From bda237ca3a941b822917346d3a50adf039034ba3 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:27:38 +0200
Subject: [PATCH 01/14] Create testcontainer.gleam

---
 src/testcontainer.gleam | 468 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 468 insertions(+)
 create mode 100644 src/testcontainer.gleam

diff --git a/src/testcontainer.gleam b/src/testcontainer.gleam
new file mode 100644
index 0000000..66edde6
--- /dev/null
+++ b/src/testcontainer.gleam
@@ -0,0 +1,468 @@
+import gleam/dict
+import gleam/dynamic/decode
+import gleam/erlang/process
+import gleam/int
+import gleam/json
+import gleam/list
+import gleam/option.{type Option, None, Some}
+import gleam/result
+import gleam/string
+
+import testcontainer/container
+import testcontainer/error
+import testcontainer/exec
+import testcontainer/formula
+import testcontainer/internal/config
+import testcontainer/internal/docker
+import testcontainer/internal/wait_runner
+import testcontainer/network
+import testcontainer/stack as stack_mod
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/// Starts a container described by `spec` and returns it.
+/// The caller is responsible for calling `stop/1` when done.
+/// For automatic cleanup, prefer `with_container/2`.
+pub fn start(
+  spec: container.ContainerSpec,
+) -> Result(container.Container, error.Error) {
+  start_internal(spec)
+}
+
+fn start_internal(
+  spec: container.ContainerSpec,
+) -> Result(container.Container, error.Error) {
+  let cfg = config.load()
+  let keep = cfg.keep_containers
+  let stop_timeout = cfg.stop_timeout_sec
+  let gateway = resolve_gateway(cfg.host_override)
+
+  use _ <- result.try(docker.ping())
+
+  let image = container.image(spec)
+  use _ <- result.try(case cfg.pull_policy {
+    config.Never ->
+      case docker.image_exists(image) {
+        True -> Ok(Nil)
+        False ->
+          Error(error.ImagePullFailed(
+            image,
+            "TESTCONTAINERS_PULL_POLICY=never and image not present locally",
+          ))
+      }
+    config.IfMissing ->
+      case docker.image_exists(image) {
+        True -> Ok(Nil)
+        False -> docker.pull_image(image, cfg.registry_auth)
+      }
+    config.Always -> docker.pull_image(image, cfg.registry_auth)
+  })
+
+  use id <- result.try(docker.create_container(spec))
+
+  use _ <- result.try(
+    docker.start_container(id)
+    |> result.map_error(fn(e) {
+      let _ = docker.remove_container(id)
+      e
+    }),
+  )
+
+  let strategy = container.wait_strategy(spec)
+  use _ <- result.try(
+    wait_runner.run(strategy, id, gateway)
+    |> result.map_error(fn(e) {
+      // Container started but wait failed - clean it up before propagating.
+      let _ = docker.stop_container(id, stop_timeout)
+      let _ = docker.remove_container(id)
+      e
+    }),
+  )
+
+  use inspect <- result.try(
+    docker.inspect_container(id)
+    |> result.map_error(fn(e) {
+      let _ = docker.stop_container(id, stop_timeout)
+      let _ = docker.remove_container(id)
+      e
+    }),
+  )
+  use ports <- result.try(
+    parse_port_mapping(id, inspect)
+    |> result.map_error(fn(e) {
+      let _ = docker.stop_container(id, stop_timeout)
+      let _ = docker.remove_container(id)
+      e
+    }),
+  )
+  Ok(container.build(id, gateway, ports, keep, stop_timeout))
+}
+
+/// Stops and removes a container.
+/// When `TESTCONTAINERS_KEEP` is set (or the container was started via
+/// `start_and_keep/1`) the container is left running for manual
+/// inspection. Use `force_stop/1` to tear it down regardless.
+pub fn stop(c: container.Container) -> Result(Nil, error.Error) {
+  case container.keep(c) {
+    True -> Ok(Nil)
+    False -> force_stop(c)
+  }
+}
+
+/// Stops and removes a container ignoring the keep flag. Useful to
+/// programmatically tear down containers that were started with
+/// `start_and_keep/1` or under `TESTCONTAINERS_KEEP=true`.
+pub fn force_stop(c: container.Container) -> Result(Nil, error.Error) {
+  let id = container.id(c)
+  use _ <- result.try(docker.stop_container(id, container.stop_timeout_sec(c)))
+  docker.remove_container(id)
+}
+
+/// Starts a container, runs `body/1`, then stops and removes it.
+/// A linked guard process ensures cleanup also runs if the caller crashes.
+///
+///   use c <- testcontainer.with_container(spec)
+///
+pub fn with_container(
+  spec: container.ContainerSpec,
+  body: fn(container.Container) -> Result(a, error.Error),
+) -> Result(a, error.Error) {
+  use #(c, guard) <- result.try(start_guarded(spec))
+  let body_result = body(c)
+  combine(body_result, cleanup(c, guard))
+}
+
+/// Like `with_container/2` but maps the library's error type into a custom
+/// error type before propagating.
+///
+///   use c <- testcontainer.with_container_mapped(
+///     spec,
+///     fn(e) { MyError.Container(e) },
+///   )
+///
+pub fn with_container_mapped(
+  spec: container.ContainerSpec,
+  map_error: fn(error.Error) -> e,
+  body: fn(container.Container) -> Result(a, e),
+) -> Result(a, e) {
+  use #(started, guard) <- result.try(
+    start_guarded(spec) |> result.map_error(map_error),
+  )
+  let body_result = body(started)
+  combine(body_result, cleanup(started, guard) |> result.map_error(map_error))
+}
+
+/// Creates a Docker network, runs `body/1`, then removes it. Cleanup runs
+/// even if `body/1` returns an error. Re-export of `network.with_network/2`
+/// for one-import ergonomics.
+///
+///   use net <- testcontainer.with_network("test-net")
+///
+pub fn with_network(
+  name: String,
+  body: fn(network.Network) -> Result(a, error.Error),
+) -> Result(a, error.Error) {
+  network.with_network(name, body)
+}
+
+/// Builds a `Stack(output)` - a network plus a typed multi-container build
+/// function. See `with_stack/2`.
+pub fn stack(
+  network_name: String,
+  build: fn(network.Network) -> Result(output, error.Error),
+) -> stack_mod.Stack(output) {
+  stack_mod.new(network_name, build)
+}
+
+/// Creates the stack's network, runs the stack's build function to produce
+/// a typed `output`, then runs `body/1` against that output. The network is
+/// torn down after `body/1` returns. The recommended pattern is to let the
+/// stack provide a `Network` and nest `with_container` / `with_formula`
+/// calls inside `body`, so each container is cleaned up by its own guard
+/// before the network is removed:
+///
+///   use net <- testcontainer.with_stack(
+///     testcontainer.stack("app-test-net", fn(n) { Ok(n) }),
+///   )
+///   use pg <- testcontainer.with_formula(
+///     postgres.new() |> postgres.on_network(net) |> postgres.formula(),
+///   )
+///   // ...
+///
+/// See `testcontainer/stack.{Stack}` for notes on advanced builders.
+pub fn with_stack(
+  s: stack_mod.Stack(output),
+  body: fn(output) -> Result(a, error.Error),
+) -> Result(a, error.Error) {
+  network.with_network(stack_mod.name(s), fn(net) {
+    use out <- result.try(stack_mod.run(s, net))
+    body(out)
+  })
+}
+
+/// Executes a command inside a running container.
+pub fn exec(
+  c: container.Container,
+  cmd: List(String),
+) -> Result(exec.ExecResult, error.Error) {
+  docker.exec_container(container.id(c), cmd)
+}
+
+/// Returns the combined stdout+stderr log output of a running container
+/// (full log).
+pub fn logs(c: container.Container) -> Result(String, error.Error) {
+  docker.container_logs(container.id(c), None)
+}
+
+/// Like `logs/1` but returns only the last `n` lines.
+pub fn logs_tail(
+  c: container.Container,
+  n: Int,
+) -> Result(String, error.Error) {
+  docker.container_logs(container.id(c), Some(n))
+}
+
+/// Copies a file from the host filesystem into a running container.
+/// `host_path` must be an absolute path to a readable file on the host.
+/// `container_path` is the absolute destination path inside the container.
+///
+///   use _ <- result.try(testcontainer.copy_file_to(c, "/host/init.sql", "/tmp/init.sql"))
+///
+pub fn copy_file_to(
+  c: container.Container,
+  host_path: String,
+  container_path: String,
+) -> Result(Nil, error.Error) {
+  docker.copy_file_to(container.id(c), host_path, container_path)
+}
+
+/// Starts a container using a `Formula`, extracts the typed output, then
+/// calls `body/1`. Lifecycle and cleanup work exactly like `with_container/2`.
+///
+///   use pg <- testcontainer.with_formula(postgres.formula(config))
+///   // pg :: PostgresContainer
+///
+pub fn with_formula(
+  f: formula.Formula(output),
+  body: fn(output) -> Result(a, error.Error),
+) -> Result(a, error.Error) {
+  use #(c, guard) <- result.try(start_guarded(formula.spec(f)))
+  let body_result = result.try(formula.extract(f, c), body)
+  combine(body_result, cleanup(c, guard))
+}
+
+// ---------------------------------------------------------------------------
+// Lifecycle helpers
+// ---------------------------------------------------------------------------
+
+// Send GuardStop and synchronously stop the container.
+fn cleanup(
+  c: container.Container,
+  guard: process.Subject(GuardEvent),
+) -> Result(Nil, error.Error) {
+  process.send(guard, GuardStop)
+  stop(c)
+}
+
+// Body's outcome wins. If body succeeded but cleanup failed, surface the
+// cleanup failure so the caller knows the container was leaked.
+fn combine(body: Result(a, e), cleanup: Result(Nil, e)) -> Result(a, e) {
+  case body, cleanup {
+    Ok(_), Error(e) -> Error(e)
+    _, _ -> body
+  }
+}
+
+/// Starts a container and forces the keep flag, so it will NOT be removed
+/// by `stop/1` even if `TESTCONTAINERS_KEEP=false`. Useful for inspection
+/// and debugging from a REPL.
+pub fn start_and_keep(
+  spec: container.ContainerSpec,
+) -> Result(container.Container, error.Error) {
+  use #(c, guard) <- result.try(start_guarded(spec))
+  process.send(guard, GuardStop)
+  Ok(container.with_keep(c, True))
+}
+
+// ---------------------------------------------------------------------------
+// Guard process
+// ---------------------------------------------------------------------------
+//
+// GuardStop  - parent finished normally; guard exits, no cleanup needed.
+// ParentDown - parent crashed; guard stops and removes the container.
+
+type GuardEvent {
+  GuardStop
+  ParentDown
+}
+
+fn start_guarded(
+  spec: container.ContainerSpec,
+) -> Result(#(container.Container, process.Subject(GuardEvent)), error.Error) {
+  let startup_subject: process.Subject(
+    Result(#(container.Container, process.Subject(GuardEvent)), error.Error),
+  ) = process.new_subject()
+
+  // process.spawn/1 from gleam_erlang is `proc_lib:spawn_link/1` - the link
+  // to the caller is established atomically with the spawn, so the guard is
+  // notified of any caller crash even during startup.
+  process.spawn(fn() {
+    process.trap_exits(True)
+    let guard = process.new_subject()
+    case start_internal(spec) {
+      Ok(c) -> {
+        process.send(startup_subject, Ok(#(c, guard)))
+        guard_loop(
+          container.id(c),
+          guard,
+          container.keep(c),
+          container.stop_timeout_sec(c),
+        )
+      }
+      Error(e) -> process.send(startup_subject, Error(e))
+    }
+  })
+  let selector = process.new_selector() |> process.select(startup_subject)
+  process.selector_receive_forever(selector)
+}
+
+fn guard_loop(
+  id: String,
+  subject: process.Subject(GuardEvent),
+  keep: Bool,
+  stop_timeout: Int,
+) -> Nil {
+  let selector =
+    process.new_selector()
+    |> process.select(subject)
+    |> process.select_trapped_exits(fn(_) { ParentDown })
+  case process.selector_receive_forever(selector) {
+    GuardStop -> Nil
+    ParentDown ->
+      case keep {
+        True -> Nil
+        False -> {
+          // Fire-and-forget: guard exits immediately; cleanup runs async.
+          // The transport layer enforces per-call timeouts (connect 5 s, recv 30 s).
+          process.spawn(fn() {
+            let _ = docker.stop_container(id, stop_timeout)
+            let _ = docker.remove_container(id)
+            Nil
+          })
+          Nil
+        }
+      }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+
+// The "Gateway" field from inspect is the bridge IP - unreachable from the
+// host on macOS / WSL2 Docker Desktop. Mapped ports are bound to 127.0.0.1
+// on every supported platform, so localhost is the safe default. Users on
+// remote/CI Docker hosts can override with TESTCONTAINERS_HOST_OVERRIDE.
+fn resolve_gateway(host_override: Option(String)) -> String {
+  case host_override {
+    Some(h) -> h
+    None -> "127.0.0.1"
+  }
+}
+
+fn parse_port_mapping(
+  container_id: String,
+  inspect_json: String,
+) -> Result(dict.Dict(#(Int, String), Int), error.Error) {
+  let ports_decoder =
+    decode.at(
+      ["NetworkSettings", "Ports"],
+      decode.dict(
+        decode.string,
+        decode.optional(decode.list(port_binding_decoder())),
+      ),
+    )
+
+  use decoded <- result.try(
+    json.parse(inspect_json, ports_decoder)
+    |> result.map_error(fn(_) {
+      error.PortMappingParseFailed(
+        container_id,
+        "unable to decode inspect NetworkSettings.Ports payload",
+      )
+    }),
+  )
+  use mappings <- result.try(
+    decoded
+    |> dict.to_list
+    |> list.try_map(entry_to_mapping)
+    |> result.map_error(fn(reason) {
+      error.PortMappingParseFailed(container_id, reason)
+    }),
+  )
+  Ok(dict.from_list(mappings))
+}
+
+fn entry_to_mapping(
+  entry: #(String, Option(List(PortBinding))),
+) -> Result(#(#(Int, String), Int), String) {
+  let #(spec, bindings) = entry
+  use key <- result.try(case parse_port_spec(spec) {
+    Some(parsed) -> Ok(parsed)
+    None -> Error("invalid inspect port key: " <> spec)
+  })
+  use bs <- result.try(case bindings {
+    Some(value) -> Ok(value)
+    None -> Error("no host binding in inspect for port key: " <> spec)
+  })
+  use host_port <- result.try(case pick_binding(bs) {
+    Some(value) -> Ok(value)
+    None -> Error("invalid host port binding in inspect for key: " <> spec)
+  })
+  Ok(#(key, host_port))
+}
+
+// Prefer IPv4 (HostIp "" or "0.0.0.0") over IPv6 (::), then take the first.
+fn pick_binding(bs: List(PortBinding)) -> Option(Int) {
+  list.find(bs, fn(b: PortBinding) { b.host_ip == "0.0.0.0" || b.host_ip == "" })
+  |> result.try_recover(fn(_) { list.first(bs) })
+  |> result.try(fn(b) { int.parse(b.host_port) })
+  |> option_from_result
+}
+
+fn option_from_result(r: Result(a, b)) -> Option(a) {
+  case r {
+    Ok(v) -> Some(v)
+    Error(_) -> None
+  }
+}
+
+type PortBinding {
+  PortBinding(host_ip: String, host_port: String)
+}
+
+fn port_binding_decoder() -> decode.Decoder(PortBinding) {
+  use host_ip <- decode.field("HostIp", decode.string)
+  use host_port <- decode.field("HostPort", decode.string)
+  decode.success(PortBinding(host_ip, host_port))
+}
+
+// Parse a Docker "Ports" key (e.g. "5432/tcp", "53/udp") into
+// (port_number, protocol).
+fn parse_port_spec(port_spec: String) -> Option(#(Int, String)) {
+  case string.split(port_spec, "/") {
+    [p, proto] ->
+      case int.parse(p) {
+        Ok(i) -> Some(#(i, proto))
+        Error(_) -> None
+      }
+    [p] ->
+      case int.parse(p) {
+        Ok(i) -> Some(#(i, "tcp"))
+        Error(_) -> None
+      }
+    _ -> None
+  }
+}

From aa3afd9bb23f6d53a8b214c0700d9751eba50862 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:29:58 +0200
Subject: [PATCH 02/14] Add testcontainer core types and API

Introduce core testcontainer modules: container.gleam, error.gleam, and exec.gleam. container.gleam provides Volume, ContainerSpec builder/modifiers and accessors, a runtime Container handle with port mapping, host/gateway helpers, and internal helpers (volume_kind, build, with_keep).
---
 src/testcontainer/container.gleam | 331 ++++++++++++++++++++++++++++++
 src/testcontainer/error.gleam     |  58 ++++++
 src/testcontainer/exec.gleam      |  24 +++
 3 files changed, 413 insertions(+)
 create mode 100644 src/testcontainer/container.gleam
 create mode 100644 src/testcontainer/error.gleam
 create mode 100644 src/testcontainer/exec.gleam

diff --git a/src/testcontainer/container.gleam b/src/testcontainer/container.gleam
new file mode 100644
index 0000000..080c22e
--- /dev/null
+++ b/src/testcontainer/container.gleam
@@ -0,0 +1,331 @@
+import cowl
+
+import gleam/dict
+import gleam/int
+import gleam/list
+import gleam/option.{type Option, None, Some}
+
+import testcontainer/error
+import testcontainer/port
+import testcontainer/wait
+
+/// A volume mount applied to a container. Build with `bind_mount/2`,
+/// `readonly_bind_mount/2`, or `tmpfs/1`.
+pub opaque type Volume {
+  BindMount(host_path: String, container_path: String, read_only: Bool)
+  TmpfsMount(container_path: String)
+}
+
+/// Creates a read-write bind mount from `host_path` to `container_path`.
+pub fn bind_mount(host_path: String, container_path: String) -> Volume {
+  BindMount(host_path, container_path, False)
+}
+
+/// Creates a read-only bind mount.
+pub fn readonly_bind_mount(
+  host_path: String,
+  container_path: String,
+) -> Volume {
+  BindMount(host_path, container_path, True)
+}
+
+/// Creates an in-memory tmpfs mount at `container_path`.
+pub fn tmpfs(container_path: String) -> Volume {
+  TmpfsMount(container_path)
+}
+
+/// Internal - used by `internal/docker.gleam` to project a Volume into the
+/// shape expected by the Docker Engine API. Returns:
+/// - `Ok(Ok(#(host, container, read_only)))` for a bind mount,
+/// - `Ok(Error(container))` for a tmpfs mount.
+@internal
+pub fn volume_kind(v: Volume) -> Result(#(String, String, Bool), String) {
+  case v {
+    BindMount(h, c, ro) -> Ok(#(h, c, ro))
+    TmpfsMount(c) -> Error(c)
+  }
+}
+
+/// Immutable description of a container to be started.
+/// Build it via `new/1` and the `with_*` modifiers, then pass to
+/// `testcontainer.start/1` or `testcontainer.with_container/2`.
+pub opaque type ContainerSpec {
+  ContainerSpec(
+    image: String,
+    env: List(#(String, cowl.Secret(String))),
+    ports: List(port.Port),
+    wait_strategy: wait.WaitStrategy,
+    command: Option(List(String)),
+    entrypoint: Option(List(String)),
+    volumes: List(Volume),
+    network: Option(String),
+    name: Option(String),
+    labels: List(#(String, String)),
+    privileged: Bool,
+  )
+}
+
+/// Creates a new spec for the given image (e.g. `"redis:7-alpine"`).
+/// The default wait strategy is `wait.none/0` (no wait) - most images need
+/// a real `wait_for/2` (e.g. `wait.log("ready")`) to be reliable.
+pub fn new(image: String) -> ContainerSpec {
+  ContainerSpec(
+    image: image,
+    env: [],
+    ports: [],
+    wait_strategy: wait.none(),
+    command: None,
+    entrypoint: None,
+    volumes: [],
+    network: None,
+    name: None,
+    labels: [],
+    privileged: False,
+  )
+}
+
+/// Adds an environment variable. The value is wrapped in a `cowl.Secret`
+/// internally; use `with_secret_env/3` if you already have a Secret.
+pub fn with_env(
+  spec: ContainerSpec,
+  key: String,
+  value: String,
+) -> ContainerSpec {
+  ContainerSpec(
+    ..spec,
+    env: list.append(spec.env, [#(key, cowl.secret(value))]),
+  )
+}
+
+/// Adds multiple environment variables at once.
+pub fn with_envs(
+  spec: ContainerSpec,
+  pairs: List(#(String, String)),
+) -> ContainerSpec {
+  let wrapped = list.map(pairs, fn(p) { #(p.0, cowl.secret(p.1)) })
+  ContainerSpec(..spec, env: list.append(spec.env, wrapped))
+}
+
+/// Adds an environment variable whose value is already a `cowl.Secret`.
+pub fn with_secret_env(
+  spec: ContainerSpec,
+  key: String,
+  value: cowl.Secret(String),
+) -> ContainerSpec {
+  ContainerSpec(..spec, env: list.append(spec.env, [#(key, value)]))
+}
+
+/// Exposes a single container port to the host (host port assigned dynamically).
+pub fn expose_port(spec: ContainerSpec, p: port.Port) -> ContainerSpec {
+  ContainerSpec(..spec, ports: list.append(spec.ports, [p]))
+}
+
+/// Exposes multiple container ports to the host.
+pub fn expose_ports(spec: ContainerSpec, ps: List(port.Port)) -> ContainerSpec {
+  ContainerSpec(..spec, ports: list.append(spec.ports, ps))
+}
+
+/// Sets the readiness wait strategy. The default is "no wait".
+pub fn wait_for(
+  spec: ContainerSpec,
+  strategy: wait.WaitStrategy,
+) -> ContainerSpec {
+  ContainerSpec(..spec, wait_strategy: strategy)
+}
+
+/// Overrides the container's CMD.
+pub fn with_command(spec: ContainerSpec, cmd: List(String)) -> ContainerSpec {
+  ContainerSpec(..spec, command: Some(cmd))
+}
+
+/// Overrides the container's ENTRYPOINT.
+pub fn with_entrypoint(spec: ContainerSpec, ep: List(String)) -> ContainerSpec {
+  ContainerSpec(..spec, entrypoint: Some(ep))
+}
+
+/// Adds a read-write bind mount (host path → container path).
+pub fn with_bind_mount(
+  spec: ContainerSpec,
+  host: String,
+  container_path: String,
+) -> ContainerSpec {
+  with_volume(spec, bind_mount(host, container_path))
+}
+
+/// Adds a read-only bind mount.
+pub fn with_readonly_bind(
+  spec: ContainerSpec,
+  host: String,
+  container_path: String,
+) -> ContainerSpec {
+  with_volume(spec, readonly_bind_mount(host, container_path))
+}
+
+/// Mounts an in-memory tmpfs at the given path inside the container.
+pub fn with_tmpfs(spec: ContainerSpec, path: String) -> ContainerSpec {
+  with_volume(spec, tmpfs(path))
+}
+
+/// Adds an arbitrary `Volume` (built with `bind_mount/2`, `tmpfs/1`, …).
+pub fn with_volume(spec: ContainerSpec, v: Volume) -> ContainerSpec {
+  ContainerSpec(..spec, volumes: list.append(spec.volumes, [v]))
+}
+
+/// Attaches the container to the named Docker network.
+pub fn on_network(spec: ContainerSpec, network: String) -> ContainerSpec {
+  ContainerSpec(..spec, network: Some(network))
+}
+
+/// Assigns a fixed name to the container (otherwise Docker auto-generates one).
+pub fn with_name(spec: ContainerSpec, n: String) -> ContainerSpec {
+  ContainerSpec(..spec, name: Some(n))
+}
+
+/// Adds a label to the container.
+pub fn with_label(
+  spec: ContainerSpec,
+  key: String,
+  value: String,
+) -> ContainerSpec {
+  ContainerSpec(..spec, labels: list.append(spec.labels, [#(key, value)]))
+}
+
+/// Marks the container as privileged.
+pub fn with_privileged(spec: ContainerSpec) -> ContainerSpec {
+  ContainerSpec(..spec, privileged: True)
+}
+
+// --- ContainerSpec accessors ---
+
+pub fn image(spec: ContainerSpec) -> String {
+  spec.image
+}
+
+pub fn env(spec: ContainerSpec) -> List(#(String, cowl.Secret(String))) {
+  spec.env
+}
+
+pub fn ports(spec: ContainerSpec) -> List(port.Port) {
+  spec.ports
+}
+
+pub fn wait_strategy(spec: ContainerSpec) -> wait.WaitStrategy {
+  spec.wait_strategy
+}
+
+pub fn command(spec: ContainerSpec) -> Option(List(String)) {
+  spec.command
+}
+
+pub fn entrypoint(spec: ContainerSpec) -> Option(List(String)) {
+  spec.entrypoint
+}
+
+pub fn volumes(spec: ContainerSpec) -> List(Volume) {
+  spec.volumes
+}
+
+pub fn network(spec: ContainerSpec) -> Option(String) {
+  spec.network
+}
+
+pub fn name(spec: ContainerSpec) -> Option(String) {
+  spec.name
+}
+
+pub fn labels(spec: ContainerSpec) -> List(#(String, String)) {
+  spec.labels
+}
+
+pub fn is_privileged(spec: ContainerSpec) -> Bool {
+  spec.privileged
+}
+
+// --- Container (running) ---
+
+/// A handle to a running Docker container.
+/// Returned by `testcontainer.start/1`. Carries the container id,
+/// gateway host, port mapping and keep-alive flag.
+///
+/// `port_mapping` is keyed by `(container_port, protocol)` - `protocol` is
+/// always `"tcp"` or `"udp"` - so TCP and UDP ports with the same number
+/// don't collide.
+pub opaque type Container {
+  Container(
+    id: String,
+    gateway_host: String,
+    port_mapping: dict.Dict(#(Int, String), Int),
+    keep: Bool,
+    stop_timeout_sec: Int,
+  )
+}
+
+/// Internal constructor - used by `testcontainer.start/1`. The
+/// `stop_timeout_sec` is captured at start time so `stop/1` and the
+/// crash-cleanup guard do not re-read the env on every call.
+@internal
+pub fn build(
+  id: String,
+  gateway_host: String,
+  port_mapping: dict.Dict(#(Int, String), Int),
+  keep: Bool,
+  stop_timeout_sec: Int,
+) -> Container {
+  Container(id, gateway_host, port_mapping, keep, stop_timeout_sec)
+}
+
+/// Internal mutator - used by `testcontainer.start_and_keep/1` to force
+/// the keep flag regardless of `TESTCONTAINERS_KEEP`.
+@internal
+pub fn with_keep(c: Container, keep: Bool) -> Container {
+  Container(..c, keep: keep)
+}
+
+/// Internal accessor - used by `testcontainer.stop/1` and the crash-cleanup
+/// guard to know how long to wait for graceful shutdown before SIGKILL.
+@internal
+pub fn stop_timeout_sec(c: Container) -> Int {
+  c.stop_timeout_sec
+}
+
+/// Returns the Docker container id.
+pub fn id(c: Container) -> String {
+  c.id
+}
+
+/// Returns the host that the test runner should use to reach the
+/// container's mapped ports (typically the bridge gateway IP, or
+/// the value of `TESTCONTAINERS_HOST_OVERRIDE`).
+pub fn host(c: Container) -> String {
+  c.gateway_host
+}
+
+/// Whether this container should be kept alive after the test
+/// (`TESTCONTAINERS_KEEP=true` or `start_and_keep/1`).
+pub fn keep(c: Container) -> Bool {
+  c.keep
+}
+
+/// Returns the host port that maps to the given container port,
+/// or `PortNotMapped` if the port is not exposed.
+pub fn host_port(c: Container, p: port.Port) -> Result(Int, error.Error) {
+  let n = port.number(p)
+  let proto = port.protocol(p)
+  case dict.get(c.port_mapping, #(n, proto)) {
+    Ok(hp) -> Ok(hp)
+    Error(Nil) -> Error(error.PortNotMapped(n))
+  }
+}
+
+/// Builds a URL for the given container port using the configured scheme,
+/// host, and mapped host port (e.g. `"http://127.0.0.1:32768"`).
+pub fn mapped_url(
+  c: Container,
+  p: port.Port,
+  scheme: String,
+) -> Result(String, error.Error) {
+  case host_port(c, p) {
+    Ok(hp) -> Ok(scheme <> "://" <> host(c) <> ":" <> int.to_string(hp))
+    Error(e) -> Error(e)
+  }
+}
diff --git a/src/testcontainer/error.gleam b/src/testcontainer/error.gleam
new file mode 100644
index 0000000..a1f9951
--- /dev/null
+++ b/src/testcontainer/error.gleam
@@ -0,0 +1,58 @@
+/// Every error returned by the public API is one of these variants.
+/// Each carries enough context to diagnose the problem without scraping logs.
+pub type Error {
+  /// The Docker daemon could not be reached on the configured socket.
+  DockerUnavailable(socket_path: String, reason: String)
+
+  /// The image could not be pulled (network error, auth required, not found).
+  ImagePullFailed(image: String, reason: String)
+
+  /// `POST /containers/create` returned an error or the response could not
+  /// be parsed.
+  ContainerCreateFailed(image: String, reason: String)
+
+  /// `POST /containers/{id}/start` returned an error.
+  ContainerStartFailed(container_id: String, reason: String)
+
+  /// `POST /containers/{id}/stop` returned an error.
+  ContainerStopFailed(container_id: String, reason: String)
+
+  /// A wait strategy did not succeed within its configured timeout.
+  /// `elapsed_ms` is the actual elapsed wall-clock time.
+  WaitTimedOut(strategy_description: String, elapsed_ms: Int)
+
+  /// A wait strategy reported a transient failure (the poll loop will retry
+  /// until the deadline; this variant is also returned when the deadline is
+  /// reached without success for non-timeout reasons).
+  WaitFailed(strategy_description: String, reason: String)
+
+  /// An exec call failed at the Docker API level (not to be confused with
+  /// a non-zero exit code, which is returned via `exec.ExecResult`).
+  ExecFailed(
+    container_id: String,
+    cmd: List(String),
+    exit_code: Int,
+    stderr: String,
+  )
+
+  /// The requested container port is not in the spec's port mapping.
+  PortNotMapped(container_port: Int)
+
+  /// `copy_file_to/3` failed (read error, tar error, HTTP error).
+  FileCopyFailed(path: String, reason: String)
+
+  /// Docker inspect JSON was received but `NetworkSettings.Ports` could not be
+  /// decoded into a usable host-port mapping.
+  PortMappingParseFailed(container_id: String, reason: String)
+
+  /// A Docker Engine API call returned an unexpected non-2xx status that
+  /// did not map to a more specific variant above.
+  DockerApiError(method: String, path: String, status: Int, body: String)
+
+  /// The given image reference is malformed (currently used for CR/LF
+  /// validation; reserved for future stricter parsing).
+  InvalidImageRef(raw: String)
+
+  /// A port number outside the valid TCP/UDP range (1..=65535).
+  InvalidPort(number: Int)
+}
diff --git a/src/testcontainer/exec.gleam b/src/testcontainer/exec.gleam
new file mode 100644
index 0000000..04a842f
--- /dev/null
+++ b/src/testcontainer/exec.gleam
@@ -0,0 +1,24 @@
+/// The result of running a command inside a container via
+/// `testcontainer.exec/2`.
+///
+/// `stdout` and `stderr` are returned separately when the command runs
+/// without a TTY (the default). For TTY exec calls the combined output
+/// arrives in `stdout`.
+pub type ExecResult {
+  ExecResult(exit_code: Int, stdout: String, stderr: String)
+}
+
+/// True iff the command exited with status 0.
+pub fn succeeded(result: ExecResult) -> Bool {
+  case result {
+    ExecResult(code, _, _) -> code == 0
+  }
+}
+
+/// Returns `stdout <> stderr`, useful when the caller only cares about
+/// the combined human-readable output.
+pub fn output(result: ExecResult) -> String {
+  case result {
+    ExecResult(_, stdout, stderr) -> stdout <> stderr
+  }
+}

From e01828a3839ccd757e962c3c7e69063758e2558a Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:31:44 +0200
Subject: [PATCH 03/14] Add Formula type for container formulas

Introduce src/testcontainer/formula.gleam defining an opaque Formula(output) that pairs a ContainerSpec with a typed extraction function.
---
 src/testcontainer/formula.gleam | 48 +++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 src/testcontainer/formula.gleam

diff --git a/src/testcontainer/formula.gleam b/src/testcontainer/formula.gleam
new file mode 100644
index 0000000..284f87e
--- /dev/null
+++ b/src/testcontainer/formula.gleam
@@ -0,0 +1,48 @@
+import testcontainer/container
+import testcontainer/error
+
+/// A Formula combines a ContainerSpec with a typed extraction function.
+///
+/// When `testcontainer.with_formula/2` starts the container it calls
+/// `extract` on the running Container to produce a service-specific output
+/// type (e.g. `PostgresContainer`, `RedisContainer`).
+///
+/// Formulas are defined in the companion package `testcontainer_formulas`,
+/// not in this core package. The core only defines the type and the lifecycle
+/// entry point.
+///
+///   use pg <- testcontainer.with_formula(postgres.formula(config))
+///   // pg has type PostgresContainer with .connection_url, .host, .port, …
+///
+pub opaque type Formula(output) {
+  Formula(
+    spec: container.ContainerSpec,
+    extract: fn(container.Container) -> Result(output, error.Error),
+  )
+}
+
+/// Create a Formula from a ContainerSpec and an extraction function.
+/// Called by formula modules (e.g. `testcontainer_formulas/postgres`).
+pub fn new(
+  spec: container.ContainerSpec,
+  extract: fn(container.Container) -> Result(output, error.Error),
+) -> Formula(output) {
+  Formula(spec: spec, extract: extract)
+}
+
+// Internal accessors - used only by `testcontainer.gleam`. Marked
+// `@internal` so they are not part of the published API surface, but are
+// still accessible to the core package.
+
+@internal
+pub fn spec(f: Formula(output)) -> container.ContainerSpec {
+  f.spec
+}
+
+@internal
+pub fn extract(
+  f: Formula(output),
+  c: container.Container,
+) -> Result(output, error.Error) {
+  f.extract(c)
+}

From 137f90ee2574cddea745567b7da9c0764073b456 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:32:41 +0200
Subject: [PATCH 04/14] Add Docker Engine API transport and helpers

Introduce internal Docker integration: an Erlang docker_transport module for raw HTTP over unix/tcp sockets (connect, request/response parsing, chunked dechunking, file copy via tar, log frame handling), and Gleam wrappers/utilities: docker.gleam (Docker Engine API client: ping, image pull, container create/start/stop/remove/inspect/logs/exec, network and file copy helpers), config.gleam (env-based config, pull policy, registry auth), image_ref.gleam (image:tag parsing), and wait_runner.gleam (wait strategies: port, http, logs, health, command, compose combinators). Adds registry auth encoding, port mapping parsing, and robust error handling for Docker API interactions.
---
 src/testcontainer/internal/config.gleam       |  80 +++
 src/testcontainer/internal/docker.gleam       | 652 ++++++++++++++++++
 .../internal/docker_transport.erl             | 403 +++++++++++
 src/testcontainer/internal/image_ref.gleam    |  46 ++
 src/testcontainer/internal/wait_runner.gleam  | 350 ++++++++++
 5 files changed, 1531 insertions(+)
 create mode 100644 src/testcontainer/internal/config.gleam
 create mode 100644 src/testcontainer/internal/docker.gleam
 create mode 100644 src/testcontainer/internal/docker_transport.erl
 create mode 100644 src/testcontainer/internal/image_ref.gleam
 create mode 100644 src/testcontainer/internal/wait_runner.gleam

diff --git a/src/testcontainer/internal/config.gleam b/src/testcontainer/internal/config.gleam
new file mode 100644
index 0000000..cbe519d
--- /dev/null
+++ b/src/testcontainer/internal/config.gleam
@@ -0,0 +1,80 @@
+import cowl
+import envie
+import gleam/option.{type Option, None, Some}
+import gleam/string
+
+pub type PullPolicy {
+  Always
+  IfMissing
+  Never
+}
+
+/// Credentials for pulling images from a private registry.
+/// Loaded from `TESTCONTAINERS_REGISTRY_USER` and
+/// `TESTCONTAINERS_REGISTRY_PASSWORD`.
+pub type RegistryAuth {
+  RegistryAuth(username: String, password: cowl.Secret(String))
+}
+
+pub type Config {
+  Config(
+    docker_host: String,
+    keep_containers: Bool,
+    pull_policy: PullPolicy,
+    /// When set, overrides the gateway host used to reach container ports.
+    /// Useful on macOS (Docker Desktop) or WSL2 where the bridge IP is not
+    /// directly reachable from the host. Set via TESTCONTAINERS_HOST_OVERRIDE.
+    host_override: Option(String),
+    /// When set, the X-Registry-Auth header is attached to every
+    /// `POST /images/create`.
+    registry_auth: Option(RegistryAuth),
+    /// Seconds the Docker Engine waits for graceful shutdown before sending
+    /// SIGKILL during stop. Set via TESTCONTAINERS_STOP_TIMEOUT.
+    stop_timeout_sec: Int,
+  )
+}
+
+@internal
+pub fn parse_pull_policy(value: String) -> PullPolicy {
+  case string.lowercase(value) {
+    "always" -> Always
+    "never" -> Never
+    _ -> IfMissing
+  }
+}
+
+/// Loads configuration from environment variables. Always succeeds -
+/// every setting has a sensible default.
+pub fn load() -> Config {
+  let docker_host =
+    envie.get_string("DOCKER_HOST", "unix:///var/run/docker.sock")
+  let keep = envie.get_bool("TESTCONTAINERS_KEEP", False)
+  let pull_policy =
+    parse_pull_policy(envie.get_string("TESTCONTAINERS_PULL_POLICY", "missing"))
+  let host_override = case
+    envie.get_string("TESTCONTAINERS_HOST_OVERRIDE", "")
+  {
+    "" -> None
+    h -> Some(h)
+  }
+
+  let registry_auth = case
+    envie.get_string("TESTCONTAINERS_REGISTRY_USER", ""),
+    envie.get_string("TESTCONTAINERS_REGISTRY_PASSWORD", "")
+  {
+    "", _ -> None
+    _, "" -> None
+    user, pass -> Some(RegistryAuth(user, cowl.secret(pass)))
+  }
+
+  let stop_timeout_sec = envie.get_int("TESTCONTAINERS_STOP_TIMEOUT", 10)
+
+  Config(
+    docker_host: docker_host,
+    keep_containers: keep,
+    pull_policy: pull_policy,
+    host_override: host_override,
+    registry_auth: registry_auth,
+    stop_timeout_sec: stop_timeout_sec,
+  )
+}
diff --git a/src/testcontainer/internal/docker.gleam b/src/testcontainer/internal/docker.gleam
new file mode 100644
index 0000000..63360f0
--- /dev/null
+++ b/src/testcontainer/internal/docker.gleam
@@ -0,0 +1,652 @@
+import cowl
+import gleam/dynamic/decode
+import gleam/int
+import gleam/json
+import gleam/list
+import gleam/option.{None, Some}
+import gleam/result
+import gleam/string
+
+import gleam/bit_array
+import testcontainer/container
+import testcontainer/error
+import testcontainer/exec
+import testcontainer/internal/config
+import testcontainer/internal/image_ref
+import testcontainer/port
+
+// This module is a thin wrapper around the Docker Engine API using the local
+// Docker Unix socket. It uses a small Erlang helper to talk to the socket via
+// raw gen_tcp.
+
+@external(erlang, "docker_transport", "request")
+fn transport_request(
+  method: String,
+  path: String,
+  headers: List(#(String, String)),
+  body: String,
+) -> Result(#(Int, String), String)
+
+@external(erlang, "docker_transport", "socket_path")
+fn transport_socket_path() -> String
+
+@external(erlang, "docker_transport", "parse_response")
+fn transport_parse_response(data: String) -> Result(#(Int, String), String)
+
+@external(erlang, "docker_transport", "strip_log_frames")
+fn strip_log_frames(data: String) -> String
+
+@external(erlang, "docker_transport", "split_log_streams")
+fn split_log_streams(data: String) -> #(String, String)
+
+@external(erlang, "docker_transport", "copy_file_to_container")
+fn transport_copy_file(
+  container_id: String,
+  host_path: String,
+  container_path: String,
+) -> Result(Nil, String)
+
+@internal
+pub fn parse_response(data: String) -> Result(#(Int, String), String) {
+  transport_parse_response(data)
+}
+
+fn url_encode(input: String) -> String {
+  // Single pass over graphemes; replace reserved characters in one walk
+  // instead of running `string.replace` 11 times over the whole string.
+  input
+  |> string.to_graphemes
+  |> list.map(encode_grapheme)
+  |> string.concat
+}
+
+fn encode_grapheme(g: String) -> String {
+  case g {
+    "%" -> "%25"
+    "\r" -> "%0D"
+    "\n" -> "%0A"
+    " " -> "%20"
+    "/" -> "%2F"
+    ":" -> "%3A"
+    "=" -> "%3D"
+    "?" -> "%3F"
+    "&" -> "%26"
+    "#" -> "%23"
+    "+" -> "%2B"
+    other -> other
+  }
+}
+
+fn contains_crlf(input: String) -> Bool {
+  string.contains(input, "\r") || string.contains(input, "\n")
+}
+
+fn request(
+  method: String,
+  path: String,
+  body: String,
+) -> Result(#(Int, String), error.Error) {
+  request_with_headers(
+    method,
+    path,
+    [#("Content-Type", "application/json")],
+    body,
+  )
+}
+
+fn request_with_headers(
+  method: String,
+  path: String,
+  headers: List(#(String, String)),
+  body: String,
+) -> Result(#(Int, String), error.Error) {
+  case transport_request(method, path, headers, body) {
+    Ok(#(status, response)) -> Ok(#(status, response))
+    Error(reason) ->
+      Error(error.DockerUnavailable(transport_socket_path(), reason))
+  }
+}
+
+fn check_ok(
+  method: String,
+  path: String,
+  status: Int,
+  body: String,
+) -> Result(Nil, error.Error) {
+  case status {
+    200 -> Ok(Nil)
+    201 -> Ok(Nil)
+    204 -> Ok(Nil)
+    _ -> Error(error.DockerApiError(method, path, status, body))
+  }
+}
+
+fn request_ok(
+  method: String,
+  path: String,
+  body: String,
+) -> Result(Nil, error.Error) {
+  case request(method, path, body) {
+    Ok(#(status, response)) -> check_ok(method, path, status, response)
+    Error(e) -> Error(e)
+  }
+}
+
+fn request_json(
+  method: String,
+  path: String,
+  body: json.Json,
+) -> Result(String, error.Error) {
+  let body_string = json.to_string(body)
+  case request(method, path, body_string) {
+    Ok(#(200, response)) -> Ok(response)
+    Ok(#(201, response)) -> Ok(response)
+    Ok(#(status, response)) ->
+      Error(error.DockerApiError(method, path, status, response))
+    Error(e) -> Error(e)
+  }
+}
+
+pub fn ping() -> Result(Nil, error.Error) {
+  request_ok("GET", "/_ping", "")
+}
+
+/// Returns True if the image is already present in the local Docker cache.
+pub fn image_exists(image: String) -> Bool {
+  let encoded = url_encode(image)
+  case request("GET", "/images/" <> encoded <> "/json", "") {
+    Ok(#(200, _)) -> True
+    _ -> False
+  }
+}
+
+pub fn pull_image(
+  image: String,
+  auth: option.Option(config.RegistryAuth),
+) -> Result(Nil, error.Error) {
+  let ref = image_ref.parse(image)
+  let path =
+    "/images/create?fromImage="
+    <> url_encode(ref.name)
+    <> "&tag="
+    <> url_encode(ref.tag)
+  let headers = case auth {
+    Some(a) -> [
+      #("Content-Type", "application/json"),
+      #("X-Registry-Auth", encode_registry_auth(a)),
+    ]
+    None -> [#("Content-Type", "application/json")]
+  }
+  case request_with_headers("POST", path, headers, "") {
+    Ok(#(status, body)) if status == 200 ->
+      // Docker returns 200 even when the pull fails mid-stream. The body is
+      // a sequence of JSON objects, possibly chunked, with progress info or
+      // an `error` / `errorDetail` field at the end.
+      case scan_pull_stream_for_error(body) {
+        Some(reason) -> Error(error.ImagePullFailed(image, reason))
+        None -> Ok(Nil)
+      }
+    Ok(#(status, body)) ->
+      Error(error.ImagePullFailed(
+        image,
+        "HTTP " <> int.to_string(status) <> ": " <> body,
+      ))
+    Error(e) -> Error(e)
+  }
+}
+
+// Encode RegistryAuth as the base64-of-JSON value Docker expects in the
+// X-Registry-Auth header. Docker accepts either standard or URL-safe
+// base64; we use standard base64 (without padding) which is the form
+// shown in the official Docker SDK reference.
+fn encode_registry_auth(a: config.RegistryAuth) -> String {
+  let payload =
+    json.object([
+      #("username", json.string(a.username)),
+      #("password", json.string(cowl.reveal(a.password))),
+    ])
+  bit_array.base64_encode(<<json.to_string(payload):utf8>>, False)
+}
+
+// Single pass: split once on the first `"error":"` marker. If found, take
+// the value up to the next `"`. Avoids two scans of the same stream.
+fn scan_pull_stream_for_error(stream: String) -> option.Option(String) {
+  case string.split_once(stream, "\"error\":\"") {
+    Ok(#(_, rest)) ->
+      case string.split_once(rest, "\"") {
+        Ok(#(msg, _)) -> Some(msg)
+        Error(_) -> Some("image pull failed")
+      }
+    Error(_) -> None
+  }
+}
+
+pub fn create_container(
+  spec: container.ContainerSpec,
+) -> Result(String, error.Error) {
+  use _ <- result.try(validate_spec(spec))
+
+  let cmd = case container.command(spec) {
+    Some(c) -> json.array(c, json.string)
+    None -> json.null()
+  }
+
+  let entrypoint = case container.entrypoint(spec) {
+    Some(e) -> json.array(e, json.string)
+    None -> json.null()
+  }
+
+  let env_list =
+    list.map(container.env(spec), fn(pair) {
+      json.string(pair.0 <> "=" <> cowl.reveal(pair.1))
+    })
+
+  let port_keys =
+    list.map(container.ports(spec), fn(p) {
+      int.to_string(port.number(p)) <> "/" <> port.protocol(p)
+    })
+
+  let exposed_ports =
+    json.object(list.map(port_keys, fn(k) { #(k, json.object([])) }))
+
+  let port_bindings =
+    json.object(
+      list.map(port_keys, fn(k) {
+        #(
+          k,
+          json.array(
+            [
+              json.object([
+                #("HostIp", json.string("")),
+                #("HostPort", json.string("")),
+              ]),
+            ],
+            fn(x) { x },
+          ),
+        )
+      }),
+    )
+
+  let binds =
+    list.filter_map(container.volumes(spec), fn(v) {
+      case container.volume_kind(v) {
+        Ok(#(host, cpath, ro)) -> {
+          let mode = case ro {
+            True -> ":ro"
+            False -> ":rw"
+          }
+          Ok(json.string(host <> ":" <> cpath <> mode))
+        }
+        Error(_) -> Error(Nil)
+      }
+    })
+
+  let tmpfs_entries =
+    list.filter_map(container.volumes(spec), fn(v) {
+      case container.volume_kind(v) {
+        Error(cpath) -> Ok(#(cpath, json.string("")))
+        Ok(_) -> Error(Nil)
+      }
+    })
+
+  let labels_obj =
+    json.object(
+      list.map(container.labels(spec), fn(pair) {
+        #(pair.0, json.string(pair.1))
+      }),
+    )
+
+  let network_mode = case container.network(spec) {
+    Some(n) -> json.string(n)
+    None -> json.string("bridge")
+  }
+
+  let networking_config = case container.network(spec) {
+    Some(n) ->
+      json.object([
+        #("EndpointsConfig", json.object([#(n, json.object([]))])),
+      ])
+    None -> json.object([])
+  }
+
+  let host_config =
+    json.object([
+      #("PortBindings", port_bindings),
+      #("Binds", json.array(binds, fn(x) { x })),
+      #("Tmpfs", json.object(tmpfs_entries)),
+      #("Privileged", json.bool(container.is_privileged(spec))),
+      #("NetworkMode", network_mode),
+    ])
+
+  let body =
+    json.object([
+      #("Image", json.string(container.image(spec))),
+      #("Cmd", cmd),
+      #("Entrypoint", entrypoint),
+      #("Env", json.array(env_list, fn(x) { x })),
+      #("ExposedPorts", exposed_ports),
+      #("Labels", labels_obj),
+      #("HostConfig", host_config),
+      #("NetworkingConfig", networking_config),
+    ])
+
+  let path = case container.name(spec) {
+    Some(n) -> "/containers/create?name=" <> url_encode(n)
+    None -> "/containers/create"
+  }
+
+  case request_json("POST", path, body) {
+    Ok(response) ->
+      case json.parse(response, decode.at(["Id"], decode.string)) {
+        Ok(id) -> Ok(id)
+        Error(_) ->
+          Error(error.ContainerCreateFailed(
+            container.image(spec),
+            "unable to parse create response",
+          ))
+      }
+    Error(error.DockerApiError(_, _, status, body_str)) ->
+      Error(error.ContainerCreateFailed(
+        container.image(spec),
+        "HTTP " <> int.to_string(status) <> ": " <> body_str,
+      ))
+    Error(e) -> Error(e)
+  }
+}
+
+fn validate_spec(spec: container.ContainerSpec) -> Result(Nil, error.Error) {
+  let image = container.image(spec)
+  use _ <- result.try(case contains_crlf(image) {
+    True -> Error(error.InvalidImageRef(image))
+    False -> Ok(Nil)
+  })
+  use _ <- result.try(case container.name(spec) {
+    Some(n) ->
+      case contains_crlf(n) {
+        True ->
+          Error(error.ContainerCreateFailed(
+            image,
+            "container name contains CR/LF",
+          ))
+        False -> Ok(Nil)
+      }
+    None -> Ok(Nil)
+  })
+  use _ <- result.try(validate_ports(spec))
+  validate_volumes(spec)
+}
+
+fn validate_ports(spec: container.ContainerSpec) -> Result(Nil, error.Error) {
+  let bad =
+    list.find(container.ports(spec), fn(p) {
+      let n = port.number(p)
+      n < 1 || n > 65_535
+    })
+  case bad {
+    Ok(p) -> Error(error.InvalidPort(port.number(p)))
+    Error(Nil) -> Ok(Nil)
+  }
+}
+
+fn validate_volumes(spec: container.ContainerSpec) -> Result(Nil, error.Error) {
+  let bad =
+    list.find(container.volumes(spec), fn(v) {
+      case container.volume_kind(v) {
+        Ok(#(host, cpath, _)) ->
+          contains_crlf(host)
+          || contains_crlf(cpath)
+          || string.contains(host, ":")
+        Error(p) -> contains_crlf(p)
+      }
+    })
+  case bad {
+    Ok(_) ->
+      Error(error.ContainerCreateFailed(
+        container.image(spec),
+        "volume path invalid (CR/LF or ':' in host path)",
+      ))
+    Error(Nil) -> Ok(Nil)
+  }
+}
+
+pub fn start_container(id: String) -> Result(Nil, error.Error) {
+  case request("POST", "/containers/" <> id <> "/start", "") {
+    Ok(#(status, _)) if status == 204 || status == 304 -> Ok(Nil)
+    Ok(#(status, body)) ->
+      Error(error.ContainerStartFailed(
+        id,
+        "HTTP " <> int.to_string(status) <> ": " <> body,
+      ))
+    Error(error.DockerUnavailable(_, reason)) ->
+      Error(error.ContainerStartFailed(id, reason))
+    Error(e) -> Error(e)
+  }
+}
+
+pub fn stop_container(
+  id: String,
+  timeout_sec: Int,
+) -> Result(Nil, error.Error) {
+  let path = "/containers/" <> id <> "/stop?t=" <> int.to_string(timeout_sec)
+  case request("POST", path, "") {
+    // 204 = stopped, 304 = already stopped - both are fine
+    Ok(#(status, _)) if status == 204 || status == 304 -> Ok(Nil)
+    Ok(#(status, body)) ->
+      Error(error.ContainerStopFailed(
+        id,
+        "HTTP " <> int.to_string(status) <> ": " <> body,
+      ))
+    Error(error.DockerUnavailable(_, reason)) ->
+      Error(error.ContainerStopFailed(id, reason))
+    Error(e) -> Error(e)
+  }
+}
+
+pub fn remove_container(id: String) -> Result(Nil, error.Error) {
+  request_ok("DELETE", "/containers/" <> id <> "?force=true", "")
+}
+
+pub fn inspect_container(id: String) -> Result(String, error.Error) {
+  case request("GET", "/containers/" <> id <> "/json", "") {
+    Ok(#(200, response)) -> Ok(response)
+    Ok(#(status, response)) ->
+      Error(error.DockerApiError(
+        "GET",
+        "/containers/" <> id <> "/json",
+        status,
+        response,
+      ))
+    Error(e) -> Error(e)
+  }
+}
+
+pub fn container_logs(
+  id: String,
+  tail: option.Option(Int),
+) -> Result(String, error.Error) {
+  let tail_q = case tail {
+    Some(n) -> "&tail=" <> int.to_string(n)
+    None -> "&tail=all"
+  }
+  case
+    request(
+      "GET",
+      "/containers/" <> id <> "/logs?stdout=1&stderr=1" <> tail_q,
+      "",
+    )
+  {
+    Ok(#(200, response)) -> Ok(strip_log_frames(response))
+    Ok(#(status, response)) ->
+      Error(error.DockerApiError(
+        "GET",
+        "/containers/" <> id <> "/logs",
+        status,
+        response,
+      ))
+    Error(e) -> Error(e)
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Exec
+// ---------------------------------------------------------------------------
+
+pub fn exec_container(
+  id: String,
+  cmd: List(String),
+) -> Result(exec.ExecResult, error.Error) {
+  let create_body =
+    json.object([
+      #("Cmd", json.array(cmd, json.string)),
+      #("AttachStdout", json.bool(True)),
+      #("AttachStderr", json.bool(True)),
+    ])
+
+  // Step 1: create exec instance
+  use exec_resp <- result.try(
+    request_json("POST", "/containers/" <> id <> "/exec", create_body)
+    |> result.map_error(fn(e) {
+      case e {
+        error.DockerApiError(_, _, status, body) ->
+          error.ExecFailed(
+            id,
+            cmd,
+            -1,
+            "create exec HTTP " <> int.to_string(status) <> ": " <> body,
+          )
+        _ -> e
+      }
+    }),
+  )
+  use exec_id <- result.try(
+    case json.parse(exec_resp, decode.at(["Id"], decode.string)) {
+      Ok(eid) -> Ok(eid)
+      Error(_) ->
+        Error(error.ExecFailed(
+          id,
+          cmd,
+          -1,
+          "unable to parse exec create response",
+        ))
+    },
+  )
+
+  // Step 2: start exec (blocking - returns multiplexed stdout+stderr stream)
+  let start_body =
+    json.object([#("Detach", json.bool(False)), #("Tty", json.bool(False))])
+  use raw <- result.try(
+    case
+      request(
+        "POST",
+        "/exec/" <> exec_id <> "/start",
+        json.to_string(start_body),
+      )
+    {
+      Ok(#(200, body)) -> Ok(body)
+      Ok(#(status, body)) ->
+        Error(error.ExecFailed(
+          id,
+          cmd,
+          -1,
+          "start exec HTTP " <> int.to_string(status) <> ": " <> body,
+        ))
+      Error(e) -> Error(e)
+    },
+  )
+
+  let #(stdout, stderr) = split_log_streams(raw)
+
+  // Step 3: inspect exec to get exit code (real error if decode fails)
+  use exit_code <- result.try(
+    case request("GET", "/exec/" <> exec_id <> "/json", "") {
+      Ok(#(200, body)) ->
+        case json.parse(body, decode.at(["ExitCode"], decode.int)) {
+          Ok(code) -> Ok(code)
+          Error(_) ->
+            Error(error.ExecFailed(
+              id,
+              cmd,
+              -1,
+              "unable to parse exec inspect response",
+            ))
+        }
+      Ok(#(status, body)) ->
+        Error(error.ExecFailed(
+          id,
+          cmd,
+          -1,
+          "inspect exec HTTP " <> int.to_string(status) <> ": " <> body,
+        ))
+      Error(e) -> Error(e)
+    },
+  )
+
+  Ok(exec.ExecResult(exit_code, stdout, stderr))
+}
+
+// ---------------------------------------------------------------------------
+// Network
+// ---------------------------------------------------------------------------
+
+pub fn create_network(name: String) -> Result(String, error.Error) {
+  case contains_crlf(name) {
+    True ->
+      Error(error.DockerApiError(
+        "POST",
+        "/networks/create",
+        0,
+        "network name contains CR/LF",
+      ))
+    False -> {
+      let body =
+        json.object([
+          #("Name", json.string(name)),
+          #("Driver", json.string("bridge")),
+        ])
+      case request_json("POST", "/networks/create", body) {
+        Ok(response) ->
+          case json.parse(response, decode.at(["Id"], decode.string)) {
+            Ok(nid) -> Ok(nid)
+            Error(_) ->
+              Error(error.DockerApiError(
+                "POST",
+                "/networks/create",
+                0,
+                "parse error",
+              ))
+          }
+        Error(e) -> Error(e)
+      }
+    }
+  }
+}
+
+pub fn remove_network(id: String) -> Result(Nil, error.Error) {
+  request_ok("DELETE", "/networks/" <> id, "")
+}
+
+// ---------------------------------------------------------------------------
+// File copy
+// ---------------------------------------------------------------------------
+
+/// Copies a file from the host into a running container.
+/// Uses erl_tar to create a tar archive in a temp file, then PUTs it to
+/// the Docker Engine API at PUT /containers/{id}/archive.
+pub fn copy_file_to(
+  container_id: String,
+  host_path: String,
+  container_path: String,
+) -> Result(Nil, error.Error) {
+  case
+    contains_crlf(container_id)
+    || contains_crlf(host_path)
+    || contains_crlf(container_path)
+  {
+    True -> Error(error.FileCopyFailed(container_path, "path contains CR/LF"))
+    False ->
+      case transport_copy_file(container_id, host_path, container_path) {
+        Ok(Nil) -> Ok(Nil)
+        Error(reason) -> Error(error.FileCopyFailed(container_path, reason))
+      }
+  }
+}
diff --git a/src/testcontainer/internal/docker_transport.erl b/src/testcontainer/internal/docker_transport.erl
new file mode 100644
index 0000000..dd37762
--- /dev/null
+++ b/src/testcontainer/internal/docker_transport.erl
@@ -0,0 +1,403 @@
+-module(docker_transport).
+-export([request/4, parse_response/1,
+         tcp_can_connect/2, http_get_status/3,
+         now_ms/0, sleep_ms/1,
+         strip_log_frames/1, split_log_streams/1,
+         copy_file_to_container/3,
+         socket_path/0, docker_endpoint/0]).
+
+%% Raw HTTP/1.1 over the Docker daemon socket.
+%%
+%% Two transports are supported, selected via the DOCKER_HOST env var:
+%%
+%%   - unix://<path>  → Unix domain socket via gen_tcp:{local, Path}
+%%   - tcp://host:port → plain TCP connect to host:port
+%%
+%% Default: unix:///var/run/docker.sock (when DOCKER_HOST is unset).
+%% No TLS support - TCP transports must be plain HTTP. For HTTPS Docker
+%% endpoints the user is expected to terminate TLS upstream.
+
+-define(DEFAULT_SOCKET, "/var/run/docker.sock").
+-define(RECV_TIMEOUT, 30000).
+-define(CONNECT_TIMEOUT, 5000).
+
+%% Legacy alias kept for callers that only need the unix path.
+socket_path() ->
+  case docker_endpoint() of
+    {unix, Path} -> Path;
+    _            -> ?DEFAULT_SOCKET
+  end.
+
+%% Resolve the Docker endpoint from DOCKER_HOST.
+%% Returns: {unix, Path :: string()} | {tcp, Host :: string(), Port :: integer()}.
+docker_endpoint() ->
+  case os:getenv("DOCKER_HOST") of
+    false -> {unix, ?DEFAULT_SOCKET};
+    "" -> {unix, ?DEFAULT_SOCKET};
+    "unix://" ++ Rest -> {unix, Rest};
+    "tcp://" ++ Rest -> parse_tcp(Rest);
+    "/" ++ _ = Raw -> {unix, Raw};
+    _Other -> {unix, ?DEFAULT_SOCKET}
+  end.
+
+parse_tcp(HostPort) ->
+  case string:split(HostPort, ":") of
+    [H, P] ->
+      case string:to_integer(P) of
+        {Int, ""} when is_integer(Int) -> {tcp, H, Int};
+        _ -> {unix, ?DEFAULT_SOCKET}
+      end;
+    [H] -> {tcp, H, 2375};
+    _ -> {unix, ?DEFAULT_SOCKET}
+  end.
+
+connect_endpoint() ->
+  case docker_endpoint() of
+    {unix, Path} ->
+      gen_tcp:connect({local, Path}, 0,
+                      [binary, {active, false}, {packet, raw}],
+                      ?CONNECT_TIMEOUT);
+    {tcp, Host, Port} ->
+      gen_tcp:connect(Host, Port,
+                      [binary, {active, false}, {packet, raw}],
+                      ?CONNECT_TIMEOUT)
+  end.
+
+endpoint_label() ->
+  case docker_endpoint() of
+    {unix, Path}      -> Path;
+    {tcp, Host, Port} -> Host ++ ":" ++ integer_to_list(Port)
+  end.
+
+request(Method, Path, Headers, Body) ->
+  case connect_endpoint() of
+    {ok, Socket} ->
+      Result = try
+        do_http_request(Socket, Method, Path, Headers, Body)
+      after
+        gen_tcp:close(Socket)
+      end,
+      Result;
+    {error, Reason} ->
+      {error, list_to_binary(
+        io_lib:format("connect ~s: ~p", [endpoint_label(), Reason]))}
+  end.
+
+do_http_request(Socket, Method, Path, Headers, Body) ->
+  BodyBin = to_binary(Body),
+  MethodBin = method_bin(Method),
+  ContentLength = byte_size(BodyBin),
+  HeaderLines = format_headers(Headers),
+  Request = iolist_to_binary([
+    MethodBin, " ", Path, " HTTP/1.1\r\n",
+    "Host: localhost\r\n",
+    "Content-Length: ", integer_to_binary(ContentLength), "\r\n",
+    HeaderLines,
+    "Connection: close\r\n",
+    "\r\n",
+    BodyBin
+  ]),
+  case gen_tcp:send(Socket, Request) of
+    ok ->
+      case recv_all(Socket, []) of
+        {ok, RawResp} -> parse_response(RawResp);
+        {error, Err}  -> {error, list_to_binary(io_lib:format("recv: ~p", [Err]))}
+      end;
+    {error, Err} ->
+      {error, list_to_binary(io_lib:format("send: ~p", [Err]))}
+  end.
+
+%% Accumulate as iolist, concat once at end (avoid O(n^2) binary grow).
+recv_all(Socket, Acc) ->
+  case gen_tcp:recv(Socket, 0, ?RECV_TIMEOUT) of
+    {ok, Data}      -> recv_all(Socket, [Acc, Data]);
+    {error, closed} -> {ok, iolist_to_binary(Acc)};
+    {error, Reason} -> {error, Reason}
+  end.
+
+parse_response(Data) when is_list(Data) ->
+  parse_response(iolist_to_binary(Data));
+parse_response(Data) ->
+  case binary:split(Data, <<"\r\n\r\n">>) of
+    [Head, RawBody] ->
+      case binary:split(Head, <<"\r\n">>) of
+        [StatusLine | _] ->
+          case binary:split(StatusLine, <<" ">>, [global]) of
+            [_, CodeBin | _] ->
+              Code = binary_to_integer(CodeBin),
+              Body = dechunk(RawBody),
+              {ok, {Code, Body}};
+            _ ->
+              {error, <<"bad status line">>}
+          end;
+        _ ->
+          {error, <<"bad response head">>}
+      end;
+    _ ->
+      {error, <<"incomplete HTTP response">>}
+  end.
+
+%% Decode HTTP chunked transfer encoding.
+%% If the body does not start with a hex chunk-size line, returns it unchanged.
+dechunk(Body) ->
+  case re:run(Body, <<"^[0-9a-fA-F]+\r\n">>) of
+    {match, _} -> dechunk_body(Body, []);
+    nomatch    -> Body
+  end.
+
+dechunk_body(<<"0\r\n", _/binary>>, Acc) -> iolist_to_binary(Acc);
+dechunk_body(Data, Acc) ->
+  case binary:split(Data, <<"\r\n">>) of
+    [SizeBin, Rest] ->
+      Size = binary_to_integer(SizeBin, 16),
+      case Size of
+        0 -> iolist_to_binary(Acc);
+        _ ->
+          case Rest of
+            <<Chunk:Size/binary, "\r\n", Next/binary>> ->
+              dechunk_body(Next, [Acc, Chunk]);
+            _ ->
+              iolist_to_binary([Acc, Rest])
+          end
+      end;
+    _ -> iolist_to_binary(Acc)
+  end.
+
+method_bin(Method) when is_atom(Method)   -> atom_to_binary(Method, utf8);
+method_bin(Method) when is_binary(Method) -> Method;
+method_bin(Method) when is_list(Method)   -> list_to_binary(Method).
+
+to_binary(B) when is_binary(B) -> B;
+to_binary(L) when is_list(L)   -> list_to_binary(L);
+to_binary(_)                   -> <<>>.
+
+format_headers(Headers) ->
+  iolist_to_binary([[K, ": ", V, "\r\n"] || {K, V} <- Headers]).
+
+%% ---------------------------------------------------------------------------
+%% copy_file_to_container/3
+%%
+%% Reads HostPath from disk, wraps it in a minimal tar archive, and PUTs it
+%% to the Docker Engine API at /containers/{Id}/archive?path={ContainerDir}.
+%% The file appears in the container at ContainerPath.
+%%
+%% Returns ok | {error, Reason :: binary()}.
+%% ---------------------------------------------------------------------------
+
+copy_file_to_container(ContainerId, HostPath, ContainerPath)
+    when is_binary(ContainerId) ->
+  copy_file_to_container(binary_to_list(ContainerId), HostPath, ContainerPath);
+copy_file_to_container(ContainerId, HostPath, ContainerPath)
+    when is_binary(HostPath) ->
+  copy_file_to_container(ContainerId, binary_to_list(HostPath), ContainerPath);
+copy_file_to_container(ContainerId, HostPath, ContainerPath)
+    when is_binary(ContainerPath) ->
+  copy_file_to_container(ContainerId, HostPath, binary_to_list(ContainerPath));
+copy_file_to_container(ContainerId, HostPath, ContainerPath) ->
+  case has_crlf(ContainerPath) orelse has_crlf(ContainerId) of
+    true ->
+      {error, <<"path contains CR/LF">>};
+    false ->
+      ContainerDir  = filename:dirname(ContainerPath),
+      FileBaseName  = filename:basename(ContainerPath),
+      TmpTar = unique_tmp_path("tc_", ".tar"),
+      Result = case erl_tar:open(TmpTar, [write]) of
+        {ok, Tar} ->
+          case erl_tar:add(Tar, HostPath, FileBaseName, []) of
+            ok ->
+              case erl_tar:close(Tar) of
+                ok ->
+                  case file:read_file(TmpTar) of
+                    {ok, TarBin} ->
+                      put_tar(ContainerId, ContainerDir, TarBin);
+                    {error, ReadErr} ->
+                      {error, list_to_binary(io_lib:format("read tar: ~p", [ReadErr]))}
+                  end;
+                {error, CloseErr} ->
+                  {error, list_to_binary(io_lib:format("close tar: ~p", [CloseErr]))}
+              end;
+            {error, AddErr} ->
+              erl_tar:close(Tar),
+              {error, list_to_binary(io_lib:format("add to tar: ~p", [AddErr]))}
+          end;
+        {error, OpenErr} ->
+          {error, list_to_binary(io_lib:format("open tar: ~p", [OpenErr]))}
+      end,
+      file:delete(TmpTar),
+      Result
+  end.
+
+has_crlf(S) when is_list(S) ->
+  lists:any(fun(C) -> C =:= $\r orelse C =:= $\n end, S);
+has_crlf(B) when is_binary(B) ->
+  has_crlf(binary_to_list(B));
+has_crlf(_) -> false.
+
+%% Build a tmp filename unlikely to collide across processes or BEAM nodes
+%% sharing the same TMPDIR. Composed of: OS pid + microsecond timestamp +
+%% per-node unique integer. Honours $TMPDIR when set, falls back to /tmp.
+unique_tmp_path(Prefix, Suffix) ->
+  TmpDir = case os:getenv("TMPDIR") of
+    false       -> "/tmp";
+    ""          -> "/tmp";
+    Dir         -> Dir
+  end,
+  Pid    = os:getpid(),
+  Time   = integer_to_list(erlang:system_time(microsecond)),
+  Uniq   = integer_to_list(erlang:unique_integer([positive])),
+  Name   = Prefix ++ Pid ++ "_" ++ Time ++ "_" ++ Uniq ++ Suffix,
+  filename:join(TmpDir, Name).
+
+%% PUT a tar binary to /containers/{Id}/archive?path={Dir}.
+put_tar(ContainerId, ContainerDir, TarBin) ->
+  EncodedDir = query_encode(ContainerDir),
+  Path = iolist_to_binary([
+    "/containers/", ContainerId, "/archive?path=", EncodedDir
+  ]),
+  case connect_endpoint() of
+    {ok, Socket} ->
+      ContentLength = byte_size(TarBin),
+      Request = iolist_to_binary([
+        "PUT ", Path, " HTTP/1.1\r\n",
+        "Host: localhost\r\n",
+        "Content-Type: application/x-tar\r\n",
+        "Content-Length: ", integer_to_binary(ContentLength), "\r\n",
+        "Connection: close\r\n",
+        "\r\n",
+        TarBin
+      ]),
+      Result = try
+        case gen_tcp:send(Socket, Request) of
+          ok ->
+            case recv_all(Socket, []) of
+              {ok, RawResp} ->
+                case parse_response(RawResp) of
+                  {ok, {200, _}} -> {ok, nil};
+                  {ok, {Status, Body}} ->
+                    {error, list_to_binary(
+                      io_lib:format("HTTP ~p: ~s", [Status, Body]))};
+                  {error, E} -> {error, E}
+                end;
+              {error, Err} ->
+                {error, list_to_binary(io_lib:format("recv: ~p", [Err]))}
+            end;
+          {error, Err} ->
+            {error, list_to_binary(io_lib:format("send: ~p", [Err]))}
+        end
+      after
+        gen_tcp:close(Socket)
+      end,
+      Result;
+    {error, Reason} ->
+      {error, list_to_binary(
+        io_lib:format("connect ~s: ~p", [endpoint_label(), Reason]))}
+  end.
+
+%% Percent-encode characters that are special in URL query strings.
+%% Keeps "/" unchanged (it is already inside a path segment here).
+query_encode(S) when is_list(S) ->
+  list_to_binary(lists:flatmap(fun query_encode_char/1, S)).
+
+query_encode_char($/) -> "/";
+query_encode_char($ ) -> "%20";
+query_encode_char($&) -> "%26";
+query_encode_char($=) -> "%3D";
+query_encode_char($+) -> "%2B";
+query_encode_char($?) -> "%3F";
+query_encode_char($#) -> "%23";
+query_encode_char($\r) -> "%0D";
+query_encode_char($\n) -> "%0A";
+query_encode_char(C)  -> [C].
+
+%% ---------------------------------------------------------------------------
+%% Wait strategy helpers
+%% ---------------------------------------------------------------------------
+
+%% Try a TCP connect to Host:Port. Returns ok | {error, Reason}.
+tcp_can_connect(Host, Port) when is_binary(Host) ->
+  tcp_can_connect(binary_to_list(Host), Port);
+tcp_can_connect(Host, Port) ->
+  case gen_tcp:connect(Host, Port, [binary, {active, false}], 2000) of
+    {ok, Sock} ->
+      gen_tcp:close(Sock),
+      {ok, nil};
+    {error, Reason} ->
+      {error, list_to_binary(io_lib:format("~p", [Reason]))}
+  end.
+
+%% Perform an HTTP GET to Host:Port/Path, return {ok, StatusCode} or {error, Reason}.
+http_get_status(Host, Port, Path) when is_binary(Host) ->
+  http_get_status(binary_to_list(Host), Port, Path);
+http_get_status(Host, Port, Path) ->
+  case gen_tcp:connect(Host, Port, [binary, {active, false}, {packet, raw}], 2000) of
+    {ok, Sock} ->
+      PathBin = to_binary(Path),
+      Req = iolist_to_binary([
+        "GET ", PathBin, " HTTP/1.1\r\n",
+        "Host: ", Host, ":", integer_to_list(Port), "\r\n",
+        "Connection: close\r\n",
+        "\r\n"
+      ]),
+      Result = case gen_tcp:send(Sock, Req) of
+        ok ->
+          case recv_all(Sock, []) of
+            {ok, Resp} ->
+              case parse_response(Resp) of
+                {ok, {Code, _}} -> {ok, Code};
+                {error, E}      -> {error, E}
+              end;
+            {error, E} -> {error, list_to_binary(io_lib:format("recv: ~p", [E]))}
+          end;
+        {error, E} -> {error, list_to_binary(io_lib:format("send: ~p", [E]))}
+      end,
+      gen_tcp:close(Sock),
+      Result;
+    {error, Reason} ->
+      {error, list_to_binary(io_lib:format("connect: ~p", [Reason]))}
+  end.
+
+%% Current time in milliseconds (monotonic).
+now_ms() ->
+  erlang:monotonic_time(millisecond).
+
+%% Sleep for Ms milliseconds.
+sleep_ms(Ms) ->
+  timer:sleep(Ms),
+  nil.
+
+%% Strip Docker multiplexed log stream framing - concatenated stdout+stderr.
+%% Each frame: 1 byte type | 3 bytes padding | 4 bytes size (big-endian) | <size> bytes data
+strip_log_frames(<<>>) -> <<>>;
+strip_log_frames(<<_Type:8, _Pad:24, Size:32/big, Rest/binary>>) ->
+  case Size =< byte_size(Rest) of
+    true ->
+      <<Frame:Size/binary, Next/binary>> = Rest,
+      <<Frame/binary, (strip_log_frames(Next))/binary>>;
+    false ->
+      Rest
+  end;
+strip_log_frames(Data) -> Data.
+
+%% Split Docker multiplexed exec output into {Stdout, Stderr}.
+%% Type byte: 1 = stdout, 2 = stderr (0 = stdin, ignored).
+split_log_streams(Data) ->
+  {Out, Err} = split_loop(Data, [], []),
+  {iolist_to_binary(Out), iolist_to_binary(Err)}.
+
+split_loop(<<>>, Out, Err) -> {Out, Err};
+split_loop(<<Type:8, _Pad:24, Size:32/big, Rest/binary>>, Out, Err) ->
+  case Size =< byte_size(Rest) of
+    true ->
+      <<Frame:Size/binary, Next/binary>> = Rest,
+      case Type of
+        1 -> split_loop(Next, [Out, Frame], Err);
+        2 -> split_loop(Next, Out, [Err, Frame]);
+        _ -> split_loop(Next, Out, Err)
+      end;
+    false ->
+      %% Truncated frame - append remainder to stdout as best-effort.
+      {[Out, Rest], Err}
+  end;
+split_loop(Data, Out, Err) ->
+  %% No frame header - treat everything as stdout (e.g. when TTY=true).
+  {[Out, Data], Err}.
diff --git a/src/testcontainer/internal/image_ref.gleam b/src/testcontainer/internal/image_ref.gleam
new file mode 100644
index 0000000..683518e
--- /dev/null
+++ b/src/testcontainer/internal/image_ref.gleam
@@ -0,0 +1,46 @@
+import gleam/list
+import gleam/string
+
+pub type ImageRef {
+  ImageRef(name: String, tag: String)
+}
+
+/// Splits an image reference into `(name, tag)`. Falls back to
+/// `tag = "latest"` when no tag is present.
+///
+/// Heuristic: a Docker tag may contain `[A-Za-z0-9._-]` but never `/`.
+/// The trailing colon-segment is treated as a tag only when it has no
+/// `/`. With this rule the parse is unambiguous in every case except a
+/// bare `host:port` reference: e.g. `registry:5000` is parsed as
+/// `name="registry", tag="5000"`. To force the registry-port
+/// interpretation, append the image segment - `registry:5000/image[:tag]` -
+/// which the parser detects via the `/` in the second-to-last segment.
+pub fn parse(raw: String) -> ImageRef {
+  let parts = string.split(raw, ":")
+  case list.reverse(parts) {
+    [potential_tag, name_part, ..rest_reversed] -> {
+      // A tag never contains "/". If the last colon-segment does, the whole
+      // string is the name with no explicit tag (e.g. "registry:5000/image").
+      case string.contains(potential_tag, "/") {
+        True -> ImageRef(name: raw, tag: "latest")
+        False ->
+          case string.contains(name_part, "/") {
+            True -> {
+              let name =
+                string.join(list.reverse([name_part, ..rest_reversed]), ":")
+              ImageRef(name: name, tag: potential_tag)
+            }
+            False -> {
+              let name =
+                string.join(
+                  list.append(list.reverse(rest_reversed), [name_part]),
+                  ":",
+                )
+              ImageRef(name: name, tag: potential_tag)
+            }
+          }
+      }
+    }
+    _ -> ImageRef(name: raw, tag: "latest")
+  }
+}
diff --git a/src/testcontainer/internal/wait_runner.gleam b/src/testcontainer/internal/wait_runner.gleam
new file mode 100644
index 0000000..6aee1da
--- /dev/null
+++ b/src/testcontainer/internal/wait_runner.gleam
@@ -0,0 +1,350 @@
+import gleam/dict
+import gleam/dynamic/decode
+import gleam/int
+import gleam/json
+import gleam/list
+import gleam/option.{type Option, None, Some}
+import gleam/result
+import gleam/string
+
+import testcontainer/error
+import testcontainer/exec
+import testcontainer/internal/docker
+import testcontainer/wait
+
+// ---------------------------------------------------------------------------
+// FFI - timing and network helpers from docker_transport.erl
+// ---------------------------------------------------------------------------
+
+@external(erlang, "docker_transport", "tcp_can_connect")
+fn tcp_can_connect(host: String, port: Int) -> Result(Nil, String)
+
+@external(erlang, "docker_transport", "http_get_status")
+fn http_get_status(host: String, port: Int, path: String) -> Result(Int, String)
+
+@external(erlang, "docker_transport", "now_ms")
+fn now_ms() -> Int
+
+@external(erlang, "docker_transport", "sleep_ms")
+fn sleep_ms(ms: Int) -> Nil
+
+// ---------------------------------------------------------------------------
+// Port-binding decoder. Built once and reused for every parse.
+// ---------------------------------------------------------------------------
+
+type PortBinding {
+  PortBinding(host_port: String)
+}
+
+fn port_binding_decoder() -> decode.Decoder(PortBinding) {
+  use hp <- decode.field("HostPort", decode.string)
+  decode.success(PortBinding(hp))
+}
+
+fn ports_decoder() -> decode.Decoder(
+  dict.Dict(String, Option(List(PortBinding))),
+) {
+  decode.at(
+    ["NetworkSettings", "Ports"],
+    decode.dict(
+      decode.string,
+      decode.optional(decode.list(port_binding_decoder())),
+    ),
+  )
+}
+
+// ---------------------------------------------------------------------------
+// Public entry point
+// ---------------------------------------------------------------------------
+
+/// Runs the wait strategy for the given container, polling until it succeeds
+/// or the strategy's configured timeout expires. `host` is the host the
+/// runner should use to reach mapped ports (already resolved by the caller
+/// from `Config.host_override`, so the runner does not re-read the env on
+/// every poll).
+pub fn run(
+  strategy: wait.WaitStrategy,
+  container_id: String,
+  host: String,
+) -> Result(Nil, error.Error) {
+  let start = now_ms()
+  let deadline = start + wait.timeout_ms(strategy)
+  let poll = wait.poll_interval_ms(strategy)
+  poll_loop(strategy, container_id, host, dict.new(), start, deadline, poll)
+}
+
+// ---------------------------------------------------------------------------
+// Poll loop
+// ---------------------------------------------------------------------------
+
+fn poll_loop(
+  strategy: wait.WaitStrategy,
+  container_id: String,
+  host: String,
+  port_map: dict.Dict(Int, Int),
+  start_ms: Int,
+  deadline: Int,
+  poll_ms: Int,
+) -> Result(Nil, error.Error) {
+  let now = now_ms()
+  case now >= deadline {
+    True -> {
+      let elapsed = now - start_ms
+      Error(error.WaitTimedOut(wait.describe(strategy), elapsed))
+    }
+    False -> {
+      // One inspect call per poll iteration, shared by health checks and
+      // (when needed) port resolution. Once the port map is non-empty,
+      // mappings are stable for a running container - keep reusing it
+      // across iterations to close the resolve/connect race window.
+      let inspect = case docker.inspect_container(container_id) {
+        Ok(body) -> Some(body)
+        Error(_) -> None
+      }
+      let pm = case dict.is_empty(port_map), inspect {
+        True, Some(body) -> parse_port_map(body)
+        _, _ -> port_map
+      }
+      case check_once(strategy, container_id, host, pm, inspect) {
+        Ok(Nil) -> Ok(Nil)
+        Error(_) -> {
+          sleep_ms(poll_ms)
+          poll_loop(
+            strategy,
+            container_id,
+            host,
+            pm,
+            start_ms,
+            deadline,
+            poll_ms,
+          )
+        }
+      }
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Single check per strategy variant
+// ---------------------------------------------------------------------------
+
+fn check_once(
+  strategy: wait.WaitStrategy,
+  container_id: String,
+  host: String,
+  port_map: dict.Dict(Int, Int),
+  inspect: Option(String),
+) -> Result(Nil, error.Error) {
+  case wait.base(strategy) {
+    wait.ForNone -> Ok(Nil)
+    wait.ForLog(message, times) -> check_log(container_id, message, times)
+    wait.ForPort(container_port) -> check_port(container_port, host, port_map)
+    wait.ForHttp(container_port, path, expected_status) ->
+      check_http(container_port, path, expected_status, host, port_map)
+    wait.ForHealthCheck -> check_health(inspect)
+    wait.ForCommand(cmd, expected_exit) ->
+      check_command(container_id, cmd, expected_exit)
+    wait.AllOf(strategies) ->
+      check_all_of(strategies, container_id, host, port_map, inspect)
+    wait.AnyOf(strategies) ->
+      check_any_of(strategies, container_id, host, port_map, inspect)
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Strategy implementations
+// ---------------------------------------------------------------------------
+
+fn check_log(
+  container_id: String,
+  message: String,
+  times: Int,
+) -> Result(Nil, error.Error) {
+  case docker.container_logs(container_id, option.None) {
+    Ok(logs) -> {
+      let count = count_occurrences(logs, message)
+      case count >= times {
+        True -> Ok(Nil)
+        False ->
+          Error(error.WaitFailed(
+            "log(" <> message <> ")",
+            "found " <> int.to_string(count) <> "/" <> int.to_string(times),
+          ))
+      }
+    }
+    Error(e) -> Error(e)
+  }
+}
+
+fn count_occurrences(haystack: String, needle: String) -> Int {
+  case string.split(haystack, needle) {
+    [_] -> 0
+    parts -> list.length(parts) - 1
+  }
+}
+
+fn check_port(
+  container_port: Int,
+  host: String,
+  port_map: dict.Dict(Int, Int),
+) -> Result(Nil, error.Error) {
+  use host_port <- result.try(resolve_host_port(container_port, port_map))
+  case tcp_can_connect(host, host_port) {
+    Ok(Nil) -> Ok(Nil)
+    Error(reason) ->
+      Error(error.WaitFailed(
+        "port(" <> int.to_string(container_port) <> ")",
+        reason,
+      ))
+  }
+}
+
+fn check_http(
+  container_port: Int,
+  path: String,
+  expected_status: Int,
+  host: String,
+  port_map: dict.Dict(Int, Int),
+) -> Result(Nil, error.Error) {
+  use host_port <- result.try(resolve_host_port(container_port, port_map))
+  case http_get_status(host, host_port, path) {
+    Ok(status) ->
+      case status == expected_status {
+        True -> Ok(Nil)
+        False ->
+          Error(error.WaitFailed(
+            "http(" <> int.to_string(container_port) <> ", " <> path <> ")",
+            "got HTTP "
+              <> int.to_string(status)
+              <> ", want "
+              <> int.to_string(expected_status),
+          ))
+      }
+    Error(reason) ->
+      Error(error.WaitFailed(
+        "http(" <> int.to_string(container_port) <> ", " <> path <> ")",
+        reason,
+      ))
+  }
+}
+
+fn check_health(inspect: Option(String)) -> Result(Nil, error.Error) {
+  case inspect {
+    None ->
+      Error(error.WaitFailed("health_check", "unable to inspect container"))
+    Some(body) ->
+      case
+        json.parse(
+          body,
+          decode.at(["State", "Health", "Status"], decode.string),
+        )
+      {
+        Ok("healthy") -> Ok(Nil)
+        Ok(status) ->
+          Error(error.WaitFailed("health_check", "status=" <> status))
+        Error(_) ->
+          Error(error.WaitFailed("health_check", "no health status in inspect"))
+      }
+  }
+}
+
+fn check_command(
+  container_id: String,
+  cmd: List(String),
+  expected_exit: Int,
+) -> Result(Nil, error.Error) {
+  case docker.exec_container(container_id, cmd) {
+    Ok(exec.ExecResult(exit_code, _, _)) ->
+      case exit_code == expected_exit {
+        True -> Ok(Nil)
+        False ->
+          Error(error.WaitFailed(
+            "command(" <> string.join(cmd, " ") <> ")",
+            "exit=" <> int.to_string(exit_code),
+          ))
+      }
+    Error(e) -> Error(e)
+  }
+}
+
+fn check_all_of(
+  strategies: List(wait.WaitStrategy),
+  container_id: String,
+  host: String,
+  port_map: dict.Dict(Int, Int),
+  inspect: Option(String),
+) -> Result(Nil, error.Error) {
+  list.try_map(strategies, fn(s) {
+    check_once(s, container_id, host, port_map, inspect)
+  })
+  |> result.map(fn(_) { Nil })
+}
+
+fn check_any_of(
+  strategies: List(wait.WaitStrategy),
+  container_id: String,
+  host: String,
+  port_map: dict.Dict(Int, Int),
+  inspect: Option(String),
+) -> Result(Nil, error.Error) {
+  case strategies {
+    [] -> Error(error.WaitFailed("any_of", "no strategies provided"))
+    [first, ..rest] ->
+      case check_once(first, container_id, host, port_map, inspect) {
+        Ok(Nil) -> Ok(Nil)
+        Error(_) -> check_any_of(rest, container_id, host, port_map, inspect)
+      }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Port-mapping helpers - parsed once per `run`, then reused for every poll.
+// ---------------------------------------------------------------------------
+
+fn resolve_host_port(
+  container_port: Int,
+  port_map: dict.Dict(Int, Int),
+) -> Result(Int, error.Error) {
+  case dict.get(port_map, container_port) {
+    Ok(hp) -> Ok(hp)
+    Error(Nil) -> Error(error.PortNotMapped(container_port))
+  }
+}
+
+fn parse_port_map(inspect_json: String) -> dict.Dict(Int, Int) {
+  case json.parse(inspect_json, ports_decoder()) {
+    Ok(raw) ->
+      raw
+      |> dict.to_list
+      |> list.filter_map(parse_entry)
+      |> dict.from_list
+    Error(_) -> dict.new()
+  }
+}
+
+fn parse_entry(
+  entry: #(String, Option(List(PortBinding))),
+) -> Result(#(Int, Int), Nil) {
+  let #(key, bindings) = entry
+  use container_port <- result.try(parse_tcp_key(key))
+  use bs <- result.try(case bindings {
+    Some(value) -> Ok(value)
+    None -> Error(Nil)
+  })
+  use host_port <- result.try(first_host_port(bs))
+  Ok(#(container_port, host_port))
+}
+
+fn parse_tcp_key(key: String) -> Result(Int, Nil) {
+  case string.split(key, "/") {
+    [p, "tcp"] -> int.parse(p)
+    _ -> Error(Nil)
+  }
+}
+
+fn first_host_port(bs: List(PortBinding)) -> Result(Int, Nil) {
+  case bs {
+    [] -> Error(Nil)
+    [PortBinding(hp), ..] -> int.parse(hp)
+  }
+}

From feb5781d9c59dcfb28622b0439aca852b0657c1e Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:33:36 +0200
Subject: [PATCH 05/14] Add testcontainer network/port/stack/wait modules

Introduce four new testcontainer modules: network, port, stack, and wait. network provides Docker bridge lifecycle (create/remove) and with_network that spawns a linked guard process to ensure cleanup on normal exit or caller crash. port defines a Port type with tcp/udp constructors and validated try_tcp/try_udp helpers. stack adds a Stack builder to manage a network lifetime spanning multiple containers. wait implements a WaitStrategy type with common readiness checks (log, port, http, health_check, command, all_of/any_of), timeout/poll configuration.
---
 src/testcontainer/network.gleam | 107 +++++++++++++++++++
 src/testcontainer/port.gleam    |  52 ++++++++++
 src/testcontainer/stack.gleam   |  62 +++++++++++
 src/testcontainer/wait.gleam    | 175 ++++++++++++++++++++++++++++++++
 4 files changed, 396 insertions(+)
 create mode 100644 src/testcontainer/network.gleam
 create mode 100644 src/testcontainer/port.gleam
 create mode 100644 src/testcontainer/stack.gleam
 create mode 100644 src/testcontainer/wait.gleam

diff --git a/src/testcontainer/network.gleam b/src/testcontainer/network.gleam
new file mode 100644
index 0000000..6963443
--- /dev/null
+++ b/src/testcontainer/network.gleam
@@ -0,0 +1,107 @@
+import gleam/erlang/process
+import gleam/result
+
+import testcontainer/error
+import testcontainer/internal/docker
+
+/// A Docker bridge network. Construct with `create/1` (or `with_network/2`
+/// for automatic cleanup) and pass the name to `container.on_network/2`.
+pub opaque type Network {
+  Network(id: String, name: String)
+}
+
+/// Creates a new bridge network with the given name.
+pub fn create(name: String) -> Result(Network, error.Error) {
+  use id <- result.try(docker.create_network(name))
+  Ok(Network(id, name))
+}
+
+/// Removes a network created via `create/1`.
+pub fn remove(network: Network) -> Result(Nil, error.Error) {
+  docker.remove_network(network.id)
+}
+
+/// Creates a network, runs `body/1`, then removes it. Cleanup runs even if
+/// `body/1` returns an error or the caller process crashes (a linked guard
+/// process performs the removal asynchronously on caller down).
+///
+///   use net <- network.with_network("test-net")
+///
+pub fn with_network(
+  name: String,
+  body: fn(Network) -> Result(a, error.Error),
+) -> Result(a, error.Error) {
+  use #(net, guard) <- result.try(create_guarded(name))
+  let body_result = body(net)
+  process.send(guard, GuardStop)
+  let remove_result = remove(net)
+  case body_result, remove_result {
+    Ok(_), Error(rm_e) -> Error(rm_e)
+    _, _ -> body_result
+  }
+}
+
+/// The network's name (as passed to `create/1`).
+pub fn name(network: Network) -> String {
+  network.name
+}
+
+/// The Docker-assigned network id.
+pub fn id(network: Network) -> String {
+  network.id
+}
+
+// ---------------------------------------------------------------------------
+// Guarded creation
+// ---------------------------------------------------------------------------
+
+type GuardEvent {
+  GuardStop
+  ParentDown
+}
+
+// Spawns a linked process that creates the network, sends the result back,
+// and (on success) waits for either GuardStop (clean exit) or a trapped
+// caller-exit signal. On caller crash it fires the network removal in a
+// detached process so the BEAM can shut down cleanly without blocking on
+// Docker.
+fn create_guarded(
+  name: String,
+) -> Result(#(Network, process.Subject(GuardEvent)), error.Error) {
+  let startup_subject: process.Subject(
+    Result(#(Network, process.Subject(GuardEvent)), error.Error),
+  ) = process.new_subject()
+
+  process.spawn(fn() {
+    process.trap_exits(True)
+    let guard = process.new_subject()
+    case create(name) {
+      Ok(net) -> {
+        process.send(startup_subject, Ok(#(net, guard)))
+        guard_loop(net.id, guard)
+      }
+      Error(e) -> process.send(startup_subject, Error(e))
+    }
+  })
+
+  let selector = process.new_selector() |> process.select(startup_subject)
+  process.selector_receive_forever(selector)
+}
+
+fn guard_loop(id: String, subject: process.Subject(GuardEvent)) -> Nil {
+  let selector =
+    process.new_selector()
+    |> process.select(subject)
+    |> process.select_trapped_exits(fn(_) { ParentDown })
+  case process.selector_receive_forever(selector) {
+    GuardStop -> Nil
+    ParentDown -> {
+      // Fire-and-forget remove; transport enforces its own per-call timeouts.
+      process.spawn(fn() {
+        let _ = docker.remove_network(id)
+        Nil
+      })
+      Nil
+    }
+  }
+}
diff --git a/src/testcontainer/port.gleam b/src/testcontainer/port.gleam
new file mode 100644
index 0000000..8e1db0b
--- /dev/null
+++ b/src/testcontainer/port.gleam
@@ -0,0 +1,52 @@
+import testcontainer/error
+
+/// A container port together with its protocol.
+/// Build with `tcp/1` / `udp/1` (panic-free, but trust the caller to pass
+/// a valid number) or `try_tcp/1` / `try_udp/1` (validated `Result`).
+pub opaque type Port {
+  Tcp(Int)
+  Udp(Int)
+}
+
+/// Creates a TCP port. Numbers outside `1..=65535` will be rejected later
+/// by `start/1`. For up-front validation, prefer `try_tcp/1`.
+pub fn tcp(number: Int) -> Port {
+  Tcp(number)
+}
+
+/// Creates a UDP port. See `tcp/1` for validation notes.
+pub fn udp(number: Int) -> Port {
+  Udp(number)
+}
+
+/// Validated TCP port constructor.
+pub fn try_tcp(number: Int) -> Result(Port, error.Error) {
+  case number >= 1 && number <= 65_535 {
+    True -> Ok(Tcp(number))
+    False -> Error(error.InvalidPort(number))
+  }
+}
+
+/// Validated UDP port constructor.
+pub fn try_udp(number: Int) -> Result(Port, error.Error) {
+  case number >= 1 && number <= 65_535 {
+    True -> Ok(Udp(number))
+    False -> Error(error.InvalidPort(number))
+  }
+}
+
+/// Returns the port number.
+pub fn number(port: Port) -> Int {
+  case port {
+    Tcp(n) -> n
+    Udp(n) -> n
+  }
+}
+
+/// Returns `"tcp"` or `"udp"`.
+pub fn protocol(port: Port) -> String {
+  case port {
+    Tcp(_) -> "tcp"
+    Udp(_) -> "udp"
+  }
+}
diff --git a/src/testcontainer/stack.gleam b/src/testcontainer/stack.gleam
new file mode 100644
index 0000000..631a0ff
--- /dev/null
+++ b/src/testcontainer/stack.gleam
@@ -0,0 +1,62 @@
+import testcontainer/error
+import testcontainer/network
+
+/// A `Stack(output)` represents a Docker network whose lifetime spans
+/// multiple containers. The companion entry point is
+/// `testcontainer.with_stack/2`.
+///
+/// ## Recommended pattern
+///
+/// `output` is typically just `Network` - the build function returns the
+/// running network unchanged, and the caller nests `with_container` or
+/// `with_formula` calls inside the `with_stack` body so that each container
+/// is cleaned up by its own guard before the network is removed:
+///
+///     use net <- testcontainer.with_stack(
+///       testcontainer.stack("app-test-net", fn(n) { Ok(n) }),
+///     )
+///     use pg <- testcontainer.with_formula(
+///       postgres.new() |> postgres.on_network(net) |> postgres.formula(),
+///     )
+///     // ...
+///
+/// ## Note on advanced builders
+///
+/// The build function can return any `output`, but it must be a value that
+/// is still meaningful after the function returns. Containers started via
+/// `with_container`/`with_formula` are stopped before their wrapping `use`
+/// returns, so a record carrying live `Container` handles is **not** a
+/// valid `output`. Either return `Network` (or a static record derived
+/// from it) and nest the lifecycle calls in the `with_stack` body, or call
+/// `testcontainer.start/1` directly inside `run` and accept manual
+/// teardown responsibility.
+pub opaque type Stack(output) {
+  Stack(
+    network_name: String,
+    run: fn(network.Network) -> Result(output, error.Error),
+  )
+}
+
+/// Builds a `Stack` with the given network name and a function that, given
+/// the running `Network`, returns the typed output the test will consume.
+///
+///   testcontainer.stack("app-test-net", fn(net) { Ok(net) })
+pub fn new(
+  network_name: String,
+  run: fn(network.Network) -> Result(output, error.Error),
+) -> Stack(output) {
+  Stack(network_name, run)
+}
+
+@internal
+pub fn name(s: Stack(output)) -> String {
+  s.network_name
+}
+
+@internal
+pub fn run(
+  s: Stack(output),
+  net: network.Network,
+) -> Result(output, error.Error) {
+  s.run(net)
+}
diff --git a/src/testcontainer/wait.gleam b/src/testcontainer/wait.gleam
new file mode 100644
index 0000000..8418ae8
--- /dev/null
+++ b/src/testcontainer/wait.gleam
@@ -0,0 +1,175 @@
+import gleam/int
+import gleam/list
+import gleam/string
+
+/// A readiness strategy. Built via constructors (`log/1`, `port/1`, `http/2`,
+/// `health_check/0`, `command/1`, `all_of/1`, `any_of/1`) and tweaked via
+/// `with_timeout/2` and `with_poll_interval/2`.
+pub opaque type WaitStrategy {
+  WaitStrategy(base: WaitStrategyBase, timeout_ms: Int, poll_interval_ms: Int)
+}
+
+/// Internal - exposed only so the polling loop in `internal/wait_runner.gleam`
+/// can pattern-match on the variants. Not part of the stable public API.
+@internal
+pub type WaitStrategyBase {
+  /// "No wait" - succeeds immediately. Used as the default in
+  /// `container.new/1`.
+  ForNone
+  ForLog(String, Int)
+  ForPort(Int)
+  ForHttp(Int, String, Int)
+  ForHealthCheck
+  ForCommand(List(String), Int)
+  AllOf(List(WaitStrategy))
+  AnyOf(List(WaitStrategy))
+}
+
+const default_timeout_ms = 60_000
+
+const default_poll_interval_ms = 1000
+
+fn wrap(base: WaitStrategyBase) -> WaitStrategy {
+  WaitStrategy(base, default_timeout_ms, default_poll_interval_ms)
+}
+
+/// "No wait" - succeeds immediately. This is the default when a
+/// `ContainerSpec` is built with `container.new/1` and no `wait_for/2`
+/// is set.
+pub fn none() -> WaitStrategy {
+  wrap(ForNone)
+}
+
+/// Waits until the container's combined stdout/stderr stream contains the
+/// given message at least once.
+pub fn log(message: String) -> WaitStrategy {
+  wrap(ForLog(message, 1))
+}
+
+/// Like `log/1` but waits until the message appears at least `times` times.
+pub fn log_times(message: String, times: Int) -> WaitStrategy {
+  wrap(ForLog(message, times))
+}
+
+/// Waits until the given (TCP) container port accepts connections from the host.
+pub fn port(port: Int) -> WaitStrategy {
+  wrap(ForPort(port))
+}
+
+/// Waits until an HTTP GET to the given path on the given container port
+/// returns status 200.
+pub fn http(port: Int, path: String) -> WaitStrategy {
+  wrap(ForHttp(port, path, 200))
+}
+
+/// Like `http/2` but waits for a custom expected status code.
+pub fn http_with_status(port: Int, path: String, status: Int) -> WaitStrategy {
+  wrap(ForHttp(port, path, status))
+}
+
+/// Waits for Docker to report the container's HEALTHCHECK as `healthy`.
+/// The image must define a HEALTHCHECK for this to terminate.
+pub fn health_check() -> WaitStrategy {
+  wrap(ForHealthCheck)
+}
+
+/// Runs a command inside the container and waits until it exits 0.
+pub fn command(cmd: List(String)) -> WaitStrategy {
+  wrap(ForCommand(cmd, 0))
+}
+
+/// Composes strategies - succeeds when ALL inner strategies succeed.
+pub fn all_of(strategies: List(WaitStrategy)) -> WaitStrategy {
+  wrap(AllOf(strategies))
+}
+
+/// Composes strategies - succeeds as soon as ANY inner strategy succeeds.
+pub fn any_of(strategies: List(WaitStrategy)) -> WaitStrategy {
+  wrap(AnyOf(strategies))
+}
+
+/// Sets the per-strategy timeout (default 60 s). Negative values are
+/// clamped to 0 (the strategy times out immediately).
+pub fn with_timeout(strategy: WaitStrategy, ms: Int) -> WaitStrategy {
+  let safe = case ms < 0 {
+    True -> 0
+    False -> ms
+  }
+  case strategy {
+    WaitStrategy(base, _, poll) -> WaitStrategy(base, safe, poll)
+  }
+}
+
+/// Sets the polling interval (default 1 s). Values <= 0 are clamped to 1
+/// to avoid a hot-spin loop.
+pub fn with_poll_interval(strategy: WaitStrategy, ms: Int) -> WaitStrategy {
+  let safe = case ms < 1 {
+    True -> 1
+    False -> ms
+  }
+  case strategy {
+    WaitStrategy(base, timeout, _) -> WaitStrategy(base, timeout, safe)
+  }
+}
+
+/// Internal - returns the inner base strategy for pattern matching in
+/// `internal/wait_runner.gleam`.
+@internal
+pub fn base(strategy: WaitStrategy) -> WaitStrategyBase {
+  case strategy {
+    WaitStrategy(b, _, _) -> b
+  }
+}
+
+/// Returns the configured timeout in milliseconds.
+pub fn timeout_ms(strategy: WaitStrategy) -> Int {
+  case strategy {
+    WaitStrategy(_, t, _) -> t
+  }
+}
+
+/// Returns the configured poll interval in milliseconds.
+pub fn poll_interval_ms(strategy: WaitStrategy) -> Int {
+  case strategy {
+    WaitStrategy(_, _, p) -> p
+  }
+}
+
+/// Human-readable description used in `WaitTimedOut` / `WaitFailed` errors.
+pub fn describe(strategy: WaitStrategy) -> String {
+  case strategy {
+    WaitStrategy(base, timeout, poll) -> {
+      let base_desc = case base {
+        ForNone -> "none"
+        ForLog(message, times) ->
+          "log(" <> message <> ", " <> int.to_string(times) <> ")"
+        ForPort(port) -> "port(" <> int.to_string(port) <> ")"
+        ForHttp(port, path, status) ->
+          "http("
+          <> int.to_string(port)
+          <> ", "
+          <> path
+          <> ", "
+          <> int.to_string(status)
+          <> ")"
+        ForHealthCheck -> "health_check"
+        ForCommand(cmd, expected) ->
+          "command("
+          <> string.join(cmd, " ")
+          <> ", "
+          <> int.to_string(expected)
+          <> ")"
+        AllOf(strats) ->
+          "all_of(" <> string.join(list.map(strats, describe), ", ") <> ")"
+        AnyOf(strats) ->
+          "any_of(" <> string.join(list.map(strats, describe), ", ") <> ")"
+      }
+      base_desc
+      <> " [timeout="
+      <> int.to_string(timeout)
+      <> ", poll="
+      <> int.to_string(poll)
+      <> "]"
+    }
+  }
+}

From 326704d44ae1a42b60ef5f7cec0ef1de656d8ec0 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:34:43 +0200
Subject: [PATCH 06/14] Add Gleam unit and integration tests

Add three new test files
---
 test/integration_docker_test.gleam | 604 +++++++++++++++++++++++++++++
 test/testcontainer_core_test.gleam | 348 +++++++++++++++++
 test/testcontainer_test.gleam      |   5 +
 3 files changed, 957 insertions(+)
 create mode 100644 test/integration_docker_test.gleam
 create mode 100644 test/testcontainer_core_test.gleam
 create mode 100644 test/testcontainer_test.gleam

diff --git a/test/integration_docker_test.gleam b/test/integration_docker_test.gleam
new file mode 100644
index 0000000..ba47d31
--- /dev/null
+++ b/test/integration_docker_test.gleam
@@ -0,0 +1,604 @@
+import envie
+import gleam/erlang/process
+import gleam/int
+import gleam/result
+import gleam/string
+import gleeunit/should
+import testcontainer
+import testcontainer/container
+import testcontainer/error
+import testcontainer/formula
+import testcontainer/network
+import testcontainer/port
+import testcontainer/wait
+
+fn integration_enabled() -> Bool {
+  envie.get_bool("TESTCONTAINERS_INTEGRATION", False)
+}
+
+// ---------------------------------------------------------------------------
+// Basic lifecycle
+// ---------------------------------------------------------------------------
+
+pub fn docker_integration_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command(["sh", "-c", "sleep 10"]),
+        fn(c) {
+          { container.id(c) == "" } |> should.be_false()
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Logs
+// ---------------------------------------------------------------------------
+
+pub fn container_logs_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command(["sh", "-c", "echo hello-from-logs"]),
+        fn(c) {
+          let logs = testcontainer.logs(c) |> should.be_ok()
+          logs |> should.not_equal("")
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Exec
+// ---------------------------------------------------------------------------
+
+pub fn container_exec_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command(["sh", "-c", "sleep 30"]),
+        fn(c) {
+          let result =
+            testcontainer.exec(c, ["echo", "hello"]) |> should.be_ok()
+          result.exit_code |> should.equal(0)
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+pub fn exec_nonzero_exit_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command(["sh", "-c", "sleep 30"]),
+        fn(c) {
+          let result =
+            testcontainer.exec(c, ["sh", "-c", "exit 42"]) |> should.be_ok()
+          result.exit_code |> should.equal(42)
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Wait strategies
+// ---------------------------------------------------------------------------
+
+pub fn wait_for_log_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command([
+            "sh",
+            "-c",
+            "echo container-ready && sleep 30",
+          ])
+          |> container.wait_for(wait.log("container-ready")),
+        fn(c) {
+          { container.id(c) == "" } |> should.be_false()
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+pub fn wait_for_port_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("nginx:alpine")
+          |> container.expose_port(port.tcp(80))
+          |> container.wait_for(wait.port(80)),
+        fn(c) {
+          let hp = container.host_port(c, port.tcp(80)) |> should.be_ok()
+          { hp > 0 } |> should.be_true()
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+pub fn wait_for_command_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      // Container writes /tmp/ready after 1 s; wait.command polls until it exists.
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command([
+            "sh",
+            "-c",
+            "sleep 1 && touch /tmp/ready && sleep 30",
+          ])
+          |> container.wait_for(
+            wait.command(["test", "-f", "/tmp/ready"])
+            |> wait.with_timeout(10_000)
+            |> wait.with_poll_interval(300),
+          ),
+        fn(c) {
+          { container.id(c) == "" } |> should.be_false()
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+pub fn wait_timeout_returns_error_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      // File never appears - wait must time out and return an error.
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command(["sh", "-c", "sleep 30"])
+          |> container.wait_for(
+            wait.command(["test", "-f", "/tmp/never"])
+            |> wait.with_timeout(1000)
+            |> wait.with_poll_interval(200),
+          ),
+        fn(_c) { Ok(Nil) },
+      )
+      |> should.be_error()
+      Nil
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Network lifecycle
+// ---------------------------------------------------------------------------
+
+pub fn network_create_remove_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let network_name = unique_name("testcontainer-test-net")
+      network.with_network(network_name, fn(net) {
+        { network.id(net) == "" } |> should.be_false()
+        { network.name(net) == network_name } |> should.be_true()
+        Ok(Nil)
+      })
+      |> should.be_ok()
+    }
+  }
+}
+
+pub fn container_on_network_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let network_name = unique_name("testcontainer-containers-net")
+      network.with_network(network_name, fn(net) {
+        testcontainer.with_container(
+          container.new("alpine:3.18")
+            |> container.with_command(["sh", "-c", "sleep 10"])
+            |> container.on_network(network.name(net)),
+          fn(c) {
+            { container.id(c) == "" } |> should.be_false()
+            Ok(Nil)
+          },
+        )
+      })
+      |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Guard crash cleanup
+//
+// Spawns a process that starts a container then exits abnormally.
+// After a short delay we verify the container is no longer running by
+// checking that a second start/stop cycle does not conflict (Docker would
+// error on duplicate named containers if the first were still alive).
+// ---------------------------------------------------------------------------
+
+pub fn guard_crash_cleanup_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      // `process.spawn/1` is linked; trap exits in this test process so the
+      // child panic used for simulation does not fail the test itself.
+      process.trap_exits(True)
+      let container_name = unique_name("guard-crash-test")
+      // Subject used to signal this test process once the container is up.
+      let ready: process.Subject(Nil) = process.new_subject()
+
+      // Spawn a process that starts a named container then panics,
+      // simulating a test process crash before cleanup runs.
+      process.spawn(fn() {
+        let _ =
+          testcontainer.with_container(
+            container.new("alpine:3.18")
+              |> container.with_name(container_name)
+              |> container.with_command(["sh", "-c", "sleep 30"]),
+            fn(_c) {
+              process.send(ready, Nil)
+              panic as "simulated crash - guard must clean up"
+            },
+          )
+        Nil
+      })
+
+      // Wait up to 60 s for the container to be running.
+      let _ = process.receive(ready, 60_000)
+
+      // Cleanup is fire-and-forget, so poll until name reuse succeeds.
+      assert_name_reusable(container_name, 30_000)
+      |> should.be_ok()
+      process.trap_exits(False)
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// copy_file_to
+// ---------------------------------------------------------------------------
+
+pub fn copy_file_to_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let host_path = "/tmp/tc_copy_test_gleam.txt"
+      let content = "hello from copy_file_to"
+      let _ = write_host_file(host_path, content)
+
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command(["sh", "-c", "sleep 30"]),
+        fn(c) {
+          use _ <- result.try(testcontainer.copy_file_to(
+            c,
+            host_path,
+            "/tmp/copied.txt",
+          ))
+          use exec_result <- result.try(
+            testcontainer.exec(c, ["cat", "/tmp/copied.txt"]),
+          )
+          exec_result.stdout |> string.trim() |> should.equal(content)
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// with_formula
+// ---------------------------------------------------------------------------
+
+pub fn with_formula_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let alpine_formula =
+        formula.new(
+          container.new("alpine:3.18")
+            |> container.with_command([
+              "sh",
+              "-c",
+              "echo formula-ready && sleep 30",
+            ])
+            |> container.wait_for(wait.log("formula-ready")),
+          fn(c) { Ok(#(container.id(c), container.host(c))) },
+        )
+
+      testcontainer.with_formula(alpine_formula, fn(output) {
+        let #(id, host) = output
+        { id == "" } |> should.be_false()
+        { host == "" } |> should.be_false()
+        Ok(Nil)
+      })
+      |> should.be_ok()
+    }
+  }
+}
+
+pub fn with_formula_extract_error_propagates_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let bad_formula =
+        formula.new(
+          container.new("alpine:3.18")
+            |> container.with_command(["sh", "-c", "sleep 5"]),
+          fn(_c) { Error(error.InvalidImageRef("forced error")) },
+        )
+
+      testcontainer.with_formula(bad_formula, fn(_) { Ok(Nil) })
+      |> should.be_error()
+      Nil
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// with_container_mapped - body returns custom error type
+// ---------------------------------------------------------------------------
+
+type AppError {
+  ContainerErr(error.Error)
+  AppLogic(String)
+}
+
+pub fn with_container_mapped_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let outcome =
+        testcontainer.with_container_mapped(
+          container.new("alpine:3.18")
+            |> container.with_command(["sh", "-c", "sleep 5"]),
+          ContainerErr,
+          fn(c) {
+            { container.id(c) == "" } |> should.be_false()
+            Ok(42)
+          },
+        )
+      case outcome {
+        Ok(v) -> v |> should.equal(42)
+        Error(_) -> should.equal("unexpected error", "")
+      }
+    }
+  }
+}
+
+pub fn with_container_mapped_propagates_app_error_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let outcome =
+        testcontainer.with_container_mapped(
+          container.new("alpine:3.18")
+            |> container.with_command(["sh", "-c", "sleep 5"]),
+          ContainerErr,
+          fn(_c) { Error(AppLogic("boom")) },
+        )
+      case outcome {
+        Error(AppLogic(msg)) -> msg |> should.equal("boom")
+        _ -> should.equal("expected AppLogic error", "")
+      }
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// start_and_keep forces keep regardless of TESTCONTAINERS_KEEP
+// ---------------------------------------------------------------------------
+
+pub fn start_and_keep_forces_keep_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let name = unique_name("start-and-keep")
+      let c =
+        testcontainer.start_and_keep(
+          container.new("alpine:3.18")
+          |> container.with_name(name)
+          |> container.with_command(["sh", "-c", "sleep 60"]),
+        )
+        |> should.be_ok()
+
+      container.keep(c) |> should.be_true()
+      testcontainer.stop(c) |> should.be_ok()
+      testcontainer.exec(c, ["echo", "still-running"]) |> should.be_ok()
+      testcontainer.force_stop(c) |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// AllOf / AnyOf - composed wait strategies must terminate
+// ---------------------------------------------------------------------------
+
+pub fn wait_all_of_terminates_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("nginx:alpine")
+          |> container.expose_port(port.tcp(80))
+          |> container.wait_for(
+            wait.all_of([wait.port(80), wait.http(80, "/")])
+            |> wait.with_timeout(30_000),
+          ),
+        fn(c) {
+          container.host_port(c, port.tcp(80)) |> should.be_ok()
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+pub fn wait_any_of_terminates_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command([
+            "sh",
+            "-c",
+            "echo any-of-ready && sleep 30",
+          ])
+          |> container.wait_for(
+            wait.any_of([
+              wait.log("any-of-ready"),
+              // This second branch will never succeed, ensuring the first path
+              // really is what completes the wait.
+              wait.command(["test", "-f", "/never"]),
+            ])
+            |> wait.with_timeout(15_000),
+          ),
+        fn(_c) { Ok(Nil) },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Exec stderr split - non-zero command must populate stderr
+// ---------------------------------------------------------------------------
+
+pub fn exec_stderr_split_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      testcontainer.with_container(
+        container.new("alpine:3.18")
+          |> container.with_command(["sh", "-c", "sleep 30"]),
+        fn(c) {
+          let r =
+            testcontainer.exec(c, [
+              "sh",
+              "-c",
+              "echo on-stdout && echo on-stderr 1>&2 && exit 3",
+            ])
+            |> should.be_ok()
+          r.exit_code |> should.equal(3)
+          string.contains(r.stdout, "on-stdout") |> should.be_true()
+          string.contains(r.stderr, "on-stderr") |> should.be_true()
+          Ok(Nil)
+        },
+      )
+      |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Stack - two containers on a shared network, cleanup ordering
+// ---------------------------------------------------------------------------
+
+pub fn with_stack_pings_across_containers_test() {
+  case integration_enabled() {
+    False -> Nil
+    True -> {
+      let stack_network = unique_name("tc-stack-test-net")
+      let stack_server = unique_name("tc-stack-server")
+      let outcome =
+        testcontainer.with_stack(
+          testcontainer.stack(stack_network, fn(net) { Ok(net) }),
+          fn(net) {
+            testcontainer.with_container(
+              container.new("alpine:3.18")
+                |> container.with_name(stack_server)
+                |> container.on_network(network.name(net))
+                |> container.with_command(["sh", "-c", "sleep 30"]),
+              fn(_server) {
+                testcontainer.with_container(
+                  container.new("alpine:3.18")
+                    |> container.on_network(network.name(net))
+                    |> container.with_command(["sh", "-c", "sleep 30"]),
+                  fn(client) {
+                    let r =
+                      testcontainer.exec(client, [
+                        "ping", "-c", "1", stack_server,
+                      ])
+                      |> should.be_ok()
+                    r.exit_code |> should.equal(0)
+                    Ok(Nil)
+                  },
+                )
+              },
+            )
+          },
+        )
+      outcome |> should.be_ok()
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+@external(erlang, "file", "write_file")
+fn write_host_file(path: String, content: String) -> Result(Nil, String)
+
+@external(erlang, "erlang", "unique_integer")
+fn unique_integer() -> Int
+
+fn unique_name(prefix: String) -> String {
+  prefix <> "-" <> int.to_string(unique_integer())
+}
+
+fn assert_name_reusable(
+  name: String,
+  remaining_ms: Int,
+) -> Result(Nil, error.Error) {
+  let reuse_attempt =
+    testcontainer.with_container(
+      container.new("alpine:3.18")
+        |> container.with_name(name)
+        |> container.with_command(["sh", "-c", "sleep 1"]),
+      fn(_c) { Ok(Nil) },
+    )
+
+  case reuse_attempt {
+    Ok(Nil) -> Ok(Nil)
+    Error(error.ContainerCreateFailed(image, reason)) ->
+      case remaining_ms > 0 && string.contains(reason, "already in use") {
+        True -> {
+          process.sleep(500)
+          assert_name_reusable(name, remaining_ms - 500)
+        }
+        False -> Error(error.ContainerCreateFailed(image, reason))
+      }
+    Error(e) -> Error(e)
+  }
+}
diff --git a/test/testcontainer_core_test.gleam b/test/testcontainer_core_test.gleam
new file mode 100644
index 0000000..ce7878c
--- /dev/null
+++ b/test/testcontainer_core_test.gleam
@@ -0,0 +1,348 @@
+import cowl
+import gleam/string
+import gleeunit/should
+import testcontainer/port
+import testcontainer/wait
+
+pub fn port_number_test() {
+  let p = port.tcp(5432)
+  port.number(p) |> should.equal(5432)
+  port.protocol(p) |> should.equal("tcp")
+}
+
+pub fn port_udp_test() {
+  let p = port.udp(53)
+  port.number(p) |> should.equal(53)
+  port.protocol(p) |> should.equal("udp")
+}
+
+pub fn wait_describe_log_test() {
+  let s = wait.log("ready")
+  let d = wait.describe(s)
+  string.contains(d, "log(ready") |> should.be_true()
+}
+
+pub fn wait_describe_http_test() {
+  let s = wait.http(8080, "/health")
+  let d = wait.describe(s)
+  string.contains(d, "http(8080") |> should.be_true()
+}
+
+pub fn wait_describe_port_test() {
+  let s = wait.port(6379)
+  let d = wait.describe(s)
+  string.contains(d, "port(6379") |> should.be_true()
+}
+
+pub fn wait_timeout_test() {
+  let s = wait.log("ready") |> wait.with_timeout(5000)
+  wait.timeout_ms(s) |> should.equal(5000)
+}
+
+pub fn wait_poll_interval_test() {
+  let s = wait.log("ready") |> wait.with_poll_interval(500)
+  wait.poll_interval_ms(s) |> should.equal(500)
+}
+
+pub fn wait_all_of_describe_test() {
+  let s = wait.all_of([wait.log("ready"), wait.port(5432)])
+  let d = wait.describe(s)
+  string.contains(d, "all_of") |> should.be_true()
+}
+
+pub fn wait_any_of_describe_test() {
+  let s = wait.any_of([wait.log("ready"), wait.http(8080, "/health")])
+  let d = wait.describe(s)
+  string.contains(d, "any_of") |> should.be_true()
+}
+
+// ---------------------------------------------------------------------------
+// ExecResult helpers
+// ---------------------------------------------------------------------------
+
+import testcontainer/exec
+
+pub fn exec_result_succeeded_test() {
+  let r = exec.ExecResult(0, "ok\n", "")
+  exec.succeeded(r) |> should.be_true()
+}
+
+pub fn exec_result_failed_test() {
+  let r = exec.ExecResult(1, "", "error\n")
+  exec.succeeded(r) |> should.be_false()
+}
+
+pub fn exec_result_output_test() {
+  let r = exec.ExecResult(0, "out", "err")
+  exec.output(r) |> should.equal("outerr")
+}
+
+// ---------------------------------------------------------------------------
+// ImageRef parsing
+// ---------------------------------------------------------------------------
+
+import testcontainer/internal/image_ref
+
+pub fn image_ref_simple_test() {
+  let ref = image_ref.parse("alpine:3.18")
+  ref.name |> should.equal("alpine")
+  ref.tag |> should.equal("3.18")
+}
+
+pub fn image_ref_no_tag_test() {
+  let ref = image_ref.parse("alpine")
+  ref.name |> should.equal("alpine")
+  ref.tag |> should.equal("latest")
+}
+
+pub fn image_ref_registry_with_port_test() {
+  // registry:5000/org/image:tag - the "5000" should NOT be taken as tag
+  let ref = image_ref.parse("registry.io:5000/postgres:16")
+  ref.name |> should.equal("registry.io:5000/postgres")
+  ref.tag |> should.equal("16")
+}
+
+pub fn image_ref_no_tag_with_registry_test() {
+  let ref = image_ref.parse("registry.io:5000/postgres")
+  ref.tag |> should.equal("latest")
+}
+
+// ---------------------------------------------------------------------------
+// Docker transport
+// ---------------------------------------------------------------------------
+
+import testcontainer/internal/docker
+
+pub fn docker_transport_chunked_response_test() {
+  let raw =
+    "HTTP/1.1 201 Created\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\n\r\n"
+    <> "58\r\n{"
+    <> "\"Id\":\"abc\"}"
+    <> "\r\n0\r\n\r\n"
+
+  case docker.parse_response(raw) {
+    Ok(#(201, body)) ->
+      string.contains(body, "\"Id\":\"abc\"") |> should.be_true()
+    Ok(#(_, _)) -> should.equal("unexpected status", "")
+    Error(e) -> should.equal(e, "")
+  }
+}
+
+pub fn docker_transport_plain_response_test() {
+  let raw = "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\nOK"
+  case docker.parse_response(raw) {
+    Ok(#(200, body)) -> body |> should.equal("OK")
+    Ok(#(_, _)) -> should.equal("unexpected status", "")
+    Error(e) -> should.equal(e, "")
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Container.with_keep - used by start_and_keep to force the keep flag
+// ---------------------------------------------------------------------------
+
+import gleam/dict
+import testcontainer/container
+
+pub fn container_with_keep_flips_flag_test() {
+  let c = container.build("id-123", "127.0.0.1", dict.new(), False, 10)
+  container.keep(c) |> should.be_false()
+
+  let kept = container.with_keep(c, True)
+  container.keep(kept) |> should.be_true()
+  container.id(kept) |> should.equal("id-123")
+}
+
+pub fn container_host_default_test() {
+  let c = container.build("id", "127.0.0.1", dict.new(), False, 10)
+  container.host(c) |> should.equal("127.0.0.1")
+}
+
+// ---------------------------------------------------------------------------
+// Wait composition describe
+// ---------------------------------------------------------------------------
+
+pub fn wait_all_of_describe_includes_children_test() {
+  let s = wait.all_of([wait.log("ready"), wait.port(5432)])
+  let d = wait.describe(s)
+  string.contains(d, "log(ready") |> should.be_true()
+  string.contains(d, "port(5432") |> should.be_true()
+}
+
+pub fn wait_any_of_describe_includes_children_test() {
+  let s = wait.any_of([wait.log("a"), wait.http(80, "/healthz")])
+  let d = wait.describe(s)
+  string.contains(d, "log(a") |> should.be_true()
+  string.contains(d, "http(80") |> should.be_true()
+}
+
+pub fn wait_none_describe_test() {
+  wait.none() |> wait.describe |> string.contains("none") |> should.be_true()
+}
+
+// ---------------------------------------------------------------------------
+// Port validated constructors
+// ---------------------------------------------------------------------------
+
+pub fn port_try_tcp_valid_test() {
+  port.try_tcp(5432) |> should.be_ok()
+}
+
+pub fn port_try_tcp_zero_rejected_test() {
+  port.try_tcp(0) |> should.be_error()
+}
+
+pub fn port_try_tcp_above_range_rejected_test() {
+  port.try_tcp(70_000) |> should.be_error()
+}
+
+pub fn port_try_udp_valid_test() {
+  port.try_udp(53) |> should.be_ok()
+}
+
+pub fn port_try_udp_negative_rejected_test() {
+  port.try_udp(-1) |> should.be_error()
+}
+
+// ---------------------------------------------------------------------------
+// Secret redaction - env values must never leak via string.inspect
+// ---------------------------------------------------------------------------
+
+pub fn with_env_does_not_leak_value_in_inspect_test() {
+  let spec =
+    container.new("alpine:3.18")
+    |> container.with_env("DB_PASSWORD", "supersecret-do-not-leak")
+  let inspected = string.inspect(spec)
+  string.contains(inspected, "supersecret-do-not-leak")
+  |> should.be_false()
+}
+
+pub fn with_secret_env_does_not_leak_value_in_inspect_test() {
+  let spec =
+    container.new("alpine:3.18")
+    |> container.with_secret_env(
+      "API_TOKEN",
+      cowl.secret("token-must-stay-redacted"),
+    )
+  let inspected = string.inspect(spec)
+  string.contains(inspected, "token-must-stay-redacted")
+  |> should.be_false()
+}
+
+pub fn with_envs_does_not_leak_values_in_inspect_test() {
+  let spec =
+    container.new("alpine:3.18")
+    |> container.with_envs([
+      #("USER", "app"),
+      #("PASSWORD", "another-leak-canary"),
+    ])
+  let inspected = string.inspect(spec)
+  string.contains(inspected, "another-leak-canary")
+  |> should.be_false()
+}
+
+// ---------------------------------------------------------------------------
+// Wait input clamping
+// ---------------------------------------------------------------------------
+
+pub fn wait_with_timeout_clamps_negative_test() {
+  let s = wait.log("ready") |> wait.with_timeout(-1)
+  wait.timeout_ms(s) |> should.equal(0)
+}
+
+pub fn wait_with_timeout_accepts_zero_test() {
+  let s = wait.log("ready") |> wait.with_timeout(0)
+  wait.timeout_ms(s) |> should.equal(0)
+}
+
+pub fn wait_with_poll_interval_clamps_zero_test() {
+  let s = wait.log("ready") |> wait.with_poll_interval(0)
+  wait.poll_interval_ms(s) |> should.equal(1)
+}
+
+pub fn wait_with_poll_interval_clamps_negative_test() {
+  let s = wait.log("ready") |> wait.with_poll_interval(-5)
+  wait.poll_interval_ms(s) |> should.equal(1)
+}
+
+// ---------------------------------------------------------------------------
+// Pull policy parsing (case-insensitive)
+// ---------------------------------------------------------------------------
+
+import testcontainer/internal/config
+
+pub fn pull_policy_lowercase_test() {
+  config.parse_pull_policy("always") |> should.equal(config.Always)
+  config.parse_pull_policy("never") |> should.equal(config.Never)
+  config.parse_pull_policy("missing") |> should.equal(config.IfMissing)
+}
+
+pub fn pull_policy_uppercase_test() {
+  config.parse_pull_policy("ALWAYS") |> should.equal(config.Always)
+  config.parse_pull_policy("NEVER") |> should.equal(config.Never)
+}
+
+pub fn pull_policy_mixed_case_test() {
+  config.parse_pull_policy("Always") |> should.equal(config.Always)
+  config.parse_pull_policy("Never") |> should.equal(config.Never)
+}
+
+pub fn pull_policy_unknown_falls_back_test() {
+  config.parse_pull_policy("nonsense") |> should.equal(config.IfMissing)
+  config.parse_pull_policy("") |> should.equal(config.IfMissing)
+}
+
+// ---------------------------------------------------------------------------
+// ImageRef edge cases (heuristic documented in image_ref.gleam)
+// ---------------------------------------------------------------------------
+
+pub fn image_ref_bare_host_port_takes_port_as_tag_test() {
+  // Documented edge case: with no `/` segment, the trailing colon-segment
+  // is treated as a tag. To force the registry-port interpretation,
+  // append the image name (see test below).
+  let ref = image_ref.parse("registry:5000")
+  ref.name |> should.equal("registry")
+  ref.tag |> should.equal("5000")
+}
+
+pub fn image_ref_localhost_with_port_test() {
+  let ref = image_ref.parse("localhost:8000/myimg")
+  ref.name |> should.equal("localhost:8000/myimg")
+  ref.tag |> should.equal("latest")
+}
+
+pub fn image_ref_localhost_with_port_and_tag_test() {
+  let ref = image_ref.parse("localhost:8000/myimg:1.2.3")
+  ref.name |> should.equal("localhost:8000/myimg")
+  ref.tag |> should.equal("1.2.3")
+}
+
+// ---------------------------------------------------------------------------
+// Container.stop_timeout_sec accessor
+// ---------------------------------------------------------------------------
+
+pub fn container_carries_stop_timeout_test() {
+  let c = container.build("id", "127.0.0.1", dict.new(), False, 15)
+  container.stop_timeout_sec(c) |> should.equal(15)
+}
+
+pub fn container_with_keep_preserves_stop_timeout_test() {
+  let c =
+    container.build("id", "127.0.0.1", dict.new(), False, 7)
+    |> container.with_keep(True)
+  container.stop_timeout_sec(c) |> should.equal(7)
+}
+
+// ---------------------------------------------------------------------------
+// Public API surface: force_stop must exist and have the expected signature
+// (compile-time check; runtime behaviour is covered by integration tests).
+// ---------------------------------------------------------------------------
+
+import testcontainer
+import testcontainer/error as tc_error
+
+pub fn force_stop_is_public_test() {
+  let _ref: fn(container.Container) -> Result(Nil, tc_error.Error) =
+    testcontainer.force_stop
+  Nil
+}
diff --git a/test/testcontainer_test.gleam b/test/testcontainer_test.gleam
new file mode 100644
index 0000000..902c4da
--- /dev/null
+++ b/test/testcontainer_test.gleam
@@ -0,0 +1,5 @@
+import gleeunit
+
+pub fn main() -> Nil {
+  gleeunit.main()
+}

From ee36cda7b10fa123bfd3ba3990a810c6b98bf2d6 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:41:04 +0200
Subject: [PATCH 07/14] Add dev runner and docs for testcontainer

Add a Gleam dev runner (dev/testcontainer_dev.gleam) with interactive demos covering container lifecycle, logs, exec, wait strategies, port mapping, file copy, formulas, and network examples. Add comprehensive documentation pages (docs/) for configuration, quickstart, formulas, networks & stacks, wait strategies, and troubleshooting to guide usage and debugging. These additions provide examples and reference material to help developers onboard and debug testcontainer usage.
---
 dev/testcontainer_dev.gleam | 399 ++++++++++++++++++++++++++++++++++++
 docs/configuration.md       |  77 +++++++
 docs/formulas.md            | 185 +++++++++++++++++
 docs/networks-and-stacks.md | 108 ++++++++++
 docs/quickstart.md          |  97 +++++++++
 docs/troubleshooting.md     | 111 ++++++++++
 docs/wait-strategies.md     | 108 ++++++++++
 7 files changed, 1085 insertions(+)
 create mode 100644 dev/testcontainer_dev.gleam
 create mode 100644 docs/configuration.md
 create mode 100644 docs/formulas.md
 create mode 100644 docs/networks-and-stacks.md
 create mode 100644 docs/quickstart.md
 create mode 100644 docs/troubleshooting.md
 create mode 100644 docs/wait-strategies.md

diff --git a/dev/testcontainer_dev.gleam b/dev/testcontainer_dev.gleam
new file mode 100644
index 0000000..46b0fce
--- /dev/null
+++ b/dev/testcontainer_dev.gleam
@@ -0,0 +1,399 @@
+import gleam/int
+import gleam/result
+import gleam/string
+
+import testcontainer
+import testcontainer/container
+import testcontainer/error
+import testcontainer/formula
+import testcontainer/network
+import testcontainer/port
+import testcontainer/wait
+
+import woof
+
+// ---------------------------------------------------------------------------
+// Field-builder shorthands for woof 1.6+ FieldValue API
+// ---------------------------------------------------------------------------
+
+fn s(key: String, value: String) -> #(String, woof.FieldValue) {
+  #(key, woof.FString(value))
+}
+
+fn i(key: String, value: Int) -> #(String, woof.FieldValue) {
+  #(key, woof.FInt(value))
+}
+
+// ---------------------------------------------------------------------------
+// Entry point
+// ---------------------------------------------------------------------------
+
+pub fn main() {
+  woof.set_colors(woof.Always)
+  woof.info("━━━ testcontainer dev runner ━━━", [])
+
+  run("1 - alpine: start / logs", demo_alpine_logs)
+  run("2 - alpine: exec", demo_alpine_exec)
+  run("3 - redis:  wait.log + port mapping + mapped_url", demo_redis)
+  run("4 - alpine: wait.command", demo_wait_command)
+  run("5 - nginx:  wait.port + wait.http", demo_nginx_wait)
+  run("6 - alpine: copy_file_to", demo_copy_file_to)
+  run("7 - formula: typed output", demo_formula)
+  run("8 - network: two containers, same bridge", demo_network)
+
+  woof.info("━━━ all demos done ━━━", [])
+}
+
+fn run(label: String, demo: fn() -> Result(Nil, error.Error)) -> Nil {
+  woof.info("─── " <> label <> " ───", [])
+  case demo() {
+    Ok(_) -> woof.info("ok", [])
+    Error(e) -> woof.error("FAILED", [s("reason", describe_error(e))])
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Demo 1 - basic lifecycle + logs
+// ---------------------------------------------------------------------------
+
+fn demo_alpine_logs() -> Result(Nil, error.Error) {
+  testcontainer.with_container(
+    container.new("alpine:3.18")
+      |> container.with_command([
+        "sh",
+        "-c",
+        "echo '=== container alive ===' && sleep 5",
+      ]),
+    fn(c) {
+      woof.info("container up", [
+        s("id", short(container.id(c))),
+        s("host", container.host(c)),
+      ])
+      use logs <- result.try(testcontainer.logs(c))
+      woof.info("logs", [s("output", string.trim(logs))])
+      Ok(Nil)
+    },
+  )
+}
+
+// ---------------------------------------------------------------------------
+// Demo 2 - exec
+// ---------------------------------------------------------------------------
+
+fn demo_alpine_exec() -> Result(Nil, error.Error) {
+  testcontainer.with_container(
+    container.new("alpine:3.18")
+      |> container.with_command(["sh", "-c", "sleep 30"]),
+    fn(c) {
+      use exec_out <- result.try(
+        testcontainer.exec(c, ["sh", "-c", "echo host=$(hostname) && uname -r"]),
+      )
+      woof.info("exec", [
+        i("exit", exec_out.exit_code),
+        s("stdout", string.trim(exec_out.stdout)),
+      ])
+      Ok(Nil)
+    },
+  )
+}
+
+// ---------------------------------------------------------------------------
+// Demo 3 - redis: wait.log + port mapping + mapped_url
+// ---------------------------------------------------------------------------
+
+fn demo_redis() -> Result(Nil, error.Error) {
+  let redis_port = port.tcp(6379)
+  testcontainer.with_container(
+    container.new("redis:7-alpine")
+      |> container.expose_port(redis_port)
+      |> container.wait_for(
+        wait.log("Ready to accept connections")
+        |> wait.with_timeout(30_000),
+      ),
+    fn(c) {
+      use hp <- result.try(container.host_port(c, redis_port))
+      use url <- result.try(container.mapped_url(c, redis_port, "redis"))
+      woof.info("redis ready", [
+        s("id", short(container.id(c))),
+        i("mapped_port", hp),
+        s("url", url),
+      ])
+
+      use logs <- result.try(testcontainer.logs(c))
+      let ready_line =
+        logs
+        |> string.split("\n")
+        |> find_first(fn(l) { string.contains(l, "Ready to accept") })
+      woof.info("readiness log line", [s("line", string.trim(ready_line))])
+
+      Ok(Nil)
+    },
+  )
+}
+
+// ---------------------------------------------------------------------------
+// Demo 4 - wait.command
+// ---------------------------------------------------------------------------
+
+fn demo_wait_command() -> Result(Nil, error.Error) {
+  testcontainer.with_container(
+    container.new("alpine:3.18")
+      |> container.with_command([
+        "sh",
+        "-c",
+        "sleep 1 && touch /tmp/ready && sleep 30",
+      ])
+      |> container.wait_for(
+        wait.command(["test", "-f", "/tmp/ready"])
+        |> wait.with_timeout(15_000)
+        |> wait.with_poll_interval(300),
+      ),
+    fn(c) {
+      woof.info("ready file appeared", [s("id", short(container.id(c)))])
+      Ok(Nil)
+    },
+  )
+}
+
+// ---------------------------------------------------------------------------
+// Demo 5 - nginx: wait.port + wait.http
+// ---------------------------------------------------------------------------
+
+fn demo_nginx_wait() -> Result(Nil, error.Error) {
+  let http_port = port.tcp(80)
+  testcontainer.with_container(
+    container.new("nginx:alpine")
+      |> container.expose_port(http_port)
+      |> container.wait_for(
+        wait.all_of([wait.port(80), wait.http(80, "/")])
+        |> wait.with_timeout(30_000),
+      ),
+    fn(c) {
+      use hp <- result.try(container.host_port(c, http_port))
+      use url <- result.try(container.mapped_url(c, http_port, "http"))
+      woof.info("nginx ready", [
+        s("id", short(container.id(c))),
+        i("host_port", hp),
+        s("url", url),
+      ])
+      Ok(Nil)
+    },
+  )
+}
+
+// ---------------------------------------------------------------------------
+// Demo 6 - copy_file_to
+// ---------------------------------------------------------------------------
+
+fn demo_copy_file_to() -> Result(Nil, error.Error) {
+  let host_path = "/tmp/tc_dev_copy.txt"
+  let content = "hello from the host - copy_file_to works!"
+  let _ = write_file(host_path, content)
+
+  testcontainer.with_container(
+    container.new("alpine:3.18")
+      |> container.with_command(["sh", "-c", "sleep 30"]),
+    fn(c) {
+      use _ <- result.try(testcontainer.copy_file_to(
+        c,
+        host_path,
+        "/tmp/copied.txt",
+      ))
+      woof.info("file copied to container", [
+        s("host", host_path),
+        s("container", "/tmp/copied.txt"),
+      ])
+
+      use exec_out <- result.try(
+        testcontainer.exec(c, ["cat", "/tmp/copied.txt"]),
+      )
+      woof.info("file contents verified", [
+        s("content", string.trim(exec_out.stdout)),
+      ])
+
+      Ok(Nil)
+    },
+  )
+}
+
+// ---------------------------------------------------------------------------
+// Demo 7 - Formula(output): typed extraction
+// ---------------------------------------------------------------------------
+
+// A minimal inline formula that starts nginx and returns a typed record.
+type NginxInfo {
+  NginxInfo(id: String, host: String, http_port: Int, base_url: String)
+}
+
+fn nginx_formula() -> formula.Formula(NginxInfo) {
+  let p = port.tcp(80)
+  formula.new(
+    container.new("nginx:alpine")
+      |> container.expose_port(p)
+      |> container.wait_for(
+        wait.all_of([wait.port(80), wait.http(80, "/")])
+        |> wait.with_timeout(30_000),
+      ),
+    fn(c) {
+      use hp <- result.try(container.host_port(c, p))
+      use url <- result.try(container.mapped_url(c, p, "http"))
+      Ok(NginxInfo(
+        id: short(container.id(c)),
+        host: container.host(c),
+        http_port: hp,
+        base_url: url,
+      ))
+    },
+  )
+}
+
+fn demo_formula() -> Result(Nil, error.Error) {
+  testcontainer.with_formula(nginx_formula(), fn(info) {
+    woof.info("nginx formula output", [
+      s("id", info.id),
+      s("host", info.host),
+      i("port", info.http_port),
+      s("base_url", info.base_url),
+    ])
+    Ok(Nil)
+  })
+}
+
+// ---------------------------------------------------------------------------
+// Demo 8 - Network: two containers on the same bridge, ping each other
+// ---------------------------------------------------------------------------
+
+fn demo_network() -> Result(Nil, error.Error) {
+  use net <- result.try(
+    network.with_network("tc-dev-net", fn(net) {
+      woof.info("network created", [
+        s("id", short(network.id(net))),
+        s("name", network.name(net)),
+      ])
+
+      // Start a named "server" container on the network.
+      use _ <- result.try(
+        testcontainer.with_container(
+          container.new("alpine:3.18")
+            |> container.with_name("tc-dev-server")
+            |> container.on_network(network.name(net))
+            |> container.with_command(["sh", "-c", "sleep 30"]),
+          fn(server) {
+            woof.info("server container up", [
+              s("id", short(container.id(server))),
+              s("name", "tc-dev-server"),
+            ])
+
+            // Start a "client" container on the same network and ping the server.
+            testcontainer.with_container(
+              container.new("alpine:3.18")
+                |> container.on_network(network.name(net))
+                |> container.with_command(["sh", "-c", "sleep 30"]),
+              fn(client) {
+                woof.info("client container up", [
+                  s("id", short(container.id(client))),
+                ])
+
+                use ping_out <- result.try(
+                  testcontainer.exec(client, [
+                    "ping", "-c", "2", "tc-dev-server",
+                  ]),
+                )
+                woof.info("ping result", [
+                  i("exit", ping_out.exit_code),
+                  s(
+                    "summary",
+                    ping_out.stdout
+                      |> string.split("\n")
+                      |> find_last
+                      |> string.trim,
+                  ),
+                ])
+                Ok(Nil)
+              },
+            )
+          },
+        ),
+      )
+
+      Ok(net)
+    }),
+  )
+
+  woof.info("network removed", [s("name", network.name(net))])
+  Ok(Nil)
+}
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+fn short(id: String) -> String {
+  string.slice(id, 0, 12)
+}
+
+fn find_first(lst: List(String), pred: fn(String) -> Bool) -> String {
+  case lst {
+    [] -> ""
+    [h, ..rest] ->
+      case pred(h) {
+        True -> h
+        False -> find_first(rest, pred)
+      }
+  }
+}
+
+fn find_last(lst: List(String)) -> String {
+  case lst {
+    [] -> ""
+    [x] -> x
+    [_, ..rest] -> find_last(rest)
+  }
+}
+
+@external(erlang, "file", "write_file")
+fn write_file(path: String, content: String) -> Result(Nil, String)
+
+fn describe_error(e: error.Error) -> String {
+  case e {
+    error.DockerUnavailable(path, reason) ->
+      "docker unavailable [" <> path <> "]: " <> reason
+    error.ImagePullFailed(image, reason) ->
+      "pull failed [" <> image <> "]: " <> reason
+    error.ContainerCreateFailed(image, reason) ->
+      "create failed [" <> image <> "]: " <> reason
+    error.ContainerStartFailed(id, reason) ->
+      "start failed [" <> short(id) <> "]: " <> reason
+    error.ContainerStopFailed(id, reason) ->
+      "stop failed [" <> short(id) <> "]: " <> reason
+    error.WaitTimedOut(strategy, ms) ->
+      "wait timed out [" <> strategy <> "] after " <> int.to_string(ms) <> "ms"
+    error.WaitFailed(strategy, reason) ->
+      "wait failed [" <> strategy <> "]: " <> reason
+    error.ExecFailed(id, cmd, exit_code, stderr) ->
+      "exec failed ["
+      <> short(id)
+      <> "] cmd="
+      <> string.join(cmd, " ")
+      <> " exit="
+      <> int.to_string(exit_code)
+      <> " stderr="
+      <> stderr
+    error.PortNotMapped(p) -> "port " <> int.to_string(p) <> " not mapped"
+    error.FileCopyFailed(path, reason) ->
+      "file copy failed [" <> path <> "]: " <> reason
+    error.PortMappingParseFailed(id, reason) ->
+      "port mapping parse failed [" <> short(id) <> "]: " <> reason
+    error.DockerApiError(method, path, status, body) ->
+      "docker api "
+      <> method
+      <> " "
+      <> path
+      <> " → "
+      <> int.to_string(status)
+      <> ": "
+      <> body
+    error.InvalidImageRef(raw) -> "invalid image ref: " <> raw
+    error.InvalidPort(n) -> "invalid port: " <> int.to_string(n)
+  }
+}
diff --git a/docs/configuration.md b/docs/configuration.md
new file mode 100644
index 0000000..636ce02
--- /dev/null
+++ b/docs/configuration.md
@@ -0,0 +1,77 @@
+# Configuration
+
+All knobs are environment variables. They are read once per
+`testcontainer.start/1` call and need no setup code in your tests.
+
+## `DOCKER_HOST`
+
+How `testcontainer` reaches the daemon.
+
+| Value                          | Behaviour                          |
+|--------------------------------|------------------------------------|
+| _(unset)_                      | `unix:///var/run/docker.sock`      |
+| `unix:///path/to/docker.sock`  | Unix domain socket at that path    |
+| `tcp://host:port`              | Plain TCP HTTP/1.1 (no TLS)        |
+
+For Docker Desktop on macOS (Colima, Rancher Desktop, OrbStack…) the
+default Unix path usually works because Docker Desktop forwards a
+Unix socket into your $HOME. If your setup is non-standard,
+point `DOCKER_HOST` at the socket file directly.
+
+For remote CI runners hosting Docker on a TCP endpoint, use the
+`tcp://...` form. TLS is not handled in 0.1 - terminate it upstream
+or stick with Unix sockets.
+
+## `TESTCONTAINERS_KEEP`
+
+`true` to leave the container running for inspection after the test
+finishes (useful when something is failing and you want to `docker
+logs` / `docker exec` it). `false` (default) means stop+remove on
+test exit.
+
+## `TESTCONTAINERS_PULL_POLICY`
+
+When `start/1` should pull the image:
+
+- `missing` (default) - pull only if not present locally
+- `always` - pull every time
+- `never` - fail with a clear `ImagePullFailed` if missing locally
+  (great for hermetic CI: pre-pull images, then refuse network)
+
+## `TESTCONTAINERS_HOST_OVERRIDE`
+
+Hostname/IP your test runner should use to reach mapped ports.
+Default is `127.0.0.1`, which works for Docker Desktop / Colima /
+plain Linux Docker. Set this when the daemon lives somewhere else
+(remote host, separate VM):
+
+```sh
+export TESTCONTAINERS_HOST_OVERRIDE=ci-docker.internal
+```
+
+`Container.host/1` and `Container.mapped_url/3` will return that
+host instead of `127.0.0.1`.
+
+## `TESTCONTAINERS_REGISTRY_USER` / `TESTCONTAINERS_REGISTRY_PASSWORD`
+
+Credentials sent as `X-Registry-Auth` on `POST /images/create` for
+private images. Both must be set together; the password is wrapped
+in a `cowl.Secret` internally so it doesn't leak through
+`string.inspect` / logs.
+
+```sh
+export TESTCONTAINERS_REGISTRY_USER=ci-bot
+export TESTCONTAINERS_REGISTRY_PASSWORD="$REGISTRY_TOKEN"
+```
+
+If the variables are unset, no auth header is sent and pulls go
+through unauthenticated.
+
+## Secrets
+
+Env vars set on the container via `container.with_env/3` or
+`container.with_envs/2` are wrapped in `cowl.Secret` automatically.
+They never appear in `string.inspect(spec)` and are only revealed
+when serialised to the Docker API at create time. There's a unit
+test (`with_env_does_not_leak_value_in_inspect_test`) that pins this
+behaviour.
diff --git a/docs/formulas.md b/docs/formulas.md
new file mode 100644
index 0000000..3bd3e3f
--- /dev/null
+++ b/docs/formulas.md
@@ -0,0 +1,185 @@
+# Formulas: your container's shipping documents
+
+> _"In dogana non passi col container nudo: passi con i documenti."_
+>
+> _"At customs you don't pass with a naked container: you pass with the
+> paperwork."_
+
+A **Formula** is your container's **bill of lading**: a pre-packaged
+spec, with label, customs declaration and typed receipt. Instead of
+writing env vars, ports, wait strategy and then rebuilding the
+connection URL by hand every time, a formula hands it to you already
+compiled, signed and stamped.
+
+In less romantic terms: a `Formula(output)` pairs a `ContainerSpec`
+with a typed extraction function. When the core starts the container,
+it calls the extractor and returns a value of a specific type (e.g.
+`PostgresContainer` with `connection_url`, `host`, `port`, `database`,
+`username` already filled in) instead of a generic `Container`.
+
+```gleam
+use pg <- testcontainer.with_formula(
+  postgres.new()
+  |> postgres.with_database("myapp_test")
+  |> postgres.with_password("secret")
+  |> postgres.formula(),
+)
+
+// pg.connection_url
+// "postgresql://postgres:secret@127.0.0.1:54321/myapp_test"
+```
+
+## Why call them "formulas"
+
+The term evokes alchemists more than customs offices. The key point is
+that a Formula is **prescriptive**: it says "this is the official
+recipe for serving Postgres reliably". You use it as a base and add
+the overrides you need. All the bureaucracy (right env vars, wait
+strategy that actually works, healthcheck, URL composer) lives inside
+the formula. You sign it.
+
+## Where they live
+
+The core package (`testcontainer`) **knows nothing** about Postgres,
+Redis or Kafka. It only defines the `Formula(output)` type and the
+`with_formula` entry point. The actual formulas live in a separate
+package:
+
+```sh
+gleam add testcontainer_formulas
+```
+
+```gleam
+import testcontainer_formulas/postgres
+import testcontainer_formulas/redis
+```
+
+## The three levels of customization
+
+### Level 1: Builder (common case)
+
+Sensible defaults, override only what changes:
+
+```gleam
+postgres.new()
+|> postgres.with_database("myapp_test")
+|> postgres.with_username("app")
+|> postgres.with_password("secret")
+|> postgres.formula()
+```
+
+### Level 2: Custom image
+
+Swap only the image, keep everything else:
+
+```gleam
+postgres.new()
+|> postgres.with_image("registry.mycompany.com/postgres:hardened-16")
+|> postgres.formula()
+```
+
+### Level 3: No formula
+
+When you're overriding everything, it's more honest to start from
+`container.new`. No formula, no rich type, just `Container`:
+
+```gleam
+let spec =
+  container.new("bitnami/postgresql:16")
+  |> container.expose_port(port.tcp(5432))
+  |> container.with_env("POSTGRESQL_PASSWORD", "secret")
+  |> container.wait_for(wait.port(5432))
+
+use c <- testcontainer.with_container(spec)
+// build the URL yourself
+```
+
+## Writing a formula
+
+A formula is a single Gleam file. The skeleton:
+
+```gleam
+import cowl
+import gleam/option.{type Option, None, Some}
+import gleam/result
+
+import testcontainer/container
+import testcontainer/formula
+import testcontainer/network
+import testcontainer/port
+import testcontainer/wait
+
+pub type FooContainer {
+  FooContainer(container: container.Container, url: String, ...)
+}
+
+pub opaque type FooConfig {
+  FooConfig(image: String, ...)
+}
+
+pub fn new() -> FooConfig { ... }
+pub fn with_version(c: FooConfig, v: String) -> FooConfig { ... }
+// ...other builders...
+
+pub fn formula(c: FooConfig) -> formula.Formula(FooContainer) {
+  let spec =
+    container.new(c.image)
+    |> container.expose_port(port.tcp(c.port))
+    |> container.wait_for(wait.log("ready"))
+
+  formula.new(spec, fn(running) {
+    use p <- result.try(container.host_port(running, port.tcp(c.port)))
+    Ok(FooContainer(
+      container: running,
+      url: "foo://" <> container.host(running) <> ":" <> int.to_string(p),
+    ))
+  })
+}
+```
+
+All you need is `formula.new(spec, extract)`. The core does the rest.
+
+## Available formulas
+
+- `testcontainer_formulas/postgres`
+- `testcontainer_formulas/redis`
+- `testcontainer_formulas/mysql`
+- `testcontainer_formulas/rabbitmq`
+- `testcontainer_formulas/mongo`
+
+## Formula Builder (Astro)
+
+A visual builder lives in `formula-builder/` for composing advanced
+blocks and generating ready-to-paste Gleam snippets.
+
+Main features:
+
+- built-in templates for existing formulas (`postgres`, `redis`,
+  `mysql`, `rabbitmq`, `mongo`)
+- `Custom formula module` block for new services (e.g. Kafka) with
+  configurable import, alias and constructor
+- `Formula` mode (typed output) and `Container` mode (full control)
+- per-block configuration for image, env, labels, wait strategy,
+  script, entrypoint, exposed ports and custom pipeline
+- Docker Hub public image checker (tag existence) with fallback link
+  to the Docker Hub tag page when the API is unreachable from the
+  browser
+- explicit Vim mode (button toggle or `Ctrl+G`), with input
+  protection: `Esc` exits the text field
+
+Local run:
+
+```sh
+cd formula-builder
+npm install
+npm run dev
+```
+
+Static build:
+
+```sh
+npm run build
+```
+
+Coming: kafka, localstack, elasticsearch.
+See the [roadmap](../ROADMAP.md).
diff --git a/docs/networks-and-stacks.md b/docs/networks-and-stacks.md
new file mode 100644
index 0000000..a3bcc03
--- /dev/null
+++ b/docs/networks-and-stacks.md
@@ -0,0 +1,108 @@
+# Networks & Stacks
+
+When two containers need to talk - your app under test plus its
+database, your producer plus its broker - they have to share a
+Docker bridge network. `testcontainer` gives you two primitives:
+**`with_network`** for the simple case and **`Stack`** for the typed
+multi-container case.
+
+## `with_network` - single bridge
+
+```gleam
+import testcontainer
+import testcontainer/container
+import testcontainer/network
+
+use net <- testcontainer.with_network("test-net")
+
+use server <- testcontainer.with_container(
+  container.new("alpine:3.18")
+  |> container.with_name("server")
+  |> container.on_network(network.name(net))
+  |> container.with_command(["sh", "-c", "sleep 30"]),
+)
+
+use client <- testcontainer.with_container(
+  container.new("alpine:3.18")
+  |> container.on_network(network.name(net))
+  |> container.with_command(["sh", "-c", "sleep 30"]),
+)
+
+// "server" is reachable from "client" by name on `net`
+testcontainer.exec(client, ["ping", "-c", "1", "server"])
+```
+
+Cleanup ordering: each `with_container` cleans its container before
+its `use` returns; `with_network` removes the network last.
+
+## `Stack` - typed multi-container
+
+`Stack(output)` adds a typed network builder that survives across
+containers. The recommended pattern is to let the stack provide the
+network and nest `with_container` / `with_formula` calls inside the
+`with_stack` body:
+
+```gleam
+use net <- testcontainer.with_stack(
+  testcontainer.stack("app-test-net", fn(n) { Ok(n) }),
+)
+
+use pg <- testcontainer.with_formula(
+  postgres.new()
+  |> postgres.on_network(net)
+  |> postgres.formula(),
+)
+
+use cache <- testcontainer.with_formula(
+  redis.new()
+  |> redis.on_network(net)
+  |> redis.formula(),
+)
+
+// pg.connection_url, cache.url usable here
+```
+
+## Stack riutilizzabile
+
+Wrap the whole pattern once and call it from every test:
+
+```gleam
+import testcontainer
+import testcontainer/error
+import testcontainer_formulas/postgres
+import testcontainer_formulas/redis
+
+pub fn full_stack(
+  body: fn(postgres.PostgresContainer, redis.RedisContainer)
+    -> Result(a, error.Error),
+) -> Result(a, error.Error) {
+  use net <- testcontainer.with_stack(
+    testcontainer.stack("test-net", fn(n) { Ok(n) }),
+  )
+  use pg <- testcontainer.with_formula(
+    postgres.new() |> postgres.on_network(net) |> postgres.formula(),
+  )
+  use cache <- testcontainer.with_formula(
+    redis.new() |> redis.on_network(net) |> redis.formula(),
+  )
+  body(pg, cache)
+}
+
+pub fn user_signup_test() {
+  use pg, cache <- full_stack()
+  // ...
+}
+```
+
+## ⚠️ Footgun: the typed-output stack
+
+`Stack(output)` is parametric so the build function can return any
+`output`. **Don't return live `Container` handles** from there: those
+are managed by their own `with_container` / `with_formula` guards
+which clean them up before the build function returns. Keep the
+build function returning `Network` (or a static record derived from
+it) and nest the lifecycle inside the `with_stack` body.
+
+If you genuinely need to start something inside `run` and keep it
+alive, call `testcontainer.start/1` directly - and accept that you
+own the manual teardown.
diff --git a/docs/quickstart.md b/docs/quickstart.md
new file mode 100644
index 0000000..e06b55e
--- /dev/null
+++ b/docs/quickstart.md
@@ -0,0 +1,97 @@
+# Quickstart
+
+5-minute tour. By the end of this page, you'll start a real container
+in a test, talk to it, and let `testcontainer` clean it up for you.
+
+## Prerequisites
+
+- Gleam ≥ 1.1
+- A running local Docker daemon (Docker Desktop, Colima, OrbStack,
+  plain `dockerd` on Linux - all fine)
+
+## Install
+
+```sh
+gleam add testcontainer
+```
+
+## Hello, Redis
+
+```gleam
+import gleam/int
+import testcontainer
+import testcontainer/container
+import testcontainer/port
+import testcontainer/wait
+
+pub fn redis_test() {
+  use redis <- testcontainer.with_container(
+    container.new("redis:7-alpine")
+    |> container.expose_port(port.tcp(6379))
+    |> container.wait_for(wait.log("Ready to accept connections")),
+  )
+
+  let assert Ok(host_port) = container.host_port(redis, port.tcp(6379))
+  let _url = "redis://127.0.0.1:" <> int.to_string(host_port)
+  // hand `_url` to your Redis client
+  Ok(Nil)
+}
+```
+
+What just happened:
+
+1. `container.new` builds an immutable spec.
+2. `with_container` pulls the image (if missing), starts the
+   container, polls the wait strategy until it succeeds, then runs
+   your body.
+3. The library spawns a **linked guard process**. If your test
+   panics or the BEAM kills the parent, the guard stops & removes the
+   container. No dangling resources, no Ryuk, no shell scripts.
+4. When your body returns, the container is stopped and removed before
+   `with_container` hands the result back.
+
+## A quick exec
+
+```gleam
+use c <- testcontainer.with_container(
+  container.new("alpine:3.18")
+  |> container.with_command(["sh", "-c", "sleep 30"]),
+)
+
+use result <- result.try(testcontainer.exec(c, ["uname", "-a"]))
+io.println(result.stdout)
+Ok(Nil)
+```
+
+`exec` returns `ExecResult` with `exit_code`, `stdout`, `stderr` -
+stderr is split out for you (Docker streams them multiplexed; the
+library demuxes).
+
+## Custom error types
+
+Most projects already have an `AppError`. Don't fight it:
+
+```gleam
+import testcontainer/error
+
+type AppError {
+  Container(error.Error)
+  AppLogic(String)
+}
+
+use c <- testcontainer.with_container_mapped(
+  spec,
+  fn(e) { Container(e) },
+)
+// body returns Result(_, AppError)
+```
+
+## What's next
+
+- [Wait strategies](wait-strategies.md) - `log`, `port`, `http`,
+  `command`, `health_check`, `all_of`, `any_of`
+- [Formule](formule.md) - typed builders for Postgres, Redis & more
+- [Networks & Stacks](networks-and-stacks.md) - multiple containers
+  on a shared bridge
+- [Configuration](configuration.md) - `DOCKER_HOST`,
+  `TESTCONTAINERS_KEEP`, registry auth
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
new file mode 100644
index 0000000..096f875
--- /dev/null
+++ b/docs/troubleshooting.md
@@ -0,0 +1,111 @@
+# Troubleshooting
+
+Common failure modes and how to read them.
+
+## `DockerUnavailable("/var/run/docker.sock", reason)`
+
+The daemon is not reachable.
+
+- Is Docker actually running? `docker version` from the same shell.
+- On macOS, Docker Desktop forwards a Unix socket to `$HOME`.
+  If your `DOCKER_HOST` is unset, the library defaults to
+  `/var/run/docker.sock`. Symlink or set `DOCKER_HOST` explicitly:
+
+  ```sh
+  export DOCKER_HOST=unix://$HOME/.docker/run/docker.sock
+  ```
+
+- TCP daemons: confirm `tcp://...` URL and that no proxy intercepts.
+
+## `ImagePullFailed(image, "TESTCONTAINERS_PULL_POLICY=never and image not present locally")`
+
+Self-explanatory: with `pull_policy=never`, the image must already be
+in the local cache. Either pre-pull (`docker pull alpine:3.18`) or
+relax the policy.
+
+## `ImagePullFailed(image, reason)` mid-stream
+
+Docker returns HTTP 200 even when an image pull fails halfway -
+auth, network, manifest mismatch. The library scans the streamed
+JSON body for `errorDetail` / `error` and surfaces the first message
+it finds. Common causes:
+
+- Private image without `TESTCONTAINERS_REGISTRY_USER` /
+  `TESTCONTAINERS_REGISTRY_PASSWORD` set.
+- Rate limit (`toomanyrequests`) - log in to Docker Hub.
+- Manifest unknown - typo in tag.
+
+## `ContainerStartFailed`
+
+The container was created but Docker refused to start it. Causes:
+
+- Port already in use (when you set `HostPort` explicitly - the
+  default is dynamic, so this rarely happens).
+- Volume bind path doesn't exist on the host.
+- Image entrypoint crashed immediately.
+
+`docker logs <id>` (use `TESTCONTAINERS_KEEP=true` so the container
+sticks around) usually clarifies.
+
+## `InvalidPort(number)`
+
+The port is outside `1..=65535`.
+
+- `port.try_tcp/1` and `port.try_udp/1` return this immediately.
+- `port.tcp/1` / `port.udp/1` defer validation to startup; `start/1`
+  returns `InvalidPort(number)` before create/start calls continue.
+
+## `WaitTimedOut(strategy, elapsed_ms)`
+
+Your wait strategy didn't succeed within its configured timeout.
+`elapsed_ms` is real wall-clock time. Tactics:
+
+- Bump the timeout: `wait.with_timeout(120_000)`.
+- Add a second probe via `wait.all_of([port, log])` - sometimes the
+  port opens before the app is really ready.
+- Inspect with `TESTCONTAINERS_KEEP=true` and `docker logs <id>` -
+  the log line you're matching may not be exactly what you expect.
+- Health-check images: `wait.health_check()` only terminates if the
+  image has a `HEALTHCHECK` defined.
+
+## `WaitFailed(strategy, reason)`
+
+Same family as `WaitTimedOut`, but the strategy reported a reason
+that's not just "no signal yet" (e.g. HTTP returned a clearly wrong
+status repeatedly). The `reason` field carries the latest probe
+output.
+
+## `ExecFailed(id, cmd, exit_code, stderr)`
+
+The Docker API call to start exec returned an error, OR the exit
+code couldn't be parsed. Note: a non-zero exit from your command is
+**not** an error - you get `Ok(ExecResult(exit_code: N, ...))`.
+`ExecFailed` is reserved for "Docker said no".
+
+## `PortMappingParseFailed(container_id, reason)`
+
+`docker inspect` succeeded, but `NetworkSettings.Ports` was not in the
+expected format. This is treated as a hard error (no silent fallback),
+so mapped-port calls don't fail later with misleading `PortNotMapped`.
+
+## My test passed but a container is still running
+
+This shouldn't happen with `with_container`. If it does:
+
+- Check that you're using `with_container` (or `with_formula`), not
+  bare `start/1`.
+- Check `TESTCONTAINERS_KEEP` is not set to `true` in your shell.
+- The crash-cleanup is **fire-and-forget** by design. If the BEAM
+  itself exits abruptly (kernel-level crash, `kill -9`), pending
+  cleanups don't run. The next `with_container` call with the same
+  `with_name(...)` will conflict - remove manually with
+  `docker rm -f <name>`.
+
+## Docker Desktop is slow on first pull
+
+The very first `with_container` after a reboot can take longer than
+the default 60 s wait timeout while Docker pulls the image and warms
+up. Either:
+
+- Pre-pull images in CI, then run with `pull_policy=never`.
+- Bump the strategy timeout for the initial test.
diff --git a/docs/wait-strategies.md b/docs/wait-strategies.md
new file mode 100644
index 0000000..3dfe412
--- /dev/null
+++ b/docs/wait-strategies.md
@@ -0,0 +1,108 @@
+# Wait strategies
+
+A container is "started" the moment Docker says so, but it's almost
+never **ready** at that point. A wait strategy is what `with_container`
+polls until your container is genuinely usable.
+
+The default for a fresh `container.new(...)` is `wait.none()` - no
+wait. For real services you almost always want a real probe.
+
+## The basics
+
+```gleam
+import testcontainer/wait
+
+container.new("redis:7-alpine")
+|> container.wait_for(wait.log("Ready to accept connections"))
+```
+
+`with_container` starts the container, then polls the strategy at the
+configured interval (default 1 s) until it succeeds or the timeout
+(default 60 s) elapses. On timeout it returns
+`Error(WaitTimedOut(strategy_description, elapsed_ms))` - `elapsed_ms`
+is the actual wall-clock time, not the configured timeout.
+
+## All the strategies
+
+### `wait.none()`
+
+Succeeds immediately. The default.
+
+### `wait.log(message)` / `wait.log_times(message, n)`
+
+Reads the container's combined stdout/stderr stream and counts how
+many times `message` appears. Useful when an image prints a clear
+"ready" line:
+
+```gleam
+wait.log("database system is ready to accept connections")
+wait.log_times("listening on port", 2)
+```
+
+### `wait.port(int)`
+
+TCP-connects to the host-mapped port. The simplest "is it listening?"
+probe.
+
+```gleam
+container.new("nginx:alpine")
+|> container.expose_port(port.tcp(80))
+|> container.wait_for(wait.port(80))
+```
+
+### `wait.http(port, path)` / `wait.http_with_status(port, path, status)`
+
+GETs `path` on the host-mapped port and checks the HTTP status.
+
+```gleam
+wait.http(8080, "/health")
+wait.http_with_status(8080, "/health", 204)
+```
+
+### `wait.health_check()`
+
+Reads `Docker inspect` and waits for `State.Health.Status == "healthy"`.
+The image must define a `HEALTHCHECK` for this to ever terminate.
+
+### `wait.command(cmd)`
+
+Runs a command inside the container via `docker exec` and waits for
+exit 0. Great when no external probe is exposed:
+
+```gleam
+wait.command(["pg_isready", "-U", "postgres"])
+```
+
+### `wait.all_of([...])` / `wait.any_of([...])`
+
+Compose strategies. `all_of` succeeds when every inner strategy
+succeeds (per poll cycle); `any_of` succeeds as soon as one does.
+
+```gleam
+wait.all_of([
+  wait.port(5432),
+  wait.log("database system is ready"),
+])
+```
+
+## Tuning
+
+```gleam
+wait.log("ready")
+|> wait.with_timeout(30_000)
+|> wait.with_poll_interval(500)
+```
+
+Both modifiers return a new `WaitStrategy`. Defaults are 60 s timeout
+and 1 s poll.
+
+## Tips
+
+- Prefer **`log`** when the image prints a clean readiness line - it's
+  the cheapest and most reliable probe.
+- Prefer **`http`** when there's a `/health` endpoint - it actually
+  exercises the server's I/O loop.
+- Use **`all_of`** when both port-open and a log line are independent
+  signals; it catches more flaky-startup bugs than either alone.
+- Use **`command`** for processes that are healthy purely from inside
+  (cron-style daemons, queues without an external port).

From ba13ea8d84511a63cc98ccf2129af84ee412141c Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:41:17 +0200
Subject: [PATCH 08/14] Create test.yml

---
 .github/workflows/test.yml | 41 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .github/workflows/test.yml

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..ef15a46
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,41 @@
+name: test
+
+on:
+  push:
+    branches:
+      - master
+      - main
+  pull_request:
+
+jobs:
+  unit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: erlef/setup-beam@v1
+        with:
+          otp-version: "28"
+          gleam-version: "1.14.0"
+          rebar3-version: "3"
+      - run: gleam deps download
+      - run: gleam test
+      - run: gleam format --check src test
+
+  integration:
+    runs-on: ubuntu-latest
+    needs: unit
+    steps:
+      - uses: actions/checkout@v4
+      - uses: erlef/setup-beam@v1
+        with:
+          otp-version: "28"
+          gleam-version: "1.14.0"
+          rebar3-version: "3"
+      # GitHub-hosted ubuntu runners ship Docker by default; verify it.
+      - name: Verify Docker is available
+        run: docker version
+      - run: gleam deps download
+      - name: Run integration tests
+        env:
+          TESTCONTAINERS_INTEGRATION: "true"
+        run: gleam test

From 25e396c73141d23bc178f46d9faaa6be7d90f468 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:43:03 +0200
Subject: [PATCH 09/14] Create logo.png

---
 assets/img/logo.png | Bin 0 -> 103859 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 assets/img/logo.png

diff --git a/assets/img/logo.png b/assets/img/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..b3fb8404c5a5f801426e8aa60173c9c19b9b02ac
GIT binary patch
literal 103859
zcma&NV|XRqx-J~swmV73#*A%r(6KpV+crB%$DMS?wr9|>ZQJZvU*31^z1CiPopY}5
zN6o87-4Dlu8a1kBq_UzEG6Det7#J9`jI_847#R4+DcBJl%*XGD;?Z|7Fz5oHnx>1U
zf;_;)-j>P8)ZW;P$-~y+FETKGArA*56KgXUGGj9fpq&84MO!BY8PHUKLW5I*MZrPL
z%n~T=<z%MnrKo1&Wo^Q1N+BeO!0!S05MXQOVnpU)Yh&jO@DQN*TQ1<^{IAQ*6l8ys
zxL6BNXeua^iP<}uk#RC{GO<tyB9QSrnVJJs#3lcW`C}wNVd>)H0AOZzcXwxUXJ@i^
zvS4QA<>h5&VPj@vWBj0CboR7!G4f!vbEf=D#6M(+n>m{}0Uca`_I6}{$uu&ycXbh<
zp!mSa{@XHJhkpvUbN(;yKjwki!^nY|m5GJ<e-b-b+Pm00TiX9$SpEtB2cxOUKb1JR
zI@$bfzo`kcnT?sPnVpOC2R-Y*DKhf_{>$foGwUzpKg7EL&Hpdte<A-t{t+7mg?}3K
zZ{q*kYg^lYv&Y#*!tG<?{woOoM-FE-PX{w*6*FghS0@uQ3AYcwDF2?j4{ZQ3Co>}#
zGx3i@fP#&Mjf;_mgOQC}jg<?)$qr!Up=V(Ou(14-TEX5FXzuxcq~-u{u>WuBk9;yU
zaxwb<L;ueR0sf-?hgBcB{QoxTUrb{5Hug>*)_r)v{<pRNf@H+Rl%4F&fi@qQvx<}`
znT&)O7b`Cp7b6=J>)*70MGl}0^f0s06bF8U-T5OcKU8ya{V!DOf1>RF(DOI%-`Z6_
z%JD<RKScf&U4V?Ok%gHC(A359U()^s$eY<&{EhsVq`#5BqGaRxS6Qgr0YBo(_O}Ut
zLz@4>1Soj9nE!_&t^a`jDl{^FQxky6U-7kf`g{D3(o;2a{Kx1YLmQx=xRD+3BjL$Z
zO^lq3TwH+s%zu^S2k>__{$uptT>Q-cODO-}ISY^mI)A9~{D0~BTN)YJ-x&)qGWp9%
z0SX5vds9~vGt<BQ{IK~SsI$Gfi@TANnTW+lvI<a$n41GXro)qro#~_S|DDv`((JEb
z{d?;Ek7Q*2KYQ^XR{z7z|IwE|`2KP2qu+frPUe4h&X2)Ad#{<@N0K^ybk>JCn}UxH
z9t8Zzw*Sa7FfiIg*TfC_;4gRsLeJ#J8QY?cH5_&}*FSq>YYV=}Sr;O4uUHGsa@k+-
z0bA7VG`=-oodk6T=<I2KruekrB(qwrKhahqbC;EK<1>Drb#Rn*5Wt!ArM9($w6>)k
z2jxN6dCF7c710ggFgc<uKQ(uyOe?MM-2B_PpRh`+?5@SX0{A(P-VlgJqN>Ko%>S84
zcchHk9<k~3(PGkNNwrimBEm+7S9{L{brIc*SuGCybN4dEsqE|a1M}Bu?XQ~paeSFt
z>VD@Ypx(s6v2p2Bj0<rZc`#C@!tY%ZERZq7{4r@FPo@&FFK<q79P~+LgXJp1Ch1tf
zYY%a~lw<fvnJG**HmuRN_p`DbB7$-?_lF<nLoDm9d47np62Bk#Ibx>K7fH4#G{y{g
z0}|b*qSePbP{)yZ+RCl2h<P?b?qE3!`-YPgRx{*#PT)DD@@@$TaOnh|mku6CC{C``
zHLBZS1)SDf9*`?BEn!TS0jwYQNO%WnEoU$=l-|D%@DzF!LNG8gFd1<XHIJ;*4$myJ
z1@(<*z2_|FgI3OX0i|OZtFdH@Kq`h6v|!tqu8TlS<FEjk7rg6B*lRK>az&Ega!BwA
z@tBw~-KnA7h9+{Uwp#NH4YNtD1vzb{ZDrP#tv9?D7q@SV2kWIcR3QPBnAZM+O~+r?
zoG+FRPCNXpD>k0ad_y%>%FZsdRjGs;J<|$XaR*2YHKybEwzq$FcXcHX#lLmcz4S0Q
zYqVzi<7Tu^6MHmtEWee0{SIiBSjm2!Z-tCHooNP*HE2*Pv~+e>zbYGeI!T#1HE)g!
zJwGf@%S|wpVkxQ;JUW4tz1mG0`TP4OI1G-gA0%z7AiB!VYVSZpL(}*;cifoX5>}sK
zn;VRC<V481SL|eHCaXF57c}3XdJXQ!k<Kb*t&f5;sG2fCQ+eBskaN?s<FbA})=UIT
z@{8P1j|kKZSB0<GHf7`2t3-8DsLof5iF?jU0=3_mn00%hP*u;LtID(d?oQSZI!(^h
z!8{tk9ZZB4%0Kz|v+os(GT~(seg5`a8sdPXf_uC9tK71PWjO`T!MxL9qRL>=`_S3y
z{aS99pTH9qPMCjd^+8xJiN~5dDlWA<Iu3or5T=}>PRXQ|YlKc@aVR8g(IGP~9vzG}
zr^4qiCZ3*&GvTCWPm!>M>`MGjJ-hTmIZQ;pmnTyTon;@UJW$)Wg%|Jhy_gcfxNo?O
zZ5HxX64R0_&Pz2ULAn;p9n~{RDb0C2q)Ti!kDcpbr)Jc5UTXSo{jqsDv`j}8>Kumj
z*YSO_ct^Ui_p@Ee`|5n_PJRCNc(UY9Q=!Re=PI6EoRKgaXx-$<1zuEZc7cP?644$=
zi^Pdb0P{>KJDq>}b+2#2Kj?SvTd+`sMecJ>XNBL}#iTxTfc^Ge|In~>$IL^@+f@&r
z-*Ja(0ipZdOfJ1ugy>K3F+3K{qIzxCXlqvHENcg+%CQs;l%ZbB9B<On7H<-5K^=oQ
z{~gBghs!EK(UYo~a7b8`UB&W{72Ax{g=XJ^QUUP{8|<{Wt<(L(3ZdM(6@#DirNyqo
zKYlU((vyOvM$h~q(=#uSEZ&kuCaLEOjqn=sMcnk86>Gl#-H6YXhM$o>$0KXv=Fs?R
zqN+h|+mm})Xq5}BzHOC!n=M_FMsmLr4rPn?#t+2Yhv6&|Z_~u?BqJL#;}PXJdg|z1
z2#1<aG}XXnaeo7R*JvVv_FpF4sF#%Xqv^pr!F+EcxC?&gHxu<wAb-O5<Ib#t*R*VB
zAD@H8jErpH0Eq)vi^`10#gwYEDqZ2mxA5rD3Rv0DA;tm+EC2763@YB2s1YV*$51`(
z!>2|(x3n(Dn_arMUsn%N(7NHED69^YoVV5u213w%`KrtxTsOpYx*A0sDS_5!8`dU9
zvDMf4pOFMC>E@)KWHH0jl-8P_I=zrU=*wkbmkRTZNbKrXS9J%eJ55NayEJwkR%AY7
zIm&w5le3A9CULp8m#Z~qId~B~)xH4&$)3}05J?yk<U4Z-;W<i=)0kyG8-%i63xatV
zIHjG=xxO3h2S59^I-2}yJDmJjWRkNLZ)F?qene;T?c<n-!{7K$Jv54XTDg;Rg9J!p
zFOaTHRz9P|kQ)WYg*MV#y_~+H;gCi6WD&r8Pyg9Gr==Y3h-1qXumXc&7-JZdFpDcg
zfSjceL5TVVFN>=6PVqP!t9wY{;<<BR*d((b$H2#FpeK5w-S4i2hHwONCR!zfpW0|k
zPGp=vOB`~b`C*q^VsG=WO0jA}y6i9D>g1|!X@8gMG@<feQUCc({zprFtTjiCV~pI5
zChS<_bx%3~RZw6eF-^2GBkKDhrVTBU)bQO@fYik2Is>d@uFb)MT9O=6JcGvlgS9_5
z7Yn~~*b4$h{YKtIfg|TWem*+i2sb`WZDNUlLR7_!L*qD?9l}xyrz2HsO4P%JD`GJM
z;f1lwLw`YIfWZ`@OhY-K?XqmwX&n%SNchWVO={{;;L=c4K<S2OARYFuFVx*mGJ-d%
z+Rj<e$rZ&Zj+1!0T=ZFxf=q57oLwCe5!D)rkgp4v(|yk6u0ko9K}kDzw>BRQl3T`m
z%)vni<8sQ~|9N(w6l5LZcfgTbAF>!(N^2C5%pamJq>7@7q5!kYIUq%9eKR118CEI*
z5a;j2V_PYomPg96G_)mz;ZEN0Oqd$V{ynuAw`J)9+uenSvG4e`8t07XX9E_1o>e9*
zAE6XSJ={5}?yCqn2OKyBI8QVWqSY65VIT2HXlQIWWHQZzY8iy%+8w9^ENfz5ez7Xf
zJO<!^FQhmXf%hqTN9``o@iwI@5~X7&{7EOa;Vl$Xii?rh`?_oOMrp0V=UOwi=P+w`
zSV<1_vgb3-KMC+R-Nz;x?wq@$1ADpH*j*;S15$O~>TT5c-YB*EmhGpd*4)PZnx~+Z
z4v6T60#^(*ujm_=&90M6RU(n`a1`9juc&q)@0AI_UlG}wRR5!NM!^k=wKPTiVg^P<
zB@^3dl9x!4Em`VF)6E;M>VQxh1rYDxq)cZmD{Zm{V~xPG-yJuHAts}Ea~%@~yG6x@
z>H|~*VQr2#q7x9suJg!aozQk2=%{35Z5YRJYO8}_V8mlkZd34&2@PiybQYaYvJ;mT
z{e6LX{&y_{TzY`J+3qDuB~TqNcb)mLss&Y=KLE}dRT4vB@w@l=G(B6bKjL5gexv;?
zOxJL?sHjohz4LvArlGk#jG9gaE2y|s4jn@tFAyR7Yj*Ta*~`^U>IA8+YIL-2mIu4D
zNfV1lpMI&vDJ3lyI;NqjWuNj14*)ThN~RSi$I~6#;W&1RTLkUPC&Z-%gD+}WSwaZl
zuAiGnGc&=yK<AQ?jps=!yBexuu~0;u2`@v4QlSNrk>SEQGNDpmA2>!$oom&BL5{r0
zmfq0Y_QJK$&L+N5h|Lk(bl4KMf%e+2Wmd<l^mrEhk1oYBnFQ_+V{Zm>p57$uT4?8p
zrGktfzx452{rtni&dl&yg}>J6>5UEcmT@-Bwll}CfqP?v3W1U4WYy5^9KWFHQ}BG3
z)-aTK_yfyx;ThzMhJ)+zA|9SH*I3E9%uwZ`X${!M>gh66=M}V1*OSq-<4MhzF?R!H
z&d)MpHQ9e!<nLDDE2v8~OooEBG*>QN_keB{nw7%c7HG0EKU=?U74p_MSc-sIdS~P9
zWEE74xR!2%NfG(ZA7Tf>V1;R5g&{}FtKad8dd)51^`0k<Hx}UkVXU08{wU7BZ~BT2
z?O3`f&Z%fjP!Zw`BOW5E=u)3y;bAQF3^J)A@>zM;lHPGM+UrSwTRO;H^xA3}IM?;q
zIzlNci&nw+Rtf6y4RnmB3U?#k8!=GqtPFnPw)`mOcVTZ_DBLhlU$H${4Zu^F+V4Px
z6d$y`*c^kHGvj5gRgFERr>K|toivZPl;eZT%XN_Eb+SxX1D72U$8u{e2@?@PWPQ7f
zo6P$eE`es*Hw4fuw^|%tDco(LnIET-8}HtsXZTlY-j<yeO@dYw!qi0B6gSTR)0$B2
z@Y0pTS#rb;2{vb(qvhGBlO^l5`yoj(<tDq+wa)C@O|-CL)`WWLDnCT0z0Aqt04QiO
zh_s*}^}b>;y5C5?8_ZK027Tj1<g2dik<ceZr665Peu0GBJlx3Q(r`xfPs;qvTVO=7
z;=oyx@$KL=S=Q;TH;kW|D2`(}Wx*$%H_yMHj;*eGYJR`gg_AA=ymu3u=9sd8nKb$U
zn&38&ydfxoSxSj(0>tv{O7Qkx@>frAU)FiXx4|7-qfvbgq>8y)cQCB}bFa@%u-aUt
z^h6IH^~tuu^UkH?!u>+$CGjA>0`#myy}Cu4Fwx)dyB`Qt^y_%y;%TnyJU><B>{iGq
z)Zoh`(LJASGEM?#{Bw|hwgCIejta$FBT`1WY)M<?dq(XR3rG1S${EIlLL8|fg{x?s
z;i|<=R$-VScB6Z>w~0(K(Fr>JyLh>nFGl>I2%cI}z2El}3qQefbDxFSATNT%?>l5u
znZfY<V}goL0-@%?QQ#>!ioN^-y8OT5k>^t>c0DK!;tq#=L0=G(H4KU&td0Q0K;f~j
zZ@ABZok1kOhhNyjSeZ_R(``Dy9UE30X<Bpga?(Qu8Wl57=YjlSs=O$5s{F<9gl9E#
znDu<lYXXlfNB|B;Ei``BoZLEyPlbxI3C}^6mo!6GZ@eB`C!K}coiiURxp&F7%3S+&
zoX3L|>L+`j3u4vo%sY)SX#>Sz7IB->#zs2ePm%AM9e!O7XZJCo?~j3&rxUrlptY#=
z##U+}Z->cOBi^FU>%~us?-O?>_vdSm&UIHzqHdxtg9xy*OTP3agsOAh#cJ?!I&M%c
zQ)ePPEmHYIkV*8&$<I5vlSx{pmi4_tuQ_9@P7YXlB_bU#8DfxRncICn0eHVDEmY-e
zhIMZVr1_*lAu$TZJ#aOtm5yZ|(-pW-x;QA+mCS2~Y9w&{9+vlbeIv1RTNT{mEXCqv
z{ki0^uRrC$j9)0>$dAbA4-B`UV&~AE+U$PtH)5AdU?b@hZVrioyFy9&3@P{S#Hmhj
zANCW8Uq1Z6|AhXuqZhUL6Cd3HKR#XiqlV1=B<288<QV-hh=6&a?s@KZy~^fSzMoWa
z&e25%3}gIPU5lg1sO$A!Pm4mV1<U2T?t&%MPwW;!&*|?5q{QtAV9eI<NTVI<AU=(;
z*WtE{jEtAOCcFGB+9Yb}q=<?lD?Vb5h6vRlGOS)psP>aW1mI7zVRZ{Pdt@o0x4Cg4
zua~}uMnb7GB|*W7gSXO~H|_UEtAS>E)ge84DA)?QDjwdI<v_Xc5M3s2HlVC3pMued
ze)5V>=r``Olw#c}4t4FZZ|3X;`t~P-G;gesxSjnKO>tM<Z8RnIM5DSr6Mwo^D00j+
ztXt|AcatX?Ev?cEB3ERtDI?r|00K(X&@&6FOFQU@67a#9F~3<?Ay{yM41Za(JOKR6
z-zheitG&QeEey?Iv;dHZG<j>nHc_Ra`veTRp?mnIt}uG7V2-~#H@LJKi4zhmE!k7(
zD``6SWb@Cs(bQql)$?`Hsk#c_MVOSP6&*COGV#4}f6TsDM5&X<u22<`b~9!DRtp<E
z^JMJa#0re{{gw}uw12S1CR0>5$61!2XcAF>mIcQQh9=J78O(Fn|GcpAifPo*sM7JL
z2XpQw-q+~<bSr#gN?%(yul39`GQTR)!GNxXCfz^pjr;rXyV%)W!$*9oGU3*VLSE+Q
zo`-ep+FF$~a8-_PsU=hLKoNOXIkqMeT*x7KSePLc#?q=~OlOyyh}J&0meG9nC@pqM
zT~Z*+y_@(({iu_pcpsxgW(XVa9YVyk9A6+q<QWNeorc020eXu{vJ0+pnbC%_a>nxK
z$H=q7X3zNDCL%I!5GE%tAQHnJ<H$t?;P|mLDM+Rr$FJ_`Vkb2_nR!pOuEgIK@-Y<J
zQXy`dA8jwUH%7t}$u==>?C*T6lZYFoE!(Nud(;z(TZB;=G;urai^v<9lu4b5HVy22
zQeJ{Yd?0#v>L-P7=S~AdMyk{c4xKsd`D}WH1n|eu%GNu8*rqm2n1-`b?WJAhBH$)t
z2poF8!G?XsmyaOiivTi;yh3p7C)CHu1{e-1>5I6&k2Sj`hlXF=)@}{M6|5~JuXu4z
zHCn^bi8XVGC?jPs1_g~zb6DrTkQH*tnK^uGo)i8_G3B};bM7h>Kut{5z;mFC#Yzn+
z04>5l$lD53Ii4KslI9#36wc`eC8$vGq}2jmDR6VWlqUqPJ)6Aln){rlcdt<+;Lj09
zrhbk&516;aP`|DKKW?C2h;~FM>sWlRxXG`pFJWtWI3u1>1w=fbs#7@{IWkzIUFG~g
zO;ofY+7PqU1FDx@>M{3vGWL#CiTej2?+g-6D)n~VNrs1Ja1m*2)O?nCb!HV!Xk?u0
zqHun9!+*9}r{A;nE~t0y#A-UFG$8IPnY1gcU;bRtI~`Y1zw%jTTg;Jk+8l<4HYCI`
zSuEF!ofmjrf~xmh6RcGm_Cz@|p9yj2cfwxWj#94X7AmQ>agCiO2`F9Fdp#Tm9ZHmi
zHB{~Sl_9Lt@+AN@scj<W;2g_fz#YDPtY;eE#dBE*XPm6UESI%dLT#!TArzd-K%#6%
znIw1{Z5KA7&OnTrAHgb*A0?R2$dK@x)T^s54@5QrTP-H?wcxcfVm1K>GsSK6q%IUL
zB@+y+oh7$QCs;NoGrJ@UBqo--o}Aw^Csrd-57u)eAt%9vU)&*m=XkvT=KJ=!J1AS_
z*Gp0Siy-OSZ)UP45UhX$?9r8!w4#uNG6~tLFMIdo*O-w9#IyqJ?Pz3yQb;v*$79+(
zh<@1U803At%COxV^xFbnCczudae+Gt_oJl&j>-ib1vL*f&WCoq=Q%2&7Yz3Jmj)cY
z*QSr>SFm=+B=pQ-rTR}VU8%My)7}?Eb9|NOlrE_rz?AxR7<f2m&v`3i5-+>R0VP)l
zt3^Q^R!x-jitsEu@hr_~9)NwibpWNXLdYjk1YfKH>IRmY(4JkUA*C})?iNf{+MTRP
z8KUgCf;AbSI|jg(rsJAG54KHE_sw2n&Wy;XYf&!OcmcDs*L{t19QK^3dw$ul8^gg7
zG**J>YQDcR$~Z7uNyYE{<p@eWE)EpiSHf*ZvSRoYo<Q8j3e-@B?0D&10Y_KkM=z>S
z*W`)K6oQsJFubbg_H%v1%Y=ZrRxgebHX|xcp5zXN`ea!VcxHMEipPtf8{C%p6Y4!#
zl4<l2Q+mOC<%2nYTz&D(vel0*hOVI{YB>vwAB{oQO#<;~ScZEXPNyWMBe#c#DaBYF
z?Td{@dknQc1Xc&+m4R0+ek{%DmM0?9PY9H0BnP<uk7>O1{@iU`@lHUu)ZE8{_jsB#
zv9HFHMM83Ux<9Z)%q+8(&)cLcJ#oRugTEB&2%}>wA9$HzNT~Jxpm-=BVpT>-$75n)
zP57xD6_Nbyac9D5>nQxs>hJrR@18Y3=d)*6p5*aDax4C%SR5;GndsO%R;r>MfUpW$
zsyGO^8M<iRhJ6V@N4x<|$h8gYiT<phg6o`nkV*2oYqgT?&tRs7zJjQlFfxYXs4Iv%
zx9B&~o($|9Uc_7;)omYLFf3MbD~KQ`p%(ha<c;>U>Biu1O(efqIA9`NmOq~<%KqHZ
z)NPo~DNF2)LmuyzT3Nnr7F`%Bvs^%GkdiMOvYDOqf1|G_Zolb=h)p4&8F%#nwsxQP
z;W%1pSra-XPNr$NArX@B*=v$?1okPolP^OZB<R8gi$ys9NGiF9;sjrWN-Z+FqADNl
zn$~i8<KWQfhU%yfV2M|w{$Zbdf4KLB7TIfid||FOf<ic(g6S4LSh5&1!bzEd(g-X=
zlnM2fQkghN1wWtP@W&S^EQA8KLaaPY7;1O2FDN@il~VyTWf6sk<Ae@;c9PRjR@TzC
z_+x2PTl8QOI-I7r47FY;Iyz*&PtN+;Jc9CQcq%8B1Mp{xL1NN46RH_P6K(HX-jC}S
zZzygG$Tw2{FIs*V><0V0kw!_c?nc`%YsSHwY-53@CX9GH*zqVV$Mn=?x8LR@gAc}M
zheCULg>z~WA$4ERPxcBg-f0;0zcY=JybWWs$FIHzhT`V>zH2ioR=95U<_L(G`RFo{
z`0a-C-7Y)%9YzjhExFn!EKf9P$l`8=hICSeJ`}<PEU4pUOZXjkf!^+4R^!iS*5>$+
z3ZSRl2;~pqsZG!zty0`7#>ECsd`>^_^<d~Gz!#?fs5YUW3+7f?^-6e|wUajspbF(t
zl-d6F=qCI8hv2Lc+oCREd9o~7uBy6FR#Mhm?z+PIbjc}=Nz$enqZ<l+E+q}GIHdjZ
z1%a8UEU{4bGii;lb9zm8gzZoC*Mfi<i`2*M8XSWC;<QF{eNHF_j6K#pw%Jq%xr50T
z%)@P<%NA0(-gP$I4TysV2H}+j0AD~Z|Bgc&2L{oCK#+o#>G4w|E#*eD3JeZyKfoq%
zV$j^w5+e2*4QFazVxuY1_V9trpi4tyn+kE`HMU+c5X{8MWdXhzKF=SHIQ`PloPr8Y
zKpA;|s{4x&Oa=Aq*91xAVX?ypPD3Y43+!>Bu<!UzUjjsGO8R)^R*R=v9l{dxL>g_D
zdbBC~)A=`^D(sD2EBbTwgAQyKiVX@KhWlqqx3i36P70hQ=Ws<OA|QfY<I+R94)#}Q
z>5;xU%Oico@7yCk?YOZcXz=pb5A^>1oAgy324!`y;o?msNcT%>ybvFU|8638?!z&p
z``kpX)h=wNlrG>_LgJ08qQzp%xNN1wUK@<ZAz*czV*})@dNknoa87(m!jv%16y5Jw
z$ba)DuU^Bn)#DTFO<LvnKJ`7+A*$|qedv1A6^jN2f3*o#wS3a<Q+Y*y{lUJBab}6;
zr#iO{HgH+y?`b3clMQh>vmF)(YfmlAU6GY#7s_Ilt~r8j@=Px69{EGN`+k)hdgc=z
zaUAM4$MM|4X2qkyMJFy)6F!cpvlEX#Ee!#UI5h?tk~=u!5*LAUB9*9N?xJQ8pW}bd
zIsW1Zi3;Sn^-TubMya<dc6o8-I~Z{?f(p&|-$hhr5UD|Jh$8YQAb?jn77HFEELT8F
z^FmiPf1uUZLK3XMlM%{C6HkPNc1=H?G|uYlQ`l%?iN_$zs5B{q9K$whM*0a_XFkK>
z$dooguE-6ao8hqrKPZA0rK$Oq!T9yKr`DOO<P#Dk1Qa1n4pqMgyfd>GWKo#MKHSyR
zGc7RF!2@$>KGWehAH2e0Ja<qc*k!1aL`f3^jW(k`V1w%0w{9nKvtzFw(L{C&jqm>D
z-MgBD`&(r^m)Q%BzrEjT6mtPu8J^p3I!yd`eLATIKKmA<%5Ps{?_QOijuvlBtKSut
zo+fJQ02$9yD+YYy72ai5%oR~wnVJXE*s*ifx=Ot4E4y!$*8G>onO_N)U%h#o9?$Aw
zD#?mdBcBJ-b!5?+>hl`2_ohYeZ3O%~>>k#%T_zT9_Xh4lINw@mmc7u0C(1-U?^s|-
zA3tAHZ_Q`YJU-iJ=TFQ>Y7kP@fWfdrj3@qLoyfMo8ZD<V%G}?If13R?X!eRjiz4Qa
z|3sbVA3d>xsGdv7cS|RrUX9XiUYuGJJT8hMR)9chlE5rl5+mLsFZWY$4$W(GlM}3v
z5GT;N*wOO)JrP9hR-%ORvDYR60i0+sLGZE-d5~Nkpx_3mc3-!E$w=yXI~ygqH>JCN
z-vR)$E|NI_=zh-@3veQ*kik4AmeVDof}_l*C1VNef}00upK(=~D5)5Dhi&I%!c$jv
z?aJXnv4T_6O?$ri5!}BMWYWh$db?vTFtfbRJ!`JsD`t3~2e2G`EN`uPnP){`o}gXv
zuC7lWQ&7^Z6pSrsrFaoS6C}&8r$fI}9xUU1n>tRo+qmv%eP$FA{ysZ47600{K=jyS
z@y1E?py)yV)&>P82;2<_#8vT{uI;=Q2!n)$i0Vt&Nke#4w5V2zXzCSt)l0@KIN9)h
zrgj}+T&6E$;7mD~;P~_45}lI56{yX`xp^2w2`|~)eCxI!ZZG<i9|QVukg8C#`xpMg
zw0d&{w}aMu(FC-CVoPOJq?Qm$yDVeo<;lmsBsVx+I?;lt-xg0B=)teYr{~$<l-a(;
zjmR6AXj-uY{@Y6FnT}#~l=E>;$X=NViwFNSWczFGPgEO8m`2f>D7Oq{1K}S240<mj
z*<|@(lX+wTxIE1eQE(^d`f1d<neTgYlMC^2_M$36@>X@leV;eycd{xqEwioLeI9C|
zg$eC4-aoIiparwOIdjl&q$>soBE~0Sg#(v4W^kVp2(bruLHKn^(1!ZB<fWDbls5yc
zQt#hWQlR~=f`x)hRZ37C`qp0=%3UVO!qKI$BzHy0k&qmdl<gZWCzMR$ebW24gs!kt
z#=_z5S7n=Dy@G}yXPL8&?j0gYpSDPMy*IA7Bw?Q)VmDrF1)tKZoZL)tW8)+Y9-N2I
zJYi_Krj{PPGJb31i-0r=v4nfT(ndrQ1~RJoie^iqc%oxX3au6Y1d)jpYh0WkOcL8q
z;gUYgWF~=BNI7vjzkrhkK!TS;BVki$%lR55Y~b&XXtZ|Ox>r=7E@!O5T5#J5m~F<w
zjE77jeU{@zc;>>~bE`>e%TY%GdYa~r%u%b_?)}ycE{P0^gSL(17h(>NXJTubR6Bt{
z2#uh3Pg&$D*44GEd-52KAu_eQR&=nnUk%>*4g!xkoA+GWEH_)L_CCtBb2v<z3*Wn5
zILh$6llM71D9>L~yN%oEKK?X1&7r~nOrB+Z(|v!oy>h1^U1-sPiv(q3Zhq_lf%_H1
z?@>v^vJc%^)jqHB=z=_H?^-X>C&_DKo$)~CaEjg_M1>SfHi0=m6ap&H0Bm;5wQZQp
z<mK60M8UkC@On#MrkoJIg^6>%14wvnejw(+LKqZqYMw!MvrU4gK;V3H;Gd9}@)OEP
zc;!!BhBL#c;P_)8W3LE$4;syvc-`CFqXDr#VGHb=!wa_5_Fiug<<{mM7_kQ?D(S^R
zAS`MfPg9T^QT8ge`2p@ADYqH|d8~GJUmx~7OjYOt2y;J2Vn3&6oTyu$U-6l~Q%;$9
zKwHXag_f8;OHfFuL1lL{1$N1K7i+|MV%qQMbL0L>`_b)!D%|Evx{{;M84_;edgNHj
zs{oFOyg1q(8fM-&b6ewho{0EPiMN*LgFb@E%FtPR;&p@jP~V<fQ51?}qZ$)aNbE8<
z4s1ercBoG$u^OvJhOSq3#<7TDCp)An#%`FI2jO01#cZzcB_wtIyUX*q`|J4j3oGVA
z+VFT-n=Mbr!uOZk(nm48x@0nLV_C?g++|~;?&AOc7C;O*^EE$FX7qt+Z(62-)Sr|o
z_Ayu~clWd<BMx=nV{PvDY0fCS8oVPyV060Yw4>M96h3KKbwn>?F$y^(r9OSt3D_hu
zJ+s`wmJ<bSX8RjY0e1<j3wMX|iC0Ty9c!xtfgV4kb=qWsv%?Wj#_SSN1&dm-<4X3<
zYE6^4lOuRAYC8K{5|1LVXjrUh`6cZ+)sl)Ar+<Agw4}+STPfiNHi)~P7Pb%$IYAeH
z&GnP^;EdkojzIDKH!8Q+)~u(9uJ7ep=3WbAUc6>Uw{A<$q}MjIY{yTCB8B%F-n{XR
zTLSpD`vOgHs<@zG<sFWVTi>v$;Eg`S_=(Hu<f57xQW2$huDXJ?(YW=|0);9wzdvYP
zaA;?A@7PpO5EL1!ezxJL9roxpq^HY6sPeBww{y^b&rSZ}1~2~am@_joFKq_TXfT6&
z^fm;f#ue+^F1Omd%dgS}0WLUsY|yIQWY#l>$GnzI0Z2x@8<8BYy^atq6fN@z+@z}`
ze4S@F>s~92HW@?*s6vmQ1@Bv)wN4mn2~t?sPPhas&`en7C$eoOpwG$~qY<My_Qz+w
z3(C4ai!6r<Q00l~VHDTFfJDH4DB~@fN6-07*LbyMY|2tr5}_!nth)vD%yNAMHYien
z;1<<{Xw>&5Ehtn<@ZEVPO|esz%Ak;^9l2qy8X)TD!}nNo7J|taS$Jn<WSlAaMZ9gQ
zP(K>D0QhE}D;jX*%-M)L+<vRm=wL_@GMo5ImL`w|Z9juNoEcz#24@{=yNN+HN}d8P
z4+?NRXN#{te`F6CSAjT7^f?jE<61eSz>F>qm`^i0BC2(P(c_QS0Yo$9-uGjryzU}7
zDX$?FeBr8ELu?@u@>{@js|j@ck(8t@U0yp~O~k8ru=SIZgdbm(;hTr!%)Nu%DHj!x
zj5<J82*4Ax>kL}OfvRpqx|so08Ka%BNoJP66V8MGVJahhGaXFcd+L}UGh@<05}!zr
zX!{&j?murZn9h}@CLa%Z`EY#m_M=6f65Foh>!S0D+xpY15Q<~Z)dA`L6l`Y?y8-X;
zC1UR8Q(fms%@y}e!@|4VY~PalV+^`U0-5lfFsw0ROFvNaDP9dh<La)dGwzx6g_fBl
z+`wysf^z5C!)lN5Wr}odATs&@eg|QkDWC7Y`!PIGk#NlmdwB_wDPYGy_>|)dUcv-)
zNFKSXtgR7FU9;%MCQ3QBIqp|{d;&u!rzop}%`!r$^-Ip5N#4>{udU(d0^eeu;VA~y
z(GFx}!p)&!{hbXw!4?}U&?dMAr<<O`R$wYSleZgRLw5K$=#UNh;BUR6pR|MbZKMDe
z6CX?P0xoI1+f4cm7rFO&y<O@?a>_Oi+FP-tq(;o;GtK#B_^ar&h!q)gOWx136DRv7
zofC)3T?*Vb+ZUZ?NtP9gMN8ehq{h)6`FlsswxAbL%%>{jmUh^w#bmKLk*fH#G*3n!
zJK5CS)^fih;5K)KgWof~?E>4{GY7-Oj}i82j@Uw5Du#y)K7<y!7=t}I+Z0E<#dCja
zakD+o{ER&vd%RynO*M4&(;<BsdwoaLG)x>?y2n2hi*d+v*%^kw4kRyxb%|N~4<1xk
z5_M5@k2{KQZ9pNs_EAg{91qbgPkWyb48>k4RtA)^@9vIIU?d3(dQQ3$*NWEP7vR5m
znHso(&fg$vQLq%D8{jkQrKi7}BLJ-?_re{9D9rcjPVs$^z1N-jE*@*{XLPf-OgcSL
z$2OYd({MoXk2S%DJIEyx^WjMKF{bd++QCn04xHpN3yW+j+iOjg-9N4?!a>2gUhnsp
z-lWe0es{s|fzC>=_}xt}&F?X~=xg=JW7r8)f$7XfE69Lslx(+fp7Tk&CQV(Svh^n_
z8PP0i9@k>$dOl+9GdyeDnk`xk2@qCUze#ztBiGesif!C-8K2qB6tA3>$*h!m{y5Af
zG8oualCJG_K^a%ay_ie!;r4J8hhoK)9rMmKR#M}}&?h7|Ho1Z+Ryv+oJ73i9E|%K{
z>WXN_?K`@R(m!}+Lz)~C-Dr)tE;EU!bp?-D8*lS^FPAHY(iZd57-@SIab%ZXmz3<b
z=e{;662vB+yOK7bAavL{5hX9)XbM515w3RSw7FLA0$Pa^L_edEZG2J?bB@Hx&3a}y
z^u|Q>=F%OAwK&G>vyJB{{ZdxY$^3NSS7do{*GGJ-$esRd@>s4c-i_VCA$4=}j#R%N
z1dbyquktAjo-<oHxGLIvg3Qs_Re1}?EEyBeGD~}E3j2D&4q}fAbq!F=_v?f??)Eok
z<*g%KKSr#pS=}z}*{GwlS6jF27p1^j<y^V<)u*5NXK%7V6vpVV<g#dB8NxR#iW-vz
z-VV<9hVs&t?-i?V3)wGM;hnOT9lJuRV_v1HzT{D+?UHyNU`|%7g`rlW1VxKHd21{o
z-OxSJq~YD%4r`okye@NC2RJuNUQnUGAkR_{)V2W`<xYP4M5OP*N>1;-_s(Z|kj)%>
z+tYLw%oS{EvC_+oqLdMu%V%8HXCW=#{yAPe@{S9xP&!rQL>sWnBDSy!%gr_o#)e2D
zYJ>ZEO7SWuJ|WhS;%e6|w3as?Va`CL?$PCyR_Oh61&rjwp~8~MwEEaX+M;T`m2|P>
z&(wqYe4i&1-9Lp}9Dka${tH_KqK@2Y_I#SDms-t&#Ps+y*KsG4`f;l*EV3w#{I;AU
z03NESr)KHf`%8*Ci4b&|j={vsqynCTp#xD^f0vf-wnnhlfdh~IcY5}YaHff_Yv|ej
zj<bqBsD!ev!U}01(#LWpKeby14q=J<JBo~nLBFiY{F1*96A_H18kyCEsuIzeSNO*J
zDZepeib~vqzCdr~5dY2`TKLv<fqD*qb}bIyGNlf`1AZurXn21@dDupSfGfU-OhPt0
z`*r0x7?%TK+H1bf+bP?zzft*n(iJXidWU-pmLB)Zq?Bk!!9a(lG39q2jG~CEAJj(T
zyl9;;pZ!oMaia5$Sz6?|C!g3&&u=t`%)C*|6D6C1@fWQM$8Q)ZDb5I%wJw*z(mW_B
z=~)}&MQ^Z}kk}k>d%Z5o$0_E!e|O3~7AUC_Fmw$YeceVs=XDKA*)t=E1jn5!Pbrzp
zWMHnUZq+T+FJpDy!nj&=owS<~^u!am<FsT%zeD~JYqr5z#G~E|hzu)&L;N(Yh**<K
z7Qrv+2EV`{?$HNM7T&hGd^=lMQspU$?zC;h^923UJ4)TP*<`VWlvC`4GwsGrx0+y3
z3vwZP>BS~r$gsFRyr?ykOC<F^VHvU^KGT#pR8~)-%A0B=5?tBu^mC0=jV8afb$2x1
zMfp{i3iM>i;F=0$KP*T~*mFKy&RXc;)=*B4{Gtpu!qU!nbG#${ZeASogDyRgep**_
znk(a%@Nv5LtoN8MR13szl>QTeWHCIt1ss4like*5b9<2PnJcaNN?6F78gWrv21BZ-
zj0bBAl$`1$xV^o38&S-hi%pLfX33l~gfv_e*gn$!U^eP~XWii^V;?J2ey}g#q}GZq
zsAso(trmm~*?jd5k&f1{0qzBfKzDK@$_UKBfFj4(ji67)`W-Mpszi&$w~G)*cKt`P
zgdxNThTRy*C!tr10<q+C1fC9oljX*8<Qb!je8sEzL}Voe*IV`Kp4XiYM%k)(3Sk;{
z5jZ1kjotKhr%@~w^)=Y@?n2h+-CJwY{VH_AKXKzl$-j32MalVUnj-gQw&P{0NU)m|
z_8x7|DU07TW4zlx1nD%WpMve3f0VSZGV99G5)A@IT`Z$t{CQ(gxkjG<m4B#jCgk;J
za~B%4NZRE~|0b9X7Kf&uGt-f&wqrtyma7rT(5!BT0@Q}>7i76N3cxM0J~-N3PBkSY
zs#>>pR5UZ&6rc||oQrkY!qVUn4Ub$=bv^@rV4U+|8IhA|bigGe&ioN!Jhdvc&qUf9
zMS;+vK5TxUyiyG9$%l>`tl*33Cc-a!B1UAfA%APzG`+M+xK9e~lI<sJ!g^7uWq!GB
zK3|Oyf5$jZ98b?*1Txd%HP{F~p;M=km^pYyu3X?9AbZRH8es$=AIu~&(UtBPBj@nr
zo6xV6AQSZ_1cV%RO@^&GAK~ZOtg_3w5+hw2I%!pcYHT?!<u_-?uG*gVJF7oS-`jR1
z_)!*B8(mESdMx^v_Viq`Z8*>=dR7Y;oE@)keNJ<V9y*jb@CZ+;UFC-3&V~aatAWvw
zJ3K;=k;paQT_t2LL>26jVZPQ>LJoaC%o?C#oJPWhM1K$cB(giCCG({%Vi~6y>#P!C
zRCp?0Zcw_@sQA|;4EH@6rB3DM`F(q^!f#~1Kf$CXj%F!qd(pekTvwxY6ApfE>2oR6
zg;a+*0?LFzZxk^XVQN!SZyg&%pKMJ^$f%WrWsN2jzTJ1iaDp#eQOqaBi*6WnQjXH2
zf`zi+HpMtj12IC(RBpFEXWTXZpipQ{9-b&;iT{o^?IsChMqkBcdD0N>3@$SLgXIQF
zWXfS@9iqIC$Iy{+zwZb}YGPK?n&$}teBmt4!wRsMj!83x_>P`WmvM1lP(c=yN32Y6
z>FEU|qQmstref7*cm|$q%kyA*C}Re)gy^o*kL43-AB*Xil8+GpI3mBoyj1cX`zYq%
ze+xRmuI=MB84w(A#3VJlP=|aG5^4=+g}pjW!fi<i{pqLg1pK^DiONZfBb$}w!zZB3
z@NG&Ie#ge#nVIrW?;op|6M4TTdFm4>JC|j`GH{GP(_zTt=3-=dgp#y;?`EHa%Lys8
z23zwg=n>e_(D)rnHkC<ye^;@)yp_d_33d-ZO0`_3Sa_b+2zHk8L>v*yTXJDK?HPS7
zTX|Xa)XKw<kMH7u`tE|#_Jp2*W<o*gxM&wbY3Q^`(EK#BXg-!4#WdD$vU6)uV&x_S
z6Z*hV?vs(^OH$o_k1Y4n!<QCe_bMcf;C{1Lm9x9>zBAyl8U3E&=84y+8!B&mk5afK
z8gG~H`~){9C8XF46f$?gHOk93%A?J=k{^F+fT4rIrqpwsqelUgVYe&$&QZ&1<QNeL
z;21U=RpfdExO%ZG5bq9y`1e%7)DQSs%e4+akwGnmU4T!AS)MTv5V*zBB97SVXPi6i
z7MPX0%Ex?b-U(xClMF4I;AnY&KmZygxLn>!yF!#Gih4rzKv=Qk+b~yRTQ0mv;<TWR
zrJ<`z-as?w3}N#F@%Cy1Cn|pu665W-cgQ5UPE)sq>91EHgs6=RjrPvG2Ua}Oy^N5q
zNEi@q7tD>;Js>kc=3Y5D&Ruz<R$PxBeQy}zW)<>5OqzZ14DWx{U(^Cjj@%ZURB^I{
z&TnF&i2ei!b2=X{amu6>4uuGxu$;!fB9iDcJsZTYU6lUmHTCj#$H(15otO75*Z)0x
zmUd%c)X3o~AeYSDeaSdz;U6}v?#|A}(KC4rlr5X-q8q66pgDUxJNYcht)>wkm6sh>
zpApuQn$Rx`nl^H&76YkKX~a~^;C??zPz=_itjHz<;&M445>gEk{vm_e0Md|44jVc}
z08OY0rf_f;3{PKz#dYo+o|`&?ZB>WYE(FGtooV2t8odRFc<a>yU;R;ipHMZucV~)U
zp@LKv-4b5ntT{3O0r-nC;-BEJ&E}7Zr#NEy5;yjbuwetN)O7R@Cll%wG~v*bE3{pP
zS_6R^?B|(S&-^64v7=jfDK@qMU`!$LEcMd5L!99)QJ)9+XE@w_Z6eRoFzQrd)lZd+
zUyVkjb7q60ev0)xwsyy!h6`*!Gp)FbU?(klXOKn1^bA&+*V+DB53&+!1*T~vfA%XW
zGsh&4^M3N@7`chvU>2?$4s<ssygo%nm05`qdNtw*%6$!F{5HS*i{6$Qf;FcPhoNlj
z`^*h1sb_URCXGr`%?VHIo<M}P$D?&#%-3Q3$0m@3Ta(^?g!)1mYDXrjWut|D8XwxB
z?Q{0g`KPwGoU8kJ<~kJGV>vJV>5)B}MC4BIHjI`Llq1kUgmLRjWam}Kqe(<!wXlgL
zUjzO5W<B19QQ8^jA=mlhSuH12LTZu6^&j}RxuR#!{jBO~>2v}mkDHT_u}lOPo49Uc
zh&)k#*fLV^pVEgKL~i!ErneqK=UND6+3yJKpH_0Ky?u!1P{!%Fz^Py>EXbsPcoO_{
zl?LQ!a{0;Bm-eg^vL592&J`uvHi<e%-c3WCJqk(bkkSmM(b{xsJF7nLYGOBV`Q_(M
zUvrCNZ%!A;#s1)*!pSV{h6lpRs?*+i?&*D#D!Q|Xh>`*s&k<_0g>j{}PyMu975(_e
z=eB)=+s=%jgqb`kX<}lgHcrXkFP)wmp?yE>i(4$Nw6PS;mHs@1JhS$`wr_oZlZZEV
zjM$A?1Vv|5#mQ3JJEY}8!d|rBCUJ+%r#1V*#e{pW9vzV^Sai&%K2E!zCl+FrjA*-u
zLawCU#~c@4CvYp*C{2@HP%xAUr6234@>xEgqZUrVH;3#;7#GRPodV*E-;p{Cj7afj
zMN4>{?u@$gxfY1P!>DXcrA{+3Ax^}Nwwtzl-V+08ad+r;&?%O{_Ph%+h)~6T)yV$$
z6__5pD=L1$J^G35D**?csODW_$eC$gi(7?r2W1BwWhiZY+wobJpGUgC--IKb#9r5%
zFTa;@;&YBZB^)0QvgZgVaSksrTN?yrGQ3U`U{)Ne1uiKozLILN=j}Xh0L6k4c+aO)
zEl41JP?PPMr3yhQ4lbyH`Ydwt%MIUxPY|#a;m0L{2>lDqkfYlUgo5x}pSB(lt;H9v
zlU?X}{+%P|xo6s`?ae{+{CU#nRUQ)b*MD%~ZC5ozedHoD^H(axo?xbqp(+7k{hyQS
zuT+N~Uijb=3fKo#J5fgt67~r=zD^cLh?@~@x1>$^LVc0eY|AxfGQ7y4v+o23<kMAz
z-IA!0u?%0yv7(ZcsS+&r9leP~)JYeRuC<S_@8h%1-Nb0wHtCGq2WN*quI-RzzUa9#
zX>lAjtWpG-vW=%Lbb8w{(XnyeU_0eG-CIAg-clQX^IB24pc<_#%xYQOT<ya-Q(NN2
zs9wZjLh2aLjF#)z3-heE@1n<xE$7=sK5w$Nw&L1dZ|z3oM)2mstDPWYWAu$rYw<yk
zcM&tX^1tmdE+ULmpSM?cgCMjJ-+<{luDJ!>7q)GdWHtsUx%cpY_nEIk##{Mhz64f(
zlKnf@MhbKb`O!cV*OJLQuU0zymajjZKRyWfJTwVP*qJ6w@WbbN{gO=rgdxzkKc;ft
zov|@2IDv*Suzf8rPQ5brFlLw6_pI3B<@Q-C!Xr+YjnaRiX+?Rm5lbQvnCzHk75Y^{
zU_M4A%dv2Y1QQX2_%WSzz_3F9`ZADGdidQSmUhAi$>z1Ye(wIf-Y<WKIK>_bOc;>e
zhba55ucRpMIW@NMu<ep$DklUfZSp?GqA3osI*n951|EeIo{$(U4a7ngm3M?=L@`bx
zpga)lbEqC(S#OTK=rBoeDG@9B37Xy^`T`dlw==>#>+zu0H9UTDghkEL7=|;fKbcsF
zpNV?nYH~Ydks#y3x^ypZi<HUTzhIM<V~J*3FR7u*d~$L4cA0JJu_xhXH^G|JG@D9%
zGs4O|>cS(iLM^S@|3q22v^HTm<g_vLy@-jbne4!Qx%(kj7*>iIv0;y`OY46Bt%2e6
zToR0Ms1y11#LFrXxxs6uV%7RW*>kBb_FiJhX2o^pN2QkeKx@5wyNypOzSBi}n!;xv
z@y42Oi=Q~!O7H}25^bziTSIbGt5)k-sYf3bglv1x$98NsTH&8yWbQiC_iu8yTFaW8
zcU)n$GP1YUg*xK*yuT)n!NTjiV^@|n%CiZC)A7g|l10753HMIye9bVl?!{psH#%&v
zX~wZcw1K;lAmt4E#6gSJrvPI?BC@bwBevo==BeVy5d>l9Ap48JgqmU6=H-311Ne=2
z!1drUdT_L9KCDy}8zD61<E6iDZ#EV;<E*Gms@YKLX`-q1@`&_ZebI9k$^9S4`#;S^
z-m7lz@dLKr<CeTh1vLzEsTFgnpT5*eJEk;8fWaq`-Gyo*G<16DFgYHGiJR`zPa1e{
zx}zwoU+j&<#Kbh;`!~I(M21la3W?r}`tt5^K}y{KTPdIdQvZm~XRrg{#PUmB&F|;S
zZ|rU1kKC1CaY}uMR3w?R1M9;{(z{Q+!W(}7&e$o_DE2_!kh8PgGvm_p`bK#EeV2Qq
zF4D9zTE?aajlwdeW_j%4E|AOrc9$R<xyi}=50mslIc3!mN8yMFE!}c&1?j@zw6&A!
zu;qw>O8M(5rM~{A)=~8>OcRB+&JWS>3QTaCaW~J$LAoO5JIi?vKJKrJ4W1DKbqZm}
z>P&hzSHqNg`Ly{9i@Lg$5eYT1l^*aHCZiXhNNb(=CV8)^+}9t&NYl8d@E$g-joq0A
zjng*N#}n1NGz)AQJB4KY${V#S80fBB5e5oiGdM;N61Jm5zPW<^tbPk%sEJVQH78AV
zMukD<IBB|>k3fN^i}I?F#k1P>gH;RT;8G?eFn;Isew<|Xi@36q#AteqzTk(of52NB
zUr|2$<n+7&iGrO_lHiu%=+`}Y1jR9+R1Jg_|1$IO&bfT_B)5-hWoih&=MM(}$+ljE
zd+B-@w|Q&R-#9;UT8Oi!FLmEIi_QO!NGqoIFN0j=*Ss-Wy)T63GzA^Npto+d-#;Of
zuA|Vv=uTdnpN|vWOKb;3aR8HAL7~aTp_r-ucDCR|f4EzN?i3CQRFw&vVya9ZA=4N{
z^5CVo*_?Obsc9$#ue&5``<S$tMMAlHO{QaRqJ2sHfU!dFTWr=-T;mD?!UVHZh0$u<
zWVh7KOq`xmG9ZBLdzTfRY6xZE_3(smhT9EqhHYAq%}}t~(aW1P`P4Er8{0mU>tlDk
zm%I{3^GUzV-Ke;Y4PBD_U~PbYRt=Ul%EYH$$~NgT!pZ&`A<nQo?K&*I0?oGoL@<9H
zI(JhoLeK+4_}Sh?*|kT*?F^YjUNW-*W8Uctk#<X|kY0?5;ZwV>AP@7NIzzu9M7-{4
z5m){us&vJS5`w?v)bcNWw~gPEhJ2_?E@x!bp<InB>|wu<Upc9crcc~8bxtOGr_0$p
zP?v7K)Rr3@4A`Jd5{=Y?x4!7}YaA$n2y5$8YbF(!YB+b_Rt!PvpJeiI2p|gboH07S
zg11DBFIx(jWpAakIR05VUBte5d*9MeeOhq5e!S7;cM95@d5@c!fXyOlm5bZBWmdPa
zp?MuOOu~}S-!dDnq8A10rGAioN`}3F!#TLCYiIe@N}oB~PrUrcL?@&5h`MQMKzWY!
z7a->8Dwj-VK+(n*4<Ellv4t!knK^Gd2EmuhJ;&m`VrI3vLh|4N!^pH@SlfWdGw(NM
z_*aiB`Lrpz(Ie#Yxu&1Bl>!>RgD8{s-)j|grVU$yX`KIP0eVXXIDfF-+#ar&0n2ds
zwSF~}$#In+z%St7@m*__-?k#fer<W1$3I`>7H2<6zQuSd>5kyBrrM#0T{hf&>CF_5
z?nnji=LQ&vdEPweMqax)Ezcb=H(yx})?NI60FOX$zw9?D!FBSn=lA82P_CM#IK7lN
zr+X8{0AB#)=s}s(T~C9`oQAh%gTEP_OIGE=gJmg_p|S*zeH4Z7ppbwC^vF#L<svnb
zlB6jnQUqG%=AVe=2t+ArwVKVp4+LAjoY}N%Nu2;nkf8~JJ$Lc!k6-24zkY$q=~1?B
znc<~pdwlVsdFs_ZbE^S~Q5-m<NG~X+W)HLHDvb`Sc7Eb6#A~D`V{)Tn-==d+T=!P^
z#rsGW&hyft6Fl?GIezfz@2Kd|r#W!@zb46s$gJ?Iz<%Jxd}^);0YE%|#5Aw^n0od2
z^)yCrR$=XTf(QP2gEJRw(Na*e+Er2rG^$!hMRgkn%wlLvArqUer#nmR229qdzxrbu
zHN~CRjlyzF6oqu-j92G+9DcRSiL+~r)fKnx40-&dAze-gvKE;RtXa_<vD8ch7#8Pp
z_6ys+r?3w_Urfbf&NaK27k+JOzsZU?w+)v8N~6<0n_u`8BS*i?jn|FxD?hh`8)oZd
zmzIeWFN`!w3sGP=a4P28&#ls_ZRg_HEj9!Rs9F=L50g_=mmOZ-Ij4$+?<*SZ-f$aI
z4CUL%9i6I}2k~c9j=C&2X#Bl<Pk_C4p=~{7SIGx~lu$@kn$ObpT;7Cj0p^5hDHGJU
z6So6XrR#%guiEHQR6&I<lP|E8<2J<UnD|VBWHE7^V5$*O6oL2ZyE)QI6NQn5=YddU
zLR#L!yeW%G$*#H+9aJ%^|CzVH^=>})KYo<<@+JQLfBHC&J$)P%8NTuK65n}tj9wP7
zV{^>A?uF)%qTSA5+@hF3DWWjIbWXvkf2+(%2x`~L4SV0f4fnmDv&ZJS_`~N={WTFY
z?gXBWAinZU007#@=Q8+yvw7X6e%AfhdehaIc7SSkl~ihW#RVFw4P<Bosybx*$BRKF
zJqwL|B1ce#G$w4Hpl1SR8UaYaTw6GFe3chYt}#@F+pZpB-<FUw=UY7Z3Zy3I-Lav*
zTHR*!c_L02g!lfH7r<cGecpF(5MF{O^mN+PvP?Q|0CC#UeM?uEKKdm#9{&or-!jhs
z_Mus(BSmt4sc6TIErO|5;HC2kfBfJQ-K@s(nfH<@Z0jnmkPQ<#dJ$C~ndBBs9^vrF
z#wYr?@ayHKLZLB>U-PpLpp5muc@qfdgcH}W6KCV+;|rqFd`teXEST)e<wB^zw?#Z*
zi<evusU-<=<`q=jK{tk>HiXogwqQUxLX*%|(~<U&EVYinvN;q)C{?iqNP$gg%E62q
zU(S@2uMuTYK@dW92o;13)$8osw3p4}O_&pv%zOX<AOJ~3K~$JUk4$jjrA2PI_Ihr<
z>3Zhpm-ttod7fr8&uTV~nwUiz!_*ao7=lniphbyMrhiDu`9rAH&j{%li5dZ8Y_?$-
z@>+}c$`JthD-ldAVP}zS({?3sW*tOntjJP}98HE%+9u%W(6Z7xNiRxUmK!lh+@_m?
zN-|zN+2@(Vi>$VK?Ay{{-?lnCrYmU4IB}`QT)RuEt7N)@jubL9VmE6J%}Y=hEVR#^
zMuCI<3~rLb;2ijDZ~-e@i|=-sm0=OJr6bI|_&N4$tMc0)+|H!Rh?hGh&1?v?AvW;r
z(LSGlWSK*!Q|4yh#lnUgEO&wPTc{wk3eY$5%du~v5eGJB?#VCMjs`-0l*vy#T$jR>
zDEkW5Sr_ZURPGBYCkmBuiW6ksOu&eXIQa2vOG4zOPyuZ0e@-}y$?WeYgZ3(_+d_pE
z8_Ml=!Pvf>D$n3-+M18Ji_#UF_mA!70|G&a3TxD>RjQT9MG8`D2Ii5VQezO@&1mIP
z#4ChRg-R462$FW}qnX|dr+>nociqju_-7wusA~9ykNhT&JYPrM`ZKWk8i=Z-jZuyt
zGd%G$?B1)`yjjWcsIsx|C|1fW0IrdW3eZ6am@8iZgo;+*m?TX4#6xxHuGkDbyO@<=
zge*fx4O@bXvanyoC5l-HhK`WR5VSKMe}0Mn@*2A~S9r@E)9jwELYmU=8^Tc2H3648
zRno~Rd%mawwT25n7Rz=0>?x<QY(}5AdrOHbmrb_}{&d0xBLkljRG4}3^QdH%Uwiis
zrXs<#;)3i!*|6oAOFfQX=<|o)Z?U`<Fu(a-oSuCT%JlINT;axrC&H9G2PWS{;vl!*
zasF=e`zfnccjuSgo8SBz(0LM+uuh4un-4{a7&VWe*!i=+DU_rG-w`RBRH`_>EXn-6
zxk!S^O*w-kF-nDbkr@h$+C*&ae%ym>!B*YHU4pPl7zV|?WGQr4&_O_>UZYVBF($K>
zg=ya^Bv-$oJU2u>mso8aRtUm~Ah4{$7I=vj9y-LJ==FLGRVsw03)`<lcHeCsiTxI*
zuX+!ipR_psnOC@B$13};gV`NQh9@$%Y==(Epu(DxsA>zP0OLqN%C9R<0Bju27CUX-
zRsD_x4N-}Qt|ccAVo;3{%+jki&YjuY5b?2Ifv}DlnnuqHPrlURzq@Ccd#@d3vKbNg
z4aR7K09w6_gQxmPFwEN6e()rjJ`*l~t%LLf2-J~k`dWG@fnd4(c>hL;i?4u>0lKru
z@Wp4@JsWcKY(&uQTY?L%S!`!4EO$A1zQZ%eJG58(TwD@lbQ>pU-;bi3m+|^@it~Qw
z_Pg@7KMZ8VNj}pqo!KwklI^_yHq^R#(SGhy>!8iQ@fxPny6NyOgMFy4FuWW!_+YwW
zZhIt2hD2rIS`ykp=<cNuW~$+ewgys^odC&wFoE4{D##IvLZNkNiBm70v1X@o5eG3A
zWt7W{jVDrh&7tM^ODQYV(V=UKQY8#6ucC6vO{6g@vCUja6V7daJFUhnt8>qBZsi!?
z`}zwE_m49>)nVUmIC~&tY0C{Fm6}Tx7nCt!IR^l)Kml;mO*geqefRNL`faE62Og|=
zsAwuf*owgfWg@qLGS`Pr2(lg%E6>wt1ia&o8+q65L#S3vcP#<!(nkZuiTRWVpYNha
zce6BlZ5}2oHvelZdvDvh#iD%d**O7o!cX_PFNgI7GWpBZa2NIH7P$;xI6&50<4xB$
zsAWBj1iZQ!b8#u=%v_Jt7dm8V#zZq<-)O-1PG+>LV<>tSb{ZFYYcx@D&t>$LH}Pew
zuyk)u1UOo++;^~UHp(pv3j9)bj!DVdcn!o*I-%Wn>vjjWa?Q?VsaC*ieJ`LyNa6(3
zDA{P>GAnWExY&8I76UYfkf|+}Z7Pl}%#Y(-5Zcpdmq=8)A1vtzDujM7cMhhhfzVyK
zy9P^hFfv+{ReMyLBfbpM7?atGS1Xj=^#aQ&5om3FQ8-_b>uO|In!!kq*39*^w%rM6
zn$P^dOg{Z5oNvCD7mhCzj3k`6`U6N<Ay8J?C`Gh=`*wBe)Tw-yuQ&nl<u89Z3rDu3
z(rMW@26DFDODP)}Kx_^`8Wo#T1f>k43s16X`B5JDsjYnE?VCu?wMbLD3zZSVP?%fI
z`07*3oL+5mZuh;Iuz|{!-F3--7Crg=ki4-@0qdNDM|m~-8hb1^OPx@VASi{*9C`^f
zL(4~qlbC&*o4h*T<>ad|hfZ~AcM@jD1FqRxXL_>2jtMw;bd5^bWw|;I;@Eu<RDIZ1
ziuJlS6;)A6s*%#bT;07j<VzY*7tXr%@^Ag$C7a#axH{K%;(Z0{&49d7!r-PaixY*T
z3(GSr-HCkizu3t%Zi6W-BTfz$z-o9Sb`CsOAsV*qvK5@Y4)mQLAnhS>9~Ji?$!w99
zviSf7x1qA{>CklpN=dR5LWd^WtEh7)p|S_U$O<6I^5QR0wtG^%hB0wIUi-PqQK85>
zr=y!hFGDOpP0!MSMRnR?gKkpC-13`*jT%aXENY?=0>l=sX&u21;0hK1?$wd@iUqC$
z_{5(=U7%`1_M^0q1T_lkXhmdN%q;zY*_|VN<bi3-Vq%NDLR;b*YT^7!%%4BD!h<gg
zotb-?8@<`a|MMJiQ!LGV=Tcg)Uj5kzFG{0w?|kuD{u)T0k$jVh(iXL3Dd+?OO*LL1
zRE7)Z+Pu7&vD7xqPE@#c&j{N$)!8&&ajEtx&oA|<s1EbZefjy73Sr|G+jSQyRZ`0O
zy<8|(tA<Lq=Qeeo3FyaM{+1VlCC!;vzBzloI9?$|OSC*H@>;?nmjg~9rAcZ2E>{Lh
zyUs^m0hHwh>sf_t5}3He92;SBx7Y7NuZ#4%s3eB9B{<h02qMd*V=_9u9<JgmM^ZjP
z%qBdAMV&~qiCE_XzLPS`3vlr?^w#V(#fe}Q+QKscNy)Oz=6Cpm#5gh;RS0MQd`yDM
zV(abiTtY^!Rth0-JO?61oD=iP_W=MPEN1<d<YFAkzuF0@4cQHp#SXIDn^j^MT{_4}
z*yX+V%`lc`^j3Q)ZKH@N#mS339(sO-2cKJo>MR#VZ^u(vTc?v0dFiiVBYQlbk4ZU5
zY7)0$q&RNCGqqlu+VGL`0wAnGZ<$8>6l5_6j)&ZF%_z4|R=8>^Vz{PAGesQx?*}}5
zxJOS7v)tTEp4?I!MutbB-?o=_0^l+*<%dXFwt1*p&I6EvTd))DZpL_Ur0~T#C|ydj
zQ%-T^2NgS6m8GKn=&~^?tOoVYSe1V{M*>Qz+)HnVSlpOW$_}y2e&k;cvE@Qrhqe;6
zIcn+G+DoV-4YX1OS|g-3WSjLM>!ZY2D(>9W!=6KjIC*DLm$xSSJ=FXK)Y2u(6rE40
zSOm~%!O{Z6J&dseKotiS6XM=bxxjNlNM#XDV0n%lSuK|55inxHQ(1pt1zwQ?K+p>&
z?ugPpDVxH%4)(!EmUNM<Z{Ie81QCJhGjs6~hK8y<a9xxBV#hVUF)XwaUO3g}$muq%
zR>HnX#S=?dUU(NavlsJPv%H}EOHnp}6<BB)Xe?KhTfsgeQG&I_8Jxy+`SvPHPz2~C
zX7l0Cqs~6Z&HJmo`Tkk%+S#O$rNsS|e(W;hFf=0g#=$NZ=DM7pypJrX;!9;^a@tOq
zPq8i4C%i`f&cGt`jXH{&_M8#OZ(g_B9T+VOxcs|$eQ)VP9zm_!-dYL1|6dvAiz0Xa
z<y>Oo!hn8r*@y#19C9wn7v<){k0XtX#|wCepyx3V3W0Aoq}a`FZ0|zj@-~|Fisf$H
zFa-<e1}4<!br3o}$6R<i6R)2kX@ZKXpaYCJlf@&QP8*izZEr>8Nz$CjVT?^!imEp1
zWwKI|kwa-JM1{6dh*xHUMJB3JMJpX}_Uyn~ydnhvO10><WL=RrWtAmi-5#3ti;shl
zFiDv1onYtgVVYq^7HCopFQ000;Ao4Z7y9g-j@UaH(LQd7=Z))4@8DGs*hxdIO_r_O
zyd^a3N0i%lB9vq2`2xtb*19|K#VR65IKs@4FR<aj=eg(RD!=-3+qr3DjcmC`oQe~G
z8YH6{WE`2#`0PUqm}r!9llNNmp+Ty{&>XVY4nj9yg(rIbjCz5U3pv{)Qz_-yi$p}Z
zPKP;@m4~K-=O{#FL3ve7Qh5^B&8V_{bTK~J%Ks~B=qbp7ZOi7eMieRX0KCBUo_+t8
z7Xad-JmqI(&kFt$R$XElnli-LFk<cts?=d}3#`194_18ARAUI)v>h5v%M^u=rr10L
zCB~vX<sEwEXbd@;)H!An+v>c%id;AiBVB9mM3FUL^7+z;icp2n#5=Q%7<9Epi7+#N
zU6}$v=#q5uFfBlVAngwoHSMIQJ^N4`zg-kB6PSeAjWx&&%RS-H(PfUDS|x}A-getK
zyEkf9SG%koO;I`^i<*FjD6lyIy^c$4(N2?;AhJmA1S{5{GXb2PHUORdfu*VUi_#{!
z2wBiz{Nj^LzWhaQ+E?K>KfH^5BNdYQwsk}~Z?e`<4dL*Ggg^Su66Y?(oZ9|=y0uB0
z_M17)gtiM>2ZN~TADV7k?Kt477cV%x+3vjb1<-~v67m}_$3>n@WZ?O&f2|XVE^#Ke
z+r79cQl)*-p2N1{YK1&8w+x(a0NS{WMtg`Q)$qwz_H#c5|I-NsT_ujYPE&g=?^uPD
zMr&7CCPJ1Zws+$A6r^4I9P&14#%7j|jKO>zf(RW(?)xsg++;-(5f&X}z8!kpv%Z6s
zB_vRY4p3v0$ixgjVj(I(r+x1m#fLs^&p<%bW&8cg6aZQ}rng4uW6A?C+Wo9G?L$gq
zyU<+*mWtbS+}b;Orp?pOw^&~7a{aC$c5WSIYBWG)32T|KmaY*+75ddF3n!}$h(c7S
zT?#*z_K^SS^Hsfu@vhlYthvxc6eza5dz>bcEJbBKwjcg1<Iys|`m;OOGonc@wJ@14
z#1$%$^%6gJxXb4sUEztBIxNk+gSm}&qr7H{>b5PnXBX18ZI&`cPQZZH2E-4(43E7D
zAcEa2Ua#B#OL$@6krcD!p!j-Ec775y_@#XQ3e9bmVNs+j19O_!>nfBbE(vs@OV{6{
z9nQLhruBbGc><(#semL-irfh=>^(qtc>tE2*unkOHF8lJbYvmCQkF@2auam6!SNw<
zo&e-fLe{s5L?*S$t%O8Sfi*2mYWW4S6uNEHhAAWnP?2?JN@Du}_*w)p-f^f9xqQE0
zkpdvlYB_7KO5~kNc?xS$&MB3qoqS0V9oaCCDB@@XebF2_xx)7nL!%OM-;HBz-_)cU
zg(Qigq80sAIDSD$8<V8bC|dVRx&K~!c`RC9DvBa67?+!(@V01SZ?CfxN~b9tPj;<t
zSUmujUf~`0k8=G?6*IqvBsR}K)PfEJPS5vv<xGpOKC{M8j<;EyeJAHOz1?a8udyaJ
zxy9+mt^y~Q%I(Xg__YKJib_1?e0gQ^6MrM?p^y8cfJcrW0XK$0e4y5U$BPtgONcKs
zRD!73Y?nzK<tHCR2m<$a+37G~PZZ-`M>w|5H@NP(nZ$YHaq`BE#~}~nglkdJ`5N=)
zhbjV<3JeXq&Fni!QKTwY8=xZsm+@K5hkHIs+gyYoM5Ru!YmKVZ@ukz^(~rIWQ4rV=
z<e&uP3Kam#WEWM^Hd%%!r5)Fd8QhDNIvzHPQkHXHg{YuP7${!7)Mw}2Q{1q<&Qx6y
zClJSmKnv}D%8!qAx!A6AY4RFdQ5Yzs)<CsZ93#v>kOjD2g9$DZaM0N{xY<-5O%RV`
z{aTHxj4vOgR!Mo=O`}wMDUt}42zr^}mGfPWo$GPtVvh@peU_Iqh9g**ybBXLN0Sny
zK7<U9l{Bcwm5?X%6f1pT2S{mymycNQG#{}0*V{GuTzGTHjl(Cvz-z2OTdX76lByJ?
z(DqttJp#;Slu-CJ+;sw9o8Sesb6R@#WeQ@GyiEJD@yoz-1A#2V7$HeBBn%42qZ?P2
zrDT~w0`G{^#r+P@ocUB_aZo=c%TkLPTn+<a#c^RqXr)WORFj(#N-Sxv(%LnPardWP
zO@Z;w&0NS^e{fU<t;>rVxIzVhR%*d?S0&3bTiigY5vR{82`ZohB<<nbXa!lqmX|+G
zpy6lVHp9KQPE+f5iTjz0Oj!n?Gs}iQe{7AUwvD;b8*ThQ9EMs0Sz9HC@;Lw~EnHc@
z@U2u9k4B_Ooka$IwQ=0CRM!DoLA5u>uFWBnjetreVzp~{{`d;V&UZLH7Zb-BS5HUm
zpA5M8JS?mkEZ@5i1!1Ya2b_6soZ^yT>^%(HA-TU|-7R7L9Ql|B5JdSGe~scjS8eb1
zWhtLO_ZO6fKxt!ON*n@G`fT0&=YqfsI&w2Zt-lXt9VewJUnc|0_p$y}o=51%DO8KJ
zU@Oe6eQj;^qNQ5?^?_lR1egHcgYTjXN-3yRY%!8@^X1S+&UrDr6A2rrUK{!yXpUH+
z;S<TkKo*m;IQdH&V_BD8!x3~v3IG$Rw)EG;Naj))o&3%dRb1jtRI>s=GE~}U_~dul
zaPn`t{q}J_{KiSDy_hsEv`{q=R=b8TJhsAx)e4uk-AfjYqIF`+K^*~vGG-lY_P?x?
z>^_^V4Ev0wbjril0~&<_VG1CcdbR>tpRH37aRM(KUE%QYWe&gEqY?^xH&@xYd4!n_
zRcdLQ&m3rxMkCg7>6DyAHKZ}*Hh|<qv5PcAWtsC5l)|b`mMSRu{s!l`s8#SKwd?L>
zV1kPI@s^wS1LT@-{r5`iQA+<8H{j2+J}Jw;a@)3~b;}3YXCuWB-2knVq!5>7LuK&v
zKD;*&kjn4N$ruOkb87V5oRY#k92m3C*GxWirJzzp)oS>Lss8+c4gYPJg8C>D+h(Au
zVtY*#H7G7ANXpN&{1}Y3p5o$lMG63AqK;&3qvBqXPrY7tDP{ctsbvcek~OAY{4C9(
zkdM84Bh7A)v}<x090t(p8$SE+5|16p=x@H8g{jx0RBR`=?m}liGtZ>!9wsFSTaxBw
z(?F>_Hd|VPg{JlAa0(AC1SF^c)>e8v^u(*QS}{Y-kh`v_Gcy*lX}m(SUIi7f&=StC
zEVIzqLzcs8Z1PIEiq8+uhQ<^kgXmkm#*&xPV#|*!6$I(alE_~3Wf!!APL3Kp&t@Aq
zci9dph&%?smI|!UGDS|tAY3V#7x~SUo`>ITC3Wn~3}vG^WeCKe5b@T6ww-`N4Pr9e
z2-bC?Qdlw&trVdSh@y%u2J*~M{+!-d;WxgEB=|r^j+?Z$m4e#VKxkJClrtKe%$lY;
zuw=C&j!xd1QFdMV2#1&M?iOuMje^a<`FzT*NC6O3DywPIG16;;ZvKPEsi+3sWt0jS
zy7U5*{nNbV4bxmT0^JLJR2UGT2?EXhTEaJ;oaf<#E&6Jl`O%w@u!_$5wpCZXf$|zq
z#K!+G)7~By`j2vz;zv}1u*Gqz{C$5;1Lzt-)*_UI<7c|;-B{ty+c&X!ShJxj1Y$6v
zNK&C1q<rt?J|<4NICUeEUkex>bKAbSZl0dzwSKw%)q3RXO`U-OE6eRC*iBrj$6??)
z<tcKKEx&&U>s9&S(yKI&ett?IrZ_%t5;G`7ynomWlKgSyo4<6hv$Zi^E(*mYmWSq%
zj<Ti1QH@F!n#~54zz}HX1JD5w*epS1bDshm%PWOI2Wv=*x%L7;T$!?aTq?}NhWVpW
z%9$0;96(Bul``URXfXGEs)2d+^mA}-U^rK#01%@VL<cGT7Bq$^uv>nFU0jtWwC5oR
z8DIDbDhhf3-6QnodoDdxKnc&EYVqt#%N#q`W9I~%y{IiUf=TRTN430wMFMZbu3O}#
zOXEHt*w|hh88b+Z!R3n_5eSDEKK~=OocuaLy2|};n&zE%j<cm1qT|%|pLe#ql9YC0
z`0J-u=;<LAhpw?;1wkqeq*^bHMJccNa~LnmW;Qy~5<zSz6Sr*~WE|WHDn|fCeM4Co
z`seT(?>oe%oJTrmODc0K4DQy~4AbSWa`#?;5phLNl=b_%mv|K61)qb-QhKCH<*beQ
z%WZPiUxW5Mr#q|s(I0<;-P>n4cjheAN1!%@3S2#ZP%;sG$Zr6FxKZW<9W(>%p-w2c
zjcbgMc{?qKBZYu2&0HZk5tmgex%T&m*h~E*$pdI|X{}E!lkTcWW0UeRSa3hYN!qA^
z7=sQ2HpFKb9}U?vqUbLubf~$w67%FsmO^`|7Vy4%Ht_VZ7LQyIw4{Y(tkf)&(mG!-
z)^P^;#IHx1>kTb$s<_2k#ISvBfcvHZx<+N?6gv-nlJVB_{F4vN^1uxvY#>A0F)3Id
zhXy32t_{EU_bo2X_c*=jXGp?kajvmRpHb)|)dL$NkLNo9;Jsk$BKZT1NBG-zsn{wn
z#u|JKs(f(yd@dX&1N{+7hj?K#FoZICa?3kUx{(rk@<*38b;%)ETu0nKD>W)zk0Nr&
zuZrE}n~k&=;L%T_mrv8&GR=u&M=|{lhh91gtyT1ir$A{|TW!w1dX6pQO)8ZLRAvcf
zlhmyzJ?Ibd+=@CR3?m{ZJe0zkommVfBQu$6_zD)i`PAmun(-pm50cB|g2l;lCW@GU
z90FkU(rB_c(#z<!@=a!+sVY50oBNMRQPQWHF0*mGVjp^~!cUH@@YIXT%&lhJw6o5w
zdm1#F5l^4)6KIVIof9nxZA)(P;W>p00=Ib0YXMjCjiySP%-4?R-&rTLa=dHrVe3nu
zBRu~M|NSp+<$ZTdP-}Hay0(FY3T$<ojzXeP_|u11`0jHntk!mOaqLbzR)u9f8rtCZ
zK6yAPzoyePo~|6f3H$+)gVX}Cl=guxH3-em>1O~2-z>f7>-R;lCc%Kpy8JvYAx6p@
zT?u)OfVXCH302nUlwJFSL-9VHf$<hpX5f7zRtJl(zA+gxcZ7-lt9<xlA7S(CEZ1JO
zm2I0ha`DnUfAQ4^`LnP6Ju4!7>%p^}IC+BoS6{`;M~*`>it4wK`Uqs1qe#bw=lnm1
zilQhYib~C4vYr(HIgOYQ1OZxkFMsKNy;+q{zw<2wVZPqPJxE(+tPwGqb+lktqyU&@
zHao?!#Ki5=yH4wuVNFyA6Qla8WTsEE-lP|&JoNMmC(f)fJY40z*Nw7iIAo-*nC}|S
zw*;j^`jrX0MuQ4e>*S>uIbsvX2<%^y4`W~t`8SoV?N`Qr&*w1@9BY86#)gv*qK-ex
zo9-Ustv8QQ@AgRgS#B39F;t_7b|!r4d&_+7M~hsN&77S50C9CRfA}&wsjST?>tJC4
z!7WpfFxcdCogi=uP&tpfl;MC-ax4u#jWYVruRHLs^t=Y<i(&y|lZR}gr2E?ofgDv0
zA_;$4n_J=RXul~2WK#*b$-qGK=n^RVyhKpSxdlyz>bIy54Rhm7H#0mk!p@yDY?&VC
z+H3bBD8BXJLsV)F?tkN5Y@6B0ShK>Z<Hz98v&fU5LEZjKwo`Oaa?W{EDyTpZ(N8jx
zBqa(1Y;RL%2I-J62nYjL6X5Cx2Aa|cgLA92MfgsL7HQ77XR95OxOn9YfQNWEtFmR8
zxV^>I<*Qutdvq%xwP6d@`(3)CnP2Sl?H^v`-1&@K_K&k`w#jf6B+U@X=*1~7o{Q<J
zI^A##O^iel5{8gw#Uj=U&+BeOGV656WmcoN`BfeUwEXb-$HnhypYfC5W~8#rd+y%G
zWZEa~h)XFI0t~Uh(?^$i`1uwOztUlzZJgTvA=<;+$&1}3P%=8{Dr&`zs|*aC9qQj3
zD5oqA@!QVIJQ=hd%Ta*W0H1mG8-6}YH|hkCPq8oT)$%Fa7<J(kD^6iRRjiaTX@Lv|
zj2HWxNi#p9(%U5=;@?!RW?uw#{)DZ%tJR^}KvnBDxh$$GNn-H`P?y4dy*MEZBa{xP
zs)VgG<2>-d+n5|3X6NP&y!|cr^2INGh2Q)1H%ZRl0=w?E7)wlERj68X$dMny;xWGV
z^<&JPKg%7rT*u4DPD8i>RT+XxgGx1`R<ZsC2Kp?%ru~#7P!;!bzl+}}A_fV4Cg8Nd
z#r$hmqySJL6)_j2-@X=%FZ>{1J$~WUhCu}ws$@}vqvuySwYAPq-M5LE(JGNvWU0**
zR7x|~5)PeHbZ2&wugXdl@6gLr{3*1iI2e3c7|R_tFg68<E7JsW?dpFgpmFI1^wLT0
zd0msM8UebOVSq{{V7YBLbaIVDC)T*Il(5z}s5HZj?4Uce4QHs^5Z3URg?p+zFS2f2
zkQbt4uA0re%?qocw4hXJBP*K|ktHQ0RGx!EAe0Mh#BVwsxG<G*frzp;ra&=145kzw
z`sT<&1q0U^xJOfr*Hd<Tfo8#ne<me!#5-s^E!5IQ`+l$G7=A-rbw`L&qF9+ji6IC=
zsYIa)f&ei>KTf3Ak1<J~Pz%*s4IL<|wHi~?Q`~st>lmv2Elb^HTeh1eMNw1`A;+Fz
z_~>`I`r2)5ot@!^eY=_7I6-}Q3=Y3cW>V;Pc>cvB{QVDp$m?&pmNZEruoUFEspg+k
z9u9VS1*KGU?<O_Q*QIozV45pl000=&GX1vSRSe)602Hb+gx133;$w`m#`H{$pS^!0
z8@08A(%2G7gn?$YYxw4KYv{1f{OHZLj5rFR(y#&+$=Pp22PiSF0u0tK{Cw^y4as|c
z^ZafZ94-oih{o~};?62}>}W7i(S#b#E%kZv&=N<_b~wL~FwzXUZnI4(J-(RIuZ*j_
z4UV|XzOl(dtCp_g|5xI|nM&DBpJk9cl?oZ^R5gP<UrwI}8ZxIrJghAHHrysw`R}F0
z==}$;S%foqz5F**nm5N|d@29{AOJ~3K~($zy~bO&@JnmLrodh{{Ng?ZavNH3{C_$}
z2a+Z^>yR>H5l3$ow6>kwL@*{JPEwN0Czjbe540i-t;4g^>5-%<kv2%ywY2rd5`Tzx
zp}f@#Y}ruZt#5lPd-m+++Fe`NF+0UO-u`Aj@##P36JPi{7F&xvchE8nzi{9n=jPW?
ztux5#C8R!rCm~gCjx3G4>kcfLvkvT95w{+76ryyv4gy}m0sti~6}O!eMV0JQ@E%pA
zBWkA2?$#qTheH12KiR^js<D-rDlZ-<6F7J-=KC-7NJjS2Ztg@&Y<UIi&77DfXY}><
zn8|?XwINseCFE*L%23T1kCW}cutu|ckw|)6wQ-1UYWU#`OB_DA#`0Rm)Of(#ZXIFg
z=7t&$Q@-(RizMsQ3db!Uy;yxK)peo2^)HXRA$PEq1wf8;ROvX%W{ukzN~2Vf^iu4m
z@^@AK163#_n;Pw&l@}U?==N8{hp+^na$FEucmW`JE<p)Gh{+=tKK;0GBCZ!`#!_~p
zZ9YS_f#(~v!qVTrfBp&~z$oqN01Rnr90iI{2?K&koiM6Wi!@PSwQrUgk~qdBmR~TZ
zdP5x9X9y~wR&OveI!3)Yj0!@csLI5|1h?LF9bfwDx47e-_i@)fcX7+U?M#m~*tTt!
zPyX50IPuiyk$XQ1BhwU-nKG;bl_hTO3SlY+o4=rRz(ilOP|VB~D*!?juBA!0qz`g_
z6Sp}96$H!%7l{+Y?|kqoc8yg@mizej)Jg=c3}+V;KK0-{IvVBdrg!6^p+t2gs#tGr
zNh{fPZVNVYjn6ubPqFTcPc_Q;)>3ZK=b0)BR7f>jW2lnx+_6<&etCg~<%}JhYutZJ
zm5Jd%HJcSGK|m$Y9J-`fi($346%iX@0D<8RfX)~H<wZJT$AUOkAhA#s$Z4unX%7!<
ze)7%ip|kCOpw_Lmb?9haiL|ZPapkB3va>7*{FGbx?^~-C9e~}vnJh;K#dnIqYNZJS
zCvfwe0l_!L5D`??N5Tlmkj98@mDXMy5M;h7s-O`SB56jewZh3$CwcK;pKEq)<@Q@|
zX2a+(I;^0BkU$B6vO+2&#blYI2QSb`o=WXn&gm?2w!M&K8NDQdwJvFvp|d_4$4A+=
zZ9AK{Ze#1lQGVm<Jp^IEfBE<qxzJw&wW%a&bFKvUw?{g~q#IGbcVa}^8%XKAVg&$!
zUXtEwp^~MPQYv;))Z#^&I_1ur#<_3bDCt6*BJ<4<sEp%teg56o7dX4x;MCR+(jD4@
zHa#ni>pscIPoQ(K*-k``7ECd?J4*XN+{SU_8=^Ey(#yQoMU`Mk=$c2qbfUvudz-xX
z#t|k)Dpa*78$wi=)X<I%KRMZBCE7&4GD;o_%M1*S=7Oc{otLts&u=0d{;_5Q1%UTv
z@nz9~{2oj2dq4xb&E?IWGAa<Sg(<$bKK5?pGT~$S70X3L<(YQE0Uwr?;s)H>P?UUq
zMu36<RH0Fh8cl-G&YuFac^9g;(eftt+o)d0QiMy23M#0fDHhJm@xTAO|AStl=ykfP
zUO~3+*v8JCSJ6u~Gt(Oh!+_RWo9(k334)L)w2Hub`YYr<7)MxRWAch9&{RVEPa~vh
zMz<G}rG2t2ad`k4{WxP}WQ6gtF)ERA34uCCxAr+0lq0bf@fnf69>oeLr8LTzXejGP
zYo(=m#R`BFy&}D~1=cy7ae2C8Z+`UEM=_%KrMFL`mRsP82Yq<x;HfTOer%Cr7y6jy
zBy$^XLrEWRk5eDYHOnB%_u8c7eO{+^yq7qK|2_`u;h$-sL?b>FrfN(c`YiRcPq1aG
z!cV_-np-zV)Le|*fV0~S^)TZTKWx+QBwX5b4_Q#dZw9G0EMcYi#E{Ykc0$aD^KzR#
z*N8gT7)1jU_qBnXdMS{CV>%Z6`AX9vlIKDUR3R!XZ56KE*O_bs=P&+X;MbD&5<sgE
zA#vmP7x%V?{b!6J&D{Mdz!Xe8q9dEn5c)oYV$od~Kywrt!&qW*4Pn(rgIY__7@;rk
zW&X(5c-L))|M{c$a(Lk;zWCKg_{!fsPQ6;;iKh<olLIfXurSZ;)Hn~^e>X}pGF64B
zX-Qsn#on87=0KKUOp2I{P(dXO$+C>p#FqWX*w*0HFeKC(L5P!tZm)|;`mP6NW_=a8
zLNwOoLc7N;3|h>B4gwKOkX56Ik_5P71%Q%pO~oDZZn?R%1C*^FpPK(MTV|@<Fqx7p
zBq$vahME|7_$SLe^YRL$hApFtSGq!GVw7_6_8@|44OJrl#8++w7B&{)FTppr$Q6(0
zvv$03s1Or6LJ?(~M@ZmvyDJR8@>h%;{4Coyt@2wRzKWZsLRjk|X=XWdwXHe}weZTE
z@U^E~%&RHpMsCHZ&@NiRCjJbn&|FC6ML42dsM1nb=X*PcjfK#VlHp$X0!#A@g-5*v
z-@OnRKoqvXp(rXU!SMmQu6*Prp_7Lz{WVG`<1$8H`<%REEj2=%I`k9NX>?Ds>(HN)
zWw5;SewI{9S4Gz6lO`4>gA1L7xoxgaJ&Bxp#yWwUlc*?QDC%?b-jKU*HryC)qh|K-
z;A1C<w_MMe)6cPY&n$0#<Gq|aeTq+h_Ddwa9_{K3di*MkD7O|Y`Kx3ZBt4Ajqm`mL
zG{or0Ftu6@W1t#pbQn>oMAWMxQDCDW-Cm!5KgOhen-AbvfUR=$&(zI~vF+16I`jC@
z*z{&4CK}lDSF8Xa3frW8$zgdB22^MzmCgdA*%H_87(rTHlxQ@Dqvul|e}0jLrG#BG
zRrYR7`GbdIOj|(G9IjKT+x6v53-Bt(hJ}>Rkkcq!DyC@1@2(*b*G0$x5!L>AW)>e}
z{L+umM_P!<P)d>2#^{djrZ#tgv7t-+`p?XA%an$8LY7IMh^7#tK(X4_{O;c@F~6K}
zVf;42-U5-1>C|V)P%yLsqG7ve(;iXp5{MzGO;}1W#I})=3}xKCgpm`ZrFe45fm8za
z_<R8cuHZ!|+nF9&3}|pw{3yS~l~u2QKfiL01O^d?AC2;3%{l$oog)kpZ9!q2xpPG!
zZ~W1}q1t|#>JXg&!M7QaKBl$6sb~I}ixW4nFuvb*mLj$ZGDe}#JW1uppJ3Yr^jfQ&
zKG*?WK}J$0>dP?qC7R|TCVN%rX0UpO+SnL3T)USKfA|+@(B;4U!5{JUM~|WI_%&o^
zzwJDPLcCCPoqx`qImb7?{!PC8<-cZSd70UnDeiy6T}YN8Dxy-Y5rrW^X!!@y)UG9r
zz}Z(&X$V6j$nXYd0y)J6NE+wQR;m1%DN%ud(PGkn96kUY2A53SHIk>WmOfNMt$T?u
z5VlW-Xi;>tjPE_O%F8D^RH^}QzI}qdn;R^ytRZ@dAaK&&IA>6`?zr+wTGU?I+HT(d
z)geLvMhH6dRM$=unHW<aqcgOFEK_Vg@;Nr2`6jBf%t!;KCjx2}%T>S9US|2yQC8a-
zzwt|(dHuFJvKm`|R<5yyD1bAI3BUi%c@CZGl8Rzx`624<N2x`cEUa^(x|a*h4>Eb`
zubG&C2EB5QI8M+AQKdqEd>0GTcXDy&%_Pl@Xp<t5V^2;x4nC3>3W}Rc$@lOeGRW&0
za#IJ2&6*$To{9h4X<~&HLgnLgN#itoev*>E!T;%<e%=v?6g~(4tb)kLx1B&qsCJeZ
zUOdV>KGf%Jzw&QbUfRro$G*#f#~*>`KE<Yk5tZf;bJMr-!t4Gyz4`>0gy6)(T(@2E
z-Os(3ZspCaEgt9a;a8Zy@B;6;@i=U}7dHMXw{ENQdkdfAKmYz8!-g#gHxpE9Y-rXP
zZq#9P7TJ8gMH$AI1^Wq3P`mG8e&q~5eC$VT-@2JSyLPg;u)rUF{0nqrq1Wv&G&087
za~F8^)CsQNzng3K?x9|*p`s@A`>=Qc=Fg%UBgl?@wvny&y~&)=)XJ9+*gtg$B4HG&
zYKcet$`t@6>0Kg;jY@iXJiAyVf=*f(fsuyh{EFdQk6mJJIc4XT25-8q$#A1W6lrv|
z#!4KZYhxDQ8kcNRsp0%jCD~GXSSCYsh0tV7pZF$|C%;9ocoMRdN+8rK8tP*tDxkM?
zkzG?MKmSu>+`ea+dK8dlDfP(ktpgoC^X&!ReCGyUzk8Hwl96Rb5!eC^tu;xS^7!F3
zKJ|kYj?E=Z4+ZSl5HLLo)kx?E!js3ASibl;*LR*HG%*uHFugToq!AES0xqreIClCe
zYUiJ3`^%r>{I2(NV*f{x$|yz@CQU$9ET1NlFHT#z=<@Z;RcxLS$z(1SxUf3P?gEPz
z22F!v4hws}I6SvA+_!P{?#@2Pi5PE!<$Msn9JX+BiLz!>q!sm00U0`O(M}B`V|AwM
zFEHJ>#EuW#$U8su9{Q%wsplW&*&jU1cfR@^s!uKR*uDQZBpt%}m)UXW5F3Usup#+6
z%xq)l)DDv9E^3V-B%Mdj{k9sHlk%o(44<efdd9~6GZ9;m6-3sLpo7BZHyMywpOHzB
zjXN<ny$@Nv#C7}k@*BVYYuvPdEC2F;{XhBKUq6nnP4LN2e;zRzS==WK;B_}#4?)OU
zU)l3xp+2jZpf_ua*}~A{Cam+*zbuFjq6(n2WNC#$6koXlK*y`ACPP$z4GD*BeSWTG
z1cRn8hC@eN%pdKe!V2$w(-^ZO0g)@fFqxs%g}GHlylE>Q4~Ym8hI#keJRt^+D1$)}
z#%*R!{Vi85eh=nP5LV!teKoetHW;c0#Ql`RCzg2OSeqRigrC2Aj5l33#8|zGF##qE
z2qVJ_Czd$1X!sYe8)Hiy`m32j3!wrNC|*3%<*@_vEH20Ny4H&Rjoa%?HEs6drmamH
z&5)12DdXu=DgX65OY9j-_}~MZ*}t`p^fFYviE4}yD|qPOJYV?RGgM#s3=@mbuw2_p
z<KlA&U`}iz9=nQ#jkmG5@fI8EGOn?Tl03E7n<cik-IAl^^a91&@ejj45_~SdeOIBy
zCkgp<R{Ornzvr*z9Gu=c>D>(?c}1dk{N=HGV=RkqW?RQcp|W<o$*jvz0m~1fl%kHJ
zM#M;c2jj1M58H0}ExJSh58wIp7g3!yWL;EmnMxQz+OZ8j7ak|-A0kp3qcx%h$rhnv
zh)ji0R|&PJgLK7Pfo=Qk`#0p(f4KY*5j)1Hj)W1ldYzGxQKmL-VyG6v@HA|>f#t&w
z@mueChM#`#`#AjSKK`#yJ;aO0=TOtvqpCypyjojlXO<#l4#}1LR;pyGiJ*0e(n^a2
zQF)(Tu>zo9l}@mhWpq|-r&Z<cK(|pVBZLZGJkjIoJ4gAcn}(@+q$QRozSm25>_~@d
zrON4{edM^;H)%AfbD~5LR0&K%*k45V=9rp$kgaP^GCQt#-_LB|jW>)^Z&V-<#H3(A
zzd7LiqT#6nbG-P{BJ*=854?Vwt<!aM5O8Kb<=BOo9Wzxnsy?O-S_!>Oc=}kILnl^g
zw-cfu;4RlwIMGUIbPUIrGG<1rR5c7&0;-h=Q2}q<8*#_38sB?vg%_TiBS<!K)3%1|
zXMc%CwaUA19OVtSY~T}LImKUo_eWHMXQ)&a^+=&s&aigw2{zZhOt&`4sqOFQ!qx9b
zRGQn{QgXnF2->8U7!$V#*Jnq%<Ndt*jqR%;^B_v$Da?<^U!JwcbK;lfiw+60KAEG+
zE|<MxGDx~)NgtDm4S5D36{QHnjLh_1c+hS>-CZF_Pcoi;ma)nNwEzM!qy$u|b$W|)
z&<&t{4&n=tC1i;~LLrF!U0P$@X7_p@ip@o^fhs2zGKW|lv1y*eq8#GUAvy@rK|p38
zOL{hQuzenSEp|`zc>S(~d+xrP!#{q4%6x|-V_R60z&eDrwuqzJM4|Dm>`40S+^x=_
z3p664#bp0DoPgu$NOvXZ_eovLu3R%Hv`N_W%Et+`;vM%*^YgDCMcRp5w4Mvy(CTIU
z<&Roq(G>GT*PzHORH_Z3lx?ICb}le^`g_b=dXf#DlL#3}W=P^b+h+nk_RcYGzp7@_
zMLPz`92K+yr8TpmV)oW?4vt6s@W29p`R%jZd(9|UO-DR;D(2F1!u2~NCZd#1Ppbo`
zIvhN*%KU1^#At<kZWv?dWCXn)m)cgFy>z}utDEu8Yiop|gTLBF0-8GE-8YZ&-JigL
zgLBlw8TM_iS^3zD3HvGI8vfZkCzu(AgD+g<J#U-kj%&urjBs(O&$oWO%vT=1$mZw&
zgpEs2^YShKmZUO-a(r@N^7LQvG3-*oU2YGQ;Jpm&bP!$M;yzyBbpB=DLSJ;0I+MVE
z#cFl3*s?xnK9=t0!!hAz#*l~xT_LVdPze>Uo)S=*rR7H<qA-#n=@Ln{OwfOoimDR?
z8WYwCrf=ZPPrk$-{D<>Q3}>|38E4KzudDdYU()QpNo;z7b=lZ1a7Za#oWamArF(E}
zKDI2nm<z#`oQNeF<JBi%;UF{PhOJW(LFZerHpfJ5j!m5-oS7VFZFCos^sOn|7_xmJ
zRe(~FMOO}a*aR#uaRpVWIa4kv6BPcp7XVwU?5b9R{f#Jyno+tX&18Q+rJE`F(L%!a
zFRXD1pwXC2R=TaWwWDk?i-k9VT>adCWOV5T-uJ*XAGv=Dmb#Ak!nm}@j9#4ajpsX@
zUD33*+-jelWDr)7`Z!VCW6MjQV(iqn=yZDMx@Om&I$NijB&o2l7%{Fo{N%ZL&Yo#<
z`@T`OP1Hz@<gNlS;%YE7H|`vv9%;V%_&k5{$Ra;`>oDz>Ax?y?;{k^+_BncTkxn~h
ze5}U1?i^<4#)wK35e14DTZU8=d!|CJ9#b5dOZeU^0o!&ehC*#4aYiA8Xa#S(ZHB*j
z{2V`e_9A1$Ti7%bpahJ`AQftH%m?;I#LL4Rdgdapo2)Zd3)oRreDp1o{K6Y&_|tFC
z^S3{Igj=%T;+fn2kfhQ8vGwQ}&?WloV&}UJZltK;he8;L&P#2}Ig}n)6iC5+BG_Jg
zg7t!noloVGqI{L0^`%9qEQVwWItws&0Ok&J_N#x#+=F$fY$n@!Gbg5Q<NM!ygr^?Y
zT(wKFdmmhV9bB`|5CnF!Wk$$M4Wk7Ks;uq(S-J}^^XRt^pn{M!J;quB8!F43dNpAC
z)hW7Z?Hp0cHKPvj_4fAOGn+tW%3;g(d<1qrFk(3djg2l@F3Omnzc=Gw{aVcRy8}#f
zKYIN4_~qZ($}2DbG&>*vT{h0Xo`sn^S>ARZ@#u8^Janaj=T9hdH^d<>K}S`r4Hf+V
zBLLnw#e3pReQd7J?cK~YG7N!2PfUb*Y&?{sr_x`qW$D80GwQ$Ar-nZ{e8&y(g|9so
z(_PM;cNk&h!lO)_evqB}hxz3<O(2UMM|bBY+}VsLmkfXQNQ<yB!@2Q$QE3Mi1gN0G
z$l6J+IrMu}S|^#9uJg-p-NYOA4-r*rRuRQ1Dot5i>+#$xs~kMm;@rg!x9;1(ExU*9
zdR00ndoTi`6jx2vc>SIxfAjPT-*|3~W;3KwfrCeT%$@71ZBsSgdEW%vCM#$W#8|sG
z)bOK|3Ejl7d!ohzdn;6<K2M+Q@r@^!c*m`yjE*+){1;IHQK-59&TV}4dq?>8;}`kh
z{nJ!(23%_^S9HjGZyDoD4|jOvsf+yd9aES%Lw6LD!-{|Uf!%D{Sm%>}b%2|n{GT{K
zc{iz2w1;=FHhv9RG(w;v#3h&%DZM2+@{$8EhrHUw)xE}ZIUGeqAh!dY@6m2_t+mbJ
z6G70nMYl<jEI~i>Nu)hzGxvfzr~olBByG}qjYyj4rB{$6Kj0vWBeIdHcAw)H6Au5l
z$HO{fK`W+qz@B}I=bnPLsggt$Fd6aKR$jj0f8iDBf*4HFr+(=mx1IYq%WH<^Rn6E?
zCP5%{V~Y%;v5?SZ^yNA|OCWXOW-kQ%@9sXmqf?ByrlX*PkV+6SRfF->4373;;|mz`
zPuVzm5AXWG45D7-*h}AH;?#qTKU=3geIpmP-NTt}Z>86qBvaS|u3SUeNw!_fEm;mB
z|7``p>qZ%?X#Ratt$g^W-#R<`mK%oHq`I8F5cAB7tDHEy#yz(W^M+q(a^!S8^ZQ?2
z_z%mgt-Dtr`Nqdd$3nU-Au}jP+qC25Pt(_m-+uozveLIreZ6XNjb_g*3BUXG1sb&`
zho^oHLj`RTL`O7RXV`cAPnZZ7c=u0D@saz+kWP$Q>yo7%n@TCRfTpQ6_v{^E*Hnc^
zUu^OHXBK(sbeFsK4ly%kd%I<+(2rB%B%{|!n2Zc}@2&IPsU9z%?b7K%GFnw{xO0rx
z@2pVQ0Y)^&rEV$(-8kh3FSfb32KzS!gpuNH`|EV$jOUK6fh63vEhG#=!b(83UZqm4
zkcno;)DS;-VUhojxAzW{>pIUof9Kp#xjN^BoCts*0g42(5-E}jrX<T$uxAx)1+Oi6
zMz+V^wKcorxE{@nXKYKB*OJ33*^)(xA}LZ7NlDBk2!hDD8|WOWD_7lg&irw1RX6DW
zR+8&^@N}cm=)U*XIp6ud_j|wh{pu4d{K73AxRwPv9(0kCd`fc7)^5&TT;_5i&v1uh
zQqM+6S`>NP!2yn)U**AP4wIffidN9?Kq8f;+;f2G{LNJ51fpefc?F==O0QXW$Qhuk
zEk73vgNk@C>dLafeAGf9teB9aP5VkHg?#G2qZeK^bNi*sSUuxdy(7r(5$yg=SiKX7
zTn}Lo@%p{p=ulBOdxE7?FHk)FBGczjGF|m}!S2D;0fVB!=JN?k$L9%Tf)o2b0#VqW
zpo=;>QOk9-biqv!bWCvhjKin?#zy{aq|<4O&0|npme@%bUna3EiDO$W&As@3Lv!%A
zF%A8idp0i>r|L2e08%<Q!nA759FfLqUWD0`y!Foexck0uq8ev8bNC^idE#Y`{_r_c
zFF(i5SN{vso8Q4Jei83AzefOJgy9sJ_wU~>0NgxI*TN!S7}=hE`yYK`i@R$uucM_h
zQQaclDcHO}$1{10L(i|0l{VXZEdJ!KPWvx@RKDlfQss^4Oj3I_gJ()hch5dWrZL4m
zw{|h)YQk#NW}OLbYV$)En*7;!S7=5K7rXDJmYiT{<q0zN3%EgnL{uhg)p_G}IX-+-
z5^tq~3Pg<LS~2NO$3Igbw4g6-am(fuN#KQxbxzMT*guhAd!J1hnqIZ*2pSPwC@7{^
z71LG0bVV~bn&T7i8Rxp*h^X2mifhLf4?k%~{P!m+Ocw$qia&U~Mo&tRw82K>`HJ~t
z4UWtu*xBzhn3D{5dN@)LDoKYUiL3-aI$mKk>$7KL2VGq$EZYWYVN1!LO`RM$v&ze-
zi;P^~jaCj?DZ*Nv&V<LWyt#+MLXlf`r`f+J!=a0U#}C(-oqC*&)fYK!y`S?V|GS}4
zuh%=!tPSq87F{fPWn>#eP{EbpUaN+uRT~2;-Z)^Wvu+M~=>_!S8LaKM;NJXx?5-iO
z5~v^`Y}5#&kPsVPjR?JvQ<p=sX@}Iv9wxT!XK&`$P+GBk?ifo)pJnmoA93#dF(!BY
zDthdCg!1tdouI>Z0;4l&(0zzn6&-?~=wV^-W^UZx&CS<e!_?Fyhn|0q69tdpz}@7R
zjv}KFiNLa?aqDTxr?(}*V(_{}Qx?RX4bgV-k@3IlxNHiP##bOBGsF{#6n6Q3s67tZ
z*K^hNA7R&R<4Ap!xs&(vwJ*Lz^1=H#0D?e$zu)X4Pyvxx<8UAZQKS*JdDfQxHw*w?
zf#1LS>dw3W?~hKnTQjx}rWZv#HmiL<;{1{imZmNx-*{q~ckR#7n-qNfU`GD#qm8r>
za?SiRjOd<vluD?1|BW4lwI)K?#83*p(mZmw%o9h-G<}V)1-+H0m{|Tgl}3n<q^H9s
z5?~8Ov{d4Mex=67;WYa;q#5iq+H6*<ogyTD0EJbLLeWPm&AuU*v@LkzY=Z}nH26`*
z7<OJRDpqP5Ei{e|I)u8X7#L3T8}HjB4i4J{#cHg|y9Q|5GUAyFJ`WwO;wi~sUy49O
zMMEjjRH`02gp>oz4WCzMV6~~K`kKMKWV}<dt=nQ(ze~9c-#ZpCm~T*7ZIa9;$mG+c
zvq_S+B$LZ<bgIn39eH~4mdOwlsD{UYh`4=chQdOFjn`(`d2NRGziA_fr#!y!^;0w^
z{}D~dh3y|gsL-tEcs1*Gj~<ieYlRMdbWlh5RfqvA(*-n|b;2^LI{0-&bpcA3;PMev
zV-+#~BBEYIR~8V}IrQ)~_<j;^u0Z5@ag81G1MGysbPz08LW=bO9fX8R;W##(xfJR2
z7P@cQ#;&)2nD71e`|u{8CE9*B1a%Y4;;w=g7}8g+3*Fg=upD$@8hzd&&<X5xAFqG&
zZaTXMc=^kZ!`Ob9eJKX=4C6*h(@ny1K>6mGw7C^}?Y%b-@CqyhKxs`FX~M|hjk3{1
zdkI9^F=d3RBP$OeYu`dySxD|@Xw%R0OP~2Ie(Txyky<KXsV42AYSGHr;&!T#z?GT+
zKeGUEYnEHWtbO;VKfEEmwZqlnd|9A0LMVN5y3V67t*~73X+&_gpqQ(|D@!FleR~J>
zAfPv`>5)~uaEVeFqQijX(ko01x(uc?%CkWk1o-$&gJ+KxsntWS8nQ?yG*3*1IKdQ~
z1}xrmFwNU;AHa1DI90C&oV`@z$hjKNA1!m_Ood&Wa_rxf#)%?Im58RNh?H68p;DBZ
zA*UAtPA&z^R}@|VGj&Cwsj-r2#y0h^W77cAvU&BTGc;CK`NX>ixqdLjFVxNZFGU-f
zb?k_f^AUgcNP)Rh#BbiSjXQUAkZ>iLz1QIMj}l^0D3)1Xtuwt)W^$&$`Kcw&UR>b(
zg?SccY8;!_0sNl;03ZNKL_t)G$Vi`*gruwZ!ZQutyFW<}O_o-hXko@%b5gTXRXlg1
z!dq`l#LX-dh*FN^>hUCx%vG6M)a*_|R48-9#%_8)zK=ir!V#8FeUkyJi-j%s7=~fY
zac?1DEyL5c_+=EJLl2r|#7YBEo<-DGptg)IO{2?;=qQM(xIX9rZKaXvZghUoY(T$^
zt_P@EGcGlhX;;<@P+dh2ZbwKrE-f@tLnJIjt$-31t6Ea5N^Al1MHf5QiMLvX&__ox
z4Om$5Oo2eOSaeE5aSH3PKg4US@btnlPMkPOzO$QRVFl^-qKY#hZJJ(_#ibRJ<c*?`
z?Hc3HFj~uWT7zXuv&KA=W{lZ38G}$E!h-u>OmJc*;{SN3$HCnSYjqX9Drk5TjSaSq
zOex&%2DbVhvi5B<YBN$V<HT0w#8U{ZyetY;Y=}<FCG=+>0Oo4E^XK2zH$L8xMpT+Y
zN(*Ue{p^WVet38pJD=t)d%D=#XHl#+`N64x2VXAp*(X*h`5HfjUQwrS`YTix9^vBX
zd$4t#ouhelWaiT^EPFihN`Z3GC!ce;>p(ZjW}VNkgd}an$F5Iv)u3Q>G)qE5)Cf_L
z!qKp6B+aftm#O&_54=?2het|0cf3qj&Sqn`O<%@hrlNWFlF!M7fO-J7BapVu@bCcp
z_iW<ot0vgHZGh3<B(6}9O7W$yJ;x*8tMLA}^l{6^1W~bx4)wZuRj?evv!|Q<w}+RR
zD)@Zrt-HAE>LFYm;SLYuWIGX2grgM$nFIsr1XqoA!L{RP6`JzfahYEAIdXQML&q+2
z;^<i>&s?TB@ADrY@X=DRZ^Y*2jV_zI9ELK2Y{KH)T!Y1#B0a<1!~=WSQZmw=AeXk8
zFZk@)Y$Jk@aAAop9SJ`6?s0ze&rf5W{1TbkdFs7;SRFiwm+CXE!`ccIXAs3p=<+mF
z7N9hX_9`F~MtD_Vf`X0^ZU%bB5&3>dbwjonI);&*BWNds774_eAHeDqSTT>@vXSRr
zK+ha8n<<Qpr{lzakPb#5#>N(k)o=a*QQ%=`I_bRWJy^SLLJ5n&^HIfFc=mJ1{4n%y
zh2AX)CxMC-Ix?amgaKmuC>?Id|Mn}NVE3NA+_Y~ije3m-9{vHJ`_ea<dG@PRZNYaQ
zdXhtjkF#gzHZEPBfv5u-B}n9eMhtjHsHmke87~59VLNtPOhku1zB|aQ)4}BN%iMe8
z5;t8NAd_(9q~wqOIzj~@*YAdd+hEhE#Likcofc940!aXoUDKwdm27BGy6wFDT50f~
zNdUNEbToB#W_tJL!E7>Hsc0Q(VLOsz7b_e&wZgTp8|IenX`E1@qmboNzz>cWX#|4J
z8#CO!KgYIgND#oYr#&7!x=Q}yUlBTj;cm&os>k<VE;BV-Ct+J$w=2($+jBUM&Ekr~
ze0_zaE!fg2Ksw|*l7vAl_obwv`KpLUL*X^y*3Bu(BMwiWZ*p|T=g~7hB@Zkq2(+ZD
zw}-bJ+|C<s-p>AALv&`{c;viQ!<rg*dC}v@t5fvnLvG&PNw+0MGcYVI6&Zoa3ritS
z9w~Bpu1T$?=*}cLxUrLb$|X#uNsf&n9A`~apxs_;_0cVp+C_@7&Lm^6+r(S1-w5J1
zDz!RKzIdJoet4SaUpUS8&o+4ST);$^<kk%?30LymbjX4Efbr%k`Q8lqoP|<`N!Oio
zSXeSBcoaJ$1*<+gJ8a%__Yi;n4^xaz{R_FdZxWp9;v(ZrmLXKa)IDK62EY=K?M3u$
zMt6)La|7sHKV*6l=?)VRT3v+LKFo9kgaQ1dhOmJU3bjroMAVBW#TFJqH_+`VLDQ0y
zQV<3a%1VHA34NdPi{HiGc_Wb@nrS+3)dUyIfW1f?vIEGzP0%rn&W}KL6pbK}NU~wm
zHWJAUp|%+q9Ok1Rd>>kAe(z8IhJE|?aPM2+z~=E$ROs`a2Y<k^?>>t6<G)1Q@@s1>
zM%|hT5Nq84X`_)uVHgJh53>E}@q^$$#o2`-CubwJZ&F-Zfohm!wbH?(PgnS-$C@Nu
z&F&2Ww_K}Pty-uuG=&>`323o?1Y0Xj6t(mq{tZe1DOS2dL9S2uBtj`rP^u}OKe9m2
zL@zg8Wo)pOg5`?l_rAT#r9#NRfBz^Sc*8hyxky;5fz%AUg5BMM|M5hHNNO(4Hu<|t
ztAt9jV<OEPcc;mv3<*Monm{<5TMpUQWzmxrL<wWFye4d`@qNYIlE+*@#Ync|<buzM
zg^1~@1lOW(q=Q=yZs+Z{Zs*$VL#D24wIiDm?Vg+zfCa9@(epE$zr4!zSLNB56KGF^
zWv02#&3in3qRjk?PoyM!hiwio1t@8w`~V#(QX4lR6Y=bSYkIE*Q3-%n9T&f}!9NVL
zsL9zDZ@XzbZ@XnXVWfEKmCJnV2Pb&``Qtotwn@TLxHf$In9qj~IxI}qa2<=mUI!;F
z@s-Wxl`7MVbp|^UL|UK&P1cUMb6n84Db0qh-Kcb$hn`%7*~4_WJ)G)z1J#iOh-`;B
z)iXUPVZ~Bjwn;wQXt*}%F|F>{T3sv@afe~eU!mP9kyb3)N!)p~;%<W(4VSIfY<tj2
z8b@f$HhKVBArl!yrWf_zFCj}85X<Lb`64V|L{C0%lzc41wMRuT*o*DhxCt8s!t*07
ziSWY+C+V_t$2P7#a2*3ZoopKE<?gq<o*g?j@|i#X4x%`X?%rU6l`yvAZIvi(*3aVN
z60aORPH$(LrWcrCWI5PLn=k&bkFP$X=+F3sL4%cAisd(b4kz15=lrwe=bq)&nL|vT
zTPCM{=C{0qmGT7>xZ6|gF%wf8VDYtV1o#;RfK+6AjztjoiYQPxQt_i#ih8P``0(4h
zNf8l+5w48*v+u1iSMd4dFZA=iTQ|T`iJ<PAv0J5BEi1ZHl8IiMbH#x9l_vZ4=6L<C
zG(9PaQt`N@76f6)kI&YSLg7V%hfe$4xWlDV4QVz)f<V(~gcM5w4Np^OL_B%1$&uNR
zP)V#*nrm*}!u#KLEjR5RLPjA35qLpciKPvA3o!J%cvCtq^GhYB7Am}RUxLB37QUxB
zJ?rtKS63;PJo0IqgI9I4DW@r}dMFjpol9ax3TJo(nM~4V)3s@L&<+Ue(e^6{I4%Bn
z3yB9?NN(T1k=t+BPSd}a`yW5XzdZOXm(E?HIO}uf!H{?ENwcjd!PJb8l$sO@uc<gQ
zRbzNxA{O42=m>IB(wDVy{D7akr;oe#b@Pvp&GWT~FESoo;9}RkG<r4xks%4SeCi3-
z<_JU#PPI6}@!hP^3D$vR(r7A}nf<t}DD3!INW%iO9a;{?=E)f4BeTJ*_8-eKW}9|0
zi>D2i5aq_8V*<9>2+Ihph|)Y1E}>T@5tol3C}P>Br5fYH?Q0h*Ac{i5_;jr`JTng<
z?RbDmBCG_$&6<f!%Up}}%5eNa+{GijP)t#;)p+jNXL<SP8EnTwTbj^UeDqg7%6s2^
z50@q{@|oZNJr<o&wBr&cI%rJX$=vuIKt!@Ki>n&ch7O>oe+4rXFWZ=7>lG>kR!S8m
z)<5>2NdWl4Y-MF<hJ~3zNZmLjaeS&l$8erZ7@)O<WeJW=H8^^)#_nxd-o3vEYh@MX
zhgi}`8P6^Gl<FbRP6a$O9ng`pdEY%l+_N)>SMpGiLRj%Qt5($N0bhHeibP<edFFhR
z%kv)TM1g!(vaR2yKkHCvO8(_&gJ&-Jq*FFS!vnnS&V9V|4Lca<&4RB@imzn*%`}_M
zoMK9}SaPjF6*HW%uv{Ssnsnw8Twbd2gXdS7o@?N`7B^hg!RvPA$)#MBAMwcHGE&yq
z)SD#Jox|?ykF$)ho$j-)o@*_9SifUl^DYb4GLzO9!ic0Lx$n;1+;_(=o;y0p|NQ$O
z^ZcQ+{MnOLcJwuP@4hU1h7*iiHYcWFW!0mwQm3;!V@OWQV8;nZP*`qII=f6ZW%J8-
z_K`|zKL7QX7&-S9F6MuW$W59~L7csa_JysxrFBR+(DpWHqvArKoea`S#9apSr)7F3
z40FZ=0Zn`2PAF@w?I^AI@x=o~%Isj#GVj!(X+K8cTBVifg3$pO*$+-0aq*imFT@P=
z7$Z;%Db27?ONl6ml$i*OG+`J(<e|N~Aq2I1f6Cm)(pl7n7rFJ8>v``l{X6#U*ht#e
zJn+3ueBn!9<NT?Iv9#iE|KTefdhr>yZ{0$v>Y=h7G07)rPiUedn(028P68pcxh@s8
z@3}3^B24BgG-zqyg4XM25dZ{ey0gMMe6GS<c4epqzOFVSwj{xd0LP+HYVzozGIdY!
z-W#$cy}(GaX#-dk%RZOps=RzT<clvi=<P}HxlfI<EtkbBHe#I9YzQfhrrP&Ud7NMH
zxqXw%NA@SEdT?qn<mgPm%L^fooCyhalR!v(Y&LBl<%7R)Bkz3uE^ML9N#8VtZ?!Hp
zm8}7fHboZmd8kdjYLHi&%_ceudHR(q%NNT?1h-t>!QKriGD({di>9YZJA%{8A<K2e
zH5)tV+cW`=%N3g$)&fC{S<s5?@kxpl2K8OHab7F!)lNBMpMx8A4spYuzK0`cmiXLP
zpXTtPQ~dc;MQ+-d;4M2-IF7~SV!+Zu17SPlGG>!W6iFM3)re|6A|oPf6mLJ!$=rM|
z_rLf8qqC1OJ$4s5)*oE!`$K!Tw;6=3&({gEw7ySR2q%M<j@d*iFq=E_+6%lz9Mam9
zKtdZ`JfUMR!^lT#8^VxCDF`D}Xr#Ezv|g*sTFXWZmDe+DKEHyFJc2MZY`xe9Tv`I#
zwvgKVtVp$HLo^YlE5-6@c>Iqb(`SO3?I13{Y<`#Lfp8cc9;dr^fIv(7hX(lcr#?=o
z1^@ZaK2LvNH#@gYuz9!_uU5uRWN;^cOw_ZPXy=`VFr{?75Y3ozyJU(&P+AL12;$NM
zG*&Ef^O_a*(+vQ(fxVdJU}sLg*Rkb|FP*LN^y#7=Pll8l5njb7^g{wmu)Nsd<U&L>
zl5FdhRO%i_&NrA_Y_MDmI6f0n_9Q2Z5pKfbi=Q54v+dAaDw%W&Ok2$|>DigZfWLUG
z$c9dfcU_gHsT|TtxM5?&zG1-w$332z)+94Y2F6FZ@0~aCuA4TPH$O6<no=6&H3$l;
zgryQu7$9sHx4Rd&w-?KG)-C85yow^QCH2)B<x-8%Q#6{2ZTma9W>bc=EeHZl5Sa~N
z$%v(5z*A>yC@00<(KPAaZgWp<QO~tgk4O<L&Es8~Bv>sG`2k3Yoy+15kK&GwVcAan
zMz4G6b&GoKi?oJOuHH4m=l|&aymDfOzxvYmc<%TGessRbP*yUY7c7<(k*dOQhJ4m2
z)7Z9!B?1B!fpiF(0lmF0w_QKTiSy?fd-eZf!?`bUar9lx58jTS=!^*{t%nwG{ub${
z6(As%Ictsknnf#ggl=tm6&d#)sf{ait_RgU4hXZU<4Hj~-A!t2Cykji2uotSPCU)n
zLc-&p-*V<{#m}~8VGP=-0Ifozzzj%PaTmw;Lu@JI0UncmO3P|1_E<!a$|E*j3qb&@
z)988$UcDcVeAE2yMicCW$smFd&kJaHK7J6Of;w+_{oA?yjc;P_mQi+W9HLsS@{wQr
z9UeOTBGJTkh}=MY2(0lhP|B1tehpDCpc6TbZG)W<Ahm5-2sZ&yP+z}HewqQmYUJfd
zGimwzJGSTgZy1q$_r;3->_e-3>|lb6HRxFKxO}lhD(T`kG^Ie1O<6p5rq20`bx?|~
ztW7>+aoY}yuO0T05`Oms18hvY__I|r@+k}vL}K>e`T07(`}IY75`y<!og|;K@j@sz
zA|?w>9ys2lsvLSY4)Lz{-NF0s*n@18zz>K~K$KGWbJNsLpGJovLfY{NtRR@3q2aou
zHg6>{Hf~a_R_ZUH8EF3eOONvCV~04fBhCBX+A9u@rwD4AAT$Iagh_R6BL3mI3TGAr
ze*Wemdb@I9uX`KT*ZNw}IDL}l`Liftunuh*_u{Blr+MxS!KF!3yRXLS?dM;4(YIbL
zJfVHUN>k!Q0sD3g@%cagApi8em-)+oc$}%_RaR<>jokrvY?Ca^)(HDkkg)JVO*2$9
zeHGK%EtIF&+V61Vo*XY9S7gL8&WZm<$JC=tUiGU~2CgwfSZxASiy7CtSJp&@+d-?<
zHxJfQ=O`fBauZ_f4UkBqun}$DeX%af&~&`>x5!os_%kPP@&m?SPl&e1L_3peN#?Al
z>#i%GBm&zqy8n(Xu`DS(uc4I+4NDY(lwgaNGO;lVA>D!A`4;r>9xTT}26fcRWmuhs
z`O|Rb8KNkRjYi^wCms$Gv2H@rb%~T>cBw>PcL#laJvh!Hek|{9j6hmV1q(5M48kU|
zbP@jPBdCs1^uR7e-*&CKw-Qx*(b6RnPRnW-_$dZ}s}p=&b~^v*lOLSuxp!Amr^-zR
zt%$#Us=|ZELzL1i)HTcHh^!Zqumu?x>MH@y9ILQ%EX^DC<k&fpVP&ew`Pn*!x?<Zz
zns;5-ML1nSNP!X{geFp&S|j4<WSKvHxP(@MckFW6J?K#K6|+U3hfg**ThI)R_VU)d
zZ{g$by@`B6Lv^)X6Sn;C{KW+-$BxHnv$JlI8XQ3R0nPL0kd8xQd?MD_7hpSl`CHHN
z-S54`fvYn7`*#h9Z5c_U7<UR{;7CftGJO7Gz=KDsbmTJJyStmgiE*@@Sku1)vp6k_
z=Hx{h7cQcOGyz~;M^FeuUshp6<CT}-n(J`;2KiU$4|?6kZ`~AY3qA;tz<qb`<xSUb
z;<I1+5kG$X5RaX#6Kc(ycVw8I^Jqkh)lxvy*XCp+2|^Mz6`ihNXOGRufi$nXX_)(;
zD)Y7P9cS#-|H1U0U#Hx^7eRRCwP{J)GK|*aHq&)xlr;u6+w|Jj0Fnh>EbiJGJhEa7
zEXzV75TTEi%#z%Eosoc4+VBY+(?V>Yn5-*5T5q_HKiVmRFrr$j67=*?sy0Zb5;VPl
zQmKNLwjuHu_n>t{lfrDTFa)nb<TXsn-n9Yxb|CU2FnbymhD7VSJOXW`&7_623~*`L
zHkKt#plCKw)kQ>M3Y@e77Nu>nCO3^Z{t&vc%J5s>2VtG+h2u2l4xuhTN2C-lKA9tG
zR6&PZQr)8?jY572PWV5S0B~KJJDVx{*MIZF<2`TR+o_|=Wzp1{8@Fb)@-<&OT&GZn
zQwt$S212eIv+<h&O+TVDZL$CA9zO88JPw-5s!!9?Ja{T3Qi5N+HAlEmLr96%5kU~)
z`*3+V;PE3xF3bl+TF{fVxqC-~i)GErm+SoVktWG(hO2Mc!KZ)qZCtgn7b+zvd9?fY
zrg=<QF4MR$X-<79+b2=m`WwKqQJ#mYR?Hq!8eEGXK7WC4eD@{#yEGqr=Lp;S9GY|W
zR%ix<nN-%Aqq8A@@q-oWf#5Um-pb~YftYr>j-0h_JvPptGe#4ZXkTut{4iLWQ7_U+
z8pmJ7y|v$fmRA&dui5zPzPyHhX$YXVGs7SM#$7yma65nV#qaa*sd-*m2>6A4IWkfZ
zddke?2chA;D{}-{QHTyAW@ml;`39f3vzP8%lK=M`rwGq}4KLY)mm4yk2`%cdY;D9~
zEtm>{j>o=rqZmI!%Pe#i#y)%TT!D(8uK-b9!Dki*Hee+(1{*-eWsyY1Y9u1=zoR8>
zbh8Zw$hCSv+KACT6i$AJzx?aJ<>2)P*s^&88#hkqpjqefA3lqa4nYv2lv$H4Nq40+
z2sh>{*a#IEzJdzPx{Km*VQEA}9NPfmQVJ}~LRbz6E3QfvN-2Xg=m=e&ML+SU2q%N=
zo`CKRkR3qxZiU)1!f}!N?qziAI0@H5c}*IZ&){7;LE+>}l%~#TuUh_N6^6g;sHHy*
zihT7a4ghc2LgLIMANtU{`nTS)IfI@r2^9w5I(o$uSW?lSmMm2jmVkeLr4Bk|r4+GP
zReb!u5q@q<5)nY46_uig3KbU$ickt}9Fv5RqS-Xy)46$%qZjJTuXreFvANIYmDPxR
zO0epMeCO3BFHCC&CWd&&eQ)Mt?>Pw7Dy$abI&Zz<q}f%<4+x4yEZ2@lQ$<^MAJH<b
zSo3T*i$oCk@Wj)nICEi+Km6DR_6;Y5zv#u8g+d5JzzjmoGiPdi?y(i-%9>w)`)+O=
z?<P4oYRpMnwQ(D@l|+pODhSZ)4yAQidJMAZwg2jQgq2n7d>8FgfBnyFr?_TQn165C
zV#mKg0VwXcWjp(>n&7ivc!Y<({}LA-FYrtIvLtM%SD{h~Y1RW0=>#eYQGq556@Cbf
zvPV?#xbOB6%1!vnH-C&be>GE?ccVkk*r!X&1ihe!F3mt?9-1ZaDv0_Dx;Tw)mJq^5
z`V})HP%okjQ;703x?X_l3e=XsYl7{v8U>(3+>xy$hPGn&ZNci_h)CwpGJ$l{=pZlw
zB{1^@x;-?r4ly_EBy_Hi=#Br8%ZI<or3aq@|NF*BRE3c1MRbgF=%rWKx@7}{LxWuE
z>n5L0aOu(<q&gwhv4&~1l#E(0t&!U72TMw`(c_Uytu;z3yeJ}!jFw<ap<3jI5W5c|
zBOeO0uyO%CcMM+rX9$~!RGteL7r8L!lS;aDcc$sgjnREzJHv0d4=FX3xl76Nndf&M
z{hR;%Ik$W3i$8GyC@pbw|5$R*ZF@WEi$dM>w2+RiFD*BD<mDAk&3G)<1RW{CN<(95
z%~xJ((&57Bh8%C+>SCEDC5?JOp%9TxNLK2wvEQcNj5t2$adfiD%wm&#(okA=ji(sv
zu$U`__)&<C6#waw2EItJ|F+$H@>B0&=V%Iw1>^YA-dypfXzeN;*Muz_@b+nGddIEW
z9Tg!{Nvw`eb9y;8FCLoWrK6X*>$(irZ%RNZKtu{@ndsg00v0O~FP^S)_<Vy}CE(gE
zBkUi_kx06Tt`3A_w~=jAj>MN~ISAWE1TDUOYp1WPmE)IeZRRLg+t97Xb$iia7JcZU
z!^nV+QX*{o%4eem_yPSLHh=KRyV$;YkiYo5@AKuuRkn0mq!NPVilSDiBWw#tDuU1~
z)`SDegpKxns5iLvnto27oTEJV6a`XLnhj)a0o^E}YOByFp`*~usweVjD``TTokHY0
z(0&b$eHZcSx6xh+gk@NS(ly2#$$seSF&h3_p{w%*#YOy;XAwLPUI`&W+<^(4!R>gH
zN711|p85{t1|i#vc2fxH7*0X#-zRJrAq1*#3*7Vj$XXe_d=`q+U`ZIh2D~bhPyIE2
z{Mo+&<&jJ$aNQ);hC=SV1JyZZ3}V*3v=D};5c+5x#izbmXF5`ZVSow)!Z0KZS`uhr
zTatuhBQibc?RTICH)AC;2<5}-EYaL)#LM4+(k#Mp5UB)B1+yy+W~Syqf|E+o*^#9y
zlh9jldK*)Zemzy0x^&<t4gk%7gRj4)YkVjPs-c9NuvskmJo5Y!rAEYCZ|I`m@j18P
z^VP#4byw1Bo9V4&(!wiw=#)bgM$F9l_#w<R6tzGR)-+%FegUn`JoC;C8Fr7Q*gBA4
zey%~Ssd)HIKtgC<oek*h>*DqI+`{kv+P&Ce6^bSBy>$z`bsDxl7oZ}nRFdTA82<bW
zD7|)gVuUgU#)r@y9>E?MG8@)SadC2q^OqNS$DS-36A@uGLQ8=cL@XCQUN}?b*kpr@
z4I|waXA2QhE23r-*}DPZy0m@cS|>y-=PZ*cWJf2F*EF?i+k7;>mG~Y6vHPzrvGSek
zFf6gQp<BWb)e8Q((`c`57FTCC&e%q*e4ciLsMX;J6^_(==-zACwXu)Se*PimX6MKR
znsbGStvvzdW|_gkBw^fJ@5xzY(}uhg6szp$O*1^&fqnE9dWy?b)PNaPb<>DM&T#mx
z6lD4!Gk{EFO<OPYO_Ei<gs#n_{VF0mfX)q}(?f{t0NB~MgoupDjdakRn-E^bI6ntX
zXf8wL63y9*G^fuY5_uCiPCRI)0fPplyP$gv*)e1!y*tMs*KhCwElsr{Z0OkrLwjPq
zKOeGvh`0X%V&OD;@ifiiEKMCD#t*>8>k*N^R!Y+1BD5sKLTZ%?)moh}%$rh9D;o7W
zf!{=8{040);%1OWN(*TxKuC1GMp!PGQpL)`rrQuR$Dy`L%MnQsAp#Ha(pQZHe*Z?w
zV^>qDb<)$HN7@NtCG3u$H~<8aEhA}>$p(RrGy>b^#S<$COLE^E2iQ93Fg0D~zdq3*
z(t_W4M>jWaPVvdF6?pkfl?w+Fqz5G{i%nKbAs1F7{_$`P#}=eAE?c%_*fnUgsmC!a
zCk>0sK9M$Q+sTCh*AjG(4)aSNx|{pnaR91CqwE@~xV^Uiim%9}O%0n)li9ulfhJfj
zprgnLQb>ukB+_+pM@9|!*Wv^C5tnC{=}I)2=;?s~QS}4niy^0`>P*kqP)IfnB)E1M
z&aW!MbAtY?O*UoYboZFHOdBg;Ei=&?0*}m=t&}SjqG~ywB@$~J9O9n0(IZHXZ$#QL
zUHOVE2Lo(|5y8wfQbi~?i4H?_u}IWBiM;A+L?*q4xUZ27KxuBcZVUf)=$H5}fAMXe
ze)bqoPkQX?cj<CMlxmR3TQr*y*_1^#Wup)%Kg97G4Ce*?ofc_t9_9A2kh>l~H2_f=
ziWkgepNd_Ng1F^pB%X*mHXz(Ql%`PCS!h-esby#sAU6Vb()ixRV4(;bP??3s(wZ4+
z6d;maW>e%w(F1$HuORA6=w{Ibg5m;td6E`iLf8q&^&oP+h;%PHHw@hqknU`cA0vgy
zM*6lw?+&xh9M@b=;GtvCv#pe@g&Aee_QT)~UVh~`Zu;At+Pa0U8^@R!?B>ia!Yg$E
z03ZNKL_t)U^F)n+APCKS8)t+P2!a3=-;<D*c~4P>$Q1eO4wAS%4N#mRnmJ*HoQ^$4
zdf#2hTRvz6Oe_a!*@>Sx05p_v+#tjXLxg~%mm7L&zQOf33^O*IB@9Cn*)(3X%A2oF
zvTr<%?YR8b+lTm*Z_e<=$4b0@v&B$SaCS-amoL@n%30iVQy(9_YmhD#;8%RYKoLX=
zuO6_x(xe_}etf}WxdA)(Zs$|~;TO4fS2vWa(5S6#to5Z`y#L#qt@RfbVWraKuGx=Y
zED{t}(0+iF5<8c}?&(G*-PoeapwF{QB^FjHZ0JkSm2;RWD*g1UWidHZBkKw_4rSQ8
zIYmzfyh@YD&No@CD8@2^d|x*t(^u5|tUrN`xF1eu7ulV=sGd5BuGfr0Z_9O7E07j4
znZWJoBeiXZ`4KH0{nkylOMfd)udSFw5|c!PK&>t#vm4i1V=eGg07&pd#y0fxn;*Rk
zueidK$L9H~=PG>S`W(4Pa`{r7vr`_sw`NHtpxKNCL7EX`Y0aMTBr|1&wfr)vYRI(v
z2I_VPBEJ!VjrJ>0xr|P9f^?C>C^8A<8MvZr9FZSHHdhhNBCH%kFC9X=c_Jr+4jSkv
zFyt__sngvoA~OKlK}d9hn=vEII*R|Ei=R=<zwnCSml1vinyW^qpg4sVj(G-Jft!YW
zKQhx}f<ebH<cA^Ifwq#Sn`60ar9_;e5F4aGh|Y8)uYDKOuYQMbJp44=|9x{!I)JWG
z7}~`PFCC+&yNlJO35I&|j1KiPJ#`VkH8`Z>>t@X~N9&jc*djZ%N?bQ>RF9k_QQ%|Q
zu3<<MX&w4Mc>oBMUMSR}$P1Ju5>lVJT*DKR(f$OEG^y)qL$ISqaP?>k$FlK5$>tu(
zZ{It_-#<9ZqemL_WF*hdM`W@VzkS~TZ@;z=Z>3H%jOm}!g2*rgE1u%p#~VC+I^c$z
zcJT+F`3U0!8K_i@W?XCWUa{F*pVJ1<+9w^lU5C3J9k^Ycw1F}e8L~kTuGQiKstu27
z!^e_>V;5>1snk$Pvu|6T-4jWA^A=_TRFO(MTrSm#v}7n_qv{R(YMn%j`@jA=S{E*X
zC?qj7h||?cV``G9P=GKnmRnk5rBb+~<0M8W;-2}sn{MA@ONmEf_YR;Jr;$;FlEPpC
zLYNu$_DQw=dRiY8G#iW#=lGou+=%mcPw?pJ5??x0<v-k(M+!{ZszRF8W-N#y(2>Ro
z6+8NEKJb<v9y`|HksrT`sO34Iy@5bTto$%eP{OXyBP(-QQj&CBTnl8_MENxceWXyh
zwuO^QV5voP6cVZeenZoUBuy)em)nX?_oI@XM0T3UN~5im36?5E$fynI8Uxp`T}BW!
zL2I<I5q1)t8#92Roi>^SQ4{<!R12^=W2X1Q7+cErA-YG9`9XB17qSD8X<4-ytOdsf
zCxt*80@Le1g{UmT$_1z{noMN;8blCq_RzOD`?>!Q+g0@DT&yTyrC1@l_7_dyYB>$J
zoq#c2nJ_Q_XQTx(wg9jaEnE{bMXAkPK<J?&&-sZ1K*HsPsX{PY^!3<C(xL7ty1Ej`
zz$a`NY2u{okWY%(u*39utBr_FJ(3UH*vShgEBw>38kQ~jjeGmJb6cM3Oc4=-b3zzd
zqk6STr5^CeX`csA2OPZlDn9#v-bY`m2E|&8-No8<ZENb+w7*)Bas3y>y3e&X6yJaK
zJ*`yTsM`3UqUi@*oNjU|rMZ1ij_a=Kq&IC5G(!Bq5Ij;AJaaMP+)~8e(F{3P5|*np
zPM=1~?bw}NYnu7%!MIj`DvFS9g3OMc;3Oaj(SE}OL?@<%MgeP+iGnpRzj#x}#u2h_
z02O*zo*{!pO&^^|VD<LJgc{ax1J;3v0`u?EVq)7EpS)`a`Ro*rA7A9}UZ`;0uuUTp
z)a!~;$)mGV0*0_uYlPJ6Avvk|=$m_3S#7d<<P`=;Q<0tI!eug1k+i=+R+q_J9v!wM
zk#x|Og{Lh-EpaVD%9dEtC?l&VKDkvyxe-unE>R4M)GBEzr8G^an;_XokQyRza`-Yu
z7zz{u5mceRgzzhd2cQhbW7K>SkQhR{9VS!I&>rU%%ADq*2VNC|nrUrDKDt&#7hg5F
zf>$vCIo*Zm8b;)YAU}Za7(ypI5mu~Z<mO=XT1e&0v-T<`UBB&Ph~*1J%jcLcTr{Q6
z{%g_O-T+QAo^@Eq0&K1G$Q%x)G!z19Yb~WPtyHbGHb7&&8KQzF%5VPUM4-IO506jQ
zPn=s!k8K@vg+ggZO0=iYmO=?hZ`KeS=86Hk6eKLOL6?_3Dn*~sZkJL}XV0cIZ{3w6
zs(1(!#1KLg_&zfW4VH>NKR6fh<i(IT-TgZLpWpsD@=iq9^a;Z#Zn=Q8B$j1i+jblb
z*40H<#DjHdZcC|U{odECZTwcrU<n#kj~_mJnseu8m>A1)$L+n`w!s$Khi2VmJwixq
zX_SM$^-6=23jrV7m?xhQL>hu(iR$UI<gVI<oy))Gm$o)v9B{NYSxD3{wX7ZM1q8ub
z_dv#`r6`EvkL_As#dWnrj%`5uJ|YZ^b5AN`(odyh4naF@T6aD1$55eCIX3Lw$;T2&
zI`bL6_u@rP&3g1?ZTh+-rBXy95t7N+)IG&wF(hqi+(v_>cDecLE?&JjL%94TJCcIl
zj3k{)k?zQo@7hRDZ;s)?9(sFnbmm+-@)<HImvq9$u}zy+X{a`Qisd?`y3gWrh56+Q
z^NS^lg)+rLnXqw*pmCaNIb<g2reF_K*Df9|z7jO;4wRLSfk8v8(N;{zYB48UOhl~!
zBW$XLFt*=L4lKv03B^oByb{zFp}qu-WklqmmoK4L7fiO{*9?6<+XWp%h^}#TehfMW
z4ZXQFL*b^;gF9gCT7(p69ianb_(~KQ&O&QFYueYS!j{WZ?CI#Zh%hjQq0*e9Q4~^Z
z`b1HPjso!$2Y^G%%x%wx-@5;W($ym!a<Cj|yg(CR1}8!VxrC-8=W_gFg}oCgM!FOD
zUclwc4JMaEo}6q@Y$*1PxXdj!Njnx&h18lxnrm^X%BfkO=jR2lEDCOa^YwiC<9E?q
zT4JeGq*SO-DOHU4A&^YE<nmea-5n&836iNKnQRuzmS!WV*OUmaMZnh&ti%tr{ZUK4
z{rGYI_RCMOVNmm%zqo<@12)a28akGI(ygHpY4Po&bzYqE81HllY7MH*h+ZkcvhY_{
zX<WWcX4`h7+uriyYnKD8yUy0dzD8x%OzNN;b(HU;e4|At(`l?!dhKLy<$+OXT92-4
z7JC%X*4Vou?O%_PtUV{`CeXb@4EqruNT%^Z#e>gZWMw5{`=F*-R}@PT`3{Tem4L-^
z$j%{~&a8u9Q{22g#{)wdPS2FM<AyEVwts?cJIC0tWf1I`qD(9|*79IrU2q1_nrzZ$
zuq#E2%+;3PmjZ;v(tL&E=N345dYUt*FR{FEj&ixqa#d4yM_5T8pqw10VdYW6K`1}g
zJB%k7*W1Cbqi2hl&Mbs70a*uTV|x|wYeuSENJMTJZ70FagOxO$iLh?C4_*}ti?A{e
z(T`2)?zoW7BeUHGD9jC_Gd+;#K-ftW;1d~iy2E5CO0#A^rV%PcMxJp?whYNir@Ik@
zTM*R(Qbo`;j7AVehFc(Q%l@e_0S9~d`v+fX>=^8lzY+#2eReU_H*RUtlQgGQ7-@Em
zr8quW<>8l0+;LS7+xNII@AI{zbyfmR!V#RCtWaF8)0K0urC@r=r&94~1e&Qb%r#-#
z#(wTTFvc@q{udS}C#jaJq>?F|q>HqzxE3<K)+h`}cH|h@w1M$$8|fMDqob>Xglo4&
zDXuu>+ly@725f&1;Mg2LHP1giaEOfC<kx;-6Z=P9ym=3>K$xj8+cE+Shb{$t{e>dQ
zbdq1ZVT@>Lfyu=(1A|@U6E4EB@up{Rx_d|t4ae6I?>4bM2wV}Zc<qHng#!NNDT2Zx
zezgvcOLB0S)aD&n*_7#qtp7h(NL8=<(XCXnoqe$Oee0NwR=$JC59qI!dEbo_tk!)V
zcxi^q<&cI-l4_cPsQH3V5JvQLB(N+CKU8EgF2g-3EW5;LPm&w<j*}l5GG&(+(548t
zQ{44INw?|ytq#Q%C0y$?B%m*s;`Y~V=JxA1gAO=<Zk}h4&2sG66s7qE78dU3<WeuC
z{4Q$g4K&;y0y|Ah^%!lm1%y^;9YN%4qNc$Pq7bz4D?o>_Gp~hC<V>3}kw?3kwdbb6
z2%=gstvPNbdZjk-sQs!5AWJhaf58M5tq_?W=oo-h7rJ8*(LDjl4uelvF4}e>*%dni
zg(%B4m`)I&RUq`uA41j(=z2k`o(UtHW=U+z1}kA-ArScg_cc`_ymrv89=+t<T&mGO
zTMW^@&v@PlPBuJ+69r5c0v<itpjruVqlhmbsZ&Mp?l%sxZ&Qxmltd{_xfU_E>=Q-M
zk(R79CG$1K)xB_SXT-{xi%22p9h+dw!5i6m%Z+TkZZBJ}-OHvuyBOKNm4Qtg>FDoA
zD#hyD0>_^}!sMAtAO)#hnp8H!8tBE9Cw}X-{`3{*egBt-5A(?5FY)1bjq%R?odk0Y
zv{Hs;ibhIJE%qe*tM4x}U51a}wUc+>x`WWoFnehpTWUIUDWou}x~f{i>Fz?f&TH_1
zb*0A@o3!<ks34$r_(g)%f^h+s7DO6Vt)S~w+_4GTN4S8tcU}AEt`7up$<dmTuq;D-
zvEpul(q?k4?oqAOS)QFoHY;?dEiM-tOf5I)%h_z{vhhO2D;KLYypTN;Y4RBxr6sN-
zIdQSZ^kSW-jxA78E>~^tC7p~t0b19#9tXK10Iu(Hz!lk9>$$Zky`eJTZJ_AxO0##@
z2yc4BZpJr_A=4?Gph&)Y8mDlYl%>&Dnm`Fu&_sA8vq8NA)R)kWWoQ-=%1mQoxrjs_
zk?u$5Mj$%`$u4lR=HDPj{$mzj+cvCa8?H^y-pN3+8?wWQ?oEh}2}t)ty2t!H6+v|w
zN;5EX49@)!ap4)n<wJ<YlTf&TD9<65&!cNAu;B)95(q4T6=!*g6m$#;EC+#RpgTe1
z@OSYmwda3o!$6kQLmT?+3|dfbzz@y@4CN~98?KYKBtpT><2EZb#Y1PCygVZ~zZ~+x
zpBv?u?-|8%9B4FA<r-6$%FHh`sWc-_%r<#xx=wG0%^MC(kRRN@z@B{!ZQH`g=5d40
zdR2q|dreapTk95Z7&3M45@(K_=JLr4JbnKYOr1E#fje$tWMUXcLR-6?*KUS&3(dAT
zd1`?tpFhXGEeUSj*@38l3KT+WEl{G`2w5lv9Gk51)TuhFs{#9Wj&Wc#PcoI}syE%n
zVzJK2lc&jNQw;Uy5tc(xt<spBB(r_Hsqb}s(zUyT>r(zJE>jXLuMpN7CXgt-h6oEm
zSY9>Xyj~-AJv*?q$y%qa6lQQm*aS_VdbLWUR;OOA;nnLjs&%TRDwSfDQn5mDd6jCp
zO2QUw%Y-Z}DV{i6XG5n&S2bXAwoY%SMcNka(>bg)=+O=C*pcFVS@ZP=o};HH&A)s5
zHKbCm$pBhMd<)cVDKW)*3~PAKYu=+)0BChT);~7|_z`#^dpGs4ciYVrf9?PeJ$0TJ
zpF6?wr589q`zrIvP5+Cv_l~mcI?j84`{Wz@cFxm1)01<+U}iALAQAxr3?eB?q)3G)
z>q!=6O174yXIav+*R$7qZ&}i^Y|GLTCCesdQX~aRBtZfU$OB+<jy*G-bKe|J-0zQl
zZg&qT%1j%p(S7gSbI(5K?5bV$Rn=F_2PvwW^6^Epk~5(~htf<dp%rlp@R%%wFm9<P
zlnWAX2W#dTU&308s@dT<@>Xm5S2zjco|sljVGg2sjIY9(feVFsn7IO8nK03ca9Yuh
ze}*X6hiK`QWP89&Dg}_t36aPW*=a-~L4YQt6z-2r0Tip@(WAR_{hK;8PF=5Yc`D$m
zmjZ4tNA#oxjt*%{khUOe!AvPYPnbM=xC1<iyO>8dJW9(ID)SYlmL<o>T%Nz`GO%Hg
zM<3kDriYGl*U>#ni`FZ!IH4F=8`W6g4U~Bmt%83@hK9NsTHnk3;eDKa{VZeWF7V=C
zev!k^yo=4dH^(l4f9FC{PiggqZg6{YiHoDt{M0>3wj@J>YJ_3yl&db&i#0Ay)VVy~
zAgxPw^%*QzBWztIFUedh+1@rr4(?^@_5>GiFVT`okVzUyO`|b6iQV0U+1?(XQLbVY
zD^#*;5a0N<3<AYCtHoJ?D3TC~#BA?g4H>QU`D0ZsG)<KvONm#jQ!Q0#)aq19b(ZGy
z%umfRJwC(oLLNN|$s`>z85_;i34mnEAeCrA_kH@?Qna^a`TFGopFdOPu0E5BE7@Q{
z!UBXqml4ZFm$6xwySAqI(E2RD|M^+|=Bwv8xMu?g_O4sG<@HjHV%eqcg@kcb!ZHL&
z$D}pupxdSr>X3ijouLVY#upr}p-l@U1dvN6`Kf0Q@PWs7^W|@x=8ad+GJ4|_nR=R~
zw!4{2uP4ycamzhbU?hpLiRK!U5mLm}i$WmLQAM_~A`=3sX=u&RqhD8>R-lAl1XZM4
zf}oC!nx(!b!gRn$Af232IJ&K<(lv8c85C|ImO{w(B2#@x!zOGLVd5%`9!L5Ogq=WS
zS`n?i$Xvf5)j>&YppjpSz(4(CQ2-BsbG5>Tk^ZFl69-LscfaH-ry9I@!{gXZpG8;T
zm@13SF(i&5uyw(Xtywa*PFQUq>n^o&gXM)PR~JM6?rfclMT5H^I>d*5@+lsB^e&Jt
zl$XGbd$_x`RgHUxDH!h{&C0k?q3B(`tvvdHN4T(Ikh9->h1b9MH5#=ByASWiHnmk>
zxrqxjK{nJ{npr3kdQ}Fq33Sh;>gmiETyBh)xOlrtAYr7}W@o=asS)w&O%L7FvHSWE
z*%qkR*s*UD*UxU`#))$*m+GVwj-s84B(+<&$YwGK+g`;2nr8Z1S7qgOh}oJ$B$7ns
zB0|$t%BW?bx8!g(jNDmg0I~V1K?KD@nQEa(rBGsNYMzD3Sr%s(X_QMOG)bZ*OIv#z
z{lk59ba&Fy)<Pm>W9bo&5s|V4hUelf7m=<<x#lCRF+TgoIJfh4ws#olLQt<qIEe_y
zgwfj#>Yk(}X|S%x;K7|4PW}BX7j7@oKhVYee4d+=OI*3N$oOoDr9zE{7oj0ZB@DVc
zQfwH=F*4B3y1ouJuIs{fOvUYRN1pVZN}$=nNHjA!!w6ZaAPXM0W$>Y=ck%E&oA}&U
z&vN3}d2Wuqj3MhRrnXY08#IA|Pa-T}1r?0IMaqx>4OesUG#gz8*wVw4YA&H}6B<ce
zY0-#4H1bei0<WxgeT1?yG)pBa8A%oAH`B4DkzlpcP>75I<$}mafr-mE!AK%|4=Y6x
z`a<MT*@3kMsLn!TQ8hSO8jFykf?qC<e@iQAQS^4Gw|@J_q5z@}TI<WSRO<m(rzDqd
zxe$iz?A6)aZDQ&=1y^!<+9lL<4s0+vdCjFWt0Sv5LPBI1F*jf3^)a8%o~V-U?%}6D
z_z<7?*i&?NwSik#6=S72mFcG&t2c*LVF?>mg@j9qW?JaUbS%iB0{%4Ed0-2z?Kxik
zyRY%q*S<{{MI5+yFXkQC-<_sqqgrQXu}n50Xh~{J%+|Ot?s0pnf{tYCx+EJ0QmpGR
za74h@&exbNM~t+#kRDv8s{VW*VZpAW2U)y5&h?2UI&vwJwoQbFJ3Eg*RKo6P|E?*l
zyjXFCl?kb*Qe?Jor!hGRQGjk(=-CWbPcK>`rhn6P)vN+2Ef*;)F0(wp%;e}eGq)$H
zEf>k;TF7;_GPr4&TsA?{E0IZBbRF1_Gc=@j+8{Ph>lLU~k)BVeL1ZSVmt71bk8bZ^
zx=`oEi*sBqNcMUfg+hSs1Q=PJo6`-lDV?^o4&?@ihcq_#nSA3r=Qw+5g0q)r7@aPW
zOlRosZX=yeVx|=x*L=CbmGgPN@U5F@VT0Y9J9*^DW)AIH&w;Idn7Tmv-iq=R`s#Iy
zNLvL7{Q%jh6BhDB<szDGVkAcBXwUL1pLmed`-k~ofA=Ql>Ek%1>nyk5Bhf9oqIr_F
z3DW)|ZF-$ZMl1w2vr!J;$YRR|Em4s+t%9XRR7H}COj3(1mSmP?(T1xfR2_urAj~8f
zX_XJ4S*$GvQy^!I@{4$#%Mckfl-tl)MhZ<?9K}hfFACw6eGxXQQs`BpuqfPo8F#5D
zLN^~7)|{?clabXirG?&fXr<p~=49>1q5x_@%7(MoE6h(xa*obOUz(&T=ye1p8lSsR
zMKc9Y9`4|ydj+4ky+F|L@RpZxZG)Lbm#<!|@%b}#Ht*TS2Y==no_+d$Wipi)p<Yrs
z{xVdVW=&K$hFc=vBbcAZU0x)pt9pDrnZj)E#OUb4OlK5HL)@UDf1sWF-upN&e*P;Q
z|HdmM(+PIpwM~IW;+?_<o*&?P0WyS}Qw_#$dXyRwJJ%)HI+S6sJ0T5C2;Yy;O_(f3
z+*+1=c&L}Q7Dt8Kq>9~d+`5j7>xY>*bB<EEfo-UCQ=w@z#>cT*vZ_#MC8M!viOAKR
ze1+34!s_nE>gq;%uHv7wZPk*C2n>@T5G;((Fh4QP*tJ_sULT{BFVQ*BN9WKmo%apW
zv2Ku#&J6822SSf%W{TR)8$_eGh|DBfYnyVDLJ7hI%RvYoP3YJWgsw|%$)zuA@!|d5
z%oZA)7%!4{!Sy7SlF!(p$M}NJzKu!xavF<ykMrYoW(qzNw{9@9WrWSUcJR!HhZ)|`
z$MA3;ogG;cj_QT5xL9FkuEgZTGS{w7GJ5qEfBCm3c<$?`c;91tI5d=DOI8pDq3Q%}
z8t9gT;n?Voqke1)VOfZJZMDZCsA~#TV$r^BeQX_iH=p_HIbQtEX-02;iIih8V7jc!
z>0}cInS_QPYAn?nEYzl$tBg~u!R9W5J^dD@FsS=3CAY>*(dSCRVw8<6W)DzJ4gk$g
z&dN1YOD<+YYH|id0YsjnMGFI^e7&lYiO53`lGLi0)yu-q*FCRZ`^%8viZC-vLW^d!
zFj_K<%G}+>rTLd*iqdzEABzI;L)vYPl%@;r+S$hb0f(M6OwQCOExCN@a+McG>%8aw
z9zOL<AIVCIp6oKS^9{-+Ng<Sc=IsX0UGTW~!F~M7uYHWYdp1I&76W``sFzm-KqD@G
z0Hh=eLmD@(<Bs1}Wt7cC2o~|CC$ak0A=hujYHf?--V&rwe{Ty9JpBkSe*UYReBo7c
z?K#$s48&An@sLUYb=@Fo8{~_Ux3AW@e}~P(yHjlINszEi{7~S9s)DQJX<V7|a9Xl#
z9%@4~g<=|R=IKWPTMzDI{>Dwl=L%#~4z^{f%(uk_f@&4RG}lA|CEw-eHWB?OTyb55
z5%(SpeK1W*3wdUzZZbPD&-m3FOpH#_+S5z-maXjCFhbwv5&DLDNMsXGEvuh;T~Slz
z+OP&U;7v^7PflUl$<=xYT?gTSVWOEKnrV^<1Mq#kT7%79DW2Hg!R6T+R~G{gud|4j
zJzlzA$4ThyS?@5O5BSWnGM_n7qifwpKK`M*dGL|DIeK^-R*SQm0}x3i2t?%CGHl%1
zt9k;`!u(W`*Iz!ti(maF|KF!yVRP2!eLLEC*OnZH&=grGV5L%6nJh*sjhRVdWmA~8
zg^^BUrc-E6Qe{~Nfx6$mB$2TBg%2NM_tt(s`^DF|aP~UBuCr@6$vyoBg@%F>l8%O9
z!lgyYsWF!pJ>c*<lisWaK+TW1H1CrechM#<Vk}pv1zU)ONhC~MBS(!CK@_d7^`H)f
z5V_!%NXr5MmOyF0tyY7qCCJ(usk9_%K+@Jo5>jpij4t_kBXa-U+spMym<RO@_`u8m
zgzWyvVZaAk$j#RI<)i!3kNw<J1I~k6TS)1GAe0mq>%4Nk&flD?v3*OH-+b>nT5Ss=
z$+cSrE=+ms>K43u-RCo>JPtp&pWpeNkF$Ntpc44<g4)S6LjfpKCEDB(29gqYdW!nx
z3q(R!#V#W5)T*n$qjHI`R>5rVL^Jd_6r+SDn@eLR(~O?EM6FU|c-uw{qY1yqf@hjs
zxw*)5&!51r7kKQx4nF)y2OHZgq^G*{f@;Q?bae6Ui&egOY?%ih+QZWiZYQl8OR(B2
zPSV!Z!RY0iOi#=)*p<Pt&G_FUG}FLrZH?p0D;Ij_bvIwHwN`Wu44uWfWkxUF<lGx4
zdFxwmFmZE=&Y>Z;Kllhco_IG0o_LUr2e#6d)-f9u$S)}2kE0>Y3PU}S1WhB%=heKj
z+0`5&O<xV!X&RcTtN5}IL}+wpO)3qKw{Ddf$Z1p?l1p<QN4MIP1C9UZ>&rZUL+8lD
z5Avzs_&7iNiFdPpOE0<%ke=TpvX7N@Ob3PykpqDVp(K^H*tTaAM-K0xrL~RIH<tPK
z#Ys{bn~hy*48ue-Eg}g)t$~}*)0m&5HaCY?tK<72ST=e~E1DgbW=mKbDe3QRWzUXb
zO0MME_yQA)4Qx{<V`_v#rzLCC*O_2*Uy9+b1Y`3)S0`PvDFfS5RBi)pI(ygIw4^O&
z7Z%YA*V(Auq}9ERS)0bGPavwZbfqO*`fUa>HB!}Ec%?b^x0iUdugc*rk9&Ju9_g=h
ze{Y?`omKX<);Ky)2V60`)EF%V-v6AfQ~p8Z_eW9yzX#fzl3zKvFZ-!q|6p(K?p{lV
zWsgWoJU67c)Zo*{t4!1-|M~+xY{?l&KcrUkS)MO*VaBIehwohR*m-0Rzx&%CW7BY#
zGI2@^P%Wqs2$8DqZZ5txn_(0}<=kmi-r8h(jXxk(D&qvQp}N#sYuK`f001BWNkl<Z
zU0rwNy=$gHwlzz+Txa^~HOzFH-jTt0H;`Z%%*<8z&;R3P&Yio!N1yEF<BxaKhM-;w
zRTG97s7u)zW6PoV^A{GF50m`TNAG9HmVUKEuf+CI3)(TsFIO2K9iuH}(vnWZWTOJv
zsFUdLN0`={yS)bFd}p{)*THdEUMO?z>}B5m&YK*2@fbl6vVPBAc0c|Ed!KrWt@j_H
zqs_)_<Y8e3N-<eVY~`#W6Hq^fftE-S)$2sXC4_FErPJJ@e45jWs||HcU^q6d83*0a
zI5Sq@)_k3rQp8Y~PNWI`<BNH2`|W(}6VLM7zx4@r>>E*B`o6a&%CRQ*L4YuO!5Bd5
zJz#Wz-U>JnR7j?3+<o63Hmn<AYNp7SU%7~GXzUqCk+4)vf)J?nq3f#Jx>%+*Gf!h-
zk)T>d2BG3$NG4VR*ck24WRmRPF-+AL9J@5fnej5YltFJsiwi3abjzZ>Jxynu!}aMZ
z<BJ|cJvO}^7EZz<m$le2;NUnW<!ZqGUcvre=+evRjRk~XVei&qb_`@l1xv6zPE;>&
zsH?$_R-eI4NN+kMZ9_6;Vkd1fEfym~CNJKI#H}Uy<-m)+Hq*fUL1g$xQUGp>M>+?b
zfBnxtGB|M0U{d<a4Wb}G6O!U$gA0=$-yUsnU`K}cZBLLE3dx+BDAT6-T$&3xJ?_)9
zc|E`LyZ?-B8+*ZPKye`s?ZxGrfw#s4UW3j{LF5NiuU?7GYgQI!GZwxQfsGW=gx%MF
zXZSdhn2tp<o8{)E8`Mfgde;w;NGP1a4>i8{!dd>;bFc93BRT$$clXj73hG4<xuR+$
zjtR4+fKR`?EZ(^3@{teT$I}n)P|Y9LhVEA4xe<0M&G@Bjc&<xtM;c34ZM&uKVRd$5
zq>^{u@U=oGgxc|)B&9-)8)vU@?&UW*{+-v6W|D399%28xA7kH>k1@DyJxSrh;xy#v
zp;l&<6qP$Ii{=(D04Ws1jAaol&VkoJZ^^3Og%BU#d=_$rpFlTsFbuj{EG8B!eDmTm
zK_uzOYCLzgP9f3Hr+(vO{L(KzL$)IYjk>DXlg$Y<6@UOjCGh4Jq-aHm1X4I45+E{2
zEscmGgty50ZR^>&eHY_XMP7L09BId3sp_&+^{M*-Sz9A%3WO#IrBVh_2wtIpyRbm$
zDrIP<GYUWq<8s?D6qX^_x2X#!VRLc3!0Fp1T2ng1tr`ZZM?&BSIHn*7BhKEgVOScQ
z`yEWnAdot`sk5;+K~jsbBcG$|47Rixq-~vq=2FeibMw+Ug85q{4Ue9bV6h^(u^8cc
zlHOK>jeQOS{Vnu&Ct2UCGrAmz|M6O_HlGiE@4ZE?y!?-+w0+O<Lo0yoV9opd=KJ5>
z`PeguI<adZksk`f5Y#IklT!`8ezn2*d7qzuyptVmI;M~;7d&QXYt-riZ%z1A%oLye
zt^bpI?%t)QUYu9Nb4?R7j<v1`0NR>a2*rv!I=Uk8&5t#C)K(KOKo~k!XD6Cvf7kWc
z$pn5RxP0;)nr$<@Z3r}t%QqJIPk;R~tyY;|eWst`q)sjG#lVd~*Olo%wOHrBzn<s$
z^HuTCgM0af58p#Bmxw{d_#|t129c6<F2~I)w<s(uv7sl6Wtl7S4BfV{+S=l7FmUG%
z4VWgLFSv2;8W&$Z#_4aqiWEBA9(sU%Pd&w5Pd-d%ZyKYPS0;WXuh@|!3RQ0A+uRXp
zfR!@nrf`e635V|!E-j$hHd;$=RjI8gw7AA1<{6X{ED<7ufU7el$~Bi8^8vK>@~MCI
zvwZX;k6<MX@B$=q4L2dIRR97X%*{xVhL{3X)%2+X9fXC{+YwP6;TP!~>|ocP`?!4Z
z2CtsD!j1U~SLSM5o3C+eslja7qwa@f9F2^vaxj!tAQd1TD+0r@(KBh9g+OQ#x+Umr
zO|ek&Id^4-@q$kvVY=vXd&y;Xu};0xpv?|hu1B1k@M&=beeE`;Z4yb1l%wNCaABf>
zA4K%G8SEUe*uODDBMi7O*&yX;Jh8>${tY%mts1$s!Bjq?(14*%gTbC8xmJtCdMN(r
z>t(J_dw)_9eCF@!G~W3%|99hu1_6x(`&u&E{{0)1bP!5El)_4wa&fuF$tz_pjnz3n
z=OZ<p;Z~EREeO1bxj7FRz~5c=xiA;<Gr#ga9)4iI683ssnfivYD(8{>-a1WyW|*p{
zUf>}RaY?+qGl5RBx=Wenn&3gxB#*Ehi=oZKoP0IO<n>W%h211mDNbJ;<MOpJe(|wZ
zcD6w+AJbK70@Ku~x*?<E72dvB<k;l~ixt7W2iDWo*8&w+oqUC@Ma^yHZykDu*ReD<
zPPyjdSQgC-cNgYKjciZ~U@ftUCctu-yfMa=Q<u1Y;tZ)&nmtcFP2cX_4Da5G5Uz@x
zxOIi41S%SUQ27w6RW7WFFf_*+!Hz90p=;=^t%QrS$Wj5>=!&g?X576wH$c}F?_H$f
zhmyO7G9232#{Yb!jOir#<zM&^AO7G&7>=g$)nkuFyi*aanPPJj_$~zj2qF~<Gl#$}
zLA}DpExml|cmIHY`STxRIX|tq84Hp#<0VqINq^2_xXocxPnzw0X@=SpG(1U&j#sVW
zUATa|v`B9ACX&PJ2t7|8J9CSZ=Wlc2`Yhv9c^ZDmn5*#@rve;3#F7D73))h!y~o1V
zbr$O(XK&Wn)M?VzX=2(Mo)^%U(@7_ECQ1>zHd?fHIP@oMKHiaJsV?~YQzd*U*w$lk
zXrqI)El%F{`1DJ8{`{pf|Ek46uh`<tC#syfQUCm6S^n|u2Bq&ICI963p%p+iV9)*y
z&bk37gnC01%7Gl4t#W>}%$2DIX;WhAl1#$DBtkb#W@lZzM!?mDkZ<4c7~Z{&pZ>{5
zFjFQ7jrv@HS~(yJeVmj-rX`^W4iw2jyl|V~9DqdA1kT_f_3PKrEHlmoU0u{Gttd5t
zk<KV!t62yHs{#-Pw05+x<G^k%zx_62Hzw)Yu%0tlrWkIO9OyHV6%Qf<)6{Xph_R_U
zw<jx1%v5Pl3AXgvoLgv6Sz1)pUap#>A`!LM(38dCy}+lVzX#i~Sjg9CNhUB2Q?W;t
z%0zAh&5FT6G_WnI#VXfcKf{&dr<tCbXWKpZu=Sp!3>`RtZbVR7AX=Oznx7)7H&jb3
z*8^QgZ*9YD?^2X!E9t@9iL2Zph)wHBqB#llwhqGl5?Y~v-rJ|pc_Cs~Eke3=f?AcZ
z)*z_6_|*!!S0@T0mg|xaz3(AD@PP-hlBNn-u06-<16g@nQNidC%!AdUSZ|Ot%@=Wp
z>ylCpSR#pNOmp|)5kCBj|C~SmgWtkQYvdeB#)cpanakI>y-?%iM46p^DRvBG*)z~W
zZ_1z+s18E)nQ26$%=ue$@}+A9o`2;cH)qRi+O(cMhYs<cpB%(aCY6GYA}XaaV-qu+
zID3=7ICq_PQKvU6xK$90&AQlH1<kQYBm`{<Nqbh~);v@^foT|2UC3C1pSdT)Ox|O3
zF{J20cP4@3m^{AMX1W^j*_R9a^=l<j55?%IoBnfwC;!Xs24g?C1gr7GhXFM)Fw}0g
zYQD$u^EG*Syv|a=1q7SBY&N!OOjH`o&V}d#s<n{CMHfv<UL18POM_qiwT}`us+{@y
zi{!`0sV&SAxGu;D!?LimDcXBF85|j;qq_rKZ#55mWgC|y2G<c33It0FXr{5!TzA#<
z4l$Bx5+j>fsr6oyP76R3kw`fVZCTHSV{bEadzz@dpPQ3;w)8se>M@BziIgE@a}7o(
zYmCj-u?^TZoMhK}hw;~|AR1Cu%7WQxf`(MtdD#|35}I9vS6Z|O0lfpANZnweSYv%}
zE4HQ#U62Ho3VJ53z|2IF+ZS(g?X8nseCssbTek4X&ppM+!F^=f+n~IFtX1%DUL=^E
zBC1xAjT(dzVW2wp8Z9~GNPyYXyP8+<&fB^6p2Qy^k_gj4%Vr7Y=hXL_7P1lGFD>B}
z3;4w%Ua3sbs3ZN5FpRK>xHMbgwF|Rs+P;aO{^*l*_2pE}#)_r!4p5V|b5N<ZB3g!E
zl1T3cp~ur~daoKn7!b@UyogBU&NOcDGarA3FaPc5S-N?StQld52;C4^n!qt3iUQ7#
z6}T`};q-W!1M9NfJDkSWB5FazmtGs=JELcrbZzc^@G!q{?_PH7SkHzH1GIE?#5EN0
zbwoae`30_DpWxJ~QNHu-Q(QQHg2rT>*0hhQLDqJObd6kABdJRY)sU&BkX^$9Aq90W
zVq?3>dv<4d<y-+*7?`$6h-zy36Nj=KyIK=3T&P`)LjGN`l`l^&Q2#+ickTG06+k9Q
zI;e&E$qOYG7d=`t1_!sMNa`AHO~(-tNz)_neTsF-T%~~)hK!d2Ch{(aj~t{ncAXc#
zah}PmqnMUOS6?rwY#P%vDddYxox6b+1q^K*V8foB>^!&&du{Pfyvyr}1gY)YX^f5G
z&(9Fmst_Z;=mus-7tY`iW^3D>=6LfvR?>Y#a_u>~*9}sfoyVV;Cts?uwacKpRcB((
z=lty&qf=@DZ|YAl(x0F^XOgv{SPMxf9g;eda#aL%<^NlWq{<cdJ!Qfhad<BZX=zPk
zC6kn9ipr(Yg>r2*ouE?1F-%-vaONAwxb*sQ8l^IOo_dDONAG4}`vz!KVE#5yegXID
z75v3{WTURap_(3(SH=pZP=p)Tlmhr(g14$y)o5DVx`Cd~Kq^UnVS%WAmY`h5E0ypo
zW&C=B&<~XLB{VccfnLXM6d12){Q9pw#i6^mE6%$3i$#3Cf6NAuYhFntBA7%YL>fbi
z4VNb8zK00rA-GMmBe8P3LNcj5zw|FY#qa;h$Ein<)*zC~J=6tQI@pH54MN_$k>~t$
zm5JpX_l;!u`wPo_?Q(&Et(*BbzxXWoK5&4Z;cgW*2_u!5wsLbK5I(t9gM;^N=HNZs
zdE&_jc;Rcu`O@Effxo|Sotd)D;eLb7?HU9+S`gt!lBxLy^;#0sQ4s~#m2Bv;xtP*e
zs7O31NSF{xAzCuJ>}a(}IPQhI8-8PQ@<$VX_z@I<X(Mh<)ag$pIkcyp^_?c2NsU4=
z;ATw~aV*s$yh!rq<qAjIpgScvG3BG_g003PZ++o!85kMi==<MG_l7|-9i14KjR;))
z`~u~LIp)XbxOVCsFMsg`W+!Gj`sDrOl1(msR#u9cYeBO&<9ButRVzepU9tM6G8nm5
zjBM_^j#<eoXpSHtlSweRaUEAroufKEqw>9@i1FDv-#AfWq2RN=&tm6rl7UVK$Iyr(
zm@kJEsv$isHW^(I);yvhQh5h<0_-GcjhMNod45&RlI>_`d16vk^TmQGB~Y(2H?_$5
zH_meMmAB{`*~0xF{s@~6-G${u3e~Syk+mZAbLR-=W|6wFCjC_+qd1-($LqsJ1L?a6
z%UQh#Ynh4HN`72b8C5DY78htNE#occ@oRNLZ;HtGiDIx&=!U8>kEz%adc>`z2B*gg
zY}vMnqeu3jC2gWwB^F%~pKbMgtCS3DaS7%ANEsl4S(+fFXp*N$4;dB_(p~wqI#PqM
z%oC3v;Lk?3Qk}d?rr8rFj&L+DJ7r01U8CyzeDm@W*B7gtnrv|Bk$d^%uYQOFN47!~
z5LGIyjZ&;~s6<3s7PMX^+#+OXbI8xH8)p5+b^Ou)`=|WFn`gO|582;qFqBi#g}M(@
zg^=4*H3oXXG7Tiqp3<;Qjq$k#mAXgDu@$(b2^zk{54n;t_{S3ae&F!~D}V!FM(ymG
zDasuOwxxLFo({Ra(*ieA328!*G#lK?`z%&M{7~}zxiXs$I2fA2?R>~UQsRUa?)l(*
z*>vbI1DiGg4XBk=fsf}af$1Az)AkY8ZyDmm>t{Lftz%Rxb)Ndk$4OangrFJz3qy3<
zMDOcUoql~+#nnxF6{S|eU=+7od_m0^cnlPprcP^T8?}ayxj0WpYl_La1-^DX0(2g^
zE5~q`MK);=h5|2;BrLc!9WYY}*x8q*FQXH9z7(1+jE-)!Yz{1IwM=<!jei)BY0Y66
z1~oSzoot5E1UIhSX8hO{ZjX+$>*0sl_2@$kZr`FRAQu*)S^^nTzjg(GdKyeqiB{As
zfDvolc)1!SUE7Lmtvl5GKwL)Mn4Q60T*Av2aLZ-9S}m5#xPPCfQgjUgmLU+j#$q|(
z=6r>T<vOP(Yh0YI@rzGvWb1HyoXgP+oXQmyuwt#PQ3`k9eE=e+!49T~X@g>6mn+Xu
ztQ;G&`A9+1&hzk7PxHn9dJQkq&=o5nnx-rOQ&ZM}Zc5q`g0XVM`5Bi-pM8u^{`$vQ
zzqK10b=ACc&6Kp22}U3sq&|$)`;@zegs6(<%=50tb^|}pzyG&?%C&Qss5T@gV#^~6
zBis-!&3Kps5-E#Z+Q6@c$RMQB@L5`@(Vo(!Wm}Z0QY;pOpj;2%I9>a}5`Mnd_`Vdt
zHj7Px<UrbDdos<)Y?aOT?oDs~#1kECZ#Ri*A(0elhK?UJ$mkIl=K}JzkWB+gZY}v-
zUJSUf6k$q_oqM<P*hfCVwu5^yYy*lj%B1pLm2bWh_S4V>436}WY0ID|5}f+Rw@D-%
z-t&=1S3_(~r$1ta4_=FRLFF#I6Jl;wiLIi^>MeyfJ4px2u~{6S#I5R7t6;RGd2(--
z_C(ypB?Pr_L!v0+?VEM3FGM{3=m;Bkjv#9_49iCE>{fn1auozz<(dKsx%M21ghQp_
z(M?1Ygj}9jW_)r1&rWglqaS6<y+=r=bXXVzudebX5CoM9?$|iQJq-n`v|<7gvkS`=
z+)>ZAs05=hyb}Zz0yKlDUZplQNque}w^$;m)rjIwLb91R5Jl)j*gAMo$c=>t*B2Vh
z6g`$J9`j|7$)d-6HK042V&8^t^n{`4s#gS-)pIxhFbssQA+-2;hCmS4$j8r05UJ|P
zHOH=PhuBmDE4Dyb<=s!+$6x*Nf5g!QEe1F`Bn;JjLleXtj*?mkHL0^@-%kGJZ~Ywo
z8#<w0joWsuI4#_H0TP4-S_>jZZz43%vJiS`a*lUBw3YdVpW=`H!+*o9PqKHwCZ!9C
zuH?e3&lk?S2qfFP0<;Ev=Z4SQlK~HJFsS8gl-f-?T1>uttVpR6JfCp5#2rn(fB5k|
z6~Gf<PwCt{6Y^x;G4H<X!203#woLc*^)ag@tni5^dpXc!N<Z(a`VdWJSVawwOEWH~
zCVjd)68!8#gZ#H|Px9rfE(6Js{-Hh|`<aij>(G8x7P&C4s>@c$6q@7@5}K6Oo=2|5
z;lU@5P+Tf<<L#52+BnGmySBy^Q}WJ*)bs<_vdJ_F7}m1htnJ9Va;PMob|8`A&9}x`
zj!d4pr;}$M=%k$hx8|$I9Iv{pt?}xO2G5-+F}!|&gNL@G5B5N{4w^18EwK{+hj)OG
z>O0c87If1@5jMJ9zOlg7Tl4hp+{WQ&pJd~K-DqwJ7K^GN1VOU|+Mk~XDb=ErYIh@U
zn$om!H8dn4QZukOZdn5W%9V8Kpje<fIZ0z-0k=@Zt5%U{s^`3J0IK!1V+w*ma%HB*
znTayDm+H(FJ*J92VHC2V6<Qq~KOtGFO7;wNuz9FgRd34J^lwITfSCUal1VCyMP560
zg{wEFNu?a_Ik=haI|dO^hzu2}>1yAmD8>Qev1$k?YaqUMDJ7dWw2^4*qFS1x&jCl5
zm~q3^FqUOM5=>MjPNs!l|Mib4;cwJdgr7SUi^3ALHRK~g`bd$aNkk&?L8L*nf?4L-
zXOD96;wXRpXMe@JwrV`HH9;*9Jb$^tS1#1~^xF+~bP0$gXQm@2Dw3{@&h8#brC1X$
zTyy!tvC7y|!Tpo>FEf4q`w;H$XMC3e_*Jk^SiEP(-~%JO*YEwvk<BAJHusp@whZ#k
z*RFBmt!wh9AMfU#%`HUB<=DLxXhIUy>dX~9{^6>}<>io1J=w*5>svX!zQ(KPXYfLJ
z{KM~O$Nuf$RUkjB%vk}=Hr=aK)~o(7C}1p`GI-as5A(V4+r0Js%WT`dnS{Zrzxd9L
z{++q=vCxI}8fZGgu~oB;wcC*pSg8~hJIDE%karzP@rg&;=+Yu;rC`m1lO!z|D};Rh
z?Fusui;q3Jo$VuCfDXy@s<5wBLhqcXlxVt+9|`7{sw^&5nV2pxa^F$zde5WuZ&|NO
zpeyBg*Nzor99|3xr4_fL`S#ik>W<cCTX$l%wZ|0SN{RXTWhxVsxC;vk#dlq#W`JSE
z$AYa33`1kK>~i9Ak@Hh!#+K{MmppVLwsz_q8Pw^@SY#}XR$FpxBH+Su$cD}q`g__z
zw*bX*vqnWLFD{wj<!_$h&;I%)PMjNKF<-@U90vQ|<|m%m#V`Nd!=y8|B3+fui(EDT
zSDwiogePJp3Cz%3Hg4O-#n)#^8sZL%L684lb|uw7=NFFb;_e6ThDHS${}-bWMDJK&
zD@q`0phZiBM!RD6LG>Synogu8(L6}C89e=-qrCjeaZZd~<bjbS8`@3Yw+Cbt^7Ts%
zUamqeWpHqlO@A@s(wxs1bSa{XJ{RVqR~O3RA6A!n`43j>-+$zBhXOcgvg0L_Pj1~i
z{KUJTKC<q>u3^^orfEqc15Yw`eG(z+>>P5)_#Ra+jBl_c^nH%sDD&LuDre?Ho<7jU
z(e+uPM#zz&EQQG#*5C60hmP(=mkn5+T|?->8uX^A1jOnN-dx#1NN;zVUH2d5)K|X3
zspA(pdUQJk?>PRu1YeD?R>hsTrDD)RLvLxt8W=*;*37{$m@B%xb!CptLk2(nP#Zl4
zRP$=_N)a;;8zHwAeE#aS3U7|Oy#L-2-o3AT&HQQ3LtV@r@2znG1XzwvAO$n|I!MX>
z_dUzbM;{{Bm4(8L;y-{@>aONFqy)oU&FYonj@#MHZxE)5y?qyE|3G|=CSHD#@~xZH
z=NIrRRYh%P#DWh9DX}z3C?hURS2;ad;@V7=>kBUVhEIP+BWps^(s*!#!;y6cek5oF
z8m$hzHQPWl1^w+Aa4aGLt9=)n0xZxhgEPmk@o)d|YkceFOYt=sAOdEmN?g7=gJWC#
z{6`-kl{SgOXm#ITmHd_G-^2hAGEVW3fJg5@7nd~+Qwvwg!sO~BT54$Ywzu)I#}0xP
zAZ0|eBclq!tpSVQ;R-}DL<{E;ehTz%WYfir0*I<a(nG7)ICS?8-t*M`{KbE|%;iO&
z!JJ@x!Nv7L9^GiNcYTV!t^`BvI&LKS^h-r?a<o=lu7`h^uk(e`Dwp{&3O}q-09)aR
zpELjOcRhLNzK{RZ<NB8My*QdHsT85+aq;>bm#)vSXV_wWGQ=w>4sy$csb!Cs&K5Z{
zR_F9oKqlkx<gN}n(l$cZSYE1N+cr-;`#8C_R@G&-QC2t7(7|>Hy#U=YRo;KYU2}h%
zH#_!iL!X29?d9}KFZ1?y-sI@LJBW~IYyIl)G6f*=JQ_Ey;1}|0_eT=ds%W;2)z=pb
ztp=LT)!Xx&zi@+(Je1?eh6J^I%-1d@hNd#ou1(i@?nH%GFW2br?c}lTophxf5ayb*
zu2?T>Rjw%pTA?u0ZEjsUfm^FlaU&l7$g}Ku<bIr%7RXO4_efi_>o<Q%Me*&dTStBJ
zCVBw69wX$DR3@{O7+u}i>o;O_b%J3Kmdg}xT%$HKi&rWUctPA0LsyA>0vuCNbpyU}
zCC{nJG7BY_`I1Z87Th~zv986YEg>k>L$1!bEEYYMsybb*4vuc(m?6uai(w^c&7@f6
z)?afCLLg8HQvdyPZ}8Ha*JF~Grh*h;n^Y<;|Nc*&=dp+Puyso}YXQLK|CFH>yA~@-
zfE6hhB4lu|4@=h&LN(5aSk==d4>VopJ^MD2+0Y-mS*ufx?(q3nN8HC%{hMr{1viMo
zIfRx*Vn9@aa2_cYU!#`NICOXqFFe16m#<!9dcMI_A!Kv6$rC%Wj0|K|1)&VF(vsan
zHkT(FQ`JWJ+-Q}H-!*|B!!Q6Iu-WK$B!BaPrw%>%$$$19dU|>#0fI_H;QL@3a(1c0
z{8EJ@J8ilX0$peXhTzoA0&iU{a(*IULr$YJt+D7!EW^Zh9P;&$nfW~HcI=>Muum<7
zMqP1U8X61p1<t;Hg38=1mSfSgc{6(s??rD`?5#~xjcvxPBk13;gPSK#aBXyk&Fi{W
zKl9F<`54#>N(KDoMb!pci(4`W0pZd-^md_yUr;EzT(~krXEJ2(fQ?xX@uiB-o0?#$
z9CG4nnaksKiuH)JC9rgX<v8G^luzB{pIb3k*H{8gzflOhP~+r_uW<8?w-9a}*ALjR
zZwF4=g2FV^imYTRHdlNTPlz!RGnXa1dmoMQ+l2KhIv`RB^mGQZvkN1aL(8=yJ(tS$
zYg8wvXcUVCp05<4VWPUaMmUy6#SeMm$}%T!7gg?j$!9~G&L{3p(wjE1bd8LolTGQ^
zj>)dP$6Hs5ymY<JJsSm^dNo1;6)z-{Ops0_R03BJs5X4f9U2Xxn=DN&bNa#rVci4U
z<_;w(BQP{(#}>JIeU6RmJJ5A??Gk12NK_L|8M}^msQ(oYQYVv5BLsx;dXn+6UIa5W
zft|4V@Le0AtzFeJtUfScExDNbQcY;FVrVL50n$TbmMGK^ap+QAZ@kaC6}E31VEc{{
zUi{)E+<L@F4*F9dg+{)iTB%j*9*Z|BoV;GA;>oL)PT>a=>+gRUzX!$_e4e^*|CVQe
z`4`_uPghRjdP31{MN&1xG$~hH>eU9hltU)1Gdt&T>S}?@V`U^7M~4$^YBRWAtT8$p
z;d&vap>cb@NZ`3_-@P3x>8M35RlDQDa)npE+@%t_001BWNkl<Z^i}dpC3**XC@vLQ
z`qpa{3l;8v?6Au9x&z<?kVJvUmR*||J${_gD`RXP>RPoHzU%2j6hwrjGMcUvY1*o1
zCn53!q99b(wJyo$%Ur)XM}MoumJS`i;bR(#@Z<7CjWgE@j4cGL>$KQ6qBCEsF;fo+
zvpGm-;zXl0j;VOZ<UwE>)T%DWUU-S?$4)Z1dmpWufq(oY%d-o#XHB$voZ8)N9J&S?
zQO^0QtKswyVB~Tt#aC#G4aYFh5(&^WYPWAwxiw0oP{MC`NJCS(0unS4VH%Q>=kwJ|
zMUIb^7+-er1D^*snK-)5rKy0>m#lBsskkcKm&w><Gd684HVz>#Tq^SyZ&f%t+~9$&
z4z{T%;Z0qGaz)j7WD=}06l<VqOikx0Rq87kMpIoX-5FaAnjl}O5{41Ft{ea@Ht&TH
zE5fhP4s~x<5PPA6G^kdpNGYj@g0v}-p;R53LMR3rM|#?6ZAlX4T4L^jJC|Lw<{fRN
zZ-Poi$5NIY0DcY4YsC3xI;vkp{0)IiSAT}yfleAy<M5UQhx!FmOA*Jf7SPF~3#f<S
z3(3v-fW?Y@qb1AS|4xv9*kOFjVnffmw#N@1-YEtKIwjSHkOFY4h<a&-lpzcy2H-dv
z*QOi1_T~cliqGy%S-KKBepQmQ6iO@wguYMY2izE2qEz$gSvP>?*swIC7OrV=^~@ED
z%S9gkz~glGb`gexZ++=SuD)@C_1iYEZlG&Typ@$*P?M68^*sb=%uUQF(=iO!euy;^
zsD7k~Lrh|YNmdgAVVJ5qFz|thQmMl2sYSMB4Td`mLN{W1zRJa06{hDKn6|;Y_O~(I
zp|eo&5u%2jN-2|F*H-Hc?x;C#I;avXlX9`f+s}W8%Ws`w)BO)|_p?v4JfEj}>lzbh
zFEZSdR3xP<)=X0Y#NzQzFi{AMYzuebCYpx7v_#>`MH-9Cc(s~}6bL=eGz7=g@q>u3
zU0C8<*YeC&JUl<*u6~1ihtsU@Ft811wOw9~yBqK7H)%_1+@1?zxk1ehD3pBi4awDo
zkShxT&s_<~HzGPZ<B(XXjHuO++2pG5gQ8~ZZXxNY29{D&nK~;1-AvMoA~vq?z_v{y
z*|ZFsmoH-oK&*g*YyKs^UpjL$vludDydufyl8hxt8BhyA({v6DcdMXNvsi3p-0|WL
zH&ZhVmKF+p?zy+QaCIKrGC6wJFi$?RgH%hJ$X}DODx?Ap^@xtn9Ky-a*(SJqi_P>x
zgzKwFjxY>bvVs>bRYWbU-tdF)jhDxM@G8IWcNlXaoA!3L9@(;W5CUHyB*LvDs|5&D
z$V-bNT3eFzbR;={rA%d}jA;lSJlMt7{v_3c%YyG==n+8}kxS{=x@3H=NTF224<npJ
z0wW4z{&WTO)XP<}9bNPd_Tr=xpqm_g>_MLYuYbwt<=YJOwWGytj#fc4wYU?GNg|u2
zxVWr3p+t=}H~S7$5zR2rbFFyOx6w4UP^63ymW|QV&#ID;G#W0;r5dRo9mCRi?QD^=
z*HtWd*M=n9hcjdnHnuJq%}a_k$<S~cU7fi&ru2`D=2R?`rNxST`>Wp+qo*#g?a{}%
z>phRt(%ng}e~`<)eN3J?OZlFi*d5tB4_?cMaEES-U5cjVAyjcn@%mLN<Kwuc3Srz1
zT*e7erY<mbjW=#C^UaHkT%WHoUhqj;8vA+;-oL}4J*_icmE>zaMK@x;Cb@B?!5b4U
zh9(Gr5JkJ?MNo4kRZkEG;MYP7Qxb#$uF#-Tfl3v$?wA}U7SJ%Dy)VZDcW>n6rCAzo
zbcbbw5Kwb@{P8_(9PR*3BEnVWC#7mWD`F6^sRUMj$GDJ`urNJ~CSh+Nd7}Y~o+PP(
zscR%HjlIL&E7*|ow3L&u3IMJu^9X@vnq0d&#c%wZ&+^9UacVUWP1pI{S5EQFYuEYh
zPd>%aa0j8^P~X|KP$TH<Y$w&y!YkJoIXYsquEW9$l|__FY0T6kacVpW7s|nZ$&@+$
zLreGfF$_;Km`>Zd?)EH1n)20ZMMU6%K!rIF^mMh+-POXGi*t<J-^LRM+v!SL=tvMg
znvhHt0xFG&p|&L1gw0I8PNU&t2mzr>6x7gUoDAZJ>^QQY{Cplg&OD2Ph;_q#BvNTg
zONE#uLW>v0TJv5*6VTJu#?tI8XeN<#(bhJDShG8V+9A!}LHwz4<$;<O=D<3vj*itu
zsp+b_P870G4Ee^fJSVS|>1{VTv?WPT&c?9~BET|qma3AOLdbnX?ezDys$Bm&PR`0=
z$2M7*EAhrZe3P5!F3Y`7KPB#Z`~foUDOJiG*4S|OT`b+c$?IQxnJ0hh87wEZY?@>l
zf>kSE<&8D>MK^HgXUSi<fLkmnD-2D!r%{L@1ePhdI9K8C&o42#RHa-GIk-;aecKHF
z;fiD|AMmGd)d;1)4<uDTqTotgS7Jtx@FcA|<OC!LY0(AkCgf~Ie5?Z<8ocBSUar)r
z_^x_>iv<{HfNiO89&yrA81gTE>2a>yF7TzVoQBAY>wI)@eYR}t<M)5#8M?bNtaQ|&
zspr-8OSvlaE0#aaS^<cJ#`)9d$wY!@9mzgT@RBch3&>d#%huS?-KG>k;43R2{+6|-
z|H|sqHRflF{O7-Xg|B?;dc1Z3KcrTx@E4yuPA;3~Km1?Mu0$e4v)d8^+p$O`End1<
z!_?rDkG8U-SK$PwCS397-zjqDX5&xXI-fnskDl-UPYpvi$Rurpl&P;~n8m^$YXEQ@
zE|1Re=J{z3Z%pyfJstF?P5f#^q(czroS&TW8C?!}_fUeiT$<5^271E6_Ny#SOyX}@
zhb>~XHuUN2Y$KP;VCqe+FToJ#D0bHGv7Z7Ughorkq@qcxl?o|iE$G(#6$^?`fTJ_K
zL9yosKAL4C9ETOhI<_p5=@i|at=yWK;H|Xe=#DhI1|5=dS#A(WG!am0z_sZbGMQmy
zxEsyX6a(YR1moYa*}u3@=Ga%i#n^?b9C+`0+5gymGM!BbLLaJmXw>=tiF@-X$*%g&
z^K<WeFZRgDeW`t4RI5~~(yjtY2ulWx+3W@krj5HzgZtP$J)XAP?KAD3KHi2IkKJ~g
z#^WArFa{$)27$FNC8<>VzGYQb?t4ZqvBz8Poj>k-5m5r$=m6dKoT|)-jCk+9d+%@m
z{l32)yVf$ibt_YsFLUnovmAK)T}Y`+n3ISJMou!()C59!^yP~eD2<HZmMdYhl96aq
zgJTJnt3H4E+8h@qR&ZUzm{;d4&P*xJpjmRE=)!U-V8DX47OagyPXdw&fu$j3LDB*l
z2{jE4rohn>0!Knl!YVB&uN0YEDVZ}gIRWcd!<qp@<k95)fS!SN{>y*<AP*i|%h$ej
zl54|rba!{~&Ifn$vG*Tj|DLr7ONWdj+W%XbtiHu%*Ia*%;L_O(EX>ZcJq|G;*cO9c
zM{{=oU-JY7Tab%|!f&Mn$<C&xufNYJl!Bq*S-$YM#|$v41%v>kT1xz?$BRd=a_Zb}
z4jkA>;J5UfK%)X5-w){N>Ey<|&mTXN=ico}CKm#6YPh~IHt+r6TuJ@Eqm>_@?H>(0
zsaYZjsMo4c6;Q7?ZLcs>?B>l`o__fvUCAmRcxW|SJ1o3q53Pi8tSO^XpPR0;;t95O
zICS)MvUGNu%)n}#Y=XJLYq$^IPu#LiMHL34-?1%>QL2$zvote@=hlg5GDiCl&;)4|
zO<Pz8sNxcq6u9*oX(!SA%q^pp30TOs4w{q`O4mr5x&c$O%S=trv!y4&+wSS%K)(f{
zeTEPSrAgQUM}}%VeZI(TJGZlIOCPv?^M0ab9x<Ew`65TZ{T$;LuW{#le~SH&JU}X&
z5~#rB^Vcd61V|}(;5`rX?BWt5uf9gQEyd0|cOit|R3XjAG@rq;aSH{O&Yz{0&*RrU
zw6xLMtfy^(W5KsB<@vkwc?y*}uCH(`fh#oE7XyN-W|Ix~#9>_<qyZa2TtXuJXYht~
z=r|O3N>eutiHO^fv?1we5;mlyVIJ9)fGab3mX?cjNML#n-QA6_MHpu{&m;n$fi>;?
zi=Vrn_ddRdYE|JlF}gZZw6~{d`US!j7R^;??yzVv0m35^YMQVA_a}&3n%ixSwggIO
zx&^dLc*BL$J}9Nk*`Le9Krb4vrA|zQQ2^sNQm)U?=sYVkONjPtsFaEDm}#`s%q^^N
zb99CShc+4p9u=NRL9tk7xlrO)K721JNAg!+dPdxsSVkkiJiiqD*SQj>XQBK9(C-gD
zY)ddxC|3)!a|>-7x_Uzh=7yRnh}-(anIVpzyul|PZRhRV)2N~j+s&JeNhp`^441hw
zQ|BE!I@#P2!_K9sX@$@Mn{VGw{?b_%Cnw4F#b|`G0!_2`n}kH1E6=?_ex=Hx?dy%V
z^%iGZbNGuhl*(1AKBUu0Zaogs&lc|8NZSk%aaz>Ha3#1hILjaW#dCDG!KdE8k$X19
z@fM5tjketoiwWk+nrAMSnXEW`<iL714P;vC5?U_mI4rN!IPskqxpDe32j25;_CItl
zsdNkirKy#nS^?#oFDXr1F2&nE^3%NbrLS}O>E~IQo#W0&@56EIFsHx8Mz&+D3|^x+
zG=x{Jp_E1m*$9QjESN0R`24F=j4c>-UkOP$kfdGBE*tj7G^=xvvII$~i3{Upk1Vdp
zkrn{96r|&tbWD>;m@ZF3nJqMZL`5T);I52ja{-Qy<Qbe>=B^DrFfsxI{pi)bM%qTc
z0Bs00nNF}ilcdoILn%-yOrvP-sSXLPxwqU({LwWn8+q&vzWe%R+N9vFu+T~Yo(2_W
zu!5ql1u+47dK$fdw?=y{j9fReZ;T_)A)QKx=2?qL68=Ofk}*jp6{pFpqjTX<C{(D|
z>U6aw`0%^-F+01=-#+<<udD7e7fKxYp2PlQ95T?1&n=cNjtozN2tvvZ=W9u-D^+pv
z>LlH1mjm0|Nn)cs9j2mdaO)f&t@7OUI_(`P-m$Zj{_ZwNrc8*$t+MC-yU2ER@%op(
z$jt0gSQMjBC{!eY6G>*r7Z^EthTN)tHmvJy$+d2gc;VdK$#GUHKFW>}i&;$*B9g!j
z=&f77XMVQ&3XG~;DtSEp#!V*2rg-dN2k+dOBq-ES+CYp81h&xBeV?b!7J2qUnV))i
zC+~i6Yj_ZvhXKsm6^nI_f9FN6pSj4s#~<U4NA4q)bPThohdmE;OLIFR!1w6tZsYJr
z-iy`N!PQq!@a@liiIMB0kW87(E6X&Mm^=D9i<d4@FO^NYLr72(O~TQ9?c5x{`Q%Lo
zr;4o96kZ_Nj^-EQnqSGn<4M?+5cE5O4hu52AnrgSW}Jip7Pc)IXw&Rkt+{=pW^2D@
zZ71}$K`v<`d+E5*0AkWG2_XanNx|(o$<5Ijt}YZIok7&<aP0<qxoDunbV#ULqfscO
zP=PWC&%TdVL4&9x^}ea(ixx$-;qMPWAxwhVsdF5C<s2gmdG2%+5r~;V`7@5ptTgkU
zuPShCSSe|pUuvx7EyNNDBg<m_nl9GwT#xpG&>3m8VB>U9Y}?Y$JqNdgZ_G9=!n9$}
zV{&4Km?g+2EYNj6{o%XyqYv$|;|c2>KfRhYKLFkS$c9X07`b+1?%3sPlTGOrg_10b
zk(mP5$Cuc-F2SY_o1kW-q0j*q0k2&vaB8^1a!s>bQAi<3_jHl!=q8zr<CTiUZN=_)
zy^DIG$ag>Ymz+L%6+f0hCX)t_JsxN9)J5L-@|P*sect*0he#zONbDA=7jCq2U4q3t
z<+@L<tAnUZYlB%d_(cm7XqB9;3^`1votQ82ofprucYU0X986N5TfwgzZAgU9v#J~L
z<na~0adesfwF5kI-!{72Q^t83MJNEIpzaBdK7E8sZ=7b=BM)=voez-Bgv}?sx&iX=
zBc@^8&W(xtF1d~r@BGMPY`y0I`H6Xsf90Dz^~ZnCg(D|enwVzxl~*WDOyaw~fyy*G
zFL6sSy;9@feRGJfpPFH|=;GDkuz=slYJN5idlP~_N076P#MZ)`{iI`&uwx``i~gKq
z_bQ+Ls}<|Jpfe>&Sc14M@U>vJC|Gd?*al@+Bf{Jr-3UnBo)PSf`5YUbXFOj8$3aev
zqc2@US3I<op(JlI?`HP&n>D)DVV+luF!fo;hGhttWUp(Z$g9Kr;nOE@-GE0OliL=S
zOQD6v60ph=#4OGAg`&|ITo*AogmhvpN2Y0dNq`_=*S3Cs?U&wRiqYyWT7_Mw%2jsU
zwuaAq;t|?=I#Ei51_WRUhKI(vc4d_Ht8%RBZ39=6%cl6(zwi?rJhby?hL-r~2iK5%
zD@6Rm4Exj)E34qx)#2IlxxtzAzAXdhfen_uo}F7^e6GO5+v4;jCCXD+1XO*GBUg%?
z94xagC)w6#^ZboEg_<&&L86Vet}e!|4O5+;X2XuH-1p)4^V(Ox#rePcE`zVUO2<GS
zF~??kW|q=Y0g@Ts`SJI&dTr0GMB1_e0M(mAEG$<^S(?7Js|@I6s{^o=7#r{DH(j&k
zMWDGcnrCusf=3Q_vdU3Zs^(Bjt#KU5WWLU87nZp;VUj#NB|$nS2SK$W6$3KP$roPb
z(yJ%fa`)XFc=+Cs_&rmu?7LyvbIaUrLFh43B$Z8Z*F%Tcad0n}Uq8dxxl5F1k1&yp
zG0>GEl}ZwUXGjgHnBb|43w-&+6e~5Kln3vL32sk7MheoFA@-=>h9#m}JQMJ89O%n>
zv?aq-DIL}fNnx_$733?L!Fltyn1tRo!P?GH8>E@2t~K1-F1V-D;;Uz_^XTsNtUa(5
zY8rd+I=&@g-!4;|>-#Nx7Wq(G_e(ThHZ?c%yNL!g{)o11xO^RX{whyhn&9ln6c0F>
zE-46fggk5tf}{nz<M222fYT$BymMPG%5$+s#|U<8h7c7v3N0$aj6kJ`$0Z;8&_TL7
zV*Jrxyuj%TW293t9(`ahpZ@rR+;{i3mS$X`RuZ>3d*%u!PhR2!kKD$NO#^@wDD>){
zwEp1x?z5(6mw)B_nTgB5-+h0Q{m~8^pgqp18`q~_c>Uz?yZ3GD*VRjdLM9W$H?5`O
zx>RaDX-AT@Gz5wjH{gYHD_k5Yv#~S5fmJcI@VGEjX09Ai^)wwCI{W&uV=*SrouhA6
z7n`^C(f`XI;p&;Ij9j_S<j53S3es(DY=3YsJN9lRlS?6WBn(5skb*FlMSUSpX>^Ry
z*#frEtlhGXrpLcET*j@!<NFB`03lc@R=Ie6ip~Vww%S1}a~N#`O7(zqSIS%-E+eGH
z-CL6Qy28=2#zTU%!&4uMi$sFcubkoHD{ru7=MD}&axWe2DI@g*)8jw|zInz-(`sri
zIy7BGbm*OAlJ2&4?tafhtjh{!Z;p|SJ6JIXH!zx*BNRnn^E=N@F*IFZr5f;%Be*|n
zZ2NdfSEisA?2un+E%6nklA1L+kB+#&lBP}`AzJ!l7^zwJHTe?MJcvuEYbexA4nR6)
z7FmSMLII8~ct?-sWTDDej$LJYPmZ14S<pWA;0^qmhrVMsA{$49Od!+)zIV^wWX(l<
zLWll;EQ$6t;>dBt$T;&Apa1izSIMFHKw3213POb496|w+v!K@xc;WmIzy8P`vxk)m
zoID5bcv~3SZJJg}Ya&3IOeV(r-gP?<J-D4(-BbXkQ-Zck0;FmpJPCo6Hr3@iCy!mm
zQXYr)t|y&|L(Mf$Rj+gSj&=I%1H1b23(KGEnl4>>z0S}-Lc2ebVFO&Qb7R+X?YrmB
z-gx)r%{j5jE#NAjnB@x_rIU`tb3MGe$4b%XrE|+%8mn;Mt~NHd$MMSn>3Bd#!emx?
z!U3fiSht33HqG?p0>!a0IyP@2n~k&o?%nLZbGKPc<spT@b{rh1)s~OeJ(3E7pzc$+
zbP26A*GA^4J8^dH+R$v^(EO4aw;Y%juU2c6LkN~jH7*a&(-k&)P}(5ITp6!&>{@}v
zLO@?<oVV>xlW-&_$34=X#EHd1+`SNXD;ekf@vEGC_BFEIecb){L-eoiGQ=OYq(%iH
z_J~O``Cd(h$S^h&7LuS^VfpA$C=}@FZV!2b#P=1J@;EzH;d4hOS*dzte9f<>1p_w3
zg|TxRy#@%8yM-arObQ0t1KQ#y%Tt7m*8pUMP&rzK=2LSSEkH<t8<=ayEgE}-khi4s
zKiCc@yDk3c{B^#uriZl;?jd7aAT;*m7-~6Bu=h5^`ZdO9q)cCdCJzvAru)X<G#DTh
zDbb@7$g`Ibg(67FuYL6;CKs0Z*J(}Grs*1LXc$cyv(Hj|XSvLGFHh>nHuo8YY-SGs
z<T<Q^cNioitx;hZR%=ZF2(54&o1UI93lj}0K<VHXZ384EG8{W{l9yjR!#nO;$Gv;{
z!>&vbmjzsx554OyE?*jZ*O7@U-#HAUFY}{;{`!YTqZ+Ww=DBm{#=re+m-DV)I=oTq
zqA%(rqa@~PqARI%zTk6Z(&O6A6$YoOynRoOJ2$0RE-LaxMKx^aR(2IW5(1xXJ2!B&
zGso!EJhkz0R98E)y%Wc_jaOR;P|mG3e(P?xIDC}nQ9OGV?Yc}Y6{*)<*57>yCk!Dr
zKL0)Te+%J5^Owd~1g;;jQmoJxm-M#T<coD)zEtAMXqi;f=Kj4IcCAj3uq|dwnwl@j
zreb6=NuvSaK|Idr;56r6I)>|O?)ZrZS-WYKA%10~fuCO>SXn{a7EVu}@qe`XCZdEV
ztx-yA=~$wcpJ(yZ8R~_SA>>d^7DA9s+I;cYEZ;giO|>5IkPUConpn3LKDtyP_K}Vp
zV1i5x)^{l~F@<dlw2+jlV4+DnEmE~L=}2f|mZm?WaeXLznx2$kZBAo{H*5Of4WTH&
z5}J<>2(FeS|LxgRtn1G4kvp~`0uPiz77EDMkD+dkpm*$mfj+P`Xk`SgzLos7Gz>-y
zX&!8B5^?1!a;ab#Y$DEYeC;((TpQ-FquFaWzWP1ZU!;WH6BGPh(bZpi;|h=M+k~pr
zk-m>LIE3dUaQ5#)d)4Oo6wT*U=#~QA5X-TVv}U4PGM-|2vdHsKyg+_rgs$FR^z0aP
zY$t4F5!qRKpeLyxd|<bjn8?3(;>O$yxD5WI6#PSu1~}ZP%VIZvC10)ImrFUh9sL>Y
zg|JswCRP}kDN(P~DOY^%-`mN7%{eS7@dHhz>NA>mIXU66wkySfjqT+6d$F=<mX~Wx
zkB*Q|#>iAkSlKLAIvt)y)pGb-cBirD0;G+%yiD=TX}n?y4IDW=L@AKG?~^}GGSX)S
zO&c<L9d-+f96!w=noPs8SuO{>a%_-TZIQLTF<v{f%)~;ST^mz8c6)|(U2$y7#*vbt
zd5@<rlxXW8;Nb^%(VdNfghHXtiDzGD^7=6MzUL8k9oT_X9!P<k&r>>moZ83`{!$)q
zb{2nO9;>qxD;B3w>Kr+XGziC`I6T7Qx%1S^6?D|<C_Kqp2mIdCH#vHJ4!@@O#U$LD
z5X3E0$JHn!2+yk4pe1bThAlmcR7?;k!OcY&o);_>V6p%!uAna)N&eQYF%CD!(sZR^
zpiR)7Hl@R@6_^@hvPFuP2GTaHk4vtWeEx25mVs4$?C9?>*`^`G7L^KeY#ecO6un%4
zx(O4Cn1iq!<LC<lM4<%Jb8vMCaq=v3WE`<lGJch~&2N754W4}U9NU!7Co;w<8scf*
zdQ52c6^Nq=6kK*)I=i~r+23K9lOG@#7Em=8y?Ql>s7YyLri9P==7>Rbean=Wi}4wr
z{F5*9xv%^^yZbD5q!oT)g`S=qiCiZkpo@qYOLt$dID39*U~q8ZrA7V+F#v#0m*J^m
zJyr?SLtEE(i0)j9&dw~;g*rzr&XFYGvHQB&zoi`+a?ikrpzd>SqR!EAmxs5tvu{ls
ziQZn*FtNX%s}}|t8lGX(Ks!!h87*y`_8drw(#;NgKnp{VDBq`Y^9H5s*9qz_Lc+Q0
zQ%p=RvHflLv2OshKuf>h#_+REGr?Q~yrn#~@i9{Z?D>dnwsHA}4Jge9)qKsR>obg8
z9l@=+40Jj?bg-L!YZD}5HbUBHAxOq7&QH30{dAH0?%v6JAKC@Jho|7gb8m3@^^@H3
z$o<@Y-+p4kRNQz=i&V~^!CP81wsEL;>T(IEy&aj!m;=<xz-*hPix*hAah<^R!glAn
zA+hr18o%-64X#ZUMW?IzbV{%~)<mg|dZI?1)m$a$$im)Liq3?_76M-hh8AGHB=AEa
z=4)f`Cml`NF%nLPQcN@&uL`7)Se7)PtHMBvMb&+`FkoT)-$FxQQnDdoabda66X%Ap
z(iwL2cM?aN?+T;-Q>!DEmJyRvh@oM)d<}K+3gY4wtjpIBH%1WSGv+g{XAYqD$-4oc
z`Rf;X>FhOjcs`$OgRCu@9nP9FYY=Rs&Pt=_>Tsd%Gc>oz;r-jl3T;Bvet@0N!}Kh)
zcR*VXK@iH1*6xrkLz*?w^LebZ7kKXLFYsG`^CCU*I{)HOC;chObiPb`Hc9uYZipqK
zNeZ+e+uP2?D^s!2iK(IW<>2JFfl~Uhj9VDMJOrDwjE*mq2at02o^5^P(s3phE1bGI
z&(6(B-f?FK83BQ7kXh<=MLh6$_Ij1UMR?zy4mS0qiS_kiC6mNc4lZ%V28UQG)mhu$
zi72j6nVB_p=uQmFaT=#qc^>ur0_Cw0%7cS=D+N?o20A&v#IbXu*uDLH=o61)H~NQZ
zqHMvy^(db@PW8qOf|V75<t4niX@bQ(cCSHgHNrML5|&`4Q0AFeFEcVa%k6u+`N-pI
z=&&tQOcJWL7MilFdHQ0J>%}BL^&2kAy#N3p07*naROo(oZtVu?aQ4;noO=2dHs7(I
zJ0H21Y|1n>RenI_(gnQvIk2r}s7e^Gu-)B-oy(aD#pncCHVY?DQXCmIF>xu)Ayp=w
zcW|!EZ+&}+ndLh7OZa#Ok+Ow}Ter|&bUDX?ovSn(a+<gl#^bM`?7@w^AqEo{H{WwC
zL04Lna*XX7<=cyppc@)+!{&zu0f%qv@H>s&34H@=Q<B?~aB0QkYo~`8S}L<`!)m(Q
zQlYn9g(|cTLlvftyNsaC105y@1qK!z1<52&UK-;wUwD?0sTtlTG#|}E(h>~-C2=cH
zYWyA@or({CQ-)Fim0FDxqjNmGXEUkL|F5;is#cL>6EHgm(nco|A$~!)pTb}OP^!S_
z1mfI9tQ#Y|a`Fbh^~9^F+A_a*sFQowXGta!c=b9JCCMdYrW!JyFw@c+EY0L>S&WR#
zxN}RTS7rn9Z;h;f@bNvEfTxxiJJ`i%pFcIRsy7#Z@MDi`)>lRrm@U=Vy{Vmnw5GJ=
zLWIof`&^v%7+nmwZB>f)l!LDb<4u6;aqqpmnH-&B<m7QqT#a#P*Ls{vh0@?P6JU`B
z8cGKN+BIHREt>IDOTzfvBCnhn!cS)TXTR`M#BF)2sh~B=_bDHL1HV*63xmQUgaD=S
z7MG}Axkz^Z?adIJ6qJfpzVY-qo_XOs@4l~{UwUsJPFdgup(9F5gjU2X&CAy+JaMYP
z9S3)F*KPxDGI(}~voF3u*V?u0d;1|ey3!`4R9e)>NAZ`IO(kB#ofX!qs{om8M=S6b
z=OLLuBx20JahB@LoQZQ=O{Zww(!4yh%%8tHM!ppAv6$wrq(E9i2MD2BTnS5_##68=
zC)m{^h)aR1A#H^O7C<HR*~FxYZ3oIo|AYfw8G%+7O}VL?geh9g;3(OuwYNgc%T}qV
zw5jCVpM^i$F8Q5d#dBw`@QXuZJbv$fKKj6JRwZoE9s)z}4XGWuakN3@6Doj2oFgN7
zzVOn^TpAjoTy(K)!R9!m91%7E5zYCA^Jx(ohR>k&d;p^w?zdo<Q2g2GB)|OE&+_{p
zew0;?Bv8sYZCwvJF^!s>Mo5W{Cm@|RCXeSLs%5Mw!_l^R_R0jm{lpQf<z;^9o*v$@
zt(|%xNT(%T9T{#6PcYM&qTSZu4`6k5f>wfhUH5inh$rJ4JVnP_C+i=4eBbWCQ&pyV
z<7(u}L~+l^VtLi%VuiTl@z~x314&5`7^1Z-LA_Yx@6VMvGwm~3@Yvm-VqJTjRDVBq
zG7&O@fNguWGBvZz_}~yT^DA_<CrLO~qxM_-2KiNo`0GL#6k3Gl)U^ptT^ywzOY<}T
z>StKn-_dlmL~66rRIgpdo1H;R`8@!RXpKaXShFrVO&}y^ug>uAKKmrQ*E;;?pX;Mt
zNW4O`7)l6D%u)=_*7)3!0<(UakH7B#cO6{M$dyTsJavRZp~^jvKfspT)|#FM0Me#5
zd=oFf&~RK4n(;!JCZ&$0VSWa0ehx1`&*I=sYKu!@KUC2$3lo;+tEXrA^07&3p}oH^
zA+YVx-VRLzM<RTntYAZjWMi9!z`##W7ZrW&p;Wg7wuJezAv9CoE9gwaj$Vx=?S?wv
z;wx>ATN1`-QdrZ~{-(8W*(W4v8y@WvY;@qllFR9#3BK|A1zsDTWjP4Qq!Z*aF@$9_
zH0d~qc$|`gGqWpv<?IOm@rhUX#%t$Tn9K8k3b@~fo0edoC0OI=hRxq<u{WmEBL0<z
zS8IY90q@TW?oJAFO7QKu6<)qPLhnE~Tl?Dy{17Klt44}4UI3LERLW4TAv_NuG|R5f
ze>-xK-~IX#l0lVE-PO&b+uHH4!el9hEhS6E8s(}>Ps%1?+P?`Ai-CYrU5k?^uP5fF
zm!6yrethA;e-IY@RGya(_W1w)g=3R{Q1<kmM{ZB){<Mt_LQoA%w&nTpI$p))?$tIY
z=L5cTb(!^9hu+;~@UmdXO?xgK@PVKIX}<gQHZH$<jITd;fo+?5*}1Wwj%?DLBc)AJ
zhZMLfU}SurOE;z|R9xactN7R_-%DRtnp<?;@Mqw;RBsL${QBrmp^<0&S%%T5z(a=E
zbMuR3o_PKeSyAT$_w=zkZc)zHn<}{g$B|4ed3@=O632%<KJv47@xGrpz~W4S6EB})
zYHWtL|MbJ`-nYqM8HOdF%JWgKYdZ5-5_D6IR>~)tNuz6Z0<H1=fR*JUzVDlI<Z$Xj
znAF@qdU1+ZuFYe+n$ILO1CFt6m1qd%C<kAo5eNDN?J=Wu6zc)kmK5FT&`B3D6-RJr
zjbgD1NI^Dk7>$9lYPFZc|Macv4bfXoDGQPG57mH{67Fy(8sCuu9_yAo(rxkllIDw3
z9>*>WbNtdU|F<-FiMh5k>13RkC0Hs|St?c<CEsaZanRB{nuI<HN2`K*c%U6&ZXJXX
z5aVZR&QXU9HpE)uasZui!Go({IS+@Eru6yGCKmbiFFeIJcWmUJzkMHf^tKrdRY-)e
zK&VEV3Krz6KHoY!!k1sW!qCJV2UaEcmxub;(vvpz{z4<PLMceZ96H*POf3~zELLgH
z6^-VY%b8h8LCh918AB5FQT;KDf3z{kiTU8^!+kiVD!<p6wr^`oJ30&u5EF`vLsib)
ztP)Gud}w<T`&yl+Z<LrTW$_A&*llgdjMG?k%lCNK2OeT=&gSLkPH=r>j=|ws+Oi39
z*$hHjc%F~z)u~sj1WHi1Q{4HJZ{xnh`%JvK5#r+(-Oig|2#L)yRM03iF&~V)w=y0x
zy05gETdMHfYggFR7vsIV9V#m>XxXS&w`{@mqRY3BEpzcknYZ1&o%cO{2(PX<`Qi!2
z&Ryi*hwtIQ-Mfq^ZJhR|+8lYqBjJeFIH?3yJc*PNuU=<mxrpZnVOg&-8Ug~xg3mrT
z#;eyC==3z7P8-KoqbfL3`@{R#6883K9XALJcuF%~FzwLRbpT2>Jo;E*Bk8j>!ZxOc
z3LA(t);RL+hr+v=aMz+<hs0%EFir8_WFn^gMudJ3llKqCX{d3u=AB)FcXUb?YH)m6
zbH1c`wd69f=;CWZ)`ETs+krKf=C&C0T805eWyuv`07-1iTz%1l1=lz>C6Ex%6*HyG
zLW7S+fnEt<RB0Y>7j(2qCT10u1qaixH7@vO$>X)N*LnTo5S_U;?%lSAJ?pwz+tr3`
z*_7OXp}A#F4^46A#su?)3OyN{Pv6_cPi$|;mNs74c!Y>KhODqXn`CymOsP^gOut+<
z_=(9l3yaIt>$Pbcmi`GE{-MS{*%|1iS)SUN;c%e1t?nVRaj-?8N9SGMxLl;@YYuKs
z6HnOe?12k29@q0O2PX2Y>*<3`8_mO{@n)vkkkqVsbT?DU9tMYJnID~CdLd8Xdnm2R
zwCCvEv5AelwzFs7CSq1pwH5JfB5I2IFrcbcW0%qVNVDiqAT5EN%QYWN3uf|VYRiip
zxV@dUWmEAbU>r|%FW~(3Iw!9dsd}3Bw2{b_s>{jeU*pozQ|#E-%g!|&Sd!4?9!^Xd
zz!5u>#j_oRHkyslrX)Gh)q!vvysArKsf6b%6W4~&Owb@Szx&JxCvWEI_TV!a$T<Qf
zni5Tf1fY~@K6Kk^bB~&9)@7{VV++{ZC+JGFI0^-!`Vi5&4$Y0IR;~%%d5h;P{A>ey
zQ%8{kjZl#$5PdU(=xS;66+RzYHEI{4=%xkqI`DWmyl1uKuV&#7M+4q(EAB}NY(iZA
z$l{~vxQq*sw!p4yuGL_)YQR4m37Qx#AS;5L1)UDMJ0@t8aJ**Z!96)aN<u6lQLZxc
ziD^FFDOm8}sZzkP*(IKsUE~`fV^jvS6x*B{)^s?0^nnf@*pwsb#86r`eHltO91v!m
z1({TwTq;JPRH0n+NH0v|`gI-aZfES`Rr2#I!}@<V0}!D1SX`T0@>XUR-Q2(`n?hA_
z{Bn`0WuKosm|}Ii!+ah#v^(VDlA$G!g_%WGS8G^}HeZ0&)W*k9l`6@N8`!mW4SNpl
z0xO2H9ctAYwk?TSGEAHGX^7E=64$DWLX=1&;-S9*(X{w<^hzOP2@>lzm}^Qwx#n_n
zVu3ZCuxo7sjg1h7GfyqKyn3a?=uDmd4x8;g7At<hvKMgX<r7q{US#d|&Fom$j^%nN
z*T-^Nz(oL*Pjd5SwD03iO@P+e1FMO5wIgapykeQ<g=IX~Z92=sue&PXcb*>S%H%TZ
z6#PO4vQDe*8p_r%VKAA1eQPyN<oJvSy66hAs!P(Hk)~2jX@gHGA|zc+1iuwI?L;Hx
zI=n@zH?P42ZZ+`Dt~AX6(Yi-EVg?Q6yXi6zEycT<F#Au06?Yboc4)pit2iGB_6SW{
zi$?Zj*wX|n1pjn|Dev_(Z0Z#3%h{}IkC9E-Awrs_TvtpNJSK`h*H;vmi<*qBIZ+eD
zfVcNJIN0o1CmFn1HZod3fTk}7kELPI)ugjF@7|T8;u(gNbu{bSEjD(=NXH#K?SL@I
zQfSa3)ObXsed#c)YcLt(afhk7CDsmfkha^knjDAuaju*nW_+Q1yvJtdpQ6zpX8b_C
z0kyO*of>rquTR$x9$YQ;g`px7i!Kk{k!9z`6t)!9YA#&~P27<zlmp6Dm-6@|vb__#
zJqE(Uo1I0MtB6FLcz<8mzfT&Ec+Dq;GVC~LIW#Q}o5uK__XM%t9x6^8wBNM<!yE(Y
zI3zY~!pdgDv|)={-DP5~Ksx5Iwj+)LDxT)_V2N|r3plpL;e9!7-w<bL&Lxlm<*^a+
zwQ=sa`*!Yp<R0|!4ctPRpzh+NY0-NHD2)}5lijxu_U(&o5kOJ8e2L|mMLf?p-s+HE
zq=35b^S?he%FXElw@LVL29i<Z5}KEhAu%{H*u6#*lOjB18b@flGoqo|6BZpxt?@j?
zO3nDMVm9RBU`JlW)-`YCN|CnJSor2%G;sq$vrB(J$=|{ZBJ+i?f<M#(S~vq5=t~N=
zCIu%7nhonDdPy_0(p+L&nEOcpORx+ST*156+YBTfq+^B6Sk0n!BqVFHl0$)|1Em-%
zYF?NP_~wkyeLWW0R00Ci>}2EG6j#SgBh;AG6g3>FLLqJQbNf4abZZ;sx@vaCvP_<Y
ztHNiAv<^ZheT&aZG+++{KOmP*GCo)2=EyYJxFlgop1ZOjhNo64%GXDqE3)zrkmZkL
z{6Gw#tIa=iaatTZHCjKotw)HdysNjZOLE)BEHTIQy3e+ODtW|hNvZBpSBk>qG<HuH
z=~TklyYqA4)=6yHjEKcCkj;crJZQ1+Tck__4Tu(lSGOnx=Cx(pWNzP2;mqk~!3P={
zkCEE3i}<QlCTS!*=s^%rc0Iye4~C~JJb!kXm6bZ{22$L&J3~({ZX`|&3Z6tLk6pL#
z<=)2*)7G71X?7NWaRudi#smm^5E!BflVZYLdZkT0d1ZE%rLifzdfnu)6CNUA=JET_
zjB{hAz&;5dNkd#3wZByhkNg=i2llKri9J!vu$E=f(K|ZKG@M$}jO3NEiv<X6oQ&K0
z1#QU?e=*vE=G|^R458F*@H4GL&7^7HNBly!e7<?9=EWO%`Qcom&ugKXt15(6OjR_~
zL5v62!m3V~FDj~GkR}$l$fhj%+F<@n9b0OWwn>B38X9fUTg(+DY>=9@U6RdsIP*Ra
z4>%^JJJ86$rz;Hywj`Ne_NaRSXA6pN)HH|I$9Z^5hPo11j)e#s#}8=Hc7$lY)<B4n
z(6IhRR8^?yOgZda*FoU9OxzqNWourzQ07Ly{=5=Do@OAe;|F2@FOO2Yqu2V<iJ|%d
zUH9(U+$nf)Yl`-?gXd`zF_MCsf=ZxC!~m`E0>#pmL1LX9IGv!YHE?1$Jw46ty+WIW
z58!)=Uo;s&YtH;Fqq)iP-X1z0d>i$t36$sJWHQ87tw!2m-+B=Oj0%Bm+q9<>D5W@k
zy+mogfD^NM=*|vyt%;+s@O?otE-BVDqjNP5?AyxW_q>g^&J1X<vsnT!AgENsYpbT?
zp;Z+Q3A{2pOaAOR+)^oQ<qcrG@=C++KRd#uiDhon@X@p;X^93LU_>hsJ9KQpZR<=3
zuNA{Z$nau-4iR(%4I}fK`JzV1u>3b%%8Ca!<}~})5hmBPaGNMQl{X)9VF)!c&2&_c
zA)0#>W!q`p_*(=i7HMcYG%*^fv|3U21HLd7@a0)e(KD4W&n{^8rY$<sf=t>rbFf;o
z4mJ5eupupQVs_a3Pk+yu(V(RiC?p<|=jKg5%i%8Dw3JuTyd*JOv$5OaMp^S`BZ}^<
z&4>1NP;ezuXcCsjvII(r=BX9YFD+{kEmw=C6cw$4VFKNm1jrPQB^W7s;>Jq3K3`H_
z8?SNm`yBWm>5%{QN6a`q=f9!+;J>_n!yVU&gc#_Fhfw^6%UM!0wd|2E`4sB`^&mi4
z65sbJUB7`lGm8!sPH!K=F$i-+G1W+t-?D%jFVIvyO~q5Vz9K+JXPf5ci(6jW$pq<5
zo5^n5PGZ&S27p83vte#%IvHcj>Q3gC11=4h*ts#o2M%|!YfTbgS*TDN`o3a#uFkS&
zvv1!f+6OvObq`z@CzZrXXQ(eM;+M+?=}3kNG_BfzlvL;ESUPtWuUtag%}}Kf23GC&
zo*m`P*b<wSHpFiWl!yQ?!bc9DT_M=E2Gcu$D22R5eGk8&l-629z6>)ZjkL@)HKD05
zjN%e#C{)c{qM?PcxdYv3qtM)*uxn^@Zla->HNH=)B@r?ML{r^wVUFhFilLh36BjlA
zby~9_?ePEXNw7UDIhxlLJQa2_w$Rc-Ys2`Ir|~_-VqLL5ZJ8o7E8K(cBQ%sSbvGVx
zbkU_N20fNC(mz}~VOhwS%|c-Frz4t4A0FM7r6=i74<v2?HQ#7-wq^2F-rT*-^f5Nk
zr`8JZhG#NbJ3&~hB2ZF_XD%)=ov(gjQ<i6%SNrjeA4mg;Mm!O}kzcG$b>w1eJ2E!a
zni2@9kp@p~Xx@cDu~brg{=_1`{9v3NeQkJ!3Z?5~*p`EnYco0Ik#n!L!m7pgEY=jy
zA0Ot@rEx&AZ_hgJ-M@;qR4n9LI!s^>iQ9^D(ZfxTIK?fUMIh>_ck{*+U;XCmB$5`p
zx9525-VRDdAEi{|OvWT!o2m2il`>m4^|5p3YN*wbXb2RETpO{@c1oioBnJA(tY06_
z-#|!4&sCkBVe#BqymA>~+hI7(NYg-RKKsHrCvPsYPANW`5oByZAl_8K6h2O%VPhYp
zZR6Mz;q96j_JlS0<_k&(Ocu=2_=Fj@;Ux_(G~I1%`_>yN1+xXk<dP|r>B?BF?=dDr
zLyFS^$sJieH1BP~m7;l!8(S<Iw~FR}bW!o!Hv&dn!Dlwb`T2Dj(w5>_LG#5ipGpME
z8m5eEEkG!wfU_$B#Q?UoNmB(Gsoo7cBy>%Lj4{xfk&@3~Ip7m(4d^Qd^ciWJ+J~AJ
zJd>~U^?9F%HfDI|mMm3mnZ4KGYLLDr<(PD7-C#DNVW~zBsFmqN)M)G+=30bCDrkk&
z0Z*LDbK>U83Cj;Y|8oAv>->wxTVeonMK763#p0<r2<;0YtVVH-rxbG~pKTqI&0P-X
zrak`r=sf@Gev54b4t~8(plYFw*2(~A6)hlOp;+gC{r6vE<;*ZnEJhG0&ivKOd}HTo
ze&shm$ZZ>PSjLNjni|EQUx3bT>@{nUjzcp$gQl1Y@2TolM$cW~PyXTvXK$4F*xNh!
z#dmg5S&0Z%f)rRnptR!5n9Ix8>wNqJ102}VZ@g!OJ84Uj{e4ttXDN@35o^y83yY4T
z<eBp11WOk$;#VqQ+lKI!0nk)h^Cz!Nas1{Y8<pmhX+h35V3iG(Qip^TE?0ji^rkd^
zAaGqx-7}x<%0Tn9(>Rn$qbpt%h7Q?Ii%P1LF-S8hz!!+HU}>QkFgUG=s<syj0k#xu
zT4f;u8QT52c~2VWze)63H(%43T4QaZbmAB11AccnAg?6<*WLt=cG@Q4M@aUx#}E@9
z*DA0zD~!n#epgEg7Mv~n1R8dwlt~kAB)AH+&{{@wh_sqOb3E@6lY)CY!-A%kc?D?B
zEV=x_^$I&WV|?Py9Im#p!#&esh_UXQNJP>JHLI|Exnb*Lh##Q{6d{W?_lelMB^8#|
z;_nBS`R=8~@tM5$pDtB7`Bv!ihZ)~D75E<-Z85PonY7;h;MQ2@wjKvxn+LK9IDNCi
zm5C}_`W)W1EkQ*Ij*V8aEzPFRByn4!w8G2hk!?9-B93X&*)p^yK=B*D`2>?EhPmq_
zAL3KL{%?8bZF_N(NhXe8;>D-Wu;JiN2D%dnArYB2f?Azma)w}O1*@wQ;e_nGh4@vV
zsV^;2ym*fDXK(WRFU@l2rWn8T{w#Pg{HouuOQn>=Y{}`dI)DCBo`H4!{QUb4v8K1}
zR`IC?PFt41^(YP9L|8Vl?oQ)#5R%f=6pQCC;6>(v0HMtxM!^4fbcR<3=UC$@KA949
z#=-zdi=>PM2^!KV*f9WpASu-ZHD6G!Y32(WPYc?Ugp%=Af?KSB>qkj_MqQ0u1yaEJ
zUdY6nx&O5Qrk6FfCU7qrK{_Gm%!U)xEj!oH2;O81HyD{{5Lfhjlui2lf+7Bzu=wo0
z6c2Sc$Oa?PBqTgP=d(8}*^#lZq6(kzT0+2<jLn9m;IVdyMJ5<c`5$FJnrUk!njLA_
z+h*}dmlf7(m}gW<b8e~5|8l+@rgmt$vN6`R$D1Zk$e0y|A=olRS!&!cT!iRns|pnU
zkWwI}z>-?LbhF4e&gI9Zm%LxQSmx_L2rd4o##>?lT~en4Ar3#VBeCwb)d?LaOIQN2
zQucW6Oo580xOZ!Yj+D*DPMguCfU{E`ht_52OxmV1Yv5C#oJ2?)Cz~<Oz{rM`if_Ge
zjhFuFb@sgPC;1Qm;os5Q-A8A+#$Bt|lkD%|*r~I;^ztR{c>6ATI+NfySlzvbFbic=
zse;|vX3%VuBJcyeQkl}=RqDe-tdu>TIJ>}NxyYv<&2d|If_kmFb3zz^%p0>FUwCPO
zkrm0$z5i|=e|Wbk$_%AeV>2b#nKXXYrF8Qq!if>@>Y_R~$I_*XxaG2`3lBqNQK{}<
z9-rm;i?b}%13s06RgNH#x60IJA6-MJyVh!AmSC|2ffCewO~nhFNe0lD4IO-~XAVu=
z7A%zw6$p&2YhkpIRb84jxv-p<ru9^=L%Bx7qRPYs1MPyOBi>|Ii`H}9oOz4XHGgb!
zwn#hq?wrr>4*68I<oEU@xUbzLJ2XOzT9dOBA6p+|cSQVeHjOawWVf|hI3gr|AwreE
zIY$$gH`S0rKn&QNmPl!txV#2b!1a>PuU@KQS@5wnF-|Q7%vBT*Y)TtwG-0$uX&$pt
zC=|1zMK?)n4W$+kLL#LI71J;US!*i3C!V~RS5KZ>I9)7z|K`LJPyS$(_@f(di2?Mq
zQC=zOd-rWj?Ax<0iH#7pP`q}f%!T0!cW+N|`<66*0BNb1E-Effx!k^?jlQ%E+Qg={
zu<#f1c#C;NERKvhXf!hJ@W-Ehj^(8)|MCC$P1@2OsPQS7oJCY?Y-#VLmP&Eq>;+C-
zoZ#Vi9U>94L1?VbPITQvSE^`b+B><+%am?hr+DQueyM_GS>#JK{_?dkHuT#3+n?;D
z?lvWcKoKaPk(nw_9b4k{s}*+c-o(d#=0VyLAxd$p2nc-vR?NZ4v=P)?ilbu`XJ@HQ
zj-x6S^Spq-92{E+{_^-N-#9gmT@P>(bO~5z3oM%L1ta@eqCpAP_h>qk22p&rWO5ct
zE>sP$4xK6JPTc}d)0l3;hPEX5N(d>82GW^<O+C<)7N8;(7*GmJXcCUV^Fb>?DkfOd
z1zkA-x~a9bT5q?|IxTMkQ5vuaCBH8;U!C&!gPQ??5d7}W7!TxP&|qGXj&Ckx;^vJz
z(FnISawtq3zNI;cmf<~h%RE}wwGpNjVdbgP6kWw1j=BtanqS+T;JvG2<UPfOm4ME)
z!>Wvf*5C!2nj27Y0~RYTQ!6#*%5_%i9;KQ`;QM$%fE%c=af-yY3=;^Hq8@nS(p*ve
z>5<v$OIKIEZE5u@N9K6_t<d6+YP=;Mz_mQZ{q6dVv%}SQU)h>!-`DTx$+;?nBPH6?
zf}LxVq!Kp15BZ`?cT&)ug5i9f9i4H~al3J70x5BeW!%%Ju(NF>R}HX|ZfE7v1cx4Z
zJ3T$C(Zdsn)0dI9We&Dd{QT_)7@HX9%9)dV?sG5jtDkxhTX|^V!0LYdrFp8uBe++u
zn#w%OLJ5-)<9jYkg$j%18V}#mfn(X!q#=AA1Qco>mq%-yxmLneg6^E8Sn<fO)LGM$
z38|}9^)=id&m-QIqjS$~EFW26?BoSHdvbJjwuS1k@f2H@&9^Vk@!bov*fpPzCI#Pe
z;iWp<5rYA{iGM0u9DDJEW>wBKyYv+-*0c#fh0;1E1?xH^XR2=XeE~+5&ZVFu)k0X2
z!QM#WHSg)rbDeTDJEOj-ky;WMJ@;0m{)p4iwCfue41aIXu4YAP{`;8E7smr~35(y}
z=5SxmfcBYQkPY$QFqy)|4&(YVgdYeUkS)(5M2P+q-di;w)|%TUBd1Dex2WjaLJ+eh
z?;mh@_kiSZw+%=hUlr%Cr^=k2sIa>`#?X?>x#>DX3w5TJYm{n=xFkeklGFo@8)!OG
zl8v2l?pTvz|C$tiZE=Kz;e1U$b#bYBY`8pL5A^3V7N384mcm=1!yn~%OAG*DRgSM8
zy;8k@b8qpVrT50gjnS$ulzr~mo29!mfu|+OgoUsrX~%Havy&C}^u*ZFpT&|*3>9Am
z2q92~BDzxKwUsw-1pojb07*naRPzhO>s1aMK8%z$VsIE4I$oqDji=vo_}>mc%)gnL
z=F}IT=h;5RgPU`>b(f$}z^_zsJ(KS1#1h8V^i2z}nj0{ZuM&$1`a2wa&#2^HpctR4
zar8=w{IbioRY_L$C#aq)G2s*98)$A3d0<p}%pnS@RjM;n#B_~SYfM+;y5}2}5%2@W
zGgp^*^5i6`y2tyolC2i(2EJQ|BUR12(}I)}rs;?G@B`S=8Pc^f>ArnwLB3+96tiJ-
zmnLB~10TBO|7Jy=Xr!ka9?=xnA_U@S(U@rvafneEF$UfG{E>Yi!p}9XDOwnUnMWni
zTrMg8a5&)PisnF<&985bvpZv<8_5p(R>py`*;~1pFvfQ{Zvm*#(Wb$YMqdb>edY_d
z*ehYpR<t%|?ndE|By7n&9Y#}CfvGR(i`(qTSX`N_@~20APES<H+0g00!K`3Sk0c{B
z@l>38M;ET;Fk5sPU#u`wsPW~~%Y5PF5}SJB#IzFAi?s>c;tTCD{`|!mM*m?-`yVsj
zG6VR|C^Lt9tv~v!R|^BRO5*UEG$NjqdUbb#q$8=jAf+Uec4$w!Bpt!=;boS~F8}g=
zoBit(4G*}9oEWYjlQv^BbqWY}Zrh4j$Rn$Dl$1!VQEPg^RmkNP?0B4Cz3(A@>)T)D
zZ$JMUJ3h6KTr!SU3Sm1)rBQ*x_v^%@gDnlVyB}yuo{739EYqa1P=>1`B~D&lArZH@
zdsiEWHm8{@gAi4u)CdtF<A#xfR?ICFLAgxf#&yb*(?|sAR1#n52IHvv9?xD|;wvX+
zh`Ry*JSACUYdj5)3K$CD+cntgXby!1KRyPkOE}P$h={<L1RL97bGPx<OR1y!B@B5q
zv+<1ctH};TBO#~Nif-oQH+*yvRWu}gNQ{m6R;2HTubcJDL=lK6BwGnI6II1mrZwM~
zG2ZhJt#<hI28X`5G)YVmk-v!vg&sWfQV6sDz5?4ejvC8Y;#z?Yd}I(NBnfeATW=Ar
zK*SUpj}*<9hRLE-6rnQaU0O=+>$3Tq@hZ#9J|FBCyrUiN$w9)=jfgLJ&{l?l)zCfw
zF^9#n&uhcWJacuP%X1|pKJmD`;)~>0UYaQXPbYqOi#~v8jF#2J`Zj&->U6MfY9&~A
z`<A4&du@WaWrc^*I6_9|>MRs|R<~J97d(#KC@|2SVs(2W#QxWf{jsIy+po@0v@(3?
zXFo`4W&z3-W2#veYUd_czXm2}5K7Zt`2U%E&nQW*>(29cUqnXw%&IK!y4ri7;k_Y6
z0}>=fij+uE<Y*+VR$g;<G%_P;KJ1)5XI3+#)oPD4I~tA*B}yVikOUn_5Fji8!Zv{R
z-j?gCtjbEC85!p7hZmWZ-2}B9QPk-5>8|Rk$jHcucisQq`@b$tE5?P(7n%2jn|9_<
zgouQ6LZ4czL%GqR-u9@reaiI?rFxt5OLa~!HrO>CXCS6|`FNSR#RjvJDc*8Jp1o5E
zbSM<-A<vy@;yD@azjG%e`D9d07~O;jaB?eE){h;dzOWe8o~vFS*s;x6v8T?I`SgoR
ztkpf<pH%FL>0a4FLcy>WE&&HU*kQwnZM>wqFH8+;3W-SPs0}7FjYQSQvQZq>Gr(OS
zt;?(weNS||Bff)vHPDOW0lEz=u;GgI&L3IZJ}*GJUv*@m(bRm+C0Fy%vgY^Cha9fM
z{=CKS?uheKQ!z5#VI%#kA5g$BLWu?mLo<LSl}4vC=;=w=u?4+zn+~^aLC;L0hlbFW
zZ4zz14?);F)zxn!hR;&#-pAOe50j15U8F2xgfzmCFE0fA#E9@an>14nJ=W!`CeXFo
zuu_EOWx{%$l&#n`lIFpk1H5~C0Ue7=u^r5|y!NKSSh%pW$>OCx*yex6`XBZHy6d$S
zUVPV7_#5*jK2Z<s+bzTOE>WeIwk#+%Lt38ZBl{iZ8xCJN*5;4Dah}+_wsQMy4ojkG
zErj?%$lPj^p&k2CS_sS4XgYAT87fUE6wq5|v5uV~a2$SYdKXWfJ<j1*7df;q$5h6q
z<@#J)X>xL@&V}VR#fpd5(pWyk9D^iJsRUnovdW>unqA|<JqHHZw<U`X!1Y36gp}(p
z$FFqQzC##G(KWF>cQo`mw2DQlr_a!-RuCsfKkb(#8sGDH@@$1Kyu5&Jd+c!(7do10
z3%140dD;To<M2K$JRZP*uW9}TusH_4XvQ+y6c~c(o6=DWFa`(cN^)N`PLEf=E6`W{
zix#b=+mY7ukb6p`YmNH?=WFD2<M>`}4FdRDQ}W=l3y-d9zP1t-E+vFtn2quN35&Rx
z@kF}Y5fjDZUE%9G_9j4&V*YfRaC#i}ZHFD3Q85AEH<iRaW++1<5?m?4tA~+`mr>Q4
zX#>70qyZ8M<3UJ7FcJ8M```D?^xy7{(i)qPF<aC0;piG1v0ykW45c*owf9BDJSYiK
zl`^cC2yF*FG{Wfc5WjTywEob(A^R_1TlnFp&zAPo#QQ&Hi{V3;p#7#o_D`_>!3qH2
z(FG1~Ps#Zp<n}NO5fsWYZfY26inV~0qlhOR-acg$B7FK_lRtjq5{Y+h;l}A4wl=PK
zvD~KP1`LdjnZEgEdt-y>0JTyg+%f}GqlAY~K{iEfrNU3`zk@$|@$3A}!{@LZMQOz&
z?Zk=29fDYf$y}DHZ6k~gkB~|w5D`l26%L+0$<Yh*#2kx{Psi~)Az`Q@U@c^^>@io>
z+$<ic`Z|mb8;Y4Api`|;zj%@6+??rAw_|LK8CTd!Xu2I9Ikv{buPr04$4*Cxg-{RS
zMc0hbp0Z4tZArroF^vj^M=bcGispf&aO<F9U9yxh6W!XT0HSbNUlp!*-SUln+24-4
zp(V5_r0r815_#|aW4N!<Abl~tTm`BDlmjUFaI67eDGCQGAyx=8ws5^@-aBS-<A_4B
zK{IysfDYNXyzW0i2#F+mVhnxPji}jiAOz3Xz1rm7g<*cz@sNQe>cM;Q&n>{Sufkdp
z)#;cUna&dCbLh=eFg|J&f!0u}z}y_x!V+PnVnWV7<!J*s8$19PF1MkU5vB`}igm-Y
zK35>@3q`y(EM9_63)BpQj?zDW^C&|pwd1c2uKa#3A13a<fxmd>nIG%`kngs>F9iS)
zh+bHz_<r5hb|GaRu+jnR4WC9UVB4t8KsH7r6yCZu&avfyBbVF!m&eZYFYn*Xfyp%a
zSjbAHLjuj%*cg^;7%M{^(yhx?#S*Noqw{IAbu$U9!8G^fxA1In4-3Uburl0!+a|Vd
z+RV<eakdW?$R^^(lEmYXjGKgc+oN>jZTyEvzrvvl2l>X~HXq!dz|}Eq1<U1t7caVO
zp3HO0rYwysYb1B<CTO;4EiY3$bB1=gjKrL%z)<)0qZ3oqU7v>!t@8QTmkB#QyJJEE
z&<e6ZOPlu6{V^zqaM{zeLx^h)fvK+kbVGAS37G+5Usf|7J*kMY1lR~;yI-{4u*lFg
z;zrziA$#|=+VJq2*Xq8m)o#okeczRL9mTtmr7nA#^^RuF6`rdI&#Y;RE(}_l8)L$~
zN!Vj)S`uSm&_TrkF9P+1UTD(0q$vF%T8!I}$)az*4!M0lVk_{xNaLxiluzHCpqCbL
zJJ?$$2}T}3Kl>`GxJsBw!k(S5e;ZbRH;&dYGYki|6D+QxpLqoq=TUyAcUns+4D+&S
zyLL6K*P-dc)-fR$k4|P8We`T!p`wDXs#X*iR=Khsa9lE+U2W11JRP@XwCV9%!9mn^
zhi|2YrsGiCT%-2T50DDHe|_HyAgy@%)RO=H<pw*p3|rdo1mbsm&Mvg^ypa9VNydlc
zcs^9hF7MluV5RJ{R`2k8Upd3O4~+7TU0I5Cml&F<iE&gXFdHobXmqJY(CHv=9Ea&q
z#Pc9#p*Ia9t5tsat?%Ge=yAiuB&m#HX*E3px>tc0Bpn#aL9K~Ztx>QnJ~FwP$4(yP
z%35gRYYn1=LyG~=o$K(9yEk*|t}#kWYa}ku(VAPJF*j!{mhEhK%9y>PfYrLoL$59K
z%<&acLCAz9Btw&GR|1}bnhz&^crMTk*pP`C9y=wF3^gMG!~!_yYJT&SaR0FI?jhKj
z&`dfIx9Kq<L0@s=cetcogu74jb@yto`jIihQBW>j#*MBM5JDq>iU*ZIbEyrlRN&hs
z#av6170pBpZb`sxahQo2(e8x8;O-Gdrs7aq2j4d^Wf<KowSi5b#qf7oG4xmg-g+A{
zJ7KP_)1zqSY7nyjvqToR8}xetRw@oZd_Q4?m*59|6PbITobGro85=-8@HWDyUP2u^
zVFtOX?v11iofrp1pwWSgMc6eJjYo?B1r?pY5ok`g;E9s(ja69htdUb|ByB-kF%q$u
zzHuhG4fvxV46e9s|6Hlz9e*tr9NMHgHW}k$yv6b}Kfv)|-?sv|xxf=I&9%Pu!dZ9w
z)<RtTT3a{jZ5E3@nYb`E7)O+a;}|-u*}Ts{T3BmZ>>1NMdhiOTFIL$-5~mf0<nlRl
z1FfjFMFf3n4%%(3;Q`c%3xqLKPe39LqXP^j;@lN#L-*Zm7;B%)5)R~HbQqm<(4L2G
zw+$iar7N(ohI?U&bj$#dB7$YXu`3>*d!x?qV1~EsA0r!wb4yq7pL~{dGH$y4x=lwA
z=@=8Qo?mP7moH!8=*2SoY#5Fihoh#U6+&G@6>wt0grnJ!6mHGKzBG&{A!&mb!r^tz
z^A+K>2CTU7%nE#cQFHwOyn960lhO=XFyg?V6V08EuH`B@F%e0hwTr$+hhNnSYF?`W
zS{iBiPz#{uX;wO#GY#QLU307gt8L9t3`S$ZJ5s_PTeB|?8Cz(E&<+eoL3UGtiT&fG
z(>A)@LE06%AxeL(oM>&({Y(zMbr$Zu3CX2R#f|h|VE0?y!-o2w!_`%XMBacG$*^2~
zntmk^y@~QQp>3hwayz~sqK+Izi3w-jP!pGphANFwl+BK2X<gVnsyDJBN?7k`9$taJ
zS};m;Z(4X@P`D`z+Xo#og)F2qkjd)0*s=LqXXa$7J#)6$e9K~~MWx+YueH3VmTm8m
z9c>Oy4sh<7BK7YsiT|+meJg;!yhQu$6a2+DUajntmV5hMn_@DY6kTlxWK#;qiGe6|
z7?4iEYSAYj1Kf~1wrN^x(3)>@aIsB1l_V8+pxy3)ZaUPcWE`DO5n2|?Htr+Z<bNgZ
z7?(?Hv=T%q6R*!qqH`HT)m*9~3rkQeLA^n^RHk+53g>l)u{exn1np}sths#kV2y8`
zXz`v~vg~ncTt2x@z12Z1i%c%lBdphvRft(aCkQ#RSm!TaTHxG#jRTJGqYk(T-_~%&
zgT(+w6T%Hy;qC#=y?Ge3Hw;_1OEd}GSAhFQ;iWbBzb+e$>bkhF*4F&tSxul|M_RaZ
zKyx536l}=YhWIkBOqpvUDo)uzwl{P_h$$#)`yp<qBOV8#5eSt~Sm<bdp#f*=A#+Wn
z?HhqlDHsf4M-sL>a6=NN925R{8rmU9sBtVsc6ONYTQ-p#Od7*p7(i8<NUPOD-Fw2F
zN}<OF(KlX??A?rrn85}_H-+x8Js6X#6hi;%bAt?pSihRnea=sxvgj&<(6A<9EA+j$
z5U!O_i*vMmP0iC}l4^r%5Th?c4b_&=>_m8gf?`MbZ*!V27GY;f^9w`5gF~8Jyn7ig
zLCJ;UDwYL>R7!8k<+*Dr1G`7@oj6C<{lVwXt$*;yT=|1@>#d^~*4m%no!}eS4fDoB
z^R&Jf+5BGC_pJZ`zPZG6cNe_>__<fZ-!9hTx4dnKEvqd}CMDXoG<GaxajnDrN}D66
zTP!U2Bt4twP8QfaI!I<mj>5<YnUOK}3=LzgmIyu1JZGiQdp1RL*1Cu>bUX62Hsh>=
zUd$?l*(`Ep1?$`elbWfwzz+yJKEc8&*108C#OLYaWoB|VyGMlAFSK~>bc2;OkHNH}
zUT)G}tC345@I6hf-Xz;-k<DcYgV6MQOUP=?<=OKU9yzp(S9N)BN^ys6Hq>GO7XoP6
za8njOFaqx$35jXwc$$_6c1&S)S!{v;Z6<VptGRtp`0*P2ep54uVF)@J7mjpbwWWEs
zBYbJe2-8Fo@-Y~&A**040RxUHKlTD}BjnH$17=k{D7vub3B?Yqb&QK2gqoZM*~mQ}
z1U(WL@(M`^gtoyg&U9cQQVfF%QX*tjNFgR{**VPYUE8r!aXM84=F03O3=bpo%cxe{
zgc&gl;&Jq*DY$+&DwEWBL8N5$)k5E0+GId_E#cRuK>ChTUEm{f&96RJ-)lEs5Se$4
zm2?R1zm4`oMdliH5()+|wHw{lO;WXeDAr(h7}h=b#GK~gRe0wJ{M>}FC8Y@h<J}p3
zBN3hwT|&EwYBUMwK_}y=kzsBu6!eXEPEfyjT)uI-wEv0IYx^&()<1Tk-2TMv8NT{r
zos;riwcz)@{!tVF!1E;@zHJ~_edJK<7cZ?@cZ3~1wR_rfE-%;h>C3`%$LhRrHY64=
zuzh@t12=DG`<}h*+O>;qGn-JNpk9ZSBH?=3oHVM@CLZ;q5)$^<bHNg2ib6ue;u`v%
zN#(qD*gVX5%wPbvX(G{A){xWlG<}cfDvMmKukg0535q3`r%$^KW-M;qnxyKv#FV0A
z#mUEQLM>FPO_o>6#FGiq35T}Z;pCM%UpQ3c#dBq*b;yq<gaa|n<p93gfWx6?XI}VU
zN8w$Anu3BxOK5d8IyCwFSW1yhC9%*1x^0+gx;r|6n;gxwf^T<(cPP!>Da{>m;Yvq1
z<-=it3qD+I82*A#jMvl*g+>q>O0f_ILO?W0WmtqnG<GB;j)o}(HzZ&p1}TAd0JRV<
z`LGzm9FVd!jtD6SVoE4$xEz>}py6rKTC;n==H6t2TC>B97cgK!5KkhrGuTt3gl!*P
zs)N^ow1W&}5V4HK_xh=gBIy#{N9`5G`PXi~9<Ff>BL5v=Vc+Un{$3=|r!1mnjSf=2
zejkTUyugqHlQskqYSFtq3`9|F3w0m9u%!9ilIES`@ULct2|FqX>pO4P`!P*Hn7v?Q
zq|tW?FE0=*EFpygnUP`rp<RQ#fBzVdoLbxd<nb&2>CjyDy?eFy|6XVF*pbTj#~S?i
z-J*Zc`mqr*3!3{9N`7Zzz`i5a@vKTct;c3&ncTUHJ^QZbo||uCd}18jHmp^kQiDd5
zuvUX+%UJ!0N6n-ZyS1O1E~AeEYQE3&7td4gwAnv3&F-Nw!j2ioZR+V&4;Tv9YUo4f
zq1xp2<{JP0+(9zQCfDt>@ep=Sr?_={8n+YhU!GVe)Cqp!hc;12S_GkHb-l^bQkn6w
zJn6v!Ub;}`vj?v*x6)uHCfsHTcRPl|`BM$JjOM-p;g@G&Z$^U;rKaGz2JnkTrMt?u
zNDtW9q6s~ZAPjq`UVw0F5uT}N{;Do~APG0cHRn2Tq$M0T6SA0&!$d+Db2J&tlnbwU
zaI^;JT&Q_)zXki^W}kOLQvsH<AZtNVjL<8A<q!_L@N5fO7VORlTN9csahOaX(@7YQ
z10t-snoCV6dT_-P&bQ%wOLL|H>1=`rcILTn&jdHW<z@ypjTz2+B<h`|kNH{p(ieS_
z1@sLgi2mOn%lF0qSFJ8c_+3JUo@dejdfAAR&?XJ3V1B;DPygoM68AiQD<4s?brnE#
zIerMqxUir!e=rZjNzMPh!(cl>UnCP~Gl#J08QX0sNXASVca&h+;Ih#g<(oY$qob&a
zF&HmUs<q{BUs>R>ldILsrRJX|eE#&MIw!st*?hD0kLCe%*Fy%V_}T+Q>h^PU-hu6#
zw`3mtz`MBT!S}Fx-##Ps)f!=~4r^stSVC2+8-m>>^bmRvMD@jKrYT4hp!w37ll;3c
zd>YsFdFO%a`27!koDorkk!sb^`0-%9fj&Kl-F8`tX&zp?L_KUWU9d={E%tB8a`Uz<
zxrE}xVw+Z|urw%3&=K@IR!HFcDUQvpbMk13moC;(EuXtn788->dEAB9eINn9G$MRt
zSW}2W5bb*}h;S{-RHG>+I8KOoZZEFvR+h#rC{+OsH>HG6*WjcltOoFS14a^>8wP}X
z@&+@QOm%k-J)tSKgwHL*6BRhp)LbWUATG4Jc$M0auT}s@Jb1>1%Yo+3LE-*E;cW#d
zBrxb#U>a;p46jMYVN;yQ+Y-Ri$IF^08!=vN+I;5K6&}6l@)I)119v;@m>$HEK=3?z
zz=!Ua!fQahE=OV4viF;-t`K(xR(ES9y06{XFV~VnUG;v~f`Q#*Eg=j-F08wpsd&6S
z1v#Z@_TGErRhB^2)qJY~iynM*3if4;ZtHDjfl5obRDxQ|WL88$E-h>tgnV50^pL^;
zjK<jwQ7cynYZY{5j6xx=f91|`_K&A?Uplt(Yp-9d?72<(e>hv^iH9~a#NYG!2bBVU
zFKb(<-#0xod)v?c(l5q7_|XqDoXf$LWw^9Jc>WTcIfq(WLEH|Zr4Y+PY>QSHa;aRx
zQ3|Jvw)Zsl20?}o{JST<PNQ5T7qeKal$hPLl|6+*ln*y;q?BreCoZDat28b6;>tz7
zv3#1D5u3aB#JF?MAh&GK7*gUOV6Noyg*RFZq#Yi(ZWv2h*cPlcTwcE1<ndD#PA)Xa
zXt>T6c1Ha67d`k^N0Up#zu6>wctn$q3Vk-}ZA?Rs5>tp4cfheXih0zAmx~t)^CgqD
zQW~CX!<7I^3T_>MpBNK<c?NFCXtK)is&;2jgc#$RQgB;N*p?6ux8SilWVPWQ@FN3h
zMKbV08@|%g5Qh(s3coS~x8@;<sgKtY&Z0&4GIj=|!8G4$rO`0rXl@&^c*|^_nehV6
zhRb8mpXBKIBC$l0v7rpfxIhqGZAyEV|C(66H?*LCcfCp6FA?A1HLE*g@ft6DL&;qG
znr_-pSyWp-pM3N<7mr@%JsFer=oVjg2Y$pb-qRHizE+3rS@^jb7*K|K%sfw_?HS=;
zuR|<~Tt%SXHW6+<nh>s{qOVS1zPHQ(1hns=*UAL-7KFmqnF2S@<i*qBjtiCc?em1C
zp$;dD|AR{4AKe20_%X<wb2;#H_xw=uo{<U7k&{qsimukXoO*^zI36SHj?_{@Q-^%&
z^%p3{;@q=mKeua5@){RT>4-8*S!Ci4zBVC3pe&QO4I`vQ3DjHYv-7C6Dy}VjY3U-L
znLozZpv8Ur<J`3~$;@OL*T-~}5KwLe6zc)EZE+aMSX`+E99yXI&7-Tlc(zK?NivX4
z5;hw&bwEd8HPF27!AKf@V+MXGXX?yD)lCr^a4qR*Vv63VZ`;znvQvl*VkD4@6==Dz
z;=zkeC<mH71H!vT6hAVoNkl$_-{)fX6p8Lf{53ac;aA3le_hjjp#|F#Fld|K`yqV0
z3E%Kw*P!r`QFwbao-Xtv8H@Z=Wea{Fl<Fakj@h__DM&k7o2-o@6hYNo3e6%P9UtMH
zn>X>ur9r;<`aHk)$6w{Ow;kZ8-g_Ne$1@uykM38!@wInfq8oCR+kS0Wz(zdZ*NNC=
zJfa60_G#Ge>NN=U{ah3%i<NqdC!RmSYyz%xxT*kAX;}5(Xa}YpSoNVMa9<W?(`G9Y
z8pWf4YSTow3Crx?ZpEdo%p~fLZ<>o*o=~g{<rZWd%~TGO5vZ&!L07BbyP#lXY*hcN
zyQWFUteu~JedQ0<#m(JO<u6|3d(RU5Ks<n5>GZ&==l#ncyZ657Elv{FN<y>UFPvg>
zJ@j_GD8=I!&hqcS__x?oGqfkC(ZyvpCDT#ud-u_snBKBuq>?GluC5R&o9kw_@-sKy
zLdJ^5gS9$@Cof^ImhoeXuN4>g>-iI;5&`#LpWvPyNydiLsHmpEvV@u&^2CW2OY1&&
z?#$9^`#g1GjfY=Z=FsIf*~}oh!UXa35Fr6IuR|l$TnL4HTKJ94@YcN1_{1HoR0@)*
zNUaBGZ8l=mGt^7O8#$2P_oaqVF2lSFU#P>E8=5<ZgkPD3ca8|QK+QE&U!{gn_aNnf
z6<N@Yetok-4FgKExCTct?a8+$Oxo_-P57z{*A?JbXN5a*hH2MW%>H;A5XE{+bABac
zwF>2i@n-VLzNR>c=)N>m>ZG*Kfn8(lm>ghjy}`rJpXKawjV&|7j1Oh{uCmVszt$>?
zY}~BBZ(ZXhh;)@|A2nJ3aovWr{@-EDaNE~>=E;-1{L~@dl~U|YfJZa{eL#Z0l?ape
ze7*^vY-mpT!g=3#b@va!^%-+Bx=mrCpxhM7jc876^l7yQKM?XM$mio&i4+%0noGri
zaub?36sAW=6$S`x8@ChC>}Z0($95a2P!K!D&C?m;j-5WY?%vlBzp|svp-bOm@z4)M
z0i5)_#&vK@dN6y#zQlkP*II{yU@LmPX%Sbl(ow!vguj0MB~CBR)2vijTVA5$y4*Xt
z2`l0bG+l1Sy4FLV{UhVd6o%P9F~i4hyoF6^L&zz9fPZ!YxwM3936GZ+d1(FwmgRE8
z?j#TFOX4IQ2J?>D=$0a83y0@DKKXowj01iU@Z`}FFP>=-stozTF*5m4;)yuQvWUgg
zXsucCT+#{6uWT0HQ812;O2kmPLC6e1JV_Y%&~YK$nCaJ72ScwGUW8f;DivX|4PR)&
z3!dh^Bk)_BV0YXo%Z3N%R$y)oR%^m~OUNXIe7yg((lfAOw-mSv$Fxup;SL8*w&Am`
zW+Dy$+pKUP4fx&J0rVJnyHmtGU$a^_Ohn2u=S{?*kk--0jx1H5S5K`D^)?feIc}cL
z5w|TKf9(<{=GK{+8fJ1h8_C|amYEG@(9H()|E_!f?s~H_NVC(TNaNaifc_XlHvS)-
z=ji|Kxpx2nAOJ~3K~&{+{?9*pgc<GfqiG@RtBi~Z6a)BbQy6uGyJ99|QU&hL!`{r*
zkc9{|IzpvQL}t<zeshl}^N`Ovkj`*<)u&qbu$3m0av0k@jx#=v@5CvtcbG4_tTi-E
zHzZN7qWl1o39g&TkxRtlCyK4Rn=yZRYm>v5zK2f39~cI3XN;xAmE{}a4R?CGi`eCc
z4x6qZW?GM_^rNQ^MQh5Q$73gsQC=^zytK&2Z@-g$Lt`l0GGlNo3sJ)1r6vC6l^3~d
z(+pb%3tTrjMZt-i6Db9LKydUDp4Z{!+8Up@d;}|KlO1vR(A_DLu^5G+IJRRbogG_P
zEOq$n7plB*u}R0*ELRm`=Sb&AN#sUJCJmX1@is%06{F(^tk>(@HV|+_4lcJ05?%}~
zTqi-w0o!XM^%_CPGy6yN&9u;c)?du1`ASu|(u7Y};9#iv=!Ed=Gs2K<N~4v)`E@8(
zHt4)XL(+jlDjMzCowCD*f%5}lwPND<Q=wporXRs`;FqW1{+y{5Xoaxef`(^Ye#cR4
zl;fE^c-s^FNchL|kWbO`+9MSZ8P{kIUb9Kq^2iKkxMg;T(ZLK)AG*xz=T_J}Gs5(6
z=4!3jFW~*4-c^7d8wd3XZ`V_ltB;5jNdN2lEWZ%N3Z_SUy%q4EKKU%?4_)MkbBgVb
zp#ksRg%D1-@QN?I(}5pLYHC_>G!X8|YxZXP$XWU>r0ofHV+RPd$xu%Z7%oRU?4W`U
zZ8xCP35h!~@<V9`QxNx?l*=wPFHUHusJ8;<*L(tCz-?fmQJE~ergEelJ8|er{g$>J
zoS$p`|7Qn&U<%+!$kO#~Z~0uay1m$LPmQ*<3|3q%^%h~XCEE23m3k}&F$>W!lOMtr
zVKA5Bt-JT~(S0|PavVN;{1B&BmdR$bELN+0;>pK&>g*YQ_Kv%Z8V&u8I8jX8tCuST
zjTUFxRUTiTBk$M@Z;El>);NBsNN3I9NZ<2WD!F|5V3kJ?HOQorq;sPT42+V<juJ~`
zB1>olPLxF$hP2yF*2`;D>V`h-wK9Bl8J;c)uapChRXk3vx0x?Bh<QE*3+(P*joiR)
zFS#EIjTThvMhSds9iC`uK0FEkdXtb=<}-CW=$7ly@yyN&H8_?qJEU=}zRlkS=_0wQ
zyT%2L0Z+J4^o2DAA0HP!ItEQ&sJL*sBrI2jaueJ@h&x8mwKn7<iI`y_%EVzb3qu**
zBgnkg+^EQ)img!XHiUweOS5;nz)&v3BL^>Wd~Th6d!`vF<TiZf?&|7<uD{$}k!ur1
zUQ_>pk-d-ZgKP+R@3p$`9NqVcj#Cz1DE!%15AoTDzQuhR#e-?^`c7eCIv*cx0ZMph
zT$_nL2p2I#A$!vF=G}l%7`6p*+l+iqIgm}jSY9)h!`xpKItWPF0ok}Pn2RyKV}is`
z0VRrZH9+hHxuHCXL=4yWS+09b=QXKz)8Jz1EPE!ixLRiq&eyM>i0juE+syraa{2>P
z002ke^wzd}`jzTRdeLuh(Mp^#u_az^YAM$Us||F$iFAClQpA%9?%KA41Cz77Z^vFz
zVywa69eJHUdGec-OGREhafFx7oZ_e7_5e4JPZ_PRjaAlN%L8Cp#Fo~{I}R_`N_gV3
zdDdYjV_0C74r#SKj?J}r`dE!O=3LsI5R2y+7}-qBN%X)a5epF^@LXE;3YF?QOQjOc
zc7v%z$YflYNx=0v*pW8q`@z+aCzm{qRyAi^rYv|iEv9KCiVs5!$!DuA)EZ#<@YM=@
zrVei%f?wYR`AGPC7?mX?;$|L$Z9ygp6M4;0Y9njbU*7^7xPsd;-p8{oXaKvj!f$Uf
z1w@@dIA0XX4I?^UXjp-D03$iwyIxB{CZWkE%|`B?U&{t*iI@RCAVMt^s)11PHEXpt
z4P|4c6YSqKNHXQ{#A_ERb>POmGo+HSjV7*MMu0v^>i<vwl%eQD_hBC!3ieumpl|ic
zktOmTEI#|xN&e{1A7_X5`B>JB4DY5A1%sL|2k_-4Y_f#6MCko0!jS+DWDN!o^s}@?
zZ=bYbC~Z8ZLK<@MYf_XE>Ys}n1#5*K5*U`NwW>$6*+$SLGD#9i2Q7-pydrJ|NVQ6+
zEF_cW`q2~@D(=YHQft$6hQ}A1-@S+62dV%7PQazR177)dwYpODDkCdibE2iR<i(a$
zJ3y6dNTZ2vyJ$baN;(WW2~^+{Xfsh|Q*MwT^jWV~NZ2-Szy20}{DxZ$15y8*^%)R}
zJFr$E<_9Q*r%Ou=Bo)&`;C3`u${xq(TfBC;P0Q2lopM;NX}lm#GCPPiTvceT@!bY)
zy~OJJDwXmY!(o*>avk0^9P;iF;r-+A{&CH{!*EwYxFIb}#Z56zIe<%Tc&!FyU)Y@%
z(n@Ii;C2MJBXm5IwmVsePu5^E3%|PwCLBTH4l0p=Si%fcwPU1GLM9fHi)%(R28q{Q
z^2_g7h8=gQY-Gekc&QD(f}fo<o7E4Y+%joL$KKemerRfT#`4Cdb`v(;+uTissc6>A
zdH}~8!s`{`+a=+#HF&ZF&y+OJlr&EjL!Mu0@zRwB2N$c<J3i}mm&2!*D2xoSb!w1!
zDx&(*eZt?*$JqN=eV|=mu-)~PuHr%H9;d@TT!9VbUj!_Nue@-c|M-c=NR;b*Jg?Xq
zH$A!iaD>)y-h<bD;bvRdX&dBYT?;RFV3PxP4;p-=|AMb_Wcs3-{sSU=*PAyWZVT!a
zRJBB9z0T5VlSaLT=XoSjNhU_qWCznoCW8(F)LMzaj$x;h>>Ww*?fJ$wukE$dO`iX5
z>A@ek0suGym1X$$cF#Tj#(L?>f?Lg;s8=SIJ8cP^m<*@VVtE1K${LIg5)Fax&Y@*E
zp5%^gJJ`Kt2Y2k)%iDJBBCfUJd=u$ymW|Ps5&gJQ#8%7XoH*ZFU&X7ns0INSOFpNI
z9;?le&BHct-IZb_XY=9(4<tb<H-ZjB+RZxk$|~#SBD%TGfn<|+4TrpMO!(k9++Q$_
zF+(x1F+`GK2pJ1@XJ9fe9Bl|L!nU07>N*tLu*(4zm<AF*;`H}Anm<_+E(Gvzx5JHT
zupA33SAcX5Nu<!WgQZRNoUMK0mKl>BzNz4Mm(c2%{BsDb2Ex}HFp+>?o6%TW2tr|{
zh5@Of+i7G($i!hHfAwY+i6*gGPz!`ts=_yl!WWi>&tHMB72&0IIN#9JTusYP(990d
z$z*8|W2x?OV!6(-#X3thkF~1L`S~?Yo?GVJ<y9IjpTR<gL?&S*A_$|bgx-+E{)_1f
zRoFL)7>rixc@165(D(YT^|u`!e)bIi{Zmil&8_hx8O2QraJgEiDhx()umd$^z`r3w
za6~l}UT>S$?gxghdEvFsr(bvVM<{)s+Xi8ZA_P*lrql7M)LdH47HO-)=ujLdpF?GG
z=u`^bY{Kd~I-Mdvm}V&B$P1UNH>6YH3l|$)e6!v01E~Y}ZtL?t-}-Ox;xo1KBVSxA
z-#?mKxNqP3&}~~*2M5PeIeFLgHk}DUwALnlVu-QBFd!j{odbiQL&8o6&?c48orD`{
zbFB=I97-Xh0|e*d42b3fW3zmD{s_gAVs=W{IUQ##Z!=qP7|$x6JKJQr4x<BcI_)~u
za*?%Km9%d0)`I5dyl@~Z%*NT6y4&ZiZqQC?Jo6oQ55mbN{OJPRRDiuHcx(ZN1I+_@
zF^xF^s1Qyyg`+OqG6?q$2#$?8x$c0S1W~AV16mExzPS&5oB+|gUuE-*HGxVKY+Go0
znnP{VP53~;G!6OMZ0uOXj@853G&q)t@nNGE9t?QZ3WRU1!!v8}Vp+4?7B(m0x*TjC
z(hNJMF)6PMtvTrsNjPXHh3h!9Y=^QNuu^HU-0)bav^f0oDZct-!1%-fH|-kdhP~6=
zcHK1lw+tJc!3+969es+R3qZ)m&)*C%>^`IJol=U94}bOLLwx#+FVI+8<Cc`-4hNdi
zeNlZOgkZS476KuuU~*%m1ZgxA$`k~hX$ZShn$9(XFZ6+ea`kiSKD+MH{nsBoi`jxO
zn1oIclGQb0<pAYCkRCuMGsx5g`qVk}r9~u_<n7xA^-FWr++)X9e&?Qi`1*5i(l_u=
zssI3f9z5DS4?O>1$9wq1l`99{Sh@0m<yarN{f^s{Im_0>Vi1p^+OBDCQKk)3{0`k>
z4<#z1aR}e!8ApJSW1~j~an8?kYr4Q!ltWs<gZmQ<<Pv1k4uKEFn#ZXXpN1P!Zq#X(
zYp710`wE)-M}*r3gz>nhT7xsog6C`UabYwI@tBUTLPt7jqsb%G@FQdJd>M|e!iSP@
z+R}Wk1k;vgTg)*3rqLX13v~_q^YF|%tao6c8G=<|Qz2j`rPyaR$%)r1is+`>zZ>!$
zYG}HGA4VL78eVL{fUWqza2QRc)rbX!w6I(@^#zE@DohM$hSNsTiHhnBfY+<=r4{&A
z32Gg<V*q}7QnNcFY)=`Ilio8?K<Jt@sBgOe2;!!RAs&O71a2xvF&1a8>Tzkg#*z67
zFT8x3Z$5v9-P^~w>!!^-aPMxe+c9Qbrl8x~e64Bi1Nfw09Y$aKEx&DXajDLqf9X{o
z`Q{O(Y7N9u%!iuQKp3<(u#Fx}piMSlC4{U9Lsn>Ld&G1^?r`8)7Y^58cY5QJuJQEE
zkNZGc`t+6b9n`M_d~G-gM^ffvgrOjf2Biy2tWiT8hg>1Spk*QTIxMfk>=Zw9%Y=UZ
zLgj7izWZ(nKf^Ux?LSEf@ZHv#fYq~_qxUD{m1WQS;D_JwU@~XN2sY24Cx&5VtuJWO
zY)o`9;hc)u=GVQ@PI@tF&lOaHKDP)0XIc%4UW5Hx62uS!3>bK^=<<cbZB`lqEw{sM
z={6smHg5jy1472uG@5W>RVdbgP{_m-83!zDqmQM(V6FRrGjU;|4o|MZt`NqQ@P;SE
zMc5J3WCcndJlYhl1W@!ej~6vBuEWa};iYxWE2|xjmtBt4LQ0-6n-o)ePoLqtI^;xa
z1MJmXMqWCBY59Gq0sFJ?@kwK4x;U9*Ln>~rw~&L00T|Ahxpx}lLAVHCT7f^j2(MJ(
z{z3R(X5d5P!rcX!Oc*W#FEE}(fALm`nTiv79$~YMuGZ0&D!Sf4)$0s+9cJ<l`?n2o
z%S?_NrZQ|BjB|N@ov*)ik<;gwsWdz$r$@=86KuFYeeV4=a}hV<{V4Yu_@=zkvUuc$
zbNtC?Uf@fQALb^n!}~IdxWJQbgMHlMnBp)UWq@=v1ELfPPqtvpf_oAh)8Z0hsNTNa
zG$G+z3vA3L;F@c?cIm(WkbVUc(uXgIaAv`0dAUKY+@!MBV$kjocfe{j3G;b!*(6mz
zkQe4^n}!_yxuSb@mEb?Q2k>UA;s(ASvvHIesu@m>B6z4E5F_}ebWUrn@jUd2%jm#I
z=QA)gh~zW$Zv=s!WJo3nxeTdBom+Dw{MX_V2j>Fby+`3TJG`*q^0gB#XI6c7r{KXM
zxMxV%o-wN1^EI)UO*2$9T#vYItmR<F#K2tvx@s#%PfQ84>##k-1y1<z_5{py;HV3C
zrG!Hr%}Y(;U<(Eu7`2553YzH@#4zpgtq?AC;Q4jo*^=hv3jEBJurFn#tXqZGL;tnu
zB<y&`3-AKy_;9gf*of{aaFr+A-G7BN6fzN)oigS6fz~(zs~z~%lIBaxrlt5dXW=ac
z7*Clu5A=otw7b?bj4n(?%DF!zk1VV5UBa?USgye88sswM2Xfp#Il%3+1H5JH5HHWy
z_{!lc{Q0Mz;f*7gdGCX_^1yAIq0{bbx4R}Z=wbuDN7(TUIj3k|JzwJS*Dmw)s~1>4
zzs5&%!cC51%z?ZQ7d+ubA12%Io{X`Ot_H2Ogd*CFynxikN9*0k5e1tqIMsv`HDOPh
z?+63FBSw2Oh45WgFS3bxUFsdEd#3U;@HEwSi)vCx$3cg_$ifoDH|rnYH>|&KboJJH
z!+kr1pQFzU_-CO2T3RQx6_daun~{_QOY4RzN-(9I(MAnV&7<e8pmYGsCBn=alFuNc
z1!QCZm2?RG0If~uw!~t{*dU2Hmz|j$?y}9Ll@9(c;o)N*Pn>lr*Frur0q-clft;bB
zue*jK%t^!v6B!b=BHO6auDc{1^SdtB-Zk7c#ytl*9idW(ab;Y@^S*Jpx7hGpTl1-^
zuowt~G5F~jxGt;NmVnJE(<syn;sw?{;elcJMp5|7Ma^7G^KZ5Yw`VuBPdCO4wb1F9
z6k`xZe>I%(g^Ufi573L8tcb-qh&*fKy+r3!f}<2yTAKgoB0RdLxiJsFIwR~)8oF}d
z3}M1j(DsE&(}WDk7-ZsxfJ7sR)rGjDdco*xC{a}*K)VI)7D2g6xLiUF53+r7jP2t&
zZk`$7=`(Bm)k~*1Ik(24ll%Dj_a7jia?FPdLQ`=W1`q_Oj%PRr2vG`NKeNoEuPyNM
zxmC_xSm9<gKQgG;lQ5YM7lVm>C<)@iR|4oXH9r)Gv<0pf9Yl{qX^2BF!>BNIw<8wZ
z6gL%|kC$Li<~#R#e+ckq>+jPCS7i_gO=_BrhBFU^*rpgvDM2dhg!NGd3ppO#JHqD=
z&i~|I_~P+C!qNY!AwYNSRC<>ecYgH8@3}vbaU8;(v&fYqs#G<S28a?JE)?PX5@IQ;
zIwa`$q}pDuy;!eT(e)<U51?BO=X&VH6;#K^6XA{88pURlQ?-D{PIuVmXnt*r@Zb<^
zOPb#K%WJ}F)l_ad=@d>XgN08<x5>pqG6{`iYn0MgJ(T_xgivXi7Kj8U_HJrnLc#Hl
z=5QNATln!Q_=yS4gTt^dXLtmAR#JCeK1kaznGp78G~;pMGfO6Ic*l_R8hey7U4*R`
zv|Z!&x1;_jFN8;1LQ8~S-K342XlVJum8#%}LOL!zFG6E1c{vb1F$WJXYi`QJ?`|=D
z?wZKzV?KYmC0tlF%sACHR9oQsridtJn*k+Vt1k#-b5Iz9Tplci3Os}7Dna``y4i+$
z1DZ`#BEj%jp8aDP_D<wDbfL(XU%tSF#dUTUVidFowFc5`MSq*%wFo;Mo<F(F-#&GU
z&wlGXPrN>dvr^*&DdFCvVtX8Pw<s(6lUJ}wX)3<(R2zyuI9eE2S`s2u5ngd&)`lA$
z@S<0TfD`GsV=k<PuqOqR@r{A6{qcQ&$YueKGCYbKBU$=J!+)2s!B$=G&fM6s98Ba)
zL6|v4qk|ANJi?}-41afcWg-z%Uz~4;#qMeTS$F^`tX4-tZ96gZsVoc1H6z3Z?AJl1
z0cRILLOdn>#o43M>U7wf9p;{)Nj=)~2<k=rVhKql&~eAaeqo3%HvlsVdNdYip&oMT
ztmZ@G@bO7uYZ3^c)P{>Cq1gh_nm}xF9ZjOPj_SCi#V4K88>#6x)8g7Z@J35$yWNfq
zAtt7m{E;@C?+6c$!Usm-&H+s}Y8&oWkM*8+pNsBCZG#0{_{cbTzVQ2(H2?Q`_=CNI
zEt+~mXx23yU+9G3c1d<3MRLW5tfPse@dSKdIJIIZ7&CE$0i+%C8Ud=V@bHRp`)|s_
zZ*Mk3O#BFpkErjdw1o3TlWpjZaCEgvD~b|k2B6#dYiSL!7z`F5V|q7qHcPPJp}hu5
z306!Dm=JcLv<jX}SRElTGR(c3bBxAj`Q#f#{^qF@lonU`-5<Sy12Y8!Fe=5_xpkgD
zxx#B_i(FZ)a`{R{I-P(x!iO@V_eLIEyX!eg#7!&)7n*i7A4_Ud9pRfLSk%ai9btD&
zOCXwrQUnTZDG<FeF5LsBY`7}{pRdEiMPX;kbb$7hB^&n+G3b6ffD;X)fOe+A5seq>
z4I}nuC?dx5ni+thlr~K22}nA^dQ%f348*`%FB3LfOy#re7|&+UT(0~uaJ+lge-;WL
z<~S|gZiRkeY8B+%99E@?M$kc^wdbRcUw~!{+fw}5r4#bT>fFmEKRj`vwf^>Fjg_e#
zxgqxFM%i!WHBA@VE?%e!LQ@*5BC6<%tp>w!`0yspdj?=UL1aEnE&OT&QdUHqsljh|
zkg#n~^{dd?zCf-U(@JDj+eY{!&y==jV)<2H<2&&4v+$k~m`X$dofaHh8&l9F$+<?k
z7{E^GV2CR}HVMb8!pl{7d=YMpLEF`4DwY_F??tY^A_4(@*pvhU)79qsP;UvMHBDcr
zcQol}?3J&D7uVs><}@)S+%X6{Guq64>_f%_4QmZ3HOyv~ZViu^5Tw$Ep^heQ3$|rQ
zRy^OwYS&T81c8b{$0hVbLJ>+$=~W;m;=)iK;<YLeO_54x*fkXA*Y6l-I_L1mFU|9x
zA9{n2zGDw-^$sU5u5sZ?jSIyF)oNP`c7SauKNeF*v}UWebPl1*?I#kVqj{nzF<lQ%
zT)2BelW8DNm!-29>gO(m>d{3V+?BRuR*Rl&hBC%gpi@+qEpW2~r+ne7>zaLO_)s*{
zq^AT-q>C-W^Xu^CRm~+A0yI;O@RQ?kAZ?ywH&M`^;OKu(CuT~C&4&>dtD42K;VIla
zAdDw8YHbbD3Er}GfHU*e_ufCtA3Sr(Oe6Yd5d!Q<B=Rl4^OJAC`S$dn?O;{wLZC&I
z5QZ9k{35be!L}5iSv)U~&!0MzCin#>lYF?=Za=f&HqI=!tFcq{^|4nftFZ;IEupd`
z8&8mSlEgx&v|avg<sz>)mbiUH_{D8zNJkKwh82ZzrAl>!0(&9Elx8#?ka5iBysCjL
z@@FObxrnjKt(F1bywC`;*Va5zhNqgs<{bRu47`6>GaLh73`NvZRamYFm737;g`{(}
z7a)BK#^@U%p@d9L^KDl+UlVQ<P1_SX(FpNCZ~P5Ic(M+sL)e)X-d!-Cx$VPBS$Z+!
z)SyBAEd_IJ;Xhx3ORg{#hqn&H&cxM<NyKclmAcUGY_z&|0ZA`_bQ}svNZ3NtgSmBK
zaa~g?yCgad;;kxSxeT7i#WF0EP597s4ex%n2?<*h8^|E3G+=1D(<z7R#<GkJBzg4c
z5@#1mymoS#6PFsSHxbJZ#nxdcN_`#Czvn3HPnCq3W*|4+>6rR{x``uUW8SNn(&(8n
zh=H7G;9Y9V(`U=UZ)dXcmtA<O7SPGS-M7Uff)LqA8HOU{Ef}(d(;mFqgs~Xx$VT%7
ziE1tsJiH?O;T&A3!FDYqec^?g=CwLpmyW^*u8sh@g+u-OqnmM3N;p{*>TR<Z5g5yW
z@;qdGj6%lY)2}ZNdd=A1EV{uu{4?<Y+<1JBcD=Q@R$_A^g`-20BSxW58R56$4o|FH
zlE)X%ths^rZ~wN#3$$AR3qJ=hw`}*}<8^muo6<c;o2&P~Ql8tFj>l6871w^CS#e!X
zHY@m|aV^1d49YEHgANIGKsF9LMxa<X)@nGT$vQepyY#OOS3r~*vgNu$yJ;+~r;YH_
zfyW!d-!(M53-GI(;m)jv;Qwpy&Ew=ct2^)Sd2a31)vMInSIdhQ8{6`RZLp2mu?Y!y
zl9><!!6adLvrI_x65wT+fn+`*Btt$VFc5YoYzDJ<!8XPlwq+a3wie5ltgTz>eXp+l
z-us;QkLTX1YDqQ*Od^PmKBexis(bHqpZlEiob`8vYN*sg*gxq)brS8=UeP)678i6u
zD7z_p1U!_PiqK<)wFVxmDF+)ue=N>Lo9H+S3^yFwPa!3AB*h`jSS4+o-B`D<sMC`1
zKvkG(DBm7~k*c!A6UvGMW;sqPaW8`_bn<Y!mf9GMLnx$_tmm|W;W-#DI_)Z~T9Q;)
z*{P&F2T49thHBKs3nMf_rP2W37tYF*$aZ&QGZ`3~B<$@Y+uO~X&RLF#@OSqfB&mjU
zGLHt0Awlo7mhab$xBc<4;2>Cg`BJ`gAT)2CwN}zb+7&mACrfcAPR)nzl<03PBXir7
zZn|#M;*J~kOdJ9Zt?KZW)iTOdh;(^TQ#fsDMIypkNw_u*H&lhcJE9CW;5Ge@srOZc
z?~KCtCZJoD>+-^eh!eX#;f{*(ok^#i_9a`OFA57w8`^)W3p-{KFk{_@mQ6YbtEoAs
z(5kL1i@MSs)nerW;1HlEg$A&<T5YUT-m-Shx}}@?my*n8gdoH|by#I=3Qr7oObp6*
z4(%?^H>&U6*w7p9Z3|^=2Y+XS$!7xgzIx;8M}tE5_JR4SErX@v>LGuQSvwD2g-wNk
zvKYog<&r)_PoV>o>xE1XH6F$W<Pu6}#)bMi(k(`csVxMHM5cmY7yMe(bu4f%Z78>u
zg>O`0%Oc^AS1T769FxRIHHT+h3N8^o91;~b0*ms_9iq)u)q37ZBODrYJLGf#I~vdl
zoSxQZ2rN!>w-!EKgd-L@(jKd_!qtnk+32{Cg}xkgXJece*i{t%*CA!K2ro*(A%quq
zIwxto{$f8!?0B57McIPt?k@<1rCrLJUMFZu4Pj^=s=hl05mHH^Gb5yv&fhQ>NA=<z
zH4?nlz_272kZx4aS`BZu2*nb%&`Bbl;*72&4GY_jlmzP!q=f6$*1r1Sw0&r_5>7|M
zWoe3;0J$~;OEx5<T@$1oGAw4~LQd$+D(SS5C(0&ybgugJa9N)QSeenTZX<74>5*TY
za5)b`ygN&Cee`><OyE!h?k~Z^vvBJ;+%f_8&I)S<-jo+MBwGS>T>?fC9<B%%b-}7^
zE7G}OCAOJi@!zV@k%C+Tx-+n%+x3Z11)Is@b#<_9xFl1v)sf#V>+SbCALz+JDR_8b
za>SQpQtZg2hL7%1b7T}_E#DhGAm2Q+b84zK|0k)s{p$aC4z!a`?i!pqJUepQNFzLL
zORwR7ZWKPW89uN{c;{(`*DZm^itzCRLP-UZib<uM5D<q!m`ysh6IyIIY^?wQAOJ~3
zK~%e3{1PJHq7mv1L#-k->Mfhw55f3w`@Ha#dF8Z%@~#!i*1X#p!w3|~Gp^ds!}&Zl
zQrDa4HMBNdkyb^%5ocEyYtD(a&U0GFU^FAfI9t{;3L$)9R(ZOiyyC1J4Pc_?N)ZJ&
zhKxtk<VYB0HiVldT+YlzDF<Cvu}UT0g*5U<wC(<j^UCTTC$K{6pu*NKvTW$H<UGZy
zlJ+b{l}6YKO%^grCaD;43=pf~v4Dw-kKACv*6Qfwtb>2Am62!mV`pYbsn6Tb?%}2D
zyGRgf=c+9a{AiMqW7ozb)09HxYj;;7ZL59zj|7*+F?6NwuGyI}T-ryMAKJ^~^CW}`
zAKft;x^{puN%XA1sqP6QoSlKUbqLoag;YhDnHO?3;Z14y&v{s#a0dpsS3zK7!o~Ra
zl!aQ@nv>Q=TEELNZ{?GY@mKaZ4WMa~%@qMy-<L&=Y`P~(VK^yF0D!#57k2O2@mqsE
zD^h3J6qIU=`&Ie!@IH1=4;`4Vl>c&hgIhlCLbfNQOIDKAs{DWWwYU7q23>Y#C%P)?
z1nofj;FW#wL|M3bETsB)nd?^jT)D{LH3ED;Ag(2kDbC4`cP)zxFNc8;2CdB0nE7)G
zca@Z{%|Uk_-n!Iv&=H&}7u%UeS`L_a5r$D=P;W<TH*MMdacEu`oOFv-1v)*!SEWIO
z{DYDc2NU+WB5e1Si`VD5`m_$V4+R{q_{3!tQAe}p%M;g%><3e@J_+Zgl*dBX(Ren1
zxXoBxc^EIcl!5*Zr#XdD1z|Spk?P1pI)kW?3PLudDs)e~o{@#DvMA@^-F#I#GVY!&
zkZ@6MTnAHUu8G8$e38S>2vp_?_Z`HXv6ezU&3j*dn!f8>dsZ}tAOA1FXHKw0tnb@z
z&13%RsfOk^XX2g2;Y`IUwzK8ky{56OPidy;%Z4_e-^@h7_Cb%Ar;HQC(l#H?T^pGg
zA}mirUjoieyL4<1=r9ghC@#@65f|4LPB%)wfhXqS>K<5;c2R%yIN$IBir0}Bolv8P
zBmz`iMewrDG<7R$=N6M;g3?JN0KOUU$Q$QMU;4;>xBbyYeJiA)mc6s%OjhS_ELs1f
z*#?h%{5cR$U!14ESd_nC+rb;&vq3w~&!broUtL;&BVl<~`OCGiG%0*_Eab^zjTiR_
zzq4G~ly%^Yu}F>U+rc>qD>Wbrk)h7BUyp@=LQ>(G3jCnvkapg@7%quad5hwu(?}|V
z@jS3TD|)MxM=jMLLWmJqzewrJHcir|&K;ux4NW`Hkl1;ZHjV-FMo3vjtngsX0gCMR
z;U#Alc<rWc5TP@hV65yjUWfivYwqGzHP;XxoB=FckQTB6odO99!`0R}nz$WpI;m$|
z2+@G+=G)bc?dWn&QqRK(bc!XfRl?9|JqB&|*#l)|mvDF*s&%)u1=fY@*7jPG;&Ob5
zP?<!OP{39yaAX9|K8sa_41e+JGgE*5jUDelr-z4j&anH~byA(@aCf)f`J*atI6s5>
zkxXgRz0@;8Dys3Q)-4ZB3SJv1;f^_GS9h2nkNV13fOL3~wGz#vvl`t5DbCrO5a<(#
zAxkU^7qd8-tSJM&bq5YNVBSZ)D8ayjL_X^irUt}Ub@dBvtriSOy^i%m)_0|}60*2a
zCkrQ$01(hO`})_1=H{L%HtMf1qVuIn{kCq){WrtW=Q{R^KF*pA&Brh6<BC6BqscRp
zZVuusRBf(tr*5vwDDPSYm-oU~N8sB-mc2!I>vG}s%e5J@sWzO0u3mF0v4~^R7_Hp5
zF2yzo-NgGA?y12ZE4+QFa!r?#2wX>Cah@&rGo8W)LT{nQxe28h=`@*yv*8kLHb8sB
znsQwjopt*Q;si_8D!C+-6>cuU&HyH?(nuP9>w*Fotm!0|N>OZttnW=THdW#AdEr%k
z3sGx~z_hRYU`kk=5H89%#NuA#^4<?th54FmVzFQsinWtACzx7AA}50yfqDfk%|oS(
z5yd1H9vA;CWR$b|9e!Rdbga^qg^rY<z6A?jQmF<`!|6&3##6lFEOurFv$&s^EY0c5
zHukT%b?5j8Ap9MU(HQqbW2-TrIAHafiBP@H1k`L?Mc^RMlLmS+N=1eLGXQsut8^KX
z?dM4mK2=uPzPrxWm*&Kk4mTMyerPQr;8gJz+a9-*I{`110Pe48WdiokRb^>K=*L3|
zTIdClib4COVv=JegZtbmHkBH^8AG6w_0l9Mog`tvn07*WwX!?(gS+dE@b-(8$370T
z&vnd&-MqA<=2LH4#by6(m3nJaZk`lkXHrvdb8@~FMq8P2*!QcF@WV;rnYz+zg+g68
zIwj1_yCOE<j|$KtJ3R;^Z+{r|%dl=Dx0T_>dAOuk`Ms417B626t5zaQmSOr9Ba4=z
znG9xr7AemoK}ag$Y_(hxa!FSr96!`{Oo>p1XGWEJAkC7}1g`VXjsT_tWqTElTH(^u
z^Zf3Gy=-1lAeTzvt4pQMdcp&T=jlrdFX?XO?>p1Nh5SA}1m`5-;*9g?C&YP`52&&x
z4X5W?Kp@asdrsY@X_u<sK+7d`zKE7fP_LraHkqMayJ@D>iYrRWq#O=GA>&YVP|zjI
zNvvH%y`#Y1LuCf11IEh2l7f&niq6lYJw1rEZ0yf+)86UzYcf1JSkdEf@z&*ZA{04q
z%$GCP8kfSGi0(BR`C;}N;bVtk+YBtpi1?w*pPtp54^^25IIBQy($b$0x#HrCtG$Sq
zS!*I<?mO04Uw~TBJS+veqmKO8mq)5yi{DFFpC75%^Va1^EloAeJ|T)oH+7N|sRQj=
zLNwvh+e0~-<japukO&f=ny7~}CzSvI7=Yjal=egA-k*SKdSQWU=0fv{-&?O+-mwf>
z;=J<GmYctT`D4<^))WB^LFR>Ct32KiChD*<1PN$*%45|xB+3zpm_O8Jsy;yoH_gLA
z3)e4JF4(*Z)~>^JbYfB&G?j)_3d!fO)hZO{!G^6}K_Z(s8u)^@4eTFt9c45Q??s$<
zZwU?t%9Us4c;%K3etk<P=dLWUv@?U}B?zM($P*}}3_m_vX0&X1<6>HEuEixIZ7af~
zb8tyYSetaHL3s}v2)CA@H-f#6JGHg%V(~n+O7s=N(Ai&2#+TzAT5ZQUzH!#G5x3IS
z0=Yb9)hfL1PR54HRI9GvUcDYrNVzOVZG>p8f$8g_Gn-}}liW8vw`xnLesy07zkS`j
zX46(3m>b(N7IN9P8tm|eQ42?Xc*GaJR)U+S;BZCxt!2XRtU~UZl<G`F?;345jJ+dO
z8oe3MB!p}GgzWN!v{d?N5~Th9+PCUsKaVIa@L)}4hi~r9FJJkU?!3AG(0IA$mT}Iu
zLh`hnbJ|MW1Eo3FCpHLT|B(Qqir3f2gh_J4jtMeW{%NEh&YUz+fS;Bw?c?=T%qQM?
zrfzuqQnV)mw`jwBY%%`=lICKaD#6}i=fyuSBfKmv?5e>-Wfw=a;?C(?SJl-Bk%o1>
z^_rP>AtY6q3t%D?F6xFYodOf1uzxokc?M?2Fy%SS*f8PVJ?Qut8ivhX!!bZK-1Y|>
zF~xyVp;&TNUvVTMR0kyTln<pq__ebOT)3v2b&ERa$|ea_94?)@I)2ad$fiABw6cTg
zK)G$wX)SRfPgP-eN$5+!8Oc_|l2C*m151G&72$Bz0b4f5+D@@X5xts7Ma}2ZuB$FM
z%>8Wpjz<58ObBCr5TQI@17pZ{7AW*|(g=mHu1Khu>1k}uIY{1o{xbEw<kp$Md-bs^
zU_0BXS*?hLbs`LfaDQF6tu8!R7iub8o`+AK4)0jz8h<QJk@G#Xq5V9WOt@>rmv25?
z6W3OpV|*mXxa?w}vZk&OGiUUiJt7Sg8&)O;x$TM3iE2mZ`<^Mw+y3`K4(%*UjMUzA
z5{arvb6YrOYTGZb0ztq;B_xLiL84xRlPC)C)6hj-TvcqCfBOA1SoOR8Xoqu-w3uIx
z+4&dPNG=9GG7Dof4*U{v4KhzpD7Tb_C#%Y<a*A&y_Iyj*S{AEl+=eS-T&3RaRXA*w
zwJG7oDR_K;onlZYnJChcPH<+oaBaV3V=_bn+w5Z(@4&5Lw*4lse^i*7Z)MjtlTHLi
z8ZcvE)ABUAbQYCFbiOul)aZ<^nTp5d>k8boYnpG28Gdc4Hgghc7WP+^oWQ!IQjV69
zZ=p|=OEbcEO3F>+${(!}2fr1YDYPc%xD;mE7I`%GW0}7_;VJedw7%v}8Xnk>b`;1p
z8k9AQdLDuC=w8x+S-u?g8+eBgVUG;MmM;1PUV3_O>h|5EZwJ0Zn>N|89W8Y;YY=`r
zYw;71@PvlCB&(Ex)qSv`%Q;w!0dyuwC%wetwn92~jxm0APx$SDKz`%liu7HaM=L-}
zFKk<T(uxekA1u62$NXy&!b+<bjy5VQfstK<b2Gr#Iud5hr;qU74V}`tGN(!ehHWiT
zl6af$6`!=-K0_f0I8v&SHcZxi%5akT0G<z>*UdSV(0uVNr|J5)_oD?_$oy8?)?}OA
z<(L2(J{%s0={Z>datSU3bFks^?O&8KE=&_Usp50s7D>*)REXSIL~baF999=@9InA5
zGce%`OERvD&%R>F<Ff&`k1Bhs!p5$sg3q=k8nrQn5qG`)BQRBJ`yd{xxLTPTORhEe
zn=kHWNg)fyM5=Sk%5450CGe+=FgV*_xZGe(PFNq6td7)$FAu>ABV3Yop0k)^QX(W#
z4)`#wurVtvOGaMoc(pZE_~WMjxaY7yMo8;B?aEK{u=u|)K&y4K;?p5@^3q^gA)v5w
zDbn4G<O?VvW^xK!$Rl2Y72RpRwqv4yLm_p;kxJNv!x{j3b7px$`ORO?Ip0X$AbEpi
zjZ38IFE}5BDl%{3o++u1hvxp_O88*=@Ym)TFIq|X!WCyEk&F?V0PYJkq?YZYddx&c
zeuofP<srq8{-HqD6bd{(S!M!Yd6({}*Xg`(l5@U2BI$dlktI2irD-s&J`l}|H=n)I
z3{jdw2e(ck`-VzSPS1p&nTGI}N&sxlv8<-%Yp+|u*?+nM3bLSI3^q2A+vZnsUV9Ok
zEy2MNDAim%-$n*d9RI0>Fc=Ez!PzOHGcqegm9#+CRk_K|D)Oy)<h%0}cl!*^s93Ay
zD^@tSTX@d~<(;eGHH#cT<Qw~ivvN*--d$4epMf(9!iqLnZHpVTC(hh>X4tjfI%Y#{
z-rHmyZm2<LA;Et+zZYXt&Ca+jp(3rV7njoP39Rl;a?jy1M{CNp{eq`3))4-62sR{z
zv(qk}xs@X;bVe%b9aXnYU)3F#4!1FX6dhUMfI8Nsp|voZ06y^>$MDPo<su4)2#_+C
zj07ZYfK;o{S-{Js(M$?EJdUl_@%nq{$)?#hR7w>qm4kz2eWZOFm*>2EO8EV&GH%>f
zT-3;dV4yoE6tXIa%YnFaT1vwW@Ak23_-OlihN{&2I~Xa3vbLd|u{qiF)3olq`Dc7H
z(iG;ccOw%I*pLtj0!|yM$(lxrA6FVoPgH2+a%>wdannFq?ivpmzh_d`_h%)yKHEe%
zZ^}}MHj#GC%Iodqvj^)kS*+f4M%mu7hm#}~`1#OQNCp}C%%&c>>aRDbbfaS1K-D!a
zIhTdU3C<QBnuL)_m$vG5E+-fxuo_LEjQJuDHIQUNWVxqeP(}k}Ujx}*M{X@4-<hYj
zGvvUO@a>>$@kdsj^WwXTb2A&Nwd$I;t${yVr)<nZSAwR{C?sG*9$vo$I*hQr2=`72
zXZHw8(=Bhj@r2o`G=<c$+z@XZ8Q_z%aHwJVub20+yeo(CytZ`~W9I8IOyq91Gi~q$
z9v-SN-4I^VZ#Ynb|2qsDQ^MIv*Fh*=Ns6mn%PSN^c%<$$kn_9T*cUpa+9p1}1=IT6
z!zI8Zq%E-SM%*+JnkGT}`I;w<%_DchS|#9#T~mx6o+QzzkZrh1BI)nL%Ve1fk)4Cn
z`N7xfm)X-g+mb>ulgIwS`3aH*uQg?eOET)oD;-&P!3iJv>X^(H8}jwZdieCQYjeEH
z)S@(_<DtCRgGHOtLL+(*&8K*xl=8N_ivPEfGJi$_dAh;rgAIOE3D^TLRi!cGGg1t6
z?^umHd(yK1;aM)**dd)O(oHQmzOa~R)ihVbqHg~Fkr}Z;_&2v#U0U-mjR08PY5ppm
z=K6oyOmeBq%4<$xJM%B_Obe9jaA*W(OAePV+I1wdr8Q}sBjlk9^7&cHb5{3QBg1=r
z^7m9EeP3BhyXp)a33zDS^3AEhe6%X|BO8`4`R-f(=RfVe<%=J`M(gF@{KGYxx_$-p
zNXxq(n_hxT3(W{@>3~inJX&^|z=d7Hq7?Wl9G--uldh60?h@QQPsA{Jfm@64KwUX+
zU7l+<b(2gcqupN@2n{(wS}`aI50)2_?4R;^Y}&_K=t~PX4#Vb*usNksDXKIx)KuKK
zy9M_7!mcWGd9b;w1$c3+-=Tf?Hv(x-7^n+(OgqG!k%q85D|C2KWZ?vKe1c7zuS6UG
z$;7;+QVp=x8jG?H0M(>YB3<3|bY=M5!y~<?58AIEskBgWm-K}ceEH3#Lhq_nlxY{8
z+w+8;0(7KZdf-?f@`WKYk@WP7V^uqJqH&JZIntXp#o<t{N?6UDnQG>%H%kQKg&IHG
z<~+6O>~XqZ)(AU&WJ1l(b-lWMWML%30>M~KpX^OZ$HTLF!IgcayS?M5zG(^?(d`u@
zw+z&VB@w>=XxaGyekq)Qm*jc*yw!JqW;5y4E*+zpVqs&X325y&(Lx-ZhLLHPQ5G>#
zo3Vsu5>O10o91C>gIz&FKHRYS121J|yp~#2_HB1X&0Ino(|FWZ6liQ52>lx%+%Y}I
z?svWUx|I6Y|KV!#Z(fQf)jjm~4J?8)L{+JWf+xz$3d+M1aO*sL<EU~?2h__@4cgSg
zV}uzvZDMx??yf5xg#>Tg+D$5zj0B%HZ`|$L+LA!=GKidm)(V}u6u)!9BL4R75k58G
zvmxgkUeH{QO@lJl?A5@TY2gj3e5nloJOo}sc->;C*L6XyghI1ZQPM!o3ZFO%H%=&Z
zOVnXk`P#VffzyPuvo5nzn*%t;K|@PBaPu2|Zd#c>HDAF*q13SnSiPFndBdXaOnzpj
zaw*sY@wrkybrFWgt!$83^&s}2Xfx6gszYclhm@A3(ubd;3?<AK?ANDDiNZ}4`{5An
zd}Tqj)@te`DjGxjvG6Wp2^y=gE>m!+C-f%ts>y(_1N%>O(I9F6VSia(`njWA^=GRw
z1+TrFq_x;RWBC65c@m!fur}5bgeScQaCsL!RW)CE%W156eIFziSX6B~f3z@+an*Rw
zjKK7K%dUcEdr0-ffoeQZM!qmdc^tkHi2l*GX}y2EPW3>M>To5TnyB01*+w`y-JmjE
zr9Lo6uqT?;OBQiO!|I2AdxdO%+j2B&O}elJWi-54Gl^dVlR{quo(bWxvakin<4luy
zfy8Sh{yQnKzY1TiK`oQuJ+JI%X(59#o(q`8=t<EcHf`A`F&U9aDKHXZ=tw6xttY{Q
zM`|1@hGacqxhI?(B>}}-m$coF0!uuhSKzU_t6vY)VJRkJo{X2DI_4j$3V%1Kd~H%#
zWQ8{+glkex5bdlhN9)4oyeoYTpG^WrY}9=Ck=c|>I%lqLg;iY|x7!l27VYgtOoGS8
zD-2B3CdO*^=J<3ytC3vUyvPU_UzAqDW+2v$d1;S>)|wBHyQW0<RL$etCu^U6uC;o!
zNU(m9-Bt3vslx#;_Cw8`o^BJMu^>3^$m4xI0kBe#g8}PjL&}@dY#*pQ5RZ16sL<$1
zapcL8yy6v$rE_Ttnqk2fZ)gqS!}}56@>f5u=)U;)lU@L<$;*dVcgi*Y{WMHAp1gR0
z2@8!}fzdhPz^G8GH*a2uFhw2MgEH(RpPj+}sLrE-(Rce<{_%lP#-8t(E?LZm@rL=p
zuP@`OKV0P?z2c}C9AgHz>END$@uDzQgfv1?g#!VsP72E+$!1Z+h<FAEhAgh3=Z=cX
z7b}RL5bY?WOn1)6>b?~Dl(;O#Xjg61H;HxkW+Ga&eJYOmLWJIYf=kzAn5<Yv<{B*V
z;KED<MA1A~8&5{BWge^)*jpEFn{gGEt2$tHKB|yYSEsO}B>e55a$gZ%ofdv01Iv?8
zNDAktp`^lHCD>FDHsomf0ciW_p0zX~$cX1P`nx;p+Nl-NZjJ>+Rg`oZ>Buuu4P@J)
zX@65qzc>*2TQ^N0jf^a*!>_$E=bWCA&_s-|zTZ8~Ss(fCn3RSBbK^+G-u;u-#?d0d
z#+rS+meyyU3FJkS0gKirU4z#cDt&=%#4&P?mQy$*u)>H8g<Lpdc<PEOd-iagtYFUP
zaCb^B2$3@{=^~Mdw19Xc@e;yUhK)QjZy)y5{`HY+D?R$87632qVat4I{^4)8XvdmF
zD<TBZLZqc~)<W1j29tBr9xr!0vY<%;UsY}_qF=9YsEGXCbfAB+bB@Q378hoUJr}(i
z(g#HT=*q?N`|nzXtWKd}t8uRzQ=84&ESnXm`ofVZ2YL~RbLKr2Kq-W?Qm$^ED9u9z
z^*jeZeNRc{U&{<v(f3$mK1L(hHaK4G`2NnhB@Z4hr3PoJGS>(sl~j5&N;V~!W-fqR
za&h%xg!ql1Bs@zdrFi(L4dk&AUpfV@%0eR+8Vj5X(cDMF>`%hxqyrXxv<!Do!?sx%
z^Iaj!_os!=3@dx9@P@4L%8bioGoEuxdB&kK9kwtWxITr8Qqi+(yKGA-(1inO)B55U
z#PuKI05SXf2!I=RPi5$_pB*Vt0T=*XmD5D1a{UEqml}>BYS2tlSlOc(g|P<msUv1A
z;pzWAQr5%IXN?Si9j^1#iVP17hO+FbI%jnok(DW$eki4Fb7-Tc^@B@9>-Qink{q{e
z8qD(WXqDj;U2|PNF?^t^ue*AQbS`n-oW-i3Ml?kD;69|T=1(7-)Sa{mk(1g75L)@b
z)l0Q^bJqRczP+lpLVm-uFgoK@L1%9}oyvlGkr=$Ug5FYLrjg(l5B=K*X7nk3LaOnJ
z=xDcj)8-t1@TMimSy|QC3$E%+-e!19Tg>m?cFi|Sbr*gNEUfULLt!WoDxuO5p$mnI
zCQ*_WzA}g0*I-9o^p8`sZ2K``a2?#U7rvbCVQqERzkF&gc<B>|Dw{2`I#kVNl9J4%
z6Q(<#Ae-_q3D?~?88J+$)}UAonX81hR=1(WmKCN&HCq;z)m<d?nCv|{Ua*OCV7{$e
zd4(_BT@`j0El<q5aAw^qT?lW^z=bKtppF5Y?OQ`wlTv!B@W3>TE`!r@L|b^<m8D%9
zSZI<of3yiF8y{VEC9r4qWid!cB1|p^e=<5+8+8tKW*FL4XXRzt*kvJPQ*QCp6!w*b
z>42k~mxK>Ke;v`$qjNldRzZJn+;IJ8i~QNy4e5Vvhw3uVWs_Rk)^xk$sEumC#VPb@
zUp7vKTz^hp2X>YjKlXc%&ji~pUE<yH=_C5P|6`q`3*tK1C4r9*AZ69>W9=Orv*u4)
z0dRJXt;LX6UB4QWCMwp3rticUn5n|RnDd%Px&84@ti}LVIao)(QKWV_WE-L%+0@TH
zH|%Lk=lUt=f-cT$2*3aGKKftPt7@ITCb7!a?rdm(mY#7!YOdOr$%hMtWepsyyFPNp
z`6ko=Pgc;I$^<3Dca5*_+cnRD_%b&*4ZX|^d%!-m6+YLon6z){^n+x7!`gM_T4VY6
zoWIU9EKwtAwImR{q``VhtrqC8wYuMk9I4sxK-Djd+eGEUn$>SURoDFHv}mKbC>?h-
z?<scnMei9StVt_xPb*bxIMjftP+9E3QjcaABW>T_BBl-y)+CjOsxVj=E{JTYSOzpB
zJCQlk?qfMo=Wi!0;u9#8tK>TJEGi_uuu@+K?2Nyg?513;>ce{*vhuQ&(-e&twLMoT
z1|mP0V7@ykxBskb=IME+fRAqN)q9?(^X{j7uDu{h=H(gDMG1!_Y-tu)iK|VP*l(mE
zPzBCUD*GDppT>=T0ge{{0C?U%+&K|kd2t74yuRNRQr$iw^7UaI3X}T(Zl5~7P54PG
z0Fp-DdhsI3u1#yR^9=yvfHaRx!1O$^9wp#*P9qLbVl+U%S(L`^KzHSm^2xff-`YP-
z@yR_u+jy>k%uy@9ab+(ry=IY;bk}oBI!aq_C(#!4*GyTMD7w;Nn)jl32ni$fCLx8A
zR%Ngu_S;43`vTqNdHS)8;pT_upS8cc0=gY66Zk+0{1IRWAlHG6AIBo@`YW%yPH(v3
zhBn{iJZE<Cbi<h4PdDV^bCSoasR1Vs*zmD4EAH_Dv7Z29M^?szGt%0o`7Epn5L)J&
z0)Z$i6T+ITa-c5EhOo#}2_m1Lwt-+QoZ?vZqG<|fo1l@{XIQT*9R>24q?xJsh4w1^
z^illjF1cfGsBer9RE5PI?xcfN_`x&-Yx9XOK8N@J`B1ohnuoV8)3?@Z-j(<H_MH#=
zT(u=h{)#lZI_Y+51-0U^{bB(d;xbcLCPnie-5F~(Zry4h-M;;Jv-QE@#@<Z@{@33e
zkdHh%uZt5#xMy6)tD^7NGR~guC(toYN&&ED4H<t@UUSV7O{8er@zettofal%RV>o%
zSR47kz`|&#++LE#PG9$VN&DG^@P%y?I`{LAX}*UmmZ#)DU)cv|=Ftej9NV@);~g=6
z8RNhuhi4srAJT%IG6)ks%!G;+^!AD{QlvJ4KI)77OI`GqT{FybLdEbosmU)lJlD5w
zIR4WvkLeQng9CwF94C}JArPf3w~ZuD;#uIpiiL%V5-o^&9u9>701cK&L_t*fv#rW8
zBCGCQwJ=my4Fx^gK;}cF&ucULr5zFBn2WV*0PU^{iLm}uq22(2<y{$>n5<;lPjN2<
zXIgu2m@t)n4b5#zqb8+v<Y1zXeEz7E(+PX?t)sPp=bFmrOWQ}NKzQpWxKn$)3wPP@
z%}<o&RRv|`#)Kx$Nx{0Lt4oRHTWnkIsEbrA^<2UZoQU~j+B44=PRpBtd#3E0Qo_77
z`lY9)dHShmF?UZ&0nj;}IJbiBKffFCEzDPisW~W?Xt~z4X>Q{Q3<s*W7Nx$+mwkmK
zpKFBr)hFhd_z9PKUi7klmJHRr>t5ESr@f|6)rQXN->%U@8v|$*=MG_TLMT>n>89FJ
z|2<W{T7&`1-b8|3vm%ctjJ<zWczn-<KHHA}3#CV<DQ;Qn-C45w=R4|}*_=lGcvo$^
z&vu*pSbMzryTEa{74b3Zgn}n<sEYi!rbESyci(-}dd`J8Hum=6<vi3Aq?uOR5=h!|
z2(~WTt|i3d6M$;fxx@|BRTl^VfOL+dUZ~%Gu)%L%*r6nI4xIEmW7s>V^|AhL{mAi6
zwSPX^0}W<^2Y?4Qb!x9odY3<eym5O~FKd)^X;w(DOdtg#65<@B69E$#KDao^LqF;K
z2g>2yl)3x)jOC;h01efZX-~a<hv8s=8eD5R6ZzO3-o0Y2@K{~#wwhE9S$R5{;?oIh
zzkS~%Q!nIrCMw<~>k4}9Wj)a6K@ivQ*yDSI#AFo)CtxOGevPbJiM;<mEF$|ueq6MA
z{h=Z|fBKF77enbF*f*u-mPZ=A@!YHuG&w2uZo2O^Q+8u&)5r}?E?u}wM^YPc5s93@
z(*aaH?s?hkUjP0_?zwx*hxgBXEGx3%^@|~4+-2fP7I*GQGmsb$f8oR}kT^iCii*+*
z6<<jod%ru!sGQrU|G2whuKi(IJ73qY`iUc=pFV8&_GS}*dH<k&f!Ti{?I|)1;rD=>
zwnDa^Pp+$b;pT=h>ocOOu>@7CyM47kd~$|E{0xrk=c1ER09b4G*R8Eg`s7x7;9FJS
z#`V(5(+%{|n)o{!%vq1evI)MF7JKu9;|{Img`}$s^c{v*o?W2-<vq^p56<Rjw~=GD
zUuZG^WJ$0QEOVT&m=ZWpMIQ8JbWZI14wc#ULXY|9q4krD@94BQ9K^iw8DC{x8VzWV
z2uN#pWg&m-G25@Gwjv_5w18NiB!Ouo6g_XOHgKf$qk}WItnDzH-?z{Hc`{`dzjl$T
zXVFG9xgIV_CyJ9cQvzb2>jEPo(zdixMGeeW8zkj~fU@dM@x*N2zT=;#_|U)1Nspr2
za!LOBvFYHE6MX*{MY<g-l>H}xCtqMbe^xpv1;8^E|A})u<ny1L;14d$kn;?T2I!1R
zcr>6EpnEc&-iOhzZ=YqyLIw4OrE$Y~>$CdWtz8buHL$c$9oo1)9zkH?$Rte8x8AqW
zB255CtH?Kt6o;_yF)O*Zy+Gw;pc^3E<gsnq>P`1ox%RAdoBK<eUIBmwj=mT?wVh%I
zVGJSGtbmVfff`CfmAcw+_x>M;0EbKVBWD)O_=ooB`}VDs^{-rn94NuAS!{0_dBZYf
zWumE6N#q@fht&)iGzE?yAOh3#4GNx|&=<5Fe9C;|MP1zCr*u(vHP2~h|0>Z*DF6Vv
zw(5Js9o)AAd7W?RY`}O3J2YV*PEND`5q|LxXzNyzvwO`&XXROYWw*9G{cT%LQwBs%
z%E1Ze^^a`+rXrjGj?|E^6ty&H<-Pe%zVXn{7+U&8)1Dayw=U989SqIYkJiY&D1)|d
zoiQq<V`n!hE)6-RHbh!o@MFR634sn(Qoda`GD{B;{^Q<x`-Q6(Cm;X*Q1I?=405F}
zT2C6;moj9(Im)>oK1;eU?a)>hThn0{n+NUhyA<nkHL$sac}{TI9dpbAvoDP2=$C^|
zS^;qHy#&C`pf|VP{kPpL%|Xssp5^6R3a}*Q+FP|no|;OU0F?#|ObD|Tw;M*4xEkBU
z2dXOHC^I`?<^7$V_Hz#%rTTArGe0FIGi)2H=qK-}$h+4hRSHJbwnFidI^WvOo96v-
zK}TAX)n=b7N)@;=XE+q-b$fifdwmc8cyNX}fV(IB9l%>~$&dkP1K{$-=AG|-N<a9I
z8|go<!}*60XOcC|v9@rd07u5>@O@jWYI5%{Vy=Ff>7-5t{`aQ7oOk6JdHLgO7inT;
zG6IW$RxT~>jrl4JPPwLx#yBUpM#)MZ$P*Rih7w1ILjB9j&(JS^cki<|H#u48Xp!oY
zEJtTUE|{~dJU=5*bClQslI9M3EVbhU#EDNWM?vfaa9NMN9&}k`DB!ZHWq8A4b{{P+
z2)g^U1@8wd`snhU6z-em{7d^t_jt~xXb)31qYcq;@0c?@c(nZVY@zY-xw)S&p#Q5z
zrv$*W&?S(aP0AZC=;Y<Uxx`fv(zf1X)qir{Rrl3=FkS>t<}_kLMeZqUaC4a_CRG3Q
z$$7rLedO7jo1APkT4ka$<sF%~TnXBBX4<LKv1t>VKyhfco$+HANxRM8{H*ys!ADq=
zfRsvN%<__Q$ibd<?46i+_IWz}BJLj@^3K^eucu$uL!!foiZ~(A1muh^Eh2n<psEMU
z+_ZO8zw^S)&aVcY5&+La*)CRhc)azB9y#l!ebJ(C+q?pW;Tag3cEF+%b$0OtEGlC@
z^7UDnzrVrvtkM7W#2nlHz3=H~p_kS5@KlEkjf8TQr{vZoTKv_jJCC)26P+RM<g?(d
zR$hR*!lMmI$RU}LkSiJ`MtVBfKT$cck7Qr~yF8zH=;>1M(!9s=7j+_O0Z~`d+wKy!
z2L5?KY+&{8k5u%@pLaff)##J}cotfcWXtND`NOOG=s7Fj5&$Y_sSX2^5nyLrei|KT
zRb_iw>YtxwXs53q%Xob7u~~;D|I0{wK+jpO&kUAj=1@&vk`yxQ+Z&j~=yTHU1dORE
zDw^-KQit2W<<ec(C!t3qHyH4mazJfq7kkGd<eFn?yc!hG==2UeGRM`MI;Cq}rY$-d
zs~-m4RS|9&Wjd|){R35sKkt0}s?jL{@GP`CV=h^rlXtwr^>i1jP`5BrghS&(r7k4A
zCisOk6pl7jzg3jk+p2m;&C~ZhGtXDXP5|QY%SQXB2|H@K+fSRRp@55xk^I^e5?2gH
zQGX`{k4+iW)*r{l>Dzx5gun<Z6R;dfj99KNTYA=X@YK-?(<d6&NL3GS>JoeZG#6jc
zO?FWdHKvud8~`6ZC=C1hod>4)!V5JYze;pU0Gya)QQEs=eV*4{*`pMU+wBL(VPaN9
z6%m7|AR#apYH&}L*?*mvC!dCo_jT%rA06XY%Huo-!T(d&#}0OwfdfA0j{EeiPB_)u
zG;s{t@vdq9s?qPw50205Z<+``u9NOYPh`e&e$mQV{Ry5Pt}_b9hk*vl`tY(es~?=@
z?2CIy_NG-6M#OmNQ}f8*9MGa~6Mr(<u+JF+{Etef1i%UCI`D=v=F&dp)vK#eo<*nU
zk<hvZ5&>vQVZ5RKBNfKJS!Ua#zI-m%Wk0lQMDG}!`{m#DPek{E9;xV)YdZCjeRbA8
zRbxe8Qj)zMlF)Y7Kr`8|#j$PaytI9>6;q7A=Nye$56({rGnNfQp<LMIv2ViX2q#F9
zTT<hmX;01_sLJ}Yx=0v-A|fB&C&9Gkvro?1e|f<t<5z@E34jyO9?;&D^rg_(EHPvk
z8Ki*&pR58$L+W>xW$<fr-2Y%hK4(4s`(4xegQK(j+*OCa3^Z6~Xk90FOoYO&s;n)C
z<Q92&89|b!>HJ>^-$v_aY^b+y=dr|aLc?Lb84u1&LMdd~(NJE}o8*ZJpFxh%1V+F=
zuaLWUe>FJ$hm-Ult>b-nSf=+@_0Ha${@H=z$(?iY?@6Zwz_ZZuq!w$CnNry_Z}ATL
z_>b2ay|pa+?yT|P2=b}UZvE)a34LI!`oh;Boa{7IraV#Oha0-g6T9l#xvNIM5y|Ea
z;(;W^VKX#=h8O7k3xPerB?cX<-z%;$={X6Q3hAA&va&P54<`NN@evMG{L<N7{Ws4B
zmHC}TGcs%WzpFF)!JCf$$9pzE4V^G>bBY{Y)Jvxo^J`TrFKejP(8|N9l)d}uNuJ?k
zDc?H@=#rIWgNAuyCE(3H%DI<jSbTm4)8j$Tpeb>w!&YNFgs6jaTU#--g&AO@JPK71
z>#7E~msGx0m+`4Y;)>l<jpLegoT8tNP6>ch^n%gWW#qJBe!Zr8T@KlJMuKHq(iGMt
zl}-^dKqkT)v?_$C#7M6(I7n<UScQfvRV!ju`Cduvek-3x!@szH?uD+<|Bp+j1i&f!
zh0vu-6Bkr{ef_+zm*tJFU6+u)RS61f5|~BCwHEUvZWHDNfK}J6IE+HB6DsU)5bkL(
zK8N0AH1*%N7wZRp;>AzV^QKb*;1vBr>6|6x1@EH3mlrn(&k3xoPAc6!hFrIie3v1W
z7xfgRVbKQIlBGIfDb0q=VC3msitn!I3cq*T{*%9k;+Kt134l}dZ%UVU(Nj$(*VT<(
zZB<qoF+FNE>sy-$En(6~H6@IT>H$bSxnsI|!d`r*=!K#G9~h_2>Y+fzBLDyZ07*qo
IM6N<$f&|OrAOHXW

literal 0
HcmV?d00001


From 5ded87cc2f10202e78075708ab8b65ef174b9d7d Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:44:53 +0200
Subject: [PATCH 10/14] Add Gleam project config and manifest

Initialize a new Gleam library 'testcontainer' by adding project configuration files. Includes gleam.toml with package metadata, internal_modules, dependencies and dev-dependencies; a generated manifest.toml for resolved packages; and a simple rebar.config enabling debug_info.
---
 gleam.toml    | 18 ++++++++++++++++++
 manifest.toml | 21 +++++++++++++++++++++
 rebar.config  |  1 +
 3 files changed, 40 insertions(+)
 create mode 100644 gleam.toml
 create mode 100644 manifest.toml
 create mode 100644 rebar.config

diff --git a/gleam.toml b/gleam.toml
new file mode 100644
index 0000000..c738920
--- /dev/null
+++ b/gleam.toml
@@ -0,0 +1,18 @@
+name = "testcontainer"
+version = "0.1.0"
+description = "Testcontainers-style library for Gleam - start Docker containers in tests with automatic cleanup."
+licences = ["MIT"]
+repository = { type = "github", user = "lupodevelop", repo = "testcontiner" }
+gleam = ">= 1.1.0"
+internal_modules = ["testcontainer/internal/*"]
+
+[dependencies]
+gleam_stdlib = ">= 0.44.0 and < 2.0.0"
+envie = ">= 1.0.0 and < 2.0.0"
+cowl = ">= 1.0.0 and < 2.0.0"
+gleam_json = ">= 3.1.0 and < 4.0.0"
+gleam_erlang = ">= 1.3.0 and < 2.0.0"
+
+[dev-dependencies]
+gleeunit = ">= 1.0.0 and < 2.0.0"
+woof = ">= 1.6.0 and < 2.0.0"
diff --git a/manifest.toml b/manifest.toml
new file mode 100644
index 0000000..5572470
--- /dev/null
+++ b/manifest.toml
@@ -0,0 +1,21 @@
+# This file was generated by Gleam
+# You typically do not need to edit this file
+
+packages = [
+  { name = "cowl", version = "1.1.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "cowl", source = "hex", outer_checksum = "7849E7C789D7228243A4253138FC883720A0BB44AEF406102328CADC64C3CA2B" },
+  { name = "envie", version = "1.1.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "envie", source = "hex", outer_checksum = "0BE513C71111E259B77D671DE5006F3A8B16102F1CC070D147E6F8AFF9714BD8" },
+  { name = "gleam_erlang", version = "1.3.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleam_erlang", source = "hex", outer_checksum = "1124AD3AA21143E5AF0FC5CF3D9529F6DB8CA03E43A55711B60B6B7B3874375C" },
+  { name = "gleam_json", version = "3.1.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleam_json", source = "hex", outer_checksum = "44FDAA8847BE8FC48CA7A1C089706BD54BADCC4C45B237A992EDDF9F2CDB2836" },
+  { name = "gleam_stdlib", version = "1.0.0", build_tools = ["gleam"], requirements = [], otp_app = "gleam_stdlib", source = "hex", outer_checksum = "960090C2FB391784BB34267B099DC9315CC1B1F6013E7415BC763CEF1905D7D3" },
+  { name = "gleeunit", version = "1.10.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleeunit", source = "hex", outer_checksum = "254B697FE72EEAD7BF82E941723918E421317813AC49923EE76A18C788C61E72" },
+  { name = "woof", version = "1.6.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "woof", source = "hex", outer_checksum = "170B32BC4C0895F2E5669428A029261D75FE4A8FE4F2B043C31FEEDF88D8875E" },
+]
+
+[requirements]
+cowl = { version = ">= 1.0.0 and < 2.0.0" }
+envie = { version = ">= 1.0.0 and < 2.0.0" }
+gleam_erlang = { version = ">= 1.3.0 and < 2.0.0" }
+gleam_json = { version = ">= 3.1.0 and < 4.0.0" }
+gleam_stdlib = { version = ">= 0.44.0 and < 2.0.0" }
+gleeunit = { version = ">= 1.0.0 and < 2.0.0" }
+woof = { version = ">= 1.6.0 and < 2.0.0" }
diff --git a/rebar.config b/rebar.config
new file mode 100644
index 0000000..0f5d40e
--- /dev/null
+++ b/rebar.config
@@ -0,0 +1 @@
+{erl_opts, [debug_info]}.

From 9f345ba6774d226ed2b3aabe744ec5ffb234e311 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:45:44 +0200
Subject: [PATCH 11/14] Create CHANGELOG.md

---
 CHANGELOG.md | 128 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 128 insertions(+)
 create mode 100644 CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..db1e066
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,128 @@
+<!-- markdownlint-disable MD024 -->
+
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/).
+
+## [0.1.0] - 2026-04-26
+
+First public release. Package name: **`testcontainer`** (the plural form
+is taken on Hex).
+
+### Added
+
+#### Public API
+
+- `testcontainer`:
+  - Lifecycle: `start/1`, `stop/1`, `start_and_keep/1`,
+    `with_container/2`, `with_container_mapped/3`, `with_formula/2`,
+    `with_network/2`, `with_stack/2`
+  - Runtime ops: `exec/2` (separate stdout/stderr), `logs/1`,
+    `logs_tail/2`, `copy_file_to/3`
+- `testcontainer/container` builder: `new/1`, `with_env/3`,
+  `with_envs/2`, `with_secret_env/3`, `expose_port/2`, `expose_ports/2`,
+  `wait_for/2`, `with_command/2`, `with_entrypoint/2`,
+  `with_bind_mount/3`, `with_readonly_bind/3`, `with_tmpfs/2`,
+  `with_volume/2`, `on_network/2`, `with_name/2`, `with_label/3`,
+  `with_privileged/1`. `Volume` is opaque, built via `bind_mount/2`,
+  `readonly_bind_mount/2`, or `tmpfs/1`.
+- `testcontainer/wait`: `none`, `log`, `log_times`, `port`, `http`,
+  `http_with_status`, `health_check`, `command`, `all_of`, `any_of`,
+  plus `with_timeout/2` and `with_poll_interval/2` modifiers.
+- `testcontainer/network`: `create/1`, `remove/1`, `with_network/2`.
+  Backed by a linked guard process so a parent crash still triggers
+  network removal.
+- `testcontainer/formula`: bridge type consumed by the separate
+  `testcontainer_formulas` package.
+- `testcontainer/port`: validated constructors `try_tcp/1` / `try_udp/1`
+  return `Error.InvalidPort` for out-of-range numbers.
+- `testcontainer/stack`: typed multi-container builders.
+
+#### Lifecycle & cleanup
+
+- Linked guard process per container/network using
+  `proc_lib:spawn_link` so the link is established atomically with
+  the spawn, with no leak window on caller crash during startup.
+- `with_*` functions surface cleanup failures when the body succeeded,
+  so a leaked container/network is never silent.
+- `start_and_keep/1` forces the keep flag regardless of
+  `TESTCONTAINERS_KEEP`.
+- `testcontainer.force_stop/1` tears down a container regardless of
+  the keep flag (works on containers started with `start_and_keep/1`
+  or under `TESTCONTAINERS_KEEP=true`).
+- `TESTCONTAINERS_STOP_TIMEOUT` env var (default `10`s) controls the
+  stop grace period across `stop/1`, wait-failure cleanup, and the
+  guard's crash-cleanup spawn.
+- `Container` carries the configured stop timeout; internal
+  `container.stop_timeout_sec/1` accessor exposes it to lifecycle code.
+
+#### Configuration
+
+- Env-driven via [`envie`](https://hex.pm/packages/envie):
+  `DOCKER_HOST`, `TESTCONTAINERS_KEEP`, `TESTCONTAINERS_PULL_POLICY`,
+  `TESTCONTAINERS_HOST_OVERRIDE`, `TESTCONTAINERS_REGISTRY_USER`,
+  `TESTCONTAINERS_REGISTRY_PASSWORD`.
+- Pull policies: `always` / `missing` / `never`. `never` returns a
+  clear `ImagePullFailed` if the image is missing locally.
+- Private registries supported via `X-Registry-Auth`.
+
+#### Robustness
+
+- Pull-stream error detection: Docker's "200 OK with embedded error
+  payload" pattern is reported as `ImagePullFailed` instead of
+  cascading into a cryptic create error.
+- CR/LF validation on image references, container names, and volume
+  paths.
+- Port range validation (`1..=65535`) returning `Error.InvalidPort`.
+- `port_mapping` keyed by `(port_number, protocol)` so TCP and UDP
+  ports with the same number do not collide.
+- `start/1` fails fast with `PortMappingParseFailed(container_id, reason)`
+  when Docker's inspect port mapping cannot be decoded, instead of
+  silently falling back to an empty mapping.
+
+#### Secrets
+
+- Env values are wrapped in [`cowl.Secret`](https://hex.pm/packages/cowl)
+  so they never appear in `string.inspect` output. Verified by tests.
+
+#### Other
+
+- `DOCKER_HOST=tcp://host:port` supported as plain HTTP/1.1
+  (TLS planned separately).
+- MIT licence.
+
+### Internal
+
+- `wait_runner.run/3` takes the resolved host as an argument; the
+  runner no longer calls `config.load()` on every poll.
+- The wait-runner fetches the container's inspect payload once per
+  poll iteration and reuses it for every port resolution and health
+  check inside that iteration (including nested `all_of` / `any_of`).
+- `internal/docker.url_encode` rewritten as a single grapheme-pass
+  instead of 11 sequential `string.replace` calls.
+- `scan_pull_stream_for_error` rewritten as a single `split_once` pass.
+- `encode_registry_auth` emits standard base64 (no padding) instead
+  of URL-safe base64, matching the Docker SDK reference encoding.
+- `config.parse_pull_policy` is case-insensitive (`ALWAYS`, `Always`,
+  and `always` all map to `Always`).
+- `wait.with_timeout/2` clamps negative values to `0`;
+  `wait.with_poll_interval/2` clamps values `< 1` to `1` to prevent a
+  hot-spin loop.
+- `with_container_mapped/3` destructures the guarded result inline
+  for clarity (no behaviour change).
+
+### Notes
+
+- `woof` is a dev-only dependency. The library core does not log;
+  applications can wire their own logging on top of the public API.
+
+### Naming
+
+- `container.named/2` → `container.with_name/2`
+- `container.privileged/1` → `container.with_privileged/1`
+- `Volume` is now opaque. Construct via `container.bind_mount/2`,
+  `readonly_bind_mount/2`, or `tmpfs/1` instead of the data
+  constructors.

From d6f1737768de8de24b3baafbc8e7295b5e3d5d30 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:49:47 +0200
Subject: [PATCH 12/14] Update copyright in LICENSE

Replace the copyright holder line to 'Daniele Scaratti - lupdoevelop' in the LICENSE file to reflect the full name/handle. No other license text changes were made.
---
 LICENSE | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LICENSE b/LICENSE
index 4c945f1..82bdc50 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Daniele
+Copyright (c) 2026 Daniele Scaratti - lupdoevelop
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

From 7c8ccd317f126202aeb5d17851cba77ef7ec417d Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:50:22 +0200
Subject: [PATCH 13/14] Enhance README with logo, badges & docs

README with a full project landing page: adds centered logo and Pago mascot, status badges, a short intro, features list, installation instructions, a Gleam usage example, and links to documentation (quickstart, wait strategies, formulas, networks, configuration, troubleshooting). Also includes license badge and pointer to Hex/HexDocs.
---
 README.md | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 73 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 5653584..c6d8c37 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,73 @@
-# testcontainer
-A small, type-safe Gleam library for spinning up real Docker containers from your tests and dev tooling.
+<p align="center">
+  <img src="assets/img/logo.png" alt="Pago, the paguro mascot, carrying a Docker container on his shell" width="220">
+</p>
+
+<h1 align="center">testcontainer</h1>
+
+<p align="center">
+  <a href="https://hex.pm/packages/testcontainer"><img src="https://img.shields.io/hexpm/v/testcontainer?color=ffaff3" alt="Hex Package"></a>
+  <a href="https://hexdocs.pm/testcontainer/"><img src="https://img.shields.io/badge/hex-docs-ffaff3" alt="Hex Docs"></a>
+  <a href="https://github.com/lupodevelop/testcontiner/actions/workflows/test.yml"><img src="https://github.com/lupodevelop/testcontiner/actions/workflows/test.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/hexpm/l/testcontainer?color=blue" alt="License"></a>
+  <a href="https://gleam.run"><img src="https://img.shields.io/badge/made%20with-gleam-ffaff3?logo=gleam" alt="Made with Gleam"></a>
+</p>
+
+> The hermit-crab way to run Docker containers in your Gleam tests.
+> Meet **Pago**, your paguro mascot. He carries the container so you don't have to.
+
+A small, type-safe Gleam library for spinning up real Docker containers
+from your **tests** and **dev tooling**. Start a Postgres, run a query,
+shut it down. Typed lifecycle and automatic cleanup even if your test
+process crashes (except abrupt VM termination, e.g. `kill -9`).
+
+```gleam
+use redis <- testcontainer.with_container(
+  container.new("redis:7-alpine")
+  |> container.expose_port(port.tcp(6379))
+  |> container.wait_for(wait.log("Ready to accept connections")),
+)
+let assert Ok(host_port) = container.host_port(redis, port.tcp(6379))
+// connect to 127.0.0.1:host_port
+```
+
+## Why use it
+
+- 🦀 **Crash-safe**: a linked guard process cleans containers up even
+  if your test panics
+- 🔒 **Type-safe lifecycle**: opaque builders, `use` syntax, errors
+  always carry context
+- 🐚 **Zero ceremony**: defaults that work, env vars when you need them
+- 🚀 **Fast**: talks to Docker over the Unix socket directly via
+  `gen_tcp` (no HTTP client to drag along)
+- 📦 **Formule** ([companion package](https://hex.pm/packages/testcontainer_formulas))
+  for ready-to-use Postgres / Redis / MySQL / RabbitMQ / Mongo with typed
+  connection records
+- 🧱 **Formulas Builder** ([testcontainer_formulas_builder](https://github.com/lupodevelop/testcontainer_formulas_builder)):
+  visual block editor + codegen for `testcontainer_formulas` snippets
+
+## Install
+
+```sh
+gleam add testcontainer
+```
+
+## Documentation
+
+- [Quickstart](docs/quickstart.md): 5-minute tour of the API
+- [Wait strategies](docs/wait-strategies.md): readiness probes that
+  stay green
+- [Formulas](docs/formulas.md): the customs paperwork that turns a raw
+  container into a typed service
+- [Formula Builder (Astro)](formula-builder/README.md): visual blocks + codegen
+  for `testcontainer_formulas` snippets
+- [Networks & Stacks](docs/networks-and-stacks.md): multi-container
+  setups
+- [Configuration](docs/configuration.md): env vars, host overrides,
+  registry auth
+- [Troubleshooting](docs/troubleshooting.md): common gotchas
+
+Full API docs: <https://hexdocs.pm/testcontainer>
+
+## License
+
+[MIT](LICENSE).

From 1cc388b228350dedd773a505f536ada1cb8998b1 Mon Sep 17 00:00:00 2001
From: Daniele <lupo.develop@gmail.com>
Date: Tue, 28 Apr 2026 17:57:03 +0200
Subject: [PATCH 14/14] Update test.yml

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ef15a46..73d9991 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,7 +15,7 @@ jobs:
       - uses: erlef/setup-beam@v1
         with:
           otp-version: "28"
-          gleam-version: "1.14.0"
+          gleam-version: "1.16.0"
           rebar3-version: "3"
       - run: gleam deps download
       - run: gleam test
@@ -29,7 +29,7 @@ jobs:
       - uses: erlef/setup-beam@v1
         with:
           otp-version: "28"
-          gleam-version: "1.14.0"
+          gleam-version: "1.16.0"
           rebar3-version: "3"
       # GitHub-hosted ubuntu runners ship Docker by default; verify it.
       - name: Verify Docker is available