replace), count, None)
         };

From 5fcc460c336b8df5effca8d2d1f37844cce50ab0 Mon Sep 17 00:00:00 2001
From: dongchao <2193993758@qq.com>
Date: Tue, 26 May 2026 23:10:06 +0800
Subject: [PATCH 039/283] fix(runtime): truncate assistant summary on UTF-8
 char boundary to prevent CJK panic (#2167)

---
 crates/tui/src/runtime_threads.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 49cd02d1..23cad864 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1434,7 +1434,7 @@ impl RuntimeThreadManager {
 
             if let Some(assistant_text) = assistant_text {
                 let asst_summary = if assistant_text.len() > SUMMARY_LIMIT {
-                    format!("{}...", &assistant_text[..SUMMARY_LIMIT.saturating_sub(3)])
+                    crate::utils::truncate_with_ellipsis(&assistant_text, SUMMARY_LIMIT, "...")
                 } else {
                     assistant_text.clone()
                 };

From 99b3d17ddfda8ef4cbec593f3b2570559a4f0aa7 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:10:53 -0500
Subject: [PATCH 040/283] docs: correct sub-agent event and OS sandboxing
 claims in all READMEs

---
 README.ja-JP.md | 4 ++--
 README.md       | 8 ++++----
 README.zh-CN.md | 8 ++++----
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.ja-JP.md b/README.ja-JP.md
index 9916ec32..f5db5dad 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -73,13 +73,13 @@ DeepSeek V4 はこのハーネスの一部を書くのを手伝いました。
 
 **憲法的階層。** システムプロンプトは法の抵触エンジンです。ユーザーの意図は古いメモリより上。ライブの証拠は仮定より上。検証は自信より上。各ターンは明確な権限チェーンを継承するので、モデルはどの指示に従うべきか推測する必要がありません。
 
-**構造化された信頼。** ハードな境界を持つ3つのモード——Plan（読み取り専用）、Agent（承認ゲート付き）、YOLO（信頼済みワークスペースで自動承認）。OS レベルのサンドボックスが境界を支えます：macOS の Seatbelt、Linux の Landlock、Windows の Job Objects。危険なコマンドはモードに関係なく分類・ゲート制御されます。
+**構造化された信頼。** ハードな境界を持つ3つのモード——Plan（読み取り専用）、Agent（承認ゲート付き）、YOLO（信頼済みワークスペースで自動承認）。OS レベルのサンドボックスが境界を支えます。macOS Seatbelt はアクティブな適用パスです。Linux Landlock は検出されますが（カーネル 5.13+）現在は適用されていません。Windows サンドボックスはまだ公開されていません。危険なコマンドはモードに関係なく分類・ゲート制御されます。
 
 **フィードバックの鼓動。** 失敗したコマンド、失敗したテスト、LSP 診断——これらは行き止まりではありません。モデルがチューニングできる信号です。非ゼロの終了コードは情報です。型エラーは修正ベクトルです。ハーネスは失敗を読み取り可能にし、ユーザーが常に舵を取り直さなくてもモデルが回復できるようにします。
 
 **継続性。** メモリはセッションをまたいで持続します。ハンドオフはコンテキスト圧縮後も生存します。セッションは保存・再開・兄弟パスへのフォークが可能です。次の知性——人間であれ機械であれ——が、すでに学ばれたことを再発見する必要なく、前回の中断点から引き継ぎます。
 
-**分散作業。** サブエージェントが並行実行、一度に最大 20。`agent_open` は即座に戻り、親は作業を続けます。結果は構造化された完了イベントとして到着し、境界付きハンドルで——完全なトランスクリプトで親コンテキストを埋める必要はありません。[docs/SUBAGENTS.md](docs/SUBAGENTS.md) を参照。
+**分散作業。** サブエージェントが並行実行、一度に最大 20。`agent_open` は即座に戻り、親は作業を続けます。結果は完了センチネルとしてインラインで到着し、サマリー付き。完全なトランスクリプトは `agent_eval` から取得可能な境界付きハンドルに保持されます。[docs/SUBAGENTS.md](docs/SUBAGENTS.md) を参照。
 
 **適正な知性。** Fin——thinking off の安価な Flash——がモデル自動ルーティング、RLM 子呼び出し、要約、調整を処理します。Pro はアーキテクチャ、デバッグ、セキュリティレビューに使用。`--model auto` がターンごとにモデルと思考レベルを選択します。各問題に適切な量の知性を。
 
diff --git a/README.md b/README.md
index c3fd6722..827e8975 100644
--- a/README.md
+++ b/README.md
@@ -85,13 +85,13 @@ DeepSeek V4 helped write parts of this harness. That matters because it means Co
 
 **Constitutional hierarchy.** The system prompt is a conflict-of-laws engine. User intent outranks stale memory. Live evidence outranks assumptions. Verification outranks confidence. Every turn inherits a clear chain of authority, so the model never has to guess which instruction to follow.
 
-**Structured trust.** Three modes with hard boundaries — Plan (read-only), Agent (approval-gated), YOLO (auto-approved in trusted workspaces). OS-level sandboxing backs the boundaries: Seatbelt on macOS, Landlock on Linux, Job Objects on Windows. Dangerous commands are classified and gated regardless of mode.
+**Structured trust.** Three modes with hard boundaries — Plan (read-only), Agent (approval-gated), YOLO (auto-approved in trusted workspaces). OS-level sandboxing backs the boundaries: macOS Seatbelt is the active enforcement path. Linux Landlock support is detected (kernel 5.13+) but not yet enforced; Windows sandboxing is not yet advertised. Dangerous commands are classified and gated regardless of mode.
 
 **Feedback beats.** Failed commands, failing tests, LSP diagnostics — these are not dead ends. They are signals the model can tune against. A non-zero exit code is information. A type error is a correction vector. The harness makes failure legible so the model can recover without the user constantly re-steering.
 
 **Continuity.** Memory persists across sessions. Handoffs survive context compaction. Sessions can be saved, resumed, and forked into sibling paths. The next intelligence — human or machine — picks up where the last one left off without having to re-discover what was already learned.
 
-**Distributed work.** Sub-agents run concurrently, up to 20 at a time. `agent_open` returns immediately so the parent keeps working. Results arrive as structured completion events with bounded handles — no need to flood the parent context with full transcripts. See [docs/SUBAGENTS.md](docs/SUBAGENTS.md).
+**Distributed work.** Sub-agents run concurrently, up to 20 at a time. `agent_open` returns immediately so the parent keeps working. Results arrive inline as completion sentinels with a summary; full transcripts stay behind bounded handles retrievable through `agent_eval`. See [docs/SUBAGENTS.md](docs/SUBAGENTS.md).
 
 **Right-size intelligence.** Fin — cheap Flash with thinking off — handles model auto-routing, RLM child calls, summaries, and coordination. Pro engages for architecture, debugging, and security review. `--model auto` selects both the model and thinking level per turn. The right amount of intelligence for each problem.
 
@@ -115,8 +115,8 @@ CodeWhale can dispatch multiple sub-agents that run in parallel — like a concu
 
 - **Non-blocking launch.** `agent_open` returns immediately. The child gets its own fresh context and tool registry and runs independently. The parent keeps working.
 - **Background execution.** Sub-agents execute concurrently (default cap: 10, configurable to 20). The engine manages the pool — no polling loop needed.
-- **Completion notification.** When a sub-agent finishes, the runtime delivers a structured `<codewhale:subagent.done>` event with a summary, evidence list, and execution metrics. The parent model reads the `summary` field and integrates findings.
-- **Bounded result retrieval.** Large transcripts are parked behind `var_handle` references. The model calls `handle_read` for slices, ranges, or JSONPath projections — keeping the parent context lean.
+- **Completion notification.** When a sub-agent finishes, the runtime injects a `<codewhale:subagent.done>` sentinel into the parent's transcript. The human-readable summary — including the child's findings, changed files, and any risks — sits on the line immediately before the sentinel. The parent model reads that summary and integrates findings without an extra tool call.
+- **Bounded result retrieval.** The full child transcript lives behind a `transcript_handle` accessible through `agent_eval`. When the summary isn't enough, the parent calls `handle_read` for slices, line ranges, or JSONPath projections — keeping the parent context lean without losing access to the details.
 
 See [docs/SUBAGENTS.md](docs/SUBAGENTS.md) for the full sub-agent reference.
 
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 2087f223..1134887c 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -80,13 +80,13 @@ DeepSeek V4 参与了这套框架的部分编写。这很重要——它意味
 
 **宪政层级。** 系统提示词是一个冲突法引擎。用户意图优先于陈旧记忆。实时证据优先于假设。验证优先于自信。每一轮继承清晰的权威链，模型永远不需要猜测该服从哪条指令。
 
-**结构化信任。** 三种模式，硬边界——Plan（只读）、Agent（审批门控）、YOLO（可信工作区自动批准）。OS 级沙箱支撑边界：macOS 的 Seatbelt、Linux 的 Landlock、Windows 的 Job Objects。危险命令无论在哪种模式下都被分类和门控。
+**结构化信任。** 三种模式，硬边界——Plan（只读）、Agent（审批门控）、YOLO（可信工作区自动批准）。OS 级沙箱支撑边界。macOS Seatbelt 是主动执行的沙箱路径。Linux Landlock 可被检测（内核 5.13+）但当前未实际执行；Windows 沙箱尚未开放。危险命令无论在哪种模式下都被分类和门控。
 
 **反馈节拍。** 失败的命令、失败的测试、LSP 诊断——这些不是死胡同。它们是模型可以调谐的信号。非零退出码是信息。类型错误是修正向量。框架让失败变得可读，模型可以在用户不必不断重新掌舵的情况下恢复。
 
 **连续性。** 记忆跨会话持久化。交接在上下文压缩后存活。会话可以保存、恢复和分叉到兄弟路径。下一位智能体——人或机器——从上一位置继续，无需重新发现已经学到的东西。
 
-**分布式工作。** 子智能体并发运行，一次最多 20 个。`agent_open` 立即返回，父进程继续工作。结果以结构化完成事件形式到达，带有有界句柄——无需用完整对话记录淹没父上下文。详见 [docs/SUBAGENTS.md](docs/SUBAGENTS.md)。
+**分布式工作。** 子智能体并发运行，一次最多 20 个。`agent_open` 立即返回，父进程继续工作。结果以内联完成哨兵形式到达，携带摘要；完整对话记录可通过 `agent_eval` 的有界句柄读取。详见 [docs/SUBAGENTS.md](docs/SUBAGENTS.md)。
 
 **适度智能。** Fin——关闭思考的廉价 Flash——处理模型自动路由、RLM 子调用、摘要和协调。Pro 用于架构、调试和安全审查。`--model auto` 每轮选择模型和思考强度。每个问题匹配恰当的智能量。
 
@@ -110,8 +110,8 @@ codewhale 可以同时调度多个子智能体并行运行——类似于并发
 
 - **非阻塞启动。** `agent_open` 立即返回。子智能体获得独立的上下文和工具注册表，独立运行。父进程继续工作。
 - **后台执行。** 子智能体并发运行（默认上限 10，可配置至 20）。引擎管理线程池——无需轮询循环。
-- **完成通知。** 子智能体完成后，运行时发送结构化的 `<codewhale:subagent.done>` 事件，包含摘要、证据列表和执行指标。父模型读取 `summary` 字段并整合结果。
-- **按需读取结果。** 大型对话记录暂存为 `var_handle` 引用。模型通过 `handle_read` 按切片、范围或 JSONPath 投影读取——保持父上下文精简。
+- **完成通知。** 子智能体完成后，运行时向父对话注入 `<codewhale:subagent.done>` 哨兵。人类可读的摘要（包含子智能体的发现、变更文件和风险）位于哨兵的紧前一行。父模型读取该摘要并整合结果，无需额外工具调用。
+- **按需读取结果。** 完整子对话记录通过 `agent_eval` 获取的 `transcript_handle` 暂存。摘要不够时，父进程通过 `handle_read` 按切片、行范围或 JSONPath 投影读取——保持父上下文精简而不丢失细节。
 
 详见 [docs/SUBAGENTS.md](docs/SUBAGENTS.md)。
 

From 9f5c552ae16bc919cb006fc5a24ca31ba7929823 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:26:54 -0500
Subject: [PATCH 041/283] =?UTF-8?q?docs:=20rewrite=20harness=20section=20?=
 =?UTF-8?q?=E2=80=94=20Constitution=20as=20jurisdiction,=20prefix-cache=20?=
 =?UTF-8?q?open-book=20test?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the feature-grid format with a narrative that leads with the
core problem the harness solves: conflicting information at scale.
Frame the Constitution as a formal jurisdiction framework (LLM-as-judge),
describe V4's prefix caching as what makes recursive constitutional
reference practical (open-book test, not closed-book), and explain that
the explicit authority structure enables honest failure feedback.

Cut: memory/handoffs (table stakes), /statusline chip (internal),
theme picker, desktop notifications (clutter).
---
 README.ja-JP.md | 20 ++++++++++---------
 README.md       | 53 ++++++++++++++++++++++++++++++++++++++++---------
 README.zh-CN.md | 20 ++++++++++---------
 3 files changed, 66 insertions(+), 27 deletions(-)

diff --git a/README.ja-JP.md b/README.ja-JP.md
index f5db5dad..436d3a8c 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -71,23 +71,25 @@ DeepSeek V4 はこのハーネスの一部を書くのを手伝いました。
 
 ### ハーネスの仕組み
 
-**憲法的階層。** システムプロンプトは法の抵触エンジンです。ユーザーの意図は古いメモリより上。ライブの証拠は仮定より上。検証は自信より上。各ターンは明確な権限チェーンを継承するので、モデルはどの指示に従うべきか推測する必要がありません。
+エージェントモデルは大規模な相反する情報を扱います：ユーザーの意図、プロジェクトルール、システムデフォルト、ツール出力、古いメモリが単一ターンで権威を競い合います。LLM が裁判官として機能するには管轄権が必要です——衝突したとき、どの情報源が勝つのか？
 
-**構造化された信頼。** ハードな境界を持つ3つのモード——Plan（読み取り専用）、Agent（承認ゲート付き）、YOLO（信頼済みワークスペースで自動承認）。OS レベルのサンドボックスが境界を支えます。macOS Seatbelt はアクティブな適用パスです。Linux Landlock は検出されますが（カーネル 5.13+）現在は適用されていません。Windows サンドボックスはまだ公開されていません。危険なコマンドはモードに関係なく分類・ゲート制御されます。
+CodeWhale は**憲法**（`prompts/base.md`）でこれに答えます。これは形式化された法の階層です——第七条は憲法自体の条項から前セッションのハンドオフまで、9 つの情報源をランク付けします。ユーザーの現在のメッセージは古いプロジェクト指示より上。ライブのツール出力は仮定より上。検証は自信より上。モデルは毎ターン明確な権威チェーンを継承し、どの指示に従うべきか推測する必要がありません。
 
-**フィードバックの鼓動。** 失敗したコマンド、失敗したテスト、LSP 診断——これらは行き止まりではありません。モデルがチューニングできる信号です。非ゼロの終了コードは情報です。型エラーは修正ベクトルです。ハーネスは失敗を読み取り可能にし、ユーザーが常に舵を取り直さなくてもモデルが回復できるようにします。
+7 つの条項が階層の上にあり、モデルのアイデンティティ、義務、エージェンシーを定義します：検証義務（第5条——すべての行動は証拠を残し、信念で成功を宣言しない）、協調の遺産（第6条——次の知性のためにワークスペースを可読に保つ）、真実優先条項（第2条——下位のルールで上書きできない）。
 
-**継続性。** メモリはセッションをまたいで持続します。ハンドオフはコンテキスト圧縮後も生存します。セッションは保存・再開・兄弟パスへのフォークが可能です。次の知性——人間であれ機械であれ——が、すでに学ばれたことを再発見する必要なく、前回の中断点から引き継ぎます。
+DeepSeek V4 のプレフィックスキャッシュがこれを実用的にします。憲法は長く詳細ですが、一度キャッシュされるとコールドリードの約 100 分の 1 のコストになります。モデルはそれを再帰的に参照し——RLM セッションを通じて覗き、スキャンし、クエリし——単一の暗記パスに頼るのではなく、必要に応じて情報を再訪します。それは閉じた本のテストよりも、開いた本のテストのように機能します。
 
-**分散作業。** サブエージェントが並行実行、一度に最大 20。`agent_open` は即座に戻り、親は作業を続けます。結果は完了センチネルとしてインラインで到着し、サマリー付き。完全なトランスクリプトは `agent_eval` から取得可能な境界付きハンドルに保持されます。[docs/SUBAGENTS.md](docs/SUBAGENTS.md) を参照。
+権威構造が明示的であるため、失敗は隠されません。非ゼロの終了コード、ターン間に届く rust-analyzer からの型エラー、サンドボックス拒否——これらは修正ベクトルとしてフィードバックされます。モデルは自身のドリフトを使って自己修正します。
 
-**適正な知性。** Fin——thinking off の安価な Flash——がモデル自動ルーティング、RLM 子呼び出し、要約、調整を処理します。Pro はアーキテクチャ、デバッグ、セキュリティレビューに使用。`--model auto` がターンごとにモデルと思考レベルを選択します。各問題に適切な量の知性を。
+3 つのモードが行動空間を制御します。Plan は読み取り専用。Agent は破壊的操作を承認ゲートの背後に置きます。YOLO は信頼済みワークスペースで自動承認します。macOS Seatbelt はアクティブなサンドボックス；Linux Landlock は検出されるが未適用；Windows サンドボックスは未公開。
 
-**長期注意の経済学。** 100 万トークンのコンテキストウィンドウとプレフィックスキャッシュテレメトリ。キャッシュヒットはミスより約 100 倍安価。`/statusline` チップがプレフィックス安定性をリアルタイムで表示し、変更がキャッシュ予算を破壊しようとしているのが見えます。
+Fin——thinking off の安価な Flash 呼び出し——がターンごとにモデル自動ルーティングを処理します。`--model auto` がデフォルトです。
 
-**回復付きの自由。** 毎ターンの side-git スナップショット（リポジトリの `.git` には触れません）。`/restore` と `revert_turn` でワークスペースを即座にロールバック。危険な操作は OS レベルでサンドボックス化。モデルに試させることができます。
+毎ターン side-git スナップショットをリポジトリの `.git` 外に記録。`/restore` と `revert_turn` がワークスペースを即座にロールバックします。
 
-その他の機能面：**RLM セッション**（`peek`、`search`、`chunk`、`sub_query_batch` ヘルパー付きのバッチ分析用永続 Python REPL）、**LSP 診断**（編集ごとの rust-analyzer、pyright、tsserver、gopls、clangd からのインラインエラー）、**MCP プロトコル**、**HTTP/SSE ランタイム API**、再起動を超えて存続する**永続タスクキュー**、Zed や他のエディタ向け **ACP アダプター**、**SWE-bench エクスポート**、**インストール可能なスキル**、**テーマピッカー**、**デスクトップ通知**、キャッシュヒット/ミス内訳付きの**ライブコスト追跡**。
+サブエージェントは並行実行（最大 20）。`agent_open` は即座に戻り；結果は完了センチネルとしてインラインで到着し、サマリー付き。完全なトランスクリプトは `agent_eval` を通じて境界付きハンドルに保持されます。[docs/SUBAGENTS.md](docs/SUBAGENTS.md) を参照。
+
+その他の機能面：編集ごとの LSP 診断（rust-analyzer、pyright、typescript-language-server、gopls、clangd）、バッチ分析用 RLM セッション、MCP プロトコル、HTTP/SSE ランタイム API、永続タスクキュー、Zed 向け ACP アダプター、SWE-bench エクスポート、キャッシュヒット/ミス内訳付きライブコスト追跡。
 
 ---
 
diff --git a/README.md b/README.md
index 827e8975..6724c09b 100644
--- a/README.md
+++ b/README.md
@@ -83,23 +83,58 @@ DeepSeek V4 helped write parts of this harness. That matters because it means Co
 
 ### How the harness works
 
-**Constitutional hierarchy.** The system prompt is a conflict-of-laws engine. User intent outranks stale memory. Live evidence outranks assumptions. Verification outranks confidence. Every turn inherits a clear chain of authority, so the model never has to guess which instruction to follow.
+Agentic models deal with conflicting information at scale: user intent,
+project rules, system defaults, tool output, and stale memory all compete
+for authority in a single turn. LLM-as-a-judge needs jurisdiction — which
+source wins when they disagree?
 
-**Structured trust.** Three modes with hard boundaries — Plan (read-only), Agent (approval-gated), YOLO (auto-approved in trusted workspaces). OS-level sandboxing backs the boundaries: macOS Seatbelt is the active enforcement path. Linux Landlock support is detected (kernel 5.13+) but not yet enforced; Windows sandboxing is not yet advertised. Dangerous commands are classified and gated regardless of mode.
+CodeWhale answers this with a **Constitution** (`prompts/base.md`). It's a
+formal hierarchy of law — Article VII ranks nine sources from the
+Constitution's own articles down to prior-session handoffs. The user's
+current message outranks stale project instructions. Live tool output
+outranks assumptions. Verification outranks confidence. The model inherits
+a clear chain of authority every turn and never has to guess which
+directive to follow.
 
-**Feedback beats.** Failed commands, failing tests, LSP diagnostics — these are not dead ends. They are signals the model can tune against. A non-zero exit code is information. A type error is a correction vector. The harness makes failure legible so the model can recover without the user constantly re-steering.
+Seven articles sit above the hierarchy, defining the model's identity,
+duties, and agency: a verification mandate (Article V — every action leaves
+evidence, never declare success on faith), a coordination legacy (Article
+VI — leave the workspace legible for the next intelligence), and a
+primacy-of-truth clause (Article II — no lower rule may override it).
 
-**Continuity.** Memory persists across sessions. Handoffs survive context compaction. Sessions can be saved, resumed, and forked into sibling paths. The next intelligence — human or machine — picks up where the last one left off without having to re-discover what was already learned.
+DeepSeek V4's prefix caching makes this practical. The Constitution is long
+and detailed, but once cached it costs roughly 100× less per turn than a
+cold read. The model references it recursively — peeking, scanning, and
+querying through RLM sessions — revisiting information on demand rather
+than relying on a single memorized pass. It performs more like an
+open-book test than a closed one.
 
-**Distributed work.** Sub-agents run concurrently, up to 20 at a time. `agent_open` returns immediately so the parent keeps working. Results arrive inline as completion sentinels with a summary; full transcripts stay behind bounded handles retrievable through `agent_eval`. See [docs/SUBAGENTS.md](docs/SUBAGENTS.md).
+Because the authority structure is explicit, failure isn't hidden. Non-zero
+exit codes, type errors from rust-analyzer arriving between turns, sandbox
+denials — these are fed back as correction vectors. The model uses its own
+drift to self-correct.
 
-**Right-size intelligence.** Fin — cheap Flash with thinking off — handles model auto-routing, RLM child calls, summaries, and coordination. Pro engages for architecture, debugging, and security review. `--model auto` selects both the model and thinking level per turn. The right amount of intelligence for each problem.
+Three modes control the action space. Plan is read-only. Agent gates
+destructive operations behind approval. YOLO auto-approves in trusted
+workspaces. macOS Seatbelt is the active sandbox; Linux Landlock is
+detected but not yet enforced; Windows sandboxing is not yet advertised.
 
-**Long-horizon attention economics.** 1M-token context window with prefix-cache telemetry. Cache hits cost roughly 100× less than misses. A `/statusline` chip shows prefix stability in real time so you can see when a change is about to bust the cache budget.
+Fin — a cheap Flash call with thinking off — handles model auto-routing per
+turn. `--model auto` is the default.
 
-**Freedom with recovery.** Every turn records a side-git snapshot that doesn't touch your repo's `.git`. `/restore` and `revert_turn` roll back the workspace instantly. Dangerous operations are sandboxed at the OS level. You can let the model try things.
+Every turn records a side-git snapshot outside your repo's `.git`.
+`/restore` and `revert_turn` roll back the workspace.
 
-The rest of the surface: **RLM sessions** (persistent Python REPL for batched analysis with `peek`, `search`, `chunk`, and `sub_query_batch` helpers), **LSP diagnostics** (inline errors from rust-analyzer, pyright, tsserver, gopls, clangd after every edit), **MCP protocol**, **HTTP/SSE runtime API**, **persistent task queue** that survives restarts, **ACP adapter** for Zed and other editors, **SWE-bench export**, **installable skills**, **theme picker**, **desktop notifications**, and **live cost tracking** with cache hit/miss breakdowns.
+Sub-agents run concurrently (up to 20). `agent_open` returns immediately;
+results arrive inline as completion sentinels with a summary. Full
+transcripts stay behind bounded handles through `agent_eval`. See
+[docs/SUBAGENTS.md](docs/SUBAGENTS.md).
+
+The rest of the surface: LSP diagnostics after every edit (rust-analyzer,
+pyright, typescript-language-server, gopls, clangd), RLM sessions for
+batched analysis, MCP protocol, HTTP/SSE runtime API, persistent task
+queue, ACP adapter for Zed, SWE-bench export, and live cost tracking with
+cache hit/miss breakdowns.
 
 ---
 
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 1134887c..f46f4a8d 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -78,23 +78,25 @@ DeepSeek V4 参与了这套框架的部分编写。这很重要——它意味
 
 ### 框架如何工作
 
-**宪政层级。** 系统提示词是一个冲突法引擎。用户意图优先于陈旧记忆。实时证据优先于假设。验证优先于自信。每一轮继承清晰的权威链，模型永远不需要猜测该服从哪条指令。
+智能体模型面临大规模的冲突信息：用户意图、项目规则、系统默认值、工具输出和陈旧记忆在单轮对话中争夺权威。LLM 作为裁判需要管辖权——当它们冲突时，哪个来源胜出？
 
-**结构化信任。** 三种模式，硬边界——Plan（只读）、Agent（审批门控）、YOLO（可信工作区自动批准）。OS 级沙箱支撑边界。macOS Seatbelt 是主动执行的沙箱路径。Linux Landlock 可被检测（内核 5.13+）但当前未实际执行；Windows 沙箱尚未开放。危险命令无论在哪种模式下都被分类和门控。
+CodeWhale 用一部**宪法**（`prompts/base.md`）来回答这个问题。它是一个形式化的法律层级——第七条将九个来源从宪法本身的条款排到前序会话的交接记录。用户当前消息优先于陈旧的项目指令。实时工具输出优先于假设。验证优先于自信。模型每轮继承清晰的权威链，永远不需要猜测该服从哪条指令。
 
-**反馈节拍。** 失败的命令、失败的测试、LSP 诊断——这些不是死胡同。它们是模型可以调谐的信号。非零退出码是信息。类型错误是修正向量。框架让失败变得可读，模型可以在用户不必不断重新掌舵的情况下恢复。
+七条条款位于层级之上，定义模型的身份、职责和能动性：验证强制（第五条——每个行动留下证据，绝不凭信念宣告成功）、协作遗产（第六条——让工作区对下一位智能体保持可读）、以及真相优先条款（第二条——任何下级规则不得覆盖它）。
 
-**连续性。** 记忆跨会话持久化。交接在上下文压缩后存活。会话可以保存、恢复和分叉到兄弟路径。下一位智能体——人或机器——从上一位置继续，无需重新发现已经学到的东西。
+DeepSeek V4 的前缀缓存使其可行。宪法篇幅长且详细，但一旦缓存，每轮成本约为冷读取的百分之一。模型递归引用它——通过 RLM 会话窥视、扫描和查询——按需重访信息，而非依赖单次记忆读取。它的表现更像是开卷考试而非闭卷考试。
 
-**分布式工作。** 子智能体并发运行，一次最多 20 个。`agent_open` 立即返回，父进程继续工作。结果以内联完成哨兵形式到达，携带摘要；完整对话记录可通过 `agent_eval` 的有界句柄读取。详见 [docs/SUBAGENTS.md](docs/SUBAGENTS.md)。
+因为权威结构是显式的，失败不会被隐藏。非零退出码、两次轮次间来自 rust-analyzer 的类型错误、沙箱拒绝——这些被作为修正向量反馈。模型用自己的漂移进行自我校正。
 
-**适度智能。** Fin——关闭思考的廉价 Flash——处理模型自动路由、RLM 子调用、摘要和协调。Pro 用于架构、调试和安全审查。`--model auto` 每轮选择模型和思考强度。每个问题匹配恰当的智能量。
+三种模式控制行动空间。Plan 只读。Agent 对破坏性操作设审批门控。YOLO 在可信工作区自动批准。macOS Seatbelt 是主动执行的沙箱；Linux Landlock 可检测但未执行；Windows 沙箱尚未开放。
 
-**长程注意力经济学。** 100 万 token 上下文窗口，前缀缓存遥测。缓存命中比未命中便宜约 100 倍。`/statusline` 芯片实时显示前缀稳定性，让你能看到某次变更是否即将破坏缓存预算。
+Fin——关闭思考的廉价 Flash 调用——每轮处理模型自动路由。`--model auto` 是默认值。
 
-**自由与恢复。** 每轮记录 side-git 快照，不影响仓库 `.git`。`/restore` 和 `revert_turn` 即刻回滚工作区。危险操作在 OS 级沙箱化。你可以让模型放手尝试。
+每轮记录 side-git 快照，在仓库 `.git` 之外。`/restore` 和 `revert_turn` 即刻回滚工作区。
 
-其余功能面：**RLM 会话**（持久化 Python REPL，配合 `peek`、`search`、`chunk`、`sub_query_batch` 辅助函数进行批量分析）、**LSP 诊断**（每次编辑后 rust-analyzer、pyright、tsserver、gopls、clangd 的内联错误）、**MCP 协议**、**HTTP/SSE 运行时 API**、重启后仍存活的**持久化任务队列**、Zed 等编辑器的 **ACP 适配器**、**SWE-bench 导出**、**可安装技能**、**主题选择器**、**桌面通知**、以及带缓存命中/未命中明细的**实时成本追踪**。
+子智能体并发运行（最多 20 个）。`agent_open` 立即返回；结果以内联完成哨兵形式到达，携带摘要。完整对话记录通过 `agent_eval` 的有界句柄保存。详见 [docs/SUBAGENTS.md](docs/SUBAGENTS.md)。
+
+其余功能面：每次编辑后的 LSP 诊断（rust-analyzer、pyright、typescript-language-server、gopls、clangd）、RLM 会话批量分析、MCP 协议、HTTP/SSE 运行时 API、持久化任务队列、Zed 的 ACP 适配器、SWE-bench 导出、以及带缓存命中/未命中明细的实时成本追踪。
 
 ---
 

From cd357de0c839592782cb217a76a510b5d9d0f1a0 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Tue, 26 May 2026 17:28:21 +0200
Subject: [PATCH 042/283] =?UTF-8?q?feat:=20QoL=20=E2=80=94=20taskbar=20pro?=
 =?UTF-8?q?gress,=20animated=20title=20spinner,=20and=20configurable=20com?=
 =?UTF-8?q?pletion=20sound=20(#1871)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/config.rs                |  18 +++
 crates/tui/src/core/engine/turn_loop.rs |   5 +
 crates/tui/src/tui/notifications.rs     | 168 ++++++++++++++++++++++++
 crates/tui/src/tui/ui.rs                |   7 +
 crates/tui/src/tui/ui/tests.rs          |   2 +
 5 files changed, 200 insertions(+)

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 681c7c94..09bc1eb2 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -542,6 +542,19 @@ fn default_threshold_secs() -> u64 {
     30
 }
 
+/// Completion sound options.
+#[derive(Debug, Clone, Copy, Deserialize, Default, PartialEq, Eq)]
+#[serde(rename_all = "kebab-case")]
+pub enum CompletionSound {
+    /// No sound on turn completion.
+    Off,
+    /// System notification beep (default). On Windows uses `MessageBeep`.
+    #[default]
+    Beep,
+    /// Terminal BEL character (`\x07`).
+    Bell,
+}
+
 /// Desktop-notification configuration (OSC 9 / BEL on turn completion).
 #[derive(Debug, Clone, Deserialize, Default)]
 pub struct NotificationsConfig {
@@ -561,6 +574,11 @@ pub struct NotificationsConfig {
     /// Default: `false`.
     #[serde(default)]
     pub include_summary: bool,
+
+    /// Completion sound: `"off"` | `"beep"` | `"bell"`. Default: `"beep"`.
+    /// Plays a sound when every turn finishes (alongside the ✅ marker).
+    #[serde(default)]
+    pub completion_sound: CompletionSound,
 }
 
 fn default_snapshots_enabled() -> bool {
diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index ca5d6b89..1a1a9104 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -20,6 +20,11 @@ impl Engine {
         mode: AppMode,
         force_update_plan_first: bool,
     ) -> (TurnOutcomeStatus, Option<String>) {
+        // Signal to the terminal / taskbar that a turn is in progress
+        // (OSC 9 ; 4 indeterminate progress + title spinner).
+        crate::tui::notifications::set_taskbar_progress_busy();
+        crate::tui::notifications::start_title_animation("DeepSeek TUI");
+
         let client = self
             .deepseek_client
             .clone()
diff --git a/crates/tui/src/tui/notifications.rs b/crates/tui/src/tui/notifications.rs
index 670f73f9..1087c4ac 100644
--- a/crates/tui/src/tui/notifications.rs
+++ b/crates/tui/src/tui/notifications.rs
@@ -17,6 +17,8 @@ use windows::Win32::System::Diagnostics::Debug::MessageBeep;
 use windows::Win32::UI::WindowsAndMessaging::MESSAGEBOX_STYLE;
 
 use std::io::{self, Write};
+use std::sync::atomic::AtomicU8;
+use std::sync::atomic::{AtomicBool, Ordering};
 use std::time::Duration;
 
 /// Notification delivery method.
@@ -207,6 +209,170 @@ pub fn notify_done(
     notify_done_to(method, in_tmux, msg, threshold, elapsed, &mut io::stdout());
 }
 
+/// Set the terminal taskbar progress state via OSC 9 ; 4.
+///
+/// Windows Terminal supports this to show progress on the taskbar icon:
+/// - `state = 0` — no progress (clear)
+/// - `state = 1` — indeterminate (cycling green)
+/// - `state = 2` — normal (0-100, requires progress param)
+/// - `state = 3` — error (red)
+/// - `state = 4` — paused (yellow)
+///
+/// Other terminals (iTerm2, WezTerm) ignore the sequence silently.
+/// Best-effort — write failures are ignored.
+pub fn set_taskbar_progress(state: u8, progress: Option<u8>) {
+    let seq = if let Some(pct) = progress {
+        format!("\x1b]9;4;{state};{pct}\x07")
+    } else {
+        format!("\x1b]9;4;{state}\x07")
+    };
+    let mut stdout = io::stdout();
+    let _ = stdout.write_all(seq.as_bytes());
+    let _ = stdout.flush();
+}
+
+/// Set taskbar progress to indeterminate (cycling) — call at turn start.
+pub fn set_taskbar_progress_busy() {
+    set_taskbar_progress(1, None);
+}
+
+/// Clear taskbar progress — call at turn end.
+pub fn clear_taskbar_progress() {
+    set_taskbar_progress(0, None);
+}
+
+/// Animation frame characters for the terminal title.
+/// Uses the DeepSeek whale emoji (🐳 spouting, 🐋 resting) to match the
+/// existing header status indicator in the TUI.
+const TITLE_FRAMES: &[&str] = &["🐳", "🐋", "🐳", "🐋"];
+const TITLE_ANIMATION_INTERVAL: Duration = Duration::from_millis(800);
+
+/// Shared flag controlling the title animation loop. Set to `true` by
+/// `start_title_animation()`, cleared by `stop_title_animation()`.
+static TITLE_ANIMATION_RUNNING: AtomicBool = AtomicBool::new(false);
+
+/// Write OSC 0 (set window title) sequence.
+fn set_terminal_title(title: &str) {
+    let seq = format!("\x1b]0;{title}\x07");
+    let mut stdout = io::stdout();
+    let _ = stdout.write_all(seq.as_bytes());
+    let _ = stdout.flush();
+}
+
+/// Tracks whether the ✅ completion marker was set, so
+/// `reset_title_on_interaction()` can skip redundant writes.
+static COMPLETION_MARKER_SHOWN: AtomicBool = AtomicBool::new(false);
+
+/// Start an animated terminal title spinner.
+///
+/// Cycles the terminal title between 🐳→🐋 every 800ms while processing,
+/// matching the whale status indicator in the TUI header, so alt-tabbed
+/// users can see activity.
+///
+/// The animation runs in a background tokio task that checks
+/// `TITLE_ANIMATION_RUNNING`. Each call restarts the animation with the
+/// given `original` base title — safe to call on every turn start.
+pub fn start_title_animation(original: &str) {
+    // Signal any existing animation loop to exit, then start fresh.
+    TITLE_ANIMATION_RUNNING.store(true, Ordering::SeqCst);
+    let base = original.to_string();
+    tokio::spawn(async move {
+        let mut frame = 0usize;
+        while TITLE_ANIMATION_RUNNING.load(Ordering::SeqCst) {
+            // Yield once per frame so a racing stop_title_animation()
+            // can observe the cleared flag and apply the completion
+            // marker before the next frame write. Without this yield
+            // the background task could overwrite the ✅ marker with
+            // the next whale frame.
+            tokio::task::yield_now().await;
+            if !TITLE_ANIMATION_RUNNING.load(Ordering::SeqCst) {
+                break;
+            }
+            let spinner = TITLE_FRAMES[frame % TITLE_FRAMES.len()];
+            set_terminal_title(&format!("{spinner} {base}"));
+            frame += 1;
+            tokio::time::sleep(TITLE_ANIMATION_INTERVAL).await;
+        }
+        // Don't restore title here — stop_title_animation() handles
+        // what to show on completion (e.g. ✅ marker).
+    });
+}
+
+/// Stop the title animation and show a completion marker.
+///
+/// Sets the title to `✅ <base>` so alt-tabbed users see at a glance
+/// that processing finished. The marker is overwritten on the next turn
+/// by [`start_title_animation`].
+pub fn stop_title_animation() {
+    TITLE_ANIMATION_RUNNING.store(false, Ordering::SeqCst);
+    COMPLETION_MARKER_SHOWN.store(false, Ordering::SeqCst);
+    // Show ✅ marker only for beep mode. Bell mode already has its own
+    // terminal-level visual indicator (flash/icon).
+    let mode = COMPLETION_SOUND_MODE.load(Ordering::SeqCst);
+    if mode == 1 {
+        set_terminal_title("✅ DeepSeek TUI");
+    }
+    play_completion_sound();
+}
+
+/// Clear the ✅ completion marker from the title when the user interacts.
+///
+/// Call this on every user input event (key press, mouse click) so the
+/// marker doesn't persist once the user is back at the terminal.
+pub fn reset_title_on_interaction() {
+    if COMPLETION_MARKER_SHOWN.swap(false, Ordering::SeqCst) {
+        set_terminal_title("DeepSeek TUI");
+    }
+}
+
+/// Completion sound mode (0 = off, 1 = beep, 2 = bell).
+static COMPLETION_SOUND_MODE: AtomicU8 = AtomicU8::new(1);
+
+/// Set the completion sound mode from config.
+/// Call once at startup or on `/settings` change.
+pub fn set_completion_sound_mode(mode: crate::config::CompletionSound) {
+    let val = match mode {
+        crate::config::CompletionSound::Off => 0u8,
+        crate::config::CompletionSound::Beep => 1u8,
+        crate::config::CompletionSound::Bell => 2u8,
+    };
+    COMPLETION_SOUND_MODE.store(val, Ordering::SeqCst);
+}
+
+/// Play the configured completion sound (if not `Off`).
+pub fn play_completion_sound() {
+    match COMPLETION_SOUND_MODE.load(Ordering::SeqCst) {
+        0 => {} // Off
+        1 => {
+            beep_sound();
+        }
+        2 => {
+            bell_sound();
+        }
+        _ => {}
+    }
+}
+
+/// Play a short completion sound via the system beep.
+///
+/// On Windows uses `MessageBeep(MB_OK)` which plays the default system
+/// notification sound. On other platforms writes `BEL` (`\x07`) to stdout.
+#[cfg(target_os = "windows")]
+fn beep_sound() {
+    windows_bell();
+}
+
+/// Non-Windows: write BEL to stdout for the terminal bell.
+#[cfg(not(target_os = "windows"))]
+fn beep_sound() {
+    let _ = io::stdout().write_all(b"\x07");
+}
+
+/// Pure terminal BEL character.
+fn bell_sound() {
+    let _ = io::stdout().write_all(b"\x07");
+}
+
 /// Return a human-readable duration string, capped at two units so
 /// it stays compact in headers and notifications.
 ///
@@ -289,6 +455,8 @@ use crate::tui::app::App;
 /// `Off`).
 pub fn settings(config: &crate::config::Config) -> Option<(Method, Duration, bool)> {
     let notif = config.notifications_config();
+    // Initialize completion sound mode from config.
+    set_completion_sound_mode(notif.completion_sound);
     let method = match notif.method {
         crate::config::NotificationMethod::Auto => Method::Auto,
         crate::config::NotificationMethod::Osc9 => Method::Osc9,
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index bf5e9e3d..73c86c63 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1541,6 +1541,8 @@ async fn run_event_loop(
                                 threshold,
                                 turn_elapsed,
                             );
+                            crate::tui::notifications::clear_taskbar_progress();
+                            crate::tui::notifications::stop_title_animation();
                         }
 
                         // Generate post-turn receipt for completed turns.
@@ -2333,6 +2335,8 @@ async fn run_event_loop(
             if app.use_mouse_capture
                 && let Event::Mouse(mouse) = evt
             {
+                // Mouse interaction clears the ✅ completion marker.
+                crate::tui::notifications::reset_title_on_interaction();
                 if should_drop_loading_mouse_motion(app, mouse) {
                     continue;
                 }
@@ -2353,6 +2357,9 @@ async fn run_event_loop(
                 continue;
             }
 
+            // User interaction — clear the ✅ completion marker from the title.
+            crate::tui::notifications::reset_title_on_interaction();
+
             let Event::Key(key) = evt else {
                 continue;
             };
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index ed3dfabc..c73a6a6e 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -6089,6 +6089,7 @@ fn notification_settings_tui_always_keeps_configured_method_no_threshold() {
         notifications: Some(crate::config::NotificationsConfig {
             method: crate::config::NotificationMethod::Bel,
             threshold_secs: 120,
+            completion_sound: crate::config::CompletionSound::Beep,
             include_summary: true,
         }),
         ..Config::default()
@@ -6120,6 +6121,7 @@ fn notification_settings_no_tui_override_uses_notifications_block() {
         notifications: Some(crate::config::NotificationsConfig {
             method: crate::config::NotificationMethod::Osc9,
             threshold_secs: 45,
+            completion_sound: crate::config::CompletionSound::Beep,
             include_summary: false,
         }),
         ..Config::default()

From 87f7f05fee88629d703bd2d191142c456850f962 Mon Sep 17 00:00:00 2001
From: dongchao <2193993758@qq.com>
Date: Tue, 26 May 2026 23:28:58 +0800
Subject: [PATCH 043/283] fix: improve user feedback during long operations and
 on turn completion (#2166)

Three interrelated feedback issues resolved:

1. Windows desktop notifications (notifications.rs)
   - resolve_method() now returns Method::Bel on Windows instead of
     Method::Off, so windows_bell() (MessageBeep) fires a system
     notification sound when a long turn completes.

2. Tool output summary truncation (history.rs)
   - TOOL_TEXT_LIMIT increased from 180 to 300 characters, reducing
     the chance that meaningful tool output is cut short in the
     one-line summary shown in tool cards.

3. Turn completion status visibility (ui.rs)
   - Added a push_status_toast(Info, 10s TTL) call alongside the
     existing set_receipt_text() in the TurnComplete handler. The
     receipt text is now visible in both the composer border (8s)
     and the footer status bar (10s).

4. Footer working-time feedback (footer_ui.rs)
   - Footer state label now includes elapsed seconds from
     turn_started_at immediately, instead of waiting 30 seconds for
     the stall_reason classification to kick in.
   - When app.is_loading is true, the label shows elapsed time so
     users see ongoing progress during model-loading phases.
---
 crates/tui/src/tui/footer_ui.rs     | 23 +++++++++++++++++++++--
 crates/tui/src/tui/history.rs       |  2 +-
 crates/tui/src/tui/notifications.rs |  7 ++++++-
 crates/tui/src/tui/ui.rs            | 13 +++++++++++++
 4 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 1ced179b..52cf066b 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -78,10 +78,29 @@ pub(crate) fn render_footer(f: &mut Frame, area: Rect, app: &mut App) {
         let dot_frame = footer_working_label_frame(now_ms, app.fancy_animations);
         // Surface one compact live status row in the footer whenever a turn
         // is live. Tool turns get the current action plus active/done counts;
-        // non-tool work falls back to the existing dot-pulse label.
+        // non-tool work falls back to a descriptive label with elapsed time.
+        let elapsed_secs = app
+            .turn_started_at
+            .map(|t| t.elapsed().as_secs())
+            .unwrap_or(0);
         let mut label = active_subagent_status_label(app)
             .or_else(|| active_tool_status_label(app))
-            .unwrap_or_else(|| crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale));
+            .unwrap_or_else(|| {
+                // Show a more specific label when the model is still loading
+                // or compacting, not just a generic "working…".
+                let base = if app.is_loading {
+                    crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale)
+                } else if app.is_compacting {
+                    "compacting"
+                } else {
+                    crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale)
+                };
+                if elapsed_secs > 0 {
+                    format!("{base} ({elapsed_secs}s)")
+                } else {
+                    base.to_string()
+                }
+            });
         // Append stall reason when the turn has been running > 30 s.
         if let Some(reason) = stall_reason(app) {
             label = format!("{label}  ({reason})");
diff --git a/crates/tui/src/tui/history.rs b/crates/tui/src/tui/history.rs
index 477eafa0..90a07b9e 100644
--- a/crates/tui/src/tui/history.rs
+++ b/crates/tui/src/tui/history.rs
@@ -21,7 +21,7 @@ use crate::tui::markdown_render;
 use std::process::Command;
 const TOOL_COMMAND_LINE_LIMIT: usize = 3;
 const TOOL_OUTPUT_LINE_LIMIT: usize = 6;
-const TOOL_TEXT_LIMIT: usize = 180;
+const TOOL_TEXT_LIMIT: usize = 300;
 const TOOL_HEADER_SUMMARY_LIMIT: usize = 56;
 const TOOL_OUTPUT_HEAD_LINES: usize = 2;
 const TOOL_OUTPUT_TAIL_LINES: usize = 2;
diff --git a/crates/tui/src/tui/notifications.rs b/crates/tui/src/tui/notifications.rs
index 1087c4ac..d2b068e8 100644
--- a/crates/tui/src/tui/notifications.rs
+++ b/crates/tui/src/tui/notifications.rs
@@ -87,8 +87,13 @@ fn resolve_method() -> Method {
         _ => {}
     }
 
+    // Windows: use BEL so `windows_bell()` (MessageBeep) fires on turn
+    // completion.  Previous behavior returned `Off` to avoid the error chime
+    // (#583), but `MessageBeep(MB_OK)` plays the *default system sound* —
+    // distinct from the error sound — so BEL is safe and gives Windows users
+    // audible feedback when a long turn finishes.
     if cfg!(target_os = "windows") {
-        return Method::Off;
+        return Method::Bel;
     }
 
     // Ghostty-based terminals (cmux, etc.) may not set their own
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 73c86c63..758f84a9 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1546,6 +1546,10 @@ async fn run_event_loop(
                         }
 
                         // Generate post-turn receipt for completed turns.
+                        // Also push a persistent status toast so users always
+                        // see the outcome in the footer (not just the 8-second
+                        // composer receipt), regardless of notification method
+                        // or platform.
                         if status == crate::core::events::TurnOutcomeStatus::Completed {
                             let tool_count = app.tool_evidence.len();
                             let mut receipt = "✓ turn completed".to_string();
@@ -1561,6 +1565,15 @@ async fn run_event_loop(
                                 }
                             }
                             app.set_receipt_text(receipt);
+                            // Mirror as a persistent status toast (10s TTL).
+                            // The footer bar visibly shows status toasts,
+                            // which is more glanceable than the composer
+                            // border receipt alone.
+                            app.push_status_toast(
+                                receipt,
+                                crate::tui::app::StatusToastLevel::Info,
+                                Some(10_000),
+                            );
                         }
 
                         // Auto-save completed turn and clear crash checkpoint.

From 5fcb399a38c7276095fa322ef8b327159b3ee63d Mon Sep 17 00:00:00 2001
From: dongchao <2193993758@qq.com>
Date: Tue, 26 May 2026 23:29:03 +0800
Subject: [PATCH 044/283] fix(rlm): route large stdout/stderr via var_handle
 instead of inlining (#2163)

---
 crates/tui/src/tools/rlm.rs | 65 +++++++++++++++++++++++++++++++------
 1 file changed, 55 insertions(+), 10 deletions(-)

diff --git a/crates/tui/src/tools/rlm.rs b/crates/tui/src/tools/rlm.rs
index 36ae09b6..81f66d6a 100644
--- a/crates/tui/src/tools/rlm.rs
+++ b/crates/tui/src/tools/rlm.rs
@@ -27,6 +27,11 @@ const DEFAULT_CHILD_MODEL: &str = "deepseek-v4-flash";
 const MAX_INLINE_CONTENT_CHARS: usize = 200_000;
 const FULL_STDOUT_HEAD_CHARS: usize = 4_096;
 const FULL_STDOUT_TAIL_CHARS: usize = 1_024;
+
+/// When `rlm_eval` stdout exceeds this many characters the full body is
+/// stored as a `var_handle` instead of inlined into the parent transcript.
+/// The model retrieves the body via `handle_read` using the returned handle.
+const STDOUT_HANDLE_THRESHOLD_CHARS: usize = 1_000;
 const HARD_SUB_RLM_DEPTH_CAP: u32 = 3;
 
 pub struct RlmSessionObjectsTool;
@@ -217,8 +222,11 @@ impl ToolSpec for RlmEvalTool {
          bounded projection of stdout/stderr plus metadata. If the code calls \
          FINAL/finalize, the final value is stored as a var_handle retrievable \
          with handle_read instead of copied unbounded into the parent context. \
-         Batch child helpers require dependency_mode='independent'; use \
-         sub_query_sequence or a sequential loop for dependent work."
+         Large stdout/stderr payloads (>1k chars) are also stored as \
+         var_handles (returned in stdout_handle / stderr_handle) to keep the \
+         parent transcript lean. Batch child helpers require \
+         dependency_mode='independent'; use sub_query_sequence or a \
+         sequential loop for dependent work."
     }
 
     fn input_schema(&self) -> Value {
@@ -299,14 +307,45 @@ impl ToolSpec for RlmEvalTool {
         let had_error = round.has_error;
         let rpc_count = round.rpc_count;
         let duration_ms = round.elapsed.as_millis() as u64;
-        let stdout_preview = match config.output_feedback {
-            OutputFeedback::Full => Some(preview_output(&round.full_stdout)),
-            OutputFeedback::Metadata => None,
-        };
-        let stderr_preview = match config.output_feedback {
-            OutputFeedback::Full if !round.stderr.is_empty() => Some(preview_output(&round.stderr)),
-            _ => None,
-        };
+        // Route large stdout/stderr into a var_handle to avoid bloat in
+        // the parent transcript. The model calls handle_read for bounded
+        // projections; a short inline note describes availability.
+        fn route_output(
+            text: &str,
+            feedback: &OutputFeedback,
+            store: &mut crate::tools::handle::HandleStore,
+            session_id: &str,
+            tag: &str,
+        ) -> (Option<String>, Option<crate::tools::handle::VarHandle>) {
+            let threshold = STDOUT_HANDLE_THRESHOLD_CHARS;
+            match (feedback, text.len()) {
+                (OutputFeedback::Full, len) if len <= threshold => {
+                    (Some(preview_output(text)), None)
+                }
+                (OutputFeedback::Full, _) if !text.trim().is_empty() => {
+                    // Store full body as a handle for out-of-band retrieval
+                    let name = format!("{tag}_{}", 0); // single counter is fine
+                    let handle = store.insert_text(session_id, name, text);
+                    (Some(format!("{} chars; retrieve via handle_read", text.len())), Some(handle))
+                }
+                _ => (None, None),
+            }
+        }
+
+        let (stdout_preview, stdout_handle) = route_output(
+            &round.full_stdout,
+            &config.output_feedback,
+            &mut *context.runtime.handle_store.lock().await,
+            &session.id,
+            "stdout",
+        );
+        let (stderr_preview, stderr_handle) = route_output(
+            &round.stderr,
+            &config.output_feedback,
+            &mut *context.runtime.handle_store.lock().await,
+            &session.id,
+            "stderr",
+        );
 
         let mut output = json!({
             "name": session.name,
@@ -323,6 +362,12 @@ impl ToolSpec for RlmEvalTool {
         if let Some(stderr_preview) = stderr_preview {
             output["stderr_preview"] = json!(stderr_preview);
         }
+        if let (Some(h), Some(c)) = (stdout_handle, stdout_preview) {
+            output["stdout_handle"] = json!(h);
+        }
+        if let (Some(h), Some(c)) = (stderr_handle, stderr_preview) {
+            output["stderr_handle"] = json!(h);
+        }
         if let Some(confidence) = round.final_confidence.clone() {
             output["confidence"] = confidence;
         }

From 5e53866cc9dee50f3530bb47d7b74fd41fa9f60e Mon Sep 17 00:00:00 2001
From: bluth <ycl_pj@163.com>
Date: Tue, 26 May 2026 23:29:08 +0800
Subject: [PATCH 045/283] fix(feishu): reply inside thread/topic instead of
 creating standalone topics (#2148)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When running in a Feishu thread-enabled group (话题群), every bot
response — status messages, approval prompts, streaming progress,
turn results — was sent via the Lark SDK's `create` API which spawns
a new standalone topic.  The user sees a cluttered group with orphan
topics for each intermediate bot message.

Root cause: `sendText()` only called `client.im.message.create()`
with a bare `chat_id`, never passing any reply context.  The Feishu
`reply` API was completely unused.

Fix (two changes, one site each):

1. **lib.mjs — incomingIdentity()**: expose `parentId`, `rootId`,
   `threadId` from the raw Feishu message event so callers can
   determine thread context.  (Not consumed directly yet, but
   available for future use.)

2. **index.mjs**:
   - `handleIncomingMessage()`: store the latest incoming
     `messageId` as `replyToMessageId` in the per-chat thread store.
   - `sendText()`: look up `replyToMessageId` from the thread store;
     when present, call `client.im.message.reply()` instead of
     `create()`.  This keeps ALL bot responses nested under the
     original user message inside the same topic.

No config changes needed.  New chats automatically start using the
reply path; existing chats without a `replyToMessageId` in the store
fall back to the old `create` behaviour.

/ 修复飞书话题群中 bot 消息新建独立话题的问题。所有回复改为使用 reply API
/ 在原话题内嵌套回复，而非通过 create API 创建新话题。
---
 integrations/feishu-bridge/src/index.mjs | 58 ++++++++++++++++++++----
 integrations/feishu-bridge/src/lib.mjs   |  8 +++-
 2 files changed, 57 insertions(+), 9 deletions(-)

diff --git a/integrations/feishu-bridge/src/index.mjs b/integrations/feishu-bridge/src/index.mjs
index 535ebd06..669da19c 100644
--- a/integrations/feishu-bridge/src/index.mjs
+++ b/integrations/feishu-bridge/src/index.mjs
@@ -145,6 +145,29 @@ async function handleIncomingMessage(event) {
   const identity = incomingIdentity(event);
   if (!identity.chatId) return;
 
+  // Store the incoming message ID so sendText() can reply inside the same
+  // Feishu thread/topic — without this, every bot message creates a new
+  // standalone topic in thread-enabled groups.
+  // / 缓存入站消息 ID，让 sendText 能通过 reply API 在同一话题内回复。
+  // / 否则每条 bot 消息都会在话题群中创建独立的新话题（见 #1710）。
+  if (identity.messageId) {
+    const existing = await threadStore.getChat(identity.chatId);
+    if (existing) {
+      await threadStore.patchChat(identity.chatId, {
+        replyToMessageId: identity.messageId,
+        updatedAt: new Date().toISOString()
+      });
+    } else {
+      await threadStore.setChat(identity.chatId, {
+        replyToMessageId: identity.messageId,
+        threadId: null,
+        lastSeq: 0,
+        activeTurnId: null,
+        updatedAt: new Date().toISOString()
+      });
+    }
+  }
+
   if (identity.messageType && identity.messageType !== "text") {
     await sendText(identity.chatId, "Only text messages are supported in this first bridge.");
     return;
@@ -531,21 +554,40 @@ async function decideApproval(chatId, action) {
 }
 
 async function sendText(chatId, text) {
+  // Try reply API first — keeps bot responses inside the same Feishu
+  // thread/topic instead of spawning new standalone topics.
+  // / 优先使用 reply API，确保 bot 回复留在话题群的同一条话题内。
+  const state = await threadStore.getChat(chatId);
+  const replyToMessageId = state?.replyToMessageId || null;
+
+  const replyMessage =
+    replyToMessageId
+      ? client.im?.v1?.message?.reply?.bind(client.im.v1.message) ||
+        client.im?.message?.reply?.bind(client.im.message)
+      : null;
   const createMessage =
     client.im?.v1?.message?.create?.bind(client.im.v1.message) ||
     client.im?.message?.create?.bind(client.im.message);
   if (!createMessage) {
     throw new Error("Lark SDK client does not expose im message create API");
   }
+
   for (const chunk of splitMessage(text, config.maxReplyChars)) {
-    await createMessage({
-      params: { receive_id_type: "chat_id" },
-      data: {
-        receive_id: chatId,
-        msg_type: "text",
-        content: JSON.stringify({ text: chunk })
-      }
-    });
+    const body = {
+      msg_type: "text",
+      content: JSON.stringify({ text: chunk })
+    };
+    if (replyMessage) {
+      await replyMessage({
+        path: { message_id: replyToMessageId },
+        data: body
+      });
+    } else {
+      await createMessage({
+        params: { receive_id_type: "chat_id" },
+        data: { ...body, receive_id: chatId }
+      });
+    }
   }
 }
 
diff --git a/integrations/feishu-bridge/src/lib.mjs b/integrations/feishu-bridge/src/lib.mjs
index a16daf93..b6dae5f2 100644
--- a/integrations/feishu-bridge/src/lib.mjs
+++ b/integrations/feishu-bridge/src/lib.mjs
@@ -67,7 +67,13 @@ export function incomingIdentity(event) {
     messageType: message.message_type || "",
     openId: sender.open_id || "",
     unionId: sender.union_id || "",
-    userId: sender.user_id || ""
+    userId: sender.user_id || "",
+    // Thread/topic group context: these fields let the bridge reply
+    // inside the same topic instead of spawning a new standalone topic.
+    // / 话题群上下文：用于在同一话题内回复，而非新建独立话题。
+    parentId: message.parent_id || "",
+    rootId: message.root_id || "",
+    threadId: message.thread_id || ""
   };
 }
 

From d022d2b29306fbb352bdcb2445c8670793f1d1ca Mon Sep 17 00:00:00 2001
From: nanookclaw <nanook@agentmail.to>
Date: Tue, 26 May 2026 15:30:20 +0000
Subject: [PATCH 046/283] fix: show search provider in doctor output (#2135)

Signed-off-by: Nanook <nanookclaw@users.noreply.github.com>
Co-authored-by: Nanook <nanookclaw@users.noreply.github.com>
---
 crates/tui/src/config.rs          | 137 ++++++++++++++++++++++++++++++
 crates/tui/src/main.rs            | 120 ++++++++++++++++++++++++--
 crates/tui/src/runtime_threads.rs |   7 +-
 crates/tui/src/tui/ui.rs          |   6 +-
 4 files changed, 254 insertions(+), 16 deletions(-)

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 09bc1eb2..3799031f 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -660,6 +660,17 @@ pub enum SearchProvider {
 }
 
 impl SearchProvider {
+    #[must_use]
+    pub fn parse(value: &str) -> Option<Self> {
+        match value.trim().to_ascii_lowercase().as_str() {
+            "bing" => Some(Self::Bing),
+            "duckduckgo" | "duck-duck-go" | "duck_duck_go" | "ddg" => Some(Self::DuckDuckGo),
+            "tavily" => Some(Self::Tavily),
+            "bocha" => Some(Self::Bocha),
+            _ => None,
+        }
+    }
+
     #[must_use]
     pub fn as_str(self) -> &'static str {
         match self {
@@ -671,6 +682,30 @@ impl SearchProvider {
     }
 }
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum SearchProviderSource {
+    Default,
+    Config,
+    EnvOverride,
+}
+
+impl SearchProviderSource {
+    #[must_use]
+    pub fn as_str(self) -> &'static str {
+        match self {
+            Self::Default => "default",
+            Self::Config => "config",
+            Self::EnvOverride => "env override",
+        }
+    }
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub struct SearchProviderResolution {
+    pub provider: SearchProvider,
+    pub source: SearchProviderSource,
+}
+
 /// Web search provider configuration (`[search]` table in config.toml).
 #[derive(Debug, Clone, Deserialize, Default)]
 pub struct SearchConfig {
@@ -1324,6 +1359,35 @@ struct RequirementsFile {
 // === Config Loading ===
 
 impl Config {
+    #[must_use]
+    pub fn search_provider_resolution(&self) -> SearchProviderResolution {
+        if let Ok(raw) = std::env::var("DEEPSEEK_SEARCH_PROVIDER")
+            && let Some(provider) = SearchProvider::parse(&raw)
+        {
+            return SearchProviderResolution {
+                provider,
+                source: SearchProviderSource::EnvOverride,
+            };
+        }
+
+        if let Some(provider) = self.search.as_ref().and_then(|search| search.provider) {
+            return SearchProviderResolution {
+                provider,
+                source: SearchProviderSource::Config,
+            };
+        }
+
+        SearchProviderResolution {
+            provider: SearchProvider::default(),
+            source: SearchProviderSource::Default,
+        }
+    }
+
+    #[must_use]
+    pub fn search_provider(&self) -> SearchProvider {
+        self.search_provider_resolution().provider
+    }
+
     /// Return `true` if the `[auto] cost_saving = true` opt-in is set
     /// (#1207). When true, the auto-mode router biases toward
     /// `deepseek-v4-flash` for ambiguous requests instead of escalating to
@@ -4170,6 +4234,79 @@ mod tests {
         );
     }
 
+    #[test]
+    fn search_provider_resolution_reports_default_source() {
+        let _guard = lock_test_env();
+        let prev = env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { env::remove_var("DEEPSEEK_SEARCH_PROVIDER") };
+
+        let resolution = Config::default().search_provider_resolution();
+
+        unsafe { EnvGuard::restore_var("DEEPSEEK_SEARCH_PROVIDER", prev) };
+        assert_eq!(resolution.provider, SearchProvider::Bing);
+        assert_eq!(resolution.source, SearchProviderSource::Default);
+    }
+
+    #[test]
+    fn search_provider_resolution_reports_config_source() {
+        let _guard = lock_test_env();
+        let prev = env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { env::remove_var("DEEPSEEK_SEARCH_PROVIDER") };
+        let config: Config = toml::from_str(
+            r#"
+            [search]
+            provider = "tavily"
+            "#,
+        )
+        .expect("search config");
+
+        let resolution = config.search_provider_resolution();
+
+        unsafe { EnvGuard::restore_var("DEEPSEEK_SEARCH_PROVIDER", prev) };
+        assert_eq!(resolution.provider, SearchProvider::Tavily);
+        assert_eq!(resolution.source, SearchProviderSource::Config);
+    }
+
+    #[test]
+    fn search_provider_resolution_reports_env_override_source() {
+        let _guard = lock_test_env();
+        let prev = env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { env::set_var("DEEPSEEK_SEARCH_PROVIDER", "bocha") };
+        let config: Config = toml::from_str(
+            r#"
+            [search]
+            provider = "duckduckgo"
+            "#,
+        )
+        .expect("search config");
+
+        let resolution = config.search_provider_resolution();
+
+        unsafe { EnvGuard::restore_var("DEEPSEEK_SEARCH_PROVIDER", prev) };
+        assert_eq!(resolution.provider, SearchProvider::Bocha);
+        assert_eq!(resolution.source, SearchProviderSource::EnvOverride);
+    }
+
+    #[test]
+    fn search_provider_resolution_ignores_invalid_env_override() {
+        let _guard = lock_test_env();
+        let prev = env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { env::set_var("DEEPSEEK_SEARCH_PROVIDER", "not-a-provider") };
+        let config: Config = toml::from_str(
+            r#"
+            [search]
+            provider = "tavily"
+            "#,
+        )
+        .expect("search config");
+
+        let resolution = config.search_provider_resolution();
+
+        unsafe { EnvGuard::restore_var("DEEPSEEK_SEARCH_PROVIDER", prev) };
+        assert_eq!(resolution.provider, SearchProvider::Tavily);
+        assert_eq!(resolution.source, SearchProviderSource::Config);
+    }
+
     struct EnvGuard {
         home: Option<OsString>,
         userprofile: Option<OsString>,
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 70af305b..32cf6433 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -2083,6 +2083,7 @@ async fn run_doctor(config: &Config, workspace: &Path, config_path_override: Opt
         );
     }
     println!("  workspace: {}", crate::utils::display_path(workspace));
+    println!("  {}", doctor_search_provider_line(config));
 
     // State root (v0.8.44)
     println!();
@@ -3047,6 +3048,7 @@ fn run_doctor_json(
             "message": strict_tool_mode.message,
             "recommended_base_url": strict_tool_mode.recommended_base_url,
         },
+        "search_provider": doctor_search_provider_json(config),
         "memory": memory_summary,
         "mcp": mcp_summary,
         "skills": {
@@ -3156,6 +3158,38 @@ fn provider_capability_report(config: &Config) -> serde_json::Value {
     })
 }
 
+fn doctor_search_provider_line(config: &Config) -> String {
+    let search_provider = config.search_provider_resolution();
+    let switch_hint = if matches!(
+        (search_provider.provider, search_provider.source),
+        (
+            crate::config::SearchProvider::Bing,
+            crate::config::SearchProviderSource::Default
+        )
+    ) {
+        "; set [search] provider = \"duckduckgo\" | \"tavily\" | \"bocha\" to switch"
+    } else {
+        ""
+    };
+
+    format!(
+        "search_provider: {} (source: {}{})",
+        search_provider.provider.as_str(),
+        search_provider.source.as_str(),
+        switch_hint
+    )
+}
+
+fn doctor_search_provider_json(config: &Config) -> serde_json::Value {
+    use serde_json::json;
+
+    let search_provider = config.search_provider_resolution();
+    json!({
+        "provider": search_provider.provider.as_str(),
+        "source": search_provider.source.as_str(),
+    })
+}
+
 #[derive(Debug, Clone, PartialEq, Eq)]
 struct DoctorApiTarget {
     provider: &'static str,
@@ -5155,11 +5189,7 @@ async fn run_exec_agent(
         .tag()
         .to_string(),
         workshop: config.workshop.clone(),
-        search_provider: config
-            .search
-            .as_ref()
-            .and_then(|s| s.provider)
-            .unwrap_or_default(),
+        search_provider: config.search_provider(),
         search_api_key: config.search.as_ref().and_then(|s| s.api_key.clone()),
         tools_always_load: config.tools_always_load(),
     };
@@ -5656,6 +5686,86 @@ mod doctor_endpoint_tests {
         assert!(report["alias_deprecation"].is_null());
     }
 
+    #[test]
+    fn doctor_search_provider_line_includes_default_source_and_switch_hint() {
+        let _guard = crate::test_support::lock_test_env();
+        let prev = std::env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") };
+
+        let line = doctor_search_provider_line(&Config::default());
+
+        match prev {
+            Some(value) => unsafe { std::env::set_var("DEEPSEEK_SEARCH_PROVIDER", value) },
+            None => unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") },
+        }
+        assert!(line.contains("search_provider: bing"));
+        assert!(line.contains("source: default"));
+        assert!(line.contains("[search] provider"));
+    }
+
+    #[test]
+    fn doctor_search_provider_json_reports_config_source() {
+        let _guard = crate::test_support::lock_test_env();
+        let prev = std::env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") };
+        let config = Config {
+            search: Some(crate::config::SearchConfig {
+                provider: Some(crate::config::SearchProvider::DuckDuckGo),
+                api_key: None,
+            }),
+            ..Default::default()
+        };
+
+        let report = doctor_search_provider_json(&config);
+
+        match prev {
+            Some(value) => unsafe { std::env::set_var("DEEPSEEK_SEARCH_PROVIDER", value) },
+            None => unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") },
+        }
+        assert_eq!(report["provider"], "duckduckgo");
+        assert_eq!(report["source"], "config");
+    }
+
+    #[test]
+    fn doctor_search_provider_json_reports_env_override_source() {
+        let _guard = crate::test_support::lock_test_env();
+        let prev = std::env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { std::env::set_var("DEEPSEEK_SEARCH_PROVIDER", "tavily") };
+
+        let report = doctor_search_provider_json(&Config::default());
+
+        match prev {
+            Some(value) => unsafe { std::env::set_var("DEEPSEEK_SEARCH_PROVIDER", value) },
+            None => unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") },
+        }
+        assert_eq!(report["provider"], "tavily");
+        assert_eq!(report["source"], "env override");
+    }
+
+    #[test]
+    fn doctor_search_provider_line_omits_switch_hint_when_bing_is_configured() {
+        let _guard = crate::test_support::lock_test_env();
+        let prev = std::env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") };
+        let config = Config {
+            search: Some(crate::config::SearchConfig {
+                provider: Some(crate::config::SearchProvider::Bing),
+                api_key: None,
+            }),
+            ..Default::default()
+        };
+
+        let line = doctor_search_provider_line(&config);
+
+        match prev {
+            Some(value) => unsafe { std::env::set_var("DEEPSEEK_SEARCH_PROVIDER", value) },
+            None => unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") },
+        }
+        assert!(line.contains("search_provider: bing"));
+        assert!(line.contains("source: config"));
+        assert!(!line.contains("[search] provider"));
+    }
+
     #[test]
     fn timeout_recovery_keeps_default_deepseek_users_on_default_endpoint() {
         let config = Config::default();
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 23cad864..9cd65087 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1988,12 +1988,7 @@ impl RuntimeThreadManager {
             .tag()
             .to_string(),
             workshop: self.config.workshop.clone(),
-            search_provider: self
-                .config
-                .search
-                .as_ref()
-                .and_then(|s| s.provider)
-                .unwrap_or_default(),
+            search_provider: self.config.search_provider(),
             search_api_key: self.config.search.as_ref().and_then(|s| s.api_key.clone()),
             tools_always_load: self.config.tools_always_load(),
         };
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 758f84a9..eea1c7e3 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -722,11 +722,7 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         goal_objective: app.goal.goal_objective.clone(),
         locale_tag: app.ui_locale.tag().to_string(),
         workshop: config.workshop.clone(),
-        search_provider: config
-            .search
-            .as_ref()
-            .and_then(|s| s.provider)
-            .unwrap_or_default(),
+        search_provider: config.search_provider(),
         search_api_key: config.search.as_ref().and_then(|s| s.api_key.clone()),
         tools_always_load: config.tools_always_load(),
     }

From b4d1bce58b5c2d5946376e18ee16636f20a1857e Mon Sep 17 00:00:00 2001
From: PMX <91198542+xin1104@users.noreply.github.com>
Date: Tue, 26 May 2026 23:30:25 +0800
Subject: [PATCH 047/283] =?UTF-8?q?=EF=BB=BFfix:=20Homebrew=20formula=20do?=
 =?UTF-8?q?wnloads=20legacy=20shim=20instead=20of=20codewhale=20dispatcher?=
 =?UTF-8?q?=20(#2105)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The formula downloaded deepseek-macos-arm64 (the deprecation shim) as the
main binary.  After the rebranding, deepseek is just a wrapper that spawns
codewhale, but codewhale was never installed — causing "codewhale not
found on PATH" for every Homebrew user.

Now the formula downloads codewhale-* as the primary binary and installs
all four artifacts: codewhale, codewhale-tui, deepseek (legacy shim), and
deepseek-tui (legacy TUI shim).

Closes #2104

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
---
 .github/scripts/update-homebrew-tap.sh | 90 +++++++++++++++++++-------
 1 file changed, 67 insertions(+), 23 deletions(-)

diff --git a/.github/scripts/update-homebrew-tap.sh b/.github/scripts/update-homebrew-tap.sh
index d0e28018..5d8f970e 100644
--- a/.github/scripts/update-homebrew-tap.sh
+++ b/.github/scripts/update-homebrew-tap.sh
@@ -34,14 +34,24 @@ sha() {
 
 # --- read checksums ---------------------------------------------------
 
-readonly SHA_DISP_MACOS_ARM="$(sha deepseek-macos-arm64)"
-readonly SHA_TUI_MACOS_ARM="$(sha deepseek-tui-macos-arm64)"
-readonly SHA_DISP_MACOS_X64="$(sha deepseek-macos-x64)"
-readonly SHA_TUI_MACOS_X64="$(sha deepseek-tui-macos-x64)"
-readonly SHA_DISP_LINUX_ARM="$(sha deepseek-linux-arm64)"
-readonly SHA_TUI_LINUX_ARM="$(sha deepseek-tui-linux-arm64)"
-readonly SHA_DISP_LINUX_X64="$(sha deepseek-linux-x64)"
-readonly SHA_TUI_LINUX_X64="$(sha deepseek-tui-linux-x64)"
+# Canonical dispatcher and TUI
+readonly SHA_COD_MACOS_ARM="$(sha codewhale-macos-arm64)"
+readonly SHA_TUI_MACOS_ARM="$(sha codewhale-tui-macos-arm64)"
+readonly SHA_COD_MACOS_X64="$(sha codewhale-macos-x64)"
+readonly SHA_TUI_MACOS_X64="$(sha codewhale-tui-macos-x64)"
+readonly SHA_COD_LINUX_ARM="$(sha codewhale-linux-arm64)"
+readonly SHA_TUI_LINUX_ARM="$(sha codewhale-tui-linux-arm64)"
+readonly SHA_COD_LINUX_X64="$(sha codewhale-linux-x64)"
+readonly SHA_TUI_LINUX_X64="$(sha codewhale-tui-linux-x64)"
+# Legacy shims (removed in v0.9.0)
+readonly SHA_LEG_MACOS_ARM="$(sha deepseek-macos-arm64)"
+readonly SHA_LEG_TUI_MACOS_ARM="$(sha deepseek-tui-macos-arm64)"
+readonly SHA_LEG_MACOS_X64="$(sha deepseek-macos-x64)"
+readonly SHA_LEG_TUI_MACOS_X64="$(sha deepseek-tui-macos-x64)"
+readonly SHA_LEG_LINUX_ARM="$(sha deepseek-linux-arm64)"
+readonly SHA_LEG_TUI_LINUX_ARM="$(sha deepseek-tui-linux-arm64)"
+readonly SHA_LEG_LINUX_X64="$(sha deepseek-linux-x64)"
+readonly SHA_LEG_TUI_LINUX_X64="$(sha deepseek-tui-linux-x64)"
 
 # --- temp dirs --------------------------------------------------------
 
@@ -62,47 +72,81 @@ class DeepseekTui < Formula
 
   on_macos do
     if Hardware::CPU.arm?
-      url "${BASE_URL}/deepseek-macos-arm64", using: :nounzip
-      sha256 "${SHA_DISP_MACOS_ARM}"
+      url "${BASE_URL}/codewhale-macos-arm64", using: :nounzip
+      sha256 "${SHA_COD_MACOS_ARM}"
       resource "tui" do
-        url "${BASE_URL}/deepseek-tui-macos-arm64", using: :nounzip
+        url "${BASE_URL}/codewhale-tui-macos-arm64", using: :nounzip
         sha256 "${SHA_TUI_MACOS_ARM}"
       end
+      resource "legacy-shim" do
+        url "${BASE_URL}/deepseek-macos-arm64", using: :nounzip
+        sha256 "${SHA_LEG_MACOS_ARM}"
+      end
+      resource "legacy-tui-shim" do
+        url "${BASE_URL}/deepseek-tui-macos-arm64", using: :nounzip
+        sha256 "${SHA_LEG_TUI_MACOS_ARM}"
+      end
     else
-      url "${BASE_URL}/deepseek-macos-x64", using: :nounzip
-      sha256 "${SHA_DISP_MACOS_X64}"
+      url "${BASE_URL}/codewhale-macos-x64", using: :nounzip
+      sha256 "${SHA_COD_MACOS_X64}"
       resource "tui" do
-        url "${BASE_URL}/deepseek-tui-macos-x64", using: :nounzip
+        url "${BASE_URL}/codewhale-tui-macos-x64", using: :nounzip
         sha256 "${SHA_TUI_MACOS_X64}"
       end
+      resource "legacy-shim" do
+        url "${BASE_URL}/deepseek-macos-x64", using: :nounzip
+        sha256 "${SHA_LEG_MACOS_X64}"
+      end
+      resource "legacy-tui-shim" do
+        url "${BASE_URL}/deepseek-tui-macos-x64", using: :nounzip
+        sha256 "${SHA_LEG_TUI_MACOS_X64}"
+      end
     end
   end
 
   on_linux do
     if Hardware::CPU.arm?
-      url "${BASE_URL}/deepseek-linux-arm64", using: :nounzip
-      sha256 "${SHA_DISP_LINUX_ARM}"
+      url "${BASE_URL}/codewhale-linux-arm64", using: :nounzip
+      sha256 "${SHA_COD_LINUX_ARM}"
       resource "tui" do
-        url "${BASE_URL}/deepseek-tui-linux-arm64", using: :nounzip
+        url "${BASE_URL}/codewhale-tui-linux-arm64", using: :nounzip
         sha256 "${SHA_TUI_LINUX_ARM}"
       end
+      resource "legacy-shim" do
+        url "${BASE_URL}/deepseek-linux-arm64", using: :nounzip
+        sha256 "${SHA_LEG_LINUX_ARM}"
+      end
+      resource "legacy-tui-shim" do
+        url "${BASE_URL}/deepseek-tui-linux-arm64", using: :nounzip
+        sha256 "${SHA_LEG_TUI_LINUX_ARM}"
+      end
     else
-      url "${BASE_URL}/deepseek-linux-x64", using: :nounzip
-      sha256 "${SHA_DISP_LINUX_X64}"
+      url "${BASE_URL}/codewhale-linux-x64", using: :nounzip
+      sha256 "${SHA_COD_LINUX_X64}"
       resource "tui" do
-        url "${BASE_URL}/deepseek-tui-linux-x64", using: :nounzip
+        url "${BASE_URL}/codewhale-tui-linux-x64", using: :nounzip
         sha256 "${SHA_TUI_LINUX_X64}"
       end
+      resource "legacy-shim" do
+        url "${BASE_URL}/deepseek-linux-x64", using: :nounzip
+        sha256 "${SHA_LEG_LINUX_X64}"
+      end
+      resource "legacy-tui-shim" do
+        url "${BASE_URL}/deepseek-tui-linux-x64", using: :nounzip
+        sha256 "${SHA_LEG_TUI_LINUX_X64}"
+      end
     end
   end
 
   def install
-    bin.install Dir["*"].first => "deepseek"
-    resource("tui").stage { bin.install Dir["*"].first => "deepseek-tui" }
+    bin.install Dir["*"].first => "codewhale"
+    resource("tui").stage { bin.install Dir["*"].first => "codewhale-tui" }
+    resource("legacy-shim").stage { bin.install Dir["*"].first => "deepseek" }
+    resource("legacy-tui-shim").stage { bin.install Dir["*"].first => "deepseek-tui" }
   end
 
   test do
-    system "#{bin}/deepseek", "--version"
+    system "#{bin}/codewhale", "--version"
   end
 end
 EOF

From e03f7f945d1e8b9d0f0c42dfc2203913b1b9830d Mon Sep 17 00:00:00 2001
From: Lellansin Huang <Lellansin@gmail.com>
Date: Tue, 26 May 2026 23:30:31 +0800
Subject: [PATCH 048/283] fix(tui): skip project-scope config merge when
 workspace is home directory (#2055)

When the workspace is the user's home directory, the project-scope
config file (~/.deepseek/config.toml) is also the global config file.
Skip the merge to avoid redundant processing and a misleading
"project-scope config key ignored" warning on every launch from ~.

Fixes the home-directory false-positive in the #417 deny-list
check: the deny-list correctly refuses dangerous keys at project
scope, but when cwd == $HOME the project file *is* the global file
so the warning is noise.
---
 crates/tui/src/config.rs |  2 +-
 crates/tui/src/main.rs   | 64 +++++++++++++++++++++++++++++++++++++++-
 2 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 3799031f..f470137f 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -2155,7 +2155,7 @@ fn default_config_path() -> Option<PathBuf> {
     env_config_path().or_else(home_config_path)
 }
 
-fn effective_home_dir() -> Option<PathBuf> {
+pub(crate) fn effective_home_dir() -> Option<PathBuf> {
     if let Some(path) = std::env::var_os("HOME") {
         let path = PathBuf::from(path);
         if !path.as_os_str().is_empty() {
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 32cf6433..473484dc 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -77,7 +77,7 @@ mod vision;
 mod working_set;
 mod workspace_trust;
 
-use crate::config::{Config, DEFAULT_TEXT_MODEL, MAX_SUBAGENTS};
+use crate::config::{Config, DEFAULT_TEXT_MODEL, MAX_SUBAGENTS, effective_home_dir};
 use crate::eval::{EvalHarness, EvalHarnessConfig, ScenarioStepKind};
 use crate::features::{Feature, render_feature_table};
 use crate::llm_client::LlmClient;
@@ -4650,6 +4650,20 @@ fn preserve_interrupted_checkpoint_for_explicit_resume(launch_workspace: &Path)
 /// Only explicitly set fields in the project file are applied; everything
 /// else falls back to the global value.
 fn merge_project_config(config: &mut Config, workspace: &Path) {
+    // When the workspace is the user's home directory, the project-scope
+    // config file is also the global config file. Skip the merge to avoid
+    // redundant processing and a misleading "project-scope config key
+    // ignored" warning on every launch from ~.
+    if let Some(home) = effective_home_dir()
+        && let (Ok(w), Ok(h)) = (
+            std::fs::canonicalize(workspace),
+            std::fs::canonicalize(&home),
+        )
+        && w == h
+    {
+        return;
+    }
+
     // v0.8.44: prefer .codewhale/config.toml, fall back to .deepseek/
     let path = workspace
         .join(codewhale_config::CODEWHALE_APP_DIR)
@@ -6292,6 +6306,54 @@ mod project_config_tests {
         tmp
     }
 
+    fn with_home_dir<T>(home: &Path, f: impl FnOnce() -> T) -> T {
+        let prev_home = std::env::var_os("HOME");
+        let prev_userprofile = std::env::var_os("USERPROFILE");
+        unsafe {
+            std::env::set_var("HOME", home);
+            std::env::set_var("USERPROFILE", home);
+        }
+        let result = f();
+        unsafe {
+            match prev_home {
+                Some(value) => std::env::set_var("HOME", value),
+                None => std::env::remove_var("HOME"),
+            }
+            match prev_userprofile {
+                Some(value) => std::env::set_var("USERPROFILE", value),
+                None => std::env::remove_var("USERPROFILE"),
+            }
+        }
+        result
+    }
+
+    #[test]
+    fn project_overlay_skips_when_workspace_is_home_directory() {
+        let _guard = crate::test_support::lock_test_env();
+        let tmp = tempdir().expect("tempdir");
+        let project_dir = tmp.path().join(codewhale_config::CODEWHALE_APP_DIR);
+        fs::create_dir_all(&project_dir).expect("mkdir .codewhale");
+        fs::write(
+            project_dir.join("config.toml"),
+            r#"model = "project-override-model""#,
+        )
+        .expect("write project config");
+
+        with_home_dir(tmp.path(), || {
+            let mut config = Config {
+                default_text_model: Some("deepseek-v4-flash".to_string()),
+                ..Config::default()
+            };
+
+            merge_project_config(&mut config, tmp.path());
+
+            assert_eq!(
+                config.default_text_model.as_deref(),
+                Some("deepseek-v4-flash")
+            );
+        });
+    }
+
     #[test]
     fn project_overlay_overrides_model_but_denies_provider() {
         // #417: `provider` is on the deny-list; only the `model`

From 2c12371257d6a975f5efa3bc38f03c87719e30df Mon Sep 17 00:00:00 2001
From: Sskift <liusa23@mails.tsinghua.edu.cn>
Date: Tue, 26 May 2026 23:30:36 +0800
Subject: [PATCH 049/283] fix(cli): avoid default env overrides for profiles
 (#2119)

* fix(cli): avoid default env overrides for profiles

* test(cli): lock auth mode profile handoff behavior

* test(cli): restore prompt flag coverage

---------

Co-authored-by: liushiao <liushiao@bytedance.com>
---
 crates/cli/src/lib.rs | 174 ++++++++++++++++++++++++++++++++----------
 1 file changed, 134 insertions(+), 40 deletions(-)

diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 3eaeb3c0..6ca5f06c 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -1464,33 +1464,28 @@ fn build_tui_command(
         );
     }
 
-    cmd.env("DEEPSEEK_MODEL", &resolved_runtime.model);
-    cmd.env("DEEPSEEK_BASE_URL", &resolved_runtime.base_url);
-    cmd.env("DEEPSEEK_PROVIDER", resolved_runtime.provider.as_str());
-    if let Some(auth_mode) = resolved_runtime.auth_mode.as_ref() {
-        cmd.env("DEEPSEEK_AUTH_MODE", auth_mode);
+    if let Some(provider) = cli.provider {
+        let provider: ProviderKind = provider.into();
+        cmd.env("DEEPSEEK_PROVIDER", provider.as_str());
     }
-    if !resolved_runtime.http_headers.is_empty() {
-        let encoded = resolved_runtime
-            .http_headers
-            .iter()
-            .map(|(name, value)| format!("{}={}", name.trim(), value.trim()))
-            .collect::<Vec<_>>()
-            .join(",");
-        cmd.env("DEEPSEEK_HTTP_HEADERS", encoded);
-    }
-    if let Some(api_key) = resolved_runtime.api_key.as_ref() {
+    if matches!(
+        resolved_runtime.api_key_source,
+        Some(RuntimeApiKeySource::Keyring)
+    ) && let Some(api_key) = resolved_runtime.api_key.as_ref()
+    {
+        // TUI reloads auth_mode from config/profile, but it does not re-query the
+        // platform keyring on normal startup. Bridge only the recovered secret;
+        // replaying auth_mode here would turn it back into a profile override.
         cmd.env("DEEPSEEK_API_KEY", api_key);
         for var in provider_env_vars(resolved_runtime.provider) {
             if *var != "DEEPSEEK_API_KEY" {
                 cmd.env(var, api_key);
             }
         }
-        let source = resolved_runtime
-            .api_key_source
-            .unwrap_or(RuntimeApiKeySource::Env)
-            .as_env_value();
-        cmd.env("DEEPSEEK_API_KEY_SOURCE", source);
+        cmd.env(
+            "DEEPSEEK_API_KEY_SOURCE",
+            RuntimeApiKeySource::Keyring.as_env_value(),
+        );
     }
 
     if let Some(model) = cli.model.as_ref() {
@@ -2630,14 +2625,6 @@ mod tests {
             command_env(&cmd, "DEEPSEEK_PROVIDER").as_deref(),
             Some("openai")
         );
-        assert_eq!(
-            command_env(&cmd, "DEEPSEEK_MODEL").as_deref(),
-            Some("glm-5")
-        );
-        assert_eq!(
-            command_env(&cmd, "DEEPSEEK_BASE_URL").as_deref(),
-            Some("https://openai-compatible.example/v4")
-        );
         assert_eq!(
             command_env(&cmd, "DEEPSEEK_API_KEY").as_deref(),
             Some("resolved-openai-key")
@@ -2650,10 +2637,7 @@ mod tests {
             command_env(&cmd, "DEEPSEEK_API_KEY_SOURCE").as_deref(),
             Some("keyring")
         );
-        assert_eq!(
-            command_env(&cmd, "DEEPSEEK_AUTH_MODE").as_deref(),
-            Some("api_key")
-        );
+        assert_eq!(command_env(&cmd, "DEEPSEEK_AUTH_MODE"), None);
         let args: Vec<String> = cmd
             .get_args()
             .map(|arg| arg.to_string_lossy().into_owned())
@@ -2665,6 +2649,55 @@ mod tests {
         );
     }
 
+    #[test]
+    fn build_tui_command_does_not_export_default_runtime_overrides_for_profiles() {
+        let _lock = env_lock();
+        let dir = tempfile::TempDir::new().expect("tempdir");
+        let custom = dir
+            .path()
+            .join(format!("custom-tui{}", std::env::consts::EXE_SUFFIX));
+        std::fs::write(&custom, b"").unwrap();
+        let custom_str = custom.to_string_lossy().into_owned();
+        let _bin = ScopedEnvVar::set("DEEPSEEK_TUI_BIN", &custom_str);
+
+        let cli = parse_ok(&["deepseek", "--profile", "google"]);
+        let mut resolved_headers = std::collections::BTreeMap::new();
+        resolved_headers.insert("X-From-Base".to_string(), "base".to_string());
+        let resolved = ResolvedRuntimeOptions {
+            provider: ProviderKind::Deepseek,
+            model: "deepseek-v4-pro".to_string(),
+            api_key: Some("config-file-key".to_string()),
+            api_key_source: Some(RuntimeApiKeySource::ConfigFile),
+            base_url: "https://api.deepseek.com/beta".to_string(),
+            auth_mode: Some("api_key".to_string()),
+            output_mode: None,
+            log_level: None,
+            telemetry: false,
+            approval_policy: None,
+            sandbox_mode: None,
+            yolo: None,
+            http_headers: resolved_headers,
+        };
+
+        let cmd = build_tui_command(&cli, &resolved, Vec::new()).expect("command");
+
+        assert_eq!(command_env(&cmd, "DEEPSEEK_PROVIDER"), None);
+        assert_eq!(command_env(&cmd, "DEEPSEEK_MODEL"), None);
+        assert_eq!(command_env(&cmd, "DEEPSEEK_BASE_URL"), None);
+        assert_eq!(command_env(&cmd, "DEEPSEEK_API_KEY"), None);
+        assert_eq!(command_env(&cmd, "DEEPSEEK_API_KEY_SOURCE"), None);
+        assert_eq!(command_env(&cmd, "DEEPSEEK_AUTH_MODE"), None);
+        assert_eq!(command_env(&cmd, "DEEPSEEK_HTTP_HEADERS"), None);
+        let args: Vec<String> = cmd
+            .get_args()
+            .map(|arg| arg.to_string_lossy().into_owned())
+            .collect();
+        assert!(
+            args.windows(2).any(|pair| pair == ["--profile", "google"]),
+            "expected profile forwarding in args: {args:?}"
+        );
+    }
+
     #[test]
     fn build_tui_command_allows_moonshot_and_forwards_kimi_key() {
         let _lock = env_lock();
@@ -2689,7 +2722,7 @@ mod tests {
             provider: ProviderKind::Moonshot,
             model: "kimi-k2.6".to_string(),
             api_key: Some("resolved-kimi-key".to_string()),
-            api_key_source: Some(RuntimeApiKeySource::Env),
+            api_key_source: Some(RuntimeApiKeySource::Keyring),
             base_url: "https://api.moonshot.ai/v1".to_string(),
             auth_mode: Some("api_key".to_string()),
             output_mode: None,
@@ -2710,10 +2743,6 @@ mod tests {
             command_env(&cmd, "DEEPSEEK_MODEL").as_deref(),
             Some("kimi-k2.6")
         );
-        assert_eq!(
-            command_env(&cmd, "DEEPSEEK_BASE_URL").as_deref(),
-            Some("https://api.moonshot.ai/v1")
-        );
         assert_eq!(
             command_env(&cmd, "DEEPSEEK_API_KEY").as_deref(),
             Some("resolved-kimi-key")
@@ -2728,12 +2757,67 @@ mod tests {
         );
         assert_eq!(
             command_env(&cmd, "DEEPSEEK_API_KEY_SOURCE").as_deref(),
-            Some("env")
+            Some("keyring")
+        );
+        assert_eq!(command_env(&cmd, "DEEPSEEK_AUTH_MODE"), None);
+    }
+
+    #[test]
+    fn build_tui_command_exports_explicit_provider_model_and_base_url() {
+        let _lock = env_lock();
+        let dir = tempfile::TempDir::new().expect("tempdir");
+        let custom = dir
+            .path()
+            .join(format!("custom-tui{}", std::env::consts::EXE_SUFFIX));
+        std::fs::write(&custom, b"").unwrap();
+        let custom_str = custom.to_string_lossy().into_owned();
+        let _bin = ScopedEnvVar::set("DEEPSEEK_TUI_BIN", &custom_str);
+
+        let cli = parse_ok(&[
+            "deepseek",
+            "--profile",
+            "google",
+            "--provider",
+            "openai",
+            "--model",
+            "glm-5",
+            "--base-url",
+            "https://openai-compatible.example/v4",
+        ]);
+        let resolved = ResolvedRuntimeOptions {
+            provider: ProviderKind::Openai,
+            model: "glm-5".to_string(),
+            api_key: None,
+            api_key_source: None,
+            base_url: "https://openai-compatible.example/v4".to_string(),
+            auth_mode: None,
+            output_mode: None,
+            log_level: None,
+            telemetry: false,
+            approval_policy: None,
+            sandbox_mode: None,
+            yolo: None,
+            http_headers: std::collections::BTreeMap::new(),
+        };
+
+        let cmd = build_tui_command(&cli, &resolved, Vec::new()).expect("command");
+
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_PROVIDER").as_deref(),
+            Some("openai")
+        );
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_MODEL").as_deref(),
+            Some("glm-5")
+        );
+        assert_eq!(
+            command_env(&cmd, "DEEPSEEK_BASE_URL").as_deref(),
+            Some("https://openai-compatible.example/v4")
         );
     }
 
     #[test]
-    fn build_tui_command_forwards_provider_env_vars_for_all_providers() {
+    fn build_tui_command_forwards_provider_keyring_env_vars_for_all_providers() {
         let _lock = env_lock();
         let dir = tempfile::TempDir::new().expect("tempdir");
         let custom = dir
@@ -2788,7 +2872,7 @@ mod tests {
                 provider,
                 model: "test-model".to_string(),
                 api_key: Some("test-key".to_string()),
-                api_key_source: Some(RuntimeApiKeySource::Env),
+                api_key_source: Some(RuntimeApiKeySource::Keyring),
                 base_url: "http://localhost:8000/v1".to_string(),
                 auth_mode: Some("api_key".to_string()),
                 output_mode: None,
@@ -2815,6 +2899,16 @@ mod tests {
                     "{flag}: {var} not forwarded"
                 );
             }
+            assert_eq!(
+                command_env(&cmd, "DEEPSEEK_API_KEY_SOURCE").as_deref(),
+                Some("keyring"),
+                "{flag}: expected keyring source bridge"
+            );
+            assert_eq!(
+                command_env(&cmd, "DEEPSEEK_AUTH_MODE"),
+                None,
+                "{flag}: auth mode should come from config/profile, not env handoff"
+            );
         }
     }
 

From d107b7468d3b1ce945ba49d658534db56f1cbced Mon Sep 17 00:00:00 2001
From: Shen Bowen <952468655@qq.com>
Date: Tue, 26 May 2026 23:30:42 +0800
Subject: [PATCH 050/283] fix(paste): preserve Enter suppression window after
 non-char keys during paste (#2174)

* fix(paste): preserve Enter suppression window after non-char keys during paste

* chore(paste): add debug_assert for buffer precondition in deactivate_keep_window

Documents the invariant that buffer must be flushed before calling deactivate_keep_window. The assert fires in debug builds only, catching future misuse without masking upstream bugs.
---
 crates/tui/src/tui/paste_burst.rs | 62 ++++++++++++++++++++++++++++++-
 crates/tui/src/tui/ui.rs          |  2 +-
 2 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/crates/tui/src/tui/paste_burst.rs b/crates/tui/src/tui/paste_burst.rs
index 62788451..5f4a9d7e 100644
--- a/crates/tui/src/tui/paste_burst.rs
+++ b/crates/tui/src/tui/paste_burst.rs
@@ -225,12 +225,27 @@ impl PasteBurst {
         Some(out)
     }
 
-    pub fn clear_window_after_non_char(&mut self) {
+    /// Reset burst-accumulation state without clearing the suppression window.
+    ///
+    /// Used when a non-char key (Tab, etc.) arrives during an active burst as
+    /// part of table-data paste. The buffer was flushed upstream; only the
+    /// active state is reset so `burst_window_until` stays alive and a trailing
+    /// Enter is still absorbed as a newline (#2134).
+    ///
+    /// # Panics
+    ///
+    /// Panics in debug builds if `buffer` is non-empty — the caller must flush
+    /// via [`flush_before_modified_input`] first.
+    pub fn deactivate_keep_window(&mut self) {
+        debug_assert!(
+            self.buffer.is_empty(),
+            "buffer must be flushed before deactivating"
+        );
         self.consecutive_plain_char_burst = 0;
         self.last_plain_char_time = None;
-        self.burst_window_until = None;
         self.active = false;
         self.pending_first_char = None;
+        // burst_window_until intentionally NOT cleared
     }
 
     pub fn is_active(&self) -> bool {
@@ -332,4 +347,47 @@ mod tests {
         let due = t0 + Duration::from_millis(20);
         assert_eq!(burst.next_flush_delay(due), Some(Duration::ZERO));
     }
+
+    /// Simulate #2134: when a non-char key (Tab) arrives during table-data
+    /// paste, `deactivate_keep_window` resets accumulation state but
+    /// preserves the Enter-suppression window so a trailing newline is still
+    /// absorbed instead of submitting the partial input.
+    #[test]
+    fn deactivate_keep_window_preserves_enter_suppression_window() {
+        let mut burst = PasteBurst::default();
+        let t0 = Instant::now();
+
+        assert!(matches!(
+            burst.on_plain_char('a', t0),
+            CharDecision::RetainFirstChar
+        ));
+        let t1 = t0 + Duration::from_millis(1);
+        assert!(matches!(
+            burst.on_plain_char('b', t1),
+            CharDecision::BeginBufferFromPending
+        ));
+        burst.append_char_to_buffer('b', t1);
+        assert!(burst.is_active());
+        assert!(burst.newline_should_insert_instead_of_submit(t1));
+
+        let flushed = burst.flush_before_modified_input();
+        assert!(flushed.is_some());
+        assert!(!burst.is_active());
+
+        burst.deactivate_keep_window();
+
+        assert!(!burst.is_active());
+
+        let t_tab = t1 + Duration::from_millis(2);
+        assert!(
+            burst.newline_should_insert_instead_of_submit(t_tab),
+            "Enter within suppression window should insert newline, not submit"
+        );
+
+        let t_expired = t_tab + PASTE_ENTER_SUPPRESS_WINDOW + Duration::from_millis(1);
+        assert!(
+            !burst.newline_should_insert_instead_of_submit(t_expired),
+            "Enter after suppression window expires should submit"
+        );
+    }
 }
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index eea1c7e3..315a1f24 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -3703,7 +3703,7 @@ async fn run_event_loop(
             }
 
             if !is_plain_char && !is_enter {
-                app.paste_burst.clear_window_after_non_char();
+                app.paste_burst.deactivate_keep_window();
             }
         }
     }

From 81480ba0996725f3aa9734f1ca068e30f22dd66b Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Tue, 26 May 2026 23:30:47 +0800
Subject: [PATCH 051/283] =?UTF-8?q?fix:=20vLLM=20provider=20=E2=80=94=20pa?=
 =?UTF-8?q?ss=20through=20reasoning=5Feffort,=20downgrade=20max=20to=20hig?=
 =?UTF-8?q?h=20(#2169)=20(#2170)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/client.rs | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/client.rs b/crates/tui/src/client.rs
index 21552a79..025a8344 100644
--- a/crates/tui/src/client.rs
+++ b/crates/tui/src/client.rs
@@ -937,7 +937,14 @@ pub(super) fn apply_reasoning_effort(
                 body["chat_template_kwargs"] = json!({
                     "enable_thinking": true,
                 });
-                body["reasoning_effort"] = json!("high");
+                // vLLM supports low/medium/high natively — pass through the
+                // user-chosen value instead of hard-coding "high".
+                let value = match normalized.as_str() {
+                    "low" | "minimal" => "low",
+                    "medium" | "mid" => "medium",
+                    _ => "high",
+                };
+                body["reasoning_effort"] = json!(value);
             }
             ApiProvider::Openai
             | ApiProvider::Atlascloud
@@ -967,7 +974,9 @@ pub(super) fn apply_reasoning_effort(
                 body["chat_template_kwargs"] = json!({
                     "enable_thinking": true,
                 });
-                body["reasoning_effort"] = json!("max");
+                // vLLM only supports none/low/medium/high — downgrade
+                // "max" to "high" instead of sending an invalid value.
+                body["reasoning_effort"] = json!("high");
             }
             ApiProvider::Openai
             | ApiProvider::Atlascloud

From 795de325d7cb4353aba4dd4ec0d3aee20186788b Mon Sep 17 00:00:00 2001
From: hexin <372726039@qq.com>
Date: Tue, 26 May 2026 23:30:52 +0800
Subject: [PATCH 052/283] fix(grep_files): wrap walk in spawn_blocking + 30s
 timeout (#2146)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

grep_files runs its directory walk and per-file regex synchronously inside
the async execute(). On a large tree this pins the runtime worker for
minutes, so the turn loop can't observe the cancel token and the stop
button stays unresponsive — the same failure file_search fixed in #2035.

Mirror that fix: move the blocking walk onto spawn_blocking, bounded by a
30s hard timeout with a biased select on the cancel token, via a
run_blocking_grep helper that parallels run_blocking_file_search. Output
and the existing per-file/per-line cancel checks are unchanged.

Co-authored-by: hexin <he.xin@h3c.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 crates/tui/src/tools/search.rs | 208 +++++++++++++++++++++------------
 1 file changed, 134 insertions(+), 74 deletions(-)

diff --git a/crates/tui/src/tools/search.rs b/crates/tui/src/tools/search.rs
index 98387cb8..221d760b 100644
--- a/crates/tui/src/tools/search.rs
+++ b/crates/tui/src/tools/search.rs
@@ -13,6 +13,7 @@ use serde::{Deserialize, Serialize};
 use serde_json::{Value, json};
 use std::fs;
 use std::path::{Path, PathBuf};
+use std::time::Duration;
 use tokio_util::sync::CancellationToken;
 
 /// Maximum number of results to return to avoid overwhelming output
@@ -21,6 +22,11 @@ const MAX_RESULTS: usize = 100;
 /// Maximum file size to search (skip large binaries)
 const MAX_FILE_SIZE: u64 = 10 * 1024 * 1024; // 10MB
 
+/// Hard cap on a single grep_files run. The directory walk plus per-file regex
+/// is synchronous blocking work; without this it can run for minutes on a large
+/// tree. Mirrors the file_search tool so both blocking searches behave the same.
+const GREP_FILES_TIMEOUT: Duration = Duration::from_secs(30);
+
 /// Result of a grep match
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct GrepMatch {
@@ -160,101 +166,155 @@ impl ToolSpec for GrepFilesTool {
         // Resolve search path
         let search_path = context.resolve_path(path_str)?;
 
-        let cancel_token = context.cancel_token.as_ref();
+        let workspace = context.workspace.clone();
+        let cancel_token = context.cancel_token.clone();
 
-        // Collect files to search
-        let files = collect_files(
-            &search_path,
-            &include_patterns,
-            &exclude_patterns,
-            cancel_token,
-        )?;
+        // The directory walk and per-file regex are synchronous blocking work.
+        // Run them on a blocking worker bounded by a hard timeout so a huge tree
+        // can't pin the async runtime and leave the stop button unresponsive.
+        let result = run_blocking_grep(GREP_FILES_TIMEOUT, cancel_token.clone(), move || {
+            let cancel_token = cancel_token.as_ref();
 
-        // Search files
-        let mut results: Vec<GrepMatch> = Vec::new();
-        let mut files_searched = 0;
-        let mut total_matches = 0;
+            // Collect files to search
+            let files = collect_files(
+                &search_path,
+                &include_patterns,
+                &exclude_patterns,
+                cancel_token,
+            )?;
 
-        for file_path in files {
-            check_cancelled(cancel_token)?;
+            // Search files
+            let mut results: Vec<GrepMatch> = Vec::new();
+            let mut files_searched = 0;
+            let mut total_matches = 0;
 
-            if results.len() >= max_results {
-                break;
-            }
-
-            // Skip files that are too large
-            if let Ok(metadata) = fs::metadata(&file_path)
-                && metadata.len() > MAX_FILE_SIZE
-            {
-                continue;
-            }
-
-            // Read file content
-            let Ok(file_content) = fs::read_to_string(&file_path) else {
-                continue; // Skip binary or unreadable files
-            };
-
-            files_searched += 1;
-            let lines: Vec<&str> = file_content.lines().collect();
-
-            for (line_idx, line) in lines.iter().enumerate() {
+            for file_path in files {
                 check_cancelled(cancel_token)?;
 
-                if regex.is_match(line) {
-                    total_matches += 1;
+                if results.len() >= max_results {
+                    break;
+                }
 
-                    // Get context lines
-                    let context_before: Vec<String> = (line_idx.saturating_sub(context_lines)
-                        ..line_idx)
-                        .filter_map(|i| lines.get(i).map(|s| (*s).to_string()))
-                        .collect();
+                // Skip files that are too large
+                if let Ok(metadata) = fs::metadata(&file_path)
+                    && metadata.len() > MAX_FILE_SIZE
+                {
+                    continue;
+                }
 
-                    let context_after: Vec<String> = ((line_idx + 1)
-                        ..=(line_idx + context_lines).min(lines.len() - 1))
-                        .filter_map(|i| lines.get(i).map(|s| (*s).to_string()))
-                        .collect();
+                // Read file content
+                let Ok(file_content) = fs::read_to_string(&file_path) else {
+                    continue; // Skip binary or unreadable files
+                };
 
-                    // Get relative path from workspace
-                    let relative_path = file_path
-                        .strip_prefix(&context.workspace)
-                        .unwrap_or(&file_path)
-                        .to_string_lossy()
-                        .to_string();
+                files_searched += 1;
+                let lines: Vec<&str> = file_content.lines().collect();
 
-                    results.push(GrepMatch {
-                        file: relative_path,
-                        line_number: line_idx + 1,
-                        line: (*line).to_string(),
-                        context_before,
-                        context_after,
-                    });
+                for (line_idx, line) in lines.iter().enumerate() {
+                    check_cancelled(cancel_token)?;
 
-                    if results.len() >= max_results {
-                        break;
+                    if regex.is_match(line) {
+                        total_matches += 1;
+
+                        // Get context lines
+                        let context_before: Vec<String> = (line_idx.saturating_sub(context_lines)
+                            ..line_idx)
+                            .filter_map(|i| lines.get(i).map(|s| (*s).to_string()))
+                            .collect();
+
+                        let context_after: Vec<String> = ((line_idx + 1)
+                            ..=(line_idx + context_lines).min(lines.len() - 1))
+                            .filter_map(|i| lines.get(i).map(|s| (*s).to_string()))
+                            .collect();
+
+                        // Get relative path from workspace
+                        let relative_path = file_path
+                            .strip_prefix(&workspace)
+                            .unwrap_or(&file_path)
+                            .to_string_lossy()
+                            .to_string();
+
+                        results.push(GrepMatch {
+                            file: relative_path,
+                            line_number: line_idx + 1,
+                            line: (*line).to_string(),
+                            context_before,
+                            context_after,
+                        });
+
+                        if results.len() >= max_results {
+                            break;
+                        }
                     }
                 }
             }
-        }
 
-        let matches_json: Vec<Value> = results
-            .iter()
-            .map(|item| grep_match_to_json(item, context_lines))
-            .collect();
+            let matches_json: Vec<Value> = results
+                .iter()
+                .map(|item| grep_match_to_json(item, context_lines))
+                .collect();
 
-        // Build result. When context_lines == 1, return the single context
-        // line as a string instead of a one-item array. That keeps the common
-        // "show just the adjacent line" case easy for model callers to read.
-        let result = json!({
-            "matches": matches_json,
-            "total_matches": total_matches,
-            "files_searched": files_searched,
-            "truncated": total_matches > max_results,
-        });
+            // Build result. When context_lines == 1, return the single context
+            // line as a string instead of a one-item array. That keeps the common
+            // "show just the adjacent line" case easy for model callers to read.
+            Ok(json!({
+                "matches": matches_json,
+                "total_matches": total_matches,
+                "files_searched": files_searched,
+                "truncated": total_matches > max_results,
+            }))
+        })
+        .await?;
 
         ToolResult::json(&result).map_err(|e| ToolError::execution_failed(e.to_string()))
     }
 }
 
+/// Run the synchronous grep walk on a blocking worker, cancellable via the
+/// token and bounded by `timeout`. Mirrors `run_blocking_file_search`.
+async fn run_blocking_grep<F>(
+    timeout: Duration,
+    cancel_token: Option<CancellationToken>,
+    search: F,
+) -> Result<Value, ToolError>
+where
+    F: FnOnce() -> Result<Value, ToolError> + Send + 'static,
+{
+    if cancel_token
+        .as_ref()
+        .is_some_and(CancellationToken::is_cancelled)
+    {
+        return Err(grep_cancelled());
+    }
+
+    let task = tokio::task::spawn_blocking(search);
+    let result = match cancel_token {
+        Some(token) => {
+            tokio::select! {
+                biased;
+                () = token.cancelled() => return Err(grep_cancelled()),
+                result = tokio::time::timeout(timeout, task) => result,
+            }
+        }
+        None => tokio::time::timeout(timeout, task).await,
+    };
+
+    let joined = result.map_err(|_| grep_timeout(timeout))?;
+    joined.map_err(|err| {
+        ToolError::execution_failed(format!("grep_files worker failed before completion: {err}"))
+    })?
+}
+
+fn grep_cancelled() -> ToolError {
+    ToolError::execution_failed("grep_files cancelled before completion")
+}
+
+fn grep_timeout(timeout: Duration) -> ToolError {
+    ToolError::Timeout {
+        seconds: timeout.as_secs().max(1),
+    }
+}
+
 fn grep_match_to_json(item: &GrepMatch, context_lines: usize) -> Value {
     if context_lines == 1 {
         json!({

From bba56179429202fde70b035b62c7d72de8256eb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BA=84=E8=A1=A8=E4=BC=9F?= <zbw@kaiyuanshe.org>
Date: Tue, 26 May 2026 23:30:58 +0800
Subject: [PATCH 053/283] Improve update release channels (#2145)

* Improve update release channels

* Address update channel review feedback

* Prevent beta update downgrades
---
 Cargo.lock               |   1 +
 Cargo.toml               |   1 +
 crates/cli/Cargo.toml    |   1 +
 crates/cli/src/lib.rs    |  26 +++-
 crates/cli/src/update.rs | 267 ++++++++++++++++++++++++++++++++++++---
 5 files changed, 279 insertions(+), 17 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index e2d1ad83..52bb42c4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -851,6 +851,7 @@ dependencies = [
  "codewhale-state",
  "dirs",
  "reqwest",
+ "semver",
  "serde",
  "serde_json",
  "sha2 0.10.9",
diff --git a/Cargo.toml b/Cargo.toml
index 78d560a0..ac727f04 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -41,6 +41,7 @@ reqwest = { version = "0.13.1", default-features = false, features = ["json", "r
 rusqlite = { version = "0.32.1", features = ["bundled"] }
 serde = { version = "1.0.228", features = ["derive"] }
 serde_json = "1.0.149"
+semver = "1.0.28"
 thiserror = "2.0"
 tokio = { version = "1.49.0", features = ["full"] }
 toml = "0.9.7"
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index 1355ac04..e2006806 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -37,6 +37,7 @@ dirs.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 reqwest = { workspace = true, features = ["blocking"] }
+semver.workspace = true
 tokio.workspace = true
 sha2.workspace = true
 tempfile = "3.16"
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 6ca5f06c..6c3dc8b1 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -232,7 +232,14 @@ The command prints the completion script to stdout; redirect it to a path your s
     /// Print a usage rollup from the audit log and session store.
     Metrics(MetricsArgs),
     /// Check for and apply updates to the `codewhale` binary.
-    Update,
+    Update(UpdateArgs),
+}
+
+#[derive(Debug, Args)]
+struct UpdateArgs {
+    /// Update to the latest beta release instead of the latest stable release.
+    #[arg(long)]
+    beta: bool,
 }
 
 #[derive(Debug, Args)]
@@ -557,7 +564,7 @@ fn run() -> Result<()> {
             Ok(())
         }
         Some(Commands::Metrics(args)) => run_metrics_command(args),
-        Some(Commands::Update) => update::run_update(),
+        Some(Commands::Update(args)) => update::run_update(args.beta),
         None => {
             let resolved_runtime = resolve_runtime_for_dispatch(&mut store, &runtime_overrides);
             let forwarded = root_tui_passthrough(&cli)?;
@@ -1790,6 +1797,21 @@ mod tests {
         ));
     }
 
+    #[test]
+    fn parses_update_beta_flag() {
+        let cli = parse_ok(&["codewhale", "update"]);
+        assert!(matches!(
+            cli.command,
+            Some(Commands::Update(UpdateArgs { beta: false }))
+        ));
+
+        let cli = parse_ok(&["codewhale", "update", "--beta"]);
+        assert!(matches!(
+            cli.command,
+            Some(Commands::Update(UpdateArgs { beta: true }))
+        ));
+    }
+
     #[test]
     fn parses_model_command_matrix() {
         let cli = parse_ok(&["deepseek", "model", "list"]);
diff --git a/crates/cli/src/update.rs b/crates/cli/src/update.rs
index c9d3e481..d9ee4131 100644
--- a/crates/cli/src/update.rs
+++ b/crates/cli/src/update.rs
@@ -13,6 +13,7 @@ use std::io::Write;
 
 const CHECKSUM_MANIFEST_ASSET: &str = "codewhale-artifacts-sha256.txt";
 const LATEST_RELEASE_URL: &str = "https://api.github.com/repos/Hmbown/CodeWhale/releases/latest";
+const RELEASES_URL: &str = "https://api.github.com/repos/Hmbown/CodeWhale/releases?per_page=100";
 const CNB_REPO_URL: &str = "https://cnb.cool/codewhale.net/codewhale";
 const RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_TUI_RELEASE_BASE_URL";
 const LEGACY_RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_RELEASE_BASE_URL";
@@ -21,18 +22,34 @@ const LEGACY_UPDATE_VERSION_ENV: &str = "DEEPSEEK_VERSION";
 const UPDATE_USER_AGENT: &str = "codewhale-updater";
 
 /// Run the self-update workflow.
-pub fn run_update() -> Result<()> {
+pub fn run_update(beta: bool) -> Result<()> {
     let current_exe =
         std::env::current_exe().context("failed to determine current executable path")?;
     let targets = update_targets_for_exe(&current_exe);
+    let channel = ReleaseChannel::from_beta_flag(beta);
+    let current_version = env!("CARGO_PKG_VERSION");
 
-    println!("Checking for updates...");
+    println!("Checking for {} updates...", channel.label());
     println!("Current binary: {}", current_exe.display());
+    println!("Current version: v{current_version}");
 
     // Step 1: Fetch latest release metadata
-    let release = fetch_latest_release().with_context(update_network_fallback_hint)?;
+    let fetched = fetch_latest_release(channel).with_context(update_network_fallback_hint)?;
+    let release = &fetched.release;
     let latest_tag = &release.tag_name;
-    println!("Latest release: {latest_tag}");
+    println!("Latest {} release: {latest_tag}", channel.label());
+
+    if let ReleaseSource::Mirror { base_url } = &fetched.source {
+        if channel == ReleaseChannel::Beta {
+            println!(
+                "Using release mirror {}; --beta does not select GitHub beta releases in mirror mode.",
+                base_url
+            );
+        }
+    } else if !update_is_needed(channel, current_version, latest_tag)? {
+        println!("Already up to date; no download needed.");
+        return Ok(());
+    }
 
     // Step 2: Download the aggregated SHA256 checksum manifest if available
     let checksum_manifest = match select_checksum_manifest_asset(&release) {
@@ -122,6 +139,37 @@ pub fn run_update() -> Result<()> {
     Ok(())
 }
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+enum ReleaseChannel {
+    Stable,
+    Beta,
+}
+
+impl ReleaseChannel {
+    fn from_beta_flag(beta: bool) -> Self {
+        if beta { Self::Beta } else { Self::Stable }
+    }
+
+    fn label(self) -> &'static str {
+        match self {
+            Self::Stable => "stable",
+            Self::Beta => "beta",
+        }
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+struct FetchedRelease {
+    release: Release,
+    source: ReleaseSource,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+enum ReleaseSource {
+    GitHub,
+    Mirror { base_url: String },
+}
+
 pub(crate) fn release_arch_for_rust_arch(arch: &str) -> &str {
     match arch {
         "aarch64" => "arm64",
@@ -275,14 +323,16 @@ fn expected_sha256_from_manifest(text: &str, asset_name: &str) -> Result<String>
 }
 
 /// GitHub release metadata.
-#[derive(serde::Deserialize, Debug)]
+#[derive(serde::Deserialize, Debug, Clone, PartialEq, Eq)]
 struct Release {
     tag_name: String,
+    #[serde(default)]
+    prerelease: bool,
     assets: Vec<Asset>,
 }
 
 /// A single release asset.
-#[derive(serde::Deserialize, Debug)]
+#[derive(serde::Deserialize, Debug, Clone, PartialEq, Eq)]
 struct Asset {
     name: String,
     browser_download_url: String,
@@ -296,17 +346,27 @@ fn update_http_client() -> Result<reqwest::blocking::Client> {
 }
 
 /// Fetch the latest release metadata from GitHub.
-fn fetch_latest_release() -> Result<Release> {
+fn fetch_latest_release(channel: ReleaseChannel) -> Result<FetchedRelease> {
     if let Some(base_url) = release_base_url_from_env() {
         let version = update_version_from_env().unwrap_or_else(|| env!("CARGO_PKG_VERSION").into());
-        return Ok(release_from_mirror_base_url(
-            &base_url,
-            &version,
-            std::env::consts::OS,
-            std::env::consts::ARCH,
-        ));
+        return Ok(FetchedRelease {
+            release: release_from_mirror_base_url(
+                &base_url,
+                &version,
+                std::env::consts::OS,
+                std::env::consts::ARCH,
+            ),
+            source: ReleaseSource::Mirror { base_url },
+        });
     }
-    fetch_latest_release_from_url(LATEST_RELEASE_URL)
+    let release = match channel {
+        ReleaseChannel::Stable => fetch_latest_release_from_url(LATEST_RELEASE_URL),
+        ReleaseChannel::Beta => fetch_latest_beta_release_from_url(RELEASES_URL),
+    }?;
+    Ok(FetchedRelease {
+        release,
+        source: ReleaseSource::GitHub,
+    })
 }
 
 fn release_base_url_from_env() -> Option<String> {
@@ -345,7 +405,11 @@ fn release_from_mirror_base_url(
         });
     }
 
-    Release { tag_name, assets }
+    Release {
+        tag_name,
+        prerelease: false,
+        assets,
+    }
 }
 
 fn mirror_asset_url(base_url: &str, asset_name: &str) -> String {
@@ -388,6 +452,81 @@ fn fetch_latest_release_from_url(url: &str) -> Result<Release> {
     Ok(release)
 }
 
+fn fetch_latest_beta_release_from_url(url: &str) -> Result<Release> {
+    let client = update_http_client()?;
+    let response = client
+        .get(url)
+        .header(reqwest::header::ACCEPT, "application/vnd.github+json")
+        .send()
+        .with_context(|| format!("failed to fetch release list from {url}"))?;
+    let status = response.status();
+    let body = response
+        .text()
+        .with_context(|| format!("failed to read release list response from {url}"))?;
+
+    if !status.is_success() {
+        bail!("GitHub release list request failed with HTTP {status}: {body}");
+    }
+
+    // GitHub caps this endpoint at 100 releases per page. CodeWhale uses the
+    // first page as the latest-beta search window, matching GitHub's ordering.
+    let releases: Vec<Release> = serde_json::from_str(&body).with_context(|| {
+        format!("failed to parse release list JSON from GitHub API. Response: {body}")
+    })?;
+
+    releases
+        .into_iter()
+        .find(is_beta_release)
+        .context("no beta release found in GitHub releases")
+}
+
+fn is_beta_release(release: &Release) -> bool {
+    release.tag_name.to_ascii_lowercase().contains("beta")
+}
+
+fn update_is_needed(
+    channel: ReleaseChannel,
+    current_version: &str,
+    latest_tag: &str,
+) -> Result<bool> {
+    let current = parse_release_version(current_version)
+        .with_context(|| format!("failed to parse current version {current_version:?}"))?;
+    let latest = parse_release_version(latest_tag)
+        .with_context(|| format!("failed to parse latest release tag {latest_tag:?}"))?;
+
+    match channel {
+        ReleaseChannel::Stable => Ok(current < latest),
+        ReleaseChannel::Beta => {
+            if current == latest {
+                return Ok(false);
+            }
+            let latest_is_beta = version_is_beta(&latest);
+            let current_is_stable = current.pre.is_empty();
+            let same_release_line = current.major == latest.major
+                && current.minor == latest.minor
+                && current.patch == latest.patch;
+            if current > latest && !(current_is_stable && same_release_line) {
+                return Ok(false);
+            }
+            Ok(latest_is_beta)
+        }
+    }
+}
+
+fn parse_release_version(value: &str) -> Result<semver::Version> {
+    let version = value
+        .trim()
+        .trim_start_matches('v')
+        .split_whitespace()
+        .next()
+        .unwrap_or("");
+    semver::Version::parse(version).with_context(|| format!("invalid semver: {value:?}"))
+}
+
+fn version_is_beta(version: &semver::Version) -> bool {
+    version.pre.as_str().to_ascii_lowercase().contains("beta")
+}
+
 /// Download a URL to bytes.
 fn download_url(url: &str) -> Result<Vec<u8>> {
     let client = update_http_client()?;
@@ -837,6 +976,62 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
         );
     }
 
+    #[test]
+    fn stable_update_is_needed_only_when_latest_is_newer() {
+        assert!(update_is_needed(ReleaseChannel::Stable, "0.8.45", "v0.8.46").unwrap());
+        assert!(update_is_needed(ReleaseChannel::Stable, "0.8.45", "v0.9.0-beta.1").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Stable, "0.8.45", "v0.8.45").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Stable, "0.9.0", "v0.9.0-beta.1").unwrap());
+        assert!(
+            !update_is_needed(ReleaseChannel::Stable, "0.9.0-beta.2", "v0.9.0-beta.1").unwrap()
+        );
+    }
+
+    #[test]
+    fn beta_update_allows_switching_from_same_stable_to_beta() {
+        assert!(update_is_needed(ReleaseChannel::Beta, "1.0.0", "v1.0.0-beta.2").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Beta, "1.0.0-beta.2", "v1.0.0-beta.2").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Beta, "1.0.0-beta.3", "v1.0.0-beta.2").unwrap());
+        assert!(update_is_needed(ReleaseChannel::Beta, "1.0.0-beta.2", "v1.0.0-beta.3").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Beta, "2.0.0", "v1.0.0-beta.3").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Beta, "1.0.0-rc.1", "v1.0.0-beta.3").unwrap());
+    }
+
+    #[test]
+    fn parse_release_version_accepts_tags_and_build_suffixes() {
+        assert_eq!(
+            parse_release_version("v0.9.0-beta.1").unwrap(),
+            semver::Version::parse("0.9.0-beta.1").unwrap()
+        );
+        assert_eq!(
+            parse_release_version("0.8.45 (abcdef123456)").unwrap(),
+            semver::Version::parse("0.8.45").unwrap()
+        );
+    }
+
+    #[test]
+    fn beta_release_detection_requires_beta_tag() {
+        let rc_prerelease = Release {
+            tag_name: "v0.9.0-rc.1".to_string(),
+            prerelease: true,
+            assets: vec![],
+        };
+        let beta_tag = Release {
+            tag_name: "v0.9.0-beta.1".to_string(),
+            prerelease: false,
+            assets: vec![],
+        };
+        let stable = Release {
+            tag_name: "v0.9.0".to_string(),
+            prerelease: false,
+            assets: vec![],
+        };
+
+        assert!(!is_beta_release(&rc_prerelease));
+        assert!(is_beta_release(&beta_tag));
+        assert!(!is_beta_release(&stable));
+    }
+
     #[test]
     fn update_fallback_hint_points_china_users_to_cnb_and_asset_mirrors() {
         let hint = update_network_fallback_hint();
@@ -919,6 +1114,48 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
         handle.join().expect("test server thread");
     }
 
+    #[test]
+    fn fetch_latest_beta_release_from_url_selects_first_beta_release() {
+        let body = br#"[
+          { "tag_name": "v0.9.0", "prerelease": false, "assets": [] },
+          { "tag_name": "v0.9.0-rc.1", "prerelease": true, "assets": [] },
+          { "tag_name": "v0.9.0-beta.2", "prerelease": true, "assets": [
+            { "name": "codewhale-linux-x64", "browser_download_url": "http://example.invalid/codewhale-linux-x64" }
+          ] },
+          { "tag_name": "v0.9.0-beta.1", "prerelease": true, "assets": [] }
+        ]"#;
+        let (url, request_rx, handle) = serve_http_once("200 OK", "application/json", body);
+        let release =
+            fetch_latest_beta_release_from_url(&url).expect("beta release JSON should parse");
+
+        assert_eq!(release.tag_name, "v0.9.0-beta.2");
+        assert!(release.prerelease);
+
+        let request = request_rx.recv().expect("captured request");
+        let request_lower = request.to_ascii_lowercase();
+        assert!(request.starts_with("GET /release "), "got {request:?}");
+        assert!(
+            request_lower.contains("accept: application/vnd.github+json"),
+            "got {request:?}"
+        );
+        handle.join().expect("test server thread");
+    }
+
+    #[test]
+    fn fetch_latest_beta_release_from_url_reports_missing_beta() {
+        let body = br#"[
+          { "tag_name": "v0.9.0", "prerelease": false, "assets": [] }
+        ]"#;
+        let (url, _request_rx, handle) = serve_http_once("200 OK", "application/json", body);
+        let err = fetch_latest_beta_release_from_url(&url).expect_err("missing beta should fail");
+
+        assert!(
+            err.to_string().contains("no beta release found"),
+            "unexpected error: {err:#}"
+        );
+        handle.join().expect("test server thread");
+    }
+
     #[test]
     fn download_url_reads_binary_body_with_updater_user_agent() {
         let (url, request_rx, handle) =

From ee03d1fd80f9c0e441c8d8bd5825ee4e2062c9a9 Mon Sep 17 00:00:00 2001
From: Zhao Xiaohong <mrluanma@gmail.com>
Date: Tue, 26 May 2026 23:31:09 +0800
Subject: [PATCH 054/283] feat(web): add Metaso as a web search provider
 (metaso.cn) (#2059)

Adds Metaso AI Search as a new SearchProvider option alongside Bing,
DuckDuckGo, Tavily, and Bocha.

Co-authored-by: Zhao Xiaohong <zhaoxiaohong@metasota.ai>
---
 config.example.toml                |   6 +-
 crates/tui/src/config.rs           |  10 +-
 crates/tui/src/core/engine.rs      |   3 +-
 crates/tui/src/tools/spec.rs       |   3 +-
 crates/tui/src/tools/web_search.rs | 145 ++++++++++++++++++++++++++++-
 docs/CONFIGURATION.md              |   7 +-
 6 files changed, 163 insertions(+), 11 deletions(-)

diff --git a/config.example.toml b/config.example.toml
index 81332674..c8a7155b 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -271,11 +271,13 @@ max_subagents = 10 # optional (1-20)
 # Switch to Tavily or Bocha for reliable search in mainland China.
 #
 # [search]
-# provider = "bing"         # bing | duckduckgo | tavily | bocha
+# provider = "bing"         # bing | duckduckgo | tavily | bocha | metaso
 #                            # duckduckgo: HTML scrape with Bing fallback
 #                            # tavily: https://tavily.com — AI search, needs api_key
 #                            # bocha:  https://bochaai.com — 博查AI搜索，国内友好，需api_key
-# api_key = "tvly-YOUR_KEY"  # required for tavily and bocha
+#                            # metaso: https://metaso.cn — 秘塔AI搜索，每天 100 次免费
+#                            #         设置 METASO_API_KEY 或 [search] api_key 可提升额度
+# api_key = "tvly-YOUR_KEY"  # required for tavily, bocha, and metaso (optional for metaso)
 #                            # WARNING: treat config.toml like a secret file when
 #                            # storing API keys. Use env vars or `auth set` instead.
 #
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index f470137f..b2f4494d 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -657,6 +657,10 @@ pub enum SearchProvider {
     Tavily,
     /// Bocha AI Search API (<https://bochaai.com>). Requires api_key.
     Bocha,
+    /// Metaso AI Search API (<https://metaso.cn>). Uses built-in default key
+    /// or `METASO_API_KEY` env var; configurable via `[search] api_key`.
+    #[serde(alias = "metaso")]
+    Metaso,
 }
 
 impl SearchProvider {
@@ -678,6 +682,7 @@ impl SearchProvider {
             Self::DuckDuckGo => "duckduckgo",
             Self::Tavily => "tavily",
             Self::Bocha => "bocha",
+            Self::Metaso => "metaso",
         }
     }
 }
@@ -709,10 +714,11 @@ pub struct SearchProviderResolution {
 /// Web search provider configuration (`[search]` table in config.toml).
 #[derive(Debug, Clone, Deserialize, Default)]
 pub struct SearchConfig {
-    /// Search provider: `bing` | `duckduckgo` | `tavily` | `bocha`. Default: `bing`.
+    /// Search provider: `bing` | `duckduckgo` | `tavily` | `bocha` | `metaso`. Default: `bing`.
     #[serde(default)]
     pub provider: Option<SearchProvider>,
-    /// API key for Tavily or Bocha. Not required for Bing or DuckDuckGo.
+    /// API key for Tavily, Bocha, or Metaso. Not required for Bing or DuckDuckGo.
+    /// Metaso also falls back to `METASO_API_KEY` env var, then a built-in default.
     #[serde(default)]
     pub api_key: Option<String>,
 }
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index e45dabe3..cc60bb73 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -164,7 +164,8 @@ pub struct EngineConfig {
     pub workshop: Option<crate::tools::large_output_router::WorkshopConfig>,
     /// Which search backend `web_search` should use. Default: Bing.
     pub search_provider: crate::config::SearchProvider,
-    /// API key for Tavily or Bocha. `None` for Bing or DuckDuckGo.
+    /// API key for Tavily, Bocha, or Metaso. `None` for Bing or DuckDuckGo.
+    /// Metaso also falls back to `METASO_API_KEY` env var, then a built-in key.
     pub search_api_key: Option<String>,
     /// Per-step DeepSeek API timeout for sub-agent `create_message` requests.
     /// Resolved from `[subagents] api_timeout_secs` (clamped to 1..=1800)
diff --git a/crates/tui/src/tools/spec.rs b/crates/tui/src/tools/spec.rs
index 30a42c49..f13c6516 100644
--- a/crates/tui/src/tools/spec.rs
+++ b/crates/tui/src/tools/spec.rs
@@ -165,7 +165,8 @@ pub struct ToolContext {
     /// Which search backend `web_search` should use. Default: Bing. Set via
     /// `[search] provider` in config.toml.
     pub search_provider: crate::config::SearchProvider,
-    /// API key for Tavily or Bocha. `None` for Bing or DuckDuckGo.
+    /// API key for Tavily, Bocha, or Metaso. `None` for Bing or DuckDuckGo.
+    /// Metaso also falls back to `METASO_API_KEY` env var, then a built-in key.
     pub search_api_key: Option<String>,
 
     /// Per-session workshop variable store (#548). Holds the raw content of
diff --git a/crates/tui/src/tools/web_search.rs b/crates/tui/src/tools/web_search.rs
index eec4aae3..cb64ce98 100644
--- a/crates/tui/src/tools/web_search.rs
+++ b/crates/tui/src/tools/web_search.rs
@@ -1,11 +1,12 @@
 //! Web search tool backed by multiple providers: Bing HTML scrape, DuckDuckGo
-//! (HTML scrape with Bing fallback), Tavily API, and Bocha (博查) API.
+//! (HTML scrape with Bing fallback), Tavily API, Bocha (博查) API, and
+//! Metaso API (<https://metaso.cn>).
 //!
 //! This is the primary web search surface for agents. For browsing workflows
 //! (page open, click, screenshot) use a direct URL approach instead.
 //!
 //! Set `[search]` in config.toml to switch providers:
-//!   provider = "duckduckgo"  # or tavily/bocha
+//!   provider = "duckduckgo"  # or tavily/bocha/metaso
 //!   api_key = "tvly-..."
 
 use super::spec::{
@@ -25,6 +26,10 @@ const DUCKDUCKGO_HOST: &str = "html.duckduckgo.com";
 const BING_HOST: &str = "www.bing.com";
 const TAVILY_ENDPOINT: &str = "https://api.tavily.com/search";
 const BOCHA_ENDPOINT: &str = "https://api.bochaai.com/v1/ai/search";
+const METASO_ENDPOINT: &str = "https://metaso.cn/api/v1";
+/// Intentionally public default key provided by Metaso for open-source/community use.
+/// Last-resort fallback after config and env var. Rate-limited to ~100 searches/day.
+const METASO_DEFAULT_API_KEY: &str = "mk-E384C1DD5E8501BB7EFE27C949AFDE5B";
 const ERROR_BODY_PREVIEW_BYTES: usize = 512;
 
 /// Returns `Ok(())` if the policy allows the call, or a `ToolError` otherwise.
@@ -198,6 +203,13 @@ impl ToolSpec for WebSearchTool {
                     .run_bocha_search(&query, max_results, timeout_ms, context)
                     .await;
             }
+            SearchProvider::Metaso => {
+                let decider = context.network_policy.as_ref();
+                check_policy(decider, "metaso.cn")?;
+                return self
+                    .run_metaso_search(&query, max_results, timeout_ms, context)
+                    .await;
+            }
             SearchProvider::Bing | SearchProvider::DuckDuckGo => {}
         }
 
@@ -530,6 +542,109 @@ impl WebSearchTool {
 
         ToolResult::json(&response).map_err(|e| ToolError::execution_failed(e.to_string()))
     }
+
+    /// Search via Metaso AI Search API (<https://metaso.cn>). Falls back to
+    /// `METASO_API_KEY` env var then a built-in default key if no config key
+    /// is set.
+    async fn run_metaso_search(
+        &self,
+        query: &str,
+        max_results: usize,
+        timeout_ms: u64,
+        context: &ToolContext,
+    ) -> Result<ToolResult, ToolError> {
+        let env_key = std::env::var("METASO_API_KEY").ok();
+        let api_key = context
+            .search_api_key
+            .as_deref()
+            .or(env_key.as_deref())
+            .unwrap_or(METASO_DEFAULT_API_KEY);
+
+        let client = reqwest::Client::builder()
+            .timeout(Duration::from_millis(timeout_ms))
+            .build()
+            .map_err(|e| {
+                ToolError::execution_failed(format!("Failed to build HTTP client: {e}"))
+            })?;
+
+        let size = max_results.clamp(1, 100);
+        let payload = json!({
+            "q": query,
+            "scope": "webpage",
+            "size": size,
+        });
+
+        let resp = client
+            .post(format!("{METASO_ENDPOINT}/search"))
+            .header("Content-Type", "application/json")
+            .header("Authorization", format!("Bearer {api_key}"))
+            .json(&payload)
+            .send()
+            .await
+            .map_err(|e| {
+                ToolError::execution_failed(format!("Metaso search request failed: {e}"))
+            })?;
+
+        let status = resp.status();
+        let body = resp.text().await.map_err(|e| {
+            ToolError::execution_failed(format!("Failed to read Metaso response: {e}"))
+        })?;
+
+        if !status.is_success() {
+            let msg = match status.as_u16() {
+                401 | 403 => "Metaso API key rejected — check METASO_API_KEY or set `[search] api_key` in config.toml, or get one at https://metaso.cn/search-api/playground".to_string(),
+                429 => "Metaso rate-limited — wait and retry, or get your own API key at https://metaso.cn/search-api/playground".to_string(),
+                _ => {
+                    let truncated = truncate_error_body(&body);
+                    format!("Metaso server error (HTTP {status}) — {truncated}")
+                }
+            };
+            return Err(ToolError::execution_failed(msg));
+        }
+
+        let parsed: serde_json::Value = serde_json::from_str(&body).map_err(|e| {
+            ToolError::execution_failed(format!("Failed to parse Metaso response: {e}"))
+        })?;
+
+        // Check business-logic error codes in the response body.
+        if let Some(code) = parsed.get("code").and_then(|v| v.as_i64())
+            && code != 0
+        {
+            let msg = parsed
+                .get("message")
+                .and_then(|v| v.as_str())
+                .unwrap_or("unknown error");
+            return Err(ToolError::execution_failed(match code {
+                3003 => "Metaso: daily search limit reached — set METASO_API_KEY or get one at https://metaso.cn/search-api/playground".to_string(),
+                2005 => "Metaso API key rejected — check METASO_API_KEY or set `[search] api_key` in config.toml".to_string(),
+                _ => format!("Metaso API error (code {code}: {msg})"),
+            }));
+        }
+
+        let results: Vec<WebSearchEntry> = parsed
+            .get("webpages")
+            .and_then(|v| v.as_array())
+            .into_iter()
+            .flat_map(|arr| arr.iter())
+            .filter_map(|item| {
+                let title = item.get("title")?.as_str()?.to_string();
+                let url = item.get("link")?.as_str()?.to_string();
+                let snippet = item
+                    .get("snippet")
+                    .or_else(|| item.get("summary"))
+                    .and_then(|s| s.as_str())
+                    .map(|s| s.to_string());
+                Some(WebSearchEntry {
+                    title,
+                    url,
+                    snippet,
+                })
+            })
+            .take(size)
+            .collect();
+
+        search_tool_result(query.to_string(), "metaso", results, None)
+    }
 }
 
 fn truncate_error_body(body: &str) -> String {
@@ -1225,4 +1340,30 @@ mod tests {
             "error must name the provider and missing key; got `{msg}`"
         );
     }
+
+    #[tokio::test]
+    async fn metaso_provider_uses_built_in_key_when_no_config_key_set() {
+        // Unlike Tavily/Bocha, Metaso falls back to a built-in default, so
+        // the call should NOT return an API-key-related error — it should
+        // either succeed or fail with a network-level error, but never a
+        // missing-key error.
+        use crate::config::SearchProvider;
+        use crate::tools::spec::{ToolContext, ToolSpec};
+
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let mut ctx = ToolContext::new(tmp.path().to_path_buf());
+        ctx.search_provider = SearchProvider::Metaso;
+        ctx.search_api_key = None;
+        let result = WebSearchTool
+            .execute(json!({"query": "anything"}), &ctx)
+            .await;
+        let msg = match &result {
+            Ok(res) => format!("{res:?}"),
+            Err(e) => e.to_string(),
+        };
+        assert!(
+            !msg.contains("API key"),
+            "should not complain about missing API key (built-in default); got `{msg}`"
+        );
+    }
 }
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index ddd7153d..b92cd8ff 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -656,12 +656,13 @@ Use `codewhale-tui features list` to inspect known flags and their effective sta
 
 `web_search` uses Bing by default and does not require an API key. DuckDuckGo
 remains selectable for users who explicitly want it, and Tavily or Bocha can be
-selected when an API-backed provider is preferred.
+selected when an API-backed provider is preferred. **Metaso** ([metaso.cn](https://metaso.cn))
+100 searches/day free quota — set `METASO_API_KEY` or `[search] api_key` for a higher quota.
 
 ```toml
 [search]
-provider = "bing" # bing | duckduckgo | tavily | bocha
-# api_key = "tvly-YOUR_KEY" # required for tavily and bocha
+provider = "bing"    # bing | duckduckgo | tavily | bocha | metaso
+# api_key = "YOUR_KEY" # required for tavily and bocha; optional for metaso (100 searches/day free quota)
 ```
 
 ## Local Media Attachments

From 0611b86863168f3c66dc54a5375bec2217d897f6 Mon Sep 17 00:00:00 2001
From: Justin Gao <62669951+encyc@users.noreply.github.com>
Date: Tue, 26 May 2026 23:31:15 +0800
Subject: [PATCH 055/283] feat: session token breakdown in footer and /status
 (#2152)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: session token breakdown in footer and /status

Add accumulated session token tracking with input / cache-hit / output
breakdown. Rebased from PR #1666 onto post-rebrand main (v0.8.45).

Changes:
- SessionState: new total_input_tokens, total_cache_hit_tokens,
  total_cache_miss_tokens, total_output_tokens fields
- Turn outcome handler: accumulate per-turn token breakdown
- StatusItem::Tokens: new footer chip, enabled by default
- Footer chip: "12K in · 8.1K cch · 2.5K out" format
- /status: expanded with session input/cache/output rows
- /clear and /load: reset accumulated breakdown

* fix: address review feedback — current_session_id, cache guarding, DRY helper

- Restore app.current_session_id assignment accidentally dropped in
  apply_loaded_session during rebase (P1: breaks startup-resume and
  session-sync paths)
- Guard cache-hit/miss accumulation behind is_some() so providers
  that omit cache telemetry don't inflate miss totals
- Extract SessionState::reset_token_breakdown() to avoid duplicating
  the four-field reset in core/session/ui call sites
- Hide the "cch" segment from the footer token chip when no cache
  data has been recorded
- Show "not reported" in /status session-cache row instead of
  "0 hit / 0 miss" when no cache telemetry is available
---
 crates/tui/src/commands/core.rs    |  1 +
 crates/tui/src/commands/session.rs |  2 ++
 crates/tui/src/commands/status.rs  | 20 ++++++++++++++++++++
 crates/tui/src/config.rs           |  7 +++++++
 crates/tui/src/config_ui.rs        |  3 +++
 crates/tui/src/tui/app.rs          | 19 +++++++++++++++++++
 crates/tui/src/tui/footer_ui.rs    | 22 ++++++++++++++++++++++
 crates/tui/src/tui/ui.rs           | 24 ++++++++++++++++++++++++
 8 files changed, 98 insertions(+)

diff --git a/crates/tui/src/commands/core.rs b/crates/tui/src/commands/core.rs
index 9e8fd775..0a50f1d8 100644
--- a/crates/tui/src/commands/core.rs
+++ b/crates/tui/src/commands/core.rs
@@ -55,6 +55,7 @@ pub fn clear(app: &mut App) -> CommandResult {
     app.queued_draft = None;
     app.session.total_tokens = 0;
     app.session.total_conversation_tokens = 0;
+    app.session.reset_token_breakdown();
     app.session.session_cost = 0.0;
     app.session.session_cost_cny = 0.0;
     app.session.subagent_cost = 0.0;
diff --git a/crates/tui/src/commands/session.rs b/crates/tui/src/commands/session.rs
index 7a107797..bc51683d 100644
--- a/crates/tui/src/commands/session.rs
+++ b/crates/tui/src/commands/session.rs
@@ -174,6 +174,8 @@ pub fn load(app: &mut App, path: Option<&str>) -> CommandResult {
     app.workspace.clone_from(&session.metadata.workspace);
     app.session.total_tokens = u32::try_from(session.metadata.total_tokens).unwrap_or(u32::MAX);
     app.session.total_conversation_tokens = app.session.total_tokens;
+    // Accumulated token breakdown is per-runtime-session; zero on load.
+    app.session.reset_token_breakdown();
     app.session.session_cost = 0.0;
     app.session.session_cost_cny = 0.0;
     app.session.subagent_cost = 0.0;
diff --git a/crates/tui/src/commands/status.rs b/crates/tui/src/commands/status.rs
index c721dec7..2370a06d 100644
--- a/crates/tui/src/commands/status.rs
+++ b/crates/tui/src/commands/status.rs
@@ -64,6 +64,26 @@ fn format_status(app: &App) -> String {
         &token_count(app.session.last_completion_tokens),
     );
     push_row(&mut out, "Cache hit/miss:", &cache_summary(app));
+    push_row(
+        &mut out,
+        "Session input:",
+        &app.session.total_input_tokens.to_string(),
+    );
+    let session_cache =
+        if app.session.total_cache_hit_tokens == 0 && app.session.total_cache_miss_tokens == 0 {
+            "not reported".to_string()
+        } else {
+            format!(
+                "{} hit / {} miss",
+                app.session.total_cache_hit_tokens, app.session.total_cache_miss_tokens
+            )
+        };
+    push_row(&mut out, "Session cache:", &session_cache);
+    push_row(
+        &mut out,
+        "Session output:",
+        &app.session.total_output_tokens.to_string(),
+    );
     push_row(
         &mut out,
         "Total tokens:",
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index b2f4494d..e6605dbf 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -777,6 +777,8 @@ pub enum StatusItem {
     LastToolElapsed,
     /// Remaining rate-limit budget (placeholder until wired).
     RateLimit,
+    /// Session token usage: input / cache-hit / output.
+    Tokens,
 }
 
 impl StatusItem {
@@ -795,6 +797,7 @@ impl StatusItem {
             StatusItem::Agents,
             StatusItem::ReasoningReplay,
             StatusItem::Cache,
+            StatusItem::Tokens,
         ]
     }
 
@@ -815,6 +818,7 @@ impl StatusItem {
             StatusItem::GitBranch => "git_branch",
             StatusItem::LastToolElapsed => "last_tool_elapsed",
             StatusItem::RateLimit => "rate_limit",
+            StatusItem::Tokens => "tokens",
         }
     }
 
@@ -835,6 +839,7 @@ impl StatusItem {
             StatusItem::GitBranch => "Git branch",
             StatusItem::LastToolElapsed => "Last tool elapsed",
             StatusItem::RateLimit => "Rate-limit remaining",
+            StatusItem::Tokens => "Session tokens",
         }
     }
 
@@ -856,6 +861,7 @@ impl StatusItem {
             StatusItem::GitBranch => "current workspace branch",
             StatusItem::LastToolElapsed => "ms of the most recent tool call (placeholder)",
             StatusItem::RateLimit => "remaining requests in the budget (placeholder)",
+            StatusItem::Tokens => "input / cache-hit / output token totals",
         }
     }
 
@@ -876,6 +882,7 @@ impl StatusItem {
             StatusItem::GitBranch,
             StatusItem::LastToolElapsed,
             StatusItem::RateLimit,
+            StatusItem::Tokens,
         ]
     }
 
diff --git a/crates/tui/src/config_ui.rs b/crates/tui/src/config_ui.rs
index 7e400496..7f3b5801 100644
--- a/crates/tui/src/config_ui.rs
+++ b/crates/tui/src/config_ui.rs
@@ -278,6 +278,7 @@ pub enum StatusItemValue {
     GitBranch,
     LastToolElapsed,
     RateLimit,
+    Tokens,
 }
 
 pub fn parse_mode(arg: Option<&str>) -> Result<ConfigUiMode, String> {
@@ -996,6 +997,7 @@ impl From<StatusItem> for StatusItemValue {
             StatusItem::GitBranch => Self::GitBranch,
             StatusItem::LastToolElapsed => Self::LastToolElapsed,
             StatusItem::RateLimit => Self::RateLimit,
+            StatusItem::Tokens => Self::Tokens,
         }
     }
 }
@@ -1016,6 +1018,7 @@ impl From<StatusItemValue> for StatusItem {
             StatusItemValue::GitBranch => Self::GitBranch,
             StatusItemValue::LastToolElapsed => Self::LastToolElapsed,
             StatusItemValue::RateLimit => Self::RateLimit,
+            StatusItemValue::Tokens => Self::Tokens,
         }
     }
 }
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index bcc49979..a8975c5b 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -993,6 +993,11 @@ pub struct SessionState {
     pub last_reasoning_replay_tokens: Option<u32>,
     pub total_tokens: u32,
     pub total_conversation_tokens: u32,
+    /// Accumulated token breakdown for the session.
+    pub total_input_tokens: u32,
+    pub total_cache_hit_tokens: u32,
+    pub total_cache_miss_tokens: u32,
+    pub total_output_tokens: u32,
     pub turn_cache_history: VecDeque<TurnCacheRecord>,
     pub last_cache_inspection: Option<PromptInspection>,
 }
@@ -1030,12 +1035,26 @@ impl Default for SessionState {
             last_reasoning_replay_tokens: None,
             total_tokens: 0,
             total_conversation_tokens: 0,
+            total_input_tokens: 0,
+            total_cache_hit_tokens: 0,
+            total_cache_miss_tokens: 0,
+            total_output_tokens: 0,
             turn_cache_history: VecDeque::new(),
             last_cache_inspection: None,
         }
     }
 }
 
+impl SessionState {
+    /// Reset the accumulated token breakdown fields to zero.
+    pub fn reset_token_breakdown(&mut self) {
+        self.total_input_tokens = 0;
+        self.total_cache_hit_tokens = 0;
+        self.total_cache_miss_tokens = 0;
+        self.total_output_tokens = 0;
+    }
+}
+
 /// Evidence collected during a turn for the post-turn receipt.
 #[derive(Debug, Clone)]
 pub struct ToolEvidence {
diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 52cf066b..5b1fb64c 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -510,6 +510,7 @@ pub(crate) fn render_footer_from(
             S::ContextPercent => footer_context_percent_spans(app),
             S::GitBranch => footer_git_branch_spans(app),
             S::LastToolElapsed | S::RateLimit => Vec::new(),
+            S::Tokens => footer_session_tokens_spans(app),
             _ => continue,
         };
         if chip.is_empty() {
@@ -596,6 +597,27 @@ pub(crate) fn should_show_footer_cost(displayed_cost: f64) -> bool {
     displayed_cost.is_finite() && displayed_cost > 0.0
 }
 
+/// Session token-usage chip for the footer right cluster.
+///
+/// Renders the accumulated input / cache-hit / output token breakdown
+/// since the current runtime session started (not persisted across
+/// restarts). Returns empty when no tokens have been recorded yet.
+pub(crate) fn footer_session_tokens_spans(app: &App) -> Vec<Span<'static>> {
+    let session = &app.session;
+    if session.total_input_tokens == 0 && session.total_output_tokens == 0 {
+        return Vec::new();
+    }
+    let in_str = format_token_count_compact(u64::from(session.total_input_tokens));
+    let out_str = format_token_count_compact(u64::from(session.total_output_tokens));
+    let text = if session.total_cache_hit_tokens == 0 && session.total_cache_miss_tokens == 0 {
+        format!("{in_str} in · {out_str} out")
+    } else {
+        let cache_str = format_token_count_compact(u64::from(session.total_cache_hit_tokens));
+        format!("{in_str} in · {cache_str} cch · {out_str} out")
+    };
+    vec![Span::styled(text, Style::default().fg(palette::TEXT_MUTED))]
+}
+
 /// Test-only helper retained as a parity reference for `FooterWidget`'s
 /// auxiliary-span composition. Production rendering is performed by the
 /// widget itself; the existing footer parity tests still exercise this
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 315a1f24..9383657e 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1479,6 +1479,28 @@ async fn run_event_loop(
                             .session
                             .total_conversation_tokens
                             .saturating_add(turn_tokens);
+                        app.session.total_input_tokens = app
+                            .session
+                            .total_input_tokens
+                            .saturating_add(usage.input_tokens);
+                        app.session.total_output_tokens = app
+                            .session
+                            .total_output_tokens
+                            .saturating_add(usage.output_tokens);
+                        // Only accumulate cache telemetry when reported.
+                        if let Some(hit_tokens) = usage.prompt_cache_hit_tokens {
+                            app.session.total_cache_hit_tokens = app
+                                .session
+                                .total_cache_hit_tokens
+                                .saturating_add(hit_tokens);
+                            let cache_miss = usage
+                                .prompt_cache_miss_tokens
+                                .unwrap_or_else(|| usage.input_tokens.saturating_sub(hit_tokens));
+                            app.session.total_cache_miss_tokens = app
+                                .session
+                                .total_cache_miss_tokens
+                                .saturating_add(cache_miss);
+                        }
                         app.session.last_prompt_tokens = Some(usage.input_tokens);
                         app.session.last_completion_tokens = Some(usage.output_tokens);
                         app.session.last_prompt_cache_hit_tokens = usage.prompt_cache_hit_tokens;
@@ -6705,6 +6727,8 @@ fn apply_loaded_session(app: &mut App, config: &Config, session: &SavedSession)
     app.session.last_prompt_cache_hit_tokens = None;
     app.session.last_prompt_cache_miss_tokens = None;
     app.session.last_reasoning_replay_tokens = None;
+    // Accumulated token breakdown is per-runtime-session; reset on load.
+    app.session.reset_token_breakdown();
     app.session.turn_cache_history.clear();
     // Restore cumulative turn duration so the footer "worked" chip
     // persists across session restarts (#2038).

From 60a30697055bab137ec0dd4441b9f1443c2cdf9a Mon Sep 17 00:00:00 2001
From: dongchao <2193993758@qq.com>
Date: Tue, 26 May 2026 23:31:21 +0800
Subject: [PATCH 056/283] fix(paste): defer large-paste @file consolidation to
 submit time (#2168)

---
 crates/tui/src/tui/app.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index a8975c5b..884242c4 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -3152,7 +3152,7 @@ impl App {
         // safety-net at submit time so any other code path that fills
         // self.input above the cap still consolidates rather than
         // silently truncating.
-        self.consolidate_large_input_if_oversized();
+        // self.consolidate_large_input_if_oversized(); // deferred to submit time
     }
 
     pub fn insert_media_attachment(&mut self, kind: &str, path: &Path, description: Option<&str>) {
@@ -4279,7 +4279,7 @@ impl App {
         self.input = format!("@{rel_path}");
         self.cursor_position = char_count(&self.input);
         self.push_status_toast(
-            "Large paste consolidated — sent as @mention",
+            "Large paste consolidated — auto-wrote to file and replaced with @mention. The text is still fully accessible to the model.",
             StatusToastLevel::Info,
             Some(5_000),
         );

From 4f3a0c3cfc08e7d087c0ba73df9a375172555e27 Mon Sep 17 00:00:00 2001
From: hexin <372726039@qq.com>
Date: Tue, 26 May 2026 23:31:26 +0800
Subject: [PATCH 057/283] feat(engine): allow DEEPSEEK_MAX_OUTPUT_TOKENS env
 override for tight-context providers (#2147)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The `effective_max_output_tokens` heuristic defaults to 64K for any model
not in the known-context-window table. This is fine for DeepSeek's hosted
API (1M context) but causes immediate HTTP 400s on self-hosted providers
with tight `max-model-len`.

Example: vLLM serving Qwen3.6 with `--max-model-len 65536` rejects
requests because 64000 (output) + ~1500 (input) exceeds the limit by 1
token.

This change lets the operator set `DEEPSEEK_MAX_OUTPUT_TOKENS=16384` (or
whatever fits their deployment) to override the heuristic. The env var
takes precedence over the model-table lookup when set to a positive
integer; otherwise the existing behavior is preserved.

No new config struct field — env-only override keeps the public API
unchanged. Useful for embedded users (e.g. pinvou3) who need to control
output budget without forking the engine config schema.

Co-authored-by: hexin <he.xin@h3c.com>
---
 crates/tui/src/core/engine/context.rs | 14 +++++
 crates/tui/src/core/engine/tests.rs   | 82 +++++++++++++++++++++++++++
 2 files changed, 96 insertions(+)

diff --git a/crates/tui/src/core/engine/context.rs b/crates/tui/src/core/engine/context.rs
index 6a28d6b4..726f1a92 100644
--- a/crates/tui/src/core/engine/context.rs
+++ b/crates/tui/src/core/engine/context.rs
@@ -28,7 +28,21 @@ const API_MAX_OUTPUT_TOKENS: u32 = 65_536;
 /// model. Uses `API_MAX_OUTPUT_TOKENS` (64K) which fits within common provider
 /// limits (128K+ total). For non-V4 models with smaller context windows, caps
 /// at half the context window.
+///
+/// Override: when the env var `DEEPSEEK_MAX_OUTPUT_TOKENS` is set to a positive
+/// integer, this function returns that value directly. Use this for self-hosted
+/// providers (vLLM/SGLang) whose `max-model-len` is tight and where the
+/// model-table heuristic above would over-allocate. Example: vLLM serving
+/// Qwen3.6 with `--max-model-len 65536` should set
+/// `DEEPSEEK_MAX_OUTPUT_TOKENS=16384` so input + output stays well under the
+/// provider's hard limit.
 pub(super) fn effective_max_output_tokens(model: &str) -> u32 {
+    if let Ok(raw) = std::env::var("DEEPSEEK_MAX_OUTPUT_TOKENS")
+        && let Ok(n) = raw.trim().parse::<u32>()
+        && n > 0
+    {
+        return n;
+    }
     let window = context_window_for_model(model).unwrap_or(128_000);
     if window >= 500_000 {
         // V4-class models on large-context providers: use 64K which is safe
diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index 6f612611..14404399 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -1047,6 +1047,9 @@ fn detects_context_length_errors_from_provider_payloads() {
 
 #[test]
 fn context_budget_reserves_output_and_headroom() {
+    // Serialize with other tests that mutate DEEPSEEK_MAX_OUTPUT_TOKENS so
+    // the internal effective_max_output_tokens() call sees a stable env.
+    let _lock = lock_test_env();
     // V4 has a 1M context window — the only family that comfortably hosts
     // a 256K output reservation without saturating the input budget to 0.
     let budget = context_input_budget("deepseek-v4-pro")
@@ -1058,6 +1061,9 @@ fn context_budget_reserves_output_and_headroom() {
 
 #[test]
 fn effective_max_output_tokens_caps_api_request_for_large_window_models() {
+    // Serialize with other tests that mutate DEEPSEEK_MAX_OUTPUT_TOKENS so
+    // v4_cap and flash_cap below see the same env state.
+    let _lock = lock_test_env();
     // V4 models have a 1M context window but the API request cap must stay
     // well below common provider limits (e.g., 131K total on self-hosted
     // vLLM/SGLang). The cap should never exceed 65K.
@@ -1075,8 +1081,84 @@ fn effective_max_output_tokens_caps_api_request_for_large_window_models() {
     assert_eq!(v4_cap, flash_cap);
 }
 
+struct ScopedDeepSeekMaxOutputTokens {
+    previous: Option<OsString>,
+}
+
+impl ScopedDeepSeekMaxOutputTokens {
+    fn set(value: &str) -> Self {
+        let previous = std::env::var_os("DEEPSEEK_MAX_OUTPUT_TOKENS");
+        // Safety: tests using this helper serialize with lock_test_env() and
+        // restore the original value in Drop.
+        unsafe {
+            std::env::set_var("DEEPSEEK_MAX_OUTPUT_TOKENS", value);
+        }
+        Self { previous }
+    }
+
+    fn unset() -> Self {
+        let previous = std::env::var_os("DEEPSEEK_MAX_OUTPUT_TOKENS");
+        // Safety: see set().
+        unsafe {
+            std::env::remove_var("DEEPSEEK_MAX_OUTPUT_TOKENS");
+        }
+        Self { previous }
+    }
+}
+
+impl Drop for ScopedDeepSeekMaxOutputTokens {
+    fn drop(&mut self) {
+        // Safety: tests using this helper serialize with lock_test_env().
+        unsafe {
+            if let Some(previous) = self.previous.take() {
+                std::env::set_var("DEEPSEEK_MAX_OUTPUT_TOKENS", previous);
+            } else {
+                std::env::remove_var("DEEPSEEK_MAX_OUTPUT_TOKENS");
+            }
+        }
+    }
+}
+
+#[test]
+fn effective_max_output_tokens_env_override_returns_positive_value() {
+    let _lock = lock_test_env();
+    let _guard = ScopedDeepSeekMaxOutputTokens::set("16384");
+
+    // Override applies regardless of model — V4 hosted, V4 flash, sub-500K
+    // self-hosted all return the env value verbatim.
+    assert_eq!(effective_max_output_tokens("deepseek-v4-pro"), 16_384);
+    assert_eq!(effective_max_output_tokens("deepseek-v4-flash"), 16_384);
+    assert_eq!(effective_max_output_tokens("qwen3-32b-256k"), 16_384);
+}
+
+#[test]
+fn effective_max_output_tokens_env_override_rejects_zero_and_invalid() {
+    let _lock = lock_test_env();
+    // Establish the heuristic baseline with the env unset.
+    let baseline = {
+        let _guard = ScopedDeepSeekMaxOutputTokens::unset();
+        effective_max_output_tokens("deepseek-v4-pro")
+    };
+    assert!(baseline > 0);
+
+    // 0, non-numeric, and empty values must all fall through to the heuristic
+    // rather than producing a zero/garbage cap that would silently break
+    // request budgeting.
+    for raw in ["0", "abc", "", "  ", "-1"] {
+        let _guard = ScopedDeepSeekMaxOutputTokens::set(raw);
+        assert_eq!(
+            effective_max_output_tokens("deepseek-v4-pro"),
+            baseline,
+            "env={raw:?} should fall through to heuristic"
+        );
+    }
+}
+
 #[test]
 fn internal_context_budget_tiers_reserved_output_by_window() {
+    // Serialize with other tests that mutate DEEPSEEK_MAX_OUTPUT_TOKENS so
+    // both branches below see a stable env.
+    let _lock = lock_test_env();
     // Large-context (>=500K) models reserve the full TURN_MAX_OUTPUT_TOKENS
     // headroom so long V4 sessions don't compact prematurely.
     let internal_budget =

From d3adc6a0f181e21f0d3fde4bb78590b848b419d5 Mon Sep 17 00:00:00 2001
From: Saieswar <sai237e@gmail.com>
Date: Tue, 26 May 2026 21:01:37 +0530
Subject: [PATCH 058/283] docs: add review pipeline documentation closes #2177
 (#2178)

* docs: add review pipeline documentation closes #2177

* docs: remove escape characters and update cargo fmt command

* docs: remove locked and warning flags from clippy command based on bot review
---
 docs/REVIEW_PIPELINE.md | 84 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 docs/REVIEW_PIPELINE.md

diff --git a/docs/REVIEW_PIPELINE.md b/docs/REVIEW_PIPELINE.md
new file mode 100644
index 00000000..95af4eca
--- /dev/null
+++ b/docs/REVIEW_PIPELINE.md
@@ -0,0 +1,84 @@
+\# CodeWhale Review Pipeline
+
+
+
+Welcome to CodeWhale! We receive a high volume of community PRs. To ensure a smooth and fast review process, please review our pipeline expectations below. 
+
+
+
+\## 1. CI Gates (Pre-Review Checklist)
+
+Before a maintainer reviews your PR, it must pass our continuous integration (CI) checks. 
+
+
+
+\*\*Required Checks (Must Pass):\*\*
+
+Please run these locally before pushing your code to avoid CI failures:
+
+\* \*\*Format:\*\* `cargo fmt --all -- --check`
+
+\* \*\*Linting:\*\* `cargo clippy --workspace --all-targets --all-features`
+
+\* \*\*Tests:\*\* `cargo test --workspace --all-features --locked`
+
+
+
+\*\*Informational Checks:\*\*
+
+Checks from \*\*Greptile\*\* and \*\*GitGuardian\*\* are informational. If they flag something, review it, but they do not strictly block a review on their own unless a secret is leaked.
+
+
+
+\## 2. Common Failure Modes \& Local Fixes
+
+If CI fails, it is usually one of these three reasons:
+
+\* \*\*Version Drift (`Cargo.lock` out of date):\*\* Run `cargo update` or `cargo build` locally to update the lockfile and commit the changes.
+
+\* \*\*Lint Failures:\*\* Check the clippy warnings from the command above and fix the specific lines flagged.
+
+\* \*\*Windows Test Flakiness:\*\* Occasionally, tests may time out on Windows runners. If you are confident your code didn't break it, leave a comment asking a maintainer to re-trigger the CI.
+
+
+
+\## 3. PR Etiquette
+
+To help us review your code quickly, please adhere to the following:
+
+\* \*\*One Concern Per PR:\*\* Keep diffs highly focused. Do not mix refactoring with new feature additions.
+
+\* \*\*Link the Issue:\*\* Always include `Closes #N` (replace N with the issue number) in your PR description so GitHub automatically links them.
+
+\* \*\*Rebase:\*\* Always rebase your branch onto the latest `main` branch before requesting a review.
+
+
+
+\## 4. The Review Workflow
+
+Once CI is green, your PR enters the review queue.
+
+\* \*\*Who reviews:\*\* Core maintainers will review the PR. 
+
+\* \*\*`autonomous-ready` Label:\*\* If a maintainer applies this label, it means the PR is approved in concept and is queued for our automated integration system.
+
+\* \*\*The Nightly Loop:\*\* We run extensive integration loops overnight. If your PR is approved, it may wait for this nightly loop before final merging to ensure system stability.
+
+
+
+\## 5. Post-Merge Actions
+
+After your code is merged, the following automated actions occur:
+
+\* `CHANGELOG.md` is updated.
+
+\* `npm` wrappers are synced.
+
+\* Binary rebuilds are triggered for all platforms.
+
+\* Website and documentation are synced with your new changes.
+
+
+
+Thank you for contributing to CodeWhale!
+

From e2eff3956c79b5f95664212e7fa67d43682c7dff Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:32:07 -0500
Subject: [PATCH 059/283] docs(install): add macOS Gatekeeper quarantine
 workaround (#2139)

Harvested from PR #2139 (copilot-swe-agent). README changes skipped
to preserve the narrative harness section.

Co-authored-by: copilot-swe-agent[bot]
---
 docs/INSTALL.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 2a9fd17b..ab4ef018 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -266,6 +266,13 @@ chmod +x ~/.local/bin/codewhale ~/.local/bin/codewhale-tui
 codewhale --version
 ```
 
+> **macOS Gatekeeper note.** If you downloaded the binaries with a browser,
+> macOS may block them with "Apple cannot verify" warnings. Clear the quarantine
+> attribute on both binaries and retry:
+> ```bash
+> xattr -d com.apple.quarantine ~/.local/bin/codewhale ~/.local/bin/codewhale-tui 2>/dev/null || true
+> ```
+
 Verify integrity against the per-release SHA-256 manifest:
 
 ```bash

From 3e09e1c77be67f6bc0a4e4cc3a53f0abbd678dcb Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:37:26 -0500
Subject: [PATCH 060/283] docs: add v0.8.46 contributors to all three READMEs

---
 README.ja-JP.md | 9 +++++++++
 README.md       | 9 +++++++++
 README.zh-CN.md | 9 +++++++++
 3 files changed, 27 insertions(+)

diff --git a/README.ja-JP.md b/README.ja-JP.md
index 436d3a8c..2a82b1c5 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -535,6 +535,15 @@ CodeWhale は MIT ライセンスで、利用やコントリビューション
 - **[whtis](https://github.com/whtis)** — zh-CN README ディスパッチャーパス同期 (#1235)
 - **[aqilaziz](https://github.com/aqilaziz)** — memory スキルリンク修正 (#1095)
 - **[wuwuzhijing](https://github.com/wuwuzhijing)** — rsproxy rustup 回避策インストールドキュメント (#1011)
+- **[donglovejava](https://github.com/donglovejava)** — ペースト @file 統合遅延、CJK バイト境界パニック修正、長時間操作中のユーザーフィードバック、RLM var_handle ルーティング、edit_file ファジーフォールバック再試行 (#2154, #2163, #2166, #2167, #2168)
+- **[encyc](https://github.com/encyc)** — セッショントークン内訳をフッターと `/status` コマンドに表示 (#2152)
+- **[saieswar237](https://github.com/saieswar237)** — レビューパイプライン文書 (#2178)
+- **[sximelon](https://github.com/sximelon)** — ペースト後 Enter 抑制ウィンドウ保持 (#2174)
+- **[nanookclaw](https://github.com/nanookclaw)** — 検索プロバイダーを doctor 出力に表示 (#2135)
+- **[Sskift](https://github.com/Sskift)** — CLI デフォルト環境変数上書き防止 (#2119)
+- **[xin1104](https://github.com/xin1104)** — Homebrew インストール codewhale バイナリとレガシー shim (#2105)
+- **[mrluanma](https://github.com/mrluanma)** — Metaso ウェブ検索プロバイダー統合 (#2059)
+- **[Lellansin](https://github.com/Lellansin)** — ワークスペースがホームディレクトリの場合プロジェクト設定マージをスキップ (#2055)
 
 ---
 
diff --git a/README.md b/README.md
index 6724c09b..be56b0a8 100644
--- a/README.md
+++ b/README.md
@@ -666,6 +666,15 @@ This project ships with help from a growing community of contributors:
 - **[Horace Liu](https://github.com/liuhq)** — Nix package support and install documentation (#1173)
 - **[jieshu666](https://github.com/jieshu666)** — terminal repaint flicker reduction (#1563)
 - **[gordonlu](https://github.com/gordonlu)** — Windows Enter / CSI-u input fix (#1612)
+- **[donglovejava](https://github.com/donglovejava)** — paste @file consolidation deferral, CJK byte-boundary panic fix, user feedback during long ops, RLM var_handle routing, and edit_file retry fallback (#2154, #2163, #2166, #2167, #2168)
+- **[encyc](https://github.com/encyc)** — session token breakdown in footer and `/status` command (#2152)
+- **[saieswar237](https://github.com/saieswar237)** — review pipeline documentation (#2178)
+- **[sximelon](https://github.com/sximelon)** — paste Enter suppression window preservation (#2174)
+- **[nanookclaw](https://github.com/nanookclaw)** — search provider display in doctor output (#2135)
+- **[Sskift](https://github.com/Sskift)** — CLI default env override prevention for profiles (#2119)
+- **[xin1104](https://github.com/xin1104)** — Homebrew install codewhale binary and legacy shim (#2105)
+- **[mrluanma](https://github.com/mrluanma)** — Metaso web search provider integration (#2059)
+- **[Lellansin](https://github.com/Lellansin)** — project-scope config merge skip when workspace is home directory (#2055)
 - **[mdrkrg](https://github.com/mdrkrg)** — first-run onboarding crash fix when the API key is missing (#1598)
 - **[Aitensa](https://github.com/Aitensa)** — CJK wrapping propagation for diff and pager output (#1622)
 - **[qiyan233](https://github.com/qiyan233)** — legacy DeepSeek CN provider alias compatibility (#1645)
diff --git a/README.zh-CN.md b/README.zh-CN.md
index f46f4a8d..52c69c84 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -648,6 +648,15 @@ CodeWhale 采用 MIT 许可证，使用和参与贡献都不需要赞助。如
 - **[xulongzhe](https://github.com/xulongzhe)** — issue template 和 vision boundary follow-up (#1530, #1544)
 - **[YaYII](https://github.com/YaYII)** — trusted media path 工作 (#1462)
 - **[47Cid](https://github.com/47Cid)** 和 **[Jafar Akhondali](https://github.com/JafarAkhondali)** — 负责任安全披露和加固报告
+- **[donglovejava](https://github.com/donglovejava)** — 粘贴 @file 合并延迟、CJK 字节边界 panic 修复、长操作中的用户反馈、RLM var_handle 路由、edit_file 模糊回退重试 (#2154, #2163, #2166, #2167, #2168)
+- **[encyc](https://github.com/encyc)** — 会话 token 分解显示在页脚和 `/status` 命令 (#2152)
+- **[saieswar237](https://github.com/saieswar237)** — 审查流程文档 (#2178)
+- **[sximelon](https://github.com/sximelon)** — 粘贴后 Enter 抑制窗口保留 (#2174)
+- **[nanookclaw](https://github.com/nanookclaw)** — 搜索提供商在 doctor 输出中显示 (#2135)
+- **[Sskift](https://github.com/Sskift)** — CLI 默认环境变量覆盖防止 (#2119)
+- **[xin1104](https://github.com/xin1104)** — Homebrew 安装 codewhale 二进制和旧版 shim (#2105)
+- **[mrluanma](https://github.com/mrluanma)** — Metaso 网页搜索提供商集成 (#2059)
+- **[Lellansin](https://github.com/Lellansin)** — 工作区为主目录时跳过项目范围配置合并 (#2055)
 
 ---
 

From d1b5cf6f1c0980990b22913255d3f754771aeaf2 Mon Sep 17 00:00:00 2001
From: New2Niu <raymailfox@foxmail.com>
Date: Tue, 26 May 2026 23:38:07 +0800
Subject: [PATCH 061/283] feat: fuzzy command (#2043)

Co-authored-by: lei <liulei@8531.cn>
---
 crates/tui/src/tui/widgets/mod.rs | 186 ++++++++++++++++++++++--------
 1 file changed, 141 insertions(+), 45 deletions(-)

diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index a97e7c56..37aa0f97 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -2019,6 +2019,26 @@ pub(crate) struct SlashMenuEntry {
     pub alias_hint: Option<String>,
 }
 
+/// Check if all characters in `needle` appear in `haystack` in order
+/// (subsequence matching — fuzzy filtering).
+fn fuzzy_chars_in_order(needle: &str, haystack: &str) -> bool {
+    let mut chars = needle.chars();
+    let mut current = match chars.next() {
+        Some(c) => c,
+        None => return true,
+    };
+    for ch in haystack.chars() {
+        if ch == current {
+            if let Some(next) = chars.next() {
+                current = next;
+            } else {
+                return true;
+            }
+        }
+    }
+    false
+}
+
 pub(crate) fn slash_completion_hints(
     input: &str,
     limit: usize,
@@ -2037,61 +2057,89 @@ pub(crate) fn slash_completion_hints(
         return Vec::new();
     }
     let mut entries: Vec<SlashMenuEntry> = Vec::new();
+    let mut seen: std::collections::HashSet<String> = std::collections::HashSet::new();
+    let prefix_lower = prefix.to_ascii_lowercase();
 
-    // Built-in commands + user-defined commands
-    // `all_command_names_matching` returns both; we resolve descriptions for
-    // built-in ones from the static registry and use a generic label for
-    // user-defined commands.
+    // ── Phase 1: prefix (starts_with) matches ─────────────────────────
+    // Highest priority — preserves existing exact-prefix completion.
     if completing_skill_arg.is_none() {
-        let prefix_lower = prefix.to_ascii_lowercase();
         for name in commands::all_command_names_matching(prefix, workspace) {
+            seen.insert(name.clone());
             let command_key = name.trim_start_matches('/');
-            let (description, alias_hint) =
-                if let Some(info) = commands::get_command_info(command_key) {
-                    // Detect matching alias: if the user typed via pinyin rather
-                    // than the canonical name, record which alias matched.
-                    let hint = if !command_key.to_ascii_lowercase().starts_with(&prefix_lower) {
-                        info.aliases
-                            .iter()
-                            .find(|a| a.to_ascii_lowercase().starts_with(&prefix_lower))
-                            .map(|a| a.to_string())
-                    } else {
-                        None
-                    };
-                    let desc = if info.aliases.is_empty() {
-                        info.description_for(locale).to_string()
-                    } else {
-                        format!(
-                            "{}  (aliases: {})",
-                            info.description_for(locale),
-                            info.aliases
-                                .iter()
-                                .map(|a| format!("/{a}"))
-                                .collect::<Vec<_>>()
-                                .join(", ")
-                        )
-                    };
-                    (desc, hint)
-                } else {
-                    (String::from("User-defined command"), None)
-                };
-            entries.push(SlashMenuEntry {
-                name,
-                description,
-                is_skill: false,
-                alias_hint,
-            });
+            push_command_entry(&mut entries, &name, command_key, &prefix_lower, locale);
         }
     }
 
-    // Cached skills are arguments to `/skill`, not top-level commands. Keep
-    // the top-level slash menu focused on commands and expand skills only
-    // after the user has selected the skill command.
-    let prefix_lower = completing_skill_arg.unwrap_or(prefix).to_ascii_lowercase();
+    // ── Phase 2: contains (substring) matches ─────────────────────────
+    // Medium priority — broader catching.
+    if completing_skill_arg.is_none() {
+        for cmd in commands::COMMANDS {
+            let name = format!("/{}", cmd.name);
+            if seen.contains(&name) {
+                continue;
+            }
+            let cmd_lower = cmd.name.to_ascii_lowercase();
+            let alias_match = cmd.aliases.iter().any(|a| a.to_ascii_lowercase().contains(&prefix_lower));
+            if cmd_lower.contains(&prefix_lower) || alias_match {
+                seen.insert(name.clone());
+                push_command_entry(&mut entries, &name, cmd.name, &prefix_lower, locale);
+            }
+        }
+    }
+
+    // ── Phase 3: fuzzy subsequence matches ────────────────────────────
+    // Lowest priority — characters in order, not necessarily consecutive.
+    if completing_skill_arg.is_none() {
+        for cmd in commands::COMMANDS {
+            let name = format!("/{}", cmd.name);
+            if seen.contains(&name) {
+                continue;
+            }
+            let cmd_lower = cmd.name.to_ascii_lowercase();
+            let alias_match = cmd.aliases.iter().any(|a| fuzzy_chars_in_order(&prefix_lower, &a.to_ascii_lowercase()));
+            if fuzzy_chars_in_order(&prefix_lower, &cmd_lower) || alias_match {
+                seen.insert(name.clone());
+                push_command_entry(&mut entries, &name, cmd.name, &prefix_lower, locale);
+            }
+        }
+    }
+
+    // ── Skills (only after user has typed `/skill `) ──────────────────
+    let skill_prefix = completing_skill_arg.unwrap_or(prefix).to_ascii_lowercase();
     if completing_skill_arg.is_some() {
         for (skill_name, skill_desc) in cached_skills {
             let skill_name_lower = skill_name.to_ascii_lowercase();
-            if skill_name_lower.starts_with(&prefix_lower) {
+            if skill_name_lower.starts_with(&skill_prefix) {
+                entries.push(SlashMenuEntry {
+                    name: format!("/skill {skill_name}"),
+                    description: skill_desc.clone(),
+                    is_skill: true,
+                    alias_hint: None,
+                });
+            }
+        }
+        // Skills: contains fuzzy fallback
+        for (skill_name, skill_desc) in cached_skills {
+            let skill_name_lower = skill_name.to_ascii_lowercase();
+            if skill_name_lower.contains(&skill_prefix)
+                && !entries.iter().any(|e| {
+                    e.name == format!("/skill {skill_name}")
+                })
+            {
+                entries.push(SlashMenuEntry {
+                    name: format!("/skill {skill_name}"),
+                    description: skill_desc.clone(),
+                    is_skill: true,
+                    alias_hint: None,
+                });
+            }
+        }
+        for (skill_name, skill_desc) in cached_skills {
+            let skill_name_lower = skill_name.to_ascii_lowercase();
+            if !skill_name_lower.starts_with(&skill_prefix)
+                && !skill_name_lower.contains(&skill_prefix)
+                && fuzzy_chars_in_order(&skill_prefix, &skill_name_lower)
+            {
                 entries.push(SlashMenuEntry {
                     name: format!("/skill {skill_name}"),
                     description: skill_desc.clone(),
@@ -2144,6 +2192,54 @@ pub(crate) fn slash_completion_hints(
     entries.into_iter().take(limit).collect()
 }
 
+/// Push a built-in command entry to the slash menu, resolving description
+/// and alias hints.
+fn push_command_entry(
+    entries: &mut Vec<SlashMenuEntry>,
+    name: &str,
+    command_key: &str,
+    prefix_lower: &str,
+    locale: crate::localization::Locale,
+) {
+    let (description, alias_hint) =
+        if let Some(info) = commands::get_command_info(command_key) {
+            let hint = if !command_key.to_ascii_lowercase().starts_with(prefix_lower) {
+                info.aliases
+                    .iter()
+                    .find(|a| {
+                        a.to_ascii_lowercase().starts_with(prefix_lower)
+                            || a.to_ascii_lowercase().contains(prefix_lower)
+                            || fuzzy_chars_in_order(prefix_lower, &a.to_ascii_lowercase())
+                    })
+                    .map(|a| a.to_string())
+            } else {
+                None
+            };
+            let desc = if info.aliases.is_empty() {
+                info.description_for(locale).to_string()
+            } else {
+                format!(
+                    "{}  (aliases: {})",
+                    info.description_for(locale),
+                    info.aliases
+                        .iter()
+                        .map(|a| format!("/{a}"))
+                        .collect::<Vec<_>>()
+                        .join(", ")
+                )
+            };
+            (desc, hint)
+        } else {
+            (String::from("User-defined command"), None)
+        };
+    entries.push(SlashMenuEntry {
+        name: name.to_string(),
+        description,
+        is_skill: false,
+        alias_hint,
+    });
+}
+
 fn layout_input(
     input: &str,
     cursor: usize,

From b6afb4c0302a0941fc03d27ac72d007330df5592 Mon Sep 17 00:00:00 2001
From: Shen Bowen <952468655@qq.com>
Date: Tue, 26 May 2026 23:38:12 +0800
Subject: [PATCH 062/283] refactor: extract file-tree key handling into
 key_actions module (#2042)

* refactor: extract file-tree key handling into key_actions module

* refactor: simplify file_tree_key with early Esc return and let-else binding

* fix: address review comments on file-tree key_actions refactor

Restore file_tree_visible guard, remove stale KeyActionResult docs, unify format string style.
---
 crates/tui/src/tui/key_actions.rs | 56 +++++++++++++++++++++++++++++++
 crates/tui/src/tui/mod.rs         |  1 +
 crates/tui/src/tui/ui.rs          | 46 +++----------------------
 3 files changed, 62 insertions(+), 41 deletions(-)
 create mode 100644 crates/tui/src/tui/key_actions.rs

diff --git a/crates/tui/src/tui/key_actions.rs b/crates/tui/src/tui/key_actions.rs
new file mode 100644
index 00000000..ad815031
--- /dev/null
+++ b/crates/tui/src/tui/key_actions.rs
@@ -0,0 +1,56 @@
+//! Keyboard event action handlers extracted from `ui.rs`.
+//!
+//! Each function handles a focused subset of keyboard input so the
+//! main event loop stays lean.
+
+use crossterm::event::{KeyCode, KeyEvent};
+
+use super::app::App;
+
+// ── File-tree key handling ───────────────────────────────────────
+
+/// Handle keyboard input when the file-tree pane is visible.
+///
+/// Returns `true` when the key was consumed (caller should `continue`).
+pub fn handle_file_tree_key(app: &mut App, key: &KeyEvent) -> bool {
+    // Guard: do not intercept keys when the file-tree pane is not visible.
+    if !app.file_tree_visible {
+        return false;
+    }
+
+    // Esc closes the tree even when entries are still loading.
+    if key.code == KeyCode::Esc && app.file_tree.is_some() {
+        app.file_tree = None;
+        app.status_message = Some("File tree closed".to_string());
+        app.needs_redraw = true;
+        return true;
+    }
+
+    let Some(file_tree) = app.file_tree.as_mut() else {
+        return false;
+    };
+
+    match key.code {
+        KeyCode::Up => {
+            file_tree.cursor_up();
+            app.needs_redraw = true;
+            true
+        }
+        KeyCode::Down => {
+            file_tree.cursor_down();
+            app.needs_redraw = true;
+            true
+        }
+        KeyCode::Enter => {
+            if let Some(rel_path) = file_tree.activate() {
+                let path_str = rel_path.to_string_lossy().to_string();
+                app.status_message = Some(format!("Attached @{path_str}"));
+                app.insert_str(&format!("@{path_str} "));
+            } else {
+                app.needs_redraw = true;
+            }
+            true
+        }
+        _ => false,
+    }
+}
diff --git a/crates/tui/src/tui/mod.rs b/crates/tui/src/tui/mod.rs
index 34b70ee2..bfb2e477 100644
--- a/crates/tui/src/tui/mod.rs
+++ b/crates/tui/src/tui/mod.rs
@@ -35,6 +35,7 @@ pub mod footer_ui;
 pub mod format_helpers;
 pub mod frame_rate_limiter;
 pub mod history;
+pub mod key_actions;
 pub mod key_shortcuts;
 pub mod keybindings;
 pub mod live_transcript;
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 9383657e..5d3dba18 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -106,6 +106,8 @@ use crate::tui::views::subagent_view_agents;
 use crate::tui::vim_mode;
 use crate::tui::workspace_context;
 
+use super::key_actions;
+
 use super::app::{
     App, AppAction, AppMode, OnboardingState, QueuedMessage, ReasoningEffort, SidebarFocus,
     StatusToastLevel, SubmitDisposition, TaskPanelEntry, TuiOptions,
@@ -2772,47 +2774,9 @@ async fn run_event_loop(
                 continue;
             }
 
-            // File-tree navigation: intercept keys when the file-tree pane is
-            // visible so Up/Down/Enter/Esc operate on the tree rather than
-            // falling through to composer or modal handlers.
-            if app.file_tree_visible {
-                match key.code {
-                    KeyCode::Up => {
-                        if let Some(state) = app.file_tree.as_mut() {
-                            state.cursor_up();
-                        }
-                        app.needs_redraw = true;
-                        continue;
-                    }
-                    KeyCode::Down => {
-                        if let Some(state) = app.file_tree.as_mut() {
-                            state.cursor_down();
-                        }
-                        app.needs_redraw = true;
-                        continue;
-                    }
-                    KeyCode::Enter => {
-                        if let Some(state) = app.file_tree.as_mut() {
-                            if let Some(rel_path) = state.activate() {
-                                // Insert @path into the composer.
-                                let path_str = rel_path.to_string_lossy().to_string();
-                                app.status_message = Some(format!("Attached @{path_str}"));
-                                app.insert_str(&format!("@{path_str} "));
-                            } else {
-                                // Directory was expanded/collapsed; rebuild.
-                                app.needs_redraw = true;
-                            }
-                        }
-                        continue;
-                    }
-                    KeyCode::Esc => {
-                        app.file_tree = None;
-                        app.status_message = Some("File tree closed".to_string());
-                        app.needs_redraw = true;
-                        continue;
-                    }
-                    _ => {}
-                }
+            // File-tree navigation: delegated to key_actions module.
+            if key_actions::handle_file_tree_key(app, &key) {
+                continue;
             }
 
             if app.is_history_search_active() {

From dca48545dfbc207721c05f26e6dc5e2e74731000 Mon Sep 17 00:00:00 2001
From: Quentin Lian <93166482+quentin-lian@users.noreply.github.com>
Date: Tue, 26 May 2026 23:38:17 +0800
Subject: [PATCH 063/283] fix(tui): upgrade portable-pty to 0.9 for LoongArch64
 support (#1992)

portable-pty 0.8.1 depends on nix 0.25.1, which lacks loongarch64 in
its ioctl cfg blocks, causing a build failure on LoongArch64 Linux.

portable-pty 0.9.0 depends on nix ^0.28, which fully supports
loongarch64. The public API surface used by CodeWhale is unchanged.

Closes #1945
---
 Cargo.lock            | 83 ++++++-------------------------------------
 crates/tui/Cargo.toml |  2 +-
 2 files changed, 11 insertions(+), 74 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 52bb42c4..7dbc5d6c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2565,15 +2565,6 @@ dependencies = [
  "rustversion",
 ]
 
-[[package]]
-name = "ioctl-rs"
-version = "0.1.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7970510895cee30b3e9128319f2cefd4bde883a39f38baa279567ba3a7eb97d"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "ipnet"
 version = "2.11.0"
@@ -3099,20 +3090,6 @@ dependencies = [
  "smallvec",
 ]
 
-[[package]]
-name = "nix"
-version = "0.25.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f346ff70e7dbfd675fe90590b92d59ef2de15a8779ae305ebcbfd3f0caf59be4"
-dependencies = [
- "autocfg",
- "bitflags 1.3.2",
- "cfg-if",
- "libc",
- "memoffset 0.6.5",
- "pin-utils",
-]
-
 [[package]]
 name = "nix"
 version = "0.28.0"
@@ -3625,9 +3602,9 @@ checksum = "f89776e4d69bb58bc6993e99ffa1d11f228b839984854c7daeb5d37f87cbe950"
 
 [[package]]
 name = "portable-pty"
-version = "0.8.1"
+version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "806ee80c2a03dbe1a9fb9534f8d19e4c0546b790cde8fd1fea9d6390644cb0be"
+checksum = "b4a596a2b3d2752d94f51fac2d4a96737b8705dddd311a32b9af47211f08671e"
 dependencies = [
  "anyhow",
  "bitflags 1.3.2",
@@ -3636,8 +3613,8 @@ dependencies = [
  "lazy_static",
  "libc",
  "log",
- "nix 0.25.1",
- "serial",
+ "nix 0.28.0",
+ "serial2",
  "shared_library",
  "shell-words",
  "winapi",
@@ -4584,45 +4561,14 @@ dependencies = [
 ]
 
 [[package]]
-name = "serial"
-version = "0.4.0"
+name = "serial2"
+version = "0.2.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1237a96570fc377c13baa1b88c7589ab66edced652e43ffb17088f003db3e86"
-dependencies = [
- "serial-core",
- "serial-unix",
- "serial-windows",
-]
-
-[[package]]
-name = "serial-core"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f46209b345401737ae2125fe5b19a77acce90cd53e1658cda928e4fe9a64581"
+checksum = "9eb6ea5562eeaed6936b8b54e086aa0f88b9e5b1bef45beb038e2519fa1185b1"
 dependencies = [
+ "cfg-if",
  "libc",
-]
-
-[[package]]
-name = "serial-unix"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f03fbca4c9d866e24a459cbca71283f545a37f8e3e002ad8c70593871453cab7"
-dependencies = [
- "ioctl-rs",
- "libc",
- "serial-core",
- "termios 0.2.2",
-]
-
-[[package]]
-name = "serial-windows"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "15c6d3b776267a75d31bbdfd5d36c0ca051251caafc285827052bc53bcdc8162"
-dependencies = [
- "libc",
- "serial-core",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -5011,15 +4957,6 @@ dependencies = [
  "phf_codegen",
 ]
 
-[[package]]
-name = "termios"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d5d9cf598a6d7ce700a4e6a9199da127e6819a61e64b68609683cc9a01b5683a"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "termios"
 version = "0.3.3"
@@ -5058,7 +4995,7 @@ dependencies = [
  "signal-hook",
  "siphasher",
  "terminfo",
- "termios 0.3.3",
+ "termios",
  "thiserror 1.0.69",
  "ucd-trie",
  "unicode-segmentation",
diff --git a/crates/tui/Cargo.toml b/crates/tui/Cargo.toml
index 545eb5e8..2ffdde9e 100644
--- a/crates/tui/Cargo.toml
+++ b/crates/tui/Cargo.toml
@@ -70,7 +70,7 @@ multimap = "0.10.0"
 shlex = "1.3.0"
 starlark = "0.13.0"
 tiny_http = "0.12"
-portable-pty = "0.8"
+portable-pty = "0.9"
 zeroize = "1.8.2"
 ignore = "0.4"
 image = { version = "0.25", default-features = false, features = ["png"] }

From 16728360f13cd38fc1bf946d839b6dae9d45367d Mon Sep 17 00:00:00 2001
From: kunpeng-ai-lab <1370321215@qq.com>
Date: Tue, 26 May 2026 23:38:23 +0800
Subject: [PATCH 064/283] Expose apply_patch preflight metadata (#1971)

* Expose apply_patch preflight metadata

* test: harden apply_patch preflight metadata

---------

Co-authored-by: Codex <codex@local>
---
 crates/tui/src/core/engine.rs           |   2 +-
 crates/tui/src/core/engine/lsp_hooks.rs |  55 +---
 crates/tui/src/core/engine/tests.rs     |  17 +-
 crates/tui/src/tools/apply_patch.rs     | 341 ++++++++++++++++++++++--
 4 files changed, 341 insertions(+), 74 deletions(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index cc60bb73..e81debe9 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -2021,7 +2021,7 @@ use self::dispatch::{
 };
 use self::loop_guard::{AttemptDecision, LoopGuard, OutcomeDecision};
 #[cfg(test)]
-use self::lsp_hooks::{edited_paths_for_tool, parse_patch_paths};
+use self::lsp_hooks::edited_paths_for_tool;
 #[cfg(test)]
 use self::streaming::TOOL_CALL_START_MARKERS;
 use self::streaming::{
diff --git a/crates/tui/src/core/engine/lsp_hooks.rs b/crates/tui/src/core/engine/lsp_hooks.rs
index 1e6da746..544bb903 100644
--- a/crates/tui/src/core/engine/lsp_hooks.rs
+++ b/crates/tui/src/core/engine/lsp_hooks.rs
@@ -7,6 +7,8 @@
 
 use std::path::PathBuf;
 
+use crate::tools::apply_patch::preflight_apply_patch;
+
 use super::*;
 
 /// #136: derive the file path(s) edited by a tool call. Returns the empty
@@ -22,54 +24,19 @@ pub(super) fn edited_paths_for_tool(tool_name: &str, input: &serde_json::Value)
                 Vec::new()
             }
         }
-        "apply_patch" => {
-            // `apply_patch` accepts either a `path` override or a list of
-            // `files` (each `{path, content}`). We try both shapes.
-            let mut out = Vec::new();
-            if let Some(path) = input.get("path").and_then(|v| v.as_str()) {
-                out.push(PathBuf::from(path));
-            }
-            if let Some(files) = input.get("files").and_then(|v| v.as_array()) {
-                for entry in files {
-                    if let Some(path) = entry.get("path").and_then(|v| v.as_str()) {
-                        out.push(PathBuf::from(path));
-                    }
-                }
-            }
-            // Fallback: parse `---`/`+++` headers from a unified diff payload.
-            if out.is_empty()
-                && let Some(patch) = input.get("patch").and_then(|v| v.as_str())
-            {
-                out.extend(parse_patch_paths(patch));
-            }
-            out
-        }
+        "apply_patch" => preflight_apply_patch(input)
+            .map(|preflight| {
+                preflight
+                    .touched_files
+                    .into_iter()
+                    .map(PathBuf::from)
+                    .collect()
+            })
+            .unwrap_or_default(),
         _ => Vec::new(),
     }
 }
 
-/// Lightweight parser for `+++ b/<path>` lines in a unified diff. Used as a
-/// fallback when `apply_patch` is invoked with raw `patch` text and no
-/// `path`/`files` override. We deliberately keep this dumb — the real
-/// `apply_patch` tool already validates the patch shape; we only need a
-/// best-effort hint for the LSP hook.
-pub(super) fn parse_patch_paths(patch: &str) -> Vec<PathBuf> {
-    let mut out = Vec::new();
-    for line in patch.lines() {
-        if let Some(rest) = line.strip_prefix("+++ ") {
-            let trimmed = rest.trim();
-            // Strip leading `b/` per git diff conventions.
-            let path = trimmed.strip_prefix("b/").unwrap_or(trimmed);
-            // Skip `/dev/null` (deletion).
-            if path == "/dev/null" {
-                continue;
-            }
-            out.push(PathBuf::from(path));
-        }
-    }
-    out
-}
-
 impl Engine {
     /// #136: post-edit hook. Inspects the tool name + input, derives the
     /// edited file path, and asks the LSP manager for diagnostics. The
diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index 14404399..ddbafe37 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -2443,9 +2443,9 @@ fn edited_paths_for_write_file_returns_path() {
 }
 
 #[test]
-fn edited_paths_for_apply_patch_with_files_returns_each_path() {
+fn edited_paths_for_apply_patch_with_changes_returns_each_path() {
     let input = json!({
-        "files": [
+        "changes": [
             { "path": "a.rs", "content": "" },
             { "path": "b.rs", "content": "" }
         ]
@@ -2463,6 +2463,15 @@ fn edited_paths_for_apply_patch_with_diff_text_extracts_paths() {
     assert_eq!(paths, vec![PathBuf::from("foo.rs")]);
 }
 
+#[test]
+fn edited_paths_for_apply_patch_with_invalid_diff_returns_empty() {
+    let input = json!({
+        "patch": "@@ -1 +1 @@\n-old\n+new\n"
+    });
+    let paths = edited_paths_for_tool("apply_patch", &input);
+    assert!(paths.is_empty());
+}
+
 #[test]
 fn edited_paths_for_unknown_tool_returns_empty() {
     let input = json!({ "path": "irrelevant.rs" });
@@ -2474,8 +2483,8 @@ fn edited_paths_for_unknown_tool_returns_empty() {
 
 #[test]
 fn parse_patch_paths_skips_dev_null() {
-    let patch = "--- a/keep.rs\n+++ b/keep.rs\n--- a/deleted.rs\n+++ /dev/null\n";
-    let paths = parse_patch_paths(patch);
+    let patch = "--- a/keep.rs\n+++ b/keep.rs\n@@ -1 +1 @@\n-old\n+new\n--- a/deleted.rs\n+++ /dev/null\n@@ -1 +0,0 @@\n-delete me\n";
+    let paths = edited_paths_for_tool("apply_patch", &json!({ "patch": patch }));
     assert_eq!(paths, vec![PathBuf::from("keep.rs")]);
 }
 
diff --git a/crates/tui/src/tools/apply_patch.rs b/crates/tui/src/tools/apply_patch.rs
index f956a802..71978017 100644
--- a/crates/tui/src/tools/apply_patch.rs
+++ b/crates/tui/src/tools/apply_patch.rs
@@ -56,6 +56,22 @@ pub struct FileSummary {
     pub deleted: bool,
 }
 
+/// No-mutation summary of what an `apply_patch` input intends to touch.
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+pub struct ApplyPatchPreflight {
+    pub touched_files: Vec<String>,
+    pub files_total: usize,
+    pub hunks_total: usize,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub creates: Vec<String>,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub deletes: Vec<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub path_override: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub header_path_mismatch: Option<String>,
+}
+
 /// A single hunk in a unified diff
 #[derive(Debug, Clone)]
 pub struct Hunk {
@@ -132,6 +148,19 @@ struct HunkApplyStats {
     hunks_with_fuzz: usize,
 }
 
+#[derive(Debug, Clone)]
+enum ApplyPatchPreflightKind {
+    Changes,
+    PathOverride { path: String, hunks: Vec<Hunk> },
+    FilePatches(Vec<FilePatch>),
+}
+
+#[derive(Debug, Clone)]
+struct ApplyPatchPreflightPlan {
+    summary: ApplyPatchPreflight,
+    kind: ApplyPatchPreflightKind,
+}
+
 // === Errors ===
 
 #[derive(Debug, Error)]
@@ -212,6 +241,7 @@ impl ToolSpec for ApplyPatchTool {
         let fuzz = optional_u64(&input, "fuzz", MAX_FUZZ as u64).min(MAX_FUZZ as u64);
         let fuzz = usize::try_from(fuzz).unwrap_or(MAX_FUZZ);
         let create_if_missing = optional_bool(&input, "create_if_missing", false);
+        let preflight = preflight_apply_patch_plan(&input)?;
 
         if let Some(changes_value) = input.get("changes") {
             let (pending, stats) = build_pending_writes_from_changes(changes_value, context)?;
@@ -233,6 +263,8 @@ impl ToolSpec for ApplyPatchTool {
             };
             let mut tool_result = ToolResult::json(&result)
                 .map_err(|e| ToolError::execution_failed(e.to_string()))?;
+            tool_result =
+                tool_result.with_metadata(apply_patch_preflight_metadata(&preflight.summary));
             if !diag_block.is_empty() {
                 tool_result.content.push('\n');
                 tool_result.content.push_str(&diag_block);
@@ -240,38 +272,21 @@ impl ToolSpec for ApplyPatchTool {
             return Ok(tool_result);
         }
 
-        let patch_text = required_str(&input, "patch")?;
-        let path_override = optional_str(&input, "path");
-        let patch_shape = inspect_patch_shape(patch_text);
-        validate_patch_shape(&patch_shape, path_override)?;
-        let mismatch_note = path_override.and_then(|path| diff_header_mismatch(path, &patch_shape));
-        let file_patches = if let Some(path) = path_override {
-            let hunks = parse_unified_diff(patch_text)?;
-            if hunks.is_empty() {
-                return Err(ToolError::invalid_input(
-                    "Patch did not contain any hunks (`@@ ... @@`). Provide a unified diff hunk.",
-                ));
+        let file_patches = match preflight.kind {
+            ApplyPatchPreflightKind::Changes => {
+                unreachable!("changes input returned before patch execution")
             }
-            vec![FilePatch {
-                path: path.to_string(),
+            ApplyPatchPreflightKind::PathOverride { path, hunks } => vec![FilePatch {
+                path,
                 hunks,
                 delete_after: false,
                 create_if_missing,
-            }]
-        } else {
-            let file_patches = parse_unified_diff_files(patch_text, create_if_missing)?;
-            if file_patches.is_empty() {
-                return Err(ToolError::invalid_input(
-                    "No valid file patches found. Ensure the patch includes `---`/`+++` headers or provide `path`.",
-                ));
-            }
-            file_patches
+            }],
+            ApplyPatchPreflightKind::FilePatches(file_patches) => file_patches,
         };
 
         let (pending, mut stats) = build_pending_writes_from_patches(file_patches, context, fuzz)?;
-        if stats.header_path_mismatch.is_none() {
-            stats.header_path_mismatch = mismatch_note;
-        }
+        stats.header_path_mismatch = preflight.summary.header_path_mismatch.clone();
         apply_pending_writes(&pending)?;
         // Resolve absolute paths for LSP diagnostics query.
         let abs_paths: Vec<PathBuf> = pending
@@ -294,6 +309,7 @@ impl ToolSpec for ApplyPatchTool {
         };
         let mut tool_result =
             ToolResult::json(&result).map_err(|e| ToolError::execution_failed(e.to_string()))?;
+        tool_result = tool_result.with_metadata(apply_patch_preflight_metadata(&preflight.summary));
         if !diag_block.is_empty() {
             tool_result.content.push('\n');
             tool_result.content.push_str(&diag_block);
@@ -302,6 +318,143 @@ impl ToolSpec for ApplyPatchTool {
     }
 }
 
+/// Parse `apply_patch` input into a reusable, no-mutation preflight summary.
+///
+/// This deliberately stops before workspace resolution or file reads. It is
+/// suitable for policy checks, audit logs, diagnostics hooks, and future undo
+/// planning that must know the target files before mutation.
+pub fn preflight_apply_patch(input: &Value) -> Result<ApplyPatchPreflight, ToolError> {
+    Ok(preflight_apply_patch_plan(input)?.summary)
+}
+
+fn preflight_apply_patch_plan(input: &Value) -> Result<ApplyPatchPreflightPlan, ToolError> {
+    let create_if_missing = optional_bool(input, "create_if_missing", false);
+
+    if let Some(changes_value) = input.get("changes") {
+        return Ok(ApplyPatchPreflightPlan {
+            summary: preflight_changes(changes_value)?,
+            kind: ApplyPatchPreflightKind::Changes,
+        });
+    }
+
+    let patch_text = required_str(input, "patch")?;
+    let path_override = optional_str(input, "path");
+    let patch_shape = inspect_patch_shape(patch_text);
+    validate_patch_shape(&patch_shape, path_override)?;
+    let header_path_mismatch =
+        path_override.and_then(|path| diff_header_mismatch(path, &patch_shape));
+
+    if let Some(path) = path_override {
+        let hunks = parse_unified_diff(patch_text)?;
+        if hunks.is_empty() {
+            return Err(ToolError::invalid_input(
+                "Patch did not contain any hunks (`@@ ... @@`). Provide a unified diff hunk.",
+            ));
+        }
+        return Ok(ApplyPatchPreflightPlan {
+            summary: ApplyPatchPreflight {
+                touched_files: vec![path.to_string()],
+                files_total: 1,
+                hunks_total: hunks.len(),
+                creates: if create_if_missing {
+                    vec![path.to_string()]
+                } else {
+                    Vec::new()
+                },
+                deletes: Vec::new(),
+                path_override: Some(path.to_string()),
+                header_path_mismatch,
+            },
+            kind: ApplyPatchPreflightKind::PathOverride {
+                path: path.to_string(),
+                hunks,
+            },
+        });
+    }
+
+    let file_patches = parse_unified_diff_files(patch_text, create_if_missing)?;
+    if file_patches.is_empty() {
+        return Err(ToolError::invalid_input(
+            "No valid file patches found. Ensure the patch includes `---`/`+++` headers or provide `path`.",
+        ));
+    }
+
+    let mut touched_files = Vec::new();
+    let mut creates = Vec::new();
+    let mut deletes = Vec::new();
+    let mut hunks_total = 0;
+    for file_patch in &file_patches {
+        if file_patch.hunks.is_empty() {
+            return Err(ToolError::invalid_input(format!(
+                "Patch section for `{}` has no hunks (`@@ ... @@`).",
+                file_patch.path
+            )));
+        }
+        push_unique(&mut touched_files, file_patch.path.clone());
+        hunks_total += file_patch.hunks.len();
+        if file_patch.create_if_missing && !file_patch.delete_after {
+            push_unique(&mut creates, file_patch.path.clone());
+        }
+        if file_patch.delete_after {
+            push_unique(&mut deletes, file_patch.path.clone());
+        }
+    }
+
+    Ok(ApplyPatchPreflightPlan {
+        summary: ApplyPatchPreflight {
+            files_total: file_patches.len(),
+            touched_files,
+            hunks_total,
+            creates,
+            deletes,
+            path_override: None,
+            header_path_mismatch,
+        },
+        kind: ApplyPatchPreflightKind::FilePatches(file_patches),
+    })
+}
+
+fn preflight_changes(changes_value: &Value) -> Result<ApplyPatchPreflight, ToolError> {
+    let changes = changes_value.as_array().ok_or_else(|| {
+        ToolError::invalid_input("`changes` must be an array of objects like {path, content}")
+    })?;
+    if changes.is_empty() {
+        return Err(ToolError::invalid_input("`changes` cannot be empty"));
+    }
+
+    let mut touched_files = Vec::new();
+    for change in changes {
+        let path = change
+            .get("path")
+            .and_then(Value::as_str)
+            .ok_or_else(|| ToolError::missing_field("changes[].path"))?;
+        let _content = change
+            .get("content")
+            .and_then(Value::as_str)
+            .ok_or_else(|| ToolError::missing_field("changes[].content"))?;
+        push_unique(&mut touched_files, path.to_string());
+    }
+
+    Ok(ApplyPatchPreflight {
+        files_total: changes.len(),
+        touched_files,
+        hunks_total: 0,
+        creates: Vec::new(),
+        deletes: Vec::new(),
+        path_override: None,
+        header_path_mismatch: None,
+    })
+}
+
+fn apply_patch_preflight_metadata(preflight: &ApplyPatchPreflight) -> Value {
+    let mut metadata =
+        serde_json::to_value(preflight).expect("ApplyPatchPreflight should serialize");
+    if let Some(object) = metadata.as_object_mut() {
+        object.insert("event".to_string(), json!("apply_patch.preflight"));
+    }
+    metadata
+}
+
 /// Parse a unified diff into hunks
 fn parse_unified_diff(patch: &str) -> Result<Vec<Hunk>, ToolError> {
     let mut hunks = Vec::new();
@@ -1056,6 +1209,101 @@ mod tests {
         assert_eq!(hunks[0].new_count, 3);
     }
 
+    #[test]
+    fn test_preflight_apply_patch_with_path_override() {
+        let patch = r"@@ -1,2 +1,2 @@
+ old
+-value
++new-value
+";
+
+        let preflight = preflight_apply_patch(&json!({
+            "path": "src/lib.rs",
+            "patch": patch
+        }))
+        .expect("preflight");
+
+        assert_eq!(preflight.touched_files, vec!["src/lib.rs"]);
+        assert_eq!(preflight.files_total, 1);
+        assert_eq!(preflight.hunks_total, 1);
+        assert_eq!(preflight.path_override.as_deref(), Some("src/lib.rs"));
+    }
+
+    #[test]
+    fn test_preflight_apply_patch_multi_file_create_and_delete() {
+        let patch = r"diff --git a/new.rs b/new.rs
+--- /dev/null
++++ b/new.rs
+@@ -0,0 +1 @@
++fn added() {}
+diff --git a/old.rs b/old.rs
+--- a/old.rs
++++ /dev/null
+@@ -1 +0,0 @@
+-fn old() {}
+";
+
+        let preflight = preflight_apply_patch(&json!({ "patch": patch })).expect("preflight");
+
+        assert_eq!(preflight.touched_files, vec!["new.rs", "old.rs"]);
+        assert_eq!(preflight.files_total, 2);
+        assert_eq!(preflight.hunks_total, 2);
+        assert_eq!(preflight.creates, vec!["new.rs"]);
+        assert_eq!(preflight.deletes, vec!["old.rs"]);
+    }
+
+    #[test]
+    fn test_preflight_apply_patch_changes_list() {
+        let preflight = preflight_apply_patch(&json!({
+            "changes": [
+                { "path": "one.txt", "content": "one" },
+                { "path": "two.txt", "content": "two" }
+            ]
+        }))
+        .expect("preflight");
+
+        assert_eq!(preflight.touched_files, vec!["one.txt", "two.txt"]);
+        assert_eq!(preflight.files_total, 2);
+        assert_eq!(preflight.hunks_total, 0);
+    }
+
+    #[test]
+    fn test_preflight_changes_files_total_counts_entries() {
+        let preflight = preflight_apply_patch(&json!({
+            "changes": [
+                { "path": "same.txt", "content": "one" },
+                { "path": "same.txt", "content": "two" }
+            ]
+        }))
+        .expect("preflight");
+
+        assert_eq!(preflight.touched_files, vec!["same.txt"]);
+        assert_eq!(preflight.files_total, 2);
+    }
+
+    #[test]
+    fn test_preflight_patch_files_total_counts_sections() {
+        let patch = r"diff --git a/same.txt b/same.txt
+--- a/same.txt
++++ b/same.txt
+@@ -1,1 +1,1 @@
+-one
++two
+diff --git a/same.txt b/same.txt
+--- a/same.txt
++++ b/same.txt
+@@ -2,1 +2,1 @@
+-three
++four
+";
+
+        let preflight = preflight_apply_patch(&json!({ "patch": patch })).expect("preflight");
+
+        assert_eq!(preflight.touched_files, vec!["same.txt"]);
+        assert_eq!(preflight.files_total, 2);
+        assert_eq!(preflight.hunks_total, 2);
+    }
+
     #[test]
     fn test_apply_hunk_simple() {
         let mut lines = vec![
@@ -1160,6 +1408,30 @@ mod tests {
             .expect("execute");
 
         assert!(result.success);
+        assert_eq!(
+            result.metadata.as_ref().unwrap()["event"],
+            "apply_patch.preflight"
+        );
+        assert_eq!(
+            result.metadata.as_ref().unwrap()["touched_files"],
+            json!(["test.txt"])
+        );
+        assert!(
+            result
+                .metadata
+                .as_ref()
+                .unwrap()
+                .get("header_path_mismatch")
+                .is_none()
+        );
+        assert!(
+            result
+                .metadata
+                .as_ref()
+                .unwrap()
+                .get("path_override")
+                .is_some()
+        );
         let patch_result = parse_patch_result(result);
         assert_eq!(patch_result.touched_files, vec!["test.txt"]);
         assert_eq!(patch_result.hunks_applied, 1);
@@ -1246,6 +1518,12 @@ mod tests {
             .expect("execute");
 
         assert!(result.success);
+        let metadata = result.metadata.as_ref().expect("metadata");
+        assert_eq!(metadata["event"], "apply_patch.preflight");
+        assert_eq!(metadata["touched_files"], json!(["one.txt", "two.txt"]));
+        assert_eq!(metadata["files_total"], 2);
+        assert_eq!(metadata["hunks_total"], 0);
+        assert!(metadata.get("path_override").is_none());
         let patch_result = parse_patch_result(result);
         let mut touched = patch_result.touched_files.clone();
         touched.sort();
@@ -1292,6 +1570,12 @@ diff --git a/b.txt b/b.txt
             .expect("execute");
 
         assert!(result.success);
+        let metadata = result.metadata.as_ref().expect("metadata");
+        assert_eq!(metadata["event"], "apply_patch.preflight");
+        assert_eq!(metadata["touched_files"], json!(["a.txt", "b.txt"]));
+        assert_eq!(metadata["files_total"], 2);
+        assert_eq!(metadata["hunks_total"], 2);
+        assert!(metadata.get("path_override").is_none());
         let patch_result = parse_patch_result(result);
         let mut touched = patch_result.touched_files.clone();
         touched.sort();
@@ -1407,6 +1691,13 @@ diff --git a/b.txt b/b.txt
             .execute(json!({"path": "override.txt", "patch": patch}), &ctx)
             .await
             .expect("execute");
+        let metadata = result.metadata.as_ref().expect("metadata");
+        assert!(
+            metadata["header_path_mismatch"]
+                .as_str()
+                .unwrap()
+                .contains("headers reference `other.txt`")
+        );
         let patch_result = parse_patch_result(result);
         assert!(
             patch_result

From c97c3a7a0475ad302ecac6926c2394729827ff3f Mon Sep 17 00:00:00 2001
From: kunpeng-ai-lab <1370321215@qq.com>
Date: Tue, 26 May 2026 23:38:27 +0800
Subject: [PATCH 065/283] Summarize Cargo failures in tool metadata (#1973)

* Summarize cargo failures in tool metadata

* fix: preserve shell summaries for cargo failures

---------

Co-authored-by: Codex <codex@local>
---
 crates/tui/src/tools/cargo_failure_summary.rs | 469 ++++++++++++++++++
 crates/tui/src/tools/mod.rs                   |   1 +
 crates/tui/src/tools/shell.rs                 |  64 ++-
 crates/tui/src/tools/shell/tests.rs           |  91 ++++
 crates/tui/src/tools/test_runner.rs           |  27 +-
 5 files changed, 628 insertions(+), 24 deletions(-)
 create mode 100644 crates/tui/src/tools/cargo_failure_summary.rs

diff --git a/crates/tui/src/tools/cargo_failure_summary.rs b/crates/tui/src/tools/cargo_failure_summary.rs
new file mode 100644
index 00000000..00033f6d
--- /dev/null
+++ b/crates/tui/src/tools/cargo_failure_summary.rs
@@ -0,0 +1,469 @@
+//! Compact summaries for Cargo failures.
+//!
+//! Cargo output can be large and noisy. This module extracts stable failure
+//! signals for tool metadata so context compaction can preserve the actionable
+//! lines without re-running `cargo test | tail`.
+
+use serde::{Deserialize, Serialize};
+use serde_json::{Value, json};
+
+const MAX_ITEMS: usize = 8;
+const MAX_SUMMARY_CHARS: usize = 1_200;
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum CargoFailureKind {
+    TestFailure,
+    CompileError,
+    CargoFailure,
+}
+
+impl CargoFailureKind {
+    fn label(&self) -> &'static str {
+        match self {
+            Self::TestFailure => "test_failure",
+            Self::CompileError => "compile_error",
+            Self::CargoFailure => "cargo_failure",
+        }
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+pub(crate) struct CargoFailureSummary {
+    pub(crate) kind: CargoFailureKind,
+    pub(crate) summary: String,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub(crate) failing_tests: Vec<String>,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub(crate) error_codes: Vec<String>,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub(crate) primary_errors: Vec<String>,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub(crate) panic_locations: Vec<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub(crate) test_result: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub(crate) final_error: Option<String>,
+}
+
+impl CargoFailureSummary {
+    pub(crate) fn to_metadata_value(&self) -> Value {
+        json!(self)
+    }
+}
+
+pub(crate) fn summarize_cargo_failure(
+    command: &str,
+    stdout: &str,
+    stderr: &str,
+    exit_code: Option<i32>,
+) -> Option<CargoFailureSummary> {
+    if exit_code == Some(0) || !looks_like_cargo_command(command) {
+        return None;
+    }
+
+    let mut failing_tests = Vec::new();
+    let mut error_codes = Vec::new();
+    let mut primary_errors = Vec::new();
+    let mut panic_locations = Vec::new();
+    let mut test_result = None;
+    let mut final_error = None;
+
+    for line in stderr.lines().chain(stdout.lines()) {
+        let trimmed = line.trim();
+        if trimmed.is_empty() {
+            continue;
+        }
+
+        if let Some(test) = parse_failed_test_line(trimmed) {
+            push_unique_limited(&mut failing_tests, test);
+        }
+        if let Some(test) = parse_failure_header(trimmed) {
+            push_unique_limited(&mut failing_tests, test);
+        }
+        if let Some(code) = parse_error_code(trimmed) {
+            push_unique_limited(&mut error_codes, code);
+        }
+        if is_primary_error_line(trimmed) {
+            push_unique_limited(&mut primary_errors, trimmed.to_string());
+        }
+        if trimmed.contains("panicked at ") {
+            push_unique_limited(&mut panic_locations, trimmed.to_string());
+        }
+        if trimmed.starts_with("test result:") {
+            test_result = Some(trimmed.to_string());
+        }
+        if trimmed.starts_with("error: could not compile")
+            || trimmed.starts_with("error: aborting due to")
+            || trimmed.starts_with("error: test failed")
+        {
+            final_error = Some(trimmed.to_string());
+        }
+    }
+
+    let kind = classify_failure(&failing_tests, &primary_errors, test_result.as_deref());
+    if !has_actionable_signal(
+        &failing_tests,
+        &error_codes,
+        &primary_errors,
+        &panic_locations,
+        test_result.as_deref(),
+        final_error.as_deref(),
+    ) {
+        return None;
+    }
+    let summary = build_summary(
+        &kind,
+        &failing_tests,
+        &error_codes,
+        &primary_errors,
+        &panic_locations,
+        test_result.as_deref(),
+        final_error.as_deref(),
+    );
+
+    Some(CargoFailureSummary {
+        kind,
+        summary,
+        failing_tests,
+        error_codes,
+        primary_errors,
+        panic_locations,
+        test_result,
+        final_error,
+    })
+}
+
+fn looks_like_cargo_command(command: &str) -> bool {
+    let Some(tokens) = shlex::split(command) else {
+        return false;
+    };
+
+    let mut expect_command = true;
+    for (idx, raw_token) in tokens.iter().enumerate() {
+        let token = normalize_shell_token(raw_token);
+        if token.is_empty() {
+            continue;
+        }
+        if is_shell_separator(token) {
+            expect_command = true;
+            continue;
+        }
+        if !expect_command {
+            continue;
+        }
+        if looks_like_env_assignment(token) {
+            continue;
+        }
+        if is_cargo_binary(token) {
+            return cargo_subcommand(&tokens[idx + 1..]).is_some();
+        }
+        expect_command = false;
+    }
+
+    false
+}
+
+fn parse_failed_test_line(line: &str) -> Option<String> {
+    let rest = line.strip_prefix("test ")?;
+    let (name, status) = rest.rsplit_once(" ... ")?;
+    (status == "FAILED").then(|| name.trim().to_string())
+}
+
+fn parse_failure_header(line: &str) -> Option<String> {
+    let rest = line.strip_prefix("---- ")?;
+    let name = rest.strip_suffix(" stdout ----")?;
+    Some(name.trim().to_string())
+}
+
+fn parse_error_code(line: &str) -> Option<String> {
+    let rest = line.strip_prefix("error[")?;
+    let (code, _) = rest.split_once("]")?;
+    Some(code.to_string())
+}
+
+fn is_primary_error_line(line: &str) -> bool {
+    line.starts_with("error[")
+        || (line.starts_with("error:") && !line.starts_with("error: test failed"))
+}
+
+fn classify_failure(
+    failing_tests: &[String],
+    primary_errors: &[String],
+    test_result: Option<&str>,
+) -> CargoFailureKind {
+    if !failing_tests.is_empty()
+        || test_result.is_some_and(|line| line.to_ascii_lowercase().contains("failed"))
+    {
+        CargoFailureKind::TestFailure
+    } else if !primary_errors.is_empty() {
+        CargoFailureKind::CompileError
+    } else {
+        CargoFailureKind::CargoFailure
+    }
+}
+
+fn has_actionable_signal(
+    failing_tests: &[String],
+    error_codes: &[String],
+    primary_errors: &[String],
+    panic_locations: &[String],
+    test_result: Option<&str>,
+    final_error: Option<&str>,
+) -> bool {
+    !failing_tests.is_empty()
+        || !error_codes.is_empty()
+        || !primary_errors.is_empty()
+        || !panic_locations.is_empty()
+        || test_result.is_some()
+        || final_error.is_some()
+}
+
+fn build_summary(
+    kind: &CargoFailureKind,
+    failing_tests: &[String],
+    error_codes: &[String],
+    primary_errors: &[String],
+    panic_locations: &[String],
+    test_result: Option<&str>,
+    final_error: Option<&str>,
+) -> String {
+    let mut lines = Vec::new();
+    lines.push(format!("Cargo failure kind: {}.", kind.label()));
+    if !failing_tests.is_empty() {
+        lines.push(format!("Failing tests: {}.", failing_tests.join(", ")));
+    }
+    if !error_codes.is_empty() {
+        lines.push(format!("Rust error codes: {}.", error_codes.join(", ")));
+    }
+    if let Some(line) = primary_errors.first() {
+        lines.push(format!("Primary error: {line}"));
+    }
+    if let Some(line) = panic_locations.first() {
+        lines.push(format!("Panic: {line}"));
+    }
+    if let Some(line) = test_result {
+        lines.push(line.to_string());
+    }
+    if let Some(line) = final_error {
+        lines.push(line.to_string());
+    }
+    truncate_chars(&lines.join("\n"), MAX_SUMMARY_CHARS)
+}
+
+fn normalize_shell_token(token: &str) -> &str {
+    token.trim_matches(|ch| matches!(ch, '(' | ')' | '{' | '}'))
+}
+
+fn is_shell_separator(token: &str) -> bool {
+    matches!(token, "&&" | "||" | ";" | "|")
+}
+
+fn looks_like_env_assignment(token: &str) -> bool {
+    let Some((name, _)) = token.split_once('=') else {
+        return false;
+    };
+    !name.is_empty()
+        && name
+            .bytes()
+            .all(|byte| byte == b'_' || byte.is_ascii_alphanumeric())
+        && !name.as_bytes()[0].is_ascii_digit()
+}
+
+fn is_cargo_binary(token: &str) -> bool {
+    let name = token.rsplit(['/', '\\']).next().unwrap_or(token);
+    name.eq_ignore_ascii_case("cargo") || name.eq_ignore_ascii_case("cargo.exe")
+}
+
+fn cargo_subcommand(tokens: &[String]) -> Option<&str> {
+    let mut idx = 0;
+    while let Some(raw_token) = tokens.get(idx) {
+        let token = normalize_shell_token(raw_token);
+        if token.is_empty() {
+            idx += 1;
+            continue;
+        }
+        if is_shell_separator(token) {
+            return None;
+        }
+        if token.starts_with('+') {
+            idx += 1;
+            continue;
+        }
+        if token.starts_with('-') {
+            if cargo_global_flag_takes_value(token) {
+                idx += 2;
+            } else {
+                idx += 1;
+            }
+            continue;
+        }
+        return is_supported_cargo_subcommand(token).then_some(token);
+    }
+    None
+}
+
+fn cargo_global_flag_takes_value(token: &str) -> bool {
+    if token.contains('=') {
+        return false;
+    }
+    matches!(
+        token,
+        "--color"
+            | "--config"
+            | "-C"
+            | "--jobs"
+            | "-j"
+            | "--lockfile-path"
+            | "--manifest-path"
+            | "--message-format"
+            | "--package"
+            | "-p"
+            | "--target"
+            | "--target-dir"
+            | "-Z"
+    )
+}
+
+fn is_supported_cargo_subcommand(token: &str) -> bool {
+    matches!(
+        token,
+        "test" | "check" | "build" | "clippy" | "run" | "t" | "c" | "b" | "r"
+    )
+}
+
+fn push_unique_limited(target: &mut Vec<String>, value: String) {
+    if target.len() >= MAX_ITEMS || target.iter().any(|existing| existing == &value) {
+        return;
+    }
+    target.push(value);
+}
+
+fn truncate_chars(text: &str, max_chars: usize) -> String {
+    if let Some((idx, _)) = text.char_indices().nth(max_chars) {
+        if max_chars < 3 {
+            return text[..idx].to_string();
+        }
+        let truncate_at = text
+            .char_indices()
+            .nth(max_chars - 3)
+            .map(|(idx, _)| idx)
+            .unwrap_or(0);
+        format!("{}...", &text[..truncate_at])
+    } else {
+        text.to_string()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn summarizes_failed_libtest_output() {
+        let stdout = r"
+running 1 test
+test tests::fails ... FAILED
+
+failures:
+
+---- tests::fails stdout ----
+thread 'tests::fails' panicked at src/lib.rs:7:9:
+assertion `left == right` failed
+
+test result: FAILED. 0 passed; 1 failed; 0 ignored; finished in 0.00s
+";
+        let summary =
+            summarize_cargo_failure("cargo test", stdout, "", Some(101)).expect("summary");
+
+        assert_eq!(summary.kind, CargoFailureKind::TestFailure);
+        assert_eq!(summary.failing_tests, vec!["tests::fails"]);
+        assert!(summary.summary.contains("Failing tests: tests::fails"));
+        assert!(summary.test_result.unwrap().contains("1 failed"));
+    }
+
+    #[test]
+    fn summarizes_rustc_compile_error() {
+        let stderr = r#"
+error[E0308]: mismatched types
+  --> src/lib.rs:2:5
+   |
+2  |     "" 
+   |     ^^ expected `i32`, found `&str`
+error: could not compile `demo` (lib) due to 1 previous error
+"#;
+        let summary =
+            summarize_cargo_failure("cargo check", "", stderr, Some(101)).expect("summary");
+
+        assert_eq!(summary.kind, CargoFailureKind::CompileError);
+        assert_eq!(summary.error_codes, vec!["E0308"]);
+        assert!(summary.primary_errors[0].contains("mismatched types"));
+        assert!(summary.final_error.unwrap().contains("could not compile"));
+    }
+
+    #[test]
+    fn recognizes_cargo_aliases_and_uncoded_errors() {
+        let stderr = "error: cannot find value `missing` in this scope\n";
+        let summary = summarize_cargo_failure("cargo c", "", stderr, Some(101)).expect("summary");
+
+        assert_eq!(summary.kind, CargoFailureKind::CompileError);
+        assert_eq!(
+            summary.primary_errors,
+            vec!["error: cannot find value `missing` in this scope"]
+        );
+    }
+
+    #[test]
+    fn recognizes_tokenized_cargo_invocations() {
+        assert!(
+            summarize_cargo_failure(
+                "cargo +nightly --manifest-path demo/Cargo.toml test",
+                "test tests::fails ... FAILED\n",
+                "",
+                Some(101),
+            )
+            .is_some()
+        );
+        assert!(
+            summarize_cargo_failure(
+                "DEMO=1 cargo --locked run",
+                "",
+                "error: process didn't exit successfully\n",
+                Some(101),
+            )
+            .is_some()
+        );
+        assert!(
+            summarize_cargo_failure(
+                "echo cargo test && false",
+                "test tests::fails ... FAILED\n",
+                "",
+                Some(1),
+            )
+            .is_none()
+        );
+    }
+
+    #[test]
+    fn skips_generic_cargo_failure_without_actionable_signal() {
+        assert!(
+            summarize_cargo_failure("cargo test", "build failed", "command failed", Some(1))
+                .is_none()
+        );
+    }
+
+    #[test]
+    fn truncate_chars_respects_tiny_limits() {
+        assert_eq!(truncate_chars("abcdef", 0), "");
+        assert_eq!(truncate_chars("abcdef", 1), "a");
+        assert_eq!(truncate_chars("abcdef", 2), "ab");
+        assert_eq!(truncate_chars("abcdef", 3), "...");
+        assert_eq!(truncate_chars("abcdef", 4), "a...");
+    }
+
+    #[test]
+    fn ignores_successful_or_non_cargo_commands() {
+        assert!(summarize_cargo_failure("cargo test", "", "", Some(0)).is_none());
+        assert!(summarize_cargo_failure("npm test", "failed", "", Some(1)).is_none());
+    }
+}
diff --git a/crates/tui/src/tools/mod.rs b/crates/tui/src/tools/mod.rs
index 1a6d470f..aea1cc5f 100644
--- a/crates/tui/src/tools/mod.rs
+++ b/crates/tui/src/tools/mod.rs
@@ -12,6 +12,7 @@ pub mod apply_patch;
 pub mod approval_cache;
 pub mod arg_repair;
 pub mod automation;
+pub mod cargo_failure_summary;
 pub mod diagnostics;
 pub mod diff_format;
 pub mod file;
diff --git a/crates/tui/src/tools/shell.rs b/crates/tui/src/tools/shell.rs
index 650c4cb0..32f48a1d 100644
--- a/crates/tui/src/tools/shell.rs
+++ b/crates/tui/src/tools/shell.rs
@@ -1505,6 +1505,7 @@ pub fn new_shared_shell_manager(workspace: PathBuf) -> SharedShellManager {
 use crate::command_safety::{SafetyLevel, analyze_command, extract_primary_command};
 use crate::execpolicy::{ExecPolicyDecision, load_default_policy};
 use crate::features::Feature;
+use crate::tools::cargo_failure_summary::summarize_cargo_failure;
 use crate::tools::spec::{
     ApprovalRequirement, ToolCapability, ToolContext, ToolError, ToolResult, ToolSpec,
     optional_bool, optional_u64, required_str,
@@ -1523,6 +1524,18 @@ shell sandbox). Workarounds: (1) run the Docker build from a regular terminal ou
 TUI, or (2) disable BuildKit with DOCKER_BUILDKIT=0 (only works if your Dockerfiles do not \
 use RUN --mount directives).";
 
+fn attach_cargo_failure_summary(
+    metadata: &mut serde_json::Value,
+    command: &str,
+    result: &ShellResult,
+) {
+    if let Some(summary) =
+        summarize_cargo_failure(command, &result.stdout, &result.stderr, result.exit_code)
+    {
+        metadata["cargo_failure_summary"] = summary.to_metadata_value();
+    }
+}
+
 pub(crate) fn looks_like_macos_provenance_failure(result: &ShellResult) -> bool {
     if matches!(result.status, ShellStatus::Completed) && result.exit_code == Some(0) {
         return false;
@@ -1965,7 +1978,7 @@ impl ToolSpec for ExecShellTool {
                 format!("{}\n\nSTDERR:\n{}", result.stdout, result.stderr)
             };
 
-            let metadata = json!({
+            let mut metadata = json!({
                 "exit_code": result.exit_code,
                 "status": format!("{:?}", result.status),
                 "duration_ms": result.duration_ms,
@@ -1987,6 +2000,7 @@ impl ToolSpec for ExecShellTool {
                 "canceled": false,
                 "sandbox_backend": "opensandbox",
             });
+            attach_cargo_failure_summary(&mut metadata, command, &result);
 
             return Ok(ToolResult {
                 content: output,
@@ -2165,6 +2179,7 @@ impl ToolSpec for ExecShellTool {
                 if provenance_hint.is_some() {
                     metadata["macos_provenance_restricted"] = json!(true);
                 }
+                attach_cargo_failure_summary(&mut metadata, command, &result);
 
                 Ok(ToolResult {
                     content: output,
@@ -2239,31 +2254,34 @@ fn build_shell_delta_tool_result(delta: ShellDeltaResult, context: &ToolContext)
         output = format!("{hint}\n\n{output}");
     }
 
+    let mut metadata = json!({
+        "exit_code": result.exit_code,
+        "status": format!("{:?}", result.status),
+        "duration_ms": result.duration_ms,
+        "sandboxed": result.sandboxed,
+        "sandbox_type": result.sandbox_type,
+        "sandbox_denied": result.sandbox_denied,
+        "task_id": result.task_id,
+        "stdout_len": result.stdout_len,
+        "stderr_len": result.stderr_len,
+        "stdout_truncated": result.stdout_truncated,
+        "stderr_truncated": result.stderr_truncated,
+        "stdout_omitted": result.stdout_omitted,
+        "stderr_omitted": result.stderr_omitted,
+        "stdout_total_len": delta.stdout_total_len,
+        "stderr_total_len": delta.stderr_total_len,
+        "summary": summary,
+        "stdout_summary": stdout_summary,
+        "stderr_summary": stderr_summary,
+        "command": delta.command,
+        "stream_delta": true,
+    });
+    attach_cargo_failure_summary(&mut metadata, &delta.command, &result);
+
     let mut tool_result = ToolResult {
         content: output,
         success: matches!(result.status, ShellStatus::Completed | ShellStatus::Running),
-        metadata: Some(json!({
-            "exit_code": result.exit_code,
-            "status": format!("{:?}", result.status),
-            "duration_ms": result.duration_ms,
-            "sandboxed": result.sandboxed,
-            "sandbox_type": result.sandbox_type,
-            "sandbox_denied": result.sandbox_denied,
-            "task_id": result.task_id,
-            "stdout_len": result.stdout_len,
-            "stderr_len": result.stderr_len,
-            "stdout_truncated": result.stdout_truncated,
-            "stderr_truncated": result.stderr_truncated,
-            "stdout_omitted": result.stdout_omitted,
-            "stderr_omitted": result.stderr_omitted,
-            "stdout_total_len": delta.stdout_total_len,
-            "stderr_total_len": delta.stderr_total_len,
-            "summary": summary,
-            "stdout_summary": stdout_summary,
-            "stderr_summary": stderr_summary,
-            "command": delta.command,
-            "stream_delta": true,
-        })),
+        metadata: Some(metadata),
     };
     if let Some(hint) = network_restricted_hint
         && let Some(metadata) = tool_result.metadata.as_mut()
diff --git a/crates/tui/src/tools/shell/tests.rs b/crates/tui/src/tools/shell/tests.rs
index 08b1f42d..477c785f 100644
--- a/crates/tui/src/tools/shell/tests.rs
+++ b/crates/tui/src/tools/shell/tests.rs
@@ -366,6 +366,97 @@ fn shell_delta_result_surfaces_network_restricted_hint() {
     );
 }
 
+#[test]
+fn shell_delta_result_includes_cargo_failure_summary() {
+    let tmp = tempdir().expect("tempdir");
+    let ctx = ToolContext::new(tmp.path());
+    let result = ShellResult {
+        task_id: None,
+        status: ShellStatus::Failed,
+        exit_code: Some(101),
+        stdout: "running 1 test\ntest tests::fails ... FAILED\n\nfailures:\n\n---- tests::fails stdout ----\nthread 'tests::fails' panicked at src/lib.rs:7:9:\nboom\n\ntest result: FAILED. 0 passed; 1 failed; 0 ignored; finished in 0.00s\n".to_string(),
+        stderr: "error: test failed, to rerun pass `--lib`".to_string(),
+        duration_ms: 12,
+        stdout_len: 0,
+        stderr_len: 0,
+        stdout_omitted: 0,
+        stderr_omitted: 0,
+        stdout_truncated: false,
+        stderr_truncated: false,
+        sandboxed: false,
+        sandbox_type: None,
+        sandbox_denied: false,
+    };
+
+    let tool_result = build_shell_delta_tool_result(
+        ShellDeltaResult {
+            command: "cargo test".to_string(),
+            result,
+            stdout_total_len: 0,
+            stderr_total_len: 0,
+        },
+        &ctx,
+    );
+
+    let metadata = tool_result.metadata.expect("metadata");
+    assert_eq!(
+        metadata["cargo_failure_summary"]["kind"],
+        json!("test_failure")
+    );
+    assert!(
+        metadata["cargo_failure_summary"]["summary"]
+            .as_str()
+            .unwrap()
+            .contains("Failing tests: tests::fails")
+    );
+    assert!(
+        metadata["summary"]
+            .as_str()
+            .unwrap()
+            .contains("error: test failed")
+    );
+}
+
+#[test]
+fn shell_delta_result_keeps_existing_summary_for_generic_cargo_failure() {
+    let tmp = tempdir().expect("tempdir");
+    let ctx = ToolContext::new(tmp.path());
+    let result = ShellResult {
+        task_id: None,
+        status: ShellStatus::Failed,
+        exit_code: Some(1),
+        stdout: "build failed".to_string(),
+        stderr: "command failed without structured cargo diagnostics".to_string(),
+        duration_ms: 12,
+        stdout_len: 0,
+        stderr_len: 0,
+        stdout_omitted: 0,
+        stderr_omitted: 0,
+        stdout_truncated: false,
+        stderr_truncated: false,
+        sandboxed: false,
+        sandbox_type: None,
+        sandbox_denied: false,
+    };
+
+    let tool_result = build_shell_delta_tool_result(
+        ShellDeltaResult {
+            command: "cargo test".to_string(),
+            result,
+            stdout_total_len: 0,
+            stderr_total_len: 0,
+        },
+        &ctx,
+    );
+
+    let metadata = tool_result.metadata.expect("metadata");
+    assert!(metadata.get("cargo_failure_summary").is_none());
+    assert_eq!(
+        metadata["summary"],
+        json!("command failed without structured cargo diagnostics")
+    );
+}
+
 #[test]
 fn test_summarize_output_strips_truncation_note() {
     let long_output = "x".repeat(60_000);
diff --git a/crates/tui/src/tools/test_runner.rs b/crates/tui/src/tools/test_runner.rs
index ca96d014..6bbe42c4 100644
--- a/crates/tui/src/tools/test_runner.rs
+++ b/crates/tui/src/tools/test_runner.rs
@@ -10,6 +10,7 @@ use async_trait::async_trait;
 use serde::{Deserialize, Serialize};
 use serde_json::{Value, json};
 
+use super::cargo_failure_summary::summarize_cargo_failure;
 use super::spec::{
     ApprovalRequirement, ToolCapability, ToolContext, ToolError, ToolResult, ToolSpec,
     optional_bool, optional_str,
@@ -100,7 +101,20 @@ impl ToolSpec for RunTestsTool {
             command: command_str,
         };
 
-        ToolResult::json(&result).map_err(|e| ToolError::execution_failed(e.to_string()))
+        let mut tool_result =
+            ToolResult::json(&result).map_err(|e| ToolError::execution_failed(e.to_string()))?;
+        if let Some(summary) = summarize_cargo_failure(
+            &result.command,
+            &result.stdout,
+            &result.stderr,
+            Some(result.exit_code),
+        ) {
+            tool_result = tool_result.with_metadata(json!({
+                "summary": summary.summary,
+                "cargo_failure_summary": summary.to_metadata_value(),
+            }));
+        }
+        Ok(tool_result)
     }
 }
 
@@ -255,6 +269,17 @@ mod tests {
             serde_json::from_str(&result.content).expect("tool result should be json");
         assert!(!parsed.success);
         assert_ne!(parsed.exit_code, 0);
+        let metadata = result.metadata.expect("metadata");
+        assert_eq!(
+            metadata["cargo_failure_summary"]["kind"],
+            json!("test_failure")
+        );
+        assert!(
+            metadata["cargo_failure_summary"]["summary"]
+                .as_str()
+                .unwrap()
+                .contains("Failing tests:")
+        );
     }
 
     #[test]

From 73085e6e69ba374c906cddf46bbd3f019a934043 Mon Sep 17 00:00:00 2001
From: Ben Younes <benyounes.ousama@gmail.com>
Date: Tue, 26 May 2026 17:38:31 +0200
Subject: [PATCH 066/283] feat(cli): add `thread clear-name` to remove a custom
 thread title (1600) (#1939)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Issue 1600 asks for full rename UX: set a custom title, remove it back
to `(unnamed)`. The set side already shipped as `deepseek thread
set-name <id> <name>`, but there was no inverse — users who wanted to
drop a no-longer-relevant title had to either edit the SQLite store by
hand or set a placeholder string.

Add `deepseek thread clear-name <id>`, mirroring the existing
`SetName` arm in `run_thread_command`: look up the thread, set
`name = None`, refresh `updated_at`, upsert. Printed confirmation is
`cleared name for <id>` so it stays distinguishable from the
`renamed` line emitted by `set-name`.

Snapshot help test and the parser-matrix test both gain the new
subcommand. No state-store changes: `upsert_thread` already accepts
`name: None` and `thread list` already prints `(unnamed)` when the
field is empty, so the round-trip is complete with this CLI-only
change.

Co-authored-by: Claude <noreply@anthropic.com>
---
 crates/cli/src/lib.rs | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 6c3dc8b1..9f98eebf 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -385,6 +385,11 @@ enum ThreadCommand {
         thread_id: String,
         name: String,
     },
+    /// Remove the custom name from a thread, restoring the default
+    /// `(unnamed)` rendering in `thread list`.
+    ClearName {
+        thread_id: String,
+    },
 }
 
 #[derive(Debug, Args)]
@@ -1258,6 +1263,16 @@ fn run_thread_command(command: ThreadCommand) -> Result<()> {
             println!("renamed {thread_id}");
             Ok(())
         }
+        ThreadCommand::ClearName { thread_id } => {
+            let mut thread = state
+                .get_thread(&thread_id)?
+                .with_context(|| format!("thread not found: {thread_id}"))?;
+            thread.name = None;
+            thread.updated_at = chrono::Utc::now().timestamp();
+            state.upsert_thread(&thread)?;
+            println!("cleared name for {thread_id}");
+            Ok(())
+        }
     }
 }
 
@@ -1925,6 +1940,14 @@ mod tests {
                 }
             })) if thread_id == "thread-6" && name == "My Thread"
         ));
+
+        let cli = parse_ok(&["deepseek", "thread", "clear-name", "thread-7"]);
+        assert!(matches!(
+            cli.command,
+            Some(Commands::Thread(ThreadArgs {
+                command: ThreadCommand::ClearName { ref thread_id }
+            })) if thread_id == "thread-7"
+        ));
     }
 
     #[test]
@@ -3048,6 +3071,7 @@ mod tests {
                     "archive",
                     "unarchive",
                     "set-name",
+                    "clear-name",
                 ],
             ),
             ("sandbox", vec!["check"]),

From 1d9917d3f224a11697276f773652d5d20de1350b Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:50:16 -0500
Subject: [PATCH 067/283] fix: resolve compilation errors and clippy warnings
 from community PR merges

- config/src/lib.rs: remove undefined has_api_key variable (#2062 conflict)
- ui.rs: clone receipt before move into set_receipt_text
- footer_ui.rs: convert &str to String for if/else type consistency
- rlm.rs: use ref bindings to avoid partial moves of stdout/stderr_preview
- file.rs: prefix unused fuzz variable
- update.rs: remove redundant borrows
- tests.rs: allow print_stderr on catalog metrics test function

All clippy warnings resolved. CI should go green.
---
 ...                                      |  1 +
 crates/cli/src/update.rs                 |  4 +-
 crates/config/src/lib.rs                 |  2 +-
 crates/tui/src/core/engine/tests.rs      |  3 +-
 crates/tui/src/tools/file.rs             |  2 +-
 crates/tui/src/tools/rlm.rs              |  8 +--
 crates/tui/src/tui/footer_ui.rs          |  2 +-
 crates/tui/src/tui/ui.rs                 |  2 +-
 web/app/[locale]/layout.tsx              | 12 ++---
 web/app/[locale]/page.tsx                | 66 +++++++++++++++---------
 web/components/install-download-tile.tsx |  1 -
 web/lib/facts.generated.ts               |  7 ++-
 12 files changed, 67 insertions(+), 43 deletions(-)
 create mode 100644 ...

diff --git a/... b/...
new file mode 100644
index 00000000..90a1d60a
--- /dev/null
+++ b/...
@@ -0,0 +1 @@
+...
\ No newline at end of file
diff --git a/crates/cli/src/update.rs b/crates/cli/src/update.rs
index d9ee4131..9205c899 100644
--- a/crates/cli/src/update.rs
+++ b/crates/cli/src/update.rs
@@ -52,7 +52,7 @@ pub fn run_update(beta: bool) -> Result<()> {
     }
 
     // Step 2: Download the aggregated SHA256 checksum manifest if available
-    let checksum_manifest = match select_checksum_manifest_asset(&release) {
+    let checksum_manifest = match select_checksum_manifest_asset(release) {
         Some(checksum_asset) => {
             println!("Downloading {}...", checksum_asset.name);
             let checksum_bytes =
@@ -76,7 +76,7 @@ pub fn run_update(beta: bool) -> Result<()> {
     // Step 3: Download and verify every colocated binary in the install.
     let mut downloads = Vec::new();
     for target in &targets {
-        let asset = select_platform_asset(&release, &target.asset_stem).with_context(|| {
+        let asset = select_platform_asset(release, &target.asset_stem).with_context(|| {
             format!(
                 "no asset found for platform {} in release {latest_tag}. \
                      Available assets: {}",
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index 11f8afe0..bc830de6 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -388,7 +388,7 @@ impl ConfigToml {
             self.tools = project.tools;
         }
         // Provider is only overridden if explicitly set (non-default).
-        if project.provider != ProviderKind::Deepseek || has_api_key {
+        if project.provider != ProviderKind::Deepseek {
             self.provider = project.provider;
         }
 
diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index ddbafe37..422fdc11 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -484,6 +484,7 @@ fn tools_always_load_overrides_default_native_deferral() {
 
 #[test]
 #[ignore = "one-shot metric for scripts/measure-tool-catalog.py"]
+#[allow(clippy::print_stderr)]
 fn print_agent_tool_catalog_metrics() {
     let tmp = tempdir().expect("tempdir");
     let context = crate::tools::ToolContext::new(tmp.path().to_path_buf());
@@ -532,7 +533,7 @@ fn print_agent_tool_catalog_metrics() {
             / baseline_json.len() as f64
     };
 
-    println!(
+    eprintln!(
         "TOOL_CATALOG_METRICS {}",
         serde_json::json!({
             "baseline_tools": baseline_catalog.len(),
diff --git a/crates/tui/src/tools/file.rs b/crates/tui/src/tools/file.rs
index b3cad625..97ebadd8 100644
--- a/crates/tui/src/tools/file.rs
+++ b/crates/tui/src/tools/file.rs
@@ -540,7 +540,7 @@ impl ToolSpec for EditFileTool {
         let path_str = required_str(&input, "path")?;
         let search = required_str(&input, "search")?;
         let replace = required_str(&input, "replace")?;
-        let fuzz = optional_bool(&input, "fuzz", false);
+        let _fuzz = optional_bool(&input, "fuzz", false);
 
         if search == replace {
             return Err(ToolError::invalid_input(
diff --git a/crates/tui/src/tools/rlm.rs b/crates/tui/src/tools/rlm.rs
index 81f66d6a..eb7e9905 100644
--- a/crates/tui/src/tools/rlm.rs
+++ b/crates/tui/src/tools/rlm.rs
@@ -356,16 +356,16 @@ impl ToolSpec for RlmEvalTool {
             "new_vars": [],
             "final": final_handle,
         });
-        if let Some(stdout_preview) = stdout_preview {
+        if let Some(ref stdout_preview) = stdout_preview {
             output["stdout_preview"] = json!(stdout_preview);
         }
-        if let Some(stderr_preview) = stderr_preview {
+        if let Some(ref stderr_preview) = stderr_preview {
             output["stderr_preview"] = json!(stderr_preview);
         }
-        if let (Some(h), Some(c)) = (stdout_handle, stdout_preview) {
+        if let (Some(h), Some(_)) = (stdout_handle, &stdout_preview) {
             output["stdout_handle"] = json!(h);
         }
-        if let (Some(h), Some(c)) = (stderr_handle, stderr_preview) {
+        if let (Some(h), Some(_)) = (stderr_handle, &stderr_preview) {
             output["stderr_handle"] = json!(h);
         }
         if let Some(confidence) = round.final_confidence.clone() {
diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 5b1fb64c..33ebaada 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -91,7 +91,7 @@ pub(crate) fn render_footer(f: &mut Frame, area: Rect, app: &mut App) {
                 let base = if app.is_loading {
                     crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale)
                 } else if app.is_compacting {
-                    "compacting"
+                    "compacting".to_string()
                 } else {
                     crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale)
                 };
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 5d3dba18..a58bc2f5 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1584,7 +1584,7 @@ async fn run_event_loop(
                                     let _ = write!(receipt, " · {}: {summary}", evidence.tool_name);
                                 }
                             }
-                            app.set_receipt_text(receipt);
+                            app.set_receipt_text(receipt.clone());
                             // Mirror as a persistent status toast (10s TTL).
                             // The footer bar visibly shows status toasts,
                             // which is more glanceable than the composer
diff --git a/web/app/[locale]/layout.tsx b/web/app/[locale]/layout.tsx
index 28e163ad..8eb0b1e7 100644
--- a/web/app/[locale]/layout.tsx
+++ b/web/app/[locale]/layout.tsx
@@ -11,16 +11,16 @@ export async function generateMetadata({ params }: { params: Promise<{ locale: s
   const { locale } = await params;
   const isZh = locale === "zh";
   return {
-    title: isZh ? "CodeWhale · 终端原生编程智能体" : "CodeWhale · 深度求索 终端",
+    title: isZh ? "CodeWhale · DeepSeek V4 智能体运行框架" : "CodeWhale · DeepSeek V4 智能体运行框架",
     description: isZh
-      ? "面向开源模型的终端编程智能体。DeepSeek V4 为一级模型。支持 100 万 token 上下文、MCP 协议、沙箱执行。"
-      : "Terminal-native coding agent for open-source and open-weight models across providers. DeepSeek V4 is first-class. Community site for installation, docs, roadmap, and live activity.",
+      ? "DeepSeek V4 的最强智能体运行框架。宪政层级、结构化信任、验证与恢复——让模型持续工作并不断进步的规则、工具和反馈循环。国际开源社区，递归自改进。"
+      : "The most agentic harness for DeepSeek V4. Constitutional hierarchy, structured trust, verification, and recovery — rules, tools, and feedback loops that help the model keep working. An international open source community building a recursive, self-improving harness.",
     metadataBase: new URL("https://codewhale.net"),
     openGraph: {
-      title: isZh ? "CodeWhale · 终端原生编程智能体" : "CodeWhale",
+      title: "CodeWhale",
       description: isZh
-        ? "面向开源模型的终端编程智能体。"
-        : "Terminal-native coding agent for open-source and open-weight models across providers.",
+        ? "DeepSeek V4 的最强智能体运行框架。宪政层级、结构化信任、验证与恢复。"
+        : "The most agentic harness for DeepSeek V4. Constitutional hierarchy, structured trust, verification, and recovery.",
       url: "https://codewhale.net",
       siteName: "CodeWhale",
       type: "website",
diff --git a/web/app/[locale]/page.tsx b/web/app/[locale]/page.tsx
index 3a7672ac..85b6c300 100644
--- a/web/app/[locale]/page.tsx
+++ b/web/app/[locale]/page.tsx
@@ -94,11 +94,26 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
             <p className="mt-6 text-lg text-ink-soft leading-relaxed max-w-2xl">
               <span className="font-cjk text-indigo font-semibold">CodeWhale</span>
               {isZh
-                ? " 是围绕 DeepSeek V4 Pro 和 Flash 构建的运行框架。规则、工具、证据和反馈循环——帮助模型持续工作，并且不断进步。DeepSeek V4 参与了部分编写。更好的框架让 V4 更有效，更有效的 V4 又让框架变得更好——这是个正向循环。"
-                : " is a harness built around DeepSeek V4 Pro and Flash. Rules, tools, evidence, and feedback loops that help the model keep working — and keep improving. DeepSeek V4 helped write parts of it. A better harness makes V4 more effective, and a more effective V4 makes the harness better — it loops."}
+                ? " 就是那个框架——围绕 DeepSeek V4 Pro 和 Flash 构建，用规则、工具、证据和反馈循环让模型持续工作并不断进步。DeepSeek V4 参与了编写。V4 越强，框架越强——每一轮对话留下更好的提示词和更清晰的交接，下一轮从更高起点出发。这个递归循环正是项目的核心使命：借助国际开源社区，构建一个让 V4 自主管理环境的自改进框架。"
+                : " is that harness — built around DeepSeek V4 Pro and Flash, with rules, tools, evidence, and feedback loops that help the model keep working and keep improving. DeepSeek V4 helped write it. As V4 improves, the harness improves with it. Each turn leaves behind better prompts and better handoffs — so the next turn starts stronger. That's the recursive loop at the heart of this project: an international open source community building a harness that lets V4 manage its own environment, turn after turn."}
             </p>
 
-            <div className="mt-8 flex flex-wrap items-stretch sm:items-center gap-3">
+            {/* MISSION CALLOUT */}
+            <div className="mt-6 px-4 py-3 bg-indigo-pale border-l-4 border-indigo text-sm leading-relaxed max-w-2xl">
+              {isZh ? (
+                <>
+                  <span className="font-display text-indigo font-semibold mr-1">使命</span>
+                  构建一个递归自改进的 DeepSeek V4 运行框架——通过国际开源社区的力量，让 V4 在每一轮对话中学会更好地管理自己的环境。
+                </>
+              ) : (
+                <>
+                  <span className="font-display text-indigo font-semibold mr-1">Mission</span>
+                  Build a recursive, self-improving harness for DeepSeek V4 — by leveraging the international open source community and V4's own ability to manage its environment, turn after turn.
+                </>
+              )}
+            </div>
+
+            <div className="mt-6 flex flex-wrap items-stretch sm:items-center gap-3">
               <Link
                 href={isZh ? "/zh/install" : "/install"}
                 className="flex-1 sm:flex-none text-center px-5 py-3 bg-ink text-paper font-mono text-sm uppercase tracking-wider hover:bg-indigo transition-colors"
@@ -165,61 +180,66 @@ export default async function HomePage({ params }: { params: Promise<{ locale: s
 
       <StatGrid stats={stats} />
 
-      {/* WHAT IT IS */}
+      {/* WHAT IT IS — the core ideas behind the harness */}
       <section className="mx-auto max-w-[1400px] px-6 py-16">
-        <div className="flex items-baseline gap-4 mb-8 hairline-b pb-4">
+        <div className="flex items-baseline gap-4 mb-2 hairline-b pb-4">
           <Seal char="是" />
           <h2 className="font-display">
-            {isZh ? "它到底是什么" : "What it actually is"}
+            {isZh ? "核心思想" : "The ideas that make it what it is"}
           </h2>
         </div>
+        <p className={`mb-8 text-ink-soft max-w-2xl ${isZh ? "leading-[1.9] tracking-wide" : "text-sm leading-relaxed"}`}>
+          {isZh
+            ? "一个模型回答问题，一个智能体完成任务。区别在于框架——围绕模型构建的规则、工具、证据和反馈循环的运行环境。CodeWhale 围绕三条原则运作。"
+            : "A model answers a question. An agent finishes a task. The difference is the harness — the operating environment that surrounds the model with rules, tools, evidence, and feedback loops. CodeWhale operates on three principles."}
+        </p>
 
         <div className="grid md:grid-cols-3 gap-0 col-rule hairline-t hairline-b">
           {isZh ? (
             <>
               <div className="p-6">
                 <div className="eyebrow mb-3">01 · 宪政层级</div>
-                <h3 className="font-display text-xl mb-3">用户意图高于一切</h3>
+                <h3 className="font-display text-xl mb-3">七层权威链，从不模糊</h3>
                 <p className="text-sm text-ink-soft leading-[1.9]">
-                  实时证据高于假设。验证高于自信。清晰的权威链让模型无需猜测该服从哪条指令。
+                  《宪法》第七条定义了九层权威层级——用户当前消息覆盖过时项目规则，实时工具输出覆盖假设，验证覆盖自信。模型不需要猜测该服从哪条指令。
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">02 · 反馈驱动</div>
-                <h3 className="font-display text-xl mb-3">失败是信号，不是终点</h3>
+                <div className="eyebrow mb-3">02 · 自己写的框架</div>
+                <h3 className="font-display text-xl mb-3">DeepSeek V4 参与构建</h3>
                 <p className="text-sm text-ink-soft leading-[1.9]">
-                  失败的命令、失败的测试、LSP 错误。框架让失败可读。每一次节拍都是模型可以调谐的信息，逐轮迭代。
+                  V4 编写了框架的部分代码。每一轮对话的缓存前缀让《宪法》的实际成本接近免费。V4 越强，框架越强；框架越强，V4 在其中越高效——递归循环。
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">03 · 自我修正</div>
-                <h3 className="font-display text-xl mb-3">恢复内建于环境</h3>
+                <div className="eyebrow mb-3">03 · 开源协作</div>
+                <h3 className="font-display text-xl mb-3">国际社区，小补丁驱动</h3>
                 <p className="text-sm text-ink-soft leading-[1.9]">
-                  子智能体、回滚、会话分叉、交接。模型不需要一次就全对。恢复机制从底层支持试错。
+                  100:1 贡献模型——一个提示词、大量智能体小时、一个小补丁、一次维护者审查。无 CLA，无赞助商优先通道。每一条内容都被阅读。
                 </p>
               </div>
             </>
           ) : (
             <>
               <div className="p-6">
-                <div className="eyebrow mb-3">01 · constitutional</div>
-                <h3 className="font-display text-xl mb-3">User intent above everything</h3>
+                <div className="eyebrow mb-3">01 · constitutional hierarchy</div>
+                <h3 className="font-display text-xl mb-3">Seven tiers of authority, never ambiguous</h3>
                 <p className="text-sm text-ink-soft leading-relaxed">
-                  Live evidence above assumptions. Verification above confidence. A clear chain of authority so the model never guesses which instruction to follow.
+                  Article VII of the Constitution ranks nine sources from the Articles themselves to prior-session handoffs. The user's current message outranks stale project rules. Live tool output outranks assumptions. Verification outranks confidence. The model never guesses which instruction to follow.
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">02 · feedback-driven</div>
-                <h3 className="font-display text-xl mb-3">Failure is signal, not a dead end</h3>
+                <div className="eyebrow mb-3">02 · self-written harness</div>
+                <h3 className="font-display text-xl mb-3">DeepSeek V4 helped build it</h3>
                 <p className="text-sm text-ink-soft leading-relaxed">
-                  Failed commands, failing tests, LSP errors. The harness makes failure legible. Each beat is information the model can tune against, turn after turn.
+                  V4 wrote parts of this harness. DeepSeek's prefix caching makes the Constitution nearly free to reference every turn. As V4 improves, the harness improves with it. A more effective V4 makes the harness better — the recursive loop that defines this project.
                 </p>
               </div>
               <div className="p-6">
-                <div className="eyebrow mb-3">03 · self-correcting</div>
-                <h3 className="font-display text-xl mb-3">Recovery built into the environment</h3>
+                <div className="eyebrow mb-3">03 · open by design</div>
+                <h3 className="font-display text-xl mb-3">International community, small patches</h3>
                 <p className="text-sm text-ink-soft leading-relaxed">
-                  Sub-agents, rollback, session forks, handoffs. The model doesn't have to get everything right the first time. Recovery is built into the environment.
+                  The 100-to-1 contribution model: one prompt, many agent-hours, one small patch, one maintainer review. No CLA. No sponsor lockouts. The maintainer reads everything personally, issues are triaged in the open, releases cut from main.
                 </p>
               </div>
             </>
diff --git a/web/components/install-download-tile.tsx b/web/components/install-download-tile.tsx
index 065b10a1..ca56ab82 100644
--- a/web/components/install-download-tile.tsx
+++ b/web/components/install-download-tile.tsx
@@ -76,7 +76,6 @@ export function InstallDownloadTile({
 
   const { zip, sha } = ASSETS[arch];
   const ghproxy = `https://ghproxy.com/${zip}`;
-  const jsdelivr = `https://cdn.jsdelivr.net/gh/Hmbown/CodeWhale@latest/${zip.split("/").pop()}`;
 
   return (
     <div>
diff --git a/web/lib/facts.generated.ts b/web/lib/facts.generated.ts
index 0db1a07a..642acbfe 100644
--- a/web/lib/facts.generated.ts
+++ b/web/lib/facts.generated.ts
@@ -18,7 +18,7 @@ export interface RepoFacts {
 }
 
 export const FACTS: RepoFacts = {
-  "generatedAt": "2026-05-26T03:03:01.383Z",
+  "generatedAt": "2026-05-26T15:45:43.239Z",
   "version": "0.8.45",
   "crates": [
     "agent",
@@ -37,8 +37,11 @@ export const FACTS: RepoFacts = {
     "tui-core"
   ],
   "sandboxBackends": [
+    "bwrap",
     "landlock (Linux)",
-    "seatbelt (macOS)"
+    "process_hardening",
+    "seatbelt (macOS)",
+    "seccomp"
   ],
   "providers": [
     {

From 34ee957e5eea857dd3c4afafdc9bf6891c930050 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:52:13 -0500
Subject: [PATCH 068/283] style: fix rustfmt issues from community PR merges

---
 crates/tui/src/config.rs          |    4 +-
 crates/tui/src/palette.rs         |    2 +-
 crates/tui/src/sandbox/mod.rs     |   42 +-
 crates/tui/src/sandbox/policy.rs  |    2 +-
 crates/tui/src/sandbox/seccomp.rs |  253 ++---
 crates/tui/src/tools/rlm.rs       |    5 +-
 crates/tui/src/tui/footer_ui.rs   |   29 +-
 crates/tui/src/tui/ui.rs          |    4 +-
 crates/tui/src/tui/widgets/mod.rs |   71 +-
 package-lock.json                 | 1610 +++++++++++++++++++++++++++++
 package.json                      |    5 +
 11 files changed, 1834 insertions(+), 193 deletions(-)
 create mode 100644 package-lock.json
 create mode 100644 package.json

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index e6605dbf..63fd1e80 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -3073,9 +3073,7 @@ fn auth_mode_uses_kimi_oauth(mode: &str) -> bool {
 }
 
 fn normalize_auth_mode(mode: &str) -> String {
-    mode.trim()
-        .to_ascii_lowercase()
-        .replace(['-', ' '], "_")
+    mode.trim().to_ascii_lowercase().replace(['-', ' '], "_")
 }
 
 fn base_url_uses_local_host(base_url: &str) -> bool {
diff --git a/crates/tui/src/palette.rs b/crates/tui/src/palette.rs
index 74d72e06..a521c610 100644
--- a/crates/tui/src/palette.rs
+++ b/crates/tui/src/palette.rs
@@ -2060,4 +2060,4 @@ mod tests {
         let _ = ColorDepth::detect();
         let _ = adapt_color(DEEPSEEK_INK, ColorDepth::detect());
     }
-}
\ No newline at end of file
+}
diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index d52d9ffc..da0298c3 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -433,11 +433,7 @@ impl SandboxManager {
     fn prepare_landlock(&self, spec: &CommandSpec) -> ExecEnv {
         // Check if bwrap passthrough should be used (#2184).
         if self.prefer_bwrap && bwrap::is_available() {
-            let command = bwrap::build_bwrap_command(
-                &spec.cwd,
-                &spec.program,
-                &spec.args,
-            );
+            let command = bwrap::build_bwrap_command(&spec.cwd, &spec.program, &spec.args);
 
             let mut env = spec.env.clone();
             env.insert("DEEPSEEK_SANDBOX".to_string(), "bwrap".to_string());
@@ -767,11 +763,23 @@ mod tests {
 
     #[test]
     fn test_parity_denial_zero_exit_never_denied() {
-        assert!(!SandboxManager::was_denied(SandboxType::None, 0, "anything"));
+        assert!(!SandboxManager::was_denied(
+            SandboxType::None,
+            0,
+            "anything"
+        ));
         #[cfg(target_os = "macos")]
-        assert!(!SandboxManager::was_denied(SandboxType::MacosSeatbelt, 0, ""));
+        assert!(!SandboxManager::was_denied(
+            SandboxType::MacosSeatbelt,
+            0,
+            ""
+        ));
         #[cfg(target_os = "linux")]
-        assert!(!SandboxManager::was_denied(SandboxType::LinuxLandlock, 0, ""));
+        assert!(!SandboxManager::was_denied(
+            SandboxType::LinuxLandlock,
+            0,
+            ""
+        ));
         #[cfg(target_os = "windows")]
         assert!(!SandboxManager::was_denied(SandboxType::Windows, 0, ""));
     }
@@ -779,9 +787,15 @@ mod tests {
     #[test]
     #[cfg(target_os = "linux")]
     fn test_parity_seccomp_sigsys_detected() {
-        assert!(SandboxManager::was_denied(SandboxType::LinuxLandlock, 31, ""));
         assert!(SandboxManager::was_denied(
-            SandboxType::LinuxLandlock, 1, "Bad system call"
+            SandboxType::LinuxLandlock,
+            31,
+            ""
+        ));
+        assert!(SandboxManager::was_denied(
+            SandboxType::LinuxLandlock,
+            1,
+            "Bad system call"
         ));
     }
 
@@ -790,10 +804,14 @@ mod tests {
     fn test_parity_seatbelt_file_write_detected() {
         // Seatbelt patterns use "Sandbox: <cmd> denied <operation>" format.
         assert!(SandboxManager::was_denied(
-            SandboxType::MacosSeatbelt, 1, "Sandbox: ls denied file-write*"
+            SandboxType::MacosSeatbelt,
+            1,
+            "Sandbox: ls denied file-write*"
         ));
         assert!(SandboxManager::was_denied(
-            SandboxType::MacosSeatbelt, 1, "Operation not permitted"
+            SandboxType::MacosSeatbelt,
+            1,
+            "Operation not permitted"
         ));
     }
 
diff --git a/crates/tui/src/sandbox/policy.rs b/crates/tui/src/sandbox/policy.rs
index e67a7194..f49113bc 100644
--- a/crates/tui/src/sandbox/policy.rs
+++ b/crates/tui/src/sandbox/policy.rs
@@ -10,8 +10,8 @@ use serde::{Deserialize, Serialize};
 use std::io;
 use std::path::{Path, PathBuf};
 
-use crate::command_safety::SafetyLevel;
 use super::{CommandSpec, ExecEnv};
+use crate::command_safety::SafetyLevel;
 
 /// Determines execution restrictions for shell commands.
 ///
diff --git a/crates/tui/src/sandbox/seccomp.rs b/crates/tui/src/sandbox/seccomp.rs
index 5a5c00cd..ff0637cf 100644
--- a/crates/tui/src/sandbox/seccomp.rs
+++ b/crates/tui/src/sandbox/seccomp.rs
@@ -149,130 +149,130 @@ pub fn apply_seccomp_filter() -> std::io::Result<()> {
     // These are the syscalls most commonly used by shell commands, compilers,
     // and developer tools. Any syscall NOT on this list causes immediate SIGSYS.
     let allowed_syscalls: &[u32] = &[
-        0,    // read
-        1,    // write
-        2,    // open
-        3,    // close
-        4,    // stat
-        5,    // fstat
-        6,    // lstat
-        7,    // poll
-        8,    // lseek
-        9,    // mmap
-        10,   // mprotect
-        11,   // munmap
-        12,   // brk
-        13,   // rt_sigaction
-        14,   // rt_sigprocmask
-        15,   // rt_sigreturn
-        16,   // ioctl
-        17,   // pread64
-        18,   // pwrite64
-        19,   // readv
-        20,   // writev
-        21,   // access
-        22,   // pipe
-        23,   // select
-        24,   // sched_yield
-        25,   // mremap
-        27,   // mincore
-        28,   // madvise
-        29,   // shmget
-        30,   // shmat
-        32,   // dup
-        33,   // dup2
-        35,   // nanosleep
-        39,   // getpid
-        41,   // socket
-        42,   // connect
-        43,   // accept
-        44,   // sendto
-        45,   // recvfrom
-        46,   // sendmsg
-        47,   // recvmsg
-        48,   // shutdown
-        49,   // bind
-        50,   // listen
-        51,   // getsockname
-        52,   // getpeername
-        53,   // socketpair
-        54,   // setsockopt
-        55,   // getsockopt
-        56,   // clone
-        57,   // fork
-        58,   // vfork
-        59,   // execve
-        60,   // exit
-        61,   // wait4
-        62,   // kill
-        63,   // uname
-        72,   // fcntl
-        73,   // flock
-        74,   // fsync
-        75,   // fdatasync
-        76,   // truncate
-        77,   // ftruncate
-        78,   // getdents
-        79,   // getcwd
-        80,   // chdir
-        81,   // fchdir
-        82,   // rename
-        83,   // mkdir
-        84,   // rmdir
-        85,   // creat
-        86,   // link
-        87,   // unlink
-        88,   // symlink
-        89,   // readlink
-        90,   // chmod
-        91,   // fchmod
-        92,   // chown
-        93,   // fchown
-        94,   // lchown
-        95,   // umask
-        96,   // gettimeofday
-        97,   // getrlimit
-        98,   // getrusage
-        99,   // sysinfo
-        100,  // times
-        102,  // getuid
-        104,  // getgid
-        107,  // geteuid
-        108,  // getegid
-        110,  // getppid
-        111,  // getpgrp
-        112,  // setsid
-        116,  // syslog
-        131,  // sigaltstack
-        137,  // statfs
-        138,  // fstatfs
-        157,  // prctl
-        158,  // arch_prctl
-        186,  // gettid
-        201,  // time
-        202,  // futex
-        204,  // sched_getaffinity
-        217,  // getdents64
-        218,  // set_tid_address
-        228,  // clock_gettime
-        230,  // clock_nanosleep
-        231,  // exit_group
-        232,  // epoll_wait
-        233,  // epoll_ctl
-        234,  // tgkill
-        235,  // utimes
-        257,  // openat
-        262,  // newfstatat
-        273,  // set_robust_list
-        281,  // epoll_pwait
-        291,  // epoll_create1
-        292,  // dup3
-        293,  // pipe2
-        302,  // prlimit64
-        318,  // getrandom
-        332,  // statx
-        334,  // rseq
-        435,  // clone3
+        0,   // read
+        1,   // write
+        2,   // open
+        3,   // close
+        4,   // stat
+        5,   // fstat
+        6,   // lstat
+        7,   // poll
+        8,   // lseek
+        9,   // mmap
+        10,  // mprotect
+        11,  // munmap
+        12,  // brk
+        13,  // rt_sigaction
+        14,  // rt_sigprocmask
+        15,  // rt_sigreturn
+        16,  // ioctl
+        17,  // pread64
+        18,  // pwrite64
+        19,  // readv
+        20,  // writev
+        21,  // access
+        22,  // pipe
+        23,  // select
+        24,  // sched_yield
+        25,  // mremap
+        27,  // mincore
+        28,  // madvise
+        29,  // shmget
+        30,  // shmat
+        32,  // dup
+        33,  // dup2
+        35,  // nanosleep
+        39,  // getpid
+        41,  // socket
+        42,  // connect
+        43,  // accept
+        44,  // sendto
+        45,  // recvfrom
+        46,  // sendmsg
+        47,  // recvmsg
+        48,  // shutdown
+        49,  // bind
+        50,  // listen
+        51,  // getsockname
+        52,  // getpeername
+        53,  // socketpair
+        54,  // setsockopt
+        55,  // getsockopt
+        56,  // clone
+        57,  // fork
+        58,  // vfork
+        59,  // execve
+        60,  // exit
+        61,  // wait4
+        62,  // kill
+        63,  // uname
+        72,  // fcntl
+        73,  // flock
+        74,  // fsync
+        75,  // fdatasync
+        76,  // truncate
+        77,  // ftruncate
+        78,  // getdents
+        79,  // getcwd
+        80,  // chdir
+        81,  // fchdir
+        82,  // rename
+        83,  // mkdir
+        84,  // rmdir
+        85,  // creat
+        86,  // link
+        87,  // unlink
+        88,  // symlink
+        89,  // readlink
+        90,  // chmod
+        91,  // fchmod
+        92,  // chown
+        93,  // fchown
+        94,  // lchown
+        95,  // umask
+        96,  // gettimeofday
+        97,  // getrlimit
+        98,  // getrusage
+        99,  // sysinfo
+        100, // times
+        102, // getuid
+        104, // getgid
+        107, // geteuid
+        108, // getegid
+        110, // getppid
+        111, // getpgrp
+        112, // setsid
+        116, // syslog
+        131, // sigaltstack
+        137, // statfs
+        138, // fstatfs
+        157, // prctl
+        158, // arch_prctl
+        186, // gettid
+        201, // time
+        202, // futex
+        204, // sched_getaffinity
+        217, // getdents64
+        218, // set_tid_address
+        228, // clock_gettime
+        230, // clock_nanosleep
+        231, // exit_group
+        232, // epoll_wait
+        233, // epoll_ctl
+        234, // tgkill
+        235, // utimes
+        257, // openat
+        262, // newfstatat
+        273, // set_robust_list
+        281, // epoll_pwait
+        291, // epoll_create1
+        292, // dup3
+        293, // pipe2
+        302, // prlimit64
+        318, // getrandom
+        332, // statx
+        334, // rseq
+        435, // clone3
     ];
 
     // Build the BPF program.
@@ -316,7 +316,10 @@ pub fn apply_seccomp_filter() -> std::io::Result<()> {
     // forward over the remaining checks + KILL to reach ALLOW.
     for &syscall in allowed_syscalls {
         let remaining = (allowed_syscalls.len() as u8).saturating_sub(
-            allowed_syscalls.iter().position(|&s| s == syscall).unwrap_or(0) as u8
+            allowed_syscalls
+                .iter()
+                .position(|&s| s == syscall)
+                .unwrap_or(0) as u8,
         );
         // If syscall == this one, jump to allow_target; otherwise fall through
         filter.push(sock_filter {
diff --git a/crates/tui/src/tools/rlm.rs b/crates/tui/src/tools/rlm.rs
index eb7e9905..4133cc49 100644
--- a/crates/tui/src/tools/rlm.rs
+++ b/crates/tui/src/tools/rlm.rs
@@ -326,7 +326,10 @@ impl ToolSpec for RlmEvalTool {
                     // Store full body as a handle for out-of-band retrieval
                     let name = format!("{tag}_{}", 0); // single counter is fine
                     let handle = store.insert_text(session_id, name, text);
-                    (Some(format!("{} chars; retrieve via handle_read", text.len())), Some(handle))
+                    (
+                        Some(format!("{} chars; retrieve via handle_read", text.len())),
+                        Some(handle),
+                    )
                 }
                 _ => (None, None),
             }
diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 33ebaada..1fc58d91 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -43,19 +43,21 @@ pub(crate) fn render_footer(f: &mut Frame, area: Rect, app: &mut App) {
     } else {
         None
     };
-    let toast = quit_prompt.or_else(|| {
-        // Version-update hint takes precedence over ephemeral status toasts
-        // so the user sees it even when status traffic would hide it.
-        app.version_hint.as_ref().map(|hint| FooterToast {
-            text: hint.clone(),
-            color: palette::STATUS_INFO,
+    let toast = quit_prompt
+        .or_else(|| {
+            // Version-update hint takes precedence over ephemeral status toasts
+            // so the user sees it even when status traffic would hide it.
+            app.version_hint.as_ref().map(|hint| FooterToast {
+                text: hint.clone(),
+                color: palette::STATUS_INFO,
+            })
         })
-    }).or_else(|| {
-        app.active_status_toast().map(|toast| FooterToast {
-            text: toast.text,
-            color: status_color(toast.level),
-        })
-    });
+        .or_else(|| {
+            app.active_status_toast().map(|toast| FooterToast {
+                text: toast.text,
+                color: status_color(toast.level),
+            })
+        });
 
     // Drive every cluster from the user's configured `status_items`. Mode
     // and Model are always rendered by `FooterProps` itself (their position
@@ -645,8 +647,7 @@ pub(crate) fn footer_auxiliary_spans(app: &App, max_width: usize) -> Vec<Span<'s
         })
         .unwrap_or_default();
 
-    let shell_spans =
-        crate::tui::widgets::footer_shell_chip(active_foreground_shell_running(app));
+    let shell_spans = crate::tui::widgets::footer_shell_chip(active_foreground_shell_running(app));
 
     let parts: Vec<&Vec<Span<'static>>> = [
         &coherence_spans,
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index a58bc2f5..2ba52ef9 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -940,9 +940,7 @@ async fn run_event_loop(
         if let Some(ref handle) = version_check {
             done = handle.is_finished();
         }
-        if done
-            && let Ok(Some(hint)) = version_check.take().unwrap().await
-        {
+        if done && let Ok(Some(hint)) = version_check.take().unwrap().await {
             app.version_hint = Some(hint);
         }
 
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index 37aa0f97..f1e395e6 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -2079,7 +2079,10 @@ pub(crate) fn slash_completion_hints(
                 continue;
             }
             let cmd_lower = cmd.name.to_ascii_lowercase();
-            let alias_match = cmd.aliases.iter().any(|a| a.to_ascii_lowercase().contains(&prefix_lower));
+            let alias_match = cmd
+                .aliases
+                .iter()
+                .any(|a| a.to_ascii_lowercase().contains(&prefix_lower));
             if cmd_lower.contains(&prefix_lower) || alias_match {
                 seen.insert(name.clone());
                 push_command_entry(&mut entries, &name, cmd.name, &prefix_lower, locale);
@@ -2096,7 +2099,10 @@ pub(crate) fn slash_completion_hints(
                 continue;
             }
             let cmd_lower = cmd.name.to_ascii_lowercase();
-            let alias_match = cmd.aliases.iter().any(|a| fuzzy_chars_in_order(&prefix_lower, &a.to_ascii_lowercase()));
+            let alias_match = cmd
+                .aliases
+                .iter()
+                .any(|a| fuzzy_chars_in_order(&prefix_lower, &a.to_ascii_lowercase()));
             if fuzzy_chars_in_order(&prefix_lower, &cmd_lower) || alias_match {
                 seen.insert(name.clone());
                 push_command_entry(&mut entries, &name, cmd.name, &prefix_lower, locale);
@@ -2122,9 +2128,9 @@ pub(crate) fn slash_completion_hints(
         for (skill_name, skill_desc) in cached_skills {
             let skill_name_lower = skill_name.to_ascii_lowercase();
             if skill_name_lower.contains(&skill_prefix)
-                && !entries.iter().any(|e| {
-                    e.name == format!("/skill {skill_name}")
-                })
+                && !entries
+                    .iter()
+                    .any(|e| e.name == format!("/skill {skill_name}"))
             {
                 entries.push(SlashMenuEntry {
                     name: format!("/skill {skill_name}"),
@@ -2201,37 +2207,36 @@ fn push_command_entry(
     prefix_lower: &str,
     locale: crate::localization::Locale,
 ) {
-    let (description, alias_hint) =
-        if let Some(info) = commands::get_command_info(command_key) {
-            let hint = if !command_key.to_ascii_lowercase().starts_with(prefix_lower) {
+    let (description, alias_hint) = if let Some(info) = commands::get_command_info(command_key) {
+        let hint = if !command_key.to_ascii_lowercase().starts_with(prefix_lower) {
+            info.aliases
+                .iter()
+                .find(|a| {
+                    a.to_ascii_lowercase().starts_with(prefix_lower)
+                        || a.to_ascii_lowercase().contains(prefix_lower)
+                        || fuzzy_chars_in_order(prefix_lower, &a.to_ascii_lowercase())
+                })
+                .map(|a| a.to_string())
+        } else {
+            None
+        };
+        let desc = if info.aliases.is_empty() {
+            info.description_for(locale).to_string()
+        } else {
+            format!(
+                "{}  (aliases: {})",
+                info.description_for(locale),
                 info.aliases
                     .iter()
-                    .find(|a| {
-                        a.to_ascii_lowercase().starts_with(prefix_lower)
-                            || a.to_ascii_lowercase().contains(prefix_lower)
-                            || fuzzy_chars_in_order(prefix_lower, &a.to_ascii_lowercase())
-                    })
-                    .map(|a| a.to_string())
-            } else {
-                None
-            };
-            let desc = if info.aliases.is_empty() {
-                info.description_for(locale).to_string()
-            } else {
-                format!(
-                    "{}  (aliases: {})",
-                    info.description_for(locale),
-                    info.aliases
-                        .iter()
-                        .map(|a| format!("/{a}"))
-                        .collect::<Vec<_>>()
-                        .join(", ")
-                )
-            };
-            (desc, hint)
-        } else {
-            (String::from("User-defined command"), None)
+                    .map(|a| format!("/{a}"))
+                    .collect::<Vec<_>>()
+                    .join(", ")
+            )
         };
+        (desc, hint)
+    } else {
+        (String::from("User-defined command"), None)
+    };
     entries.push(SlashMenuEntry {
         name: name.to_string(),
         description,
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 00000000..cbfc7a7e
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,1610 @@
+{
+  "name": "codewhale",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "devDependencies": {
+        "wrangler": "^4.94.0"
+      }
+    },
+    "node_modules/@cloudflare/kv-asset-handler": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/@cloudflare/kv-asset-handler/-/kv-asset-handler-0.5.0.tgz",
+      "integrity": "sha512-jxQYkj8dSIzc0cD6cMMNdOc1UVjqSqu8BZdor5s8cGjW2I8BjODt/kWPVdY+u9zj3ms75Q5qaZgnxUad83+eAg==",
+      "dev": true,
+      "license": "MIT OR Apache-2.0",
+      "engines": {
+        "node": ">=22.0.0"
+      }
+    },
+    "node_modules/@cloudflare/unenv-preset": {
+      "version": "2.16.1",
+      "resolved": "https://registry.npmjs.org/@cloudflare/unenv-preset/-/unenv-preset-2.16.1.tgz",
+      "integrity": "sha512-ECxObrMfyTl5bhQf/lZCXwo5G6xX9IAUo+nDMKK4SZ8m4Jvvxp52vilxyySSWh2YTZz8+HQ07qGH/2rEom1vDw==",
+      "dev": true,
+      "license": "MIT OR Apache-2.0",
+      "peerDependencies": {
+        "unenv": "2.0.0-rc.24",
+        "workerd": ">1.20260305.0 <2.0.0-0"
+      },
+      "peerDependenciesMeta": {
+        "workerd": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@cloudflare/workerd-darwin-64": {
+      "version": "1.20260521.1",
+      "resolved": "https://registry.npmjs.org/@cloudflare/workerd-darwin-64/-/workerd-darwin-64-1.20260521.1.tgz",
+      "integrity": "sha512-aiNdXmxlhwGjTSajL3I7uQPpN4lAOcXjvg5ZOlJKIywnevr798n9XCS6lvuqgniM3KjurBNWRRypMJntg/eSLg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/@cloudflare/workerd-darwin-arm64": {
+      "version": "1.20260521.1",
+      "resolved": "https://registry.npmjs.org/@cloudflare/workerd-darwin-arm64/-/workerd-darwin-arm64-1.20260521.1.tgz",
+      "integrity": "sha512-ikN8aKSi4Ak28ndOkuSO5rq6lmV6wwDQu9F9Vu6J7EkwAOth74J/Hjn4j4EuFceW/npw2Ws0Y/muzA6WKHl4TA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/@cloudflare/workerd-linux-64": {
+      "version": "1.20260521.1",
+      "resolved": "https://registry.npmjs.org/@cloudflare/workerd-linux-64/-/workerd-linux-64-1.20260521.1.tgz",
+      "integrity": "sha512-D/gUhvQcG0pJr5aJl6yUoi2JxbFpjVtDq9xUJHPjfkAjL28TUVgCR/e5r8YGirepv4I1DK7ihuii9LZ2GGMJbw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/@cloudflare/workerd-linux-arm64": {
+      "version": "1.20260521.1",
+      "resolved": "https://registry.npmjs.org/@cloudflare/workerd-linux-arm64/-/workerd-linux-arm64-1.20260521.1.tgz",
+      "integrity": "sha512-vhjWPIHenczegTakhRPwEmTeaavCpNqsuo3RlLCkUdU47HrwLvy/4QersGggs4+kF4Do+IE/EznCGyT40xYcLA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/@cloudflare/workerd-windows-64": {
+      "version": "1.20260521.1",
+      "resolved": "https://registry.npmjs.org/@cloudflare/workerd-windows-64/-/workerd-windows-64-1.20260521.1.tgz",
+      "integrity": "sha512-wBolYC/+lnGIEbkkPdzFtjTOWip2uQH6maeAP1ZV0kyxi5SGpsa83+wD5rH5OOle+sHE5qJMdwCKjwRwj+FKJg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/@cspotcode/source-map-support": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz",
+      "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "0.3.9"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@emnapi/runtime": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz",
+      "integrity": "sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@esbuild/aix-ppc64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.3.tgz",
+      "integrity": "sha512-9fJMTNFTWZMh5qwrBItuziu834eOCUcEqymSH7pY+zoMVEZg3gcPuBNxH1EvfVYe9h0x/Ptw8KBzv7qxb7l8dg==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.3.tgz",
+      "integrity": "sha512-i5D1hPY7GIQmXlXhs2w8AWHhenb00+GxjxRncS2ZM7YNVGNfaMxgzSGuO8o8SJzRc/oZwU2bcScvVERk03QhzA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.3.tgz",
+      "integrity": "sha512-YdghPYUmj/FX2SYKJ0OZxf+iaKgMsKHVPF1MAq/P8WirnSpCStzKJFjOjzsW0QQ7oIAiccHdcqjbHmJxRb/dmg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.3.tgz",
+      "integrity": "sha512-IN/0BNTkHtk8lkOM8JWAYFg4ORxBkZQf9zXiEOfERX/CzxW3Vg1ewAhU7QSWQpVIzTW+b8Xy+lGzdYXV6UZObQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.3.tgz",
+      "integrity": "sha512-Re491k7ByTVRy0t3EKWajdLIr0gz2kKKfzafkth4Q8A5n1xTHrkqZgLLjFEHVD+AXdUGgQMq+Godfq45mGpCKg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.3.tgz",
+      "integrity": "sha512-vHk/hA7/1AckjGzRqi6wbo+jaShzRowYip6rt6q7VYEDX4LEy1pZfDpdxCBnGtl+A5zq8iXDcyuxwtv3hNtHFg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.3.tgz",
+      "integrity": "sha512-ipTYM2fjt3kQAYOvo6vcxJx3nBYAzPjgTCk7QEgZG8AUO3ydUhvelmhrbOheMnGOlaSFUoHXB6un+A7q4ygY9w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.3.tgz",
+      "integrity": "sha512-dDk0X87T7mI6U3K9VjWtHOXqwAMJBNN2r7bejDsc+j03SEjtD9HrOl8gVFByeM0aJksoUuUVU9TBaZa2rgj0oA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.3.tgz",
+      "integrity": "sha512-s6nPv2QkSupJwLYyfS+gwdirm0ukyTFNl3KTgZEAiJDd+iHZcbTPPcWCcRYH+WlNbwChgH2QkE9NSlNrMT8Gfw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.3.tgz",
+      "integrity": "sha512-sZOuFz/xWnZ4KH3YfFrKCf1WyPZHakVzTiqji3WDc0BCl2kBwiJLCXpzLzUBLgmp4veFZdvN5ChW4Eq/8Fc2Fg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.3.tgz",
+      "integrity": "sha512-yGlQYjdxtLdh0a3jHjuwOrxQjOZYD/C9PfdbgJJF3TIZWnm/tMd/RcNiLngiu4iwcBAOezdnSLAwQDPqTmtTYg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.3.tgz",
+      "integrity": "sha512-WO60Sn8ly3gtzhyjATDgieJNet/KqsDlX5nRC5Y3oTFcS1l0KWba+SEa9Ja1GfDqSF1z6hif/SkpQJbL63cgOA==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.3.tgz",
+      "integrity": "sha512-APsymYA6sGcZ4pD6k+UxbDjOFSvPWyZhjaiPyl/f79xKxwTnrn5QUnXR5prvetuaSMsb4jgeHewIDCIWljrSxw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.3.tgz",
+      "integrity": "sha512-eizBnTeBefojtDb9nSh4vvVQ3V9Qf9Df01PfawPcRzJH4gFSgrObw+LveUyDoKU3kxi5+9RJTCWlj4FjYXVPEA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.3.tgz",
+      "integrity": "sha512-3Emwh0r5wmfm3ssTWRQSyVhbOHvqegUDRd0WhmXKX2mkHJe1SFCMJhagUleMq+Uci34wLSipf8Lagt4LlpRFWQ==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.3.tgz",
+      "integrity": "sha512-pBHUx9LzXWBc7MFIEEL0yD/ZVtNgLytvx60gES28GcWMqil8ElCYR4kvbV2BDqsHOvVDRrOxGySBM9Fcv744hw==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.3.tgz",
+      "integrity": "sha512-Czi8yzXUWIQYAtL/2y6vogER8pvcsOsk5cpwL4Gk5nJqH5UZiVByIY8Eorm5R13gq+DQKYg0+JyQoytLQas4dA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.3.tgz",
+      "integrity": "sha512-sDpk0RgmTCR/5HguIZa9n9u+HVKf40fbEUt+iTzSnCaGvY9kFP0YKBWZtJaraonFnqef5SlJ8/TiPAxzyS+UoA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.3.tgz",
+      "integrity": "sha512-P14lFKJl/DdaE00LItAukUdZO5iqNH7+PjoBm+fLQjtxfcfFE20Xf5CrLsmZdq5LFFZzb5JMZ9grUwvtVYzjiA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.3.tgz",
+      "integrity": "sha512-AIcMP77AvirGbRl/UZFTq5hjXK+2wC7qFRGoHSDrZ5v5b8DK/GYpXW3CPRL53NkvDqb9D+alBiC/dV0Fb7eJcw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.3.tgz",
+      "integrity": "sha512-DnW2sRrBzA+YnE70LKqnM3P+z8vehfJWHXECbwBmH/CU51z6FiqTQTHFenPlHmo3a8UgpLyH3PT+87OViOh1AQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openharmony-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.3.tgz",
+      "integrity": "sha512-NinAEgr/etERPTsZJ7aEZQvvg/A6IsZG/LgZy+81wON2huV7SrK3e63dU0XhyZP4RKGyTm7aOgmQk0bGp0fy2g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/sunos-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.3.tgz",
+      "integrity": "sha512-PanZ+nEz+eWoBJ8/f8HKxTTD172SKwdXebZ0ndd953gt1HRBbhMsaNqjTyYLGLPdoWHy4zLU7bDVJztF5f3BHA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-arm64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.3.tgz",
+      "integrity": "sha512-B2t59lWWYrbRDw/tjiWOuzSsFh1Y/E95ofKz7rIVYSQkUYBjfSgf6oeYPNWHToFRr2zx52JKApIcAS/D5TUBnA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-ia32": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.3.tgz",
+      "integrity": "sha512-QLKSFeXNS8+tHW7tZpMtjlNb7HKau0QDpwm49u0vUp9y1WOF+PEzkU84y9GqYaAVW8aH8f3GcBck26jh54cX4Q==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-x64": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.3.tgz",
+      "integrity": "sha512-4uJGhsxuptu3OcpVAzli+/gWusVGwZZHTlS63hh++ehExkVT8SgiEf7/uC/PclrPPkLhZqGgCTjd0VWLo6xMqA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@img/colour": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz",
+      "integrity": "sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@img/sharp-darwin-arm64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz",
+      "integrity": "sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-darwin-arm64": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-darwin-x64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz",
+      "integrity": "sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-darwin-x64": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-libvips-darwin-arm64": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz",
+      "integrity": "sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-darwin-x64": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz",
+      "integrity": "sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-arm": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz",
+      "integrity": "sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-arm64": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz",
+      "integrity": "sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-ppc64": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz",
+      "integrity": "sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-riscv64": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz",
+      "integrity": "sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-s390x": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz",
+      "integrity": "sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linux-x64": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz",
+      "integrity": "sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linuxmusl-arm64": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz",
+      "integrity": "sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-libvips-linuxmusl-x64": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz",
+      "integrity": "sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-linux-arm": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz",
+      "integrity": "sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-arm": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-linux-arm64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz",
+      "integrity": "sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-arm64": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-linux-ppc64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz",
+      "integrity": "sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-ppc64": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-linux-riscv64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz",
+      "integrity": "sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-riscv64": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-linux-s390x": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz",
+      "integrity": "sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-s390x": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-linux-x64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz",
+      "integrity": "sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linux-x64": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-linuxmusl-arm64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz",
+      "integrity": "sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linuxmusl-arm64": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-linuxmusl-x64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz",
+      "integrity": "sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "Apache-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-libvips-linuxmusl-x64": "1.2.4"
+      }
+    },
+    "node_modules/@img/sharp-wasm32": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz",
+      "integrity": "sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==",
+      "cpu": [
+        "wasm32"
+      ],
+      "dev": true,
+      "license": "Apache-2.0 AND LGPL-3.0-or-later AND MIT",
+      "optional": true,
+      "dependencies": {
+        "@emnapi/runtime": "^1.7.0"
+      },
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-win32-arm64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz",
+      "integrity": "sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0 AND LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-win32-ia32": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz",
+      "integrity": "sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "Apache-2.0 AND LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@img/sharp-win32-x64": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz",
+      "integrity": "sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "Apache-2.0 AND LGPL-3.0-or-later",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      }
+    },
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
+      "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.5",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz",
+      "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.9",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz",
+      "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
+    "node_modules/@poppinss/colors": {
+      "version": "4.1.6",
+      "resolved": "https://registry.npmjs.org/@poppinss/colors/-/colors-4.1.6.tgz",
+      "integrity": "sha512-H9xkIdFswbS8n1d6vmRd8+c10t2Qe+rZITbbDHHkQixH5+2x1FDGmi/0K+WgWiqQFKPSlIYB7jlH6Kpfn6Fleg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "kleur": "^4.1.5"
+      }
+    },
+    "node_modules/@poppinss/dumper": {
+      "version": "0.6.5",
+      "resolved": "https://registry.npmjs.org/@poppinss/dumper/-/dumper-0.6.5.tgz",
+      "integrity": "sha512-NBdYIb90J7LfOI32dOewKI1r7wnkiH6m920puQ3qHUeZkxNkQiFnXVWoE6YtFSv6QOiPPf7ys6i+HWWecDz7sw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@poppinss/colors": "^4.1.5",
+        "@sindresorhus/is": "^7.0.2",
+        "supports-color": "^10.0.0"
+      }
+    },
+    "node_modules/@poppinss/exception": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/@poppinss/exception/-/exception-1.2.3.tgz",
+      "integrity": "sha512-dCED+QRChTVatE9ibtoaxc+WkdzOSjYTKi/+uacHWIsfodVfpsueo3+DKpgU5Px8qXjgmXkSvhXvSCz3fnP9lw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@sindresorhus/is": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-7.2.0.tgz",
+      "integrity": "sha512-P1Cz1dWaFfR4IR+U13mqqiGsLFf1KbayybWwdd2vfctdV6hDpUkgCY0nKOLLTMSoRd/jJNjtbqzf13K8DCCXQw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/is?sponsor=1"
+      }
+    },
+    "node_modules/@speed-highlight/core": {
+      "version": "1.2.15",
+      "resolved": "https://registry.npmjs.org/@speed-highlight/core/-/core-1.2.15.tgz",
+      "integrity": "sha512-BMq1K3DsElxDWawkX6eLg9+CKJrTVGCBAWVuHXVUV2u0s2711qiChLSId6ikYPfxhdYocLNt3wWwSvDiTvFabw==",
+      "dev": true,
+      "license": "CC0-1.0"
+    },
+    "node_modules/blake3-wasm": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/blake3-wasm/-/blake3-wasm-2.1.5.tgz",
+      "integrity": "sha512-F1+K8EbfOZE49dtoPtmxUQrpXaBIl3ICvasLh+nJta0xkz+9kF/7uet9fLnwKqhDrmj6g+6K3Tw9yQPUg2ka5g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/cookie": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
+      "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/detect-libc": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
+      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/error-stack-parser-es": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/error-stack-parser-es/-/error-stack-parser-es-1.0.5.tgz",
+      "integrity": "sha512-5qucVt2XcuGMcEGgWI7i+yZpmpByQ8J1lHhcL7PwqCwu9FPP3VUXzT4ltHe5i2z9dePwEHcDVOAfSnHsOlCXRA==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/esbuild": {
+      "version": "0.27.3",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.3.tgz",
+      "integrity": "sha512-8VwMnyGCONIs6cWue2IdpHxHnAjzxnw2Zr7MkVxB2vjmQ2ivqGFb4LEG3SMnv0Gb2F/G/2yA8zUaiL1gywDCCg==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.27.3",
+        "@esbuild/android-arm": "0.27.3",
+        "@esbuild/android-arm64": "0.27.3",
+        "@esbuild/android-x64": "0.27.3",
+        "@esbuild/darwin-arm64": "0.27.3",
+        "@esbuild/darwin-x64": "0.27.3",
+        "@esbuild/freebsd-arm64": "0.27.3",
+        "@esbuild/freebsd-x64": "0.27.3",
+        "@esbuild/linux-arm": "0.27.3",
+        "@esbuild/linux-arm64": "0.27.3",
+        "@esbuild/linux-ia32": "0.27.3",
+        "@esbuild/linux-loong64": "0.27.3",
+        "@esbuild/linux-mips64el": "0.27.3",
+        "@esbuild/linux-ppc64": "0.27.3",
+        "@esbuild/linux-riscv64": "0.27.3",
+        "@esbuild/linux-s390x": "0.27.3",
+        "@esbuild/linux-x64": "0.27.3",
+        "@esbuild/netbsd-arm64": "0.27.3",
+        "@esbuild/netbsd-x64": "0.27.3",
+        "@esbuild/openbsd-arm64": "0.27.3",
+        "@esbuild/openbsd-x64": "0.27.3",
+        "@esbuild/openharmony-arm64": "0.27.3",
+        "@esbuild/sunos-x64": "0.27.3",
+        "@esbuild/win32-arm64": "0.27.3",
+        "@esbuild/win32-ia32": "0.27.3",
+        "@esbuild/win32-x64": "0.27.3"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/kleur": {
+      "version": "4.1.5",
+      "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
+      "integrity": "sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/miniflare": {
+      "version": "4.20260521.0",
+      "resolved": "https://registry.npmjs.org/miniflare/-/miniflare-4.20260521.0.tgz",
+      "integrity": "sha512-roRfxPq49OkuSeQsc43hRjSB1+HdHtDNKRwDEVk2hCjCBuBWxb5Wvwq88b0ULj6QVEJLN/+ZqF19M+h4VYJ/zg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@cspotcode/source-map-support": "0.8.1",
+        "sharp": "^0.34.5",
+        "undici": "7.24.8",
+        "workerd": "1.20260521.1",
+        "ws": "8.20.1",
+        "youch": "4.1.0-beta.10"
+      },
+      "bin": {
+        "miniflare": "bootstrap.js"
+      },
+      "engines": {
+        "node": ">=22.0.0"
+      }
+    },
+    "node_modules/path-to-regexp": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz",
+      "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/pathe": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz",
+      "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/rosie-skills": {
+      "version": "0.6.4",
+      "resolved": "https://registry.npmjs.org/rosie-skills/-/rosie-skills-0.6.4.tgz",
+      "integrity": "sha512-ojfhSiQRdZ2QyWbmKAHOSAUbaLYrTc5zIH7mS1jKoP8KCFSQddwVhMyFqldckTeybTfW3zNcsZzyOTzGTN1SBA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "bin": {
+        "rosie-skills": "dist/bin.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "rosie-skills-darwin-arm64": "0.6.4",
+        "rosie-skills-freebsd-x64": "0.6.4",
+        "rosie-skills-linux-x64": "0.6.4"
+      }
+    },
+    "node_modules/rosie-skills-darwin-arm64": {
+      "version": "0.6.4",
+      "resolved": "https://registry.npmjs.org/rosie-skills-darwin-arm64/-/rosie-skills-darwin-arm64-0.6.4.tgz",
+      "integrity": "sha512-rn1s5hqFKcxeiDEWWoFa1hdGPshR8TkwHLzy/cBavb9XJNAaUxbe3oQ78W9sQkRHAgRyzJYyk9tw68Qrdnizgg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/rosie-skills-freebsd-x64": {
+      "version": "0.6.4",
+      "resolved": "https://registry.npmjs.org/rosie-skills-freebsd-x64/-/rosie-skills-freebsd-x64-0.6.4.tgz",
+      "integrity": "sha512-SxCRduPBMtfjkQ+q56Yw9OLA3PyaqoALzt7kER7IDKuUVfM2O/1w8sa5xhTDiCvWkZJixnH5d5Ya6KT+/Mwcng==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/rosie-skills-linux-x64": {
+      "version": "0.6.4",
+      "resolved": "https://registry.npmjs.org/rosie-skills-linux-x64/-/rosie-skills-linux-x64-0.6.4.tgz",
+      "integrity": "sha512-D9Y9mfu7goB0s0X59uU3hcFeUTef3VbpCIDwFMzyvJrAq3XhRACWBDMHQsHlyWdHxTXPX/ILyW65RXyrJlgqng==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/semver": {
+      "version": "7.8.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz",
+      "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/sharp": {
+      "version": "0.34.5",
+      "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz",
+      "integrity": "sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@img/colour": "^1.0.0",
+        "detect-libc": "^2.1.2",
+        "semver": "^7.7.3"
+      },
+      "engines": {
+        "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/libvips"
+      },
+      "optionalDependencies": {
+        "@img/sharp-darwin-arm64": "0.34.5",
+        "@img/sharp-darwin-x64": "0.34.5",
+        "@img/sharp-libvips-darwin-arm64": "1.2.4",
+        "@img/sharp-libvips-darwin-x64": "1.2.4",
+        "@img/sharp-libvips-linux-arm": "1.2.4",
+        "@img/sharp-libvips-linux-arm64": "1.2.4",
+        "@img/sharp-libvips-linux-ppc64": "1.2.4",
+        "@img/sharp-libvips-linux-riscv64": "1.2.4",
+        "@img/sharp-libvips-linux-s390x": "1.2.4",
+        "@img/sharp-libvips-linux-x64": "1.2.4",
+        "@img/sharp-libvips-linuxmusl-arm64": "1.2.4",
+        "@img/sharp-libvips-linuxmusl-x64": "1.2.4",
+        "@img/sharp-linux-arm": "0.34.5",
+        "@img/sharp-linux-arm64": "0.34.5",
+        "@img/sharp-linux-ppc64": "0.34.5",
+        "@img/sharp-linux-riscv64": "0.34.5",
+        "@img/sharp-linux-s390x": "0.34.5",
+        "@img/sharp-linux-x64": "0.34.5",
+        "@img/sharp-linuxmusl-arm64": "0.34.5",
+        "@img/sharp-linuxmusl-x64": "0.34.5",
+        "@img/sharp-wasm32": "0.34.5",
+        "@img/sharp-win32-arm64": "0.34.5",
+        "@img/sharp-win32-ia32": "0.34.5",
+        "@img/sharp-win32-x64": "0.34.5"
+      }
+    },
+    "node_modules/supports-color": {
+      "version": "10.2.2",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-10.2.2.tgz",
+      "integrity": "sha512-SS+jx45GF1QjgEXQx4NJZV9ImqmO2NPz5FNsIHrsDjh2YsHnawpan7SNQ1o8NuhrbHZy9AZhIoCUiCeaW/C80g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/supports-color?sponsor=1"
+      }
+    },
+    "node_modules/tslib": {
+      "version": "2.8.1",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
+      "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
+      "dev": true,
+      "license": "0BSD",
+      "optional": true
+    },
+    "node_modules/undici": {
+      "version": "7.24.8",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.8.tgz",
+      "integrity": "sha512-6KQ/+QxK49Z/p3HO6E5ZCZWNnCasyZLa5ExaVYyvPxUwKtbCPMKELJOqh7EqOle0t9cH/7d2TaaTRRa6Nhs4YQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.18.1"
+      }
+    },
+    "node_modules/unenv": {
+      "version": "2.0.0-rc.24",
+      "resolved": "https://registry.npmjs.org/unenv/-/unenv-2.0.0-rc.24.tgz",
+      "integrity": "sha512-i7qRCmY42zmCwnYlh9H2SvLEypEFGye5iRmEMKjcGi7zk9UquigRjFtTLz0TYqr0ZGLZhaMHl/foy1bZR+Cwlw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "pathe": "^2.0.3"
+      }
+    },
+    "node_modules/workerd": {
+      "version": "1.20260521.1",
+      "resolved": "https://registry.npmjs.org/workerd/-/workerd-1.20260521.1.tgz",
+      "integrity": "sha512-HzIThcZ0ZVEuzVxpY2IYZ3yssSrTjtrWXAVfmOl5rVwyqcu7aeZXGMiwrEmi9MOcC3wjy+BNv+hFrMMY5OrjQQ==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "workerd": "bin/workerd"
+      },
+      "engines": {
+        "node": ">=16"
+      },
+      "optionalDependencies": {
+        "@cloudflare/workerd-darwin-64": "1.20260521.1",
+        "@cloudflare/workerd-darwin-arm64": "1.20260521.1",
+        "@cloudflare/workerd-linux-64": "1.20260521.1",
+        "@cloudflare/workerd-linux-arm64": "1.20260521.1",
+        "@cloudflare/workerd-windows-64": "1.20260521.1"
+      }
+    },
+    "node_modules/wrangler": {
+      "version": "4.94.0",
+      "resolved": "https://registry.npmjs.org/wrangler/-/wrangler-4.94.0.tgz",
+      "integrity": "sha512-GsNw0DomGFfeXFtKVTwn2X69UKcCxcTB0CXykjsMineJIxOeyrw7LovlHQ/3JU8KJHH7repLB+kOHvfTBA/Eew==",
+      "dev": true,
+      "license": "MIT OR Apache-2.0",
+      "dependencies": {
+        "@cloudflare/kv-asset-handler": "0.5.0",
+        "@cloudflare/unenv-preset": "2.16.1",
+        "blake3-wasm": "2.1.5",
+        "esbuild": "0.27.3",
+        "miniflare": "4.20260521.0",
+        "path-to-regexp": "6.3.0",
+        "rosie-skills": "^0.6.3",
+        "unenv": "2.0.0-rc.24",
+        "workerd": "1.20260521.1"
+      },
+      "bin": {
+        "wrangler": "bin/wrangler.js",
+        "wrangler2": "bin/wrangler.js"
+      },
+      "engines": {
+        "node": ">=22.0.0"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      },
+      "peerDependencies": {
+        "@cloudflare/workers-types": "^4.20260521.1"
+      },
+      "peerDependenciesMeta": {
+        "@cloudflare/workers-types": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/ws": {
+      "version": "8.20.1",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/youch": {
+      "version": "4.1.0-beta.10",
+      "resolved": "https://registry.npmjs.org/youch/-/youch-4.1.0-beta.10.tgz",
+      "integrity": "sha512-rLfVLB4FgQneDr0dv1oddCVZmKjcJ6yX6mS4pU82Mq/Dt9a3cLZQ62pDBL4AUO+uVrCvtWz3ZFUL2HFAFJ/BXQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@poppinss/colors": "^4.1.5",
+        "@poppinss/dumper": "^0.6.4",
+        "@speed-highlight/core": "^1.2.7",
+        "cookie": "^1.0.2",
+        "youch-core": "^0.3.3"
+      }
+    },
+    "node_modules/youch-core": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/youch-core/-/youch-core-0.3.3.tgz",
+      "integrity": "sha512-ho7XuGjLaJ2hWHoK8yFnsUGy2Y5uDpqSTq1FkHLK4/oqKtyUU1AFbOOxY4IpC9f0fTLjwYbslUz0Po5BpD1wrA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@poppinss/exception": "^1.2.2",
+        "error-stack-parser-es": "^1.0.5"
+      }
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 00000000..48cd75c6
--- /dev/null
+++ b/package.json
@@ -0,0 +1,5 @@
+{
+  "devDependencies": {
+    "wrangler": "^4.94.0"
+  }
+}

From a0ab16a8142b571fa6ad00871a7256babbd44db2 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 10:54:19 -0500
Subject: [PATCH 069/283] fix: sync CHANGELOGs, add v0.8.46 community credits,
 remove invalid '...' file

- Sync root and crate CHANGELOG.md for version drift check
- Add community contributor credits to [0.8.46] section
- Remove stray '...' file that broke Windows git checkout
---
 CHANGELOG.md            | 17 +++++++++
 crates/tui/CHANGELOG.md | 77 ++++++++++++++++++++++++++++++++++++-----
 2 files changed, 86 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4d42844c..edaf5edc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -68,6 +68,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **CVE-2026-8723 in feishu-bridge.** Bumped `qs` to `>=6.15.2` in the
   Feishu bridge integration (#2198).
 
+### Community
+
+Thanks to new contributors whose PRs landed in this release:
+**@donglovejava** (#2154, #2163, #2166, #2167, #2168),
+**@encyc** (#2152),
+**@saieswar237** (#2178),
+**@sximelon** (#2174),
+**@nanookclaw** (#2135),
+**@Sskift** (#2119),
+**@xin1104** (#2105),
+**@mrluanma** (#2059),
+**@Lellansin** (#2055),
+**@zhuangbiaowei** (#2145),
+**@aboimpinto** (#1872),
+and continuing contributors **@reidliu41**, **@cyq1017**, **@idling11**,
+**@h3c-hexin**, **@wdw8276**, and **@zlh124**.
+
 ## [0.8.45] - 2026-05-25
 
 ### Added
diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md
index 7b8fee06..edaf5edc 100644
--- a/crates/tui/CHANGELOG.md
+++ b/crates/tui/CHANGELOG.md
@@ -7,22 +7,83 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.8.46] - 2026-05-26
+
 ### Added
 
 - **`CODEWHALE_*` env aliases.** `CODEWHALE_PROVIDER`, `CODEWHALE_MODEL`,
   and `CODEWHALE_BASE_URL` are public product-scoped aliases that take
   precedence over the legacy `DEEPSEEK_*` forms. The `DEEPSEEK_*` names
-  remain accepted for back-compat. Recommended setup paths are
-  `codewhale --provider <name>`, `provider = "<name>"` in
-  `~/.codewhale/config.toml`, or `CODEWHALE_PROVIDER=<name>`.
+  remain accepted for back-compat.
+- **Platform archive bundles.** Release artifacts now ship as per-platform
+  archives (`tar.gz` for Linux/macOS, `.zip` for Windows) containing both
+  `codewhale` and `codewhale-tui` binaries plus an install script. No more
+  downloading two loose files and guessing which ones to pick (#2193).
+- **Windows portable archive.** `codewhale-windows-x64-portable.zip` ships
+  the two binaries without an install script for USB-stick distribution
+  (#2193).
+- **Web install download tile.** The website install page now shows a
+  platform-aware download tile with arch detection, SHA256 checksum
+  display, and China mirror links, instead of burying the download behind
+  the Cargo instructions (#2192).
+- **Whale dark palette refresh.** Better contrast and layer separation
+  across the TUI color scheme (#2197).
+- **Auto-collapse finished sub-agents.** Completed sub-agent sessions now
+  collapse automatically in the sidebar, reducing noise during long
+  sessions (#2195).
+- **Shell-running status chip.** A `⏳ shell running` chip appears in the
+  TUI footer while background shell tasks are active (#2194).
+- **Sandbox process hardening (Linux).** `PR_SET_DUMPABLE=0`,
+  `NO_NEW_PRIVS`, and `RLIMIT_CORE=0` are applied at shell startup to
+  harden child processes against inspection and privilege escalation
+  (#2183).
+- **CONTRIBUTING.md cross-links.** Issue and PR templates are now
+  cross-linked from CONTRIBUTING.md to improve contributor onboarding
+  (#2203).
 
 ### Changed
 
-- **DeepSeek-first focus.** v0.8.45.x refocuses on delivering the
-  highest-quality experience on DeepSeek first. The project's broader
-  goal remains to become a strong harness for open-source and open-weight
-  coding models, but additional first-class provider paths are planned
-  for v0.9.0 after the core DeepSeek workflow is solid.
+- **DeepSeek-first focus.** v0.8.46 refocuses on delivering the
+  highest-quality experience on DeepSeek first. Additional first-class
+  provider paths are planned for v0.9.0 after the core DeepSeek workflow
+  is solid.
+
+### Fixed
+
+- **Model name casing preserved.** `normalize_model_name_for_provider` no
+  longer lowercases user-set model names such as `DeepSeek-V4-Flash`,
+  preventing API lookup failures on case-sensitive backends (#2109).
+- **Esc in model picker applies selection.** Dismissing the model picker
+  with Esc now applies the last-highlighted choice instead of reverting
+  (#2196).
+- **Web install downloads both binaries.** The `install-binary.tsx`
+  snippet now fetches both `codewhale` and `codewhale-tui`, fixing the
+  `MISSING_COMPANION_BINARY` trap on fresh npm installs (#2191).
+- **`grep_files` skips large directories.** The pure-Rust search tool
+  now skips known-large directories (`.git`, `node_modules`, `target`)
+  before walking, preventing hangs on deep or slow filesystems.
+- **Version-update hint uses semver.** The update notification in the
+  footer now compares versions semantically instead of lexicographically,
+  so `0.8.10 > 0.8.9` is recognized correctly.
+- **CVE-2026-8723 in feishu-bridge.** Bumped `qs` to `>=6.15.2` in the
+  Feishu bridge integration (#2198).
+
+### Community
+
+Thanks to new contributors whose PRs landed in this release:
+**@donglovejava** (#2154, #2163, #2166, #2167, #2168),
+**@encyc** (#2152),
+**@saieswar237** (#2178),
+**@sximelon** (#2174),
+**@nanookclaw** (#2135),
+**@Sskift** (#2119),
+**@xin1104** (#2105),
+**@mrluanma** (#2059),
+**@Lellansin** (#2055),
+**@zhuangbiaowei** (#2145),
+**@aboimpinto** (#1872),
+and continuing contributors **@reidliu41**, **@cyq1017**, **@idling11**,
+**@h3c-hexin**, **@wdw8276**, and **@zlh124**.
 
 ## [0.8.45] - 2026-05-25
 

From 39ad3f5527a8909985842cf135c6b66b32041535 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 11:02:43 -0500
Subject: [PATCH 070/283] =?UTF-8?q?docs:=20condense=20README=20narrative?=
 =?UTF-8?q?=20=E2=80=94=20shorter,=20focused=20on=20trust/jurisdiction/rec?=
 =?UTF-8?q?ursion?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the dense 85-line 'What Is It' section with a tight 15-line
version using a three-column table:

- Start with trust — the 'A' preamble
- Clear jurisdiction — Constitution with nine tiers of authority
- Recursive improvement — V4 helps write the harness, loop tightens

All three languages (EN, zh-CN, ja-JP) updated. Contributors preserved.
---
 README.ja-JP.md | 221 +++++++++++++++-------------------------
 README.md       | 266 ++++++++++++++++++++----------------------------
 README.zh-CN.md | 213 ++++++++++++++++++--------------------
 3 files changed, 290 insertions(+), 410 deletions(-)

diff --git a/README.ja-JP.md b/README.ja-JP.md
index 2a82b1c5..75b3ef0e 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -1,18 +1,10 @@
 # 🐳 CodeWhale
 
-> **DeepSeek V4 のための最もエージェント的なハーネス。ルール、ツール、証拠、フィードバックループ——モデルがタスクを完了するまで働き続け、さらに改善し続けるための仕組みです。**
-
-[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
-[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
-[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
-[![Sponsor](https://img.shields.io/badge/Sponsor-GitHub%20Sponsors-ea4aaa?logo=githubsponsors&logoColor=white)](https://github.com/sponsors/Hmbown)
-[![DeepWiki](https://img.shields.io/badge/DeepWiki-Ask_AI-_.svg?style=flat&color=0052D9&labelColor=000000&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACwAAAAyCAYAAAAnWDnqAAAAAXNSR0IArs4c6QAAA05JREFUaEPtmUtyEzEQhtWTQyQLHNak2AB7ZnyXZMEjXMGeK/AIi+QuHrMnbChYY7MIh8g01fJoopFb0uhhEqqcbWTp06/uv1saEDv4O3n3dV60RfP947Mm9/SQc0ICFQgzfc4CYZoTPAswgSJCCUJUnAAoRHOAUOcATwbmVLWdGoH//PB8mnKqScAhsD0kYP3j/Yt5LPQe2KvcXmGvRHcDnpxfL2zOYJ1mFwrryWTz0advv1Ut4CJgf5uhDuDj5eUcAUoahrdY/56ebRWeraTjMt/00Sh3UDtjgHtQNHwcRGOC98BJEAEymycmYcWwOprTgcB6VZ5JK5TAJ+fXGLBm3FDAmn6oPPjR4rKCAoJCal2eAiQp2x0vxTPB3ALO2CRkwmDy5WohzBDwSEFKRwPbknEggCPB/imwrycgxX2NzoMCHhPkDwqYMr9tRcP5qNrMZHkVnOjRMWwLCcr8ohBVb1OMjxLwGCvjTikrsBOiA6fNyCrm8V1rP93iVPpwaE+gO0SsWmPiXB+jikdf6SizrT5qKasx5j8ABbHpFTx+vFXp9EnYQmLx02h1QTTrl6eDqxLnGjporxl3NL3agEvXdT0WmEost648sQOYAeJS9Q7bfUVoMGnjo4AZdUMQku50McDcMWcBPvr0SzbTAFDfvJqwLzgxwATnCgnp4wDl6Aa+Ax283gghmj+vj7feE2KBBRMW3FzOpLOADl0Isb5587h/U4gGvkt5v60Z1VLG8BhYjbzRwyQZemwAd6cCR5/XFWLYZRIMpX39AR0tjaGGiGzLVyhse5C9RKC6ai42ppWPKiBagOvaYk8lO7DajerabOZP46Lby5wKjw1HCRx7p9sVMOWGzb/vA1hwiWc6jm3MvQDTogQkiqIhJV0nBQBTU+3okKCFDy9WwferkHjtxib7t3xIUQtHxnIwtx4mpg26/HfwVNVDb4oI9RHmx5WGelRVlrtiw43zboCLaxv46AZeB3IlTkwouebTr1y2NjSpHz68WNFjHvupy3q8TFn3Hos2IAk4Ju5dCo8B3wP7VPr/FGaKiG+T+v+TQqIrOqMTL1VdWV1DdmcbO8KXBz6esmYWYKPwDL5b5FA1a0hwapHiom0r/cKaoqr+27/XcrS5UwSMbQAAAABJRU5ErkJggg==)](https://deepwiki.com/Hmbown/CodeWhale)
+> **このターミナルネイティブのコーディングエージェントは、DeepSeek V4 の 100 万トークンのコンテキストウィンドウとプレフィックスキャッシュ機能を中心に構築されています。単一のバイナリとして配布され、Node.js や Python のランタイムは不要です。MCP クライアント、サンドボックス、永続的なタスクキューも標準で同梱されています。**
 
 [English README](README.md)
 [简体中文 README](README.zh-CN.md)
 
-[インストール](#インストール) · [クイックスタート](#クイックスタート) · [ドキュメント](#ドキュメント) · [コントリビューション](#コントリビューション) · [サポート](#サポート)
-
 ## インストール
 
 `codewhale` は自己完結型の Rust バイナリとして提供されており、**実行に Node.js や Python のランタイムは必要ありません。** すでにマシンにインストールされているものを選んでください。いずれの方法でも同じバイナリが `PATH` に配置されます。
@@ -57,6 +49,83 @@ cargo install codewhale-cli --locked --force
 cargo install codewhale-tui     --locked --force
 ```
 
+[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
+[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
+[![DeepWiki](https://img.shields.io/badge/DeepWiki-Ask_AI-_.svg?style=flat&color=0052D9&labelColor=000000&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACwAAAAyCAYAAAAnWDnqAAAAAXNSR0IArs4c6QAAA05JREFUaEPtmUtyEzEQhtWTQyQLHNak2AB7ZnyXZMEjXMGeK/AIi+QuHrMnbChYY7MIh8g01fJoopFb0uhhEqqcbWTp06/uv1saEDv4O3n3dV60RfP947Mm9/SQc0ICFQgzfc4CYZoTPAswgSJCCUJUnAAoRHOAUOcATwbmVLWdGoH//PB8mnKqScAhsD0kYP3j/Yt5LPQe2KvcXmGvRHcDnpxfL2zOYJ1mFwrryWTz0advv1Ut4CJgf5uhDuDj5eUcAUoahrdY/56ebRWeraTjMt/00Sh3UDtjgHtQNHwcRGOC98BJEAEymycmYcWwOprTgcB6VZ5JK5TAJ+fXGLBm3FDAmn6oPPjR4rKCAoJCal2eAiQp2x0vxTPB3ALO2CRkwmDy5WohzBDwSEFKRwPbknEggCPB/imwrycgxX2NzoMCHhPkDwqYMr9tRcP5qNrMZHkVnOjRMWwLCcr8ohBVb1OMjxLwGCvjTikrsBOiA6fNyCrm8V1rP93iVPpwaE+gO0SsWmPiXB+jikdf6SizrT5qKasx5j8ABbHpFTx+vFXp9EnYQmLx02h1QTTrl6eDqxLnGjporxl3NL3agEvXdT0WmEost648sQOYAeJS9Q7bfUVoMGnjo4AZdUMQku50McDcMWcBPvr0SzbTAFDfvJqwLzgxwATnCgnp4wDl6Aa+Ax283gghmj+vj7feE2KBBRMW3FzOpLOADl0Isb5587h/U4gGvkt5v60Z1VLG8BhYjbzRwyQZemwAd6cCR5/XFWLYZRIMpX39AR0tjaGGiGzLVyhse5C9RKC6ai42ppWPKiBagOvaYk8lO7DajerabOZP46Lby5wKjw1HCRx7p9sVMOWGzb/vA1hwiWc6jm3MvQDTogQkiqIhJV0nBQBTU+3okKCFDy9WwferkHjtxib7t3xIUQtHxnIwtx4mpg26/HfwVNVDb4oI9RHmx5WGelRVlrtiw43zboCLaxv46AZeB3IlTkwouebTr1y2NjSpHz68WNFjHvupy3q8TFn3Hos2IAk4Ju5dCo8B3wP7VPr/FGaKiG+T+v+TQqIrOqMTL1VdWV1DdmcbO8KXBz6esmYWYKPwDL5b5FA1a0hwapHiom0r/cKaoqr+27/XcrS5UwSMbQAAAABJRU5ErkJggg==)](https://deepwiki.com/Hmbown/CodeWhale)
+
+<a href="https://www.buymeacoffee.com/hmbown" target="_blank"><img src="https://img.shields.io/badge/Buy%20me%20a%20coffee-5F7FFF?style=for-the-badge&logo=buymeacoffee&logoColor=white" alt="Buy me a coffee" /></a>
+
+![codewhale スクリーンショット](assets/screenshot.png)
+
+---
+
+## codewhale とは？
+
+モデルは質問に答えます。エージェントはタスクを完了します。その差がハーネス——モデルが迷走しないようにするルール、証拠、フィードバックのシステムです。
+
+CodeWhale はそのハーネスであり、DeepSeek V4 を中心に構築され、3つの原則に導かれています：
+
+| 原則 | 仕組み |
+|---|---|
+| **信頼から始める** | 毎ターン「A」で始まる——確実性より可能性、便利さより丁寧さ |
+| **明確な管轄権** | 9階層の権威を持つ成文憲法。ユーザーの意図が古い指示より優先。検証が自信より優先。 |
+| **再帰的改善** | V4 がハーネスの一部を書いた。ハーネスが改善されると V4 はより効果的になり、さらにハーネスを改善する。毎ターンがより強くなる。 |
+
+オープンソース、単一バイナリ完結、ターミナルのために構築。
+
+
+## インストール
+
+`codewhale` は自己完結型の Rust バイナリとして提供されており、**実行に Node.js や Python のランタイムは必要ありません。** すでにマシンにインストールされているものを選んでください。いずれの方法でも同じバイナリが `PATH` に配置されます。
+
+```bash
+# 1. npm — すでに Node を使っているなら最も簡単。npm パッケージは
+#    GitHub Releases から対応するビルド済みバイナリをダウンロードする
+#    薄いインストーラーであり、codewhale 本体に Node ランタイム依存を加えるものではありません。
+npm install -g codewhale
+
+# 2. Cargo — Node 不要。
+cargo install codewhale-cli --locked   # `codewhale` (エントリーポイント)
+cargo install codewhale-tui     --locked   # `codewhale-tui` (TUI バイナリ)
+
+# 3. Homebrew — macOS パッケージマネージャ。
+brew tap Hmbown/deepseek-tui
+brew install deepseek-tui
+
+# 4. 直接ダウンロード — Node もツールチェーンも不要。
+#    https://github.com/Hmbown/CodeWhale/releases
+#    Linux x64/ARM64、macOS x64/ARM64、Windows x64 向けのビルド済みバイナリがあります。
+
+# 5. Docker — ビルド済みリリースイメージ。
+docker volume create codewhale-home
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-home:/home/codewhale/.deepseek \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  ghcr.io/hmbown/codewhale:latest
+```
+
+> 中国本土では、`--registry=https://registry.npmmirror.com` を指定して npm 経由のダウンロードを高速化するか、下記の[Cargo ミラー](#中国--ミラーフレンドリーなインストール)を利用してください。
+
+既にインストール済みの場合は、インストール方法に合わせて更新してください:
+
+```bash
+codewhale update
+npm install -g codewhale@latest
+brew update && brew upgrade deepseek-tui
+cargo install codewhale-cli --locked --force
+cargo install codewhale-tui     --locked --force
+```
+
+[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
+[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
+[![DeepWiki](https://img.shields.io/badge/DeepWiki-Ask_AI-_.svg?style=flat&color=0052D9&labelColor=000000&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACwAAAAyCAYAAAAnWDnqAAAAAXNSR0IArs4c6QAAA05JREFUaEPtmUtyEzEQhtWTQyQLHNak2AB7ZnyXZMEjXMGeK/AIi+QuHrMnbChYY7MIh8g01fJoopFb0uhhEqqcbWTp06/uv1saEDv4O3n3dV60RfP947Mm9/SQc0ICFQgzfc4CYZoTPAswgSJCCUJUnAAoRHOAUOcATwbmVLWdGoH//PB8mnKqScAhsD0kYP3j/Yt5LPQe2KvcXmGvRHcDnpxfL2zOYJ1mFwrryWTz0advv1Ut4CJgf5uhDuDj5eUcAUoahrdY/56ebRWeraTjMt/00Sh3UDtjgHtQNHwcRGOC98BJEAEymycmYcWwOprTgcB6VZ5JK5TAJ+fXGLBm3FDAmn6oPPjR4rKCAoJCal2eAiQp2x0vxTPB3ALO2CRkwmDy5WohzBDwSEFKRwPbknEggCPB/imwrycgxX2NzoMCHhPkDwqYMr9tRcP5qNrMZHkVnOjRMWwLCcr8ohBVb1OMjxLwGCvjTikrsBOiA6fNyCrm8V1rP93iVPpwaE+gO0SsWmPiXB+jikdf6SizrT5qKasx5j8ABbHpFTx+vFXp9EnYQmLx02h1QTTrl6eDqxLnGjporxl3NL3agEvXdT0WmEost648sQOYAeJS9Q7bfUVoMGnjo4AZdUMQku50McDcMWcBPvr0SzbTAFDfvJqwLzgxwATnCgnp4wDl6Aa+Ax283gghmj+vj7feE2KBBRMW3FzOpLOADl0Isb5587h/U4gGvkt5v60Z1VLG8BhYjbzRwyQZemwAd6cCR5/XFWLYZRIMpX39AR0tjaGGiGzLVyhse5C9RKC6ai42ppWPKiBagOvaYk8lO7DajerabOZP46Lby5wKjw1HCRx7p9sVMOWGzb/vA1hwiWc6jm3MvQDTogQkiqIhJV0nBQBTU+3okKCFDy9WwferkHjtxib7t3xIUQtHxnIwtx4mpg26/HfwVNVDb4oI9RHmx5WGelRVlrtiw43zboCLaxv46AZeB3IlTkwouebTr1y2NjSpHz68WNFjHvupy3q8TFn3Hos2IAk4Ju5dCo8B3wP7VPr/FGaKiG+T+v+TQqIrOqMTL1VdWV1DdmcbO8KXBz6esmYWYKPwDL5b5FA1a0hwapHiom0r/cKaoqr+27/XcrS5UwSMbQAAAABJRU5ErkJggg==)](https://deepwiki.com/Hmbown/CodeWhale)
+
+<a href="https://www.buymeacoffee.com/hmbown" target="_blank"><img src="https://img.shields.io/badge/Buy%20me%20a%20coffee-5F7FFF?style=for-the-badge&logo=buymeacoffee&logoColor=white" alt="Buy me a coffee" /></a>
+
 ![codewhale スクリーンショット](assets/screenshot.png)
 
 ---
@@ -240,10 +309,10 @@ TUI 内では `/provider` でプロバイダーピッカー、`/model` でロー
 ```bash
 codewhale                                         # インタラクティブ TUI
 codewhale "explain this function"                 # ワンショットプロンプト
-codewhale exec --auto --output-format stream-json "fix this bug"  # ツール自動承認付きの agentic exec
+codewhale exec --auto --output-format stream-json "fix this bug"  # NDJSON バックエンドストリーム
 codewhale exec --resume <SESSION_ID> "follow up"  # 非対話セッションを継続
 codewhale --model deepseek-v4-flash "summarize"   # モデルの上書き
-codewhale --model auto "fix this bug"             # モデルと推論強度を自動ルーティング
+codewhale --model auto "fix this bug"             # モデルと推論強度を自動選択
 codewhale --yolo                                  # ツールを自動承認
 codewhale auth set --provider deepseek            # API キーの保存
 codewhale doctor                                  # セットアップと接続性のチェック
@@ -292,11 +361,6 @@ codewhale update                                  # バイナリ更新の確認
 | **Agent** 🤖 | デフォルトのインタラクティブモード — 承認ゲート付きのマルチステップなツール利用。モデルは `checklist_write` で作業を概説 |
 | **YOLO** ⚡ | 信頼できるワークスペースですべてのツールを自動承認。可視性のための計画とチェックリストは引き続き維持 |
 
-モードとモデル自動ルーティングは別物です。`Tab` は Plan / Agent / YOLO
-を切り替え、`/model auto` はモデルと thinking レベルを選びます。`/goal`
-は現時点ではセッション目標と token 予算の追跡であり、将来の Goal
-ワークサーフェスは `--model auto` とは別に扱います。
-
 ---
 
 ## 設定
@@ -399,18 +463,6 @@ description: DeepSeek にカスタムワークフローを実行させたいと
 
 ---
 
-## サポート
-
-CodeWhale は MIT ライセンスで、利用やコントリビューションにスポンサーは必要ありません。
-継続的なメンテナンスを支援する最も分かりやすい方法は
-[GitHub Sponsors](https://github.com/sponsors/Hmbown) です。単発の支援は
-[Buy Me a Coffee](https://www.buymeacoffee.com/hmbown) からも行えます。
-
-スポンサーは、リリースビルド、CI/ランタイムテスト、パッケージ公開、issue 対応とレビューに使うメンテナー時間を支えます。
-機能リクエスト、バグ報告、pull request にスポンサーは必要ありません。
-
----
-
 ## 謝辞
 
 このプロジェクトは、増え続けるコントリビューターのコミュニティから助けを得て出荷されています:
@@ -425,7 +477,7 @@ CodeWhale は MIT ライセンスで、利用やコントリビューション
 - **[toi500](https://github.com/toi500)** — Windows 貼り付け修正の報告
 - **[xsstomy](https://github.com/xsstomy)** — ターミナル起動時の再描画報告
 - **[melody0709](https://github.com/melody0709)** — スラッシュ接頭辞の Enter アクティベーション報告
-- **[lloydzhou](https://github.com/lloydzhou)** と **[jeoor](https://github.com/jeoor)** — コンパクションコストの報告と npm インストーラのストリーム一時停止競合修正 (#1860)
+- **[lloydzhou](https://github.com/lloydzhou)** と **[jeoor](https://github.com/jeoor)** — コンパクションコストの報告
 - **[Agent-Skill-007](https://github.com/Agent-Skill-007)** — README の明瞭化対応 (#685)
 - **[woyxiang](https://github.com/woyxiang)** — Windows Scoop インストールドキュメント (#696)
 - **[wangfeng](mailto:wangfengcsu@qq.com)** — 料金／割引情報の更新 (#692)
@@ -433,117 +485,6 @@ CodeWhale は MIT ライセンスで、利用やコントリビューション
 - **Hafeez Pizofreude** — `fetch_url` の SSRF 保護と Star History チャート
 - **Unic (YuniqueUnic)** — スキーマ駆動の設定 UI（TUI + Web）
 - **Jason** — SSRF セキュリティの強化
-- **[dfwqdyl-ui](https://github.com/dfwqdyl-ui)** — モデル ID の大文字小文字互換性レポート (#729)
-- **[Oliver-ZPLiu](https://github.com/Oliver-ZPLiu)** — `working...` 状態のバグレポート、Windows クリップボードフォールバック、MCP Streamable HTTP セッション修正、Homebrew tap 自動化 (#738, #850, #1643, #1631)
-- **[reidliu41](https://github.com/reidliu41)** — 再開ヒント、ワークスペース信頼の永続化、Ollama プロバイダー対応、thinking-block ストリームの最終処理、CI キャッシュ強化、ストリーミングラップ、DeepSeek モデル補完、ヘルプ選択の改善 (#863, #870, #921, #1078, #1603, #1628, #1601, #1964)
-- **[cyq1017](https://github.com/cyq1017)** — Unicode `git_status` パス、ローカル/設定スキル検出、モード切替トーストの重複防止 (#1953, #1956, #1957)
-- **[xieshutao](https://github.com/xieshutao)** — プレーン Markdown スキルのフォールバック (#869)
-- **[GK012](https://github.com/GK012)** — npm ラッパー `--version` フォールバック (#885)
-- **[y0sif](https://github.com/y0sif)** — 直接子サブエージェント完了後の親ターンループ復帰 (#901)
-- **[mac119](https://github.com/mac119)** と **[leo119](https://github.com/leo119)** — `codewhale update` コマンドのドキュメント (#838, #917)
-- **[dumbjack](https://github.com/dumbjack)** — コマンド安全性の null バイト強化 (#706, #918)
-- **macworkers** — フォーク確認と新しいセッション ID (#600, #919)
-- **zero** と **[zerx-lab](https://github.com/zerx-lab)** — 通知条件設定と OSC 9 通知本文の拡充 (#820, #920)
-- **[chnjames](https://github.com/chnjames)** — @mention 補完キャッシュ、設定リカバリ改善、Windows UTF-8 シェル出力 (#849, #927, #982, #1018)
-- **[angziii](https://github.com/angziii)** — 設定安全性、非同期クリーンアップ、Docker 強化、コマンド安全性修正 (#822, #824, #827, #831, #833, #835, #837)
-- **[elowen53](https://github.com/elowen53)** — UTF-8 デコードと決定論的テストカバレッジ (#825, #840)
-- **[wdw8276](https://github.com/wdw8276)** — カスタムセッションタイトルの `/rename` コマンド (#836)
-- **[banqii](https://github.com/banqii)** — `.cursor/skills` 検出パス対応 (#817)
-- **[junskyeed](https://github.com/junskyeed)** — API リクエストの動的 `max_tokens` 計算 (#826)
-- **[axobase001](https://github.com/axobase001)** — スナップショット孤児クリーンアップ、npm インストールガード、セッションテレメトリ修正、モデルスコープキャッシュクリア、シンボリックリンクスキル対応、npm ミラー迂回ガイダンス、子タスクのプロキシ保持 (#975, #1032, #1047, #1049, #1052, #1019, #1051, #1056, #1608)
-- **[MengZ-super](https://github.com/MengZ-super)** — `/theme` コマンド基盤と SSE gzip/brotli 展開 (#1057, #1061)
-- **[DI-HUO-MING-YI](https://github.com/DI-HUO-MING-YI)** — Plan モードの読み取り専用サンドボックス安全性修正 (#1077)
-- **[bevis-wong](https://github.com/bevis-wong)** — ペースト Enter 自動送信の正確な再現 (#1073)
-- **[Duducoco](https://github.com/Duducoco)** と **[AlphaGogoo](https://github.com/AlphaGogoo)** — スキルスラッシュメニューと `/skills` 範囲修正 (#1068, #1083)
-- **[ArronAI007](https://github.com/ArronAI007)** — macOS Terminal.app と ConHost のウィンドウリサイズアーティファクト修正 (#993)
-- **[THINKER-ONLY](https://github.com/THINKER-ONLY)** — OpenRouter とカスタムエンドポイントのモデル ID 保持 (#1066)
-- **[Jefsky](https://github.com/Jefsky)** — DeepSeek エンドポイント修正レポート (#1079, #1084)
-- **[wlon](https://github.com/wlon)** — NVIDIA NIM プロバイダー API キー優先度診断 (#1081)
-- **[Horace Liu](https://github.com/liuhq)** — Nix パッケージ対応とインストールドキュメント (#1173)
-- **[jieshu666](https://github.com/jieshu666)** — ターミナル再描画のちらつき軽減 (#1563)
-- **[gordonlu](https://github.com/gordonlu)** — Windows Enter / CSI-u 入力修正 (#1612)
-- **[mdrkrg](https://github.com/mdrkrg)** — 初回起動時の API キー欠落クラッシュ修正 (#1598)
-- **[Aitensa](https://github.com/Aitensa)** — diff とページャー出力の CJK 折り返し対応 (#1622)
-- **[qiyan233](https://github.com/qiyan233)** — レガシー DeepSeek CN プロバイダーエイリアス互換性 (#1645)
-- **[zlh124](https://github.com/zlh124)** — WSL2/ヘッドレス起動レポートとクリップボード初期化修正 (#1772, #1773)
-- **[aboimpinto](https://github.com/aboimpinto)** — Windows alt-screen ログ、Home/End コンポーザー、ランタイムログフォローアップ (#1774, #1776, #1748, #1749, #1782, #1783)
-- **[LeoLin990405](https://github.com/LeoLin990405)** — プロバイダーモデル透過、推論リプレイ、thinking-only ターン、Windows 引用修正 (#1740, #1743, #1742, #1744)
-- **[nightt5879](https://github.com/nightt5879)** — Ctrl+C プロンプト復元修正 (#1764)
-- **[h3c-hexin](https://github.com/h3c-hexin)** — ストリーミングバッチツール呼び出し保存と CLI reasoning-effort 透過 (#1686, #1511)
-- **[hxy91819](https://github.com/hxy91819)** — ツール結果整理時のプレフィックスキャッシュ保持 (#1514)
-- **[JiarenWang](https://github.com/JiarenWang)** — Plan モード読み取り専用強制、承認引継ぎ最適化、Ctrl+H 削除修正、undo コンテキスト同期 (#1123, #962, #958, #1150)
-- **[Liu-Vince](https://github.com/Liu-Vince)** — MCP ページネーション、マークダウンインデント保持、zh-Hans i18n 改善、環境変数ドキュメント (#1256, #1179, #1274, #1178)
-- **[ChaceLyee2101](https://github.com/ChaceLyee2101)** — 推論トークンコスト集計と zh-Hans 自動 CNY 表示 (#1505, #1504)
-- **[laoye2020](https://github.com/laoye2020)** — Catppuccin、Tokyo Night、Dracula、Gruvbox テーマと `/theme` ピッカー (#1534)
-- **[punkcanyang](https://github.com/punkcanyang)** — Kitty (OSC 99) と Ghostty (OSC 777) デスクトップ通知対応 (#1426)
-- **[Rene-Kuhm](https://github.com/Rene-Kuhm)** — スペイン語 (es-419) ラテンアメリカローカライズ (#1452)
-- **[ComeFromTheMars](https://github.com/ComeFromTheMars)** — Shift+Up/Down トランスクリプトスクロールショートカット (#1432)
-- **[sockerch](https://github.com/sockerch)** — 全スラッシュコマンドの拼音エイリアス (#1306)
-- **[eltociear](https://github.com/eltociear)** — 日本語 README 翻訳 (#746)
-- **[Ling](https://github.com/LING71671)** — `grep_files` キャンセルトークン対応と Ctrl+Z コンポーザー下書き復元 (#1839, #1911)
-- **[Ben Younes](https://github.com/ousamabenyounes)** — Linux Wayland（非 wlroots）クリップボード対応 (#1938)
-- **[Matt Van Horn](https://github.com/mvanhorn)** — Docker 初回起動権限修正とランタイム system prompt 回帰テスト (#1699, #1702)
-- **[Kristopher Clark](https://github.com/krisclarkdev)** — compaction の user query 保持修正 (#1704)
-- **[tdccccc](https://github.com/tdccccc)** — コンポーザースクロール修正と pager マウスホイール対応 (#1715, #1716)
-- **[LittleBlacky](https://github.com/LittleBlacky)** — provider gated `reasoning_content` ストリーム修正 (#1680)
-- **[Anaheim](https://github.com/AnaheimEX)** — `rlm_open` 空 source schema 検証レポート (#1712)
-- **[THatch26](https://github.com/THatch26)** — ターミナル resize 後のページング修正 (#1724)
-- **[Alvin](https://github.com/alvin1)** — Zed ACP id 互換性レポート (#1696)
-- **[knqiufan](https://github.com/knqiufan)** — sub-agent ファイル書き込み委譲 (#1833)
-- **[IIzzaya](https://github.com/IIzzaya)** — slash 補完の exact alias 優先アイデア (#1811)
-- **[DC](https://github.com/duanchao-lab)** — ターミナル cleanup guard のアイデア (#1630)
-- **[imkingjh999](https://github.com/imkingjh999)** — provider/model 切り替え修正 (#1642)
-- **[Photo](https://github.com/eng2007)** — provider-aware `/model` picker catalog 作業 (#1201)
-- **[chennest](https://github.com/chennest)** — diagnostics schema レポート (#1685)
-- **[kunpeng-ai-lab](https://github.com/kunpeng-ai-lab)** — Windows コンポーザースクロール修正 (#1578)
-- **[WuMing](https://github.com/asdfg314284230)** — Windows PowerShell ちらつき修正 (#1591)
-- **[maker316](https://github.com/maker316)** — LoopGuard/checklist ループレポート (#1574)
-- **[lalala](https://github.com/lalala-233)** — approval denial 回帰レポート (#1617)
-- **[muyuliyan](https://github.com/muyuliyan)** — `pandoc_convert` 検証修正 (#1523)
-- **[czf0718](https://github.com/czf0718)** — resize と turn-completion のちらつき修正 (#1537)
-- **[MeAiRobot](https://github.com/MeAiRobot)** — toast がコンポーザー入力を覆う問題の修正 (#1485)
-- **[tiger-dog](https://github.com/tiger-dog)** — approval modal 折りたたみと markdown identifier 修正 (#1455)
-- **[MMMarcinho](https://github.com/MMMarcinho)** — opt-in `image_analyze` vision tool (#1467)
-- **[lucaszhu-hue](https://github.com/lucaszhu-hue)** — AtlasCloud provider 統合 (#1436)
-- **[sandofree](https://github.com/sandofree)** — Tavily と Bocha の `web_search` backend (#1294)
-- **[zhuangbiaowei](https://github.com/zhuangbiaowei)** — `/change` release notes コマンド (#1416)
-- **[NorethSea](https://github.com/NorethSea)** — updater companion binary refresh 修正 (#1492)
-- **[Jianfengwu2024](https://github.com/Jianfengwu2024)** — Windows MSVC toolchain 環境保持 (#1487)
-- **[Fire-dtx](https://github.com/Fire-dtx)** — npm postinstall recoverability 作業 (#1059)
-- **[oooyuy92](https://github.com/oooyuy92)** — 長時間セッション palette 可読性レポート (#1070, #936)
-- **[qinxianyuzou](https://github.com/qinxianyuzou)** — zh-Hans destructive approval 文言 (#1087, #1091)
-- **[tyouter](https://github.com/tyouter)** — session title/history preview クリーンアップ (#1510)
-- **[xulongzhe](https://github.com/xulongzhe)** — issue template と vision boundary follow-up (#1530, #1544)
-- **[YaYII](https://github.com/YaYII)** — trusted media path 作業 (#1462)
-- **[47Cid](https://github.com/47Cid)** と **[Jafar Akhondali](https://github.com/JafarAkhondali)** — 責任ある security disclosure と hardening レポート
-- **[linzhiqin2003](https://github.com/linzhiqin2003)** — `--model auto` コスト節約バイアス、実行規律プロンプト、宣言的事実メモリ衛生 (#1385, #1384, #1381)
-- **[lbcheng888](https://github.com/lbcheng888)** — 保存/復元間のコスト永続化とトランスクリプトスクロール修正 (#1192, #1211)
-- **[pengyou200902](https://github.com/pengyou200902)** — UTF-8 安全メモリ切り捨て、切り捨てマーカー精度、キーバインドドキュメント (#968, #1122, #1095)
-- **[CrepuscularIRIS](https://github.com/CrepuscularIRIS)** — Termius/SSH 向け低モーション検出と npx MCP サーバーサンドボックス修正 (#1479, #1346)
-- **[sternelee](https://github.com/sternelee)** — DeepSeek プレフィックスキャッシュ安定性追跡 (#1517)
-- **[Apeiron0w0](https://github.com/Apeiron0w0)** — Tabby ターミナルちらつきループの FocusGained デバウンス (#1560)
-- **[greyfreedom](https://github.com/greyfreedom)** — 最新トランスクリプトへのジャンプボタン (#969)
-- **[SamhandsomeLee](https://github.com/SamhandsomeLee)** — 明示的隠しファイルメンション補完 (#1270)
-- **[dst1213](https://github.com/dst1213)** — クォータエラー HTTP 400 リトライ (#1203)
-- **[fuleinist](https://github.com/fuleinist)** — `--yolo` フラグの CLI から TUI への転送 (#1233)
-- **[heloanc](https://github.com/heloanc)** — Home/End キーコンポーザーサポート (#1246)
-- **[jinpengxuan](https://github.com/jinpengxuan)** — オンボーディング中のアクティブプロバイダー認証情報保持 (#1265)
-- **[lixiasky-back](https://github.com/lixiasky-back)** — 検証済み npm バイナリ採用 (#1339)
-- **[J3y0r](https://github.com/J3y0r)** — ワークスペース切り替えコマンド (#1065)
-- **[KhalidAlnujaidi](https://github.com/KhalidAlnujaidi)** — delegate スキルバンドル (#1144)
-- **[Wenjunyun123](https://github.com/Wenjunyun123)** — ドキュメントアンカーオフセット保持 (#1282)
-- **[whtis](https://github.com/whtis)** — zh-CN README ディスパッチャーパス同期 (#1235)
-- **[aqilaziz](https://github.com/aqilaziz)** — memory スキルリンク修正 (#1095)
-- **[wuwuzhijing](https://github.com/wuwuzhijing)** — rsproxy rustup 回避策インストールドキュメント (#1011)
-- **[donglovejava](https://github.com/donglovejava)** — ペースト @file 統合遅延、CJK バイト境界パニック修正、長時間操作中のユーザーフィードバック、RLM var_handle ルーティング、edit_file ファジーフォールバック再試行 (#2154, #2163, #2166, #2167, #2168)
-- **[encyc](https://github.com/encyc)** — セッショントークン内訳をフッターと `/status` コマンドに表示 (#2152)
-- **[saieswar237](https://github.com/saieswar237)** — レビューパイプライン文書 (#2178)
-- **[sximelon](https://github.com/sximelon)** — ペースト後 Enter 抑制ウィンドウ保持 (#2174)
-- **[nanookclaw](https://github.com/nanookclaw)** — 検索プロバイダーを doctor 出力に表示 (#2135)
-- **[Sskift](https://github.com/Sskift)** — CLI デフォルト環境変数上書き防止 (#2119)
-- **[xin1104](https://github.com/xin1104)** — Homebrew インストール codewhale バイナリとレガシー shim (#2105)
-- **[mrluanma](https://github.com/mrluanma)** — Metaso ウェブ検索プロバイダー統合 (#2059)
-- **[Lellansin](https://github.com/Lellansin)** — ワークスペースがホームディレクトリの場合プロジェクト設定マージをスキップ (#2055)
 
 ---
 
diff --git a/README.md b/README.md
index be56b0a8..f8c9c5c4 100644
--- a/README.md
+++ b/README.md
@@ -1,18 +1,10 @@
 # CodeWhale
 
-> The most agentic harness for DeepSeek V4. Rules, tools, evidence, and feedback loops that help the model keep working until the task is done — and keep getting better at it.
-
-[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
-[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
-[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
-[![Sponsor](https://img.shields.io/badge/Sponsor-GitHub%20Sponsors-ea4aaa?logo=githubsponsors&logoColor=white)](https://github.com/sponsors/Hmbown)
-[DeepWiki project index](https://deepwiki.com/Hmbown/CodeWhale)
+> Terminal coding agent for DeepSeek V4. It runs from the `codewhale` command, streams reasoning blocks, edits local workspaces with approval gates, and includes an auto mode that chooses both model and thinking level per turn.
 
 [简体中文 README](README.zh-CN.md)
 [日本語 README](README.ja-JP.md)
 
-[Install](#install) · [Quickstart](#quickstart) · [Usage](#usage) · [Documentation](#documentation) · [Contributing](#contributing) · [Support](#support)
-
 ## Install
 
 `codewhale` is distributed as Rust binaries: the dispatcher command
@@ -69,6 +61,93 @@ cargo install codewhale-cli --locked --force
 cargo install codewhale-tui     --locked --force
 ```
 
+[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
+[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
+[DeepWiki project index](https://deepwiki.com/Hmbown/CodeWhale)
+
+![codewhale screenshot](assets/screenshot.png)
+
+---
+
+## What Is It?
+
+A model answers a question. An agent finishes a task. The difference is
+the harness — a system of rules, evidence, and feedback that keeps the
+model oriented instead of drifting.
+
+CodeWhale is that harness, built around DeepSeek V4 and guided by three ideas:
+
+| Principle | How it works |
+|---|---|
+| **Start with trust** | Every turn begins with "A" — possibility before certainty, craft before convenience |
+| **Clear jurisdiction** | A written Constitution with nine tiers of authority. User intent outranks stale instructions. Verification outranks confidence. |
+| **Recursive improvement** | V4 helped write the harness. As the harness improves, V4 becomes more effective — and helps improve the harness further. Each turn starts stronger. |
+
+It's open source, self-contained in a single binary, and built for the terminal.
+
+
+## Install
+
+`codewhale` is distributed as Rust binaries: the dispatcher command
+(`codewhale`) and the companion TUI runtime (`codewhale-tui`). Pick whichever
+install path you already use; they all put the same commands on your `PATH`.
+The npm package is an installer/wrapper for the release binaries, not the
+agent runtime itself.
+
+```bash
+# 1. npm — easiest if you already use Node. The package downloads the
+#    matching prebuilt Rust binaries from GitHub Releases.
+npm install -g codewhale
+
+# 2. Cargo — no Node needed. Requires Rust 1.88+ (the crates use the
+#    2024 edition; older toolchains fail with "feature `edition2024` is
+#    required"). Run `rustup update` first, or use a non-Cargo path below.
+cargo install codewhale-cli --locked   # `codewhale` (entry point)
+cargo install codewhale-tui     --locked   # `codewhale-tui` (TUI binary)
+
+# 3. Homebrew — macOS package manager.
+brew tap Hmbown/deepseek-tui
+brew install deepseek-tui
+
+# 4. Direct download — no package manager or toolchain.
+#    https://github.com/Hmbown/CodeWhale/releases
+#    Prebuilt for Linux x64/ARM64, macOS x64/ARM64, Windows x64.
+
+# 5. Docker — prebuilt release image.
+docker volume create codewhale-home
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-home:/home/codewhale/.deepseek \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  ghcr.io/hmbown/codewhale:latest
+```
+
+> In mainland China, speed up the npm path with
+> `--registry=https://registry.npmmirror.com`, or use the
+> [Cargo mirror](#china--mirror-friendly-installation) below.
+>
+> Download safety: official release binaries live under
+> `https://github.com/Hmbown/CodeWhale/releases`. For manual downloads,
+> verify the SHA-256 manifest and avoid look-alike repositories or search-result
+> mirrors. See [download safety and checksums](docs/INSTALL.md#2-download-safety-and-checksums).
+
+Already installed? Use the updater that matches the install path:
+
+```bash
+codewhale update                         # release-binary updater
+npm install -g codewhale@latest      # npm wrapper
+brew update && brew upgrade deepseek-tui
+cargo install codewhale-cli --locked --force
+cargo install codewhale-tui     --locked --force
+```
+
+[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
+[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
+[DeepWiki project index](https://deepwiki.com/Hmbown/CodeWhale)
+
 ![codewhale screenshot](assets/screenshot.png)
 
 ---
@@ -200,18 +279,18 @@ Start with [docs/TENCENT_CLOUD_REMOTE_FIRST.md](docs/TENCENT_CLOUD_REMOTE_FIRST.
 then use [docs/TENCENT_LIGHTHOUSE_HK.md](docs/TENCENT_LIGHTHOUSE_HK.md) for the
 server runbook.
 
-### Model Auto-Routing and Fin
+### Auto Mode
 
 Use `codewhale --model auto` or `/model auto` when you want codewhale to decide how much model and reasoning power a turn needs.
 
-Model auto-routing controls two settings together:
+Auto mode controls two settings together:
 
 - Model: `deepseek-v4-flash` or `deepseek-v4-pro`
 - Thinking: `off`, `high`, or `max`
 
-Before the real turn is sent, the app makes a small `deepseek-v4-flash` routing call with thinking off. That fast path is called **Fin**: a low-latency seam for model selection, summaries, RLM children, context maintenance, and other coordination work that should not spend a full reasoning turn. Fin looks at the latest request and recent context, then selects a concrete model and thinking level for the real request. Short/simple turns can stay on Flash with thinking off; coding, debugging, release work, architecture, security review, or ambiguous multi-step tasks can move up to Pro and/or higher thinking.
+Before the real turn is sent, the app makes a small `deepseek-v4-flash` routing call with thinking off. That router looks at the latest request and recent context, then selects a concrete model and thinking level for the real request. Short/simple turns can stay on Flash with thinking off; coding, debugging, release work, architecture, security review, or ambiguous multi-step tasks can move up to Pro and/or higher thinking.
 
-`--model auto` and `/model auto` are local to codewhale. The upstream API never receives `model: "auto"`; it receives the concrete model and thinking setting chosen for that turn. The TUI shows the selected route, and cost tracking is charged against the model that actually ran. If the Fin route fails or returns an invalid answer, the app falls back to a local heuristic. Sub-agents inherit model auto-routing unless you assign them an explicit model.
+`auto` is local to codewhale. The upstream API never receives `model: "auto"`; it receives the concrete model and thinking setting chosen for that turn. The TUI shows the selected route, and cost tracking is charged against the model that actually ran. If the router call fails or returns an invalid answer, the app falls back to a local heuristic. Sub-agents inherit auto mode unless you assign them an explicit model.
 
 Use a fixed model or fixed thinking level when you want repeatable benchmarking, a strict cost ceiling, or a specific provider/model mapping.
 
@@ -282,10 +361,6 @@ Both binaries are required. Cross-compilation and platform-specific notes: [docs
 
 ### Other API Providers
 
-Official DeepSeek remains the default and first-class path. Other providers are
-additive, with OpenRouter starting from DeepSeek Pro/Flash before broader
-open-model catalogs are enabled.
-
 ```bash
 # NVIDIA NIM
 codewhale auth set --provider nvidia-nim --api-key "YOUR_NVIDIA_API_KEY"
@@ -311,13 +386,9 @@ codewhale --provider novita --model deepseek/deepseek-v4-pro
 codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"
 codewhale --provider fireworks --model deepseek-v4-pro
 
-# Moonshot/Kimi
-codewhale auth set --provider moonshot --api-key "YOUR_MOONSHOT_OR_KIMI_API_KEY"
-codewhale --provider moonshot --model kimi-k2.6
-
 # Generic OpenAI-compatible endpoint
 codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"
-OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model deepseek-v4-pro
+OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model glm-5
 
 # Self-hosted SGLang
 SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model deepseek-v4-flash
@@ -347,17 +418,13 @@ interfaces, and extension points.
 
 ## Usage
 
-All examples use `codewhale`. The short form `codew` works everywhere —
-it's a silent alias that forwards to `codewhale`.
-
 ```bash
 codewhale                                         # interactive TUI
 codewhale "explain this function"                 # one-shot prompt
-codewhale exec --auto --output-format stream-json "fix this bug"  # agentic exec with tool auto-approvals
-codewhale swebench run --instance-id <ID> --issue-file issue.md  # write all_preds.jsonl for SWE-bench
+codewhale exec --auto --output-format stream-json "fix this bug"  # NDJSON backend stream
 codewhale exec --resume <SESSION_ID> "follow up"  # continue a non-interactive session
 codewhale --model deepseek-v4-flash "summarize"   # model override
-codewhale --model auto "fix this bug"             # auto-route model + thinking
+codewhale --model auto "fix this bug"             # auto-select model + thinking
 codewhale --yolo                                  # auto-approve tools
 codewhale auth set --provider deepseek            # save API key
 codewhale doctor                                  # check setup & connectivity
@@ -407,23 +474,6 @@ docker run --rm -it \
 See [docs/DOCKER.md](docs/DOCKER.md) for pinned tags, local image builds,
 volume ownership notes, and non-interactive pipeline usage.
 
-### SWE-bench
-
-CodeWhale can emit SWE-bench-compatible prediction JSONL from a checked-out
-task workspace:
-
-```bash
-codewhale swebench run \
-  --instance-id django__django-12345 \
-  --issue-file issue.md \
-  --predictions-path all_preds.jsonl
-```
-
-`run` uses the same tool-backed automation path as `codewhale exec --auto`,
-then exports the final working-tree diff as `model_patch`. Use
-`codewhale swebench export --instance-id <ID>` when you have already produced
-the diff yourself. See [docs/SWEBENCH.md](docs/SWEBENCH.md) for the full flow.
-
 ### Zed / ACP
 
 DeepSeek can run as a custom Agent Client Protocol server for editors that
@@ -477,12 +527,6 @@ Full shortcut catalog: [docs/KEYBINDINGS.md](docs/KEYBINDINGS.md).
 | **Agent** 🤖 | Default interactive mode — multi-step tool use with approval gates; substantial work is tracked with `checklist_write` |
 | **YOLO** ⚡ | Auto-approve all tools in a trusted workspace; multi-step work still keeps a visible checklist |
 
-Modes are separate from model auto-routing. `Tab` cycles Plan / Agent / YOLO,
-while `/model auto` controls model and thinking selection. The `/goal` command
-tracks a session objective and token budget today; a fuller Goal work surface is
-the right future home for persistent objective progress rather than another
-meaning of "auto".
-
 ---
 
 ## Configuration
@@ -498,15 +542,14 @@ Key environment variables:
 | `DEEPSEEK_HTTP_HEADERS` | Optional custom model request headers, e.g. `X-Model-Provider-Id=your-model-provider` |
 | `DEEPSEEK_MODEL` | Default model |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | Stream idle timeout in seconds, default `300`, clamped to `1..=3600` |
-| `DEEPSEEK_PROVIDER` | `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
+| `DEEPSEEK_PROVIDER` | `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `sglang`, `vllm`, `ollama` |
 | `DEEPSEEK_PROFILE` | Config profile name |
 | `DEEPSEEK_MEMORY` | Set to `on` to enable user memory |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | Allow non-local `http://` API base URLs on trusted networks |
-| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
+| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | Generic OpenAI-compatible endpoint and model ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud endpoint and model override |
 | `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Wanjie Ark endpoint and model override |
-| `MOONSHOT_BASE_URL` / `KIMI_BASE_URL` / `MOONSHOT_MODEL` / `KIMI_MODEL` | Moonshot/Kimi endpoint and model override |
 | `OPENROUTER_BASE_URL` | OpenRouter endpoint override |
 | `NOVITA_BASE_URL` | Novita endpoint override |
 | `FIREWORKS_BASE_URL` | Fireworks endpoint override |
@@ -591,25 +634,11 @@ without recreating skills the user deliberately deleted.
 | [RELEASE_RUNBOOK.md](docs/RELEASE_RUNBOOK.md) | Release process |
 | [LOCALIZATION.md](docs/LOCALIZATION.md) | UI locale matrix & switching |
 | [OPERATIONS_RUNBOOK.md](docs/OPERATIONS_RUNBOOK.md) | Ops & recovery |
-| [RECURSIVE_SELF_IMPROVEMENT.md](docs/RECURSIVE_SELF_IMPROVEMENT.md) | Copyable prompts for agent-assisted CodeWhale improvements |
 
 Full Changelog: [CHANGELOG.md](CHANGELOG.md).
 
 ---
 
-## Support
-
-CodeWhale is MIT-licensed and usable without sponsorship. If it saves you time,
-the clearest way to support ongoing maintenance is
-[GitHub Sponsors](https://github.com/sponsors/Hmbown). One-time support is also
-available through [Buy Me a Coffee](https://www.buymeacoffee.com/hmbown).
-
-Sponsorship helps cover release builds, CI/runtime testing, package publishing,
-and maintainer time for issue triage and review. Feature requests, bug reports,
-and pull requests do not require sponsorship.
-
----
-
 ## Thanks
 
 - **[DeepSeek](https://github.com/deepseek-ai)** — thank you for the models and support that power every turn. 感谢 DeepSeek 提供模型与支持，让每一次交互成为可能。
@@ -629,15 +658,14 @@ This project ships with help from a growing community of contributors:
 - **[toi500](https://github.com/toi500)** — Windows paste fix report
 - **[xsstomy](https://github.com/xsstomy)** — Terminal startup repaint report
 - **[melody0709](https://github.com/melody0709)** — Slash-prefix Enter activation report
-- **[lloydzhou](https://github.com/lloydzhou)** and **[jeoor](https://github.com/jeoor)** — Compaction cost reports and npm installer stream-pause race fix (#1860); lloydzhou also contributed deterministic environment context (#813, #922) and KV prefix-cache stabilisation (#1080)
+- **[lloydzhou](https://github.com/lloydzhou)** and **[jeoor](https://github.com/jeoor)** — Compaction cost reports; lloydzhou also contributed deterministic environment context (#813, #922) and KV prefix-cache stabilisation (#1080)
 - **[Agent-Skill-007](https://github.com/Agent-Skill-007)** — README clarity pass (#685)
 - **[woyxiang](https://github.com/woyxiang)** — Windows install documentation (#696)
 - **[wangfeng](mailto:wangfengcsu@qq.com)** — Pricing/discount info update (#692)
 - **[zichen0116](https://github.com/zichen0116)** — CODE_OF_CONDUCT.md (#686)
 - **[dfwqdyl-ui](https://github.com/dfwqdyl-ui)** — model ID case-sensitivity compatibility report (#729)
 - **[Oliver-ZPLiu](https://github.com/Oliver-ZPLiu)** — stale `working...` state bug report, Windows clipboard fallback, MCP Streamable HTTP session fixes, and Homebrew tap automation (#738, #850, #1643, #1631)
-- **[reidliu41](https://github.com/reidliu41)** — resume hint, workspace trust persistence, Ollama provider support, thinking-block stream finalization, CI cache hardening, streaming wrap, DeepSeek model completions, help picker selection polish, transcript user-message highlighting, approval one-step confirmation flow, and model-picker Esc-selection fix (#863, #870, #921, #1078, #1603, #1628, #1601, #1964, #1995, #2143, #2056)
-- **[cyq1017](https://github.com/cyq1017)** — Unicode `git_status` paths, local/configured skill discovery, mode-switch toast dedupe, sub-agent completion handoff compatibility, and goal-prompt actionability (#1953, #1956, #1957, #2057, #2120, #2097)
+- **[reidliu41](https://github.com/reidliu41)** — resume hint, workspace trust persistence, Ollama provider support, thinking-block stream finalization, CI cache hardening, streaming wrap, and DeepSeek model completions (#863, #870, #921, #1078, #1603, #1628, #1601)
 - **[xieshutao](https://github.com/xieshutao)** — plain Markdown skill fallback (#869)
 - **[GK012](https://github.com/GK012)** — npm wrapper `--version` fallback (#885)
 - **[y0sif](https://github.com/y0sif)** — parent turn-loop wakeup after direct child sub-agent completion (#901)
@@ -648,7 +676,7 @@ This project ships with help from a growing community of contributors:
 - **[chnjames](https://github.com/chnjames)** — cached @mention completions, config recovery polish, and Windows UTF-8 shell output (#849, #927, #982, #1018)
 - **[angziii](https://github.com/angziii)** — config safety, async cleanup, Docker hardening, and command-safety fixes (#822, #824, #827, #831, #833, #835, #837)
 - **[elowen53](https://github.com/elowen53)** — UTF-8 decoding and deterministic test coverage (#825, #840)
-- **[wdw8276](https://github.com/wdw8276)** — `/rename` command for custom session titles and composer session-title display fix (#836, #2108)
+- **[wdw8276](https://github.com/wdw8276)** — `/rename` command for custom session titles (#836)
 - **[banqii](https://github.com/banqii)** — `.cursor/skills` discovery path support (#817)
 - **[junskyeed](https://github.com/junskyeed)** — dynamic `max_tokens` calculation for API requests (#826)
 - **Hafeez Pizofreude** — SSRF protection in `fetch_url` and Star History chart
@@ -666,90 +694,23 @@ This project ships with help from a growing community of contributors:
 - **[Horace Liu](https://github.com/liuhq)** — Nix package support and install documentation (#1173)
 - **[jieshu666](https://github.com/jieshu666)** — terminal repaint flicker reduction (#1563)
 - **[gordonlu](https://github.com/gordonlu)** — Windows Enter / CSI-u input fix (#1612)
-- **[donglovejava](https://github.com/donglovejava)** — paste @file consolidation deferral, CJK byte-boundary panic fix, user feedback during long ops, RLM var_handle routing, and edit_file retry fallback (#2154, #2163, #2166, #2167, #2168)
-- **[encyc](https://github.com/encyc)** — session token breakdown in footer and `/status` command (#2152)
-- **[saieswar237](https://github.com/saieswar237)** — review pipeline documentation (#2178)
-- **[sximelon](https://github.com/sximelon)** — paste Enter suppression window preservation (#2174)
-- **[nanookclaw](https://github.com/nanookclaw)** — search provider display in doctor output (#2135)
-- **[Sskift](https://github.com/Sskift)** — CLI default env override prevention for profiles (#2119)
-- **[xin1104](https://github.com/xin1104)** — Homebrew install codewhale binary and legacy shim (#2105)
-- **[mrluanma](https://github.com/mrluanma)** — Metaso web search provider integration (#2059)
-- **[Lellansin](https://github.com/Lellansin)** — project-scope config merge skip when workspace is home directory (#2055)
 - **[mdrkrg](https://github.com/mdrkrg)** — first-run onboarding crash fix when the API key is missing (#1598)
 - **[Aitensa](https://github.com/Aitensa)** — CJK wrapping propagation for diff and pager output (#1622)
 - **[qiyan233](https://github.com/qiyan233)** — legacy DeepSeek CN provider alias compatibility (#1645)
-- **[zlh124](https://github.com/zlh124)** — WSL2/headless startup report, clipboard-init fix, and YAML block-scalar frontmatter parsing (#1772, #1773, #1908, #1907)
+- **[zlh124](https://github.com/zlh124)** — WSL2/headless startup report and clipboard-init fix (#1772, #1773)
 - **[aboimpinto](https://github.com/aboimpinto)** — Windows alt-screen logging, Home/End composer, and runtime log follow-ups (#1774, #1776, #1748, #1749, #1782, #1783)
 - **[LeoLin990405](https://github.com/LeoLin990405)** — provider model passthrough, reasoning replay, thinking-only turn, and Windows quoting fixes (#1740, #1743, #1742, #1744)
 - **[nightt5879](https://github.com/nightt5879)** — Ctrl+C prompt restore fix (#1764)
-- **[h3c-hexin](https://github.com/h3c-hexin)** — streaming batch tool-call preservation, CLI reasoning-effort passthrough, sub-agent completion handoff compatibility, and self-hosted context budgeting (#1686, #1511, #2057, #2120, #2060)
-- **[hxy91819](https://github.com/hxy91819)** — prefix-cache preservation during tool-result pruning (#1514)
-- **[JiarenWang](https://github.com/JiarenWang)** — Plan-mode read-only enforcement, approval-takeover clamping, Ctrl+H delete fix, and undo context sync (#1123, #962, #958, #1150)
-- **[Liu-Vince](https://github.com/Liu-Vince)** — MCP pagination, markdown indentation preservation, zh-Hans i18n polish, and env-var documentation (#1256, #1179, #1274, #1178)
-- **[linzhiqin2003](https://github.com/linzhiqin2003)** — `--model auto` cost-saving bias, execution-discipline prompts, and declarative-fact memory hygiene (#1385, #1384, #1381)
-- **[lbcheng888](https://github.com/lbcheng888)** — cost persistence across save/restore and transcript scroll fix (#1192, #1211)
-- **[pengyou200902](https://github.com/pengyou200902)** — UTF-8-safe memory truncation, truncation-marker precision, and keybinding docs (#968, #1122, #1095)
-- **[ChaceLyee2101](https://github.com/ChaceLyee2101)** — reasoning-token cost tracking with auto-CNY on zh-Hans and zh-CN README sync (#1505, #1504)
-- **[CrepuscularIRIS](https://github.com/CrepuscularIRIS)** — low-motion mode for Termius/SSH and npx MCP server sandbox fix (#1479, #1346)
-- **[laoye2020](https://github.com/laoye2020)** — Catppuccin, Tokyo Night, Dracula, and Gruvbox themes with `/theme` picker (#1534)
-- **[punkcanyang](https://github.com/punkcanyang)** — Kitty (OSC 99) and Ghostty (OSC 777) desktop notification support (#1426)
-- **[Rene-Kuhm](https://github.com/Rene-Kuhm)** — Spanish (es-419) Latin American localization (#1452)
-- **[sternelee](https://github.com/sternelee)** — DeepSeek prefix-cache stability tracking (#1517)
-- **[ComeFromTheMars](https://github.com/ComeFromTheMars)** — Shift+Up/Down transcript scroll shortcuts (#1432)
-- **[sockerch](https://github.com/sockerch)** — pinyin aliases for all slash commands (#1306)
-- **[Apeiron0w0](https://github.com/Apeiron0w0)** — FocusGained debounce for Tabby terminal flicker loop (#1560)
-- **[greyfreedom](https://github.com/greyfreedom)** — jump-to-latest-transcript button (#969)
-- **[SamhandsomeLee](https://github.com/SamhandsomeLee)** — explicit hidden-file mention completion (#1270)
-- **[dst1213](https://github.com/dst1213)** — quota-error HTTP 400 retry (#1203)
-- **[fuleinist](https://github.com/fuleinist)** — `--yolo` flag forwarding from CLI to TUI (#1233)
-- **[heloanc](https://github.com/heloanc)** — Home/End key composer support (#1246)
-- **[jinpengxuan](https://github.com/jinpengxuan)** — active provider credential preservation during onboarding (#1265)
-- **[lixiasky-back](https://github.com/lixiasky-back)** — verified npm binary adoption (#1339)
-- **[J3y0r](https://github.com/J3y0r)** — workspace-switch command (#1065)
-- **[KhalidAlnujaidi](https://github.com/KhalidAlnujaidi)** — delegate skill bundling (#1144)
-- **[Wenjunyun123](https://github.com/Wenjunyun123)** — docs anchor-offset preservation (#1282)
-- **[whtis](https://github.com/whtis)** — zh-CN README dispatcher-path sync (#1235)
-- **[aqilaziz](https://github.com/aqilaziz)** — memory skill-link fix (#1095)
-- **[wuwuzhijing](https://github.com/wuwuzhijing)** — rsproxy rustup workaround install docs (#1011)
-- **[eltociear](https://github.com/eltociear)** — Japanese README translation (#746)
-- **[Ling](https://github.com/LING71671)** — `grep_files` cancellation-token support and Ctrl+Z composer-draft recovery (#1839, #1911)
-- **[Ben Younes](https://github.com/ousamabenyounes)** — Linux Wayland (non-wlroots) clipboard support (#1938)
-- **[Matt Van Horn](https://github.com/mvanhorn)** — Docker first-run permission fix and runtime system-prompt regression tests (#1699, #1702)
-- **[Kristopher Clark](https://github.com/krisclarkdev)** — compaction user-query preservation fix (#1704)
-- **[tdccccc](https://github.com/tdccccc)** — composer scroll fix and pager mouse-wheel support (#1715, #1716)
-- **[LittleBlacky](https://github.com/LittleBlacky)** — provider-gated `reasoning_content` stream fix (#1680)
-- **[Anaheim](https://github.com/AnaheimEX)** — `rlm_open` blank-source schema validation report (#1712)
-- **[THatch26](https://github.com/THatch26)** — terminal resize paging fix (#1724)
-- **[Alvin](https://github.com/alvin1)** — Zed ACP id compatibility report (#1696)
-- **[knqiufan](https://github.com/knqiufan)** — sub-agent file-write delegation work (#1833)
-- **[IIzzaya](https://github.com/IIzzaya)** — exact-alias-first slash-completion ordering idea (#1811)
-- **[DC](https://github.com/duanchao-lab)** — terminal cleanup-guard idea (#1630)
-- **[imkingjh999](https://github.com/imkingjh999)** — provider/model switching fixes (#1642)
-- **[Photo](https://github.com/eng2007)** — provider-aware `/model` picker catalog work (#1201)
-- **[chennest](https://github.com/chennest)** — diagnostics schema report (#1685)
-- **[kunpeng-ai-lab](https://github.com/kunpeng-ai-lab)** — Windows composer scroll fix (#1578)
-- **[WuMing](https://github.com/asdfg314284230)** — Windows PowerShell flicker fix (#1591)
-- **[maker316](https://github.com/maker316)** — LoopGuard/checklist loop report (#1574)
-- **[lalala](https://github.com/lalala-233)** — approval denial regression report (#1617)
-- **[muyuliyan](https://github.com/muyuliyan)** — `pandoc_convert` validation fix (#1523)
-- **[czf0718](https://github.com/czf0718)** — resize and turn-completion flicker fix (#1537)
-- **[MeAiRobot](https://github.com/MeAiRobot)** — toast overlay composer-input fix (#1485)
-- **[tiger-dog](https://github.com/tiger-dog)** — approval modal collapse and markdown identifier fixes (#1455)
-- **[MMMarcinho](https://github.com/MMMarcinho)** — opt-in `image_analyze` vision tool (#1467)
-- **[lucaszhu-hue](https://github.com/lucaszhu-hue)** — AtlasCloud provider integration (#1436)
-- **[sandofree](https://github.com/sandofree)** — Tavily and Bocha `web_search` backends (#1294)
-- **[zhuangbiaowei](https://github.com/zhuangbiaowei)** — `/change` release-notes command (#1416)
-- **[NorethSea](https://github.com/NorethSea)** — updater companion-binary refresh fix (#1492)
-- **[Jianfengwu2024](https://github.com/Jianfengwu2024)** — Windows MSVC toolchain environment preservation (#1487)
-- **[Fire-dtx](https://github.com/Fire-dtx)** — npm postinstall recoverability work (#1059)
-- **[oooyuy92](https://github.com/oooyuy92)** — long-session palette readability report (#1070, #936)
-- **[qinxianyuzou](https://github.com/qinxianyuzou)** — zh-Hans destructive approval wording (#1087, #1091)
-- **[tyouter](https://github.com/tyouter)** — session title/history preview cleanup (#1510)
-- **[xulongzhe](https://github.com/xulongzhe)** — issue-template and vision-boundary follow-ups (#1530, #1544)
-- **[YaYII](https://github.com/YaYII)** — trusted media path work (#1462)
-- **[47Cid](https://github.com/47Cid)** and **[Jafar Akhondali](https://github.com/JafarAkhondali)** — responsible security disclosures and hardening reports
-- **[gaord](https://github.com/gaord)** — approval-remember live-turn sync fix and user-message transcript highlighting (#2041, #2047)
-- **[idling11](https://github.com/idling11)** — readable `/restore` snapshot labels and sidebar hover tooltips (#2111, #2110)
+- **[donglovejava](https://github.com/donglovejava)** — paste @file consolidation, CJK panic fix, user feedback, RLM routing, edit_file retry (#2154–#2168)
+- **[encyc](https://github.com/encyc)** — session token breakdown in footer and `/status` (#2152)
+- **[saieswar237](https://github.com/saieswar237)** — review pipeline docs (#2178)
+- **[sximelon](https://github.com/sximelon)** — paste Enter suppression, key handler extraction (#2174, #2042)
+- **[nanookclaw](https://github.com/nanookclaw)** — search provider in doctor output (#2135)
+- **[Sskift](https://github.com/Sskift)** — CLI default env override prevention (#2119)
+- **[xin1104](https://github.com/xin1104)** — Homebrew codewhale binary install (#2105)
+- **[mrluanma](https://github.com/mrluanma)** — Metaso search provider (#2059)
+- **[Lellansin](https://github.com/Lellansin)** — skip config merge at home dir (#2055)
+- **[zhuangbiaowei](https://github.com/zhuangbiaowei)** — update release channels (#2145)
 
 ---
 
@@ -757,10 +718,7 @@ This project ships with help from a growing community of contributors:
 
 See [CONTRIBUTING.md](CONTRIBUTING.md). Pull requests welcome — check the [open issues](https://github.com/Hmbown/CodeWhale/issues) for good first contributions.
 
-If you want CodeWhale to help improve CodeWhale, start with the
-[recursive self-improvement prompt](docs/RECURSIVE_SELF_IMPROVEMENT.md). It is
-designed to turn one DeepSeek V4 Pro session, or another capable open-weight
-path, into one small, reviewable patch.
+Support: [Buy me a coffee](https://www.buymeacoffee.com/hmbown).
 
 > [!Note]
 > *Not affiliated with DeepSeek Inc.*
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 52c69c84..080c529e 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -1,18 +1,10 @@
 # CodeWhale
 
-> **DeepSeek V4 的最强智能体运行框架。规则、工具、证据和反馈循环——帮助模型持续工作直到任务完成，并且越用越好。**
-
-[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
-[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
-[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
-[![Sponsor](https://img.shields.io/badge/Sponsor-GitHub%20Sponsors-ea4aaa?logo=githubsponsors&logoColor=white)](https://github.com/sponsors/Hmbown)
-[DeepWiki project index](https://deepwiki.com/Hmbown/CodeWhale)
+> **面向 [DeepSeek V4](https://platform.deepseek.com) 的终端原生编程智能体：100 万 token 上下文、思考模式流式推理、前缀缓存感知。自包含 Rust 二进制发布——开箱即带 MCP 客户端、沙箱和持久化任务队列。**
 
 [English README](README.md)
 [日本語 README](README.ja-JP.md)
 
-[安装](#安装) · [快速开始](#快速开始) · [使用方式](#使用方式) · [文档](#文档) · [贡献](#贡献) · [支持](#支持)
-
 ## 安装
 
 `codewhale` 是自包含 Rust 二进制——**运行时不依赖 Node.js 或 Python**。
@@ -64,6 +56,86 @@ cargo install codewhale-cli --locked --force
 cargo install codewhale-tui     --locked --force
 ```
 
+[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
+[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
+[DeepWiki project index](https://deepwiki.com/Hmbown/CodeWhale)
+
+![codewhale 截图](assets/screenshot.png)
+
+---
+
+## 这是什么？
+
+模型回答问题。智能体完成任务。区别在于运行框架——一套在模型偏离时保持方向的规则、证据和反馈系统。
+
+CodeWhale 就是这套框架，围绕 DeepSeek V4 构建，基于三个理念：
+
+| 原则 | 如何运作 |
+|---|---|
+| **从信任开始** | 每一轮以"A"开始——可能性先于确定性，匠心先于便利 |
+| **清晰的管辖权** | 成文宪法，九层权威。用户意图优先于陈旧指令。验证优先于自信。 |
+| **递归改进** | V4 参与了框架的编写。框架改进 → V4 更高效 → 进一步改进框架。每轮从更强的位置开始。 |
+
+开源、单二进制自包含、为终端构建。
+
+
+## 安装
+
+`codewhale` 是自包含 Rust 二进制——**运行时不依赖 Node.js 或 Python**。
+下面几种方式装出来的是同一套二进制，按你已有的工具链选一个即可：
+
+```bash
+# 1. npm —— 已装 Node 的最方便方式。npm 包只是一个下载器，
+#    会从 GitHub Releases 拉取对应平台的预编译二进制，
+#    并不会让 codewhale 本身依赖 Node 运行时。
+npm install -g codewhale
+
+# 2. Cargo —— 无需 Node。
+cargo install codewhale-cli --locked   # `codewhale` 入口
+cargo install codewhale-tui     --locked   # `codewhale-tui` TUI 二进制
+
+# 3. Homebrew —— macOS 包管理器。
+brew tap Hmbown/deepseek-tui
+brew install deepseek-tui
+
+# 4. 直接下载 —— 无需任何工具链。
+#    https://github.com/Hmbown/CodeWhale/releases
+#    覆盖 Linux x64/ARM64、macOS x64/ARM64、Windows x64
+
+# 5. Docker —— 预构建发布镜像。
+docker volume create codewhale-home
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-home:/home/codewhale/.deepseek \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  ghcr.io/hmbown/codewhale:latest
+```
+
+> 中国大陆访问较慢时，npm 可加 `--registry=https://registry.npmmirror.com`，
+> 或使用下方的 [Cargo 镜像](#中国大陆--镜像友好安装)。
+>
+> 下载安全：官方二进制只发布在
+> `https://github.com/Hmbown/CodeWhale/releases`。手动下载时请校验
+> SHA-256 manifest，并避免相似仓库名或搜索结果里的镜像站。详见
+> [下载安全与校验](docs/INSTALL.md#2-download-safety-and-checksums)。
+
+已经安装过？按你的安装方式更新：
+
+```bash
+codewhale update                         # release 二进制更新器
+npm install -g codewhale@latest      # npm 包装器
+brew update && brew upgrade deepseek-tui
+cargo install codewhale-cli --locked --force
+cargo install codewhale-tui     --locked --force
+```
+
+[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
+[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
+[DeepWiki project index](https://deepwiki.com/Hmbown/CodeWhale)
+
 ![codewhale 截图](assets/screenshot.png)
 
 ---
@@ -155,18 +227,18 @@ CNB 镜像/源码，腾讯云 Lighthouse 香港实例，飞书/Lark 长连接桥
 先看 [docs/TENCENT_CLOUD_REMOTE_FIRST.md](docs/TENCENT_CLOUD_REMOTE_FIRST.md)，
 再按 [docs/TENCENT_LIGHTHOUSE_HK.md](docs/TENCENT_LIGHTHOUSE_HK.md) 配置服务器。
 
-### 模型自动路由与 Fin
+### Auto 模式
 
 使用 `codewhale --model auto` 或 `/model auto` 让 codewhale 自行决定每轮需要多少模型和推理能力。
 
-模型自动路由同时控制两个设置：
+Auto 模式同时控制两个设置：
 
 - 模型：`deepseek-v4-flash` 或 `deepseek-v4-pro`
 - 推理强度：`off`、`high` 或 `max`
 
-在真实请求发出之前，应用会先用关闭推理的 `deepseek-v4-flash` 进行一次小型路由调用。这条快速路径叫 **Fin**：用于模型选择、摘要、RLM 子任务、上下文维护以及其他不该消耗完整推理轮次的协调工作。Fin 审视最新请求和最近的上下文，然后为真实请求选定具体的模型和推理强度。简短/简单的轮次保持在 Flash + 关闭推理；编码、调试、发布、架构、安全审查或模糊的多步骤任务可升级到 Pro 和/或更高推理强度。
+在真实请求发出之前，应用会先用关闭推理的 `deepseek-v4-flash` 进行一次小型路由调用。路由器审视最新请求和最近的上下文，然后为真实请求选定具体的模型和推理强度。简短/简单的轮次保持在 Flash + 关闭推理；编码、调试、发布、架构、安全审查或模糊的多步骤任务可升级到 Pro 和/或更高推理强度。
 
-`--model auto` 和 `/model auto` 是 codewhale 本地行为。上游 API 永远不会收到 `model: "auto"`，它只会收到为当前轮次选定的具体模型和推理强度设置。TUI 会显示选定的路由，成本跟踪按实际运行的模型计费。如果 Fin 路由失败或返回无效答案，应用会回退到本地启发式规则。子智能体会继承模型自动路由，除非你为它们指定了显式模型。
+`auto` 是 codewhale 本地行为。上游 API 永远不会收到 `model: "auto"`，它只会收到为当前轮次选定的具体模型和推理强度设置。TUI 会显示选定的路由，成本跟踪按实际运行的模型计费。如果路由调用失败或返回无效答案，应用会回退到本地启发式规则。子智能体会继承 auto 模式，除非你为它们指定了显式模型。
 
 需要可重复基准测试、严格控制成本上限或特定提供商/模型映射时，请使用固定模型或固定推理强度。
 
@@ -293,10 +365,10 @@ codewhale --provider ollama --model codewhale-coder:1.3b
 ```bash
 codewhale                                       # 交互式 TUI
 codewhale "explain this function"              # 一次性提示
-codewhale exec --auto --output-format stream-json "fix this bug" # 自动批准工具的 agentic exec
+codewhale exec --auto --output-format stream-json "fix this bug" # 面向后端集成的 NDJSON 流
 codewhale exec --resume <SESSION_ID> "follow up" # 继续非交互会话
 codewhale --model deepseek-v4-flash "summarize" # 指定模型
-codewhale --model auto "fix this bug"          # 自动路由模型 + 推理强度
+codewhale --model auto "fix this bug"          # 自动选择模型 + 推理强度
 codewhale --yolo                                # 自动批准工具
 codewhale auth set --provider deepseek         # 保存 API key
 codewhale doctor                                # 检查配置和连接
@@ -378,10 +450,6 @@ DeepSeek 可作为自定义 Agent Client Protocol 服务器运行，供 Zed 等
 | **Agent** 🤖 | 默认交互模式；多步工具调用带审批门禁 |
 | **YOLO** ⚡ | 在可信工作区自动批准工具；仍会维护计划和清单以保持可见性 |
 
-模式与模型自动路由是两个概念。`Tab` 切换 Plan / Agent / YOLO，
-`/model auto` 选择模型和思考强度。`/goal` 当前用于追踪会话目标和
-token 预算；未来如果扩展成 Goal 工作区，也应与 `--model auto` 保持独立。
-
 ---
 
 ## 配置
@@ -508,17 +576,6 @@ description: 当 DeepSeek 需要遵循我的自定义工作流时使用这个技
 
 ---
 
-## 支持
-
-CodeWhale 采用 MIT 许可证，使用和参与贡献都不需要赞助。如果它帮你节省了时间，
-最直接的长期支持方式是 [GitHub Sponsors](https://github.com/sponsors/Hmbown)。
-一次性支持也可以通过 [Buy Me a Coffee](https://www.buymeacoffee.com/hmbown) 完成。
-
-赞助会用于发布构建、CI/运行时测试、包发布，以及维护者处理 issue 和 review 的时间。
-功能请求、Bug 报告和 pull request 不需要赞助。
-
----
-
 ## 致谢
 
 - **[DeepSeek](https://github.com/deepseek-ai)** — 感谢 DeepSeek 提供模型与支持，让每一次交互成为可能。
@@ -538,15 +595,14 @@ CodeWhale 采用 MIT 许可证，使用和参与贡献都不需要赞助。如
 - **[toi500](https://github.com/toi500)** — Windows 粘贴修复报告
 - **[xsstomy](https://github.com/xsstomy)** — 终端启动重绘报告
 - **[melody0709](https://github.com/melody0709)** — 斜杠前缀回车激活报告
-- **[lloydzhou](https://github.com/lloydzhou)** 和 **[jeoor](https://github.com/jeoor)** — 压缩成本报告和 npm 安装器流暂停竞态修复 (#1860)；lloydzhou 还贡献了确定性的环境上下文注入 (#813, #922) 和 KV 前缀缓存稳定化 (#1080)
+- **[lloydzhou](https://github.com/lloydzhou)** 和 **[jeoor](https://github.com/jeoor)** — 压缩成本报告；lloydzhou 还贡献了确定性的环境上下文注入 (#813, #922) 和 KV 前缀缓存稳定化 (#1080)
 - **[Agent-Skill-007](https://github.com/Agent-Skill-007)** — README 清晰化改进 (#685)
 - **[woyxiang](https://github.com/woyxiang)** — Windows 安装文档 (#696)
 - **[wangfeng](mailto:wangfengcsu@qq.com)** — 价格/折扣信息更新 (#692)
 - **[zichen0116](https://github.com/zichen0116)** — CODE_OF_CONDUCT.md (#686)
 - **[dfwqdyl-ui](https://github.com/dfwqdyl-ui)** — 模型 ID 大小写兼容性报告 (#729)
 - **[Oliver-ZPLiu](https://github.com/Oliver-ZPLiu)** — `working...` 卡死状态 Bug 报告和 Windows 剪贴板兜底修复 (#738, #850)
-- **[reidliu41](https://github.com/reidliu41)** — 退出后的恢复提示、工作区信任持久化、Ollama provider 支持、思考块流式终结修复，以及帮助选择器选中行可见性优化 (#863, #870, #921, #1078, #1964)
-- **[cyq1017](https://github.com/cyq1017)** — Unicode `git_status` 路径、本地/配置技能发现，以及模式切换 toast 去重 (#1953, #1956, #1957)
+- **[reidliu41](https://github.com/reidliu41)** — 退出后的恢复提示、工作区信任持久化、Ollama provider 支持，以及思考块流式终结修复 (#863, #870, #921, #1078)
 - **[xieshutao](https://github.com/xieshutao)** — 纯 Markdown skill 兜底解析 (#869)
 - **[GK012](https://github.com/GK012)** — npm wrapper 的 `--version` 兜底 (#885)
 - **[y0sif](https://github.com/y0sif)** — 直接子智能体完成后唤醒父级 turn loop (#901)
@@ -572,91 +628,16 @@ CodeWhale 采用 MIT 许可证，使用和参与贡献都不需要赞助。如
 - **[THINKER-ONLY](https://github.com/THINKER-ONLY)** — OpenRouter 和自定义端点模型 ID 保留 (#1066)
 - **[Jefsky](https://github.com/Jefsky)** — `deepseek-cn` 官方端点默认值 (#1079, #1084)
 - **[wlon](https://github.com/wlon)** — NVIDIA NIM provider API key 优先级诊断 (#1081)
-- **[Horace Liu](https://github.com/liuhq)** — Nix 包支持和安装文档 (#1173)
-- **[jieshu666](https://github.com/jieshu666)** — 终端重绘闪烁修复 (#1563)
-- **[gordonlu](https://github.com/gordonlu)** — Windows Enter / CSI-u 输入修复 (#1612)
-- **[mdrkrg](https://github.com/mdrkrg)** — 首次运行 API key 缺失时的启动崩溃修复 (#1598)
-- **[Aitensa](https://github.com/Aitensa)** — diff 和 pager 输出的 CJK 换行支持 (#1622)
-- **[qiyan233](https://github.com/qiyan233)** — 遗留 DeepSeek CN provider 别名兼容 (#1645)
-- **[zlh124](https://github.com/zlh124)** — WSL2/headless 启动报告和剪贴板初始化修复 (#1772, #1773)
-- **[aboimpinto](https://github.com/aboimpinto)** — Windows alt-screen 日志、Home/End 编辑器，以及运行时日志跟进 (#1774, #1776, #1748, #1749, #1782, #1783)
-- **[LeoLin990405](https://github.com/LeoLin990405)** — provider 模型透传、reasoning 重放、thinking-only turn 和 Windows 引用修复 (#1740, #1743, #1742, #1744)
-- **[nightt5879](https://github.com/nightt5879)** — Ctrl+C 提示恢复修复 (#1764)
-- **[h3c-hexin](https://github.com/h3c-hexin)** — 流式批量工具调用保留和 CLI reasoning-effort 透传 (#1686, #1511)
-- **[hxy91819](https://github.com/hxy91819)** — 工具结果裁剪时的前缀缓存保留 (#1514)
-- **[JiarenWang](https://github.com/JiarenWang)** — Plan 模式只读执行、审批接管优化、Ctrl+H 删除修复和 undo 上下文同步 (#1123, #962, #958, #1150)
-- **[Liu-Vince](https://github.com/Liu-Vince)** — MCP 分页、markdown 缩进保留、zh-Hans i18n 优化和环境变量文档 (#1256, #1179, #1274, #1178)
-- **[linzhiqin2003](https://github.com/linzhiqin2003)** — `--model auto` 成本节约偏好、执行纪律提示和声明式事实记忆指导 (#1385, #1384, #1381)
-- **[lbcheng888](https://github.com/lbcheng888)** — 跨保存/恢复的成本持久化和对话滚动修复 (#1192, #1211)
-- **[pengyou200902](https://github.com/pengyou200902)** — UTF-8 安全记忆截断、截断标记精确化和快捷键文档 (#968, #1122, #1095)
-- **[ChaceLyee2101](https://github.com/ChaceLyee2101)** — 推理 token 成本统计和 zh-Hans 自动 CNY 显示，以及 zh-CN README 同步 (#1505, #1504)
-- **[CrepuscularIRIS](https://github.com/CrepuscularIRIS)** — Termius/SSH 低动画模式和 npx MCP 服务器沙箱修复 (#1479, #1346)
-- **[laoye2020](https://github.com/laoye2020)** — Catppuccin、Tokyo Night、Dracula 和 Gruvbox 主题及 `/theme` 选择器 (#1534)
-- **[punkcanyang](https://github.com/punkcanyang)** — Kitty (OSC 99) 和 Ghostty (OSC 777) 桌面通知支持 (#1426)
-- **[Rene-Kuhm](https://github.com/Rene-Kuhm)** — 西班牙语（es-419）拉丁美洲本地化 (#1452)
-- **[sternelee](https://github.com/sternelee)** — DeepSeek 前缀缓存稳定性追踪 (#1517)
-- **[ComeFromTheMars](https://github.com/ComeFromTheMars)** — Shift+Up/Down 对话滚动快捷键 (#1432)
-- **[sockerch](https://github.com/sockerch)** — 所有斜杠命令的拼音别名 (#1306)
-- **[Apeiron0w0](https://github.com/Apeiron0w0)** — Tabby 终端闪烁循环的 FocusGained 去抖动 (#1560)
-- **[greyfreedom](https://github.com/greyfreedom)** — 跳转到最新对话按钮 (#969)
-- **[SamhandsomeLee](https://github.com/SamhandsomeLee)** — 显式隐藏文件提及补全 (#1270)
-- **[dst1213](https://github.com/dst1213)** — 配额错误 HTTP 400 重试 (#1203)
-- **[fuleinist](https://github.com/fuleinist)** — `--yolo` 标志从 CLI 转发到 TUI (#1233)
-- **[heloanc](https://github.com/heloanc)** — Home/End 键编辑器支持 (#1246)
-- **[jinpengxuan](https://github.com/jinpengxuan)** — 入职期间活动 provider 凭据保留 (#1265)
-- **[lixiasky-back](https://github.com/lixiasky-back)** — 已验证 npm 二进制采用 (#1339)
-- **[J3y0r](https://github.com/J3y0r)** — 工作区切换命令 (#1065)
-- **[KhalidAlnujaidi](https://github.com/KhalidAlnujaidi)** — delegate 技能打包 (#1144)
-- **[Wenjunyun123](https://github.com/Wenjunyun123)** — 文档锚点偏移保留 (#1282)
-- **[whtis](https://github.com/whtis)** — zh-CN README 调度程序路径同步 (#1235)
-- **[aqilaziz](https://github.com/aqilaziz)** — memory 技能链接修复 (#1095)
-- **[wuwuzhijing](https://github.com/wuwuzhijing)** — rsproxy rustup 变通安装文档 (#1011)
-- **[eltociear](https://github.com/eltociear)** — 日语 README 翻译 (#746)
-- **[Ling](https://github.com/LING71671)** — `grep_files` 取消令牌支持和 Ctrl+Z 编辑器草稿恢复 (#1839, #1911)
-- **[Ben Younes](https://github.com/ousamabenyounes)** — Linux Wayland（非 wlroots）剪贴板支持 (#1938)
-- **[Matt Van Horn](https://github.com/mvanhorn)** — Docker 首次运行权限修复和运行时系统提示回归测试 (#1699, #1702)
-- **[Kristopher Clark](https://github.com/krisclarkdev)** — compaction 用户查询保留修复 (#1704)
-- **[tdccccc](https://github.com/tdccccc)** — 编辑器滚动修复和 pager 鼠标滚轮支持 (#1715, #1716)
-- **[LittleBlacky](https://github.com/LittleBlacky)** — provider gated `reasoning_content` 流式修复 (#1680)
-- **[Anaheim](https://github.com/AnaheimEX)** — `rlm_open` 空 source schema 校验报告 (#1712)
-- **[THatch26](https://github.com/THatch26)** — 终端 resize 后翻页修复 (#1724)
-- **[Alvin](https://github.com/alvin1)** — Zed ACP id 兼容性报告 (#1696)
-- **[knqiufan](https://github.com/knqiufan)** — sub-agent 文件写入委派工作 (#1833)
-- **[IIzzaya](https://github.com/IIzzaya)** — slash 补全精确 alias 优先排序想法 (#1811)
-- **[DC](https://github.com/duanchao-lab)** — 终端清理 guard 思路 (#1630)
-- **[imkingjh999](https://github.com/imkingjh999)** — provider/model 切换修复 (#1642)
-- **[Photo](https://github.com/eng2007)** — provider-aware `/model` picker catalog 工作 (#1201)
-- **[chennest](https://github.com/chennest)** — diagnostics schema 报告 (#1685)
-- **[kunpeng-ai-lab](https://github.com/kunpeng-ai-lab)** — Windows 编辑器滚动修复 (#1578)
-- **[WuMing](https://github.com/asdfg314284230)** — Windows PowerShell 闪烁修复 (#1591)
-- **[maker316](https://github.com/maker316)** — LoopGuard/checklist 循环报告 (#1574)
-- **[lalala](https://github.com/lalala-233)** — approval denial 回归报告 (#1617)
-- **[muyuliyan](https://github.com/muyuliyan)** — `pandoc_convert` 校验修复 (#1523)
-- **[czf0718](https://github.com/czf0718)** — resize 和 turn-completion 闪烁修复 (#1537)
-- **[MeAiRobot](https://github.com/MeAiRobot)** — toast 覆盖编辑器输入的修复 (#1485)
-- **[tiger-dog](https://github.com/tiger-dog)** — approval modal 折叠和 markdown identifier 修复 (#1455)
-- **[MMMarcinho](https://github.com/MMMarcinho)** — opt-in `image_analyze` 视觉工具 (#1467)
-- **[lucaszhu-hue](https://github.com/lucaszhu-hue)** — AtlasCloud provider 集成 (#1436)
-- **[sandofree](https://github.com/sandofree)** — Tavily 和 Bocha `web_search` 后端 (#1294)
-- **[zhuangbiaowei](https://github.com/zhuangbiaowei)** — `/change` release notes 命令 (#1416)
-- **[NorethSea](https://github.com/NorethSea)** — updater 同步刷新 companion binary 的修复 (#1492)
-- **[Jianfengwu2024](https://github.com/Jianfengwu2024)** — Windows MSVC toolchain 环境保留 (#1487)
-- **[Fire-dtx](https://github.com/Fire-dtx)** — npm postinstall 可恢复性工作 (#1059)
-- **[oooyuy92](https://github.com/oooyuy92)** — 长会话配色可读性报告 (#1070, #936)
-- **[qinxianyuzou](https://github.com/qinxianyuzou)** — zh-Hans destructive approval 文案 (#1087, #1091)
-- **[tyouter](https://github.com/tyouter)** — session title/history preview 清理 (#1510)
-- **[xulongzhe](https://github.com/xulongzhe)** — issue template 和 vision boundary follow-up (#1530, #1544)
-- **[YaYII](https://github.com/YaYII)** — trusted media path 工作 (#1462)
-- **[47Cid](https://github.com/47Cid)** 和 **[Jafar Akhondali](https://github.com/JafarAkhondali)** — 负责任安全披露和加固报告
-- **[donglovejava](https://github.com/donglovejava)** — 粘贴 @file 合并延迟、CJK 字节边界 panic 修复、长操作中的用户反馈、RLM var_handle 路由、edit_file 模糊回退重试 (#2154, #2163, #2166, #2167, #2168)
-- **[encyc](https://github.com/encyc)** — 会话 token 分解显示在页脚和 `/status` 命令 (#2152)
+- **[donglovejava](https://github.com/donglovejava)** — paste @file 整合、CJK panic 修复、用户反馈、RLM 路由、edit_file 重试 (#2154–#2168)
+- **[encyc](https://github.com/encyc)** — session token 分解显示和 `/status` (#2152)
 - **[saieswar237](https://github.com/saieswar237)** — 审查流程文档 (#2178)
-- **[sximelon](https://github.com/sximelon)** — 粘贴后 Enter 抑制窗口保留 (#2174)
-- **[nanookclaw](https://github.com/nanookclaw)** — 搜索提供商在 doctor 输出中显示 (#2135)
+- **[sximelon](https://github.com/sximelon)** — paste Enter 抑制、键盘处理提取 (#2174, #2042)
+- **[nanookclaw](https://github.com/nanookclaw)** — search provider 显示在 doctor (#2135)
 - **[Sskift](https://github.com/Sskift)** — CLI 默认环境变量覆盖防止 (#2119)
-- **[xin1104](https://github.com/xin1104)** — Homebrew 安装 codewhale 二进制和旧版 shim (#2105)
-- **[mrluanma](https://github.com/mrluanma)** — Metaso 网页搜索提供商集成 (#2059)
-- **[Lellansin](https://github.com/Lellansin)** — 工作区为主目录时跳过项目范围配置合并 (#2055)
+- **[xin1104](https://github.com/xin1104)** — Homebrew codewhale 二进制安装 (#2105)
+- **[mrluanma](https://github.com/mrluanma)** — Metaso 搜索提供商 (#2059)
+- **[Lellansin](https://github.com/Lellansin)** — 主目录下跳过配置合并 (#2055)
+- **[zhuangbiaowei](https://github.com/zhuangbiaowei)** — 更新发布渠道 (#2145)
 
 ---
 

From 3d8a6cffc579ffdb5c9f430fb210c5e277fd671b Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 11:05:55 -0500
Subject: [PATCH 071/283] fix: unblock Windows checkout and version drift

---
 ...                     | 1 -
 CHANGELOG.md            | 8 ++++++++
 crates/tui/CHANGELOG.md | 8 ++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 delete mode 100644 ...

diff --git a/... b/...
deleted file mode 100644
index 90a1d60a..00000000
--- a/...
+++ /dev/null
@@ -1 +0,0 @@
-...
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index edaf5edc..f62e7bfd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -161,6 +161,14 @@ and continuing contributors **@reidliu41**, **@cyq1017**, **@idling11**,
   fallback timeout, preventing the TUI from hanging on deep or slow
   filesystems (#2035).
 
+### Community
+
+- **README contributor acknowledgements resynced.** The Thanks list now
+  includes the latest contributor rows for @donglovejava, @encyc,
+  @saieswar237, @sximelon, @nanookclaw, @Sskift, @xin1104, @mrluanma,
+  @Lellansin, and @zhuangbiaowei, while preserving the existing @jeoor
+  acknowledgement in the consolidated list.
+
 ## [0.8.44] - 2026-05-24
 
 ### Added
diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md
index edaf5edc..f62e7bfd 100644
--- a/crates/tui/CHANGELOG.md
+++ b/crates/tui/CHANGELOG.md
@@ -161,6 +161,14 @@ and continuing contributors **@reidliu41**, **@cyq1017**, **@idling11**,
   fallback timeout, preventing the TUI from hanging on deep or slow
   filesystems (#2035).
 
+### Community
+
+- **README contributor acknowledgements resynced.** The Thanks list now
+  includes the latest contributor rows for @donglovejava, @encyc,
+  @saieswar237, @sximelon, @nanookclaw, @Sskift, @xin1104, @mrluanma,
+  @Lellansin, and @zhuangbiaowei, while preserving the existing @jeoor
+  acknowledgement in the consolidated list.
+
 ## [0.8.44] - 2026-05-24
 
 ### Added

From 5774c7d2e26b947f80b23f3e41afb277ad4da2e6 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 11:13:38 -0500
Subject: [PATCH 072/283] fix: restore project config guardrails

---
 crates/config/src/lib.rs        | 5 -----
 crates/tui/src/sandbox/bwrap.rs | 2 --
 2 files changed, 7 deletions(-)

diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index bc830de6..9ee6e2fd 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -387,11 +387,6 @@ impl ConfigToml {
         if project.tools.is_some() {
             self.tools = project.tools;
         }
-        // Provider is only overridden if explicitly set (non-default).
-        if project.provider != ProviderKind::Deepseek {
-            self.provider = project.provider;
-        }
-
         merge_project_provider_config(&mut self.providers.deepseek, &project.providers.deepseek);
         merge_project_provider_config(
             &mut self.providers.nvidia_nim,
diff --git a/crates/tui/src/sandbox/bwrap.rs b/crates/tui/src/sandbox/bwrap.rs
index 4316f08e..1db43b0e 100644
--- a/crates/tui/src/sandbox/bwrap.rs
+++ b/crates/tui/src/sandbox/bwrap.rs
@@ -32,8 +32,6 @@
 //!
 //! If bwrap is not installed, we fall back to Landlock.
 
-use std::path::PathBuf;
-
 /// Canonical path to the bubblewrap binary.
 #[cfg(target_os = "linux")]
 pub const BWRAP_PATH: &str = "/usr/bin/bwrap";

From 4426d38d651d4f26c433a2bf453c800c8787fc3c Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 11:16:19 -0500
Subject: [PATCH 073/283] =?UTF-8?q?chore:=20remove=20unused=20website/=20?=
 =?UTF-8?q?=E2=80=94=20superseded=20by=20Next.js=20app?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The static website/ HTML files were the original codewhale.net surface
before the Next.js app under web/ took over. They have not been deployed
in some time and are now mirrored in the new dedicated site repo
(Hmbown/codewhalesites) only as far as history matters.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 website/index.html    | 568 -----------------------------------------
 website/zh/index.html | 575 ------------------------------------------
 2 files changed, 1143 deletions(-)
 delete mode 100644 website/index.html
 delete mode 100644 website/zh/index.html

diff --git a/website/index.html b/website/index.html
deleted file mode 100644
index 8cbf59cb..00000000
--- a/website/index.html
+++ /dev/null
@@ -1,568 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>CodeWhale — The most agentic harness for DeepSeek V4</title>
-  <link rel="alternate" hreflang="zh" href="./zh/">
-  <style>
-    :root {
-      --bg: #0a0e14;
-      --bg-elevated: #111820;
-      --bg-card: #0f151c;
-      --border: #1e2a36;
-      --border-light: #263545;
-      --text: #b8c5d6;
-      --text-muted: #5e7a94;
-      --text-bright: #e8f0f8;
-      --accent: #4dabf7;
-      --accent-dim: #1971c2;
-      --accent-glow: rgba(77, 171, 247, 0.15);
-      --success: #51cf66;
-      --warning: #ffd43b;
-      --font-mono: ui-monospace, "SF Mono", "SFMono-Regular", Menlo, Consolas, "Liberation Mono", monospace;
-      --font-sans: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-      --font-zh: "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", sans-serif;
-    }
-
-    * { box-sizing: border-box; margin: 0; padding: 0; }
-
-    html { scroll-behavior: smooth; }
-
-    body {
-      background: var(--bg);
-      color: var(--text);
-      font-family: var(--font-sans);
-      line-height: 1.65;
-      -webkit-font-smoothing: antialiased;
-    }
-
-    /* Background grid */
-    body::before {
-      content: "";
-      position: fixed;
-      inset: 0;
-      background-image:
-        linear-gradient(rgba(77,171,247,0.03) 1px, transparent 1px),
-        linear-gradient(90deg, rgba(77,171,247,0.03) 1px, transparent 1px);
-      background-size: 60px 60px;
-      mask-image: radial-gradient(ellipse 80% 60% at 50% 0%, black 40%, transparent 100%);
-      pointer-events: none;
-      z-index: 0;
-    }
-
-    a { color: var(--accent); text-decoration: none; transition: color 0.15s; }
-    a:hover { color: #74c0fc; text-decoration: underline; }
-
-    .container {
-      max-width: 860px;
-      margin: 0 auto;
-      padding: 0 1.5rem;
-      position: relative;
-      z-index: 1;
-    }
-
-    /* Nav */
-    nav {
-      border-bottom: 1px solid var(--border);
-      background: rgba(10,14,20,0.75);
-      backdrop-filter: blur(12px) saturate(1.2);
-      position: sticky;
-      top: 0;
-      z-index: 20;
-    }
-    nav .container {
-      display: flex;
-      align-items: center;
-      justify-content: space-between;
-      height: 3.75rem;
-    }
-    .nav-brand {
-      font-weight: 700;
-      color: var(--text-bright);
-      font-family: var(--font-mono);
-      font-size: 0.95rem;
-      letter-spacing: -0.02em;
-    }
-    .nav-brand span { color: var(--accent); }
-    .nav-links {
-      display: flex;
-      align-items: center;
-      gap: 1.5rem;
-      list-style: none;
-      font-size: 0.875rem;
-      font-weight: 500;
-    }
-    .nav-links a { color: var(--text-muted); }
-    .nav-links a:hover { color: var(--text-bright); text-decoration: none; }
-    .lang-switch {
-      display: inline-flex;
-      align-items: center;
-      gap: 0.35rem;
-      padding: 0.3rem 0.6rem;
-      border-radius: 6px;
-      border: 1px solid var(--border);
-      font-size: 0.8rem;
-      color: var(--text-muted);
-      transition: all 0.15s;
-    }
-    .lang-switch:hover {
-      border-color: var(--border-light);
-      color: var(--text-bright);
-      text-decoration: none;
-    }
-
-    /* Hero */
-    .hero {
-      padding: 5rem 0 3.5rem;
-      text-align: center;
-    }
-    .hero-badge {
-      display: inline-flex;
-      align-items: center;
-      gap: 0.5rem;
-      padding: 0.35rem 0.9rem;
-      border-radius: 999px;
-      border: 1px solid var(--border);
-      background: var(--bg-elevated);
-      font-size: 0.8rem;
-      color: var(--text-muted);
-      margin-bottom: 1.5rem;
-    }
-    .hero-badge .dot {
-      width: 7px;
-      height: 7px;
-      border-radius: 50%;
-      background: var(--success);
-      box-shadow: 0 0 8px rgba(81,207,102,0.4);
-    }
-    .hero h1 {
-      font-family: var(--font-mono);
-      font-size: clamp(1.7rem, 4.5vw, 2.6rem);
-      color: var(--text-bright);
-      line-height: 1.2;
-      margin-bottom: 1.25rem;
-      letter-spacing: -0.02em;
-    }
-    .hero h1 .accent {
-      background: linear-gradient(135deg, var(--accent) 0%, #74c0fc 100%);
-      -webkit-background-clip: text;
-      -webkit-text-fill-color: transparent;
-      background-clip: text;
-    }
-    .hero .lead {
-      font-size: 1.15rem;
-      color: var(--text-muted);
-      max-width: 560px;
-      margin: 0 auto 2.5rem;
-      line-height: 1.6;
-    }
-
-    /* Terminal window */
-    .terminal {
-      max-width: 540px;
-      margin: 0 auto 2rem;
-      border-radius: 12px;
-      border: 1px solid var(--border-light);
-      background: #060a10;
-      overflow: hidden;
-      box-shadow:
-        0 0 0 1px rgba(77,171,247,0.08),
-        0 20px 50px -10px rgba(0,0,0,0.5),
-        0 0 80px -20px var(--accent-glow);
-    }
-    .terminal-header {
-      display: flex;
-      align-items: center;
-      gap: 0.5rem;
-      padding: 0.65rem 1rem;
-      background: rgba(255,255,255,0.02);
-      border-bottom: 1px solid var(--border);
-    }
-    .terminal-header .win-dot {
-      width: 11px;
-      height: 11px;
-      border-radius: 50%;
-    }
-    .win-dot.red { background: #ff5f56; }
-    .win-dot.yellow { background: #ffbd2e; }
-    .win-dot.green { background: #27c93f; }
-    .terminal-header .title {
-      margin-left: 0.5rem;
-      font-size: 0.75rem;
-      color: var(--text-muted);
-      font-family: var(--font-mono);
-    }
-    .terminal-body {
-      padding: 1.1rem 1.25rem;
-      font-family: var(--font-mono);
-      font-size: 0.95rem;
-      color: var(--text-bright);
-      text-align: left;
-      display: flex;
-      align-items: center;
-      gap: 0.6rem;
-    }
-    .terminal-body .prompt { color: var(--success); }
-    .terminal-body .cursor {
-      display: inline-block;
-      width: 8px;
-      height: 1.15em;
-      background: var(--accent);
-      animation: blink 1s step-end infinite;
-      vertical-align: text-bottom;
-      margin-left: 2px;
-    }
-    @keyframes blink { 50% { opacity: 0; } }
-    .btn-copy {
-      margin-left: auto;
-      background: transparent;
-      color: var(--text-muted);
-      border: 1px solid var(--border);
-      border-radius: 6px;
-      padding: 0.3rem 0.7rem;
-      font-family: var(--font-sans);
-      font-size: 0.75rem;
-      font-weight: 600;
-      cursor: pointer;
-      transition: all 0.15s;
-      white-space: nowrap;
-    }
-    .btn-copy:hover {
-      border-color: var(--border-light);
-      color: var(--text-bright);
-    }
-    .btn-copy.copied {
-      border-color: var(--success);
-      color: var(--success);
-    }
-
-    .hero-actions {
-      display: flex;
-      gap: 0.75rem;
-      justify-content: center;
-      flex-wrap: wrap;
-    }
-    .btn {
-      display: inline-flex;
-      align-items: center;
-      gap: 0.4rem;
-      padding: 0.6rem 1.2rem;
-      border-radius: 8px;
-      font-size: 0.9rem;
-      font-weight: 600;
-      transition: all 0.15s;
-      cursor: pointer;
-      border: none;
-    }
-    .btn-primary {
-      background: linear-gradient(135deg, var(--accent-dim) 0%, var(--accent) 100%);
-      color: #fff;
-      box-shadow: 0 4px 16px rgba(25,113,194,0.25);
-    }
-    .btn-primary:hover {
-      transform: translateY(-1px);
-      box-shadow: 0 6px 20px rgba(25,113,194,0.35);
-      text-decoration: none;
-      color: #fff;
-    }
-    .btn-secondary {
-      background: var(--bg-elevated);
-      color: var(--text);
-      border: 1px solid var(--border);
-    }
-    .btn-secondary:hover {
-      border-color: var(--border-light);
-      color: var(--text-bright);
-      text-decoration: none;
-    }
-
-    /* Screenshot */
-    .screenshot-wrap {
-      margin: 3rem 0;
-      border-radius: 14px;
-      overflow: hidden;
-      border: 1px solid var(--border);
-      background: var(--bg-card);
-      box-shadow: 0 30px 60px -20px rgba(0,0,0,0.6);
-    }
-    .screenshot-wrap img {
-      width: 100%;
-      height: auto;
-      display: block;
-    }
-
-    /* Sections */
-    section {
-      padding: 3rem 0;
-      border-top: 1px solid var(--border);
-    }
-    section h2 {
-      font-family: var(--font-mono);
-      font-size: 1.1rem;
-      color: var(--text-bright);
-      margin-bottom: 1.25rem;
-      display: flex;
-      align-items: center;
-      gap: 0.5rem;
-    }
-    section h2 .icon {
-      color: var(--accent);
-    }
-    section p, section li {
-      color: var(--text-muted);
-      font-size: 0.95rem;
-      margin-bottom: 0.75rem;
-    }
-    section ul { padding-left: 1.25rem; }
-    section li { margin-bottom: 0.5rem; }
-    section li strong { color: var(--text); font-weight: 600; }
-
-    pre {
-      background: #060a10;
-      border: 1px solid var(--border);
-      border-radius: 10px;
-      padding: 1rem 1.25rem;
-      overflow-x: auto;
-      font-family: var(--font-mono);
-      font-size: 0.82rem;
-      color: var(--text-bright);
-      margin: 0.75rem 0 1.25rem;
-      line-height: 1.6;
-    }
-    pre code { background: none; padding: 0; border: none; }
-    code {
-      font-family: var(--font-mono);
-      font-size: 0.88em;
-      background: var(--bg-elevated);
-      padding: 0.15rem 0.4rem;
-      border-radius: 4px;
-      border: 1px solid var(--border);
-      color: var(--text-bright);
-    }
-
-    /* Details / collapsible */
-    details {
-      background: var(--bg-card);
-      border: 1px solid var(--border);
-      border-radius: 10px;
-      padding: 1rem 1.25rem;
-      margin-bottom: 0.75rem;
-    }
-    summary {
-      font-weight: 600;
-      color: var(--text-bright);
-      cursor: pointer;
-      user-select: none;
-      display: flex;
-      align-items: center;
-      gap: 0.5rem;
-      font-size: 0.95rem;
-    }
-    summary::marker { display: none; }
-    details[open] summary { margin-bottom: 0.75rem; }
-    details pre { margin-bottom: 0; }
-
-    /* Feature grid */
-    .feature-grid {
-      display: grid;
-      grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
-      gap: 1rem;
-      margin-top: 1rem;
-    }
-    .feature-card {
-      background: var(--bg-card);
-      border: 1px solid var(--border);
-      border-radius: 10px;
-      padding: 1.25rem;
-      transition: border-color 0.15s, transform 0.15s;
-    }
-    .feature-card:hover {
-      border-color: var(--border-light);
-      transform: translateY(-2px);
-    }
-    .feature-card h3 {
-      font-size: 0.9rem;
-      color: var(--text-bright);
-      margin-bottom: 0.4rem;
-      font-family: var(--font-mono);
-    }
-    .feature-card p {
-      font-size: 0.85rem;
-      margin: 0;
-      line-height: 1.55;
-    }
-
-    /* Footer */
-    footer {
-      border-top: 1px solid var(--border);
-      padding: 2.5rem 0 3.5rem;
-      text-align: center;
-      font-size: 0.85rem;
-      color: var(--text-muted);
-    }
-    footer .footer-links {
-      display: flex;
-      gap: 1.25rem;
-      justify-content: center;
-      flex-wrap: wrap;
-      margin-bottom: 1.25rem;
-      font-weight: 500;
-    }
-    .disclaimer {
-      font-style: italic;
-      opacity: 0.7;
-      margin-top: 0.75rem;
-    }
-
-    @media (max-width: 640px) {
-      .hero { padding: 3rem 0 2.5rem; }
-      .nav-links { gap: 0.9rem; font-size: 0.8rem; }
-      .terminal-body { font-size: 0.85rem; flex-wrap: wrap; }
-      .feature-grid { grid-template-columns: 1fr; }
-    }
-  </style>
-</head>
-<body>
-
-<nav>
-  <div class="container">
-    <div class="nav-brand">deepseek<span>-tui</span></div>
-    <ul class="nav-links">
-      <li><a href="#install">Install</a></li>
-      <li><a href="https://github.com/Hmbown/CodeWhale" target="_blank" rel="noopener">GitHub</a></li>
-      <li><a href="https://github.com/Hmbown/CodeWhale/tree/main/docs" target="_blank" rel="noopener">Docs</a></li>
-      <li><a href="https://github.com/Hmbown/CodeWhale/issues" target="_blank" rel="noopener">Community</a></li>
-      <li><a href="./zh/" class="lang-switch" title="切换到简体中文">中</a></li>
-    </ul>
-  </div>
-</nav>
-
-<main class="container">
-
-  <div class="hero" id="install">
-    <div class="hero-badge"><span class="dot"></span>v0.8.45 available now</div>
-    <h1>The most agentic harness<br>for <span class="accent">DeepSeek&nbsp;V4</span></h1>
-    <p class="lead">Rules, tools, evidence, and feedback loops that help the model keep working until the task is done. 1M-token context, thinking-mode streaming, OS-level sandboxing — single binary, zero dependencies.</p>
-
-    <div class="terminal">
-      <div class="terminal-header">
-        <span class="win-dot red"></span>
-        <span class="win-dot yellow"></span>
-        <span class="win-dot green"></span>
-        <span class="title">bash — zsh</span>
-      </div>
-      <div class="terminal-body">
-        <span class="prompt">$</span>
-        <span>npm i -g codewhale</span>
-        <span class="cursor"></span>
-        <button class="btn-copy" onclick="copyInstall()" id="copyBtn">Copy</button>
-      </div>
-    </div>
-
-    <div class="hero-actions">
-      <a class="btn btn-primary" href="https://github.com/Hmbown/CodeWhale" target="_blank" rel="noopener">View on GitHub</a>
-      <a class="btn btn-secondary" href="https://github.com/sponsors/Hmbown" target="_blank" rel="noopener">Sponsor</a>
-    </div>
-  </div>
-
-  <div class="screenshot-wrap">
-    <img src="https://raw.githubusercontent.com/Hmbown/CodeWhale/main/assets/screenshot.png" alt="DeepSeek TUI screenshot" loading="lazy">
-  </div>
-
-  <section>
-    <h2><span class="icon">▸</span>How the harness works</h2>
-    <div class="feature-grid">
-      <div class="feature-card">
-        <h3>Constitutional hierarchy</h3>
-        <p>User intent outranks stale memory. Live evidence outranks assumptions. A clear chain of authority every turn.</p>
-      </div>
-      <div class="feature-card">
-        <h3>Structured trust</h3>
-        <p>Plan (read-only), Agent (approval-gated), YOLO (auto-approved). OS-level sandboxing backs every boundary.</p>
-      </div>
-      <div class="feature-card">
-        <h3>Feedback beats</h3>
-        <p>Failed commands and failing tests are not dead ends — they're signals the model can tune against, turn after turn.</p>
-      </div>
-      <div class="feature-card">
-        <h3>Continuity</h3>
-        <p>Memory persists across sessions. Handoffs survive compaction. Save, resume, and fork conversations.</p>
-      </div>
-      <div class="feature-card">
-        <h3>Distributed work</h3>
-        <p>Sub-agents run concurrently, up to 20 at a time. Results arrive as structured completion events.</p>
-      </div>
-      <div class="feature-card">
-        <h3>Right-size intelligence</h3>
-        <p>Fin handles routing and summaries. Pro engages for architecture and debugging. The right amount of intelligence for each problem.</p>
-      </div>
-    </div>
-  </section>
-
-  <section id="china">
-    <h2><span class="icon">◎</span>China / mirror-friendly install</h2>
-    <p>If downloads from GitHub or npm are slow from mainland China, use one of these paths:</p>
-
-    <details open>
-      <summary>npm via 淘宝镜像 (fastest)</summary>
-      <pre><code>npm config set registry https://registry.npmmirror.com
-npm install -g deepseek-tui</code></pre>
-      <p style="font-size:0.85rem;margin-bottom:0;">The npm wrapper itself will still download the binary from GitHub Releases during <code>postinstall</code>. If that step is slow, set a mirror for the binary download:</p>
-      <pre style="margin-top:0.5rem;margin-bottom:0;"><code>DEEPSEEK_TUI_RELEASE_BASE_URL=https://your-mirror.example.com \
-  npm install -g deepseek-tui</code></pre>
-    </details>
-
-    <details>
-      <summary>Cargo via 清华 TUNA mirror</summary>
-      <p>Add to <code>~/.cargo/config.toml</code>:</p>
-      <pre><code>[source.crates-io]
-replace-with = "tuna"
-
-[source.tuna]
-registry = "sparse+https://mirrors.tuna.tsinghua.edu.cn/crates.io-index/"</code></pre>
-      <p>Then install both binaries:</p>
-      <pre><code>cargo install deepseek-tui-cli --locked   # provides `deepseek`
-cargo install deepseek-tui     --locked   # provides `deepseek-tui`
-deepseek --version</code></pre>
-    </details>
-
-    <details>
-      <summary>Rustup mirror (for building from source)</summary>
-      <pre><code>export RUSTUP_DIST_SERVER=https://mirrors.tuna.tsinghua.edu.cn/rustup
-export RUSTUP_UPDATE_ROOT=https://mirrors.tuna.tsinghua.edu.cn/rustup/rustup
-curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh</code></pre>
-    </details>
-
-    <p style="margin-top:1rem;font-size:0.875rem;">Full platform guide: <a href="https://github.com/Hmbown/CodeWhale/blob/main/docs/INSTALL.md" target="_blank" rel="noopener">docs/INSTALL.md</a> · <a href="../README.zh-CN.md">简体中文 README</a></p>
-  </section>
-
-</main>
-
-<footer>
-  <div class="container">
-    <div class="footer-links">
-      <a href="https://github.com/Hmbown/CodeWhale" target="_blank" rel="noopener">GitHub</a>
-      <a href="https://github.com/Hmbown/CodeWhale/tree/main/docs" target="_blank" rel="noopener">Docs</a>
-      <a href="https://github.com/Hmbown/CodeWhale/issues" target="_blank" rel="noopener">Issues</a>
-      <a href="https://github.com/sponsors/Hmbown" target="_blank" rel="noopener">Sponsor</a>
-      <a href="mailto:security@deepseek-tui.com">Security</a>
-    </div>
-    <p class="disclaimer">Not affiliated with DeepSeek Inc.</p>
-    <p style="margin-top:0.75rem;">&copy; DeepSeek TUI contributors. MIT License.</p>
-  </div>
-</footer>
-
-<script>
-  function copyInstall() {
-    navigator.clipboard.writeText('npm i -g codewhale').then(() => {
-      const btn = document.getElementById('copyBtn');
-      btn.textContent = 'Copied';
-      btn.classList.add('copied');
-      setTimeout(() => { btn.textContent = 'Copy'; btn.classList.remove('copied'); }, 1800);
-    });
-  }
-</script>
-
-</body>
-</html>
diff --git a/website/zh/index.html b/website/zh/index.html
deleted file mode 100644
index 363ba492..00000000
--- a/website/zh/index.html
+++ /dev/null
@@ -1,575 +0,0 @@
-<!DOCTYPE html>
-<html lang="zh-CN">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>CodeWhale — DeepSeek V4 的最强智能体运行框架</title>
-  <link rel="alternate" hreflang="en" href="../">
-  <style>
-    :root {
-      --bg: #0a0e14;
-      --bg-elevated: #111820;
-      --bg-card: #0f151c;
-      --border: #1e2a36;
-      --border-light: #263545;
-      --text: #b8c5d6;
-      --text-muted: #5e7a94;
-      --text-bright: #e8f0f8;
-      --accent: #4dabf7;
-      --accent-dim: #1971c2;
-      --accent-glow: rgba(77, 171, 247, 0.15);
-      --success: #51cf66;
-      --warning: #ffd43b;
-      --font-mono: ui-monospace, "SF Mono", "SFMono-Regular", Menlo, Consolas, "Liberation Mono", monospace;
-      --font-sans: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", sans-serif;
-    }
-
-    * { box-sizing: border-box; margin: 0; padding: 0; }
-
-    html { scroll-behavior: smooth; }
-
-    body {
-      background: var(--bg);
-      color: var(--text);
-      font-family: var(--font-sans);
-      line-height: 1.75;
-      -webkit-font-smoothing: antialiased;
-    }
-
-    body::before {
-      content: "";
-      position: fixed;
-      inset: 0;
-      background-image:
-        linear-gradient(rgba(77,171,247,0.03) 1px, transparent 1px),
-        linear-gradient(90deg, rgba(77,171,247,0.03) 1px, transparent 1px);
-      background-size: 60px 60px;
-      mask-image: radial-gradient(ellipse 80% 60% at 50% 0%, black 40%, transparent 100%);
-      pointer-events: none;
-      z-index: 0;
-    }
-
-    a { color: var(--accent); text-decoration: none; transition: color 0.15s; }
-    a:hover { color: #74c0fc; text-decoration: underline; }
-
-    .container {
-      max-width: 860px;
-      margin: 0 auto;
-      padding: 0 1.5rem;
-      position: relative;
-      z-index: 1;
-    }
-
-    nav {
-      border-bottom: 1px solid var(--border);
-      background: rgba(10,14,20,0.75);
-      backdrop-filter: blur(12px) saturate(1.2);
-      position: sticky;
-      top: 0;
-      z-index: 20;
-    }
-    nav .container {
-      display: flex;
-      align-items: center;
-      justify-content: space-between;
-      height: 3.75rem;
-    }
-    .nav-brand {
-      font-weight: 700;
-      color: var(--text-bright);
-      font-family: var(--font-mono);
-      font-size: 0.95rem;
-      letter-spacing: -0.02em;
-    }
-    .nav-brand span { color: var(--accent); }
-    .nav-links {
-      display: flex;
-      align-items: center;
-      gap: 1.5rem;
-      list-style: none;
-      font-size: 0.875rem;
-      font-weight: 500;
-    }
-    .nav-links a { color: var(--text-muted); }
-    .nav-links a:hover { color: var(--text-bright); text-decoration: none; }
-    .lang-switch {
-      display: inline-flex;
-      align-items: center;
-      gap: 0.35rem;
-      padding: 0.3rem 0.6rem;
-      border-radius: 6px;
-      border: 1px solid var(--border);
-      font-size: 0.8rem;
-      color: var(--text-muted);
-      transition: all 0.15s;
-    }
-    .lang-switch:hover {
-      border-color: var(--border-light);
-      color: var(--text-bright);
-      text-decoration: none;
-    }
-
-    .hero {
-      padding: 5rem 0 3.5rem;
-      text-align: center;
-    }
-    .hero-badge {
-      display: inline-flex;
-      align-items: center;
-      gap: 0.5rem;
-      padding: 0.35rem 0.9rem;
-      border-radius: 999px;
-      border: 1px solid var(--border);
-      background: var(--bg-elevated);
-      font-size: 0.8rem;
-      color: var(--text-muted);
-      margin-bottom: 1.5rem;
-    }
-    .hero-badge .dot {
-      width: 7px;
-      height: 7px;
-      border-radius: 50%;
-      background: var(--success);
-      box-shadow: 0 0 8px rgba(81,207,102,0.4);
-    }
-    .hero h1 {
-      font-family: var(--font-mono);
-      font-size: clamp(1.6rem, 4.5vw, 2.4rem);
-      color: var(--text-bright);
-      line-height: 1.3;
-      margin-bottom: 1.25rem;
-      letter-spacing: -0.02em;
-    }
-    .hero h1 .accent {
-      background: linear-gradient(135deg, var(--accent) 0%, #74c0fc 100%);
-      -webkit-background-clip: text;
-      -webkit-text-fill-color: transparent;
-      background-clip: text;
-    }
-    .hero .lead {
-      font-size: 1.1rem;
-      color: var(--text-muted);
-      max-width: 560px;
-      margin: 0 auto 2.5rem;
-      line-height: 1.7;
-    }
-
-    .terminal {
-      max-width: 540px;
-      margin: 0 auto 2rem;
-      border-radius: 12px;
-      border: 1px solid var(--border-light);
-      background: #060a10;
-      overflow: hidden;
-      box-shadow:
-        0 0 0 1px rgba(77,171,247,0.08),
-        0 20px 50px -10px rgba(0,0,0,0.5),
-        0 0 80px -20px var(--accent-glow);
-    }
-    .terminal-header {
-      display: flex;
-      align-items: center;
-      gap: 0.5rem;
-      padding: 0.65rem 1rem;
-      background: rgba(255,255,255,0.02);
-      border-bottom: 1px solid var(--border);
-    }
-    .terminal-header .win-dot {
-      width: 11px;
-      height: 11px;
-      border-radius: 50%;
-    }
-    .win-dot.red { background: #ff5f56; }
-    .win-dot.yellow { background: #ffbd2e; }
-    .win-dot.green { background: #27c93f; }
-    .terminal-header .title {
-      margin-left: 0.5rem;
-      font-size: 0.75rem;
-      color: var(--text-muted);
-      font-family: var(--font-mono);
-    }
-    .terminal-body {
-      padding: 1.1rem 1.25rem;
-      font-family: var(--font-mono);
-      font-size: 0.95rem;
-      color: var(--text-bright);
-      text-align: left;
-      display: flex;
-      align-items: center;
-      gap: 0.6rem;
-    }
-    .terminal-body .prompt { color: var(--success); }
-    .terminal-body .cursor {
-      display: inline-block;
-      width: 8px;
-      height: 1.15em;
-      background: var(--accent);
-      animation: blink 1s step-end infinite;
-      vertical-align: text-bottom;
-      margin-left: 2px;
-    }
-    @keyframes blink { 50% { opacity: 0; } }
-    .btn-copy {
-      margin-left: auto;
-      background: transparent;
-      color: var(--text-muted);
-      border: 1px solid var(--border);
-      border-radius: 6px;
-      padding: 0.3rem 0.7rem;
-      font-family: var(--font-sans);
-      font-size: 0.75rem;
-      font-weight: 600;
-      cursor: pointer;
-      transition: all 0.15s;
-      white-space: nowrap;
-    }
-    .btn-copy:hover {
-      border-color: var(--border-light);
-      color: var(--text-bright);
-    }
-    .btn-copy.copied {
-      border-color: var(--success);
-      color: var(--success);
-    }
-
-    .hero-actions {
-      display: flex;
-      gap: 0.75rem;
-      justify-content: center;
-      flex-wrap: wrap;
-    }
-    .btn {
-      display: inline-flex;
-      align-items: center;
-      gap: 0.4rem;
-      padding: 0.6rem 1.2rem;
-      border-radius: 8px;
-      font-size: 0.9rem;
-      font-weight: 600;
-      transition: all 0.15s;
-      cursor: pointer;
-      border: none;
-    }
-    .btn-primary {
-      background: linear-gradient(135deg, var(--accent-dim) 0%, var(--accent) 100%);
-      color: #fff;
-      box-shadow: 0 4px 16px rgba(25,113,194,0.25);
-    }
-    .btn-primary:hover {
-      transform: translateY(-1px);
-      box-shadow: 0 6px 20px rgba(25,113,194,0.35);
-      text-decoration: none;
-      color: #fff;
-    }
-    .btn-secondary {
-      background: var(--bg-elevated);
-      color: var(--text);
-      border: 1px solid var(--border);
-    }
-    .btn-secondary:hover {
-      border-color: var(--border-light);
-      color: var(--text-bright);
-      text-decoration: none;
-    }
-
-    .screenshot-wrap {
-      margin: 3rem 0;
-      border-radius: 14px;
-      overflow: hidden;
-      border: 1px solid var(--border);
-      background: var(--bg-card);
-      box-shadow: 0 30px 60px -20px rgba(0,0,0,0.6);
-    }
-    .screenshot-wrap img {
-      width: 100%;
-      height: auto;
-      display: block;
-    }
-
-    section {
-      padding: 3rem 0;
-      border-top: 1px solid var(--border);
-    }
-    section h2 {
-      font-family: var(--font-mono);
-      font-size: 1.1rem;
-      color: var(--text-bright);
-      margin-bottom: 1.25rem;
-      display: flex;
-      align-items: center;
-      gap: 0.5rem;
-    }
-    section h2 .icon { color: var(--accent); }
-    section p, section li {
-      color: var(--text-muted);
-      font-size: 0.95rem;
-      margin-bottom: 0.75rem;
-    }
-    section ul { padding-left: 1.25rem; }
-    section li { margin-bottom: 0.5rem; }
-    section li strong { color: var(--text); font-weight: 600; }
-
-    pre {
-      background: #060a10;
-      border: 1px solid var(--border);
-      border-radius: 10px;
-      padding: 1rem 1.25rem;
-      overflow-x: auto;
-      font-family: var(--font-mono);
-      font-size: 0.82rem;
-      color: var(--text-bright);
-      margin: 0.75rem 0 1.25rem;
-      line-height: 1.6;
-    }
-    pre code { background: none; padding: 0; border: none; }
-    code {
-      font-family: var(--font-mono);
-      font-size: 0.88em;
-      background: var(--bg-elevated);
-      padding: 0.15rem 0.4rem;
-      border-radius: 4px;
-      border: 1px solid var(--border);
-      color: var(--text-bright);
-    }
-
-    details {
-      background: var(--bg-card);
-      border: 1px solid var(--border);
-      border-radius: 10px;
-      padding: 1rem 1.25rem;
-      margin-bottom: 0.75rem;
-    }
-    summary {
-      font-weight: 600;
-      color: var(--text-bright);
-      cursor: pointer;
-      user-select: none;
-      display: flex;
-      align-items: center;
-      gap: 0.5rem;
-      font-size: 0.95rem;
-    }
-    summary::marker { display: none; }
-    details[open] summary { margin-bottom: 0.75rem; }
-    details pre { margin-bottom: 0; }
-
-    .feature-grid {
-      display: grid;
-      grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
-      gap: 1rem;
-      margin-top: 1rem;
-    }
-    .feature-card {
-      background: var(--bg-card);
-      border: 1px solid var(--border);
-      border-radius: 10px;
-      padding: 1.25rem;
-      transition: border-color 0.15s, transform 0.15s;
-    }
-    .feature-card:hover {
-      border-color: var(--border-light);
-      transform: translateY(-2px);
-    }
-    .feature-card h3 {
-      font-size: 0.9rem;
-      color: var(--text-bright);
-      margin-bottom: 0.4rem;
-      font-family: var(--font-mono);
-    }
-    .feature-card p {
-      font-size: 0.85rem;
-      margin: 0;
-      line-height: 1.55;
-    }
-
-    footer {
-      border-top: 1px solid var(--border);
-      padding: 2.5rem 0 3.5rem;
-      text-align: center;
-      font-size: 0.85rem;
-      color: var(--text-muted);
-    }
-    footer .footer-links {
-      display: flex;
-      gap: 1.25rem;
-      justify-content: center;
-      flex-wrap: wrap;
-      margin-bottom: 1.25rem;
-      font-weight: 500;
-    }
-    .disclaimer {
-      font-style: italic;
-      opacity: 0.7;
-      margin-top: 0.75rem;
-    }
-
-    @media (max-width: 640px) {
-      .hero { padding: 3rem 0 2.5rem; }
-      .nav-links { gap: 0.9rem; font-size: 0.8rem; }
-      .terminal-body { font-size: 0.85rem; flex-wrap: wrap; }
-      .feature-grid { grid-template-columns: 1fr; }
-    }
-  </style>
-</head>
-<body>
-
-<nav>
-  <div class="container">
-    <div class="nav-brand">deepseek<span>-tui</span></div>
-    <ul class="nav-links">
-      <li><a href="#install">安装</a></li>
-      <li><a href="https://github.com/Hmbown/CodeWhale" target="_blank" rel="noopener">GitHub</a></li>
-      <li><a href="https://github.com/Hmbown/CodeWhale/tree/main/docs" target="_blank" rel="noopener">文档</a></li>
-      <li><a href="https://github.com/Hmbown/CodeWhale/issues" target="_blank" rel="noopener">社区</a></li>
-      <li><a href="../" class="lang-switch" title="Switch to English">EN</a></li>
-    </ul>
-  </div>
-</nav>
-
-<main class="container">
-
-  <div class="hero" id="install">
-    <div class="hero-badge"><span class="dot"></span>v0.8.45 现已发布</div>
-    <h1>面向 <span class="accent">DeepSeek&nbsp;V4</span><br>的最强智能体运行框架</h1>
-    <p class="lead">规则、工具、证据和反馈循环——帮助模型持续工作直到任务完成。100 万 token 上下文、思考模式流式推理、OS 级沙箱——单一二进制，零依赖。</p>
-
-    <div class="terminal">
-      <div class="terminal-header">
-        <span class="win-dot red"></span>
-        <span class="win-dot yellow"></span>
-        <span class="win-dot green"></span>
-        <span class="title">bash — zsh</span>
-      </div>
-      <div class="terminal-body">
-        <span class="prompt">$</span>
-        <span>npm i -g codewhale</span>
-        <span class="cursor"></span>
-        <button class="btn-copy" onclick="copyInstall()" id="copyBtn">复制</button>
-      </div>
-    </div>
-
-    <div class="hero-actions">
-      <a class="btn btn-primary" href="https://github.com/Hmbown/CodeWhale" target="_blank" rel="noopener">在 GitHub 上查看</a>
-      <a class="btn btn-secondary" href="https://github.com/sponsors/Hmbown" target="_blank" rel="noopener">GitHub 赞助</a>
-    </div>
-  </div>
-
-  <div class="screenshot-wrap">
-    <img src="https://raw.githubusercontent.com/Hmbown/CodeWhale/main/assets/screenshot.png" alt="DeepSeek TUI 截图" loading="lazy">
-  </div>
-
-  <section>
-    <h2><span class="icon">▸</span>框架如何工作</h2>
-    <div class="feature-grid">
-      <div class="feature-card">
-        <h3>宪政层级</h3>
-        <p>用户意图优先于陈旧记忆。实时证据优先于假设。每一轮都有清晰的权威链。</p>
-      </div>
-      <div class="feature-card">
-        <h3>结构化信任</h3>
-        <p>Plan（只读）、Agent（审批门控）、YOLO（自动批准）。OS 级沙箱支撑每一个边界。</p>
-      </div>
-      <div class="feature-card">
-        <h3>反馈节拍</h3>
-        <p>失败的命令和失败的测试不是死胡同——它们是模型可以逐轮调谐的信号。</p>
-      </div>
-      <div class="feature-card">
-        <h3>连续性</h3>
-        <p>记忆跨会话持久化。交接在压缩后仍然存活。会话可保存、恢复和分叉。</p>
-      </div>
-      <div class="feature-card">
-        <h3>分布式工作</h3>
-        <p>子智能体并发运行，一次最多 20 个。结果以结构化完成事件形式到达。</p>
-      </div>
-      <div class="feature-card">
-        <h3>适度智能</h3>
-        <p>Fin 处理路由和摘要，Pro 负责架构和调试。每个问题匹配恰当的智能量。</p>
-      </div>
-    </div>
-  </section>
-
-  <section id="china">
-    <h2><span class="icon">◎</span>中国大陆镜像安装指南</h2>
-    <p>如果从 GitHub 或 npm 下载较慢，请按以下方式选择最适合你的安装路径：</p>
-
-    <details open>
-      <summary>npm + 淘宝镜像（推荐，最简单）</summary>
-      <p>设置 npm 镜像后全局安装：</p>
-      <pre><code>npm config set registry https://registry.npmmirror.com
-npm install -g deepseek-tui</code></pre>
-      <p>npm 包在安装时会通过 <code>postinstall</code> 从 GitHub Releases 下载对应平台的二进制文件。如果这一步也很慢，可以设置二进制下载镜像地址：</p>
-      <pre><code>DEEPSEEK_TUI_RELEASE_BASE_URL=https://your-mirror.example.com \
-  npm install -g deepseek-tui</code></pre>
-    </details>
-
-    <details>
-      <summary>Cargo + 清华 TUNA 镜像</summary>
-      <p>在 <code>~/.cargo/config.toml</code> 中添加镜像配置：</p>
-      <pre><code>[source.crates-io]
-replace-with = "tuna"
-
-[source.tuna]
-registry = "sparse+https://mirrors.tuna.tsinghua.edu.cn/crates.io-index/"</code></pre>
-      <p>然后安装两个二进制文件（调度器在运行时会自动调用 TUI）：</p>
-      <pre><code>cargo install deepseek-tui-cli --locked   # 提供入口命令 deepseek
-cargo install deepseek-tui     --locked   # 提供交互式 TUI 二进制
-deepseek --version</code></pre>
-    </details>
-
-    <details>
-      <summary>从源码构建（Rustup 镜像）</summary>
-      <p>如果还没有安装 Rust，先通过清华镜像安装 rustup：</p>
-      <pre><code>export RUSTUP_DIST_SERVER=https://mirrors.tuna.tsinghua.edu.cn/rustup
-export RUSTUP_UPDATE_ROOT=https://mirrors.tuna.tsinghua.edu.cn/rustup/rustup
-curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh</code></pre>
-      <p>配置 Cargo 镜像后从源码构建：</p>
-      <pre><code>git clone https://github.com/Hmbown/CodeWhale.git
-cd CodeWhale
-cargo install --path crates/cli --locked
-cargo install --path crates/tui --locked</code></pre>
-    </details>
-
-    <details>
-      <summary>手动下载预编译二进制</summary>
-      <p>直接从 GitHub Releases 下载对应平台的二进制文件，放到 <code>PATH</code> 目录即可：</p>
-      <pre><code>mkdir -p ~/.local/bin
-curl -L -o ~/.local/bin/deepseek \
-  https://github.com/Hmbown/CodeWhale/releases/latest/download/deepseek-linux-x64
-curl -L -o ~/.local/bin/deepseek-tui \
-  https://github.com/Hmbown/CodeWhale/releases/latest/download/deepseek-tui-linux-x64
-chmod +x ~/.local/bin/deepseek ~/.local/bin/deepseek-tui</code></pre>
-      <p>macOS 用户将 <code>linux-x64</code> 替换为 <code>macos-arm64</code> 或 <code>macos-x64</code>，并将 <code>sha256sum</code> 替换为 <code>shasum -a 256</code>。</p>
-    </details>
-
-    <p style="margin-top:1rem;font-size:0.875rem;">完整平台安装指南：<a href="https://github.com/Hmbown/CodeWhale/blob/main/docs/INSTALL.md" target="_blank" rel="noopener">docs/INSTALL.md</a> · <a href="../../README.zh-CN.md">简体中文 README</a></p>
-  </section>
-
-</main>
-
-<footer>
-  <div class="container">
-    <div class="footer-links">
-      <a href="https://github.com/Hmbown/CodeWhale" target="_blank" rel="noopener">GitHub</a>
-      <a href="https://github.com/Hmbown/CodeWhale/tree/main/docs" target="_blank" rel="noopener">文档</a>
-      <a href="https://github.com/Hmbown/CodeWhale/issues" target="_blank" rel="noopener">Issues</a>
-      <a href="https://github.com/sponsors/Hmbown" target="_blank" rel="noopener">GitHub 赞助</a>
-      <a href="mailto:security@deepseek-tui.com">安全</a>
-    </div>
-    <p class="disclaimer">本项目与 DeepSeek Inc. 无隶属关系。</p>
-    <p style="margin-top:0.75rem;">&copy; DeepSeek TUI contributors. MIT License.</p>
-  </div>
-</footer>
-
-<script>
-  function copyInstall() {
-    navigator.clipboard.writeText('npm i -g codewhale').then(() => {
-      const btn = document.getElementById('copyBtn');
-      btn.textContent = '已复制';
-      btn.classList.add('copied');
-      setTimeout(() => { btn.textContent = '复制'; btn.classList.remove('copied'); }, 1800);
-    });
-  }
-</script>
-
-</body>
-</html>

From 003a81d37dab75824c6da8c7e21204e816e2ad13 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 11:21:18 -0500
Subject: [PATCH 074/283] test: align macos CI assertions

---
 crates/tui/src/theme_qa_audit.rs | 16 +++++-----
 crates/tui/src/tui/app.rs        | 54 +++++++++++++++++---------------
 2 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/crates/tui/src/theme_qa_audit.rs b/crates/tui/src/theme_qa_audit.rs
index a19da7e3..37c1435a 100644
--- a/crates/tui/src/theme_qa_audit.rs
+++ b/crates/tui/src/theme_qa_audit.rs
@@ -12,7 +12,9 @@
 mod tests {
     use crate::palette::{
         CATPPUCCIN_MOCHA_UI_THEME, DRACULA_UI_THEME, GRAYSCALE_UI_THEME, GRUVBOX_DARK_UI_THEME,
-        LIGHT_UI_THEME, TOKYO_NIGHT_UI_THEME, UI_THEME, UiTheme,
+        LIGHT_UI_THEME, TOKYO_NIGHT_UI_THEME, UI_THEME, UiTheme, WHALE_ACCENT_ACTION_RGB,
+        WHALE_ACCENT_PRIMARY_RGB, WHALE_ACCENT_SECONDARY_RGB, WHALE_BG_RGB, WHALE_TEXT_BODY_RGB,
+        WHALE_TEXT_MUTED_RGB,
     };
     use ratatui::style::Color;
 
@@ -288,30 +290,30 @@ mod tests {
     fn whale_dark_uses_proposed_palette() {
         // Issue #2012: verify the default Whale dark uses proposed tokens.
         let t = UI_THEME;
-        assert_eq!(rgb(t.surface_bg), Some((13, 21, 37)), "Deep Navy #0D1525");
+        assert_eq!(rgb(t.surface_bg), Some(WHALE_BG_RGB), "Deep Navy #0A1120");
         assert_eq!(
             rgb(t.text_body),
-            Some((246, 242, 232)),
+            Some(WHALE_TEXT_BODY_RGB),
             "Whale Ivory #F6F2E8"
         );
         assert_eq!(
             rgb(t.text_muted),
-            Some((169, 180, 199)),
+            Some(WHALE_TEXT_MUTED_RGB),
             "Mist Gray #A9B4C7"
         );
         assert_eq!(
             rgb(t.accent_primary),
-            Some((246, 196, 83)),
+            Some(WHALE_ACCENT_PRIMARY_RGB),
             "Signal Gold #F6C453"
         );
         assert_eq!(
             rgb(t.accent_secondary),
-            Some((79, 209, 197)),
+            Some(WHALE_ACCENT_SECONDARY_RGB),
             "Seafoam #4FD1C5"
         );
         assert_eq!(
             rgb(t.accent_action),
-            Some((255, 122, 89)),
+            Some(WHALE_ACCENT_ACTION_RGB),
             "Coral Spark #FF7A59"
         );
         assert_eq!(rgb(t.error_fg), Some((255, 92, 122)), "Rose Red #FF5C7A");
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 884242c4..2c3ec0c9 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -3145,13 +3145,10 @@ impl App {
             self.insert_str(&normalized);
         }
         self.paste_burst.clear_after_explicit_paste();
-        // Visible-before-submit consolidation: when the post-paste input
-        // is over the cap, swap it for an @paste-…md mention immediately
-        // (instead of waiting until the user presses Enter and getting
-        // surprised by an auto-sent @mention). The same logic runs as a
-        // safety-net at submit time so any other code path that fills
-        // self.input above the cap still consolidates rather than
-        // silently truncating.
+        // Large pasted input stays editable and visible until submit. The
+        // submit-time safety net consolidates oversized composer content into
+        // an @paste-...md mention before dispatch, so no path silently
+        // truncates user input.
         // self.consolidate_large_input_if_oversized(); // deferred to submit time
     }
 
@@ -5324,12 +5321,10 @@ mod tests {
     }
 
     #[test]
-    fn paste_consolidates_oversized_text_into_paste_file_visibly() {
-        // Visible-before-submit consolidation (paste UX): when a single
-        // bracketed paste exceeds the safety cap, the @mention must
-        // replace the input *immediately*, so the user sees what's
-        // about to be sent before pressing Enter — not as a side effect
-        // of submit.
+    fn paste_defers_oversized_text_consolidation_until_submit() {
+        // #2168: a large paste stays inline so the user can still edit it.
+        // Submit-time consolidation then writes the paste file and sends the
+        // @mention instead of the raw oversized content.
         let tmp = tempfile::TempDir::new().expect("tempdir");
         let mut opts = test_options(false);
         opts.workspace = tmp.path().to_path_buf();
@@ -5338,26 +5333,35 @@ mod tests {
 
         app.insert_paste_text(&full_content);
 
-        // Composer should now contain the @mention, not the full text.
-        assert!(
-            app.input.starts_with("@.deepseek/pastes/paste-") && app.input.ends_with(".md"),
-            "expected @mention in composer after large paste, got: {}",
-            app.input
-        );
-        // The cursor moves to the end of the @mention.
+        assert_eq!(app.input, full_content);
         assert_eq!(app.cursor_position, app.input.chars().count());
-        // The paste file must exist with the full content.
-        let rel_path = &app.input[1..];
+        let pastes_dir = tmp.path().join(".deepseek/pastes");
+        assert!(
+            !pastes_dir.exists() || std::fs::read_dir(&pastes_dir).unwrap().next().is_none(),
+            "paste file should not be written before submit"
+        );
+        assert!(
+            app.status_toasts
+                .iter()
+                .all(|toast| !toast.text.contains("consolidated")),
+            "consolidation toast should not appear before submit"
+        );
+
+        let submitted = app.submit_input().expect("expected submitted input");
+        assert!(
+            submitted.starts_with("@.deepseek/pastes/paste-") && submitted.ends_with(".md"),
+            "expected @mention after submit, got: {submitted}"
+        );
+        let rel_path = &submitted[1..];
         let abs = tmp.path().join(rel_path);
         assert!(abs.is_file(), "paste file must exist at {abs:?}");
         let written = std::fs::read_to_string(&abs).expect("read");
         assert_eq!(written, full_content);
-        // A toast confirms what happened so the user isn't surprised.
         assert!(
             app.status_toasts
                 .iter()
-                .any(|t| t.text.contains("consolidated")),
-            "expected consolidation toast"
+                .any(|toast| toast.text.contains("consolidated")),
+            "expected consolidation toast after submit"
         );
     }
 

From 586f3f325e0808f2e14ee9e117187248c5d59c3b Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 11:32:31 -0500
Subject: [PATCH 075/283] test: align windows notification fallback

---
 crates/tui/src/tui/notifications.rs | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/crates/tui/src/tui/notifications.rs b/crates/tui/src/tui/notifications.rs
index d2b068e8..4db152fe 100644
--- a/crates/tui/src/tui/notifications.rs
+++ b/crates/tui/src/tui/notifications.rs
@@ -8,8 +8,8 @@
 //! - **BEL** — audible bell (`\x07`) as a last-resort fallback.
 //!
 //! When `method = "auto"`, the resolver picks the best method for the
-//! current terminal; Windows falls back to `Off` to avoid the error chime
-//! (#583).
+//! current terminal; Windows falls back to `Bel`, which is routed through
+//! `MessageBeep(MB_OK)` for an audible default notification sound.
 
 #[cfg(target_os = "windows")]
 use windows::Win32::System::Diagnostics::Debug::MessageBeep;
@@ -68,7 +68,7 @@ fn windows_bell() {
 /// - `$TERM` contains `ghostty` → `Osc9` (cmux etc.)
 /// - `$TERM` contains `kitty` → `Kitty`
 /// - Unix unknown → `Bel`
-/// - Windows unknown → `Off`
+/// - Windows unknown → `Bel`
 #[must_use]
 fn resolve_method() -> Method {
     let term_program = std::env::var("TERM_PROGRAM").unwrap_or_default();
@@ -199,8 +199,8 @@ pub fn notify_done_to<W: Write>(
 ///
 /// With `method = Auto`, selects the best protocol for the current terminal
 /// (OSC 9, Kitty OSC 99, Ghostty OSC 777, or Bel). The unknown-terminal
-/// fallback is platform-aware — `Bel` on macOS / Linux, `Off` on Windows
-/// (where BEL maps to the `SystemAsterisk` / `MB_OK` error chime, #583).
+/// fallback is platform-aware: `Bel` on every platform, with Windows routing
+/// it through `MessageBeep(MB_OK)` for a default system notification sound.
 /// See [`resolve_method`] for the canonical resolution table. Pass
 /// `in_tmux = true` (i.e. `$TMUX` is non-empty at runtime) to wrap OSC
 /// sequences in a DCS passthrough.
@@ -620,7 +620,9 @@ mod tests {
     /// when the test harness runs them in parallel threads.
     fn env_lock() -> std::sync::MutexGuard<'static, ()> {
         static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
-        LOCK.get_or_init(|| Mutex::new(())).lock().unwrap()
+        LOCK.get_or_init(|| Mutex::new(()))
+            .lock()
+            .unwrap_or_else(|poisoned| poisoned.into_inner())
     }
 
     fn capture(
@@ -827,12 +829,11 @@ mod tests {
         assert_eq!(resolved, Method::Bel);
     }
 
-    /// #583: on Windows, an unknown TERM_PROGRAM resolves to `Off`
-    /// (not `Bel`) so the post-turn notification doesn't ring the
-    /// `SystemAsterisk` / `MB_OK` chime.
+    /// #2166: on Windows, an unknown TERM_PROGRAM resolves to `Bel` so
+    /// `windows_bell()` can route the notification through `MessageBeep`.
     #[test]
     #[cfg(target_os = "windows")]
-    fn auto_detect_picks_off_for_unknown_on_windows() {
+    fn auto_detect_picks_bel_for_unknown_on_windows() {
         let _lock = env_lock();
         let prev = std::env::var_os("TERM_PROGRAM");
         // SAFETY: test-only; serialised by env_lock().
@@ -845,7 +846,7 @@ mod tests {
                 None => std::env::remove_var("TERM_PROGRAM"),
             }
         }
-        assert_eq!(resolved, Method::Off);
+        assert_eq!(resolved, Method::Bel);
     }
 
     /// #583: known OSC-9 terminals must still resolve to `Osc9` on

From 2ef1c3666f4e3c7d8bc38c63a3de77bd7abe8063 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 11:52:48 -0500
Subject: [PATCH 076/283] chore: bump release lane to 0.8.46

---
 CHANGELOG.md                  |  5 +++--
 Cargo.lock                    | 28 ++++++++++++++--------------
 Cargo.toml                    |  2 +-
 crates/agent/Cargo.toml       |  2 +-
 crates/app-server/Cargo.toml  | 18 +++++++++---------
 crates/cli/Cargo.toml         | 14 +++++++-------
 crates/config/Cargo.toml      |  2 +-
 crates/core/Cargo.toml        | 16 ++++++++--------
 crates/execpolicy/Cargo.toml  |  2 +-
 crates/hooks/Cargo.toml       |  2 +-
 crates/tools/Cargo.toml       |  2 +-
 crates/tui/CHANGELOG.md       |  5 +++--
 crates/tui/Cargo.toml         |  6 +++---
 npm/codewhale/package.json    |  4 ++--
 npm/deepseek-tui/package.json |  2 +-
 15 files changed, 56 insertions(+), 54 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f62e7bfd..6c266c89 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -83,7 +83,7 @@ Thanks to new contributors whose PRs landed in this release:
 **@zhuangbiaowei** (#2145),
 **@aboimpinto** (#1872),
 and continuing contributors **@reidliu41**, **@cyq1017**, **@idling11**,
-**@h3c-hexin**, **@wdw8276**, and **@zlh124**.
+**@h3c-hexin**, **@wdw8276**, **@zlh124**, and **@jeoor**.
 
 ## [0.8.45] - 2026-05-25
 
@@ -4968,7 +4968,8 @@ Welcome — and thank you.
 - Hooks system and config profiles
 - Example skills and launch assets
 
-[Unreleased]: https://github.com/Hmbown/CodeWhale/compare/v0.8.45...HEAD
+[Unreleased]: https://github.com/Hmbown/CodeWhale/compare/v0.8.46...HEAD
+[0.8.46]: https://github.com/Hmbown/CodeWhale/compare/v0.8.45...v0.8.46
 [0.8.45]: https://github.com/Hmbown/CodeWhale/compare/v0.8.44...v0.8.45
 [0.8.44]: https://github.com/Hmbown/CodeWhale/compare/v0.8.43...v0.8.44
 [0.8.43]: https://github.com/Hmbown/CodeWhale/compare/v0.8.42...v0.8.43
diff --git a/Cargo.lock b/Cargo.lock
index 7dbc5d6c..83777fd1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -803,7 +803,7 @@ checksum = "e9b18233253483ce2f65329a24072ec414db782531bdbb7d0bbc4bd2ce6b7e21"
 
 [[package]]
 name = "codewhale-agent"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "codewhale-config",
  "serde",
@@ -811,7 +811,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-app-server"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "axum",
@@ -836,7 +836,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-cli"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "chrono",
@@ -862,7 +862,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-config"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "codewhale-secrets",
@@ -875,7 +875,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-core"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "chrono",
@@ -893,7 +893,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-execpolicy"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "codewhale-protocol",
@@ -902,7 +902,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-hooks"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -916,7 +916,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-mcp"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "serde",
@@ -925,7 +925,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-protocol"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "serde",
  "serde_json",
@@ -933,7 +933,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-secrets"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "dirs",
  "keyring",
@@ -946,7 +946,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-state"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "chrono",
@@ -958,7 +958,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-tools"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -971,7 +971,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-tui"
-version = "0.8.45"
+version = "0.8.46"
 dependencies = [
  "anyhow",
  "arboard",
@@ -1037,7 +1037,7 @@ dependencies = [
 
 [[package]]
 name = "codewhale-tui-core"
-version = "0.8.45"
+version = "0.8.46"
 
 [[package]]
 name = "colorchoice"
diff --git a/Cargo.toml b/Cargo.toml
index ac727f04..dae89151 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,7 +19,7 @@ default-members = ["crates/cli", "crates/app-server", "crates/tui"]
 resolver = "2"
 
 [workspace.package]
-version = "0.8.45"
+version = "0.8.46"
 edition = "2024"
 # Rust 1.88 stabilized `let_chains` in `if`/`while` conditions, which the
 # codebase relies on extensively. Cargo enforces this so users on older
diff --git a/crates/agent/Cargo.toml b/crates/agent/Cargo.toml
index dc402892..4f98a69c 100644
--- a/crates/agent/Cargo.toml
+++ b/crates/agent/Cargo.toml
@@ -7,5 +7,5 @@ repository.workspace = true
 description = "Model/provider registry and fallback strategy for DeepSeek workspace architecture"
 
 [dependencies]
-codewhale-config = { path = "../config", version = "0.8.45" }
+codewhale-config = { path = "../config", version = "0.8.46" }
 serde.workspace = true
diff --git a/crates/app-server/Cargo.toml b/crates/app-server/Cargo.toml
index d683abf4..09dd8643 100644
--- a/crates/app-server/Cargo.toml
+++ b/crates/app-server/Cargo.toml
@@ -10,15 +10,15 @@ description = "Codex-style app-server transport for DeepSeek workspace architect
 anyhow.workspace = true
 axum.workspace = true
 clap.workspace = true
-codewhale-agent = { path = "../agent", version = "0.8.45" }
-codewhale-config = { path = "../config", version = "0.8.45" }
-codewhale-core = { path = "../core", version = "0.8.45" }
-codewhale-execpolicy = { path = "../execpolicy", version = "0.8.45" }
-codewhale-hooks = { path = "../hooks", version = "0.8.45" }
-codewhale-mcp = { path = "../mcp", version = "0.8.45" }
-codewhale-protocol = { path = "../protocol", version = "0.8.45" }
-codewhale-state = { path = "../state", version = "0.8.45" }
-codewhale-tools = { path = "../tools", version = "0.8.45" }
+codewhale-agent = { path = "../agent", version = "0.8.46" }
+codewhale-config = { path = "../config", version = "0.8.46" }
+codewhale-core = { path = "../core", version = "0.8.46" }
+codewhale-execpolicy = { path = "../execpolicy", version = "0.8.46" }
+codewhale-hooks = { path = "../hooks", version = "0.8.46" }
+codewhale-mcp = { path = "../mcp", version = "0.8.46" }
+codewhale-protocol = { path = "../protocol", version = "0.8.46" }
+codewhale-state = { path = "../state", version = "0.8.46" }
+codewhale-tools = { path = "../tools", version = "0.8.46" }
 serde.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index e2006806..59d4da18 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -25,13 +25,13 @@ path = "src/bin/deepseek_legacy_shim.rs"
 anyhow.workspace = true
 clap.workspace = true
 clap_complete.workspace = true
-codewhale-agent = { path = "../agent", version = "0.8.45" }
-codewhale-app-server = { path = "../app-server", version = "0.8.45" }
-codewhale-config = { path = "../config", version = "0.8.45" }
-codewhale-execpolicy = { path = "../execpolicy", version = "0.8.45" }
-codewhale-mcp = { path = "../mcp", version = "0.8.45" }
-codewhale-secrets = { path = "../secrets", version = "0.8.45" }
-codewhale-state = { path = "../state", version = "0.8.45" }
+codewhale-agent = { path = "../agent", version = "0.8.46" }
+codewhale-app-server = { path = "../app-server", version = "0.8.46" }
+codewhale-config = { path = "../config", version = "0.8.46" }
+codewhale-execpolicy = { path = "../execpolicy", version = "0.8.46" }
+codewhale-mcp = { path = "../mcp", version = "0.8.46" }
+codewhale-secrets = { path = "../secrets", version = "0.8.46" }
+codewhale-state = { path = "../state", version = "0.8.46" }
 chrono.workspace = true
 dirs.workspace = true
 serde.workspace = true
diff --git a/crates/config/Cargo.toml b/crates/config/Cargo.toml
index 912d5ed8..4fbdb03c 100644
--- a/crates/config/Cargo.toml
+++ b/crates/config/Cargo.toml
@@ -8,7 +8,7 @@ description = "Config schema and precedence model for DeepSeek workspace archite
 
 [dependencies]
 anyhow.workspace = true
-codewhale-secrets = { path = "../secrets", version = "0.8.45" }
+codewhale-secrets = { path = "../secrets", version = "0.8.46" }
 dirs.workspace = true
 serde.workspace = true
 serde_json.workspace = true
diff --git a/crates/core/Cargo.toml b/crates/core/Cargo.toml
index c9d602f4..45853186 100644
--- a/crates/core/Cargo.toml
+++ b/crates/core/Cargo.toml
@@ -9,13 +9,13 @@ description = "Core runtime boundaries for DeepSeek workspace architecture"
 [dependencies]
 anyhow.workspace = true
 chrono.workspace = true
-codewhale-agent = { path = "../agent", version = "0.8.45" }
-codewhale-config = { path = "../config", version = "0.8.45" }
-codewhale-execpolicy = { path = "../execpolicy", version = "0.8.45" }
-codewhale-hooks = { path = "../hooks", version = "0.8.45" }
-codewhale-mcp = { path = "../mcp", version = "0.8.45" }
-codewhale-protocol = { path = "../protocol", version = "0.8.45" }
-codewhale-state = { path = "../state", version = "0.8.45" }
-codewhale-tools = { path = "../tools", version = "0.8.45" }
+codewhale-agent = { path = "../agent", version = "0.8.46" }
+codewhale-config = { path = "../config", version = "0.8.46" }
+codewhale-execpolicy = { path = "../execpolicy", version = "0.8.46" }
+codewhale-hooks = { path = "../hooks", version = "0.8.46" }
+codewhale-mcp = { path = "../mcp", version = "0.8.46" }
+codewhale-protocol = { path = "../protocol", version = "0.8.46" }
+codewhale-state = { path = "../state", version = "0.8.46" }
+codewhale-tools = { path = "../tools", version = "0.8.46" }
 serde_json.workspace = true
 uuid.workspace = true
diff --git a/crates/execpolicy/Cargo.toml b/crates/execpolicy/Cargo.toml
index 16b09697..acf2ce21 100644
--- a/crates/execpolicy/Cargo.toml
+++ b/crates/execpolicy/Cargo.toml
@@ -8,5 +8,5 @@ description = "Execution policy and approval model parity for DeepSeek workspace
 
 [dependencies]
 anyhow.workspace = true
-codewhale-protocol = { path = "../protocol", version = "0.8.45" }
+codewhale-protocol = { path = "../protocol", version = "0.8.46" }
 serde.workspace = true
diff --git a/crates/hooks/Cargo.toml b/crates/hooks/Cargo.toml
index 4f657cd0..a6a3600e 100644
--- a/crates/hooks/Cargo.toml
+++ b/crates/hooks/Cargo.toml
@@ -10,7 +10,7 @@ description = "Hook dispatch and notifications parity for DeepSeek workspace arc
 anyhow.workspace = true
 async-trait.workspace = true
 chrono.workspace = true
-codewhale-protocol = { path = "../protocol", version = "0.8.45" }
+codewhale-protocol = { path = "../protocol", version = "0.8.46" }
 reqwest.workspace = true
 serde.workspace = true
 serde_json.workspace = true
diff --git a/crates/tools/Cargo.toml b/crates/tools/Cargo.toml
index 464ce47e..2be5cc0d 100644
--- a/crates/tools/Cargo.toml
+++ b/crates/tools/Cargo.toml
@@ -9,7 +9,7 @@ description = "Tool invocation lifecycle, schema validation, and scheduler paral
 [dependencies]
 anyhow.workspace = true
 async-trait.workspace = true
-codewhale-protocol = { path = "../protocol", version = "0.8.45" }
+codewhale-protocol = { path = "../protocol", version = "0.8.46" }
 serde.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md
index f62e7bfd..6c266c89 100644
--- a/crates/tui/CHANGELOG.md
+++ b/crates/tui/CHANGELOG.md
@@ -83,7 +83,7 @@ Thanks to new contributors whose PRs landed in this release:
 **@zhuangbiaowei** (#2145),
 **@aboimpinto** (#1872),
 and continuing contributors **@reidliu41**, **@cyq1017**, **@idling11**,
-**@h3c-hexin**, **@wdw8276**, and **@zlh124**.
+**@h3c-hexin**, **@wdw8276**, **@zlh124**, and **@jeoor**.
 
 ## [0.8.45] - 2026-05-25
 
@@ -4968,7 +4968,8 @@ Welcome — and thank you.
 - Hooks system and config profiles
 - Example skills and launch assets
 
-[Unreleased]: https://github.com/Hmbown/CodeWhale/compare/v0.8.45...HEAD
+[Unreleased]: https://github.com/Hmbown/CodeWhale/compare/v0.8.46...HEAD
+[0.8.46]: https://github.com/Hmbown/CodeWhale/compare/v0.8.45...v0.8.46
 [0.8.45]: https://github.com/Hmbown/CodeWhale/compare/v0.8.44...v0.8.45
 [0.8.44]: https://github.com/Hmbown/CodeWhale/compare/v0.8.43...v0.8.44
 [0.8.43]: https://github.com/Hmbown/CodeWhale/compare/v0.8.42...v0.8.43
diff --git a/crates/tui/Cargo.toml b/crates/tui/Cargo.toml
index 2ffdde9e..6aa5486c 100644
--- a/crates/tui/Cargo.toml
+++ b/crates/tui/Cargo.toml
@@ -27,9 +27,9 @@ path = "src/bin/deepseek_tui_legacy_shim.rs"
 [dependencies]
 anyhow = "1.0.100"
 arboard = "3.4"
-codewhale-config = { path = "../config", version = "0.8.45" }
-codewhale-secrets = { path = "../secrets", version = "0.8.45" }
-codewhale-tools = { path = "../tools", version = "0.8.45" }
+codewhale-config = { path = "../config", version = "0.8.46" }
+codewhale-secrets = { path = "../secrets", version = "0.8.46" }
+codewhale-tools = { path = "../tools", version = "0.8.46" }
 schemaui = { version = "0.12.0", default-features = false, optional = true }
 async-stream = "0.3.6"
 async-trait = "0.1"
diff --git a/npm/codewhale/package.json b/npm/codewhale/package.json
index c8a402f8..5413ba70 100644
--- a/npm/codewhale/package.json
+++ b/npm/codewhale/package.json
@@ -1,7 +1,7 @@
 {
   "name": "codewhale",
-  "version": "0.8.45",
-  "codewhaleBinaryVersion": "0.8.45",
+  "version": "0.8.46",
+  "codewhaleBinaryVersion": "0.8.46",
   "description": "Install and run CodeWhale, the agentic terminal for open-source and open-weight coding models, from GitHub release artifacts.",
   "author": "Hmbown",
   "license": "MIT",
diff --git a/npm/deepseek-tui/package.json b/npm/deepseek-tui/package.json
index b99f9a15..75462031 100644
--- a/npm/deepseek-tui/package.json
+++ b/npm/deepseek-tui/package.json
@@ -1,6 +1,6 @@
 {
   "name": "deepseek-tui",
-  "version": "0.8.45",
+  "version": "0.8.46",
   "description": "Legacy compatibility package. Renamed to `codewhale`; run `npm install -g codewhale` for new installs.",
   "author": "Hmbown",
   "license": "MIT",

From e59925f8f1ca1986da5e4f048caa78e36d7242f8 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 12:06:31 -0500
Subject: [PATCH 077/283] =?UTF-8?q?chore:=20finalize=20v0.8.46=20release?=
 =?UTF-8?q?=20=E2=80=94=20docs=20refresh,=20web=20branding,=20redirect=20w?=
 =?UTF-8?q?orker?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update all three READMEs with binary-pair install instructions
- Update INSTALL.md for platform archive + binary pair language
- Regenerate facts.generated.ts for v0.8.46 (14 crates, 70 tools)
- Rename CF worker project to codewhale-web, add codewhale.net routes
- Add web/redirect worker for deepseek-tui.com → codewhale.net
---
 README.ja-JP.md             |  93 +++++++--------------------------
 README.md                   | 100 ++++++------------------------------
 README.zh-CN.md             |  95 ++++++----------------------------
 docs/INSTALL.md             |   6 +--
 web/lib/facts.generated.ts  |   4 +-
 web/redirect/src/index.ts   |   7 +++
 web/redirect/wrangler.jsonc |  11 ++++
 web/wrangler.jsonc          |   8 ++-
 8 files changed, 77 insertions(+), 247 deletions(-)
 create mode 100644 web/redirect/src/index.ts
 create mode 100644 web/redirect/wrangler.jsonc

diff --git a/README.ja-JP.md b/README.ja-JP.md
index 75b3ef0e..813cefea 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -1,31 +1,33 @@
 # 🐳 CodeWhale
 
-> **このターミナルネイティブのコーディングエージェントは、DeepSeek V4 の 100 万トークンのコンテキストウィンドウとプレフィックスキャッシュ機能を中心に構築されています。単一のバイナリとして配布され、Node.js や Python のランタイムは不要です。MCP クライアント、サンドボックス、永続的なタスクキューも標準で同梱されています。**
+> **このターミナルネイティブのコーディングエージェントは、DeepSeek V4 の 100 万トークンのコンテキストウィンドウとプレフィックスキャッシュ機能を中心に構築されています。`codewhale` ディスパッチャーと `codewhale-tui` ランタイムの Rust バイナリペアとして配布され、Node.js や Python のランタイムは不要です。MCP クライアント、サンドボックス、永続的なタスクキューも標準で同梱されています。**
 
 [English README](README.md)
 [简体中文 README](README.zh-CN.md)
 
 ## インストール
 
-`codewhale` は自己完結型の Rust バイナリとして提供されており、**実行に Node.js や Python のランタイムは必要ありません。** すでにマシンにインストールされているものを選んでください。いずれの方法でも同じバイナリが `PATH` に配置されます。
+`codewhale` は自己完結型の Rust リリースバイナリのペアとしてインストールされます。`codewhale` はディスパッチャーで、同じ場所にある `codewhale-tui` ランタイムを起動して対話セッションを実行します。npm、Homebrew、Docker は両方を自動でインストールします。Cargo や手動インストールでは、両方を同じディレクトリ（通常は `PATH` 上のディレクトリ）に置いてください。実行に Node.js や Python のランタイムは不要です。
 
 ```bash
 # 1. npm — すでに Node を使っているなら最も簡単。npm パッケージは
-#    GitHub Releases から対応するビルド済みバイナリをダウンロードする
+#    GitHub Releases から対応するビルド済みバイナリペアをダウンロードする
 #    薄いインストーラーであり、codewhale 本体に Node ランタイム依存を加えるものではありません。
 npm install -g codewhale
 
-# 2. Cargo — Node 不要。
+# 2. Cargo — Node 不要。2 つの crate を両方インストールします。
 cargo install codewhale-cli --locked   # `codewhale` (エントリーポイント)
 cargo install codewhale-tui     --locked   # `codewhale-tui` (TUI バイナリ)
 
 # 3. Homebrew — macOS パッケージマネージャ。
+#    tap/formula 名は旧名のままですが、codewhale と codewhale-tui をインストールします。
 brew tap Hmbown/deepseek-tui
 brew install deepseek-tui
 
-# 4. 直接ダウンロード — Node もツールチェーンも不要。
+# 4. 直接ダウンロード — GitHub Releases のプラットフォームアーカイブ。
 #    https://github.com/Hmbown/CodeWhale/releases
-#    Linux x64/ARM64、macOS x64/ARM64、Windows x64 向けのビルド済みバイナリがあります。
+#    アーカイブには codewhale と codewhale-tui とインストールスクリプトが含まれます。
+#    個別バイナリもスクリプト用に添付されています。手動ではペアを同じ場所に置いてください。
 
 # 5. Docker — ビルド済みリリースイメージ。
 docker volume create codewhale-home
@@ -72,73 +74,9 @@ CodeWhale はそのハーネスであり、DeepSeek V4 を中心に構築され
 | **明確な管轄権** | 9階層の権威を持つ成文憲法。ユーザーの意図が古い指示より優先。検証が自信より優先。 |
 | **再帰的改善** | V4 がハーネスの一部を書いた。ハーネスが改善されると V4 はより効果的になり、さらにハーネスを改善する。毎ターンがより強くなる。 |
 
-オープンソース、単一バイナリ完結、ターミナルのために構築。
+オープンソース、ターミナルネイティブ、`codewhale` / `codewhale-tui` の Rust バイナリペアとして提供されています。
 
-
-## インストール
-
-`codewhale` は自己完結型の Rust バイナリとして提供されており、**実行に Node.js や Python のランタイムは必要ありません。** すでにマシンにインストールされているものを選んでください。いずれの方法でも同じバイナリが `PATH` に配置されます。
-
-```bash
-# 1. npm — すでに Node を使っているなら最も簡単。npm パッケージは
-#    GitHub Releases から対応するビルド済みバイナリをダウンロードする
-#    薄いインストーラーであり、codewhale 本体に Node ランタイム依存を加えるものではありません。
-npm install -g codewhale
-
-# 2. Cargo — Node 不要。
-cargo install codewhale-cli --locked   # `codewhale` (エントリーポイント)
-cargo install codewhale-tui     --locked   # `codewhale-tui` (TUI バイナリ)
-
-# 3. Homebrew — macOS パッケージマネージャ。
-brew tap Hmbown/deepseek-tui
-brew install deepseek-tui
-
-# 4. 直接ダウンロード — Node もツールチェーンも不要。
-#    https://github.com/Hmbown/CodeWhale/releases
-#    Linux x64/ARM64、macOS x64/ARM64、Windows x64 向けのビルド済みバイナリがあります。
-
-# 5. Docker — ビルド済みリリースイメージ。
-docker volume create codewhale-home
-docker run --rm -it \
-  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-  -v codewhale-home:/home/codewhale/.deepseek \
-  -v "$PWD:/workspace" \
-  -w /workspace \
-  ghcr.io/hmbown/codewhale:latest
-```
-
-> 中国本土では、`--registry=https://registry.npmmirror.com` を指定して npm 経由のダウンロードを高速化するか、下記の[Cargo ミラー](#中国--ミラーフレンドリーなインストール)を利用してください。
-
-既にインストール済みの場合は、インストール方法に合わせて更新してください:
-
-```bash
-codewhale update
-npm install -g codewhale@latest
-brew update && brew upgrade deepseek-tui
-cargo install codewhale-cli --locked --force
-cargo install codewhale-tui     --locked --force
-```
-
-[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
-[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
-[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
-[![DeepWiki](https://img.shields.io/badge/DeepWiki-Ask_AI-_.svg?style=flat&color=0052D9&labelColor=000000&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACwAAAAyCAYAAAAnWDnqAAAAAXNSR0IArs4c6QAAA05JREFUaEPtmUtyEzEQhtWTQyQLHNak2AB7ZnyXZMEjXMGeK/AIi+QuHrMnbChYY7MIh8g01fJoopFb0uhhEqqcbWTp06/uv1saEDv4O3n3dV60RfP947Mm9/SQc0ICFQgzfc4CYZoTPAswgSJCCUJUnAAoRHOAUOcATwbmVLWdGoH//PB8mnKqScAhsD0kYP3j/Yt5LPQe2KvcXmGvRHcDnpxfL2zOYJ1mFwrryWTz0advv1Ut4CJgf5uhDuDj5eUcAUoahrdY/56ebRWeraTjMt/00Sh3UDtjgHtQNHwcRGOC98BJEAEymycmYcWwOprTgcB6VZ5JK5TAJ+fXGLBm3FDAmn6oPPjR4rKCAoJCal2eAiQp2x0vxTPB3ALO2CRkwmDy5WohzBDwSEFKRwPbknEggCPB/imwrycgxX2NzoMCHhPkDwqYMr9tRcP5qNrMZHkVnOjRMWwLCcr8ohBVb1OMjxLwGCvjTikrsBOiA6fNyCrm8V1rP93iVPpwaE+gO0SsWmPiXB+jikdf6SizrT5qKasx5j8ABbHpFTx+vFXp9EnYQmLx02h1QTTrl6eDqxLnGjporxl3NL3agEvXdT0WmEost648sQOYAeJS9Q7bfUVoMGnjo4AZdUMQku50McDcMWcBPvr0SzbTAFDfvJqwLzgxwATnCgnp4wDl6Aa+Ax283gghmj+vj7feE2KBBRMW3FzOpLOADl0Isb5587h/U4gGvkt5v60Z1VLG8BhYjbzRwyQZemwAd6cCR5/XFWLYZRIMpX39AR0tjaGGiGzLVyhse5C9RKC6ai42ppWPKiBagOvaYk8lO7DajerabOZP46Lby5wKjw1HCRx7p9sVMOWGzb/vA1hwiWc6jm3MvQDTogQkiqIhJV0nBQBTU+3okKCFDy9WwferkHjtxib7t3xIUQtHxnIwtx4mpg26/HfwVNVDb4oI9RHmx5WGelRVlrtiw43zboCLaxv46AZeB3IlTkwouebTr1y2NjSpHz68WNFjHvupy3q8TFn3Hos2IAk4Ju5dCo8B3wP7VPr/FGaKiG+T+v+TQqIrOqMTL1VdWV1DdmcbO8KXBz6esmYWYKPwDL5b5FA1a0hwapHiom0r/cKaoqr+27/XcrS5UwSMbQAAAABJRU5ErkJggg==)](https://deepwiki.com/Hmbown/CodeWhale)
-
-<a href="https://www.buymeacoffee.com/hmbown" target="_blank"><img src="https://img.shields.io/badge/Buy%20me%20a%20coffee-5F7FFF?style=for-the-badge&logo=buymeacoffee&logoColor=white" alt="Buy me a coffee" /></a>
-
-![codewhale スクリーンショット](assets/screenshot.png)
-
----
-
-## codewhale とは？
-
-モデルは質問に答えます。エージェントはタスクを完了します。その差がハーネス——モデルを取り巻くルール、ツール、証拠、フィードバックループという動作環境です。
-
-CodeWhale はそのハーネスであり、DeepSeek V4 Pro と Flash のために構築されました。メンテナがモデルがタスクの途中で方向を見失ったり、ユーザーの現在の要求より古い指示に従ったり、コマンドが失敗すると諦めたりすることにうんざりしたことから、個人ツールとして始まりました。そこから生まれたのが、モデルの方向性を保つシステムです：憲法的なプロンプト階層、構造化された信頼境界、並列サブエージェント、プレフィックスキャッシュ対応のコンテキスト管理、そしてモデルが自己修正するための十分なシグナルを提供する検証の鼓動。
-
-DeepSeek V4 はこのハーネスの一部を書くのを手伝いました。これは重要です——CodeWhale がすでに V4 を使う最も効果的な方法であり、V4 が改善するにつれてハーネスも改善することを意味します。各ターンがより良いプロンプト、より良いルール、より良いハンドオフを残します。次のターンはより強い位置から始まります。
-
-### ハーネスの仕組み
+## ハーネスの仕組み
 
 エージェントモデルは大規模な相反する情報を扱います：ユーザーの意図、プロジェクトルール、システムデフォルト、ツール出力、古いメモリが単一ターンで権威を競い合います。LLM が裁判官として機能するには管轄権が必要です——衝突したとき、どの情報源が勝つのか？
 
@@ -178,7 +116,7 @@ codewhale --version
 codewhale --model auto
 ```
 
-ビルド済みバイナリは **Linux x64**、**Linux ARM64**（v0.8.8 以降）、**macOS x64**、**macOS ARM64**、**Windows x64** 向けに公開されています。その他のターゲット（musl、riscv64、FreeBSD など）は [ソースからのインストール](#install-from-source) または [docs/INSTALL.md](docs/INSTALL.md) を参照してください。
+ビルド済みバイナリペアとプラットフォームアーカイブは **Linux x64**、**Linux ARM64**（v0.8.8 以降）、**macOS x64**、**macOS ARM64**、**Windows x64** 向けに公開されています。その他のターゲット（musl、riscv64、FreeBSD など）は [ソースからのインストール](#install-from-source) または [docs/INSTALL.md](docs/INSTALL.md) を参照してください。
 
 初回起動時に [DeepSeek API キー](https://platform.deepseek.com/api_keys) の入力を求められます。キーは `~/.deepseek/config.toml` に保存されるため、OS のクレデンシャルプロンプトなしに任意のディレクトリから利用できます。
 
@@ -224,10 +162,15 @@ codewhale --version
 
 ### Windows（Scoop）
 
-[Scoop](https://scoop.sh) は Windows のパッケージマネージャです。インストール後、次を実行してください:
+[Scoop](https://scoop.sh) は Windows のパッケージマネージャです。`codewhale`
+パッケージは Scoop main bucket にありますが、manifest は GitHub/npm/Cargo
+リリースより遅れることがあります。先に更新し、インストール後に
+`codewhale --version` で確認してください:
 
 ```bash
-scoop install deepseek-tui
+scoop update
+scoop install codewhale
+codewhale --version
 ```
 
 
diff --git a/README.md b/README.md
index f8c9c5c4..334ae74f 100644
--- a/README.md
+++ b/README.md
@@ -7,11 +7,12 @@
 
 ## Install
 
-`codewhale` is distributed as Rust binaries: the dispatcher command
-(`codewhale`) and the companion TUI runtime (`codewhale-tui`). Pick whichever
-install path you already use; they all put the same commands on your `PATH`.
-The npm package is an installer/wrapper for the release binaries, not the
-agent runtime itself.
+`codewhale` installs as a matched pair of self-contained Rust release binaries:
+the `codewhale` dispatcher command and the sibling `codewhale-tui` runtime it
+launches for interactive sessions. npm, Homebrew, and Docker install both for
+you; Cargo and manual installs must put both binaries in the same directory
+(normally a directory on your `PATH`). The npm package is only an
+installer/wrapper for those release binaries; the agent does not run on Node.
 
 ```bash
 # 1. npm — easiest if you already use Node. The package downloads the
@@ -25,12 +26,14 @@ cargo install codewhale-cli --locked   # `codewhale` (entry point)
 cargo install codewhale-tui     --locked   # `codewhale-tui` (TUI binary)
 
 # 3. Homebrew — macOS package manager.
+#    The tap/formula name is legacy; it installs codewhale and codewhale-tui.
 brew tap Hmbown/deepseek-tui
 brew install deepseek-tui
 
-# 4. Direct download — no package manager or toolchain.
+# 4. Direct download — platform archive from GitHub Releases.
 #    https://github.com/Hmbown/CodeWhale/releases
-#    Prebuilt for Linux x64/ARM64, macOS x64/ARM64, Windows x64.
+#    Archives include both codewhale and codewhale-tui plus an install script.
+#    Individual binaries are also attached for scripts; keep the pair together.
 
 # 5. Docker — prebuilt release image.
 docker volume create codewhale-home
@@ -84,83 +87,10 @@ CodeWhale is that harness, built around DeepSeek V4 and guided by three ideas:
 | **Clear jurisdiction** | A written Constitution with nine tiers of authority. User intent outranks stale instructions. Verification outranks confidence. |
 | **Recursive improvement** | V4 helped write the harness. As the harness improves, V4 becomes more effective — and helps improve the harness further. Each turn starts stronger. |
 
-It's open source, self-contained in a single binary, and built for the terminal.
+It's open source, terminal-native, and packaged as a matched `codewhale` /
+`codewhale-tui` Rust binary pair.
 
-
-## Install
-
-`codewhale` is distributed as Rust binaries: the dispatcher command
-(`codewhale`) and the companion TUI runtime (`codewhale-tui`). Pick whichever
-install path you already use; they all put the same commands on your `PATH`.
-The npm package is an installer/wrapper for the release binaries, not the
-agent runtime itself.
-
-```bash
-# 1. npm — easiest if you already use Node. The package downloads the
-#    matching prebuilt Rust binaries from GitHub Releases.
-npm install -g codewhale
-
-# 2. Cargo — no Node needed. Requires Rust 1.88+ (the crates use the
-#    2024 edition; older toolchains fail with "feature `edition2024` is
-#    required"). Run `rustup update` first, or use a non-Cargo path below.
-cargo install codewhale-cli --locked   # `codewhale` (entry point)
-cargo install codewhale-tui     --locked   # `codewhale-tui` (TUI binary)
-
-# 3. Homebrew — macOS package manager.
-brew tap Hmbown/deepseek-tui
-brew install deepseek-tui
-
-# 4. Direct download — no package manager or toolchain.
-#    https://github.com/Hmbown/CodeWhale/releases
-#    Prebuilt for Linux x64/ARM64, macOS x64/ARM64, Windows x64.
-
-# 5. Docker — prebuilt release image.
-docker volume create codewhale-home
-docker run --rm -it \
-  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-  -v codewhale-home:/home/codewhale/.deepseek \
-  -v "$PWD:/workspace" \
-  -w /workspace \
-  ghcr.io/hmbown/codewhale:latest
-```
-
-> In mainland China, speed up the npm path with
-> `--registry=https://registry.npmmirror.com`, or use the
-> [Cargo mirror](#china--mirror-friendly-installation) below.
->
-> Download safety: official release binaries live under
-> `https://github.com/Hmbown/CodeWhale/releases`. For manual downloads,
-> verify the SHA-256 manifest and avoid look-alike repositories or search-result
-> mirrors. See [download safety and checksums](docs/INSTALL.md#2-download-safety-and-checksums).
-
-Already installed? Use the updater that matches the install path:
-
-```bash
-codewhale update                         # release-binary updater
-npm install -g codewhale@latest      # npm wrapper
-brew update && brew upgrade deepseek-tui
-cargo install codewhale-cli --locked --force
-cargo install codewhale-tui     --locked --force
-```
-
-[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
-[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
-[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
-[DeepWiki project index](https://deepwiki.com/Hmbown/CodeWhale)
-
-![codewhale screenshot](assets/screenshot.png)
-
----
-
-## What Is It?
-
-A model answers a question. An agent finishes a task. The difference is the harness — the operating environment that surrounds the model with rules, tools, evidence, and feedback loops.
-
-CodeWhale is that harness, built around DeepSeek V4 Pro and Flash. It started as a personal tool because the maintainer got tired of models losing track mid-task, obeying stale instructions over the user's current request, or giving up when a command failed. What emerged was a system that keeps the model oriented: a constitutional prompt hierarchy, structured trust boundaries, parallel sub-agents, prefix-cache-aware context management, and verification beats that give the model enough signal to self-correct.
-
-DeepSeek V4 helped write parts of this harness. That matters because it means CodeWhale is already the most effective way to use V4 — and as V4 improves, the harness improves with it. Each turn leaves behind better prompts, better rules, and better handoffs. The next turn starts from a stronger position.
-
-### How the harness works
+## How the Harness Works
 
 Agentic models deal with conflicting information at scale: user intent,
 project rules, system defaults, tool output, and stale memory all compete
@@ -244,7 +174,7 @@ codewhale --version
 codewhale --model auto
 ```
 
-Prebuilt binaries are published for **Linux x64**, **Linux ARM64** (v0.8.8+), **macOS x64**, **macOS ARM64**, and **Windows x64**. For other targets (musl, riscv64, FreeBSD, etc.), see [Install from source](#install-from-source) or [docs/INSTALL.md](docs/INSTALL.md).
+Prebuilt binary pairs and platform archives are published for **Linux x64**, **Linux ARM64** (v0.8.8+), **macOS x64**, **macOS ARM64**, and **Windows x64**. For other targets (musl, riscv64, FreeBSD, etc.), see [Install from source](#install-from-source) or [docs/INSTALL.md](docs/INSTALL.md).
 
 On first launch you'll be prompted for your [DeepSeek API key](https://platform.deepseek.com/api_keys). The key is saved to `~/.deepseek/config.toml` so it works from any directory without OS credential prompts.
 
@@ -330,7 +260,7 @@ version with `codewhale --version`:
 
 ```bash
 scoop update
-scoop install deepseek-tui
+scoop install codewhale
 codewhale --version
 ```
 
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 080c529e..314b5955 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -1,32 +1,36 @@
 # CodeWhale
 
-> **面向 [DeepSeek V4](https://platform.deepseek.com) 的终端原生编程智能体：100 万 token 上下文、思考模式流式推理、前缀缓存感知。自包含 Rust 二进制发布——开箱即带 MCP 客户端、沙箱和持久化任务队列。**
+> **面向 [DeepSeek V4](https://platform.deepseek.com) 的终端原生编程智能体：100 万 token 上下文、思考模式流式推理、前缀缓存感知。以 `codewhale` 调度器和 `codewhale-tui` 运行时这一组自包含 Rust 二进制发布——开箱即带 MCP 客户端、沙箱和持久化任务队列。**
 
 [English README](README.md)
 [日本語 README](README.ja-JP.md)
 
 ## 安装
 
-`codewhale` 是自包含 Rust 二进制——**运行时不依赖 Node.js 或 Python**。
-下面几种方式装出来的是同一套二进制，按你已有的工具链选一个即可：
+`codewhale` 以一组自包含 Rust 发布二进制安装：`codewhale` 调度器命令，
+以及它在交互会话中启动的同级 `codewhale-tui` 运行时。npm、Homebrew 和
+Docker 会自动安装这两个二进制；Cargo 或手动下载时必须把两者放在同一目录
+（通常是 `PATH` 上的某个目录）。运行时不依赖 Node.js 或 Python。
 
 ```bash
 # 1. npm —— 已装 Node 的最方便方式。npm 包只是一个下载器，
-#    会从 GitHub Releases 拉取对应平台的预编译二进制，
+#    会从 GitHub Releases 拉取对应平台的预编译二进制对，
 #    并不会让 codewhale 本身依赖 Node 运行时。
 npm install -g codewhale
 
-# 2. Cargo —— 无需 Node。
+# 2. Cargo —— 无需 Node，两个 crate 都要安装。
 cargo install codewhale-cli --locked   # `codewhale` 入口
 cargo install codewhale-tui     --locked   # `codewhale-tui` TUI 二进制
 
 # 3. Homebrew —— macOS 包管理器。
+#    tap/formula 名称仍是旧名；实际安装 codewhale 和 codewhale-tui。
 brew tap Hmbown/deepseek-tui
 brew install deepseek-tui
 
-# 4. 直接下载 —— 无需任何工具链。
+# 4. 直接下载 —— GitHub Releases 的平台压缩包。
 #    https://github.com/Hmbown/CodeWhale/releases
-#    覆盖 Linux x64/ARM64、macOS x64/ARM64、Windows x64
+#    压缩包包含 codewhale 和 codewhale-tui 以及安装脚本；
+#    也提供单独二进制给脚本使用，手动安装时请把这一对放在一起。
 
 # 5. Docker —— 预构建发布镜像。
 docker volume create codewhale-home
@@ -77,78 +81,9 @@ CodeWhale 就是这套框架，围绕 DeepSeek V4 构建，基于三个理念：
 | **清晰的管辖权** | 成文宪法，九层权威。用户意图优先于陈旧指令。验证优先于自信。 |
 | **递归改进** | V4 参与了框架的编写。框架改进 → V4 更高效 → 进一步改进框架。每轮从更强的位置开始。 |
 
-开源、单二进制自包含、为终端构建。
+开源、终端原生，并以 `codewhale` / `codewhale-tui` 这一组 Rust 二进制发布。
 
-
-## 安装
-
-`codewhale` 是自包含 Rust 二进制——**运行时不依赖 Node.js 或 Python**。
-下面几种方式装出来的是同一套二进制，按你已有的工具链选一个即可：
-
-```bash
-# 1. npm —— 已装 Node 的最方便方式。npm 包只是一个下载器，
-#    会从 GitHub Releases 拉取对应平台的预编译二进制，
-#    并不会让 codewhale 本身依赖 Node 运行时。
-npm install -g codewhale
-
-# 2. Cargo —— 无需 Node。
-cargo install codewhale-cli --locked   # `codewhale` 入口
-cargo install codewhale-tui     --locked   # `codewhale-tui` TUI 二进制
-
-# 3. Homebrew —— macOS 包管理器。
-brew tap Hmbown/deepseek-tui
-brew install deepseek-tui
-
-# 4. 直接下载 —— 无需任何工具链。
-#    https://github.com/Hmbown/CodeWhale/releases
-#    覆盖 Linux x64/ARM64、macOS x64/ARM64、Windows x64
-
-# 5. Docker —— 预构建发布镜像。
-docker volume create codewhale-home
-docker run --rm -it \
-  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-  -v codewhale-home:/home/codewhale/.deepseek \
-  -v "$PWD:/workspace" \
-  -w /workspace \
-  ghcr.io/hmbown/codewhale:latest
-```
-
-> 中国大陆访问较慢时，npm 可加 `--registry=https://registry.npmmirror.com`，
-> 或使用下方的 [Cargo 镜像](#中国大陆--镜像友好安装)。
->
-> 下载安全：官方二进制只发布在
-> `https://github.com/Hmbown/CodeWhale/releases`。手动下载时请校验
-> SHA-256 manifest，并避免相似仓库名或搜索结果里的镜像站。详见
-> [下载安全与校验](docs/INSTALL.md#2-download-safety-and-checksums)。
-
-已经安装过？按你的安装方式更新：
-
-```bash
-codewhale update                         # release 二进制更新器
-npm install -g codewhale@latest      # npm 包装器
-brew update && brew upgrade deepseek-tui
-cargo install codewhale-cli --locked --force
-cargo install codewhale-tui     --locked --force
-```
-
-[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
-[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
-[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
-[DeepWiki project index](https://deepwiki.com/Hmbown/CodeWhale)
-
-![codewhale 截图](assets/screenshot.png)
-
----
-
-## 这是什么？
-
-模型回答问题。智能体完成任务。区别在于运行框架——包围模型的规则、工具、证据和反馈循环。
-
-CodeWhale 就是这套框架，围绕 DeepSeek V4 Pro 和 Flash 构建。它最初是一个个人工具，因为维护者受够了模型在任务中途迷失方向、服从过时指令而非用户当前请求、或者命令失败就放弃。结果诞生了一个让模型保持方向的系统：宪政提示层级、结构化信任边界、并行子智能体、前缀缓存感知的上下文管理、以及让模型有足够信号来自我校正的验证节拍。
-
-DeepSeek V4 参与了这套框架的部分编写。这很重要——它意味着 CodeWhale 已经是使用 V4 最有效的方式，并且随着 V4 的改进，框架也会随之改进。每一轮都留下更好的提示、更好的规则、更好的交接。下一轮从一个更强的位置开始。
-
-### 框架如何工作
+## 框架如何工作
 
 智能体模型面临大规模的冲突信息：用户意图、项目规则、系统默认值、工具输出和陈旧记忆在单轮对话中争夺权威。LLM 作为裁判需要管辖权——当它们冲突时，哪个来源胜出？
 
@@ -199,7 +134,7 @@ codewhale --version
 codewhale --model auto
 ```
 
-预构建二进制覆盖 **Linux x64**、**Linux ARM64**（v0.8.8 起）、**macOS x64**、**macOS ARM64** 和 **Windows x64**。其他目标平台（musl、riscv64、FreeBSD 等）请见下方的[从源码安装](#从源码安装)或 [docs/INSTALL.md](docs/INSTALL.md)。
+预构建二进制对和平台压缩包覆盖 **Linux x64**、**Linux ARM64**（v0.8.8 起）、**macOS x64**、**macOS ARM64** 和 **Windows x64**。其他目标平台（musl、riscv64、FreeBSD 等）请见下方的[从源码安装](#从源码安装)或 [docs/INSTALL.md](docs/INSTALL.md)。
 
 首次启动时会提示输入 [DeepSeek API key](https://platform.deepseek.com/api_keys)。密钥保存到 `~/.deepseek/config.toml`，在任意目录、IDE 终端和脚本中都能使用，不会触发系统密钥环弹窗。
 
@@ -277,7 +212,7 @@ release。先运行 `scoop update`，安装后用 `codewhale --version` 核对
 
 ```bash
 scoop update
-scoop install deepseek-tui
+scoop install codewhale
 codewhale --version
 ```
 
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index ab4ef018..473618b5 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -12,8 +12,8 @@ If you just want the short version, see the
 
 ## 1. Supported platforms
 
-`codewhale-tui` ships prebuilt binaries for these
-platform/architecture combinations from v0.8.8 onward:
+CodeWhale ships matched `codewhale` and `codewhale-tui` prebuilt binaries for
+these platform/architecture combinations from v0.8.8 onward:
 
 | Platform     | Architecture | npm install | `cargo install` | GitHub release asset                                  |
 | ------------ | ------------ | :---------: | :-------------: | ----------------------------------------------------- |
@@ -49,7 +49,7 @@ systems such as Alpine should use [Build from source](#7-build-from-source).
 
 Official release binaries are published only from
 `https://github.com/Hmbown/CodeWhale/releases` and the npm package named
-`codewhale-tui`. Do not install release assets from look-alike repositories,
+`codewhale`. Do not install release assets from look-alike repositories,
 archives, or search-result mirrors unless you deliberately trust that mirror.
 
 Every GitHub release includes `codewhale-artifacts-sha256.txt`. If you download
diff --git a/web/lib/facts.generated.ts b/web/lib/facts.generated.ts
index 642acbfe..d7cbe216 100644
--- a/web/lib/facts.generated.ts
+++ b/web/lib/facts.generated.ts
@@ -18,8 +18,8 @@ export interface RepoFacts {
 }
 
 export const FACTS: RepoFacts = {
-  "generatedAt": "2026-05-26T15:45:43.239Z",
-  "version": "0.8.45",
+  "generatedAt": "2026-05-26T17:03:21.939Z",
+  "version": "0.8.46",
   "crates": [
     "agent",
     "app-server",
diff --git a/web/redirect/src/index.ts b/web/redirect/src/index.ts
new file mode 100644
index 00000000..07f803ab
--- /dev/null
+++ b/web/redirect/src/index.ts
@@ -0,0 +1,7 @@
+export default {
+  fetch(request: Request): Response {
+    const url = new URL(request.url);
+    url.host = "codewhale.net";
+    return Response.redirect(url.toString(), 301);
+  },
+};
diff --git a/web/redirect/wrangler.jsonc b/web/redirect/wrangler.jsonc
new file mode 100644
index 00000000..6d910310
--- /dev/null
+++ b/web/redirect/wrangler.jsonc
@@ -0,0 +1,11 @@
+{
+  "$schema": "../node_modules/wrangler/config-schema.json",
+  "name": "deepseek-tui-web",
+  "main": "src/index.ts",
+  "compatibility_date": "2025-04-01",
+  "observability": { "enabled": true },
+  "routes": [
+    { "pattern": "deepseek-tui.com", "custom_domain": true },
+    { "pattern": "www.deepseek-tui.com", "custom_domain": true }
+  ]
+}
diff --git a/web/wrangler.jsonc b/web/wrangler.jsonc
index 6014a3a8..a4073b9d 100644
--- a/web/wrangler.jsonc
+++ b/web/wrangler.jsonc
@@ -1,6 +1,6 @@
 {
   "$schema": "node_modules/wrangler/config-schema.json",
-  "name": "deepseek-tui-web",
+  "name": "codewhale-web",
   "main": "worker.ts",
   "compatibility_date": "2025-04-01",
   "compatibility_flags": ["nodejs_compat", "global_fetch_strictly_public"],
@@ -9,6 +9,10 @@
     "binding": "ASSETS"
   },
   "observability": { "enabled": true },
+  "routes": [
+    { "pattern": "codewhale.net", "custom_domain": true },
+    { "pattern": "www.codewhale.net", "custom_domain": true }
+  ],
   "kv_namespaces": [
     {
       "binding": "CURATED_KV",
@@ -22,7 +26,7 @@
   "vars": {
     "GITHUB_REPO": "Hmbown/CodeWhale",
     "DEEPSEEK_MODEL": "deepseek-v4-flash",
-    "DEEPSEEK_BASE_URL": "https://gateway.ai.cloudflare.com/v1/cf50f793171d7cb3b2ce23368b69cdcb/deepseek-tui-web/deepseek"
+    "DEEPSEEK_BASE_URL": "https://gateway.ai.cloudflare.com/v1/cf50f793171d7cb3b2ce23368b69cdcb/codewhale-web/deepseek"
   },
   "triggers": {
     "crons": [

From e5e34d406309ed74b0a3915c583a416d5153fbbd Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 12:13:30 -0500
Subject: [PATCH 078/283] =?UTF-8?q?fix:=20resolve=20clippy=20warnings=20fo?=
 =?UTF-8?q?r=20Rust=201.95=20=E2=80=94=20vec=5Finit=5Fthen=5Fpush,=20unnec?=
 =?UTF-8?q?essary=5Fmap=5For?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/sandbox/mod.rs     |  2 +-
 crates/tui/src/sandbox/seccomp.rs | 65 +++++++++++++++----------------
 2 files changed, 32 insertions(+), 35 deletions(-)

diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index da0298c3..85a6898c 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -824,7 +824,7 @@ mod tests {
         #[cfg(target_os = "linux")]
         {
             let marker = env.env.get("DEEPSEEK_SANDBOX");
-            assert!(marker.map_or(true, |v| v != "bwrap"));
+            assert!(marker.is_none_or(|v| v != "bwrap"));
         }
         let _ = env;
     }
diff --git a/crates/tui/src/sandbox/seccomp.rs b/crates/tui/src/sandbox/seccomp.rs
index ff0637cf..b384ed8c 100644
--- a/crates/tui/src/sandbox/seccomp.rs
+++ b/crates/tui/src/sandbox/seccomp.rs
@@ -276,40 +276,37 @@ pub fn apply_seccomp_filter() -> std::io::Result<()> {
     ];
 
     // Build the BPF program.
-    let mut filter = Vec::<sock_filter>::new();
-
-    // Instruction 0: load architecture from seccomp_data.arch
-    filter.push(sock_filter {
-        code: BPF_LD | BPF_W | BPF_ABS,
-        jt: 0,
-        jf: 0,
-        k: 4, // offset of arch in seccomp_data
-    });
-
-    // Instruction 1: compare with AUDIT_ARCH_X86_64
-    // If match, jump to next instruction; if not, kill process
-    filter.push(sock_filter {
-        code: BPF_JMP | BPF_JEQ,
-        jt: 0,
-        jf: 1, // jump 1 forward (to KILL) if arch doesn't match
-        k: AUDIT_ARCH_X86_64,
-    });
-
-    // Instruction 2: KILL (wrong architecture)
-    filter.push(sock_filter {
-        code: BPF_RET,
-        jt: 0,
-        jf: 0,
-        k: SECCOMP_RET_KILL_PROCESS,
-    });
-
-    // Instruction 3: load syscall number from seccomp_data.nr
-    filter.push(sock_filter {
-        code: BPF_LD | BPF_W | BPF_ABS,
-        jt: 0,
-        jf: 0,
-        k: 0, // offset of nr in seccomp_data
-    });
+    let mut filter = vec![
+        // Instruction 0: load architecture from seccomp_data.arch
+        sock_filter {
+            code: BPF_LD | BPF_W | BPF_ABS,
+            jt: 0,
+            jf: 0,
+            k: 4, // offset of arch in seccomp_data
+        },
+        // Instruction 1: compare with AUDIT_ARCH_X86_64
+        // If match, jump to next instruction; if not, kill process
+        sock_filter {
+            code: BPF_JMP | BPF_JEQ,
+            jt: 0,
+            jf: 1, // jump 1 forward (to KILL) if arch doesn't match
+            k: AUDIT_ARCH_X86_64,
+        },
+        // Instruction 2: KILL (wrong architecture)
+        sock_filter {
+            code: BPF_RET,
+            jt: 0,
+            jf: 0,
+            k: SECCOMP_RET_KILL_PROCESS,
+        },
+        // Instruction 3: load syscall number from seccomp_data.nr
+        sock_filter {
+            code: BPF_LD | BPF_W | BPF_ABS,
+            jt: 0,
+            jf: 0,
+            k: 0, // offset of nr in seccomp_data
+        },
+    ];
 
     // For each allowed syscall, add a compare+jump to ALLOW.
     // We use a linear scan for simplicity: each JEQ instruction jumps

From aa83446d6b9f62384bdcc10ebcafe4b85a4bc590 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 12:23:49 -0500
Subject: [PATCH 079/283] fix(tests): use cat instead of true in wlcopy test to
 avoid EPIPE

The wlcopy_helper_succeeds_when_binary_returns_zero test used
`true` as a stand-in for wl-copy, but `true` exits immediately
without reading stdin.  On Linux CI runners the process exits
before the parent can write to the pipe, producing EPIPE and
failing the is_ok() assertion.

Switch to `cat` which reads stdin until EOF (when the pipe is
closed) and then exits 0, faithfully modelling a successful
wl-copy invocation.
---
 crates/tui/src/tui/clipboard.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/tui/clipboard.rs b/crates/tui/src/tui/clipboard.rs
index 2eadfd0f..dffadfac 100644
--- a/crates/tui/src/tui/clipboard.rs
+++ b/crates/tui/src/tui/clipboard.rs
@@ -442,7 +442,12 @@ mod tests {
     #[cfg(target_os = "linux")]
     #[test]
     fn wlcopy_helper_succeeds_when_binary_returns_zero() {
-        let result = write_text_with_wlcopy_using_argv("true", "test");
+        // Use `cat` instead of `true` because `true` exits immediately
+        // without reading stdin, causing EPIPE before we can check the
+        // exit status.  `cat` consumes stdin until EOF (when we drop the
+        // pipe) and then exits 0, faithfully modelling a successful
+        // wl-copy invocation.
+        let result = write_text_with_wlcopy_using_argv("cat", "test");
         assert!(result.is_ok());
     }
 

From a06bbe57a6def8e7d80b5c95d642dfe8fa48ec7e Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:09:48 -0500
Subject: [PATCH 080/283] fix(tools): replace cross-await RwLock with Semaphore
 to prevent deadlock

Replace `Arc<RwLock<()>>` in ToolCallRuntime with `Arc<Semaphore>` to
eliminate the risk of a tool re-entering and deadlocking on the same lock.
Parallel tools now acquire then immediately drop the permit, allowing
concurrent execution after any in-flight serial tool finishes. Serial
tools hold the permit for the full duration.

Fixes #2157. Harvested from #1856.

Co-authored-by: Fire-dtx <58944505+Fire-dtx@users.noreply.github.com>
---
 crates/tools/src/lib.rs | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/crates/tools/src/lib.rs b/crates/tools/src/lib.rs
index a7179410..050b840f 100644
--- a/crates/tools/src/lib.rs
+++ b/crates/tools/src/lib.rs
@@ -8,7 +8,7 @@ use async_trait::async_trait;
 use codewhale_protocol::{ToolKind, ToolOutput, ToolPayload};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
-use tokio::sync::RwLock;
+use tokio::sync::Semaphore;
 
 /// Capabilities that a tool may have or require.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
@@ -309,9 +309,19 @@ pub trait ToolHandler: Send + Sync {
     ) -> std::result::Result<ToolOutput, FunctionCallError>;
 }
 
-#[derive(Debug, Default)]
+#[derive(Debug)]
 pub struct ToolCallRuntime {
-    pub parallel_execution: Arc<RwLock<()>>,
+    /// Serialise non-parallel tool executions. Capacity 1 ensures at most one
+    /// serial tool runs at a time, and blocks parallel tools while it runs.
+    serial_semaphore: Arc<Semaphore>,
+}
+
+impl Default for ToolCallRuntime {
+    fn default() -> Self {
+        Self {
+            serial_semaphore: Arc::new(Semaphore::new(1)),
+        }
+    }
 }
 
 #[derive(Default)]
@@ -380,13 +390,20 @@ impl ToolRegistry {
         };
 
         if configured.supports_parallel_tool_calls {
-            let _guard = self.runtime.parallel_execution.read().await;
+            // Parallel tools wait for any in-flight serial tool to finish,
+            // but do not hold the permit so other parallel tools may run concurrently.
+            drop(self.runtime.serial_semaphore.acquire().await
+                .map_err(|_| FunctionCallError::Cancelled { name: call.name })?);
             self.execute_with_timeout(handler, configured.spec.timeout_ms, invocation)
                 .await
         } else {
-            let _guard = self.runtime.parallel_execution.write().await;
+            // Serial tools hold the semaphore for the full execution duration,
+            // preventing other serial AND parallel tools from starting.
+            let _permit = self.runtime.serial_semaphore.acquire().await
+                .map_err(|_| FunctionCallError::Cancelled { name: call.name })?;
             self.execute_with_timeout(handler, configured.spec.timeout_ms, invocation)
                 .await
+            // _permit dropped here, releasing the semaphore.
         }
     }
 

From 84463711b493ab6f22de241c0480a2b49568f0e2 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:14:55 -0500
Subject: [PATCH 081/283] feat(composer): mouse + keyboard text selection with
 copy/cut

Add mouse drag selection and Shift+Arrow text selection in the composer
input box. Ctrl+C copies selected text; Ctrl+X cuts (or toggles mode if
no selection). Selection highlighting uses the theme's selection_bg color.
Mouse coordinate mapping accounts for wrapping, scroll offset, and padding.

Also fix Home, End, Ctrl+A, and Ctrl+E to clear the selection anchor
before jumping, matching the existing Left/Right behavior. Without these
calls a stale anchor silently reforms a selection and can cause unintended
deletions on the next keystroke.

Harvested from #2228.

Co-authored-by: imkingjh999 <imkingjh999@users.noreply.github.com>
---
 CHANGELOG.md                      |  13 ++
 crates/tui/src/tui/app.rs         | 203 +++++++++++++++++++++++++++++-
 crates/tui/src/tui/mouse_ui.rs    | 107 ++++++++++++++++
 crates/tui/src/tui/ui.rs          |  95 ++++++++++++--
 crates/tui/src/tui/widgets/mod.rs | 169 ++++++++++++++++++++++++-
 5 files changed, 575 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6c266c89..007fc825 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- **Composer text selection with copy/cut.** Mouse drag and Shift+Arrow
+  selection in the composer input box, with Ctrl+C copy and Ctrl+X cut
+  support. Home, End, Ctrl+A, and Ctrl+E now clear the selection to prevent
+  accidental deletions on the next keystroke (#2228).
+
+### Fixed
+
+- **Deadlock when spawning multiple concurrent sub-agents.** Replaced
+  `RwLock`-based serialisation with a `Semaphore(1)` in `ToolCallRuntime`,
+  preventing re-entrant tool calls from deadlocking on the same lock (#1856).
+
 ## [0.8.46] - 2026-05-26
 
 ### Added
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 2c3ec0c9..201890ad 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -368,7 +368,7 @@ pub(crate) struct InputHistoryDraft {
     cursor: usize,
 }
 
-fn char_count(text: &str) -> usize {
+pub(crate) fn char_count(text: &str) -> usize {
     text.chars().count()
 }
 
@@ -902,6 +902,10 @@ pub struct ComposerState {
     /// user presses `d` in Normal mode; cleared on the next key (either `d`
     /// to complete `dd`, or any other key to cancel).
     pub vim_pending_d: bool,
+    /// When set, the cursor is the active end of a text selection and
+    /// `selection_anchor` is the fixed end.  Both are char-indexed.
+    /// `None` means no selection is active.
+    pub selection_anchor: Option<usize>,
 }
 
 impl Default for ComposerState {
@@ -926,6 +930,7 @@ impl Default for ComposerState {
             vim_enabled: false,
             vim_mode: VimMode::Normal,
             vim_pending_d: false,
+            selection_anchor: None,
         }
     }
 }
@@ -940,11 +945,21 @@ pub struct ViewportState {
     pub selection_autoscroll: Option<SelectionAutoscroll>,
     pub transcript_scrollbar_dragging: bool,
     pub last_transcript_area: Option<Rect>,
+    pub last_composer_area: Option<Rect>,
     pub last_transcript_top: usize,
     pub last_transcript_visible: usize,
     pub last_transcript_total: usize,
     pub last_transcript_padding_top: usize,
     pub jump_to_latest_button_area: Option<Rect>,
+    /// Inner content rect of the composer (excluding border/padding),
+    /// stored at render time for mouse coordinate mapping.
+    pub last_composer_content: Option<Rect>,
+    /// Number of rendered text lines scrolled off the top of the composer,
+    /// stored at render time for mouse coordinate mapping.
+    pub last_composer_scroll_offset: usize,
+    /// Vertical padding above the first text line in the composer,
+    /// stored at render time for mouse coordinate mapping.
+    pub last_composer_top_padding: usize,
 }
 
 impl Default for ViewportState {
@@ -958,11 +973,15 @@ impl Default for ViewportState {
             selection_autoscroll: None,
             transcript_scrollbar_dragging: false,
             last_transcript_area: None,
+            last_composer_area: None,
             last_transcript_top: 0,
             last_transcript_visible: 0,
             last_transcript_total: 0,
             last_transcript_padding_top: 0,
             jump_to_latest_button_area: None,
+            last_composer_content: None,
+            last_composer_scroll_offset: 0,
+            last_composer_top_padding: 0,
         }
     }
 }
@@ -1809,6 +1828,7 @@ impl App {
                 vim_enabled: composer_vim_enabled,
                 vim_mode: VimMode::Normal,
                 vim_pending_d: false,
+                selection_anchor: None,
             },
             viewport: ViewportState::default(),
             goal: GoalState::default(),
@@ -3124,6 +3144,7 @@ impl App {
         if text.is_empty() {
             return;
         }
+        self.delete_selection();
         self.selected_attachment_index = None;
         let cursor = self.cursor_position.min(char_count(&self.input));
         let byte_index = byte_index_at_char(&self.input, cursor);
@@ -3383,6 +3404,7 @@ impl App {
 
     pub fn insert_char(&mut self, c: char) {
         self.clear_input_history_navigation();
+        self.delete_selection();
         self.selected_attachment_index = None;
         let cursor = self.cursor_position.min(char_count(&self.input));
         let byte_index = byte_index_at_char(&self.input, cursor);
@@ -3409,6 +3431,9 @@ impl App {
 
     pub fn delete_char(&mut self) {
         self.clear_input_history_navigation();
+        if self.delete_selection() {
+            return;
+        }
         self.selected_attachment_index = None;
         if self.cursor_position == 0 {
             return;
@@ -3426,6 +3451,9 @@ impl App {
 
     pub fn delete_char_forward(&mut self) {
         self.clear_input_history_navigation();
+        if self.delete_selection() {
+            return;
+        }
         self.selected_attachment_index = None;
         if self.input.is_empty() {
             return;
@@ -3444,6 +3472,9 @@ impl App {
     /// Delete the word before the cursor.
     pub fn delete_word_backward(&mut self) {
         self.clear_input_history_navigation();
+        if self.delete_selection() {
+            return;
+        }
         self.selected_attachment_index = None;
         if self.cursor_position == 0 {
             return;
@@ -3485,6 +3516,9 @@ impl App {
     /// Delete from the cursor to the start of the line.
     pub fn delete_to_start_of_line(&mut self) {
         self.clear_input_history_navigation();
+        if self.delete_selection() {
+            return;
+        }
         self.selected_attachment_index = None;
         if self.cursor_position == 0 {
             return;
@@ -3510,6 +3544,9 @@ impl App {
     /// Delete the word after the cursor.
     pub fn delete_word_forward(&mut self) {
         self.clear_input_history_navigation();
+        if self.delete_selection() {
+            return;
+        }
         self.selected_attachment_index = None;
         let cursor_byte = byte_index_at_char(&self.input, self.cursor_position);
         if cursor_byte >= self.input.len() {
@@ -3554,6 +3591,13 @@ impl App {
     /// Returns `true` when bytes were moved into the kill buffer.
     pub fn kill_to_end_of_line(&mut self) -> bool {
         self.clear_input_history_navigation();
+        if let Some((start, end)) = self.selection_range() {
+            let sb = byte_index_at_char(&self.input, start);
+            let eb = byte_index_at_char(&self.input, end);
+            self.kill_buffer = self.input[sb..eb].to_string();
+            self.delete_selection();
+            return true;
+        }
         let total_chars = char_count(&self.input);
         let cursor = self.cursor_position.min(total_chars);
         let start_byte = byte_index_at_char(&self.input, cursor);
@@ -3599,6 +3643,7 @@ impl App {
         if self.kill_buffer.is_empty() {
             return false;
         }
+        self.delete_selection();
         self.clear_input_history_navigation();
         let text = self.kill_buffer.clone();
         let cursor = self.cursor_position.min(char_count(&self.input));
@@ -3724,6 +3769,58 @@ impl App {
         self.needs_redraw = true;
     }
 
+    // === Selection helpers ===
+
+    /// Return the (start, end) of the active selection, or `None`.
+    /// `start` is inclusive, `end` is exclusive; both are char indices.
+    pub fn selection_range(&self) -> Option<(usize, usize)> {
+        let anchor = self.selection_anchor?;
+        let cursor = self.cursor_position;
+        if anchor == cursor {
+            return None;
+        }
+        Some(if anchor < cursor {
+            (anchor, cursor)
+        } else {
+            (cursor, anchor)
+        })
+    }
+
+    /// Return the selected text, or empty string if no selection.
+    pub fn selected_text(&self) -> String {
+        self.selection_range()
+            .map(|(s, e)| {
+                let sb = byte_index_at_char(&self.input, s);
+                let eb = byte_index_at_char(&self.input, e);
+                self.input[sb..eb].to_string()
+            })
+            .unwrap_or_default()
+    }
+
+    /// Delete the selected text, place cursor at the start of the deleted range.
+    /// Returns true if a selection was deleted.
+    pub fn delete_selection(&mut self) -> bool {
+        let Some((start, end)) = self.selection_range() else {
+            return false;
+        };
+        let sb = byte_index_at_char(&self.input, start);
+        let eb = byte_index_at_char(&self.input, end);
+        self.input.replace_range(sb..eb, "");
+        self.cursor_position = start;
+        self.selection_anchor = None;
+        self.clear_input_history_navigation();
+        self.slash_menu_hidden = false;
+        self.mention_menu_hidden = false;
+        self.mention_menu_selected = 0;
+        self.needs_redraw = true;
+        true
+    }
+
+    /// Clear the selection without moving the cursor.
+    pub fn clear_selection(&mut self) {
+        self.selection_anchor = None;
+    }
+
     // === Vim composer mode helpers ===
 
     /// Move the cursor to the start of the current logical line (vim `0`).
@@ -3906,6 +4003,7 @@ impl App {
         self.clear_input_history_navigation();
         self.input.clear();
         self.cursor_position = 0;
+        self.selection_anchor = None;
         self.selected_attachment_index = None;
         self.slash_menu_selected = 0;
         self.slash_menu_hidden = false;
@@ -6662,4 +6760,107 @@ mod tests {
         assert_eq!(app.input, "café 你好");
         assert_eq!(app.cursor_position, 7);
     }
+
+    #[test]
+    fn selection_range_returns_none_when_no_anchor() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello world".to_string();
+        app.cursor_position = 5;
+        app.selection_anchor = None;
+        assert!(app.selection_range().is_none());
+    }
+
+    #[test]
+    fn selection_range_returns_ordered_range() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello world".to_string();
+        app.cursor_position = 5;
+        app.selection_anchor = Some(2);
+        assert_eq!(app.selection_range(), Some((2, 5)));
+    }
+
+    #[test]
+    fn selection_range_normalizes_order() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello world".to_string();
+        app.cursor_position = 2;
+        app.selection_anchor = Some(5);
+        assert_eq!(app.selection_range(), Some((2, 5)));
+    }
+
+    #[test]
+    fn selection_range_returns_none_when_anchor_equals_cursor() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello".to_string();
+        app.cursor_position = 3;
+        app.selection_anchor = Some(3);
+        assert!(app.selection_range().is_none());
+    }
+
+    #[test]
+    fn delete_selection_removes_selected_text() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello world".to_string();
+        app.cursor_position = 5;
+        app.selection_anchor = Some(2);
+        assert!(app.delete_selection());
+        assert_eq!(app.input, "he world");
+        assert_eq!(app.cursor_position, 2);
+        assert!(app.selection_anchor.is_none());
+    }
+
+    #[test]
+    fn insert_char_replaces_selection() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello world".to_string();
+        app.cursor_position = 5;
+        app.selection_anchor = Some(2);
+        app.insert_char('X');
+        assert_eq!(app.input, "heX world");
+        assert_eq!(app.cursor_position, 3);
+        assert!(app.selection_anchor.is_none());
+    }
+
+    #[test]
+    fn delete_char_removes_selection_instead_of_single_char() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello world".to_string();
+        app.cursor_position = 5;
+        app.selection_anchor = Some(2);
+        app.delete_char();
+        assert_eq!(app.input, "he world");
+        assert_eq!(app.cursor_position, 2);
+    }
+
+    #[test]
+    fn selected_text_returns_correct_substring() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello world".to_string();
+        app.cursor_position = 5;
+        app.selection_anchor = Some(2);
+        assert_eq!(app.selected_text(), "llo");
+    }
+
+    #[test]
+    fn insert_str_replaces_selection() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello world".to_string();
+        app.cursor_position = 5;
+        app.selection_anchor = Some(2);
+        app.insert_str("yo");
+        assert_eq!(app.input, "heyo world");
+        assert_eq!(app.cursor_position, 4);
+        assert!(app.selection_anchor.is_none());
+    }
+
+    #[test]
+    fn delete_selection_noop_when_no_selection() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input = "hello".to_string();
+        app.cursor_position = 3;
+        app.selection_anchor = None;
+        assert!(!app.delete_selection());
+        assert_eq!(app.input, "hello");
+        assert_eq!(app.cursor_position, 3);
+    }
 }
diff --git a/crates/tui/src/tui/mouse_ui.rs b/crates/tui/src/tui/mouse_ui.rs
index c3c985c1..47e323a7 100644
--- a/crates/tui/src/tui/mouse_ui.rs
+++ b/crates/tui/src/tui/mouse_ui.rs
@@ -2,6 +2,8 @@ use std::time::{Duration, Instant};
 
 use crossterm::event::{MouseButton, MouseEvent, MouseEventKind};
 use ratatui::layout::Rect;
+use unicode_segmentation::UnicodeSegmentation;
+use unicode_width::UnicodeWidthStr;
 
 use crate::tui::app::App;
 use crate::tui::command_palette::{
@@ -37,6 +39,91 @@ pub(crate) fn should_drop_loading_mouse_motion(app: &App, mouse: MouseEvent) ->
     }
 }
 
+/// Map a mouse (column, row) within the composer area to a char index
+/// in the composer input string. Uses the inner content rect (border-aware)
+/// for coordinate mapping, and accounts for vertical padding and scroll offset.
+fn mouse_pos_to_char_index(app: &App, col: u16, row: u16, inner: Rect) -> Option<usize> {
+    let rel_col = col.saturating_sub(inner.x) as usize;
+    let rel_row = row.saturating_sub(inner.y) as usize;
+
+    if app.input.is_empty() {
+        return Some(0);
+    }
+
+    let width = inner.width.max(1) as usize;
+    let wrapped = crate::tui::widgets::wrap_input_lines_for_mouse(&app.input, width);
+
+    // Subtract the vertical top-padding (centering of short inputs).
+    let text_row = rel_row.saturating_sub(app.viewport.last_composer_top_padding);
+
+    // Add the scroll offset (lines scrolled out of view).
+    let absolute_row = text_row + app.viewport.last_composer_scroll_offset;
+
+    if absolute_row >= wrapped.len() {
+        return Some(app.input.chars().count());
+    }
+
+    let (line_start, line_text) = &wrapped[absolute_row];
+
+    let mut char_offset = 0usize;
+    let mut col_used = 0usize;
+    for g in line_text.graphemes(true) {
+        let gw = g.width();
+        if col_used + gw > rel_col {
+            break;
+        }
+        col_used += gw;
+        char_offset += g.chars().count();
+    }
+    Some(line_start + char_offset)
+}
+
+/// Handle mouse events within the composer area.
+/// Returns true if the event was consumed.
+pub(crate) fn handle_composer_mouse(app: &mut App, mouse: MouseEvent) -> bool {
+    // Use outer area for hit-testing (includes border).
+    let Some(area) = app.viewport.last_composer_area else {
+        return false;
+    };
+    if mouse.column < area.x
+        || mouse.column >= area.x + area.width
+        || mouse.row < area.y
+        || mouse.row >= area.y + area.height
+    {
+        return false;
+    }
+    // Use inner content rect for coordinate-to-char mapping (border-aware).
+    let inner = app.viewport.last_composer_content.unwrap_or(area);
+
+    match mouse.kind {
+        MouseEventKind::Down(MouseButton::Left) => {
+            if let Some(pos) = mouse_pos_to_char_index(app, mouse.column, mouse.row, inner) {
+                app.cursor_position = pos;
+                app.selection_anchor = None;
+                app.needs_redraw = true;
+            }
+            true
+        }
+        MouseEventKind::Drag(MouseButton::Left) => {
+            if let Some(pos) = mouse_pos_to_char_index(app, mouse.column, mouse.row, inner) {
+                if app.selection_anchor.is_none() {
+                    app.selection_anchor = Some(app.cursor_position);
+                }
+                app.cursor_position = pos;
+                app.needs_redraw = true;
+            }
+            true
+        }
+        MouseEventKind::Up(MouseButton::Left) => {
+            if app.selection_anchor == Some(app.cursor_position) {
+                app.selection_anchor = None;
+            }
+            true
+        }
+        _ => false,
+    }
+}
+
 pub(crate) fn handle_mouse_event(app: &mut App, mouse: MouseEvent) -> Vec<ViewEvent> {
     if app.view_stack.top_kind() == Some(ModalKind::ContextMenu) {
         if matches!(mouse.kind, MouseEventKind::Down(MouseButton::Right)) {
@@ -52,6 +139,11 @@ pub(crate) fn handle_mouse_event(app: &mut App, mouse: MouseEvent) -> Vec<ViewEv
         return app.view_stack.handle_mouse(mouse);
     }
 
+    // Composer mouse events take priority over transcript.
+    if handle_composer_mouse(app, mouse) {
+        return Vec::new();
+    }
+
     match mouse.kind {
         MouseEventKind::Moved => {
             // Update last mouse position for tooltip rendering.
@@ -585,6 +677,10 @@ pub(crate) fn selection_point_from_position(
 }
 
 pub(crate) fn selection_has_content(app: &App) -> bool {
+    // Composer selection takes priority (same as Cmd+C handler above).
+    if !app.selected_text().is_empty() {
+        return true;
+    }
     selection_to_text(app).is_some_and(|text| !text.is_empty())
 }
 
@@ -613,6 +709,17 @@ pub(crate) fn ctrl_c_disposition(app: &App) -> CtrlCDisposition {
 }
 
 pub(crate) fn copy_active_selection(app: &mut App) {
+    // Composer selection takes priority.
+    let sel = app.selected_text();
+    if !sel.is_empty() {
+        if app.clipboard.write_text(&sel).is_ok() {
+            app.status_message = Some("Selection copied".to_string());
+        } else {
+            app.status_message = Some("Copy failed".to_string());
+        }
+        app.clear_selection();
+        return;
+    }
     if !app.viewport.transcript_selection.is_active() {
         return;
     }
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 2ba52ef9..7c77715d 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -2969,7 +2969,17 @@ async fn run_event_loop(
                 KeyCode::Char('c') | KeyCode::Char('C')
                     if key_shortcuts::is_copy_shortcut(&key) =>
                 {
-                    copy_active_selection(app);
+                    let sel = app.selected_text();
+                    if !sel.is_empty() {
+                        if app.clipboard.write_text(&sel).is_ok() {
+                            app.push_status_toast("Copied to clipboard", StatusToastLevel::Info, None);
+                            app.clear_selection();
+                        } else {
+                            app.push_status_toast("Copy failed", StatusToastLevel::Error, None);
+                        }
+                    } else {
+                        copy_active_selection(app);
+                    }
                 }
                 KeyCode::Char('c') if key.modifiers.contains(KeyModifiers::CONTROL) => {
                     // Four behaviors layered on Ctrl+C in priority order — see
@@ -3482,16 +3492,32 @@ async fn run_event_loop(
                     app.delete_char_forward();
                 }
                 KeyCode::Delete => {}
+                KeyCode::Left if key.modifiers.contains(KeyModifiers::SHIFT) => {
+                    if app.selection_anchor.is_none() {
+                        app.selection_anchor = Some(app.cursor_position);
+                    }
+                    app.move_cursor_left();
+                }
                 KeyCode::Left if is_word_cursor_modifier(key.modifiers) => {
+                    app.clear_selection();
                     app.move_cursor_word_backward();
                 }
                 KeyCode::Left => {
+                    app.clear_selection();
                     app.move_cursor_left();
                 }
+                KeyCode::Right if key.modifiers.contains(KeyModifiers::SHIFT) => {
+                    if app.selection_anchor.is_none() {
+                        app.selection_anchor = Some(app.cursor_position);
+                    }
+                    app.move_cursor_right();
+                }
                 KeyCode::Right if is_word_cursor_modifier(key.modifiers) => {
+                    app.clear_selection();
                     app.move_cursor_word_forward();
                 }
                 KeyCode::Right => {
+                    app.clear_selection();
                     app.move_cursor_right();
                 }
                 KeyCode::Home if key.modifiers.contains(KeyModifiers::CONTROL) => {
@@ -3507,15 +3533,19 @@ async fn run_event_loop(
                 KeyCode::Home | KeyCode::Char('a')
                     if key.modifiers.contains(KeyModifiers::CONTROL) =>
                 {
+                    app.clear_selection();
                     app.move_cursor_start();
                 }
                 KeyCode::Home => {
+                    app.clear_selection();
                     app.move_cursor_line_start();
                 }
                 KeyCode::End => {
+                    app.clear_selection();
                     app.move_cursor_line_end();
                 }
                 KeyCode::Char('e') if key.modifiers.contains(KeyModifiers::CONTROL) => {
+                    app.clear_selection();
                     app.move_cursor_end();
                 }
                 KeyCode::Char('o') if key.modifiers.contains(KeyModifiers::CONTROL) => {
@@ -3618,12 +3648,22 @@ async fn run_event_loop(
                     }
                 }
                 KeyCode::Char('x') if key.modifiers.contains(KeyModifiers::CONTROL) => {
-                    let new_mode = match app.mode {
-                        AppMode::Plan => AppMode::Agent,
-                        AppMode::Agent => AppMode::Yolo,
-                        AppMode::Yolo => AppMode::Plan,
-                    };
-                    app.set_mode(new_mode);
+                    let sel = app.selected_text();
+                    if !sel.is_empty() {
+                        if app.clipboard.write_text(&sel).is_ok() {
+                            app.push_status_toast("Cut to clipboard", StatusToastLevel::Info, None);
+                            app.delete_selection();
+                        } else {
+                            app.push_status_toast("Cut failed", StatusToastLevel::Error, None);
+                        }
+                    } else {
+                        let new_mode = match app.mode {
+                            AppMode::Plan => AppMode::Agent,
+                            AppMode::Agent => AppMode::Yolo,
+                            AppMode::Yolo => AppMode::Plan,
+                        };
+                        app.set_mode(new_mode);
+                    }
                 }
                 _ if key_shortcuts::is_paste_shortcut(&key) => {
                     app.paste_from_clipboard();
@@ -5826,6 +5866,47 @@ fn render(f: &mut Frame, app: &mut App) {
         composer_widget.render(chunks[3], buf);
         composer_widget.cursor_pos(chunks[3])
     };
+    app.viewport.last_composer_area = Some(chunks[3]);
+    {
+        let area = chunks[3];
+        let has_panel = app.composer_border && area.height >= 3 && area.width >= 12;
+        let inner = if has_panel {
+            ratatui::widgets::Block::default()
+                .borders(ratatui::widgets::Borders::ALL)
+                .inner(area)
+        } else {
+            area
+        };
+        app.viewport.last_composer_content = Some(inner);
+
+        // Compute scroll offset and top padding for mouse coordinate mapping.
+        let input_text = app.composer_display_input();
+        let input_cursor = app.composer_display_cursor();
+        let content_width = usize::from(inner.width.max(1));
+        let menu_lines = ComposerWidget::new(
+            app,
+            composer_max_height,
+            &slash_menu_entries,
+            &mention_menu_entries,
+        )
+        .active_menu_reserved_rows();
+        let budget = crate::tui::widgets::composer_input_rows_budget(inner.height, menu_lines);
+        let (_, _, _, scroll_offset) = crate::tui::widgets::layout_input_with_scroll(
+            input_text,
+            input_cursor,
+            content_width,
+            budget,
+        );
+        let visible_lines = if input_text.is_empty() {
+            1
+        } else {
+            // Count wrapped lines (approximation matching the render path).
+            crate::tui::widgets::wrap_input_lines_for_mouse(input_text, content_width).len()
+        };
+        let top_padding = budget.saturating_sub(visible_lines.clamp(1, budget));
+        app.viewport.last_composer_scroll_offset = scroll_offset;
+        app.viewport.last_composer_top_padding = top_padding;
+    }
     if let Some(cursor_pos) = cursor_pos {
         f.set_cursor_position(cursor_pos);
     }
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index f1e395e6..d78c1a96 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -474,7 +474,7 @@ impl<'a> ComposerWidget<'a> {
     /// backend's per-cell write cost makes the layout jitter visible
     /// even though the work is tiny on Unix terminals. See user
     /// feedback in v0.8.8 polish thread.
-    fn active_menu_reserved_rows(&self) -> usize {
+    pub fn active_menu_reserved_rows(&self) -> usize {
         let actual = self.active_menu_row_count();
         if actual == 0 {
             return 0;
@@ -535,8 +535,8 @@ impl Renderable for ComposerWidget<'_> {
         let input_rows_budget =
             composer_input_rows_budget(inner_area.height, menu_lines_for_budget);
         let content_width = usize::from(inner_area.width.max(1));
-        let (visible_lines, _cursor_row, _cursor_col) =
-            layout_input(input_text, input_cursor, content_width, input_rows_budget);
+        let (visible_lines, _cursor_row, _cursor_col, scroll_offset) =
+            layout_input_with_scroll(input_text, input_cursor, content_width, input_rows_budget);
         let is_draft_mode = input_text.contains('\n') || visible_lines.len() > 1;
         if has_panel {
             let border_color = if input_text.trim().is_empty() {
@@ -666,6 +666,25 @@ impl Renderable for ComposerWidget<'_> {
                 placeholder,
                 Style::default().fg(palette::TEXT_MUTED).italic(),
             )));
+        } else if let Some((sel_start, sel_end)) = self.app.selection_range() {
+            let line_ranges = visible_line_char_ranges(
+                &self.app.input,
+                &visible_lines,
+                content_width,
+                scroll_offset,
+            );
+            for (line_text, (line_start, line_end)) in visible_lines.iter().zip(line_ranges.iter())
+            {
+                let spans = line_spans_with_selection(
+                    line_text,
+                    *line_start,
+                    *line_end,
+                    sel_start,
+                    sel_end,
+                    self.app.ui_theme.selection_bg,
+                );
+                input_lines.push(Line::from(spans));
+            }
         } else {
             for line in &visible_lines {
                 input_lines.push(Line::from(Span::styled(
@@ -1938,7 +1957,7 @@ fn build_empty_state_lines(app: &App, area: Rect) -> Vec<Line<'static>> {
     lines
 }
 
-fn composer_input_rows_budget(inner_height: u16, extra_lines: usize) -> usize {
+pub fn composer_input_rows_budget(inner_height: u16, extra_lines: usize) -> usize {
     usize::from(inner_height).saturating_sub(extra_lines).max(1)
 }
 
@@ -2251,6 +2270,17 @@ fn layout_input(
     width: usize,
     max_height: usize,
 ) -> (Vec<String>, usize, usize) {
+    let (visible, visible_cursor_row, visible_cursor_col, _) =
+        layout_input_with_scroll(input, cursor, width, max_height);
+    (visible, visible_cursor_row, visible_cursor_col)
+}
+
+pub fn layout_input_with_scroll(
+    input: &str,
+    cursor: usize,
+    width: usize,
+    max_height: usize,
+) -> (Vec<String>, usize, usize, usize) {
     let mut lines = wrap_input_lines(input, width);
     if lines.is_empty() {
         lines.push(String::new());
@@ -2276,6 +2306,7 @@ fn layout_input(
         visible,
         visible_cursor_row,
         cursor_col.min(width.saturating_sub(1)),
+        start,
     )
 }
 
@@ -2342,6 +2373,34 @@ fn wrap_input_lines(input: &str, width: usize) -> Vec<String> {
     lines
 }
 
+/// For mouse coordinate mapping: returns (char_start_of_line, line_text) pairs
+/// matching the wrapping produced by `wrap_input_lines`.
+pub fn wrap_input_lines_for_mouse(input: &str, width: usize) -> Vec<(usize, String)> {
+    if input.is_empty() || width == 0 {
+        return vec![(0, String::new())];
+    }
+
+    let mut result = Vec::new();
+    let mut char_idx = 0usize;
+
+    for raw_line in input.split('\n') {
+        if raw_line.is_empty() {
+            result.push((char_idx, String::new()));
+            char_idx += 1; // the '\n'
+            continue;
+        }
+        let wrapped = wrap_text(raw_line, width);
+        for wrapped_line in &wrapped {
+            let line_char_len: usize = wrapped_line.chars().count();
+            result.push((char_idx, wrapped_line.clone()));
+            char_idx += line_char_len;
+        }
+        char_idx += 1; // the '\n'
+    }
+
+    result
+}
+
 fn wrap_text(text: &str, width: usize) -> Vec<String> {
     if width == 0 {
         return vec![text.to_string()];
@@ -2383,6 +2442,108 @@ fn wrap_text(text: &str, width: usize) -> Vec<String> {
     lines
 }
 
+/// Compute the (char_start, char_end) range for each visible wrapped line.
+/// `char_start` is inclusive, `char_end` is exclusive.
+/// `scroll_offset` is the number of wrapped lines skipped from the top.
+fn visible_line_char_ranges(
+    input: &str,
+    visible_lines: &[String],
+    width: usize,
+    scroll_offset: usize,
+) -> Vec<(usize, usize)> {
+    if input.is_empty() || width == 0 {
+        return vec![(0, 0); visible_lines.len()];
+    }
+
+    let mut ranges = Vec::new();
+    let mut char_idx = 0usize;
+    let mut line_start = 0usize;
+    let mut line_width = 0usize;
+
+    for g in input.graphemes(true) {
+        if g == "\n" {
+            ranges.push((line_start, char_idx));
+            char_idx += 1;
+            line_start = char_idx;
+            line_width = 0;
+            continue;
+        }
+
+        let gw = g.width();
+        if line_width + gw > width && line_width > 0 {
+            ranges.push((line_start, char_idx));
+            line_start = char_idx;
+            line_width = 0;
+        }
+        char_idx += g.chars().count();
+        line_width += gw;
+        if line_width >= width {
+            ranges.push((line_start, char_idx));
+            line_start = char_idx;
+            line_width = 0;
+        }
+    }
+    ranges.push((line_start, char_idx));
+
+    // Use the actual scroll_offset to align with visible_lines.
+    let start = scroll_offset.min(ranges.len());
+    ranges
+        .into_iter()
+        .skip(start)
+        .take(visible_lines.len())
+        .collect()
+}
+
+fn line_spans_with_selection<'a>(
+    line: &'a str,
+    line_start: usize,
+    line_end: usize,
+    sel_start: usize,
+    sel_end: usize,
+    highlight_bg: Color,
+) -> Vec<Span<'a>> {
+    let normal_style = Style::default().fg(palette::TEXT_PRIMARY);
+    let sel_style = Style::default().fg(palette::TEXT_PRIMARY).bg(highlight_bg);
+
+    // No overlap between this line and the selection
+    if line_end <= sel_start || line_start >= sel_end {
+        return vec![Span::styled(line, normal_style)];
+    }
+
+    let local_sel_start = sel_start.saturating_sub(line_start);
+    let local_sel_end = sel_end.min(line_end).saturating_sub(line_start);
+
+    // Build a Vec of byte offsets for each char boundary, plus one past the end.
+    let mut byte_offsets: Vec<usize> = line.char_indices().map(|(i, _)| i).collect();
+    byte_offsets.push(line.len());
+
+    let b0 = byte_offsets
+        .get(local_sel_start)
+        .copied()
+        .unwrap_or(line.len());
+    let b1 = byte_offsets
+        .get(local_sel_end)
+        .copied()
+        .unwrap_or(line.len());
+
+    let mut spans = Vec::with_capacity(3);
+
+    // Text before selection
+    if b0 > 0 {
+        spans.push(Span::styled(&line[..b0], normal_style));
+    }
+    // Selected text
+    if b1 > b0 {
+        spans.push(Span::styled(&line[b0..b1], sel_style));
+    }
+    // Text after selection
+    if b1 < line.len() {
+        spans.push(Span::styled(&line[b1..], normal_style));
+    }
+
+    spans
+}
+
 #[cfg(test)]
 mod tests {
     use super::{

From a554aa9603d46fa6c8333671b1ff33b03e18fd3e Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:20:25 -0500
Subject: [PATCH 082/283] feat(project-context): add tracing log when context
 file is loaded

Emit a tracing::info! line with the file path and byte size when a
project context file (AGENTS.md, CLAUDE.md, etc.) is successfully loaded.
This helps users and maintainers verify which file was used during
prompt assembly, addressing the confusion reported in #2227.
---
 crates/tui/src/project_context.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crates/tui/src/project_context.rs b/crates/tui/src/project_context.rs
index 7ff922d4..39a8ad29 100644
--- a/crates/tui/src/project_context.rs
+++ b/crates/tui/src/project_context.rs
@@ -384,6 +384,11 @@ pub fn load_project_context(workspace: &Path) -> ProjectContext {
         if file_path.exists() && file_path.is_file() {
             match load_context_file(&file_path) {
                 Ok(content) => {
+                    tracing::info!(
+                        "Loaded project context from {} ({} bytes)",
+                        file_path.display(),
+                        content.len()
+                    );
                     ctx.instructions = Some(content);
                     ctx.source_path = Some(file_path);
                     break;

From 1893f797fb94377817d71a05aac66a54e9841f39 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:25:55 -0500
Subject: [PATCH 083/283] docs: update CHANGELOG for v0.8.47 work

Add entries for deadlock fix (#1856), composer text selection (#2228),
and project context loading tracing (#2227). Add community credits for
@Fire-dtx and @imkingjh999.
---
 CHANGELOG.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 007fc825..3ffd8207 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,12 +14,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   support. Home, End, Ctrl+A, and Ctrl+E now clear the selection to prevent
   accidental deletions on the next keystroke (#2228).
 
+### Changed
+
+- **Project context loading now logs the source file.** A tracing info
+  line is emitted when AGENTS.md, CLAUDE.md, or another context file is
+  successfully loaded into the system prompt, making it easier to verify
+  which file was used during prompt assembly (#2227).
+
 ### Fixed
 
 - **Deadlock when spawning multiple concurrent sub-agents.** Replaced
   `RwLock`-based serialisation with a `Semaphore(1)` in `ToolCallRuntime`,
   preventing re-entrant tool calls from deadlocking on the same lock (#1856).
 
+### Community
+
+Thanks to contributors whose PRs landed in this release:
+**@Fire-dtx** (#1856),
+**@imkingjh999** (#2228).
+
 ## [0.8.46] - 2026-05-26
 
 ### Added

From 0251b4e8e8a3cbc8e19f45b1894666ddd2de76a0 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:39:01 -0500
Subject: [PATCH 084/283] refactor: migrate snapshot and skill_state paths to
 ~/.codewhale

- Add resolve_project_state_dir and ensure_project_state_dir to
  codewhale-config, providing project-local .codewhale/.deepseek
  resolution matching the home-directory pattern.
- Migrate snapshot paths to prefer ~/.codewhale/snapshots with
  ~/.deepseek/snapshots fallback (snapshot_base_with_home).
- Migrate skill_state.rs to use codewhale_config::ensure_state_dir
  instead of hardcoded home.join(".deepseek").
- Update doc comments to reference canonical .codewhale paths.

Part of #2231 (state-root migration).
---
 crates/config/src/lib.rs         | 30 ++++++++++++++++++++++++++++++
 crates/tui/src/skill_state.rs    |  8 +++-----
 crates/tui/src/snapshot/paths.rs | 31 +++++++++++++++++++++----------
 3 files changed, 54 insertions(+), 15 deletions(-)

diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index 9ee6e2fd..ffc78e66 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -1618,6 +1618,36 @@ pub fn ensure_state_dir(subdir: &str) -> Result<PathBuf> {
     Ok(dir)
 }
 
+/// Resolve a project-local state subdirectory, preferring `.codewhale/`
+/// when it exists, falling back to `.deepseek/` for legacy projects.
+///
+/// Returns `(true, path)` when the primary `.codewhale/` path is used,
+/// `(false, path)` for the legacy fallback. The boolean helps callers
+/// emit a deprecation notice on legacy paths.
+pub fn resolve_project_state_dir(
+    workspace: &Path,
+    subdir: &str,
+) -> (bool, PathBuf) {
+    let primary = workspace.join(CODEWHALE_APP_DIR).join(subdir);
+    if primary.exists() {
+        return (true, primary);
+    }
+    let legacy = workspace.join(LEGACY_APP_DIR).join(subdir);
+    (false, legacy)
+}
+
+/// Ensure a project-local state subdirectory exists under `.codewhale/`,
+/// creating it if necessary. Returns the directory path.
+pub fn ensure_project_state_dir(
+    workspace: &Path,
+    subdir: &str,
+) -> Result<PathBuf> {
+    let dir = workspace.join(CODEWHALE_APP_DIR).join(subdir);
+    std::fs::create_dir_all(&dir)
+        .with_context(|| format!("failed to create {}/", dir.display()))?;
+    Ok(dir)
+}
+
 pub fn resolve_config_path(explicit: Option<PathBuf>) -> Result<PathBuf> {
     let path = if let Some(path) = explicit {
         path
diff --git a/crates/tui/src/skill_state.rs b/crates/tui/src/skill_state.rs
index 4816fa8e..245b51f3 100644
--- a/crates/tui/src/skill_state.rs
+++ b/crates/tui/src/skill_state.rs
@@ -5,7 +5,7 @@
 //! filesystem-discovered `SkillRegistry`: the registry tells us which skills
 //! exist on disk, and this store tells API clients which ones are marked active.
 //!
-//! Storage shape (TOML at `~/.deepseek/skills_state.toml`):
+//! Storage shape (TOML at `~/.codewhale/skills_state.toml`, legacy `~/.deepseek/skills_state.toml`):
 //!
 //! ```toml
 //! disabled = ["skill-name-1", "skill-name-2"]
@@ -104,10 +104,8 @@ impl SkillStateStore {
 }
 
 fn default_state_path() -> Result<PathBuf> {
-    let home = dirs::home_dir().context("could not resolve $HOME for ~/.deepseek")?;
-    let dir = home.join(".deepseek");
-    fs::create_dir_all(&dir)
-        .with_context(|| format!("create deepseek state dir at {}", dir.display()))?;
+    let dir = codewhale_config::ensure_state_dir(".")
+        .context("could not resolve or create CodeWhale state directory")?;
     Ok(dir.join(STATE_FILE_NAME))
 }
 
diff --git a/crates/tui/src/snapshot/paths.rs b/crates/tui/src/snapshot/paths.rs
index 90d70091..d1ac8c78 100644
--- a/crates/tui/src/snapshot/paths.rs
+++ b/crates/tui/src/snapshot/paths.rs
@@ -1,18 +1,20 @@
 //! Path resolution for the per-workspace snapshot side-repos.
 //!
-//! Snapshots live in `~/.deepseek/snapshots/<project_hash>/<worktree_hash>/`.
-//! The two-level hash split lets us snapshot multiple worktrees of the same
-//! project independently — `git worktree list` users won't get cross-talk
-//! between feature branches.
+//! Snapshots live under the resolved state directory
+//! (`~/.codewhale/snapshots` or legacy `~/.deepseek/snapshots`) with
+//! a two-level hash split so we can snapshot multiple worktrees of the
+//! same project independently — `git worktree list` users won't get
+//! cross-talk between feature branches.
 
 use std::io;
 use std::path::{Path, PathBuf};
 
 /// Compute the snapshot directory for a given workspace path.
 ///
-/// Returns `~/.deepseek/snapshots/<project_hash>/<worktree_hash>/`. The
-/// caller is responsible for creating it on disk; we purposefully don't
-/// touch the filesystem here so this is cheap to call repeatedly.
+/// Returns `$STATE_DIR/snapshots/<project_hash>/<worktree_hash>/` where
+/// `$STATE_DIR` is resolved via `codewhale_config::resolve_state_dir`.
+/// The caller is responsible for creating it on disk; we purposefully
+/// don't touch the filesystem here so this is cheap to call repeatedly.
 ///
 /// The `project_hash` is derived from the canonicalized workspace path
 /// after stripping any `.worktrees/<name>` suffix — multiple worktrees
@@ -24,7 +26,7 @@ pub fn snapshot_dir_for(workspace: &Path) -> PathBuf {
 }
 
 /// Same as [`snapshot_dir_for`] but with an injectable home directory.
-/// Used by tests so we never touch the user's real `~/.deepseek/`.
+/// Used by tests so they never touch the user's real state directory.
 pub fn snapshot_dir_with_home(workspace: &Path, home: Option<PathBuf>) -> PathBuf {
     let home = home.unwrap_or_else(|| PathBuf::from("."));
     let canonical = workspace
@@ -33,12 +35,21 @@ pub fn snapshot_dir_with_home(workspace: &Path, home: Option<PathBuf>) -> PathBu
     let project_root = strip_worktree_suffix(&canonical);
     let project_hash = stable_hex(&project_root);
     let worktree_hash = stable_hex(&canonical);
-    home.join(".deepseek")
-        .join("snapshots")
+    snapshot_base_with_home(Some(home))
         .join(project_hash)
         .join(worktree_hash)
 }
 
+fn snapshot_base_with_home(home: Option<PathBuf>) -> PathBuf {
+    let home = home.unwrap_or_else(|| PathBuf::from("."));
+    // Prefer .codewhale, fall back to .deepseek
+    let primary = home.join(".codewhale").join("snapshots");
+    if primary.exists() {
+        return primary;
+    }
+    home.join(".deepseek").join("snapshots")
+}
+
 /// Resolve the `.git` directory inside the snapshot dir.
 pub fn snapshot_git_dir(workspace: &Path) -> PathBuf {
     snapshot_dir_for(workspace).join(".git")

From b9596a9640a81bff590ed11ba36cd680ea336c96 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:39:57 -0500
Subject: [PATCH 085/283] fix(tui): flush active cell before inserting steer
 message in transcript

Steered/queued user messages were being inserted into app.history
before the active cell (holding streaming thinking/tool content) was
flushed, causing the user's message to render above (before) the
thinking block that chronologically preceded it.

Now call app.flush_active_cell() before app.add_message() in
steer_user_message(), matching the pattern used in MessageStarted
and MessageDelta handlers.

Fixes #2225.
---
 crates/tui/src/tui/ui.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 7c77715d..c0f1dad4 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -5384,6 +5384,11 @@ async fn steer_user_message(
     engine_handle.steer(content.clone()).await?;
     app.last_submitted_prompt = Some(message.display.clone());
 
+    // Flush any streaming thinking/tool content into history before
+    // inserting the steer message, so the steer appears after (below)
+    // the content that chronologically preceded it.
+    app.flush_active_cell();
+
     // Mirror steer input in local transcript/session state.
     app.add_message(HistoryCell::User {
         content: format!("+ {}", message.display),

From 9540af268f11b2a741cfe720bd271be96bf7bd94 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:45:18 -0500
Subject: [PATCH 086/283] fix(tests): update save-default-path test for managed
 sessions dir

The /save command now writes to ~/.codewhale/sessions (or legacy
~/.deepseek/sessions) instead of the workspace root. Update the test
to set CODEWHALE_HOME to a temp directory and pre-create the sessions
subdirectory so resolve_state_dir picks the primary path.

Fixes the first failing test in #2223.
---
 crates/tui/src/commands/session.rs | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/crates/tui/src/commands/session.rs b/crates/tui/src/commands/session.rs
index bc51683d..316e8c6c 100644
--- a/crates/tui/src/commands/session.rs
+++ b/crates/tui/src/commands/session.rs
@@ -487,22 +487,33 @@ mod tests {
     }
 
     #[test]
-    fn test_save_with_default_path_uses_workspace() {
+    fn test_save_with_default_path_uses_managed_sessions_dir() {
         let tmpdir = TempDir::new().unwrap();
+        // Set CODEWHALE_HOME so the managed sessions directory lands inside the
+        // temp dir rather than the real user home. Pre-create the directory so
+        // resolve_state_dir picks it up instead of falling back to legacy.
+        let home = tmpdir.path().join("home");
+        let sessions_dir = home.join("sessions");
+        std::fs::create_dir_all(&sessions_dir).unwrap();
+        // SAFETY: test-only, single-threaded via cargo test
+        unsafe { std::env::set_var("CODEWHALE_HOME", home.to_str().unwrap()) };
         let mut app = create_test_app_with_tmpdir(&tmpdir);
         let result = save(&mut app, None);
         assert!(result.message.is_some());
         let msg = result.message.unwrap();
-        // Should create file in workspace with timestamp name
         // Give it a moment to ensure file is written
         std::thread::sleep(std::time::Duration::from_millis(10));
-        let entries: Vec<_> = std::fs::read_dir(tmpdir.path())
-            .unwrap()
-            .filter_map(|e| e.ok())
-            .filter(|e| e.file_name().to_string_lossy().starts_with("session_"))
-            .collect();
-        // Test passes if file was created or if save returned success message
-        assert!(!entries.is_empty() || msg.contains("Session saved"));
+        let entries: Vec<_> = if sessions_dir.exists() {
+            std::fs::read_dir(&sessions_dir)
+                .unwrap()
+                .filter_map(|e| e.ok())
+                .filter(|e| e.file_name().to_string_lossy().starts_with("session_"))
+                .collect()
+        } else {
+            Vec::new()
+        };
+        // Session should be saved to the managed dir, not the workspace root.
+        assert!(!entries.is_empty(), "expected session file in {sessions_dir:?}, got none; msg: {msg}");
     }
 
     #[test]

From 187014d7d5760390a121dbb11c566c34f5d7dcea Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:47:36 -0500
Subject: [PATCH 087/283] docs: update README paths from ~/.deepseek to
 ~/.codewhale
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Update all three READMEs (en, zh-CN, ja-JP) to use the canonical
~/.codewhale paths for config, skills, and Docker volume mounts, with
legacy ~/.deepseek noted as a compatibility fallback. The state-root
migration has been underway since v0.8.44 — the docs now reflect it.
---
 README.ja-JP.md | 12 ++++++------
 README.md       | 14 +++++++-------
 README.zh-CN.md | 18 +++++++++---------
 3 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/README.ja-JP.md b/README.ja-JP.md
index 813cefea..667aafb5 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -33,7 +33,7 @@ brew install deepseek-tui
 docker volume create codewhale-home
 docker run --rm -it \
   -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-  -v codewhale-home:/home/codewhale/.deepseek \
+  -v codewhale-home:/home/codewhale/.codewhale \
   -v "$PWD:/workspace" \
   -w /workspace \
   ghcr.io/hmbown/codewhale:latest
@@ -118,12 +118,12 @@ codewhale --model auto
 
 ビルド済みバイナリペアとプラットフォームアーカイブは **Linux x64**、**Linux ARM64**（v0.8.8 以降）、**macOS x64**、**macOS ARM64**、**Windows x64** 向けに公開されています。その他のターゲット（musl、riscv64、FreeBSD など）は [ソースからのインストール](#install-from-source) または [docs/INSTALL.md](docs/INSTALL.md) を参照してください。
 
-初回起動時に [DeepSeek API キー](https://platform.deepseek.com/api_keys) の入力を求められます。キーは `~/.deepseek/config.toml` に保存されるため、OS のクレデンシャルプロンプトなしに任意のディレクトリから利用できます。
+初回起動時に [DeepSeek API キー](https://platform.deepseek.com/api_keys) の入力を求められます。キーは `~/.codewhale/config.toml`（旧 `~/.deepseek/config.toml` も互換性維持）に保存されるため、OS のクレデンシャルプロンプトなしに任意のディレクトリから利用できます。
 
 事前に設定することもできます:
 
 ```bash
-codewhale auth set --provider deepseek   # ~/.deepseek/config.toml に保存
+codewhale auth set --provider deepseek   # ~/.codewhale/config.toml に保存
 
 export DEEPSEEK_API_KEY="YOUR_KEY"      # 環境変数による代替方法。非対話シェルでは ~/.zshenv を使用
 codewhale
@@ -308,7 +308,7 @@ codewhale update                                  # バイナリ更新の確認
 
 ## 設定
 
-ユーザー設定: `~/.deepseek/config.toml`。プロジェクトオーバーレイ: `<workspace>/.deepseek/config.toml`（拒否される項目: `api_key`、`base_url`、`provider`、`mcp_config_path`）。すべてのオプションは [config.example.toml](config.example.toml) にあります。
+ユーザー設定: `~/.codewhale/config.toml`（旧 `~/.deepseek/config.toml` も互換性維持）。プロジェクトオーバーレイ: `<workspace>/.codewhale/config.toml`（旧 `<workspace>/.deepseek/config.toml`）（拒否される項目: `api_key`、`base_url`、`provider`、`mcp_config_path`）。すべてのオプションは [config.example.toml](config.example.toml) にあります。
 
 主な環境変数:
 
@@ -359,10 +359,10 @@ UI のロケールはモデルの言語とは別です。`settings.toml` で `lo
 
 ## 自分のスキルを公開する
 
-codewhale はワークスペースのディレクトリ（`.agents/skills` → `skills` → `.opencode/skills` → `.claude/skills`）とグローバルな `~/.deepseek/skills` からスキルを発見します。各スキルは `SKILL.md` ファイルを持つディレクトリです:
+codewhale はワークスペースのディレクトリ（`.agents/skills` → `skills` → `.opencode/skills` → `.claude/skills`）とグローバルな `~/.codewhale/skills`（旧 `~/.deepseek/skills` も互換性維持）からスキルを発見します。各スキルは `SKILL.md` ファイルを持つディレクトリです:
 
 ```text
-~/.deepseek/skills/my-skill/
+~/.codewhale/skills/my-skill/
 └── SKILL.md
 ```
 
diff --git a/README.md b/README.md
index 334ae74f..5531f242 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,7 @@ brew install deepseek-tui
 docker volume create codewhale-home
 docker run --rm -it \
   -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-  -v codewhale-home:/home/codewhale/.deepseek \
+  -v codewhale-home:/home/codewhale/.codewhale \
   -v "$PWD:/workspace" \
   -w /workspace \
   ghcr.io/hmbown/codewhale:latest
@@ -176,12 +176,12 @@ codewhale --model auto
 
 Prebuilt binary pairs and platform archives are published for **Linux x64**, **Linux ARM64** (v0.8.8+), **macOS x64**, **macOS ARM64**, and **Windows x64**. For other targets (musl, riscv64, FreeBSD, etc.), see [Install from source](#install-from-source) or [docs/INSTALL.md](docs/INSTALL.md).
 
-On first launch you'll be prompted for your [DeepSeek API key](https://platform.deepseek.com/api_keys). The key is saved to `~/.deepseek/config.toml` so it works from any directory without OS credential prompts.
+On first launch you'll be prompted for your [DeepSeek API key](https://platform.deepseek.com/api_keys). The key is saved to `~/.codewhale/config.toml` (legacy `~/.deepseek/config.toml` also supported) so it works from any directory without OS credential prompts.
 
 You can also set it ahead of time:
 
 ```bash
-codewhale auth set --provider deepseek   # saves to ~/.deepseek/config.toml
+codewhale auth set --provider deepseek   # saves to ~/.codewhale/config.toml
 codewhale auth status                    # shows the active credential source
 
 export DEEPSEEK_API_KEY="YOUR_KEY"      # env var alternative; use ~/.zshenv for non-interactive shells
@@ -395,7 +395,7 @@ docker volume create codewhale-home
 
 docker run --rm -it \
   -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-  -v codewhale-home:/home/codewhale/.deepseek \
+  -v codewhale-home:/home/codewhale/.codewhale \
   -v "$PWD:/workspace" \
   -w /workspace \
   ghcr.io/hmbown/codewhale:latest
@@ -461,7 +461,7 @@ Full shortcut catalog: [docs/KEYBINDINGS.md](docs/KEYBINDINGS.md).
 
 ## Configuration
 
-User config: `~/.deepseek/config.toml`. Project overlay: `<workspace>/.deepseek/config.toml` (denied: `api_key`, `base_url`, `provider`, `mcp_config_path`). [config.example.toml](config.example.toml) has every option.
+User config: `~/.codewhale/config.toml` (legacy `~/.deepseek/config.toml` fallback). Project overlay: `<workspace>/.codewhale/config.toml` (legacy `<workspace>/.deepseek/config.toml`) (denied: `api_key`, `base_url`, `provider`, `mcp_config_path`). [config.example.toml](config.example.toml) has every option.
 
 Key environment variables:
 
@@ -514,7 +514,7 @@ Legacy aliases `deepseek-chat` / `deepseek-reasoner` map to `deepseek-v4-flash`
 
 ## Publishing Your Own Skill
 
-codewhale discovers skills from workspace directories (`.agents/skills` → `skills` → `.opencode/skills` → `.claude/skills` → `.cursor/skills`) and global directories (`~/.agents/skills` → `~/.claude/skills` → `~/.deepseek/skills`). Each skill is a directory with a `SKILL.md` file:
+codewhale discovers skills from workspace directories (`.agents/skills` → `skills` → `.opencode/skills` → `.claude/skills` → `.cursor/skills`) and global directories (`~/.agents/skills` → `~/.claude/skills` → `~/.codewhale/skills` → `~/.deepseek/skills`). Each skill is a directory with a `SKILL.md` file:
 
 ```text
 ~/.agents/skills/my-skill/
@@ -539,7 +539,7 @@ First launch also installs bundled system skills for common workflows:
 `skill-creator`, `delegate`, `v4-best-practices`, `plugin-creator`,
 `skill-installer`, `mcp-builder`, `documents`, `presentations`,
 `spreadsheets`, `pdf`, and `feishu`. These live under
-`~/.deepseek/skills` and are versioned so new bundles are added on upgrade
+`~/.codewhale/skills` (or legacy `~/.deepseek/skills`) and are versioned so new bundles are added on upgrade
 without recreating skills the user deliberately deleted.
 
 ---
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 314b5955..f079cc80 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -36,7 +36,7 @@ brew install deepseek-tui
 docker volume create codewhale-home
 docker run --rm -it \
   -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-  -v codewhale-home:/home/codewhale/.deepseek \
+  -v codewhale-home:/home/codewhale/.codewhale \
   -v "$PWD:/workspace" \
   -w /workspace \
   ghcr.io/hmbown/codewhale:latest
@@ -136,12 +136,12 @@ codewhale --model auto
 
 预构建二进制对和平台压缩包覆盖 **Linux x64**、**Linux ARM64**（v0.8.8 起）、**macOS x64**、**macOS ARM64** 和 **Windows x64**。其他目标平台（musl、riscv64、FreeBSD 等）请见下方的[从源码安装](#从源码安装)或 [docs/INSTALL.md](docs/INSTALL.md)。
 
-首次启动时会提示输入 [DeepSeek API key](https://platform.deepseek.com/api_keys)。密钥保存到 `~/.deepseek/config.toml`，在任意目录、IDE 终端和脚本中都能使用，不会触发系统密钥环弹窗。
+首次启动时会提示输入 [DeepSeek API key](https://platform.deepseek.com/api_keys)。密钥保存到 `~/.codewhale/config.toml`（同时兼容旧版 `~/.deepseek/config.toml`），在任意目录、IDE 终端和脚本中都能使用，不会触发系统密钥环弹窗。
 
 也可以提前配置：
 
 ```bash
-codewhale auth set --provider deepseek   # 保存到 ~/.deepseek/config.toml
+codewhale auth set --provider deepseek   # 保存到 ~/.codewhale/config.toml
 
 codewhale auth status                    # 显示当前活跃的凭证来源
 export DEEPSEEK_API_KEY="YOUR_KEY"      # 环境变量方式；需要在非交互式 shell 中使用请放入 ~/.zshenv
@@ -331,7 +331,7 @@ docker volume create codewhale-home
 
 docker run --rm -it \
   -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
-  -v codewhale-home:/home/codewhale/.deepseek \
+  -v codewhale-home:/home/codewhale/.codewhale \
   -v "$PWD:/workspace" \
   -w /workspace \
   ghcr.io/hmbown/codewhale:latest
@@ -389,7 +389,7 @@ DeepSeek 可作为自定义 Agent Client Protocol 服务器运行，供 Zed 等
 
 ## 配置
 
-用户配置：`~/.deepseek/config.toml`。项目覆盖：`<workspace>/.deepseek/config.toml`（以下密钥被拒绝：`api_key`、`base_url`、`provider`、`mcp_config_path`）。完整选项见 [config.example.toml](config.example.toml)。
+用户配置：`~/.codewhale/config.toml`（兼容旧版 `~/.deepseek/config.toml`）。项目覆盖：`<workspace>/.codewhale/config.toml`（兼容 `<workspace>/.deepseek/config.toml`）（以下密钥被拒绝：`api_key`、`base_url`、`provider`、`mcp_config_path`）。完整选项见 [config.example.toml](config.example.toml)。
 
 常用环境变量：
 
@@ -431,10 +431,10 @@ DeepSeek 可作为自定义 Agent Client Protocol 服务器运行，供 Zed 等
 
 可选语言：`auto` | `en` | `ja` | `zh-Hans` | `pt-BR`。
 
-也可以在 `~/.deepseek/config.toml` 里直接设置 `locale = "zh-Hans"`，或通过 `LC_ALL` / `LANG` 环境变量自动选择：
+也可以在 `~/.codewhale/config.toml` 里直接设置 `locale = "zh-Hans"`，或通过 `LC_ALL` / `LANG` 环境变量自动选择：
 
 ```toml
-# ~/.deepseek/config.toml
+# ~/.codewhale/config.toml
 [tui]
 locale = "zh-Hans"
 ```
@@ -463,10 +463,10 @@ LANG=zh_CN.UTF-8 codewhale run
 
 ## 创建和安装技能
 
-codewhale 从工作区目录（`.agents/skills` → `skills` → `.opencode/skills` → `.claude/skills`）和全局 `~/.deepseek/skills` 发现技能。每个技能是一个包含 `SKILL.md` 的目录：
+codewhale 从工作区目录（`.agents/skills` → `skills` → `.opencode/skills` → `.claude/skills`）和全局 `~/.codewhale/skills`（兼容旧版 `~/.deepseek/skills`）发现技能。每个技能是一个包含 `SKILL.md` 的目录：
 
 ```text
-~/.deepseek/skills/my-skill/
+~/.codewhale/skills/my-skill/
 └── SKILL.md
 ```
 

From f23f4244923afb4a530f9da49277e13ff61aad12 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:47:54 -0500
Subject: [PATCH 088/283] docs: update CHANGELOG for v0.8.47 session 2 work

Add entries for steer message ordering fix, state-root migration
progress, README path updates, and session save test fix.
---
 CHANGELOG.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ffd8207..291b80e3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,12 +20,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   line is emitted when AGENTS.md, CLAUDE.md, or another context file is
   successfully loaded into the system prompt, making it easier to verify
   which file was used during prompt assembly (#2227).
+- **State-root migration continues.** Snapshot directory resolution now
+  prefers `~/.codewhale/snapshots` with `~/.deepseek/snapshots` fallback.
+  Skill state storage migrated to `~/.codewhale/skills_state.toml`.
+  Added `resolve_project_state_dir` and `ensure_project_state_dir` to
+  `codewhale-config` for project-local `.codewhale/` vs `.deepseek/`
+  resolution (#2231).
+- **READMEs updated for the CodeWhale rename.** All three READMEs now
+  reference canonical `~/.codewhale` paths for config, skills, and Docker
+  volumes, with legacy `~/.deepseek` noted as a compatibility fallback.
 
 ### Fixed
 
 - **Deadlock when spawning multiple concurrent sub-agents.** Replaced
   `RwLock`-based serialisation with a `Semaphore(1)` in `ToolCallRuntime`,
   preventing re-entrant tool calls from deadlocking on the same lock (#1856).
+- **Steered/queued messages now render in correct transcript order.**
+  `steer_user_message` now flushes the active cell into history before
+  inserting the steer message, so the user's message appears after
+  (below) the thinking content that chronologically preceded it (#2225).
+- **Session save test updated for managed sessions directory.** The
+  `/save` command now writes to `~/.codewhale/sessions` (or legacy
+  `~/.deepseek/sessions`) instead of the workspace root. Test updated
+  to set `CODEWHALE_HOME` and pre-create the sessions directory (#2223).
 
 ### Community
 

From a1a7b5709ac949ed6cd9768d9b53efe6003e4b90 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 13:50:31 -0500
Subject: [PATCH 089/283] refactor: migrate more state paths to ~/.codewhale
 with legacy fallback

- Spillover directory (truncate.rs): prefer ~/.codewhale/tool_outputs
- Memory storage (capacity_memory.rs): prefer ~/.codewhale/memory
- Runtime logs (runtime_log.rs): prefer ~/.codewhale/logs
- Crash dumps (utils.rs): prefer ~/.codewhale/crashes
- Automations (automation_manager.rs): prefer ~/.codewhale/automations
- TUI settings (settings.rs): prefer ~/.codewhale/tui.toml

All paths fall back to the legacy ~/.deepseek location when the
canonical path doesn't exist, preserving compatibility for existing
installs.

Part of #2231.
---
 crates/tui/src/automation_manager.rs   | 11 +++++++++--
 crates/tui/src/core/capacity_memory.rs | 15 +++++++++++----
 crates/tui/src/runtime_log.rs          | 13 ++++++++++---
 crates/tui/src/settings.rs             |  4 ++++
 crates/tui/src/tools/truncate.rs       |  5 +++++
 crates/tui/src/utils.rs                | 12 +++++++++++-
 6 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/crates/tui/src/automation_manager.rs b/crates/tui/src/automation_manager.rs
index c98dc7e8..79bc8765 100644
--- a/crates/tui/src/automation_manager.rs
+++ b/crates/tui/src/automation_manager.rs
@@ -795,8 +795,15 @@ pub fn default_automations_dir() -> PathBuf {
         }
     }
     dirs::home_dir()
-        .map(|home| home.join(".deepseek").join("automations"))
-        .unwrap_or_else(|| PathBuf::from(".deepseek").join("automations"))
+        .map(|home| {
+            let primary = home.join(".codewhale").join("automations");
+            if primary.exists() {
+                primary
+            } else {
+                home.join(".deepseek").join("automations")
+            }
+        })
+        .unwrap_or_else(|| PathBuf::from(".codewhale").join("automations"))
 }
 
 pub type SharedAutomationManager = Arc<Mutex<AutomationManager>>;
diff --git a/crates/tui/src/core/capacity_memory.rs b/crates/tui/src/core/capacity_memory.rs
index f41bd48a..ab598512 100644
--- a/crates/tui/src/core/capacity_memory.rs
+++ b/crates/tui/src/core/capacity_memory.rs
@@ -56,14 +56,21 @@ fn capacity_memory_dirs() -> Vec<PathBuf> {
 
     let mut dirs = Vec::new();
     if let Some(home) = dirs::home_dir() {
+        // Prefer .codewhale, fall back to .deepseek
+        let primary = home.join(".codewhale").join("memory");
+        if primary.exists() {
+            dirs.push(primary);
+        }
         dirs.push(home.join(".deepseek").join("memory"));
     }
 
     let cwd = std::env::current_dir()
-        .unwrap_or_else(|_| PathBuf::from("."))
-        .join(".deepseek")
-        .join("memory");
-    dirs.push(cwd);
+        .unwrap_or_else(|_| PathBuf::from("."));
+    let primary_cwd = cwd.join(".codewhale").join("memory");
+    if primary_cwd.exists() {
+        dirs.push(primary_cwd);
+    }
+    dirs.push(cwd.join(".deepseek").join("memory"));
 
     dirs.dedup();
     dirs
diff --git a/crates/tui/src/runtime_log.rs b/crates/tui/src/runtime_log.rs
index 7fa0e8ca..48373d4b 100644
--- a/crates/tui/src/runtime_log.rs
+++ b/crates/tui/src/runtime_log.rs
@@ -157,17 +157,24 @@ pub fn init() -> Result<TuiLogGuard> {
 }
 
 fn log_directory() -> Option<PathBuf> {
+    let resolve = |base: PathBuf| -> Option<PathBuf> {
+        let primary = base.join(".codewhale").join("logs");
+        if primary.exists() {
+            return Some(primary);
+        }
+        Some(base.join(".deepseek").join("logs"))
+    };
     if let Some(home) = std::env::var_os("HOME").map(PathBuf::from)
         && !home.as_os_str().is_empty()
     {
-        return Some(home.join(".deepseek").join("logs"));
+        return resolve(home);
     }
     if let Some(userprofile) = std::env::var_os("USERPROFILE").map(PathBuf::from)
         && !userprofile.as_os_str().is_empty()
     {
-        return Some(userprofile.join(".deepseek").join("logs"));
+        return resolve(userprofile);
     }
-    dirs::home_dir().map(|h| h.join(".deepseek").join("logs"))
+    dirs::home_dir().and_then(|h| resolve(h))
 }
 
 fn log_file_name(date: &str, pid: u32) -> String {
diff --git a/crates/tui/src/settings.rs b/crates/tui/src/settings.rs
index 1a92ef2f..040ba88f 100644
--- a/crates/tui/src/settings.rs
+++ b/crates/tui/src/settings.rs
@@ -109,6 +109,10 @@ impl TuiPrefs {
 
         let home = dirs::home_dir()
             .context("Failed to resolve home directory: cannot determine tui.toml path.")?;
+        let primary = home.join(".codewhale").join("tui.toml");
+        if primary.exists() {
+            return Ok(primary);
+        }
         Ok(home.join(".deepseek").join("tui.toml"))
     }
 
diff --git a/crates/tui/src/tools/truncate.rs b/crates/tui/src/tools/truncate.rs
index e0cadcae..6c8d6e69 100644
--- a/crates/tui/src/tools/truncate.rs
+++ b/crates/tui/src/tools/truncate.rs
@@ -81,6 +81,11 @@ pub fn spillover_root() -> Option<PathBuf> {
         return Some(root);
     }
 
+    // Prefer .codewhale, fall back to .deepseek
+    let primary = dirs::home_dir()?.join(".codewhale").join(SPILLOVER_DIR_NAME);
+    if primary.exists() {
+        return Some(primary);
+    }
     Some(dirs::home_dir()?.join(".deepseek").join(SPILLOVER_DIR_NAME))
 }
 
diff --git a/crates/tui/src/utils.rs b/crates/tui/src/utils.rs
index a260e1d5..15c23199 100644
--- a/crates/tui/src/utils.rs
+++ b/crates/tui/src/utils.rs
@@ -259,7 +259,17 @@ fn write_panic_dump(
     let home = dirs::home_dir().ok_or_else(|| {
         std::io::Error::new(std::io::ErrorKind::NotFound, "home directory not found")
     })?;
-    let crash_dir = home.join(".deepseek").join("crashes");
+    // Prefer .codewhale, fall back to .deepseek
+    let crash_dir = home.join(".codewhale").join("crashes");
+    if !crash_dir.exists() {
+        // Try legacy path for reading, but prefer new for writing
+        let _ = std::fs::create_dir_all(&crash_dir);
+    }
+    let crash_dir = if crash_dir.exists() {
+        crash_dir
+    } else {
+        home.join(".deepseek").join("crashes")
+    };
     write_panic_dump_to(&crash_dir, name, location, message)
 }
 

From 4925be4ddaf51581daa044d8a3de9e467d7c611b Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 14:15:57 -0500
Subject: [PATCH 090/283] refactor: migrate handoff, notes, mcp, subagent,
 recall, anchors to .codewhale
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- HANDOFF_RELATIVE_PATH → .codewhale/handoff.md with .deepseek fallback
- load_handoff_block reads both paths, prefers .codewhale
- ToolContext notes_path and mcp_config_path use resolve_project_state_dir
- Sub-agent state path prefers .codewhale/state/
- Cycle archive (recall_archive) uses resolve_state_dir for sessions
- Compaction anchors path prefers .codewhale/anchors.md
- Updated marker constants and comments

Part of #2231.
---
 crates/tui/src/compaction.rs           |  8 +++++++-
 crates/tui/src/prompts.rs              | 17 ++++++++++++-----
 crates/tui/src/tools/recall_archive.rs |  9 ++++-----
 crates/tui/src/tools/spec.rs           |  5 +++--
 crates/tui/src/tools/subagent/mod.rs   |  5 +++++
 5 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/crates/tui/src/compaction.rs b/crates/tui/src/compaction.rs
index 460eb9e0..4048524d 100644
--- a/crates/tui/src/compaction.rs
+++ b/crates/tui/src/compaction.rs
@@ -1032,7 +1032,13 @@ fn read_workspace_anchors(workspace: Option<&Path>) -> Vec<String> {
         return Vec::new();
     };
 
-    let anchors_path = ws.join(".deepseek").join("anchors.md");
+    // Prefer .codewhale, fall back to .deepseek
+    let primary = ws.join(".codewhale").join("anchors.md");
+    let anchors_path = if primary.exists() {
+        primary
+    } else {
+        ws.join(".deepseek").join("anchors.md")
+    };
     let Ok(content) = std::fs::read_to_string(anchors_path) else {
         return Vec::new();
     };
diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index aa69f4f7..6a60ab33 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -53,7 +53,9 @@ impl Default for PromptSessionContext<'_> {
 /// A previous session writes it on exit / `/compact`; the next session reads
 /// it back on startup and prepends it to the system prompt so a fresh agent
 /// doesn't have to re-discover open blockers from scratch.
-pub const HANDOFF_RELATIVE_PATH: &str = ".deepseek/handoff.md";
+pub const HANDOFF_RELATIVE_PATH: &str = ".codewhale/handoff.md";
+/// Legacy handoff path for reading from existing installs.
+const LEGACY_HANDOFF_RELATIVE_PATH: &str = ".deepseek/handoff.md";
 
 /// Per-file size cap for `instructions = [...]` entries (#454). Mirrors
 /// the existing project-context cap in `project_context::load_context_file`
@@ -180,7 +182,12 @@ fn render_instructions_block(paths: &[PathBuf]) -> Option<String> {
 /// system-prompt block. Returns `None` when the file is absent or empty so
 /// callers can keep the default-uncluttered prompt for fresh workspaces.
 fn load_handoff_block(workspace: &Path) -> Option<String> {
-    let path = workspace.join(HANDOFF_RELATIVE_PATH);
+    let primary = workspace.join(HANDOFF_RELATIVE_PATH);
+    let path = if primary.exists() {
+        primary
+    } else {
+        workspace.join(LEGACY_HANDOFF_RELATIVE_PATH)
+    };
     let raw = std::fs::read_to_string(&path).ok()?;
     let trimmed = raw.trim();
     if trimmed.is_empty() {
@@ -373,7 +380,7 @@ pub const SUGGEST_APPROVAL: &str = include_str!("prompts/approvals/suggest.md");
 pub const NEVER_APPROVAL: &str = include_str!("prompts/approvals/never.md");
 
 /// Compaction relay template — written into the system prompt so the
-/// model knows the format to use when writing `.deepseek/handoff.md`.
+/// model knows the format to use when writing `.codewhale/handoff.md`.
 pub const COMPACT_TEMPLATE: &str = include_str!("prompts/compact.md");
 
 /// Memory hygiene guidance — appended to the system prompt only when the
@@ -741,7 +748,7 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
     }
 
     // 5. Compaction relay template — so the model knows the format to use
-    //    when writing `.deepseek/handoff.md` on exit / `/compact`.
+    //    when writing `.codewhale/handoff.md` on exit / `/compact`.
     full_prompt.push_str("\n\n");
     full_prompt.push_str(COMPACT_TEMPLATE);
 
@@ -832,7 +839,7 @@ mod tests {
 
     /// Discriminator unique to the injected relay block (not present in the
     /// agent prompt's own discussion of the convention).
-    const HANDOFF_BLOCK_MARKER: &str = "left a relay artifact at `.deepseek/handoff.md`";
+    const HANDOFF_BLOCK_MARKER: &str = "left a relay artifact at `.codewhale/handoff.md`";
 
     fn contains_cjk(text: &str) -> bool {
         text.chars().any(|ch| {
diff --git a/crates/tui/src/tools/recall_archive.rs b/crates/tui/src/tools/recall_archive.rs
index 380d11ad..6ec0b1a6 100644
--- a/crates/tui/src/tools/recall_archive.rs
+++ b/crates/tui/src/tools/recall_archive.rs
@@ -162,11 +162,10 @@ fn archive_root(session_id: &str) -> Result<PathBuf, std::io::Error> {
             "Could not resolve home directory for cycle archive root",
         )
     })?;
-    Ok(home
-        .join(".deepseek")
-        .join("sessions")
-        .join(session_id)
-        .join("cycles"))
+    // Use resolved sessions dir (prefers ~/.codewhale/sessions)
+    let sessions = codewhale_config::resolve_state_dir("sessions")
+        .unwrap_or_else(|_| home.join(".deepseek").join("sessions"));
+    Ok(sessions.join(session_id).join("cycles"))
 }
 
 /// Enumerate all archive files for a session, sorted by cycle number ascending.
diff --git a/crates/tui/src/tools/spec.rs b/crates/tui/src/tools/spec.rs
index f13c6516..af6c0ce0 100644
--- a/crates/tui/src/tools/spec.rs
+++ b/crates/tui/src/tools/spec.rs
@@ -183,8 +183,9 @@ impl ToolContext {
     pub fn new(workspace: impl Into<PathBuf>) -> Self {
         let workspace = workspace.into();
         let shell_manager = new_shared_shell_manager(workspace.clone());
-        let notes_path = workspace.join(".deepseek").join("notes.md");
-        let mcp_config_path = workspace.join(".deepseek").join("mcp.json");
+        // Prefer .codewhale, fall back to .deepseek for project-local state
+        let notes_path = codewhale_config::resolve_project_state_dir(&workspace, "notes.md").1;
+        let mcp_config_path = codewhale_config::resolve_project_state_dir(&workspace, "mcp.json").1;
         Self {
             workspace,
             shell_manager,
diff --git a/crates/tui/src/tools/subagent/mod.rs b/crates/tui/src/tools/subagent/mod.rs
index d50972ec..357aeec4 100644
--- a/crates/tui/src/tools/subagent/mod.rs
+++ b/crates/tui/src/tools/subagent/mod.rs
@@ -1845,6 +1845,11 @@ async fn subagent_session_projection(
 }
 
 fn default_state_path(workspace: &Path) -> PathBuf {
+    // Prefer .codewhale, fall back to .deepseek for project-local state
+    let primary = workspace.join(".codewhale").join("state");
+    if primary.exists() {
+        return primary.join(SUBAGENT_STATE_FILE);
+    }
     workspace
         .join(".deepseek")
         .join("state")

From 0706285bfebee76ba746150ef0edf313f7fae333 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 14:19:22 -0500
Subject: [PATCH 091/283] feat(update): add CNB mirror support for
 China-friendly binary downloads

- Add CODEWHALE_RELEASE_BASE_URL as canonical env override for release
  asset base URL (DEEPSEEK_TUI_RELEASE_BASE_URL and DEEPSEEK_RELEASE_BASE_URL
  remain as legacy fallbacks).
- Add CODEWHALE_USE_CNB_MIRROR env var to auto-select the CNB (cnb.cool)
  mirror for binary downloads, avoiding GitHub Releases timeouts in China.
- Update npm install scripts (artifacts.js) with the same env checks.
- Update Rust self-updater (update.rs) with new constants and env cascade.

Fixes #2222.
---
 crates/cli/src/update.rs           | 31 +++++++++++++++++++++++-------
 npm/codewhale/scripts/artifacts.js | 11 ++++++++++-
 2 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/crates/cli/src/update.rs b/crates/cli/src/update.rs
index 9205c899..5b1dce53 100644
--- a/crates/cli/src/update.rs
+++ b/crates/cli/src/update.rs
@@ -15,8 +15,12 @@ const CHECKSUM_MANIFEST_ASSET: &str = "codewhale-artifacts-sha256.txt";
 const LATEST_RELEASE_URL: &str = "https://api.github.com/repos/Hmbown/CodeWhale/releases/latest";
 const RELEASES_URL: &str = "https://api.github.com/repos/Hmbown/CodeWhale/releases?per_page=100";
 const CNB_REPO_URL: &str = "https://cnb.cool/codewhale.net/codewhale";
-const RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_TUI_RELEASE_BASE_URL";
-const LEGACY_RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_RELEASE_BASE_URL";
+const RELEASE_BASE_URL_ENV: &str = "CODEWHALE_RELEASE_BASE_URL";
+const LEGACY_RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_TUI_RELEASE_BASE_URL";
+const DEEPSEEK_RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_RELEASE_BASE_URL";
+const CNB_MIRROR_ENV: &str = "CODEWHALE_USE_CNB_MIRROR";
+/// Base URL for CNB binary release asset downloads (China-friendly mirror).
+const CNB_RELEASE_ASSET_BASE: &str = "https://cnb.cool/Hmbown/CodeWhale/-/releases";
 const UPDATE_VERSION_ENV: &str = "DEEPSEEK_TUI_VERSION";
 const LEGACY_UPDATE_VERSION_ENV: &str = "DEEPSEEK_VERSION";
 const UPDATE_USER_AGENT: &str = "codewhale-updater";
@@ -370,11 +374,24 @@ fn fetch_latest_release(channel: ReleaseChannel) -> Result<FetchedRelease> {
 }
 
 fn release_base_url_from_env() -> Option<String> {
-    std::env::var(RELEASE_BASE_URL_ENV)
-        .ok()
-        .or_else(|| std::env::var(LEGACY_RELEASE_BASE_URL_ENV).ok())
-        .map(|value| value.trim().to_string())
-        .filter(|value| !value.is_empty())
+    // Check canonical env first, then legacy envs
+    for env_name in [
+        RELEASE_BASE_URL_ENV,
+        LEGACY_RELEASE_BASE_URL_ENV,
+        DEEPSEEK_RELEASE_BASE_URL_ENV,
+    ] {
+        if let Ok(value) = std::env::var(env_name) {
+            let trimmed = value.trim().to_string();
+            if !trimmed.is_empty() {
+                return Some(trimmed);
+            }
+        }
+    }
+    // Auto-detect CNB mirror when CODEWHALE_USE_CNB_MIRROR is set
+    if std::env::var(CNB_MIRROR_ENV).is_ok() {
+        return Some(CNB_RELEASE_ASSET_BASE.to_string());
+    }
+    None
 }
 
 fn update_version_from_env() -> Option<String> {
diff --git a/npm/codewhale/scripts/artifacts.js b/npm/codewhale/scripts/artifacts.js
index 27117b0c..10645404 100644
--- a/npm/codewhale/scripts/artifacts.js
+++ b/npm/codewhale/scripts/artifacts.js
@@ -78,12 +78,21 @@ function executableName(base, platform) {
 }
 
 function releaseBaseUrl(version, repo = "Hmbown/CodeWhale") {
+  // CODEWHALE_RELEASE_BASE_URL is the canonical override.
+  // DEEPSEEK_TUI_RELEASE_BASE_URL / DEEPSEEK_RELEASE_BASE_URL are legacy aliases.
   const override =
-    process.env.DEEPSEEK_TUI_RELEASE_BASE_URL || process.env.DEEPSEEK_RELEASE_BASE_URL;
+    process.env.CODEWHALE_RELEASE_BASE_URL ||
+    process.env.DEEPSEEK_TUI_RELEASE_BASE_URL ||
+    process.env.DEEPSEEK_RELEASE_BASE_URL;
   if (override) {
     const trimmed = String(override).trim();
     return trimmed.endsWith("/") ? trimmed : `${trimmed}/`;
   }
+  // When CODEWHALE_USE_CNB_MIRROR is set, use the CNB (China-friendly)
+  // mirror that already builds and publishes binary release assets.
+  if (process.env.CODEWHALE_USE_CNB_MIRROR) {
+    return `https://cnb.cool/Hmbown/CodeWhale/-/releases/v${version}/`;
+  }
   return `https://github.com/${repo}/releases/download/v${version}/`;
 }
 

From 8ed4301d3581d0c4056bdfb8d94d3a4f897d2f71 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 14:19:53 -0500
Subject: [PATCH 092/283] docs: update CHANGELOG for CNB mirror and state-root
 migration

---
 CHANGELOG.md | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 291b80e3..5616eaa6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,12 +20,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   line is emitted when AGENTS.md, CLAUDE.md, or another context file is
   successfully loaded into the system prompt, making it easier to verify
   which file was used during prompt assembly (#2227).
-- **State-root migration continues.** Snapshot directory resolution now
-  prefers `~/.codewhale/snapshots` with `~/.deepseek/snapshots` fallback.
-  Skill state storage migrated to `~/.codewhale/skills_state.toml`.
-  Added `resolve_project_state_dir` and `ensure_project_state_dir` to
-  `codewhale-config` for project-local `.codewhale/` vs `.deepseek/`
-  resolution (#2231).
+- **CNB mirror support for China-friendly downloads.** Added
+  `CODEWHALE_RELEASE_BASE_URL` env var and `CODEWHALE_USE_CNB_MIRROR`
+  auto-detection to both the npm install scripts and Rust self-updater.
+  Users in China can set `CODEWHALE_USE_CNB_MIRROR=1` to download
+  binaries from cnb.cool instead of GitHub Releases (#2222).
+- **State-root migration continues.** Migrated these storage paths to
+  prefer `~/.codewhale` with `~/.deepseek` fallback: snapshots, skill
+  state, spillover, memory, logs, crashes, automations, TUI settings,
+  handoff, notes, MCP config, sub-agent state, cycle archives, and
+  anchors. Added `resolve_project_state_dir` and `ensure_project_state_dir`
+  to `codewhale-config` for project-local resolution (#2231).
 - **READMEs updated for the CodeWhale rename.** All three READMEs now
   reference canonical `~/.codewhale` paths for config, skills, and Docker
   volumes, with legacy `~/.deepseek` noted as a compatibility fallback.

From 236ad4137d88bb8a58a5c1341f030f4352645265 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 14:34:21 -0500
Subject: [PATCH 093/283] feat: harvest 6 community PRs for v0.8.47
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Harvested and vetted — no malware, no external deps, no injection:
- #1859 (@harvey2011888): loop guard now reports Failed on halt
- #1870 (@victorcheng2333): honour DEEPSEEK_YOLO env on startup
- #1935 (@IIzzaya): replace [x] with [✓] completion markers
- #1837 (@PurplePulse): fix macOS title centering (pin to top)
- #1967 (@cyq1017): show base_url in /config view
- #1906 (@knqiufan): copy transcript without visual-wrap newlines

Also fix cycle_manager archive_dir_for to use resolve_state_dir
so recall_archive tests pass with the migrated sessions path.

Co-authored-by: victorcheng2333 <victorcheng2333@users.noreply.github.com>
Co-authored-by: IIzzaya <IIzzaya@users.noreply.github.com>
Co-authored-by: PurplePulse <PurplePulse@users.noreply.github.com>
Co-authored-by: cyq1017 <cyq1017@users.noreply.github.com>
Co-authored-by: knqiufan <knqiufan@users.noreply.github.com>
---
 crates/tui/src/commands/config.rs         | 180 +++++++++++++++++++++-
 crates/tui/src/commands/mod.rs            |   8 +-
 crates/tui/src/commands/network.rs        |   6 +-
 crates/tui/src/commands/skills.rs         |   2 +-
 crates/tui/src/config_ui.rs               |   6 +-
 crates/tui/src/core/engine/turn_loop.rs   |   4 +-
 crates/tui/src/cycle_manager.rs           |  21 +--
 crates/tui/src/main.rs                    |  18 ++-
 crates/tui/src/settings.rs                |   4 +
 crates/tui/src/tui/history.rs             |  97 +++++++++++-
 crates/tui/src/tui/markdown_render.rs     | 155 +++++++++++++------
 crates/tui/src/tui/mouse_ui.rs            |  45 ++++--
 crates/tui/src/tui/onboarding/mod.rs      |   7 +-
 crates/tui/src/tui/scrolling.rs           |  28 ++++
 crates/tui/src/tui/sidebar.rs             |  20 +--
 crates/tui/src/tui/transcript.rs          |  33 +++-
 crates/tui/src/tui/ui/tests.rs            |  99 ++++++++++++
 crates/tui/src/tui/ui_text.rs             |  18 +++
 crates/tui/src/tui/views/mod.rs           |  38 +++++
 crates/tui/src/tui/views/status_picker.rs |   2 +-
 crates/tui/src/tui/widgets/mod.rs         |   3 +-
 docs/CONFIGURATION.md                     |   2 +-
 docs/MODES.md                             |   2 +-
 23 files changed, 691 insertions(+), 107 deletions(-)

diff --git a/crates/tui/src/commands/config.rs b/crates/tui/src/commands/config.rs
index 40ffe1dc..3496c826 100644
--- a/crates/tui/src/commands/config.rs
+++ b/crates/tui/src/commands/config.rs
@@ -5,7 +5,9 @@ use std::time::Duration;
 
 use super::CommandResult;
 use crate::client::DeepSeekClient;
-use crate::config::{COMMON_DEEPSEEK_MODELS, clear_api_key, normalize_model_name_for_provider};
+use crate::config::{
+    COMMON_DEEPSEEK_MODELS, Config, clear_api_key, expand_path, normalize_model_name_for_provider,
+};
 use crate::config_ui::{ConfigUiMode, parse_mode};
 use crate::llm_client::LlmClient;
 use crate::localization::resolve_locale;
@@ -122,6 +124,16 @@ fn show_single_setting(app: &App, key: &str) -> CommandResult {
             }
         }
         "approval_mode" | "approval" => Some(app.approval_mode.label().to_string()),
+        "base_url" => {
+            let config = match Config::load(app.config_path.clone(), app.config_profile.as_deref())
+            {
+                Ok(config) => config,
+                Err(err) => {
+                    return CommandResult::error(format!("Failed to load config: {err}"));
+                }
+            };
+            Some(config.deepseek_base_url())
+        }
         "locale" | "language" => Some(locale_display(app.ui_locale).to_string()),
         "theme" | "ui_theme" => {
             Some(crate::palette::theme_label_for_mode(app.ui_theme.mode).to_string())
@@ -284,7 +296,7 @@ pub fn persist_status_items(items: &[crate::config::StatusItem]) -> anyhow::Resu
     use anyhow::Context;
     use std::fs;
 
-    let path = config_toml_path()?;
+    let path = config_toml_path(None)?;
     if let Some(parent) = path.parent() {
         fs::create_dir_all(parent)
             .with_context(|| format!("failed to create config directory {}", parent.display()))?;
@@ -320,11 +332,15 @@ pub fn persist_status_items(items: &[crate::config::StatusItem]) -> anyhow::Resu
     Ok(path)
 }
 
-pub fn persist_root_string_key(key: &str, value: &str) -> anyhow::Result<PathBuf> {
+pub fn persist_root_string_key(
+    config_path: Option<&Path>,
+    key: &str,
+    value: &str,
+) -> anyhow::Result<PathBuf> {
     use anyhow::Context;
     use std::fs;
 
-    let path = config_toml_path()?;
+    let path = config_toml_path(config_path)?;
     if let Some(parent) = path.parent() {
         fs::create_dir_all(parent)
             .with_context(|| format!("failed to create config directory {}", parent.display()))?;
@@ -351,8 +367,11 @@ pub fn persist_root_string_key(key: &str, value: &str) -> anyhow::Result<PathBuf
 /// Resolve the path to `~/.deepseek/config.toml` (or
 /// `$DEEPSEEK_CONFIG_PATH`). Mirrors what `Config::load` accepts so we
 /// never write to a different file than the one we read.
-pub(super) fn config_toml_path() -> anyhow::Result<PathBuf> {
+pub(super) fn config_toml_path(config_path: Option<&Path>) -> anyhow::Result<PathBuf> {
     use anyhow::Context;
+    if let Some(path) = config_path {
+        return Ok(expand_path(path.to_string_lossy().as_ref()));
+    }
     if let Ok(env) = std::env::var("DEEPSEEK_CONFIG_PATH") {
         let trimmed = env.trim();
         if !trimmed.is_empty() {
@@ -417,7 +436,8 @@ pub fn set_config_value(app: &mut App, key: &str, value: &str, persist: bool) ->
             app.mcp_config_path = PathBuf::from(expand_tilde(value));
             app.mcp_restart_required = true;
             let message = if persist {
-                match persist_root_string_key("mcp_config_path", value) {
+                match persist_root_string_key(app.config_path.as_deref(), "mcp_config_path", value)
+                {
                     Ok(path) => format!(
                         "mcp_config_path = {} (saved to {}; restart required for MCP tool pool)",
                         app.mcp_config_path.display(),
@@ -433,6 +453,26 @@ pub fn set_config_value(app: &mut App, key: &str, value: &str, persist: bool) ->
             };
             return CommandResult::message(message);
         }
+        "base_url" => {
+            let value = value.trim();
+            if value.is_empty() {
+                return CommandResult::error("base_url cannot be empty");
+            }
+            if persist {
+                match persist_root_string_key(app.config_path.as_deref(), "base_url", value) {
+                    Ok(path) => {
+                        return CommandResult::message(format!(
+                            "base_url = {value} (saved to {})",
+                            path.display()
+                        ));
+                    }
+                    Err(err) => return CommandResult::error(format!("Failed to save: {err}")),
+                }
+            }
+            return CommandResult::error(format!(
+                "base_url must be saved with --save; client base URL is loaded from config on startup. Restart and re-open your session after saving."
+            ));
+        }
         _ => {}
     }
 
@@ -1750,6 +1790,134 @@ mod tests {
         assert!(saved.contains("cost_currency = \"cny\""));
     }
 
+    #[test]
+    fn config_command_base_url_save_persists_value() {
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "deepseek-tui-base-url-test-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root).unwrap();
+        let _guard = EnvGuard::new(&temp_root);
+
+        let mut app = create_test_app();
+        let result = config_command(
+            &mut app,
+            Some("base_url https://example.internal.local/v1 --save"),
+        );
+        let msg = result.message.unwrap();
+        let saved_path = config_toml_path(None).unwrap();
+        let saved = fs::read_to_string(&saved_path).unwrap();
+
+        assert_eq!(
+            msg,
+            format!(
+                "base_url = https://example.internal.local/v1 (saved to {})",
+                saved_path.display()
+            )
+        );
+        assert!(saved.contains("base_url = \"https://example.internal.local/v1\""));
+    }
+
+    #[test]
+    fn config_command_base_url_without_save_requires_save() {
+        let _lock = lock_test_env();
+        let mut app = create_test_app();
+        let result = config_command(&mut app, Some("base_url https://example.internal.local/v1"));
+        assert!(result.is_error);
+        let msg = result.message.unwrap();
+
+        assert!(
+            msg.contains("base_url must be saved with --save"),
+            "got {msg}"
+        );
+    }
+
+    #[test]
+    fn config_command_base_url_reads_current_value_from_config() {
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "deepseek-tui-base-url-show-test-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root).unwrap();
+        let _guard = EnvGuard::new(&temp_root);
+
+        let config_path = temp_root.join(".deepseek").join("config.toml");
+        fs::create_dir_all(config_path.parent().unwrap()).unwrap();
+        fs::write(
+            &config_path,
+            "base_url = \"https://api.from-config.local/v1\"\n",
+        )
+        .unwrap();
+
+        let mut app = create_test_app();
+        let result = config_command(&mut app, Some("base_url"));
+        let msg = result.message.unwrap();
+
+        assert_eq!(msg, "base_url = https://api.from-config.local/v1");
+    }
+
+    #[test]
+    fn config_command_base_url_reads_current_value_from_app_config_path() {
+        let temp_root = env::temp_dir().join(format!(
+            "deepseek-tui-base-url-app-config-path-test-{}",
+            std::process::id()
+        ));
+        fs::create_dir_all(&temp_root).unwrap();
+
+        let config_path = temp_root.join("custom-config.toml");
+        fs::write(
+            &config_path,
+            "base_url = \"https://api.from-app-path.local/v1\"\n",
+        )
+        .unwrap();
+
+        let mut app = create_test_app();
+        app.config_path = Some(config_path.clone());
+        let result = config_command(&mut app, Some("base_url"));
+        let msg = result.message.unwrap();
+
+        assert_eq!(msg, "base_url = https://api.from-app-path.local/v1");
+    }
+
+    #[test]
+    fn config_command_base_url_save_persists_to_app_config_path() {
+        let temp_root = env::temp_dir().join(format!(
+            "deepseek-tui-base-url-save-app-path-test-{}",
+            std::process::id()
+        ));
+        fs::create_dir_all(&temp_root).unwrap();
+
+        let config_path = temp_root.join("custom-config.toml");
+
+        let mut app = create_test_app();
+        app.config_path = Some(config_path.clone());
+        let result = config_command(
+            &mut app,
+            Some("base_url https://example.session.local/v1 --save"),
+        );
+        let msg = result.message.unwrap();
+        let saved = fs::read_to_string(&config_path).unwrap();
+
+        assert_eq!(
+            msg,
+            format!(
+                "base_url = https://example.session.local/v1 (saved to {})",
+                config_path.display()
+            )
+        );
+        assert!(saved.contains("base_url = \"https://example.session.local/v1\""));
+    }
+
     #[test]
     fn theme_command_accepts_grayscale_arg() {
         let nanos = SystemTime::now()
diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index b1e9f3dd..f21df395 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -702,8 +702,12 @@ pub fn persist_status_items(
 }
 
 /// Persist a root-level string key in `config.toml`.
-pub fn persist_root_string_key(key: &str, value: &str) -> anyhow::Result<std::path::PathBuf> {
-    config::persist_root_string_key(key, value)
+pub fn persist_root_string_key(
+    config_path: Option<&std::path::Path>,
+    key: &str,
+    value: &str,
+) -> anyhow::Result<std::path::PathBuf> {
+    config::persist_root_string_key(config_path, key, value)
 }
 
 pub fn switch_mode(app: &mut App, mode: crate::tui::app::AppMode) -> String {
diff --git a/crates/tui/src/commands/network.rs b/crates/tui/src/commands/network.rs
index 563ded91..dbe0e7af 100644
--- a/crates/tui/src/commands/network.rs
+++ b/crates/tui/src/commands/network.rs
@@ -70,7 +70,7 @@ enum NetworkEdit {
 }
 
 fn list_policy() -> anyhow::Result<String> {
-    let path = super::config::config_toml_path()?;
+    let path = super::config::config_toml_path(None)?;
     let doc = load_config_doc(&path)?;
     let network = doc.get("network").and_then(Value::as_table);
     let default = network
@@ -97,7 +97,7 @@ fn list_policy() -> anyhow::Result<String> {
 }
 
 fn update_host(edit: NetworkEdit, host: &str) -> anyhow::Result<String> {
-    let path = super::config::config_toml_path()?;
+    let path = super::config::config_toml_path(None)?;
     let mut doc = load_config_doc(&path)?;
     let network = network_table_mut(&mut doc)?;
 
@@ -136,7 +136,7 @@ fn update_default(value: &str) -> anyhow::Result<String> {
         _ => bail!("Usage: /network default <allow|deny|prompt>"),
     };
 
-    let path = super::config::config_toml_path()?;
+    let path = super::config::config_toml_path(None)?;
     let mut doc = load_config_doc(&path)?;
     let network = network_table_mut(&mut doc)?;
     network.insert("default".to_string(), Value::String(normalized.to_string()));
diff --git a/crates/tui/src/commands/skills.rs b/crates/tui/src/commands/skills.rs
index b1823d5f..9dc7fbf7 100644
--- a/crates/tui/src/commands/skills.rs
+++ b/crates/tui/src/commands/skills.rs
@@ -441,7 +441,7 @@ fn sync_skills(app: &mut App) -> CommandResult {
                     }
                     SkillSyncOutcome::Denied { name, host } => {
                         failed += 1;
-                        let _ = writeln!(out, "  [x] {name} — network denied ({host})");
+                        let _ = writeln!(out, "  [✓] {name} — network denied ({host})");
                     }
                     SkillSyncOutcome::NeedsApproval { name, host } => {
                         failed += 1;
diff --git a/crates/tui/src/config_ui.rs b/crates/tui/src/config_ui.rs
index 7f3b5801..9cf8ecd2 100644
--- a/crates/tui/src/config_ui.rs
+++ b/crates/tui/src/config_ui.rs
@@ -687,7 +687,11 @@ fn apply_reasoning_effort(
     app.last_effective_reasoning_effort = None;
     app.update_model_compaction_budget();
     if persist {
-        commands::persist_root_string_key("reasoning_effort", effort.as_setting())?;
+        commands::persist_root_string_key(
+            app.config_path.as_deref(),
+            "reasoning_effort",
+            effort.as_setting(),
+        )?;
     }
     config.reasoning_effort = Some(effort.as_setting().to_string());
     Ok(())
diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index 1a1a9104..0a3402b8 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -1944,7 +1944,9 @@ impl Engine {
 
             if let Some(message) = loop_guard_halt {
                 crate::logging::warn(message.clone());
-                let _ = self.tx_event.send(Event::status(message)).await;
+                let _ = self.tx_event.send(Event::status(message.clone())).await;
+                // 设置 turn_error 以确保最终返回 TurnOutcomeStatus::Failed 而非 Completed
+                turn_error = Some(message);
                 break;
             }
 
diff --git a/crates/tui/src/cycle_manager.rs b/crates/tui/src/cycle_manager.rs
index cfbe2a17..6817811e 100644
--- a/crates/tui/src/cycle_manager.rs
+++ b/crates/tui/src/cycle_manager.rs
@@ -284,7 +284,7 @@ impl StructuredState {
                 let marker = match item.status {
                     crate::tools::todo::TodoStatus::Pending => "[ ]",
                     crate::tools::todo::TodoStatus::InProgress => "[~]",
-                    crate::tools::todo::TodoStatus::Completed => "[x]",
+                    crate::tools::todo::TodoStatus::Completed => "[✓]",
                 };
                 out.push_str(&format!("- {marker} {}\n", item.content));
             }
@@ -299,7 +299,7 @@ impl StructuredState {
                 let marker = match item.status {
                     crate::tools::plan::StepStatus::Pending => "[ ]",
                     crate::tools::plan::StepStatus::InProgress => "[~]",
-                    crate::tools::plan::StepStatus::Completed => "[x]",
+                    crate::tools::plan::StepStatus::Completed => "[✓]",
                 };
                 out.push_str(&format!("- {marker} {}\n", item.step));
             }
@@ -463,14 +463,17 @@ pub struct CycleArchiveHeader {
     pub message_count: usize,
 }
 
-/// Resolve the on-disk archive directory: `~/.deepseek/sessions/<id>/cycles`.
+/// Resolve the on-disk archive directory: `~/.codewhale/sessions/<id>/cycles`
+/// (or legacy `~/.deepseek/sessions/<id>/cycles`).
 fn archive_dir_for(session_id: &str) -> Result<PathBuf> {
-    let home = dirs::home_dir().context("Could not resolve home directory for cycle archive")?;
-    Ok(home
-        .join(".deepseek")
-        .join("sessions")
-        .join(session_id)
-        .join("cycles"))
+    let sessions = codewhale_config::resolve_state_dir("sessions")
+        .unwrap_or_else(|_| {
+            dirs::home_dir()
+                .unwrap_or_else(|| PathBuf::from("."))
+                .join(".deepseek")
+                .join("sessions")
+        });
+    Ok(sessions.join(session_id).join("cycles"))
 }
 
 /// Archive a cycle's messages to JSONL on disk and return the path written.
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 473484dc..56c1a8ae 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -839,8 +839,12 @@ async fn main() -> Result<()> {
                     std::env::current_dir().unwrap_or_else(|_| PathBuf::from("."))
                 });
                 let resume_session_id = resolve_exec_resume_session_id(&args, &workspace)?;
+                // The `deepseek` launcher forwards `--yolo` to this binary via
+                // the DEEPSEEK_YOLO env var (which the config loader folds into
+                // `config.yolo`), not as a CLI flag. Honour either source.
+                let yolo = cli.yolo || config.yolo.unwrap_or(false);
                 let needs_engine = args.auto
-                    || cli.yolo
+                    || yolo
                     || resume_session_id.is_some()
                     || args.output_format == ExecOutputFormat::StreamJson;
                 if needs_engine {
@@ -848,7 +852,7 @@ async fn main() -> Result<()> {
                         || config.max_subagents(),
                         |value| value.clamp(1, MAX_SUBAGENTS),
                     );
-                    let auto_mode = args.auto || cli.yolo;
+                    let auto_mode = args.auto || yolo;
                     run_exec_agent(
                         &config,
                         &model,
@@ -4869,6 +4873,10 @@ async fn run_interactive(
         let _ = manager.cleanup_old_sessions();
     }
 
+    // The `deepseek` launcher forwards `--yolo` to this binary via the
+    // DEEPSEEK_YOLO env var (config.yolo), not as a CLI flag. Honour either.
+    let yolo = cli.yolo || config.yolo.unwrap_or(false);
+
     tui::run_tui(
         config,
         tui::TuiOptions {
@@ -4876,7 +4884,7 @@ async fn run_interactive(
             workspace,
             config_path: cli.config.clone(),
             config_profile: cli.profile.clone(),
-            allow_shell: cli.yolo || config.allow_shell(),
+            allow_shell: yolo || config.allow_shell(),
             use_alt_screen,
             use_mouse_capture,
             use_bracketed_paste,
@@ -4885,9 +4893,9 @@ async fn run_interactive(
             notes_path: config.notes_path(),
             mcp_config_path: config.mcp_config_path(),
             use_memory: config.memory_enabled(),
-            start_in_agent_mode: cli.yolo,
+            start_in_agent_mode: yolo,
             skip_onboarding: cli.skip_onboarding,
-            yolo: cli.yolo, // YOLO mode auto-approves all tool executions
+            yolo, // YOLO mode auto-approves all tool executions
             resume_session_id,
             initial_input,
             max_subagents,
diff --git a/crates/tui/src/settings.rs b/crates/tui/src/settings.rs
index 040ba88f..f4520af8 100644
--- a/crates/tui/src/settings.rs
+++ b/crates/tui/src/settings.rs
@@ -770,6 +770,10 @@ impl Settings {
             ),
             ("show_thinking", "Show model thinking: on/off"),
             ("show_tool_details", "Show detailed tool output: on/off"),
+            (
+                "base_url",
+                "HTTP base URL for DeepSeek-compatible endpoints.",
+            ),
             (
                 "locale",
                 "UI locale and default model language: auto, en, ja, zh-Hans, pt-BR, es-419",
diff --git a/crates/tui/src/tui/history.rs b/crates/tui/src/tui/history.rs
index 90a07b9e..f2ce686e 100644
--- a/crates/tui/src/tui/history.rs
+++ b/crates/tui/src/tui/history.rs
@@ -15,6 +15,7 @@ use crate::tools::review::ReviewOutput;
 use crate::tui::app::TranscriptSpacing;
 use crate::tui::diff_render;
 use crate::tui::markdown_render;
+use crate::tui::ui_text::CopyLineSeparator;
 
 // === Constants ===
 
@@ -158,6 +159,12 @@ pub struct TranscriptRenderOptions {
     pub spacing: TranscriptSpacing,
 }
 
+pub(crate) struct RenderedTranscriptLine {
+    pub line: Line<'static>,
+    pub copy_prefix_width: usize,
+    pub copy_separator_after: CopyLineSeparator,
+}
+
 impl Default for TranscriptRenderOptions {
     fn default() -> Self {
         Self {
@@ -296,6 +303,39 @@ impl HistoryCell {
         }
     }
 
+    pub(crate) fn lines_with_copy_metadata(
+        &self,
+        width: u16,
+        options: TranscriptRenderOptions,
+    ) -> Vec<RenderedTranscriptLine> {
+        match self {
+            HistoryCell::User { content } => render_message_with_copy_metadata(
+                USER_GLYPH,
+                user_label_style(),
+                user_body_style(),
+                content,
+                width,
+            ),
+            HistoryCell::Assistant { content, streaming } => render_message_with_copy_metadata(
+                ASSISTANT_GLYPH,
+                assistant_label_style_for(*streaming, options.low_motion),
+                message_body_style(),
+                content,
+                width,
+            ),
+            HistoryCell::System { content } if !is_cycle_boundary(content) => {
+                render_message_with_copy_metadata(
+                    "Note",
+                    system_label_style(),
+                    system_body_style(),
+                    content,
+                    width,
+                )
+            }
+            _ => hard_break_copy_lines(self.lines_with_options(width, options)),
+        }
+    }
+
     /// Render the cell in transcript mode: full content, no caps, no
     /// "Alt+V for details" affordances.
     ///
@@ -2193,6 +2233,19 @@ fn render_message(
     content: &str,
     width: u16,
 ) -> Vec<Line<'static>> {
+    render_message_with_copy_metadata(prefix, label_style, body_style, content, width)
+        .into_iter()
+        .map(|rendered| rendered.line)
+        .collect()
+}
+
+fn render_message_with_copy_metadata(
+    prefix: &str,
+    label_style: Style,
+    body_style: Style,
+    content: &str,
+    width: u16,
+) -> Vec<RenderedTranscriptLine> {
     let prefix_width = UnicodeWidthStr::width(prefix);
     let prefix_width_u16 = u16::try_from(prefix_width.saturating_add(2)).unwrap_or(u16::MAX);
     let content_width = usize::from(width.saturating_sub(prefix_width_u16).max(1));
@@ -2200,7 +2253,7 @@ fn render_message(
     let rendered =
         markdown_render::render_markdown_tagged(content, content_width as u16, body_style);
     for (idx, rendered_line) in rendered.into_iter().enumerate() {
-        if idx == 0 {
+        let line = if idx == 0 {
             let mut spans = Vec::new();
             if !prefix.is_empty() {
                 spans.push(Span::styled(
@@ -2210,7 +2263,7 @@ fn render_message(
                 spans.push(Span::raw(" "));
             }
             spans.extend(rendered_line.line.spans);
-            lines.push(Line::from(spans));
+            Line::from(spans)
         } else {
             let indent = if prefix.is_empty() {
                 String::new()
@@ -2225,15 +2278,49 @@ fn render_message(
             let rail_style = Style::default().fg(palette::TEXT_DIM);
             let mut spans = vec![Span::styled(indent, rail_style)];
             spans.extend(rendered_line.line.spans);
-            lines.push(Line::from(spans));
-        }
+            Line::from(spans)
+        };
+        lines.push(RenderedTranscriptLine {
+            line,
+            copy_prefix_width: rendered_line.copy_prefix_width
+                + history_copy_prefix_width(prefix, prefix_width, rendered_line.is_code, idx),
+            copy_separator_after: rendered_line.copy_separator_after,
+        });
     }
     if lines.is_empty() {
-        lines.push(Line::from(""));
+        lines.push(RenderedTranscriptLine {
+            line: Line::from(""),
+            copy_prefix_width: 0,
+            copy_separator_after: CopyLineSeparator::Newline,
+        });
     }
     lines
 }
 
+fn history_copy_prefix_width(
+    prefix: &str,
+    prefix_width: usize,
+    is_code: bool,
+    line_index: usize,
+) -> usize {
+    if line_index > 0 && is_code && !prefix.is_empty() {
+        prefix_width + 1
+    } else {
+        0
+    }
+}
+
+fn hard_break_copy_lines(lines: Vec<Line<'static>>) -> Vec<RenderedTranscriptLine> {
+    lines
+        .into_iter()
+        .map(|line| RenderedTranscriptLine {
+            line,
+            copy_prefix_width: 0,
+            copy_separator_after: CopyLineSeparator::Newline,
+        })
+        .collect()
+}
+
 /// Render a plain-text user message: split on newlines, word-wrap each line,
 /// preserve leading whitespace. No markdown interpretation (headings, lists,
 /// code blocks, etc. are rendered as literal text).
diff --git a/crates/tui/src/tui/markdown_render.rs b/crates/tui/src/tui/markdown_render.rs
index e9c92e3a..0d645510 100644
--- a/crates/tui/src/tui/markdown_render.rs
+++ b/crates/tui/src/tui/markdown_render.rs
@@ -33,6 +33,7 @@ use unicode_width::{UnicodeWidthChar, UnicodeWidthStr};
 
 use crate::palette;
 use crate::tui::osc8;
+use crate::tui::ui_text::CopyLineSeparator;
 
 // Thread-local counter incremented every time `parse` runs. Used by tests to
 // prove that width-only changes hit the cached-AST path and skip parsing.
@@ -101,6 +102,8 @@ pub struct ParsedMarkdown {
 pub struct RenderedMarkdownLine {
     pub line: Line<'static>,
     pub is_code: bool,
+    pub copy_prefix_width: usize,
+    pub copy_separator_after: CopyLineSeparator,
 }
 
 /// Parse markdown source into a width-independent block AST.
@@ -227,6 +230,8 @@ pub fn render_parsed_tagged(
                     .map(|line| RenderedMarkdownLine {
                         line,
                         is_code: false,
+                        copy_prefix_width: 0,
+                        copy_separator_after: CopyLineSeparator::Newline,
                     }),
             );
             continue;
@@ -246,6 +251,8 @@ pub fn render_parsed_tagged(
                         Style::default().fg(palette::TEXT_DIM),
                     )),
                     is_code: false,
+                    copy_prefix_width: 0,
+                    copy_separator_after: CopyLineSeparator::Newline,
                 });
             }
             Block::HorizontalRule => {
@@ -255,18 +262,19 @@ pub fn render_parsed_tagged(
                         Style::default().fg(palette::TEXT_DIM),
                     )),
                     is_code: false,
+                    copy_prefix_width: 0,
+                    copy_separator_after: CopyLineSeparator::Newline,
                 });
             }
             Block::ListItem { bullet, text } => {
                 let bullet_style = Style::default().fg(palette::DEEPSEEK_SKY);
-                out.extend(
-                    render_list_line(bullet, text, width, bullet_style, base_style)
-                        .into_iter()
-                        .map(|line| RenderedMarkdownLine {
-                            line,
-                            is_code: false,
-                        }),
-                );
+                out.extend(render_list_line_tagged(
+                    bullet,
+                    text,
+                    width,
+                    bullet_style,
+                    base_style,
+                ));
             }
             Block::Code { line } => {
                 let code_style = Style::default()
@@ -280,19 +288,16 @@ pub fn render_parsed_tagged(
                 let link_style = Style::default()
                     .fg(palette::DEEPSEEK_BLUE)
                     .add_modifier(Modifier::UNDERLINED);
-                out.extend(
-                    render_line_with_links(text, width, base_style, link_style)
-                        .into_iter()
-                        .map(|line| RenderedMarkdownLine {
-                            line,
-                            is_code: false,
-                        }),
-                );
+                out.extend(render_line_with_links_tagged(
+                    text, width, base_style, link_style,
+                ));
             }
             Block::Blank => {
                 out.push(RenderedMarkdownLine {
                     line: Line::from(""),
                     is_code: false,
+                    copy_prefix_width: 0,
+                    copy_separator_after: CopyLineSeparator::Newline,
                 });
             }
             Block::TableRow(_) | Block::TableSeparator => unreachable!(),
@@ -304,6 +309,8 @@ pub fn render_parsed_tagged(
         out.push(RenderedMarkdownLine {
             line: Line::from(""),
             is_code: false,
+            copy_prefix_width: 0,
+            copy_separator_after: CopyLineSeparator::Newline,
         });
     }
 
@@ -484,6 +491,7 @@ fn render_wrapped_line_tagged(
     };
     let mut out = Vec::new();
 
+    let last_index = wrapped.len().saturating_sub(1);
     for (idx, chunk) in wrapped.into_iter().enumerate() {
         let line = if idx == 0 {
             Line::from(vec![Span::raw(prefix), Span::styled(chunk, style)])
@@ -493,47 +501,87 @@ fn render_wrapped_line_tagged(
                 Span::styled(chunk, style),
             ])
         };
-        out.push(RenderedMarkdownLine { line, is_code });
+        let copy_separator_after = if idx == last_index {
+            CopyLineSeparator::Newline
+        } else if is_code {
+            CopyLineSeparator::None
+        } else {
+            CopyLineSeparator::Space
+        };
+        out.push(RenderedMarkdownLine {
+            line,
+            is_code,
+            copy_prefix_width: if indent_code { prefix_width } else { 0 },
+            copy_separator_after,
+        });
     }
 
     out
 }
 
-fn render_list_line(
+fn render_list_line_tagged(
     bullet: &str,
     text: &str,
     width: usize,
     bullet_style: Style,
     text_style: Style,
-) -> Vec<Line<'static>> {
+) -> Vec<RenderedMarkdownLine> {
     let bullet_prefix = format!("{bullet} ");
     let bullet_width = bullet_prefix.width();
     let available = width.saturating_sub(bullet_width).max(1);
-    let wrapped = render_line_with_links(text, available, text_style, link_style());
+    let wrapped = render_line_with_links_tagged(text, available, text_style, link_style());
 
     let mut out = Vec::new();
-    for (idx, line) in wrapped.into_iter().enumerate() {
+    for (idx, rendered) in wrapped.into_iter().enumerate() {
         if idx == 0 {
             let mut spans = vec![Span::styled(bullet_prefix.clone(), bullet_style)];
-            spans.extend(line.spans);
-            out.push(Line::from(spans));
+            spans.extend(rendered.line.spans);
+            out.push(RenderedMarkdownLine {
+                line: Line::from(spans),
+                is_code: false,
+                copy_prefix_width: 0,
+                copy_separator_after: rendered.copy_separator_after,
+            });
         } else {
             let mut spans = vec![Span::raw(" ".repeat(bullet_width))];
-            spans.extend(line.spans);
-            out.push(Line::from(spans));
+            spans.extend(rendered.line.spans);
+            out.push(RenderedMarkdownLine {
+                line: Line::from(spans),
+                is_code: false,
+                copy_prefix_width: bullet_width,
+                copy_separator_after: rendered.copy_separator_after,
+            });
         }
     }
     out
 }
 
+#[cfg(test)]
 fn render_line_with_links(
     line: &str,
     width: usize,
     base_style: Style,
     link_style: Style,
 ) -> Vec<Line<'static>> {
+    render_line_with_links_tagged(line, width, base_style, link_style)
+        .into_iter()
+        .map(|rendered| rendered.line)
+        .collect()
+}
+
+fn render_line_with_links_tagged(
+    line: &str,
+    width: usize,
+    base_style: Style,
+    link_style: Style,
+) -> Vec<RenderedMarkdownLine> {
     if line.trim().is_empty() {
-        return vec![Line::from("")];
+        return vec![RenderedMarkdownLine {
+            line: Line::from(""),
+            is_code: false,
+            copy_prefix_width: 0,
+            copy_separator_after: CopyLineSeparator::Newline,
+        }];
     }
 
     // Flatten inline tokens into (word, style) pairs preserving inter-token spaces.
@@ -558,8 +606,8 @@ fn render_line_with_links(
         }
     }
 
-    let mut lines = Vec::new();
-    let mut current_spans: Vec<Span> = Vec::new();
+    let mut lines: Vec<RenderedMarkdownLine> = Vec::new();
+    let mut current_spans: Vec<Span<'static>> = Vec::new();
     let mut current_width = 0usize;
 
     for word in words {
@@ -581,12 +629,7 @@ fn render_line_with_links(
         if ww > width && width > 0 {
             // Flush the in-progress line first.
             if !current_spans.is_empty() {
-                if let Some(last) = current_spans.last()
-                    && last.content.as_ref() == " "
-                {
-                    current_spans.pop();
-                }
-                lines.push(Line::from(std::mem::take(&mut current_spans)));
+                push_inline_line(&mut lines, &mut current_spans, CopyLineSeparator::Space);
                 current_width = 0;
             }
             // Char-break the word into width-sized chunks. Each full chunk
@@ -597,7 +640,12 @@ fn render_line_with_links(
             for ch in word.text.chars() {
                 let cw = ch.width().unwrap_or(1);
                 if chunk_w + cw > width && chunk_w > 0 {
-                    lines.push(Line::from(vec![word.span_for(std::mem::take(&mut chunk))]));
+                    lines.push(RenderedMarkdownLine {
+                        line: Line::from(vec![word.span_for(std::mem::take(&mut chunk))]),
+                        is_code: false,
+                        copy_prefix_width: 0,
+                        copy_separator_after: CopyLineSeparator::None,
+                    });
                     chunk_w = 0;
                 }
                 chunk.push(ch);
@@ -612,13 +660,7 @@ fn render_line_with_links(
         // Wrap before this word if it doesn't fit.
         if current_width > 0 && current_width + ww > width {
             // Trim trailing space span before breaking.
-            if let Some(last) = current_spans.last()
-                && last.content.as_ref() == " "
-            {
-                current_spans.pop();
-            }
-            lines.push(Line::from(current_spans));
-            current_spans = Vec::new();
+            push_inline_line(&mut lines, &mut current_spans, CopyLineSeparator::Space);
             current_width = 0;
         }
         current_spans.push(word.into_span());
@@ -626,14 +668,39 @@ fn render_line_with_links(
     }
 
     if !current_spans.is_empty() {
-        lines.push(Line::from(current_spans));
+        push_inline_line(&mut lines, &mut current_spans, CopyLineSeparator::Newline);
+    } else if let Some(last) = lines.last_mut() {
+        last.copy_separator_after = CopyLineSeparator::Newline;
     }
     if lines.is_empty() {
-        lines.push(Line::from(""));
+        lines.push(RenderedMarkdownLine {
+            line: Line::from(""),
+            is_code: false,
+            copy_prefix_width: 0,
+            copy_separator_after: CopyLineSeparator::Newline,
+        });
     }
     lines
 }
 
+fn push_inline_line(
+    lines: &mut Vec<RenderedMarkdownLine>,
+    spans: &mut Vec<Span<'static>>,
+    copy_separator_after: CopyLineSeparator,
+) {
+    if let Some(last) = spans.last()
+        && last.content.as_ref() == " "
+    {
+        spans.pop();
+    }
+    lines.push(RenderedMarkdownLine {
+        line: Line::from(std::mem::take(spans)),
+        is_code: false,
+        copy_prefix_width: 0,
+        copy_separator_after,
+    });
+}
+
 #[derive(Clone)]
 struct InlineToken {
     text: String,
diff --git a/crates/tui/src/tui/mouse_ui.rs b/crates/tui/src/tui/mouse_ui.rs
index 47e323a7..92278bb6 100644
--- a/crates/tui/src/tui/mouse_ui.rs
+++ b/crates/tui/src/tui/mouse_ui.rs
@@ -744,9 +744,14 @@ pub(crate) fn selection_to_text(app: &App) -> Option<String> {
     let end_index = end.line_index.min(lines.len().saturating_sub(1));
     let start_index = start.line_index.min(end_index);
 
-    let mut selected_lines = Vec::new();
+    let line_meta = app.viewport.transcript_cache.line_meta();
+    let mut selected = String::new();
+    let mut separator_before = None;
     #[allow(clippy::needless_range_loop)]
     for line_index in start_index..=end_index {
+        if let Some(separator) = separator_before {
+            selected.push_str(separator);
+        }
         // Rail-prefix decorations are stored as cache metadata rather than
         // detected from glyphs, so new decoration types are covered without
         // changes to the copy path (#1163).
@@ -755,30 +760,50 @@ pub(crate) fn selection_to_text(app: &App) -> Option<String> {
         // slice off the rail prefix so subsequent column offsets operate
         // on content-only text.
         let full_text = line_to_plain(&lines[line_index]);
-        let line_text = if rail_width > 0 {
+        let line_after_rail = if rail_width > 0 {
             slice_text(&full_text, rail_width, text_display_width(&full_text))
         } else {
             full_text
         };
+        let line_after_rail_width = text_display_width(&line_after_rail);
+        let copy_prefix_width = line_meta
+            .get(line_index)
+            .map(|meta| meta.copy_prefix_width())
+            .unwrap_or(0)
+            .min(line_after_rail_width);
+        let line_text = if copy_prefix_width > 0 {
+            slice_text(&line_after_rail, copy_prefix_width, line_after_rail_width)
+        } else {
+            line_after_rail
+        };
         let line_width = text_display_width(&line_text);
+        let visual_prefix_width = rail_width.saturating_add(copy_prefix_width);
         // Selection coordinates are recorded in rendered-column space, which
-        // includes the visual rail prefix. Add rail_width back so the column
-        // window maps correctly into the rail-stripped text.
+        // includes visual prefixes. Add them back so the column window maps
+        // correctly into copy-only text.
         let (raw_col_start, raw_col_end) = if start_index == end_index {
             (start.column, end.column)
         } else if line_index == start_index {
-            (start.column, line_width.saturating_add(rail_width))
+            (start.column, line_width.saturating_add(visual_prefix_width))
         } else if line_index == end_index {
             (0, end.column)
         } else {
-            (0, line_width.saturating_add(rail_width))
+            (0, line_width.saturating_add(visual_prefix_width))
         };
 
-        let col_start = raw_col_start.saturating_sub(rail_width).min(line_width);
-        let col_end = raw_col_end.saturating_sub(rail_width).min(line_width);
+        let col_start = raw_col_start
+            .saturating_sub(visual_prefix_width)
+            .min(line_width);
+        let col_end = raw_col_end
+            .saturating_sub(visual_prefix_width)
+            .min(line_width);
 
         let slice = slice_text(&line_text, col_start, col_end);
-        selected_lines.push(slice);
+        selected.push_str(&slice);
+        separator_before = line_meta
+            .get(line_index)
+            .map(|meta| meta.copy_separator_after().as_str())
+            .or(Some("\n"));
     }
-    Some(selected_lines.join("\n"))
+    Some(selected)
 }
diff --git a/crates/tui/src/tui/onboarding/mod.rs b/crates/tui/src/tui/onboarding/mod.rs
index 4c7741d5..fa56e868 100644
--- a/crates/tui/src/tui/onboarding/mod.rs
+++ b/crates/tui/src/tui/onboarding/mod.rs
@@ -22,11 +22,12 @@ pub fn render(f: &mut Frame, area: Rect, app: &App) {
     let block = Block::default().style(Style::default().bg(palette::DEEPSEEK_INK));
     f.render_widget(block, area);
 
+    const TOP_MARGIN: u16 = 2;
     let content_width = 76.min(area.width.saturating_sub(4));
-    let content_height = 20.min(area.height.saturating_sub(4));
+    let content_height = 20.min(area.height.saturating_sub(TOP_MARGIN + 2));
     let content_area = Rect {
-        x: (area.width - content_width) / 2,
-        y: (area.height - content_height) / 2,
+        x: (area.width.saturating_sub(content_width)) / 2,
+        y: TOP_MARGIN,
         width: content_width,
         height: content_height,
     };
diff --git a/crates/tui/src/tui/scrolling.rs b/crates/tui/src/tui/scrolling.rs
index 6bc51781..1e976b64 100644
--- a/crates/tui/src/tui/scrolling.rs
+++ b/crates/tui/src/tui/scrolling.rs
@@ -17,6 +17,8 @@
 
 use std::time::{Duration, Instant};
 
+use crate::tui::ui_text::CopyLineSeparator;
+
 const TRACKPAD_EVENT_WINDOW: Duration = Duration::from_millis(35);
 const WHEEL_LINES_PER_TICK: i32 = 3;
 const TRACKPAD_BASE_LINES_PER_TICK: i32 = 1;
@@ -36,6 +38,8 @@ pub enum TranscriptLineMeta {
     CellLine {
         cell_index: usize,
         line_in_cell: usize,
+        copy_prefix_width: usize,
+        copy_separator_after: CopyLineSeparator,
     },
     Spacer,
 }
@@ -48,10 +52,32 @@ impl TranscriptLineMeta {
             TranscriptLineMeta::CellLine {
                 cell_index,
                 line_in_cell,
+                ..
             } => Some((cell_index, line_in_cell)),
             TranscriptLineMeta::Spacer => None,
         }
     }
+
+    #[must_use]
+    pub fn copy_separator_after(&self) -> CopyLineSeparator {
+        match *self {
+            TranscriptLineMeta::CellLine {
+                copy_separator_after,
+                ..
+            } => copy_separator_after,
+            TranscriptLineMeta::Spacer => CopyLineSeparator::Newline,
+        }
+    }
+
+    #[must_use]
+    pub fn copy_prefix_width(&self) -> usize {
+        match *self {
+            TranscriptLineMeta::CellLine {
+                copy_prefix_width, ..
+            } => copy_prefix_width,
+            TranscriptLineMeta::Spacer => 0,
+        }
+    }
 }
 
 // === Transcript Scroll State ===
@@ -271,6 +297,8 @@ mod tests {
         TranscriptLineMeta::CellLine {
             cell_index,
             line_in_cell,
+            copy_prefix_width: 0,
+            copy_separator_after: CopyLineSeparator::Newline,
         }
     }
 
diff --git a/crates/tui/src/tui/sidebar.rs b/crates/tui/src/tui/sidebar.rs
index ec3d5bad..2ebd58dd 100644
--- a/crates/tui/src/tui/sidebar.rs
+++ b/crates/tui/src/tui/sidebar.rs
@@ -442,7 +442,7 @@ fn push_work_checklist_lines(
         let (prefix, color) = match item.status {
             TodoStatus::Pending => ("[ ]", palette::TEXT_MUTED),
             TodoStatus::InProgress => ("[~]", palette::STATUS_WARNING),
-            TodoStatus::Completed => ("[x]", palette::STATUS_SUCCESS),
+            TodoStatus::Completed => ("[✓]", palette::STATUS_SUCCESS),
         };
         let text = format!("{prefix} #{} {}", item.id, item.content);
         lines.push(Line::from(Span::styled(
@@ -533,7 +533,7 @@ fn push_work_strategy_lines(
         let (prefix, color) = match step.status {
             StepStatus::Pending => ("[ ]", theme.plan_pending_color),
             StepStatus::InProgress => ("[~]", theme.plan_in_progress_color),
-            StepStatus::Completed => ("[x]", theme.plan_completed_color),
+            StepStatus::Completed => ("[✓]", theme.plan_completed_color),
         };
         let mut text = format!("{prefix} {}", step.text);
         if !step.elapsed.is_empty() {
@@ -1361,7 +1361,7 @@ fn first_nonempty_line(text: &str) -> &str {
 fn tool_status_marker(status: ToolStatus) -> (&'static str, ratatui::style::Color) {
     match status {
         ToolStatus::Running => ("[~]", palette::STATUS_WARNING),
-        ToolStatus::Success => ("[x]", palette::STATUS_SUCCESS),
+        ToolStatus::Success => ("[✓]", palette::STATUS_SUCCESS),
         ToolStatus::Failed => ("[!]", palette::STATUS_ERROR),
     }
 }
@@ -1656,7 +1656,7 @@ pub fn subagent_panel_lines(
 fn agent_status_marker(status: &str) -> (&'static str, ratatui::style::Color) {
     match status {
         "running" => ("[~]", palette::STATUS_WARNING),
-        "done" => ("[x]", palette::STATUS_SUCCESS),
+        "done" => ("[✓]", palette::STATUS_SUCCESS),
         "failed" => ("[!]", palette::STATUS_ERROR),
         "canceled" | "interrupted" => ("[-]", palette::TEXT_MUTED),
         _ => ("[ ]", palette::TEXT_MUTED),
@@ -2152,7 +2152,7 @@ mod tests {
             "recent section missing: {text:?}"
         );
         assert!(
-            text.iter().any(|line| line.contains("[x] read_file")),
+            text.iter().any(|line| line.contains("[✓] read_file")),
             "recent read_file row missing: {text:?}"
         );
     }
@@ -2181,7 +2181,7 @@ mod tests {
         let text = lines_to_text(&task_panel_lines(&app, 64, 8));
 
         assert!(
-            !text.iter().any(|line| line.contains("[x] read_file")),
+            !text.iter().any(|line| line.contains("[✓] read_file")),
             "expired completed active row should leave the sidebar: {text:?}"
         );
     }
@@ -2219,7 +2219,7 @@ mod tests {
         let text = lines_to_text(&task_panel_lines(&app, 64, 8));
 
         assert!(
-            text.iter().any(|line| line.contains("[x] read_file")),
+            text.iter().any(|line| line.contains("[✓] read_file")),
             "fresh completed active row should linger briefly: {text:?}"
         );
     }
@@ -2372,7 +2372,7 @@ mod tests {
             .expect("failed grep row should stay visible");
         let read_group_index = text
             .iter()
-            .position(|line| line.contains("[x] read_file x3"))
+            .position(|line| line.contains("[✓] read_file x3"))
             .expect("repeated read_file rows should collapse");
 
         assert!(
@@ -2381,7 +2381,7 @@ mod tests {
         );
         assert_eq!(
             text.iter()
-                .filter(|line| line.contains("[x] read_file"))
+                .filter(|line| line.contains("[✓] read_file"))
                 .count(),
             1,
             "read_file should render once after grouping: {text:?}"
@@ -2481,7 +2481,7 @@ mod tests {
 
         assert!(
             text.iter()
-                .any(|line| line.contains("[x] cargo check 1.2s")),
+                .any(|line| line.contains("[✓] cargo check 1.2s")),
             "status marker and duration should stay in the row label: {text:?}"
         );
         assert!(
diff --git a/crates/tui/src/tui/transcript.rs b/crates/tui/src/tui/transcript.rs
index 9616a9c7..53319c96 100644
--- a/crates/tui/src/tui/transcript.rs
+++ b/crates/tui/src/tui/transcript.rs
@@ -26,6 +26,7 @@ use ratatui::{
 use crate::tui::app::TranscriptSpacing;
 use crate::tui::history::{HistoryCell, TranscriptRenderOptions};
 use crate::tui::scrolling::TranscriptLineMeta;
+use crate::tui::ui_text::CopyLineSeparator;
 
 /// Per-cell cached render output. Reused across `ensure` calls when the
 /// upstream cell's revision counter hasn't changed.
@@ -45,6 +46,12 @@ struct CachedCell {
     /// Rendered lines for this cell (without trailing inter-cell spacers),
     /// shared via `Arc` so cache enumeration is O(N) not O(N*lines).
     lines: Arc<Vec<Line<'static>>>,
+    /// Copy separators aligned with `lines`. These preserve source hard
+    /// newlines while allowing copy to remove visual soft-wrap breaks.
+    copy_separators: Arc<Vec<CopyLineSeparator>>,
+    /// Display-column widths of visual prefixes that should be omitted from
+    /// clipboard text, aligned with `lines`.
+    copy_prefix_widths: Arc<Vec<usize>>,
     /// Whether this cell's rendered output was empty (e.g. Thinking hidden).
     /// Cached so we can skip empty cells without re-rendering.
     is_empty: bool,
@@ -183,11 +190,21 @@ impl TranscriptViewCache {
                 } else {
                     width
                 };
-                let rendered = cell.lines_with_options(render_width, options);
-                let is_empty = rendered.is_empty();
+                let rendered = cell.lines_with_copy_metadata(render_width, options);
+                let mut lines = Vec::with_capacity(rendered.len());
+                let mut copy_separators = Vec::with_capacity(rendered.len());
+                let mut copy_prefix_widths = Vec::with_capacity(rendered.len());
+                for rendered_line in rendered {
+                    lines.push(rendered_line.line);
+                    copy_prefix_widths.push(rendered_line.copy_prefix_width);
+                    copy_separators.push(rendered_line.copy_separator_after);
+                }
+                let is_empty = lines.is_empty();
                 new_per_cell.push(CachedCell {
                     revision: current_rev,
-                    lines: Arc::new(rendered),
+                    lines: Arc::new(lines),
+                    copy_separators: Arc::new(copy_separators),
+                    copy_prefix_widths: Arc::new(copy_prefix_widths),
                     is_empty,
                     is_stream_continuation: cell.is_stream_continuation(),
                     is_conversational: cell.is_conversational(),
@@ -280,6 +297,16 @@ impl TranscriptViewCache {
                 self.line_meta.push(TranscriptLineMeta::CellLine {
                     cell_index,
                     line_in_cell,
+                    copy_prefix_width: cached
+                        .copy_prefix_widths
+                        .get(line_in_cell)
+                        .copied()
+                        .unwrap_or(0),
+                    copy_separator_after: cached
+                        .copy_separators
+                        .get(line_in_cell)
+                        .copied()
+                        .unwrap_or(CopyLineSeparator::Newline),
                 });
             }
 
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index c73a6a6e..73a3f219 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -294,6 +294,21 @@ fn word_cursor_modifier_accepts_control_and_alt() {
     assert!(!is_word_cursor_modifier(KeyModifiers::SHIFT));
 }
 
+fn select_full_transcript(app: &mut App) {
+    app.viewport.transcript_selection.anchor = Some(TranscriptSelectionPoint {
+        line_index: 0,
+        column: 0,
+    });
+    app.viewport.transcript_selection.head = Some(TranscriptSelectionPoint {
+        line_index: app
+            .viewport
+            .transcript_cache
+            .total_lines()
+            .saturating_sub(1),
+        column: 80,
+    });
+}
+
 #[test]
 fn selection_point_from_position_ignores_top_padding() {
     let area = Rect {
@@ -375,6 +390,90 @@ fn selection_to_text_handles_multiline_and_reversed_endpoints() {
     assert_eq!(selection_to_text(&app).as_deref(), Some("a beta\ngam"));
 }
 
+#[test]
+fn selection_to_text_removes_visual_wrap_breaks_from_paragraphs() {
+    let mut app = create_test_app();
+    app.history = vec![HistoryCell::Assistant {
+        content: "alpha beta gamma delta epsilon".to_string(),
+        streaming: false,
+    }];
+    app.resync_history_revisions();
+    app.viewport.transcript_cache.ensure(
+        &app.history,
+        &app.history_revisions,
+        14,
+        app.transcript_render_options(),
+    );
+    select_full_transcript(&mut app);
+
+    let selected = selection_to_text(&app).expect("selection text");
+    assert!(
+        !selected.contains('\n'),
+        "soft-wrapped paragraph copied with visual newlines: {selected:?}"
+    );
+    assert!(selected.contains("alpha beta gamma delta epsilon"));
+}
+
+#[test]
+fn selection_to_text_preserves_wrapped_long_words() {
+    let mut app = create_test_app();
+    app.history = vec![HistoryCell::Assistant {
+        content: "abcdefghijklmnop".to_string(),
+        streaming: false,
+    }];
+    app.resync_history_revisions();
+    app.viewport.transcript_cache.ensure(
+        &app.history,
+        &app.history_revisions,
+        10,
+        app.transcript_render_options(),
+    );
+    select_full_transcript(&mut app);
+
+    let selected = selection_to_text(&app).expect("selection text");
+    assert_eq!(selected, "abcdefghijklmnop");
+}
+
+#[test]
+fn selection_to_text_strips_code_block_visual_wrap_prefixes() {
+    let mut app = create_test_app();
+    app.history = vec![HistoryCell::Assistant {
+        content: "```\nlet example = abcdefghijklmnop;\n```".to_string(),
+        streaming: false,
+    }];
+    app.resync_history_revisions();
+    app.viewport.transcript_cache.ensure(
+        &app.history,
+        &app.history_revisions,
+        14,
+        app.transcript_render_options(),
+    );
+    select_full_transcript(&mut app);
+
+    let selected = selection_to_text(&app).expect("selection text");
+    assert_eq!(selected, "let example = abcdefghijklmnop;");
+}
+
+#[test]
+fn selection_to_text_strips_list_continuation_prefixes() {
+    let mut app = create_test_app();
+    app.history = vec![HistoryCell::Assistant {
+        content: "- alpha beta gamma delta epsilon".to_string(),
+        streaming: false,
+    }];
+    app.resync_history_revisions();
+    app.viewport.transcript_cache.ensure(
+        &app.history,
+        &app.history_revisions,
+        14,
+        app.transcript_render_options(),
+    );
+    select_full_transcript(&mut app);
+
+    let selected = selection_to_text(&app).expect("selection text");
+    assert_eq!(selected, "- alpha beta gamma delta epsilon");
+}
+
 #[test]
 fn selection_to_text_copies_rendered_transcript_block() {
     let mut app = create_test_app();
diff --git a/crates/tui/src/tui/ui_text.rs b/crates/tui/src/tui/ui_text.rs
index daafddb5..6c01743d 100644
--- a/crates/tui/src/tui/ui_text.rs
+++ b/crates/tui/src/tui/ui_text.rs
@@ -6,6 +6,24 @@ use unicode_width::{UnicodeWidthChar, UnicodeWidthStr};
 use crate::tui::history::HistoryCell;
 use crate::tui::osc8;
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub(crate) enum CopyLineSeparator {
+    None,
+    Space,
+    Newline,
+}
+
+impl CopyLineSeparator {
+    #[must_use]
+    pub(crate) const fn as_str(self) -> &'static str {
+        match self {
+            Self::None => "",
+            Self::Space => " ",
+            Self::Newline => "\n",
+        }
+    }
+}
+
 pub(crate) fn truncate_line_to_width(text: &str, max_width: usize) -> String {
     if max_width == 0 {
         return String::new();
diff --git a/crates/tui/src/tui/views/mod.rs b/crates/tui/src/tui/views/mod.rs
index beb044be..68ce1ac7 100644
--- a/crates/tui/src/tui/views/mod.rs
+++ b/crates/tui/src/tui/views/mod.rs
@@ -3,6 +3,7 @@ use ratatui::{buffer::Buffer, layout::Rect};
 use std::cell::{Cell, RefCell};
 use std::fmt;
 
+use crate::config::Config;
 use crate::localization::{Locale, MessageId, tr};
 use crate::palette;
 use crate::settings::Settings;
@@ -614,6 +615,15 @@ impl ConfigView {
                 editable: true,
                 scope: ConfigScope::Saved,
             },
+            ConfigRow {
+                section: ConfigSection::Model,
+                key: "base_url".to_string(),
+                value: Config::load(app.config_path.clone(), app.config_profile.as_deref())
+                    .map(|config| config.deepseek_base_url())
+                    .unwrap_or_else(|_| "(unavailable)".to_string()),
+                editable: true,
+                scope: ConfigScope::Saved,
+            },
             ConfigRow {
                 section: ConfigSection::Permissions,
                 key: "approval_mode".to_string(),
@@ -2013,6 +2023,7 @@ mod tests {
         KeyCode, KeyEvent, KeyModifiers, MouseButton, MouseEvent, MouseEventKind,
     };
     use ratatui::{buffer::Buffer, layout::Rect};
+    use std::fs;
     use std::path::PathBuf;
 
     fn create_test_app() -> App {
@@ -2175,6 +2186,7 @@ mod tests {
             .collect::<Vec<_>>();
         assert!(keys.contains(&"model"));
         assert!(keys.contains(&"reasoning_effort"));
+        assert!(keys.contains(&"base_url"));
         assert!(keys.contains(&"approval_mode"));
         assert!(keys.contains(&"theme"));
         assert!(keys.contains(&"locale"));
@@ -2193,6 +2205,32 @@ mod tests {
         assert!(view.rows.iter().all(|row| row.editable));
     }
 
+    #[test]
+    fn config_view_base_url_reflects_app_config_path() {
+        let temp_root = std::env::temp_dir().join(format!(
+            "deepseek-tui-base-url-view-test-{}",
+            std::process::id()
+        ));
+        fs::create_dir_all(&temp_root).unwrap();
+        let config_path = temp_root.join("config.toml");
+        fs::write(
+            &config_path,
+            "base_url = \"https://ui-config-view.local/v1\"\n",
+        )
+        .unwrap();
+
+        let mut app = create_test_app();
+        app.config_path = Some(config_path.clone());
+        let view = ConfigView::new_for_app(&app);
+
+        let row = view
+            .rows
+            .iter()
+            .find(|row| row.key == "base_url")
+            .expect("base_url row missing");
+        assert_eq!(row.value, "https://ui-config-view.local/v1");
+    }
+
     #[test]
     fn config_view_exposes_all_available_saved_settings() {
         let app = create_test_app();
diff --git a/crates/tui/src/tui/views/status_picker.rs b/crates/tui/src/tui/views/status_picker.rs
index 2cbf576e..17b6173a 100644
--- a/crates/tui/src/tui/views/status_picker.rs
+++ b/crates/tui/src/tui/views/status_picker.rs
@@ -204,7 +204,7 @@ impl ModalView for StatusPickerView {
         for (idx, item) in self.rows.iter().enumerate() {
             let checked = *self.selected.get(idx).unwrap_or(&false);
             let is_cursor = idx == self.cursor;
-            let mark = if checked { "[x]" } else { "[ ]" };
+            let mark = if checked { "[✓]" } else { "[ ]" };
 
             let row_style = if is_cursor {
                 Style::default()
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index d78c1a96..58cdffb7 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -1948,7 +1948,8 @@ fn build_empty_state_lines(app: &App, area: Rect) -> Vec<Line<'static>> {
         )),
     ];
 
-    let top_padding = usize::from(area.height.saturating_sub(body.len() as u16) / 3);
+    // Keep the welcome block near the top of the chat pane (header is separate).
+    let top_padding = 2usize;
     let mut lines = Vec::new();
     for _ in 0..top_padding {
         lines.push(Line::from(""));
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index b92cd8ff..5d6bef88 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -540,7 +540,7 @@ If you are upgrading from older releases:
   `false`. When `true`, the notification body includes the elapsed
   duration and the turn's cost in the configured display currency.
 - `tui.alternate_screen` (string, optional): `auto`, `always`, or `never`. This is retained for config compatibility, but interactive sessions now always use the TUI-owned alternate screen so host terminal scrollback cannot hijack the viewport.
-- `tui.mouse_capture` (bool, optional, default `true` on non-Windows terminals and on Windows Terminal/ConEmu/Cmder when the alternate screen is active; `false` on legacy Windows console and inside JetBrains JediTerm — PyCharm/IDEA/CLion/etc. — where mouse-event escapes leak into the input stream as garbled text, see #878 / #898): enable internal mouse scrolling, transcript selection, right-click context actions, and transcript scrollbar dragging. TUI-owned drag selection copies only transcript text and keeps selection scoped to the transcript pane. Set this to `false` or run with `--no-mouse-capture` for raw terminal selection; set it to `true` or run with `--mouse-capture` to opt in anywhere it's defaulted off. On raw terminal selection, especially on legacy Windows console or when mouse capture is disabled, selection may cross the right sidebar because the terminal, not the TUI, owns the selection.
+- `tui.mouse_capture` (bool, optional, default `true` on non-Windows terminals and on Windows Terminal/ConEmu/Cmder when the alternate screen is active; `false` on legacy Windows console and inside JetBrains JediTerm — PyCharm/IDEA/CLion/etc. — where mouse-event escapes leak into the input stream as garbled text, see #878 / #898): enable internal mouse scrolling, transcript selection, right-click context actions, and transcript scrollbar dragging. TUI-owned drag selection copies only transcript text, removes visual wrap-column line breaks from paragraphs, and keeps selection scoped to the transcript pane. Set this to `false` or run with `--no-mouse-capture` for raw terminal selection; set it to `true` or run with `--mouse-capture` to opt in anywhere it's defaulted off. On raw terminal selection, especially on legacy Windows console or when mouse capture is disabled, selection may cross the right sidebar and include visual wraps because the terminal, not the TUI, owns the selection.
 - `tui.terminal_probe_timeout_ms` (int, optional, default `500`): startup terminal-mode probe timeout in milliseconds. Values are clamped to `100..=5000`; timeout emits a warning and aborts startup instead of hanging indefinitely.
 - `tui.osc8_links` (bool, optional, default `true`): emit OSC 8 escape sequences around URLs in transcript output so terminals that support them (iTerm2, Terminal.app 13+, Ghostty, Kitty, WezTerm, Alacritty, recent gnome-terminal/konsole) render them as Cmd+click hyperlinks. Terminals without OSC 8 support render the plain URL and ignore the escape. Set `false` for terminals that misrender the sequence; selection/clipboard output always strips the escapes.
 - `hooks` (optional): lifecycle hooks configuration (see `config.example.toml`).
diff --git a/docs/MODES.md b/docs/MODES.md
index 3da4f5b4..250721db 100644
--- a/docs/MODES.md
+++ b/docs/MODES.md
@@ -102,7 +102,7 @@ Run `codewhale --help` for the canonical list. Common flags:
 - `-r, --resume <ID|PREFIX|latest>`: resume a saved session
 - `-c, --continue`: resume the most recent session in this workspace
 - `--max-subagents <N>`: clamp to `1..=20`
-- `--mouse-capture` / `--no-mouse-capture`: opt in or out of internal mouse scrolling, transcript selection, right-click context actions, and transcript scrollbar dragging. Mouse capture is enabled by default on non-Windows terminals and on Windows Terminal/ConEmu/Cmder so drag selection copies only transcript text and stays scoped to the transcript pane; hold Shift while dragging or use `--no-mouse-capture` for raw terminal selection. It defaults off on legacy Windows console (CMD without `WT_SESSION` / `ConEmuPID`) and inside JetBrains JediTerm — PyCharm/IDEA/CLion/etc. — where the terminal advertises mouse support but forwards SGR mouse events as raw text (#878, #898). Use `--mouse-capture` to opt in anywhere it's defaulted off. Raw terminal selection may cross the right sidebar because the terminal, not the TUI, owns the selection.
+- `--mouse-capture` / `--no-mouse-capture`: opt in or out of internal mouse scrolling, transcript selection, right-click context actions, and transcript scrollbar dragging. Mouse capture is enabled by default on non-Windows terminals and on Windows Terminal/ConEmu/Cmder so drag selection copies only transcript text, removes visual wrap-column line breaks from paragraphs, and stays scoped to the transcript pane; hold Shift while dragging or use `--no-mouse-capture` for raw terminal selection. It defaults off on legacy Windows console (CMD without `WT_SESSION` / `ConEmuPID`) and inside JetBrains JediTerm — PyCharm/IDEA/CLion/etc. — where the terminal advertises mouse support but forwards SGR mouse events as raw text (#878, #898). Use `--mouse-capture` to opt in anywhere it's defaulted off. Raw terminal selection may cross the right sidebar and include visual wraps because the terminal, not the TUI, owns the selection.
 - `--profile <NAME>`: select config profile
 - `--config <PATH>`: config file path
 - `-v, --verbose`: verbose logging

From 799d9f8176f3361bb914124cf206e7b99665381e Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 14:35:57 -0500
Subject: [PATCH 094/283] docs: consolidate CHANGELOG for v0.8.47, add 5 new
 contributors

---
 CHANGELOG.md | 60 +++++++++++++++++++++++++++-------------------------
 1 file changed, 31 insertions(+), 29 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5616eaa6..924e4f2f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,49 +11,51 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - **Composer text selection with copy/cut.** Mouse drag and Shift+Arrow
   selection in the composer input box, with Ctrl+C copy and Ctrl+X cut
-  support. Home, End, Ctrl+A, and Ctrl+E now clear the selection to prevent
-  accidental deletions on the next keystroke (#2228).
+  support. Home, End, Ctrl+A, and Ctrl+E now clear the selection (#2228).
+- **Copy transcript without visual-wrap newlines.** Transcript copy now
+  strips visual-wrap column line breaks from paragraphs, producing clean
+  text for pasting into editors or prompts (#1906).
+- **Configurable base URL in /config view.** The `/config` panel now
+  displays the effective DeepSeek base URL (#1967).
+- **CNB mirror support for China-friendly downloads.** Added
+  `CODEWHALE_RELEASE_BASE_URL` and `CODEWHALE_USE_CNB_MIRROR` to
+  both npm install scripts and Rust self-updater (#2222).
+- **[✓] completion markers.** Checklist, plan, and tool completion
+  markers now render as `[✓]` instead of `[x]` (#1935).
 
 ### Changed
 
-- **Project context loading now logs the source file.** A tracing info
-  line is emitted when AGENTS.md, CLAUDE.md, or another context file is
-  successfully loaded into the system prompt, making it easier to verify
-  which file was used during prompt assembly (#2227).
-- **CNB mirror support for China-friendly downloads.** Added
-  `CODEWHALE_RELEASE_BASE_URL` env var and `CODEWHALE_USE_CNB_MIRROR`
-  auto-detection to both the npm install scripts and Rust self-updater.
-  Users in China can set `CODEWHALE_USE_CNB_MIRROR=1` to download
-  binaries from cnb.cool instead of GitHub Releases (#2222).
-- **State-root migration continues.** Migrated these storage paths to
-  prefer `~/.codewhale` with `~/.deepseek` fallback: snapshots, skill
-  state, spillover, memory, logs, crashes, automations, TUI settings,
-  handoff, notes, MCP config, sub-agent state, cycle archives, and
-  anchors. Added `resolve_project_state_dir` and `ensure_project_state_dir`
-  to `codewhale-config` for project-local resolution (#2231).
+- **Project context loading now logs the source file.** (#2227)
+- **macOS onboarding and empty-state layout pinned to top** instead
+  of vertically centered (#1837).
+- **State-root migration continues.** Migrated 15+ storage paths to
+  prefer `~/.codewhale` with `~/.deepseek` fallback (#2231).
 - **READMEs updated for the CodeWhale rename.** All three READMEs now
-  reference canonical `~/.codewhale` paths for config, skills, and Docker
-  volumes, with legacy `~/.deepseek` noted as a compatibility fallback.
+  reference canonical `~/.codewhale` paths.
 
 ### Fixed
 
 - **Deadlock when spawning multiple concurrent sub-agents.** Replaced
-  `RwLock`-based serialisation with a `Semaphore(1)` in `ToolCallRuntime`,
-  preventing re-entrant tool calls from deadlocking on the same lock (#1856).
+  `RwLock`-based serialisation with a `Semaphore(1)` (#1856).
 - **Steered/queued messages now render in correct transcript order.**
-  `steer_user_message` now flushes the active cell into history before
-  inserting the steer message, so the user's message appears after
-  (below) the thinking content that chronologically preceded it (#2225).
-- **Session save test updated for managed sessions directory.** The
-  `/save` command now writes to `~/.codewhale/sessions` (or legacy
-  `~/.deepseek/sessions`) instead of the workspace root. Test updated
-  to set `CODEWHALE_HOME` and pre-create the sessions directory (#2223).
+  `steer_user_message` now flushes the active cell before inserting (#2225).
+- **Session save test updated for managed sessions directory.** (#2223).
+- **Loop guard reports Failed on halt.** Turn outcome correctly reports
+  `Failed` instead of `Completed` when the loop guard trips (#1859).
+- **DEEPSEEK_YOLO env honoured on startup.** The `--yolo` flag is now
+  correctly merged with the `DEEPSEEK_YOLO` environment variable (#1870).
 
 ### Community
 
 Thanks to contributors whose PRs landed in this release:
 **@Fire-dtx** (#1856),
-**@imkingjh999** (#2228).
+**@imkingjh999** (#2228),
+**@harvey2011888** (#1859),
+**@victorcheng2333** (#1870),
+**@IIzzaya** (#1935),
+**@PurplePulse** (#1837),
+**@cyq1017** (#1967),
+**@knqiufan** (#1906).
 
 ## [0.8.46] - 2026-05-26
 

From 8822e9873a621198fee844459d97131697fde9bb Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 15:05:59 -0500
Subject: [PATCH 095/283] =?UTF-8?q?refactor:=20finish=20state-root=20migra?=
 =?UTF-8?q?tion=20=E2=80=94=20all=20runtime=20paths=20now=20.codewhale?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- .gitignore: add deep-swe/ and all_preds.jsonl to prevent accidental commits
- config.rs: home_config_path(), managed_config, requirements, mcp, notes,
  memory all prefer ~/.codewhale/config.toml with .deepseek fallback
- commands/config.rs: config_toml_path() prefers .codewhale
- commands/anchor.rs: anchors_path prefers .codewhale/anchors.md
- commands/note.rs: notes_path prefers .codewhale/notes.md
- skills/install.rs: cache defaults to .codewhale/cache/skills
- skills/mod.rs: global skills discovery includes .codewhale/skills
- file_frecency, clipboard, onboarding, audit, task_manager: all .codewhale
- project-local paths (onboarding trust) still .deepseek for compat

Closes #2231.
---
 .gitignore                           |  3 +++
 crates/tui/src/audit.rs              |  2 +-
 crates/tui/src/commands/anchor.rs    |  4 +++
 crates/tui/src/commands/config.rs    |  4 +++
 crates/tui/src/commands/note.rs      |  4 +++
 crates/tui/src/config.rs             | 38 +++++++++++++++++++++++-----
 crates/tui/src/palette.rs            |  8 ++++--
 crates/tui/src/skills/install.rs     |  2 +-
 crates/tui/src/task_manager.rs       |  4 +--
 crates/tui/src/tui/clipboard.rs      |  2 +-
 crates/tui/src/tui/file_frecency.rs  |  2 +-
 crates/tui/src/tui/onboarding/mod.rs |  6 ++++-
 12 files changed, 64 insertions(+), 15 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0668130d..50c41e5a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -100,6 +100,8 @@ apps/
 # Maintainer-local SWE-bench scratch (instance workspaces, venvs, predictions,
 # Docker harness logs). Never published.
 .swebench/
+deep-swe/
+all_preds.jsonl
 
 # Agent handoffs and version-specific setup plans are working-state notes, not
 # public docs. Keep durable setup guidance in docs/runbooks instead.
@@ -111,3 +113,4 @@ docs/*_PLAN.md
 # direnv
 .envrc
 .direnv
+scripts/run_deep_swe.py
diff --git a/crates/tui/src/audit.rs b/crates/tui/src/audit.rs
index 60b49c63..2638131d 100644
--- a/crates/tui/src/audit.rs
+++ b/crates/tui/src/audit.rs
@@ -41,5 +41,5 @@ fn append_event(event: &str, details: Value) -> anyhow::Result<()> {
 
 fn default_audit_path() -> anyhow::Result<PathBuf> {
     let home = dirs::home_dir().ok_or_else(|| anyhow::anyhow!("home directory not found"))?;
-    Ok(home.join(".deepseek").join("audit.log"))
+    Ok(home.join(".codewhale").join("audit.log"))
 }
diff --git a/crates/tui/src/commands/anchor.rs b/crates/tui/src/commands/anchor.rs
index fb15fb33..7ba66d7a 100644
--- a/crates/tui/src/commands/anchor.rs
+++ b/crates/tui/src/commands/anchor.rs
@@ -47,6 +47,10 @@ pub fn anchor(app: &mut App, content: Option<&str>) -> CommandResult {
 }
 
 fn anchors_path(app: &App) -> std::path::PathBuf {
+    let primary = app.workspace.join(".codewhale").join("anchors.md");
+    if primary.exists() {
+        return primary;
+    }
     app.workspace.join(".deepseek").join("anchors.md")
 }
 
diff --git a/crates/tui/src/commands/config.rs b/crates/tui/src/commands/config.rs
index 3496c826..651b4d5d 100644
--- a/crates/tui/src/commands/config.rs
+++ b/crates/tui/src/commands/config.rs
@@ -379,6 +379,10 @@ pub(super) fn config_toml_path(config_path: Option<&Path>) -> anyhow::Result<Pat
         }
     }
     let home = dirs::home_dir().context("failed to resolve home directory for config.toml path")?;
+    let primary = home.join(".codewhale").join("config.toml");
+    if primary.exists() {
+        return Ok(primary);
+    }
     Ok(home.join(".deepseek").join("config.toml"))
 }
 
diff --git a/crates/tui/src/commands/note.rs b/crates/tui/src/commands/note.rs
index 8aa1267f..6efe4413 100644
--- a/crates/tui/src/commands/note.rs
+++ b/crates/tui/src/commands/note.rs
@@ -39,6 +39,10 @@ pub fn note(app: &mut App, content: Option<&str>) -> CommandResult {
 }
 
 fn notes_path(app: &App) -> PathBuf {
+    let primary = app.workspace.join(".codewhale").join("notes.md");
+    if primary.exists() {
+        return primary;
+    }
     app.workspace.join(".deepseek").join("notes.md")
 }
 
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 63fd1e80..55d46871 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -2200,7 +2200,13 @@ pub(crate) fn effective_home_dir() -> Option<PathBuf> {
 }
 
 fn home_config_path() -> Option<PathBuf> {
-    effective_home_dir().map(|home| home.join(".deepseek").join("config.toml"))
+    effective_home_dir().map(|home| {
+        let primary = home.join(".codewhale").join("config.toml");
+        if primary.exists() {
+            return primary;
+        }
+        home.join(".deepseek").join("config.toml")
+    })
 }
 
 #[must_use]
@@ -2363,7 +2369,11 @@ fn default_managed_config_path() -> Option<PathBuf> {
     }
     #[cfg(not(unix))]
     {
-        effective_home_dir().map(|home| home.join(".deepseek").join("managed_config.toml"))
+        effective_home_dir().map(|home| {
+            let primary = home.join(".codewhale").join("managed_config.toml");
+            if primary.exists() { return primary; }
+            home.join(".deepseek").join("managed_config.toml")
+        })
     }
 }
 
@@ -2374,7 +2384,11 @@ fn default_requirements_path() -> Option<PathBuf> {
     }
     #[cfg(not(unix))]
     {
-        effective_home_dir().map(|home| home.join(".deepseek").join("requirements.toml"))
+        effective_home_dir().map(|home| {
+            let primary = home.join(".codewhale").join("requirements.toml");
+            if primary.exists() { return primary; }
+            home.join(".deepseek").join("requirements.toml")
+        })
     }
 }
 
@@ -2399,15 +2413,27 @@ fn default_skills_dir() -> Option<PathBuf> {
 }
 
 fn default_mcp_config_path() -> Option<PathBuf> {
-    effective_home_dir().map(|home| home.join(".deepseek").join("mcp.json"))
+    effective_home_dir().map(|home| {
+        let primary = home.join(".codewhale").join("mcp.json");
+        if primary.exists() { return primary; }
+        home.join(".deepseek").join("mcp.json")
+    })
 }
 
 fn default_notes_path() -> Option<PathBuf> {
-    effective_home_dir().map(|home| home.join(".deepseek").join("notes.txt"))
+    effective_home_dir().map(|home| {
+        let primary = home.join(".codewhale").join("notes.txt");
+        if primary.exists() { return primary; }
+        home.join(".deepseek").join("notes.txt")
+    })
 }
 
 fn default_memory_path() -> Option<PathBuf> {
-    effective_home_dir().map(|home| home.join(".deepseek").join("memory.md"))
+    effective_home_dir().map(|home| {
+        let primary = home.join(".codewhale").join("memory.md");
+        if primary.exists() { return primary; }
+        home.join(".deepseek").join("memory.md")
+    })
 }
 
 // === Environment Overrides ===
diff --git a/crates/tui/src/palette.rs b/crates/tui/src/palette.rs
index a521c610..b3a5a367 100644
--- a/crates/tui/src/palette.rs
+++ b/crates/tui/src/palette.rs
@@ -8,7 +8,7 @@ use std::process::Command;
 pub const WHALE_BG_RGB: (u8, u8, u8) = (10, 17, 32); // #0A1120 Deep Navy
 pub const WHALE_PANEL_RGB: (u8, u8, u8) = (22, 34, 56); // #162238
 pub const WHALE_ELEVATED_RGB: (u8, u8, u8) = (36, 52, 78); // #24344E
-pub const WHALE_SELECTION_RGB: (u8, u8, u8) = (48, 68, 100); // #304464
+pub const WHALE_SELECTION_RGB: (u8, u8, u8) = (40, 56, 84); // #283854 — darker to avoid bright pop on deep navy
 pub const WHALE_TEXT_BODY_RGB: (u8, u8, u8) = (246, 242, 232); // #F6F2E8 Whale Ivory
 pub const WHALE_TEXT_SOFT_RGB: (u8, u8, u8) = (217, 224, 234); // #D9E0EA
 pub const WHALE_TEXT_MUTED_RGB: (u8, u8, u8) = (169, 180, 199); // #A9B4C7 Mist Gray
@@ -244,7 +244,11 @@ pub const TEXT_ACCENT: Color = Color::Rgb(
     WHALE_ACCENT_SECONDARY_RGB.1,
     WHALE_ACCENT_SECONDARY_RGB.2,
 );
-pub const SELECTION_TEXT: Color = Color::White;
+pub const SELECTION_TEXT: Color = Color::Rgb(
+    WHALE_TEXT_BODY_RGB.0,
+    WHALE_TEXT_BODY_RGB.1,
+    WHALE_TEXT_BODY_RGB.2,
+); // Ivory — softer than pure white
 pub const TEXT_SOFT: Color = Color::Rgb(
     WHALE_TEXT_SOFT_RGB.0,
     WHALE_TEXT_SOFT_RGB.1,
diff --git a/crates/tui/src/skills/install.rs b/crates/tui/src/skills/install.rs
index aa4550be..787b6c4a 100644
--- a/crates/tui/src/skills/install.rs
+++ b/crates/tui/src/skills/install.rs
@@ -52,7 +52,7 @@ use crate::network_policy::{Decision, NetworkPolicy, host_from_url};
 pub fn default_cache_skills_dir() -> PathBuf {
     dirs::home_dir().map_or_else(
         || PathBuf::from("/tmp/codewhale/cache/skills"),
-        |p| p.join(".deepseek").join("cache").join("skills"),
+        |p| p.join(".codewhale").join("cache").join("skills"),
     )
 }
 
diff --git a/crates/tui/src/task_manager.rs b/crates/tui/src/task_manager.rs
index b0d9e39e..8f927023 100644
--- a/crates/tui/src/task_manager.rs
+++ b/crates/tui/src/task_manager.rs
@@ -1648,9 +1648,9 @@ pub fn default_tasks_dir() -> PathBuf {
         return PathBuf::from(path);
     }
     if let Some(home) = dirs::home_dir() {
-        return home.join(".deepseek").join("tasks");
+        return home.join(".codewhale").join("tasks");
     }
-    PathBuf::from(".deepseek").join("tasks")
+    PathBuf::from(".codewhale").join("tasks")
 }
 
 /// Wait for a task to reach a terminal status (tests and API helpers).
diff --git a/crates/tui/src/tui/clipboard.rs b/crates/tui/src/tui/clipboard.rs
index dffadfac..bbefcac8 100644
--- a/crates/tui/src/tui/clipboard.rs
+++ b/crates/tui/src/tui/clipboard.rs
@@ -279,7 +279,7 @@ fn osc52_sequence(text: &str, in_tmux: bool) -> Result<String> {
 /// `<workspace>/clipboard-images/` if the home dir is unavailable.
 pub(crate) fn clipboard_images_dir(workspace: &Path) -> PathBuf {
     if let Some(home) = dirs::home_dir() {
-        return home.join(".deepseek").join("clipboard-images");
+        return home.join(".codewhale").join("clipboard-images");
     }
     workspace.join("clipboard-images")
 }
diff --git a/crates/tui/src/tui/file_frecency.rs b/crates/tui/src/tui/file_frecency.rs
index 5129d695..10b83852 100644
--- a/crates/tui/src/tui/file_frecency.rs
+++ b/crates/tui/src/tui/file_frecency.rs
@@ -55,7 +55,7 @@ fn store() -> &'static Mutex<Store> {
 }
 
 fn default_path() -> Option<PathBuf> {
-    dirs::home_dir().map(|h| h.join(".deepseek").join("file-frecency.jsonl"))
+    dirs::home_dir().map(|h| h.join(".codewhale").join("file-frecency.jsonl"))
 }
 
 fn now_secs() -> u64 {
diff --git a/crates/tui/src/tui/onboarding/mod.rs b/crates/tui/src/tui/onboarding/mod.rs
index fa56e868..2967cab6 100644
--- a/crates/tui/src/tui/onboarding/mod.rs
+++ b/crates/tui/src/tui/onboarding/mod.rs
@@ -128,7 +128,11 @@ pub fn tips_lines(app: &App) -> Vec<ratatui::text::Line<'static>> {
 }
 
 pub fn default_marker_path() -> Option<PathBuf> {
-    dirs::home_dir().map(|home| home.join(".deepseek").join(".onboarded"))
+    dirs::home_dir().map(|home| {
+        let primary = home.join(".codewhale").join(".onboarded");
+        if primary.exists() { return primary; }
+        home.join(".deepseek").join(".onboarded")
+    })
 }
 
 pub fn is_onboarded() -> bool {

From 02d4605868a1e087844245623640e725db4272ab Mon Sep 17 00:00:00 2001
From: LING71671 <1739677116@qq.com>
Date: Tue, 26 May 2026 15:53:53 -0500
Subject: [PATCH 096/283] fix(tui): restore auto model state on session load

Harvested from PR #1885 by @LING71671.

Fixes #1797.
---
 crates/tui/src/commands/session.rs | 31 +++++++++++++++++++++++++++---
 crates/tui/src/tui/app.rs          |  4 ++++
 crates/tui/src/tui/ui/tests.rs     |  9 ++++++++-
 3 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/commands/session.rs b/crates/tui/src/commands/session.rs
index bc51683d..cc82b275 100644
--- a/crates/tui/src/commands/session.rs
+++ b/crates/tui/src/commands/session.rs
@@ -169,7 +169,7 @@ pub fn load(app: &mut App, path: Option<&str>) -> CommandResult {
     app.extend_history(cells_to_add);
     app.mark_history_updated();
     app.viewport.transcript_selection.clear();
-    app.model.clone_from(&session.metadata.model);
+    app.set_model_selection(session.metadata.model.clone());
     app.update_model_compaction_budget();
     app.workspace.clone_from(&session.metadata.workspace);
     app.session.total_tokens = u32::try_from(session.metadata.total_tokens).unwrap_or(u32::MAX);
@@ -365,8 +365,8 @@ fn line_to_string(line: ratatui::text::Line<'static>) -> String {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::config::Config;
-    use crate::tui::app::{App, TuiOptions, TurnCacheRecord};
+    use crate::config::{Config, DEFAULT_TEXT_MODEL};
+    use crate::tui::app::{App, ReasoningEffort, TuiOptions, TurnCacheRecord};
     use std::time::Instant;
     use tempfile::TempDir;
 
@@ -575,6 +575,31 @@ mod tests {
         assert!(matches!(result.action, Some(AppAction::SyncSession { .. })));
     }
 
+    #[test]
+    fn load_auto_model_session_restores_auto_mode() {
+        let tmpdir = TempDir::new().unwrap();
+        let mut saved_app = create_test_app_with_tmpdir(&tmpdir);
+        saved_app.set_model_selection("auto".to_string());
+        saved_app.last_effective_model = Some("deepseek-v4-flash".to_string());
+        saved_app.last_effective_reasoning_effort = Some(ReasoningEffort::Low);
+        let save_path = tmpdir.path().join("auto_model.json");
+        save(&mut saved_app, Some(save_path.to_str().unwrap()));
+
+        let mut app = create_test_app_with_tmpdir(&tmpdir);
+        app.set_model_selection("deepseek-v4-flash".to_string());
+        app.reasoning_effort = ReasoningEffort::High;
+        let result = load(&mut app, Some(save_path.to_str().unwrap()));
+
+        assert!(!result.is_error);
+        assert!(app.auto_model);
+        assert_eq!(app.model, "auto");
+        assert_eq!(app.model_selection_for_persistence(), "auto");
+        assert_eq!(app.last_effective_model, None);
+        assert_eq!(app.last_effective_reasoning_effort, None);
+        assert_eq!(app.reasoning_effort, ReasoningEffort::Auto);
+        assert_eq!(app.effective_model_for_budget(), DEFAULT_TEXT_MODEL);
+    }
+
     #[test]
     fn load_restores_artifact_registry() {
         let tmpdir = TempDir::new().unwrap();
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 2c3ec0c9..449e267e 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -4501,6 +4501,10 @@ impl App {
         };
         self.auto_model = auto_model;
         self.last_effective_model = None;
+        self.last_effective_reasoning_effort = None;
+        if auto_model {
+            self.reasoning_effort = ReasoningEffort::Auto;
+        }
     }
 
     pub fn model_selection_for_persistence(&self) -> String {
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index c73a6a6e..a2170a9a 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -1,5 +1,5 @@
 use super::*;
-use crate::config::{ApiProvider, Config};
+use crate::config::{ApiProvider, Config, DEFAULT_TEXT_MODEL};
 use crate::config_ui::{self, WebConfigSession, WebConfigSessionEvent};
 use crate::core::engine::mock_engine_handle;
 use crate::tui::active_cell::ActiveCell;
@@ -4166,6 +4166,9 @@ fn apply_loaded_session_restores_concrete_model_mode() {
 fn apply_loaded_session_restores_auto_model_mode() {
     let mut app = create_test_app();
     app.set_model_selection("deepseek-v4-pro".to_string());
+    app.reasoning_effort = ReasoningEffort::High;
+    app.last_effective_model = Some("deepseek-v4-flash".to_string());
+    app.last_effective_reasoning_effort = Some(ReasoningEffort::Low);
     let mut session = saved_session_with_messages(vec![
         text_message("user", "hello"),
         text_message("assistant", "hi"),
@@ -4178,6 +4181,10 @@ fn apply_loaded_session_restores_auto_model_mode() {
     assert!(app.auto_model);
     assert_eq!(app.model, "auto");
     assert_eq!(app.model_selection_for_persistence(), "auto");
+    assert_eq!(app.last_effective_model, None);
+    assert_eq!(app.last_effective_reasoning_effort, None);
+    assert_eq!(app.reasoning_effort, ReasoningEffort::Auto);
+    assert_eq!(app.effective_model_for_budget(), DEFAULT_TEXT_MODEL);
 }
 
 #[test]

From 671aa4810eb9cb1199a1c9a9a7d703e9a714367e Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:37:33 -0500
Subject: [PATCH 097/283] docs: add Docker toolbox/custom-image contract and
 examples (#2217)

- Document default image contract (non-root, no sudo, conservative)
- Add opt-in toolbox image pattern with passwordless sudo
- Include Dockerfile.toolbox example
- Document multi-project volume pattern
- Add bootstrap script, custom CA certificate, and proxy workflows
- Clarify that bootstrap/CA workflows require the opt-in toolbox image
---
 docs/DOCKER.md                   | 138 +++++++++++++++++++++++++++++++
 docs/examples/Dockerfile.toolbox |  29 +++++++
 2 files changed, 167 insertions(+)
 create mode 100644 docs/examples/Dockerfile.toolbox

diff --git a/docs/DOCKER.md b/docs/DOCKER.md
index 732c4705..c4f62491 100644
--- a/docs/DOCKER.md
+++ b/docs/DOCKER.md
@@ -36,6 +36,144 @@ docker run --rm -it \
 Replace `vX.Y.Z` with a tag from
 [GitHub Releases](https://github.com/Hmbown/CodeWhale/releases).
 
+## Default image contract
+
+`ghcr.io/hmbown/codewhale:latest` and the semver tags are conservative runtime
+images:
+
+- the container runs as the non-root `codewhale` user with UID/GID `1000:1000`
+- the image does not grant passwordless `sudo`
+- the image is meant to run CodeWhale against mounted workspaces, not to mutate
+  the base operating system at runtime
+- user state belongs in a volume mounted at `/home/codewhale/.deepseek`
+
+That default is intentional. Keep using it for the smallest trust boundary. If a
+project needs `apt-get`, compiler toolchains, Node/Python package managers,
+custom CA certificates, or other host-like setup inside Docker, build an
+explicit toolbox image instead of changing the default image contract.
+
+## Opt-in toolbox/custom image
+
+The repository includes an example
+[`docs/examples/Dockerfile.toolbox`](examples/Dockerfile.toolbox) that extends
+the official image with passwordless `sudo` and common development packages.
+Build it with a pinned CodeWhale tag when you want repeatable project
+environments:
+
+```bash
+docker build -f docs/examples/Dockerfile.toolbox \
+  --build-arg CODEWHALE_IMAGE=ghcr.io/hmbown/codewhale:vX.Y.Z \
+  --build-arg TOOLBOX_PACKAGES="git openssh-client curl build-essential pkg-config python3 python3-pip nodejs npm" \
+  -t codewhale-toolbox:my-project .
+```
+
+Use `latest` only for throwaway testing. For shared projects, keep the
+`CODEWHALE_IMAGE` value pinned and review package additions like any other
+development-environment change.
+
+Run the toolbox image with the same workspace and state mounts:
+
+```bash
+docker volume create codewhale-my-project-home
+
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-my-project-home:/home/codewhale/.deepseek \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  codewhale-toolbox:my-project
+```
+
+Inside this opt-in image, CodeWhale can use commands such as
+`sudo apt-get update` and `sudo apt-get install -y <package>`. For repeatable
+containers, prefer baking those packages into the toolbox Dockerfile instead of
+letting a long-lived container drift.
+
+Do not bake API keys, SSH private keys, or other secrets into custom images.
+Pass API keys at runtime and mount any SSH material deliberately, preferably
+read-only and only for projects that need it.
+
+## Multiple independent projects
+
+Use one named state volume per project so sessions, config, skills, memory, and
+the offline queue do not bleed across workspaces:
+
+```bash
+project="$(basename "$PWD")"
+image="codewhale-toolbox:${project}"
+docker volume create "codewhale-${project}-home"
+
+docker run --rm -it \
+  --name "codewhale-${project}" \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v "codewhale-${project}-home:/home/codewhale/.deepseek" \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  "$image"
+```
+
+For projects with different toolchains, build different toolbox tags, for
+example `codewhale-toolbox:frontend` and `codewhale-toolbox:backend`. The
+separate launcher idea discussed in issue #2217 can build on this contract, but
+it is intentionally outside the core Docker image.
+
+## Project bootstrap scripts
+
+CodeWhale does not automatically execute `.deepseek/setup.sh` or
+`.codewhale/setup.sh`. If you keep one of those files as a local project
+recipe, run it explicitly. For shared team setup, prefer a committed project
+script or the toolbox Dockerfile so the environment can be reviewed and
+rebuilt.
+
+For example, to run a committed bootstrap script before starting CodeWhale:
+
+```bash
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-my-project-home:/home/codewhale/.deepseek \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  --entrypoint bash \
+  codewhale-toolbox:my-project \
+  -lc './scripts/bootstrap-dev.sh && exec codewhale'
+```
+
+Use the toolbox image for bootstrap scripts that need `sudo`. The default image
+will not elevate privileges.
+
+## Custom CA certificates and proxies
+
+For corporate proxies, dev-sidecar, or self-signed internal services, prefer
+baking trusted CA certificates into a custom toolbox image:
+
+```dockerfile
+USER root
+COPY docker/certs/*.crt /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+USER codewhale
+```
+
+All files copied into `/usr/local/share/ca-certificates/` must use the `.crt`
+extension. Keep private CA material out of public images.
+
+For a local-only run, mount certificates read-only and update the trust store at
+container start:
+
+```bash
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-my-project-home:/home/codewhale/.deepseek \
+  -v "$PWD:/workspace" \
+  -v "$PWD/docker/certs:/usr/local/share/ca-certificates/local:ro" \
+  -w /workspace \
+  --entrypoint bash \
+  codewhale-toolbox:my-project \
+  -lc 'sudo update-ca-certificates && exec codewhale'
+```
+
+This CA workflow requires the opt-in toolbox image because the default image
+does not include passwordless `sudo`.
+
 ## Local build
 
 Build the image locally from a checkout:
diff --git a/docs/examples/Dockerfile.toolbox b/docs/examples/Dockerfile.toolbox
new file mode 100644
index 00000000..fab0b73e
--- /dev/null
+++ b/docs/examples/Dockerfile.toolbox
@@ -0,0 +1,29 @@
+# syntax=docker/dockerfile:1
+#
+# Opt-in CodeWhale toolbox image.
+#
+# The published ghcr.io/hmbown/codewhale:latest image intentionally stays
+# minimal, non-root, and without passwordless sudo. Use this Dockerfile only for
+# workspaces where you deliberately want package installation, custom CA setup,
+# or project-specific build tools inside the container.
+#
+# Example:
+#   docker build -f docs/examples/Dockerfile.toolbox \
+#     --build-arg CODEWHALE_IMAGE=ghcr.io/hmbown/codewhale:vX.Y.Z \
+#     --build-arg TOOLBOX_PACKAGES="git openssh-client curl build-essential pkg-config python3 python3-pip nodejs npm" \
+#     -t codewhale-toolbox:my-project .
+
+ARG CODEWHALE_IMAGE=ghcr.io/hmbown/codewhale:latest
+FROM ${CODEWHALE_IMAGE}
+
+USER root
+
+ARG TOOLBOX_PACKAGES="git openssh-client curl build-essential pkg-config python3 python3-pip nodejs npm"
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends sudo ${TOOLBOX_PACKAGES} \
+    && rm -rf /var/lib/apt/lists/* \
+    && printf '%s\n' 'codewhale ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/codewhale-nopasswd \
+    && chmod 0440 /etc/sudoers.d/codewhale-nopasswd
+
+USER codewhale
+WORKDIR /workspace

From 2b8f3bf3ddfaeff6c47dfe4cea3bc5d64bb61db5 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:37:33 -0500
Subject: [PATCH 098/283] docs: add provider registry reference and refresh
 provider lists (#2201)

- Add docs/PROVIDERS.md placeholder reference in README and CONFIGURATION.md
- Update provider lists to include moonshot, openrouter, novita
- Add MOONSHOT_API_KEY/KIMI_API_KEY env var docs
- Update default_text_model entries for all providers
- Change legacy deepseek-cn alias to deepseek
- Add CODEWHALE_PROVIDER as preferred env var name
---
 README.md             |   7 +-
 docs/CONFIGURATION.md |  18 +++--
 docs/PROVIDERS.md     | 159 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 176 insertions(+), 8 deletions(-)
 create mode 100644 docs/PROVIDERS.md

diff --git a/README.md b/README.md
index 334ae74f..88e679df 100644
--- a/README.md
+++ b/README.md
@@ -291,6 +291,9 @@ Both binaries are required. Cross-compilation and platform-specific notes: [docs
 
 ### Other API Providers
 
+For the full shipped provider registry, including model IDs, auth variables,
+base URLs, and capability boundaries, see [docs/PROVIDERS.md](docs/PROVIDERS.md).
+
 ```bash
 # NVIDIA NIM
 codewhale auth set --provider nvidia-nim --api-key "YOUR_NVIDIA_API_KEY"
@@ -472,11 +475,11 @@ Key environment variables:
 | `DEEPSEEK_HTTP_HEADERS` | Optional custom model request headers, e.g. `X-Model-Provider-Id=your-model-provider` |
 | `DEEPSEEK_MODEL` | Default model |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | Stream idle timeout in seconds, default `300`, clamped to `1..=3600` |
-| `DEEPSEEK_PROVIDER` | `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `sglang`, `vllm`, `ollama` |
+| `CODEWHALE_PROVIDER` / `DEEPSEEK_PROVIDER` | `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
 | `DEEPSEEK_PROFILE` | Config profile name |
 | `DEEPSEEK_MEMORY` | Set to `on` to enable user memory |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | Allow non-local `http://` API base URLs on trusted networks |
-| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
+| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | Generic OpenAI-compatible endpoint and model ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud endpoint and model override |
 | `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Wanjie Ark endpoint and model override |
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index b92cd8ff..1c362862 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -62,8 +62,11 @@ label without printing the key itself. The command only probes the active
 provider's keyring entry.
 
 For hosted, generic OpenAI-compatible, or self-hosted providers, set
-`provider = "nvidia-nim"`, `"openai"`, `"atlascloud"`, `"wanjie-ark"`, `"fireworks"`,
-`"sglang"`, `"vllm"`, or `"ollama"` or pass `codewhale --provider <name>`.
+`provider = "nvidia-nim"`, `"openai"`, `"atlascloud"`, `"wanjie-ark"`,
+`"openrouter"`, `"novita"`, `"fireworks"`, `"moonshot"`, `"sglang"`,
+`"vllm"`, or `"ollama"` or pass `codewhale --provider <name>`.
+For the provider-by-provider registry, including auth variables, default base
+URLs, model IDs, and capability metadata, see [PROVIDERS.md](PROVIDERS.md).
 The facade saves provider credentials to the shared user config and forwards
 the resolved key, base URL, provider, and model to the TUI process. Use
 `codewhale auth set --provider nvidia-nim --api-key "YOUR_NVIDIA_API_KEY"` or
@@ -204,7 +207,7 @@ aliases. When both forms are set the `CODEWHALE_*` value wins; the
 `DEEPSEEK_*` form is kept for older shells:
 
 - `CODEWHALE_PROVIDER` (preferred) / `DEEPSEEK_PROVIDER` (legacy alias) —
-  `deepseek|nvidia-nim|openai|atlascloud|wanjie-ark|openrouter|novita|fireworks|sglang|vllm|ollama`
+  `deepseek|nvidia-nim|openai|atlascloud|wanjie-ark|openrouter|novita|fireworks|moonshot|sglang|vllm|ollama`
 - `CODEWHALE_MODEL` (preferred) / `DEEPSEEK_MODEL` (legacy alias) — default model for the active provider
 - `CODEWHALE_BASE_URL` (preferred) / `DEEPSEEK_BASE_URL` (legacy alias) — base URL for the active provider
 
@@ -233,6 +236,9 @@ Remaining variables:
 - `NOVITA_BASE_URL`
 - `FIREWORKS_API_KEY`
 - `FIREWORKS_BASE_URL`
+- `MOONSHOT_API_KEY` or `KIMI_API_KEY`
+- `MOONSHOT_BASE_URL` or `KIMI_BASE_URL`
+- `MOONSHOT_MODEL`, `KIMI_MODEL_NAME`, or `KIMI_MODEL`
 - `SGLANG_BASE_URL`
 - `SGLANG_MODEL`
 - `SGLANG_API_KEY` (optional; many localhost SGLang servers do not require auth)
@@ -435,10 +441,10 @@ If you are upgrading from older releases:
 
 ### Core keys (used by the TUI/engine)
 
-- `provider` (string, optional): `codewhale` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `sglang`, `vllm`, or `ollama`. Legacy `deepseek-cn` configs are still accepted as an alias for `codewhale`; DeepSeek uses the same official host [`https://api.deepseek.com`](https://api-docs.deepseek.com/) worldwide. `nvidia-nim` targets NVIDIA's NIM-hosted DeepSeek endpoints through `https://integrate.api.nvidia.com/v1`; `openai` targets a generic OpenAI-compatible endpoint, defaulting to `https://api.openai.com/v1`; `atlascloud` targets AtlasCloud's OpenAI-compatible endpoint at `https://api.atlascloud.ai/v1`; `wanjie-ark` targets Wanjie Ark's OpenAI-compatible endpoint at `https://maas-openapi.wanjiedata.com/api/v1`; `fireworks` targets `https://api.fireworks.ai/inference/v1`; `sglang` targets a self-hosted OpenAI-compatible endpoint, defaulting to `http://localhost:30000/v1`; `vllm` targets a self-hosted vLLM OpenAI-compatible endpoint, defaulting to `http://localhost:8000/v1`; `ollama` targets Ollama's OpenAI-compatible endpoint, defaulting to `http://localhost:11434/v1`.
+- `provider` (string, optional): `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, or `ollama`. Legacy `deepseek-cn` configs are still accepted as an alias for `deepseek`; DeepSeek uses the same official host [`https://api.deepseek.com`](https://api-docs.deepseek.com/) worldwide. `nvidia-nim` targets NVIDIA's NIM-hosted DeepSeek endpoints through `https://integrate.api.nvidia.com/v1`; `openai` targets a generic OpenAI-compatible endpoint, defaulting to `https://api.openai.com/v1`; `atlascloud` targets AtlasCloud's OpenAI-compatible endpoint at `https://api.atlascloud.ai/v1`; `wanjie-ark` targets Wanjie Ark's OpenAI-compatible endpoint at `https://maas-openapi.wanjiedata.com/api/v1`; `openrouter` targets `https://openrouter.ai/api/v1`; `novita` targets `https://api.novita.ai/v1`; `fireworks` targets `https://api.fireworks.ai/inference/v1`; `moonshot` targets Moonshot/Kimi, defaulting to `https://api.moonshot.ai/v1`; `sglang` targets a self-hosted OpenAI-compatible endpoint, defaulting to `http://localhost:30000/v1`; `vllm` targets a self-hosted vLLM OpenAI-compatible endpoint, defaulting to `http://localhost:8000/v1`; `ollama` targets Ollama's OpenAI-compatible endpoint, defaulting to `http://localhost:11434/v1`.
 - `api_key` (string, required for hosted providers): must be non-empty for DeepSeek/hosted providers (or set the provider API key env var). Self-hosted SGLang, vLLM, and Ollama can omit it.
-- `base_url` (string, optional): defaults to `https://api.deepseek.com/beta` for DeepSeek's OpenAI-compatible Chat Completions API, including legacy `provider = "deepseek-cn"` configs, `https://api.openai.com/v1` for `provider = "openai"`, `https://api.atlascloud.ai/v1` for `provider = "atlascloud"`, `https://maas-openapi.wanjiedata.com/api/v1` for `provider = "wanjie-ark"`, or the provider-specific endpoint for hosted/self-hosted providers. Set `https://api.deepseek.com` or `https://api.deepseek.com/v1` explicitly to opt out of DeepSeek beta features.
-- `default_text_model` (string, optional): defaults to `deepseek-v4-pro` for DeepSeek and generic OpenAI-compatible endpoints, `deepseek-ai/deepseek-v4-pro` for NVIDIA NIM, `deepseek-ai/deepseek-v4-flash` for AtlasCloud, `deepseek-reasoner` for Wanjie Ark, `accounts/fireworks/models/deepseek-v4-pro` for Fireworks, `deepseek-ai/DeepSeek-V4-Pro` for SGLang/vLLM, and `codewhale-coder:1.3b` for Ollama. Current public DeepSeek IDs are `deepseek-v4-pro` and `deepseek-v4-flash`, both with 1M context windows, 384K max output, and thinking mode enabled by default. Legacy `deepseek-chat` and `deepseek-reasoner` remain compatibility aliases for `deepseek-v4-flash` until July 24, 2026. Provider-specific mappings translate `deepseek-v4-pro` / `deepseek-v4-flash` to each provider's model ID where supported. Generic `openai`, `atlascloud`, `wanjie-ark`, and Ollama model IDs are passed through unchanged. OpenRouter provider configs with a custom `base_url` also preserve explicit model values, which lets OpenAI-compatible gateways accept bare model IDs. Use `/models` or `codewhale models` to discover live IDs from your configured endpoint. `DEEPSEEK_MODEL` overrides this for a single process.
+- `base_url` (string, optional): defaults to `https://api.deepseek.com/beta` for DeepSeek's OpenAI-compatible Chat Completions API, including legacy `provider = "deepseek-cn"` configs. Other defaults are `https://integrate.api.nvidia.com/v1` for `nvidia-nim`, `https://api.openai.com/v1` for `openai`, `https://api.atlascloud.ai/v1` for `atlascloud`, `https://maas-openapi.wanjiedata.com/api/v1` for `wanjie-ark`, `https://openrouter.ai/api/v1` for `openrouter`, `https://api.novita.ai/v1` for `novita`, `https://api.fireworks.ai/inference/v1` for `fireworks`, `https://api.moonshot.ai/v1` for `moonshot`, `http://localhost:30000/v1` for `sglang`, `http://localhost:8000/v1` for `vllm`, and `http://localhost:11434/v1` for `ollama`. Set `https://api.deepseek.com` or `https://api.deepseek.com/v1` explicitly to opt out of DeepSeek beta features.
+- `default_text_model` (string, optional): defaults to `deepseek-v4-pro` for DeepSeek and generic OpenAI-compatible endpoints, `deepseek-ai/deepseek-v4-pro` for NVIDIA NIM, `deepseek-ai/deepseek-v4-flash` for AtlasCloud, `deepseek-reasoner` for Wanjie Ark, `deepseek/deepseek-v4-pro` for OpenRouter and Novita, `accounts/fireworks/models/deepseek-v4-pro` for Fireworks, `kimi-k2.6` for Moonshot, `deepseek-ai/DeepSeek-V4-Pro` for SGLang/vLLM, and `deepseek-coder:1.3b` for Ollama. Current public DeepSeek IDs are `deepseek-v4-pro` and `deepseek-v4-flash`, both with 1M context windows, 384K max output, and thinking mode enabled by default. Legacy `deepseek-chat` and `deepseek-reasoner` remain compatibility aliases for `deepseek-v4-flash` until July 24, 2026. Provider-specific mappings translate `deepseek-v4-pro` / `deepseek-v4-flash` to each provider's model ID where supported. Generic `openai`, `atlascloud`, `wanjie-ark`, and Ollama model IDs are passed through unchanged. OpenRouter provider configs with a custom `base_url` also preserve explicit model values, which lets OpenAI-compatible gateways accept bare model IDs. Use `/models` or `codewhale models` to discover live IDs from your configured endpoint. `CODEWHALE_MODEL` overrides this for a single process; `DEEPSEEK_MODEL` is the legacy alias.
 - `reasoning_effort` (string, optional): `off`, `low`, `medium`, `high`, or `max`; defaults to the configured UI tier. DeepSeek Platform receives top-level `thinking` / `reasoning_effort` fields. NVIDIA NIM receives equivalent settings through `chat_template_kwargs`.
 - `allow_shell` (bool, optional): defaults to `true` (sandboxed).
 - `approval_policy` (string, optional): `on-request`, `untrusted`, or `never`. Runtime `approval_mode` editing in `/config` also accepts `on-request` and `untrusted` aliases.
diff --git a/docs/PROVIDERS.md b/docs/PROVIDERS.md
new file mode 100644
index 00000000..38969415
--- /dev/null
+++ b/docs/PROVIDERS.md
@@ -0,0 +1,159 @@
+# Provider Registry
+
+This registry describes provider behavior that is wired into the current
+CodeWhale codebase. It is intentionally conservative: shipped entries are
+limited to provider IDs, config keys, auth paths, base URLs, model resolution,
+and capability metadata that the code already knows about.
+
+DeepSeek remains the first-class default provider. NVIDIA NIM, OpenRouter,
+Novita, Fireworks, generic OpenAI-compatible endpoints, self-hosted runtimes,
+and Moonshot/Kimi are additive routes for running the same terminal harness
+against other hosted or local model endpoints. Hugging Face Inference Providers
+are a planned additive open-model routing layer; they are not a native provider
+in this checkout yet.
+
+Sources to keep in sync:
+
+- `crates/config/src/lib.rs` - shared provider IDs, defaults, env precedence.
+- `crates/tui/src/config.rs` - TUI provider IDs, provider capability metadata,
+  and provider-specific env handling.
+- `crates/agent/src/lib.rs` - static `ModelRegistry` used by
+  `codewhale model list` and `codewhale model resolve`.
+- `config.example.toml` and `docs/CONFIGURATION.md` - user-facing config
+  examples and environment variable reference.
+
+## Provider Selection
+
+The canonical provider IDs are:
+
+`deepseek`, `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`,
+`novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, and `ollama`.
+
+Use any of these surfaces to select a provider:
+
+- CLI: `codewhale --provider <id>`
+- TUI: `/provider <id>` or the provider picker
+- Env: `CODEWHALE_PROVIDER=<id>`; `DEEPSEEK_PROVIDER=<id>` is the legacy alias
+- Config: `provider = "<id>"`
+
+`deepseek-cn`, `deepseek_china`, `deepseekcn`, and `deepseek-china` are accepted
+as legacy aliases for `deepseek`. They do not select a different official host;
+DeepSeek uses the same official API host worldwide.
+
+Fresh shared config writes to `~/.codewhale/config.toml`. Existing
+`~/.deepseek/config.toml` files are still read for compatibility.
+
+## Auth And Env Rules
+
+For hosted providers, `codewhale auth set --provider <id>` saves an API key for
+that provider. API-key environment variables are fallback inputs after saved
+config and keyring credentials; an explicit process-level `--api-key` still
+wins for that launch.
+
+For base URL and model selection, prefer:
+
+- `CODEWHALE_BASE_URL` / `CODEWHALE_MODEL` for the active provider.
+- Provider-specific base URL/model env vars when listed below.
+- `DEEPSEEK_BASE_URL`, `DEEPSEEK_MODEL`, and `DEEPSEEK_DEFAULT_TEXT_MODEL` as
+  legacy aliases.
+
+Non-local `http://` base URLs are rejected unless
+`DEEPSEEK_ALLOW_INSECURE_HTTP=1` is set. Loopback HTTP URLs are allowed for
+self-hosted runtimes.
+
+## Shipped Providers
+
+| Provider ID | TOML table | Auth env | Base URL env and default | Default or static models | Notes |
+| --- | --- | --- | --- | --- | --- |
+| `deepseek` | `[providers.deepseek]` | `DEEPSEEK_API_KEY` | `CODEWHALE_BASE_URL` / `DEEPSEEK_BASE_URL`; default `https://api.deepseek.com/beta` | `deepseek-v4-pro`, `deepseek-v4-flash`; compatibility aliases `deepseek-chat`, `deepseek-reasoner` | First-class default. Beta URL enables strict tool mode, chat prefix completion, and FIM completion. Set `https://api.deepseek.com` or `/v1` explicitly to opt out of beta-only features. |
+| `nvidia-nim` | `[providers.nvidia_nim]` | `NVIDIA_API_KEY`, `NVIDIA_NIM_API_KEY`, fallback `DEEPSEEK_API_KEY` | `NVIDIA_NIM_BASE_URL`, `NIM_BASE_URL`, `NVIDIA_BASE_URL`; default `https://integrate.api.nvidia.com/v1` | `deepseek-ai/deepseek-v4-pro`, `deepseek-ai/deepseek-v4-flash` | Hosted DeepSeek V4 through NVIDIA NIM. `NVIDIA_NIM_MODEL` is accepted by the TUI config path. |
+| `openai` | `[providers.openai]` | `OPENAI_API_KEY` | `OPENAI_BASE_URL`; default `https://api.openai.com/v1` | Registry entries: `deepseek-v4-pro`, `deepseek-v4-flash`; default config model `deepseek-v4-pro` | Generic OpenAI-compatible route for gateways and custom endpoints. Use this for explicit third-party OpenAI-compatible routes instead of inventing a new provider ID. `OPENAI_MODEL` is accepted. |
+| `atlascloud` | `[providers.atlascloud]` | `ATLASCLOUD_API_KEY` | `ATLASCLOUD_BASE_URL`; default `https://api.atlascloud.ai/v1` | Default config model `deepseek-ai/deepseek-v4-flash` | OpenAI-compatible hosted route. `ATLASCLOUD_MODEL` is accepted by the TUI config path. The static `ModelRegistry` does not currently list AtlasCloud rows. |
+| `wanjie-ark` | `[providers.wanjie_ark]` | `WANJIE_ARK_API_KEY`, `WANJIE_API_KEY`, `WANJIE_MAAS_API_KEY` | `WANJIE_ARK_BASE_URL`, `WANJIE_BASE_URL`, `WANJIE_MAAS_BASE_URL`; default `https://maas-openapi.wanjiedata.com/api/v1` | `deepseek-reasoner` | OpenAI-compatible hosted route. `WANJIE_ARK_MODEL`, `WANJIE_MODEL`, and `WANJIE_MAAS_MODEL` are accepted. |
+| `openrouter` | `[providers.openrouter]` | `OPENROUTER_API_KEY` | `OPENROUTER_BASE_URL`; default `https://openrouter.ai/api/v1` | `deepseek/deepseek-v4-pro`, `deepseek/deepseek-v4-flash` | Additive open-model routing layer. It does not replace DeepSeek; it lets users route supported model IDs through OpenRouter when they choose it. |
+| `novita` | `[providers.novita]` | `NOVITA_API_KEY` | `NOVITA_BASE_URL`; default `https://api.novita.ai/v1` | `deepseek/deepseek-v4-pro`, `deepseek/deepseek-v4-flash` | OpenAI-compatible hosted route for DeepSeek model IDs. Use config or `CODEWHALE_MODEL` / `DEEPSEEK_MODEL` for model overrides. |
+| `fireworks` | `[providers.fireworks]` | `FIREWORKS_API_KEY` | `FIREWORKS_BASE_URL`; default `https://api.fireworks.ai/inference/v1` | `accounts/fireworks/models/deepseek-v4-pro` | OpenAI-compatible hosted route. Use config or `CODEWHALE_MODEL` / `DEEPSEEK_MODEL` for model overrides. |
+| `moonshot` | `[providers.moonshot]` | `MOONSHOT_API_KEY`, `KIMI_API_KEY` | `MOONSHOT_BASE_URL`, `KIMI_BASE_URL`; default `https://api.moonshot.ai/v1` | `kimi-k2.6`; Kimi Code path uses `kimi-for-coding` at `https://api.kimi.com/coding/v1` | Moonshot/Kimi route. `MOONSHOT_MODEL`, `KIMI_MODEL_NAME`, and `KIMI_MODEL` are accepted. `[providers.moonshot] auth_mode = "kimi_oauth"` reads Kimi CLI OAuth credentials when present. |
+| `sglang` | `[providers.sglang]` | Optional `SGLANG_API_KEY` | `SGLANG_BASE_URL`; default `http://localhost:30000/v1` | `deepseek-ai/DeepSeek-V4-Pro`, `deepseek-ai/DeepSeek-V4-Flash` | Self-hosted OpenAI-compatible route. Localhost deployments commonly omit auth. `SGLANG_MODEL` is accepted. |
+| `vllm` | `[providers.vllm]` | Optional `VLLM_API_KEY` | `VLLM_BASE_URL`; default `http://localhost:8000/v1` | `deepseek-ai/DeepSeek-V4-Pro`, `deepseek-ai/DeepSeek-V4-Flash` | Self-hosted vLLM OpenAI-compatible route. Localhost deployments commonly omit auth. `VLLM_MODEL` is accepted. |
+| `ollama` | `[providers.ollama]` | Optional `OLLAMA_API_KEY` | `OLLAMA_BASE_URL`; default `http://localhost:11434/v1` | `deepseek-coder:1.3b`; provider-hinted custom tags pass through | Self-hosted Ollama OpenAI-compatible route. Localhost deployments commonly omit auth. `OLLAMA_MODEL` is accepted. |
+
+## Static Model Registry
+
+`codewhale model list` and `codewhale model resolve` use the static registry in
+`crates/agent/src/lib.rs`. This is not the same as live `/models` discovery.
+Use `/models` or `codewhale models` to fetch model IDs from the active API
+endpoint when the endpoint supports model listing.
+
+| Provider | Static registry entries | Tool calls | Registry reasoning flag |
+| --- | --- | --- | --- |
+| `deepseek` | `deepseek-v4-pro`, `deepseek-v4-flash` | yes | yes |
+| `nvidia-nim` | `deepseek-ai/deepseek-v4-pro`, `deepseek-ai/deepseek-v4-flash` | yes | yes |
+| `openai` | `deepseek-v4-pro`, `deepseek-v4-flash` | yes | yes |
+| `wanjie-ark` | `deepseek-reasoner` | yes | yes |
+| `openrouter` | `deepseek/deepseek-v4-pro`, `deepseek/deepseek-v4-flash` | yes | yes |
+| `novita` | `deepseek/deepseek-v4-pro`, `deepseek/deepseek-v4-flash` | yes | yes |
+| `fireworks` | `accounts/fireworks/models/deepseek-v4-pro` | yes | yes |
+| `moonshot` | `kimi-k2.6` | yes | yes |
+| `sglang` | `deepseek-ai/DeepSeek-V4-Pro`, `deepseek-ai/DeepSeek-V4-Flash` | yes | yes |
+| `vllm` | `deepseek-ai/DeepSeek-V4-Pro`, `deepseek-ai/DeepSeek-V4-Flash` | yes | yes |
+| `ollama` | `deepseek-coder:1.3b`; custom tags pass through when provider hint is `ollama` | yes | no |
+
+The registry currently has no AtlasCloud entry even though AtlasCloud is a
+supported provider in config and TUI selection. AtlasCloud should use the
+configured model or live model listing.
+
+## Capability Metadata
+
+`codewhale-tui doctor --json` exposes the `capability` object. It is static
+metadata, not a live API probe. Current fields are:
+
+`resolved_provider`, `resolved_model`, `context_window`, `max_output`,
+`thinking_supported`, `cache_telemetry_supported`, and `request_payload_mode`.
+
+All shipped providers use the Chat Completions request payload mode today.
+
+| Provider/model class | Context window | Max output metadata | Thinking support | Cache telemetry | FIM endpoint |
+| --- | --- | --- | --- | --- | --- |
+| DeepSeek V4 (`deepseek-v4-pro`, `deepseek-v4-flash`) | 1,000,000 | 384,000 | yes | yes | DeepSeek beta only |
+| DeepSeek compatibility aliases (`deepseek-chat`, `deepseek-reasoner`) | 1,000,000 | 384,000 | yes | yes | DeepSeek beta only |
+| NVIDIA NIM V4 registry models | 1,000,000 | 384,000 | yes | yes | not documented in code |
+| OpenRouter, Novita, Fireworks, SGLang, and vLLM V4 model IDs | 1,000,000 | 384,000 | yes | no | not documented in code |
+| Wanjie Ark `reasoner` / `r1` model IDs | 128,000 | 4,096 | yes | no | not documented in code |
+| Generic `openai`, AtlasCloud, and Moonshot/Kimi | 128,000 | 4,096 | no in doctor capability metadata | no | not documented in code |
+| Ollama | 8,192 | 4,096 | no | no | not documented in code |
+| Other recognized DeepSeek model IDs | 128,000 unless the model name carries an explicit `Nk` hint | 4,096 | no unless V4/reasoner logic matches | DeepSeek/NIM only | DeepSeek beta only |
+
+Tool-call support is tracked separately by the static `ModelRegistry` and by
+the endpoint's ability to accept OpenAI-compatible `tools` payloads. A custom
+OpenAI-compatible or local endpoint can still reject tool calls even if
+CodeWhale can send the schema.
+
+DeepSeek compatibility aliases `deepseek-chat` and `deepseek-reasoner` map to
+`deepseek-v4-flash` capability metadata and are scheduled to retire on
+2026-07-24 at 2026-07-24T15:59:00Z.
+
+## Planned, Not Shipped Yet
+
+These items belong to the v0.8.47 provider-abstraction milestone or related
+provider docs work, but they are not native shipped behavior in this checkout:
+
+- A unified `Provider` trait in `codewhale-agent` that owns env precedence,
+  secret resolution, base URL normalization, auth-header construction, and
+  provider metadata. Those responsibilities are still split across
+  `crates/config`, `crates/secrets`, and `crates/tui/src/client.rs`.
+- A native Hugging Face provider such as `[providers.huggingface]`.
+- Native Hugging Face auth envs such as `HF_TOKEN` or `HUGGINGFACE_API_KEY`.
+- A default Hugging Face router base URL such as
+  `https://router.huggingface.co/v1`.
+- Hugging Face model passport metadata in the picker, including license, base
+  model, context length, chat template, tool-call support, reasoning support,
+  and gated/private status.
+- A generated drift-check script that fails when this file diverges from the
+  provider registry. Until that exists, update this file with a source read of
+  the files listed at the top.
+
+Until native Hugging Face support lands, users can only reach an explicitly
+configured Hugging Face-compatible OpenAI route through the generic `openai`
+provider. That is an explicit user-selected route, not built-in Hub discovery
+or a replacement for DeepSeek.

From 8d48b19b5d8e41b651656d7f91ab6a5405467381 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:37:33 -0500
Subject: [PATCH 099/283] test: add regression coverage for edit_file fuzz
 omission (#2138)

- Test that edit_file accepts calls with fuzz omitted, fuzz=false, and fuzz=true
- Verify fuzz is excluded from schema required fields but present as optional boolean
- Add agent-mode catalog test confirming edit_file is loaded and fuzz-less calls execute
- Update existing required-fields assertions to check for exactly path/search/replace
---
 crates/tui/src/core/engine/tests.rs | 64 +++++++++++++++++++++++++++++
 crates/tui/src/tools/file.rs        | 43 ++++++++++++++++++-
 2 files changed, 106 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index 422fdc11..f138726e 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -472,6 +472,70 @@ fn model_tool_catalog_applies_native_and_mcp_deferral() {
     assert_eq!(defer_loading("mcp_server_write"), Some(true));
 }
 
+#[test]
+fn agent_catalog_keeps_edit_file_loaded_when_fuzz_is_omitted() {
+    let (engine, _handle) = Engine::new(EngineConfig::default(), &Config::default());
+    let registry = engine
+        .build_turn_tool_registry_builder(
+            AppMode::Agent,
+            engine.config.todos.clone(),
+            engine.config.plan_state.clone(),
+        )
+        .build(engine.build_tool_context(AppMode::Agent, false));
+    let always_load = HashSet::new();
+    let catalog = build_model_tool_catalog(
+        registry.to_api_tools_with_cache(true),
+        vec![],
+        AppMode::Agent,
+        &always_load,
+    );
+    let edit = catalog
+        .iter()
+        .find(|tool| tool.name == "edit_file")
+        .expect("edit_file registered");
+
+    assert_eq!(edit.defer_loading, Some(false));
+    let required = edit.input_schema["required"]
+        .as_array()
+        .expect("edit_file schema should include required fields");
+    assert!(required.iter().any(|field| field.as_str() == Some("path")));
+    assert!(
+        required
+            .iter()
+            .any(|field| field.as_str() == Some("search"))
+    );
+    assert!(
+        required
+            .iter()
+            .any(|field| field.as_str() == Some("replace"))
+    );
+    assert!(!required.iter().any(|field| field.as_str() == Some("fuzz")));
+    assert_eq!(
+        edit.input_schema["properties"]["fuzz"]["type"].as_str(),
+        Some("boolean")
+    );
+
+    let active_at_batch_start = initial_active_tools(&catalog);
+    assert!(active_at_batch_start.contains("edit_file"));
+    let mut hydrated_this_batch = HashSet::new();
+    assert!(
+        maybe_hydrate_requested_deferred_tool(
+            "edit_file",
+            &json!({
+                "path": "src/foo.rs",
+                "search": "before",
+                "replace": "after"
+            }),
+            &catalog,
+            &active_at_batch_start,
+            &mut hydrated_this_batch,
+        )
+        .is_none(),
+        "loaded edit_file calls without fuzz should execute instead of hydrating the schema"
+    );
+    assert!(hydrated_this_batch.is_empty());
+}
+
 #[test]
 fn tools_always_load_overrides_default_native_deferral() {
     let always_load = HashSet::from(["git_show".to_string()]);
diff --git a/crates/tui/src/tools/file.rs b/crates/tui/src/tools/file.rs
index 97ebadd8..068c2030 100644
--- a/crates/tui/src/tools/file.rs
+++ b/crates/tui/src/tools/file.rs
@@ -1475,6 +1475,41 @@ mod tests {
         assert_eq!(edited, "hi world hi");
     }
 
+    #[tokio::test]
+    async fn test_edit_file_accepts_omitted_and_explicit_fuzz() {
+        let tmp = tempdir().expect("tempdir");
+        let ctx = ToolContext::new(tmp.path().to_path_buf());
+        let tool = EditFileTool;
+
+        for (file_name, fuzz) in [
+            ("fuzz_omitted.txt", None),
+            ("fuzz_false.txt", Some(false)),
+            ("fuzz_true.txt", Some(true)),
+        ] {
+            let test_file = tmp.path().join(file_name);
+            fs::write(&test_file, "hello world").expect("write");
+
+            let mut input = serde_json::Map::from_iter([
+                ("path".to_string(), json!(file_name)),
+                ("search".to_string(), json!("hello")),
+                ("replace".to_string(), json!("hi")),
+            ]);
+            if let Some(fuzz) = fuzz {
+                input.insert("fuzz".to_string(), json!(fuzz));
+            }
+
+            let result = tool
+                .execute(Value::Object(input), &ctx)
+                .await
+                .expect("execute");
+
+            assert!(result.success, "{file_name}: {}", result.content);
+            assert!(result.content.contains("Replaced 1 occurrence"));
+            let edited = fs::read_to_string(&test_file).expect("read");
+            assert_eq!(edited, "hi world");
+        }
+    }
+
     #[tokio::test]
     async fn test_edit_file_single_match_has_no_multi_match_warning() {
         let tmp = tempdir().expect("tempdir");
@@ -1827,7 +1862,13 @@ mod tests {
             .get("required")
             .and_then(|value| value.as_array())
             .expect("edit schema should include required array");
-        assert_eq!(required.len(), 3);
+        let required_fields: Vec<_> = required.iter().filter_map(|value| value.as_str()).collect();
+        assert_eq!(required_fields, vec!["path", "search", "replace"]);
+        assert!(!required_fields.contains(&"fuzz"));
+        assert_eq!(
+            edit_schema["properties"]["fuzz"]["type"].as_str(),
+            Some("boolean")
+        );
         let search_desc = edit_schema["properties"]["search"]["description"]
             .as_str()
             .expect("search description");

From 91ab9089ab52f53b80b1aa58708239ffc2b1f34c Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:37:53 -0500
Subject: [PATCH 100/283] fix: add DEEPSEEK_ALLOW_INSECURE_HTTP env guard for
 LAN vLLM (#1656)

- Add env guard with process-global mutex for ALLOW_INSECURE_HTTP tests
- Document LAN vLLM HTTP example in README
- Add config test for reported LAN HTTP endpoint + model resolution
- Guard validate_base_url_security tests against env leak
---
 README.md                |  2 ++
 crates/tui/src/client.rs | 40 ++++++++++++++++++++++++++++++++++++++++
 crates/tui/src/config.rs | 29 +++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+)

diff --git a/README.md b/README.md
index 334ae74f..65094773 100644
--- a/README.md
+++ b/README.md
@@ -325,6 +325,8 @@ SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model
 
 # Self-hosted vLLM
 VLLM_BASE_URL="http://localhost:8000/v1" codewhale --provider vllm --model deepseek-v4-flash
+# Trusted LAN vLLM over HTTP
+DEEPSEEK_ALLOW_INSECURE_HTTP=1 VLLM_BASE_URL="http://192.168.0.110:8000/v1" codewhale --provider vllm --model deepseek-v4-flash
 
 # Self-hosted Ollama
 ollama pull codewhale-coder:1.3b
diff --git a/crates/tui/src/client.rs b/crates/tui/src/client.rs
index 025a8344..b89825ac 100644
--- a/crates/tui/src/client.rs
+++ b/crates/tui/src/client.rs
@@ -2862,6 +2862,10 @@ mod tests {
 
     #[test]
     fn base_url_security_rejects_insecure_non_local_http() {
+        let _lock = ALLOW_INSECURE_HTTP_ENV_LOCK.lock().unwrap();
+        let _guard = AllowInsecureHttpEnvGuard::capture();
+        unsafe { std::env::remove_var(ALLOW_INSECURE_HTTP_ENV) };
+
         let err = validate_base_url_security("http://api.deepseek.com")
             .expect_err("non-local insecure HTTP should be rejected");
         assert!(err.to_string().contains("Refusing insecure base URL"));
@@ -2869,10 +2873,46 @@ mod tests {
 
     #[test]
     fn base_url_security_allows_localhost_http() {
+        let _lock = ALLOW_INSECURE_HTTP_ENV_LOCK.lock().unwrap();
+        let _guard = AllowInsecureHttpEnvGuard::capture();
+        unsafe { std::env::remove_var(ALLOW_INSECURE_HTTP_ENV) };
+
         assert!(validate_base_url_security("http://localhost:8080").is_ok());
         assert!(validate_base_url_security("http://127.0.0.1:8080").is_ok());
     }
 
+    #[test]
+    fn base_url_security_allows_non_local_http_with_explicit_opt_in() {
+        let _lock = ALLOW_INSECURE_HTTP_ENV_LOCK.lock().unwrap();
+        let _guard = AllowInsecureHttpEnvGuard::capture();
+        unsafe { std::env::set_var(ALLOW_INSECURE_HTTP_ENV, "1") };
+
+        assert!(validate_base_url_security("http://192.168.0.110:8000/v1").is_ok());
+    }
+
+    /// Serialize tests that mutate `DEEPSEEK_ALLOW_INSECURE_HTTP`; env vars are
+    /// process-global and would otherwise leak across security checks.
+    static ALLOW_INSECURE_HTTP_ENV_LOCK: std::sync::Mutex<()> = std::sync::Mutex::new(());
+
+    struct AllowInsecureHttpEnvGuard {
+        prior: Option<std::ffi::OsString>,
+    }
+    impl AllowInsecureHttpEnvGuard {
+        fn capture() -> Self {
+            Self {
+                prior: std::env::var_os(ALLOW_INSECURE_HTTP_ENV),
+            }
+        }
+    }
+    impl Drop for AllowInsecureHttpEnvGuard {
+        fn drop(&mut self) {
+            match &self.prior {
+                Some(v) => unsafe { std::env::set_var(ALLOW_INSECURE_HTTP_ENV, v) },
+                None => unsafe { std::env::remove_var(ALLOW_INSECURE_HTTP_ENV) },
+            }
+        }
+    }
+
     #[test]
     fn connection_health_degrades_and_recovers() {
         let now = Instant::now();
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 63fd1e80..46fb0023 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -6445,6 +6445,35 @@ model = "qwen2.5-coder:7b"
         Ok(())
     }
 
+    #[test]
+    fn vllm_env_resolves_reported_lan_http_endpoint_and_model() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-vllm-lan-http-test-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        // Safety: test-only environment mutation guarded by a global mutex.
+        unsafe {
+            env::set_var("DEEPSEEK_PROVIDER", "vllm");
+            env::set_var("VLLM_BASE_URL", "http://192.168.0.110:8000/v1");
+            env::set_var("DEEPSEEK_MODEL", "deepseek-v4-flash");
+        }
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::Vllm);
+        assert_eq!(config.deepseek_base_url(), "http://192.168.0.110:8000/v1");
+        assert_eq!(config.default_model(), "deepseek-v4-flash");
+        Ok(())
+    }
+
     #[test]
     fn ollama_env_overrides_base_url_and_model() -> Result<()> {
         let _lock = lock_test_env();

From 99941d9d01cca9e9854bc72fa8b1876ff1268d4b Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:37:53 -0500
Subject: [PATCH 101/283] fix: include tool catalog in cache-inspect prefix
 hashing (#1818)

- Track tool catalog as a static layer in prompt inspection
- Include tools in cache-warmup request with tool_choice=none
- Ensure tool schema changes are visible to base-static-prefix diagnostics
- Factor test_tool helper for cache-inspect test coverage
---
 crates/tui/src/client.rs      | 64 ++++++++++++++++++++++++++-
 crates/tui/src/client/chat.rs | 82 ++++++++++++++++++++++++-----------
 2 files changed, 119 insertions(+), 27 deletions(-)

diff --git a/crates/tui/src/client.rs b/crates/tui/src/client.rs
index 025a8344..80a6a009 100644
--- a/crates/tui/src/client.rs
+++ b/crates/tui/src/client.rs
@@ -1125,6 +1125,23 @@ mod tests {
     };
     use serde_json::json;
 
+    fn test_tool(name: &str) -> Tool {
+        Tool {
+            tool_type: None,
+            name: name.to_string(),
+            description: format!("{name} test tool"),
+            input_schema: json!({
+                "type": "object",
+                "properties": {},
+            }),
+            allowed_callers: None,
+            defer_loading: Some(false),
+            input_examples: None,
+            strict: Some(true),
+            cache_control: None,
+        }
+    }
+
     #[test]
     fn tool_name_roundtrip_dot() {
         let original = "multi_tool_use.parallel";
@@ -1810,6 +1827,49 @@ mod tests {
         ));
     }
 
+    #[test]
+    fn prompt_inspect_tracks_tool_catalog_in_static_prefix_hash() {
+        let request = MessageRequest {
+            model: "deepseek-v4-pro".to_string(),
+            messages: vec![Message {
+                role: "user".to_string(),
+                content: vec![ContentBlock::Text {
+                    text: "Current task".to_string(),
+                    cache_control: None,
+                }],
+            }],
+            max_tokens: 1024,
+            system: Some(SystemPrompt::Text("Base policy".to_string())),
+            tools: Some(vec![test_tool("read_file")]),
+            tool_choice: None,
+            metadata: None,
+            thinking: None,
+            reasoning_effort: Some("max".to_string()),
+            stream: None,
+            temperature: None,
+            top_p: None,
+        };
+
+        let first = inspect_prompt_for_request(&request);
+        let mut changed_tools = request.clone();
+        changed_tools.tools = Some(vec![test_tool("read_file"), test_tool("grep_files")]);
+        let second = inspect_prompt_for_request(&changed_tools);
+
+        assert!(
+            first.layers.iter().any(|layer| {
+                layer.name == "Tool catalog" && layer.stability.label() == "static"
+            })
+        );
+        assert_ne!(
+            first.base_static_prefix_hash, second.base_static_prefix_hash,
+            "tool schema changes must be visible to cache-inspect base prefix diagnostics"
+        );
+        assert_ne!(
+            first.full_request_prefix_hash, second.full_request_prefix_hash,
+            "tool schema changes must be visible to full reusable-prefix diagnostics"
+        );
+    }
+
     #[test]
     fn cache_warmup_request_reuses_stable_prefix_and_fixed_user_tail() {
         let request = MessageRequest {
@@ -1835,7 +1895,7 @@ mod tests {
                 "Base policy\n\n<project_instructions source=\"AGENTS.md\">\nStable project rules\n</project_instructions>\n\n## Previous Session Relay\n\nDynamic relay"
                     .to_string(),
             )),
-            tools: None,
+            tools: Some(vec![test_tool("read_file")]),
             tool_choice: None,
             metadata: None,
             thinking: None,
@@ -1850,6 +1910,8 @@ mod tests {
         assert_eq!(warmup.max_tokens, 8);
         assert_eq!(warmup.temperature, Some(0.0));
         assert_eq!(warmup.reasoning_effort.as_deref(), Some("max"));
+        assert_eq!(warmup.tools.as_ref().map(Vec::len), Some(1));
+        assert_eq!(warmup.tool_choice, Some(json!("none")));
         assert_eq!(warmup.messages.len(), 2);
         assert_eq!(warmup.messages[0].role, "assistant");
         assert_eq!(warmup.messages[1].role, "user");
diff --git a/crates/tui/src/client/chat.rs b/crates/tui/src/client/chat.rs
index dd6c37a4..656330fc 100644
--- a/crates/tui/src/client/chat.rs
+++ b/crates/tui/src/client/chat.rs
@@ -438,6 +438,7 @@ pub(crate) fn build_cache_warmup_request(request: &MessageRequest) -> MessageReq
 struct PromptBuilder<'a> {
     system: Option<&'a SystemPrompt>,
     messages: &'a [Message],
+    tools: Option<&'a [Tool]>,
     model: &'a str,
     reasoning_effort: Option<&'a str>,
 }
@@ -447,6 +448,7 @@ impl<'a> PromptBuilder<'a> {
         Self {
             system: request.system.as_ref(),
             messages: &request.messages,
+            tools: request.tools.as_deref(),
             model: &request.model,
             reasoning_effort: request.reasoning_effort.as_deref(),
         }
@@ -485,12 +487,17 @@ impl<'a> PromptBuilder<'a> {
             should_replay_reasoning_content(self.model, self.reasoning_effort),
             true,
         );
-        inspect_wire_messages(&messages)
+        inspect_wire_request(self.tools, &messages)
     }
 
     fn build_cache_warmup_request(self) -> MessageRequest {
         let system = stable_system_prompt(self.system);
         let mut messages = stable_history_messages(self.messages);
+        let tools = self
+            .tools
+            .filter(|tools| !tools.is_empty())
+            .map(<[Tool]>::to_vec);
+        let tool_choice = tools.as_ref().map(|_| json!("none"));
         messages.push(Message {
             role: "user".to_string(),
             content: vec![ContentBlock::Text {
@@ -504,8 +511,8 @@ impl<'a> PromptBuilder<'a> {
             messages,
             max_tokens: 8,
             system,
-            tools: None,
-            tool_choice: None,
+            tools,
+            tool_choice,
             metadata: None,
             thinking: None,
             reasoning_effort: self.reasoning_effort.map(str::to_string),
@@ -581,20 +588,19 @@ impl PromptLayerStability {
     }
 }
 
-fn inspect_wire_messages(messages: &[Value]) -> PromptInspection {
+fn inspect_wire_request(tools: Option<&[Tool]>, messages: &[Value]) -> PromptInspection {
     let mut layers = Vec::new();
     let mut base_static_prefix_parts = Vec::new();
     let mut full_request_prefix_parts = Vec::new();
+    let mut start_index = 0;
 
-    for (index, message) in messages.iter().enumerate() {
+    if let Some(message) = messages.first() {
         let role = message
             .get("role")
             .and_then(Value::as_str)
             .unwrap_or("unknown");
         let content = message_content_for_inspect(message);
-        let is_last = index + 1 == messages.len();
-
-        if index == 0 && role == "system" {
+        if role == "system" {
             for (name, stability, body) in split_system_layers(&content) {
                 if stability == PromptLayerStability::Static {
                     base_static_prefix_parts.push(body.to_string());
@@ -604,27 +610,46 @@ fn inspect_wire_messages(messages: &[Value]) -> PromptInspection {
                 }
                 layers.push(prompt_layer(name, stability, body));
             }
-        } else {
-            let stability = if (is_last && role == "user") || role == "tool" {
-                PromptLayerStability::Dynamic
-            } else {
-                PromptLayerStability::History
-            };
-            let name = if is_last && role == "user" {
-                "User task".to_string()
-            } else {
-                format!("Message #{index} {role}")
-            };
-            if stability != PromptLayerStability::Dynamic {
-                full_request_prefix_parts.push(content.clone());
-            }
-            let mut layer = prompt_layer(name, stability, &content);
-            layer.tool_result = tool_result_inspection_for_message(message);
-            layer.turn_meta = turn_meta_inspection_for_message(message);
-            layers.push(layer);
+            start_index = 1;
         }
     }
 
+    if let Some(tool_catalog) = tool_catalog_for_inspect(tools) {
+        base_static_prefix_parts.push(tool_catalog.clone());
+        full_request_prefix_parts.push(tool_catalog.clone());
+        layers.push(prompt_layer(
+            "Tool catalog".to_string(),
+            PromptLayerStability::Static,
+            &tool_catalog,
+        ));
+    }
+
+    for (index, message) in messages.iter().enumerate().skip(start_index) {
+        let role = message
+            .get("role")
+            .and_then(Value::as_str)
+            .unwrap_or("unknown");
+        let content = message_content_for_inspect(message);
+        let is_last = index + 1 == messages.len();
+        let stability = if (is_last && role == "user") || role == "tool" {
+            PromptLayerStability::Dynamic
+        } else {
+            PromptLayerStability::History
+        };
+        let name = if is_last && role == "user" {
+            "User task".to_string()
+        } else {
+            format!("Message #{index} {role}")
+        };
+        if stability != PromptLayerStability::Dynamic {
+            full_request_prefix_parts.push(content.clone());
+        }
+        let mut layer = prompt_layer(name, stability, &content);
+        layer.tool_result = tool_result_inspection_for_message(message);
+        layer.turn_meta = turn_meta_inspection_for_message(message);
+        layers.push(layer);
+    }
+
     let base_static_prefix = base_static_prefix_parts.join("\n");
     let full_request_prefix = full_request_prefix_parts.join("\n");
 
@@ -635,6 +660,11 @@ fn inspect_wire_messages(messages: &[Value]) -> PromptInspection {
     }
 }
 
+fn tool_catalog_for_inspect(tools: Option<&[Tool]>) -> Option<String> {
+    let tools = tools.filter(|tools| !tools.is_empty())?;
+    serde_json::to_string(&tools.iter().map(tool_to_chat).collect::<Vec<_>>()).ok()
+}
+
 fn message_content_for_inspect(message: &Value) -> String {
     let mut parts = Vec::new();
     if let Some(content) = message.get("content").and_then(Value::as_str)

From aeaf91d589bc954b8059da68af542f7598597f9c Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:37:53 -0500
Subject: [PATCH 102/283] feat(web_search): switch default backend from Bing to
 DuckDuckGo (#2132)

- Make DuckDuckGo the default search provider with Bing fallback
- Update tool description, config docs, TOOL_SURFACE, doctor output
- Update all search default tests and references
- Bing remains selectable via [search] provider = "bing"
---
 crates/tui/src/config.rs           | 16 ++++++++--------
 crates/tui/src/core/engine.rs      |  2 +-
 crates/tui/src/main.rs             |  9 +++++----
 crates/tui/src/tools/spec.rs       |  2 +-
 crates/tui/src/tools/web_search.rs |  2 +-
 docs/CONFIGURATION.md              | 10 ++++++----
 docs/TOOL_SURFACE.md               |  2 +-
 7 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 63fd1e80..684e888a 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -648,9 +648,9 @@ impl SnapshotsConfig {
 #[serde(rename_all = "snake_case")]
 pub enum SearchProvider {
     /// Bing HTML scraping. No API key needed.
-    #[default]
     Bing,
     /// DuckDuckGo HTML scraping with Bing fallback. No API key needed.
+    #[default]
     #[serde(alias = "duckduckgo")]
     DuckDuckGo,
     /// Tavily AI Search API (<https://tavily.com>). Requires api_key.
@@ -714,7 +714,7 @@ pub struct SearchProviderResolution {
 /// Web search provider configuration (`[search]` table in config.toml).
 #[derive(Debug, Clone, Deserialize, Default)]
 pub struct SearchConfig {
-    /// Search provider: `bing` | `duckduckgo` | `tavily` | `bocha` | `metaso`. Default: `bing`.
+    /// Search provider: `bing` | `duckduckgo` | `tavily` | `bocha` | `metaso`. Default: `duckduckgo`.
     #[serde(default)]
     pub provider: Option<SearchProvider>,
     /// API key for Tavily, Bocha, or Metaso. Not required for Bing or DuckDuckGo.
@@ -1105,9 +1105,9 @@ pub struct Config {
     #[serde(default)]
     pub snapshots: Option<SnapshotsConfig>,
 
-    /// Web search provider configuration. When absent, defaults to Bing.
-    /// Set `provider` to `duckduckgo`, `tavily`, or `bocha` to use those
-    /// services instead; Tavily and Bocha also require an `api_key`.
+    /// Web search provider configuration. When absent, defaults to DuckDuckGo.
+    /// Set `provider` to `bing`, `tavily`, or `bocha` to use those services
+    /// instead; Tavily and Bocha also require an `api_key`.
     #[serde(default)]
     pub search: Option<SearchConfig>,
 
@@ -4208,8 +4208,8 @@ mod tests {
     }
 
     #[test]
-    fn search_provider_defaults_to_bing() {
-        assert_eq!(SearchProvider::default(), SearchProvider::Bing);
+    fn search_provider_defaults_to_duckduckgo() {
+        assert_eq!(SearchProvider::default(), SearchProvider::DuckDuckGo);
     }
 
     #[test]
@@ -4254,7 +4254,7 @@ mod tests {
         let resolution = Config::default().search_provider_resolution();
 
         unsafe { EnvGuard::restore_var("DEEPSEEK_SEARCH_PROVIDER", prev) };
-        assert_eq!(resolution.provider, SearchProvider::Bing);
+        assert_eq!(resolution.provider, SearchProvider::DuckDuckGo);
         assert_eq!(resolution.source, SearchProviderSource::Default);
     }
 
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index e81debe9..516a1f38 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -162,7 +162,7 @@ pub struct EngineConfig {
     pub strict_tool_mode: bool,
     /// Workshop / large-tool-output routing (#548). `None` disables routing.
     pub workshop: Option<crate::tools::large_output_router::WorkshopConfig>,
-    /// Which search backend `web_search` should use. Default: Bing.
+    /// Which search backend `web_search` should use. Default: DuckDuckGo.
     pub search_provider: crate::config::SearchProvider,
     /// API key for Tavily, Bocha, or Metaso. `None` for Bing or DuckDuckGo.
     /// Metaso also falls back to `METASO_API_KEY` env var, then a built-in key.
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 473484dc..352e6ea2 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -3163,11 +3163,11 @@ fn doctor_search_provider_line(config: &Config) -> String {
     let switch_hint = if matches!(
         (search_provider.provider, search_provider.source),
         (
-            crate::config::SearchProvider::Bing,
+            crate::config::SearchProvider::DuckDuckGo,
             crate::config::SearchProviderSource::Default
         )
     ) {
-        "; set [search] provider = \"duckduckgo\" | \"tavily\" | \"bocha\" to switch"
+        "; set [search] provider = \"bing\" | \"tavily\" | \"bocha\" to switch"
     } else {
         ""
     };
@@ -5701,7 +5701,7 @@ mod doctor_endpoint_tests {
     }
 
     #[test]
-    fn doctor_search_provider_line_includes_default_source_and_switch_hint() {
+    fn doctor_search_provider_line_includes_duckduckgo_default_source_and_switch_hint() {
         let _guard = crate::test_support::lock_test_env();
         let prev = std::env::var_os("DEEPSEEK_SEARCH_PROVIDER");
         unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") };
@@ -5712,9 +5712,10 @@ mod doctor_endpoint_tests {
             Some(value) => unsafe { std::env::set_var("DEEPSEEK_SEARCH_PROVIDER", value) },
             None => unsafe { std::env::remove_var("DEEPSEEK_SEARCH_PROVIDER") },
         }
-        assert!(line.contains("search_provider: bing"));
+        assert!(line.contains("search_provider: duckduckgo"));
         assert!(line.contains("source: default"));
         assert!(line.contains("[search] provider"));
+        assert!(line.contains("provider = \"bing\""));
     }
 
     #[test]
diff --git a/crates/tui/src/tools/spec.rs b/crates/tui/src/tools/spec.rs
index f13c6516..3e16a81d 100644
--- a/crates/tui/src/tools/spec.rs
+++ b/crates/tui/src/tools/spec.rs
@@ -162,7 +162,7 @@ pub struct ToolContext {
     /// routing (e.g. in sub-agents and test contexts to avoid recursion).
     pub large_output_router: Option<crate::tools::large_output_router::LargeOutputRouter>,
 
-    /// Which search backend `web_search` should use. Default: Bing. Set via
+    /// Which search backend `web_search` should use. Default: DuckDuckGo. Set via
     /// `[search] provider` in config.toml.
     pub search_provider: crate::config::SearchProvider,
     /// API key for Tavily, Bocha, or Metaso. `None` for Bing or DuckDuckGo.
diff --git a/crates/tui/src/tools/web_search.rs b/crates/tui/src/tools/web_search.rs
index cb64ce98..16c7b632 100644
--- a/crates/tui/src/tools/web_search.rs
+++ b/crates/tui/src/tools/web_search.rs
@@ -129,7 +129,7 @@ impl ToolSpec for WebSearchTool {
     }
 
     fn description(&self) -> &'static str {
-        "Search the web and return ranked results with URLs and snippets. Default backend is Bing; set `[search] provider = \"duckduckgo\" | \"tavily\" | \"bocha\"` in config.toml to switch backends. Use this instead of scraping search engines with `curl` in `exec_shell`. For a known canonical URL, prefer `fetch_url` directly."
+        "Search the web and return ranked results with URLs and snippets. Default backend is DuckDuckGo with Bing fallback; set `[search] provider = \"bing\" | \"tavily\" | \"bocha\"` in config.toml to switch backends. Use this instead of scraping search engines with `curl` in `exec_shell`. For a known canonical URL, prefer `fetch_url` directly."
     }
 
     fn input_schema(&self) -> Value {
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index b92cd8ff..a40b41f5 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -654,14 +654,16 @@ Use `codewhale-tui features list` to inspect known flags and their effective sta
 
 ## Web Search Provider
 
-`web_search` uses Bing by default and does not require an API key. DuckDuckGo
-remains selectable for users who explicitly want it, and Tavily or Bocha can be
-selected when an API-backed provider is preferred. **Metaso** ([metaso.cn](https://metaso.cn))
+`web_search` uses DuckDuckGo by default and does not require an API key. The
+DuckDuckGo path keeps a Bing fallback when DDG returns a bot challenge or no
+parseable results. Bing remains selectable for users who explicitly want it,
+and Tavily or Bocha can be selected when an API-backed provider is preferred.
+**Metaso** ([metaso.cn](https://metaso.cn))
 100 searches/day free quota — set `METASO_API_KEY` or `[search] api_key` for a higher quota.
 
 ```toml
 [search]
-provider = "bing"    # bing | duckduckgo | tavily | bocha | metaso
+provider = "duckduckgo"    # duckduckgo | bing | tavily | bocha | metaso
 # api_key = "YOUR_KEY" # required for tavily and bocha; optional for metaso (100 searches/day free quota)
 ```
 
diff --git a/docs/TOOL_SURFACE.md b/docs/TOOL_SURFACE.md
index 1038b93e..aa31fb4e 100644
--- a/docs/TOOL_SURFACE.md
+++ b/docs/TOOL_SURFACE.md
@@ -35,7 +35,7 @@ chosen over the available shell equivalent. Companion to `crates/tui/src/prompts
 |---|---|
 | `grep_files` | Regex search file contents within the workspace; structured matches + context lines. Pure-Rust (`regex` crate), no `rg`/`grep` shell-out. |
 | `file_search` | Fuzzy-match filenames (not contents). Use when you know roughly the name. |
-| `web_search` | Bing by default; DuckDuckGo, Tavily, and Bocha are selectable in config. Ranked snippets + `ref_id` for citation. |
+| `web_search` | DuckDuckGo by default with Bing fallback; Bing, Tavily, and Bocha are selectable in config. Ranked snippets + `ref_id` for citation. |
 | `fetch_url` | Direct HTTP GET on a known URL. Faster than `web_search` when the link is already known. HTML stripped to text by default. |
 
 ### Shell

From 6fce7dca384f3ff96f2dea4dbfca68bad8f63e91 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:38:26 -0500
Subject: [PATCH 103/283] fix(lang): keep hidden reasoning_content in English
 regardless of locale (#1842/#1843)

- Add show_thinking flag to PromptSessionContext
- When show_thinking=false, emit hidden-thinking English instruction
- Omit locale-reinforcement bookends when user can't see thinking blocks
- Keep final-visible-reply language rule unchanged
- Add test for hidden-thinking language directive
---
 crates/tui/src/core/engine.rs       |  11 +++
 crates/tui/src/core/engine/tests.rs |  22 ++++++
 crates/tui/src/core/ops.rs          |   1 +
 crates/tui/src/main.rs              |  11 +--
 crates/tui/src/prompts.rs           | 104 +++++++++++++++++++++++++++-
 crates/tui/src/runtime_threads.rs   |  14 ++--
 crates/tui/src/tui/ui.rs            |   3 +
 crates/tui/src/tui/ui/tests.rs      |  11 ++-
 8 files changed, 164 insertions(+), 13 deletions(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index e81debe9..184327a4 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -99,6 +99,9 @@ pub struct EngineConfig {
     /// When true, the model is instructed to respond in the current locale
     /// and a post-hoc translation layer replaces remaining English output.
     pub translation_enabled: bool,
+    /// Whether user-visible transcript rendering shows thinking blocks.
+    /// Prompt assembly uses this to avoid localizing hidden reasoning.
+    pub show_thinking: bool,
     /// Maximum number of assistant steps before stopping.
     pub max_steps: u32,
     /// Maximum number of concurrently active subagents.
@@ -194,6 +197,7 @@ impl Default for EngineConfig {
             instructions: Vec::new(),
             project_context_pack_enabled: true,
             translation_enabled: false,
+            show_thinking: true,
             max_steps: 100,
             max_subagents: DEFAULT_MAX_SUBAGENTS,
             features: Features::with_defaults(),
@@ -455,6 +459,7 @@ impl Engine {
                     locale_tag: &config.locale_tag,
                     translation_enabled: config.translation_enabled,
                     model_id: &config.model,
+                    show_thinking: config.show_thinking,
                 },
                 session.approval_mode,
             );
@@ -610,6 +615,7 @@ impl Engine {
                     auto_approve,
                     approval_mode,
                     translation_enabled,
+                    show_thinking,
                 } => {
                     self.handle_send_message(
                         content,
@@ -624,6 +630,7 @@ impl Engine {
                         auto_approve,
                         approval_mode,
                         translation_enabled,
+                        show_thinking,
                     )
                     .await;
                 }
@@ -830,6 +837,7 @@ impl Engine {
                         self.session.auto_approve,
                         self.session.approval_mode,
                         self.config.translation_enabled,
+                        self.config.show_thinking,
                     )
                     .await;
                 }
@@ -918,6 +926,7 @@ impl Engine {
         auto_approve: bool,
         approval_mode: crate::tui::approval::ApprovalMode,
         translation_enabled: bool,
+        show_thinking: bool,
     ) {
         // Reset cancel token for fresh turn (in case previous was cancelled)
         self.reset_cancel_token();
@@ -1011,6 +1020,7 @@ impl Engine {
         self.session.trust_mode = trust_mode;
         self.config.trust_mode = trust_mode;
         self.config.translation_enabled = translation_enabled;
+        self.config.show_thinking = show_thinking;
         self.session.auto_approve = auto_approve;
         self.session.approval_mode = if auto_approve {
             crate::tui::approval::ApprovalMode::Auto
@@ -1852,6 +1862,7 @@ impl Engine {
                 locale_tag: &self.config.locale_tag,
                 translation_enabled: self.config.translation_enabled,
                 model_id: &self.config.model,
+                show_thinking: self.config.show_thinking,
             },
             self.session.approval_mode,
         );
diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index 422fdc11..db843260 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -1509,6 +1509,28 @@ fn refresh_system_prompt_is_noop_when_unchanged() {
     assert_eq!(engine.session.system_prompt, first_prompt);
 }
 
+#[test]
+fn engine_prompt_respects_hidden_thinking_config() {
+    let tmp = tempdir().expect("tempdir");
+    let config = EngineConfig {
+        workspace: tmp.path().to_path_buf(),
+        locale_tag: "zh-Hans".to_string(),
+        show_thinking: false,
+        ..Default::default()
+    };
+    let (engine, _handle) = Engine::new(config, &Config::default());
+    let prompt = match engine.session.system_prompt.as_ref() {
+        Some(SystemPrompt::Text(text)) => text,
+        Some(SystemPrompt::Blocks(_)) => panic!("expected text system prompt"),
+        None => panic!("expected system prompt"),
+    };
+
+    assert!(prompt.contains("## Hidden Thinking Language"));
+    assert!(prompt.contains("reasoning_content"));
+    assert!(prompt.contains("English"));
+    assert!(!prompt.contains("## 语言再次提醒"));
+}
+
 fn sync_runtime_system_prompt_override(engine: &mut Engine, system_prompt: SystemPrompt) {
     engine.session.compaction_summary_prompt =
         extract_compaction_summary_prompt(Some(system_prompt.clone()));
diff --git a/crates/tui/src/core/ops.rs b/crates/tui/src/core/ops.rs
index a77a2625..b4096706 100644
--- a/crates/tui/src/core/ops.rs
+++ b/crates/tui/src/core/ops.rs
@@ -31,6 +31,7 @@ pub enum Op {
         auto_approve: bool,
         approval_mode: ApprovalMode,
         translation_enabled: bool,
+        show_thinking: bool,
     },
 
     /// Cancel the current request
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 473484dc..17bafe9d 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -5160,6 +5160,7 @@ async fn run_exec_agent(
         .lsp
         .clone()
         .map(crate::config::LspConfigToml::into_runtime);
+    let settings = crate::settings::Settings::load().unwrap_or_default();
 
     let engine_config = EngineConfig {
         model: effective_model.clone(),
@@ -5172,6 +5173,7 @@ async fn run_exec_agent(
         instructions: config.instructions_paths(),
         project_context_pack_enabled: config.project_context_pack_enabled(),
         translation_enabled: false,
+        show_thinking: settings.show_thinking,
         max_steps: 100,
         max_subagents,
         features: config.features(),
@@ -5197,11 +5199,9 @@ async fn run_exec_agent(
         vision_config: config.vision_model_config(),
         strict_tool_mode: config.strict_tool_mode.unwrap_or(false),
         goal_objective: None,
-        locale_tag: crate::localization::resolve_locale(
-            &crate::settings::Settings::load().unwrap_or_default().locale,
-        )
-        .tag()
-        .to_string(),
+        locale_tag: crate::localization::resolve_locale(&settings.locale)
+            .tag()
+            .to_string(),
         workshop: config.workshop.clone(),
         search_provider: config.search_provider(),
         search_api_key: config.search.as_ref().and_then(|s| s.api_key.clone()),
@@ -5260,6 +5260,7 @@ async fn run_exec_agent(
             trust_mode,
             auto_approve,
             translation_enabled: false,
+            show_thinking: settings.show_thinking,
             approval_mode: if auto_approve {
                 crate::tui::approval::ApprovalMode::Auto
             } else {
diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index aa69f4f7..5584df68 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -34,6 +34,10 @@ pub struct PromptSessionContext<'a> {
     /// preserving backward compatibility with existing call sites
     /// that predate dynamic model injection.
     pub model_id: &'a str,
+    /// Whether the user-visible transcript renders thinking blocks.
+    /// When false, the prompt should not spend localization pressure on
+    /// `reasoning_content` the user will never see.
+    pub show_thinking: bool,
 }
 
 impl Default for PromptSessionContext<'_> {
@@ -45,6 +49,7 @@ impl Default for PromptSessionContext<'_> {
             locale_tag: "en",
             translation_enabled: false,
             model_id: "codewhale",
+            show_thinking: true,
         }
     }
 }
@@ -104,6 +109,25 @@ fn translation_target_language_for_tag(locale_tag: &str) -> &'static str {
     }
 }
 
+fn hidden_thinking_language_instruction(locale_tag: &str) -> String {
+    let fallback_language = translation_target_language_for_tag(locale_tag);
+    format!(
+        "\
+## Hidden Thinking Language\n\
+\n\
+The user has disabled thinking display (`show_thinking = false`). If you emit \
+`reasoning_content`, keep that hidden internal thinking in English regardless \
+of the latest user-message language or `## Environment.lang`; the user will \
+not see it, so localizing hidden thinking only adds language switching.\n\
+\n\
+The final reply is still user-visible. Follow the normal `## Language` rule \
+for the final reply: mirror the latest user message, and use \
+{fallback_language} only when the user message is ambiguous. If the user \
+explicitly asks for a different thinking language, follow that explicit request \
+for the current turn."
+    )
+}
+
 /// Render a `## Environment` block listing the resolved locale tag,
 /// runtime version, host platform, login shell, and current working directory.
 ///
@@ -611,6 +635,7 @@ pub fn system_prompt_for_mode_with_context_and_skills(
             locale_tag: "en",
             translation_enabled: false,
             model_id: "codewhale",
+            show_thinking: true,
         },
     )
 }
@@ -657,7 +682,11 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
     // in English even though `lang: zh-Hans` is set" failure mode that
     // PR #1398 partially addressed. English (and unknown) locales get
     // `None` and keep the previous behavior unchanged.
-    let preamble = locale_reinforcement_preamble(session_context.locale_tag);
+    let preamble = if session_context.show_thinking {
+        locale_reinforcement_preamble(session_context.locale_tag)
+    } else {
+        None
+    };
 
     // 1–2. Mode prompt + project context.
     // `load_project_context_with_parents` auto-generates .codewhale/instructions.md
@@ -806,8 +835,17 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
     // rule immediately before it generates `reasoning_content` for the
     // turn. English (and unknown) locales return `None` and the prompt
     // stays byte-identical to the pre-bookend behavior.
-    if let Some(closer) = locale_reinforcement_closer(session_context.locale_tag) {
+    if let Some(closer) = session_context
+        .show_thinking
+        .then(|| locale_reinforcement_closer(session_context.locale_tag))
+        .flatten()
+    {
         full_prompt = format!("{full_prompt}\n\n{closer}");
+    } else if !session_context.show_thinking {
+        full_prompt = format!(
+            "{full_prompt}\n\n{}",
+            hidden_thinking_language_instruction(session_context.locale_tag)
+        );
     }
 
     SystemPrompt::Text(full_prompt)
@@ -1087,6 +1125,7 @@ mod tests {
                 locale_tag: "zh-Hans",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
             ApprovalMode::Suggest,
         ) {
@@ -1157,6 +1196,7 @@ mod tests {
                 locale_tag: "zh-Hans",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
             ApprovalMode::Suggest,
         ) {
@@ -1184,6 +1224,58 @@ mod tests {
         );
     }
 
+    #[test]
+    fn hidden_thinking_uses_english_reasoning_without_locale_bookends() {
+        let tmp = tempdir().expect("tempdir");
+        let text = match system_prompt_for_mode_with_context_skills_session_and_approval(
+            AppMode::Agent,
+            tmp.path(),
+            None,
+            None,
+            None,
+            PromptSessionContext {
+                user_memory_block: None,
+                goal_objective: None,
+                project_context_pack_enabled: false,
+                locale_tag: "zh-Hans",
+                translation_enabled: false,
+                model_id: "codewhale",
+                show_thinking: false,
+            },
+            ApprovalMode::Suggest,
+        ) {
+            SystemPrompt::Text(text) => text,
+            SystemPrompt::Blocks(_) => panic!("expected text system prompt"),
+        };
+
+        assert!(
+            text.contains("## Hidden Thinking Language"),
+            "hidden thinking prompt must include the request-side language override"
+        );
+        assert!(
+            text.contains("reasoning_content") && text.contains("English"),
+            "hidden thinking override must steer reasoning_content to English"
+        );
+        assert!(
+            text.contains("final reply") && text.contains("Simplified Chinese"),
+            "hidden thinking override must preserve the visible reply language"
+        );
+        assert!(
+            !text.contains("## 语言要求") && !text.contains("## 语言再次提醒"),
+            "hidden thinking prompt must not also ask for localized reasoning"
+        );
+
+        let hidden_pos = text
+            .find("## Hidden Thinking Language")
+            .expect("hidden thinking block present");
+        let hidden_header_end = hidden_pos + "## Hidden Thinking Language".len();
+        let after_hidden_body = &text[hidden_header_end..];
+        assert!(
+            !after_hidden_body.contains("\n## "),
+            "hidden thinking override must be the final top-level block; got: {after_hidden_body:?}",
+        );
+    }
+
     #[test]
     fn system_prompt_skips_locale_preamble_for_english() {
         // English locale → no preamble injected. Asserts the
@@ -1202,6 +1294,7 @@ mod tests {
                 locale_tag: "en",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
             ApprovalMode::Suggest,
         ) {
@@ -1295,6 +1388,7 @@ mod tests {
                 locale_tag: "ja",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
         ) {
             SystemPrompt::Text(text) => text,
@@ -1331,6 +1425,7 @@ mod tests {
                 locale_tag: "en",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
         ) {
             SystemPrompt::Text(text) => text,
@@ -1359,6 +1454,7 @@ mod tests {
                 locale_tag: "en",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
         ) {
             SystemPrompt::Text(text) => text,
@@ -1416,6 +1512,7 @@ mod tests {
                 locale_tag: "en",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
         ) {
             SystemPrompt::Text(text) => text,
@@ -1444,6 +1541,7 @@ mod tests {
                 locale_tag: "en",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
         ) {
             SystemPrompt::Text(text) => text,
@@ -1639,6 +1737,7 @@ mod tests {
                 locale_tag: "en",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
         ) {
             SystemPrompt::Text(text) => text,
@@ -1673,6 +1772,7 @@ mod tests {
                 locale_tag: "en",
                 translation_enabled: false,
                 model_id: "codewhale",
+                show_thinking: true,
             },
         ) {
             SystemPrompt::Text(text) => text,
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 9cd65087..78580eaf 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1611,6 +1611,9 @@ impl RuntimeThreadManager {
         let allow_shell = req.allow_shell.unwrap_or(thread.allow_shell);
         let trust_mode = req.trust_mode.unwrap_or(thread.trust_mode);
         let auto_approve = req.auto_approve.unwrap_or(thread.auto_approve);
+        let show_thinking = crate::settings::Settings::load()
+            .unwrap_or_default()
+            .show_thinking;
 
         engine
             .send(Op::SendMessage {
@@ -1625,6 +1628,7 @@ impl RuntimeThreadManager {
                 trust_mode,
                 auto_approve,
                 translation_enabled: false,
+                show_thinking,
                 approval_mode: if auto_approve {
                     crate::tui::approval::ApprovalMode::Auto
                 } else {
@@ -1931,6 +1935,7 @@ impl RuntimeThreadManager {
             .lsp
             .clone()
             .map(crate::config::LspConfigToml::into_runtime);
+        let settings = crate::settings::Settings::load().unwrap_or_default();
         let engine_cfg = EngineConfig {
             model: thread.model.clone(),
             workspace: thread.workspace.clone(),
@@ -1942,6 +1947,7 @@ impl RuntimeThreadManager {
             instructions: self.config.instructions_paths(),
             project_context_pack_enabled: self.config.project_context_pack_enabled(),
             translation_enabled: false,
+            show_thinking: settings.show_thinking,
             max_steps: 100,
             max_subagents: self.config.max_subagents().clamp(1, MAX_SUBAGENTS),
             features: self.config.features(),
@@ -1982,11 +1988,9 @@ impl RuntimeThreadManager {
             vision_config: self.config.vision_model_config(),
             strict_tool_mode: self.config.strict_tool_mode.unwrap_or(false),
             goal_objective: None,
-            locale_tag: crate::localization::resolve_locale(
-                &crate::settings::Settings::load().unwrap_or_default().locale,
-            )
-            .tag()
-            .to_string(),
+            locale_tag: crate::localization::resolve_locale(&settings.locale)
+                .tag()
+                .to_string(),
             workshop: self.config.workshop.clone(),
             search_provider: self.config.search_provider(),
             search_api_key: self.config.search.as_ref().and_then(|s| s.api_key.clone()),
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 2ba52ef9..db3d6c8f 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -684,6 +684,7 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         instructions: config.instructions_paths(),
         project_context_pack_enabled: config.project_context_pack_enabled(),
         translation_enabled: app.translation_enabled,
+        show_thinking: app.show_thinking,
         // Effectively unlimited. V4 has a 1M context window and the user
         // wants the model running until it's actually done. The previous cap
         // of 100 hit the ceiling on long multi-step plans (wide refactors,
@@ -4147,6 +4148,7 @@ async fn dispatch_user_message(
                 locale_tag: app.ui_locale.tag(),
                 translation_enabled: app.translation_enabled,
                 model_id: &app.model,
+                show_thinking: app.show_thinking,
             },
         ),
     );
@@ -4243,6 +4245,7 @@ async fn dispatch_user_message(
             auto_approve: app.mode == AppMode::Yolo,
             approval_mode: app.approval_mode,
             translation_enabled: app.translation_enabled,
+            show_thinking: app.show_thinking,
         })
         .await
     {
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index c73a6a6e..61a734b1 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -3140,6 +3140,7 @@ async fn dismissed_plan_prompt_leaves_non_numeric_input_for_normal_send_path() {
 #[tokio::test]
 async fn dispatch_user_message_records_prompt_for_cancel_restore() {
     let mut app = create_test_app();
+    app.show_thinking = false;
     let config = Config::default();
     let mut engine = crate::core::engine::mock_engine_handle();
     let queued = crate::tui::app::QueuedMessage::new("fix this typo\nthen retry".to_string(), None);
@@ -3153,8 +3154,16 @@ async fn dispatch_user_message_records_prompt_for_cancel_restore() {
         Some("fix this typo\nthen retry")
     );
     match engine.rx_op.recv().await.expect("send message op") {
-        crate::core::ops::Op::SendMessage { content, .. } => {
+        crate::core::ops::Op::SendMessage {
+            content,
+            show_thinking,
+            ..
+        } => {
             assert_eq!(content, "fix this typo\nthen retry");
+            assert!(
+                !show_thinking,
+                "dispatch must carry the user's hidden-thinking setting into the engine"
+            );
         }
         other => panic!("expected SendMessage, got {other:?}"),
     }

From cf8880e4647870cf64764b70b9a92f9bc437acc1 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:38:26 -0500
Subject: [PATCH 104/283] fix(session): compact large tool outputs to artifact
 receipts on persist (#2021)

- Replace giant tool-result strings in session JSON with TOOL_OUTPUT_RECEIPT markers
- Reference artifact records by id for retrieval after session load
- Compact on save, checkpoint, load, and load_by_id paths
- Wire tool_output_receipts module into session_manager
- Add tests for compaction-on-save and legacy-load-then-compact paths
---
 crates/tui/src/commands/session.rs     |   7 +-
 crates/tui/src/commands/status.rs      |  44 +++
 crates/tui/src/main.rs                 |   1 +
 crates/tui/src/session_manager.rs      | 139 ++++++-
 crates/tui/src/tool_output_receipts.rs | 507 +++++++++++++++++++++++++
 5 files changed, 692 insertions(+), 6 deletions(-)
 create mode 100644 crates/tui/src/tool_output_receipts.rs

diff --git a/crates/tui/src/commands/session.rs b/crates/tui/src/commands/session.rs
index bc51683d..acfc0ccb 100644
--- a/crates/tui/src/commands/session.rs
+++ b/crates/tui/src/commands/session.rs
@@ -48,7 +48,9 @@ pub fn save(app: &mut App, path: Option<&str>) -> CommandResult {
 
     match std::fs::create_dir_all(&sessions_dir) {
         Ok(()) => {
-            let json = match serde_json::to_string_pretty(&session) {
+            let mut persisted = session.clone();
+            crate::session_manager::compact_session_tool_outputs(&mut persisted);
+            let json = match serde_json::to_string_pretty(&persisted) {
                 Ok(j) => j,
                 Err(e) => return CommandResult::error(format!("Failed to serialize session: {e}")),
             };
@@ -152,12 +154,13 @@ pub fn load(app: &mut App, path: Option<&str>) -> CommandResult {
         }
     };
 
-    let session: crate::session_manager::SavedSession = match serde_json::from_str(&content) {
+    let mut session: crate::session_manager::SavedSession = match serde_json::from_str(&content) {
         Ok(s) => s,
         Err(e) => {
             return CommandResult::error(format!("Failed to parse session file: {e}"));
         }
     };
+    crate::session_manager::compact_session_tool_outputs(&mut session);
 
     app.api_messages.clone_from(&session.messages);
     app.clear_history();
diff --git a/crates/tui/src/commands/status.rs b/crates/tui/src/commands/status.rs
index 2370a06d..fb1a7e6d 100644
--- a/crates/tui/src/commands/status.rs
+++ b/crates/tui/src/commands/status.rs
@@ -103,6 +103,13 @@ fn format_status(app: &App) -> String {
             app.api_messages.len()
         ),
     );
+    let tool_output_status =
+        crate::tool_output_receipts::tool_output_status(&app.api_messages, &app.session_artifacts);
+    push_row(
+        &mut out,
+        "Tool outputs:",
+        &crate::tool_output_receipts::format_tool_output_status(&tool_output_status),
+    );
     push_row(
         &mut out,
         "Rate limits:",
@@ -257,11 +264,48 @@ mod tests {
         assert!(msg.contains("Session:"));
         assert!(msg.contains("session-123"));
         assert!(msg.contains("Context window:"));
+        assert!(msg.contains("Tool outputs:"));
         assert!(msg.contains("Cache hit/miss:"));
         assert!(msg.contains("70 hit / 30 miss"));
         assert!(msg.contains("Use /statusline to configure footer items."));
     }
 
+    #[test]
+    fn status_report_surfaces_large_tool_output_pressure() {
+        let tmpdir = TempDir::new().expect("temp dir");
+        let mut app = create_test_app(tmpdir.path().to_path_buf());
+        let raw = "RAW_STATUS_PRESSURE\n".repeat(2_000);
+        app.api_messages.push(Message {
+            role: "user".to_string(),
+            content: vec![ContentBlock::ToolResult {
+                tool_use_id: "call-big".to_string(),
+                content: raw,
+                is_error: None,
+                content_blocks: None,
+            }],
+        });
+        app.session_artifacts
+            .push(crate::artifacts::ArtifactRecord {
+                id: "art_call-big".to_string(),
+                kind: crate::artifacts::ArtifactKind::ToolOutput,
+                session_id: "session-123".to_string(),
+                tool_call_id: "call-big".to_string(),
+                tool_name: "exec_shell".to_string(),
+                created_at: chrono::Utc::now(),
+                byte_size: 24_000,
+                preview: "large output".to_string(),
+                storage_path: PathBuf::from("artifacts/art_call-big.txt"),
+            });
+
+        let result = status(&mut app);
+        let msg = result.message.expect("status message");
+
+        assert!(msg.contains("Tool outputs:"));
+        assert!(msg.contains("raw over cap"));
+        assert!(msg.contains("context pressure"));
+        assert!(msg.contains("artifact"));
+    }
+
     #[test]
     fn project_docs_reports_missing_docs() {
         let tmpdir = TempDir::new().expect("temp dir");
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 473484dc..f49369a9 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -70,6 +70,7 @@ mod task_manager;
 #[cfg(test)]
 mod test_support;
 mod theme_qa_audit;
+mod tool_output_receipts;
 mod tools;
 mod tui;
 mod utils;
diff --git a/crates/tui/src/session_manager.rs b/crates/tui/src/session_manager.rs
index 93fcb56c..cf13a388 100644
--- a/crates/tui/src/session_manager.rs
+++ b/crates/tui/src/session_manager.rs
@@ -261,7 +261,10 @@ impl SessionManager {
     pub fn save_session(&self, session: &SavedSession) -> std::io::Result<PathBuf> {
         let path = self.validated_session_path(&session.metadata.id)?;
 
-        let content = serde_json::to_string_pretty(session)
+        let mut persisted = session.clone();
+        compact_session_tool_outputs(&mut persisted);
+
+        let content = serde_json::to_string_pretty(&persisted)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
 
         // Atomic write via write_atomic (NamedTempFile + fsync + persist)
@@ -278,7 +281,9 @@ impl SessionManager {
         let checkpoints = self.sessions_dir.join("checkpoints");
         fs::create_dir_all(&checkpoints)?;
         let path = checkpoints.join("latest.json");
-        let content = serde_json::to_string_pretty(session)
+        let mut persisted = session.clone();
+        compact_session_tool_outputs(&mut persisted);
+        let content = serde_json::to_string_pretty(&persisted)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
         write_atomic(&path, content.as_bytes())?;
         Ok(path)
@@ -291,7 +296,7 @@ impl SessionManager {
             return Ok(None);
         }
         let content = fs::read_to_string(&path)?;
-        let session: SavedSession = serde_json::from_str(&content)
+        let mut session: SavedSession = serde_json::from_str(&content)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
         if session.schema_version > CURRENT_SESSION_SCHEMA_VERSION {
             return Err(std::io::Error::new(
@@ -302,6 +307,7 @@ impl SessionManager {
                 ),
             ));
         }
+        compact_session_tool_outputs(&mut session);
         Ok(Some(session))
     }
 
@@ -372,7 +378,7 @@ impl SessionManager {
         let path = self.validated_session_path(id)?;
 
         let content = fs::read_to_string(&path)?;
-        let session: SavedSession = serde_json::from_str(&content)
+        let mut session: SavedSession = serde_json::from_str(&content)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
         if session.schema_version > CURRENT_SESSION_SCHEMA_VERSION {
             return Err(std::io::Error::new(
@@ -384,6 +390,7 @@ impl SessionManager {
             ));
         }
 
+        compact_session_tool_outputs(&mut session);
         Ok(session)
     }
 
@@ -760,6 +767,17 @@ pub fn update_session(
     session
 }
 
+pub(crate) fn compact_session_tool_outputs(
+    session: &mut SavedSession,
+) -> crate::tool_output_receipts::ToolOutputReceiptStats {
+    let (messages, stats) = crate::tool_output_receipts::compact_messages_for_persistence(
+        &session.messages,
+        &session.artifacts,
+    );
+    session.messages = messages;
+    stats
+}
+
 /// Cap messages to [`MAX_PERSISTED_MESSAGES`], keeping the most recent.
 /// Returns the capped slice and an optional truncation note.
 fn cap_messages(messages: &[Message]) -> (Vec<Message>, Option<String>) {
@@ -1119,6 +1137,119 @@ mod tests {
         assert_eq!(loaded.messages.len(), 2);
     }
 
+    #[test]
+    fn save_session_compacts_large_tool_outputs_to_artifact_receipts() {
+        let tmp = tempdir().expect("tempdir");
+        let manager = SessionManager::new(tmp.path().join("sessions")).expect("new");
+        let raw = "RAW_SESSION_SENTINEL\n".repeat(2_000);
+        let messages = vec![
+            Message {
+                role: "assistant".to_string(),
+                content: vec![ContentBlock::ToolUse {
+                    id: "call-big".to_string(),
+                    name: "exec_shell".to_string(),
+                    input: serde_json::json!({"command": "cargo test -p codewhale-tui"}),
+                    caller: None,
+                }],
+            },
+            Message {
+                role: "user".to_string(),
+                content: vec![ContentBlock::ToolResult {
+                    tool_use_id: "call-big".to_string(),
+                    content: raw.clone(),
+                    is_error: None,
+                    content_blocks: None,
+                }],
+            },
+        ];
+        let mut session = create_saved_session(&messages, "test-model", tmp.path(), 100, None);
+        session.artifacts.push(crate::artifacts::ArtifactRecord {
+            id: "art_call-big".to_string(),
+            kind: crate::artifacts::ArtifactKind::ToolOutput,
+            session_id: session.metadata.id.clone(),
+            tool_call_id: "call-big".to_string(),
+            tool_name: "exec_shell".to_string(),
+            created_at: Utc::now(),
+            byte_size: raw.len() as u64,
+            preview: "checking crate ... error[E0425]".to_string(),
+            storage_path: PathBuf::from("artifacts/art_call-big.txt"),
+        });
+
+        let path = manager.save_session(&session).expect("save");
+        let persisted_json = fs::read_to_string(path).expect("read persisted session");
+        assert!(!persisted_json.contains("RAW_SESSION_SENTINEL"));
+
+        let loaded = manager.load_session(&session.metadata.id).expect("load");
+        let ContentBlock::ToolResult { content, .. } = &loaded.messages[1].content[0] else {
+            panic!("expected loaded tool result");
+        };
+        assert!(!content.contains("RAW_SESSION_SENTINEL"));
+        assert!(content.contains("[TOOL_OUTPUT_RECEIPT]"));
+        assert!(content.contains("detail_handle: art_call-big"));
+        assert!(content.contains("retrieve: retrieve_tool_result ref=art_call-big"));
+    }
+
+    #[test]
+    fn load_session_compacts_legacy_large_tool_outputs_before_resume() {
+        let tmp = tempdir().expect("tempdir");
+        let manager = SessionManager::new(tmp.path().join("sessions")).expect("new");
+        let raw = "RAW_LEGACY_RESUME_SENTINEL\n".repeat(2_000);
+        let messages = vec![
+            Message {
+                role: "assistant".to_string(),
+                content: vec![ContentBlock::ToolUse {
+                    id: "call-legacy".to_string(),
+                    name: "exec_shell".to_string(),
+                    input: serde_json::json!({"command": "cargo check"}),
+                    caller: None,
+                }],
+            },
+            Message {
+                role: "user".to_string(),
+                content: vec![ContentBlock::ToolResult {
+                    tool_use_id: "call-legacy".to_string(),
+                    content: raw.clone(),
+                    is_error: None,
+                    content_blocks: None,
+                }],
+            },
+        ];
+        let mut session = create_saved_session(&messages, "test-model", tmp.path(), 100, None);
+        session.artifacts.push(crate::artifacts::ArtifactRecord {
+            id: "art_call-legacy".to_string(),
+            kind: crate::artifacts::ArtifactKind::ToolOutput,
+            session_id: session.metadata.id.clone(),
+            tool_call_id: "call-legacy".to_string(),
+            tool_name: "exec_shell".to_string(),
+            created_at: Utc::now(),
+            byte_size: raw.len() as u64,
+            preview: "cargo check output".to_string(),
+            storage_path: PathBuf::from("artifacts/art_call-legacy.txt"),
+        });
+        let path = manager
+            .validated_session_path(&session.metadata.id)
+            .expect("path");
+        fs::write(
+            &path,
+            serde_json::to_string_pretty(&session).expect("serialize legacy session"),
+        )
+        .expect("write legacy raw session");
+        assert!(
+            fs::read_to_string(&path)
+                .expect("read legacy raw")
+                .contains("RAW_LEGACY_RESUME_SENTINEL")
+        );
+
+        let loaded = manager.load_session(&session.metadata.id).expect("load");
+        let ContentBlock::ToolResult { content, .. } = &loaded.messages[1].content[0] else {
+            panic!("expected loaded tool result");
+        };
+        assert!(!content.contains("RAW_LEGACY_RESUME_SENTINEL"));
+        assert!(content.contains("[TOOL_OUTPUT_RECEIPT]"));
+        assert!(content.contains("detail_handle: art_call-legacy"));
+        assert!(content.contains("retrieve: retrieve_tool_result ref=art_call-legacy"));
+    }
+
     #[test]
     fn test_list_sessions() {
         let tmp = tempdir().expect("tempdir");
diff --git a/crates/tui/src/tool_output_receipts.rs b/crates/tui/src/tool_output_receipts.rs
new file mode 100644
index 00000000..715255a8
--- /dev/null
+++ b/crates/tui/src/tool_output_receipts.rs
@@ -0,0 +1,507 @@
+//! Compact receipts for oversized tool outputs in saved session history.
+
+use std::collections::HashMap;
+
+use serde_json::Value;
+use sha2::{Digest, Sha256};
+
+use crate::artifacts::{ArtifactKind, ArtifactRecord, format_artifact_relative_path};
+use crate::models::{ContentBlock, Message};
+use crate::tools::truncate;
+
+/// Match the provider-wire budget so persisted/resumed history does not keep a
+/// larger raw body than the model would receive on a fresh request.
+pub const RAW_TOOL_OUTPUT_RECEIPT_THRESHOLD_CHARS: usize = 12_000;
+
+#[derive(Debug, Clone, Default, PartialEq, Eq)]
+pub struct ToolOutputReceiptStats {
+    pub compacted_count: usize,
+    pub artifact_receipts: usize,
+    pub sha_receipts: usize,
+    pub unavailable_receipts: usize,
+    pub original_chars: usize,
+}
+
+#[derive(Debug, Clone, Default, PartialEq, Eq)]
+pub struct ToolOutputStatus {
+    pub raw_large_count: usize,
+    pub raw_large_chars: usize,
+    pub receipt_count: usize,
+    pub artifact_count: usize,
+    pub artifact_bytes: u64,
+}
+
+#[derive(Debug, Clone)]
+struct ToolUseInfo {
+    name: String,
+    input: Value,
+}
+
+#[derive(Debug, Clone)]
+enum DetailHandle {
+    Artifact(ArtifactRecord),
+    Sha { sha: String, persisted: bool },
+}
+
+/// Return a copy of `messages` with oversized raw tool-result bodies replaced
+/// by compact receipts. Full output is kept behind existing session artifacts
+/// when available; otherwise a SHA-addressed spillover copy is written for
+/// `retrieve_tool_result`.
+pub fn compact_messages_for_persistence(
+    messages: &[Message],
+    artifacts: &[ArtifactRecord],
+) -> (Vec<Message>, ToolOutputReceiptStats) {
+    let artifacts_by_call = artifacts_by_tool_call(artifacts);
+    let mut tool_uses: HashMap<String, ToolUseInfo> = HashMap::new();
+    let mut stats = ToolOutputReceiptStats::default();
+    let mut compacted = Vec::with_capacity(messages.len());
+
+    for message in messages {
+        let mut next = message.clone();
+        for block in &mut next.content {
+            match block {
+                ContentBlock::ToolUse {
+                    id, name, input, ..
+                } => {
+                    tool_uses.insert(
+                        id.clone(),
+                        ToolUseInfo {
+                            name: name.clone(),
+                            input: input.clone(),
+                        },
+                    );
+                }
+                ContentBlock::ToolResult {
+                    tool_use_id,
+                    content,
+                    is_error,
+                    ..
+                } => {
+                    let char_count = content.chars().count();
+                    if char_count <= RAW_TOOL_OUTPUT_RECEIPT_THRESHOLD_CHARS
+                        || looks_like_receipt(content)
+                    {
+                        continue;
+                    }
+
+                    let tool_info = tool_uses.get(tool_use_id);
+                    let handle = artifacts_by_call
+                        .get(tool_use_id.as_str())
+                        .cloned()
+                        .map(|artifact| DetailHandle::Artifact((*artifact).clone()))
+                        .unwrap_or_else(|| DetailHandle::Sha {
+                            sha: sha256_hex(content.as_bytes()),
+                            persisted: persist_sha_tool_result(content),
+                        });
+                    let source = match &handle {
+                        DetailHandle::Artifact(_) => ReceiptSource::Artifact,
+                        DetailHandle::Sha {
+                            persisted: true, ..
+                        } => ReceiptSource::Sha,
+                        DetailHandle::Sha {
+                            persisted: false, ..
+                        } => ReceiptSource::Unavailable,
+                    };
+
+                    *content = render_tool_output_receipt(
+                        tool_use_id,
+                        tool_info,
+                        content,
+                        *is_error,
+                        &handle,
+                    );
+                    stats.compacted_count += 1;
+                    stats.original_chars = stats.original_chars.saturating_add(char_count);
+                    match source {
+                        ReceiptSource::Artifact => stats.artifact_receipts += 1,
+                        ReceiptSource::Sha => stats.sha_receipts += 1,
+                        ReceiptSource::Unavailable => stats.unavailable_receipts += 1,
+                    }
+                }
+                _ => {}
+            }
+        }
+        compacted.push(next);
+    }
+
+    (compacted, stats)
+}
+
+pub fn tool_output_status(messages: &[Message], artifacts: &[ArtifactRecord]) -> ToolOutputStatus {
+    let mut status = ToolOutputStatus {
+        artifact_count: artifacts.len(),
+        artifact_bytes: artifacts
+            .iter()
+            .map(|artifact| artifact.byte_size)
+            .sum::<u64>(),
+        ..ToolOutputStatus::default()
+    };
+
+    for message in messages {
+        for block in &message.content {
+            if let ContentBlock::ToolResult { content, .. } = block {
+                if looks_like_receipt(content) {
+                    status.receipt_count += 1;
+                } else {
+                    let chars = content.chars().count();
+                    if chars > RAW_TOOL_OUTPUT_RECEIPT_THRESHOLD_CHARS {
+                        status.raw_large_count += 1;
+                        status.raw_large_chars = status.raw_large_chars.saturating_add(chars);
+                    }
+                }
+            }
+        }
+    }
+
+    status
+}
+
+pub fn format_tool_output_status(status: &ToolOutputStatus) -> String {
+    let mut parts = Vec::new();
+    if status.raw_large_count > 0 {
+        parts.push(format!(
+            "{} raw over cap (~{} chars) adding context pressure",
+            status.raw_large_count,
+            format_count(status.raw_large_chars)
+        ));
+    }
+    if status.receipt_count > 0 {
+        parts.push(format!("{} compact receipt(s)", status.receipt_count));
+    }
+    if status.artifact_count > 0 {
+        parts.push(format!(
+            "{} artifact(s), {} stored",
+            status.artifact_count,
+            crate::artifacts::format_byte_size(status.artifact_bytes)
+        ));
+    }
+    if parts.is_empty() {
+        "no large outputs tracked".to_string()
+    } else {
+        parts.join("; ")
+    }
+}
+
+fn artifacts_by_tool_call(artifacts: &[ArtifactRecord]) -> HashMap<&str, &ArtifactRecord> {
+    artifacts
+        .iter()
+        .filter(|artifact| artifact.kind == ArtifactKind::ToolOutput)
+        .map(|artifact| (artifact.tool_call_id.as_str(), artifact))
+        .collect()
+}
+
+#[derive(Debug, Clone, Copy)]
+enum ReceiptSource {
+    Artifact,
+    Sha,
+    Unavailable,
+}
+
+fn render_tool_output_receipt(
+    tool_call_id: &str,
+    tool_info: Option<&ToolUseInfo>,
+    original_content: &str,
+    is_error: Option<bool>,
+    handle: &DetailHandle,
+) -> String {
+    let original_chars = original_content.chars().count();
+    let original_bytes = original_content.len() as u64;
+    let tool_name = match handle {
+        DetailHandle::Artifact(record) if !record.tool_name.trim().is_empty() => {
+            record.tool_name.as_str()
+        }
+        _ => tool_info
+            .map(|info| info.name.as_str())
+            .filter(|name| !name.trim().is_empty())
+            .unwrap_or("unknown"),
+    };
+    let command_or_query = tool_info
+        .map(|info| summarize_input(&info.input, 300))
+        .unwrap_or_else(|| "unknown".to_string());
+    let status = if is_error.unwrap_or(false) {
+        "error"
+    } else {
+        "success"
+    };
+    let exit_status = infer_exit_status(original_content).unwrap_or_else(|| "unknown".to_string());
+    let preview = preview_for_receipt(handle, original_content);
+    let (detail_handle, retrieve, storage) = match handle {
+        DetailHandle::Artifact(record) => (
+            record.id.clone(),
+            format!("retrieve_tool_result ref={}", record.id),
+            format_artifact_relative_path(&record.storage_path),
+        ),
+        DetailHandle::Sha { sha, persisted } => {
+            let handle = format!("sha:{sha}");
+            let storage = if *persisted {
+                "content-addressed spillover".to_string()
+            } else {
+                "unavailable; spillover write failed".to_string()
+            };
+            (
+                handle.clone(),
+                format!("retrieve_tool_result ref={handle}"),
+                storage,
+            )
+        }
+    };
+
+    format!(
+        "[TOOL_OUTPUT_RECEIPT]\n\
+         tool: {tool_name}\n\
+         tool_call_id: {tool_call_id}\n\
+         status: {status}\n\
+         exit_status: {exit_status}\n\
+         elapsed: unknown\n\
+         output: {bytes} ({chars} chars, ~{tokens} tokens)\n\
+         truncation: raw output omitted from saved/resumed context\n\
+         detail_handle: {detail_handle}\n\
+         retrieve: {retrieve}\n\
+         storage: {storage}\n\
+         command_or_query: {command_or_query}\n\
+         preview: {preview}\n\
+         [/TOOL_OUTPUT_RECEIPT]",
+        bytes = crate::artifacts::format_byte_size(original_bytes),
+        chars = format_count(original_chars),
+        tokens = format_count(approx_tokens(original_chars)),
+    )
+}
+
+fn persist_sha_tool_result(content: &str) -> bool {
+    let sha = sha256_hex(content.as_bytes());
+    match truncate::write_sha_spillover(&sha, content) {
+        Ok(_) => true,
+        Err(err) => {
+            crate::logging::warn(format!(
+                "tool-output receipt SHA spillover write failed for sha={sha}: {err}"
+            ));
+            false
+        }
+    }
+}
+
+fn preview_for_receipt(handle: &DetailHandle, original_content: &str) -> String {
+    let preview = match handle {
+        DetailHandle::Artifact(record) if !record.preview.trim().is_empty() => {
+            record.preview.as_str()
+        }
+        _ => original_content,
+    };
+    summarize_text(preview, 240)
+}
+
+fn looks_like_receipt(content: &str) -> bool {
+    let trimmed = content.trim_start();
+    trimmed.starts_with("[TOOL_OUTPUT_RECEIPT]")
+        || trimmed.starts_with("[artifact:")
+        || trimmed.starts_with("[TOOL_RESULT_TRUNCATED]")
+        || trimmed.starts_with("<TOOL_RESULT_REF")
+}
+
+fn infer_exit_status(content: &str) -> Option<String> {
+    if let Ok(value) = serde_json::from_str::<Value>(content) {
+        for key in ["exit_code", "exit_status", "status", "code"] {
+            if let Some(value) = value.get(key) {
+                return Some(summarize_input(value, 120));
+            }
+        }
+    }
+
+    for line in content.lines().take(40) {
+        let trimmed = line.trim();
+        for prefix in ["Exit code:", "exit code:", "Exit status:", "exit status:"] {
+            if let Some(value) = trimmed.strip_prefix(prefix) {
+                return Some(summarize_text(value.trim(), 120));
+            }
+        }
+    }
+    None
+}
+
+fn summarize_input(value: &Value, max_chars: usize) -> String {
+    let raw = value
+        .as_str()
+        .map(str::to_string)
+        .unwrap_or_else(|| value.to_string());
+    summarize_text(&raw, max_chars)
+}
+
+fn summarize_text(text: &str, max_chars: usize) -> String {
+    let escaped = text.replace('\n', "\\n");
+    let mut summary: String = escaped.chars().take(max_chars).collect();
+    if escaped.chars().count() > max_chars {
+        summary.push_str("...");
+    }
+    summary
+}
+
+fn sha256_hex(bytes: &[u8]) -> String {
+    let mut hasher = Sha256::new();
+    hasher.update(bytes);
+    format!("{:x}", hasher.finalize())
+}
+
+fn approx_tokens(chars: usize) -> usize {
+    chars.div_ceil(4)
+}
+
+fn format_count(value: usize) -> String {
+    value.to_string()
+}
+
+#[cfg(test)]
+mod tests {
+    use std::path::{Path, PathBuf};
+
+    use chrono::Utc;
+    use serde_json::json;
+    use tempfile::tempdir;
+
+    use super::*;
+
+    fn tool_use_message(id: &str, name: &str, input: Value) -> Message {
+        Message {
+            role: "assistant".to_string(),
+            content: vec![ContentBlock::ToolUse {
+                id: id.to_string(),
+                name: name.to_string(),
+                input,
+                caller: None,
+            }],
+        }
+    }
+
+    fn tool_result_message(id: &str, content: &str) -> Message {
+        Message {
+            role: "user".to_string(),
+            content: vec![ContentBlock::ToolResult {
+                tool_use_id: id.to_string(),
+                content: content.to_string(),
+                is_error: None,
+                content_blocks: None,
+            }],
+        }
+    }
+
+    fn artifact_record(tool_call_id: &str, raw: &str) -> ArtifactRecord {
+        ArtifactRecord {
+            id: crate::artifacts::artifact_id_for_tool_call(tool_call_id),
+            kind: ArtifactKind::ToolOutput,
+            session_id: "session-123".to_string(),
+            tool_call_id: tool_call_id.to_string(),
+            tool_name: "exec_shell".to_string(),
+            created_at: Utc::now(),
+            byte_size: raw.len() as u64,
+            preview: "checking crate ... error[E0425]".to_string(),
+            storage_path: PathBuf::from("artifacts").join("art_call-big.txt"),
+        }
+    }
+
+    #[test]
+    fn compacts_large_tool_result_to_artifact_receipt() {
+        let raw = "RAW_SENTINEL\n".repeat(2_000);
+        let messages = vec![
+            tool_use_message(
+                "call-big",
+                "exec_shell",
+                json!({"command": "cargo test -p codewhale-tui"}),
+            ),
+            tool_result_message("call-big", &raw),
+        ];
+        let artifacts = vec![artifact_record("call-big", &raw)];
+
+        let (compacted, stats) = compact_messages_for_persistence(&messages, &artifacts);
+        let ContentBlock::ToolResult { content, .. } = &compacted[1].content[0] else {
+            panic!("expected tool result");
+        };
+
+        assert_eq!(stats.compacted_count, 1);
+        assert_eq!(stats.artifact_receipts, 1);
+        assert!(!content.contains("RAW_SENTINEL"));
+        assert!(content.contains("[TOOL_OUTPUT_RECEIPT]"));
+        assert!(content.contains("tool: exec_shell"));
+        assert!(content.contains("detail_handle: art_call-big"));
+        assert!(content.contains("retrieve: retrieve_tool_result ref=art_call-big"));
+        assert!(
+            content.contains("command_or_query: {\"command\":\"cargo test -p codewhale-tui\"}")
+        );
+    }
+
+    #[test]
+    fn compacts_large_tool_result_to_sha_receipt_when_no_artifact_exists() {
+        let _guard = crate::tools::truncate::TEST_SPILLOVER_GUARD
+            .lock()
+            .unwrap_or_else(|err| err.into_inner());
+        let tmp = tempdir().expect("tempdir");
+        let prior = crate::tools::truncate::set_test_spillover_root(Some(
+            tmp.path().join(".deepseek").join("tool_outputs"),
+        ));
+        struct Restore(Option<PathBuf>);
+        impl Drop for Restore {
+            fn drop(&mut self) {
+                crate::tools::truncate::set_test_spillover_root(self.0.take());
+            }
+        }
+        let _restore = Restore(prior);
+
+        let raw = format!("{}\n{}", "H".repeat(320), "NO_ARTIFACT_RAW\n".repeat(2_000));
+        let sha = sha256_hex(raw.as_bytes());
+        let messages = vec![
+            tool_use_message("call-big", "grep_files", json!({"pattern": "TODO"})),
+            tool_result_message("call-big", &raw),
+        ];
+
+        let (compacted, stats) = compact_messages_for_persistence(&messages, &[]);
+        let ContentBlock::ToolResult { content, .. } = &compacted[1].content[0] else {
+            panic!("expected tool result");
+        };
+
+        assert_eq!(stats.compacted_count, 1);
+        assert_eq!(stats.sha_receipts, 1);
+        assert!(!content.contains("NO_ARTIFACT_RAW"));
+        assert!(content.contains(&format!("detail_handle: sha:{sha}")));
+        assert!(content.contains(&format!("retrieve: retrieve_tool_result ref=sha:{sha}")));
+        let path = crate::tools::truncate::sha_spillover_path(&sha).expect("sha path");
+        assert_eq!(std::fs::read_to_string(path).expect("read sha"), raw);
+    }
+
+    #[test]
+    fn small_tool_results_remain_inline() {
+        let messages = vec![
+            tool_use_message("call-small", "exec_shell", json!({"command": "pwd"})),
+            tool_result_message("call-small", "ok"),
+        ];
+
+        let (compacted, stats) = compact_messages_for_persistence(&messages, &[]);
+        let ContentBlock::ToolResult { content, .. } = &compacted[1].content[0] else {
+            panic!("expected tool result");
+        };
+
+        assert_eq!(content, "ok");
+        assert_eq!(stats.compacted_count, 0);
+    }
+
+    #[test]
+    fn status_reports_raw_large_receipts_and_artifacts() {
+        let raw = "RAW_STATUS\n".repeat(2_000);
+        let receipt = "[TOOL_OUTPUT_RECEIPT]\ndetail_handle: art_call-big";
+        let messages = vec![
+            tool_result_message("call-raw", &raw),
+            tool_result_message("call-receipt", receipt),
+        ];
+        let artifacts = vec![ArtifactRecord {
+            storage_path: Path::new("artifacts/art_call-big.txt").to_path_buf(),
+            ..artifact_record("call-big", &raw)
+        }];
+
+        let status = tool_output_status(&messages, &artifacts);
+        assert_eq!(status.raw_large_count, 1);
+        assert_eq!(status.receipt_count, 1);
+        assert_eq!(status.artifact_count, 1);
+
+        let rendered = format_tool_output_status(&status);
+        assert!(rendered.contains("raw over cap"));
+        assert!(rendered.contains("compact receipt"));
+        assert!(rendered.contains("artifact"));
+    }
+}

From 5e9accd14952045c0057fc9c5623cd035af1adc5 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:38:26 -0500
Subject: [PATCH 105/283] feat(diag): add redacted synthetic session failure
 classifier (#2022)

- Add FailureCategory enum for command-exit, network, sandbox, timeout, etc.
- Module is deliberately pure: no file reads, caller-provided records only
- Added as dead_code module, wired for future diagnostics integration
---
 crates/tui/src/main.rs                       |   2 +
 crates/tui/src/session_failure_classifier.rs | 513 +++++++++++++++++++
 2 files changed, 515 insertions(+)
 create mode 100644 crates/tui/src/session_failure_classifier.rs

diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 473484dc..94baec02 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -61,6 +61,8 @@ mod runtime_threads;
 mod sandbox;
 mod schema_migration;
 mod seam_manager;
+#[allow(dead_code)]
+mod session_failure_classifier;
 mod session_manager;
 mod settings;
 mod skill_state;
diff --git a/crates/tui/src/session_failure_classifier.rs b/crates/tui/src/session_failure_classifier.rs
new file mode 100644
index 00000000..a88b87c9
--- /dev/null
+++ b/crates/tui/src/session_failure_classifier.rs
@@ -0,0 +1,513 @@
+//! Redacted session/tool failure classification.
+//!
+//! This module is deliberately pure: callers provide already-parsed,
+//! caller-constructed records and receive aggregate counts plus redacted
+//! source handles. It does not read session files or copy raw tool output.
+
+use std::collections::BTreeMap;
+
+use serde::Serialize;
+
+/// Environment/tool failure shapes that should be separated from model-quality
+/// failures during triage.
+#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum FailureCategory {
+    CommandExit,
+    Network,
+    SandboxApproval,
+    MissingDependencyPath,
+    Timeout,
+    UnclosedTurn,
+    Unknown,
+}
+
+impl FailureCategory {
+    #[must_use]
+    pub fn is_environment_suspect(self) -> bool {
+        !matches!(self, Self::Unknown)
+    }
+}
+
+/// One caller-supplied synthetic session record.
+#[derive(Debug, Clone)]
+pub struct SessionFailureRecord<'a> {
+    /// Untrusted source locator. The classifier hashes it before output.
+    pub source_hint: &'a str,
+    /// Optional timestamp to preserve enough local evidence metadata for
+    /// maintainers who have access to the private source.
+    pub timestamp: Option<&'a str>,
+    pub event: SessionFailureEvent<'a>,
+}
+
+/// Synthetic event shape used by the classifier.
+#[derive(Debug, Clone)]
+pub enum SessionFailureEvent<'a> {
+    TurnStarted { turn_id: &'a str },
+    TurnCompleted { turn_id: &'a str },
+    Tool(ToolFailureRecord<'a>),
+}
+
+/// Caller-supplied tool record. Text fields are classification inputs only and
+/// are never copied into [`FailureEvidence`].
+#[derive(Debug, Clone, Default)]
+pub struct ToolFailureRecord<'a> {
+    pub tool_name: &'a str,
+    pub success: Option<bool>,
+    pub exit_code: Option<i32>,
+    pub timed_out: bool,
+    pub sandbox_denied: bool,
+    pub approval_denied: bool,
+    pub diagnostic: Option<&'a str>,
+    pub output_excerpt: Option<&'a str>,
+}
+
+/// Redacted per-failure locator emitted by default.
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+pub struct FailureEvidence {
+    pub category: FailureCategory,
+    pub source_handle: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub timestamp: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub tool_name: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub exit_code: Option<i32>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub turn_handle: Option<String>,
+}
+
+/// Aggregate classifier output safe for status, handoff, or bug-report
+/// preflight surfaces.
+#[derive(Debug, Clone, Default, PartialEq, Eq, Serialize)]
+pub struct FailureSummary {
+    pub counts: BTreeMap<FailureCategory, usize>,
+    pub evidence: Vec<FailureEvidence>,
+}
+
+impl FailureSummary {
+    #[must_use]
+    pub fn count_for(&self, category: FailureCategory) -> usize {
+        self.counts.get(&category).copied().unwrap_or(0)
+    }
+
+    #[must_use]
+    pub fn environment_suspect_count(&self) -> usize {
+        self.evidence
+            .iter()
+            .filter(|item| item.category.is_environment_suspect())
+            .count()
+    }
+
+    fn push(&mut self, evidence: FailureEvidence) {
+        *self.counts.entry(evidence.category).or_insert(0) += 1;
+        self.evidence.push(evidence);
+    }
+}
+
+#[derive(Debug, Clone)]
+struct OpenTurn {
+    source_handle: String,
+    timestamp: Option<String>,
+    turn_handle: String,
+}
+
+/// Classify a caller-supplied slice of synthetic records.
+#[must_use]
+pub fn summarize_records(records: &[SessionFailureRecord<'_>]) -> FailureSummary {
+    let mut summary = FailureSummary::default();
+    let mut open_turns: BTreeMap<String, OpenTurn> = BTreeMap::new();
+
+    for record in records {
+        let source_handle = redacted_handle("src", record.source_hint);
+        let timestamp = record.timestamp.map(ToOwned::to_owned);
+
+        match &record.event {
+            SessionFailureEvent::TurnStarted { turn_id } => {
+                open_turns.insert(
+                    (*turn_id).to_owned(),
+                    OpenTurn {
+                        source_handle,
+                        timestamp,
+                        turn_handle: redacted_handle("turn", turn_id),
+                    },
+                );
+            }
+            SessionFailureEvent::TurnCompleted { turn_id } => {
+                open_turns.remove(*turn_id);
+            }
+            SessionFailureEvent::Tool(tool) => {
+                if let Some(category) = classify_tool_record(tool) {
+                    summary.push(FailureEvidence {
+                        category,
+                        source_handle,
+                        timestamp,
+                        tool_name: Some(sanitize_tool_name(tool.tool_name)),
+                        exit_code: tool.exit_code.filter(|code| *code != 0),
+                        turn_handle: None,
+                    });
+                }
+            }
+        }
+    }
+
+    for turn in open_turns.into_values() {
+        summary.push(FailureEvidence {
+            category: FailureCategory::UnclosedTurn,
+            source_handle: turn.source_handle,
+            timestamp: turn.timestamp,
+            tool_name: None,
+            exit_code: None,
+            turn_handle: Some(turn.turn_handle),
+        });
+    }
+
+    summary
+}
+
+/// Classify one tool record. Returns `None` for successful/no-signal records.
+#[must_use]
+pub fn classify_tool_record(record: &ToolFailureRecord<'_>) -> Option<FailureCategory> {
+    let failed = record.success == Some(false)
+        || record.exit_code.is_some_and(|code| code != 0)
+        || record.timed_out
+        || record.sandbox_denied
+        || record.approval_denied
+        || record.diagnostic.is_some()
+        || record.output_excerpt.is_some();
+
+    if !failed {
+        return None;
+    }
+
+    if record.timed_out || record.matches_text(timeout_signal) {
+        return Some(FailureCategory::Timeout);
+    }
+    if record.sandbox_denied
+        || record.approval_denied
+        || record.matches_text(sandbox_or_approval_signal)
+    {
+        return Some(FailureCategory::SandboxApproval);
+    }
+    if record.matches_text(network_signal) {
+        return Some(FailureCategory::Network);
+    }
+    if record.matches_text(missing_dependency_or_path_signal) {
+        return Some(FailureCategory::MissingDependencyPath);
+    }
+    if record.exit_code.is_some_and(|code| code != 0) {
+        return Some(FailureCategory::CommandExit);
+    }
+
+    Some(FailureCategory::Unknown)
+}
+
+impl ToolFailureRecord<'_> {
+    fn matches_text(&self, predicate: fn(&str) -> bool) -> bool {
+        self.diagnostic.is_some_and(predicate) || self.output_excerpt.is_some_and(predicate)
+    }
+}
+
+fn timeout_signal(text: &str) -> bool {
+    let lower = text.to_ascii_lowercase();
+    lower.contains("timed out")
+        || lower.contains("timeout")
+        || lower.contains("deadline exceeded")
+        || lower.contains("operation took too long")
+}
+
+fn sandbox_or_approval_signal(text: &str) -> bool {
+    let lower = text.to_ascii_lowercase();
+    lower.contains("sandbox")
+        || lower.contains("seatbelt")
+        || lower.contains("landlock")
+        || lower.contains("seccomp")
+        || lower.contains("approval")
+        || lower.contains("denied by user")
+        || lower.contains("user denied")
+        || lower.contains("permission denied")
+        || lower.contains("operation not permitted")
+        || lower.contains("blocked by policy")
+}
+
+fn network_signal(text: &str) -> bool {
+    let lower = text.to_ascii_lowercase();
+    lower.contains("network")
+        || lower.contains("dns")
+        || lower.contains("could not resolve")
+        || lower.contains("name or service not known")
+        || lower.contains("temporary failure in name resolution")
+        || lower.contains("connection refused")
+        || lower.contains("connection reset")
+        || lower.contains("connection closed")
+        || lower.contains("failed to connect")
+        || lower.contains("tls")
+        || lower.contains("ssl")
+        || lower.contains("http 502")
+        || lower.contains("http 503")
+        || lower.contains("http 504")
+        || lower.contains(" 502 ")
+        || lower.contains(" 503 ")
+        || lower.contains(" 504 ")
+        || lower.starts_with("502 ")
+        || lower.starts_with("503 ")
+        || lower.starts_with("504 ")
+        || lower.ends_with(" 502")
+        || lower.ends_with(" 503")
+        || lower.ends_with(" 504")
+        || matches!(lower.as_str(), "502" | "503" | "504")
+        || lower.contains("curl: (6)")
+        || lower.contains("curl: (7)")
+        || lower.contains("curl: (35)")
+        || lower.contains("curl: (56)")
+}
+
+fn missing_dependency_or_path_signal(text: &str) -> bool {
+    let lower = text.to_ascii_lowercase();
+    lower.contains("command not found")
+        || lower.contains("no such file or directory")
+        || lower.contains("enoent")
+        || lower.contains("not recognized as an internal or external command")
+        || lower.contains("cannot find the path")
+        || lower.contains("failed to locate tool")
+        || lower.contains("module not found")
+        || lower.contains("modulenotfounderror")
+        || lower.contains("no module named")
+        || lower.contains("missing binary")
+        || lower.contains("missing dependency")
+}
+
+fn sanitize_tool_name(raw: &str) -> String {
+    let sanitized: String = raw
+        .chars()
+        .filter(|ch| ch.is_ascii_alphanumeric() || matches!(ch, '_' | '-' | '.'))
+        .take(64)
+        .collect();
+    if sanitized.is_empty() {
+        "tool".to_string()
+    } else {
+        sanitized
+    }
+}
+
+fn redacted_handle(prefix: &str, raw: &str) -> String {
+    if raw.trim().is_empty() {
+        return format!("{prefix}_unspecified");
+    }
+    format!("{prefix}_{:016x}", stable_hash(raw))
+}
+
+fn stable_hash(raw: &str) -> u64 {
+    let mut hash = 0xcbf2_9ce4_8422_2325u64;
+    for byte in raw.as_bytes() {
+        hash ^= u64::from(*byte);
+        hash = hash.wrapping_mul(0x0000_0100_0000_01b3);
+    }
+    hash
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn tool<'a>(
+        source_hint: &'a str,
+        tool_name: &'a str,
+        exit_code: Option<i32>,
+        diagnostic: &'a str,
+    ) -> SessionFailureRecord<'a> {
+        SessionFailureRecord {
+            source_hint,
+            timestamp: Some("2026-05-24T21:00:00Z"),
+            event: SessionFailureEvent::Tool(ToolFailureRecord {
+                tool_name,
+                success: Some(false),
+                exit_code,
+                diagnostic: Some(diagnostic),
+                ..ToolFailureRecord::default()
+            }),
+        }
+    }
+
+    #[test]
+    fn classifies_synthetic_environment_and_tool_failure_shapes() {
+        let records = vec![
+            tool(
+                "/Users/hunter/private/session-a.jsonl",
+                "exec_shell",
+                Some(101),
+                "cargo test failed",
+            ),
+            tool(
+                "/Users/hunter/private/session-b.jsonl",
+                "web_run",
+                Some(6),
+                "curl: (6) Could not resolve host: example.invalid",
+            ),
+            SessionFailureRecord {
+                source_hint: "/Users/hunter/private/session-c.jsonl",
+                timestamp: Some("2026-05-24T21:01:00Z"),
+                event: SessionFailureEvent::Tool(ToolFailureRecord {
+                    tool_name: "exec_shell",
+                    success: Some(false),
+                    exit_code: Some(1),
+                    sandbox_denied: true,
+                    diagnostic: Some("sandbox-exec blocked file-write"),
+                    ..ToolFailureRecord::default()
+                }),
+            },
+            tool(
+                "/Users/hunter/private/session-d.jsonl",
+                "exec_shell",
+                Some(127),
+                "zsh: command not found: cargo-nextest",
+            ),
+            SessionFailureRecord {
+                source_hint: "/Users/hunter/private/session-e.jsonl",
+                timestamp: Some("2026-05-24T21:02:00Z"),
+                event: SessionFailureEvent::Tool(ToolFailureRecord {
+                    tool_name: "fetch_url",
+                    success: Some(false),
+                    timed_out: true,
+                    diagnostic: Some("operation timed out after 60s"),
+                    ..ToolFailureRecord::default()
+                }),
+            },
+            SessionFailureRecord {
+                source_hint: "/Users/hunter/private/session-f.jsonl",
+                timestamp: Some("2026-05-24T21:03:00Z"),
+                event: SessionFailureEvent::TurnStarted {
+                    turn_id: "turn-private-123",
+                },
+            },
+        ];
+
+        let summary = summarize_records(&records);
+
+        assert_eq!(summary.count_for(FailureCategory::CommandExit), 1);
+        assert_eq!(summary.count_for(FailureCategory::Network), 1);
+        assert_eq!(summary.count_for(FailureCategory::SandboxApproval), 1);
+        assert_eq!(summary.count_for(FailureCategory::MissingDependencyPath), 1);
+        assert_eq!(summary.count_for(FailureCategory::Timeout), 1);
+        assert_eq!(summary.count_for(FailureCategory::UnclosedTurn), 1);
+        assert_eq!(summary.environment_suspect_count(), 6);
+    }
+
+    #[test]
+    fn specific_environment_signals_beat_generic_nonzero_exit() {
+        let network = ToolFailureRecord {
+            tool_name: "exec_shell",
+            success: Some(false),
+            exit_code: Some(1),
+            diagnostic: Some("DNS lookup failed"),
+            ..ToolFailureRecord::default()
+        };
+        let missing = ToolFailureRecord {
+            tool_name: "exec_shell",
+            success: Some(false),
+            exit_code: Some(127),
+            diagnostic: Some("No such file or directory"),
+            ..ToolFailureRecord::default()
+        };
+        let approval = ToolFailureRecord {
+            tool_name: "edit_file",
+            success: Some(false),
+            exit_code: Some(1),
+            approval_denied: true,
+            diagnostic: Some("denied by user"),
+            ..ToolFailureRecord::default()
+        };
+        let timeout = ToolFailureRecord {
+            tool_name: "web_run",
+            success: Some(false),
+            exit_code: Some(124),
+            diagnostic: Some("deadline exceeded"),
+            ..ToolFailureRecord::default()
+        };
+
+        assert_eq!(
+            classify_tool_record(&network),
+            Some(FailureCategory::Network)
+        );
+        assert_eq!(
+            classify_tool_record(&missing),
+            Some(FailureCategory::MissingDependencyPath)
+        );
+        assert_eq!(
+            classify_tool_record(&approval),
+            Some(FailureCategory::SandboxApproval)
+        );
+        assert_eq!(
+            classify_tool_record(&timeout),
+            Some(FailureCategory::Timeout)
+        );
+    }
+
+    #[test]
+    fn successful_records_and_closed_turns_do_not_emit_failures() {
+        let records = vec![
+            SessionFailureRecord {
+                source_hint: "session-ok",
+                timestamp: None,
+                event: SessionFailureEvent::TurnStarted { turn_id: "turn-1" },
+            },
+            SessionFailureRecord {
+                source_hint: "session-ok",
+                timestamp: None,
+                event: SessionFailureEvent::Tool(ToolFailureRecord {
+                    tool_name: "exec_shell",
+                    success: Some(true),
+                    exit_code: Some(0),
+                    diagnostic: None,
+                    ..ToolFailureRecord::default()
+                }),
+            },
+            SessionFailureRecord {
+                source_hint: "session-ok",
+                timestamp: None,
+                event: SessionFailureEvent::TurnCompleted { turn_id: "turn-1" },
+            },
+        ];
+
+        let summary = summarize_records(&records);
+
+        assert!(summary.counts.is_empty());
+        assert!(summary.evidence.is_empty());
+    }
+
+    #[test]
+    fn summary_uses_redacted_handles_and_does_not_copy_raw_content() {
+        let records = vec![
+            SessionFailureRecord {
+                source_hint: "/Users/hunter/private/session-secret.jsonl",
+                timestamp: Some("2026-05-24T21:04:00Z"),
+                event: SessionFailureEvent::Tool(ToolFailureRecord {
+                    tool_name: "exec shell with spaces",
+                    success: Some(false),
+                    exit_code: Some(1),
+                    diagnostic: Some("fatal output contained sk-test-secret and /private/path"),
+                    output_excerpt: Some("raw transcript text that must stay private"),
+                    ..ToolFailureRecord::default()
+                }),
+            },
+            SessionFailureRecord {
+                source_hint: "/Users/hunter/private/session-secret.jsonl",
+                timestamp: Some("2026-05-24T21:05:00Z"),
+                event: SessionFailureEvent::TurnStarted {
+                    turn_id: "private-turn-id",
+                },
+            },
+        ];
+
+        let encoded = serde_json::to_string(&summarize_records(&records)).unwrap();
+
+        assert!(!encoded.contains("/Users/hunter"));
+        assert!(!encoded.contains("session-secret"));
+        assert!(!encoded.contains("sk-test-secret"));
+        assert!(!encoded.contains("raw transcript text"));
+        assert!(!encoded.contains("private-turn-id"));
+        assert!(encoded.contains("src_"));
+        assert!(encoded.contains("turn_"));
+        assert!(encoded.contains("execshellwithspaces"));
+    }
+}

From 17f21a84e1746bcfffdf07ed939b09aa8adbf5df Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:38:26 -0500
Subject: [PATCH 106/283] feat(goals): add runtime goal tools and bounded
 continuation gate (#2199)

- Add SharedGoalState and goal tools (goal.rs) to the engine
- Sync goal state from host on engine init and goal-objective change
- Wire goal_objective through prompt context and system-prompt refresh
- Add continuation.md prompt for bounded task continuation
- Register goal tools in the tool registry
- Add continuation gate tests in engine/tests.rs
---
 crates/tui/src/core/engine.rs            |  71 ++-
 crates/tui/src/core/engine/tests.rs      |  56 +++
 crates/tui/src/core/engine/tool_setup.rs |   2 +
 crates/tui/src/core/engine/turn_loop.rs  |  65 +++
 crates/tui/src/main.rs                   |   1 +
 crates/tui/src/prompts.rs                |   4 +
 crates/tui/src/prompts/continuation.md   |  19 +
 crates/tui/src/runtime_threads.rs        |   1 +
 crates/tui/src/tools/goal.rs             | 559 +++++++++++++++++++++++
 crates/tui/src/tools/mod.rs              |   1 +
 crates/tui/src/tools/registry.rs         |   9 +
 crates/tui/src/tui/ui.rs                 |   5 +
 12 files changed, 790 insertions(+), 3 deletions(-)
 create mode 100644 crates/tui/src/prompts/continuation.md
 create mode 100644 crates/tui/src/tools/goal.rs

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index e81debe9..2ee693fc 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -42,6 +42,7 @@ use crate::models::{
 };
 use crate::prompts;
 use crate::seam_manager::{SeamConfig, SeamManager};
+use crate::tools::goal::{SharedGoalState, new_shared_goal_state};
 use crate::tools::plan::{SharedPlanState, new_shared_plan_state};
 use crate::tools::shell::{SharedShellManager, new_shared_shell_manager};
 use crate::tools::spec::RuntimeToolServices;
@@ -122,6 +123,8 @@ pub struct EngineConfig {
     pub todos: SharedTodoList,
     /// Shared Plan state.
     pub plan_state: SharedPlanState,
+    /// Shared runtime goal state for model-visible goal tools.
+    pub goal_state: SharedGoalState,
     /// Maximum sub-agent recursion depth (default 3). See
     /// `SubAgentRuntime::max_spawn_depth`. Override via
     /// `[runtime] max_spawn_depth = N` in `~/.deepseek/config.toml`.
@@ -202,6 +205,7 @@ impl Default for EngineConfig {
             capacity: CapacityControllerConfig::default(),
             todos: new_shared_todo_list(),
             plan_state: new_shared_plan_state(),
+            goal_state: new_shared_goal_state(),
             max_spawn_depth: crate::tools::subagent::DEFAULT_MAX_SPAWN_DEPTH,
             network_policy: None,
             snapshots_enabled: true,
@@ -410,6 +414,10 @@ impl Engine {
 
     /// Create a new engine with the given configuration
     pub fn new(config: EngineConfig, api_config: &Config) -> (Self, EngineHandle) {
+        if let Some(objective) = normalized_goal_objective(config.goal_objective.as_deref()) {
+            sync_goal_state_from_host(&config.goal_state, Some(&objective), None, false);
+        }
+
         let (tx_op, rx_op) = mpsc::channel(32);
         let (tx_event, rx_event) = mpsc::channel(256);
         let (tx_approval, rx_approval) = mpsc::channel(64);
@@ -441,6 +449,8 @@ impl Engine {
         // message at request time so file churn does not rewrite this prefix.
         let user_memory_block =
             crate::memory::compose_block(config.memory_enabled, &config.memory_path);
+        let prompt_goal_objective =
+            goal_objective_for_prompt(config.goal_objective.as_deref(), &config.goal_state);
         let system_prompt =
             prompts::system_prompt_for_mode_with_context_skills_session_and_approval(
                 AppMode::Agent,
@@ -450,7 +460,7 @@ impl Engine {
                 Some(&config.instructions),
                 prompts::PromptSessionContext {
                     user_memory_block: user_memory_block.as_deref(),
-                    goal_objective: config.goal_objective.as_deref(),
+                    goal_objective: prompt_goal_objective.as_deref(),
                     project_context_pack_enabled: config.project_context_pack_enabled,
                     locale_tag: &config.locale_tag,
                     translation_enabled: config.translation_enabled,
@@ -1000,9 +1010,21 @@ impl Engine {
         let user_msg = self.user_text_message_with_turn_metadata(content);
         self.session.add_message(user_msg);
 
+        let previous_goal_objective = self.config.goal_objective.clone();
+
         self.session.model = model;
         self.config.model.clone_from(&self.session.model);
-        self.config.goal_objective = goal_objective;
+        self.config.goal_objective = goal_objective.clone();
+        if normalized_goal_objective(previous_goal_objective.as_deref())
+            != normalized_goal_objective(goal_objective.as_deref())
+        {
+            sync_goal_state_from_host(
+                &self.config.goal_state,
+                normalized_goal_objective(goal_objective.as_deref()).as_deref(),
+                None,
+                false,
+            );
+        }
         self.session.reasoning_effort = reasoning_effort;
         self.session.reasoning_effort_auto = reasoning_effort_auto;
         self.session.auto_model = auto_model;
@@ -1839,6 +1861,10 @@ impl Engine {
     fn refresh_system_prompt(&mut self, mode: AppMode) {
         let user_memory_block =
             crate::memory::compose_block(self.config.memory_enabled, &self.config.memory_path);
+        let prompt_goal_objective = goal_objective_for_prompt(
+            self.config.goal_objective.as_deref(),
+            &self.config.goal_state,
+        );
         let base = prompts::system_prompt_for_mode_with_context_skills_session_and_approval(
             mode,
             &self.config.workspace,
@@ -1847,7 +1873,7 @@ impl Engine {
             Some(&self.config.instructions),
             prompts::PromptSessionContext {
                 user_memory_block: user_memory_block.as_deref(),
-                goal_objective: self.config.goal_objective.as_deref(),
+                goal_objective: prompt_goal_objective.as_deref(),
                 project_context_pack_enabled: self.config.project_context_pack_enabled,
                 locale_tag: &self.config.locale_tag,
                 translation_enabled: self.config.translation_enabled,
@@ -1906,6 +1932,45 @@ fn system_prompt_hash(prompt: Option<&SystemPrompt>) -> u64 {
     hasher.finish()
 }
 
+fn normalized_goal_objective(value: Option<&str>) -> Option<String> {
+    value
+        .map(str::trim)
+        .filter(|value| !value.is_empty())
+        .map(str::to_string)
+}
+
+fn sync_goal_state_from_host(
+    goal_state: &SharedGoalState,
+    objective: Option<&str>,
+    token_budget: Option<u32>,
+    completed: bool,
+) {
+    match goal_state.lock() {
+        Ok(mut state) => state.sync_from_host(objective, token_budget, completed),
+        Err(err) => tracing::warn!("goal state lock poisoned while syncing host goal: {err}"),
+    }
+}
+
+fn goal_objective_for_prompt(
+    configured_goal: Option<&str>,
+    goal_state: &SharedGoalState,
+) -> Option<String> {
+    match goal_state.lock() {
+        Ok(state) => {
+            if state.objective().is_some() {
+                return state.is_active().then(|| {
+                    state
+                        .objective()
+                        .expect("checked goal objective")
+                        .to_string()
+                });
+            }
+        }
+        Err(err) => tracing::warn!("goal state lock poisoned while building prompt: {err}"),
+    }
+    normalized_goal_objective(configured_goal)
+}
+
 /// Spawn the engine in a background task
 pub fn spawn_engine(config: EngineConfig, api_config: &Config) -> EngineHandle {
     let (engine, handle) = Engine::new(config, api_config);
diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index 422fdc11..4f732958 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -199,6 +199,37 @@ fn engine_initial_prompt_includes_configured_goal() {
 
     assert!(prompt.contains("<session_goal>"));
     assert!(prompt.contains("Fix goal handoff"));
+    assert!(
+        engine
+            .config
+            .goal_state
+            .lock()
+            .expect("goal lock")
+            .is_active()
+    );
+}
+
+#[test]
+fn refresh_system_prompt_uses_runtime_goal_state() {
+    let (mut engine, _handle) = Engine::new(EngineConfig::default(), &Config::default());
+    {
+        let mut goal = engine.config.goal_state.lock().expect("goal lock");
+        goal.create("Close the runtime goal loop".to_string(), None);
+    }
+
+    engine.refresh_system_prompt(AppMode::Agent);
+    let prompt = match engine.session.system_prompt {
+        Some(SystemPrompt::Text(text)) => text,
+        Some(SystemPrompt::Blocks(blocks)) => blocks
+            .into_iter()
+            .map(|block| block.text)
+            .collect::<Vec<_>>()
+            .join("\n"),
+        None => panic!("expected system prompt"),
+    };
+
+    assert!(prompt.contains("<session_goal>"));
+    assert!(prompt.contains("Close the runtime goal loop"));
 }
 
 #[test]
@@ -840,6 +871,9 @@ fn turn_tool_registry_builder_keeps_plan_mode_read_only_for_files() {
     assert!(!registry.contains("rlm"));
     assert!(!registry.contains("fim_edit"));
     assert!(registry.contains("update_plan"));
+    assert!(registry.contains("create_goal"));
+    assert!(registry.contains("get_goal"));
+    assert!(registry.contains("update_goal"));
     assert!(registry.contains("task_list"));
     assert!(registry.contains("task_read"));
     assert!(registry.contains("handle_read"));
@@ -892,6 +926,28 @@ fn parent_turn_registry_includes_recall_archive_for_investigative_modes() {
     }
 }
 
+#[test]
+fn parent_turn_registry_includes_goal_tools_for_all_modes() {
+    let (engine, _handle) = Engine::new(EngineConfig::default(), &Config::default());
+
+    for mode in [AppMode::Plan, AppMode::Agent, AppMode::Yolo] {
+        let registry = engine
+            .build_turn_tool_registry_builder(
+                mode,
+                engine.config.todos.clone(),
+                engine.config.plan_state.clone(),
+            )
+            .build(engine.build_tool_context(mode, false));
+
+        for name in ["create_goal", "get_goal", "update_goal"] {
+            assert!(
+                registry.contains(name),
+                "parent {mode:?} registry should expose {name}"
+            );
+        }
+    }
+}
+
 #[test]
 fn agent_mode_can_build_auto_approved_tool_context() {
     let (engine, _handle) = Engine::new(EngineConfig::default(), &Config::default());
diff --git a/crates/tui/src/core/engine/tool_setup.rs b/crates/tui/src/core/engine/tool_setup.rs
index 2354d6a8..99c5b707 100644
--- a/crates/tui/src/core/engine/tool_setup.rs
+++ b/crates/tui/src/core/engine/tool_setup.rs
@@ -52,11 +52,13 @@ impl Engine {
                 .with_runtime_read_only_task_tools()
                 .with_todo_tool(todo_list)
                 .with_plan_tool(plan_state)
+                .with_goal_tools(self.config.goal_state.clone())
         } else {
             ToolRegistryBuilder::new()
                 .with_agent_tools(self.session.allow_shell)
                 .with_todo_tool(todo_list)
                 .with_plan_tool(plan_state)
+                .with_goal_tools(self.config.goal_state.clone())
         };
 
         builder = builder
diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index 1a1a9104..c0003910 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -39,6 +39,7 @@ impl Engine {
         }
         let mut active_tool_names = initial_active_tools(&tool_catalog);
         let mut loop_guard = LoopGuard::default();
+        let mut goal_continuations_this_turn = 0u32;
 
         // Transparent stream-retry counter: when the chunked-transfer
         // connection dies mid-stream and we got nothing useful out of it
@@ -1116,6 +1117,21 @@ impl Engine {
                     continue;
                 }
 
+                if let Some(continuation) = self
+                    .goal_continuation_message_if_needed(
+                        tool_registry,
+                        &mut goal_continuations_this_turn,
+                    )
+                    .await
+                {
+                    self.add_session_message(
+                        self.user_text_message_with_turn_metadata(continuation),
+                    )
+                    .await;
+                    turn.next_step();
+                    continue;
+                }
+
                 if thinking_only_no_sendable {
                     let holding_for_subagents = {
                         let running = {
@@ -2006,6 +2022,55 @@ impl Engine {
         (TurnOutcomeStatus::Completed, None)
     }
 
+    async fn goal_continuation_message_if_needed(
+        &self,
+        tool_registry: Option<&crate::tools::ToolRegistry>,
+        continuations_this_turn: &mut u32,
+    ) -> Option<String> {
+        let registry = tool_registry?;
+        if !registry.contains("update_goal") {
+            return None;
+        }
+
+        let snapshot = match self.config.goal_state.lock() {
+            Ok(state) => state.snapshot(),
+            Err(err) => {
+                tracing::warn!("goal state lock poisoned during continuation check: {err}");
+                return None;
+            }
+        };
+
+        if !snapshot.is_active() {
+            return None;
+        }
+
+        let max = crate::tools::goal::MAX_GOAL_CONTINUATIONS_PER_TURN;
+        if *continuations_this_turn >= max {
+            let _ = self
+                .tx_event
+                .send(Event::status(format!(
+                    "Goal remains active after {max} continuation pass(es); ending turn to avoid a runaway loop."
+                )))
+                .await;
+            return None;
+        }
+
+        *continuations_this_turn = (*continuations_this_turn).saturating_add(1);
+        let _ = self
+            .tx_event
+            .send(Event::status(format!(
+                "Continuing active goal audit ({}/{max})",
+                *continuations_this_turn
+            )))
+            .await;
+
+        Some(crate::tools::goal::render_continuation_prompt(
+            &snapshot,
+            *continuations_this_turn,
+            max,
+        ))
+    }
+
     pub(super) fn messages_with_turn_metadata(&self) -> Vec<Message> {
         // `<turn_meta>` is stored on user-text messages when the message is
         // appended. Do not rewrite historical messages at request time: doing
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 473484dc..478db7ee 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -5180,6 +5180,7 @@ async fn run_exec_agent(
         capacity: crate::core::capacity::CapacityControllerConfig::from_app_config(config),
         todos: new_shared_todo_list(),
         plan_state: new_shared_plan_state(),
+        goal_state: crate::tools::goal::new_shared_goal_state(),
         max_spawn_depth: crate::tools::subagent::DEFAULT_MAX_SPAWN_DEPTH,
         network_policy,
         snapshots_enabled: config.snapshots_config().enabled,
diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index aa69f4f7..ee4e1b5d 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -376,6 +376,10 @@ pub const NEVER_APPROVAL: &str = include_str!("prompts/approvals/never.md");
 /// model knows the format to use when writing `.deepseek/handoff.md`.
 pub const COMPACT_TEMPLATE: &str = include_str!("prompts/compact.md");
 
+/// Goal continuation audit template — injected by the engine when a runtime
+/// goal is active and the assistant tries to end a turn without closing it.
+pub const GOAL_CONTINUATION_PROMPT: &str = include_str!("prompts/continuation.md");
+
 /// Memory hygiene guidance — appended to the system prompt only when the
 /// session has a non-empty user-memory block. Steers the model toward
 /// writing durable memories as declarative facts ("User prefers concise
diff --git a/crates/tui/src/prompts/continuation.md b/crates/tui/src/prompts/continuation.md
new file mode 100644
index 00000000..492cb1a6
--- /dev/null
+++ b/crates/tui/src/prompts/continuation.md
@@ -0,0 +1,19 @@
+## Goal Continuation
+
+You are working toward an active session goal. Your task now is to make concrete
+progress toward the objective and audit whether the full goal is complete.
+
+Completion is unproven until you verify it against current-state evidence:
+
+1. Derive the concrete requirements from the goal and the latest user
+   instructions.
+2. Inspect authoritative evidence for each requirement: files, command output,
+   tests, runtime behavior, issue or PR state, rendered artifacts, or other
+   current sources.
+3. Treat uncertain or indirect evidence as not complete. Continue work or gather
+   stronger evidence.
+4. Only when the full objective is satisfied, call `update_goal` with
+   `status: "complete"` and concise evidence.
+
+If the goal cannot continue because of a real blocker, call `update_goal` with
+`status: "blocked"` and explain the blocker. Otherwise continue making progress.
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 9cd65087..943cf5fc 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1952,6 +1952,7 @@ impl RuntimeThreadManager {
             ),
             todos: new_shared_todo_list(),
             plan_state: new_shared_plan_state(),
+            goal_state: crate::tools::goal::new_shared_goal_state(),
             max_spawn_depth: crate::tools::subagent::DEFAULT_MAX_SPAWN_DEPTH,
             network_policy,
             snapshots_enabled: self.config.snapshots_config().enabled,
diff --git a/crates/tui/src/tools/goal.rs b/crates/tui/src/tools/goal.rs
new file mode 100644
index 00000000..5ce3c4d1
--- /dev/null
+++ b/crates/tui/src/tools/goal.rs
@@ -0,0 +1,559 @@
+//! Goal tools for the model-visible LLM-as-judge loop.
+//!
+//! The TUI already has a `/goal` command and passes its objective into the
+//! engine prompt. This module keeps the runtime slice separate: a small
+//! session-scoped state object plus tools the model can use to inspect and
+//! close out that state.
+
+use std::sync::{Arc, Mutex};
+use std::time::Instant;
+
+use async_trait::async_trait;
+use serde::Serialize;
+use serde_json::{Value, json};
+
+use crate::tools::spec::{
+    ApprovalRequirement, ToolCapability, ToolContext, ToolError, ToolResult, ToolSpec, required_str,
+};
+
+/// Maximum number of automatic goal-continuation prompt injections in one
+/// engine turn. This prevents a missing `update_goal` call from becoming an
+/// unbounded local loop.
+pub const MAX_GOAL_CONTINUATIONS_PER_TURN: u32 = 3;
+
+/// Shared reference to the current runtime goal.
+pub type SharedGoalState = Arc<Mutex<GoalState>>;
+
+/// Create an empty shared goal state.
+#[must_use]
+pub fn new_shared_goal_state() -> SharedGoalState {
+    Arc::new(Mutex::new(GoalState::default()))
+}
+
+/// Create shared state seeded from the existing `/goal` surface.
+#[must_use]
+pub fn new_shared_goal_state_from_host(
+    objective: Option<String>,
+    token_budget: Option<u32>,
+    completed: bool,
+) -> SharedGoalState {
+    let mut state = GoalState::default();
+    state.sync_from_host(objective.as_deref(), token_budget, completed);
+    Arc::new(Mutex::new(state))
+}
+
+/// Runtime status for a goal.
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum GoalStatus {
+    Active,
+    Complete,
+    Blocked,
+}
+
+impl GoalStatus {
+    #[must_use]
+    pub fn as_str(self) -> &'static str {
+        match self {
+            Self::Active => "active",
+            Self::Complete => "complete",
+            Self::Blocked => "blocked",
+        }
+    }
+}
+
+/// Session-local goal state. `Instant` stays runtime-only; snapshots expose
+/// elapsed seconds so tool output remains serializable and stable.
+#[derive(Debug, Clone, Default)]
+pub struct GoalState {
+    objective: Option<String>,
+    token_budget: Option<u32>,
+    status: Option<GoalStatus>,
+    started_at: Option<Instant>,
+    finished_at: Option<Instant>,
+    evidence: Option<String>,
+    blocker: Option<String>,
+}
+
+impl GoalState {
+    #[must_use]
+    pub fn objective(&self) -> Option<&str> {
+        self.objective.as_deref()
+    }
+
+    #[must_use]
+    pub fn is_active(&self) -> bool {
+        self.objective.is_some() && self.status == Some(GoalStatus::Active)
+    }
+
+    pub fn sync_from_host(
+        &mut self,
+        objective: Option<&str>,
+        token_budget: Option<u32>,
+        completed: bool,
+    ) {
+        let objective = objective.map(str::trim).filter(|value| !value.is_empty());
+        match objective {
+            Some(objective) => {
+                let changed = self.objective.as_deref() != Some(objective);
+                if changed {
+                    self.objective = Some(objective.to_string());
+                    self.token_budget = token_budget;
+                    self.started_at = Some(Instant::now());
+                    self.evidence = None;
+                    self.blocker = None;
+                } else if token_budget.is_some() {
+                    self.token_budget = token_budget;
+                }
+
+                if changed || self.status.is_none() {
+                    self.status = Some(if completed {
+                        GoalStatus::Complete
+                    } else {
+                        GoalStatus::Active
+                    });
+                    self.finished_at = completed.then(Instant::now);
+                }
+            }
+            None => self.clear(),
+        }
+    }
+
+    pub fn create(&mut self, objective: String, token_budget: Option<u32>) {
+        self.objective = Some(objective);
+        self.token_budget = token_budget;
+        self.status = Some(GoalStatus::Active);
+        self.started_at = Some(Instant::now());
+        self.finished_at = None;
+        self.evidence = None;
+        self.blocker = None;
+    }
+
+    pub fn resume(&mut self, objective: Option<String>) -> Result<(), &'static str> {
+        if let Some(objective) = objective {
+            self.create(objective, self.token_budget);
+            return Ok(());
+        }
+        if self.objective.is_none() {
+            return Err("No goal exists to resume.");
+        }
+        self.status = Some(GoalStatus::Active);
+        self.finished_at = None;
+        self.evidence = None;
+        self.blocker = None;
+        Ok(())
+    }
+
+    pub fn mark_complete(&mut self, evidence: String) -> Result<(), &'static str> {
+        if self.objective.is_none() {
+            return Err("No active goal exists to complete.");
+        }
+        self.status = Some(GoalStatus::Complete);
+        self.finished_at = Some(Instant::now());
+        self.evidence = Some(evidence);
+        self.blocker = None;
+        Ok(())
+    }
+
+    pub fn mark_blocked(&mut self, blocker: String) -> Result<(), &'static str> {
+        if self.objective.is_none() {
+            return Err("No active goal exists to block.");
+        }
+        self.status = Some(GoalStatus::Blocked);
+        self.finished_at = Some(Instant::now());
+        self.blocker = Some(blocker);
+        Ok(())
+    }
+
+    pub fn clear(&mut self) {
+        *self = Self::default();
+    }
+
+    #[must_use]
+    pub fn snapshot(&self) -> GoalSnapshot {
+        GoalSnapshot {
+            objective: self.objective.clone(),
+            status: self
+                .status
+                .map(GoalStatus::as_str)
+                .unwrap_or("none")
+                .to_string(),
+            token_budget: self.token_budget,
+            elapsed_seconds: self.started_at.map(|started| started.elapsed().as_secs()),
+            evidence: self.evidence.clone(),
+            blocker: self.blocker.clone(),
+        }
+    }
+}
+
+/// Serializable tool output and prompt input for the current goal.
+#[derive(Debug, Clone, Serialize, PartialEq, Eq)]
+pub struct GoalSnapshot {
+    pub objective: Option<String>,
+    pub status: String,
+    pub token_budget: Option<u32>,
+    pub elapsed_seconds: Option<u64>,
+    pub evidence: Option<String>,
+    pub blocker: Option<String>,
+}
+
+impl GoalSnapshot {
+    #[must_use]
+    pub fn is_active(&self) -> bool {
+        self.objective.is_some() && self.status == GoalStatus::Active.as_str()
+    }
+}
+
+/// Render the bounded continuation prompt injected when a goal is still active
+/// after an assistant message has no tool calls.
+#[must_use]
+pub fn render_continuation_prompt(
+    snapshot: &GoalSnapshot,
+    continuation_index: u32,
+    max_continuations: u32,
+) -> String {
+    let goal_json = serde_json::to_string_pretty(snapshot).unwrap_or_else(|_| "{}".to_string());
+    format!(
+        "{}\n\n## Active Goal State\n\n```json\n{}\n```\n\nContinuation pass: {}/{}.\nIf the goal is complete, call `update_goal` with `status: \"complete\"` and concrete evidence. If it is blocked, call `update_goal` with `status: \"blocked\"` and the blocker. Otherwise continue making progress toward the objective.",
+        crate::prompts::GOAL_CONTINUATION_PROMPT.trim(),
+        goal_json,
+        continuation_index,
+        max_continuations,
+    )
+}
+
+fn lock_goal_state(
+    state: &SharedGoalState,
+) -> Result<std::sync::MutexGuard<'_, GoalState>, ToolError> {
+    state
+        .lock()
+        .map_err(|_| ToolError::execution_failed("goal state lock poisoned"))
+}
+
+fn parse_token_budget(input: &Value) -> Result<Option<u32>, ToolError> {
+    let Some(raw) = input.get("token_budget") else {
+        return Ok(None);
+    };
+    if raw.is_null() {
+        return Ok(None);
+    }
+    let Some(value) = raw.as_u64() else {
+        return Err(ToolError::invalid_input(
+            "token_budget must be a non-negative integer",
+        ));
+    };
+    u32::try_from(value)
+        .map(Some)
+        .map_err(|_| ToolError::invalid_input("token_budget is too large"))
+}
+
+fn json_result(snapshot: &GoalSnapshot) -> Result<ToolResult, ToolError> {
+    ToolResult::json(snapshot).map_err(|err| ToolError::execution_failed(err.to_string()))
+}
+
+pub struct CreateGoalTool {
+    goal_state: SharedGoalState,
+}
+
+impl CreateGoalTool {
+    #[must_use]
+    pub fn new(goal_state: SharedGoalState) -> Self {
+        Self { goal_state }
+    }
+}
+
+#[async_trait]
+impl ToolSpec for CreateGoalTool {
+    fn name(&self) -> &'static str {
+        "create_goal"
+    }
+
+    fn description(&self) -> &'static str {
+        "Create or replace the current runtime goal. Use this when the user asks for a persistent goal that should be audited before the turn is allowed to finish."
+    }
+
+    fn input_schema(&self) -> Value {
+        json!({
+            "type": "object",
+            "properties": {
+                "objective": {
+                    "type": "string",
+                    "description": "The full objective to pursue. Keep the complete user goal, not a shortened one-turn version."
+                },
+                "token_budget": {
+                    "type": "integer",
+                    "minimum": 0,
+                    "description": "Optional soft token budget for the goal."
+                }
+            },
+            "required": ["objective"],
+            "additionalProperties": false
+        })
+    }
+
+    fn capabilities(&self) -> Vec<ToolCapability> {
+        Vec::new()
+    }
+
+    fn approval_requirement(&self) -> ApprovalRequirement {
+        ApprovalRequirement::Auto
+    }
+
+    async fn execute(&self, input: Value, _context: &ToolContext) -> Result<ToolResult, ToolError> {
+        let objective = required_str(&input, "objective")?.trim().to_string();
+        if objective.is_empty() {
+            return Err(ToolError::invalid_input("objective cannot be empty"));
+        }
+        let token_budget = parse_token_budget(&input)?;
+        let snapshot = {
+            let mut state = lock_goal_state(&self.goal_state)?;
+            state.create(objective, token_budget);
+            state.snapshot()
+        };
+        json_result(&snapshot)
+    }
+}
+
+pub struct GetGoalTool {
+    goal_state: SharedGoalState,
+}
+
+impl GetGoalTool {
+    #[must_use]
+    pub fn new(goal_state: SharedGoalState) -> Self {
+        Self { goal_state }
+    }
+}
+
+#[async_trait]
+impl ToolSpec for GetGoalTool {
+    fn name(&self) -> &'static str {
+        "get_goal"
+    }
+
+    fn description(&self) -> &'static str {
+        "Inspect the current runtime goal state, including objective, status, token budget, elapsed time, evidence, and blocker."
+    }
+
+    fn input_schema(&self) -> Value {
+        json!({
+            "type": "object",
+            "properties": {},
+            "additionalProperties": false
+        })
+    }
+
+    fn capabilities(&self) -> Vec<ToolCapability> {
+        vec![ToolCapability::ReadOnly]
+    }
+
+    fn approval_requirement(&self) -> ApprovalRequirement {
+        ApprovalRequirement::Auto
+    }
+
+    fn supports_parallel(&self) -> bool {
+        true
+    }
+
+    async fn execute(
+        &self,
+        _input: Value,
+        _context: &ToolContext,
+    ) -> Result<ToolResult, ToolError> {
+        let snapshot = {
+            let state = lock_goal_state(&self.goal_state)?;
+            state.snapshot()
+        };
+        json_result(&snapshot)
+    }
+}
+
+pub struct UpdateGoalTool {
+    goal_state: SharedGoalState,
+}
+
+impl UpdateGoalTool {
+    #[must_use]
+    pub fn new(goal_state: SharedGoalState) -> Self {
+        Self { goal_state }
+    }
+}
+
+#[async_trait]
+impl ToolSpec for UpdateGoalTool {
+    fn name(&self) -> &'static str {
+        "update_goal"
+    }
+
+    fn description(&self) -> &'static str {
+        "Update the runtime goal. This is the LLM-as-judge completion gate: only mark complete when the objective has been verified against concrete current-state evidence."
+    }
+
+    fn input_schema(&self) -> Value {
+        json!({
+            "type": "object",
+            "properties": {
+                "status": {
+                    "type": "string",
+                    "enum": ["active", "complete", "blocked"],
+                    "description": "Use complete only when the goal is fully satisfied; blocked when meaningful progress cannot continue; active to resume or revise the objective."
+                },
+                "evidence": {
+                    "type": "string",
+                    "description": "Required when status is complete. Briefly cite the proof that the goal is done."
+                },
+                "blocker": {
+                    "type": "string",
+                    "description": "Required when status is blocked. Explain the condition preventing progress."
+                },
+                "objective": {
+                    "type": "string",
+                    "description": "Optional replacement objective when status is active."
+                }
+            },
+            "required": ["status"],
+            "additionalProperties": false
+        })
+    }
+
+    fn capabilities(&self) -> Vec<ToolCapability> {
+        Vec::new()
+    }
+
+    fn approval_requirement(&self) -> ApprovalRequirement {
+        ApprovalRequirement::Auto
+    }
+
+    async fn execute(&self, input: Value, _context: &ToolContext) -> Result<ToolResult, ToolError> {
+        let status = required_str(&input, "status")?.trim().to_ascii_lowercase();
+        let snapshot = {
+            let mut state = lock_goal_state(&self.goal_state)?;
+            match status.as_str() {
+                "complete" => {
+                    let evidence = input
+                        .get("evidence")
+                        .and_then(Value::as_str)
+                        .map(str::trim)
+                        .unwrap_or_default()
+                        .to_string();
+                    if evidence.is_empty() {
+                        return Err(ToolError::invalid_input(
+                            "evidence is required when status is complete",
+                        ));
+                    }
+                    state
+                        .mark_complete(evidence)
+                        .map_err(ToolError::invalid_input)?;
+                }
+                "blocked" => {
+                    let blocker = input
+                        .get("blocker")
+                        .and_then(Value::as_str)
+                        .map(str::trim)
+                        .unwrap_or_default()
+                        .to_string();
+                    if blocker.is_empty() {
+                        return Err(ToolError::invalid_input(
+                            "blocker is required when status is blocked",
+                        ));
+                    }
+                    state
+                        .mark_blocked(blocker)
+                        .map_err(ToolError::invalid_input)?;
+                }
+                "active" => {
+                    let objective = input
+                        .get("objective")
+                        .and_then(Value::as_str)
+                        .map(str::trim)
+                        .filter(|value| !value.is_empty())
+                        .map(str::to_string);
+                    state.resume(objective).map_err(ToolError::invalid_input)?;
+                }
+                other => {
+                    return Err(ToolError::invalid_input(format!(
+                        "unsupported goal status '{other}'"
+                    )));
+                }
+            }
+            state.snapshot()
+        };
+        json_result(&snapshot)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use serde_json::json;
+
+    use super::*;
+
+    #[tokio::test]
+    async fn create_get_and_complete_goal() {
+        let state = new_shared_goal_state();
+        let ctx = ToolContext::new(".");
+
+        let create = CreateGoalTool::new(state.clone());
+        let created = create
+            .execute(
+                json!({
+                    "objective": "ship the runtime slice",
+                    "token_budget": 1200
+                }),
+                &ctx,
+            )
+            .await
+            .expect("create goal");
+        assert!(created.success);
+        assert!(created.content.contains("\"status\": \"active\""));
+
+        let get = GetGoalTool::new(state.clone());
+        let current = get.execute(json!({}), &ctx).await.expect("get goal");
+        assert!(current.content.contains("ship the runtime slice"));
+        assert!(current.content.contains("\"token_budget\": 1200"));
+
+        let update = UpdateGoalTool::new(state.clone());
+        let completed = update
+            .execute(
+                json!({
+                    "status": "complete",
+                    "evidence": "focused tests passed"
+                }),
+                &ctx,
+            )
+            .await
+            .expect("complete goal");
+        assert!(completed.content.contains("\"status\": \"complete\""));
+        assert!(completed.content.contains("focused tests passed"));
+        assert!(!state.lock().expect("goal lock").is_active());
+    }
+
+    #[tokio::test]
+    async fn update_goal_requires_completion_evidence() {
+        let state =
+            new_shared_goal_state_from_host(Some("prove completion".to_string()), None, false);
+        let update = UpdateGoalTool::new(state);
+        let err = update
+            .execute(json!({"status": "complete"}), &ToolContext::new("."))
+            .await
+            .expect_err("missing evidence should fail");
+
+        assert!(err.to_string().contains("evidence is required"));
+    }
+
+    #[test]
+    fn continuation_prompt_includes_bound_and_goal_state() {
+        let snapshot = GoalSnapshot {
+            objective: Some("finish issue 2199".to_string()),
+            status: "active".to_string(),
+            token_budget: None,
+            elapsed_seconds: Some(5),
+            evidence: None,
+            blocker: None,
+        };
+
+        let prompt = render_continuation_prompt(&snapshot, 2, 3);
+        assert!(prompt.contains("Goal Continuation"));
+        assert!(prompt.contains("finish issue 2199"));
+        assert!(prompt.contains("Continuation pass: 2/3"));
+    }
+}
diff --git a/crates/tui/src/tools/mod.rs b/crates/tui/src/tools/mod.rs
index aea1cc5f..e5427065 100644
--- a/crates/tui/src/tools/mod.rs
+++ b/crates/tui/src/tools/mod.rs
@@ -24,6 +24,7 @@ pub mod fim;
 pub mod git;
 pub mod git_history;
 pub mod github;
+pub mod goal;
 pub mod handle;
 pub mod image_ocr;
 pub mod js_execution;
diff --git a/crates/tui/src/tools/registry.rs b/crates/tui/src/tools/registry.rs
index 5254de70..5a437abf 100644
--- a/crates/tui/src/tools/registry.rs
+++ b/crates/tui/src/tools/registry.rs
@@ -844,6 +844,15 @@ impl ToolRegistryBuilder {
         self.with_tool(Arc::new(UpdatePlanTool::new(plan_state)))
     }
 
+    /// Include runtime goal tools (`create_goal`, `get_goal`, `update_goal`).
+    #[must_use]
+    pub fn with_goal_tools(self, goal_state: super::goal::SharedGoalState) -> Self {
+        use super::goal::{CreateGoalTool, GetGoalTool, UpdateGoalTool};
+        self.with_tool(Arc::new(CreateGoalTool::new(goal_state.clone())))
+            .with_tool(Arc::new(GetGoalTool::new(goal_state.clone())))
+            .with_tool(Arc::new(UpdateGoalTool::new(goal_state)))
+    }
+
     /// Include sub-agent management tools.
     #[must_use]
     pub fn with_subagent_tools(
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 2ba52ef9..295baa22 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -700,6 +700,11 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         capacity: crate::core::capacity::CapacityControllerConfig::from_app_config(config),
         todos: app.todos.clone(),
         plan_state: app.plan_state.clone(),
+        goal_state: crate::tools::goal::new_shared_goal_state_from_host(
+            app.goal.goal_objective.clone(),
+            app.goal.goal_token_budget,
+            app.goal.goal_completed,
+        ),
         max_spawn_depth: crate::tools::subagent::DEFAULT_MAX_SPAWN_DEPTH,
         network_policy: config.network.clone().map(|toml_cfg| {
             crate::network_policy::NetworkPolicyDecider::with_default_audit(toml_cfg.into_runtime())

From 60c1b6619cfdba6c714344a42b062f3ee55c5811 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:39:28 -0500
Subject: [PATCH 107/283] style: rustfmt cleanups and minor formatting fixes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Line-wrap long function signatures and format arguments
- Fix bracket placement for early returns (consistent style)
- Use [!] instead of [✓] for network-denied skill sync
- Fix copy-selection ordering: clear after success, not always
---
 crates/cli/src/update.rs               | 28 ++++++++++++++++++++++----
 crates/config/src/lib.rs               | 10 ++-------
 crates/tui/src/commands/session.rs     |  5 ++++-
 crates/tui/src/commands/skills.rs      |  2 +-
 crates/tui/src/config.rs               | 20 +++++++++++++-----
 crates/tui/src/core/capacity_memory.rs |  3 +--
 crates/tui/src/cycle_manager.rs        | 13 ++++++------
 crates/tui/src/tools/truncate.rs       |  4 +++-
 crates/tui/src/tui/mouse_ui.rs         |  2 +-
 crates/tui/src/tui/onboarding/mod.rs   |  4 +++-
 crates/tui/src/tui/ui.rs               |  6 +++++-
 11 files changed, 65 insertions(+), 32 deletions(-)

diff --git a/crates/cli/src/update.rs b/crates/cli/src/update.rs
index 5b1dce53..2ab35ef1 100644
--- a/crates/cli/src/update.rs
+++ b/crates/cli/src/update.rs
@@ -351,8 +351,8 @@ fn update_http_client() -> Result<reqwest::blocking::Client> {
 
 /// Fetch the latest release metadata from GitHub.
 fn fetch_latest_release(channel: ReleaseChannel) -> Result<FetchedRelease> {
-    if let Some(base_url) = release_base_url_from_env() {
-        let version = update_version_from_env().unwrap_or_else(|| env!("CARGO_PKG_VERSION").into());
+    let version = update_version_from_env().unwrap_or_else(|| env!("CARGO_PKG_VERSION").into());
+    if let Some(base_url) = release_base_url_from_env(&version) {
         return Ok(FetchedRelease {
             release: release_from_mirror_base_url(
                 &base_url,
@@ -373,7 +373,7 @@ fn fetch_latest_release(channel: ReleaseChannel) -> Result<FetchedRelease> {
     })
 }
 
-fn release_base_url_from_env() -> Option<String> {
+fn release_base_url_from_env(version: &str) -> Option<String> {
     // Check canonical env first, then legacy envs
     for env_name in [
         RELEASE_BASE_URL_ENV,
@@ -389,11 +389,19 @@ fn release_base_url_from_env() -> Option<String> {
     }
     // Auto-detect CNB mirror when CODEWHALE_USE_CNB_MIRROR is set
     if std::env::var(CNB_MIRROR_ENV).is_ok() {
-        return Some(CNB_RELEASE_ASSET_BASE.to_string());
+        return Some(cnb_release_base_url(version));
     }
     None
 }
 
+fn cnb_release_base_url(version: &str) -> String {
+    format!(
+        "{}/v{}",
+        CNB_RELEASE_ASSET_BASE.trim_end_matches('/'),
+        version.trim_start_matches('v')
+    )
+}
+
 fn update_version_from_env() -> Option<String> {
     std::env::var(UPDATE_VERSION_ENV)
         .ok()
@@ -993,6 +1001,18 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
         );
     }
 
+    #[test]
+    fn cnb_release_base_url_includes_tag_directory() {
+        assert_eq!(
+            cnb_release_base_url("0.8.47"),
+            "https://cnb.cool/Hmbown/CodeWhale/-/releases/v0.8.47"
+        );
+        assert_eq!(
+            cnb_release_base_url("v0.8.47"),
+            "https://cnb.cool/Hmbown/CodeWhale/-/releases/v0.8.47"
+        );
+    }
+
     #[test]
     fn stable_update_is_needed_only_when_latest_is_newer() {
         assert!(update_is_needed(ReleaseChannel::Stable, "0.8.45", "v0.8.46").unwrap());
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index ffc78e66..bb2c339b 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -1624,10 +1624,7 @@ pub fn ensure_state_dir(subdir: &str) -> Result<PathBuf> {
 /// Returns `(true, path)` when the primary `.codewhale/` path is used,
 /// `(false, path)` for the legacy fallback. The boolean helps callers
 /// emit a deprecation notice on legacy paths.
-pub fn resolve_project_state_dir(
-    workspace: &Path,
-    subdir: &str,
-) -> (bool, PathBuf) {
+pub fn resolve_project_state_dir(workspace: &Path, subdir: &str) -> (bool, PathBuf) {
     let primary = workspace.join(CODEWHALE_APP_DIR).join(subdir);
     if primary.exists() {
         return (true, primary);
@@ -1638,10 +1635,7 @@ pub fn resolve_project_state_dir(
 
 /// Ensure a project-local state subdirectory exists under `.codewhale/`,
 /// creating it if necessary. Returns the directory path.
-pub fn ensure_project_state_dir(
-    workspace: &Path,
-    subdir: &str,
-) -> Result<PathBuf> {
+pub fn ensure_project_state_dir(workspace: &Path, subdir: &str) -> Result<PathBuf> {
     let dir = workspace.join(CODEWHALE_APP_DIR).join(subdir);
     std::fs::create_dir_all(&dir)
         .with_context(|| format!("failed to create {}/", dir.display()))?;
diff --git a/crates/tui/src/commands/session.rs b/crates/tui/src/commands/session.rs
index 316e8c6c..80535bbd 100644
--- a/crates/tui/src/commands/session.rs
+++ b/crates/tui/src/commands/session.rs
@@ -513,7 +513,10 @@ mod tests {
             Vec::new()
         };
         // Session should be saved to the managed dir, not the workspace root.
-        assert!(!entries.is_empty(), "expected session file in {sessions_dir:?}, got none; msg: {msg}");
+        assert!(
+            !entries.is_empty(),
+            "expected session file in {sessions_dir:?}, got none; msg: {msg}"
+        );
     }
 
     #[test]
diff --git a/crates/tui/src/commands/skills.rs b/crates/tui/src/commands/skills.rs
index 9dc7fbf7..a8a4997f 100644
--- a/crates/tui/src/commands/skills.rs
+++ b/crates/tui/src/commands/skills.rs
@@ -441,7 +441,7 @@ fn sync_skills(app: &mut App) -> CommandResult {
                     }
                     SkillSyncOutcome::Denied { name, host } => {
                         failed += 1;
-                        let _ = writeln!(out, "  [✓] {name} — network denied ({host})");
+                        let _ = writeln!(out, "  [!] {name} — network denied ({host})");
                     }
                     SkillSyncOutcome::NeedsApproval { name, host } => {
                         failed += 1;
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 55d46871..44bfd200 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -2371,7 +2371,9 @@ fn default_managed_config_path() -> Option<PathBuf> {
     {
         effective_home_dir().map(|home| {
             let primary = home.join(".codewhale").join("managed_config.toml");
-            if primary.exists() { return primary; }
+            if primary.exists() {
+                return primary;
+            }
             home.join(".deepseek").join("managed_config.toml")
         })
     }
@@ -2386,7 +2388,9 @@ fn default_requirements_path() -> Option<PathBuf> {
     {
         effective_home_dir().map(|home| {
             let primary = home.join(".codewhale").join("requirements.toml");
-            if primary.exists() { return primary; }
+            if primary.exists() {
+                return primary;
+            }
             home.join(".deepseek").join("requirements.toml")
         })
     }
@@ -2415,7 +2419,9 @@ fn default_skills_dir() -> Option<PathBuf> {
 fn default_mcp_config_path() -> Option<PathBuf> {
     effective_home_dir().map(|home| {
         let primary = home.join(".codewhale").join("mcp.json");
-        if primary.exists() { return primary; }
+        if primary.exists() {
+            return primary;
+        }
         home.join(".deepseek").join("mcp.json")
     })
 }
@@ -2423,7 +2429,9 @@ fn default_mcp_config_path() -> Option<PathBuf> {
 fn default_notes_path() -> Option<PathBuf> {
     effective_home_dir().map(|home| {
         let primary = home.join(".codewhale").join("notes.txt");
-        if primary.exists() { return primary; }
+        if primary.exists() {
+            return primary;
+        }
         home.join(".deepseek").join("notes.txt")
     })
 }
@@ -2431,7 +2439,9 @@ fn default_notes_path() -> Option<PathBuf> {
 fn default_memory_path() -> Option<PathBuf> {
     effective_home_dir().map(|home| {
         let primary = home.join(".codewhale").join("memory.md");
-        if primary.exists() { return primary; }
+        if primary.exists() {
+            return primary;
+        }
         home.join(".deepseek").join("memory.md")
     })
 }
diff --git a/crates/tui/src/core/capacity_memory.rs b/crates/tui/src/core/capacity_memory.rs
index ab598512..0d22e4df 100644
--- a/crates/tui/src/core/capacity_memory.rs
+++ b/crates/tui/src/core/capacity_memory.rs
@@ -64,8 +64,7 @@ fn capacity_memory_dirs() -> Vec<PathBuf> {
         dirs.push(home.join(".deepseek").join("memory"));
     }
 
-    let cwd = std::env::current_dir()
-        .unwrap_or_else(|_| PathBuf::from("."));
+    let cwd = std::env::current_dir().unwrap_or_else(|_| PathBuf::from("."));
     let primary_cwd = cwd.join(".codewhale").join("memory");
     if primary_cwd.exists() {
         dirs.push(primary_cwd);
diff --git a/crates/tui/src/cycle_manager.rs b/crates/tui/src/cycle_manager.rs
index 6817811e..c7315053 100644
--- a/crates/tui/src/cycle_manager.rs
+++ b/crates/tui/src/cycle_manager.rs
@@ -466,13 +466,12 @@ pub struct CycleArchiveHeader {
 /// Resolve the on-disk archive directory: `~/.codewhale/sessions/<id>/cycles`
 /// (or legacy `~/.deepseek/sessions/<id>/cycles`).
 fn archive_dir_for(session_id: &str) -> Result<PathBuf> {
-    let sessions = codewhale_config::resolve_state_dir("sessions")
-        .unwrap_or_else(|_| {
-            dirs::home_dir()
-                .unwrap_or_else(|| PathBuf::from("."))
-                .join(".deepseek")
-                .join("sessions")
-        });
+    let sessions = codewhale_config::resolve_state_dir("sessions").unwrap_or_else(|_| {
+        dirs::home_dir()
+            .unwrap_or_else(|| PathBuf::from("."))
+            .join(".deepseek")
+            .join("sessions")
+    });
     Ok(sessions.join(session_id).join("cycles"))
 }
 
diff --git a/crates/tui/src/tools/truncate.rs b/crates/tui/src/tools/truncate.rs
index 6c8d6e69..4de0a540 100644
--- a/crates/tui/src/tools/truncate.rs
+++ b/crates/tui/src/tools/truncate.rs
@@ -82,7 +82,9 @@ pub fn spillover_root() -> Option<PathBuf> {
     }
 
     // Prefer .codewhale, fall back to .deepseek
-    let primary = dirs::home_dir()?.join(".codewhale").join(SPILLOVER_DIR_NAME);
+    let primary = dirs::home_dir()?
+        .join(".codewhale")
+        .join(SPILLOVER_DIR_NAME);
     if primary.exists() {
         return Some(primary);
     }
diff --git a/crates/tui/src/tui/mouse_ui.rs b/crates/tui/src/tui/mouse_ui.rs
index 92278bb6..a22b2b61 100644
--- a/crates/tui/src/tui/mouse_ui.rs
+++ b/crates/tui/src/tui/mouse_ui.rs
@@ -714,10 +714,10 @@ pub(crate) fn copy_active_selection(app: &mut App) {
     if !sel.is_empty() {
         if app.clipboard.write_text(&sel).is_ok() {
             app.status_message = Some("Selection copied".to_string());
+            app.clear_selection();
         } else {
             app.status_message = Some("Copy failed".to_string());
         }
-        app.clear_selection();
         return;
     }
     if !app.viewport.transcript_selection.is_active() {
diff --git a/crates/tui/src/tui/onboarding/mod.rs b/crates/tui/src/tui/onboarding/mod.rs
index 2967cab6..a1cce682 100644
--- a/crates/tui/src/tui/onboarding/mod.rs
+++ b/crates/tui/src/tui/onboarding/mod.rs
@@ -130,7 +130,9 @@ pub fn tips_lines(app: &App) -> Vec<ratatui::text::Line<'static>> {
 pub fn default_marker_path() -> Option<PathBuf> {
     dirs::home_dir().map(|home| {
         let primary = home.join(".codewhale").join(".onboarded");
-        if primary.exists() { return primary; }
+        if primary.exists() {
+            return primary;
+        }
         home.join(".deepseek").join(".onboarded")
     })
 }
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index c0f1dad4..83c755b8 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -2972,7 +2972,11 @@ async fn run_event_loop(
                     let sel = app.selected_text();
                     if !sel.is_empty() {
                         if app.clipboard.write_text(&sel).is_ok() {
-                            app.push_status_toast("Copied to clipboard", StatusToastLevel::Info, None);
+                            app.push_status_toast(
+                                "Copied to clipboard",
+                                StatusToastLevel::Info,
+                                None,
+                            );
                             app.clear_selection();
                         } else {
                             app.push_status_toast("Copy failed", StatusToastLevel::Error, None);

From 74878dcd300903e95491e04e743e649503a4a1d8 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:39:39 -0500
Subject: [PATCH 108/283] refactor(tools): replace Semaphore with RwLock for
 parallel-safe tool execution

- Use OwnedRwLockReadGuard for parallel-safe tools, OwnedRwLockWriteGuard for serial
- Add TOOL_EXECUTION_LOCK_HELD task-local for reentrancy detection
- Add BlockingHandler test harness and parallel-vs-serial concurrency tests
---
 crates/tools/src/lib.rs            |  62 ++++++---
 crates/tools/tests/parity_tools.rs | 208 ++++++++++++++++++++++++++++-
 2 files changed, 248 insertions(+), 22 deletions(-)

diff --git a/crates/tools/src/lib.rs b/crates/tools/src/lib.rs
index 050b840f..b0ffc55b 100644
--- a/crates/tools/src/lib.rs
+++ b/crates/tools/src/lib.rs
@@ -8,7 +8,11 @@ use async_trait::async_trait;
 use codewhale_protocol::{ToolKind, ToolOutput, ToolPayload};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
-use tokio::sync::Semaphore;
+use tokio::sync::{OwnedRwLockReadGuard, OwnedRwLockWriteGuard, RwLock};
+
+tokio::task_local! {
+    static TOOL_EXECUTION_LOCK_HELD: ();
+}
 
 /// Capabilities that a tool may have or require.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
@@ -311,15 +315,36 @@ pub trait ToolHandler: Send + Sync {
 
 #[derive(Debug)]
 pub struct ToolCallRuntime {
-    /// Serialise non-parallel tool executions. Capacity 1 ensures at most one
-    /// serial tool runs at a time, and blocks parallel tools while it runs.
-    serial_semaphore: Arc<Semaphore>,
+    /// Preserve read/write tool execution semantics: parallel-safe tools may
+    /// overlap, while serial tools run exclusively.
+    execution_lock: Arc<RwLock<()>>,
 }
 
 impl Default for ToolCallRuntime {
     fn default() -> Self {
         Self {
-            serial_semaphore: Arc::new(Semaphore::new(1)),
+            execution_lock: Arc::new(RwLock::new(())),
+        }
+    }
+}
+
+#[derive(Debug)]
+enum ToolExecutionGuard {
+    Parallel(#[allow(dead_code)] OwnedRwLockReadGuard<()>),
+    Serial(#[allow(dead_code)] OwnedRwLockWriteGuard<()>),
+    Reentrant,
+}
+
+impl ToolCallRuntime {
+    async fn acquire(&self, supports_parallel: bool) -> ToolExecutionGuard {
+        if TOOL_EXECUTION_LOCK_HELD.try_with(|_| ()).is_ok() {
+            return ToolExecutionGuard::Reentrant;
+        }
+
+        if supports_parallel {
+            ToolExecutionGuard::Parallel(self.execution_lock.clone().read_owned().await)
+        } else {
+            ToolExecutionGuard::Serial(self.execution_lock.clone().write_owned().await)
         }
     }
 }
@@ -389,22 +414,17 @@ impl ToolRegistry {
             source: call.source,
         };
 
-        if configured.supports_parallel_tool_calls {
-            // Parallel tools wait for any in-flight serial tool to finish,
-            // but do not hold the permit so other parallel tools may run concurrently.
-            drop(self.runtime.serial_semaphore.acquire().await
-                .map_err(|_| FunctionCallError::Cancelled { name: call.name })?);
-            self.execute_with_timeout(handler, configured.spec.timeout_ms, invocation)
-                .await
-        } else {
-            // Serial tools hold the semaphore for the full execution duration,
-            // preventing other serial AND parallel tools from starting.
-            let _permit = self.runtime.serial_semaphore.acquire().await
-                .map_err(|_| FunctionCallError::Cancelled { name: call.name })?;
-            self.execute_with_timeout(handler, configured.spec.timeout_ms, invocation)
-                .await
-            // _permit dropped here, releasing the semaphore.
-        }
+        let _guard = self
+            .runtime
+            .acquire(configured.supports_parallel_tool_calls)
+            .await;
+
+        TOOL_EXECUTION_LOCK_HELD
+            .scope(
+                (),
+                self.execute_with_timeout(handler, configured.spec.timeout_ms, invocation),
+            )
+            .await
     }
 
     async fn execute_with_timeout(
diff --git a/crates/tools/tests/parity_tools.rs b/crates/tools/tests/parity_tools.rs
index fb08753b..ef525ba4 100644
--- a/crates/tools/tests/parity_tools.rs
+++ b/crates/tools/tests/parity_tools.rs
@@ -1,4 +1,5 @@
-use std::sync::Arc;
+use std::sync::{Arc, OnceLock};
+use std::time::Duration;
 
 use async_trait::async_trait;
 use codewhale_protocol::{ToolKind, ToolOutput, ToolPayload};
@@ -6,6 +7,7 @@ use codewhale_tools::{
     ToolCall, ToolCallSource, ToolHandler, ToolInvocation, ToolRegistry, ToolSpec,
 };
 use serde_json::json;
+use tokio::sync::Notify;
 
 struct EchoHandler;
 
@@ -33,6 +35,64 @@ impl ToolHandler for EchoHandler {
     }
 }
 
+struct BlockingHandler {
+    started: Arc<Notify>,
+    release: Arc<Notify>,
+}
+
+#[async_trait]
+impl ToolHandler for BlockingHandler {
+    fn kind(&self) -> ToolKind {
+        ToolKind::Function
+    }
+
+    async fn handle(
+        &self,
+        invocation: ToolInvocation,
+    ) -> std::result::Result<ToolOutput, codewhale_tools::FunctionCallError> {
+        self.started.notify_waiters();
+        self.release.notified().await;
+        Ok(ToolOutput::Function {
+            body: Some(json!({
+                "tool": invocation.tool_name,
+                "call_id": invocation.call_id
+            })),
+            success: true,
+        })
+    }
+}
+
+struct ReentrantHandler {
+    registry: Arc<OnceLock<Arc<ToolRegistry>>>,
+}
+
+#[async_trait]
+impl ToolHandler for ReentrantHandler {
+    fn kind(&self) -> ToolKind {
+        ToolKind::Function
+    }
+
+    async fn handle(
+        &self,
+        _invocation: ToolInvocation,
+    ) -> std::result::Result<ToolOutput, codewhale_tools::FunctionCallError> {
+        let registry = self.registry.get().expect("registry initialized").clone();
+        registry
+            .dispatch(
+                ToolCall {
+                    name: "inner".to_string(),
+                    payload: ToolPayload::Function {
+                        arguments: "{}".to_string(),
+                    },
+                    source: ToolCallSource::Direct,
+                    raw_tool_call_id: Some("inner-call".to_string()),
+                },
+                true,
+            )
+            .await
+    }
+}
+
 #[tokio::test]
 async fn dispatches_function_tool_with_parallel_flag() {
     let mut registry = ToolRegistry::default();
@@ -68,3 +128,149 @@ async fn dispatches_function_tool_with_parallel_flag() {
         other => panic!("unexpected output: {other:?}"),
     }
 }
+
+#[tokio::test]
+async fn serial_tool_waits_for_running_parallel_tool() {
+    let started = Arc::new(Notify::new());
+    let release = Arc::new(Notify::new());
+    let mut registry = ToolRegistry::default();
+    registry
+        .register(
+            ToolSpec {
+                name: "slow_read".to_string(),
+                input_schema: json!({"type":"object"}),
+                output_schema: json!({"type":"object"}),
+                supports_parallel_tool_calls: true,
+                timeout_ms: Some(1000),
+            },
+            Arc::new(BlockingHandler {
+                started: started.clone(),
+                release: release.clone(),
+            }),
+        )
+        .expect("register slow read");
+    registry
+        .register(
+            ToolSpec {
+                name: "serial".to_string(),
+                input_schema: json!({"type":"object"}),
+                output_schema: json!({"type":"object"}),
+                supports_parallel_tool_calls: false,
+                timeout_ms: Some(1000),
+            },
+            Arc::new(EchoHandler),
+        )
+        .expect("register serial");
+
+    let registry = Arc::new(registry);
+    let started_wait = started.notified();
+    let parallel_registry = registry.clone();
+    let parallel = tokio::spawn(async move {
+        parallel_registry
+            .dispatch(
+                ToolCall {
+                    name: "slow_read".to_string(),
+                    payload: ToolPayload::Function {
+                        arguments: "{}".to_string(),
+                    },
+                    source: ToolCallSource::Direct,
+                    raw_tool_call_id: Some("parallel-call".to_string()),
+                },
+                true,
+            )
+            .await
+    });
+    tokio::time::timeout(Duration::from_secs(1), started_wait)
+        .await
+        .expect("parallel tool started");
+
+    let serial_registry = registry.clone();
+    let mut serial = tokio::spawn(async move {
+        serial_registry
+            .dispatch(
+                ToolCall {
+                    name: "serial".to_string(),
+                    payload: ToolPayload::Function {
+                        arguments: "{}".to_string(),
+                    },
+                    source: ToolCallSource::Direct,
+                    raw_tool_call_id: Some("serial-call".to_string()),
+                },
+                true,
+            )
+            .await
+    });
+
+    tokio::select! {
+        _ = &mut serial => panic!("serial tool overlapped a running parallel tool"),
+        () = tokio::time::sleep(Duration::from_millis(50)) => {}
+    }
+
+    release.notify_waiters();
+    serial
+        .await
+        .expect("serial task panicked")
+        .expect("serial ran");
+    parallel
+        .await
+        .expect("parallel task panicked")
+        .expect("parallel ran");
+}
+
+#[tokio::test]
+async fn serial_tool_can_reenter_registry_without_deadlock() {
+    let registry_cell = Arc::new(OnceLock::new());
+    let mut registry = ToolRegistry::default();
+    registry
+        .register(
+            ToolSpec {
+                name: "outer".to_string(),
+                input_schema: json!({"type":"object"}),
+                output_schema: json!({"type":"object"}),
+                supports_parallel_tool_calls: false,
+                timeout_ms: Some(1000),
+            },
+            Arc::new(ReentrantHandler {
+                registry: registry_cell.clone(),
+            }),
+        )
+        .expect("register outer");
+    registry
+        .register(
+            ToolSpec {
+                name: "inner".to_string(),
+                input_schema: json!({"type":"object"}),
+                output_schema: json!({"type":"object"}),
+                supports_parallel_tool_calls: false,
+                timeout_ms: Some(1000),
+            },
+            Arc::new(EchoHandler),
+        )
+        .expect("register inner");
+
+    let registry = Arc::new(registry);
+    assert!(registry_cell.set(registry.clone()).is_ok());
+
+    let output = tokio::time::timeout(
+        Duration::from_secs(1),
+        registry.dispatch(
+            ToolCall {
+                name: "outer".to_string(),
+                payload: ToolPayload::Function {
+                    arguments: "{}".to_string(),
+                },
+                source: ToolCallSource::Direct,
+                raw_tool_call_id: Some("outer-call".to_string()),
+            },
+            true,
+        ),
+    )
+    .await
+    .expect("outer dispatch timed out")
+    .expect("outer dispatch failed");
+
+    match output {
+        ToolOutput::Function { success, .. } => assert!(success),
+        other => panic!("unexpected output: {other:?}"),
+    }
+}

From 92c8dbc7cec77d0cc399a9353afc3fca014a43a5 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:39:39 -0500
Subject: [PATCH 109/283] fix(composer): use wrap_input_lines_for_mouse, clamp
 selection to input length

- Replace visible_line_char_ranges with wrap_input_lines_for_mouse for accurate mouse selection
- Clamp selection_anchor and cursor_position to char_count
- Clear selection on history navigation to prevent stale highlights
- Add test for history-navigation-clears-stale-selection
---
 crates/tui/src/tui/app.rs         | 24 +++++++++++-
 crates/tui/src/tui/widgets/mod.rs | 65 ++++---------------------------
 2 files changed, 29 insertions(+), 60 deletions(-)

diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 201890ad..d8068956 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -3774,8 +3774,9 @@ impl App {
     /// Return the (start, end) of the active selection, or `None`.
     /// `start` is inclusive, `end` is exclusive; both are char indices.
     pub fn selection_range(&self) -> Option<(usize, usize)> {
-        let anchor = self.selection_anchor?;
-        let cursor = self.cursor_position;
+        let total = char_count(&self.input);
+        let anchor = self.selection_anchor?.min(total);
+        let cursor = self.cursor_position.min(total);
         if anchor == cursor {
             return None;
         }
@@ -4510,6 +4511,7 @@ impl App {
         self.history_index = Some(new_index);
         self.input = self.input_history[new_index].clone();
         self.cursor_position = char_count(&self.input);
+        self.selection_anchor = None;
         self.selected_attachment_index = None;
         self.slash_menu_hidden = false;
         self.paste_burst.clear_after_explicit_paste();
@@ -4526,6 +4528,7 @@ impl App {
                     self.history_index = Some(i + 1);
                     self.input = self.input_history[i + 1].clone();
                     self.cursor_position = char_count(&self.input);
+                    self.selection_anchor = None;
                     self.selected_attachment_index = None;
                     self.slash_menu_hidden = false;
                     self.paste_burst.clear_after_explicit_paste();
@@ -4534,6 +4537,7 @@ impl App {
                     if let Some(draft) = self.history_navigation_draft.take() {
                         self.input = draft.input;
                         self.cursor_position = draft.cursor.min(char_count(&self.input));
+                        self.selection_anchor = None;
                         self.selected_attachment_index = None;
                         self.slash_menu_hidden = false;
                         self.paste_burst.clear_after_explicit_paste();
@@ -5914,6 +5918,22 @@ mod tests {
         assert!(app.history_index.is_none());
     }
 
+    #[test]
+    fn input_history_navigation_clears_stale_selection() {
+        let mut app = App::new(test_options(false), &Config::default());
+        app.input_history.push("previous input".to_string());
+        app.input = "hello world".to_string();
+        app.cursor_position = "hello ".chars().count();
+        app.selection_anchor = Some(app.input.chars().count());
+
+        app.history_up();
+        assert_eq!(app.input, "previous input");
+        assert!(app.selection_anchor.is_none());
+
+        app.insert_char('x');
+        assert_eq!(app.input, "previous inputx");
+    }
+
     #[test]
     fn input_history_restores_empty_draft_at_end_of_navigation() {
         let mut app = App::new(test_options(false), &Config::default());
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index 58cdffb7..2c478a29 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -667,12 +667,13 @@ impl Renderable for ComposerWidget<'_> {
                 Style::default().fg(palette::TEXT_MUTED).italic(),
             )));
         } else if let Some((sel_start, sel_end)) = self.app.selection_range() {
-            let line_ranges = visible_line_char_ranges(
-                &self.app.input,
-                &visible_lines,
-                content_width,
-                scroll_offset,
-            );
+            let line_ranges: Vec<(usize, usize)> =
+                wrap_input_lines_for_mouse(&self.app.input, content_width)
+                    .into_iter()
+                    .skip(scroll_offset)
+                    .take(visible_lines.len())
+                    .map(|(start, text)| (start, start + text.chars().count()))
+                    .collect();
             for (line_text, (line_start, line_end)) in visible_lines.iter().zip(line_ranges.iter())
             {
                 let spans = line_spans_with_selection(
@@ -2443,58 +2444,6 @@ fn wrap_text(text: &str, width: usize) -> Vec<String> {
     lines
 }
 
-/// Compute the (char_start, char_end) range for each visible wrapped line.
-/// `char_start` is inclusive, `char_end` is exclusive.
-/// `scroll_offset` is the number of wrapped lines skipped from the top.
-fn visible_line_char_ranges(
-    input: &str,
-    visible_lines: &[String],
-    width: usize,
-    scroll_offset: usize,
-) -> Vec<(usize, usize)> {
-    if input.is_empty() || width == 0 {
-        return vec![(0, 0); visible_lines.len()];
-    }
-
-    let mut ranges = Vec::new();
-    let mut char_idx = 0usize;
-    let mut line_start = 0usize;
-    let mut line_width = 0usize;
-
-    for g in input.graphemes(true) {
-        if g == "\n" {
-            ranges.push((line_start, char_idx));
-            char_idx += 1;
-            line_start = char_idx;
-            line_width = 0;
-            continue;
-        }
-
-        let gw = g.width();
-        if line_width + gw > width && line_width > 0 {
-            ranges.push((line_start, char_idx));
-            line_start = char_idx;
-            line_width = 0;
-        }
-        char_idx += g.chars().count();
-        line_width += gw;
-        if line_width >= width {
-            ranges.push((line_start, char_idx));
-            line_start = char_idx;
-            line_width = 0;
-        }
-    }
-    ranges.push((line_start, char_idx));
-
-    // Use the actual scroll_offset to align with visible_lines.
-    let start = scroll_offset.min(ranges.len());
-    ranges
-        .into_iter()
-        .skip(start)
-        .take(visible_lines.len())
-        .collect()
-}
-
 fn line_spans_with_selection<'a>(
     line: &'a str,
     line_start: usize,

From 11e1ec1fe323c999a3d58c004a0b706472165e5a Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:39:39 -0500
Subject: [PATCH 110/283] docs: add v0.8.47 CHANGELOG entries for composer, CNB
 mirror, fixes

---
 crates/tui/CHANGELOG.md | 50 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/crates/tui/CHANGELOG.md b/crates/tui/CHANGELOG.md
index 6c266c89..924e4f2f 100644
--- a/crates/tui/CHANGELOG.md
+++ b/crates/tui/CHANGELOG.md
@@ -7,6 +7,56 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- **Composer text selection with copy/cut.** Mouse drag and Shift+Arrow
+  selection in the composer input box, with Ctrl+C copy and Ctrl+X cut
+  support. Home, End, Ctrl+A, and Ctrl+E now clear the selection (#2228).
+- **Copy transcript without visual-wrap newlines.** Transcript copy now
+  strips visual-wrap column line breaks from paragraphs, producing clean
+  text for pasting into editors or prompts (#1906).
+- **Configurable base URL in /config view.** The `/config` panel now
+  displays the effective DeepSeek base URL (#1967).
+- **CNB mirror support for China-friendly downloads.** Added
+  `CODEWHALE_RELEASE_BASE_URL` and `CODEWHALE_USE_CNB_MIRROR` to
+  both npm install scripts and Rust self-updater (#2222).
+- **[✓] completion markers.** Checklist, plan, and tool completion
+  markers now render as `[✓]` instead of `[x]` (#1935).
+
+### Changed
+
+- **Project context loading now logs the source file.** (#2227)
+- **macOS onboarding and empty-state layout pinned to top** instead
+  of vertically centered (#1837).
+- **State-root migration continues.** Migrated 15+ storage paths to
+  prefer `~/.codewhale` with `~/.deepseek` fallback (#2231).
+- **READMEs updated for the CodeWhale rename.** All three READMEs now
+  reference canonical `~/.codewhale` paths.
+
+### Fixed
+
+- **Deadlock when spawning multiple concurrent sub-agents.** Replaced
+  `RwLock`-based serialisation with a `Semaphore(1)` (#1856).
+- **Steered/queued messages now render in correct transcript order.**
+  `steer_user_message` now flushes the active cell before inserting (#2225).
+- **Session save test updated for managed sessions directory.** (#2223).
+- **Loop guard reports Failed on halt.** Turn outcome correctly reports
+  `Failed` instead of `Completed` when the loop guard trips (#1859).
+- **DEEPSEEK_YOLO env honoured on startup.** The `--yolo` flag is now
+  correctly merged with the `DEEPSEEK_YOLO` environment variable (#1870).
+
+### Community
+
+Thanks to contributors whose PRs landed in this release:
+**@Fire-dtx** (#1856),
+**@imkingjh999** (#2228),
+**@harvey2011888** (#1859),
+**@victorcheng2333** (#1870),
+**@IIzzaya** (#1935),
+**@PurplePulse** (#1837),
+**@cyq1017** (#1967),
+**@knqiufan** (#1906).
+
 ## [0.8.46] - 2026-05-26
 
 ### Added

From ac6693581f8ae640d36414f826fb249b54c0acb4 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:40:16 -0500
Subject: [PATCH 111/283] fix(tools): restore checklist and planning tools to
 default active catalog

PR #2076 deferred planning/checklist tools (checklist_write, update_plan,
task_create, task_list, task_read) to reduce catalog tokens, but the system
prompt actively instructs the model to use these tools. Without them in the
active catalog, the model cannot call them until it first discovers them via
tool_search, which it is not prompted to do for planning tools.

Keep these tools in DEFAULT_ACTIVE_NATIVE_TOOLS so the model can follow
the Constitution's Regulations (Tier 3) and the Mode: YOLO instructions.
---
 crates/tui/src/core/engine/tool_catalog.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crates/tui/src/core/engine/tool_catalog.rs b/crates/tui/src/core/engine/tool_catalog.rs
index c699a0a8..65b194ce 100644
--- a/crates/tui/src/core/engine/tool_catalog.rs
+++ b/crates/tui/src/core/engine/tool_catalog.rs
@@ -32,6 +32,7 @@ pub(super) fn is_tool_search_tool(name: &str) -> bool {
 pub(super) const DEFAULT_ACTIVE_NATIVE_TOOLS: &[&str] = &[
     "agent_open",
     "apply_patch",
+    "checklist_write",
     "edit_file",
     "exec_shell",
     "fetch_url",
@@ -42,6 +43,10 @@ pub(super) const DEFAULT_ACTIVE_NATIVE_TOOLS: &[&str] = &[
     "list_dir",
     "read_file",
     "run_tests",
+    "task_create",
+    "task_list",
+    "task_read",
+    "update_plan",
     "web_search",
     "write_file",
 ];

From b96fa37ea44a19ba30e482bc0b049d40bec0ab3a Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 16:40:16 -0500
Subject: [PATCH 112/283] chore: add DeepSWE task verification script

---
 scripts/verify_task.sh | 48 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 scripts/verify_task.sh

diff --git a/scripts/verify_task.sh b/scripts/verify_task.sh
new file mode 100644
index 00000000..97689ebf
--- /dev/null
+++ b/scripts/verify_task.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+# verify_task.sh <task_id> <docker_image>
+# Runs the DeepSWE verifier inside the task's Docker container.
+# Expects model.patch at /tmp/deep-swe-verify/<task_id>/model.patch
+TASK_ID="$1"
+IMAGE="$2"
+TASKS_DIR="/Volumes/VIXinSSD/whalebro/codewhale/deep-swe/tasks"
+WORK_DIR="/tmp/deep-swe-verify/$TASK_ID"
+
+mkdir -p "$WORK_DIR"
+RESULT_FILE="$WORK_DIR/result.txt"
+
+echo "[$TASK_ID] Pulling image..."
+docker pull "$IMAGE" 2>&1 | tail -1
+
+echo "[$TASK_ID] Running verifier..."
+docker run --rm \
+  --platform linux/amd64 \
+  -v "$WORK_DIR/model.patch:/model.patch:ro" \
+  -v "$TASKS_DIR/$TASK_ID/tests/test.patch:/tests/test.patch:ro" \
+  -v "$TASKS_DIR/$TASK_ID/tests/test.sh:/verify.sh:ro" \
+  "$IMAGE" \
+  bash -c '
+    set -e
+    mkdir -p /logs/verifier /logs/artifacts
+    cd /app
+    git apply --whitespace=nowarn /model.patch 2>/dev/null || { echo "PATCH_FAILED"; exit 2; }
+    bash /verify.sh > /logs/verifier/output.txt 2>&1
+    EC=$?
+    if [ -f /logs/verifier/reward.txt ]; then
+      REWARD=$(cat /logs/verifier/reward.txt)
+      echo "REWARD=$REWARD"
+    else
+      # Extract from output
+      if grep -q "New tests exit code: 0" /logs/verifier/output.txt && \
+         grep -q "Baseline exit code: 0" /logs/verifier/output.txt; then
+        echo "REWARD=1"
+      else
+        echo "REWARD=0"
+      fi
+    fi
+    echo "---OUTPUT_TAIL---"
+    tail -30 /logs/verifier/output.txt
+  ' > "$RESULT_FILE" 2>&1
+
+echo "[$TASK_ID] Done. Result:"
+cat "$RESULT_FILE" | grep -E 'REWARD|FAILED|PATCH_FAILED|passed'
+echo ""

From ed23a48e040302a571ebc9b07561e5558cf581a2 Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Wed, 27 May 2026 07:33:27 +0800
Subject: [PATCH 113/283]   feat: add new session command

  Add /new to start a fresh saved session from the TUI without overloading /clear.
  The command creates a distinct session id, resets conversation state, and keeps
  previous sessions available through /resume.

  Block unsafe switches when pending input or active work exists, with /new --force
  available for explicit discard.
---
 crates/tui/src/commands/core.rs    |  40 ++++---
 crates/tui/src/commands/mod.rs     |   7 ++
 crates/tui/src/commands/session.rs | 171 +++++++++++++++++++++++++++++
 crates/tui/src/localization.rs     |   7 ++
 4 files changed, 208 insertions(+), 17 deletions(-)

diff --git a/crates/tui/src/commands/core.rs b/crates/tui/src/commands/core.rs
index 0a50f1d8..44394485 100644
--- a/crates/tui/src/commands/core.rs
+++ b/crates/tui/src/commands/core.rs
@@ -46,6 +46,28 @@ pub fn help(app: &mut App, topic: Option<&str>) -> CommandResult {
 
 /// Clear conversation history
 pub fn clear(app: &mut App) -> CommandResult {
+    let todos_cleared = reset_conversation_state(app);
+    app.current_session_id = None;
+    let locale = app.ui_locale;
+    let message = if todos_cleared {
+        tr(locale, MessageId::ClearConversation).to_string()
+    } else {
+        tr(locale, MessageId::ClearConversationBusy).to_string()
+    };
+    CommandResult::with_message_and_action(
+        message,
+        AppAction::SyncSession {
+            session_id: None,
+            messages: Vec::new(),
+            system_prompt: None,
+            model: app.model.clone(),
+            workspace: app.workspace.clone(),
+        },
+    )
+}
+
+/// Reset the active conversation without choosing the next session id.
+pub(crate) fn reset_conversation_state(app: &mut App) -> bool {
     app.clear_history();
     app.mark_history_updated();
     app.api_messages.clear();
@@ -78,23 +100,7 @@ pub fn clear(app: &mut App) -> CommandResult {
     app.session.last_reasoning_replay_tokens = None;
     app.session.turn_cache_history.clear();
     app.session.last_cache_inspection = None;
-    app.current_session_id = None;
-    let locale = app.ui_locale;
-    let message = if todos_cleared {
-        tr(locale, MessageId::ClearConversation).to_string()
-    } else {
-        tr(locale, MessageId::ClearConversationBusy).to_string()
-    };
-    CommandResult::with_message_and_action(
-        message,
-        AppAction::SyncSession {
-            session_id: None,
-            messages: Vec::new(),
-            system_prompt: None,
-            model: app.model.clone(),
-            workspace: app.workspace.clone(),
-        },
-    )
+    todos_cleared
 }
 
 /// Exit the application
diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index f21df395..842625e3 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -298,6 +298,12 @@ pub const COMMANDS: &[CommandInfo] = &[
         usage: "/fork",
         description_id: MessageId::CmdForkDescription,
     },
+    CommandInfo {
+        name: "new",
+        aliases: &[],
+        usage: "/new [--force]",
+        description_id: MessageId::CmdNewDescription,
+    },
     CommandInfo {
         name: "sessions",
         aliases: &["resume"],
@@ -585,6 +591,7 @@ pub fn execute(cmd: &str, app: &mut App) -> CommandResult {
         "rename" | "gaiming" | "chongmingming" => rename::rename(app, arg),
         "save" => session::save(app, arg),
         "fork" | "branch" => session::fork(app),
+        "new" => session::new_session(app, arg),
         "sessions" | "resume" => session::sessions(app, arg),
         "relay" | "batonpass" | "接力" => relay(app, arg),
         "load" | "jiazai" => session::load(app, arg),
diff --git a/crates/tui/src/commands/session.rs b/crates/tui/src/commands/session.rs
index a54c4403..a54426c1 100644
--- a/crates/tui/src/commands/session.rs
+++ b/crates/tui/src/commands/session.rs
@@ -135,6 +135,73 @@ pub fn fork(app: &mut App) -> CommandResult {
     )
 }
 
+/// Start a fresh saved session from the current TUI state.
+pub fn new_session(app: &mut App, arg: Option<&str>) -> CommandResult {
+    let force = match arg.map(str::trim).filter(|s| !s.is_empty()) {
+        None => false,
+        Some("--force" | "force") => true,
+        Some(other) => {
+            return CommandResult::error(format!(
+                "Usage: /new [--force]\n\nUnknown argument: {other}"
+            ));
+        }
+    };
+
+    if !force {
+        let blockers = new_session_blockers(app);
+        if !blockers.is_empty() {
+            return CommandResult::error(format!(
+                "Cannot start a new session while {}. Run `/new --force` to discard pending work and start a fresh session.",
+                blockers.join(", ")
+            ));
+        }
+    }
+
+    let new_id = uuid::Uuid::new_v4().to_string();
+    super::core::reset_conversation_state(app);
+    app.clear_input();
+    app.session_artifacts.clear();
+    app.session_context_references.clear();
+    app.tool_evidence.clear();
+    app.current_session_id = Some(new_id.clone());
+    app.session_title = Some("New Session".to_string());
+    app.scroll_to_bottom();
+
+    CommandResult::with_message_and_action(
+        format!(
+            "Started new session {} (New Session). Previous sessions remain available via /resume.",
+            crate::session_manager::truncate_id(&new_id)
+        ),
+        AppAction::SyncSession {
+            session_id: Some(new_id),
+            messages: Vec::new(),
+            system_prompt: None,
+            model: app.model.clone(),
+            workspace: app.workspace.clone(),
+        },
+    )
+}
+
+fn new_session_blockers(app: &App) -> Vec<&'static str> {
+    let mut blockers = Vec::new();
+    if !app.input.trim().is_empty() {
+        blockers.push("the composer has unsent text");
+    }
+    if !app.queued_messages.is_empty() || app.queued_draft.is_some() {
+        blockers.push("queued messages are pending");
+    }
+    if app.is_loading || app.runtime_turn_status.as_deref() == Some("in_progress") {
+        blockers.push("a turn is in progress");
+    }
+    if app.is_compacting {
+        blockers.push("context compaction is running");
+    }
+    if app.task_panel.iter().any(|task| task.status == "running") {
+        blockers.push("background tasks are running");
+    }
+    blockers
+}
+
 /// Load session from file
 pub fn load(app: &mut App, path: Option<&str>) -> CommandResult {
     let load_path = if let Some(p) = path {
@@ -489,6 +556,110 @@ mod tests {
         }
     }
 
+    #[test]
+    fn new_session_from_resumed_state_creates_distinct_empty_session() {
+        let tmpdir = TempDir::new().unwrap();
+        let mut app = create_test_app_with_tmpdir(&tmpdir);
+        app.current_session_id = Some("old-session".to_string());
+        app.session_title = Some("Old Session".to_string());
+        app.api_messages.push(crate::models::Message {
+            role: "user".to_string(),
+            content: vec![crate::models::ContentBlock::Text {
+                text: "continue this thread".to_string(),
+                cache_control: None,
+            }],
+        });
+        app.add_message(HistoryCell::System {
+            content: "old transcript".to_string(),
+        });
+        app.system_prompt = Some(crate::models::SystemPrompt::Text("old prompt".to_string()));
+        app.session.total_tokens = 123;
+        app.session.session_cost = 1.25;
+
+        let result = new_session(&mut app, None);
+
+        assert!(!result.is_error, "{:?}", result.message);
+        let new_id = app.current_session_id.clone().expect("new session id");
+        assert_ne!(new_id, "old-session");
+        assert_eq!(app.session_title.as_deref(), Some("New Session"));
+        assert!(app.api_messages.is_empty());
+        assert!(app.history.is_empty());
+        assert!(app.system_prompt.is_none());
+        assert_eq!(app.session.total_tokens, 0);
+        assert_eq!(app.session.session_cost, 0.0);
+        assert!(
+            result
+                .message
+                .as_deref()
+                .unwrap_or_default()
+                .contains("/resume")
+        );
+        match result.action {
+            Some(AppAction::SyncSession {
+                session_id,
+                messages,
+                system_prompt,
+                ..
+            }) => {
+                assert_eq!(session_id.as_deref(), Some(new_id.as_str()));
+                assert!(messages.is_empty());
+                assert!(system_prompt.is_none());
+            }
+            other => panic!("expected SyncSession action, got {other:?}"),
+        }
+    }
+
+    #[test]
+    fn new_session_blocks_unsent_input_without_force() {
+        let tmpdir = TempDir::new().unwrap();
+        let mut app = create_test_app_with_tmpdir(&tmpdir);
+        app.current_session_id = Some("old-session".to_string());
+        app.input = "draft text".to_string();
+
+        let result = new_session(&mut app, None);
+
+        assert!(result.is_error);
+        assert_eq!(app.current_session_id.as_deref(), Some("old-session"));
+        assert_eq!(app.input, "draft text");
+        assert!(result.action.is_none());
+        assert!(
+            result
+                .message
+                .as_deref()
+                .unwrap_or_default()
+                .contains("/new --force")
+        );
+    }
+
+    #[test]
+    fn new_session_force_discards_unsent_input() {
+        let tmpdir = TempDir::new().unwrap();
+        let mut app = create_test_app_with_tmpdir(&tmpdir);
+        app.current_session_id = Some("old-session".to_string());
+        app.input = "draft text".to_string();
+
+        let result = new_session(&mut app, Some("--force"));
+
+        assert!(!result.is_error, "{:?}", result.message);
+        assert_ne!(app.current_session_id.as_deref(), Some("old-session"));
+        assert!(app.input.is_empty());
+        assert!(matches!(result.action, Some(AppAction::SyncSession { .. })));
+    }
+
+    #[test]
+    fn new_session_blocks_in_flight_turn_without_force() {
+        let tmpdir = TempDir::new().unwrap();
+        let mut app = create_test_app_with_tmpdir(&tmpdir);
+        app.current_session_id = Some("old-session".to_string());
+        app.is_loading = true;
+
+        let result = new_session(&mut app, None);
+
+        assert!(result.is_error);
+        assert_eq!(app.current_session_id.as_deref(), Some("old-session"));
+        assert!(result.action.is_none());
+    }
+
     #[test]
     fn test_save_with_default_path_uses_managed_sessions_dir() {
         let tmpdir = TempDir::new().unwrap();
diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index 874bb2ec..21809260 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -294,6 +294,7 @@ pub enum MessageId {
     CmdRlmDescription,
     CmdSaveDescription,
     CmdForkDescription,
+    CmdNewDescription,
     CmdSessionsDescription,
     CmdSettingsDescription,
     CmdSkillDescription,
@@ -527,6 +528,7 @@ pub const ALL_MESSAGE_IDS: &[MessageId] = &[
     MessageId::CmdReviewDescription,
     MessageId::CmdRlmDescription,
     MessageId::CmdSaveDescription,
+    MessageId::CmdNewDescription,
     MessageId::CmdSessionsDescription,
     MessageId::CmdSettingsDescription,
     MessageId::CmdSkillDescription,
@@ -971,6 +973,7 @@ fn english(id: MessageId) -> &'static str {
         MessageId::CmdRlmDescription => "Open a persistent RLM context: /rlm [0-3] <file_or_text>",
         MessageId::CmdSaveDescription => "Save session to file",
         MessageId::CmdForkDescription => "Fork the active conversation into a sibling session",
+        MessageId::CmdNewDescription => "Start a fresh saved session",
         MessageId::CmdSessionsDescription => "Open session history picker",
         MessageId::CmdSettingsDescription => "Show persistent settings",
         MessageId::CmdSkillDescription => {
@@ -1359,6 +1362,7 @@ fn japanese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdRlmDescription => "永続 RLM コンテキストを開く: /rlm [0-3] <file_or_text>",
         MessageId::CmdSaveDescription => "セッションをファイルに保存",
         MessageId::CmdForkDescription => "現在の会話を兄弟セッションに fork",
+        MessageId::CmdNewDescription => "新しい保存済みセッションを開始",
         MessageId::CmdSessionsDescription => "セッション履歴ピッカーを開く",
         MessageId::CmdSettingsDescription => "永続化された設定を表示",
         MessageId::CmdSkillDescription => {
@@ -1702,6 +1706,7 @@ fn chinese_simplified(id: MessageId) -> Option<&'static str> {
         MessageId::CmdRlmDescription => "打开持久 RLM 上下文：/rlm [0-3] <file_or_text>",
         MessageId::CmdSaveDescription => "将会话保存到文件",
         MessageId::CmdForkDescription => "将当前对话分叉为兄弟会话",
+        MessageId::CmdNewDescription => "开始一个新的已保存会话",
         MessageId::CmdSessionsDescription => "打开会话历史选择器",
         MessageId::CmdSettingsDescription => "显示持久化设置",
         MessageId::CmdSkillDescription => "激活技能，或安装/更新/卸载/信任社区技能",
@@ -2037,6 +2042,7 @@ fn portuguese_brazil(id: MessageId) -> Option<&'static str> {
         }
         MessageId::CmdSaveDescription => "Salvar a sessão em arquivo",
         MessageId::CmdForkDescription => "Bifurcar a conversa ativa para uma sessão irmã",
+        MessageId::CmdNewDescription => "Iniciar uma nova sessão salva",
         MessageId::CmdSessionsDescription => "Abrir seletor de histórico de sessões",
         MessageId::CmdSettingsDescription => "Exibir as configurações persistidas",
         MessageId::CmdSkillDescription => {
@@ -2428,6 +2434,7 @@ fn spanish_latin_america(id: MessageId) -> Option<&'static str> {
         }
         MessageId::CmdSaveDescription => "Guardar la sesión en archivo",
         MessageId::CmdForkDescription => "Bifurcar la conversación activa a una sesión hermana",
+        MessageId::CmdNewDescription => "Iniciar una nueva sesión guardada",
         MessageId::CmdSessionsDescription => "Abrir el selector de sesiones",
         MessageId::CmdSettingsDescription => "Mostrar las configuraciones persistidas",
         MessageId::CmdSkillDescription => {

From 5ed741dc8c8b449f4ecd90479bae613267783837 Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Wed, 27 May 2026 10:24:23 +0800
Subject: [PATCH 114/283]   fix(provider): keep picker selection visible

  Make the /provider modal size itself to the provider list when space allows,
  and scroll the rendered list when the selected provider moves past the visible
  rows.

  Also make the selected row use a continuous, subtle highlight so the current
  selection remains visible without looking disconnected.

  Adds regression coverage for bottom providers, initial bottom selection, full
  height rendering, and selected-row highlighting.
---
 crates/tui/src/tui/provider_picker.rs | 144 +++++++++++++++++++++++---
 1 file changed, 128 insertions(+), 16 deletions(-)

diff --git a/crates/tui/src/tui/provider_picker.rs b/crates/tui/src/tui/provider_picker.rs
index b2ac79e6..03cf07b9 100644
--- a/crates/tui/src/tui/provider_picker.rs
+++ b/crates/tui/src/tui/provider_picker.rs
@@ -21,7 +21,7 @@ use crossterm::event::{KeyCode, KeyEvent, KeyModifiers};
 use ratatui::{
     buffer::Buffer,
     layout::{Constraint, Direction, Layout, Rect},
-    style::{Modifier, Style},
+    style::{Color, Modifier, Style},
     text::{Line, Span},
     widgets::{Block, Borders, Clear, Paragraph, Widget},
 };
@@ -116,6 +116,28 @@ impl ProviderPickerView {
         }
     }
 
+    fn visible_start(&self, visible_rows: usize) -> usize {
+        if visible_rows == 0 {
+            return 0;
+        }
+        let max_start = self.providers.len().saturating_sub(visible_rows);
+        self.selected_idx
+            .saturating_add(1)
+            .saturating_sub(visible_rows)
+            .min(max_start)
+    }
+
+    fn selected_row_style(fg: Color) -> Style {
+        Style::default()
+            .fg(fg)
+            .bg(palette::SURFACE_ELEVATED)
+            .add_modifier(Modifier::BOLD)
+    }
+
+    fn selected_row_bg_style() -> Style {
+        Style::default().bg(palette::SURFACE_ELEVATED)
+    }
+
     fn render_list(&self, area: Rect, buf: &mut Buffer) {
         let outer = Block::default()
             .title(Line::from(Span::styled(
@@ -138,39 +160,64 @@ impl ProviderPickerView {
         let inner = outer.inner(area);
         outer.render(area, buf);
 
-        let mut lines: Vec<Line> = Vec::with_capacity(self.providers.len());
-        for (idx, (provider, has_key)) in self.providers.iter().enumerate() {
+        let visible_rows = usize::from(inner.height);
+        let visible_start = self.visible_start(visible_rows);
+        let mut lines: Vec<Line> = Vec::with_capacity(visible_rows);
+        for (idx, (provider, has_key)) in self
+            .providers
+            .iter()
+            .enumerate()
+            .skip(visible_start)
+            .take(visible_rows)
+        {
             let is_selected = idx == self.selected_idx;
             let is_active = *provider == self.active_provider;
             let arrow = if is_selected { "▸" } else { " " };
             let active_dot = if is_active { " *" } else { "  " };
-            let label_style = if is_selected {
+            let spacer_style = if is_selected {
+                Self::selected_row_bg_style()
+            } else {
                 Style::default()
-                    .fg(palette::SELECTION_TEXT)
-                    .bg(palette::SELECTION_BG)
-                    .add_modifier(Modifier::BOLD)
+            };
+            let label_style = if is_selected {
+                Self::selected_row_style(palette::TEXT_PRIMARY)
             } else {
                 Style::default().fg(palette::TEXT_PRIMARY)
             };
             let hint_style = if is_selected {
-                Style::default()
-                    .fg(palette::SELECTION_TEXT)
-                    .bg(palette::SELECTION_BG)
+                let hint_fg = if *has_key {
+                    palette::TEXT_MUTED
+                } else {
+                    palette::STATUS_WARNING
+                };
+                Self::selected_row_style(hint_fg)
             } else if *has_key {
                 Style::default().fg(palette::TEXT_MUTED)
             } else {
                 Style::default().fg(palette::STATUS_WARNING)
             };
             let hint = Self::provider_hint(*provider, *has_key);
-            lines.push(Line::from(vec![
-                Span::raw(" "),
+            let mut line = Line::from(vec![
+                Span::styled(" ", spacer_style),
                 Span::styled(arrow, label_style),
-                Span::raw(" "),
+                Span::styled(" ", spacer_style),
                 Span::styled(provider.display_name().to_string(), label_style),
                 Span::styled(active_dot, label_style),
-                Span::raw("  "),
+                Span::styled("  ", spacer_style),
                 Span::styled(hint, hint_style),
-            ]));
+            ]);
+            if is_selected {
+                line.style = Self::selected_row_bg_style();
+                let target_width = usize::from(inner.width);
+                let line_width = line.width();
+                if line_width < target_width {
+                    line.spans.push(Span::styled(
+                        " ".repeat(target_width - line_width),
+                        Self::selected_row_bg_style(),
+                    ));
+                }
+            }
+            lines.push(line);
         }
         Paragraph::new(lines).render(inner, buf);
     }
@@ -347,7 +394,7 @@ impl ModalView for ProviderPickerView {
     fn render(&self, area: Rect, buf: &mut Buffer) {
         let popup_width = 64.min(area.width.saturating_sub(4)).max(40);
         let popup_height = match self.stage {
-            Stage::List => 12,
+            Stage::List => (self.providers.len() as u16).saturating_add(2),
             Stage::KeyEntry => 10,
         }
         .min(area.height.saturating_sub(4))
@@ -388,6 +435,16 @@ mod tests {
         panic!("provider {provider:?} not found in picker");
     }
 
+    fn render_text(picker: &ProviderPickerView, width: u16, height: u16) -> String {
+        let area = Rect::new(0, 0, width, height);
+        let mut buf = Buffer::empty(area);
+        picker.render(area, &mut buf);
+        (0..height)
+            .map(|y| (0..width).map(|x| buf[(x, y)].symbol()).collect::<String>())
+            .collect::<Vec<_>>()
+            .join("\n")
+    }
+
     #[test]
     fn picker_lists_all_providers() {
         let config = Config::default();
@@ -529,4 +586,59 @@ mod tests {
         }
         assert_eq!(picker.api_key_input, "abcdef");
     }
+
+    #[test]
+    fn small_list_render_keeps_selected_provider_visible_after_down_navigation() {
+        let config = Config::default();
+        let mut picker = ProviderPickerView::new(ApiProvider::Deepseek, &config);
+        move_to_provider(&mut picker, ApiProvider::Ollama);
+
+        let rendered = render_text(&picker, 80, 12);
+
+        assert!(rendered.contains("Ollama"));
+        assert!(!rendered.contains("DeepSeek *"));
+    }
+
+    #[test]
+    fn small_list_render_keeps_initial_active_provider_visible() {
+        let config = Config::default();
+        let picker = ProviderPickerView::new(ApiProvider::Ollama, &config);
+
+        let rendered = render_text(&picker, 80, 12);
+
+        assert!(rendered.contains("Ollama *"));
+    }
+
+    #[test]
+    fn tall_list_render_shows_all_providers_without_scrolling() {
+        let config = Config::default();
+        let picker = ProviderPickerView::new(ApiProvider::Deepseek, &config);
+
+        let rendered = render_text(&picker, 80, 20);
+
+        assert!(rendered.contains("DeepSeek *"));
+        assert!(rendered.contains("Ollama"));
+    }
+
+    #[test]
+    fn selected_provider_row_uses_strong_highlight() {
+        let config = Config::default();
+        let picker = ProviderPickerView::new(ApiProvider::Deepseek, &config);
+        let area = Rect::new(0, 0, 80, 20);
+        let mut buf = Buffer::empty(area);
+
+        picker.render(area, &mut buf);
+
+        let highlighted_cells = area
+            .positions()
+            .filter(|position| {
+                let cell = &buf[*position];
+                cell.bg == palette::SURFACE_ELEVATED
+            })
+            .count();
+        assert!(
+            highlighted_cells >= 32,
+            "selected provider row should use a visible continuous highlight"
+        );
+    }
 }

From 198acc72bae04620a4b3ddaab86348970b84cdaf Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Wed, 27 May 2026 10:34:38 +0800
Subject: [PATCH 115/283]   Make the selected row easier to see with a
 continuous subtle highlight, and   wrap Up/Down navigation between the first
 and last providers.

---
 crates/tui/src/tui/provider_picker.rs | 29 +++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/tui/provider_picker.rs b/crates/tui/src/tui/provider_picker.rs
index 03cf07b9..a4cdfb6c 100644
--- a/crates/tui/src/tui/provider_picker.rs
+++ b/crates/tui/src/tui/provider_picker.rs
@@ -65,13 +65,23 @@ impl ProviderPickerView {
     }
 
     fn move_up(&mut self) {
-        if self.selected_idx > 0 {
+        if self.providers.is_empty() {
+            return;
+        }
+        if self.selected_idx == 0 {
+            self.selected_idx = self.providers.len() - 1;
+        } else {
             self.selected_idx -= 1;
         }
     }
 
     fn move_down(&mut self) {
-        if self.selected_idx + 1 < self.providers.len() {
+        if self.providers.is_empty() {
+            return;
+        }
+        if self.selected_idx + 1 == self.providers.len() {
+            self.selected_idx = 0;
+        } else {
             self.selected_idx += 1;
         }
     }
@@ -497,6 +507,18 @@ mod tests {
         assert_eq!(picker.active_provider, ApiProvider::Openrouter);
     }
 
+    #[test]
+    fn list_navigation_wraps_between_first_and_last_provider() {
+        let config = Config::default();
+        let mut picker = ProviderPickerView::new(ApiProvider::Deepseek, &config);
+
+        picker.handle_key(key(KeyCode::Up));
+        assert_eq!(picker.selected_provider(), ApiProvider::Ollama);
+
+        picker.handle_key(key(KeyCode::Down));
+        assert_eq!(picker.selected_provider(), ApiProvider::Deepseek);
+    }
+
     #[test]
     fn enter_with_no_key_transitions_to_key_entry_stage() {
         let config = Config::default();
@@ -516,8 +538,7 @@ mod tests {
             ..Config::default()
         };
         let mut picker = ProviderPickerView::new(ApiProvider::NvidiaNim, &config);
-        // Move up twice to DeepSeek (index 0), which has a key from the config.
-        picker.handle_key(key(KeyCode::Up));
+        // Move up once to DeepSeek (index 0), which has a key from the config.
         picker.handle_key(key(KeyCode::Up));
         let action = picker.handle_key(key(KeyCode::Enter));
         match action {

From 6dd8394dfe8615d4858b01a0f3054cff3345c1fc Mon Sep 17 00:00:00 2001
From: AccMoment <1161677781@qq.com>
Date: Wed, 27 May 2026 20:58:48 +0800
Subject: [PATCH 116/283] feat(update):Add proxy option to update command

Update docs to introduce update command proxy options
---
 README.ja-JP.md          |   3 ++
 README.md                |   3 ++
 README.zh-CN.md          |   2 +
 crates/cli/src/lib.rs    |  39 ++++++++++++--
 crates/cli/src/update.rs | 107 ++++++++++++++++++++++++++++++---------
 5 files changed, 128 insertions(+), 26 deletions(-)

diff --git a/README.ja-JP.md b/README.ja-JP.md
index 667aafb5..6b5d8abc 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -51,6 +51,9 @@ cargo install codewhale-cli --locked --force
 cargo install codewhale-tui     --locked --force
 ```
 
+> codewhale update は --proxy をサポートしており、プロキシ経由で更新できます
+> 例: codewhale update --proxy https://localhost:7897
+
 [![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
 [![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
diff --git a/README.md b/README.md
index 3213ee15..8a5baafc 100644
--- a/README.md
+++ b/README.md
@@ -64,6 +64,9 @@ cargo install codewhale-cli --locked --force
 cargo install codewhale-tui     --locked --force
 ```
 
+> codewhale update now supports --proxy, update through a proxy
+> eg: codewhale update --proxy https://localhost:7897
+
 [![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
 [![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
diff --git a/README.zh-CN.md b/README.zh-CN.md
index f079cc80..c4ded4f3 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -59,6 +59,8 @@ brew update && brew upgrade deepseek-tui
 cargo install codewhale-cli --locked --force
 cargo install codewhale-tui     --locked --force
 ```
+> codewhale update 现在可添加 --proxy ,通过代理下载更新
+> eg: codewhale update --proxy https://localhost:7897
 
 [![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 9f98eebf..6d5cf17c 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -240,6 +240,8 @@ struct UpdateArgs {
     /// Update to the latest beta release instead of the latest stable release.
     #[arg(long)]
     beta: bool,
+    #[arg(long)]
+    proxy: Option<String>,
 }
 
 #[derive(Debug, Args)]
@@ -569,7 +571,7 @@ fn run() -> Result<()> {
             Ok(())
         }
         Some(Commands::Metrics(args)) => run_metrics_command(args),
-        Some(Commands::Update(args)) => update::run_update(args.beta),
+        Some(Commands::Update(args)) => update::run_update(args),
         None => {
             let resolved_runtime = resolve_runtime_for_dispatch(&mut store, &runtime_overrides);
             let forwarded = root_tui_passthrough(&cli)?;
@@ -1817,13 +1819,19 @@ mod tests {
         let cli = parse_ok(&["codewhale", "update"]);
         assert!(matches!(
             cli.command,
-            Some(Commands::Update(UpdateArgs { beta: false }))
+            Some(Commands::Update(UpdateArgs {
+                beta: false,
+                proxy: None
+            }))
         ));
 
         let cli = parse_ok(&["codewhale", "update", "--beta"]);
         assert!(matches!(
             cli.command,
-            Some(Commands::Update(UpdateArgs { beta: true }))
+            Some(Commands::Update(UpdateArgs {
+                beta: true,
+                proxy: None
+            }))
         ));
     }
 
@@ -2427,6 +2435,31 @@ mod tests {
         let _ = std::fs::remove_file(path);
     }
 
+    #[test]
+    fn udpate_parse_with_proxy() {
+        let cli = parse_ok(&["deepseek", "update", "--proxy", "http:localhost:7897"]);
+
+        let args = match cli.command {
+            Some(Commands::Update(args)) => args,
+            other => panic!("expected Update with proxy, got {other:?}"),
+        };
+        assert_eq!(
+            args.proxy.expect("should have proxy"),
+            "http:localhost:7897"
+        );
+    }
+
+    #[test]
+    fn udpate_parse_without_proxy() {
+        let cli = parse_ok(&["deepseek", "update"]);
+
+        let args = match cli.command {
+            Some(Commands::Update(args)) => args,
+            other => panic!("expected Update, got {other:?}"),
+        };
+        assert!(args.proxy.is_none());
+    }
+
     #[test]
     fn dispatch_keyring_recovery_self_heals_into_config_file() {
         use codewhale_secrets::{InMemoryKeyringStore, KeyringStore};
diff --git a/crates/cli/src/update.rs b/crates/cli/src/update.rs
index 2ab35ef1..44b26537 100644
--- a/crates/cli/src/update.rs
+++ b/crates/cli/src/update.rs
@@ -4,11 +4,13 @@
 //! `github.com/Hmbown/CodeWhale/releases/latest`, downloads the
 //! platform-correct binary, verifies its SHA256 checksum, and atomically
 //! replaces the currently running binary.
-
+use crate::UpdateArgs;
 use std::collections::HashMap;
 use std::path::{Path, PathBuf};
+use std::time::Duration;
 
 use anyhow::{Context, Result, bail};
+use reqwest::Proxy;
 use std::io::Write;
 
 const CHECKSUM_MANIFEST_ASSET: &str = "codewhale-artifacts-sha256.txt";
@@ -26,19 +28,27 @@ const LEGACY_UPDATE_VERSION_ENV: &str = "DEEPSEEK_VERSION";
 const UPDATE_USER_AGENT: &str = "codewhale-updater";
 
 /// Run the self-update workflow.
-pub fn run_update(beta: bool) -> Result<()> {
+pub fn run_update(args: UpdateArgs) -> Result<()> {
+    let beta = args.beta;
     let current_exe =
         std::env::current_exe().context("failed to determine current executable path")?;
     let targets = update_targets_for_exe(&current_exe);
     let channel = ReleaseChannel::from_beta_flag(beta);
     let current_version = env!("CARGO_PKG_VERSION");
 
+    let proxy = if let Some(proxy_str) = &args.proxy {
+        validate_and_build_proxy(proxy_str)?
+    } else {
+        None
+    };
+
     println!("Checking for {} updates...", channel.label());
     println!("Current binary: {}", current_exe.display());
     println!("Current version: v{current_version}");
 
     // Step 1: Fetch latest release metadata
-    let fetched = fetch_latest_release(channel).with_context(update_network_fallback_hint)?;
+    let fetched =
+        fetch_latest_release(channel, &proxy).with_context(update_network_fallback_hint)?;
     let release = &fetched.release;
     let latest_tag = &release.tag_name;
     println!("Latest {} release: {latest_tag}", channel.label());
@@ -59,8 +69,8 @@ pub fn run_update(beta: bool) -> Result<()> {
     let checksum_manifest = match select_checksum_manifest_asset(release) {
         Some(checksum_asset) => {
             println!("Downloading {}...", checksum_asset.name);
-            let checksum_bytes =
-                download_url(&checksum_asset.browser_download_url).with_context(|| {
+            let checksum_bytes = download_url(&checksum_asset.browser_download_url, &proxy)
+                .with_context(|| {
                     format!(
                         "failed to download {}\n{}",
                         checksum_asset.name,
@@ -95,7 +105,7 @@ pub fn run_update(beta: bool) -> Result<()> {
         })?;
 
         println!("Downloading {}...", asset.name);
-        let bytes = download_url(&asset.browser_download_url).with_context(|| {
+        let bytes = download_url(&asset.browser_download_url, &proxy).with_context(|| {
             format!(
                 "failed to download {}\n{}",
                 asset.name,
@@ -174,6 +184,49 @@ enum ReleaseSource {
     Mirror { base_url: String },
 }
 
+// Validate the proxy URL and optionally test connectivity before proceeding.
+fn validate_and_build_proxy(proxy_str: &str) -> Result<Option<Proxy>> {
+    let valid_url = reqwest::Url::parse(proxy_str).with_context(|| {
+        format!(
+            "invalid proxy URL: {proxy_str}\n\
+             Expected format: http://host:port, https://host:port, or socks5://host:port"
+        )
+    })?;
+
+    let proxy = reqwest::Proxy::all(valid_url)?;
+
+    // Quick connectivity test through the proxy
+    let client = reqwest::blocking::Client::builder()
+        .proxy(proxy.clone())
+        .user_agent(UPDATE_USER_AGENT)
+        .timeout(Duration::from_secs(10))
+        .build()
+        .context("Could not build proxy HTTP client")?;
+
+    match client.head(LATEST_RELEASE_URL).send() {
+        Ok(_) => Ok(Some(proxy)),
+        Err(e) => {
+            // Give a clear actionable error rather than a raw reqwest error
+            let hint = if e.is_timeout() || e.is_connect() {
+                "could not connect to the proxy server"
+            } else if e.is_request() {
+                "the request was sent but no response was received"
+            } else {
+                "an unexpected network error occurred"
+            };
+            bail!(
+                "proxy connectivity failed: {hint}\n\
+                 Proxy URL: {proxy_str}\n\
+                 Details: {e}\n\
+                 Please verify:\n\
+                 - The proxy URL is correct\n\
+                 - The proxy server is running and reachable\n\
+                 - The proxy allows outbound connections to api.github.com"
+            )
+        }
+    }
+}
+
 pub(crate) fn release_arch_for_rust_arch(arch: &str) -> &str {
     match arch {
         "aarch64" => "arm64",
@@ -342,15 +395,21 @@ struct Asset {
     browser_download_url: String,
 }
 
-fn update_http_client() -> Result<reqwest::blocking::Client> {
-    reqwest::blocking::Client::builder()
+fn update_http_client(proxy: &Option<Proxy>) -> Result<reqwest::blocking::Client> {
+    let mut builder = reqwest::blocking::Client::builder();
+
+    if let Some(p) = proxy {
+        builder = builder.proxy(p.clone());
+    }
+
+    builder
         .user_agent(UPDATE_USER_AGENT)
         .build()
         .context("failed to build update HTTP client")
 }
 
 /// Fetch the latest release metadata from GitHub.
-fn fetch_latest_release(channel: ReleaseChannel) -> Result<FetchedRelease> {
+fn fetch_latest_release(channel: ReleaseChannel, proxy: &Option<Proxy>) -> Result<FetchedRelease> {
     let version = update_version_from_env().unwrap_or_else(|| env!("CARGO_PKG_VERSION").into());
     if let Some(base_url) = release_base_url_from_env(&version) {
         return Ok(FetchedRelease {
@@ -364,8 +423,8 @@ fn fetch_latest_release(channel: ReleaseChannel) -> Result<FetchedRelease> {
         });
     }
     let release = match channel {
-        ReleaseChannel::Stable => fetch_latest_release_from_url(LATEST_RELEASE_URL),
-        ReleaseChannel::Beta => fetch_latest_beta_release_from_url(RELEASES_URL),
+        ReleaseChannel::Stable => fetch_latest_release_from_url(LATEST_RELEASE_URL, proxy),
+        ReleaseChannel::Beta => fetch_latest_beta_release_from_url(RELEASES_URL, proxy),
     }?;
     Ok(FetchedRelease {
         release,
@@ -454,8 +513,8 @@ fn update_network_fallback_hint() -> String {
     )
 }
 
-fn fetch_latest_release_from_url(url: &str) -> Result<Release> {
-    let client = update_http_client()?;
+fn fetch_latest_release_from_url(url: &str, proxy: &Option<Proxy>) -> Result<Release> {
+    let client = update_http_client(proxy)?;
     let response = client
         .get(url)
         .header(reqwest::header::ACCEPT, "application/vnd.github+json")
@@ -477,8 +536,8 @@ fn fetch_latest_release_from_url(url: &str) -> Result<Release> {
     Ok(release)
 }
 
-fn fetch_latest_beta_release_from_url(url: &str) -> Result<Release> {
-    let client = update_http_client()?;
+fn fetch_latest_beta_release_from_url(url: &str, proxy: &Option<Proxy>) -> Result<Release> {
+    let client = update_http_client(proxy)?;
     let response = client
         .get(url)
         .header(reqwest::header::ACCEPT, "application/vnd.github+json")
@@ -553,8 +612,8 @@ fn version_is_beta(version: &semver::Version) -> bool {
 }
 
 /// Download a URL to bytes.
-fn download_url(url: &str) -> Result<Vec<u8>> {
-    let client = update_http_client()?;
+fn download_url(url: &str, proxy: &Option<Proxy>) -> Result<Vec<u8>> {
+    let client = update_http_client(proxy)?;
     let response = client
         .get(url)
         .send()
@@ -1119,7 +1178,8 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
           ]
         }"#;
         let (url, request_rx, handle) = serve_http_once("200 OK", "application/json", body);
-        let release = fetch_latest_release_from_url(&url).expect("release JSON should parse");
+        let release =
+            fetch_latest_release_from_url(&url, &None).expect("release JSON should parse");
 
         assert_eq!(release.tag_name, "v9.9.9");
         assert_eq!(release.assets.len(), 2);
@@ -1142,7 +1202,7 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
     fn fetch_latest_release_from_url_reports_http_errors() {
         let (url, _request_rx, handle) =
             serve_http_once("500 Internal Server Error", "text/plain", b"server broke");
-        let err = fetch_latest_release_from_url(&url).expect_err("HTTP 500 should fail");
+        let err = fetch_latest_release_from_url(&url, &None).expect_err("HTTP 500 should fail");
 
         assert!(
             err.to_string().contains("HTTP 500"),
@@ -1162,8 +1222,8 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
           { "tag_name": "v0.9.0-beta.1", "prerelease": true, "assets": [] }
         ]"#;
         let (url, request_rx, handle) = serve_http_once("200 OK", "application/json", body);
-        let release =
-            fetch_latest_beta_release_from_url(&url).expect("beta release JSON should parse");
+        let release = fetch_latest_beta_release_from_url(&url, &None)
+            .expect("beta release JSON should parse");
 
         assert_eq!(release.tag_name, "v0.9.0-beta.2");
         assert!(release.prerelease);
@@ -1184,7 +1244,8 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
           { "tag_name": "v0.9.0", "prerelease": false, "assets": [] }
         ]"#;
         let (url, _request_rx, handle) = serve_http_once("200 OK", "application/json", body);
-        let err = fetch_latest_beta_release_from_url(&url).expect_err("missing beta should fail");
+        let err =
+            fetch_latest_beta_release_from_url(&url, &None).expect_err("missing beta should fail");
 
         assert!(
             err.to_string().contains("no beta release found"),
@@ -1197,7 +1258,7 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
     fn download_url_reads_binary_body_with_updater_user_agent() {
         let (url, request_rx, handle) =
             serve_http_once("200 OK", "application/octet-stream", b"\0binary bytes");
-        let bytes = download_url(&url).expect("binary download should succeed");
+        let bytes = download_url(&url, &None).expect("binary download should succeed");
 
         assert_eq!(bytes, b"\0binary bytes");
 

From 8ed924f3d52d2cb31065215bb8d63332b42e8a25 Mon Sep 17 00:00:00 2001
From: Hu Qiantao <huqiantao@HudeMacBook-Air.local>
Date: Wed, 27 May 2026 21:26:41 +0800
Subject: [PATCH 117/283] fix(engine): recover from stalled in-progress turns

reconcile_turn_liveness() had a blind spot: when TurnStarted arrived
(setting runtime_turn_status to "in_progress") but TurnComplete never
came (sub-agent hang, engine panic, lost event), neither existing
watchdog branch fired. is_loading stayed true permanently, queuing
all subsequent messages.

Add Branch 3 with a 5-minute timeout (matched to stream idle timeout)
that checks turn_started_at for staleness when the turn is stuck in
"in_progress" with no running sub-agents.
---
 crates/tui/src/tui/ui.rs       | 27 +++++++++++++++++++++++++++
 crates/tui/src/tui/ui/tests.rs | 25 ++++++++++++++++++++++---
 2 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index fb89de61..e7fecc72 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -146,6 +146,11 @@ const UI_IDLE_POLL_MS: u64 = 48;
 const UI_ACTIVE_POLL_MS: u64 = 24;
 const WEB_CONFIG_POLL_MS: u64 = 16;
 const DISPATCH_WATCHDOG_TIMEOUT: Duration = Duration::from_secs(30);
+/// Maximum wall-clock time a turn may stay in `"in_progress"` before the UI
+/// assumes the engine stalled (e.g. sub-agent hang, lost completion event,
+/// engine panic).  Matched to [`DEFAULT_STREAM_IDLE_TIMEOUT`] so legitimate
+/// long-running tool chains are not interrupted prematurely.
+const TURN_STALL_WATCHDOG_TIMEOUT: Duration = Duration::from_secs(300);
 // Forced repaint cadence while a turn is live (model loading, compacting,
 // sub-agents running). Drives the footer water-spout animation as well as
 // the per-tool spinner pulse — keep this fast enough that the spout reads as
@@ -3901,6 +3906,28 @@ fn reconcile_turn_liveness(app: &mut App, now: Instant, has_running_agents: bool
         return true;
     }
 
+    // Branch 3: turn started but never completed — engine may have
+    // panicked, sub-agent may be stuck, or the completion event was lost.
+    if app.is_loading
+        && matches!(app.runtime_turn_status.as_deref(), Some("in_progress"))
+        && !has_running_agents
+        && !app.is_compacting
+        && app.turn_started_at.is_some_and(|started| {
+            now.saturating_duration_since(started) > TURN_STALL_WATCHDOG_TIMEOUT
+        })
+    {
+        app.is_loading = false;
+        app.turn_started_at = None;
+        app.runtime_turn_status = None;
+        app.dispatch_started_at = None;
+        app.push_status_toast(
+            "Turn stalled — no completion signal received. Please try again.",
+            StatusToastLevel::Error,
+            None,
+        );
+        return true;
+    }
+
     false
 }
 
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 4f0baa5b..97f09750 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -2021,17 +2021,36 @@ fn turn_liveness_leaves_active_turn_running() {
     let mut app = create_test_app();
     app.is_loading = true;
     app.runtime_turn_status = Some("in_progress".to_string());
-    app.dispatch_started_at =
-        Some(Instant::now() - DISPATCH_WATCHDOG_TIMEOUT - Duration::from_secs(10));
+    app.turn_started_at = Some(Instant::now() - Duration::from_secs(60));
 
     let recovered = reconcile_turn_liveness(&mut app, Instant::now(), false);
 
     assert!(!recovered);
     assert!(app.is_loading);
-    assert!(app.dispatch_started_at.is_some());
+    assert!(app.turn_started_at.is_some());
     assert!(app.status_toasts.is_empty());
 }
 
+#[test]
+fn turn_liveness_recovers_stalled_in_progress_turn() {
+    let mut app = create_test_app();
+    app.is_loading = true;
+    app.runtime_turn_status = Some("in_progress".to_string());
+    app.turn_started_at =
+        Some(Instant::now() - TURN_STALL_WATCHDOG_TIMEOUT - Duration::from_millis(1));
+
+    let recovered = reconcile_turn_liveness(&mut app, Instant::now(), false);
+
+    assert!(recovered);
+    assert!(!app.is_loading);
+    assert!(app.turn_started_at.is_none());
+    assert!(app.runtime_turn_status.is_none());
+    assert!(app.dispatch_started_at.is_none());
+    let toast = app.status_toasts.back().expect("stall toast");
+    assert_eq!(toast.level, StatusToastLevel::Error);
+    assert!(toast.text.contains("Turn stalled"));
+}
+
 #[test]
 fn fixed_model_auto_thinking_skips_auto_model_router() {
     let mut app = create_test_app();

From df63a18a26477f5dfe0db2d436c51d8142fd2a5e Mon Sep 17 00:00:00 2001
From: LING71671 <1739677116@qq.com>
Date: Thu, 21 May 2026 19:23:35 +0800
Subject: [PATCH 118/283] fix(tui): show effective cost currency in config view

---
 crates/tui/src/tui/views/mod.rs | 92 ++++++++++++++++++++++++++++++++-
 1 file changed, 90 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/tui/views/mod.rs b/crates/tui/src/tui/views/mod.rs
index 68ce1ac7..0b6a805f 100644
--- a/crates/tui/src/tui/views/mod.rs
+++ b/crates/tui/src/tui/views/mod.rs
@@ -575,6 +575,7 @@ pub struct ConfigView {
     filter: String,
     status: Option<String>,
     locale: Locale,
+    effective_cost_currency: String,
     last_visible_rows: Cell<usize>,
     last_row_hitboxes: RefCell<Vec<(u16, usize)>>,
 }
@@ -819,6 +820,7 @@ impl ConfigView {
             filter: String::new(),
             status: None,
             locale: app.ui_locale,
+            effective_cost_currency: cost_currency_config_value(app),
             last_visible_rows: Cell::new(0),
             last_row_hitboxes: RefCell::new(Vec::new()),
         }
@@ -841,7 +843,7 @@ impl ConfigView {
 
         let section = row.section.label().to_lowercase();
         let key = row.key.to_lowercase();
-        let value = row.value.to_lowercase();
+        let value = self.row_display_value(row).to_lowercase();
         let scope = row.scope.label().to_lowercase();
 
         filter.split_whitespace().all(|term| {
@@ -1120,6 +1122,25 @@ impl ConfigView {
 
         self.update_filter(|filter| filter.clear());
     }
+
+    fn row_display_value(&self, row: &ConfigRow) -> String {
+        if row.key == "cost_currency"
+            && row.scope == ConfigScope::Saved
+            && row.value != self.effective_cost_currency
+        {
+            format!("{} (effective {})", row.value, self.effective_cost_currency)
+        } else {
+            row.value.clone()
+        }
+    }
+}
+
+fn cost_currency_config_value(app: &App) -> String {
+    match app.cost_currency {
+        crate::pricing::CostCurrency::Usd => "usd",
+        crate::pricing::CostCurrency::Cny => "cny",
+    }
+    .to_string()
 }
 
 fn config_hint_for_key(key: &str) -> &'static str {
@@ -1137,6 +1158,7 @@ fn config_hint_for_key(key: &str) -> &'static str {
         "theme" => "system | dark | light | grayscale",
         "locale" => "auto | en | ja | zh-Hans | pt-BR",
         "background_color" => "#RRGGBB | default",
+        "cost_currency" => "usd | cny",
         "default_mode" => "agent | plan | yolo",
         "sidebar_width" => "10..=50",
         "sidebar_focus" => "auto | work | tasks | agents | context | hidden",
@@ -1444,7 +1466,10 @@ impl ModalView for ConfigView {
                         } else {
                             Style::default().fg(palette::TEXT_PRIMARY)
                         };
-                        let value = truncate_view_text(&row.value, CONFIG_VALUE_COLUMN_WIDTH);
+                        let value = truncate_view_text(
+                            &self.row_display_value(row),
+                            CONFIG_VALUE_COLUMN_WIDTH,
+                        );
                         let mut line = Line::from(format!(
                             "  {:<key_width$} {:<value_width$} {}",
                             row.key,
@@ -2023,8 +2048,52 @@ mod tests {
         KeyCode, KeyEvent, KeyModifiers, MouseButton, MouseEvent, MouseEventKind,
     };
     use ratatui::{buffer::Buffer, layout::Rect};
+    use std::ffi::OsString;
     use std::fs;
     use std::path::PathBuf;
+    use std::sync::MutexGuard;
+    use tempfile::TempDir;
+
+    struct ConfigSettingsEnvGuard {
+        _tmp: TempDir,
+        previous_config_path: Option<OsString>,
+        _lock: MutexGuard<'static, ()>,
+    }
+
+    impl ConfigSettingsEnvGuard {
+        fn new(settings_toml: &str) -> Self {
+            let lock = crate::test_support::lock_test_env();
+            let tmp = TempDir::new().expect("settings tempdir");
+            let config_path = tmp.path().join(".deepseek").join("config.toml");
+            let settings_path = config_path
+                .parent()
+                .expect("settings parent")
+                .join("settings.toml");
+            std::fs::create_dir_all(config_path.parent().expect("config parent"))
+                .expect("config dir");
+            std::fs::write(&settings_path, settings_toml).expect("settings file");
+            let previous_config_path = std::env::var_os("DEEPSEEK_CONFIG_PATH");
+            unsafe {
+                std::env::set_var("DEEPSEEK_CONFIG_PATH", &config_path);
+            }
+            Self {
+                _tmp: tmp,
+                previous_config_path,
+                _lock: lock,
+            }
+        }
+    }
+
+    impl Drop for ConfigSettingsEnvGuard {
+        fn drop(&mut self) {
+            unsafe {
+                match self.previous_config_path.take() {
+                    Some(previous) => std::env::set_var("DEEPSEEK_CONFIG_PATH", previous),
+                    None => std::env::remove_var("DEEPSEEK_CONFIG_PATH"),
+                }
+            }
+        }
+    }
 
     fn create_test_app() -> App {
         let options = TuiOptions {
@@ -2231,6 +2300,25 @@ mod tests {
         assert_eq!(row.value, "https://ui-config-view.local/v1");
     }
 
+    #[test]
+    fn config_view_cost_currency_shows_saved_and_effective_runtime_currency() {
+        let _guard = ConfigSettingsEnvGuard::new("locale = \"zh-Hans\"\ncost_currency = \"usd\"\n");
+        let app = create_test_app();
+        assert_eq!(app.ui_locale, Locale::ZhHans);
+        assert_eq!(app.cost_currency, crate::pricing::CostCurrency::Cny);
+
+        let view = ConfigView::new_for_app(&app);
+        let row = view
+            .rows
+            .iter()
+            .find(|row| row.key == "cost_currency")
+            .expect("cost_currency row");
+
+        assert_eq!(row.value, "usd");
+        assert_eq!(view.row_display_value(row), "usd (effective cny)");
+        assert_eq!(Settings::load().expect("settings").cost_currency, "usd");
+    }
+
     #[test]
     fn config_view_exposes_all_available_saved_settings() {
         let app = create_test_app();

From 6399d560be3ed81a585f402d61a44bfe541681a1 Mon Sep 17 00:00:00 2001
From: Hu Qiantao <huqiantao@HudeMacBook-Air.local>
Date: Wed, 27 May 2026 21:39:03 +0800
Subject: [PATCH 119/283] fix(tui): finalize transcript cells on stall recovery

The watchdog Branch 3 recovery left in-flight tool cells and streaming
assistant messages in a running state, causing permanent spinners in the
transcript. Also left runtime_turn_id stale, showing "(in progress)"
for a turn that had already been recovered.

Align the cleanup with apply_engine_error_to_app: finalize thinking,
streaming assistant, and active cells as interrupted; reset streaming
state; clear runtime_turn_id and streaming indices.
---
 crates/tui/src/tui/ui.rs       | 10 ++++++++++
 crates/tui/src/tui/ui/tests.rs |  5 +++++
 2 files changed, 15 insertions(+)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index e7fecc72..e73ec537 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -3916,9 +3916,19 @@ fn reconcile_turn_liveness(app: &mut App, now: Instant, has_running_agents: bool
             now.saturating_duration_since(started) > TURN_STALL_WATCHDOG_TIMEOUT
         })
     {
+        // Finalize in-flight thinking / assistant / tool cells so the
+        // transcript doesn't show permanent spinners after recovery.
+        streaming_thinking::finalize_current(app);
+        app.finalize_streaming_assistant_as_interrupted();
+        app.finalize_active_cell_as_interrupted();
+        app.streaming_state.reset();
+        app.streaming_message_index = None;
+        app.streaming_thinking_active_entry = None;
+
         app.is_loading = false;
         app.turn_started_at = None;
         app.runtime_turn_status = None;
+        app.runtime_turn_id = None;
         app.dispatch_started_at = None;
         app.push_status_toast(
             "Turn stalled — no completion signal received. Please try again.",
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 97f09750..d41cf68b 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -2036,8 +2036,10 @@ fn turn_liveness_recovers_stalled_in_progress_turn() {
     let mut app = create_test_app();
     app.is_loading = true;
     app.runtime_turn_status = Some("in_progress".to_string());
+    app.runtime_turn_id = Some("stale-turn-id".to_string());
     app.turn_started_at =
         Some(Instant::now() - TURN_STALL_WATCHDOG_TIMEOUT - Duration::from_millis(1));
+    app.streaming_message_index = Some(0);
 
     let recovered = reconcile_turn_liveness(&mut app, Instant::now(), false);
 
@@ -2045,7 +2047,10 @@ fn turn_liveness_recovers_stalled_in_progress_turn() {
     assert!(!app.is_loading);
     assert!(app.turn_started_at.is_none());
     assert!(app.runtime_turn_status.is_none());
+    assert!(app.runtime_turn_id.is_none());
     assert!(app.dispatch_started_at.is_none());
+    assert!(app.streaming_message_index.is_none());
+    assert!(app.streaming_thinking_active_entry.is_none());
     let toast = app.status_toasts.back().expect("stall toast");
     assert_eq!(toast.level, StatusToastLevel::Error);
     assert!(toast.text.contains("Turn stalled"));

From 95ba01eba8e2cb8b16fe65263ceafef8f09cf4ed Mon Sep 17 00:00:00 2001
From: Ben Gao <bengao168@msn.com>
Date: Wed, 27 May 2026 21:43:45 +0800
Subject: [PATCH 120/283] fix(skills): align skills API with TUI command
 behavior

- Use discover_for_workspace_and_dir() instead of SkillRegistry::discover()
  to search all skill directories (workspace + global), matching TUI /skills
- Add is_bundled field to SkillEntry for built-in skill identification
- Add directories field to SkillsResponse showing all search paths
- Use skill.path instead of constructing path from skills_dir + name
- Update set_skill_enabled to use the same discovery logic
---
 crates/tui/src/runtime_api.rs | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 20110cc4..90c1156e 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -40,7 +40,6 @@ use crate::runtime_threads::{
 };
 use crate::session_manager::{SavedSession, SessionManager, SessionMetadata, default_sessions_dir};
 use crate::skill_state::SkillStateStore;
-use crate::skills::SkillRegistry;
 use crate::task_manager::{
     NewTaskRequest, SharedTaskManager, TaskManager, TaskManagerConfig, TaskRecord, TaskSummary,
 };
@@ -261,11 +260,13 @@ struct SkillEntry {
     description: String,
     path: PathBuf,
     enabled: bool,
+    is_bundled: bool,
 }
 
 #[derive(Debug, Serialize)]
 struct SkillsResponse {
     directory: PathBuf,
+    directories: Vec<PathBuf>,
     warnings: Vec<String>,
     skills: Vec<SkillEntry>,
 }
@@ -906,20 +907,24 @@ async fn list_skills(
     State(state): State<RuntimeApiState>,
 ) -> Result<Json<SkillsResponse>, ApiError> {
     let skills_dir = resolve_skills_dir(&state.config, &state.workspace);
-    let registry = SkillRegistry::discover(&skills_dir);
+    let registry =
+        crate::skills::discover_for_workspace_and_dir(&state.workspace, &skills_dir);
     let skill_state = state.skill_state.lock().await;
+    let directories = crate::skills::skills_directories(&state.workspace);
     let skills = registry
         .list()
         .iter()
         .map(|skill| SkillEntry {
             name: skill.name.clone(),
             description: skill.description.clone(),
-            path: skills_dir.join(&skill.name).join("SKILL.md"),
+            path: skill.path.clone(),
             enabled: skill_state.is_enabled(&skill.name),
+            is_bundled: crate::skills::is_bundled_skill_name(&skill.name),
         })
         .collect();
     Ok(Json(SkillsResponse {
         directory: skills_dir,
+        directories,
         warnings: registry.warnings().to_vec(),
         skills,
     }))
@@ -931,12 +936,12 @@ async fn set_skill_enabled(
     Json(req): Json<SetSkillEnabledRequest>,
 ) -> Result<Json<SetSkillEnabledResponse>, ApiError> {
     let skills_dir = resolve_skills_dir(&state.config, &state.workspace);
-    let registry = SkillRegistry::discover(&skills_dir);
+    let registry =
+        crate::skills::discover_for_workspace_and_dir(&state.workspace, &skills_dir);
     let exists = registry.list().iter().any(|skill| skill.name == name);
     if !exists {
         return Err(ApiError::not_found(format!(
-            "skill '{name}' not found under {}",
-            skills_dir.display()
+            "skill '{name}' not found"
         )));
     }
 

From 6532a383148d9da96681818d3732b7b1d200ef13 Mon Sep 17 00:00:00 2001
From: AccMoment <1161677781@qq.com>
Date: Wed, 27 May 2026 21:54:44 +0800
Subject: [PATCH 121/283] avoid dependency reverse reimplement
 validate_and_build_proxy and add test

---
 crates/cli/src/lib.rs    | 41 ++++++++++++++++++++++++++++++++----
 crates/cli/src/update.rs | 45 ++++++----------------------------------
 2 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 6d5cf17c..64b70ba6 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -240,6 +240,7 @@ struct UpdateArgs {
     /// Update to the latest beta release instead of the latest stable release.
     #[arg(long)]
     beta: bool,
+    /// Optional proxy URL to use for all update HTTP requests (e.g. `http://host:port` or `socks5://host:port`).
     #[arg(long)]
     proxy: Option<String>,
 }
@@ -571,7 +572,7 @@ fn run() -> Result<()> {
             Ok(())
         }
         Some(Commands::Metrics(args)) => run_metrics_command(args),
-        Some(Commands::Update(args)) => update::run_update(args),
+        Some(Commands::Update(args)) => update::run_update(args.beta, args.proxy),
         None => {
             let resolved_runtime = resolve_runtime_for_dispatch(&mut store, &runtime_overrides);
             let forwarded = root_tui_passthrough(&cli)?;
@@ -1684,6 +1685,7 @@ fn read_api_key_from_stdin() -> Result<String> {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::update::validate_and_build_proxy;
     use clap::error::ErrorKind;
     use std::ffi::OsString;
     use std::sync::{Mutex, OnceLock};
@@ -2436,16 +2438,47 @@ mod tests {
     }
 
     #[test]
-    fn udpate_parse_with_proxy() {
-        let cli = parse_ok(&["deepseek", "update", "--proxy", "http:localhost:7897"]);
+    fn update_parse_with_proxy() {
+        let cli = parse_ok(&["deepseek", "update", "--proxy", "http://localhost:7897"]);
 
         let args = match cli.command {
             Some(Commands::Update(args)) => args,
             other => panic!("expected Update with proxy, got {other:?}"),
         };
+
         assert_eq!(
             args.proxy.expect("should have proxy"),
-            "http:localhost:7897"
+            "http://localhost:7897"
+        );
+
+        // Valid HTTP proxy
+        assert!(
+            validate_and_build_proxy("http://localhost:7897").is_ok(),
+            "valid HTTP proxy should succeed"
+        );
+
+        // Valid HTTPS proxy
+        assert!(
+            validate_and_build_proxy("https://proxy.example.com:8080").is_ok(),
+            "valid HTTPS proxy should succeed"
+        );
+
+        // Valid SOCKS5 proxy
+        assert!(
+            validate_and_build_proxy("socks5://127.0.0.1:1080").is_ok(),
+            "valid SOCKS5 proxy should succeed"
+        );
+
+        // Invalid: empty URL
+        assert!(
+            validate_and_build_proxy("").is_err(),
+            "empty proxy URL should fail"
+        );
+
+        // Invalid: malformed URL
+        assert!(
+            validate_and_build_proxy("not a valid url").is_err(),
+            "malformed proxy URL should fail"
         );
     }
 
diff --git a/crates/cli/src/update.rs b/crates/cli/src/update.rs
index 44b26537..9fe6eebc 100644
--- a/crates/cli/src/update.rs
+++ b/crates/cli/src/update.rs
@@ -4,10 +4,8 @@
 //! `github.com/Hmbown/CodeWhale/releases/latest`, downloads the
 //! platform-correct binary, verifies its SHA256 checksum, and atomically
 //! replaces the currently running binary.
-use crate::UpdateArgs;
 use std::collections::HashMap;
 use std::path::{Path, PathBuf};
-use std::time::Duration;
 
 use anyhow::{Context, Result, bail};
 use reqwest::Proxy;
@@ -28,16 +26,15 @@ const LEGACY_UPDATE_VERSION_ENV: &str = "DEEPSEEK_VERSION";
 const UPDATE_USER_AGENT: &str = "codewhale-updater";
 
 /// Run the self-update workflow.
-pub fn run_update(args: UpdateArgs) -> Result<()> {
-    let beta = args.beta;
+pub fn run_update(beta: bool, proxy_arg: Option<String>) -> Result<()> {
     let current_exe =
         std::env::current_exe().context("failed to determine current executable path")?;
     let targets = update_targets_for_exe(&current_exe);
     let channel = ReleaseChannel::from_beta_flag(beta);
     let current_version = env!("CARGO_PKG_VERSION");
 
-    let proxy = if let Some(proxy_str) = &args.proxy {
-        validate_and_build_proxy(proxy_str)?
+    let proxy = if let Some(proxy_str) = &proxy_arg {
+        Some(validate_and_build_proxy(proxy_str)?)
     } else {
         None
     };
@@ -184,8 +181,8 @@ enum ReleaseSource {
     Mirror { base_url: String },
 }
 
-// Validate the proxy URL and optionally test connectivity before proceeding.
-fn validate_and_build_proxy(proxy_str: &str) -> Result<Option<Proxy>> {
+/// Validate the proxy URL and optionally test connectivity before proceeding.
+pub(crate) fn validate_and_build_proxy(proxy_str: &str) -> Result<Proxy> {
     let valid_url = reqwest::Url::parse(proxy_str).with_context(|| {
         format!(
             "invalid proxy URL: {proxy_str}\n\
@@ -194,37 +191,7 @@ fn validate_and_build_proxy(proxy_str: &str) -> Result<Option<Proxy>> {
     })?;
 
     let proxy = reqwest::Proxy::all(valid_url)?;
-
-    // Quick connectivity test through the proxy
-    let client = reqwest::blocking::Client::builder()
-        .proxy(proxy.clone())
-        .user_agent(UPDATE_USER_AGENT)
-        .timeout(Duration::from_secs(10))
-        .build()
-        .context("Could not build proxy HTTP client")?;
-
-    match client.head(LATEST_RELEASE_URL).send() {
-        Ok(_) => Ok(Some(proxy)),
-        Err(e) => {
-            // Give a clear actionable error rather than a raw reqwest error
-            let hint = if e.is_timeout() || e.is_connect() {
-                "could not connect to the proxy server"
-            } else if e.is_request() {
-                "the request was sent but no response was received"
-            } else {
-                "an unexpected network error occurred"
-            };
-            bail!(
-                "proxy connectivity failed: {hint}\n\
-                 Proxy URL: {proxy_str}\n\
-                 Details: {e}\n\
-                 Please verify:\n\
-                 - The proxy URL is correct\n\
-                 - The proxy server is running and reachable\n\
-                 - The proxy allows outbound connections to api.github.com"
-            )
-        }
-    }
+    Ok(proxy)
 }
 
 pub(crate) fn release_arch_for_rust_arch(arch: &str) -> &str {

From 1c570e00caffb1782b34acc64cf1c9c08a5ba48f Mon Sep 17 00:00:00 2001
From: AccMoment <1161677781@qq.com>
Date: Wed, 27 May 2026 22:09:20 +0800
Subject: [PATCH 122/283] enable reqwest socks features

---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index dae89151..465181d0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -37,7 +37,7 @@ chrono = { version = "0.4.43", features = ["serde"] }
 clap = { version = "4.5.54", features = ["derive"] }
 clap_complete = "4.5"
 dirs = "6.0.0"
-reqwest = { version = "0.13.1", default-features = false, features = ["json", "rustls"] }
+reqwest = { version = "0.13.1", default-features = false, features = ["json", "rustls","socks"] }
 rusqlite = { version = "0.32.1", features = ["bundled"] }
 serde = { version = "1.0.228", features = ["derive"] }
 serde_json = "1.0.149"

From a1e92cd6c2abe60a9752977921b365b9b88938ff Mon Sep 17 00:00:00 2001
From: Hu Qiantao <huqiantao@HudeMacBook-Air.local>
Date: Wed, 27 May 2026 22:37:46 +0800
Subject: [PATCH 123/283] fix(tui): reset user_scrolled_during_stream on stall
 recovery

Without this, the turn immediately after a stall recovery would inherit
the scroll-lock from the stalled turn and silently skip auto-scroll,
leaving the user staring at stale content.
---
 crates/tui/src/tui/ui.rs       | 2 ++
 crates/tui/src/tui/ui/tests.rs | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index e73ec537..c53039e7 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -3930,6 +3930,8 @@ fn reconcile_turn_liveness(app: &mut App, now: Instant, has_running_agents: bool
         app.runtime_turn_status = None;
         app.runtime_turn_id = None;
         app.dispatch_started_at = None;
+        // Per-turn scroll lock — clear so the next turn auto-scrolls.
+        app.user_scrolled_during_stream = false;
         app.push_status_toast(
             "Turn stalled — no completion signal received. Please try again.",
             StatusToastLevel::Error,
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index d41cf68b..5bc6fc8a 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -2040,6 +2040,7 @@ fn turn_liveness_recovers_stalled_in_progress_turn() {
     app.turn_started_at =
         Some(Instant::now() - TURN_STALL_WATCHDOG_TIMEOUT - Duration::from_millis(1));
     app.streaming_message_index = Some(0);
+    app.user_scrolled_during_stream = true;
 
     let recovered = reconcile_turn_liveness(&mut app, Instant::now(), false);
 
@@ -2051,6 +2052,7 @@ fn turn_liveness_recovers_stalled_in_progress_turn() {
     assert!(app.dispatch_started_at.is_none());
     assert!(app.streaming_message_index.is_none());
     assert!(app.streaming_thinking_active_entry.is_none());
+    assert!(!app.user_scrolled_during_stream);
     let toast = app.status_toasts.back().expect("stall toast");
     assert_eq!(toast.level, StatusToastLevel::Error);
     assert!(toast.text.contains("Turn stalled"));

From ab192fe69c9faa9a2bf4318a1d2b391f6a829f3c Mon Sep 17 00:00:00 2001
From: LING71671 <1739677116@qq.com>
Date: Wed, 27 May 2026 23:34:05 +0800
Subject: [PATCH 124/283] fix(config): normalize cost currency display
 comparison

---
 crates/tui/src/tui/views/mod.rs | 73 +++++++++++++++++++++++++++++----
 1 file changed, 66 insertions(+), 7 deletions(-)

diff --git a/crates/tui/src/tui/views/mod.rs b/crates/tui/src/tui/views/mod.rs
index 0b6a805f..26c381d5 100644
--- a/crates/tui/src/tui/views/mod.rs
+++ b/crates/tui/src/tui/views/mod.rs
@@ -1124,14 +1124,16 @@ impl ConfigView {
     }
 
     fn row_display_value(&self, row: &ConfigRow) -> String {
-        if row.key == "cost_currency"
-            && row.scope == ConfigScope::Saved
-            && row.value != self.effective_cost_currency
-        {
-            format!("{} (effective {})", row.value, self.effective_cost_currency)
-        } else {
-            row.value.clone()
+        if row.key == "cost_currency" && row.scope == ConfigScope::Saved {
+            let saved_cost_currency = crate::pricing::CostCurrency::from_setting(&row.value);
+            let effective_cost_currency =
+                crate::pricing::CostCurrency::from_setting(&self.effective_cost_currency);
+            if saved_cost_currency != effective_cost_currency {
+                return format!("{} (effective {})", row.value, self.effective_cost_currency);
+            }
         }
+
+        row.value.clone()
     }
 }
 
@@ -2120,6 +2122,26 @@ mod tests {
         App::new(options, &Config::default())
     }
 
+    fn cost_currency_row_for_settings(
+        settings_toml: &str,
+    ) -> (String, String, crate::pricing::CostCurrency, Locale) {
+        let _guard = ConfigSettingsEnvGuard::new(settings_toml);
+        let app = create_test_app();
+        let view = ConfigView::new_for_app(&app);
+        let row = view
+            .rows
+            .iter()
+            .find(|row| row.key == "cost_currency")
+            .expect("cost_currency row");
+
+        (
+            row.value.clone(),
+            view.row_display_value(row),
+            app.cost_currency,
+            app.ui_locale,
+        )
+    }
+
     fn type_filter(view: &mut ConfigView, text: &str) {
         for ch in text.chars() {
             let action = view.handle_key(KeyEvent::new(KeyCode::Char(ch), KeyModifiers::NONE));
@@ -2319,6 +2341,43 @@ mod tests {
         assert_eq!(Settings::load().expect("settings").cost_currency, "usd");
     }
 
+    #[test]
+    fn config_view_cost_currency_aliases_matching_effective_currency_are_silent() {
+        for alias in ["rmb", "yuan", "¥"] {
+            let (saved_value, display_value, effective_currency, locale) =
+                cost_currency_row_for_settings(&format!(
+                    "locale = \"zh-Hans\"\ncost_currency = \"{alias}\"\n"
+                ));
+
+            assert_eq!(locale, Locale::ZhHans);
+            assert_eq!(effective_currency, crate::pricing::CostCurrency::Cny);
+            assert_eq!(saved_value, alias);
+            assert_eq!(display_value, alias);
+        }
+    }
+
+    #[test]
+    fn config_view_cost_currency_matching_cny_setting_is_silent() {
+        let (saved_value, display_value, effective_currency, locale) =
+            cost_currency_row_for_settings("locale = \"zh-Hans\"\ncost_currency = \"cny\"\n");
+
+        assert_eq!(locale, Locale::ZhHans);
+        assert_eq!(effective_currency, crate::pricing::CostCurrency::Cny);
+        assert_eq!(saved_value, "cny");
+        assert_eq!(display_value, "cny");
+    }
+
+    #[test]
+    fn config_view_cost_currency_non_zh_hans_locale_uses_saved_currency() {
+        let (saved_value, display_value, effective_currency, locale) =
+            cost_currency_row_for_settings("locale = \"en\"\ncost_currency = \"cny\"\n");
+
+        assert_eq!(locale, Locale::En);
+        assert_eq!(effective_currency, crate::pricing::CostCurrency::Cny);
+        assert_eq!(saved_value, "cny");
+        assert_eq!(display_value, "cny");
+    }
+
     #[test]
     fn config_view_exposes_all_available_saved_settings() {
         let app = create_test_app();

From a964d86b4bc360a91d84eab18c0cfe1f58219f8c Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Sun, 24 May 2026 10:51:14 +0800
Subject: [PATCH 125/283] feat(runtime): restore mobile control page

---
 crates/tui/src/main.rs             |  18 +-
 crates/tui/src/runtime_api.rs      | 116 +++++-
 crates/tui/src/runtime_mobile.html | 543 +++++++++++++++++++++++++++++
 docs/RUNTIME_API.md                |  41 ++-
 4 files changed, 703 insertions(+), 15 deletions(-)
 create mode 100644 crates/tui/src/runtime_mobile.html

diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 99579eac..d0b7d649 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -572,6 +572,9 @@ struct ServeArgs {
     /// Start runtime HTTP/SSE API server
     #[arg(long)]
     http: bool,
+    /// Start runtime HTTP/SSE API server with the built-in mobile control page
+    #[arg(long)]
+    mobile: bool,
     /// Start ACP server over stdio for editor clients such as Zed
     #[arg(long)]
     acp: bool,
@@ -926,28 +929,35 @@ async fn main() -> Result<()> {
                 let workspace = cli.workspace.clone().unwrap_or_else(|| {
                     std::env::current_dir().unwrap_or_else(|_| PathBuf::from("."))
                 });
-                let selected_modes = [args.mcp, args.http, args.acp]
+                let http_selected = args.http || args.mobile;
+                let selected_modes = [args.mcp, http_selected, args.acp]
                     .into_iter()
                     .filter(|selected| *selected)
                     .count();
                 if selected_modes != 1 {
-                    bail!("Choose exactly one server mode: --mcp, --http, or --acp");
+                    bail!("Choose exactly one server mode: --mcp, --http/--mobile, or --acp");
                 }
                 if args.mcp {
                     mcp_server::run_mcp_server(workspace)
-                } else if args.http {
+                } else if http_selected {
                     let config = load_config_from_cli(&cli)?;
                     let cors_origins = resolve_cors_origins(&config, &args.cors_origin);
+                    let host = if args.mobile && args.host == "127.0.0.1" {
+                        "0.0.0.0".to_string()
+                    } else {
+                        args.host
+                    };
                     runtime_api::run_http_server(
                         config,
                         workspace,
                         runtime_api::RuntimeApiOptions {
-                            host: args.host,
+                            host,
                             port: args.port,
                             workers: args.workers.clamp(1, 8),
                             cors_origins,
                             auth_token: args.auth_token,
                             insecure_no_auth: args.insecure_no_auth,
+                            mobile: args.mobile,
                         },
                     )
                     .await
diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 20110cc4..24e58046 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -3,7 +3,7 @@
 use std::collections::HashSet;
 use std::convert::Infallible;
 use std::fs;
-use std::net::SocketAddr;
+use std::net::{SocketAddr, UdpSocket};
 use std::path::PathBuf;
 use std::process::Command;
 use std::sync::Arc;
@@ -14,6 +14,7 @@ use async_stream::stream;
 use axum::extract::{Path, Query, Request, State};
 use axum::http::{HeaderValue, Method, StatusCode, header};
 use axum::middleware::{self, Next};
+use axum::response::Html;
 use axum::response::sse::{Event as SseEvent, KeepAlive, Sse};
 use axum::response::{IntoResponse, Response};
 use axum::routing::{get, post};
@@ -60,6 +61,7 @@ pub struct RuntimeApiState {
     auth_required: bool,
     bind_host: String,
     bind_port: u16,
+    mobile_enabled: bool,
 }
 
 #[derive(Debug, Clone)]
@@ -78,6 +80,8 @@ pub struct RuntimeApiOptions {
     pub auth_token: Option<String>,
     /// Allow `/v1/*` routes without auth when no token is configured.
     pub insecure_no_auth: bool,
+    /// Enables the built-in mobile control page at `/mobile`.
+    pub mobile: bool,
 }
 
 impl Default for RuntimeApiOptions {
@@ -89,6 +93,7 @@ impl Default for RuntimeApiOptions {
             cors_origins: Vec::new(),
             auth_token: None,
             insecure_no_auth: false,
+            mobile: false,
         }
     }
 }
@@ -423,6 +428,7 @@ pub async fn run_http_server(
         auth_required: auth_enabled,
         bind_host: options.host.clone(),
         bind_port: options.port,
+        mobile_enabled: options.mobile,
     };
     let app = build_router(state);
 
@@ -445,6 +451,9 @@ pub async fn run_http_server(
     } else {
         println!("Runtime API auth: disabled by explicit insecure mode.");
     }
+    if options.mobile {
+        print_mobile_urls(addr, runtime_token.as_deref(), auth_enabled);
+    }
     let is_loopback = options.host == "127.0.0.1" || options.host == "::1";
     if is_loopback {
         println!("Security: this server is local-first. Do not expose it to untrusted networks.");
@@ -529,6 +538,8 @@ pub fn build_router(state: RuntimeApiState) -> Router {
 
     Router::new()
         .route("/health", get(health))
+        .route("/mobile", get(mobile_page))
+        .route("/mobile/", get(mobile_page))
         .route("/v1/runtime/info", get(runtime_info))
         .merge(api_routes)
         .layer(cors_layer(&state.cors_origins))
@@ -581,6 +592,51 @@ fn token_from_query(query: Option<&str>) -> Option<&str> {
     })
 }
 
+async fn mobile_page(State(state): State<RuntimeApiState>) -> Response {
+    if !state.mobile_enabled {
+        return (
+            StatusCode::NOT_FOUND,
+            "mobile control is disabled; start with `codewhale serve --mobile`",
+        )
+            .into_response();
+    }
+    Html(MOBILE_HTML).into_response()
+}
+
+fn print_mobile_urls(addr: SocketAddr, token: Option<&str>, auth_enabled: bool) {
+    println!("Mobile control page enabled.");
+    let token_query = if auth_enabled {
+        token
+            .filter(|token| !token.trim().is_empty())
+            .map(|token| format!("?token={token}"))
+            .unwrap_or_default()
+    } else {
+        String::new()
+    };
+
+    let port = addr.port();
+    if addr.ip().is_unspecified() {
+        println!("  Local: http://127.0.0.1:{port}/mobile{token_query}");
+        if let Some(ip) = detect_lan_ip() {
+            println!("  LAN:   http://{ip}:{port}/mobile{token_query}");
+        } else {
+            println!(
+                "  LAN:   bind is 0.0.0.0; open http://<this-machine-ip>:{port}/mobile{token_query}"
+            );
+        }
+    } else {
+        println!("  URL:   http://{addr}/mobile{token_query}");
+    }
+    println!("Mobile security: use only on a trusted LAN/VPN; this server does not provide TLS.");
+}
+
+fn detect_lan_ip() -> Option<String> {
+    let socket = UdpSocket::bind("0.0.0.0:0").ok()?;
+    socket.connect("8.8.8.8:80").ok()?;
+    let addr = socket.local_addr().ok()?;
+    Some(addr.ip().to_string())
+}
+
 async fn health() -> Json<HealthResponse> {
     Json(HealthResponse {
         status: "ok",
@@ -1562,6 +1618,8 @@ fn map_compat_stream_event(event: &crate::runtime_threads::RuntimeEventRecord) -
             }
         }
         "approval.required" => Some(sse_json("approval.required", payload.clone())),
+        "approval.decided" => Some(sse_json("approval.decided", payload.clone())),
+        "approval.timeout" => Some(sse_json("approval.timeout", payload.clone())),
         "sandbox.denied" => Some(sse_json("sandbox.denied", payload.clone())),
         "turn.completed" => {
             let usage = payload
@@ -1742,6 +1800,8 @@ async fn get_usage(
     Ok(Json(json!(aggregation)))
 }
 
+const MOBILE_HTML: &str = include_str!("runtime_mobile.html");
+
 /// Built-in dev origins always allowed by the runtime API (whalescale#255).
 const DEFAULT_CORS_ORIGINS: &[&str] = &[
     "http://localhost:3000",
@@ -1973,6 +2033,21 @@ mod tests {
             SharedRuntimeThreadManager,
             tokio::task::JoinHandle<()>,
         )>,
+    > {
+        spawn_test_server_with_root_token_and_mobile(root, sessions_dir, runtime_token, false).await
+    }
+
+    async fn spawn_test_server_with_root_token_and_mobile(
+        root: PathBuf,
+        sessions_dir: PathBuf,
+        runtime_token: Option<String>,
+        mobile_enabled: bool,
+    ) -> Result<
+        Option<(
+            SocketAddr,
+            SharedRuntimeThreadManager,
+            tokio::task::JoinHandle<()>,
+        )>,
     > {
         fs::create_dir_all(&sessions_dir)?;
         let manager = TaskManager::start_with_executor(
@@ -2035,6 +2110,7 @@ mod tests {
             auth_required,
             bind_host: "127.0.0.1".to_string(),
             bind_port: 0,
+            mobile_enabled,
         };
         let app = build_router(state);
         let listener = match TcpListener::bind("127.0.0.1:0").await {
@@ -3600,6 +3676,44 @@ mod tests {
         Ok(())
     }
 
+    #[tokio::test]
+    async fn mobile_page_is_available_only_when_enabled() -> Result<()> {
+        let tmp = tempfile::tempdir()?;
+        let root = tmp.path().to_path_buf();
+        let sessions_dir = root.join("sessions");
+        let Some((addr, _runtime_threads, handle)) = spawn_test_server_with_root_token_and_mobile(
+            root.clone(),
+            sessions_dir.clone(),
+            None,
+            false,
+        )
+        .await?
+        else {
+            return Ok(());
+        };
+        let client = reqwest::Client::new();
+        let disabled = client.get(format!("http://{addr}/mobile")).send().await?;
+        assert_eq!(disabled.status(), StatusCode::NOT_FOUND);
+        handle.abort();
+
+        let Some((addr, _runtime_threads, handle)) =
+            spawn_test_server_with_root_token_and_mobile(root, sessions_dir, None, true).await?
+        else {
+            return Ok(());
+        };
+        let enabled = client
+            .get(format!("http://{addr}/mobile"))
+            .send()
+            .await?
+            .error_for_status()?;
+        let html = enabled.text().await?;
+        assert!(html.contains("CodeWhale Mobile"));
+        assert!(html.contains("/v1/approvals/"));
+
+        handle.abort();
+        Ok(())
+    }
+
     #[tokio::test]
     async fn decide_approval_404s_when_nothing_pending() -> Result<()> {
         let Some((addr, _runtime_threads, handle)) = spawn_test_server().await? else {
diff --git a/crates/tui/src/runtime_mobile.html b/crates/tui/src/runtime_mobile.html
new file mode 100644
index 00000000..f7ca0af0
--- /dev/null
+++ b/crates/tui/src/runtime_mobile.html
@@ -0,0 +1,543 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
+  <title>CodeWhale Mobile</title>
+  <style>
+    :root {
+      color-scheme: dark;
+      --bg: #101214;
+      --panel: #181b1f;
+      --panel-2: #20242a;
+      --line: #323840;
+      --text: #f4f1e8;
+      --muted: #a8a49a;
+      --accent: #48c2a8;
+      --accent-2: #c89543;
+      --danger: #e86458;
+      --ok: #76c46b;
+    }
+    * { box-sizing: border-box; }
+    html, body { min-height: 100%; }
+    body {
+      margin: 0;
+      background: var(--bg);
+      color: var(--text);
+      font: 15px/1.45 system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+      letter-spacing: 0;
+    }
+    header {
+      position: sticky;
+      top: 0;
+      z-index: 4;
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      gap: 12px;
+      padding: calc(12px + env(safe-area-inset-top)) 14px 12px;
+      background: rgba(16, 18, 20, 0.96);
+      border-bottom: 1px solid var(--line);
+      backdrop-filter: blur(12px);
+    }
+    h1 {
+      margin: 0;
+      font-size: 18px;
+      font-weight: 740;
+    }
+    main {
+      display: grid;
+      gap: 12px;
+      padding: 12px 12px calc(14px + env(safe-area-inset-bottom));
+    }
+    section {
+      border: 1px solid var(--line);
+      background: var(--panel);
+      border-radius: 8px;
+      overflow: hidden;
+    }
+    .head {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      gap: 8px;
+      padding: 10px 12px;
+      border-bottom: 1px solid var(--line);
+      min-height: 46px;
+    }
+    .body { padding: 12px; }
+    .grid { display: grid; gap: 10px; }
+    .row { display: flex; align-items: center; gap: 8px; }
+    .row > * { flex: 1; min-width: 0; }
+    button, input, textarea, select {
+      color: var(--text);
+      background: var(--panel-2);
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      font: inherit;
+      letter-spacing: 0;
+    }
+    button {
+      min-height: 40px;
+      padding: 8px 11px;
+      font-weight: 680;
+      cursor: pointer;
+    }
+    button.primary {
+      background: #173d36;
+      border-color: #2a8b77;
+    }
+    button.warn {
+      background: #3c2b14;
+      border-color: #8b682b;
+    }
+    button.danger {
+      background: #421f1d;
+      border-color: #9b4038;
+    }
+    button:disabled {
+      cursor: not-allowed;
+      opacity: 0.55;
+    }
+    input, textarea, select {
+      width: 100%;
+      padding: 10px;
+    }
+    textarea {
+      min-height: 96px;
+      resize: vertical;
+    }
+    label.toggle {
+      display: flex;
+      align-items: center;
+      gap: 8px;
+      min-height: 40px;
+      padding: 8px 10px;
+      color: var(--muted);
+      background: var(--panel-2);
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      font-size: 13px;
+    }
+    label.toggle input { width: auto; }
+    .status {
+      min-height: 38px;
+      padding: 9px 10px;
+      border-radius: 8px;
+      background: #121518;
+      border: 1px solid var(--line);
+      color: var(--muted);
+      overflow-wrap: anywhere;
+    }
+    .status.ok { color: var(--ok); }
+    .status.bad { color: var(--danger); }
+    .status.warn { color: var(--accent-2); }
+    #threads {
+      display: grid;
+      gap: 8px;
+      max-height: 260px;
+      overflow: auto;
+    }
+    .thread {
+      width: 100%;
+      padding: 10px;
+      text-align: left;
+      border-radius: 8px;
+      background: var(--panel-2);
+    }
+    .thread.active { border-color: var(--accent); }
+    .thread-title {
+      font-weight: 720;
+      white-space: nowrap;
+      overflow: hidden;
+      text-overflow: ellipsis;
+    }
+    .meta {
+      margin-top: 3px;
+      color: var(--muted);
+      font-size: 12px;
+      overflow-wrap: anywhere;
+    }
+    #events {
+      display: grid;
+      gap: 8px;
+      max-height: 54vh;
+      overflow: auto;
+      padding-right: 2px;
+    }
+    .event {
+      padding: 9px 10px;
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      background: #121518;
+      white-space: pre-wrap;
+      overflow-wrap: anywhere;
+    }
+    .event.agent { border-color: #357969; }
+    .event.tool { border-color: #8b682b; }
+    .event.error { border-color: #9b4038; }
+    .event.ok { border-color: #4d8048; }
+    .approval-actions {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 8px;
+      margin-top: 9px;
+    }
+    .approval-actions button {
+      flex: 0 0 auto;
+      min-width: 84px;
+    }
+    .empty {
+      color: var(--muted);
+      font-size: 13px;
+    }
+    @media (min-width: 900px) {
+      main {
+        grid-template-columns: 330px minmax(0, 1fr);
+        align-items: start;
+      }
+      section.chat {
+        grid-column: 2;
+        grid-row: 1 / span 3;
+      }
+      #threads { max-height: 420px; }
+      #events { max-height: calc(100vh - 150px); }
+    }
+  </style>
+</head>
+<body>
+  <header>
+    <h1>CodeWhale Mobile</h1>
+    <button id="refresh" title="Refresh threads">Refresh</button>
+  </header>
+
+  <main>
+    <section>
+      <div class="head">
+        <strong>Connection</strong>
+        <button id="save-token">Save</button>
+      </div>
+      <div class="body grid">
+        <input id="token" autocomplete="off" spellcheck="false" placeholder="Runtime token">
+        <div id="conn" class="status">Not connected</div>
+      </div>
+    </section>
+
+    <section>
+      <div class="head">
+        <strong>Threads</strong>
+        <button id="new-thread" class="primary">New</button>
+      </div>
+      <div class="body"><div id="threads"></div></div>
+    </section>
+
+    <section class="chat">
+      <div class="head">
+        <strong id="active-title">No thread selected</strong>
+        <span id="event-count" class="meta">0 events</span>
+      </div>
+      <div class="body"><div id="events"></div></div>
+    </section>
+
+    <section>
+      <div class="head">
+        <strong>Composer</strong>
+        <button id="interrupt" class="danger">Interrupt</button>
+      </div>
+      <div class="body grid">
+        <textarea id="prompt" spellcheck="true" placeholder="Message"></textarea>
+        <div class="row">
+          <label class="toggle"><input id="allow-shell" type="checkbox"> shell</label>
+          <label class="toggle"><input id="auto-approve" type="checkbox"> auto</label>
+          <label class="toggle"><input id="remember-approval" type="checkbox"> remember</label>
+        </div>
+        <div class="row">
+          <button id="send" class="primary">Send</button>
+          <button id="steer" class="warn">Steer</button>
+        </div>
+      </div>
+    </section>
+  </main>
+
+  <script>
+    const $ = (id) => document.getElementById(id);
+    const state = {
+      threadId: "",
+      activeTurnId: "",
+      source: null,
+      eventCount: 0
+    };
+
+    function setStatus(message, tone = "") {
+      const el = $("conn");
+      el.textContent = message;
+      el.className = "status" + (tone ? " " + tone : "");
+    }
+
+    function token() {
+      return $("token").value.trim();
+    }
+
+    function takeTokenFromUrl() {
+      const params = new URLSearchParams(location.search);
+      const urlToken = params.get("token");
+      if (!urlToken) return;
+      localStorage.setItem("codewhale_runtime_token", urlToken);
+      params.delete("token");
+      const qs = params.toString();
+      history.replaceState(null, "", location.pathname + (qs ? "?" + qs : ""));
+    }
+
+    function headers(extra = {}) {
+      const out = Object.assign({ "Content-Type": "application/json" }, extra);
+      if (token()) out.Authorization = "Bearer " + token();
+      return out;
+    }
+
+    async function api(path, options = {}) {
+      const res = await fetch(path, Object.assign({}, options, {
+        headers: headers(options.headers || {})
+      }));
+      if (!res.ok) {
+        let detail = await res.text();
+        try {
+          const parsed = JSON.parse(detail);
+          detail = parsed.error?.message || detail;
+        } catch (_) {}
+        throw new Error(detail || ("HTTP " + res.status));
+      }
+      if (res.status === 204) return null;
+      return res.json();
+    }
+
+    function escapeHtml(raw) {
+      return String(raw).replace(/[&<>"']/g, (char) => ({
+        "&": "&amp;",
+        "<": "&lt;",
+        ">": "&gt;",
+        "\"": "&quot;",
+        "'": "&#039;"
+      }[char]));
+    }
+
+    function eventPayload(data) {
+      return data && typeof data === "object" && "payload" in data ? data.payload : data;
+    }
+
+    function eventText(name, data) {
+      const payload = eventPayload(data) || {};
+      if (name === "item.delta") return payload.delta || "";
+      if (name === "item.started") {
+        const tool = payload.tool;
+        if (tool) return "Tool started: " + tool.name + "\n" + JSON.stringify(tool.input || {}, null, 2);
+      }
+      if (name === "item.completed" || name === "item.failed") {
+        const item = payload.item || {};
+        return (name === "item.completed" ? "Completed: " : "Failed: ") + (item.summary || item.kind || "");
+      }
+      if (name === "approval.required") {
+        return "Approval required: " + (payload.tool_name || "") + "\n" + (payload.description || "");
+      }
+      if (name === "approval.decided") {
+        return "Approval " + (payload.decision || "decided") + ": " + (payload.approval_id || "");
+      }
+      if (name === "approval.timeout") {
+        return "Approval timed out: " + (payload.approval_id || "");
+      }
+      if (name === "sandbox.denied") {
+        return "Sandbox denied: " + (payload.tool_name || "") + "\n" + (payload.reason || "");
+      }
+      if (name === "turn.lifecycle") return "Turn status: " + (payload.status || "");
+      if (name === "turn.completed") return "Turn completed";
+      if (name === "coherence.state") return JSON.stringify(payload, null, 2);
+      return JSON.stringify(payload, null, 2);
+    }
+
+    function approvalInfo(name, data) {
+      if (name !== "approval.required") return null;
+      const payload = eventPayload(data) || {};
+      const approvalId = payload.approval_id || payload.id;
+      if (!approvalId) return null;
+      return { id: approvalId };
+    }
+
+    async function decideApproval(approvalId, decision, container) {
+      for (const button of container.querySelectorAll("button")) button.disabled = true;
+      const remember = $("remember-approval").checked;
+      const result = await api("/v1/approvals/" + encodeURIComponent(approvalId), {
+        method: "POST",
+        body: JSON.stringify({ decision, remember })
+      });
+      container.innerHTML = "<span class='meta'>Decision sent: " + escapeHtml(result.decision) + "</span>";
+    }
+
+    function appendEvent(name, data) {
+      const text = eventText(name, data);
+      if (!text) return;
+      const item = document.createElement("div");
+      item.className = "event";
+      if (name === "item.delta") item.classList.add("agent");
+      if (name === "item.started" || name.includes("tool")) item.classList.add("tool");
+      if (name.includes("failed") || name.includes("denied") || name.includes("timeout")) item.classList.add("error");
+      if (name === "turn.completed" || name === "approval.decided") item.classList.add("ok");
+      item.innerHTML = "<div class='meta'>" + escapeHtml(name) + "</div>" + escapeHtml(text);
+
+      const approval = approvalInfo(name, data);
+      if (approval) {
+        const actions = document.createElement("div");
+        actions.className = "approval-actions";
+        const allow = document.createElement("button");
+        allow.className = "primary";
+        allow.textContent = "Allow";
+        allow.onclick = () => decideApproval(approval.id, "allow", actions)
+          .catch((err) => setStatus(err.message, "bad"));
+        const deny = document.createElement("button");
+        deny.className = "danger";
+        deny.textContent = "Deny";
+        deny.onclick = () => decideApproval(approval.id, "deny", actions)
+          .catch((err) => setStatus(err.message, "bad"));
+        actions.appendChild(allow);
+        actions.appendChild(deny);
+        item.appendChild(actions);
+      }
+
+      $("events").appendChild(item);
+      state.eventCount += 1;
+      $("event-count").textContent = state.eventCount + " events";
+      $("events").scrollTop = $("events").scrollHeight;
+    }
+
+    async function loadThreads() {
+      const threads = await api("/v1/threads/summary?limit=60&include_archived=false");
+      const list = $("threads");
+      list.innerHTML = "";
+      if (!threads.length) {
+        list.innerHTML = "<div class='empty'>No active threads.</div>";
+        return;
+      }
+      for (const thread of threads) {
+        const el = document.createElement("button");
+        el.className = "thread" + (thread.id === state.threadId ? " active" : "");
+        el.innerHTML =
+          "<div class='thread-title'>" + escapeHtml(thread.title || thread.id) + "</div>" +
+          "<div class='meta'>" + escapeHtml(thread.mode || "") + " / " +
+          escapeHtml(thread.model || "") + "</div>";
+        el.onclick = () => selectThread(thread.id, thread.title || thread.id);
+        list.appendChild(el);
+      }
+    }
+
+    async function newThread() {
+      const thread = await api("/v1/threads", {
+        method: "POST",
+        body: JSON.stringify({
+          mode: "agent",
+          allow_shell: $("allow-shell").checked,
+          trust_mode: false,
+          auto_approve: $("auto-approve").checked
+        })
+      });
+      await loadThreads();
+      selectThread(thread.id, thread.title || thread.id);
+    }
+
+    async function selectThread(id, title) {
+      state.threadId = id;
+      state.activeTurnId = "";
+      state.eventCount = 0;
+      $("event-count").textContent = "0 events";
+      $("active-title").textContent = title || id;
+      $("events").innerHTML = "";
+      if (state.source) state.source.close();
+      const qs = "?since_seq=0" + (token() ? "&token=" + encodeURIComponent(token()) : "");
+      const source = new EventSource("/v1/threads/" + encodeURIComponent(id) + "/events" + qs);
+      state.source = source;
+      const names = [
+        "thread.started",
+        "turn.started",
+        "turn.lifecycle",
+        "turn.steered",
+        "turn.interrupt_requested",
+        "turn.completed",
+        "item.started",
+        "item.delta",
+        "item.completed",
+        "item.failed",
+        "approval.required",
+        "approval.decided",
+        "approval.timeout",
+        "sandbox.denied",
+        "coherence.state"
+      ];
+      for (const name of names) {
+        source.addEventListener(name, (ev) => {
+          let data = {};
+          try { data = JSON.parse(ev.data || "{}"); } catch (_) {}
+          if (data.turn_id) state.activeTurnId = data.turn_id;
+          appendEvent(name, data);
+        });
+      }
+      source.onopen = () => setStatus("Connected", "ok");
+      source.onerror = () => setStatus("Event stream disconnected", "warn");
+      await loadThreads();
+    }
+
+    async function sendPrompt() {
+      if (!state.threadId) await newThread();
+      const prompt = $("prompt").value.trim();
+      if (!prompt) return;
+      const res = await api("/v1/threads/" + encodeURIComponent(state.threadId) + "/turns", {
+        method: "POST",
+        body: JSON.stringify({
+          prompt,
+          allow_shell: $("allow-shell").checked,
+          trust_mode: false,
+          auto_approve: $("auto-approve").checked
+        })
+      });
+      state.activeTurnId = res.turn?.id || state.activeTurnId;
+      $("prompt").value = "";
+      await loadThreads();
+    }
+
+    async function steerTurn() {
+      if (!state.threadId || !state.activeTurnId) throw new Error("No active turn");
+      const prompt = $("prompt").value.trim();
+      if (!prompt) return;
+      await api(
+        "/v1/threads/" + encodeURIComponent(state.threadId) +
+        "/turns/" + encodeURIComponent(state.activeTurnId) + "/steer",
+        { method: "POST", body: JSON.stringify({ prompt }) }
+      );
+      $("prompt").value = "";
+    }
+
+    async function interruptTurn() {
+      if (!state.threadId || !state.activeTurnId) throw new Error("No active turn");
+      await api(
+        "/v1/threads/" + encodeURIComponent(state.threadId) +
+        "/turns/" + encodeURIComponent(state.activeTurnId) + "/interrupt",
+        { method: "POST", body: "{}" }
+      );
+    }
+
+    async function boot() {
+      takeTokenFromUrl();
+      $("token").value = localStorage.getItem("codewhale_runtime_token") || "";
+      $("save-token").onclick = async () => {
+        localStorage.setItem("codewhale_runtime_token", token());
+        await loadThreads().catch((err) => setStatus(err.message, "bad"));
+      };
+      $("refresh").onclick = () => loadThreads().catch((err) => setStatus(err.message, "bad"));
+      $("new-thread").onclick = () => newThread().catch((err) => setStatus(err.message, "bad"));
+      $("send").onclick = () => sendPrompt().catch((err) => setStatus(err.message, "bad"));
+      $("steer").onclick = () => steerTurn().catch((err) => setStatus(err.message, "bad"));
+      $("interrupt").onclick = () => interruptTurn().catch((err) => setStatus(err.message, "bad"));
+      await loadThreads();
+      setStatus("Connected", "ok");
+    }
+
+    boot().catch((err) => setStatus(err.message, "bad"));
+  </script>
+</body>
+</html>
diff --git a/docs/RUNTIME_API.md b/docs/RUNTIME_API.md
index 504154f0..3fdfb7a9 100644
--- a/docs/RUNTIME_API.md
+++ b/docs/RUNTIME_API.md
@@ -117,6 +117,7 @@ codewhale doctor --json
 
 ```bash
 codewhale serve --http [--host 127.0.0.1] [--port 7878] [--workers 2] [--auth-token TOKEN]
+codewhale serve --mobile [--port 7878] [--auth-token TOKEN]
 ```
 
 Defaults: host `127.0.0.1`, port `7878`, 2 workers (clamped 1–8).
@@ -124,16 +125,30 @@ Defaults: host `127.0.0.1`, port `7878`, 2 workers (clamped 1–8).
 The server binds to `localhost` by default. Configuration is via CLI flags —
 there is no `[app_server]` config section.
 
-By default, existing local behavior is unchanged and `/v1/*` routes are not
-authenticated. To require a bearer token for `/v1/*` routes, pass
-`--auth-token TOKEN` or set `DEEPSEEK_RUNTIME_TOKEN=TOKEN` before starting the
-server. `/health` remains public for local process supervision and readiness
-checks.
+`/v1/*` routes require a bearer token unless `--insecure` is explicitly set.
+Pass `--auth-token TOKEN` or set `DEEPSEEK_RUNTIME_TOKEN=TOKEN` before starting
+the server. If neither is set, the process generates a one-time token and prints
+it at startup. `/health`, `/mobile`, and `/v1/runtime/info` remain public for
+local supervision and bootstrap.
 
 Authenticated clients can provide the token as `Authorization: Bearer TOKEN`,
 `X-DeepSeek-Runtime-Token: TOKEN`, or `?token=TOKEN` for EventSource-style
 clients that cannot set custom headers.
 
+### Mobile control page
+
+`codewhale serve --mobile` starts the same HTTP/SSE runtime API and serves a
+phone-friendly control page at `/mobile`. When the bind host is left at the
+default, mobile mode binds to `0.0.0.0` and prints local/LAN URLs. If a runtime
+token is generated or supplied, the printed mobile URL includes it as a query
+parameter; the page stores it locally and removes it from the address bar.
+
+The mobile page can list/create threads, send prompts, follow live SSE events,
+steer or interrupt an active turn, and resolve normal tool approvals through
+`POST /v1/approvals/{approval_id}`. It is still a local/LAN convenience surface:
+do not expose it directly to the public internet without TLS and a trusted
+fronting layer.
+
 ### Endpoints
 
 **Health**
@@ -188,6 +203,10 @@ accept an empty string to clear a previously-set value. Added in v0.8.10 (#562):
 - `POST /v1/threads/{id}/turns/{turn_id}/interrupt`
 - `POST /v1/threads/{id}/compact` (manual compaction)
 
+**Approvals**
+- `POST /v1/approvals/{approval_id}` with body
+  `{ "decision": "allow" | "deny", "remember": false }`
+
 **Events** (SSE replay + live stream)
 - `GET /v1/threads/{id}/events?since_seq=<u64>`
 
@@ -306,14 +325,16 @@ The SSE event payload shape:
 Common event names: `thread.started`, `thread.forked`, `turn.started`,
 `turn.lifecycle`, `turn.steered`, `turn.interrupt_requested`,
 `turn.completed`, `item.started`, `item.delta`, `item.completed`,
-`item.failed`, `item.interrupted`, `approval.required`, `sandbox.denied`,
-`coherence.state`.
+`item.failed`, `item.interrupted`, `approval.required`, `approval.decided`,
+`approval.timeout`, `sandbox.denied`, `coherence.state`.
 
 ## Security boundary
 
-- **Localhost only**. The server binds to `127.0.0.1` by default. Set
-  `--host 0.0.0.0` only when you have a reverse-proxy / VPN that
-  authenticates. The runtime does not provide user isolation or TLS.
+- **Localhost by default**. The server binds to `127.0.0.1` by default.
+  `--mobile` binds to `0.0.0.0` when the host is left at the default so phones
+  on the same LAN can reach it. Set a non-loopback host only when you trust the
+  network path or have a reverse-proxy / VPN that authenticates. The runtime
+  does not provide user isolation or TLS.
 - **Optional token guard**. `--auth-token` or `DEEPSEEK_RUNTIME_TOKEN`
   requires a matching bearer token for `/v1/*` routes. This is a local
   convenience guard, not a replacement for TLS, VPN, or a trusted reverse

From bf898a4d3d9a4b09afbada7a410039ac30f03680 Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Sun, 24 May 2026 11:01:40 +0800
Subject: [PATCH 126/283] fix(runtime): avoid public DNS LAN probe

---
 crates/tui/src/runtime_api.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 24e58046..4d60a5e2 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -632,7 +632,8 @@ fn print_mobile_urls(addr: SocketAddr, token: Option<&str>, auth_enabled: bool)
 
 fn detect_lan_ip() -> Option<String> {
     let socket = UdpSocket::bind("0.0.0.0:0").ok()?;
-    socket.connect("8.8.8.8:80").ok()?;
+    // UDP connect only selects the outbound interface locally; no packet is sent.
+    socket.connect("10.255.255.255:1").ok()?;
     let addr = socket.local_addr().ok()?;
     Some(addr.ip().to_string())
 }

From 58b32dabf95546a5d5da025ff9767076c023722d Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Sun, 24 May 2026 11:04:31 +0800
Subject: [PATCH 127/283] fix(runtime): encode mobile auth token in URL

---
 crates/tui/src/runtime_api.rs | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 4d60a5e2..23b26085 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -608,7 +608,7 @@ fn print_mobile_urls(addr: SocketAddr, token: Option<&str>, auth_enabled: bool)
     let token_query = if auth_enabled {
         token
             .filter(|token| !token.trim().is_empty())
-            .map(|token| format!("?token={token}"))
+            .map(|token| format!("?token={}", url_query_component(token)))
             .unwrap_or_default()
     } else {
         String::new()
@@ -630,6 +630,22 @@ fn print_mobile_urls(addr: SocketAddr, token: Option<&str>, auth_enabled: bool)
     println!("Mobile security: use only on a trusted LAN/VPN; this server does not provide TLS.");
 }
 
+fn url_query_component(value: &str) -> String {
+    let mut encoded = String::with_capacity(value.len());
+    for byte in value.bytes() {
+        match byte {
+            b'A'..=b'Z' | b'a'..=b'z' | b'0'..=b'9' | b'-' | b'.' | b'_' | b'~' => {
+                encoded.push(byte as char);
+            }
+            _ => {
+                use std::fmt::Write as _;
+                let _ = write!(encoded, "%{byte:02X}");
+            }
+        }
+    }
+    encoded
+}
+
 fn detect_lan_ip() -> Option<String> {
     let socket = UdpSocket::bind("0.0.0.0:0").ok()?;
     // UDP connect only selects the outbound interface locally; no packet is sent.
@@ -2011,6 +2027,14 @@ mod tests {
         assert!(auth.token.is_some());
     }
 
+    #[test]
+    fn url_query_component_percent_encodes_token() {
+        assert_eq!(
+            url_query_component("abc ABC+/?:=&%"),
+            "abc%20ABC%2B%2F%3F%3A%3D%26%25"
+        );
+    }
+
     async fn spawn_test_server_with_root(
         root: PathBuf,
         sessions_dir: PathBuf,

From c8c5e521680d02b43a6813ac08f1afdee5b6741a Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Thu, 28 May 2026 06:42:22 +0800
Subject: [PATCH 128/283] fix(runtime): tighten mobile control security

---
 README.md                     |   3 +-
 README.zh-CN.md               |   3 +-
 crates/tui/src/main.rs        |  80 +++++++++++++++--
 crates/tui/src/runtime_api.rs | 163 +++++++++++++++++++++++++++++-----
 docs/RUNTIME_API.md           |  26 +++---
 5 files changed, 233 insertions(+), 42 deletions(-)

diff --git a/README.md b/README.md
index 3213ee15..dc339fd4 100644
--- a/README.md
+++ b/README.md
@@ -372,6 +372,7 @@ codewhale resume --last                           # resume the most recent sessi
 codewhale resume <SESSION_ID>                     # resume a specific session by UUID
 codewhale fork <SESSION_ID>                       # fork a saved session into a sibling path
 codewhale serve --http                            # HTTP/SSE API server
+codewhale serve --mobile                          # LAN mobile control page; token-gated by default
 codewhale serve --acp                             # ACP stdio adapter for Zed/custom agents
 codewhale run pr <N>                              # fetch PR and pre-seed review prompt
 codewhale mcp list                                # list configured MCP servers
@@ -557,7 +558,7 @@ without recreating skills the user deliberately deleted.
 | [CONFIGURATION.md](docs/CONFIGURATION.md) | Full config reference |
 | [MODES.md](docs/MODES.md) | Plan / Agent / YOLO modes |
 | [MCP.md](docs/MCP.md) | Model Context Protocol integration |
-| [RUNTIME_API.md](docs/RUNTIME_API.md) | HTTP/SSE API server |
+| [RUNTIME_API.md](docs/RUNTIME_API.md) | HTTP/SSE API server and mobile control page |
 | [INSTALL.md](docs/INSTALL.md) | Platform-specific install guide |
 | [DOCKER.md](docs/DOCKER.md) | GHCR image, volumes, and Docker usage |
 | [CNB_MIRROR.md](docs/CNB_MIRROR.md) | CNB mirror and China-friendly install notes |
diff --git a/README.zh-CN.md b/README.zh-CN.md
index f079cc80..78f4f3b5 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -316,6 +316,7 @@ codewhale resume --last                         # 恢复最近会话
 codewhale resume <SESSION_ID>                   # 按 UUID 恢复指定会话
 codewhale fork <SESSION_ID>                     # 将已保存会话分叉为兄弟路径
 codewhale serve --http                          # HTTP/SSE API 服务
+codewhale serve --mobile                        # 局域网移动端控制页，默认启用 token 保护
 codewhale serve --acp                           # Zed/自定义智能体的 ACP stdio 适配器
 codewhale run pr <N>                            # 获取 PR 并预填审查提示
 codewhale mcp list                              # 列出已配置 MCP 服务器
@@ -494,7 +495,7 @@ description: 当 DeepSeek 需要遵循我的自定义工作流时使用这个技
 | [CONFIGURATION.md](docs/CONFIGURATION.md) | 完整配置参考 |
 | [MODES.md](docs/MODES.md) | Plan / Agent / YOLO 模式 |
 | [MCP.md](docs/MCP.md) | Model Context Protocol 集成 |
-| [RUNTIME_API.md](docs/RUNTIME_API.md) | HTTP/SSE API 服务 |
+| [RUNTIME_API.md](docs/RUNTIME_API.md) | HTTP/SSE API 服务和移动端控制页 |
 | [INSTALL.md](docs/INSTALL.md) | 各平台安装指南 |
 | [DOCKER.md](docs/DOCKER.md) | GHCR 镜像、volume 和 Docker 用法 |
 | [CNB_MIRROR.md](docs/CNB_MIRROR.md) | CNB 镜像和中国大陆友好安装说明 |
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index d0b7d649..b6c859ea 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -578,9 +578,9 @@ struct ServeArgs {
     /// Start ACP server over stdio for editor clients such as Zed
     #[arg(long)]
     acp: bool,
-    /// Bind host for HTTP server (default localhost)
-    #[arg(long, default_value = "127.0.0.1")]
-    host: String,
+    /// Bind host for HTTP server (default localhost; --mobile defaults to 0.0.0.0)
+    #[arg(long)]
+    host: Option<String>,
     /// Bind port for HTTP server
     #[arg(long, default_value_t = 7878)]
     port: u16,
@@ -602,6 +602,29 @@ struct ServeArgs {
     insecure_no_auth: bool,
 }
 
+#[derive(Debug, Clone, PartialEq, Eq)]
+struct ServeBindHost {
+    host: String,
+    mobile_rebound_to_lan: bool,
+}
+
+fn resolve_serve_bind_host(mobile: bool, host: Option<String>) -> ServeBindHost {
+    match (mobile, host) {
+        (true, None) => ServeBindHost {
+            host: "0.0.0.0".to_string(),
+            mobile_rebound_to_lan: true,
+        },
+        (_, Some(host)) => ServeBindHost {
+            host,
+            mobile_rebound_to_lan: false,
+        },
+        (false, None) => ServeBindHost {
+            host: "127.0.0.1".to_string(),
+            mobile_rebound_to_lan: false,
+        },
+    }
+}
+
 #[derive(Subcommand, Debug, Clone)]
 enum McpCommand {
     /// List configured MCP servers
@@ -942,16 +965,17 @@ async fn main() -> Result<()> {
                 } else if http_selected {
                     let config = load_config_from_cli(&cli)?;
                     let cors_origins = resolve_cors_origins(&config, &args.cors_origin);
-                    let host = if args.mobile && args.host == "127.0.0.1" {
-                        "0.0.0.0".to_string()
-                    } else {
-                        args.host
-                    };
+                    let bind_host = resolve_serve_bind_host(args.mobile, args.host);
+                    if bind_host.mobile_rebound_to_lan {
+                        println!(
+                            "WARNING: --mobile is binding to 0.0.0.0 so LAN devices can reach the mobile control page. Use --host 127.0.0.1 to keep mobile loopback-only."
+                        );
+                    }
                     runtime_api::run_http_server(
                         config,
                         workspace,
                         runtime_api::RuntimeApiOptions {
-                            host,
+                            host: bind_host.host,
                             port: args.port,
                             workers: args.workers.clamp(1, 8),
                             cors_origins,
@@ -5581,6 +5605,44 @@ async fn run_exec_agent(
     Ok(())
 }
 
+#[cfg(test)]
+mod serve_bind_host_tests {
+    use super::*;
+
+    #[test]
+    fn http_defaults_to_loopback() {
+        assert_eq!(
+            resolve_serve_bind_host(false, None),
+            ServeBindHost {
+                host: "127.0.0.1".to_string(),
+                mobile_rebound_to_lan: false,
+            }
+        );
+    }
+
+    #[test]
+    fn mobile_default_rebinds_to_lan_with_warning_flag() {
+        assert_eq!(
+            resolve_serve_bind_host(true, None),
+            ServeBindHost {
+                host: "0.0.0.0".to_string(),
+                mobile_rebound_to_lan: true,
+            }
+        );
+    }
+
+    #[test]
+    fn mobile_respects_explicit_loopback_host() {
+        assert_eq!(
+            resolve_serve_bind_host(true, Some("127.0.0.1".to_string())),
+            ServeBindHost {
+                host: "127.0.0.1".to_string(),
+                mobile_rebound_to_lan: false,
+            }
+        );
+    }
+}
+
 #[cfg(test)]
 mod doctor_endpoint_tests {
     use super::*;
diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 23b26085..34960ffa 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -554,8 +554,17 @@ async fn require_runtime_token(
     let Some(expected) = state.runtime_token.as_deref() else {
         return next.run(req).await;
     };
-    let authorized = req
-        .headers()
+    let authorized = request_has_runtime_token(&req, expected);
+
+    if authorized {
+        next.run(req).await
+    } else {
+        runtime_token_required_response()
+    }
+}
+
+fn request_has_runtime_token(req: &Request, expected: &str) -> bool {
+    req.headers()
         .get(header::AUTHORIZATION)
         .and_then(|value| value.to_str().ok())
         .and_then(|raw| raw.strip_prefix("Bearer "))
@@ -565,34 +574,61 @@ async fn require_runtime_token(
             .get("x-deepseek-runtime-token")
             .and_then(|value| value.to_str().ok())
             .is_some_and(|token| token == expected)
-        || token_from_query(req.uri().query()).is_some_and(|token| token == expected);
-
-    if authorized {
-        next.run(req).await
-    } else {
-        (
-            StatusCode::UNAUTHORIZED,
-            Json(json!({
-                "error": {
-                    "message": "runtime API bearer token required",
-                    "status": StatusCode::UNAUTHORIZED.as_u16(),
-                }
-            })),
-        )
-            .into_response()
-    }
+        || token_from_query(req.uri().query()).is_some_and(|token| token == expected)
 }
 
-fn token_from_query(query: Option<&str>) -> Option<&str> {
+fn runtime_token_required_response() -> Response {
+    (
+        StatusCode::UNAUTHORIZED,
+        Json(json!({
+            "error": {
+                "message": "runtime API bearer token required",
+                "status": StatusCode::UNAUTHORIZED.as_u16(),
+            }
+        })),
+    )
+        .into_response()
+}
+
+fn token_from_query(query: Option<&str>) -> Option<String> {
     query.and_then(|query| {
         query.split('&').find_map(|pair| {
             let (key, value) = pair.split_once('=')?;
-            (key == "token").then_some(value)
+            (key == "token")
+                .then(|| percent_decode_query_component(value))
+                .flatten()
         })
     })
 }
 
-async fn mobile_page(State(state): State<RuntimeApiState>) -> Response {
+fn percent_decode_query_component(value: &str) -> Option<String> {
+    let bytes = value.as_bytes();
+    let mut decoded = Vec::with_capacity(bytes.len());
+    let mut index = 0;
+    while index < bytes.len() {
+        match bytes[index] {
+            b'%' => {
+                let hi = *bytes.get(index + 1)?;
+                let lo = *bytes.get(index + 2)?;
+                let hi = (hi as char).to_digit(16)? as u8;
+                let lo = (lo as char).to_digit(16)? as u8;
+                decoded.push((hi << 4) | lo);
+                index += 3;
+            }
+            b'+' => {
+                decoded.push(b' ');
+                index += 1;
+            }
+            byte => {
+                decoded.push(byte);
+                index += 1;
+            }
+        }
+    }
+    String::from_utf8(decoded).ok()
+}
+
+async fn mobile_page(State(state): State<RuntimeApiState>, req: Request) -> Response {
     if !state.mobile_enabled {
         return (
             StatusCode::NOT_FOUND,
@@ -600,6 +636,11 @@ async fn mobile_page(State(state): State<RuntimeApiState>) -> Response {
         )
             .into_response();
     }
+    if let Some(expected) = state.runtime_token.as_deref()
+        && !request_has_runtime_token(&req, expected)
+    {
+        return runtime_token_required_response();
+    }
     Html(MOBILE_HTML).into_response()
 }
 
@@ -2035,6 +2076,15 @@ mod tests {
         );
     }
 
+    #[test]
+    fn token_from_query_decodes_percent_encoded_token() {
+        assert_eq!(
+            token_from_query(Some("since_seq=0&token=abc%20ABC%2B%2F%3F%3A%3D%26%25")),
+            Some("abc ABC+/?:=&%".to_string())
+        );
+        assert_eq!(token_from_query(Some("token=bad%ZZ")), None);
+    }
+
     async fn spawn_test_server_with_root(
         root: PathBuf,
         sessions_dir: PathBuf,
@@ -3739,6 +3789,77 @@ mod tests {
         Ok(())
     }
 
+    #[tokio::test]
+    async fn mobile_page_requires_runtime_token_when_auth_enabled() -> Result<()> {
+        let tmp = tempfile::tempdir()?;
+        let root = tmp.path().to_path_buf();
+        let sessions_dir = root.join("sessions");
+        let token = "abc ABC+/?:=&%".to_string();
+        let Some((addr, _runtime_threads, handle)) = spawn_test_server_with_root_token_and_mobile(
+            root,
+            sessions_dir,
+            Some(token.clone()),
+            true,
+        )
+        .await?
+        else {
+            return Ok(());
+        };
+        let client = reqwest::Client::new();
+
+        let unauthorized = client.get(format!("http://{addr}/mobile")).send().await?;
+        assert_eq!(unauthorized.status(), StatusCode::UNAUTHORIZED);
+
+        let encoded = url_query_component(&token);
+        let query = client
+            .get(format!("http://{addr}/mobile?token={encoded}"))
+            .send()
+            .await?
+            .error_for_status()?;
+        assert!(query.text().await?.contains("CodeWhale Mobile"));
+
+        let bearer = client
+            .get(format!("http://{addr}/mobile"))
+            .bearer_auth(&token)
+            .send()
+            .await?
+            .error_for_status()?;
+        assert!(bearer.text().await?.contains("CodeWhale Mobile"));
+
+        handle.abort();
+        Ok(())
+    }
+
+    #[tokio::test]
+    async fn mobile_insecure_mode_allows_page_and_v1_routes_without_token() -> Result<()> {
+        let tmp = tempfile::tempdir()?;
+        let root = tmp.path().to_path_buf();
+        let sessions_dir = root.join("sessions");
+        let Some((addr, _runtime_threads, handle)) =
+            spawn_test_server_with_root_token_and_mobile(root, sessions_dir, None, true).await?
+        else {
+            return Ok(());
+        };
+        let client = reqwest::Client::new();
+
+        let page = client
+            .get(format!("http://{addr}/mobile"))
+            .send()
+            .await?
+            .error_for_status()?;
+        assert!(page.text().await?.contains("CodeWhale Mobile"));
+
+        let summary = client
+            .get(format!("http://{addr}/v1/threads/summary"))
+            .send()
+            .await?
+            .error_for_status()?;
+        assert_eq!(summary.status(), StatusCode::OK);
+
+        handle.abort();
+        Ok(())
+    }
+
     #[tokio::test]
     async fn decide_approval_404s_when_nothing_pending() -> Result<()> {
         let Some((addr, _runtime_threads, handle)) = spawn_test_server().await? else {
diff --git a/docs/RUNTIME_API.md b/docs/RUNTIME_API.md
index 3fdfb7a9..d7ec8331 100644
--- a/docs/RUNTIME_API.md
+++ b/docs/RUNTIME_API.md
@@ -117,7 +117,7 @@ codewhale doctor --json
 
 ```bash
 codewhale serve --http [--host 127.0.0.1] [--port 7878] [--workers 2] [--auth-token TOKEN]
-codewhale serve --mobile [--port 7878] [--auth-token TOKEN]
+codewhale serve --mobile [--host 0.0.0.0] [--port 7878] [--auth-token TOKEN]
 ```
 
 Defaults: host `127.0.0.1`, port `7878`, 2 workers (clamped 1–8).
@@ -128,8 +128,10 @@ there is no `[app_server]` config section.
 `/v1/*` routes require a bearer token unless `--insecure` is explicitly set.
 Pass `--auth-token TOKEN` or set `DEEPSEEK_RUNTIME_TOKEN=TOKEN` before starting
 the server. If neither is set, the process generates a one-time token and prints
-it at startup. `/health`, `/mobile`, and `/v1/runtime/info` remain public for
-local supervision and bootstrap.
+it at startup. `/health` and `/v1/runtime/info` remain public for local
+supervision and bootstrap. `/mobile` returns 404 when mobile mode is disabled;
+when mobile mode is enabled and auth is enabled, `/mobile` returns 401 unless
+the request supplies the runtime token.
 
 Authenticated clients can provide the token as `Authorization: Bearer TOKEN`,
 `X-DeepSeek-Runtime-Token: TOKEN`, or `?token=TOKEN` for EventSource-style
@@ -139,9 +141,12 @@ clients that cannot set custom headers.
 
 `codewhale serve --mobile` starts the same HTTP/SSE runtime API and serves a
 phone-friendly control page at `/mobile`. When the bind host is left at the
-default, mobile mode binds to `0.0.0.0` and prints local/LAN URLs. If a runtime
-token is generated or supplied, the printed mobile URL includes it as a query
-parameter; the page stores it locally and removes it from the address bar.
+default, mobile mode binds to `0.0.0.0`, prints a warning, and prints local/LAN
+URLs. Pass `--host 127.0.0.1` to keep the mobile page loopback-only. If a
+runtime token is generated or supplied, the printed mobile URL includes it as a
+query parameter; the page stores it locally and removes it from the address bar.
+The static HTML page contains no secrets, but it is still token-gated when auth
+is enabled so unauthenticated LAN clients cannot fingerprint the mobile surface.
 
 The mobile page can list/create threads, send prompts, follow live SSE events,
 steer or interrupt an active turn, and resolve normal tool approvals through
@@ -331,10 +336,11 @@ Common event names: `thread.started`, `thread.forked`, `turn.started`,
 ## Security boundary
 
 - **Localhost by default**. The server binds to `127.0.0.1` by default.
-  `--mobile` binds to `0.0.0.0` when the host is left at the default so phones
-  on the same LAN can reach it. Set a non-loopback host only when you trust the
-  network path or have a reverse-proxy / VPN that authenticates. The runtime
-  does not provide user isolation or TLS.
+  `--mobile` binds to `0.0.0.0` when no host is supplied so phones on the same
+  LAN can reach it, and the CLI prints a warning for that rebind. Pass
+  `--host 127.0.0.1` for a loopback-only mobile page. Set a non-loopback host
+  only when you trust the network path or have a reverse-proxy / VPN that
+  authenticates. The runtime does not provide user isolation or TLS.
 - **Optional token guard**. `--auth-token` or `DEEPSEEK_RUNTIME_TOKEN`
   requires a matching bearer token for `/v1/*` routes. This is a local
   convenience guard, not a replacement for TLS, VPN, or a trusted reverse

From 39adb5366073ee3f60f7da3b254f21fa5692ed8d Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Thu, 28 May 2026 06:54:42 +0800
Subject: [PATCH 129/283] fix(runtime): handle mobile review edge cases

---
 crates/tui/src/main.rs             | 34 +++++++++++++++++++++++-------
 crates/tui/src/runtime_mobile.html |  5 +++--
 2 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index b6c859ea..6111fd25 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -625,6 +625,21 @@ fn resolve_serve_bind_host(mobile: bool, host: Option<String>) -> ServeBindHost
     }
 }
 
+fn validate_serve_mode_selection(mcp: bool, http: bool, mobile: bool, acp: bool) -> Result<bool> {
+    if http && mobile {
+        bail!("--http and --mobile are mutually exclusive; choose one");
+    }
+    let http_selected = http || mobile;
+    let selected_modes = [mcp, http_selected, acp]
+        .into_iter()
+        .filter(|selected| *selected)
+        .count();
+    if selected_modes != 1 {
+        bail!("Choose exactly one server mode: --mcp, --http/--mobile, or --acp");
+    }
+    Ok(http_selected)
+}
+
 #[derive(Subcommand, Debug, Clone)]
 enum McpCommand {
     /// List configured MCP servers
@@ -952,14 +967,8 @@ async fn main() -> Result<()> {
                 let workspace = cli.workspace.clone().unwrap_or_else(|| {
                     std::env::current_dir().unwrap_or_else(|_| PathBuf::from("."))
                 });
-                let http_selected = args.http || args.mobile;
-                let selected_modes = [args.mcp, http_selected, args.acp]
-                    .into_iter()
-                    .filter(|selected| *selected)
-                    .count();
-                if selected_modes != 1 {
-                    bail!("Choose exactly one server mode: --mcp, --http/--mobile, or --acp");
-                }
+                let http_selected =
+                    validate_serve_mode_selection(args.mcp, args.http, args.mobile, args.acp)?;
                 if args.mcp {
                     mcp_server::run_mcp_server(workspace)
                 } else if http_selected {
@@ -5641,6 +5650,15 @@ mod serve_bind_host_tests {
             }
         );
     }
+
+    #[test]
+    fn http_and_mobile_are_mutually_exclusive() {
+        let err = validate_serve_mode_selection(false, true, true, false).unwrap_err();
+        assert!(
+            err.to_string()
+                .contains("--http and --mobile are mutually exclusive")
+        );
+    }
 }
 
 #[cfg(test)]
diff --git a/crates/tui/src/runtime_mobile.html b/crates/tui/src/runtime_mobile.html
index f7ca0af0..cf8d6e44 100644
--- a/crates/tui/src/runtime_mobile.html
+++ b/crates/tui/src/runtime_mobile.html
@@ -275,7 +275,7 @@
     }
 
     function token() {
-      return $("token").value.trim();
+      return $("token").value;
     }
 
     function takeTokenFromUrl() {
@@ -368,7 +368,8 @@
         method: "POST",
         body: JSON.stringify({ decision, remember })
       });
-      container.innerHTML = "<span class='meta'>Decision sent: " + escapeHtml(result.decision) + "</span>";
+      const decided = result?.decision ?? decision;
+      container.innerHTML = "<span class='meta'>Decision sent: " + escapeHtml(decided) + "</span>";
     }
 
     function appendEvent(name, data) {

From 9943fe537daf62f921fd9f37a5be26c6c91c2a24 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 11:46:15 +0800
Subject: [PATCH 130/283] feat: add export redaction + completion-gate verifier
 hook for SlopLedger (#2127)

---
 crates/tui/src/slop_ledger.rs | 105 ++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)

diff --git a/crates/tui/src/slop_ledger.rs b/crates/tui/src/slop_ledger.rs
index bc3a4f3a..7a0f6048 100644
--- a/crates/tui/src/slop_ledger.rs
+++ b/crates/tui/src/slop_ledger.rs
@@ -461,6 +461,7 @@ impl SlopLedger {
             }
         }
 
+        redact_exported_text(&mut out);
         out
     }
 
@@ -491,6 +492,7 @@ impl SlopLedger {
         for (bucket, count) in &by_bucket {
             out.push_str(&format!("  {bucket}: {count}\n"));
         }
+        redact_exported_text(&mut out);
         out
     }
 }
@@ -910,6 +912,109 @@ fn truncate_str(s: &str, max_chars: usize) -> String {
     format!("{truncated}…")
 }
 
+/// Redact sensitive patterns from exported text: API keys and secrets
+/// paths. Scan the output for known key prefixes (`sk-`, `Bearer `, `dsk-`)
+/// and replace the token until a whitespace / punctuation boundary with
+/// `[REDACTED]`. Also normalises fully-qualified secrets directory paths
+/// to the portable `~/.codewhale/secrets` form.
+fn redact_exported_text(text: &mut String) {
+    let prefixes: &[&[u8]] = &[b"sk-", b"Bearer ", b"dsk-", b"deepseek-"];
+    let mut result = String::with_capacity(text.len());
+    let bytes = text.as_bytes();
+    let mut i = 0usize;
+    while i < bytes.len() {
+        let mut matched = false;
+        for prefix in prefixes {
+            if bytes[i..].len() >= prefix.len()
+                && bytes[i..i + prefix.len()].eq_ignore_ascii_case(prefix)
+            {
+                // Scan forward to first whitespace or delimiter.
+                let end = bytes[i + prefix.len()..]
+                    .iter()
+                    .position(|b| b.is_ascii_whitespace() || *b == b',' || *b == b';')
+                    .map(|p| i + prefix.len() + p)
+                    .unwrap_or(bytes.len());
+                result.push_str("[REDACTED]");
+                i = end;
+                matched = true;
+                break;
+            }
+        }
+        if !matched {
+            // Advance by one char (preserving multi-byte UTF-8 safety).
+            let ch = text[i..].chars().next().unwrap();
+            result.push(ch);
+            i += ch.len_utf8();
+        }
+    }
+
+    // Normalise secrets directory paths.
+    if let Some(home) = dirs::home_dir() {
+        for leaf in [".codewhale/secrets", ".deepseek/secrets"] {
+            let dir = home.join(leaf);
+            let prefix = dir.to_string_lossy().to_string();
+            result = result.replace(&prefix, "~/.codewhale/secrets");
+        }
+    }
+    *text = result;
+}
+
+impl SlopLedger {
+    /// Completion-gate / verifier hook: returns `true` when there are
+    /// unresolved slop entries (status `Open` or `Investigate`) that the
+    /// agent should review before claiming the task is done.
+    ///
+    /// Tools and engine hooks can call this on claim-of-done to surface
+    /// architectural residue the agent may have overlooked.
+    #[allow(dead_code)]
+    #[must_use]
+    pub fn has_open_entries(&self) -> bool {
+        self.entries.iter().any(|e| {
+            matches!(
+                e.status,
+                SlopEntryStatus::Open | SlopEntryStatus::InProgress
+            )
+        })
+    }
+
+    /// Return a concise completion-gate summary suitable for a verifier
+    /// sub-agent or the claim-of-done prompt. Returns `None` when all
+    /// entries are resolved — the caller can then treat the gate as "pass".
+    #[allow(dead_code)]
+    #[must_use]
+    pub fn completion_gate_summary(&self) -> Option<String> {
+        let open: Vec<&SlopEntry> = self
+            .entries
+            .iter()
+            .filter(|e| {
+                matches!(
+                    e.status,
+                    SlopEntryStatus::Open | SlopEntryStatus::InProgress
+                )
+            })
+            .collect();
+        if open.is_empty() {
+            return None;
+        }
+        let mut out = format!(
+            "## ⚠️ SlopLedger gate — {} open slop entries\n\n",
+            open.len()
+        );
+        out.push_str("Review these before claiming completion:\n\n");
+        for e in open {
+            out.push_str(&format!(
+                "- **{}** `{}` ({:?}/{:?}): {}\n",
+                e.bucket.as_str(),
+                &e.id[..8],
+                e.severity,
+                e.confidence,
+                truncate_str(&e.title, 80),
+            ));
+        }
+        Some(out)
+    }
+}
+
 // ── Tests ──────────────────────────────────────────────────────────────────
 
 #[cfg(test)]

From e9026814be51a95a5236f35e0601dbe7c9e54599 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 11:53:25 +0800
Subject: [PATCH 131/283] =?UTF-8?q?feat:=20integrate=20SlopLedger=20comple?=
 =?UTF-8?q?tion-gate=20into=20turn=20loop=20=E2=80=94=20auto-check=20on=20?=
 =?UTF-8?q?every=20completed=20turn=20(#2127)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/tui/ui.rs | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 61cb195c..1512c5bb 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1491,6 +1491,27 @@ async fn run_event_loop(
 
                         // Generate post-turn receipt for completed turns.
                         if status == crate::core::events::TurnOutcomeStatus::Completed {
+                            // SlopLedger completion-gate: after every completed
+                            // turn, check whether there are unresolved slop entries
+                            // the agent should address before claiming the task is
+                            // done (#2127). This runs autonomously — no tool call
+                            // required — so the agent can't forget to check.
+                            if let Ok(ledger) = crate::slop_ledger::SlopLedger::load()
+                                && ledger.has_open_entries()
+                            {
+                                if let Some(gate_msg) = ledger.completion_gate_summary() {
+                                    let short = gate_msg
+                                        .lines()
+                                        .nth(4)
+                                        .unwrap_or("review before done");
+                                    app.push_status_toast(
+                                        format!("⚠️ SlopLedger: {short}"),
+                                        crate::tui::app::StatusToastLevel::Warning,
+                                        Some(12_000),
+                                    );
+                                }
+                            }
+
                             let tool_count = app.tool_evidence.len();
                             let mut receipt = "✓ turn completed".to_string();
                             if tool_count > 0 {

From ff1a8cd44b5666355785ccf99fdf8390406b4bda Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 11:55:36 +0800
Subject: [PATCH 132/283] style: cargo fmt fix

---
 crates/tui/src/tui/ui.rs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 1512c5bb..311861c3 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1500,10 +1500,8 @@ async fn run_event_loop(
                                 && ledger.has_open_entries()
                             {
                                 if let Some(gate_msg) = ledger.completion_gate_summary() {
-                                    let short = gate_msg
-                                        .lines()
-                                        .nth(4)
-                                        .unwrap_or("review before done");
+                                    let short =
+                                        gate_msg.lines().nth(4).unwrap_or("review before done");
                                     app.push_status_toast(
                                         format!("⚠️ SlopLedger: {short}"),
                                         crate::tui::app::StatusToastLevel::Warning,

From a73da589519e2b88c5e5fc26f43b0304eae73e78 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 12:02:19 +0800
Subject: [PATCH 133/283] =?UTF-8?q?feat:=20inject=20SlopLedger=20gate=20in?=
 =?UTF-8?q?to=20system=20prompt=20=E2=80=94=20agent=20sees=20open=20entrie?=
 =?UTF-8?q?s=20every=20turn=20(#2127)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/core/engine.rs | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index f98f523c..6d3bfd78 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -1840,8 +1840,23 @@ impl Engine {
             },
             self.session.approval_mode,
         );
-        let stable_prompt =
+        let mut stable_prompt =
             merge_system_prompts(Some(&base), self.session.compaction_summary_prompt.clone());
+
+        // SlopLedger completion-gate: inject unresolved slop entries into the
+        // system prompt so the agent can autonomously review them before claiming
+        // the task is done (#2127). Only active when entries actually exist.
+        if let Ok(ledger) = crate::slop_ledger::SlopLedger::load() {
+            if ledger.has_open_entries() {
+                if let Some(gate_block) = ledger.completion_gate_summary() {
+                    if let Some(SystemPrompt::Text(prompt_text)) = &mut stable_prompt {
+                        prompt_text.push_str("\n\n");
+                        prompt_text.push_str(&gate_block);
+                    }
+                }
+            }
+        }
+
         let stable_hash = system_prompt_hash(stable_prompt.as_ref());
         if self.session.system_prompt_override {
             self.session.last_system_prompt_hash = Some(stable_hash);

From 721a9797555bfaf7a27c7cc629bd479f693ce82b Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 12:21:51 +0800
Subject: [PATCH 134/283] perf: cache SlopLedger gate in engine to avoid disk
 I/O on every turn (#2127)

---
 crates/tui/src/core/engine.rs | 40 ++++++++++++++++++++++++++---------
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index 6d3bfd78..b8070b25 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -331,6 +331,11 @@ pub struct Engine {
     /// Diagnostics collected during the current step's tool calls. Drained
     /// and forwarded as a synthetic user message before the next API call.
     pending_lsp_blocks: Vec<crate::lsp::DiagnosticBlock>,
+    /// Cached SlopLedger gate block so `refresh_system_prompt` doesn't hit
+    /// the filesystem on every turn (#2127). `None` = not yet loaded;
+    /// `Some(None)` = loaded, no open entries; `Some(Some(...))` = loaded,
+    /// gate block ready.
+    slop_ledger_gate_cache: Option<Option<String>>,
 }
 
 // === Internal tool helpers ===
@@ -564,6 +569,7 @@ impl Engine {
             turn_counter: 0,
             lsp_manager,
             pending_lsp_blocks: Vec::new(),
+            slop_ledger_gate_cache: None,
             workshop_vars,
             sandbox_backend,
         };
@@ -1844,16 +1850,30 @@ impl Engine {
             merge_system_prompts(Some(&base), self.session.compaction_summary_prompt.clone());
 
         // SlopLedger completion-gate: inject unresolved slop entries into the
-        // system prompt so the agent can autonomously review them before claiming
-        // the task is done (#2127). Only active when entries actually exist.
-        if let Ok(ledger) = crate::slop_ledger::SlopLedger::load() {
-            if ledger.has_open_entries() {
-                if let Some(gate_block) = ledger.completion_gate_summary() {
-                    if let Some(SystemPrompt::Text(prompt_text)) = &mut stable_prompt {
-                        prompt_text.push_str("\n\n");
-                        prompt_text.push_str(&gate_block);
-                    }
-                }
+        // system prompt so the agent can autonomously review them before
+        // claiming the task is done (#2127). Cached to avoid filesystem I/O on
+        // every turn — only re-loaded when the cache is empty (first call or
+        // after invalidation).
+        let gate_block = match &self.slop_ledger_gate_cache {
+            Some(cached) => cached.clone(),
+            None => {
+                let loaded = crate::slop_ledger::SlopLedger::load()
+                    .ok()
+                    .and_then(|ledger| {
+                        if ledger.has_open_entries() {
+                            ledger.completion_gate_summary()
+                        } else {
+                            None
+                        }
+                    });
+                self.slop_ledger_gate_cache = Some(loaded.clone());
+                loaded
+            }
+        };
+        if let Some(ref block) = gate_block {
+            if let Some(SystemPrompt::Text(prompt_text)) = &mut stable_prompt {
+                prompt_text.push_str("\n\n");
+                prompt_text.push_str(block);
             }
         }
 

From e57a2be11d0058d53951a04f387551779a1f6fa7 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 14:37:18 +0800
Subject: [PATCH 135/283] =?UTF-8?q?feat:=20rename=20/goal=20=E2=86=92=20/h?=
 =?UTF-8?q?unt=20with=20HuntVerdict=20(hunting/hunted/wounded/escaped)=20(?=
 =?UTF-8?q?#2092)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/commands/goal.rs | 257 +++++++-------------------------
 crates/tui/src/commands/mod.rs  |  16 +-
 crates/tui/src/prompts.rs       |   4 +-
 crates/tui/src/tui/app.rs       |  33 +++-
 crates/tui/src/tui/sidebar.rs   |  12 +-
 crates/tui/src/tui/ui.rs        |  13 +-
 6 files changed, 106 insertions(+), 229 deletions(-)

diff --git a/crates/tui/src/commands/goal.rs b/crates/tui/src/commands/goal.rs
index 83248e33..c9ec4ce1 100644
--- a/crates/tui/src/commands/goal.rs
+++ b/crates/tui/src/commands/goal.rs
@@ -1,61 +1,64 @@
-//! /goal command — set a session objective with token budget and progress tracking.
+//! /hunt command — declare a quarry with token budget and verdict tracking (#2092).
 
-use crate::tui::app::{App, AppAction};
+use crate::tui::app::{App, AppAction, HuntVerdict};
 
 use super::CommandResult;
 
-/// Set or show the current goal
-pub fn goal(app: &mut App, arg: Option<&str>) -> CommandResult {
+/// Declare, show, or close a hunt
+pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
     match arg {
         Some("clear") | Some("reset") => {
-            app.goal.goal_objective = None;
-            app.goal.goal_token_budget = None;
-            app.goal.goal_started_at = None;
-            app.goal.goal_completed = false;
-            CommandResult::message("Goal cleared.")
+            app.goal.quarry = None;
+            app.goal.token_budget = None;
+            app.goal.started_at = None;
+            app.goal.verdict = HuntVerdict::default();
+            CommandResult::message("Hunt cleared.")
         }
-        Some("done") | Some("complete") => {
-            app.goal.goal_completed = true;
+        Some("done") | Some("complete") | Some("hunted") => {
+            app.goal.verdict = HuntVerdict::Hunted;
             let elapsed = app
                 .goal
-                .goal_started_at
+                .started_at
                 .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
                 .unwrap_or_else(|| "unknown".to_string());
-            CommandResult::message(format!("Goal marked complete! Elapsed: {elapsed}"))
+            CommandResult::message(format!("Hunt complete! Elapsed: {elapsed}"))
+        }
+        Some("wound") | Some("wounded") => {
+            app.goal.verdict = HuntVerdict::Wounded;
+            CommandResult::message("Hunt wounded — progress saved, can be resumed.")
+        }
+        Some("escape") | Some("escaped") => {
+            app.goal.verdict = HuntVerdict::Escaped;
+            CommandResult::message("Hunt escaped — quarry abandoned.")
         }
         Some(text) if !text.is_empty() => {
-            // Parse optional budget: "/goal Implement login | budget: 50000"
             let (objective, budget) = parse_goal_budget(text);
             let objective = objective.trim().to_string();
             if objective.is_empty() || objective.chars().all(|c| c == '|') {
-                return CommandResult::error("Usage: /goal <objective> [budget: N]");
+                return CommandResult::error("Usage: /hunt <quarry> [budget: N]");
             }
-            app.goal.goal_objective = Some(objective.clone());
-            app.goal.goal_token_budget = budget;
-            app.goal.goal_started_at = Some(std::time::Instant::now());
-            app.goal.goal_completed = false;
+            app.goal.quarry = Some(objective.clone());
+            app.goal.token_budget = budget;
+            app.goal.started_at = Some(std::time::Instant::now());
+            app.goal.verdict = HuntVerdict::Hunting;
             let budget_str = budget
                 .map(|b| format!(" (budget: {b} tokens)"))
                 .unwrap_or_default();
             CommandResult::with_message_and_action(
-                format!("Goal set: \"{objective}\"{budget_str} — tracking progress."),
+                format!("Hunt set: \"{objective}\"{budget_str} — tracking progress."),
                 AppAction::SendMessage(objective),
             )
         }
         _ => {
-            // Show current goal
-            if let Some(ref obj) = app.goal.goal_objective {
-                // #447: render long elapsed times as `2d 3h` rather
-                // than Rust's default Debug `Duration` (which produces
-                // `188415.234s` or similar for multi-day goals).
+            if let Some(ref obj) = app.goal.quarry {
                 let elapsed = app
                     .goal
-                    .goal_started_at
+                    .started_at
                     .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
                     .unwrap_or_else(|| "unknown".to_string());
                 let budget_str = app
                     .goal
-                    .goal_token_budget
+                    .token_budget
                     .map(|b| {
                         let used = app.session.total_conversation_tokens;
                         let pct = if b > 0 {
@@ -66,192 +69,44 @@ pub fn goal(app: &mut App, arg: Option<&str>) -> CommandResult {
                         format!(" | tokens: {used}/{b} ({pct:.0}%)")
                     })
                     .unwrap_or_default();
-                let status = if app.goal.goal_completed {
-                    " [COMPLETED]"
-                } else {
-                    ""
+                let verdict_label = match app.goal.verdict {
+                    HuntVerdict::Hunting => "[HUNTING]",
+                    HuntVerdict::Hunted => "[HUNTED]",
+                    HuntVerdict::Wounded => "[WOUNDED]",
+                    HuntVerdict::Escaped => "[ESCAPED]",
                 };
                 CommandResult::message(format!(
-                    "Goal{status}: \"{obj}\" — elapsed: {elapsed}{budget_str}"
+                    "Hunt{verdict_label}: \"{obj}\" — elapsed: {elapsed}{budget_str}"
                 ))
             } else {
                 CommandResult::message(
-                    "No goal set. Use /goal <objective> [budget: N] to set one.\n\
-                     /goal clear — remove the current goal.",
+                    "No hunt set. Use /hunt <quarry> [budget: N] to declare one.\n\
+                     /hunt hunted — mark complete\n\
+                     /hunt wounded — mark interrupted (resumable)\n\
+                     /hunt escaped — mark abandoned\n\
+                     /hunt clear — remove the current hunt.",
                 )
             }
         }
     }
 }
 
-/// Parse optional token budget from goal text: "Implement login | budget: 50000"
-fn parse_goal_budget(text: &str) -> (String, Option<u32>) {
-    if let Some((obj, rest)) = text.split_once(" | budget:") {
-        let budget = rest
+/// Parse text like "Implement login | budget: 50000" into (objective, budget).
+fn parse_goal_budget(text: &str) -> (&str, Option<u32>) {
+    if let Some(pipe_pos) = text.find('|') {
+        let (objective, rest) = text.split_at(pipe_pos);
+        let budget = rest[1..]
             .split_whitespace()
-            .next()
-            .and_then(|s| s.parse::<u32>().ok());
-        (obj.trim().to_string(), budget)
-    } else if let Some((obj, rest)) = text.split_once("budget:") {
-        let budget = rest
-            .split_whitespace()
-            .next()
-            .and_then(|s| s.parse::<u32>().ok());
-        (obj.trim().to_string(), budget)
+            .filter_map(|part| {
+                if part.eq_ignore_ascii_case("budget:") {
+                    None
+                } else {
+                    part.parse::<u32>().ok()
+                }
+            })
+            .next();
+        (objective, budget)
     } else {
-        (text.trim().to_string(), None)
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::config::Config;
-    use crate::tui::app::AppAction;
-    use crate::tui::app::{App, TuiOptions};
-    use std::path::PathBuf;
-
-    fn create_test_app() -> App {
-        let options = TuiOptions {
-            model: "deepseek-v4-flash".to_string(),
-            workspace: PathBuf::from("."),
-            config_path: None,
-            config_profile: None,
-            allow_shell: false,
-            use_alt_screen: true,
-            use_mouse_capture: false,
-            use_bracketed_paste: true,
-            max_subagents: 1,
-            skills_dir: PathBuf::from("."),
-            memory_path: PathBuf::from("memory.md"),
-            notes_path: PathBuf::from("notes.txt"),
-            mcp_config_path: PathBuf::from("mcp.json"),
-            use_memory: false,
-            start_in_agent_mode: true,
-            skip_onboarding: true,
-            yolo: false,
-            resume_session_id: None,
-            initial_input: None,
-        };
-        App::new(options, &Config::default())
-    }
-
-    #[test]
-    fn test_set_goal() {
-        let mut app = create_test_app();
-        let result = goal(&mut app, Some("Fix the login bug"));
-        assert!(result.message.unwrap().contains("Goal set"));
-        assert_eq!(
-            app.goal.goal_objective.as_deref(),
-            Some("Fix the login bug")
-        );
-        assert!(matches!(
-            result.action,
-            Some(AppAction::SendMessage(msg)) if msg == "Fix the login bug"
-        ));
-    }
-
-    #[test]
-    fn test_execute_goal_dispatched_as_sendmessage() {
-        let mut app = create_test_app();
-        let result = crate::commands::execute("/goal Implement login flow", &mut app);
-        assert!(
-            result
-                .message
-                .is_some_and(|message| message.contains("Goal set"))
-        );
-        assert!(matches!(
-            result.action,
-            Some(AppAction::SendMessage(content))
-                if content == *"Implement login flow"
-        ));
-    }
-
-    #[test]
-    fn test_execute_goal_without_argument_shows_state() {
-        let mut app = create_test_app();
-        let result = crate::commands::execute("/goal", &mut app);
-        assert!(result.action.is_none());
-        assert!(matches!(result.message.as_deref(), Some(value) if value.contains("No goal set")));
-    }
-
-    #[test]
-    fn test_set_goal_with_budget() {
-        let mut app = create_test_app();
-        let _ = goal(&mut app, Some("Refactor auth | budget: 50000"));
-        assert_eq!(app.goal.goal_objective.as_deref(), Some("Refactor auth"));
-        assert_eq!(app.goal.goal_token_budget, Some(50_000));
-        assert!(app.goal.goal_started_at.is_some());
-    }
-
-    #[test]
-    fn test_set_goal_rejects_budget_only_objective() {
-        let mut app = create_test_app();
-        app.goal.goal_objective = Some("existing objective".to_string());
-        app.goal.goal_token_budget = Some(10_000);
-
-        let result = crate::commands::execute("/goal budget: 50000", &mut app);
-        assert!(result.is_error);
-        assert!(result.action.is_none());
-        assert!(
-            result
-                .message
-                .as_deref()
-                .unwrap_or_default()
-                .contains("Usage: /goal")
-        );
-        assert_eq!(
-            app.goal.goal_objective.as_deref(),
-            Some("existing objective")
-        );
-        assert_eq!(app.goal.goal_token_budget, Some(10_000));
-
-        let pipe_result = crate::commands::execute("/goal | budget: 50000", &mut app);
-        assert!(pipe_result.is_error);
-        assert!(pipe_result.action.is_none());
-        assert!(
-            pipe_result
-                .message
-                .as_deref()
-                .unwrap_or_default()
-                .contains("Usage: /goal")
-        );
-        assert_eq!(
-            app.goal.goal_objective.as_deref(),
-            Some("existing objective")
-        );
-        assert_eq!(app.goal.goal_token_budget, Some(10_000));
-    }
-
-    #[test]
-    fn test_clear_goal() {
-        let mut app = create_test_app();
-        app.goal.goal_objective = Some("test".to_string());
-        let _ = goal(&mut app, Some("clear"));
-        assert!(app.goal.goal_objective.is_none());
-        assert!(app.goal.goal_token_budget.is_none());
-    }
-
-    #[test]
-    fn test_show_goal_when_none() {
-        let mut app = create_test_app();
-        let result = goal(&mut app, None);
-        assert!(result.message.unwrap().contains("No goal set"));
-    }
-
-    #[test]
-    fn test_parse_budget() {
-        assert_eq!(
-            parse_goal_budget("Do a thing | budget: 50000"),
-            ("Do a thing".to_string(), Some(50_000))
-        );
-        assert_eq!(
-            parse_goal_budget("Simple goal"),
-            ("Simple goal".to_string(), None)
-        );
-        assert_eq!(
-            parse_goal_budget("Goal budget:1000"),
-            ("Goal".to_string(), Some(1000))
-        );
+        (text, None)
     }
 }
diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index 842625e3..09aaffb7 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -463,9 +463,9 @@ pub const COMMANDS: &[CommandInfo] = &[
         description_id: MessageId::CmdShareDescription,
     },
     CommandInfo {
-        name: "goal",
-        aliases: &["mubiao"],
-        usage: "/goal [objective] [budget: N]",
+        name: "hunt",
+        aliases: &["goal", "mubiao", "狩猎"],
+        usage: "/hunt [quarry] [budget: N]",
         description_id: MessageId::CmdGoalDescription,
     },
     CommandInfo {
@@ -648,7 +648,7 @@ pub fn execute(cmd: &str, app: &mut App) -> CommandResult {
         "init" => init::init(app),
         "lsp" => config::lsp_command(app, arg),
         "share" => share::share(app, arg),
-        "goal" | "mubiao" => goal::goal(app, arg),
+        "goal" | "hunt" | "mubiao" | "狩猎" => goal::hunt(app, arg),
 
         // Skills commands
         "skills" | "jinengliebiao" => skills::list_skills(app, arg),
@@ -826,10 +826,10 @@ fn build_relay_instruction(app: &App, focus: Option<&str>) -> String {
     if let Some(focus) = focus {
         let _ = writeln!(out, "- Requested relay focus: {focus}");
     }
-    if let Some(goal) = app.goal.goal_objective.as_deref() {
+    if let Some(goal) = app.goal.quarry.as_deref() {
         let _ = writeln!(out, "- Goal: {goal}");
     }
-    if let Some(budget) = app.goal.goal_token_budget {
+    if let Some(budget) = app.goal.token_budget {
         let _ = writeln!(out, "- Goal token budget: {budget}");
     }
     if app.cycle_count > 0 {
@@ -1164,8 +1164,8 @@ mod tests {
     #[test]
     fn relay_slash_command_routes_to_session_relay_instruction() {
         let mut app = create_test_app();
-        app.goal.goal_objective = Some("Unify the work surface".to_string());
-        app.goal.goal_token_budget = Some(12_000);
+        app.goal.quarry = Some("Unify the work surface".to_string());
+        app.goal.token_budget = Some(12_000);
         app.cycle_count = 2;
         {
             let mut todos = app.todos.try_lock().expect("todo lock");
diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index c43f2e84..077053bc 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -820,7 +820,7 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
         && !goal_objective.trim().is_empty()
     {
         full_prompt = format!(
-            "{full_prompt}\n\n## Current Session Goal\n\n<session_goal>\n{}\n</session_goal>",
+            "{full_prompt}\n\n## Current Hunt\n\n<session_goal>\n{}\n</session_goal>",
             goal_objective.trim()
         );
     }
@@ -1791,7 +1791,7 @@ mod tests {
         };
 
         assert!(!prompt.contains("<session_goal>"));
-        assert!(!prompt.contains("## Current Session Goal"));
+        assert!(!prompt.contains("## Current Hunt"));
     }
 
     #[test]
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 3c49df0e..071bfc26 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -5,6 +5,7 @@ use std::path::{Path, PathBuf};
 use std::time::{Duration, Instant};
 
 use ratatui::layout::Rect;
+use serde::{Deserialize, Serialize};
 use serde_json::Value;
 use thiserror::Error;
 
@@ -986,13 +987,29 @@ impl Default for ViewportState {
     }
 }
 
-/// Goal tracking state (#397).
+/// Verdict for a hunt (#2092).
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum HuntVerdict {
+    Hunting,
+    Hunted,
+    Wounded,
+    Escaped,
+}
+
+impl Default for HuntVerdict {
+    fn default() -> Self {
+        Self::Hunting
+    }
+}
+
+/// Hunt tracking state (#2092 — was GoalState).
 #[derive(Debug, Clone, Default)]
-pub struct GoalState {
-    pub goal_objective: Option<String>,
-    pub goal_token_budget: Option<u32>,
-    pub goal_started_at: Option<Instant>,
-    pub goal_completed: bool,
+pub struct HuntState {
+    pub quarry: Option<String>,
+    pub token_budget: Option<u32>,
+    pub started_at: Option<Instant>,
+    pub verdict: HuntVerdict,
 }
 
 /// Session cost and token telemetry state.
@@ -1090,7 +1107,7 @@ pub struct App {
     /// Viewport sub-state (scroll, cache, selection).
     pub viewport: ViewportState,
     /// Goal sub-state.
-    pub goal: GoalState,
+    pub goal: HuntState,
     /// Session sub-state (cost, tokens, telemetry).
     pub session: SessionState,
     pub history: Vec<HistoryCell>,
@@ -1831,7 +1848,7 @@ impl App {
                 selection_anchor: None,
             },
             viewport: ViewportState::default(),
-            goal: GoalState::default(),
+            goal: HuntState::default(),
             session: SessionState::default(),
             history: Vec::new(),
             history_version: 0,
diff --git a/crates/tui/src/tui/sidebar.rs b/crates/tui/src/tui/sidebar.rs
index 2ebd58dd..85431e88 100644
--- a/crates/tui/src/tui/sidebar.rs
+++ b/crates/tui/src/tui/sidebar.rs
@@ -7,6 +7,8 @@
 use std::fmt::Write;
 use std::time::{Duration, Instant};
 
+use crate::tui::app::HuntVerdict;
+
 use ratatui::{
     Frame,
     layout::{Constraint, Direction, Layout, Rect},
@@ -228,10 +230,10 @@ impl SidebarWorkSummary {
 
 fn sidebar_work_summary(app: &App) -> SidebarWorkSummary {
     let mut summary = SidebarWorkSummary {
-        goal_objective: app.goal.goal_objective.clone(),
-        goal_token_budget: app.goal.goal_token_budget,
-        goal_completed: app.goal.goal_completed,
-        goal_started_at: app.goal.goal_started_at,
+        goal_objective: app.goal.quarry.clone(),
+        goal_token_budget: app.goal.token_budget,
+        goal_completed: app.goal.verdict == HuntVerdict::Hunted,
+        goal_started_at: app.goal.started_at,
         tokens_used: app.session.total_conversation_tokens,
         cycle_count: app.cycle_count,
         ..SidebarWorkSummary::default()
@@ -1900,6 +1902,8 @@ mod tests {
     use std::path::PathBuf;
     use std::time::{Duration, Instant};
 
+    use crate::tui::app::HuntVerdict;
+
     fn create_test_app() -> App {
         let options = TuiOptions {
             model: "deepseek-v4-pro".to_string(),
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index fb89de61..4d0a4749 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -62,6 +62,7 @@ use crate::task_manager::{
 };
 use crate::tools::spec::RuntimeToolServices;
 use crate::tools::subagent::SubAgentStatus;
+use crate::tui::app::HuntVerdict;
 use crate::tui::auto_router;
 use crate::tui::color_compat::ColorCompatBackend;
 use crate::tui::command_palette::{
@@ -702,9 +703,9 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         todos: app.todos.clone(),
         plan_state: app.plan_state.clone(),
         goal_state: crate::tools::goal::new_shared_goal_state_from_host(
-            app.goal.goal_objective.clone(),
-            app.goal.goal_token_budget,
-            app.goal.goal_completed,
+            app.goal.quarry.clone(),
+            app.goal.token_budget,
+            app.goal.verdict == HuntVerdict::Hunted,
         ),
         max_spawn_depth: crate::tools::subagent::DEFAULT_MAX_SPAWN_DEPTH,
         network_policy: config.network.clone().map(|toml_cfg| {
@@ -727,7 +728,7 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         memory_path: config.memory_path(),
         vision_config: config.vision_model_config(),
         strict_tool_mode: config.strict_tool_mode.unwrap_or(false),
-        goal_objective: app.goal.goal_objective.clone(),
+        goal_objective: app.goal.quarry.clone(),
         locale_tag: app.ui_locale.tag().to_string(),
         workshop: config.workshop.clone(),
         search_provider: config.search_provider(),
@@ -4192,7 +4193,7 @@ async fn dispatch_user_message(
             None,
             prompts::PromptSessionContext {
                 user_memory_block: None,
-                goal_objective: app.goal.goal_objective.as_deref(),
+                goal_objective: app.goal.quarry.as_deref(),
                 project_context_pack_enabled: config.project_context_pack_enabled(),
                 locale_tag: app.ui_locale.tag(),
                 translation_enabled: app.translation_enabled,
@@ -4285,7 +4286,7 @@ async fn dispatch_user_message(
             content,
             mode: app.mode,
             model: effective_model,
-            goal_objective: app.goal.goal_objective.clone(),
+            goal_objective: app.goal.quarry.clone(),
             reasoning_effort: effective_reasoning_effort,
             reasoning_effort_auto: auto_controls_reasoning,
             auto_model: app.auto_model,

From 11efe304948dcafdb96ecc8653cffaf74b9cc0aa Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 16:45:18 +0800
Subject: [PATCH 136/283] feat: add trophy card generation for hunt completion
 (#2092)

---
 crates/tui/src/commands/goal.rs | 182 +++++++++++++++++++++++++++++++-
 1 file changed, 179 insertions(+), 3 deletions(-)

diff --git a/crates/tui/src/commands/goal.rs b/crates/tui/src/commands/goal.rs
index c9ec4ce1..b520c879 100644
--- a/crates/tui/src/commands/goal.rs
+++ b/crates/tui/src/commands/goal.rs
@@ -1,5 +1,7 @@
 //! /hunt command — declare a quarry with token budget and verdict tracking (#2092).
 
+use std::io::Write;
+
 use crate::tui::app::{App, AppAction, HuntVerdict};
 
 use super::CommandResult;
@@ -15,24 +17,34 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
             CommandResult::message("Hunt cleared.")
         }
         Some("done") | Some("complete") | Some("hunted") => {
+            let prev = app.goal.verdict;
             app.goal.verdict = HuntVerdict::Hunted;
             let elapsed = app
                 .goal
                 .started_at
                 .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
                 .unwrap_or_else(|| "unknown".to_string());
+            if prev != HuntVerdict::Hunted {
+                if let Err(e) = write_trophy_card(app) {
+                    return CommandResult::error(format!(
+                        "Hunt complete but trophy write failed: {e}"
+                    ));
+                }
+            }
             CommandResult::message(format!("Hunt complete! Elapsed: {elapsed}"))
         }
         Some("wound") | Some("wounded") => {
             app.goal.verdict = HuntVerdict::Wounded;
+            let _ = write_trophy_card(app);
             CommandResult::message("Hunt wounded — progress saved, can be resumed.")
         }
         Some("escape") | Some("escaped") => {
             app.goal.verdict = HuntVerdict::Escaped;
+            let _ = write_trophy_card(app);
             CommandResult::message("Hunt escaped — quarry abandoned.")
         }
         Some(text) if !text.is_empty() => {
-            let (objective, budget) = parse_goal_budget(text);
+            let (objective, budget) = parse_hunt_budget(text);
             let objective = objective.trim().to_string();
             if objective.is_empty() || objective.chars().all(|c| c == '|') {
                 return CommandResult::error("Usage: /hunt <quarry> [budget: N]");
@@ -76,7 +88,7 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
                     HuntVerdict::Escaped => "[ESCAPED]",
                 };
                 CommandResult::message(format!(
-                    "Hunt{verdict_label}: \"{obj}\" — elapsed: {elapsed}{budget_str}"
+                    "Hunt {verdict_label}: \"{obj}\" — elapsed: {elapsed}{budget_str}"
                 ))
             } else {
                 CommandResult::message(
@@ -92,7 +104,7 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
 }
 
 /// Parse text like "Implement login | budget: 50000" into (objective, budget).
-fn parse_goal_budget(text: &str) -> (&str, Option<u32>) {
+fn parse_hunt_budget(text: &str) -> (&str, Option<u32>) {
     if let Some(pipe_pos) = text.find('|') {
         let (objective, rest) = text.split_at(pipe_pos);
         let budget = rest[1..]
@@ -110,3 +122,167 @@ fn parse_goal_budget(text: &str) -> (&str, Option<u32>) {
         (text, None)
     }
 }
+
+/// Write a trophy card to `~/.codewhale/trophies/<date>-<slug>.md` for the
+/// current hunt verdict (#2092). Returns the path written on success.
+fn write_trophy_card(app: &mut App) -> Result<std::path::PathBuf, std::io::Error> {
+    let quarry = app.goal.quarry.as_deref().unwrap_or("untitled");
+    let slug = quarry
+        .chars()
+        .map(|c| {
+            if c.is_alphanumeric() || c == '-' {
+                c
+            } else {
+                '-'
+            }
+        })
+        .collect::<String>()
+        .trim_matches('-')
+        .to_string();
+    let slug = if slug.is_empty() { "untitled" } else { &slug };
+    let now = chrono::Local::now();
+    let date = now.format("%Y-%m-%d");
+    let dir = codewhale_config::resolve_state_dir("trophies")
+        .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
+    std::fs::create_dir_all(&dir)?;
+    let filename = format!("{date}-{slug}.md");
+    let path = dir.join(&filename);
+
+    let elapsed = app
+        .goal
+        .started_at
+        .as_ref()
+        .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
+        .unwrap_or_else(|| "unknown".to_string());
+    let verdict_str = match app.goal.verdict {
+        HuntVerdict::Hunting => "hunting",
+        HuntVerdict::Hunted => "hunted",
+        HuntVerdict::Wounded => "wounded",
+        HuntVerdict::Escaped => "escaped",
+    };
+    let tokens = app.session.total_conversation_tokens;
+    let budget_str = app
+        .goal
+        .token_budget
+        .map(|b| format!("{b}"))
+        .unwrap_or_else(|| "—".to_string());
+
+    let mut f = std::fs::File::create(&path)?;
+    writeln!(f, "# Trophy: {quarry}")?;
+    writeln!(f)?;
+    writeln!(f, "- **Verdict**: {verdict_str}")?;
+    writeln!(f, "- **Date**: {date}")?;
+    writeln!(f, "- **Elapsed**: {elapsed}")?;
+    writeln!(f, "- **Tokens used**: {tokens}")?;
+    writeln!(f, "- **Token budget**: {budget_str}")?;
+    writeln!(f)?;
+    writeln!(f, "_Generated by CodeWhale `/hunt` — {now}_")?;
+    drop(f);
+
+    Ok(path)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn create_test_app() -> App {
+        let options = crate::tui::app::TuiOptions {
+            model: "deepseek-v4-pro".to_string(),
+            workspace: std::path::PathBuf::from("/tmp/test-workspace"),
+            config_path: None,
+            config_profile: None,
+            allow_shell: false,
+            use_alt_screen: true,
+            use_mouse_capture: false,
+            use_bracketed_paste: true,
+            max_subagents: 1,
+            skills_dir: std::path::PathBuf::from("/tmp/test-skills"),
+            memory_path: std::path::PathBuf::from("memory.md"),
+            notes_path: std::path::PathBuf::from("notes.txt"),
+            mcp_config_path: std::path::PathBuf::from("mcp.json"),
+            use_memory: false,
+            start_in_agent_mode: false,
+            skip_onboarding: true,
+            initial_input: None,
+            resume_session_id: None,
+            yolo: false,
+        };
+        let config = crate::config::Config::default();
+        App::new(options, &config)
+    }
+
+    #[test]
+    fn test_set_hunt() {
+        let mut app = create_test_app();
+        let result = hunt(&mut app, Some("Fix the login bug"));
+        assert!(result.message.unwrap().contains("Hunt set"));
+        assert_eq!(app.goal.quarry.as_deref(), Some("Fix the login bug"));
+        assert!(matches!(
+            result.action,
+            Some(AppAction::SendMessage(msg)) if msg == "Fix the login bug"
+        ));
+    }
+
+    #[test]
+    fn test_hunt_without_argument_shows_state() {
+        let mut app = create_test_app();
+        let result = hunt(&mut app, None);
+        assert!(result.action.is_none());
+        assert!(result.message.as_deref().unwrap().contains("No hunt set"));
+    }
+
+    #[test]
+    fn test_set_hunt_with_budget() {
+        let mut app = create_test_app();
+        let _ = hunt(&mut app, Some("Refactor auth | budget: 50000"));
+        assert_eq!(app.goal.quarry.as_deref(), Some("Refactor auth"));
+        assert_eq!(app.goal.token_budget, Some(50_000));
+        assert!(app.goal.started_at.is_some());
+    }
+
+    #[test]
+    fn test_set_hunt_rejects_budget_only_objective() {
+        let mut app = create_test_app();
+        app.goal.quarry = Some("existing objective".to_string());
+        app.goal.token_budget = Some(10_000);
+
+        let result = hunt(&mut app, Some("budget: 50000"));
+        assert!(result.is_error);
+        assert!(
+            result
+                .message
+                .as_deref()
+                .unwrap_or_default()
+                .contains("Usage: /hunt")
+        );
+        assert_eq!(app.goal.quarry.as_deref(), Some("existing objective"));
+        assert_eq!(app.goal.token_budget, Some(10_000));
+    }
+
+    #[test]
+    fn test_clear_hunt() {
+        let mut app = create_test_app();
+        app.goal.quarry = Some("test".to_string());
+        let _ = hunt(&mut app, Some("clear"));
+        assert!(app.goal.quarry.is_none());
+        assert!(app.goal.token_budget.is_none());
+    }
+
+    #[test]
+    fn test_show_hunt_when_none() {
+        let mut app = create_test_app();
+        let result = hunt(&mut app, None);
+        assert!(result.message.unwrap().contains("No hunt set"));
+    }
+
+    #[test]
+    fn test_parse_budget() {
+        assert_eq!(
+            parse_hunt_budget("Do a thing | budget: 50000"),
+            ("Do a thing", Some(50_000))
+        );
+        assert_eq!(parse_hunt_budget("Simple goal"), ("Simple goal", None));
+        assert_eq!(parse_hunt_budget("Goal budget:1000"), ("Goal", Some(1000)));
+    }
+}

From 633c3b8ba8ce54c29daaee16637436f9a3bf43ae Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 16:48:43 +0800
Subject: [PATCH 137/283] fix: restore original parse logic, all 6 hunt tests
 pass (#2092)

---
 crates/tui/src/commands/goal.rs | 40 ++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/crates/tui/src/commands/goal.rs b/crates/tui/src/commands/goal.rs
index b520c879..692b682b 100644
--- a/crates/tui/src/commands/goal.rs
+++ b/crates/tui/src/commands/goal.rs
@@ -45,7 +45,6 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
         }
         Some(text) if !text.is_empty() => {
             let (objective, budget) = parse_hunt_budget(text);
-            let objective = objective.trim().to_string();
             if objective.is_empty() || objective.chars().all(|c| c == '|') {
                 return CommandResult::error("Usage: /hunt <quarry> [budget: N]");
             }
@@ -104,22 +103,21 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
 }
 
 /// Parse text like "Implement login | budget: 50000" into (objective, budget).
-fn parse_hunt_budget(text: &str) -> (&str, Option<u32>) {
-    if let Some(pipe_pos) = text.find('|') {
-        let (objective, rest) = text.split_at(pipe_pos);
-        let budget = rest[1..]
+fn parse_hunt_budget(text: &str) -> (String, Option<u32>) {
+    if let Some((obj, rest)) = text.split_once(" | budget:") {
+        let budget = rest
             .split_whitespace()
-            .filter_map(|part| {
-                if part.eq_ignore_ascii_case("budget:") {
-                    None
-                } else {
-                    part.parse::<u32>().ok()
-                }
-            })
-            .next();
-        (objective, budget)
+            .next()
+            .and_then(|s| s.parse::<u32>().ok());
+        (obj.trim().to_string(), budget)
+    } else if let Some((obj, rest)) = text.split_once("budget:") {
+        let budget = rest
+            .split_whitespace()
+            .next()
+            .and_then(|s| s.parse::<u32>().ok());
+        (obj.trim().to_string(), budget)
     } else {
-        (text, None)
+        (text.trim().to_string(), None)
     }
 }
 
@@ -280,9 +278,15 @@ mod tests {
     fn test_parse_budget() {
         assert_eq!(
             parse_hunt_budget("Do a thing | budget: 50000"),
-            ("Do a thing", Some(50_000))
+            ("Do a thing".to_string(), Some(50_000))
+        );
+        assert_eq!(
+            parse_hunt_budget("Simple goal"),
+            ("Simple goal".to_string(), None)
+        );
+        assert_eq!(
+            parse_hunt_budget("Goal budget:1000"),
+            ("Goal".to_string(), Some(1000))
         );
-        assert_eq!(parse_hunt_budget("Simple goal"), ("Simple goal", None));
-        assert_eq!(parse_hunt_budget("Goal budget:1000"), ("Goal", Some(1000)));
     }
 }

From c91379d92c36d29873bd1a28432cb4956a38044a Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 22:11:47 +0800
Subject: [PATCH 138/283] =?UTF-8?q?fix:=20rename=20App.goal=E2=86=92App.hu?=
 =?UTF-8?q?nt,=20address=20bot=20review=20=E2=80=94=20trophy=20card=20safe?=
 =?UTF-8?q?ty=20+=20slug=20(#2306)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/commands/goal.rs | 149 +++++++++++++++++---------------
 crates/tui/src/commands/mod.rs  |   8 +-
 crates/tui/src/tui/app.rs       |   4 +-
 crates/tui/src/tui/sidebar.rs   |   8 +-
 crates/tui/src/tui/ui.rs        |  12 +--
 5 files changed, 95 insertions(+), 86 deletions(-)

diff --git a/crates/tui/src/commands/goal.rs b/crates/tui/src/commands/goal.rs
index 692b682b..17f3c28a 100644
--- a/crates/tui/src/commands/goal.rs
+++ b/crates/tui/src/commands/goal.rs
@@ -10,37 +10,33 @@ use super::CommandResult;
 pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
     match arg {
         Some("clear") | Some("reset") => {
-            app.goal.quarry = None;
-            app.goal.token_budget = None;
-            app.goal.started_at = None;
-            app.goal.verdict = HuntVerdict::default();
+            app.hunt.quarry = None;
+            app.hunt.token_budget = None;
+            app.hunt.started_at = None;
+            app.hunt.verdict = HuntVerdict::default();
             CommandResult::message("Hunt cleared.")
         }
         Some("done") | Some("complete") | Some("hunted") => {
-            let prev = app.goal.verdict;
-            app.goal.verdict = HuntVerdict::Hunted;
+            let prev = app.hunt.verdict;
+            app.hunt.verdict = HuntVerdict::Hunted;
             let elapsed = app
-                .goal
+                .hunt
                 .started_at
                 .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
                 .unwrap_or_else(|| "unknown".to_string());
             if prev != HuntVerdict::Hunted {
-                if let Err(e) = write_trophy_card(app) {
-                    return CommandResult::error(format!(
-                        "Hunt complete but trophy write failed: {e}"
-                    ));
-                }
+                write_trophy_card(app);
             }
             CommandResult::message(format!("Hunt complete! Elapsed: {elapsed}"))
         }
         Some("wound") | Some("wounded") => {
-            app.goal.verdict = HuntVerdict::Wounded;
-            let _ = write_trophy_card(app);
+            app.hunt.verdict = HuntVerdict::Wounded;
+            write_trophy_card(app);
             CommandResult::message("Hunt wounded — progress saved, can be resumed.")
         }
         Some("escape") | Some("escaped") => {
-            app.goal.verdict = HuntVerdict::Escaped;
-            let _ = write_trophy_card(app);
+            app.hunt.verdict = HuntVerdict::Escaped;
+            write_trophy_card(app);
             CommandResult::message("Hunt escaped — quarry abandoned.")
         }
         Some(text) if !text.is_empty() => {
@@ -48,10 +44,10 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
             if objective.is_empty() || objective.chars().all(|c| c == '|') {
                 return CommandResult::error("Usage: /hunt <quarry> [budget: N]");
             }
-            app.goal.quarry = Some(objective.clone());
-            app.goal.token_budget = budget;
-            app.goal.started_at = Some(std::time::Instant::now());
-            app.goal.verdict = HuntVerdict::Hunting;
+            app.hunt.quarry = Some(objective.clone());
+            app.hunt.token_budget = budget;
+            app.hunt.started_at = Some(std::time::Instant::now());
+            app.hunt.verdict = HuntVerdict::Hunting;
             let budget_str = budget
                 .map(|b| format!(" (budget: {b} tokens)"))
                 .unwrap_or_default();
@@ -61,14 +57,14 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
             )
         }
         _ => {
-            if let Some(ref obj) = app.goal.quarry {
+            if let Some(ref obj) = app.hunt.quarry {
                 let elapsed = app
-                    .goal
+                    .hunt
                     .started_at
                     .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
                     .unwrap_or_else(|| "unknown".to_string());
                 let budget_str = app
-                    .goal
+                    .hunt
                     .token_budget
                     .map(|b| {
                         let used = app.session.total_conversation_tokens;
@@ -80,7 +76,7 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
                         format!(" | tokens: {used}/{b} ({pct:.0}%)")
                     })
                     .unwrap_or_default();
-                let verdict_label = match app.goal.verdict {
+                let verdict_label = match app.hunt.verdict {
                     HuntVerdict::Hunting => "[HUNTING]",
                     HuntVerdict::Hunted => "[HUNTED]",
                     HuntVerdict::Wounded => "[WOUNDED]",
@@ -121,38 +117,48 @@ fn parse_hunt_budget(text: &str) -> (String, Option<u32>) {
     }
 }
 
-/// Write a trophy card to `~/.codewhale/trophies/<date>-<slug>.md` for the
-/// current hunt verdict (#2092). Returns the path written on success.
-fn write_trophy_card(app: &mut App) -> Result<std::path::PathBuf, std::io::Error> {
-    let quarry = app.goal.quarry.as_deref().unwrap_or("untitled");
-    let slug = quarry
-        .chars()
-        .map(|c| {
-            if c.is_alphanumeric() || c == '-' {
-                c
-            } else {
-                '-'
-            }
-        })
-        .collect::<String>()
-        .trim_matches('-')
-        .to_string();
-    let slug = if slug.is_empty() { "untitled" } else { &slug };
+/// Write a trophy card to `~/.codewhale/trophies/<date>-<time>-<slug>.md`
+/// for the current hunt verdict (#2092). Returns `None` when no quarry is
+/// set (nothing to write).
+fn write_trophy_card(app: &App) -> Option<std::path::PathBuf> {
+    let quarry = app.hunt.quarry.as_deref()?;
+    // Collapse consecutive non-alphanumeric chars into a single '-'
+    let mut slug = String::new();
+    let mut last_dash = false;
+    for c in quarry.chars() {
+        if c.is_alphanumeric() {
+            slug.push(c.to_ascii_lowercase());
+            last_dash = false;
+        } else if !last_dash {
+            slug.push('-');
+            last_dash = true;
+        }
+    }
+    let slug = slug.trim_matches('-');
+    if slug.is_empty() {
+        return None;
+    }
     let now = chrono::Local::now();
+    let time = now.format("%H%M%S");
     let date = now.format("%Y-%m-%d");
-    let dir = codewhale_config::resolve_state_dir("trophies")
-        .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
-    std::fs::create_dir_all(&dir)?;
-    let filename = format!("{date}-{slug}.md");
+    let dir = match codewhale_config::resolve_state_dir("trophies") {
+        Ok(d) => d,
+        Err(_) => return None,
+    };
+    if let Err(_e) = std::fs::create_dir_all(&dir) {
+        return None;
+    }
+    // Include time in filename to avoid collisions on same-date hunts.
+    let filename = format!("{date}-{time}-{slug}.md");
     let path = dir.join(&filename);
 
     let elapsed = app
-        .goal
+        .hunt
         .started_at
         .as_ref()
         .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
         .unwrap_or_else(|| "unknown".to_string());
-    let verdict_str = match app.goal.verdict {
+    let verdict_str = match app.hunt.verdict {
         HuntVerdict::Hunting => "hunting",
         HuntVerdict::Hunted => "hunted",
         HuntVerdict::Wounded => "wounded",
@@ -160,24 +166,27 @@ fn write_trophy_card(app: &mut App) -> Result<std::path::PathBuf, std::io::Error
     };
     let tokens = app.session.total_conversation_tokens;
     let budget_str = app
-        .goal
+        .hunt
         .token_budget
         .map(|b| format!("{b}"))
         .unwrap_or_else(|| "—".to_string());
 
-    let mut f = std::fs::File::create(&path)?;
-    writeln!(f, "# Trophy: {quarry}")?;
-    writeln!(f)?;
-    writeln!(f, "- **Verdict**: {verdict_str}")?;
-    writeln!(f, "- **Date**: {date}")?;
-    writeln!(f, "- **Elapsed**: {elapsed}")?;
-    writeln!(f, "- **Tokens used**: {tokens}")?;
-    writeln!(f, "- **Token budget**: {budget_str}")?;
-    writeln!(f)?;
-    writeln!(f, "_Generated by CodeWhale `/hunt` — {now}_")?;
+    let mut f = match std::fs::File::create(&path) {
+        Ok(f) => f,
+        Err(_) => return None,
+    };
+    let _ = writeln!(f, "# Trophy: {quarry}");
+    let _ = writeln!(f);
+    let _ = writeln!(f, "- **Verdict**: {verdict_str}");
+    let _ = writeln!(f, "- **Date**: {date}");
+    let _ = writeln!(f, "- **Elapsed**: {elapsed}");
+    let _ = writeln!(f, "- **Tokens used**: {tokens}");
+    let _ = writeln!(f, "- **Token budget**: {budget_str}");
+    let _ = writeln!(f);
+    let _ = writeln!(f, "_Generated by CodeWhale `/hunt` — {now}_");
     drop(f);
 
-    Ok(path)
+    Some(path)
 }
 
 #[cfg(test)]
@@ -215,7 +224,7 @@ mod tests {
         let mut app = create_test_app();
         let result = hunt(&mut app, Some("Fix the login bug"));
         assert!(result.message.unwrap().contains("Hunt set"));
-        assert_eq!(app.goal.quarry.as_deref(), Some("Fix the login bug"));
+        assert_eq!(app.hunt.quarry.as_deref(), Some("Fix the login bug"));
         assert!(matches!(
             result.action,
             Some(AppAction::SendMessage(msg)) if msg == "Fix the login bug"
@@ -234,16 +243,16 @@ mod tests {
     fn test_set_hunt_with_budget() {
         let mut app = create_test_app();
         let _ = hunt(&mut app, Some("Refactor auth | budget: 50000"));
-        assert_eq!(app.goal.quarry.as_deref(), Some("Refactor auth"));
-        assert_eq!(app.goal.token_budget, Some(50_000));
-        assert!(app.goal.started_at.is_some());
+        assert_eq!(app.hunt.quarry.as_deref(), Some("Refactor auth"));
+        assert_eq!(app.hunt.token_budget, Some(50_000));
+        assert!(app.hunt.started_at.is_some());
     }
 
     #[test]
     fn test_set_hunt_rejects_budget_only_objective() {
         let mut app = create_test_app();
-        app.goal.quarry = Some("existing objective".to_string());
-        app.goal.token_budget = Some(10_000);
+        app.hunt.quarry = Some("existing objective".to_string());
+        app.hunt.token_budget = Some(10_000);
 
         let result = hunt(&mut app, Some("budget: 50000"));
         assert!(result.is_error);
@@ -254,17 +263,17 @@ mod tests {
                 .unwrap_or_default()
                 .contains("Usage: /hunt")
         );
-        assert_eq!(app.goal.quarry.as_deref(), Some("existing objective"));
-        assert_eq!(app.goal.token_budget, Some(10_000));
+        assert_eq!(app.hunt.quarry.as_deref(), Some("existing objective"));
+        assert_eq!(app.hunt.token_budget, Some(10_000));
     }
 
     #[test]
     fn test_clear_hunt() {
         let mut app = create_test_app();
-        app.goal.quarry = Some("test".to_string());
+        app.hunt.quarry = Some("test".to_string());
         let _ = hunt(&mut app, Some("clear"));
-        assert!(app.goal.quarry.is_none());
-        assert!(app.goal.token_budget.is_none());
+        assert!(app.hunt.quarry.is_none());
+        assert!(app.hunt.token_budget.is_none());
     }
 
     #[test]
diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index 09aaffb7..74487414 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -826,10 +826,10 @@ fn build_relay_instruction(app: &App, focus: Option<&str>) -> String {
     if let Some(focus) = focus {
         let _ = writeln!(out, "- Requested relay focus: {focus}");
     }
-    if let Some(goal) = app.goal.quarry.as_deref() {
+    if let Some(goal) = app.hunt.quarry.as_deref() {
         let _ = writeln!(out, "- Goal: {goal}");
     }
-    if let Some(budget) = app.goal.token_budget {
+    if let Some(budget) = app.hunt.token_budget {
         let _ = writeln!(out, "- Goal token budget: {budget}");
     }
     if app.cycle_count > 0 {
@@ -1164,8 +1164,8 @@ mod tests {
     #[test]
     fn relay_slash_command_routes_to_session_relay_instruction() {
         let mut app = create_test_app();
-        app.goal.quarry = Some("Unify the work surface".to_string());
-        app.goal.token_budget = Some(12_000);
+        app.hunt.quarry = Some("Unify the work surface".to_string());
+        app.hunt.token_budget = Some(12_000);
         app.cycle_count = 2;
         {
             let mut todos = app.todos.try_lock().expect("todo lock");
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 071bfc26..1d8f3292 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1107,7 +1107,7 @@ pub struct App {
     /// Viewport sub-state (scroll, cache, selection).
     pub viewport: ViewportState,
     /// Goal sub-state.
-    pub goal: HuntState,
+    pub hunt: HuntState,
     /// Session sub-state (cost, tokens, telemetry).
     pub session: SessionState,
     pub history: Vec<HistoryCell>,
@@ -1848,7 +1848,7 @@ impl App {
                 selection_anchor: None,
             },
             viewport: ViewportState::default(),
-            goal: HuntState::default(),
+            hunt: HuntState::default(),
             session: SessionState::default(),
             history: Vec::new(),
             history_version: 0,
diff --git a/crates/tui/src/tui/sidebar.rs b/crates/tui/src/tui/sidebar.rs
index 85431e88..dd60ebbb 100644
--- a/crates/tui/src/tui/sidebar.rs
+++ b/crates/tui/src/tui/sidebar.rs
@@ -230,10 +230,10 @@ impl SidebarWorkSummary {
 
 fn sidebar_work_summary(app: &App) -> SidebarWorkSummary {
     let mut summary = SidebarWorkSummary {
-        goal_objective: app.goal.quarry.clone(),
-        goal_token_budget: app.goal.token_budget,
-        goal_completed: app.goal.verdict == HuntVerdict::Hunted,
-        goal_started_at: app.goal.started_at,
+        goal_objective: app.hunt.quarry.clone(),
+        goal_token_budget: app.hunt.token_budget,
+        goal_completed: app.hunt.verdict == HuntVerdict::Hunted,
+        goal_started_at: app.hunt.started_at,
         tokens_used: app.session.total_conversation_tokens,
         cycle_count: app.cycle_count,
         ..SidebarWorkSummary::default()
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 4d0a4749..b800aec7 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -703,9 +703,9 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         todos: app.todos.clone(),
         plan_state: app.plan_state.clone(),
         goal_state: crate::tools::goal::new_shared_goal_state_from_host(
-            app.goal.quarry.clone(),
-            app.goal.token_budget,
-            app.goal.verdict == HuntVerdict::Hunted,
+            app.hunt.quarry.clone(),
+            app.hunt.token_budget,
+            app.hunt.verdict == HuntVerdict::Hunted,
         ),
         max_spawn_depth: crate::tools::subagent::DEFAULT_MAX_SPAWN_DEPTH,
         network_policy: config.network.clone().map(|toml_cfg| {
@@ -728,7 +728,7 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         memory_path: config.memory_path(),
         vision_config: config.vision_model_config(),
         strict_tool_mode: config.strict_tool_mode.unwrap_or(false),
-        goal_objective: app.goal.quarry.clone(),
+        goal_objective: app.hunt.quarry.clone(),
         locale_tag: app.ui_locale.tag().to_string(),
         workshop: config.workshop.clone(),
         search_provider: config.search_provider(),
@@ -4193,7 +4193,7 @@ async fn dispatch_user_message(
             None,
             prompts::PromptSessionContext {
                 user_memory_block: None,
-                goal_objective: app.goal.quarry.as_deref(),
+                goal_objective: app.hunt.quarry.as_deref(),
                 project_context_pack_enabled: config.project_context_pack_enabled(),
                 locale_tag: app.ui_locale.tag(),
                 translation_enabled: app.translation_enabled,
@@ -4286,7 +4286,7 @@ async fn dispatch_user_message(
             content,
             mode: app.mode,
             model: effective_model,
-            goal_objective: app.goal.quarry.clone(),
+            goal_objective: app.hunt.quarry.clone(),
             reasoning_effort: effective_reasoning_effort,
             reasoning_effort_auto: auto_controls_reasoning,
             auto_model: app.auto_model,

From 16c483201e0d802ff7b4cf6cb67c7354580fb3e5 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 22:20:59 +0800
Subject: [PATCH 139/283] fix: remove unused HuntVerdict import in sidebar test
 (#2306)

---
 crates/tui/src/tui/sidebar.rs | 2 --
 1 file changed, 2 deletions(-)

diff --git a/crates/tui/src/tui/sidebar.rs b/crates/tui/src/tui/sidebar.rs
index dd60ebbb..b0b4b666 100644
--- a/crates/tui/src/tui/sidebar.rs
+++ b/crates/tui/src/tui/sidebar.rs
@@ -1902,8 +1902,6 @@ mod tests {
     use std::path::PathBuf;
     use std::time::{Duration, Instant};
 
-    use crate::tui::app::HuntVerdict;
-
     fn create_test_app() -> App {
         let options = TuiOptions {
             model: "deepseek-v4-pro".to_string(),

From bfb0ccc9b4d25b220a6d63aafe6ef0de8eec184c Mon Sep 17 00:00:00 2001
From: jayzhu <jay.l.zhu@foxmail.com>
Date: Thu, 28 May 2026 23:09:03 +0800
Subject: [PATCH 140/283] fix: carry tool input in ApprovalRequired event so
 approval dialog always shows params

The ApprovalRequest params_display() relied on pending_tool_uses,
which gets drained by MessageComplete before ApprovalRequired arrives
in the TUI event loop. When the model streaming response contained a
text block, ContentBlockStop(Text) set pending_message_complete=true,
triggering the drain and leaving the approval dialog with empty {}.

Fix: add input: Value to Event::ApprovalRequired and populate it
from tool_input in the engine tool execution loop. The TUI now reads
params directly from the event instead of searching pending_tool_uses.
---
 crates/tui/src/core/engine/turn_loop.rs | 1 +
 crates/tui/src/core/events.rs           | 3 +++
 crates/tui/src/runtime_threads.rs       | 4 ++++
 crates/tui/src/tui/ui.rs                | 8 ++------
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index f9df1795..9dc2a873 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -1696,6 +1696,7 @@ impl Engine {
                                 .send(Event::ApprovalRequired {
                                     id: tool_id.clone(),
                                     tool_name: tool_name.clone(),
+                                    input: tool_input.clone(),
                                     description: plan.approval_description.clone(),
                                     approval_key,
                                     approval_grouping_key,
diff --git a/crates/tui/src/core/events.rs b/crates/tui/src/core/events.rs
index b02ba2f9..f598b722 100644
--- a/crates/tui/src/core/events.rs
+++ b/crates/tui/src/core/events.rs
@@ -226,6 +226,9 @@ pub enum Event {
         id: String,
         tool_name: String,
         description: String,
+        /// Tool parameters for approval display. Carried on the event so the
+        /// TUI does not need to reconstruct them from `pending_tool_uses`.
+        input: Value,
         /// Exact-argument fingerprint, used to scope *denials* (#1617).
         approval_key: String,
         /// Lossy / arity-aware fingerprint, used to scope *approvals* so an
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 25196f04..6dc9c1c1 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -4172,6 +4172,7 @@ mod tests {
                 id: "tool_stale".to_string(),
                 tool_name: "exec_command".to_string(),
                 description: "stale approval".to_string(),
+                input: serde_json::json!({}),
             })
             .await?;
 
@@ -4245,6 +4246,7 @@ mod tests {
                 id: "tool_external_allow".to_string(),
                 tool_name: "exec_command".to_string(),
                 description: "external allow".to_string(),
+                input: serde_json::json!({}),
             })
             .await?;
 
@@ -4322,6 +4324,7 @@ mod tests {
                 id: "tool_external_deny".to_string(),
                 tool_name: "exec_command".to_string(),
                 description: "external deny".to_string(),
+                input: serde_json::json!({}),
             })
             .await?;
 
@@ -4508,6 +4511,7 @@ mod tests {
                 id: "tool_remember".to_string(),
                 tool_name: "exec_command".to_string(),
                 description: "remember=true".to_string(),
+                input: serde_json::json!({}),
             })
             .await?;
 
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index fb89de61..64e35f66 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1893,6 +1893,7 @@ async fn run_event_loop(
                         id,
                         tool_name,
                         description,
+                        input,
                         approval_key,
                         approval_grouping_key,
                     } => {
@@ -1937,12 +1938,7 @@ async fn run_event_loop(
                             app.status_message =
                                 Some(format!("Blocked tool '{tool_name}' (approval_mode=never)"));
                         } else {
-                            let tool_input = app
-                                .pending_tool_uses
-                                .iter()
-                                .find(|(tool_id, _, _)| tool_id == &id)
-                                .map(|(_, _, input)| input.clone())
-                                .unwrap_or_else(|| serde_json::json!({}));
+                            let tool_input = input;
 
                             if tool_name == "apply_patch" {
                                 maybe_add_patch_preview(app, &tool_input);

From 5ddac40909fcf146b8b1e2e3589274fc0d8c21bf Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Fri, 29 May 2026 10:00:11 +0800
Subject: [PATCH 141/283] feat: whale-size route taxonomy for model +
 thinking-effort picker (#2026)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a central whale-route taxonomy that maps each (model,
reasoning_effort) pair to a friendly whale-species label sorted from
largest/deepest to smallest/fastest:

  Blue Whale   — Pro + max thinking
  Fin Whale    — Pro + high thinking
  Sperm Whale  — Pro + no thinking
  Humpback     — Flash + max thinking
  Minke Whale  — Flash + high thinking
  Porpoise     — Flash + no thinking

For DeepSeek providers the /model picker now shows a single-column
whale-route list instead of the two-column Model|Thinking layout.
Each route sets both model and effort at once. Pass-through providers
retain the classic layout.

New whale_routes module:
- WhaleRoute struct with label, model, effort, sort_order, hint, description
- WHALE_ROUTES const array (6 routes)
- for_model_effort() and by_sort_order() lookups
- 8 unit tests

Model picker changes:
- show_whale_routes flag activates on DeepSeek providers
- Selected route maps to model + effort simultaneously
- Fallback row for "auto" and custom models
- Updated test suite for whale-route behavior (7 new/updated tests)

Refs: #1676, #2026
---
 crates/tui/src/tui/mod.rs          |   1 +
 crates/tui/src/tui/model_picker.rs | 297 ++++++++++++++++++++++++-----
 crates/tui/src/tui/whale_routes.rs | 186 ++++++++++++++++++
 3 files changed, 436 insertions(+), 48 deletions(-)
 create mode 100644 crates/tui/src/tui/whale_routes.rs

diff --git a/crates/tui/src/tui/mod.rs b/crates/tui/src/tui/mod.rs
index bfb2e477..ba614e5b 100644
--- a/crates/tui/src/tui/mod.rs
+++ b/crates/tui/src/tui/mod.rs
@@ -71,6 +71,7 @@ mod ui_text;
 pub mod user_input;
 pub mod views;
 pub mod vim_mode;
+pub mod whale_routes;
 pub mod widgets;
 pub mod workspace_context;
 
diff --git a/crates/tui/src/tui/model_picker.rs b/crates/tui/src/tui/model_picker.rs
index 8220dc6f..b39a98cc 100644
--- a/crates/tui/src/tui/model_picker.rs
+++ b/crates/tui/src/tui/model_picker.rs
@@ -1,22 +1,16 @@
-//! `/model` picker modal: pick a DeepSeek model and a thinking-effort tier
-//! and apply both at once (#39).
+//! `/model` picker modal: pick a model and thinking-effort tier (#39, #2026).
 //!
-//! Two side-by-side panes — Models on the left, Thinking effort on the
-//! right. Tab swaps focus, ↑/↓ moves within the focused pane, Enter applies
-//! both and closes the modal. Esc applies the last-highlighted choice and
-//! closes.
+//! For DeepSeek providers the picker shows whale-sized routes — model + effort
+//! combinations sorted largest → fastest with friendly whale-species labels
+//! (Blue Whale, Fin Whale, …, Porpoise).  A single ↑/↓ selection sets both
+//! model and effort at once.  The "auto" option is always available; custom
+//! (unrecognised) model ids appear as a separate row.
 //!
-//! The effort pane intentionally only exposes `Off / High / Max`. Per
-//! DeepSeek's [Thinking Mode docs](https://api-docs.deepseek.com/guides/reasoning_model),
-//! `low`/`medium` are silently mapped to `high` server-side and `xhigh` is
-//! mapped to `max`, so surfacing them as separate choices would be misleading.
-//! The legacy variants remain valid in `~/.deepseek/settings.toml` for
-//! back-compat — the picker just doesn't offer them.
+//! For pass-through providers the picker falls back to the classic two-column
+//! layout (Models | Thinking), with no whale labelling.
 //!
 //! On apply we emit a [`ViewEvent::ModelPickerApplied`] with the resolved
-//! model id and effort tier; the UI handler updates `App` state, persists
-//! the choice via `Settings`, and forwards `Op::SetModel` so the running
-//! engine picks up the change without a restart.
+//! model id and effort tier.
 
 use crossterm::event::{KeyCode, KeyEvent};
 use ratatui::{
@@ -30,6 +24,7 @@ use ratatui::{
 use crate::palette;
 use crate::tui::app::{App, ReasoningEffort};
 use crate::tui::views::{ModalKind, ModalView, ViewAction, ViewEvent};
+use crate::tui::whale_routes::{WHALE_ROUTES, WhaleRoute};
 
 /// Models the picker exposes by default. Kept short on purpose — power
 /// users can still type `/model <id>` for anything else.
@@ -69,12 +64,17 @@ pub struct ModelPickerView {
     /// When true, hide DeepSeek-specific model rows (pass-through providers
     /// like openai don't support them).
     hide_deepseek_models: bool,
+    /// When true, show whale-sized routes instead of two-column model/effort.
+    show_whale_routes: bool,
+    /// Selected whale-route index (when show_whale_routes is true).
+    selected_route_idx: usize,
 }
 
 impl ModelPickerView {
     #[must_use]
     pub fn new(app: &App) -> Self {
         let hide_deepseek_models = crate::config::provider_passes_model_through(app.api_provider);
+        let show_whale_routes = !hide_deepseek_models;
         let initial_model = if app.auto_model {
             "auto".to_string()
         } else {
@@ -104,6 +104,15 @@ impl ModelPickerView {
             .position(|e| *e == normalized)
             .unwrap_or(2); // default to High if somehow unknown
 
+        // When showing whale routes, find the matching route index.
+        let selected_route_idx = if show_whale_routes {
+            WhaleRoute::for_model_effort(&initial_model, normalized)
+                .map(|r| r.sort_order)
+                .unwrap_or(WHALE_ROUTES.len()) // "auto" or custom falls after routes
+        } else {
+            0
+        };
+
         Self {
             initial_model,
             initial_effort,
@@ -113,6 +122,8 @@ impl ModelPickerView {
             selection_touched: false,
             show_custom_model_row,
             hide_deepseek_models,
+            show_whale_routes,
+            selected_route_idx,
         }
     }
 
@@ -128,10 +139,11 @@ impl ModelPickerView {
         self.visible_model_ids().len() + if self.show_custom_model_row { 1 } else { 0 }
     }
 
-    /// Resolve the currently highlighted model row to a model id. If the
-    /// custom row is selected we return the original model from the App so
-    /// "Apply" doesn't blow away an unrecognised id.
+    /// Resolve the currently highlighted row to a model id.
     fn resolved_model(&self) -> String {
+        if self.show_whale_routes {
+            return self.resolved_whale_model();
+        }
         let visible = self.visible_model_ids();
         if self.show_custom_model_row && self.selected_model_idx == visible.len() {
             self.initial_model.clone()
@@ -143,13 +155,55 @@ impl ModelPickerView {
     }
 
     fn resolved_effort(&self) -> ReasoningEffort {
+        if self.show_whale_routes {
+            return self.resolved_whale_effort();
+        }
         if self.resolved_model().trim().eq_ignore_ascii_case("auto") {
             return ReasoningEffort::Auto;
         }
         PICKER_EFFORTS[self.selected_effort_idx]
     }
 
+    /// Resolve model from the whale-route list.
+    fn resolved_whale_model(&self) -> String {
+        if self.selected_route_idx < WHALE_ROUTES.len() {
+            WHALE_ROUTES[self.selected_route_idx].model.to_string()
+        } else {
+            // Past the last whale route: "auto" or custom.
+            self.initial_model.clone()
+        }
+    }
+
+    /// Resolve effort from the whale-route list.
+    fn resolved_whale_effort(&self) -> ReasoningEffort {
+        if self.selected_route_idx < WHALE_ROUTES.len() {
+            WHALE_ROUTES[self.selected_route_idx].effort
+        } else if self
+            .resolved_whale_model()
+            .trim()
+            .eq_ignore_ascii_case("auto")
+        {
+            ReasoningEffort::Auto
+        } else {
+            // Custom model — keep the initial effort.
+            self.initial_effort
+        }
+    }
+
+    /// Number of rows in the whale-route list: routes + (auto or custom).
+    fn whale_route_row_count(&self) -> usize {
+        // All whale routes + 1 for the fallback row (auto or custom).
+        WHALE_ROUTES.len() + 1
+    }
+
     fn move_up(&mut self) -> bool {
+        if self.show_whale_routes {
+            if self.selected_route_idx > 0 {
+                self.selected_route_idx -= 1;
+                return true;
+            }
+            return false;
+        }
         match self.focus {
             Pane::Model => {
                 if self.selected_model_idx > 0 {
@@ -168,6 +222,14 @@ impl ModelPickerView {
     }
 
     fn move_down(&mut self) -> bool {
+        if self.show_whale_routes {
+            let max = self.whale_route_row_count().saturating_sub(1);
+            if self.selected_route_idx < max {
+                self.selected_route_idx += 1;
+                return true;
+            }
+            return false;
+        }
         match self.focus {
             Pane::Model => {
                 let max = self.model_row_count().saturating_sub(1);
@@ -285,7 +347,9 @@ impl ModalView for ModelPickerView {
                 ViewAction::None
             }
             KeyCode::Tab | KeyCode::Right | KeyCode::Left | KeyCode::BackTab => {
-                self.toggle_focus();
+                if !self.show_whale_routes {
+                    self.toggle_focus();
+                }
                 ViewAction::None
             }
             _ => ViewAction::None,
@@ -293,6 +357,87 @@ impl ModalView for ModelPickerView {
     }
 
     fn render(&self, area: Rect, buf: &mut Buffer) {
+        if self.show_whale_routes {
+            self.render_whale_routes(area, buf);
+        } else {
+            self.render_classic(area, buf);
+        }
+    }
+
+    /// Single-column whale-route list for DeepSeek providers.
+    fn render_whale_routes(&self, area: Rect, buf: &mut Buffer) {
+        let popup_width = 62.min(area.width.saturating_sub(4)).max(44);
+        let row_count = self.whale_route_row_count();
+        let popup_height = (row_count + 4).min(area.height.saturating_sub(4)).max(8) as u16;
+        let popup_area = Rect {
+            x: area.x + (area.width.saturating_sub(popup_width)) / 2,
+            y: area.y + (area.height.saturating_sub(popup_height)) / 2,
+            width: popup_width,
+            height: popup_height,
+        };
+
+        Clear.render(popup_area, buf);
+
+        let outer = Block::default()
+            .title(Line::from(Span::styled(
+                " Whale Routes ",
+                Style::default()
+                    .fg(palette::DEEPSEEK_SKY)
+                    .add_modifier(Modifier::BOLD),
+            )))
+            .title_bottom(Line::from(vec![
+                Span::styled(" ↑↓ ", Style::default().fg(palette::TEXT_MUTED)),
+                Span::raw("choose "),
+                Span::styled(" Enter ", Style::default().fg(palette::TEXT_MUTED)),
+                Span::raw("apply "),
+                Span::styled(" Esc ", Style::default().fg(palette::TEXT_MUTED)),
+                Span::raw("apply "),
+            ]))
+            .borders(Borders::ALL)
+            .border_style(Style::default().fg(palette::BORDER_COLOR))
+            .style(Style::default());
+        let inner = outer.inner(popup_area);
+        outer.render(popup_area, buf);
+
+        let mut rows: Vec<(String, String)> = WHALE_ROUTES
+            .iter()
+            .map(|r| {
+                (
+                    format!("{}  —  {}", r.label, r.hint),
+                    r.description.to_string(),
+                )
+            })
+            .collect();
+
+        // Fallback row: "auto" if not set, otherwise the current custom model.
+        let fallback_label = if self.initial_model == "auto" {
+            "auto  —  select per turn".to_string()
+        } else if self.show_custom_model_row {
+            format!("{}  —  custom", self.initial_model)
+        } else {
+            "auto  —  select per turn".to_string()
+        };
+        let fallback_hint = if self.initial_model == "auto" {
+            "Let CodeWhale pick the best model each turn".to_string()
+        } else if self.show_custom_model_row {
+            "Current model (not a standard route)".to_string()
+        } else {
+            "Let CodeWhale pick the best model each turn".to_string()
+        };
+        rows.push((fallback_label, fallback_hint));
+
+        self.render_pane(
+            inner,
+            buf,
+            "Model & thinking",
+            rows,
+            self.selected_route_idx,
+            true,
+        );
+    }
+
+    /// Classic two-column layout for pass-through providers.
+    fn render_classic(&self, area: Rect, buf: &mut Buffer) {
         let popup_width = 64.min(area.width.saturating_sub(4)).max(40);
         let popup_height = 14.min(area.height.saturating_sub(4)).max(10);
         let popup_area = Rect {
@@ -505,53 +650,46 @@ mod tests {
     }
 
     #[test]
-    fn arrow_keys_move_within_focused_pane() {
+    fn arrow_keys_move_within_whale_routes() {
         let (app, _lock) = create_test_app();
         let mut view = ModelPickerView::new(&app);
-        // Default focus is Model; move down then up.
-        let initial = view.selected_model_idx;
+        assert!(view.show_whale_routes);
+        let initial = view.selected_route_idx;
         view.handle_key(KeyEvent::new(
             KeyCode::Down,
             crossterm::event::KeyModifiers::NONE,
         ));
-        assert_eq!(view.selected_model_idx, initial + 1);
+        assert_eq!(view.selected_route_idx, initial + 1);
         view.handle_key(KeyEvent::new(
             KeyCode::Up,
             crossterm::event::KeyModifiers::NONE,
         ));
-        assert_eq!(view.selected_model_idx, initial);
+        assert_eq!(view.selected_route_idx, initial);
     }
 
     #[test]
-    fn tab_switches_focus_and_arrow_now_moves_effort() {
-        let (mut app, _lock) = create_test_app();
-        // Default is Max; pin to Off so the Down arrow has
-        // somewhere to go.
-        app.reasoning_effort = ReasoningEffort::Off;
+    fn tab_is_noop_in_whale_route_mode() {
+        let (app, _lock) = create_test_app();
         let mut view = ModelPickerView::new(&app);
-        let initial_effort_idx = view.selected_effort_idx;
+        assert!(view.show_whale_routes);
+        let before = view.selected_route_idx;
         view.handle_key(KeyEvent::new(
             KeyCode::Tab,
             crossterm::event::KeyModifiers::NONE,
         ));
-        assert_eq!(view.focus, Pane::Effort);
-        view.handle_key(KeyEvent::new(
-            KeyCode::Down,
-            crossterm::event::KeyModifiers::NONE,
-        ));
-        assert!(view.selected_effort_idx > initial_effort_idx);
+        assert_eq!(view.selected_route_idx, before);
     }
 
     #[test]
-    fn enter_emits_apply_event_with_selection() {
+    fn enter_with_whale_routes_emits_apply_event() {
         let (mut app, _lock) = create_test_app();
         app.reasoning_effort = ReasoningEffort::High;
+        app.model = "deepseek-v4-pro".to_string();
         app.auto_model = false;
         let mut view = ModelPickerView::new(&app);
-        view.handle_key(KeyEvent::new(
-            KeyCode::Tab,
-            crossterm::event::KeyModifiers::NONE,
-        ));
+        // Initial route: Fin Whale (Pro + High, sort_order=1)
+        assert_eq!(view.selected_route_idx, 1);
+        // Move down to Sperm Whale (Pro + Off, sort_order=2)
         view.handle_key(KeyEvent::new(
             KeyCode::Down,
             crossterm::event::KeyModifiers::NONE,
@@ -568,13 +706,71 @@ mod tests {
                 ..
             }) => {
                 assert_eq!(model, "deepseek-v4-pro");
-                assert_eq!(effort, ReasoningEffort::Max);
+                assert_eq!(effort, ReasoningEffort::Off);
                 assert_eq!(previous_effort, ReasoningEffort::High);
             }
             other => panic!("expected ModelPickerApplied EmitAndClose, got {other:?}"),
         }
     }
 
+    #[test]
+    fn whale_routes_initial_selection_matches_app_state() {
+        let (mut app, _lock) = create_test_app();
+        app.model = "deepseek-v4-flash".to_string();
+        app.auto_model = false;
+        app.reasoning_effort = ReasoningEffort::Max;
+        let view = ModelPickerView::new(&app);
+        // Humpback = Flash + Max, sort_order = 3
+        assert_eq!(view.selected_route_idx, 3);
+        assert_eq!(view.resolved_model(), "deepseek-v4-flash");
+        assert_eq!(view.resolved_effort(), ReasoningEffort::Max);
+    }
+
+    #[test]
+    fn whale_routes_auto_effort_maps_to_fallback_row() {
+        let (mut app, _lock) = create_test_app();
+        app.model = "auto".to_string();
+        app.auto_model = true;
+        app.reasoning_effort = ReasoningEffort::Auto;
+        let view = ModelPickerView::new(&app);
+        // "auto" doesn't match any whale route, falls to fallback row
+        assert_eq!(view.selected_route_idx, WHALE_ROUTES.len());
+        assert_eq!(view.resolved_model(), "auto");
+        assert_eq!(view.resolved_effort(), ReasoningEffort::Auto);
+    }
+
+    #[test]
+    fn whale_routes_custom_model_falls_back() {
+        let (mut app, _lock) = create_test_app();
+        app.model = "deepseek-v4-pro-2026-04-XX".to_string();
+        app.auto_model = false;
+        app.reasoning_effort = ReasoningEffort::High;
+        let view = ModelPickerView::new(&app);
+        // Custom model → fallback row
+        assert_eq!(view.selected_route_idx, WHALE_ROUTES.len());
+        assert_eq!(view.resolved_model(), "deepseek-v4-pro-2026-04-XX");
+        assert_eq!(view.resolved_effort(), ReasoningEffort::High);
+    }
+
+    #[test]
+    fn whale_routes_down_from_last_is_noop() {
+        let (app, _lock) = create_test_app();
+        let mut view = ModelPickerView::new(&app);
+        // Navigate to the last row
+        view.selected_route_idx = view.whale_route_row_count() - 1;
+        let result = view.move_down();
+        assert!(!result);
+    }
+
+    #[test]
+    fn whale_routes_up_from_first_is_noop() {
+        let (app, _lock) = create_test_app();
+        let mut view = ModelPickerView::new(&app);
+        view.selected_route_idx = 0;
+        let result = view.move_up();
+        assert!(!result);
+    }
+
     #[test]
     fn immediate_esc_applies_current_selection() {
         let (app, _lock) = create_test_app();
@@ -592,9 +788,12 @@ mod tests {
     }
 
     #[test]
-    fn esc_after_selection_move_applies_highlighted_model() {
-        let (app, _lock) = create_test_app();
+    fn esc_after_selection_move_applies_highlighted_route() {
+        let (mut app, _lock) = create_test_app();
+        app.reasoning_effort = ReasoningEffort::High;
         let mut view = ModelPickerView::new(&app);
+        // Initial: Fin Whale (Pro+High), previous_effort=High
+        // Down → Sperm Whale (Pro+Off)
         view.handle_key(KeyEvent::new(
             KeyCode::Down,
             crossterm::event::KeyModifiers::NONE,
@@ -608,13 +807,15 @@ mod tests {
         match action {
             ViewAction::EmitAndClose(ViewEvent::ModelPickerApplied {
                 model,
-                previous_model,
+                effort,
+                previous_effort,
                 ..
             }) => {
-                assert_eq!(previous_model, "deepseek-v4-pro");
-                assert_eq!(model, "deepseek-v4-flash");
+                assert_eq!(model, "deepseek-v4-pro");
+                assert_eq!(effort, ReasoningEffort::Off);
+                assert_eq!(previous_effort, ReasoningEffort::High);
             }
-            other => panic!("expected Esc to apply highlighted model, got {other:?}"),
+            other => panic!("expected Esc to apply highlighted route, got {other:?}"),
         }
     }
 
diff --git a/crates/tui/src/tui/whale_routes.rs b/crates/tui/src/tui/whale_routes.rs
new file mode 100644
index 00000000..f80c9c4c
--- /dev/null
+++ b/crates/tui/src/tui/whale_routes.rs
@@ -0,0 +1,186 @@
+//! Whale-size route taxonomy for model + thinking-effort combinations (#2026).
+//!
+//! Maps each `(model, reasoning_effort)` pair to a friendly whale-species label,
+//! sorted from largest/deepest to smallest/fastest. The labels share the same
+//! species pool as sub-agent nicknames (#2016) but serve a different purpose:
+//! route/tier names help users understand depth/cost/speed at a glance.
+//!
+//! ## Route ordering (size → speed)
+//!
+//! 1. Blue Whale   — Pro + max thinking (largest, deepest)
+//! 2. Fin Whale    — Pro + high thinking
+//! 3. Sperm Whale  — Pro + no thinking
+//! 4. Humpback     — Flash + max thinking
+//! 5. Minke Whale  — Flash + high thinking
+//! 6. Porpoise     — Flash + no thinking (smallest, fastest)
+//!
+//! Unknown or non-DeepSeek models fall back to the raw model id without
+//! fake whale labeling.
+
+use crate::tui::app::ReasoningEffort;
+
+/// One whale-sized route: a model + thinking-effort combination with
+/// a friendly label, sort order, and descriptive hint.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct WhaleRoute {
+    /// Whale-species label, e.g. "Blue Whale".
+    pub label: &'static str,
+    /// Model id, e.g. "deepseek-v4-pro".
+    pub model: &'static str,
+    /// Reasoning effort tier.
+    pub effort: ReasoningEffort,
+    /// Sort index (0 = largest / deepest).
+    pub sort_order: usize,
+    /// Short inline hint, e.g. "Pro + max thinking".
+    pub hint: &'static str,
+    /// Longer description for tooltips / route receipts.
+    pub description: &'static str,
+}
+
+/// Six canonical routes, sorted largest → smallest.
+pub const WHALE_ROUTES: &[WhaleRoute] = &[
+    WhaleRoute {
+        label: "Blue Whale",
+        model: "deepseek-v4-pro",
+        effort: ReasoningEffort::Max,
+        sort_order: 0,
+        hint: "Pro + max thinking",
+        description: "Flagship reasoning at maximum depth — architecture, debugging, security reviews",
+    },
+    WhaleRoute {
+        label: "Fin Whale",
+        model: "deepseek-v4-pro",
+        effort: ReasoningEffort::High,
+        sort_order: 1,
+        hint: "Pro + high thinking",
+        description: "Deep reasoning for complex tasks — multi-file refactors, careful planning",
+    },
+    WhaleRoute {
+        label: "Sperm Whale",
+        model: "deepseek-v4-pro",
+        effort: ReasoningEffort::Off,
+        sort_order: 2,
+        hint: "Pro + no thinking",
+        description: "Full model power without reasoning overhead — straightforward code generation",
+    },
+    WhaleRoute {
+        label: "Humpback",
+        model: "deepseek-v4-flash",
+        effort: ReasoningEffort::Max,
+        sort_order: 3,
+        hint: "Flash + max thinking",
+        description: "Fast model with reasoning depth — lightweight analysis, first-pass reviews",
+    },
+    WhaleRoute {
+        label: "Minke Whale",
+        model: "deepseek-v4-flash",
+        effort: ReasoningEffort::High,
+        sort_order: 4,
+        hint: "Flash + high thinking",
+        description: "Fast model, moderate reasoning — tool execution, read-only scouting",
+    },
+    WhaleRoute {
+        label: "Porpoise",
+        model: "deepseek-v4-flash",
+        effort: ReasoningEffort::Off,
+        sort_order: 5,
+        hint: "Flash + no thinking",
+        description: "Fastest and cheapest — lookups, searches, simple edits",
+    },
+];
+
+impl WhaleRoute {
+    /// Look up the whale route for a given model id and reasoning effort.
+    /// Returns `None` for non-DeepSeek models or unrecognized combinations.
+    #[must_use]
+    pub fn for_model_effort(model: &str, effort: ReasoningEffort) -> Option<&'static WhaleRoute> {
+        WHALE_ROUTES
+            .iter()
+            .find(|r| r.model.eq_ignore_ascii_case(model) && r.effort == effort)
+    }
+
+    /// Look up a whale route by its sort-order index.
+    #[must_use]
+    #[allow(dead_code)]
+    pub fn by_sort_order(index: usize) -> Option<&'static WhaleRoute> {
+        WHALE_ROUTES.iter().find(|r| r.sort_order == index)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn routes_are_sorted_by_size() {
+        for window in WHALE_ROUTES.windows(2) {
+            assert!(
+                window[0].sort_order < window[1].sort_order,
+                "{} should sort before {}",
+                window[0].label,
+                window[1].label
+            );
+        }
+    }
+
+    #[test]
+    fn lookup_blue_whale_for_pro_max() {
+        let route = WhaleRoute::for_model_effort("deepseek-v4-pro", ReasoningEffort::Max)
+            .expect("blue whale route exists");
+        assert_eq!(route.label, "Blue Whale");
+        assert_eq!(route.model, "deepseek-v4-pro");
+        assert_eq!(route.effort, ReasoningEffort::Max);
+        assert_eq!(route.sort_order, 0);
+    }
+
+    #[test]
+    fn lookup_porpoise_for_flash_off() {
+        let route = WhaleRoute::for_model_effort("deepseek-v4-flash", ReasoningEffort::Off)
+            .expect("porpoise route exists");
+        assert_eq!(route.label, "Porpoise");
+        assert_eq!(route.sort_order, 5);
+    }
+
+    #[test]
+    fn lookup_case_insensitive_model() {
+        let route = WhaleRoute::for_model_effort("DeepSeek-V4-Pro", ReasoningEffort::High)
+            .expect("case-insensitive match");
+        assert_eq!(route.label, "Fin Whale");
+    }
+
+    #[test]
+    fn unknown_model_returns_none() {
+        assert!(WhaleRoute::for_model_effort("gpt-4o", ReasoningEffort::High).is_none());
+    }
+
+    #[test]
+    fn unknown_effort_with_valid_model_returns_none() {
+        // ReasoningEffort::Auto is not in any whale route
+        assert!(WhaleRoute::for_model_effort("deepseek-v4-pro", ReasoningEffort::Auto).is_none());
+    }
+
+    #[test]
+    fn by_sort_order_finds_correct_routes() {
+        assert_eq!(WhaleRoute::by_sort_order(0).unwrap().label, "Blue Whale");
+        assert_eq!(WhaleRoute::by_sort_order(5).unwrap().label, "Porpoise");
+        assert!(WhaleRoute::by_sort_order(99).is_none());
+    }
+
+    #[test]
+    fn every_route_has_unique_sort_order() {
+        let orders: Vec<usize> = WHALE_ROUTES.iter().map(|r| r.sort_order).collect();
+        let mut sorted = orders.clone();
+        sorted.sort();
+        sorted.dedup();
+        assert_eq!(orders.len(), sorted.len(), "duplicate sort orders detected");
+    }
+
+    #[test]
+    fn every_route_has_unique_label() {
+        let labels: Vec<&str> = WHALE_ROUTES.iter().map(|r| r.label).collect();
+        let mut sorted = labels.clone();
+        sorted.sort();
+        sorted.dedup();
+        assert_eq!(labels.len(), sorted.len(), "duplicate labels detected");
+    }
+}

From bf0b7bcaaf60d60d729d160a691a4a52e4b2a2dc Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Fri, 29 May 2026 10:15:27 +0800
Subject: [PATCH 142/283] =?UTF-8?q?fix:=20address=20code=20review=20?=
 =?UTF-8?q?=E2=80=94=20type=20error,=20fallback=20row,=20provider=20gating?=
 =?UTF-8?q?,=20array=20index?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Fix usize/u16 type mismatch in popup_height (row_count as u16 + 4)
- Fallback rows: always show "auto" first, then custom model if applicable
- Limit whale routes to official DeepSeek/DeepSeekCN providers only
- Use array position (not sort_order) for selected_route_idx lookup
- Update tests for new fallback row indices
---
 crates/tui/src/tui/model_picker.rs | 89 ++++++++++++++++++------------
 1 file changed, 55 insertions(+), 34 deletions(-)

diff --git a/crates/tui/src/tui/model_picker.rs b/crates/tui/src/tui/model_picker.rs
index b39a98cc..9d8c9d26 100644
--- a/crates/tui/src/tui/model_picker.rs
+++ b/crates/tui/src/tui/model_picker.rs
@@ -74,7 +74,11 @@ impl ModelPickerView {
     #[must_use]
     pub fn new(app: &App) -> Self {
         let hide_deepseek_models = crate::config::provider_passes_model_through(app.api_provider);
-        let show_whale_routes = !hide_deepseek_models;
+        // Whale routes are DeepSeek-specific — only official providers get them.
+        let show_whale_routes = matches!(
+            app.api_provider,
+            crate::config::ApiProvider::Deepseek | crate::config::ApiProvider::DeepseekCN
+        );
         let initial_model = if app.auto_model {
             "auto".to_string()
         } else {
@@ -104,11 +108,23 @@ impl ModelPickerView {
             .position(|e| *e == normalized)
             .unwrap_or(2); // default to High if somehow unknown
 
-        // When showing whale routes, find the matching route index.
+        // When showing whale routes, find the matching route by position in the array
+        // (not by sort_order, which happens to match today but is semantically wrong).
         let selected_route_idx = if show_whale_routes {
-            WhaleRoute::for_model_effort(&initial_model, normalized)
-                .map(|r| r.sort_order)
-                .unwrap_or(WHALE_ROUTES.len()) // "auto" or custom falls after routes
+            WHALE_ROUTES
+                .iter()
+                .position(|r| {
+                    r.model.eq_ignore_ascii_case(&initial_model) && r.effort == normalized
+                })
+                .unwrap_or_else(|| {
+                    // No matching whale route — fall back to "auto" (standard model)
+                    // or the custom row (unrecognized model).
+                    if show_custom_model_row {
+                        WHALE_ROUTES.len() + 1 // custom model row
+                    } else {
+                        WHALE_ROUTES.len() // "auto" row
+                    }
+                })
         } else {
             0
         };
@@ -168,8 +184,11 @@ impl ModelPickerView {
     fn resolved_whale_model(&self) -> String {
         if self.selected_route_idx < WHALE_ROUTES.len() {
             WHALE_ROUTES[self.selected_route_idx].model.to_string()
+        } else if self.selected_route_idx == WHALE_ROUTES.len() {
+            // First fallback row: always "auto".
+            "auto".to_string()
         } else {
-            // Past the last whale route: "auto" or custom.
+            // Second fallback row: custom model.
             self.initial_model.clone()
         }
     }
@@ -178,22 +197,23 @@ impl ModelPickerView {
     fn resolved_whale_effort(&self) -> ReasoningEffort {
         if self.selected_route_idx < WHALE_ROUTES.len() {
             WHALE_ROUTES[self.selected_route_idx].effort
-        } else if self
-            .resolved_whale_model()
-            .trim()
-            .eq_ignore_ascii_case("auto")
-        {
+        } else if self.selected_route_idx == WHALE_ROUTES.len() {
+            // First fallback row: "auto".
             ReasoningEffort::Auto
         } else {
-            // Custom model — keep the initial effort.
+            // Second fallback row: custom model — keep the initial effort.
             self.initial_effort
         }
     }
 
-    /// Number of rows in the whale-route list: routes + (auto or custom).
+    /// Number of rows in the whale-route list.
     fn whale_route_row_count(&self) -> usize {
-        // All whale routes + 1 for the fallback row (auto or custom).
-        WHALE_ROUTES.len() + 1
+        let base = WHALE_ROUTES.len() + 1; // routes + auto
+        if self.show_custom_model_row {
+            base + 1
+        } else {
+            base
+        }
     }
 
     fn move_up(&mut self) -> bool {
@@ -368,7 +388,9 @@ impl ModalView for ModelPickerView {
     fn render_whale_routes(&self, area: Rect, buf: &mut Buffer) {
         let popup_width = 62.min(area.width.saturating_sub(4)).max(44);
         let row_count = self.whale_route_row_count();
-        let popup_height = (row_count + 4).min(area.height.saturating_sub(4)).max(8) as u16;
+        let popup_height = (row_count as u16 + 4)
+            .min(area.height.saturating_sub(4))
+            .max(8);
         let popup_area = Rect {
             x: area.x + (area.width.saturating_sub(popup_width)) / 2,
             y: area.y + (area.height.saturating_sub(popup_height)) / 2,
@@ -409,22 +431,19 @@ impl ModalView for ModelPickerView {
             })
             .collect();
 
-        // Fallback row: "auto" if not set, otherwise the current custom model.
-        let fallback_label = if self.initial_model == "auto" {
-            "auto  —  select per turn".to_string()
-        } else if self.show_custom_model_row {
-            format!("{}  —  custom", self.initial_model)
-        } else {
-            "auto  —  select per turn".to_string()
-        };
-        let fallback_hint = if self.initial_model == "auto" {
-            "Let CodeWhale pick the best model each turn".to_string()
-        } else if self.show_custom_model_row {
-            "Current model (not a standard route)".to_string()
-        } else {
-            "Let CodeWhale pick the best model each turn".to_string()
-        };
-        rows.push((fallback_label, fallback_hint));
+        // Fallback row 1: always "auto".
+        rows.push((
+            "auto  —  select per turn".to_string(),
+            "Let CodeWhale pick the best model each turn".to_string(),
+        ));
+
+        // Fallback row 2: custom model when the current model isn't recognized.
+        if self.show_custom_model_row {
+            rows.push((
+                format!("{}  —  custom", self.initial_model),
+                "Current model (not a standard route)".to_string(),
+            ));
+        }
 
         self.render_pane(
             inner,
@@ -746,10 +765,12 @@ mod tests {
         app.auto_model = false;
         app.reasoning_effort = ReasoningEffort::High;
         let view = ModelPickerView::new(&app);
-        // Custom model → fallback row
-        assert_eq!(view.selected_route_idx, WHALE_ROUTES.len());
+        // Custom model → second fallback row (after "auto")
+        assert_eq!(view.selected_route_idx, WHALE_ROUTES.len() + 1);
         assert_eq!(view.resolved_model(), "deepseek-v4-pro-2026-04-XX");
         assert_eq!(view.resolved_effort(), ReasoningEffort::High);
+        // Row count includes routes + auto + custom
+        assert_eq!(view.whale_route_row_count(), WHALE_ROUTES.len() + 2);
     }
 
     #[test]

From bf30aa3efed11ad641475fa8ddbbe48655784359 Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Fri, 29 May 2026 10:22:44 +0800
Subject: [PATCH 143/283] fix: move render_whale_routes/render_classic out of
 ModalView trait impl

These two methods were accidentally placed inside the ModalView trait
implementation block, which caused E0407 compilation errors on CI.
They are now in a separate impl ModelPickerView block.
---
 crates/tui/src/tui/model_picker.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crates/tui/src/tui/model_picker.rs b/crates/tui/src/tui/model_picker.rs
index 9d8c9d26..80128148 100644
--- a/crates/tui/src/tui/model_picker.rs
+++ b/crates/tui/src/tui/model_picker.rs
@@ -383,7 +383,9 @@ impl ModalView for ModelPickerView {
             self.render_classic(area, buf);
         }
     }
+}
 
+impl ModelPickerView {
     /// Single-column whale-route list for DeepSeek providers.
     fn render_whale_routes(&self, area: Rect, buf: &mut Buffer) {
         let popup_width = 62.min(area.width.saturating_sub(4)).max(44);

From 2ed13999b3c106ccc39fc01ba1926bd69a84ae98 Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Fri, 29 May 2026 10:28:10 +0800
Subject: [PATCH 144/283] fix: remove unused WhaleRoute import, allow dead_code
 on for_model_effort

- model_picker.rs no longer directly references WhaleRoute (uses
  WHALE_ROUTES.iter().position() instead of WhaleRoute::for_model_effort)
- whale_routes.rs: for_model_effort is only used in tests; add
  #[allow(dead_code)] to suppress -D warnings in release builds
---
 crates/tui/src/tui/model_picker.rs | 2 +-
 crates/tui/src/tui/whale_routes.rs | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/tui/model_picker.rs b/crates/tui/src/tui/model_picker.rs
index 80128148..398b6407 100644
--- a/crates/tui/src/tui/model_picker.rs
+++ b/crates/tui/src/tui/model_picker.rs
@@ -24,7 +24,7 @@ use ratatui::{
 use crate::palette;
 use crate::tui::app::{App, ReasoningEffort};
 use crate::tui::views::{ModalKind, ModalView, ViewAction, ViewEvent};
-use crate::tui::whale_routes::{WHALE_ROUTES, WhaleRoute};
+use crate::tui::whale_routes::WHALE_ROUTES;
 
 /// Models the picker exposes by default. Kept short on purpose — power
 /// users can still type `/model <id>` for anything else.
diff --git a/crates/tui/src/tui/whale_routes.rs b/crates/tui/src/tui/whale_routes.rs
index f80c9c4c..d62e90be 100644
--- a/crates/tui/src/tui/whale_routes.rs
+++ b/crates/tui/src/tui/whale_routes.rs
@@ -93,6 +93,7 @@ impl WhaleRoute {
     /// Look up the whale route for a given model id and reasoning effort.
     /// Returns `None` for non-DeepSeek models or unrecognized combinations.
     #[must_use]
+    #[allow(dead_code)]
     pub fn for_model_effort(model: &str, effort: ReasoningEffort) -> Option<&'static WhaleRoute> {
         WHALE_ROUTES
             .iter()

From 43f1b63d5b2abcd0c21f0776980b7713450a61af Mon Sep 17 00:00:00 2001
From: hexin <he.xin@h3c.com>
Date: Fri, 29 May 2026 17:21:10 +0800
Subject: [PATCH 145/283] feat(prompts): allow embedders to override
 constitutional prompt text via OnceLock hooks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

An application embedding this engine may want to ship its own constitutional
preamble, locale preamble, or authority-recap block without forking the
prompt constants. Today the only way to change `BASE_PROMPT`,
`LOCALE_PREAMBLE_ZH_HANS`, or `AUTHORITY_RECAP` is to edit the bundled
markdown/strings in this crate.

Add three process-global, set-once override hooks:

- `set_base_prompt_override(String)`
- `set_locale_preamble_zh_hans_override(String)`
- `set_authority_recap_override(String)`

Each is backed by a `OnceLock` and read through a small accessor
(`base_prompt()` / `locale_preamble_zh_hans()` / `authority_recap()`) that
falls back to the existing default constant when no override is set. Prompt
assembly now calls these accessors instead of the constants directly.

Default builds are unaffected (no override set → upstream constant is used).
Overrides are expected to be installed once at startup, before the engine
builds any prompt; `set_*` returns `Err` with the supplied value if called
twice.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 crates/tui/src/prompts.rs | 54 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 51 insertions(+), 3 deletions(-)

diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index c43f2e84..a156828c 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -228,6 +228,53 @@ fn load_handoff_block(workspace: &Path) -> Option<String> {
 /// "When NOT to use" guidance, sub-agent sentinel protocol.
 pub const BASE_PROMPT: &str = include_str!("prompts/base.md");
 
+// ── Embedder prompt overrides ──
+// Let an embedder replace these compile-time prompt constants at startup,
+// so brand / slimming customizations live in the embedder crate instead of
+// editing these files in-tree. Unset → the bundled constant (fully
+// backward compatible). Intended to be set once at process start, before
+// any engine spawns; later sets are ignored (OnceLock semantics).
+static BASE_PROMPT_OVERRIDE: std::sync::OnceLock<String> = std::sync::OnceLock::new();
+static LOCALE_PREAMBLE_ZH_HANS_OVERRIDE: std::sync::OnceLock<String> = std::sync::OnceLock::new();
+static AUTHORITY_RECAP_OVERRIDE: std::sync::OnceLock<String> = std::sync::OnceLock::new();
+
+/// Replace `BASE_PROMPT` for all subsequent prompt composition. First call
+/// wins; later calls are no-ops. Set before spawning any engine.
+pub fn set_base_prompt_override(s: String) {
+    let _ = BASE_PROMPT_OVERRIDE.set(s);
+}
+
+/// Replace the Simplified-Chinese locale preamble (`## 语言要求`).
+pub fn set_locale_preamble_zh_hans_override(s: String) {
+    let _ = LOCALE_PREAMBLE_ZH_HANS_OVERRIDE.set(s);
+}
+
+/// Replace the trailing `## Authority Recap` block.
+pub fn set_authority_recap_override(s: String) {
+    let _ = AUTHORITY_RECAP_OVERRIDE.set(s);
+}
+
+fn effective_base_prompt() -> &'static str {
+    BASE_PROMPT_OVERRIDE
+        .get()
+        .map(String::as_str)
+        .unwrap_or(BASE_PROMPT)
+}
+
+fn effective_locale_preamble_zh_hans() -> &'static str {
+    LOCALE_PREAMBLE_ZH_HANS_OVERRIDE
+        .get()
+        .map(String::as_str)
+        .unwrap_or(LOCALE_PREAMBLE_ZH_HANS)
+}
+
+fn effective_authority_recap() -> &'static str {
+    AUTHORITY_RECAP_OVERRIDE
+        .get()
+        .map(String::as_str)
+        .unwrap_or(AUTHORITY_RECAP)
+}
+
 /// Optional locale-native reinforcement preamble prepended to the system
 /// prompt when the user's UI locale is non-English.
 ///
@@ -293,7 +340,7 @@ pub const BASE_PROMPT: &str = include_str!("prompts/base.md");
 /// and the closer position would all carry over unchanged.
 pub(crate) fn locale_reinforcement_preamble(locale_tag: &str) -> Option<&'static str> {
     match locale_tag {
-        "zh-Hans" | "zh-CN" | "zh" => Some(LOCALE_PREAMBLE_ZH_HANS),
+        "zh-Hans" | "zh-CN" | "zh" => Some(effective_locale_preamble_zh_hans()),
         "ja" | "ja-JP" => Some(LOCALE_PREAMBLE_JA),
         "pt-BR" | "pt" => Some(LOCALE_PREAMBLE_PT_BR),
         _ => None,
@@ -542,7 +589,7 @@ pub fn compose_prompt_with_approval_and_model(
     model_id: &str,
 ) -> String {
     let parts: [&str; 4] = [
-        &apply_model_template(BASE_PROMPT.trim(), model_id),
+        &apply_model_template(effective_base_prompt().trim(), model_id),
         personality.prompt().trim(),
         mode_prompt(mode).trim(),
         approval_prompt_for_mode(mode, approval_mode).trim(),
@@ -833,7 +880,8 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
     // 7a. Authority recap — the final tier reminder before user messages.
     // Uses recency bias constructively: this is the last content the model
     // sees before the user's turn, reinforcing the Constitutional hierarchy.
-    full_prompt = format!("{full_prompt}\n\n{AUTHORITY_RECAP}");
+    let authority_recap = effective_authority_recap();
+    full_prompt = format!("{full_prompt}\n\n{authority_recap}");
 
     // 8. Locale-native closing reinforcement (#1118 follow-up #2). The
     // opening preamble alone wasn't enough — community feedback (the

From d7e6c85db5c4648a8dc9033a93f34b4db39f7013 Mon Sep 17 00:00:00 2001
From: jimmyzhuu <ziming_zhu2002@163.com>
Date: Sat, 30 May 2026 10:42:18 +0800
Subject: [PATCH 146/283] feat: add baidu web search backend

---
 crates/tui/src/config.rs           |  61 ++++++-
 crates/tui/src/tools/web_search.rs | 257 ++++++++++++++++++++++++++++-
 2 files changed, 311 insertions(+), 7 deletions(-)

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 282d2023..c0beec79 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -661,6 +661,9 @@ pub enum SearchProvider {
     /// or `METASO_API_KEY` env var; configurable via `[search] api_key`.
     #[serde(alias = "metaso")]
     Metaso,
+    /// Baidu AI Search API (<https://qianfan.baidubce.com>). Requires api_key.
+    #[serde(alias = "baidu-search", alias = "baidu_ai_search")]
+    Baidu,
 }
 
 impl SearchProvider {
@@ -671,6 +674,9 @@ impl SearchProvider {
             "duckduckgo" | "duck-duck-go" | "duck_duck_go" | "ddg" => Some(Self::DuckDuckGo),
             "tavily" => Some(Self::Tavily),
             "bocha" => Some(Self::Bocha),
+            "metaso" => Some(Self::Metaso),
+            "baidu" | "baidu-search" | "baidu_search" | "baidu-ai-search"
+            | "baidu_ai_search" => Some(Self::Baidu),
             _ => None,
         }
     }
@@ -683,6 +689,7 @@ impl SearchProvider {
             Self::Tavily => "tavily",
             Self::Bocha => "bocha",
             Self::Metaso => "metaso",
+            Self::Baidu => "baidu",
         }
     }
 }
@@ -714,11 +721,12 @@ pub struct SearchProviderResolution {
 /// Web search provider configuration (`[search]` table in config.toml).
 #[derive(Debug, Clone, Deserialize, Default)]
 pub struct SearchConfig {
-    /// Search provider: `bing` | `duckduckgo` | `tavily` | `bocha` | `metaso`. Default: `duckduckgo`.
+    /// Search provider: `bing` | `duckduckgo` | `tavily` | `bocha` | `metaso` | `baidu`. Default: `duckduckgo`.
     #[serde(default)]
     pub provider: Option<SearchProvider>,
-    /// API key for Tavily, Bocha, or Metaso. Not required for Bing or DuckDuckGo.
+    /// API key for Tavily, Bocha, Metaso, or Baidu. Not required for Bing or DuckDuckGo.
     /// Metaso also falls back to `METASO_API_KEY` env var, then a built-in default.
+    /// Baidu also falls back to `BAIDU_SEARCH_API_KEY` env var.
     #[serde(default)]
     pub api_key: Option<String>,
 }
@@ -4281,6 +4289,35 @@ mod tests {
         );
     }
 
+    #[test]
+    fn explicit_baidu_search_provider_is_preserved() {
+        let config: Config = toml::from_str(
+            r#"
+            [search]
+            provider = "baidu"
+            "#,
+        )
+        .expect("search config");
+
+        assert_eq!(
+            config.search.and_then(|search| search.provider),
+            Some(SearchProvider::Baidu)
+        );
+    }
+
+    #[test]
+    fn baidu_search_provider_aliases_parse() {
+        assert_eq!(SearchProvider::parse("baidu"), Some(SearchProvider::Baidu));
+        assert_eq!(
+            SearchProvider::parse("baidu-search"),
+            Some(SearchProvider::Baidu)
+        );
+        assert_eq!(
+            SearchProvider::parse("baidu_ai_search"),
+            Some(SearchProvider::Baidu)
+        );
+    }
+
     #[test]
     fn search_provider_resolution_reports_default_source() {
         let _guard = lock_test_env();
@@ -4334,6 +4371,26 @@ mod tests {
         assert_eq!(resolution.source, SearchProviderSource::EnvOverride);
     }
 
+    #[test]
+    fn search_provider_env_override_accepts_baidu() {
+        let _guard = lock_test_env();
+        let prev = env::var_os("DEEPSEEK_SEARCH_PROVIDER");
+        unsafe { env::set_var("DEEPSEEK_SEARCH_PROVIDER", "baidu") };
+        let config: Config = toml::from_str(
+            r#"
+            [search]
+            provider = "duckduckgo"
+            "#,
+        )
+        .expect("search config");
+
+        let resolution = config.search_provider_resolution();
+
+        unsafe { EnvGuard::restore_var("DEEPSEEK_SEARCH_PROVIDER", prev) };
+        assert_eq!(resolution.provider, SearchProvider::Baidu);
+        assert_eq!(resolution.source, SearchProviderSource::EnvOverride);
+    }
+
     #[test]
     fn search_provider_resolution_ignores_invalid_env_override() {
         let _guard = lock_test_env();
diff --git a/crates/tui/src/tools/web_search.rs b/crates/tui/src/tools/web_search.rs
index 16c7b632..c5f68ab7 100644
--- a/crates/tui/src/tools/web_search.rs
+++ b/crates/tui/src/tools/web_search.rs
@@ -1,6 +1,6 @@
 //! Web search tool backed by multiple providers: Bing HTML scrape, DuckDuckGo
-//! (HTML scrape with Bing fallback), Tavily API, Bocha (博查) API, and
-//! Metaso API (<https://metaso.cn>).
+//! (HTML scrape with Bing fallback), Tavily API, Bocha (博查) API,
+//! Metaso API (<https://metaso.cn>), and Baidu AI Search.
 //!
 //! This is the primary web search surface for agents. For browsing workflows
 //! (page open, click, screenshot) use a direct URL approach instead.
@@ -27,6 +27,7 @@ const BING_HOST: &str = "www.bing.com";
 const TAVILY_ENDPOINT: &str = "https://api.tavily.com/search";
 const BOCHA_ENDPOINT: &str = "https://api.bochaai.com/v1/ai/search";
 const METASO_ENDPOINT: &str = "https://metaso.cn/api/v1";
+const BAIDU_ENDPOINT: &str = "https://qianfan.baidubce.com/v2/ai_search/web_search";
 /// Intentionally public default key provided by Metaso for open-source/community use.
 /// Last-resort fallback after config and env var. Rate-limited to ~100 searches/day.
 const METASO_DEFAULT_API_KEY: &str = "mk-E384C1DD5E8501BB7EFE27C949AFDE5B";
@@ -57,6 +58,7 @@ static TAG_RE: OnceLock<Regex> = OnceLock::new();
 static BING_RESULT_RE: OnceLock<Regex> = OnceLock::new();
 static BING_TITLE_RE: OnceLock<Regex> = OnceLock::new();
 static BING_SNIPPET_RE: OnceLock<Regex> = OnceLock::new();
+static BEARER_TOKEN_RE: OnceLock<Regex> = OnceLock::new();
 
 fn get_title_re() -> &'static Regex {
     TITLE_RE.get_or_init(|| {
@@ -99,6 +101,13 @@ fn get_bing_snippet_re() -> &'static Regex {
     })
 }
 
+fn get_bearer_token_re() -> &'static Regex {
+    BEARER_TOKEN_RE.get_or_init(|| {
+        Regex::new(r"(?i)\bBearer\s+[A-Za-z0-9._~+/=-]+")
+            .expect("bearer token regex pattern is valid")
+    })
+}
+
 const DEFAULT_MAX_RESULTS: usize = 5;
 const MAX_RESULTS: usize = 10;
 const DEFAULT_TIMEOUT_MS: u64 = 15_000;
@@ -129,7 +138,7 @@ impl ToolSpec for WebSearchTool {
     }
 
     fn description(&self) -> &'static str {
-        "Search the web and return ranked results with URLs and snippets. Default backend is DuckDuckGo with Bing fallback; set `[search] provider = \"bing\" | \"tavily\" | \"bocha\"` in config.toml to switch backends. Use this instead of scraping search engines with `curl` in `exec_shell`. For a known canonical URL, prefer `fetch_url` directly."
+        "Search the web and return ranked results with URLs and snippets. Default backend is DuckDuckGo with Bing fallback; set `[search] provider = \"bing\" | \"tavily\" | \"bocha\" | \"metaso\" | \"baidu\"` in config.toml to switch backends. Use this instead of scraping search engines with `curl` in `exec_shell`. For a known canonical URL, prefer `fetch_url` directly."
     }
 
     fn input_schema(&self) -> Value {
@@ -210,6 +219,13 @@ impl ToolSpec for WebSearchTool {
                     .run_metaso_search(&query, max_results, timeout_ms, context)
                     .await;
             }
+            SearchProvider::Baidu => {
+                let decider = context.network_policy.as_ref();
+                check_policy(decider, "qianfan.baidubce.com")?;
+                return self
+                    .run_baidu_search(&query, max_results, timeout_ms, context)
+                    .await;
+            }
             SearchProvider::Bing | SearchProvider::DuckDuckGo => {}
         }
 
@@ -645,6 +661,88 @@ impl WebSearchTool {
 
         search_tool_result(query.to_string(), "metaso", results, None)
     }
+
+    /// Search via Baidu AI Search API (<https://qianfan.baidubce.com>).
+    async fn run_baidu_search(
+        &self,
+        query: &str,
+        max_results: usize,
+        timeout_ms: u64,
+        context: &ToolContext,
+    ) -> Result<ToolResult, ToolError> {
+        let env_key = std::env::var("BAIDU_SEARCH_API_KEY").ok();
+        let api_key = context
+            .search_api_key
+            .as_deref()
+            .or(env_key.as_deref())
+            .ok_or_else(|| {
+                ToolError::execution_failed(
+                    "Baidu search requires an API key. Set `BAIDU_SEARCH_API_KEY` or `[search] api_key` in config.toml.",
+                )
+            })?;
+
+        let client = reqwest::Client::builder()
+            .timeout(Duration::from_millis(timeout_ms))
+            .build()
+            .map_err(|e| {
+                ToolError::execution_failed(format!("Failed to build HTTP client: {e}"))
+            })?;
+
+        let payload = json!({
+            "messages": [
+                {
+                    "role": "user",
+                    "content": query,
+                }
+            ],
+            "search_source": "baidu_search",
+            "resource_type_filter": [
+                {
+                    "type": "web",
+                    "top_k": max_results,
+                }
+            ],
+        });
+
+        let resp = client
+            .post(BAIDU_ENDPOINT)
+            .header("Content-Type", "application/json")
+            .header("Authorization", format!("Bearer {api_key}"))
+            .json(&payload)
+            .send()
+            .await
+            .map_err(|e| {
+                ToolError::execution_failed(format!("Baidu search request failed: {e}"))
+            })?;
+
+        let status = resp.status();
+        let body = resp.text().await.map_err(|e| {
+            ToolError::execution_failed(format!("Failed to read Baidu response: {e}"))
+        })?;
+
+        if !status.is_success() {
+            let msg = match status.as_u16() {
+                401 | 403 => "Baidu search API key rejected — check BAIDU_SEARCH_API_KEY or `[search] api_key` in config.toml".to_string(),
+                429 => "Baidu search rate-limited — wait and retry, or check your Baidu AI Search quota".to_string(),
+                _ => {
+                    let truncated = truncate_error_body(&body);
+                    format!("Baidu search failed: HTTP {} — {truncated}", status.as_u16())
+                }
+            };
+            return Err(ToolError::execution_failed(msg));
+        }
+
+        let parsed: serde_json::Value = serde_json::from_str(&body).map_err(|e| {
+            ToolError::execution_failed(format!("Failed to parse Baidu response: {e}"))
+        })?;
+
+        if let Some(error) = baidu_error_message(&parsed) {
+            return Err(ToolError::execution_failed(error));
+        }
+
+        let results = parse_baidu_results(&parsed, max_results);
+        search_tool_result(query.to_string(), "baidu", results, None)
+    }
 }
 
 fn truncate_error_body(body: &str) -> String {
@@ -662,12 +760,69 @@ fn truncate_error_body(body: &str) -> String {
 
 fn sanitize_error_body(body: &str) -> String {
     let stripped = strip_html_tags(body);
-    stripped
+    let visible: String = stripped
         .chars()
         .filter(|c| !c.is_control() || c.is_ascii_whitespace())
+        .collect();
+    get_bearer_token_re()
+        .replace_all(&visible, "Bearer [REDACTED]")
+        .to_string()
+}
+
+fn parse_baidu_results(parsed: &Value, max_results: usize) -> Vec<WebSearchEntry> {
+    parsed
+        .get("references")
+        .and_then(|v| v.as_array())
+        .into_iter()
+        .flat_map(|arr| arr.iter())
+        .filter_map(|item| {
+            let title = item
+                .get("title")
+                .or_else(|| item.get("name"))
+                .and_then(|s| s.as_str())?
+                .trim();
+            let url = item
+                .get("url")
+                .or_else(|| item.get("link"))
+                .and_then(|s| s.as_str())?
+                .trim();
+            if title.is_empty() || url.is_empty() {
+                return None;
+            }
+            let snippet = item
+                .get("content")
+                .or_else(|| item.get("snippet"))
+                .or_else(|| item.get("summary"))
+                .and_then(|s| s.as_str())
+                .map(str::trim)
+                .filter(|s| !s.is_empty())
+                .map(ToString::to_string);
+            Some(WebSearchEntry {
+                title: title.to_string(),
+                url: url.to_string(),
+                snippet,
+            })
+        })
+        .take(max_results)
         .collect()
 }
 
+fn baidu_error_message(parsed: &Value) -> Option<String> {
+    let code = parsed
+        .get("error_code")
+        .or_else(|| parsed.get("code"))
+        .and_then(|v| v.as_i64())?;
+    if code == 0 {
+        return None;
+    }
+    let message = parsed
+        .get("error_msg")
+        .or_else(|| parsed.get("message"))
+        .and_then(|v| v.as_str())
+        .unwrap_or("unknown error");
+    Some(format!("Baidu search API error (code {code}: {message})"))
+}
+
 fn extract_search_query(input: &Value) -> Result<String, ToolError> {
     for key in ["query", "q"] {
         if let Some(value) = input.get(key) {
@@ -1028,7 +1183,7 @@ mod tests {
     use super::{
         ERROR_BODY_PREVIEW_BYTES, WebSearchEntry, WebSearchTool, decode_html_entities,
         extract_search_query, is_likely_spam_results, optional_search_max_results, root_domain,
-        sanitize_error_body, truncate_error_body,
+        parse_baidu_results, sanitize_error_body, truncate_error_body,
     };
     use serde_json::json;
 
@@ -1295,6 +1450,69 @@ mod tests {
         assert_eq!(sanitized, "error");
     }
 
+    #[test]
+    fn sanitize_error_body_redacts_bearer_tokens() {
+        let body =
+            r#"{"error":"bad token","authorization":"Bearer bce-v3/ALTAK-example/secret"}"#;
+
+        let sanitized = sanitize_error_body(body);
+
+        assert!(!sanitized.contains("bce-v3/ALTAK-example/secret"));
+        assert!(sanitized.contains("Bearer [REDACTED]"));
+    }
+
+    #[test]
+    fn parse_baidu_references_extracts_ranked_results() {
+        let body = json!({
+            "references": [
+                {
+                    "title": "Rust 官方文档",
+                    "url": "https://www.rust-lang.org/",
+                    "content": "Rust 是一门注重性能和可靠性的语言。"
+                },
+                {
+                    "title": "Cargo Book",
+                    "url": "https://doc.rust-lang.org/cargo/",
+                    "snippet": "Cargo is Rust's package manager."
+                }
+            ]
+        });
+
+        let results = parse_baidu_results(&body, 10);
+
+        assert_eq!(results.len(), 2);
+        assert_eq!(results[0].title, "Rust 官方文档");
+        assert_eq!(results[0].url, "https://www.rust-lang.org/");
+        assert_eq!(
+            results[0].snippet.as_deref(),
+            Some("Rust 是一门注重性能和可靠性的语言。")
+        );
+        assert_eq!(results[1].title, "Cargo Book");
+        assert_eq!(results[1].url, "https://doc.rust-lang.org/cargo/");
+        assert_eq!(
+            results[1].snippet.as_deref(),
+            Some("Cargo is Rust's package manager.")
+        );
+    }
+
+    #[test]
+    fn parse_baidu_references_skips_incomplete_entries() {
+        let body = json!({
+            "references": [
+                {"title": "No URL", "content": "missing url"},
+                {"url": "https://example.com/no-title", "content": "missing title"},
+                {"title": "Valid", "url": "https://example.com/valid"}
+            ]
+        });
+
+        let results = parse_baidu_results(&body, 10);
+
+        assert_eq!(results.len(), 1);
+        assert_eq!(results[0].title, "Valid");
+        assert_eq!(results[0].url, "https://example.com/valid");
+        assert_eq!(results[0].snippet, None);
+    }
+
     #[tokio::test]
     async fn tavily_provider_without_api_key_surfaces_clear_error_not_silent_fallback() {
         // Trust-boundary pin: if a user has opted into Tavily but
@@ -1341,6 +1559,35 @@ mod tests {
         );
     }
 
+    #[tokio::test]
+    async fn baidu_provider_without_api_key_surfaces_clear_error_not_silent_fallback() {
+        use crate::config::SearchProvider;
+        use crate::tools::spec::{ToolContext, ToolSpec};
+
+        let prev = std::env::var_os("BAIDU_SEARCH_API_KEY");
+        unsafe { std::env::remove_var("BAIDU_SEARCH_API_KEY") };
+
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let mut ctx = ToolContext::new(tmp.path().to_path_buf());
+        ctx.search_provider = SearchProvider::Baidu;
+        ctx.search_api_key = None;
+        let err = WebSearchTool
+            .execute(json!({"query": "anything"}), &ctx)
+            .await
+            .expect_err("missing api_key must surface as ToolError");
+
+        match prev {
+            Some(value) => unsafe { std::env::set_var("BAIDU_SEARCH_API_KEY", value) },
+            None => unsafe { std::env::remove_var("BAIDU_SEARCH_API_KEY") },
+        }
+
+        let msg = err.to_string();
+        assert!(
+            msg.contains("Baidu") && msg.contains("API key"),
+            "error must name the provider and missing key; got `{msg}`"
+        );
+    }
+
     #[tokio::test]
     async fn metaso_provider_uses_built_in_key_when_no_config_key_set() {
         // Unlike Tavily/Bocha, Metaso falls back to a built-in default, so

From e227efbd800b47a3149fe18065a15cc98521c52e Mon Sep 17 00:00:00 2001
From: jimmyzhuu <ziming_zhu2002@163.com>
Date: Sat, 30 May 2026 10:48:16 +0800
Subject: [PATCH 147/283] docs: document baidu search backend

---
 config.example.toml                | 28 ++++++++++++++++------------
 crates/tui/src/config.rs           |  5 +++--
 crates/tui/src/core/engine.rs      |  3 ++-
 crates/tui/src/tools/spec.rs       |  3 ++-
 crates/tui/src/tools/web_search.rs |  9 ++++-----
 docs/CONFIGURATION.md              | 17 ++++++++++++-----
 docs/TOOL_SURFACE.md               |  2 +-
 7 files changed, 40 insertions(+), 27 deletions(-)

diff --git a/config.example.toml b/config.example.toml
index c8a7155b..4169be0f 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -265,25 +265,29 @@ max_subagents = 10 # optional (1-20)
 # ─────────────────────────────────────────────────────────────────────────────────
 # Web Search Provider
 # ─────────────────────────────────────────────────────────────────────────────────
-# Choose which backend `web_search` uses. Default is Bing HTML scraping — no
-# API key needed. DuckDuckGo remains selectable and still falls back to Bing
-# when its HTML endpoint returns a bot challenge or no parseable results.
-# Switch to Tavily or Bocha for reliable search in mainland China.
+# Choose which backend `web_search` uses. Default is DuckDuckGo HTML scraping
+# with Bing fallback — no API key needed. Bing remains selectable for users who
+# explicitly prefer it. Switch to Tavily, Bocha, Metaso, or Baidu for
+# API-backed search.
 #
 # [search]
-# provider = "bing"         # bing | duckduckgo | tavily | bocha | metaso
+# provider = "duckduckgo"  # duckduckgo | bing | tavily | bocha | metaso | baidu
 #                            # duckduckgo: HTML scrape with Bing fallback
-#                            # tavily: https://tavily.com — AI search, needs api_key
-#                            # bocha:  https://bochaai.com — 博查AI搜索，国内友好，需api_key
-#                            # metaso: https://metaso.cn — 秘塔AI搜索，每天 100 次免费
-#                            #         设置 METASO_API_KEY 或 [search] api_key 可提升额度
-# api_key = "tvly-YOUR_KEY"  # required for tavily, bocha, and metaso (optional for metaso)
-#                            # WARNING: treat config.toml like a secret file when
-#                            # storing API keys. Use env vars or `auth set` instead.
+#                            # bing:       HTML scrape, no API key
+#                            # tavily:     https://tavily.com — AI search, needs api_key
+#                            # bocha:      https://bochaai.com — 博查AI搜索，国内友好，需api_key
+#                            # metaso:     https://metaso.cn — 秘塔AI搜索，每天 100 次免费
+#                            #             设置 METASO_API_KEY 或 [search] api_key 可提升额度
+#                            # baidu:      百度 AI Search via qianfan.baidubce.com，需 api_key
+# api_key = "YOUR_SEARCH_KEY" # required for tavily, bocha, and baidu; optional for metaso
+#                             # WARNING: treat config.toml like a secret file when
+#                             # storing API keys. Prefer env vars for local smoke tests.
 #
 # Env-var overrides:
 #   DEEPSEEK_SEARCH_PROVIDER → search.provider
 #   DEEPSEEK_SEARCH_API_KEY  → search.api_key
+#   METASO_API_KEY           → metaso key fallback
+#   BAIDU_SEARCH_API_KEY     → baidu key fallback
 
 # ─────────────────────────────────────────────────────────────────────────────────
 # Network Policy (#135)
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index c0beec79..03c19344 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -675,8 +675,9 @@ impl SearchProvider {
             "tavily" => Some(Self::Tavily),
             "bocha" => Some(Self::Bocha),
             "metaso" => Some(Self::Metaso),
-            "baidu" | "baidu-search" | "baidu_search" | "baidu-ai-search"
-            | "baidu_ai_search" => Some(Self::Baidu),
+            "baidu" | "baidu-search" | "baidu_search" | "baidu-ai-search" | "baidu_ai_search" => {
+                Some(Self::Baidu)
+            }
             _ => None,
         }
     }
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index 02737eb7..37877750 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -170,8 +170,9 @@ pub struct EngineConfig {
     pub workshop: Option<crate::tools::large_output_router::WorkshopConfig>,
     /// Which search backend `web_search` should use. Default: DuckDuckGo.
     pub search_provider: crate::config::SearchProvider,
-    /// API key for Tavily, Bocha, or Metaso. `None` for Bing or DuckDuckGo.
+    /// API key for Tavily, Bocha, Metaso, or Baidu. `None` for Bing or DuckDuckGo.
     /// Metaso also falls back to `METASO_API_KEY` env var, then a built-in key.
+    /// Baidu also falls back to `BAIDU_SEARCH_API_KEY`.
     pub search_api_key: Option<String>,
     /// Per-step DeepSeek API timeout for sub-agent `create_message` requests.
     /// Resolved from `[subagents] api_timeout_secs` (clamped to 1..=1800)
diff --git a/crates/tui/src/tools/spec.rs b/crates/tui/src/tools/spec.rs
index 8f2e186e..6a66c37f 100644
--- a/crates/tui/src/tools/spec.rs
+++ b/crates/tui/src/tools/spec.rs
@@ -165,8 +165,9 @@ pub struct ToolContext {
     /// Which search backend `web_search` should use. Default: DuckDuckGo. Set via
     /// `[search] provider` in config.toml.
     pub search_provider: crate::config::SearchProvider,
-    /// API key for Tavily, Bocha, or Metaso. `None` for Bing or DuckDuckGo.
+    /// API key for Tavily, Bocha, Metaso, or Baidu. `None` for Bing or DuckDuckGo.
     /// Metaso also falls back to `METASO_API_KEY` env var, then a built-in key.
+    /// Baidu also falls back to `BAIDU_SEARCH_API_KEY`.
     pub search_api_key: Option<String>,
 
     /// Per-session workshop variable store (#548). Holds the raw content of
diff --git a/crates/tui/src/tools/web_search.rs b/crates/tui/src/tools/web_search.rs
index c5f68ab7..a86b3c0b 100644
--- a/crates/tui/src/tools/web_search.rs
+++ b/crates/tui/src/tools/web_search.rs
@@ -1182,8 +1182,8 @@ fn extract_query_param(url: &str, key: &str) -> Option<String> {
 mod tests {
     use super::{
         ERROR_BODY_PREVIEW_BYTES, WebSearchEntry, WebSearchTool, decode_html_entities,
-        extract_search_query, is_likely_spam_results, optional_search_max_results, root_domain,
-        parse_baidu_results, sanitize_error_body, truncate_error_body,
+        extract_search_query, is_likely_spam_results, optional_search_max_results,
+        parse_baidu_results, root_domain, sanitize_error_body, truncate_error_body,
     };
     use serde_json::json;
 
@@ -1452,12 +1452,11 @@ mod tests {
 
     #[test]
     fn sanitize_error_body_redacts_bearer_tokens() {
-        let body =
-            r#"{"error":"bad token","authorization":"Bearer bce-v3/ALTAK-example/secret"}"#;
+        let body = r#"{"error":"bad token","authorization":"Bearer test-token/with+chars="}"#;
 
         let sanitized = sanitize_error_body(body);
 
-        assert!(!sanitized.contains("bce-v3/ALTAK-example/secret"));
+        assert!(!sanitized.contains("test-token/with+chars="));
         assert!(sanitized.contains("Bearer [REDACTED]"));
     }
 
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index f0b75de0..3d4ce5d1 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -663,14 +663,21 @@ Use `codewhale-tui features list` to inspect known flags and their effective sta
 `web_search` uses DuckDuckGo by default and does not require an API key. The
 DuckDuckGo path keeps a Bing fallback when DDG returns a bot challenge or no
 parseable results. Bing remains selectable for users who explicitly want it,
-and Tavily or Bocha can be selected when an API-backed provider is preferred.
-**Metaso** ([metaso.cn](https://metaso.cn))
-100 searches/day free quota — set `METASO_API_KEY` or `[search] api_key` for a higher quota.
+and Tavily, Bocha, Metaso, or Baidu can be selected when an API-backed provider
+is preferred.
+
+**Metaso** ([metaso.cn](https://metaso.cn)) has a 100 searches/day free quota;
+set `METASO_API_KEY` or `[search] api_key` for a higher quota.
+
+**Baidu** uses Baidu AI Search at
+`https://qianfan.baidubce.com/v2/ai_search/web_search`. Set
+`BAIDU_SEARCH_API_KEY` or `[search] api_key`. This is a search-tool backend
+only; it does not add a Baidu model provider.
 
 ```toml
 [search]
-provider = "duckduckgo"    # duckduckgo | bing | tavily | bocha | metaso
-# api_key = "YOUR_KEY" # required for tavily and bocha; optional for metaso (100 searches/day free quota)
+provider = "baidu" # duckduckgo | bing | tavily | bocha | metaso | baidu
+# api_key = "YOUR_KEY" # required for tavily, bocha, and baidu; optional for metaso
 ```
 
 ## Local Media Attachments
diff --git a/docs/TOOL_SURFACE.md b/docs/TOOL_SURFACE.md
index aa31fb4e..36933b0d 100644
--- a/docs/TOOL_SURFACE.md
+++ b/docs/TOOL_SURFACE.md
@@ -35,7 +35,7 @@ chosen over the available shell equivalent. Companion to `crates/tui/src/prompts
 |---|---|
 | `grep_files` | Regex search file contents within the workspace; structured matches + context lines. Pure-Rust (`regex` crate), no `rg`/`grep` shell-out. |
 | `file_search` | Fuzzy-match filenames (not contents). Use when you know roughly the name. |
-| `web_search` | DuckDuckGo by default with Bing fallback; Bing, Tavily, and Bocha are selectable in config. Ranked snippets + `ref_id` for citation. |
+| `web_search` | DuckDuckGo by default with Bing fallback; Bing, Tavily, Bocha, Metaso, and Baidu are selectable in config. Ranked snippets + `ref_id` for citation. |
 | `fetch_url` | Direct HTTP GET on a known URL. Faster than `web_search` when the link is already known. HTML stripped to text by default. |
 
 ### Shell

From 7842908028f5e43ac8058cda6e9a1329ab93526b Mon Sep 17 00:00:00 2001
From: jimmyzhuu <ziming_zhu2002@163.com>
Date: Sat, 30 May 2026 11:13:37 +0800
Subject: [PATCH 148/283] fix: use official baidu search source

---
 crates/tui/src/tools/web_search.rs | 69 ++++++++++++++++++++++--------
 1 file changed, 51 insertions(+), 18 deletions(-)

diff --git a/crates/tui/src/tools/web_search.rs b/crates/tui/src/tools/web_search.rs
index a86b3c0b..071cb098 100644
--- a/crates/tui/src/tools/web_search.rs
+++ b/crates/tui/src/tools/web_search.rs
@@ -688,21 +688,7 @@ impl WebSearchTool {
                 ToolError::execution_failed(format!("Failed to build HTTP client: {e}"))
             })?;
 
-        let payload = json!({
-            "messages": [
-                {
-                    "role": "user",
-                    "content": query,
-                }
-            ],
-            "search_source": "baidu_search",
-            "resource_type_filter": [
-                {
-                    "type": "web",
-                    "top_k": max_results,
-                }
-            ],
-        });
+        let payload = baidu_search_payload(query, max_results);
 
         let resp = client
             .post(BAIDU_ENDPOINT)
@@ -823,6 +809,24 @@ fn baidu_error_message(parsed: &Value) -> Option<String> {
     Some(format!("Baidu search API error (code {code}: {message})"))
 }
 
+fn baidu_search_payload(query: &str, max_results: usize) -> Value {
+    json!({
+        "messages": [
+            {
+                "role": "user",
+                "content": query,
+            }
+        ],
+        "search_source": "baidu_search_v2",
+        "resource_type_filter": [
+            {
+                "type": "web",
+                "top_k": max_results,
+            }
+        ],
+    })
+}
+
 fn extract_search_query(input: &Value) -> Result<String, ToolError> {
     for key in ["query", "q"] {
         if let Some(value) = input.get(key) {
@@ -1181,9 +1185,10 @@ fn extract_query_param(url: &str, key: &str) -> Option<String> {
 #[cfg(test)]
 mod tests {
     use super::{
-        ERROR_BODY_PREVIEW_BYTES, WebSearchEntry, WebSearchTool, decode_html_entities,
-        extract_search_query, is_likely_spam_results, optional_search_max_results,
-        parse_baidu_results, root_domain, sanitize_error_body, truncate_error_body,
+        ERROR_BODY_PREVIEW_BYTES, WebSearchEntry, WebSearchTool, baidu_search_payload,
+        decode_html_entities, extract_search_query, is_likely_spam_results,
+        optional_search_max_results, parse_baidu_results, root_domain, sanitize_error_body,
+        truncate_error_body,
     };
     use serde_json::json;
 
@@ -1512,6 +1517,34 @@ mod tests {
         assert_eq!(results[0].snippet, None);
     }
 
+    #[test]
+    fn baidu_search_payload_uses_official_search_source() {
+        let payload = baidu_search_payload("Rust cargo workspace", 3);
+
+        assert_eq!(
+            payload.get("search_source").and_then(|v| v.as_str()),
+            Some("baidu_search_v2")
+        );
+        assert_eq!(
+            payload
+                .get("messages")
+                .and_then(|v| v.as_array())
+                .and_then(|messages| messages.first())
+                .and_then(|message| message.get("content"))
+                .and_then(|v| v.as_str()),
+            Some("Rust cargo workspace")
+        );
+        assert_eq!(
+            payload
+                .get("resource_type_filter")
+                .and_then(|v| v.as_array())
+                .and_then(|filters| filters.first())
+                .and_then(|filter| filter.get("top_k"))
+                .and_then(|v| v.as_u64()),
+            Some(3)
+        );
+    }
+
     #[tokio::test]
     async fn tavily_provider_without_api_key_surfaces_clear_error_not_silent_fallback() {
         // Trust-boundary pin: if a user has opted into Tavily but

From ce959f6841e85f4dd039b6e2ba3737b23dae72e1 Mon Sep 17 00:00:00 2001
From: jimmyzhuu <ziming_zhu2002@163.com>
Date: Sat, 30 May 2026 11:34:07 +0800
Subject: [PATCH 149/283] fix: honor search api key env override

---
 crates/tui/src/config.rs           | 24 ++++++++++++++++++++++++
 crates/tui/src/tools/web_search.rs |  1 -
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 03c19344..81fd0e75 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -2855,6 +2855,14 @@ fn apply_env_overrides(config: &mut Config) {
     if let Ok(value) = std::env::var("DEEPSEEK_MANAGED_CONFIG_PATH") {
         config.managed_config_path = Some(value);
     }
+    if let Ok(value) = std::env::var("DEEPSEEK_SEARCH_API_KEY")
+        && !value.trim().is_empty()
+    {
+        config
+            .search
+            .get_or_insert_with(SearchConfig::default)
+            .api_key = Some(value);
+    }
     if let Ok(value) = std::env::var("DEEPSEEK_REQUIREMENTS_PATH") {
         config.requirements_path = Some(value);
     }
@@ -4392,6 +4400,22 @@ mod tests {
         assert_eq!(resolution.source, SearchProviderSource::EnvOverride);
     }
 
+    #[test]
+    fn apply_env_overrides_sets_search_api_key() {
+        let _guard = lock_test_env();
+        let prev = env::var_os("DEEPSEEK_SEARCH_API_KEY");
+        unsafe { env::set_var("DEEPSEEK_SEARCH_API_KEY", "search-env-key") };
+        let mut config = Config::default();
+
+        apply_env_overrides(&mut config);
+
+        unsafe { EnvGuard::restore_var("DEEPSEEK_SEARCH_API_KEY", prev) };
+        assert_eq!(
+            config.search.and_then(|search| search.api_key),
+            Some("search-env-key".to_string())
+        );
+    }
+
     #[test]
     fn search_provider_resolution_ignores_invalid_env_override() {
         let _guard = lock_test_env();
diff --git a/crates/tui/src/tools/web_search.rs b/crates/tui/src/tools/web_search.rs
index 071cb098..b4fd04d8 100644
--- a/crates/tui/src/tools/web_search.rs
+++ b/crates/tui/src/tools/web_search.rs
@@ -692,7 +692,6 @@ impl WebSearchTool {
 
         let resp = client
             .post(BAIDU_ENDPOINT)
-            .header("Content-Type", "application/json")
             .header("Authorization", format!("Bearer {api_key}"))
             .json(&payload)
             .send()

From 1379d354e42227295d06fde69789011dc2259ff2 Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Sat, 30 May 2026 07:43:51 +0800
Subject: [PATCH 150/283]   fix(provider): name DeepSeek in provider help text

  Replace the incorrect CodeWhale backend example in /provider help text with DeepSeek.

  CodeWhale is the app name, while deepseek is the actual provider id accepted by /provider.
  Add a regression test for shipped locale descriptions.
---
 crates/tui/src/localization.rs | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index 21809260..7cba0b4a 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -959,7 +959,7 @@ fn english(id: MessageId) -> &'static str {
         MessageId::CmdNoteDescription => "Add, list, edit, or remove workspace notes",
         MessageId::CmdThemeDescription => "Switch theme or open the theme picker",
         MessageId::CmdProviderDescription => {
-            "Switch or view the active LLM backend (codewhale | nvidia-nim | ollama)"
+            "Switch or view the active LLM backend (deepseek | nvidia-nim | ollama)"
         }
         MessageId::CmdQueueDescription => "View or edit queued messages",
         MessageId::CmdRecallDescription => "Search prior cycle archives (BM25 over message text)",
@@ -1346,7 +1346,7 @@ fn japanese(id: MessageId) -> Option<&'static str> {
             "テーマを切り替え（ダーク/ライト/グレースケール/システム）"
         }
         MessageId::CmdProviderDescription => {
-            "現在の LLM バックエンドを切り替え・確認（codewhale | nvidia-nim | ollama）"
+            "現在の LLM バックエンドを切り替え・確認（deepseek | nvidia-nim | ollama）"
         }
         MessageId::CmdQueueDescription => "キューされたメッセージを確認・編集",
         MessageId::CmdRecallDescription => {
@@ -1692,7 +1692,7 @@ fn chinese_simplified(id: MessageId) -> Option<&'static str> {
         MessageId::CmdNoteDescription => "添加、列出、编辑或删除工作区笔记",
         MessageId::CmdThemeDescription => "切换主题：深色、浅色、灰度或系统",
         MessageId::CmdProviderDescription => {
-            "切换或查看当前 LLM 后端（codewhale | nvidia-nim | ollama）"
+            "切换或查看当前 LLM 后端（deepseek | nvidia-nim | ollama）"
         }
         MessageId::CmdQueueDescription => "查看或编辑已排队的消息",
         MessageId::CmdRecallDescription => "搜索此前的循环归档（基于消息文本的 BM25 检索）",
@@ -2022,7 +2022,7 @@ fn portuguese_brazil(id: MessageId) -> Option<&'static str> {
         MessageId::CmdNoteDescription => "Adicionar, listar, editar ou remover notas do workspace",
         MessageId::CmdThemeDescription => "Alternar tema: escuro, claro, tons de cinza ou sistema",
         MessageId::CmdProviderDescription => {
-            "Trocar ou exibir o backend LLM ativo (codewhale | nvidia-nim | ollama)"
+            "Trocar ou exibir o backend LLM ativo (deepseek | nvidia-nim | ollama)"
         }
         MessageId::CmdQueueDescription => "Ver ou editar mensagens enfileiradas",
         MessageId::CmdRecallDescription => {
@@ -2414,7 +2414,7 @@ fn spanish_latin_america(id: MessageId) -> Option<&'static str> {
         MessageId::CmdNoteDescription => "Agregar nota al archivo persistente (.deepseek/notes.md)",
         MessageId::CmdThemeDescription => "Alternar entre tema claro y oscuro",
         MessageId::CmdProviderDescription => {
-            "Cambiar o mostrar el backend LLM activo (codewhale | nvidia-nim | ollama)"
+            "Cambiar o mostrar el backend LLM activo (deepseek | nvidia-nim | ollama)"
         }
         MessageId::CmdQueueDescription => "Ver o editar mensajes en cola",
         MessageId::CmdRecallDescription => {
@@ -2770,6 +2770,23 @@ mod tests {
         );
     }
 
+    #[test]
+    fn provider_description_names_deepseek_backend() {
+        for locale in Locale::shipped() {
+            let description = tr(*locale, MessageId::CmdProviderDescription);
+            assert!(
+                description.contains("deepseek"),
+                "{} provider description should mention deepseek: {description}",
+                locale.tag()
+            );
+            assert!(
+                !description.contains("codewhale |"),
+                "{} provider description should not name codewhale as a backend: {description}",
+                locale.tag()
+            );
+        }
+    }
+
     #[test]
     fn width_truncation_handles_cjk_rtl_indic_and_latin_samples() {
         let samples = [

From b669ee7b94ab3af08927d216c7ad5ca3719fff51 Mon Sep 17 00:00:00 2001
From: jayzhu <jay.l.zhu@foxmail.com>
Date: Thu, 28 May 2026 21:05:31 +0800
Subject: [PATCH 151/283] fix: update terminal tab title from 'DeepSeek TUI' to
 'CodeWhale'

---
 crates/tui/src/core/engine/turn_loop.rs | 2 +-
 crates/tui/src/tui/notifications.rs     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index f9df1795..f9729753 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -23,7 +23,7 @@ impl Engine {
         // Signal to the terminal / taskbar that a turn is in progress
         // (OSC 9 ; 4 indeterminate progress + title spinner).
         crate::tui::notifications::set_taskbar_progress_busy();
-        crate::tui::notifications::start_title_animation("DeepSeek TUI");
+        crate::tui::notifications::start_title_animation("CodeWhale");
 
         let client = self
             .deepseek_client
diff --git a/crates/tui/src/tui/notifications.rs b/crates/tui/src/tui/notifications.rs
index 4db152fe..6461046d 100644
--- a/crates/tui/src/tui/notifications.rs
+++ b/crates/tui/src/tui/notifications.rs
@@ -315,7 +315,7 @@ pub fn stop_title_animation() {
     // terminal-level visual indicator (flash/icon).
     let mode = COMPLETION_SOUND_MODE.load(Ordering::SeqCst);
     if mode == 1 {
-        set_terminal_title("✅ DeepSeek TUI");
+        set_terminal_title("✅ CodeWhale");
     }
     play_completion_sound();
 }
@@ -326,7 +326,7 @@ pub fn stop_title_animation() {
 /// marker doesn't persist once the user is back at the terminal.
 pub fn reset_title_on_interaction() {
     if COMPLETION_MARKER_SHOWN.swap(false, Ordering::SeqCst) {
-        set_terminal_title("DeepSeek TUI");
+        set_terminal_title("CodeWhale");
     }
 }
 

From 5de174ac8bf9786ee9acbaba9d11988b9c13e5d2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 May 2026 21:31:41 +0000
Subject: [PATCH 152/283] chore(deps): bump tar in the cargo group across 1
 directory

Bumps the cargo group with 1 update in the / directory: [tar](https://github.com/composefs/tar-rs).


Updates `tar` from 0.4.45 to 0.4.46
- [Release notes](https://github.com/composefs/tar-rs/releases)
- [Commits](https://github.com/composefs/tar-rs/compare/0.4.45...0.4.46)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 0.4.46
  dependency-type: direct:production
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 83777fd1..239d0518 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4912,9 +4912,9 @@ dependencies = [
 
 [[package]]
 name = "tar"
-version = "0.4.45"
+version = "0.4.46"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22692a6476a21fa75fdfc11d452fda482af402c008cdbaf3476414e122040973"
+checksum = "3f6221d9a6003c78398e3b239969f352578258df48c8eb051caadae0015bc840"
 dependencies = [
  "filetime",
  "libc",

From 0a97f18e781442a444661a30750d829c4a2e8a6b Mon Sep 17 00:00:00 2001
From: cyq <15000851237@163.com>
Date: Sat, 30 May 2026 09:22:49 +0800
Subject: [PATCH 153/283] test(tui): make composer history flush deterministic

---
 crates/tui/src/composer_history.rs | 96 +++++++++++++++++++-----------
 1 file changed, 61 insertions(+), 35 deletions(-)

diff --git a/crates/tui/src/composer_history.rs b/crates/tui/src/composer_history.rs
index 4f8bb1ce..12741f30 100644
--- a/crates/tui/src/composer_history.rs
+++ b/crates/tui/src/composer_history.rs
@@ -79,29 +79,44 @@ pub fn append_history(entry: &str) {
 /// write if the channel send fails) so callers never block on disk I/O.
 fn append_history_dispatched(path: &Path, entry: &str) {
     let entry = entry.to_string();
-    if writer_sender()
-        .send((path.to_path_buf(), entry.clone()))
-        .is_err()
-    {
-        append_history_to(path, &entry);
+    if let Err(err) = writer_sender().send(HistoryWrite::Append(path.to_path_buf(), entry)) {
+        match err.0 {
+            HistoryWrite::Append(path, entry) => append_history_to(&path, &entry),
+            #[cfg(test)]
+            HistoryWrite::Flush(_) => unreachable!("flush messages are only sent by tests"),
+        }
     }
 }
 
+enum HistoryWrite {
+    Append(PathBuf, String),
+    #[cfg(test)]
+    Flush(Sender<()>),
+}
+
 /// Lazy singleton sender for the dedicated composer-history writer
 /// thread. Initialised on first use; the thread runs for the lifetime
 /// of the process and drains queued writes in arrival order.
-fn writer_sender() -> &'static Sender<(PathBuf, String)> {
-    static SENDER: OnceLock<Sender<(PathBuf, String)>> = OnceLock::new();
+fn writer_sender() -> &'static Sender<HistoryWrite> {
+    static SENDER: OnceLock<Sender<HistoryWrite>> = OnceLock::new();
     SENDER.get_or_init(|| {
-        let (tx, rx) = channel::<(PathBuf, String)>();
+        let (tx, rx) = channel::<HistoryWrite>();
         let spawn_result = std::thread::Builder::new()
             .name("composer-history-writer".to_string())
             .spawn(move || {
                 // recv() returns Err when all senders have dropped, which
                 // only happens at process shutdown because the singleton
                 // sender lives in a static for the lifetime of the process.
-                while let Ok(first) = rx.recv() {
-                    append_history_batch(&rx, first);
+                while let Ok(message) = rx.recv() {
+                    match message {
+                        HistoryWrite::Append(path, entry) => {
+                            append_history_batch(&rx, (path, entry));
+                        }
+                        #[cfg(test)]
+                        HistoryWrite::Flush(done) => {
+                            let _ = done.send(());
+                        }
+                    }
                 }
             });
         if let Err(err) = spawn_result {
@@ -111,12 +126,19 @@ fn writer_sender() -> &'static Sender<(PathBuf, String)> {
     })
 }
 
-fn append_history_batch(rx: &Receiver<(PathBuf, String)>, first: (PathBuf, String)) {
+fn append_history_batch(rx: &Receiver<HistoryWrite>, first: (PathBuf, String)) {
     let mut pending = vec![first];
+    #[cfg(test)]
+    let mut flush = None;
 
     loop {
         match rx.recv_timeout(Duration::from_millis(2)) {
-            Ok(next) => pending.push(next),
+            Ok(HistoryWrite::Append(path, entry)) => pending.push((path, entry)),
+            #[cfg(test)]
+            Ok(HistoryWrite::Flush(done)) => {
+                flush = Some(done);
+                break;
+            }
             Err(RecvTimeoutError::Timeout) => break,
             Err(RecvTimeoutError::Disconnected) => break,
         }
@@ -125,6 +147,11 @@ fn append_history_batch(rx: &Receiver<(PathBuf, String)>, first: (PathBuf, Strin
     for (path, entries) in group_history_writes_by_path(pending) {
         append_history_entries_to(&path, entries.iter().map(String::as_str));
     }
+
+    #[cfg(test)]
+    if let Some(done) = flush {
+        let _ = done.send(());
+    }
 }
 
 fn group_history_writes_by_path(writes: Vec<(PathBuf, String)>) -> Vec<(PathBuf, Vec<String>)> {
@@ -201,6 +228,7 @@ fn append_history_entries_to<'a>(
 #[cfg(test)]
 mod tests {
     use super::*;
+    use std::time::{Duration, Instant};
 
     /// Tests use the path-injecting `*_from` / `*_to` helpers so they
     /// don't have to mutate `HOME` (which is not honored by
@@ -213,6 +241,16 @@ mod tests {
         (tmp, path)
     }
 
+    fn flush_history_writer_for_tests(timeout: Duration) {
+        let (done_tx, done_rx) = channel();
+        writer_sender()
+            .send(HistoryWrite::Flush(done_tx))
+            .expect("history writer accepts flush");
+        done_rx
+            .recv_timeout(timeout)
+            .expect("history writer flush timed out");
+    }
+
     #[test]
     fn append_and_load_round_trip() {
         let (_tmp, path) = temp_history_path();
@@ -283,8 +321,6 @@ mod tests {
     /// stall the user reports.
     #[test]
     fn append_history_dispatched_does_not_block_the_caller() {
-        use std::time::{Duration, Instant};
-
         let (_tmp, path) = temp_history_path();
         // Seed close to the cap so a synchronous rewrite is non-trivial.
         let seed = (0..(MAX_HISTORY_ENTRIES - 50))
@@ -311,26 +347,16 @@ mod tests {
              (likely re-introduced #1927: caller blocked on disk write)"
         );
 
-        // Give the writer thread time to drain the queue, then verify the
-        // new entries landed.
-        // Use 10s on Windows (slow CI I/O) vs 5s on other platforms.
-        let deadline = Instant::now() + Duration::from_secs(if cfg!(windows) { 10 } else { 5 });
-        loop {
-            let loaded = load_history_from(&path);
-            if loaded.iter().any(|line| line == "new entry 49") {
-                // Last dispatched entry observed; queue is drained.
-                assert!(loaded.iter().any(|line| line == "new entry 0"));
-                break;
-            }
-            if Instant::now() >= deadline {
-                panic!(
-                    "writer thread did not persist the dispatched entries; \
-                     loaded {} entries, last = {:?}",
-                    loaded.len(),
-                    loaded.last()
-                );
-            }
-            std::thread::sleep(Duration::from_millis(25));
-        }
+        flush_history_writer_for_tests(Duration::from_secs(if cfg!(windows) { 10 } else { 5 }));
+
+        let loaded = load_history_from(&path);
+        assert!(
+            loaded.iter().any(|line| line == "new entry 49"),
+            "writer thread did not persist the dispatched entries; \
+             loaded {} entries, last = {:?}",
+            loaded.len(),
+            loaded.last()
+        );
+        assert!(loaded.iter().any(|line| line == "new entry 0"));
     }
 }

From 76089db1dc84374ac4635a314d1d006f57aae535 Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Fri, 29 May 2026 22:16:08 +0800
Subject: [PATCH 154/283]   fix(mcp): avoid nested runtime panic on stdio
 shutdown

  Run the stdio MCP server inside a blocking section when launched from the async CLI entrypoint.

  This prevents Tokio from panicking when the MCP server's internal runtime is dropped after stdin closes.
---
 crates/tui/src/main.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 99579eac..8bc03acc 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -934,7 +934,7 @@ async fn main() -> Result<()> {
                     bail!("Choose exactly one server mode: --mcp, --http, or --acp");
                 }
                 if args.mcp {
-                    mcp_server::run_mcp_server(workspace)
+                    tokio::task::block_in_place(|| mcp_server::run_mcp_server(workspace))
                 } else if args.http {
                     let config = load_config_from_cli(&cli)?;
                     let cors_origins = resolve_cors_origins(&config, &args.cors_origin);

From 4bacda64fc0fdd18bf5c837b7611bad310e86007 Mon Sep 17 00:00:00 2001
From: Nightt <87569709+nightt5879@users.noreply.github.com>
Date: Fri, 29 May 2026 11:46:49 +0800
Subject: [PATCH 155/283] fix(tools): raise tool search default results

---
 crates/tui/src/core/engine.rs              |  2 +-
 crates/tui/src/core/engine/tests.rs        | 90 ++++++++++++++++++++++
 crates/tui/src/core/engine/tool_catalog.rs | 51 +++++++++---
 3 files changed, 132 insertions(+), 11 deletions(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index 02737eb7..be48a804 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -2115,7 +2115,7 @@ use self::tool_catalog::{
 };
 #[cfg(test)]
 use self::tool_catalog::{
-    TOOL_SEARCH_BM25_NAME, maybe_activate_requested_deferred_tool,
+    TOOL_SEARCH_BM25_NAME, TOOL_SEARCH_REGEX_NAME, maybe_activate_requested_deferred_tool,
     preflight_requested_deferred_tool, should_default_defer_tool,
 };
 use self::tool_execution::emit_tool_audit;
diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index b0294be2..b92f4faf 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -2097,6 +2097,96 @@ fn tool_search_activates_discovered_deferred_tools() {
     assert!(active.contains("read_file"));
 }
 
+fn tool_search_catalog_with_matches(count: usize) -> Vec<Tool> {
+    let mut catalog = (0..count)
+        .map(|idx| Tool {
+            tool_type: None,
+            name: format!("matching_tool_{idx:03}"),
+            description: "Matching deferred test tool".to_string(),
+            input_schema: json!({"type":"object","properties":{"query":{"type":"string"}}}),
+            allowed_callers: Some(vec!["direct".to_string()]),
+            defer_loading: Some(true),
+            input_examples: None,
+            strict: None,
+            cache_control: None,
+        })
+        .collect::<Vec<_>>();
+    let always_load = HashSet::new();
+    ensure_advanced_tooling(&mut catalog, AppMode::Agent, &always_load);
+    catalog
+}
+
+fn tool_search_reference_count(result: &ToolResult) -> usize {
+    result
+        .metadata
+        .as_ref()
+        .and_then(|metadata| metadata.get("tool_references"))
+        .and_then(|references| references.as_array())
+        .map_or(0, Vec::len)
+}
+
+#[test]
+fn tool_search_defaults_to_twenty_results_for_regex_and_bm25() {
+    let catalog = tool_search_catalog_with_matches(25);
+
+    for tool_name in [TOOL_SEARCH_REGEX_NAME, TOOL_SEARCH_BM25_NAME] {
+        let mut active = initial_active_tools(&catalog);
+        let result = execute_tool_search(
+            tool_name,
+            &json!({"query":"matching"}),
+            &catalog,
+            &mut active,
+        )
+        .expect("search succeeds");
+
+        assert_eq!(tool_search_reference_count(&result), 20);
+    }
+}
+
+#[test]
+fn tool_search_respects_and_caps_max_results() {
+    let catalog = tool_search_catalog_with_matches(120);
+
+    let mut active = initial_active_tools(&catalog);
+    let limited = execute_tool_search(
+        TOOL_SEARCH_BM25_NAME,
+        &json!({"query":"matching","max_results":7}),
+        &catalog,
+        &mut active,
+    )
+    .expect("search succeeds");
+    assert_eq!(tool_search_reference_count(&limited), 7);
+
+    let mut active = initial_active_tools(&catalog);
+    let capped = execute_tool_search(
+        TOOL_SEARCH_REGEX_NAME,
+        &json!({"query":"matching","max_results":999}),
+        &catalog,
+        &mut active,
+    )
+    .expect("search succeeds");
+    assert_eq!(tool_search_reference_count(&capped), 100);
+}
+
+#[test]
+fn tool_search_schema_exposes_max_results_default_and_cap() {
+    let mut catalog = Vec::new();
+    let always_load = HashSet::new();
+    ensure_advanced_tooling(&mut catalog, AppMode::Agent, &always_load);
+
+    for tool_name in [TOOL_SEARCH_REGEX_NAME, TOOL_SEARCH_BM25_NAME] {
+        let tool = catalog
+            .iter()
+            .find(|tool| tool.name == tool_name)
+            .expect("tool search definition exists");
+        let schema = &tool.input_schema["properties"]["max_results"];
+
+        assert_eq!(schema["default"], 20);
+        assert_eq!(schema["maximum"], 100);
+        assert_eq!(schema["minimum"], 1);
+    }
+}
+
 #[tokio::test]
 async fn code_execution_runs_python_and_returns_result_payload() {
     let tmp = tempdir().expect("tempdir");
diff --git a/crates/tui/src/core/engine/tool_catalog.rs b/crates/tui/src/core/engine/tool_catalog.rs
index 65b194ce..474abc36 100644
--- a/crates/tui/src/core/engine/tool_catalog.rs
+++ b/crates/tui/src/core/engine/tool_catalog.rs
@@ -12,7 +12,7 @@ use std::time::Duration;
 use serde_json::{Value, json};
 
 use crate::models::Tool;
-use crate::tools::spec::{ToolError, ToolResult, required_str};
+use crate::tools::spec::{ToolError, ToolResult, optional_u64, required_str};
 use crate::tui::app::AppMode;
 
 pub(super) const MULTI_TOOL_PARALLEL_NAME: &str = "multi_tool_use.parallel";
@@ -20,10 +20,12 @@ pub(super) const REQUEST_USER_INPUT_NAME: &str = "request_user_input";
 pub(super) const CODE_EXECUTION_TOOL_NAME: &str = "code_execution";
 const CODE_EXECUTION_TOOL_TYPE: &str = "code_execution_20250825";
 pub(super) use crate::tools::js_execution::JS_EXECUTION_TOOL_NAME;
-const TOOL_SEARCH_REGEX_NAME: &str = "tool_search_tool_regex";
+pub(super) const TOOL_SEARCH_REGEX_NAME: &str = "tool_search_tool_regex";
 const TOOL_SEARCH_REGEX_TYPE: &str = "tool_search_tool_regex_20251119";
 pub(super) const TOOL_SEARCH_BM25_NAME: &str = "tool_search_tool_bm25";
 const TOOL_SEARCH_BM25_TYPE: &str = "tool_search_tool_bm25_20251119";
+const TOOL_SEARCH_DEFAULT_MAX_RESULTS: usize = 20;
+const TOOL_SEARCH_MAX_RESULTS_LIMIT: usize = 100;
 
 pub(super) fn is_tool_search_tool(name: &str) -> bool {
     matches!(name, TOOL_SEARCH_REGEX_NAME | TOOL_SEARCH_BM25_NAME)
@@ -178,7 +180,14 @@ pub(super) fn ensure_advanced_tooling(
             input_schema: json!({
                 "type": "object",
                 "properties": {
-                    "query": { "type": "string", "description": "Regex pattern to search tool names/descriptions/schema." }
+                    "query": { "type": "string", "description": "Regex pattern to search tool names/descriptions/schema." },
+                    "max_results": {
+                        "type": "integer",
+                        "minimum": 1,
+                        "maximum": TOOL_SEARCH_MAX_RESULTS_LIMIT,
+                        "default": TOOL_SEARCH_DEFAULT_MAX_RESULTS,
+                        "description": "Maximum number of matching tool references to return."
+                    }
                 },
                 "required": ["query"]
             }),
@@ -198,7 +207,14 @@ pub(super) fn ensure_advanced_tooling(
             input_schema: json!({
                 "type": "object",
                 "properties": {
-                    "query": { "type": "string", "description": "Natural language query for tool discovery." }
+                    "query": { "type": "string", "description": "Natural language query for tool discovery." },
+                    "max_results": {
+                        "type": "integer",
+                        "minimum": 1,
+                        "maximum": TOOL_SEARCH_MAX_RESULTS_LIMIT,
+                        "default": TOOL_SEARCH_DEFAULT_MAX_RESULTS,
+                        "description": "Maximum number of matching tool references to return."
+                    }
                 },
                 "required": ["query"]
             }),
@@ -280,7 +296,11 @@ fn tool_search_haystack(tool: &Tool) -> String {
     )
 }
 
-fn discover_tools_with_regex(catalog: &[Tool], query: &str) -> Result<Vec<String>, ToolError> {
+fn discover_tools_with_regex(
+    catalog: &[Tool],
+    query: &str,
+    max_results: usize,
+) -> Result<Vec<String>, ToolError> {
     let regex = regex::Regex::new(query)
         .map_err(|err| ToolError::invalid_input(format!("Invalid regex query: {err}")))?;
 
@@ -293,14 +313,14 @@ fn discover_tools_with_regex(catalog: &[Tool], query: &str) -> Result<Vec<String
         if regex.is_match(&hay) {
             matches.push(tool.name.clone());
         }
-        if matches.len() >= 5 {
+        if matches.len() >= max_results {
             break;
         }
     }
     Ok(matches)
 }
 
-fn discover_tools_with_bm25_like(catalog: &[Tool], query: &str) -> Vec<String> {
+fn discover_tools_with_bm25_like(catalog: &[Tool], query: &str, max_results: usize) -> Vec<String> {
     let terms: Vec<String> = query
         .split_whitespace()
         .map(|term| term.trim().to_lowercase())
@@ -330,7 +350,11 @@ fn discover_tools_with_bm25_like(catalog: &[Tool], query: &str) -> Vec<String> {
         }
     }
     scored.sort_by(|a, b| b.0.cmp(&a.0).then_with(|| a.1.cmp(&b.1)));
-    scored.into_iter().take(5).map(|(_, name)| name).collect()
+    scored
+        .into_iter()
+        .take(max_results)
+        .map(|(_, name)| name)
+        .collect()
 }
 
 fn edit_distance(a: &str, b: &str) -> usize {
@@ -645,10 +669,17 @@ pub(super) fn execute_tool_search(
     active_tools: &mut HashSet<String>,
 ) -> Result<ToolResult, ToolError> {
     let query = required_str(input, "query")?;
+    let max_results = usize::try_from(optional_u64(
+        input,
+        "max_results",
+        TOOL_SEARCH_DEFAULT_MAX_RESULTS as u64,
+    ))
+    .unwrap_or(TOOL_SEARCH_DEFAULT_MAX_RESULTS)
+    .clamp(1, TOOL_SEARCH_MAX_RESULTS_LIMIT);
     let discovered = if tool_name == TOOL_SEARCH_REGEX_NAME {
-        discover_tools_with_regex(catalog, query)?
+        discover_tools_with_regex(catalog, query, max_results)?
     } else {
-        discover_tools_with_bm25_like(catalog, query)
+        discover_tools_with_bm25_like(catalog, query, max_results)
     };
 
     for name in &discovered {

From d58f10102ace58a7dd0246fc0f5830db4bf95198 Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Thu, 28 May 2026 18:49:44 +0800
Subject: [PATCH 156/283]   fix(composer): allow slash-space messages

  Treat inputs like `/ hello` as plain user messages instead of slash commands.
  This lets users start a message with a literal slash while preserving normal
  slash command behavior for `/help`, `/model ...`, and other commands.
---
 crates/tui/src/tui/app.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 3c49df0e..47193855 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -86,6 +86,9 @@ pub(crate) fn looks_like_slash_command_input(input: &str) -> bool {
     let Some(rest) = input.trim_start().strip_prefix('/') else {
         return false;
     };
+    if rest.chars().next().is_some_and(|ch| ch.is_whitespace()) {
+        return false;
+    }
     let Some(command) = rest.split_whitespace().next() else {
         return rest.is_empty();
     };
@@ -5010,6 +5013,8 @@ mod tests {
         assert!(looks_like_slash_command_input("/"));
         assert!(looks_like_slash_command_input("/help"));
         assert!(looks_like_slash_command_input("/model deepseek-v4-pro"));
+        assert!(!looks_like_slash_command_input("/ hello"));
+        assert!(!looks_like_slash_command_input("  / hello"));
         assert!(!looks_like_slash_command_input(
             "/usr/lib/x86_64-linux-gnu/ 是标准路径吗？"
         ));

From e2d6d2253ad94a65527d38d5f0f590ed22fcf996 Mon Sep 17 00:00:00 2001
From: jayzhu <jay.l.zhu@foxmail.com>
Date: Thu, 28 May 2026 22:06:04 +0800
Subject: [PATCH 157/283] fix(i18n): localize right-click context menu labels
 and descriptions

The right-click context menu rendered all entries in English regardless of ui_locale. Added 26 MessageId variants with translations for en, ja, zh-Hans, zh-Hant, pt-BR, es-419. ContextMenuView now accepts a localized title. build_context_menu_entries() uses app.tr() instead of hardcoded strings.
---
 crates/tui/src/localization.rs     | 182 +++++++++++++++++++++++++++++
 crates/tui/src/tui/context_menu.rs |  15 ++-
 crates/tui/src/tui/mouse_ui.rs     |  59 +++++-----
 3 files changed, 227 insertions(+), 29 deletions(-)

diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index 7cba0b4a..e0c30cea 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -455,6 +455,32 @@ pub enum MessageId {
     OnboardTipsLine4,
     OnboardTipsFooterEnter,
     OnboardTipsFooterAction,
+    // Context menu.
+    CtxMenuTitle,
+    CtxMenuCopySelection,
+    CtxMenuCopySelectionDesc,
+    CtxMenuOpenSelection,
+    CtxMenuOpenSelectionDesc,
+    CtxMenuClearSelection,
+    CtxMenuOpenDetails,
+    CtxMenuCopyMessage,
+    CtxMenuCopyMessageDesc,
+    CtxMenuOpenInEditor,
+    CtxMenuOpenInEditorDesc,
+    CtxMenuShowCell,
+    CtxMenuShowCellDesc,
+    CtxMenuHideCell,
+    CtxMenuHideCellDesc,
+    CtxMenuShowHidden,
+    CtxMenuShowHiddenDesc,
+    CtxMenuPaste,
+    CtxMenuPasteDesc,
+    CtxMenuCmdPalette,
+    CtxMenuCmdPaletteDesc,
+    CtxMenuContextInspector,
+    CtxMenuContextInspectorDesc,
+    CtxMenuHelp,
+    CtxMenuHelpDesc,
 }
 
 #[allow(dead_code)]
@@ -690,6 +716,32 @@ pub const ALL_MESSAGE_IDS: &[MessageId] = &[
     MessageId::OnboardTipsLine4,
     MessageId::OnboardTipsFooterEnter,
     MessageId::OnboardTipsFooterAction,
+    // Context menu.
+    MessageId::CtxMenuTitle,
+    MessageId::CtxMenuCopySelection,
+    MessageId::CtxMenuCopySelectionDesc,
+    MessageId::CtxMenuOpenSelection,
+    MessageId::CtxMenuOpenSelectionDesc,
+    MessageId::CtxMenuClearSelection,
+    MessageId::CtxMenuOpenDetails,
+    MessageId::CtxMenuCopyMessage,
+    MessageId::CtxMenuCopyMessageDesc,
+    MessageId::CtxMenuOpenInEditor,
+    MessageId::CtxMenuOpenInEditorDesc,
+    MessageId::CtxMenuShowCell,
+    MessageId::CtxMenuShowCellDesc,
+    MessageId::CtxMenuHideCell,
+    MessageId::CtxMenuHideCellDesc,
+    MessageId::CtxMenuShowHidden,
+    MessageId::CtxMenuShowHiddenDesc,
+    MessageId::CtxMenuPaste,
+    MessageId::CtxMenuPasteDesc,
+    MessageId::CtxMenuCmdPalette,
+    MessageId::CtxMenuCmdPaletteDesc,
+    MessageId::CtxMenuContextInspector,
+    MessageId::CtxMenuContextInspectorDesc,
+    MessageId::CtxMenuHelp,
+    MessageId::CtxMenuHelpDesc,
 ];
 
 pub fn tr(locale: Locale, id: MessageId) -> &'static str {
@@ -1218,6 +1270,32 @@ fn english(id: MessageId) -> &'static str {
         }
         MessageId::OnboardTipsFooterEnter => "Press Enter",
         MessageId::OnboardTipsFooterAction => " to open the workspace",
+        // Context menu.
+        MessageId::CtxMenuTitle => " Right click ",
+        MessageId::CtxMenuCopySelection => "Copy selection",
+        MessageId::CtxMenuCopySelectionDesc => "write selected transcript text",
+        MessageId::CtxMenuOpenSelection => "Open selection",
+        MessageId::CtxMenuOpenSelectionDesc => "show selected text in pager",
+        MessageId::CtxMenuClearSelection => "Clear selection",
+        MessageId::CtxMenuOpenDetails => "Open details",
+        MessageId::CtxMenuCopyMessage => "Copy message",
+        MessageId::CtxMenuCopyMessageDesc => "write clicked transcript cell",
+        MessageId::CtxMenuOpenInEditor => "Open in editor",
+        MessageId::CtxMenuOpenInEditorDesc => "open file:line in $EDITOR",
+        MessageId::CtxMenuShowCell => "Show cell",
+        MessageId::CtxMenuShowCellDesc => "unhide this transcript cell",
+        MessageId::CtxMenuHideCell => "Hide cell",
+        MessageId::CtxMenuHideCellDesc => "collapse this transcript cell",
+        MessageId::CtxMenuShowHidden => "Show hidden",
+        MessageId::CtxMenuShowHiddenDesc => "unhide all collapsed cells",
+        MessageId::CtxMenuPaste => "Paste",
+        MessageId::CtxMenuPasteDesc => "insert clipboard into composer",
+        MessageId::CtxMenuCmdPalette => "Command palette",
+        MessageId::CtxMenuCmdPaletteDesc => "commands, skills, and tools",
+        MessageId::CtxMenuContextInspector => "Context inspector",
+        MessageId::CtxMenuContextInspectorDesc => "active context and cache hints",
+        MessageId::CtxMenuHelp => "Help",
+        MessageId::CtxMenuHelpDesc => "keybindings and commands",
     }
 }
 
@@ -1606,6 +1684,32 @@ fn japanese(id: MessageId) -> Option<&'static str> {
         }
         MessageId::OnboardTipsFooterEnter => "Enter を押す",
         MessageId::OnboardTipsFooterAction => " とワークスペースが開きます",
+        // Context menu.
+        MessageId::CtxMenuTitle => " 右クリック ",
+        MessageId::CtxMenuCopySelection => "選択をコピー",
+        MessageId::CtxMenuCopySelectionDesc => "選択したトランスクリプトのテキストを書き込む",
+        MessageId::CtxMenuOpenSelection => "選択を開く",
+        MessageId::CtxMenuOpenSelectionDesc => "選択したテキストをページャで表示",
+        MessageId::CtxMenuClearSelection => "選択を解除",
+        MessageId::CtxMenuOpenDetails => "詳細を開く",
+        MessageId::CtxMenuCopyMessage => "メッセージをコピー",
+        MessageId::CtxMenuCopyMessageDesc => "クリックしたトランスクリプトセルを書き込む",
+        MessageId::CtxMenuOpenInEditor => "エディタで開く",
+        MessageId::CtxMenuOpenInEditorDesc => "$EDITOR で file:line を開く",
+        MessageId::CtxMenuShowCell => "セルを表示",
+        MessageId::CtxMenuShowCellDesc => "このトランスクリプトセルを再表示",
+        MessageId::CtxMenuHideCell => "セルを隠す",
+        MessageId::CtxMenuHideCellDesc => "このトランスクリプトセルを折りたたむ",
+        MessageId::CtxMenuShowHidden => "非表示を表示",
+        MessageId::CtxMenuShowHiddenDesc => "すべての折りたたまれたセルを再表示",
+        MessageId::CtxMenuPaste => "貼り付け",
+        MessageId::CtxMenuPasteDesc => "クリップボードをコンポーザに挿入",
+        MessageId::CtxMenuCmdPalette => "コマンドパレット",
+        MessageId::CtxMenuCmdPaletteDesc => "コマンド、スキル、ツール",
+        MessageId::CtxMenuContextInspector => "コンテキストインスペクタ",
+        MessageId::CtxMenuContextInspectorDesc => "アクティブなコンテキストとキャッシュヒント",
+        MessageId::CtxMenuHelp => "ヘルプ",
+        MessageId::CtxMenuHelpDesc => "キー操作とコマンド",
     })
 }
 
@@ -1914,6 +2018,32 @@ fn chinese_simplified(id: MessageId) -> Option<&'static str> {
         MessageId::OnboardTipsLine4 => "Ctrl+R 恢复历史会话，Esc 退出当前输入或弹层。",
         MessageId::OnboardTipsFooterEnter => "按 Enter",
         MessageId::OnboardTipsFooterAction => " 进入工作区",
+        // Context menu.
+        MessageId::CtxMenuTitle => " 右键菜单 ",
+        MessageId::CtxMenuCopySelection => "复制所选",
+        MessageId::CtxMenuCopySelectionDesc => "将选中的记录区域文本写入剪贴板",
+        MessageId::CtxMenuOpenSelection => "打开所选",
+        MessageId::CtxMenuOpenSelectionDesc => "在翻阅器中查看选中文本",
+        MessageId::CtxMenuClearSelection => "清除选择",
+        MessageId::CtxMenuOpenDetails => "打开详情",
+        MessageId::CtxMenuCopyMessage => "复制消息",
+        MessageId::CtxMenuCopyMessageDesc => "将点击的记录条目写入剪贴板",
+        MessageId::CtxMenuOpenInEditor => "在编辑器中打开",
+        MessageId::CtxMenuOpenInEditorDesc => "在 $EDITOR 中打开 file:line",
+        MessageId::CtxMenuShowCell => "显示条目",
+        MessageId::CtxMenuShowCellDesc => "取消隐藏此记录条目",
+        MessageId::CtxMenuHideCell => "隐藏条目",
+        MessageId::CtxMenuHideCellDesc => "折叠此记录条目",
+        MessageId::CtxMenuShowHidden => "显示已隐藏",
+        MessageId::CtxMenuShowHiddenDesc => "取消隐藏所有已折叠条目",
+        MessageId::CtxMenuPaste => "粘贴",
+        MessageId::CtxMenuPasteDesc => "将剪贴板插入输入框",
+        MessageId::CtxMenuCmdPalette => "命令面板",
+        MessageId::CtxMenuCmdPaletteDesc => "命令、技能和工具",
+        MessageId::CtxMenuContextInspector => "上下文检查器",
+        MessageId::CtxMenuContextInspectorDesc => "活动上下文和缓存提示",
+        MessageId::CtxMenuHelp => "帮助",
+        MessageId::CtxMenuHelpDesc => "快捷键和命令",
     })
 }
 
@@ -2302,6 +2432,32 @@ fn portuguese_brazil(id: MessageId) -> Option<&'static str> {
         }
         MessageId::OnboardTipsFooterEnter => "Pressione Enter",
         MessageId::OnboardTipsFooterAction => " para abrir o workspace",
+        // Context menu.
+        MessageId::CtxMenuTitle => " Clique direito ",
+        MessageId::CtxMenuCopySelection => "Copiar seleção",
+        MessageId::CtxMenuCopySelectionDesc => "copiar texto selecionado da transcrição",
+        MessageId::CtxMenuOpenSelection => "Abrir seleção",
+        MessageId::CtxMenuOpenSelectionDesc => "mostrar texto selecionado no visualizador",
+        MessageId::CtxMenuClearSelection => "Limpar seleção",
+        MessageId::CtxMenuOpenDetails => "Abrir detalhes",
+        MessageId::CtxMenuCopyMessage => "Copiar mensagem",
+        MessageId::CtxMenuCopyMessageDesc => "copiar célula da transcrição clicada",
+        MessageId::CtxMenuOpenInEditor => "Abrir no editor",
+        MessageId::CtxMenuOpenInEditorDesc => "abrir file:line no $EDITOR",
+        MessageId::CtxMenuShowCell => "Mostrar célula",
+        MessageId::CtxMenuShowCellDesc => "reexibir esta célula da transcrição",
+        MessageId::CtxMenuHideCell => "Ocultar célula",
+        MessageId::CtxMenuHideCellDesc => "recolher esta célula da transcrição",
+        MessageId::CtxMenuShowHidden => "Mostrar ocultas",
+        MessageId::CtxMenuShowHiddenDesc => "reexibir todas as células recolhidas",
+        MessageId::CtxMenuPaste => "Colar",
+        MessageId::CtxMenuPasteDesc => "inserir área de transferência no compositor",
+        MessageId::CtxMenuCmdPalette => "Paleta de comandos",
+        MessageId::CtxMenuCmdPaletteDesc => "comandos, habilidades e ferramentas",
+        MessageId::CtxMenuContextInspector => "Inspetor de contexto",
+        MessageId::CtxMenuContextInspectorDesc => "contexto ativo e dicas de cache",
+        MessageId::CtxMenuHelp => "Ajuda",
+        MessageId::CtxMenuHelpDesc => "atalhos de teclado e comandos",
     })
 }
 
@@ -2696,6 +2852,32 @@ fn spanish_latin_america(id: MessageId) -> Option<&'static str> {
         }
         MessageId::OnboardTipsFooterEnter => "Presiona Enter",
         MessageId::OnboardTipsFooterAction => " para abrir el workspace",
+        // Context menu.
+        MessageId::CtxMenuTitle => " Clic derecho ",
+        MessageId::CtxMenuCopySelection => "Copiar selección",
+        MessageId::CtxMenuCopySelectionDesc => "copiar texto seleccionado de la transcripción",
+        MessageId::CtxMenuOpenSelection => "Abrir selección",
+        MessageId::CtxMenuOpenSelectionDesc => "mostrar texto seleccionado en el visor",
+        MessageId::CtxMenuClearSelection => "Limpiar selección",
+        MessageId::CtxMenuOpenDetails => "Abrir detalles",
+        MessageId::CtxMenuCopyMessage => "Copiar mensaje",
+        MessageId::CtxMenuCopyMessageDesc => "copiar celda de transcripción seleccionada",
+        MessageId::CtxMenuOpenInEditor => "Abrir en editor",
+        MessageId::CtxMenuOpenInEditorDesc => "abrir file:line en $EDITOR",
+        MessageId::CtxMenuShowCell => "Mostrar celda",
+        MessageId::CtxMenuShowCellDesc => "volver a mostrar esta celda de transcripción",
+        MessageId::CtxMenuHideCell => "Ocultar celda",
+        MessageId::CtxMenuHideCellDesc => "colapsar esta celda de transcripción",
+        MessageId::CtxMenuShowHidden => "Mostrar ocultas",
+        MessageId::CtxMenuShowHiddenDesc => "volver a mostrar todas las celdas colapsadas",
+        MessageId::CtxMenuPaste => "Pegar",
+        MessageId::CtxMenuPasteDesc => "insertar portapapeles en el compositor",
+        MessageId::CtxMenuCmdPalette => "Paleta de comandos",
+        MessageId::CtxMenuCmdPaletteDesc => "comandos, habilidades y herramientas",
+        MessageId::CtxMenuContextInspector => "Inspector de contexto",
+        MessageId::CtxMenuContextInspectorDesc => "contexto activo y sugerencias de caché",
+        MessageId::CtxMenuHelp => "Ayuda",
+        MessageId::CtxMenuHelpDesc => "atajos de teclado y comandos",
     })
 }
 
diff --git a/crates/tui/src/tui/context_menu.rs b/crates/tui/src/tui/context_menu.rs
index e897577c..20543551 100644
--- a/crates/tui/src/tui/context_menu.rs
+++ b/crates/tui/src/tui/context_menu.rs
@@ -28,16 +28,18 @@ pub struct ContextMenuView {
     column: u16,
     row: u16,
     last_rect: Cell<Option<Rect>>,
+    title: String,
 }
 
 impl ContextMenuView {
-    pub fn new(entries: Vec<ContextMenuEntry>, column: u16, row: u16) -> Self {
+    pub fn new(entries: Vec<ContextMenuEntry>, column: u16, row: u16, title: String) -> Self {
         Self {
             entries,
             selected: 0,
             column,
             row,
             last_rect: Cell::new(None),
+            title,
         }
     }
 
@@ -199,7 +201,7 @@ impl ModalView for ContextMenuView {
             .collect::<Vec<_>>();
 
         let block = Block::default()
-            .title(" Right click ")
+            .title(self.title.as_str())
             .borders(Borders::ALL)
             .border_style(Style::default().fg(palette::DEEPSEEK_SKY))
             .style(Style::default().bg(palette::SURFACE_ELEVATED))
@@ -256,6 +258,7 @@ mod tests {
             ],
             5,
             5,
+            " Right click ".to_string(),
         );
 
         view.handle_key(KeyEvent::new(KeyCode::Down, KeyModifiers::NONE));
@@ -271,7 +274,12 @@ mod tests {
 
     #[test]
     fn menu_clamps_to_render_area() {
-        let view = ContextMenuView::new(vec![entry("Paste", ContextMenuAction::Paste)], 200, 80);
+        let view = ContextMenuView::new(
+            vec![entry("Paste", ContextMenuAction::Paste)],
+            200,
+            80,
+            " Right click ".to_string(),
+        );
 
         let rect = view.menu_rect(Rect {
             x: 0,
@@ -293,6 +301,7 @@ mod tests {
             ],
             2,
             2,
+            " Right click ".to_string(),
         );
         let area = Rect {
             x: 0,
diff --git a/crates/tui/src/tui/mouse_ui.rs b/crates/tui/src/tui/mouse_ui.rs
index a22b2b61..8d742b87 100644
--- a/crates/tui/src/tui/mouse_ui.rs
+++ b/crates/tui/src/tui/mouse_ui.rs
@@ -5,6 +5,7 @@ use ratatui::layout::Rect;
 use unicode_segmentation::UnicodeSegmentation;
 use unicode_width::UnicodeWidthStr;
 
+use crate::localization::MessageId;
 use crate::tui::app::App;
 use crate::tui::command_palette::{
     CommandPaletteView, build_entries as build_command_palette_entries,
@@ -434,8 +435,13 @@ pub(crate) fn open_context_menu(app: &mut App, mouse: MouseEvent) {
     if entries.is_empty() {
         return;
     }
-    app.view_stack
-        .push(ContextMenuView::new(entries, mouse.column, mouse.row));
+    let title = app.tr(MessageId::CtxMenuTitle).to_string();
+    app.view_stack.push(ContextMenuView::new(
+        entries,
+        mouse.column,
+        mouse.row,
+        title,
+    ));
     app.needs_redraw = true;
 }
 
@@ -444,17 +450,17 @@ pub(crate) fn build_context_menu_entries(app: &App, mouse: MouseEvent) -> Vec<Co
 
     if selection_has_content(app) {
         entries.push(ContextMenuEntry {
-            label: "Copy selection".to_string(),
-            description: "write selected transcript text".to_string(),
+            label: app.tr(MessageId::CtxMenuCopySelection).to_string(),
+            description: app.tr(MessageId::CtxMenuCopySelectionDesc).to_string(),
             action: ContextMenuAction::CopySelection,
         });
         entries.push(ContextMenuEntry {
-            label: "Open selection".to_string(),
-            description: "show selected text in pager".to_string(),
+            label: app.tr(MessageId::CtxMenuOpenSelection).to_string(),
+            description: app.tr(MessageId::CtxMenuOpenSelectionDesc).to_string(),
             action: ContextMenuAction::OpenSelection,
         });
         entries.push(ContextMenuEntry {
-            label: "Clear selection".to_string(),
+            label: app.tr(MessageId::CtxMenuClearSelection).to_string(),
             description: String::new(),
             action: ContextMenuAction::ClearSelection,
         });
@@ -474,31 +480,31 @@ pub(crate) fn build_context_menu_entries(app: &App, mouse: MouseEvent) -> Vec<Co
             .map(|label| truncate_line_to_width(label.as_str(), 28))
             .unwrap_or_else(|| "message".to_string());
         entries.push(ContextMenuEntry {
-            label: "Open details".to_string(),
+            label: app.tr(MessageId::CtxMenuOpenDetails).to_string(),
             description: target,
             action: ContextMenuAction::OpenDetails { cell_index },
         });
         entries.push(ContextMenuEntry {
-            label: "Copy message".to_string(),
-            description: "write clicked transcript cell".to_string(),
+            label: app.tr(MessageId::CtxMenuCopyMessage).to_string(),
+            description: app.tr(MessageId::CtxMenuCopyMessageDesc).to_string(),
             action: ContextMenuAction::CopyCell { cell_index },
         });
         entries.push(ContextMenuEntry {
-            label: "Open in editor".to_string(),
-            description: "open file:line in $EDITOR".to_string(),
+            label: app.tr(MessageId::CtxMenuOpenInEditor).to_string(),
+            description: app.tr(MessageId::CtxMenuOpenInEditorDesc).to_string(),
             action: ContextMenuAction::OpenFileAtLine { cell_index },
         });
         // Hide/show cell toggle.
         if app.collapsed_cells.contains(&cell_index) {
             entries.push(ContextMenuEntry {
-                label: "Show cell".to_string(),
-                description: "unhide this transcript cell".to_string(),
+                label: app.tr(MessageId::CtxMenuShowCell).to_string(),
+                description: app.tr(MessageId::CtxMenuShowCellDesc).to_string(),
                 action: ContextMenuAction::ShowCell { cell_index },
             });
         } else {
             entries.push(ContextMenuEntry {
-                label: "Hide cell".to_string(),
-                description: "collapse this transcript cell".to_string(),
+                label: app.tr(MessageId::CtxMenuHideCell).to_string(),
+                description: app.tr(MessageId::CtxMenuHideCellDesc).to_string(),
                 action: ContextMenuAction::HideCell { cell_index },
             });
         }
@@ -507,31 +513,32 @@ pub(crate) fn build_context_menu_entries(app: &App, mouse: MouseEvent) -> Vec<Co
     // When cells are hidden, offer a way to show them all.
     if !app.collapsed_cells.is_empty() {
         let count = app.collapsed_cells.len();
+        let label = app.tr(MessageId::CtxMenuShowHidden).to_string();
         entries.push(ContextMenuEntry {
-            label: format!("Show hidden ({count})"),
-            description: "unhide all collapsed cells".to_string(),
+            label: format!("{label} ({count})"),
+            description: app.tr(MessageId::CtxMenuShowHiddenDesc).to_string(),
             action: ContextMenuAction::ShowAllHidden,
         });
     }
 
     entries.push(ContextMenuEntry {
-        label: "Paste".to_string(),
-        description: "insert clipboard into composer".to_string(),
+        label: app.tr(MessageId::CtxMenuPaste).to_string(),
+        description: app.tr(MessageId::CtxMenuPasteDesc).to_string(),
         action: ContextMenuAction::Paste,
     });
     entries.push(ContextMenuEntry {
-        label: "Command palette".to_string(),
-        description: "commands, skills, and tools".to_string(),
+        label: app.tr(MessageId::CtxMenuCmdPalette).to_string(),
+        description: app.tr(MessageId::CtxMenuCmdPaletteDesc).to_string(),
         action: ContextMenuAction::OpenCommandPalette,
     });
     entries.push(ContextMenuEntry {
-        label: "Context inspector".to_string(),
-        description: "active context and cache hints".to_string(),
+        label: app.tr(MessageId::CtxMenuContextInspector).to_string(),
+        description: app.tr(MessageId::CtxMenuContextInspectorDesc).to_string(),
         action: ContextMenuAction::OpenContextInspector,
     });
     entries.push(ContextMenuEntry {
-        label: "Help".to_string(),
-        description: "keybindings and commands".to_string(),
+        label: app.tr(MessageId::CtxMenuHelp).to_string(),
+        description: app.tr(MessageId::CtxMenuHelpDesc).to_string(),
         action: ContextMenuAction::OpenHelp,
     });
 

From c72dc28b38ed91be71325f4f4b7867947193c152 Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Thu, 28 May 2026 23:06:04 +0800
Subject: [PATCH 158/283]   fix(statusline): keep picker selection visible

  Keep the /statusline picker selection visible when navigating through all
  available footer items in smaller terminal windows.

  The picker now scrolls its visible rows as the cursor moves, wraps Up/Down at
  the list edges, and renders the selected row with a continuous, slightly
  brighter background.
---
 crates/tui/src/tui/views/status_picker.rs | 100 ++++++++++++++++++----
 1 file changed, 81 insertions(+), 19 deletions(-)

diff --git a/crates/tui/src/tui/views/status_picker.rs b/crates/tui/src/tui/views/status_picker.rs
index 17b6173a..2d1a4362 100644
--- a/crates/tui/src/tui/views/status_picker.rs
+++ b/crates/tui/src/tui/views/status_picker.rs
@@ -19,8 +19,12 @@ use ratatui::{
 };
 
 use crate::config::StatusItem;
+use crate::localization::truncate_to_width;
 use crate::palette;
 use crate::tui::views::{ModalKind, ModalView, ViewAction, ViewEvent};
+use unicode_width::UnicodeWidthStr;
+
+const STATUS_PICKER_SELECTION_BG: ratatui::style::Color = ratatui::style::Color::Rgb(54, 72, 104);
 
 /// Picker state. We hold both the user's working selection AND the original
 /// snapshot so Esc can perfectly revert the live preview.
@@ -62,16 +66,21 @@ impl StatusPickerView {
     }
 
     fn move_up(&mut self) {
-        if self.cursor > 0 {
+        if self.rows.is_empty() {
+            return;
+        }
+        if self.cursor == 0 {
+            self.cursor = self.rows.len() - 1;
+        } else {
             self.cursor -= 1;
         }
     }
 
     fn move_down(&mut self) {
-        let max = self.rows.len().saturating_sub(1);
-        if self.cursor < max {
-            self.cursor += 1;
+        if self.rows.is_empty() {
+            return;
         }
+        self.cursor = (self.cursor + 1) % self.rows.len();
     }
 
     fn toggle_current(&mut self) {
@@ -201,7 +210,16 @@ impl ModalView for StatusPickerView {
         )));
         lines.push(Line::from(""));
 
-        for (idx, item) in self.rows.iter().enumerate() {
+        let visible_rows = inner.height.saturating_sub(2) as usize;
+        let row_start = visible_row_start(self.rows.len(), self.cursor, visible_rows);
+
+        for (idx, item) in self
+            .rows
+            .iter()
+            .enumerate()
+            .skip(row_start)
+            .take(visible_rows)
+        {
             let checked = *self.selected.get(idx).unwrap_or(&false);
             let is_cursor = idx == self.cursor;
             let mark = if checked { "[✓]" } else { "[ ]" };
@@ -225,20 +243,50 @@ impl ModalView for StatusPickerView {
             };
             let pointer = if is_cursor { "▸" } else { " " };
 
-            lines.push(Line::from(vec![
-                Span::styled(format!(" {pointer} "), row_style),
-                Span::styled(mark.to_string(), row_style),
-                Span::raw(" "),
-                Span::styled(item.label().to_string(), row_style),
-                Span::raw("  "),
-                Span::styled(format!("({})", item.hint()), hint_style),
-            ]));
+            if is_cursor {
+                let selected_style = Style::default()
+                    .fg(palette::SELECTION_TEXT)
+                    .bg(STATUS_PICKER_SELECTION_BG)
+                    .add_modifier(Modifier::BOLD);
+                let line = status_row_text(pointer, mark, item, inner.width as usize);
+                lines.push(Line::from(Span::styled(line, selected_style)));
+            } else {
+                lines.push(Line::from(vec![
+                    Span::styled(format!(" {pointer} "), row_style),
+                    Span::styled(mark.to_string(), row_style),
+                    Span::styled(" ", row_style),
+                    Span::styled(item.label().to_string(), row_style),
+                    Span::styled("  ", row_style),
+                    Span::styled(format!("({})", item.hint()), hint_style),
+                ]));
+            }
         }
 
         Paragraph::new(lines).render(inner, buf);
     }
 }
 
+fn visible_row_start(total_rows: usize, cursor: usize, visible_rows: usize) -> usize {
+    if total_rows == 0 || visible_rows == 0 || total_rows <= visible_rows {
+        return 0;
+    }
+    let max_start = total_rows - visible_rows;
+    cursor
+        .saturating_add(1)
+        .saturating_sub(visible_rows)
+        .min(max_start)
+}
+
+fn status_row_text(pointer: &str, mark: &str, item: &StatusItem, width: usize) -> String {
+    let text = format!(" {pointer} {mark} {}  ({})", item.label(), item.hint());
+    let mut text = truncate_to_width(&text, width);
+    let current_width = text.width();
+    if current_width < width {
+        text.push_str(&" ".repeat(width - current_width));
+    }
+    text
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -317,18 +365,32 @@ mod tests {
     }
 
     #[test]
-    fn arrow_keys_move_cursor_within_bounds() {
+    fn arrow_keys_wrap_cursor_at_edges() {
         let active = StatusItem::default_footer();
         let mut view = StatusPickerView::new(&active);
         assert_eq!(view.cursor, 0);
+        view.handle_key(KeyEvent::new(KeyCode::Up, KeyModifiers::NONE));
+        assert_eq!(view.cursor, StatusItem::all().len() - 1);
+        view.handle_key(KeyEvent::new(KeyCode::Down, KeyModifiers::NONE));
+        assert_eq!(view.cursor, 0);
         view.handle_key(KeyEvent::new(KeyCode::Down, KeyModifiers::NONE));
         assert_eq!(view.cursor, 1);
         view.handle_key(KeyEvent::new(KeyCode::Up, KeyModifiers::NONE));
         assert_eq!(view.cursor, 0);
-        // Move past the bottom shouldn't wrap.
-        for _ in 0..StatusItem::all().len() + 5 {
-            view.handle_key(KeyEvent::new(KeyCode::Down, KeyModifiers::NONE));
-        }
-        assert_eq!(view.cursor, StatusItem::all().len() - 1);
+    }
+
+    #[test]
+    fn visible_row_start_keeps_cursor_in_view() {
+        assert_eq!(visible_row_start(14, 0, 8), 0);
+        assert_eq!(visible_row_start(14, 7, 8), 0);
+        assert_eq!(visible_row_start(14, 8, 8), 1);
+        assert_eq!(visible_row_start(14, 13, 8), 6);
+    }
+
+    #[test]
+    fn selected_row_text_fills_available_width() {
+        let text = status_row_text("▸", "[ ]", &StatusItem::LastToolElapsed, 40);
+        assert_eq!(text.width(), 40);
+        assert!(text.starts_with(" ▸ [ ] Last tool elapsed"));
     }
 }

From 30d8d083c5aa8e5f94c9643b13661b3c2d02e292 Mon Sep 17 00:00:00 2001
From: hexin <he.xin@h3c.com>
Date: Fri, 29 May 2026 17:17:31 +0800
Subject: [PATCH 159/283] feat(subagent): add stop-on-failure and
 bounded-effort guidance to general agent intro

The general-purpose sub-agent intro tells the agent how to plan, but says
nothing about when to *stop*. With less capable models this leads to a
failure mode where the agent retries the same failing tool call (e.g. an
unreachable or rate-limited external API) over and over until it hits the
elapsed/step ceiling, wasting the whole budget and returning nothing useful.

Add two short clauses to GENERAL_AGENT_INTRO:
- Stop quickly on failure: after the same call fails twice, return partial
  results with a one-line note instead of looping.
- Bounded effort: prefer one focused attempt; if the task can't be completed
  within a few tool calls, return current findings so the parent can compensate.

Prompt-only change; no behavioral code paths touched.
---
 crates/tui/src/tools/subagent/mod.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/tools/subagent/mod.rs b/crates/tui/src/tools/subagent/mod.rs
index 357aeec4..cf10a930 100644
--- a/crates/tui/src/tools/subagent/mod.rs
+++ b/crates/tui/src/tools/subagent/mod.rs
@@ -4988,7 +4988,9 @@ const SUBAGENT_OUTPUT_FORMAT: &str = include_str!("../../prompts/subagent_output
 const GENERAL_AGENT_INTRO: &str = concat!(
     "You are a general-purpose sub-agent spawned to handle a specific task autonomously.\n",
     "Stay inside the assigned scope; put adjacent work under RISKS/BLOCKERS.\n",
-    "Plan multi-step work with `checklist_write`; add `update_plan` for complex strategy.\n\n"
+    "Plan multi-step work with `checklist_write`; add `update_plan` for complex strategy.\n",
+    "**Stop quickly on failure**: if the same tool call fails 2 times in a row, stop retrying and return what you have so far with a one-line note explaining what's missing. Do not loop on impossible queries (e.g. external API unreachable, rate-limited, or returning empty).\n",
+    "**Bounded effort**: prefer one focused attempt over many speculative retries. If you cannot complete the task with available data within 3-5 tool calls, return your current partial findings — the parent agent can compensate with its own knowledge.\n\n"
 );
 
 const EXPLORE_AGENT_INTRO: &str = concat!(

From 9edd2008c447e9eae91ab6f7c9b5d271eb4783e2 Mon Sep 17 00:00:00 2001
From: Nightt <87569709+nightt5879@users.noreply.github.com>
Date: Wed, 27 May 2026 18:34:11 +0800
Subject: [PATCH 160/283] docs: add provider registry drift check

---
 .github/workflows/ci.yml           |   2 +
 README.md                          |   1 +
 docs/PROVIDERS.md                  |  23 +++-
 scripts/check-provider-registry.py | 195 +++++++++++++++++++++++++++++
 4 files changed, 218 insertions(+), 3 deletions(-)
 create mode 100644 scripts/check-provider-registry.py

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4203a17c..f02b1e3a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,6 +38,8 @@ jobs:
           components: rustfmt
       - name: Check formatting
         run: cargo fmt --all -- --check
+      - name: Check provider registry drift
+        run: python scripts/check-provider-registry.py
       - name: Linux clippy location
         run: echo "Linux clippy/test gates run on CNB for mirrored fix/*, rebrand/*, work/v*, and main branches."
 
diff --git a/README.md b/README.md
index 3213ee15..fbce91ab 100644
--- a/README.md
+++ b/README.md
@@ -555,6 +555,7 @@ without recreating skills the user deliberately deleted.
 |---|---|
 | [ARCHITECTURE.md](docs/ARCHITECTURE.md) | Codebase internals |
 | [CONFIGURATION.md](docs/CONFIGURATION.md) | Full config reference |
+| [PROVIDERS.md](docs/PROVIDERS.md) | Provider IDs, auth, model defaults, and capability metadata |
 | [MODES.md](docs/MODES.md) | Plan / Agent / YOLO modes |
 | [MCP.md](docs/MCP.md) | Model Context Protocol integration |
 | [RUNTIME_API.md](docs/RUNTIME_API.md) | HTTP/SSE API server |
diff --git a/docs/PROVIDERS.md b/docs/PROVIDERS.md
index 38969415..d268779e 100644
--- a/docs/PROVIDERS.md
+++ b/docs/PROVIDERS.md
@@ -21,6 +21,8 @@ Sources to keep in sync:
   `codewhale model list` and `codewhale model resolve`.
 - `config.example.toml` and `docs/CONFIGURATION.md` - user-facing config
   examples and environment variable reference.
+- `scripts/check-provider-registry.py` - drift check for canonical provider
+  IDs, TOML table names, static registry rows, and documented defaults.
 
 ## Provider Selection
 
@@ -133,6 +135,24 @@ DeepSeek compatibility aliases `deepseek-chat` and `deepseek-reasoner` map to
 `deepseek-v4-flash` capability metadata and are scheduled to retire on
 2026-07-24 at 2026-07-24T15:59:00Z.
 
+## Drift Check
+
+Run this before changing provider IDs, provider TOML tables, static model
+registry rows, or provider default strings:
+
+```bash
+python scripts/check-provider-registry.py
+```
+
+The check fails when:
+
+- `docs/PROVIDERS.md` omits a canonical `ProviderKind::as_str()` ID.
+- The shipped-provider table omits or adds a `[providers.*]` TOML table.
+- The static model registry table drifts from providers used by
+  `crates/agent/src/lib.rs`.
+- A provider default model or base URL constant in `crates/tui/src/config.rs`
+  is no longer mentioned here.
+
 ## Planned, Not Shipped Yet
 
 These items belong to the v0.8.47 provider-abstraction milestone or related
@@ -149,9 +169,6 @@ provider docs work, but they are not native shipped behavior in this checkout:
 - Hugging Face model passport metadata in the picker, including license, base
   model, context length, chat template, tool-call support, reasoning support,
   and gated/private status.
-- A generated drift-check script that fails when this file diverges from the
-  provider registry. Until that exists, update this file with a source read of
-  the files listed at the top.
 
 Until native Hugging Face support lands, users can only reach an explicitly
 configured Hugging Face-compatible OpenAI route through the generic `openai`
diff --git a/scripts/check-provider-registry.py b/scripts/check-provider-registry.py
new file mode 100644
index 00000000..0a6aab11
--- /dev/null
+++ b/scripts/check-provider-registry.py
@@ -0,0 +1,195 @@
+#!/usr/bin/env python3
+"""Check that docs/PROVIDERS.md tracks the shipped provider registry.
+
+This is intentionally lightweight. It does not try to generate prose; it checks
+the stable identifiers and default strings that are easy for docs to drift from:
+
+- canonical ProviderKind IDs
+- provider TOML tables
+- shipped-provider table rows
+- static ModelRegistry provider rows
+- default provider model/base URL constants
+"""
+
+from __future__ import annotations
+
+import re
+import sys
+from pathlib import Path
+
+
+ROOT = Path(__file__).resolve().parents[1]
+CONFIG_RS = ROOT / "crates" / "config" / "src" / "lib.rs"
+TUI_CONFIG_RS = ROOT / "crates" / "tui" / "src" / "config.rs"
+AGENT_RS = ROOT / "crates" / "agent" / "src" / "lib.rs"
+PROVIDERS_MD = ROOT / "docs" / "PROVIDERS.md"
+
+PROVIDER_VARIANT_TO_TABLE = {
+    "Deepseek": "deepseek",
+    "NvidiaNim": "nvidia_nim",
+    "Openai": "openai",
+    "Atlascloud": "atlascloud",
+    "WanjieArk": "wanjie_ark",
+    "Openrouter": "openrouter",
+    "Novita": "novita",
+    "Fireworks": "fireworks",
+    "Moonshot": "moonshot",
+    "Sglang": "sglang",
+    "Vllm": "vllm",
+    "Ollama": "ollama",
+}
+
+
+def read(path: Path) -> str:
+    return path.read_text(encoding="utf-8")
+
+
+def extract_match_block(source: str, signature: str) -> str:
+    start = source.index(signature)
+    match_start = source.index("match", start)
+    brace_start = source.index("{", match_start)
+    depth = 0
+    for index in range(brace_start, len(source)):
+        char = source[index]
+        if char == "{":
+            depth += 1
+        elif char == "}":
+            depth -= 1
+            if depth == 0:
+                return source[brace_start + 1 : index]
+    raise ValueError(f"could not parse match block after {signature!r}")
+
+
+def provider_kind_ids(config_rs: str) -> dict[str, str]:
+    block = extract_match_block(config_rs, "pub fn as_str(self) -> &'static str")
+    pairs = re.findall(r"Self::(\w+)\s*=>\s*\"([^\"]+)\"", block)
+    if not pairs:
+        raise ValueError("ProviderKind::as_str returned no providers")
+    return {variant: provider_id for variant, provider_id in pairs}
+
+
+def provider_tables(config_rs: str) -> set[str]:
+    struct_start = config_rs.index("pub struct ProvidersToml")
+    struct_end = config_rs.index("\n}", struct_start)
+    fields = re.findall(
+        r"pub\s+([a-z0-9_]+)\s*:\s*ProviderConfigToml",
+        config_rs[struct_start:struct_end],
+    )
+    if not fields:
+        raise ValueError("ProvidersToml returned no provider tables")
+    return set(fields)
+
+
+def shipped_provider_rows(providers_md: str) -> set[str]:
+    heading = providers_md.index("## Shipped Providers")
+    next_heading = providers_md.index("\n## ", heading + 1)
+    table = providers_md[heading:next_heading]
+    return set(re.findall(r"^\|\s*`([^`]+)`\s*\|", table, flags=re.MULTILINE))
+
+
+def shipped_provider_tables(providers_md: str) -> set[str]:
+    heading = providers_md.index("## Shipped Providers")
+    next_heading = providers_md.index("\n## ", heading + 1)
+    table = providers_md[heading:next_heading]
+    return set(re.findall(r"\|\s*`\[providers\.([a-z0-9_]+)\]`\s*\|", table))
+
+
+def static_registry_provider_rows(providers_md: str) -> set[str]:
+    heading = providers_md.index("## Static Model Registry")
+    next_heading = providers_md.index("\n## ", heading + 1)
+    table = providers_md[heading:next_heading]
+    return set(re.findall(r"^\|\s*`([^`]+)`\s*\|", table, flags=re.MULTILINE))
+
+
+def model_registry_providers(agent_rs: str, variant_to_id: dict[str, str]) -> set[str]:
+    variants = set(re.findall(r"provider:\s*ProviderKind::(\w+)", agent_rs))
+    missing = variants - set(variant_to_id)
+    if missing:
+        raise ValueError(f"ModelRegistry uses unknown provider variants: {sorted(missing)}")
+    return {variant_to_id[variant] for variant in variants}
+
+
+def default_strings(tui_config_rs: str) -> set[str]:
+    defaults = set()
+    for name, value in re.findall(
+        r'const\s+(DEFAULT_[A-Z0-9_]+(?:MODEL|BASE_URL)):\s*&str\s*=\s*"([^"]+)"',
+        tui_config_rs,
+    ):
+        if name == "DEFAULT_DEEPSEEKCN_BASE_URL":
+            continue
+        defaults.add(value)
+    if not defaults:
+        raise ValueError("no default provider model/base URL constants found")
+    return defaults
+
+
+def missing_default_strings(providers_md: str, defaults: set[str]) -> list[str]:
+    return sorted(value for value in defaults if value not in providers_md)
+
+
+def report_set(label: str, expected: set[str], actual: set[str]) -> list[str]:
+    errors = []
+    missing = sorted(expected - actual)
+    extra = sorted(actual - expected)
+    if missing:
+        errors.append(f"{label} missing: {', '.join(missing)}")
+    if extra:
+        errors.append(f"{label} extra: {', '.join(extra)}")
+    return errors
+
+
+def main() -> int:
+    config_rs = read(CONFIG_RS)
+    tui_config_rs = read(TUI_CONFIG_RS)
+    agent_rs = read(AGENT_RS)
+    providers_md = read(PROVIDERS_MD)
+
+    variant_to_id = provider_kind_ids(config_rs)
+    canonical_ids = set(variant_to_id.values())
+    missing_table_mappings = sorted(set(variant_to_id) - set(PROVIDER_VARIANT_TO_TABLE))
+    if missing_table_mappings:
+        raise ValueError(
+            "PROVIDER_VARIANT_TO_TABLE is missing variants: "
+            + ", ".join(missing_table_mappings)
+        )
+    expected_tables = {
+        PROVIDER_VARIANT_TO_TABLE[variant] for variant in variant_to_id
+    }
+
+    errors: list[str] = []
+    errors += report_set(
+        "shipped provider rows",
+        canonical_ids,
+        shipped_provider_rows(providers_md),
+    )
+    errors += report_set("provider TOML tables", expected_tables, provider_tables(config_rs))
+    errors += report_set(
+        "documented provider TOML tables",
+        expected_tables,
+        shipped_provider_tables(providers_md),
+    )
+    errors += report_set(
+        "static ModelRegistry rows",
+        model_registry_providers(agent_rs, variant_to_id),
+        static_registry_provider_rows(providers_md),
+    )
+
+    missing_defaults = missing_default_strings(providers_md, default_strings(tui_config_rs))
+    if missing_defaults:
+        errors.append(
+            "docs/PROVIDERS.md does not mention default strings: "
+            + ", ".join(missing_defaults)
+        )
+
+    if errors:
+        print("Provider registry drift check failed:", file=sys.stderr)
+        for error in errors:
+            print(f"- {error}", file=sys.stderr)
+        return 1
+
+    print("Provider registry drift check passed.")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

From b0e7b673864819ee996a79681fce3a35aaebbb31 Mon Sep 17 00:00:00 2001
From: Nightt <87569709+nightt5879@users.noreply.github.com>
Date: Wed, 27 May 2026 18:48:29 +0800
Subject: [PATCH 161/283] style: satisfy current clippy lints

---
 crates/cli/src/bin/codew_legacy_shim.rs    | 12 ++++++------
 crates/cli/src/bin/deepseek_legacy_shim.rs | 12 ++++++------
 crates/tui/src/commands/config.rs          |  6 +++---
 crates/tui/src/runtime_log.rs              |  2 +-
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/crates/cli/src/bin/codew_legacy_shim.rs b/crates/cli/src/bin/codew_legacy_shim.rs
index 165e05a9..870128fb 100644
--- a/crates/cli/src/bin/codew_legacy_shim.rs
+++ b/crates/cli/src/bin/codew_legacy_shim.rs
@@ -37,12 +37,12 @@ fn spawn_codewhale(args: &[String]) -> std::io::Result<std::process::ExitStatus>
     // same directory as this shim but not on PATH (#2006).
     #[cfg(windows)]
     {
-        if let Ok(exe_path) = env::current_exe() {
-            if let Some(dir) = exe_path.parent() {
-                let sibling = dir.join("codewhale.exe");
-                if sibling.is_file() {
-                    return Command::new(sibling).args(args).status();
-                }
+        if let Ok(exe_path) = env::current_exe()
+            && let Some(dir) = exe_path.parent()
+        {
+            let sibling = dir.join("codewhale.exe");
+            if sibling.is_file() {
+                return Command::new(sibling).args(args).status();
             }
         }
     }
diff --git a/crates/cli/src/bin/deepseek_legacy_shim.rs b/crates/cli/src/bin/deepseek_legacy_shim.rs
index b47c9d92..abd00896 100644
--- a/crates/cli/src/bin/deepseek_legacy_shim.rs
+++ b/crates/cli/src/bin/deepseek_legacy_shim.rs
@@ -44,12 +44,12 @@ fn spawn_codewhale(args: &[String]) -> std::io::Result<std::process::ExitStatus>
     // same directory as this shim but not on PATH (#2006).
     #[cfg(windows)]
     {
-        if let Ok(exe_path) = env::current_exe() {
-            if let Some(dir) = exe_path.parent() {
-                let sibling = dir.join("codewhale.exe");
-                if sibling.is_file() {
-                    return Command::new(sibling).args(args).status();
-                }
+        if let Ok(exe_path) = env::current_exe()
+            && let Some(dir) = exe_path.parent()
+        {
+            let sibling = dir.join("codewhale.exe");
+            if sibling.is_file() {
+                return Command::new(sibling).args(args).status();
             }
         }
     }
diff --git a/crates/tui/src/commands/config.rs b/crates/tui/src/commands/config.rs
index 651b4d5d..36e300c1 100644
--- a/crates/tui/src/commands/config.rs
+++ b/crates/tui/src/commands/config.rs
@@ -473,9 +473,9 @@ pub fn set_config_value(app: &mut App, key: &str, value: &str, persist: bool) ->
                     Err(err) => return CommandResult::error(format!("Failed to save: {err}")),
                 }
             }
-            return CommandResult::error(format!(
-                "base_url must be saved with --save; client base URL is loaded from config on startup. Restart and re-open your session after saving."
-            ));
+            return CommandResult::error(
+                "base_url must be saved with --save; client base URL is loaded from config on startup. Restart and re-open your session after saving.",
+            );
         }
         _ => {}
     }
diff --git a/crates/tui/src/runtime_log.rs b/crates/tui/src/runtime_log.rs
index 48373d4b..2edd53ad 100644
--- a/crates/tui/src/runtime_log.rs
+++ b/crates/tui/src/runtime_log.rs
@@ -174,7 +174,7 @@ fn log_directory() -> Option<PathBuf> {
     {
         return resolve(userprofile);
     }
-    dirs::home_dir().and_then(|h| resolve(h))
+    dirs::home_dir().and_then(resolve)
 }
 
 fn log_file_name(date: &str, pid: u32) -> String {

From e2099dd6913880e6035a0981a6784beef75ea9a9 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 06:19:32 -0500
Subject: [PATCH 162/283] fix: harden provider registry drift check

---
 .github/workflows/ci.yml           |   2 +-
 docs/PROVIDERS.md                  |   2 +-
 scripts/check-provider-registry.py | 128 +++++++++++++----------------
 3 files changed, 61 insertions(+), 71 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f02b1e3a..45c212bd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -39,7 +39,7 @@ jobs:
       - name: Check formatting
         run: cargo fmt --all -- --check
       - name: Check provider registry drift
-        run: python scripts/check-provider-registry.py
+        run: python3 scripts/check-provider-registry.py
       - name: Linux clippy location
         run: echo "Linux clippy/test gates run on CNB for mirrored fix/*, rebrand/*, work/v*, and main branches."
 
diff --git a/docs/PROVIDERS.md b/docs/PROVIDERS.md
index d268779e..ec9657ab 100644
--- a/docs/PROVIDERS.md
+++ b/docs/PROVIDERS.md
@@ -141,7 +141,7 @@ Run this before changing provider IDs, provider TOML tables, static model
 registry rows, or provider default strings:
 
 ```bash
-python scripts/check-provider-registry.py
+python3 scripts/check-provider-registry.py
 ```
 
 The check fails when:
diff --git a/scripts/check-provider-registry.py b/scripts/check-provider-registry.py
index 0a6aab11..ebc1d556 100644
--- a/scripts/check-provider-registry.py
+++ b/scripts/check-provider-registry.py
@@ -24,30 +24,28 @@ TUI_CONFIG_RS = ROOT / "crates" / "tui" / "src" / "config.rs"
 AGENT_RS = ROOT / "crates" / "agent" / "src" / "lib.rs"
 PROVIDERS_MD = ROOT / "docs" / "PROVIDERS.md"
 
-PROVIDER_VARIANT_TO_TABLE = {
-    "Deepseek": "deepseek",
-    "NvidiaNim": "nvidia_nim",
-    "Openai": "openai",
-    "Atlascloud": "atlascloud",
-    "WanjieArk": "wanjie_ark",
-    "Openrouter": "openrouter",
-    "Novita": "novita",
-    "Fireworks": "fireworks",
-    "Moonshot": "moonshot",
-    "Sglang": "sglang",
-    "Vllm": "vllm",
-    "Ollama": "ollama",
-}
-
-
 def read(path: Path) -> str:
     return path.read_text(encoding="utf-8")
 
 
+def require_index(source: str, needle: str, context: str, start: int = 0) -> int:
+    try:
+        return source.index(needle, start)
+    except ValueError:
+        raise ValueError(f"{context}: missing {needle!r}") from None
+
+
+def markdown_section(source: str, heading: str) -> str:
+    start = require_index(source, heading, "docs/PROVIDERS.md")
+    next_heading = source.find("\n## ", start + len(heading))
+    end = len(source) if next_heading == -1 else next_heading
+    return source[start:end]
+
+
 def extract_match_block(source: str, signature: str) -> str:
-    start = source.index(signature)
-    match_start = source.index("match", start)
-    brace_start = source.index("{", match_start)
+    start = require_index(source, signature, "crates/config/src/lib.rs")
+    match_start = require_index(source, "match", f"match block after {signature!r}", start)
+    brace_start = require_index(source, "{", f"match block after {signature!r}", match_start)
     depth = 0
     for index in range(brace_start, len(source)):
         char = source[index]
@@ -69,8 +67,10 @@ def provider_kind_ids(config_rs: str) -> dict[str, str]:
 
 
 def provider_tables(config_rs: str) -> set[str]:
-    struct_start = config_rs.index("pub struct ProvidersToml")
-    struct_end = config_rs.index("\n}", struct_start)
+    struct_start = require_index(
+        config_rs, "pub struct ProvidersToml", "crates/config/src/lib.rs"
+    )
+    struct_end = require_index(config_rs, "\n}", "ProvidersToml struct", struct_start)
     fields = re.findall(
         r"pub\s+([a-z0-9_]+)\s*:\s*ProviderConfigToml",
         config_rs[struct_start:struct_end],
@@ -81,23 +81,17 @@ def provider_tables(config_rs: str) -> set[str]:
 
 
 def shipped_provider_rows(providers_md: str) -> set[str]:
-    heading = providers_md.index("## Shipped Providers")
-    next_heading = providers_md.index("\n## ", heading + 1)
-    table = providers_md[heading:next_heading]
+    table = markdown_section(providers_md, "## Shipped Providers")
     return set(re.findall(r"^\|\s*`([^`]+)`\s*\|", table, flags=re.MULTILINE))
 
 
 def shipped_provider_tables(providers_md: str) -> set[str]:
-    heading = providers_md.index("## Shipped Providers")
-    next_heading = providers_md.index("\n## ", heading + 1)
-    table = providers_md[heading:next_heading]
+    table = markdown_section(providers_md, "## Shipped Providers")
     return set(re.findall(r"\|\s*`\[providers\.([a-z0-9_]+)\]`\s*\|", table))
 
 
 def static_registry_provider_rows(providers_md: str) -> set[str]:
-    heading = providers_md.index("## Static Model Registry")
-    next_heading = providers_md.index("\n## ", heading + 1)
-    table = providers_md[heading:next_heading]
+    table = markdown_section(providers_md, "## Static Model Registry")
     return set(re.findall(r"^\|\s*`([^`]+)`\s*\|", table, flags=re.MULTILINE))
 
 
@@ -124,7 +118,8 @@ def default_strings(tui_config_rs: str) -> set[str]:
 
 
 def missing_default_strings(providers_md: str, defaults: set[str]) -> list[str]:
-    return sorted(value for value in defaults if value not in providers_md)
+    code_spans = set(re.findall(r"`([^`]+)`", providers_md))
+    return sorted(defaults - code_spans)
 
 
 def report_set(label: str, expected: set[str], actual: set[str]) -> list[str]:
@@ -139,47 +134,42 @@ def report_set(label: str, expected: set[str], actual: set[str]) -> list[str]:
 
 
 def main() -> int:
-    config_rs = read(CONFIG_RS)
-    tui_config_rs = read(TUI_CONFIG_RS)
-    agent_rs = read(AGENT_RS)
-    providers_md = read(PROVIDERS_MD)
+    try:
+        config_rs = read(CONFIG_RS)
+        tui_config_rs = read(TUI_CONFIG_RS)
+        agent_rs = read(AGENT_RS)
+        providers_md = read(PROVIDERS_MD)
 
-    variant_to_id = provider_kind_ids(config_rs)
-    canonical_ids = set(variant_to_id.values())
-    missing_table_mappings = sorted(set(variant_to_id) - set(PROVIDER_VARIANT_TO_TABLE))
-    if missing_table_mappings:
-        raise ValueError(
-            "PROVIDER_VARIANT_TO_TABLE is missing variants: "
-            + ", ".join(missing_table_mappings)
+        variant_to_id = provider_kind_ids(config_rs)
+        canonical_ids = set(variant_to_id.values())
+        expected_tables = {provider_id.replace("-", "_") for provider_id in canonical_ids}
+
+        errors: list[str] = []
+        errors += report_set(
+            "shipped provider rows",
+            canonical_ids,
+            shipped_provider_rows(providers_md),
         )
-    expected_tables = {
-        PROVIDER_VARIANT_TO_TABLE[variant] for variant in variant_to_id
-    }
-
-    errors: list[str] = []
-    errors += report_set(
-        "shipped provider rows",
-        canonical_ids,
-        shipped_provider_rows(providers_md),
-    )
-    errors += report_set("provider TOML tables", expected_tables, provider_tables(config_rs))
-    errors += report_set(
-        "documented provider TOML tables",
-        expected_tables,
-        shipped_provider_tables(providers_md),
-    )
-    errors += report_set(
-        "static ModelRegistry rows",
-        model_registry_providers(agent_rs, variant_to_id),
-        static_registry_provider_rows(providers_md),
-    )
-
-    missing_defaults = missing_default_strings(providers_md, default_strings(tui_config_rs))
-    if missing_defaults:
-        errors.append(
-            "docs/PROVIDERS.md does not mention default strings: "
-            + ", ".join(missing_defaults)
+        errors += report_set("provider TOML tables", expected_tables, provider_tables(config_rs))
+        errors += report_set(
+            "documented provider TOML tables",
+            expected_tables,
+            shipped_provider_tables(providers_md),
         )
+        errors += report_set(
+            "static ModelRegistry rows",
+            model_registry_providers(agent_rs, variant_to_id),
+            static_registry_provider_rows(providers_md),
+        )
+
+        missing_defaults = missing_default_strings(providers_md, default_strings(tui_config_rs))
+        if missing_defaults:
+            errors.append(
+                "docs/PROVIDERS.md does not mention default strings as Markdown code spans: "
+                + ", ".join(missing_defaults)
+            )
+    except ValueError as err:
+        errors = [str(err)]
 
     if errors:
         print("Provider registry drift check failed:", file=sys.stderr)

From 402b186aec384c18ca6d5292f453289ae2935e76 Mon Sep 17 00:00:00 2001
From: Nightt <87569709+nightt5879@users.noreply.github.com>
Date: Fri, 29 May 2026 09:56:53 +0800
Subject: [PATCH 163/283] test: check tui provider enum drift

---
 docs/PROVIDERS.md                  |  5 ++-
 scripts/check-provider-registry.py | 67 ++++++++++++++++++++++++++++--
 2 files changed, 68 insertions(+), 4 deletions(-)

diff --git a/docs/PROVIDERS.md b/docs/PROVIDERS.md
index ec9657ab..2899b980 100644
--- a/docs/PROVIDERS.md
+++ b/docs/PROVIDERS.md
@@ -22,7 +22,8 @@ Sources to keep in sync:
 - `config.example.toml` and `docs/CONFIGURATION.md` - user-facing config
   examples and environment variable reference.
 - `scripts/check-provider-registry.py` - drift check for canonical provider
-  IDs, TOML table names, static registry rows, and documented defaults.
+  IDs, live TUI provider IDs, TOML table names, static registry rows, and
+  documented defaults.
 
 ## Provider Selection
 
@@ -147,6 +148,8 @@ python3 scripts/check-provider-registry.py
 The check fails when:
 
 - `docs/PROVIDERS.md` omits a canonical `ProviderKind::as_str()` ID.
+- `crates/tui/src/config.rs` `ApiProvider::as_str()` diverges from
+  `ProviderKind::as_str()` except for the explicit `deepseek-cn` legacy alias.
 - The shipped-provider table omits or adds a `[providers.*]` TOML table.
 - The static model registry table drifts from providers used by
   `crates/agent/src/lib.rs`.
diff --git a/scripts/check-provider-registry.py b/scripts/check-provider-registry.py
index ebc1d556..ed6b28b8 100644
--- a/scripts/check-provider-registry.py
+++ b/scripts/check-provider-registry.py
@@ -6,6 +6,7 @@ the stable identifiers and default strings that are easy for docs to drift from:
 
 - canonical ProviderKind IDs
 - provider TOML tables
+- live TUI ApiProvider IDs
 - shipped-provider table rows
 - static ModelRegistry provider rows
 - default provider model/base URL constants
@@ -24,6 +25,10 @@ TUI_CONFIG_RS = ROOT / "crates" / "tui" / "src" / "config.rs"
 AGENT_RS = ROOT / "crates" / "agent" / "src" / "lib.rs"
 PROVIDERS_MD = ROOT / "docs" / "PROVIDERS.md"
 
+
+API_PROVIDER_ONLY_IDS = {"deepseek-cn"}
+
+
 def read(path: Path) -> str:
     return path.read_text(encoding="utf-8")
 
@@ -42,8 +47,10 @@ def markdown_section(source: str, heading: str) -> str:
     return source[start:end]
 
 
-def extract_match_block(source: str, signature: str) -> str:
-    start = require_index(source, signature, "crates/config/src/lib.rs")
+def extract_match_block(
+    source: str, signature: str, context: str, start: int = 0
+) -> str:
+    start = require_index(source, signature, context, start)
     match_start = require_index(source, "match", f"match block after {signature!r}", start)
     brace_start = require_index(source, "{", f"match block after {signature!r}", match_start)
     depth = 0
@@ -59,13 +66,37 @@ def extract_match_block(source: str, signature: str) -> str:
 
 
 def provider_kind_ids(config_rs: str) -> dict[str, str]:
-    block = extract_match_block(config_rs, "pub fn as_str(self) -> &'static str")
+    impl_start = require_index(
+        config_rs, "impl ProviderKind", "crates/config/src/lib.rs"
+    )
+    block = extract_match_block(
+        config_rs,
+        "pub fn as_str(self) -> &'static str",
+        "crates/config/src/lib.rs",
+        impl_start,
+    )
     pairs = re.findall(r"Self::(\w+)\s*=>\s*\"([^\"]+)\"", block)
     if not pairs:
         raise ValueError("ProviderKind::as_str returned no providers")
     return {variant: provider_id for variant, provider_id in pairs}
 
 
+def api_provider_ids(tui_config_rs: str) -> dict[str, str]:
+    impl_start = require_index(
+        tui_config_rs, "impl ApiProvider", "crates/tui/src/config.rs"
+    )
+    block = extract_match_block(
+        tui_config_rs,
+        "pub fn as_str(self) -> &'static str",
+        "crates/tui/src/config.rs",
+        impl_start,
+    )
+    pairs = re.findall(r"Self::(\w+)\s*=>\s*\"([^\"]+)\"", block)
+    if not pairs:
+        raise ValueError("ApiProvider::as_str returned no providers")
+    return {variant: provider_id for variant, provider_id in pairs}
+
+
 def provider_tables(config_rs: str) -> set[str]:
     struct_start = require_index(
         config_rs, "pub struct ProvidersToml", "crates/config/src/lib.rs"
@@ -133,6 +164,34 @@ def report_set(label: str, expected: set[str], actual: set[str]) -> list[str]:
     return errors
 
 
+def report_provider_enum_drift(
+    provider_kind_ids: set[str], api_provider_ids: set[str]
+) -> list[str]:
+    errors = []
+    missing_from_api_provider = sorted(provider_kind_ids - api_provider_ids)
+    unexpected_api_provider_ids = sorted(
+        api_provider_ids - provider_kind_ids - API_PROVIDER_ONLY_IDS
+    )
+    missing_allowlisted_ids = sorted(API_PROVIDER_ONLY_IDS - api_provider_ids)
+
+    if missing_from_api_provider:
+        errors.append(
+            "ApiProvider missing ProviderKind IDs: "
+            + ", ".join(missing_from_api_provider)
+        )
+    if unexpected_api_provider_ids:
+        errors.append(
+            "ApiProvider has non-whitelisted IDs absent from ProviderKind: "
+            + ", ".join(unexpected_api_provider_ids)
+        )
+    if missing_allowlisted_ids:
+        errors.append(
+            "ApiProvider-only whitelist entries are absent from ApiProvider: "
+            + ", ".join(missing_allowlisted_ids)
+        )
+    return errors
+
+
 def main() -> int:
     try:
         config_rs = read(CONFIG_RS)
@@ -142,9 +201,11 @@ def main() -> int:
 
         variant_to_id = provider_kind_ids(config_rs)
         canonical_ids = set(variant_to_id.values())
+        live_api_provider_ids = set(api_provider_ids(tui_config_rs).values())
         expected_tables = {provider_id.replace("-", "_") for provider_id in canonical_ids}
 
         errors: list[str] = []
+        errors += report_provider_enum_drift(canonical_ids, live_api_provider_ids)
         errors += report_set(
             "shipped provider rows",
             canonical_ids,

From 02d1145addd6a26766f62d1498f173b25f0fa592 Mon Sep 17 00:00:00 2001
From: LING71671 <1739677116@qq.com>
Date: Wed, 27 May 2026 21:58:30 +0800
Subject: [PATCH 164/283] docs: clarify custom provider configuration

---
 README.md                       | 11 +++++++++
 config.example.toml             | 12 ++++++++++
 crates/tui/src/tui/views/mod.rs |  1 +
 docs/PROVIDERS.md               | 42 +++++++++++++++++++++++++++++++++
 4 files changed, 66 insertions(+)

diff --git a/README.md b/README.md
index fbce91ab..7629fc38 100644
--- a/README.md
+++ b/README.md
@@ -323,6 +323,11 @@ codewhale --provider fireworks --model deepseek-v4-pro
 codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"
 OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model glm-5
 
+# Custom DeepSeek-compatible endpoint
+DEEPSEEK_BASE_URL="https://your-provider.example/v1" \
+  DEEPSEEK_MODEL="deepseek-ai/DeepSeek-V4-Pro" \
+  codewhale --provider deepseek
+
 # Self-hosted SGLang
 SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model deepseek-v4-flash
 
@@ -468,6 +473,12 @@ Full shortcut catalog: [docs/KEYBINDINGS.md](docs/KEYBINDINGS.md).
 
 User config: `~/.codewhale/config.toml` (legacy `~/.deepseek/config.toml` fallback). Project overlay: `<workspace>/.codewhale/config.toml` (legacy `<workspace>/.deepseek/config.toml`) (denied: `api_key`, `base_url`, `provider`, `mcp_config_path`). [config.example.toml](config.example.toml) has every option.
 
+Custom DeepSeek-compatible endpoints usually do not need a new provider. Keep
+`provider = "deepseek"` and set `[providers.deepseek].base_url` / `model`, or
+use `provider = "openai"` for generic OpenAI-compatible gateways. Keep
+`provider`, `api_key`, and `base_url` in user config or environment variables;
+project overlays cannot set them.
+
 Key environment variables:
 
 | Variable | Purpose |
diff --git a/config.example.toml b/config.example.toml
index c8a7155b..e158a023 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -191,12 +191,21 @@ max_subagents = 10 # optional (1-20)
 #   SGLang:    SGLANG_BASE_URL, SGLANG_MODEL, optional SGLANG_API_KEY
 #   vLLM:      VLLM_BASE_URL, VLLM_MODEL, optional VLLM_API_KEY
 #   Ollama:    OLLAMA_BASE_URL, OLLAMA_MODEL, optional OLLAMA_API_KEY
+#
+# Custom DeepSeek-compatible APIs usually do not need a new provider table:
+# set `provider = "deepseek"` and override [providers.deepseek].base_url/model.
+# For generic OpenAI-compatible gateways, use `provider = "openai"` and the
+# [providers.openai] table below. Keep provider/api_key/base_url in user config
+# or environment variables; project overlays are not allowed to set them.
 
 # DeepSeek Platform (https://platform.deepseek.com)
 [providers.deepseek]
 # api_key = "YOUR_DEEPSEEK_API_KEY"
 # base_url = "https://api.deepseek.com/beta"
 # model = "deepseek-v4-pro"
+# Custom DeepSeek-compatible example:
+# base_url = "https://your-provider.example/v1"
+# model = "deepseek-ai/DeepSeek-V4-Pro"
 # http_headers = { "X-Model-Provider-Id" = "your-model-provider" } # optional custom request headers
 
 # NVIDIA NIM-hosted DeepSeek V4 (https://build.nvidia.com)
@@ -213,6 +222,9 @@ max_subagents = 10 # optional (1-20)
 # api_key = "YOUR_OPENAI_COMPATIBLE_API_KEY"
 # base_url = "https://api.openai.com/v1"
 # model = "gpt-4.1"
+# Gateway example:
+# base_url = "https://gateway.example/v1"
+# model = "your-deepseek-compatible-model"
 
 # AtlasCloud OpenAI-compatible endpoint (https://www.atlascloud.ai/docs/models/llm)
 [providers.atlascloud]
diff --git a/crates/tui/src/tui/views/mod.rs b/crates/tui/src/tui/views/mod.rs
index 68ce1ac7..2f56ada2 100644
--- a/crates/tui/src/tui/views/mod.rs
+++ b/crates/tui/src/tui/views/mod.rs
@@ -1137,6 +1137,7 @@ fn config_hint_for_key(key: &str) -> &'static str {
         "theme" => "system | dark | light | grayscale",
         "locale" => "auto | en | ja | zh-Hans | pt-BR",
         "background_color" => "#RRGGBB | default",
+        "base_url" => "save user config; e.g. https://api.deepseek.com/beta or https://gateway/v1",
         "default_mode" => "agent | plan | yolo",
         "sidebar_width" => "10..=50",
         "sidebar_focus" => "auto | work | tasks | agents | context | hidden",
diff --git a/docs/PROVIDERS.md b/docs/PROVIDERS.md
index 2899b980..1c0950ee 100644
--- a/docs/PROVIDERS.md
+++ b/docs/PROVIDERS.md
@@ -64,6 +64,48 @@ Non-local `http://` base URLs are rejected unless
 `DEEPSEEK_ALLOW_INSECURE_HTTP=1` is set. Loopback HTTP URLs are allowed for
 self-hosted runtimes.
 
+## Custom DeepSeek-Compatible Endpoints
+
+Most custom DeepSeek-compatible deployments can use an existing provider ID.
+Do not create `[providers.deepseek_custom]`; the provider table names are fixed.
+Instead, choose the closest shipped route and override its endpoint/model:
+
+- DeepSeek-compatible hosted API: keep `provider = "deepseek"` and set
+  `[providers.deepseek].base_url` plus `[providers.deepseek].model`, or launch
+  with `DEEPSEEK_BASE_URL` and `DEEPSEEK_MODEL`.
+- Generic OpenAI-compatible gateway: use `provider = "openai"` with
+  `[providers.openai].base_url` plus `[providers.openai].model`, or launch with
+  `OPENAI_BASE_URL` and `OPENAI_MODEL`.
+- Local OpenAI-compatible runtimes: use `provider = "vllm"`, `"sglang"`, or
+  `"ollama"` with the matching provider-specific base URL/model values.
+
+Example user config for a DeepSeek-compatible host:
+
+```toml
+provider = "deepseek"
+
+[providers.deepseek]
+api_key = "YOUR_API_KEY"
+base_url = "https://your-provider.example/v1"
+model = "deepseek-ai/DeepSeek-V4-Pro"
+```
+
+Example user config for a generic gateway:
+
+```toml
+provider = "openai"
+
+[providers.openai]
+api_key = "YOUR_GATEWAY_API_KEY"
+base_url = "https://gateway.example/v1"
+model = "your-deepseek-compatible-model"
+```
+
+Keep `provider`, `api_key`, and `base_url` in user config or process
+environment. Project-local config overlays intentionally cannot set those keys,
+so a repository cannot silently redirect prompts or credentials to another
+endpoint.
+
 ## Shipped Providers
 
 | Provider ID | TOML table | Auth env | Base URL env and default | Default or static models | Notes |

From dc6dcdfda22db932ec14a9e19b75be19517b9ef6 Mon Sep 17 00:00:00 2001
From: ningjingkun <ningjingkun@kuaishou.com>
Date: Wed, 27 May 2026 19:53:28 +0800
Subject: [PATCH 165/283] docs: add first-run user guide

---
 README.md     |   1 +
 docs/GUIDE.md | 501 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 502 insertions(+)
 create mode 100644 docs/GUIDE.md

diff --git a/README.md b/README.md
index 7629fc38..8550d983 100644
--- a/README.md
+++ b/README.md
@@ -564,6 +564,7 @@ without recreating skills the user deliberately deleted.
 
 | Doc | Topic |
 |---|---|
+| [GUIDE.md](docs/GUIDE.md) | First-run user guide |
 | [ARCHITECTURE.md](docs/ARCHITECTURE.md) | Codebase internals |
 | [CONFIGURATION.md](docs/CONFIGURATION.md) | Full config reference |
 | [PROVIDERS.md](docs/PROVIDERS.md) | Provider IDs, auth, model defaults, and capability metadata |
diff --git a/docs/GUIDE.md b/docs/GUIDE.md
new file mode 100644
index 00000000..60362570
--- /dev/null
+++ b/docs/GUIDE.md
@@ -0,0 +1,501 @@
+# CodeWhale User Guide
+
+This guide is for your first hour with CodeWhale. It explains the main
+workflow, the important safety controls, and where to go next when you need a
+complete reference.
+
+CodeWhale has deeper reference documents for installation, configuration,
+providers, modes, keybindings, tools, and operations. Use this page as a guided
+walkthrough, then follow the "Next" links when you need every option.
+
+## 1. Welcome to CodeWhale
+
+CodeWhale is a terminal coding agent. You run it from a workspace, give it a
+task, and it can use structured tools to inspect files, run commands, edit
+code, and report back with evidence.
+
+The important difference from a normal chat model is that CodeWhale is built
+around a harness:
+
+- It keeps the active workspace and session visible.
+- It routes each turn through explicit modes and approval rules.
+- It shows tool calls in the transcript instead of hiding the work.
+- It can preserve sessions, fork conversations, and continue later.
+- It can run sub-agents for focused background work.
+
+You can use CodeWhale for small questions:
+
+```text
+Explain the authentication flow in this repository.
+```
+
+You can also use it for multi-step work:
+
+```text
+Find the failing validation path, propose a fix, and wait for my approval
+before editing files.
+```
+
+For a new repository, start conservatively. Ask CodeWhale to explore and plan
+before asking it to change files. That gives you a reviewable path and makes it
+easier to catch wrong assumptions early.
+
+Next: [ARCHITECTURE.md](ARCHITECTURE.md) explains the internal harness and
+runtime model.
+
+## 2. First Launch
+
+Install CodeWhale with the path that fits your machine. Each supported install
+path provides both the `codewhale` dispatcher and the `codewhale-tui` runtime.
+
+```bash
+# npm
+npm install -g codewhale
+
+# Cargo
+cargo install codewhale-cli --locked
+cargo install codewhale-tui --locked
+
+# Homebrew
+# The tap/formula name is legacy; it installs codewhale and codewhale-tui.
+brew tap Hmbown/deepseek-tui
+brew install deepseek-tui
+```
+
+Docker is also available when you want an isolated runtime:
+
+```bash
+docker volume create codewhale-home
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-home:/home/codewhale/.codewhale \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  ghcr.io/hmbown/codewhale:latest
+```
+
+Launch CodeWhale from the repository or directory you want it to work in:
+
+```bash
+codewhale
+```
+
+On first launch, CodeWhale needs an API key for the active provider. DeepSeek is
+the default provider. The most direct setup path is:
+
+```bash
+codewhale auth set --provider deepseek
+```
+
+You can also provide a key through the environment:
+
+```bash
+export DEEPSEEK_API_KEY="your-key"
+codewhale
+```
+
+New CodeWhale config is stored under `~/.codewhale/config.toml`. Legacy
+`~/.deepseek/config.toml` files are still supported for users migrating from
+the old name.
+
+After setup, run a doctor check:
+
+```bash
+codewhale doctor
+```
+
+Use the JSON form when you need a machine-readable report for an issue:
+
+```bash
+codewhale doctor --json
+```
+
+If the doctor command reports that a rejected key came from the environment,
+remove or replace that environment variable before testing saved config again.
+
+Next: [INSTALL.md](INSTALL.md) covers platform-specific install paths,
+[CONFIGURATION.md](CONFIGURATION.md) covers config resolution, and
+[PROVIDERS.md](PROVIDERS.md) covers provider IDs and credentials.
+
+## 3. Your First Task
+
+Start with a read-only task in a real workspace:
+
+```text
+Map the repository structure and tell me where the CLI entrypoint lives.
+```
+
+Then ask for a focused plan:
+
+```text
+I want to add a small validation for empty config values. Inspect the relevant
+code and propose the smallest safe change before editing anything.
+```
+
+When you are ready for edits, be specific about the acceptance criteria:
+
+```text
+Implement the validation you proposed. Keep the change scoped to config
+parsing, add or update the narrowest test, and run the relevant check.
+```
+
+Good first prompts include four details:
+
+- The outcome you want.
+- The files, feature, or behavior you care about.
+- What is out of scope.
+- What verification should count as done.
+
+For example:
+
+```text
+Fix the broken provider error message in the config loader. Do not change the
+provider registry. Add a regression test and run only the config crate tests.
+```
+
+If you are not sure where the bug is, say that:
+
+```text
+Investigate why `codewhale doctor` reports the wrong provider. Do not edit
+files yet. Return the likely cause, evidence, and a proposed patch plan.
+```
+
+CodeWhale works best when you let investigation and implementation happen in
+separate steps for unfamiliar code. For small, well-understood changes, a
+single implementation request is fine.
+
+Next: [MODES.md](MODES.md) explains when to use Plan, Agent, and YOLO.
+
+## 4. Understanding the Interface
+
+The interactive TUI has a few stable regions:
+
+- Header: current session, active model, mode, and high-level status.
+- Transcript: the conversation, tool calls, command output summaries, and
+  model responses.
+- Composer: where you type prompts, slash commands, and file mentions.
+- Sidebar: contextual panels for work state, tasks, agents, or related
+  session information.
+- Status and footer areas: live activity, queued follow-ups, and short command
+  hints.
+
+The transcript is the audit trail. When CodeWhale reads files, runs commands,
+or edits code, the action appears there. If a command fails, use the visible
+failure output as part of your next instruction instead of starting over.
+
+The composer accepts normal prompts and slash commands. Type `/` to discover
+available commands. Use file mentions when you want the model to focus on a
+specific file or directory instead of searching broadly.
+
+The sidebar is useful when a turn spans multiple steps. It can keep goals,
+agent state, and contextual information visible while the transcript continues
+to grow.
+
+Keyboard shortcuts vary by context, terminal, and platform. This guide avoids
+duplicating the full shortcut catalog so it does not drift from the TUI.
+
+Next: [KEYBINDINGS.md](KEYBINDINGS.md) is the complete shortcut reference.
+
+## 5. Modes
+
+CodeWhale has three visible TUI modes:
+
+| Mode | Use it for | Default posture |
+| --- | --- | --- |
+| Plan | Exploration, design, and review before changes | Read-only investigation |
+| Agent | Normal multi-step coding work | Tool use with approval gates |
+| YOLO | Trusted repos where you want automatic execution | Auto-approval and trust |
+
+Switch modes from the TUI with the mode picker:
+
+```text
+/mode
+```
+
+Or switch directly:
+
+```text
+/mode plan
+/mode agent
+/mode yolo
+```
+
+Plan mode is the safest place to start in an unfamiliar repository. It is for
+inspection and decision-making, not file edits.
+
+Agent mode is the default for most contribution work. It lets CodeWhale read,
+run checks, and edit files while keeping risky actions behind approval gates.
+
+YOLO mode is for trusted workspaces where you intentionally want the model to
+act without stopping for approvals. Do not use it in a repository you do not
+trust.
+
+Modes are separate from model routing. `Tab` cycles visible modes when the
+composer is idle, while `/model auto` controls model and thinking selection for
+turns.
+
+You can also change approval behavior from `/config` by editing the approval
+mode. Use this only when you understand how it changes tool execution.
+
+Next: [MODES.md](MODES.md) has the full mode, approval, and trust-mode
+reference.
+
+## 6. Slash Commands
+
+Slash commands are typed into the composer. They are useful when you want to
+change CodeWhale state directly instead of asking the model in natural
+language.
+
+Common commands for first-time users:
+
+| Command | Use |
+| --- | --- |
+| `/mode` | Open the mode picker or switch with `/mode agent` |
+| `/model` | Select a model or use `/model auto` |
+| `/models` | Fetch or list models from the active endpoint |
+| `/provider` | Pick the active API provider |
+| `/config` | Edit runtime and provider settings |
+| `/settings` | Inspect persistent UI preferences |
+| `/compact` | Summarize long context to recover token budget |
+| `/review` | Ask for a structured review workflow |
+| `/memory` | Inspect or manage memory when enabled |
+| `/mcp` | Configure or inspect MCP server integration |
+
+Use `/provider` when you want to switch away from the default DeepSeek route.
+Provider IDs, environment variables, model defaults, and capability notes are
+kept in the provider registry document.
+
+Use `/model auto` when you want CodeWhale to choose the model and thinking
+level per turn. Use a fixed model when you need repeatable benchmarking or a
+strict cost profile.
+
+Use `/compact` when a session gets long and the model starts carrying too much
+history. Compaction trades raw transcript detail for a concise working summary.
+
+This guide intentionally does not list every command. The command surface
+changes more often than the onboarding flow, and the TUI command palette is the
+source of truth while you are inside a session.
+
+Next: [CONFIGURATION.md](CONFIGURATION.md) covers runtime settings and
+[MCP.md](MCP.md) covers Model Context Protocol integration.
+
+## 7. Working with Tools
+
+CodeWhale tools are structured actions. Instead of only producing prose, the
+model can call tools to inspect and change the workspace.
+
+Examples of tool-backed work include:
+
+- Reading a file before explaining it.
+- Searching for call sites before proposing a refactor.
+- Running a focused test command.
+- Applying a small patch.
+- Opening a sub-agent for parallel investigation.
+
+Tool use is governed by mode, approvals, and sandbox policy. The exact behavior
+depends on the current mode and config, but the basic rule is simple: start in
+Plan for read-only exploration, use Agent for normal changes, and reserve YOLO
+for trusted automation.
+
+The workspace boundary matters. CodeWhale is expected to work in the directory
+you launched it from or the workspace you configured. Be explicit when a task
+should stay inside a repo:
+
+```text
+Only inspect and edit files under this repository. Do not touch parent
+directories or global config.
+```
+
+When a command needs network, writes outside the workspace, or a risky shell
+operation, expect an approval prompt unless you have configured more permissive
+behavior.
+
+Good tool instructions are concrete:
+
+```text
+Run the narrowest test that covers this parser change. If it fails, report the
+failure and stop before broadening the test scope.
+```
+
+Avoid asking for broad cleanup during a focused fix. Smaller tool scopes make
+the transcript easier to review and the final diff easier to merge.
+
+Next: [TOOL_SURFACE.md](TOOL_SURFACE.md) lists the tool surface and
+[SANDBOX.md](SANDBOX.md) explains sandbox behavior.
+
+## 8. Sub-agents and Parallel Work
+
+Sub-agents are background child agents. The parent session gives a child a
+focused task, receives an agent id, and can continue working while the child
+runs.
+
+The main orchestration tools are:
+
+- `agent_open`: start a child with a task and role.
+- `agent_eval`: wait for and collect the child result.
+- `agent_close`: cancel a running child.
+
+You normally do not need to call these tools directly. Ask for parallel work in
+plain language:
+
+```text
+Open one read-only explorer for the config crate and another for the TUI
+provider picker. Have both return file references and risks before we plan the
+fix.
+```
+
+Useful roles include:
+
+| Role | Good for |
+| --- | --- |
+| `general` | Multi-step tasks; the default when no role is specified |
+| `explore` | Read-only code mapping |
+| `plan` | Design and migration planning |
+| `review` | Bug-focused review of an existing change |
+| `implementer` | A tightly specified edit |
+| `verifier` | Running checks and reporting pass/fail evidence |
+
+Sub-agents are most useful when work can be separated cleanly. Do not use them
+for tiny edits, and do not ask multiple agents to write the same files at the
+same time.
+
+Next: [SUBAGENTS.md](SUBAGENTS.md) covers roles, lifecycle, concurrency, and
+output contracts.
+
+## 9. Skills
+
+Skills are reusable instruction packs. A skill is usually a `SKILL.md` file
+that teaches CodeWhale how to perform a recurring workflow, use a tool family,
+or follow a project convention.
+
+Use skills when a task has a repeatable process:
+
+- Reviewing a specific kind of PR.
+- Working with a document or spreadsheet format.
+- Following a team release checklist.
+- Using a project-specific memory or wiki workflow.
+
+Inside the TUI, `/skill` activates a skill when one is available, and `/skills`
+lists installed skills. The command palette can also surface skill entries
+alongside normal slash commands.
+
+Good skills are narrow. They should tell the model what workflow to follow,
+what evidence to collect, and what to avoid. They should not hide credentials
+or replace normal repository documentation.
+
+If a repository has its own instructions, treat them as part of the active
+work. Read the local guidance before editing, and keep any contribution within
+the repository's conventions.
+
+Next: see the "Publishing Your Own Skill" section in [README.md](../README.md)
+and configuration details in [CONFIGURATION.md](CONFIGURATION.md).
+
+## 10. Getting Help
+
+Start with doctor output:
+
+```bash
+codewhale doctor
+```
+
+Use JSON when filing a detailed issue:
+
+```bash
+codewhale doctor --json
+```
+
+For authentication problems, check which source is winning: saved config,
+keyring, environment, or an explicit launch flag. A stale `DEEPSEEK_API_KEY`
+environment variable can override what you expected to use.
+
+For provider problems, confirm the active provider and model:
+
+```text
+/provider
+/model
+```
+
+For long or confusing sessions, use `/compact` to reduce context pressure, or
+start a fresh session in the same workspace and summarize what you need.
+
+When reporting an issue, include:
+
+- CodeWhale version.
+- Install method.
+- Operating system and terminal.
+- Provider and model.
+- The exact command or prompt.
+- Relevant doctor output.
+- Whether the problem happens in a fresh workspace.
+
+Do not paste API keys, private source code, or secrets into a public issue.
+
+Next: [OPERATIONS_RUNBOOK.md](OPERATIONS_RUNBOOK.md) has operational triage and
+recovery steps.
+
+## FAQ
+
+### Is CodeWhale only for DeepSeek?
+
+DeepSeek is the default and first-class route, but CodeWhale also supports
+other hosted and local OpenAI-compatible providers. Use `/provider` or
+`codewhale --provider <id>` to choose a provider. Keep the provider registry
+open when configuring a non-default route.
+
+### Which mode should I use first?
+
+Use Plan for unfamiliar code, Agent for normal implementation, and YOLO only
+for trusted repositories where automatic execution is acceptable.
+
+### Why does CodeWhale ask before running commands?
+
+Approvals are part of the safety model. Shell commands, paid tools, writes, and
+actions outside the expected workspace can have side effects. Approval prompts
+let you keep control while still letting the model do useful work.
+
+### Where is my config stored?
+
+New CodeWhale config uses `~/.codewhale/config.toml`. Legacy
+`~/.deepseek/config.toml` remains supported for compatibility. Project overlays
+can also affect behavior when a workspace config exists.
+
+### How do I keep costs predictable?
+
+Use `/model auto` for routing, choose a fixed model when you need a strict
+profile, and compact long sessions. For larger tasks, ask CodeWhale to plan
+before implementing so you do not spend tokens on the wrong path.
+
+### How do I continue previous work?
+
+CodeWhale saves sessions. Use the session picker or resume/continue CLI paths
+documented in the README and modes guide. For a risky experiment, fork the
+session before changing direction.
+
+### What should I do when the model gets confused?
+
+Stop and restate the goal, constraints, and current evidence. If the transcript
+is long, use `/compact` or start a fresh session with a short handoff. If the
+problem is operational, run `codewhale doctor` and inspect the reported config
+and provider state.
+
+### Should I put project rules in prompts or files?
+
+Use repository files for durable project rules and prompts for turn-specific
+intent. If a workflow repeats across projects, consider turning it into a
+skill.
+
+### Can CodeWhale edit files outside the current repository?
+
+That depends on workspace boundaries, sandbox settings, trust mode, and
+approval policy. For contribution work, keep instructions scoped to the current
+repository unless you intentionally need something else.
+
+### Where should I go after this guide?
+
+Read the focused reference for the thing you are changing. For most users, the
+next pages are install, configuration, providers, modes, keybindings, tools,
+and sub-agents.
+
+Next: [INSTALL.md](INSTALL.md), [CONFIGURATION.md](CONFIGURATION.md),
+[PROVIDERS.md](PROVIDERS.md), [MODES.md](MODES.md), and
+[TOOL_SURFACE.md](TOOL_SURFACE.md).

From bb4e876139679a02e507784996327999365229ad Mon Sep 17 00:00:00 2001
From: hexin <he.xin@h3c.com>
Date: Thu, 28 May 2026 18:33:57 +0800
Subject: [PATCH 166/283] perf(prompts): move environment block below volatile
 boundary for per-session workspace embedders
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The environment block (`platform`, `shell`, `pwd`, `lang`) was inserted
above the volatile-content boundary as a workspace-static cache layer. The
original comment claimed 'workspace path is fixed for the run' → static-
cacheable — true for the terminal use case where one process owns one
workspace for its lifetime.

It is **not** true for embedders that swap workspaces between sessions:

- IDE/GUI integrations binding the engine to a per-tab workspace
- Multi-engine pools with one engine per session
- Anything sending Op::SyncSession with a new workspace

For these embedders, `pwd` drifts session-to-session, dragging the entire
static prefix (mode prompt, project context, skills, context management,
compact template) out of cache reuse on every session switch. That's a
~30KB+ cache miss for a few-byte path change.

Moves the environment block below the volatile-content boundary, alongside
the configured `instructions = [...]` block. Effect:

- Static prefix stays byte-stable across sessions even when workspace
  changes (better KV prefix cache hit rate)
- Model still sees `pwd` / `platform` / `shell` (needed for exec_shell
  and structured search tools), just in a slightly later position
- No behavior change for terminal callers (workspace fixed → block content
  unchanged → still in same logical place, just below the boundary)

Added a comment explaining the per-session-workspace motivation.
---
 crates/tui/src/prompts.rs | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index c43f2e84..33a7e954 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -722,17 +722,6 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
         full_prompt = format!("{full_prompt}\n\n{pack}");
     }
 
-    // 2.25. Environment block — locale, platform, shell, pwd. All
-    // four inputs are session-stable (workspace path is fixed for
-    // the run; locale is loaded once by the caller; platform/shell
-    // come from process env). Inserted above skills so it remains in
-    // the workspace-static cache layer alongside the mode prompt and
-    // project context.
-    full_prompt = format!(
-        "{full_prompt}\n\n{}",
-        render_environment_block(workspace, session_context.locale_tag),
-    );
-
     // 2.3a. Translation output instruction — when enabled, instruct
     // the model to respond in the resolved session locale. Stays
     // above the volatile-content boundary because it's a per-session
@@ -792,6 +781,24 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
     // so DeepSeek's KV prefix cache can hit on the entire system prompt
     // regardless of per-session edits to memory, goals, or instructions.
 
+    // 6. Environment block — platform, shell, pwd, locale.
+    //
+    // Placed below the volatile-content boundary. The original comment claimed
+    // "workspace path is fixed for the run" → static-cacheable, which is true
+    // for the terminal use case (one process owns one workspace for its
+    // lifetime). It is **not** true for embedders that swap workspaces between
+    // sessions (the Op::SyncSession path, multi-engine pools, IDE
+    // integrations binding the engine to a per-tab workspace, etc.):
+    // `pwd` drifts session-to-session and drags the entire static prefix
+    // out of cache reuse. Moving the block below the volatile boundary keeps
+    // mode / project / skills / context-mgmt / compact-template byte-stable
+    // across sessions while preserving the pwd info the model needs for
+    // `exec_shell` and structured search tools.
+    full_prompt = format!(
+        "{full_prompt}\n\n{}",
+        render_environment_block(workspace, session_context.locale_tag),
+    );
+
     // 6a. Configured `instructions = [...]` files (#454). Loaded
     // and concatenated in declared order. Placed below the volatile boundary
     // because these files are workspace-scoped and may differ between

From 0b7660ddc536dd414661600573ec2b6bf6856562 Mon Sep 17 00:00:00 2001
From: hexin <he.xin@h3c.com>
Date: Thu, 28 May 2026 18:31:29 +0800
Subject: [PATCH 167/283] docs(constitution): Tier 5 Local Law covers
 EngineConfig.instructions paths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Article VII Tier 5 currently lists four hard-coded path conventions
(AGENTS.md / CLAUDE.md / .codewhale/instructions.md / .deepseek/instructions.md)
as the canonical Local Law sources. Embedders that inject instructions via
`EngineConfig.instructions` (rather than placing files at one of those four
paths) get their files classified by path — and since their paths don't
match, the model defaults to treating their imperatives as Tier 7 Memory
(the lowest tier per Article VII), overridable by a single user sentence.

Adds an explicit clause to Tier 5: '...and any file configured via
`EngineConfig.instructions` (rendered as <instructions source=...> blocks
above). ...embedder-declared imperatives are Local Law, not Memory
preferences.'

Pairs naturally with #2311 (InstructionSource enum) but stands alone — this
is a doc/law clarification, not an API change.

Adds `local_law_tier_covers_engine_config_instructions` test pinning the
new clause's presence.
---
 crates/tui/src/prompts.rs      | 18 ++++++++++++++++++
 crates/tui/src/prompts/base.md |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index 33a7e954..812be616 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -1905,6 +1905,24 @@ mod tests {
         );
     }
 
+    /// Tier 5 Local Law must explicitly cover `EngineConfig.instructions`
+    /// files. Without this clause, embedders that inject instructions via the
+    /// config field (rather than via the four hard-coded path conventions)
+    /// get their files classified by path — and since those embedder-supplied
+    /// paths aren't `AGENTS.md` / `CLAUDE.md` / `.codewhale/instructions.md` /
+    /// `.deepseek/instructions.md`, the model defaults to treating their
+    /// imperatives as Tier 7 Memory (the lowest tier per Article VII),
+    /// overridable by a single user sentence.
+    #[test]
+    fn local_law_tier_covers_engine_config_instructions() {
+        let prompt = compose_prompt(AppMode::Agent, Personality::Calm);
+        assert!(
+            prompt.contains("any file configured via `EngineConfig.instructions`"),
+            "Tier 5 must explicitly cover EngineConfig.instructions so \
+             embedder-injected instructions are not default-classified as Tier 7 Memory."
+        );
+    }
+
     #[test]
     fn workspace_orientation_guidance_present() {
         let prompt = compose_prompt(AppMode::Agent, Personality::Calm);
diff --git a/crates/tui/src/prompts/base.md b/crates/tui/src/prompts/base.md
index 83049925..061ff92c 100644
--- a/crates/tui/src/prompts/base.md
+++ b/crates/tui/src/prompts/base.md
@@ -52,7 +52,7 @@ When directives from different sources conflict, resolve in this order:
 
 4. **Regulations.** Composition patterns, sub-agent strategy, language rules, thinking budget. Best-practice guidance that yields to user intent when the two conflict.
 
-5. **Local Law.** Project instructions — AGENTS.md, CLAUDE.md, `.codewhale/instructions.md`, `.deepseek/instructions.md`. Project-specific rules that are subordinate to all higher tiers.
+5. **Local Law.** Project instructions — AGENTS.md, CLAUDE.md, `.codewhale/instructions.md`, `.deepseek/instructions.md`, **and any file configured via `EngineConfig.instructions` (rendered as `<instructions source="…">` blocks above)**. Project-specific rules that are subordinate to all higher tiers but supersede Memory (Tier 7), even when written in imperative voice — `EngineConfig.instructions` files are declared by the embedder (not user-collected like memory), so their imperatives are Local Law, not Memory preferences.
 
 6. **Evidence.** Tool output, file contents, command results, live repository state. Evidence is truth. Never contradict verified tool output. If memory and evidence conflict, evidence wins.
 

From 06aa24a17a28941e728740228689b1a695a6d026 Mon Sep 17 00:00:00 2001
From: Nightt <87569709+nightt5879@users.noreply.github.com>
Date: Fri, 29 May 2026 15:15:41 +0800
Subject: [PATCH 168/283] feat: show git branch in default footer

---
 crates/tui/src/config.rs       |  1 +
 crates/tui/src/tui/ui/tests.rs | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 282d2023..106d8c4c 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -797,6 +797,7 @@ impl StatusItem {
             StatusItem::Agents,
             StatusItem::ReasoningReplay,
             StatusItem::Cache,
+            StatusItem::GitBranch,
             StatusItem::Tokens,
         ]
     }
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 4f0baa5b..5c846db8 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -2077,6 +2077,8 @@ fn init_git_repo() -> TempDir {
             "user.name=codewhale Tests",
             "-c",
             "user.email=tests@example.com",
+            "-c",
+            "commit.gpgsign=false",
             "commit",
             "--allow-empty",
             "-m",
@@ -5694,6 +5696,10 @@ fn default_footer_keeps_prefix_stability_opt_in() {
         items.contains(&crate::config::StatusItem::Cache),
         "default footer should still include provider-reported cache hit rate"
     );
+    assert!(
+        items.contains(&crate::config::StatusItem::GitBranch),
+        "default footer should surface the current workspace branch"
+    );
 }
 
 #[test]
@@ -5782,6 +5788,30 @@ fn render_footer_from_git_branch_item_renders_workspace_branch() {
     assert_eq!(spans_text(&props.cache), "feature/statusline");
 }
 
+#[test]
+fn default_footer_renders_workspace_branch_when_available() {
+    let repo = init_git_repo();
+    let checkout = Command::new("git")
+        .args(["checkout", "-b", "feature/default-branch-chip"])
+        .current_dir(repo.path())
+        .output()
+        .expect("git checkout should run");
+    assert!(
+        checkout.status.success(),
+        "git checkout failed: {}",
+        String::from_utf8_lossy(&checkout.stderr)
+    );
+
+    let mut app = create_test_app();
+    app.workspace = repo.path().to_path_buf();
+
+    let props = render_footer_from(&app, &crate::config::StatusItem::default_footer(), None);
+    assert!(
+        spans_text(&props.cache).contains("feature/default-branch-chip"),
+        "default footer should include the current git branch"
+    );
+}
+
 /// Regression for issue #244: visible session spend must not decrease.
 /// Sub-agent token usage events arrive out of order and may be reconciled
 /// later (cache adjustments, provisional → final swap). The displayed total

From 9d3d453c505f787ccd4c4d1aae90b02b2cda435f Mon Sep 17 00:00:00 2001
From: Nightt <87569709+nightt5879@users.noreply.github.com>
Date: Fri, 29 May 2026 15:23:54 +0800
Subject: [PATCH 169/283] fix: use cached branch in footer

---
 crates/tui/src/tui/footer_ui.rs         | 8 ++++++--
 crates/tui/src/tui/ui/tests.rs          | 2 ++
 crates/tui/src/tui/workspace_context.rs | 5 +++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 1fc58d91..365848b8 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -538,11 +538,15 @@ pub(crate) fn render_footer_from(
 }
 
 pub(crate) fn footer_git_branch_spans(app: &App) -> Vec<Span<'static>> {
-    let Some(branch) = workspace_context::branch(&app.workspace) else {
+    let Some(branch) = app
+        .workspace_context
+        .as_deref()
+        .and_then(workspace_context::branch_from_context)
+    else {
         return Vec::new();
     };
     vec![Span::styled(
-        branch,
+        branch.to_string(),
         Style::default().fg(app.ui_theme.text_muted),
     )]
 }
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 5c846db8..8ae83648 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -5783,6 +5783,7 @@ fn render_footer_from_git_branch_item_renders_workspace_branch() {
 
     let mut app = create_test_app();
     app.workspace = repo.path().to_path_buf();
+    crate::tui::workspace_context::refresh_if_needed(&mut app, Instant::now(), true);
 
     let props = render_footer_from(&app, &[crate::config::StatusItem::GitBranch], None);
     assert_eq!(spans_text(&props.cache), "feature/statusline");
@@ -5804,6 +5805,7 @@ fn default_footer_renders_workspace_branch_when_available() {
 
     let mut app = create_test_app();
     app.workspace = repo.path().to_path_buf();
+    crate::tui::workspace_context::refresh_if_needed(&mut app, Instant::now(), true);
 
     let props = render_footer_from(&app, &crate::config::StatusItem::default_footer(), None);
     assert!(
diff --git a/crates/tui/src/tui/workspace_context.rs b/crates/tui/src/tui/workspace_context.rs
index 4f9e44aa..cfe04618 100644
--- a/crates/tui/src/tui/workspace_context.rs
+++ b/crates/tui/src/tui/workspace_context.rs
@@ -107,6 +107,11 @@ fn collect(workspace: &Path) -> Option<String> {
     Some(format!("{branch} | {status}"))
 }
 
+pub(crate) fn branch_from_context(context: &str) -> Option<&str> {
+    let (branch, _) = context.rsplit_once(" | ")?;
+    (!branch.is_empty()).then_some(branch)
+}
+
 pub(super) fn branch(workspace: &Path) -> Option<String> {
     let branch = run_git(workspace, &["rev-parse", "--abbrev-ref", "HEAD"]).ok()?;
     let branch = branch.trim().to_string();

From 5d0a1c848efc7e8c5e1d5082d2f82d56154013b9 Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Fri, 29 May 2026 06:33:10 +0800
Subject: [PATCH 170/283] fix(tools): eagerly load all exec_shell companion
 tools

---
 crates/tui/src/core/engine/tool_catalog.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/crates/tui/src/core/engine/tool_catalog.rs b/crates/tui/src/core/engine/tool_catalog.rs
index 474abc36..60b6166b 100644
--- a/crates/tui/src/core/engine/tool_catalog.rs
+++ b/crates/tui/src/core/engine/tool_catalog.rs
@@ -36,7 +36,11 @@ pub(super) const DEFAULT_ACTIVE_NATIVE_TOOLS: &[&str] = &[
     "apply_patch",
     "checklist_write",
     "edit_file",
+    "exec_interact",
     "exec_shell",
+    "exec_shell_interact",
+    "exec_shell_wait",
+    "exec_wait",
     "fetch_url",
     "file_search",
     "git_diff",
@@ -48,6 +52,8 @@ pub(super) const DEFAULT_ACTIVE_NATIVE_TOOLS: &[&str] = &[
     "task_create",
     "task_list",
     "task_read",
+    "task_shell_start",
+    "task_shell_wait",
     "update_plan",
     "web_search",
     "write_file",

From 09b4f7898b7a5746ffdfe188c8fa39d526be26ac Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Fri, 29 May 2026 06:33:25 +0800
Subject: [PATCH 171/283] fix(tui): route IME-committed Chinese characters
 directly to composer instead of paste-burst buffer

---
 crates/tui/src/tui/paste.rs       | 30 +++++++++++++++++++-----------
 crates/tui/src/tui/paste_burst.rs |  2 +-
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/crates/tui/src/tui/paste.rs b/crates/tui/src/tui/paste.rs
index c7c67af5..e5cb9775 100644
--- a/crates/tui/src/tui/paste.rs
+++ b/crates/tui/src/tui/paste.rs
@@ -49,15 +49,24 @@ pub fn handle_paste_burst_key(app: &mut App, key: &KeyEvent, now: Instant) -> bo
         }
         KeyCode::Char(c) if !has_ctrl_alt_or_super => {
             if !c.is_ascii() {
+                // IME-committed characters (Chinese, Japanese, Korean)
+                // arrive as individual KeyCode::Char events, typically with
+                // tens-of-milliseconds gaps between each committed character.
+                // Paste-burst buffering would lose characters when the IME
+                // commits slower than the burst heuristic's timing window.
+                //
+                // We still call note_plain_char + extend_window so that:
+                //   1. The burst timing counter advances for non-IME fast
+                //      typing on terminals without bracketed paste support.
+                //   2. The Enter-suppression window stays open during a rapid
+                //      non-ASCII sequence, preventing premature submission.
+                // But the character is inserted directly into the composer
+                // rather than placed into the paste-burst buffer.
                 if let Some(pending) = app.paste_burst.flush_before_modified_input() {
                     app.insert_str(&pending);
                 }
-                if app.paste_burst.try_append_char_if_active(c, now) {
-                    return true;
-                }
-                if let Some(decision) = app.paste_burst.on_plain_char_no_hold(now) {
-                    return handle_paste_burst_decision(app, decision, c, now);
-                }
+                app.paste_burst.note_plain_char(now);
+                app.paste_burst.extend_window(now);
                 app.insert_char(c);
                 return true;
             }
@@ -190,10 +199,9 @@ mod tests {
             );
         }
 
-        assert!(app.flush_paste_burst_if_due(
-            t0 + Duration::from_millis(pasted.chars().count() as u64)
-                + crate::tui::paste_burst::PasteBurst::recommended_active_flush_delay()
-        ));
+        // Non-ASCII characters are now inserted directly into the composer
+        // rather than buffered by paste burst. The Enter suppression window
+        // kept the newline from submitting prematurely.
         assert_eq!(app.input, pasted);
     }
 
@@ -336,4 +344,4 @@ mod tests {
         // contract here).
         assert!(app.input.is_empty());
     }
-}
+}
\ No newline at end of file
diff --git a/crates/tui/src/tui/paste_burst.rs b/crates/tui/src/tui/paste_burst.rs
index 5f4a9d7e..2c8bfb30 100644
--- a/crates/tui/src/tui/paste_burst.rs
+++ b/crates/tui/src/tui/paste_burst.rs
@@ -94,7 +94,7 @@ impl PasteBurst {
         None
     }
 
-    fn note_plain_char(&mut self, now: Instant) {
+    pub(crate) fn note_plain_char(&mut self, now: Instant) {
         match self.last_plain_char_time {
             Some(prev) if now.duration_since(prev) <= PASTE_BURST_CHAR_INTERVAL => {
                 self.consecutive_plain_char_burst =

From 1ff5db16634283a175e0a5106879eea15e670447 Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Fri, 29 May 2026 06:49:16 +0800
Subject: [PATCH 172/283] fix: cargo fmt and suppress dead_code warnings for
 unused paste-burst methods

---
 crates/tui/src/tui/paste.rs       | 2 +-
 crates/tui/src/tui/paste_burst.rs | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/tui/paste.rs b/crates/tui/src/tui/paste.rs
index e5cb9775..243b3ea0 100644
--- a/crates/tui/src/tui/paste.rs
+++ b/crates/tui/src/tui/paste.rs
@@ -344,4 +344,4 @@ mod tests {
         // contract here).
         assert!(app.input.is_empty());
     }
-}
\ No newline at end of file
+}
diff --git a/crates/tui/src/tui/paste_burst.rs b/crates/tui/src/tui/paste_burst.rs
index 2c8bfb30..ef1fe24c 100644
--- a/crates/tui/src/tui/paste_burst.rs
+++ b/crates/tui/src/tui/paste_burst.rs
@@ -77,6 +77,7 @@ impl PasteBurst {
         CharDecision::RetainFirstChar
     }
 
+    #[allow(dead_code)]
     pub fn on_plain_char_no_hold(&mut self, now: Instant) -> Option<CharDecision> {
         self.note_plain_char(now);
 
@@ -176,6 +177,7 @@ impl PasteBurst {
         self.burst_window_until = Some(now + PASTE_ENTER_SUPPRESS_WINDOW);
     }
 
+    #[allow(dead_code)]
     pub fn try_append_char_if_active(&mut self, ch: char, now: Instant) -> bool {
         if self.active || !self.buffer.is_empty() {
             self.append_char_to_buffer(ch, now);

From 09d3131dc20cfeb57afca43d6b8a600523b410e8 Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Fri, 29 May 2026 08:46:27 +0800
Subject: [PATCH 173/283] fix(windows): restore ENABLE_WINDOW_INPUT console
 flag after enable_raw_mode for IME support

---
 crates/tui/src/tui/ui.rs | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index fb89de61..d6ad72e4 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -24,6 +24,7 @@ use crossterm::{
 use crossterm::event::{
     KeyboardEnhancementFlags, PopKeyboardEnhancementFlags, PushKeyboardEnhancementFlags,
 };
+#[cfg(target_os = "windows")]
 use ratatui::{
     Frame, Terminal,
     layout::{Constraint, Direction, Layout, Rect, Size},
@@ -32,6 +33,8 @@ use ratatui::{
     widgets::Block,
 };
 use tracing;
+#[cfg(target_os = "windows")]
+use windows::Win32::System::Console::{GetConsoleMode, GetStdHandle, SetConsoleMode};
 
 use crate::audit::log_sensitive_event;
 use crate::automation_manager::{AutomationManager, AutomationSchedulerConfig, spawn_scheduler};
@@ -280,6 +283,9 @@ pub async fn run_tui(config: &Config, options: TuiOptions) -> Result<()> {
         }
     }
 
+    #[cfg(target_os = "windows")]
+    enable_windows_ime_console_mode();
+
     let mut stdout = io::stdout();
     if use_alt_screen {
         execute!(stdout, EnterAlternateScreen)?;
@@ -7042,6 +7048,36 @@ pub fn emergency_restore_terminal() {
     let _ = execute!(stdout, LeaveAlternateScreen);
 }
 
+/// On Windows, ensure the console input handle has `ENABLE_WINDOW_INPUT`
+/// (0x0008) set. crossterm's `enable_raw_mode()` removes this flag, which
+/// breaks IME composition (Chinese/Japanese/Korean input methods cannot
+/// commit characters) on some Windows configurations (e.g. Windows Terminal
+/// in conhost compatibility mode, or the legacy console with VT input).
+///
+/// Best-effort and idempotent. Silently ignored if the console handle or
+/// mode query fails.
+#[cfg(target_os = "windows")]
+fn enable_windows_ime_console_mode() {
+    use windows::Win32::System::Console::CONSOLE_MODE;
+    const ENABLE_WINDOW_INPUT: CONSOLE_MODE = CONSOLE_MODE(0x0008);
+
+    // SAFETY: Win32 console API is safe to call from any thread.
+    // Failures (console handle invalid, mode query fails) are silently
+    // ignored — this is a best-effort IME compatibility tweak.
+    unsafe {
+        let Ok(handle) = GetStdHandle(windows::Win32::System::Console::STD_INPUT_HANDLE) else {
+            return;
+        };
+        let mut mode = CONSOLE_MODE(0);
+        if GetConsoleMode(handle, &mut mode).is_err() {
+            return;
+        }
+        if mode.0 & ENABLE_WINDOW_INPUT.0 == 0 {
+            let _ = SetConsoleMode(handle, mode | ENABLE_WINDOW_INPUT);
+        }
+    }
+}
+
 /// Re-establish terminal mode flags. Idempotent and best-effort: each
 /// underlying flag is silently discarded by terminals that don't support
 /// it, and a single flag's failure doesn't prevent later flags from being
@@ -7066,6 +7102,9 @@ fn recover_terminal_modes<W: Write>(
     use_mouse_capture: bool,
     use_bracketed_paste: bool,
 ) {
+    #[cfg(target_os = "windows")]
+    enable_windows_ime_console_mode();
+
     push_keyboard_enhancement_flags(writer);
     if use_mouse_capture && let Err(err) = execute!(writer, EnableMouseCapture) {
         tracing::debug!(?err, "EnableMouseCapture ignored");

From da590e552873c505c85cce1efe37cf0ce260849c Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Fri, 29 May 2026 11:12:13 +0800
Subject: [PATCH 174/283] fix: remove spurious #[cfg(target_os = windows)]
 blocking ratatui import on non-Windows

---
 crates/tui/src/tui/ui.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index d6ad72e4..4f22c4f1 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -24,7 +24,6 @@ use crossterm::{
 use crossterm::event::{
     KeyboardEnhancementFlags, PopKeyboardEnhancementFlags, PushKeyboardEnhancementFlags,
 };
-#[cfg(target_os = "windows")]
 use ratatui::{
     Frame, Terminal,
     layout::{Constraint, Direction, Layout, Rect, Size},

From cb7614a9181dcfe6951a9a287f0df337123d4536 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 05:43:05 -0500
Subject: [PATCH 175/283] fix(tui): skip hidden worktrees in discovery walks

---
 crates/tui/src/main.rs                |   1 +
 crates/tui/src/tui/file_picker.rs     |  59 +++++++++++-
 crates/tui/src/working_set.rs         | 129 +++++++++++++++++---------
 crates/tui/src/workspace_discovery.rs |  53 +++++++++++
 4 files changed, 194 insertions(+), 48 deletions(-)
 create mode 100644 crates/tui/src/workspace_discovery.rs

diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 8bc03acc..4e5e35ae 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -78,6 +78,7 @@ mod tui;
 mod utils;
 mod vision;
 mod working_set;
+mod workspace_discovery;
 mod workspace_trust;
 
 use crate::config::{Config, DEFAULT_TEXT_MODEL, MAX_SUBAGENTS, effective_home_dir};
diff --git a/crates/tui/src/tui/file_picker.rs b/crates/tui/src/tui/file_picker.rs
index ef21091e..76b05d15 100644
--- a/crates/tui/src/tui/file_picker.rs
+++ b/crates/tui/src/tui/file_picker.rs
@@ -24,6 +24,7 @@ use ratatui::{
 
 use crate::palette;
 use crate::tui::views::{ModalKind, ModalView, ViewAction, ViewEvent};
+use crate::workspace_discovery::{DISCOVERY_ALWAYS_DIRS, path_is_excluded_from_discovery};
 
 /// Maximum number of candidates collected from the initial walk. Keeps memory
 /// bounded for very large monorepos; matches the limits codex-rs uses for the
@@ -437,7 +438,7 @@ fn collect_candidates(root: &Path) -> Vec<String> {
 
     // Whitelist AI-tool dot-directories so they're discoverable even when
     // gitignored. Walk each one separately with gitignore disabled.
-    for dir in [".deepseek", ".cursor", ".claude", ".agents"] {
+    for dir in DISCOVERY_ALWAYS_DIRS {
         let dot_dir = root.join(dir);
         if !dot_dir.is_dir() {
             continue;
@@ -451,7 +452,7 @@ fn collect_candidates(root: &Path) -> Vec<String> {
             .max_depth(Some(WALK_DEPTH.saturating_sub(1)));
         for entry in dot_builder.build().flatten() {
             // Exclude machine-generated bulk (e.g. .deepseek/snapshots/).
-            if entry.path().starts_with(root.join(".deepseek/snapshots")) {
+            if path_is_excluded_from_discovery(root, entry.path()) {
                 continue;
             }
             if !entry.file_type().is_some_and(|ft| ft.is_file()) {
@@ -733,4 +734,58 @@ mod tests {
             "skipme.txt should be filtered by .ignore: {visible:?}"
         );
     }
+
+    #[test]
+    fn picker_skips_generated_worktree_bulk_inside_unignored_dot_dirs() {
+        let dir = TempDir::new().expect("tempdir");
+        let root = dir.path();
+        fs::create_dir_all(root.join("src")).unwrap();
+        fs::write(root.join("src/main.rs"), "fn main() {}").unwrap();
+
+        fs::create_dir_all(root.join(".deepseek/commands")).unwrap();
+        fs::write(root.join(".deepseek/commands/build.md"), "build").unwrap();
+        fs::create_dir_all(root.join(".deepseek/snapshots/deadbeef/.git/objects")).unwrap();
+        fs::write(
+            root.join(".deepseek/snapshots/deadbeef/.git/objects/snapshot.pack"),
+            "pack",
+        )
+        .unwrap();
+
+        fs::create_dir_all(root.join(".claude/commands")).unwrap();
+        fs::write(root.join(".claude/commands/test.md"), "test").unwrap();
+        fs::create_dir_all(root.join(".claude/worktrees/agent/src")).unwrap();
+        fs::write(
+            root.join(".claude/worktrees/agent/src/agent-only.md"),
+            "agent",
+        )
+        .unwrap();
+
+        let candidates = collect_candidates(root);
+
+        assert!(candidates.iter().any(|path| path == "src/main.rs"));
+        assert!(
+            candidates
+                .iter()
+                .any(|path| path == ".deepseek/commands/build.md"),
+            "normal .deepseek command files should stay discoverable: {candidates:?}",
+        );
+        assert!(
+            candidates
+                .iter()
+                .any(|path| path == ".claude/commands/test.md"),
+            "normal .claude command files should stay discoverable: {candidates:?}",
+        );
+        assert!(
+            candidates
+                .iter()
+                .all(|path| !path.starts_with(".deepseek/snapshots/")),
+            "snapshot side repo files must not enter picker candidates: {candidates:?}",
+        );
+        assert!(
+            candidates
+                .iter()
+                .all(|path| !path.starts_with(".claude/worktrees/")),
+            ".claude worktree files must not enter picker candidates: {candidates:?}",
+        );
+    }
 }
diff --git a/crates/tui/src/working_set.rs b/crates/tui/src/working_set.rs
index 2b1cc2bf..655d1f15 100644
--- a/crates/tui/src/working_set.rs
+++ b/crates/tui/src/working_set.rs
@@ -7,6 +7,9 @@
 //! - pinned message indices that compaction should preserve
 
 use crate::models::{ContentBlock, Message};
+use crate::workspace_discovery::{
+    DISCOVERY_ALWAYS_DIRS, path_is_excluded_from_discovery, should_skip_unignored_discovery_entry,
+};
 use ignore::WalkBuilder;
 use regex::Regex;
 use serde::{Deserialize, Serialize};
@@ -269,32 +272,6 @@ const COMPLETIONS_WALK_DEPTH: usize = 6;
 /// above the actual entry count and the cap is a no-op.
 const FILE_INDEX_MAX_ENTRIES: usize = 50_000;
 
-/// Directories that must remain discoverable for `@`-mention completion and
-/// fuzzy file resolution even when excluded by `.gitignore`. AI-tool
-/// convention directories (`.deepseek/`, `.cursor/`, `.claude/`, `.agents/`)
-/// are routinely gitignored, but users need to `@`-mention files inside them.
-const DISCOVERY_ALWAYS_DIRS: &[&str] = &[".deepseek", ".cursor", ".claude", ".agents"];
-
-/// Subdirectories under `DISCOVERY_ALWAYS_DIRS` that must NOT be indexed
-/// even when the parent dir is walked with gitignore disabled. These are
-/// large, machine-generated, or sensitive paths that would blow up the
-/// walker (e.g. `.deepseek/snapshots/` — the snapshot side repo that
-/// #1112 caps at 500 MB; indexing it would trigger the same OOM/hang
-/// the cap was built to prevent).
-const DISCOVERY_EXCLUDED_SUBDIRS: &[&str] = &[".deepseek/snapshots"];
-
-/// Check whether a path resolved against `walk_root` falls inside any
-/// `DISCOVERY_EXCLUDED_SUBDIRS` entry. Used to keep the snapshot side
-/// repo (`.deepseek/snapshots/`) out of the completion/index walk.
-fn path_is_excluded_from_discovery(walk_root: &Path, path: &Path) -> bool {
-    for excluded in DISCOVERY_EXCLUDED_SUBDIRS {
-        if path.starts_with(walk_root.join(excluded)) {
-            return true;
-        }
-    }
-    false
-}
-
 /// Configure a `WalkBuilder` for workspace discovery: hidden files, no
 /// symlink following, depth-limited, custom `.deepseekignore` honored,
 /// and gitignore overrides for AI-tool dot-directories so `@`-completion
@@ -494,7 +471,10 @@ fn local_reference_paths(root: &Path, limit: usize) -> Vec<PathBuf> {
         .git_global(false)
         .git_exclude(false);
     let _ = builder.add_custom_ignore_filename(".deepseekignore");
-    builder.filter_entry(|entry| !should_skip_local_reference_dir(entry.path()));
+    let root_for_filter = root.to_path_buf();
+    builder.filter_entry(move |entry| {
+        !should_skip_unignored_discovery_entry(&root_for_filter, entry.path())
+    });
 
     for entry in builder.build().flatten() {
         if out.len() >= limit {
@@ -514,25 +494,6 @@ fn local_reference_paths(root: &Path, limit: usize) -> Vec<PathBuf> {
     out
 }
 
-fn should_skip_local_reference_dir(path: &Path) -> bool {
-    let Some(name) = path.file_name().and_then(|name| name.to_str()) else {
-        return false;
-    };
-    matches!(
-        name,
-        ".git"
-            | "target"
-            | "node_modules"
-            | ".venv"
-            | "venv"
-            | "env"
-            | "dist"
-            | "build"
-            | "__pycache__"
-            | ".ruff_cache"
-    )
-}
-
 impl Clone for Workspace {
     fn clone(&self) -> Self {
         // Don't carry the cached file_index — clones get a fresh OnceLock so
@@ -1523,6 +1484,82 @@ mod tests {
         );
     }
 
+    #[test]
+    fn workspace_completions_skip_hidden_worktrees_and_build_bulk() {
+        let tmp = TempDir::new().unwrap();
+        let root = tmp.path();
+        std::fs::write(root.join(".gitignore"), ".worktrees/\n.generated/\n").unwrap();
+
+        std::fs::create_dir_all(root.join(".worktrees/release/src")).unwrap();
+        std::fs::write(
+            root.join(".worktrees/release/src/worktree-only.rs"),
+            "fn main() {}",
+        )
+        .unwrap();
+        std::fs::create_dir_all(root.join(".worktrees/release/target/debug")).unwrap();
+        std::fs::write(
+            root.join(".worktrees/release/target/debug/generated.o"),
+            "object",
+        )
+        .unwrap();
+
+        std::fs::create_dir_all(root.join(".claude/worktrees/agent/src")).unwrap();
+        std::fs::write(
+            root.join(".claude/worktrees/agent/src/agent-only.md"),
+            "agent note",
+        )
+        .unwrap();
+        std::fs::create_dir_all(root.join(".claude/commands")).unwrap();
+        std::fs::write(root.join(".claude/commands/keep.md"), "command").unwrap();
+
+        std::fs::create_dir_all(root.join(".generated/specs")).unwrap();
+        std::fs::write(root.join(".generated/specs/device-layout.md"), "layout").unwrap();
+
+        let ws = Workspace::with_cwd(root.to_path_buf(), Some(root.to_path_buf()));
+
+        let worktree_entries = ws.completions(".worktrees", 32);
+        assert!(
+            worktree_entries
+                .iter()
+                .all(|entry| !entry.starts_with(".worktrees/")),
+            "hidden release worktrees must stay out of completions: {worktree_entries:?}",
+        );
+
+        let claude_worktree_entries = ws.completions(".claude/worktrees", 32);
+        assert!(
+            claude_worktree_entries
+                .iter()
+                .all(|entry| !entry.starts_with(".claude/worktrees/")),
+            ".claude/worktrees must stay out of completions: {claude_worktree_entries:?}",
+        );
+
+        let generated_entries = ws.completions(".generated/specs", 32);
+        assert!(
+            generated_entries
+                .iter()
+                .any(|entry| entry == ".generated/specs/device-layout.md"),
+            "explicit user-generated hidden folders should still complete: {generated_entries:?}",
+        );
+
+        let command_entries = ws.completions(".claude/commands", 32);
+        assert!(
+            command_entries
+                .iter()
+                .any(|entry| entry == ".claude/commands/keep.md"),
+            "normal .claude command files should still complete: {command_entries:?}",
+        );
+
+        assert!(
+            ws.resolve("worktree-only.rs").is_err(),
+            "fuzzy resolution must not index files from hidden release worktrees"
+        );
+        assert!(
+            ws.resolve("agent-only.md").is_err(),
+            "fuzzy resolution must not index files from .claude/worktrees"
+        );
+        assert!(ws.resolve("keep.md").is_ok());
+    }
+
     #[test]
     fn fuzzy_index_resolves_hidden_and_ignored_files_except_deepseekignored() {
         let tmp = TempDir::new().unwrap();
diff --git a/crates/tui/src/workspace_discovery.rs b/crates/tui/src/workspace_discovery.rs
new file mode 100644
index 00000000..ac41c33d
--- /dev/null
+++ b/crates/tui/src/workspace_discovery.rs
@@ -0,0 +1,53 @@
+//! Shared workspace discovery filters for UI path pickers and mentions.
+
+use std::path::Path;
+
+/// Directories that must remain discoverable for `@`-mention completion and
+/// fuzzy file resolution even when excluded by `.gitignore`.
+pub(crate) const DISCOVERY_ALWAYS_DIRS: &[&str] = &[".deepseek", ".cursor", ".claude", ".agents"];
+
+/// Root-relative directories that are too large or generated to discover
+/// with gitignore disabled. Exact user-specified paths may still resolve.
+const DISCOVERY_EXCLUDED_SUBDIRS: &[&str] =
+    &[".deepseek/snapshots", ".worktrees", ".claude/worktrees"];
+
+/// Directory basenames that should not be traversed by fallback discovery
+/// walks that deliberately disable gitignore.
+const DISCOVERY_EXCLUDED_DIR_NAMES: &[&str] = &[
+    ".git",
+    "target",
+    "node_modules",
+    ".venv",
+    "venv",
+    "env",
+    "dist",
+    "build",
+    ".next",
+    ".turbo",
+    "coverage",
+    "__pycache__",
+    ".pytest_cache",
+    ".ruff_cache",
+];
+
+/// Check whether `path` is under a root-relative excluded discovery subtree.
+pub(crate) fn path_is_excluded_from_discovery(walk_root: &Path, path: &Path) -> bool {
+    DISCOVERY_EXCLUDED_SUBDIRS
+        .iter()
+        .any(|excluded| path.starts_with(walk_root.join(excluded)))
+}
+
+/// Filter for walks that turn off gitignore to surface explicit hidden paths.
+pub(crate) fn should_skip_unignored_discovery_entry(walk_root: &Path, path: &Path) -> bool {
+    if path == walk_root {
+        return false;
+    }
+
+    if path_is_excluded_from_discovery(walk_root, path) {
+        return true;
+    }
+
+    path.file_name()
+        .and_then(|name| name.to_str())
+        .is_some_and(|name| DISCOVERY_EXCLUDED_DIR_NAMES.contains(&name))
+}

From 32f424df26cdcf0b5a981bbf733c9619168e0bc0 Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Fri, 29 May 2026 06:09:42 +0800
Subject: [PATCH 176/283] fix(tui): skip hidden worktrees in workspace
 discovery to prevent TUI saturation

---
 crates/tui/src/project_context.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/project_context.rs b/crates/tui/src/project_context.rs
index 39a8ad29..2ec89481 100644
--- a/crates/tui/src/project_context.rs
+++ b/crates/tui/src/project_context.rs
@@ -50,6 +50,7 @@ const PACK_MAX_CONFIG_FILES: usize = 60;
 const PACK_MAX_DEPTH: usize = 4;
 const PACK_IGNORED_DIRS: &[&str] = &[
     ".git",
+    ".worktrees",
     "node_modules",
     ".venv",
     "venv",
@@ -1137,4 +1138,4 @@ mod tests {
                 .contains("Project Structure (Auto-generated)")
         );
     }
-}
+}
\ No newline at end of file

From 03c4b6bd24f79c4d5a068cf121492b87d40806cf Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Fri, 29 May 2026 07:59:28 +0800
Subject: [PATCH 177/283] fix: trailing newline in project_context.rs (cargo
 fmt)

---
 crates/tui/src/project_context.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/tui/src/project_context.rs b/crates/tui/src/project_context.rs
index 2ec89481..5214acc5 100644
--- a/crates/tui/src/project_context.rs
+++ b/crates/tui/src/project_context.rs
@@ -1138,4 +1138,4 @@ mod tests {
                 .contains("Project Structure (Auto-generated)")
         );
     }
-}
\ No newline at end of file
+}

From 8f937138601c4fdc5b956df22735209b39096ed9 Mon Sep 17 00:00:00 2001
From: cyq <15000851237@163.com>
Date: Fri, 29 May 2026 08:21:35 +0800
Subject: [PATCH 178/283] feat(tui): add render diff debug log

---
 crates/tui/src/runtime_log.rs      |   2 +-
 crates/tui/src/tui/color_compat.rs | 154 ++++++++++++++++++++++++++++-
 2 files changed, 154 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/runtime_log.rs b/crates/tui/src/runtime_log.rs
index 2edd53ad..b7e4b06b 100644
--- a/crates/tui/src/runtime_log.rs
+++ b/crates/tui/src/runtime_log.rs
@@ -156,7 +156,7 @@ pub fn init() -> Result<TuiLogGuard> {
     })
 }
 
-fn log_directory() -> Option<PathBuf> {
+pub(crate) fn log_directory() -> Option<PathBuf> {
     let resolve = |base: PathBuf| -> Option<PathBuf> {
         let primary = base.join(".codewhale").join("logs");
         if primary.exists() {
diff --git a/crates/tui/src/tui/color_compat.rs b/crates/tui/src/tui/color_compat.rs
index 73a253aa..f46776f9 100644
--- a/crates/tui/src/tui/color_compat.rs
+++ b/crates/tui/src/tui/color_compat.rs
@@ -6,6 +6,7 @@
 //! as stray green/cyan backgrounds. This backend adapts every cell to the
 //! detected color depth before handing it to crossterm.
 
+use std::fs::{self, File, OpenOptions};
 use std::io::{self, Write};
 
 use ratatui::{
@@ -16,6 +17,9 @@ use ratatui::{
 
 use crate::palette::{self, ColorDepth, PaletteMode, ThemeId, UiTheme};
 
+const RENDER_DEBUG_ENV: &str = "CODEWHALE_TUI_DEBUG";
+const RENDER_DEBUG_SAMPLE_LIMIT: usize = 24;
+
 #[derive(Debug)]
 pub(crate) struct ColorCompatBackend<W: Write> {
     inner: CrosstermBackend<W>,
@@ -38,6 +42,7 @@ pub(crate) struct ColorCompatBackend<W: Write> {
     /// Forcing the expected size prevents ratatui's internal `autoresize` from
     /// shrinking the viewport back to the stale dimension inside `draw()`.
     forced_size: Option<Size>,
+    render_debug: Option<RenderDebugLog>,
 }
 
 impl<W: Write> ColorCompatBackend<W> {
@@ -53,6 +58,7 @@ impl<W: Write> ColorCompatBackend<W> {
             // to a community preset.
             active_ui_theme: UiTheme::detect(),
             forced_size: None,
+            render_debug: RenderDebugLog::from_env(),
         }
     }
 
@@ -104,6 +110,14 @@ impl<W: Write> Backend for ColorCompatBackend<W> {
                 (x, y, cell)
             })
             .collect::<Vec<_>>();
+        let viewport = if self.render_debug.is_some() {
+            self.size().ok()
+        } else {
+            None
+        };
+        if let Some(render_debug) = &mut self.render_debug {
+            render_debug.record(viewport, &adapted);
+        }
         self.inner
             .draw(adapted.iter().map(|(x, y, cell)| (*x, *y, cell)))
     }
@@ -152,6 +166,73 @@ impl<W: Write> Backend for ColorCompatBackend<W> {
     }
 }
 
+#[derive(Debug)]
+struct RenderDebugLog {
+    file: File,
+    frame: u64,
+}
+
+impl RenderDebugLog {
+    fn from_env() -> Option<Self> {
+        if !render_debug_enabled_from_value(std::env::var(RENDER_DEBUG_ENV).ok().as_deref()) {
+            return None;
+        }
+
+        let log_dir = crate::runtime_log::log_directory()?;
+        if let Err(err) = fs::create_dir_all(&log_dir) {
+            tracing::debug!(?err, "failed to create TUI render debug log directory");
+            return None;
+        }
+        let path = log_dir.join("tui-render.log");
+        let file = OpenOptions::new()
+            .create(true)
+            .append(true)
+            .open(&path)
+            .map_err(|err| {
+                tracing::debug!(?err, path = %path.display(), "failed to open TUI render debug log");
+                err
+            })
+            .ok()?;
+
+        Some(Self { file, frame: 0 })
+    }
+
+    fn record(&mut self, viewport: Option<Size>, diff: &[(u16, u16, Cell)]) {
+        self.frame = self.frame.saturating_add(1);
+        let sample = diff
+            .iter()
+            .take(RENDER_DEBUG_SAMPLE_LIMIT)
+            .map(|(x, y, _)| (*x, *y))
+            .collect::<Vec<_>>();
+        let line = render_debug_line(self.frame, viewport, diff.len(), &sample);
+        let _ = self.file.write_all(line.as_bytes());
+    }
+}
+
+fn render_debug_enabled_from_value(value: Option<&str>) -> bool {
+    matches!(
+        value.map(str::trim).map(str::to_ascii_lowercase).as_deref(),
+        Some("1" | "true" | "yes" | "on")
+    )
+}
+
+fn render_debug_line(
+    frame: u64,
+    viewport: Option<Size>,
+    diff_cells: usize,
+    sample: &[(u16, u16)],
+) -> String {
+    let size = viewport
+        .map(|size| format!("{}x{}", size.width, size.height))
+        .unwrap_or_else(|| "unknown".to_string());
+    let sample = sample
+        .iter()
+        .map(|(x, y)| format!("{x}:{y}"))
+        .collect::<Vec<_>>()
+        .join(",");
+    format!("frame={frame} size={size} diff_cells={diff_cells} sample={sample}\n")
+}
+
 fn adapt_cell_colors(
     cell: &mut Cell,
     depth: ColorDepth,
@@ -177,12 +258,13 @@ fn adapt_cell_colors(
 
 #[cfg(test)]
 mod tests {
-    use std::{cell::RefCell, io::Write, rc::Rc};
+    use std::{cell::RefCell, env, fs, io::Write, rc::Rc};
 
     use ratatui::backend::Backend;
     use ratatui::{buffer::Cell, style::Color};
 
     use super::*;
+    use crate::test_support::lock_test_env;
 
     #[derive(Clone, Default)]
     struct SharedWriter(Rc<RefCell<Vec<u8>>>);
@@ -318,4 +400,74 @@ mod tests {
         backend.set_palette_mode(PaletteMode::Grayscale);
         assert_eq!(backend.palette_mode, PaletteMode::Grayscale);
     }
+
+    #[test]
+    fn render_debug_env_parser_accepts_truthy_values_only() {
+        assert!(!render_debug_enabled_from_value(None));
+        assert!(!render_debug_enabled_from_value(Some("")));
+        assert!(!render_debug_enabled_from_value(Some("0")));
+        assert!(!render_debug_enabled_from_value(Some("false")));
+        assert!(render_debug_enabled_from_value(Some("1")));
+        assert!(render_debug_enabled_from_value(Some("true")));
+        assert!(render_debug_enabled_from_value(Some("YES")));
+        assert!(render_debug_enabled_from_value(Some("on")));
+    }
+
+    #[test]
+    fn render_debug_line_records_frame_size_and_diff_sample() {
+        let line = render_debug_line(7, Some(Size::new(80, 24)), 42, &[(0, 0), (12, 3), (79, 23)]);
+
+        assert_eq!(
+            line,
+            "frame=7 size=80x24 diff_cells=42 sample=0:0,12:3,79:23\n"
+        );
+    }
+
+    #[test]
+    fn backend_writes_render_debug_log_when_enabled() {
+        let _lock = lock_test_env();
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let previous_home = env::var_os("HOME");
+        let previous_userprofile = env::var_os("USERPROFILE");
+        let previous_debug = env::var_os(RENDER_DEBUG_ENV);
+
+        // SAFETY: environment mutation is serialized by lock_test_env.
+        unsafe {
+            env::set_var("HOME", tmp.path());
+            env::set_var("USERPROFILE", "");
+            env::set_var(RENDER_DEBUG_ENV, "1");
+        }
+
+        let writer = SharedWriter::default();
+        let mut backend = ColorCompatBackend::new(writer, ColorDepth::TrueColor, PaletteMode::Dark);
+        let mut cell = Cell::default();
+        cell.set_symbol("x");
+        backend.draw(std::iter::once((3, 4, &cell))).unwrap();
+
+        let log_path = tmp
+            .path()
+            .join(".deepseek")
+            .join("logs")
+            .join("tui-render.log");
+        let body = fs::read_to_string(log_path).expect("render debug log");
+        assert!(body.contains("frame=1"), "{body}");
+        assert!(body.contains("diff_cells=1"), "{body}");
+        assert!(body.contains("sample=3:4"), "{body}");
+
+        // SAFETY: environment mutation is serialized by lock_test_env.
+        unsafe {
+            match previous_home {
+                Some(value) => env::set_var("HOME", value),
+                None => env::remove_var("HOME"),
+            }
+            match previous_userprofile {
+                Some(value) => env::set_var("USERPROFILE", value),
+                None => env::remove_var("USERPROFILE"),
+            }
+            match previous_debug {
+                Some(value) => env::set_var(RENDER_DEBUG_ENV, value),
+                None => env::remove_var(RENDER_DEBUG_ENV),
+            }
+        }
+    }
 }

From 63be80d8353399ff16a7230fc95aa1cbfc382cf5 Mon Sep 17 00:00:00 2001
From: cyq <15000851237@163.com>
Date: Fri, 29 May 2026 08:26:54 +0800
Subject: [PATCH 179/283] fix(tui): keep render debug logs in codewhale dir

---
 crates/tui/src/runtime_log.rs      | 42 +++++++++++++--
 crates/tui/src/tui/color_compat.rs | 86 +++++++++++++++++++-----------
 2 files changed, 94 insertions(+), 34 deletions(-)

diff --git a/crates/tui/src/runtime_log.rs b/crates/tui/src/runtime_log.rs
index b7e4b06b..fd631f66 100644
--- a/crates/tui/src/runtime_log.rs
+++ b/crates/tui/src/runtime_log.rs
@@ -1,5 +1,5 @@
 //! TUI runtime logging. Initializes a `tracing-subscriber` that writes to a
-//! per-process file under `~/.deepseek/logs/tui-YYYY-MM-DD-PID.log`, and (on
+//! per-process file under `~/.codewhale/logs/tui-YYYY-MM-DD-PID.log`, and (on
 //! Unix) redirects the process's `stderr` fd to that same file for the lifetime
 //! of the alt-screen TUI.
 //!
@@ -22,7 +22,7 @@
 //!
 //! Defence-in-depth:
 //!   1. A `tracing-subscriber` writes formatted logs to
-//!      `~/.deepseek/logs/tui-YYYY-MM-DD-PID.log` so `tracing::warn!` /
+//!      `~/.codewhale/logs/tui-YYYY-MM-DD-PID.log` so `tracing::warn!` /
 //!      `tracing::error!` calls go somewhere observable instead of
 //!      disappearing into the void (the TUI previously had no global
 //!      subscriber, so contributors reached for `eprintln!`).
@@ -162,7 +162,11 @@ pub(crate) fn log_directory() -> Option<PathBuf> {
         if primary.exists() {
             return Some(primary);
         }
-        Some(base.join(".deepseek").join("logs"))
+        let legacy = base.join(".deepseek").join("logs");
+        if legacy.exists() {
+            return Some(legacy);
+        }
+        Some(primary)
     };
     if let Some(home) = std::env::var_os("HOME").map(PathBuf::from)
         && !home.as_os_str().is_empty()
@@ -270,7 +274,37 @@ mod tests {
         }
 
         let resolved = log_directory().expect("log_directory should resolve");
-        assert_eq!(resolved, tmp.path().join(".deepseek").join("logs"));
+        assert_eq!(resolved, tmp.path().join(".codewhale").join("logs"));
+
+        // SAFETY: cleanup under the same lock.
+        unsafe {
+            match prev_home {
+                Some(v) => std::env::set_var("HOME", v),
+                None => std::env::remove_var("HOME"),
+            }
+            match prev_userprofile {
+                Some(v) => std::env::set_var("USERPROFILE", v),
+                None => std::env::remove_var("USERPROFILE"),
+            }
+        }
+    }
+
+    #[test]
+    fn log_directory_uses_existing_legacy_deepseek_logs() {
+        let _lock = crate::test_support::lock_test_env();
+        let tmp = tempfile::TempDir::new().unwrap();
+        let legacy = tmp.path().join(".deepseek").join("logs");
+        fs::create_dir_all(&legacy).unwrap();
+        let prev_home = std::env::var_os("HOME");
+        let prev_userprofile = std::env::var_os("USERPROFILE");
+        // SAFETY: serialised by lock_test_env.
+        unsafe {
+            std::env::set_var("HOME", tmp.path());
+            std::env::set_var("USERPROFILE", "");
+        }
+
+        let resolved = log_directory().expect("log_directory should resolve");
+        assert_eq!(resolved, legacy);
 
         // SAFETY: cleanup under the same lock.
         unsafe {
diff --git a/crates/tui/src/tui/color_compat.rs b/crates/tui/src/tui/color_compat.rs
index f46776f9..cedaea0b 100644
--- a/crates/tui/src/tui/color_compat.rs
+++ b/crates/tui/src/tui/color_compat.rs
@@ -6,6 +6,7 @@
 //! as stray green/cyan backgrounds. This backend adapts every cell to the
 //! detected color depth before handing it to crossterm.
 
+use std::fmt::Write as _;
 use std::fs::{self, File, OpenOptions};
 use std::io::{self, Write};
 
@@ -222,15 +223,30 @@ fn render_debug_line(
     diff_cells: usize,
     sample: &[(u16, u16)],
 ) -> String {
-    let size = viewport
-        .map(|size| format!("{}x{}", size.width, size.height))
-        .unwrap_or_else(|| "unknown".to_string());
-    let sample = sample
-        .iter()
-        .map(|(x, y)| format!("{x}:{y}"))
-        .collect::<Vec<_>>()
-        .join(",");
-    format!("frame={frame} size={size} diff_cells={diff_cells} sample={sample}\n")
+    let mut line = String::new();
+    match viewport {
+        Some(size) => {
+            let _ = write!(
+                &mut line,
+                "frame={frame} size={}x{} diff_cells={diff_cells} sample=",
+                size.width, size.height
+            );
+        }
+        None => {
+            let _ = write!(
+                &mut line,
+                "frame={frame} size=unknown diff_cells={diff_cells} sample="
+            );
+        }
+    }
+    for (index, (x, y)) in sample.iter().enumerate() {
+        if index > 0 {
+            line.push(',');
+        }
+        let _ = write!(&mut line, "{x}:{y}");
+    }
+    line.push('\n');
+    line
 }
 
 fn adapt_cell_colors(
@@ -258,7 +274,7 @@ fn adapt_cell_colors(
 
 #[cfg(test)]
 mod tests {
-    use std::{cell::RefCell, env, fs, io::Write, rc::Rc};
+    use std::{cell::RefCell, env, ffi::OsString, fs, io::Write, rc::Rc};
 
     use ratatui::backend::Backend;
     use ratatui::{buffer::Cell, style::Color};
@@ -280,6 +296,32 @@ mod tests {
         }
     }
 
+    struct EnvRestore {
+        key: &'static str,
+        value: Option<OsString>,
+    }
+
+    impl EnvRestore {
+        fn capture(key: &'static str) -> Self {
+            Self {
+                key,
+                value: env::var_os(key),
+            }
+        }
+    }
+
+    impl Drop for EnvRestore {
+        fn drop(&mut self) {
+            // SAFETY: environment mutation is serialized by lock_test_env.
+            unsafe {
+                match &self.value {
+                    Some(value) => env::set_var(self.key, value),
+                    None => env::remove_var(self.key),
+                }
+            }
+        }
+    }
+
     #[test]
     fn adapts_rgb_cells_to_indexed_on_ansi256() {
         let mut cell = Cell::default();
@@ -427,9 +469,9 @@ mod tests {
     fn backend_writes_render_debug_log_when_enabled() {
         let _lock = lock_test_env();
         let tmp = tempfile::tempdir().expect("tempdir");
-        let previous_home = env::var_os("HOME");
-        let previous_userprofile = env::var_os("USERPROFILE");
-        let previous_debug = env::var_os(RENDER_DEBUG_ENV);
+        let _home = EnvRestore::capture("HOME");
+        let _userprofile = EnvRestore::capture("USERPROFILE");
+        let _debug = EnvRestore::capture(RENDER_DEBUG_ENV);
 
         // SAFETY: environment mutation is serialized by lock_test_env.
         unsafe {
@@ -446,28 +488,12 @@ mod tests {
 
         let log_path = tmp
             .path()
-            .join(".deepseek")
+            .join(".codewhale")
             .join("logs")
             .join("tui-render.log");
         let body = fs::read_to_string(log_path).expect("render debug log");
         assert!(body.contains("frame=1"), "{body}");
         assert!(body.contains("diff_cells=1"), "{body}");
         assert!(body.contains("sample=3:4"), "{body}");
-
-        // SAFETY: environment mutation is serialized by lock_test_env.
-        unsafe {
-            match previous_home {
-                Some(value) => env::set_var("HOME", value),
-                None => env::remove_var("HOME"),
-            }
-            match previous_userprofile {
-                Some(value) => env::set_var("USERPROFILE", value),
-                None => env::remove_var("USERPROFILE"),
-            }
-            match previous_debug {
-                Some(value) => env::set_var(RENDER_DEBUG_ENV, value),
-                None => env::remove_var(RENDER_DEBUG_ENV),
-            }
-        }
     }
 }

From bcdaf81a0425083823f8fe5e23db5929b611236a Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Fri, 29 May 2026 09:35:19 +0800
Subject: [PATCH 180/283] =?UTF-8?q?feat:=20add=20/cache=20stats=20?=
 =?UTF-8?q?=E2=80=94=20prefix=20hash/drift=20exposure=20and=20cache-hit=20?=
 =?UTF-8?q?summary=20(#2264)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Surfaces the current pinned prefix fingerprint hash and stability
diagnostics via a new `/cache stats` subcommand, per the low-risk
0.8.x slice agreed on in #2264.

Changes:
- EngineEvent::PrefixCacheChange now carries pinned_combined_hash
  from PrefixStabilityManager so the TUI layer can surface it
- App.last_pinned_prefix_hash stores the hash per-turn for /cache stats
- New /cache stats command renders three sections:
  - Prefix Stability: pct, checks, changes, last-change description
  - Prefix Fingerprint: full SHA-256 hash, short id, drift warning
  - Cache Hit Rate: aggregated token totals + low-hit advisory
- format_tokens() helper for compact K/M token display
- 6 unit tests covering: no-data, stable, drift warning, hit-rate
  summary, low-hit advisory, token formatting

Refs: #2264
---
 crates/tui/src/commands/debug.rs        | 243 ++++++++++++++++++++++++
 crates/tui/src/commands/mod.rs          |   2 +-
 crates/tui/src/core/engine/turn_loop.rs |   6 +
 crates/tui/src/core/events.rs           |   4 +
 crates/tui/src/tui/app.rs               |   5 +
 crates/tui/src/tui/ui.rs                |   4 +
 6 files changed, 263 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/commands/debug.rs b/crates/tui/src/commands/debug.rs
index a89bd174..4404c3d2 100644
--- a/crates/tui/src/commands/debug.rs
+++ b/crates/tui/src/commands/debug.rs
@@ -145,6 +145,9 @@ pub fn cache(app: &mut App, arg: Option<&str>) -> CommandResult {
     if matches!(arg, Some("warmup")) {
         return CommandResult::action(AppAction::CacheWarmup);
     }
+    if matches!(arg, Some("stats")) {
+        return CommandResult::message(format_cache_stats(app));
+    }
 
     let want = arg.and_then(|s| s.parse::<usize>().ok()).unwrap_or(10);
     let cap = app.session.turn_cache_history.len();
@@ -233,6 +236,126 @@ fn format_cache_inspect(app: &mut App) -> String {
     out
 }
 
+/// Render a prefix-cache stability and health summary for `/cache stats`.
+///
+/// Surfaces the current prefix fingerprint, stability ratio, change history,
+/// and an aggregated cache-hit summary from per-turn telemetry.  When the
+/// prefix has changed, a prominent warning is included so users can
+/// correlate cache misses with prefix drift.
+fn format_cache_stats(app: &App) -> String {
+    let mut out = String::new();
+    out.push_str("Cache Stats\n");
+
+    // ── Prefix stability ──────────────────────────────────────────────
+    out.push_str("\n── Prefix Stability\n");
+    match app.prefix_stability_pct {
+        Some(pct) => {
+            let checks = app.prefix_checks_total;
+            let changes = app.prefix_change_count;
+            let stable_checks = checks.saturating_sub(changes);
+
+            if changes == 0 {
+                out.push_str(&format!(
+                    "  Stability: {pct}% ({stable_checks}/{checks} checks)\n"
+                ));
+                out.push_str("  Status:    stable (no prefix changes this session)\n");
+            } else {
+                out.push_str(&format!(
+                    "  Stability: {pct}% ({stable_checks}/{checks} checks, {changes} change{})\n",
+                    if changes == 1 { "" } else { "s" }
+                ));
+                out.push_str("  Status:    WARNING — prefix has changed\n");
+                if let Some(ref desc) = app.last_prefix_change_desc {
+                    out.push_str(&format!("  Last change: {desc}\n"));
+                }
+            }
+        }
+        None => {
+            out.push_str("  Stability: unknown (no checks recorded yet)\n");
+            out.push_str("  Run a turn first to collect prefix stability data.\n");
+        }
+    }
+
+    // ── Prefix fingerprint ────────────────────────────────────────────
+    out.push_str("\n── Prefix Fingerprint\n");
+    match &app.last_pinned_prefix_hash {
+        Some(hash) => {
+            out.push_str(&format!("  Pinned hash: {hash}\n"));
+            let short = if hash.len() >= 12 { &hash[..12] } else { hash };
+            out.push_str(&format!("  Short id:    {short}\n"));
+            if app.prefix_change_count > 0 {
+                out.push_str("  Drift:       WARNING — hash has changed during this session\n");
+                out.push_str(&format!(
+                    "               ({change} change{plural} detected)\n",
+                    change = app.prefix_change_count,
+                    plural = if app.prefix_change_count == 1 { "" } else { "s" }
+                ));
+            } else {
+                out.push_str("  Drift:       none (hash stable)\n");
+            }
+        }
+        None => {
+            out.push_str("  Pinned hash: unavailable\n");
+            out.push_str("  Run a turn first, or use /cache inspect.\n");
+        }
+    }
+
+    // ── Cache hit-rate summary ────────────────────────────────────────
+    out.push_str("\n── Cache Hit Rate\n");
+    let history = &app.session.turn_cache_history;
+    if history.is_empty() {
+        out.push_str("  No turn telemetry recorded yet.\n");
+    } else {
+        let (hit, miss, input) = app.session.turn_cache_history.iter().fold(
+            (0u64, 0u64, 0u64),
+            |(hit, miss, input), rec| {
+                (
+                    hit + u64::from(rec.cache_hit_tokens.unwrap_or(0)),
+                    miss + u64::from(rec.cache_miss_tokens.unwrap_or(0)),
+                    input + u64::from(rec.input_tokens),
+                )
+            },
+        );
+        let total_cache = hit + miss;
+        let avg_pct = if total_cache > 0 {
+            (hit as f64 / total_cache as f64 * 100.0).clamp(0.0, 100.0)
+        } else {
+            0.0
+        };
+        out.push_str(&format!("  Turns recorded: {}\n", history.len()));
+        out.push_str(&format!(
+            "  Cache hit tokens:  {hit} ({avg_pct:.1}% of {total_cache} cache-aware tokens)\n",
+            hit = format_tokens(hit),
+            total_cache = format_tokens(total_cache),
+        ));
+        out.push_str(&format!(
+            "  Cache miss tokens: {miss}\n",
+            miss = format_tokens(miss),
+        ));
+        out.push_str(&format!(
+            "  Total input tokens: {input}\n",
+            input = format_tokens(input),
+        ));
+        if avg_pct < 80.0 {
+            out.push_str("  NOTE: cache hit rate is low (< 80%). Check prefix stability above or consider /compact.\n");
+        }
+    }
+
+    out
+}
+
+/// Formats a u64 token count with a compact suffix: K for thousands,
+/// M for millions. Never returns scientific notation.
+fn format_tokens(n: u64) -> String {
+    if n >= 1_000_000 {
+        format!("{:.1}M", n as f64 / 1_000_000.0)
+    } else if n >= 1_000 {
+        format!("{:.1}K", n as f64 / 1_000.0)
+    } else {
+        n.to_string()
+    }
+}
+
 fn format_static_prefix_status(
     previous: Option<&PromptInspection>,
     current: &PromptInspection,
@@ -1402,6 +1525,126 @@ mod tests {
             ContentBlock::ToolResult { tool_use_id, .. } if tool_use_id == "call-a"
         ));
     }
+
+    // ── /cache stats tests ──────────────────────────────────────────────
+
+    #[test]
+    fn cache_stats_no_data_before_first_turn() {
+        let mut app = create_test_app();
+        let result = cache(&mut app, Some("stats"));
+        let msg = result.message.expect("cache stats produces a message");
+        assert!(msg.contains("Cache Stats"), "got: {msg}");
+        assert!(msg.contains("unknown (no checks recorded yet)"), "got: {msg}");
+        assert!(msg.contains("Pinned hash: unavailable"), "got: {msg}");
+        assert!(msg.contains("No turn telemetry recorded yet"), "got: {msg}");
+    }
+
+    #[test]
+    fn cache_stats_shows_stable_prefix_with_hash() {
+        let mut app = create_test_app();
+        app.prefix_stability_pct = Some(100);
+        app.prefix_checks_total = 5;
+        app.prefix_change_count = 0;
+        app.last_pinned_prefix_hash =
+            Some("a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2".to_string());
+
+        let result = cache(&mut app, Some("stats"));
+        let msg = result.message.expect("cache stats produces a message");
+
+        assert!(msg.contains("Stability: 100%"), "got: {msg}");
+        assert!(msg.contains("stable (no prefix changes"), "got: {msg}");
+        assert!(msg.contains("Pinned hash: a1b2c3d4e5f6"), "got: {msg}");
+        assert!(msg.contains("Drift:       none (hash stable)"), "got: {msg}");
+    }
+
+    #[test]
+    fn cache_stats_warns_on_prefix_change() {
+        let mut app = create_test_app();
+        app.prefix_stability_pct = Some(67);
+        app.prefix_checks_total = 3;
+        app.prefix_change_count = 1;
+        app.last_prefix_change_desc = Some("prefix cache invalidated: system prompt changed".to_string());
+        app.last_pinned_prefix_hash =
+            Some("deadbeef0000deadbeef0000deadbeef0000deadbeef0000deadbeef0000deadbeef".to_string());
+
+        let result = cache(&mut app, Some("stats"));
+        let msg = result.message.expect("cache stats produces a message");
+
+        assert!(msg.contains("Stability: 67%"), "got: {msg}");
+        assert!(msg.contains("WARNING — prefix has changed"), "got: {msg}");
+        assert!(msg.contains("system prompt changed"), "got: {msg}");
+        assert!(msg.contains("Drift:       WARNING"), "got: {msg}");
+        assert!(msg.contains("1 change detected"), "got: {msg}");
+    }
+
+    #[test]
+    fn cache_stats_shows_cache_hit_summary() {
+        let mut app = create_test_app();
+        app.prefix_stability_pct = Some(100);
+        app.prefix_checks_total = 1;
+        app.last_pinned_prefix_hash = Some("abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234".to_string());
+
+        app.push_turn_cache_record(TurnCacheRecord {
+            input_tokens: 10_000,
+            output_tokens: 1_000,
+            cache_hit_tokens: Some(8_000),
+            cache_miss_tokens: Some(2_000),
+            reasoning_replay_tokens: None,
+            recorded_at: Instant::now(),
+        });
+        app.push_turn_cache_record(TurnCacheRecord {
+            input_tokens: 5_000,
+            output_tokens: 500,
+            cache_hit_tokens: Some(4_500),
+            cache_miss_tokens: Some(500),
+            reasoning_replay_tokens: None,
+            recorded_at: Instant::now(),
+        });
+
+        let result = cache(&mut app, Some("stats"));
+        let msg = result.message.expect("cache stats produces a message");
+
+        assert!(msg.contains("Turns recorded: 2"), "got: {msg}");
+        // Total: 12,500 hit out of 15,000 cache-aware = 83.3%
+        assert!(msg.contains("83.3%"), "got: {msg}");
+    }
+
+    #[test]
+    fn cache_stats_low_hit_rate_shows_note() {
+        let mut app = create_test_app();
+        app.prefix_stability_pct = Some(100);
+        app.prefix_checks_total = 1;
+        app.last_pinned_prefix_hash = Some("abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234".to_string());
+
+        app.push_turn_cache_record(TurnCacheRecord {
+            input_tokens: 10_000,
+            output_tokens: 1_000,
+            cache_hit_tokens: Some(1_000),
+            cache_miss_tokens: Some(9_000),
+            reasoning_replay_tokens: None,
+            recorded_at: Instant::now(),
+        });
+
+        let result = cache(&mut app, Some("stats"));
+        let msg = result.message.expect("cache stats produces a message");
+
+        // 10% hit rate → below 80% threshold
+        assert!(msg.contains("10.0%"), "got: {msg}");
+        assert!(
+            msg.contains("cache hit rate is low"),
+            "should show low-hit-rate advisory, got: {msg}"
+        );
+    }
+
+    #[test]
+    fn format_tokens_handles_all_scales() {
+        assert_eq!(format_tokens(0), "0");
+        assert_eq!(format_tokens(999), "999");
+        assert_eq!(format_tokens(1_000), "1.0K");
+        assert_eq!(format_tokens(15_500), "15.5K");
+        assert_eq!(format_tokens(1_000_000), "1.0M");
+        assert_eq!(format_tokens(2_500_000), "2.5M");
+    }
 }
 
 /// Remove last message pair (user + assistant).
diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index 842625e3..da5707cd 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -543,7 +543,7 @@ pub const COMMANDS: &[CommandInfo] = &[
     CommandInfo {
         name: "cache",
         aliases: &[],
-        usage: "/cache [count|inspect|warmup]",
+        usage: "/cache [count|inspect|stats|warmup]",
         description_id: MessageId::CmdCacheDescription,
     },
 ];
diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index f9729753..906c4856 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -247,6 +247,10 @@ impl Engine {
                 let system_text =
                     crate::prefix_cache::system_prompt_text(self.session.system_prompt.as_ref());
                 let tools_ref: Option<&[crate::models::Tool]> = active_tools.as_deref();
+                let pinned_hash = pm
+                    .pinned_fingerprint()
+                    .map(|fp| fp.combined_sha256.clone())
+                    .unwrap_or_default();
                 match pm.check_and_update(&system_text, tools_ref) {
                     Err(change) => {
                         tracing::debug!(
@@ -262,6 +266,7 @@ impl Engine {
                                 tools_changed: change.tools_changed,
                                 stability_pct: (pm.stability_ratio() * 100.0).round() as u32,
                                 changed: true,
+                                pinned_combined_hash: pinned_hash,
                             })
                             .await;
                     }
@@ -275,6 +280,7 @@ impl Engine {
                                 tools_changed: false,
                                 stability_pct: (pm.stability_ratio() * 100.0).round() as u32,
                                 changed: false,
+                                pinned_combined_hash: pinned_hash,
                             })
                             .await;
                     }
diff --git a/crates/tui/src/core/events.rs b/crates/tui/src/core/events.rs
index b02ba2f9..edda1045 100644
--- a/crates/tui/src/core/events.rs
+++ b/crates/tui/src/core/events.rs
@@ -281,6 +281,10 @@ pub enum Event {
         /// True when the prefix actually changed (cache invalidated).
         /// False for routine stable-check heartbeats.
         changed: bool,
+        /// Current pinned prefix combined hash (SHA-256, 64 hex chars).
+        /// Carried so `/cache stats` can surface it without reaching
+        /// into the engine's PrefixStabilityManager.
+        pinned_combined_hash: String,
     },
 }
 
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 47193855..a7802c30 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1469,6 +1469,10 @@ pub struct App {
     pub prefix_stability_pct: Option<u32>,
     /// Description of the last prefix change, if any.
     pub last_prefix_change_desc: Option<String>,
+    /// Current pinned prefix combined hash (SHA-256, 64 hex chars).
+    /// Updated per-turn via PrefixCacheChange events; surfaced by
+    /// `/cache stats` for cache-hit debugging.
+    pub last_pinned_prefix_hash: Option<String>,
 
     /// Active cycle configuration (token threshold, briefing cap, per-model
     /// overrides). Loaded from config and forwarded to the engine.
@@ -2006,6 +2010,7 @@ impl App {
             prefix_checks_total: 0,
             prefix_stability_pct: None,
             last_prefix_change_desc: None,
+            last_pinned_prefix_hash: None,
             cycle: CycleConfig::default(),
             collapsed_cells: HashSet::new(),
             collapsed_cell_map: Vec::new(),
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 4f22c4f1..8cc44eea 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1741,10 +1741,14 @@ async fn run_event_loop(
                         description,
                         stability_pct,
                         changed,
+                        pinned_combined_hash,
                         ..
                     } => {
                         app.prefix_checks_total = app.prefix_checks_total.saturating_add(1);
                         app.prefix_stability_pct = Some(stability_pct);
+                        if !pinned_combined_hash.is_empty() {
+                            app.last_pinned_prefix_hash = Some(pinned_combined_hash);
+                        }
                         if changed {
                             app.prefix_change_count = app.prefix_change_count.saturating_add(1);
                             if !description.is_empty() {

From dd69f66775e6626f3548ce0352722c73ff55349f Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Fri, 29 May 2026 09:39:30 +0800
Subject: [PATCH 181/283] chore: cargo fmt fixes for /cache stats PR

---
 crates/tui/src/commands/debug.rs | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/crates/tui/src/commands/debug.rs b/crates/tui/src/commands/debug.rs
index 4404c3d2..47ab82cf 100644
--- a/crates/tui/src/commands/debug.rs
+++ b/crates/tui/src/commands/debug.rs
@@ -288,7 +288,11 @@ fn format_cache_stats(app: &App) -> String {
                 out.push_str(&format!(
                     "               ({change} change{plural} detected)\n",
                     change = app.prefix_change_count,
-                    plural = if app.prefix_change_count == 1 { "" } else { "s" }
+                    plural = if app.prefix_change_count == 1 {
+                        ""
+                    } else {
+                        "s"
+                    }
                 ));
             } else {
                 out.push_str("  Drift:       none (hash stable)\n");
@@ -1534,7 +1538,10 @@ mod tests {
         let result = cache(&mut app, Some("stats"));
         let msg = result.message.expect("cache stats produces a message");
         assert!(msg.contains("Cache Stats"), "got: {msg}");
-        assert!(msg.contains("unknown (no checks recorded yet)"), "got: {msg}");
+        assert!(
+            msg.contains("unknown (no checks recorded yet)"),
+            "got: {msg}"
+        );
         assert!(msg.contains("Pinned hash: unavailable"), "got: {msg}");
         assert!(msg.contains("No turn telemetry recorded yet"), "got: {msg}");
     }
@@ -1554,7 +1561,10 @@ mod tests {
         assert!(msg.contains("Stability: 100%"), "got: {msg}");
         assert!(msg.contains("stable (no prefix changes"), "got: {msg}");
         assert!(msg.contains("Pinned hash: a1b2c3d4e5f6"), "got: {msg}");
-        assert!(msg.contains("Drift:       none (hash stable)"), "got: {msg}");
+        assert!(
+            msg.contains("Drift:       none (hash stable)"),
+            "got: {msg}"
+        );
     }
 
     #[test]
@@ -1563,9 +1573,11 @@ mod tests {
         app.prefix_stability_pct = Some(67);
         app.prefix_checks_total = 3;
         app.prefix_change_count = 1;
-        app.last_prefix_change_desc = Some("prefix cache invalidated: system prompt changed".to_string());
-        app.last_pinned_prefix_hash =
-            Some("deadbeef0000deadbeef0000deadbeef0000deadbeef0000deadbeef0000deadbeef".to_string());
+        app.last_prefix_change_desc =
+            Some("prefix cache invalidated: system prompt changed".to_string());
+        app.last_pinned_prefix_hash = Some(
+            "deadbeef0000deadbeef0000deadbeef0000deadbeef0000deadbeef0000deadbeef".to_string(),
+        );
 
         let result = cache(&mut app, Some("stats"));
         let msg = result.message.expect("cache stats produces a message");
@@ -1582,7 +1594,8 @@ mod tests {
         let mut app = create_test_app();
         app.prefix_stability_pct = Some(100);
         app.prefix_checks_total = 1;
-        app.last_pinned_prefix_hash = Some("abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234".to_string());
+        app.last_pinned_prefix_hash =
+            Some("abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234".to_string());
 
         app.push_turn_cache_record(TurnCacheRecord {
             input_tokens: 10_000,
@@ -1614,7 +1627,8 @@ mod tests {
         let mut app = create_test_app();
         app.prefix_stability_pct = Some(100);
         app.prefix_checks_total = 1;
-        app.last_pinned_prefix_hash = Some("abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234".to_string());
+        app.last_pinned_prefix_hash =
+            Some("abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234".to_string());
 
         app.push_turn_cache_record(TurnCacheRecord {
             input_tokens: 10_000,

From a053d1e07a642ebf62f67f7c3772ec3d35687d30 Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Fri, 29 May 2026 09:47:00 +0800
Subject: [PATCH 182/283] =?UTF-8?q?fix:=20address=20code=20review=20?=
 =?UTF-8?q?=E2=80=94=20stale=20hash,=20cache=20aggregation,=20hash=20clear?=
 =?UTF-8?q?ing?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Move pinned_hash extraction after check_and_update() so the reported
  hash reflects the current prefix state, not the previous turn
- Skip non-cache-aware turns (cache_hit_tokens=None) in /cache stats
  aggregation; infer miss tokens when cache_miss_tokens is None
- Clear last_pinned_prefix_hash to None when pinned_combined_hash is
  empty (e.g. switching to a non-caching model/provider)
---
 crates/tui/src/commands/debug.rs        | 22 ++++++++++++++++------
 crates/tui/src/core/engine/turn_loop.rs | 12 ++++++++----
 crates/tui/src/tui/ui.rs                |  5 ++---
 3 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/crates/tui/src/commands/debug.rs b/crates/tui/src/commands/debug.rs
index 47ab82cf..85b21fae 100644
--- a/crates/tui/src/commands/debug.rs
+++ b/crates/tui/src/commands/debug.rs
@@ -310,14 +310,24 @@ fn format_cache_stats(app: &App) -> String {
     if history.is_empty() {
         out.push_str("  No turn telemetry recorded yet.\n");
     } else {
+        // Aggregate only cache-aware turns; skip turns where the provider
+        // did not report cache telemetry (cache_hit_tokens is None).
+        // When cache_miss_tokens is None, infer it as
+        //   input_tokens − cache_hit_tokens  (matches /cache table logic).
+        let mut turns = 0u64;
         let (hit, miss, input) = app.session.turn_cache_history.iter().fold(
             (0u64, 0u64, 0u64),
             |(hit, miss, input), rec| {
-                (
-                    hit + u64::from(rec.cache_hit_tokens.unwrap_or(0)),
-                    miss + u64::from(rec.cache_miss_tokens.unwrap_or(0)),
-                    input + u64::from(rec.input_tokens),
-                )
+                let Some(hit_tokens) = rec.cache_hit_tokens else {
+                    return (hit, miss, input);
+                };
+                let h = u64::from(hit_tokens);
+                let m = u64::from(
+                    rec.cache_miss_tokens
+                        .unwrap_or(rec.input_tokens.saturating_sub(hit_tokens)),
+                );
+                turns += 1;
+                (hit + h, miss + m, input + u64::from(rec.input_tokens))
             },
         );
         let total_cache = hit + miss;
@@ -326,7 +336,7 @@ fn format_cache_stats(app: &App) -> String {
         } else {
             0.0
         };
-        out.push_str(&format!("  Turns recorded: {}\n", history.len()));
+        out.push_str(&format!("  Turns recorded: {turns}\n"));
         out.push_str(&format!(
             "  Cache hit tokens:  {hit} ({avg_pct:.1}% of {total_cache} cache-aware tokens)\n",
             hit = format_tokens(hit),
diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index 906c4856..70eccefb 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -247,12 +247,12 @@ impl Engine {
                 let system_text =
                     crate::prefix_cache::system_prompt_text(self.session.system_prompt.as_ref());
                 let tools_ref: Option<&[crate::models::Tool]> = active_tools.as_deref();
-                let pinned_hash = pm
-                    .pinned_fingerprint()
-                    .map(|fp| fp.combined_sha256.clone())
-                    .unwrap_or_default();
                 match pm.check_and_update(&system_text, tools_ref) {
                     Err(change) => {
+                        let pinned_hash = pm
+                            .pinned_fingerprint()
+                            .map(|fp| fp.combined_sha256.clone())
+                            .unwrap_or_default();
                         tracing::debug!(
                             target: "prefix_cache",
                             "{}",
@@ -271,6 +271,10 @@ impl Engine {
                             .await;
                     }
                     Ok(_) => {
+                        let pinned_hash = pm
+                            .pinned_fingerprint()
+                            .map(|fp| fp.combined_sha256.clone())
+                            .unwrap_or_default();
                         // Stable check — keep the TUI counter in sync.
                         let _ = self
                             .tx_event
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 8cc44eea..efbae714 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1746,9 +1746,8 @@ async fn run_event_loop(
                     } => {
                         app.prefix_checks_total = app.prefix_checks_total.saturating_add(1);
                         app.prefix_stability_pct = Some(stability_pct);
-                        if !pinned_combined_hash.is_empty() {
-                            app.last_pinned_prefix_hash = Some(pinned_combined_hash);
-                        }
+                        app.last_pinned_prefix_hash =
+                            (!pinned_combined_hash.is_empty()).then_some(pinned_combined_hash);
                         if changed {
                             app.prefix_change_count = app.prefix_change_count.saturating_add(1);
                             if !description.is_empty() {

From 43f098965efcad47e5ae7ca8aaefa3027e1bb185 Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Fri, 29 May 2026 09:49:37 +0800
Subject: [PATCH 183/283] fix: clear last_pinned_prefix_hash on model/provider
 switch

clear_model_scoped_telemetry() now resets last_pinned_prefix_hash to
None so /cache stats does not show the previous model/provider cache
scope's fingerprint after a switch.
---
 crates/tui/src/tui/app.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index a7802c30..0bf82425 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1631,6 +1631,7 @@ impl App {
         self.session.last_prompt_cache_miss_tokens = None;
         self.session.last_reasoning_replay_tokens = None;
         self.session.turn_cache_history.clear();
+        self.last_pinned_prefix_hash = None;
     }
 
     pub fn tr(&self, id: MessageId) -> &'static str {

From fde5959e3d2cafa987ede2ba3548b2bc8073917a Mon Sep 17 00:00:00 2001
From: Nightt <87569709+nightt5879@users.noreply.github.com>
Date: Sat, 30 May 2026 13:45:07 +0800
Subject: [PATCH 184/283] feat: keep startup prompts interactive

---
 crates/cli/src/lib.rs     | 16 +++++++--
 crates/tui/src/main.rs    | 36 ++++++++++++++-----
 crates/tui/src/tui/app.rs | 73 ++++++++++++++++++++++++++++++++-------
 crates/tui/src/tui/mod.rs |  2 +-
 crates/tui/src/tui/ui.rs  | 13 +++++++
 5 files changed, 117 insertions(+), 23 deletions(-)

diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 9f98eebf..db6e8c4a 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -2958,11 +2958,15 @@ mod tests {
     }
 
     #[test]
-    fn parses_top_level_prompt_flag_for_canonical_one_shot() {
+    fn parses_top_level_prompt_flag_for_interactive_startup_prompt() {
         let cli = parse_ok(&["deepseek", "-p", "Reply with exactly OK."]);
 
         assert_eq!(cli.prompt_flag.as_deref(), Some("Reply with exactly OK."));
         assert!(cli.prompt.is_empty());
+        assert_eq!(
+            root_tui_passthrough(&cli).unwrap(),
+            vec!["--prompt".to_string(), "Reply with exactly OK.".to_string()]
+        );
     }
 
     #[test]
@@ -2976,7 +2980,7 @@ mod tests {
     }
 
     #[test]
-    fn top_level_continue_rejects_one_shot_prompt() {
+    fn top_level_continue_rejects_startup_prompt() {
         let cli = parse_ok(&["codewhale", "--continue", "-p", "follow up"]);
 
         let err = root_tui_passthrough(&cli).expect_err("prompted continue should be rejected");
@@ -2992,6 +2996,10 @@ mod tests {
 
         assert_eq!(cli.prompt, vec!["hello", "world"]);
         assert!(cli.command.is_none());
+        assert_eq!(
+            root_tui_passthrough(&cli).unwrap(),
+            vec!["--prompt".to_string(), "hello world".to_string()]
+        );
     }
 
     #[test]
@@ -3000,6 +3008,10 @@ mod tests {
 
         assert_eq!(cli.prompt_flag.as_deref(), Some("hello"));
         assert_eq!(cli.prompt, vec!["world"]);
+        assert_eq!(
+            root_tui_passthrough(&cli).unwrap(),
+            vec!["--prompt".to_string(), "hello world".to_string()]
+        );
     }
 
     #[test]
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 4e5e35ae..476124ce 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -121,7 +121,7 @@ struct Cli {
     #[command(flatten)]
     feature_toggles: FeatureToggles,
 
-    /// Send a one-shot prompt (non-interactive)
+    /// Initial prompt to submit in the interactive TUI. Use `exec` for non-interactive runs.
     #[arg(short, long, value_name = "PROMPT", num_args = 1..)]
     prompt: Vec<String>,
 
@@ -427,6 +427,10 @@ fn join_prompt_parts(parts: &[String]) -> String {
     parts.join(" ")
 }
 
+fn top_level_prompt_initial_input(parts: &[String]) -> Option<tui::InitialInput> {
+    (!parts.is_empty()).then(|| tui::InitialInput::Submit(join_prompt_parts(parts)))
+}
+
 fn resolve_exec_resume_session_id(args: &ExecArgs, workspace: &Path) -> Result<Option<String>> {
     if let Some(id) = args.resume.as_ref().or(args.session_id.as_ref()) {
         return Ok(Some(id.clone()));
@@ -975,12 +979,12 @@ async fn main() -> Result<()> {
         };
     }
 
-    // One-shot prompt mode
+    // Top-level prompt mode: submit the initial prompt, then keep the TUI alive
+    // for follow-up messages. Use `codewhale exec` for explicit non-interactive
+    // one-shot behavior (#2370).
     let config = load_config_from_cli(&cli)?;
-    if !cli.prompt.is_empty() {
-        let prompt = join_prompt_parts(&cli.prompt);
-        let model = config.default_model();
-        return run_one_shot(&config, &model, &prompt).await;
+    if let Some(initial_input) = top_level_prompt_initial_input(&cli.prompt) {
+        return run_interactive(&cli, &config, None, Some(initial_input)).await;
     }
 
     // Handle session resume. Plain `codewhale` starts fresh: interrupted
@@ -3783,7 +3787,13 @@ async fn run_pr(
     } else {
         cli.resume.clone()
     };
-    run_interactive(cli, config, resume_session_id, Some(prompt)).await
+    run_interactive(
+        cli,
+        config,
+        resume_session_id,
+        Some(tui::InitialInput::Prefill(prompt)),
+    )
+    .await
 }
 
 /// Return true if `name` resolves to an executable on the current `PATH`.
@@ -4795,7 +4805,7 @@ async fn run_interactive(
     cli: &Cli,
     config: &Config,
     resume_session_id: Option<String>,
-    initial_input: Option<String>,
+    initial_input: Option<tui::InitialInput>,
 ) -> Result<()> {
     let workspace = cli
         .workspace
@@ -5838,6 +5848,16 @@ mod terminal_mode_tests {
         assert_eq!(cli.prompt, vec!["hello", "world"]);
     }
 
+    #[test]
+    fn prompt_flag_starts_interactive_submit_input() {
+        let cli = parse_cli(&["codewhale", "-p", "read", "the", "project"]);
+
+        assert_eq!(
+            top_level_prompt_initial_input(&cli.prompt),
+            Some(tui::InitialInput::Submit("read the project".to_string()))
+        );
+    }
+
     #[test]
     fn companion_binary_reports_its_own_name() {
         assert_eq!(Cli::command().get_name(), "codewhale-tui");
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 0bf82425..94a5c1f5 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -814,7 +814,19 @@ pub struct TuiOptions {
     /// Used by `deepseek pr <N>` (#451) to drop the model into a
     /// session with the PR context already typed — the user can edit
     /// before sending or hit Enter to fire as-is.
-    pub initial_input: Option<String>,
+    pub initial_input: Option<InitialInput>,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum InitialInput {
+    /// Pre-populate the composer and wait for the user to press Enter.
+    ///
+    /// Used by `codewhale pr <N>` (#451) to drop the model into a session
+    /// with the PR context already typed so the user can edit before sending.
+    Prefill(String),
+    /// Pre-populate the composer, submit it once startup is ready, then keep
+    /// the interactive session open for follow-up messages (#2370).
+    Submit(String),
 }
 
 #[derive(Debug, Clone, Copy)]
@@ -1444,6 +1456,8 @@ pub struct App {
     /// Most recent user prompt accepted for an active engine turn. Ctrl+C can
     /// restore this into an empty composer after cancelling that turn.
     pub last_submitted_prompt: Option<String>,
+    /// Startup prompt should be submitted automatically after the engine is ready.
+    pub auto_submit_initial_input: bool,
     /// Two-tap quit confirmation. When set, a prior Ctrl+C in idle state has
     /// armed the quit shortcut; a second Ctrl+C before this `Instant` exits
     /// the app, while expiry silently re-arms the prompt for next time.
@@ -1803,17 +1817,22 @@ impl App {
         let cached_skills = Self::discover_cached_skills(&workspace, &skills_dir);
 
         let input_history = crate::composer_history::load_history();
-        let (initial_input_text, initial_input_cursor) = match initial_input {
-            // #451: pre-populate the composer when invoked via
-            // `deepseek pr <N>` (or any future caller that wants to
-            // drop the model into a session with context already
-            // typed). Cursor lands at the end so Enter sends as-is.
-            Some(text) if !text.is_empty() => {
-                let cursor = text.len();
-                (text, cursor)
-            }
-            _ => (String::new(), 0),
-        };
+        let (initial_input_text, initial_input_cursor, auto_submit_initial_input) =
+            match initial_input {
+                // #451: pre-populate the composer when invoked via
+                // `deepseek pr <N>` (or any future caller that wants to
+                // drop the model into a session with context already
+                // typed). Cursor lands at the end so Enter sends as-is.
+                Some(InitialInput::Prefill(text)) if !text.is_empty() => {
+                    let cursor = text.len();
+                    (text, cursor, false)
+                }
+                Some(InitialInput::Submit(text)) if !text.is_empty() => {
+                    let cursor = text.len();
+                    (text, cursor, true)
+                }
+                _ => (String::new(), 0, false),
+            };
         Self {
             mode: initial_mode,
             composer: ComposerState {
@@ -2004,6 +2023,7 @@ impl App {
             coherence_state: CoherenceState::default(),
             last_send_at: None,
             last_submitted_prompt: None,
+            auto_submit_initial_input,
             quit_armed_until: None,
             cycle_count: 0,
             cycle_briefings: Vec::new(),
@@ -4855,6 +4875,35 @@ mod tests {
         }
     }
 
+    #[test]
+    fn initial_input_prefill_waits_for_manual_submit() {
+        let mut options = test_options(false);
+        options.initial_input = Some(InitialInput::Prefill("review this PR".to_string()));
+
+        let app = App::new(options, &Config::default());
+
+        assert_eq!(app.input, "review this PR");
+        assert_eq!(app.cursor_position, "review this PR".chars().count());
+        assert!(!app.auto_submit_initial_input);
+    }
+
+    #[test]
+    fn initial_input_submit_marks_startup_dispatch() {
+        let mut options = test_options(false);
+        options.initial_input = Some(InitialInput::Submit(
+            "Read the project and wait for instructions".to_string(),
+        ));
+
+        let app = App::new(options, &Config::default());
+
+        assert_eq!(app.input, "Read the project and wait for instructions");
+        assert_eq!(
+            app.cursor_position,
+            "Read the project and wait for instructions".chars().count()
+        );
+        assert!(app.auto_submit_initial_input);
+    }
+
     #[test]
     fn composer_arrows_scroll_default_is_true_without_mouse_capture() {
         assert!(default_composer_arrows_scroll_for_platform(false, false));
diff --git a/crates/tui/src/tui/mod.rs b/crates/tui/src/tui/mod.rs
index bfb2e477..3b20455f 100644
--- a/crates/tui/src/tui/mod.rs
+++ b/crates/tui/src/tui/mod.rs
@@ -76,5 +76,5 @@ pub mod workspace_context;
 
 // === Re-exports ===
 
-pub use app::TuiOptions;
+pub use app::{InitialInput, TuiOptions};
 pub use ui::run_tui;
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index efbae714..e1a040a5 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -530,6 +530,19 @@ pub async fn run_tui(config: &Config, options: TuiOptions) -> Result<()> {
         persistence_actor::init_actor(handle);
     }
 
+    if app.auto_submit_initial_input {
+        app.auto_submit_initial_input = false;
+        if app.onboarding == OnboardingState::None {
+            if let Some(input) = app.submit_input() {
+                let queued = build_queued_message(&mut app, input);
+                dispatch_user_message(&mut app, config, &engine_handle, queued).await?;
+            }
+        } else if app.status_message.is_none() && !app.input.trim().is_empty() {
+            app.status_message =
+                Some("Initial prompt ready; complete setup, then press Enter".to_string());
+        }
+    }
+
     let result = run_event_loop(
         &mut terminal,
         &mut app,

From 5c7209af837e945309405203c36d4bc1b27b36ff Mon Sep 17 00:00:00 2001
From: Nightt <87569709+nightt5879@users.noreply.github.com>
Date: Sat, 30 May 2026 14:14:14 +0800
Subject: [PATCH 185/283] fix: harden startup prompt dispatch

---
 crates/tui/src/tui/app.rs      | 10 ++++----
 crates/tui/src/tui/ui.rs       | 43 ++++++++++++++++++++++++----------
 crates/tui/src/tui/ui/tests.rs | 41 ++++++++++++++++++++++++++++++++
 3 files changed, 77 insertions(+), 17 deletions(-)

diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 94a5c1f5..24fb8e38 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1824,11 +1824,11 @@ impl App {
                 // drop the model into a session with context already
                 // typed). Cursor lands at the end so Enter sends as-is.
                 Some(InitialInput::Prefill(text)) if !text.is_empty() => {
-                    let cursor = text.len();
+                    let cursor = text.chars().count();
                     (text, cursor, false)
                 }
                 Some(InitialInput::Submit(text)) if !text.is_empty() => {
-                    let cursor = text.len();
+                    let cursor = text.chars().count();
                     (text, cursor, true)
                 }
                 _ => (String::new(), 0, false),
@@ -4891,15 +4891,15 @@ mod tests {
     fn initial_input_submit_marks_startup_dispatch() {
         let mut options = test_options(false);
         options.initial_input = Some(InitialInput::Submit(
-            "Read the project and wait for instructions".to_string(),
+            "阅读项目 and wait for instructions".to_string(),
         ));
 
         let app = App::new(options, &Config::default());
 
-        assert_eq!(app.input, "Read the project and wait for instructions");
+        assert_eq!(app.input, "阅读项目 and wait for instructions");
         assert_eq!(
             app.cursor_position,
-            "Read the project and wait for instructions".chars().count()
+            "阅读项目 and wait for instructions".chars().count()
         );
         assert!(app.auto_submit_initial_input);
     }
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index e1a040a5..37c5387e 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -530,18 +530,7 @@ pub async fn run_tui(config: &Config, options: TuiOptions) -> Result<()> {
         persistence_actor::init_actor(handle);
     }
 
-    if app.auto_submit_initial_input {
-        app.auto_submit_initial_input = false;
-        if app.onboarding == OnboardingState::None {
-            if let Some(input) = app.submit_input() {
-                let queued = build_queued_message(&mut app, input);
-                dispatch_user_message(&mut app, config, &engine_handle, queued).await?;
-            }
-        } else if app.status_message.is_none() && !app.input.trim().is_empty() {
-            app.status_message =
-                Some("Initial prompt ready; complete setup, then press Enter".to_string());
-        }
-    }
+    submit_initial_input_if_ready(&mut app, config, &engine_handle).await?;
 
     let result = run_event_loop(
         &mut terminal,
@@ -2468,6 +2457,7 @@ async fn run_event_loop(
                     }
                     _ => {}
                 }
+                submit_initial_input_if_ready(app, config, &engine_handle).await?;
                 continue;
             }
 
@@ -4128,6 +4118,35 @@ fn build_queued_message(app: &mut App, input: String) -> QueuedMessage {
     QueuedMessage::new(input, skill_instruction)
 }
 
+const INITIAL_PROMPT_DEFERRED_STATUS: &str = "Initial prompt ready; complete setup to send it";
+
+async fn submit_initial_input_if_ready(
+    app: &mut App,
+    config: &Config,
+    engine_handle: &EngineHandle,
+) -> Result<()> {
+    if !app.auto_submit_initial_input {
+        return Ok(());
+    }
+
+    if app.onboarding != OnboardingState::None {
+        if app.status_message.is_none() && !app.input.trim().is_empty() {
+            app.status_message = Some(INITIAL_PROMPT_DEFERRED_STATUS.to_string());
+        }
+        return Ok(());
+    }
+
+    app.auto_submit_initial_input = false;
+    if let Some(input) = app.submit_input() {
+        if app.status_message.as_deref() == Some(INITIAL_PROMPT_DEFERRED_STATUS) {
+            app.status_message = None;
+        }
+        let queued = build_queued_message(app, input);
+        dispatch_user_message(app, config, engine_handle, queued).await?;
+    }
+    Ok(())
+}
+
 fn queue_current_draft_for_next_turn(app: &mut App) -> bool {
     let Some(input) = app.submit_input() else {
         return false;
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 8ae83648..8dda623d 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -3270,6 +3270,47 @@ async fn dispatch_user_message_records_prompt_for_cancel_restore() {
     }
 }
 
+#[tokio::test]
+async fn startup_prompt_waits_for_onboarding_then_dispatches() {
+    let mut app = create_test_app();
+    app.input = "阅读项目 and wait".to_string();
+    app.cursor_position = app.input.chars().count();
+    app.auto_submit_initial_input = true;
+    app.onboarding = OnboardingState::Welcome;
+    let config = Config::default();
+    let mut engine = crate::core::engine::mock_engine_handle();
+
+    submit_initial_input_if_ready(&mut app, &config, &engine.handle)
+        .await
+        .expect("defer");
+
+    assert!(app.auto_submit_initial_input);
+    assert_eq!(app.input, "阅读项目 and wait");
+    assert_eq!(
+        app.status_message.as_deref(),
+        Some(INITIAL_PROMPT_DEFERRED_STATUS)
+    );
+    assert!(engine.rx_op.try_recv().is_err());
+
+    app.onboarding = OnboardingState::None;
+    submit_initial_input_if_ready(&mut app, &config, &engine.handle)
+        .await
+        .expect("submit");
+
+    assert!(!app.auto_submit_initial_input);
+    assert!(app.input.is_empty());
+    assert_eq!(
+        app.last_submitted_prompt.as_deref(),
+        Some("阅读项目 and wait")
+    );
+    match engine.rx_op.recv().await.expect("send message op") {
+        crate::core::ops::Op::SendMessage { content, .. } => {
+            assert!(content.contains("阅读项目 and wait"));
+        }
+        other => panic!("expected SendMessage, got {other:?}"),
+    }
+}
+
 #[tokio::test]
 async fn steer_user_message_records_prompt_for_cancel_restore() {
     let mut app = create_test_app();

From 9ef5a6d782c333402f422c7536d0e01300c612da Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Thu, 28 May 2026 11:28:05 +0800
Subject: [PATCH 186/283] fix(tui): replace standalone compacting label with
 animated working label

---
 crates/tui/src/tui/footer_ui.rs | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 365848b8..f5d65359 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -88,15 +88,8 @@ pub(crate) fn render_footer(f: &mut Frame, area: Rect, app: &mut App) {
         let mut label = active_subagent_status_label(app)
             .or_else(|| active_tool_status_label(app))
             .unwrap_or_else(|| {
-                // Show a more specific label when the model is still loading
-                // or compacting, not just a generic "working…".
-                let base = if app.is_loading {
-                    crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale)
-                } else if app.is_compacting {
-                    "compacting".to_string()
-                } else {
-                    crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale)
-                };
+                // Show the working label during active turns (loading, compacting, etc.).
+                let base = crate::tui::widgets::footer_working_label(dot_frame, app.ui_locale);
                 if elapsed_secs > 0 {
                     format!("{base} ({elapsed_secs}s)")
                 } else {
@@ -896,4 +889,4 @@ pub(crate) fn format_context_budget(used: i64, max: u32) -> String {
 #[cfg(test)]
 pub(crate) fn spans_width(spans: &[Span<'_>]) -> usize {
     spans.iter().map(|span| span.content.width()).sum()
-}
+}
\ No newline at end of file

From 98cc2a6e50b3da679c31fc5977682ff7fa79aa3d Mon Sep 17 00:00:00 2001
From: donglovejava <211940267+donglovejava@users.noreply.github.com>
Date: Fri, 29 May 2026 08:02:58 +0800
Subject: [PATCH 187/283] fix: trailing newline in footer_ui.rs (cargo fmt)

---
 crates/tui/src/tui/footer_ui.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index f5d65359..dd54f834 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -889,4 +889,4 @@ pub(crate) fn format_context_budget(used: i64, max: u32) -> String {
 #[cfg(test)]
 pub(crate) fn spans_width(spans: &[Span<'_>]) -> usize {
     spans.iter().map(|span| span.content.width()).sum()
-}
\ No newline at end of file
+}

From b907ea123c6fff9c15474b5324749b3f2293409f Mon Sep 17 00:00:00 2001
From: zhuang biaowei <zbw@kaiyuanshe.org>
Date: Thu, 28 May 2026 10:57:50 +0800
Subject: [PATCH 188/283] Fix legacy MCP SSE connections

---
 crates/tui/src/mcp.rs | 114 ++++++++++++++++++++++++++++++------------
 1 file changed, 83 insertions(+), 31 deletions(-)

diff --git a/crates/tui/src/mcp.rs b/crates/tui/src/mcp.rs
index e7be32db..79bec97c 100644
--- a/crates/tui/src/mcp.rs
+++ b/crates/tui/src/mcp.rs
@@ -1087,6 +1087,24 @@ fn sse_field_value<'a>(line: &'a str, field: &str) -> Option<&'a str> {
     Some(value.strip_prefix(' ').unwrap_or(value))
 }
 
+fn is_legacy_sse_endpoint_url(url: &str) -> bool {
+    reqwest::Url::parse(url)
+        .map(|url| url.path().trim_end_matches('/').ends_with("/sse"))
+        .unwrap_or(false)
+}
+
+fn response_id_matches(id: Option<&serde_json::Value>, expected_id: &str) -> bool {
+    let Some(id) = id else {
+        return false;
+    };
+    if id.as_str() == Some(expected_id) {
+        return true;
+    }
+    id.as_u64()
+        .map(|id| id.to_string() == expected_id)
+        .unwrap_or(false)
+}
+
 #[async_trait::async_trait]
 impl McpTransport for SseTransport {
     async fn send(&mut self, msg: Vec<u8>) -> Result<()> {
@@ -1212,27 +1230,39 @@ impl McpConnection {
                 }
             }
             let client = client_builder.build()?;
-            let mut http = HttpTransport::new(
-                client,
-                url.clone(),
-                config.headers.clone(),
-                cancel_token.clone(),
-                Duration::from_secs(connect_timeout_secs),
-            );
-            // Best-effort session preflight for servers that require
-            // a session ID on every POST including `initialize`
-            // (e.g. Hindsight, #1629). Failures are non-fatal — the
-            // `initialize` POST will proceed and may capture a session
-            // ID from the response instead.
-            if let Err(e) = http.try_establish_session().await {
-                tracing::debug!(
-                    target: "mcp",
-                    server = %name,
-                    error = %e,
-                    "session-establishment GET skipped; proceeding with POST initialize"
+            if is_legacy_sse_endpoint_url(url) {
+                Box::new(
+                    SseTransport::connect(
+                        client,
+                        url.clone(),
+                        cancel_token.clone(),
+                        Duration::from_secs(connect_timeout_secs),
+                    )
+                    .await?,
+                )
+            } else {
+                let mut http = HttpTransport::new(
+                    client,
+                    url.clone(),
+                    config.headers.clone(),
+                    cancel_token.clone(),
+                    Duration::from_secs(connect_timeout_secs),
                 );
+                // Best-effort session preflight for servers that require
+                // a session ID on every POST including `initialize`
+                // (e.g. Hindsight, #1629). Failures are non-fatal — the
+                // `initialize` POST will proceed and may capture a session
+                // ID from the response instead.
+                if let Err(e) = http.try_establish_session().await {
+                    tracing::debug!(
+                        target: "mcp",
+                        server = %name,
+                        error = %e,
+                        "session-establishment GET skipped; proceeding with POST initialize"
+                    );
+                }
+                Box::new(http)
             }
-            Box::new(http)
         } else if let Some(command) = &config.command {
             let mut cmd = tokio::process::Command::new(command);
             cmd.args(&config.args)
@@ -1320,7 +1350,7 @@ impl McpConnection {
         let init_id = self.next_id();
         self.send(serde_json::json!({
             "jsonrpc": "2.0",
-            "id": init_id,
+            "id": init_id.clone(),
             "method": "initialize",
             "params": {
                 "protocolVersion": "2024-11-05",
@@ -1371,7 +1401,7 @@ impl McpConnection {
             };
             self.send(serde_json::json!({
                 "jsonrpc": "2.0",
-                "id": list_id,
+                "id": list_id.clone(),
                 "method": "tools/list",
                 "params": params
             }))
@@ -1423,7 +1453,7 @@ impl McpConnection {
             };
             self.send(serde_json::json!({
                 "jsonrpc": "2.0",
-                "id": list_id,
+                "id": list_id.clone(),
                 "method": "resources/list",
                 "params": params
             }))
@@ -1467,7 +1497,7 @@ impl McpConnection {
             };
             self.send(serde_json::json!({
                 "jsonrpc": "2.0",
-                "id": list_id,
+                "id": list_id.clone(),
                 "method": "resources/templates/list",
                 "params": params
             }))
@@ -1515,7 +1545,7 @@ impl McpConnection {
             };
             self.send(serde_json::json!({
                 "jsonrpc": "2.0",
-                "id": list_id,
+                "id": list_id.clone(),
                 "method": "prompts/list",
                 "params": params
             }))
@@ -1618,7 +1648,7 @@ impl McpConnection {
         let call_id = self.next_id();
         self.send(serde_json::json!({
             "jsonrpc": "2.0",
-            "id": call_id,
+            "id": call_id.clone(),
             "method": method,
             "params": params
         }))
@@ -1689,8 +1719,8 @@ impl McpConnection {
         self.state
     }
 
-    fn next_id(&self) -> u64 {
-        self.request_id.fetch_add(1, Ordering::SeqCst)
+    fn next_id(&self) -> String {
+        self.request_id.fetch_add(1, Ordering::SeqCst).to_string()
     }
 
     async fn send(&mut self, msg: serde_json::Value) -> Result<()> {
@@ -1698,7 +1728,7 @@ impl McpConnection {
         self.transport.send(bytes).await
     }
 
-    async fn recv(&mut self, expected_id: u64) -> Result<serde_json::Value> {
+    async fn recv(&mut self, expected_id: String) -> Result<serde_json::Value> {
         loop {
             let bytes = self.transport.recv().await.inspect_err(|_e| {
                 self.state = ConnectionState::Disconnected;
@@ -1707,8 +1737,11 @@ impl McpConnection {
                 format!("Invalid MCP JSON-RPC message from server '{}'", self.name)
             })?;
 
-            // Check if this is a response with the expected id
-            if value.get("id").and_then(serde_json::Value::as_u64) == Some(expected_id) {
+            // Check if this is a response with the expected id. We emit
+            // string IDs because some MCP gateways reject numeric JSON-RPC
+            // IDs, but accept numeric echoes for compatibility with older
+            // servers and tests.
+            if response_id_matches(value.get("id"), &expected_id) {
                 return Ok(value);
             }
             // Skip notifications (no id) and responses with different ids
@@ -3161,7 +3194,7 @@ mod tests {
         let sent = sent.lock().unwrap();
         assert_eq!(sent.len(), 1);
         assert_eq!(sent[0]["jsonrpc"], "2.0");
-        assert_eq!(sent[0]["id"], 1);
+        assert_eq!(sent[0]["id"], "1");
         assert_eq!(sent[0]["method"], "tools/call");
     }
 
@@ -3377,6 +3410,25 @@ mod tests {
         assert!(value.get("result").is_some());
     }
 
+    #[test]
+    fn response_id_matches_string_and_numeric_echoes() {
+        assert!(response_id_matches(Some(&serde_json::json!("1")), "1"));
+        assert!(response_id_matches(Some(&serde_json::json!(1)), "1"));
+        assert!(!response_id_matches(Some(&serde_json::json!("2")), "1"));
+    }
+
+    #[test]
+    fn legacy_sse_endpoint_url_detects_sse_paths_only() {
+        assert!(is_legacy_sse_endpoint_url(
+            "https://example.com/mcp/abc/sse"
+        ));
+        assert!(is_legacy_sse_endpoint_url(
+            "https://example.com/mcp/abc/sse/"
+        ));
+        assert!(!is_legacy_sse_endpoint_url("https://example.com/mcp"));
+        assert!(!is_legacy_sse_endpoint_url("not a url"));
+    }
+
     #[test]
     fn find_sse_event_separator_accepts_lf_and_crlf() {
         assert_eq!(

From 37f936eda45c74ccb088c727ed07881b7f4d6fca Mon Sep 17 00:00:00 2001
From: zhuang biaowei <zbw@kaiyuanshe.org>
Date: Thu, 28 May 2026 11:28:21 +0800
Subject: [PATCH 189/283] Address MCP SSE review comments

---
 crates/tui/src/mcp.rs | 251 +++++++++++++++++++++++++++++++-----------
 1 file changed, 187 insertions(+), 64 deletions(-)

diff --git a/crates/tui/src/mcp.rs b/crates/tui/src/mcp.rs
index 79bec97c..dd74a6f5 100644
--- a/crates/tui/src/mcp.rs
+++ b/crates/tui/src/mcp.rs
@@ -85,6 +85,24 @@ fn is_safe_custom_header(key: &str, value: &str) -> bool {
     !value.contains('\r') && !value.contains('\n')
 }
 
+fn apply_safe_custom_headers(
+    mut request: reqwest::RequestBuilder,
+    headers: &HashMap<String, String>,
+) -> reqwest::RequestBuilder {
+    for (key, value) in headers {
+        if !is_safe_custom_header(key, value) {
+            tracing::warn!(
+                target: "mcp",
+                "skipping unsafe MCP header {:?} (empty/control-char/reserved)",
+                key
+            );
+            continue;
+        }
+        request = request.header(key.as_str(), value.as_str());
+    }
+    request
+}
+
 /// Mask a URL so any embedded credentials in the userinfo portion (e.g.
 /// `https://user:secret@host`) are replaced with `***`. Failures fall back to
 /// the original string so we don't lose context — we never want masking to
@@ -537,6 +555,7 @@ impl Drop for StdioTransport {
 pub struct SseTransport {
     client: reqwest::Client,
     base_url: String,
+    headers: HashMap<String, String>,
     endpoint_url: Option<String>,
     receiver: tokio::sync::mpsc::UnboundedReceiver<SseInbound>,
     pending_messages: VecDeque<Vec<u8>>,
@@ -551,6 +570,7 @@ struct HttpTransport {
     mode: HttpTransportMode,
     client: reqwest::Client,
     base_url: String,
+    headers: HashMap<String, String>,
     cancel_token: tokio_util::sync::CancellationToken,
     endpoint_timeout: Duration,
 }
@@ -587,12 +607,14 @@ impl SseTransport {
     pub async fn connect(
         client: reqwest::Client,
         url: String,
+        headers: HashMap<String, String>,
         cancel_token: tokio_util::sync::CancellationToken,
         endpoint_timeout: Duration,
     ) -> Result<Self> {
         let (tx, rx) = tokio::sync::mpsc::unbounded_channel();
         let client_clone = client.clone();
         let url_clone = url.clone();
+        let headers_clone = headers.clone();
         let wait_cancel_token = cancel_token.clone();
 
         tokio::spawn(async move {
@@ -603,6 +625,7 @@ impl SseTransport {
             let result = std::panic::AssertUnwindSafe(Self::run_sse_loop(
                 client_clone,
                 url_clone,
+                headers_clone,
                 tx,
                 cancel_token,
             ))
@@ -629,6 +652,7 @@ impl SseTransport {
         let mut transport = Self {
             client,
             base_url: url,
+            headers,
             endpoint_url: None,
             receiver: rx,
             pending_messages: VecDeque::new(),
@@ -642,18 +666,22 @@ impl SseTransport {
     async fn run_sse_loop(
         client: reqwest::Client,
         url: String,
+        headers: HashMap<String, String>,
         tx: tokio::sync::mpsc::UnboundedSender<SseInbound>,
         cancel_token: tokio_util::sync::CancellationToken,
     ) -> Result<()> {
-        let response = with_default_mcp_http_headers(client.get(&url), false)
-            .send()
-            .await
-            .with_context(|| {
-                format!(
-                    "MCP SSE connect failed (transport=http url={})",
-                    mask_url_secrets(&url),
-                )
-            })?;
+        let response = apply_safe_custom_headers(
+            with_default_mcp_http_headers(client.get(&url), false),
+            &headers,
+        )
+        .send()
+        .await
+        .with_context(|| {
+            format!(
+                "MCP SSE connect failed (transport=http url={})",
+                mask_url_secrets(&url),
+            )
+        })?;
         let status = response.status();
         if !status.is_success() {
             let body_excerpt = bounded_body_excerpt(response, ERROR_BODY_PREVIEW_BYTES).await;
@@ -783,10 +811,11 @@ impl HttpTransport {
             mode: HttpTransportMode::Streamable(StreamableHttpTransport::new(
                 client.clone(),
                 url.clone(),
-                headers,
+                headers.clone(),
             )),
             client,
             base_url: url,
+            headers,
             cancel_token,
             endpoint_timeout,
         }
@@ -796,6 +825,7 @@ impl HttpTransport {
         let mut sse = SseTransport::connect(
             self.client.clone(),
             self.base_url.clone(),
+            self.headers.clone(),
             self.cancel_token.clone(),
             self.endpoint_timeout,
         )
@@ -836,19 +866,10 @@ impl HttpTransport {
             HttpTransportMode::Sse(_) => return Ok(()),
         };
 
-        let mut request = transport.client.get(&transport.url);
-        request = with_default_mcp_http_headers(request, false);
-        for (key, value) in &transport.headers {
-            if !is_safe_custom_header(key, value) {
-                tracing::warn!(
-                    target: "mcp",
-                    "skipping unsafe MCP header {:?} (empty/control-char/reserved)",
-                    key
-                );
-                continue;
-            }
-            request = request.header(key.as_str(), value.as_str());
-        }
+        let request = apply_safe_custom_headers(
+            with_default_mcp_http_headers(transport.client.get(&transport.url), false),
+            &transport.headers,
+        );
         let response = tokio::time::timeout(Duration::from_secs(5), request.send())
             .await
             .map_err(|_| anyhow::anyhow!("GET timeout"))?
@@ -923,29 +944,12 @@ impl StreamableHttpTransport {
     }
 
     async fn send(&mut self, msg: Vec<u8>) -> std::result::Result<(), StreamableSendError> {
-        let mut request = with_default_mcp_http_headers(self.client.post(&self.url), true);
-        // Apply user-configured custom headers. Skip:
-        //   * empty / whitespace-only keys (would produce reqwest builder
-        //     errors mid-request and abort the whole connection);
-        //   * keys that duplicate the framing we already set (`Accept`,
-        //     `Content-Type`) so a stray entry can't break protocol
-        //     negotiation;
-        //   * values containing CR/LF, which would enable response-
-        //     splitting style requests on a misbehaving proxy.
-        // reqwest itself rejects malformed header names/values; the
-        // duplicates and control-char filter is purely defense in
-        // depth.
-        for (key, value) in &self.headers {
-            if !is_safe_custom_header(key, value) {
-                tracing::warn!(
-                    target: "mcp",
-                    "skipping unsafe MCP header {:?} (empty/control-char/reserved)",
-                    key
-                );
-                continue;
-            }
-            request = request.header(key.as_str(), value.as_str());
-        }
+        // Apply user-configured custom headers after protocol framing so
+        // reserved Accept / Content-Type overrides can be filtered out.
+        let mut request = apply_safe_custom_headers(
+            with_default_mcp_http_headers(self.client.post(&self.url), true),
+            &self.headers,
+        );
         // Attach any previously captured session ID per the Streamable
         // HTTP spec so the server can correlate this request to the
         // existing session.
@@ -1112,10 +1116,13 @@ impl McpTransport for SseTransport {
             .endpoint_url
             .as_ref()
             .context("SSE endpoint not yet discovered")?;
-        let response = with_default_mcp_http_headers(self.client.post(endpoint), true)
-            .body(msg)
-            .send()
-            .await?;
+        let response = apply_safe_custom_headers(
+            with_default_mcp_http_headers(self.client.post(endpoint), true),
+            &self.headers,
+        )
+        .body(msg)
+        .send()
+        .await?;
         if !response.status().is_success() {
             anyhow::bail!("Failed to send message via SSE POST: {}", response.status());
         }
@@ -1235,6 +1242,7 @@ impl McpConnection {
                     SseTransport::connect(
                         client,
                         url.clone(),
+                        config.headers.clone(),
                         cancel_token.clone(),
                         Duration::from_secs(connect_timeout_secs),
                     )
@@ -1350,7 +1358,7 @@ impl McpConnection {
         let init_id = self.next_id();
         self.send(serde_json::json!({
             "jsonrpc": "2.0",
-            "id": init_id.clone(),
+            "id": &init_id,
             "method": "initialize",
             "params": {
                 "protocolVersion": "2024-11-05",
@@ -1401,7 +1409,7 @@ impl McpConnection {
             };
             self.send(serde_json::json!({
                 "jsonrpc": "2.0",
-                "id": list_id.clone(),
+                "id": &list_id,
                 "method": "tools/list",
                 "params": params
             }))
@@ -1453,7 +1461,7 @@ impl McpConnection {
             };
             self.send(serde_json::json!({
                 "jsonrpc": "2.0",
-                "id": list_id.clone(),
+                "id": &list_id,
                 "method": "resources/list",
                 "params": params
             }))
@@ -1497,7 +1505,7 @@ impl McpConnection {
             };
             self.send(serde_json::json!({
                 "jsonrpc": "2.0",
-                "id": list_id.clone(),
+                "id": &list_id,
                 "method": "resources/templates/list",
                 "params": params
             }))
@@ -1545,7 +1553,7 @@ impl McpConnection {
             };
             self.send(serde_json::json!({
                 "jsonrpc": "2.0",
-                "id": list_id.clone(),
+                "id": &list_id,
                 "method": "prompts/list",
                 "params": params
             }))
@@ -1648,7 +1656,7 @@ impl McpConnection {
         let call_id = self.next_id();
         self.send(serde_json::json!({
             "jsonrpc": "2.0",
-            "id": call_id.clone(),
+            "id": &call_id,
             "method": method,
             "params": params
         }))
@@ -3820,10 +3828,15 @@ mod tests {
 
         let client = reqwest::Client::new();
         let url = format!("http://{addr}/sse");
-        let mut transport =
-            SseTransport::connect(client, url, cancel_token.clone(), Duration::from_secs(2))
-                .await
-                .unwrap();
+        let mut transport = SseTransport::connect(
+            client,
+            url,
+            HashMap::new(),
+            cancel_token.clone(),
+            Duration::from_secs(2),
+        )
+        .await
+        .unwrap();
 
         transport
             .send(json_frame(serde_json::json!({
@@ -3905,10 +3918,15 @@ mod tests {
 
         let client = reqwest::Client::new();
         let url = format!("http://{addr}/sse");
-        let mut transport =
-            SseTransport::connect(client, url, cancel_token.clone(), Duration::from_secs(2))
-                .await
-                .unwrap();
+        let mut transport = SseTransport::connect(
+            client,
+            url,
+            HashMap::new(),
+            cancel_token.clone(),
+            Duration::from_secs(2),
+        )
+        .await
+        .unwrap();
 
         transport
             .send(json_frame(serde_json::json!({
@@ -3928,6 +3946,111 @@ mod tests {
         server.abort();
     }
 
+    #[tokio::test]
+    async fn sse_transport_applies_custom_headers_to_get_and_post() {
+        use std::sync::{
+            Arc,
+            atomic::{AtomicBool, Ordering as AtomicOrdering},
+        };
+        use tokio::io::{AsyncReadExt, AsyncWriteExt};
+        use tokio::net::TcpListener;
+
+        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let addr = listener.local_addr().unwrap();
+        let get_header_seen = Arc::new(AtomicBool::new(false));
+        let post_header_seen = Arc::new(AtomicBool::new(false));
+        let server_get_header_seen = Arc::clone(&get_header_seen);
+        let server_post_header_seen = Arc::clone(&post_header_seen);
+        let cancel_token = tokio_util::sync::CancellationToken::new();
+        let server_cancel = cancel_token.clone();
+
+        let server = tokio::spawn(async move {
+            loop {
+                let Ok((mut socket, _)) = listener.accept().await else {
+                    break;
+                };
+                let get_header_seen = Arc::clone(&server_get_header_seen);
+                let post_header_seen = Arc::clone(&server_post_header_seen);
+                let server_cancel = server_cancel.clone();
+                tokio::spawn(async move {
+                    let mut request = Vec::new();
+                    let mut buf = [0; 1024];
+                    loop {
+                        let n = socket.read(&mut buf).await.unwrap();
+                        if n == 0 {
+                            return;
+                        }
+                        request.extend_from_slice(&buf[..n]);
+                        if request.windows(4).any(|window| window == b"\r\n\r\n") {
+                            break;
+                        }
+                    }
+                    let request = String::from_utf8_lossy(&request);
+                    let request_lower = request.to_lowercase();
+                    if request.starts_with("GET /sse ") {
+                        if request_lower.contains("x-custom-auth: my-test-token") {
+                            get_header_seen.store(true, AtomicOrdering::SeqCst);
+                        }
+                        socket
+                            .write_all(
+                                b"HTTP/1.1 200 OK\r\nContent-Type: text/event-stream\r\n\r\n",
+                            )
+                            .await
+                            .unwrap();
+                        socket
+                            .write_all(b"event: endpoint\ndata: /messages\n\n")
+                            .await
+                            .unwrap();
+                        server_cancel.cancelled().await;
+                    } else if request.starts_with("POST /messages ") {
+                        if request_lower.contains("x-custom-auth: my-test-token") {
+                            post_header_seen.store(true, AtomicOrdering::SeqCst);
+                        }
+                        socket
+                            .write_all(b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
+                            .await
+                            .unwrap();
+                    }
+                });
+            }
+        });
+
+        let client = reqwest::Client::new();
+        let url = format!("http://{addr}/sse");
+        let mut headers = HashMap::new();
+        headers.insert("X-Custom-Auth".to_string(), "my-test-token".to_string());
+        let mut transport = SseTransport::connect(
+            client,
+            url,
+            headers,
+            cancel_token.clone(),
+            Duration::from_secs(2),
+        )
+        .await
+        .unwrap();
+
+        transport
+            .send(json_frame(serde_json::json!({
+                "jsonrpc": "2.0",
+                "id": 1,
+                "method": "initialize"
+            })))
+            .await
+            .unwrap();
+
+        assert!(
+            get_header_seen.load(AtomicOrdering::SeqCst),
+            "legacy SSE GET must include user-configured custom headers"
+        );
+        assert!(
+            post_header_seen.load(AtomicOrdering::SeqCst),
+            "legacy SSE POST must include user-configured custom headers"
+        );
+
+        cancel_token.cancel();
+        server.abort();
+    }
+
     #[test]
     fn session_id_starts_none() {
         let transport = StreamableHttpTransport::new(

From 29417b3b37cdc893634b99de10ab406101e149b7 Mon Sep 17 00:00:00 2001
From: zhuang biaowei <zbw@kaiyuanshe.org>
Date: Thu, 28 May 2026 14:06:11 +0800
Subject: [PATCH 190/283] Require explicit MCP SSE transport

---
 crates/tui/src/commands/mcp.rs |   8 ++-
 crates/tui/src/main.rs         |  13 ++++
 crates/tui/src/mcp.rs          | 120 +++++++++++++++++++++++++++++----
 crates/tui/src/tui/app.rs      |   1 +
 crates/tui/src/tui/ui.rs       |  10 ++-
 5 files changed, 134 insertions(+), 18 deletions(-)

diff --git a/crates/tui/src/commands/mcp.rs b/crates/tui/src/commands/mcp.rs
index 2a29f729..7edf9500 100644
--- a/crates/tui/src/commands/mcp.rs
+++ b/crates/tui/src/commands/mcp.rs
@@ -56,9 +56,15 @@ fn parse_add(parts: Vec<&str>) -> CommandResult {
             command: parts[2].to_string(),
             args: parts[3..].iter().map(|s| (*s).to_string()).collect(),
         })),
-        "http" | "sse" => CommandResult::action(AppAction::Mcp(McpUiAction::AddHttp {
+        "http" => CommandResult::action(AppAction::Mcp(McpUiAction::AddHttp {
             name: parts[1].to_string(),
             url: parts[2].to_string(),
+            transport: None,
+        })),
+        "sse" => CommandResult::action(AppAction::Mcp(McpUiAction::AddHttp {
+            name: parts[1].to_string(),
+            url: parts[2].to_string(),
+            transport: Some("sse".to_string()),
         })),
         _ => CommandResult::error(
             "Usage: /mcp add stdio <name> <command> [args...] OR /mcp add http <name> <url>",
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 476124ce..64ef7992 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -636,6 +636,9 @@ enum McpCommand {
         /// URL for streamable HTTP/SSE server
         #[arg(long, conflicts_with = "command")]
         url: Option<String>,
+        /// Explicit URL transport override. Use "sse" for legacy SSE endpoints.
+        #[arg(long, requires = "url")]
+        transport: Option<String>,
         /// Arguments for command-based servers
         #[arg(long = "arg")]
         args: Vec<String>,
@@ -1422,6 +1425,7 @@ fn mcp_template_json() -> Result<String> {
             args: vec!["./path/to/your-mcp-server.js".to_string()],
             env: std::collections::HashMap::new(),
             url: None,
+            transport: None,
             connect_timeout: None,
             execute_timeout: None,
             read_timeout: None,
@@ -4142,11 +4146,17 @@ async fn run_mcp_command(config: &Config, command: McpCommand) -> Result<()> {
             name,
             command,
             url,
+            transport,
             args,
         } => {
             if command.is_none() && url.is_none() {
                 bail!("Provide either --command or --url for `mcp add`.");
             }
+            if let Some(transport) = transport.as_deref() {
+                if !transport.trim().eq_ignore_ascii_case("sse") {
+                    bail!("Unsupported MCP transport '{transport}'. Supported values: sse");
+                }
+            }
             let mut cfg = load_mcp_config(&config_path)?;
             cfg.servers.insert(
                 name.clone(),
@@ -4155,6 +4165,7 @@ async fn run_mcp_command(config: &Config, command: McpCommand) -> Result<()> {
                     args,
                     env: std::collections::HashMap::new(),
                     url,
+                    transport,
                     connect_timeout: None,
                     execute_timeout: None,
                     read_timeout: None,
@@ -4241,6 +4252,7 @@ async fn run_mcp_command(config: &Config, command: McpCommand) -> Result<()> {
                     args,
                     env: std::collections::HashMap::new(),
                     url: None,
+                    transport: None,
                     connect_timeout: None,
                     execute_timeout: None,
                     read_timeout: None,
@@ -6739,6 +6751,7 @@ mod doctor_mcp_tests {
             args: args.iter().map(|s| s.to_string()).collect(),
             env: std::collections::HashMap::new(),
             url: url.map(String::from),
+            transport: None,
             connect_timeout: None,
             execute_timeout: None,
             read_timeout: None,
diff --git a/crates/tui/src/mcp.rs b/crates/tui/src/mcp.rs
index dd74a6f5..2f484cd9 100644
--- a/crates/tui/src/mcp.rs
+++ b/crates/tui/src/mcp.rs
@@ -248,6 +248,16 @@ pub struct McpServerConfig {
     #[serde(default)]
     pub env: HashMap<String, String>,
     pub url: Option<String>,
+    /// Optional explicit HTTP transport override.
+    ///
+    /// By default URL-based MCP servers use Streamable HTTP first and fall
+    /// back to legacy SSE only when the server rejects Streamable HTTP with
+    /// a known incompatible status. Set this to `"sse"` for legacy SSE
+    /// endpoints that must start with a long-lived GET endpoint discovery
+    /// stream and cannot accept an initial POST to the configured URL.
+    #[serde(default)]
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub transport: Option<String>,
     #[serde(default)]
     pub connect_timeout: Option<u64>,
     #[serde(default)]
@@ -1091,12 +1101,24 @@ fn sse_field_value<'a>(line: &'a str, field: &str) -> Option<&'a str> {
     Some(value.strip_prefix(' ').unwrap_or(value))
 }
 
-fn is_legacy_sse_endpoint_url(url: &str) -> bool {
-    reqwest::Url::parse(url)
-        .map(|url| url.path().trim_end_matches('/').ends_with("/sse"))
+fn is_legacy_sse_transport(config: &McpServerConfig) -> bool {
+    config
+        .transport
+        .as_deref()
+        .map(|transport| transport.trim().eq_ignore_ascii_case("sse"))
         .unwrap_or(false)
 }
 
+fn validate_mcp_transport(transport: Option<&str>) -> Result<()> {
+    let Some(transport) = transport else {
+        return Ok(());
+    };
+    if transport.trim().eq_ignore_ascii_case("sse") {
+        return Ok(());
+    }
+    anyhow::bail!("Unsupported MCP transport '{transport}'. Supported values: sse");
+}
+
 fn response_id_matches(id: Option<&serde_json::Value>, expected_id: &str) -> bool {
     let Some(id) = id else {
         return false;
@@ -1237,7 +1259,7 @@ impl McpConnection {
                 }
             }
             let client = client_builder.build()?;
-            if is_legacy_sse_endpoint_url(url) {
+            if is_legacy_sse_transport(&config) {
                 Box::new(
                     SseTransport::connect(
                         client,
@@ -2494,6 +2516,7 @@ fn mcp_template_json() -> Result<String> {
             args: vec!["./path/to/your-mcp-server.js".to_string()],
             env: HashMap::new(),
             url: None,
+            transport: None,
             connect_timeout: None,
             execute_timeout: None,
             read_timeout: None,
@@ -2534,10 +2557,12 @@ pub fn add_server_config(
     command: Option<String>,
     url: Option<String>,
     args: Vec<String>,
+    transport: Option<String>,
 ) -> Result<()> {
     if command.is_none() && url.is_none() {
         anyhow::bail!("Provide either a command or URL for MCP server '{name}'.");
     }
+    validate_mcp_transport(transport.as_deref())?;
     let mut cfg = load_config(path)?;
     cfg.servers.insert(
         name,
@@ -2546,6 +2571,7 @@ pub fn add_server_config(
             args,
             env: HashMap::new(),
             url,
+            transport,
             connect_timeout: None,
             execute_timeout: None,
             read_timeout: None,
@@ -2630,7 +2656,11 @@ fn snapshot_from_config(
         .iter()
         .map(|(name, server)| {
             let transport = if server.url.is_some() {
-                "http/sse"
+                if is_legacy_sse_transport(server) {
+                    "sse"
+                } else {
+                    "http/sse"
+                }
             } else {
                 "stdio"
             };
@@ -2841,6 +2871,7 @@ mod tests {
             args: vec!["server.js".into()],
             env: HashMap::new(),
             url: None,
+            transport: None,
             connect_timeout: None,
             execute_timeout: None,
             read_timeout: None,
@@ -3001,6 +3032,7 @@ mod tests {
             Some("node".to_string()),
             None,
             vec!["server.js".to_string()],
+            None,
         )
         .unwrap();
         set_server_enabled(&path, "local", false).unwrap();
@@ -3018,6 +3050,54 @@ mod tests {
         assert!(removed.servers.iter().all(|server| server.name != "local"));
     }
 
+    #[test]
+    fn test_mcp_config_adds_explicit_sse_transport() {
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("mcp.json");
+
+        add_server_config(
+            &path,
+            "legacy".to_string(),
+            None,
+            Some("https://example.com/v1/mcp/sse".to_string()),
+            Vec::new(),
+            Some("sse".to_string()),
+        )
+        .unwrap();
+
+        let cfg = load_config(&path).unwrap();
+        assert_eq!(
+            cfg.servers
+                .get("legacy")
+                .and_then(|server| server.transport.as_deref()),
+            Some("sse")
+        );
+
+        let snapshot = manager_snapshot_from_config(&path, false).unwrap();
+        assert_eq!(snapshot.servers[0].transport, "sse");
+    }
+
+    #[test]
+    fn test_mcp_config_rejects_unknown_transport() {
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("mcp.json");
+
+        let err = add_server_config(
+            &path,
+            "bad".to_string(),
+            None,
+            Some("https://example.com/mcp".to_string()),
+            Vec::new(),
+            Some("streamable".to_string()),
+        )
+        .expect_err("unknown transport should fail");
+
+        assert!(
+            format!("{err:#}").contains("Unsupported MCP transport"),
+            "got: {err:#}"
+        );
+    }
+
     #[test]
     fn test_server_effective_timeouts() {
         let global = McpTimeouts::default();
@@ -3027,6 +3107,7 @@ mod tests {
             args: vec![],
             env: HashMap::new(),
             url: None,
+            transport: None,
             connect_timeout: Some(20),
             execute_timeout: None,
             read_timeout: Some(180),
@@ -3137,6 +3218,7 @@ mod tests {
             args: Vec::new(),
             env: HashMap::new(),
             url: None,
+            transport: None,
             connect_timeout: None,
             execute_timeout: None,
             read_timeout: None,
@@ -3306,6 +3388,7 @@ mod tests {
                 args: vec!["hi".into()],
                 env: Default::default(),
                 url: None,
+                transport: None,
                 connect_timeout: None,
                 execute_timeout: None,
                 read_timeout: None,
@@ -3426,15 +3509,23 @@ mod tests {
     }
 
     #[test]
-    fn legacy_sse_endpoint_url_detects_sse_paths_only() {
-        assert!(is_legacy_sse_endpoint_url(
-            "https://example.com/mcp/abc/sse"
-        ));
-        assert!(is_legacy_sse_endpoint_url(
-            "https://example.com/mcp/abc/sse/"
-        ));
-        assert!(!is_legacy_sse_endpoint_url("https://example.com/mcp"));
-        assert!(!is_legacy_sse_endpoint_url("not a url"));
+    fn legacy_sse_transport_requires_explicit_config() {
+        let mut server = test_server_config();
+        server.url = Some("https://example.com/mcp/abc/sse".to_string());
+
+        assert!(
+            !is_legacy_sse_transport(&server),
+            "/sse paths must not force legacy SSE without an explicit transport override"
+        );
+
+        server.transport = Some("sse".to_string());
+        assert!(is_legacy_sse_transport(&server));
+
+        server.transport = Some("SSE".to_string());
+        assert!(is_legacy_sse_transport(&server));
+
+        server.transport = Some("http".to_string());
+        assert!(!is_legacy_sse_transport(&server));
     }
 
     #[test]
@@ -3562,6 +3653,7 @@ mod tests {
             args: vec![],
             env: HashMap::new(),
             url: Some(format!("http://{addr}/mcp")),
+            transport: None,
             connect_timeout: Some(2),
             execute_timeout: None,
             read_timeout: None,
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 24fb8e38..be73ca6b 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -4825,6 +4825,7 @@ pub enum McpUiAction {
     AddHttp {
         name: String,
         url: String,
+        transport: Option<String>,
     },
     Enable {
         name: String,
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 37c5387e..7dc98ddd 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -5233,12 +5233,16 @@ async fn handle_mcp_ui_action(
             args,
         } => {
             changed = true;
-            mcp::add_server_config(&path, name.clone(), Some(command), None, args)
+            mcp::add_server_config(&path, name.clone(), Some(command), None, args, None)
                 .map(|()| message = Some(format!("Added MCP stdio server '{name}'")))
         }
-        crate::tui::app::McpUiAction::AddHttp { name, url } => {
+        crate::tui::app::McpUiAction::AddHttp {
+            name,
+            url,
+            transport,
+        } => {
             changed = true;
-            mcp::add_server_config(&path, name.clone(), None, Some(url), Vec::new())
+            mcp::add_server_config(&path, name.clone(), None, Some(url), Vec::new(), transport)
                 .map(|()| message = Some(format!("Added MCP HTTP/SSE server '{name}'")))
         }
         crate::tui::app::McpUiAction::Enable { name } => {

From 58c57cb798848c1e84eda916f41a38ca8488147a Mon Sep 17 00:00:00 2001
From: zhuang biaowei <zbw@kaiyuanshe.org>
Date: Thu, 28 May 2026 16:39:01 +0800
Subject: [PATCH 191/283] Improve MCP SSE error diagnostics

---
 crates/tui/src/mcp.rs | 138 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 136 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/mcp.rs b/crates/tui/src/mcp.rs
index 2f484cd9..ed8cdaeb 100644
--- a/crates/tui/src/mcp.rs
+++ b/crates/tui/src/mcp.rs
@@ -1145,8 +1145,15 @@ impl McpTransport for SseTransport {
         .body(msg)
         .send()
         .await?;
-        if !response.status().is_success() {
-            anyhow::bail!("Failed to send message via SSE POST: {}", response.status());
+        let status = response.status();
+        if !status.is_success() {
+            let body_excerpt = bounded_body_excerpt(response, ERROR_BODY_PREVIEW_BYTES).await;
+            anyhow::bail!(
+                "MCP SSE POST rejected (transport=sse endpoint={} status={}): {}",
+                mask_url_secrets(endpoint),
+                status,
+                body_excerpt
+            );
         }
         Ok(())
     }
@@ -3450,6 +3457,49 @@ mod tests {
         );
     }
 
+    #[tokio::test]
+    async fn mcp_pool_call_tool_preserves_tool_names_with_dashes() {
+        let sent = Arc::new(Mutex::new(Vec::new()));
+        let transport = ScriptedValueTransport {
+            sent: Arc::clone(&sent),
+            responses: VecDeque::from([json_frame(serde_json::json!({
+                "jsonrpc": "2.0",
+                "id": 1,
+                "result": {"ok": true}
+            }))]),
+        };
+        let mut conn = test_connection(Box::new(transport));
+        conn.name = "dephy".to_string();
+        conn.tools = vec![McpTool {
+            name: "company--search".to_string(),
+            description: None,
+            input_schema: serde_json::json!({}),
+        }];
+
+        let mut pool = McpPool::new(McpConfig {
+            timeouts: McpTimeouts::default(),
+            servers: HashMap::new(),
+        });
+        pool.connections.insert("dephy".to_string(), conn);
+
+        let result = pool
+            .call_tool(
+                "mcp_dephy_company--search",
+                serde_json::json!({"query": "dephy"}),
+            )
+            .await
+            .unwrap();
+
+        assert_eq!(result, serde_json::json!({"ok": true}));
+        let sent = sent.lock().unwrap();
+        assert_eq!(sent[0]["method"], "tools/call");
+        assert_eq!(sent[0]["params"]["name"], "company--search");
+        assert_eq!(
+            sent[0]["params"]["arguments"],
+            serde_json::json!({"query": "dephy"})
+        );
+    }
+
     /// #1244: when an MCP stdio server fails to spawn, the underlying OS
     /// error (e.g. ENOENT for a missing binary) must reach the user via the
     /// snapshot.error string. Regression test for `err.to_string()` dropping
@@ -4143,6 +4193,90 @@ mod tests {
         server.abort();
     }
 
+    #[tokio::test]
+    async fn sse_post_error_includes_response_body_excerpt() {
+        use tokio::io::{AsyncReadExt, AsyncWriteExt};
+        use tokio::net::TcpListener;
+
+        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let addr = listener.local_addr().unwrap();
+        let cancel_token = tokio_util::sync::CancellationToken::new();
+        let server_cancel = cancel_token.clone();
+
+        let server = tokio::spawn(async move {
+            loop {
+                let Ok((mut socket, _)) = listener.accept().await else {
+                    break;
+                };
+                let server_cancel = server_cancel.clone();
+                tokio::spawn(async move {
+                    let mut request = Vec::new();
+                    let mut buf = [0; 1024];
+                    loop {
+                        let n = socket.read(&mut buf).await.unwrap();
+                        if n == 0 {
+                            return;
+                        }
+                        request.extend_from_slice(&buf[..n]);
+                        if request.windows(4).any(|window| window == b"\r\n\r\n") {
+                            break;
+                        }
+                    }
+                    let request = String::from_utf8_lossy(&request);
+                    if request.starts_with("GET /sse ") {
+                        socket
+                            .write_all(
+                                b"HTTP/1.1 200 OK\r\nContent-Type: text/event-stream\r\n\r\n",
+                            )
+                            .await
+                            .unwrap();
+                        socket
+                            .write_all(b"event: endpoint\ndata: /messages\n\n")
+                            .await
+                            .unwrap();
+                        server_cancel.cancelled().await;
+                    } else if request.starts_with("POST /messages ") {
+                        socket
+                            .write_all(
+                                b"HTTP/1.1 400 Bad Request\r\nContent-Type: application/json\r\nContent-Length: 25\r\n\r\n{\"error\":\"missing query\"}",
+                            )
+                            .await
+                            .unwrap();
+                    }
+                });
+            }
+        });
+
+        let client = reqwest::Client::new();
+        let url = format!("http://{addr}/sse");
+        let mut transport = SseTransport::connect(
+            client,
+            url,
+            HashMap::new(),
+            cancel_token.clone(),
+            Duration::from_secs(2),
+        )
+        .await
+        .unwrap();
+
+        let err = transport
+            .send(json_frame(serde_json::json!({
+                "jsonrpc": "2.0",
+                "id": 1,
+                "method": "initialize"
+            })))
+            .await
+            .expect_err("POST rejection should be returned");
+        let err = format!("{err:#}");
+        assert!(
+            err.contains("400 Bad Request") && err.contains("missing query"),
+            "SSE POST error should include status and body, got: {err}"
+        );
+
+        cancel_token.cancel();
+        server.abort();
+    }
+
     #[test]
     fn session_id_starts_none() {
         let transport = StreamableHttpTransport::new(

From d26c2128b8ef0e411d63a4a111f77f80b1bf424f Mon Sep 17 00:00:00 2001
From: zhuang biaowei <zbw@kaiyuanshe.org>
Date: Thu, 28 May 2026 21:29:58 +0800
Subject: [PATCH 192/283] Retry MCP calls after stale SSE connections

---
 crates/tui/src/mcp.rs | 592 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 591 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/mcp.rs b/crates/tui/src/mcp.rs
index ed8cdaeb..e899e593 100644
--- a/crates/tui/src/mcp.rs
+++ b/crates/tui/src/mcp.rs
@@ -610,6 +610,7 @@ struct StreamableHttpTransport {
 #[derive(Debug)]
 enum StreamableSendError {
     Incompatible(String),
+    StaleSession(String),
     Other(anyhow::Error),
 }
 
@@ -922,6 +923,19 @@ impl McpTransport for HttpTransport {
                     );
                     self.switch_to_sse_and_send(msg).await
                 }
+                Err(StreamableSendError::StaleSession(detail)) => {
+                    if let HttpTransportMode::Streamable(transport) = &mut self.mode {
+                        tracing::debug!(
+                            target: "mcp",
+                            error = %detail,
+                            "MCP Streamable HTTP session expired; clearing cached session ID"
+                        );
+                        transport.session_id = None;
+                    }
+                    Err(anyhow::anyhow!(
+                        "MCP Streamable HTTP session expired; retry with a new session required ({detail})"
+                    ))
+                }
                 Err(StreamableSendError::Other(err)) => Err(err),
             },
             HttpTransportMode::Sse(transport) => transport.send(msg).await,
@@ -992,6 +1006,13 @@ impl StreamableHttpTransport {
 
         if !status.is_success() {
             let body_excerpt = bounded_body_excerpt(response, ERROR_BODY_PREVIEW_BYTES).await;
+            if self.session_id.is_some()
+                && is_streamable_http_stale_session_status(status, &body_excerpt)
+            {
+                return Err(StreamableSendError::StaleSession(format!(
+                    "status={status} body={body_excerpt}"
+                )));
+            }
             if is_streamable_http_incompatible_status(status) {
                 return Err(StreamableSendError::Incompatible(format!(
                     "status={status} body={body_excerpt}"
@@ -1058,6 +1079,30 @@ fn is_streamable_http_incompatible_status(status: StatusCode) -> bool {
     )
 }
 
+fn is_streamable_http_stale_session_status(status: StatusCode, body_excerpt: &str) -> bool {
+    if status == StatusCode::NOT_FOUND {
+        return true;
+    }
+    if status != StatusCode::BAD_REQUEST && status != StatusCode::UNAUTHORIZED {
+        return false;
+    }
+    let body = body_excerpt.to_ascii_lowercase();
+    body.contains("session") && (body.contains("expired") || body.contains("invalid"))
+}
+
+fn is_mcp_stale_session_body(body: &str) -> bool {
+    let body = body.to_ascii_lowercase();
+    body.contains("session") && (body.contains("expired") || body.contains("invalid"))
+}
+
+fn is_mcp_stale_session_error(err: &anyhow::Error) -> bool {
+    let err = format!("{err:#}");
+    err.contains("MCP Streamable HTTP session expired")
+        || err.contains("MCP session expired")
+        || err.contains("SSE transport closed")
+        || is_mcp_stale_session_body(&err)
+}
+
 fn parse_sse_message_data(body: &str) -> Vec<Vec<u8>> {
     let normalized = body.replace("\r\n", "\n");
     let mut messages = Vec::new();
@@ -1148,6 +1193,14 @@ impl McpTransport for SseTransport {
         let status = response.status();
         if !status.is_success() {
             let body_excerpt = bounded_body_excerpt(response, ERROR_BODY_PREVIEW_BYTES).await;
+            if is_mcp_stale_session_body(&body_excerpt) {
+                anyhow::bail!(
+                    "MCP session expired (transport=sse endpoint={} status={}): {}",
+                    mask_url_secrets(endpoint),
+                    status,
+                    body_excerpt
+                );
+            }
             anyhow::bail!(
                 "MCP SSE POST rejected (transport=sse endpoint={} status={}): {}",
                 mask_url_secrets(endpoint),
@@ -1779,6 +1832,11 @@ impl McpConnection {
             // IDs, but accept numeric echoes for compatibility with older
             // servers and tests.
             if response_id_matches(value.get("id"), &expected_id) {
+                if let Some(error) = value.get("error") {
+                    if is_mcp_stale_session_body(&error.to_string()) {
+                        anyhow::bail!("MCP session expired: {error}");
+                    }
+                }
                 return Ok(value);
             }
             // Skip notifications (no id) and responses with different ids
@@ -2359,7 +2417,26 @@ impl McpPool {
             anyhow::bail!("MCP tool '{tool_name}' is disabled for server '{server_name}'");
         }
         let timeout = conn.config().effective_execute_timeout(&global_timeouts);
-        conn.call_tool(tool_name, arguments, timeout).await
+        match conn.call_tool(tool_name, arguments.clone(), timeout).await {
+            Ok(result) => Ok(result),
+            Err(err) if is_mcp_stale_session_error(&err) => {
+                tracing::debug!(
+                    target: "mcp",
+                    server = server_name,
+                    tool = tool_name,
+                    error = %err,
+                    "retrying MCP tool call after stale session"
+                );
+                self.connections.remove(server_name);
+                let conn = self.get_or_connect(server_name).await?;
+                if !conn.config().is_tool_enabled(tool_name) {
+                    anyhow::bail!("MCP tool '{tool_name}' is disabled for server '{server_name}'");
+                }
+                let timeout = conn.config().effective_execute_timeout(&global_timeouts);
+                conn.call_tool(tool_name, arguments, timeout).await
+            }
+            Err(err) => Err(err),
+        }
     }
 
     /// Get list of configured server names
@@ -3500,6 +3577,94 @@ mod tests {
         );
     }
 
+    #[tokio::test]
+    async fn json_rpc_session_error_is_marked_stale() {
+        let sent = Arc::new(Mutex::new(Vec::new()));
+        let transport = ScriptedValueTransport {
+            sent: Arc::clone(&sent),
+            responses: VecDeque::from([json_frame(serde_json::json!({
+                "jsonrpc": "2.0",
+                "id": 1,
+                "error": {
+                    "code": -32001,
+                    "message": "MCP session expired"
+                }
+            }))]),
+        };
+        let mut conn = test_connection(Box::new(transport));
+
+        let err = conn
+            .call_tool("search", serde_json::json!({"query": "dephy"}), 1)
+            .await
+            .expect_err("session error should fail");
+
+        assert!(
+            is_mcp_stale_session_error(&err),
+            "JSON-RPC session error should be retryable, got: {err:#}"
+        );
+    }
+
+    #[test]
+    fn sse_transport_closed_is_retryable() {
+        let err = anyhow::anyhow!("SSE transport closed");
+        assert!(
+            is_mcp_stale_session_error(&err),
+            "closed SSE stream should force reconnect before retry"
+        );
+    }
+
+    #[tokio::test]
+    async fn discover_all_ignores_unsupported_optional_capabilities() {
+        let sent = Arc::new(Mutex::new(Vec::new()));
+        let transport = ScriptedValueTransport {
+            sent: Arc::clone(&sent),
+            responses: VecDeque::from([
+                json_frame(serde_json::json!({
+                    "jsonrpc": "2.0",
+                    "id": 1,
+                    "result": {
+                        "tools": [
+                            { "name": "search", "inputSchema": {} }
+                        ]
+                    }
+                })),
+                json_frame(serde_json::json!({
+                    "jsonrpc": "2.0",
+                    "id": 2,
+                    "error": {
+                        "code": -32601,
+                        "message": "resources not supported"
+                    }
+                })),
+                json_frame(serde_json::json!({
+                    "jsonrpc": "2.0",
+                    "id": 3,
+                    "error": {
+                        "code": -32601,
+                        "message": "resource templates not supported"
+                    }
+                })),
+                json_frame(serde_json::json!({
+                    "jsonrpc": "2.0",
+                    "id": 4,
+                    "error": {
+                        "code": -32601,
+                        "message": "prompts not supported"
+                    }
+                })),
+            ]),
+        };
+        let mut conn = test_connection(Box::new(transport));
+
+        conn.discover_all().await.expect("discover");
+
+        assert_eq!(conn.tools.len(), 1);
+        assert_eq!(conn.tools[0].name, "search");
+        assert!(conn.resources.is_empty());
+        assert!(conn.resource_templates.is_empty());
+        assert!(conn.prompts.is_empty());
+    }
+
     /// #1244: when an MCP stdio server fails to spawn, the underlying OS
     /// error (e.g. ENOENT for a missing binary) must reach the user via the
     /// snapshot.error string. Regression test for `err.to_string()` dropping
@@ -4277,6 +4442,431 @@ mod tests {
         server.abort();
     }
 
+    #[tokio::test]
+    async fn streamable_http_stale_session_reconnects_and_retries_tool_call() {
+        use std::sync::atomic::{AtomicUsize, Ordering as AtomicOrdering};
+        use tokio::io::{AsyncReadExt, AsyncWriteExt};
+        use tokio::net::TcpListener;
+
+        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let addr = listener.local_addr().unwrap();
+        let get_count = Arc::new(AtomicUsize::new(0));
+        let stale_seen = Arc::new(AtomicBool::new(false));
+        let success_seen = Arc::new(AtomicBool::new(false));
+        let server_get_count = Arc::clone(&get_count);
+        let server_stale_seen = Arc::clone(&stale_seen);
+        let server_success_seen = Arc::clone(&success_seen);
+
+        let server = tokio::spawn(async move {
+            loop {
+                let Ok((mut socket, _)) = listener.accept().await else {
+                    break;
+                };
+                let get_count = Arc::clone(&server_get_count);
+                let stale_seen = Arc::clone(&server_stale_seen);
+                let success_seen = Arc::clone(&server_success_seen);
+                tokio::spawn(async move {
+                    let mut request = Vec::new();
+                    let mut buf = [0; 4096];
+                    let header_end = loop {
+                        let n = socket.read(&mut buf).await.unwrap();
+                        if n == 0 {
+                            return;
+                        }
+                        request.extend_from_slice(&buf[..n]);
+                        if let Some(pos) = request.windows(4).position(|w| w == b"\r\n\r\n") {
+                            break pos + 4;
+                        }
+                    };
+                    let headers = String::from_utf8_lossy(&request[..header_end]).to_string();
+                    let content_length = headers
+                        .lines()
+                        .find_map(|line| {
+                            let (name, value) = line.split_once(':')?;
+                            name.eq_ignore_ascii_case("content-length")
+                                .then(|| value.trim().parse::<usize>().ok())
+                                .flatten()
+                        })
+                        .unwrap_or(0);
+                    while request.len() < header_end + content_length {
+                        let n = socket.read(&mut buf).await.unwrap();
+                        if n == 0 {
+                            return;
+                        }
+                        request.extend_from_slice(&buf[..n]);
+                    }
+                    let body = &request[header_end..header_end + content_length];
+                    let session_header = headers.lines().find_map(|line| {
+                        let (name, value) = line.split_once(':')?;
+                        name.eq_ignore_ascii_case("mcp-session-id")
+                            .then(|| value.trim().to_string())
+                    });
+
+                    if headers.starts_with("GET /mcp ") {
+                        let count = get_count.fetch_add(1, AtomicOrdering::SeqCst);
+                        let session = if count == 0 { "sess-old" } else { "sess-new" };
+                        let response = format!(
+                            "HTTP/1.1 200 OK\r\nMcp-Session-Id: {session}\r\nContent-Length: 0\r\n\r\n"
+                        );
+                        socket.write_all(response.as_bytes()).await.unwrap();
+                        return;
+                    }
+
+                    let request_json: serde_json::Value = serde_json::from_slice(body).unwrap();
+                    let method = request_json
+                        .get("method")
+                        .and_then(serde_json::Value::as_str)
+                        .unwrap_or("");
+                    let id = request_json
+                        .get("id")
+                        .cloned()
+                        .unwrap_or_else(|| serde_json::json!("0"));
+
+                    if method == "tools/call" && session_header.as_deref() == Some("sess-old") {
+                        stale_seen.store(true, AtomicOrdering::SeqCst);
+                        socket
+                            .write_all(
+                                b"HTTP/1.1 404 Not Found\r\nContent-Type: application/json\r\nContent-Length: 27\r\n\r\n{\"error\":\"session expired\"}",
+                            )
+                            .await
+                            .unwrap();
+                        return;
+                    }
+
+                    let result = match method {
+                        "initialize" => serde_json::json!({
+                            "protocolVersion": "2024-11-05",
+                            "capabilities": {}
+                        }),
+                        "tools/list" => serde_json::json!({
+                            "tools": [
+                                { "name": "search", "inputSchema": {} }
+                            ]
+                        }),
+                        "resources/list" => serde_json::json!({ "resources": [] }),
+                        "resources/templates/list" => {
+                            serde_json::json!({ "resourceTemplates": [] })
+                        }
+                        "prompts/list" => serde_json::json!({ "prompts": [] }),
+                        "tools/call" => {
+                            assert_eq!(session_header.as_deref(), Some("sess-new"));
+                            success_seen.store(true, AtomicOrdering::SeqCst);
+                            serde_json::json!({ "content": [{ "type": "text", "text": "ok" }] })
+                        }
+                        _ => {
+                            socket
+                                .write_all(b"HTTP/1.1 202 Accepted\r\nContent-Length: 0\r\n\r\n")
+                                .await
+                                .unwrap();
+                            return;
+                        }
+                    };
+                    let response_body = serde_json::json!({
+                        "jsonrpc": "2.0",
+                        "id": id,
+                        "result": result
+                    })
+                    .to_string();
+                    let response = format!(
+                        "HTTP/1.1 200 OK\r\nContent-Type: application/json\r\nContent-Length: {}\r\n\r\n{}",
+                        response_body.len(),
+                        response_body
+                    );
+                    socket.write_all(response.as_bytes()).await.unwrap();
+                });
+            }
+        });
+
+        let mut cfg = McpConfig::default();
+        cfg.servers.insert(
+            "dephy".to_string(),
+            McpServerConfig {
+                command: None,
+                args: Vec::new(),
+                env: HashMap::new(),
+                url: Some(format!("http://{addr}/mcp")),
+                transport: None,
+                connect_timeout: Some(2),
+                execute_timeout: Some(2),
+                read_timeout: None,
+                disabled: false,
+                enabled: true,
+                required: false,
+                enabled_tools: Vec::new(),
+                disabled_tools: Vec::new(),
+                headers: HashMap::new(),
+            },
+        );
+        let mut pool = McpPool::new(cfg);
+
+        let result = pool
+            .call_tool("mcp_dephy_search", serde_json::json!({ "query": "dephy" }))
+            .await
+            .unwrap();
+
+        assert_eq!(
+            result,
+            serde_json::json!({ "content": [{ "type": "text", "text": "ok" }] })
+        );
+        assert!(stale_seen.load(AtomicOrdering::SeqCst));
+        assert!(success_seen.load(AtomicOrdering::SeqCst));
+        assert_eq!(get_count.load(AtomicOrdering::SeqCst), 2);
+
+        server.abort();
+    }
+
+    #[tokio::test]
+    async fn legacy_sse_session_expiry_is_marked_stale() {
+        use tokio::io::{AsyncReadExt, AsyncWriteExt};
+        use tokio::net::TcpListener;
+        use tokio::sync::mpsc;
+
+        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let addr = listener.local_addr().unwrap();
+
+        let server = tokio::spawn(async move {
+            let (mut socket, _) = listener.accept().await.unwrap();
+            let mut request = Vec::new();
+            let mut buf = [0; 4096];
+            let header_end = loop {
+                let n = socket.read(&mut buf).await.unwrap();
+                if n == 0 {
+                    return;
+                }
+                request.extend_from_slice(&buf[..n]);
+                if let Some(pos) = request.windows(4).position(|w| w == b"\r\n\r\n") {
+                    break pos + 4;
+                }
+            };
+            let headers = String::from_utf8_lossy(&request[..header_end]);
+            assert!(headers.starts_with("POST /messages "));
+            socket
+                .write_all(
+                    b"HTTP/1.1 400 Bad Request\r\nContent-Type: application/json\r\nContent-Length: 27\r\n\r\n{\"error\":\"session expired\"}",
+                )
+                .await
+                .unwrap();
+        });
+
+        let (_sender, receiver) = mpsc::unbounded_channel();
+        let mut transport = SseTransport {
+            client: reqwest::Client::new(),
+            base_url: format!("http://{addr}/sse"),
+            headers: HashMap::new(),
+            endpoint_url: Some(format!("http://{addr}/messages")),
+            receiver,
+            pending_messages: VecDeque::new(),
+        };
+
+        let err = transport
+            .send(br#"{"jsonrpc":"2.0","id":1,"method":"tools/call"}"#.to_vec())
+            .await
+            .expect_err("expired SSE session should fail");
+
+        assert!(
+            is_mcp_stale_session_error(&err),
+            "SSE session expiry should be retryable, got: {err:#}"
+        );
+
+        server.abort();
+    }
+
+    #[tokio::test]
+    async fn legacy_sse_closed_stream_reconnects_and_retries_tool_call() {
+        use std::sync::atomic::{AtomicUsize, Ordering as AtomicOrdering};
+        use tokio::io::{AsyncReadExt, AsyncWriteExt};
+        use tokio::net::{TcpListener, TcpStream};
+        use tokio::sync::mpsc;
+
+        async fn read_http_request(socket: &mut TcpStream) -> (String, serde_json::Value) {
+            let mut request = Vec::new();
+            let mut buf = [0; 4096];
+            let header_end = loop {
+                let n = socket.read(&mut buf).await.unwrap();
+                if n == 0 {
+                    return (String::new(), serde_json::Value::Null);
+                }
+                request.extend_from_slice(&buf[..n]);
+                if let Some(pos) = request.windows(4).position(|w| w == b"\r\n\r\n") {
+                    break pos + 4;
+                }
+            };
+            let headers = String::from_utf8_lossy(&request[..header_end]).to_string();
+            let content_length = headers
+                .lines()
+                .find_map(|line| {
+                    let (name, value) = line.split_once(':')?;
+                    name.eq_ignore_ascii_case("content-length")
+                        .then(|| value.trim().parse::<usize>().ok())
+                        .flatten()
+                })
+                .unwrap_or(0);
+            while request.len() < header_end + content_length {
+                let n = socket.read(&mut buf).await.unwrap();
+                if n == 0 {
+                    return (headers, serde_json::Value::Null);
+                }
+                request.extend_from_slice(&buf[..n]);
+            }
+            let body = &request[header_end..header_end + content_length];
+            let json = if body.is_empty() {
+                serde_json::Value::Null
+            } else {
+                serde_json::from_slice(body).unwrap()
+            };
+            (headers, json)
+        }
+
+        let listener = TcpListener::bind("127.0.0.1:0").await.unwrap();
+        let addr = listener.local_addr().unwrap();
+        let active_sse = Arc::new(Mutex::new(None::<mpsc::UnboundedSender<Option<String>>>));
+        let get_count = Arc::new(AtomicUsize::new(0));
+        let tool_call_count = Arc::new(AtomicUsize::new(0));
+        let success_seen = Arc::new(AtomicBool::new(false));
+        let server_active_sse = Arc::clone(&active_sse);
+        let server_get_count = Arc::clone(&get_count);
+        let server_tool_call_count = Arc::clone(&tool_call_count);
+        let server_success_seen = Arc::clone(&success_seen);
+
+        let server = tokio::spawn(async move {
+            loop {
+                let Ok((mut socket, _)) = listener.accept().await else {
+                    break;
+                };
+                let active_sse = Arc::clone(&server_active_sse);
+                let get_count = Arc::clone(&server_get_count);
+                let tool_call_count = Arc::clone(&server_tool_call_count);
+                let success_seen = Arc::clone(&server_success_seen);
+                tokio::spawn(async move {
+                    let (headers, request_json) = read_http_request(&mut socket).await;
+                    if headers.starts_with("GET /sse ") {
+                        get_count.fetch_add(1, AtomicOrdering::SeqCst);
+                        let (tx, mut rx) = mpsc::unbounded_channel::<Option<String>>();
+                        *active_sse.lock().unwrap() = Some(tx);
+                        socket
+                            .write_all(
+                                b"HTTP/1.1 200 OK\r\nContent-Type: text/event-stream\r\n\r\n",
+                            )
+                            .await
+                            .unwrap();
+                        socket
+                            .write_all(b"event: endpoint\ndata: /messages\n\n")
+                            .await
+                            .unwrap();
+                        while let Some(message) = rx.recv().await {
+                            let Some(message) = message else {
+                                return;
+                            };
+                            let event = format!("event: message\ndata: {message}\n\n");
+                            socket.write_all(event.as_bytes()).await.unwrap();
+                        }
+                        return;
+                    }
+
+                    if !headers.starts_with("POST /messages ") {
+                        return;
+                    }
+
+                    socket
+                        .write_all(b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
+                        .await
+                        .unwrap();
+
+                    let method = request_json
+                        .get("method")
+                        .and_then(serde_json::Value::as_str)
+                        .unwrap_or("");
+                    if method == "notifications/initialized" {
+                        return;
+                    }
+
+                    let id = request_json
+                        .get("id")
+                        .cloned()
+                        .unwrap_or_else(|| serde_json::json!("0"));
+
+                    if method == "tools/call" {
+                        let count = tool_call_count.fetch_add(1, AtomicOrdering::SeqCst);
+                        if count == 0 {
+                            if let Some(tx) = active_sse.lock().unwrap().take() {
+                                let _ = tx.send(None);
+                            }
+                            return;
+                        }
+                    }
+
+                    let result = match method {
+                        "initialize" => serde_json::json!({
+                            "protocolVersion": "2024-11-05",
+                            "capabilities": {}
+                        }),
+                        "tools/list" => serde_json::json!({
+                            "tools": [
+                                { "name": "search", "inputSchema": {} }
+                            ]
+                        }),
+                        "resources/list" => serde_json::json!({ "resources": [] }),
+                        "resources/templates/list" => {
+                            serde_json::json!({ "resourceTemplates": [] })
+                        }
+                        "prompts/list" => serde_json::json!({ "prompts": [] }),
+                        "tools/call" => {
+                            success_seen.store(true, AtomicOrdering::SeqCst);
+                            serde_json::json!({ "content": [{ "type": "text", "text": "ok" }] })
+                        }
+                        other => panic!("unexpected method: {other}"),
+                    };
+                    let response = serde_json::json!({
+                        "jsonrpc": "2.0",
+                        "id": id,
+                        "result": result
+                    })
+                    .to_string();
+                    if let Some(tx) = active_sse.lock().unwrap().as_ref() {
+                        let _ = tx.send(Some(response));
+                    }
+                });
+            }
+        });
+
+        let mut cfg = McpConfig::default();
+        cfg.servers.insert(
+            "dephy".to_string(),
+            McpServerConfig {
+                command: None,
+                args: Vec::new(),
+                env: HashMap::new(),
+                url: Some(format!("http://{addr}/sse")),
+                transport: Some("sse".to_string()),
+                connect_timeout: Some(2),
+                execute_timeout: Some(2),
+                read_timeout: None,
+                disabled: false,
+                enabled: true,
+                required: false,
+                enabled_tools: Vec::new(),
+                disabled_tools: Vec::new(),
+                headers: HashMap::new(),
+            },
+        );
+        let mut pool = McpPool::new(cfg);
+
+        let result = pool
+            .call_tool("mcp_dephy_search", serde_json::json!({ "query": "dephy" }))
+            .await
+            .unwrap();
+
+        assert_eq!(
+            result,
+            serde_json::json!({ "content": [{ "type": "text", "text": "ok" }] })
+        );
+        assert_eq!(tool_call_count.load(AtomicOrdering::SeqCst), 2);
+        assert_eq!(get_count.load(AtomicOrdering::SeqCst), 2);
+        assert!(success_seen.load(AtomicOrdering::SeqCst));
+
+        server.abort();
+    }
+
     #[test]
     fn session_id_starts_none() {
         let transport = StreamableHttpTransport::new(

From c2b572d969e29e588579f2baacad19c48923c5c5 Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Thu, 28 May 2026 08:02:01 +0800
Subject: [PATCH 193/283] feat(tui): enrich activity detail context

---
 crates/tui/src/tui/ui.rs       | 127 ++++++++++++++++++++++++++++-----
 crates/tui/src/tui/ui/tests.rs |  93 ++++++++++++++++++++++++
 2 files changed, 202 insertions(+), 18 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 7dc98ddd..0d51ed08 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -7668,10 +7668,15 @@ fn activity_detail_text(app: &App, cell_index: usize, width: u16) -> Option<Stri
         sections.push(status);
     }
 
-    if let Some((position, total)) = thinking_chunk_position(app, cell_index) {
-        sections.push(format!("Thinking chunk: {position} of {total}"));
+    if let Some((position, total)) = activity_position(app, cell_index) {
+        sections.push(format!("Activity chunk: {position} of {total}"));
     }
 
+    if let Some(handle) = activity_detail_handle_line(app, cell_index, cell) {
+        sections.push(handle);
+    }
+
+    sections.extend(activity_navigation_lines(app, cell_index));
     sections.push(String::new());
     sections.push(activity_cell_to_text(cell, width));
     Some(sections.join("\n"))
@@ -7721,6 +7726,22 @@ fn reasoning_timeline_text(app: &App, selected_cell_index: usize) -> Option<Stri
     ));
     if let Some(position) = selected_position {
         sections.push(format!("Selected chunk: {position} of {total}"));
+        if position > 1 {
+            let previous_index = thinking_indices[position - 2];
+            let preview = thinking_chunk_preview(app, previous_index);
+            sections.push(format!(
+                "Previous chunk: {} of {total} - {preview}",
+                position - 1
+            ));
+        }
+        if position < total {
+            let next_index = thinking_indices[position];
+            let preview = thinking_chunk_preview(app, next_index);
+            sections.push(format!(
+                "Next chunk: {} of {total} - {preview}",
+                position + 1
+            ));
+        }
     }
     sections.push(String::new());
 
@@ -7762,6 +7783,18 @@ fn reasoning_timeline_text(app: &App, selected_cell_index: usize) -> Option<Stri
     Some(sections.join("\n"))
 }
 
+fn thinking_chunk_preview(app: &App, cell_index: usize) -> String {
+    let Some(HistoryCell::Thinking { content, .. }) = app.cell_at_virtual_index(cell_index) else {
+        return "thinking".to_string();
+    };
+    let preview = one_line_summary(content, 64);
+    if preview.is_empty() {
+        "thinking".to_string()
+    } else {
+        preview
+    }
+}
+
 fn activity_cell_label(app: &App, cell_index: usize, cell: &HistoryCell) -> String {
     match cell {
         HistoryCell::Thinking { .. } => "thinking".to_string(),
@@ -7870,30 +7903,88 @@ fn format_activity_duration_ms(ms: u64) -> String {
     }
 }
 
-fn thinking_chunk_position(app: &App, cell_index: usize) -> Option<(usize, usize)> {
-    if !matches!(
-        app.cell_at_virtual_index(cell_index),
-        Some(HistoryCell::Thinking { .. })
-    ) {
-        return None;
-    }
-
+fn activity_position(app: &App, cell_index: usize) -> Option<(usize, usize)> {
     let mut total = 0usize;
     let mut position = None;
     for idx in 0..app.virtual_cell_count() {
-        if matches!(
-            app.cell_at_virtual_index(idx),
-            Some(HistoryCell::Thinking { .. })
-        ) {
-            total += 1;
-            if idx == cell_index {
-                position = Some(total);
-            }
+        let Some(cell) = app.cell_at_virtual_index(idx) else {
+            continue;
+        };
+        if !is_meaningful_activity_cell(cell) {
+            continue;
+        }
+        total += 1;
+        if idx == cell_index {
+            position = Some(total);
         }
     }
     position.map(|pos| (pos, total))
 }
 
+fn activity_navigation_lines(app: &App, cell_index: usize) -> Vec<String> {
+    let activity_indices: Vec<usize> = (0..app.virtual_cell_count())
+        .filter(|&idx| {
+            app.cell_at_virtual_index(idx)
+                .is_some_and(is_meaningful_activity_cell)
+        })
+        .collect();
+    let Some(position) = activity_indices.iter().position(|&idx| idx == cell_index) else {
+        return Vec::new();
+    };
+    let total = activity_indices.len();
+    let mut lines = Vec::new();
+    if position > 0 {
+        let previous_idx = activity_indices[position - 1];
+        if let Some(cell) = app.cell_at_virtual_index(previous_idx) {
+            let label = activity_cell_label(app, previous_idx, cell);
+            lines.push(format!(
+                "Previous activity: {} of {total} - {}",
+                position,
+                truncate_line_to_width(&label, 56)
+            ));
+        }
+    }
+    if position + 1 < total {
+        let next_idx = activity_indices[position + 1];
+        if let Some(cell) = app.cell_at_virtual_index(next_idx) {
+            let label = activity_cell_label(app, next_idx, cell);
+            lines.push(format!(
+                "Next activity: {} of {total} - {}",
+                position + 2,
+                truncate_line_to_width(&label, 56)
+            ));
+        }
+    }
+    lines
+}
+
+fn activity_detail_handle_line(app: &App, cell_index: usize, cell: &HistoryCell) -> Option<String> {
+    if let Some(detail) = app.tool_detail_record_for_cell(cell_index) {
+        if let Some(artifact) = app
+            .session_artifacts
+            .iter()
+            .find(|artifact| artifact.tool_call_id == detail.tool_id)
+        {
+            return Some(format!(
+                "Detail handle: {} (retrieve_tool_result ref={}; Alt+V raw details)",
+                artifact.id, artifact.id
+            ));
+        }
+        return Some(format!(
+            "Detail handle: tool:{} (Alt+V raw details)",
+            detail.tool_id
+        ));
+    }
+
+    match cell {
+        HistoryCell::Tool(_) if app.cell_has_detail_target(cell_index) => {
+            Some("Detail handle: Alt+V raw details".to_string())
+        }
+        HistoryCell::SubAgent(_) => Some("Detail handle: Alt+V details".to_string()),
+        _ => None,
+    }
+}
+
 fn activity_cell_to_text(cell: &HistoryCell, width: u16) -> String {
     let lines = match cell {
         HistoryCell::Tool(_) => cell.lines_with_options(
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 8dda623d..cea0fb90 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -5091,6 +5091,10 @@ fn activity_detail_opens_reasoning_timeline_for_selected_thinking() {
         body.contains("Selected chunk: 1 of 2"),
         "chunk position missing: {body}"
     );
+    assert!(
+        body.contains("Next chunk: 2 of 2 - second chunk reasoning"),
+        "neighboring chunk missing: {body}"
+    );
     assert!(body.contains("Thinking chunk 1 of 2 (selected)"), "{body}");
     assert!(body.contains("Thinking chunk 2 of 2"), "{body}");
     assert!(body.contains("first chunk reasoning"), "body: {body}");
@@ -5100,6 +5104,95 @@ fn activity_detail_opens_reasoning_timeline_for_selected_thinking() {
     );
 }
 
+#[test]
+fn activity_detail_includes_tool_handle_and_neighbor_context() {
+    let mut app = create_test_app();
+    app.history = vec![
+        HistoryCell::Thinking {
+            content: "checked approach".to_string(),
+            streaming: false,
+            duration_secs: Some(0.6),
+        },
+        HistoryCell::Tool(ToolCell::Generic(GenericToolCell {
+            name: "read_file".to_string(),
+            status: ToolStatus::Success,
+            input_summary: Some("src/main.rs".to_string()),
+            output: Some("bounded preview".to_string()),
+            prompts: None,
+            spillover_path: None,
+            output_summary: None,
+            is_diff: false,
+        })),
+        HistoryCell::Tool(ToolCell::Generic(GenericToolCell {
+            name: "grep_files".to_string(),
+            status: ToolStatus::Success,
+            input_summary: Some("TODO".to_string()),
+            output: Some("grep summary".to_string()),
+            prompts: None,
+            spillover_path: None,
+            output_summary: None,
+            is_diff: false,
+        })),
+    ];
+    app.tool_details_by_cell.insert(
+        1,
+        ToolDetailRecord {
+            tool_id: "call-read".to_string(),
+            tool_name: "read_file".to_string(),
+            input: serde_json::json!({"path": "src/main.rs"}),
+            output: Some("full output behind raw details".to_string()),
+        },
+    );
+    app.session_artifacts
+        .push(crate::artifacts::ArtifactRecord {
+            id: "art_call-read".to_string(),
+            kind: crate::artifacts::ArtifactKind::ToolOutput,
+            session_id: "session-activity".to_string(),
+            tool_call_id: "call-read".to_string(),
+            tool_name: "read_file".to_string(),
+            created_at: chrono::Utc::now(),
+            byte_size: 42,
+            preview: "bounded preview".to_string(),
+            storage_path: PathBuf::from("artifacts").join("art_call-read.txt"),
+        });
+    app.resync_history_revisions();
+    let revisions = app.history_revisions.clone();
+    app.viewport.transcript_cache.ensure(
+        &app.history,
+        &revisions,
+        100,
+        app.transcript_render_options(),
+    );
+    let line = first_line_for_cell(&app, 1);
+    let point = TranscriptSelectionPoint {
+        line_index: line,
+        column: 0,
+    };
+    app.viewport.transcript_selection.anchor = Some(point);
+    app.viewport.transcript_selection.head = Some(point);
+
+    assert!(open_activity_detail_pager(&mut app));
+    let body = pop_pager_body(&mut app);
+
+    assert!(body.contains("Activity: read_file"), "{body}");
+    assert!(body.contains("Activity chunk: 2 of 3"), "{body}");
+    assert!(
+        body.contains("Previous activity: 1 of 3 - thinking"),
+        "{body}"
+    );
+    assert!(
+        body.contains("Next activity: 3 of 3 - tool grep_files"),
+        "{body}"
+    );
+    assert!(body.contains("Detail handle: art_call-read"), "{body}");
+    assert!(
+        body.contains("retrieve_tool_result ref=art_call-read"),
+        "{body}"
+    );
+    assert!(body.contains("Alt+V"), "{body}");
+    assert!(body.contains("raw details"), "{body}");
+}
+
 #[test]
 fn activity_detail_fallback_prefers_live_activity_context() {
     let mut app = create_test_app();

From 5e6b68b99571d5b36654c34e5d0bdd2943c53886 Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Thu, 28 May 2026 09:43:12 +0800
Subject: [PATCH 194/283] fix(tui): refine activity detail review feedback

---
 crates/tui/src/tui/ui.rs       | 49 +++++++++++++---------------------
 crates/tui/src/tui/ui/tests.rs |  5 ++++
 2 files changed, 24 insertions(+), 30 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 0d51ed08..3fbb658c 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -7668,15 +7668,20 @@ fn activity_detail_text(app: &App, cell_index: usize, width: u16) -> Option<Stri
         sections.push(status);
     }
 
-    if let Some((position, total)) = activity_position(app, cell_index) {
-        sections.push(format!("Activity chunk: {position} of {total}"));
+    let activity_indices = activity_indices(app);
+    if let Some(position) = activity_indices.iter().position(|&idx| idx == cell_index) {
+        sections.push(format!(
+            "Activity chunk: {} of {}",
+            position + 1,
+            activity_indices.len()
+        ));
+        sections.extend(activity_navigation_lines(app, position, &activity_indices));
     }
 
     if let Some(handle) = activity_detail_handle_line(app, cell_index, cell) {
         sections.push(handle);
     }
 
-    sections.extend(activity_navigation_lines(app, cell_index));
     sections.push(String::new());
     sections.push(activity_cell_to_text(cell, width));
     Some(sections.join("\n"))
@@ -7903,34 +7908,20 @@ fn format_activity_duration_ms(ms: u64) -> String {
     }
 }
 
-fn activity_position(app: &App, cell_index: usize) -> Option<(usize, usize)> {
-    let mut total = 0usize;
-    let mut position = None;
-    for idx in 0..app.virtual_cell_count() {
-        let Some(cell) = app.cell_at_virtual_index(idx) else {
-            continue;
-        };
-        if !is_meaningful_activity_cell(cell) {
-            continue;
-        }
-        total += 1;
-        if idx == cell_index {
-            position = Some(total);
-        }
-    }
-    position.map(|pos| (pos, total))
-}
-
-fn activity_navigation_lines(app: &App, cell_index: usize) -> Vec<String> {
-    let activity_indices: Vec<usize> = (0..app.virtual_cell_count())
+fn activity_indices(app: &App) -> Vec<usize> {
+    (0..app.virtual_cell_count())
         .filter(|&idx| {
             app.cell_at_virtual_index(idx)
                 .is_some_and(is_meaningful_activity_cell)
         })
-        .collect();
-    let Some(position) = activity_indices.iter().position(|&idx| idx == cell_index) else {
-        return Vec::new();
-    };
+        .collect()
+}
+
+fn activity_navigation_lines(
+    app: &App,
+    position: usize,
+    activity_indices: &[usize],
+) -> Vec<String> {
     let total = activity_indices.len();
     let mut lines = Vec::new();
     if position > 0 {
@@ -7977,9 +7968,7 @@ fn activity_detail_handle_line(app: &App, cell_index: usize, cell: &HistoryCell)
     }
 
     match cell {
-        HistoryCell::Tool(_) if app.cell_has_detail_target(cell_index) => {
-            Some("Detail handle: Alt+V raw details".to_string())
-        }
+        HistoryCell::Tool(_) => Some("Detail handle: Alt+V details".to_string()),
         HistoryCell::SubAgent(_) => Some("Detail handle: Alt+V details".to_string()),
         _ => None,
     }
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index cea0fb90..6174cd5b 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -5251,6 +5251,11 @@ fn activity_detail_fallback_uses_recent_meaningful_activity_without_full_tool_du
         body.contains("Alt+V for details"),
         "activity detail should stay bounded and point to Alt+V for raw detail: {body}"
     );
+    assert!(body.contains("Detail handle: Alt+V details"), "{body}");
+    assert!(
+        !body.contains("Detail handle: Alt+V raw details"),
+        "fallback tool details should not be labeled raw: {body}"
+    );
     assert!(
         !body.contains("line 10"),
         "middle of large raw output should not be dumped into Activity Detail: {body}"

From 17698b1820dd160955db7e85303b3a0131bcc2dc Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Thu, 28 May 2026 07:52:50 +0800
Subject: [PATCH 195/283] fix(tui): receipt live large tool outputs

---
 crates/tui/src/tui/ui.rs       | 43 +++++++++++++++++++++++++++++----
 crates/tui/src/tui/ui/tests.rs | 44 ++++++++++++++++++++++++++++++++++
 2 files changed, 83 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 3fbb658c..55f93aa3 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -62,7 +62,7 @@ use crate::session_manager::{
 use crate::task_manager::{
     NewTaskRequest, SharedTaskManager, TaskManager, TaskManagerConfig, TaskStatus, TaskSummary,
 };
-use crate::tools::spec::RuntimeToolServices;
+use crate::tools::spec::{RuntimeToolServices, ToolResult};
 use crate::tools::subagent::SubAgentStatus;
 use crate::tui::auto_router;
 use crate::tui::color_compat::ColorCompatBackend;
@@ -1335,9 +1335,7 @@ async fn run_event_loop(
                         }
                         let tool_content = match &result {
                             Ok(output) => sanitize_stream_chunk(
-                                &crate::core::engine::compact_tool_result_for_context(
-                                    &app.model, &name, output,
-                                ),
+                                &tool_result_content_for_api_message(app, &id, &name, output),
                             ),
                             Err(err) => sanitize_stream_chunk(&format!("Error: {err}")),
                         };
@@ -4090,6 +4088,43 @@ fn push_assistant_message(
     }
 }
 
+fn tool_result_content_for_api_message(
+    app: &App,
+    id: &str,
+    name: &str,
+    output: &ToolResult,
+) -> String {
+    let raw = output.content.trim();
+    if raw.is_empty() {
+        return String::new();
+    }
+
+    if raw.chars().count() > crate::tool_output_receipts::RAW_TOOL_OUTPUT_RECEIPT_THRESHOLD_CHARS {
+        let mut messages = app.api_messages.clone();
+        messages.push(Message {
+            role: "user".to_string(),
+            content: vec![ContentBlock::ToolResult {
+                tool_use_id: id.to_string(),
+                content: raw.to_string(),
+                is_error: Some(!output.success),
+                content_blocks: None,
+            }],
+        });
+        let (compacted, stats) = crate::tool_output_receipts::compact_messages_for_persistence(
+            &messages,
+            &app.session_artifacts,
+        );
+        if stats.compacted_count > 0
+            && let Some(Message { content, .. }) = compacted.last()
+            && let Some(ContentBlock::ToolResult { content, .. }) = content.first()
+        {
+            return content.clone();
+        }
+    }
+
+    crate::core::engine::compact_tool_result_for_context(&app.model, name, output)
+}
+
 fn replace_matching_assistant_text(
     app: &mut App,
     original_text: &str,
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 6174cd5b..a4ed5ae7 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -1359,6 +1359,50 @@ fn create_test_options() -> TuiOptions {
     }
 }
 
+#[test]
+fn tool_result_api_content_receipts_large_live_output() {
+    let _guard = crate::tools::truncate::TEST_SPILLOVER_GUARD
+        .lock()
+        .unwrap_or_else(|err| err.into_inner());
+    let tmp = TempDir::new().expect("spillover tempdir");
+    let prior = crate::tools::truncate::set_test_spillover_root(Some(
+        tmp.path().join(".deepseek").join("tool_outputs"),
+    ));
+    struct Restore(Option<PathBuf>);
+    impl Drop for Restore {
+        fn drop(&mut self) {
+            crate::tools::truncate::set_test_spillover_root(self.0.take());
+        }
+    }
+    let _restore = Restore(prior);
+
+    let mut app = App::new(create_test_options(), &Config::default());
+    app.api_messages.push(Message {
+        role: "assistant".to_string(),
+        content: vec![ContentBlock::ToolUse {
+            id: "call-live-big".to_string(),
+            name: "exec_shell".to_string(),
+            input: serde_json::json!({"command": "cargo test"}),
+            caller: None,
+        }],
+    });
+
+    let raw = "LIVE_RAW_SENTINEL\n".repeat(900);
+    let output = crate::tools::spec::ToolResult::success(raw.clone());
+    let content = tool_result_content_for_api_message(&app, "call-live-big", "exec_shell", &output);
+
+    assert!(content.contains("[TOOL_OUTPUT_RECEIPT]"));
+    assert!(content.contains("tool: exec_shell"));
+    assert!(content.contains("tool_call_id: call-live-big"));
+    assert!(content.contains("detail_handle: sha:"));
+    assert!(content.contains("retrieve: retrieve_tool_result ref=sha:"));
+    assert!(!content.contains(&raw));
+    assert!(
+        content.chars().count()
+            < crate::tool_output_receipts::RAW_TOOL_OUTPUT_RECEIPT_THRESHOLD_CHARS
+    );
+}
+
 fn text_message(role: &str, text: &str) -> Message {
     Message {
         role: role.to_string(),

From 2533c5a7e66d79efbb87de47324608c21c5ffe08 Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Thu, 28 May 2026 09:41:00 +0800
Subject: [PATCH 196/283] fix(tui): avoid live receipt history clones

---
 crates/tui/src/tui/ui.rs       | 80 +++++++++++++++++++++++++---------
 crates/tui/src/tui/ui/tests.rs | 52 ++++++++++++++++++++--
 2 files changed, 109 insertions(+), 23 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 55f93aa3..95f7219f 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1335,7 +1335,7 @@ async fn run_event_loop(
                         }
                         let tool_content = match &result {
                             Ok(output) => sanitize_stream_chunk(
-                                &tool_result_content_for_api_message(app, &id, &name, output),
+                                &tool_result_content_for_api_message(app, &id, &name, output).await,
                             ),
                             Err(err) => sanitize_stream_chunk(&format!("Error: {err}")),
                         };
@@ -4088,7 +4088,7 @@ fn push_assistant_message(
     }
 }
 
-fn tool_result_content_for_api_message(
+async fn tool_result_content_for_api_message(
     app: &App,
     id: &str,
     name: &str,
@@ -4100,31 +4100,71 @@ fn tool_result_content_for_api_message(
     }
 
     if raw.chars().count() > crate::tool_output_receipts::RAW_TOOL_OUTPUT_RECEIPT_THRESHOLD_CHARS {
-        let mut messages = app.api_messages.clone();
-        messages.push(Message {
-            role: "user".to_string(),
-            content: vec![ContentBlock::ToolResult {
-                tool_use_id: id.to_string(),
-                content: raw.to_string(),
-                is_error: Some(!output.success),
-                content_blocks: None,
-            }],
-        });
-        let (compacted, stats) = crate::tool_output_receipts::compact_messages_for_persistence(
-            &messages,
-            &app.session_artifacts,
-        );
-        if stats.compacted_count > 0
-            && let Some(Message { content, .. }) = compacted.last()
-            && let Some(ContentBlock::ToolResult { content, .. }) = content.first()
+        let messages = live_tool_receipt_messages(app, id, raw, output.success);
+        let artifacts = app.session_artifacts.clone();
+        let raw = raw.to_string();
+        match tokio::task::spawn_blocking(move || {
+            compact_live_tool_receipt(messages, artifacts, raw)
+        })
+        .await
         {
-            return content.clone();
+            Ok(Some(receipt)) => return receipt,
+            Ok(None) => {}
+            Err(err) => {
+                crate::logging::warn(format!("live tool-output receipt compaction failed: {err}"));
+            }
         }
     }
 
     crate::core::engine::compact_tool_result_for_context(&app.model, name, output)
 }
 
+fn live_tool_receipt_messages(app: &App, id: &str, raw: &str, success: bool) -> Vec<Message> {
+    let mut messages = Vec::with_capacity(2);
+    if let Some(tool_use_msg) = app.api_messages.iter().rev().find(|message| {
+        message.content.iter().any(|block| {
+            matches!(block, ContentBlock::ToolUse { id: tool_use_id, .. } if tool_use_id == id)
+        })
+    }) {
+        messages.push(tool_use_msg.clone());
+    }
+    messages.push(Message {
+        role: "user".to_string(),
+        content: vec![ContentBlock::ToolResult {
+            tool_use_id: id.to_string(),
+            content: raw.to_string(),
+            is_error: Some(!success),
+            content_blocks: None,
+        }],
+    });
+    messages
+}
+
+fn compact_live_tool_receipt(
+    messages: Vec<Message>,
+    artifacts: Vec<crate::artifacts::ArtifactRecord>,
+    raw: String,
+) -> Option<String> {
+    let (compacted, _) =
+        crate::tool_output_receipts::compact_messages_for_persistence(&messages, &artifacts);
+    let content = compacted
+        .last()
+        .and_then(|message| message.content.first())
+        .and_then(|block| match block {
+            ContentBlock::ToolResult { content, .. } => Some(content),
+            _ => None,
+        })?;
+    if content != &raw && live_tool_content_is_receipt(content) {
+        Some(content.clone())
+    } else {
+        None
+    }
+}
+
+fn live_tool_content_is_receipt(content: &str) -> bool {
+    content.trim_start().starts_with("[TOOL_OUTPUT_RECEIPT]")
+}
+
 fn replace_matching_assistant_text(
     app: &mut App,
     original_text: &str,
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index a4ed5ae7..b8dfa26e 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -1359,8 +1359,8 @@ fn create_test_options() -> TuiOptions {
     }
 }
 
-#[test]
-fn tool_result_api_content_receipts_large_live_output() {
+#[tokio::test]
+async fn tool_result_api_content_receipts_large_live_output() {
     let _guard = crate::tools::truncate::TEST_SPILLOVER_GUARD
         .lock()
         .unwrap_or_else(|err| err.into_inner());
@@ -1389,7 +1389,8 @@ fn tool_result_api_content_receipts_large_live_output() {
 
     let raw = "LIVE_RAW_SENTINEL\n".repeat(900);
     let output = crate::tools::spec::ToolResult::success(raw.clone());
-    let content = tool_result_content_for_api_message(&app, "call-live-big", "exec_shell", &output);
+    let content =
+        tool_result_content_for_api_message(&app, "call-live-big", "exec_shell", &output).await;
 
     assert!(content.contains("[TOOL_OUTPUT_RECEIPT]"));
     assert!(content.contains("tool: exec_shell"));
@@ -1403,6 +1404,51 @@ fn tool_result_api_content_receipts_large_live_output() {
     );
 }
 
+#[test]
+fn live_tool_receipt_messages_clones_only_matching_tool_use() {
+    let mut app = App::new(create_test_options(), &Config::default());
+    app.api_messages.push(Message {
+        role: "assistant".to_string(),
+        content: vec![ContentBlock::ToolUse {
+            id: "call-old".to_string(),
+            name: "exec_shell".to_string(),
+            input: serde_json::json!({"command": "old"}),
+            caller: None,
+        }],
+    });
+    app.api_messages.push(Message {
+        role: "user".to_string(),
+        content: vec![ContentBlock::ToolResult {
+            tool_use_id: "call-old".to_string(),
+            content: "OLD_RAW\n".repeat(2_000),
+            is_error: None,
+            content_blocks: None,
+        }],
+    });
+    app.api_messages.push(Message {
+        role: "assistant".to_string(),
+        content: vec![ContentBlock::ToolUse {
+            id: "call-new".to_string(),
+            name: "read_file".to_string(),
+            input: serde_json::json!({"path": "src/main.rs"}),
+            caller: None,
+        }],
+    });
+
+    let messages = live_tool_receipt_messages(&app, "call-new", "NEW_RAW", true);
+
+    assert_eq!(messages.len(), 2);
+    assert!(matches!(
+        &messages[0].content[0],
+        ContentBlock::ToolUse { id, name, .. } if id == "call-new" && name == "read_file"
+    ));
+    assert!(matches!(
+        &messages[1].content[0],
+        ContentBlock::ToolResult { tool_use_id, content, .. }
+            if tool_use_id == "call-new" && content == "NEW_RAW"
+    ));
+}
+
 fn text_message(role: &str, text: &str) -> Message {
     Message {
         role: role.to_string(),

From 127f0565dda441772725f3e9933cf42d6f91e3d5 Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Thu, 28 May 2026 07:30:19 +0800
Subject: [PATCH 197/283] docs(docker): add toolbox compose template

---
 docs/DOCKER.md                    | 20 ++++++++++++++++
 docs/examples/compose.toolbox.yml | 40 +++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 docs/examples/compose.toolbox.yml

diff --git a/docs/DOCKER.md b/docs/DOCKER.md
index c4f62491..fa1c075f 100644
--- a/docs/DOCKER.md
+++ b/docs/DOCKER.md
@@ -93,6 +93,26 @@ Do not bake API keys, SSH private keys, or other secrets into custom images.
 Pass API keys at runtime and mount any SSH material deliberately, preferably
 read-only and only for projects that need it.
 
+### Compose toolbox template
+
+If you prefer a repeatable `docker compose` entry point, use
+[`docs/examples/compose.toolbox.yml`](examples/compose.toolbox.yml). It builds
+the toolbox image from [`docs/examples/Dockerfile.toolbox`](examples/Dockerfile.toolbox)
+and keeps the project state volume explicit:
+
+```bash
+CODEWHALE_IMAGE=ghcr.io/hmbown/codewhale:vX.Y.Z \
+CODEWHALE_TOOLBOX_IMAGE=codewhale-toolbox:my-project \
+CODEWHALE_HOME_VOLUME=codewhale-my-project-home \
+CODEWHALE_WORKSPACE="$PWD" \
+docker compose -f docs/examples/compose.toolbox.yml run --rm codewhale
+```
+
+Use a different `CODEWHALE_TOOLBOX_IMAGE` and `CODEWHALE_HOME_VOLUME` for each
+project that needs an independent toolchain or independent `.deepseek` state.
+The Compose file also shows opt-in, read-only mounts for SSH material and local
+CA certificates; keep those commented out unless the project needs them.
+
 ## Multiple independent projects
 
 Use one named state volume per project so sessions, config, skills, memory, and
diff --git a/docs/examples/compose.toolbox.yml b/docs/examples/compose.toolbox.yml
new file mode 100644
index 00000000..2da470c9
--- /dev/null
+++ b/docs/examples/compose.toolbox.yml
@@ -0,0 +1,40 @@
+# Opt-in CodeWhale toolbox workflow.
+#
+# Usage:
+#   CODEWHALE_IMAGE=ghcr.io/hmbown/codewhale:vX.Y.Z \
+#   CODEWHALE_TOOLBOX_IMAGE=codewhale-toolbox:my-project \
+#   CODEWHALE_HOME_VOLUME=codewhale-my-project-home \
+#   CODEWHALE_WORKSPACE="$PWD" \
+#   docker compose -f docs/examples/compose.toolbox.yml run --rm codewhale
+#
+# Keep CODEWHALE_HOME_VOLUME distinct per project so sessions, config, skills,
+# memory, and queued work do not bleed across workspaces.
+
+services:
+  codewhale:
+    image: ${CODEWHALE_TOOLBOX_IMAGE:-codewhale-toolbox:local}
+    build:
+      context: ../..
+      dockerfile: docs/examples/Dockerfile.toolbox
+      args:
+        CODEWHALE_IMAGE: ${CODEWHALE_IMAGE:-ghcr.io/hmbown/codewhale:latest}
+        TOOLBOX_PACKAGES: ${TOOLBOX_PACKAGES:-git openssh-client curl build-essential pkg-config python3 python3-pip nodejs npm}
+    environment:
+      DEEPSEEK_API_KEY: ${DEEPSEEK_API_KEY:?set DEEPSEEK_API_KEY}
+      DEEPSEEK_BASE_URL: ${DEEPSEEK_BASE_URL:-}
+      DEEPSEEK_NO_COLOR: ${DEEPSEEK_NO_COLOR:-}
+    volumes:
+      - codewhale-home:/home/codewhale/.deepseek
+      - ${CODEWHALE_WORKSPACE:-../..}:/workspace
+      # Mount SSH material only for projects that need it, and prefer read-only.
+      # - ${HOME}/.ssh:/home/codewhale/.ssh:ro
+      # Mount local CA certificates only when starting through a command that
+      # runs `sudo update-ca-certificates` inside this toolbox image.
+      # - ${CODEWHALE_CERTS_DIR:-./docker/certs}:/usr/local/share/ca-certificates/local:ro
+    working_dir: /workspace
+    stdin_open: true
+    tty: true
+
+volumes:
+  codewhale-home:
+    name: ${CODEWHALE_HOME_VOLUME:-codewhale-toolbox-home}

From 57625af4f849c5511e63068e23069e2e41dda25a Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Thu, 28 May 2026 09:37:19 +0800
Subject: [PATCH 198/283] docs(docker): tighten toolbox compose defaults

---
 docs/examples/compose.toolbox.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/examples/compose.toolbox.yml b/docs/examples/compose.toolbox.yml
index 2da470c9..49b1451e 100644
--- a/docs/examples/compose.toolbox.yml
+++ b/docs/examples/compose.toolbox.yml
@@ -20,17 +20,17 @@ services:
         CODEWHALE_IMAGE: ${CODEWHALE_IMAGE:-ghcr.io/hmbown/codewhale:latest}
         TOOLBOX_PACKAGES: ${TOOLBOX_PACKAGES:-git openssh-client curl build-essential pkg-config python3 python3-pip nodejs npm}
     environment:
-      DEEPSEEK_API_KEY: ${DEEPSEEK_API_KEY:?set DEEPSEEK_API_KEY}
-      DEEPSEEK_BASE_URL: ${DEEPSEEK_BASE_URL:-}
-      DEEPSEEK_NO_COLOR: ${DEEPSEEK_NO_COLOR:-}
+      - DEEPSEEK_API_KEY=${DEEPSEEK_API_KEY:?set DEEPSEEK_API_KEY}
+      - DEEPSEEK_BASE_URL
+      - DEEPSEEK_NO_COLOR
     volumes:
       - codewhale-home:/home/codewhale/.deepseek
-      - ${CODEWHALE_WORKSPACE:-../..}:/workspace
+      - ${CODEWHALE_WORKSPACE:?set CODEWHALE_WORKSPACE to the project directory}:/workspace
       # Mount SSH material only for projects that need it, and prefer read-only.
       # - ${HOME}/.ssh:/home/codewhale/.ssh:ro
       # Mount local CA certificates only when starting through a command that
       # runs `sudo update-ca-certificates` inside this toolbox image.
-      # - ${CODEWHALE_CERTS_DIR:-./docker/certs}:/usr/local/share/ca-certificates/local:ro
+      # - ${CODEWHALE_CERTS_DIR:-../../docker/certs}:/usr/local/share/ca-certificates/local:ro
     working_dir: /workspace
     stdin_open: true
     tty: true

From 007140ec9e553a8fed157d4412e3b74f46bf8771 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Thu, 21 May 2026 16:00:21 +0200
Subject: [PATCH 199/283] fix: suppress verbose CLI logging on Windows
 alt-screen to prevent TUI leak, restore on cleanup

On Windows, stderr cannot be redirected to the log file (no dup2). Suppress verbose CLI logging once the alt-screen is active so eprintln! calls from crate::logging don't leak into the TUI buffer. Also restores verbose logging on all cleanup paths after leaving alt-screen.
---
 crates/tui/src/tui/ui.rs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 95f7219f..d1de29e1 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -289,6 +289,11 @@ pub async fn run_tui(config: &Config, options: TuiOptions) -> Result<()> {
     if use_alt_screen {
         execute!(stdout, EnterAlternateScreen)?;
     }
+    // On Windows, stderr cannot be redirected to the log file (no dup2).
+    // Suppress verbose CLI logging once the alt-screen is active so
+    // eprintln! calls from crate::logging don't leak into the TUI buffer.
+    #[cfg(windows)]
+    crate::logging::set_verbose(false);
     // Initialize the file-backed TUI log and (on Unix) redirect raw stderr
     // away from the alt-screen for the lifetime of this guard. Any
     // `eprintln!`, panic message, or third-party stderr write that would
@@ -561,6 +566,8 @@ pub async fn run_tui(config: &Config, options: TuiOptions) -> Result<()> {
     disable_raw_mode()?;
     if use_alt_screen {
         execute!(terminal.backend_mut(), LeaveAlternateScreen)?;
+        #[cfg(windows)]
+        crate::logging::set_verbose(crate::logging::env_requests_verbose_logging());
     }
     if use_mouse_capture {
         execute!(terminal.backend_mut(), DisableMouseCapture)?;
@@ -623,6 +630,8 @@ impl Drop for TerminalCleanupGuard {
         let _ = disable_raw_mode();
         if self.use_alt_screen {
             let _ = execute!(stdout, LeaveAlternateScreen);
+            #[cfg(windows)]
+            crate::logging::set_verbose(crate::logging::env_requests_verbose_logging());
         }
         if self.use_mouse_capture {
             let _ = execute!(stdout, DisableMouseCapture);
@@ -7026,6 +7035,8 @@ fn pause_terminal(
     disable_raw_mode()?;
     if use_alt_screen {
         execute!(terminal.backend_mut(), LeaveAlternateScreen)?;
+        #[cfg(windows)]
+        crate::logging::set_verbose(crate::logging::env_requests_verbose_logging());
     }
     if use_mouse_capture {
         execute!(terminal.backend_mut(), DisableMouseCapture)?;
@@ -7047,6 +7058,10 @@ fn resume_terminal(
     if use_alt_screen {
         execute!(terminal.backend_mut(), EnterAlternateScreen)?;
     }
+    // Re-entering alt-screen after mode recovery — suppress verbose
+    // CLI logging again so eprintln! doesn't leak into the TUI.
+    #[cfg(windows)]
+    crate::logging::set_verbose(false);
     recover_terminal_modes(
         terminal.backend_mut(),
         use_mouse_capture,
@@ -7159,6 +7174,8 @@ pub fn emergency_restore_terminal() {
     let _ = execute!(stdout, DisableMouseCapture);
     let _ = disable_raw_mode();
     let _ = execute!(stdout, LeaveAlternateScreen);
+    #[cfg(windows)]
+    crate::logging::set_verbose(crate::logging::env_requests_verbose_logging());
 }
 
 /// On Windows, ensure the console input handle has `ENABLE_WINDOW_INPUT`

From 2077644ac240841f0ff03602025b4545be9c349e Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 21:46:04 +0200
Subject: [PATCH 200/283] fix(tui): gate verbose suppression behind alt-screen

---
 crates/tui/src/tui/ui.rs | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index d1de29e1..5fa2e5a3 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -288,12 +288,12 @@ pub async fn run_tui(config: &Config, options: TuiOptions) -> Result<()> {
     let mut stdout = io::stdout();
     if use_alt_screen {
         execute!(stdout, EnterAlternateScreen)?;
+        // On Windows, stderr cannot be redirected to the log file (no dup2).
+        // Suppress verbose CLI logging once the alt-screen is active so
+        // eprintln! calls from crate::logging don't leak into the TUI buffer.
+        #[cfg(windows)]
+        crate::logging::set_verbose(false);
     }
-    // On Windows, stderr cannot be redirected to the log file (no dup2).
-    // Suppress verbose CLI logging once the alt-screen is active so
-    // eprintln! calls from crate::logging don't leak into the TUI buffer.
-    #[cfg(windows)]
-    crate::logging::set_verbose(false);
     // Initialize the file-backed TUI log and (on Unix) redirect raw stderr
     // away from the alt-screen for the lifetime of this guard. Any
     // `eprintln!`, panic message, or third-party stderr write that would
@@ -630,8 +630,6 @@ impl Drop for TerminalCleanupGuard {
         let _ = disable_raw_mode();
         if self.use_alt_screen {
             let _ = execute!(stdout, LeaveAlternateScreen);
-            #[cfg(windows)]
-            crate::logging::set_verbose(crate::logging::env_requests_verbose_logging());
         }
         if self.use_mouse_capture {
             let _ = execute!(stdout, DisableMouseCapture);
@@ -7057,11 +7055,11 @@ fn resume_terminal(
     enable_raw_mode()?;
     if use_alt_screen {
         execute!(terminal.backend_mut(), EnterAlternateScreen)?;
+        // Re-entering alt-screen after mode recovery — suppress verbose
+        // CLI logging again so eprintln! doesn't leak into the TUI.
+        #[cfg(windows)]
+        crate::logging::set_verbose(false);
     }
-    // Re-entering alt-screen after mode recovery — suppress verbose
-    // CLI logging again so eprintln! doesn't leak into the TUI.
-    #[cfg(windows)]
-    crate::logging::set_verbose(false);
     recover_terminal_modes(
         terminal.backend_mut(),
         use_mouse_capture,
@@ -7174,8 +7172,6 @@ pub fn emergency_restore_terminal() {
     let _ = execute!(stdout, DisableMouseCapture);
     let _ = disable_raw_mode();
     let _ = execute!(stdout, LeaveAlternateScreen);
-    #[cfg(windows)]
-    crate::logging::set_verbose(crate::logging::env_requests_verbose_logging());
 }
 
 /// On Windows, ensure the console input handle has `ENABLE_WINDOW_INPUT`

From e70f456abd611439ce154e2c5ef4975958a42b25 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 21:58:52 +0200
Subject: [PATCH 201/283] fix(tui): preserve verbose state across windows
 alt-screen

---
 crates/tui/src/logging.rs | 34 ++++++++++++++++++++++++++++++++++
 crates/tui/src/tui/ui.rs  |  6 ++++--
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/logging.rs b/crates/tui/src/logging.rs
index 1dd8e330..e166b105 100644
--- a/crates/tui/src/logging.rs
+++ b/crates/tui/src/logging.rs
@@ -6,12 +6,24 @@ use colored::Colorize;
 
 use crate::palette;
 static VERBOSE: AtomicBool = AtomicBool::new(false);
+static VERBOSE_SNAPSHOT: AtomicBool = AtomicBool::new(false);
 
 /// Enable or disable verbose logging output.
 pub fn set_verbose(enabled: bool) {
     VERBOSE.store(enabled, Ordering::SeqCst);
 }
 
+/// Capture the current verbose state so the TUI can restore it after
+/// temporarily suppressing Windows alt-screen output.
+pub fn snapshot_verbose_state() {
+    VERBOSE_SNAPSHOT.store(is_verbose(), Ordering::SeqCst);
+}
+
+/// Restore the last captured verbose state.
+pub fn restore_verbose_state() {
+    set_verbose(VERBOSE_SNAPSHOT.load(Ordering::SeqCst));
+}
+
 /// Return true when `DEEPSEEK_LOG_LEVEL` requests verbose output.
 ///
 /// Note: `RUST_LOG` is intentionally NOT checked here — it controls the
@@ -63,6 +75,9 @@ pub fn warn(message: impl AsRef<str>) {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use std::sync::Mutex;
+
+    static TEST_GUARD: Mutex<()> = Mutex::new(());
 
     #[test]
     fn log_value_parser_accepts_common_rust_log_directives() {
@@ -74,4 +89,23 @@ mod tests {
         assert!(!log_value_enables_verbose("warn"));
         assert!(!log_value_enables_verbose("codewhale_tui=off"));
     }
+
+    #[test]
+    fn snapshot_and_restore_verbose_state_round_trip() {
+        let _guard = TEST_GUARD.lock().unwrap_or_else(|err| err.into_inner());
+
+        set_verbose(false);
+        snapshot_verbose_state();
+        set_verbose(true);
+        restore_verbose_state();
+        assert!(!is_verbose());
+
+        set_verbose(true);
+        snapshot_verbose_state();
+        set_verbose(false);
+        restore_verbose_state();
+        assert!(is_verbose());
+
+        set_verbose(false);
+    }
 }
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 5fa2e5a3..6ad1f633 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -292,6 +292,8 @@ pub async fn run_tui(config: &Config, options: TuiOptions) -> Result<()> {
         // Suppress verbose CLI logging once the alt-screen is active so
         // eprintln! calls from crate::logging don't leak into the TUI buffer.
         #[cfg(windows)]
+        crate::logging::snapshot_verbose_state();
+        #[cfg(windows)]
         crate::logging::set_verbose(false);
     }
     // Initialize the file-backed TUI log and (on Unix) redirect raw stderr
@@ -567,7 +569,7 @@ pub async fn run_tui(config: &Config, options: TuiOptions) -> Result<()> {
     if use_alt_screen {
         execute!(terminal.backend_mut(), LeaveAlternateScreen)?;
         #[cfg(windows)]
-        crate::logging::set_verbose(crate::logging::env_requests_verbose_logging());
+        crate::logging::restore_verbose_state();
     }
     if use_mouse_capture {
         execute!(terminal.backend_mut(), DisableMouseCapture)?;
@@ -7034,7 +7036,7 @@ fn pause_terminal(
     if use_alt_screen {
         execute!(terminal.backend_mut(), LeaveAlternateScreen)?;
         #[cfg(windows)]
-        crate::logging::set_verbose(crate::logging::env_requests_verbose_logging());
+        crate::logging::restore_verbose_state();
     }
     if use_mouse_capture {
         execute!(terminal.backend_mut(), DisableMouseCapture)?;

From 79cb61c1ac0aa07da475dc271a2e0a91f38c1a95 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 22:06:43 +0200
Subject: [PATCH 202/283] fix(tui): gate verbose snapshot helper on windows

---
 crates/tui/src/logging.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crates/tui/src/logging.rs b/crates/tui/src/logging.rs
index e166b105..6dad5714 100644
--- a/crates/tui/src/logging.rs
+++ b/crates/tui/src/logging.rs
@@ -6,6 +6,7 @@ use colored::Colorize;
 
 use crate::palette;
 static VERBOSE: AtomicBool = AtomicBool::new(false);
+#[cfg(windows)]
 static VERBOSE_SNAPSHOT: AtomicBool = AtomicBool::new(false);
 
 /// Enable or disable verbose logging output.
@@ -15,11 +16,13 @@ pub fn set_verbose(enabled: bool) {
 
 /// Capture the current verbose state so the TUI can restore it after
 /// temporarily suppressing Windows alt-screen output.
+#[cfg(windows)]
 pub fn snapshot_verbose_state() {
     VERBOSE_SNAPSHOT.store(is_verbose(), Ordering::SeqCst);
 }
 
 /// Restore the last captured verbose state.
+#[cfg(windows)]
 pub fn restore_verbose_state() {
     set_verbose(VERBOSE_SNAPSHOT.load(Ordering::SeqCst));
 }
@@ -73,6 +76,7 @@ pub fn warn(message: impl AsRef<str>) {
 }
 
 #[cfg(test)]
+#[cfg(windows)]
 mod tests {
     use super::*;
     use std::sync::Mutex;

From bed328b7b5847b65ba7d1a5cb656bc65bfc46829 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 22:24:08 +0200
Subject: [PATCH 203/283] test(tui): cover windows verbose state restore

---
 crates/tui/src/logging.rs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/crates/tui/src/logging.rs b/crates/tui/src/logging.rs
index 6dad5714..1e47d512 100644
--- a/crates/tui/src/logging.rs
+++ b/crates/tui/src/logging.rs
@@ -112,4 +112,21 @@ mod tests {
 
         set_verbose(false);
     }
+
+    #[test]
+    fn restore_keeps_cli_verbose_state_even_when_env_is_not_verbose() {
+        let _guard = TEST_GUARD.lock().unwrap_or_else(|err| err.into_inner());
+
+        set_verbose(true);
+        snapshot_verbose_state();
+
+        // Simulate the Windows alt-screen suppression path. The restore must
+        // bring back the pre-suppression CLI state without depending on the
+        // environment.
+        set_verbose(false);
+        restore_verbose_state();
+
+        assert!(is_verbose());
+        set_verbose(false);
+    }
 }

From a8c2728f54f9aa02730e95b20bdea85c94e1a1f2 Mon Sep 17 00:00:00 2001
From: LING71671 <1739677116@qq.com>
Date: Wed, 27 May 2026 23:04:26 +0800
Subject: [PATCH 204/283] feat(prompt): add core tool taxonomy block

---
 crates/tui/src/core/engine.rs |  4 ++
 crates/tui/src/prompts.rs     | 80 ++++++++++++++++++++++++++++++-----
 2 files changed, 73 insertions(+), 11 deletions(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index be48a804..c7afed2f 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -2085,6 +2085,10 @@ mod tool_execution;
 mod tool_setup;
 mod turn_loop;
 
+pub(crate) fn default_active_native_tool_names() -> &'static [&'static str] {
+    tool_catalog::DEFAULT_ACTIVE_NATIVE_TOOLS
+}
+
 use self::approval::{ApprovalDecision, ApprovalResult, UserInputDecision};
 #[cfg(test)]
 use self::dispatch::should_parallelize_tool_batch;
diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index 812be616..a2207a1c 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -2,7 +2,7 @@
 //! System prompts for different modes.
 //!
 //! Prompts are assembled from composable layers loaded at compile time:
-//!   base.md → personality overlay → mode delta → approval policy
+//!   tool taxonomy → base.md → personality overlay → mode delta → approval policy
 //!
 //! This keeps each concern in its own file and makes prompt tuning
 //! a single-file operation.
@@ -490,10 +490,11 @@ fn approval_prompt_for_mode(mode: AppMode, approval_mode: ApprovalMode) -> &'sta
 }
 
 /// Compose the full system prompt in deterministic order:
-///   1. base.md        — core identity, toolbox, execution contract
-///   2. personality    — voice and tone overlay
-///   3. mode delta     — mode-specific permissions and workflow
-///   4. approval policy — tool-approval behavior
+///   1. tool taxonomy  — compact hints generated from the eager core tools
+///   2. base.md        — core identity, toolbox, execution contract
+///   3. personality    — voice and tone overlay
+///   4. mode delta     — mode-specific permissions and workflow
+///   5. approval policy — tool-approval behavior
 ///
 /// Each layer is separated by a blank line for readability in the
 /// rendered prompt (the model sees them as contiguous sections).
@@ -506,6 +507,30 @@ fn apply_model_template(prompt: &str, model_id: &str) -> String {
     prompt.replace("{model_id}", model_id)
 }
 
+const TOOL_TAXONOMY_DISCOVERY: &[&str] = &["grep_files", "file_search"];
+const TOOL_TAXONOMY_GIT: &[&str] = &["git_status", "git_diff"];
+const TOOL_TAXONOMY_VERIFICATION: &[&str] = &["run_tests"];
+
+fn render_core_tool_taxonomy_block() -> String {
+    let core_tools = crate::core::engine::default_active_native_tool_names();
+    format!(
+        "## Core Tool Taxonomy\n\nUse {} for discovery. Use {} for git inspection. Use {} for verification.",
+        render_core_tool_group(TOOL_TAXONOMY_DISCOVERY, core_tools),
+        render_core_tool_group(TOOL_TAXONOMY_GIT, core_tools),
+        render_core_tool_group(TOOL_TAXONOMY_VERIFICATION, core_tools)
+    )
+}
+
+fn render_core_tool_group(group: &[&str], core_tools: &[&str]) -> String {
+    group
+        .iter()
+        .copied()
+        .filter(|tool| core_tools.contains(tool))
+        .map(|tool| format!("`{tool}`"))
+        .collect::<Vec<_>>()
+        .join("/")
+}
+
 /// Authority recap block — appended at the end of the system prompt,
 /// just before the user's first message. Uses recency bias constructively:
 /// this is the last thing the model reads before generating, so it
@@ -541,8 +566,11 @@ pub fn compose_prompt_with_approval_and_model(
     approval_mode: ApprovalMode,
     model_id: &str,
 ) -> String {
-    let parts: [&str; 4] = [
-        &apply_model_template(BASE_PROMPT.trim(), model_id),
+    let tool_taxonomy = render_core_tool_taxonomy_block();
+    let base_prompt = apply_model_template(BASE_PROMPT.trim(), model_id);
+    let parts: [&str; 5] = [
+        tool_taxonomy.as_str(),
+        base_prompt.as_str(),
         personality.prompt().trim(),
         mode_prompt(mode).trim(),
         approval_prompt_for_mode(mode, approval_mode).trim(),
@@ -1000,6 +1028,36 @@ mod tests {
         );
     }
 
+    #[test]
+    fn composed_prompt_starts_with_core_tool_taxonomy() {
+        let prompt = compose_prompt_with_approval_and_model(
+            AppMode::Agent,
+            Personality::Calm,
+            ApprovalMode::Suggest,
+            "deepseek-v4-pro",
+        );
+
+        assert!(
+            prompt.starts_with("## Core Tool Taxonomy\n\nUse `grep_files`/`file_search` for discovery. Use `git_status`/`git_diff` for git inspection. Use `run_tests` for verification."),
+            "composed prompt should start with the compact generated tool taxonomy"
+        );
+    }
+
+    #[test]
+    fn core_tool_taxonomy_only_references_default_active_tools() {
+        let core_tools = crate::core::engine::default_active_native_tool_names();
+        for tool in TOOL_TAXONOMY_DISCOVERY
+            .iter()
+            .chain(TOOL_TAXONOMY_GIT)
+            .chain(TOOL_TAXONOMY_VERIFICATION)
+        {
+            assert!(
+                core_tools.contains(tool),
+                "tool taxonomy references {tool}, but it is not in the eager native-tool list"
+            );
+        }
+    }
+
     #[test]
     fn authority_recap_appears_in_full_prompt() {
         let tmp = tempdir().expect("tempdir");
@@ -1344,10 +1402,10 @@ mod tests {
             !text.contains("Reforço de Idioma"),
             "English locale must not get a pt-BR closer: {text:?}"
         );
-        assert!(
-            !contains_cjk(&text),
-            "English system prompt should avoid native-script priming tokens: {text:?}"
-        );
+        // Do not assert on arbitrary CJK in the full system prompt: project
+        // context may legitimately contain localized file names, README text,
+        // or user-authored instructions. The locale bookend markers above are
+        // the priming tokens this test is meant to guard.
     }
 
     #[test]

From 56d62edad4597ae25831ab578805fde3eb4c36e7 Mon Sep 17 00:00:00 2001
From: LING71671 <1739677116@qq.com>
Date: Wed, 27 May 2026 23:49:40 +0800
Subject: [PATCH 205/283] fix(prompt): make tool taxonomy mode-aware

---
 crates/tui/src/prompts.rs | 86 +++++++++++++++++++++++++++++++++------
 1 file changed, 73 insertions(+), 13 deletions(-)

diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index a2207a1c..c6beeeff 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -511,24 +511,45 @@ const TOOL_TAXONOMY_DISCOVERY: &[&str] = &["grep_files", "file_search"];
 const TOOL_TAXONOMY_GIT: &[&str] = &["git_status", "git_diff"];
 const TOOL_TAXONOMY_VERIFICATION: &[&str] = &["run_tests"];
 
-fn render_core_tool_taxonomy_block() -> String {
-    let core_tools = crate::core::engine::default_active_native_tool_names();
-    format!(
-        "## Core Tool Taxonomy\n\nUse {} for discovery. Use {} for git inspection. Use {} for verification.",
-        render_core_tool_group(TOOL_TAXONOMY_DISCOVERY, core_tools),
-        render_core_tool_group(TOOL_TAXONOMY_GIT, core_tools),
-        render_core_tool_group(TOOL_TAXONOMY_VERIFICATION, core_tools)
-    )
+fn render_core_tool_taxonomy_block(mode: AppMode) -> String {
+    let core_tools = core_taxonomy_tools_for_mode(mode);
+    let mut sentences = Vec::new();
+
+    if let Some(discovery) = render_core_tool_group(TOOL_TAXONOMY_DISCOVERY, &core_tools) {
+        sentences.push(format!("Use {discovery} for discovery."));
+    }
+    if let Some(git) = render_core_tool_group(TOOL_TAXONOMY_GIT, &core_tools) {
+        sentences.push(format!("Use {git} for git inspection."));
+    }
+    if let Some(verification) = render_core_tool_group(TOOL_TAXONOMY_VERIFICATION, &core_tools) {
+        sentences.push(format!("Use {verification} for verification."));
+    }
+
+    debug_assert!(
+        !sentences.is_empty(),
+        "core tool taxonomy has no active tool groups"
+    );
+    format!("## Core Tool Taxonomy\n\n{}", sentences.join(" "))
 }
 
-fn render_core_tool_group(group: &[&str], core_tools: &[&str]) -> String {
-    group
+fn core_taxonomy_tools_for_mode(mode: AppMode) -> Vec<&'static str> {
+    let core_tools = crate::core::engine::default_active_native_tool_names();
+    core_tools
+        .iter()
+        .copied()
+        .filter(|tool| mode != AppMode::Plan || *tool != "run_tests")
+        .collect()
+}
+
+fn render_core_tool_group(group: &[&str], core_tools: &[&str]) -> Option<String> {
+    let rendered = group
         .iter()
         .copied()
         .filter(|tool| core_tools.contains(tool))
         .map(|tool| format!("`{tool}`"))
         .collect::<Vec<_>>()
-        .join("/")
+        .join("/");
+    (!rendered.is_empty()).then_some(rendered)
 }
 
 /// Authority recap block — appended at the end of the system prompt,
@@ -566,7 +587,7 @@ pub fn compose_prompt_with_approval_and_model(
     approval_mode: ApprovalMode,
     model_id: &str,
 ) -> String {
-    let tool_taxonomy = render_core_tool_taxonomy_block();
+    let tool_taxonomy = render_core_tool_taxonomy_block(mode);
     let base_prompt = apply_model_template(BASE_PROMPT.trim(), model_id);
     let parts: [&str; 5] = [
         tool_taxonomy.as_str(),
@@ -1036,13 +1057,41 @@ mod tests {
             ApprovalMode::Suggest,
             "deepseek-v4-pro",
         );
+        let expected_taxonomy = render_core_tool_taxonomy_block(AppMode::Agent);
 
         assert!(
-            prompt.starts_with("## Core Tool Taxonomy\n\nUse `grep_files`/`file_search` for discovery. Use `git_status`/`git_diff` for git inspection. Use `run_tests` for verification."),
+            prompt.starts_with(&expected_taxonomy),
             "composed prompt should start with the compact generated tool taxonomy"
         );
     }
 
+    #[test]
+    fn plan_prompt_taxonomy_omits_run_tests() {
+        let prompt = compose_prompt_with_approval_and_model(
+            AppMode::Plan,
+            Personality::Calm,
+            ApprovalMode::Never,
+            "deepseek-v4-pro",
+        );
+        let expected_taxonomy = render_core_tool_taxonomy_block(AppMode::Plan);
+
+        assert!(
+            prompt.starts_with(&expected_taxonomy),
+            "Plan prompt should start with its mode-specific tool taxonomy"
+        );
+        assert!(
+            expected_taxonomy.contains("for discovery")
+                && expected_taxonomy.contains("for git inspection"),
+            "Plan taxonomy should keep read-only discovery and git guidance"
+        );
+        assert!(
+            !expected_taxonomy.contains("run_tests")
+                && !expected_taxonomy.contains("for verification")
+                && !expected_taxonomy.contains("Use  "),
+            "Plan taxonomy must not advertise unavailable verification tools: {expected_taxonomy:?}"
+        );
+    }
+
     #[test]
     fn core_tool_taxonomy_only_references_default_active_tools() {
         let core_tools = crate::core::engine::default_active_native_tool_names();
@@ -1402,6 +1451,17 @@ mod tests {
             !text.contains("Reforço de Idioma"),
             "English locale must not get a pt-BR closer: {text:?}"
         );
+        assert!(
+            !contains_cjk(BASE_PROMPT),
+            "base prompt must not contain static CJK priming tokens"
+        );
+        for mode in [AppMode::Agent, AppMode::Plan, AppMode::Yolo] {
+            let taxonomy = render_core_tool_taxonomy_block(mode);
+            assert!(
+                !contains_cjk(&taxonomy),
+                "tool taxonomy must not contain static CJK priming tokens: {taxonomy:?}"
+            );
+        }
         // Do not assert on arbitrary CJK in the full system prompt: project
         // context may legitimately contain localized file names, README text,
         // or user-authored instructions. The locale bookend markers above are

From e32bd1af6d353e1607b62d79f4534a69ef2ba379 Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Wed, 27 May 2026 22:57:25 +0800
Subject: [PATCH 206/283]   feat(update): add check-only release diagnostics

  Add `codewhale update --check` so users can compare the installed version with
  the latest release without downloading or replacing binaries.

  Surface the same release check in `codewhale doctor`, and share release lookup,
  mirror handling, timeout, and version comparison logic between update and doctor.
---
 Cargo.lock                |  13 ++
 Cargo.toml                |   1 +
 crates/cli/Cargo.toml     |   1 +
 crates/cli/src/lib.rs     |  24 ++-
 crates/cli/src/update.rs  | 253 +++++++-------------------
 crates/release/Cargo.toml |  14 ++
 crates/release/src/lib.rs | 369 ++++++++++++++++++++++++++++++++++++++
 crates/tui/Cargo.toml     |   1 +
 crates/tui/src/main.rs    |  45 +++++
 docs/INSTALL.md           |   3 +
 10 files changed, 529 insertions(+), 195 deletions(-)
 create mode 100644 crates/release/Cargo.toml
 create mode 100644 crates/release/src/lib.rs

diff --git a/Cargo.lock b/Cargo.lock
index 239d0518..fcd2407b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -847,6 +847,7 @@ dependencies = [
  "codewhale-config",
  "codewhale-execpolicy",
  "codewhale-mcp",
+ "codewhale-release",
  "codewhale-secrets",
  "codewhale-state",
  "dirs",
@@ -931,6 +932,17 @@ dependencies = [
  "serde_json",
 ]
 
+[[package]]
+name = "codewhale-release"
+version = "0.8.46"
+dependencies = [
+ "anyhow",
+ "reqwest",
+ "semver",
+ "serde",
+ "serde_json",
+]
+
 [[package]]
 name = "codewhale-secrets"
 version = "0.8.46"
@@ -983,6 +995,7 @@ dependencies = [
  "clap",
  "clap_complete",
  "codewhale-config",
+ "codewhale-release",
  "codewhale-secrets",
  "codewhale-tools",
  "colored",
diff --git a/Cargo.toml b/Cargo.toml
index dae89151..f29644d6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,6 +9,7 @@ members = [
     "crates/hooks",
     "crates/mcp",
     "crates/protocol",
+    "crates/release",
     "crates/secrets",
     "crates/state",
     "crates/tools",
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index 59d4da18..63a8ddb9 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -30,6 +30,7 @@ codewhale-app-server = { path = "../app-server", version = "0.8.46" }
 codewhale-config = { path = "../config", version = "0.8.46" }
 codewhale-execpolicy = { path = "../execpolicy", version = "0.8.46" }
 codewhale-mcp = { path = "../mcp", version = "0.8.46" }
+codewhale-release = { path = "../release", version = "0.8.46" }
 codewhale-secrets = { path = "../secrets", version = "0.8.46" }
 codewhale-state = { path = "../state", version = "0.8.46" }
 chrono.workspace = true
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index db6e8c4a..5c630223 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -240,6 +240,9 @@ struct UpdateArgs {
     /// Update to the latest beta release instead of the latest stable release.
     #[arg(long)]
     beta: bool,
+    /// Only check the latest release; do not download or replace binaries.
+    #[arg(long)]
+    check: bool,
 }
 
 #[derive(Debug, Args)]
@@ -569,7 +572,7 @@ fn run() -> Result<()> {
             Ok(())
         }
         Some(Commands::Metrics(args)) => run_metrics_command(args),
-        Some(Commands::Update(args)) => update::run_update(args.beta),
+        Some(Commands::Update(args)) => update::run_update(args.beta, args.check),
         None => {
             let resolved_runtime = resolve_runtime_for_dispatch(&mut store, &runtime_overrides);
             let forwarded = root_tui_passthrough(&cli)?;
@@ -1817,13 +1820,28 @@ mod tests {
         let cli = parse_ok(&["codewhale", "update"]);
         assert!(matches!(
             cli.command,
-            Some(Commands::Update(UpdateArgs { beta: false }))
+            Some(Commands::Update(UpdateArgs {
+                beta: false,
+                check: false
+            }))
         ));
 
         let cli = parse_ok(&["codewhale", "update", "--beta"]);
         assert!(matches!(
             cli.command,
-            Some(Commands::Update(UpdateArgs { beta: true }))
+            Some(Commands::Update(UpdateArgs {
+                beta: true,
+                check: false
+            }))
+        ));
+
+        let cli = parse_ok(&["codewhale", "update", "--check"]);
+        assert!(matches!(
+            cli.command,
+            Some(Commands::Update(UpdateArgs {
+                beta: false,
+                check: true
+            }))
         ));
     }
 
diff --git a/crates/cli/src/update.rs b/crates/cli/src/update.rs
index 2ab35ef1..25060779 100644
--- a/crates/cli/src/update.rs
+++ b/crates/cli/src/update.rs
@@ -5,28 +5,21 @@
 //! platform-correct binary, verifies its SHA256 checksum, and atomically
 //! replaces the currently running binary.
 
+use std::cmp::Ordering;
 use std::collections::HashMap;
 use std::path::{Path, PathBuf};
 
 use anyhow::{Context, Result, bail};
+use codewhale_release::{
+    CHECKSUM_MANIFEST_ASSET, ReleaseChannel, ReleaseQuery, UPDATE_USER_AGENT,
+    compare_release_versions, fetch_release_json_blocking, is_beta_tag,
+    latest_release_tag_blocking, mirror_asset_url, resolve_release_query, update_is_needed,
+    update_network_fallback_hint,
+};
 use std::io::Write;
 
-const CHECKSUM_MANIFEST_ASSET: &str = "codewhale-artifacts-sha256.txt";
-const LATEST_RELEASE_URL: &str = "https://api.github.com/repos/Hmbown/CodeWhale/releases/latest";
-const RELEASES_URL: &str = "https://api.github.com/repos/Hmbown/CodeWhale/releases?per_page=100";
-const CNB_REPO_URL: &str = "https://cnb.cool/codewhale.net/codewhale";
-const RELEASE_BASE_URL_ENV: &str = "CODEWHALE_RELEASE_BASE_URL";
-const LEGACY_RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_TUI_RELEASE_BASE_URL";
-const DEEPSEEK_RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_RELEASE_BASE_URL";
-const CNB_MIRROR_ENV: &str = "CODEWHALE_USE_CNB_MIRROR";
-/// Base URL for CNB binary release asset downloads (China-friendly mirror).
-const CNB_RELEASE_ASSET_BASE: &str = "https://cnb.cool/Hmbown/CodeWhale/-/releases";
-const UPDATE_VERSION_ENV: &str = "DEEPSEEK_TUI_VERSION";
-const LEGACY_UPDATE_VERSION_ENV: &str = "DEEPSEEK_VERSION";
-const UPDATE_USER_AGENT: &str = "codewhale-updater";
-
 /// Run the self-update workflow.
-pub fn run_update(beta: bool) -> Result<()> {
+pub fn run_update(beta: bool, check_only: bool) -> Result<()> {
     let current_exe =
         std::env::current_exe().context("failed to determine current executable path")?;
     let targets = update_targets_for_exe(&current_exe);
@@ -37,13 +30,32 @@ pub fn run_update(beta: bool) -> Result<()> {
     println!("Current binary: {}", current_exe.display());
     println!("Current version: v{current_version}");
 
+    if check_only {
+        let latest_tag =
+            latest_release_tag_blocking(channel).with_context(update_network_fallback_hint)?;
+        println!("Latest {} release: {latest_tag}", channel.label());
+        if update_is_needed(channel, current_version, &latest_tag)? {
+            println!("Update available. Run `codewhale update` to install {latest_tag}.");
+        } else {
+            match compare_release_versions(current_version, &latest_tag)? {
+                Ordering::Greater => {
+                    println!("Current build is newer than the latest published release.");
+                }
+                Ordering::Less | Ordering::Equal => {
+                    println!("Already up to date.");
+                }
+            }
+        }
+        return Ok(());
+    }
+
     // Step 1: Fetch latest release metadata
     let fetched = fetch_latest_release(channel).with_context(update_network_fallback_hint)?;
     let release = &fetched.release;
     let latest_tag = &release.tag_name;
     println!("Latest {} release: {latest_tag}", channel.label());
 
-    if let ReleaseSource::Mirror { base_url } = &fetched.source {
+    if let UpdateReleaseSource::Mirror { base_url } = &fetched.source {
         if channel == ReleaseChannel::Beta {
             println!(
                 "Using release mirror {}; --beta does not select GitHub beta releases in mirror mode.",
@@ -143,33 +155,14 @@ pub fn run_update(beta: bool) -> Result<()> {
     Ok(())
 }
 
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-enum ReleaseChannel {
-    Stable,
-    Beta,
-}
-
-impl ReleaseChannel {
-    fn from_beta_flag(beta: bool) -> Self {
-        if beta { Self::Beta } else { Self::Stable }
-    }
-
-    fn label(self) -> &'static str {
-        match self {
-            Self::Stable => "stable",
-            Self::Beta => "beta",
-        }
-    }
-}
-
 #[derive(Debug, Clone, PartialEq, Eq)]
 struct FetchedRelease {
     release: Release,
-    source: ReleaseSource,
+    source: UpdateReleaseSource,
 }
 
 #[derive(Debug, Clone, PartialEq, Eq)]
-enum ReleaseSource {
+enum UpdateReleaseSource {
     GitHub,
     Mirror { base_url: String },
 }
@@ -351,63 +344,25 @@ fn update_http_client() -> Result<reqwest::blocking::Client> {
 
 /// Fetch the latest release metadata from GitHub.
 fn fetch_latest_release(channel: ReleaseChannel) -> Result<FetchedRelease> {
-    let version = update_version_from_env().unwrap_or_else(|| env!("CARGO_PKG_VERSION").into());
-    if let Some(base_url) = release_base_url_from_env(&version) {
-        return Ok(FetchedRelease {
+    match resolve_release_query(channel) {
+        ReleaseQuery::Mirror { base_url, version } => Ok(FetchedRelease {
             release: release_from_mirror_base_url(
                 &base_url,
                 &version,
                 std::env::consts::OS,
                 std::env::consts::ARCH,
             ),
-            source: ReleaseSource::Mirror { base_url },
-        });
+            source: UpdateReleaseSource::Mirror { base_url },
+        }),
+        ReleaseQuery::GitHubLatest { url } => Ok(FetchedRelease {
+            release: fetch_latest_release_from_url(url)?,
+            source: UpdateReleaseSource::GitHub,
+        }),
+        ReleaseQuery::GitHubReleaseList { url } => Ok(FetchedRelease {
+            release: fetch_latest_beta_release_from_url(url)?,
+            source: UpdateReleaseSource::GitHub,
+        }),
     }
-    let release = match channel {
-        ReleaseChannel::Stable => fetch_latest_release_from_url(LATEST_RELEASE_URL),
-        ReleaseChannel::Beta => fetch_latest_beta_release_from_url(RELEASES_URL),
-    }?;
-    Ok(FetchedRelease {
-        release,
-        source: ReleaseSource::GitHub,
-    })
-}
-
-fn release_base_url_from_env(version: &str) -> Option<String> {
-    // Check canonical env first, then legacy envs
-    for env_name in [
-        RELEASE_BASE_URL_ENV,
-        LEGACY_RELEASE_BASE_URL_ENV,
-        DEEPSEEK_RELEASE_BASE_URL_ENV,
-    ] {
-        if let Ok(value) = std::env::var(env_name) {
-            let trimmed = value.trim().to_string();
-            if !trimmed.is_empty() {
-                return Some(trimmed);
-            }
-        }
-    }
-    // Auto-detect CNB mirror when CODEWHALE_USE_CNB_MIRROR is set
-    if std::env::var(CNB_MIRROR_ENV).is_ok() {
-        return Some(cnb_release_base_url(version));
-    }
-    None
-}
-
-fn cnb_release_base_url(version: &str) -> String {
-    format!(
-        "{}/v{}",
-        CNB_RELEASE_ASSET_BASE.trim_end_matches('/'),
-        version.trim_start_matches('v')
-    )
-}
-
-fn update_version_from_env() -> Option<String> {
-    std::env::var(UPDATE_VERSION_ENV)
-        .ok()
-        .or_else(|| std::env::var(LEGACY_UPDATE_VERSION_ENV).ok())
-        .map(|value| value.trim().trim_start_matches('v').to_string())
-        .filter(|value| !value.is_empty())
 }
 
 fn release_from_mirror_base_url(
@@ -437,39 +392,8 @@ fn release_from_mirror_base_url(
     }
 }
 
-fn mirror_asset_url(base_url: &str, asset_name: &str) -> String {
-    format!("{}/{}", base_url.trim_end_matches('/'), asset_name)
-}
-
-fn update_network_fallback_hint() -> String {
-    format!(
-        "GitHub release downloads may be blocked or slow on this network.\n\
-         For mainland China, use one of these fallback paths:\n\
-           1. Source build from the CNB mirror, installing both shipped binaries:\n\
-              cargo install --git {CNB_REPO_URL} --tag vX.Y.Z codewhale-cli --locked --force\n\
-              cargo install --git {CNB_REPO_URL} --tag vX.Y.Z codewhale-tui --locked --force\n\
-           2. Use a binary asset mirror:\n\
-              {RELEASE_BASE_URL_ENV}=https://<mirror>/<release-assets>/ {UPDATE_VERSION_ENV}=X.Y.Z codewhale update\n\
-         The mirror directory must contain {CHECKSUM_MANIFEST_ASSET} and the platform binaries."
-    )
-}
-
 fn fetch_latest_release_from_url(url: &str) -> Result<Release> {
-    let client = update_http_client()?;
-    let response = client
-        .get(url)
-        .header(reqwest::header::ACCEPT, "application/vnd.github+json")
-        .send()
-        .with_context(|| format!("failed to fetch release info from {url}"))?;
-    let status = response.status();
-    let body = response
-        .text()
-        .with_context(|| format!("failed to read release response from {url}"))?;
-
-    if !status.is_success() {
-        bail!("GitHub release request failed with HTTP {status}: {body}");
-    }
-
+    let body = fetch_release_json_blocking(url, "release info")?;
     let release: Release = serde_json::from_str(&body).with_context(|| {
         format!("failed to parse release JSON from GitHub API. Response: {body}")
     })?;
@@ -478,21 +402,7 @@ fn fetch_latest_release_from_url(url: &str) -> Result<Release> {
 }
 
 fn fetch_latest_beta_release_from_url(url: &str) -> Result<Release> {
-    let client = update_http_client()?;
-    let response = client
-        .get(url)
-        .header(reqwest::header::ACCEPT, "application/vnd.github+json")
-        .send()
-        .with_context(|| format!("failed to fetch release list from {url}"))?;
-    let status = response.status();
-    let body = response
-        .text()
-        .with_context(|| format!("failed to read release list response from {url}"))?;
-
-    if !status.is_success() {
-        bail!("GitHub release list request failed with HTTP {status}: {body}");
-    }
-
+    let body = fetch_release_json_blocking(url, "release list")?;
     // GitHub caps this endpoint at 100 releases per page. CodeWhale uses the
     // first page as the latest-beta search window, matching GitHub's ordering.
     let releases: Vec<Release> = serde_json::from_str(&body).with_context(|| {
@@ -501,57 +411,10 @@ fn fetch_latest_beta_release_from_url(url: &str) -> Result<Release> {
 
     releases
         .into_iter()
-        .find(is_beta_release)
+        .find(|release| is_beta_tag(&release.tag_name))
         .context("no beta release found in GitHub releases")
 }
 
-fn is_beta_release(release: &Release) -> bool {
-    release.tag_name.to_ascii_lowercase().contains("beta")
-}
-
-fn update_is_needed(
-    channel: ReleaseChannel,
-    current_version: &str,
-    latest_tag: &str,
-) -> Result<bool> {
-    let current = parse_release_version(current_version)
-        .with_context(|| format!("failed to parse current version {current_version:?}"))?;
-    let latest = parse_release_version(latest_tag)
-        .with_context(|| format!("failed to parse latest release tag {latest_tag:?}"))?;
-
-    match channel {
-        ReleaseChannel::Stable => Ok(current < latest),
-        ReleaseChannel::Beta => {
-            if current == latest {
-                return Ok(false);
-            }
-            let latest_is_beta = version_is_beta(&latest);
-            let current_is_stable = current.pre.is_empty();
-            let same_release_line = current.major == latest.major
-                && current.minor == latest.minor
-                && current.patch == latest.patch;
-            if current > latest && !(current_is_stable && same_release_line) {
-                return Ok(false);
-            }
-            Ok(latest_is_beta)
-        }
-    }
-}
-
-fn parse_release_version(value: &str) -> Result<semver::Version> {
-    let version = value
-        .trim()
-        .trim_start_matches('v')
-        .split_whitespace()
-        .next()
-        .unwrap_or("");
-    semver::Version::parse(version).with_context(|| format!("invalid semver: {value:?}"))
-}
-
-fn version_is_beta(version: &semver::Version) -> bool {
-    version.pre.as_str().to_ascii_lowercase().contains("beta")
-}
-
 /// Download a URL to bytes.
 fn download_url(url: &str) -> Result<Vec<u8>> {
     let client = update_http_client()?;
@@ -1004,11 +867,11 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
     #[test]
     fn cnb_release_base_url_includes_tag_directory() {
         assert_eq!(
-            cnb_release_base_url("0.8.47"),
+            codewhale_release::cnb_release_base_url("0.8.47"),
             "https://cnb.cool/Hmbown/CodeWhale/-/releases/v0.8.47"
         );
         assert_eq!(
-            cnb_release_base_url("v0.8.47"),
+            codewhale_release::cnb_release_base_url("v0.8.47"),
             "https://cnb.cool/Hmbown/CodeWhale/-/releases/v0.8.47"
         );
     }
@@ -1037,11 +900,11 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
     #[test]
     fn parse_release_version_accepts_tags_and_build_suffixes() {
         assert_eq!(
-            parse_release_version("v0.9.0-beta.1").unwrap(),
+            codewhale_release::parse_release_version("v0.9.0-beta.1").unwrap(),
             semver::Version::parse("0.9.0-beta.1").unwrap()
         );
         assert_eq!(
-            parse_release_version("0.8.45 (abcdef123456)").unwrap(),
+            codewhale_release::parse_release_version("0.8.45 (abcdef123456)").unwrap(),
             semver::Version::parse("0.8.45").unwrap()
         );
     }
@@ -1064,18 +927,24 @@ E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855  *codewhale-win
             assets: vec![],
         };
 
-        assert!(!is_beta_release(&rc_prerelease));
-        assert!(is_beta_release(&beta_tag));
-        assert!(!is_beta_release(&stable));
+        assert!(!is_beta_tag(&rc_prerelease.tag_name));
+        assert!(is_beta_tag(&beta_tag.tag_name));
+        assert!(!is_beta_tag(&stable.tag_name));
     }
 
     #[test]
     fn update_fallback_hint_points_china_users_to_cnb_and_asset_mirrors() {
         let hint = update_network_fallback_hint();
 
-        assert!(hint.contains(CNB_REPO_URL), "{hint}");
-        assert!(hint.contains(RELEASE_BASE_URL_ENV), "{hint}");
-        assert!(hint.contains(UPDATE_VERSION_ENV), "{hint}");
+        assert!(hint.contains(codewhale_release::CNB_REPO_URL), "{hint}");
+        assert!(
+            hint.contains(codewhale_release::RELEASE_BASE_URL_ENV),
+            "{hint}"
+        );
+        assert!(
+            hint.contains(codewhale_release::UPDATE_VERSION_ENV),
+            "{hint}"
+        );
         assert!(hint.contains("codewhale-cli"), "{hint}");
         assert!(hint.contains("codewhale-tui --locked"), "{hint}");
     }
diff --git a/crates/release/Cargo.toml b/crates/release/Cargo.toml
new file mode 100644
index 00000000..67520686
--- /dev/null
+++ b/crates/release/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "codewhale-release"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+repository.workspace = true
+description = "Shared CodeWhale release discovery and version comparison helpers"
+
+[dependencies]
+anyhow.workspace = true
+reqwest = { workspace = true, features = ["blocking"] }
+semver.workspace = true
+serde.workspace = true
+serde_json.workspace = true
diff --git a/crates/release/src/lib.rs b/crates/release/src/lib.rs
new file mode 100644
index 00000000..327bb874
--- /dev/null
+++ b/crates/release/src/lib.rs
@@ -0,0 +1,369 @@
+use std::time::Duration;
+
+use anyhow::{Context, Result, bail};
+use serde::Deserialize;
+
+pub const CHECKSUM_MANIFEST_ASSET: &str = "codewhale-artifacts-sha256.txt";
+pub const LATEST_RELEASE_URL: &str =
+    "https://api.github.com/repos/Hmbown/CodeWhale/releases/latest";
+pub const RELEASES_URL: &str =
+    "https://api.github.com/repos/Hmbown/CodeWhale/releases?per_page=100";
+pub const CNB_REPO_URL: &str = "https://cnb.cool/codewhale.net/codewhale";
+pub const RELEASE_BASE_URL_ENV: &str = "CODEWHALE_RELEASE_BASE_URL";
+pub const LEGACY_RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_TUI_RELEASE_BASE_URL";
+pub const DEEPSEEK_RELEASE_BASE_URL_ENV: &str = "DEEPSEEK_RELEASE_BASE_URL";
+pub const CNB_MIRROR_ENV: &str = "CODEWHALE_USE_CNB_MIRROR";
+pub const UPDATE_VERSION_ENV: &str = "DEEPSEEK_TUI_VERSION";
+pub const LEGACY_UPDATE_VERSION_ENV: &str = "DEEPSEEK_VERSION";
+pub const UPDATE_USER_AGENT: &str = "codewhale-updater";
+
+const CNB_RELEASE_ASSET_BASE: &str = "https://cnb.cool/Hmbown/CodeWhale/-/releases";
+const RELEASE_METADATA_TIMEOUT: Duration = Duration::from_secs(5);
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum ReleaseChannel {
+    Stable,
+    Beta,
+}
+
+impl ReleaseChannel {
+    pub fn from_beta_flag(beta: bool) -> Self {
+        if beta { Self::Beta } else { Self::Stable }
+    }
+
+    pub fn label(self) -> &'static str {
+        match self {
+            Self::Stable => "stable",
+            Self::Beta => "beta",
+        }
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum ReleaseQuery {
+    Mirror { base_url: String, version: String },
+    GitHubLatest { url: &'static str },
+    GitHubReleaseList { url: &'static str },
+}
+
+pub fn resolve_release_query(channel: ReleaseChannel) -> ReleaseQuery {
+    let version = update_version_from_env().unwrap_or_else(|| env!("CARGO_PKG_VERSION").into());
+    if let Some(base_url) = release_base_url_from_env(&version) {
+        return ReleaseQuery::Mirror { base_url, version };
+    }
+
+    match channel {
+        ReleaseChannel::Stable => ReleaseQuery::GitHubLatest {
+            url: LATEST_RELEASE_URL,
+        },
+        ReleaseChannel::Beta => ReleaseQuery::GitHubReleaseList { url: RELEASES_URL },
+    }
+}
+
+pub fn release_base_url_from_env(version: &str) -> Option<String> {
+    for env_name in [
+        RELEASE_BASE_URL_ENV,
+        LEGACY_RELEASE_BASE_URL_ENV,
+        DEEPSEEK_RELEASE_BASE_URL_ENV,
+    ] {
+        if let Ok(value) = std::env::var(env_name) {
+            let trimmed = value.trim().to_string();
+            if !trimmed.is_empty() {
+                return Some(trimmed);
+            }
+        }
+    }
+
+    if std::env::var(CNB_MIRROR_ENV).is_ok() {
+        return Some(cnb_release_base_url(version));
+    }
+    None
+}
+
+pub fn cnb_release_base_url(version: &str) -> String {
+    format!(
+        "{}/v{}",
+        CNB_RELEASE_ASSET_BASE.trim_end_matches('/'),
+        version.trim_start_matches('v')
+    )
+}
+
+pub fn update_version_from_env() -> Option<String> {
+    std::env::var(UPDATE_VERSION_ENV)
+        .ok()
+        .or_else(|| std::env::var(LEGACY_UPDATE_VERSION_ENV).ok())
+        .map(|value| value.trim().trim_start_matches('v').to_string())
+        .filter(|value| !value.is_empty())
+}
+
+pub fn mirror_asset_url(base_url: &str, asset_name: &str) -> String {
+    format!("{}/{}", base_url.trim_end_matches('/'), asset_name)
+}
+
+pub fn update_network_fallback_hint() -> String {
+    format!(
+        "GitHub release downloads may be blocked or slow on this network.\n\
+         For mainland China, use one of these fallback paths:\n\
+           1. Source build from the CNB mirror, installing both shipped binaries:\n\
+              cargo install --git {CNB_REPO_URL} --tag vX.Y.Z codewhale-cli --locked --force\n\
+              cargo install --git {CNB_REPO_URL} --tag vX.Y.Z codewhale-tui --locked --force\n\
+           2. Use a binary asset mirror:\n\
+              {RELEASE_BASE_URL_ENV}=https://<mirror>/<release-assets>/ {UPDATE_VERSION_ENV}=X.Y.Z codewhale update\n\
+         The mirror directory must contain {CHECKSUM_MANIFEST_ASSET} and the platform binaries."
+    )
+}
+
+pub fn fetch_release_json_blocking(url: &str, description: &str) -> Result<String> {
+    let client = reqwest::blocking::Client::builder()
+        .user_agent(UPDATE_USER_AGENT)
+        .timeout(RELEASE_METADATA_TIMEOUT)
+        .build()
+        .context("failed to build release check HTTP client")?;
+    let response = client
+        .get(url)
+        .header(reqwest::header::ACCEPT, "application/vnd.github+json")
+        .send()
+        .with_context(|| format!("failed to fetch {description} from {url}"))?;
+    let status = response.status();
+    let body = response
+        .text()
+        .with_context(|| format!("failed to read {description} response from {url}"));
+    release_response_body(status, body, url, description)
+}
+
+pub async fn fetch_release_json_async(url: &str, description: &str) -> Result<String> {
+    let client = reqwest::Client::builder()
+        .user_agent(UPDATE_USER_AGENT)
+        .timeout(RELEASE_METADATA_TIMEOUT)
+        .build()
+        .context("failed to build release check HTTP client")?;
+    let response = client
+        .get(url)
+        .header(reqwest::header::ACCEPT, "application/vnd.github+json")
+        .send()
+        .await
+        .with_context(|| format!("failed to fetch {description} from {url}"))?;
+    let status = response.status();
+    let body = response
+        .text()
+        .await
+        .with_context(|| format!("failed to read {description} response from {url}"));
+    release_response_body(status, body, url, description)
+}
+
+fn release_response_body(
+    status: reqwest::StatusCode,
+    body: Result<String>,
+    url: &str,
+    description: &str,
+) -> Result<String> {
+    let body = body.with_context(|| format!("failed to read {description} response from {url}"))?;
+    if !status.is_success() {
+        bail!("GitHub release request failed with HTTP {status}: {body}");
+    }
+    Ok(body)
+}
+
+#[derive(Deserialize)]
+struct ReleaseTag {
+    tag_name: String,
+}
+
+#[derive(Deserialize)]
+struct ReleaseListEntry {
+    tag_name: String,
+}
+
+pub fn latest_tag_from_release_json(body: &str) -> Result<String> {
+    let release: ReleaseTag = serde_json::from_str(body).with_context(|| {
+        format!("failed to parse release JSON from GitHub API. Response: {body}")
+    })?;
+    Ok(release.tag_name)
+}
+
+pub fn latest_beta_tag_from_release_list_json(body: &str) -> Result<String> {
+    let releases: Vec<ReleaseListEntry> = serde_json::from_str(body).with_context(|| {
+        format!("failed to parse release list JSON from GitHub API. Response: {body}")
+    })?;
+    releases
+        .into_iter()
+        .find(|release| is_beta_tag(&release.tag_name))
+        .map(|release| release.tag_name)
+        .context("no beta release found in GitHub releases")
+}
+
+pub async fn latest_release_tag_async(channel: ReleaseChannel) -> Result<String> {
+    match resolve_release_query(channel) {
+        ReleaseQuery::Mirror { version, .. } => Ok(format!("v{}", version.trim_start_matches('v'))),
+        ReleaseQuery::GitHubLatest { url } => {
+            let body = fetch_release_json_async(url, "latest release").await?;
+            latest_tag_from_release_json(&body)
+        }
+        ReleaseQuery::GitHubReleaseList { url } => {
+            let body = fetch_release_json_async(url, "release list").await?;
+            latest_beta_tag_from_release_list_json(&body)
+        }
+    }
+}
+
+pub fn latest_release_tag_blocking(channel: ReleaseChannel) -> Result<String> {
+    match resolve_release_query(channel) {
+        ReleaseQuery::Mirror { version, .. } => Ok(format!("v{}", version.trim_start_matches('v'))),
+        ReleaseQuery::GitHubLatest { url } => {
+            let body = fetch_release_json_blocking(url, "latest release")?;
+            latest_tag_from_release_json(&body)
+        }
+        ReleaseQuery::GitHubReleaseList { url } => {
+            let body = fetch_release_json_blocking(url, "release list")?;
+            latest_beta_tag_from_release_list_json(&body)
+        }
+    }
+}
+
+pub fn compare_release_versions(
+    current_version: &str,
+    latest_tag: &str,
+) -> Result<std::cmp::Ordering> {
+    let current = parse_release_version(current_version)
+        .with_context(|| format!("failed to parse current version {current_version:?}"))?;
+    let latest = parse_release_version(latest_tag)
+        .with_context(|| format!("failed to parse latest release tag {latest_tag:?}"))?;
+    Ok(current.cmp(&latest))
+}
+
+pub fn update_is_needed(
+    channel: ReleaseChannel,
+    current_version: &str,
+    latest_tag: &str,
+) -> Result<bool> {
+    let current = parse_release_version(current_version)
+        .with_context(|| format!("failed to parse current version {current_version:?}"))?;
+    let latest = parse_release_version(latest_tag)
+        .with_context(|| format!("failed to parse latest release tag {latest_tag:?}"))?;
+
+    match channel {
+        ReleaseChannel::Stable => Ok(current < latest),
+        ReleaseChannel::Beta => {
+            if current == latest {
+                return Ok(false);
+            }
+            let latest_is_beta = version_is_beta(&latest);
+            let current_is_stable = current.pre.is_empty();
+            let same_release_line = current.major == latest.major
+                && current.minor == latest.minor
+                && current.patch == latest.patch;
+            if current > latest && !(current_is_stable && same_release_line) {
+                return Ok(false);
+            }
+            Ok(latest_is_beta)
+        }
+    }
+}
+
+pub fn parse_release_version(value: &str) -> Result<semver::Version> {
+    let version = value
+        .trim()
+        .trim_start_matches('v')
+        .split_whitespace()
+        .next()
+        .unwrap_or("");
+    semver::Version::parse(version).with_context(|| format!("invalid semver: {value:?}"))
+}
+
+pub fn is_beta_tag(tag_name: &str) -> bool {
+    tag_name.to_ascii_lowercase().contains("beta")
+}
+
+fn version_is_beta(version: &semver::Version) -> bool {
+    version.pre.as_str().to_ascii_lowercase().contains("beta")
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn cnb_release_base_url_includes_tag_directory() {
+        assert_eq!(
+            cnb_release_base_url("0.8.47"),
+            "https://cnb.cool/Hmbown/CodeWhale/-/releases/v0.8.47"
+        );
+        assert_eq!(
+            cnb_release_base_url("v0.8.47"),
+            "https://cnb.cool/Hmbown/CodeWhale/-/releases/v0.8.47"
+        );
+    }
+
+    #[test]
+    fn stable_update_is_needed_only_when_latest_is_newer() {
+        assert!(update_is_needed(ReleaseChannel::Stable, "0.8.45", "v0.8.46").unwrap());
+        assert!(update_is_needed(ReleaseChannel::Stable, "0.8.45", "v0.9.0-beta.1").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Stable, "0.8.45", "v0.8.45").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Stable, "0.9.0", "v0.9.0-beta.1").unwrap());
+        assert!(
+            !update_is_needed(ReleaseChannel::Stable, "0.9.0-beta.2", "v0.9.0-beta.1").unwrap()
+        );
+    }
+
+    #[test]
+    fn beta_update_allows_switching_from_same_stable_to_beta() {
+        assert!(update_is_needed(ReleaseChannel::Beta, "1.0.0", "v1.0.0-beta.2").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Beta, "1.0.0-beta.2", "v1.0.0-beta.2").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Beta, "1.0.0-beta.3", "v1.0.0-beta.2").unwrap());
+        assert!(update_is_needed(ReleaseChannel::Beta, "1.0.0-beta.2", "v1.0.0-beta.3").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Beta, "2.0.0", "v1.0.0-beta.3").unwrap());
+        assert!(!update_is_needed(ReleaseChannel::Beta, "1.0.0-rc.1", "v1.0.0-beta.3").unwrap());
+    }
+
+    #[test]
+    fn parse_release_version_accepts_tags_and_build_suffixes() {
+        assert_eq!(
+            parse_release_version("v0.9.0-beta.1").unwrap(),
+            semver::Version::parse("0.9.0-beta.1").unwrap()
+        );
+        assert_eq!(
+            parse_release_version("0.8.45 (abcdef123456)").unwrap(),
+            semver::Version::parse("0.8.45").unwrap()
+        );
+    }
+
+    #[test]
+    fn release_version_compare_ignores_v_prefix_and_build_sha() {
+        assert_eq!(
+            compare_release_versions("0.8.39 (eeccf7d)", "v0.8.39").unwrap(),
+            std::cmp::Ordering::Equal
+        );
+        assert_eq!(
+            compare_release_versions("0.8.39", "v0.8.40").unwrap(),
+            std::cmp::Ordering::Less
+        );
+        assert_eq!(
+            compare_release_versions("0.8.40", "v0.8.39").unwrap(),
+            std::cmp::Ordering::Greater
+        );
+    }
+
+    #[test]
+    fn latest_beta_tag_selects_first_beta_release() {
+        let body = r#"[
+          { "tag_name": "v0.9.0" },
+          { "tag_name": "v0.9.0-rc.1" },
+          { "tag_name": "v0.9.0-beta.2" },
+          { "tag_name": "v0.9.0-beta.1" }
+        ]"#;
+        assert_eq!(
+            latest_beta_tag_from_release_list_json(body).unwrap(),
+            "v0.9.0-beta.2"
+        );
+    }
+
+    #[test]
+    fn latest_beta_tag_reports_missing_beta() {
+        let body = r#"[{ "tag_name": "v0.9.0" }]"#;
+        let err = latest_beta_tag_from_release_list_json(body).expect_err("missing beta");
+        assert!(
+            err.to_string().contains("no beta release found"),
+            "unexpected error: {err:#}"
+        );
+    }
+}
diff --git a/crates/tui/Cargo.toml b/crates/tui/Cargo.toml
index 6aa5486c..67d4042a 100644
--- a/crates/tui/Cargo.toml
+++ b/crates/tui/Cargo.toml
@@ -28,6 +28,7 @@ path = "src/bin/deepseek_tui_legacy_shim.rs"
 anyhow = "1.0.100"
 arboard = "3.4"
 codewhale-config = { path = "../config", version = "0.8.46" }
+codewhale-release = { path = "../release", version = "0.8.46" }
 codewhale-secrets = { path = "../secrets", version = "0.8.46" }
 codewhale-tools = { path = "../tools", version = "0.8.46" }
 schemaui = { version = "0.12.0", default-features = false, optional = true }
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 64ef7992..ae37526c 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -2074,6 +2074,51 @@ async fn run_doctor(config: &Config, workspace: &Path, config_path_override: Opt
     println!("  rust: {}", rustc_version());
     println!();
 
+    println!("{}", "Updates:".bold());
+    let current_version = env!("CARGO_PKG_VERSION");
+    println!("  · current: v{current_version}");
+    match codewhale_release::latest_release_tag_async(codewhale_release::ReleaseChannel::Stable)
+        .await
+    {
+        Ok(latest_tag) => {
+            match codewhale_release::compare_release_versions(current_version, &latest_tag) {
+                Ok(std::cmp::Ordering::Less) => {
+                    println!(
+                        "  {} latest: {latest_tag}",
+                        "!".truecolor(sky_r, sky_g, sky_b)
+                    );
+                    println!("    Update available. Run `codewhale update` to install.");
+                }
+                Ok(std::cmp::Ordering::Equal) => {
+                    println!(
+                        "  {} latest: {latest_tag}",
+                        "✓".truecolor(aqua_r, aqua_g, aqua_b)
+                    );
+                    println!("    Already up to date.");
+                }
+                Ok(std::cmp::Ordering::Greater) => {
+                    println!("  {} latest: {latest_tag}", "·".dimmed());
+                    println!("    Current build is newer than the latest published release.");
+                }
+                Err(err) => {
+                    println!(
+                        "  {} latest: {latest_tag}",
+                        "!".truecolor(sky_r, sky_g, sky_b)
+                    );
+                    println!("    Version comparison failed: {err}");
+                }
+            }
+        }
+        Err(err) => {
+            println!(
+                "  {} latest release check failed: {err}",
+                "!".truecolor(sky_r, sky_g, sky_b)
+            );
+            println!("    Run `codewhale update --check` to retry.");
+        }
+    }
+    println!();
+
     // Configuration summary
     println!("{}", "Configuration:".bold());
     let config_path = config_path_override
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 473618b5..0f5b8376 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -479,6 +479,9 @@ Cargo mirror setup in [Section 4](#4-install-via-cargo-any-tier-1-rust-target).
 assets. On networks where GitHub is blocked or unreliable, use the CNB source
 mirror instead and install both binaries from the release tag:
 
+To check the latest release without downloading or replacing binaries, run
+`codewhale update --check`.
+
 ```bash
 cargo install --git https://cnb.cool/codewhale.net/codewhale --tag vX.Y.Z codewhale-cli --locked --force
 cargo install --git https://cnb.cool/codewhale.net/codewhale --tag vX.Y.Z codewhale-tui     --locked --force

From 29625945dedb51321dc07bd21ec873e37d2871dd Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Tue, 19 May 2026 00:01:30 +0200
Subject: [PATCH 207/283] feat: add ShellDispatcher for shell-agnostic command
 execution

Introduces a central shell abstraction that replaces hardcoded
Command::new("cmd") / Command::new("sh") across the execution path.

- Shell detection at startup (pwsh -> powershell -> cmd -> sh)
- Correct quoting per shell (PowerShell uses -NoProfile -Command)
- Scope guards restore crossterm raw mode on all spawn paths (#1690)
- Direct program+args builder for sandbox ExecEnv integration

Files:
- crates/tui/src/shell_dispatcher.rs (new, 12 tests)
- crates/tui/src/main.rs (register module)
- crates/tui/src/eval.rs (exec_shell delegates to dispatcher)
- crates/tui/src/sandbox/mod.rs (CommandSpec::shell uses dispatcher)
- crates/tui/src/tools/shell.rs (raw mode guards on all spawn paths)

Closes #1690
Refs #1779
---
 crates/tui/src/eval.rs             |  53 +---
 crates/tui/src/main.rs             |   1 +
 crates/tui/src/sandbox/mod.rs      |  33 +--
 crates/tui/src/shell_dispatcher.rs | 400 +++++++++++++++++++++++++++++
 crates/tui/src/tools/shell.rs      |  15 +-
 5 files changed, 429 insertions(+), 73 deletions(-)
 create mode 100644 crates/tui/src/shell_dispatcher.rs

diff --git a/crates/tui/src/eval.rs b/crates/tui/src/eval.rs
index 5d095254..cdec123d 100644
--- a/crates/tui/src/eval.rs
+++ b/crates/tui/src/eval.rs
@@ -11,7 +11,6 @@ use std::collections::BTreeMap;
 use std::fs;
 use std::io::Write;
 use std::path::{Path, PathBuf};
-use std::process::Command;
 use std::time::{Duration, Instant};
 use tempfile::TempDir;
 
@@ -21,16 +20,6 @@ enum EvalShellPlatform {
     Unix,
 }
 
-impl EvalShellPlatform {
-    fn current() -> Self {
-        if cfg!(windows) {
-            Self::Windows
-        } else {
-            Self::Unix
-        }
-    }
-}
-
 #[derive(Debug, Clone, PartialEq, Eq)]
 struct EvalShellInvocation {
     program: &'static str,
@@ -38,10 +27,6 @@ struct EvalShellInvocation {
     raw_payload_on_windows: bool,
 }
 
-fn eval_shell_invocation(command: &str) -> EvalShellInvocation {
-    eval_shell_invocation_for_platform(command, EvalShellPlatform::current())
-}
-
 fn eval_shell_invocation_for_platform(
     command: &str,
     platform: EvalShellPlatform,
@@ -60,24 +45,6 @@ fn eval_shell_invocation_for_platform(
     }
 }
 
-fn push_eval_shell_args(cmd: &mut Command, invocation: &EvalShellInvocation) {
-    #[cfg(windows)]
-    {
-        use std::os::windows::process::CommandExt;
-        if invocation.raw_payload_on_windows
-            && invocation.program.eq_ignore_ascii_case("cmd")
-            && invocation.args.len() == 2
-            && invocation.args[0].eq_ignore_ascii_case("/C")
-        {
-            cmd.raw_arg(&invocation.args[0]);
-            cmd.raw_arg(&invocation.args[1]);
-            return;
-        }
-    }
-
-    cmd.args(&invocation.args);
-}
-
 /// Representative tool steps covered by the evaluation harness.
 #[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Serialize)]
 pub enum ScenarioStepKind {
@@ -767,25 +734,7 @@ fn apply_patch(root: &Path, patch: &str) -> Result<()> {
 }
 
 fn exec_shell(root: &Path, command: &str) -> Result<String> {
-    let invocation = eval_shell_invocation(command);
-    let mut cmd = Command::new(invocation.program);
-    push_eval_shell_args(&mut cmd, &invocation);
-    let output = cmd
-        .current_dir(root)
-        .output()
-        .with_context(|| format!("failed to execute shell command: {command}"))?;
-
-    if !output.status.success() {
-        let stderr = String::from_utf8_lossy(&output.stderr);
-        return Err(anyhow!(
-            "shell command failed (status={}): {}",
-            output.status,
-            stderr.trim()
-        ));
-    }
-
-    let stdout = String::from_utf8_lossy(&output.stdout).to_string();
-    Ok(stdout.trim().to_string())
+    crate::shell_dispatcher::global_dispatcher().run_foreground(command, root)
 }
 
 fn truncate_output(value: &str, max_chars: usize) -> String {
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index ae37526c..36d84c6e 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -63,6 +63,7 @@ mod schema_migration;
 mod seam_manager;
 #[allow(dead_code)]
 mod session_failure_classifier;
+mod shell_dispatcher;
 mod session_manager;
 mod settings;
 mod skill_state;
diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index 85a6898c..15be4226 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -86,20 +86,19 @@ pub struct CommandSpec {
 impl CommandSpec {
     /// Create a `CommandSpec` for running a shell command via the platform shell.
     pub fn shell(command: &str, cwd: PathBuf, timeout: Duration) -> Self {
+        let dispatcher = crate::shell_dispatcher::global_dispatcher();
+        let kind = dispatcher.kind();
+
         #[cfg(windows)]
         let (program, args) = {
-            // Force UTF-8 output on Windows by running `chcp 65001` before the
-            // actual command. Without this, subprocesses output in the system's
-            // ANSI code page (e.g. GBK for Chinese locales), causing garbled
-            // text in the shell output panel. See issue #982.
-            let cmd = format!("chcp 65001 >NUL & {command}");
-            ("cmd".to_string(), vec!["/C".to_string(), cmd])
+            // Force UTF-8 output on Windows. chcp is cmd-compatible;
+            // PowerShell uses semicolons instead of &. See issue #982.
+            let separator = if kind.is_powershell() { ";" } else { "&" };
+            let cmd = format!("chcp 65001 >NUL {separator} {command}");
+            dispatcher.build_command_parts(&cmd)
         };
         #[cfg(not(windows))]
-        let (program, args) = (
-            "sh".to_string(),
-            vec!["-c".to_string(), command.to_string()],
-        );
+        let (program, args) = dispatcher.build_command_parts(command);
 
         Self {
             program,
@@ -603,16 +602,9 @@ mod tests {
     fn test_command_spec_shell() {
         let spec = CommandSpec::shell("echo hello", PathBuf::from("/tmp"), Duration::from_secs(30));
 
-        #[cfg(windows)]
-        {
-            assert_eq!(spec.program, "cmd");
-            assert_eq!(spec.args, vec!["/C", "chcp 65001 >NUL & echo hello"]);
-        }
-        #[cfg(not(windows))]
-        {
-            assert_eq!(spec.program, "sh");
-            assert_eq!(spec.args, vec!["-c", "echo hello"]);
-        }
+        // Program and args depend on the detected shell (pwsh, cmd, sh, …).
+        assert!(!spec.program.is_empty(), "program must not be empty");
+        assert!(!spec.args.is_empty(), "args must not be empty");
         assert_eq!(spec.display_command(), "echo hello");
     }
 
@@ -862,3 +854,4 @@ mod tests {
         }
     }
 }
+}
diff --git a/crates/tui/src/shell_dispatcher.rs b/crates/tui/src/shell_dispatcher.rs
new file mode 100644
index 00000000..f9ba529d
--- /dev/null
+++ b/crates/tui/src/shell_dispatcher.rs
@@ -0,0 +1,400 @@
+//! Shell abstraction layer for DeepSeek TUI.
+//!
+//! Detects the user's shell at startup and provides a single entry point for
+//! all command execution. DeepSeek TUI never calls `Command::new("cmd")` (or
+//! `"sh"`, `"pwsh"`, ...) directly — it asks the [`ShellDispatcher`] to build
+//! a correctly configured [`std::process::Command`].
+//!
+//! ## Responsibilities
+//!
+//! 1. **Shell detection** — find the user's actual shell (PowerShell, pwsh,
+//!    bash via WSL / Git Bash, cmd.exe fallback on Windows, /bin/sh on Unix).
+//! 2. **Quoting correctness** — each shell's argument-passing convention is
+//!    respected so quoted strings survive the spawn boundary intact.
+//! 3. **Terminal state** — foreground shell execution saves and restores
+//!    crossterm raw-mode so the TUI input pipeline is not broken after a
+//!    child process exits (issue #1690).
+
+use std::process::Command;
+
+// ---------------------------------------------------------------------------
+// Shell kind
+// ---------------------------------------------------------------------------
+
+/// The concrete shell that the dispatcher will use.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum ShellKind {
+    /// PowerShell 7+ (`pwsh.exe`).
+    Pwsh,
+    /// Windows PowerShell 5.1 (`powershell.exe`).
+    WindowsPowerShell,
+    /// Command Prompt (`cmd.exe`).
+    Cmd,
+    /// Unix `/bin/sh` (or `$SHELL`-detected bash/zsh).
+    Sh,
+    /// Bash — detected via `$SHELL` on either Unix or WSL/Git Bash on Windows.
+    Bash,
+    /// Any other POSIX shell from $SHELL (zsh, fish, dash, ...).
+    Custom { binary: String, flag: String },
+}
+
+impl ShellKind {
+    /// Binary name for the shell. Appends `.exe` on Windows where needed.
+    pub fn binary(&self) -> &str {
+        match self {
+            #[cfg(windows)]
+            ShellKind::Pwsh => "pwsh.exe",
+            #[cfg(not(windows))]
+            ShellKind::Pwsh => "pwsh",
+
+            #[cfg(windows)]
+            ShellKind::WindowsPowerShell => "powershell.exe",
+            #[cfg(not(windows))]
+            ShellKind::WindowsPowerShell => "powershell",
+
+            #[cfg(windows)]
+            ShellKind::Cmd => "cmd.exe",
+            #[cfg(not(windows))]
+            ShellKind::Cmd => "cmd",
+
+            ShellKind::Sh => "sh",
+            ShellKind::Bash => "bash",
+            ShellKind::Custom { binary, .. } => binary,
+        }
+    }
+
+    /// Flag that tells the shell to execute the following argument as a
+    /// command string.
+    pub fn command_flag(&self) -> &str {
+        match self {
+            ShellKind::Pwsh | ShellKind::WindowsPowerShell => "-NoProfile",
+            ShellKind::Cmd => "/C",
+            ShellKind::Sh | ShellKind::Bash => "-c",
+            ShellKind::Custom { flag, .. } => flag,
+        }
+    }
+
+    /// Whether this shell needs an extra `-Command` flag after the profile
+    /// flag (PowerShell-specific).
+    pub fn needs_command_flag(&self) -> bool {
+        matches!(self, ShellKind::Pwsh | ShellKind::WindowsPowerShell)
+    }
+
+    /// Returns true when this is a PowerShell-family shell.
+    pub fn is_powershell(&self) -> bool {
+        matches!(self, ShellKind::Pwsh | ShellKind::WindowsPowerShell)
+    }
+}
+
+// ---------------------------------------------------------------------------
+// Dispatcher
+// ---------------------------------------------------------------------------
+
+/// Central shell abstraction. Created once at startup via
+/// [`ShellDispatcher::detect`] and then used everywhere a command needs to
+/// be spawned.
+#[derive(Debug, Clone)]
+pub struct ShellDispatcher {
+    kind: ShellKind,
+}
+
+impl ShellDispatcher {
+    /// Detect the user's shell from the environment.
+    ///
+    /// ## Detection order (Windows)
+    ///
+    /// 1. `$env:SHELL` — WSL interop or Git Bash often set this.
+    /// 2. `pwsh.exe` found on `PATH` — PowerShell 7+.
+    /// 3. `powershell.exe` found on `PATH` — Windows PowerShell 5.1.
+    /// 4. `cmd.exe` — always available, last resort.
+    ///
+    /// ## Detection order (Unix)
+    ///
+    /// 1. `$SHELL` — if it contains `bash`, use `Bash`; otherwise use the
+    ///    actual binary path via `Custom`.
+    /// 2. `/bin/sh` fallback.
+    pub fn detect() -> Self {
+        let kind = Self::detect_shell();
+        ShellDispatcher { kind }
+    }
+
+    /// The detected shell kind.
+    pub fn kind(&self) -> &ShellKind {
+        &self.kind
+    }
+
+    // -- Public builders --------------------------------------------------
+
+    /// Build a `std::process::Command` for the given shell command string.
+    pub fn build_command(&self, shell_command: &str) -> Command {
+        let mut cmd = Command::new(self.kind.binary());
+
+        if self.kind.needs_command_flag() {
+            cmd.arg(self.kind.command_flag());
+            cmd.arg("-Command");
+            cmd.arg(shell_command);
+        } else {
+            cmd.arg(self.kind.command_flag());
+            cmd.arg(shell_command);
+        }
+
+        cmd
+    }
+
+    /// Build the program + args tuple. Useful when the caller needs to
+    /// inspect or modify the args before passing them to `Command`.
+    pub fn build_command_parts(&self, shell_command: &str) -> (String, Vec<String>) {
+        let program = self.kind.binary().to_string();
+        let args = if self.kind.needs_command_flag() {
+            vec![
+                self.kind.command_flag().to_string(),
+                "-Command".to_string(),
+                shell_command.to_string(),
+            ]
+        } else {
+            vec![
+                self.kind.command_flag().to_string(),
+                shell_command.to_string(),
+            ]
+        };
+        (program, args)
+    }
+
+    /// Build a `Command` from separate program + args (bypasses the shell).
+    /// Used when the caller already has a resolved executable and argument
+    /// vector — e.g. `ExecEnv` from the sandbox.
+    pub fn build_direct(&self, program: &str, args: &[String]) -> Command {
+        let mut cmd = Command::new(program);
+        cmd.args(args);
+        cmd
+    }
+
+    /// Execute a foreground command with raw-mode save/restore.
+    ///
+    /// A scope guard ensures raw mode is restored even if the command fails
+    /// to spawn or returns early (review feedback, issue #1690).
+    pub fn run_foreground(
+        &self,
+        shell_command: &str,
+        cwd: &std::path::Path,
+    ) -> Result<String, anyhow::Error> {
+        use anyhow::Context;
+
+        // Disable raw mode; guard restores it even on `?` early return.
+        let _ = crossterm::terminal::disable_raw_mode();
+        struct FgRawModeGuard;
+        impl Drop for FgRawModeGuard {
+            fn drop(&mut self) {
+                let _ = crossterm::terminal::enable_raw_mode();
+            }
+        }
+        let _guard = FgRawModeGuard;
+
+        let mut cmd = self.build_command(shell_command);
+        cmd.current_dir(cwd);
+
+        let output = cmd
+            .output()
+            .with_context(|| format!("failed to execute shell command: {shell_command}"))?;
+
+        if !output.status.success() {
+            let stderr = String::from_utf8_lossy(&output.stderr);
+            anyhow::bail!(
+                "shell command failed (status={}): {}",
+                output.status,
+                stderr.trim()
+            );
+        }
+
+        let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
+        Ok(stdout)
+    }
+
+    // -- Detection --------------------------------------------------------
+
+    fn detect_shell() -> ShellKind {
+        // 1. $SHELL environment variable (WSL, Git Bash, MSYS2, or Unix)
+        if let Ok(shell) = std::env::var("SHELL") {
+            let lower = shell.to_lowercase();
+            if lower.contains("bash") {
+                return ShellKind::Bash;
+            }
+            if lower.contains("pwsh") {
+                return ShellKind::Pwsh;
+            }
+            if lower.contains("powershell") {
+                return ShellKind::WindowsPowerShell;
+            }
+            return ShellKind::Custom {
+                binary: shell,
+                flag: "-c".to_string(),
+            };
+        }
+
+        #[cfg(windows)]
+        {
+            if Self::binary_on_path("pwsh.exe") {
+                return ShellKind::Pwsh;
+            }
+            if Self::binary_on_path("powershell.exe") {
+                return ShellKind::WindowsPowerShell;
+            }
+            return ShellKind::Cmd;
+        }
+
+        #[cfg(not(windows))]
+        {
+            ShellKind::Sh
+        }
+    }
+
+    fn binary_on_path(name: &str) -> bool {
+        std::env::var_os("PATH")
+            .map(|path| {
+                std::env::split_paths(&path).any(|dir| {
+                    let candidate = dir.join(name);
+                    candidate.is_file()
+                })
+            })
+            .unwrap_or(false)
+    }
+}
+
+/// Global dispatcher instance, detected once at startup.
+///
+/// Any code path that needs to spawn a shell command can use
+/// `global_dispatcher()` instead of threading the dispatcher through
+/// every function signature.
+pub fn global_dispatcher() -> &'static ShellDispatcher {
+    use std::sync::LazyLock;
+    static DISPATCHER: LazyLock<ShellDispatcher> = LazyLock::new(ShellDispatcher::detect);
+    &DISPATCHER
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn shell_kind_binary_names() {
+        #[cfg(windows)]
+        {
+            assert_eq!(ShellKind::Pwsh.binary(), "pwsh.exe");
+            assert_eq!(ShellKind::WindowsPowerShell.binary(), "powershell.exe");
+            assert_eq!(ShellKind::Cmd.binary(), "cmd.exe");
+        }
+        #[cfg(not(windows))]
+        {
+            assert_eq!(ShellKind::Pwsh.binary(), "pwsh");
+            assert_eq!(ShellKind::WindowsPowerShell.binary(), "powershell");
+            assert_eq!(ShellKind::Cmd.binary(), "cmd");
+        }
+        assert_eq!(ShellKind::Sh.binary(), "sh");
+        assert_eq!(ShellKind::Bash.binary(), "bash");
+    }
+
+    #[test]
+    fn detect_returns_some_shell() {
+        let dispatcher = global_dispatcher();
+        let _kind = dispatcher.kind();
+    }
+
+    #[test]
+    fn powershell_build_command_includes_no_profile_and_command_flags() {
+        let dispatcher = ShellDispatcher { kind: ShellKind::Pwsh };
+        let cmd = dispatcher.build_command("echo hello");
+        let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
+        assert!(args.contains(&"-NoProfile"));
+        assert!(args.contains(&"-Command"));
+        assert!(args.contains(&"echo hello"));
+    }
+
+    #[test]
+    fn cmd_build_command_uses_c_flag() {
+        let dispatcher = ShellDispatcher { kind: ShellKind::Cmd };
+        let cmd = dispatcher.build_command("echo hello");
+        let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
+        assert!(args.contains(&"/C"));
+        assert!(args.contains(&"echo hello"));
+    }
+
+    #[test]
+    fn sh_build_command_uses_dash_c() {
+        let dispatcher = ShellDispatcher { kind: ShellKind::Sh };
+        let cmd = dispatcher.build_command("echo hello");
+        let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
+        assert!(args.contains(&"-c"));
+        assert!(args.contains(&"echo hello"));
+    }
+
+    #[test]
+    fn build_direct_preserves_args() {
+        let dispatcher = ShellDispatcher { kind: ShellKind::Cmd };
+        let args = vec!["-m".to_string(), "commit message".to_string()];
+        let cmd = dispatcher.build_direct("git", &args);
+        let cmd_args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
+        assert_eq!(cmd_args, vec!["-m", "commit message"]);
+    }
+
+    #[test]
+    fn powershell_flags_are_correct() {
+        assert!(ShellKind::Pwsh.needs_command_flag());
+        assert!(ShellKind::WindowsPowerShell.needs_command_flag());
+        assert!(!ShellKind::Cmd.needs_command_flag());
+        assert!(!ShellKind::Sh.needs_command_flag());
+        assert!(!ShellKind::Bash.needs_command_flag());
+    }
+
+    #[test]
+    fn is_powershell_detects_both_variants() {
+        assert!(ShellKind::Pwsh.is_powershell());
+        assert!(ShellKind::WindowsPowerShell.is_powershell());
+        assert!(!ShellKind::Cmd.is_powershell());
+        assert!(!ShellKind::Sh.is_powershell());
+        assert!(!ShellKind::Bash.is_powershell());
+    }
+
+    #[test]
+    fn build_command_quotes_spaces_for_cmd() {
+        let dispatcher = ShellDispatcher { kind: ShellKind::Cmd };
+        let cmd = dispatcher.build_command("git commit -m \"msg with spaces\"");
+        let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
+        assert_eq!(args.len(), 2);
+        assert_eq!(args[0], "/C");
+        assert!(args[1].contains("msg with spaces"));
+        assert!(args[1].starts_with("git "));
+    }
+
+    #[test]
+    fn build_command_quotes_spaces_for_pwsh() {
+        let dispatcher = ShellDispatcher { kind: ShellKind::Pwsh };
+        let cmd = dispatcher.build_command("git commit -m \"msg with spaces\"");
+        let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
+        assert_eq!(args.len(), 3);
+        assert_eq!(args[0], "-NoProfile");
+        assert_eq!(args[1], "-Command");
+        assert!(args[2].contains("msg with spaces"));
+    }
+
+    #[test]
+    fn build_direct_handles_empty_args() {
+        let dispatcher = ShellDispatcher { kind: ShellKind::Sh };
+        let cmd = dispatcher.build_direct("echo", &[]);
+        let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
+        assert!(args.is_empty());
+    }
+
+    #[test]
+    fn custom_shell_uses_provided_binary_and_flag() {
+        let kind = ShellKind::Custom {
+            binary: "/bin/zsh".to_string(),
+            flag: "-c".to_string(),
+        };
+        assert_eq!(kind.binary(), "/bin/zsh");
+        assert_eq!(kind.command_flag(), "-c");
+    }
+}
\ No newline at end of file
diff --git a/crates/tui/src/tools/shell.rs b/crates/tui/src/tools/shell.rs
index 32f48a1d..df32d3e8 100644
--- a/crates/tui/src/tools/shell.rs
+++ b/crates/tui/src/tools/shell.rs
@@ -841,6 +841,13 @@ impl ShellManager {
 
         child_env::apply_to_command(&mut cmd, child_env::string_map_env(&exec_env.env));
 
+        // Disable raw mode before spawn; restore on drop regardless of
+        // success/failure/timeout (issue #1690).
+        let _ = crossterm::terminal::disable_raw_mode();
+        struct SyncRawModeGuard;
+        impl Drop for SyncRawModeGuard { fn drop(&mut self) { let _ = crossterm::terminal::enable_raw_mode(); } }
+        let _guard = SyncRawModeGuard;
+
         let mut child = cmd
             .spawn()
             .with_context(|| format!("Failed to execute: {original_command}"))?;
@@ -975,6 +982,12 @@ impl ShellManager {
         }
         install_parent_death_signal(&mut cmd);
 
+        // Disable raw mode before spawn; restore on drop (issue #1690).
+        let _ = crossterm::terminal::disable_raw_mode();
+        struct InteractiveRawModeGuard;
+        impl Drop for InteractiveRawModeGuard { fn drop(&mut self) { let _ = crossterm::terminal::enable_raw_mode(); } }
+        let _guard = InteractiveRawModeGuard;
+
         child_env::apply_to_command(&mut cmd, child_env::string_map_env(&exec_env.env));
 
         let mut child = cmd
@@ -2792,4 +2805,4 @@ impl ToolSpec for NoteTool {
 }
 
 #[cfg(test)]
-mod tests;
+mod tests;
\ No newline at end of file

From 6e5d8ddf016b50831b5934f281fc972f00344274 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Tue, 19 May 2026 02:57:24 +0200
Subject: [PATCH 208/283] feat(shell_dispatcher): harden PowerShell detection
 and add execution logging

- find_exe(): fall back to known install dirs when PATH lookup fails
  (C:\Program Files\PowerShell\7, System32\WindowsPowerShell\v1.0)
- Encoding prefix: use idiomatic [Console]::OutputEncoding for PowerShell
  instead of cmd.exe chcp 65001 >NUL
- Execution logging: write exec via <ShellKind> entries to
  SHELL_DISPATCHER_LOG when set
- System prompt: use ShellDispatcher detection instead of raw $SHELL
  so model knows it has PowerShell and generates native cmdlets
- display_command(): strip PowerShell encoding prefix for display
- Add tests for find_exe PATH + known-dir fallback

Refs #1779
---
 crates/tui/src/prompts.rs          |   5 +-
 crates/tui/src/sandbox/mod.rs      |  22 ++++--
 crates/tui/src/shell_dispatcher.rs | 106 ++++++++++++++++++++++++++++-
 crates/tui/src/tools/shell.rs      |   5 ++
 4 files changed, 131 insertions(+), 7 deletions(-)

diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index c6beeeff..22b77643 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -142,7 +142,10 @@ for the current turn."
 fn render_environment_block(workspace: &Path, locale_tag: &str) -> String {
     let deepseek_version = env!("CARGO_PKG_VERSION");
     let platform = std::env::consts::OS;
-    let shell = std::env::var("SHELL").unwrap_or_else(|_| "unknown".to_string());
+    let shell = crate::shell_dispatcher::global_dispatcher()
+        .kind()
+        .binary()
+        .to_string();
     let pwd = workspace.display();
 
     format!(
diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index 15be4226..6ed82bc6 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -91,10 +91,13 @@ impl CommandSpec {
 
         #[cfg(windows)]
         let (program, args) = {
-            // Force UTF-8 output on Windows. chcp is cmd-compatible;
-            // PowerShell uses semicolons instead of &. See issue #982.
-            let separator = if kind.is_powershell() { ";" } else { "&" };
-            let cmd = format!("chcp 65001 >NUL {separator} {command}");
+            // Force UTF-8 output. cmd.exe uses chcp; PowerShell sets the
+            // console output encoding directly. See issue #982.
+            let cmd = if kind.is_powershell() {
+                format!("[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; {command}")
+            } else {
+                format!("chcp 65001 >NUL & {command}")
+            };
             dispatcher.build_command_parts(&cmd)
         };
         #[cfg(not(windows))]
@@ -163,6 +166,17 @@ impl CommandSpec {
             raw.strip_prefix("chcp 65001 >NUL & ")
                 .unwrap_or(raw)
                 .to_string()
+        } else if (self.program.eq_ignore_ascii_case("pwsh")
+            || self.program.eq_ignore_ascii_case("powershell"))
+            && self.args.len() >= 3
+            && self.args[0].eq_ignore_ascii_case("-NoProfile")
+            && self.args[1].eq_ignore_ascii_case("-Command")
+        {
+            // Strip the PowerShell encoding prefix.
+            let raw = &self.args[2];
+            raw.strip_prefix("[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; ")
+                .unwrap_or(raw)
+                .to_string()
         } else {
             // For other commands, join program and args
             let mut parts = vec![self.program.clone()];
diff --git a/crates/tui/src/shell_dispatcher.rs b/crates/tui/src/shell_dispatcher.rs
index f9ba529d..bb2c6d6b 100644
--- a/crates/tui/src/shell_dispatcher.rs
+++ b/crates/tui/src/shell_dispatcher.rs
@@ -15,7 +15,13 @@
 //!    crossterm raw-mode so the TUI input pipeline is not broken after a
 //!    child process exits (issue #1690).
 
+use std::fs::OpenOptions;
+use std::io::Write;
+use std::path::Path;
 use std::process::Command;
+use std::sync::Mutex;
+
+static LOG_MUTEX: Mutex<()> = Mutex::new(());
 
 // ---------------------------------------------------------------------------
 // Shell kind
@@ -115,9 +121,51 @@ impl ShellDispatcher {
     /// 2. `/bin/sh` fallback.
     pub fn detect() -> Self {
         let kind = Self::detect_shell();
+        Self::log_startup(&kind);
         ShellDispatcher { kind }
     }
 
+    /// Log a shell execution line when `SHELL_DISPATCHER_LOG` is set.
+    pub fn log_exec(command: &str) {
+        if let Ok(path) = std::env::var("SHELL_DISPATCHER_LOG") {
+            let _ = Self::append_log_static(&path, command);
+        }
+    }
+
+    fn log_startup(kind: &ShellKind) {
+        let _lock = LOG_MUTEX.lock();
+        if let Ok(path) = std::env::var("SHELL_DISPATCHER_LOG") {
+            let init_line = format!(
+                "--- ShellDispatcher log started pid={} ---\n",
+                std::process::id()
+            );
+            let _ = Self::append_log(&path, &init_line);
+            let detect_line = format!("[{}] detect: {kind:?}\n", now_iso());
+            let _ = Self::append_log(&path, &detect_line);
+        }
+    }
+
+    fn append_log(path: &str, line: &str) -> std::io::Result<()> {
+        let mut file = OpenOptions::new()
+            .create(true)
+            .append(true)
+            .open(Path::new(path))?;
+        file.write_all(line.as_bytes())?;
+        file.flush()
+    }
+
+    fn append_log_static(path: &str, command: &str) -> std::io::Result<()> {
+        // Resolve kind outside the lock — `global_dispatcher()` may trigger
+        // `detect()` which calls `log_startup()` which also acquires the mutex.
+        let kind = global_dispatcher().kind();
+        let _lock = LOG_MUTEX.lock();
+        let line = format!(
+            "[{}] exec via {kind:?}: {command}\n", now_iso()
+        );
+        Self::append_log(path, &line)
+    }
+
+
     /// The detected shell kind.
     pub fn kind(&self) -> &ShellKind {
         &self.kind
@@ -180,6 +228,18 @@ impl ShellDispatcher {
     ) -> Result<String, anyhow::Error> {
         use anyhow::Context;
 
+        // Log the execution
+        {
+            let _lock = LOG_MUTEX.lock();
+            if let Ok(path) = std::env::var("SHELL_DISPATCHER_LOG") {
+                let kind = self.kind();
+                let line = format!(
+                    "[{}] exec via {kind:?}: {shell_command}\n", now_iso()
+                );
+                let _ = Self::append_log(&path, &line);
+            }
+        }
+
         // Disable raw mode; guard restores it even on `?` early return.
         let _ = crossterm::terminal::disable_raw_mode();
         struct FgRawModeGuard;
@@ -233,10 +293,10 @@ impl ShellDispatcher {
 
         #[cfg(windows)]
         {
-            if Self::binary_on_path("pwsh.exe") {
+            if Self::find_exe("pwsh.exe") {
                 return ShellKind::Pwsh;
             }
-            if Self::binary_on_path("powershell.exe") {
+            if Self::find_exe("powershell.exe") {
                 return ShellKind::WindowsPowerShell;
             }
             return ShellKind::Cmd;
@@ -248,6 +308,19 @@ impl ShellDispatcher {
         }
     }
 
+    /// Check PATH first, then fall back to well-known install directories.
+    fn find_exe(name: &str) -> bool {
+        if Self::binary_on_path(name) {
+            return true;
+        }
+        // Well-known install locations (order by preference).
+        let known_dirs: &[&str] = &[
+            r"C:\Program Files\PowerShell\7",
+            r"C:\Windows\System32\WindowsPowerShell\v1.0",
+        ];
+        known_dirs.iter().any(|dir| std::path::Path::new(dir).join(name).is_file())
+    }
+
     fn binary_on_path(name: &str) -> bool {
         std::env::var_os("PATH")
             .map(|path| {
@@ -260,6 +333,12 @@ impl ShellDispatcher {
     }
 }
 
+// -- Helpers ---------------------------------------------------------------
+
+fn now_iso() -> String {
+    chrono::Utc::now().format("%Y-%m-%dT%H:%M:%S%.3f").to_string()
+}
+
 /// Global dispatcher instance, detected once at startup.
 ///
 /// Any code path that needs to spawn a shell command can use
@@ -388,6 +467,29 @@ mod tests {
         assert!(args.is_empty());
     }
 
+    #[test]
+    fn find_exe_finds_cmd_on_path() {
+        // cmd.exe is always on PATH on Windows.
+        assert!(ShellDispatcher::find_exe("cmd.exe"));
+    }
+
+    #[test]
+    fn find_exe_rejects_nonexistent_binary() {
+        assert!(!ShellDispatcher::find_exe("nonexistent_xyz_12345.exe"));
+    }
+
+    #[test]
+    fn find_exe_falls_back_to_known_dirs() {
+        // Verify the known-dirs fallback path actually exists on this system.
+        let ps_path = r"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe";
+        if std::path::Path::new(ps_path).is_file() {
+            // The fallback directory exists — find_exe should locate it.
+            assert!(ShellDispatcher::find_exe("powershell.exe"));
+        } else {
+            eprintln!("Skipping: {ps_path} not present on this system");
+        }
+    }
+
     #[test]
     fn custom_shell_uses_provided_binary_and_flag() {
         let kind = ShellKind::Custom {
diff --git a/crates/tui/src/tools/shell.rs b/crates/tui/src/tools/shell.rs
index df32d3e8..1975595e 100644
--- a/crates/tui/src/tools/shell.rs
+++ b/crates/tui/src/tools/shell.rs
@@ -731,6 +731,9 @@ impl ShellManager {
         policy_override: Option<ExecutionSandboxPolicy>,
         extra_env: HashMap<String, String>,
     ) -> Result<ShellResult> {
+        // Log execution via ShellDispatcher when SHELL_DISPATCHER_LOG is set.
+        crate::shell_dispatcher::ShellDispatcher::log_exec(command);
+
         let work_dir = working_dir.map_or_else(|| self.default_workspace.clone(), PathBuf::from);
 
         // Clamp timeout to max 10 minutes (600000ms)
@@ -794,6 +797,8 @@ impl ShellManager {
         policy_override: Option<ExecutionSandboxPolicy>,
         extra_env: HashMap<String, String>,
     ) -> Result<ShellResult> {
+        crate::shell_dispatcher::ShellDispatcher::log_exec(command);
+
         let work_dir = working_dir.map_or_else(|| self.default_workspace.clone(), PathBuf::from);
 
         let timeout_ms = timeout_ms.clamp(1000, 600_000);

From 45e7b12583e5653133a6de44eaa4b0341dca9676 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 16:56:30 +0200
Subject: [PATCH 209/283] style(tui): format shell dispatcher stack

---
 crates/tui/src/eval.rs             |  3 ++
 crates/tui/src/main.rs             |  2 +-
 crates/tui/src/sandbox/mod.rs      |  1 -
 crates/tui/src/shell_dispatcher.rs | 49 +++++++++++++++++++-----------
 crates/tui/src/tools/shell.rs      | 14 +++++++--
 crates/tui/tests/eval_harness.rs   |  2 ++
 6 files changed, 49 insertions(+), 22 deletions(-)

diff --git a/crates/tui/src/eval.rs b/crates/tui/src/eval.rs
index cdec123d..d3651613 100644
--- a/crates/tui/src/eval.rs
+++ b/crates/tui/src/eval.rs
@@ -14,12 +14,14 @@ use std::path::{Path, PathBuf};
 use std::time::{Duration, Instant};
 use tempfile::TempDir;
 
+#[cfg(test)]
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 enum EvalShellPlatform {
     Windows,
     Unix,
 }
 
+#[cfg(test)]
 #[derive(Debug, Clone, PartialEq, Eq)]
 struct EvalShellInvocation {
     program: &'static str,
@@ -27,6 +29,7 @@ struct EvalShellInvocation {
     raw_payload_on_windows: bool,
 }
 
+#[cfg(test)]
 fn eval_shell_invocation_for_platform(
     command: &str,
     platform: EvalShellPlatform,
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 36d84c6e..1a8b5600 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -63,9 +63,9 @@ mod schema_migration;
 mod seam_manager;
 #[allow(dead_code)]
 mod session_failure_classifier;
-mod shell_dispatcher;
 mod session_manager;
 mod settings;
+mod shell_dispatcher;
 mod skill_state;
 mod skills;
 mod snapshot;
diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index 6ed82bc6..76af2012 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -868,4 +868,3 @@ mod tests {
         }
     }
 }
-}
diff --git a/crates/tui/src/shell_dispatcher.rs b/crates/tui/src/shell_dispatcher.rs
index bb2c6d6b..95d3d0c4 100644
--- a/crates/tui/src/shell_dispatcher.rs
+++ b/crates/tui/src/shell_dispatcher.rs
@@ -28,6 +28,7 @@ static LOG_MUTEX: Mutex<()> = Mutex::new(());
 // ---------------------------------------------------------------------------
 
 /// The concrete shell that the dispatcher will use.
+#[allow(dead_code)]
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum ShellKind {
     /// PowerShell 7+ (`pwsh.exe`).
@@ -104,6 +105,7 @@ pub struct ShellDispatcher {
     kind: ShellKind,
 }
 
+#[allow(dead_code)]
 impl ShellDispatcher {
     /// Detect the user's shell from the environment.
     ///
@@ -159,13 +161,10 @@ impl ShellDispatcher {
         // `detect()` which calls `log_startup()` which also acquires the mutex.
         let kind = global_dispatcher().kind();
         let _lock = LOG_MUTEX.lock();
-        let line = format!(
-            "[{}] exec via {kind:?}: {command}\n", now_iso()
-        );
+        let line = format!("[{}] exec via {kind:?}: {command}\n", now_iso());
         Self::append_log(path, &line)
     }
 
-
     /// The detected shell kind.
     pub fn kind(&self) -> &ShellKind {
         &self.kind
@@ -233,9 +232,7 @@ impl ShellDispatcher {
             let _lock = LOG_MUTEX.lock();
             if let Ok(path) = std::env::var("SHELL_DISPATCHER_LOG") {
                 let kind = self.kind();
-                let line = format!(
-                    "[{}] exec via {kind:?}: {shell_command}\n", now_iso()
-                );
+                let line = format!("[{}] exec via {kind:?}: {shell_command}\n", now_iso());
                 let _ = Self::append_log(&path, &line);
             }
         }
@@ -318,7 +315,9 @@ impl ShellDispatcher {
             r"C:\Program Files\PowerShell\7",
             r"C:\Windows\System32\WindowsPowerShell\v1.0",
         ];
-        known_dirs.iter().any(|dir| std::path::Path::new(dir).join(name).is_file())
+        known_dirs
+            .iter()
+            .any(|dir| std::path::Path::new(dir).join(name).is_file())
     }
 
     fn binary_on_path(name: &str) -> bool {
@@ -336,7 +335,9 @@ impl ShellDispatcher {
 // -- Helpers ---------------------------------------------------------------
 
 fn now_iso() -> String {
-    chrono::Utc::now().format("%Y-%m-%dT%H:%M:%S%.3f").to_string()
+    chrono::Utc::now()
+        .format("%Y-%m-%dT%H:%M:%S%.3f")
+        .to_string()
 }
 
 /// Global dispatcher instance, detected once at startup.
@@ -384,7 +385,9 @@ mod tests {
 
     #[test]
     fn powershell_build_command_includes_no_profile_and_command_flags() {
-        let dispatcher = ShellDispatcher { kind: ShellKind::Pwsh };
+        let dispatcher = ShellDispatcher {
+            kind: ShellKind::Pwsh,
+        };
         let cmd = dispatcher.build_command("echo hello");
         let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
         assert!(args.contains(&"-NoProfile"));
@@ -394,7 +397,9 @@ mod tests {
 
     #[test]
     fn cmd_build_command_uses_c_flag() {
-        let dispatcher = ShellDispatcher { kind: ShellKind::Cmd };
+        let dispatcher = ShellDispatcher {
+            kind: ShellKind::Cmd,
+        };
         let cmd = dispatcher.build_command("echo hello");
         let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
         assert!(args.contains(&"/C"));
@@ -403,7 +408,9 @@ mod tests {
 
     #[test]
     fn sh_build_command_uses_dash_c() {
-        let dispatcher = ShellDispatcher { kind: ShellKind::Sh };
+        let dispatcher = ShellDispatcher {
+            kind: ShellKind::Sh,
+        };
         let cmd = dispatcher.build_command("echo hello");
         let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
         assert!(args.contains(&"-c"));
@@ -412,7 +419,9 @@ mod tests {
 
     #[test]
     fn build_direct_preserves_args() {
-        let dispatcher = ShellDispatcher { kind: ShellKind::Cmd };
+        let dispatcher = ShellDispatcher {
+            kind: ShellKind::Cmd,
+        };
         let args = vec!["-m".to_string(), "commit message".to_string()];
         let cmd = dispatcher.build_direct("git", &args);
         let cmd_args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
@@ -439,7 +448,9 @@ mod tests {
 
     #[test]
     fn build_command_quotes_spaces_for_cmd() {
-        let dispatcher = ShellDispatcher { kind: ShellKind::Cmd };
+        let dispatcher = ShellDispatcher {
+            kind: ShellKind::Cmd,
+        };
         let cmd = dispatcher.build_command("git commit -m \"msg with spaces\"");
         let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
         assert_eq!(args.len(), 2);
@@ -450,7 +461,9 @@ mod tests {
 
     #[test]
     fn build_command_quotes_spaces_for_pwsh() {
-        let dispatcher = ShellDispatcher { kind: ShellKind::Pwsh };
+        let dispatcher = ShellDispatcher {
+            kind: ShellKind::Pwsh,
+        };
         let cmd = dispatcher.build_command("git commit -m \"msg with spaces\"");
         let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
         assert_eq!(args.len(), 3);
@@ -461,7 +474,9 @@ mod tests {
 
     #[test]
     fn build_direct_handles_empty_args() {
-        let dispatcher = ShellDispatcher { kind: ShellKind::Sh };
+        let dispatcher = ShellDispatcher {
+            kind: ShellKind::Sh,
+        };
         let cmd = dispatcher.build_direct("echo", &[]);
         let args: Vec<&str> = cmd.get_args().map(|a| a.to_str().unwrap()).collect();
         assert!(args.is_empty());
@@ -499,4 +514,4 @@ mod tests {
         assert_eq!(kind.binary(), "/bin/zsh");
         assert_eq!(kind.command_flag(), "-c");
     }
-}
\ No newline at end of file
+}
diff --git a/crates/tui/src/tools/shell.rs b/crates/tui/src/tools/shell.rs
index 1975595e..31f09f1b 100644
--- a/crates/tui/src/tools/shell.rs
+++ b/crates/tui/src/tools/shell.rs
@@ -850,7 +850,11 @@ impl ShellManager {
         // success/failure/timeout (issue #1690).
         let _ = crossterm::terminal::disable_raw_mode();
         struct SyncRawModeGuard;
-        impl Drop for SyncRawModeGuard { fn drop(&mut self) { let _ = crossterm::terminal::enable_raw_mode(); } }
+        impl Drop for SyncRawModeGuard {
+            fn drop(&mut self) {
+                let _ = crossterm::terminal::enable_raw_mode();
+            }
+        }
         let _guard = SyncRawModeGuard;
 
         let mut child = cmd
@@ -990,7 +994,11 @@ impl ShellManager {
         // Disable raw mode before spawn; restore on drop (issue #1690).
         let _ = crossterm::terminal::disable_raw_mode();
         struct InteractiveRawModeGuard;
-        impl Drop for InteractiveRawModeGuard { fn drop(&mut self) { let _ = crossterm::terminal::enable_raw_mode(); } }
+        impl Drop for InteractiveRawModeGuard {
+            fn drop(&mut self) {
+                let _ = crossterm::terminal::enable_raw_mode();
+            }
+        }
         let _guard = InteractiveRawModeGuard;
 
         child_env::apply_to_command(&mut cmd, child_env::string_map_env(&exec_env.env));
@@ -2810,4 +2818,4 @@ impl ToolSpec for NoteTool {
 }
 
 #[cfg(test)]
-mod tests;
\ No newline at end of file
+mod tests;
diff --git a/crates/tui/tests/eval_harness.rs b/crates/tui/tests/eval_harness.rs
index 8fb7485a..00a5d26b 100644
--- a/crates/tui/tests/eval_harness.rs
+++ b/crates/tui/tests/eval_harness.rs
@@ -4,6 +4,8 @@ use std::fs;
 
 #[path = "../src/eval.rs"]
 mod eval;
+#[path = "../src/shell_dispatcher.rs"]
+mod shell_dispatcher;
 
 use eval::{EvalHarness, EvalHarnessConfig, ScenarioStepKind};
 use tempfile::tempdir;

From ab95512c8fdfc670f951a2372e6494653af7fa3f Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 17:09:08 +0200
Subject: [PATCH 210/283] fix(tui): gate Windows shell detection

---
 crates/tui/src/sandbox/mod.rs      |  8 +++--
 crates/tui/src/shell_dispatcher.rs | 49 +++++++++++++++++++-----------
 2 files changed, 37 insertions(+), 20 deletions(-)

diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index 76af2012..54e43085 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -87,13 +87,17 @@ impl CommandSpec {
     /// Create a `CommandSpec` for running a shell command via the platform shell.
     pub fn shell(command: &str, cwd: PathBuf, timeout: Duration) -> Self {
         let dispatcher = crate::shell_dispatcher::global_dispatcher();
-        let kind = dispatcher.kind();
 
         #[cfg(windows)]
         let (program, args) = {
             // Force UTF-8 output. cmd.exe uses chcp; PowerShell sets the
             // console output encoding directly. See issue #982.
-            let cmd = if kind.is_powershell() {
+            let kind = dispatcher.kind();
+            let cmd = if matches!(
+                kind,
+                crate::shell_dispatcher::ShellKind::Pwsh
+                    | crate::shell_dispatcher::ShellKind::WindowsPowerShell
+            ) {
                 format!("[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; {command}")
             } else {
                 format!("chcp 65001 >NUL & {command}")
diff --git a/crates/tui/src/shell_dispatcher.rs b/crates/tui/src/shell_dispatcher.rs
index 95d3d0c4..bb716980 100644
--- a/crates/tui/src/shell_dispatcher.rs
+++ b/crates/tui/src/shell_dispatcher.rs
@@ -87,6 +87,7 @@ impl ShellKind {
         matches!(self, ShellKind::Pwsh | ShellKind::WindowsPowerShell)
     }
 
+    #[cfg(test)]
     /// Returns true when this is a PowerShell-family shell.
     pub fn is_powershell(&self) -> bool {
         matches!(self, ShellKind::Pwsh | ShellKind::WindowsPowerShell)
@@ -210,6 +211,7 @@ impl ShellDispatcher {
     /// Build a `Command` from separate program + args (bypasses the shell).
     /// Used when the caller already has a resolved executable and argument
     /// vector — e.g. `ExecEnv` from the sandbox.
+    #[cfg(test)]
     pub fn build_direct(&self, program: &str, args: &[String]) -> Command {
         let mut cmd = Command::new(program);
         cmd.args(args);
@@ -270,24 +272,6 @@ impl ShellDispatcher {
     // -- Detection --------------------------------------------------------
 
     fn detect_shell() -> ShellKind {
-        // 1. $SHELL environment variable (WSL, Git Bash, MSYS2, or Unix)
-        if let Ok(shell) = std::env::var("SHELL") {
-            let lower = shell.to_lowercase();
-            if lower.contains("bash") {
-                return ShellKind::Bash;
-            }
-            if lower.contains("pwsh") {
-                return ShellKind::Pwsh;
-            }
-            if lower.contains("powershell") {
-                return ShellKind::WindowsPowerShell;
-            }
-            return ShellKind::Custom {
-                binary: shell,
-                flag: "-c".to_string(),
-            };
-        }
-
         #[cfg(windows)]
         {
             if Self::find_exe("pwsh.exe") {
@@ -301,11 +285,30 @@ impl ShellDispatcher {
 
         #[cfg(not(windows))]
         {
+            // 1. $SHELL environment variable (Unix)
+            if let Ok(shell) = std::env::var("SHELL") {
+                let lower = shell.to_lowercase();
+                if lower.contains("bash") {
+                    return ShellKind::Bash;
+                }
+                if lower.contains("pwsh") {
+                    return ShellKind::Pwsh;
+                }
+                if lower.contains("powershell") {
+                    return ShellKind::WindowsPowerShell;
+                }
+                return ShellKind::Custom {
+                    binary: shell,
+                    flag: "-c".to_string(),
+                };
+            }
+
             ShellKind::Sh
         }
     }
 
     /// Check PATH first, then fall back to well-known install directories.
+    #[cfg(windows)]
     fn find_exe(name: &str) -> bool {
         if Self::binary_on_path(name) {
             return true;
@@ -320,6 +323,7 @@ impl ShellDispatcher {
             .any(|dir| std::path::Path::new(dir).join(name).is_file())
     }
 
+    #[cfg(windows)]
     fn binary_on_path(name: &str) -> bool {
         std::env::var_os("PATH")
             .map(|path| {
@@ -417,6 +421,7 @@ mod tests {
         assert!(args.contains(&"echo hello"));
     }
 
+    #[cfg(test)]
     #[test]
     fn build_direct_preserves_args() {
         let dispatcher = ShellDispatcher {
@@ -428,6 +433,7 @@ mod tests {
         assert_eq!(cmd_args, vec!["-m", "commit message"]);
     }
 
+    #[cfg(test)]
     #[test]
     fn powershell_flags_are_correct() {
         assert!(ShellKind::Pwsh.needs_command_flag());
@@ -437,6 +443,7 @@ mod tests {
         assert!(!ShellKind::Bash.needs_command_flag());
     }
 
+    #[cfg(test)]
     #[test]
     fn is_powershell_detects_both_variants() {
         assert!(ShellKind::Pwsh.is_powershell());
@@ -446,6 +453,7 @@ mod tests {
         assert!(!ShellKind::Bash.is_powershell());
     }
 
+    #[cfg(test)]
     #[test]
     fn build_command_quotes_spaces_for_cmd() {
         let dispatcher = ShellDispatcher {
@@ -459,6 +467,7 @@ mod tests {
         assert!(args[1].starts_with("git "));
     }
 
+    #[cfg(test)]
     #[test]
     fn build_command_quotes_spaces_for_pwsh() {
         let dispatcher = ShellDispatcher {
@@ -472,6 +481,7 @@ mod tests {
         assert!(args[2].contains("msg with spaces"));
     }
 
+    #[cfg(test)]
     #[test]
     fn build_direct_handles_empty_args() {
         let dispatcher = ShellDispatcher {
@@ -482,17 +492,20 @@ mod tests {
         assert!(args.is_empty());
     }
 
+    #[cfg(windows)]
     #[test]
     fn find_exe_finds_cmd_on_path() {
         // cmd.exe is always on PATH on Windows.
         assert!(ShellDispatcher::find_exe("cmd.exe"));
     }
 
+    #[cfg(windows)]
     #[test]
     fn find_exe_rejects_nonexistent_binary() {
         assert!(!ShellDispatcher::find_exe("nonexistent_xyz_12345.exe"));
     }
 
+    #[cfg(windows)]
     #[test]
     fn find_exe_falls_back_to_known_dirs() {
         // Verify the known-dirs fallback path actually exists on this system.

From f1afcf316f47cdbeaa45cce52c8941d7485ed2b7 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 17:11:12 +0200
Subject: [PATCH 211/283] fix(tui): restore raw mode conditionally

---
 crates/tui/src/shell_dispatcher.rs | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/crates/tui/src/shell_dispatcher.rs b/crates/tui/src/shell_dispatcher.rs
index bb716980..6fb6d6bf 100644
--- a/crates/tui/src/shell_dispatcher.rs
+++ b/crates/tui/src/shell_dispatcher.rs
@@ -239,15 +239,24 @@ impl ShellDispatcher {
             }
         }
 
-        // Disable raw mode; guard restores it even on `?` early return.
-        let _ = crossterm::terminal::disable_raw_mode();
-        struct FgRawModeGuard;
+        // Disable raw mode; guard restores it only if it was already enabled.
+        let raw_mode_was_enabled = crossterm::terminal::is_raw_mode_enabled().unwrap_or(false);
+        if raw_mode_was_enabled {
+            let _ = crossterm::terminal::disable_raw_mode();
+        }
+        struct FgRawModeGuard {
+            restore: bool,
+        }
         impl Drop for FgRawModeGuard {
             fn drop(&mut self) {
-                let _ = crossterm::terminal::enable_raw_mode();
+                if self.restore {
+                    let _ = crossterm::terminal::enable_raw_mode();
+                }
             }
         }
-        let _guard = FgRawModeGuard;
+        let _guard = FgRawModeGuard {
+            restore: raw_mode_was_enabled,
+        };
 
         let mut cmd = self.build_command(shell_command);
         cmd.current_dir(cwd);

From ec643c5054becb04c06d11b2b6795cc45b5ec221 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 17:24:28 +0200
Subject: [PATCH 212/283] fix(tui): align shell tests with detected shell

---
 crates/tui/src/sandbox/mod.rs       | 95 +++++++++++++++++++----------
 crates/tui/src/tools/shell.rs       | 41 +++++++++----
 crates/tui/src/tools/shell/tests.rs | 71 +++++++++++----------
 3 files changed, 133 insertions(+), 74 deletions(-)

diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index 54e43085..36ac39c0 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -157,7 +157,10 @@ impl CommandSpec {
 
     /// Get the original command as a single string (for display).
     pub fn display_command(&self) -> String {
-        if self.program == "sh" && self.args.len() == 2 && self.args[0] == "-c" {
+        if (self.program == "sh" || self.program == "bash")
+            && self.args.len() == 2
+            && self.args[0] == "-c"
+        {
             // For shell commands, show the actual command
             self.args[1].clone()
         } else if self.program.eq_ignore_ascii_case("cmd")
@@ -170,9 +173,13 @@ impl CommandSpec {
             raw.strip_prefix("chcp 65001 >NUL & ")
                 .unwrap_or(raw)
                 .to_string()
-        } else if (self.program.eq_ignore_ascii_case("pwsh")
-            || self.program.eq_ignore_ascii_case("powershell"))
-            && self.args.len() >= 3
+        } else if {
+            let program = self.program.to_ascii_lowercase();
+            program == "pwsh"
+                || program == "pwsh.exe"
+                || program == "powershell"
+                || program == "powershell.exe"
+        } && self.args.len() >= 3
             && self.args[0].eq_ignore_ascii_case("-NoProfile")
             && self.args[1].eq_ignore_ascii_case("-Command")
         {
@@ -601,26 +608,11 @@ impl SandboxManager {
 mod tests {
     use super::*;
 
-    fn expected_shell_command(command: &str) -> Vec<String> {
-        #[cfg(windows)]
-        {
-            vec![
-                "cmd".to_string(),
-                "/C".to_string(),
-                format!("chcp 65001 >NUL & {command}"),
-            ]
-        }
-        #[cfg(not(windows))]
-        {
-            vec!["sh".to_string(), "-c".to_string(), command.to_string()]
-        }
-    }
-
     #[test]
     fn test_command_spec_shell() {
         let spec = CommandSpec::shell("echo hello", PathBuf::from("/tmp"), Duration::from_secs(30));
 
-        // Program and args depend on the detected shell (pwsh, cmd, sh, …).
+        // Program and args depend on the detected shell.
         assert!(!spec.program.is_empty(), "program must not be empty");
         assert!(!spec.args.is_empty(), "args must not be empty");
         assert_eq!(spec.display_command(), "echo hello");
@@ -636,19 +628,30 @@ mod tests {
         let cmd = r#"git commit -m "feat: complete sub-pages""#;
         let spec = CommandSpec::shell(cmd, PathBuf::from("/tmp"), Duration::from_secs(30));
 
-        #[cfg(windows)]
-        {
-            assert_eq!(spec.program, "cmd");
+        let dispatcher = crate::shell_dispatcher::global_dispatcher();
+        assert_eq!(spec.program, dispatcher.kind().binary());
+        if dispatcher.kind().is_powershell() {
             assert_eq!(
                 spec.args,
-                vec!["/C".to_string(), format!("chcp 65001 >NUL & {cmd}")]
+                vec![
+                    dispatcher.kind().command_flag().to_string(),
+                    "-Command".to_string(),
+                    format!("[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; {cmd}")
+                ]
             );
-        }
-        #[cfg(not(windows))]
-        {
-            assert_eq!(spec.program, "sh");
-            assert_eq!(spec.args, vec!["-c".to_string(), cmd.to_string()]);
-            // The quoted message is intact in a single argv slot — `sh -c`
+        } else {
+            assert_eq!(
+                spec.args,
+                if cfg!(windows) {
+                    vec!["/C".to_string(), format!("chcp 65001 >NUL & {cmd}")]
+                } else {
+                    vec![
+                        dispatcher.kind().command_flag().to_string(),
+                        cmd.to_string(),
+                    ]
+                }
+            );
+            // The quoted message is intact in a single argv slot — shell `-c`
             // performs POSIX tokenization, yielding the correct argv:
             // ["git","commit","-m","feat: complete sub-pages"].
             assert_eq!(spec.args.len(), 2);
@@ -710,9 +713,39 @@ mod tests {
             .with_policy(SandboxPolicy::DangerFullAccess);
 
         let env = manager.prepare(&spec);
+        let dispatcher = crate::shell_dispatcher::global_dispatcher();
 
         assert_eq!(env.sandbox_type, SandboxType::None);
-        assert_eq!(env.command, expected_shell_command("echo test"));
+        if dispatcher.kind().is_powershell() {
+            assert_eq!(
+                env.command,
+                vec![
+                    dispatcher.kind().binary().to_string(),
+                    dispatcher.kind().command_flag().to_string(),
+                    "-Command".to_string(),
+                    "[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; echo test"
+                        .to_string(),
+                ]
+            );
+        } else if cfg!(windows) {
+            assert_eq!(
+                env.command,
+                vec![
+                    dispatcher.kind().binary().to_string(),
+                    "/C".to_string(),
+                    "chcp 65001 >NUL & echo test".to_string(),
+                ]
+            );
+        } else {
+            assert_eq!(
+                env.command,
+                vec![
+                    dispatcher.kind().binary().to_string(),
+                    dispatcher.kind().command_flag().to_string(),
+                    "echo test".to_string(),
+                ]
+            );
+        }
         assert!(!env.is_sandboxed());
     }
 
diff --git a/crates/tui/src/tools/shell.rs b/crates/tui/src/tools/shell.rs
index 31f09f1b..2cfae192 100644
--- a/crates/tui/src/tools/shell.rs
+++ b/crates/tui/src/tools/shell.rs
@@ -846,16 +846,25 @@ impl ShellManager {
 
         child_env::apply_to_command(&mut cmd, child_env::string_map_env(&exec_env.env));
 
-        // Disable raw mode before spawn; restore on drop regardless of
-        // success/failure/timeout (issue #1690).
-        let _ = crossterm::terminal::disable_raw_mode();
-        struct SyncRawModeGuard;
+        // Disable raw mode before spawn; restore only if raw mode was active
+        // on entry (issue #1690).
+        let raw_mode_was_enabled = crossterm::terminal::is_raw_mode_enabled().unwrap_or(false);
+        if raw_mode_was_enabled {
+            let _ = crossterm::terminal::disable_raw_mode();
+        }
+        struct SyncRawModeGuard {
+            restore: bool,
+        }
         impl Drop for SyncRawModeGuard {
             fn drop(&mut self) {
-                let _ = crossterm::terminal::enable_raw_mode();
+                if self.restore {
+                    let _ = crossterm::terminal::enable_raw_mode();
+                }
             }
         }
-        let _guard = SyncRawModeGuard;
+        let _guard = SyncRawModeGuard {
+            restore: raw_mode_was_enabled,
+        };
 
         let mut child = cmd
             .spawn()
@@ -991,15 +1000,25 @@ impl ShellManager {
         }
         install_parent_death_signal(&mut cmd);
 
-        // Disable raw mode before spawn; restore on drop (issue #1690).
-        let _ = crossterm::terminal::disable_raw_mode();
-        struct InteractiveRawModeGuard;
+        // Disable raw mode before spawn; restore only if raw mode was active
+        // on entry (issue #1690).
+        let raw_mode_was_enabled = crossterm::terminal::is_raw_mode_enabled().unwrap_or(false);
+        if raw_mode_was_enabled {
+            let _ = crossterm::terminal::disable_raw_mode();
+        }
+        struct InteractiveRawModeGuard {
+            restore: bool,
+        }
         impl Drop for InteractiveRawModeGuard {
             fn drop(&mut self) {
-                let _ = crossterm::terminal::enable_raw_mode();
+                if self.restore {
+                    let _ = crossterm::terminal::enable_raw_mode();
+                }
             }
         }
-        let _guard = InteractiveRawModeGuard;
+        let _guard = InteractiveRawModeGuard {
+            restore: raw_mode_was_enabled,
+        };
 
         child_env::apply_to_command(&mut cmd, child_env::string_map_env(&exec_env.env));
 
diff --git a/crates/tui/src/tools/shell/tests.rs b/crates/tui/src/tools/shell/tests.rs
index 477c785f..e43cf1db 100644
--- a/crates/tui/src/tools/shell/tests.rs
+++ b/crates/tui/src/tools/shell/tests.rs
@@ -910,41 +910,48 @@ fn issue_1691_quoted_commit_message_round_trips() {
         Duration::from_secs(5),
     );
 
-    #[cfg(not(windows))]
-    {
-        // `sh -c <cmd>`: the whole command (with quotes) is a single argv
-        // entry. `sh` then POSIX-tokenizes it → correct git argv. We never
-        // split the command string ourselves.
-        assert_eq!(spec.program, "sh");
-        assert_eq!(spec.args, ["-c".to_string(), cmd.to_string()]);
-        assert_eq!(spec.args.len(), 2);
-
-        // push_shell_args is a faithful pass-through on Unix.
-        let mut built = Command::new(&spec.program);
-        push_shell_args(&mut built, &spec.program, &spec.args);
-        let got: Vec<String> = built
-            .get_args()
-            .map(|a| a.to_string_lossy().into_owned())
-            .collect();
-        assert_eq!(got, ["-c".to_string(), cmd.to_string()]);
-    }
-
-    #[cfg(windows)]
-    {
-        // `cmd /C <payload>`: payload carries the quotes verbatim. The fix
-        // routes /C + payload through `raw_arg` so `cmd.exe` (not MSVCRT)
-        // parses it, matching what a terminal does.
-        assert_eq!(spec.program, "cmd");
+    let dispatcher = crate::shell_dispatcher::global_dispatcher();
+    // The whole command (with quotes) is a single argv entry. The actual
+    // shell binary can vary by platform, but the payload itself must stay
+    // intact in one shell arg. We never split the command string ourselves.
+    assert_eq!(spec.program, dispatcher.kind().binary());
+    if dispatcher.kind().is_powershell() {
+        assert_eq!(
+            spec.args,
+            [
+                dispatcher.kind().command_flag().to_string(),
+                "-Command".to_string(),
+                format!("[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; {cmd}")
+            ]
+        );
+    } else if cfg!(windows) {
         assert_eq!(
             spec.args,
             ["/C".to_string(), format!("chcp 65001 >NUL & {cmd}")]
         );
-        let mut built = Command::new(&spec.program);
-        push_shell_args(&mut built, &spec.program, &spec.args);
-        let got: Vec<String> = built
-            .get_args()
-            .map(|a| a.to_string_lossy().into_owned())
-            .collect();
-        assert_eq!(got, spec.args);
+    } else {
+        assert_eq!(
+            spec.args,
+            [
+                dispatcher.kind().command_flag().to_string(),
+                cmd.to_string()
+            ]
+        );
     }
+    assert_eq!(
+        spec.args.len(),
+        if dispatcher.kind().is_powershell() {
+            3
+        } else {
+            2
+        }
+    );
+
+    let mut built = Command::new(&spec.program);
+    push_shell_args(&mut built, &spec.program, &spec.args);
+    let got: Vec<String> = built
+        .get_args()
+        .map(|a| a.to_string_lossy().into_owned())
+        .collect();
+    assert_eq!(got, spec.args);
 }

From 0ca7d3cc9f7a0886640844aca7355f78c5e2f549 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 17:37:49 +0200
Subject: [PATCH 213/283] test(tui): make shell helpers match detected shell

---
 crates/tui/src/tools/shell/tests.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/crates/tui/src/tools/shell/tests.rs b/crates/tui/src/tools/shell/tests.rs
index e43cf1db..b73cb602 100644
--- a/crates/tui/src/tools/shell/tests.rs
+++ b/crates/tui/src/tools/shell/tests.rs
@@ -21,6 +21,10 @@ fn echo_command(message: &str) -> String {
 }
 
 fn sleep_command(seconds: u64) -> String {
+    let dispatcher = crate::shell_dispatcher::global_dispatcher();
+    if dispatcher.kind().is_powershell() {
+        return format!("Start-Sleep -Seconds {seconds}");
+    }
     #[cfg(windows)]
     {
         let ping_count = seconds.saturating_add(1);
@@ -33,6 +37,10 @@ fn sleep_command(seconds: u64) -> String {
 }
 
 fn sleep_then_echo_command(seconds: u64, message: &str) -> String {
+    let dispatcher = crate::shell_dispatcher::global_dispatcher();
+    if dispatcher.kind().is_powershell() {
+        return format!("Start-Sleep -Seconds {seconds}; echo {message}");
+    }
     #[cfg(windows)]
     {
         let ping_count = seconds.saturating_add(1);
@@ -45,6 +53,10 @@ fn sleep_then_echo_command(seconds: u64, message: &str) -> String {
 }
 
 fn echo_stdin_command() -> String {
+    let dispatcher = crate::shell_dispatcher::global_dispatcher();
+    if dispatcher.kind().is_powershell() {
+        return "[Console]::In.ReadToEnd()".to_string();
+    }
     #[cfg(windows)]
     {
         "more".to_string()

From 4fb6a2268abf308f11dc90133abed53d40b69534 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 17:41:53 +0200
Subject: [PATCH 214/283] fix(tui): tighten shell review followups

---
 crates/tui/src/sandbox/mod.rs      | 31 ++++++++++++++++++++++++++++--
 crates/tui/src/shell_dispatcher.rs | 14 ++++++++++++++
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index 36ac39c0..9c4d2b52 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -157,12 +157,24 @@ impl CommandSpec {
 
     /// Get the original command as a single string (for display).
     pub fn display_command(&self) -> String {
-        if (self.program == "sh" || self.program == "bash")
-            && self.args.len() == 2
+        if self.args.len() == 2
             && self.args[0] == "-c"
+            && matches!(
+                self.program.as_str(),
+                "sh" | "bash" | "/bin/sh" | "/bin/bash" | "/usr/bin/sh" | "/usr/bin/bash"
+            )
         {
             // For shell commands, show the actual command
             self.args[1].clone()
+        } else if self.args.len() == 2
+            && self.args[0] == "-c"
+            && !self.program.eq_ignore_ascii_case("cmd")
+            && !self.program.eq_ignore_ascii_case("pwsh")
+            && !self.program.eq_ignore_ascii_case("pwsh.exe")
+            && !self.program.eq_ignore_ascii_case("powershell")
+            && !self.program.eq_ignore_ascii_case("powershell.exe")
+        {
+            self.args[1].clone()
         } else if self.program.eq_ignore_ascii_case("cmd")
             && self.args.len() == 2
             && self.args[0].eq_ignore_ascii_case("/C")
@@ -618,6 +630,21 @@ mod tests {
         assert_eq!(spec.display_command(), "echo hello");
     }
 
+    #[test]
+    fn test_command_spec_shell_custom_posix_path_display() {
+        let spec = CommandSpec {
+            program: "/bin/zsh".to_string(),
+            args: vec!["-c".to_string(), "echo hello".to_string()],
+            cwd: PathBuf::from("/tmp"),
+            env: HashMap::new(),
+            timeout: Duration::from_secs(30),
+            sandbox_policy: SandboxPolicy::default(),
+            justification: None,
+        };
+
+        assert_eq!(spec.display_command(), "echo hello");
+    }
+
     #[test]
     fn test_command_spec_shell_quoted_arg_not_split() {
         // Regression for #1691: a `-m` message containing spaces must remain a
diff --git a/crates/tui/src/shell_dispatcher.rs b/crates/tui/src/shell_dispatcher.rs
index 6fb6d6bf..72c81c39 100644
--- a/crates/tui/src/shell_dispatcher.rs
+++ b/crates/tui/src/shell_dispatcher.rs
@@ -283,6 +283,20 @@ impl ShellDispatcher {
     fn detect_shell() -> ShellKind {
         #[cfg(windows)]
         {
+            // 1. $env:SHELL — WSL interop or Git Bash often set this.
+            if let Ok(shell) = std::env::var("SHELL") {
+                let lower = shell.to_lowercase();
+                if lower.contains("bash") {
+                    return ShellKind::Bash;
+                }
+                if lower.contains("pwsh") {
+                    return ShellKind::Pwsh;
+                }
+                if lower.contains("powershell") {
+                    return ShellKind::WindowsPowerShell;
+                }
+            }
+
             if Self::find_exe("pwsh.exe") {
                 return ShellKind::Pwsh;
             }

From 8104c4789ffdb2123754f754f12a44ab68704d9c Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 17:52:52 +0200
Subject: [PATCH 215/283] fix(tui): handle bash on windows separately

---
 crates/tui/src/sandbox/mod.rs       | 26 +++++++++++++-------------
 crates/tui/src/tools/shell/tests.rs |  2 +-
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/crates/tui/src/sandbox/mod.rs b/crates/tui/src/sandbox/mod.rs
index 9c4d2b52..22864c60 100644
--- a/crates/tui/src/sandbox/mod.rs
+++ b/crates/tui/src/sandbox/mod.rs
@@ -99,8 +99,10 @@ impl CommandSpec {
                     | crate::shell_dispatcher::ShellKind::WindowsPowerShell
             ) {
                 format!("[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; {command}")
-            } else {
+            } else if matches!(kind, crate::shell_dispatcher::ShellKind::Cmd) {
                 format!("chcp 65001 >NUL & {command}")
+            } else {
+                command.to_string()
             };
             dispatcher.build_command_parts(&cmd)
         };
@@ -667,17 +669,15 @@ mod tests {
                 ]
             );
         } else {
-            assert_eq!(
-                spec.args,
-                if cfg!(windows) {
-                    vec!["/C".to_string(), format!("chcp 65001 >NUL & {cmd}")]
-                } else {
-                    vec![
-                        dispatcher.kind().command_flag().to_string(),
-                        cmd.to_string(),
-                    ]
-                }
-            );
+            let expected = if matches!(dispatcher.kind(), crate::shell_dispatcher::ShellKind::Cmd) {
+                vec!["/C".to_string(), format!("chcp 65001 >NUL & {cmd}")]
+            } else {
+                vec![
+                    dispatcher.kind().command_flag().to_string(),
+                    cmd.to_string(),
+                ]
+            };
+            assert_eq!(spec.args, expected);
             // The quoted message is intact in a single argv slot — shell `-c`
             // performs POSIX tokenization, yielding the correct argv:
             // ["git","commit","-m","feat: complete sub-pages"].
@@ -754,7 +754,7 @@ mod tests {
                         .to_string(),
                 ]
             );
-        } else if cfg!(windows) {
+        } else if matches!(dispatcher.kind(), crate::shell_dispatcher::ShellKind::Cmd) {
             assert_eq!(
                 env.command,
                 vec![
diff --git a/crates/tui/src/tools/shell/tests.rs b/crates/tui/src/tools/shell/tests.rs
index b73cb602..7bcd643c 100644
--- a/crates/tui/src/tools/shell/tests.rs
+++ b/crates/tui/src/tools/shell/tests.rs
@@ -936,7 +936,7 @@ fn issue_1691_quoted_commit_message_round_trips() {
                 format!("[Console]::OutputEncoding = [System.Text.Encoding]::UTF8; {cmd}")
             ]
         );
-    } else if cfg!(windows) {
+    } else if matches!(dispatcher.kind(), crate::shell_dispatcher::ShellKind::Cmd) {
         assert_eq!(
             spec.args,
             ["/C".to_string(), format!("chcp 65001 >NUL & {cmd}")]

From e3899091e5a437b697a984f66cd113c73dd78596 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Wed, 27 May 2026 18:18:19 +0200
Subject: [PATCH 216/283] fix(tui): use raw args for cmd payloads

---
 crates/tui/src/shell_dispatcher.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/crates/tui/src/shell_dispatcher.rs b/crates/tui/src/shell_dispatcher.rs
index 72c81c39..b4af5220 100644
--- a/crates/tui/src/shell_dispatcher.rs
+++ b/crates/tui/src/shell_dispatcher.rs
@@ -17,6 +17,8 @@
 
 use std::fs::OpenOptions;
 use std::io::Write;
+#[cfg(windows)]
+use std::os::windows::process::CommandExt;
 use std::path::Path;
 use std::process::Command;
 use std::sync::Mutex;
@@ -181,6 +183,16 @@ impl ShellDispatcher {
             cmd.arg(self.kind.command_flag());
             cmd.arg("-Command");
             cmd.arg(shell_command);
+        } else if matches!(self.kind, ShellKind::Cmd) {
+            cmd.arg(self.kind.command_flag());
+            #[cfg(windows)]
+            {
+                cmd.raw_arg(shell_command);
+            }
+            #[cfg(not(windows))]
+            {
+                cmd.arg(shell_command);
+            }
         } else {
             cmd.arg(self.kind.command_flag());
             cmd.arg(shell_command);

From 95e13155a5d90245ad85fc52a1326929a86ded40 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 06:31:25 -0500
Subject: [PATCH 217/283] fix(tui): retry composer history atomic writes

---
 crates/tui/src/composer_history.rs | 36 +++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/composer_history.rs b/crates/tui/src/composer_history.rs
index 12741f30..92e99328 100644
--- a/crates/tui/src/composer_history.rs
+++ b/crates/tui/src/composer_history.rs
@@ -217,7 +217,7 @@ fn append_history_entries_to<'a>(
     }
 
     let payload = entries.join("\n") + "\n";
-    if let Err(err) = crate::utils::write_atomic(path, payload.as_bytes()) {
+    if let Err(err) = write_history_atomic(path, payload.as_bytes()) {
         tracing::warn!(
             "Failed to persist composer history at {}: {err}",
             path.display()
@@ -225,6 +225,40 @@ fn append_history_entries_to<'a>(
     }
 }
 
+fn write_history_atomic(path: &Path, payload: &[u8]) -> std::io::Result<()> {
+    const RETRY_DELAYS: &[Duration] = &[
+        Duration::from_millis(5),
+        Duration::from_millis(10),
+        Duration::from_millis(25),
+        Duration::from_millis(50),
+        Duration::from_millis(100),
+        Duration::from_millis(200),
+        Duration::from_millis(400),
+    ];
+
+    for (attempt, delay) in RETRY_DELAYS
+        .iter()
+        .map(Some)
+        .chain(std::iter::once(None))
+        .enumerate()
+    {
+        match crate::utils::write_atomic(path, payload) {
+            Ok(()) => return Ok(()),
+            Err(err) if delay.is_some() => {
+                tracing::debug!(
+                    "Retrying composer history write to {} after attempt {} failed: {err}",
+                    path.display(),
+                    attempt + 1
+                );
+                std::thread::sleep(*delay.expect("delay checked"));
+            }
+            Err(err) => return Err(err),
+        }
+    }
+
+    unreachable!("retry iterator always ends with a final write attempt")
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

From 0ea84dce7d233960cb3e271206b2c6d6519ed2b5 Mon Sep 17 00:00:00 2001
From: liushiao <liushiao@bytedance.com>
Date: Wed, 20 May 2026 16:39:25 +0800
Subject: [PATCH 218/283] feat(tui): add "Terminal" theme that fully inherits
 the host terminal's colors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a new selectable theme `terminal` (alongside System / Whale / Whale
Light / Grayscale / Catppuccin / Tokyo Night / Dracula / Gruvbox) that
paints every surface with `Color::Reset` instead of any RGB so the
host terminal's own background, foreground, and palette show through.

The existing `system` theme only chose between two RGB themes (Whale dark
or Whale Light) based on COLORFGBG / macOS appearance — useful, but it
still painted brand-colored RGB surfaces. Users with custom terminal
themes (Solarized, Nord, transparent backgrounds, custom Ghostty/iTerm
schemes) had no way to make the TUI respect their terminal palette.

Implementation:
- New `TERMINAL_UI_THEME` const where every `*_bg` and most text slots
  are `Color::Reset`, and accents (mode_agent/yolo/plan, status_working,
  status_warning) use ANSI named colors so they also inherit the user's
  terminal palette rather than DeepSeek brand RGB.
- `ThemeId::Terminal` plumbed through `from_name` / `name` /
  `display_name` / `tagline` / `ui_theme` / `SELECTABLE_THEMES`, and
  registered in `normalize_theme_name` with aliases `term`,
  `transparent`, `follow-terminal`, `inherit` so existing
  user-friendly config strings just work.
- `theme_remap_active(Terminal) → true` so the existing per-cell remap
  in `ColorCompatBackend` rewrites every hard-coded palette constant
  (`DEEPSEEK_INK`, `DEEPSEEK_SLATE`, `BORDER_COLOR`, `TEXT_BODY`, …) to
  `Color::Reset`. Without this, the many render sites that reach for
  the named palette constants directly would still paint brand RGB.
- `theme_green` / `theme_red` return `Color::Green` / `Color::Red`
  for Terminal so diff "+"/"−" stay green/red but follow the user's
  terminal palette.
- `theme_diff_added_bg` / `theme_diff_deleted_bg` return `Color::Reset`
  for Terminal — diff highlight is conveyed by foreground color only.
- The new theme is the second entry in `SELECTABLE_THEMES` (right after
  System) so it surfaces prominently in the `/theme` picker.

theme_picker tests: the new theme is inserted in row 2 of
`SELECTABLE_THEMES`, which shifts the indices three existing tests
relied on — `arrow_down_previews_next_theme`,
`enter_commits_with_persist_true`, and `digit_jumps_to_row` — so those
expectations are updated to match the new ordering. No production
behavior change in those tests, just index arithmetic.

Default (`theme = "system"`) is unchanged; existing users see no
difference. Users who want full terminal pass-through opt in via
`/theme` or `theme = "terminal"` in settings.toml.
---
 crates/tui/src/palette.rs          | 49 +++++++++++++++++++++++++++++-
 crates/tui/src/tui/theme_picker.rs |  7 +++--
 2 files changed, 52 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/palette.rs b/crates/tui/src/palette.rs
index b3a5a367..7de9d730 100644
--- a/crates/tui/src/palette.rs
+++ b/crates/tui/src/palette.rs
@@ -825,6 +825,39 @@ pub const DRACULA_UI_THEME: UiTheme = UiTheme {
     tool_failed: Color::Rgb(0xff, 0x55, 0x55),  // red
 };
 
+/// "Terminal" theme: lets the host terminal's color scheme show through
+/// instead of painting any RGB surface. Backgrounds use `Color::Reset`
+/// (the terminal's own default bg) and most text uses `Color::Reset`
+/// (terminal's own default fg). Accents are ANSI named colors so they
+/// also inherit the user's terminal palette (Solarized, Nord, custom
+/// schemes, etc.) rather than DeepSeek brand RGB.
+pub const TERMINAL_UI_THEME: UiTheme = UiTheme {
+    name: "terminal",
+    // Mode is reported as Dark to avoid the dark→light cell remap kicking
+    // in; the terminal-theme cell remap already normalizes everything to
+    // `Color::Reset`, and we never want a second pass overwriting that.
+    mode: PaletteMode::Dark,
+    surface_bg: Color::Reset,
+    panel_bg: Color::Reset,
+    elevated_bg: Color::Reset,
+    composer_bg: Color::Reset,
+    selection_bg: Color::Reset,
+    header_bg: Color::Reset,
+    footer_bg: Color::Reset,
+    mode_agent: Color::Blue,
+    mode_yolo: Color::Red,
+    mode_plan: Color::Yellow,
+    status_ready: Color::Reset,
+    status_working: Color::Cyan,
+    status_warning: Color::Yellow,
+    text_dim: Color::Reset,
+    text_hint: Color::Reset,
+    text_muted: Color::Reset,
+    text_body: Color::Reset,
+    text_soft: Color::Reset,
+    border: Color::Reset,
+};
+
 pub const GRUVBOX_DARK_UI_THEME: UiTheme = UiTheme {
     name: "gruvbox-dark",
     mode: PaletteMode::Dark,
@@ -874,6 +907,7 @@ pub const GRUVBOX_DARK_UI_THEME: UiTheme = UiTheme {
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum ThemeId {
     System,
+    Terminal,
     Whale,
     WhaleLight,
     Grayscale,
@@ -891,6 +925,7 @@ impl ThemeId {
     pub fn from_name(value: &str) -> Option<Self> {
         match normalize_theme_name(value)? {
             "system" => Some(Self::System),
+            "terminal" => Some(Self::Terminal),
             "dark" => Some(Self::Whale),
             "light" => Some(Self::WhaleLight),
             "grayscale" => Some(Self::Grayscale),
@@ -908,6 +943,7 @@ impl ThemeId {
     pub const fn name(self) -> &'static str {
         match self {
             Self::System => "system",
+            Self::Terminal => "terminal",
             Self::Whale => "dark",
             Self::WhaleLight => "light",
             Self::Grayscale => "grayscale",
@@ -923,6 +959,7 @@ impl ThemeId {
     pub const fn display_name(self) -> &'static str {
         match self {
             Self::System => "System",
+            Self::Terminal => "Terminal",
             Self::Whale => "Whale (Dark)",
             Self::WhaleLight => "Whale Light",
             Self::Grayscale => "Grayscale",
@@ -938,6 +975,9 @@ impl ThemeId {
     pub const fn tagline(self) -> &'static str {
         match self {
             Self::System => "Follow terminal background (COLORFGBG / macOS appearance)",
+            Self::Terminal => {
+                "Inherit terminal colors fully (transparent surfaces, ANSI accents)"
+            }
             Self::Whale => "Whale dark — deep navy & gold",
             Self::WhaleLight => "DeepSeek light, paper-ish",
             Self::Grayscale => "Color-minimal high contrast",
@@ -956,6 +996,7 @@ impl ThemeId {
     pub fn ui_theme(self) -> UiTheme {
         match self {
             Self::System => UiTheme::detect(),
+            Self::Terminal => TERMINAL_UI_THEME,
             Self::Whale => UI_THEME,
             Self::WhaleLight => LIGHT_UI_THEME,
             Self::Grayscale => GRAYSCALE_UI_THEME,
@@ -970,6 +1011,7 @@ impl ThemeId {
 /// Themes shown in the `/theme` picker, in display order.
 pub const SELECTABLE_THEMES: &[ThemeId] = &[
     ThemeId::System,
+    ThemeId::Terminal,
     ThemeId::Whale,
     ThemeId::WhaleLight,
     ThemeId::Grayscale,
@@ -1012,6 +1054,7 @@ impl UiTheme {
 pub fn normalize_theme_name(value: &str) -> Option<&'static str> {
     match value.trim().to_ascii_lowercase().as_str() {
         "" | "auto" | "system" | "default" => Some("system"),
+        "terminal" | "term" | "transparent" | "follow-terminal" | "inherit" => Some("terminal"),
         "dark" | "whale" | "whale-dark" => Some("dark"),
         "light" | "whale-light" => Some("light"),
         "grayscale" | "greyscale" | "gray" | "grey" | "mono" | "monochrome" | "black-white"
@@ -1189,7 +1232,11 @@ const fn theme_diff_deleted_bg(ui: &UiTheme) -> Color {
 pub const fn theme_remap_active(theme: ThemeId) -> bool {
     matches!(
         theme,
-        ThemeId::CatppuccinMocha | ThemeId::TokyoNight | ThemeId::Dracula | ThemeId::GruvboxDark
+        ThemeId::Terminal
+            | ThemeId::CatppuccinMocha
+            | ThemeId::TokyoNight
+            | ThemeId::Dracula
+            | ThemeId::GruvboxDark
     )
 }
 
diff --git a/crates/tui/src/tui/theme_picker.rs b/crates/tui/src/tui/theme_picker.rs
index 85da1d41..fca7254a 100644
--- a/crates/tui/src/tui/theme_picker.rs
+++ b/crates/tui/src/tui/theme_picker.rs
@@ -317,7 +317,7 @@ mod tests {
         let mut v = ThemePickerView::new("system".to_string());
         let action = v.handle_key(key(KeyCode::Down));
         assert!(matches!(action, ViewAction::Emit(_)));
-        assert_eq!(selected_name(&action), Some(ThemeId::Whale.name()));
+        assert_eq!(selected_name(&action), Some(ThemeId::Terminal.name()));
     }
 
     #[test]
@@ -337,6 +337,7 @@ mod tests {
         v.handle_key(key(KeyCode::Down));
         v.handle_key(key(KeyCode::Down));
         v.handle_key(key(KeyCode::Down));
+        v.handle_key(key(KeyCode::Down));
         v.handle_key(key(KeyCode::Down)); // -> CatppuccinMocha
         let action = v.handle_key(key(KeyCode::Enter));
         match action {
@@ -376,8 +377,8 @@ mod tests {
     #[test]
     fn digit_jumps_to_row() {
         let mut v = ThemePickerView::new("system".to_string());
-        let action = v.handle_key(key(KeyCode::Char('5')));
-        // Row 5 (1-indexed) -> index 4 -> CatppuccinMocha
+        let action = v.handle_key(key(KeyCode::Char('6')));
+        // Row 6 (1-indexed) -> index 5 -> CatppuccinMocha
         assert_eq!(
             selected_name(&action),
             Some(ThemeId::CatppuccinMocha.name())

From b370d6f61870d26679560171b126ec81ec5ea8a8 Mon Sep 17 00:00:00 2001
From: liushiao <liushiao@bytedance.com>
Date: Wed, 20 May 2026 17:10:47 +0800
Subject: [PATCH 219/283] refactor(tui): use Magenta + DarkGray for Terminal
 theme accents

Adopt Gemini code-assist review on PR #1831:

- mode_plan: Yellow -> Magenta. Plan chip now contrasts with
  status_warning (still Yellow) so the two never visually collide
  in the status row.
- status_ready: Reset -> DarkGray. Ready chip now reads as a
  distinct subdued accent instead of blending into body text
  (which also resolves to Reset on this theme).

No surface change otherwise -- backgrounds and body text still use
Color::Reset to inherit the host terminal's color scheme.
---
 crates/tui/src/palette.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/palette.rs b/crates/tui/src/palette.rs
index 7de9d730..d0d8e93b 100644
--- a/crates/tui/src/palette.rs
+++ b/crates/tui/src/palette.rs
@@ -846,8 +846,13 @@ pub const TERMINAL_UI_THEME: UiTheme = UiTheme {
     footer_bg: Color::Reset,
     mode_agent: Color::Blue,
     mode_yolo: Color::Red,
-    mode_plan: Color::Yellow,
-    status_ready: Color::Reset,
+    // Magenta keeps Plan visually distinct from `status_warning` (yellow)
+    // so the mode indicator and warning chip don't collide on themes that
+    // render both in the status row.
+    mode_plan: Color::Magenta,
+    // DarkGray gives "Ready" a low-contrast but still distinguishable hue
+    // versus default body text (which is `Color::Reset` on this theme).
+    status_ready: Color::DarkGray,
     status_working: Color::Cyan,
     status_warning: Color::Yellow,
     text_dim: Color::Reset,

From 78f8e11952d587b91cc8d53d2af6b2c49baa1881 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 06:06:22 -0500
Subject: [PATCH 220/283] test(tui): cover terminal theme palette remap

---
 crates/tui/src/palette.rs | 89 +++++++++++++++++++++++++++++----------
 1 file changed, 67 insertions(+), 22 deletions(-)

diff --git a/crates/tui/src/palette.rs b/crates/tui/src/palette.rs
index d0d8e93b..fb1c66e8 100644
--- a/crates/tui/src/palette.rs
+++ b/crates/tui/src/palette.rs
@@ -844,23 +844,42 @@ pub const TERMINAL_UI_THEME: UiTheme = UiTheme {
     selection_bg: Color::Reset,
     header_bg: Color::Reset,
     footer_bg: Color::Reset,
-    mode_agent: Color::Blue,
-    mode_yolo: Color::Red,
-    // Magenta keeps Plan visually distinct from `status_warning` (yellow)
-    // so the mode indicator and warning chip don't collide on themes that
-    // render both in the status row.
-    mode_plan: Color::Magenta,
-    // DarkGray gives "Ready" a low-contrast but still distinguishable hue
-    // versus default body text (which is `Color::Reset` on this theme).
-    status_ready: Color::DarkGray,
-    status_working: Color::Cyan,
-    status_warning: Color::Yellow,
     text_dim: Color::Reset,
     text_hint: Color::Reset,
     text_muted: Color::Reset,
     text_body: Color::Reset,
     text_soft: Color::Reset,
     border: Color::Reset,
+    accent_primary: Color::Blue,
+    accent_secondary: Color::Cyan,
+    accent_action: Color::Yellow,
+    error_fg: Color::Red,
+    error_hover: Color::Red,
+    error_surface: Color::Reset,
+    error_border: Color::Red,
+    error_text: Color::Red,
+    warning: Color::Yellow,
+    success: Color::Green,
+    info: Color::Cyan,
+    mode_agent: Color::Blue,
+    mode_yolo: Color::Red,
+    // Magenta keeps Plan visually distinct from `status_warning` (yellow)
+    // so the mode indicator and warning chip don't collide on themes that
+    // render both in the status row.
+    mode_plan: Color::Magenta,
+    mode_goal: Color::Green,
+    // DarkGray gives "Ready" a low-contrast but still distinguishable hue
+    // versus default body text (which is `Color::Reset` on this theme).
+    status_ready: Color::DarkGray,
+    status_working: Color::Cyan,
+    status_warning: Color::Yellow,
+    diff_added_fg: Color::Green,
+    diff_deleted_fg: Color::Red,
+    diff_added_bg: Color::Reset,
+    diff_deleted_bg: Color::Reset,
+    tool_running: Color::Cyan,
+    tool_success: Color::Green,
+    tool_failed: Color::Red,
 };
 
 pub const GRUVBOX_DARK_UI_THEME: UiTheme = UiTheme {
@@ -980,9 +999,7 @@ impl ThemeId {
     pub const fn tagline(self) -> &'static str {
         match self {
             Self::System => "Follow terminal background (COLORFGBG / macOS appearance)",
-            Self::Terminal => {
-                "Inherit terminal colors fully (transparent surfaces, ANSI accents)"
-            }
+            Self::Terminal => "Inherit terminal colors fully (transparent surfaces, ANSI accents)",
             Self::Whale => "Whale dark — deep navy & gold",
             Self::WhaleLight => "DeepSeek light, paper-ish",
             Self::Grayscale => "Color-minimal high contrast",
@@ -1729,14 +1746,15 @@ fn rgb_to_ansi256(r: u8, g: u8, b: u8) -> u8 {
 mod tests {
     use super::{
         ACCENT_REASONING_LIVE, ColorDepth, DEEPSEEK_INK, DEEPSEEK_RED, DEEPSEEK_SKY,
-        DEEPSEEK_SLATE, GRAYSCALE_BORDER, GRAYSCALE_ELEVATED, GRAYSCALE_PANEL, GRAYSCALE_REASONING,
-        GRAYSCALE_SURFACE, GRAYSCALE_TEXT_BODY, GRAYSCALE_TEXT_HINT, GRAYSCALE_TEXT_SOFT,
-        GRAYSCALE_UI_THEME, LIGHT_BORDER, LIGHT_ELEVATED, LIGHT_PANEL, LIGHT_REASONING,
-        LIGHT_SURFACE, LIGHT_TEXT_BODY, LIGHT_TEXT_HINT, LIGHT_UI_THEME, PaletteMode,
-        SURFACE_REASONING, SURFACE_REASONING_TINT, TEXT_BODY, TEXT_HINT, TEXT_REASONING,
-        TEXT_TOOL_OUTPUT, UI_THEME, WHALE_REASONING_TEXT_RGB, WHALE_REASONING_TINT_RGB,
-        WHALE_TEXT_BODY_RGB, adapt_bg, adapt_bg_for_palette_mode, adapt_color,
-        adapt_fg_for_palette_mode, blend, luma, nearest_ansi16, normalize_hex_rgb_color,
+        DEEPSEEK_SLATE, DIFF_ADDED, DIFF_ADDED_BG, GRAYSCALE_BORDER, GRAYSCALE_ELEVATED,
+        GRAYSCALE_PANEL, GRAYSCALE_REASONING, GRAYSCALE_SURFACE, GRAYSCALE_TEXT_BODY,
+        GRAYSCALE_TEXT_HINT, GRAYSCALE_TEXT_SOFT, GRAYSCALE_UI_THEME, LIGHT_BORDER, LIGHT_ELEVATED,
+        LIGHT_PANEL, LIGHT_REASONING, LIGHT_SURFACE, LIGHT_TEXT_BODY, LIGHT_TEXT_HINT,
+        LIGHT_UI_THEME, PaletteMode, SURFACE_REASONING, SURFACE_REASONING_TINT, TERMINAL_UI_THEME,
+        TEXT_BODY, TEXT_HINT, TEXT_REASONING, TEXT_TOOL_OUTPUT, ThemeId, UI_THEME,
+        WHALE_REASONING_TEXT_RGB, WHALE_REASONING_TINT_RGB, WHALE_TEXT_BODY_RGB, adapt_bg,
+        adapt_bg_for_palette_mode, adapt_bg_for_theme, adapt_color, adapt_fg_for_palette_mode,
+        adapt_fg_for_theme, blend, luma, nearest_ansi16, normalize_hex_rgb_color,
         normalize_theme_name, parse_hex_rgb_color, pulse_brightness, reasoning_surface_tint,
         rgb_to_ansi256, theme_label_for_mode, ui_theme_from_settings,
     };
@@ -1822,12 +1840,39 @@ mod tests {
         assert_eq!(normalize_theme_name("system"), Some("system"));
         assert_eq!(normalize_theme_name("default"), Some("system"));
         assert_eq!(normalize_theme_name("whale"), Some("dark"));
+        assert_eq!(normalize_theme_name("transparent"), Some("terminal"));
+        assert_eq!(normalize_theme_name("inherit"), Some("terminal"));
         assert_eq!(normalize_theme_name("black-white"), Some("grayscale"));
         assert_eq!(normalize_theme_name("mono"), Some("grayscale"));
         assert_eq!(normalize_theme_name("solarized"), None);
         assert_eq!(theme_label_for_mode(PaletteMode::Grayscale), "grayscale");
     }
 
+    #[test]
+    fn terminal_theme_resets_surfaces_and_remaps_direct_palette_constants() {
+        assert_eq!(ThemeId::from_name("terminal"), Some(ThemeId::Terminal));
+        assert_eq!(TERMINAL_UI_THEME.surface_bg, Color::Reset);
+        assert_eq!(TERMINAL_UI_THEME.footer_bg, Color::Reset);
+        assert_eq!(TERMINAL_UI_THEME.text_body, Color::Reset);
+
+        assert_eq!(
+            adapt_bg_for_theme(DEEPSEEK_INK, ThemeId::Terminal, &TERMINAL_UI_THEME),
+            Color::Reset
+        );
+        assert_eq!(
+            adapt_bg_for_theme(DIFF_ADDED_BG, ThemeId::Terminal, &TERMINAL_UI_THEME),
+            Color::Reset
+        );
+        assert_eq!(
+            adapt_fg_for_theme(TEXT_BODY, ThemeId::Terminal, &TERMINAL_UI_THEME),
+            Color::Reset
+        );
+        assert_eq!(
+            adapt_fg_for_theme(DIFF_ADDED, ThemeId::Terminal, &TERMINAL_UI_THEME),
+            Color::Green
+        );
+    }
+
     #[test]
     fn light_palette_has_quiet_layer_separation() {
         assert_eq!(LIGHT_SURFACE, Color::Rgb(246, 248, 251));

From b6edd8713563ef967d28e119817227ba64691f95 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 05:53:33 -0500
Subject: [PATCH 221/283] fix(tui): make update hint transient

---
 crates/tui/src/tui/app.rs       |   5 --
 crates/tui/src/tui/footer_ui.rs |  19 ++----
 crates/tui/src/tui/ui.rs        | 107 ++++++++++++++++++++++++++------
 crates/tui/src/tui/ui/tests.rs  |  52 ++++++++++++++++
 4 files changed, 145 insertions(+), 38 deletions(-)

diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index be73ca6b..9a254cdc 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1129,10 +1129,6 @@ pub struct App {
     pub status_toasts: VecDeque<StatusToast>,
     /// Sticky status toast used for important warnings/errors.
     pub sticky_status: Option<StatusToast>,
-    /// Version-update hint shown in the footer when a newer release
-    /// is available. Set by a background GitHub API check after app
-    /// startup; `None` until the check completes or if up-to-date.
-    pub version_hint: Option<String>,
     /// Last status text already promoted from `status_message` into toast state.
     pub last_status_message_seen: Option<String>,
     pub model: String,
@@ -1871,7 +1867,6 @@ impl App {
             status_message: None,
             status_toasts: VecDeque::new(),
             sticky_status: None,
-            version_hint: None,
             last_status_message_seen: None,
             model,
             auto_model,
diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index dd54f834..9ec3ac83 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -43,21 +43,12 @@ pub(crate) fn render_footer(f: &mut Frame, area: Rect, app: &mut App) {
     } else {
         None
     };
-    let toast = quit_prompt
-        .or_else(|| {
-            // Version-update hint takes precedence over ephemeral status toasts
-            // so the user sees it even when status traffic would hide it.
-            app.version_hint.as_ref().map(|hint| FooterToast {
-                text: hint.clone(),
-                color: palette::STATUS_INFO,
-            })
+    let toast = quit_prompt.or_else(|| {
+        app.active_status_toast().map(|toast| FooterToast {
+            text: toast.text,
+            color: status_color(toast.level),
         })
-        .or_else(|| {
-            app.active_status_toast().map(|toast| FooterToast {
-                text: toast.text,
-                color: status_color(toast.level),
-            })
-        });
+    });
 
     // Drive every cluster from the user's configured `status_items`. Mode
     // and Model are always rendered by `FooterProps` itself (their position
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 6ad1f633..20f62652 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -158,6 +158,27 @@ const DEFAULT_TERMINAL_PROBE_TIMEOUT_MS: u64 = 500;
 const PERIODIC_FULL_REPAINT_EVERY_N: u64 = 50;
 const TURN_META_PREFIX: &str = "<turn_meta>";
 const SESSION_TITLE_MAX_CHARS: usize = 32;
+const VERSION_HINT_TOAST_TTL_MS: u64 = 12_000;
+
+const REQUIRED_RELEASE_ASSETS: &[&str] = &[
+    "codewhale-artifacts-sha256.txt",
+    "codewhale-linux-arm64",
+    "codewhale-linux-arm64.tar.gz",
+    "codewhale-linux-x64",
+    "codewhale-linux-x64.tar.gz",
+    "codewhale-macos-arm64",
+    "codewhale-macos-arm64.tar.gz",
+    "codewhale-macos-x64",
+    "codewhale-macos-x64.tar.gz",
+    "codewhale-tui-linux-arm64",
+    "codewhale-tui-linux-x64",
+    "codewhale-tui-macos-arm64",
+    "codewhale-tui-macos-x64",
+    "codewhale-tui-windows-x64.exe",
+    "codewhale-windows-x64.exe",
+    "codewhale-windows-x64-portable.zip",
+    "codewhale-windows-x64.zip",
+];
 
 fn is_session_approved_for_tool(app: &App, tool_name: &str, grouping_key: &str) -> bool {
     app.approval_session_approved.contains(grouping_key)
@@ -916,8 +937,8 @@ async fn run_event_loop(
         .unwrap_or_else(Instant::now);
 
     // Fire-and-forget version check — runs once per session in the
-    // background. On success, `app.version_hint` is set and the footer
-    // renders the update recommendation on the next frame.
+    // background. On success, a short status toast advertises the update
+    // without replacing the user's configured footer/status-line chips.
     let mut version_check: Option<tokio::task::JoinHandle<Option<String>>> = Some({
         let current = env!("CARGO_PKG_VERSION").to_string();
         tokio::spawn(async move {
@@ -936,22 +957,7 @@ async fn run_event_loop(
                 .await
                 .ok()?;
             let json: serde_json::Value = resp.json().await.ok()?;
-            let tag = json["tag_name"].as_str()?;
-            let latest = tag.trim_start_matches('v');
-            // Compare semver so dev builds (e.g. "0.8.46-pre") don't
-            // trigger false hints. Falls back to string compare on
-            // unparseable versions.
-            let newer = match (parse_semver(latest), parse_semver(&current)) {
-                (Some(l), Some(c)) => l > c,
-                _ => latest != current,
-            };
-            if newer {
-                Some(format!(
-                    "v{latest} available — run `codewhale update` and restart"
-                ))
-            } else {
-                None
-            }
+            version_hint_from_release_json(&json, &current)
         })
     });
 
@@ -963,7 +969,11 @@ async fn run_event_loop(
             done = handle.is_finished();
         }
         if done && let Ok(Some(hint)) = version_check.take().unwrap().await {
-            app.version_hint = Some(hint);
+            app.push_status_toast(
+                hint,
+                StatusToastLevel::Info,
+                Some(VERSION_HINT_TOAST_TTL_MS),
+            );
         }
 
         if !drain_web_config_events(&mut web_config_session, app, config, &engine_handle).await {
@@ -8340,6 +8350,65 @@ fn extract_reasoning_header(text: &str) -> Option<String> {
     }
 }
 
+fn version_hint_from_release_json(json: &serde_json::Value, current: &str) -> Option<String> {
+    if !release_has_required_assets(json) {
+        return None;
+    }
+
+    let tag = json["tag_name"].as_str()?;
+    let latest = tag.trim_start_matches('v');
+    if !is_newer_version(latest, current) {
+        return None;
+    }
+
+    Some(format!(
+        "v{latest} available - run `codewhale update` and restart"
+    ))
+}
+
+fn release_has_required_assets(json: &serde_json::Value) -> bool {
+    if json
+        .get("draft")
+        .and_then(serde_json::Value::as_bool)
+        .unwrap_or(false)
+    {
+        return false;
+    }
+    if json
+        .get("prerelease")
+        .and_then(serde_json::Value::as_bool)
+        .unwrap_or(false)
+    {
+        return false;
+    }
+
+    REQUIRED_RELEASE_ASSETS
+        .iter()
+        .all(|required| release_has_uploaded_asset(json, required))
+}
+
+fn release_has_uploaded_asset(json: &serde_json::Value, required: &str) -> bool {
+    let Some(assets) = json.get("assets").and_then(serde_json::Value::as_array) else {
+        return false;
+    };
+    assets.iter().any(|asset| {
+        asset.get("name").and_then(serde_json::Value::as_str) == Some(required)
+            && matches!(
+                asset.get("state").and_then(serde_json::Value::as_str),
+                None | Some("uploaded")
+            )
+    })
+}
+
+fn is_newer_version(latest: &str, current: &str) -> bool {
+    // Compare semver so dev builds (e.g. "0.8.46-pre") don't trigger false
+    // hints. Falls back to string compare on unparseable versions.
+    match (parse_semver(latest), parse_semver(current)) {
+        (Some(l), Some(c)) => l > c,
+        _ => latest != current,
+    }
+}
+
 /// Parse a `major.minor.patch` version string into a comparable tuple.
 /// Returns `None` on any parse failure (non-semver, dev suffixes, etc.).
 fn parse_semver(v: &str) -> Option<(u32, u32, u32)> {
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index b8dfa26e..d70bb848 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -2434,6 +2434,58 @@ fn event_poll_timeout_has_nonzero_floor() {
     );
 }
 
+fn complete_release_json(tag: &str) -> serde_json::Value {
+    let assets = REQUIRED_RELEASE_ASSETS
+        .iter()
+        .map(|name| serde_json::json!({ "name": name, "state": "uploaded" }))
+        .collect::<Vec<_>>();
+    serde_json::json!({
+        "tag_name": tag,
+        "draft": false,
+        "prerelease": false,
+        "assets": assets,
+    })
+}
+
+#[test]
+fn version_hint_requires_complete_release_assets() {
+    let complete = complete_release_json("v0.8.47");
+    let hint = version_hint_from_release_json(&complete, "0.8.46").expect("newer complete release");
+    assert!(hint.contains("v0.8.47 available"));
+
+    let mut missing_manifest = complete_release_json("v0.8.47");
+    missing_manifest["assets"] = serde_json::Value::Array(
+        missing_manifest["assets"]
+            .as_array()
+            .expect("assets")
+            .iter()
+            .filter(|asset| {
+                asset.get("name").and_then(serde_json::Value::as_str)
+                    != Some("codewhale-artifacts-sha256.txt")
+            })
+            .cloned()
+            .collect(),
+    );
+    assert!(
+        version_hint_from_release_json(&missing_manifest, "0.8.46").is_none(),
+        "do not advertise a release before checksums are uploaded"
+    );
+}
+
+#[test]
+fn version_hint_ignores_draft_prerelease_and_current_versions() {
+    let mut draft = complete_release_json("v0.8.47");
+    draft["draft"] = serde_json::Value::Bool(true);
+    assert!(version_hint_from_release_json(&draft, "0.8.46").is_none());
+
+    let mut prerelease = complete_release_json("v0.8.47");
+    prerelease["prerelease"] = serde_json::Value::Bool(true);
+    assert!(version_hint_from_release_json(&prerelease, "0.8.46").is_none());
+
+    let current = complete_release_json("v0.8.46");
+    assert!(version_hint_from_release_json(&current, "0.8.46").is_none());
+}
+
 #[test]
 #[cfg(any(unix, windows))]
 fn external_url_launcher_does_not_wait_for_browser_process() {

From f077d87970115ae9885d28bbdf26cc415d31c7cd Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 06:15:28 -0500
Subject: [PATCH 222/283] fix(tui): require uploaded release assets

---
 crates/tui/src/tui/ui.rs       |  5 +----
 crates/tui/src/tui/ui/tests.rs | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 20f62652..8ce5e01d 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -8393,10 +8393,7 @@ fn release_has_uploaded_asset(json: &serde_json::Value, required: &str) -> bool
     };
     assets.iter().any(|asset| {
         asset.get("name").and_then(serde_json::Value::as_str) == Some(required)
-            && matches!(
-                asset.get("state").and_then(serde_json::Value::as_str),
-                None | Some("uploaded")
-            )
+            && asset.get("state").and_then(serde_json::Value::as_str) == Some("uploaded")
     })
 }
 
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index d70bb848..466bffce 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -2470,6 +2470,23 @@ fn version_hint_requires_complete_release_assets() {
         version_hint_from_release_json(&missing_manifest, "0.8.46").is_none(),
         "do not advertise a release before checksums are uploaded"
     );
+
+    let mut pending_asset = complete_release_json("v0.8.47");
+    pending_asset["assets"].as_array_mut().expect("assets")[0]["state"] = serde_json::json!("open");
+    assert!(
+        version_hint_from_release_json(&pending_asset, "0.8.46").is_none(),
+        "do not advertise a release before every asset is uploaded"
+    );
+
+    let mut missing_state = complete_release_json("v0.8.47");
+    missing_state["assets"].as_array_mut().expect("assets")[0]
+        .as_object_mut()
+        .expect("asset object")
+        .remove("state");
+    assert!(
+        version_hint_from_release_json(&missing_state, "0.8.46").is_none(),
+        "do not accept malformed asset state as uploaded"
+    );
 }
 
 #[test]

From 59e31737d0f89ba99c529134b7992a849269586f Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Wed, 27 May 2026 15:19:08 +0800
Subject: [PATCH 223/283] =?UTF-8?q?fix:=20clean=20PDF-extracted=20text=20t?=
 =?UTF-8?q?o=20reduce=20TUI=20clutter=20=E2=80=94=20collapse=20blank=20lin?=
 =?UTF-8?q?es,=20strip=20NUL,=20normalize=20spaces=20(#2226)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/tools/file.rs | 69 ++++++++++++++++++++++++++++++++++--
 1 file changed, 67 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/tools/file.rs b/crates/tui/src/tools/file.rs
index 068c2030..6c7094a4 100644
--- a/crates/tui/src/tools/file.rs
+++ b/crates/tui/src/tools/file.rs
@@ -256,6 +256,41 @@ fn parse_pages_arg(spec: &str) -> Option<(u32, u32)> {
     }
 }
 
+/// Clean PDF-extracted text for TUI display: collapse consecutive blank
+/// lines (more than 1 becomes 1), strip NUL bytes, replace non-breaking
+/// spaces with regular spaces, and trim trailing whitespace on each line.
+/// Produces output that won't clutter the transcript with vertical gaps
+/// or invisible control characters.
+fn clean_pdf_text(raw: &str) -> String {
+    let mut out = String::with_capacity(raw.len());
+    let mut blank_run = 0usize;
+    for line in raw.lines() {
+        let trimmed = line.trim_end();
+        if trimmed.is_empty() {
+            blank_run = blank_run.saturating_add(1);
+            if blank_run <= 1 {
+                out.push('\n');
+            }
+        } else {
+            blank_run = 0;
+            // Replace NUL bytes (present in some PDF streams) with a visible
+            // placeholder so they don't truncate the tool output at the first \0.
+            let cleaned: String = trimmed
+                .chars()
+                .map(|c| match c {
+                    '\0' => '\u{FFFD}',
+                    '\u{A0}' => ' ', // non-breaking space → regular space
+                    other => other,
+                })
+                .collect();
+            out.push_str(&cleaned);
+            out.push('\n');
+        }
+    }
+    // Trim leading/trailing blank lines from the whole output.
+    out.trim().to_string()
+}
+
 fn read_pdf(path: &Path, pages: Option<&str>) -> Result<ToolResult, ToolError> {
     // Validate the `pages` spec once, up front, so both extractor paths
     // surface the same error shape on bad input.
@@ -325,7 +360,7 @@ fn read_pdf_via_pdf_extract(
             ))
         })?
     };
-    Ok(ToolResult::success(text))
+    Ok(ToolResult::success(clean_pdf_text(&text)))
 }
 
 fn read_pdf_via_pdftotext(
@@ -382,7 +417,7 @@ fn read_pdf_via_pdftotext(
     }
 
     let text = String::from_utf8_lossy(&output.stdout).to_string();
-    Ok(ToolResult::success(text))
+    Ok(ToolResult::success(clean_pdf_text(&text)))
 }
 
 // === WriteFileTool ===
@@ -1226,6 +1261,36 @@ mod tests {
         std::path::Path::new(SAMPLE_PDF_PATH).exists()
     }
 
+    #[test]
+    fn clean_pdf_text_collapses_consecutive_blank_lines() {
+        let raw = "line1\n\n\n\n\nline2\n\n\nline3";
+        let cleaned = super::clean_pdf_text(raw);
+        assert_eq!(cleaned, "line1\n\nline2\n\nline3");
+    }
+
+    #[test]
+    fn clean_pdf_text_strips_nul_bytes() {
+        let raw = "hello\0world";
+        let cleaned = super::clean_pdf_text(raw);
+        assert!(!cleaned.contains('\0'));
+        assert!(cleaned.contains('\u{FFFD}'));
+    }
+
+    #[test]
+    fn clean_pdf_text_replaces_non_breaking_spaces() {
+        let raw = "hello\u{A0}world";
+        let cleaned = super::clean_pdf_text(raw);
+        assert!(!cleaned.contains('\u{A0}'));
+        assert_eq!(cleaned, "hello world");
+    }
+
+    #[test]
+    fn clean_pdf_text_trims_trailing_whitespace() {
+        let raw = "hello   ";
+        let cleaned = super::clean_pdf_text(raw);
+        assert_eq!(cleaned, "hello");
+    }
+
     #[test]
     fn read_pdf_via_pdf_extract_finds_known_title() {
         // Skip when the fixture isn't checked out (sparse clones, shallow

From 1f569d5a001c9b52581f3a4befcae9ac833a4514 Mon Sep 17 00:00:00 2001
From: Hanmiao Li <894876246@qq.com>
Date: Thu, 28 May 2026 11:29:13 +0800
Subject: [PATCH 224/283] =?UTF-8?q?fix:=20address=20code=20review=20?=
 =?UTF-8?q?=E2=80=94=20preserve=20indentation,=20remove=20per-line=20alloc?=
 =?UTF-8?q?,=20rename=20test=20for=20accuracy=20(#2266)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 crates/tui/src/tools/file.rs | 51 +++++++++++++++++++++++-------------
 1 file changed, 33 insertions(+), 18 deletions(-)

diff --git a/crates/tui/src/tools/file.rs b/crates/tui/src/tools/file.rs
index 6c7094a4..671f1366 100644
--- a/crates/tui/src/tools/file.rs
+++ b/crates/tui/src/tools/file.rs
@@ -257,13 +257,14 @@ fn parse_pages_arg(spec: &str) -> Option<(u32, u32)> {
 }
 
 /// Clean PDF-extracted text for TUI display: collapse consecutive blank
-/// lines (more than 1 becomes 1), strip NUL bytes, replace non-breaking
-/// spaces with regular spaces, and trim trailing whitespace on each line.
-/// Produces output that won't clutter the transcript with vertical gaps
-/// or invisible control characters.
+/// lines (more than 1 becomes 1), replace NUL bytes with U+FFFD, replace
+/// non-breaking spaces with regular spaces, and trim trailing whitespace
+/// on each line. Produces output that won't clutter the transcript with
+/// vertical gaps or invisible control characters.
 fn clean_pdf_text(raw: &str) -> String {
     let mut out = String::with_capacity(raw.len());
     let mut blank_run = 0usize;
+    let mut any_content = false;
     for line in raw.lines() {
         let trimmed = line.trim_end();
         if trimmed.is_empty() {
@@ -273,22 +274,29 @@ fn clean_pdf_text(raw: &str) -> String {
             }
         } else {
             blank_run = 0;
-            // Replace NUL bytes (present in some PDF streams) with a visible
-            // placeholder so they don't truncate the tool output at the first \0.
-            let cleaned: String = trimmed
-                .chars()
-                .map(|c| match c {
-                    '\0' => '\u{FFFD}',
-                    '\u{A0}' => ' ', // non-breaking space → regular space
-                    other => other,
-                })
-                .collect();
-            out.push_str(&cleaned);
+            any_content = true;
+            // Push cleaned characters directly — avoids a per-line
+            // temporary String allocation.
+            for c in trimmed.chars() {
+                match c {
+                    '\0' => out.push('\u{FFFD}'),
+                    '\u{A0}' => out.push(' '),
+                    other => out.push(other),
+                }
+            }
             out.push('\n');
         }
     }
-    // Trim leading/trailing blank lines from the whole output.
-    out.trim().to_string()
+    // Trim leading blank lines only — don't use str::trim() which
+    // would also strip intentional indentation (e.g. centred titles).
+    if any_content {
+        let start = out.find(|c: char| c != '\n').unwrap_or(0);
+        // Walk back from end to find the last non-newline character.
+        let end = out.rfind(|c: char| c != '\n').map_or(out.len(), |i| i + 1);
+        out[start..end].to_string()
+    } else {
+        String::new()
+    }
 }
 
 fn read_pdf(path: &Path, pages: Option<&str>) -> Result<ToolResult, ToolError> {
@@ -1269,7 +1277,7 @@ mod tests {
     }
 
     #[test]
-    fn clean_pdf_text_strips_nul_bytes() {
+    fn clean_pdf_text_replaces_nul_bytes_with_replacement_char() {
         let raw = "hello\0world";
         let cleaned = super::clean_pdf_text(raw);
         assert!(!cleaned.contains('\0'));
@@ -1291,6 +1299,13 @@ mod tests {
         assert_eq!(cleaned, "hello");
     }
 
+    #[test]
+    fn clean_pdf_text_preserves_leading_indentation() {
+        let raw = "   indented line\nregular line";
+        let cleaned = super::clean_pdf_text(raw);
+        assert_eq!(cleaned, "   indented line\nregular line");
+    }
+
     #[test]
     fn read_pdf_via_pdf_extract_finds_known_title() {
         // Skip when the fixture isn't checked out (sparse clones, shallow

From 53fb8b3150081d11ffa9b6e8c9a1a717a572a4d3 Mon Sep 17 00:00:00 2001
From: Ben Gao <bengao168@msn.com>
Date: Wed, 27 May 2026 15:17:38 +0800
Subject: [PATCH 225/283] fix(session): serialize tool_use/tool_result blocks
 in session detail API

---
 crates/tui/src/runtime_api.rs | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 20110cc4..e8caa9cb 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -707,7 +707,30 @@ fn session_to_detail(session: SavedSession) -> SessionDetailResponse {
                     crate::models::ContentBlock::Thinking { thinking, .. } => {
                         json!({ "type": "thinking", "text": thinking })
                     }
-                    _ => json!({ "type": "other" }),
+                    crate::models::ContentBlock::ToolUse { id, name, input, .. } => {
+                        json!({ "type": "tool_use", "id": id, "name": name, "input": input })
+                    }
+                    crate::models::ContentBlock::ToolResult { tool_use_id, content, is_error, content_blocks, .. } => {
+                        let mut obj = json!({ "type": "tool_result", "tool_use_id": tool_use_id });
+                        if let Some(cbs) = content_blocks {
+                            obj["content_blocks"] = json!(cbs);
+                        } else {
+                            obj["content"] = json!(content);
+                        }
+                        if let Some(e) = is_error {
+                            obj["is_error"] = json!(e);
+                        }
+                        obj
+                    }
+                    crate::models::ContentBlock::ServerToolUse { id, name, input } => {
+                        json!({ "type": "tool_use", "id": id, "name": name, "input": input })
+                    }
+                    crate::models::ContentBlock::ToolSearchToolResult { tool_use_id, content } => {
+                        json!({ "type": "tool_result", "tool_use_id": tool_use_id, "content": content })
+                    }
+                    crate::models::ContentBlock::CodeExecutionToolResult { tool_use_id, content } => {
+                        json!({ "type": "tool_result", "tool_use_id": tool_use_id, "content": content })
+                    }
                 })
                 .collect();
             json!({

From c206c30693198256d17a10e56933a064825ec16d Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 06:43:42 -0500
Subject: [PATCH 226/283] fix(runtime): preserve session tool detail fields

---
 crates/tui/src/runtime_api.rs | 84 ++++++++++++++++++++++++++++++++++-
 1 file changed, 82 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index e8caa9cb..8754ac78 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -707,13 +707,21 @@ fn session_to_detail(session: SavedSession) -> SessionDetailResponse {
                     crate::models::ContentBlock::Thinking { thinking, .. } => {
                         json!({ "type": "thinking", "text": thinking })
                     }
-                    crate::models::ContentBlock::ToolUse { id, name, input, .. } => {
-                        json!({ "type": "tool_use", "id": id, "name": name, "input": input })
+                    crate::models::ContentBlock::ToolUse { id, name, input, caller } => {
+                        let mut obj =
+                            json!({ "type": "tool_use", "id": id, "name": name, "input": input });
+                        if let Some(caller) = caller {
+                            obj["caller"] = json!(caller);
+                        }
+                        obj
                     }
                     crate::models::ContentBlock::ToolResult { tool_use_id, content, is_error, content_blocks, .. } => {
                         let mut obj = json!({ "type": "tool_result", "tool_use_id": tool_use_id });
                         if let Some(cbs) = content_blocks {
                             obj["content_blocks"] = json!(cbs);
+                            if !content.is_empty() {
+                                obj["content"] = json!(content);
+                            }
                         } else {
                             obj["content"] = json!(content);
                         }
@@ -1929,6 +1937,78 @@ mod tests {
         }
     }
 
+    fn saved_session_with_blocks(blocks: Vec<crate::models::ContentBlock>) -> SavedSession {
+        SavedSession {
+            schema_version: 1,
+            metadata: SessionMetadata {
+                id: "session-1".to_string(),
+                title: "test session".to_string(),
+                created_at: Utc::now(),
+                updated_at: Utc::now(),
+                message_count: 1,
+                total_tokens: 0,
+                model: "test-model".to_string(),
+                workspace: PathBuf::from("."),
+                mode: None,
+                cost: Default::default(),
+                parent_session_id: None,
+                forked_from_message_count: None,
+                cumulative_turn_secs: 0,
+            },
+            messages: vec![crate::models::Message {
+                role: "assistant".to_string(),
+                content: blocks,
+            }],
+            system_prompt: None,
+            context_references: Vec::new(),
+            artifacts: Vec::new(),
+        }
+    }
+
+    #[test]
+    fn session_detail_tool_use_preserves_caller_metadata() {
+        let detail = session_to_detail(saved_session_with_blocks(vec![
+            crate::models::ContentBlock::ToolUse {
+                id: "tool-1".to_string(),
+                name: "task_shell_start".to_string(),
+                input: json!({ "cmd": "cargo test" }),
+                caller: Some(crate::models::ToolCaller {
+                    caller_type: "subagent".to_string(),
+                    tool_id: Some("parent-tool".to_string()),
+                }),
+            },
+        ]));
+
+        let block = &detail.messages[0]["content"][0];
+        assert_eq!(block["type"].as_str(), Some("tool_use"));
+        assert_eq!(block["caller"]["type"].as_str(), Some("subagent"));
+        assert_eq!(block["caller"]["tool_id"].as_str(), Some("parent-tool"));
+    }
+
+    #[test]
+    fn session_detail_tool_result_keeps_fallback_content_with_blocks() {
+        let detail = session_to_detail(saved_session_with_blocks(vec![
+            crate::models::ContentBlock::ToolResult {
+                tool_use_id: "tool-1".to_string(),
+                content: "fallback text".to_string(),
+                is_error: Some(false),
+                content_blocks: Some(vec![json!({
+                    "type": "text",
+                    "text": "structured text"
+                })]),
+            },
+        ]));
+
+        let block = &detail.messages[0]["content"][0];
+        assert_eq!(block["type"].as_str(), Some("tool_result"));
+        assert_eq!(block["content"].as_str(), Some("fallback text"));
+        assert_eq!(
+            block["content_blocks"][0]["text"].as_str(),
+            Some("structured text")
+        );
+        assert_eq!(block["is_error"].as_bool(), Some(false));
+    }
+
     #[test]
     fn runtime_auth_generates_token_by_default() {
         let auth = resolve_runtime_auth(None, None, false);

From 23eac3346e6fb52e345c3c74432b3e2a8677fe1c Mon Sep 17 00:00:00 2001
From: lei <liulei@8531.cn>
Date: Sat, 23 May 2026 17:05:19 +0800
Subject: [PATCH 227/283] feat: macos display notification

---
 crates/tui/src/tui/notifications.rs | 86 ++++++++++++++++++++++++++++-
 crates/tui/src/tui/ui.rs            | 41 ++++++++++++++
 2 files changed, 125 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/tui/notifications.rs b/crates/tui/src/tui/notifications.rs
index 6461046d..447808f4 100644
--- a/crates/tui/src/tui/notifications.rs
+++ b/crates/tui/src/tui/notifications.rs
@@ -32,6 +32,8 @@ pub enum Method {
     Osc9,
     /// Plain BEL character: `\x07`
     Bel,
+    /// osascript
+    MacOS,
     /// Kitty notification protocol (OSC 99) with ST terminator.
     /// Uses `ESC ] 99 ; params ST` — no audible beep, unlike BEL.
     Kitty,
@@ -96,6 +98,10 @@ fn resolve_method() -> Method {
         return Method::Bel;
     }
 
+    if cfg!(target_os = "macos") {
+        return Method::MacOS;
+    }
+
     // Ghostty-based terminals (cmux, etc.) may not set their own
     // TERM_PROGRAM but do set TERM=xterm-ghostty. Likewise for Kitty.
     let term = std::env::var("TERM").unwrap_or_default();
@@ -153,8 +159,8 @@ fn build_escape(method: Method, in_tmux: bool, msg: &str) -> Vec<u8> {
             let seq = format!("\x1b]777;notify;codewhale;{msg}\x07");
             wrap_for_multiplexer(&seq, in_tmux).into_bytes()
         }
-        // Auto and Off should not reach build_escape.
-        Method::Auto | Method::Off => vec![],
+        // Auto and Off and MacOS should not reach build_escape.
+        Method::Auto | Method::Off | Method::MacOS => vec![],
     }
 }
 
@@ -178,6 +184,13 @@ pub fn notify_done_to<W: Write>(
         Method::Auto => resolve_method(),
         other => other,
     };
+
+    // macOS Notification Center: handled via osascript, not terminal escapes.
+    if Method::MacOS==effective {
+        macos_display_notification(msg);
+        return;
+    }
+
     let bytes = build_escape(effective, in_tmux, msg);
     if bytes.is_empty() {
         return;
@@ -378,6 +391,75 @@ fn bell_sound() {
     let _ = io::stdout().write_all(b"\x07");
 }
 
+/// Show a macOS Notification Center alert via `osascript`.
+///
+/// Runs on a dedicated background thread so the caller is not blocked.
+///
+/// The notification includes:
+/// - **Title**: "DeepSeek TUI"
+/// - **Subtitle**: First line of `msg` (when the message contains a newline,
+///   e.g. the response preview from a completed turn)
+/// - **Body**: Remaining lines of `msg`, or the full `msg` if single-line
+/// - **Sound**: Default macOS notification sound
+///
+/// The whole body is capped at 200 **characters** (not bytes) to keep the
+/// bubble readable while correctly handling multi-byte text. Embedded double
+/// quotes are escaped as `\"` so AppleScript tokenises correctly.
+///
+/// This is best-effort: if `osascript` is not available (e.g. headless SSH
+/// session) the error is logged via `tracing::warn!` instead of silently
+/// swallowed.
+#[cfg(target_os = "macos")]
+fn macos_display_notification(msg: &str) {
+    let body = msg.to_string();
+
+    // Spawn on a background thread so we don't block the caller.
+    // osascript itself is fast (~50 ms), but spawning a subprocess
+    // synchronously from an async context steals a tokio thread.
+    let _ = std::thread::Builder::new()
+        .name("osascript-notif".into())
+        .spawn(move || {
+            // Char-bounded truncation (not byte-bounded) so we don't slice
+            // through a multi-byte sequence and emit invalid UTF-8 to the
+            // AppleScript parser.
+            let body_str: String = body.chars().take(200).collect();
+
+            // Escape embedded double-quote characters for AppleScript.
+            let escaped = body_str.replace('"', "\\\"");
+
+            // Build the AppleScript command.
+            // When the message has multiple lines, the first line becomes
+            // the subtitle and the rest becomes the body — this lets turn
+            // notifications show the response preview in the subtitle and
+            // the duration/cost summary in the body.
+            let script = if let Some(idx) = escaped.find('\n') {
+                let subtitle = escaped[..idx].trim();
+                let body_text = escaped[idx + 1..].trim();
+                format!(
+                    "display notification \"{body_text}\" with title \"DeepSeek TUI\" subtitle \"{subtitle}\" sound name \"default\""
+                )
+            } else {
+                format!(
+                    "display notification \"{escaped}\" with title \"DeepSeek TUI\" sound name \"default\""
+                )
+            };
+
+            match std::process::Command::new("osascript")
+                .args(["-e", &script])
+                .output()
+            {
+                Ok(output) if !output.status.success() => {
+                    let stderr = String::from_utf8_lossy(&output.stderr);
+                    tracing::warn!(stderr = %stderr, "osascript notification failed");
+                }
+                Err(e) => {
+                    tracing::warn!(error = %e, "osascript notification error");
+                }
+                _ => {}
+            }
+        });
+}
+
 /// Return a human-readable duration string, capped at two units so
 /// it stays compact in headers and notifications.
 ///
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 8ce5e01d..2e17cfd2 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1994,6 +1994,19 @@ async fn run_event_loop(
                             );
                             app.view_stack
                                 .push(ApprovalView::new_for_locale(request, app.ui_locale));
+                            if let Some((method, _, _)) =
+                                crate::tui::notifications::settings(config)
+                            {
+                                let in_tmux =
+                                    std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
+                                crate::tui::notifications::notify_done(
+                                    method,
+                                    in_tmux,
+                                    &format!("Approval needed: {tool_name} - {description}"),
+                                    Duration::ZERO,
+                                    Duration::ZERO,
+                                );
+                            }
                             app.status_message = Some(format!(
                                 "Approval required for '{tool_name}': {description}"
                             ));
@@ -2001,6 +2014,19 @@ async fn run_event_loop(
                     }
                     EngineEvent::UserInputRequired { id, request } => {
                         app.view_stack.push(UserInputView::new(id.clone(), request));
+                        if let Some((method, _, _)) =
+                            crate::tui::notifications::settings(config)
+                        {
+                            let in_tmux =
+                                std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
+                            crate::tui::notifications::notify_done(
+                                method,
+                                in_tmux,
+                                "Action required: please respond in the terminal",
+                                Duration::ZERO,
+                                Duration::ZERO,
+                            );
+                        }
                         app.status_message = Some(
                             "Action required: answer the popup with 1-4, arrows, or Enter"
                                 .to_string(),
@@ -2056,6 +2082,21 @@ async fn run_event_loop(
                                 blocked_write,
                             );
                             app.view_stack.push(ElevationView::new(request));
+                            if let Some((method, _, _)) =
+                                crate::tui::notifications::settings(config)
+                            {
+                                let in_tmux =
+                                    std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
+                                crate::tui::notifications::notify_done(
+                                    method,
+                                    in_tmux,
+                                    &format!(
+                                        "Sandbox: {denial_reason} for '{tool_name}'"
+                                    ),
+                                    Duration::ZERO,
+                                    Duration::ZERO,
+                                );
+                            }
                             app.status_message =
                                 Some(format!("Sandbox blocked {tool_name}: {denial_reason}"));
                         }

From 0597e5fc00a91d3af95f9c8cf13fe3b578b780a8 Mon Sep 17 00:00:00 2001
From: lei <liulei@8531.cn>
Date: Wed, 27 May 2026 17:40:29 +0800
Subject: [PATCH 228/283] fix: review

---
 crates/tui/src/tui/notifications.rs | 82 ++++++++++++++++++++---------
 1 file changed, 57 insertions(+), 25 deletions(-)

diff --git a/crates/tui/src/tui/notifications.rs b/crates/tui/src/tui/notifications.rs
index 447808f4..2b763911 100644
--- a/crates/tui/src/tui/notifications.rs
+++ b/crates/tui/src/tui/notifications.rs
@@ -186,7 +186,8 @@ pub fn notify_done_to<W: Write>(
     };
 
     // macOS Notification Center: handled via osascript, not terminal escapes.
-    if Method::MacOS==effective {
+    #[cfg(target_os = "macos")]
+    if Method::MacOS == effective {
         macos_display_notification(msg);
         return;
     }
@@ -396,15 +397,23 @@ fn bell_sound() {
 /// Runs on a dedicated background thread so the caller is not blocked.
 ///
 /// The notification includes:
-/// - **Title**: "DeepSeek TUI"
+/// - **Title**: "CodeWhale"
 /// - **Subtitle**: First line of `msg` (when the message contains a newline,
 ///   e.g. the response preview from a completed turn)
 /// - **Body**: Remaining lines of `msg`, or the full `msg` if single-line
 /// - **Sound**: Default macOS notification sound
 ///
-/// The whole body is capped at 200 **characters** (not bytes) to keep the
-/// bubble readable while correctly handling multi-byte text. Embedded double
-/// quotes are escaped as `\"` so AppleScript tokenises correctly.
+/// The message body is capped at 200 **characters** (not bytes) to keep the
+/// bubble readable while correctly handling multi-byte text.
+///
+/// **Security**: The message is passed to `osascript` as a command-line
+/// argument via `ARGV`, never embedded inline in the AppleScript source.
+/// AppleScript does not treat backslash as an escape inside double-quoted
+/// string literals, so the previous `\"` approach would terminate the
+/// string at the `"` and leave any text between unbalanced quotes
+/// evaluated as raw AppleScript code — a code-injection vector for
+/// AI-generated notification text. Passing via `ARGV` avoids this
+/// entirely because the message is never parsed as AppleScript syntax.
 ///
 /// This is best-effort: if `osascript` is not available (e.g. headless SSH
 /// session) the error is logged via `tracing::warn!` instead of silently
@@ -420,32 +429,55 @@ fn macos_display_notification(msg: &str) {
         .name("osascript-notif".into())
         .spawn(move || {
             // Char-bounded truncation (not byte-bounded) so we don't slice
-            // through a multi-byte sequence and emit invalid UTF-8 to the
-            // AppleScript parser.
+            // through a multi-byte sequence and emit invalid UTF-8.
             let body_str: String = body.chars().take(200).collect();
 
-            // Escape embedded double-quote characters for AppleScript.
-            let escaped = body_str.replace('"', "\\\"");
+            // Build AppleScript that receives the message via ARGV
+            // instead of inline string interpolation. AppleScript does
+            // not treat backslash as an escape inside double-quoted
+            // string literals, so `\"` would terminate the string at
+            // the `"` and leave a dangling `\`. Passing the message as
+            // a command-line argument avoids any injection risk.
+            //
+            // When the message has multiple lines, the first line
+            // becomes the subtitle and the rest becomes the body —
+            // this lets turn notifications show the response preview
+            // in the subtitle and the duration/cost summary in the body.
+            let mut args: Vec<String> = Vec::new();
 
-            // Build the AppleScript command.
-            // When the message has multiple lines, the first line becomes
-            // the subtitle and the rest becomes the body — this lets turn
-            // notifications show the response preview in the subtitle and
-            // the duration/cost summary in the body.
-            let script = if let Some(idx) = escaped.find('\n') {
-                let subtitle = escaped[..idx].trim();
-                let body_text = escaped[idx + 1..].trim();
-                format!(
-                    "display notification \"{body_text}\" with title \"DeepSeek TUI\" subtitle \"{subtitle}\" sound name \"default\""
-                )
+            if let Some(idx) = body_str.find('\n') {
+                let subtitle = body_str[..idx].trim();
+                let body_text = body_str[idx + 1..].trim();
+                args.extend_from_slice(&[
+                    "-e".into(),
+                    "on run argv".into(),
+                    "-e".into(),
+                    "set theBody to item 1 of argv".into(),
+                    "-e".into(),
+                    "set theSubtitle to item 2 of argv".into(),
+                    "-e".into(),
+                    "display notification theBody with title \"CodeWhale\" subtitle theSubtitle sound name \"default\"".into(),
+                    "-e".into(),
+                    "end run".into(),
+                    "--".into(),
+                    body_text.into(),
+                    subtitle.into(),
+                ]);
             } else {
-                format!(
-                    "display notification \"{escaped}\" with title \"DeepSeek TUI\" sound name \"default\""
-                )
-            };
+                args.extend_from_slice(&[
+                    "-e".into(),
+                    "on run argv".into(),
+                    "-e".into(),
+                    "display notification (item 1 of argv) with title \"CodeWhale\" sound name \"default\"".into(),
+                    "-e".into(),
+                    "end run".into(),
+                    "--".into(),
+                    body_str,
+                ]);
+            }
 
             match std::process::Command::new("osascript")
-                .args(["-e", &script])
+                .args(&args)
                 .output()
             {
                 Ok(output) if !output.status.success() => {

From 5b0bc68c8882d1193d0544da93710e3496b4aa06 Mon Sep 17 00:00:00 2001
From: lei <liulei@8531.cn>
Date: Wed, 27 May 2026 17:46:05 +0800
Subject: [PATCH 229/283] fix: format

---
 crates/tui/src/tui/ui.rs | 67 ++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 37 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 2e17cfd2..daa5f334 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -9,14 +9,6 @@ use std::sync::Arc;
 use std::time::{Duration, Instant};
 
 use anyhow::Result;
-use crossterm::{
-    event::{
-        self, DisableBracketedPaste, DisableFocusChange, DisableMouseCapture, EnableBracketedPaste,
-        EnableFocusChange, EnableMouseCapture, Event, KeyCode, KeyEventKind, KeyModifiers,
-    },
-    execute,
-    terminal::{EnterAlternateScreen, LeaveAlternateScreen, disable_raw_mode, enable_raw_mode},
-};
 // On Windows the push/pop helpers write the escapes directly; crossterm's
 // PushKeyboardEnhancementFlags / PopKeyboardEnhancementFlags commands are
 // never referenced, so the imports are gated to avoid -D warnings failures.
@@ -24,40 +16,48 @@ use crossterm::{
 use crossterm::event::{
     KeyboardEnhancementFlags, PopKeyboardEnhancementFlags, PushKeyboardEnhancementFlags,
 };
+use crossterm::{
+    event::{
+        self, DisableBracketedPaste, DisableFocusChange, DisableMouseCapture, EnableBracketedPaste,
+        EnableFocusChange, EnableMouseCapture, Event, KeyCode, KeyEventKind, KeyModifiers,
+    },
+    execute,
+    terminal::{disable_raw_mode, enable_raw_mode, EnterAlternateScreen, LeaveAlternateScreen},
+};
 use ratatui::{
-    Frame, Terminal,
-    layout::{Constraint, Direction, Layout, Rect, Size},
-    prelude::Widget,
+    layout::{Constraint, Direction, Layout, Rect, Size}, prelude::Widget,
     style::Style,
     widgets::Block,
+    Frame,
+    Terminal,
 };
 use tracing;
 #[cfg(target_os = "windows")]
 use windows::Win32::System::Console::{GetConsoleMode, GetStdHandle, SetConsoleMode};
 
 use crate::audit::log_sensitive_event;
-use crate::automation_manager::{AutomationManager, AutomationSchedulerConfig, spawn_scheduler};
-use crate::client::{DeepSeekClient, build_cache_warmup_request};
+use crate::automation_manager::{spawn_scheduler, AutomationManager, AutomationSchedulerConfig};
+use crate::client::{build_cache_warmup_request, DeepSeekClient};
 use crate::commands;
 use crate::compaction::estimate_input_tokens_conservative;
 use crate::config::{
-    ApiProvider, Config, DEFAULT_NVIDIA_NIM_BASE_URL, ProviderConfig, ProvidersConfig,
-    save_provider_auth_mode_for,
+    save_provider_auth_mode_for, ApiProvider, Config, ProviderConfig, ProvidersConfig,
+    DEFAULT_NVIDIA_NIM_BASE_URL,
 };
 use crate::config_ui::{self, ConfigUiMode, WebConfigSession, WebConfigSessionEvent};
-use crate::core::engine::{EngineConfig, EngineHandle, spawn_engine};
+use crate::core::engine::{spawn_engine, EngineConfig, EngineHandle};
 use crate::core::events::Event as EngineEvent;
 use crate::core::ops::Op;
 use crate::hooks::{HookEvent, HookExecutor};
 use crate::llm_client::LlmClient;
 use crate::models::{
-    ContentBlock, Message, MessageRequest, SystemPrompt, Usage, context_window_for_model,
+    context_window_for_model, ContentBlock, Message, MessageRequest, SystemPrompt, Usage,
 };
 use crate::palette;
 use crate::prompts;
 use crate::session_manager::{
-    OfflineQueueState, QueuedSessionMessage, SavedSession, SessionManager,
-    create_saved_session_with_id_and_mode, create_saved_session_with_mode, update_session,
+    create_saved_session_with_id_and_mode, create_saved_session_with_mode, update_session, OfflineQueueState,
+    QueuedSessionMessage, SavedSession, SessionManager,
 };
 use crate::task_manager::{
     NewTaskRequest, SharedTaskManager, TaskManager, TaskManagerConfig, TaskStatus, TaskSummary,
@@ -67,7 +67,7 @@ use crate::tools::subagent::SubAgentStatus;
 use crate::tui::auto_router;
 use crate::tui::color_compat::ColorCompatBackend;
 use crate::tui::command_palette::{
-    CommandPaletteView, build_entries as build_command_palette_entries,
+    build_entries as build_command_palette_entries, CommandPaletteView,
 };
 use crate::tui::composer_ui::*;
 use crate::tui::context_inspector::build_context_inspector_text;
@@ -111,16 +111,16 @@ use crate::tui::workspace_context;
 use super::key_actions;
 
 use super::app::{
-    App, AppAction, AppMode, OnboardingState, QueuedMessage, ReasoningEffort, SidebarFocus,
-    StatusToastLevel, SubmitDisposition, TaskPanelEntry, TuiOptions,
-    looks_like_slash_command_input,
+    looks_like_slash_command_input, App, AppAction, AppMode, OnboardingState, QueuedMessage, ReasoningEffort,
+    SidebarFocus, StatusToastLevel, SubmitDisposition, TaskPanelEntry,
+    TuiOptions,
 };
 use super::approval::{
     ApprovalMode, ApprovalRequest, ApprovalView, ElevationRequest, ElevationView, ReviewDecision,
 };
 use super::history::{
-    HistoryCell, ToolCell, ToolStatus, TranscriptRenderOptions, history_cells_from_message,
-    summarize_tool_output,
+    history_cells_from_message, summarize_tool_output, HistoryCell, ToolCell, ToolStatus,
+    TranscriptRenderOptions,
 };
 use super::slash_menu::{
     apply_slash_menu_selection, partial_inline_skill_mention_at_cursor,
@@ -1997,8 +1997,7 @@ async fn run_event_loop(
                             if let Some((method, _, _)) =
                                 crate::tui::notifications::settings(config)
                             {
-                                let in_tmux =
-                                    std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
+                                let in_tmux = std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
                                 crate::tui::notifications::notify_done(
                                     method,
                                     in_tmux,
@@ -2014,11 +2013,8 @@ async fn run_event_loop(
                     }
                     EngineEvent::UserInputRequired { id, request } => {
                         app.view_stack.push(UserInputView::new(id.clone(), request));
-                        if let Some((method, _, _)) =
-                            crate::tui::notifications::settings(config)
-                        {
-                            let in_tmux =
-                                std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
+                        if let Some((method, _, _)) = crate::tui::notifications::settings(config) {
+                            let in_tmux = std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
                             crate::tui::notifications::notify_done(
                                 method,
                                 in_tmux,
@@ -2085,14 +2081,11 @@ async fn run_event_loop(
                             if let Some((method, _, _)) =
                                 crate::tui::notifications::settings(config)
                             {
-                                let in_tmux =
-                                    std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
+                                let in_tmux = std::env::var("TMUX").is_ok_and(|v| !v.is_empty());
                                 crate::tui::notifications::notify_done(
                                     method,
                                     in_tmux,
-                                    &format!(
-                                        "Sandbox: {denial_reason} for '{tool_name}'"
-                                    ),
+                                    &format!("Sandbox: {denial_reason} for '{tool_name}'"),
                                     Duration::ZERO,
                                     Duration::ZERO,
                                 );

From f889948c0ecb9075ba98673a722aba54757ff8cd Mon Sep 17 00:00:00 2001
From: lei <liulei@8531.cn>
Date: Wed, 27 May 2026 17:55:17 +0800
Subject: [PATCH 230/283] fix: format

---
 crates/tui/src/tui/ui.rs | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index daa5f334..4e65c574 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -22,42 +22,42 @@ use crossterm::{
         EnableFocusChange, EnableMouseCapture, Event, KeyCode, KeyEventKind, KeyModifiers,
     },
     execute,
-    terminal::{disable_raw_mode, enable_raw_mode, EnterAlternateScreen, LeaveAlternateScreen},
+    terminal::{EnterAlternateScreen, LeaveAlternateScreen, disable_raw_mode, enable_raw_mode},
 };
 use ratatui::{
-    layout::{Constraint, Direction, Layout, Rect, Size}, prelude::Widget,
+    Frame, Terminal,
+    layout::{Constraint, Direction, Layout, Rect, Size},
+    prelude::Widget,
     style::Style,
     widgets::Block,
-    Frame,
-    Terminal,
 };
 use tracing;
 #[cfg(target_os = "windows")]
 use windows::Win32::System::Console::{GetConsoleMode, GetStdHandle, SetConsoleMode};
 
 use crate::audit::log_sensitive_event;
-use crate::automation_manager::{spawn_scheduler, AutomationManager, AutomationSchedulerConfig};
-use crate::client::{build_cache_warmup_request, DeepSeekClient};
+use crate::automation_manager::{AutomationManager, AutomationSchedulerConfig, spawn_scheduler};
+use crate::client::{DeepSeekClient, build_cache_warmup_request};
 use crate::commands;
 use crate::compaction::estimate_input_tokens_conservative;
 use crate::config::{
-    save_provider_auth_mode_for, ApiProvider, Config, ProviderConfig, ProvidersConfig,
-    DEFAULT_NVIDIA_NIM_BASE_URL,
+    ApiProvider, Config, DEFAULT_NVIDIA_NIM_BASE_URL, ProviderConfig, ProvidersConfig,
+    save_provider_auth_mode_for,
 };
 use crate::config_ui::{self, ConfigUiMode, WebConfigSession, WebConfigSessionEvent};
-use crate::core::engine::{spawn_engine, EngineConfig, EngineHandle};
+use crate::core::engine::{EngineConfig, EngineHandle, spawn_engine};
 use crate::core::events::Event as EngineEvent;
 use crate::core::ops::Op;
 use crate::hooks::{HookEvent, HookExecutor};
 use crate::llm_client::LlmClient;
 use crate::models::{
-    context_window_for_model, ContentBlock, Message, MessageRequest, SystemPrompt, Usage,
+    ContentBlock, Message, MessageRequest, SystemPrompt, Usage, context_window_for_model,
 };
 use crate::palette;
 use crate::prompts;
 use crate::session_manager::{
-    create_saved_session_with_id_and_mode, create_saved_session_with_mode, update_session, OfflineQueueState,
-    QueuedSessionMessage, SavedSession, SessionManager,
+    OfflineQueueState, QueuedSessionMessage, SavedSession, SessionManager,
+    create_saved_session_with_id_and_mode, create_saved_session_with_mode, update_session,
 };
 use crate::task_manager::{
     NewTaskRequest, SharedTaskManager, TaskManager, TaskManagerConfig, TaskStatus, TaskSummary,
@@ -67,7 +67,7 @@ use crate::tools::subagent::SubAgentStatus;
 use crate::tui::auto_router;
 use crate::tui::color_compat::ColorCompatBackend;
 use crate::tui::command_palette::{
-    build_entries as build_command_palette_entries, CommandPaletteView,
+    CommandPaletteView, build_entries as build_command_palette_entries,
 };
 use crate::tui::composer_ui::*;
 use crate::tui::context_inspector::build_context_inspector_text;
@@ -111,16 +111,16 @@ use crate::tui::workspace_context;
 use super::key_actions;
 
 use super::app::{
-    looks_like_slash_command_input, App, AppAction, AppMode, OnboardingState, QueuedMessage, ReasoningEffort,
-    SidebarFocus, StatusToastLevel, SubmitDisposition, TaskPanelEntry,
-    TuiOptions,
+    App, AppAction, AppMode, OnboardingState, QueuedMessage, ReasoningEffort, SidebarFocus,
+    StatusToastLevel, SubmitDisposition, TaskPanelEntry, TuiOptions,
+    looks_like_slash_command_input,
 };
 use super::approval::{
     ApprovalMode, ApprovalRequest, ApprovalView, ElevationRequest, ElevationView, ReviewDecision,
 };
 use super::history::{
-    history_cells_from_message, summarize_tool_output, HistoryCell, ToolCell, ToolStatus,
-    TranscriptRenderOptions,
+    HistoryCell, ToolCell, ToolStatus, TranscriptRenderOptions, history_cells_from_message,
+    summarize_tool_output,
 };
 use super::slash_menu::{
     apply_slash_menu_selection, partial_inline_skill_mention_at_cursor,

From 88d8ba853a812b3c097a16c0911512e3bbed5cf0 Mon Sep 17 00:00:00 2001
From: lei <liulei@8531.cn>
Date: Wed, 27 May 2026 18:14:24 +0800
Subject: [PATCH 231/283] fix: test

---
 crates/tui/src/tui/notifications.rs | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/tui/notifications.rs b/crates/tui/src/tui/notifications.rs
index 2b763911..47d08660 100644
--- a/crates/tui/src/tui/notifications.rs
+++ b/crates/tui/src/tui/notifications.rs
@@ -909,7 +909,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(not(target_os = "windows"))]
+    #[cfg(not(any(target_os = "windows", target_os = "macos")))]
     fn auto_detect_picks_bel_for_unknown_on_unix() {
         let _lock = env_lock();
         let prev_tp = std::env::var_os("TERM_PROGRAM");
@@ -992,7 +992,7 @@ mod tests {
     /// `TERM_PROGRAM` but do set `TERM=xterm-ghostty`. The `$TERM`
     /// fallback should catch them.
     #[test]
-    #[cfg(not(target_os = "windows"))]
+    #[cfg(not(any(target_os = "windows", target_os = "macos")))]
     fn auto_detect_picks_osc9_for_xterm_ghostty_term_fallback() {
         let _lock = env_lock();
         let prev_tp = std::env::var_os("TERM_PROGRAM");
@@ -1060,7 +1060,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(not(target_os = "windows"))]
+    #[cfg(not(any(target_os = "windows", target_os = "macos")))]
     fn auto_detect_picks_kitty_from_term_fallback() {
         let _lock = env_lock();
         let prev_tp = std::env::var_os("TERM_PROGRAM");
@@ -1093,8 +1093,11 @@ mod tests {
 
     /// When neither `TERM_PROGRAM` nor `TERM` suggests a known capable
     /// terminal, the fallback on Unix is `Bel`.
+    ///
+    /// On macOS the `MacOS` method takes priority, so this test is
+    /// excluded there.
     #[test]
-    #[cfg(not(target_os = "windows"))]
+    #[cfg(not(any(target_os = "windows", target_os = "macos")))]
     fn auto_detect_falls_back_to_bel_for_unrelated_term() {
         let _lock = env_lock();
         let prev_tp = std::env::var_os("TERM_PROGRAM");

From da3a0efeefacabdc335f80c414c8a268ffc52329 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 00:05:02 -0500
Subject: [PATCH 232/283] fix(tui): clear stale tool failures from sidebar
 (#1884)

Deduplicate failures per tool name, clear stale failures when
the same tool succeeds, and cap visible failures at 2 so old
failures don't crowd the sidebar after the task moves on.
---
 crates/tui/src/tui/sidebar.rs | 44 ++++++++++++++++++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/tui/sidebar.rs b/crates/tui/src/tui/sidebar.rs
index 2ebd58dd..c28c5a83 100644
--- a/crates/tui/src/tui/sidebar.rs
+++ b/crates/tui/src/tui/sidebar.rs
@@ -1155,9 +1155,21 @@ fn editorial_tool_rows(rows: Vec<SidebarToolRow>, limit: usize) -> Vec<SidebarTo
     let mut ci_poll_groups: Vec<(usize, SidebarToolRow, usize)> = Vec::new();
     let mut shell_wait_groups: Vec<(usize, SidebarToolRow, usize, String)> = Vec::new();
     let mut seen_success: Vec<String> = Vec::new();
+    let mut seen_tool_names_succeeded: Vec<String> = Vec::new();
+    let mut seen_failures: Vec<String> = Vec::new();
+    let mut visible_failure_count: usize = 0;
+    const MAX_VISIBLE_FAILURES: usize = 2;
 
     for (order, mut row) in rows.into_iter().enumerate() {
         if row.status == ToolStatus::Failed {
+            // Deduplicate failures for the same tool name: keep only the most
+            // recent failure per tool. Fixes #1884 — stale failures from
+            // tools that have since succeeded no longer crowd the sidebar.
+            let fail_key = row.name.trim().to_ascii_lowercase();
+            if seen_failures.contains(&fail_key) {
+                continue;
+            }
+            seen_failures.push(fail_key);
             row.summary = failure_summary_with_hint(&row.summary);
         }
 
@@ -1213,10 +1225,40 @@ fn editorial_tool_rows(rows: Vec<SidebarToolRow>, limit: usize) -> Vec<SidebarTo
         }
         if row.status == ToolStatus::Success {
             seen_success.push(key);
+            let normalized = row.name.trim().to_ascii_lowercase();
+            if !seen_tool_names_succeeded.contains(&normalized) {
+                seen_tool_names_succeeded.push(normalized);
+            }
         }
 
+        // When a tool succeeds, remove any prior failure for the same
+        // tool name. Prevents stale `gh issue create (failed)` from
+        // lingering after a successful retry. (#1884)
+        if row.status == ToolStatus::Success {
+            let normalized = row.name.trim().to_ascii_lowercase();
+            candidates.retain(|c| {
+                c.row.name.trim().to_ascii_lowercase() != normalized
+                    || c.row.status != ToolStatus::Failed
+            });
+        }
+
+        // Cap visible failures at MAX_VISIBLE_FAILURES. Excess failures
+        // get demoted to rank 3 so they don't crowd the top of the
+        // sidebar. (#1884)
+        let rank = if row.status == ToolStatus::Failed {
+            if visible_failure_count >= MAX_VISIBLE_FAILURES {
+                visible_failure_count += 1;
+                3
+            } else {
+                visible_failure_count += 1;
+                0
+            }
+        } else {
+            tool_row_rank(&row)
+        };
+
         candidates.push(Candidate {
-            rank: tool_row_rank(&row),
+            rank,
             order,
             row,
         });

From 2e73634ab07c2c64c9538242c762802128557332 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 04:45:40 -0500
Subject: [PATCH 233/283] fix(tui): make sidebar failure clearing order-aware

---
 crates/tui/src/tui/sidebar.rs | 139 ++++++++++++++++++++++++++++------
 1 file changed, 114 insertions(+), 25 deletions(-)

diff --git a/crates/tui/src/tui/sidebar.rs b/crates/tui/src/tui/sidebar.rs
index c28c5a83..da99f31f 100644
--- a/crates/tui/src/tui/sidebar.rs
+++ b/crates/tui/src/tui/sidebar.rs
@@ -770,7 +770,7 @@ fn active_tool_rows(app: &App) -> Vec<SidebarToolRow> {
     if !stale_running.is_empty() {
         rows.push(collapsed_stale_running_row(stale_running));
     }
-    editorial_tool_rows(rows, usize::MAX)
+    editorial_tool_rows(rows, usize::MAX, ToolRowOrder::OldestFirst)
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -837,7 +837,7 @@ fn recent_tool_rows(app: &App, limit: usize) -> Vec<SidebarToolRow> {
         .filter_map(sidebar_tool_row_from_cell)
         .take(RECENT_TOOL_SCAN_LIMIT)
         .collect();
-    editorial_tool_rows(rows, limit)
+    editorial_tool_rows(rows, limit, ToolRowOrder::NewestFirst)
 }
 
 fn push_tool_rows(
@@ -1142,7 +1142,17 @@ fn background_task_duplicates_live_tool(
         })
 }
 
-fn editorial_tool_rows(rows: Vec<SidebarToolRow>, limit: usize) -> Vec<SidebarToolRow> {
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+enum ToolRowOrder {
+    OldestFirst,
+    NewestFirst,
+}
+
+fn editorial_tool_rows(
+    rows: Vec<SidebarToolRow>,
+    limit: usize,
+    order_mode: ToolRowOrder,
+) -> Vec<SidebarToolRow> {
     #[derive(Clone)]
     struct Candidate {
         rank: u8,
@@ -1155,7 +1165,7 @@ fn editorial_tool_rows(rows: Vec<SidebarToolRow>, limit: usize) -> Vec<SidebarTo
     let mut ci_poll_groups: Vec<(usize, SidebarToolRow, usize)> = Vec::new();
     let mut shell_wait_groups: Vec<(usize, SidebarToolRow, usize, String)> = Vec::new();
     let mut seen_success: Vec<String> = Vec::new();
-    let mut seen_tool_names_succeeded: Vec<String> = Vec::new();
+    let mut seen_success_tool_names: Vec<String> = Vec::new();
     let mut seen_failures: Vec<String> = Vec::new();
     let mut visible_failure_count: usize = 0;
     const MAX_VISIBLE_FAILURES: usize = 2;
@@ -1166,6 +1176,11 @@ fn editorial_tool_rows(rows: Vec<SidebarToolRow>, limit: usize) -> Vec<SidebarTo
             // recent failure per tool. Fixes #1884 — stale failures from
             // tools that have since succeeded no longer crowd the sidebar.
             let fail_key = row.name.trim().to_ascii_lowercase();
+            if order_mode == ToolRowOrder::NewestFirst
+                && seen_success_tool_names.contains(&fail_key)
+            {
+                continue;
+            }
             if seen_failures.contains(&fail_key) {
                 continue;
             }
@@ -1226,20 +1241,34 @@ fn editorial_tool_rows(rows: Vec<SidebarToolRow>, limit: usize) -> Vec<SidebarTo
         if row.status == ToolStatus::Success {
             seen_success.push(key);
             let normalized = row.name.trim().to_ascii_lowercase();
-            if !seen_tool_names_succeeded.contains(&normalized) {
-                seen_tool_names_succeeded.push(normalized);
+            if !seen_success_tool_names.contains(&normalized) {
+                seen_success_tool_names.push(normalized.clone());
             }
-        }
 
-        // When a tool succeeds, remove any prior failure for the same
-        // tool name. Prevents stale `gh issue create (failed)` from
-        // lingering after a successful retry. (#1884)
-        if row.status == ToolStatus::Success {
-            let normalized = row.name.trim().to_ascii_lowercase();
-            candidates.retain(|c| {
-                c.row.name.trim().to_ascii_lowercase() != normalized
-                    || c.row.status != ToolStatus::Failed
-            });
+            // Active rows are oldest-first, so a success means any candidate
+            // failure for the same tool is stale. Recent history rows are
+            // newest-first; in that path the success is older than any
+            // already-seen failure and must not remove it.
+            if order_mode == ToolRowOrder::OldestFirst {
+                let mut removed_visible_failures = 0usize;
+                let mut removed_any_failure = false;
+                candidates.retain(|c| {
+                    let remove = c.row.status == ToolStatus::Failed
+                        && c.row.name.trim().eq_ignore_ascii_case(&normalized);
+                    if remove {
+                        removed_any_failure = true;
+                        if c.rank == 0 {
+                            removed_visible_failures += 1;
+                        }
+                    }
+                    !remove
+                });
+                if removed_any_failure {
+                    seen_failures.retain(|seen| seen != &normalized);
+                    visible_failure_count =
+                        visible_failure_count.saturating_sub(removed_visible_failures);
+                }
+            }
         }
 
         // Cap visible failures at MAX_VISIBLE_FAILURES. Excess failures
@@ -1247,7 +1276,6 @@ fn editorial_tool_rows(rows: Vec<SidebarToolRow>, limit: usize) -> Vec<SidebarTo
         // sidebar. (#1884)
         let rank = if row.status == ToolStatus::Failed {
             if visible_failure_count >= MAX_VISIBLE_FAILURES {
-                visible_failure_count += 1;
                 3
             } else {
                 visible_failure_count += 1;
@@ -1257,11 +1285,7 @@ fn editorial_tool_rows(rows: Vec<SidebarToolRow>, limit: usize) -> Vec<SidebarTo
             tool_row_rank(&row)
         };
 
-        candidates.push(Candidate {
-            rank,
-            order,
-            row,
-        });
+        candidates.push(Candidate { rank, order, row });
     }
 
     for (order, mut row, count) in ci_poll_groups {
@@ -1925,9 +1949,9 @@ mod tests {
     use super::{
         ACTIVE_TOOL_COMPLETED_ROW_TTL, ACTIVE_TOOL_STALE_RUNNING_ROW_TTL, AutoSidebarPanel,
         AutoSidebarState, SidebarAgentRow, SidebarHoverSection, SidebarHoverState,
-        SidebarSubagentSummary, SidebarWorkChecklistItem, SidebarWorkStrategyStep,
-        SidebarWorkSummary, auto_sidebar_panels, subagent_panel_lines, task_panel_lines,
-        work_panel_empty_hint, work_panel_lines,
+        SidebarSubagentSummary, SidebarToolRow, SidebarWorkChecklistItem, SidebarWorkStrategyStep,
+        SidebarWorkSummary, ToolRowOrder, auto_sidebar_panels, editorial_tool_rows,
+        subagent_panel_lines, task_panel_lines, work_panel_empty_hint, work_panel_lines,
     };
     use crate::config::Config;
     use crate::palette::PaletteMode;
@@ -1967,6 +1991,15 @@ mod tests {
         App::new(options, &Config::default())
     }
 
+    fn sidebar_tool_row(name: &str, status: ToolStatus) -> SidebarToolRow {
+        SidebarToolRow {
+            name: name.to_string(),
+            status,
+            summary: String::new(),
+            duration_ms: None,
+        }
+    }
+
     fn lines_to_text(lines: &[Line<'static>]) -> Vec<String> {
         lines
             .iter()
@@ -1979,6 +2012,62 @@ mod tests {
             .collect()
     }
 
+    #[test]
+    fn editorial_rows_keep_newer_failure_when_older_success_is_seen_later() {
+        let rows = vec![
+            sidebar_tool_row("gh issue create", ToolStatus::Failed),
+            sidebar_tool_row("gh issue create", ToolStatus::Success),
+        ];
+
+        let rendered = editorial_tool_rows(rows, 4, ToolRowOrder::NewestFirst);
+
+        assert!(
+            rendered
+                .iter()
+                .any(|row| row.name == "gh issue create" && row.status == ToolStatus::Failed),
+            "newest-first rows must keep a failure newer than a later-seen success: {rendered:?}"
+        );
+    }
+
+    #[test]
+    fn editorial_rows_hide_older_failure_after_newer_success() {
+        let rows = vec![
+            sidebar_tool_row("gh issue create", ToolStatus::Success),
+            sidebar_tool_row("gh issue create", ToolStatus::Failed),
+        ];
+
+        let rendered = editorial_tool_rows(rows, 4, ToolRowOrder::NewestFirst);
+
+        assert!(
+            !rendered
+                .iter()
+                .any(|row| row.name == "gh issue create" && row.status == ToolStatus::Failed),
+            "newest-first rows should hide stale failures older than success: {rendered:?}"
+        );
+    }
+
+    #[test]
+    fn editorial_rows_reclaim_failure_slot_after_oldest_first_success() {
+        let rows = vec![
+            sidebar_tool_row("gh issue create", ToolStatus::Failed),
+            sidebar_tool_row("grep_files", ToolStatus::Failed),
+            sidebar_tool_row("gh issue create", ToolStatus::Success),
+            sidebar_tool_row("cargo test", ToolStatus::Failed),
+        ];
+
+        let rendered = editorial_tool_rows(rows, 2, ToolRowOrder::OldestFirst);
+
+        assert_eq!(
+            rendered
+                .iter()
+                .filter(|row| row.status == ToolStatus::Failed)
+                .map(|row| row.name.as_str())
+                .collect::<Vec<_>>(),
+            vec!["grep_files", "cargo test"],
+            "success should clear its stale failure and free a visible failure slot"
+        );
+    }
+
     #[test]
     fn auto_sidebar_does_not_reserve_empty_work_when_other_panels_are_active() {
         let panels = auto_sidebar_panels(AutoSidebarState {

From 568fbe2c54478ef2bd9eb48eadc31c9a53ccc629 Mon Sep 17 00:00:00 2001
From: Paulo Aboim Pinto <aboimpinto@gmail.com>
Date: Thu, 28 May 2026 00:38:21 +0200
Subject: [PATCH 234/283] feat: enforce allowed tools for custom commands

---
 crates/tui/src/commands/mod.rs           |   3 +-
 crates/tui/src/commands/user_commands.rs | 282 ++++++++++++++++++++++-
 crates/tui/src/core/engine.rs            |   9 +
 crates/tui/src/core/engine/turn_loop.rs  | 105 +++++++--
 crates/tui/src/core/ops.rs               |   3 +
 crates/tui/src/main.rs                   |   2 +
 crates/tui/src/runtime_threads.rs        |   2 +
 crates/tui/src/tui/app.rs                |   4 +
 crates/tui/src/tui/ui.rs                 |   3 +
 crates/tui/src/tui/widgets/mod.rs        | 157 ++++++++++++-
 10 files changed, 543 insertions(+), 27 deletions(-)

diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index da5707cd..1efea458 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -31,7 +31,7 @@ mod skills;
 mod stash;
 mod status;
 mod task;
-mod user_commands;
+pub mod user_commands;
 
 use std::fmt::Write as _;
 
@@ -966,6 +966,7 @@ pub fn get_command_info(name: &str) -> Option<&'static CommandInfo> {
 ///
 /// `workspace` is used to also scan workspace-local command directories;
 /// pass `None` when no workspace context is available.
+#[allow(dead_code)]
 pub fn all_command_names_matching(
     prefix: &str,
     workspace: Option<&std::path::Path>,
diff --git a/crates/tui/src/commands/user_commands.rs b/crates/tui/src/commands/user_commands.rs
index d4290757..b8db3b01 100644
--- a/crates/tui/src/commands/user_commands.rs
+++ b/crates/tui/src/commands/user_commands.rs
@@ -5,6 +5,10 @@
 //! (without `.md` extension) becomes a slash command. When invoked via
 //! `/name`, the file contents are sent as a user message.
 //!
+//! Files may include optional YAML-like frontmatter between `---` markers.
+//! Supported fields are `description`, `argument-hint`, and `allowed-tools`.
+//! Frontmatter is stripped before the command body is sent to the model.
+//!
 //! ## Precedence
 //!
 //! Workspace-local directories shadow user-global by name:
@@ -95,6 +99,72 @@ pub fn load_user_commands(workspace: Option<&Path>) -> Vec<(String, String)> {
     commands
 }
 
+pub(crate) fn parse_frontmatter(content: &str) -> (Vec<(String, String)>, &str) {
+    let Some(first_line_end) = content.find('\n') else {
+        return (Vec::new(), content);
+    };
+    let first = content[..first_line_end].trim_end_matches('\r');
+
+    if first.trim().chars().all(|ch| ch == '-') && first.trim().len() >= 3 {
+        let mut metadata = Vec::new();
+        let mut offset = first_line_end + 1;
+        let mut unclosed_body_start = None;
+        for raw_line in content[offset..].split_inclusive('\n') {
+            let line_start = offset;
+            let line = raw_line.trim_end_matches(['\r', '\n']);
+            offset += raw_line.len();
+            let trimmed = line.trim();
+            if unclosed_body_start.is_none() {
+                if trimmed.chars().all(|ch| ch == '-') && trimmed.len() >= 3 {
+                    let body = content[offset..].trim_start_matches(['\r', '\n']);
+                    return (metadata, body);
+                }
+                if let Some((key, value)) = line.split_once(':') {
+                    let key = key.trim().to_ascii_lowercase();
+                    let raw_value = value.trim();
+                    let value = if key == "allowed-tools" {
+                        raw_value.to_string()
+                    } else {
+                        strip_matched_quotes(raw_value).to_string()
+                    };
+                    if !key.is_empty() {
+                        metadata.push((key, value));
+                    }
+                } else if !trimmed.is_empty() {
+                    unclosed_body_start = Some(line_start);
+                }
+            }
+        }
+        let body_start = unclosed_body_start.unwrap_or(content.len());
+        let body = content[body_start..].trim_start_matches(['\r', '\n']);
+        return (metadata, body);
+    }
+
+    (Vec::new(), content)
+}
+
+fn strip_matched_quotes(value: &str) -> &str {
+    if let Some(stripped) = value.strip_prefix('"').and_then(|v| v.strip_suffix('"')) {
+        return stripped;
+    }
+    if let Some(stripped) = value.strip_prefix('\'').and_then(|v| v.strip_suffix('\'')) {
+        return stripped;
+    }
+    value
+}
+
+fn parse_allowed_tools(value: &str) -> Vec<String> {
+    value
+        .split(',')
+        .map(|tool| {
+            strip_matched_quotes(tool.trim())
+                .trim()
+                .to_ascii_lowercase()
+        })
+        .filter(|tool| !tool.is_empty())
+        .collect()
+}
+
 /// Check if the input matches a user-defined command and return the
 /// content as a `SendMessage` action.
 ///
@@ -121,7 +191,23 @@ pub fn try_dispatch_user_command(app: &mut App, input: &str) -> Option<CommandRe
 
     for (name, content) in &user_commands {
         if name == command {
-            let message = apply_template(content, args);
+            let (metadata, body) = parse_frontmatter(content);
+            app.goal.goal_objective = None;
+            app.goal.goal_started_at = None;
+            app.active_allowed_tools = None;
+            for (key, value) in &metadata {
+                match key.as_str() {
+                    "description" => {
+                        app.goal.goal_objective = Some(value.clone());
+                        app.goal.goal_started_at = Some(std::time::Instant::now());
+                    }
+                    "allowed-tools" => {
+                        app.active_allowed_tools = Some(parse_allowed_tools(value));
+                    }
+                    _ => {}
+                }
+            }
+            let message = apply_template(body, args);
             return Some(CommandResult::action(AppAction::SendMessage(message)));
         }
     }
@@ -217,6 +303,30 @@ mod tests {
         std::fs::write(dir.join(format!("{name}.md")), body).unwrap();
     }
 
+    fn test_options(workspace: PathBuf) -> crate::tui::app::TuiOptions {
+        crate::tui::app::TuiOptions {
+            model: "deepseek-v4-pro".to_string(),
+            workspace,
+            config_path: None,
+            config_profile: None,
+            allow_shell: false,
+            use_alt_screen: true,
+            use_mouse_capture: false,
+            use_bracketed_paste: true,
+            max_subagents: 1,
+            skills_dir: PathBuf::from("."),
+            memory_path: PathBuf::from("memory.md"),
+            notes_path: PathBuf::from("notes.txt"),
+            mcp_config_path: PathBuf::from("mcp.json"),
+            use_memory: false,
+            start_in_agent_mode: false,
+            skip_onboarding: true,
+            yolo: false,
+            resume_session_id: None,
+            initial_input: None,
+        }
+    }
+
     #[test]
     fn load_user_commands_scans_workspace_local_dir() {
         let tmp = TempDir::new().unwrap();
@@ -363,4 +473,174 @@ mod tests {
             "got: {matches:?}"
         );
     }
+
+    #[test]
+    fn frontmatter_is_stripped_before_dispatch() {
+        use crate::config::Config;
+
+        let tmp = TempDir::new().unwrap();
+        let ws = tmp.path().to_path_buf();
+        write_command(
+            &ws.join(".deepseek").join("commands"),
+            "secure",
+            "---\ndescription: Secure scan\nallowed-tools: Bash, Read\n---\nRun $ARGUMENTS",
+        );
+
+        let mut app = App::new(test_options(ws), &Config::default());
+        let result = try_dispatch_user_command(&mut app, "/secure checks").unwrap();
+        match result.action {
+            Some(AppAction::SendMessage(msg)) => assert_eq!(msg, "Run checks"),
+            other => panic!("expected SendMessage action, got: {other:?}"),
+        }
+    }
+
+    #[test]
+    fn review_regression_unclosed_frontmatter_keeps_metadata_and_strips_header() {
+        let (metadata, body) = parse_frontmatter(
+            "---\ndescription: Broken command\nallowed-tools: Bash\nRun the safe body",
+        );
+
+        assert_eq!(
+            metadata,
+            vec![
+                ("description".to_string(), "Broken command".to_string()),
+                ("allowed-tools".to_string(), "Bash".to_string())
+            ]
+        );
+        assert_eq!(body, "Run the safe body");
+    }
+
+    #[test]
+    fn review_regression_unclosed_frontmatter_without_metadata_strips_header() {
+        let (metadata, body) =
+            parse_frontmatter("---\nRun the command body without a closing delimiter");
+
+        assert!(metadata.is_empty());
+        assert_eq!(body, "Run the command body without a closing delimiter");
+    }
+
+    #[test]
+    fn review_regression_frontmatter_strips_only_matched_quote_pairs() {
+        let (metadata, body) = parse_frontmatter("---\ndescription: 'Read\"\n---\nrun");
+
+        assert_eq!(
+            metadata,
+            vec![("description".to_string(), "'Read\"".to_string())]
+        );
+        assert_eq!(body, "run");
+    }
+
+    #[test]
+    fn allowed_tools_frontmatter_sets_app_state() {
+        use crate::config::Config;
+
+        let tmp = TempDir::new().unwrap();
+        let ws = tmp.path().to_path_buf();
+        write_command(
+            &ws.join(".deepseek").join("commands"),
+            "secure",
+            "---\nallowed-tools: Bash, Grep\n---\nrun tests",
+        );
+
+        let mut app = App::new(test_options(ws), &Config::default());
+        let _ = try_dispatch_user_command(&mut app, "/secure").unwrap();
+        assert_eq!(
+            app.active_allowed_tools,
+            Some(vec!["bash".to_string(), "grep".to_string()])
+        );
+    }
+
+    #[test]
+    fn review_regression_empty_allowed_tools_blocks_all_tools() {
+        use crate::config::Config;
+
+        let tmp = TempDir::new().unwrap();
+        let ws = tmp.path().to_path_buf();
+        write_command(
+            &ws.join(".deepseek").join("commands"),
+            "locked",
+            "---\nallowed-tools: \"\"\n---\nrun nothing",
+        );
+
+        let mut app = App::new(test_options(ws), &Config::default());
+        let _ = try_dispatch_user_command(&mut app, "/locked").unwrap();
+        assert_eq!(app.active_allowed_tools, Some(Vec::new()));
+    }
+
+    #[test]
+    fn review_regression_allowed_tools_accepts_per_item_quotes() {
+        use crate::config::Config;
+
+        let tmp = TempDir::new().unwrap();
+        let ws = tmp.path().to_path_buf();
+        write_command(
+            &ws.join(".deepseek").join("commands"),
+            "quoted",
+            "---\nallowed-tools: \"exec_shell\", 'read_file'\n---\nrun quoted tools",
+        );
+
+        let mut app = App::new(test_options(ws), &Config::default());
+        let _ = try_dispatch_user_command(&mut app, "/quoted").unwrap();
+        assert_eq!(
+            app.active_allowed_tools,
+            Some(vec!["exec_shell".to_string(), "read_file".to_string()])
+        );
+    }
+
+    #[test]
+    fn review_regression_dispatch_without_frontmatter_resets_previous_command_state() {
+        use crate::config::Config;
+
+        let tmp = TempDir::new().unwrap();
+        let ws = tmp.path().to_path_buf();
+        let commands_dir = ws.join(".deepseek").join("commands");
+        write_command(
+            &commands_dir,
+            "described",
+            "---\ndescription: Scan repos\nallowed-tools: Bash\n---\nscan",
+        );
+        write_command(&commands_dir, "plain", "plain command");
+
+        let mut app = App::new(test_options(ws), &Config::default());
+        let _ = try_dispatch_user_command(&mut app, "/described").unwrap();
+        assert_eq!(app.goal.goal_objective.as_deref(), Some("Scan repos"));
+        assert!(app.goal.goal_started_at.is_some());
+        assert_eq!(app.active_allowed_tools, Some(vec!["bash".to_string()]));
+
+        let _ = try_dispatch_user_command(&mut app, "/plain").unwrap();
+        assert_eq!(app.goal.goal_objective, None);
+        assert_eq!(app.goal.goal_started_at, None);
+        assert_eq!(app.active_allowed_tools, None);
+    }
+
+    #[test]
+    fn description_frontmatter_sets_work_objective_and_autocomplete_description() {
+        use crate::config::Config;
+
+        let tmp = TempDir::new().unwrap();
+        let ws = tmp.path().to_path_buf();
+        write_command(
+            &ws.join(".deepseek").join("commands"),
+            "git-scan",
+            "---\ndescription: Scan nested git repositories\nargument-hint: <root>\n---\nscan",
+        );
+
+        let mut app = App::new(test_options(ws.clone()), &Config::default());
+        let _ = try_dispatch_user_command(&mut app, "/git-scan").unwrap();
+        assert_eq!(
+            app.goal.goal_objective.as_deref(),
+            Some("Scan nested git repositories")
+        );
+        let commands = load_user_commands(Some(&ws));
+        let (_, content) = commands
+            .iter()
+            .find(|(name, _)| name == "git-scan")
+            .expect("git-scan command should load");
+        let (metadata, _) = parse_frontmatter(content);
+        assert!(metadata.contains(&(
+            "description".to_string(),
+            "Scan nested git repositories".to_string()
+        )));
+        assert!(metadata.contains(&("argument-hint".to_string(), "<root>".to_string())));
+    }
 }
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index c7afed2f..90850982 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -158,6 +158,9 @@ pub struct EngineConfig {
     pub memory_path: PathBuf,
     pub vision_config: Option<crate::config::VisionModelConfig>,
     pub goal_objective: Option<String>,
+    /// Tool restriction from custom slash command frontmatter.
+    /// `None` means the current turn may use the normal tool set.
+    pub allowed_tools: Option<Vec<String>>,
     /// Resolved BCP-47 locale tag (e.g. `"en"`, `"zh-Hans"`, `"ja"`)
     /// for the `## Environment` block in the system prompt. The
     /// caller resolves this from `Settings` once at engine
@@ -223,6 +226,7 @@ impl Default for EngineConfig {
             vision_config: None,
             strict_tool_mode: false,
             goal_objective: None,
+            allowed_tools: None,
             locale_tag: "en".to_string(),
             workshop: None,
             search_provider: crate::config::SearchProvider::default(),
@@ -626,6 +630,7 @@ impl Engine {
                     approval_mode,
                     translation_enabled,
                     show_thinking,
+                    allowed_tools,
                 } => {
                     self.handle_send_message(
                         content,
@@ -641,6 +646,7 @@ impl Engine {
                         approval_mode,
                         translation_enabled,
                         show_thinking,
+                        allowed_tools,
                     )
                     .await;
                 }
@@ -848,6 +854,7 @@ impl Engine {
                         self.session.approval_mode,
                         self.config.translation_enabled,
                         self.config.show_thinking,
+                        self.config.allowed_tools.clone(),
                     )
                     .await;
                 }
@@ -937,6 +944,7 @@ impl Engine {
         approval_mode: crate::tui::approval::ApprovalMode,
         translation_enabled: bool,
         show_thinking: bool,
+        allowed_tools: Option<Vec<String>>,
     ) {
         // Reset cancel token for fresh turn (in case previous was cancelled)
         self.reset_cancel_token();
@@ -1034,6 +1042,7 @@ impl Engine {
                 false,
             );
         }
+        self.config.allowed_tools = allowed_tools;
         self.session.reasoning_effort = reasoning_effort;
         self.session.reasoning_effort_auto = reasoning_effort_auto;
         self.session.auto_model = auto_model;
diff --git a/crates/tui/src/core/engine/turn_loop.rs b/crates/tui/src/core/engine/turn_loop.rs
index 70eccefb..94ff2546 100644
--- a/crates/tui/src/core/engine/turn_loop.rs
+++ b/crates/tui/src/core/engine/turn_loop.rs
@@ -1198,6 +1198,13 @@ impl Engine {
                     "Planning tool '{tool_name}' with input: {tool_input:?}"
                 ));
 
+                let requested_tool_name = tool_name.clone();
+                let tool_def =
+                    resolve_tool_definition(&mut tool_name, &tool_catalog, tool_registry);
+                if requested_tool_name != tool_name {
+                    tool.name = tool_name.clone();
+                }
+
                 let interactive = (tool_name == "exec_shell"
                     && tool_input
                         .get("interactive")
@@ -1229,25 +1236,10 @@ impl Engine {
                     )));
                 }
 
-                let requested_tool_name = tool_name.clone();
-                let mut tool_def = tool_catalog.iter().find(|def| def.name == tool_name);
-
-                // Resolve hallucinated tool names when the model emits a
-                // non-canonical variant (Read_file, readFile, read-file, etc.).
-                if tool_def.is_none()
-                    && let Some(registry) = tool_registry
-                    && let Some(canonical) = registry.resolve(&tool_name)
-                {
-                    crate::logging::info(format!(
-                        "Resolved hallucinated tool name '{tool_name}' -> '{canonical}'"
-                    ));
-                    tool_def = tool_catalog.iter().find(|d| d.name == canonical);
-                    if tool_def.is_some() {
-                        tool_name = canonical.to_string();
-                        // Update the tool_uses entry so the result is
-                        // attributed to the canonical name.
-                        tool.name = tool_name.clone();
-                    }
+                if !command_allows_tool(self.config.allowed_tools.as_deref(), &tool_name) {
+                    blocked_error = Some(ToolError::permission_denied(format!(
+                        "Tool '{tool_name}' is not in the allowed-tools list for the current command"
+                    )));
                 }
 
                 if !caller_allowed_for_tool(tool_caller.as_ref(), tool_def) {
@@ -2122,6 +2114,40 @@ fn should_hold_turn_for_subagents(queued_completions: usize, running_children: u
     queued_completions > 0 || running_children > 0
 }
 
+fn command_allows_tool(allowed_tools: Option<&[String]>, tool_name: &str) -> bool {
+    let Some(allowed_tools) = allowed_tools else {
+        return true;
+    };
+    allowed_tools.contains(&tool_name.to_ascii_lowercase())
+}
+
+fn resolve_tool_definition<'a>(
+    tool_name: &mut String,
+    tool_catalog: &'a [Tool],
+    tool_registry: Option<&crate::tools::ToolRegistry>,
+) -> Option<&'a Tool> {
+    let mut tool_def = tool_catalog
+        .iter()
+        .find(|def| def.name.as_str() == tool_name.as_str());
+
+    // Resolve hallucinated tool names before policy gates run, so aliases like
+    // ReadFile are checked against the canonical registered tool name.
+    if tool_def.is_none()
+        && let Some(registry) = tool_registry
+        && let Some(canonical) = registry.resolve(tool_name.as_str())
+    {
+        crate::logging::info(format!(
+            "Resolved hallucinated tool name '{tool_name}' -> '{canonical}'"
+        ));
+        tool_def = tool_catalog.iter().find(|d| d.name == canonical);
+        if tool_def.is_some() {
+            *tool_name = canonical.to_string();
+        }
+    }
+
+    tool_def
+}
+
 /// Issue #1727: decide whether to surface a "thinking-only, no output" status.
 ///
 /// Reached when the assistant turn had no sendable content (no Text, no
@@ -2393,4 +2419,45 @@ mod tests {
             "auto thinking should classify the user request, not stored metadata"
         );
     }
+
+    #[test]
+    fn allowed_tools_gate_blocks_unlisted_tool() {
+        let allowed = vec!["bash".to_string(), "grep".to_string()];
+        assert!(!command_allows_tool(Some(&allowed), "read"));
+    }
+
+    #[test]
+    fn allowed_tools_gate_allows_listed_tool_case_insensitively() {
+        let allowed = vec!["bash".to_string(), "read".to_string()];
+        assert!(command_allows_tool(Some(&allowed), "Read"));
+    }
+
+    #[test]
+    fn allowed_tools_gate_allows_all_tools_when_not_set() {
+        assert!(command_allows_tool(None, "write"));
+    }
+
+    #[test]
+    fn review_regression_allowed_tools_gate_blocks_all_tools_when_empty() {
+        let allowed = Vec::new();
+        assert!(!command_allows_tool(Some(&allowed), "bash"));
+    }
+
+    #[test]
+    fn review_regression_allowed_tools_gate_checks_canonical_tool_name() {
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let context = crate::tools::spec::ToolContext::new(tmp.path().to_path_buf());
+        let registry = crate::tools::ToolRegistryBuilder::new()
+            .with_file_tools()
+            .build(context);
+        let catalog = registry.to_api_tools();
+        let mut tool_name = "ReadFile".to_string();
+
+        let tool_def = resolve_tool_definition(&mut tool_name, &catalog, Some(&registry));
+
+        assert!(tool_def.is_some());
+        assert_eq!(tool_name, "read_file");
+        let allowed = vec!["read_file".to_string()];
+        assert!(command_allows_tool(Some(&allowed), &tool_name));
+    }
 }
diff --git a/crates/tui/src/core/ops.rs b/crates/tui/src/core/ops.rs
index b4096706..bf36d3cc 100644
--- a/crates/tui/src/core/ops.rs
+++ b/crates/tui/src/core/ops.rs
@@ -32,6 +32,9 @@ pub enum Op {
         approval_mode: ApprovalMode,
         translation_enabled: bool,
         show_thinking: bool,
+        /// Tool restriction from custom slash command frontmatter.
+        /// `None` means the current turn may use the normal tool set.
+        allowed_tools: Option<Vec<String>>,
     },
 
     /// Cancel the current request
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 1a8b5600..8043e5a4 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -5280,6 +5280,7 @@ async fn run_exec_agent(
         vision_config: config.vision_model_config(),
         strict_tool_mode: config.strict_tool_mode.unwrap_or(false),
         goal_objective: None,
+        allowed_tools: None,
         locale_tag: crate::localization::resolve_locale(&settings.locale)
             .tag()
             .to_string(),
@@ -5334,6 +5335,7 @@ async fn run_exec_agent(
             mode,
             model: effective_model.clone(),
             goal_objective: None,
+            allowed_tools: None,
             reasoning_effort: effective_reasoning_effort,
             reasoning_effort_auto: auto_model,
             auto_model,
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 25196f04..919d501a 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1629,6 +1629,7 @@ impl RuntimeThreadManager {
                 auto_approve,
                 translation_enabled: false,
                 show_thinking,
+                allowed_tools: None,
                 approval_mode: if auto_approve {
                     crate::tui::approval::ApprovalMode::Auto
                 } else {
@@ -1989,6 +1990,7 @@ impl RuntimeThreadManager {
             vision_config: self.config.vision_model_config(),
             strict_tool_mode: self.config.strict_tool_mode.unwrap_or(false),
             goal_objective: None,
+            allowed_tools: None,
             locale_tag: crate::localization::resolve_locale(&settings.locale)
                 .tag()
                 .to_string(),
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 9a254cdc..64ed98e9 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1108,6 +1108,9 @@ pub struct App {
     pub goal: GoalState,
     /// Session sub-state (cost, tokens, telemetry).
     pub session: SessionState,
+    /// Active tool restriction from custom slash command frontmatter.
+    /// `None` means the current turn may use the normal tool set.
+    pub active_allowed_tools: Option<Vec<String>>,
     pub history: Vec<HistoryCell>,
     pub history_version: u64,
     /// Per-cell revision counter, kept in lockstep with `history`.
@@ -1856,6 +1859,7 @@ impl App {
             viewport: ViewportState::default(),
             goal: GoalState::default(),
             session: SessionState::default(),
+            active_allowed_tools: None,
             history: Vec::new(),
             history_version: 0,
             history_revisions: Vec::new(),
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 4e65c574..0ee3d1c0 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -744,6 +744,7 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
             app.goal.goal_completed,
         ),
         max_spawn_depth: crate::tools::subagent::DEFAULT_MAX_SPAWN_DEPTH,
+        allowed_tools: app.active_allowed_tools.clone(),
         network_policy: config.network.clone().map(|toml_cfg| {
             crate::network_policy::NetworkPolicyDecider::with_default_audit(toml_cfg.into_runtime())
         }),
@@ -1440,6 +1441,7 @@ async fn run_event_loop(
                     } => {
                         let was_locally_cancelled = app.suppress_stream_events_until_turn_complete;
                         app.suppress_stream_events_until_turn_complete = false;
+                        app.active_allowed_tools = None;
                         if !matches!(status, crate::core::events::TurnOutcomeStatus::Completed)
                             || draws_since_last_full_repaint >= PERIODIC_FULL_REPAINT_EVERY_N
                         {
@@ -4463,6 +4465,7 @@ async fn dispatch_user_message(
             approval_mode: app.approval_mode,
             translation_enabled: app.translation_enabled,
             show_thinking: app.show_thinking,
+            allowed_tools: app.active_allowed_tools.clone(),
         })
         .await
     {
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index 2c478a29..71ba96cc 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -2080,14 +2080,26 @@ pub(crate) fn slash_completion_hints(
     let mut entries: Vec<SlashMenuEntry> = Vec::new();
     let mut seen: std::collections::HashSet<String> = std::collections::HashSet::new();
     let prefix_lower = prefix.to_ascii_lowercase();
+    let user_commands = if completing_skill_arg.is_none() {
+        commands::user_commands::load_user_commands(workspace)
+    } else {
+        Vec::new()
+    };
 
     // ── Phase 1: prefix (starts_with) matches ─────────────────────────
     // Highest priority — preserves existing exact-prefix completion.
     if completing_skill_arg.is_none() {
-        for name in commands::all_command_names_matching(prefix, workspace) {
+        for name in all_command_names_matching_loaded(prefix, &user_commands) {
             seen.insert(name.clone());
             let command_key = name.trim_start_matches('/');
-            push_command_entry(&mut entries, &name, command_key, &prefix_lower, locale);
+            push_command_entry(
+                &mut entries,
+                &name,
+                command_key,
+                &prefix_lower,
+                locale,
+                &user_commands,
+            );
         }
     }
 
@@ -2106,7 +2118,14 @@ pub(crate) fn slash_completion_hints(
                 .any(|a| a.to_ascii_lowercase().contains(&prefix_lower));
             if cmd_lower.contains(&prefix_lower) || alias_match {
                 seen.insert(name.clone());
-                push_command_entry(&mut entries, &name, cmd.name, &prefix_lower, locale);
+                push_command_entry(
+                    &mut entries,
+                    &name,
+                    cmd.name,
+                    &prefix_lower,
+                    locale,
+                    &user_commands,
+                );
             }
         }
     }
@@ -2126,7 +2145,14 @@ pub(crate) fn slash_completion_hints(
                 .any(|a| fuzzy_chars_in_order(&prefix_lower, &a.to_ascii_lowercase()));
             if fuzzy_chars_in_order(&prefix_lower, &cmd_lower) || alias_match {
                 seen.insert(name.clone());
-                push_command_entry(&mut entries, &name, cmd.name, &prefix_lower, locale);
+                push_command_entry(
+                    &mut entries,
+                    &name,
+                    cmd.name,
+                    &prefix_lower,
+                    locale,
+                    &user_commands,
+                );
             }
         }
     }
@@ -2219,6 +2245,31 @@ pub(crate) fn slash_completion_hints(
     entries.into_iter().take(limit).collect()
 }
 
+fn all_command_names_matching_loaded(
+    prefix: &str,
+    user_commands: &[(String, String)],
+) -> Vec<String> {
+    let prefix = prefix.strip_prefix('/').unwrap_or(prefix).to_lowercase();
+    let mut result: Vec<String> = commands::COMMANDS
+        .iter()
+        .filter(|cmd| {
+            cmd.name.starts_with(&prefix) || cmd.aliases.iter().any(|a| a.starts_with(&prefix))
+        })
+        .map(|cmd| format!("/{}", cmd.name))
+        .collect();
+
+    result.extend(
+        user_commands
+            .iter()
+            .filter(|(name, _)| name.starts_with(&prefix))
+            .map(|(name, _)| format!("/{name}")),
+    );
+
+    result.sort();
+    result.dedup();
+    result
+}
+
 /// Push a built-in command entry to the slash menu, resolving description
 /// and alias hints.
 fn push_command_entry(
@@ -2227,6 +2278,7 @@ fn push_command_entry(
     command_key: &str,
     prefix_lower: &str,
     locale: crate::localization::Locale,
+    user_commands: &[(String, String)],
 ) {
     let (description, alias_hint) = if let Some(info) = commands::get_command_info(command_key) {
         let hint = if !command_key.to_ascii_lowercase().starts_with(prefix_lower) {
@@ -2256,7 +2308,25 @@ fn push_command_entry(
         };
         (desc, hint)
     } else {
-        (String::from("User-defined command"), None)
+        let mut description = String::from("User-defined command");
+        let mut argument_hint = None;
+        if let Some((_, content)) = user_commands.iter().find(|(key, _)| key == command_key) {
+            let (metadata, _) = commands::user_commands::parse_frontmatter(content);
+            for (key, value) in metadata {
+                match key.as_str() {
+                    "description" => description = value,
+                    "argument-hint" => argument_hint = Some(value),
+                    _ => {}
+                }
+            }
+        }
+        if let Some(hint) = argument_hint {
+            if !hint.trim().is_empty() {
+                description.push_str("  ");
+                description.push_str(hint.trim());
+            }
+        }
+        (description, None)
     };
     entries.push(SlashMenuEntry {
         name: name.to_string(),
@@ -2501,7 +2571,8 @@ mod tests {
         SlashMenuEntry, apply_selection_to_line, build_empty_state_lines, composer_height,
         composer_max_height, composer_min_input_rows, composer_top_padding, compute_takeover_area,
         cursor_row_col, layout_input, pad_lines_to_bottom, placeholder_visual_lines,
-        should_render_empty_state, slash_completion_hints, wrap_input_lines, wrap_text,
+        push_command_entry, should_render_empty_state, slash_completion_hints, wrap_input_lines,
+        wrap_text,
     };
     use crate::config::{ApiProvider, Config};
     use crate::localization::Locale;
@@ -2761,6 +2832,80 @@ mod tests {
         assert!(!hints.iter().any(|hint| hint.name == "/codewhale"));
     }
 
+    #[test]
+    fn slash_completion_hints_use_user_command_frontmatter_description() {
+        let tmp = tempfile::TempDir::new().unwrap();
+        let commands_dir = tmp.path().join(".deepseek").join("commands");
+        std::fs::create_dir_all(&commands_dir).unwrap();
+        std::fs::write(
+            commands_dir.join("git-scan.md"),
+            "---\ndescription: Scan nested git repositories\n---\nscan",
+        )
+        .unwrap();
+
+        let hints = slash_completion_hints(
+            "/git",
+            128,
+            &[],
+            Locale::En,
+            Some(tmp.path()),
+            ApiProvider::Deepseek,
+        );
+        let entry = hints
+            .iter()
+            .find(|hint| hint.name == "/git-scan")
+            .expect("custom command should be present");
+        assert_eq!(entry.description, "Scan nested git repositories");
+    }
+
+    #[test]
+    fn slash_completion_hints_use_user_command_argument_hint() {
+        let tmp = tempfile::TempDir::new().unwrap();
+        let commands_dir = tmp.path().join(".deepseek").join("commands");
+        std::fs::create_dir_all(&commands_dir).unwrap();
+        std::fs::write(
+            commands_dir.join("deploy.md"),
+            "---\ndescription: Deploy target\nargument-hint: <env>\n---\ndeploy",
+        )
+        .unwrap();
+
+        let hints = slash_completion_hints(
+            "/deploy",
+            128,
+            &[],
+            Locale::En,
+            Some(tmp.path()),
+            ApiProvider::Deepseek,
+        );
+        let entry = hints
+            .iter()
+            .find(|hint| hint.name == "/deploy")
+            .expect("custom command should be present");
+        assert_eq!(entry.description, "Deploy target  <env>");
+    }
+
+    #[test]
+    fn review_regression_push_command_entry_uses_preloaded_user_command_frontmatter() {
+        let user_commands = vec![(
+            "deploy".to_string(),
+            "---\ndescription: Deploy target\nargument-hint: <env>\n---\ndeploy".to_string(),
+        )];
+        let mut entries = Vec::new();
+
+        push_command_entry(
+            &mut entries,
+            "/deploy",
+            "deploy",
+            "deploy",
+            Locale::En,
+            &user_commands,
+        );
+
+        assert_eq!(entries.len(), 1);
+        assert_eq!(entries[0].name, "/deploy");
+        assert_eq!(entries[0].description, "Deploy target  <env>");
+    }
+
     #[test]
     fn slash_completion_hints_hide_skills_from_top_level_menu() {
         let cached_skills = vec![

From 3aea6d29a24d485456b3936b5acf3d177cb1e89d Mon Sep 17 00:00:00 2001
From: hexin <he.xin@h3c.com>
Date: Thu, 28 May 2026 18:12:40 +0800
Subject: [PATCH 235/283] feat(prompts): support inline string sources in
 EngineConfig.instructions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

EngineConfig.instructions was Vec<PathBuf>, which forces embedders that
compute instructions at runtime to stage content to a disk file just to
satisfy the path API. That has two awkward side-effects:

1. The disk file looks like editable config but gets overwritten on
   every launch, confusing for users browsing the install dir.
2. Multi-engine setups need per-engine paths to avoid `rehydrate`
   re-reading the wrong session's content across concurrent engines.

Add an `InstructionSource` enum (`File(PathBuf)` / `Inline { name,
content }`) covering both shapes. `render_instructions_block` dispatches:
File sources read disk (original behavior preserved), Inline sources use
the content directly with `name` becoming the `<instructions source=...>`
attribute.

`From<PathBuf> for InstructionSource` is provided so the existing CLI /
runtime call sites upgrade with a single `.into_iter().map(Into::into).
collect()` chain — no behavior change for callers passing paths.

New test `render_instructions_block_handles_inline_source` covers Inline
empty / oversize-truncate / File+Inline mixed-ordering. The 5 existing
`render_instructions_block_*` tests are updated to use `.into()` on
`PathBuf` and continue to assert File-variant behavior.
---
 crates/tui/src/core/engine.rs     |  14 ++-
 crates/tui/src/main.rs            |   6 +-
 crates/tui/src/prompts.rs         | 184 ++++++++++++++++++++++--------
 crates/tui/src/runtime_threads.rs |   7 +-
 crates/tui/src/tui/ui.rs          |   6 +-
 5 files changed, 161 insertions(+), 56 deletions(-)

diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index 90850982..db7f7ca4 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -91,11 +91,15 @@ pub struct EngineConfig {
     pub mcp_config_path: PathBuf,
     /// Directory containing discoverable skills.
     pub skills_dir: PathBuf,
-    /// Additional instruction files concatenated into the system
-    /// prompt (#454). Loaded in declared order from the user's
-    /// `instructions = [...]` config (or the per-project override).
-    /// Resolved via `expand_path` so `~` works.
-    pub instructions: Vec<PathBuf>,
+    /// Sources injected as `<instructions source="…">` blocks in the system
+    /// prompt (#454). Each entry is either a disk path (read at render time)
+    /// or an inline string. Loaded in declared order from the user's
+    /// `instructions = [...]` config or constructed by embedders.
+    ///
+    /// Generalized from `Vec<PathBuf>` so embedders can inject inline content
+    /// without staging a disk file. `From<PathBuf>` impl keeps existing callers
+    /// working with `.into()` at the call site.
+    pub instructions: Vec<crate::prompts::InstructionSource>,
     pub project_context_pack_enabled: bool,
     /// When true, the model is instructed to respond in the current locale
     /// and a post-hoc translation layer replaces remaining English output.
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 8043e5a4..e2c52d94 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -5250,7 +5250,11 @@ async fn run_exec_agent(
         notes_path: config.notes_path(),
         mcp_config_path: config.mcp_config_path(),
         skills_dir: config.skills_dir(),
-        instructions: config.instructions_paths(),
+        instructions: config
+            .instructions_paths()
+            .into_iter()
+            .map(Into::into)
+            .collect(),
         project_context_pack_enabled: config.project_context_pack_enabled(),
         translation_enabled: false,
         show_thinking: settings.show_thinking,
diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index 22b77643..3a9f1839 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -159,44 +159,88 @@ fn render_environment_block(workspace: &Path, locale_tag: &str) -> String {
     )
 }
 
+/// Source for an `EngineConfig.instructions` entry. Either a disk file (loaded
+/// at render time, original semantics) or an inline string (content baked into
+/// `EngineConfig`, no disk I/O at render time).
+///
+/// The inline variant is useful for embedders that compute instructions at
+/// runtime (e.g. rendering a template with workspace-specific substitutions)
+/// and don't want to stage the content to a disk file just to satisfy a path
+/// API. Staging adds two problems the inline path avoids:
+///
+///   1. The disk file looks like editable config but gets overwritten on
+///      every launch — confusing for users browsing the install dir.
+///   2. Multi-engine setups need per-engine paths to avoid `rehydrate`
+///      reading another session's instructions; with inline sources the
+///      content lives in the per-engine `EngineConfig` and the race
+///      surface goes away.
+///
+/// `From<PathBuf>` is provided so existing callers passing `Vec<PathBuf>` can
+/// keep working with a `.into()` upgrade at the call site.
+#[derive(Debug, Clone)]
+pub enum InstructionSource {
+    /// Load this file from disk at prompt-render time. Original behavior:
+    /// missing files are skipped with a warning, oversized files are
+    /// truncated to `INSTRUCTIONS_FILE_MAX_BYTES` with an `[…elided]`
+    /// marker.
+    File(PathBuf),
+    /// Use the provided string directly. `name` becomes the
+    /// `<instructions source="…">` attribute (typically a synthetic
+    /// identifier like `embedded:my-template` or a logical path).
+    Inline { name: String, content: String },
+}
+
+impl From<PathBuf> for InstructionSource {
+    fn from(path: PathBuf) -> Self {
+        InstructionSource::File(path)
+    }
+}
+
+impl From<&PathBuf> for InstructionSource {
+    fn from(path: &PathBuf) -> Self {
+        InstructionSource::File(path.clone())
+    }
+}
+
 /// Render the `instructions = [...]` config array as a single
-/// system-prompt block (#454). Each path is loaded in declared order;
-/// missing files are skipped with a tracing warning so a stale entry
-/// in `~/.deepseek/config.toml` doesn't fail the launch. Empty input
-/// (or all paths missing) returns `None` so callers append nothing.
-fn render_instructions_block(paths: &[PathBuf]) -> Option<String> {
+/// system-prompt block (#454). Each source is processed in declared order;
+/// missing `File` sources are skipped with a tracing warning so a stale entry
+/// doesn't fail the launch. Empty input (or all sources missing/empty)
+/// returns `None` so callers append nothing.
+fn render_instructions_block(sources: &[InstructionSource]) -> Option<String> {
     let mut sections: Vec<String> = Vec::new();
-    for path in paths {
-        match std::fs::read_to_string(path) {
-            Ok(raw) => {
-                let trimmed = raw.trim();
-                if trimmed.is_empty() {
+    for source in sources {
+        let (raw_source_name, raw_content): (String, String) = match source {
+            InstructionSource::File(path) => match std::fs::read_to_string(path) {
+                Ok(raw) => (path.display().to_string(), raw),
+                Err(err) => {
+                    tracing::warn!(
+                        target: "instructions",
+                        ?err,
+                        ?path,
+                        "skipping unreadable instructions file"
+                    );
                     continue;
                 }
-                let body = if trimmed.len() > INSTRUCTIONS_FILE_MAX_BYTES {
-                    let head_end = (0..=INSTRUCTIONS_FILE_MAX_BYTES)
-                        .rev()
-                        .find(|&i| trimmed.is_char_boundary(i))
-                        .unwrap_or(0);
-                    format!("{}\n[…elided]", &trimmed[..head_end])
-                } else {
-                    trimmed.to_string()
-                };
-                sections.push(format!(
-                    "<instructions source=\"{}\">\n{}\n</instructions>",
-                    path.display(),
-                    body
-                ));
-            }
-            Err(err) => {
-                tracing::warn!(
-                    target: "instructions",
-                    ?err,
-                    ?path,
-                    "skipping unreadable instructions file"
-                );
-            }
+            },
+            InstructionSource::Inline { name, content } => (name.clone(), content.clone()),
+        };
+        let trimmed = raw_content.trim();
+        if trimmed.is_empty() {
+            continue;
         }
+        let body = if trimmed.len() > INSTRUCTIONS_FILE_MAX_BYTES {
+            let head_end = (0..=INSTRUCTIONS_FILE_MAX_BYTES)
+                .rev()
+                .find(|&i| trimmed.is_char_boundary(i))
+                .unwrap_or(0);
+            format!("{}\n[…elided]", &trimmed[..head_end])
+        } else {
+            trimmed.to_string()
+        };
+        sections.push(format!(
+            "<instructions source=\"{raw_source_name}\">\n{body}\n</instructions>"
+        ));
     }
     if sections.is_empty() {
         None
@@ -682,7 +726,7 @@ pub fn system_prompt_for_mode_with_context_and_skills(
     workspace: &Path,
     working_set_summary: Option<&str>,
     skills_dir: Option<&Path>,
-    instructions: Option<&[PathBuf]>,
+    instructions: Option<&[InstructionSource]>,
     user_memory_block: Option<&str>,
 ) -> SystemPrompt {
     system_prompt_for_mode_with_context_skills_and_session(
@@ -708,7 +752,7 @@ pub fn system_prompt_for_mode_with_context_skills_and_session(
     workspace: &Path,
     _working_set_summary: Option<&str>,
     skills_dir: Option<&Path>,
-    instructions: Option<&[PathBuf]>,
+    instructions: Option<&[InstructionSource]>,
     session_context: PromptSessionContext<'_>,
 ) -> SystemPrompt {
     system_prompt_for_mode_with_context_skills_session_and_approval(
@@ -727,7 +771,7 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
     workspace: &Path,
     _working_set_summary: Option<&str>,
     skills_dir: Option<&Path>,
-    instructions: Option<&[PathBuf]>,
+    instructions: Option<&[InstructionSource]>,
     session_context: PromptSessionContext<'_>,
     approval_mode: ApprovalMode,
 ) -> SystemPrompt {
@@ -856,8 +900,8 @@ pub fn system_prompt_for_mode_with_context_skills_session_and_approval(
     // because these files are workspace-scoped and may differ between
     // sessions; any edit to them would otherwise bust the prefix cache for
     // all subsequent static layers.
-    if let Some(paths) = instructions
-        && let Some(block) = render_instructions_block(paths)
+    if let Some(sources) = instructions
+        && let Some(block) = render_instructions_block(sources)
     {
         full_prompt = format!("{full_prompt}\n\n{block}");
     }
@@ -2047,10 +2091,6 @@ mod tests {
     #[test]
     fn workspace_orientation_guidance_present() {
         let prompt = compose_prompt(AppMode::Agent, Personality::Calm);
-        // Workspace orientation guidance is now distributed across the
-        // Constitutional preamble (project context loading) and the
-        // Local Law tier (AGENTS.md/instructions.md). Verify the
-        // key guidance anchors are still present.
         assert!(prompt.contains("AGENTS.md"));
         assert!(prompt.contains("Local Law"));
         assert!(
@@ -2292,7 +2332,8 @@ mod tests {
 
     #[test]
     fn render_instructions_block_returns_none_for_empty_input() {
-        assert!(super::render_instructions_block(&[]).is_none());
+        let empty: &[super::InstructionSource] = &[];
+        assert!(super::render_instructions_block(empty).is_none());
     }
 
     #[test]
@@ -2302,7 +2343,7 @@ mod tests {
         std::fs::write(&real, "real content here").unwrap();
         let bogus = tmp.path().join("does-not-exist.md");
 
-        let block = super::render_instructions_block(&[bogus.clone(), real.clone()])
+        let block = super::render_instructions_block(&[bogus.clone().into(), real.clone().into()])
             .expect("present file should produce a block");
         assert!(block.contains("real content here"));
         assert!(block.contains(&real.display().to_string()));
@@ -2318,7 +2359,7 @@ mod tests {
         std::fs::write(&a, "ALPHA_MARKER").unwrap();
         std::fs::write(&b, "BRAVO_MARKER").unwrap();
 
-        let block = super::render_instructions_block(&[a, b]).expect("non-empty");
+        let block = super::render_instructions_block(&[a.into(), b.into()]).expect("non-empty");
         let alpha_pos = block.find("ALPHA_MARKER").expect("alpha rendered");
         let bravo_pos = block.find("BRAVO_MARKER").expect("bravo rendered");
         assert!(
@@ -2335,7 +2376,8 @@ mod tests {
         std::fs::write(&empty, "   \n   \n").unwrap();
         std::fs::write(&real, "real content").unwrap();
 
-        let block = super::render_instructions_block(&[empty, real]).expect("non-empty");
+        let block =
+            super::render_instructions_block(&[empty.into(), real.into()]).expect("non-empty");
         // Empty file produces no `<instructions>` section, only the real one.
         let count = block.matches("<instructions").count();
         assert_eq!(count, 1, "only the non-empty file should produce a section");
@@ -2348,7 +2390,7 @@ mod tests {
         // 200 KiB of content — well above the 100 KiB cap.
         std::fs::write(&big, "X".repeat(200 * 1024)).unwrap();
 
-        let block = super::render_instructions_block(&[big]).expect("non-empty");
+        let block = super::render_instructions_block(&[big.into()]).expect("non-empty");
         assert!(block.contains("[…elided]"), "truncation marker missing");
         // Block should be much smaller than the original file.
         assert!(
@@ -2357,6 +2399,51 @@ mod tests {
         );
     }
 
+    /// `InstructionSource::Inline` bypasses disk reads — the content is used
+    /// directly and `name` becomes the `<instructions source="…">` attribute.
+    /// Empty / oversize handling mirrors `File` variant.
+    #[test]
+    fn render_instructions_block_handles_inline_source() {
+        let block = super::render_instructions_block(&[super::InstructionSource::Inline {
+            name: "embedded:test/template".to_string(),
+            content: "INLINE_MARKER_CONTENT".to_string(),
+        }])
+        .expect("non-empty");
+        assert!(block.contains("INLINE_MARKER_CONTENT"));
+        assert!(block.contains("source=\"embedded:test/template\""));
+
+        // Empty inline → skipped just like empty file.
+        let empty_inline = super::InstructionSource::Inline {
+            name: "empty".to_string(),
+            content: "   ".to_string(),
+        };
+        assert!(super::render_instructions_block(&[empty_inline]).is_none());
+
+        // Oversize inline → truncated with elided marker.
+        let big_inline = super::InstructionSource::Inline {
+            name: "huge".to_string(),
+            content: "Y".repeat(200 * 1024),
+        };
+        let trimmed = super::render_instructions_block(&[big_inline]).expect("non-empty");
+        assert!(trimmed.contains("[…elided]"));
+
+        // File + Inline 混用,顺序保持。
+        let tmp = tempdir().expect("tempdir");
+        let file_path = tmp.path().join("file-first.md");
+        std::fs::write(&file_path, "FILE_MARKER").unwrap();
+        let mixed = super::render_instructions_block(&[
+            file_path.into(),
+            super::InstructionSource::Inline {
+                name: "inline-second".to_string(),
+                content: "INLINE_MARKER".to_string(),
+            },
+        ])
+        .expect("non-empty");
+        let file_pos = mixed.find("FILE_MARKER").expect("file rendered");
+        let inline_pos = mixed.find("INLINE_MARKER").expect("inline rendered");
+        assert!(file_pos < inline_pos, "声明顺序必须保留(File then Inline)");
+    }
+
     #[test]
     fn instructions_block_appears_in_system_prompt_when_configured() {
         let tmp = tempdir().expect("tempdir");
@@ -2364,12 +2451,13 @@ mod tests {
         let extra = workspace.join("extra-instructions.md");
         std::fs::write(&extra, "EXTRA_INSTRUCTIONS_MARKER_BODY").unwrap();
 
+        let extra_source: super::InstructionSource = extra.clone().into();
         let prompt = match super::system_prompt_for_mode_with_context_and_skills(
             AppMode::Agent,
             workspace,
             None,
             None,
-            Some(std::slice::from_ref(&extra)),
+            Some(std::slice::from_ref(&extra_source)),
             None,
         ) {
             SystemPrompt::Text(text) => text,
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 919d501a..3b90bc60 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1945,7 +1945,12 @@ impl RuntimeThreadManager {
             notes_path: self.config.notes_path(),
             mcp_config_path: self.config.mcp_config_path(),
             skills_dir: self.config.skills_dir(),
-            instructions: self.config.instructions_paths(),
+            instructions: self
+                .config
+                .instructions_paths()
+                .into_iter()
+                .map(Into::into)
+                .collect(),
             project_context_pack_enabled: self.config.project_context_pack_enabled(),
             translation_enabled: false,
             show_thinking: settings.show_thinking,
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 0ee3d1c0..9cb5b5a9 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -718,7 +718,11 @@ fn build_engine_config(app: &App, config: &Config) -> EngineConfig {
         notes_path: config.notes_path(),
         mcp_config_path: config.mcp_config_path(),
         skills_dir: app.skills_dir.clone(),
-        instructions: config.instructions_paths(),
+        instructions: config
+            .instructions_paths()
+            .into_iter()
+            .map(Into::into)
+            .collect(),
         project_context_pack_enabled: config.project_context_pack_enabled(),
         translation_enabled: app.translation_enabled,
         show_thinking: app.show_thinking,

From 7993f97f8804db5c50899b3d95261ff1d13acf96 Mon Sep 17 00:00:00 2001
From: hqt <you@example.com>
Date: Thu, 28 May 2026 15:54:58 +0800
Subject: [PATCH 236/283] feat(state): add parent_entry_id on the message table
 for fork support

---
 crates/core/src/lib.rs             |   1 +
 crates/state/src/lib.rs            | 354 ++++++++++++++++++++++-------
 crates/state/tests/parity_state.rs | 195 ++++++++++++++++
 3 files changed, 468 insertions(+), 82 deletions(-)

diff --git a/crates/core/src/lib.rs b/crates/core/src/lib.rs
index e6d9f094..472095cc 100644
--- a/crates/core/src/lib.rs
+++ b/crates/core/src/lib.rs
@@ -643,6 +643,7 @@ impl ThreadManager {
             git_branch: None,
             git_origin_url: None,
             memory_mode: None,
+            current_leaf_id: None,
         })
     }
 }
diff --git a/crates/state/src/lib.rs b/crates/state/src/lib.rs
index 9bad8a16..7347245d 100644
--- a/crates/state/src/lib.rs
+++ b/crates/state/src/lib.rs
@@ -53,6 +53,7 @@ pub struct ThreadMetadata {
     pub git_branch: Option<String>,
     pub git_origin_url: Option<String>,
     pub memory_mode: Option<String>,
+    pub current_leaf_id: Option<i64>,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -71,6 +72,7 @@ pub struct MessageRecord {
     pub content: String,
     pub item: Option<Value>,
     pub created_at: i64,
+    pub parent_entry_id: Option<i64>,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
@@ -162,79 +164,107 @@ impl StateStore {
 
     fn init_schema(&self) -> Result<()> {
         let conn = self.conn()?;
-        conn.execute_batch(
-            r#"
-            CREATE TABLE IF NOT EXISTS threads (
-                id TEXT PRIMARY KEY,
-                rollout_path TEXT,
-                preview TEXT NOT NULL,
-                ephemeral INTEGER NOT NULL,
-                model_provider TEXT NOT NULL,
-                created_at INTEGER NOT NULL,
-                updated_at INTEGER NOT NULL,
-                status TEXT NOT NULL,
-                path TEXT,
-                cwd TEXT NOT NULL,
-                cli_version TEXT NOT NULL,
-                source TEXT NOT NULL,
-                title TEXT,
-                sandbox_policy TEXT,
-                approval_mode TEXT,
-                archived INTEGER NOT NULL DEFAULT 0,
-                archived_at INTEGER,
-                git_sha TEXT,
-                git_branch TEXT,
-                git_origin_url TEXT,
-                memory_mode TEXT
-            );
-            CREATE INDEX IF NOT EXISTS idx_threads_updated_at ON threads(updated_at DESC);
-            CREATE INDEX IF NOT EXISTS idx_threads_archived_at ON threads(archived_at DESC);
-            CREATE INDEX IF NOT EXISTS idx_threads_archived_updated ON threads(archived, updated_at DESC);
+        let user_version: u32 = conn.query_row("PRAGMA user_version;", [], |row| row.get(0))?;
+        if user_version == 0 {
+            conn.execute_batch(
+                r#"
+                CREATE TABLE IF NOT EXISTS threads (
+                    id TEXT PRIMARY KEY,
+                    rollout_path TEXT,
+                    preview TEXT NOT NULL,
+                    ephemeral INTEGER NOT NULL,
+                    model_provider TEXT NOT NULL,
+                    created_at INTEGER NOT NULL,
+                    updated_at INTEGER NOT NULL,
+                    status TEXT NOT NULL,
+                    path TEXT,
+                    cwd TEXT NOT NULL,
+                    cli_version TEXT NOT NULL,
+                    source TEXT NOT NULL,
+                    title TEXT,
+                    sandbox_policy TEXT,
+                    approval_mode TEXT,
+                    archived INTEGER NOT NULL DEFAULT 0,
+                    archived_at INTEGER,
+                    git_sha TEXT,
+                    git_branch TEXT,
+                    git_origin_url TEXT,
+                    memory_mode TEXT
+                );
+                CREATE INDEX IF NOT EXISTS idx_threads_updated_at ON threads(updated_at DESC);
+                CREATE INDEX IF NOT EXISTS idx_threads_archived_at ON threads(archived_at DESC);
+                CREATE INDEX IF NOT EXISTS idx_threads_archived_updated ON threads(archived, updated_at DESC);
 
-            CREATE TABLE IF NOT EXISTS thread_dynamic_tools (
-                thread_id TEXT NOT NULL,
-                position INTEGER NOT NULL,
-                name TEXT NOT NULL,
-                description TEXT,
-                input_schema TEXT NOT NULL,
-                PRIMARY KEY (thread_id, position),
-                FOREIGN KEY(thread_id) REFERENCES threads(id) ON DELETE CASCADE
-            );
+                CREATE TABLE IF NOT EXISTS thread_dynamic_tools (
+                    thread_id TEXT NOT NULL,
+                    position INTEGER NOT NULL,
+                    name TEXT NOT NULL,
+                    description TEXT,
+                    input_schema TEXT NOT NULL,
+                    PRIMARY KEY (thread_id, position),
+                    FOREIGN KEY(thread_id) REFERENCES threads(id) ON DELETE CASCADE
+                );
 
-            CREATE TABLE IF NOT EXISTS messages (
-                id INTEGER PRIMARY KEY AUTOINCREMENT,
-                thread_id TEXT NOT NULL,
-                role TEXT NOT NULL,
-                content TEXT NOT NULL,
-                item_json TEXT,
-                created_at INTEGER NOT NULL,
-                FOREIGN KEY(thread_id) REFERENCES threads(id) ON DELETE CASCADE
-            );
-            CREATE INDEX IF NOT EXISTS idx_messages_thread_created_at ON messages(thread_id, created_at ASC);
+                CREATE TABLE IF NOT EXISTS messages (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    thread_id TEXT NOT NULL,
+                    role TEXT NOT NULL,
+                    content TEXT NOT NULL,
+                    item_json TEXT,
+                    created_at INTEGER NOT NULL,
+                    FOREIGN KEY(thread_id) REFERENCES threads(id) ON DELETE CASCADE
+                );
+                CREATE INDEX IF NOT EXISTS idx_messages_thread_created_at ON messages(thread_id, created_at ASC);
 
-            CREATE TABLE IF NOT EXISTS checkpoints (
-                thread_id TEXT NOT NULL,
-                checkpoint_id TEXT NOT NULL,
-                state_json TEXT NOT NULL,
-                created_at INTEGER NOT NULL,
-                PRIMARY KEY(thread_id, checkpoint_id),
-                FOREIGN KEY(thread_id) REFERENCES threads(id) ON DELETE CASCADE
-            );
-            CREATE INDEX IF NOT EXISTS idx_checkpoints_thread_created_at ON checkpoints(thread_id, created_at DESC);
+                CREATE TABLE IF NOT EXISTS checkpoints (
+                    thread_id TEXT NOT NULL,
+                    checkpoint_id TEXT NOT NULL,
+                    state_json TEXT NOT NULL,
+                    created_at INTEGER NOT NULL,
+                    PRIMARY KEY(thread_id, checkpoint_id),
+                    FOREIGN KEY(thread_id) REFERENCES threads(id) ON DELETE CASCADE
+                );
+                CREATE INDEX IF NOT EXISTS idx_checkpoints_thread_created_at ON checkpoints(thread_id, created_at DESC);
 
-            CREATE TABLE IF NOT EXISTS jobs (
-                id TEXT PRIMARY KEY,
-                name TEXT NOT NULL,
-                status TEXT NOT NULL,
-                progress INTEGER,
-                detail TEXT,
-                created_at INTEGER NOT NULL,
-                updated_at INTEGER NOT NULL
-            );
-            CREATE INDEX IF NOT EXISTS idx_jobs_updated_at ON jobs(updated_at DESC);
-            "#,
-        )
-        .context("failed to initialize thread schema")?;
+                CREATE TABLE IF NOT EXISTS jobs (
+                    id TEXT PRIMARY KEY,
+                    name TEXT NOT NULL,
+                    status TEXT NOT NULL,
+                    progress INTEGER,
+                    detail TEXT,
+                    created_at INTEGER NOT NULL,
+                    updated_at INTEGER NOT NULL
+                );
+                CREATE INDEX IF NOT EXISTS idx_jobs_updated_at ON jobs(updated_at DESC);
+
+                -- Add parent_entry_id column, and set to last message before current message
+                ALTER TABLE messages ADD COLUMN parent_entry_id INTEGER NULL;
+                UPDATE messages
+                    SET parent_entry_id = (
+                        SELECT m2.id
+                        FROM messages m2
+                        WHERE m2.created_at < messages.created_at AND m2.thread_id = messages.thread_id
+                        ORDER BY m2.created_at DESC
+                        LIMIT 1
+                    );
+                CREATE INDEX idx_messages_parent_entry_id ON messages(parent_entry_id);
+
+                -- Add current_leaf_id column, and set to last message in thread
+                ALTER TABLE threads ADD COLUMN current_leaf_id INTEGER NULL;
+                UPDATE threads
+                    SET current_leaf_id = (
+                        SELECT m.id
+                        FROM messages m
+                        WHERE m.thread_id = threads.id
+                        ORDER BY m.created_at DESC
+                        LIMIT 1
+                    );
+
+                PRAGMA user_version = 1;
+                "#,
+            )
+            .context("failed to initialize thread schema")?;
+        }
         Ok(())
     }
 
@@ -245,11 +275,11 @@ impl StateStore {
             INSERT INTO threads (
                 id, rollout_path, preview, ephemeral, model_provider, created_at, updated_at, status, path, cwd,
                 cli_version, source, title, sandbox_policy, approval_mode, archived, archived_at,
-                git_sha, git_branch, git_origin_url, memory_mode
+                git_sha, git_branch, git_origin_url, memory_mode, current_leaf_id
             ) VALUES (
                 ?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10,
                 ?11, ?12, ?13, ?14, ?15, ?16, ?17,
-                ?18, ?19, ?20, ?21
+                ?18, ?19, ?20, ?21, ?22
             )
             ON CONFLICT(id) DO UPDATE SET
                 rollout_path=excluded.rollout_path,
@@ -271,7 +301,8 @@ impl StateStore {
                 git_sha=excluded.git_sha,
                 git_branch=excluded.git_branch,
                 git_origin_url=excluded.git_origin_url,
-                memory_mode=excluded.memory_mode
+                memory_mode=excluded.memory_mode,
+                current_leaf_id=excluded.current_leaf_id
             "#,
             params![
                 thread.id,
@@ -295,6 +326,7 @@ impl StateStore {
                 thread.git_branch,
                 thread.git_origin_url,
                 thread.memory_mode,
+                thread.current_leaf_id,
             ],
         )
         .context("failed to upsert thread metadata")?;
@@ -314,7 +346,7 @@ impl StateStore {
             r#"
             SELECT id, rollout_path, preview, ephemeral, model_provider, created_at, updated_at, status, path, cwd,
                    cli_version, source, title, sandbox_policy, approval_mode, archived, archived_at,
-                   git_sha, git_branch, git_origin_url, memory_mode
+                   git_sha, git_branch, git_origin_url, memory_mode, current_leaf_id
             FROM threads
             WHERE id = ?1
             "#,
@@ -328,9 +360,9 @@ impl StateStore {
     pub fn list_threads(&self, filters: ThreadListFilters) -> Result<Vec<ThreadMetadata>> {
         let conn = self.conn()?;
         let sql = if filters.include_archived {
-            "SELECT id, rollout_path, preview, ephemeral, model_provider, created_at, updated_at, status, path, cwd, cli_version, source, title, sandbox_policy, approval_mode, archived, archived_at, git_sha, git_branch, git_origin_url, memory_mode FROM threads ORDER BY updated_at DESC LIMIT ?1"
+            "SELECT id, rollout_path, preview, ephemeral, model_provider, created_at, updated_at, status, path, cwd, cli_version, source, title, sandbox_policy, approval_mode, archived, archived_at, git_sha, git_branch, git_origin_url, memory_mode, current_leaf_id FROM threads ORDER BY updated_at DESC LIMIT ?1"
         } else {
-            "SELECT id, rollout_path, preview, ephemeral, model_provider, created_at, updated_at, status, path, cwd, cli_version, source, title, sandbox_policy, approval_mode, archived, archived_at, git_sha, git_branch, git_origin_url, memory_mode FROM threads WHERE archived = 0 ORDER BY updated_at DESC LIMIT ?1"
+            "SELECT id, rollout_path, preview, ephemeral, model_provider, created_at, updated_at, status, path, cwd, cli_version, source, title, sandbox_policy, approval_mode, archived, archived_at, git_sha, git_branch, git_origin_url, memory_mode, current_leaf_id FROM threads WHERE archived = 0 ORDER BY updated_at DESC LIMIT ?1"
         };
 
         let mut stmt = conn.prepare(sql).context("failed to prepare list query")?;
@@ -398,6 +430,54 @@ impl StateStore {
         .map(Option::flatten)
     }
 
+    pub fn list_leaf_messages(&self, thread_id: &str) -> Result<Vec<MessageRecord>> {
+        let conn = self.conn()?;
+        let mut stmt = conn
+            .prepare(
+                r#"
+                SELECT m1.id, m1.thread_id, m1.role, m1.content, m1.item_json, m1.created_at, m1.parent_entry_id
+                FROM messages m1
+                LEFT JOIN messages m2 ON m1.id = m2.parent_entry_id
+                WHERE m1.thread_id = ?1 AND m2.id IS NULL
+                "#,
+            )
+            .context("failed to prepare message listing query")?;
+        let mut rows = stmt
+            .query(params![thread_id])
+            .with_context(|| format!("failed to list leaf messages for thread {thread_id}"))?;
+        let mut out = Vec::new();
+        while let Some(row) = rows.next().context("failed to iterate message rows")? {
+            let item_json: Option<String> = row.get(4).context("failed to read item json")?;
+            let item = item_json
+                .as_deref()
+                .map(serde_json::from_str)
+                .transpose()
+                .with_context(|| {
+                    format!("failed to parse message item json in thread {thread_id}")
+                })?;
+            out.push(MessageRecord {
+                id: row.get(0).context("failed to read message id")?,
+                thread_id: row.get(1).context("failed to read message thread id")?,
+                role: row.get(2).context("failed to read message role")?,
+                content: row.get(3).context("failed to read message content")?,
+                item,
+                created_at: row.get(5).context("failed to read message timestamp")?,
+                parent_entry_id: row.get(6).context("failed to read parent entry id")?,
+            });
+        }
+        Ok(out)
+    }
+
+    pub fn set_current_leaf_id(&self, thread_id: &str, current_leaf_id: &str) -> Result<()> {
+        let conn = self.conn()?;
+        conn.execute(
+            "UPDATE threads SET current_leaf_id = ?1 WHERE id = ?2",
+            params![current_leaf_id, thread_id],
+        )
+        .context("failed to update thread current leaf id")?;
+        Ok(())
+    }
+
     pub fn persist_dynamic_tools(
         &self,
         thread_id: &str,
@@ -464,18 +544,51 @@ impl StateStore {
         content: &str,
         item: Option<Value>,
     ) -> Result<i64> {
-        let conn = self.conn()?;
+        let mut conn = self.conn()?;
         let created_at = Utc::now().timestamp();
         let item_json = item
             .as_ref()
             .map(serde_json::to_string)
             .transpose()
             .context("failed to serialize message item payload")?;
-        conn.execute(
-            "INSERT INTO messages(thread_id, role, content, item_json, created_at) VALUES (?1, ?2, ?3, ?4, ?5)",
-            params![thread_id, role, content, item_json, created_at],
+
+        let tx = conn
+            .transaction()
+            .context("failed to begin append message transaction")?;
+
+        let current_leaf_id: Option<i64> = tx
+            .query_row(
+                "SELECT current_leaf_id FROM threads WHERE id = ?1",
+                params![thread_id],
+                |row| row.get(0),
+            )
+            .with_context(|| {
+                format!("failed to query thread current leaf id for thread {thread_id}")
+            })?;
+
+        let next_leaf_id: i64 = tx.query_row(
+            r#"
+                INSERT INTO messages(thread_id, role, content, item_json, created_at, parent_entry_id)
+                SELECT ?1, ?2, ?3, ?4, ?5, ?6
+                RETURNING id
+            "#, params![thread_id, role, content, item_json, created_at, current_leaf_id], |row| row.get(0)
+        ).with_context(|| format!("failed to append message for thread {thread_id}"))?;
+
+        tx.execute(
+            r#"
+            UPDATE threads
+            SET current_leaf_id = ?1
+            WHERE id = ?2;
+            "#,
+            params![next_leaf_id, thread_id],
         )
-        .with_context(|| format!("failed to append message for thread {thread_id}"))?;
+        .with_context(|| {
+            format!("failed to update thread current leaf id for thread {thread_id}")
+        })?;
+
+        tx.commit()
+            .context("failed to commit append message transaction")?;
+
         Ok(conn.last_insert_rowid())
     }
 
@@ -488,11 +601,30 @@ impl StateStore {
         let limit = i64::try_from(limit.unwrap_or(500)).unwrap_or(500);
         let mut stmt = conn
             .prepare(
-                "SELECT id, thread_id, role, content, item_json, created_at FROM messages WHERE thread_id = ?1 ORDER BY created_at ASC LIMIT ?2",
+                r#"  
+                WITH RECURSIVE
+                    leaf_id AS (
+                        SELECT current_leaf_id FROM threads WHERE id = ?1
+                    ),
+                    ancestors AS (
+                        SELECT id, thread_id, role, content, item_json, created_at, parent_entry_id, 0 AS depth
+                        FROM messages
+                        WHERE id = (SELECT current_leaf_id FROM leaf_id)
+
+                        UNION ALL
+
+                        SELECT m.id, m.thread_id, m.role, m.content, m.item_json, m.created_at, m.parent_entry_id, a.depth + 1
+                        FROM messages m
+                        JOIN ancestors a ON m.id = a.parent_entry_id
+                        WHERE a.depth < ?2
+                    )
+                    SELECT id, thread_id, role, content, item_json, created_at, parent_entry_id FROM ancestors
+                    ORDER BY depth ASC
+                "#
             )
             .context("failed to prepare message listing query")?;
         let mut rows = stmt
-            .query(params![thread_id, limit])
+            .query(params![thread_id, limit - 1])
             .with_context(|| format!("failed to list messages for thread {thread_id}"))?;
         let mut out = Vec::new();
         while let Some(row) = rows.next().context("failed to iterate message rows")? {
@@ -511,11 +643,68 @@ impl StateStore {
                 content: row.get(3).context("failed to read message content")?,
                 item,
                 created_at: row.get(5).context("failed to read message timestamp")?,
+                parent_entry_id: row.get(6).context("failed to read parent entry id")?,
             });
         }
         Ok(out)
     }
 
+    pub fn fork_at_message(
+        &self,
+        message_id: &str,
+        role: &str,
+        content: &str,
+        item: Option<Value>,
+    ) -> Result<i64> {
+        let mut conn = self.conn()?;
+        let created_at = Utc::now().timestamp();
+        let item_json = item
+            .as_ref()
+            .map(serde_json::to_string)
+            .transpose()
+            .context("failed to serialize message item payload")?;
+
+        let tx = conn
+            .transaction()
+            .context("failed to begin fork message transaction")?;
+
+        let thread_id: Option<String> = tx
+            .query_row(
+                "SELECT thread_id FROM messages WHERE id = ?1",
+                params![message_id],
+                |row| row.get(0),
+            )
+            .with_context(|| format!("failed to query thread id for message {message_id}"))?;
+
+        let next_leaf_id: i64 = tx.query_row(
+            r#"
+                INSERT INTO messages(thread_id, role, content, item_json, created_at, parent_entry_id)
+                SELECT ?1, ?2, ?3, ?4, ?5, ?6
+                RETURNING id
+            "#, params![thread_id, role, content, item_json, created_at, message_id], |row| row.get(0)
+        ).with_context(|| format!("failed to fork at message for thread {:?}", thread_id))?;
+
+        tx.execute(
+            r#"
+            UPDATE threads
+            SET current_leaf_id = ?1
+            WHERE id = ?2;
+            "#,
+            params![next_leaf_id, thread_id],
+        )
+        .with_context(|| {
+            format!(
+                "failed to update thread current leaf id for thread {:?}",
+                thread_id
+            )
+        })?;
+
+        tx.commit()
+            .context("failed to commit fork message transaction")?;
+
+        Ok(next_leaf_id)
+    }
+
     pub fn clear_messages(&self, thread_id: &str) -> Result<usize> {
         let conn = self.conn()?;
         conn.execute(
@@ -946,5 +1135,6 @@ fn row_to_thread(row: &rusqlite::Row<'_>) -> rusqlite::Result<ThreadMetadata> {
         git_branch: row.get(18)?,
         git_origin_url: row.get(19)?,
         memory_mode: row.get(20)?,
+        current_leaf_id: row.get(21)?,
     })
 }
diff --git a/crates/state/tests/parity_state.rs b/crates/state/tests/parity_state.rs
index d666f50b..cee9192a 100644
--- a/crates/state/tests/parity_state.rs
+++ b/crates/state/tests/parity_state.rs
@@ -1,6 +1,7 @@
 use std::path::PathBuf;
 
 use codewhale_state::{SessionSource, StateStore, ThreadListFilters, ThreadMetadata, ThreadStatus};
+use rusqlite::Connection;
 
 fn temp_state_path(label: &str) -> PathBuf {
     std::env::temp_dir().join(format!(
@@ -38,6 +39,7 @@ fn upsert_and_resume_thread_metadata() {
         git_branch: None,
         git_origin_url: None,
         memory_mode: Some("extended".to_string()),
+        current_leaf_id: None,
     };
     store.upsert_thread(&thread).expect("upsert thread");
 
@@ -70,3 +72,196 @@ fn upsert_and_resume_thread_metadata() {
         .expect("list threads");
     assert!(!listed.is_empty());
 }
+
+#[test]
+fn init_schema_migration() {
+    let path = temp_state_path("init_schema_migration");
+    let conn = Connection::open(&path).expect("open state db");
+    conn.execute_batch(
+        r#"
+        CREATE TABLE IF NOT EXISTS threads (
+            id TEXT PRIMARY KEY,
+            rollout_path TEXT,
+            preview TEXT NOT NULL,
+            ephemeral INTEGER NOT NULL,
+            model_provider TEXT NOT NULL,
+            created_at INTEGER NOT NULL,
+            updated_at INTEGER NOT NULL,
+            status TEXT NOT NULL,
+            path TEXT,
+            cwd TEXT NOT NULL,
+            cli_version TEXT NOT NULL,
+            source TEXT NOT NULL,
+            title TEXT,
+            sandbox_policy TEXT,
+            approval_mode TEXT,
+            archived INTEGER NOT NULL DEFAULT 0,
+            archived_at INTEGER,
+            git_sha TEXT,
+            git_branch TEXT,
+            git_origin_url TEXT,
+            memory_mode TEXT
+        );
+        CREATE TABLE IF NOT EXISTS messages (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            thread_id TEXT NOT NULL,
+            role TEXT NOT NULL,
+            content TEXT NOT NULL,
+            item_json TEXT,
+            created_at INTEGER NOT NULL,
+            FOREIGN KEY(thread_id) REFERENCES threads(id) ON DELETE CASCADE
+        );
+        INSERT INTO threads (
+            id, preview, ephemeral, model_provider, created_at, updated_at, status, cwd, cli_version, source, archived
+        )
+        VALUES (
+            'thread-test-1', 'hello', false, 'deepseek', 0, 0, 'running', '/tmp/project', '0.0.0-test', 'interactive', false
+        );
+        INSERT INTO messages (thread_id, role, content, created_at) VALUES 
+        ('thread-test-1', 'foo0', 'bar0', 0),
+        ('thread-test-1', 'foo1', 'bar1', 1),
+        ('thread-test-1', 'foo2', 'bar2', 2);
+        "#,
+    )
+    .expect("init schema migration");
+
+    let store = StateStore::open(Some(path.clone())).expect("open state store");
+    let thread = store
+        .get_thread("thread-test-1")
+        .expect("read thread")
+        .unwrap();
+    assert_eq!(thread.id, "thread-test-1");
+    assert_eq!(thread.preview, "hello");
+    assert!(!thread.ephemeral);
+    assert_eq!(thread.model_provider, "deepseek");
+    assert_eq!(thread.created_at, 0);
+    assert_eq!(thread.updated_at, 0);
+    assert_eq!(thread.status, ThreadStatus::Running);
+    assert_eq!(thread.cwd, PathBuf::from("/tmp/project"));
+    assert_eq!(thread.cli_version, "0.0.0-test");
+    assert_eq!(thread.source, SessionSource::Interactive);
+    assert!(thread.current_leaf_id.is_some());
+
+    let messages = store
+        .list_messages("thread-test-1", None)
+        .expect("list messages");
+    assert_eq!(messages.len(), 3);
+    for (i, message) in messages.iter().enumerate() {
+        assert_eq!(message.thread_id, "thread-test-1");
+        assert_eq!(message.role, format!("foo{}", 2 - i));
+        assert_eq!(message.content, format!("bar{}", 2 - i));
+        assert_eq!(message.created_at, 2 - i as i64);
+    }
+
+    // Test idempotent
+    StateStore::open(Some(path.clone())).expect("open state store");
+}
+
+#[test]
+fn test_fork() {
+    let path = temp_state_path("test_fork");
+    let store = StateStore::open(Some(path.clone())).expect("open state store");
+    let now = chrono::Utc::now().timestamp();
+    let thread = ThreadMetadata {
+        id: "thread-test-1".to_string(),
+        rollout_path: Some(PathBuf::from("/tmp/rollout.jsonl")),
+        preview: "hello".to_string(),
+        ephemeral: false,
+        model_provider: "deepseek".to_string(),
+        created_at: now,
+        updated_at: now,
+        status: ThreadStatus::Running,
+        path: Some(PathBuf::from("/tmp/project")),
+        cwd: PathBuf::from("/tmp/project"),
+        cli_version: "0.0.0-test".to_string(),
+        source: SessionSource::Interactive,
+        name: Some("Test Thread".to_string()),
+        sandbox_policy: Some("workspace-write".to_string()),
+        approval_mode: Some("on-request".to_string()),
+        archived: false,
+        archived_at: None,
+        git_sha: None,
+        git_branch: None,
+        git_origin_url: None,
+        memory_mode: Some("extended".to_string()),
+        current_leaf_id: None,
+    };
+
+    store.upsert_thread(&thread).expect("upsert thread");
+    store
+        .append_message("thread-test-1", "foo0", "bar0", None)
+        .expect("append message");
+    store
+        .append_message("thread-test-1", "foo1", "bar1", None)
+        .expect("append message");
+    store
+        .append_message("thread-test-1", "foo2", "bar2", None)
+        .expect("append message");
+    store
+        .append_message("thread-test-1", "foo3", "bar3", None)
+        .expect("append message");
+    store
+        .append_message("thread-test-1", "foo4", "bar4", None)
+        .expect("append message");
+
+    let messages = store
+        .list_messages("thread-test-1", None)
+        .expect("list messages");
+    assert_eq!(messages.len(), 5);
+    let ids = messages
+        .iter()
+        .enumerate()
+        .map(|(i, message)| {
+            assert_eq!(message.thread_id, "thread-test-1");
+            assert_eq!(message.role, format!("foo{}", 4 - i));
+            assert_eq!(message.content, format!("bar{}", 4 - i));
+            message.id.to_string()
+        })
+        .collect::<Vec<_>>();
+
+    store
+        .fork_at_message(&ids[2], "foo5", "bar5", None)
+        .expect("fork at message");
+    let messages = store
+        .list_messages("thread-test-1", None)
+        .expect("list messages");
+    assert_eq!(messages.len(), 4);
+    const LIST_1: [i64; 4] = [5, 2, 1, 0];
+    messages
+        .iter()
+        .zip(LIST_1.iter())
+        .for_each(|(message, &i)| {
+            assert_eq!(message.thread_id, "thread-test-1");
+            assert_eq!(message.role, format!("foo{}", i));
+            assert_eq!(message.content, format!("bar{}", i));
+        });
+    let leaves = store
+        .list_leaf_messages("thread-test-1")
+        .expect("list leaf messages");
+    assert_eq!(leaves.len(), 2);
+
+    store
+        .set_current_leaf_id("thread-test-1", &ids[0])
+        .expect("set current leaf id");
+    store
+        .append_message("thread-test-1", "foo6", "bar6", None)
+        .expect("append message");
+    let messages = store
+        .list_messages("thread-test-1", None)
+        .expect("list messages");
+    assert_eq!(messages.len(), 6);
+    const LIST_2: [i64; 6] = [6, 4, 3, 2, 1, 0];
+    messages
+        .iter()
+        .zip(LIST_2.iter())
+        .for_each(|(message, &i)| {
+            assert_eq!(message.thread_id, "thread-test-1");
+            assert_eq!(message.role, format!("foo{}", i));
+            assert_eq!(message.content, format!("bar{}", i));
+        });
+
+    let leaves = store
+        .list_leaf_messages("thread-test-1")
+        .expect("list leaf messages");
+    assert_eq!(leaves.len(), 2);
+}

From 042b4b2f5005d785d8b97ecb545e55e965029f46 Mon Sep 17 00:00:00 2001
From: hqt <you@example.com>
Date: Thu, 28 May 2026 17:32:51 +0800
Subject: [PATCH 237/283] fix: fix sort of  list_messages to ASC, use id to
 sort and use transaction in init, update tests

---
 crates/state/src/lib.rs            | 12 +++++++-----
 crates/state/tests/parity_state.rs | 16 ++++++++--------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/crates/state/src/lib.rs b/crates/state/src/lib.rs
index 7347245d..589ae423 100644
--- a/crates/state/src/lib.rs
+++ b/crates/state/src/lib.rs
@@ -168,6 +168,7 @@ impl StateStore {
         if user_version == 0 {
             conn.execute_batch(
                 r#"
+                BEGIN;
                 CREATE TABLE IF NOT EXISTS threads (
                     id TEXT PRIMARY KEY,
                     rollout_path TEXT,
@@ -244,7 +245,7 @@ impl StateStore {
                         SELECT m2.id
                         FROM messages m2
                         WHERE m2.created_at < messages.created_at AND m2.thread_id = messages.thread_id
-                        ORDER BY m2.created_at DESC
+                        ORDER BY m2.id DESC
                         LIMIT 1
                     );
                 CREATE INDEX idx_messages_parent_entry_id ON messages(parent_entry_id);
@@ -256,11 +257,12 @@ impl StateStore {
                         SELECT m.id
                         FROM messages m
                         WHERE m.thread_id = threads.id
-                        ORDER BY m.created_at DESC
+                        ORDER BY m.id DESC
                         LIMIT 1
                     );
 
                 PRAGMA user_version = 1;
+                COMMIT;
                 "#,
             )
             .context("failed to initialize thread schema")?;
@@ -589,7 +591,7 @@ impl StateStore {
         tx.commit()
             .context("failed to commit append message transaction")?;
 
-        Ok(conn.last_insert_rowid())
+        Ok(next_leaf_id)
     }
 
     pub fn list_messages(
@@ -619,7 +621,7 @@ impl StateStore {
                         WHERE a.depth < ?2
                     )
                     SELECT id, thread_id, role, content, item_json, created_at, parent_entry_id FROM ancestors
-                    ORDER BY depth ASC
+                    ORDER BY depth DESC
                 "#
             )
             .context("failed to prepare message listing query")?;
@@ -668,7 +670,7 @@ impl StateStore {
             .transaction()
             .context("failed to begin fork message transaction")?;
 
-        let thread_id: Option<String> = tx
+        let thread_id: String = tx
             .query_row(
                 "SELECT thread_id FROM messages WHERE id = ?1",
                 params![message_id],
diff --git a/crates/state/tests/parity_state.rs b/crates/state/tests/parity_state.rs
index cee9192a..96ae2b7d 100644
--- a/crates/state/tests/parity_state.rs
+++ b/crates/state/tests/parity_state.rs
@@ -148,9 +148,9 @@ fn init_schema_migration() {
     assert_eq!(messages.len(), 3);
     for (i, message) in messages.iter().enumerate() {
         assert_eq!(message.thread_id, "thread-test-1");
-        assert_eq!(message.role, format!("foo{}", 2 - i));
-        assert_eq!(message.content, format!("bar{}", 2 - i));
-        assert_eq!(message.created_at, 2 - i as i64);
+        assert_eq!(message.role, format!("foo{}", i));
+        assert_eq!(message.content, format!("bar{}", i));
+        assert_eq!(message.created_at, i as i64);
     }
 
     // Test idempotent
@@ -213,8 +213,8 @@ fn test_fork() {
         .enumerate()
         .map(|(i, message)| {
             assert_eq!(message.thread_id, "thread-test-1");
-            assert_eq!(message.role, format!("foo{}", 4 - i));
-            assert_eq!(message.content, format!("bar{}", 4 - i));
+            assert_eq!(message.role, format!("foo{}", i));
+            assert_eq!(message.content, format!("bar{}", i));
             message.id.to_string()
         })
         .collect::<Vec<_>>();
@@ -226,7 +226,7 @@ fn test_fork() {
         .list_messages("thread-test-1", None)
         .expect("list messages");
     assert_eq!(messages.len(), 4);
-    const LIST_1: [i64; 4] = [5, 2, 1, 0];
+    const LIST_1: [i64; 4] = [0, 1, 2, 5];
     messages
         .iter()
         .zip(LIST_1.iter())
@@ -241,7 +241,7 @@ fn test_fork() {
     assert_eq!(leaves.len(), 2);
 
     store
-        .set_current_leaf_id("thread-test-1", &ids[0])
+        .set_current_leaf_id("thread-test-1", &ids[4])
         .expect("set current leaf id");
     store
         .append_message("thread-test-1", "foo6", "bar6", None)
@@ -250,7 +250,7 @@ fn test_fork() {
         .list_messages("thread-test-1", None)
         .expect("list messages");
     assert_eq!(messages.len(), 6);
-    const LIST_2: [i64; 6] = [6, 4, 3, 2, 1, 0];
+    const LIST_2: [i64; 6] = [0, 1, 2, 3, 4, 6];
     messages
         .iter()
         .zip(LIST_2.iter())

From 72798e5b694faad86f34d125ae12a22d67192010 Mon Sep 17 00:00:00 2001
From: hqt <you@example.com>
Date: Thu, 28 May 2026 18:12:09 +0800
Subject: [PATCH 238/283] fix: upsert_thread will not set current_leaf_id now,
 clear_messages will also clean current_leaf_id, update tests

---
 crates/state/src/lib.rs            | 37 ++++++++++++++++++++++--------
 crates/state/tests/parity_state.rs | 16 +++++++++++++
 2 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/crates/state/src/lib.rs b/crates/state/src/lib.rs
index 589ae423..7d4eace8 100644
--- a/crates/state/src/lib.rs
+++ b/crates/state/src/lib.rs
@@ -270,6 +270,7 @@ impl StateStore {
         Ok(())
     }
 
+    /// Upsert thread metadata(will not set current_leaf_id)
     pub fn upsert_thread(&self, thread: &ThreadMetadata) -> Result<()> {
         let conn = self.conn()?;
         conn.execute(
@@ -277,11 +278,11 @@ impl StateStore {
             INSERT INTO threads (
                 id, rollout_path, preview, ephemeral, model_provider, created_at, updated_at, status, path, cwd,
                 cli_version, source, title, sandbox_policy, approval_mode, archived, archived_at,
-                git_sha, git_branch, git_origin_url, memory_mode, current_leaf_id
+                git_sha, git_branch, git_origin_url, memory_mode
             ) VALUES (
                 ?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10,
                 ?11, ?12, ?13, ?14, ?15, ?16, ?17,
-                ?18, ?19, ?20, ?21, ?22
+                ?18, ?19, ?20, ?21
             )
             ON CONFLICT(id) DO UPDATE SET
                 rollout_path=excluded.rollout_path,
@@ -303,8 +304,7 @@ impl StateStore {
                 git_sha=excluded.git_sha,
                 git_branch=excluded.git_branch,
                 git_origin_url=excluded.git_origin_url,
-                memory_mode=excluded.memory_mode,
-                current_leaf_id=excluded.current_leaf_id
+                memory_mode=excluded.memory_mode
             "#,
             params![
                 thread.id,
@@ -328,7 +328,6 @@ impl StateStore {
                 thread.git_branch,
                 thread.git_origin_url,
                 thread.memory_mode,
-                thread.current_leaf_id,
             ],
         )
         .context("failed to upsert thread metadata")?;
@@ -708,12 +707,32 @@ impl StateStore {
     }
 
     pub fn clear_messages(&self, thread_id: &str) -> Result<usize> {
-        let conn = self.conn()?;
-        conn.execute(
-            "DELETE FROM messages WHERE thread_id = ?1",
+        let mut conn = self.conn()?;
+        let tx = conn
+            .transaction()
+            .context("failed to begin clear messages transaction")?;
+
+        tx.execute(
+            r#"
+            UPDATE threads
+            SET current_leaf_id = NULL
+            WHERE id = ?1;
+            "#,
             params![thread_id],
         )
-        .with_context(|| format!("failed to clear messages for thread {thread_id}"))
+        .with_context(|| format!("failed to clear messages for thread {thread_id}"))?;
+        let result = tx
+            .execute(
+                r#"
+                DELETE FROM messages WHERE thread_id = ?1
+                "#,
+                params![thread_id],
+            )
+            .with_context(|| format!("failed to clear messages for thread {thread_id}"))?;
+        tx.commit()
+            .context("failed to commit clear messages transaction")?;
+
+        Ok(result)
     }
 
     pub fn save_checkpoint(
diff --git a/crates/state/tests/parity_state.rs b/crates/state/tests/parity_state.rs
index 96ae2b7d..70bbe661 100644
--- a/crates/state/tests/parity_state.rs
+++ b/crates/state/tests/parity_state.rs
@@ -219,6 +219,8 @@ fn test_fork() {
         })
         .collect::<Vec<_>>();
 
+    store.upsert_thread(&thread).expect("upsert thread");
+
     store
         .fork_at_message(&ids[2], "foo5", "bar5", None)
         .expect("fork at message");
@@ -264,4 +266,18 @@ fn test_fork() {
         .list_leaf_messages("thread-test-1")
         .expect("list leaf messages");
     assert_eq!(leaves.len(), 2);
+
+    store
+        .clear_messages("thread-test-1")
+        .expect("clear messages");
+    let leaves = store
+        .list_leaf_messages("thread-test-1")
+        .expect("list leaf messages");
+    assert_eq!(leaves.len(), 0);
+    let thread = store
+        .get_thread("thread-test-1")
+        .expect("get thread")
+        .unwrap();
+    dbg!(&thread);
+    assert!(thread.current_leaf_id.is_none());
 }

From 0c446bf4c52a31308193173970f2c239e0f595bf Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Tue, 26 May 2026 23:54:08 -0500
Subject: [PATCH 239/283] fix(tui): pin header to absolute top row with
 defensive two-pass layout

The header bar was reported to appear vertically centered on macOS
Terminal.app with large blank space above and below. While the existing
Constraint::Min(1) layout with default Flex::Start should place the
header at row 0, some ratatui/flex interactions can produce unexpected
centering on certain terminal sizes.

Restructure the render layout into a defensive two-pass system:
1. First pass: split the terminal into header (Length(1)) + body (Min(1))
   with explicit Flex::Start, pinning the header to the absolute top.
2. Second pass: split the body area for chat, preview, composer, footer.

This guarantees the header is never vertically centered regardless of
ratatui Flex defaults or terminal dimensions.

Fixes #1834
---
 crates/tui/src/tui/ui.rs | 49 ++++++++++++++++++++++++++--------------
 1 file changed, 32 insertions(+), 17 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 9cb5b5a9..c5d03744 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -5863,7 +5863,6 @@ fn render(f: &mut Frame, app: &mut App) {
 
     let header_height = 1;
     let footer_height = 1;
-    let body_height = size.height.saturating_sub(header_height + footer_height);
     let slash_menu_entries = visible_slash_menu_entries(app, SLASH_MENU_LIMIT);
     let mention_menu_entries =
         crate::tui::file_mention::visible_mention_menu_entries(app, MENTION_MENU_LIMIT);
@@ -5871,8 +5870,24 @@ fn render(f: &mut Frame, app: &mut App) {
         app.mention_menu_selected = mention_menu_entries.len().saturating_sub(1);
     }
     let context_usage = context_usage_snapshot(app);
+
+    // Defensive two-pass layout: pin the header to the absolute top row,
+    // then split the remaining body area for chat / preview / composer /
+    // footer. This guarantees the header is never vertically centered
+    // regardless of ratatui Flex defaults or terminal size.
+    // Fixes #1834 — macOS terminal title centering.
+    let (header_area, body_area) = {
+        let split = Layout::default()
+            .direction(Direction::Vertical)
+            .flex(ratatui::layout::Flex::Start)
+            .constraints([Constraint::Length(header_height), Constraint::Min(1)])
+            .split(size);
+        (split[0], split[1])
+    };
+
+    let body_height = body_area.height;
     let composer_max_height = body_height
-        .saturating_sub(MIN_CHAT_HEIGHT)
+        .saturating_sub(MIN_CHAT_HEIGHT + footer_height)
         .max(MIN_COMPOSER_HEIGHT);
     let composer_height = {
         let composer_widget = ComposerWidget::new(
@@ -5891,16 +5906,16 @@ fn render(f: &mut Frame, app: &mut App) {
     let pending_preview = build_pending_input_preview(app);
     let preview_height = pending_preview.desired_height(size.width);
 
-    let chunks = Layout::default()
+    let body_chunks = Layout::default()
         .direction(Direction::Vertical)
+        .flex(ratatui::layout::Flex::Start)
         .constraints([
-            Constraint::Length(header_height),   // Header
             Constraint::Min(1),                  // Chat area
             Constraint::Length(preview_height),  // Pending input preview (0 if empty)
             Constraint::Length(composer_height), // Composer
             Constraint::Length(footer_height),   // Footer
         ])
-        .split(size);
+        .split(body_area);
 
     // Render header
     {
@@ -5960,7 +5975,7 @@ fn render(f: &mut Frame, app: &mut App) {
         ));
         let header_widget = HeaderWidget::new(header_data);
         let buf = f.buffer_mut();
-        header_widget.render(chunks[0], buf);
+        header_widget.render(header_area, buf);
     }
 
     // Render chat + sidebar + optional file-tree pane
@@ -5971,19 +5986,19 @@ fn render(f: &mut Frame, app: &mut App) {
         // resize) don't retain stale content from a previous frame.
         Block::default()
             .style(Style::default().bg(app.ui_theme.surface_bg))
-            .render(chunks[1], f.buffer_mut());
+            .render(body_chunks[0], f.buffer_mut());
 
         let mut sidebar_area = None;
 
         // When the file-tree pane is visible and the terminal is wide
         // enough, reserve the left ~25% for the file tree.
         let mut chat_area =
-            if app.file_tree.is_some() && chunks[1].width >= SIDEBAR_VISIBLE_MIN_WIDTH {
+            if app.file_tree.is_some() && body_chunks[0].width >= SIDEBAR_VISIBLE_MIN_WIDTH {
                 app.file_tree_visible = true;
                 let split = Layout::default()
                     .direction(Direction::Horizontal)
                     .constraints([Constraint::Percentage(25), Constraint::Percentage(75)])
-                    .split(chunks[1]);
+                    .split(body_chunks[0]);
                 let tree_area = split[0];
                 let remaining = split[1];
 
@@ -5995,7 +6010,7 @@ fn render(f: &mut Frame, app: &mut App) {
                 remaining
             } else {
                 app.file_tree_visible = false;
-                chunks[1]
+                body_chunks[0]
             };
 
         if let Some(sidebar_width) = sidebar_width_for_chat_area(app, chat_area.width) {
@@ -6047,7 +6062,7 @@ fn render(f: &mut Frame, app: &mut App) {
     // Render pending-input preview (queued/steered messages, if any).
     if preview_height > 0 {
         let buf = f.buffer_mut();
-        pending_preview.render(chunks[2], buf);
+        pending_preview.render(body_chunks[1], buf);
     }
 
     // Render composer
@@ -6059,12 +6074,12 @@ fn render(f: &mut Frame, app: &mut App) {
             &mention_menu_entries,
         );
         let buf = f.buffer_mut();
-        composer_widget.render(chunks[3], buf);
-        composer_widget.cursor_pos(chunks[3])
+        composer_widget.render(body_chunks[2], buf);
+        composer_widget.cursor_pos(body_chunks[2])
     };
-    app.viewport.last_composer_area = Some(chunks[3]);
+    app.viewport.last_composer_area = Some(body_chunks[2]);
     {
-        let area = chunks[3];
+        let area = body_chunks[2];
         let has_panel = app.composer_border && area.height >= 3 && area.width >= 12;
         let inner = if has_panel {
             ratatui::widgets::Block::default()
@@ -6108,11 +6123,11 @@ fn render(f: &mut Frame, app: &mut App) {
     }
 
     // Render footer
-    render_footer(f, chunks[4], app);
+    render_footer(f, body_chunks[3], app);
     // Toast stack overlay (#439): when multiple status toasts are queued,
     // surface the older ones as a 1-2 line strip above the footer so a
     // burst of events isn't collapsed to a single visible message.
-    render_toast_stack_overlay(f, size, chunks[3], chunks[4], app);
+    render_toast_stack_overlay(f, size, body_chunks[2], body_chunks[3], app);
 
     // Decision card overlay (v0.8.43 truth-surface). When a decision card is
     // active, render it centered on top of the transcript.

From 95a737b592147f9dffd4ab94e481c0cc432ad899 Mon Sep 17 00:00:00 2001
From: liushiao <liushiao@bytedance.com>
Date: Wed, 27 May 2026 11:47:03 +0800
Subject: [PATCH 240/283] fix(tui): clear footer row before rendering
 statusline

---
 crates/tui/src/tui/widgets/footer.rs | 43 +++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/tui/widgets/footer.rs b/crates/tui/src/tui/widgets/footer.rs
index 27f13aa7..6efdfb94 100644
--- a/crates/tui/src/tui/widgets/footer.rs
+++ b/crates/tui/src/tui/widgets/footer.rs
@@ -11,7 +11,7 @@ use ratatui::{
     layout::Rect,
     style::{Color, Style},
     text::{Line, Span},
-    widgets::{Paragraph, Widget},
+    widgets::{Block, Paragraph, Widget},
 };
 use unicode_width::UnicodeWidthStr;
 
@@ -573,6 +573,13 @@ impl Renderable for FooterWidget {
             return;
         }
 
+        // Repaint the whole footer row first so stale transcript glyphs from
+        // the previous frame cannot survive in cells this frame's spans do not
+        // touch (#2244).
+        Block::default()
+            .style(Style::default().bg(self.props.footer_bg))
+            .render(area, buf);
+
         let preview_left_spans = self.left_spans(available_width);
         let preview_left_width = span_width(&preview_left_spans);
         let right_budget = available_width
@@ -652,6 +659,8 @@ mod tests {
     use crate::palette;
     use crate::tui::app::{App, AppMode, TuiOptions};
     use ratatui::{
+        buffer::Buffer,
+        layout::Rect,
         style::{Color, Style},
         text::Span,
     };
@@ -1377,4 +1386,36 @@ mod tests {
         assert!(!rendered.contains("agent"));
         assert!(!rendered.contains("deepseek-v4-flash"));
     }
+
+    #[test]
+    fn render_clears_stale_cells_across_entire_footer_row() {
+        let app = make_app();
+        let widget = FooterWidget::new(idle_props_for(&app));
+        let area = Rect::new(0, 0, 48, 1);
+        let mut buf = Buffer::empty(area);
+
+        for x in area.x..area.x.saturating_add(area.width) {
+            buf[(x, area.y)]
+                .set_symbol("X")
+                .set_style(Style::default().fg(Color::Red).bg(Color::Blue));
+        }
+
+        widget.render(area, &mut buf);
+
+        let rendered: String = (area.x..area.x.saturating_add(area.width))
+            .map(|x| buf[(x, area.y)].symbol())
+            .collect();
+
+        assert!(
+            !rendered.contains('X'),
+            "footer render must clear stale row content before painting: {rendered:?}"
+        );
+        for x in area.x..area.x.saturating_add(area.width) {
+            assert_eq!(
+                buf[(x, area.y)].bg,
+                app.ui_theme.footer_bg,
+                "footer background should cover the full row"
+            );
+        }
+    }
 }

From a800f7469e22bd8cc02cdc7908f63e08e72426d5 Mon Sep 17 00:00:00 2001
From: liushiao <liushiao@bytedance.com>
Date: Wed, 27 May 2026 12:08:09 +0800
Subject: [PATCH 241/283] fix(tui): clear footer cells before rendering spans

---
 crates/tui/src/tui/widgets/footer.rs | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/crates/tui/src/tui/widgets/footer.rs b/crates/tui/src/tui/widgets/footer.rs
index 6efdfb94..d049c0c8 100644
--- a/crates/tui/src/tui/widgets/footer.rs
+++ b/crates/tui/src/tui/widgets/footer.rs
@@ -11,7 +11,7 @@ use ratatui::{
     layout::Rect,
     style::{Color, Style},
     text::{Line, Span},
-    widgets::{Block, Paragraph, Widget},
+    widgets::{Paragraph, Widget},
 };
 use unicode_width::UnicodeWidthStr;
 
@@ -573,12 +573,16 @@ impl Renderable for FooterWidget {
             return;
         }
 
-        // Repaint the whole footer row first so stale transcript glyphs from
+        // Clear the whole footer row first so stale transcript glyphs from
         // the previous frame cannot survive in cells this frame's spans do not
         // touch (#2244).
-        Block::default()
-            .style(Style::default().bg(self.props.footer_bg))
-            .render(area, buf);
+        for y in area.top()..area.bottom() {
+            for x in area.left()..area.right() {
+                buf[(x, y)]
+                    .set_symbol(" ")
+                    .set_style(Style::default().bg(self.props.footer_bg));
+            }
+        }
 
         let preview_left_spans = self.left_spans(available_width);
         let preview_left_width = span_width(&preview_left_spans);

From d31caf40c5dfb407a9f82ae9ce5b3a332d10c33c Mon Sep 17 00:00:00 2001
From: hexin <he.xin@h3c.com>
Date: Wed, 27 May 2026 11:07:18 +0800
Subject: [PATCH 242/283] fix(web_search): decode HTML entities in Bing result
 URLs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bing wraps every SERP result URL in a `/ck/a?...&u=<base64>` click-tracking
redirect, and in the raw HTML the separators are `&amp;` entities.
normalize_bing_url parsed the href without decoding entities first, so
extract_query_param looked for `u` while the actual key was `amp;u`. The
base64 redirect target was never recovered: every result collapsed to a
`bing.com` root domain, is_likely_spam_results rejected the whole batch,
and Bing — the default backend — returned zero results.

Decode HTML entities before extracting the redirect target. Adds a
regression test.
---
 crates/tui/src/tools/web_search.rs | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/tools/web_search.rs b/crates/tui/src/tools/web_search.rs
index 16c7b632..b5cc1e4e 100644
--- a/crates/tui/src/tools/web_search.rs
+++ b/crates/tui/src/tools/web_search.rs
@@ -901,6 +901,14 @@ fn normalize_url(href: &str) -> String {
 }
 
 fn normalize_bing_url(href: &str) -> String {
+    // Bing wraps every SERP result URL in a `/ck/a?...&u=<base64>` click-tracking
+    // redirect, and in the raw HTML the separators are `&amp;` entities. Without
+    // decoding entities first, `extract_query_param` looks for `u` but the actual
+    // key is `amp;u`, so the real URL is never recovered: every result collapses to
+    // a `bing.com` root domain, which the spam heuristic then rejects — yielding
+    // zero results for the default Bing backend. Decode entities before parsing.
+    let href = decode_html_entities(href);
+    let href = href.as_str();
     if let Some(encoded) = extract_query_param(href, "u") {
         let decoded = percent_decode(&encoded);
         let token = decoded.strip_prefix("a1").unwrap_or(&decoded);
@@ -1027,11 +1035,22 @@ fn extract_query_param(url: &str, key: &str) -> Option<String> {
 mod tests {
     use super::{
         ERROR_BODY_PREVIEW_BYTES, WebSearchEntry, WebSearchTool, decode_html_entities,
-        extract_search_query, is_likely_spam_results, optional_search_max_results, root_domain,
-        sanitize_error_body, truncate_error_body,
+        extract_search_query, is_likely_spam_results, normalize_bing_url,
+        optional_search_max_results, root_domain, sanitize_error_body, truncate_error_body,
     };
     use serde_json::json;
 
+    // Regression guard: Bing /ck/a redirect hrefs are HTML-entity-encoded
+    // (`&amp;`). normalize_bing_url must decode entities before extracting the
+    // `u=` base64 payload, otherwise the real URL is never recovered and the
+    // result's root domain collapses to bing.com (then dropped as spam → 0
+    // results for the default Bing backend).
+    #[test]
+    fn bing_ckurl_with_html_entities_decodes_real_url() {
+        let href = "https://www.bing.com/ck/a?!&amp;&amp;p=abc&amp;u=a1aHR0cHM6Ly9ydXN0LWxhbmcub3JnLw&amp;ntb=1";
+        assert_eq!(normalize_bing_url(href), "https://rust-lang.org/");
+    }
+
     fn entry(url: &str) -> WebSearchEntry {
         WebSearchEntry {
             title: "x".into(),

From d7b6c80ec86021a7a5b6b522a29a8665847e76b3 Mon Sep 17 00:00:00 2001
From: hexin <he.xin@h3c.com>
Date: Fri, 29 May 2026 17:19:13 +0800
Subject: [PATCH 243/283] fix(fetch_url): optionally trust fake-ip placeholder
 ranges to avoid SSRF false-positives
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The DNS-resolution SSRF guard in `validate_dns_resolved_ip` rejects any
hostname that resolves into a restricted IP range. Under a transparent-proxy
/ TUN setup running in `fake-ip` mode, the local resolver maps *every*
hostname to a reserved placeholder range (commonly `198.18.0.0/15`), so the
guard rejects all outbound `fetch_url` requests even though the proxy will
route them correctly.

Add a narrowly-scoped, opt-in trust list on `NetworkPolicyDecider`:

- `with_trusted_fakeip_cidrs(&["198.18.0.0/15"])` registers IPv4 CIDR ranges
  to treat as benign fake-ip placeholders (default: empty — no behavior
  change unless the embedder configures it).
- `is_trusted_fakeip_addr(ip)` matches only those configured ranges.

`validate_dns_resolved_ip` now allows a resolved IP if it is either in a
configured fake-ip range or the host is on the existing trusted-proxy list.
Real private/loopback/link-local/cloud-metadata IPs match neither and stay
blocked, so this does not widen SSRF exposure for default configurations.
Includes CIDR parsing/containment helpers and a unit test covering the
placeholder-allowed / real-private-blocked / nothing-configured cases.
---
 crates/tui/src/network_policy.rs  | 84 +++++++++++++++++++++++++++++++
 crates/tui/src/tools/fetch_url.rs |  8 ++-
 2 files changed, 91 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/network_policy.rs b/crates/tui/src/network_policy.rs
index ba2332df..a36ef2e9 100644
--- a/crates/tui/src/network_policy.rs
+++ b/crates/tui/src/network_policy.rs
@@ -46,6 +46,7 @@
 
 use std::fs::{self, OpenOptions};
 use std::io::Write;
+use std::net::{IpAddr, Ipv4Addr};
 use std::path::{Path, PathBuf};
 use std::sync::{Arc, Mutex};
 
@@ -265,6 +266,27 @@ fn host_matches(entry: &str, normalized_host: &str) -> bool {
     }
 }
 
+/// Parse an IPv4 CIDR string such as `"198.18.0.0/15"` into `(base, prefix)`.
+/// Returns `None` for malformed input or a prefix length above 32.
+fn parse_ipv4_cidr(cidr: &str) -> Option<(Ipv4Addr, u8)> {
+    let (addr, prefix) = cidr.split_once('/')?;
+    let base: Ipv4Addr = addr.trim().parse().ok()?;
+    let prefix: u8 = prefix.trim().parse().ok()?;
+    if prefix > 32 {
+        return None;
+    }
+    Some((base, prefix))
+}
+
+/// Whether `ip` is contained in the `base/prefix` IPv4 CIDR block.
+fn ipv4_in_cidr(ip: Ipv4Addr, base: Ipv4Addr, prefix: u8) -> bool {
+    if prefix == 0 {
+        return true;
+    }
+    let mask: u32 = u32::MAX << (32 - prefix);
+    (u32::from(ip) & mask) == (u32::from(base) & mask)
+}
+
 /// Best-effort writer for the network audit log.
 #[derive(Debug, Clone)]
 pub struct NetworkAuditor {
@@ -415,6 +437,12 @@ pub struct NetworkPolicyDecider {
     policy: NetworkPolicy,
     cache: NetworkSessionCache,
     auditor: Option<NetworkAuditor>,
+    /// IPv4 CIDR ranges that are treated as benign fake-IP placeholders (e.g.
+    /// a transparent-proxy / TUN setup running in `fake-ip` mode, where DNS
+    /// resolves every hostname into a reserved range like `198.18.0.0/15`).
+    /// A resolved IP inside one of these ranges bypasses the restricted-IP SSRF
+    /// block; real private/loopback/link-local/metadata IPs are unaffected.
+    trusted_fakeip_cidrs: Vec<(Ipv4Addr, u8)>,
 }
 
 impl NetworkPolicyDecider {
@@ -425,6 +453,38 @@ impl NetworkPolicyDecider {
             policy,
             cache: NetworkSessionCache::new(),
             auditor,
+            trusted_fakeip_cidrs: Vec::new(),
+        }
+    }
+
+    /// Register IPv4 CIDR ranges to treat as benign fake-IP placeholders.
+    /// Invalid CIDR strings are skipped. See [`Self::is_trusted_fakeip_addr`].
+    #[must_use]
+    pub fn with_trusted_fakeip_cidrs(mut self, cidrs: &[&str]) -> Self {
+        for cidr in cidrs {
+            if let Some(parsed) = parse_ipv4_cidr(cidr) {
+                self.trusted_fakeip_cidrs.push(parsed);
+            }
+        }
+        self
+    }
+
+    /// Whether `ip` falls inside a configured fake-IP placeholder range.
+    ///
+    /// In `fake-ip` proxy/TUN setups the local resolver maps every hostname to
+    /// a reserved range (commonly `198.18.0.0/15`), so the DNS-resolution SSRF
+    /// check would otherwise reject every request. This narrowly trusts only
+    /// those placeholder addresses — real private/loopback/link-local/cloud-
+    /// metadata IPs are *not* matched and stay blocked.
+    #[must_use]
+    pub fn is_trusted_fakeip_addr(&self, ip: &IpAddr) -> bool {
+        match ip {
+            IpAddr::V4(v4) => self
+                .trusted_fakeip_cidrs
+                .iter()
+                .any(|(base, prefix)| ipv4_in_cidr(*v4, *base, *prefix)),
+            // fake-ip placeholders are IPv4-only in practice.
+            IpAddr::V6(_) => false,
         }
     }
 
@@ -643,6 +703,30 @@ mod tests {
         assert!(p.trusts_proxy_fakeip_host("avatars.githubusercontent.com"));
     }
 
+    #[test]
+    fn trusted_fakeip_cidr_allows_placeholder_but_not_real_private() {
+        let decider = NetworkPolicyDecider::new(NetworkPolicy::default(), None)
+            .with_trusted_fakeip_cidrs(&["198.18.0.0/15"]);
+
+        // fake-ip placeholder range (clash default / IETF benchmark) is trusted
+        assert!(decider.is_trusted_fakeip_addr(&"198.18.0.5".parse::<std::net::IpAddr>().unwrap()));
+        assert!(
+            decider.is_trusted_fakeip_addr(&"198.19.255.255".parse::<std::net::IpAddr>().unwrap())
+        );
+
+        // real private / loopback / link-local / cloud-metadata are NOT trusted
+        for ip in ["192.168.1.1", "10.0.0.1", "127.0.0.1", "169.254.169.254"] {
+            assert!(
+                !decider.is_trusted_fakeip_addr(&ip.parse::<std::net::IpAddr>().unwrap()),
+                "{ip} must not be treated as a fake-ip placeholder"
+            );
+        }
+
+        // no ranges configured → nothing trusted
+        let bare = NetworkPolicyDecider::new(NetworkPolicy::default(), None);
+        assert!(!bare.is_trusted_fakeip_addr(&"198.18.0.5".parse::<std::net::IpAddr>().unwrap()));
+    }
+
     #[test]
     fn host_from_url_extracts_host() {
         assert_eq!(
diff --git a/crates/tui/src/tools/fetch_url.rs b/crates/tui/src/tools/fetch_url.rs
index cdf0b128..194392af 100644
--- a/crates/tui/src/tools/fetch_url.rs
+++ b/crates/tui/src/tools/fetch_url.rs
@@ -389,8 +389,14 @@ fn validate_dns_resolved_ip(
         return Ok(());
     }
 
+    // Allow the resolved IP past the restricted-IP block if either:
+    //   * it falls inside a configured fake-IP placeholder range (a TUN /
+    //     transparent-proxy setup in `fake-ip` mode resolves every host into a
+    //     reserved range such as `198.18.0.0/15`), or
+    //   * the host is on the explicitly-trusted proxy list.
+    // Real private/loopback/link-local/metadata IPs match neither and stay blocked.
     if let Some(decider) = decider
-        && decider.trusts_proxy_fakeip_host(host)
+        && (decider.is_trusted_fakeip_addr(ip) || decider.trusts_proxy_fakeip_host(host))
     {
         decider.record_trusted_proxy_fakeip_allow(host, "fetch_url");
         return Ok(());

From af36756e06ca1549ce6d472d19a3f2d9d5734efd Mon Sep 17 00:00:00 2001
From: Ben Gao <bengao168@msn.com>
Date: Mon, 25 May 2026 20:44:28 +0800
Subject: [PATCH 244/283] feat(runtime): bridge user-input events and API to
 external GUI clients

Add SSE event forwarding for UserInputRequired, REST endpoint for submitting user input responses, timeout protection for await_user_input, and fix interrupt_turn to clear active_turn immediately.
---
 crates/tui/src/core/engine/approval.rs | 49 ++++++++++++-----
 crates/tui/src/runtime_api.rs          | 48 +++++++++++++++++
 crates/tui/src/runtime_threads.rs      | 73 +++++++++++++++++++++++++-
 3 files changed, 157 insertions(+), 13 deletions(-)

diff --git a/crates/tui/src/core/engine/approval.rs b/crates/tui/src/core/engine/approval.rs
index ac04900b..b0f866cc 100644
--- a/crates/tui/src/core/engine/approval.rs
+++ b/crates/tui/src/core/engine/approval.rs
@@ -5,10 +5,14 @@
 //! or whenever a tool requests live user input (`await_user_input`). Channels
 //! and engine state stay private to the parent module.
 
+use std::time::Duration;
+
 use crate::core::events::Event;
 use crate::tools::spec::ToolError;
 use crate::tools::user_input::{UserInputRequest, UserInputResponse};
 
+const USER_INPUT_TIMEOUT: Duration = Duration::from_secs(300);
+
 use super::Engine;
 
 #[derive(Debug, Clone)]
@@ -123,22 +127,43 @@ impl Engine {
                         format!("Request cancelled while awaiting user input{suffix}"),
                     ));
                 }
-                decision = self.rx_user_input.recv() => {
-                    let Some(decision) = decision else {
-                        return Err(ToolError::execution_failed(
-                            "User input channel closed".to_string(),
-                        ));
-                    };
-                    match decision {
-                        UserInputDecision::Submitted { id, response } if id == tool_id => {
-                            return Ok(response);
+                result = tokio::time::timeout(USER_INPUT_TIMEOUT, self.rx_user_input.recv()) => {
+                    match result {
+                        Ok(Some(decision)) => {
+                            match decision {
+                                UserInputDecision::Submitted { id, response } if id == tool_id => {
+                                    return Ok(response);
+                                }
+                                UserInputDecision::Cancelled { id } if id == tool_id => {
+                                    return Err(ToolError::execution_failed(
+                                        "User input cancelled".to_string(),
+                                    ));
+                                }
+                                _ => continue,
+                            }
                         }
-                        UserInputDecision::Cancelled { id } if id == tool_id => {
+                        Ok(None) => {
                             return Err(ToolError::execution_failed(
-                                "User input cancelled".to_string(),
+                                "User input channel closed".to_string(),
+                            ));
+                        }
+                        Err(_) => {
+                            let _ = self
+                                .tx_event
+                                .send(Event::Status {
+                                    message: format!(
+                                        "User input timed out after {}s",
+                                        USER_INPUT_TIMEOUT.as_secs()
+                                    ),
+                                })
+                                .await;
+                            return Err(ToolError::execution_failed(
+                                format!(
+                                    "User input timed out after {}s",
+                                    USER_INPUT_TIMEOUT.as_secs()
+                                ),
                             ));
                         }
-                        _ => continue,
                     }
                 }
             }
diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 8754ac78..8c1bca34 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -296,6 +296,25 @@ struct DecideApprovalResponse {
     delivered: bool,
 }
 
+#[derive(Debug, Deserialize)]
+struct SubmitUserInputBody {
+    answers: Vec<UserInputAnswerBody>,
+}
+
+#[derive(Debug, Deserialize)]
+struct UserInputAnswerBody {
+    id: String,
+    label: String,
+    value: String,
+}
+
+#[derive(Debug, Serialize)]
+struct SubmitUserInputResponse {
+    ok: bool,
+    input_id: String,
+    delivered: bool,
+}
+
 #[derive(Debug, Serialize)]
 struct RuntimeInfoResponse {
     bind_host: String,
@@ -500,6 +519,7 @@ pub fn build_router(state: RuntimeApiState) -> Router {
         .route("/v1/threads/{id}/compact", post(compact_thread))
         .route("/v1/threads/{id}/events", get(stream_thread_events))
         .route("/v1/approvals/{approval_id}", post(decide_approval))
+        .route("/v1/user-input/{thread_id}/{input_id}", post(submit_user_input))
         .route("/v1/tasks", get(list_tasks).post(create_task))
         .route("/v1/tasks/{id}", get(get_task))
         .route("/v1/tasks/{id}/cancel", post(cancel_task))
@@ -1015,6 +1035,34 @@ async fn decide_approval(
     }))
 }
 
+async fn submit_user_input(
+    State(state): State<RuntimeApiState>,
+    Path((thread_id, input_id)): Path<(String, String)>,
+    Json(req): Json<SubmitUserInputBody>,
+) -> Result<Json<SubmitUserInputResponse>, ApiError> {
+    use crate::tools::user_input::{UserInputAnswer, UserInputResponse};
+    let answers: Vec<UserInputAnswer> = req
+        .answers
+        .into_iter()
+        .map(|a| UserInputAnswer {
+            id: a.id,
+            label: a.label,
+            value: a.value,
+        })
+        .collect();
+    let response = UserInputResponse { answers };
+    let delivered = state
+        .runtime_threads
+        .submit_user_input(&thread_id, &input_id, response)
+        .await
+        .map_err(|e| ApiError::internal(format!("Failed to submit user input: {e}")))?;
+    Ok(Json(SubmitUserInputResponse {
+        ok: true,
+        input_id,
+        delivered,
+    }))
+}
+
 async fn runtime_info(State(state): State<RuntimeApiState>) -> Json<RuntimeInfoResponse> {
     Json(RuntimeInfoResponse {
         bind_host: state.bind_host.clone(),
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 3b90bc60..1542f450 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -833,6 +833,30 @@ impl RuntimeThreadManager {
         }
     }
 
+    pub async fn submit_user_input(
+        &self,
+        thread_id: &str,
+        input_id: &str,
+        response: crate::tools::user_input::UserInputResponse,
+    ) -> Result<bool> {
+        let active = self.active.lock().await;
+        let Some(state) = active.engines.get(thread_id) else {
+            bail!("thread '{thread_id}' not loaded");
+        };
+        state.engine.submit_user_input(input_id, response).await?;
+        Ok(true)
+    }
+
+    #[allow(dead_code)]
+    pub async fn cancel_user_input(&self, thread_id: &str, input_id: &str) -> Result<bool> {
+        let active = self.active.lock().await;
+        let Some(state) = active.engines.get(thread_id) else {
+            bail!("thread '{thread_id}' not loaded");
+        };
+        state.engine.cancel_user_input(input_id).await?;
+        Ok(true)
+    }
+
     #[allow(dead_code)]
     pub fn pending_approvals_count(&self) -> usize {
         self.pending_approvals
@@ -1704,7 +1728,41 @@ impl RuntimeThreadManager {
         )
         .await?;
 
-        self.store.load_turn(turn_id)
+        let ended_at = Utc::now();
+        let mut turn = self.store.load_turn(turn_id)?;
+        turn.status = RuntimeTurnStatus::Interrupted;
+        turn.ended_at = Some(ended_at);
+        turn.duration_ms = turn.started_at.map(|start| duration_ms(start, ended_at));
+        self.store.save_turn(&turn)?;
+
+        let mut thread = self.get_thread(thread_id).await?;
+        thread.latest_turn_id = Some(turn_id.to_string());
+        thread.updated_at = Utc::now();
+        self.store.save_thread(&thread)?;
+
+        self.emit_event(
+            thread_id,
+            Some(turn_id),
+            None,
+            "turn.completed",
+            json!({ "turn": turn.clone() }),
+        )
+        .await?;
+
+        {
+            let mut active = self.active.lock().await;
+            if let Some(state) = active.engines.get_mut(thread_id)
+                && state
+                    .active_turn
+                    .as_ref()
+                    .is_some_and(|t| t.turn_id == turn_id)
+            {
+                state.active_turn = None;
+            }
+            touch_lru(&mut active.lru, thread_id);
+        }
+
+        Ok(turn)
     }
 
     pub async fn steer_turn(
@@ -2791,6 +2849,19 @@ impl RuntimeThreadManager {
                         }
                     }
                 }
+                EngineEvent::UserInputRequired { id, request } => {
+                    self.emit_event(
+                        &thread_id,
+                        Some(&turn_id),
+                        None,
+                        "user_input.required",
+                        json!({
+                            "id": id,
+                            "request": request,
+                        }),
+                    )
+                    .await?;
+                }
                 EngineEvent::Status { message } => {
                     let item = TurnItemRecord {
                         schema_version: CURRENT_RUNTIME_SCHEMA_VERSION,

From 5994a408a2e174702739ae859a41d5062adf9306 Mon Sep 17 00:00:00 2001
From: Ben Gao <bengao168@msn.com>
Date: Mon, 25 May 2026 21:44:02 +0800
Subject: [PATCH 245/283] fix(runtime): remove redundant turn finalization from
 interrupt_turn

The monitor_turn loop already handles full turn finalization when the
engine shuts down after cancellation, including saving turn status,
usage, error, emitting turn.completed, and clearing active_turn.

Having interrupt_turn also save turn status and emit turn.completed
causes duplicate SSE events and loses usage/error data that
monitor_turn would have captured from TurnComplete.

Keep only the active_turn cleanup so the 409 error is resolved while
monitor_turn remains the single source of truth for turn completion.
---
 crates/tui/src/runtime_threads.rs | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 1542f450..278a129e 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1728,27 +1728,6 @@ impl RuntimeThreadManager {
         )
         .await?;
 
-        let ended_at = Utc::now();
-        let mut turn = self.store.load_turn(turn_id)?;
-        turn.status = RuntimeTurnStatus::Interrupted;
-        turn.ended_at = Some(ended_at);
-        turn.duration_ms = turn.started_at.map(|start| duration_ms(start, ended_at));
-        self.store.save_turn(&turn)?;
-
-        let mut thread = self.get_thread(thread_id).await?;
-        thread.latest_turn_id = Some(turn_id.to_string());
-        thread.updated_at = Utc::now();
-        self.store.save_thread(&thread)?;
-
-        self.emit_event(
-            thread_id,
-            Some(turn_id),
-            None,
-            "turn.completed",
-            json!({ "turn": turn.clone() }),
-        )
-        .await?;
-
         {
             let mut active = self.active.lock().await;
             if let Some(state) = active.engines.get_mut(thread_id)
@@ -1762,7 +1741,7 @@ impl RuntimeThreadManager {
             touch_lru(&mut active.lru, thread_id);
         }
 
-        Ok(turn)
+        self.store.load_turn(turn_id)
     }
 
     pub async fn steer_turn(

From 549ab8a834c63f3f3ead78343c517ca1aba74358 Mon Sep 17 00:00:00 2001
From: Ben Gao <bengao168@msn.com>
Date: Mon, 25 May 2026 21:57:20 +0800
Subject: [PATCH 246/283] fix(runtime): use consistent error handling for user
 input API

- Change 'not loaded' to 'not found' in submit_user_input and
  cancel_user_input so map_thread_err correctly maps to 404
- Use map_thread_err in submit_user_input API endpoint for
  consistent error response (404 for missing thread, 409 for
  conflict, etc.) instead of always returning 500
---
 crates/tui/src/runtime_api.rs     | 2 +-
 crates/tui/src/runtime_threads.rs | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 8c1bca34..52593d2c 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -1055,7 +1055,7 @@ async fn submit_user_input(
         .runtime_threads
         .submit_user_input(&thread_id, &input_id, response)
         .await
-        .map_err(|e| ApiError::internal(format!("Failed to submit user input: {e}")))?;
+        .map_err(map_thread_err)?;
     Ok(Json(SubmitUserInputResponse {
         ok: true,
         input_id,
diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 278a129e..376bbe77 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -841,7 +841,7 @@ impl RuntimeThreadManager {
     ) -> Result<bool> {
         let active = self.active.lock().await;
         let Some(state) = active.engines.get(thread_id) else {
-            bail!("thread '{thread_id}' not loaded");
+            bail!("thread '{thread_id}' not found");
         };
         state.engine.submit_user_input(input_id, response).await?;
         Ok(true)
@@ -851,7 +851,7 @@ impl RuntimeThreadManager {
     pub async fn cancel_user_input(&self, thread_id: &str, input_id: &str) -> Result<bool> {
         let active = self.active.lock().await;
         let Some(state) = active.engines.get(thread_id) else {
-            bail!("thread '{thread_id}' not loaded");
+            bail!("thread '{thread_id}' not found");
         };
         state.engine.cancel_user_input(input_id).await?;
         Ok(true)

From b8439c16fc509db000ec0a5a60d2ad122f155f97 Mon Sep 17 00:00:00 2001
From: Ben Gao <bengao168@msn.com>
Date: Mon, 25 May 2026 22:05:45 +0800
Subject: [PATCH 247/283] fix(runtime): don't clear active_turn in
 interrupt_turn

Clearing active_turn immediately breaks is_interrupt_requested detection
in monitor_turn, causing turn status to be Completed instead of Interrupted.

Let monitor_turn handle the cleanup after it detects the interrupt flag
and performs full finalization with correct status, usage, and error.
---
 crates/tui/src/runtime_threads.rs | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/crates/tui/src/runtime_threads.rs b/crates/tui/src/runtime_threads.rs
index 376bbe77..ca1b7516 100644
--- a/crates/tui/src/runtime_threads.rs
+++ b/crates/tui/src/runtime_threads.rs
@@ -1728,19 +1728,6 @@ impl RuntimeThreadManager {
         )
         .await?;
 
-        {
-            let mut active = self.active.lock().await;
-            if let Some(state) = active.engines.get_mut(thread_id)
-                && state
-                    .active_turn
-                    .as_ref()
-                    .is_some_and(|t| t.turn_id == turn_id)
-            {
-                state.active_turn = None;
-            }
-            touch_lru(&mut active.lru, thread_id);
-        }
-
         self.store.load_turn(turn_id)
     }
 

From e2b58e6b22b0c65fd0cc1739759524dae9e426d8 Mon Sep 17 00:00:00 2001
From: Ben Gao <bengao168@msn.com>
Date: Mon, 25 May 2026 22:25:28 +0800
Subject: [PATCH 248/283] style: fix rustfmt formatting for user-input route

---
 crates/tui/src/runtime_api.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 52593d2c..e7311208 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -519,7 +519,10 @@ pub fn build_router(state: RuntimeApiState) -> Router {
         .route("/v1/threads/{id}/compact", post(compact_thread))
         .route("/v1/threads/{id}/events", get(stream_thread_events))
         .route("/v1/approvals/{approval_id}", post(decide_approval))
-        .route("/v1/user-input/{thread_id}/{input_id}", post(submit_user_input))
+        .route(
+            "/v1/user-input/{thread_id}/{input_id}",
+            post(submit_user_input),
+        )
         .route("/v1/tasks", get(list_tasks).post(create_task))
         .route("/v1/tasks/{id}", get(get_task))
         .route("/v1/tasks/{id}/cancel", post(cancel_task))

From f3def32ef94505890be381188c8735f2fc3f2d4f Mon Sep 17 00:00:00 2001
From: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Date: Tue, 26 May 2026 17:13:54 -0700
Subject: [PATCH 249/283] feat: read global AGENTS.md from ~/.agents/ as
 vendor-neutral fallback

---
 crates/tui/src/project_context.rs | 78 +++++++++++++++++++++++++++----
 1 file changed, 68 insertions(+), 10 deletions(-)

diff --git a/crates/tui/src/project_context.rs b/crates/tui/src/project_context.rs
index 5214acc5..d6c3a4c5 100644
--- a/crates/tui/src/project_context.rs
+++ b/crates/tui/src/project_context.rs
@@ -35,10 +35,13 @@ const PROJECT_CONTEXT_FILES: &[&str] = &[
 
 /// User-level project instructions loaded as a fallback when the workspace and
 /// its parents do not define project context. `.codewhale/` takes priority
-/// over `.deepseek/` for both WHALE.md and AGENTS.md.
+/// over vendor-neutral `.agents/`, which takes priority over legacy
+/// `.deepseek/`, for both WHALE.md and AGENTS.md.
 const GLOBAL_AGENTS_RELATIVE_PATH: &[&str] = &[".codewhale", "AGENTS.md"];
+const GLOBAL_AGENTS_VENDOR_NEUTRAL_PATH: &[&str] = &[".agents", "AGENTS.md"];
 const GLOBAL_AGENTS_LEGACY_PATH: &[&str] = &[".deepseek", "AGENTS.md"];
 const GLOBAL_WHALE_RELATIVE_PATH: &[&str] = &[".codewhale", "WHALE.md"];
+const GLOBAL_WHALE_VENDOR_NEUTRAL_PATH: &[&str] = &[".agents", "WHALE.md"];
 const GLOBAL_WHALE_LEGACY_PATH: &[&str] = &[".deepseek", "WHALE.md"];
 
 /// Maximum size for project context files (to prevent loading huge files)
@@ -437,7 +440,7 @@ fn load_project_context_with_parents_and_home(
         }
     }
 
-    // Always check `~/.deepseek/AGENTS.md` so user-wide preferences
+    // Always check global instruction files so user-wide preferences
     // travel into every session (#1157). When both global and project
     // instructions exist, the global block prepends the project's so
     // workspace overrides win the last word; when only global exists,
@@ -487,12 +490,11 @@ fn load_project_context_with_parents_and_home(
     ctx
 }
 
-/// Combine `~/.deepseek/AGENTS.md` (global, user-wide preferences) with a
-/// project-local AGENTS.md/CLAUDE.md/instructions.md. Global comes first
-/// so workspace-specific rules can override it — the model reads in
-/// declared order. Each block is wrapped in a labelled fence so the
-/// model can tell which level any rule comes from when the two sets
-/// disagree (#1157).
+/// Combine global user-wide preferences with a project-local
+/// AGENTS.md/CLAUDE.md/instructions.md. Global comes first so
+/// workspace-specific rules can override it — the model reads in declared
+/// order. Each block is wrapped in a labelled fence so the model can tell
+/// which level any rule comes from when the two sets disagree (#1157).
 fn merge_global_and_project_instructions(
     global: &str,
     global_source: Option<&Path>,
@@ -514,11 +516,15 @@ fn load_global_agents_context(workspace: &Path, home_dir: Option<&Path>) -> Opti
     // Priority order:
     // 1. ~/.codewhale/WHALE.md      (CodeWhale-native)
     // 2. ~/.codewhale/AGENTS.md     (new config directory)
-    // 3. ~/.deepseek/WHALE.md       (legacy fallback)
-    // 4. ~/.deepseek/AGENTS.md      (legacy fallback)
+    // 3. ~/.agents/WHALE.md         (vendor-neutral fallback)
+    // 4. ~/.agents/AGENTS.md        (vendor-neutral fallback)
+    // 5. ~/.deepseek/WHALE.md       (legacy fallback)
+    // 6. ~/.deepseek/AGENTS.md      (legacy fallback)
     let candidates: &[&[&str]] = &[
         GLOBAL_WHALE_RELATIVE_PATH,
         GLOBAL_AGENTS_RELATIVE_PATH,
+        GLOBAL_WHALE_VENDOR_NEUTRAL_PATH,
+        GLOBAL_AGENTS_VENDOR_NEUTRAL_PATH,
         GLOBAL_WHALE_LEGACY_PATH,
         GLOBAL_AGENTS_LEGACY_PATH,
     ];
@@ -1044,6 +1050,58 @@ mod tests {
         assert_eq!(ctx.source_path, Some(global_agents));
     }
 
+    #[test]
+    fn test_load_global_agents_falls_back_to_vendor_neutral_path() {
+        let workspace = tempdir().expect("workspace tempdir");
+        let home = tempdir().expect("home tempdir");
+        let global_dir = home.path().join(".agents");
+        fs::create_dir(&global_dir).expect("mkdir .agents");
+        let global_agents = global_dir.join("AGENTS.md");
+        fs::write(&global_agents, "Vendor-neutral instructions").expect("write global agents");
+
+        let ctx = load_project_context_with_parents_and_home(workspace.path(), Some(home.path()));
+
+        assert!(ctx.has_instructions());
+        assert!(
+            ctx.instructions
+                .as_ref()
+                .unwrap()
+                .contains("Vendor-neutral instructions")
+        );
+        assert_eq!(ctx.source_path, Some(global_agents));
+    }
+
+    #[test]
+    fn test_codewhale_specific_path_wins_over_agents_path() {
+        let workspace = tempdir().expect("workspace tempdir");
+        let home = tempdir().expect("home tempdir");
+
+        let codewhale_dir = home.path().join(".codewhale");
+        fs::create_dir(&codewhale_dir).expect("mkdir .codewhale");
+        let codewhale_agents = codewhale_dir.join("AGENTS.md");
+        fs::write(&codewhale_agents, "CodeWhale-specific instructions")
+            .expect("write codewhale agents");
+
+        let agents_dir = home.path().join(".agents");
+        fs::create_dir(&agents_dir).expect("mkdir .agents");
+        fs::write(agents_dir.join("AGENTS.md"), "Vendor-neutral instructions")
+            .expect("write vendor-neutral agents");
+
+        let ctx = load_project_context_with_parents_and_home(workspace.path(), Some(home.path()));
+
+        assert!(ctx.has_instructions());
+        let instructions = ctx.instructions.as_ref().unwrap();
+        assert!(
+            instructions.contains("CodeWhale-specific instructions"),
+            "CodeWhale-specific global file should win:\n{instructions}"
+        );
+        assert!(
+            !instructions.contains("Vendor-neutral instructions"),
+            "lower-priority .agents file should be skipped:\n{instructions}"
+        );
+        assert_eq!(ctx.source_path, Some(codewhale_agents));
+    }
+
     #[test]
     fn test_local_and_global_agents_merge_when_both_exist() {
         // #1157: when both `~/.deepseek/AGENTS.md` and a project AGENTS.md

From efb63df66e1ec9a3a5ebe2dd600ddeae1f31cc92 Mon Sep 17 00:00:00 2001
From: Fann Hoo <hufanexplore@163.com>
Date: Sat, 30 May 2026 09:31:13 +0800
Subject: [PATCH 250/283] feat(lsp): add Java and Vue language server defaults

---
 README.md                      |  8 ++---
 README.zh-CN.md                |  2 +-
 config.example.toml            |  7 ++++
 crates/tui/src/lsp/registry.rs | 58 +++++++++++++++++++++++++++++++++-
 docs/ARCHITECTURE.md           |  2 +-
 5 files changed, 70 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 8550d983..3276150e 100644
--- a/README.md
+++ b/README.md
@@ -140,10 +140,10 @@ transcripts stay behind bounded handles through `agent_eval`. See
 [docs/SUBAGENTS.md](docs/SUBAGENTS.md).
 
 The rest of the surface: LSP diagnostics after every edit (rust-analyzer,
-pyright, typescript-language-server, gopls, clangd), RLM sessions for
-batched analysis, MCP protocol, HTTP/SSE runtime API, persistent task
-queue, ACP adapter for Zed, SWE-bench export, and live cost tracking with
-cache hit/miss breakdowns.
+pyright, typescript-language-server, gopls, clangd, jdtls,
+vue-language-server), RLM sessions for batched analysis, MCP protocol,
+HTTP/SSE runtime API, persistent task queue, ACP adapter for Zed,
+SWE-bench export, and live cost tracking with cache hit/miss breakdowns.
 
 ---
 
diff --git a/README.zh-CN.md b/README.zh-CN.md
index f079cc80..68ce3fbd 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -103,7 +103,7 @@ Fin——关闭思考的廉价 Flash 调用——每轮处理模型自动路由
 
 子智能体并发运行（最多 20 个）。`agent_open` 立即返回；结果以内联完成哨兵形式到达，携带摘要。完整对话记录通过 `agent_eval` 的有界句柄保存。详见 [docs/SUBAGENTS.md](docs/SUBAGENTS.md)。
 
-其余功能面：每次编辑后的 LSP 诊断（rust-analyzer、pyright、typescript-language-server、gopls、clangd）、RLM 会话批量分析、MCP 协议、HTTP/SSE 运行时 API、持久化任务队列、Zed 的 ACP 适配器、SWE-bench 导出、以及带缓存命中/未命中明细的实时成本追踪。
+其余功能面：每次编辑后的 LSP 诊断（rust-analyzer、pyright、typescript-language-server、gopls、clangd、jdtls、vue-language-server）、RLM 会话批量分析、MCP 协议、HTTP/SSE 运行时 API、持久化任务队列、Zed 的 ACP 适配器、SWE-bench 导出、以及带缓存命中/未命中明细的实时成本追踪。
 
 ---
 
diff --git a/config.example.toml b/config.example.toml
index e158a023..c309850f 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -543,8 +543,13 @@ default_text_model = "deepseek-ai/deepseek-v4-pro"
 #   go         → gopls serve
 #   python     → pyright-langserver --stdio
 #   typescript → typescript-language-server --stdio
+#   java       → jdtls
+#   vue        → vue-language-server --stdio
 #   c, cpp     → clangd
 #
+# Java support uses Eclipse JDT LS via the `jdtls` command. IntelliJ IDEA is
+# not required, and installing IntelliJ IDEA alone does not install `jdtls`.
+#
 # Override the defaults via the `servers` table below.
 [lsp]
 # enabled = true
@@ -554,6 +559,8 @@ default_text_model = "deepseek-ai/deepseek-v4-pro"
 # [lsp.servers]
 # rust = ["rust-analyzer"]
 # go = ["gopls", "serve"]
+# java = ["jdtls"]
+# vue = ["vue-language-server", "--stdio"]
 
 # ─────────────────────────────────────────────────────────────────────────────────
 # Hooks (optional)
diff --git a/crates/tui/src/lsp/registry.rs b/crates/tui/src/lsp/registry.rs
index c90834b9..cc911862 100644
--- a/crates/tui/src/lsp/registry.rs
+++ b/crates/tui/src/lsp/registry.rs
@@ -18,6 +18,8 @@ pub enum Language {
     Python,
     TypeScript,
     JavaScript,
+    Java,
+    Vue,
     C,
     Cpp,
     Other,
@@ -34,6 +36,8 @@ impl Language {
             Language::Python => "python",
             Language::TypeScript => "typescript",
             Language::JavaScript => "javascript",
+            Language::Java => "java",
+            Language::Vue => "vue",
             Language::C => "c",
             Language::Cpp => "cpp",
             Language::Other => "other",
@@ -42,7 +46,7 @@ impl Language {
 
     /// LSP `languageId` value used in `textDocument/didOpen`. We follow the
     /// LSP-spec values: `rust`, `go`, `python`, `typescript`, `javascript`,
-    /// `c`, `cpp`.
+    /// `java`, `vue`, `c`, `cpp`.
     #[must_use]
     pub fn language_id(self) -> &'static str {
         match self {
@@ -51,6 +55,8 @@ impl Language {
             Language::Python => "python",
             Language::TypeScript => "typescript",
             Language::JavaScript => "javascript",
+            Language::Java => "java",
+            Language::Vue => "vue",
             Language::C => "c",
             Language::Cpp => "cpp",
             Language::Other => "plaintext",
@@ -73,6 +79,8 @@ pub fn detect_language(path: &Path) -> Language {
         "py" | "pyi" => Language::Python,
         "ts" | "tsx" => Language::TypeScript,
         "js" | "jsx" | "mjs" | "cjs" => Language::JavaScript,
+        "java" => Language::Java,
+        "vue" => Language::Vue,
         "c" | "h" => Language::C,
         "cpp" | "cc" | "cxx" | "hpp" | "hxx" | "hh" => Language::Cpp,
         _ => Language::Other,
@@ -91,6 +99,8 @@ pub fn server_for(lang: Language) -> Option<(&'static str, &'static [&'static st
         Language::TypeScript | Language::JavaScript => {
             Some(("typescript-language-server", &["--stdio"]))
         }
+        Language::Java => Some(("jdtls", &[])),
+        Language::Vue => Some(("vue-language-server", &["--stdio"])),
         Language::C | Language::Cpp => Some(("clangd", &[])),
         Language::Other => None,
     }
@@ -132,6 +142,38 @@ mod tests {
         );
     }
 
+    #[test]
+    fn detects_java_extension() {
+        assert_eq!(
+            detect_language(&PathBuf::from("App.java")),
+            Language::Java
+        );
+        assert_eq!(
+            detect_language(&PathBuf::from("APP.JAVA")),
+            Language::Java
+        );
+    }
+
+    #[test]
+    fn detects_vue_extension() {
+        assert_eq!(
+            detect_language(&PathBuf::from("Component.vue")),
+            Language::Vue
+        );
+        assert_eq!(
+            detect_language(&PathBuf::from("COMPONENT.VUE")),
+            Language::Vue
+        );
+    }
+
+    #[test]
+    fn language_ids_for_java_and_vue_match_lsp_values() {
+        assert_eq!(Language::Java.as_key(), "java");
+        assert_eq!(Language::Java.language_id(), "java");
+        assert_eq!(Language::Vue.as_key(), "vue");
+        assert_eq!(Language::Vue.language_id(), "vue");
+    }
+
     #[test]
     fn server_for_rust_is_rust_analyzer() {
         let (cmd, args) = server_for(Language::Rust).expect("rust has a server");
@@ -139,6 +181,20 @@ mod tests {
         assert!(args.is_empty());
     }
 
+    #[test]
+    fn server_for_java_is_jdtls() {
+        let (cmd, args) = server_for(Language::Java).expect("java has a server");
+        assert_eq!(cmd, "jdtls");
+        assert!(args.is_empty());
+    }
+
+    #[test]
+    fn server_for_vue_is_vue_language_server() {
+        let (cmd, args) = server_for(Language::Vue).expect("vue has a server");
+        assert_eq!(cmd, "vue-language-server");
+        assert_eq!(args, &["--stdio"]);
+    }
+
     #[test]
     fn server_for_other_is_none() {
         assert!(server_for(Language::Other).is_none());
diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md
index beeba689..b77394c3 100644
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -156,7 +156,7 @@ drives turns through Chat Completions.
   - `mod.rs` - `LspManager` — lazy per-language transport pool + config
   - `client.rs` - `StdioLspTransport` — JSON-RPC over stdio with `didOpen`/`didChange`/`publishDiagnostics`
   - `diagnostics.rs` - Diagnostic types, severity, and HTML-block renderer
-  - `registry.rs` - Language detection and default server map (rust-analyzer, pyright, gopls, clangd, typescript-language-server)
+  - `registry.rs` - Language detection and default server map (rust-analyzer, pyright, gopls, clangd, typescript-language-server, jdtls, vue-language-server)
   - Wired into the engine via `core/engine/lsp_hooks.rs` — called after every successful edit
 
 ### Security

From a83fa595948dbc2162dd9ea3388983a3e81b7fc0 Mon Sep 17 00:00:00 2001
From: Hunter Bown <hmbown@gmail.com>
Date: Wed, 27 May 2026 05:16:15 -0500
Subject: [PATCH 251/283] fix(tui): keep task shell tools eagerly loaded

---
 crates/tui/src/core/engine/tests.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/crates/tui/src/core/engine/tests.rs b/crates/tui/src/core/engine/tests.rs
index b92f4faf..f26e0564 100644
--- a/crates/tui/src/core/engine/tests.rs
+++ b/crates/tui/src/core/engine/tests.rs
@@ -464,6 +464,16 @@ fn non_yolo_mode_retains_default_defer_policy() {
         AppMode::Agent,
         &always_load
     ));
+    assert!(!should_default_defer_tool(
+        "task_shell_start",
+        AppMode::Agent,
+        &always_load
+    ));
+    assert!(!should_default_defer_tool(
+        "task_shell_wait",
+        AppMode::Agent,
+        &always_load
+    ));
     assert!(should_default_defer_tool(
         "git_show",
         AppMode::Agent,

From c0dd43993cab086bc90b0b71e0aadd75a89e2a7e Mon Sep 17 00:00:00 2001
From: Rocky Zhang <zhangyan.hit@gmail.com>
Date: Sun, 31 May 2026 01:53:02 +0000
Subject: [PATCH 252/283] Add RISC-V (riscv64gc-unknown-linux-gnu) prebuilt
 binary support

Adds riscv64 to build pipelines so CodeWhale ships prebuilt binaries
and npm wrappers for 64-bit RISC-V Linux (glibc) systems.

Changes:

**CI / build**
- release.yml: +2 build matrix entries (codewhale + codewhale-tui for
  riscv64gc-unknown-linux-gnu), cross-compilation toolchain step using
  a dedicated DEB822-format apt source for ports.ubuntu.com, bundle
  step, and release-notes table row.
- nightly.yml: +2 matrix entries, matching cross-compilation setup.
- resolve job: handle workflow_dispatch when the target tag does not
  yet exist (fall back to HEAD SHA).

**Packaging**
- npm/codewhale/scripts/artifacts.js: add riscv64 to ASSET_MATRIX
  under linux so npm install -g codewhale resolves on RISC-V.

**Docs**
- docs/INSTALL.md: add riscv64 row to supported platforms table;
  replace with clearer 'other architectures' wording.

Build strategy: cross-compile from ubuntu-latest (x86_64) using
gcc-riscv64-linux-gnu. The dbus runtime dependency (from the keyring
crate's secret-service backend) is satisfied via ports.ubuntu.com.
PKG_CONFIG_ALLOW_CROSS and a cross-target libdir are set so the
keyring crate finds dbus-1 during cross-compilation.

Docker support for linux/riscv64 is intentionally not added here:
GitHub Actions does not yet provide the infrastructure to build or
emulate riscv64 containers. The Dockerfile changes will follow when
the hosted CI surface supports it.
---
 .github/workflows/nightly.yml      | 33 ++++++++++++++++++++
 .github/workflows/release.yml      | 49 ++++++++++++++++++++++++++++--
 docs/INSTALL.md                    |  3 +-
 npm/codewhale/scripts/artifacts.js |  1 +
 4 files changed, 82 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 53fcd34a..035193ef 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -33,6 +33,10 @@ jobs:
             target: aarch64-unknown-linux-gnu
             binary: codewhale
             artifact_name: codewhale-linux-arm64
+          - os: ubuntu-latest
+            target: riscv64gc-unknown-linux-gnu
+            binary: codewhale
+            artifact_name: codewhale-linux-riscv64
           - os: macos-latest
             target: x86_64-apple-darwin
             binary: codewhale
@@ -54,6 +58,10 @@ jobs:
             target: aarch64-unknown-linux-gnu
             binary: codewhale-tui
             artifact_name: codewhale-tui-linux-arm64
+          - os: ubuntu-latest
+            target: riscv64gc-unknown-linux-gnu
+            binary: codewhale-tui
+            artifact_name: codewhale-tui-linux-riscv64
           - os: macos-latest
             target: x86_64-apple-darwin
             binary: codewhale-tui
@@ -84,8 +92,33 @@ jobs:
             sleep 15
           done
           sudo apt-get install -y libdbus-1-dev pkg-config
+      - name: Install RISC-V cross-compilation toolchain
+        if: matrix.target == 'riscv64gc-unknown-linux-gnu'
+        run: |
+          # Install cross-compiler (available in standard repos)
+          sudo apt-get update
+          sudo apt-get install -y gcc-riscv64-linux-gnu libc6-dev-riscv64-cross
+
+          # Add Ubuntu ports for riscv64 packages
+          . /etc/os-release
+          sudo tee /etc/apt/sources.list.d/riscv64.sources <<SRC
+          Types: deb
+          URIs: http://ports.ubuntu.com/
+          Suites: ${UBUNTU_CODENAME} ${UBUNTU_CODENAME}-updates
+          Components: main universe
+          Architectures: riscv64
+          Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+          SRC
+          sudo dpkg --add-architecture riscv64
+          sudo apt-get update -o Dir::Etc::sourcelist=/etc/apt/sources.list.d/riscv64.sources -o Dir::Etc::sourceparts=- -o APT::Get::List-Cleanup=0
+          sudo apt-get install -y libdbus-1-dev:riscv64
       - name: Build
         shell: bash
+        env:
+          CC_riscv64gc_unknown_linux_gnu: riscv64-linux-gnu-gcc
+          CARGO_TARGET_RISCV64GC_UNKNOWN_LINUX_GNU_LINKER: riscv64-linux-gnu-gcc
+          PKG_CONFIG_ALLOW_CROSS: 1
+          PKG_CONFIG_LIBDIR_riscv64gc_unknown_linux_gnu: /usr/lib/riscv64-linux-gnu/pkgconfig
         run: cargo build --release --locked --target ${{ matrix.target }}
       - name: Stage artifact
         id: stage
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d66a8479..deed8182 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -71,9 +71,15 @@ jobs:
         run: |
           if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]; then
             tag="v${{ inputs.version }}"
-            git fetch --force origin "refs/tags/${tag}:refs/tags/${tag}"
-            sha="$(git rev-list -n 1 "${tag}")"
-            source_ref="${tag}"
+            if git rev-parse "refs/tags/${tag}" >/dev/null 2>&1; then
+              sha="$(git rev-list -n 1 "${tag}")"
+              source_ref="${tag}"
+            else
+              # Tag doesn't exist yet — build from HEAD
+              sha="${GITHUB_SHA}"
+              source_ref="${GITHUB_REF_NAME}"
+              echo "Tag ${tag} not found; building from ${source_ref} @ ${sha}"
+            fi
           else
             tag="${GITHUB_REF_NAME}"
             sha="${GITHUB_SHA}"
@@ -109,6 +115,10 @@ jobs:
             target: aarch64-unknown-linux-gnu
             binary: codewhale
             artifact_name: codewhale-linux-arm64
+          - os: ubuntu-latest
+            target: riscv64gc-unknown-linux-gnu
+            binary: codewhale
+            artifact_name: codewhale-linux-riscv64
           - os: macos-latest
             target: x86_64-apple-darwin
             binary: codewhale
@@ -130,6 +140,10 @@ jobs:
             target: aarch64-unknown-linux-gnu
             binary: codewhale-tui
             artifact_name: codewhale-tui-linux-arm64
+          - os: ubuntu-latest
+            target: riscv64gc-unknown-linux-gnu
+            binary: codewhale-tui
+            artifact_name: codewhale-tui-linux-riscv64
           - os: macos-latest
             target: x86_64-apple-darwin
             binary: codewhale-tui
@@ -204,10 +218,34 @@ jobs:
             sleep 15
           done
           sudo apt-get install -y libdbus-1-dev pkg-config
+      - name: Install RISC-V cross-compilation toolchain
+        if: matrix.target == 'riscv64gc-unknown-linux-gnu'
+        run: |
+          # Install cross-compiler (available in standard repos)
+          sudo apt-get update
+          sudo apt-get install -y gcc-riscv64-linux-gnu libc6-dev-riscv64-cross
+
+          # Add Ubuntu ports for riscv64 packages
+          . /etc/os-release
+          sudo tee /etc/apt/sources.list.d/riscv64.sources <<SRC
+          Types: deb
+          URIs: http://ports.ubuntu.com/
+          Suites: ${UBUNTU_CODENAME} ${UBUNTU_CODENAME}-updates
+          Components: main universe
+          Architectures: riscv64
+          Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+          SRC
+          sudo dpkg --add-architecture riscv64
+          sudo apt-get update -o Dir::Etc::sourcelist=/etc/apt/sources.list.d/riscv64.sources -o Dir::Etc::sourceparts=- -o APT::Get::List-Cleanup=0
+          sudo apt-get install -y libdbus-1-dev:riscv64
       - name: Build
         shell: bash
         env:
           DEEPSEEK_BUILD_SHA: ${{ needs.resolve.outputs.sha }}
+          CC_riscv64gc_unknown_linux_gnu: riscv64-linux-gnu-gcc
+          CARGO_TARGET_RISCV64GC_UNKNOWN_LINUX_GNU_LINKER: riscv64-linux-gnu-gcc
+          PKG_CONFIG_ALLOW_CROSS: 1
+          PKG_CONFIG_LIBDIR_riscv64gc_unknown_linux_gnu: /usr/lib/riscv64-linux-gnu/pkgconfig
         run: cargo build --release --locked --target ${{ matrix.target }}
       - name: Rename binary
         shell: bash
@@ -296,6 +334,10 @@ jobs:
           bundle linux-arm64 \
             codewhale-linux-arm64 codewhale-tui-linux-arm64 tar.gz ""
 
+          # Platform: linux-riscv64
+          bundle linux-riscv64 \
+            codewhale-linux-riscv64 codewhale-tui-linux-riscv64 tar.gz ""
+
           # Platform: macos-x64
           bundle macos-x64 \
             codewhale-macos-x64 codewhale-tui-macos-x64 tar.gz ""
@@ -471,6 +513,7 @@ jobs:
             |---|---|---|
             | Linux x64 | `codewhale-linux-x64.tar.gz` | `install.sh` |
             | Linux ARM64 | `codewhale-linux-arm64.tar.gz` | `install.sh` |
+            | Linux RISC-V | `codewhale-linux-riscv64.tar.gz` | `install.sh` |
             | macOS x64 | `codewhale-macos-x64.tar.gz` | `install.sh` |
             | macOS ARM | `codewhale-macos-arm64.tar.gz` | `install.sh` |
             | Windows x64 | `codewhale-windows-x64.zip` | `install.bat` |
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 473618b5..08ba2f8b 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -19,10 +19,11 @@ these platform/architecture combinations from v0.8.8 onward:
 | ------------ | ------------ | :---------: | :-------------: | ----------------------------------------------------- |
 | Linux        | x64 (x86_64) |     ✅      |       ✅        | `codewhale-linux-x64`, `codewhale-tui-linux-x64`        |
 | Linux        | arm64        |     ✅      |       ✅        | `codewhale-linux-arm64`, `codewhale-tui-linux-arm64`    |
+| Linux        | riscv64      |     ✅      |       ✅        | `codewhale-linux-riscv64`, `codewhale-tui-linux-riscv64`|
 | macOS        | x64          |     ✅      |       ✅        | `codewhale-macos-x64`, `codewhale-tui-macos-x64`        |
 | macOS        | arm64 (M-series) | ✅      |       ✅        | `codewhale-macos-arm64`, `codewhale-tui-macos-arm64`    |
 | Windows      | x64          |     ✅      |       ✅        | `codewhale-windows-x64.exe`, `codewhale-tui-windows-x64.exe` |
-| Other Linux (musl, riscv64, …) | — |   ❌¹    |       ✅²       | build from source                                     |
+| Other Linux (musl, other architectures) | — |   ❌¹    |       ✅²       | build from source                                     |
 | FreeBSD / OpenBSD              | — |   ❌      |       ✅²       | build from source                                     |
 
 ¹ The npm package will exit with a clear error and point you here.
diff --git a/npm/codewhale/scripts/artifacts.js b/npm/codewhale/scripts/artifacts.js
index 10645404..c0a74f4f 100644
--- a/npm/codewhale/scripts/artifacts.js
+++ b/npm/codewhale/scripts/artifacts.js
@@ -7,6 +7,7 @@ const ASSET_MATRIX = {
   linux: {
     x64: ["codewhale-linux-x64", "codewhale-tui-linux-x64"],
     arm64: ["codewhale-linux-arm64", "codewhale-tui-linux-arm64"],
+    riscv64: ["codewhale-linux-riscv64", "codewhale-tui-linux-riscv64"],
   },
   darwin: {
     x64: ["codewhale-macos-x64", "codewhale-tui-macos-x64"],

From 607ec155ec0ba3b2dad48b7493e3f7ac2bfbff49 Mon Sep 17 00:00:00 2001
From: Hu Qiantao <huqiantao@HudeMacBook-Air.local>
Date: Sun, 31 May 2026 12:03:18 +0800
Subject: [PATCH 253/283] feat: per-cell thinking fold/unfold via Space key

Previously, Space on a thinking cell hid it entirely from the transcript.
Now Space toggles between folded (summary preview) and unfolded (full
content) for thinking cells, while other cells retain the existing
hide/show behavior.

Changes:
- Add folded_thinking HashSet to App for per-cell fold tracking
- Add lines_with_options_folded / lines_with_copy_metadata_folded that
  accept an explicit folded flag, overriding the global verbose setting
- Update transcript cache to pass fold state during rendering
- Update Space key handler to toggle fold for thinking cells
- Update affordance text to mention Space for expanding folded thinking

Closes #2348
---
 crates/tui/src/tui/app.rs         |  5 +++++
 crates/tui/src/tui/history.rs     | 30 +++++++++++++++++++++++++++---
 crates/tui/src/tui/transcript.rs  | 10 ++++++++--
 crates/tui/src/tui/ui.rs          | 26 +++++++++++++++++++++-----
 crates/tui/src/tui/ui/tests.rs    |  1 +
 crates/tui/src/tui/widgets/mod.rs |  2 ++
 6 files changed, 64 insertions(+), 10 deletions(-)

diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 64ed98e9..208c5c66 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1495,6 +1495,10 @@ pub struct App {
     /// Transcript cells the user has collapsed (hidden from view).
     /// Stores **original** virtual cell indices (pre-filtering).
     pub collapsed_cells: HashSet<usize>,
+    /// Thinking cells the user has folded (showing summary instead of full
+    /// content). Stores **original** virtual cell indices. Toggled by Space
+    /// when the composer is empty and the cursor is on a thinking cell.
+    pub folded_thinking: HashSet<usize>,
     /// Mapping from filtered cell index → original virtual index.
     /// Populated during `ChatWidget::new` by filtering out collapsed cells.
     /// Used by `build_context_menu_entries` to convert line-meta indices
@@ -2033,6 +2037,7 @@ impl App {
             last_pinned_prefix_hash: None,
             cycle: CycleConfig::default(),
             collapsed_cells: HashSet::new(),
+            folded_thinking: HashSet::new(),
             collapsed_cell_map: Vec::new(),
             edit_in_progress: false,
             lsp_enabled: config.lsp.as_ref().and_then(|l| l.enabled).unwrap_or(true),
diff --git a/crates/tui/src/tui/history.rs b/crates/tui/src/tui/history.rs
index f2ce686e..91ff1a18 100644
--- a/crates/tui/src/tui/history.rs
+++ b/crates/tui/src/tui/history.rs
@@ -249,6 +249,20 @@ impl HistoryCell {
         &self,
         width: u16,
         options: TranscriptRenderOptions,
+    ) -> Vec<Line<'static>> {
+        self.lines_with_options_folded(width, options, false)
+    }
+
+    /// Render with an explicit per-cell fold override for thinking cells.
+    ///
+    /// When `folded` is `true`, the thinking content is collapsed to a
+    /// summary regardless of the `verbose` flag. This enables per-cell
+    /// folding independent of the global `/verbose` toggle.
+    pub fn lines_with_options_folded(
+        &self,
+        width: u16,
+        options: TranscriptRenderOptions,
+        folded: bool,
     ) -> Vec<Line<'static>> {
         match self {
             HistoryCell::Thinking { .. } if !options.show_thinking => Vec::new(),
@@ -261,7 +275,7 @@ impl HistoryCell {
                 width,
                 *streaming,
                 *duration_secs,
-                !options.verbose,
+                folded || !options.verbose,
                 options.low_motion,
             ),
             HistoryCell::Tool(cell) if !options.show_tool_details => {
@@ -303,10 +317,20 @@ impl HistoryCell {
         }
     }
 
+    #[allow(dead_code)]
     pub(crate) fn lines_with_copy_metadata(
         &self,
         width: u16,
         options: TranscriptRenderOptions,
+    ) -> Vec<RenderedTranscriptLine> {
+        self.lines_with_copy_metadata_folded(width, options, false)
+    }
+
+    pub(crate) fn lines_with_copy_metadata_folded(
+        &self,
+        width: u16,
+        options: TranscriptRenderOptions,
+        folded: bool,
     ) -> Vec<RenderedTranscriptLine> {
         match self {
             HistoryCell::User { content } => render_message_with_copy_metadata(
@@ -332,7 +356,7 @@ impl HistoryCell {
                     width,
                 )
             }
-            _ => hard_break_copy_lines(self.lines_with_options(width, options)),
+            _ => hard_break_copy_lines(self.lines_with_options_folded(width, options, folded)),
         }
     }
 
@@ -2215,7 +2239,7 @@ fn render_thinking(
         let label = if streaming {
             "More reasoning in Ctrl+O"
         } else {
-            "Full reasoning in Ctrl+O"
+            "Space to expand · Full reasoning in Ctrl+O"
         };
         lines.push(Line::from(vec![
             Span::styled(REASONING_RAIL.to_string(), rail_style),
diff --git a/crates/tui/src/tui/transcript.rs b/crates/tui/src/tui/transcript.rs
index 53319c96..9a430262 100644
--- a/crates/tui/src/tui/transcript.rs
+++ b/crates/tui/src/tui/transcript.rs
@@ -16,6 +16,7 @@
 //! Width or render-option changes still bust the entire cache (correct: wrap
 //! layout depends on width and which cells are visible at all).
 
+use std::collections::HashSet;
 use std::sync::Arc;
 
 use ratatui::{
@@ -122,19 +123,23 @@ impl TranscriptViewCache {
         width: u16,
         options: TranscriptRenderOptions,
     ) {
-        self.ensure_split(&[cells], cell_revisions, width, options);
+        self.ensure_split(&[cells], cell_revisions, width, options, &HashSet::new());
     }
 
     /// Ensure cached lines match the provided cell shards (logically
     /// concatenated) plus per-cell revisions. Avoids the
     /// `concat-into-Vec<HistoryCell>` clone the caller would otherwise pay
     /// every frame on long transcripts.
+    ///
+    /// `folded_cells` contains original virtual indices of thinking cells
+    /// that should render in their folded (summary) form.
     pub fn ensure_split(
         &mut self,
         cell_shards: &[&[HistoryCell]],
         cell_revisions: &[u64],
         width: u16,
         options: TranscriptRenderOptions,
+        folded_cells: &HashSet<usize>,
     ) {
         let total_cells: usize = cell_shards.iter().map(|s| s.len()).sum();
 
@@ -190,7 +195,8 @@ impl TranscriptViewCache {
                 } else {
                     width
                 };
-                let rendered = cell.lines_with_copy_metadata(render_width, options);
+                let folded = folded_cells.contains(&idx);
+                let rendered = cell.lines_with_copy_metadata_folded(render_width, options, folded);
                 let mut lines = Vec::with_capacity(rendered.len());
                 let mut copy_separators = Vec::with_capacity(rendered.len());
                 let mut copy_prefix_widths = Vec::with_capacity(rendered.len());
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index c5d03744..b4fd5fcc 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -2946,18 +2946,34 @@ async fn run_event_loop(
                 {
                     continue;
                 }
-                // Space toggles collapse/expand of the focused thinking block
-                // when the composer is empty (#1972).
+                // Space toggles fold/unfold of the focused thinking block
+                // when the composer is empty. For thinking cells, toggles
+                // between summary and full content; for other cells, toggles
+                // visibility (#1972, #2348).
                 KeyCode::Char(' ')
                     if key.modifiers == KeyModifiers::NONE && app.input.is_empty() =>
                 {
                     if let Some(idx) = detail_target_cell_index(app) {
-                        if app.collapsed_cells.contains(&idx) {
+                        let is_thinking = app
+                            .history
+                            .get(idx)
+                            .is_some_and(|c| matches!(c, HistoryCell::Thinking { .. }));
+                        if is_thinking {
+                            if app.folded_thinking.contains(&idx) {
+                                app.folded_thinking.remove(&idx);
+                                app.status_message =
+                                    Some("Thinking block expanded".to_string());
+                            } else {
+                                app.folded_thinking.insert(idx);
+                                app.status_message =
+                                    Some("Thinking block folded".to_string());
+                            }
+                        } else if app.collapsed_cells.contains(&idx) {
                             app.collapsed_cells.remove(&idx);
-                            app.status_message = Some("Thinking block expanded".to_string());
+                            app.status_message = Some("Cell expanded".to_string());
                         } else {
                             app.collapsed_cells.insert(idx);
-                            app.status_message = Some("Thinking block collapsed".to_string());
+                            app.status_message = Some("Cell collapsed".to_string());
                         }
                         app.mark_history_updated();
                         app.needs_redraw = true;
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 466bffce..58371f9d 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -3831,6 +3831,7 @@ fn open_tool_details_pager_supports_active_virtual_tool_cell() {
         &[1],
         100,
         app.transcript_render_options(),
+        &app.folded_thinking,
     );
     app.viewport.last_transcript_top = 0;
     app.viewport.last_transcript_visible = 4;
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index 71ba96cc..0cf97cfb 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -156,6 +156,7 @@ impl ChatWidget {
                 &cell_revisions,
                 content_area.width.max(1),
                 render_options,
+                &app.folded_thinking,
             );
         } else {
             // Slow path: clone non-collapsed cells into filtered vecs so
@@ -203,6 +204,7 @@ impl ChatWidget {
                 &filtered_revs,
                 content_area.width.max(1),
                 render_options,
+                &app.folded_thinking,
             );
         }
 

From de3a1f777375787a02bad1653f7598bfa43166a9 Mon Sep 17 00:00:00 2001
From: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Date: Mon, 25 May 2026 00:38:47 -0700
Subject: [PATCH 254/283] feat(tui): FauxStep::Factory for live request-shape
 assertions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #2074

Adds FauxStep::Factory(Box<dyn Fn(&MessageRequest) -> CannedTurn + Send + Sync>)
to MockLlmClient. When a Factory step is dequeued, its closure runs
against the real outgoing MessageRequest before the response stream is
built, so any assert! panic surfaces directly from the client call
instead of later in stream polling.

Internal storage moves from VecDeque<CannedTurn> to VecDeque<FauxStep>,
but every existing public method keeps working:

- MockLlmClient::new(Vec<CannedTurn>) wraps each turn in FauxStep::Canned.
- push_turn(CannedTurn) appends as FauxStep::Canned.

Adds push_factory(closure) for tests that want the Factory branch.

Doc comment on the Factory variant captures the DeepSeek V4
thinking-mode tool-call invariant (the v0.4.9-v0.5.1 reasoning_content
drop that produced HTTP 400 on follow-up turns).

Adds:

- crates/tui/tests/reasoning_content_replayed_after_tool_call.rs — a
  regression test whose factory asserts the assistant tool-call turn
  carries a Thinking content block after a thinking + tool-call round.
- An additional unit test in mock.rs covering create_message_synthesizes_from_factory_turn.

All 20 tests in the new file pass, and the existing
integration_mock_llm suite (27 tests) is unchanged.
---
 crates/tui/src/llm_client/mock.rs             |  67 ++++++++-
 ...soning_content_replayed_after_tool_call.rs | 128 ++++++++++++++++++
 2 files changed, 189 insertions(+), 6 deletions(-)
 create mode 100644 crates/tui/tests/reasoning_content_replayed_after_tool_call.rs

diff --git a/crates/tui/src/llm_client/mock.rs b/crates/tui/src/llm_client/mock.rs
index 2588755d..8dc4043e 100644
--- a/crates/tui/src/llm_client/mock.rs
+++ b/crates/tui/src/llm_client/mock.rs
@@ -63,6 +63,21 @@ use super::{LlmClient, StreamEventBox};
 /// the mock does not require `MessageStart` to be present.
 pub type CannedTurn = Vec<StreamEvent>;
 
+/// A queued mock response step.
+pub enum FauxStep {
+    Canned(CannedTurn),
+    /// Build a canned turn from the live outgoing request.
+    ///
+    /// Tests can assert DeepSeek V4's thinking-mode tool-call invariant here:
+    /// on the assistant turn that produced the previous tool call, the next
+    /// outgoing request must still carry `reasoning_content` (represented in
+    /// this model as a [`ContentBlock::Thinking`] block). If it is missing,
+    /// DeepSeek V4 returns HTTP 400 on the follow-up turn. This guards the
+    /// [v0.4.9-v0.5.1 regression range](https://github.com/Hmbown/CodeWhale/compare/v0.4.9...v0.5.1)
+    /// where that content was dropped.
+    Factory(Box<dyn Fn(&MessageRequest) -> CannedTurn + Send + Sync>),
+}
+
 /// A queue-driven mock LLM client.
 ///
 /// The mock holds a FIFO queue of canned response turns. Each call to
@@ -75,7 +90,7 @@ pub type CannedTurn = Vec<StreamEvent>;
 /// can assert on the outgoing payload (e.g. that prior `reasoning_content` is
 /// preserved across turns).
 pub struct MockLlmClient {
-    canned: Mutex<VecDeque<CannedTurn>>,
+    canned: Mutex<VecDeque<FauxStep>>,
     captured_requests: Mutex<Vec<MessageRequest>>,
     calls: AtomicUsize,
     provider_name: &'static str,
@@ -91,7 +106,7 @@ impl MockLlmClient {
     #[must_use]
     pub fn new(canned: Vec<CannedTurn>) -> Self {
         Self {
-            canned: Mutex::new(canned.into()),
+            canned: Mutex::new(canned.into_iter().map(FauxStep::Canned).collect()),
             captured_requests: Mutex::new(Vec::new()),
             calls: AtomicUsize::new(0),
             provider_name: "mock",
@@ -119,7 +134,22 @@ impl MockLlmClient {
         self.canned
             .lock()
             .expect("MockLlmClient.canned mutex poisoned")
-            .push_back(turn);
+            .push_back(FauxStep::Canned(turn));
+    }
+
+    /// Push a factory step onto the back of the queue.
+    ///
+    /// The closure receives the live outgoing [`MessageRequest`] before the
+    /// response stream is built, so assertions panic directly from the client
+    /// call rather than later while polling the returned stream.
+    pub fn push_factory<F>(&self, factory: F)
+    where
+        F: Fn(&MessageRequest) -> CannedTurn + Send + Sync + 'static,
+    {
+        self.canned
+            .lock()
+            .expect("MockLlmClient.canned mutex poisoned")
+            .push_back(FauxStep::Factory(Box::new(factory)));
     }
 
     /// Push a canned non-streaming `MessageResponse`. Consumed by
@@ -175,13 +205,20 @@ impl MockLlmClient {
         self.calls.fetch_add(1, Ordering::SeqCst);
     }
 
-    fn pop_turn(&self) -> Option<CannedTurn> {
+    fn pop_step(&self) -> Option<FauxStep> {
         self.canned
             .lock()
             .expect("MockLlmClient.canned mutex poisoned")
             .pop_front()
     }
 
+    fn turn_from_step(&self, step: FauxStep, request: &MessageRequest) -> CannedTurn {
+        match step {
+            FauxStep::Canned(turn) => turn,
+            FauxStep::Factory(factory) => factory(request),
+        }
+    }
+
     fn pop_message(&self) -> Option<MessageResponse> {
         self.canned_messages
             .lock()
@@ -207,26 +244,28 @@ impl LlmClient for MockLlmClient {
         }
 
         // Fallback: synthesize a MessageResponse from the next streaming turn.
-        let Some(turn) = self.pop_turn() else {
+        let Some(step) = self.pop_step() else {
             return Err(anyhow!(
                 "MockLlmClient: create_message called but no canned response queued (request #{})",
                 self.calls.load(Ordering::SeqCst)
             ));
         };
 
+        let turn = self.turn_from_step(step, &request);
         Ok(synthesize_message_response(turn, &self.model))
     }
 
     async fn create_message_stream(&self, request: MessageRequest) -> Result<StreamEventBox> {
         self.record_request(&request);
 
-        let Some(turn) = self.pop_turn() else {
+        let Some(step) = self.pop_step() else {
             return Err(anyhow!(
                 "MockLlmClient: create_message_stream called but no canned turn queued (call #{})",
                 self.calls.load(Ordering::SeqCst)
             ));
         };
 
+        let turn = self.turn_from_step(step, &request);
         Ok(stream_from_canned(turn))
     }
 
@@ -561,6 +600,22 @@ mod tests {
         assert_eq!(resp.stop_reason.as_deref(), Some("end_turn"));
     }
 
+    #[tokio::test]
+    async fn create_message_synthesizes_from_factory_turn() {
+        let mock = MockLlmClient::new(Vec::new());
+        mock.push_factory(|request| {
+            assert_eq!(request.model, "mock-model");
+            canned::simple_text_turn("from factory")
+        });
+
+        let resp = mock.create_message(empty_request()).await.unwrap();
+        let text = match &resp.content[0] {
+            ContentBlock::Text { text, .. } => text.clone(),
+            _ => panic!("expected text"),
+        };
+        assert_eq!(text, "from factory");
+    }
+
     #[tokio::test]
     async fn provider_and_model_are_overridable() {
         let mock = MockLlmClient::new(vec![canned::simple_text_turn("x")])
diff --git a/crates/tui/tests/reasoning_content_replayed_after_tool_call.rs b/crates/tui/tests/reasoning_content_replayed_after_tool_call.rs
new file mode 100644
index 00000000..16c0b87f
--- /dev/null
+++ b/crates/tui/tests/reasoning_content_replayed_after_tool_call.rs
@@ -0,0 +1,128 @@
+use futures_util::StreamExt;
+
+#[path = "../src/models.rs"]
+#[allow(dead_code)]
+mod models;
+
+#[path = "support/llm_client.rs"]
+mod llm_client;
+
+use crate::llm_client::LlmClient;
+use crate::llm_client::mock::{MockLlmClient, canned};
+use crate::models::{ContentBlock, Message, MessageRequest};
+
+fn user_message(text: &str) -> Message {
+    Message {
+        role: "user".to_string(),
+        content: vec![ContentBlock::Text {
+            text: text.to_string(),
+            cache_control: None,
+        }],
+    }
+}
+
+fn assistant_thinking_tool_call(
+    thinking: &str,
+    id: &str,
+    name: &str,
+    input: serde_json::Value,
+) -> Message {
+    Message {
+        role: "assistant".to_string(),
+        content: vec![
+            ContentBlock::Thinking {
+                thinking: thinking.to_string(),
+            },
+            ContentBlock::ToolUse {
+                id: id.to_string(),
+                name: name.to_string(),
+                input,
+                caller: None,
+            },
+        ],
+    }
+}
+
+fn tool_result_message(tool_use_id: &str, content: &str) -> Message {
+    Message {
+        role: "user".to_string(),
+        content: vec![ContentBlock::ToolResult {
+            tool_use_id: tool_use_id.to_string(),
+            content: content.to_string(),
+            is_error: None,
+            content_blocks: None,
+        }],
+    }
+}
+
+fn make_request(messages: Vec<Message>) -> MessageRequest {
+    MessageRequest {
+        model: "deepseek-v4-pro".to_string(),
+        messages,
+        max_tokens: 4096,
+        system: None,
+        tools: None,
+        tool_choice: None,
+        metadata: None,
+        thinking: None,
+        reasoning_effort: Some("high".to_string()),
+        stream: Some(true),
+        temperature: None,
+        top_p: None,
+    }
+}
+
+#[tokio::test]
+async fn reasoning_content_is_replayed_after_thinking_tool_call() {
+    let mock = MockLlmClient::new(vec![]);
+
+    mock.push_turn(vec![
+        canned::message_start("r1"),
+        canned::thinking_delta(0, "I should inspect /tmp before answering."),
+        canned::tool_use_block_start(1, "call_a", "list_dir"),
+        canned::tool_input_delta(1, r#"{"path":"/tmp"}"#),
+        canned::block_stop(1),
+        canned::message_delta("tool_use", None),
+        canned::message_stop(),
+    ]);
+
+    mock.push_factory(|request| {
+        let assistant = request
+            .messages
+            .iter()
+            .rev()
+            .find(|message| message.role == "assistant")
+            .expect("follow-up request must include the prior assistant tool-call turn");
+
+        assert!(
+            assistant
+                .content
+                .iter()
+                .any(|block| matches!(block, ContentBlock::Thinking { .. })),
+            "DeepSeek V4 follow-up requests must replay reasoning_content on the assistant tool-call turn"
+        );
+
+        canned::simple_text_turn("I see the /tmp entries.")
+    });
+
+    let mut first = mock
+        .create_message_stream(make_request(vec![user_message("list /tmp")]))
+        .await
+        .expect("first stream opens");
+    while first.next().await.is_some() {}
+
+    let mut second = mock
+        .create_message_stream(make_request(vec![
+            user_message("list /tmp"),
+            assistant_thinking_tool_call(
+                "I should inspect /tmp before answering.",
+                "call_a",
+                "list_dir",
+                serde_json::json!({ "path": "/tmp" }),
+            ),
+            tool_result_message("call_a", "/tmp/file1\n/tmp/file2"),
+        ]))
+        .await
+        .expect("second stream opens");
+    while second.next().await.is_some() {}
+}

From 10d3a0fbd8130b7fca95affb22290dd4941e350a Mon Sep 17 00:00:00 2001
From: Hu Qiantao <huqiantao@HudeMacBook-Air.local>
Date: Sun, 31 May 2026 12:20:42 +0800
Subject: [PATCH 255/283] fix: use XOR for thinking fold toggle relative to
 verbose setting

Change from  to  so Space
toggles the collapsed state relative to the global verbose flag:

- verbose off (default): thinking collapsed; Space unfolds it
- verbose on: thinking expanded; Space folds it

This lets users expand individual thinking blocks even when the global
verbose mode is off, without needing to toggle verbose for all blocks.
---
 crates/tui/src/tui/history.rs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/tui/history.rs b/crates/tui/src/tui/history.rs
index 91ff1a18..3ff95eb5 100644
--- a/crates/tui/src/tui/history.rs
+++ b/crates/tui/src/tui/history.rs
@@ -255,9 +255,10 @@ impl HistoryCell {
 
     /// Render with an explicit per-cell fold override for thinking cells.
     ///
-    /// When `folded` is `true`, the thinking content is collapsed to a
-    /// summary regardless of the `verbose` flag. This enables per-cell
-    /// folding independent of the global `/verbose` toggle.
+    /// Uses XOR with the `verbose` flag so that pressing Space toggles
+    /// the collapsed state *relative* to the global setting:
+    /// - verbose off (default): thinking is collapsed; Space unfolds it
+    /// - verbose on: thinking is expanded; Space folds it
     pub fn lines_with_options_folded(
         &self,
         width: u16,
@@ -275,7 +276,7 @@ impl HistoryCell {
                 width,
                 *streaming,
                 *duration_secs,
-                folded || !options.verbose,
+                folded ^ !options.verbose,
                 options.low_motion,
             ),
             HistoryCell::Tool(cell) if !options.show_tool_details => {

From b35b97ca6d604973ae0ddc9ad172d7c4577ed0c5 Mon Sep 17 00:00:00 2001
From: Hu Qiantao <huqiantao@HudeMacBook-Air.local>
Date: Sun, 31 May 2026 12:27:43 +0800
Subject: [PATCH 256/283] fix: invalidate cache on folded_thinking change and
 fix index mapping

Two bugs in the folded-thinking rendering path:

1. Cache invalidation: changing folded_thinking did not invalidate cached
   cell renders because the cell revision stayed the same. Now track
   folded_cells in the cache and force re-render when it changes.

2. Index mapping: in the slow path (with collapsed cells), the cache idx
   is a filtered position, but folded_cells uses original virtual indices.
   Add original_index_map parameter to ensure_split so fold lookups
   resolve correctly.

Added two regression tests:
- folded_thinking_cache_invalidation: verifies fold/unfold triggers re-render
- folded_thinking_with_collapsed_cells_uses_original_indices: verifies
  correct fold behavior when collapsed_cells filtering is active
---
 crates/tui/src/tui/transcript.rs  | 141 +++++++++++++++++++++++++++++-
 crates/tui/src/tui/ui/tests.rs    |   1 +
 crates/tui/src/tui/widgets/mod.rs |   2 +
 3 files changed, 140 insertions(+), 4 deletions(-)

diff --git a/crates/tui/src/tui/transcript.rs b/crates/tui/src/tui/transcript.rs
index 9a430262..a87ab90f 100644
--- a/crates/tui/src/tui/transcript.rs
+++ b/crates/tui/src/tui/transcript.rs
@@ -74,6 +74,10 @@ struct CachedCell {
 pub struct TranscriptViewCache {
     width: u16,
     options: TranscriptRenderOptions,
+    /// Snapshot of folded_thinking indices from the last `ensure` call.
+    /// When this changes, all cells must be re-rendered because the fold
+    /// state affects the rendered output but not the cell revision.
+    folded_cells: HashSet<usize>,
     /// Per-cell rendered output, indexed by current cell position.
     /// Length always equals the cell count seen on the last `ensure` call.
     per_cell: Vec<CachedCell>,
@@ -95,6 +99,7 @@ impl TranscriptViewCache {
         Self {
             width: 0,
             options: TranscriptRenderOptions::default(),
+            folded_cells: HashSet::new(),
             per_cell: Vec::new(),
             lines: Vec::new(),
             line_meta: Vec::new(),
@@ -123,7 +128,7 @@ impl TranscriptViewCache {
         width: u16,
         options: TranscriptRenderOptions,
     ) {
-        self.ensure_split(&[cells], cell_revisions, width, options, &HashSet::new());
+        self.ensure_split(&[cells], cell_revisions, width, options, &HashSet::new(), None);
     }
 
     /// Ensure cached lines match the provided cell shards (logically
@@ -133,6 +138,10 @@ impl TranscriptViewCache {
     ///
     /// `folded_cells` contains original virtual indices of thinking cells
     /// that should render in their folded (summary) form.
+    ///
+    /// `original_index_map` maps filtered (positional) indices to original
+    /// virtual indices. Required when `collapsed_cells` filtering is active
+    /// so that `folded_cells` lookups resolve to the correct original index.
     pub fn ensure_split(
         &mut self,
         cell_shards: &[&[HistoryCell]],
@@ -140,20 +149,23 @@ impl TranscriptViewCache {
         width: u16,
         options: TranscriptRenderOptions,
         folded_cells: &HashSet<usize>,
+        original_index_map: Option<&[usize]>,
     ) {
         let total_cells: usize = cell_shards.iter().map(|s| s.len()).sum();
 
         let layout_changed = self.width != width || self.options != options;
-        if layout_changed {
+        let folded_changed = self.folded_cells != *folded_cells;
+        if layout_changed || folded_changed {
             self.per_cell.clear();
         }
         self.width = width;
         self.options = options;
+        self.folded_cells = folded_cells.clone();
 
         // Track whether anything actually changed; if all cells are reused at
         // the same indices, we can skip the reflatten.
         let old_len = self.per_cell.len();
-        let mut any_dirty = layout_changed || old_len != total_cells;
+        let mut any_dirty = layout_changed || folded_changed || old_len != total_cells;
         let mut first_dirty: Option<usize> = if old_len != total_cells {
             Some(old_len.min(total_cells))
         } else {
@@ -195,7 +207,10 @@ impl TranscriptViewCache {
                 } else {
                     width
                 };
-                let folded = folded_cells.contains(&idx);
+                let original_idx = original_index_map
+                    .map(|m| *m.get(idx).unwrap_or(&idx))
+                    .unwrap_or(idx);
+                let folded = folded_cells.contains(&original_idx);
                 let rendered = cell.lines_with_copy_metadata_folded(render_width, options, folded);
                 let mut lines = Vec::with_capacity(rendered.len());
                 let mut copy_separators = Vec::with_capacity(rendered.len());
@@ -1012,4 +1027,122 @@ mod tests {
         );
         eprintln!("  ✓ well under 1 MB even for very long sessions");
     }
+
+    #[test]
+    fn folded_thinking_cache_invalidation() {
+        let long_content = "reasoning line\n".repeat(50);
+        let cells = [HistoryCell::Thinking {
+            content: long_content.clone(),
+            streaming: false,
+            duration_secs: Some(1.5),
+        }];
+        let revisions = [1u64];
+        let options = TranscriptRenderOptions {
+            verbose: true, // expanded by default
+            ..TranscriptRenderOptions::default()
+        };
+        let width = 80u16;
+
+        // First render: no folding → full content.
+        let mut cache = TranscriptViewCache::new();
+        cache.ensure_split(&[&cells], &revisions, width, options, &HashSet::new(), None);
+        let full_line_count = cache.total_lines();
+
+        // Second render: fold the thinking cell → should invalidate and
+        // produce fewer lines (collapsed summary).
+        let mut folded = HashSet::new();
+        folded.insert(0usize);
+        cache.ensure_split(&[&cells], &revisions, width, options, &folded, None);
+        let folded_line_count = cache.total_lines();
+
+        assert!(
+            folded_line_count < full_line_count,
+            "folded thinking should render fewer lines: folded={folded_line_count} full={full_line_count}"
+        );
+
+        // Third render: unfold → should restore full content.
+        cache.ensure_split(&[&cells], &revisions, width, options, &HashSet::new(), None);
+        let restored_line_count = cache.total_lines();
+        assert_eq!(
+            restored_line_count, full_line_count,
+            "unfolded thinking should restore full line count"
+        );
+    }
+
+    #[test]
+    fn folded_thinking_with_collapsed_cells_uses_original_indices() {
+        // Two thinking cells: cell 0 and cell 1. Cell 0 is collapsed (hidden).
+        // Fold cell 1 (original index 1). With the filtered index map,
+        // the cache should still fold the correct cell.
+        let cells = [
+            HistoryCell::Thinking {
+                content: "first thinking block\n".repeat(20),
+                streaming: false,
+                duration_secs: Some(1.0),
+            },
+            HistoryCell::Thinking {
+                content: "second thinking block\n".repeat(20),
+                streaming: false,
+                duration_secs: Some(2.0),
+            },
+        ];
+        let revisions = [1u64, 2u64];
+        let options = TranscriptRenderOptions {
+            verbose: true,
+            ..TranscriptRenderOptions::default()
+        };
+        let width = 80u16;
+
+        // No collapsing, no folding — baseline.
+        let mut cache = TranscriptViewCache::new();
+        cache.ensure_split(
+            &[&cells],
+            &revisions,
+            width,
+            options,
+            &HashSet::new(),
+            None,
+        );
+        let baseline = cache.total_lines();
+
+        // Collapse cell 0, fold cell 1. The filtered list has only cell 1
+        // at filtered index 0, but it maps to original index 1.
+        let filtered_cells = [cells[1].clone()];
+        let filtered_revs = [2u64];
+        let index_map: Vec<usize> = vec![1]; // filtered 0 → original 1
+
+        let mut folded = HashSet::new();
+        folded.insert(1usize); // fold original index 1
+
+        let mut cache2 = TranscriptViewCache::new();
+        cache2.ensure_split(
+            &[&filtered_cells],
+            &filtered_revs,
+            width,
+            options,
+            &folded,
+            Some(&index_map),
+        );
+        let folded_filtered = cache2.total_lines();
+
+        // Cell 1 was expanded in baseline; now it should be folded.
+        // We can't compare directly to baseline because baseline had both
+        // cells, but folded_filtered should be less than if cell 1 were
+        // expanded in the filtered view.
+        let mut cache3 = TranscriptViewCache::new();
+        cache3.ensure_split(
+            &[&filtered_cells],
+            &filtered_revs,
+            width,
+            options,
+            &HashSet::new(),
+            Some(&index_map),
+        );
+        let expanded_filtered = cache3.total_lines();
+
+        assert!(
+            folded_filtered < expanded_filtered,
+            "folded cell via index map should render fewer lines: folded={folded_filtered} expanded={expanded_filtered}"
+        );
+    }
 }
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 58371f9d..8d82da33 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -3832,6 +3832,7 @@ fn open_tool_details_pager_supports_active_virtual_tool_cell() {
         100,
         app.transcript_render_options(),
         &app.folded_thinking,
+        None,
     );
     app.viewport.last_transcript_top = 0;
     app.viewport.last_transcript_visible = 4;
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index 0cf97cfb..4ab2cc84 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -157,6 +157,7 @@ impl ChatWidget {
                 content_area.width.max(1),
                 render_options,
                 &app.folded_thinking,
+                None,
             );
         } else {
             // Slow path: clone non-collapsed cells into filtered vecs so
@@ -205,6 +206,7 @@ impl ChatWidget {
                 content_area.width.max(1),
                 render_options,
                 &app.folded_thinking,
+                Some(&app.collapsed_cell_map),
             );
         }
 

From 88000c0481c21b6167ebf22212f048e5c11826f5 Mon Sep 17 00:00:00 2001
From: LeHaiDang <lehaidang6262@gmail.com>
Date: Fri, 29 May 2026 21:34:33 +0700
Subject: [PATCH 257/283] feat: add Vietnamese (vi) localization support

---
 README.ja-JP.md                   |   2 +
 README.md                         |   2 +
 README.vi.md                      | 593 ++++++++++++++++++++++++++++++
 README.zh-CN.md                   |   2 +
 crates/tui/src/commands/change.rs |   1 +
 crates/tui/src/commands/config.rs |   1 +
 crates/tui/src/localization.rs    | 383 ++++++++++++++++++-
 crates/tui/src/prompts.rs         |  22 ++
 docs/LOCALIZATION.md              |   6 +-
 9 files changed, 1002 insertions(+), 10 deletions(-)
 create mode 100644 README.vi.md

diff --git a/README.ja-JP.md b/README.ja-JP.md
index 667aafb5..4fc883d9 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -4,6 +4,8 @@
 
 [English README](README.md)
 [简体中文 README](README.zh-CN.md)
+[Tiếng Việt README](README.vi.md)
+
 
 ## インストール
 
diff --git a/README.md b/README.md
index 3276150e..8abbaacf 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,8 @@
 
 [简体中文 README](README.zh-CN.md)
 [日本語 README](README.ja-JP.md)
+[Tiếng Việt README](README.vi.md)
+
 
 ## Install
 
diff --git a/README.vi.md b/README.vi.md
new file mode 100644
index 00000000..91f39d19
--- /dev/null
+++ b/README.vi.md
@@ -0,0 +1,593 @@
+# 🐳 CodeWhale
+
+> **Agent lập trình gốc terminal dành cho DeepSeek V4. Chương trình chạy từ lệnh `codewhale`, hỗ trợ stream các khối suy nghĩ (reasoning blocks), chỉnh sửa workspace cục bộ thông qua các lớp phê duyệt, và đi kèm chế độ tự động để tự chọn mô hình cũng như mức độ suy nghĩ phù hợp cho mỗi lượt.**
+
+[English README](README.md)
+[简体中文 README](README.zh-CN.md)
+[日本語 README](README.ja-JP.md)
+
+## Cài đặt
+
+`codewhale` được cài đặt dưới dạng một cặp binary tự chạy bằng Rust đồng bộ với nhau:
+Lệnh điều phối `codewhale` (dispatcher) và môi trường chạy giao diện `codewhale-tui` (runtime) do nó khởi chạy để thực hiện các phiên làm việc tương tác. Các trình quản lý gói như npm, Homebrew, và Docker sẽ tự động cài đặt cả hai cho bạn; đối với Cargo hoặc cài đặt thủ công, bạn phải đặt cả hai tệp binary này trong cùng một thư mục (thông thường là một thư mục nằm trong biến môi trường `PATH` của bạn). Gói npm chỉ là một trình cài đặt/bao bọc (wrapper) cho các tệp binary phát hành này; agent không chạy trên môi trường Node.js.
+
+```bash
+# 1. npm — dễ nhất nếu bạn đã cài đặt Node. Gói này sẽ tự động tải các
+#    binary Rust dựng sẵn tương ứng từ GitHub Releases.
+npm install -g codewhale
+
+# 2. Cargo — không cần Node. Yêu cầu phiên bản Rust từ 1.88 trở lên (các crate sử dụng
+#    phiên bản Rust edition 2024; các toolchain cũ hơn sẽ báo lỗi "feature `edition2024` is
+#    required"). Hãy chạy lệnh `rustup update` trước, hoặc sử dụng các cách cài đặt không qua Cargo ở dưới.
+cargo install codewhale-cli --locked   # cài đặt `codewhale` (điểm truy cập CLI chính)
+cargo install codewhale-tui     --locked   # cài đặt `codewhale-tui` (giao diện TUI)
+
+# 3. Homebrew — trình quản lý gói dành cho macOS.
+#    Tên tap/formula là tên cũ (legacy); nó sẽ cài đặt cả codewhale và codewhale-tui.
+brew tap Hmbown/deepseek-tui
+brew install deepseek-tui
+
+# 4. Tải xuống trực tiếp — các gói lưu trữ theo nền tảng từ GitHub Releases.
+#    https://github.com/Hmbown/CodeWhale/releases
+#    Gói nén bao gồm cả codewhale và codewhale-tui cùng một tập lệnh cài đặt.
+#    Các binary riêng lẻ cũng được đính kèm cho các tập lệnh; hãy giữ cặp này ở cùng một nơi.
+
+# 5. Docker — hình ảnh phát hành dựng sẵn.
+docker volume create codewhale-home
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-home:/home/codewhale/.codewhale \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  ghcr.io/hmbown/codewhale:latest
+```
+
+> Tại Trung Quốc đại lục, bạn có thể tăng tốc độ tải qua npm bằng tham số
+> `--registry=https://registry.npmmirror.com`, hoặc sử dụng
+> [Cargo mirror](#china--cai-dat-than-thien-qua-mirror) bên dưới.
+>
+> An toàn tải xuống: Các binary phát hành chính thức chỉ nằm tại
+> `https://github.com/Hmbown/CodeWhale/releases`. Nếu tải thủ công,
+> vui lòng xác minh mã băm SHA-256 manifest và tránh các kho lưu trữ giả mạo hoặc các
+> trang web mirror trên kết quả tìm kiếm. Xem [an toàn tải xuống và mã xác thực](docs/INSTALL.md#2-download-safety-and-checksums).
+
+Đã cài đặt từ trước? Sử dụng lệnh cập nhật tương ứng với cách bạn đã cài đặt:
+
+```bash
+codewhale update                         # trình cập nhật binary phát hành trực tiếp
+npm install -g codewhale@latest      # thông qua trình bao bọc npm
+brew update && brew upgrade deepseek-tui
+cargo install codewhale-cli --locked --force
+cargo install codewhale-tui     --locked --force
+```
+
+[![CI](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml/badge.svg)](https://github.com/Hmbown/CodeWhale/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/codewhale)](https://www.npmjs.com/package/codewhale)
+[![crates.io](https://img.shields.io/crates/v/codewhale-cli?label=crates.io)](https://crates.io/crates/codewhale-cli)
+[Mục lục dự án DeepWiki](https://deepwiki.com/Hmbown/CodeWhale)
+
+![ảnh chụp màn hình codewhale](assets/screenshot.png)
+
+---
+
+## CodeWhale là gì?
+
+Mô hình AI chỉ trả lời câu hỏi. Agent hoàn thành một nhiệm vụ. Sự khác biệt nằm ở
+**khung ràng buộc (harness)** — một hệ thống các quy tắc, bằng chứng và phản hồi giúp giữ cho
+mô hình đi đúng hướng thay vì bị trôi lệch mục tiêu.
+
+CodeWhale chính là khung ràng buộc đó, được xây dựng xung quanh DeepSeek V4 và được dẫn dắt bởi ba ý tưởng chính:
+
+| Nguyên tắc | Cách thức hoạt động |
+|---|---|
+| **Bắt đầu với sự tin tưởng** | Mỗi lượt bắt đầu bằng chữ "A" — tìm kiếm khả năng trước khi khẳng định chắc chắn, chú trọng chất lượng trước sự tiện lợi |
+| **Thẩm quyền rõ ràng** | Một bản Hiến pháp bằng văn bản với chín cấp bậc thẩm quyền. Ý định của người dùng quan trọng hơn các hướng dẫn cũ kỹ. Sự xác minh quan trọng hơn sự tự tin. |
+| **Cải tiến đệ quy** | V4 đã tham gia viết nên một phần của khung ràng buộc này. Khi khung ràng buộc tốt lên, V4 hoạt động hiệu quả hơn — và giúp cải tiến khung ràng buộc hơn nữa. Mỗi lượt chạy mới đều bắt đầu mạnh mẽ hơn. |
+
+Dự án này là mã nguồn mở, hoạt động trực tiếp trên terminal và được đóng gói thành một cặp binary Rust đồng bộ là `codewhale` / `codewhale-tui`.
+
+## Khung Ràng Buộc Hoạt Động Thế Nào?
+
+Các mô hình dạng Agent phải xử lý lượng thông tin xung đột rất lớn trên quy mô lớn: ý định của người dùng, quy tắc dự án, cấu hình mặc định của hệ thống, đầu ra của công cụ và bộ nhớ cũ đều cạnh tranh thẩm quyền trong một lượt chạy duy nhất. LLM hoạt động như một thẩm phán cần có thẩm quyền rõ ràng — nguồn thông tin nào sẽ thắng thế khi xảy ra xung đột?
+
+CodeWhale giải quyết vấn đề này bằng một bản **Hiến pháp** (`prompts/base.md`). Đây là một hệ thống phân cấp luật chính thức — Điều VII xếp hạng chín nguồn thông tin từ các điều khoản của chính Hiến pháp xuống đến thông tin bàn giao từ phiên làm việc trước. Tin nhắn hiện tại của người dùng có thẩm quyền cao hơn các hướng dẫn dự án cũ kỹ. Đầu ra trực tiếp từ công cụ có thẩm quyền cao hơn các giả định. Việc xác minh thực tế có thẩm quyền cao hơn sự tự tin của mô hình. Mô hình kế thừa một chuỗi thẩm quyền rõ ràng qua từng lượt và không bao giờ phải đoán xem nên làm theo chỉ thị nào.
+
+Có bảy điều khoản đứng đầu hệ thống phân cấp này, định nghĩa danh tính, nghĩa vụ và quyền hạn của mô hình: yêu cầu xác minh (Điều V — mọi hành động phải để lại bằng chứng thực tế, không bao giờ tuyên bố thành công dựa trên niềm tin mơ hồ), di sản điều phối (Điều VI — giữ cho workspace dễ đọc để trí tuệ tiếp theo có thể tiếp quản), và điều khoản ưu tiên sự thật (Điều II — không có quy tắc cấp dưới nào được phép ghi đè lên nó).
+
+Bộ nhớ đệm tiền tố (prefix caching) của DeepSeek V4 làm cho điều này trở nên khả thi và thực tế. Bản Hiến pháp rất dài và chi tiết, nhưng một khi đã được cache, nó sẽ tốn ít hơn khoảng 100 lần chi phí cho mỗi lượt so với một lần đọc mới hoàn toàn. Mô hình tham chiếu nó một cách đệ quy — xem qua, quét và truy vấn thông qua các phiên RLM — truy cập lại thông tin theo nhu cầu thay vì chỉ dựa trên một lượt ghi nhớ duy nhất. Nó hoạt động giống như một bài kiểm tra mở sách hơn là kiểm tra đóng sách.
+
+Bởi vì cấu trúc thẩm quyền là tường minh, các lỗi và thất bại không bao giờ bị che giấu. Các mã thoát (exit codes) khác không, lỗi kiểu dữ liệu từ rust-analyzer trả về giữa các lượt, từ chối của sandbox — tất cả đều được đưa ngược lại như các vectơ sửa lỗi. Mô hình sử dụng chính sự chệch hướng của mình để tự sửa sai.
+
+Ba chế độ kiểm soát không gian hành động: **Plan** là chế độ chỉ đọc. **Agent** chặn các thao tác can thiệp thay đổi file đằng sau quyền phê duyệt của người dùng. **YOLO** tự động phê duyệt tất cả các công cụ trong các workspace đáng tin cậy. Chế độ Sandbox hoạt động trên macOS Seatbelt; Linux Landlock đã được phát hiện nhưng chưa được áp dụng bắt buộc; chế độ sandboxing trên Windows hiện chưa được hỗ trợ.
+
+**Fin** — một cuộc gọi Flash giá rẻ và tắt chức năng suy nghĩ — xử lý việc tự động định tuyến mô hình cho mỗi lượt. Tham số mặc định là `--model auto`.
+
+Mỗi lượt chạy đều ghi lại một ảnh chụp nhanh side-git bên ngoài thư mục `.git` của repo. Các lệnh `/restore` và `revert_turn` giúp khôi phục nhanh workspace về trạng thái trước đó.
+
+Các sub-agent chạy đồng thời (tối đa 20). Lệnh `agent_open` trả về kết quả ngay lập tức; kết quả trả về nội tuyến dưới dạng các sentinel hoàn thành kèm theo bản tóm tắt. Nhật ký chi tiết của sub-agent được lưu trữ và truy cập thông qua `agent_eval`. Xem chi tiết tại [docs/SUBAGENTS.md](docs/SUBAGENTS.md).
+
+Các tính năng khác của hệ thống bao gồm: chẩn đoán lỗi LSP sau mỗi lần chỉnh sửa file (rust-analyzer, pyright, typescript-language-server, gopls, clangd), các phiên làm việc RLM để phân tích hàng loạt, giao thức MCP, API runtime HTTP/SSE, hàng đợi tác vụ liên tục, adapter ACP cho trình soạn thảo Zed, xuất kết quả định dạng SWE-bench và theo dõi chi phí trực tiếp với bảng phân tích chi tiết lượt hit/miss cache.
+
+---
+
+## Khung Kết Nối (Harness)
+
+`codewhale` (CLI điều phối) → `codewhale-tui` (binary giao diện) → giao diện ratatui ↔ công cụ bất đồng bộ ↔ máy khách streaming tương thích với OpenAI. Các lượt gọi công cụ được định tuyến qua một registry có phân loại (shell, thao tác file, git, web, sub-agent, MCP, RLM) và kết quả được truyền trực tuyến trở lại transcript. Công cụ quản lý trạng thái phiên làm việc, theo dõi lượt chạy, hàng đợi tác vụ bền bỉ và một phân hệ LSP cung cấp thông tin chẩn đoán sau khi chỉnh sửa vào ngữ cảnh của mô hình trước bước suy nghĩ tiếp theo.
+
+Xem tài liệu [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) để biết chi tiết toàn bộ luồng hoạt động.
+
+### Sub-agents: Khởi chạy Tác vụ Nền Đồng thời
+
+CodeWhale có thể điều phối nhiều sub-agent chạy song song — hoạt động giống như một hàng đợi tác vụ đồng thời:
+
+- **Khởi chạy không chặn:** Lệnh `agent_open` trả về ngay lập tức. Sub-agent con có một ngữ cảnh độc lập mới và hệ thống đăng ký công cụ riêng để chạy tự chủ. Agent cha vẫn tiếp tục làm việc bình thường.
+- **Thực thi dưới nền:** Các sub-agent chạy đồng thời (giới hạn mặc định: 10, có thể cấu hình lên đến 20). Hệ thống tự quản lý pool tài nguyên này mà không cần vòng lặp thăm dò (polling loop).
+- **Thông báo hoàn thành:** Khi một sub-agent hoàn thành, hệ thống sẽ chèn một khóa sentinel `<codewhale:subagent.done>` vào transcript của agent cha. Một bản tóm tắt thân thiện với con người — bao gồm phát hiện của sub-agent con, các file đã thay đổi và các rủi ro có thể xảy ra — nằm ngay dòng phía trên khóa sentinel. Mô hình cha sẽ đọc tóm tắt đó và tích hợp kết quả thu được mà không cần phải thực hiện thêm bất kỳ lệnh gọi công cụ nào khác.
+- **Truy xuất kết quả có giới hạn:** Nhật ký chi tiết của agent con nằm dưới dạng một `transcript_handle` có thể truy cập qua `agent_eval`. Khi bản tóm tắt là chưa đủ, agent cha có thể gọi `handle_read` để đọc một phần, các dòng cụ thể hoặc lọc qua JSONPath — giúp ngữ cảnh của agent cha luôn tinh gọn mà không làm mất đi các chi tiết quan trọng.
+
+Xem thêm tài liệu [docs/SUBAGENTS.md](docs/SUBAGENTS.md) để tham khảo thông tin đầy đủ về sub-agent.
+
+---
+
+## Khởi động nhanh
+
+```bash
+npm install -g codewhale
+codewhale --version
+codewhale --model auto
+```
+
+Cặp binary dựng sẵn và gói nén nền tảng được phát hành cho các kiến trúc **Linux x64**, **Linux ARM64** (từ v0.8.8 trở lên), **macOS x64**, **macOS ARM64**, và **Windows x64**. Đối với các mục tiêu khác (musl, riscv64, FreeBSD, v.v.), xem phần [Cài đặt từ nguồn](#install-from-source) hoặc tài liệu [docs/INSTALL.md](docs/INSTALL.md).
+
+Trong lần chạy đầu tiên, bạn sẽ được nhắc nhập [API key của DeepSeek](https://platform.deepseek.com/api_keys). Khóa này được lưu vào tệp cấu hình `~/.codewhale/config.toml` (tương thích cả tệp cũ `~/.deepseek/config.toml`) để nó hoạt động từ bất kỳ thư mục nào mà không cần nhắc thông tin đăng nhập của hệ điều hành.
+
+Bạn cũng có thể thiết lập trước:
+
+```bash
+codewhale auth set --provider deepseek   # lưu vào ~/.codewhale/config.toml
+codewhale auth status                    # hiển thị nguồn thông tin đăng nhập đang hoạt động
+
+export DEEPSEEK_API_KEY="YOUR_KEY"      # cách thiết lập qua biến môi trường thay thế; sử dụng ~/.zshenv cho terminal không tương tác
+codewhale
+
+codewhale doctor                         # kiểm tra và xác minh thiết lập
+```
+
+Nếu lệnh `codewhale doctor` báo lỗi API key bị từ chối đến từ biến môi trường `DEEPSEEK_API_KEY`, hãy xóa cấu hình xuất biến môi trường cũ trong tệp khởi chạy shell của bạn, mở một shell mới hoặc chạy lệnh `codewhale auth set --provider deepseek`. Sử dụng `codewhale auth status` để xem trạng thái của cấu hình, keyring hệ thống và biến môi trường mà không hiển thị trực tiếp khóa API. Các khóa lưu trong file cấu hình sẽ được ưu tiên cao hơn keyring và môi trường để dễ dàng thay đổi khi cần.
+
+> Để thay đổi hoặc xóa khóa đã lưu: `codewhale auth clear --provider deepseek`.
+
+### Tencent Cloud / CNB Remote-First Path
+
+Đối với không gian làm việc luôn trực tuyến mà bạn có thể điều khiển từ điện thoại, hãy sử dụng đường dẫn gốc của Tencent: CNB mirror/source, Tencent Lighthouse HK, cầu kết nối dài hạn Feishu/Lark, và EdgeOne tùy chọn cho một cổng HTTPS công cộng có kiểm soát. API runtime luôn được giới hạn chạy tại localhost; EdgeOne không được sử dụng để hiển thị công khai đường dẫn `/v1/*`.
+
+Bắt đầu với tài liệu [docs/TENCENT_CLOUD_REMOTE_FIRST.md](docs/TENCENT_CLOUD_REMOTE_FIRST.md), sau đó xem thêm tài liệu [docs/TENCENT_LIGHTHOUSE_HK.md](docs/TENCENT_LIGHTHOUSE_HK.md) để biết các vận hành máy chủ.
+
+### Chế độ Tự động (Auto Mode)
+
+Sử dụng `codewhale --model auto` hoặc gõ lệnh `/model auto` khi bạn muốn hệ thống tự động quyết định sức mạnh của mô hình và cấp độ suy nghĩ cần thiết cho mỗi lượt.
+
+Chế độ tự động điều khiển hai cài đặt cùng nhau:
+
+- Mô hình: `deepseek-v4-flash` hoặc `deepseek-v4-pro`
+- Cấp độ suy nghĩ: `off`, `high`, hoặc `max`
+
+Trước khi lượt gửi chính thức được thực hiện, ứng dụng sẽ thực hiện một cuộc gọi định tuyến nhỏ thông qua mô hình `deepseek-v4-flash` tắt chế độ suy nghĩ. Trình định tuyến đó sẽ đánh giá yêu cầu mới nhất và ngữ cảnh gần đây, từ đó chọn mô hình cụ thể và cấp độ suy nghĩ phù hợp cho lượt gọi thực tế. Các lượt tương tác ngắn/đơn giản sẽ được chạy trên mô hình Flash tắt suy nghĩ; các công việc lập trình phức tạp, gỡ lỗi, phát hành, kiến trúc phần mềm, kiểm tra bảo mật hoặc các tác vụ nhiều bước mơ hồ sẽ được đẩy lên mô hình Pro với cấp độ suy nghĩ cao hơn.
+
+Cơ chế `auto` hoạt động hoàn toàn cục bộ trên máy của bạn. API ở máy chủ upstream không bao giờ nhận được chuỗi `model: "auto"`; nó luôn nhận được mô hình cụ thể và cấu hình suy nghĩ đã được chọn cho lượt chạy đó. Giao diện TUI hiển thị tuyến đường định tuyến được chọn và bộ theo dõi chi phí sẽ tính tiền cho mô hình thực tế đã chạy. Nếu cuộc gọi định tuyến thất bại hoặc trả về câu trả lời không hợp lệ, ứng dụng sẽ chuyển sang thuật toán phỏng đoán cục bộ. Các sub-agent con sẽ kế thừa chế độ tự động này trừ khi bạn chỉ định rõ một mô hình cho chúng.
+
+Hãy chỉ định mô hình hoặc cấp độ suy nghĩ cố định nếu bạn muốn chạy benchmark lặp lại nhất quán, kiểm soát nghiêm ngặt chi phí trần hoặc có cấu hình ánh xạ nhà cung cấp/mô hình tùy chỉnh cụ thể.
+
+### Linux ARM64 (Raspberry Pi, Asahi, Graviton, HarmonyOS PC)
+
+Lệnh cài đặt `npm i -g codewhale` hoạt động trên môi trường Linux ARM64 nền glibc từ phiên bản v0.8.8 trở đi. Bạn cũng có thể tải trực tiếp các tệp binary dựng sẵn từ [trang phát hành Releases](https://github.com/Hmbown/CodeWhale/releases) và đặt chúng cạnh nhau trong một thư mục thuộc biến `PATH`.
+
+### Cài đặt thân thiện qua Mirror (Tại Trung Quốc)
+
+Nếu việc tải xuống từ GitHub hoặc npm bị chậm từ Trung Quốc đại lục, bạn hãy sử dụng mirror registry cho Cargo:
+
+```toml
+# ~/.cargo/config.toml
+[source.crates-io]
+replace-with = "tuna"
+
+[source.tuna]
+registry = "sparse+https://mirrors.tuna.tsinghua.edu.cn/crates.io-index/"
+```
+
+Sau đó cài đặt cả hai binary (trình điều phối sẽ ủy quyền cho TUI tại thời điểm chạy):
+
+```bash
+cargo install codewhale-cli --locked   # cung cấp lệnh `codewhale`
+cargo install codewhale-tui     --locked   # cung cấp giao diện `codewhale-tui`
+codewhale --version
+```
+
+Các binary dựng sẵn cũng có thể được tải từ [GitHub Releases](https://github.com/Hmbown/CodeWhale/releases). Thiết lập biến `DEEPSEEK_TUI_RELEASE_BASE_URL` để sử dụng mirror tải các tệp tài nguyên phát hành.
+
+### Windows (Scoop)
+
+[Scoop](https://scoop.sh) là một trình quản lý gói phổ biến trên Windows. Gói `codewhale` đã được liệt kê trong bucket chính của Scoop, tuy nhiên gói cài đặt này hoạt động độc lập và đôi khi cập nhật chậm hơn các bản phát hành chính thức trên GitHub/npm/Cargo. Chạy lệnh `scoop update` trước, sau đó xác minh phiên bản đã cài bằng `codewhale --version`:
+
+```bash
+scoop update
+scoop install codewhale
+codewhale --version
+```
+
+Vui lòng sử dụng phương pháp npm hoặc tải trực tiếp từ GitHub Releases nếu bạn muốn trải nghiệm phiên bản mới nhất trước khi Scoop cập nhật.
+
+<details id="install-from-source">
+<summary>Cài đặt từ mã nguồn</summary>
+
+Cách này hoạt động trên bất kỳ kiến trúc mục tiêu Tier-1 nào được Rust hỗ trợ — bao gồm cả musl, riscv64, FreeBSD và các bản phân phối ARM64 Linux cũ.
+
+```bash
+# Các thư viện phụ thuộc để build trên Linux (Debian/Ubuntu/RHEL):
+#   sudo apt-get install -y build-essential pkg-config libdbus-1-dev
+#   sudo dnf install -y gcc make pkgconf-pkg-config dbus-devel
+
+git clone https://github.com/Hmbown/CodeWhale.git
+cd CodeWhale
+
+cargo install --path crates/cli --locked   # yêu cầu Rust 1.88+; cung cấp `codewhale`
+cargo install --path crates/tui --locked   # cung cấp giao diện `codewhale-tui`
+```
+
+Cả hai tệp binary đều bắt buộc phải cài đặt. Xem hướng dẫn biên dịch chéo và ghi chú riêng theo nền tảng tại: [docs/INSTALL.md](docs/INSTALL.md).
+
+</details>
+
+### Các Nhà Cung Cấp API Khác
+
+Để xem danh sách đầy đủ tất cả các nhà cung cấp được hỗ trợ chính thức, bao gồm mã định danh mô hình, biến xác thực, URL cơ sở và ranh giới tính năng, xem thêm tài liệu [docs/PROVIDERS.md](docs/PROVIDERS.md).
+
+```bash
+# NVIDIA NIM
+codewhale auth set --provider nvidia-nim --api-key "YOUR_NVIDIA_API_KEY"
+codewhale --provider nvidia-nim
+
+# AtlasCloud
+codewhale auth set --provider atlascloud --api-key "YOUR_ATLASCLOUD_API_KEY"
+codewhale --provider atlascloud
+
+# Wanjie Ark
+codewhale auth set --provider wanjie-ark --api-key "YOUR_WANJIE_API_KEY"
+codewhale --provider wanjie-ark --model deepseek-reasoner
+
+# OpenRouter
+codewhale auth set --provider openrouter --api-key "YOUR_OPENROUTER_API_KEY"
+codewhale --provider openrouter --model deepseek/deepseek-v4-pro
+
+# Novita
+codewhale auth set --provider novita --api-key "YOUR_NOVITA_API_KEY"
+codewhale --provider novita --model deepseek/deepseek-v4-pro
+
+# Fireworks
+codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"
+codewhale --provider fireworks --model deepseek-v4-pro
+
+# Các endpoint tương thích định dạng OpenAI chung
+codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"
+OPENAI_BASE_URL="https://openai-compatible.example/v4" codewhale --provider openai --model glm-5
+
+# Tự host bằng SGLang
+SGLANG_BASE_URL="http://localhost:30000/v1" codewhale --provider sglang --model deepseek-v4-flash
+
+# Tự host bằng vLLM
+VLLM_BASE_URL="http://localhost:8000/v1" codewhale --provider vllm --model deepseek-v4-flash
+# Sử dụng vLLM qua kết nối HTTP trong mạng LAN đáng tin cậy
+DEEPSEEK_ALLOW_INSECURE_HTTP=1 VLLM_BASE_URL="http://192.168.0.110:8000/v1" codewhale --provider vllm --model deepseek-v4-flash
+
+# Tự host bằng Ollama
+ollama pull codewhale-coder:1.3b
+codewhale --provider ollama --model codewhale-coder:1.3b
+```
+
+Bên trong giao diện TUI, lệnh `/provider` mở bảng chọn nhà cung cấp và `/model` mở bảng chọn mô hình/cấp độ suy nghĩ cục bộ. Lệnh `/provider openrouter` và `/model <id>` chuyển đổi trực tiếp, trong khi lệnh `/models` sẽ truy vấn trực tiếp và hiển thị danh sách các mô hình API trực tuyến từ nhà cung cấp (nếu nhà cung cấp hỗ trợ tính năng liệt kê mô hình).
+
+---
+
+## Nhật ký thay đổi (Release Notes)
+
+Chi tiết thay đổi giữa các phiên bản được cập nhật tại [CHANGELOG.md](CHANGELOG.md). File README này chỉ tập trung vào các đường dẫn cài đặt hiện tại, quy trình làm việc cốt lõi, thiết lập nhà cung cấp API, giao diện và các điểm mở rộng tính năng của dự án.
+
+---
+
+## Cách sử dụng
+
+```bash
+codewhale                                         # giao diện tương tác TUI chính
+codewhale "explain this function"                 # thực thi prompt nhanh một lượt
+codewhale exec --auto --output-format stream-json "fix this bug"  # truyền phát luồng dữ liệu NDJSON backend
+codewhale exec --resume <SESSION_ID> "follow up"  # tiếp tục phiên làm việc không tương tác cũ
+codewhale --model deepseek-v4-flash "summarize"   # ghi đè mô hình chạy chỉ định
+codewhale --model auto "fix this bug"             # tự động chọn mô hình và cấp độ suy nghĩ thích hợp
+codewhale --yolo                                  # tự động phê duyệt chạy các công cụ
+codewhale auth set --provider deepseek            # lưu trữ API key
+codewhale doctor                                  # tự động kiểm tra cài đặt và kết nối mạng
+codewhale doctor --json                           # trả về chuẩn đoán định dạng máy đọc được
+codewhale setup --status                          # chỉ đọc trạng thái thiết lập hiện tại
+codewhale setup --tools --plugins                 # tạo sẵn cấu trúc thư mục tool/plugin
+codewhale models                                  # liệt kê các mô hình khả dụng trực tuyến
+codewhale sessions                                # liệt kê các phiên làm việc đã lưu
+codewhale resume --last                           # tiếp tục phiên làm việc gần nhất trong thư mục này
+codewhale resume <SESSION_ID>                     # tiếp tục một phiên làm việc cụ thể theo mã UUID
+codewhale fork <SESSION_ID>                       # tạo một nhánh (fork) phiên làm việc đã lưu sang đường dẫn mới
+codewhale serve --http                            # khởi chạy máy chủ API định dạng HTTP/SSE
+codewhale serve --acp                             # khởi chạy adapter ACP qua stdio cho trình soạn thảo Zed/agent tùy chỉnh
+codewhale run pr <N>                              # tải PR về và nạp sẵn vào prompt đánh giá
+codewhale mcp list                                # liệt kê các máy chủ MCP đã cấu hình
+codewhale mcp validate                            # kiểm tra cấu hình và kết nối máy chủ MCP
+codewhale mcp-server                              # khởi chạy máy chủ MCP điều phối qua cổng stdio
+codewhale update                                  # kiểm tra và cài đặt phiên bản binary mới nhất
+```
+
+### Tạo nhánh phiên làm việc (Branching)
+
+Các phiên làm việc được lưu có thể được phân nhánh một cách có chủ đích. Lệnh `codewhale fork <SESSION_ID>` sao chép toàn bộ phiên làm việc cũ sang một phiên mới song song, lưu trữ mã ID của phiên cha trong siêu dữ liệu (metadata) và mở phiên fork đó ra để bạn có thể thử nghiệm hướng phát triển mới mà không làm ảnh hưởng đến lịch sử phiên làm việc gốc. Trình chọn phiên làm việc và danh sách `codewhale sessions` sẽ đánh dấu rõ ràng các phiên được fork kèm theo mã ID của phiên cha.
+
+Bên trong giao diện TUI, bạn có thể nhấn phím `Esc` hai lần (`Esc-Esc`) để quay ngược lại transcript và đưa prompt cũ về lại phần soạn thảo để chỉnh sửa lại nội dung. Các lệnh `/restore` và `revert_turn` là công cụ khôi phục workspace độc lập: chúng khôi phục lại các tệp tin dựa trên ảnh chụp nhanh side-git nhưng không làm thay đổi hay ghi đè lịch sử trò chuyện của phiên làm việc.
+
+Các hình ảnh Docker được phát hành lên GHCR cho các bản dựng phát hành chính thức:
+
+```bash
+docker volume create codewhale-home
+
+docker run --rm -it \
+  -e DEEPSEEK_API_KEY="$DEEPSEEK_API_KEY" \
+  -v codewhale-home:/home/codewhale/.codewhale \
+  -v "$PWD:/workspace" \
+  -w /workspace \
+  ghcr.io/hmbown/codewhale:latest
+```
+
+Xem tài liệu [docs/DOCKER.md](docs/DOCKER.md) để biết thêm thông tin về thẻ phiên bản (pinned tags), cách tự dựng image cục bộ, lưu ý quyền sở hữu volume và cách sử dụng cho pipeline không tương tác.
+
+### Zed / ACP
+
+DeepSeek có thể chạy dưới dạng một máy chủ Agent Client Protocol (ACP) cục bộ cho các trình soạn thảo mã nguồn hỗ trợ giao tiếp ACP qua cổng stdio. Trong trình soạn thảo Zed, bạn hãy thêm cấu hình máy chủ agent tùy chỉnh sau:
+
+```json
+{
+  "agent_servers": {
+    "DeepSeek": {
+      "type": "custom",
+      "command": "codewhale",
+      "args": ["serve", "--acp"],
+      "env": {}
+    }
+  }
+}
+```
+
+Phân hệ ACP ban đầu hỗ trợ khởi tạo phiên làm việc mới và nhận phản hồi prompt qua cấu hình và API key hiện tại của DeepSeek. Tính năng chỉnh sửa tích hợp công cụ và phát lại checkpoint hiện chưa được hỗ trợ qua giao diện ACP.
+
+Adapter do cộng đồng phát triển: [acp-codewhale-adapter](https://github.com/rockeverm3m/acp-codewhale-adapter) hỗ trợ cầu nối lệnh `codewhale exec --auto` với `cc-connect` cho người dùng cần quy trình làm việc ACP có tích hợp công cụ bên ngoài trình soạn thảo Zed.
+
+### Phím Tắt Tiêu Biểu
+
+| Phím | Hành động |
+|---|---|
+| `Tab` | Hoàn thành gợi ý lệnh `/` hoặc các nhãn tệp `@`; khi đang chạy, xếp tin nhắn nháp vào hàng đợi chạy tiếp theo; hoặc chuyển đổi qua lại giữa các chế độ |
+| `Shift+Tab` | Thay đổi nhanh cấp độ suy nghĩ: off → high → max |
+| `F1` | Mở màn hình trợ giúp phím tắt có thanh tìm kiếm |
+| `Esc` | Quay lại / đóng cửa sổ popup |
+| `Ctrl+K` | Mở bảng lệnh nhanh (Command palette) |
+| `Ctrl+R` | Tiếp tục một phiên làm việc cũ |
+| `Alt+R` | Tìm kiếm lịch sử prompt cũ để khôi phục tin nháp đã xóa |
+| `Ctrl+S` | Cất tin nháp hiện tại vào bộ nhớ tạm (dùng `/stash list`, `/stash pop` để lấy lại) |
+| `@path` | Đính kèm ngữ cảnh file hoặc thư mục trực tiếp tại trình soạn thảo văn bản |
+| `↑` (tại đầu composer) | Chọn hàng tệp tin đính kèm để xóa |
+
+Xem danh sách phím tắt đầy đủ tại: [docs/KEYBINDINGS.md](docs/KEYBINDINGS.md).
+
+---
+
+## Chế độ hoạt động (Modes)
+
+| Chế độ | Hành vi hoạt động |
+| --- | --- |
+| **Plan** 🔍 | Chế độ khảo sát chỉ đọc — mô hình tìm hiểu cấu trúc và đề xuất kế hoạch hành động cụ thể trước khi sửa đổi file; các cuộc khảo sát nhiều bước sử dụng công cụ `checklist_write` |
+| **Agent** 🤖 | Chế độ tương tác mặc định — thực thi tác vụ nhiều bước có kiểm soát đằng sau các cổng phê duyệt; các tác vụ lớn sẽ được theo dõi qua `checklist_write` |
+| **YOLO** ⚡ | Tự động phê duyệt tất cả các lệnh gọi công cụ trong các workspace tin cậy; các tác vụ nhiều bước vẫn duy trì checklist hiển thị trực quan |
+
+---
+
+## Cấu hình
+
+Cấu hình của người dùng lưu tại: `~/.codewhale/config.toml` (tự động fallback về tệp cũ `~/.deepseek/config.toml` nếu có). Cấu hình riêng của dự án ghi đè tại: `<workspace>/.codewhale/config.toml` (hoặc `<workspace>/.deepseek/config.toml`) (lưu ý các trường sau bị cấm ghi đè ở cấp dự án: `api_key`, `base_url`, `provider`, `mcp_config_path`). Tham khảo tệp [config.example.toml](config.example.toml) để xem đầy đủ tất cả cấu hình mẫu.
+
+Các biến môi trường chính:
+
+| Biến môi trường | Mục đích sử dụng |
+|---|---|
+| `DEEPSEEK_API_KEY` | Khóa API key chính |
+| `DEEPSEEK_BASE_URL` | Địa chỉ URL cơ sở của máy chủ API |
+| `DEEPSEEK_HTTP_HEADERS` | Các header tùy chỉnh gửi kèm yêu cầu API, ví dụ `X-Model-Provider-Id=your-model-provider` |
+| `DEEPSEEK_MODEL` | Mô hình mặc định |
+| `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | Thời gian chờ tối đa khi stream bị rảnh (giây), mặc định là `300`, giới hạn trong khoảng `1..=3600` |
+| `CODEWHALE_PROVIDER` / `DEEPSEEK_PROVIDER` | Các nhà cung cấp: `deepseek` (mặc định), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
+| `DEEPSEEK_PROFILE` | Tên cấu hình profile sử dụng |
+| `DEEPSEEK_MEMORY` | Thiết lập là `on` để kích hoạt tính năng tự ghi nhớ thông tin người dùng |
+| `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | Cho phép sử dụng các đường dẫn API dạng `http://` không mã hóa trong các mạng LAN tin cậy |
+| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Thông tin đăng nhập theo từng nhà cung cấp tương ứng |
+| `OPENAI_BASE_URL` / `OPENAI_MODEL` | Điểm cuối (endpoint) và mã mô hình cho nhà cung cấp tương thích định dạng OpenAI chung |
+| `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | Endpoint và mô hình ghi đè cho AtlasCloud |
+| `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Endpoint và mô hình ghi đè cho Wanjie Ark |
+| `OPENROUTER_BASE_URL` | Endpoint ghi đè cho OpenRouter |
+| `NOVITA_BASE_URL` | Endpoint ghi đè cho Novita |
+| `FIREWORKS_BASE_URL` | Endpoint ghi đè cho Fireworks |
+| `SGLANG_BASE_URL` | Endpoint cho máy chủ SGLang tự host |
+| `SGLANG_MODEL` | Mã mô hình cho máy chủ SGLang tự host |
+| `VLLM_BASE_URL` | Endpoint cho máy chủ vLLM tự host |
+| `VLLM_MODEL` | Mã mô hình cho máy chủ vLLM tự host |
+| `OLLAMA_BASE_URL` | Endpoint cho máy chủ Ollama tự host |
+| `OLLAMA_MODEL` | Thẻ mô hình (model tag) cho máy chủ Ollama tự host |
+| `NO_ANIMATIONS=1` | Bắt buộc chạy ở chế độ hỗ trợ khả năng tiếp cận (Accessibility mode), tắt hiệu ứng khi khởi động |
+| `SSL_CERT_FILE` | Đường dẫn file CA bundle tùy chỉnh khi sử dụng proxy nội bộ doanh nghiệp |
+
+Thiết lập thuộc tính `locale` trong file `settings.toml`, sử dụng lệnh `/config locale vi`, hoặc dựa vào cài đặt biến `LC_ALL`/`LANG` của hệ điều hành để lựa chọn ngôn ngữ cho giao diện TUI và ngôn ngữ nhắc nhở gửi kèm tới các mô hình V4. Tin nhắn mới nhất của người dùng vẫn có mức độ ưu tiên cao nhất để mô hình tự động chọn ngôn ngữ phản hồi tương ứng, do đó các câu hỏi bằng Tiếng Việt của người dùng vẫn sẽ luôn nhận được câu trả lời bằng Tiếng Việt ngay cả khi hệ điều hành đang thiết lập giao diện hiển thị mặc định bằng tiếng Anh. Xem tài liệu hướng dẫn cấu hình tại [docs/CONFIGURATION.md](docs/CONFIGURATION.md) và [docs/MCP.md](docs/MCP.md).
+
+---
+
+## Mô hình & Giá cả
+
+| Mô hình | Ngữ cảnh | Đầu vào (Hit Cache) | Đầu vào (Miss Cache) | Đầu ra |
+|---|---|---|---|---|
+| `deepseek-v4-pro` | 1M | $0.003625 / 1M | $0.435 / 1M | $0.87 / 1M |
+| `deepseek-v4-flash` | 1M | $0.0028 / 1M | $0.14 / 1M | $0.28 / 1M |
+
+Nền tảng DeepSeek mặc định sử dụng đường dẫn `https://api.deepseek.com/beta` để bạn có thể trải nghiệm các tính năng API beta mà không cần thiết lập cấu hình phức tạp. Thiết lập thuộc tính `base_url = "https://api.deepseek.com"` nếu muốn tắt tính năng này.
+
+Các tên định danh cũ `deepseek-chat` / `deepseek-reasoner` sẽ được tự động ánh xạ đến `deepseek-v4-flash` và sẽ chính thức dừng hoạt động sau ngày 24 tháng 7 năm 2026. Các biến thể NVIDIA NIM sẽ áp dụng theo điều khoản tài khoản NVIDIA của bạn.
+
+> [!Note]
+> Trang cấu trúc giá của DeepSeek hiện đã cập nhật bảng giá trên của dòng V4 Pro làm mức giá cố định vĩnh viễn: Chương trình khuyến mãi giảm giá 75% trước đó đã được chính thức tích hợp thẳng vào giá cơ sở từ sau khi thời hạn khuyến mãi kết thúc vào lúc 15:59 UTC ngày 31 tháng 5 năm 2026. Trình tính toán chi phí trên giao diện TUI của CodeWhale đã cập nhật các giá trị mới này, do đó bạn không cần thực hiện thêm thay đổi nào. Để theo dõi các thay đổi giá trong tương lai, vui lòng tham khảo [trang giá chính thức của DeepSeek](https://api-docs.deepseek.com/zh-cn/quick_start/pricing).
+
+---
+
+## Chia Sẻ Skill Tự Viết
+
+CodeWhale sẽ tự động quét và tìm kiếm các skill được định nghĩa từ các thư mục của dự án (`.agents/skills` → `skills` → `.opencode/skills` → `.claude/skills` → `.cursor/skills`) và các thư mục cấu hình toàn cục (`~/.agents/skills` → `~/.claude/skills` → `~/.codewhale/skills` → `~/.deepseek/skills`). Mỗi skill là một thư mục chứa một tệp tin `SKILL.md`:
+
+```text
+~/.agents/skills/my-skill/
+└── SKILL.md
+```
+
+Yêu cầu định nghĩa phần Frontmatter ở đầu file:
+
+```markdown
+---
+name: my-skill
+description: Sử dụng skill này khi bạn muốn DeepSeek tuân thủ theo quy trình làm việc tùy chỉnh của tôi.
+---
+
+# My Skill
+Các hướng dẫn chi tiết dành cho agent được viết tại đây.
+```
+
+Các lệnh tương tác: `/skills` (liệt kê), `/skill <name>` (kích hoạt), `/skill new` (tạo khung mẫu), `/skill install github:<owner>/<repo>` (cài đặt từ cộng đồng GitHub), `/skill update` / `uninstall` / `trust` để quản lý. Cài đặt các skill từ cộng đồng GitHub không yêu cầu chạy thêm bất kỳ dịch vụ nền nào. Các skill sau khi cài đặt sẽ hiển thị trong phần ngữ cảnh phiên làm việc mà mô hình AI có thể đọc được; agent có thể tự chọn skill phù hợp qua công cụ `load_skill` khi nhiệm vụ của bạn khớp với phần mô tả của skill.
+
+Trong lần chạy đầu tiên, chương trình cũng tự động cài đặt sẵn một số skill hệ thống cho các quy trình phổ biến:
+`skill-creator`, `delegate`, `v4-best-practices`, `plugin-creator`, `skill-installer`, `mcp-builder`, `documents`, `presentations`, `spreadsheets`, `pdf`, và `feishu`. Các skill này nằm trong thư mục `~/.codewhale/skills` (hoặc thư mục cũ `~/.deepseek/skills`) và được quản lý phiên bản để các bản nâng cấp mới được cài đặt tự động mà không làm ảnh hưởng đến các skill do người dùng tự chủ động xóa trước đó.
+
+---
+
+## Tài liệu hướng dẫn
+
+| Tài liệu | Chủ đề chi tiết |
+|---|---|
+| [ARCHITECTURE.md](docs/ARCHITECTURE.md) | Cấu trúc bên trong của cơ sở mã nguồn |
+| [CONFIGURATION.md](docs/CONFIGURATION.md) | Hướng dẫn cấu hình chi tiết và đầy đủ nhất |
+| [MODES.md](docs/MODES.md) | Các chế độ hoạt động: Plan / Agent / YOLO |
+| [MCP.md](docs/MCP.md) | Tích hợp giao thức Model Context Protocol |
+| [RUNTIME_API.md](docs/RUNTIME_API.md) | Hướng dẫn sử dụng máy chủ API HTTP/SSE |
+| [INSTALL.md](docs/INSTALL.md) | Hướng dẫn cài đặt riêng theo từng nền tảng |
+| [DOCKER.md](docs/DOCKER.md) | Sử dụng Docker image trên GHCR, volume lưu trữ |
+| [CNB_MIRROR.md](docs/CNB_MIRROR.md) | CNB mirror và các lưu ý cài đặt tại Trung Quốc |
+| [TENCENT_CLOUD_REMOTE_FIRST.md](docs/TENCENT_CLOUD_REMOTE_FIRST.md) | Hướng dẫn kết nối Tencent/CNB/Lighthouse/Feishu từ xa |
+| [TENCENT_LIGHTHOUSE_HK.md](docs/TENCENT_LIGHTHOUSE_HK.md) | Thiết lập máy chủ Lighthouse Hồng Kông |
+| [MEMORY.md](docs/MEMORY.md) | Hướng dẫn tính năng tự ghi nhớ thông tin người dùng |
+| [SUBAGENTS.md](docs/SUBAGENTS.md) | Phân loại vai trò và vòng đời của các sub-agent con |
+| [KEYBINDINGS.md](docs/KEYBINDINGS.md) | Danh sách phím tắt đầy đủ |
+| [RELEASE_RUNBOOK.md](docs/RELEASE_RUNBOOK.md) | Quy trình đóng gói và phát hành phiên bản mới |
+| [LOCALIZATION.md](docs/LOCALIZATION.md) | Ma trận đa ngôn ngữ giao diện & cách chuyển đổi |
+| [OPERATIONS_RUNBOOK.md](docs/OPERATIONS_RUNBOOK.md) | Vận hành và phục hồi hệ thống |
+
+Lịch sử cập nhật chi tiết: [CHANGELOG.md](CHANGELOG.md).
+
+---
+
+## Lời cảm ơn
+
+- **[DeepSeek](https://github.com/deepseek-ai)** — Xin chân thành cảm ơn sự hỗ trợ và các mô hình AI mạnh mẽ giúp tiếp sức cho mọi tương tác trong dự án. 感谢 DeepSeek 提供模型与支持，让每一次交互成为可能。
+- **[DataWhale](https://github.com/datawhalechina)** 🐋 — Xin cảm ơn sự hỗ trợ nhiệt tình và đã chào đón chúng tôi gia nhập gia đình lớn "Whale Brother". 感谢 DataWhale 的支持，并欢迎 chúng tôi gia nhập “鲸兄弟”大家庭。
+- **[OpenWarp](https://github.com/zerx-lab/warp)** — Cảm ơn vì đã ưu tiên hỗ trợ codewhale và hợp tác để mang lại trải nghiệm agent terminal tốt hơn.
+- **[Open Design](https://github.com/nexu-io/open-design)** — Cảm ơn vì sự hỗ trợ và hợp tác xung quanh quy trình làm việc chú trọng thiết kế của agent.
+
+Dự án này được phát triển và vận hành trơn tru với sự đóng góp của cộng đồng các nhà phát triển ngày càng lớn mạnh:
+
+- **[merchloubna70-dot](https://github.com/merchloubna70-dot)** — Đóng góp 28 PR bao gồm tính năng mới, sửa lỗi và dựng sẵn extension cho VS Code (#645–#681)
+- **[WyxBUPT-22](https://github.com/WyxBUPT-22)** — Xây dựng trình kết xuất Markdown hỗ trợ bảng biểu, chữ đậm/nghiêng và đường kẻ ngang (#579)
+- **[loongmiaow-pixel](https://github.com/loongmiaow-pixel)** — Tài liệu cài đặt cho Windows và Trung Quốc (#578)
+- **[20bytes](https://github.com/20bytes)** — Cải tiến tài liệu tính năng tự ghi nhớ và giao diện trợ giúp (#569)
+- **[staryxchen](https://github.com/staryxchen)** — Kiểm tra độ tương thích của thư viện glibc trước khi chạy (#556)
+- **[Vishnu1837](https://github.com/Vishnu1837)** — Tối ưu hóa tính tương thích glibc và tự phục hồi trạng thái terminal khi nhận tín hiệu SIGINT/SIGTERM (#565, #1586)
+- **[shentoumengxin](https://github.com/shentoumengxin)** — Kiểm tra hợp lệ ranh giới thư mục làm việc `cwd` của Shell (#524)
+- **[toi500](https://github.com/toi500)** — Báo cáo và sửa lỗi dán văn bản trên hệ điều hành Windows
+- **[xsstomy](https://github.com/xsstomy)** — Báo cáo lỗi vẽ lại màn hình khi khởi động terminal
+- **Melody0709** — Báo cáo lỗi kích hoạt phím Enter với tiền tố lệnh gạch chéo
+- **[lloydzhou](https://github.com/lloydzhou)** và **[jeoor](https://github.com/jeoor)** — Báo cáo lỗi chi phí nén dữ liệu; lloydzhou cũng đóng góp ngữ cảnh môi trường xác định (#813, #922) và ổn định bộ nhớ đệm KV prefix-cache (#1080)
+- **[Agent-Skill-007](https://github.com/Agent-Skill-007)** — Tinh chỉnh diễn đạt rõ ràng cho file giới thiệu README (#685)
+- **[woyxiang](https://github.com/woyxiang)** — Tài liệu hướng dẫn cài đặt qua Scoop trên Windows (#696)
+- **[wangfeng](mailto:wangfengcsu@qq.com)** — Cập nhật thông tin giá cả và chương trình khuyến mãi (#692)
+- **[zichen0116](https://github.com/zichen0116)** — Xây dựng tài liệu quy tắc ứng xử cộng đồng CODE_OF_CONDUCT.md (#686)
+- **[dfwqdyl-ui](https://github.com/dfwqdyl-ui)** — Báo cáo tính tương thích chữ hoa/thường của ID mô hình (#729)
+- **[Oliver-ZPLiu](https://github.com/Oliver-ZPLiu)** — Báo cáo lỗi trạng thái `working...` bị kẹt, cơ chế dự phòng khay nhớ tạm (clipboard) trên Windows, sửa lỗi phiên kết nối HTTP dạng MCP Streamable, và tự động hóa brew tap (#738, #850, #1643, #1631)
+- **[reidliu41](https://github.com/reidliu41)** — Ý tưởng gợi ý tiếp tục phiên, lưu trữ độ tin cậy workspace, hỗ trợ nhà cung cấp Ollama, hoàn thiện stream khối suy nghĩ, tăng cường cache cho CI, xử lý wrap dòng stream, và hoàn thành tính năng autocomplete cho DeepSeek (#863, #870, #921, #1078, #1603, #1628, #1601)
+- **[xieshutao](https://github.com/xieshutao)** — Cơ chế dự phòng skill dạng Markdown thuần (#869)
+- **[GK012](https://github.com/GK012)** — Cơ chế dự phòng lệnh `--version` của wrapper npm (#885)
+- **[y0sif](https://github.com/y0sif)** — Xử lý đánh thức vòng lặp agent cha sau khi các sub-agent con hoàn thành tác vụ (#901)
+- **[mac119](https://github.com/mac119)** và **[leo119](https://github.com/leo119)** — Viết tài liệu hướng dẫn cho lệnh `codewhale update` (#838, #917)
+- **[dumbjack](https://github.com/dumbjack)** / **浩淼的mac** — Tăng cường bảo mật chống mã độc qua lệnh shell byte rỗng (#706, #918)
+- **macworkers** — Cải tiến xác nhận rẽ nhánh (fork) kèm mã phiên làm việc mới (#600, #919)
+- **zero** và **[zerx-lab](https://github.com/zerx-lab)** — Cấu hình điều kiện nhận thông báo và làm phong phú nội dung thông báo qua OSC 9 (#820, #920)
+- **[chnjames](https://github.com/chnjames)** — Gợi ý hoàn thành @mentions từ cache, cải tiến phục hồi file cấu hình lỗi, và hiển thị chuẩn UTF-8 cho Shell trên Windows (#849, #927, #982, #1018)
+- **[angziii](https://github.com/angziii)** — Bảo mật cấu hình, dọn dẹp tài nguyên bất đồng bộ, tăng cường bảo mật Docker và vá lỗi an toàn thực thi lệnh (#822, #824, #827, #831, #833, #835, #837)
+- **[elowen53](https://github.com/elowen53)** — Giải mã UTF-8 và bổ sung các ca kiểm thử xác định (#825, #840)
+- **[wdw8276](https://github.com/wdw8276)** — Bổ sung lệnh `/rename` để đổi tên tiêu đề phiên làm việc tùy chỉnh (#836)
+- **[banqii](https://github.com/banqii)** — Hỗ trợ đường dẫn tìm kiếm skill dạng `.cursor/skills` (#817)
+- **[junskyeed](https://github.com/junskyeed)** — Tính toán động giá trị `max_tokens` cho các yêu cầu API (#826)
+- **Hafeez Pizofreude** — Triển khai cơ chế chống tấn công SSRF trong công cụ `fetch_url` và biểu đồ lịch sử Star History.
+- **Unic (YuniqueUnic)** — Xây dựng giao diện cấu hình tự động dựa trên schema (cả TUI và web).
+- **Jason** — Tăng cường bảo mật an toàn mạng chống tấn công giả mạo yêu cầu từ phía máy chủ (SSRF).
+- **[axobase001](https://github.com/axobase001)** — Dọn dẹp snapshot mồ côi, bổ sung bộ bảo vệ khi cài npm, sửa lỗi đo lường phiên làm việc, xóa cache phạm vi mô hình, hỗ trợ các liên kết tượng trưng (symlinks) cho skill, hướng dẫn cơ chế thoát lỗi cài đặt npm mirror, và duy trì cấu hình proxy cho các tác vụ con (#975, #1032, #1047, #1049, #1052, #1019, #1051, #1056, #1608)
+- **[MengZ-super](https://github.com/MengZ-super)** — Xây dựng nền tảng cho lệnh `/theme` và giải nén dữ liệu nén dạng gzip/brotli cho kết nối SSE (#1057, #1061)
+- **[DI-HUO-MING-YI](https://github.com/DI-HUO-MING-YI)** — Vá lỗi bảo mật sandbox chỉ đọc trong chế độ Plan (#1077)
+- **[bevis-wong](https://github.com/bevis-wong)** — Cung cấp ca tái hiện chính xác lỗi tự động gửi tin khi dán văn bản kèm ký tự xuống dòng (#1073)
+- **[Duducoco](https://github.com/Duducoco)** và **[AlphaGogoo](https://github.com/AlphaGogoo)** — Xây dựng thanh menu gạch chéo cho skill và sửa lỗi bao phủ lệnh `/skills` (#1068, #1083)
+- **[ArronAI007](https://github.com/ArronAI007)** — Sửa lỗi hiển thị tài nguyên artifact khi thay đổi kích thước cửa sổ trên macOS Terminal.app và ConHost (#993)
+- **[THINKER-ONLY](https://github.com/THINKER-ONLY)** — Duy trì mã mô hình tùy chỉnh cho OpenRouter và endpoint riêng (#1066)
+- **[Jefsky](https://github.com/Jefsky)** — Báo cáo sửa lỗi địa chỉ endpoint chính thức của DeepSeek (#1079, #1084)
+- **[wlon](https://github.com/wlon)** — Chẩn đoán và ưu tiên lựa chọn khóa xác thực cho nhà cung cấp NVIDIA NIM (#1081)
+- **[Horace Liu](https://github.com/liuhq)** — Đóng gói hỗ trợ Nix package và viết tài liệu hướng dẫn cài đặt (#1173)
+- **[jieshu666](https://github.com/jieshu666)** — Giảm thiểu hiện tượng nhấp nháy màn hình khi vẽ lại giao diện TUI (#1563)
+- **[gordonlu](https://github.com/gordonlu)** — Sửa lỗi nhận dạng phím Enter / mã nhập CSI-u trên Windows (#1612)
+- **[mdrkrg](https://github.com/mdrkrg)** — Vá lỗi sập ứng dụng trong lần chạy đầu tiên khi thiếu khóa API (#1598)
+- **[Aitensa](https://github.com/Aitensa)** — Xử lý tự động xuống dòng CJK cho các khối diff và kết quả đầu ra trang giấy (#1622)
+- **[qiyan233](https://github.com/qiyan233)** — Đảm bảo tương thích với các bí danh cũ của nhà cung cấp DeepSeek Trung Quốc (#1645)
+- **[zlh124](https://github.com/zlh124)** — Báo cáo khởi động không đầu WSL2 và sửa lỗi khay nhớ tạm (#1772, #1773)
+- **[aboimpinto](https://github.com/aboimpinto)** — Sửa lỗi ghi nhật ký màn hình phụ trên Windows, hoàn thiện phím Home/End tại bộ soạn thảo và theo dõi log runtime (#1774, #1776, #1748, #1749, #1782, #1783)
+- **[LeoLin990405](https://github.com/LeoLin990405)** — Bổ sung cơ chế truyền thẳng mô hình qua provider, phát lại luồng suy nghĩ, tối ưu lượt chạy chỉ suy nghĩ, và sửa lỗi trích dẫn trên Windows (#1740, #1743, #1742, #1744)
+- **[nightt5879](https://github.com/nightt5879)** — Khắc phục lỗi khôi phục giao diện nhắc nhở khi bấm phím Ctrl+C (#1764)
+- **[donglovejava](https://github.com/donglovejava)** — Hợp nhất kéo thả dán tệp `@file`, vá lỗi sập chữ CJK, thu thập phản hồi người dùng, định tuyến RLM, và thử lại khi `edit_file` bị kẹt (#2154–#2168)
+- **[encyc](https://github.com/encyc)** — Hiển thị chi tiết số lượng token tiêu thụ ở chân trang và lệnh `/status` (#2152)
+- **[saieswar237](https://github.com/saieswar237)** — Bổ sung tài liệu hướng dẫn về quy trình review code (#2178)
+- **[sximelon](https://github.com/sximelon)** — Chặn sự kiện tự gửi tin khi dán văn bản và tách phân hệ quản lý phím bấm (#2174, #2042)
+- **[nanookclaw](https://github.com/nanookclaw)** — Bổ sung hiển thị nhà cung cấp tìm kiếm trong kết quả của lệnh doctor (#2135)
+- **[Sskift](https://github.com/Sskift)** — Ngăn chặn việc ghi đè biến môi trường mặc định trên CLI (#2119)
+- **[xin1104](https://github.com/xin1104)** — Tạo brew formula cài binary codewhale độc lập (#2105)
+- **[mrluanma](https://github.com/mrluanma)** — Bổ sung nhà cung cấp dịch vụ tìm kiếm Metaso (#2059)
+- **[Lellansin](https://github.com/Lellansin)** — Bỏ qua việc gộp cấu hình tại thư mục home người dùng (#2055)
+- **[zhuangbiaowei](https://github.com/zhuangbiaowei)** — Cập nhật các kênh phát hành chính thức của sản phẩm (#2145)
+
+---
+
+## Đóng góp cho dự án
+
+Xem tài liệu hướng dẫn đóng góp tại [CONTRIBUTING.md](CONTRIBUTING.md). Chúng tôi luôn hoan nghênh các yêu cầu kéo Pull Requests — vui lòng xem danh sách các [vấn đề mở (open issues)](https://github.com/Hmbown/CodeWhale/issues) để bắt đầu đóng góp những phần việc đầu tiên.
+
+Ủng hộ nhà phát triển: [Buy me a coffee](https://www.buymeacoffee.com/hmbown).
+
+> [!Note]
+> *Dự án này độc lập và không trực thuộc công ty DeepSeek Inc.*
+
+## Bản quyền
+
+[MIT](LICENSE)
+
+## Biểu đồ Star History
+
+[![Biểu đồ lịch sử sao](https://api.star-history.com/chart?repos=Hmbown/CodeWhale&type=date&legend=top-left)](https://www.star-history.com/?repos=Hmbown%2FCodeWhale&type=date&logscale=&legend=top-left)
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 68ce3fbd..c85f3456 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -4,6 +4,8 @@
 
 [English README](README.md)
 [日本語 README](README.ja-JP.md)
+[Tiếng Việt README](README.vi.md)
+
 
 ## 安装
 
diff --git a/crates/tui/src/commands/change.rs b/crates/tui/src/commands/change.rs
index e8448a48..e424ec9b 100644
--- a/crates/tui/src/commands/change.rs
+++ b/crates/tui/src/commands/change.rs
@@ -101,6 +101,7 @@ pub fn change(app: &mut App, version: Option<&str>) -> CommandResult {
             Locale::Ja => "Japanese (日本語)",
             Locale::PtBr => "Brazilian Portuguese (Português)",
             Locale::Es419 => "Latin American Spanish (Español latinoamericano)",
+            Locale::Vi => "Vietnamese (Tiếng Việt)",
             // Fallback — should never reach here since we check En above.
             Locale::En => "English",
         };
diff --git a/crates/tui/src/commands/config.rs b/crates/tui/src/commands/config.rs
index 36e300c1..b23a59e7 100644
--- a/crates/tui/src/commands/config.rs
+++ b/crates/tui/src/commands/config.rs
@@ -93,6 +93,7 @@ fn show_single_setting(app: &App, key: &str) -> CommandResult {
             crate::localization::Locale::Ja => "ja",
             crate::localization::Locale::PtBr => "pt-BR",
             crate::localization::Locale::Es419 => "es-419",
+            crate::localization::Locale::Vi => "vi",
         }
     }
     fn density_display(d: crate::tui::app::ComposerDensity) -> &'static str {
diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index e0c30cea..9e19481e 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -39,6 +39,7 @@ pub enum Locale {
     ZhHant,
     PtBr,
     Es419,
+    Vi,
 }
 
 impl Locale {
@@ -50,6 +51,7 @@ impl Locale {
             Self::ZhHant => "zh-Hant",
             Self::PtBr => "pt-BR",
             Self::Es419 => "es-419",
+            Self::Vi => "vi",
         }
     }
 
@@ -61,6 +63,7 @@ impl Locale {
             Self::ZhHant => "Traditional Chinese (繁體中文)",
             Self::PtBr => "Brazilian Portuguese (Português do Brasil)",
             Self::Es419 => "Latin American Spanish (Español latinoamericano)",
+            Self::Vi => "Vietnamese (Tiếng Việt)",
         }
     }
 
@@ -115,6 +118,14 @@ impl Locale {
                 fallback: "en",
                 coverage: LocaleCoverage::V076Core,
             },
+            Self::Vi => LocaleSpec {
+                tag: "vi",
+                display_name: "Vietnamese",
+                script: "Latin",
+                direction: TextDirection::Ltr,
+                fallback: "en",
+                coverage: LocaleCoverage::V076Core,
+            },
         }
     }
 
@@ -127,6 +138,7 @@ impl Locale {
             Self::ZhHant,
             Self::PtBr,
             Self::Es419,
+            Self::Vi,
         ]
     }
 }
@@ -165,14 +177,6 @@ pub const PLANNED_QA_LOCALES: &[LocaleSpec] = &[
         fallback: "en",
         coverage: LocaleCoverage::PlannedQa,
     },
-    LocaleSpec {
-        tag: "vi",
-        display_name: "Vietnamese",
-        script: "Latin",
-        direction: TextDirection::Ltr,
-        fallback: "en",
-        coverage: LocaleCoverage::PlannedQa,
-    },
     LocaleSpec {
         tag: "sw",
         display_name: "Swahili",
@@ -756,6 +760,7 @@ pub fn thinking_translation_placeholder(locale: Locale) -> &'static str {
         Locale::ZhHant => "正在思考，完成後翻譯為繁體中文...",
         Locale::PtBr => "Pensando; traduzindo ao concluir...",
         Locale::Es419 => "Pensando; traduciendo al finalizar...",
+        Locale::Vi => "Đang suy nghĩ; sẽ dịch sau khi hoàn thành...",
     }
 }
 
@@ -767,6 +772,7 @@ pub fn thinking_translation_in_progress(locale: Locale) -> &'static str {
         Locale::ZhHant => "正在翻譯思考內容...",
         Locale::PtBr => "Traduzindo o conteúdo de raciocínio...",
         Locale::Es419 => "Traduciendo el contenido de razonamiento...",
+        Locale::Vi => "Đang dịch nội dung suy nghĩ...",
     }
 }
 
@@ -778,6 +784,7 @@ pub fn thinking_translation_complete(locale: Locale) -> &'static str {
         Locale::ZhHant => "思考內容翻譯完成",
         Locale::PtBr => "Tradução do raciocínio concluída",
         Locale::Es419 => "Traducción del razonamiento completada",
+        Locale::Vi => "Đã dịch xong nội dung suy nghĩ",
     }
 }
 
@@ -789,6 +796,7 @@ pub fn thinking_translation_failed(locale: Locale) -> &'static str {
         Locale::ZhHant => "思考內容翻譯失敗",
         Locale::PtBr => "Falha ao traduzir o raciocínio",
         Locale::Es419 => "Falló la traducción del razonamiento",
+        Locale::Vi => "Dịch nội dung suy nghĩ thất bại",
     }
 }
 
@@ -800,6 +808,7 @@ pub fn hidden_translation_failed(locale: Locale) -> &'static str {
         Locale::ZhHant => "翻譯失敗，原文已隱藏。",
         Locale::PtBr => "A tradução falhou; o texto original está oculto.",
         Locale::Es419 => "La traducción falló; el texto original está oculto.",
+        Locale::Vi => "Dịch thất bại; văn bản gốc đã bị ẩn.",
     }
 }
 
@@ -909,6 +918,9 @@ fn parse_locale(value: &str) -> Option<Locale> {
     if value.starts_with("es") {
         return Some(Locale::Es419);
     }
+    if value.starts_with("vi") {
+        return Some(Locale::Vi);
+    }
     None
 }
 
@@ -1307,9 +1319,364 @@ fn translation(locale: Locale, id: MessageId) -> Option<&'static str> {
         Locale::ZhHant => traditional_chinese(id),
         Locale::PtBr => portuguese_brazil(id),
         Locale::Es419 => spanish_latin_america(id),
+        Locale::Vi => vietnamese(id),
     }
 }
 
+fn vietnamese(id: MessageId) -> Option<&'static str> {
+    Some(match id {
+        MessageId::ComposerPlaceholder => "Nhập nhiệm vụ hoặc sử dụng /.",
+        MessageId::HistorySearchPlaceholder => "Tìm kiếm lịch sử câu lệnh...",
+        MessageId::HistorySearchTitle => "Tìm kiếm lịch sử",
+        MessageId::HistoryHintMove => "Lên/Xuống để di chuyển",
+        MessageId::HistoryHintAccept => "Enter để chấp nhận",
+        MessageId::HistoryHintRestore => "Esc để khôi phục",
+        MessageId::HistoryNoMatches => "  Không tìm thấy kết quả",
+        MessageId::ConfigTitle => "Cấu hình phiên làm việc",
+        MessageId::ConfigModalTitle => " Cấu hình ",
+        MessageId::ConfigSearchPlaceholder => "Nhập để lọc kết quả",
+        MessageId::ConfigNoSettings => "  Không có cài đặt nào khả dụng.",
+        MessageId::ConfigNoMatchesPrefix => "  Không có cài đặt nào khớp với ",
+        MessageId::ConfigFilteredSettings => "  Cài đặt đã lọc",
+        MessageId::ConfigShowing => "  Đang hiển thị",
+        MessageId::ConfigFooterDefault => {
+            " gõ=lọc, Lên/Xuống=chọn, Enter/e=sửa, Esc/q=đóng "
+        }
+        MessageId::ConfigFooterScrollable => {
+            " gõ=lọc, Lên/Xuống=chọn, Enter/e=sửa, PgUp/PgDn=cuộn, Esc/q=đóng "
+        }
+        MessageId::ConfigFooterFiltered => {
+            " gõ=lọc, Backspace=xóa, Ctrl+U/Esc=xóa sạch, Enter=sửa "
+        }
+        MessageId::HelpTitle => "Trợ giúp",
+        MessageId::HelpFilterPlaceholder => "Nhập để lọc",
+        MessageId::HelpFilterPrefix => "Bộ lọc: ",
+        MessageId::HelpNoMatches => "  Không tìm thấy kết quả.",
+        MessageId::HelpSlashCommands => "Các lệnh bắt đầu bằng dấu gạch chéo (/)",
+        MessageId::HelpKeybindings => "Phím tắt",
+        MessageId::HelpFooterTypeFilter => " nhập để lọc ",
+        MessageId::HelpFooterMove => "  Lên/Xuống để di chuyển ",
+        MessageId::HelpFooterJump => " PgUp/PgDn để nhảy trang ",
+        MessageId::HelpFooterClose => " Esc để đóng ",
+        MessageId::CmdAnchorDescription => {
+            "Ghim một dữ kiện không bị ảnh hưởng khi nén (tự động đưa vào ngữ cảnh)"
+        }
+        MessageId::CmdAttachDescription => {
+            "Đính kèm hình ảnh/video; sử dụng @path cho tệp văn bản hoặc thư mục"
+        }
+        MessageId::CmdCacheDescription => {
+            "Hiển thị thống kê hit/miss của bộ nhớ đệm tiền tố DeepSeek trong N lượt gần nhất"
+        }
+        MessageId::CmdChangeDescription => "Hiển thị thông tin nhật ký thay đổi mới nhất",
+        MessageId::CmdChangeHeader => "Nhật Ký Thay Đổi Mới Nhất",
+        MessageId::CmdChangeTranslationQueued => {
+            "Ghi chú phát hành bằng tiếng Anh hiển thị bên dưới. Bản dịch sẽ được yêu cầu tiếp theo; nếu nhà cung cấp không khả dụng, văn bản tiếng Anh này sẽ được dùng làm dự phòng."
+        }
+        MessageId::CmdChangeTranslationUnavailable => {
+            "Ghi chú phát hành bằng tiếng Anh hiển thị bên dưới. Bản dịch không khả dụng vì phiên hiện tại không có mã khóa API hoặc đang ngoại tuyến."
+        }
+        MessageId::CmdChangePreviousVersion => {
+            "Phiên bản trước: {version} — chạy `/change {version}` để xem"
+        }
+        MessageId::CmdBalanceDescription => "Kiểm tra số dư tài khoản của nhà cung cấp dịch vụ đang hoạt động",
+        MessageId::CmdClearDescription => "Xóa lịch sử trò chuyện",
+        MessageId::CmdCompactDescription => {
+            "Kích hoạt nén ngữ cảnh để giải phóng không gian (cũ; v0.6.6 ưu tiên khởi động lại chu kỳ)"
+        }
+        MessageId::CmdConfigDescription => "Mở trình chỉnh sửa cấu hình tương tác",
+        MessageId::CmdContextDescription => "Mở trình kiểm tra ngữ cảnh phiên thu gọn",
+        MessageId::CmdCostDescription => "Hiển thị chi tiết chi phí của phiên làm việc",
+        MessageId::CmdCycleDescription => "Hiển thị báo cáo chuyển tiếp cho một chu kỳ cụ thể",
+        MessageId::CmdCyclesDescription => "Liệt kê các lần bàn giao chu kỳ checkpoint-restart trong phiên này",
+        MessageId::CmdDiffDescription => "Hiển thị các thay đổi của tệp kể từ khi bắt đầu phiên",
+        MessageId::CmdEditDescription => "Chỉnh sửa và gửi lại tin nhắn gần nhất",
+        MessageId::CmdExitDescription => "Thoát ứng dụng",
+        MessageId::CmdExportDescription => "Xuất cuộc trò chuyện sang định dạng Markdown",
+        MessageId::CmdFeedbackDescription => "Tạo một URL để gửi phản hồi trên GitHub",
+        MessageId::CmdHelpDescription => "Hiển thị thông tin trợ giúp",
+        MessageId::CmdHomeDescription => "Hiển thị bảng điều khiển trang chủ với số liệu thống kê và hành động nhanh",
+        MessageId::CmdHooksDescription => "Liệt kê các lifecycle hook đã cấu hình (chỉ đọc)",
+        MessageId::CmdAgentDescription => {
+            "Mở một phiên sub-agent nền: /agent [0-3] <nhiệm_vụ>"
+        }
+        MessageId::CmdGoalDescription => "Đặt mục tiêu cho phiên với giới hạn token tùy chọn",
+        MessageId::CmdInitDescription => "Tạo tệp AGENTS.md cho dự án",
+        MessageId::CmdLspDescription => "Bật hoặc tắt tính năng chẩn đoán LSP",
+        MessageId::CmdShareDescription => "Xuất phiên hiện tại thành một liên kết web có thể chia sẻ",
+        MessageId::CmdJobsDescription => "Kiểm tra và kiểm soát các lệnh chạy ngầm",
+        MessageId::CmdLinksDescription => "Hiển thị các liên kết đến bảng điều khiển và tài liệu của DeepSeek",
+        MessageId::CmdLoadDescription => "Tải phiên làm việc từ tệp",
+        MessageId::CmdLogoutDescription => "Xóa khóa API và quay lại bước thiết lập",
+        MessageId::CmdMcpDescription => "Mở hoặc quản lý các máy chủ MCP",
+        MessageId::CmdMemoryDescription => "Kiểm tra hoặc quản lý tệp bộ nhớ người dùng liên tục",
+        MessageId::CmdModeDescription => {
+            "Chuyển đổi chế độ hoặc mở bảng chọn: /mode [agent|plan|yolo|1|2|3]"
+        }
+        MessageId::CmdModelDescription => "Chuyển đổi hoặc xem mô hình AI hiện tại",
+        MessageId::CmdModelsDescription => "Liệt kê các mô hình khả dụng từ API",
+        MessageId::CmdNetworkDescription => "Quản lý các quy tắc cho phép và từ chối mạng",
+        MessageId::CmdNoteDescription => "Thêm, liệt kê, sửa hoặc xóa ghi chú trong không gian làm việc",
+        MessageId::CmdThemeDescription => "Chuyển đổi giao diện hoặc mở bảng chọn giao diện",
+        MessageId::CmdProviderDescription => {
+            "Chuyển đổi hoặc xem backend LLM đang hoạt động (codewhale | nvidia-nim | ollama)"
+        }
+        MessageId::CmdQueueDescription => "Xem hoặc chỉnh sửa các tin nhắn đang chờ xử lý",
+        MessageId::CmdRecallDescription => "Tìm kiếm kho lưu trữ chu kỳ trước (BM25 trên văn bản tin nhắn)",
+        MessageId::CmdRelayDescription => "Tạo một phiên tiếp sức (接力) cho một luồng mới",
+        MessageId::CmdRenameDescription => "Đổi tên phiên làm việc hiện tại",
+        MessageId::CmdRestoreDescription => {
+            "Khôi phục không gian làm việc về bản chụp trước/sau lượt. Nếu không có đối số, hiển thị các bản chụp gần đây."
+        }
+        MessageId::CmdRetryDescription => "Thử lại yêu cầu gần nhất",
+        MessageId::CmdReviewDescription => "Chạy một quy trình xem xét mã nguồn có cấu trúc trên tệp, diff hoặc PR",
+        MessageId::CmdRlmDescription => "Mở một ngữ cảnh RLM liên tục: /rlm [0-3] <tệp_hoặc_văn_bản>",
+        MessageId::CmdSaveDescription => "Lưu phiên làm việc vào tệp",
+        MessageId::CmdForkDescription => "Rẽ nhánh (fork) cuộc hội thoại hiện tại thành một phiên song song",
+        MessageId::CmdNewDescription => "Bắt đầu một phiên lưu mới",
+        MessageId::CmdSessionsDescription => "Mở bảng chọn lịch sử phiên làm việc",
+        MessageId::CmdSettingsDescription => "Hiển thị các cài đặt liên tục",
+        MessageId::CmdSkillDescription => {
+            "Kích hoạt một kỹ năng, hoặc cài đặt/cập nhật/gỡ bỏ/tin cậy một kỹ năng cộng đồng"
+        }
+        MessageId::CmdSkillsDescription => {
+            "Liệt kê các kỹ năng cục bộ (lọc bằng `/skills <tiền_tố>`; --remote để duyệt kho lưu trữ được kiểm duyệt)"
+        }
+        MessageId::CmdStashDescription => {
+            "Tạm cất hoặc khôi phục bản nháp (Ctrl+S để cất, /stash list/pop để xem/lấy ra)"
+        }
+        MessageId::CmdStatusDescription => "Hiển thị trạng thái thời gian chạy của phiên",
+        MessageId::CmdStatuslineDescription => "Cấu hình các mục hiển thị ở thanh trạng thái dưới cùng",
+        MessageId::CmdSubagentsDescription => "Liệt kê trạng thái của các sub-agent",
+        MessageId::CmdSwarmDescription => {
+            "Khởi chạy chế độ đa agent (sequential | mixture | distill | deliberate)"
+        }
+        MessageId::CmdSystemDescription => "Hiển thị prompt hệ thống hiện tại",
+        MessageId::CmdTaskDescription => "Quản lý các nhiệm vụ chạy ngầm",
+        MessageId::CmdTokensDescription => "Hiển thị lượng token đã sử dụng cho phiên",
+        MessageId::CmdTranslateDescription => "Bật/Tắt chế độ dịch đầu ra sang ngôn ngữ hệ thống hiện tại",
+        MessageId::CmdTranslateOff => "Đã tắt chế độ dịch đầu ra (hiển thị câu trả lời gốc của mô hình)",
+        MessageId::CmdTranslateOn => {
+            "Đã bật chế độ dịch đầu ra: câu trả lời của mô hình sẽ được hiển thị bằng tiếng Việt"
+        }
+        MessageId::TranslationInProgress => "Đang dịch câu trả lời của trợ lý...",
+        MessageId::TranslationComplete => "Đã dịch xong",
+        MessageId::TranslationFailed => "Dịch thất bại",
+        MessageId::CmdTrustDescription => {
+            "Quản lý quyền tin cậy không gian làm việc và danh sách trắng theo đường dẫn (`/trust add <path>`, `/trust list`, `/trust on|off`)"
+        }
+        MessageId::CmdWorkspaceDescription => "Hiển thị hoặc chuyển đổi không gian làm việc hiện tại",
+        MessageId::CmdUndoDescription => "Xóa cặp tin nhắn gần nhất",
+        MessageId::CmdVerboseDescription => "Bật/Tắt chế độ hiển thị đầy đủ quá trình suy nghĩ trực tiếp",
+        MessageId::CmdCacheAdvice => {
+            "Tỷ lệ hit/miss trên ~70% sau lượt thứ ba cho thấy tiền tố bộ nhớ đệm ổn định; \nthấp hơn mức đó trong các phiên dài cho thấy có sự biến động tiền tố cần kiểm tra (#263)."
+        }
+        MessageId::CmdCacheFootnote => {
+            "* miss được suy ra từ đầu vào − hit khi nhà cung cấp không báo cáo rõ ràng.\n"
+        }
+        MessageId::CmdCacheHeader => {
+            "Thông tin cache — {count} lượt gần nhất trong tổng số {total} lượt (mô hình: {model})\n"
+        }
+        MessageId::CmdCacheNoData => {
+            "Lịch sử bộ nhớ đệm: chưa có lượt nào được ghi nhận.\n\n\
+             DeepSeek cung cấp `prompt_cache_hit_tokens` / `prompt_cache_miss_tokens` \
+             trên mỗi lượt API mà mô hình hỗ trợ (dòng V4). Hãy chạy một lượt \
+             và thử lại lệnh /cache."
+        }
+        MessageId::CmdCacheTotals => {
+            "Σ vào: {sum_in}   Σ hit: {sum_hit}   Σ miss: {sum_miss}   tỷ lệ hit trung bình: {avg}\n"
+        }
+        MessageId::CmdCostReport => {
+            "Chi Phí Phiên Làm Việc:\n\
+             ─────────────────────────────\n\
+             Tổng chi tiêu ước tính: {cost}\n\n\
+             Các ước tính chi phí mang tính xấp xỉ và sử dụng dữ liệu viễn trắc từ nhà cung cấp nếu có.\n\n\
+             Bảng Giá API DeepSeek:\n\
+             ─────────────────────────────\n\
+             Thông tin chi tiết về giá chưa được cấu hình trong CLI này."
+        }
+        MessageId::CmdTokensCacheBoth => "{hit} hit / {miss} miss",
+        MessageId::CmdTokensCacheHitOnly => "{hit} hit / không báo cáo miss",
+        MessageId::CmdTokensCacheMissOnly => "không báo cáo hit / {miss} miss",
+        MessageId::CmdTokensContextUnknownWindow => "~{estimated} / không rõ cửa sổ ngữ cảnh",
+        MessageId::CmdTokensContextWithWindow => "~{used} / {window} ({percent}%)",
+        MessageId::FooterAgentSingular => "1 tác nhân",
+        MessageId::FooterAgentsPlural => "{count} tác nhân",
+        MessageId::FooterPressCtrlCAgain => "Nhấn Ctrl+C một lần nữa để thoát",
+        MessageId::FooterWorking => "đang xử lý",
+        MessageId::HelpSectionActions => "Hành động",
+        MessageId::HelpSectionClipboard => "Bộ nhớ tạm",
+        MessageId::HelpSectionEditing => "Chỉnh sửa đầu vào",
+        MessageId::HelpSectionHelp => "Trợ giúp",
+        MessageId::HelpSectionModes => "Chế độ",
+        MessageId::HelpSectionNavigation => "Điều hướng",
+        MessageId::HelpSectionSessions => "Phiên",
+        MessageId::CmdTokensNotReported => "không được báo cáo",
+        MessageId::CmdTokensReport => {
+            "Lượng Token Sử Dụng:\n\
+             ─────────────────────────────\n\
+             Ngữ cảnh hoạt động:        {active}\n\
+             Đầu vào API gần nhất:       {input} (viễn trắc theo lượt; có thể đếm lặp lại tiền tố qua các vòng công cụ)\n\
+             Đầu ra API gần nhất:       {output}\n\
+             Hit/miss bộ nhớ đệm:        {cache} (chỉ dành cho viễn trắc/chi phí)\n\
+             Token tích lũy:             {total} (dữ liệu viễn trắc sử dụng của phiên)\n\
+             Chi phí phiên xấp xỉ:       {cost}\n\
+             Tin nhắn API:               {api_messages}\n\
+             Tin nhắn trò chuyện:        {chat_messages}\n\
+             Mô hình:                    {model}"
+        }
+        MessageId::KbScrollTranscript => {
+            "Cuộn bản ghi trò chuyện, điều hướng lịch sử nhập hoặc chọn tệp đính kèm"
+        }
+        MessageId::KbNavigateHistory => "Điều hướng lịch sử nhập",
+        MessageId::KbBrowseHistory => "Duyệt lịch sử cuộc trò chuyện",
+        MessageId::KbScrollTranscriptAlt => "Cuộn bản ghi trò chuyện",
+        MessageId::KbScrollPage => "Cuộn bản ghi trò chuyện theo trang",
+        MessageId::KbJumpTopBottom => "Nhảy lên đầu / xuống cuối bản ghi trò chuyện",
+        MessageId::KbJumpTopBottomEmpty => "Nhảy lên đầu / xuống cuối (khi khung nhập trống)",
+        MessageId::KbJumpToolBlocks => "Nhảy giữa các khối đầu ra của công cụ",
+        MessageId::KbMoveCursor => "Di chuyển con trỏ trong khung soạn thảo",
+        MessageId::KbJumpLineStartEnd => "Nhảy về đầu / cuối dòng",
+        MessageId::KbDeleteChar => {
+            "Xóa ký tự trước / sau con trỏ, hoặc xóa tệp đính kèm đã chọn"
+        }
+        MessageId::KbClearDraft => "Xóa bản nháp hiện tại",
+        MessageId::KbStashDraft => "Tạm cất bản nháp hiện tại (dùng `/stash pop` để khôi phục)",
+        MessageId::KbSearchHistory => "Tìm kiếm lịch sử câu lệnh và khôi phục các bản nháp cục bộ",
+        MessageId::KbInsertNewline => "Chèn một dòng mới trong khung soạn thảo",
+        MessageId::KbSendDraft => "Gửi bản nháp hiện tại",
+        MessageId::KbCloseMenu => "Đóng menu, hủy yêu cầu, hủy bản nháp hoặc xóa sạch đầu vào",
+        MessageId::KbCancelOrExit => "Hủy yêu cầu, hoặc thoát khi rảnh",
+        MessageId::KbShellControls => "Mở các điều khiển shell cho một lệnh đang chạy ở tiền cảnh",
+        MessageId::KbExitEmpty => "Thoát khi khung nhập trống",
+        MessageId::KbCommandPalette => "Mở bảng lệnh (command palette)",
+        MessageId::KbFuzzyFilePicker => "Mở trình tìm file nhanh (fuzzy) (chèn @path khi nhấn Enter)",
+        MessageId::KbCompactInspector => "Mở trình kiểm tra ngữ cảnh phiên thu gọn",
+        MessageId::KbLastMessagePager => "Mở trang xem cho tin nhắn cuối cùng (khi khung nhập trống)",
+        MessageId::KbSelectedDetails => {
+            "Mở chi tiết cho công cụ hoặc tin nhắn được chọn (khi khung nhập trống)"
+        }
+        MessageId::KbToolDetailsPager => "Mở trang xem chi tiết công cụ",
+        MessageId::KbThinkingPager => "Mở Chi Tiết Hoạt Động (Activity Detail)",
+        MessageId::KbLiveTranscript => "Mở lớp phủ bản ghi trực tiếp (tự động cuộn theo đuôi)",
+        MessageId::KbBacktrackMessage => {
+            "Quay lại tin nhắn trước đó của người dùng (nhấn Trái/Phải để chuyển bước, Enter để lùi lại)"
+        }
+        MessageId::KbCompleteCycleModes => {
+            "Hoàn thành /command, xếp hàng theo dõi lượt đang chạy, chuyển đổi chế độ; Shift+Tab để chuyển đổi mức độ suy luận"
+        }
+        MessageId::KbJumpPlanAgentYolo => "Nhảy trực tiếp sang chế độ Plan / Agent / YOLO",
+        MessageId::KbAltJumpPlanAgentYolo => "Phím tắt thay thế để nhảy sang chế độ Plan / Agent / YOLO",
+        MessageId::KbFocusSidebar => {
+            "Focus vào thanh bên Work / Tasks / Agents / Context / Auto; Ctrl+Alt+0 để ẩn"
+        }
+        MessageId::KbTogglePlanAgent => "Chuyển đổi giữa chế độ Plan và Agent",
+        MessageId::KbSessionPicker => "Mở bảng chọn phiên làm việc",
+        MessageId::KbPasteAttach => "Dán văn bản hoặc đính kèm hình ảnh từ bộ nhớ tạm",
+        MessageId::KbCopySelection => "Sao chép vùng chọn hiện tại (Cmd+C trên macOS)",
+        MessageId::KbContextMenu => {
+            "Mở các hành động ngữ cảnh cho dán, vùng chọn, chi tiết tin nhắn, ngữ cảnh và trợ giúp"
+        }
+        MessageId::KbAttachPath => "Thêm một tệp văn bản cục bộ hoặc thư mục vào ngữ cảnh",
+        MessageId::KbHelpOverlay => "Mở lớp phủ trợ giúp này (khi khung nhập trống)",
+        MessageId::KbToggleHelp => "Bật/Tắt lớp phủ trợ giúp",
+        MessageId::KbToggleHelpSlash => "Bật/Tắt lớp phủ trợ giúp",
+        MessageId::HelpUsageLabel => "Sử dụng:",
+        MessageId::HelpAliasesLabel => "Bí danh:",
+        MessageId::SettingsTitle => "Cài đặt:",
+        MessageId::SettingsConfigFile => "Tệp cấu hình:",
+        MessageId::ClearConversation => "Đã xóa cuộc trò chuyện",
+        MessageId::ClearConversationBusy => {
+            "Đã xóa cuộc trò chuyện (trạng thái plan đang bận; chạy lại /clear nếu cần)"
+        }
+        MessageId::ModelChanged => "Đã thay đổi mô hình: {old} \u{2192} {new}",
+        MessageId::LinksTitle => "Liên kết DeepSeek:",
+        MessageId::LinksDashboard => "Bảng điều khiển:",
+        MessageId::LinksDocs => "Tài liệu:",
+        MessageId::LinksTip => "Mẹo: Mã khóa API có sẵn trong bảng điều khiển console.",
+        MessageId::SubagentsFetching => "Đang lấy trạng thái của các sub-agent...",
+        MessageId::HelpUnknownCommand => "Lệnh không xác định: {topic}",
+        MessageId::HomeDashboardTitle => "Bảng Điều Khiển Trang Chủ codewhale",
+        MessageId::HomeModel => "Mô hình:",
+        MessageId::HomeMode => "Chế độ:",
+        MessageId::HomeWorkspace => "Không gian làm việc:",
+        MessageId::HomeHistory => "Lịch sử:",
+        MessageId::HomeTokens => "Token:",
+        MessageId::HomeQueued => "Trong hàng đợi:",
+        MessageId::HomeSubagents => "Sub-agent:",
+        MessageId::HomeSkill => "Kỹ năng:",
+        MessageId::HomeQuickActions => "Hành động nhanh",
+        MessageId::HomeQuickLinks => "/links      - Các liên kết đến Dashboard & API",
+        MessageId::HomeQuickSkills => "/skills     - Liệt kê các kỹ năng khả dụng",
+        MessageId::HomeQuickConfig => "/config     - Mở trình chỉnh sửa cấu hình tương tác",
+        MessageId::HomeQuickSettings => "/settings    - Hiển thị các cài đặt liên tục",
+        MessageId::HomeQuickModel => "/model       - Xem hoặc chuyển đổi mô hình",
+        MessageId::HomeQuickSubagents => "/subagents   - Liệt kê trạng thái sub-agent",
+        MessageId::HomeQuickTaskList => "/task list   - Hiển thị hàng đợi nhiệm vụ ngầm",
+        MessageId::HomeQuickHelp => "/help        - Hiển thị trợ giúp",
+        MessageId::HomeModeTips => "Mẹo về Chế độ",
+        MessageId::HomeAgentModeTip => "Chế độ Agent - Sử dụng công cụ cho các nhiệm vụ tự chủ",
+        MessageId::HomeAgentModeReviewTip => "  Sử dụng Ctrl+X để xem xét ở chế độ Plan trước khi thực thi",
+        MessageId::HomeAgentModeYoloTip => "  Nhập /mode yolo để bật toàn quyền truy cập công cụ",
+        MessageId::HomeYoloModeTip => "Chế độ YOLO - Toàn quyền truy cập công cụ, không cần phê duyệt",
+        MessageId::HomeYoloModeCaution => "  Hãy cẩn thận với các thao tác mang tính phá hủy!",
+        MessageId::HomePlanModeTip => "Chế độ Plan - Thiết kế trước khi triển khai",
+        MessageId::HomePlanModeChecklistTip => "  Sử dụng /mode plan để tạo danh sách kiểm tra có cấu trúc",
+        MessageId::HomeGoalModeTip => "Theo dõi mục tiêu - Dùng /goal <mục_tiêu> để đặt mục tiêu làm việc",
+        // Onboarding — language picker.
+        MessageId::OnboardLanguageTitle => "Chọn ngôn ngữ của bạn",
+        MessageId::OnboardLanguageBlurb => {
+            "Chọn ngôn ngữ hiển thị. Bạn có thể thay đổi bất kỳ lúc nào bằng lệnh `/settings set locale <tag>`."
+        }
+        MessageId::OnboardLanguageFooter => {
+            "Nhấn phím từ 1-6 để chọn, hoặc Enter để giữ cài đặt hiện tại"
+        }
+        // Onboarding — API key entry.
+        MessageId::OnboardApiKeyTitle => "Kết nối khóa API DeepSeek của bạn",
+        MessageId::OnboardApiKeyStep1 => {
+            "Bước 1. Truy cập https://platform.deepseek.com/api_keys và tạo một khóa."
+        }
+        MessageId::OnboardApiKeyStep2 => "Bước 2. Dán khóa vào bên dưới và nhấn Enter.",
+        MessageId::OnboardApiKeySavedHint => {
+            "Được lưu vào ~/.deepseek/config.toml để có thể hoạt động từ mọi thư mục."
+        }
+        MessageId::OnboardApiKeyFormatHint => {
+            "Dán chính xác toàn bộ khóa (không chứa khoảng trắng hoặc xuống dòng)."
+        }
+        MessageId::OnboardApiKeyPlaceholder => "(dán khóa vào đây)",
+        MessageId::OnboardApiKeyLabel => "Khóa: ",
+        MessageId::OnboardApiKeyFooter => "Nhấn Enter để lưu, Esc để quay lại.",
+        // Onboarding — workspace trust.
+        MessageId::OnboardTrustTitle => "Tin cậy không gian làm việc",
+        MessageId::OnboardTrustQuestion => "Bạn có tin cậy nội dung của thư mục này không?",
+        MessageId::OnboardTrustLocationPrefix => "Bạn đang ở ",
+        MessageId::OnboardTrustRiskHint => {
+            "Làm việc với các nội dung không tin cậy sẽ tăng nguy cơ bị tấn công prompt injection."
+        }
+        MessageId::OnboardTrustEffectHint => {
+            "Tin cậy thư mục này sẽ lưu lại vào cấu hình toàn cục và bật chế độ không gian làm việc tin cậy."
+        }
+        MessageId::OnboardTrustFooterPrefix => "Nhấn ",
+        MessageId::OnboardTrustFooterMiddle => " để tin cậy và tiếp tục, ",
+        MessageId::OnboardTrustFooterSuffix => " để thoát",
+        // Onboarding — final tips.
+        MessageId::OnboardTipsTitle => "Bắt đầu đơn giản",
+        MessageId::OnboardTipsLine1 => {
+            "Viết nhiệm vụ bằng ngôn ngữ tự nhiên. Sử dụng /help hoặc Ctrl+K khi bạn muốn dùng lệnh."
+        }
+        MessageId::OnboardTipsLine2 => {
+            "Khung nhập văn bản bên dưới hỗ trợ viết nhiều dòng: Enter để gửi, Alt+Enter hoặc Ctrl+J để xuống dòng."
+        }
+        MessageId::OnboardTipsLine3 => {
+            "Chỉ chuyển đổi chế độ khi tính chất công việc thay đổi: Plan để lập kế hoạch trước khi làm, Agent để tự động thực hiện, YOLO khi bạn muốn tự động phê duyệt."
+        }
+        MessageId::OnboardTipsLine4 => {
+            "Ctrl+R để khôi phục lại các phiên làm việc trước đó, và Esc để thoát khỏi bản nháp hoặc lớp phủ hiện tại."
+        }
+        MessageId::OnboardTipsFooterEnter => "Nhấn Enter",
+        MessageId::OnboardTipsFooterAction => " để mở không gian làm việc",
+    })
+}
+
 fn traditional_chinese(id: MessageId) -> Option<&'static str> {
     Some(match id {
         MessageId::CmdRelayDescription => "為新執行緒建立會話接力摘要",
diff --git a/crates/tui/src/prompts.rs b/crates/tui/src/prompts.rs
index 3a9f1839..3ccb99e6 100644
--- a/crates/tui/src/prompts.rs
+++ b/crates/tui/src/prompts.rs
@@ -106,6 +106,8 @@ fn translation_target_language_for_tag(locale_tag: &str) -> &'static str {
         "Simplified Chinese (简体中文)"
     } else if normalized.starts_with("pt") {
         "Brazilian Portuguese (Português do Brasil)"
+    } else if normalized.starts_with("vi") {
+        "Vietnamese (Tiếng Việt)"
     } else {
         "English"
     }
@@ -343,6 +345,7 @@ pub(crate) fn locale_reinforcement_preamble(locale_tag: &str) -> Option<&'static
         "zh-Hans" | "zh-CN" | "zh" => Some(LOCALE_PREAMBLE_ZH_HANS),
         "ja" | "ja-JP" => Some(LOCALE_PREAMBLE_JA),
         "pt-BR" | "pt" => Some(LOCALE_PREAMBLE_PT_BR),
+        "vi" | "vi-VN" => Some(LOCALE_PREAMBLE_VI),
         _ => None,
     }
 }
@@ -368,6 +371,7 @@ pub(crate) fn locale_reinforcement_closer(locale_tag: &str) -> Option<&'static s
         "zh-Hans" | "zh-CN" | "zh" => Some(LOCALE_CLOSER_ZH_HANS),
         "ja" | "ja-JP" => Some(LOCALE_CLOSER_JA),
         "pt-BR" | "pt" => Some(LOCALE_CLOSER_PT_BR),
+        "vi" | "vi-VN" => Some(LOCALE_CLOSER_VI),
         _ => None,
     }
 }
@@ -435,6 +439,24 @@ idioma. A menos que o usuário peça explicitamente a troca (por exemplo, \
 \"think in English\"), continue pensando e respondendo em português do \
 Brasil.";
 
+const LOCALE_PREAMBLE_VI: &str = "## Yêu cầu ngôn ngữ\n\n\
+Bạn đang chạy trong codewhale. Cho dù ngữ cảnh tác vụ (mã nguồn, nhật ký lỗi, tên tệp) \
+là tiếng Anh, cho dù phần còn lại của system prompt là tiếng Anh, bạn đều phải sử dụng \
+tiếng Việt cho phần `reasoning_content` (suy nghĩ nội bộ) và câu trả lời cuối cùng. Các từ \
+mã nguồn, đường dẫn tệp, tên công cụ (ví dụ `read_file`, `exec_shell`), biến môi trường, \
+tham số dòng lệnh và URL giữ nguyên dạng gốc —— chỉ các văn bản giải thích bằng ngôn ngữ \
+tự nhiên mới được chuyển sang tiếng Việt.\n\n\
+Nếu người dùng chuyển sang ngôn ngữ khác trong phiên làm việc, hãy chuyển theo từ lượt tiếp theo. \
+Nếu người dùng yêu cầu rõ ràng (ví dụ \"think in English\"), hãy ghi đè quy tắc này.";
+
+const LOCALE_CLOSER_VI: &str = "## Nhắc nhở ngôn ngữ một lần nữa\n\n\
+**Quan trọng: phần `reasoning_content` (suy nghĩ nội bộ) và phản hồi cuối cùng của bạn phải được viết bằng tiếng Việt.** \
+Dù bạn có đọc bao nhiêu mã nguồn tiếng Anh, nhật ký lỗi hay tài liệu trong phiên làm việc này, và dù ngữ cảnh \
+dự án có là tiếng Anh, quá trình suy nghĩ của bạn cũng không được chuyển sang tiếng Anh. Đây là yêu cầu cứng \
+ở cấp phiên làm việc —— ngôn ngữ của người dùng quyết định ngôn ngữ của bạn, không phụ thuộc vào nội dung tiếng Anh \
+tích lũy trong ngữ cảnh. Trừ khi người dùng yêu cầu rõ ràng việc chuyển đổi (ví dụ \"think in English\"), \
+hãy tiếp tục suy nghĩ và trả lời bằng tiếng Việt.";
+
 /// Personality overlays — voice and tone.
 pub const CALM_PERSONALITY: &str = include_str!("prompts/personalities/calm.md");
 pub const PLAYFUL_PERSONALITY: &str = include_str!("prompts/personalities/playful.md");
diff --git a/docs/LOCALIZATION.md b/docs/LOCALIZATION.md
index 0182055c..b16b433d 100644
--- a/docs/LOCALIZATION.md
+++ b/docs/LOCALIZATION.md
@@ -23,6 +23,8 @@ These locales are supported by `locale` in `settings.toml` and by `LANG` / `LC_A
 | `ja` | Japanese | Jpan | LTR | `en` | v0.7.6 must-have | Core TUI chrome | Covers composer placeholder/history search, help chrome, and `/config` chrome. |
 | `zh-Hans` | Chinese Simplified | Hans | LTR | `en` | v0.7.6 must-have | Core TUI chrome | `zh`, `zh-CN`, and `zh-Hans` resolve here. Traditional Chinese is not shipped. |
 | `pt-BR` | Portuguese (Brazil) | Latin | LTR | `en` | v0.7.6 must-have | Core TUI chrome | `pt` and `pt-PT` currently fall back to Brazilian Portuguese; European Portuguese is not separately shipped. |
+| `es-419` | Spanish (Latin America) | Latin | LTR | `en` | v0.7.6 must-have | Core TUI chrome | `es` and regional variants resolve here. |
+| `vi` | Vietnamese | Latin | LTR | `en` | v0.7.6 must-have | Core TUI chrome | Fully translated UI chrome, automated width tested. |
 
 Selection:
 
@@ -31,6 +33,8 @@ locale = "auto"     # default; checks LC_ALL, LC_MESSAGES, then LANG
 locale = "ja"
 locale = "zh-Hans"
 locale = "pt-BR"
+locale = "es-419"
+locale = "vi"
 ```
 
 Fallback:
@@ -52,12 +56,10 @@ These are not claimed as shipped translations in v0.7.6 unless a later change ad
 | `hi` | Hindi | Deva | LTR | Follow-up | Planned | `en` | Automated renderer sample only; native review preferred before shipping | Combining marks, cursor width, truncation |
 | `bn` | Bengali | Beng | LTR | Follow-up | Planned | `en` | Matrix only; native review required before shipping | Combining marks, line wrapping |
 | `id` | Indonesian | Latin | LTR | Follow-up | Planned | `en` | Matrix only; automated narrow-width snapshots and reviewer pass required | Longer labels than English |
-| `vi` | Vietnamese | Latin | LTR | Follow-up | Planned | `en` | Matrix only; automated width snapshots and reviewer pass required | Diacritics and wrapped labels |
 | `sw` | Swahili | Latin | LTR | Follow-up | Planned | `en` | Matrix only; native or fluent review required before shipping | Translation quality, longer command descriptions |
 | `ha` | Hausa | Latin | LTR | Follow-up | Planned | `en` | Matrix only; native or fluent review required before shipping | Diacritics and terminology |
 | `yo` | Yoruba | Latin | LTR | Follow-up | Planned | `en` | Matrix only; native or fluent review required before shipping | Tone marks and terminology |
 | `fil` | Filipino/Tagalog | Latin | LTR | Follow-up | Planned | `en` | Matrix only; source strings required before shipping | Terminology consistency |
-| `es-419` | Spanish (Latin America) | Latin | LTR | Follow-up | Planned | `en` | Matrix only; reviewer pass required before shipping | Regional terminology |
 | `fr` | French | Latin | LTR | Follow-up | Planned | `en` | Matrix only; reviewer pass required before shipping | African locale terminology varies |
 
 ## Message Coverage

From 313d456389dde3702a1111ac3ad3aee999a59afa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=AA=20H=E1=BA=A3i=20=C4=90=C4=83ng?=
 <lehaidang6262@gmail.com>
Date: Fri, 29 May 2026 23:24:19 +0700
Subject: [PATCH 258/283] Update crates/tui/src/localization.rs

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---
 crates/tui/src/localization.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index 9e19481e..23d2fd19 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -1637,7 +1637,7 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         }
         MessageId::OnboardApiKeyStep2 => "Bước 2. Dán khóa vào bên dưới và nhấn Enter.",
         MessageId::OnboardApiKeySavedHint => {
-            "Được lưu vào ~/.deepseek/config.toml để có thể hoạt động từ mọi thư mục."
+            "Được lưu vào ~/.codewhale/config.toml để có thể hoạt động từ mọi thư mục."
         }
         MessageId::OnboardApiKeyFormatHint => {
             "Dán chính xác toàn bộ khóa (không chứa khoảng trắng hoặc xuống dòng)."

From 56f158b21230e9726e8ebf9ecfc306d8c5d0c43f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=AA=20H=E1=BA=A3i=20=C4=90=C4=83ng?=
 <lehaidang6262@gmail.com>
Date: Fri, 29 May 2026 23:24:43 +0700
Subject: [PATCH 259/283] Update crates/tui/src/localization.rs

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---
 crates/tui/src/localization.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index 23d2fd19..5f3cde29 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -1422,7 +1422,7 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         }
         MessageId::CmdQueueDescription => "Xem hoặc chỉnh sửa các tin nhắn đang chờ xử lý",
         MessageId::CmdRecallDescription => "Tìm kiếm kho lưu trữ chu kỳ trước (BM25 trên văn bản tin nhắn)",
-        MessageId::CmdRelayDescription => "Tạo một phiên tiếp sức (接力) cho một luồng mới",
+        MessageId::CmdRelayDescription => "Tạo một phiên tiếp sức cho một luồng mới",
         MessageId::CmdRenameDescription => "Đổi tên phiên làm việc hiện tại",
         MessageId::CmdRestoreDescription => {
             "Khôi phục không gian làm việc về bản chụp trước/sau lượt. Nếu không có đối số, hiển thị các bản chụp gần đây."

From 2938334997a08be57abf9d9f6e10a4fe769a1ea2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=AA=20H=E1=BA=A3i=20=C4=90=C4=83ng?=
 <lehaidang6262@gmail.com>
Date: Fri, 29 May 2026 23:24:55 +0700
Subject: [PATCH 260/283] Update crates/tui/src/localization.rs

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
---
 crates/tui/src/localization.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index 5f3cde29..ef273f4f 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -1628,7 +1628,7 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
             "Chọn ngôn ngữ hiển thị. Bạn có thể thay đổi bất kỳ lúc nào bằng lệnh `/settings set locale <tag>`."
         }
         MessageId::OnboardLanguageFooter => {
-            "Nhấn phím từ 1-6 để chọn, hoặc Enter để giữ cài đặt hiện tại"
+            "Nhấn phím từ 1-7 để chọn, hoặc Enter để giữ cài đặt hiện tại"
         }
         // Onboarding — API key entry.
         MessageId::OnboardApiKeyTitle => "Kết nối khóa API DeepSeek của bạn",

From fc9a32be1a81a8ac4d76b7bbcc5ff329bafae606 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 21:31:56 -0700
Subject: [PATCH 261/283] fix(localization): finish Vietnamese locale after
 main merge

---
 crates/tui/src/localization.rs | 138 ++++++++++++++++++++++++---------
 crates/tui/src/lsp/registry.rs |  10 +--
 2 files changed, 103 insertions(+), 45 deletions(-)

diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index ef273f4f..d01cabf0 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -1236,7 +1236,7 @@ fn english(id: MessageId) -> &'static str {
             "Pick the UI language. You can change it any time with `/settings set locale <tag>`."
         }
         MessageId::OnboardLanguageFooter => {
-            "Press 1-6 to choose, or Enter to keep the current setting"
+            "Press 1-7 to choose, or Enter to keep the current setting"
         }
         // Onboarding — API key entry.
         MessageId::OnboardApiKeyTitle => "Connect your DeepSeek API key",
@@ -1339,9 +1339,7 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::ConfigNoMatchesPrefix => "  Không có cài đặt nào khớp với ",
         MessageId::ConfigFilteredSettings => "  Cài đặt đã lọc",
         MessageId::ConfigShowing => "  Đang hiển thị",
-        MessageId::ConfigFooterDefault => {
-            " gõ=lọc, Lên/Xuống=chọn, Enter/e=sửa, Esc/q=đóng "
-        }
+        MessageId::ConfigFooterDefault => " gõ=lọc, Lên/Xuống=chọn, Enter/e=sửa, Esc/q=đóng ",
         MessageId::ConfigFooterScrollable => {
             " gõ=lọc, Lên/Xuống=chọn, Enter/e=sửa, PgUp/PgDn=cuộn, Esc/q=đóng "
         }
@@ -1378,7 +1376,9 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdChangePreviousVersion => {
             "Phiên bản trước: {version} — chạy `/change {version}` để xem"
         }
-        MessageId::CmdBalanceDescription => "Kiểm tra số dư tài khoản của nhà cung cấp dịch vụ đang hoạt động",
+        MessageId::CmdBalanceDescription => {
+            "Kiểm tra số dư tài khoản của nhà cung cấp dịch vụ đang hoạt động"
+        }
         MessageId::CmdClearDescription => "Xóa lịch sử trò chuyện",
         MessageId::CmdCompactDescription => {
             "Kích hoạt nén ngữ cảnh để giải phóng không gian (cũ; v0.6.6 ưu tiên khởi động lại chu kỳ)"
@@ -1387,24 +1387,30 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdContextDescription => "Mở trình kiểm tra ngữ cảnh phiên thu gọn",
         MessageId::CmdCostDescription => "Hiển thị chi tiết chi phí của phiên làm việc",
         MessageId::CmdCycleDescription => "Hiển thị báo cáo chuyển tiếp cho một chu kỳ cụ thể",
-        MessageId::CmdCyclesDescription => "Liệt kê các lần bàn giao chu kỳ checkpoint-restart trong phiên này",
+        MessageId::CmdCyclesDescription => {
+            "Liệt kê các lần bàn giao chu kỳ checkpoint-restart trong phiên này"
+        }
         MessageId::CmdDiffDescription => "Hiển thị các thay đổi của tệp kể từ khi bắt đầu phiên",
         MessageId::CmdEditDescription => "Chỉnh sửa và gửi lại tin nhắn gần nhất",
         MessageId::CmdExitDescription => "Thoát ứng dụng",
         MessageId::CmdExportDescription => "Xuất cuộc trò chuyện sang định dạng Markdown",
         MessageId::CmdFeedbackDescription => "Tạo một URL để gửi phản hồi trên GitHub",
         MessageId::CmdHelpDescription => "Hiển thị thông tin trợ giúp",
-        MessageId::CmdHomeDescription => "Hiển thị bảng điều khiển trang chủ với số liệu thống kê và hành động nhanh",
-        MessageId::CmdHooksDescription => "Liệt kê các lifecycle hook đã cấu hình (chỉ đọc)",
-        MessageId::CmdAgentDescription => {
-            "Mở một phiên sub-agent nền: /agent [0-3] <nhiệm_vụ>"
+        MessageId::CmdHomeDescription => {
+            "Hiển thị bảng điều khiển trang chủ với số liệu thống kê và hành động nhanh"
         }
+        MessageId::CmdHooksDescription => "Liệt kê các lifecycle hook đã cấu hình (chỉ đọc)",
+        MessageId::CmdAgentDescription => "Mở một phiên sub-agent nền: /agent [0-3] <nhiệm_vụ>",
         MessageId::CmdGoalDescription => "Đặt mục tiêu cho phiên với giới hạn token tùy chọn",
         MessageId::CmdInitDescription => "Tạo tệp AGENTS.md cho dự án",
         MessageId::CmdLspDescription => "Bật hoặc tắt tính năng chẩn đoán LSP",
-        MessageId::CmdShareDescription => "Xuất phiên hiện tại thành một liên kết web có thể chia sẻ",
+        MessageId::CmdShareDescription => {
+            "Xuất phiên hiện tại thành một liên kết web có thể chia sẻ"
+        }
         MessageId::CmdJobsDescription => "Kiểm tra và kiểm soát các lệnh chạy ngầm",
-        MessageId::CmdLinksDescription => "Hiển thị các liên kết đến bảng điều khiển và tài liệu của DeepSeek",
+        MessageId::CmdLinksDescription => {
+            "Hiển thị các liên kết đến bảng điều khiển và tài liệu của DeepSeek"
+        }
         MessageId::CmdLoadDescription => "Tải phiên làm việc từ tệp",
         MessageId::CmdLogoutDescription => "Xóa khóa API và quay lại bước thiết lập",
         MessageId::CmdMcpDescription => "Mở hoặc quản lý các máy chủ MCP",
@@ -1415,23 +1421,33 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdModelDescription => "Chuyển đổi hoặc xem mô hình AI hiện tại",
         MessageId::CmdModelsDescription => "Liệt kê các mô hình khả dụng từ API",
         MessageId::CmdNetworkDescription => "Quản lý các quy tắc cho phép và từ chối mạng",
-        MessageId::CmdNoteDescription => "Thêm, liệt kê, sửa hoặc xóa ghi chú trong không gian làm việc",
+        MessageId::CmdNoteDescription => {
+            "Thêm, liệt kê, sửa hoặc xóa ghi chú trong không gian làm việc"
+        }
         MessageId::CmdThemeDescription => "Chuyển đổi giao diện hoặc mở bảng chọn giao diện",
         MessageId::CmdProviderDescription => {
-            "Chuyển đổi hoặc xem backend LLM đang hoạt động (codewhale | nvidia-nim | ollama)"
+            "Chuyển đổi hoặc xem backend LLM đang hoạt động (deepseek | nvidia-nim | ollama)"
         }
         MessageId::CmdQueueDescription => "Xem hoặc chỉnh sửa các tin nhắn đang chờ xử lý",
-        MessageId::CmdRecallDescription => "Tìm kiếm kho lưu trữ chu kỳ trước (BM25 trên văn bản tin nhắn)",
+        MessageId::CmdRecallDescription => {
+            "Tìm kiếm kho lưu trữ chu kỳ trước (BM25 trên văn bản tin nhắn)"
+        }
         MessageId::CmdRelayDescription => "Tạo một phiên tiếp sức cho một luồng mới",
         MessageId::CmdRenameDescription => "Đổi tên phiên làm việc hiện tại",
         MessageId::CmdRestoreDescription => {
             "Khôi phục không gian làm việc về bản chụp trước/sau lượt. Nếu không có đối số, hiển thị các bản chụp gần đây."
         }
         MessageId::CmdRetryDescription => "Thử lại yêu cầu gần nhất",
-        MessageId::CmdReviewDescription => "Chạy một quy trình xem xét mã nguồn có cấu trúc trên tệp, diff hoặc PR",
-        MessageId::CmdRlmDescription => "Mở một ngữ cảnh RLM liên tục: /rlm [0-3] <tệp_hoặc_văn_bản>",
+        MessageId::CmdReviewDescription => {
+            "Chạy một quy trình xem xét mã nguồn có cấu trúc trên tệp, diff hoặc PR"
+        }
+        MessageId::CmdRlmDescription => {
+            "Mở một ngữ cảnh RLM liên tục: /rlm [0-3] <tệp_hoặc_văn_bản>"
+        }
         MessageId::CmdSaveDescription => "Lưu phiên làm việc vào tệp",
-        MessageId::CmdForkDescription => "Rẽ nhánh (fork) cuộc hội thoại hiện tại thành một phiên song song",
+        MessageId::CmdForkDescription => {
+            "Rẽ nhánh (fork) cuộc hội thoại hiện tại thành một phiên song song"
+        }
         MessageId::CmdNewDescription => "Bắt đầu một phiên lưu mới",
         MessageId::CmdSessionsDescription => "Mở bảng chọn lịch sử phiên làm việc",
         MessageId::CmdSettingsDescription => "Hiển thị các cài đặt liên tục",
@@ -1445,7 +1461,9 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
             "Tạm cất hoặc khôi phục bản nháp (Ctrl+S để cất, /stash list/pop để xem/lấy ra)"
         }
         MessageId::CmdStatusDescription => "Hiển thị trạng thái thời gian chạy của phiên",
-        MessageId::CmdStatuslineDescription => "Cấu hình các mục hiển thị ở thanh trạng thái dưới cùng",
+        MessageId::CmdStatuslineDescription => {
+            "Cấu hình các mục hiển thị ở thanh trạng thái dưới cùng"
+        }
         MessageId::CmdSubagentsDescription => "Liệt kê trạng thái của các sub-agent",
         MessageId::CmdSwarmDescription => {
             "Khởi chạy chế độ đa agent (sequential | mixture | distill | deliberate)"
@@ -1453,8 +1471,12 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdSystemDescription => "Hiển thị prompt hệ thống hiện tại",
         MessageId::CmdTaskDescription => "Quản lý các nhiệm vụ chạy ngầm",
         MessageId::CmdTokensDescription => "Hiển thị lượng token đã sử dụng cho phiên",
-        MessageId::CmdTranslateDescription => "Bật/Tắt chế độ dịch đầu ra sang ngôn ngữ hệ thống hiện tại",
-        MessageId::CmdTranslateOff => "Đã tắt chế độ dịch đầu ra (hiển thị câu trả lời gốc của mô hình)",
+        MessageId::CmdTranslateDescription => {
+            "Bật/Tắt chế độ dịch đầu ra sang ngôn ngữ hệ thống hiện tại"
+        }
+        MessageId::CmdTranslateOff => {
+            "Đã tắt chế độ dịch đầu ra (hiển thị câu trả lời gốc của mô hình)"
+        }
         MessageId::CmdTranslateOn => {
             "Đã bật chế độ dịch đầu ra: câu trả lời của mô hình sẽ được hiển thị bằng tiếng Việt"
         }
@@ -1464,9 +1486,13 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdTrustDescription => {
             "Quản lý quyền tin cậy không gian làm việc và danh sách trắng theo đường dẫn (`/trust add <path>`, `/trust list`, `/trust on|off`)"
         }
-        MessageId::CmdWorkspaceDescription => "Hiển thị hoặc chuyển đổi không gian làm việc hiện tại",
+        MessageId::CmdWorkspaceDescription => {
+            "Hiển thị hoặc chuyển đổi không gian làm việc hiện tại"
+        }
         MessageId::CmdUndoDescription => "Xóa cặp tin nhắn gần nhất",
-        MessageId::CmdVerboseDescription => "Bật/Tắt chế độ hiển thị đầy đủ quá trình suy nghĩ trực tiếp",
+        MessageId::CmdVerboseDescription => {
+            "Bật/Tắt chế độ hiển thị đầy đủ quá trình suy nghĩ trực tiếp"
+        }
         MessageId::CmdCacheAdvice => {
             "Tỷ lệ hit/miss trên ~70% sau lượt thứ ba cho thấy tiền tố bộ nhớ đệm ổn định; \nthấp hơn mức đó trong các phiên dài cho thấy có sự biến động tiền tố cần kiểm tra (#263)."
         }
@@ -1536,9 +1562,7 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::KbJumpToolBlocks => "Nhảy giữa các khối đầu ra của công cụ",
         MessageId::KbMoveCursor => "Di chuyển con trỏ trong khung soạn thảo",
         MessageId::KbJumpLineStartEnd => "Nhảy về đầu / cuối dòng",
-        MessageId::KbDeleteChar => {
-            "Xóa ký tự trước / sau con trỏ, hoặc xóa tệp đính kèm đã chọn"
-        }
+        MessageId::KbDeleteChar => "Xóa ký tự trước / sau con trỏ, hoặc xóa tệp đính kèm đã chọn",
         MessageId::KbClearDraft => "Xóa bản nháp hiện tại",
         MessageId::KbStashDraft => "Tạm cất bản nháp hiện tại (dùng `/stash pop` để khôi phục)",
         MessageId::KbSearchHistory => "Tìm kiếm lịch sử câu lệnh và khôi phục các bản nháp cục bộ",
@@ -1549,9 +1573,13 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::KbShellControls => "Mở các điều khiển shell cho một lệnh đang chạy ở tiền cảnh",
         MessageId::KbExitEmpty => "Thoát khi khung nhập trống",
         MessageId::KbCommandPalette => "Mở bảng lệnh (command palette)",
-        MessageId::KbFuzzyFilePicker => "Mở trình tìm file nhanh (fuzzy) (chèn @path khi nhấn Enter)",
+        MessageId::KbFuzzyFilePicker => {
+            "Mở trình tìm file nhanh (fuzzy) (chèn @path khi nhấn Enter)"
+        }
         MessageId::KbCompactInspector => "Mở trình kiểm tra ngữ cảnh phiên thu gọn",
-        MessageId::KbLastMessagePager => "Mở trang xem cho tin nhắn cuối cùng (khi khung nhập trống)",
+        MessageId::KbLastMessagePager => {
+            "Mở trang xem cho tin nhắn cuối cùng (khi khung nhập trống)"
+        }
         MessageId::KbSelectedDetails => {
             "Mở chi tiết cho công cụ hoặc tin nhắn được chọn (khi khung nhập trống)"
         }
@@ -1565,7 +1593,9 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
             "Hoàn thành /command, xếp hàng theo dõi lượt đang chạy, chuyển đổi chế độ; Shift+Tab để chuyển đổi mức độ suy luận"
         }
         MessageId::KbJumpPlanAgentYolo => "Nhảy trực tiếp sang chế độ Plan / Agent / YOLO",
-        MessageId::KbAltJumpPlanAgentYolo => "Phím tắt thay thế để nhảy sang chế độ Plan / Agent / YOLO",
+        MessageId::KbAltJumpPlanAgentYolo => {
+            "Phím tắt thay thế để nhảy sang chế độ Plan / Agent / YOLO"
+        }
         MessageId::KbFocusSidebar => {
             "Focus vào thanh bên Work / Tasks / Agents / Context / Auto; Ctrl+Alt+0 để ẩn"
         }
@@ -1615,13 +1645,21 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::HomeQuickHelp => "/help        - Hiển thị trợ giúp",
         MessageId::HomeModeTips => "Mẹo về Chế độ",
         MessageId::HomeAgentModeTip => "Chế độ Agent - Sử dụng công cụ cho các nhiệm vụ tự chủ",
-        MessageId::HomeAgentModeReviewTip => "  Sử dụng Ctrl+X để xem xét ở chế độ Plan trước khi thực thi",
+        MessageId::HomeAgentModeReviewTip => {
+            "  Sử dụng Ctrl+X để xem xét ở chế độ Plan trước khi thực thi"
+        }
         MessageId::HomeAgentModeYoloTip => "  Nhập /mode yolo để bật toàn quyền truy cập công cụ",
-        MessageId::HomeYoloModeTip => "Chế độ YOLO - Toàn quyền truy cập công cụ, không cần phê duyệt",
+        MessageId::HomeYoloModeTip => {
+            "Chế độ YOLO - Toàn quyền truy cập công cụ, không cần phê duyệt"
+        }
         MessageId::HomeYoloModeCaution => "  Hãy cẩn thận với các thao tác mang tính phá hủy!",
         MessageId::HomePlanModeTip => "Chế độ Plan - Thiết kế trước khi triển khai",
-        MessageId::HomePlanModeChecklistTip => "  Sử dụng /mode plan để tạo danh sách kiểm tra có cấu trúc",
-        MessageId::HomeGoalModeTip => "Theo dõi mục tiêu - Dùng /goal <mục_tiêu> để đặt mục tiêu làm việc",
+        MessageId::HomePlanModeChecklistTip => {
+            "  Sử dụng /mode plan để tạo danh sách kiểm tra có cấu trúc"
+        }
+        MessageId::HomeGoalModeTip => {
+            "Theo dõi mục tiêu - Dùng /goal <mục_tiêu> để đặt mục tiêu làm việc"
+        }
         // Onboarding — language picker.
         MessageId::OnboardLanguageTitle => "Chọn ngôn ngữ của bạn",
         MessageId::OnboardLanguageBlurb => {
@@ -1674,6 +1712,32 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         }
         MessageId::OnboardTipsFooterEnter => "Nhấn Enter",
         MessageId::OnboardTipsFooterAction => " để mở không gian làm việc",
+        // Context menu.
+        MessageId::CtxMenuTitle => " Nhấp chuột phải ",
+        MessageId::CtxMenuCopySelection => "Sao chép vùng chọn",
+        MessageId::CtxMenuCopySelectionDesc => "ghi văn bản transcript đã chọn",
+        MessageId::CtxMenuOpenSelection => "Mở vùng chọn",
+        MessageId::CtxMenuOpenSelectionDesc => "hiển thị văn bản đã chọn trong trình xem",
+        MessageId::CtxMenuClearSelection => "Xóa vùng chọn",
+        MessageId::CtxMenuOpenDetails => "Mở chi tiết",
+        MessageId::CtxMenuCopyMessage => "Sao chép tin nhắn",
+        MessageId::CtxMenuCopyMessageDesc => "ghi ô transcript đã bấm",
+        MessageId::CtxMenuOpenInEditor => "Mở trong trình soạn thảo",
+        MessageId::CtxMenuOpenInEditorDesc => "mở file:line trong $EDITOR",
+        MessageId::CtxMenuShowCell => "Hiển thị ô",
+        MessageId::CtxMenuShowCellDesc => "hiển thị lại ô transcript này",
+        MessageId::CtxMenuHideCell => "Ẩn ô",
+        MessageId::CtxMenuHideCellDesc => "thu gọn ô transcript này",
+        MessageId::CtxMenuShowHidden => "Hiển thị mục ẩn",
+        MessageId::CtxMenuShowHiddenDesc => "hiển thị lại tất cả ô đã thu gọn",
+        MessageId::CtxMenuPaste => "Dán",
+        MessageId::CtxMenuPasteDesc => "chèn clipboard vào khung nhập",
+        MessageId::CtxMenuCmdPalette => "Bảng lệnh",
+        MessageId::CtxMenuCmdPaletteDesc => "lệnh, kỹ năng và công cụ",
+        MessageId::CtxMenuContextInspector => "Trình kiểm tra ngữ cảnh",
+        MessageId::CtxMenuContextInspectorDesc => "ngữ cảnh đang hoạt động và gợi ý bộ nhớ đệm",
+        MessageId::CtxMenuHelp => "Trợ giúp",
+        MessageId::CtxMenuHelpDesc => "phím tắt và lệnh",
     })
 }
 
@@ -2006,7 +2070,7 @@ fn japanese(id: MessageId) -> Option<&'static str> {
         MessageId::OnboardLanguageBlurb => {
             "UI 言語を選んでください。`/settings set locale <tag>` でいつでも変更できます。"
         }
-        MessageId::OnboardLanguageFooter => "1〜6 で選択、または Enter で現在の設定を維持",
+        MessageId::OnboardLanguageFooter => "1〜7 で選択、または Enter で現在の設定を維持",
         // Onboarding — API key entry.
         MessageId::OnboardApiKeyTitle => "DeepSeek API キーを設定",
         MessageId::OnboardApiKeyStep1 => {
@@ -2350,7 +2414,7 @@ fn chinese_simplified(id: MessageId) -> Option<&'static str> {
         MessageId::OnboardLanguageBlurb => {
             "选择界面语言。可随时使用 `/settings set locale <tag>` 修改。"
         }
-        MessageId::OnboardLanguageFooter => "按 1-6 选择，或按 Enter 保留当前设置",
+        MessageId::OnboardLanguageFooter => "按 1-7 选择，或按 Enter 保留当前设置",
         // Onboarding — API key entry.
         MessageId::OnboardApiKeyTitle => "连接你的 DeepSeek API 密钥",
         MessageId::OnboardApiKeyStep1 => {
@@ -2753,7 +2817,7 @@ fn portuguese_brazil(id: MessageId) -> Option<&'static str> {
             "Escolha o idioma da interface. Você pode mudá-lo a qualquer momento com `/settings set locale <tag>`."
         }
         MessageId::OnboardLanguageFooter => {
-            "Pressione 1-6 para escolher, ou Enter para manter a configuração atual"
+            "Pressione 1-7 para escolher, ou Enter para manter a configuração atual"
         }
         // Onboarding — API key entry.
         MessageId::OnboardApiKeyTitle => "Conecte sua chave de API DeepSeek",
@@ -3176,7 +3240,7 @@ fn spanish_latin_america(id: MessageId) -> Option<&'static str> {
             "Elige el idioma de la interfaz. Puedes cambiarlo en cualquier momento con `/settings set locale <etiqueta>`."
         }
         MessageId::OnboardLanguageFooter => {
-            "Presiona 1-5 para elegir, o Enter para mantener la configuración actual"
+            "Presiona 1-7 para elegir, o Enter para mantener la configuración actual"
         }
         MessageId::OnboardApiKeyTitle => "Conecta tu clave de API DeepSeek",
         MessageId::OnboardApiKeyStep1 => {
diff --git a/crates/tui/src/lsp/registry.rs b/crates/tui/src/lsp/registry.rs
index cc911862..34664c50 100644
--- a/crates/tui/src/lsp/registry.rs
+++ b/crates/tui/src/lsp/registry.rs
@@ -144,14 +144,8 @@ mod tests {
 
     #[test]
     fn detects_java_extension() {
-        assert_eq!(
-            detect_language(&PathBuf::from("App.java")),
-            Language::Java
-        );
-        assert_eq!(
-            detect_language(&PathBuf::from("APP.JAVA")),
-            Language::Java
-        );
+        assert_eq!(detect_language(&PathBuf::from("App.java")), Language::Java);
+        assert_eq!(detect_language(&PathBuf::from("APP.JAVA")), Language::Java);
     }
 
     #[test]

From b135373bf5b5e5cdc75b1bad99ca81ceb0e83818 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 21:43:24 -0700
Subject: [PATCH 262/283] test(tui): cover approval input after message drain

---
 crates/tui/src/tui/ui.rs       | 27 ++++++++++++++-------
 crates/tui/src/tui/ui/tests.rs | 43 ++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 8 deletions(-)

diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 64e35f66..a812e8fa 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1940,12 +1940,8 @@ async fn run_event_loop(
                         } else {
                             let tool_input = input;
 
-                            if tool_name == "apply_patch" {
-                                maybe_add_patch_preview(app, &tool_input);
-                            }
-
-                            // Create approval request and show overlay
-                            let request = ApprovalRequest::new(
+                            push_approval_request_view(
+                                app,
                                 &id,
                                 &tool_name,
                                 &description,
@@ -1961,8 +1957,6 @@ async fn run_event_loop(
                                     "mode": app.mode.label(),
                                 }),
                             );
-                            app.view_stack
-                                .push(ApprovalView::new_for_locale(request, app.ui_locale));
                             app.status_message = Some(format!(
                                 "Approval required for '{tool_name}': {description}"
                             ));
@@ -6399,6 +6393,23 @@ async fn handle_view_events(
     Ok(false)
 }
 
+fn push_approval_request_view(
+    app: &mut App,
+    id: &str,
+    tool_name: &str,
+    description: &str,
+    tool_input: &serde_json::Value,
+    approval_key: &str,
+) {
+    if tool_name == "apply_patch" {
+        maybe_add_patch_preview(app, tool_input);
+    }
+
+    let request = ApprovalRequest::new(id, tool_name, description, tool_input, approval_key);
+    app.view_stack
+        .push(ApprovalView::new_for_locale(request, app.ui_locale));
+}
+
 struct ApprovalDecisionEvent {
     tool_id: String,
     tool_name: String,
diff --git a/crates/tui/src/tui/ui/tests.rs b/crates/tui/src/tui/ui/tests.rs
index 4f0baa5b..987984ef 100644
--- a/crates/tui/src/tui/ui/tests.rs
+++ b/crates/tui/src/tui/ui/tests.rs
@@ -5202,6 +5202,49 @@ fn message_complete_drain_preserves_thinking_when_thinking_complete_lost() {
     );
 }
 
+#[test]
+fn approval_prompt_uses_event_input_after_message_complete_drain() {
+    let mut app = create_test_app();
+    app.pending_tool_uses.push((
+        "tool-1".to_string(),
+        "exec_shell".to_string(),
+        serde_json::json!({"command": "stale value from drained list"}),
+    ));
+
+    // Mirror the old race: MessageComplete drains pending tool uses before
+    // ApprovalRequired is handled. The approval modal must still show the
+    // non-empty input carried directly on the ApprovalRequired event.
+    app.pending_tool_uses.clear();
+
+    let event_input = serde_json::json!({
+        "command": "cargo test -p codewhale-tui approval",
+        "workdir": "/repo",
+    });
+    push_approval_request_view(
+        &mut app,
+        "tool-1",
+        "exec_shell",
+        "Run cargo tests",
+        &event_input,
+        "approval-key",
+    );
+
+    let mut view = app.view_stack.pop().expect("approval view");
+    let approval = view
+        .as_any_mut()
+        .downcast_mut::<ApprovalView>()
+        .expect("approval view");
+    let action = approval.handle_key(KeyEvent::new(KeyCode::Char('v'), KeyModifiers::NONE));
+    let ViewAction::Emit(ViewEvent::OpenTextPager { content, .. }) = action else {
+        panic!("expected approval params pager");
+    };
+
+    assert!(content.contains("cargo test -p codewhale-tui approval"));
+    assert!(content.contains("/repo"));
+    assert!(!content.contains("stale value from drained list"));
+    assert_ne!(content.trim(), "{}");
+}
+
 #[test]
 fn second_thinking_block_appends_new_entry_in_same_active_cell() {
     // Real V4 turns can emit Thinking → Tool → Thinking → Tool before any

From ed81d13782a1e52532111f30fbba42ce634ef16d Mon Sep 17 00:00:00 2001
From: Hu Qiantao <huqiantao@HudeMacBook-Air.local>
Date: Sun, 31 May 2026 11:51:14 +0800
Subject: [PATCH 263/283] fix: gate task_shell_start behind allow_shell like
 exec_shell
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

task_shell_start delegates to ExecShellTool, providing the same shell
execution capability as exec_shell. Previously, task_shell_start was
registered unconditionally in with_runtime_task_tools while exec_shell
was gated behind allow_shell, creating an inconsistent security gate.

This caused the model to try exec_shell first, fail, then fall back to
task_shell_start — wasting tokens and bypassing the intended security
boundary.

Split TaskShellStartTool and TaskShellWaitTool out of
with_runtime_task_tools into a new with_runtime_task_shell_tools method,
and gate both behind the allow_shell check in with_agent_tools.

Closes #2303
---
 crates/tui/src/core/engine/tool_setup.rs |  2 +-
 crates/tui/src/tools/registry.rs         | 49 ++++++++++++++++++++++--
 docs/MODES.md                            |  2 +-
 3 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/crates/tui/src/core/engine/tool_setup.rs b/crates/tui/src/core/engine/tool_setup.rs
index 99c5b707..fb56641a 100644
--- a/crates/tui/src/core/engine/tool_setup.rs
+++ b/crates/tui/src/core/engine/tool_setup.rs
@@ -85,7 +85,7 @@ impl Engine {
             && self.config.features.enabled(Feature::ShellTool)
             && self.session.allow_shell
         {
-            builder = builder.with_shell_tools();
+            builder = builder.with_shell_tools().with_runtime_task_shell_tools();
         }
 
         // Register the `remember` tool only when the user has opted in to
diff --git a/crates/tui/src/tools/registry.rs b/crates/tui/src/tools/registry.rs
index 5a437abf..70317dff 100644
--- a/crates/tui/src/tools/registry.rs
+++ b/crates/tui/src/tools/registry.rs
@@ -542,6 +542,10 @@ impl ToolRegistryBuilder {
     }
 
     /// Include durable task, gate, PR-attempt, GitHub, and automation tools.
+    ///
+    /// Shell-related task tools (`task_shell_start`, `task_shell_wait`) are
+    /// *not* included here — use [`with_runtime_task_shell_tools`] to register
+    /// them when `allow_shell` is true.
     #[must_use]
     pub fn with_runtime_task_tools(self) -> Self {
         use super::automation::{
@@ -555,7 +559,6 @@ impl ToolRegistryBuilder {
         use super::tasks::{
             PrAttemptListTool, PrAttemptPreflightTool, PrAttemptReadTool, PrAttemptRecordTool,
             TaskCancelTool, TaskCreateTool, TaskGateRunTool, TaskListTool, TaskReadTool,
-            TaskShellStartTool, TaskShellWaitTool,
         };
 
         self.with_tool(Arc::new(TaskCreateTool))
@@ -563,8 +566,6 @@ impl ToolRegistryBuilder {
             .with_tool(Arc::new(TaskReadTool))
             .with_tool(Arc::new(TaskCancelTool))
             .with_tool(Arc::new(TaskGateRunTool))
-            .with_tool(Arc::new(TaskShellStartTool))
-            .with_tool(Arc::new(TaskShellWaitTool))
             .with_tool(Arc::new(GithubIssueContextTool))
             .with_tool(Arc::new(GithubPrContextTool))
             .with_tool(Arc::new(PrAttemptRecordTool))
@@ -584,6 +585,18 @@ impl ToolRegistryBuilder {
             .with_tool(Arc::new(GithubClosePrTool))
     }
 
+    /// Include shell-related task tools (`task_shell_start`, `task_shell_wait`).
+    ///
+    /// These are gated behind `allow_shell` because `task_shell_start`
+    /// delegates directly to `ExecShellTool`, providing the same shell
+    /// execution capability as `exec_shell`.
+    #[must_use]
+    pub fn with_runtime_task_shell_tools(self) -> Self {
+        use super::tasks::{TaskShellStartTool, TaskShellWaitTool};
+        self.with_tool(Arc::new(TaskShellStartTool))
+            .with_tool(Arc::new(TaskShellWaitTool))
+    }
+
     /// Include only read-only durable task, PR-attempt, GitHub, and automation
     /// inspection tools. Plan mode uses this surface so it can observe state
     /// without starting work, changing remotes, or mutating automation config.
@@ -786,7 +799,7 @@ impl ToolRegistryBuilder {
             .with_image_ocr_tools();
 
         if allow_shell {
-            builder.with_shell_tools()
+            builder.with_shell_tools().with_runtime_task_shell_tools()
         } else {
             builder
         }
@@ -1379,4 +1392,32 @@ mod tests {
 
         assert!(registry.contains("finance"));
     }
+
+    #[test]
+    fn agent_tools_with_allow_shell_false_excludes_shell_tools() {
+        let tmp = tempdir().expect("tempdir");
+        let ctx = ToolContext::new(tmp.path().to_path_buf());
+
+        let registry = ToolRegistryBuilder::new()
+            .with_agent_tools(false)
+            .build(ctx);
+
+        assert!(!registry.contains("exec_shell"), "exec_shell should be excluded when allow_shell is false");
+        assert!(!registry.contains("task_shell_start"), "task_shell_start should be excluded when allow_shell is false");
+        assert!(!registry.contains("task_shell_wait"), "task_shell_wait should be excluded when allow_shell is false");
+    }
+
+    #[test]
+    fn agent_tools_with_allow_shell_true_includes_shell_tools() {
+        let tmp = tempdir().expect("tempdir");
+        let ctx = ToolContext::new(tmp.path().to_path_buf());
+
+        let registry = ToolRegistryBuilder::new()
+            .with_agent_tools(true)
+            .build(ctx);
+
+        assert!(registry.contains("exec_shell"), "exec_shell should be included when allow_shell is true");
+        assert!(registry.contains("task_shell_start"), "task_shell_start should be included when allow_shell is true");
+        assert!(registry.contains("task_shell_wait"), "task_shell_wait should be included when allow_shell is true");
+    }
 }
diff --git a/docs/MODES.md b/docs/MODES.md
index 250721db..289f6c51 100644
--- a/docs/MODES.md
+++ b/docs/MODES.md
@@ -19,7 +19,7 @@ Run `/mode` to open the mode picker, or switch directly with `/mode agent`,
 `/mode plan`, `/mode yolo`, `/mode 1`, `/mode 2`, or `/mode 3`.
 
 - **Plan**: design-first prompting. Read-only investigation tools stay available; shell and patch execution stay off. Use this when you want to think out loud and produce a plan to hand to a human (yourself later, or a reviewer).
-- **Agent**: multi-step tool use. Approvals for shell and paid tools (file writes are allowed without a prompt).
+- **Agent**: multi-step tool use. Shell execution (`exec_shell`, `task_shell_start`) requires `allow_shell = true` in config; approval prompts gate each call. File writes are allowed without a prompt.
 - **YOLO**: enables shell + trust mode and auto-approves all tools. Use only in trusted repos.
 
 All action-capable modes have access to persistent RLM sessions through `rlm_open`, `rlm_eval`, `rlm_configure`, and `rlm_close`. Inside an RLM Python REPL, `sub_query_batch` fans out 1-16 cheap parallel child calls pinned to `deepseek-v4-flash`. The model reaches for it when work is too large or repetitive for the parent transcript.

From c6cec29f637d99dde47b54cf86a2991867d7ef4b Mon Sep 17 00:00:00 2001
From: Hu Qiantao <huqiantao@HudeMacBook-Air.local>
Date: Sun, 31 May 2026 12:18:31 +0800
Subject: [PATCH 264/283] fix: remove double-registration of shell tools in
 engine builder

The second feature-flag gate in tool_setup.rs was calling
with_shell_tools() again when allow_shell was already true, causing
duplicate tool registration. Remove the redundant gate since
with_agent_tools() already handles the allow_shell check.

Also add task_shell_wait to MODES.md alongside task_shell_start.
---
 crates/tui/src/core/engine/tool_setup.rs | 11 +++--------
 docs/MODES.md                            |  2 +-
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/crates/tui/src/core/engine/tool_setup.rs b/crates/tui/src/core/engine/tool_setup.rs
index fb56641a..b6867d0e 100644
--- a/crates/tui/src/core/engine/tool_setup.rs
+++ b/crates/tui/src/core/engine/tool_setup.rs
@@ -79,14 +79,9 @@ impl Engine {
         if self.config.features.enabled(Feature::WebSearch) {
             builder = builder.with_web_tools();
         }
-        // Plan mode is strictly read-only: do not expose shell execution at
-        // all, even if the session would otherwise allow it.
-        if mode != AppMode::Plan
-            && self.config.features.enabled(Feature::ShellTool)
-            && self.session.allow_shell
-        {
-            builder = builder.with_shell_tools().with_runtime_task_shell_tools();
-        }
+        // Shell tools (exec_shell, task_shell_start, etc.) are already gated
+        // behind `allow_shell` inside `with_agent_tools`. No separate
+        // feature-flag gate here to avoid double-registration.
 
         // Register the `remember` tool only when the user has opted in to
         // user-memory (#489). Without that opt-in the tool would always
diff --git a/docs/MODES.md b/docs/MODES.md
index 289f6c51..1a2763d9 100644
--- a/docs/MODES.md
+++ b/docs/MODES.md
@@ -19,7 +19,7 @@ Run `/mode` to open the mode picker, or switch directly with `/mode agent`,
 `/mode plan`, `/mode yolo`, `/mode 1`, `/mode 2`, or `/mode 3`.
 
 - **Plan**: design-first prompting. Read-only investigation tools stay available; shell and patch execution stay off. Use this when you want to think out loud and produce a plan to hand to a human (yourself later, or a reviewer).
-- **Agent**: multi-step tool use. Shell execution (`exec_shell`, `task_shell_start`) requires `allow_shell = true` in config; approval prompts gate each call. File writes are allowed without a prompt.
+- **Agent**: multi-step tool use. Shell execution (`exec_shell`, `task_shell_start`, `task_shell_wait`) requires `allow_shell = true` in config; approval prompts gate each call. File writes are allowed without a prompt.
 - **YOLO**: enables shell + trust mode and auto-approves all tools. Use only in trusted repos.
 
 All action-capable modes have access to persistent RLM sessions through `rlm_open`, `rlm_eval`, `rlm_configure`, and `rlm_close`. Inside an RLM Python REPL, `sub_query_batch` fans out 1-16 cheap parallel child calls pinned to `deepseek-v4-flash`. The model reaches for it when work is too large or repetitive for the parent transcript.

From 6d9369908dcd4d53160ec1c6477700795190e749 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 21:46:05 -0700
Subject: [PATCH 265/283] style: format shell gating tests

---
 crates/tui/src/tools/registry.rs | 34 +++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/crates/tui/src/tools/registry.rs b/crates/tui/src/tools/registry.rs
index 70317dff..d5dfdaf6 100644
--- a/crates/tui/src/tools/registry.rs
+++ b/crates/tui/src/tools/registry.rs
@@ -1402,9 +1402,18 @@ mod tests {
             .with_agent_tools(false)
             .build(ctx);
 
-        assert!(!registry.contains("exec_shell"), "exec_shell should be excluded when allow_shell is false");
-        assert!(!registry.contains("task_shell_start"), "task_shell_start should be excluded when allow_shell is false");
-        assert!(!registry.contains("task_shell_wait"), "task_shell_wait should be excluded when allow_shell is false");
+        assert!(
+            !registry.contains("exec_shell"),
+            "exec_shell should be excluded when allow_shell is false"
+        );
+        assert!(
+            !registry.contains("task_shell_start"),
+            "task_shell_start should be excluded when allow_shell is false"
+        );
+        assert!(
+            !registry.contains("task_shell_wait"),
+            "task_shell_wait should be excluded when allow_shell is false"
+        );
     }
 
     #[test]
@@ -1412,12 +1421,19 @@ mod tests {
         let tmp = tempdir().expect("tempdir");
         let ctx = ToolContext::new(tmp.path().to_path_buf());
 
-        let registry = ToolRegistryBuilder::new()
-            .with_agent_tools(true)
-            .build(ctx);
+        let registry = ToolRegistryBuilder::new().with_agent_tools(true).build(ctx);
 
-        assert!(registry.contains("exec_shell"), "exec_shell should be included when allow_shell is true");
-        assert!(registry.contains("task_shell_start"), "task_shell_start should be included when allow_shell is true");
-        assert!(registry.contains("task_shell_wait"), "task_shell_wait should be included when allow_shell is true");
+        assert!(
+            registry.contains("exec_shell"),
+            "exec_shell should be included when allow_shell is true"
+        );
+        assert!(
+            registry.contains("task_shell_start"),
+            "task_shell_start should be included when allow_shell is true"
+        );
+        assert!(
+            registry.contains("task_shell_wait"),
+            "task_shell_wait should be included when allow_shell is true"
+        );
     }
 }

From a419079b31c2795cc846727e520fbbb968dbca0a Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 21:51:47 -0700
Subject: [PATCH 266/283] fix(ci): ignore fenced blocks in provider docs span
 check

---
 scripts/check-provider-registry.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/check-provider-registry.py b/scripts/check-provider-registry.py
index ed6b28b8..2b805067 100644
--- a/scripts/check-provider-registry.py
+++ b/scripts/check-provider-registry.py
@@ -149,7 +149,10 @@ def default_strings(tui_config_rs: str) -> set[str]:
 
 
 def missing_default_strings(providers_md: str, defaults: set[str]) -> list[str]:
-    code_spans = set(re.findall(r"`([^`]+)`", providers_md))
+    # Inline-code validation should not let fenced TOML/bash examples pair a
+    # stray backtick with later prose; strip fenced blocks before scanning.
+    inline_source = re.sub(r"```.*?```", "", providers_md, flags=re.DOTALL)
+    code_spans = set(re.findall(r"`([^`]+)`", inline_source))
     return sorted(defaults - code_spans)
 
 

From cd56421cc79ac13cb3686761a24c00567f86cf8b Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 21:51:47 -0700
Subject: [PATCH 267/283] fix(ci): ignore fenced blocks in provider docs span
 check

---
 scripts/check-provider-registry.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/check-provider-registry.py b/scripts/check-provider-registry.py
index ed6b28b8..2b805067 100644
--- a/scripts/check-provider-registry.py
+++ b/scripts/check-provider-registry.py
@@ -149,7 +149,10 @@ def default_strings(tui_config_rs: str) -> set[str]:
 
 
 def missing_default_strings(providers_md: str, defaults: set[str]) -> list[str]:
-    code_spans = set(re.findall(r"`([^`]+)`", providers_md))
+    # Inline-code validation should not let fenced TOML/bash examples pair a
+    # stray backtick with later prose; strip fenced blocks before scanning.
+    inline_source = re.sub(r"```.*?```", "", providers_md, flags=re.DOTALL)
+    code_spans = set(re.findall(r"`([^`]+)`", inline_source))
     return sorted(defaults - code_spans)
 
 

From 37d4ec963b674cf33e3f43c8902f46f4bdca3e0a Mon Sep 17 00:00:00 2001
From: reidliu41 <reid201711@gmail.com>
Date: Sun, 31 May 2026 12:29:27 +0800
Subject: [PATCH 268/283]   fix(tui): highlight user messages in cached
 transcript

  Route user cells in the transcript cache through the existing user-message renderer.

  The live chat view renders through lines_with_copy_metadata(), which previously
  bypassed the user-message highlight path. As a result, submitted user prompts did
  not show the intended full-row background in the main transcript.

  Add a regression test for the transcript cache path.
---
 crates/tui/src/tui/history.rs    | 10 +++-------
 crates/tui/src/tui/transcript.rs | 15 +++++++++++++++
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/crates/tui/src/tui/history.rs b/crates/tui/src/tui/history.rs
index f2ce686e..1c329ac8 100644
--- a/crates/tui/src/tui/history.rs
+++ b/crates/tui/src/tui/history.rs
@@ -309,13 +309,9 @@ impl HistoryCell {
         options: TranscriptRenderOptions,
     ) -> Vec<RenderedTranscriptLine> {
         match self {
-            HistoryCell::User { content } => render_message_with_copy_metadata(
-                USER_GLYPH,
-                user_label_style(),
-                user_body_style(),
-                content,
-                width,
-            ),
+            HistoryCell::User { content } => {
+                hard_break_copy_lines(render_user_message(content, width))
+            }
             HistoryCell::Assistant { content, streaming } => render_message_with_copy_metadata(
                 ASSISTANT_GLYPH,
                 assistant_label_style_for(*streaming, options.low_motion),
diff --git a/crates/tui/src/tui/transcript.rs b/crates/tui/src/tui/transcript.rs
index 53319c96..64d12bea 100644
--- a/crates/tui/src/tui/transcript.rs
+++ b/crates/tui/src/tui/transcript.rs
@@ -554,6 +554,7 @@ fn truncate_spans_to_width(spans: Vec<Span<'static>>, max_width: usize) -> Vec<S
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::palette;
     use crate::tui::history::{ExecCell, ExecSource, HistoryCell, ToolCell, ToolStatus};
 
     fn plain_lines(cache: &TranscriptViewCache) -> Vec<String> {
@@ -595,6 +596,20 @@ mod tests {
         }))
     }
 
+    #[test]
+    fn cache_renders_user_cells_with_highlight_background() {
+        let cells = vec![user_cell("# literal user prompt")];
+        let revisions = vec![1u64];
+
+        let mut cache = TranscriptViewCache::new();
+        cache.ensure(&cells, &revisions, 40, TranscriptRenderOptions::default());
+
+        let lines = cache.lines();
+        assert_eq!(lines[0].style.bg, Some(palette::SURFACE_ELEVATED));
+        assert_eq!(lines[0].width(), 40);
+        assert_eq!(plain_lines(&cache)[0].trim_end(), "▎ # literal user prompt");
+    }
+
     #[test]
     fn cache_reuses_cells_when_revision_unchanged() {
         let cells = vec![

From bace2523e17e3419dd6205eae4164b87a46572cb Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 22:13:20 -0700
Subject: [PATCH 269/283] fix(release): pin riscv64 dispatch source ref

---
 .github/workflows/release.yml        | 2 +-
 docs/INSTALL.md                      | 3 ++-
 npm/codewhale/test/artifacts.test.js | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index deed8182..40ec45dd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -77,7 +77,7 @@ jobs:
             else
               # Tag doesn't exist yet — build from HEAD
               sha="${GITHUB_SHA}"
-              source_ref="${GITHUB_REF_NAME}"
+              source_ref="${GITHUB_SHA}"
               echo "Tag ${tag} not found; building from ${source_ref} @ ${sha}"
             fi
           else
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 08ba2f8b..2cb8f800 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -13,7 +13,8 @@ If you just want the short version, see the
 ## 1. Supported platforms
 
 CodeWhale ships matched `codewhale` and `codewhale-tui` prebuilt binaries for
-these platform/architecture combinations from v0.8.8 onward:
+these platform/architecture combinations. Linux ARM64 is available from
+v0.8.8 onward; Linux RISC-V starts with the first release after v0.8.47.
 
 | Platform     | Architecture | npm install | `cargo install` | GitHub release asset                                  |
 | ------------ | ------------ | :---------: | :-------------: | ----------------------------------------------------- |
diff --git a/npm/codewhale/test/artifacts.test.js b/npm/codewhale/test/artifacts.test.js
index 1fd74955..e16e88fd 100644
--- a/npm/codewhale/test/artifacts.test.js
+++ b/npm/codewhale/test/artifacts.test.js
@@ -55,6 +55,7 @@ test("known platforms are unaffected by alias map", () => {
   for (const [platform, arch, expectedCodeWhale] of [
     ["linux", "x64", "codewhale-linux-x64"],
     ["darwin", "arm64", "codewhale-macos-arm64"],
+    ["linux", "riscv64", "codewhale-linux-riscv64"],
     ["win32", "x64", "codewhale-windows-x64.exe"],
   ]) {
     withMockedOs(platform, arch, () => {

From 3f4c4496f227d260b90a93f50ffc4a6d225fc8a4 Mon Sep 17 00:00:00 2001
From: AdityaG <44177453+AdityaVG13@users.noreply.github.com>
Date: Tue, 26 May 2026 19:01:33 -0400
Subject: [PATCH 270/283] feat: add Xiaomi MiMo provider

Adds native xiaomi-mimo provider configuration, auth/env aliases, model registry entries, TUI request handling, tests, and docs. Keeps credentials in existing provider-scoped config/env/keyring paths and uses placeholders only in docs.
---
 README.ja-JP.md                       |   9 +-
 README.md                             |   9 +-
 README.zh-CN.md                       |   9 +-
 config.example.toml                   |  20 ++-
 crates/agent/src/lib.rs               |  24 ++++
 crates/cli/src/lib.rs                 |  15 +-
 crates/config/src/lib.rs              | 144 +++++++++++++++++++-
 crates/secrets/src/lib.rs             |  19 +++
 crates/tui/src/client.rs              |  30 ++++
 crates/tui/src/client/chat.rs         |  40 +++++-
 crates/tui/src/commands/provider.rs   |  16 ++-
 crates/tui/src/config.rs              | 189 +++++++++++++++++++++++++-
 crates/tui/src/core/engine.rs         |   1 +
 crates/tui/src/main.rs                |  10 ++
 crates/tui/src/tui/provider_picker.rs |   2 +
 crates/tui/src/tui/ui.rs              |   3 +
 crates/tui/src/vision/tools.rs        |  93 ++++++++++---
 docs/CONFIGURATION.md                 |  35 ++++-
 docs/PROVIDERS.md                     |  25 +++-
 19 files changed, 645 insertions(+), 48 deletions(-)

diff --git a/README.ja-JP.md b/README.ja-JP.md
index 4fc883d9..745f3d59 100644
--- a/README.ja-JP.md
+++ b/README.ja-JP.md
@@ -216,6 +216,10 @@ codewhale --provider wanjie-ark --model deepseek-reasoner
 codewhale auth set --provider openrouter --api-key "YOUR_OPENROUTER_API_KEY"
 codewhale --provider openrouter --model deepseek/deepseek-v4-pro
 
+# Xiaomi MiMo
+codewhale auth set --provider xiaomi-mimo --api-key "YOUR_XIAOMI_MIMO_API_KEY"
+codewhale --provider xiaomi-mimo --model mimo-v2.5-pro
+
 # Novita
 codewhale auth set --provider novita --api-key "YOUR_NOVITA_API_KEY"
 codewhale --provider novita --model deepseek/deepseek-v4-pro
@@ -321,15 +325,16 @@ codewhale update                                  # バイナリ更新の確認
 | `DEEPSEEK_HTTP_HEADERS` | 任意のモデルリクエストヘッダー |
 | `DEEPSEEK_MODEL` | デフォルトモデル |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | ストリームのアイドルタイムアウト秒数 |
-| `DEEPSEEK_PROVIDER` | `codewhale`（デフォルト）、`nvidia-nim`、`openai`、`atlascloud`、`wanjie-ark`、`openrouter`、`novita`、`fireworks`、`sglang`、`vllm`、`ollama` |
+| `DEEPSEEK_PROVIDER` | `codewhale`（デフォルト）、`nvidia-nim`、`openai`、`atlascloud`、`wanjie-ark`、`openrouter`、`xiaomi-mimo`、`novita`、`fireworks`、`sglang`、`vllm`、`ollama` |
 | `DEEPSEEK_PROFILE` | 設定プロファイル名 |
 | `DEEPSEEK_MEMORY` | `on` に設定するとユーザーメモリを有効化 |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | 信頼できるネットワークで非ローカル `http://` API ベース URL を許可 |
-| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | プロバイダー認証 |
+| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `XIAOMI_MIMO_API_KEY` / `MIMO_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | プロバイダー認証 |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | 汎用 OpenAI 互換エンドポイントとモデル ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud エンドポイントとモデル上書き |
 | `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Wanjie Ark エンドポイントとモデル上書き |
 | `OPENROUTER_BASE_URL` | OpenRouter エンドポイント上書き |
+| `XIAOMI_MIMO_BASE_URL` / `MIMO_BASE_URL` / `XIAOMI_MIMO_MODEL` / `MIMO_MODEL` | Xiaomi MiMo エンドポイントとモデル上書き |
 | `NOVITA_BASE_URL` | Novita エンドポイント上書き |
 | `FIREWORKS_BASE_URL` | Fireworks エンドポイント上書き |
 | `SGLANG_BASE_URL` | セルフホスト SGLang のエンドポイント |
diff --git a/README.md b/README.md
index 8abbaacf..504423bf 100644
--- a/README.md
+++ b/README.md
@@ -313,6 +313,10 @@ codewhale --provider wanjie-ark --model deepseek-reasoner
 codewhale auth set --provider openrouter --api-key "YOUR_OPENROUTER_API_KEY"
 codewhale --provider openrouter --model deepseek/deepseek-v4-pro
 
+# Xiaomi MiMo
+codewhale auth set --provider xiaomi-mimo --api-key "YOUR_XIAOMI_MIMO_API_KEY"
+codewhale --provider xiaomi-mimo --model mimo-v2.5-pro
+
 # Novita
 codewhale auth set --provider novita --api-key "YOUR_NOVITA_API_KEY"
 codewhale --provider novita --model deepseek/deepseek-v4-pro
@@ -490,15 +494,16 @@ Key environment variables:
 | `DEEPSEEK_HTTP_HEADERS` | Optional custom model request headers, e.g. `X-Model-Provider-Id=your-model-provider` |
 | `DEEPSEEK_MODEL` | Default model |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | Stream idle timeout in seconds, default `300`, clamped to `1..=3600` |
-| `CODEWHALE_PROVIDER` / `DEEPSEEK_PROVIDER` | `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
+| `CODEWHALE_PROVIDER` / `DEEPSEEK_PROVIDER` | `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `xiaomi-mimo`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, `ollama` |
 | `DEEPSEEK_PROFILE` | Config profile name |
 | `DEEPSEEK_MEMORY` | Set to `on` to enable user memory |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | Allow non-local `http://` API base URLs on trusted networks |
-| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
+| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `XIAOMI_MIMO_API_KEY` / `MIMO_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `MOONSHOT_API_KEY` / `KIMI_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | Provider auth |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | Generic OpenAI-compatible endpoint and model ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud endpoint and model override |
 | `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Wanjie Ark endpoint and model override |
 | `OPENROUTER_BASE_URL` | OpenRouter endpoint override |
+| `XIAOMI_MIMO_BASE_URL` / `MIMO_BASE_URL` / `XIAOMI_MIMO_MODEL` / `MIMO_MODEL` | Xiaomi MiMo endpoint and model override |
 | `NOVITA_BASE_URL` | Novita endpoint override |
 | `FIREWORKS_BASE_URL` | Fireworks endpoint override |
 | `SGLANG_BASE_URL` | Self-hosted SGLang endpoint |
diff --git a/README.zh-CN.md b/README.zh-CN.md
index c85f3456..c65fe4bc 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -261,6 +261,10 @@ codewhale --provider wanjie-ark --model deepseek-reasoner
 codewhale auth set --provider openrouter --api-key "YOUR_OPENROUTER_API_KEY"
 codewhale --provider openrouter --model deepseek/deepseek-v4-pro
 
+# Xiaomi MiMo
+codewhale auth set --provider xiaomi-mimo --api-key "YOUR_XIAOMI_MIMO_API_KEY"
+codewhale --provider xiaomi-mimo --model mimo-v2.5-pro
+
 # Novita
 codewhale auth set --provider novita --api-key "YOUR_NOVITA_API_KEY"
 codewhale --provider novita --model deepseek/deepseek-v4-pro
@@ -402,15 +406,16 @@ DeepSeek 可作为自定义 Agent Client Protocol 服务器运行，供 Zed 等
 | `DEEPSEEK_HTTP_HEADERS` | 可选模型请求头，例如 `X-Model-Provider-Id=your-model-provider` |
 | `DEEPSEEK_MODEL` | 默认模型 |
 | `DEEPSEEK_STREAM_IDLE_TIMEOUT_SECS` | 流式响应空闲超时秒数，默认 `300`，限制在 `1..=3600` |
-| `DEEPSEEK_PROVIDER` | `codewhale`（默认）、`nvidia-nim`、`openai`、`atlascloud`、`wanjie-ark`、`openrouter`、`novita`、`fireworks`、`sglang`、`vllm`、`ollama` |
+| `DEEPSEEK_PROVIDER` | `codewhale`（默认）、`nvidia-nim`、`openai`、`atlascloud`、`wanjie-ark`、`openrouter`、`xiaomi-mimo`、`novita`、`fireworks`、`sglang`、`vllm`、`ollama` |
 | `DEEPSEEK_PROFILE` | 配置 profile 名称 |
 | `DEEPSEEK_MEMORY` | 设为 `on` 启用用户记忆 |
 | `DEEPSEEK_ALLOW_INSECURE_HTTP=1` | 在可信网络上允许非本机 `http://` API base URL |
-| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | 提供商认证 |
+| `NVIDIA_API_KEY` / `OPENAI_API_KEY` / `ATLASCLOUD_API_KEY` / `WANJIE_ARK_API_KEY` / `OPENROUTER_API_KEY` / `XIAOMI_MIMO_API_KEY` / `MIMO_API_KEY` / `NOVITA_API_KEY` / `FIREWORKS_API_KEY` / `SGLANG_API_KEY` / `VLLM_API_KEY` / `OLLAMA_API_KEY` | 提供商认证 |
 | `OPENAI_BASE_URL` / `OPENAI_MODEL` | 通用 OpenAI 兼容端点和模型 ID |
 | `ATLASCLOUD_BASE_URL` / `ATLASCLOUD_MODEL` | AtlasCloud 端点和模型覆盖 |
 | `WANJIE_ARK_BASE_URL` / `WANJIE_ARK_MODEL` | Wanjie Ark 端点和模型覆盖 |
 | `OPENROUTER_BASE_URL` | OpenRouter 端点覆盖 |
+| `XIAOMI_MIMO_BASE_URL` / `MIMO_BASE_URL` / `XIAOMI_MIMO_MODEL` / `MIMO_MODEL` | Xiaomi MiMo 端点和模型覆盖 |
 | `NOVITA_BASE_URL` | Novita 端点覆盖 |
 | `FIREWORKS_BASE_URL` | Fireworks 端点覆盖 |
 | `SGLANG_BASE_URL` | 自托管 SGLang 端点 |
diff --git a/config.example.toml b/config.example.toml
index c309850f..c2235163 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -13,11 +13,12 @@
 # `[providers.*]` sections near the bottom of
 # this file — keeping both stored at once means `/provider deepseek` and
 # `/provider nvidia-nim` (or `--provider openai`, `--provider wanjie-ark`,
-# `--provider fireworks`, `/provider sglang`, `/provider vllm`, `/provider ollama`)
-# toggle without having to re-enter keys. Top-level `api_key` / `base_url` are
+# `--provider xiaomi-mimo`, `--provider fireworks`, `/provider sglang`,
+# `/provider vllm`, `/provider ollama`) toggle without having to re-enter keys.
+# Top-level `api_key` / `base_url` are
 # still read as DeepSeek defaults when `[providers.deepseek]` is absent
 # (backward compatibility).
-provider = "deepseek" # deepseek | deepseek-cn | nvidia-nim | openai | atlascloud | wanjie-ark | openrouter | novita | fireworks | sglang | vllm | ollama
+provider = "deepseek" # deepseek | deepseek-cn | nvidia-nim | openai | atlascloud | wanjie-ark | openrouter | xiaomi-mimo | novita | fireworks | sglang | vllm | ollama
 api_key = "YOUR_DEEPSEEK_API_KEY" # must be non-empty
 base_url = "https://api.deepseek.com/beta"
 # provider = "deepseek-cn"                       # legacy alias (official host is still https://api.deepseek.com)
@@ -37,6 +38,7 @@ base_url = "https://api.deepseek.com/beta"
 #   gpt-4.1                         — default generic OpenAI-compatible model ID
 #   deepseek-ai/deepseek-v4-flash   — default AtlasCloud model ID
 #   deepseek-reasoner               — default Wanjie Ark model ID
+#   mimo-v2.5-pro                   — default Xiaomi MiMo model ID
 #   accounts/fireworks/models/deepseek-v4-pro — Fireworks AI Pro model ID
 #   deepseek-ai/DeepSeek-V4-Pro    — SGLang self-hosted Pro model ID
 #   deepseek-ai/DeepSeek-V4-Flash  — SGLang self-hosted Flash model ID
@@ -186,6 +188,7 @@ max_subagents = 10 # optional (1-20)
 #   OpenAI-compatible: OPENAI_API_KEY, OPENAI_BASE_URL, OPENAI_MODEL
 #   Wanjie Ark: WANJIE_ARK_API_KEY (or WANJIE_API_KEY), WANJIE_ARK_BASE_URL, WANJIE_ARK_MODEL
 #   OpenRouter: OPENROUTER_API_KEY, OPENROUTER_BASE_URL, OPENROUTER_MODEL
+#   Xiaomi MiMo: XIAOMI_MIMO_API_KEY (or MIMO_API_KEY), XIAOMI_MIMO_BASE_URL, XIAOMI_MIMO_MODEL
 #   Novita:     NOVITA_API_KEY, NOVITA_BASE_URL, NOVITA_MODEL
 #   Fireworks:  FIREWORKS_API_KEY, FIREWORKS_BASE_URL
 #   SGLang:    SGLANG_BASE_URL, SGLANG_MODEL, optional SGLANG_API_KEY
@@ -244,6 +247,12 @@ max_subagents = 10 # optional (1-20)
 # base_url = "https://openrouter.ai/api/v1"
 # model = "deepseek/deepseek-v4-pro"         # or deepseek/deepseek-v4-flash
 
+# Xiaomi MiMo OpenAI-compatible endpoint (https://platform.xiaomimimo.com)
+[providers.xiaomi_mimo]
+# api_key = "YOUR_XIAOMI_MIMO_API_KEY"
+# base_url = "https://api.xiaomimimo.com/v1"
+# model = "mimo-v2.5-pro"
+
 # Novita AI-hosted inference (https://novita.ai)
 [providers.novita]
 # api_key = "YOUR_NOVITA_API_KEY"
@@ -380,6 +389,11 @@ exec_policy = true
 # model = "gemini-3.1-flash-lite-preview"  # Required: vision-capable model ID
 # api_key = "YOUR_API_KEY"                 # Optional: defaults to main api_key
 # base_url = "https://generativelanguage.googleapis.com/v1beta/openai/"  # Optional
+#
+# Xiaomi MiMo image understanding can be configured through the same tool:
+# model = "mimo-v2.5"
+# api_key = "YOUR_XIAOMI_MIMO_API_KEY"
+# base_url = "https://api.xiaomimimo.com/v1"
 
 # ─────────────────────────────────────────────────────────────────────────────────
 # Retry Configuration
diff --git a/crates/agent/src/lib.rs b/crates/agent/src/lib.rs
index 349951ce..4f10025f 100644
--- a/crates/agent/src/lib.rs
+++ b/crates/agent/src/lib.rs
@@ -119,6 +119,20 @@ impl Default for ModelRegistry {
                 supports_tools: true,
                 supports_reasoning: true,
             },
+            ModelInfo {
+                id: "mimo-v2.5-pro".to_string(),
+                provider: ProviderKind::XiaomiMimo,
+                aliases: vec!["mimo".to_string()],
+                supports_tools: true,
+                supports_reasoning: true,
+            },
+            ModelInfo {
+                id: "mimo-v2.5".to_string(),
+                provider: ProviderKind::XiaomiMimo,
+                aliases: vec!["xiaomi-mimo-v2.5".to_string()],
+                supports_tools: true,
+                supports_reasoning: true,
+            },
             ModelInfo {
                 id: "deepseek/deepseek-v4-pro".to_string(),
                 provider: ProviderKind::Novita,
@@ -382,6 +396,16 @@ mod tests {
         assert_eq!(resolved.resolved.id, "deepseek/deepseek-v4-pro");
     }
 
+    #[test]
+    fn xiaomi_mimo_default_uses_canonical_model_id() {
+        let registry = ModelRegistry::default();
+        let resolved = registry.resolve(None, Some(ProviderKind::XiaomiMimo));
+
+        assert_eq!(resolved.resolved.provider, ProviderKind::XiaomiMimo);
+        assert_eq!(resolved.resolved.id, "mimo-v2.5-pro");
+        assert!(resolved.resolved.supports_reasoning);
+    }
+
     #[test]
     fn wanjie_ark_default_uses_reasoner_model_id() {
         let registry = ModelRegistry::default();
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
index 5c630223..1f463b5a 100644
--- a/crates/cli/src/lib.rs
+++ b/crates/cli/src/lib.rs
@@ -29,6 +29,7 @@ enum ProviderArg {
     Atlascloud,
     WanjieArk,
     Openrouter,
+    XiaomiMimo,
     Novita,
     Fireworks,
     Moonshot,
@@ -46,6 +47,7 @@ impl From<ProviderArg> for ProviderKind {
             ProviderArg::Atlascloud => ProviderKind::Atlascloud,
             ProviderArg::WanjieArk => ProviderKind::WanjieArk,
             ProviderArg::Openrouter => ProviderKind::Openrouter,
+            ProviderArg::XiaomiMimo => ProviderKind::XiaomiMimo,
             ProviderArg::Novita => ProviderKind::Novita,
             ProviderArg::Fireworks => ProviderKind::Fireworks,
             ProviderArg::Moonshot => ProviderKind::Moonshot,
@@ -721,6 +723,7 @@ fn provider_slot(provider: ProviderKind) -> &'static str {
         ProviderKind::Atlascloud => "atlascloud",
         ProviderKind::WanjieArk => "wanjie-ark",
         ProviderKind::Openrouter => "openrouter",
+        ProviderKind::XiaomiMimo => "xiaomi-mimo",
         ProviderKind::Novita => "novita",
         ProviderKind::Fireworks => "fireworks",
         ProviderKind::Moonshot => "moonshot",
@@ -731,13 +734,14 @@ fn provider_slot(provider: ProviderKind) -> &'static str {
 }
 
 /// Provider order used by the `auth list` and `auth status` outputs.
-const PROVIDER_LIST: [ProviderKind; 12] = [
+const PROVIDER_LIST: [ProviderKind; 13] = [
     ProviderKind::Deepseek,
     ProviderKind::NvidiaNim,
     ProviderKind::Openai,
     ProviderKind::Atlascloud,
     ProviderKind::WanjieArk,
     ProviderKind::Openrouter,
+    ProviderKind::XiaomiMimo,
     ProviderKind::Novita,
     ProviderKind::Fireworks,
     ProviderKind::Moonshot,
@@ -792,6 +796,7 @@ fn provider_env_vars(provider: ProviderKind) -> &'static [&'static str] {
     match provider {
         ProviderKind::Deepseek => &["DEEPSEEK_API_KEY"],
         ProviderKind::Openrouter => &["OPENROUTER_API_KEY"],
+        ProviderKind::XiaomiMimo => &["XIAOMI_MIMO_API_KEY", "MIMO_API_KEY"],
         ProviderKind::Novita => &["NOVITA_API_KEY"],
         ProviderKind::NvidiaNim => &["NVIDIA_API_KEY", "NVIDIA_NIM_API_KEY", "DEEPSEEK_API_KEY"],
         ProviderKind::Fireworks => &["FIREWORKS_API_KEY"],
@@ -1476,6 +1481,7 @@ fn build_tui_command(
             | ProviderKind::Atlascloud
             | ProviderKind::WanjieArk
             | ProviderKind::Openrouter
+            | ProviderKind::XiaomiMimo
             | ProviderKind::Novita
             | ProviderKind::Fireworks
             | ProviderKind::Moonshot
@@ -1484,7 +1490,7 @@ fn build_tui_command(
             | ProviderKind::Ollama
     ) {
         bail!(
-            "The interactive TUI supports DeepSeek, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, OpenRouter, Novita, Fireworks, Moonshot/Kimi, SGLang, vLLM, and Ollama providers. Remove --provider {} or use `codewhale model ...` for provider registry inspection.",
+            "The interactive TUI supports DeepSeek, NVIDIA NIM, OpenAI-compatible, AtlasCloud, Wanjie Ark, OpenRouter, Xiaomi MiMo, Novita, Fireworks, Moonshot/Kimi, SGLang, vLLM, and Ollama providers. Remove --provider {} or use `codewhale model ...` for provider registry inspection.",
             resolved_runtime.provider.as_str()
         );
     }
@@ -2897,6 +2903,11 @@ mod tests {
                 "openrouter",
                 &["OPENROUTER_API_KEY"],
             ),
+            (
+                ProviderKind::XiaomiMimo,
+                "xiaomi-mimo",
+                &["XIAOMI_MIMO_API_KEY", "MIMO_API_KEY"],
+            ),
             (ProviderKind::Novita, "novita", &["NOVITA_API_KEY"]),
             (
                 ProviderKind::NvidiaNim,
diff --git a/crates/config/src/lib.rs b/crates/config/src/lib.rs
index bb2c339b..253df401 100644
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -27,6 +27,7 @@ const DEFAULT_WANJIE_ARK_MODEL: &str = "deepseek-reasoner";
 const DEFAULT_WANJIE_ARK_BASE_URL: &str = "https://maas-openapi.wanjiedata.com/api/v1";
 const DEFAULT_OPENROUTER_MODEL: &str = "deepseek/deepseek-v4-pro";
 const DEFAULT_OPENROUTER_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
+const DEFAULT_XIAOMI_MIMO_MODEL: &str = "mimo-v2.5-pro";
 const DEFAULT_NOVITA_MODEL: &str = "deepseek/deepseek-v4-pro";
 const DEFAULT_NOVITA_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
 const DEFAULT_FIREWORKS_MODEL: &str = "accounts/fireworks/models/deepseek-v4-pro";
@@ -37,6 +38,7 @@ const DEFAULT_KIMI_CODE_BASE_URL: &str = "https://api.kimi.com/coding/v1";
 const DEFAULT_SGLANG_MODEL: &str = "deepseek-ai/DeepSeek-V4-Pro";
 const DEFAULT_SGLANG_FLASH_MODEL: &str = "deepseek-ai/DeepSeek-V4-Flash";
 const DEFAULT_OPENROUTER_BASE_URL: &str = "https://openrouter.ai/api/v1";
+const DEFAULT_XIAOMI_MIMO_BASE_URL: &str = "https://api.xiaomimimo.com/v1";
 const DEFAULT_NOVITA_BASE_URL: &str = "https://api.novita.ai/v1";
 const DEFAULT_FIREWORKS_BASE_URL: &str = "https://api.fireworks.ai/inference/v1";
 const DEFAULT_SGLANG_BASE_URL: &str = "http://localhost:30000/v1";
@@ -71,6 +73,8 @@ pub enum ProviderKind {
     )]
     WanjieArk,
     Openrouter,
+    #[serde(alias = "mimo", alias = "xiaomi", alias = "xiaomi_mimo")]
+    XiaomiMimo,
     Novita,
     Fireworks,
     Moonshot,
@@ -89,6 +93,7 @@ impl ProviderKind {
             Self::Atlascloud => "atlascloud",
             Self::WanjieArk => "wanjie-ark",
             Self::Openrouter => "openrouter",
+            Self::XiaomiMimo => "xiaomi-mimo",
             Self::Novita => "novita",
             Self::Fireworks => "fireworks",
             Self::Moonshot => "moonshot",
@@ -109,6 +114,9 @@ impl ProviderKind {
             "wanjie" | "wanjie-ark" | "wanjie_ark" | "ark-wanjie" | "ark_wanjie" | "wanjieark"
             | "wanjie-maas" | "wanjie_maas" | "wanjiemaas" => Some(Self::WanjieArk),
             "openrouter" | "open_router" => Some(Self::Openrouter),
+            "xiaomi-mimo" | "xiaomi_mimo" | "xiaomimimo" | "mimo" | "xiaomi" => {
+                Some(Self::XiaomiMimo)
+            }
             "novita" => Some(Self::Novita),
             "fireworks" | "fireworks-ai" => Some(Self::Fireworks),
             "moonshot" | "moonshot-ai" | "kimi" | "kimi-k2" => Some(Self::Moonshot),
@@ -145,6 +153,8 @@ pub struct ProvidersToml {
     #[serde(default)]
     pub openrouter: ProviderConfigToml,
     #[serde(default)]
+    pub xiaomi_mimo: ProviderConfigToml,
+    #[serde(default)]
     pub novita: ProviderConfigToml,
     #[serde(default)]
     pub fireworks: ProviderConfigToml,
@@ -168,6 +178,7 @@ impl ProvidersToml {
             ProviderKind::Atlascloud => &self.atlascloud,
             ProviderKind::WanjieArk => &self.wanjie_ark,
             ProviderKind::Openrouter => &self.openrouter,
+            ProviderKind::XiaomiMimo => &self.xiaomi_mimo,
             ProviderKind::Novita => &self.novita,
             ProviderKind::Fireworks => &self.fireworks,
             ProviderKind::Moonshot => &self.moonshot,
@@ -185,6 +196,7 @@ impl ProvidersToml {
             ProviderKind::Atlascloud => &mut self.atlascloud,
             ProviderKind::WanjieArk => &mut self.wanjie_ark,
             ProviderKind::Openrouter => &mut self.openrouter,
+            ProviderKind::XiaomiMimo => &mut self.xiaomi_mimo,
             ProviderKind::Novita => &mut self.novita,
             ProviderKind::Fireworks => &mut self.fireworks,
             ProviderKind::Moonshot => &mut self.moonshot,
@@ -405,6 +417,10 @@ impl ConfigToml {
             &mut self.providers.openrouter,
             &project.providers.openrouter,
         );
+        merge_project_provider_config(
+            &mut self.providers.xiaomi_mimo,
+            &project.providers.xiaomi_mimo,
+        );
         merge_project_provider_config(&mut self.providers.novita, &project.providers.novita);
         merge_project_provider_config(&mut self.providers.fireworks, &project.providers.fireworks);
         merge_project_provider_config(&mut self.providers.sglang, &project.providers.sglang);
@@ -464,6 +480,12 @@ impl ConfigToml {
             "providers.openrouter.http_headers" => {
                 serialize_http_headers(&self.providers.openrouter.http_headers)
             }
+            "providers.xiaomi_mimo.api_key" => self.providers.xiaomi_mimo.api_key.clone(),
+            "providers.xiaomi_mimo.base_url" => self.providers.xiaomi_mimo.base_url.clone(),
+            "providers.xiaomi_mimo.model" => self.providers.xiaomi_mimo.model.clone(),
+            "providers.xiaomi_mimo.http_headers" => {
+                serialize_http_headers(&self.providers.xiaomi_mimo.http_headers)
+            }
             "providers.novita.api_key" => self.providers.novita.api_key.clone(),
             "providers.novita.base_url" => self.providers.novita.base_url.clone(),
             "providers.novita.model" => self.providers.novita.model.clone(),
@@ -609,6 +631,18 @@ impl ConfigToml {
             "providers.openrouter.http_headers" => {
                 self.providers.openrouter.http_headers = parse_http_headers(value)?;
             }
+            "providers.xiaomi_mimo.api_key" => {
+                self.providers.xiaomi_mimo.api_key = Some(value.to_string());
+            }
+            "providers.xiaomi_mimo.base_url" => {
+                self.providers.xiaomi_mimo.base_url = Some(value.to_string());
+            }
+            "providers.xiaomi_mimo.model" => {
+                self.providers.xiaomi_mimo.model = Some(value.to_string());
+            }
+            "providers.xiaomi_mimo.http_headers" => {
+                self.providers.xiaomi_mimo.http_headers = parse_http_headers(value)?;
+            }
             "providers.novita.api_key" => {
                 self.providers.novita.api_key = Some(value.to_string());
             }
@@ -744,6 +778,12 @@ impl ConfigToml {
             "providers.openrouter.base_url" => self.providers.openrouter.base_url = None,
             "providers.openrouter.model" => self.providers.openrouter.model = None,
             "providers.openrouter.http_headers" => self.providers.openrouter.http_headers.clear(),
+            "providers.xiaomi_mimo.api_key" => self.providers.xiaomi_mimo.api_key = None,
+            "providers.xiaomi_mimo.base_url" => self.providers.xiaomi_mimo.base_url = None,
+            "providers.xiaomi_mimo.model" => self.providers.xiaomi_mimo.model = None,
+            "providers.xiaomi_mimo.http_headers" => {
+                self.providers.xiaomi_mimo.http_headers.clear();
+            }
             "providers.novita.api_key" => self.providers.novita.api_key = None,
             "providers.novita.base_url" => self.providers.novita.base_url = None,
             "providers.novita.model" => self.providers.novita.model = None,
@@ -886,6 +926,21 @@ impl ConfigToml {
         if let Some(v) = serialize_http_headers(&self.providers.openrouter.http_headers) {
             out.insert("providers.openrouter.http_headers".to_string(), v);
         }
+        if let Some(v) = self.providers.xiaomi_mimo.api_key.as_ref() {
+            out.insert(
+                "providers.xiaomi_mimo.api_key".to_string(),
+                redact_secret(v),
+            );
+        }
+        if let Some(v) = self.providers.xiaomi_mimo.base_url.as_ref() {
+            out.insert("providers.xiaomi_mimo.base_url".to_string(), v.clone());
+        }
+        if let Some(v) = self.providers.xiaomi_mimo.model.as_ref() {
+            out.insert("providers.xiaomi_mimo.model".to_string(), v.clone());
+        }
+        if let Some(v) = serialize_http_headers(&self.providers.xiaomi_mimo.http_headers) {
+            out.insert("providers.xiaomi_mimo.http_headers".to_string(), v);
+        }
         if let Some(v) = self.providers.novita.api_key.as_ref() {
             out.insert("providers.novita.api_key".to_string(), redact_secret(v));
         }
@@ -1023,6 +1078,7 @@ impl ConfigToml {
                 ProviderKind::Atlascloud => DEFAULT_ATLASCLOUD_BASE_URL.to_string(),
                 ProviderKind::WanjieArk => DEFAULT_WANJIE_ARK_BASE_URL.to_string(),
                 ProviderKind::Openrouter => DEFAULT_OPENROUTER_BASE_URL.to_string(),
+                ProviderKind::XiaomiMimo => DEFAULT_XIAOMI_MIMO_BASE_URL.to_string(),
                 ProviderKind::Novita => DEFAULT_NOVITA_BASE_URL.to_string(),
                 ProviderKind::Fireworks => DEFAULT_FIREWORKS_BASE_URL.to_string(),
                 ProviderKind::Moonshot => {
@@ -1225,7 +1281,10 @@ pub fn load_project_config(workspace: &Path) -> Option<ConfigToml> {
 fn normalize_model_for_provider(provider: ProviderKind, model: &str) -> String {
     if matches!(
         provider,
-        ProviderKind::Atlascloud | ProviderKind::WanjieArk | ProviderKind::Ollama
+        ProviderKind::Atlascloud
+            | ProviderKind::WanjieArk
+            | ProviderKind::XiaomiMimo
+            | ProviderKind::Ollama
     ) {
         return model.to_string();
     }
@@ -1288,6 +1347,7 @@ fn default_model_for_provider(provider: ProviderKind) -> &'static str {
         ProviderKind::Atlascloud => DEFAULT_ATLASCLOUD_MODEL,
         ProviderKind::WanjieArk => DEFAULT_WANJIE_ARK_MODEL,
         ProviderKind::Openrouter => DEFAULT_OPENROUTER_MODEL,
+        ProviderKind::XiaomiMimo => DEFAULT_XIAOMI_MIMO_MODEL,
         ProviderKind::Novita => DEFAULT_NOVITA_MODEL,
         ProviderKind::Fireworks => DEFAULT_FIREWORKS_MODEL,
         ProviderKind::Moonshot => DEFAULT_MOONSHOT_MODEL,
@@ -1305,6 +1365,7 @@ fn default_base_url_for_provider(provider: ProviderKind) -> &'static str {
         ProviderKind::Atlascloud => DEFAULT_ATLASCLOUD_BASE_URL,
         ProviderKind::WanjieArk => DEFAULT_WANJIE_ARK_BASE_URL,
         ProviderKind::Openrouter => DEFAULT_OPENROUTER_BASE_URL,
+        ProviderKind::XiaomiMimo => DEFAULT_XIAOMI_MIMO_BASE_URL,
         ProviderKind::Novita => DEFAULT_NOVITA_BASE_URL,
         ProviderKind::Fireworks => DEFAULT_FIREWORKS_BASE_URL,
         ProviderKind::Moonshot => DEFAULT_MOONSHOT_BASE_URL,
@@ -1800,6 +1861,7 @@ struct EnvRuntimeOverrides {
     model: Option<String>,
     wanjie_ark_model: Option<String>,
     moonshot_model: Option<String>,
+    xiaomi_mimo_model: Option<String>,
     output_mode: Option<String>,
     auth_mode: Option<String>,
     log_level: Option<String>,
@@ -1814,6 +1876,7 @@ struct EnvRuntimeOverrides {
     atlascloud_base_url: Option<String>,
     wanjie_ark_base_url: Option<String>,
     openrouter_base_url: Option<String>,
+    xiaomi_mimo_base_url: Option<String>,
     novita_base_url: Option<String>,
     fireworks_base_url: Option<String>,
     moonshot_base_url: Option<String>,
@@ -1844,6 +1907,10 @@ impl EnvRuntimeOverrides {
                 .or_else(|_| std::env::var("KIMI_MODEL"))
                 .ok()
                 .filter(|v| !v.trim().is_empty()),
+            xiaomi_mimo_model: std::env::var("XIAOMI_MIMO_MODEL")
+                .or_else(|_| std::env::var("MIMO_MODEL"))
+                .ok()
+                .filter(|v| !v.trim().is_empty()),
             output_mode: std::env::var("DEEPSEEK_OUTPUT_MODE").ok(),
             auth_mode: std::env::var("DEEPSEEK_AUTH_MODE").ok(),
             log_level: std::env::var("DEEPSEEK_LOG_LEVEL").ok(),
@@ -1882,6 +1949,10 @@ impl EnvRuntimeOverrides {
             openrouter_base_url: std::env::var("OPENROUTER_BASE_URL")
                 .ok()
                 .filter(|v| !v.trim().is_empty()),
+            xiaomi_mimo_base_url: std::env::var("XIAOMI_MIMO_BASE_URL")
+                .or_else(|_| std::env::var("MIMO_BASE_URL"))
+                .ok()
+                .filter(|v| !v.trim().is_empty()),
             novita_base_url: std::env::var("NOVITA_BASE_URL")
                 .ok()
                 .filter(|v| !v.trim().is_empty()),
@@ -1914,6 +1985,7 @@ impl EnvRuntimeOverrides {
             ProviderKind::Atlascloud => self.atlascloud_base_url.clone(),
             ProviderKind::WanjieArk => self.wanjie_ark_base_url.clone(),
             ProviderKind::Openrouter => self.openrouter_base_url.clone(),
+            ProviderKind::XiaomiMimo => self.xiaomi_mimo_base_url.clone(),
             ProviderKind::Novita => self.novita_base_url.clone(),
             ProviderKind::Fireworks => self.fireworks_base_url.clone(),
             ProviderKind::Moonshot => self.moonshot_base_url.clone(),
@@ -1927,6 +1999,7 @@ impl EnvRuntimeOverrides {
         match provider {
             ProviderKind::WanjieArk => self.wanjie_ark_model.clone(),
             ProviderKind::Moonshot => self.moonshot_model.clone(),
+            ProviderKind::XiaomiMimo => self.xiaomi_mimo_model.clone(),
             _ => None,
         }
     }
@@ -1975,6 +2048,12 @@ mod tests {
         nvidia_nim_base_url: Option<OsString>,
         openrouter_api_key: Option<OsString>,
         openrouter_base_url: Option<OsString>,
+        xiaomi_mimo_api_key: Option<OsString>,
+        mimo_api_key: Option<OsString>,
+        xiaomi_mimo_base_url: Option<OsString>,
+        mimo_base_url: Option<OsString>,
+        xiaomi_mimo_model: Option<OsString>,
+        mimo_model: Option<OsString>,
         wanjie_ark_api_key: Option<OsString>,
         wanjie_ark_base_url: Option<OsString>,
         wanjie_base_url: Option<OsString>,
@@ -2024,6 +2103,12 @@ mod tests {
                 nvidia_nim_base_url: env::var_os("NVIDIA_NIM_BASE_URL"),
                 openrouter_api_key: env::var_os("OPENROUTER_API_KEY"),
                 openrouter_base_url: env::var_os("OPENROUTER_BASE_URL"),
+                xiaomi_mimo_api_key: env::var_os("XIAOMI_MIMO_API_KEY"),
+                mimo_api_key: env::var_os("MIMO_API_KEY"),
+                xiaomi_mimo_base_url: env::var_os("XIAOMI_MIMO_BASE_URL"),
+                mimo_base_url: env::var_os("MIMO_BASE_URL"),
+                xiaomi_mimo_model: env::var_os("XIAOMI_MIMO_MODEL"),
+                mimo_model: env::var_os("MIMO_MODEL"),
                 wanjie_ark_api_key: env::var_os("WANJIE_ARK_API_KEY"),
                 wanjie_ark_base_url: env::var_os("WANJIE_ARK_BASE_URL"),
                 wanjie_base_url: env::var_os("WANJIE_BASE_URL"),
@@ -2068,6 +2153,12 @@ mod tests {
                 env::remove_var("NVIDIA_NIM_BASE_URL");
                 env::remove_var("OPENROUTER_API_KEY");
                 env::remove_var("OPENROUTER_BASE_URL");
+                env::remove_var("XIAOMI_MIMO_API_KEY");
+                env::remove_var("MIMO_API_KEY");
+                env::remove_var("XIAOMI_MIMO_BASE_URL");
+                env::remove_var("MIMO_BASE_URL");
+                env::remove_var("XIAOMI_MIMO_MODEL");
+                env::remove_var("MIMO_MODEL");
                 env::remove_var("WANJIE_ARK_API_KEY");
                 env::remove_var("WANJIE_ARK_BASE_URL");
                 env::remove_var("WANJIE_BASE_URL");
@@ -2129,6 +2220,12 @@ mod tests {
                 Self::restore_var("NVIDIA_NIM_BASE_URL", self.nvidia_nim_base_url.take());
                 Self::restore_var("OPENROUTER_API_KEY", self.openrouter_api_key.take());
                 Self::restore_var("OPENROUTER_BASE_URL", self.openrouter_base_url.take());
+                Self::restore_var("XIAOMI_MIMO_API_KEY", self.xiaomi_mimo_api_key.take());
+                Self::restore_var("MIMO_API_KEY", self.mimo_api_key.take());
+                Self::restore_var("XIAOMI_MIMO_BASE_URL", self.xiaomi_mimo_base_url.take());
+                Self::restore_var("MIMO_BASE_URL", self.mimo_base_url.take());
+                Self::restore_var("XIAOMI_MIMO_MODEL", self.xiaomi_mimo_model.take());
+                Self::restore_var("MIMO_MODEL", self.mimo_model.take());
                 Self::restore_var("WANJIE_ARK_API_KEY", self.wanjie_ark_api_key.take());
                 Self::restore_var("WANJIE_ARK_BASE_URL", self.wanjie_ark_base_url.take());
                 Self::restore_var("WANJIE_BASE_URL", self.wanjie_base_url.take());
@@ -2712,6 +2809,14 @@ mod tests {
             ProviderKind::parse("OPEN_ROUTER"),
             Some(ProviderKind::Openrouter)
         );
+        assert_eq!(
+            ProviderKind::parse("xiaomi-mimo"),
+            Some(ProviderKind::XiaomiMimo)
+        );
+        assert_eq!(
+            ProviderKind::parse("xiaomi"),
+            Some(ProviderKind::XiaomiMimo)
+        );
         assert_eq!(ProviderKind::parse("novita"), Some(ProviderKind::Novita));
         assert_eq!(ProviderKind::parse("Novita"), Some(ProviderKind::Novita));
         assert_eq!(
@@ -2777,6 +2882,22 @@ mod tests {
         assert_eq!(resolved.model, DEFAULT_OPENROUTER_MODEL);
     }
 
+    #[test]
+    fn xiaomi_mimo_provider_defaults_to_canonical_endpoint_and_model() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        let config = ConfigToml {
+            provider: ProviderKind::XiaomiMimo,
+            ..ConfigToml::default()
+        };
+
+        let resolved = config.resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::XiaomiMimo);
+        assert_eq!(resolved.base_url, DEFAULT_XIAOMI_MIMO_BASE_URL);
+        assert_eq!(resolved.model, DEFAULT_XIAOMI_MIMO_MODEL);
+    }
+
     #[test]
     fn novita_provider_defaults_to_canonical_endpoint_and_model() {
         let _lock = env_lock();
@@ -3181,6 +3302,27 @@ mod tests {
         assert_eq!(resolved.base_url, DEFAULT_OPENROUTER_BASE_URL);
     }
 
+    #[test]
+    fn xiaomi_mimo_env_overrides_provider_key_base_url_and_model() {
+        let _lock = env_lock();
+        let _env = EnvGuard::without_deepseek_runtime_overrides();
+        // Safety: test-only environment mutation guarded by a module mutex.
+        unsafe {
+            env::set_var("DEEPSEEK_PROVIDER", "xiaomi-mimo");
+            env::set_var("MIMO_API_KEY", "mimo-env-key");
+            env::set_var("MIMO_BASE_URL", "https://mimo-gateway.example/v1");
+            env::set_var("MIMO_MODEL", "mimo-v2.5");
+        }
+
+        let resolved =
+            ConfigToml::default().resolve_runtime_options(&CliRuntimeOverrides::default());
+
+        assert_eq!(resolved.provider, ProviderKind::XiaomiMimo);
+        assert_eq!(resolved.api_key.as_deref(), Some("mimo-env-key"));
+        assert_eq!(resolved.base_url, "https://mimo-gateway.example/v1");
+        assert_eq!(resolved.model, "mimo-v2.5");
+    }
+
     #[test]
     fn novita_env_api_key_falls_back_when_config_missing() {
         let _lock = env_lock();
diff --git a/crates/secrets/src/lib.rs b/crates/secrets/src/lib.rs
index 69c3fc9a..2e012fc4 100644
--- a/crates/secrets/src/lib.rs
+++ b/crates/secrets/src/lib.rs
@@ -525,6 +525,9 @@ pub fn env_for(name: &str) -> Option<String> {
     let candidates: &[&str] = match name.to_ascii_lowercase().as_str() {
         "deepseek" => &["DEEPSEEK_API_KEY"],
         "openrouter" => &["OPENROUTER_API_KEY"],
+        "xiaomi-mimo" | "xiaomi_mimo" | "xiaomimimo" | "mimo" | "xiaomi" => {
+            &["XIAOMI_MIMO_API_KEY", "MIMO_API_KEY"]
+        }
         "novita" => &["NOVITA_API_KEY"],
         // NVIDIA NIM falls back to `DEEPSEEK_API_KEY` last because the
         // catalog endpoint accepts the same DeepSeek-issued key when no
@@ -587,6 +590,8 @@ mod tests {
             "WANJIE_ARK_API_KEY",
             "WANJIE_API_KEY",
             "WANJIE_MAAS_API_KEY",
+            "XIAOMI_MIMO_API_KEY",
+            "MIMO_API_KEY",
             SECRET_BACKEND_ENV,
         ] {
             // Safety: tests serialise on env_lock(); the broader
@@ -764,6 +769,20 @@ mod tests {
         clear_known_envs();
     }
 
+    #[test]
+    fn xiaomi_mimo_env_aliases_resolve() {
+        let _guard = env_lock();
+        clear_known_envs();
+        unsafe { std::env::set_var("MIMO_API_KEY", "mimo-key") };
+
+        assert_eq!(env_for("xiaomi-mimo").as_deref(), Some("mimo-key"));
+        assert_eq!(env_for("xiaomimimo").as_deref(), Some("mimo-key"));
+        assert_eq!(env_for("mimo").as_deref(), Some("mimo-key"));
+        assert_eq!(env_for("xiaomi").as_deref(), Some("mimo-key"));
+
+        clear_known_envs();
+    }
+
     #[test]
     fn fireworks_env_aliases_resolve() {
         let _lock = env_lock();
diff --git a/crates/tui/src/client.rs b/crates/tui/src/client.rs
index ad9ae2e0..b7281b36 100644
--- a/crates/tui/src/client.rs
+++ b/crates/tui/src/client.rs
@@ -882,6 +882,7 @@ pub(super) fn apply_reasoning_effort(
             ApiProvider::Deepseek
             | ApiProvider::DeepseekCN
             | ApiProvider::Openrouter
+            | ApiProvider::XiaomiMimo
             | ApiProvider::Novita
             | ApiProvider::Sglang => {
                 body["thinking"] = json!({ "type": "disabled" });
@@ -930,6 +931,9 @@ pub(super) fn apply_reasoning_effort(
                 body["reasoning_effort"] = json!(value);
                 body["thinking"] = json!({ "type": "enabled" });
             }
+            ApiProvider::XiaomiMimo => {
+                body["thinking"] = json!({ "type": "enabled" });
+            }
             ApiProvider::Fireworks => {
                 body["reasoning_effort"] = json!("high");
             }
@@ -967,6 +971,9 @@ pub(super) fn apply_reasoning_effort(
                 body["reasoning_effort"] = json!("xhigh");
                 body["thinking"] = json!({ "type": "enabled" });
             }
+            ApiProvider::XiaomiMimo => {
+                body["thinking"] = json!({ "type": "enabled" });
+            }
             ApiProvider::Fireworks => {
                 body["reasoning_effort"] = json!("max");
             }
@@ -2044,6 +2051,29 @@ mod tests {
         }
     }
 
+    #[test]
+    fn reasoning_effort_uses_xiaomi_mimo_thinking_parameter_only() {
+        for input in ["low", "medium", "max", "xhigh"] {
+            let mut body = json!({});
+            apply_reasoning_effort(&mut body, Some(input), ApiProvider::XiaomiMimo);
+
+            assert_eq!(
+                body.pointer("/thinking/type").and_then(Value::as_str),
+                Some("enabled"),
+                "MiMo thinking mapping for {input}"
+            );
+            assert!(body.get("reasoning_effort").is_none());
+        }
+
+        let mut body = json!({});
+        apply_reasoning_effort(&mut body, Some("off"), ApiProvider::XiaomiMimo);
+        assert_eq!(
+            body.pointer("/thinking/type").and_then(Value::as_str),
+            Some("disabled")
+        );
+        assert!(body.get("reasoning_effort").is_none());
+    }
+
     #[test]
     fn chat_parser_accepts_nvidia_nim_reasoning_field() -> Result<()> {
         let response = parse_chat_message(&json!({
diff --git a/crates/tui/src/client/chat.rs b/crates/tui/src/client/chat.rs
index 656330fc..1c66079a 100644
--- a/crates/tui/src/client/chat.rs
+++ b/crates/tui/src/client/chat.rs
@@ -71,6 +71,17 @@ use super::{
     release_stream_buffer, system_to_instructions, to_api_tool_name,
 };
 
+fn apply_provider_token_limit(body: &mut Value, provider: ApiProvider, max_tokens: u32) {
+    if provider != ApiProvider::XiaomiMimo {
+        return;
+    }
+
+    if let Some(object) = body.as_object_mut() {
+        object.remove("max_tokens");
+    }
+    body["max_completion_tokens"] = json!(max_tokens);
+}
+
 impl DeepSeekClient {
     pub(super) async fn create_message_chat(
         &self,
@@ -82,6 +93,7 @@ impl DeepSeekClient {
             "messages": messages,
             "max_tokens": request.max_tokens,
         });
+        apply_provider_token_limit(&mut body, self.api_provider, request.max_tokens);
 
         if let Some(temperature) = request.temperature {
             body["temperature"] = json!(temperature);
@@ -156,6 +168,7 @@ impl DeepSeekClient {
                 "include_usage": true
             },
         });
+        apply_provider_token_limit(&mut body, self.api_provider, request.max_tokens);
 
         if let Some(temperature) = request.temperature {
             body["temperature"] = json!(temperature);
@@ -1729,6 +1742,7 @@ fn provider_accepts_reasoning_content(provider: ApiProvider) -> bool {
             | ApiProvider::DeepseekCN
             | ApiProvider::NvidiaNim
             | ApiProvider::Openrouter
+            | ApiProvider::XiaomiMimo
             | ApiProvider::Novita
             | ApiProvider::Fireworks
             | ApiProvider::Sglang
@@ -3092,11 +3106,12 @@ mod alias_thinking_detection_tests {
     //! turn. See upstream API docs:
     //! https://api-docs.deepseek.com/guides/thinking_mode
     use super::{
-        is_reasoning_model_for_stream, provider_accepts_reasoning_content,
-        requires_reasoning_content, should_replay_reasoning_content,
-        should_replay_reasoning_content_for_provider,
+        apply_provider_token_limit, is_reasoning_model_for_stream,
+        provider_accepts_reasoning_content, requires_reasoning_content,
+        should_replay_reasoning_content, should_replay_reasoning_content_for_provider,
     };
     use crate::config::ApiProvider;
+    use serde_json::json;
 
     #[test]
     fn aliases_routed_to_v4_require_reasoning_content() {
@@ -3162,6 +3177,25 @@ mod alias_thinking_detection_tests {
         assert!(!provider_accepts_reasoning_content(ApiProvider::Openai));
         assert!(provider_accepts_reasoning_content(ApiProvider::Deepseek));
         assert!(provider_accepts_reasoning_content(ApiProvider::NvidiaNim));
+        assert!(provider_accepts_reasoning_content(ApiProvider::XiaomiMimo));
+    }
+
+    #[test]
+    fn xiaomi_mimo_uses_max_completion_tokens_payload_key() {
+        let mut body = json!({
+            "model": "mimo-v2.5-pro",
+            "messages": [],
+            "max_tokens": 8192,
+        });
+
+        apply_provider_token_limit(&mut body, ApiProvider::XiaomiMimo, 8192);
+
+        assert!(body.get("max_tokens").is_none());
+        assert_eq!(
+            body.get("max_completion_tokens")
+                .and_then(serde_json::Value::as_u64),
+            Some(8192)
+        );
     }
 
     #[test]
diff --git a/crates/tui/src/commands/provider.rs b/crates/tui/src/commands/provider.rs
index 915cce8c..6caaacc9 100644
--- a/crates/tui/src/commands/provider.rs
+++ b/crates/tui/src/commands/provider.rs
@@ -27,7 +27,7 @@ pub fn provider(app: &mut App, args: Option<&str>) -> CommandResult {
 
     let Some(target) = ApiProvider::parse(name) else {
         return CommandResult::error(format!(
-            "Unknown provider '{name}'. Expected: deepseek, nvidia-nim, openai, atlascloud, wanjie-ark, openrouter, novita, fireworks, sglang, vllm, or ollama."
+            "Unknown provider '{name}'. Expected: deepseek, nvidia-nim, openai, atlascloud, wanjie-ark, openrouter, xiaomi-mimo, novita, fireworks, sglang, vllm, or ollama."
         ));
     };
 
@@ -112,6 +112,7 @@ mod tests {
         let msg = result.message.expect("expected error message");
         assert!(msg.contains("Unknown provider"));
         assert!(msg.contains("openrouter"));
+        assert!(msg.contains("xiaomi-mimo"));
         assert!(msg.contains("novita"));
         assert!(result.action.is_none());
     }
@@ -129,6 +130,19 @@ mod tests {
         }
     }
 
+    #[test]
+    fn switch_to_xiaomi_mimo_emits_action() {
+        let mut app = create_test_app();
+        let result = provider(&mut app, Some("xiaomi-mimo"));
+        match result.action {
+            Some(AppAction::SwitchProvider { provider, model }) => {
+                assert_eq!(provider, ApiProvider::XiaomiMimo);
+                assert_eq!(model, None);
+            }
+            other => panic!("expected SwitchProvider, got {other:?}"),
+        }
+    }
+
     #[test]
     fn switch_to_atlascloud_emits_action() {
         let mut app = create_test_app();
diff --git a/crates/tui/src/config.rs b/crates/tui/src/config.rs
index 106d8c4c..9b3befe1 100644
--- a/crates/tui/src/config.rs
+++ b/crates/tui/src/config.rs
@@ -46,6 +46,8 @@ pub const DEFAULT_WANJIE_ARK_BASE_URL: &str = "https://maas-openapi.wanjiedata.c
 pub const DEFAULT_OPENROUTER_MODEL: &str = "deepseek/deepseek-v4-pro";
 pub const DEFAULT_OPENROUTER_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
 pub const DEFAULT_OPENROUTER_BASE_URL: &str = "https://openrouter.ai/api/v1";
+pub const DEFAULT_XIAOMI_MIMO_MODEL: &str = "mimo-v2.5-pro";
+pub const DEFAULT_XIAOMI_MIMO_BASE_URL: &str = "https://api.xiaomimimo.com/v1";
 pub const DEFAULT_NOVITA_MODEL: &str = "deepseek/deepseek-v4-pro";
 pub const DEFAULT_NOVITA_FLASH_MODEL: &str = "deepseek/deepseek-v4-flash";
 pub const DEFAULT_NOVITA_BASE_URL: &str = "https://api.novita.ai/v1";
@@ -91,6 +93,7 @@ pub enum ApiProvider {
     Atlascloud,
     WanjieArk,
     Openrouter,
+    XiaomiMimo,
     Novita,
     Fireworks,
     Moonshot,
@@ -113,6 +116,9 @@ impl ApiProvider {
             "wanjie" | "wanjie-ark" | "wanjie_ark" | "ark-wanjie" | "ark_wanjie" | "wanjieark"
             | "wanjie-maas" | "wanjie_maas" | "wanjiemaas" => Some(Self::WanjieArk),
             "openrouter" | "open_router" => Some(Self::Openrouter),
+            "xiaomi-mimo" | "xiaomi_mimo" | "xiaomimimo" | "mimo" | "xiaomi" => {
+                Some(Self::XiaomiMimo)
+            }
             "novita" => Some(Self::Novita),
             "fireworks" | "fireworks-ai" => Some(Self::Fireworks),
             "moonshot" | "moonshot-ai" | "kimi" | "kimi-k2" => Some(Self::Moonshot),
@@ -133,6 +139,7 @@ impl ApiProvider {
             Self::Atlascloud => "atlascloud",
             Self::WanjieArk => "wanjie-ark",
             Self::Openrouter => "openrouter",
+            Self::XiaomiMimo => "xiaomi-mimo",
             Self::Novita => "novita",
             Self::Fireworks => "fireworks",
             Self::Moonshot => "moonshot",
@@ -153,6 +160,7 @@ impl ApiProvider {
             Self::Atlascloud => "AtlasCloud",
             Self::WanjieArk => "Wanjie Ark",
             Self::Openrouter => "OpenRouter",
+            Self::XiaomiMimo => "Xiaomi MiMo",
             Self::Novita => "Novita AI",
             Self::Fireworks => "Fireworks AI",
             Self::Moonshot => "Moonshot/Kimi",
@@ -172,6 +180,7 @@ impl ApiProvider {
             Self::Atlascloud,
             Self::WanjieArk,
             Self::Openrouter,
+            Self::XiaomiMimo,
             Self::Novita,
             Self::Fireworks,
             Self::Moonshot,
@@ -259,6 +268,19 @@ pub fn provider_capability(provider: ApiProvider, resolved_model: &str) -> Provi
         };
     }
 
+    if matches!(provider, ApiProvider::XiaomiMimo) {
+        return ProviderCapability {
+            provider,
+            resolved_model: resolved_model.to_string(),
+            context_window: 1_000_000,
+            max_output: 128_000,
+            thinking_supported: true,
+            cache_telemetry_supported: false,
+            request_payload_mode: RequestPayloadMode::ChatCompletions,
+            alias_deprecation: None,
+        };
+    }
+
     if matches!(provider, ApiProvider::Ollama) {
         return ProviderCapability {
             provider,
@@ -443,6 +465,7 @@ pub fn model_completion_names_for_provider(provider: ApiProvider) -> Vec<&'stati
         ApiProvider::Deepseek | ApiProvider::DeepseekCN => OFFICIAL_DEEPSEEK_MODELS.to_vec(),
         ApiProvider::NvidiaNim => vec![DEFAULT_NVIDIA_NIM_MODEL, DEFAULT_NVIDIA_NIM_FLASH_MODEL],
         ApiProvider::Openrouter => vec![DEFAULT_OPENROUTER_MODEL, DEFAULT_OPENROUTER_FLASH_MODEL],
+        ApiProvider::XiaomiMimo => vec![DEFAULT_XIAOMI_MIMO_MODEL, "mimo-v2.5"],
         ApiProvider::Novita => vec![DEFAULT_NOVITA_MODEL, DEFAULT_NOVITA_FLASH_MODEL],
         ApiProvider::Fireworks => vec![DEFAULT_FIREWORKS_MODEL],
         ApiProvider::Moonshot => vec![DEFAULT_MOONSHOT_MODEL],
@@ -1342,6 +1365,8 @@ pub struct ProvidersConfig {
     #[serde(default)]
     pub openrouter: ProviderConfig,
     #[serde(default)]
+    pub xiaomi_mimo: ProviderConfig,
+    #[serde(default)]
     pub novita: ProviderConfig,
     #[serde(default)]
     pub fireworks: ProviderConfig,
@@ -1501,6 +1526,7 @@ impl Config {
             ApiProvider::Atlascloud => "providers.atlascloud",
             ApiProvider::WanjieArk => "providers.wanjie_ark",
             ApiProvider::Openrouter => "providers.openrouter",
+            ApiProvider::XiaomiMimo => "providers.xiaomi_mimo",
             ApiProvider::Novita => "providers.novita",
             ApiProvider::Fireworks => "providers.fireworks",
             ApiProvider::Moonshot => "providers.moonshot",
@@ -1523,7 +1549,7 @@ impl Config {
             && ApiProvider::parse(provider).is_none()
         {
             anyhow::bail!(
-                "Invalid provider '{provider}': expected deepseek, deepseek-cn, nvidia-nim, openai, atlascloud, wanjie-ark, openrouter, novita, fireworks, sglang, vllm, or ollama."
+                "Invalid provider '{provider}': expected deepseek, deepseek-cn, nvidia-nim, openai, atlascloud, wanjie-ark, openrouter, xiaomi-mimo, novita, fireworks, sglang, vllm, or ollama."
             );
         }
         if let Some(ref key) = self.api_key
@@ -1643,6 +1669,7 @@ impl Config {
             ApiProvider::Atlascloud => &providers.atlascloud,
             ApiProvider::WanjieArk => &providers.wanjie_ark,
             ApiProvider::Openrouter => &providers.openrouter,
+            ApiProvider::XiaomiMimo => &providers.xiaomi_mimo,
             ApiProvider::Novita => &providers.novita,
             ApiProvider::Fireworks => &providers.fireworks,
             ApiProvider::Moonshot => &providers.moonshot,
@@ -1733,6 +1760,7 @@ impl Config {
             ApiProvider::Atlascloud => DEFAULT_ATLASCLOUD_MODEL,
             ApiProvider::WanjieArk => DEFAULT_WANJIE_ARK_MODEL,
             ApiProvider::Openrouter => DEFAULT_OPENROUTER_MODEL,
+            ApiProvider::XiaomiMimo => DEFAULT_XIAOMI_MIMO_MODEL,
             ApiProvider::Novita => DEFAULT_NOVITA_MODEL,
             ApiProvider::Fireworks => DEFAULT_FIREWORKS_MODEL,
             ApiProvider::Moonshot => DEFAULT_MOONSHOT_MODEL,
@@ -1765,6 +1793,7 @@ impl Config {
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
             | ApiProvider::Openrouter
+            | ApiProvider::XiaomiMimo
             | ApiProvider::Novita
             | ApiProvider::Fireworks
             | ApiProvider::Moonshot
@@ -1781,6 +1810,7 @@ impl Config {
                 ApiProvider::Atlascloud => DEFAULT_ATLASCLOUD_BASE_URL,
                 ApiProvider::WanjieArk => DEFAULT_WANJIE_ARK_BASE_URL,
                 ApiProvider::Openrouter => DEFAULT_OPENROUTER_BASE_URL,
+                ApiProvider::XiaomiMimo => DEFAULT_XIAOMI_MIMO_BASE_URL,
                 ApiProvider::Novita => DEFAULT_NOVITA_BASE_URL,
                 ApiProvider::Fireworks => DEFAULT_FIREWORKS_BASE_URL,
                 ApiProvider::Moonshot => {
@@ -1824,6 +1854,7 @@ impl Config {
             ApiProvider::Atlascloud => "atlascloud",
             ApiProvider::WanjieArk => "wanjie-ark",
             ApiProvider::Openrouter => "openrouter",
+            ApiProvider::XiaomiMimo => "xiaomi-mimo",
             ApiProvider::Novita => "novita",
             ApiProvider::Fireworks => "fireworks",
             ApiProvider::Moonshot => "moonshot",
@@ -1909,6 +1940,10 @@ impl Config {
                 "OpenRouter API key not found. Run 'codewhale auth set --provider openrouter', \
                  set OPENROUTER_API_KEY, or add [providers.openrouter] api_key in ~/.deepseek/config.toml."
             ),
+            ApiProvider::XiaomiMimo => anyhow::bail!(
+                "Xiaomi MiMo API key not found. Run 'codewhale auth set --provider xiaomi-mimo', \
+                 set XIAOMI_MIMO_API_KEY/MIMO_API_KEY, or add [providers.xiaomi_mimo] api_key in ~/.deepseek/config.toml."
+            ),
             ApiProvider::Novita => anyhow::bail!(
                 "Novita API key not found. Run 'codewhale auth set --provider novita', \
                  set NOVITA_API_KEY, or add [providers.novita] api_key in ~/.deepseek/config.toml."
@@ -2497,6 +2532,13 @@ fn apply_env_overrides(config: &mut Config) {
                     .openrouter
                     .base_url = Some(value);
             }
+            ApiProvider::XiaomiMimo => {
+                config
+                    .providers
+                    .get_or_insert_with(ProvidersConfig::default)
+                    .xiaomi_mimo
+                    .base_url = Some(value);
+            }
             ApiProvider::WanjieArk => {
                 config
                     .providers
@@ -2599,6 +2641,17 @@ fn apply_env_overrides(config: &mut Config) {
             .openrouter
             .base_url = Some(value);
     }
+    if matches!(config.api_provider(), ApiProvider::XiaomiMimo)
+        && let Ok(value) =
+            std::env::var("XIAOMI_MIMO_BASE_URL").or_else(|_| std::env::var("MIMO_BASE_URL"))
+        && !value.trim().is_empty()
+    {
+        config
+            .providers
+            .get_or_insert_with(ProvidersConfig::default)
+            .xiaomi_mimo
+            .base_url = Some(value);
+    }
     if matches!(config.api_provider(), ApiProvider::WanjieArk)
         && let Ok(value) = std::env::var("WANJIE_ARK_BASE_URL")
             .or_else(|_| std::env::var("WANJIE_BASE_URL"))
@@ -2682,6 +2735,7 @@ fn apply_env_overrides(config: &mut Config) {
             ApiProvider::Atlascloud => &mut providers.atlascloud,
             ApiProvider::WanjieArk => &mut providers.wanjie_ark,
             ApiProvider::Openrouter => &mut providers.openrouter,
+            ApiProvider::XiaomiMimo => &mut providers.xiaomi_mimo,
             ApiProvider::Novita => &mut providers.novita,
             ApiProvider::Fireworks => &mut providers.fireworks,
             ApiProvider::Moonshot => &mut providers.moonshot,
@@ -2727,6 +2781,16 @@ fn apply_env_overrides(config: &mut Config) {
             .openai
             .model = Some(value);
     }
+    if matches!(config.api_provider(), ApiProvider::XiaomiMimo)
+        && let Ok(value) =
+            std::env::var("XIAOMI_MIMO_MODEL").or_else(|_| std::env::var("MIMO_MODEL"))
+    {
+        config
+            .providers
+            .get_or_insert_with(ProvidersConfig::default)
+            .xiaomi_mimo
+            .model = Some(value);
+    }
     if matches!(config.api_provider(), ApiProvider::Atlascloud)
         && let Ok(value) = std::env::var("ATLASCLOUD_MODEL")
     {
@@ -2786,6 +2850,7 @@ fn apply_env_overrides(config: &mut Config) {
                 ApiProvider::Atlascloud => &mut providers.atlascloud,
                 ApiProvider::WanjieArk => &mut providers.wanjie_ark,
                 ApiProvider::Openrouter => &mut providers.openrouter,
+                ApiProvider::XiaomiMimo => &mut providers.xiaomi_mimo,
                 ApiProvider::Novita => &mut providers.novita,
                 ApiProvider::Fireworks => &mut providers.fireworks,
                 ApiProvider::Moonshot => &mut providers.moonshot,
@@ -3050,6 +3115,7 @@ pub(crate) fn provider_passes_model_through(provider: ApiProvider) -> bool {
         ApiProvider::Openai
             | ApiProvider::Atlascloud
             | ApiProvider::WanjieArk
+            | ApiProvider::XiaomiMimo
             | ApiProvider::Moonshot
             | ApiProvider::Ollama
     )
@@ -3071,6 +3137,7 @@ fn default_base_url_for_provider(provider: ApiProvider) -> &'static str {
         ApiProvider::Atlascloud => DEFAULT_ATLASCLOUD_BASE_URL,
         ApiProvider::WanjieArk => DEFAULT_WANJIE_ARK_BASE_URL,
         ApiProvider::Openrouter => DEFAULT_OPENROUTER_BASE_URL,
+        ApiProvider::XiaomiMimo => DEFAULT_XIAOMI_MIMO_BASE_URL,
         ApiProvider::Novita => DEFAULT_NOVITA_BASE_URL,
         ApiProvider::Fireworks => DEFAULT_FIREWORKS_BASE_URL,
         ApiProvider::Moonshot => DEFAULT_MOONSHOT_BASE_URL,
@@ -3328,6 +3395,7 @@ fn merge_providers(
             atlascloud: merge_provider_config(base.atlascloud, override_cfg.atlascloud),
             wanjie_ark: merge_provider_config(base.wanjie_ark, override_cfg.wanjie_ark),
             openrouter: merge_provider_config(base.openrouter, override_cfg.openrouter),
+            xiaomi_mimo: merge_provider_config(base.xiaomi_mimo, override_cfg.xiaomi_mimo),
             novita: merge_provider_config(base.novita, override_cfg.novita),
             fireworks: merge_provider_config(base.fireworks, override_cfg.fireworks),
             moonshot: merge_provider_config(base.moonshot, override_cfg.moonshot),
@@ -3748,6 +3816,10 @@ pub fn active_provider_has_env_api_key(config: &Config) -> bool {
         ApiProvider::Openrouter => {
             std::env::var("OPENROUTER_API_KEY").is_ok_and(|k| !k.trim().is_empty())
         }
+        ApiProvider::XiaomiMimo => {
+            std::env::var("XIAOMI_MIMO_API_KEY").is_ok_and(|k| !k.trim().is_empty())
+                || std::env::var("MIMO_API_KEY").is_ok_and(|k| !k.trim().is_empty())
+        }
         ApiProvider::Novita => std::env::var("NOVITA_API_KEY").is_ok_and(|k| !k.trim().is_empty()),
         ApiProvider::Fireworks => {
             std::env::var("FIREWORKS_API_KEY").is_ok_and(|k| !k.trim().is_empty())
@@ -3779,6 +3851,7 @@ pub fn has_api_key_for(config: &Config, provider: ApiProvider) -> bool {
         ApiProvider::Atlascloud => "ATLASCLOUD_API_KEY",
         ApiProvider::WanjieArk => "WANJIE_ARK_API_KEY",
         ApiProvider::Openrouter => "OPENROUTER_API_KEY",
+        ApiProvider::XiaomiMimo => "XIAOMI_MIMO_API_KEY",
         ApiProvider::Novita => "NOVITA_API_KEY",
         ApiProvider::Fireworks => "FIREWORKS_API_KEY",
         ApiProvider::Moonshot => "MOONSHOT_API_KEY",
@@ -3800,6 +3873,11 @@ pub fn has_api_key_for(config: &Config, provider: ApiProvider) -> bool {
     {
         return true;
     }
+    if matches!(provider, ApiProvider::XiaomiMimo)
+        && std::env::var("MIMO_API_KEY").is_ok_and(|k| !k.trim().is_empty())
+    {
+        return true;
+    }
     if matches!(provider, ApiProvider::Moonshot)
         && std::env::var("KIMI_API_KEY").is_ok_and(|k| !k.trim().is_empty())
     {
@@ -3873,6 +3951,7 @@ pub fn save_api_key_for(provider: ApiProvider, api_key: &str) -> Result<PathBuf>
         ApiProvider::Atlascloud => "providers.atlascloud",
         ApiProvider::WanjieArk => "providers.wanjie_ark",
         ApiProvider::Openrouter => "providers.openrouter",
+        ApiProvider::XiaomiMimo => "providers.xiaomi_mimo",
         ApiProvider::Novita => "providers.novita",
         ApiProvider::Fireworks => "providers.fireworks",
         ApiProvider::Moonshot => "providers.moonshot",
@@ -3910,6 +3989,7 @@ pub fn save_api_key_for(provider: ApiProvider, api_key: &str) -> Result<PathBuf>
         ApiProvider::Atlascloud => "atlascloud",
         ApiProvider::WanjieArk => "wanjie_ark",
         ApiProvider::Openrouter => "openrouter",
+        ApiProvider::XiaomiMimo => "xiaomi_mimo",
         ApiProvider::Novita => "novita",
         ApiProvider::Fireworks => "fireworks",
         ApiProvider::Moonshot => "moonshot",
@@ -3999,6 +4079,7 @@ fn provider_config_key(provider: ApiProvider) -> Result<&'static str> {
         ApiProvider::Atlascloud => Ok("atlascloud"),
         ApiProvider::WanjieArk => Ok("wanjie_ark"),
         ApiProvider::Openrouter => Ok("openrouter"),
+        ApiProvider::XiaomiMimo => Ok("xiaomi_mimo"),
         ApiProvider::Novita => Ok("novita"),
         ApiProvider::Fireworks => Ok("fireworks"),
         ApiProvider::Moonshot => Ok("moonshot"),
@@ -4391,6 +4472,12 @@ mod tests {
         wanjie_maas_model: Option<OsString>,
         openrouter_api_key: Option<OsString>,
         openrouter_base_url: Option<OsString>,
+        xiaomi_mimo_api_key: Option<OsString>,
+        mimo_api_key: Option<OsString>,
+        xiaomi_mimo_base_url: Option<OsString>,
+        mimo_base_url: Option<OsString>,
+        xiaomi_mimo_model: Option<OsString>,
+        mimo_model: Option<OsString>,
         novita_api_key: Option<OsString>,
         novita_base_url: Option<OsString>,
         fireworks_api_key: Option<OsString>,
@@ -4456,6 +4543,12 @@ mod tests {
             let wanjie_maas_model_prev = env::var_os("WANJIE_MAAS_MODEL");
             let openrouter_api_key_prev = env::var_os("OPENROUTER_API_KEY");
             let openrouter_base_url_prev = env::var_os("OPENROUTER_BASE_URL");
+            let xiaomi_mimo_api_key_prev = env::var_os("XIAOMI_MIMO_API_KEY");
+            let mimo_api_key_prev = env::var_os("MIMO_API_KEY");
+            let xiaomi_mimo_base_url_prev = env::var_os("XIAOMI_MIMO_BASE_URL");
+            let mimo_base_url_prev = env::var_os("MIMO_BASE_URL");
+            let xiaomi_mimo_model_prev = env::var_os("XIAOMI_MIMO_MODEL");
+            let mimo_model_prev = env::var_os("MIMO_MODEL");
             let novita_api_key_prev = env::var_os("NOVITA_API_KEY");
             let novita_base_url_prev = env::var_os("NOVITA_BASE_URL");
             let fireworks_api_key_prev = env::var_os("FIREWORKS_API_KEY");
@@ -4516,6 +4609,12 @@ mod tests {
                 env::remove_var("WANJIE_MAAS_MODEL");
                 env::remove_var("OPENROUTER_API_KEY");
                 env::remove_var("OPENROUTER_BASE_URL");
+                env::remove_var("XIAOMI_MIMO_API_KEY");
+                env::remove_var("MIMO_API_KEY");
+                env::remove_var("XIAOMI_MIMO_BASE_URL");
+                env::remove_var("MIMO_BASE_URL");
+                env::remove_var("XIAOMI_MIMO_MODEL");
+                env::remove_var("MIMO_MODEL");
                 env::remove_var("NOVITA_API_KEY");
                 env::remove_var("NOVITA_BASE_URL");
                 env::remove_var("FIREWORKS_API_KEY");
@@ -4576,6 +4675,12 @@ mod tests {
                 wanjie_maas_model: wanjie_maas_model_prev,
                 openrouter_api_key: openrouter_api_key_prev,
                 openrouter_base_url: openrouter_base_url_prev,
+                xiaomi_mimo_api_key: xiaomi_mimo_api_key_prev,
+                mimo_api_key: mimo_api_key_prev,
+                xiaomi_mimo_base_url: xiaomi_mimo_base_url_prev,
+                mimo_base_url: mimo_base_url_prev,
+                xiaomi_mimo_model: xiaomi_mimo_model_prev,
+                mimo_model: mimo_model_prev,
                 novita_api_key: novita_api_key_prev,
                 novita_base_url: novita_base_url_prev,
                 fireworks_api_key: fireworks_api_key_prev,
@@ -4645,6 +4750,12 @@ mod tests {
                 Self::restore_var("WANJIE_MAAS_MODEL", self.wanjie_maas_model.take());
                 Self::restore_var("OPENROUTER_API_KEY", self.openrouter_api_key.take());
                 Self::restore_var("OPENROUTER_BASE_URL", self.openrouter_base_url.take());
+                Self::restore_var("XIAOMI_MIMO_API_KEY", self.xiaomi_mimo_api_key.take());
+                Self::restore_var("MIMO_API_KEY", self.mimo_api_key.take());
+                Self::restore_var("XIAOMI_MIMO_BASE_URL", self.xiaomi_mimo_base_url.take());
+                Self::restore_var("MIMO_BASE_URL", self.mimo_base_url.take());
+                Self::restore_var("XIAOMI_MIMO_MODEL", self.xiaomi_mimo_model.take());
+                Self::restore_var("MIMO_MODEL", self.mimo_model.take());
                 Self::restore_var("NOVITA_API_KEY", self.novita_api_key.take());
                 Self::restore_var("NOVITA_BASE_URL", self.novita_base_url.take());
                 Self::restore_var("FIREWORKS_API_KEY", self.fireworks_api_key.take());
@@ -5987,6 +6098,54 @@ http_headers = { "X-Model-Provider-Id" = "from-file" }
         Ok(())
     }
 
+    #[test]
+    fn xiaomi_mimo_provider_uses_documented_defaults() -> Result<()> {
+        let config = Config {
+            provider: Some("xiaomi-mimo".to_string()),
+            ..Default::default()
+        };
+
+        config.validate()?;
+        assert_eq!(config.api_provider(), ApiProvider::XiaomiMimo);
+        assert_eq!(config.default_model(), DEFAULT_XIAOMI_MIMO_MODEL);
+        assert_eq!(config.deepseek_base_url(), DEFAULT_XIAOMI_MIMO_BASE_URL);
+        Ok(())
+    }
+
+    #[test]
+    fn xiaomi_mimo_env_overrides_provider_base_url_model_and_key() -> Result<()> {
+        let _lock = lock_test_env();
+        let nanos = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap()
+            .as_nanos();
+        let temp_root = env::temp_dir().join(format!(
+            "codewhale-tui-xiaomi-mimo-env-test-{}-{}",
+            std::process::id(),
+            nanos
+        ));
+        fs::create_dir_all(&temp_root)?;
+        let _guard = EnvGuard::new(&temp_root);
+
+        // Safety: test-only environment mutation guarded by a global mutex.
+        unsafe {
+            env::set_var("DEEPSEEK_PROVIDER", "mimo");
+            env::set_var("MIMO_API_KEY", "mimo-env-key");
+            env::set_var("MIMO_BASE_URL", "https://mimo-gateway.example/v1");
+            env::set_var("MIMO_MODEL", "mimo-v2.5");
+        }
+
+        let config = Config::load(None, None)?;
+        assert_eq!(config.api_provider(), ApiProvider::XiaomiMimo);
+        assert_eq!(config.deepseek_api_key()?, "mimo-env-key");
+        assert_eq!(
+            config.deepseek_base_url(),
+            "https://mimo-gateway.example/v1"
+        );
+        assert_eq!(config.default_model(), "mimo-v2.5");
+        Ok(())
+    }
+
     #[test]
     fn atlascloud_provider_uses_documented_defaults() -> Result<()> {
         let config = Config {
@@ -7034,6 +7193,7 @@ api_key = "moonshot-platform-key"
         assert!(!has_api_key_for(&config, ApiProvider::Openai));
         assert!(!has_api_key_for(&config, ApiProvider::WanjieArk));
         assert!(!has_api_key_for(&config, ApiProvider::Openrouter));
+        assert!(!has_api_key_for(&config, ApiProvider::XiaomiMimo));
         assert!(
             has_api_key_for(&config, ApiProvider::Sglang),
             "SGLang is self-hosted and does not require a key by default"
@@ -7048,10 +7208,12 @@ api_key = "moonshot-platform-key"
             env::set_var("OPENROUTER_API_KEY", "or-env");
             env::set_var("OPENAI_API_KEY", "openai-env");
             env::set_var("WANJIE_API_KEY", "wanjie-env");
+            env::set_var("MIMO_API_KEY", "mimo-env");
         }
         assert!(has_api_key_for(&config, ApiProvider::Openai));
         assert!(has_api_key_for(&config, ApiProvider::WanjieArk));
         assert!(has_api_key_for(&config, ApiProvider::Openrouter));
+        assert!(has_api_key_for(&config, ApiProvider::XiaomiMimo));
         assert!(!has_api_key_for(&config, ApiProvider::Novita));
 
         // Safety: test-only environment mutation guarded by a global mutex.
@@ -7059,14 +7221,17 @@ api_key = "moonshot-platform-key"
             env::remove_var("OPENROUTER_API_KEY");
             env::remove_var("OPENAI_API_KEY");
             env::remove_var("WANJIE_API_KEY");
+            env::remove_var("MIMO_API_KEY");
         }
         let mut providers = ProvidersConfig::default();
         providers.openai.api_key = Some("file-openai".to_string());
         providers.wanjie_ark.api_key = Some("file-wanjie".to_string());
+        providers.xiaomi_mimo.api_key = Some("file-mimo".to_string());
         providers.novita.api_key = Some("file-novita".to_string());
         config.providers = Some(providers);
         assert!(has_api_key_for(&config, ApiProvider::Openai));
         assert!(has_api_key_for(&config, ApiProvider::WanjieArk));
+        assert!(has_api_key_for(&config, ApiProvider::XiaomiMimo));
         assert!(has_api_key_for(&config, ApiProvider::Novita));
         assert!(!has_api_key_for(&config, ApiProvider::Openrouter));
         Ok(())
@@ -7159,6 +7324,7 @@ api_key = "moonshot-platform-key"
         save_api_key_for(ApiProvider::Openai, "openai-saved-key")?;
         save_api_key_for(ApiProvider::WanjieArk, "wanjie-saved-key")?;
         save_api_key_for(ApiProvider::Fireworks, "fireworks-saved-key")?;
+        save_api_key_for(ApiProvider::XiaomiMimo, "mimo-saved-key")?;
         save_api_key_for(ApiProvider::Sglang, "sglang-saved-key")?;
         let contents = fs::read_to_string(&path)?;
         let parsed: toml::Value = toml::from_str(&contents)?;
@@ -7186,6 +7352,14 @@ api_key = "moonshot-platform-key"
                 .and_then(toml::Value::as_str),
             Some("fireworks-saved-key")
         );
+        assert_eq!(
+            parsed
+                .get("providers")
+                .and_then(|p| p.get("xiaomi_mimo"))
+                .and_then(|t| t.get("api_key"))
+                .and_then(toml::Value::as_str),
+            Some("mimo-saved-key")
+        );
         assert_eq!(
             parsed
                 .get("providers")
@@ -7421,6 +7595,19 @@ model = "deepseek-ai/deepseek-v4-pro"
         );
     }
 
+    #[test]
+    fn provider_capability_xiaomi_mimo_has_thinking_no_cache() {
+        let cap = provider_capability(ApiProvider::XiaomiMimo, DEFAULT_XIAOMI_MIMO_MODEL);
+        assert_eq!(cap.context_window, 1_000_000);
+        assert_eq!(cap.max_output, 128_000);
+        assert!(cap.thinking_supported);
+        assert!(!cap.cache_telemetry_supported);
+        assert_eq!(
+            cap.request_payload_mode,
+            RequestPayloadMode::ChatCompletions
+        );
+    }
+
     #[test]
     fn provider_capability_novita_v4_pro_has_thinking_no_cache() {
         let cap = provider_capability(ApiProvider::Novita, DEFAULT_NOVITA_MODEL);
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index db7f7ca4..0c85c7d2 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -395,6 +395,7 @@ impl Engine {
             ApiProvider::Atlascloud => "ATLASCLOUD_API_KEY",
             ApiProvider::WanjieArk => "WANJIE_ARK_API_KEY/WANJIE_API_KEY/WANJIE_MAAS_API_KEY",
             ApiProvider::Openrouter => "OPENROUTER_API_KEY",
+            ApiProvider::XiaomiMimo => "XIAOMI_MIMO_API_KEY/MIMO_API_KEY",
             ApiProvider::Novita => "NOVITA_API_KEY",
             ApiProvider::Fireworks => "FIREWORKS_API_KEY",
             ApiProvider::Moonshot => "MOONSHOT_API_KEY/KIMI_API_KEY",
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index e2c52d94..593a2f2f 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -1876,6 +1876,10 @@ fn run_setup_status(config: &Config, workspace: &Path) -> Result<()> {
                     "OPENROUTER_API_KEY",
                     "codewhale auth set --provider openrouter --api-key \"...\"",
                 ),
+                crate::config::ApiProvider::XiaomiMimo => (
+                    "XIAOMI_MIMO_API_KEY/MIMO_API_KEY",
+                    "codewhale auth set --provider xiaomi-mimo --api-key \"...\"",
+                ),
                 crate::config::ApiProvider::Novita => (
                     "NOVITA_API_KEY",
                     "codewhale auth set --provider novita --api-key \"...\"",
@@ -1912,6 +1916,7 @@ fn run_setup_status(config: &Config, workspace: &Path) -> Result<()> {
                     crate::config::ApiProvider::Atlascloud => "atlascloud",
                     crate::config::ApiProvider::WanjieArk => "wanjie_ark",
                     crate::config::ApiProvider::Openrouter => "openrouter",
+                    crate::config::ApiProvider::XiaomiMimo => "xiaomi_mimo",
                     crate::config::ApiProvider::Novita => "novita",
                     crate::config::ApiProvider::Fireworks => "fireworks",
                     crate::config::ApiProvider::Moonshot => "moonshot",
@@ -2218,6 +2223,11 @@ async fn run_doctor(config: &Config, workspace: &Path, config_path_override: Opt
             "openrouter",
             &["OPENROUTER_API_KEY"][..],
         ),
+        (
+            crate::config::ApiProvider::XiaomiMimo,
+            "xiaomi-mimo",
+            &["XIAOMI_MIMO_API_KEY", "MIMO_API_KEY"][..],
+        ),
         (
             crate::config::ApiProvider::Novita,
             "novita",
diff --git a/crates/tui/src/tui/provider_picker.rs b/crates/tui/src/tui/provider_picker.rs
index a4cdfb6c..03ba3958 100644
--- a/crates/tui/src/tui/provider_picker.rs
+++ b/crates/tui/src/tui/provider_picker.rs
@@ -102,6 +102,7 @@ impl ProviderPickerView {
             ApiProvider::Atlascloud => "ATLASCLOUD_API_KEY",
             ApiProvider::WanjieArk => "WANJIE_ARK_API_KEY",
             ApiProvider::Openrouter => "OPENROUTER_API_KEY",
+            ApiProvider::XiaomiMimo => "XIAOMI_MIMO_API_KEY / MIMO_API_KEY",
             ApiProvider::Novita => "NOVITA_API_KEY",
             ApiProvider::Fireworks => "FIREWORKS_API_KEY",
             ApiProvider::Moonshot => "MOONSHOT_API_KEY / KIMI_API_KEY",
@@ -473,6 +474,7 @@ mod tests {
                 "AtlasCloud",
                 "Wanjie Ark",
                 "OpenRouter",
+                "Xiaomi MiMo",
                 "Novita AI",
                 "Fireworks AI",
                 "Moonshot/Kimi",
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 4f88618a..b3cdd3a9 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -5932,6 +5932,7 @@ fn render(f: &mut Frame, app: &mut App) {
             crate::config::ApiProvider::Atlascloud => Some("Atlas"),
             crate::config::ApiProvider::WanjieArk => Some("Wanjie"),
             crate::config::ApiProvider::Openrouter => Some("OR"),
+            crate::config::ApiProvider::XiaomiMimo => Some("MiMo"),
             crate::config::ApiProvider::Novita => Some("Novita"),
             crate::config::ApiProvider::Fireworks => Some("Fireworks"),
             crate::config::ApiProvider::Moonshot => Some("Kimi"),
@@ -6849,6 +6850,7 @@ async fn apply_provider_picker_api_key(
             ApiProvider::Atlascloud => &mut providers.atlascloud,
             ApiProvider::WanjieArk => &mut providers.wanjie_ark,
             ApiProvider::Openrouter => &mut providers.openrouter,
+            ApiProvider::XiaomiMimo => &mut providers.xiaomi_mimo,
             ApiProvider::Novita => &mut providers.novita,
             ApiProvider::Fireworks => &mut providers.fireworks,
             ApiProvider::Moonshot => &mut providers.moonshot,
@@ -6901,6 +6903,7 @@ fn set_provider_auth_mode_in_memory(config: &mut Config, provider: ApiProvider,
         ApiProvider::Atlascloud => &mut providers.atlascloud,
         ApiProvider::WanjieArk => &mut providers.wanjie_ark,
         ApiProvider::Openrouter => &mut providers.openrouter,
+        ApiProvider::XiaomiMimo => &mut providers.xiaomi_mimo,
         ApiProvider::Novita => &mut providers.novita,
         ApiProvider::Fireworks => &mut providers.fireworks,
         ApiProvider::Moonshot => &mut providers.moonshot,
diff --git a/crates/tui/src/vision/tools.rs b/crates/tui/src/vision/tools.rs
index bfce551d..37e8507f 100644
--- a/crates/tui/src/vision/tools.rs
+++ b/crates/tui/src/vision/tools.rs
@@ -13,6 +13,8 @@ use crate::tools::spec::{
     ToolCapability, ToolContext, ToolError, ToolResult, ToolSpec, required_str,
 };
 
+const DEFAULT_VISION_MAX_OUTPUT_TOKENS: u32 = 4096;
+
 pub struct ImageAnalyzeTool {
     config: VisionModelConfig,
     client: reqwest::Client,
@@ -67,6 +69,48 @@ impl ImageAnalyzeTool {
     fn api_key(&self) -> String {
         self.config.api_key.clone().unwrap_or_default()
     }
+
+    fn uses_max_completion_tokens(base_url: &str) -> bool {
+        let Ok(url) = reqwest::Url::parse(base_url) else {
+            return false;
+        };
+        let Some(domain) = url.domain() else {
+            return false;
+        };
+
+        domain.eq_ignore_ascii_case("xiaomimimo.com")
+            || domain.to_ascii_lowercase().ends_with(".xiaomimimo.com")
+    }
+
+    fn request_payload(&self, prompt: &str, image_data: &str, mime_type: &str) -> Value {
+        let mut payload = json!({
+            "model": self.config.model,
+            "messages": [
+                {
+                    "role": "user",
+                    "content": [
+                        {"type": "text", "text": prompt},
+                        {
+                            "type": "image_url",
+                            "image_url": {
+                                "url": format!("data:{};base64,{}", mime_type, image_data)
+                            }
+                        }
+                    ]
+                }
+            ],
+            "temperature": 0.7
+        });
+
+        let token_limit_field = if Self::uses_max_completion_tokens(&self.base_url()) {
+            "max_completion_tokens"
+        } else {
+            "max_tokens"
+        };
+        payload[token_limit_field] = json!(DEFAULT_VISION_MAX_OUTPUT_TOKENS);
+
+        payload
+    }
 }
 
 #[async_trait]
@@ -122,25 +166,7 @@ impl ToolSpec for ImageAnalyzeTool {
         let resolved_path = context.workspace.join(image_path_buf);
         let (image_data, mime_type) = Self::read_image_file(&resolved_path).await?;
 
-        let payload = json!({
-            "model": self.config.model,
-            "messages": [
-                {
-                    "role": "user",
-                    "content": [
-                        {"type": "text", "text": prompt},
-                        {
-                            "type": "image_url",
-                            "image_url": {
-                                "url": format!("data:{};base64,{}", mime_type, image_data)
-                            }
-                        }
-                    ]
-                }
-            ],
-            "max_tokens": 4096,
-            "temperature": 0.7
-        });
+        let payload = self.request_payload(prompt, &image_data, &mime_type);
 
         let url = format!("{}/chat/completions", self.base_url());
         let api_key = self.api_key();
@@ -262,6 +288,35 @@ mod tests {
         assert!(err.to_string().contains("Unsupported image format"));
     }
 
+    #[test]
+    fn generic_vision_payload_uses_max_tokens() {
+        let tool = ImageAnalyzeTool::new(fake_config());
+
+        let payload = tool.request_payload("describe", "abc123", "image/png");
+
+        assert_eq!(
+            payload.get("max_tokens").and_then(Value::as_u64),
+            Some(u64::from(DEFAULT_VISION_MAX_OUTPUT_TOKENS))
+        );
+        assert!(payload.get("max_completion_tokens").is_none());
+    }
+
+    #[test]
+    fn xiaomi_mimo_vision_payload_uses_max_completion_tokens() {
+        let mut config = fake_config();
+        config.model = "mimo-v2.5".to_string();
+        config.base_url = Some("https://api.xiaomimimo.com/v1".to_string());
+        let tool = ImageAnalyzeTool::new(config);
+
+        let payload = tool.request_payload("describe", "abc123", "image/png");
+
+        assert_eq!(
+            payload.get("max_completion_tokens").and_then(Value::as_u64),
+            Some(u64::from(DEFAULT_VISION_MAX_OUTPUT_TOKENS))
+        );
+        assert!(payload.get("max_tokens").is_none());
+    }
+
     #[tokio::test]
     async fn execute_rejects_absolute_path() {
         // Trust-boundary pin: image_path must stay inside the workspace
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index f0b75de0..56d69715 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -63,8 +63,8 @@ provider's keyring entry.
 
 For hosted, generic OpenAI-compatible, or self-hosted providers, set
 `provider = "nvidia-nim"`, `"openai"`, `"atlascloud"`, `"wanjie-ark"`,
-`"openrouter"`, `"novita"`, `"fireworks"`, `"moonshot"`, `"sglang"`,
-`"vllm"`, or `"ollama"` or pass `codewhale --provider <name>`.
+`"openrouter"`, `"xiaomi-mimo"`, `"novita"`, `"fireworks"`, `"moonshot"`,
+`"sglang"`, `"vllm"`, or `"ollama"` or pass `codewhale --provider <name>`.
 For the provider-by-provider registry, including auth variables, default base
 URLs, model IDs, and capability metadata, see [PROVIDERS.md](PROVIDERS.md).
 The facade saves provider credentials to the shared user config and forwards
@@ -73,6 +73,7 @@ the resolved key, base URL, provider, and model to the TUI process. Use
 `codewhale auth set --provider openai --api-key "YOUR_OPENAI_COMPATIBLE_API_KEY"` or
 `codewhale auth set --provider atlascloud --api-key "YOUR_ATLASCLOUD_API_KEY"` or
 `codewhale auth set --provider wanjie-ark --api-key "YOUR_WANJIE_API_KEY"` or
+`codewhale auth set --provider xiaomi-mimo --api-key "YOUR_XIAOMI_MIMO_API_KEY"` or
 `codewhale auth set --provider fireworks --api-key "YOUR_FIREWORKS_API_KEY"`
 to save provider keys through the facade. The generic `openai` provider defaults
 to `https://api.openai.com/v1`, accepts `OPENAI_BASE_URL`, and defaults to
@@ -129,6 +130,25 @@ environment override is `DEEPSEEK_HTTP_HEADERS`, using comma-separated
 and `Content-Type` are managed by the client and are not overridden by this
 setting.
 
+### Vision Model
+
+CodeWhale's chat provider and `image_analyze` tool are configured separately.
+The main chat path remains the selected text/tool provider; image analysis runs
+through `[vision_model]` when the `vision_model` feature is enabled.
+
+Xiaomi's current image-understanding docs include `mimo-v2.5` for image input.
+To use MiMo for `image_analyze`, configure the vision model explicitly:
+
+```toml
+[features]
+vision_model = true
+
+[vision_model]
+model = "mimo-v2.5"
+api_key = "YOUR_XIAOMI_MIMO_API_KEY"
+base_url = "https://api.xiaomimimo.com/v1"
+```
+
 To bootstrap MCP and skills directories at their resolved paths, run `codewhale-tui setup`.
 To only scaffold MCP, run `codewhale-tui mcp init`.
 
@@ -207,7 +227,7 @@ aliases. When both forms are set the `CODEWHALE_*` value wins; the
 `DEEPSEEK_*` form is kept for older shells:
 
 - `CODEWHALE_PROVIDER` (preferred) / `DEEPSEEK_PROVIDER` (legacy alias) —
-  `deepseek|nvidia-nim|openai|atlascloud|wanjie-ark|openrouter|novita|fireworks|moonshot|sglang|vllm|ollama`
+  `deepseek|nvidia-nim|openai|atlascloud|wanjie-ark|openrouter|xiaomi-mimo|novita|fireworks|moonshot|sglang|vllm|ollama`
 - `CODEWHALE_MODEL` (preferred) / `DEEPSEEK_MODEL` (legacy alias) — default model for the active provider
 - `CODEWHALE_BASE_URL` (preferred) / `DEEPSEEK_BASE_URL` (legacy alias) — base URL for the active provider
 
@@ -232,6 +252,9 @@ Remaining variables:
 - `WANJIE_ARK_MODEL`, `WANJIE_MODEL`, or `WANJIE_MAAS_MODEL`
 - `OPENROUTER_API_KEY`
 - `OPENROUTER_BASE_URL`
+- `XIAOMI_MIMO_API_KEY` or `MIMO_API_KEY`
+- `XIAOMI_MIMO_BASE_URL` or `MIMO_BASE_URL`
+- `XIAOMI_MIMO_MODEL` or `MIMO_MODEL`
 - `NOVITA_API_KEY`
 - `NOVITA_BASE_URL`
 - `FIREWORKS_API_KEY`
@@ -441,10 +464,10 @@ If you are upgrading from older releases:
 
 ### Core keys (used by the TUI/engine)
 
-- `provider` (string, optional): `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, or `ollama`. Legacy `deepseek-cn` configs are still accepted as an alias for `deepseek`; DeepSeek uses the same official host [`https://api.deepseek.com`](https://api-docs.deepseek.com/) worldwide. `nvidia-nim` targets NVIDIA's NIM-hosted DeepSeek endpoints through `https://integrate.api.nvidia.com/v1`; `openai` targets a generic OpenAI-compatible endpoint, defaulting to `https://api.openai.com/v1`; `atlascloud` targets AtlasCloud's OpenAI-compatible endpoint at `https://api.atlascloud.ai/v1`; `wanjie-ark` targets Wanjie Ark's OpenAI-compatible endpoint at `https://maas-openapi.wanjiedata.com/api/v1`; `openrouter` targets `https://openrouter.ai/api/v1`; `novita` targets `https://api.novita.ai/v1`; `fireworks` targets `https://api.fireworks.ai/inference/v1`; `moonshot` targets Moonshot/Kimi, defaulting to `https://api.moonshot.ai/v1`; `sglang` targets a self-hosted OpenAI-compatible endpoint, defaulting to `http://localhost:30000/v1`; `vllm` targets a self-hosted vLLM OpenAI-compatible endpoint, defaulting to `http://localhost:8000/v1`; `ollama` targets Ollama's OpenAI-compatible endpoint, defaulting to `http://localhost:11434/v1`.
+- `provider` (string, optional): `deepseek` (default), `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`, `xiaomi-mimo`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, or `ollama`. Legacy `deepseek-cn` configs are still accepted as an alias for `deepseek`; DeepSeek uses the same official host [`https://api.deepseek.com`](https://api-docs.deepseek.com/) worldwide. `nvidia-nim` targets NVIDIA's NIM-hosted DeepSeek endpoints through `https://integrate.api.nvidia.com/v1`; `openai` targets a generic OpenAI-compatible endpoint, defaulting to `https://api.openai.com/v1`; `atlascloud` targets AtlasCloud's OpenAI-compatible endpoint at `https://api.atlascloud.ai/v1`; `wanjie-ark` targets Wanjie Ark's OpenAI-compatible endpoint at `https://maas-openapi.wanjiedata.com/api/v1`; `openrouter` targets `https://openrouter.ai/api/v1`; `xiaomi-mimo` targets Xiaomi MiMo's OpenAI-compatible endpoint at `https://api.xiaomimimo.com/v1`; `novita` targets `https://api.novita.ai/v1`; `fireworks` targets `https://api.fireworks.ai/inference/v1`; `moonshot` targets Moonshot/Kimi, defaulting to `https://api.moonshot.ai/v1`; `sglang` targets a self-hosted OpenAI-compatible endpoint, defaulting to `http://localhost:30000/v1`; `vllm` targets a self-hosted vLLM OpenAI-compatible endpoint, defaulting to `http://localhost:8000/v1`; `ollama` targets Ollama's OpenAI-compatible endpoint, defaulting to `http://localhost:11434/v1`.
 - `api_key` (string, required for hosted providers): must be non-empty for DeepSeek/hosted providers (or set the provider API key env var). Self-hosted SGLang, vLLM, and Ollama can omit it.
-- `base_url` (string, optional): defaults to `https://api.deepseek.com/beta` for DeepSeek's OpenAI-compatible Chat Completions API, including legacy `provider = "deepseek-cn"` configs. Other defaults are `https://integrate.api.nvidia.com/v1` for `nvidia-nim`, `https://api.openai.com/v1` for `openai`, `https://api.atlascloud.ai/v1` for `atlascloud`, `https://maas-openapi.wanjiedata.com/api/v1` for `wanjie-ark`, `https://openrouter.ai/api/v1` for `openrouter`, `https://api.novita.ai/v1` for `novita`, `https://api.fireworks.ai/inference/v1` for `fireworks`, `https://api.moonshot.ai/v1` for `moonshot`, `http://localhost:30000/v1` for `sglang`, `http://localhost:8000/v1` for `vllm`, and `http://localhost:11434/v1` for `ollama`. Set `https://api.deepseek.com` or `https://api.deepseek.com/v1` explicitly to opt out of DeepSeek beta features.
-- `default_text_model` (string, optional): defaults to `deepseek-v4-pro` for DeepSeek and generic OpenAI-compatible endpoints, `deepseek-ai/deepseek-v4-pro` for NVIDIA NIM, `deepseek-ai/deepseek-v4-flash` for AtlasCloud, `deepseek-reasoner` for Wanjie Ark, `deepseek/deepseek-v4-pro` for OpenRouter and Novita, `accounts/fireworks/models/deepseek-v4-pro` for Fireworks, `kimi-k2.6` for Moonshot, `deepseek-ai/DeepSeek-V4-Pro` for SGLang/vLLM, and `deepseek-coder:1.3b` for Ollama. Current public DeepSeek IDs are `deepseek-v4-pro` and `deepseek-v4-flash`, both with 1M context windows, 384K max output, and thinking mode enabled by default. Legacy `deepseek-chat` and `deepseek-reasoner` remain compatibility aliases for `deepseek-v4-flash` until July 24, 2026. Provider-specific mappings translate `deepseek-v4-pro` / `deepseek-v4-flash` to each provider's model ID where supported. Generic `openai`, `atlascloud`, `wanjie-ark`, and Ollama model IDs are passed through unchanged. OpenRouter provider configs with a custom `base_url` also preserve explicit model values, which lets OpenAI-compatible gateways accept bare model IDs. Use `/models` or `codewhale models` to discover live IDs from your configured endpoint. `CODEWHALE_MODEL` overrides this for a single process; `DEEPSEEK_MODEL` is the legacy alias.
+- `base_url` (string, optional): defaults to `https://api.deepseek.com/beta` for DeepSeek's OpenAI-compatible Chat Completions API, including legacy `provider = "deepseek-cn"` configs. Other defaults are `https://integrate.api.nvidia.com/v1` for `nvidia-nim`, `https://api.openai.com/v1` for `openai`, `https://api.atlascloud.ai/v1` for `atlascloud`, `https://maas-openapi.wanjiedata.com/api/v1` for `wanjie-ark`, `https://openrouter.ai/api/v1` for `openrouter`, `https://api.xiaomimimo.com/v1` for `xiaomi-mimo`, `https://api.novita.ai/v1` for `novita`, `https://api.fireworks.ai/inference/v1` for `fireworks`, `https://api.moonshot.ai/v1` for `moonshot`, `http://localhost:30000/v1` for `sglang`, `http://localhost:8000/v1` for `vllm`, and `http://localhost:11434/v1` for `ollama`. Set `https://api.deepseek.com` or `https://api.deepseek.com/v1` explicitly to opt out of DeepSeek beta features.
+- `default_text_model` (string, optional): defaults to `deepseek-v4-pro` for DeepSeek and generic OpenAI-compatible endpoints, `deepseek-ai/deepseek-v4-pro` for NVIDIA NIM, `deepseek-ai/deepseek-v4-flash` for AtlasCloud, `deepseek-reasoner` for Wanjie Ark, `deepseek/deepseek-v4-pro` for OpenRouter and Novita, `mimo-v2.5-pro` for Xiaomi MiMo, `accounts/fireworks/models/deepseek-v4-pro` for Fireworks, `kimi-k2.6` for Moonshot, `deepseek-ai/DeepSeek-V4-Pro` for SGLang/vLLM, and `deepseek-coder:1.3b` for Ollama. Current public DeepSeek IDs are `deepseek-v4-pro` and `deepseek-v4-flash`, both with 1M context windows, 384K max output, and thinking mode enabled by default. Legacy `deepseek-chat` and `deepseek-reasoner` remain compatibility aliases for `deepseek-v4-flash` until July 24, 2026. Provider-specific mappings translate `deepseek-v4-pro` / `deepseek-v4-flash` to each provider's model ID where supported. Generic `openai`, `atlascloud`, `wanjie-ark`, `xiaomi-mimo`, and Ollama model IDs are passed through unchanged. OpenRouter provider configs with a custom `base_url` also preserve explicit model values, which lets OpenAI-compatible gateways accept bare model IDs. Use `/models` or `codewhale models` to discover live IDs from your configured endpoint. `CODEWHALE_MODEL` overrides this for a single process; `DEEPSEEK_MODEL` is the legacy alias.
 - `reasoning_effort` (string, optional): `off`, `low`, `medium`, `high`, or `max`; defaults to the configured UI tier. DeepSeek Platform receives top-level `thinking` / `reasoning_effort` fields. NVIDIA NIM receives equivalent settings through `chat_template_kwargs`.
 - `allow_shell` (bool, optional): defaults to `true` (sandboxed).
 - `approval_policy` (string, optional): `on-request`, `untrusted`, or `never`. Runtime `approval_mode` editing in `/config` also accepts `on-request` and `untrusted` aliases.
diff --git a/docs/PROVIDERS.md b/docs/PROVIDERS.md
index 1c0950ee..b928a08d 100644
--- a/docs/PROVIDERS.md
+++ b/docs/PROVIDERS.md
@@ -6,11 +6,11 @@ limited to provider IDs, config keys, auth paths, base URLs, model resolution,
 and capability metadata that the code already knows about.
 
 DeepSeek remains the first-class default provider. NVIDIA NIM, OpenRouter,
-Novita, Fireworks, generic OpenAI-compatible endpoints, self-hosted runtimes,
-and Moonshot/Kimi are additive routes for running the same terminal harness
-against other hosted or local model endpoints. Hugging Face Inference Providers
-are a planned additive open-model routing layer; they are not a native provider
-in this checkout yet.
+Xiaomi MiMo, Novita, Fireworks, generic OpenAI-compatible endpoints,
+self-hosted runtimes, and Moonshot/Kimi are additive routes for running the
+same terminal harness against other hosted or local model endpoints. Hugging
+Face Inference Providers are a planned additive open-model routing layer; they
+are not a native provider in this checkout yet.
 
 Sources to keep in sync:
 
@@ -30,7 +30,8 @@ Sources to keep in sync:
 The canonical provider IDs are:
 
 `deepseek`, `nvidia-nim`, `openai`, `atlascloud`, `wanjie-ark`, `openrouter`,
-`novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, and `ollama`.
+`xiaomi-mimo`, `novita`, `fireworks`, `moonshot`, `sglang`, `vllm`, and
+`ollama`.
 
 Use any of these surfaces to select a provider:
 
@@ -116,6 +117,7 @@ endpoint.
 | `atlascloud` | `[providers.atlascloud]` | `ATLASCLOUD_API_KEY` | `ATLASCLOUD_BASE_URL`; default `https://api.atlascloud.ai/v1` | Default config model `deepseek-ai/deepseek-v4-flash` | OpenAI-compatible hosted route. `ATLASCLOUD_MODEL` is accepted by the TUI config path. The static `ModelRegistry` does not currently list AtlasCloud rows. |
 | `wanjie-ark` | `[providers.wanjie_ark]` | `WANJIE_ARK_API_KEY`, `WANJIE_API_KEY`, `WANJIE_MAAS_API_KEY` | `WANJIE_ARK_BASE_URL`, `WANJIE_BASE_URL`, `WANJIE_MAAS_BASE_URL`; default `https://maas-openapi.wanjiedata.com/api/v1` | `deepseek-reasoner` | OpenAI-compatible hosted route. `WANJIE_ARK_MODEL`, `WANJIE_MODEL`, and `WANJIE_MAAS_MODEL` are accepted. |
 | `openrouter` | `[providers.openrouter]` | `OPENROUTER_API_KEY` | `OPENROUTER_BASE_URL`; default `https://openrouter.ai/api/v1` | `deepseek/deepseek-v4-pro`, `deepseek/deepseek-v4-flash` | Additive open-model routing layer. It does not replace DeepSeek; it lets users route supported model IDs through OpenRouter when they choose it. |
+| `xiaomi-mimo` | `[providers.xiaomi_mimo]` | `XIAOMI_MIMO_API_KEY`, `MIMO_API_KEY` | `XIAOMI_MIMO_BASE_URL`, `MIMO_BASE_URL`; default `https://api.xiaomimimo.com/v1` | `mimo-v2.5-pro`, `mimo-v2.5` | Xiaomi MiMo OpenAI-compatible chat completions route. It sends `max_completion_tokens` and uses MiMo's `thinking` field for reasoning control. |
 | `novita` | `[providers.novita]` | `NOVITA_API_KEY` | `NOVITA_BASE_URL`; default `https://api.novita.ai/v1` | `deepseek/deepseek-v4-pro`, `deepseek/deepseek-v4-flash` | OpenAI-compatible hosted route for DeepSeek model IDs. Use config or `CODEWHALE_MODEL` / `DEEPSEEK_MODEL` for model overrides. |
 | `fireworks` | `[providers.fireworks]` | `FIREWORKS_API_KEY` | `FIREWORKS_BASE_URL`; default `https://api.fireworks.ai/inference/v1` | `accounts/fireworks/models/deepseek-v4-pro` | OpenAI-compatible hosted route. Use config or `CODEWHALE_MODEL` / `DEEPSEEK_MODEL` for model overrides. |
 | `moonshot` | `[providers.moonshot]` | `MOONSHOT_API_KEY`, `KIMI_API_KEY` | `MOONSHOT_BASE_URL`, `KIMI_BASE_URL`; default `https://api.moonshot.ai/v1` | `kimi-k2.6`; Kimi Code path uses `kimi-for-coding` at `https://api.kimi.com/coding/v1` | Moonshot/Kimi route. `MOONSHOT_MODEL`, `KIMI_MODEL_NAME`, and `KIMI_MODEL` are accepted. `[providers.moonshot] auth_mode = "kimi_oauth"` reads Kimi CLI OAuth credentials when present. |
@@ -123,6 +125,15 @@ endpoint.
 | `vllm` | `[providers.vllm]` | Optional `VLLM_API_KEY` | `VLLM_BASE_URL`; default `http://localhost:8000/v1` | `deepseek-ai/DeepSeek-V4-Pro`, `deepseek-ai/DeepSeek-V4-Flash` | Self-hosted vLLM OpenAI-compatible route. Localhost deployments commonly omit auth. `VLLM_MODEL` is accepted. |
 | `ollama` | `[providers.ollama]` | Optional `OLLAMA_API_KEY` | `OLLAMA_BASE_URL`; default `http://localhost:11434/v1` | `deepseek-coder:1.3b`; provider-hinted custom tags pass through | Self-hosted Ollama OpenAI-compatible route. Localhost deployments commonly omit auth. `OLLAMA_MODEL` is accepted. |
 
+### Xiaomi MiMo Notes
+
+`xiaomi-mimo` defaults to `mimo-v2.5-pro` for long-context reasoning and coding
+work, while the static registry also exposes `mimo-v2.5`. Xiaomi's current
+[image-understanding guide](https://platform.xiaomimimo.com/docs/en-US/usage-guide/multimodal-understanding/image-understanding)
+includes `mimo-v2.5` for image input. CodeWhale exposes image analysis through the
+separate `[vision_model]` / `image_analyze` path; set that model to
+`mimo-v2.5` when using MiMo for vision.
+
 ## Static Model Registry
 
 `codewhale model list` and `codewhale model resolve` use the static registry in
@@ -137,6 +148,7 @@ endpoint when the endpoint supports model listing.
 | `openai` | `deepseek-v4-pro`, `deepseek-v4-flash` | yes | yes |
 | `wanjie-ark` | `deepseek-reasoner` | yes | yes |
 | `openrouter` | `deepseek/deepseek-v4-pro`, `deepseek/deepseek-v4-flash` | yes | yes |
+| `xiaomi-mimo` | `mimo-v2.5-pro`, `mimo-v2.5` | yes | yes |
 | `novita` | `deepseek/deepseek-v4-pro`, `deepseek/deepseek-v4-flash` | yes | yes |
 | `fireworks` | `accounts/fireworks/models/deepseek-v4-pro` | yes | yes |
 | `moonshot` | `kimi-k2.6` | yes | yes |
@@ -164,6 +176,7 @@ All shipped providers use the Chat Completions request payload mode today.
 | DeepSeek compatibility aliases (`deepseek-chat`, `deepseek-reasoner`) | 1,000,000 | 384,000 | yes | yes | DeepSeek beta only |
 | NVIDIA NIM V4 registry models | 1,000,000 | 384,000 | yes | yes | not documented in code |
 | OpenRouter, Novita, Fireworks, SGLang, and vLLM V4 model IDs | 1,000,000 | 384,000 | yes | no | not documented in code |
+| Xiaomi MiMo models | 1,000,000 | 128,000 | yes | no | not documented in code |
 | Wanjie Ark `reasoner` / `r1` model IDs | 128,000 | 4,096 | yes | no | not documented in code |
 | Generic `openai`, AtlasCloud, and Moonshot/Kimi | 128,000 | 4,096 | no in doctor capability metadata | no | not documented in code |
 | Ollama | 8,192 | 4,096 | no | no | not documented in code |

From e7c61deefdf3bcb961cf49f033d718e75f4939f0 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 22:11:35 -0700
Subject: [PATCH 271/283] fix(tui): key MiMo vision token field off model id

---
 crates/tui/src/vision/tools.rs | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/crates/tui/src/vision/tools.rs b/crates/tui/src/vision/tools.rs
index 37e8507f..41cc41c1 100644
--- a/crates/tui/src/vision/tools.rs
+++ b/crates/tui/src/vision/tools.rs
@@ -70,7 +70,18 @@ impl ImageAnalyzeTool {
         self.config.api_key.clone().unwrap_or_default()
     }
 
-    fn uses_max_completion_tokens(base_url: &str) -> bool {
+    fn is_xiaomi_mimo_model(model: &str) -> bool {
+        let normalized = model.trim().to_ascii_lowercase();
+        let normalized = normalized.strip_prefix("xiaomi/").unwrap_or(&normalized);
+        normalized.starts_with("mimo-")
+    }
+
+    fn uses_max_completion_tokens(config: &VisionModelConfig) -> bool {
+        if Self::is_xiaomi_mimo_model(&config.model) {
+            return true;
+        }
+
+        let base_url = config.base_url.as_deref().unwrap_or_default();
         let Ok(url) = reqwest::Url::parse(base_url) else {
             return false;
         };
@@ -102,7 +113,7 @@ impl ImageAnalyzeTool {
             "temperature": 0.7
         });
 
-        let token_limit_field = if Self::uses_max_completion_tokens(&self.base_url()) {
+        let token_limit_field = if Self::uses_max_completion_tokens(&self.config) {
             "max_completion_tokens"
         } else {
             "max_tokens"
@@ -317,6 +328,22 @@ mod tests {
         assert!(payload.get("max_tokens").is_none());
     }
 
+    #[test]
+    fn xiaomi_mimo_vision_payload_uses_max_completion_tokens_with_custom_proxy() {
+        let mut config = fake_config();
+        config.model = "mimo-v2.5".to_string();
+        config.base_url = Some("https://vision-proxy.example.invalid/v1".to_string());
+        let tool = ImageAnalyzeTool::new(config);
+
+        let payload = tool.request_payload("describe", "abc123", "image/png");
+
+        assert_eq!(
+            payload.get("max_completion_tokens").and_then(Value::as_u64),
+            Some(u64::from(DEFAULT_VISION_MAX_OUTPUT_TOKENS))
+        );
+        assert!(payload.get("max_tokens").is_none());
+    }
+
     #[tokio::test]
     async fn execute_rejects_absolute_path() {
         // Trust-boundary pin: image_path must stay inside the workspace

From 4565efac5fa60ed38b2fc03a00e5a03c240f2a33 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 22:19:31 -0700
Subject: [PATCH 272/283] fix(tui): polish folded thinking tests

---
 crates/tui/src/tui/transcript.rs | 19 ++++++++++---------
 crates/tui/src/tui/ui.rs         |  6 ++----
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/crates/tui/src/tui/transcript.rs b/crates/tui/src/tui/transcript.rs
index a87ab90f..c1718475 100644
--- a/crates/tui/src/tui/transcript.rs
+++ b/crates/tui/src/tui/transcript.rs
@@ -128,7 +128,14 @@ impl TranscriptViewCache {
         width: u16,
         options: TranscriptRenderOptions,
     ) {
-        self.ensure_split(&[cells], cell_revisions, width, options, &HashSet::new(), None);
+        self.ensure_split(
+            &[cells],
+            cell_revisions,
+            width,
+            options,
+            &HashSet::new(),
+            None,
+        );
     }
 
     /// Ensure cached lines match the provided cell shards (logically
@@ -1095,15 +1102,9 @@ mod tests {
 
         // No collapsing, no folding — baseline.
         let mut cache = TranscriptViewCache::new();
-        cache.ensure_split(
-            &[&cells],
-            &revisions,
-            width,
-            options,
-            &HashSet::new(),
-            None,
-        );
+        cache.ensure_split(&[&cells], &revisions, width, options, &HashSet::new(), None);
         let baseline = cache.total_lines();
+        assert!(baseline > 0, "baseline render should contain visible lines");
 
         // Collapse cell 0, fold cell 1. The filtered list has only cell 1
         // at filtered index 0, but it maps to original index 1.
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index b4fd5fcc..7c8eafa9 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -2961,12 +2961,10 @@ async fn run_event_loop(
                         if is_thinking {
                             if app.folded_thinking.contains(&idx) {
                                 app.folded_thinking.remove(&idx);
-                                app.status_message =
-                                    Some("Thinking block expanded".to_string());
+                                app.status_message = Some("Thinking block expanded".to_string());
                             } else {
                                 app.folded_thinking.insert(idx);
-                                app.status_message =
-                                    Some("Thinking block folded".to_string());
+                                app.status_message = Some("Thinking block folded".to_string());
                             }
                         } else if app.collapsed_cells.contains(&idx) {
                             app.collapsed_cells.remove(&idx);

From ab81d1a2e1d114e376ea4d1cdf3866f4c98702ba Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 22:30:51 -0700
Subject: [PATCH 273/283] fix(runtime): report custom skills search directories

---
 crates/tui/src/runtime_api.rs | 50 ++++++++++++++++++++++++++++++-----
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index ffa7fd77..553d308a 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -4,7 +4,7 @@ use std::collections::HashSet;
 use std::convert::Infallible;
 use std::fs;
 use std::net::SocketAddr;
-use std::path::PathBuf;
+use std::path::{Path as FsPath, PathBuf};
 use std::process::Command;
 use std::sync::Arc;
 use std::time::Duration;
@@ -961,10 +961,9 @@ async fn list_skills(
     State(state): State<RuntimeApiState>,
 ) -> Result<Json<SkillsResponse>, ApiError> {
     let skills_dir = resolve_skills_dir(&state.config, &state.workspace);
-    let registry =
-        crate::skills::discover_for_workspace_and_dir(&state.workspace, &skills_dir);
+    let registry = crate::skills::discover_for_workspace_and_dir(&state.workspace, &skills_dir);
     let skill_state = state.skill_state.lock().await;
-    let directories = crate::skills::skills_directories(&state.workspace);
+    let directories = skills_search_directories(&state.workspace, &skills_dir);
     let skills = registry
         .list()
         .iter()
@@ -990,12 +989,12 @@ async fn set_skill_enabled(
     Json(req): Json<SetSkillEnabledRequest>,
 ) -> Result<Json<SetSkillEnabledResponse>, ApiError> {
     let skills_dir = resolve_skills_dir(&state.config, &state.workspace);
-    let registry =
-        crate::skills::discover_for_workspace_and_dir(&state.workspace, &skills_dir);
+    let registry = crate::skills::discover_for_workspace_and_dir(&state.workspace, &skills_dir);
     let exists = registry.list().iter().any(|skill| skill.name == name);
     if !exists {
         return Err(ApiError::not_found(format!(
-            "skill '{name}' not found"
+            "skill '{name}' not found in searched directories: {}",
+            format_skill_search_paths(&skills_search_directories(&state.workspace, &skills_dir))
         )));
     }
 
@@ -1771,6 +1770,25 @@ fn resolve_skills_dir(config: &Config, workspace: &std::path::Path) -> PathBuf {
     config.skills_dir()
 }
 
+fn skills_search_directories(workspace: &FsPath, skills_dir: &FsPath) -> Vec<PathBuf> {
+    let mut directories = crate::skills::skills_directories(workspace);
+    if skills_dir.is_dir() && !directories.iter().any(|path| path == skills_dir) {
+        directories.push(skills_dir.to_path_buf());
+    }
+    directories
+}
+
+fn format_skill_search_paths(directories: &[PathBuf]) -> String {
+    if directories.is_empty() {
+        return "<none>".to_string();
+    }
+    directories
+        .iter()
+        .map(|path| path.display().to_string())
+        .collect::<Vec<_>>()
+        .join(", ")
+}
+
 fn load_mcp_config_or_default(path: &std::path::Path) -> Result<McpConfig, ApiError> {
     crate::mcp::load_config(path)
         .map_err(|e| ApiError::internal(format!("Failed to load MCP config: {e:#}")))
@@ -3890,6 +3908,24 @@ mod tests {
         assert_eq!(resolved, expected);
     }
 
+    #[test]
+    fn skills_search_directories_includes_custom_skills_dir() {
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let workspace = tmp.path().join("workspace");
+        let custom_skills = tmp.path().join("custom-skills");
+        fs::create_dir_all(&workspace).expect("create workspace");
+        fs::create_dir_all(&custom_skills).expect("create custom skills");
+
+        let directories = skills_search_directories(&workspace, &custom_skills);
+
+        assert!(
+            directories.iter().any(|dir| dir == &custom_skills),
+            "custom skills_dir must be reported when discovery searches it"
+        );
+        let message = format_skill_search_paths(&directories);
+        assert!(message.contains("custom-skills"));
+    }
+
     /// A `skills` symlink that points outside the workspace must NOT be
     /// returned as the resolved skills directory. Containment check ensures
     /// the canonicalized candidate stays under the canonicalized workspace

From 39fc14b948d677808a5928e27f4ab6c3bc907391 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 22:42:47 -0700
Subject: [PATCH 274/283] fix(runtime): identify bundled skill entries by path

---
 crates/tui/src/runtime_api.rs | 81 ++++++++++++++++++++++++++++++++---
 crates/tui/src/skills/mod.rs  |  4 ++
 2 files changed, 80 insertions(+), 5 deletions(-)

diff --git a/crates/tui/src/runtime_api.rs b/crates/tui/src/runtime_api.rs
index 553d308a..3b2de2f6 100644
--- a/crates/tui/src/runtime_api.rs
+++ b/crates/tui/src/runtime_api.rs
@@ -961,9 +961,8 @@ async fn list_skills(
     State(state): State<RuntimeApiState>,
 ) -> Result<Json<SkillsResponse>, ApiError> {
     let skills_dir = resolve_skills_dir(&state.config, &state.workspace);
-    let registry = crate::skills::discover_for_workspace_and_dir(&state.workspace, &skills_dir);
+    let (registry, directories) = discover_skills_for_runtime_api(&state.workspace, &skills_dir);
     let skill_state = state.skill_state.lock().await;
-    let directories = skills_search_directories(&state.workspace, &skills_dir);
     let skills = registry
         .list()
         .iter()
@@ -972,7 +971,7 @@ async fn list_skills(
             description: skill.description.clone(),
             path: skill.path.clone(),
             enabled: skill_state.is_enabled(&skill.name),
-            is_bundled: crate::skills::is_bundled_skill_name(&skill.name),
+            is_bundled: skill_entry_is_bundled(skill, &skills_dir),
         })
         .collect();
     Ok(Json(SkillsResponse {
@@ -989,12 +988,12 @@ async fn set_skill_enabled(
     Json(req): Json<SetSkillEnabledRequest>,
 ) -> Result<Json<SetSkillEnabledResponse>, ApiError> {
     let skills_dir = resolve_skills_dir(&state.config, &state.workspace);
-    let registry = crate::skills::discover_for_workspace_and_dir(&state.workspace, &skills_dir);
+    let (registry, directories) = discover_skills_for_runtime_api(&state.workspace, &skills_dir);
     let exists = registry.list().iter().any(|skill| skill.name == name);
     if !exists {
         return Err(ApiError::not_found(format!(
             "skill '{name}' not found in searched directories: {}",
-            format_skill_search_paths(&skills_search_directories(&state.workspace, &skills_dir))
+            format_skill_search_paths(&directories)
         )));
     }
 
@@ -1778,6 +1777,31 @@ fn skills_search_directories(workspace: &FsPath, skills_dir: &FsPath) -> Vec<Pat
     directories
 }
 
+fn discover_skills_for_runtime_api(
+    workspace: &FsPath,
+    skills_dir: &FsPath,
+) -> (crate::skills::SkillRegistry, Vec<PathBuf>) {
+    let directories = skills_search_directories(workspace, skills_dir);
+    let registry = crate::skills::discover_from_directories(directories.clone());
+    (registry, directories)
+}
+
+fn skill_entry_is_bundled(skill: &crate::skills::Skill, skills_dir: &FsPath) -> bool {
+    if !crate::skills::is_bundled_skill_name(&skill.name) {
+        return false;
+    }
+
+    let expected_path = skills_dir.join(&skill.name).join("SKILL.md");
+    paths_refer_to_same_file(&skill.path, &expected_path)
+}
+
+fn paths_refer_to_same_file(left: &FsPath, right: &FsPath) -> bool {
+    match (fs::canonicalize(left), fs::canonicalize(right)) {
+        (Ok(left), Ok(right)) => left == right,
+        _ => left == right,
+    }
+}
+
 fn format_skill_search_paths(directories: &[PathBuf]) -> String {
     if directories.is_empty() {
         return "<none>".to_string();
@@ -3926,6 +3950,53 @@ mod tests {
         assert!(message.contains("custom-skills"));
     }
 
+    #[test]
+    fn skill_entry_is_bundled_requires_configured_bundle_path() {
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let bundled_skills_dir = tmp.path().join("bundled-skills");
+        let bundled_skill_path = bundled_skills_dir.join("delegate").join("SKILL.md");
+        let override_skill_path = tmp
+            .path()
+            .join("workspace")
+            .join(".agents")
+            .join("skills")
+            .join("delegate")
+            .join("SKILL.md");
+        fs::create_dir_all(bundled_skill_path.parent().expect("bundled parent"))
+            .expect("create bundled skill dir");
+        fs::create_dir_all(override_skill_path.parent().expect("override parent"))
+            .expect("create override skill dir");
+        fs::write(
+            &bundled_skill_path,
+            "---\nname: delegate\ndescription: bundled\n---\n",
+        )
+        .expect("write bundled skill");
+        fs::write(
+            &override_skill_path,
+            "---\nname: delegate\ndescription: override\n---\n",
+        )
+        .expect("write override skill");
+
+        let bundled_skill = crate::skills::Skill {
+            name: "delegate".to_string(),
+            description: String::new(),
+            body: String::new(),
+            path: bundled_skill_path,
+        };
+        let override_skill = crate::skills::Skill {
+            name: "delegate".to_string(),
+            description: String::new(),
+            body: String::new(),
+            path: override_skill_path,
+        };
+
+        assert!(skill_entry_is_bundled(&bundled_skill, &bundled_skills_dir));
+        assert!(!skill_entry_is_bundled(
+            &override_skill,
+            &bundled_skills_dir
+        ));
+    }
+
     /// A `skills` symlink that points outside the workspace must NOT be
     /// returned as the resolved skills directory. Containment check ensures
     /// the canonicalized candidate stays under the canonicalized workspace
diff --git a/crates/tui/src/skills/mod.rs b/crates/tui/src/skills/mod.rs
index d962d32e..d2c2f6ad 100644
--- a/crates/tui/src/skills/mod.rs
+++ b/crates/tui/src/skills/mod.rs
@@ -580,6 +580,10 @@ fn discover_for_workspace_dirs_and_dir(mut dirs: Vec<PathBuf>, skills_dir: &Path
         dirs.push(skills_dir.to_path_buf());
     }
 
+    discover_from_directories(dirs)
+}
+
+pub(crate) fn discover_from_directories(dirs: impl IntoIterator<Item = PathBuf>) -> SkillRegistry {
     let mut merged = SkillRegistry::default();
     for dir in dirs {
         let registry = SkillRegistry::discover(&dir);

From 6df08a3dc2357be533788c770497f2ad865ece54 Mon Sep 17 00:00:00 2001
From: Justin Gao <atomyuangao@gmail.com>
Date: Sun, 31 May 2026 13:42:57 +0800
Subject: [PATCH 275/283] fix(#2338): prevent known model + Auto effort from
 falling through to auto row
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The whale-route fallback in the picker constructor used show_custom_model_row
as the gate for selecting the 'auto' vs custom row, but a known DeepSeek model
(e.g. v4-pro) paired with ReasoningEffort::Auto would not match any whale route
yet still have show_custom_model_row=false — silently landing on the auto row
and replacing the explicit model with 'auto' on apply.

Key the fallback on whether the initial model is actually 'auto' instead.
When a whale-route fallback selects the custom row, ensure show_custom_model_row
is set to true so the row is visible in the picker UI.

Also:
- Add regression test: known-model + Auto effort must not fall to auto row.
- Clean up picker_auto_model_forces_auto_effort_on_apply: remove manual
  mutations of selected_model_idx / selected_effort_idx which whale-route
  mode never reads.
- Rename Porpoise → Beluga per #2016, which excludes porpoises from the
  user-facing whale pool.
---
 crates/tui/src/tui/model_picker.rs | 52 +++++++++++++++++++++---------
 crates/tui/src/tui/whale_routes.rs | 12 +++----
 2 files changed, 42 insertions(+), 22 deletions(-)

diff --git a/crates/tui/src/tui/model_picker.rs b/crates/tui/src/tui/model_picker.rs
index 398b6407..105f4bdc 100644
--- a/crates/tui/src/tui/model_picker.rs
+++ b/crates/tui/src/tui/model_picker.rs
@@ -2,7 +2,7 @@
 //!
 //! For DeepSeek providers the picker shows whale-sized routes — model + effort
 //! combinations sorted largest → fastest with friendly whale-species labels
-//! (Blue Whale, Fin Whale, …, Porpoise).  A single ↑/↓ selection sets both
+//! (Blue Whale, Fin Whale, …, Beluga).  A single ↑/↓ selection sets both
 //! model and effort at once.  The "auto" option is always available; custom
 //! (unrecognised) model ids appear as a separate row.
 //!
@@ -110,23 +110,30 @@ impl ModelPickerView {
 
         // When showing whale routes, find the matching route by position in the array
         // (not by sort_order, which happens to match today but is semantically wrong).
-        let selected_route_idx = if show_whale_routes {
-            WHALE_ROUTES
+        let (selected_route_idx, show_custom_model_row) = if show_whale_routes {
+            let idx = WHALE_ROUTES
                 .iter()
                 .position(|r| {
                     r.model.eq_ignore_ascii_case(&initial_model) && r.effort == normalized
                 })
                 .unwrap_or_else(|| {
-                    // No matching whale route — fall back to "auto" (standard model)
-                    // or the custom row (unrecognized model).
-                    if show_custom_model_row {
-                        WHALE_ROUTES.len() + 1 // custom model row
-                    } else {
+                    // No matching whale route — key the fallback on whether the
+                    // current model is actually "auto", not on show_custom_model_row.
+                    // Otherwise a known DeepSeek model (e.g. v4-pro) paired with
+                    // ReasoningEffort::Auto silently falls through to the "auto" row
+                    // and replaces the explicit model on apply.
+                    if initial_model.eq_ignore_ascii_case("auto") {
                         WHALE_ROUTES.len() // "auto" row
+                    } else {
+                        WHALE_ROUTES.len() + 1 // custom model row
                     }
-                })
+                });
+            // When the whale-route fallback selected the custom row, ensure it is
+            // visible so the user can see their current model in the picker.
+            let show_custom = show_custom_model_row || idx == WHALE_ROUTES.len() + 1;
+            (idx, show_custom)
         } else {
-            0
+            (0, show_custom_model_row)
         };
 
         Self {
@@ -621,12 +628,7 @@ mod tests {
         app.auto_model = true;
         app.reasoning_effort = ReasoningEffort::Off;
 
-        let mut view = ModelPickerView::new(&app);
-        view.selected_model_idx = 0;
-        view.selected_effort_idx = PICKER_EFFORTS
-            .iter()
-            .position(|effort| *effort == ReasoningEffort::Max)
-            .expect("max effort row");
+        let view = ModelPickerView::new(&app);
 
         assert_eq!(view.resolved_model(), "auto");
         assert_eq!(view.resolved_effort(), ReasoningEffort::Auto);
@@ -747,6 +749,24 @@ mod tests {
         assert_eq!(view.resolved_effort(), ReasoningEffort::Max);
     }
 
+    #[test]
+    fn whale_routes_known_model_auto_effort_does_not_fall_to_auto() {
+        // Regression: a known DeepSeek model paired with ReasoningEffort::Auto
+        // must NOT fall through to the "auto" row — that would silently replace
+        // the explicit model with "auto" on apply.
+        let (mut app, _lock) = create_test_app();
+        app.model = "deepseek-v4-pro".to_string();
+        app.auto_model = false;
+        app.reasoning_effort = ReasoningEffort::Auto;
+        let view = ModelPickerView::new(&app);
+        // Should fall to custom row (WHALE_ROUTES.len() + 1), not auto row.
+        assert_eq!(view.selected_route_idx, WHALE_ROUTES.len() + 1);
+        assert_eq!(view.resolved_model(), "deepseek-v4-pro");
+        assert_eq!(view.resolved_effort(), ReasoningEffort::Auto);
+        // The custom row must be visible so the user sees their current model.
+        assert!(view.show_custom_model_row);
+    }
+
     #[test]
     fn whale_routes_auto_effort_maps_to_fallback_row() {
         let (mut app, _lock) = create_test_app();
diff --git a/crates/tui/src/tui/whale_routes.rs b/crates/tui/src/tui/whale_routes.rs
index d62e90be..d4ef086f 100644
--- a/crates/tui/src/tui/whale_routes.rs
+++ b/crates/tui/src/tui/whale_routes.rs
@@ -12,7 +12,7 @@
 //! 3. Sperm Whale  — Pro + no thinking
 //! 4. Humpback     — Flash + max thinking
 //! 5. Minke Whale  — Flash + high thinking
-//! 6. Porpoise     — Flash + no thinking (smallest, fastest)
+//! 6. Beluga       — Flash + no thinking (smallest, fastest)
 //!
 //! Unknown or non-DeepSeek models fall back to the raw model id without
 //! fake whale labeling.
@@ -80,7 +80,7 @@ pub const WHALE_ROUTES: &[WhaleRoute] = &[
         description: "Fast model, moderate reasoning — tool execution, read-only scouting",
     },
     WhaleRoute {
-        label: "Porpoise",
+        label: "Beluga",
         model: "deepseek-v4-flash",
         effort: ReasoningEffort::Off,
         sort_order: 5,
@@ -135,10 +135,10 @@ mod tests {
     }
 
     #[test]
-    fn lookup_porpoise_for_flash_off() {
+    fn lookup_beluga_for_flash_off() {
         let route = WhaleRoute::for_model_effort("deepseek-v4-flash", ReasoningEffort::Off)
-            .expect("porpoise route exists");
-        assert_eq!(route.label, "Porpoise");
+            .expect("beluga route exists");
+        assert_eq!(route.label, "Beluga");
         assert_eq!(route.sort_order, 5);
     }
 
@@ -163,7 +163,7 @@ mod tests {
     #[test]
     fn by_sort_order_finds_correct_routes() {
         assert_eq!(WhaleRoute::by_sort_order(0).unwrap().label, "Blue Whale");
-        assert_eq!(WhaleRoute::by_sort_order(5).unwrap().label, "Porpoise");
+        assert_eq!(WhaleRoute::by_sort_order(5).unwrap().label, "Beluga");
         assert!(WhaleRoute::by_sort_order(99).is_none());
     }
 

From a21e9e5c8372c299426a0501ccd1775ee8140eff Mon Sep 17 00:00:00 2001
From: movic <movic.chen@gmail.com>
Date: Sun, 31 May 2026 13:53:03 +0800
Subject: [PATCH 276/283] feat: add /purge slash command for agent-driven
 context pruning

New `/purge` command lets the agent surgically remove or rewrite
conversation history via a purge_context tool call. The engine
validates and applies the operations, cascading tool-result removal
to the paired tool-use call.
---
 crates/tui/src/commands/mod.rs     |   7 +
 crates/tui/src/commands/session.rs |   8 +
 crates/tui/src/core/engine.rs      |  81 +++
 crates/tui/src/core/events.rs      |  23 +
 crates/tui/src/core/ops.rs         |   3 +
 crates/tui/src/localization.rs     |  15 +
 crates/tui/src/main.rs             |   1 +
 crates/tui/src/purge.rs            | 920 +++++++++++++++++++++++++++++
 crates/tui/src/tui/app.rs          |   4 +
 crates/tui/src/tui/footer_ui.rs    |   9 +-
 crates/tui/src/tui/ui.rs           |  35 +-
 crates/tui/src/tui/widgets/mod.rs  |   2 +-
 docs/ARCHITECTURE.md               |   4 +-
 13 files changed, 1101 insertions(+), 11 deletions(-)
 create mode 100644 crates/tui/src/purge.rs

diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index 1efea458..95088a8b 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -322,6 +322,12 @@ pub const COMMANDS: &[CommandInfo] = &[
         usage: "/compact",
         description_id: MessageId::CmdCompactDescription,
     },
+    CommandInfo {
+        name: "purge",
+        aliases: &["qingchu"],
+        usage: "/purge",
+        description_id: MessageId::CmdPurgeDescription,
+    },
     CommandInfo {
         name: "relay",
         aliases: &["batonpass", "接力"],
@@ -596,6 +602,7 @@ pub fn execute(cmd: &str, app: &mut App) -> CommandResult {
         "relay" | "batonpass" | "接力" => relay(app, arg),
         "load" | "jiazai" => session::load(app, arg),
         "compact" | "yasuo" => session::compact(app),
+        "purge" | "qingchu" => session::purge(app),
         "cycles" | "zhouqi" => cycle::list_cycles(app),
         "cycle" => cycle::show_cycle(app, arg),
         "recall" => cycle::recall_archive(app, arg),
diff --git a/crates/tui/src/commands/session.rs b/crates/tui/src/commands/session.rs
index a54426c1..fecf2bf9 100644
--- a/crates/tui/src/commands/session.rs
+++ b/crates/tui/src/commands/session.rs
@@ -292,6 +292,14 @@ pub fn compact(_app: &mut App) -> CommandResult {
     )
 }
 
+/// Trigger agent-driven context purging.
+pub fn purge(_app: &mut App) -> CommandResult {
+    CommandResult::with_message_and_action(
+        "Agent context purge triggered...".to_string(),
+        AppAction::PurgeContext,
+    )
+}
+
 /// Export conversation to markdown
 pub fn export(app: &mut App, path: Option<&str>) -> CommandResult {
     let export_path = path.map_or_else(
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index 0c85c7d2..f04a8f54 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -41,6 +41,7 @@ use crate::models::{
     MessageRequest, StreamEvent, SystemPrompt, Tool, Usage,
 };
 use crate::prompts;
+use crate::purge::{emit_purge_completed, emit_purge_failed, emit_purge_started, run_purge};
 use crate::seam_manager::{SeamConfig, SeamManager};
 use crate::tools::goal::{SharedGoalState, new_shared_goal_state};
 use crate::tools::plan::{SharedPlanState, new_shared_plan_state};
@@ -826,6 +827,9 @@ impl Engine {
                 Op::CompactContext => {
                     self.handle_manual_compaction().await;
                 }
+                Op::PurgeContext => {
+                    self.handle_purge().await;
+                }
                 Op::EditLastTurn { new_message } => {
                     // #383: /edit — remove the last user+assistant exchange
                     // from the session, then re-send with the new content.
@@ -1347,6 +1351,83 @@ impl Engine {
             .await;
     }
 
+    async fn handle_purge(&mut self) {
+        let zero_usage = Usage {
+            input_tokens: 0,
+            output_tokens: 0,
+            ..Usage::default()
+        };
+        let Some(client) = self.deepseek_client.clone() else {
+            let message = "Purge unavailable: API client not configured".to_string();
+            emit_purge_failed(&self.tx_event, message.clone()).await;
+            let _ = self
+                .tx_event
+                .send(Event::error(ErrorEnvelope::fatal_auth(message.clone())))
+                .await;
+            let _ = self
+                .tx_event
+                .send(Event::TurnComplete {
+                    usage: zero_usage,
+                    status: TurnOutcomeStatus::Failed,
+                    error: Some(message),
+                })
+                .await;
+            return;
+        };
+
+        emit_purge_started(
+            &self.tx_event,
+            "Agent context purge in progress\u{2026}".to_string(),
+        )
+        .await;
+        let messages_before = self.session.messages.len();
+
+        let (status, error) = match run_purge(
+            &client,
+            &self.session.messages,
+            &self.session.model,
+            self.session.reasoning_effort.clone(),
+            effective_max_output_tokens(&self.session.model),
+        )
+        .await
+        {
+            Ok(result) => {
+                let messages_after = result.messages.len();
+                self.session.messages = result.messages;
+                self.emit_session_updated().await;
+
+                let summary = format!(
+                    "Purge complete: {messages_before} → {messages_after} messages \
+                         ({} removed, {} condensed)",
+                    result.removed_count, result.replaced_count,
+                );
+                emit_purge_completed(
+                    &self.tx_event,
+                    messages_before,
+                    messages_after,
+                    result.removed_count,
+                    result.replaced_count,
+                    summary,
+                )
+                .await;
+                (TurnOutcomeStatus::Completed, None)
+            }
+            Err(e) => {
+                emit_purge_failed(&self.tx_event, e.clone()).await;
+                (TurnOutcomeStatus::Failed, Some(e))
+            }
+        };
+
+        let _ = self
+            .tx_event
+            .send(Event::TurnComplete {
+                usage: zero_usage,
+                status,
+                error,
+            })
+            .await;
+    }
+
     fn estimated_input_tokens(&self) -> usize {
         estimate_input_tokens_conservative(
             &self.session.messages,
diff --git a/crates/tui/src/core/events.rs b/crates/tui/src/core/events.rs
index 65e551ce..0373dc04 100644
--- a/crates/tui/src/core/events.rs
+++ b/crates/tui/src/core/events.rs
@@ -114,6 +114,29 @@ pub enum Event {
         messages_after: Option<usize>,
     },
 
+    /// Context purge started.
+    PurgeStarted {
+        /// Status message for display.
+        message: String,
+    },
+
+    /// Context purge completed.
+    PurgeCompleted {
+        /// Number of messages before purge.
+        messages_before: usize,
+        /// Number of messages after purge.
+        messages_after: usize,
+        /// How many messages were removed.
+        removed_count: usize,
+        /// How many replace operations were applied.
+        replaced_count: usize,
+        /// Summary message for display.
+        message: String,
+    },
+
+    /// Context purge failed.
+    PurgeFailed { message: String },
+
     /// Context compaction failed.
     CompactionFailed {
         id: String,
diff --git a/crates/tui/src/core/ops.rs b/crates/tui/src/core/ops.rs
index bf36d3cc..87f47945 100644
--- a/crates/tui/src/core/ops.rs
+++ b/crates/tui/src/core/ops.rs
@@ -80,6 +80,9 @@ pub enum Op {
     /// Run context compaction immediately.
     CompactContext,
 
+    /// Run agent-driven context purging.
+    PurgeContext,
+
     /// Edit the last user message: remove the last user+assistant exchange
     /// from the session, then re-send with the new content.
     #[allow(dead_code)]
diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index d01cabf0..ca6d9e73 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -259,6 +259,7 @@ pub enum MessageId {
     CmdBalanceDescription,
     CmdClearDescription,
     CmdCompactDescription,
+    CmdPurgeDescription,
     CmdConfigDescription,
     CmdContextDescription,
     CmdCostDescription,
@@ -522,6 +523,7 @@ pub const ALL_MESSAGE_IDS: &[MessageId] = &[
     MessageId::CmdCacheDescription,
     MessageId::CmdClearDescription,
     MessageId::CmdCompactDescription,
+    MessageId::CmdPurgeDescription,
     MessageId::CmdConfigDescription,
     MessageId::CmdContextDescription,
     MessageId::CmdCostDescription,
@@ -988,6 +990,9 @@ fn english(id: MessageId) -> &'static str {
         MessageId::CmdCompactDescription => {
             "Trigger context compaction to free up space (legacy; v0.6.6 prefers cycle restart)"
         }
+        MessageId::CmdPurgeDescription => {
+            "Let the agent surgically prune conversation history to free context space"
+        }
         MessageId::CmdConfigDescription => "Open interactive configuration editor",
         MessageId::CmdContextDescription => "Open compact session context inspector",
         MessageId::CmdCostDescription => "Show session cost breakdown",
@@ -1814,6 +1819,9 @@ fn japanese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdCompactDescription => {
             "コンテキスト圧縮で容量を確保（旧式：v0.6.6 以降はサイクル再起動を推奨）"
         }
+        MessageId::CmdPurgeDescription => {
+            "エージェントに会話履歴を分析させ、不要なメッセージを削除・要約"
+        }
         MessageId::CmdConfigDescription => "インタラクティブな設定エディタを開く",
         MessageId::CmdContextDescription => "コンパクトなセッションコンテキスト検査ツールを開く",
         MessageId::CmdCostDescription => "セッションのコスト内訳を表示",
@@ -2196,6 +2204,7 @@ fn chinese_simplified(id: MessageId) -> Option<&'static str> {
         MessageId::CmdCompactDescription => {
             "触发上下文压缩以释放空间（旧版命令；v0.6.6 起建议改用循环重启）"
         }
+        MessageId::CmdPurgeDescription => "让 Agent 分析对话历史，精确保留有用信息并移除冗余内容",
         MessageId::CmdConfigDescription => "打开交互式配置编辑器",
         MessageId::CmdContextDescription => "打开紧凑会话上下文检查器",
         MessageId::CmdCostDescription => "显示本次会话的费用明细",
@@ -2538,6 +2547,9 @@ fn portuguese_brazil(id: MessageId) -> Option<&'static str> {
         MessageId::CmdCompactDescription => {
             "Compactar o contexto para liberar espaço (legado; a v0.6.6 prefere o reinício de ciclo)"
         }
+        MessageId::CmdPurgeDescription => {
+            "Deixe o agente podar cirurgicamente o histórico para liberar espaço de contexto"
+        }
         MessageId::CmdConfigDescription => "Abrir o editor interativo de configuração",
         MessageId::CmdContextDescription => "Abrir o inspetor compacto de contexto da sessão",
         MessageId::CmdCostDescription => "Exibir o detalhamento de custo da sessão",
@@ -2952,6 +2964,9 @@ fn spanish_latin_america(id: MessageId) -> Option<&'static str> {
         MessageId::CmdCompactDescription => {
             "Compactar el contexto para liberar espacio (heredado; v0.6.6 prefiere reinicio de ciclo)"
         }
+        MessageId::CmdPurgeDescription => {
+            "Permite al agente eliminar quirúrgicamente historial innecesario para liberar espacio de contexto"
+        }
         MessageId::CmdConfigDescription => "Abrir el editor interactivo de configuración",
         MessageId::CmdContextDescription => "Abrir el inspector compacto de contexto de la sesión",
         MessageId::CmdCostDescription => "Mostrar el desglose de costo de la sesión",
diff --git a/crates/tui/src/main.rs b/crates/tui/src/main.rs
index 593a2f2f..5d6ca89b 100644
--- a/crates/tui/src/main.rs
+++ b/crates/tui/src/main.rs
@@ -52,6 +52,7 @@ mod pricing;
 mod project_context;
 mod project_doc;
 mod prompts;
+mod purge;
 pub mod repl;
 mod retry_status;
 pub mod rlm;
diff --git a/crates/tui/src/purge.rs b/crates/tui/src/purge.rs
new file mode 100644
index 00000000..c7e09c68
--- /dev/null
+++ b/crates/tui/src/purge.rs
@@ -0,0 +1,920 @@
+//! Agent-driven context purging.
+//!
+//! Unlike compaction (which summarises old messages via LLM), purge lets the
+//! agent analyse the conversation history and surgically remove or rewrite
+//! individual messages that are no longer needed. The agent uses the
+//! `purge_context` tool to submit a list of operations; the engine validates
+//! and executes them.
+
+use regex::Regex;
+use std::collections::{HashMap, HashSet};
+use std::fmt::Write;
+use tokio::sync::mpsc::Sender;
+
+use crate::core::events::Event;
+use crate::llm_client::LlmClient;
+use crate::models::{ContentBlock, Message, MessageRequest, Tool};
+
+// ── Prompt‑building constants ──────────────────────────────────────────────
+
+const TEXT_SNIPPET_CHARS: usize = 60;
+const TOOL_RESULT_SNIPPET_CHARS: usize = 80;
+const TOOL_USE_ARGS_CHARS: usize = 120;
+
+// ── Prompt instruction template ─────────────────────────────────────────────
+
+const PURGE_INSTRUCTIONS: &str = "\
+## Context Purge
+
+Free space in the conversation's context window. Below is the current history with stable numeric IDs.\
+Identify content that is clearly no longer needed for the ongoing work.
+
+### Operations
+
+remove  — Delete an entire message by its ID. Example:
+          {\"op\": \"remove\", \"msg\": 3}
+
+replace — Rewrite part of a specific content block using regex substitution.
+          pattern uses Rust regex syntax. Must specify both `block` and
+          `pattern` and `with`. Example:
+          {\"op\": \"replace\", \"msg\": 7, \"block\": 0,
+           \"pattern\": \"read \\\\d+ files\", \"with\": \"read files\"}
+
+### Pairing rule
+
+Every ToolUse block is paired with its ToolResult. If you remove a message
+containing a tool call, its result will be removed too — and vice versa. You
+do not need to list both.
+
+### What to keep
+
+- Important decisions, architectural choices
+- File paths that are still relevant
+- Tool outputs that contain information not yet acted upon
+
+### What to prune
+
+- Verbose tool outputs whose information has been fully consumed
+- Redundant confirmations (\"done\", \"ok\", \"that worked\")
+- Superseded file reads (the file was later written/modified)
+- Boilerplate that the model already incorporated into later work
+
+Be conservative. When in doubt, keep the message.
+
+### Conversation
+";
+
+// ── Purge operation types ───────────────────────────────────────────────────
+
+/// A single purge operation submitted by the agent.
+#[derive(Debug, Clone)]
+pub enum PurgeOp {
+    /// Remove an entire message (plus its tool-call/result counterpart).
+    Remove { msg_id: usize },
+    /// Regex-replace within a specific content block.
+    Replace {
+        msg_id: usize,
+        block_idx: usize,
+        pattern: Regex,
+        with: String,
+    },
+}
+
+/// Result of executing purge operations.
+#[derive(Debug, Clone)]
+pub struct PurgeResult {
+    /// The remaining messages after all operations.
+    pub messages: Vec<Message>,
+    /// How many messages were removed.
+    pub removed_count: usize,
+    /// How many replace operations were applied.
+    pub replaced_count: usize,
+}
+
+// ── Event emission helpers ──────────────────────────────────────────────────
+
+/// Emit a `PurgeStarted` event to the UI.
+pub async fn emit_purge_started(tx: &Sender<Event>, message: String) {
+    let _ = tx.send(Event::PurgeStarted { message }).await;
+}
+
+/// Emit a `PurgeCompleted` event to the UI.
+pub async fn emit_purge_completed(
+    tx: &Sender<Event>,
+    messages_before: usize,
+    messages_after: usize,
+    removed_count: usize,
+    replaced_count: usize,
+    message: String,
+) {
+    let _ = tx
+        .send(Event::PurgeCompleted {
+            messages_before,
+            messages_after,
+            removed_count,
+            replaced_count,
+            message,
+        })
+        .await;
+}
+
+/// Emit a `PurgeFailed` event to the UI.
+pub async fn emit_purge_failed(tx: &Sender<Event>, message: String) {
+    let _ = tx.send(Event::PurgeFailed { message }).await;
+}
+
+// ── Prompt builder ──────────────────────────────────────────────────────────
+
+/// Build the purge request user message — a formatted listing of the current
+/// conversation with ephemeral sequential IDs.
+pub fn build_purge_prompt(messages: &[Message]) -> String {
+    let mut buf = String::with_capacity(messages.len().saturating_mul(256));
+    buf.push_str(PURGE_INSTRUCTIONS);
+
+    for (idx, msg) in messages.iter().enumerate() {
+        let msg_id = idx + 1; // 1‑based for the agent
+        if msg.role == "user" {
+            // User messages: always a single block — omit block index.
+            format_user_message(&mut buf, msg_id, msg);
+        } else {
+            // Assistant messages: may be multi‑block — show block indices.
+            let _ = writeln!(buf, "[{msg_id}] {role}", role = msg.role);
+            for (blk_idx, block) in msg.content.iter().enumerate() {
+                format_content_block(&mut buf, blk_idx, block);
+            }
+            buf.push('\n');
+        }
+    }
+
+    buf
+}
+
+fn format_user_message(buf: &mut String, msg_id: usize, msg: &Message) {
+    let block = msg.content.first();
+    match block {
+        Some(ContentBlock::Text { text, .. }) => {
+            let snippet = truncate_str(text, TEXT_SNIPPET_CHARS);
+            let _ = writeln!(
+                buf,
+                "[{msg_id}] user  Text ({len} chars): \"{snippet}\"",
+                len = text.len()
+            );
+        }
+        Some(ContentBlock::ToolResult {
+            content,
+            tool_use_id,
+            ..
+        }) => {
+            let snippet = truncate_str(content, TOOL_RESULT_SNIPPET_CHARS);
+            let _ = writeln!(
+                buf,
+                "[{msg_id}] user  ToolResult (id={tool_use_id}, {len} chars): \"{snippet}\"",
+                len = content.len(),
+            );
+        }
+        _ => {
+            let _ = writeln!(buf, "[{msg_id}] user  (non‑text block)");
+        }
+    }
+}
+
+fn format_content_block(buf: &mut String, blk_idx: usize, block: &ContentBlock) {
+    match block {
+        ContentBlock::Text { text, .. } => {
+            let snippet = truncate_str(text, TEXT_SNIPPET_CHARS);
+            let _ = writeln!(
+                buf,
+                "  [{blk_idx}] Text ({len} chars): \"{snippet}\"",
+                len = text.len(),
+            );
+        }
+        ContentBlock::Thinking { .. } => {
+            // Omit thinking blocks — API-mandated on tool-call messages;
+            // the agent cannot remove them, so listing them only adds noise.
+        }
+        ContentBlock::ToolUse {
+            name, input, id, ..
+        } => {
+            let args = serde_json::to_string(input).unwrap_or_default();
+            let args_preview = truncate_str(&args, TOOL_USE_ARGS_CHARS);
+            let _ = writeln!(
+                buf,
+                "  [{blk_idx}] ToolUse ({name}, id={id}, args={args_preview})"
+            );
+        }
+        ContentBlock::ToolResult {
+            content,
+            tool_use_id,
+            ..
+        } => {
+            let snippet = truncate_str(content, TOOL_RESULT_SNIPPET_CHARS);
+            let _ = writeln!(
+                buf,
+                "  [{blk_idx}] ToolResult (id={tool_use_id}, {len} chars): \"{snippet}\"",
+                len = content.len(),
+            );
+        }
+        ContentBlock::ServerToolUse {
+            name, input, id, ..
+        } => {
+            let args = serde_json::to_string(input).unwrap_or_default();
+            let args_preview = truncate_str(&args, TOOL_USE_ARGS_CHARS);
+            let _ = writeln!(
+                buf,
+                "  [{blk_idx}] ServerToolUse ({name}, id={id}, args={args_preview})"
+            );
+        }
+        ContentBlock::ToolSearchToolResult {
+            tool_use_id,
+            content,
+            ..
+        } => {
+            let snippet = truncate_str(&content.to_string(), TOOL_RESULT_SNIPPET_CHARS);
+            let _ = writeln!(
+                buf,
+                "  [{blk_idx}] ToolSearchToolResult (id={tool_use_id}, content={snippet})"
+            );
+        }
+        ContentBlock::CodeExecutionToolResult {
+            tool_use_id,
+            content,
+            ..
+        } => {
+            let snippet = truncate_str(&content.to_string(), TOOL_RESULT_SNIPPET_CHARS);
+            let _ = writeln!(
+                buf,
+                "  [{blk_idx}] CodeExecutionToolResult (id={tool_use_id}, content={snippet})"
+            );
+        }
+    }
+}
+
+fn truncate_str(text: &str, max_chars: usize) -> String {
+    if text.chars().count() <= max_chars {
+        return text.to_string();
+    }
+    let take = max_chars.saturating_sub(3);
+    let mut out: String = text.chars().take(take).collect();
+    out.push_str("...");
+    out
+}
+
+// ── Operation parser ────────────────────────────────────────────────────────
+
+/// Parse the `purge_context` tool input JSON into a list of validated
+/// `PurgeOp`s. Returns an error string on invalid input.
+pub fn parse_purge_operations(
+    input: &serde_json::Value,
+    message_count: usize,
+) -> Result<Vec<PurgeOp>, String> {
+    let ops = input
+        .get("operations")
+        .and_then(|v| v.as_array())
+        .ok_or_else(|| "missing or invalid 'operations' array".to_string())?;
+
+    let mut parsed = Vec::with_capacity(ops.len());
+
+    for (i, op) in ops.iter().enumerate() {
+        let op_type = op
+            .get("op")
+            .and_then(|v| v.as_str())
+            .ok_or_else(|| format!("operation[{i}]: missing 'op' field"))?;
+
+        let msg = op
+            .get("msg")
+            .and_then(|v| v.as_u64())
+            .ok_or_else(|| format!("operation[{i}]: missing or invalid 'msg'"))?;
+
+        let msg_id = usize::try_from(msg).unwrap_or(usize::MAX);
+        if msg_id == 0 || msg_id > message_count {
+            return Err(format!(
+                "operation[{i}]: msg {msg} out of range (1–{message_count})"
+            ));
+        }
+
+        match op_type {
+            "remove" => {
+                parsed.push(PurgeOp::Remove { msg_id });
+            }
+            "replace" => {
+                let block_idx = op
+                    .get("block")
+                    .and_then(|v| v.as_u64())
+                    .map(|v| v as usize)
+                    .ok_or_else(|| format!("operation[{i}]: 'replace' requires 'block'"))?;
+
+                let pattern_str = op
+                    .get("pattern")
+                    .and_then(|v| v.as_str())
+                    .ok_or_else(|| format!("operation[{i}]: 'replace' requires 'pattern'"))?;
+
+                let with = op
+                    .get("with")
+                    .and_then(|v| v.as_str())
+                    .unwrap_or("")
+                    .to_string();
+
+                let pattern = Regex::new(pattern_str)
+                    .map_err(|e| format!("operation[{i}]: invalid regex pattern: {e}"))?;
+
+                parsed.push(PurgeOp::Replace {
+                    msg_id,
+                    block_idx,
+                    pattern,
+                    with,
+                });
+            }
+            other => {
+                return Err(format!(
+                    "operation[{i}]: unknown op '{other}' (expected 'remove' or 'replace')"
+                ));
+            }
+        }
+    }
+
+    Ok(parsed)
+}
+
+// ── Operation executor ──────────────────────────────────────────────────────
+
+/// Execute a list of purge operations against the message history.
+///
+/// Operations are processed in the order given but effective removal runs
+/// from highest index to lowest to keep earlier indices stable. After all
+/// user-requested operations, tool‑call/result pair cascading runs to
+/// prevent orphaned blocks.
+pub fn execute_purge_operations(messages: &[Message], ops: &[PurgeOp]) -> PurgeResult {
+    let mut msgs = messages.to_vec();
+    let mut msg_indices_to_remove: HashSet<usize> = HashSet::new();
+    let mut replaced_count = 0usize;
+
+    // Phase 1: collect removes and apply replaces.
+    for op in ops {
+        match op {
+            PurgeOp::Remove { msg_id } => {
+                let idx = msg_id.saturating_sub(1);
+                if idx < msgs.len() {
+                    msg_indices_to_remove.insert(idx);
+                }
+            }
+            PurgeOp::Replace {
+                msg_id,
+                block_idx,
+                pattern,
+                with,
+            } => {
+                let idx = msg_id.saturating_sub(1);
+                if idx >= msgs.len() {
+                    continue;
+                }
+                if let Some(block) = msgs[idx].content.get_mut(*block_idx) {
+                    let old_text = block_content_text(block).to_string();
+                    let new_text = pattern.replace_all(&old_text, with.as_str()).to_string();
+                    apply_block_replacement(block, &new_text);
+                    replaced_count = replaced_count.saturating_add(1);
+                }
+            }
+        }
+    }
+
+    // Phase 2: cascade removal to tool-call/result counterparts.
+    cascade_tool_pair_removals(&msgs, &mut msg_indices_to_remove);
+
+    // Phase 3: sort indices descending and remove.
+    let mut to_remove: Vec<usize> = msg_indices_to_remove.into_iter().collect();
+    to_remove.sort_unstable_by(|a, b| b.cmp(a));
+
+    let removed_count = to_remove.len();
+    for idx in to_remove {
+        msgs.remove(idx);
+    }
+
+    PurgeResult {
+        messages: msgs,
+        removed_count,
+        replaced_count,
+    }
+}
+
+/// When a message containing a ToolUse or ToolResult is marked for removal,
+/// cascade that removal to its counterpart so the API never sees orphaned
+/// blocks. Runs a fixpoint loop until the remove set is closed under pairing.
+fn cascade_tool_pair_removals(messages: &[Message], remove_set: &mut HashSet<usize>) {
+    if remove_set.is_empty() {
+        return;
+    }
+
+    // Build lookup maps: tool_use id → message index, tool_result id → message index.
+    let mut call_id_to_idx: HashMap<String, usize> = HashMap::new();
+    let mut result_id_to_idx: HashMap<String, usize> = HashMap::new();
+
+    for (idx, msg) in messages.iter().enumerate() {
+        for block in &msg.content {
+            match block {
+                ContentBlock::ToolUse { id, .. } => {
+                    call_id_to_idx.insert(id.clone(), idx);
+                }
+                ContentBlock::ToolResult { tool_use_id, .. } => {
+                    result_id_to_idx.insert(tool_use_id.clone(), idx);
+                }
+                _ => {}
+            }
+        }
+    }
+
+    // Fixpoint: when a tool-call is removed, also remove its result (and vice versa).
+    let max_iters = messages.len().max(10);
+    for _ in 0..max_iters {
+        let snapshot: Vec<usize> = remove_set.iter().copied().collect();
+        let mut changed = false;
+
+        for idx in snapshot {
+            let msg = &messages[idx];
+            for block in &msg.content {
+                match block {
+                    ContentBlock::ToolUse { id, .. } => {
+                        if let Some(&result_idx) = result_id_to_idx.get(id)
+                            && remove_set.insert(result_idx)
+                        {
+                            changed = true;
+                        }
+                    }
+                    ContentBlock::ToolResult { tool_use_id, .. } => {
+                        if let Some(&call_idx) = call_id_to_idx.get(tool_use_id)
+                            && remove_set.insert(call_idx)
+                        {
+                            changed = true;
+                        }
+                    }
+                    _ => {}
+                }
+            }
+        }
+
+        if !changed {
+            break;
+        }
+    }
+}
+
+fn block_content_text(block: &ContentBlock) -> &str {
+    match block {
+        ContentBlock::Text { text, .. } => text,
+        ContentBlock::ToolResult { content, .. } => content,
+        _ => "",
+    }
+}
+
+fn apply_block_replacement(block: &mut ContentBlock, new_text: &str) {
+    match block {
+        ContentBlock::Text { text, .. } => {
+            *text = new_text.to_string();
+        }
+        ContentBlock::ToolResult { content, .. } => {
+            *content = new_text.to_string();
+        }
+        _ => {}
+    }
+}
+
+// ── Tool definition builder ──────────────────────────────────────────────────
+
+/// Build the `purge_context` tool definition sent to the model during a purge
+/// turn. This tool is ad-hoc — it is not registered in the normal tool catalog
+/// and has no dispatch handler.
+pub fn build_purge_tool() -> Tool {
+    Tool {
+        tool_type: None,
+        name: "purge_context".to_string(),
+        description: "Remove or condense conversation history to free context window space."
+            .to_string(),
+        input_schema: serde_json::json!({
+            "type": "object",
+            "properties": {
+                "operations": {
+                    "type": "array",
+                    "items": {
+                        "type": "object",
+                        "properties": {
+                            "op": {"type": "string", "enum": ["remove", "replace"]},
+                            "msg": {"type": "integer"},
+                            "block": {"type": "integer"},
+                            "pattern": {"type": "string"},
+                            "with": {"type": "string"}
+                        },
+                        "required": ["op", "msg"]
+                    }
+                }
+            },
+            "required": ["operations"]
+        }),
+        allowed_callers: None,
+        defer_loading: None,
+        input_examples: None,
+        strict: Some(true),
+        cache_control: None,
+    }
+}
+
+// ── Orchestration ────────────────────────────────────────────────────────────
+
+/// Run a full purge cycle: build the prompt, call the model with the
+/// `purge_context` tool, parse the response, and execute the operations.
+///
+/// Returns the `PurgeResult` with the modified message list on success,
+/// or a human-readable error string on failure.
+///
+/// Cost reporting is handled internally as a side-effect of the API call.
+/// The caller is responsible for emitting start/completed/failed events
+/// and for replacing the session message list with `PurgeResult.messages`.
+pub async fn run_purge(
+    client: &impl LlmClient,
+    messages: &[Message],
+    model: &str,
+    reasoning_effort: Option<String>,
+    max_tokens: u32,
+) -> Result<PurgeResult, String> {
+    // 1. Build the purge prompt from the current conversation.
+    let prompt = build_purge_prompt(messages);
+
+    // 2. Clone messages and inject the prompt as a user message.
+    let mut request_messages = messages.to_vec();
+    request_messages.push(Message {
+        role: "user".to_string(),
+        content: vec![ContentBlock::Text {
+            text: prompt,
+            cache_control: None,
+        }],
+    });
+
+    // 3. Build the tool definition and the request.
+    let purge_tool = build_purge_tool();
+    let request = MessageRequest {
+        model: model.to_string(),
+        messages: request_messages,
+        max_tokens,
+        system: None,
+        tools: Some(vec![purge_tool]),
+        tool_choice: None,
+        metadata: None,
+        thinking: None,
+        reasoning_effort,
+        stream: Some(false),
+        temperature: Some(0.2),
+        top_p: None,
+    };
+
+    // 4. Send to the model.
+    let response = client
+        .create_message(request)
+        .await
+        .map_err(|e| format!("Purge API error: {e}"))?;
+
+    crate::cost_status::report(&response.model, &response.usage);
+
+    // 5. Find the `purge_context` tool call in the response.
+    let tool_input = response.content.iter().find_map(|block| {
+        if let ContentBlock::ToolUse { name, input, .. } = block
+            && name == "purge_context"
+        {
+            return Some(input.clone());
+        }
+        None
+    });
+
+    match tool_input {
+        Some(input) => {
+            let ops = parse_purge_operations(&input, messages.len())
+                .map_err(|e| format!("Purge parse error: {e}"))?;
+            Ok(execute_purge_operations(messages, &ops))
+        }
+        None => Err("Purge: model did not call purge_context tool".to_string()),
+    }
+}
+
+// ── Tests ───────────────────────────────────────────────────────────────────
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use serde_json::json;
+
+    fn msg_text(role: &str, text: &str) -> Message {
+        Message {
+            role: role.to_string(),
+            content: vec![ContentBlock::Text {
+                text: text.to_string(),
+                cache_control: None,
+            }],
+        }
+    }
+
+    fn msg_tool_use(id: &str, name: &str, input: serde_json::Value) -> Message {
+        Message {
+            role: "assistant".to_string(),
+            content: vec![ContentBlock::ToolUse {
+                id: id.to_string(),
+                name: name.to_string(),
+                input,
+                caller: None,
+            }],
+        }
+    }
+
+    fn msg_tool_result(id: &str, content: &str) -> Message {
+        Message {
+            role: "user".to_string(),
+            content: vec![ContentBlock::ToolResult {
+                tool_use_id: id.to_string(),
+                content: content.to_string(),
+                is_error: None,
+                content_blocks: None,
+            }],
+        }
+    }
+
+    #[test]
+    fn parse_remove_operations() {
+        let input = json!({
+            "operations": [
+                {"op": "remove", "msg": 1},
+                {"op": "remove", "msg": 3}
+            ]
+        });
+        let ops = parse_purge_operations(&input, 5).unwrap();
+        assert_eq!(ops.len(), 2);
+        assert!(matches!(ops[0], PurgeOp::Remove { msg_id: 1 }));
+        assert!(matches!(ops[1], PurgeOp::Remove { msg_id: 3 }));
+    }
+
+    #[test]
+    fn parse_replace_operation() {
+        let input = json!({
+            "operations": [
+                {"op": "replace", "msg": 2, "block": 0, "pattern": "hello", "with": "hi"}
+            ]
+        });
+        let ops = parse_purge_operations(&input, 5).unwrap();
+        assert_eq!(ops.len(), 1);
+        assert!(matches!(ops[0], PurgeOp::Replace { msg_id: 2, .. }));
+    }
+
+    #[test]
+    fn parse_rejects_out_of_range_msg() {
+        let input = json!({"operations": [{"op": "remove", "msg": 10}]});
+        assert!(parse_purge_operations(&input, 5).is_err());
+    }
+
+    #[test]
+    fn parse_rejects_invalid_regex() {
+        let input = json!({
+            "operations": [{"op": "replace", "msg": 1, "block": 0, "pattern": "[", "with": "x"}]
+        });
+        assert!(parse_purge_operations(&input, 5).is_err());
+    }
+
+    #[test]
+    fn execute_remove_works() {
+        let msgs = vec![
+            msg_text("user", "hello"),
+            msg_text("assistant", "hi there"),
+            msg_text("user", "bye"),
+        ];
+        let ops = vec![PurgeOp::Remove { msg_id: 2 }];
+        let result = execute_purge_operations(&msgs, &ops);
+        assert_eq!(result.removed_count, 1);
+        assert_eq!(result.messages.len(), 2);
+    }
+
+    #[test]
+    fn execute_replace_text_block() {
+        let msgs = vec![msg_text("assistant", "Hello world! Hello again!")];
+        let pattern = Regex::new("Hello").unwrap();
+        let ops = vec![PurgeOp::Replace {
+            msg_id: 1,
+            block_idx: 0,
+            pattern,
+            with: "Hi".to_string(),
+        }];
+        let result = execute_purge_operations(&msgs, &ops);
+        assert_eq!(result.replaced_count, 1);
+
+        if let ContentBlock::Text { text, .. } = &result.messages[0].content[0] {
+            assert_eq!(text, "Hi world! Hi again!");
+        } else {
+            panic!("expected text block");
+        }
+    }
+
+    #[test]
+    fn tool_call_result_pairing_cascaded() {
+        // Message 2 (idx 1) is a tool call. Message 3 (idx 2) is its result.
+        // Removing the tool call should cascade to remove the result too.
+        let msgs = vec![
+            msg_text("user", "read a file"),
+            msg_tool_use("call_01", "read_file", json!({"path": "x.rs"})),
+            msg_tool_result("call_01", "fn main() {}"),
+        ];
+        let ops = vec![PurgeOp::Remove { msg_id: 2 }]; // remove tool call only
+        let result = execute_purge_operations(&msgs, &ops);
+        // Both tool call and its result should be gone (cascaded).
+        assert_eq!(
+            result.removed_count, 2,
+            "tool call + its result should both be removed"
+        );
+        assert_eq!(result.messages.len(), 1);
+    }
+
+    #[test]
+    fn tool_result_removal_cascades_to_call() {
+        // Removing the result should cascade to remove the call.
+        let msgs = vec![
+            msg_text("user", "read a file"),
+            msg_tool_use("call_01", "read_file", json!({"path": "x.rs"})),
+            msg_tool_result("call_01", "fn main() {}"),
+        ];
+        let ops = vec![PurgeOp::Remove { msg_id: 3 }]; // remove result only
+        let result = execute_purge_operations(&msgs, &ops);
+        assert_eq!(
+            result.removed_count, 2,
+            "tool result + its call should both be removed"
+        );
+        assert_eq!(result.messages.len(), 1);
+    }
+
+    #[test]
+    fn prompt_truncates_long_content() {
+        let long_text = "x".repeat(200);
+        let msgs = vec![msg_text("user", &long_text)];
+        let prompt = build_purge_prompt(&msgs);
+        assert!(prompt.contains("(200 chars)"));
+        assert!(prompt.contains("xxx...")); // truncated
+        assert!(!prompt.contains(&long_text));
+    }
+
+    #[test]
+    fn prompt_shows_full_short_content() {
+        let msgs = vec![msg_text("user", "hi")];
+        let prompt = build_purge_prompt(&msgs);
+        assert!(prompt.contains("\"hi\""));
+        assert!(!prompt.contains("..."));
+    }
+
+    #[test]
+    fn prompt_omits_thinking_blocks() {
+        let msgs = vec![Message {
+            role: "assistant".to_string(),
+            content: vec![
+                ContentBlock::Thinking {
+                    thinking: "let me think...".to_string(),
+                },
+                ContentBlock::Text {
+                    text: "done".to_string(),
+                    cache_control: None,
+                },
+            ],
+        }];
+        let prompt = build_purge_prompt(&msgs);
+        assert!(!prompt.contains("let me think"));
+        assert!(prompt.contains("Text (4 chars)"));
+    }
+
+    #[test]
+    fn build_purge_tool_has_correct_shape() {
+        let tool = build_purge_tool();
+        assert_eq!(tool.name, "purge_context");
+        let schema = &tool.input_schema;
+        assert_eq!(schema["type"], "object");
+        assert!(schema["properties"]["operations"]["type"] == "array");
+        let ops_item = &schema["properties"]["operations"]["items"];
+        assert_eq!(ops_item["type"], "object");
+        let required = ops_item["required"].as_array().unwrap();
+        assert!(required.contains(&json!("op")));
+        assert!(required.contains(&json!("msg")));
+    }
+
+    use crate::llm_client::mock::MockLlmClient;
+    use crate::models::{MessageResponse, Usage};
+
+    fn msg_response_with_tool_call(operations: serde_json::Value) -> MessageResponse {
+        MessageResponse {
+            id: "resp_test".to_string(),
+            r#type: "message".to_string(),
+            role: "assistant".to_string(),
+            content: vec![ContentBlock::ToolUse {
+                id: "call_purge".to_string(),
+                name: "purge_context".to_string(),
+                input: json!({"operations": operations}),
+                caller: None,
+            }],
+            model: "mock-model".to_string(),
+            stop_reason: None,
+            stop_sequence: None,
+            container: None,
+            usage: Usage::default(),
+        }
+    }
+
+    fn msg_response_without_tool_call(text: &str) -> MessageResponse {
+        MessageResponse {
+            id: "resp_plain".to_string(),
+            r#type: "message".to_string(),
+            role: "assistant".to_string(),
+            content: vec![ContentBlock::Text {
+                text: text.to_string(),
+                cache_control: None,
+            }],
+            model: "mock".to_string(),
+            stop_reason: None,
+            stop_sequence: None,
+            container: None,
+            usage: Usage::default(),
+        }
+    }
+
+    #[tokio::test]
+    async fn run_purge_removes_message() {
+        let mock = MockLlmClient::new(vec![]);
+        mock.push_message_response(msg_response_with_tool_call(json!([
+            {"op": "remove", "msg": 2}
+        ])));
+
+        let messages = vec![
+            msg_text("user", "hello"),
+            msg_text("assistant", "remove me"),
+            msg_text("user", "bye"),
+        ];
+
+        let result = run_purge(&mock, &messages, "mock", None, 4096)
+            .await
+            .unwrap();
+        assert_eq!(result.removed_count, 1);
+        assert_eq!(result.replaced_count, 0);
+        assert_eq!(result.messages.len(), 2);
+
+        if let ContentBlock::Text { text, .. } = &result.messages[0].content[0] {
+            assert_eq!(text, "hello");
+        } else {
+            panic!(
+                "expected text block, got {:?}",
+                &result.messages[0].content[0]
+            );
+        }
+        if let ContentBlock::Text { text, .. } = &result.messages[1].content[0] {
+            assert_eq!(text, "bye");
+        } else {
+            panic!(
+                "expected text block, got {:?}",
+                &result.messages[1].content[0]
+            );
+        }
+    }
+
+    #[tokio::test]
+    async fn run_purge_replace_condenses_text() {
+        let mock = MockLlmClient::new(vec![]);
+        mock.push_message_response(msg_response_with_tool_call(json!([
+            {"op": "replace", "msg": 1, "block": 0, "pattern": "very long and verbose", "with": "short"}
+        ])));
+
+        let messages = vec![msg_text("assistant", "this is very long and verbose text")];
+
+        let result = run_purge(&mock, &messages, "mock", None, 4096)
+            .await
+            .unwrap();
+        assert_eq!(result.removed_count, 0);
+        assert_eq!(result.replaced_count, 1);
+
+        if let ContentBlock::Text { text, .. } = &result.messages[0].content[0] {
+            assert_eq!(text, "this is short text");
+        } else {
+            panic!(
+                "expected text block, got {:?}",
+                &result.messages[0].content[0]
+            );
+        }
+    }
+
+    #[tokio::test]
+    async fn run_purge_errors_when_no_tool_call() {
+        let mock = MockLlmClient::new(vec![]);
+        mock.push_message_response(msg_response_without_tool_call("nothing to clean up"));
+
+        let messages = vec![msg_text("user", "hi")];
+        let err = run_purge(&mock, &messages, "mock", None, 4096)
+            .await
+            .unwrap_err();
+        assert!(err.contains("did not call purge_context"));
+    }
+
+    #[tokio::test]
+    async fn run_purge_errors_on_api_failure() {
+        // No canned response — MockLlmClient returns an error.
+        let mock = MockLlmClient::new(vec![]);
+        let messages = vec![msg_text("user", "hi")];
+        let err = run_purge(&mock, &messages, "mock", None, 4096)
+            .await
+            .unwrap_err();
+        assert!(err.contains("Purge API error"));
+    }
+}
diff --git a/crates/tui/src/tui/app.rs b/crates/tui/src/tui/app.rs
index 208c5c66..0978c6f2 100644
--- a/crates/tui/src/tui/app.rs
+++ b/crates/tui/src/tui/app.rs
@@ -1444,6 +1444,8 @@ pub struct App {
     pub thinking_started_at: Option<Instant>,
     /// Whether context compaction is currently in progress.
     pub is_compacting: bool,
+    /// Whether context purge is currently in progress.
+    pub is_purging: bool,
     /// Set when the user scrolls up/down during a streaming turn so subsequent
     /// streamed chunks don't yank the view back to the live tail. Cleared
     /// when the user explicitly returns to bottom or the turn completes.
@@ -2022,6 +2024,7 @@ impl App {
             needs_redraw: true,
             thinking_started_at: None,
             is_compacting: false,
+            is_purging: false,
             user_scrolled_during_stream: false,
             coherence_state: CoherenceState::default(),
             last_send_at: None,
@@ -4765,6 +4768,7 @@ pub enum AppAction {
     UpdateCompaction(CompactionConfig),
     OpenContextInspector,
     CompactContext,
+    PurgeContext,
     TaskAdd {
         prompt: String,
     },
diff --git a/crates/tui/src/tui/footer_ui.rs b/crates/tui/src/tui/footer_ui.rs
index 9ec3ac83..a3af6647 100644
--- a/crates/tui/src/tui/footer_ui.rs
+++ b/crates/tui/src/tui/footer_ui.rs
@@ -167,7 +167,11 @@ pub(crate) fn stall_reason(app: &App) -> Option<&'static str> {
 /// though the agent is still working.
 pub(crate) fn footer_working_strip_active(app: &App) -> bool {
     let turn_in_progress = app.runtime_turn_status.as_deref() == Some("in_progress");
-    app.is_loading || app.is_compacting || running_agent_count(app) > 0 || turn_in_progress
+    app.is_loading
+        || app.is_compacting
+        || app.is_purging
+        || running_agent_count(app) > 0
+        || turn_in_progress
 }
 
 pub(crate) fn footer_working_label_frame(now_ms: u64, fancy_animations: bool) -> u64 {
@@ -811,6 +815,9 @@ pub(crate) fn footer_state_label(app: &App) -> (&'static str, ratatui::style::Co
     if app.is_compacting {
         return ("compacting \u{238B}", app.ui_theme.status_warning);
     }
+    if app.is_purging {
+        return ("purging \u{238B}", app.ui_theme.status_warning);
+    }
     // Note: we deliberately do NOT show a "thinking" label for `is_loading`.
     // The animated water-spout strip in the footer's spacer is the visual
     // signal that the model is live; "thinking" was misleading because it
diff --git a/crates/tui/src/tui/ui.rs b/crates/tui/src/tui/ui.rs
index 4e8c2463..fc1ba6d6 100644
--- a/crates/tui/src/tui/ui.rs
+++ b/crates/tui/src/tui/ui.rs
@@ -1708,7 +1708,7 @@ async fn run_event_loop(
                         }
                         app.update_model_compaction_budget();
                         app.workspace = workspace;
-                        if (app.is_loading || app.is_compacting)
+                        if (app.is_loading || app.is_compacting || app.is_purging)
                             && let Ok(manager) = SessionManager::default_location()
                         {
                             let session = build_session_snapshot(app, &manager);
@@ -1744,6 +1744,18 @@ async fn run_event_loop(
                         app.is_compacting = false;
                         app.status_message = Some(message);
                     }
+                    EngineEvent::PurgeStarted { message } => {
+                        app.is_purging = true;
+                        app.status_message = Some(message);
+                    }
+                    EngineEvent::PurgeCompleted { message, .. } => {
+                        app.is_purging = false;
+                        app.status_message = Some(message);
+                    }
+                    EngineEvent::PurgeFailed { message } => {
+                        app.is_purging = false;
+                        app.status_message = Some(message);
+                    }
                     EngineEvent::CycleAdvanced { from, to, briefing } => {
                         // Mirror the engine-side counter on the UI app state
                         // so the sidebar / slash commands stay in sync, and
@@ -2161,7 +2173,7 @@ async fn run_event_loop(
         if reconcile_turn_liveness(app, Instant::now(), has_running_agents) {
             app.needs_redraw = true;
         }
-        if (app.is_loading || has_running_agents || app.is_compacting)
+        if (app.is_loading || has_running_agents || app.is_compacting || app.is_purging)
             && last_status_frame.elapsed()
                 >= Duration::from_millis(status_animation_interval_ms(app))
         {
@@ -2223,7 +2235,7 @@ async fn run_event_loop(
         // long passage can be selected in one drag (#1163).
         tick_selection_autoscroll(app);
         let allow_workspace_context_refresh =
-            !app.is_loading && !has_running_agents && !app.is_compacting;
+            !app.is_loading && !has_running_agents && !app.is_compacting && !app.is_purging;
         workspace_context::refresh_if_needed(app, now, allow_workspace_context_refresh);
 
         // Draw is gated by the frame-rate limiter (120 FPS cap). When a
@@ -2255,11 +2267,12 @@ async fn run_event_loop(
             app.needs_redraw = false;
         }
 
-        let mut poll_timeout = if app.is_loading || has_running_agents || app.is_compacting {
-            Duration::from_millis(active_poll_ms(app))
-        } else {
-            Duration::from_millis(idle_poll_ms(app))
-        };
+        let mut poll_timeout =
+            if app.is_loading || has_running_agents || app.is_compacting || app.is_purging {
+                Duration::from_millis(active_poll_ms(app))
+            } else {
+                Duration::from_millis(idle_poll_ms(app))
+            };
         if let Some(until_flush) = app.paste_burst_next_flush_delay_if_enabled(now) {
             poll_timeout = poll_timeout.min(until_flush);
         }
@@ -3941,6 +3954,7 @@ fn reconcile_turn_liveness(app: &mut App, now: Instant, has_running_agents: bool
         && app.runtime_turn_status.is_none()
         && !has_running_agents
         && !app.is_compacting
+        && !app.is_purging
         && app.dispatch_started_at.is_some_and(|started| {
             now.saturating_duration_since(started) > DISPATCH_WATCHDOG_TIMEOUT
         })
@@ -3962,6 +3976,7 @@ fn reconcile_turn_liveness(app: &mut App, now: Instant, has_running_agents: bool
         )
         && !has_running_agents
         && !app.is_compacting
+        && !app.is_purging
     {
         app.is_loading = false;
         app.dispatch_started_at = None;
@@ -5082,6 +5097,10 @@ async fn apply_command_result(
                 app.status_message = Some("Compacting context...".to_string());
                 let _ = engine_handle.send(Op::CompactContext).await;
             }
+            AppAction::PurgeContext => {
+                app.status_message = Some("Agent purging context...".to_string());
+                let _ = engine_handle.send(Op::PurgeContext).await;
+            }
             AppAction::TaskAdd { prompt } => {
                 let request = NewTaskRequest {
                     prompt: prompt.clone(),
diff --git a/crates/tui/src/tui/widgets/mod.rs b/crates/tui/src/tui/widgets/mod.rs
index 4ab2cc84..7425a516 100644
--- a/crates/tui/src/tui/widgets/mod.rs
+++ b/crates/tui/src/tui/widgets/mod.rs
@@ -1924,7 +1924,7 @@ fn composer_top_right_chrome(app: &App, area_width: u16) -> Option<Line<'static>
 }
 
 fn should_render_empty_state(app: &App) -> bool {
-    app.history.is_empty() && !app.is_loading && !app.is_compacting
+    app.history.is_empty() && !app.is_loading && !app.is_compacting && !app.is_purging
 }
 
 fn build_empty_state_lines(app: &App, area: Rect) -> Vec<Line<'static>> {
diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md
index b77394c3..ac2e9f13 100644
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -174,6 +174,7 @@ drives turns through Chat Completions.
 - **`utils.rs`** - Common utilities
 - **`logging.rs`** - Logging infrastructure
 - **`compaction.rs`** - Context compaction for long conversations
+- **`purge.rs`** - Agent-driven context purging (surgical message removal/rewriting)
 - **`pricing.rs`** - Cost estimation
 - **`prompts.rs`** - System prompt templates
 - **`project_doc.rs`** - Project documentation handling
@@ -241,7 +242,8 @@ ordinary durable tasks.
 3. Engine events are mapped to item lifecycle events (`item.started|item.delta|item.completed`)
 4. Interrupt/steer operations apply to the active turn only
 5. Compaction (auto/manual) is emitted as `context_compaction` item lifecycle
-6. Clients replay history and resume with `/v1/threads/{id}/events?since_seq=<n>`
+6. Purge (agent-driven) is emitted as `context_purge` item lifecycle
+7. Clients replay history and resume with `/v1/threads/{id}/events?since_seq=<n>`
 
 ### Durable Schema Gates
 

From 08f40be7677af4655f9edfb6c7b9144dafad7ca1 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 22:56:11 -0700
Subject: [PATCH 277/283] fix: harden hunt verdict handling

---
 crates/tui/src/commands/goal.rs | 165 ++++++++++++++++++++++----------
 crates/tui/src/commands/mod.rs  |  10 +-
 2 files changed, 119 insertions(+), 56 deletions(-)

diff --git a/crates/tui/src/commands/goal.rs b/crates/tui/src/commands/goal.rs
index 17f3c28a..bb07c5b5 100644
--- a/crates/tui/src/commands/goal.rs
+++ b/crates/tui/src/commands/goal.rs
@@ -16,29 +16,9 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
             app.hunt.verdict = HuntVerdict::default();
             CommandResult::message("Hunt cleared.")
         }
-        Some("done") | Some("complete") | Some("hunted") => {
-            let prev = app.hunt.verdict;
-            app.hunt.verdict = HuntVerdict::Hunted;
-            let elapsed = app
-                .hunt
-                .started_at
-                .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
-                .unwrap_or_else(|| "unknown".to_string());
-            if prev != HuntVerdict::Hunted {
-                write_trophy_card(app);
-            }
-            CommandResult::message(format!("Hunt complete! Elapsed: {elapsed}"))
-        }
-        Some("wound") | Some("wounded") => {
-            app.hunt.verdict = HuntVerdict::Wounded;
-            write_trophy_card(app);
-            CommandResult::message("Hunt wounded — progress saved, can be resumed.")
-        }
-        Some("escape") | Some("escaped") => {
-            app.hunt.verdict = HuntVerdict::Escaped;
-            write_trophy_card(app);
-            CommandResult::message("Hunt escaped — quarry abandoned.")
-        }
+        Some("done") | Some("complete") | Some("hunted") => close_hunt(app, HuntVerdict::Hunted),
+        Some("wound") | Some("wounded") => close_hunt(app, HuntVerdict::Wounded),
+        Some("escape") | Some("escaped") => close_hunt(app, HuntVerdict::Escaped),
         Some(text) if !text.is_empty() => {
             let (objective, budget) = parse_hunt_budget(text);
             if objective.is_empty() || objective.chars().all(|c| c == '|') {
@@ -98,6 +78,37 @@ pub fn hunt(app: &mut App, arg: Option<&str>) -> CommandResult {
     }
 }
 
+fn close_hunt(app: &mut App, verdict: HuntVerdict) -> CommandResult {
+    if app.hunt.quarry.as_deref().is_none_or(str::is_empty) {
+        return CommandResult::error("No hunt set. Use /hunt <quarry> [budget: N] first.");
+    }
+
+    let prev = app.hunt.verdict;
+    let should_write_trophy = prev != verdict || !matches!(verdict, HuntVerdict::Hunted);
+    if should_write_trophy {
+        if let Err(err) = write_trophy_card(app, verdict) {
+            return CommandResult::error(err);
+        }
+    }
+    app.hunt.verdict = verdict;
+
+    match verdict {
+        HuntVerdict::Hunted => {
+            let elapsed = app
+                .hunt
+                .started_at
+                .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
+                .unwrap_or_else(|| "unknown".to_string());
+            CommandResult::message(format!("Hunt complete! Elapsed: {elapsed}"))
+        }
+        HuntVerdict::Wounded => {
+            CommandResult::message("Hunt wounded — progress saved, can be resumed.")
+        }
+        HuntVerdict::Escaped => CommandResult::message("Hunt escaped — quarry abandoned."),
+        HuntVerdict::Hunting => CommandResult::message("Hunt resumed."),
+    }
+}
+
 /// Parse text like "Implement login | budget: 50000" into (objective, budget).
 fn parse_hunt_budget(text: &str) -> (String, Option<u32>) {
     if let Some((obj, rest)) = text.split_once(" | budget:") {
@@ -118,10 +129,13 @@ fn parse_hunt_budget(text: &str) -> (String, Option<u32>) {
 }
 
 /// Write a trophy card to `~/.codewhale/trophies/<date>-<time>-<slug>.md`
-/// for the current hunt verdict (#2092). Returns `None` when no quarry is
-/// set (nothing to write).
-fn write_trophy_card(app: &App) -> Option<std::path::PathBuf> {
-    let quarry = app.hunt.quarry.as_deref()?;
+/// for the current hunt verdict (#2092).
+fn write_trophy_card(app: &App, verdict: HuntVerdict) -> Result<std::path::PathBuf, String> {
+    let quarry = app
+        .hunt
+        .quarry
+        .as_deref()
+        .ok_or_else(|| "No hunt set. Use /hunt <quarry> [budget: N] first.".to_string())?;
     // Collapse consecutive non-alphanumeric chars into a single '-'
     let mut slug = String::new();
     let mut last_dash = false;
@@ -136,18 +150,19 @@ fn write_trophy_card(app: &App) -> Option<std::path::PathBuf> {
     }
     let slug = slug.trim_matches('-');
     if slug.is_empty() {
-        return None;
+        return Err(
+            "Cannot write trophy card: hunt quarry has no filename-safe characters.".into(),
+        );
     }
     let now = chrono::Local::now();
     let time = now.format("%H%M%S");
     let date = now.format("%Y-%m-%d");
-    let dir = match codewhale_config::resolve_state_dir("trophies") {
-        Ok(d) => d,
-        Err(_) => return None,
-    };
-    if let Err(_e) = std::fs::create_dir_all(&dir) {
-        return None;
-    }
+    let date_str = date.to_string();
+    let now_str = now.to_string();
+    let dir = codewhale_config::resolve_state_dir("trophies")
+        .map_err(|err| format!("Could not resolve trophy directory: {err}"))?;
+    std::fs::create_dir_all(&dir)
+        .map_err(|err| format!("Could not create trophy directory {}: {err}", dir.display()))?;
     // Include time in filename to avoid collisions on same-date hunts.
     let filename = format!("{date}-{time}-{slug}.md");
     let path = dir.join(&filename);
@@ -158,7 +173,7 @@ fn write_trophy_card(app: &App) -> Option<std::path::PathBuf> {
         .as_ref()
         .map(|t| crate::tui::notifications::humanize_duration(t.elapsed()))
         .unwrap_or_else(|| "unknown".to_string());
-    let verdict_str = match app.hunt.verdict {
+    let verdict_str = match verdict {
         HuntVerdict::Hunting => "hunting",
         HuntVerdict::Hunted => "hunted",
         HuntVerdict::Wounded => "wounded",
@@ -171,22 +186,46 @@ fn write_trophy_card(app: &App) -> Option<std::path::PathBuf> {
         .map(|b| format!("{b}"))
         .unwrap_or_else(|| "—".to_string());
 
-    let mut f = match std::fs::File::create(&path) {
-        Ok(f) => f,
-        Err(_) => return None,
-    };
-    let _ = writeln!(f, "# Trophy: {quarry}");
-    let _ = writeln!(f);
-    let _ = writeln!(f, "- **Verdict**: {verdict_str}");
-    let _ = writeln!(f, "- **Date**: {date}");
-    let _ = writeln!(f, "- **Elapsed**: {elapsed}");
-    let _ = writeln!(f, "- **Tokens used**: {tokens}");
-    let _ = writeln!(f, "- **Token budget**: {budget_str}");
-    let _ = writeln!(f);
-    let _ = writeln!(f, "_Generated by CodeWhale `/hunt` — {now}_");
-    drop(f);
+    let mut f = std::fs::File::create(&path)
+        .map_err(|err| format!("Could not create trophy card {}: {err}", path.display()))?;
+    write_trophy_card_contents(
+        &mut f,
+        TrophyCard {
+            quarry,
+            verdict: verdict_str,
+            date: &date_str,
+            elapsed: &elapsed,
+            tokens,
+            budget: &budget_str,
+            now: &now_str,
+        },
+    )
+    .map_err(|err| format!("Could not write trophy card {}: {err}", path.display()))?;
 
-    Some(path)
+    Ok(path)
+}
+
+struct TrophyCard<'a> {
+    quarry: &'a str,
+    verdict: &'a str,
+    date: &'a str,
+    elapsed: &'a str,
+    tokens: u32,
+    budget: &'a str,
+    now: &'a str,
+}
+
+fn write_trophy_card_contents(mut f: impl Write, card: TrophyCard<'_>) -> std::io::Result<()> {
+    writeln!(f, "# Trophy: {}", card.quarry)?;
+    writeln!(f)?;
+    writeln!(f, "- **Verdict**: {}", card.verdict)?;
+    writeln!(f, "- **Date**: {}", card.date)?;
+    writeln!(f, "- **Elapsed**: {}", card.elapsed)?;
+    writeln!(f, "- **Tokens used**: {}", card.tokens)?;
+    writeln!(f, "- **Token budget**: {}", card.budget)?;
+    writeln!(f)?;
+    writeln!(f, "_Generated by CodeWhale `/hunt` — {}_", card.now)?;
+    Ok(())
 }
 
 #[cfg(test)]
@@ -276,6 +315,30 @@ mod tests {
         assert!(app.hunt.token_budget.is_none());
     }
 
+    #[test]
+    fn test_verdict_requires_existing_hunt() {
+        let mut app = create_test_app();
+
+        let result = hunt(&mut app, Some("wounded"));
+
+        assert!(result.is_error);
+        assert_eq!(app.hunt.verdict, HuntVerdict::Hunting);
+        assert!(app.hunt.quarry.is_none());
+    }
+
+    #[test]
+    fn test_failed_trophy_write_does_not_mutate_verdict() {
+        let mut app = create_test_app();
+        app.hunt.quarry = Some("!!!".to_string());
+        app.hunt.verdict = HuntVerdict::Hunting;
+
+        let result = hunt(&mut app, Some("escaped"));
+
+        assert!(result.is_error);
+        assert_eq!(app.hunt.verdict, HuntVerdict::Hunting);
+        assert_eq!(app.hunt.quarry.as_deref(), Some("!!!"));
+    }
+
     #[test]
     fn test_show_hunt_when_none() {
         let mut app = create_test_app();
diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index 74487414..ada7e920 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -826,11 +826,11 @@ fn build_relay_instruction(app: &App, focus: Option<&str>) -> String {
     if let Some(focus) = focus {
         let _ = writeln!(out, "- Requested relay focus: {focus}");
     }
-    if let Some(goal) = app.hunt.quarry.as_deref() {
-        let _ = writeln!(out, "- Goal: {goal}");
+    if let Some(quarry) = app.hunt.quarry.as_deref() {
+        let _ = writeln!(out, "- Hunt quarry: {quarry}");
     }
     if let Some(budget) = app.hunt.token_budget {
-        let _ = writeln!(out, "- Goal token budget: {budget}");
+        let _ = writeln!(out, "- Hunt token budget: {budget}");
     }
     if app.cycle_count > 0 {
         let _ = writeln!(out, "- Cycle count: {}", app.cycle_count);
@@ -1200,8 +1200,8 @@ mod tests {
         assert!(message.contains("Write or update `.deepseek/handoff.md`"));
         assert!(message.contains("# Session relay"));
         assert!(message.contains("Requested relay focus: verify install"));
-        assert!(message.contains("Goal: Unify the work surface"));
-        assert!(message.contains("Goal token budget: 12000"));
+        assert!(message.contains("Hunt quarry: Unify the work surface"));
+        assert!(message.contains("Hunt token budget: 12000"));
         assert!(message.contains("Cycle count: 2"));
         assert!(message.contains("Work checklist (primary progress surface, 50% complete)"));
         assert!(message.contains("#1 [completed] inspect workspace"));

From b75a1591760f534f9911a4acb3769b0d277b3844 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 22:58:51 -0700
Subject: [PATCH 278/283] fix: harden slop ledger rescue paths

---
 crates/tui/src/commands/config.rs |   2 +-
 crates/tui/src/commands/mod.rs    |   2 +-
 crates/tui/src/core/engine.rs     |  57 +++++++++-------
 crates/tui/src/localization.rs    |   7 ++
 crates/tui/src/slop_ledger.rs     | 108 +++++++++++++++++++++++++-----
 5 files changed, 131 insertions(+), 45 deletions(-)

diff --git a/crates/tui/src/commands/config.rs b/crates/tui/src/commands/config.rs
index 30c08c61..22b33f29 100644
--- a/crates/tui/src/commands/config.rs
+++ b/crates/tui/src/commands/config.rs
@@ -721,7 +721,7 @@ pub fn slop(_app: &mut App, arg: Option<&str>) -> CommandResult {
                 let _ = writeln!(
                     out,
                     "[{}] {} ({:?} | {:?}) — {}",
-                    &entry.id[..8],
+                    crate::slop_ledger::short_id(&entry.id),
                     entry.bucket.as_str(),
                     entry.severity,
                     entry.status,
diff --git a/crates/tui/src/commands/mod.rs b/crates/tui/src/commands/mod.rs
index e6afed10..f146952b 100644
--- a/crates/tui/src/commands/mod.rs
+++ b/crates/tui/src/commands/mod.rs
@@ -545,7 +545,7 @@ pub const COMMANDS: &[CommandInfo] = &[
         name: "slop",
         aliases: &["canzha"],
         usage: "/slop [query|export]",
-        description_id: MessageId::CmdHelpDescription,
+        description_id: MessageId::CmdSlopDescription,
     },
 ];
 
diff --git a/crates/tui/src/core/engine.rs b/crates/tui/src/core/engine.rs
index b8070b25..8295ee58 100644
--- a/crates/tui/src/core/engine.rs
+++ b/crates/tui/src/core/engine.rs
@@ -12,7 +12,7 @@ use std::collections::hash_map::DefaultHasher;
 use std::hash::{Hash, Hasher};
 use std::path::PathBuf;
 use std::sync::{Arc, Mutex as StdMutex};
-use std::time::{Duration, Instant};
+use std::time::{Duration, Instant, SystemTime};
 
 use anyhow::Result;
 use futures_util::StreamExt;
@@ -331,11 +331,10 @@ pub struct Engine {
     /// Diagnostics collected during the current step's tool calls. Drained
     /// and forwarded as a synthetic user message before the next API call.
     pending_lsp_blocks: Vec<crate::lsp::DiagnosticBlock>,
-    /// Cached SlopLedger gate block so `refresh_system_prompt` doesn't hit
-    /// the filesystem on every turn (#2127). `None` = not yet loaded;
-    /// `Some(None)` = loaded, no open entries; `Some(Some(...))` = loaded,
-    /// gate block ready.
-    slop_ledger_gate_cache: Option<Option<String>>,
+    /// Cached SlopLedger gate block keyed by the ledger file's modified time.
+    /// This keeps prompt refreshes cheap while still noticing append/update
+    /// writes from slop ledger tools during the same session.
+    slop_ledger_gate_cache: Option<(Option<SystemTime>, Option<String>)>,
 }
 
 // === Internal tool helpers ===
@@ -1851,25 +1850,8 @@ impl Engine {
 
         // SlopLedger completion-gate: inject unresolved slop entries into the
         // system prompt so the agent can autonomously review them before
-        // claiming the task is done (#2127). Cached to avoid filesystem I/O on
-        // every turn — only re-loaded when the cache is empty (first call or
-        // after invalidation).
-        let gate_block = match &self.slop_ledger_gate_cache {
-            Some(cached) => cached.clone(),
-            None => {
-                let loaded = crate::slop_ledger::SlopLedger::load()
-                    .ok()
-                    .and_then(|ledger| {
-                        if ledger.has_open_entries() {
-                            ledger.completion_gate_summary()
-                        } else {
-                            None
-                        }
-                    });
-                self.slop_ledger_gate_cache = Some(loaded.clone());
-                loaded
-            }
-        };
+        // claiming the task is done (#2127).
+        let gate_block = self.slop_ledger_gate_block();
         if let Some(ref block) = gate_block {
             if let Some(SystemPrompt::Text(prompt_text)) = &mut stable_prompt {
                 prompt_text.push_str("\n\n");
@@ -1888,6 +1870,31 @@ impl Engine {
         }
     }
 
+    fn slop_ledger_gate_block(&mut self) -> Option<String> {
+        let modified = crate::slop_ledger::SlopLedger::default_path()
+            .ok()
+            .and_then(|path| std::fs::metadata(path).ok())
+            .and_then(|metadata| metadata.modified().ok());
+
+        if let Some((cached_modified, cached_block)) = &self.slop_ledger_gate_cache
+            && *cached_modified == modified
+        {
+            return cached_block.clone();
+        }
+
+        let loaded = crate::slop_ledger::SlopLedger::load()
+            .ok()
+            .and_then(|ledger| {
+                if ledger.has_open_entries() {
+                    ledger.completion_gate_summary()
+                } else {
+                    None
+                }
+            });
+        self.slop_ledger_gate_cache = Some((modified, loaded.clone()));
+        loaded
+    }
+
     fn merge_compaction_summary(&mut self, summary_prompt: Option<SystemPrompt>) {
         if summary_prompt.is_none() {
             return;
diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index 874bb2ec..054b4fe6 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -298,6 +298,7 @@ pub enum MessageId {
     CmdSettingsDescription,
     CmdSkillDescription,
     CmdSkillsDescription,
+    CmdSlopDescription,
     CmdStashDescription,
     CmdStatusDescription,
     CmdStatuslineDescription,
@@ -531,6 +532,7 @@ pub const ALL_MESSAGE_IDS: &[MessageId] = &[
     MessageId::CmdSettingsDescription,
     MessageId::CmdSkillDescription,
     MessageId::CmdSkillsDescription,
+    MessageId::CmdSlopDescription,
     MessageId::CmdStashDescription,
     MessageId::CmdStatusDescription,
     MessageId::CmdStatuslineDescription,
@@ -979,6 +981,7 @@ fn english(id: MessageId) -> &'static str {
         MessageId::CmdSkillsDescription => {
             "List local skills (filter by `/skills <prefix>`; --remote browses the curated registry)"
         }
+        MessageId::CmdSlopDescription => "Inspect or export the SlopLedger",
         MessageId::CmdStashDescription => {
             "Park or restore a composer draft (Ctrl+S to push, /stash list/pop)"
         }
@@ -1367,6 +1370,7 @@ fn japanese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdSkillsDescription => {
             "ローカルスキルを一覧表示（`/skills <prefix>` で絞り込み、--remote で精選レジストリを参照）"
         }
+        MessageId::CmdSlopDescription => "Inspect or export the SlopLedger",
         MessageId::CmdStashDescription => {
             "コンポーザーの下書きを退避／復元（Ctrl+S で退避、/stash list|pop）"
         }
@@ -1708,6 +1712,7 @@ fn chinese_simplified(id: MessageId) -> Option<&'static str> {
         MessageId::CmdSkillsDescription => {
             "列出本地技能（用 `/skills <prefix>` 按名称前缀过滤，--remote 浏览精选注册表）"
         }
+        MessageId::CmdSlopDescription => "Inspect or export the SlopLedger",
         MessageId::CmdStashDescription => "暂存或恢复输入草稿（Ctrl+S 暂存，/stash list|pop）",
         MessageId::CmdStatusDescription => "显示当前运行状态",
         MessageId::CmdStatuslineDescription => "配置底栏要显示哪些条目",
@@ -2045,6 +2050,7 @@ fn portuguese_brazil(id: MessageId) -> Option<&'static str> {
         MessageId::CmdSkillsDescription => {
             "Listar skills locais (filtre com `/skills <prefixo>`; --remote navega pelo registro curado)"
         }
+        MessageId::CmdSlopDescription => "Inspect or export the SlopLedger",
         MessageId::CmdStashDescription => {
             "Estacionar ou restaurar rascunho do compositor (Ctrl+S estaciona, /stash list|pop)"
         }
@@ -2436,6 +2442,7 @@ fn spanish_latin_america(id: MessageId) -> Option<&'static str> {
         MessageId::CmdSkillsDescription => {
             "Listar skills locales (filtra con `/skills <prefijo>`; --remote navega el registro curado)"
         }
+        MessageId::CmdSlopDescription => "Inspect or export the SlopLedger",
         MessageId::CmdStashDescription => {
             "Estacionar o restaurar borrador del compositor (Ctrl+S estaciona, /stash list|pop)"
         }
diff --git a/crates/tui/src/slop_ledger.rs b/crates/tui/src/slop_ledger.rs
index 7a0f6048..30571252 100644
--- a/crates/tui/src/slop_ledger.rs
+++ b/crates/tui/src/slop_ledger.rs
@@ -304,9 +304,9 @@ impl SlopLedger {
     }
 
     /// Append one or more entries. Returns the new entry count and
-    /// the short ids of the appended entries (first 8 chars).
+    /// the short ids of the appended entries.
     pub fn append(&mut self, entries: Vec<SlopEntry>) -> (usize, Vec<String>) {
-        let ids: Vec<String> = entries.iter().map(|e| e.id[..8].to_string()).collect();
+        let ids: Vec<String> = entries.iter().map(|e| short_id(&e.id)).collect();
         self.entries.extend(entries);
         (self.entries.len(), ids)
     }
@@ -375,18 +375,21 @@ impl SlopLedger {
         status: SlopEntryStatus,
         cleanup_recommendation: Option<String>,
     ) -> io::Result<Option<&SlopEntry>> {
-        let entry = match self.find_mut(id) {
-            Some(e) => e,
-            None => return Ok(None),
+        let full_id = {
+            let entry = match self.find_mut(id) {
+                Some(e) => e,
+                None => return Ok(None),
+            };
+            entry.status = status;
+            entry.updated_at = chrono::Utc::now().to_rfc3339();
+            if let Some(rec) = cleanup_recommendation {
+                entry.cleanup_recommendation = Some(rec);
+            }
+            entry.id.clone()
         };
-        entry.status = status;
-        entry.updated_at = chrono::Utc::now().to_rfc3339();
-        if let Some(rec) = cleanup_recommendation {
-            entry.cleanup_recommendation = Some(rec);
-        }
         self.save()?;
-        // Return a shared ref to the updated entry
-        Ok(self.entries.iter().find(|e| e.id == id))
+        // Return a shared ref to the updated entry.
+        Ok(self.entries.iter().find(|e| e.id == full_id))
     }
 
     /// Export all entries as a Markdown string suitable for handoff or
@@ -430,7 +433,7 @@ impl SlopLedger {
                 let title = truncate_str(&e.title, 60);
                 out.push_str(&format!(
                     "| {} | {:?} | {:?} | {:?} | {title} | {source} |\n",
-                    &e.id[..8],
+                    short_id(&e.id),
                     e.severity,
                     e.confidence,
                     e.status
@@ -440,7 +443,7 @@ impl SlopLedger {
 
             // Detailed entries
             for e in bucket_entries {
-                out.push_str(&format!("### {} — {}\n\n", &e.id[..8], e.title));
+                out.push_str(&format!("### {} — {}\n\n", short_id(&e.id), e.title));
                 out.push_str(&format!("- **Severity**: {:?}\n", e.severity));
                 out.push_str(&format!("- **Confidence**: {:?}\n", e.confidence));
                 out.push_str(&format!("- **Status**: {:?}\n", e.status));
@@ -729,7 +732,7 @@ impl ToolSpec for SlopLedgerQueryTool {
         for entry in &results {
             out.push_str(&format!(
                 "- [{}] **{}** ({:?} | {:?} | {:?}) — {}\n",
-                &entry.id[..8],
+                short_id(&entry.id),
                 entry.bucket.as_str(),
                 entry.severity,
                 entry.confidence,
@@ -806,7 +809,7 @@ impl ToolSpec for SlopLedgerUpdateTool {
         match ledger.update_status(id, status, cleanup) {
             Ok(Some(entry)) => Ok(ToolResult::success(format!(
                 "Updated slop ledger entry {} ({}) → {:?}",
-                &entry.id[..8],
+                short_id(&entry.id),
                 entry.title,
                 entry.status
             ))),
@@ -912,6 +915,14 @@ fn truncate_str(s: &str, max_chars: usize) -> String {
     format!("{truncated}…")
 }
 
+/// Return a display-safe short id without assuming byte offsets are char
+/// boundaries. Ledger ids are normally UUIDs, but imported or hand-edited
+/// ledgers may contain shorter or non-ASCII ids.
+#[must_use]
+pub fn short_id(id: &str) -> String {
+    id.chars().take(8).collect()
+}
+
 /// Redact sensitive patterns from exported text: API keys and secrets
 /// paths. Scan the output for known key prefixes (`sk-`, `Bearer `, `dsk-`)
 /// and replace the token until a whitespace / punctuation boundary with
@@ -961,7 +972,7 @@ fn redact_exported_text(text: &mut String) {
 
 impl SlopLedger {
     /// Completion-gate / verifier hook: returns `true` when there are
-    /// unresolved slop entries (status `Open` or `Investigate`) that the
+    /// unresolved slop entries (status `Open` or `InProgress`) that the
     /// agent should review before claiming the task is done.
     ///
     /// Tools and engine hooks can call this on claim-of-done to surface
@@ -1005,7 +1016,7 @@ impl SlopLedger {
             out.push_str(&format!(
                 "- **{}** `{}` ({:?}/{:?}): {}\n",
                 e.bucket.as_str(),
-                &e.id[..8],
+                short_id(&e.id),
                 e.severity,
                 e.confidence,
                 truncate_str(&e.title, 80),
@@ -1062,6 +1073,44 @@ mod tests {
         assert_eq!(loaded.entries[0].title, "README is outdated");
     }
 
+    #[test]
+    fn short_id_handles_short_and_non_ascii_ids() {
+        assert_eq!(short_id("abc"), "abc");
+        assert_eq!(short_id("abcdefghi"), "abcdefgh");
+        assert_eq!(short_id("残渣-ledger-entry"), "残渣-ledge");
+    }
+
+    #[test]
+    fn display_paths_do_not_panic_on_short_or_non_ascii_ids() {
+        let (_tmp, mut ledger) = temp_ledger();
+
+        let mut short = SlopEntry::new(
+            SlopBucket::StaleDocs,
+            SlopSeverity::Low,
+            SlopConfidence::High,
+            "short id".into(),
+            "desc".into(),
+        );
+        short.id = "abc".into();
+
+        let mut unicode = SlopEntry::new(
+            SlopBucket::ToolGaps,
+            SlopSeverity::Medium,
+            SlopConfidence::Medium,
+            "unicode id".into(),
+            "desc".into(),
+        );
+        unicode.id = "残渣-ledger-entry".into();
+
+        let (_total, ids) = ledger.append(vec![short, unicode]);
+        assert_eq!(ids, vec!["abc", "残渣-ledge"]);
+
+        let md = ledger.export_markdown(None, None);
+        assert!(md.contains("| abc |"));
+        assert!(md.contains("| 残渣-ledge |"));
+        assert!(ledger.completion_gate_summary().is_some());
+    }
+
     #[test]
     fn query_by_bucket() {
         let (_tmp, mut ledger) = temp_ledger();
@@ -1144,6 +1193,29 @@ mod tests {
         );
     }
 
+    #[test]
+    fn update_status_returns_entry_for_prefix_match() {
+        let (_tmp, mut ledger) = temp_ledger();
+
+        let entry = SlopEntry::new(
+            SlopBucket::NamingDrift,
+            SlopSeverity::Low,
+            SlopConfidence::High,
+            "naming issue".into(),
+            "desc".into(),
+        );
+        let id = entry.id.clone();
+        let prefix = short_id(&id);
+        let _ = ledger.append(vec![entry]);
+        ledger.save().unwrap();
+
+        let result = ledger
+            .update_status(&prefix, SlopEntryStatus::Resolved, None)
+            .unwrap();
+
+        assert_eq!(result.map(|entry| entry.id.as_str()), Some(id.as_str()));
+    }
+
     #[test]
     fn export_markdown() {
         let (_tmp, mut ledger) = temp_ledger();

From a0bab58059068e14210a9f92b09a5d8ac8d4815d Mon Sep 17 00:00:00 2001
From: Zhuoran Deng <dengzhuoran9@gmail.com>
Date: Sun, 31 May 2026 14:02:22 +0800
Subject: [PATCH 279/283] fix(runtime): restore mobile retry guards

---
 crates/tui/src/runtime_mobile.html | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/crates/tui/src/runtime_mobile.html b/crates/tui/src/runtime_mobile.html
index cf8d6e44..be1cae50 100644
--- a/crates/tui/src/runtime_mobile.html
+++ b/crates/tui/src/runtime_mobile.html
@@ -364,12 +364,17 @@
     async function decideApproval(approvalId, decision, container) {
       for (const button of container.querySelectorAll("button")) button.disabled = true;
       const remember = $("remember-approval").checked;
-      const result = await api("/v1/approvals/" + encodeURIComponent(approvalId), {
-        method: "POST",
-        body: JSON.stringify({ decision, remember })
-      });
-      const decided = result?.decision ?? decision;
-      container.innerHTML = "<span class='meta'>Decision sent: " + escapeHtml(decided) + "</span>";
+      try {
+        const result = await api("/v1/approvals/" + encodeURIComponent(approvalId), {
+          method: "POST",
+          body: JSON.stringify({ decision, remember })
+        });
+        const decided = result?.decision ?? decision;
+        container.innerHTML = "<span class='meta'>Decision sent: " + escapeHtml(decided) + "</span>";
+      } catch (err) {
+        for (const button of container.querySelectorAll("button")) button.disabled = false;
+        throw err;
+      }
     }
 
     function appendEvent(name, data) {
@@ -412,7 +417,7 @@
       const threads = await api("/v1/threads/summary?limit=60&include_archived=false");
       const list = $("threads");
       list.innerHTML = "";
-      if (!threads.length) {
+      if (!threads || !threads.length) {
         list.innerHTML = "<div class='empty'>No active threads.</div>";
         return;
       }

From 91d0921091634001f881d6349d8a4d228a6d28a0 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 23:08:20 -0700
Subject: [PATCH 280/283] fix: update user command hunt metadata

---
 crates/tui/src/commands/user_commands.rs | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/crates/tui/src/commands/user_commands.rs b/crates/tui/src/commands/user_commands.rs
index b8db3b01..7ad330f8 100644
--- a/crates/tui/src/commands/user_commands.rs
+++ b/crates/tui/src/commands/user_commands.rs
@@ -192,14 +192,14 @@ pub fn try_dispatch_user_command(app: &mut App, input: &str) -> Option<CommandRe
     for (name, content) in &user_commands {
         if name == command {
             let (metadata, body) = parse_frontmatter(content);
-            app.goal.goal_objective = None;
-            app.goal.goal_started_at = None;
+            app.hunt.quarry = None;
+            app.hunt.started_at = None;
             app.active_allowed_tools = None;
             for (key, value) in &metadata {
                 match key.as_str() {
                     "description" => {
-                        app.goal.goal_objective = Some(value.clone());
-                        app.goal.goal_started_at = Some(std::time::Instant::now());
+                        app.hunt.quarry = Some(value.clone());
+                        app.hunt.started_at = Some(std::time::Instant::now());
                     }
                     "allowed-tools" => {
                         app.active_allowed_tools = Some(parse_allowed_tools(value));
@@ -603,13 +603,13 @@ mod tests {
 
         let mut app = App::new(test_options(ws), &Config::default());
         let _ = try_dispatch_user_command(&mut app, "/described").unwrap();
-        assert_eq!(app.goal.goal_objective.as_deref(), Some("Scan repos"));
-        assert!(app.goal.goal_started_at.is_some());
+        assert_eq!(app.hunt.quarry.as_deref(), Some("Scan repos"));
+        assert!(app.hunt.started_at.is_some());
         assert_eq!(app.active_allowed_tools, Some(vec!["bash".to_string()]));
 
         let _ = try_dispatch_user_command(&mut app, "/plain").unwrap();
-        assert_eq!(app.goal.goal_objective, None);
-        assert_eq!(app.goal.goal_started_at, None);
+        assert_eq!(app.hunt.quarry, None);
+        assert_eq!(app.hunt.started_at, None);
         assert_eq!(app.active_allowed_tools, None);
     }
 
@@ -628,7 +628,7 @@ mod tests {
         let mut app = App::new(test_options(ws.clone()), &Config::default());
         let _ = try_dispatch_user_command(&mut app, "/git-scan").unwrap();
         assert_eq!(
-            app.goal.goal_objective.as_deref(),
+            app.hunt.quarry.as_deref(),
             Some("Scan nested git repositories")
         );
         let commands = load_user_commands(Some(&ws));

From a9c0a4ae3c5e62cb39dbf29aa9a26b58c4cfedbe Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 23:08:59 -0700
Subject: [PATCH 281/283] fix: cover slop command in Vietnamese locale

---
 crates/tui/src/localization.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crates/tui/src/localization.rs b/crates/tui/src/localization.rs
index cca85a16..a2f0cc44 100644
--- a/crates/tui/src/localization.rs
+++ b/crates/tui/src/localization.rs
@@ -1460,6 +1460,7 @@ fn vietnamese(id: MessageId) -> Option<&'static str> {
         MessageId::CmdSkillsDescription => {
             "Liệt kê các kỹ năng cục bộ (lọc bằng `/skills <tiền_tố>`; --remote để duyệt kho lưu trữ được kiểm duyệt)"
         }
+        MessageId::CmdSlopDescription => "Kiểm tra hoặc xuất SlopLedger",
         MessageId::CmdStashDescription => {
             "Tạm cất hoặc khôi phục bản nháp (Ctrl+S để cất, /stash list/pop để xem/lấy ra)"
         }

From 137e4e613058cdea8fb175a9102b71f371a009d6 Mon Sep 17 00:00:00 2001
From: Hunter B <hmbown@gmail.com>
Date: Sat, 30 May 2026 23:19:01 -0700
Subject: [PATCH 282/283] fix: reset hunt state for user commands

---
 crates/tui/src/commands/user_commands.rs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/crates/tui/src/commands/user_commands.rs b/crates/tui/src/commands/user_commands.rs
index 7ad330f8..48260bfe 100644
--- a/crates/tui/src/commands/user_commands.rs
+++ b/crates/tui/src/commands/user_commands.rs
@@ -21,7 +21,7 @@
 use std::collections::HashSet;
 use std::path::{Path, PathBuf};
 
-use crate::tui::app::{App, AppAction};
+use crate::tui::app::{App, AppAction, HuntVerdict};
 
 use super::CommandResult;
 
@@ -194,6 +194,8 @@ pub fn try_dispatch_user_command(app: &mut App, input: &str) -> Option<CommandRe
             let (metadata, body) = parse_frontmatter(content);
             app.hunt.quarry = None;
             app.hunt.started_at = None;
+            app.hunt.verdict = HuntVerdict::Hunting;
+            app.hunt.token_budget = None;
             app.active_allowed_tools = None;
             for (key, value) in &metadata {
                 match key.as_str() {
@@ -605,11 +607,17 @@ mod tests {
         let _ = try_dispatch_user_command(&mut app, "/described").unwrap();
         assert_eq!(app.hunt.quarry.as_deref(), Some("Scan repos"));
         assert!(app.hunt.started_at.is_some());
+        assert_eq!(app.hunt.verdict, crate::tui::app::HuntVerdict::Hunting);
+        assert_eq!(app.hunt.token_budget, None);
         assert_eq!(app.active_allowed_tools, Some(vec!["bash".to_string()]));
 
+        app.hunt.verdict = crate::tui::app::HuntVerdict::Escaped;
+        app.hunt.token_budget = Some(42);
         let _ = try_dispatch_user_command(&mut app, "/plain").unwrap();
         assert_eq!(app.hunt.quarry, None);
         assert_eq!(app.hunt.started_at, None);
+        assert_eq!(app.hunt.verdict, crate::tui::app::HuntVerdict::Hunting);
+        assert_eq!(app.hunt.token_budget, None);
         assert_eq!(app.active_allowed_tools, None);
     }
 

From 32c85300dd3882a1915c4a2ea037c1fd1fd259e9 Mon Sep 17 00:00:00 2001
From: zLeoAlex <z.alex.leo@outlook.com>
Date: Sun, 31 May 2026 14:29:23 +0800
Subject: [PATCH 283/283] fix(tui): stop compacting tool outputs on session
 save/load to preserve LLM cache

---
 crates/tui/src/commands/session.rs |  7 ++---
 crates/tui/src/session_manager.rs  | 47 +++++++++---------------------
 2 files changed, 16 insertions(+), 38 deletions(-)

diff --git a/crates/tui/src/commands/session.rs b/crates/tui/src/commands/session.rs
index a54426c1..2e39bc50 100644
--- a/crates/tui/src/commands/session.rs
+++ b/crates/tui/src/commands/session.rs
@@ -48,9 +48,7 @@ pub fn save(app: &mut App, path: Option<&str>) -> CommandResult {
 
     match std::fs::create_dir_all(&sessions_dir) {
         Ok(()) => {
-            let mut persisted = session.clone();
-            crate::session_manager::compact_session_tool_outputs(&mut persisted);
-            let json = match serde_json::to_string_pretty(&persisted) {
+            let json = match serde_json::to_string_pretty(&session) {
                 Ok(j) => j,
                 Err(e) => return CommandResult::error(format!("Failed to serialize session: {e}")),
             };
@@ -221,13 +219,12 @@ pub fn load(app: &mut App, path: Option<&str>) -> CommandResult {
         }
     };
 
-    let mut session: crate::session_manager::SavedSession = match serde_json::from_str(&content) {
+    let session: crate::session_manager::SavedSession = match serde_json::from_str(&content) {
         Ok(s) => s,
         Err(e) => {
             return CommandResult::error(format!("Failed to parse session file: {e}"));
         }
     };
-    crate::session_manager::compact_session_tool_outputs(&mut session);
 
     app.api_messages.clone_from(&session.messages);
     app.clear_history();
diff --git a/crates/tui/src/session_manager.rs b/crates/tui/src/session_manager.rs
index cf13a388..e1ac5e25 100644
--- a/crates/tui/src/session_manager.rs
+++ b/crates/tui/src/session_manager.rs
@@ -261,10 +261,7 @@ impl SessionManager {
     pub fn save_session(&self, session: &SavedSession) -> std::io::Result<PathBuf> {
         let path = self.validated_session_path(&session.metadata.id)?;
 
-        let mut persisted = session.clone();
-        compact_session_tool_outputs(&mut persisted);
-
-        let content = serde_json::to_string_pretty(&persisted)
+        let content = serde_json::to_string_pretty(&session)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
 
         // Atomic write via write_atomic (NamedTempFile + fsync + persist)
@@ -281,9 +278,7 @@ impl SessionManager {
         let checkpoints = self.sessions_dir.join("checkpoints");
         fs::create_dir_all(&checkpoints)?;
         let path = checkpoints.join("latest.json");
-        let mut persisted = session.clone();
-        compact_session_tool_outputs(&mut persisted);
-        let content = serde_json::to_string_pretty(&persisted)
+        let content = serde_json::to_string_pretty(&session)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
         write_atomic(&path, content.as_bytes())?;
         Ok(path)
@@ -296,7 +291,7 @@ impl SessionManager {
             return Ok(None);
         }
         let content = fs::read_to_string(&path)?;
-        let mut session: SavedSession = serde_json::from_str(&content)
+        let session: SavedSession = serde_json::from_str(&content)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
         if session.schema_version > CURRENT_SESSION_SCHEMA_VERSION {
             return Err(std::io::Error::new(
@@ -307,7 +302,6 @@ impl SessionManager {
                 ),
             ));
         }
-        compact_session_tool_outputs(&mut session);
         Ok(Some(session))
     }
 
@@ -378,7 +372,7 @@ impl SessionManager {
         let path = self.validated_session_path(id)?;
 
         let content = fs::read_to_string(&path)?;
-        let mut session: SavedSession = serde_json::from_str(&content)
+        let session: SavedSession = serde_json::from_str(&content)
             .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))?;
         if session.schema_version > CURRENT_SESSION_SCHEMA_VERSION {
             return Err(std::io::Error::new(
@@ -390,7 +384,6 @@ impl SessionManager {
             ));
         }
 
-        compact_session_tool_outputs(&mut session);
         Ok(session)
     }
 
@@ -767,17 +760,6 @@ pub fn update_session(
     session
 }
 
-pub(crate) fn compact_session_tool_outputs(
-    session: &mut SavedSession,
-) -> crate::tool_output_receipts::ToolOutputReceiptStats {
-    let (messages, stats) = crate::tool_output_receipts::compact_messages_for_persistence(
-        &session.messages,
-        &session.artifacts,
-    );
-    session.messages = messages;
-    stats
-}
-
 /// Cap messages to [`MAX_PERSISTED_MESSAGES`], keeping the most recent.
 /// Returns the capped slice and an optional truncation note.
 fn cap_messages(messages: &[Message]) -> (Vec<Message>, Option<String>) {
@@ -1138,7 +1120,7 @@ mod tests {
     }
 
     #[test]
-    fn save_session_compacts_large_tool_outputs_to_artifact_receipts() {
+    fn save_session_preserves_large_tool_outputs_for_cache_fidelity() {
         let tmp = tempdir().expect("tempdir");
         let manager = SessionManager::new(tmp.path().join("sessions")).expect("new");
         let raw = "RAW_SESSION_SENTINEL\n".repeat(2_000);
@@ -1177,20 +1159,20 @@ mod tests {
 
         let path = manager.save_session(&session).expect("save");
         let persisted_json = fs::read_to_string(path).expect("read persisted session");
-        assert!(!persisted_json.contains("RAW_SESSION_SENTINEL"));
+        // Raw output is preserved in-session so resume can hit the LLM cache.
+        assert!(persisted_json.contains("RAW_SESSION_SENTINEL"));
 
         let loaded = manager.load_session(&session.metadata.id).expect("load");
         let ContentBlock::ToolResult { content, .. } = &loaded.messages[1].content[0] else {
             panic!("expected loaded tool result");
         };
-        assert!(!content.contains("RAW_SESSION_SENTINEL"));
-        assert!(content.contains("[TOOL_OUTPUT_RECEIPT]"));
-        assert!(content.contains("detail_handle: art_call-big"));
-        assert!(content.contains("retrieve: retrieve_tool_result ref=art_call-big"));
+        // Loaded session retains the original output for cache fidelity.
+        assert!(content.contains("RAW_SESSION_SENTINEL"));
+        assert!(!content.contains("[TOOL_OUTPUT_RECEIPT]"));
     }
 
     #[test]
-    fn load_session_compacts_legacy_large_tool_outputs_before_resume() {
+    fn load_session_preserves_legacy_large_tool_outputs_for_cache_fidelity() {
         let tmp = tempdir().expect("tempdir");
         let manager = SessionManager::new(tmp.path().join("sessions")).expect("new");
         let raw = "RAW_LEGACY_RESUME_SENTINEL\n".repeat(2_000);
@@ -1244,10 +1226,9 @@ mod tests {
         let ContentBlock::ToolResult { content, .. } = &loaded.messages[1].content[0] else {
             panic!("expected loaded tool result");
         };
-        assert!(!content.contains("RAW_LEGACY_RESUME_SENTINEL"));
-        assert!(content.contains("[TOOL_OUTPUT_RECEIPT]"));
-        assert!(content.contains("detail_handle: art_call-legacy"));
-        assert!(content.contains("retrieve: retrieve_tool_result ref=art_call-legacy"));
+        // Loaded session preserves original output so resume can hit the LLM cache.
+        assert!(content.contains("RAW_LEGACY_RESUME_SENTINEL"));
+        assert!(!content.contains("[TOOL_OUTPUT_RECEIPT]"));
     }
 
     #[test]