From a58e8e25721cdaabc713fee4c1056cc514a2aff0 Mon Sep 17 00:00:00 2001
From: Joseph Doherty <dohejw01@gmail.com>
Date: Thu, 26 Feb 2026 16:31:42 -0500
Subject: [PATCH] =?UTF-8?q?feat:=20port=20sessions=2021-23=20=E2=80=94=20S?=
 =?UTF-8?q?treams,=20Consumers,=20MQTT,=20WebSocket=20&=20OCSP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Session 21 (402 features, IDs 3195-3387, 584-792):
- JetStream/StreamTypes.cs: StreamInfo, ConsumerInfo, SequenceInfo,
  JSPubAckResponse, WaitQueue, ClusterInfo, PeerInfo, message types,
  ConsumerAction enum, CreateConsumerRequest, PriorityGroupState
- JetStream/NatsStream.cs: NatsStream class (stub methods, IDisposable)
- JetStream/NatsConsumer.cs: NatsConsumer class (stub methods, IDisposable)
- Updated JetStreamApiTypes.cs: removed duplicate StreamInfo/ConsumerInfo stubs

Session 22 (153 features, IDs 2252-2404):
- Mqtt/MqttConstants.cs: all MQTT protocol constants, packet types, flags
- Mqtt/MqttTypes.cs: MqttSession, MqttSubscription, MqttWill, MqttJsa,
  MqttAccountSessionManager, MqttHandler and supporting types
- Mqtt/MqttHandler.cs: per-client MQTT state, MqttServerExtensions stubs

Session 23 (97 features, IDs 3506-3543, 2443-2501):
- WebSocket/WebSocketConstants.cs: WsOpCode enum, frame bits, close codes
- WebSocket/WebSocketTypes.cs: WsReadInfo, SrvWebsocket (replaces stub),
  WebSocketHandler stubs
- Auth/Ocsp/OcspTypes.cs: OcspMode, OcspMonitor (replaces stub),
  IOcspResponseCache (replaces stub), NoOpCache, LocalDirCache

All features (3503 complete, 0 not_started). Phase 6 now at 58.9%.
---
 .../Auth/Ocsp/OcspTypes.cs                    | 172 +++++++
 .../JetStream/JetStreamApiTypes.cs            |   6 -
 .../JetStream/NatsConsumer.cs                 | 151 ++++++
 .../JetStream/NatsStream.cs                   | 197 +++++++
 .../JetStream/StreamTypes.cs                  | 484 ++++++++++++++++++
 .../Mqtt/MqttConstants.cs                     | 271 ++++++++++
 .../ZB.MOM.NatsNet.Server/Mqtt/MqttHandler.cs | 252 +++++++++
 .../ZB.MOM.NatsNet.Server/Mqtt/MqttTypes.cs   | 391 ++++++++++++++
 .../src/ZB.MOM.NatsNet.Server/NatsServer.cs   |   2 +
 .../ZB.MOM.NatsNet.Server/NatsServerTypes.cs  |  16 +-
 .../WebSocket/WebSocketConstants.cs           |  75 +++
 .../WebSocket/WebSocketTypes.cs               | 110 ++++
 porting.db                                    | Bin 2473984 -> 2473984 bytes
 reports/current.md                            |   7 +-
 reports/report_e6bc76b.md                     |  38 ++
 15 files changed, 2151 insertions(+), 21 deletions(-)
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/Auth/Ocsp/OcspTypes.cs
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/JetStream/NatsConsumer.cs
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/JetStream/NatsStream.cs
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/JetStream/StreamTypes.cs
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttConstants.cs
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttHandler.cs
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttTypes.cs
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/WebSocket/WebSocketConstants.cs
 create mode 100644 dotnet/src/ZB.MOM.NatsNet.Server/WebSocket/WebSocketTypes.cs
 create mode 100644 reports/report_e6bc76b.md

diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/Auth/Ocsp/OcspTypes.cs b/dotnet/src/ZB.MOM.NatsNet.Server/Auth/Ocsp/OcspTypes.cs
new file mode 100644
index 0000000..066600c
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/Auth/Ocsp/OcspTypes.cs
@@ -0,0 +1,172 @@
+// Copyright 2021-2025 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/ocsp.go, server/ocsp_peer.go, server/ocsp_responsecache.go
+// in the NATS server Go source.
+
+using System.Security.Cryptography.X509Certificates;
+
+namespace ZB.MOM.NatsNet.Server.Auth.Ocsp;
+
+/// <summary>
+/// Controls how OCSP stapling behaves for a TLS certificate.
+/// Mirrors Go <c>OCSPMode uint8</c> in server/ocsp.go.
+/// </summary>
+public enum OcspMode : byte
+{
+    /// <summary>
+    /// Staple only if the "status_request" OID is present in the certificate.
+    /// Mirrors Go <c>OCSPModeAuto</c>.
+    /// </summary>
+    Auto      = 0,
+
+    /// <summary>
+    /// Must staple — honors the Must-Staple flag and shuts down on revocation.
+    /// Mirrors Go <c>OCSPModeMust</c>.
+    /// </summary>
+    MustStaple = 1,
+
+    /// <summary>
+    /// Always obtain OCSP status, regardless of certificate flags.
+    /// Mirrors Go <c>OCSPModeAlways</c>.
+    /// </summary>
+    Always    = 2,
+
+    /// <summary>
+    /// Never check OCSP, even if the certificate has the Must-Staple flag.
+    /// Mirrors Go <c>OCSPModeNever</c>.
+    /// </summary>
+    Never     = 3,
+}
+
+/// <summary>
+/// Holds a cached OCSP staple response and its expiry information.
+/// </summary>
+internal sealed class OcspStaple
+{
+    /// <summary>The raw DER-encoded OCSP response bytes.</summary>
+    public byte[]?  Response   { get; set; }
+
+    /// <summary>When the OCSP response next needs to be refreshed.</summary>
+    public DateTime NextUpdate { get; set; }
+}
+
+/// <summary>
+/// Orchestrates OCSP stapling for a single TLS certificate.
+/// Monitors certificate validity and refreshes the staple on a background timer.
+/// Mirrors Go <c>OCSPMonitor</c> struct in server/ocsp.go.
+/// Replaces the stub in NatsServerTypes.cs.
+/// </summary>
+internal sealed class OcspMonitor
+{
+    private readonly Lock _mu = new();
+
+    /// <summary>Path to the TLS certificate file being monitored.</summary>
+    public string?    CertFile       { get; set; }
+
+    /// <summary>Path to the CA certificate file used to verify OCSP responses.</summary>
+    public string?    CaFile         { get; set; }
+
+    /// <summary>Path to a persisted OCSP staple file (optional).</summary>
+    public string?    OcspStapleFile { get; set; }
+
+    /// <summary>The OCSP stapling mode for this monitor.</summary>
+    public OcspMode   Mode           { get; set; }
+
+    /// <summary>How often to check for a fresh OCSP response.</summary>
+    public TimeSpan   CheckInterval  { get; set; } = TimeSpan.FromHours(24);
+
+    /// <summary>The owning server instance.</summary>
+    public NatsServer? Server        { get; set; }
+
+    /// <summary>The synchronisation lock for this monitor's mutable state.</summary>
+    public Lock Mu => _mu;
+
+    /// <summary>Starts the background OCSP refresh timer.</summary>
+    public void Start()
+        => throw new NotImplementedException("TODO: session 23 — ocsp");
+
+    /// <summary>Stops the background OCSP refresh timer.</summary>
+    public void Stop()
+        => throw new NotImplementedException("TODO: session 23 — ocsp");
+
+    /// <summary>Returns the current cached OCSP staple bytes, or <c>null</c> if none.</summary>
+    public byte[]? GetStaple()
+        => throw new NotImplementedException("TODO: session 23 — ocsp");
+}
+
+/// <summary>
+/// Interface for caching raw OCSP response bytes keyed by certificate fingerprint.
+/// Mirrors Go <c>OCSPResponseCache</c> interface in server/ocsp_responsecache.go.
+/// Replaces the stub in NatsServerTypes.cs.
+/// </summary>
+public interface IOcspResponseCache
+{
+    /// <summary>Returns the cached OCSP response for <paramref name="key"/>, or <c>null</c>.</summary>
+    byte[]? Get(string key);
+
+    /// <summary>Stores an OCSP response under <paramref name="key"/>.</summary>
+    void    Put(string key, byte[] response);
+
+    /// <summary>Removes the cached entry for <paramref name="key"/>.</summary>
+    void    Remove(string key);
+}
+
+/// <summary>
+/// A no-op OCSP cache that never stores anything.
+/// Mirrors Go <c>NoOpCache</c> in server/ocsp_responsecache.go.
+/// </summary>
+internal sealed class NoOpCache : IOcspResponseCache
+{
+    public byte[]? Get(string key)             => null;
+    public void    Put(string key, byte[] response) { }
+    public void    Remove(string key)          { }
+}
+
+/// <summary>
+/// An OCSP cache backed by a local directory on disk.
+/// Mirrors Go <c>LocalCache</c> in server/ocsp_responsecache.go.
+/// Full implementation is deferred to session 23.
+/// </summary>
+internal sealed class LocalDirCache : IOcspResponseCache
+{
+    private readonly string _dir;
+
+    public LocalDirCache(string dir)
+    {
+        _dir = dir;
+    }
+
+    public byte[]? Get(string key)
+        => throw new NotImplementedException("TODO: session 23 — ocsp");
+
+    public void Put(string key, byte[] response)
+        => throw new NotImplementedException("TODO: session 23 — ocsp");
+
+    public void Remove(string key)
+        => throw new NotImplementedException("TODO: session 23 — ocsp");
+}
+
+/// <summary>
+/// Payload for the OCSP peer certificate rejection advisory event.
+/// Mirrors Go <c>OCSPPeerRejectEventMsg</c> fields in server/events.go
+/// and the OCSP peer reject logic in server/ocsp_peer.go.
+/// </summary>
+public sealed class OcspPeerRejectInfo
+{
+    [System.Text.Json.Serialization.JsonPropertyName("peer")]
+    public string Peer   { get; set; } = string.Empty;
+
+    [System.Text.Json.Serialization.JsonPropertyName("reason")]
+    public string Reason { get; set; } = string.Empty;
+}
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/JetStreamApiTypes.cs b/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/JetStreamApiTypes.cs
index e7bf85a..53ea072 100644
--- a/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/JetStreamApiTypes.cs
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/JetStreamApiTypes.cs
@@ -21,12 +21,6 @@ namespace ZB.MOM.NatsNet.Server;
 // Forward stubs for types defined in later sessions
 // ---------------------------------------------------------------------------
 
-/// <summary>Stub: full definition in session 20 (stream.go).</summary>
-public sealed class StreamInfo { }
-
-/// <summary>Stub: full definition in session 20 (consumer.go).</summary>
-public sealed class ConsumerInfo { }
-
 /// <summary>Stub: stored message type — full definition in session 20.</summary>
 public sealed class StoredMsg { }
 
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/NatsConsumer.cs b/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/NatsConsumer.cs
new file mode 100644
index 0000000..e06c74f
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/NatsConsumer.cs
@@ -0,0 +1,151 @@
+// Copyright 2019-2026 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/consumer.go in the NATS server Go source.
+
+namespace ZB.MOM.NatsNet.Server;
+
+/// <summary>
+/// Represents a JetStream consumer, managing message delivery, ack tracking, and lifecycle.
+/// Mirrors the <c>consumer</c> struct in server/consumer.go.
+/// </summary>
+internal sealed class NatsConsumer : IDisposable
+{
+    private readonly ReaderWriterLockSlim _mu = new(LockRecursionPolicy.SupportsRecursion);
+
+    public string Name { get; private set; } = string.Empty;
+    public string Stream { get; private set; } = string.Empty;
+    public ConsumerConfig Config { get; private set; } = new();
+    public DateTime Created { get; private set; }
+
+    // Atomic counters — use Interlocked for thread-safe access
+    internal long Delivered;
+    internal long AckFloor;
+    internal long NumAckPending;
+    internal long NumRedelivered;
+
+    private bool _closed;
+
+    /// <summary>IRaftNode — stored as object to avoid cross-dependency on Raft session.</summary>
+    private object? _node;
+
+    private CancellationTokenSource? _quitCts;
+
+    public NatsConsumer(string stream, ConsumerConfig config, DateTime created)
+    {
+        Stream = stream;
+        Name = (config.Name is { Length: > 0 } name) ? name
+             : (config.Durable ?? string.Empty);
+        Config = config;
+        Created = created;
+        _quitCts = new CancellationTokenSource();
+    }
+
+    // -------------------------------------------------------------------------
+    // Factory
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Creates a new <see cref="NatsConsumer"/> for the given stream.
+    /// Returns null if the consumer cannot be created (stub: always throws).
+    /// Mirrors <c>newConsumer</c> / <c>consumer.create</c> in server/consumer.go.
+    /// </summary>
+    public static NatsConsumer? Create(
+        NatsStream stream,
+        ConsumerConfig cfg,
+        ConsumerAction action,
+        ConsumerAssignment? sa)
+    {
+        throw new NotImplementedException("TODO: session 21 — consumer");
+    }
+
+    // -------------------------------------------------------------------------
+    // Lifecycle
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Stops processing and tears down goroutines / timers.
+    /// Mirrors <c>consumer.stop</c> in server/consumer.go.
+    /// </summary>
+    public void Stop() =>
+        throw new NotImplementedException("TODO: session 21 — consumer");
+
+    /// <summary>
+    /// Deletes the consumer and all associated state permanently.
+    /// Mirrors <c>consumer.delete</c> in server/consumer.go.
+    /// </summary>
+    public void Delete() =>
+        throw new NotImplementedException("TODO: session 21 — consumer");
+
+    // -------------------------------------------------------------------------
+    // Info / State
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Returns a snapshot of consumer info including config and delivery state.
+    /// Mirrors <c>consumer.info</c> in server/consumer.go.
+    /// </summary>
+    public ConsumerInfo GetInfo() =>
+        throw new NotImplementedException("TODO: session 21 — consumer");
+
+    /// <summary>
+    /// Returns the current consumer configuration.
+    /// Mirrors <c>consumer.config</c> in server/consumer.go.
+    /// </summary>
+    public ConsumerConfig GetConfig() =>
+        throw new NotImplementedException("TODO: session 21 — consumer");
+
+    /// <summary>
+    /// Applies an updated configuration to the consumer.
+    /// Mirrors <c>consumer.update</c> in server/consumer.go.
+    /// </summary>
+    public void UpdateConfig(ConsumerConfig config) =>
+        throw new NotImplementedException("TODO: session 21 — consumer");
+
+    /// <summary>
+    /// Returns the current durable consumer state (delivered, ack_floor, pending, redelivered).
+    /// Mirrors <c>consumer.state</c> in server/consumer.go.
+    /// </summary>
+    public ConsumerState GetConsumerState() =>
+        throw new NotImplementedException("TODO: session 21 — consumer");
+
+    // -------------------------------------------------------------------------
+    // Leadership
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Returns true if this server is the current consumer leader.
+    /// Mirrors <c>consumer.isLeader</c> in server/consumer.go.
+    /// </summary>
+    public bool IsLeader() =>
+        throw new NotImplementedException("TODO: session 21 — consumer");
+
+    /// <summary>
+    /// Transitions this consumer into or out of the leader role.
+    /// Mirrors <c>consumer.setLeader</c> in server/consumer.go.
+    /// </summary>
+    public void SetLeader(bool isLeader, ulong term) =>
+        throw new NotImplementedException("TODO: session 21 — consumer");
+
+    // -------------------------------------------------------------------------
+    // IDisposable
+    // -------------------------------------------------------------------------
+
+    public void Dispose()
+    {
+        _quitCts?.Cancel();
+        _quitCts?.Dispose();
+        _quitCts = null;
+        _mu.Dispose();
+    }
+}
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/NatsStream.cs b/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/NatsStream.cs
new file mode 100644
index 0000000..fa9ab3d
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/NatsStream.cs
@@ -0,0 +1,197 @@
+// Copyright 2019-2026 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/stream.go in the NATS server Go source.
+
+namespace ZB.MOM.NatsNet.Server;
+
+/// <summary>
+/// Represents a JetStream stream, managing message storage, replication, and lifecycle.
+/// Mirrors the <c>stream</c> struct in server/stream.go.
+/// </summary>
+internal sealed class NatsStream : IDisposable
+{
+    private readonly ReaderWriterLockSlim _mu = new(LockRecursionPolicy.SupportsRecursion);
+
+    public Account Account { get; private set; }
+    public string Name { get; private set; } = string.Empty;
+    public StreamConfig Config { get; private set; } = new();
+    public DateTime Created { get; private set; }
+    internal IStreamStore? Store { get; private set; }
+
+    // Atomic counters — use Interlocked for thread-safe access
+    internal long Msgs;
+    internal long Bytes;
+    internal long FirstSeq;
+    internal long LastSeq;
+
+    internal bool IsMirror;
+
+    private bool _closed;
+    private CancellationTokenSource? _quitCts;
+
+    /// <summary>IRaftNode — stored as object to avoid cross-dependency on Raft session.</summary>
+    private object? _node;
+
+    public NatsStream(Account account, StreamConfig config, DateTime created)
+    {
+        Account = account;
+        Name = config.Name ?? string.Empty;
+        Config = config;
+        Created = created;
+        _quitCts = new CancellationTokenSource();
+    }
+
+    // -------------------------------------------------------------------------
+    // Factory
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Creates a new <see cref="NatsStream"/> after validating the configuration.
+    /// Returns null if the stream cannot be created (stub: always throws).
+    /// Mirrors <c>newStream</c> / <c>stream.create</c> in server/stream.go.
+    /// </summary>
+    public static NatsStream? Create(
+        Account acc,
+        StreamConfig cfg,
+        object? jsacc,
+        IStreamStore? store,
+        StreamAssignment? sa,
+        object? server)
+    {
+        throw new NotImplementedException("TODO: session 21 — stream");
+    }
+
+    // -------------------------------------------------------------------------
+    // Lifecycle
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Stops processing and tears down goroutines / timers.
+    /// Mirrors <c>stream.stop</c> in server/stream.go.
+    /// </summary>
+    public void Stop() =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    /// <summary>
+    /// Deletes the stream and all stored messages permanently.
+    /// Mirrors <c>stream.delete</c> in server/stream.go.
+    /// </summary>
+    public void Delete() =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    /// <summary>
+    /// Purges messages from the stream according to the optional request filter.
+    /// Mirrors <c>stream.purge</c> in server/stream.go.
+    /// </summary>
+    public void Purge(StreamPurgeRequest? req = null) =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    // -------------------------------------------------------------------------
+    // Info / State
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Returns a snapshot of stream info including config, state, and cluster information.
+    /// Mirrors <c>stream.info</c> in server/stream.go.
+    /// </summary>
+    public StreamInfo GetInfo(bool includeDeleted = false) =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    /// <summary>
+    /// Asynchronously returns a snapshot of stream info.
+    /// Mirrors <c>stream.info</c> (async path) in server/stream.go.
+    /// </summary>
+    public Task<StreamInfo> GetInfoAsync(bool includeDeleted = false, CancellationToken ct = default) =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    /// <summary>
+    /// Returns the current stream state (message counts, byte totals, sequences).
+    /// Mirrors <c>stream.state</c> in server/stream.go.
+    /// </summary>
+    public StreamState State() =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    // -------------------------------------------------------------------------
+    // Leadership
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Transitions this stream into or out of the leader role.
+    /// Mirrors <c>stream.setLeader</c> in server/stream.go.
+    /// </summary>
+    public void SetLeader(bool isLeader, ulong term) =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    /// <summary>
+    /// Returns true if this server is the current stream leader.
+    /// Mirrors <c>stream.isLeader</c> in server/stream.go.
+    /// </summary>
+    public bool IsLeader() =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    // -------------------------------------------------------------------------
+    // Configuration
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Returns the owning account.
+    /// Mirrors <c>stream.account</c> in server/stream.go.
+    /// </summary>
+    public Account GetAccount() =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    /// <summary>
+    /// Returns the current stream configuration.
+    /// Mirrors <c>stream.config</c> in server/stream.go.
+    /// </summary>
+    public StreamConfig GetConfig() =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    /// <summary>
+    /// Applies an updated configuration to the stream.
+    /// Mirrors <c>stream.update</c> in server/stream.go.
+    /// </summary>
+    public void UpdateConfig(StreamConfig config) =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    // -------------------------------------------------------------------------
+    // Sealed state
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Returns true if the stream is sealed (no new messages accepted).
+    /// Mirrors <c>stream.isSealed</c> in server/stream.go.
+    /// </summary>
+    public bool IsSealed() =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    /// <summary>
+    /// Seals the stream so that no new messages can be stored.
+    /// Mirrors <c>stream.seal</c> in server/stream.go.
+    /// </summary>
+    public void Seal() =>
+        throw new NotImplementedException("TODO: session 21 — stream");
+
+    // -------------------------------------------------------------------------
+    // IDisposable
+    // -------------------------------------------------------------------------
+
+    public void Dispose()
+    {
+        _quitCts?.Cancel();
+        _quitCts?.Dispose();
+        _quitCts = null;
+        _mu.Dispose();
+    }
+}
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/StreamTypes.cs b/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/StreamTypes.cs
new file mode 100644
index 0000000..90e8037
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/JetStream/StreamTypes.cs
@@ -0,0 +1,484 @@
+// Copyright 2019-2026 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/stream.go and server/consumer.go in the NATS server Go source.
+
+using System.Text.Json.Serialization;
+
+namespace ZB.MOM.NatsNet.Server;
+
+// ============================================================================
+// Stream API types (from stream.go)
+// ============================================================================
+
+/// <summary>
+/// A stream create request that extends <see cref="StreamConfig"/> with a pedantic flag.
+/// Mirrors <c>streamConfigRequest</c> in server/stream.go.
+/// </summary>
+public sealed class StreamConfigRequest
+{
+    [JsonPropertyName("config")]
+    public StreamConfig Config { get; set; } = new();
+
+    /// <summary>If true, strict validation is applied during stream creation/update.</summary>
+    [JsonPropertyName("pedantic")]
+    public bool Pedantic { get; set; }
+}
+
+/// <summary>
+/// Information about a stream, returned from info requests.
+/// Mirrors <c>StreamInfo</c> in server/stream.go.
+/// </summary>
+public sealed class StreamInfo
+{
+    [JsonPropertyName("config")]
+    public StreamConfig Config { get; set; } = new();
+
+    [JsonPropertyName("created")]
+    public DateTime Created { get; set; }
+
+    [JsonPropertyName("state")]
+    public StreamState State { get; set; } = new();
+
+    [JsonPropertyName("mirror")]
+    public StreamSourceInfo? Mirror { get; set; }
+
+    [JsonPropertyName("sources")]
+    public StreamSourceInfo[]? Sources { get; set; }
+
+    [JsonPropertyName("cluster")]
+    public ClusterInfo? Cluster { get; set; }
+
+    [JsonPropertyName("mirror_direct")]
+    public bool Mirror_Direct { get; set; }
+
+    [JsonPropertyName("allow_direct")]
+    public bool Allow_Direct { get; set; }
+
+    /// <summary>Alternate cluster name.</summary>
+    [JsonPropertyName("alternates")]
+    public string? Alt { get; set; }
+}
+
+/// <summary>
+/// Information about a stream mirror or source.
+/// Mirrors <c>StreamSourceInfo</c> in server/stream.go.
+/// </summary>
+public sealed class StreamSourceInfo
+{
+    [JsonPropertyName("name")]
+    public string Name { get; set; } = string.Empty;
+
+    [JsonPropertyName("filter_subject")]
+    public string? FilterSubject { get; set; }
+
+    [JsonPropertyName("lag")]
+    public ulong Lag { get; set; }
+
+    [JsonPropertyName("active")]
+    public DateTime? Active { get; set; }
+
+    [JsonPropertyName("external")]
+    public StreamSource? External { get; set; }
+
+    [JsonPropertyName("error")]
+    public string? Error { get; set; }
+}
+
+/// <summary>
+/// Request parameters for stream info, allowing filtering.
+/// Mirrors <c>streamInfoRequest</c> in server/stream.go.
+/// </summary>
+public sealed class StreamInfoRequest
+{
+    [JsonPropertyName("subjects_filter")]
+    public string? SubjectsFilter { get; set; }
+
+    [JsonPropertyName("mirror_check_until")]
+    public string? MirrorCheckUntil { get; set; }
+
+    [JsonPropertyName("deleted_details")]
+    public bool DeletedDetails { get; set; }
+
+    [JsonPropertyName("subjects_detail")]
+    public bool SubjectsDetail { get; set; }
+}
+
+/// <summary>
+/// Request parameters for purging a stream.
+/// Mirrors <c>StreamPurgeRequest</c> in server/stream.go.
+/// </summary>
+public sealed class StreamPurgeRequest
+{
+    [JsonPropertyName("filter")]
+    public string? Filter { get; set; }
+
+    [JsonPropertyName("seq")]
+    public ulong Sequence { get; set; }
+
+    [JsonPropertyName("keep")]
+    public ulong Keep { get; set; }
+}
+
+/// <summary>
+/// Request for deleting a specific stream message.
+/// Mirrors <c>StreamMsgDeleteRequest</c> in server/stream.go.
+/// </summary>
+public sealed class StreamMsgDeleteRequest
+{
+    [JsonPropertyName("seq")]
+    public ulong Seq { get; set; }
+
+    [JsonPropertyName("no_erase")]
+    public bool NoErase { get; set; }
+}
+
+/// <summary>
+/// Request for retrieving a specific stream message.
+/// Mirrors <c>StreamGetMsgRequest</c> in server/stream.go.
+/// </summary>
+public sealed class StreamGetMsgRequest
+{
+    [JsonPropertyName("seq")]
+    public ulong Seq { get; set; }
+
+    [JsonPropertyName("last_by_subj")]
+    public string? LastBySubject { get; set; }
+
+    [JsonPropertyName("next_by_subj")]
+    public string? NextBySubject { get; set; }
+}
+
+/// <summary>
+/// Publish acknowledgement response from JetStream.
+/// Mirrors <c>JSPubAckResponse</c> in server/stream.go.
+/// </summary>
+public sealed class JSPubAckResponse
+{
+    [JsonPropertyName("stream")]
+    public string Stream { get; set; } = string.Empty;
+
+    [JsonPropertyName("seq")]
+    public ulong Seq { get; set; }
+
+    [JsonPropertyName("duplicate")]
+    public bool Duplicate { get; set; }
+
+    [JsonPropertyName("domain")]
+    public string? Domain { get; set; }
+
+    [JsonPropertyName("error")]
+    public JsApiError? PubAckError { get; set; }
+
+    /// <summary>
+    /// Returns an exception if the response contains an error, otherwise null.
+    /// Mirrors <c>ToError()</c> helper pattern in NATS Go server.
+    /// </summary>
+    public Exception? ToError()
+    {
+        if (PubAckError is { ErrCode: > 0 })
+            return new InvalidOperationException($"{PubAckError.Description} (errCode={PubAckError.ErrCode})");
+        return null;
+    }
+}
+
+/// <summary>
+/// A raw published message before JetStream processing.
+/// Mirrors <c>pubMsg</c> (JetStream variant) in server/stream.go.
+/// Note: renamed <c>JsStreamPubMsg</c> to avoid collision with the server-level
+/// <c>PubMsg</c> (events.go) which lives in the same namespace.
+/// </summary>
+public sealed class JsStreamPubMsg
+{
+    public string Subject { get; set; } = string.Empty;
+    public string? Reply { get; set; }
+    public byte[]? Hdr { get; set; }
+    public byte[]? Msg { get; set; }
+    public Dictionary<string, string>? Meta { get; set; }
+}
+
+/// <summary>
+/// A JetStream publish message with sync tracking.
+/// Mirrors <c>jsPubMsg</c> in server/stream.go.
+/// </summary>
+public sealed class JsPubMsg
+{
+    public string Subject { get; set; } = string.Empty;
+    public string? Reply { get; set; }
+    public byte[]? Hdr { get; set; }
+    public byte[]? Msg { get; set; }
+
+    /// <summary>Publish argument (opaque, set at runtime).</summary>
+    public object? Pa { get; set; }
+
+    /// <summary>Sync/ack channel (opaque, set at runtime).</summary>
+    public object? Sync { get; set; }
+}
+
+/// <summary>
+/// An inbound message to be processed by the JetStream layer.
+/// Mirrors <c>inMsg</c> in server/stream.go.
+/// </summary>
+public sealed class InMsg
+{
+    public string Subject { get; set; } = string.Empty;
+    public string? Reply { get; set; }
+    public byte[]? Hdr { get; set; }
+    public byte[]? Msg { get; set; }
+
+    /// <summary>The originating client (opaque, set at runtime).</summary>
+    public object? Client { get; set; }
+}
+
+/// <summary>
+/// A cached/clustered message for replication.
+/// Mirrors <c>cMsg</c> in server/stream.go.
+/// </summary>
+public sealed class CMsg
+{
+    public string Subject { get; set; } = string.Empty;
+    public byte[]? Msg { get; set; }
+    public ulong Seq { get; set; }
+}
+
+// ============================================================================
+// Consumer API types (from consumer.go)
+// ============================================================================
+
+/// <summary>
+/// Information about a consumer, returned from info requests.
+/// Mirrors <c>ConsumerInfo</c> in server/consumer.go.
+/// </summary>
+public sealed class ConsumerInfo
+{
+    [JsonPropertyName("stream_name")]
+    public string Stream { get; set; } = string.Empty;
+
+    [JsonPropertyName("name")]
+    public string Name { get; set; } = string.Empty;
+
+    [JsonPropertyName("created")]
+    public DateTime Created { get; set; }
+
+    [JsonPropertyName("config")]
+    public ConsumerConfig? Config { get; set; }
+
+    [JsonPropertyName("delivered")]
+    public SequenceInfo Delivered { get; set; } = new();
+
+    [JsonPropertyName("ack_floor")]
+    public SequenceInfo AckFloor { get; set; } = new();
+
+    [JsonPropertyName("num_ack_pending")]
+    public int NumAckPending { get; set; }
+
+    [JsonPropertyName("num_redelivered")]
+    public int NumRedelivered { get; set; }
+
+    [JsonPropertyName("num_waiting")]
+    public int NumWaiting { get; set; }
+
+    [JsonPropertyName("num_pending")]
+    public ulong NumPending { get; set; }
+
+    [JsonPropertyName("cluster")]
+    public ClusterInfo? Cluster { get; set; }
+
+    [JsonPropertyName("push_bound")]
+    public bool PushBound { get; set; }
+
+    [JsonPropertyName("paused")]
+    public bool Paused { get; set; }
+
+    [JsonPropertyName("pause_remaining")]
+    public TimeSpan PauseRemaining { get; set; }
+
+    [JsonPropertyName("ts")]
+    public DateTime TimeStamp { get; set; }
+
+    [JsonPropertyName("priority_groups")]
+    public PriorityGroupState[]? PriorityGroups { get; set; }
+}
+
+/// <summary>
+/// State information for a priority group on a pull consumer.
+/// Mirrors <c>PriorityGroupState</c> in server/consumer.go.
+/// </summary>
+public sealed class PriorityGroupState
+{
+    [JsonPropertyName("group")]
+    public string Group { get; set; } = string.Empty;
+
+    [JsonPropertyName("pinned_client_id")]
+    public string? PinnedClientId { get; set; }
+
+    [JsonPropertyName("pinned_ts")]
+    public DateTime PinnedTs { get; set; }
+}
+
+/// <summary>
+/// Sequence information for consumer delivered/ack_floor positions.
+/// Mirrors <c>SequenceInfo</c> in server/consumer.go.
+/// </summary>
+public sealed class SequenceInfo
+{
+    [JsonPropertyName("consumer_seq")]
+    public ulong Consumer { get; set; }
+
+    [JsonPropertyName("stream_seq")]
+    public ulong Stream { get; set; }
+
+    [JsonPropertyName("last_active")]
+    public DateTime? Last { get; set; }
+}
+
+/// <summary>
+/// Request to create or update a consumer.
+/// Mirrors <c>CreateConsumerRequest</c> in server/consumer.go.
+/// </summary>
+public sealed class CreateConsumerRequest
+{
+    [JsonPropertyName("stream_name")]
+    public string Stream { get; set; } = string.Empty;
+
+    [JsonPropertyName("config")]
+    public ConsumerConfig Config { get; set; } = new();
+
+    [JsonPropertyName("action")]
+    public ConsumerAction Action { get; set; }
+}
+
+/// <summary>
+/// Specifies the intended action when creating a consumer.
+/// Mirrors <c>ConsumerAction</c> in server/consumer.go.
+/// </summary>
+public enum ConsumerAction
+{
+    /// <summary>Create a new consumer or update if it already exists.</summary>
+    CreateOrUpdate = 0,
+
+    /// <summary>Create a new consumer; fail if it already exists.</summary>
+    Create = 1,
+
+    /// <summary>Update an existing consumer; fail if it does not exist.</summary>
+    Update = 2,
+}
+
+/// <summary>
+/// Response for a consumer deletion request.
+/// Mirrors <c>ConsumerDeleteResponse</c> in server/consumer.go.
+/// </summary>
+public sealed class ConsumerDeleteResponse
+{
+    [JsonPropertyName("success")]
+    public bool Success { get; set; }
+}
+
+/// <summary>
+/// A pending pull request waiting in the wait queue.
+/// Mirrors <c>waitingRequest</c> in server/consumer.go.
+/// </summary>
+public sealed class WaitingRequest
+{
+    public string Subject { get; set; } = string.Empty;
+    public string? Reply { get; set; }
+
+    /// <summary>Number of messages requested.</summary>
+    public int N { get; set; }
+
+    /// <summary>Number of messages delivered so far.</summary>
+    public int D { get; set; }
+
+    /// <summary>No-wait flag (1 = no wait).</summary>
+    public int NoWait { get; set; }
+
+    public DateTime? Expires { get; set; }
+
+    /// <summary>Max byte limit for this batch.</summary>
+    public int MaxBytes { get; set; }
+
+    /// <summary>Bytes accumulated so far.</summary>
+    public int B { get; set; }
+}
+
+/// <summary>
+/// A circular wait queue for pending pull requests.
+/// Mirrors <c>waitQueue</c> in server/consumer.go.
+/// </summary>
+public sealed class WaitQueue
+{
+    private readonly List<WaitingRequest> _reqs = new();
+    private int _head;
+    private int _tail;
+
+    /// <summary>Number of pending requests in the queue.</summary>
+    public int Len => _reqs.Count;
+
+    /// <summary>Add a waiting request to the tail of the queue.</summary>
+    public void Add(WaitingRequest req) =>
+        throw new NotImplementedException("TODO: session 21");
+
+    /// <summary>Peek at the head request without removing it.</summary>
+    public WaitingRequest? Peek() =>
+        throw new NotImplementedException("TODO: session 21");
+
+    /// <summary>Remove and return the head request.</summary>
+    public WaitingRequest? Pop() =>
+        throw new NotImplementedException("TODO: session 21");
+
+    /// <summary>Compact the internal backing list to reclaim removed slots.</summary>
+    public void Compress() =>
+        throw new NotImplementedException("TODO: session 21");
+
+    /// <summary>Returns true if the queue is at capacity (head == tail when full).</summary>
+    public bool IsFull(int max) =>
+        throw new NotImplementedException("TODO: session 21");
+}
+
+/// <summary>
+/// Cluster membership and leadership information for a stream or consumer.
+/// Mirrors <c>ClusterInfo</c> in server/consumer.go and server/stream.go.
+/// </summary>
+public sealed class ClusterInfo
+{
+    [JsonPropertyName("name")]
+    public string? Name { get; set; }
+
+    [JsonPropertyName("leader")]
+    public string? Leader { get; set; }
+
+    [JsonPropertyName("replicas")]
+    public PeerInfo[]? Replicas { get; set; }
+}
+
+/// <summary>
+/// Information about a peer in a JetStream Raft group.
+/// Mirrors <c>PeerInfo</c> in server/consumer.go and server/stream.go.
+/// </summary>
+public sealed class PeerInfo
+{
+    [JsonPropertyName("name")]
+    public string Name { get; set; } = string.Empty;
+
+    [JsonPropertyName("current")]
+    public bool Current { get; set; }
+
+    [JsonPropertyName("offline")]
+    public bool Offline { get; set; }
+
+    [JsonPropertyName("active")]
+    public TimeSpan Active { get; set; }
+
+    [JsonPropertyName("lag")]
+    public ulong Lag { get; set; }
+}
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttConstants.cs b/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttConstants.cs
new file mode 100644
index 0000000..ca6aa64
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttConstants.cs
@@ -0,0 +1,271 @@
+// Copyright 2020-2026 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/mqtt.go in the NATS server Go source.
+
+namespace ZB.MOM.NatsNet.Server.Mqtt;
+
+// References to "spec" here are from https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.pdf
+
+/// <summary>
+/// MQTT control packet type byte values.
+/// Mirrors the <c>mqttPacket*</c> constants in server/mqtt.go.
+/// </summary>
+internal static class MqttPacket
+{
+    public const byte Connect    = 0x10;
+    public const byte ConnectAck = 0x20;
+    public const byte Pub        = 0x30;
+    public const byte PubAck     = 0x40;
+    public const byte PubRec     = 0x50;
+    public const byte PubRel     = 0x60;
+    public const byte PubComp    = 0x70;
+    public const byte Sub        = 0x80;
+    public const byte SubAck     = 0x90;
+    public const byte Unsub      = 0xA0;
+    public const byte UnsubAck   = 0xB0;
+    public const byte Ping       = 0xC0;
+    public const byte PingResp   = 0xD0;
+    public const byte Disconnect = 0xE0;
+    public const byte Mask       = 0xF0;
+    public const byte FlagMask   = 0x0F;
+}
+
+/// <summary>
+/// MQTT CONNECT packet flag byte values.
+/// Mirrors the <c>mqttConnFlag*</c> constants in server/mqtt.go.
+/// </summary>
+internal static class MqttConnectFlag
+{
+    public const byte Reserved     = 0x01;
+    public const byte CleanSession = 0x02;
+    public const byte WillFlag     = 0x04;
+    public const byte WillQoS      = 0x18;
+    public const byte WillRetain   = 0x20;
+    public const byte PasswordFlag = 0x40;
+    public const byte UsernameFlag = 0x80;
+}
+
+/// <summary>
+/// MQTT PUBLISH packet flag byte values.
+/// Mirrors the <c>mqttPubFlag*</c> and <c>mqttPubQoS*</c> constants in server/mqtt.go.
+/// </summary>
+internal static class MqttPubFlag
+{
+    public const byte Retain = 0x01;
+    public const byte QoS    = 0x06;
+    public const byte Dup    = 0x08;
+    public const byte QoS1   = 0x1 << 1;
+    public const byte QoS2   = 0x2 << 1;
+}
+
+/// <summary>
+/// MQTT CONNACK return codes.
+/// Mirrors the <c>mqttConnAckRC*</c> constants in server/mqtt.go.
+/// </summary>
+internal static class MqttConnAckRc
+{
+    public const byte Accepted             = 0x00;
+    public const byte UnacceptableProtocol = 0x01;
+    public const byte IdentifierRejected   = 0x02;
+    public const byte ServerUnavailable    = 0x03;
+    public const byte BadUserOrPassword    = 0x04;
+    public const byte NotAuthorized        = 0x05;
+    public const byte QoS2WillRejected     = 0x10;
+}
+
+/// <summary>
+/// Miscellaneous MQTT protocol constants.
+/// Mirrors the remaining scalar constants in server/mqtt.go.
+/// </summary>
+internal static class MqttConst
+{
+    /// <summary>Maximum control packet payload size (0xFFFFFFF).</summary>
+    public const int  MaxPayloadSize      = 0xFFFFFFF;
+
+    /// <summary>MQTT topic level separator character ('/').</summary>
+    public const char TopicLevelSep       = '/';
+
+    /// <summary>Single-level wildcard character ('+').</summary>
+    public const char SingleLevelWildcard = '+';
+
+    /// <summary>Multi-level wildcard character ('#').</summary>
+    public const char MultiLevelWildcard  = '#';
+
+    /// <summary>Reserved topic prefix character ('$').</summary>
+    public const char ReservedPrefix      = '$';
+
+    /// <summary>MQTT protocol level byte (v3.1.1 = 0x04).</summary>
+    public const byte ProtoLevel          = 0x04;
+
+    /// <summary>SUBACK failure return code (0x80).</summary>
+    public const byte SubAckFailure       = 0x80;
+
+    /// <summary>Fixed flags byte in SUBSCRIBE packets (0x02).</summary>
+    public const byte SubscribeFlags      = 0x02;
+
+    /// <summary>Fixed flags byte in UNSUBSCRIBE packets (0x02).</summary>
+    public const byte UnsubscribeFlags    = 0x02;
+
+    /// <summary>
+    /// Suffix appended to the SID of subscriptions created for MQTT '#' wildcard
+    /// at the upper level. Mirrors <c>mqttMultiLevelSidSuffix</c>.
+    /// </summary>
+    public const string MultiLevelSidSuffix = " fwc";
+
+    /// <summary>Initial byte allocation for publish headers (overestimate).</summary>
+    public const int InitialPubHeader = 16;
+
+    /// <summary>Default maximum number of pending QoS-1 acks per session.</summary>
+    public const int DefaultMaxAckPending = 1024;
+
+    /// <summary>Absolute upper limit on cumulative MaxAckPending across all session subscriptions.</summary>
+    public const int MaxAckTotalLimit = 0xFFFF;
+
+    /// <summary>WebSocket path for MQTT connections.</summary>
+    public const string WsPath = "/mqtt";
+
+    /// <summary>Marker character for deleted retained messages (used in flag field).</summary>
+    public const char RetainedFlagDelMarker = '-';
+}
+
+/// <summary>
+/// MQTT-internal NATS subject / stream / consumer name constants.
+/// Mirrors the string constants in server/mqtt.go that define JetStream stream names,
+/// subject prefixes, and JSA reply tokens.
+/// </summary>
+internal static class MqttTopics
+{
+    // -------------------------------------------------------------------------
+    // Top-level MQTT subject prefix
+    // -------------------------------------------------------------------------
+
+    /// <summary>Prefix used for all internal MQTT subjects.</summary>
+    public const string Prefix = "$MQTT.";
+
+    /// <summary>
+    /// Prefix for NATS subscriptions used as JS consumer delivery subjects.
+    /// MQTT clients must not subscribe to subjects starting with this prefix.
+    /// </summary>
+    public const string SubPrefix = Prefix + "sub.";
+
+    // -------------------------------------------------------------------------
+    // JetStream stream names
+    // -------------------------------------------------------------------------
+
+    /// <summary>Stream name for MQTT QoS &gt;0 messages on a given account.</summary>
+    public const string MsgsStreamName = "$MQTT_msgs";
+
+    /// <summary>Subject prefix for messages in the MQTT messages stream.</summary>
+    public const string MsgsStreamSubjectPrefix = Prefix + "msgs.";
+
+    /// <summary>Stream name for MQTT retained messages.</summary>
+    public const string RetainedMsgsStreamName = "$MQTT_rmsgs";
+
+    /// <summary>Subject prefix for messages in the retained messages stream.</summary>
+    public const string RetainedMsgsStreamSubject = Prefix + "rmsgs.";
+
+    /// <summary>Stream name for MQTT session state.</summary>
+    public const string SessStreamName = "$MQTT_sess";
+
+    /// <summary>Subject prefix for session state messages.</summary>
+    public const string SessStreamSubjectPrefix = Prefix + "sess.";
+
+    /// <summary>Name prefix used when creating per-account session streams.</summary>
+    public const string SessionsStreamNamePrefix = "$MQTT_sess_";
+
+    /// <summary>Stream name for incoming QoS-2 messages.</summary>
+    public const string QoS2IncomingMsgsStreamName = "$MQTT_qos2in";
+
+    /// <summary>Subject prefix for incoming QoS-2 messages.</summary>
+    public const string QoS2IncomingMsgsStreamSubjectPrefix = Prefix + "qos2.in.";
+
+    /// <summary>Stream name for outgoing MQTT QoS messages (PUBREL).</summary>
+    public const string OutStreamName = "$MQTT_out";
+
+    /// <summary>Subject prefix for outgoing MQTT messages.</summary>
+    public const string OutSubjectPrefix = Prefix + "out.";
+
+    /// <summary>Subject prefix for PUBREL messages.</summary>
+    public const string PubRelSubjectPrefix = Prefix + "out.pubrel.";
+
+    /// <summary>Subject prefix for PUBREL delivery subjects.</summary>
+    public const string PubRelDeliverySubjectPrefix = Prefix + "deliver.pubrel.";
+
+    /// <summary>Durable consumer name prefix for PUBREL.</summary>
+    public const string PubRelConsumerDurablePrefix = "$MQTT_PUBREL_";
+
+    // -------------------------------------------------------------------------
+    // JSA reply subject prefix and token constants
+    // -------------------------------------------------------------------------
+
+    /// <summary>Prefix of the reply subject for JS API requests.</summary>
+    public const string JsaRepliesPrefix = Prefix + "JSA.";
+
+    // Token position indices within a JSA reply subject.
+    public const int JsaIdTokenPos  = 3;
+    public const int JsaTokenPos    = 4;
+    public const int JsaClientIdPos = 5;
+
+    // JSA operation token values.
+    public const string JsaStreamCreate   = "SC";
+    public const string JsaStreamUpdate   = "SU";
+    public const string JsaStreamLookup   = "SL";
+    public const string JsaStreamDel      = "SD";
+    public const string JsaConsumerCreate = "CC";
+    public const string JsaConsumerLookup = "CL";
+    public const string JsaConsumerDel    = "CD";
+    public const string JsaMsgStore       = "MS";
+    public const string JsaMsgLoad        = "ML";
+    public const string JsaMsgDelete      = "MD";
+    public const string JsaSessPersist    = "SP";
+    public const string JsaRetainedMsgDel = "RD";
+    public const string JsaStreamNames    = "SN";
+
+    // -------------------------------------------------------------------------
+    // NATS header names injected into re-encoded PUBLISH messages
+    // -------------------------------------------------------------------------
+
+    /// <summary>Header that indicates the message originated from MQTT and stores published QoS.</summary>
+    public const string NatsHeader = "Nmqtt-Pub";
+
+    /// <summary>Header storing the original MQTT topic for retained messages.</summary>
+    public const string NatsRetainedMessageTopic = "Nmqtt-RTopic";
+
+    /// <summary>Header storing the origin of a retained message.</summary>
+    public const string NatsRetainedMessageOrigin = "Nmqtt-ROrigin";
+
+    /// <summary>Header storing the flags of a retained message.</summary>
+    public const string NatsRetainedMessageFlags = "Nmqtt-RFlags";
+
+    /// <summary>Header storing the source of a retained message.</summary>
+    public const string NatsRetainedMessageSource = "Nmqtt-RSource";
+
+    /// <summary>Header indicating a PUBREL message and storing the packet identifier.</summary>
+    public const string NatsPubRelHeader = "Nmqtt-PubRel";
+
+    /// <summary>Header storing the original MQTT subject in re-encoded PUBLISH messages.</summary>
+    public const string NatsHeaderSubject = "Nmqtt-Subject";
+
+    /// <summary>Header storing the subject mapping in re-encoded PUBLISH messages.</summary>
+    public const string NatsHeaderMapped = "Nmqtt-Mapped";
+
+    // -------------------------------------------------------------------------
+    // Sparkplug B constants
+    // -------------------------------------------------------------------------
+
+    public const string SparkbNBirth = "NBIRTH";
+    public const string SparkbDBirth = "DBIRTH";
+    public const string SparkbNDeath = "NDEATH";
+    public const string SparkbDDeath = "DDEATH";
+}
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttHandler.cs b/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttHandler.cs
new file mode 100644
index 0000000..9199956
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttHandler.cs
@@ -0,0 +1,252 @@
+// Copyright 2020-2026 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/mqtt.go in the NATS server Go source.
+
+namespace ZB.MOM.NatsNet.Server.Mqtt;
+
+// ============================================================================
+// Per-client MQTT state
+// ============================================================================
+
+/// <summary>
+/// Per-client MQTT state attached to every connection established via the MQTT
+/// listener or WebSocket upgrade.
+/// Mirrors Go <c>mqtt</c> struct in server/mqtt.go.
+/// </summary>
+internal sealed class MqttHandler
+{
+    private readonly Lock _mu = new();
+
+    // ------------------------------------------------------------------
+    // Identity
+    // ------------------------------------------------------------------
+
+    /// <summary>MQTT client identifier presented in the CONNECT packet.</summary>
+    public string ClientId { get; set; } = string.Empty;
+
+    /// <summary>Whether this is a clean session.</summary>
+    public bool CleanSession { get; set; }
+
+    // ------------------------------------------------------------------
+    // Session / Will
+    // ------------------------------------------------------------------
+
+    /// <summary>Session associated with this connection after a successful CONNECT.</summary>
+    public MqttSession? Session { get; set; }
+
+    /// <summary>
+    /// Quick reference to the account session manager.
+    /// Immutable after <c>processConnect()</c> completes.
+    /// </summary>
+    public MqttAccountSessionManager? AccountSessionManager { get; set; }
+
+    /// <summary>Will message to publish when this connection closes unexpectedly.</summary>
+    public MqttWill? Will { get; set; }
+
+    // ------------------------------------------------------------------
+    // Keep-alive
+    // ------------------------------------------------------------------
+
+    /// <summary>Keep-alive interval in seconds (0 = disabled).</summary>
+    public ushort KeepAlive { get; set; }
+
+    // ------------------------------------------------------------------
+    // QoS pending / packet identifiers
+    // ------------------------------------------------------------------
+
+    /// <summary>Next packet identifier to use for QoS &gt;0 outbound messages.</summary>
+    public ushort NextPi { get; set; }
+
+    /// <summary>
+    /// Pending ack map: packet identifier → pending state.
+    /// Used for tracking in-flight QoS 1/2 PUBLISH packets.
+    /// </summary>
+    public Dictionary<ushort, MqttPending?> Pending { get; } = new();
+
+    // ------------------------------------------------------------------
+    // Protocol flags
+    // ------------------------------------------------------------------
+
+    /// <summary>
+    /// When <c>true</c>, the server rejects QoS-2 PUBLISH from this client
+    /// and terminates the connection on receipt of such a packet.
+    /// Mirrors Go <c>mqtt.rejectQoS2Pub</c>.
+    /// </summary>
+    public bool RejectQoS2Pub { get; set; }
+
+    /// <summary>
+    /// When <c>true</c>, QoS-2 SUBSCRIBE requests are silently downgraded to QoS-1.
+    /// Mirrors Go <c>mqtt.downgradeQoS2Sub</c>.
+    /// </summary>
+    public bool DowngradeQoS2Sub { get; set; }
+
+    // ------------------------------------------------------------------
+    // Parse state (used by the read-loop MQTT byte-stream parser)
+    // ------------------------------------------------------------------
+
+    /// <summary>Current state of the fixed-header / remaining-length state machine.</summary>
+    public byte ParseState { get; set; }
+
+    /// <summary>Control packet type byte extracted from the current fixed header.</summary>
+    public byte PktType { get; set; }
+
+    /// <summary>Remaining length of the current control packet (bytes still to read).</summary>
+    public int RemLen { get; set; }
+
+    /// <summary>Buffer accumulating the current packet's variable-header and payload.</summary>
+    public byte[]? Buf { get; set; }
+
+    /// <summary>Multiplier accumulator used during multi-byte remaining-length decoding.</summary>
+    public int RemLenMult { get; set; }
+
+    // ------------------------------------------------------------------
+    // Thread safety
+    // ------------------------------------------------------------------
+
+    /// <summary>Lock protecting mutable fields on this instance.</summary>
+    public Lock Mu => _mu;
+}
+
+// ============================================================================
+// Server-side MQTT extension methods (stubs)
+// ============================================================================
+
+/// <summary>
+/// Stub extension methods on <see cref="NatsServer"/> for MQTT server operations.
+/// Mirrors the server-receiver MQTT functions in server/mqtt.go.
+/// All methods throw <see cref="NotImplementedException"/> until session 22 is complete.
+/// </summary>
+internal static class MqttServerExtensions
+{
+    /// <summary>
+    /// Start listening for MQTT client connections.
+    /// Mirrors Go <c>(*Server).startMQTT()</c>.
+    /// </summary>
+    public static void StartMqtt(this NatsServer server) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Configure MQTT authentication overrides from the MQTT options block.
+    /// Mirrors Go <c>(*Server).mqttConfigAuth()</c>.
+    /// </summary>
+    public static void MqttConfigAuth(this NatsServer server, object mqttOpts) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Handle cleanup when an MQTT client connection closes.
+    /// Mirrors Go <c>(*Server).mqttHandleClosedClient()</c>.
+    /// </summary>
+    public static void MqttHandleClosedClient(this NatsServer server, object client) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Propagate a change to the maximum ack-pending limit to all MQTT sessions.
+    /// Mirrors Go <c>(*Server).mqttUpdateMaxAckPending()</c>.
+    /// </summary>
+    public static void MqttUpdateMaxAckPending(this NatsServer server, ushort maxp) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Retrieve or lazily-create the JSA for the named account.
+    /// Mirrors Go <c>(*Server).mqttGetJSAForAccount()</c>.
+    /// </summary>
+    public static MqttJsa MqttGetJsaForAccount(this NatsServer server, string account) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Store a QoS message for an account on a (possibly new) NATS subject.
+    /// Mirrors Go <c>(*Server).mqttStoreQoSMsgForAccountOnNewSubject()</c>.
+    /// </summary>
+    public static void MqttStoreQosMsgForAccountOnNewSubject(
+        this NatsServer server,
+        int hdr, byte[] msg, string account, string subject) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Get or create the <see cref="MqttAccountSessionManager"/> for the client's account.
+    /// Mirrors Go <c>(*Server).getOrCreateMQTTAccountSessionManager()</c>.
+    /// </summary>
+    public static MqttAccountSessionManager GetOrCreateMqttAccountSessionManager(
+        this NatsServer server, object client) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Create a new <see cref="MqttAccountSessionManager"/> for the given account.
+    /// Mirrors Go <c>(*Server).mqttCreateAccountSessionManager()</c>.
+    /// </summary>
+    public static MqttAccountSessionManager MqttCreateAccountSessionManager(
+        this NatsServer server, object account, System.Threading.CancellationToken cancel) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Determine how many JetStream replicas to use for MQTT streams.
+    /// Mirrors Go <c>(*Server).mqttDetermineReplicas()</c>.
+    /// </summary>
+    public static int MqttDetermineReplicas(this NatsServer server) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Process an MQTT CONNECT packet after parsing.
+    /// Mirrors Go <c>(*Server).mqttProcessConnect()</c>.
+    /// </summary>
+    public static void MqttProcessConnect(
+        this NatsServer server, object client, MqttConnectProto cp, bool trace) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Send the Will message for a client that disconnected unexpectedly.
+    /// Mirrors Go <c>(*Server).mqttHandleWill()</c>.
+    /// </summary>
+    public static void MqttHandleWill(this NatsServer server, object client) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Process an inbound MQTT PUBLISH packet.
+    /// Mirrors Go <c>(*Server).mqttProcessPub()</c>.
+    /// </summary>
+    public static void MqttProcessPub(
+        this NatsServer server, object client, MqttPublishInfo pp, bool trace) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Initiate delivery of a PUBLISH message via JetStream.
+    /// Mirrors Go <c>(*Server).mqttInitiateMsgDelivery()</c>.
+    /// </summary>
+    public static void MqttInitiateMsgDelivery(
+        this NatsServer server, object client, MqttPublishInfo pp) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Store a QoS-2 PUBLISH exactly once (idempotent).
+    /// Mirrors Go <c>(*Server).mqttStoreQoS2MsgOnce()</c>.
+    /// </summary>
+    public static void MqttStoreQoS2MsgOnce(
+        this NatsServer server, object client, MqttPublishInfo pp) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Process an inbound MQTT PUBREL packet.
+    /// Mirrors Go <c>(*Server).mqttProcessPubRel()</c>.
+    /// </summary>
+    public static void MqttProcessPubRel(
+        this NatsServer server, object client, ushort pi, bool trace) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    /// <summary>
+    /// Audit retained-message permissions after a configuration reload.
+    /// Mirrors Go <c>(*Server).mqttCheckPubRetainedPerms()</c>.
+    /// </summary>
+    public static void MqttCheckPubRetainedPerms(this NatsServer server) =>
+        throw new NotImplementedException("TODO: session 22");
+}
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttTypes.cs b/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttTypes.cs
new file mode 100644
index 0000000..bc37fe5
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/Mqtt/MqttTypes.cs
@@ -0,0 +1,391 @@
+// Copyright 2020-2026 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/mqtt.go in the NATS server Go source.
+
+namespace ZB.MOM.NatsNet.Server.Mqtt;
+
+// ============================================================================
+// Enumerations
+// ============================================================================
+
+/// <summary>
+/// State machine states for parsing incoming MQTT byte streams.
+/// Mirrors the <c>mqttParseState*</c> iota in server/mqtt.go (implicit from
+/// the read-loop logic).
+/// </summary>
+internal enum MqttParseState : byte
+{
+    /// <summary>Waiting for the first fixed-header byte.</summary>
+    MqttStateHeader = 0,
+
+    /// <summary>Reading the remaining-length variable-integer bytes.</summary>
+    MqttStateFixedHeader,
+
+    /// <summary>Reading the variable-header + payload bytes of the current packet.</summary>
+    MqttStateControlPacket,
+}
+
+// ============================================================================
+// Will
+// ============================================================================
+
+/// <summary>
+/// MQTT Will message parameters extracted from a CONNECT packet.
+/// Mirrors Go <c>mqttWill</c> struct in server/mqtt.go.
+/// </summary>
+internal sealed class MqttWill
+{
+    /// <summary>NATS subject derived from the MQTT will topic.</summary>
+    public string Subject { get; set; } = string.Empty;
+
+    /// <summary>Original MQTT will topic string.</summary>
+    public string Topic { get; set; } = string.Empty;
+
+    /// <summary>Will message payload bytes, or <c>null</c> if empty.</summary>
+    public byte[]? Msg { get; set; }
+
+    /// <summary>QoS level for the will message (0, 1, or 2).</summary>
+    public byte Qos { get; set; }
+
+    /// <summary>Whether the will message should be retained.</summary>
+    public bool Retain { get; set; }
+}
+
+// ============================================================================
+// Connect protocol
+// ============================================================================
+
+/// <summary>
+/// MQTT CONNECT packet parsed payload.
+/// Mirrors Go <c>mqttConnectProto</c> struct in server/mqtt.go (extended with
+/// the fields surfaced by the parse helpers).
+/// </summary>
+internal sealed class MqttConnectProto
+{
+    /// <summary>MQTT client identifier.</summary>
+    public string ClientId { get; set; } = string.Empty;
+
+    /// <summary>Raw CONNECT packet bytes (for forwarding / replay).</summary>
+    public byte[] Connect { get; set; } = [];
+
+    /// <summary>Parsed Will parameters, or <c>null</c> if the Will flag is not set.</summary>
+    public MqttWill? Will { get; set; }
+
+    /// <summary>Username presented in the CONNECT packet.</summary>
+    public string Username { get; set; } = string.Empty;
+
+    /// <summary>Password bytes presented in the CONNECT packet, or <c>null</c> if absent.</summary>
+    public byte[]? Password { get; set; }
+
+    /// <summary>Whether the Clean Session flag was set.</summary>
+    public bool CleanSession { get; set; }
+
+    /// <summary>Keep-alive interval in seconds (0 = disabled).</summary>
+    public ushort KeepAlive { get; set; }
+}
+
+// ============================================================================
+// Subscription
+// ============================================================================
+
+/// <summary>
+/// A single MQTT topic filter subscription entry stored in a session.
+/// Mirrors the per-entry semantics of <c>mqttSession.subs</c> map in server/mqtt.go.
+/// </summary>
+internal sealed class MqttSubscription
+{
+    /// <summary>NATS subject derived from the MQTT topic filter.</summary>
+    public string Subject { get; set; } = string.Empty;
+
+    /// <summary>Maximum QoS level granted for this subscription.</summary>
+    public byte Qos { get; set; }
+}
+
+// ============================================================================
+// Publish info
+// ============================================================================
+
+/// <summary>
+/// Parsed metadata for an inbound MQTT PUBLISH packet.
+/// Mirrors Go <c>mqttPublish</c> struct in server/mqtt.go.
+/// </summary>
+internal sealed class MqttPublishInfo
+{
+    /// <summary>NATS subject derived from the MQTT topic.</summary>
+    public string Subject { get; set; } = string.Empty;
+
+    /// <summary>Original MQTT topic string.</summary>
+    public string Topic { get; set; } = string.Empty;
+
+    /// <summary>Message payload bytes, or <c>null</c> if empty.</summary>
+    public byte[]? Msg { get; set; }
+
+    /// <summary>QoS level of the PUBLISH packet.</summary>
+    public byte Qos { get; set; }
+
+    /// <summary>Whether the Retain flag is set.</summary>
+    public bool Retain { get; set; }
+
+    /// <summary>Whether the DUP flag is set (re-delivery of a QoS &gt;0 packet).</summary>
+    public bool Dup { get; set; }
+
+    /// <summary>Packet identifier (only meaningful for QoS 1 and 2).</summary>
+    public ushort Pi { get; set; }
+}
+
+// ============================================================================
+// Pending ack
+// ============================================================================
+
+/// <summary>
+/// Tracks a single in-flight QoS 1 or QoS 2 message pending acknowledgement.
+/// Mirrors Go <c>mqttPending</c> struct in server/mqtt.go.
+/// </summary>
+internal sealed class MqttPending
+{
+    /// <summary>JetStream stream sequence number for this message.</summary>
+    public ulong SSeq { get; set; }
+
+    /// <summary>JetStream ACK subject to send the acknowledgement to.</summary>
+    public string JsAckSubject { get; set; } = string.Empty;
+
+    /// <summary>JetStream durable consumer name.</summary>
+    public string JsDur { get; set; } = string.Empty;
+}
+
+// ============================================================================
+// Retained message
+// ============================================================================
+
+/// <summary>
+/// A retained MQTT message stored in JetStream.
+/// Mirrors Go <c>mqttRetainedMsg</c> struct in server/mqtt.go.
+/// </summary>
+internal sealed class MqttRetainedMsg
+{
+    /// <summary>Origin server name.</summary>
+    public string Origin { get; set; } = string.Empty;
+
+    /// <summary>NATS subject for this retained message.</summary>
+    public string Subject { get; set; } = string.Empty;
+
+    /// <summary>Original MQTT topic.</summary>
+    public string Topic { get; set; } = string.Empty;
+
+    /// <summary>Message payload bytes.</summary>
+    public byte[]? Msg { get; set; }
+
+    /// <summary>Message flags byte.</summary>
+    public byte Flags { get; set; }
+
+    /// <summary>Source identifier.</summary>
+    public string Source { get; set; } = string.Empty;
+}
+
+// ============================================================================
+// Persisted session
+// ============================================================================
+
+/// <summary>
+/// The JSON-serialisable representation of an MQTT session stored in JetStream.
+/// Mirrors Go <c>mqttPersistedSession</c> struct in server/mqtt.go.
+/// </summary>
+internal sealed class MqttPersistedSession
+{
+    /// <summary>Server that originally created this session.</summary>
+    public string Origin { get; set; } = string.Empty;
+
+    /// <summary>MQTT client identifier.</summary>
+    public string Id { get; set; } = string.Empty;
+
+    /// <summary>Whether this was a clean session.</summary>
+    public bool Clean { get; set; }
+
+    /// <summary>Map of MQTT topic filters to granted QoS levels.</summary>
+    public Dictionary<string, byte> Subs { get; set; } = new();
+}
+
+// ============================================================================
+// Session
+// ============================================================================
+
+/// <summary>
+/// In-memory MQTT session state.
+/// Mirrors Go <c>mqttSession</c> struct in server/mqtt.go.
+/// </summary>
+internal sealed class MqttSession
+{
+    private readonly Lock _mu = new();
+
+    /// <summary>Lock for this session (matches Go <c>sess.mu</c>).</summary>
+    public Lock Mu => _mu;
+
+    // ------------------------------------------------------------------
+    // Identity
+    // ------------------------------------------------------------------
+
+    /// <summary>MQTT client identifier.</summary>
+    public string Id { get; set; } = string.Empty;
+
+    /// <summary>Hash of the client identifier (used as JetStream key).</summary>
+    public string IdHash { get; set; } = string.Empty;
+
+    /// <summary>Whether this is a clean session.</summary>
+    public bool Clean { get; set; }
+
+    /// <summary>Domain token (domain with trailing '.', or empty).</summary>
+    public string DomainTk { get; set; } = string.Empty;
+
+    // ------------------------------------------------------------------
+    // Subscriptions
+    // ------------------------------------------------------------------
+
+    /// <summary>
+    /// Map from MQTT SUBSCRIBE filter to granted QoS level.
+    /// Mirrors Go <c>mqttSession.subs map[string]byte</c>.
+    /// </summary>
+    public Dictionary<string, byte> Subs { get; } = new();
+
+    // ------------------------------------------------------------------
+    // Pending acks
+    // ------------------------------------------------------------------
+
+    /// <summary>Maximum number of in-flight QoS-1/2 PUBLISH acks.</summary>
+    public ushort MaxPending { get; set; }
+
+    /// <summary>
+    /// In-flight QoS-1 PUBLISH packets pending PUBACK from the client.
+    /// Key is the packet identifier.
+    /// </summary>
+    public Dictionary<ushort, MqttPending> PendingPublish { get; } = new();
+
+    /// <summary>
+    /// In-flight QoS-2 PUBREL packets pending PUBCOMP from the client.
+    /// Key is the packet identifier.
+    /// </summary>
+    public Dictionary<ushort, MqttPending> PendingPubRel { get; } = new();
+
+    /// <summary>"Last used" packet identifier; used as the starting point when allocating the next one.</summary>
+    public ushort LastPi { get; set; }
+
+    // ------------------------------------------------------------------
+    // Constructor
+    // ------------------------------------------------------------------
+
+    /// <summary>Initialises a new session with the given identity.</summary>
+    public MqttSession(string id, string idHash, bool clean)
+    {
+        Id     = id;
+        IdHash = idHash;
+        Clean  = clean;
+    }
+}
+
+// ============================================================================
+// JSA stub
+// ============================================================================
+
+/// <summary>
+/// Stub for the MQTT JetStream API helper.
+/// Mirrors Go <c>mqttJSA</c> struct in server/mqtt.go.
+/// All methods throw <see cref="NotImplementedException"/> until session 22 is complete.
+/// </summary>
+internal sealed class MqttJsa
+{
+    /// <summary>Domain (with trailing '.'), or empty.</summary>
+    public string Domain { get; set; } = string.Empty;
+
+    /// <summary>Whether the domain field was explicitly set (even to empty).</summary>
+    public bool DomainSet { get; set; }
+
+    // All methods are stubs — full implementation is deferred to session 22.
+    public void SendAck(string ackSubject) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    public void SendMsg(string subject, byte[] msg) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    public void StoreMsgNoWait(string subject, int hdrLen, byte[] msg) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    public string PrefixDomain(string subject) =>
+        throw new NotImplementedException("TODO: session 22");
+}
+
+// ============================================================================
+// Account session manager stub
+// ============================================================================
+
+/// <summary>
+/// Per-account MQTT session manager.
+/// Mirrors Go <c>mqttAccountSessionManager</c> struct in server/mqtt.go.
+/// All mutating methods are stubs.
+/// </summary>
+internal sealed class MqttAccountSessionManager
+{
+    private readonly Lock _mu = new();
+
+    /// <summary>Domain token (domain with trailing '.'), or empty.</summary>
+    public string DomainTk { get; set; } = string.Empty;
+
+    /// <summary>Active sessions keyed by MQTT client ID.</summary>
+    public Dictionary<string, MqttSession> Sessions { get; } = new();
+
+    /// <summary>Sessions keyed by their client ID hash.</summary>
+    public Dictionary<string, MqttSession> SessionsByHash { get; } = new();
+
+    /// <summary>Client IDs that are currently locked (being taken over).</summary>
+    public HashSet<string> SessionsLocked { get; } = new();
+
+    /// <summary>Client IDs that have recently flapped (connected with duplicate ID).</summary>
+    public Dictionary<string, long> Flappers { get; } = new();
+
+    /// <summary>JSA helper for this account.</summary>
+    public MqttJsa Jsa { get; } = new();
+
+    /// <summary>Lock for this manager.</summary>
+    public Lock Mu => _mu;
+
+    // All methods are stubs.
+    public void HandleClosedClient(string clientId) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    public MqttSession? LookupSession(string clientId) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    public void PersistSession(MqttSession session) =>
+        throw new NotImplementedException("TODO: session 22");
+
+    public void DeleteSession(MqttSession session) =>
+        throw new NotImplementedException("TODO: session 22");
+}
+
+// ============================================================================
+// Global session manager stub
+// ============================================================================
+
+/// <summary>
+/// Server-wide MQTT session manager.
+/// Mirrors Go <c>mqttSessionManager</c> struct in server/mqtt.go.
+/// </summary>
+internal sealed class MqttSessionManager
+{
+    private readonly Lock _mu = new();
+
+    /// <summary>Per-account session managers keyed by account name.</summary>
+    public Dictionary<string, MqttAccountSessionManager> Sessions { get; } = new();
+
+    /// <summary>Lock for this manager.</summary>
+    public Lock Mu => _mu;
+}
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/NatsServer.cs b/dotnet/src/ZB.MOM.NatsNet.Server/NatsServer.cs
index 73b5dfe..975b2e7 100644
--- a/dotnet/src/ZB.MOM.NatsNet.Server/NatsServer.cs
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/NatsServer.cs
@@ -18,8 +18,10 @@ using System.Threading.Channels;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 using ZB.MOM.NatsNet.Server.Auth;
+using ZB.MOM.NatsNet.Server.Auth.Ocsp;
 using ZB.MOM.NatsNet.Server.Internal;
 using ZB.MOM.NatsNet.Server.Internal.DataStructures;
+using ZB.MOM.NatsNet.Server.WebSocket;
 
 namespace ZB.MOM.NatsNet.Server;
 
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/NatsServerTypes.cs b/dotnet/src/ZB.MOM.NatsNet.Server/NatsServerTypes.cs
index aee77b3..9bc5d10 100644
--- a/dotnet/src/ZB.MOM.NatsNet.Server/NatsServerTypes.cs
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/NatsServerTypes.cs
@@ -15,8 +15,10 @@
 
 using System.Text.Json.Serialization;
 using ZB.MOM.NatsNet.Server.Auth;
+using ZB.MOM.NatsNet.Server.Auth.Ocsp;
 using ZB.MOM.NatsNet.Server.Internal;
 using ZB.MOM.NatsNet.Server.Internal.DataStructures;
+using ZB.MOM.NatsNet.Server.WebSocket;
 
 namespace ZB.MOM.NatsNet.Server;
 
@@ -213,21 +215,13 @@ public static class CompressionMode
 
 // SrvGateway — full class is in Gateway/GatewayTypes.cs (session 16).
 
-/// <summary>Stub for server websocket state (session 23).</summary>
-internal sealed class SrvWebsocket
-{
-    public RefCountedUrlSet ConnectUrlsMap { get; set; } = new();
-}
+// SrvWebsocket — now fully defined in WebSocket/WebSocketTypes.cs (session 23).
+// OcspMonitor    — now fully defined in Auth/Ocsp/OcspTypes.cs (session 23).
+// IOcspResponseCache — now fully defined in Auth/Ocsp/OcspTypes.cs (session 23).
 
 /// <summary>Stub for server MQTT state (session 22).</summary>
 internal sealed class SrvMqtt { }
 
-/// <summary>Stub for OCSP monitor (session 23).</summary>
-internal sealed class OcspMonitor { }
-
-/// <summary>Stub for OCSP response cache (session 23).</summary>
-internal interface IOcspResponseCache { }
-
 /// <summary>Stub for IP queue (session 02 — already ported as IpQueue).</summary>
 // IpQueue is already in session 02 internals — used here via object.
 
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/WebSocket/WebSocketConstants.cs b/dotnet/src/ZB.MOM.NatsNet.Server/WebSocket/WebSocketConstants.cs
new file mode 100644
index 0000000..a2e21a4
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/WebSocket/WebSocketConstants.cs
@@ -0,0 +1,75 @@
+// Copyright 2020-2025 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/websocket.go in the NATS server Go source.
+
+namespace ZB.MOM.NatsNet.Server.WebSocket;
+
+/// <summary>
+/// WebSocket opcode values as defined in RFC 6455 §5.2.
+/// Mirrors Go <c>wsOpCode</c> type in server/websocket.go.
+/// </summary>
+internal enum WsOpCode : int
+{
+    Continuation = 0,
+    Text         = 1,
+    Binary       = 2,
+    Close        = 8,
+    Ping         = 9,
+    Pong         = 10,
+}
+
+/// <summary>
+/// WebSocket protocol constants.
+/// Mirrors the constant block at the top of server/websocket.go.
+/// </summary>
+internal static class WsConstants
+{
+    // Frame header bits
+    public const int FinalBit              = 1 << 7;
+    public const int Rsv1Bit               = 1 << 6; // Used for per-message compression (RFC 7692)
+    public const int Rsv2Bit               = 1 << 5;
+    public const int Rsv3Bit               = 1 << 4;
+    public const int MaskBit               = 1 << 7;
+
+    // Frame size limits
+    public const int MaxFrameHeaderSize    = 14; // LeafNode may behave as a client
+    public const int MaxControlPayloadSize = 125;
+    public const int FrameSizeForBrowsers  = 4096; // From experiment, browsers behave better with limited frame size
+    public const int CompressThreshold     = 64;   // Don't compress for small buffer(s)
+    public const int CloseStatusSize       = 2;
+
+    // Close status codes (RFC 6455 §11.7)
+    public const int CloseNormalClosure       = 1000;
+    public const int CloseGoingAway           = 1001;
+    public const int CloseProtocolError       = 1002;
+    public const int CloseUnsupportedData     = 1003;
+    public const int CloseNoStatusReceived    = 1005;
+    public const int CloseInvalidPayloadData  = 1007;
+    public const int ClosePolicyViolation     = 1008;
+    public const int CloseMessageTooBig       = 1009;
+    public const int CloseInternalError       = 1011;
+    public const int CloseTlsHandshake        = 1015;
+
+    // Header strings
+    public const string NoMaskingHeader       = "Nats-No-Masking";
+    public const string NoMaskingValue        = "true";
+    public const string XForwardedForHeader   = "X-Forwarded-For";
+    public const string PMCExtension          = "permessage-deflate"; // per-message compression
+    public const string PMCSrvNoCtx           = "server_no_context_takeover";
+    public const string PMCCliNoCtx           = "client_no_context_takeover";
+    public const string SecProtoHeader        = "Sec-Websocket-Protocol";
+    public const string MQTTSecProtoVal       = "mqtt";
+    public const string SchemePrefix          = "ws";
+    public const string SchemePrefixTls       = "wss";
+}
diff --git a/dotnet/src/ZB.MOM.NatsNet.Server/WebSocket/WebSocketTypes.cs b/dotnet/src/ZB.MOM.NatsNet.Server/WebSocket/WebSocketTypes.cs
new file mode 100644
index 0000000..acf8fa5
--- /dev/null
+++ b/dotnet/src/ZB.MOM.NatsNet.Server/WebSocket/WebSocketTypes.cs
@@ -0,0 +1,110 @@
+// Copyright 2020-2025 The NATS Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Adapted from server/websocket.go in the NATS server Go source.
+
+using ZB.MOM.NatsNet.Server.Internal;
+
+namespace ZB.MOM.NatsNet.Server.WebSocket;
+
+/// <summary>
+/// Per-connection WebSocket read state.
+/// Mirrors Go <c>wsReadInfo</c> struct in server/websocket.go.
+/// </summary>
+internal sealed class WsReadInfo
+{
+    /// <summary>Whether masking is disabled for this connection (e.g. leaf node).</summary>
+    public bool     NoMasking   { get; set; }
+
+    /// <summary>Whether per-message deflate compression is active.</summary>
+    public bool     Compressed  { get; set; }
+
+    /// <summary>The current frame opcode.</summary>
+    public WsOpCode FrameType   { get; set; }
+
+    /// <summary>Number of payload bytes remaining in the current frame.</summary>
+    public int      PayloadLeft { get; set; }
+
+    /// <summary>The 4-byte masking key (only valid when masking is active).</summary>
+    public int[]    Mask        { get; set; } = new int[4];
+
+    /// <summary>Current offset into <see cref="Mask"/>.</summary>
+    public int      MaskOffset  { get; set; }
+
+    /// <summary>Accumulated compressed payload buffers awaiting decompression.</summary>
+    public byte[]?  Compress    { get; set; }
+
+    public WsReadInfo() { }
+}
+
+/// <summary>
+/// Server-level WebSocket state, shared across all WebSocket connections.
+/// Mirrors Go <c>srvWebsocket</c> struct in server/websocket.go.
+/// Replaces the stub in NatsServerTypes.cs.
+/// </summary>
+internal sealed class SrvWebsocket
+{
+    /// <summary>
+    /// Tracks WebSocket connect URLs per server (ref-counted).
+    /// Mirrors Go <c>connectURLsMap refCountedUrlSet</c>.
+    /// </summary>
+    public RefCountedUrlSet ConnectUrlsMap { get; set; } = new();
+
+    /// <summary>
+    /// TLS configuration for the WebSocket listener.
+    /// Mirrors Go <c>tls bool</c> field (true if TLS is required).
+    /// </summary>
+    public System.Net.Security.SslServerAuthenticationOptions? TlsConfig { get; set; }
+
+    /// <summary>Whether per-message deflate compression is enabled globally.</summary>
+    public bool Compression { get; set; }
+
+    /// <summary>Host the WebSocket server is listening on.</summary>
+    public string Host { get; set; } = string.Empty;
+
+    /// <summary>Port the WebSocket server is listening on (may be ephemeral).</summary>
+    public int Port { get; set; }
+}
+
+/// <summary>
+/// Handles WebSocket upgrade and framing for a single connection.
+/// Mirrors the WebSocket-related methods on Go <c>client</c> in server/websocket.go.
+/// Full implementation is deferred to session 23.
+/// </summary>
+internal sealed class WebSocketHandler
+{
+    private readonly NatsServer _server;
+
+    public WebSocketHandler(NatsServer server)
+    {
+        _server = server;
+    }
+
+    /// <summary>Upgrades an HTTP connection to WebSocket protocol.</summary>
+    public void UpgradeToWebSocket(
+        System.IO.Stream stream,
+        System.Net.Http.Headers.HttpRequestHeaders headers)
+        => throw new NotImplementedException("TODO: session 23 — websocket");
+
+    /// <summary>Parses a WebSocket frame from the given buffer slice.</summary>
+    public void ParseFrame(byte[] data, int offset, int count)
+        => throw new NotImplementedException("TODO: session 23 — websocket");
+
+    /// <summary>Writes a WebSocket frame with the given payload.</summary>
+    public void WriteFrame(WsOpCode opCode, byte[] payload, bool final, bool compress)
+        => throw new NotImplementedException("TODO: session 23 — websocket");
+
+    /// <summary>Writes a WebSocket close frame with the given status code and reason.</summary>
+    public void WriteCloseFrame(int statusCode, string reason)
+        => throw new NotImplementedException("TODO: session 23 — websocket");
+}
diff --git a/porting.db b/porting.db
index 075a6524fe579d2545912bd1d9f0088ec07d618f..78f31b30b7ca5931663b3cf25acdae25932b0fdb 100644
GIT binary patch
delta 45886
zcmb@vcX$)W7B_5ZS8Z3jYita*<zBF5BWz)8VT>`x7}LR&&^v?>AoO0$%94RV0E@sN
zJE7&KH%LM0AtWJ$03oE8n?QOcgqu#vcV<?W_W1qY|6cNhhoAP$?36QS&YUv4X%jJQ
zg8z3pq{NsQ<7D`MQcO&YxjElsNIW|I@PV#PF^asz2ESdAm&=bTgOtn49ZIv(pe&RR
zDIO(P{y=_NF~~dRTjlMKb~~6RljAQL3U{x1NNJFNjG+bDpD!dX)i`U>!o>^bET1F&
z1ixLU|HZlhe#z1QV$6qMKG6SSce0vd4(Wds`@@e)d`z77O!xQTiF!K8s!aO-A=;~_
z5w=6|wfbLd1K}69{ueG^c|0a=_q2!W;vdrg&L0HIa&q(~Lr<j&J;?ALId;Tg*krN3
z6Z3~rjv+_tO^Kn5Vx!eeHkr6&qfsIK%Z%H}NfS59XzW08JOCEkxap*encGN?nYfhD
zeLaoiUWtcS{0lYkUs{?ht1UNLCR>Kn+Pd*vA}5eOm&`fjdjpr;VA^C_YWl}?#q_D^
zEz?QU6Q=vj`^-0+*PCxLPdAUUUAA4cT`(4yW}9v^?J)N@mznd;$>zIk$CPeLh7zan
zwtH+Xw(UYcp@+~#NL0ovgO%Ra>#gIhgRQ-78*PhiGlh}X{nlMpuXVX?jBSARl=Ug=
z1Gb*l&#mv+3T&<z>s3Lp$+o|2Db{Y5zLxHm97`vQ)tX_Av+|Z-Enizcu$-|xXE|ay
zY<r0;9%;&IFkUuZG+r>iWISfP$Jk=r&cDZ>=ASX!&3~G|H-BtCZ$4puOkOSDC{LD$
z%YEhUa*lDMaj|ixag1?*v8VAb({-kSre2m?<-@>;P0B9Ct1MTp=O5w^@&Vq*uM{2;
z{v+%awg_v51;SM20cAgbgQ=@2P3$O|h2MqF-wGcI=Y->?Sd)?eS)3>i75j+AVixIE
zZ%b?7Q+Ydgjr&$Vug2>UnuE|9guX}UJA`nZ-=Jq-hfxDtG{&#c!?zK73!yg=x`5Cd
z2%Sghb%f5fAv0aG#veig$IUl1SlWJOzy6KTUkF`8=ud?HK<GV$-bLsggq#g}$i*WR
zhfoKEYzSHP$an>z9}&8Y&|0ZMC&!F8poeo2T942=gcc!m6G96ST7b}eiED_8QR9v1
z;XH)iM`#m5Xbg=T(X$N*tw3lwpoWMPH!edDmm;(Tp~VQP2z`Rk#|Zrwp^qp^Y}-VP
zAEJjJkS$Lt`Dw<7(XU8G8y_Tp*|>aCX5$JAe?oLmBlHwPPm(TADvKH(KtJA!&~AhR
z2sI;g8$zuJwICEk=n$T>gXrM_g#Lrj9SGfx&|L`Ki_rZD-HG}BFnYKjq1zE62%+uP
zxCcGkiqIB>He<f`qKD5Qv>KsR2(3iuK7{T;=oW;w1Jd#RHuUgjg!btX$0NicWJJh-
zP>dcK|D~uQ!uS8^A9Aq>DG133NeI~y5)l#*N@S=cth;fY(Zfy%B_Pz1+#qrvHyF?A
ze>I*#=rx2+BlIdlrx1Dtp_2%`j8MZ%2)>BW34~ri=r}^pBlH|X&muGdq49X(jzbTx
zLuf2QV-OmR&?toJ5gLim2)uBIqld!~8j8>mga#ut2%&)peTfjL{rU~-bM){tgg!;+
z5<(Xd`Wd1BA#@d?X@GPKcPe@~1)<3ZO+siQLQM$y5%M9_NKtg*?m`cDBD4dc-x2x^
zp<faDMUOZ$LMDc)!wc6qTmR5F3!#|^%|K}Su~^P<u*mWbNTq%TuAli!)33JM#lEH?
z*3Ycj!X9OS+{7Q2zO`7*siy9{kNcJ@F+3K^ypkHnh59|pO*bfNj&FE}7(=P#&Py^H
zQpvJsxEf-7)|g6uyE|1PolkQ)iQV13O5DBN?ie-CHxP(DlH19M4?n@xk{4X&T%tV5
z6<FKoLcc!FT{Q5*nwVkq*fmH|d;11MxmqZfM_)4Zd2Td`yPZoT$DikVc5W-DmiYz&
zSv8PlQ?f5Y+z8UWKm4oMX|~dLn90m1IA`QV<n|}Ik9hIrn3U$~L<L$mMBlpo&q3>0
z@sZDQGV4mTWZ$PbKM!Z>+>krgoM}u_6MZ9~uuF2M)2?~alVVCrtktvT6ZIJ`o&5bY
z7e~CJF`c-d;R>TI?(G|<?^xQi(6R2@_*BAPdEi++ZJBSVzIT_Nh2G746nY1=o{Y9Z
zkl-j88?)DCYnA_y-m||YzHf{*%#GPg5|4B1GT@;)%r_3|878@ts*J`|Pi7Tu>9XZZ
z=ge5xja)j;C6QN;bEV{sC;2S0>p_c&eDVS(lBbWu7~IcUGdr@mRI_~7K`m~mg^l&f
z7q}|YPc}u1IFs9&L|@w1H&*Ltl7~)B`U&VLA{WWsC%Alvu8g;nZ(3Z8p+>EAr@CpO
zuTF6HYP@yiMXoohKE*c`s)x}}bx=y~C9Z;ex<$&|>j$&N;+ME|RB>P56sWk`+u5C3
zM9KFj@}0=DFLBQi;|>nSGm)3bJuh?J&?^dkli?M>yQ#Uf%nvUEcRcbTpGo?D#97JI
zlUxBJAK;q=<b!~mb@;$ZZX6l)n>k#2%UL+qyI$e)QJG5LL?}}OWmta~yu#J9UTClQ
z<`u3Obz_-t0(7IQk#ncIph+S3Db8vjS$><=?fI{^t3J~=5~?qe+_`M^-S;Y2O_px6
zq?1MWrV5O|_0=~jzVT4~u*MGV)CyYt=+j)Pf%F>$Ya7PjPLBTz>*?@oT#>$%y4*Jg
zO1acrx8wr$BHz5mZ6#N4lEUNEVB}5Yjx(GyOE=T%2H$Af6P0sIRq!fLF5^j3e-@aL
zKg-Rd%$P}HKL$R$?JU<r|3YuFZxocRQ0KUvsdQq#KFd8$E(}ObBe9LiX7bWG&V}e>
zeD#dp9j3Rv&b88|8I}@fUgx?d>DtEDlVPt*Ntf#kdqeVh&TpV5DYe2k6GpSB)Sb#+
zd-x5QEa2!&Qk=jGB=Z8-H6r*LJNg#EJ8K(D+^HpWDCb<@x)_KzB`rLZp*J}<;)LnG
zo1pTF`R-IF?bE++a;r5?U}JFCTO3|pwZ4TwURvi)WsC94x4^{o$W(K9%r{Qq&1Ci4
zTsC^eP~QS517d*9E_vi_ZW1~Cd@37efmFQ1l_2s;-+UmC@TUJA+Fi;EY_)Ljaz%)I
ztnWr39}Trv(+&)Jmz$v@fA?L^gUCnt<^lN#Ag`q4x$kjPbmR}e$Cb7tzd=uajgoss
z7<(8Vfi%63Swvmun+wD5Q47Os_rm+!t(qWVjo<x2yWyPXyB?}9T^AnCH$ULkvf%`2
zVk2umY`3h2`{n?3H827bCQp9I&C;#(K_6i`;_d944dl}nx>JYIuI~7VyItcOCP&8o
zm+OPNn(dnf<RE8L)9G@0;J;ko$ZEhtUhkU$ltoLz40+wh+#(%A*4$*t>#S|Vz`PTE
z(`l_6XsytQZl7?gG}#9$TOt=e;ks1n)_?%~{*&=S3?~@>(#(0>0&XfdlIzFy;JR>$
znr%`3RsI@m#%H)KFkHtM=O&u%1MR)+T}ii*)=nwPRpoQ#9eya^hcD){_>R1p`yKR&
zkEjWdfX%cc*)`JEk!-3rb!v#35y8|5CP(Y%cBA;S_@(%scv^f$d`LWK-(lZmUuvIi
zzfS5ejgqEI>!q8debUX+3F$HEF6mF{d+B58yk<_6JIPkfc-UrUG{tHLOM99<)_$A(
zoP2~k#~tS$;r_$z1uG#bF__~?#zk%)x$P2{LUoWcd%GCzBtzut$nyd>liaRwDGEBb
zaIcUHHm;1onJN~a&gPQt7U2H5pTq8zp>Phv&19nyepq7XdXhr00h3xIH-Ox0hk6q%
zTmktX4-eqnCX+wD<X$9C@ti_FF>(dUHof-7{X`0koP%_LrjUxSLFn!0Ve_i9bFyJq
zDCHY&mob(@W(cl@d|=_6211TlI1jnk#7Rc(c`{rEP+^7Fx!|u<bmr&KnV-9j>@dMA
z|7(T@CYga#PVrnJam&zXrww4T4Vo(1psJs&(5koTU-w(#=`t&n7$E>0L}7&jFjs(o
z-D&1h3>9Rm00ZKexk5a2wWOB`8fW96?xhM>m^&Sf06hdmj8@!KDylme3W|yK3YTdr
zFxDB8$)@Fwt<-N3M_#?cO=W_++;0coFM;)%NqN8QCvGhH^rTtaG@t#6%ZkWtZ(qL%
zf@6rf#+_PDX@C2PdtJ8!UcK5*(5&|hKwqkYoM(c#&;Pi+Q9-=-=XP>tpx*{9sf3mk
z(%Sp}%uS2vH*9~ENU)1JJGyL({Z=U8f&xs<QGNjxknOFT);mOU%P(9Ok{v_+79fv^
z_>;eYh-W+L#qPX9#{7yUlRD9F2J%5rJ5yPLzjE_6p|EQq-+`3=){flcHvxGSNG7U%
zkhQ;Y!?fBn7J&ZL>$^CS)c(e$p%(S?^H8Q7UcnUkp1+4%#Pqb6f9G-$_4R%Zs4G^5
zcR|A+;51=7HPb)t|AXtQ-`UlLej|*2iRuW??2mtNTeKFz@F?WIKe<d){Ybw7s&}mj
zkLIU;g222w5Y`Z@e#5nPt;zGp0C_|KeDWG7fL_^>M$-Rkw|jT?H2`I{<dzs0%>9e&
zP9FIfG?-!!ZzCuFYPW$5^=+gTj|lHhroXxC$%+Jfcx&DFH|NxM(`)r@fNoZ*>28T_
zmhb<~?a`@;E&p(3X*%KU&GfAY`q65(wikPHt4WnFEtA;)h2f#x1B0JJ-ujozaqEiF
z#U#f(oM72wo@biP2e>k0e9Xhj0O<w$r{W{R)3y)5Gc=US#;vj5>Hc_lMZGuAol5n$
zJ-zwwwJi`hM<&-9_|ixZyy^ZppsiDD+^MBN>&Y!8XNU4h<aq;st4^T?MX`HyA&&QV
zfI{QECU<HrWwuw1{3SATdn%i&4&+0QFO43mhWle-JR=)&9?#FxHbP(n8wv4zw`j!%
zzrtE$(ON_P=J|k5(|XRt7e$Hl{W1`brFujSZH39qKSKKDTQkX~!JzYfVdgzi;!M8;
z#3R(Auujv%!at-DvyEQ1@?}xtB!4mxm#Z_v3*)qvKdQ01b{Mho_;fMRp9EbjftA5z
z*f%zQC7C(T7FPJS2|PMUsf+!IP<<un*P5hxP2ih|_Z~;M;SC~R7?~iLcdygm8R)Cj
zMd7u5Lgb&*6fD+uro<n$^N26i@%~Ow$VFemq|;S9G%Biv-YW6A=p`Hd2|!=k=+T5_
z=naWaG?1mWptiF0nxgPnoR#=H(oQ?0%eymKpzu9)Yy4e>&+Oiwi;d}dN}il){~Pp&
zPQq+ki*<)(zxfx_4cx!RuZ`&-1VSBx(l7(vC+=6&T7N#g#yQR{G2Oc`jt5=z9vEA;
zdLNJD3#0QE>(66-UKZ~2?{P56FLu`W(oS}5aq#4wcs>(#e5St(6e?*1W@fXebmafm
z`T$3VV*T1}H2ZUbw7jvL@`Vu=OCCAD-qA6%Gl91lbp3v{6Q6@*Tb4fuI-#kJz^Qy^
zzAC~XHnO-g-$mafb)G*P-s4eW8L-psL!EhVWHH*vltet&UXwoy=&RMt=m|PVPOQ~V
zc{VaTiN}ZM8h<7<rw;ZCy5`BfN&Hx?^%?up1kyE`FHY6Xnp)`30P;3b>&eX}4<vzz
z*qO{bwUyjfOdwa1dA!9`_|u_m-V}Fg0)17kgH9hkm$5QO9DIhp=iW4b8uX+}oe*aA
zuO0lOI%(Rs#bF|6QrdMt)t?H5N>$i8n1q*7`H*gBx{}J{^I3yG1==(WxP+dhNpTv#
zL$}etmJYk|h&0|x_N_|8of+kKK*7pE;dNV<&d<{|4hp(@>Bdbm)qn!Dp5rUvueC~d
zxu3Md{)K&zc%Shr;eDa6ZIgAXCDqu=Ty9vY^jFBy?;X{ljQ5RpL!8>nUjT0^ce$N(
z@p_yN@^m(zOyaZoUL?=}jb50|mqcZ37k^J62ZIZo^5Nm2EWS7Kz7Ja*8|6o{_^yZ@
z6@Pai&jagNJSA^-@}*j>Bb=}!{^;a0qg7Y>3xT%6<t}7mWM?;iLZk&2q7?D2==$UR
zPMC;V*zz^Y;1k(=3*D4ia}&ts96rac8=zlFhxd(F6?MA5oW5e2JDsT^qjLH6WcPAY
zDq+p}Emyz9EBzjLMTNI8Ox!Pne~)&R5esB>_l|ZlGLuh>HY&|u1|{;m&Twygb>Uwm
z#$#<I^78nMXm5M_OQ9)X+DvCQpQ(BLXmU6R){BvJWIoK}i=wm%{vJSE2(+E)C}!sK
z<>c@bP*_;A8}s?>NF&r?{t{?}Q#H8L**bVGpI;Iga-9Xz;deuwMNlUj?YsiMGD2n}
zw-oTX(f23%i-8s<o!L0as|9?8j@DJk=R|39{Y5~VR~{aN8w&X$#JdAdunk>#JNcxL
zPm9tP`?~>cCDh9#ZpW@bdvz4_5NJ!IU0UFGL6^!^#huQC)S0gQ7ILT==ve<ZxcGu-
zorC>dq0ZceZi&%8=i+CFPs3CP8_|uATA(ylXK$MPm0WBeDsB<Ba`TO%p&X2+$;Esg
z-4@0wYPz2qJYk?Td(X&X7$_!J*p~QYG2bQn^5K4J?Tlz3zZQcA(q_UE$Y!^mg(v%|
z!K~UljEYhipEGX$iniB+mhOqxInO^D>a2p}JzH_zO85qyiR6P4K5FLjTKtos&LLEs
z({qa_x14PEIa0}%9<U`-yC~V^cO;TtrF@QlyYW`|CqlV86)YcZy4gAppF;MO@(*eq
zi0=QFojC&8P{w1cQn`Nuv@&wI3YCGNXF33Ep2&LXll;`YSm_7rE<OE(R(tq644T#m
z`gaGy>L2`~Ei<vrYT-5e$3c-AH8pG?-CoXzcO7OH8`Fz-p>1Tfe-t#P9z=WCs>n7^
z@^CNyCU)Y}^o)@e?RK9^e?1gyGj(}#-H~Dz@^}SbLb6V^=_pXvLb7`ES^7Ptaf*K=
zw6okdPt)c?lY8?k4CJtqqBnvX`|w?mj4bvu4+5Nx*h;MG!;jFZPfzt}r#{8`hr>&T
zsbIvepwi&CKK#MR@udSfRmB&V=tQ4n=^7Jj=#XHYW}a?3ARm&p+MgC*5ki&?w)bov
z{z-0=vBeNFbf6OQ8%53XuYxg%=no(C1^ppv-K?wDi-l?al|Wmx#w{@eSYtK6Tt}PR
zk9S46c&2{^(AL&#hEOuEAHRZ(Dzk(wclH{+x?SpD&ZZl<k;%r<HT)^vlB?^_7e|G|
zO#d<<cG2O`wvGP$rU>WRNbg#`aH{lE>tx#ulU22Ry>>uj?EP~sUmR`mKtDB2Mh@u}
z1NdpWMw}eLyYxFuJv|W(Q`D*c#Zbz%A-q3U)WMiAZvi`ld{n0&lQDj3&8&rqr^aED
zF_53DoA^fu^6qGBlKo48HW&6?Ce{WF;(O>ciMs~z1$s^doqP$5O1hflmYAXM>p{>C
zYV4pV7G${h+Wgc;T|<wFY_wk)%-^Q*)5QgFh-)6gcSBV#^xp*Z9+1YG%J}XOI8(6W
zGdr@}JhYt-ROhEQYENyL{Pa+M28r7XdoEk;lZUlq?+*S2Q2hv6Jv-$Fhw=Nhp0YFL
zoZ&on1C0022l^^1Mwxs(I-LJOH&3TW@ZI#Xf!T^;UM^Og@&@Uc#KpW!;zsgEn1N`v
ze?4t!gFA_BM{kVeH`1EIuC0q^*-RSh_2NFuzX1wF7RxjBuvnr8pS)3go_^$fNljL0
zYP~;6lS`rNNAY)tm3hX0pmXx1VhoQB@I_73m{Sh>4?PJG{}_ItCXzvv3*_3EcEjDX
zi5hc?s>0h<#aRA2P4YAM#PehM9DSSA8=6eera~1CSIjwdZ7jc88@^pz!L;<#-=>_X
z8EQZiwc<p4Ti;yAkJHgE8iyslI--e#y7TD4kf|b}as1*iJ#G5f@q7jngw7@-Z94Ec
zlPBB9^L?~~GwbQ)1#r|hPT;fk?e`9D0<Vn0=>-*==|+_k_;0o0VGC}|L@c7!wM`H+
z4BQT9FvjgWCi1uF=B#cKUyRyR@24i6h;e<#Bz{p?x=?RV;pBG5uUtPh>42+EJK<eF
znXis?K_MSZ=CLKJtA8Dk0|QB{F>zD)zS;mWegOXsZcJbQS|Bf+6rQV>r|@BS4-Ak<
zdfe5{&Xwz5qi@XiskAW>Pt~=l?e?LO{?(LxR=Djwr|}DP<QJy#UE=lo3N^aMEH4gO
zr}MXn@}Q<fC_Dr@&J3n^%m?M2ne1TI#*uCd+MNqMO`U-}VnbZEfFBl-Ila&XWHogH
z%E%gXFN8J5ytPnq31WrXCTdq03l2feO7r1D{`L0C%ZE4dJy7*Co2YG}3OdcCN0&u>
z*x|;O%b7)dS5epLV~cr1MrZS%F>gW8ws}+}(i#Gq?VpmT7U!muB!i%k@qOiyERLI8
zw@b<=8|!U3#9VLcLZ(CTv0Wc8P5RbbJB_p)w%kf1!1b;UF(CTHm0C<Vb*C_=1-L_K
z^mUsP#6FP5VcYMs-)7%ovD)9VpR_+={?mR1TrZ}+WO{!&f&6enX&_IZR2GwEFDf(1
zt~1I@$kuM(NVc6+lF65^DWQ;3D|a@K>juhoWZ?jLBdHiDD@OYc(l_7OuR${E&F&J4
zZ?pfYe`ZIqz;+b-V!w<ie?aJaguX+l;S&TuM(Do?eT2}52z`JM3Qx16@H9Je^VnZO
zQD1fxpJqq#X?7HzW=G*^_7mv!C_K%M!qe=}Bg*HbGM&%Ej^fkoC|=V3G%83go>EfC
zq*IDq7eWtU^NTuB?2jY#7($OC^az=JO363cA10r@0t~h2q~dHqp~?355dFIdy@Sx(
z2)%{Sn+RP%=naI<<EeQaJv@gH3S6|Kz(xCOi1J&6zCq|~guX%nd3F>oXNPb(-6*4I
zIXjA$vww;xQM8;LMa$Vy^q3u@$8-UCb`(BlM}c*A6j*0RfpvBiJ#D{&8uOzbNf0!q
z>(ak~q5*mKf6&9f5&8?EYkDME5JFLJk{0#WmTANzO3r>IW(?K6M^aC%+3t>sF`T2Z
zS*H#3htRhJWDgu~4)WX){<86}80u)w3KfjBtv2i#D9k2@>utX>!l6@5k0X(09TGY{
z#@18ZY@BX_|IH!ebj!a*7W0Xi4{6TN!Ns}B*0z)!>grA;8TB@=(H6sGzEQbKx{fsE
zPozmJTE0zNE)MljQ-8H`N_mQ=t<cmK&7%$;?0wW*&aKt_?BLg4Pkqze7U?GHr<SI3
z=cG~GM^b<Ap#M(R*PHs0z9VhjGpMWF`i_>g)0V~q`!oAPhl?D~HFj*Uexe^bE0UmA
zBtfl6f?AOTwIT^>MN8j`mcA7&eQN_+`&P8}t!V9A(b~77wQogh-+CT(2`zmqTKd+r
zNJ?1I+P4Y%YHT)ytO&&+)B&MbgcO82BPn6)gdQd!l#EakLMaHPA(VkoCPMv?l(1E!
zhkX&MLZ}Zyl?e4lr~;v02$chhN(oy}^w5J)8A7E9^+2cuq3#H|5h|uA61HnALJzwk
z<U*(`LWKwwAml_SAE7*k+QN2iUC_f^gmMtdMktH)pJKYqTbCOagxm*BH!um;$5w}k
z1|U?6P=ADKKs;=xqH_xqfc6Qd{(OTi9nqvB<UlA9p^gZ}BV<QNL<q@TTLao$tpDms
zt!QttqOHw}wl*u;+N@}6v!bodinccEWh^6*a%%k^H3liCR-`Rhk+xt(+Jf~fR0~oT
ztY07*VMW@46=@4rq%Bx4p-R!NYel=R745p#KT)|qkc_bYjvgYV!wO1AR0pskox_H<
zavR#pZD=dEp{*R^h&Zr5w<X2cjQUsDWP~I=vR-UDXgPM!${(@*X&eIy%5oDazGTjd
z6SmN_SldgsV_N#FZ6i59($tAezsO~!(Nx=LA}h^+rFpNmo{;UDVw1`7zA~KFMw&Vr
zA*gNeE~!A)=dGIWBG2uTx{}y>ThD&5gFgT}`6;?{(<ENyDoul>2RbcN*L0iZImpJf
zw<!zy%w6pSN!It3yVCPwh7H2n%A|ZLSt6MuGn~`~(S@$g2HVT}F56y0=tYE1AoK!4
z#}RrSq2~~K7NLe`5PTY;rx1D)p(hXuA#@C(#}RrAp+~W-eFQx`iqMhJ7EZ`CDr5D(
z3S&r@(IzL!GsC~`H3=KZ3)h)mB)5*HuD{Wyo@AX_kVChOHI*0|Y=iVAZ2^Ru5!!{&
zPK0(KbPGb;5!!~(tl1bMG!vm22u(+58bVVMnnJE0Z@SB9n@m=ZGyNIj$C$Q2w;x6{
z4<Ym*LJuHxKSK8*bT2~pAaplE4R;|p389GyO+aWoLgNs+4k5%5wlV10Xe9V;qtL^8
zghnDX0-@mu4MS)sLPHQ5j0C^!PW13U2;G6uVT2ALbP%Bf2<=Dcb|m<1x1oov2(=&-
zL}(vE1fjhM?Lp{PKw?zz?<U`lHaW;QqfIjTkp6X+{&jS;DaA1C*mRrWpam3{km(;d
z%Ne+|y`Mrh!s5lbgN>$tA{Mv=(tD)obm&O6{Dd*oH`aV!I}8evKnxJ4DoCMZqp-jb
zde0*CFocqA!cLAnY8D2NL$dHU`Q8iy;x@Z5^H{849%-*HP+VLm!{wO2V(LlUbfGu(
zA*gxH)Gb>gImwdETs)aST_~b<Nf)_zLg2}{=|VKnMxEbGQx#llwlj$ab9-Fr<VtB;
zN0L25SU@iQW^|G1We{P0YKD;3NoQ^JW;WB5g>rSFlVpz1jVJb*!ky&mCYy^~nkl&S
zr0Vo$>UzvmGo9q8UC^E$vxJ4@!VFsxd2^P4!>JZD(>$O#k~3)>bvxN-3t-az82sIT
zpA+n)%WNTuoSrS<c$D&H>IAQWGSojz{+%rhqrU1qvT}~l9T`;fnx_CI#85d{jMMXT
zgbHE|*fUAm^+L}CUGLQ1%`~y57Dljng)N?}yI!cKNi2Ef%j*Sf*`3x*-P#kp@y?_n
z)Cc08D||&QyLqJF4ML^f2;3OcOg-7NyyecMvCz^Gxk2C{dF39c_N943Kh)IT&D3XI
zB{^C02}!+C7#z;~vWnu~A7L8z-Y8&aOjYxEC{hhYs_8gfyiph$&f97$GHJfhLq9W(
z-I~Wjiv~5$a+2zVwD{2D^M&GY4#@HRbeY626x^r_6PsyZK%KAJnM7^rp~(w{`37<!
zAtjZt0>9iOV7I`~X6isLsdq}ukJx*WFr9ShVuCEW1A;(aStPjgbmLCBSB!Zj&AQNX
z!hBr5M@kc4wdI-S@&(54$kErN`{R8X&Fi2At9-T2DjM(Tsj4CF4MJMzm&L+*7O9s?
z7Ow<0xo@dZ9`VF_dp56yQghToXBG2iblV_gl9Xk_?OLn~D=~GhU?#sW6ADoHL0R(}
zD7jEooK-Arp{ks{k38oC>KV(0X7b2`(4B`H1TeB}f#2LK1mu+Tj%r>FHOx}yIIEcN
z=-++t?u>1Mg&bHR93`X9!DK-L2I>b|UDvF+j;ownFw^;!@FvEqBj-cO?W+VF%$Czk
zeXvEq+RUf=#wwv)^Gt5KIi(}%vs%bQ>{Zgd1jx&QoVgQ^`cmS_&ecM(=ICH${<m7_
zsvilzqj?qdV}8>#XBCab_EdT3NaTj5tr30&HeRcBBZ(~D2o2n`4wv>0Z(d1Dt1xf6
z(#6ESUf8d(DVqc+97ldxFQDkeMy`1U6rSU))}}86(`Peid;|lZPQG0)h~$;sLYlt8
z-uh<htDmcmb5>F2^Hi0v29t{$g@;I>P6%@fYwx)Rp&+vzCt8dh>~bgjD$@?G*w{h%
z(KePE@2(l*y^a9&)J>vHL4&nCRe2gyRH%ZV9NyW+4}YjaG=|kTvAF>XjcZDBR?z@G
zPgOQ66q@1{P8xJWFxe+KBb>Xrrg<ZjnzgM?$2}onJ}0MzBe78f#)~@68{-2s=6sU3
zp<U}3%WmH){HA%o+De+qiJJu!2HR)|P|xL9??Pu4m6V}>Zx$4g3p61ON@bAY+l5U1
zP&Xzv)A;WxjhwTJGL)yvsrBui?SjFe1w})_6!OI_0t(P=oYhPN!Dsm_`tH^35C%o3
zH<7%$Qz*)AH#xSLcj2xe>2{&F^+!uC_k-y#lZEun$$UPxDK0>xx#w*e?W|%u!ukCv
znITiNu)?T~@{yf_gFL=lh{pbS;{!D0S~W<{s$s1C!?X!ayH&VR$J#I4D)d3?=%zpi
zSV!}qSmaH_vqu=E$!a#jC-w;4^<(AD3dGWPiBO1ca-OPjk#|{1>0a1&ANd{P@>t;y
z_6jxn!i_Zn8t%QMG1XZ`Ll8VwmD)gGM}#b3BAQst3Lf1jl<5VEcR+xKe$P^eMF;w<
zCQz;fh5q_?G))ZHfpp<kST}l+7h2dNJZ&Ub$F{wL3Cy{-V{zBmBS7<0sv6g6TUY48
z+l6Y#0G(rl+<~@@DD^<Qy(=>yz&N^K?_#dbxd()vWa+)yHqo=N-PGG-R%FWWOOM;{
z5mSZr)~@C>{&#MSahhRh%nE8Vg21@Zfi$SEVu&+|C48y}g*m&u>Cl3*v?P*#NXU&W
zFt0s8<7TVXDrYv6g_92n|IuXn#XDh(Dm*OUjE<WEDYSp8&6&*tH5VNgHfxcT8HYg%
zeai~n(QbXD1{`cq=4ypJ*&s0P5)wk|?-0@q+K{r+FaJj;F<>+FrUz&cel=_!TI;NL
z3L!1TuI+88bv{cV3Fs^R)y`}hj1%g1mvAV&l&;(@^w7_<Z%}|n;16p`aAs5P^<<aQ
zMx_w@eS$SK>mK2;aOfL*)1P;P0yg|U0mp|W2dJ+cG^*?*sDW&|4>T$kQOU~ubf17C
zIvV)^4aavkPSfZ^uKR@?;EnMRF3Jk5e*hQongi5tUZl=*W_PA9c;W%!ZcXlQdQgZ4
z7t)bR4Ri!jmp9d!oj^%neo%Ox1PUR-kX8NgLjnqj^JWBSen^p*b7~<S-#jEd9?p?$
zW7D$_3xx%G<}>{_Mu@30i*@D;_NU?Yfz8}y!#^=q@;YfXWTueJBle8=#)<$9rLXeY
zv<2YFt|B|06FQOSj|!I1#3Mp}c)}yA;pFpzOrJ)XvT;Fx#n}5cI3=cM{dJUTH!NN^
zQta+W1zkv3LVyO>=fVnNL0FgJVMNiA$*{+SE^%!=QS$=XKpQz9Tq^|yzo}1WnXIpZ
z)b#XY!1htif95eE8W;jav!JL4lx-&GL8YIzP)Hzy9~YeD>dR6dx&3jWtI+l)@gGur
zFsC~;6}=F<Wl11|4$MxIGsz9Aa;Wu~VCFSl`L(C?eJKghaQO;&36lnApAl-wC?6ax
z*!g9^vqC}S4KXn!<9x!?f?6J+(fpt=lNS~^;)&xK;6%8N!3CjQuqvCM(d}^R`anK3
z#G{r*d$Io*%+R4{h4m!xo)T7OUw;Y|nNiPSUBtUFK+`KK8xx!?)hV>?Il&GyN<)Jq
zQv);Fy{K&vfH@`eR7hO9oS=B*Rnk3nAKxNuwH>fN%e?`qkN3n}wsIDTe1FMsT2RXZ
zG@iN=`jI&r&PsnB2Sx5PH{|G_KOv-%WiJSskw_Qsh5(JH9^nP`z5cy4Ml6%dCt#tz
z^@8vbxv*C|^674)$O+JxcTf{Gp3gib^wPHVNYigVCFmltYXdYAyAEc8vLPvYQK%;~
z-<MO#!54-85gFRpH$bDHt9@_?qMBCduNQ^k291Z<lx=)jKoN;YX=fi4)Wv}^I%(^|
zlLnoY$<~wL`ee6tupSq_B4kB5w=6&-)AgexlTEJ(h4eVd*h41Yydq>qTBc446hq50
z;dm>tGvC=$!m8+GkwvcxI4fyZpa|$)pxJ3V(ZjC_Ya;7NAfrzU-OveYd7vB65A(qk
zG=FK258ZuQSkA&~^GNL(!K0@I3Dp&7D?yf%qf?}Ka_=$V%m>d1Ep(>zJh%R=fHP+X
z259=hAeaUgRvS7ijE?k}Cw<NdZhagftOc4k(RL#CWR?<Tw$PazJSUXUKudO-?vBp8
z{Q^$y1?(J1#=H(IE_$ka<#oXw;W}VvntR<~14naPR1vai6kkalX`+T<a_oC<2l?nT
zZnR-1$@-l0gcg0u2?pZ$lp8~y{R&bQ6TjpxlJTEIZtm*OAo2FPAG!O<q3<B&@$;`C
z#kTMZ?lO7*G9*}*f6rZ)YWNDyhKtQg56LAjF_gtDwtFqtOplsOTo-!ozG5HUp<kc^
zx&g;_cB6;K<<V>zyDx$|5tV5CB_W!*rWOQxL77r0!&G@!o>pe^B_UrMV`l$&_L7jL
z=vVZam@>-5-DAC`Ks8Kjwc0s+@c!)*9MzbvOcxb-^i!c{gdZCx1^NPUt<U3>YUxVh
zJ`?5`$cYMA+i)V53He+oi$>NK1gfBIAgHy|^XH!neYD*&vRv!G5TdCkzW#weP`jt8
z#3|83R%q`R!rS59pVi*-l@LuG+{y(ifx2`jw1w{fp-W#034DavWdhU+>G8dg9&J!w
zpf@xK_IoWT@W$_j-r8D?H0bT`g|1P0M}Vf}IDww&R);PN5E@J^E^vw!3IC&zAHBY2
z(@Mi#a#f%l3Pg+;AN~MFjI91)-I0vCEa-$;ZNLMxnQOvJyXHq>rmph0eiU-hp~3uC
zjMeZq$A4`4k2qIYVtCt@YWc79P$=<=aKz9&QWBd?fdMce<y%XcO{*jM`?w&4e)>t+
zXe1XN(Bz9q?)zEDN^j!?wO^ngv;mfy#H<n7HSFRVGUXQ`nV5bNy3)9OZDSyle-X+f
zD!JDgsDXD40)3pVX^*Rd#6AOi(Ai%=9<V(KL~I(F^s8Va5B(~n>6y=dgTWSpn0S*R
z*4sNU5bBwumN>KN$%UN#M>wI);gNrZff2^@jttZRU9GpmnawuU&wmxZ)aXEyf~@}E
zgn|gMx-?J=#1KcV@e!%`U1-$KwTz8^_+5A0R5t|r192S?XHwgWC(}(1TE&iJ$RENw
zsuQH{wTTM(<qx4y7nE)o5OSaA`WfPV!vlk8@g}$+iJC_|*+s-1Oz9j7{3W~^=3S<U
zH~k|NMUsKFQ0c)r+^@!f;lr3uV+JeJ<fmn;)XTn0{6?%20=6$~6_8U&G8fx26}4l4
z+Q#5~kxA9aJr$ydot5@VqJ7VPQMX^L2+(v6j|#gxT|s-^6(K2=o_iw<zTF_|(w|BK
z)c6R76sD(<3kI=2nRyj*y@1|M`WeNN$f$a!2dK5J$~!u2)Vswf{t#hU3%QdMJrTy*
zydpp?Z8h7MAkHF&@-#=N6E9BXbPM$ki>OOAP7KV3Cgnks*!koii`YFfcLJGY6${Z3
zwo71^)`LuzHh4%7JCnz(Vpq0H!qk<ZttC4^Z<qo7FOzPkp3F>bu4mZ90%kj6bN!S}
z#2GkU0yF-PcZdSKgUN!2Z6GGQ38I-S5JYU-?Gm7Og23=b8dnp2O}r@LZ8AGBP1iVb
zz%F(ovqiCxjDE?Q3Ue)!XQ2q{Pex!W6and<N$qBy%yd#Oit*&4ESkvmHZhKzwTr@D
zMdZ0<osN<EbA~il&m4QZ9%cuqX}N7&=&P&AXQ$X(yQ3G@1*m0t1iX-)tuxED7fzGJ
z8k%RUHS@eA;^fn=0eW*2=slTilgiACl(LaBS<Kf4auT$aKv^5vBa3P1wW)!LPyy^D
znW?OwsgZu>k$^)?BS%D0BBhFm?eWQh2~Z5=eI`p_xk(Yj7W1=;ScsyJV?{$op5=MS
z=h-areJwwj7Z^61Y#dR>$p@sbq(aVM-!0Y%8*Fde%0l_Y;s-{#!)}@rUkHcCcxV$j
z+*>TwQs<`j28J+J>egk9n!8&BV&H`AOal<dmWchd%ZeEBh7vKllZ5*A5F0q7btiej
zBc6jB(PHkVTlF1+>e!tCm4Nz7W^@F7`GKCm8_fQ0C>QgiT4v5}8h8y%L6$tm$CKgZ
zqMNv1G`q;d<zjA>tl#c<AOo#TQ=0xL7vb^+(Uec-^%8qTm;KP))Ewo3We;a2kR*@y
z62Blzd=Pv6a)qeVwL9*nwj_{I+WFPe8-x_ga)lncB1={+-K_u_>^RvpMa`34NRIXa
zjvZME<Sg-!4ag&vx-u{Vs(ZH##b9I2cGB^Cs1K|SdmpifrhBq7^ZST6L)N`pYFB13
zl_aTzk!M$lT@jCE?WUKQz#7O-hgW#A)3uhZuL9Y?j;^fO8&zUnM2<tts3=zqf2CQ5
zDpTeAr0eac#TSI9g?QTy)|ahjb9d81{vN|$)bjd{A=aP2JBP~9&GSp(3<)~RPt{^2
z*rezU8GUcCh-5;4u_!u2)w}6Iw^l0A+&B;R7YBrmCol6NNvjpR>uKr9HbT3i7SVnQ
zv=J59+i7<uw4z*{P(suY_=oxo5D#kpA#0te%PcF~-ANljb}S-8>qJO6r5v(pZ8A?z
z)`>b*spoE*UtTViXgf*5Kyi>Z{Y4L^h-B+P5hn+v?51brJRr}b^ZC|5u}qtOM*h!O
z5CVM$wOh?OyQx(ya{5~}NbIHE*2l_xG)TmkH)ZZl1@eedE^DyZQ`-v}xqq;T{2Xe-
zZfY3IQzwKsp4SG8`!v%Qqu(_Y1WfA?F)gA4!NhxwyQyKU6prFd2PJO|5pN|kpMqu5
zRtUTB5_Ts;n<8e8_lJtbnt7R#_ZTLkTr+RwZfXvz@jA5CLRJnF-(ot6#=<Lxw_7Ey
z-85AMR=(DnCx?rDb)%XyLd3@=$8Ku=ipZ07BS4<~^pM?2E{qVn=nq&DpB-b5`NU@0
z9}-52NxadtG?Y6=9A@BP5Xd1Z-KnV6yKAAca;a8h0ClW5O80J<(H;?9dGoC6#L%qk
z?EBYPY|fbbxn(hMxfQ5f8RzYl(plvh<$k3_*{ZBo=8_}lg{p?@&66P`WT3f^xre#H
zoMG++SKS*;znd<bJ~w?}IuEfx&zK%D-DBEsy47?u+~>d2w7@jeG~P7a)Zf(0RBY;E
zN-@Qmto%Rx&-}OiMgATB41a=u0xrD&58uM?;+y#O{8Ih~ekwnPAI$gV%lNKvpH?C-
z^E~$_ccp>*lKY6ez?~AS#8TKdGR4lKByz$Z!jHli!iT~e!YjhF!lS~y!U18AuuV{f
zRl-7HmM}pW@&DpKBXJyp>l#kIVLwMRN&ia@3{F&t_f7i%;uw~Eb13U)xt}5Q&R_Be
z#tyMuw(+J#%cm_{K4a<fIkTlF$*DK(_wn|1hAvd&1{?eStMZ?r;tN7|123O5d_)D)
zdj_q_Q*Q`27?qESx~217M0hOs1~PJXY}T=hcK(RrV#u^hI%*)Bs^#K6o45=X_8dwM
zNWYqmF&F6mbdH^w?;9vDHrg{nQ(L4vYN>3DHB{yqe=znlR1*23bcWi}X2p69`=}e#
zt&Vl&GQ;S%7o|hw=%=aK<me?SdYfpd->1?wgWNMn?`W!)T$&sj^0~yWMam+_|4g-z
zmp+&9!Y>Naw7v=;XGaC$3#pFg>1C1g4YGx7_(H<lL~W3!^;MO+a+&Gz_!kmnqfR!Y
zk-lF_(MxuqD~)MEn$cI)I44TlF?8rlDI0u5bj??NDcQ-DucYYl97?JEgFMtfL~=PQ
zn1}sqX*^9_28+opsj=kAuiG`p9pq?pfSkEo|N2@QqFtoG$X9(MbwO4cIY_-_VE=cK
z<9!?*iTI6VBWJ&nc908Gj5*}U*OEkbek*0`m$O<Igd186Me|%FlY?vGSeZ-TO7)R4
zHq!Y%b7nL>acmGW(hQ!3F71|C@}0CylkNrIOWlz~oV|~_2`jy;TrQ?_E&pEnM<WgV
zAmJ+qEBDcizB<WO$Ta<re~?CN6656`C524CEES^t*|U$Pgw_B#^FJ15lS@BH9m$iI
zrLbIQ#WH@B@I@i{`)KNEITT|y{^>tTRLz0e0`d}P+esKEO5&HsNXEw$OJCbLTN!t!
zwZY^9SSBx$?&ljrX;-B4>^_^5vFgGg^|!fHw+o_9VEcOFs<e$-g2NoS=zo&#iibf#
zs#g>)aV1gRmE8Y7iCs97MKVmlj(vZYa`M|+VfhM%S^r1v5~NC6Dey8IBlTygn%*)L
zPMrPzXDNDfj!y|v=USz|)|EtACsg!{1WB-vHLJa9?{AWBZ_f_Wi_%J<V#f97|B$N4
zs03>sDgRR{(4BN+_R+<CtD=?!sWw$u8t%s5KLKAx>ZaW=leJeR-Hi<$gH+`OLu3+T
zgkOJ?O11RD={;nTT=%;ay~fzvGe~cFtMqo(noa`0OXoD=O@BzyK#0cfLF!N$-8jgV
z#OzPW*Q82VeAJ|S@d1lK)W4)&dUjN21gTr4NR4+TF$3zGe@SrR+52tx@UHt?YIk33
zFpf5QTDZ|q{Vh!;v$lf`gjL_~A1N0tq`pC_^p=;pi2F=xJlXzF+n|7`u@e5@cA}sr
zNRJE^FosMr)&46@(n+Q>|4PUkM#X1b%+dm`(m2DA5wmnptUO@v2TH135Ttsc2S%1^
z<a_4G{i%MRzvnGE$_?JiAiYnh%A4&<XIJ5MHpuU24&;N^%r?@=DC@Xke2}^yJo9Od
zz@rn5@=~o~Ov3(dly%pDR0gT0=dN>U*A$m?@<fdh*v-bza<VgOK+6bH13YBxYqSzC
z!wnz#RwjzgWCbtd(a#Ig+fWK!VIF&ohipkExnZe9LlIzD)a!%P&<)AeVbWP9*{@p|
zab_8N`UVE+eJHMZ;RQRwEYH=ELjpR=Cs)@5sYk%20-v!3o^Ao#W?RC#nOw58t3D%0
zuSSXVGtCP9Wb$B>RmN)O4Z%XFITz%065IJsTIHLynt@axV3)=kX8&LT&=+|pgc<m8
zn|w(dlj7V|D|u0nQS5_P4$|v;s?-V>^HS{<<vX;NjQm{^$(y2#Hz#M1-pr-35=?wY
zyIiBShLLZ!%h6anI_&d;)O(aiYiH8*WqVue8GVB!V*|*vU>B&qW|AwNUBvR3B(EZe
zL`xSkMwW}vO6nTS1xgUp+Df`dmOUD$9L$7oKM9JAH|>gG4v^=~2)ARHB2Upqg)!lO
zwp#LH+wM4FC$yMZ1;iRFry6EaaaJj)lY)Jrf+2L}7FpxThFGY8B|pPLw-a**xkr?X
zvxAx)J1i^fJILWg=_5cEIoi_kxgppGYORKKR6_UqYaQeb^n@PX7yc6`N8?<8+&3ji
zP1uu~EUqMK{S18<Cx0FeU<0`)l0Q4jm8kw%L2AJEEO9aO9vPk>ucUW`g|~yt2{MkU
zD-2SHLPTcw>?9ANR+{kgd#F=8-WeF|1<k4U7KRnA?>fmJMXEQGtDR*W9XBsXt=%=S
zs95+&c_Q?dZ3%1=E+)$O@RJ>+*7V4h<4l5KWQ}J+=GG(``LeuHklqqCNOict#0-P^
zV~(6ct|ZB7WM!Gj>nU(^#MxZfNAFF>OW0c!q*q2&c;j7}Y=`?gSw2nTAAsZk!5mm<
zA35X#y&|P94weFarD}1J1E*4xNlA*l1iuNn&b-TlJ%E0k7Zk4<g}_1Csq*E>&SECL
z)8q;?bv3~f=zUS!I^K~c&(LvfQhGa4SR7=o&XVx5AD=D{*TMl9W4w_r=asf;4Zum1
z$EBE6IZA=FT6|2{X8qfmYsocp{3qOl#>WhEVpegPMxWs`Loc!^B*A4WHwK46YsSJ(
zR7VAVV}`s!>nxj#oJ={o>3RnSheA(ty^CC$a~{H1KGW<F!2hviOO~92t{z_+90GM$
zZg4RVvnR7sb1E#(mOGPAv*cMcBsQ#!FUgkiog;<8!SJqXb&V^N?OM-f%P*3jt^*6-
zp&S{91f>S4<$Vy9MQ!}SZdA%5AW5UFfyA%Z5v2ZxN_9$D(TMLNA0@M{Wra8R=Ziqt
z{M<!GQC_ecQ0GGpu!hFyrFrspZSG*S;I6ei8AmhL2M53axL3J4GtTRg54$OxC{oGE
zd@KMOEkWw3sA<gBY7R+GIhoyCqVL4`0=)Tovx1t-Vu%a;+ORTO3*<+&*<%ZDbs-+q
z#>yad)>Qivv~?YNsZg#DzlBZrv`V=H*-<E?5b4IkU_U5T;R7%H;%?TCA>xutz&HGS
zYTK<Xi7?9N+w<*+U^Vo;1{h0|2}N|isS4UA6U^jHk=(UJ&%Bl{F|xrFZ@nOImu|No
zFi$dV;qT>MGQMN@(_j)`wfrR<v)*Q&#7@78dQ*@(L#o$=g;Ynk+^G31K(Fjf&bei5
zRUaFqG1+y{AQl5)>kd1ATZ7D`wR<~}IX6f>BANt;8T+EUyk47XrqS&vX*bnVgY;Um
zVNiP&T}N-0$P2a81vI7_t^e`CF+e#8D47%di5@b$gFh^b7xf02w5mtD-Faw`M#5J^
z85);BNGZq+c6MQ1Eh=l*)d9g#Kwb&t?CAJLIgH2Oz2pI!iHQjg_MX)ha*h<40NV>O
z@6b*0f})NJQZsukR6xB)q|_tN(Kcai^5``^r#-SOVo6lz2ZsZXl&j!fWD0QCDv%@0
zfyB1avsH3o#Og!39n9&W#nO0{;3OzlsfLd#1e$uMcKkTlOV;_PMg^$>KhmIzVrUTD
zuiM5=v_a>K<){l;T^pov{grgnh>pQ)74jM_DzR-0x<xnl`N5I!ikgLChJCEJ+@S4|
zZA&A1BbIk@a0Jvo!dvf3s-^>UccuI{IV`7yrP=vDa#?KKxWYFbW4?lP_B|W9PT?!p
z+w#cC#=dd^O-f57S1xg#SdPV>WQZI_0SW#0+$8jo#T%j@SOgQ<rjbx+@kMTM1GkUc
z$!+8o>hnDy`(2kjD7}u*IfTw4bOxc<5IT*}t6`*lXHhzZ9=?LmNrX_AorJRNB$Q<b
z3H<s_pe#Enl4aMxzKx2~>?D+CC!sVu31!(yD9cVlS#}c2vXfAjofOToYoMQIMQL^t
zO0$DY^Yy)W6d{ylCsm+ly$~u#sAm*4!0SCx2&fF9QiOUSgtEJ(?&z5tp<;xJbf{sD
z)J+HHNG^oBB2<VF$~XjDwSJsXcDIy=o^{cq1}Rq$r5uE^5z0a+6QK-*(h*8SC>0?k
z1wltBf0+C}m}&>e_2VJORNtp0gc1?zj8G?p5)kSLnOU(xX(E_#m*;LYN?#FqknCxA
z7ZJUK(Ax;Th0vP_T|np!gyIp3L#P8v?vrBCLj@rjAqgQnLLx!}LN<gxlR|Za<WD*J
zv18dd!(pDmKgj*Ujghw)XGpv4w~0>)hiunu+1BxvMy{*jTf?{1-t95Qs*8d%K$5#u
z*y`8;fAT2#7M(gCKU&U<ZV{<L>X<JAD+aS6)sL1d$kGHFCD9!|$o1rCS!eC*5u_e@
zH`L4G5q=ph!##*p|A7OtnauA2+x)sQa`bB3#^T@<Xi0VBy0CIqGg9tvApiRrB7b3*
zPaxkfH0E^<f9}hh7Mu*kb#&ik+RV{0^26G`dGlD^QB)lsq&F<OC&0zBuusvLmXX=1
zoyh&;-~h;uTwpxtOvVTu@NvC=kY1ZuG{mLFSI!+TPtvRbKpsne8!zYRlT6h5;9MXt
z9qnT7CJ5A{iayyiLGDO~O^^piigqODC&)OYB0YFL6oq^}i5W$OiEtKV_Laq@sUlf3
zQN~wF#|7s=zbjPOc$www=tTKmO%VXKOdwk)wbR%q1!n_&5!Kk)l%1X=v&+ZWMlFyf
zlVx<*9UT5<0liy=lP{aL2PT7t-)6uO$lNJ1iUbE8bSA4GELE)jJEq9nB3h-1^j#&J
z$dsx0CEg{$=}@SoF;BB2g!WC9A@r8Lh4tdiX>zWsO?{vTI_?9wdwNB-@j25_bG<P}
znJ!O~mf7F8+r%mS(|n#`1<9H&e@a!VC5mckp=Rc6U{V%89zR1a((LYiX2S?Am?7(K
z2kzBEeGHCeE{U0D56ysiX2#zxGv#O)w>Pl`?2m9^WM)|1nKhGYY4nR*i)~=SjUK-H
z&XSSMxa}izu`S31{LL&GOu#1~FQRI;-l8bA(DaEs$)#OpxM{XrqBZ^X`Cvu;aJH=b
zeu$xk=Jr%m1&^6n66VNzA~R(s56_hqvS3b1P69LkG<IyE?vWw%fK>@crO=G)W$@Ot
z%`BtGPKo>$YNE}q3lHP9x$;nQM}M#yFaz*U??_oGx+wyaPtO(_(BK>!wirKfgFHc}
zGZ)QkXJeVzLXGsb-kPwEy<ndFy{6MMVdB5BosA`_g__+Xvggc=AbVI?1x%}%xaPMr
z8|1c7vp(4Kv>QYh%m;fOJ2AjeVr$Hx7V1<h8RXJ}GZPocQzHx3O72+D?w}LjLY->B
zUfKsZzFr_hwp~OM@3&BPB6Hr17Bi5SuL_?F*4zZsa$q6Y*xK0LO!61WG7&#AM{grm
zH?~j*8^of94?Od4k^_;$ODu6Ml5y}?QVVsh!QdpYgZ83DFgWb0^3#jtZjn<;*gg^)
zGuB0{i{*5~SbE%X#d<9*G`hM<EuywkQ0HeZmT!w}0$^7<AWNidiJTSL3A|iO5xj6%
zL-@G2XbH5B$y0VfaxH^iZeIe+t^ZPdm{ymx&_L^QHGvICBDrNLSnk>k$|eFOaXN^t
zg&Lqssla27pQX#dj@xFR6iC%_Y!Xm!YN5f|E*0!WY(MiZZxdjwWj$BOD1*{#Xeoq_
z)Gu-+)zF@=Tp{n!%rcA|<X0@|vr=~IEo9!97HW#FP+iO*kVv+!knLpuN|3DVt7U9~
zK*?^15xTZeLv6&ayL%Pbb(sh`{x5hYe_Pe=#M`fhx;AoGgstN}SJM+Hy(ktWq=me?
zT8<`jz_h9pTA1Gg4sXnFVOS$C(<boZxl}Vbu%;cql(x_y8St%Y^L=RzY=_Jk#d>|+
zS~;3i2emgETG&<ijUBYL8rr{Bj)zpy$i1~6u9HjjDM{WjEi^Nu$P2a!x-HQ7!b59e
z5AU;Hejk?;$dC=~Y~?dr@}O}eKy#?3Q?hA;yhvNROxPxGlyNw|*h2Gk%E3jU9lcj=
z1VPBY-@@oU4ec!Eatk%E=R)6^-(hWo?2Z^V@=+|@CfN|1YPb_pK2CA+XM9h%#rhf9
zWPeCpD9p9_t&dn93Z?CmHyb$fkr-kqNbMM_PHdsZ&_WePitXo*H^Yg0*@qxD*@=5X
zK)0<lCb!VMk33(hX1ovW4agN?nat+l+HN`O8dPVtbO&m;s)V;@VL#lS$)pG)eq_I_
zix)`SBL@sLWbPkoEc!DRc(wvc4^p|X+2#0Nd6!OZttGN9^mIf^FBqbVVPPfXBmq-V
zoBPR1Chn7U;cin~sO`HN%(=`obK5@Pyy*HY56bRn2%WK|Cp5yNR)*Qs8<fM}M{HX&
zCNi`|&WlJaZ)FR$eGgHo{G{%QV2k{m&h*Cgi>6lnJ4Uxqb9a>&HZCU1UT>AZrk^JX
zn@XUBm3(uXoF9>8FlRIw#k0cYV7DLV-wq48J^^9|Ub$WGN9@$%W{sZ{Zv6lDx2c?G
z4#@Zl*MqWQ<Rr^{gOz*JXnW1}tnFdjA=_@7-?qv&&o;?6%vNP{+p=v5HjDKS>vz`w
zT3@%mV13kjr<GW@TGv?@TBlj-tu@wCYo0a9Dq8-w{AjskdDHT;C1knR(rUQ{+eb<p
zGNeQ}a#*Dp`|tKE_OI<1?eE#o+fUh#+n=x>vEO4qXy0ewW#0l<x~{e_w%=f%ZXa(S
z3185wvX|Li_8hyz9%r}NW5nOY%i<T}N8+3CExZ@RC&Y)vyTseYTg7dnS6m}57Uzmn
z#j)a0u}17Ay2X4kUF-w_KzxI6O}Hw2BU}{T70wAS3(r6d(0#%oVV|(m_P%9?Wt?T0
zrN&ZjDYE2R9F`6ii}`Q!|IFW*KQX^;e$D)XIb?p&e1|z`-f8xm*O`}?=bERON1F$k
ztIVb5LUX3Mvsp58raw$Sn!Yf7XnMo+is@O%7rEDTz_iD-&7_(Zt}-n&%`#0ejWE@k
zDok!uo+;H7Z?f_K^1txk@t62_`Lq0s{FD5{{GEI&-^_33H}K2&dHghfEI)*=<~_WN
z&*qbOg*S26xSzPMxc_o*{@?ziC#O3MA&4J3X(SMB^rqnpa`X;I2D{-bZFO$4Ar!kJ
z*J>cwFV9W0+qeYdvgIpg8fHR(*nz^7`$9LY&+Tsry}uzh-x!is=9-O<8x&J)#~nFB
zyya{D595=TA?CxTKja>U9iik{Wr=|lXT<SBUMuxU)u{C)<fm&!$U5qv+(naNx{*zB
zN_36+%3G=XCa<Zk1U!?V=)D@Jyv1_3x{-4o6|C*AX{FK%wEYrI+qWesJIRZk=;y)q
zz(<8oCn#vMRI^$&$5jc7J|@;qN<Z!5g?~~Nfh_N&U|(}qD^2Vuk;3FhDLD%uW#p-y
z+mUx_Ed%mGAZLpE#LfyNwb9RdF!JX*D=6{Pm(xn6XXmD>5{U}((C?j<<Kf)OG=~yL
zzD-i_9@(jtdXggbXC*`Z%p1Y#Z%S5h%yhR_>cT97$V_HHeLh*K(xP&p_9}gBg*T&>
zdM``VS<qFwW36x~4`~6mtRZ7l6y)tx=eG6+dia_ZxBw~rZ7B+<4%9Eg=m(@K*vDJa
zO1+mw6(yO>*Ss}V8LOoaLBo+(r?IxR9BTIXYD-vLf2e<&GSi^7nsxGgx{{AiR<j@(
zt1iaa-IQQgV(Pe$<z2!mTaGo~a-+G}7-x*58e(pI<J?y20~zaclrTS;$5ls;<S1F8
z2^q?OFn68LRC+~4y{okf3Jg+*lxSxD2XmAVIo!>hMviAHUC8~pN?Ihi#`H$aI{Kbf
z@!pbF>Y=HHp^T({!Fv+Owru5Y7FSOW4(4LX>zTlB3vv`)ghkI*>c>v6FVVh6FtSLg
z*UiD3MM`euefA$>rqTCJiuIPYQr}sT*AbrOOS#HP?O4I4;{7g)E;yuD>p*yg2RMRx
z1yb{rx(G+ak-d4kWvH%hrLHpgR&jWaKgm<JYI*&v;+A|R`VC+2h*p}g<nk^o0i_if
z{^NY*2Xg62TR!>KsdR}9YGcP%>Ln{}tS!+py?PWVnR=GrT&P5i^y<V`n$VW1LVMZS
zd~r8riT3@UbcfP`#1|=Dbn1=)Qf#tkg!-Q6svsR{K`ZsF)q2Nj^FaRYs{F293)B#&
zSc$8f67^>^6)R1}u}#Gtnu_C^isPG#J2n+3G!=JhD(>7=oY+*HbgVep+}A2PKzKWO
zF(fZe{*z-uO-XL09@T8Gr9?YTB`!}sq8t7{mnZA2Plc`2oeIY^ZPoN#kzA>X6E>oE
zuSiBgLydD<sRy;vx2z<WnleJ)tw?S#XfD)ktCEqo)z_tUG|+nd4JAx}4!yf7`FThN
zrs3!rFT*AL$JZox)n{(0eOgD6s#nd)ByMeT4b{R}EVx^LOla)YN?kA|z7mKoA1TF$
z-d&qqXP|mi9vQek8Hb-NZ>7$cYIr}BAY0cbZ>3>5c_e*fvWZl0NX8OjQY*cVr)sno
zJx_cal9y;{+dy87Oj9?u4hPE0NhO*O+Qod(<oS)siNwD#d2ED#V~Nm^T!tKV?pEp=
zcf)uyMQU6_GKAdG?_aU;KHZSqO~*bl$2KJ!uH>3*V6BOX;cKjEmU-rbrVqFnQ@Jui
znrmMu9v0rUUFEZl--a@;q<&zG^;Y?*j41W8uk-=iH!O9$PscL+IXwR|hfYiD=chWU
zYex73Q7<iX%+V4@*aw<MEqCNZlF4noiJD+8l2iRuB*2%!v<#~G4URH;$_ZD0uEC)T
z=IZCC(mwL_(8LvvNtznVKG=C+g+r(E*7_@fwgNt?!VX)PRygP<qM-wf_QsVCT{?i<
zPXkpd;G+eM_Q92oLE%hG`X%`6RgP#lmp9o@b@WPgoc7rwPi`S8;NcTV{#A}<ZCu*E
zGAWaV20ki4LC-%%1==HuI>S$0?&a{U3U*u`vc|ENT4CU;Ok3eQrN6In=)R*>=ckeC
z@TnS>^hiq9I!0-2WBoX~)=?f+lI#5afmZu22lUji&M`jHBslA@b410Ny3$XDcqRS5
z3X5Ghzs|8;%THkypI6|+MmyI#bb@WRpKdSJzG>Pw|3YWiJ61Cnd-!{eP`^MvXmIFE
zcP>BmufxD<Q7xg3FtA{ONF$jIj*>_ihGgCuV>b@5nJUEz{AOVS{PU3YqP43fEtI^;
zp%|#V%QD3JditqJvepmZ1ELEsG}!An%}%)NYc_V$-{;V61l|4Awp|JX$9((mZgoJm
zVB`~-bvHY7pBEkOr<Up}FMMW^ZT4Gzj?c8u^}rW3$|5`q+To?2(r=0N3Vv#_tyE!A
zu)!-=9S5};WFH{6c=eoE?4Jb<iF~wof0JVba3Xw=kbT@EX|p5x(Ob3BPgDNdK1>w(
z^wfgQj$TxDgh%@Q%?{nB+QUBs%D~stw6-K|alqHp;IppU_bQvW=x2Sse;PErM1_vB
z?dI(*4ni*61>XY#){AaS-r0U?=dbmS4u6xV`DVwjx<)^`%@NgRy#@ZcKwR#H@4GO5
zeq+1igcklYeH^Tx<F`1l99`+B=JYyXe>O9Q9gZ!Lr74kPI~?d9G#G4ZPWPzr5kzJ<
z`*(-q4lRn7aq799j)F)kCoD1=T_kb`6l<}i$n=e=8^41)5bC(g(E)A%JZM^Lh*#$~
zQLAPN{Zte)eB^@RBN1}X?%nNJtcff31)~ACI&>RbN)t70f{Q}?yp-=&M+LQ^hiCD-
zTOB&Lil>QMw<BLQ$=l-?Ml+V!APeO19^H(1`!&%kd<N0MV+zZcdmI<2^@Z`YK)&3o
z8)<bzlK{lkYKQP=H;V`e9cG}qNE{Ur9mLzI$p&<8bz1m?GNl2>y_%$i8G$c!?{-9^
z5WM+K@jzUw!slezzBV!FcuHgDwyzPnk=>|g6V0)!@fx&G=TIg++L`Z24z@TR)5Hyw
zvk|q`fi!AwT~h}rSL!VdugFuaj`yfE2oK?z+Z-r3AEt@k-Bbh;N>lDT-R@}67#r#r
z$xF98(4A>MLlcd2ul2(e(SCSxOSEsLrtf#aeJ<XVw6N@FqV3!PM*-Ry4?4^jjZ@2r
zbyG^NVJa2W#fn<iyci}DE=O^&Wq#wPlv?dV3wCSUXPZ)V@+Px+5n~XigBg|b)D%c5
zq}iV5H>D&JqNd=3PD%4kKn^*U+O2S}t0^_w)dY-uh&KhF>e8AQ0y*SwI+zn=t2d=o
z*OIH=l&BB^{#Q$y7wBtecg|HerhpZk-kri)e`jL~)>ry9&xbOQ?C4-@@O5L#u&_Cs
zUTZhcm*Pg6M@jRI?Op-t!jam6Tqb4y6zsBdHB(O?q<lHpN}lgesnW*i;%XtDeC$ub
zg2L5IJ$w=J^d=p70=cy*1qWoinwf{Mt@bx5IlHBc^>@JL|D$#)h9b3Z-mD`}-n%6Q
zJJHrQQz=xgCWR-g_m-5cT0$SI9d7+IlYh6Q;KTL6=GpKHxYEVJ)^_i$DfN*tN+z#t
zO^N23(pekcOm~VQK+dAB#G6ybM#u-D!B1<Z`$U8tF5V36(8g>X$>41%IIJwKnQjpg
za{o5UJydaKZNI!N1%+k%RyNa(wyLSY$<lg4h1*k%MlA=PO;oq*1%b@pk&=s2UR=%8
z@!U3^p8v14E01ofO5;tsyyP`$Ds5$Z_uYmzT_|Y_UD7sfQ|O5W3U)x*4yY_5)BzL(
zD|=tMpezE(flE?^vK>WGP-lqF3@$i|IOu@Gpfheb<1#vDj?AKrgV_1L`_jDk>c1XN
z|KObO-96v^mf!cg6)sl16;A${N2Od<z4Olax4GLT<C9<Ro$6&BI~cRK!(Q;0P5C!(
zZ<j`9>k?V0;sx{8l++pGQ$kYGZ1dK%m+kC8L3SUi_=ijx9nC=jX0WycNCTTt7x<b~
z>bAU{@aslh%&FTXwkar8#lr+$u3!p$)z;lIfba6ZLCIuRY1KHNUHLA_6aQ+HE0_#l
z&Di2bu0ddRRk;RT(PO(LF~%Igi4(usBWcMQB`=8CAYNk)17yWv`2BOTPENqEH!NxR
z;*R`aBJ|MMai3O)%xN3G4NJLDGlQI%{40Nt<aYJ1Q->#rmw>Mms#*~42i#bg@m{)o
z<x2lDcHr*88PPG1@$ZoVFHX78wNEmVu2u&v&`hi1)Ohz!t0Uz+oUiYf#+3K>3HxHV
z98YkVJ&7p^$+wBu(%ewFC?!5*zHIi0Q|#NU$E=pL8@A0L7gc^Mx0%?_uG#mb4G+0t
zF@UCpW?_Ntp#xF_`d~7<dPuS`+d=)p$sw#>C<58RDC<8cjl+vLCVTRrl%pBM*&$3E
zxj}ZQ3AX&JgRscpyToLtACh#2_K*+~`Q(Fa2DZENkOZ&JrNPp|7<AUw;80;)44N!G
zEb-!rSd+UCOHQrKxiFLmvK3Gg&1>5~I4o6S_xY^$h@=(2K%KP<H!5Cdz43@-sI&g!
zaj7I87fC&kFb8j^neZZQ2<uh&O5hRt^%F2VZPoIR>Q`b!s1#)RN}%k#qi~aHvcEs7
zUx^VRUVehBhO*+5{j&EzDUH%*mlwhm5QNjX=gj8zO69z=hrQG*X;}_ddMV}0bSPNH
zKwzOV#qZ3(MxQw*9Z~~_eO@ZE4aX(j3(!&s6PNrrpln~SG*&m*)&u(EFey|3vSXo=
zcPwt(spHZt)zX0?<;J*0q^t{JVx~}Oj`eRpA@!=SIP?DBJs~*_=D<nGe7{_tU`w27
zOWq15<V^9L^|0k};eE$Y`)9Trwk#nvnw?GF2Ir(V`CbUdj0rD+4rVF&Zu=}8^yD1!
zoSKWz&Ly|Tl{a8M@s{<kf~^2CkJFD}7biQKOXkPHE<Wu9=Z5i?rCzrhG3#~_FcYwb
zf)~_$>ms=tWVJrm`QA;F!mHqevKBQ{?s1keha12&bMnY|74rd@6)Q{2fsEsOc|<cZ
zl<{G-bw*FtP&oX<l6>Ol3%WapWU?pniRKXk)ciiasD7wh$2otVPlB54@dBcQLO8?A
zK(;90aND^p^?3n#K{d*F2Jp>7qB*Ak;$I5F`GHn<j90};{-RF1fAl)bd|r4Z47_f(
zir{B9HyO(6Mv<8Vr+aP`F&aGc!Ve7iaQVP*o^ca{kr{A@SHQ?Tfkd^a#pCqg`VMA}
zVseDva(tQoR!od_opZy>aaY=6_=SQJvPwOrJg0WHgpBs;btqg7>86je67RQc6FO4P
zrHIL^lG@F?9a(9`wx=NflVJKtthH7o?lLbhITAdW?ReVcP|71RZec&1>*LX6ikj^P
zw1)2O_UREUy!W-ll5deQgg@{YOTLws5gpYbiD1oO9MREMMgX*cVH7^_56Vb^-aF22
zAJl>fA2}T`1cPCr%Ha2))@(Y<NvsTkpWHu}6Wtcx6uB9C0Zffrs5PX5l&N`7*lwNf
z^+u3VBnJwXvM>UBvVz>j{(TXGU67u)F>fW&y{ldsL0*yk8L=i;RQ4YTo`~g-xPI`8
z>{O9Afs_dPKoc-;%T2FR57`|D3fS1cJo@#^jbPa&L^xq)FpSzN(tv867p|tT$E%1&
zDGVvyY-o720@V*3tL3jIdy%IqhNQRE5TgxS7eT5C4{Ra-MK#xu8R+=)y#bI%4behT
zXfZB|5WdP#G0H9KbT0{@s*LUBZ@k24QCCGIXg*$?e#1*9tKz)8_rY3XblKKKhC}nd
zjx6=4L{HZe<R*?+r1I46^*Uk%y3CCXgHC)4V&|)_o;;`mwmz&U#+t0VBSTRVHk3y%
zbA4ouD*1+wlp6GL12LUUg&B*&{2`VcVSdzhl?)f~ta%+uT^Ok$;)_;!4HgZq?hy=t
z6~O%c14(8tULzV-tYbqMxlt>+pc)4w7SZe1$R2H8DeT4Xh%W4SR~YwXHtaXny|MED
zkwtOPeWL+C(iFxYAXLw*iSUB!WCD@^j=<V~E8Bma7%459!btiN7ys5MzVv%y1VL4V
zar5GUkW=52W;G51KW`gz-yp`q9)EZ^h?hX|5D)dNxIq@EtHNsqOg|8#uaX(YU5i&h
z*Z)8&)T7bAh(=6gW*E0FF8-&uIB&hCj|>z?of8*d*$1s70s+*eon7uDBlNrd3)xgU
z+_EJ>O#a9wOikI9{88E*`(E4MZAGbj#8zu9#-`6Ci%My55;O`nG(L-v$-b|Ufno>A
zDS<}NZP=K~U^7U@xh#RPG?ksMl#6w=rFkCN;PC~<1Ti-;P4O10WoPp}@+noG^K4G4
zl0Eu#0~}73YBL@9<}g#?Re(>7Ym=TT`T02cSSkxt%ev@UQE)2$#(;KLeSY9~)dt~b
zYh<13b_A!uJe+_-=X?5njXX-V|2f6~ZC+W^CQ5CPrz?PLk%vRvWh&`iV}%SHWtikU
zIS-s}>X8M|q_VCS-W|lm1vqkQ<g}$$ZWut;`(mxEoi*qP(-%N@WbEjbI_&6<ep=Y#
zdRcooxPt^I!>sE%W@+53snM=_Ia8xDO=XvSa<2YdoNAC$8itiP9plnQ+0C}5)U{%@
zwE^;=6)6qL<C047TsV@_1CGwM(0CI*WzHjvwViS=-t5lZU9y(`RN6Z6p#qQM#K0mb
z@~K_&4j#Y)u{4(1E$3$HE@fp|=W3YdgoSL!G;<cavs;E&?vaSUcMi~R{?IL#=%ZxH
zl1_Yyz@tDk3N^C_NKw2G10nXjO>(Om%7svID*JAeY$)aq+|=0y-!&`4V=pLIJq%;#
z;an~+JR%#zFe^GAgi$rN#on=Qc|`73A9&}%JJV*_fD#LMJ6A#TzCcDS(mi3bd_m1q
z^I)ofi*94_g7J5vaa9CwDRW<7^A>p_YK2(LZunN&7-%T(<R(>rEPDD@xfzi_G4Z#y
z%0}Q|PA6JZb;=@)UBeCx+9toicL2lDP*J>1Hc|{ZI+ydsfyiw&s^Z#5<$Y?TnUDVE
zzC=6A*e+{UEl$DHiH0piW7SJ$%61vvm|g}6zBjhZrFt#F!wSOHLBiFjxI-@Gx67&Y
z0O`Uku@5soJUK9t$<L~B%j`XJW!%LGG<4yS_6Fbyb$)j{!}7c8WFRBtU_}wx5M>Eu
zc41z%Olgh9;ulBc6RJGly2c(^3jx490^Y7>kZ)2T{lQOlM~{47JsJFs>h*gEY_+wE
z=T;R+fpLrbwY~CwT^Mx7W3n;&^z*I>uujcWVrzTpF?lVRdJu>%^(0x@x_z=SE-<bO
zi&K38`1SB*IlB+0%Om2jcOpB#Umk$Bl1=S7LNk;;oEc<3V;`HcFZn;oQ<F|6S!@SV
zuP3&qmWUy1p|Codn@#ftv;8w<lpB@aF>2?n(2u7xOC^ww&d#U)Scdk^0y;{Aq204n
zUH|okOgRsfzfvLnnhn|wu)gfYG@W@zQXTEwkezsSfZxKLe@wcWZ5c`P*gKySU^a^a
zoy(PxbVS^*ik1}7cazLtl`=~ybwX9f$WnURjE6;;7{Y{`A4ppG(=|zDv;`yQ`D}d|
z)oJa?p+*pEvisFKh_hw%E>)rO&Zd=9BfG%F&^WEtO!j0sy;U9Cl}o^+mQz8EW<hZX
zlWY}sKc`h>ODgDO_UteV_|0CL%08{2#(TavgbCNUxU&+(IVUoAg!fcZ<F99Q$Oqyc
zXr13Umn&h4+yUU?Egq`fIJhE3p?VN6192V&f7C;pRUQv6o>=vx!C;m)KA46o7!2p5
z=Hk(+0fQM4!bB~&&YW75eN#ojH$4U6D-gG_d#b51#_kGnOb&>1<+ZPxHmPtE-nyfP
z8kH9fVfGs0DJr&UVhwH7iAQUw5qsncRfBj*f9qFk46V=e{-|}tWyM?H>xI@i1``Hj
z07V3HLWrky2l}VkSW91vi`rOu9W}hz5=adpnzBTh5u4}II(l3s^5yfyFjqYOfO}LP
zLM$bapQ%Kj8|o<#jXwwK^y_+RWFTz`m4jq6NTS9;a%-iY4r9}O^cFRK3}0lii$0of
zyr!wS6pTqR<w&Bi&{3UsPs$Pd>vn2$h?m54%O`kEKa%25YQuP;#@*H42VorCZ0F7h
zX`{N@+JZ1%bIv-qYWOT@gAstTiN!%Kw^0o_1XH|#5wi2?fub<-J9z^p1j)kv;(Umn
zVFxcss@a*onre=V(h%MNJ$S$+K<(`Tw*7{Bh<LQFhJE7R9rs(W)I;Fp<JB}r)BB$A
zdgx?<0#zH+@KPGKhW<+Zf|vI9t)XKzVOw||2*-FLaLIE4ab2>8T3PWr3VdH{X`Aj_
zx{ex{J=VeqRlgHHy>}h;=>Xw>SVwg}ixggiYYQYw+%L>rPwUhjTfSbutS#Y(Pz)R}
z?wzjKK$qzJLD&K->$D5bOkSS?OVkF^Zm7cG8h`voI#U;ndTS#!(3Ez!)9&`{?sjK)
z`-txLoKx+&rYjDi4_vr$32B=x7cF)6e@D~jy1o|7w*9R4(6G9+^q%R^!Eivc@GRH(
zrGT#J$K0i}LrYz{Bx_~QG>`=j$D!PGNL%chz@HuA*t1QGU2aW*Z)tU9CZ4)Qx*cL9
z89i8GPoN8~pq^gha_hQCUFy<|)WC|K+hMaj9fQkQ>0fP`Ed6Gh%#JN{T~p(n7x2ID
z+~>;E%BaOx5?TeCz#1-yLpF+0@hS0;7#6pSUE*4CxwuHYL%dC#Ao|1#u}E}^gW(~%
zMC*6fuYo}Med|T*SwJB_XFY1&Z{20xVpRZ%ywtkDI?LK(^;^AwM$WeqYlhWo>9c$T
zh~!T!?^@onylQ#Dasp7vJ(iu8O_ueR2Q00COrB<Gwrm`0@mSoJ9DpY~EXl%k;h(}6
z!iNA+J}0~+{8Bh391xfQ@g-rkaG$VHm@P~ZnuI!`OehrSPx0^0pQ4e0Z6xmM{})}i
zGij(f3Jmz06E&dk2T5re=5Ew50dt%v@HBwzP5;0s*_Wo>*~v-Kq;^+gc2;sif_V;T
Vi&x?AdH8!9{y#G+^}0T#{|CLKf2RNd

delta 38452
zcmc${d011|);OHxoJ=P<=Ku-_Apr!$fDsTO0%AZ!MYPUSo##5w^MEHLsMV^3>Na2<
zI@h+=w$^mAw$@fV+2Q*3cCNL9wspF_cC^-S?IGcW_xqmTU%%(GPy5_^Tzl`e*IIkc
zduQWDq}>Sr?zD-C8jWr|{5wvg(eRC(-P**bC*QxnON%B}8eoQR*QI6BB<WfC0l87G
zljqAx(n0An`3w1~G(hI1H>7J)!?RrvIHWAym>4cYw_xG2NlTYaS+Z=#bUdvlQ{?Qr
zX$$8snm1$F44vGx_;7q3Ua<|V_=4P3V*q%KW|Vq_Fao|5sK0Qh;mevf!_6)5@t_*a
z(g(i4pR;Wst#4~`HJSl!zH%J^bhmoEsTRJ-&mrwcy7H#^PnERusQ;Ef0Dqf}o<61R
zl>V9eFRW?s7vHPDh!?#_jvdizHyRC{HRpAb1|1oy?+{AM*O?5w;R8)dV`Yckope?-
zq*%96XFP&-?&T+<e79~RZ~9ns6%|zIe!_nrI@Ciq`gE>{C&|(1H|m$@|IuI9U(lb^
zzo~y-f5>pRVVz-tVX|SEp^u^1(AkiTHVic-@Pc6e8!y=n4cTezlOR7K?~`}RUU`{3
zQ}?%il)k^d)OauYppkE1$A7}V&A)808vZg|Hhg9Hz;M!V)YxELWt?LiZ@j};VeDo;
zB_@kj>p%J!y^g=Z|6t5CCKyfD>(&d_bJjPl&sz^!_v#kurs_uM`s#Y<yXYO(?beOf
zCD!S>Q@UfiM|I7*ZMqHCQP%#ttGe^LkNCsJ`>mz?0X|@S*O>T<@d)oTUNU~huQ2h(
z-}t*sai%m=S7dGEJLU*Ogx*4Tp_9--9wQHsd&*tqG&xS@bvgR!`n~$?hKCJ%%va6l
z%^#ry*QLx|bGT#^Z|AMtP41`0$`njO9rp@4_dPcpm3+^QK<`}Sa?s<~I5CvKag(&@
zp39tsUiz7nv<Q87iF2ak7vaOL%K-K44_puQ#`jzbQm(=O&ArTtF}heamvu2{?`6)0
z?C@7;dk<X-`l1*}z>P(G58d79<*S@so}?bYO+<$-bJb|e4=`c7@3;~2<fy-{M$(U5
zGWz9bE*HJ^GpyW#(R&imv+s)n+#mJ-4xr4doEv?41rUDr3QUczz}U6;Kl86}l6-#@
z^g%So$hl>w`lGHhI^xz%)^W4YGv9K>=uRVy4O|5@;;+L0x_A{xm-Q_-6@7hy>#OaI
z?y_)SA?uHvtlf$n-vbHm`5xBJ{sAC<{sB<_@mmh`#1YNkSd#xBlHTbG%vOR4TXv1h
z)yXeXnRi^`?8yE-j2U+org#C9degUDina_rHQmzpSPZ8<kjLMz5xL$PuD9U_{cq;`
zEET3E<HvHjv_t$zl&#Y(Zx~GmyS^Lm<9^}_wMRn*J8f}XsQ0tnWUbCz89F#GYq&P_
z`*YmaT3IRa)x>JFm12Q2L#NF^zdX+kMi-Kk(onwBU_vur;POz+5}9vTP+I6#a(w*(
z*bTr*82HZTfO*=Q7zTXmIY1Tzn=r7jS~DIihcW2B7q~CbQ}2kUQN>G~Usi0s!7z(U
zEJ!7@{CS)!qq7Wsg>$J^%l6#?a7AK4Hi3KkC|89#-qSt}{r-quM2_dUOck)lHwb{M
z0kv$5+OAhX#0hGKmw=d`yaFPbc7k)LMwIvl!idPuN1lM4fAn2?8X_a!KLOIO-gzwm
zM|S?;i?DM-CIIfHg7f$WsL|;5d>9Qv&O^_01q3(+Q%D3g8KY^^m|LVj#ZRo~ET8IP
zw6io#sKcw=T3H$58x2zp5(|<%I$Z{O=v8h!-O=?Mq6K~V8YiH_*SIcp@uJd#A|=Z=
z3Pu#b2*S%1uW=sK?S<qt6duu81zhDDNij`wV}hlg1WcoV1@z!aj*e)Lr}rlLCdFyA
zRZ4k*y#Nonc#?aJGUU3Bk43M%4ieo;u~gqgm>;-ow_#xJ6mVHLFE$Mw`Gbo?^G|W9
z1h_q>gty8!0j93>CKlN9F!a6-d;&Ut3Un3W;p9YKM3e5d>CvG#qS(^aHy#!Nw%D`q
zuq$tb*#e7L(YQC6KvL<g@r?uE8UQ9c-v1^yS~Y#z=_p24`0fPYDgY*Xop+iWO3{bC
zis<5Lb}lITD|}-CeNR1CV0Qr?p@K7<NsGLT6WDI=dW#W~B9iGF0&^FN1zAL}552`z
zQbguIX1AjDFEPO;bJxfD#=zWz>SGJ+Wq9u4Z*z7n1t*l;|Bf0JWu<QffV-5e0?~!V
z=ErxqEfktC>A<^;el|jPjc+(cT;U2t4@~aP@@NVRO=#$QToU5n<7T6iQ{&SRAwSSZ
zK)<~Uhv}*J*g2w`xBG^{9A(Ok0;e4_;nI5?xD22bc5hEMqSwx{GYvA-t(%wg4JE(@
z4A}fW*Fw=F2js2ynLx)y4v4l%Bd1FJv`r!D1I`Z`tCw#oP%p2jz)qHX=tJNP5nRIa
z)Q`BXRIs|2<`>i_`WC`^)%Ar1_Cid(86R<-v}mfQ9pQ`>9sL(Ok(4vjd<$UivbhCz
zC*I2Ke{riQ*9i#@o{N(3{=WGDT-2|?PLA6T=eWrcN{eXG|3vY8ux}m!!)Yd5M9=&W
zHx79{iHx}JkGbxuvs2-l3&0WK^M4Fmj2wjB|BlkhV|;S}b~sF2iBYckH#emf7M=Sy
zSi;srIm|a3fCmF`IR?)9gqxrOe&Q3ZC<^#4HSo=7VDG04m`H)L!8Z#C?N)NxQT*sr
z?p~@K2<diy7Iki?`ewq^MQa)9{`DERhT;J{6w%7hqewT@Hv@nxf#F0qyzn_UO@(yd
zFBroK2ffL@=>R-wet~@u-r@EyxcgMnG2%<EmuiQdeA56J6sA2DpOq)R<SJA%Cw#?q
zQUQ<fO#$G%#Z2x-eZ?(Q%?xs9LNyDFY6~;LHyKaA9#0Rrbp4uJNv9_|<o&PN^b(eJ
zfqPK%33$fbZj`SzB%op6aC<tMCF(e0XVF?}?b7P;Nxw;#q|c;x(Z2Is#{{#+^o!{`
ztIl%6@`L3Q%iEThEr%@!(D@1}*~D$;)^PLqfoQ{dE-e9jmf&WBmr31IU5+kAC!v8m
z#ZGa2FFv2|Xx+}Y=MCH+;5&SQhMeaT@~wNhv)rrPGu(sv81Z2#Q%c|i;#cBdyifdq
zUm>0pkAkP#jk>|uZASS+^bYiDmaaYO`MEGMRQQ=7Xwe&A2u_|mqmMxqoprs@(NBeb
z$o!d*gF;^jBAWRfcSvXAcmH7MfO>r;Ttol<T=*LO@dI}X?fhKm%X9y+#-JFpp*t$Q
z#2rKJzY=n_X`z%Kxt%)n;FrR5-nzFnia7MOFj`iHT>K8P51BdnQ(-%=(P%e^(l-h|
zEpf!Ud@a<WYhMV5j9`vqwb>eEy3VB=vvvKn$(pU$g9)Oyu5%M*rKjHt>?{O1Ovmgj
z`42Y|bzDL<NgO)<AFd;j7OEAi{1!M5waV%OdkKdA{Xg9Ml=+KHyo`SNh3Or7dg}ZF
zKo=>Xrid=-^<R(!a^f-c?i*2pSnD?f9_4^XE}psK1~-YGG-40V-r%xTQd{UZ0k8{z
zi5ZrE1uut8Otj^uU%4z5@L<0YfFnxk&0j%D^}Yxm7XcpdTa<d3;5Ptp4a`i;Y4A60
zu4?A%zjJ!j?RWLrR7(AN7~z5AhOH!8^E)>P^*%<8q!qyks=28uuJ-c)TmsV*hpxvT
zfJ+#0s?vCTZU}GCkUv2uhX2-z9{rP<5lY=fejQM^P_Z%2UHg;UjCvd5*uD<@6{T*5
z`?avJYdNFXg}?AQe+#@QLWDIpqbQc+*8p(D0eRtO*dso0)4-$Dzr$O?#!pH1)d6sZ
zSRfK6&-xoY4&rf=nNR*5r6LFWHsF~DGkvPR#m!WiBG9Ki3f^M4P?59v*26Z-mDB=}
zX!lQVal2GL%btH2`x1%i&-ASW=;2BRH5~4&O61w@NJekp1`Ql{oAXBK8HXglLqZ?k
zW`0QpvCXD|8cEYdW6ae5%3t9-=w1Lr-9_#zzGl5(c}952{F&)R03m<8)BNpVt)brR
z0y}mycAelaM`pL8b6TD<lp@yA9|yqwl&S)I5dgchiqLxl`6T4g@%K`n8`LM&;&k8R
z{IM`#v{zqXuf}rKm*c-dOWJ{LB`(iMo>yD7q5c@4Ys8uy<oRhTHSW^$G~l6A^M0A&
zVx+jBWqLlK;zGWGr~W*J&h<+GJrdi%DvZc#1OE&PER>n(OumCRKq$!<s?<cLUxXop
zl{{vVA2RZX=@2;hy$K+RrhtwMur8Vt<4y4=!;lhX3OgBZoA{?GHHoEt$js9yj2@#2
z{v_CL;Yud@KbrX!6d2|g(H4QH%7Sb_S?ccqQ<sA~NL9-_0^guw)EWy<<1@P5F8)M-
z_9zS4c|K|3nZHixe%Q*>2#U@<&Yu9#E<88UM88<0FbRk}4d)1Sz1ANO&_(rbst`jT
zihKtxy6|#XS-_b!q9mE8Dwl4x*xw#+)!BN=6VW`G@1fcO8Fo(Q(+OpBi68@MC0&X}
z&X&@xx4?QP2-D5YrtQXkhF|q}akq7sbSa<^La{Z{AT4_Jl=e|s>F@6hD>+9Oh{R3o
z8plsS-qjEXlY@LTj;B!>B~v?pHre=6w(&pWFpJ+!Wzg@p<EaX!&@=p<0J^Xqgqc_w
zxjlbNrK|3_&mkaBJWt&Wa$xGs{wx?$QeT1vLI(#X8*N-?YaiMX&l|O<<9lIW7d9`T
zw-VUqDb2F{nXnV;0fEHwiM%HwODZ{4=J_*V4YvXZfkaw|6L~K^j6~=*wAc)2atA&`
zCE6x`M;KD6q_@U&!N}Y!oST`%WQ1bV*Pjm9^aBHdPd<7qi64nR`ZA4CDm$5{p>_i1
zo6^;v2Ebv}>(0tTPb7hw*pUoVw#EbBBu5>GUj9@Vls%!q9*<YZvH|B>fgiUqfug)f
z_d8$*9%U>O@JlxSS(QS4BPHrMr1|XtU8I2FAnIMT^C6Y!U9qdT>ecyE0Fgl;6ga9w
z`3`=2#E4tbnN;u*20M5Y`p3a|O(`_eZ-ZgwHSB;Er}DEYMnv*p7(JkUiDYY6fN|=k
z;U3jpls1Y_Szos5En|fjg$`z~>98rzIM|S*>82~yS7}$sePl=$dn^2I*h85&w;+{R
zT~{{$35r{cC8!H;M!B7N8seL<J>#F%oWeTkRatTRdjMJx>_gBAyQ%5O_hiFx9DcYX
zueR*v{u}@<aTPd;BG{VFvp5{q;E^E<atZO7Y}YhuH2R%@Ry7!Kn%$|*<eM33*$}GX
z4HzxC4?6HxyX~?v&0hlRlr3d@>EDT8$9RqR@>3_a7rI2czZjOt_Bsnv+u<!N=*+(!
zS;CA)JHy9@SaOfQ2&RT?Q!2?0>~Qid+eFA@%Hi|LL1;&SJNUZ;a4rBR;+Y5M@FmPD
zU_1`zgij3t9^x+qJe-QQAeBhyk2(Be6&@RN!zzzJ$N9U#)Y&jKLHf6jVCtwFgr~m$
zfT3eTx6(oa>hKo;XdZwPs=tuSmq$P?$kByiK~c8(^8pz6NmF!Vy6`MT2m50wIx=Zz
ze;!`Hgsp$03t!7zV!ZwgR}|3-{apdL93~}N^F9{<w<0Tb4Qov@^FqH1=uo1_1*t^g
z4C~5ojz9}Yn-@M!1bUFa3rw9gzd$6wm3jPh)v-RC7o`I#{J8*J<|@b~l-QENkB!XC
zBQBFMkH|O}hnKO8Kc6h}GB`Yy8tI~xZyjjaENtOYwJ&QfYAR83KA$Zs9sM}_1_Wk#
ziF_b1Q7y#MS__z(r{{R6A7|epUP%7}@InYJh&uhB0(M}i9-8FGIh{)HAgoCtPPKL8
zuQQDC@#<d4d=@(OJpXW*+5>Sa^|A~3I@Qz}-5CR^_pJR%J0MQ*kAwMZv2w?;iaV<W
z4e{ITXmfWk(IjWLv6hcRlNxLSau+c>O`Ww~{ySl4KLsNBu(P(-&8MJUMf{U=RpJXQ
zDh`VcQQbZLV*$lTBo!(KJ>TlR7rA+scErHG7(Y&cmHQ#>h~u5mDmVWCOMr#v7EsGJ
z8#RfPVrKtn7*nO#S^92U39q(2gG(93s3lqJ9|q_Q1vSr-V8ni+r%L$+kpRz%i0?3{
zEPS-dMk@S6VPqsxb8WLN5f3w>=gPp%d!|#^bcM$nQEE@MiK(CL9|DM$_-0dQE;PO;
zzg)e!+vU7E2T|xJsdEU5i0FEH@#<(U)GNxBi1*(Ca}QD=sal2=&+onX12mE$bbG_Y
zw$g<d3&TxFM!%ym#TvTk?~)FRTdXfxP75Jp7xO1(H($q9>F(4n)4YQZ!vnIC<zERK
zkN6E~mEbqD+R@FG%&nvnIn}=cfb&)th$MmYW+lH&1w5^Hl=#l@F9+c2p)_HK9_!67
zN5g8t0+Ex^zltGE`P{?5jPM!6k0|1uRs0#%)Jh*Uv@*lL6rf$0AcTBx_2HrZi|ZG}
zdM>GsI-(VRoLGzS_HZ>nR28jNv^b0?uWwij5oxIP<Lp`_Fkjf0pQJ+O_rB~55QpA$
zSyO;%>5`Qx{zWj%wVoNzZT)~eq_#k?a`ulho}>LZDOU{=fb*GXL4ST0-2zS&!2e>v
z28@tKgVN5MYGlRkUjl=&z&sQ6*tdr7PMr;+njWlSyC5`G#`zZml~R?Y0+FPxF4X`&
z;XH>G`3I;&2CvnR6RcG@j3gX5J%Ha!g$#5?&sKL(S>#^;fNoIe)PwwYEyNZit|pA#
zG%$*k1N=C*>aJ$MZx7_Bpl-t;69J;z0Zkqhb`S72z3u(;VCunmY7+Pc2l4w<&J@I5
z#jS{V$NA?1v<GWbq9C8XgTJC;)9JyCghV&s8cnR`q(*j1>&0Utr#Xq@hVVyZWtM*(
zMzF3Ri5RnUL--AJlJid(1+;o7GiG2;abd>49)KgK<>jGaFPm^UbC{Z<zLW+N;5XEt
zMAcDf<}m&tEe#l8^CBu5!L~yWSGNY7vnc_ygPnimAHnyh0s-`w&>thB$XeEbb2fP%
zW~0hR@}pGl<BKDivY~=7w?Pkx<SGzQkvhfAk^Ck`sC#T8dSX=AWgx;|(}43ek?P8i
zqrj`98UX{(8O?lmI`yyy4yMk=!65N+LZkUb6q;bom0QxN14X9p(xAgwgZL8tv26^5
z|0Jv?z(3F91$28%*oz_(F{nWc^E<uZUK5|Id@TPHx^S6RpP<d)PBpZ$zCi=fRSLvh
zM25HD$={>W3w_2#>HHCXoW+Ucfwzz27pj0ejb}8ZrlqqVXK|p^L!vo%Ryww<?a})2
z;E{y45Qjb<ANK0Ve)IfmVGxLmNYII!z*nI9bu^zr3JZFqOo(!6s{CtUMD94osW&F@
ztP}whl2P}EAx8{;Aep?gf3*rDv~40^$@qkQiQgtN+e?LOxPKJ}p2mXF9+UWaD&Y4f
zF<>j6nI4s8=^@i({vL}ou%QDCt%aSF{O1F6BVHC>holE{=0$1#(uPDB5lIg&oyQM~
zXc7qln^~=sY$K~70e~Y%s$hQ9ks{OYo3A#t-u?|Zr7#leR5UyD`F#F;$~a;UKUn}u
zv9(e%qX8!qJg{@3BswkRStW=Z+0zS|k|18xu|>Q#4X2M^;&y4!ku>Wt<XCL!i|*K&
zwG*9LWP$B&OzacdxHv0bhxQNXAft+dS-nDrVX^DAsCr^-EPCqB*qNd2V`I~`p{?U%
z_h>`$<6>86L-h}2{iH|p$HvAUJHYct_@B8>8l2T%wd=ajfMOa!)P@Yvk3f^Ph8Xnn
zP;&+PV5nXSL6bp$n%q7$(riafqs=|EgWw37o#@+1<`ivz^x`D54ZSeQETPBYKcU8P
z=1p2O`FS}v#EmhVwdk2q=2PhYJIz<oUt`V9A#2dshezjk881lcHVM<b(BH%KuW2`F
zC+p!~!z0?s#(X2^&^)I7ToX-#QE1y@OZLdmwf`6XK}Y@*TZ&%Un)n{Nw!t!sht{gg
zxaZ*#CH5nA4T-wY!j+a@hEVp+gy~xJ@p4O*&h&1>0pqa)CjN-&J^pQt{*Znzv<R6U
zp`0Q5Roc)Bt<aexJx3pp(08$fbd$}u_Ztm&Yp&t;rI?+@WOQJNo{uJdvCgbPJFiPc
zNF1tf7Z>grQk6!oR!E(Ma9@$(VU#vh??tcd6kVy%VI=<|e<yz|pOIh09ZDci<PW7d
zsi%Yv8-;mVov<ymdAK=Uhl)m-H=u7unxT<rv{}-RG|p))f_x!DfyE^Yi+Px8Dt0v{
zlI<j$h3+uLBca}c(88g|WvI~nqZh!X&X9y#Ks*L~EJiR4vEHGPU0j0ps^)La9Vl+H
z&{I}&8gYD4C_0mfGckFxzyitZM}_w2>|~)6I%17A$1P~Ybzzs1;Y`BSHMc7jT`zL9
zM;TLud1%^l(8Vwy3B55zaG;G7W6W}9Bd!gXDD$03q_FYN6yaHVKo1PyV$fGp1s9oF
zp4Nz+=4>V1nM4dzr)k1krk3I??a+tQgmeNZEo{Us6f*$T(b!qCP8SwZ7w-C5Apsqp
zE~smxJsWZSRt3N~l0mnp3xk+?I4ekK<qScc!^mlz0Kky{vym*_i5Wr}#o)l*0-Tgp
zLJXR?Jw-szYoQd@s#QFVxL=_f)*v;L`7?#Vv`qjIlF-GOf;#y;wGoG9W4-O1NwwIt
z7t9haqGz^2hYEqNx=Sc&b!+OmMjVMv^OiW1MgsmJbeF(E4+6<b7J&+SeYQ{$g$WM9
zJff2n{*ir-Fn}f3%N!Q;>P6VazSji<3eEwlw{D<!;}{rL3ByRW`TQJVAR|)ru!(aS
zxrn{5FK8SI$ko(Ob0*<XB=pE!p%*K|lfA^u7gUM#`U#CV;O*zDbS7cr5gI>Vn5#u`
z4?q+^z<*gFumlUS1%n%LR8%<BDH5N!=R#pJntH4Q0Ar+1Eo5_d3|lFS=9I=X-+0pS
zs`RMnu)Jl?*3aT|bU)K{*2C?58I5aU{gu9Irw1qU-JU8`uwHP4{#YceV_9h6a}qkV
zB+LTRAXC=328PX0a-AMxxVx?gK}=aH+(%748FFnYLp_lUDQR2{L*^^8(}Q>F_LQK5
zejyW0Stc|x*}q%JK;4!@p%in0cH)d|Tm_@1DKnfN;t}260}G{X6^v;Aa^Y#(S3p*4
zSP_;e;)iZ%qydn}N%M3ctbkRBlSU}DWo49%XE)-gArEAn!~q|!gw2xvt5z8=TP3KA
zjm3?NVMGaxAWreqzLa)o$12z`@$<vOXjDM*2YyH6O4!NVhDlBjJ`rw@8&f(fG-<W)
z8#ukoq5Fhv<or6=Twtw0T>whEp^Yo>SOvJG8k>)->x6v~+9e?v$}-uQ2K9!<<uGc7
zw~{g`1WW>h_tEDaTUUxhbsIn_VS3Y*Ml|9ubCxpN>A@1__7oB<(fJL+VRX_4g~V1Q
z->GA)O2*5HrqLRsR?tWZ)|LD{x-MElxMm)S+W>FGcpU-kcaFo%C)w6?ukbK+$H{cJ
zyaLU(5~lkmG}Zz1=!PVx2j`bV74^bJmMS3N6Z`_Jx8Q|0^=;e$;M2DDQ^`o^1i)|+
z+N7e)Eo=;r$Dkv-rGH}T69TwgI?h|yidH&;kp{GFi|~77be~p%tmgyR-yZ3m@AP1O
z7`lD8AggifvrV8W9YW7~TO+PiPN?Uc9xNzskCU7)bUct^LC<azexv0(vaPT0VN54f
zsGr%0%a+r8M)kJ(Z5L{^sGB3qh&OjIv3C$2fK4-N&S~T^;(bC-(=}rjcSZlV-l#c;
zt>TL@4e<e7ah$z*xYI*a{|Eb0z>94Zmg^#$O+wE$3AFk^MIs@9D}#zwbb1DnEexVt
zaNH}*QOWHq_X@qJ`ox$hivzK6KxV_B$U?}yOBhB~FWK*jT~X^~1!C|z78rtUnA<Zt
zvW^KA?FLgi>=j60kfE@c34OgAOi@I1>-z?9O>%L)-RZ%xvD;Hl#)n2Bp(Cg=-04Zi
z9^NCcAQ>a-tqI_|<TPbaE1BPm7`P;)Yi0x{#Auihumbe_EpR@<T8!w+`OU&hY8ry_
zGobkUz&PIJX9tXO)g8dy5}x|C)EtGLyiceMr@@$EF`$(FOp(*rBr_lYEnQ%Wh=)FF
zzt98yvK&N!=rUr#-r3L2Vn$f?TQy5G(x>8c)<-RNVV$Xq!NLE*jnGZf4%DE<*Tvy+
z%BX+?rY);=CgJ`$x64JnmX-s;9aI{K*OGcr$f9109KdCtO2y;MAWCoiLE%9PnE#hx
zL7ne!6<=rpSR6>f8&%BC407Zb-Y;xYK|3B`M;_?fty_Isz(&Y2i$c3IvQfdqLVRf5
z1A>E*hb-bbB<RuU2f_1VHUc{BItG#nUNab8riTPpjv_-~B?0~CA%XR*;N^TmAPI()
z`zxIp*tH9FeONfCMJHbcS1r7Z75(~9t7?QX0|U5ZJg6bwnSn*xol%5QOhMK|f+;lZ
zQQ>GCJXy0W$=cfkIN$>(DucLjTMvQcl0*|(?dl=0gOUBz8w0q0Tu?uWLWf+B3z^^(
zR6|%yz*j%PzzONR<^YcN@|4-mj6{N0BFg_0{L}ZJ5OzigE~Bka3ak$mW8_T>w1-hH
zuicpu52Mf<PYNf{Gj7}tjhXqxVKu$H83EkZkmu!`G%@kxVS#o&szmVZrx-_j5fS9q
zY6MM=#`=n3tK}bkhW<-v!oIA@k=BZ<pbXtaJ%0S(`d$HC2=@5Q>_`kgBJ@`ui33`T
z0lo2bl;5;4Kq|q$^-huaP0};iUm+RJ)<bdZ*(m3!LjYHRv)~vJcm5Xs+cqP{9%Yh6
zvWof-QGQIvDqISm2GKyEBMf(gM@yu?@;RXrd8gq-9rkFSe2(dT;(J**jWxVO7?=SA
z!(oKml||3llXxw<{!yV6A2CzR=4F92Op6_QXHo$i%Fu;l0(93<D7;L&m)Ic-_e$Kv
z7WVfzrDp&al)=k|aUh(o0(7|Ck$}E^IlRgI<KPwJa78K(;L30rfD&~w>LsC?I#ML8
zdG{sIBp6Pv3v>ot+)5GK@#f>gE_6Yc$#&fT6}DsQ_-X^V_+MTh?<74rp{=h7Ry9W`
z7f&#bbS5&Qe-;W&Uu$Hyv{HQ3>f<g8Tg>}S$GJ39oOZ9~YvV}6L~OWTic?AgxUyId
zIAb@^?aD*xr@<{vdJSZbx^+i|c=W+(!Hnu&0~Zlfvt7L=fJ=;nz2J;vC*JL<q{E&(
zDOl0@*Mu)3^k-wqUu1k9lP&cR;38r_SP;t>I{&&b6g|@nO&LH(8=8Fzya~dw`l<jf
z-&Oh`cEKJ~=+G(Qj_|&5nCN^H!U_zE1J1|sb{>(HrGaA1t+kX}$Z=ZONF7dK0YN2~
zupqW1fUB?nYujDV{O@hwdj_^m_?sQ*27|zxrDwIr>mXfi<QxJX=5S#?C=&zuu!nRA
zU_}z-y>~`fsTwlxEj6c=nSnfjc7ZcT?a@<j39FGe7`8`4-i`{0RtCBP^dKMb0N0#C
z!M6o(m_Asd`@YMZR$69D3v>bSa&Y)5r_=M$*5knGBku}Gbq<!i$2LGMWNiQ!I%|Mi
zr2Z3nPYAd8V-}R11>J#36WcR@3-aN}*PUL3<mo~pI&c<nAo>{2GIiSNyww4xdfvY8
z!@RA**{S!LP9j-BfeUF6x0IxVicoo)HG~#bbl8qePiOTFolz36X>q=$0q1MHG+z@M
z*pOIA5;pm|&{KCO4%6F3v&N#CuaUb;0r6dJv1Yz?obf|_1OGp||7tH{;TbF|)qyfV
zDiT`PorlnxG#3(k&40trZ>%d&3UEb06l{Rqu57Az#(x9c44;`K^x`+5=|MitvMEpr
zq_0#GS;*_U5RS}<O8wyixE;hwVVS9)7^nc~YM<LFR%5;ve=E!g^EDD7pZ<>dT9llw
zfCn%FO-RGn_TPicNbFizXIqf}d!~VjIQaSndci90hC-)EBA*O5k}e5}p)bD|UIIUO
z8ou(uR#P?cY%v7NVOY@)Kn~mLkmZsPA6BCbyd4^MnOQ`NTuz`TAO|*@=As)fgCvk3
zFuVYd{=D2q`@W7@aza*m2TEXUBw4WWYE-h|##Kf+x{xD)TS%O+5HTb@uL#{4KO%J7
zdxf1iI--BT4I|Q5v*THHO_<tt#D~|IQ$R1==<m~*v}ZK@IsJp?OjEA*jNzPg+<I52
z!*$_^wq1iM&==@avISH-PC&U`xmYnKg#P)Duz|U;VNGN}M{j_H5Y18@=nZ(l@exVa
z-<2ESDU#AJA<?v7S&qPg1w`nq!HHsTmp~OPRRjJtIh$@*8MRFB{VFt5YeF>Y{@*}s
zi5LzK^n(G_-ZEzfu}`i)g&*k22hW7%frwMJJWvgQP-mmEft0_5dKy%=axDL5*nP)1
zc{PDPFr*(0NhfA9y#O6BS=yuRHzBV^j5&k|JbJ=xv7kS1Lbta20WQ_T8cX2xR^Zdy
zQy1eK8mPe&HNa&uY>+~)+!DUkq9s}|j>La@Z*PhbeQ-OhH;K#T3G|0CGn7JS1`edq
zmEVPvXh~ntn`Fqp|6l=>2Sba-^H7fKqT#;Nt=GP;ISn1Blcbj<lUQoqY5CFO5d!A#
z&1KNMcTJ;F5(79_1pz`j_5gQ{wYVek4v&slET&yASZE`ljZkh?05=V|6|mLpRB7;K
zn8{j8Jd(7QIV#-`W}6-?Dv8AboH~TO2XVX5Pg+YK)XfiJ86o*7orP8wh)dv|7QneM
zk9Rmrz1^>~u=*o`4sn1dRwzVdH?0cbR9Mxv#Z<c78C4jm`RFO5B{|fYw@hT=d@FOG
zF<NLh6!E!0*kt%O{710`rUR<kfGUYU{xMp*sib3!$)di)<qY8a5wNdx($RKMuq2|R
zCQBDeiB_Sonl02-PauTs6u>uhz$Z+{cGI1nPQ_`8*^;Bm1c5lQj4B!A3{3f7Ygq(X
zizwyRwYm!6_s$k9EUn7MPHr={DtaLcim@;hX@gUzz$6ulXus8xfTmku^TZ_}tAT`2
z{OG1K0ux~b*o}0Y4RfcbqM;T@HlLR)dNk8)i9_#MEy8Zu!gEU#jv>X92)o9o2Bs0v
zRI7!yMuu0%+2b&Q@amP(3k%31Mv-(t04I(I!|Ei!PA{RWPZBLvv@5oCt@lI=O^#B$
z^8)zR8#qhp#NMT6M@E`av1DOJFKW0MjmTgHb~;B|0AGd!3zcpsd$&jSp4}Gj<q0zD
z$t9ez2XLAh%tt!uxL6=t)Om8CjRAciTWA9;<e<8BI~HTnre$+aYGSmTG<=2eiea91
zliti}<<Zi9@uHY(ZL<6!JY@dDTwvM}>YQ)+Oc&d^$pVXjm}aDFfi)TF=;>a-nwJYf
zddO9;3B4>3By?x%7_rhbp3tE5Bi5avitd&=P6w?LuemK}WyR4H4|9Q=m_&TO>Jm!{
zO`=bJ4QgzUmssfTXmvNc2^R??z68*AXOY+*-7EpJ5<#jcWoMD<iRz|y03UJ4wv}2~
z+hE0<R1ulW;4DU53Gd)0oRxBeo`BE_(*MKDEZ@^vcY5Ih=;WSJM>VktXO=+O(ZKco
zo}fht3b1zz(v~y4DIV>ca1VSg0Jj5vqL@O!vK4rKAybQVlRcVb00#4xL5yNXE~V~}
za@7hFdZru>H%6YW(7j25L16kboWK%vxEGu+YcJ4);bqj7m+nns8{h#{ClS77cq}xp
zNzut_!nbhX>|~@8W~Wkg)_Gw4@Z@k=!NZPE4raD!{7WNiztI@W<%!ZEai;Zc%WJ|*
zLOb(arZ-FmLz;dJzf=1Sz7+J5HpZXZl!+Dern!YAY7AL>Tgr7*pH$psw4lX(Eb2?q
zeVT9}TP+sSnog*XWdube?G4_73ac4YDP8(B;cz(uyskP5_>V9!wG>HB>3~RyGPaNw
z#CrF&9H!+WGIfW3Am6PdFKNORaUeN~xX`$M7S>)_5fWweQ5ZNC69mjbYb0LQlm-J!
z#6oJl;`>`_=myT#fao;zXV!~uAhijH$=Lv$jTw8czoi)Ueir)N2ynNWD51=5!nw3a
z%(b${QcCM@09>j<J+sLUaFJAA#{m}Bv`;4W4q%FyQbpH<Q)t=BSZ2cB8DQC?!uOtm
z77^{KW%hv%(Kq2dS`ozT#PLNR)>`gG!+wS=1z7-wu(TAWjnbhh8L)|DL_Qq|`jlKJ
zA;1NLn4r_CE1Gc5tjcSn#{;bxWI0EDCUWqW++k6d&+?maQv@gsipL9gSSo1gflQq~
zI0_F(6HbpsRMGswpo)lZ|3QL22K{R=JJRI(pvY$cN53}fmxP2NmLy(hC=F$eundCx
zvVEGWVVV-LnzHxFk(Ob!n~1ELJ&Lh6oH}u0=RIrFv{9DOv{BZ5tBw4<n$^19&`PFF
z>Wc<^V3o~rvR1k-eJ!0ue;vq5MjIDd*4Fhj{$Kk?xBLJ6Pul+p1f@Nl)fJto?C>S}
zGsF5N^8U-(7kzYh;=7!6tqv8$bnG3f*lC+aL(n?wTWuakv7TxB;dI*%Z?^sLM%xdk
z+J1Pw?T3@}LtW(k80%|oL0)b9;Y8aHueAMeyzPgV+kSW{`a{-q>x<D}rdwZV`{8-C
z`i|t8b!|UC-S)$gwjZ8q`{8ig4^OuJ@I>1WkB2|hv4?i7hr(aNA0BJ_;nB7q9%=jG
z;kF+hYWv~Awjb&qX#3^<wjU0*{cxb|hy86o>}&hszP2CsvJZ9Pmxin@Z9$sbeh9Yx
zu&3<@)b_*fwjXx2`A}!Qx6K!8Q`--LwjUbXe%RUe!;ZEewzvIo5B(4-_9k}G@^Xgu
z3v9nX(b5Jh$SkcyA7@(o;{4*5Sfzb>?7WpfqWyPBzf*i#i!uXZ7j$5!F%ubdhW4T4
zfcTps6jLMJsSV9(7E!gRy#W2tpJ{YgbiFm7A?dvMZj6`TgZlysl##A198#h|--rj9
z{=Q&0px6r{^;E*$x07E_niQ(KApWJ5%7XYFZl&m=*17gO5$?X?E2sw&B<Q#JPE<EE
zbPM91&N2WdvA*!V*pJnPG4RHYk^$9yFRCl={e!r%(^KTiB3b-bzZWN=`YzBaauy@j
z`v*2Xv03%$K|O54Q$M2>x_#*24`POv8AUwi;>9SG`UP=&XRYY6m62YQOX3)6bYH#4
z9)oHwiO@>Mnbf^5-GdxP2}Y0}g}*O}wKSF^BbNOr(rOh=aK;94%^9j_E*nWf*b30?
zOJY2F??-XFYSiYR*siHBI3Nf&^R#)hU8F<7ZA+ztzWGUHPePETCjBg`@fs6^6oS@0
z-$fs>K|hO2=}xjQi)#OS)*f7MFZZr=xk&7??6UX|1>A8(RNpAA*s}p9>?gW%Nl5+G
z6_I)McU%>zmqW2F-GjS;s{js1)9&01^vxBB7GAh2GH*w^2LG$oq08N~4&X}wo|MNX
zUlZADJ20;dRW>dwi#2tM{5*{aO<LyHOkU$fZm;&LK2`UqTr4dVALo~Z9M{DUz!4}8
zVmCXt$d!bnIJEr_U<mP;am(`VKSdhtw#V;gD2sx)yzNp7T+qA)z^8r@x1x`}hfF__
z*OmWe+@nt6z##U?a~HFjkN#I=x6;_mCN%H{<3SP$zKZZWXNoh3!=WM&b3(Yl4UvVx
z@LmliFim&H1#u0#++XdAWWO8#5Zi@@|0?ca$<@e0vA;73A^waoSMv-${D);FF^Gdi
zNX{n_ZdU&ZOOV~aYLQ~lBY%qO_h`z3_&$EQH<7N0zWP%<OQFg3&;7-SMYrE6h%e+9
z!qnvO4gOv9&`cA?3O)C`sCpI&)X{#7QA<pHQ4p6Xhu7D*l1Q#N`KDM7t(Ul*LLTg?
z`&(2scq!9^xHg%mv~$tW^k09A8|WoFvdpSmB75G4II$JMIK16SY`ZVs5+}0c=nXLz
zJwL;e8tDkG3gXbQ1muFW-EH_sWcQ)SUT^;cin3KG`v!67SO&mEHC5jh$Ej4)ncE_D
zcZs4AxvS9NGD^ec=xVh_&8S^5QeRnd1#!IO25RB3c9$YSt_)|aAy&5Rx+1A6Fy4wF
zzC!BpX1G!bYWZ5}W5$M?1~clSlOmVVpt)jP5EuL0bMeF=vWs-m5*2C!$EKz{s|ezt
zr=XvUzLhkPlkTK5r!55)dzO<ZF-hY9@GJ)Yjr>tEg18I@_ciEXk(bI@ix<|<OL#Vz
zu9OqRcj<Cn;lsg8Oqmn5b<|6&YERfUJBX`D&~wkAr|Bg>#fw181_n*1t_|WFb*|a$
zkPbFT>@o-e{?Z_+FL$pC;*y+80dXToI@Ks4DiQ!4gU;PH(_|=}IwOd0)J3-FFu@kd
zaoITywm5l$#G_3nNp)pgnH$W7`LjTUClTZLrb)V+&fhv@omrx)m<CV%f;liG&pVch
z^mAtE8_KeZEO_GURY6i;jgAfCTc94L%tfleyDicK6eT#p>S(e{5Z}(G0tRx>-YP*h
z5I=)OPP)$;Meun+T%gUylM*fahBb^efnFyvgeg^~20OvjRpVT#<RactQDPOrd?TFn
zVUiTdXo5WE1+xGc^fx_M&5~42rG#+DAcuvQFuqq1m*KOgFf<0q(gaEgB99MkG1B~D
zq|;v3Ooo?AVkA47@_JI4tV|46!1!7?m*fh}k{D@jL~g9e5G$#h+dBnm#fd4bp|KLX
z^-WGZ_!oL~JeDz+ZhUUA7ffFXXR8pK|C_PWdYTp^BM!t#)O{gr^-T`qI@7oYqbmug
z^g}<#N#C(<PXhjXdl05pl`=DkOHA&?E|PXfcf?EVi2}0q%kh#rIPV(7Wxj|J>yaSU
zvIJ;?8V7G}uoQ5p^yV^$>*oZC)wO~8(2$=fsdG5<g1Ayu1qX@rWtDV*?Gb4wD16mH
zqTQ*K7M+5)QWa76&ZH>n?M#wX&mMSVg7`*tjbd{_p$8~;EmKNC*OMeAa+*4zhm+L@
z)!QwIuOgRu+qu$-J-L)Dy-fx9eH&vVbWK4s(b8ZM0G2C2XX0WxQlthH=Y=j=IB~J)
zqZFox=wVwC><-YQy>LEjuzrlUOMge~hZU7Nq7G5tU?FTWFMKk$JESR89*OWKq(-T@
z!XT-w7qVkKCRKt8819-O>^_^yw$~L)I=&_%YL;o_9C4N9sIb*^%amozGI0FY+>^Sa
z+8LT<T)NJu{Z<RjA0csotjrG%0!&7NWcR~pH>63+S*suOoOzU;E~#&L)dmN`PP4oV
zU9_iVdAjs1C3jf9DTl}#Xv*?nEzDoO-bFez-09`Gz_Jw0&yW()g^toRnz0Ixw4hZP
z66?jq+wpb{4uHifmDR3vVxx{{NUzhnKX6Mxk7TlAPFUtm3*rh{4OTZ{abWjkfn^<#
zB}+1+&$6PFq$7w6WaY{P#^rXMB=+71Va16&lL7swlUnGMbwOM#tipmp<hdwY+NLsv
zKW0bC^N3(yAV9%NS0WL&?w!GI5`CGsAytpgbPjJ9%Urz>#O1}R`V2aCNOVfc%m*Vv
zmzX0#^i&viKQAlT2gdYMYF*Ga0%xElM`DfrWCzQ0nN$;Ruf8IPOQV&(czSZ(>4oU2
za-hhG9LW^Ak}GuvAE_tq3nsD99MDx`dcm55U23Y;cMbN2S;~AIbyPx|T~cpohsQ6j
zku&{E*C_QnELaINr~)CQ3Lp>o-l_mj<uQVJhy)wPk*9BDSk?NF<w4=!`px`f+$r71
z+P}1VO&4P)@Wb~45d2X_25|wT8YadyMf6FTG=ok|wm!Y5q^=__4&sVs<!Yw0j*pO%
zkgGtNLyL)EkSr*zShAvb3Zj(rm>|C9&=1xiT{-4%DmNeo-PbK_m58C46U4Pjs>uPN
z@4HFsRHCt^kZDmGvP=o$YwCkwX56LXPWPZ!M@R|ia-qa>+^sk*>(1naD#>xd5iqg_
zMv~r>=etX@>8T)WyH*TGqs@rHL42>I5=M|NezN%^MH0Ks7+#3l8RFa<Z`13@r)8ir
zE>K0NZ0P}1CfDl-l~E5yWm5Tp_rFkjn(5w9MTIU`8{>@&jsr<4S6Fm`p6Uq)|I1Qo
zJF6CBF#~)}sHH5*`Kk#HgEh+mU!r_rSQ4r)25*++io@GvK@}nW`XIjGQjTpwc*suH
zzRMO7+Ol>*a0o0?HJ{1l6XjA}#N0t9fJr}f(5aeV8XOFZ4E7Fnk?t<Ex0iHFrTkv=
zNVN1qpp^x|I{>;wF*7ISLJz5)N*hqlinf<9r<wNhfIy$)?}F=3?B-cH8oQG(7gWzJ
z<I8E!T^D+B=zLHVL(A{wA=k2`ztk7a+s)U7-r2_&Yt>iCtOe++-SA#O@@{^()`<tL
zL%$7>azplk(sx{FN44~cuDA9lIB$g-{-CCi`+@5%ZPpDGo2+{+FA4|EH_aKQF~)kX
z3%q3T6Fza|Pkmu<0_>}@el3-z5J*!WcKpMVB%sUlb=3DJ;-r6*-F%8smISB3XqN)K
zC9d+~VbVP+>z6g088j;DX+c~|&I3P>lnkd0m*Az-q2O<}YN&UHOX|9zJBVw^1u#9y
z1f*xsV`U#9u}nZKj%YTQn#jU@Z+dV%;MEU{Dmm$kM@dhqBF%oInIa9#c_{sZ_!qTt
z%FrObm|idz9`qo`82URh?Fs1d(cnB0EeGy)3d$Q3<?Hqf;+y7qwJzE)H*1VEj+zAk
zjz>4fFcp+cM0-SV762Cwcag#dw2+b3iH&2W_Gr*pX+UHkyw5WhH1^W*QA>3U&V<o+
zw@W0M3E@ugsE7q3VZhQmCH1>P@xd8DgfayLoP?lH-zhz&5^(Rhu)!sWO$<&4=sau+
z33uKeC$Wp1ggbM_t6eYfsHOpQfdXD5>3DczJQz-r_5kBX!XDMj6w2b@R5CY&c4Y1c
zCP-T;Cd9;yny8-JyDT^vpbP7>sn;FaGf{$8P|_htP<eL}v*DdE;v%;MUL)jny5V}g
zVW>7BPnO1sORb+;&6WxLV(v37k2+44F35_|jB_s;Abs)J!1$(sV@r7Y!IZF%Mx4d+
zW}J?*Ep>?`{~=EWc9Qmgq9PloMul3oW(eHjMtwR{B4?*c57AkH4!w!*PR@)$)ZB%$
z8PjE@U2{}^rFc5rf+TN;03HI;{g-3WB|#>p8TamIi!OTo`|atVpb66N&ILt#>e;9^
zYrYv@E~&(7lLQ~*XGptfYaj7AQfD&5LtivGeA!klCpPO~NG<kK%E99ZO_?b{a+9nO
z9s@10Ghwan$C#@^&vI@vPH$xNW7NDkOBzTekx*&DUF;agV-|sRFKfoNapy>uWqIN*
zX)LunkiZd9-fRX=HS>gKoW`p5Rxw{--fW3IgBMm5>Od!@8E5MvTIJn2pjE<rHK3fi
zQOxb!j5AOW^3t~z=FNqWH%w19DWUtoW}JmCtZ~s+!w&N#mK7og?ZCV!Pa&ZhXQ4r|
z=yQda=7DQKCMC4+%xB_CJ%#DbI00R<lG+h>dM;Y9KuSjY=R+Jz29Z5xE|Ao=O52PR
z(a>ATZ2sH@Qb1)svlcREgz_e(8K<CuBJspeUAQnzk<$wq-d4Ox9ALy~hCy_^NJ>Q+
z*M-~|uh5KJc|A%VP94B0nXyRP8&T-sPwfY%s(3Nu7Fo?}XwHMx2Gvp52Q6F-sF97p
z*-nDn%plZ-V=bx4;d}MVnsG;Oi4xyRfr9t#?a<C8(o!lyFi>TBz1C)&k14`>jHEx8
zEDh%~2z`4lQ>Vg|#m%?_*rh;>MNE=+8EB?fZWJwNx`uGW%Qxo&@<SK8lB$TpuR^cw
zmD-_g%R%{(7bl5=>a|jmQP~Q0=-}m=aZ0940i8y)YuyUS5{36|K`=yJ&(3ScS&K-D
z!@m+z9If2`WhLV_<zIC(PW)vpXZfKXtH4R4&0X00d1IBD{L1)dlFXaWl6l(IKt-ZX
zcK&0xpuMZ3l6gIvaaRSD8Yp+aSq*lLY?DxO_!@O)pq_6gkBQaC(qkCfw?=9QO|v*b
zM8JEk2i9I#%cw%j6Qi4P(|?{9Jaeq+aZB65HBvn4wNCmpdZ;=FJH0s@&>9S8z7h-F
z#`O|=DS{Z2#0^p6AT{Ir9wj(EN8-rY8$cY0D@mZc*G17Xwi)M^vS7y~*S4k(0u(|X
za?JkwoSC{C^m&4fk~YT9XM+=UMk9SI{-tZsJ|retP6%twOHB6|Lxv+E$4+UJHb$Ay
zjB^CJ3ebjF;&&UR)hdS052&p~y}cP<B*^yJY0@fmC?J(FEerb3illoPONp(3WBEJ2
zmhs<^W0w>F$D3;|gW)v_glHs2cm+x9Y7XJU@;zWdTC+sMnsMKD*&rsDukC>#hwPXD
z4-Q7Dt|`r=^BA%hB$l{02+|W4Vi^@SM`<B_a}U77t&}raTiGnJH_6E<DQ!_7L~lhi
zPUzGspy^1aZG8*8!rU5HUh8VoqZNDA66YP&j1xK@FIW|#eO}osU5cOs$>#f_a#0hS
z@$Clpa+i%f=+b^4oLP!{Kb;XB*{8-vnbF)0rY=xq=CJg?SK1Jn8lD-xSDm8uCN&q3
zoz7r8{qH`N|47sz&1_JyIUs3=)aj>d*6Q|Y<o)t?dA&SO9tXcWQX+Sj6CoA-tMr}p
zFX^Q8v~)n)A#IT6OXH<lsZ?@G9VDapoA|wWPJCT_MtoG<C*CXGEp8N7i1Wm$;u!G`
zv5#0P=8K)g6fsUTS^u%#u>NE{Z~a(*r+$dOufC_go4&K&p>JQO7xWtbH~unz0e+d~
zEPslB5#GUgnBU6>_|5zVei=W9pUjWq2lBo79(-3mlTYSj;Q8vmxnH<T+*jN=?rnIw
z`WW{FcR#m>+s^smG3-U$Ol~|kjO)+!;<|G=TpE|aSvj5V5BNQn?{uH(KG40Xds+7k
z{8Gz4UEMzT&;O7A)cyatIINxV|G9TF7q45oZ244OPc-;5>-5IT<WTC$tT%O>e8d=n
ztCUr`Q2up$7d`%46FT^t^iF8j$5x|`13iH7W2#4GLrnXv8lj!>691>}1!Jw@e*K?P
zckR|ta*Vtf^g~VyPT^K5LknqAW?!s)6b+k*FKXlWAnM}eZuGX1uV)KRgl0GND}*FI
zxO;EK$>*3NBA{=#morJPzPzplD>!iQ3#o%|j+b{(1wLdK{4B-kcsZLk^=GxvByS;U
zc}1oKxi|IfViIKmEl!YW<VgE@vs&;?ghG)4KaGLOkp*B@*C*~*QVYJ|lnZdgSHCk+
zE~OW2$fPeNvesFWD)eQyVC|aN;3*Wbjt~8jD8I@!Rgogcp^Hhfx?q#kf^)EuxjQDq
z+{CDnx$Bdo+Hwn8a5_H^y7)*U;zY9Sp<xc0*=3VeRXlG-3r^=3D$`(t*p4l?$%m=x
z1?WnmqG>W=PD@V!geQI>H;w`KrpT)(4rJOYyR5Dx7PsI`eqLE&Iw`ztvCAXrwHJc0
z-T^Gb+Mf`kzJE&zOzrkn7m}XxP#=dpmEGDW;P0i%)bf@Q7ZALEizZXU-zQf}lQo&#
zH0u>1({$GOzERSDsEdQY*3{2w=?znk^w|nYV%hELhyIfx$A=cC$-~1B0$@42mM)jk
zt7?`L+Myw^V1qz7i(7D(vKoj&6MI)P<P$72!v+cHyG)tfhcn0Jw|D@$MyV|%rVd~C
zz-u8`OGL9e%Ir~TBCN1pA}Y_2*{dieEjVMG=e03jRdkZyq{2mrT9nOrMSZODmi|Cg
zH!zl@8&_w`{b+*<0lt<ktDf0V*0$g@G5l5t<5!Q)@)jBs66oul8NX=wGOPvPj&XVC
z7lH>0S={bU`3m}WDfE~?H>!a8=fKgy3?o_f`otETCoZb5E~FU&7tIJX=F06u_vgrl
zR!Q!FzRZ=W-D%BRoOj^V+`^VVFiEv{BqQ>HuJRvr?_mvKLht3ta4qolR6%ON7q!wA
z*gJ{FQ@hCQ<y5kp6J5ebmgEJ>T5!EAb!Z`d<SsKyX20(e1~#I{vw#P9N5mX9<jW2D
zF%9{#4f$~m`Ry9=+c)ILH{>TY<R>=dcWB5@I+mYos4$r{`p@-F-V~A+CI7|6c<n8?
z7LnmK7Sbrnwk-LGihX}AOIEk>bZx=42#C(;0qU_lnN?j0Ru3*uRz*+sceUWkL%DBh
zVHQqSgnnM0T*t_|X=O6?ov12twhRYIx4*8Cl*U8<UYUFXTweUBJ>lK))ofxaM3pT#
zvsncl%_JGltw|onP{y6a%9>=AcBn6J!AZ?RUtuBXeh9s_CV8Zmss}Q6^}1xrTsrs4
z7M#$m1Wbr7*|IK~{X7i;E?J+fuCz^T84SRl;j|GO`PL^droFWUIAudJRjxDzHNWK!
z04^U_Nb5K*QpZ6jHY9gI{td|^X~qEP7=w&;$+TQVQR?1;3rqz-bmE<ju1l^|ap-hi
zGR@&KUpiTPJ&WI<5p@eS+;hfJhJE^v^k&^cdA#(f^|<9#;TIv(+>_7H{e&+?)#zfp
zz5V#?7kSB3=5TIemfAk0^OL8<;+ENHHHsor?Z<AeYYKaLci1x94EA$1_(k0>m)WRR
zB#+aYR?;7+*aWv9{aB$#el6k0<+j#eOAyh56*e^w`uocPxD4KqB#jbJt+25eojeCw
zywaw=1JvD*tFvYBjvE19wbE8YF94Ef8-ET1QypRVW0$^M8O`3O?z+mxq@C;)Ue}kQ
z#gJuO!coB+ID_<>tW5XgI#da~*+=4G?Hbz}YI2X@7X%+#6Sao{e%#dzuXEB%cR#GL
z4Wnq0g{G{v(bgGC)B*lJ08HN|1P(mC);31P0rEI&Y8^aodsM5ZaTB#?tNmEVm*aOO
zNl3PSosGrZWDzp1WW7z*$5ubfkBv&DZxVg<+?|z2-(ugs-Zq8hpIgVmn(A;d-;Zlh
zKxta`omdByCSJs;IvcCr6E7mok5v~u`b@8I^<Qo)rqM2$`H|&}edNBOs6VT*YMmN>
zwV;^KnBLHpngnBC!w#)8l)TX<gN_ybI6+#jfOwKkcHLw<K*>%R{KqDnO6T~>{5XkO
z?S}_f@%asn^V;5K!82L?4j**x5wnf8taqp%C#*eQc$%Jg1cUsxZ>fcWhY87x!ju3+
z6fBoDuVGO*E-QupX|Tn}ua=Z;whdM>?AgsW^{<vx`0;hK$V0902=7p;C0Z%HXiL-~
zbNi>j2zZH_Zu!U-8_R=}5t(<}R0>Y1^G||36e_R>VpnG0Z9^!q2EQ7M<uYfhO|8L;
z{5Z7_KUzmS{CE3oeJJMS?M~hwMV?uHT&1Y?4ri~q&faSKO$EJWn@v^j0>AlxFnK<V
z@w)u8U|fk8p3fvl<-={ZleFLtD5-DOtoGx?dOtW)M3ZZ`+cvA_e|CEmHliOV*4+v`
zE>99{x3}9KpzUacEbr`K2e1RpPxsbXbXgi*mN8ZTvAzSpoU0GD-)V~ljhED5hKUN4
zN$dg3iaj=#p(hk;7qrpd3&M3%hNcp4t2{<o(0~)9h4_75Lg}ZPYz<WT5mAI6fKyXC
zwE-tcp`<|{^S$q08%vN9EjImUT~?&St+WB>$RjUHmhZ9+V!zIYIe2uJn%~~)2K*LH
z4JIz}q5j-u`-pn6gbX)!+f;X|y_yCApeq&lc{buodytJi+(mHy3)!gkV9HLLjUC7g
zICr@X?O<TF0&jK_OL%9{_9Dw2<5ymLH8bAR1XNiAz6@67)zT+Q-C6K>a3bFx9cZ>4
zr5q*8!S66o(o%Iipdl7U6?u!8G@fa(eL|thR^Hlcqsd{a?iMuQr-t%C-O;EZ;Xa%C
z<?s{tv8~XiOuhkkh*tZ7{uqCERw31Nsrzj3=1A)=tPw5w&VD94EVE!UoQEIVMW&4@
zS=w=!`|u2MN#i155<I|RBYJ55#*}a_G4iC|4kbm8E^SOvYt78Yg+vUTHj=T*R#Mo-
zH*%$syu=5?ShPl5zv9LPFaoX%(pSpfS5jEAJZgjq)p}E?v86^Ny>UJagG+NZQb5__
zO<@hB;bHC3x%c(zkgT|Io_Znj99m_43d^Fm4tuyhYDd+Lb72@<xU&(#xKy7qh$Y1t
zA=;xkz7%yDwzv^LRUO$8EYxO4WCTrEM-D}PBQ6TUT_hVh?Q{Jp;U=&My+8M-sQrfg
zMqCk$j7V*0J0cD>HbiYDzmb#$!)yEtj|jgx#nWdJt2VV+18c0v8k;u#?-8$TNim>X
zn;3Jb?5=Obx~oJ<VodG1Ib{oL+==Ywx6LW)__MZgI;;e5nb^oN@3|#qC_Nit#>604
zN!^|?v=LjSS{Om{m6p3xM*hEyFrd#W;$qQbtD{Ps>5bS(MWpBa-EE~O2KC*VqBd*k
zjo3&<M)<eFh^Tk;V$jdw5rhc7)s5IVdm8GTq~$)8yDdf6`urB7H#|#8RRpcu<Tv8t
zb(r4nqAb*PTS^CXayyWhI3KOlfRR>|u_Hy@OrPIK%^ee>aXWxrr17G4*gHEIgGuYR
zXjua<ApEK^ziUp_FV&sa{3^XFqJy2&&bO<-BVYvl*Ve;(c>S<S@${o_mBF)cS>Qb3
zpVNeClMp-!XF+G+B`tJUrk!F#-XZgM4j5p9l?{X2yxX|#-V|*sA(GJRyHg@hCcsm9
zoddWGHF~QHzpMxTA-t@Yjs~w6jG>+=Mc@$kFX$Q~E0bpk$;%Je$AQby(B|n3;Ib6C
zeT<RLNJp>T5)#qJ%_&ZF@?!YyEb{b0*OnBjAL#R5IROsVt*T$xdbJi04Jj=t@U#`7
ze)!o0dfM4fQfS%l*LA2b4PZ;_@j+iZY0$|azu!3@)$L2^5bAaxo`yUR*ZMkucOMgJ
zY9V?COfbQ0CB5}Uy5p$oMSL#>Q~LG&Dbzx^$U}N22RtTFrPVLwPiU&FkMQZ7SNFND
zSbMMersleNnCS`WmgS&EBO>LLBN=`brU}<SAZtYX;th|du(TL%^+t;x2LfR-QuUhJ
zgzIhaYzqC|lf6%-RMIFi<xq+l9W6~&dFC3prtJzt<7=pW?@y^vK|gVS3Wa8xy9xI)
z=fc#982J19!+4OX2R)EN+Y2agMiVZbxd1pxYtBHM9spfB>;$lp0AGI~$|l&F@XI;b
z0Nf7Gocmx(FX}1~;2jS#cGH=Yo176~nECXBDJ-}rz&Q^^0e5NY1i(c=JL2I@eJF+b
zkr4Vq$>1S&rU)0|#&Q-GgUF5Ln1@rMZY(c<l%09vg$NI7wqu)nH~eNv6K-TDlmXdA
ziI2f%Nl}HMwDGYh%49X=12CZs27d7|FwkLOwKd9WB3<d2f*5Y{Ar+h%y>p0Bkl-S&
z(cHpCp+951x+a|ObSguu)7#;3%}=B}K(nKNm!%45`jb)g8Qjzvkg0@Qt(BPaJrAd_
zOAF*y>+!=W^d?Q%?W)I@!|I^IRo8?ICQhZ6ts*{^a)5Thl2y(<#a5w?%8?Y^B1cDv
zpss54EBO^%x%R5*W8=q0qnspuZ@p!WH*^oBrP<GdKUW)^4-;p5XS--v_Gym&0zJc|
zwtk|E-H0yd+S&Oh(NR%w9t;_)WV^(%uw!@nSlpMBj^s?c8SToj!|x;Dsw9l>geGR%
z)n3o~AodZemjgF2t?tVNV4^SpxR2^oWe2fmkXq)VX|9$mJM#<(Ql?IJ>fv<8_?Z8J
zrjMvU%HZH~7+yG-_6y)vOxXpELxtIP)|MCEn~aWT+vyD&YFBE5*qbXD)Y@`HMsl6)
z%&Ti1IXg~_v^YWQ>O#VwYPb!KcNXewXLa}R03%xCw5ybXH#4{ZhU9u>mq<LvqfYw^
z)Bz=x(_J}sYWA5d=n`>erkxHF4#8!BWBEAR`HQSBdlEX^1@698b+LytUicmY@J{Up
zOb;$?Gc25EWWX{y=3<1U-g|y<31H~<a<s+Wo$khTOhj^5J8P>6Z%#&6x-uD|N@H4Z
zG3LNZ*0Iq!&%T^8nv^|H<=JVt-5oPf<gM^*#s?biE|bfcW|*cws5kSmx~+1&)YbZ=
z<*G%a{XpnxF5-6SrfFr38=r{-a52o??7+N&IyGr}x>8^ddqTJ{KeJnu<c)2{SJ*v+
zSuOLSZg%#Q00f~Pg?3i(zz8X6&G>3jq=}`j(9U8s0{l%Oo0)h9rcX3_jk2sc5lB@C
zXM!4yo!#xMb(xT;Z;@Rc1GaC*ZyrD&5xu<OD*{G^kAa9jdN0Zy@70W-_Q-%c4Dr~?
zCl%W#QD9OtKTsS+_mXD(v`6-6HuERNc9t?Cn2&Zd{!%MyZpN`(4X(lx&#=jD-yPwS
z6%FeVB|q8CaWFNccwvWt$KD=x_N&8WYOcgieQqYMnh97}kHzKkG+3kncTp2IRhQWJ
z(s!l^{^rssHdQp^cN*NlQ*w-IOYNg+QUn%>LGPD>N{OUtlsV0ILUg!VMq+`OGP{?m
zc7oCiWeg=Ml4Z>)Fm>cA>#Z{TAQkZ9o=hYuY1TK}U}{f&Je8Nw@t$^g8JPT}9I39~
zD7RC0l!<$DGR*Cn#-yvfmwg2d7(VD_SKslO)trRkfR`j^o9VHyVU-Jf2G4lx)F4qU
zUSZcBv6!!G1Y@?w__HxPWW8>;8D*s+h#y#p&}i}RKqI1Yp~oZ^{r0<Eb^FMt4dVAl
zi~P{Jk1cYj@DKYQwh<tb72WvLPTd)@Ci?KFWH2<)A~rRM88HsHJqYWw?tj^5sXBOH
z|I4nv3Ns*xPa@p1rM(5oHvyxLOW;BWVR7)LUEL8eAc$YhhyY)T2A=hI6mX9qW?H00
z=Gfo%TAJG-GdpiZaiM?E2Eci6<ACI0mfW&Wql6*Aw{At9!NeeDS>$46uYX`&;uZiE
z)vQenVwOeVK8?VUNsDi@6Gi19F^IKH1bEqPn6&j^|LZn00EE^@9ol@GrCuZGZ5rb+
z!!G?-(s(gwt<c+qE9RF>TSMvB?YDVZ@dQZeA^bqf<K>PdG`y#Sy?;gCTRYy<L4UnK
zDhvz+1i-7O-8ff@9PAPqc}{R<v4a+r;VnvBu~EN8NnRK|UhL>f5hn9yxB;HL<5m>F
zMVpaInUh{;nd){Nqku4RdsNfI;iiCH0=Q;Vroh8rM5hcaaXe3%(CW<Rmpath)~<nJ
z_^iR3xAal})usP?$b>S7+Lpxyh64KO@E{4{^dn^s_P7@;LgC0=cI%DZFAFbA`2k#y
zfnbp)H~;GCV4ABHrJ3chajaSBG1$05`>^B*;L1$oWf~xSEe#S0ZMyaXn&YQH+rfLs
zgJ1*Y^<$$RG))NkdpX)ePKi9}&z=G`z!N`|rlw;R4nsv!7meIo>LTi_{VZ#R5_5&A
zv$4ofq3_Ly4vMKxEq>kOJIGDO`PRY`{qXNqk(8*%=Qu#=4=FM7OUJ5ox3b2!2B6&v
z{Dvvf)x-P_)}ln9m#&D41{V8P!#-<f6xc|2_TUCbJ$nj#yv~YlHaO^UAU=Vz(1+jf
zcPo%T!#WrLerefekjN>U9B@+tzo1JpdN(#Xs9K@ww7qX7jH<;yWlh%Tu{n%Bf!1w_
z;_h<a3P7l8CHq~Y!CM>+RGpCY-#=R%)K=4}d-;~b)E;j;maDJ1+wlP{$P?(^TNz{N
z0qyU@zEdvzm=1CB@80T|K~Fu&b0=+csADR(k9bV5RpOwH+6DqZTBgX%Z*Ox@ZB6m$
z<ipNVxiSkwgMEy<$MFK=5YE>AdJl+b#B>2a7ZZX&&X^FS=XS?FmI}xGgkM89qL>{H
zwbM}Q!>%c0gQ@Kpy2HVK=z~-h-`K&ZLf_RfP1G2Tr5a;tNZ9GfH^z9={J3cD!6hzS
z(%8Mn@k~U1tmyMSj7nka{VcZLPsMnv{8+Th;P*vo9W6cR__t~t$&z+%c2J8$y~ad8
zE*%#t@Y{g+aN-}2db%2NzIDxxJ!pvytO6k){1P3F3>X{zwJ<93i;Sqg#qq9cp)HTK
zYmc_=b*Qi5TK%MutUy7K@aK)aj{T|(F8t=OI=oxpuL1Ja!VmNjf}gw3u~s$zs(lXi
zV~5p#e0j~|g#$ziK&SUbwvCy2W<Q&n8tMZM?ZylX{91zUWSs7#SP8||8~S0;@MW?d
zwA|!oTk?dtrhkmJq0F?@Y-3D)UgI4wyW1B}-(n7J$xf|iwP*7D^q-wm)ufr-NO`cH
zz42V)Oua>aRW9wW)EG1^he1;bw>4r50AUDixV=9o)r|t%q3lE6)6(a%gal!<_`N0z
zGdew#mz(-;UUw04+xe;K+KZu_{M6$RY7A<^707C_ns$r)*)4SfOZFE-qhwuSs=Dkw
zq^Syk`vEYa@ae)-=BSdDhjmX?o7F*0z11_fbjLGeG|!)dL_u0nD(n9y{&+zXE-@B~
z)#MRFG_NR?i9Q6s7W7R~sya_z(1h!Z5#aP<6|jJI6{o5XRre+j0J~vkVn{wNPGuE4
z5>^j%N0GK`Q!fB61YnZ0-|kLj^*0Q>yGI)=aIrdqMMV$5f;>P=CO+CD3X7~JT&#wm
zm^}H3e(jOUqD=s{qG=_m>hyf)CenZez(j@ZD@kP+^U2KC(o}W!zhe`w%R{Dwwr&k5
zO=X!9ibgm+MMbCc|5MnthDLEk;hoL8Yi8~}V@#TWMX#$)&}uYb+ZfY4bg9M%{s_8C
zltom^1~j&yiQPPQH^M6TC}FFYX<`(7w1NgfaeSc=QK*UrQ9-2=CHTkU1EgAQZO@%M
zyH5O}JIs%PGw0r!yL0aO?)}a=X+b}omeKrt<`B)1iVrjkrdd{VcLi#;T^-cywsgg5
zK|C$#$UI!=8+IuxNcjGP4%m@q0MdeUIxV@>dAfC#>_}Ex<uz49`cRe@oKwsZCKG+O
zS23s7<)2kdx&ac^*QLKixdkXECQp$mI$6a=@o+VpBiE);{xg2P+8Gr2Ro5_Y>8Ko!
z>hJUf7VG7(+TTfsk>y&gs^*4<=UKth@lAfHHpS$b1)(RJunX@=*;AS`Ux=NaWU?tH
zwqRw6bXztwWBc#j!@*`I?WnBy^BWSMvp<a26=_{6Iut=9#_8q7Cf3L6o?^A2{vVk;
z{YuDe$2Q8)-?tGIi?Mp%w+aJK5sKvV!!hO#N}6f5q1M$&3^-YWZ-x)X*cn%h%C#0I
zi*m@p(alzrc7noDnzgcSxmIjPr=WB$uWV%jet%ZLz1m)EwqTbea>U!FwlSpb4I%@}
zhG{>yG52l_Gh^a~QYWnUb{oTb#DemJVZG9TWGWn=6{gG5lXd1MaR-7b8(?m1XKP)+
z4u?SF2X=Vf9SWJvct;7wli1e1HqIQBY=iYHaVD80_WvN2V5!8|R3ey4j7ufPpG-_p
z2K3?Q5S7jLz?Q&&w4Cg<MyxcRAu=oPT7r5pB_Vp>I7S0e!=XahysvPB;Utfz{hk}5
z^H;5H4MstZo-FJVp|GQo%VS#>ZzD>|MKnSDS<z^?4P1U#7==GaVS7h!VbpNa=G!cx
z15tFzgrkv}$}Q2-@ev&xyB6c<m2EDPY$~o4vI5@QXuOiex$L>*=6a_k8913c!}GhZ
z-or~3f1%G8_0{v9ft+z(Oyj3^Vp&5h;#Vu``muPiK1MIp0m;?x;4gRzkKqB_f$MM?
z&cjLQg+tH-yJ07!kZ#=sjqn{rAPkG(Tfj(S_yU4Rz1G1`|D`YK6Z(kWrTghGw3BY7
zaU@@_qig7LT1V&68d^rDQUmGN`BbF}c}<>?$K;PVxkav$K608IBfpX!vWsjdn@NoP
zK%&}t?WoqRZPQ{}gSJeYt9`8*T7i~>gr|pUzj{IKRrjdd)s~MPxida-_=EtTHPQQ(
z@Ym;iMa4RP_HP(7r0yVn!6WlAO~-}T@Q>wx2X7T?=PNK2pLRnDiT(9zCkxp0NZv>*
z9Lbxmc<B+I+*-t~pWa{~s7MM{B1Ur($LoM~?=1wqmXa|1W3j}m$J2}FMLbXOeb4hA
O@$ZvGJ_}PF`q}@RhlJJu

diff --git a/reports/current.md b/reports/current.md
index 071886e..27003c3 100644
--- a/reports/current.md
+++ b/reports/current.md
@@ -1,6 +1,6 @@
 # NATS .NET Porting Status Report
 
-Generated: 2026-02-26 21:23:40 UTC
+Generated: 2026-02-26 21:31:42 UTC
 
 ## Modules (12 total)
 
@@ -13,9 +13,8 @@ Generated: 2026-02-26 21:23:40 UTC
 
 | Status | Count |
 |--------|-------|
-| complete | 2851 |
+| complete | 3503 |
 | n_a | 77 |
-| not_started | 652 |
 | stub | 93 |
 
 ## Unit Tests (3257 total)
@@ -36,4 +35,4 @@ Generated: 2026-02-26 21:23:40 UTC
 
 ## Overall Progress
 
-**3439/6942 items complete (49.5%)**
+**4091/6942 items complete (58.9%)**
diff --git a/reports/report_e6bc76b.md b/reports/report_e6bc76b.md
new file mode 100644
index 0000000..27003c3
--- /dev/null
+++ b/reports/report_e6bc76b.md
@@ -0,0 +1,38 @@
+# NATS .NET Porting Status Report
+
+Generated: 2026-02-26 21:31:42 UTC
+
+## Modules (12 total)
+
+| Status | Count |
+|--------|-------|
+| complete | 11 |
+| not_started | 1 |
+
+## Features (3673 total)
+
+| Status | Count |
+|--------|-------|
+| complete | 3503 |
+| n_a | 77 |
+| stub | 93 |
+
+## Unit Tests (3257 total)
+
+| Status | Count |
+|--------|-------|
+| complete | 319 |
+| n_a | 181 |
+| not_started | 2533 |
+| stub | 224 |
+
+## Library Mappings (36 total)
+
+| Status | Count |
+|--------|-------|
+| mapped | 36 |
+
+
+## Overall Progress
+
+**4091/6942 items complete (58.9%)**